[squeak-dev] Crypto RSAWithSHA1 sign

Rob Withers reefedjib at gmail.com
Wed Sep 22 15:44:37 UTC 2010


Thanks for this, Denis.   I will add it to the CryptoCore package tonight, after work.

I investigated the int you are producing versus the int I was producing, as I thought #asInteger was dealing with little-endian already.   Sure enough, the message bytes were in the correct locations.  The problem was the length of the byteArray I was converting to a LargePositiveInteger.  I had 256 while you have 128 (255 and 127 since the MSBit is 0).  I looked at the spec again and section 4.2 on page 9 discusses converting byteArray to int using 256 size.  I am confused by this.

I attached another version of RSAPrivateKey>>v15SignMessageHash: encodedMsg that works, by changing the byteArray size.

RSAPrivateKey>>v15SignMessageHash: encodedMsg

    | padded toBeSigned |
    padded := ByteArray new: (128 - encodedMsg size - 3) withAll: 255.
    toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.

    ^ (self crypt: toBeSigned asInteger) asByteArray.

I will use your version since it looks like it handles other array sizes (p*q) digitLength - 1 and it also does not create many arrays, just inserts into the right locations of a LargePositiveInteger.

Thanks for the test case!

Cheers,
Rob



From: Denis Kudriashov 
Sent: Wednesday, September 22, 2010 9:51 AM
To: The general-purpose Squeak developers list 
Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign


Hello, Rob.

I found solution. VW help me very much.

Your changes almost right.

method SHA1 class>>digestInfoAsn1DerEncodingFromMessage: is good and placed right. But method RSAPrivateKey>>v15SignMessageHash: is wrong:


RSAPrivateKey>>v15SignMessageHash: encodedMsg

    | padded toBeSigned |
    padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
    toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
    ^ (self crypt: toBeSigned asInteger) asByteArray.


I examine what happen in VW code (it is work good like java). And now I have this version:


v15SignMessageHash: encodedMsg

    | int emLen |
    
    emLen := (p * q) digitLength -1.
        
    int := LargePositiveInteger basicNew: emLen.
    " Our LargeIntegers are little endian, so we have to reverse the bytes"
    encodedMsg with: (encodedMsg size to: 1 by: -1) do: [:each :index |
        int basicAt: index put: each].
    int basicAt: encodedMsg size + 1 put: 0.

    encodedMsg size + 2 to: emLen - 1 do: [ :ind | int basicAt: ind put: 255].
    int basicAt: emLen put: 1.
    
    ^ (self crypt: int) asByteArray.



This is give me results same as java and VW.

I attach this method and acceptence test for it.




2010/9/21 Rob Withers <reefedjib at gmail.com>

  Denis,

  I looks like I missed step 2 on page 38.  I am not preappending the AlgorithmIndentifier and producing the DER encoding of the DigestInfo prior to padding and encrypting.  I implemented it in the attached changeset.  Please load this and test for me.  

  Note that it requires either all of Cryptography from the Cryptography repository loaded, or all of CryptoBase and CryptoCerts from the inbox.  The digest requires ASN1 encoding framework which is in the certificate package.

  Rob




  From: Rob Withers 
  Sent: Tuesday, September 21, 2010 12:31 PM
  To: The general-purpose Squeak developers list 
  Cc: Squeak Crypto 
  Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign


  Denis,

  I do not know why I was looking at PKCS#11.  THe RSA spec is PKCS#1.  In that document (ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf) on page 25 it says: 

  "Two signature schemes with appendix are specified in this document: RSASSA-PSS and RSASSA-PKCS1-v1_5."

  I implemented v1_5.  It may be that Java is using PSS.  I may have implemented v1.5 wrong.  The signature creation and verification algorithms start on page 30.  The encoding is on 35.

  Rob


  From: Rob Withers 
  Sent: Tuesday, September 21, 2010 12:06 PM
  To: The general-purpose Squeak developers list 
  Cc: Squeak Crypto 
  Subject: Re: [squeak-dev] Crypto RSAWithSHA1 sign


  Hi Denis,

  I originally wrote the v15 signature methods in April of 2007.  I am currently trying to download the PKCS#11 V2.30 doc to verify, but IIRC there are more than one signature algorithm defined for RSA.  I don't recall why I chose v15.  Perhaps Java is using another RSA signature function.

  There are no explicit tests for this signature.  There is a test inside of the CryptoX509Test  (#verifySHA1WithRSAEncryptionFromParentCertificate: ), but it isn't used as the certificate that exposed it has expired and so is failing.  I removed that certificate test.

  Let's talk bytes...the way this works in Squeak is that the RSA pads the SHA1 hashed message and encrypts it.

  v15SignMessage: aMessage

   ^ self v15SignMessageHash: (SHA1 hashMessage: aMessage).

  and

  v15SignMessageHash: encodedMsg

   | padded toBeSigned |
   padded := ByteArray new: (256 - encodedMsg size - 3) withAll: 255.
   toBeSigned := #(0) asByteArray, #(1) asByteArray, padded, #(0) asByteArray, encodedMsg.
   ^ (self crypt: toBeSigned asInteger) asByteArray.

  Presumably the #crypt: function will be the same in Java and Squeak given the same key.  So if there are 2 different signature functions in RSA, I would suspect that the padding would be different.

  Still trying to download the spec....

  What do you think?

  Cheers,
  Rob


  From: Denis Kudriashov 
  Sent: Tuesday, September 21, 2010 11:21 AM
  To: The general-purpose Squeak developers list 
  Subject: [squeak-dev] Crypto RSAWithSHA1 sign


  Hello 

  Is somebody use Cryptography for RSA with SHA1 digital signature?

  I try do same result as I hava in java programm
  I have rsa private key as smalltalk object. It has same values as java private key object.

  But code

  privateKey v15SignMessage: message asByteArray  .

  returns me wrong result. Its differ from java working test



------------------------------------------------------------------------------












--------------------------------------------------------------------------------


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20100922/503ec72f/attachment.htm


More information about the Squeak-dev mailing list