Jostein Tveit wrote:
Anyone got a test key with a real and a forged signature to test
other implementations than OpenSSL?
Well, since this in not really an issue about forging signatures, rather
invalid verification,
I've appended 2 self-signed certs (resigned apps/server.pem), one with a
valid signature,
and one with a signature block with an extra byte appended after the
ASN.1 (but before signing).
For openssl 0.9.8a
[EMAIL PROTECTED] ~/work>openssl verify -CAfile cert-ok.pem cert-ok.pem
cert-ok.pem: OK
[EMAIL PROTECTED] ~/work>openssl verify -CAfile cert-bad.pem cert-bad.pem
cert-bad.pem: OK
For openssl 0.9.8c
[EMAIL PROTECTED] ~/work>openssl-0.9.8c/apps/openssl verify -CAfile cert-ok.pem
cert-ok.pem
cert-ok.pem: OK
[EMAIL PROTECTED] ~/work>openssl-0.9.8c/apps/openssl verify -CAfile cert-bad.pem
cert-bad.pem
cert-bad.pem: /C=AU/ST=Queensland/O=CryptSoft Pty Ltd/CN=Server test
cert (512 bit)
error 7 at 0 depth lookup:certificate signature failure
28900:error:04077068:rsa routines:RSA_verify:bad signature:rsa_sign.c:192:
28900:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:a_verify.c:168:
so this appears to trigger the relevant condition.
For my own recent pkcs#1 implementations, they do not ASN.1 decode the
signature block, rather then generate a signature block and do a memcmp
with the output from the RSA decrypt. I did this since it is easy to
generate small amounts of ASN.1 relative to parsing and checking all the
boundary cases. In this case this 'simpler' approach seems to have paid
off :-).
eric
[EMAIL PROTECTED] ~/work>cat cert-ok.pem
-----BEGIN CERTIFICATE-----
MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU5MDJa
Fw0wNjEwMTEyMzU5MDJaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs
YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy
IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD
hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u
12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAc+fnj0rB2CYautG2
4itiMOU4SN6JFTFDCTU/Gb5aR/Fiu7HJkuE5yGEnTdnwcId/T9sTW251yzCc1e2z
rHX/kw==
-----END CERTIFICATE-----
[EMAIL PROTECTED] ~/work>cat cert-bad.pem
-----BEGIN CERTIFICATE-----
MIIBsDCCAVoCAQYwDQYJKoZIhvcNAQEFBQAwYzELMAkGA1UEBhMCQVUxEzARBgNV
BAgTClF1ZWVuc2xhbmQxGjAYBgNVBAoTEUNyeXB0U29mdCBQdHkgTHRkMSMwIQYD
VQQDExpTZXJ2ZXIgdGVzdCBjZXJ0ICg1MTIgYml0KTAeFw0wNjA5MTEyMzU4NTVa
Fw0wNjEwMTEyMzU4NTVaMGMxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpRdWVlbnNs
YW5kMRowGAYDVQQKExFDcnlwdFNvZnQgUHR5IEx0ZDEjMCEGA1UEAxMaU2VydmVy
IHRlc3QgY2VydCAoNTEyIGJpdCkwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAn7PD
hCeV/xIxUg8V70YRxK2A5jZbD92A12GN4PxyRQk0/lVmRUNMaJdq/qigpd9feP/u
12S4PwTLb/8q/v657QIDAQABMA0GCSqGSIb3DQEBBQUAA0EAbynCRIlUQgaqyNgU
DF6P14yRKUtX8akOP2TwStaSiVf/akYqfLFm3UGka5XbPj4rifrZ0/sOoZEEBvHQ
e20sRA==
-----END CERTIFICATE-----
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
