Hello everyone,
We are using Apache VFS, which in turn uses JSCH to connect to SFTP.
Recently, my team and I stumbled upon a bug in JSCH which presents
itself when using Java 8 and SHA1withDSA. We are using JSCH 0.1.53, but
I tried 0.1.54 and the bug is still present. Other users appear to be
hitting this bug as well: https://sourceforge.net/p/jsch/bugs/111/
I traced the problem down to SignatureDSA.java, which does conversion
from ASN.1 to mpint and from mpint to ASN.1. When verifying a hash, a
conversion from mpint to ASN.1 is done, just before the hash is passed
on to Java to actually do the verification. In the conversion from mpint
to ASN.1 I believe things are not done correctly. Leading 0x00 bytes are
not stripped from the ASN.1 INTEGER as they should be. Please note that
Java 6 allows leading 0s, but Java 7 and 8 do not. So, an IOException is
thrown with message "Invalid encoding: redundant leading 0s".
So, when either r or s are integers that can be represented in less than
20 bytes, we see redundant leading 0s. Sadly, r and s are dependent on a
random value k. So I whipped up a quick test that does
signatureDSA.sign() and signatureDSA.verify() over and over again. I can
reproduce the problem this way. I can not seem to trigger an error when
using SignatureRSA (representing SHA1withRSA) or SignatureECDSA
(representing SHA256withECDSA).
Now, as I'm by no means an expert on this matter, I'd like to ask this
list if my observations are correct :)
I made changes to SignatureDSA and am currently testing. Things seem to
work fine now. I can try to create a patch if it would be handy?
With kind regards,
Jurrie
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
JSch-users mailing list
JSch-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jsch-users
