Re: Alternative for SGN_DecodeDigestInfo
Robert Relyea wrote: Why are they linking with Freebl anyway? It's intended to be a private interface for softoken. It's a very good way to find yourself backed into a corner. Right. This was a long time ago. You helped me add the J-PAKE implementation to Softoken after we discovered this problem. - Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Alternative for SGN_DecodeDigestInfo
On 04/04/2012 05:57 PM, Wan-Teh Chang wrote: On Wed, Apr 4, 2012 at 4:39 PM, Brian Smithbsm...@mozilla.com wrote: I don't know what platform JV is on, but I know on Mac OS X, all the internal symbols in FreeBL and maybe other libraries are exported. This is how the Firefox Sync developers got so far in developing their JavaScript implementation of J-PAKE based on FreeBL's internal math library; they did all their development and testing on Mac OS X and when they were done, they were surprised to find they were using functions that you can't even reference on Windows (and Linux?). I am not sure if there is something we can do about this problem for Mac OS X. The NSS makefiles should restrict the symbols exported from the dynamic shared libraries on Mac OS X: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/coreconf/rules.mkrev=1.83mark=316,343-347#316 Perhaps that makefile rule is not working as intended? Or perhaps Firefox Sync developers were using the static library libfreebl.a (which loads libfreebl3.dylib at run time) on Mac OS X? Why are they linking with Freebl anyway? It's intended to be a private interface for softoken. It's a very good way to find yourself backed into a corner. bob Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Alternative for SGN_DecodeDigestInfo
Robert Relyea wrote: On 03/24/2012 03:05 PM, VJ wrote: I'm trying to use RSA_HashCheckSign() function to verify the message. How are you even Linking with RSA_HashCheckSign()? I don't know what platform JV is on, but I know on Mac OS X, all the internal symbols in FreeBL and maybe other libraries are exported. This is how the Firefox Sync developers got so far in developing their JavaScript implementation of J-PAKE based on FreeBL's internal math library; they did all their development and testing on Mac OS X and when they were done, they were surprised to find they were using functions that you can't even reference on Windows (and Linux?). I am not sure if there is something we can do about this problem for Mac OS X. - Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Alternative for SGN_DecodeDigestInfo
On Wed, Apr 4, 2012 at 4:39 PM, Brian Smith bsm...@mozilla.com wrote: I don't know what platform JV is on, but I know on Mac OS X, all the internal symbols in FreeBL and maybe other libraries are exported. This is how the Firefox Sync developers got so far in developing their JavaScript implementation of J-PAKE based on FreeBL's internal math library; they did all their development and testing on Mac OS X and when they were done, they were surprised to find they were using functions that you can't even reference on Windows (and Linux?). I am not sure if there is something we can do about this problem for Mac OS X. The NSS makefiles should restrict the symbols exported from the dynamic shared libraries on Mac OS X: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/coreconf/rules.mkrev=1.83mark=316,343-347#316 Perhaps that makefile rule is not working as intended? Or perhaps Firefox Sync developers were using the static library libfreebl.a (which loads libfreebl3.dylib at run time) on Mac OS X? Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Alternative for SGN_DecodeDigestInfo
On 03/24/2012 03:05 PM, VJ wrote: I'm trying to use RSA_HashCheckSign() function to verify the message. How are you even Linking with RSA_HashCheckSign()? It's a completely internal function to softoken. If you want verify an RSA signature you can use PK11_Verify(), or better yet one of the VFY_ functions. I found that, its using SGN_DecodeDigestInfo() function to decode the digest using SEC_QuickDERDecodeItem() function. My understanding is that SEC_QuickDERDecodeItem() takes the sgn_DigestInfoTemplate array, which is loaded from DLL (Is it right?) If so, where can I find the source cod for that dll? Both the quick decoder and the Digest or in nssutil. The question is, though, why do you need a different template? If your signature isn't an RSA PKCS #1 signature, what is it (perhaps you should be using a different mechanism). Is there any other alternative method in NSS to decode the digest / RSA verification? You are looking pretty low level, so it's hard to answer this question, what is it you are really trying to do, and what kind of signature are you using? Regards, Vejey -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Alternative for SGN_DecodeDigestInfo
I'm trying to use RSA_HashCheckSign() function to verify the message. I found that, its using SGN_DecodeDigestInfo() function to decode the digest using SEC_QuickDERDecodeItem() function. My understanding is that SEC_QuickDERDecodeItem() takes the sgn_DigestInfoTemplate array, which is loaded from DLL (Is it right?) If so, where can I find the source cod for that dll? Is there any other alternative method in NSS to decode the digest / RSA verification? Regards, Vejey -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto