It seems when using my own build of jss (4.2.5 win9x) instead of official from ftp.mozilla.org (4.2.5 winnt) the issue disappears. Maybe it could be related to mixing firefox nss (win9x build) and jss (winnt build). Will get back to you on that.
"Glen Beasley" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > hi, > > I was not able to recreate this issue. I only tested on Solaris, I'll try > other platforms > when I have time. If you still have this issue, please create a bug and > provide as much info as possible. > > thanks, > > glen > > > Matej Spiller-Muys wrote: >> Hi, >> >> can someone please confirm the following bug. It seems to be regression >> in jss. >> >> signatureValue & publicKey & validData1 == valid signature (verify return >> true in every version of jss) >> >> signatureValue & publicKey & validData2 == invalid signature (verify >> should return false, since signatureValue is still in the same correct >> format, but validData2 is different). >> >> Jss 3.3 and Jss 3.4 return true and false ... >> >> Jss 4.2.5 returns true and exception (instead of false) >> >> java.security.SignatureException: Failed to complete verification >> operation >> at org.mozilla.jss.pkcs11.PK11Signature.engineVerifyNative(Native >> Method) >> at >> org.mozilla.jss.pkcs11.PK11Signature.engineVerify(PK11Signature.java:330) >> at org.mozilla.jss.crypto.Signature.verify(Signature.java:156) >> at >> org.mozilla.jss.provider.java.security.JSSSignatureSpi.engineVerify(JSSSignatureSpi.java:171) >> at java.security.Signature$Delegate.engineVerify(Unknown Source) >> at java.security.Signature.verify(Unknown Source) >> >> please see: >> http://java.sun.com/j2se/1.5.0/docs/api/java/security/Signature.html#verify(byte[]) >> SignatureException - if this signature object is not initialized >> properly, the passed-in signature is improperly encoded or of the wrong >> type, if this signature algorithm is unable to process the input data >> provided, etc. >> >> >> >> >> >> import java.security.InvalidKeyException; >> >> import java.security.NoSuchAlgorithmException; >> >> import java.security.NoSuchProviderException; >> >> import java.security.Signature; >> >> import java.security.SignatureException; >> >> >> import org.apache.xml.security.exceptions.Base64DecodingException; >> >> import org.apache.xml.security.utils.Base64; >> >> import org.mozilla.jss.crypto.InvalidKeyFormatException; >> >> >> >> >> >> String signatureValue = >> "kxtTIwIASGVZShKBYoRIEjG3ioFmVTi2Esa8dtP+nX71nyWCfPmTwXsjMbI6IMoLygTdDlH/wsjy81XnIPFGjLv8cyW9SCG4+l5pJq5ys1v2YJ+UT5Lb/vZAYZ5tMMHblGSmtzjxgo74zRGjGPfgCuo+SF/06hl6VFphj24F1zw="; >> >> String publicKey = >> "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDCfGkiYRb6lJOacUp8NcIbWZQ7sEbKc3+YGyx4\nn6yrIWKLzy0JSt8V84yeMXl43uxHDY41iQb+SJnamRSjGsZANl2WRONqlVsOVIik/PSzZHaRRxmD\nhB7mixO4DKg03Z90rPdml4C+86URxFzD+LxUyq1SXlbzUvWdHs2lPFwFXQIDAQAB"; >> >> String validData1 = >> "PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+CjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvU2lnbmF0dXJlTWV0aG9kPgo8UmVmZXJlbmNlIFVSST0iIj4KPFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIj48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9EaWdlc3RNZXRob2Q+CjxEaWdlc3RWYWx1ZT5jb2lya1MzOHB1UWg1blhpZEVsQmtIblpTUDA9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CiAgIDwvU2lnbmVkSW5mbz4="; >> >> String validData2 = >> "PFNpZ25lZEluZm8geG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPgo8Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1Ij48L0Nhbm9uaWNhbGl6YXRpb25NZXRob2Q+CjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvU2lnbmF0dXJlTWV0aG9kPgo8UmVmZXJlbmNlIFVSST0iIj4KPFRyYW5zZm9ybXM+PFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIj48L1RyYW5zZm9ybT48L1RyYW5zZm9ybXM+CjxEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9EaWdlc3RNZXRob2Q+CjxEaWdlc3RWYWx1ZT5jb2lya1MzOHB1UWg1blhpZEVsQmtIblpTUDA9PC9EaWdlc3RWYWx1ZT4KPC9SZWZlcmVuY2U+CjwvU2lnbmVkSW5mbz4="; >> >> >> System.out.println(new String(Base64.decode(validData1))); >> >> System.out.println(new String(Base64.decode(validData2))); >> >> >> Signature tmp = Signature.getInstance("SHA1withRSA", "Mozilla-JSS"); >> >> org.mozilla.jss.pkcs11.PK11PubKey pkConverted = >> org.mozilla.jss.pkcs11.PK11RSAPublicKey.fromSPKI(Base64.decode(publicKey)); >> >> tmp.initVerify(pkConverted); >> >> tmp.update(Base64.decode(validData2)); >> >> System.out.println(tmp.verify(Base64.decode(signatureValue))); >> >> >> tmp.initVerify(pkConverted); >> >> tmp.update(Base64.decode(validData1)); >> >> System.out.println(tmp.verify(Base64.decode(signatureValue))); >> >> >> >> >> >> Matej Spiller-Muys >> >> >> _______________________________________________ >> dev-tech-crypto mailing list >> dev-tech-crypto@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-tech-crypto >> > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
