search

annando / salmon-protocol

Automatically exported from code.google.com/p/salmon-protocol
0 stars 0 forks source link

Magic Signatures: Example in spec is wrong #8

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
From James Manger: The example used throughout the spec is wrong. It 
looks like two "-" characters have been accidentally dropped (which is not 
a good advertisement for the robustness that base64url offers!)
4th line:  change "bWUPHVy" to "bWU-PHVy" (decodes to "me><ur")
10th line: change " bGUU2Fs" to "bGU-U2Fs" (decodes to "le>Sal")

Curiously, there are no "_" characters in the examples (data or sig). 
Changing the <title> to end with a "?", instead of a "!", would introduce 
one. Base64url is uncommon so examples using its differences from 
normal base64 might help catch a few implementation bugs.
[actually I just noticed a "_" in the example modulus, but one in the 
example data would be even better]

The signature is wrong, but not random so it is misleading.
Decrypting the example signature with the example key produces a 20-
byte value -- which happens to the be SHA-1 hash of the empty string (I 
don't recognize many hash values on sight, but this is one of them!).
It should be the hash of the (armoured) data.
It should be a SHA-256 hash, not SHA-1 as per <me:alg>RSA-
SHA256</me:alg>.
It should be wrapped in a DER-encoded DigestInfo structure (basically 
includes an id for SHA-256).
It should have the PKCS#1 v1.5 "block type 1" prefix (01 FF FF… 00 
<DigestInfo>), making the value a similar size to the modulus.

Original issue reported on code.google.com by jpanzer@google.com on 26 Feb 2010 at 6:17

GoogleCodeExporter commented 9 years ago 
I'll need to go through and re-do the examples once I update the library to 
match the 
spec otherwise.  I probably mistyped something when generating the sample 
signature.

Everything is now SHA-256.

I'm trying to avoid DER stuff.  Will defer to security reviewers on the last 
comment.

Original comment by jpanzer@google.com on 26 Feb 2010 at 9:42

GoogleCodeExporter commented 9 years ago 
The code is now including the ASN.1 magic bytes to be PKCS compatible, will 
update the spec once all other 
changes are in place and I can generate some samples :)

Original comment by jpanzer@google.com on 6 Apr 2010 at 10:07

GoogleCodeExporter commented 9 years ago

Original comment by jpanzer@google.com on 13 Apr 2010 at 10:03

GoogleCodeExporter commented 9 years ago

Original comment by jpanzer@google.com on 19 Jun 2010 at 7:25