[Cryptography Team] [FIX] Crypto changes
Ron Teitelbaum
Ron at USMedRec.com
Fri Nov 24 22:14:40 UTC 2006
No I don't think you are missing anything, I still haven't had time to check
the code. The real question is after determining the hash if there is data
left over it should error out. Thanks for looking at it I'll take a look
too.
Ron
> -----Original Message-----
> From:
> Cerebus
> Sent: Friday, November 24, 2006 3:10 PM
> On 11/24/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
>
> > We still need to review our validation of e=3 signatures. Did you have
> a
> > look at that? Is there any way that reading ASN.1 would stop and leave
> more
> > data past the hash without throwing an error?
>
> I think I'm missing something here. PKCS#1 signatures require
> digesting, encoding, encrypting, and then conversion to bit-string.
> The encoding step takes the hash and wraps it in the following ASN.1:
>
> DigestInfo ::= SEQUENCE {
> digestAlgorithm DigestAlgorithmIdentifier,
> digest Digest }
>
> DigestAlgorithmIdentifier ::= AlgorithmIdentifier
>
> Digest ::= OCTET STRING
>
> I'm looking at RSAKey>>v15SignMessageHash: and
> RSAKey>>v15VerifySignature:ofMessageHash and the encoding step is
> being skipped.
>
> Or am I misusing RSAKey? Or do I have an old version? (I'm still
> figuring out this whole Squeak packaging mess.)
>
> In re: the question, it looks to me like validation is not currently
> vulnerable to the attack because
> RSAKey>>v15VerifySignature:ofMessageHash: isn't doing any ASN.1
> decoding to attack! :)
>
> -- Tim
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
More information about the Cryptography
mailing list