Remove unnecessary copy of data for LEGACY ECDSA signature verification.

We still copy the signature when there is an output prefix. This is fine because signatures are short. PiperOrigin-RevId: 648322644 Change-Id: I9d658032c443fc9ac5fa247a6e0ef65519df1db8
tink-crypto · Jul 1, 2024 · 8478772 · 8478772
1 parent 11108f9
commit 8478772
Showing 1 changed file with 11 additions and 9 deletions.
diff --git a/src/main/java/com/google/crypto/tink/subtle/EcdsaVerifyJce.java b/src/main/java/com/google/crypto/tink/subtle/EcdsaVerifyJce.java
@@ -46,6 +46,9 @@ public final class EcdsaVerifyJce implements PublicKeyVerify {
   public static final TinkFipsUtil.AlgorithmFipsCompatibility FIPS =
       TinkFipsUtil.AlgorithmFipsCompatibility.ALGORITHM_REQUIRES_BORINGCRYPTO;
 
+  private static final byte[] EMPTY = new byte[0];
+  private static final byte[] LEGACY_MESSAGE_SUFFIX = new byte[] {0};
+
   @SuppressWarnings("Immutable")
   private final ECPublicKey publicKey;
 
@@ -92,8 +95,8 @@ public static PublicKeyVerify create(EcdsaPublicKey key) throws GeneralSecurityE
         ENCODING_CONVERTER.toProtoEnum(key.getParameters().getSignatureEncoding()),
         key.getOutputPrefix().toByteArray(),
         key.getParameters().getVariant().equals(EcdsaParameters.Variant.LEGACY)
-            ? new byte[] {0}
-            : new byte[0]);
+            ? LEGACY_MESSAGE_SUFFIX
+            : EMPTY);
   }
 
   private EcdsaVerifyJce(
@@ -118,7 +121,7 @@ private EcdsaVerifyJce(
 
   public EcdsaVerifyJce(final ECPublicKey pubKey, HashType hash, EcdsaEncoding encoding)
       throws GeneralSecurityException {
-    this(pubKey, hash, encoding, new byte[0], new byte[0]);
+    this(pubKey, hash, encoding, EMPTY, EMPTY);
   }
 
   private void noPrefixVerify(final byte[] signature, final byte[] data)
@@ -140,6 +143,9 @@ private void noPrefixVerify(final byte[] signature, final byte[] data)
         EngineFactory.SIGNATURE.getInstance(signatureAlgorithm, preferredProviders);
     verifier.initVerify(publicKey);
     verifier.update(data);
+    if (messageSuffix.length > 0) {
+      verifier.update(messageSuffix);
+    }
     boolean verified = false;
     try {
       verified = verifier.verify(derSignature);
@@ -153,18 +159,14 @@ private void noPrefixVerify(final byte[] signature, final byte[] data)
 
   @Override
   public void verify(final byte[] signature, final byte[] data) throws GeneralSecurityException {
-    if (outputPrefix.length == 0 && messageSuffix.length == 0) {
+    if (outputPrefix.length == 0) {
       noPrefixVerify(signature, data);
       return;
     }
     if (!isPrefix(outputPrefix, signature)) {
       throw new GeneralSecurityException("Invalid signature (output prefix mismatch)");
     }
-    byte[] dataCopy = data;
-    if (messageSuffix.length != 0) {
-      dataCopy = Bytes.concat(data, messageSuffix);
-    }
     byte[] signatureNoPrefix = Arrays.copyOfRange(signature, outputPrefix.length, signature.length);
-    noPrefixVerify(signatureNoPrefix, dataCopy);
+    noPrefixVerify(signatureNoPrefix, data);
   }
 }