Hi,
can someone please confirm the following bug. It seems to be regression in
jss.
signatureValue & publicKey & validData1 == valid signature (verify return
true in every version of jss)
signatureValue & publicKey & validData2 == invalid signature (verify should
return false, since signatureValue is still in the same correct format, but
validData2 is different).
Jss 3.3 and Jss 3.4 return true and false ...
Jss 4.2.5 returns true and exception (instead of false)
java.security.SignatureException: Failed to complete verification
operation
at org.mozilla.jss.pkcs11.PK11Signature.engineVerifyNative(Native
Method)
at
org.mozilla.jss.pkcs11.PK11Signature.engineVerify(PK11Signature.java:330)
at org.mozilla.jss.crypto.Signature.verify(Signature.java:156)
at
org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineVerify(JSSSignatureSpi.java:171)
at java.security.Signature$Delegate.engineVerify(Unknown Source)
at java.security.Signature.verify(Unknown Source)
please see:
http://java.sun.com/j2se/1.5.0/docs/api/java/security/Signature.html#verify(byte[])
SignatureException - if this signature object is not initialized properly,
the passed-in signature is improperly encoded or of the wrong type, if this
signature algorithm is unable to process the input data provided, etc.
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Signature;
import java.security.SignatureException;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;
import org.mozilla.jss.crypto.InvalidKeyFormatException;
String signatureValue =
"kxtTIwIASGVZShKBYoRIEjG3ioFmVTi2Esa8dtP+nX71nyWCfPmTwXsjMbI6IMoLygTdDlH/wsjy81XnIPFGjLv8cyW9SCG4+l5pJq5ys1v2YJ+UT5Lb/vZAYZ5tMMHblGSmtzjxgo74zRGjGPfgCuo+SF/06hl6VFphj24F1zw=";
String publicKey =
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCfGkiYRb6lJOacUp8NcIbWZQ7sEbKc3+YGyx4\nn6yrIWKLzy0JSt8V84yeMXl43uxHDY41iQb+SJnamRSjGsZANl2WRONqlVsOVIik/PSzZHaRRxmD\nhB7mixO4DKg03Z90rPdml4C+86URxFzD+LxUyq1SXlbzUvWdHs2lPFwFXQIDAQAB";
String validData1 =
"PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+CjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvU2lnbmF0dXJlTWV0aG9kPgo8UmVmZXJlbmNlIFVSST0iIj4KPFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIj48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9EaWdlc3RNZXRob2Q+CjxEaWdlc3RWYWx1ZT5jb2lya1MzOHB1UWg1blhpZEVsQmtIblpTUDA9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CiAgIDwvU2lnbmVkSW5mbz4=";
String validData2 =
"PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+CjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvU2lnbmF0dXJlTWV0aG9kPgo8UmVmZXJlbmNlIFVSST0iIj4KPFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIj48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9EaWdlc3RNZXRob2Q+CjxEaWdlc3RWYWx1ZT5jb2lya1MzOHB1UWg1blhpZEVsQmtIblpTUDA9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4=";
System.out.println(new String(Base64.decode(validData1)));
System.out.println(new String(Base64.decode(validData2)));
Signature tmp = Signature.getInstance("SHA1withRSA", "Mozilla-JSS");
org.mozilla.jss.pkcs11.PK11PubKey pkConverted =
org.mozilla.jss.pkcs11.PK11RSAPublicKey.fromSPKI(Base64.decode(publicKey));
tmp.initVerify(pkConverted);
tmp.update(Base64.decode(validData2));
System.out.println(tmp.verify(Base64.decode(signatureValue)));
tmp.initVerify(pkConverted);
tmp.update(Base64.decode(validData1));
System.out.println(tmp.verify(Base64.decode(signatureValue)));
Matej Spiller-Muys
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
