On Tue May 28, 2024 at 4:26 PM EEST, Jarkko Sakkinen wrote: > On Tue May 28, 2024 at 3:37 PM EEST, Stefan Berger wrote: > > Signature Value: > > 30:45:02:21:00:d9:d7:64:ba:5d:03:07:ee:20:a0:12:16:46: > > 31:e6:8e:66:0c:17:0d:74:07:87:58:5a:13:fc:14:62:98:9a: > > 99:02:20:59:ff:29:9c:52:b9:0a:35:3c:4b:03:bb:47:0e:c8: > > 3e:2d:cb:3e:1c:d3:51:88:91:b1:40:e3:03:86:1b:2a:e8 > > > > 30:45 => sequence containing 69 bytes > > 02:21: => first coordinate with 0x21 bytes > > 00:d9 => 0x21 bytes of ASN.1 integer with leading 0 to make the > > following 0x20-byte integer a positive number (its most significant bit > > is set). > > 02:20: => int with 0x20 bytes > > ... > > This actually helped me located the bug in my code: I had 32 bytes for > the first one, with no leading zero. I.e. total length was off-by-one. > > So I'll just extend either or both based on msb? Actually I use a patch that I made for early version: https://lore.kernel.org/linux-integrity/20240521152659.26438-3-jarkko@xxxxxxxxxx/ BR, Jarkko
