-
Notifications
You must be signed in to change notification settings - Fork 291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DsaTest.testModifiedSignatures doesn't report errors #44
Comments
Thanks for your bug report. Below is a reply from bleichen who can't access GitHub for now. The signature that is accepted by the SUN provider is a legacy signature. We are currently working on switching the tests to a new version that BTW, it still makes sense to test vectors marked as "acceptable", because |
Sorry for the late reply. It is probably possible to do some stricter checking now. When I wrote the first tests there |
Thanks for the explanation. That makes sense so I think the issue is solved for me. It would still be useful if, in the future, those accepted modified signatures could optionally be reported (like for avoiding malleability issues) but the tests are already very useful as they are. |
We are working on such a scheme. Though the details are still sketchy.
The test vectors will be generally in JSON format, since that makes it
easier to use them for other languages than just Java.
These test vectors include comments and additionally a list of flags.
There will be flags for BER encodings that are not DER or signature
malleability.
If it is easy enough to silence flaws that are not exploitable then it
might also be possible
to set stricter defaults.
…On Wed, Mar 7, 2018 at 9:29 PM, Bertrand Bonnefoy-Claudet < ***@***.***> wrote:
Thanks for the explanation. That makes sense so I think the issue is
solved for me. It would still be useful if, in the future, those accepted
modified signatures could optionally be reported (like for avoiding
malleability issues) but the tests are already very useful as they are.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#44 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AYx_3r0CLt96RiQhapWnKz4NVU8za-2Lks5tcEMUgaJpZM4SCIH1>
.
|
@bbc2 check out the flags in https://github.com/google/wycheproof/blob/master/testvectors/ecdsa_secp256r1_sha256_test.json and other JSON files. There might be future changes, but I guess this should enough if you want to skip certain malleability tests. Please reopen if you have any further comments or questions. |
DsaTest.testModifiedSignatures
callstestVectors
(source) withisValidDER: false
andisValidBER: true
. In such a case,errors++
will only be called ifverifier.verify
raises an exception different fromSignatureException
. As a result, non-DER signatures that are accepted by the provider (Sun or BouncyCastle) are not reported by this Wycheproof test.For instance, the last signature in
MODIFIED_SIGNATURES
(source) seems to still be accepted as valid by the Sun provider on Java 1.8.0u162.Can you confirm this? It looks like the if-else structure in
testVectors
(source) could be extended to account for those non-DER signatures that are accepted and verified by the provider.The text was updated successfully, but these errors were encountered: