[Cryptography Team] [FIX] Crypto changes
Cerebus
cerebus2 at gmail.com
Fri Nov 24 20:10:02 UTC 2006
On 11/24/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
> We still need to review our validation of e=3 signatures. Did you have a
> look at that? Is there any way that reading ASN.1 would stop and leave more
> data past the hash without throwing an error?
I think I'm missing something here. PKCS#1 signatures require
digesting, encoding, encrypting, and then conversion to bit-string.
The encoding step takes the hash and wraps it in the following ASN.1:
DigestInfo ::= SEQUENCE {
digestAlgorithm DigestAlgorithmIdentifier,
digest Digest }
DigestAlgorithmIdentifier ::= AlgorithmIdentifier
Digest ::= OCTET STRING
I'm looking at RSAKey>>v15SignMessageHash: and
RSAKey>>v15VerifySignature:ofMessageHash and the encoding step is
being skipped.
Or am I misusing RSAKey? Or do I have an old version? (I'm still
figuring out this whole Squeak packaging mess.)
In re: the question, it looks to me like validation is not currently
vulnerable to the attack because
RSAKey>>v15VerifySignature:ofMessageHash: isn't doing any ASN.1
decoding to attack! :)
-- Tim
More information about the Cryptography
mailing list