Magic Signatures implementation in Perl
Nils D.
I am afraid, I need some help with my MagicSignatures implementation
in Perl.
I started following the textbooks pretty straight and then adjusted it
to come closer to real world examples I found in some test suites of
other implementations.
However, verification does not work - either because the final
encoding messages do not match or
the length of the signature is not equivalent to the length of the RSA
modulus.
It would be great to have an example with traces of all function input-
outputs for the signing
and verification flows following https://www.ietf.org/rfc/rfc3447.txt
so an implementor could see
where he or she is wrong (with base64enc for binary data of course)!
Is there something available like that?
Or is there a canonical test suite an implementation has to pass?
I read that there are lots of broken (against the spec)
implementations out there which makes
testing especially hard as you don't know, if the signature should
really be verified.
Oh - and ... well - it would be GREAT if someone could look in to the
code and help me ...
(the documentation should be okay, I believe).
The signing/verification and the envelope construction can be found
here:
https://github.com/Akron/Sojolicious/blob/master/lib/Mojolicious/Plugin/MagicSignatures/Key.pm
https://github.com/Akron/Sojolicious/blob/master/lib/Mojolicious/Plugin/MagicSignatures/Envelope.pm
The (failing) test suites can be found here:
https://github.com/Akron/Sojolicious/blob/master/t/MagicKey.t
https://github.com/Akron/Sojolicious/blob/master/t/MagicEnvelope.t
Thank you all!
Nils
John Panzer
Ben Laurie
> Sorry to take so long to respond. Yes, we definitely need correct examples
> and also canonical data ... and a validator ... there has been some interest
> in getting this set up (and there was a Java app running on AppEngine at one
> point that did some of this) but I think other things have intervened.
> I haven't done Perl in years. Anyone?
> I note that you're rolling your own RSA crypto code from BigInts; there's no
> existing substrate library you can build on or check against? I'd think
> there'd be SOMETHING on CPAN...
There;s a wrapper for OpenSSL on CPAN.
Nils D.
Yes, there is an OpenSSL wrapper on CPAN as well as Crypt::RSA, which
is based on PARI.
I tried these as well (although I always wanted as few dependencies as
possible),
but I didn't get it to work with some of the examples I found on the
web.
Today I tried to follow all steps using the implementation of the
MiniMe Microblogging tool [1] and most of all examples now work in my
implementation - in case I sign and verify against the magic envelope
data section instead of the signature base string.
The same seems to be true for one example from the salmon magicsig
reference implementation [2].
So, when I am using the payload instead of the signature base string
for M in [3] and [4] I can verify most of the examples I found.
Any idea what I am doing wrong or am I just misunderstanding the spec?
Thank you very much,
Nils
P.S. The github repository is not up to date regarding the signature -
as I think my implementation is still wrong.
[1] https://code.google.com/p/minime-microblogger/
[2] https://code.google.com/p/salmon-protocol/source/browse/trunk/lib/python/magicsig_hjfreyer/magicsig_test.py
[3] https://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html#rfc.section.7.1
[4] https://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html#rfc.section.7.1
On 10 Nov., 16:49, Ben Laurie <b...@google.com> wrote:
> On 7 November 2011 15:18, John Panzer <jpan...@google.com> wrote:
>
> > Sorry to take so long to respond. Yes, we definitely need correct examples
> > and also canonical data ... and a validator ... there has been some interest
> > in getting this set up (and there was a Java app running on AppEngine at one
> > point that did some of this) but I think other things have intervened.
> > I haven't done Perl in years. Anyone?
> > I note that you're rolling your own RSA crypto code from BigInts; there's no
> > existing substrate library you can build on or check against? I'd think
> > there'd be SOMETHING on CPAN...
>
> There;s a wrapper for OpenSSL on CPAN.
>
>
>
>
>
>
>
> > --
> > John Panzer / Google
> > jpan...@google.com / abstractioneer.org / @jpanzer
>
> > On Tue, Oct 25, 2011 at 7:05 AM, Nils D. <nils.diew...@gmail.com> wrote:
>
> >> Hi everyone,
>
> >> I am afraid, I need some help with my MagicSignatures implementation
> >> in Perl.
> >> I started following the textbooks pretty straight and then adjusted it
> >> to come closer to real world examples I found in some test suites of
> >> other implementations.
>
> >> However, verification does not work - either because the final
> >> encoding messages do not match or
> >> the length of the signature is not equivalent to the length of the RSA
> >> modulus.
>
> >> It would be great to have an example with traces of all function input-
> >> outputs for the signing
> >> and verification flows followinghttps://www.ietf.org/rfc/rfc3447.txt
> >> so an implementor could see
> >> where he or she is wrong (with base64enc for binary data of course)!
> >> Is there something available like that?
>
> >> Or is there a canonical test suite an implementation has to pass?
> >> I read that there are lots of broken (against the spec)
> >> implementations out there which makes
> >> testing especially hard as you don't know, if the signature should
> >> really be verified.
>
> >> Oh - and ... well - it would be GREAT if someone could look in to the
> >> code and help me ...
> >> (the documentation should be okay, I believe).
>
> >> The signing/verification and the envelope construction can be found
> >> here:
>
> >>https://github.com/Akron/Sojolicious/blob/master/lib/Mojolicious/Plug...
>
> >>https://github.com/Akron/Sojolicious/blob/master/lib/Mojolicious/Plug...
Nils D.
to make my question slightly more concrete:
If I take the example from [1] with the example key
'RSA.mVgY8RN6URBTstndvmUUPb4UZTdwvwmddSKE5z_jvKUEK6yk1
u3rrC9yN8k6FilGj9K0eeUPe2hf4Pj-5CmHww==.AQAB
.Lgy_yL3hsLBngkFdDw1Jy9TmSRMiH6yihYetQ8jy-jZXdsZXd8V5
ub3kuBHHk4M39i3TduIkcrjcsiWQb77D8Q=='
and the example envelope
<?xml version='1.0'encoding='UTF-8'?>
<me:env xmlns:me='http://salmon-protocol.org/ns/magic-env'>
<me:encoding>base64url</me:encoding>
<me:data type='application/atom+xml'>PD94bWwgdmVyc2lvbj0nMS4wJyBlb
mNvZGluZz0nVVRGLTgnPz4KPGVudHJ5IHhtbG5zPSdodHRwOi8vd3d3LnczLm9yZy
8yMDA1L0F0b20nPgogIDxpZD50YWc6ZXhhbXBsZS5jb20sMjAwOTpjbXQtMC40NDc
3NTcxODwvaWQ-CiAgPGF1dGhvcj48bmFtZT50ZXN0QGV4YW1wbGUuY29tPC9uYW1l
Pjx1cmk-YWNjdDp0ZXN0QGV4YW1wbGUuY29tPC91cmk-CiAgPC9hdXRob3I-CiAgP
GNvbnRlbnQ-U2FsbW9uIHN3aW0gdXBzdHJlYW0hPC9jb250ZW50PgogIDx0aXRsZT
5TYWxtb24gc3dpbSB1cHN0cmVhbSE8L3RpdGxlPgogIDx1cGRhdGVkPjIwMDktMTI
tMThUMjA6MDQ6MDNaPC91cGRhdGVkPgo8L2VudHJ5Pgo=</me:data>
<me:alg>RSA-SHA256</me:alg>
<me:sig>RL3pTqRn7RAHoEKwtZCVDNgwHrNB0WJxFt8fq6l0HAGcIN4BLYzUC5hpGy
Ssnow2ibw3bgUVeiZMU0dPfrKBFA==</me:sig>
</me:env>
I can verify the Signature ('RL3p...frKBFA') with a function like
verify('PD94b...HJ5Pgo=', 'RL3p...frKBFA'),
where the first parameter is the content of <me:data /> and the second
one is the content of <me:sig />.
I can also recreate the signature with a function like
sign('RSA.mVg...7D8Q==', 'PD94b...HJ5Pgo='),
where the first parameter is the MagicKey and the second parameter is
the content of <me:data />.
But I am not able to verify (or recreate by signing) the signature,
using the base string as written in [2],
which is, I think,
'PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnPz4KPGVudH
J5IHhtbG5zPSdodHRwOi8vd3d3LnczLm9yZy8yMDA1L0F0b20nPgogIDxpZD5
0YWc6ZXhhbXBsZS5jb20sMjAwOTpjbXQtMC40NDc3NTcxODwvaWQ-CiAgP
GF1dGhvcj48bmFtZT50ZXN0QGV4YW1wbGUuY29tPC9uYW1lPjx1cmk-YW
NjdDp0ZXN0QGV4YW1wbGUuY29tPC91cmk-CiAgPC9hdXRob3I-CiAgPGNv
bnRlbnQ-U2FsbW9uIHN3aW0gdXBzdHJlYW0hPC9jb250ZW50PgogIDx0aXR
sZT5TYWxtb24gc3dpbSB1cHN0cmVhbSE8L3RpdGxlPgogIDx1cGRhdGVkP
jIwMDktMTItMThUMjA6MDQ6MDNaPC91cGRhdGVkPgo8L2VudHJ5Pgo.YX
BwbGljYXRpb24vYXRvbSt4bWw=.YmFzZTY0dXJs.UlNBLVNIQTI1Ng=='
verify('PD94b...QTI1Ng', 'RL3p...frKBFA') fails and
sign('RSA.mVg...7D8Q==', 'PD94b...QTI1Ng') returns something like
'gtu1G_Tjd8V7Pr7yoygQ8y4dKJvUJEb21tNS-YiNmw8Ifg-HL4OX7kbQP7bDnAIydgyYxbhKz-4_ZUErdWDi6w=='
This is true for a lot of examples I found, so my questions are:
Am I doing something wrong, are these examples wrong or based on old
specifications? Or is the specification outdated?
What is the best way to implement MagicSignatures so it works best
with other recent implementations (signing and verification - of
course, I could always do 2-pass verification using the base string
and on failure use the data, but what is the best thing to do for
signing)?
Thank you very much,
Nils
[1] https://code.google.com/p/salmon-protocol/source/browse/trunk/lib/python/magicsig_hjfreyer/magicsig_test.py
[2] https://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html#rfc.section.7.1
2011/11/26 Nils D. <nils.d...@gmail.com>:
Nils D.
You can find it here:
http://search.cpan.org/~akron/Crypt-MagicSignatures-Key/
http://search.cpan.org/~akron/Crypt-MagicSignatures-Envelope/
Regarding the aforementioned problem I implemented compatibility flags for signing and verifying the envelopes.
However, I still don't know if I am doing something wrong when signing the base string instead of the data ...
Maybe of interest for other implementors is the test suite (in t/), that gathers a lot of test data from various other implementations.
With best regards,
Nils
John Panzer
Awesome Nils. Thank you.
--
---
You received this message because you are subscribed to the Google Groups "salmon-protocol" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salmon-protoc...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.