[jira] [Commented] (SSHD-642) Authentication failed: Signature length not correct: got 255 but was expecting 256

Fri, 12 Feb 2016 07:07:57 -0800 

    [ 
https://issues.apache.org/jira/browse/SSHD-642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15144679#comment-15144679
 ] 

ASF GitHub Bot commented on SSHD-642:
-------------------------------------

GitHub user jonnyzzz opened a pull request:

    https://github.com/apache/mina-sshd/pull/23

    added protected #doVerify in AbstractSignature

    In the scope of https://issues.apache.org/jira/browse/SSHD-642 I was 
working to create an inheritor of the SignatureRSA class in order to add 
padding bytes before verify method is called. Adding the overridable protected 
method (doVerify) should makes it possible to avoid code duplication from my 
side.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/jonnyzzz/mina-sshd master

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/mina-sshd/pull/23.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #23
    
----
commit d6d7115469f44febca63eac2cade09a46d67e3c7
Author: Eugene Petrenko <[email protected]>
Date:   2016-02-12T15:03:10Z

    extract protected #doVerify in AbstractSignature. Allows to include 
workaroungs for SSHD-642 easily without logic copy-paste

----


> Authentication failed: Signature length not correct: got 255 but was 
> expecting 256
> ----------------------------------------------------------------------------------
>
>                 Key: SSHD-642
>                 URL: https://issues.apache.org/jira/browse/SSHD-642
>             Project: MINA SSHD
>          Issue Type: Bug
>    Affects Versions: 1.0.0
>            Reporter: Eugene Petrenko
>
> This issue I observe with quite low probability. It turns out that RSA 
> signature verification fails and thus SSH key authentication fails. (This is 
> a bit strange that key verification is executed BEFORE signature is checked). 
> In my cases it fails with Trilead SSH2 client. 
> From the code it fails inside JCE where it is asserted message size if not 
> trimmed. (Exception is not getting properly logged, but it is possible to 
> find the message in sun/security/rsa/RSASignature.java file)
> In the sources of Trilead I see the code, that may trim leading zero byte 
> from the signature. Signature here is encoded with type and data, so that 
> org.apache.sshd.common.signature.AbstractSignature#extractEncodedSignature is 
> executed and not-null is returned).
> https://github.com/JetBrains/intellij-community/blob/master/plugins/cvs/trilead-ssh2-build213/src/com/trilead/ssh2/signature/RSASHA1Verify.java#L98
> As you may see from the link this is the way they understand the standard. 
> I checked JSch code, and there is not such a byte trim there. 
> It may mean Mina SSHD should attempt to workaround it and add zero bites back



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to