Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix decoding signature bytes (Fixes #355, #354) #361

Merged
merged 6 commits into from
Sep 29, 2017
Merged

Conversation

hierynomus
Copy link
Owner

Fixes #354 and #355.

Thanks to @Jurrie for identifying these issues. And @charlesrgould for pointing to this fix initially. The invalid signatures were taken from the test at https://github.com/Jurrie/jsch-111-bugfix.

@@ -30,6 +31,8 @@
protected final String algorithm;
protected java.security.Signature signature;

private static final byte[] SIG_START_BYTES = new byte[] {0, 0, 0, 0x07, 0x73, 0x73, 0x68, 0x2d};
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I'm finally beginning to understand this. I still have one concern.

TL;DR: SignatureECDSA needs to overwrite extractSig with a different SIG_START_BYTES.

Reason: "ssh-dss" and "ssh-rsa" work for this byte array, but "ecdsa-sha2-[identifier]" does not.

Snippet from RFC 4253:

The resulting signature is encoded as follows:
      string    "ssh-dss"
      string    dss_signature_blob

The resulting signature is encoded as follows:
      string    "ssh-rsa"
      string    rsa_signature_blob

Snippet from RFC 5656:

Signatures are encoded as follows:
      string   "ecdsa-sha2-[identifier]"
      string   ecdsa_signature_blob

   The string [identifier] is the identifier of the elliptic curve domain parameters.

It would also be nice if there was a comment in the file explaining the purpose of the check and what the byte array represents. Thanks!

@hierynomus
Copy link
Owner Author

@charlesrgould I've cleaned up the verification, now all methods use the extractSig method and it's a lot less cryptic, thanks for the comment.
Anything else that stands out before I merge this?

Repository owner deleted a comment Sep 28, 2017
Repository owner deleted a comment Sep 28, 2017
Repository owner deleted a comment Sep 28, 2017
Repository owner deleted a comment Sep 28, 2017
Repository owner deleted a comment Sep 28, 2017
Repository owner deleted a comment Sep 28, 2017
Repository owner deleted a comment Sep 28, 2017
Repository owner deleted a comment Sep 28, 2017
Repository owner deleted a comment Sep 28, 2017
@charego
Copy link
Contributor

charego commented Sep 28, 2017

Looks good to me. One small thing - the Javadoc for extractSig is a little outdated. I am traveling for the next few days, but I would be glad to test your changes when I get home.

Repository owner deleted a comment Sep 29, 2017
@hierynomus hierynomus merged commit ec46a7a into master Sep 29, 2017
@hierynomus hierynomus deleted the issue-355 branch September 29, 2017 11:23
@ndriscoll
Copy link

@hierynomus Thanks for fixing this. Any chance you're planning on tagging a release soon?

CCLiu added a commit to CCLiu/sshj that referenced this pull request Jan 11, 2018
* Check whether filename is a child of the current file (Fixes hierynomus#341)

* Fixed codacy

* Updated README release notes

* Removed oraclejdk7 as that is no longer supported on trusty, added openjdk

* Added gradle caching to travis config

* Removed use of DataTypeConverter as that is no longer in default JDK9

* Removed build of broken openJDK7 in favour of using animal-sniffer to detect java 1.6 compatibility

* Improved test stability

* Correctly determine KeyType for ECDSA public key (Fixes hierynomus#356)

* fixed build

* Fixed Java9 build?

* Disambiguated signature initialization

* Removed deprecated method

* Organised imports

* Added 'out/' to gitignore

* Added support for new-style fingerprints (hierynomus#365)

* Added support for new-style fingerprints

* Fixed codacy warnings

* Fix decoding signature bytes (Fixes hierynomus#355, hierynomus#354) (hierynomus#361)

* Fix for signature verify in DSA

* Cleaned up signature verification

* Fixed import

* Ignored erroneous pmd warnings

* Updated JavaDoc

* Extracted ASN.1/DER encoding to method (hierynomus#368)

* Update net.i2p.crypto:eddsa to 0.2.0 (hierynomus#372)

* Update net.i2p.crypto:eddsa to 0.2.0

* Update net.i2p.crypto.eddsa to 0.2.0

* Update net.i2p.crypto.eddsa to 0.2.0

* Update net.i2p.crypto.eddsa to 0.2.0

* Log security provider registration failures (hierynomus#374)

* Migrate remaining block ciphers

* Updated README for v0.23.0 release

* Using new release plugin

* Updated build plugins

* Fix escaping in WildcardHostMatcher (hierynomus#382)

* Escape '[' and ']' in WildcardHostMatcher

* Anchoring regex to match entire string (Fixes hierynomus#381)

* Updated builds to include CodeCov

* - Experimenting with travis

* - fix ip for online testing

* - account for different working dir

* - yaml-yaml

* - double before_install

* - still -d

* - try common format

* - Fixed server keys
- Use sshj branding

* - grr, ip

* - minor improvements

* - eh?

* - switch username back

* - orly?

* - desperation

* - One more time

* Upgraded gradle to cope with java9

* Separated out integration tests

* Fixed length bug in putString (Fixes hierynomus#187)

* Removed docker from travis yml as it is included in gradle build now

* Added integration test to travis

* Update AndroidConfig (hierynomus#389)

* Add EdDSA signature for AndroidConfig.

* Initialize KeyExchange- and FileKeyProviderFactories with registered "bouncyCastle" (in fact, SpongyCastle is registered).

See hierynomus#308 for discussion.

* Added integration test for append scenario (Fixes hierynomus#390)

* Fixed headers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Invalid encoding for signature: redundant leading 0s
3 participants