Archived Forum Post

Index of archived forum posts

Question:

CkoRsa: Different SignatureSizes via Python and ObjC

Jun 04 '13 at 18:15

OK, here's a fairly straightforward issue.

I have an RSA public key (public_key) and private key (private_key), and a source text (string). When I call this from Objective-C:

rsa.EncodingMode = @"hex";
rsa.LittleEndian = NO;
[rsa ImportPrivateKey: private_key];
NSString *signed_string = [rsa SignStringENC: string hashAlg: @"MD2"];

...I get a signature of the string. If I then call this in Objective-C:

rsa.EncodingMode = @"hex";
rsa.LittleEndian = NO;
[rsa ImportPublicKey: public_key];
[rsa VerifyStringEnc: string hashAlg: @"MD2" sig: signature]

...I get YES: the string verifies fine.

However, if I pass the public key, the string, and the signature to Python and then call this:

self.rsa_object.put_LittleEndian(False) 
self.rsa_object.EncodingMode = 'hex'
self.rsa_object.ImportPublicKey(public_key)
rsa.VerifyStringENC(string, 'MD2', signature)

...I get False: the string fails to verify.

When I dump the LastErrorText from each verify function, I find that Objective-C and Python are using different signature lengths. When using a 1,024-bit RSA key, Objective-C reports a 128-bit signature, and Python reports a 192-bit signature. Similarly, when using a 2,048-bit RSA key, Objective-C reports a 256-bit signature, and Python reports a 384-bit signature.

I've verified that the three parameters are identical for each call of VerifyStringENC on each side.

Here's the Objective-C LastErrorText:

VerifyStringENC:
    DllDate: Dec 12 2012
    Architecture: Little Endian; 64-bit
    Language: Cocoa Objective-C
    VerboseLogging: 0
    signature: 0055A84C1F6E7904620CCDFABD1D4B640B4CEEAB11F1B28BC58257A167D09404C575EE11A56D0AD8A1BEE48A2F591A9ADD1D57A2446D222226083E62BBE22E367A672779BA765E06145457AD8AAD6AEE94AE0ADDF5B76F957D224404C275176095C5A1AE1E423C6CE0BE10A472390583073C219456AB2C490B03E065252C09954BB27901264F68AC5AB8B7C83D686A6142A53274A6F6136524B9D72A0D10A9A429F822EEDA0CCDCB8966E70EA2DBDB6A62FEDBD0538530C904F419E0038F0008187B40E352C4ED6C658ADA1B2997013B6BA0F34C6D82D57098AC459B6C685670932D35CA41E66F44A244BF5E1C438547F116235DA86AD5D9925580B8604FA05A
    HashAlgorithm: MD2
    DataSize: 34
    SignatureSize: 256
    HashSize: 16
    HashBytes: 7A4D E389 E368 89C8 5C47 4AE6 2EE4 B7EF
    Using PKCS 1.5 decoding
    verifyHash:
        RSA_verify:
            KeyType: Public
            HashInSize: 16
            Padding: PKCS v1.5
            HashOid: 1.2.840.113549.2.2
        --RSA_verify
        Success.
    --verifyHash
--VerifyStringENC

And here's the Python LastErrorText:

VerifyStringENC:
    DllDate: Dec 12 2012
    Architecture: Little Endian; 32-bit
    Language: Linux C/C++
    VerboseLogging: 0
    signature: 0055A84C1F6E7904620CCDFABD1D4B640B4CEEAB11F1B28BC58257A167D09404C575EE11A56D0AD8A1BEE48A2F591A9ADD1D57A2446D222226083E62BBE22E367A672779BA765E06145457AD8AAD6AEE94AE0ADDF5B76F957D224404C275176095C5A1AE1E423C6CE0BE10A472390583073C219456AB2C490B03E065252C09954BB27901264F68AC5AB8B7C83D686A6142A53274A6F6136524B9D72A0D10A9A429F822EEDA0CCDCB8966E70EA2DBDB6A62FEDBD0538530C904F419E0038F0008187B40E352C4ED6C658ADA1B2997013B6BA0F34C6D82D57098AC459B6C685670932D35CA41E66F44A244BF5E1C438547F116235DA86AD5D9925580B8604FA05A
    HashAlgorithm: MD2
    DataSize: 34
    SignatureSize: 384
    HashSize: 16
    HashBytes: 7A4D E389 E368 89C8 5C47 4AE6 2EE4 B7EF
    Using PKCS 1.5 decoding
    verifyHash:
        RSA_verify:
            KeyType: Public
            HashInSize: 16
            Padding: PKCS v1.5
            Invalid RSA input value
            Invalid RSA input value
            Modular exponentiation failed.
        --RSA_verify
    --verifyHash
    Retry with PSS decoding...
    verifyHash:
        RSA_verify:
            KeyType: Public
            HashInSize: 16
            Padding: OAEP
            HashAlg: MD2
            Invalid RSA input value
            Invalid RSA input value
            Modular exponentiation failed.
        --RSA_verify
    --verifyHash
    Failed.
--VerifyStringENC

It seems to be impossible to alter the signature size parameter. I'm not even sure where it's coming from; it seems independent of the actual actual size of the signature (which is 512 bytes on each platform).

The same result happens if OaepPadding is set to YES/True on each side, and if different hashing algorithms are used (SHA-1, SHA-256, etc.)

The signature size seems to be totally out of my control. It only seems to depend on the RSA key length, which changes the signature size proportionally for both platforms.

Any ideas? Thanks...


Answer

Something seems amiss with the Python version. I'll post a download link for a new build ASAP...


Answer

Here are the new v9.4.1 pre-release Python builds for 32-bit Linux:

http://www.chilkatsoft.com/preRelease/chilkat-9.4.1-python-2.5-i686-linux.tar.gz

http://www.chilkatsoft.com/preRelease/chilkat-9.4.1-python-2.6-i686-linux.tar.gz

http://www.chilkatsoft.com/preRelease/chilkat-9.4.1-python-2.7-i686-linux.tar.gz

http://www.chilkatsoft.com/preRelease/chilkat-9.4.1-python-3.0-i686-linux.tar.gz

http://www.chilkatsoft.com/preRelease/chilkat-9.4.1-python-3.1-i686-linux.tar.gz

http://www.chilkatsoft.com/preRelease/chilkat-9.4.1-python-3.2-i686-linux.tar.gz

http://www.chilkatsoft.com/preRelease/chilkat-9.4.1-python-3.3-i686-linux.tar.gz

Please check to see if this new build resolves the problem. (Choose the download that matches your version of Python.)