Skip to content

Reject non-canonical badge encodings in Verify#25

Closed
TeoSlayer wants to merge 1 commit into
mainfrom
fix/badgeverify-canonical
Closed

Reject non-canonical badge encodings in Verify#25
TeoSlayer wants to merge 1 commit into
mainfrom
fix/badgeverify-canonical

Conversation

@TeoSlayer

Copy link
Copy Markdown
Contributor

Scrub hardening (info-level, defense-in-depth). Verify now re-encodes the parsed badge via Canonical and rejects any input that doesn't round-trip (leading zeros, '+' signs, etc.) before checking the signature — foreclosing byte-string-vs-parsed-fields malleability for downstream consumers. The issuer always signs the canonical form, so production badges are unaffected (golden vectors still pass). Test added.

@TeoSlayer

Copy link
Copy Markdown
Contributor Author

Looks superseded. The non-canonical-encoding guard already shipped in #24 (common v0.5.6) — Verify rejects badges whose canonical re-encode != input — and #26 extended the same canonical-strict parsing to the enrollment and recovery statements. This change appears redundant against current main.

Recommendation: close, unless it covers a case #24/#26 missed (if so, please note which).

@TeoSlayer

Copy link
Copy Markdown
Contributor Author

Closing as superseded — the non-canonical-encoding guard shipped in #24 (v0.5.6) and #26 extended canonical-strict parsing to enrollment/recovery. Reopen if there's a case those missed.

@TeoSlayer TeoSlayer closed this Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants