Comments (5)
thaidn
commented on May 20, 2024
Thanks for your bug report.
Below is a reply from bleichen who can't access GitHub for now.
The signature that is accepted by the SUN provider is a legacy signature.
The provider is deliberately accepting the signature to be compatible with
some legacy implementation that formatted DSA signatures incorrectly.
I don't know what this legacy implementation is or whether it is still in use.
Since it is possible to generate a valid signature from the invalid one
by fixing the ASN format this does not introduce a vulnerability.
We are currently working on switching the tests to a new version that
is using a JSON file for the test vectors. Each test vector has a status
that is either "valid", "invalid" or "acceptable". The expectation is that
a library accepts all signatures that are marked as "valid", rejects
all signatures marked as "invalid" and is free to accept or reject
signatures marked as "acceptable". The signature discussed above
is marked as "acceptable".
BTW, it still makes sense to test vectors marked as "acceptable", because
they should of course not crash an implementation. For Java implementations
we additionally expect for example that verify either returns a boolean or
throws a SignatureException. E.g., so that other exceptions are a clear sign
that there is a bug in the code or configuration.
from wycheproof.
bleichen
commented on May 20, 2024
Sorry for the late reply.
It is probably possible to do some stricter checking now. When I wrote the first tests there
were too many libraries that did not care about ASN parsing, and so BER vs DER issues
had to be ignored just so that the bugs did not pass unnoticed.
I'm also working on documenting the test vectors better, so that it should be at least
possible to ignore test vectors for those cases where an implementer disagrees.
from wycheproof.
bbc2
commented on May 20, 2024
Thanks for the explanation. That makes sense so I think the issue is solved for me. It would still be useful if, in the future, those accepted modified signatures could optionally be reported (like for avoiding malleability issues) but the tests are already very useful as they are.
from wycheproof.
bleichen
commented on May 20, 2024
We are working on such a scheme. Though the details are still sketchy.
The test vectors will be generally in JSON format, since that makes it
easier to use them for other languages than just Java.
These test vectors include comments and additionally a list of flags.
There will be flags for BER encodings that are not DER or signature
malleability.
If it is easy enough to silence flaws that are not exploitable then it
might also be possible
to set stricter defaults.
…On Wed, Mar 7, 2018 at 9:29 PM, Bertrand Bonnefoy-Claudet < ***@***.***> wrote:
Thanks for the explanation. That makes sense so I think the issue is
solved for me. It would still be useful if, in the future, those accepted
modified signatures could optionally be reported (like for avoiding
malleability issues) but the tests are already very useful as they are.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#44 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AYx_3r0CLt96RiQhapWnKz4NVU8za-2Lks5tcEMUgaJpZM4SCIH1>
.
from wycheproof.
thaidn
commented on May 20, 2024
@bbc2 check out the flags in https://github.com/google/wycheproof/blob/master/testvectors/ecdsa_secp256r1_sha256_test.json and other JSON files.
There might be future changes, but I guess this should enough if you want to skip certain malleability tests.
Please reopen if you have any further comments or questions.
from wycheproof.
Related Issues (20)
- How to run Javascript tests?
- Minor feature request: unify JWK representations in JSON test vectors
- Make use of github actions
- No RsassaPkcs1Generate tests in testvectors_v1
- Support for ChaCha20 testvectors? HOT 9
- DsaTest.testTiming() could use a warmup HOT 3
- Zero-length KWP keys should set 'invalid' result HOT 4
- A few KW tests in v1 folder marked "acceptable" violate spec for minimum plaintext length HOT 2
- Duplicate symbol appears in alphabet for FF1 base85 test file HOT 7
- Tag in Ascon-80pq test vector is incorrect HOT 1
- ECDSA: Add recovery ID to test cases HOT 11
- Remove Java and Javascript harnesses HOT 4
- Test vector format HOT 1
- Are Google CLAs still required to contribute? HOT 1
- Is there interest for BLS related test vectors? HOT 1
- What ECDSA algorithms/parameters are relevant? HOT 6
- Transparency of the project HOT 5
- Can HKDF accept empty IKM? HOT 3
- Selecting algorithm names
- Selection of algorithms
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wycheproof.