[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] [HTTPS-Everywhere] [GSoC] HTTPS Everywhere secure ruleset update mechanism update
(resending to tor-dev with tp.o email address)
On 07/08/2014 03:30 AM, Yan Zhu wrote:
> On 07/08/2014 02:55 AM, Ben Laurie wrote:
>> On 7 July 2014 19:40, Red <redwire@xxxxxxxxxx> wrote:
>>> Despite the fact that the process for producing the signature in
>>> question[2] seemed to work fine- Openssl was able to generate and verify
>>> the signature, the testing code calling the verifyData[3] function used
>>> for verification was returning an undocumented NS_ERROR_FAILURE
>>> exception. I had spent a great deal of time asking for support in
>>> relevant Firefox extension development IRC channels, reading source code
>>> from unit tests for the nsIDataSignatureVerifier component, and
>>> experimenting with alternative openssl commands in order to try to
>>> figure out why this error was occurring.
>>
>> Looking at the pk1sign source, it looks like the signature needs to be
>> in base64. Was that what you were using?
>>
>> Do you have a test case that fails using command line tools?
>
> I think Zack's original failing test case was generated via something like:
> $ openssl rsautl -sign -in update.digest -out signtmp.sig -inkey privkey.pem
> $ openssl base64 -in signtmp.sig -out update.json.sig
>
> as described in the original spec that we wrote:
> https://github.com/redwire/https-everywhere/blob/makeJSONManifest/doc/updateJSONSpec.md
>
> Here is the diff between the failing test and the passing test:
> https://github.com/redwire/https-everywhere/commit/8b3c85d9d90d679e8b69970173db9f3185fa44c3.
> I generated the data for the passing test with pk1sign.
>
> The documentation for nsIDataSignatureVerifier does not really describe
> the expected data format for the signature [1], so it took a while to
> figure out that it expects a very specialized form [2].
>
> [1]
> https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIDataSignatureVerifier
> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=685852#c0
>
>
>> _______________________________________________
>> tor-dev mailing list
>> tor-dev@xxxxxxxxxxxxxxxxxxxx
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
>>
>
>
>
>
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere@xxxxxxxxxxxxx
> https://lists.eff.org/mailman/listinfo/https-everywhere
>
--
Yan Zhu <yan@xxxxxxx>, <yan@xxxxxxxxxxxxxx>
Staff Technologist
Electronic Frontier Foundation https://www.eff.org
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x134
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev