Closed Bug 685852 Opened 13 years ago Closed 13 years ago

Implement pk1sign - related to PSM's nsDataSignatureVerifier.cpp

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Version:
3.13
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: KaiE, Assigned: KaiE)

Details

Attachments

(2 files, 1 obsolete file)

Patch v2
11.07 KB, patch
rrelyea
: review+
Details | Diff | Splinter Review
Fix build bustage on Windows.
3.47 KB, patch
KaiE
: review+
Details | Diff | Splinter Review
I was looking for a tool to create signatures that can be verified from within Mozilla's application level code, in particular from within its JavaScript layer. Unfortunately the PSM interfaces to validate CMS messages are not (yet) accessible from JavaScript. The only method that was readily available is the nsIDataSignatureVerifier interface, which was implemented in bug 390615. As Nelson noted in that bug, the data format used is somewhat uncommon. I found that it expects a special encoding of a public key like this: C-Sequence (418) C-Sequence (13) Object Identifier (9) 1 2 840 113549 1 1 1 (PKCS #1 RSA Encryption) NULL (0) Bit String (399) ... and the expected signatures look like this: C-Sequence (147) C-Sequence (13) Object Identifier (9) 1 2 840 113549 1 1 5 (PKCS #1 SHA-1 With RSA Encryption) NULL (0) Bit String (129) ... Dave told me the https://developer.mozilla.org/en/McCoy tool can be used to create such signatures, but I was looking for something more lightweight. I implemented a small NSS tool that can be used to create such signatures. It will use the keys found in a certificate. At the same time, for convenience, the tool dumps a public key encoding in the correct format. I named this tool pk1sign. I created it by copying the existing p7sign tool and modifying it to my needs. Should we add this tool to NSS?
Attached patch patch v1 (obsolete) — Splinter Review
To review the changes I made to the copy of p7sign.c you could "cd" to mozilla/security/nss/cmd and run diff -u p7sign/p7sign.c pk1sign/pk1sign.c I copied the ASN1 templates from the McCoy code.
Assignee: nobody → kaie
Attachment #559442 - Flags: review?
Is there a specific person who can/should review this? I'm going through unassigned reviews, and am unsure what to do with this one.
Comment on attachment 559442 [details] [diff] [review] patch v1 Very low priority.
Attachment #559442 - Flags: review? → review?(rrelyea)
Comment on attachment 559442 [details] [diff] [review] patch v1 r- There are 2 nits: 1) for the new files. please use the new license header Gerv had gone through and changes the licenses on all the NSS file s to MPL 2.0. Our new files should reflect the new license. 2) In ExportPublicKey, you use the function SECKEY_ConvertToPublicKey() from the private key. This function isn't exactly reliable. Since the only caller of this function also has the cert I suggest passing in the cert and using the CERT_ExtractPublicKey() function [which is actually what ConvertToPublicKey() does under the covers anyway) Finally: please use the SECASN1_ calls to encode rather than DER_ calls. The latter is quite old and depricated within NSS. bob
Attachment #559442 - Flags: review?(rrelyea) → review-
Attached patch Patch v2Splinter Review
> use the new license header done > 2) In ExportPublicKey ... use CERT_ExtractPublicKey() done > use the SECASN1_ calls to encode rather than DER_ calls done
Attachment #559442 - Attachment is obsolete: true
Attachment #620686 - Flags: review?(rrelyea)
Comment on attachment 620686 [details] [diff] [review] Patch v2 r+ Thanks! bob
Attachment #620686 - Flags: review?(rrelyea) → review+
Checking in manifest.mn; /cvsroot/mozilla/security/nss/cmd/manifest.mn,v <-- manifest.mn new revision: 1.32; previous revision: 1.31 done RCS file: /cvsroot/mozilla/security/nss/cmd/pk1sign/Makefile,v done Checking in pk1sign/Makefile; /cvsroot/mozilla/security/nss/cmd/pk1sign/Makefile,v <-- Makefile initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/pk1sign/manifest.mn,v done Checking in pk1sign/manifest.mn; /cvsroot/mozilla/security/nss/cmd/pk1sign/manifest.mn,v <-- manifest.mn initial revision: 1.1 done RCS file: /cvsroot/mozilla/security/nss/cmd/pk1sign/pk1sign.c,v done Checking in pk1sign/pk1sign.c; /cvsroot/mozilla/security/nss/cmd/pk1sign/pk1sign.c,v <-- pk1sign.c initial revision: 1.1 done
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.14
This patch was checked in as revision 1.2.
Attachment #621875 - Flags: review?(kaie)
Comment on attachment 621875 [details] [diff] [review] Fix build bustage on Windows. r=kaie Thanks for cleaning this up.
Attachment #621875 - Flags: review?(kaie) → review+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: