carolinux / gdata-python-client

Automatically exported from code.google.com/p/gdata-python-client
0 stars 1 forks source link

tlslite hashAndSign sometimes produces invalid signatures #638

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Run the attached script (Python 2.7, gdata 2.0.16, PyCrypto 2.6)

What is the expected output? What do you see instead?

I expected signature that can be validated by other libraries, but it looks 
like the tlslite signature is missing a byte. It varies between every 150 to 
every 300 signature being incorrect. Libraries on other platforms seem to agree 
with PyCrypto.

hashAndVerify has the same issue, it verifies the incorrect signature but not 
the correct one.

What version of the product are you using?
2.0.16

Please provide any additional information below.

This happens on both App Engine (python27) and my Mac.

Script output, base64 encoded signatures, message to be signed is uuid hex:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCjiQ4w7IJz5uZ0dpTqJVAKcuCci1dIDuigwgqHx9GeIW3XNv1D
k5tG2KZB8/V8S0iZ0KXIHc0SBxA25mcqTpT5oCSoIjyPKtS44O30SOawVpmK0/50
OwKaS2Df5qaQEcMj1xEZwUf+v/2vx2GAjicks6OWdBS/uIDKpxlgCb4NTwIDAQAB
AoGAA7hzhTNsSFzBc3bbLnSI3KP+bjFRXAdSzY18ldg68aELEbFjk60BBFybc7as
KBbCYRV5IBNlffqBKO6W/ERraTUmM0HqfV3jaszkcXWkZcvn/J9kZ1/TLX8UkqbV
YovBvKdOYutI50dvHz+7SE4aSqd5oZioKNOVDWJCzm0cZskCQQDHAMeuhs8VxyUa
/eBn2wtY5dgfSRESVOGN5qd0Xv+3sfUUQ2wXw66AMvgjmLK1hiceruav2vqXOp0B
hswT2or9AkEA0l+6qKLQrAL8SI6qRVdJmJwVtbvzsDltfhwBQw5+0H1H/jQkiGjq
t+kpf/ru6uXh+o0kIKP3pzfu7HNiAsupOwJBAI2AOHwYz1ck63Vt4Ar47fCgPjTA
t6rZQCiuQZO1mQ79Ms7dwhaDxajSlS56fVgls9tVciLJCjZOLyXOu33Cf+ECQDAM
HR2W0gH3TJdlvg3IOc7ZFzxCiQ2ekBtVWhRuoxgLBP5R+mYNUE5gulG4hgiwKESJ
J88so8tVQwRN9fyddzECQEY1/agUwLrV3OCUHqpDNEIz7WIfv/iCy1gN9gXduYcg
m2D9oJaudQwT9DOWpxVU+iv29nAtW+rVn2RcEMjDN5M=
-----END RSA PRIVATE KEY-----

--------------------
Signatures differ for msg
  469ebb50450e402fa21ae44063b67e1a
gdata:
  5h8Va7L0bpfumAjQOn4AA8O1kNXVZmC4tV92sMsgYnwIthe0bY5+MfcIxxrODuSALyjShWumg9SZvJARJr01Mev/lq33GNA2yxHaDACQeAvXqnbPPCW6piQRfzRv/XvT9IDmEAYk7QoPNABDQ/fzGV71c/Xp/Rura3V7CtxLgQ==
pycrypto:
  AOYfFWuy9G6X7pgI0Dp+AAPDtZDV1WZguLVfdrDLIGJ8CLYXtG2OfjH3CMcazg7kgC8o0oVrpoPUmbyQESa9NTHr/5at9xjQNssR2gwAkHgL16p2zzwluqYkEX80b/170/SA5hAGJO0KDzQAQ0P38xle9XP16f0bq2t1ewrcS4E=

--------------------
Signatures differ for msg
  3c929bb2db0443e69f46d4998a9d3a0d
gdata:
  V7PozJhCFlyRFgibCLrWrNtnPijdTG8UGR818kVV6C7Ju+1LCqz1nVcPO00o0TVANfcnm8ZZw1j+IFHwdLi/3DDHrD+/z0vAWyyes+p21DbI3zism+N/J1BWpwt8QBrcPUqF0LXA4JjoDfpCajBK0KXAR0QhEszDt1ECMCG99Q==
pycrypto:
  AFez6MyYQhZckRYImwi61qzbZz4o3UxvFBkfNfJFVeguybvtSwqs9Z1XDztNKNE1QDX3J5vGWcNY/iBR8HS4v9wwx6w/v89LwFssnrPqdtQ2yN84rJvjfydQVqcLfEAa3D1KhdC1wOCY6A36QmowStClwEdEIRLMw7dRAjAhvfU=

...
5000 rounds, 18 mismatches, every 277 fails

Original issue reported on code.google.com by h...@mcash.no on 5 Sep 2012 at 10:10

Attachments: