Re: [JSch-users] SignatureDSA: incorrect conversion from mpint to ASN.1
Status: Alpha
Brought to you by:
ymnk
Menu
▾
▴
Re: [JSch-users] SignatureDSA: incorrect conversion from mpint to ASN.1
|
From: Jurrie O. <jsc...@ju...> - 2017-09-06 08:15:42
|
On 03-09-17 20:20, Jurrie Overgoor wrote: > We are using Apache VFS, which in turn uses JSCH to connect to SFTP. > Recently, my team and I stumbled upon a bug in JSCH which presents > itself when using Java 8 and SHA1withDSA. We are using JSCH 0.1.53, > but I tried 0.1.54 and the bug is still present. Other users appear to > be hitting this bug as well: https://sourceforge.net/p/jsch/bugs/111/ > > I traced the problem down to SignatureDSA.java, which does conversion > from ASN.1 to mpint and from mpint to ASN.1. When verifying a hash, a > conversion from mpint to ASN.1 is done, just before the hash is passed > on to Java to actually do the verification. In the conversion from > mpint to ASN.1 I believe things are not done correctly. Leading 0x00 > bytes are not stripped from the ASN.1 INTEGER as they should be. > Please note that Java 6 allows leading 0s, but Java 7 and 8 do not. > So, an IOException is thrown with message "Invalid encoding: redundant > leading 0s". > > So, when either r or s are integers that can be represented in less > than 20 bytes, we see redundant leading 0s. Sadly, r and s are > dependent on a random value k. So I whipped up a quick test that does > signatureDSA.sign() and signatureDSA.verify() over and over again. I > can reproduce the problem this way. I can not seem to trigger an error > when using SignatureRSA (representing SHA1withRSA) or SignatureECDSA > (representing SHA256withECDSA). > > Now, as I'm by no means an expert on this matter, I'd like to ask this > list if my observations are correct :) > > I made changes to SignatureDSA and am currently testing. Things seem > to work fine now. I can try to create a patch if it would be handy? Hello everyone, My alternative implementation of SignatureDSA.java is available as a Maven artifact. It's available at https://github.com/Jurrie/jsch-111-bugfix Please let me know if it helped you, or if something is wrong. With kind regards, Jurrie |