Failling ECDSA signature tests in wycheproof

[fpedrei]

There are a number of test failures, when running the ECDSA test cases from wycheproof:

$ node wycheproof-test-ecdsa.mjs
Testing SHA224withECDSA ECDSA/secp224r1 (wycheproof/testvectors_v1/ecdsa_secp224r1_sha224_test.json) ...
signature is valid, Legacy: ASN encoding of s misses leading 0
ECDSA tcId=6 failed
Testing SHA256withECDSA ECDSA/secp224r1 (wycheproof/testvectors_v1/ecdsa_secp224r1_sha256_test.json) ...
Testing SHA256withECDSA ECDSA/secp256r1 (wycheproof/testvectors_v1/ecdsa_secp256r1_sha256_test.json) ...
signature is valid, Legacy: ASN encoding of s misses leading 0
ECDSA tcId=6 failed
Testing SHA256withECDSA ECDSA/secp384r1 (wycheproof/testvectors_v1/ecdsa_secp384r1_sha256_test.json) ...
signature is valid, Legacy: ASN encoding of r misses leading 0
ECDSA tcId=6 failed
Testing SHA384withECDSA ECDSA/secp384r1 (wycheproof/testvectors_v1/ecdsa_secp384r1_sha384_test.json) ...
signature is valid, Legacy: ASN encoding of s misses leading 0
ECDSA tcId=6 failed
Testing SHA512withECDSA ECDSA/secp224r1 (wycheproof/testvectors_v1/ecdsa_secp224r1_sha512_test.json) ...
signature is valid, Legacy: ASN encoding of s misses leading 0
ECDSA tcId=6 failed
Testing SHA512withECDSA ECDSA/secp256r1 (wycheproof/testvectors_v1/ecdsa_secp256r1_sha512_test.json) ...
signature is valid, Legacy: ASN encoding of s misses leading 0
ECDSA tcId=6 failed
Testing SHA512withECDSA ECDSA/secp384r1 (wycheproof/testvectors_v1/ecdsa_secp384r1_sha512_test.json) ...
signature is valid, Legacy: ASN encoding of r misses leading 0
ECDSA tcId=6 failed
signature is valid, Legacy: ASN encoding of s misses leading 0
ECDSA tcId=7 failed

using the following test harness and https://github.com/C2SP/wycheproof:

$ cat wycheproof-test-ecdsa.mjs
#!/usr/bin/env node

import { inspect } from 'node:util';
import fs from 'node:fs';
import jsrsasign from 'jsrsasign';

let hashes = ['sha224', 'sha256', 'sha384', 'sha512'];
let curves = ['secp224r1', 'secp256r1', 'secp384r1'];

for (let hash of hashes) {
    for (let curve of curves) {
        const pathname = `wycheproof/testvectors_v1/ecdsa_${curve}_${hash}_test.json`;
        fs.access(pathname, fs.constants.R_OK, (err) => {
            if (!err) {
                const buf = fs.readFileSync(pathname);
                let tests = JSON.parse(buf);

                console.log(`Testing ${hash.toUpperCase()}withECDSA ${tests.algorithm}/${curve} (${pathname}) ...`);
                for (const group of tests.testGroups) {

                    let key = jsrsasign.KEYUTIL.getKey(group.publicKeyPem);

                    for (const test of group.tests) {
                        let alg = `${hash.toUpperCase()}withECDSA`;
                        let verifier = new jsrsasign.crypto.Signature({alg});
                        verifier.init(key);
                        verifier.updateHex(test.msg);
                        let result = verifier.verify(test.sig) ? "valid" : "invalid";
                        if (test.result !== result) {
                            console.error(`signature is ${result}, ${test.comment}`);
                            console.error(`${tests.algorithm} tcId=${test.tcId} failed`);
                            // throw new Error(`${tests.algorithm} tcId=${test.tcId} failed`);
                        }
                    }
               }
            }
        });
    }
}