Overview
| Artifact ID: | 8815e9b413d3d6013ea4ac92b99458a58a53d39b357f08ca7b0cafa10c87bf94 |
|---|---|
| Ticket: | bbdff172a399a771485ddbe9606ce9e2738a5d8c
::pki::verify always returns false when "algo" argument is provided |
| User & Date: | RP. 2020-02-12 13:31:48 |
Changes
- assignee changed to: ""
- comment changed to:
As in title, when <b>algo</b> argument is provided <b>::pki::verify</b> always returns false. As I found out problem is that when <b>default</b> algorithm is used plaintext value is stripped and converted to octetstring, but when explicit algo is provided final comparision is between plain-text and binary.<br> Fix that I've made is to always convert <b>plaintext</b> to octet-string <b>digest</b> (before <b>if</b> clause): <pre style="padding: 10px; border-left: solid 5px gray;"> proc ::pki::verify {signedmessage checkmessage keylist {algo default}} { package require asn if {[catch { set plaintext [::pki::decrypt -binary -unpad -pub -- $signedmessage $keylist] }]} { return false } # RP - always convert plain text to extracted octet-string digest (original $plaintext is not valid for final comparison with binary hash) set digest "" catch { ::asn::asnGetSequence plaintext message ::asn::asnGetSequence message digestInfo ::asn::asnGetOctetString message digest } if {$algo eq "default"} { set algoId "unknown" catch { ::asn::asnGetObjectIdentifier digestInfo algoId set algoId [::pki::_oid_number_to_name $algoId] } } else { set algoId $algo } switch -- $algoId { "md5" - "md5WithRSAEncryption" { set checkdigest [md5::md5 $checkmessage] } "sha1" - "sha1WithRSAEncryption" { set checkdigest [sha1::sha1 -bin $checkmessage] } "sha256" - "sha256WithRSAEncryption" { set checkdigest [sha2::sha256 -bin $checkmessage] } default { return -code error "Unknown hashing algorithm: $algoId" } } return [expr {$checkdigest eq $digest}] } </pre> - login: "RP."
- mimetype: "text/plain"