<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=text/html;charset=iso-8859-1 http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.7600.16625"></HEAD>
<BODY style="PADDING-LEFT: 10px; PADDING-RIGHT: 10px; PADDING-TOP: 15px"
id=MailContainerBody leftMargin=0 topMargin=0 CanvasTabStop="true"
name="Compose message area">
<DIV><FONT face=Calibri>Thanks for this, Denis. I will add it to the
CryptoCore package tonight, after work.</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>I investigated the int you are producing versus the int
I was producing, as I thought #asInteger was dealing with little-endian
already. Sure enough, the message bytes were in the correct
locations. The problem was the length of the byteArray I was converting to
a LargePositiveInteger. I had 256 while you have 128 (255 and 127 since
the MSBit is 0). I looked at the spec again and section 4.2 on page 9
discusses converting byteArray to int using 256 size. I am confused by
this.</FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri>I attached another version of <FONT
face="Times New Roman">RSAPrivateKey>>v15SignMessageHash: encodedMsg that
works, by changing the byteArray size.</FONT></FONT></DIV>
<DIV><FONT face=Calibri><FONT face=Calibri></FONT></FONT> </DIV>
<DIV><FONT face=Calibri><FONT
face="Times New Roman">RSAPrivateKey>>v15SignMessageHash:
encodedMsg</FONT></FONT></DIV>
<DIV><FONT face=Calibri></FONT> </DIV>
<DIV><FONT face=Calibri><FONT face="Times New Roman"> |
padded toBeSigned |<BR> padded := ByteArray new: (128 -
encodedMsg size - 3) withAll: 255.<BR> toBeSigned := #(0)
asByteArray, #(1) asByteArray, padded, #(0) asByteArray,
encodedMsg.<BR><BR> ^ (self crypt: toBeSigned asInteger)
asByteArray.<BR></FONT></DIV>
<DIV>I will use your version since it looks like it handles other array sizes
(p*q) digitLength - 1 and it also does not create many arrays, just inserts into
the right locations of a LargePositiveInteger.</DIV>
<DIV> </DIV>
<DIV>Thanks for the test case!</DIV>
<DIV> </DIV>
<DIV>Cheers,</DIV>
<DIV>Rob<BR></DIV></FONT>
<DIV style="FONT: 10pt Tahoma">
<DIV><FONT size=3 face=Calibri></FONT><BR></DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A
title="mailto:dionisiydk@gmail.com CTRL + Click to follow link"
href="mailto:dionisiydk@gmail.com">Denis Kudriashov</A> </DIV>
<DIV><B>Sent:</B> Wednesday, September 22, 2010 9:51 AM</DIV>
<DIV><B>To:</B> <A
title="mailto:squeak-dev@lists.squeakfoundation.org CTRL + Click to follow link"
href="mailto:squeak-dev@lists.squeakfoundation.org">The general-purpose Squeak
developers list</A> </DIV>
<DIV><B>Subject:</B> Re: [squeak-dev] Crypto RSAWithSHA1 sign</DIV></DIV></DIV>
<DIV><BR></DIV>Hello, Rob.<BR><BR>I found solution. VW help me very
much.<BR><BR>Your changes almost right.<BR><BR>method SHA1
class>>digestInfoAsn1DerEncodingFromMessage: is good and placed right. But
method RSAPrivateKey>>v15SignMessageHash: is wrong:<BR><BR>
<DIV style="MARGIN-LEFT: 40px">RSAPrivateKey>>v15SignMessageHash:
encodedMsg<BR><BR> | padded toBeSigned |<BR>
padded := ByteArray new: (256 - encodedMsg size - 3) withAll:
255.<BR> toBeSigned := #(0) asByteArray, #(1) asByteArray,
padded, #(0) asByteArray, encodedMsg.<BR> ^ (self crypt:
toBeSigned asInteger) asByteArray.<BR></DIV><BR>I examine what happen in VW code
(it is work good like java). And now I have this version:<BR><BR>
<DIV style="MARGIN-LEFT: 40px">v15SignMessageHash:
encodedMsg<BR><BR> | int emLen |<BR>
<BR> emLen := (p * q) digitLength -1.<BR>
<BR> int := LargePositiveInteger basicNew:
emLen.<BR> " Our LargeIntegers are little endian, so we have
to reverse the bytes"<BR> encodedMsg with: (encodedMsg size
to: 1 by: -1) do: [:each :index |<BR> int
basicAt: index put: each].<BR> int basicAt: encodedMsg size +
1 put: 0.<BR><BR> encodedMsg size + 2 to: emLen - 1 do: [ :ind
| int basicAt: ind put: 255].<BR> int basicAt: emLen put:
1.<BR> <BR> ^ (self crypt: int)
asByteArray.<BR></DIV><BR><BR>This is give me results same as java and
VW.<BR><BR>I attach this method and acceptence test for it.<BR><BR><BR><BR>
<DIV class=gmail_quote>2010/9/21 Rob Withers <SPAN dir=ltr><<A
href="mailto:reefedjib@gmail.com">reefedjib@gmail.com</A>></SPAN><BR>
<BLOCKQUOTE
style="BORDER-LEFT: rgb(204,204,204) 1px solid; MARGIN: 0pt 0pt 0pt 0.8ex; PADDING-LEFT: 1ex"
class=gmail_quote>
<DIV style="PADDING-LEFT: 10px; PADDING-RIGHT: 10px; PADDING-TOP: 15px"
name="Compose message area">
<DIV><FONT size=2 face=Arial>Denis,</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>I looks like I missed step 2 on page 38. I
am not preappending the AlgorithmIndentifier and producing the DER encoding of
the DigestInfo prior to padding and encrypting. I implemented it in the
attached changeset. Please load this and test for me.
</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Note that it requires either all of Cryptography
from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts
from the inbox. The digest requires ASN1 encoding framework which is in
the certificate package.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Rob</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV style="FONT: 10pt Tahoma">
<DIV><BR></DIV>
<DIV style="BACKGROUND: rgb(245,245,245)">
<DIV><B>From:</B> <A
title="mailto:reefedjib@gmail.com CTRL + Click to follow link"
href="mailto:reefedjib@gmail.com" target=_blank>Rob Withers</A> </DIV>
<DIV><B>Sent:</B> Tuesday, September 21, 2010 12:31 PM</DIV>
<DIV>
<DIV></DIV>
<DIV class=h5>
<DIV><B>To:</B> <A
title="mailto:squeak-dev@lists.squeakfoundation.org CTRL + Click to follow link"
href="mailto:squeak-dev@lists.squeakfoundation.org" target=_blank>The
general-purpose Squeak developers list</A> </DIV>
<DIV><B>Cc:</B> <A
title="mailto:cryptography@lists.squeakfoundation.org CTRL + Click to follow link"
href="mailto:cryptography@lists.squeakfoundation.org" target=_blank>Squeak
Crypto</A> </DIV>
<DIV><B>Subject:</B> Re: [squeak-dev] Crypto RSAWithSHA1
sign</DIV></DIV></DIV></DIV></DIV>
<DIV>
<DIV></DIV>
<DIV class=h5>
<DIV><BR></DIV>
<DIV><FONT size=2 face=Arial>Denis,</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>I do not know why I was looking at PKCS#11.
THe RSA spec is PKCS#1. In that document (<A
title="ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf CTRL + Click to follow link"
href="ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf"
target=_blank>ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf</A>) on
page 25 it says: </FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>"<FONT face="Times New Roman">Two signature
schemes with appendix are specified in this document: RSASSA-PSS and
RSASSA-PKCS1-v1_5.</FONT>"</FONT></DIV>
<DIV style="FONT: 10pt Tahoma"><FONT face=Arial></FONT> </DIV>
<DIV style="FONT: 10pt Tahoma"><FONT face=Arial>I implemented v1_5. It
may be that Java is using PSS. I may have implemented v1.5 wrong.
The signature creation and verification algorithms start on page 30. The
encoding is on 35.</FONT></DIV>
<DIV style="FONT: 10pt Tahoma"><FONT face=Arial></FONT> </DIV>
<DIV style="FONT: 10pt Tahoma"><FONT face=Arial>Rob</FONT></DIV>
<DIV style="FONT: 10pt Tahoma"><BR></DIV>
<DIV style="FONT: 10pt Tahoma; BACKGROUND: rgb(245,245,245)">
<DIV><B>From:</B> <A title=reefedjib@gmail.com
href="mailto:reefedjib@gmail.com" target=_blank>Rob Withers</A> </DIV>
<DIV><B>Sent:</B> Tuesday, September 21, 2010 12:06 PM</DIV>
<DIV><B>To:</B> <A
title="mailto:squeak-dev@lists.squeakfoundation.org CTRL + Click to follow link"
href="mailto:squeak-dev@lists.squeakfoundation.org" target=_blank>The
general-purpose Squeak developers list</A> </DIV>
<DIV><B>Cc:</B> <A title=cryptography@lists.squeakfoundation.org
href="mailto:cryptography@lists.squeakfoundation.org" target=_blank>Squeak
Crypto</A> </DIV>
<DIV><B>Subject:</B> Re: [squeak-dev] Crypto RSAWithSHA1 sign</DIV></DIV>
<DIV><BR></DIV>
<DIV><FONT size=2 face=Arial>Hi Denis,</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>I originally wrote the v15 signature methods in
April of 2007. I am currently trying to download the PKCS#11 V2.30 doc
to verify, but IIRC there are more than one signature algorithm defined
for RSA. I don't recall why I chose v15. Perhaps Java is using
another RSA signature function.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>There are no explicit tests for this
signature. There is a test inside of the CryptoX509Test
(#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as
the certificate that exposed it has expired and so is failing. I removed
that certificate test.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Let's talk bytes...the way this works in Squeak
is that the RSA pads the SHA1 hashed message and encrypts it.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>v15SignMessage: aMessage</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2 face=Arial> ^ self v15SignMessageHash: (SHA1
hashMessage: aMessage).<BR></FONT></DIV>
<DIV><FONT size=2 face=Arial>and</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>v15SignMessageHash: encodedMsg</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2 face=Arial> | padded toBeSigned |<BR> padded :=
ByteArray new: (256 - encodedMsg size - 3) withAll: 255.<BR> toBeSigned
:= #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray,
encodedMsg.<BR> ^ (self crypt: toBeSigned asInteger)
asByteArray.<BR></FONT></DIV>
<DIV><FONT size=2 face=Arial>Presumably the #crypt: function will be the same
in Java and Squeak given the same key. So if there are 2 different
signature functions in RSA, I would suspect that the padding would be
different.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Still trying to download the
spec....</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>What do you think?</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Cheers,</FONT></DIV>
<DIV><FONT size=2 face=Arial>Rob</FONT></DIV>
<DIV style="FONT: 10pt Tahoma">
<DIV><BR></DIV>
<DIV style="BACKGROUND: rgb(245,245,245)">
<DIV><B>From:</B> <A
title="mailto:dionisiydk@gmail.com CTRL + Click to follow link"
href="mailto:dionisiydk@gmail.com" target=_blank>Denis Kudriashov</A> </DIV>
<DIV><B>Sent:</B> Tuesday, September 21, 2010 11:21 AM</DIV>
<DIV><B>To:</B> <A
title="mailto:squeak-dev@lists.squeakfoundation.org CTRL + Click to follow link"
href="mailto:squeak-dev@lists.squeakfoundation.org" target=_blank>The
general-purpose Squeak developers list</A> </DIV>
<DIV><B>Subject:</B> [squeak-dev] Crypto RSAWithSHA1 sign</DIV></DIV></DIV>
<DIV><FONT size=2 face=Arial></FONT><BR></DIV>Hello <BR><BR>Is somebody use
Cryptography for RSA with SHA1 digital signature?<BR><BR>I try do same result
as I hava in java programm<BR>I have rsa private key as smalltalk object. It
has same values as java private key object.<BR><BR>But code<BR><BR>privateKey
v15SignMessage: message asByteArray .<BR><BR>returns me wrong result.
Its differ from java working test<BR>
<P></P>
<HR>
<P></P><BR></DIV></DIV></DIV><BR><BR><BR></BLOCKQUOTE></DIV><BR>
<P>
<HR>
<P></P><BR></BODY></HTML>