[PYTHON-CRYPTO] DSA signature verification trouble...

Dan Berger dberger at CS.UCR.EDU
Wed Aug 4 20:51:22 CEST 2004 

Ok - I'm pretty sure this is in the python layer somewhere - the
following C code works (reports success for both signing and verifying):

#include <stdlib.h>
#include <string.h>
#include <openssl/dsa.h>
#include <openssl/pem.h>
                                                                                          
int main() {
  DSA *key;
  unsigned char *digest = "foobar";
  int len = strlen(digest);
  unsigned char sig[256];
  unsigned int siglen;
                                                                                          
  key = DSA_new();
    PEM_read_DSAPrivateKey(
        fopen("/home/dberger/Projects/IKaRoS/server/db/ksk_1.pem", "r"),
	&key, NULL, NULL);
  if (key == NULL) {
    printf("read key failed\n");
    exit(-1);
  }
  printf ("sign: %d\n", DSA_sign(0, digest, len, sig, &siglen, key));
  printf ("verify: %d\n", DSA_verify(0, digest, len, sig, siglen, key));
}

On Wed, 2004-08-04 at 11:19 -0700, Dan Berger wrote:
> I thought this was a problem between my Python and C code, but it looks
> like either there's a problem in M2Crypto (possibly OpenSSL), or I'm
> missing something.  Consider the following code:
> 
> import M2Crypto
> import M2Crypto.DSA
> import M2Crypto.EVP
> ksk = M2Crypto.DSA.load_key("/home/dberger/Projects/IKaRoS/server/db/ksk_1.pem")
> signature = ksk.sign_asn1("foobar")
> ksk.verify_asn1(signature, "foobar")
> 
> Traceback (most recent call last):
>   File "<stdin>", line 1, in ?
>   File "/usr/lib/python2.2/site-packages/M2Crypto/DSA.py", line 132, in verify_asn1
> M2Crypto.DSA.DSAError: too long
> 
> Feeding a signature produced by sign_asn1 directly into verify_asn1
> fails.  Anyone have any suggestions?
> 
> By the way - doing this:
> 
> import M2Crypto
> import M2Crypto.DSA
> import M2Crypto.EVP
> ksk = M2Crypto.DSA.load_key("/home/dberger/Projects/IKaRoS/server/db/ksk_1.pem")
> signature = ksk.sign("foobar")
> ksk.verify("foobar", signature[0], signature[1])
> 
> returns success, which suggests it's a problem with the asn1 encode/decode "stuff."
> 
> --
> 
> ...Dan Berger [dberger at cs.ucr.edu]
>    Department of Computer Science
>    Surge Building, Room 357
>    University of California, Riverside
>    http://www.cs.ucr.edu/~dberger
> 
>    "I like naked women. I'm a bloke. I'm supposed to like them. We're
>     born like that. We like naked women as soon as we're pulled out of
>     one. Halfway down the birth canal we're already enjoying the view!"
> 
>                         - Steve, Coupling: "Inferno"
--

...Dan Berger [dberger at cs.ucr.edu]
   Department of Computer Science
   Surge Building, Room 357
   University of California, Riverside
   http://www.cs.ucr.edu/~dberger

   "Americans may be undereducated, lazy, and disorganized, but they do one
    thing better than any people on the face of the earth, and that is watch
    television. The average eight-year old American has absorbed more about
    media technology than a goddamn film student in most other countries.
    You can tell lies to them and they'll never know. But if you try to lie
    to them with the camera, they'll crucify you."

                                      - Cy Ogle, "Interface"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20040804/693059aa/attachment.pgp>

More information about the python-crypto mailing list