Mailing List Archive: Problem with gcry_pk_verify

Problem with gcry_pk_verify

Aug 10, 2005, 1:46 PM

Post #1 of 6 (2535 views)

I'm using libgcrypt to make a SSH library. So I build a sexp :
gcry_sexp_build(&gcryhash,NULL,"(data(flags pkcs1)(hash sha1 %m))",bn);
where bn is the mpi where the hash is stocked. The problem is that when
the most significant bit is set, the sexp is built like this :
(data
(flags pkcs1)
(hash sha1 #00D5FAD16E753FEEC40B696EC82D1E602A4D5C1302#)
)
0s are printed because the number is positive, but when gcry_pk_verify gets the mpi, it says the number needs 21 bytes, and is therefore not a valid sha1, failing with GPG_ERR_CONFLICT. How can I solve the problem?
Regards,

--
Jean-Philippe Garcia Ballester

Re: Problem with gcry_pk_verify [ In reply to ]

moritz at duesseldorf

Aug 11, 2005, 12:57 PM

Post #2 of 6 (2465 views)

Jean-Philippe Garcia Ballester wrote:

> I'm using libgcrypt to make a SSH library. So I build a sexp :
> gcry_sexp_build(&gcryhash,NULL,"(data(flags pkcs1)(hash sha1 %m))",bn);
> where bn is the mpi where the hash is stocked. The problem is that when
> the most significant bit is set, the sexp is built like this :
> (data
> (flags pkcs1)
> (hash sha1 #00D5FAD16E753FEEC40B696EC82D1E602A4D5C1302#)
> )

Use the %b format character instead of %m; %b lets you insert memory
buffers directly, regardles of MPI formating. %b expects two arguments:
one of size_t and a pointer to the memory buffer.

Moritz

Re: Problem with gcry_pk_verify [ In reply to ]

Aug 13, 2005, 7:05 AM

Post #3 of 6 (2461 views)

On Thu, Aug 11, 2005 at 09:57:14PM +0200, Moritz Schulte wrote :
> Jean-Philippe Garcia Ballester wrote:
>
> > I'm using libgcrypt to make a SSH library. So I build a sexp :
> > gcry_sexp_build(&gcryhash,NULL,"(data(flags pkcs1)(hash sha1 %m))",bn);
> > where bn is the mpi where the hash is stocked. The problem is that when
> > the most significant bit is set, the sexp is built like this :
> > (data
> > (flags pkcs1)
> > (hash sha1 #00D5FAD16E753FEEC40B696EC82D1E602A4D5C1302#)
> > )
>
> Use the %b format character instead of %m; %b lets you insert memory
> buffers directly, regardles of MPI formating. %b expects two arguments:
> one of size_t and a pointer to the memory buffer.

Thanks. This works for RSA host key verification.
But I still got a problem with DSA host key verification. The sexp is
build like this :
(data
(flags raw)
(value #9092EA3A02CD3738DD71DAE3FEAD27F3FC22A30F#)
)
The problem is that it fails with Invalid Object (the mpi scanning fails
because it's negative). If I put 0s, it fails with Invalid DSA
signature.
When the first bit of the hash is not set, it works perfectly.
How should I do?
Regards,

--
Jean-Philippe Garcia Ballester

Re: Problem with gcry_pk_verify [ In reply to ]

Aug 18, 2005, 2:46 AM

Post #4 of 6 (2474 views)

On Sat, 13 Aug 2005 16:05:06 +0200, Jean-Philippe Garcia Ballester said:

> The problem is that it fails with Invalid Object (the mpi scanning fails
> because it's negative). If I put 0s, it fails with Invalid DSA
> signature.

Check out our Secure Shell library at

ftp://ftp.gnupg.org/gcrypt/alpha/gsti/gsti-0.3.0.tar.bz2

may this is helpful.

Salam-Shalom,

Werner

Re: Problem with gcry_pk_verify [ In reply to ]

Aug 20, 2005, 2:42 PM

Post #5 of 6 (2444 views)

Jean-Philippe Garcia Ballester wrote:

> But I still got a problem with DSA host key verification. The sexp is
> build like this :
> (data
> (flags raw)
> (value #9092EA3A02CD3738DD71DAE3FEAD27F3FC22A30F#)
> )
> The problem is that it fails with Invalid Object (the mpi scanning fails
> because it's negative). If I put 0s, it fails with Invalid DSA
> signature.

I guess you have triggered the "Invalid signature" error. In this case:
are you SURE that the value you have provided is indeed a correct DSA
signature? Please send example code to me.

Thanks,
Moritz

Re: Problem with gcry_pk_verify [ In reply to ]

Aug 21, 2005, 9:06 AM

Post #6 of 6 (2457 views)

On Sat, Aug 20, 2005 at 11:42:37PM +0200, Moritz Schulte wrote :
> Jean-Philippe Garcia Ballester wrote:
>
> > But I still got a problem with DSA host key verification. The sexp is
> > build like this :
> > (data
> > (flags raw)
> > (value #9092EA3A02CD3738DD71DAE3FEAD27F3FC22A30F#)
> > )
> > The problem is that it fails with Invalid Object (the mpi scanning fails
> > because it's negative). If I put 0s, it fails with Invalid DSA
> > signature.
>
> I guess you have triggered the "Invalid signature" error. In this case:
> are you SURE that the value you have provided is indeed a correct DSA
> signature? Please send example code to me.

Oops. When putting 0s, I forgot to increment the data size parameter.
Thanks a lot for your help.

--
Jean-Philippe Garcia Ballester