Smalltalk Squeak Other Squeak - Cryptography

[FIX] Crypto changes

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
cerebus-4
Reply | Threaded
Open this post in threaded view
|

[FIX] Crypto changes

cerebus-4
from preamble:

"Change Set: Crypto changes
Date: 23 November 2006
Author: Timothy J. Miller

Changed e to 65537."!

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

Crypto changes.cs.gz (322 bytes) Download Attachment
cerebus-4
Reply | Threaded
Open this post in threaded view
|

Re: [FIX] Crypto changes

cerebus-4
Hey, it worked!  I'm so proud of myself.  :)

-- Tim

On 11/23/06, [hidden email] <[hidden email]> wrote:

> from preamble:
>
> "Change Set:            Crypto changes
> Date:                   23 November 2006
> Author:                 Timothy J. Miller
>
> Changed e to 65537."!
>
>
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
>
>
>
>
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Ron Teitelbaum
Reply | Threaded
Open this post in threaded view
|

RE: [FIX] Crypto changes

Ron Teitelbaum
In reply to this post by cerebus-4
Thank you I posted and released your change.

We still need to review our validation of e=3 signatures.  Did you have a
look at that?  Is there any way that reading ASN.1 would stop and leave more
data past the hash without throwing an error?

Ron

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> [hidden email]
> Sent: None
> To: [hidden email]
> Subject: [Cryptography Team] [FIX] Crypto changes
>
> from preamble:
>
> "Change Set: Crypto changes
> Date: 23 November 2006
> Author: Timothy J. Miller
>
> Changed e to 65537."!

_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
cerebus-4
Reply | Threaded
Open this post in threaded view
|

Re: RE: [FIX] Crypto changes

cerebus-4
On 11/24/06, Ron Teitelbaum <[hidden email]> wrote:

> We still need to review our validation of e=3 signatures.  Did you have a
> look at that?  Is there any way that reading ASN.1 would stop and leave more
> data past the hash without throwing an error?

I think I'm missing something here.  PKCS#1 signatures require
digesting, encoding, encrypting, and then conversion to bit-string.
The encoding step takes the hash and wraps it in the following ASN.1:

DigestInfo ::= SEQUENCE {
  digestAlgorithm DigestAlgorithmIdentifier,
  digest Digest }

DigestAlgorithmIdentifier ::= AlgorithmIdentifier

Digest ::= OCTET STRING

I'm looking at RSAKey>>v15SignMessageHash: and
RSAKey>>v15VerifySignature:ofMessageHash and the encoding step is
being skipped.

Or am I misusing RSAKey?  Or do I have an old version?  (I'm still
figuring out this whole Squeak packaging mess.)

In re: the question, it looks to me like validation is not currently
vulnerable to the attack because
RSAKey>>v15VerifySignature:ofMessageHash: isn't doing any ASN.1
decoding to attack!  :)

-- Tim
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Ron Teitelbaum
Reply | Threaded
Open this post in threaded view
|

RE: RE: [FIX] Crypto changes

Ron Teitelbaum
No I don't think you are missing anything, I still haven't had time to check
the code.  The real question is after determining the hash if there is data
left over it should error out.  Thanks for looking at it I'll take a look
too.

Ron

> -----Original Message-----
> From:
> Cerebus
> Sent: Friday, November 24, 2006 3:10 PM
> On 11/24/06, Ron Teitelbaum <[hidden email]> wrote:
>
> > We still need to review our validation of e=3 signatures.  Did you have
> a
> > look at that?  Is there any way that reading ASN.1 would stop and leave
> more
> > data past the hash without throwing an error?
>
> I think I'm missing something here.  PKCS#1 signatures require
> digesting, encoding, encrypting, and then conversion to bit-string.
> The encoding step takes the hash and wraps it in the following ASN.1:
>
> DigestInfo ::= SEQUENCE {
>   digestAlgorithm DigestAlgorithmIdentifier,
>   digest Digest }
>
> DigestAlgorithmIdentifier ::= AlgorithmIdentifier
>
> Digest ::= OCTET STRING
>
> I'm looking at RSAKey>>v15SignMessageHash: and
> RSAKey>>v15VerifySignature:ofMessageHash and the encoding step is
> being skipped.
>
> Or am I misusing RSAKey?  Or do I have an old version?  (I'm still
> figuring out this whole Squeak packaging mess.)
>
> In re: the question, it looks to me like validation is not currently
> vulnerable to the attack because
> RSAKey>>v15VerifySignature:ofMessageHash: isn't doing any ASN.1
> decoding to attack!  :)
>
> -- Tim
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography


_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
cerebus-4
Reply | Threaded
Open this post in threaded view
|

Re: RE: RE: [FIX] Crypto changes

cerebus-4
On 11/24/06, Ron Teitelbaum <[hidden email]> wrote:
> No I don't think you are missing anything, I still haven't had time to check
> the code.  The real question is after determining the hash if there is data
> left over it should error out.  Thanks for looking at it I'll take a look
> too.

If I'm not missing anything, then doesn't this mean that the
implementation is incorrect?

-- Tim
_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Ron Teitelbaum
Reply | Threaded
Open this post in threaded view
|

RE: RE: RE: [FIX] Crypto changes

Ron Teitelbaum
HEHEEH!  Reminds me of the old joke: "Just because you are paranoid doesn't
mean somebody isn't following you!"

I'm not sure.  I still need to look.  It's very easy to throw your own ASN.1
code.  A few bits here and few bits there and its all wrapped up nicely.
Instead of guessing let me have a look and see.  I'll try to get to it next
week.  

I have a big meeting coming up and I'm really short on time.  Sorry,

Ron Teitelbaum  

> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> Cerebus
> Sent: Friday, November 24, 2006 5:40 PM
> To: [hidden email]; Cryptography Team Development List
> Subject: Re: RE: RE: [Cryptography Team] [FIX] Crypto changes
>
> On 11/24/06, Ron Teitelbaum <[hidden email]> wrote:
> > No I don't think you are missing anything, I still haven't had time to
> check
> > the code.  The real question is after determining the hash if there is
> data
> > left over it should error out.  Thanks for looking at it I'll take a
> look
> > too.
>
> If I'm not missing anything, then doesn't this mean that the
> implementation is incorrect?
>
> -- Tim
> _______________________________________________
> Cryptography mailing list
> [hidden email]
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography


_______________________________________________
Cryptography mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography
Free forum by Nabble Edit this page