Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error decoding signature bytes #355

Closed
charego opened this issue Aug 31, 2017 · 3 comments
Closed

Error decoding signature bytes #355

charego opened this issue Aug 31, 2017 · 3 comments

Comments

@charego
Copy link
Contributor

charego commented Aug 31, 2017

Similar to #354, but I do not know if it has the same cause/fix.

Please let me know if these tickets are not informative enough. I can try to give more relevant details.

Environment:

  • Java 8u144
  • sshj 0.21.1
  • connecting to Cisco devices (IOS XRs)
ERROR [net.schmizz.concurrent.Promise] <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: error decoding signature bytes.
...
Caused by: net.schmizz.sshj.transport.TransportException: error decoding signature bytes.
	at net.schmizz.sshj.transport.TransportException$1.chain(TransportException.java:33)
	at net.schmizz.sshj.transport.TransportException$1.chain(TransportException.java:27)
	at net.schmizz.concurrent.Promise.deliverError(Promise.java:96)
	at net.schmizz.concurrent.Event.deliverError(Event.java:74)
	at net.schmizz.concurrent.ErrorDeliveryUtil.alertEvents(ErrorDeliveryUtil.java:34)
	at net.schmizz.sshj.transport.KeyExchanger.notifyError(KeyExchanger.java:386)
	at net.schmizz.sshj.transport.TransportImpl.die(TransportImpl.java:600)
	at net.schmizz.sshj.transport.Reader.run(Reader.java:67)
Caused by: net.schmizz.sshj.common.SSHException: error decoding signature bytes.
	at net.schmizz.sshj.common.SSHException$1.chain(SSHException.java:36)
	at net.schmizz.sshj.common.SSHException$1.chain(SSHException.java:29)
	at net.schmizz.sshj.transport.TransportImpl.die(TransportImpl.java:595)
	... 1 common frames omitted
Caused by: net.schmizz.sshj.common.SSHRuntimeException: error decoding signature bytes.
	at net.schmizz.sshj.signature.SignatureDSA.verify(SignatureDSA.java:102)
	at net.schmizz.sshj.transport.kex.AbstractDHG.next(AbstractDHG.java:85)
	at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:358)
	at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:503)
	at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:102)
	at net.schmizz.sshj.transport.Decoder.received(Decoder.java:170)
	at net.schmizz.sshj.transport.Reader.run(Reader.java:59)
Caused by: java.security.SignatureException: error decoding signature bytes.
	at org.bouncycastle.jcajce.provider.asymmetric.dsa.DSASigner.engineVerify(Unknown Source)
	at java.security.Signature$Delegate.engineVerify(Signature.java:1219)
	at java.security.Signature.verify(Signature.java:652)
	at net.schmizz.sshj.signature.SignatureDSA.verify(SignatureDSA.java:100)
	... 6 common frames omitted
@charego
Copy link
Contributor Author

charego commented Sep 14, 2017

Unit test to cause this exception. Taken from https://github.com/Jurrie/jsch-111-bugfix/blob/master/src/test/java/org/jurr/jsch/bugfix111/SignatureDSATest.java.

See the author's comment here: https://sourceforge.net/p/jsch/bugs/111/#b2eb

@Test
public void testTooShortSignature() throws Exception {
    final SignatureDSA signatureDSA = new SignatureDSA();

    byte[] y = new byte[] { 0, -92, 59, 5, 72, 124, 101, 124, -18, 114, 7, 100, 98, -61, 73, -104, 120, -98, 54, 118, 17, -62, 91, -110, 29, 98, 50, -101, -41, 99, -116, 101, 107, -123, 124, -97, 62, 119, 88, -109, -110, -1, 109, 119, -51, 69, -98, -105, 2, -69, -121, -82, -118, 23, -6, 96, -61, -65, 102, -58, -74, 32, -104, 116, -6, -35, -83, -10, -88, -68, 106, -112, 72, -2, 35, 38, 15, -11, -22, 30, -114, -46, -47, -18, -17, -71, 24, -25, 28, 13, 29, -40, 101, 18, 81, 45, -120, -67, -53, -41, 11, 50, -89, -33, 50, 54, -14, -91, -35, 12, -42, 13, -84, -19, 100, -3, -85, -18, 74, 99, -49, 64, -49, 51, -83, -82, -127, 116, 64 };
    byte[] p = new byte[] { 0, -3, 127, 83, -127, 29, 117, 18, 41, 82, -33, 74, -100, 46, -20, -28, -25, -10, 17, -73, 82, 60, -17, 68, 0, -61, 30, 63, -128, -74, 81, 38, 105, 69, 93, 64, 34, 81, -5, 89, 61, -115, 88, -6, -65, -59, -11, -70, 48, -10, -53, -101, 85, 108, -41, -127, 59, -128, 29, 52, 111, -14, 102, 96, -73, 107, -103, 80, -91, -92, -97, -97, -24, 4, 123, 16, 34, -62, 79, -69, -87, -41, -2, -73, -58, 27, -8, 59, 87, -25, -58, -88, -90, 21, 15, 4, -5, -125, -10, -45, -59, 30, -61, 2, 53, 84, 19, 90, 22, -111, 50, -10, 117, -13, -82, 43, 97, -41, 42, -17, -14, 34, 3, 25, -99, -47, 72, 1, -57 };
    byte[] q = new byte[] { 0, -105, 96, 80, -113, 21, 35, 11, -52, -78, -110, -71, -126, -94, -21, -124, 11, -16, 88, 28, -11 };
    byte[] g = new byte[] { 0, -9, -31, -96, -123, -42, -101, 61, -34, -53, -68, -85, 92, 54, -72, 87, -71, 121, -108, -81, -69, -6, 58, -22, -126, -7, 87, 76, 11, 61, 7, -126, 103, 81, 89, 87, -114, -70, -44, 89, 79, -26, 113, 7, 16, -127, -128, -76, 73, 22, 113, 35, -24, 76, 40, 22, 19, -73, -49, 9, 50, -116, -56, -90, -31, 60, 22, 122, -117, 84, 124, -115, 40, -32, -93, -82, 30, 43, -77, -90, 117, -111, 110, -93, 127, 11, -6, 33, 53, 98, -15, -5, 98, 122, 1, 36, 59, -52, -92, -15, -66, -88, 81, -112, -119, -88, -125, -33, -31, 90, -27, -97, 6, -110, -117, 102, 94, -128, 123, 85, 37, 100, 1, 76, 59, -2, -49, 73, 42 };
    signatureDSA.initVerify(createPublicKey(y, p, q, g));

    byte[] H = new byte[] { -4, 111, -103, 111, 72, -106, 105, -19, 81, -123, 84, -13, -40, -53, -3, -97, -8, 43, -22, -2, -23, -15, 28, 116, -63, 96, -79, -127, -84, 63, -6, -94 };
    signatureDSA.update(H);

    byte[] sig_of_H = new byte[] { 0, 0, 0, 7, 115, 115, 104, 45, 100, 115, 115, 0, 0, 0, 40, 0, 79, 84, 118, -50, 11, -117, -112, 52, -25, -78, -50, -20, 6, -69, -26, 7, 90, -34, -124, 80, 76, -32, -23, -8, 43, 38, -48, -89, -17, -60, -1, -78, 112, -88, 14, -39, -78, -98, -80 };
    boolean verified = signatureDSA.verify(sig_of_H);

    assertTrue(verified);
}

private PublicKey createPublicKey(final byte[] y, final byte[] p, final byte[] q, final byte[] g) throws Exception {
    final DSAPublicKeySpec dsaPubKeySpec = new DSAPublicKeySpec(
        new BigInteger(y),
        new BigInteger(p),
        new BigInteger(q),
        new BigInteger(g));
    final KeyFactory keyFactory = KeyFactory.getInstance("DSA");
    return keyFactory.generatePublic(dsaPubKeySpec);
}

I am working on a pull request to port @Jurrie's changes to sshj.

@charego charego mentioned this issue Sep 14, 2017
Closed
@kokowo
Copy link

kokowo commented Sep 19, 2017

I got the exact same issue on same env. It happens randomly. Any update on this issue?

@charego charego closed this as completed Sep 19, 2017
@charego charego reopened this Sep 19, 2017
@charego
Copy link
Contributor Author

charego commented Sep 19, 2017
edited

Whoops. Didn't mean to close and open...

See the referenced pull request. If the mpint encoding of some signed data has redundant leading 0s, then the conversion to ASN.1 encoding should remove those 0x00 bytes. We are getting ready to test the fix on our environment where we saw it.

@hierynomus hierynomus mentioned this issue Sep 19, 2017
Merged
CCLiu added a commit to CCLiu/sshj that referenced this issue Jan 11, 2018
@CCLiu
merge (#1)
b265cfd 
* Check whether filename is a child of the current file (Fixes hierynomus#341)

* Fixed codacy

* Updated README release notes

* Removed oraclejdk7 as that is no longer supported on trusty, added openjdk

* Added gradle caching to travis config

* Removed use of DataTypeConverter as that is no longer in default JDK9

* Removed build of broken openJDK7 in favour of using animal-sniffer to detect java 1.6 compatibility

* Improved test stability

* Correctly determine KeyType for ECDSA public key (Fixes hierynomus#356)

* fixed build

* Fixed Java9 build?

* Disambiguated signature initialization

* Removed deprecated method

* Organised imports

* Added 'out/' to gitignore

* Added support for new-style fingerprints (hierynomus#365)

* Added support for new-style fingerprints

* Fixed codacy warnings

* Fix decoding signature bytes (Fixes hierynomus#355, hierynomus#354) (hierynomus#361)

* Fix for signature verify in DSA

* Cleaned up signature verification

* Fixed import

* Ignored erroneous pmd warnings

* Updated JavaDoc

* Extracted ASN.1/DER encoding to method (hierynomus#368)

* Update net.i2p.crypto:eddsa to 0.2.0 (hierynomus#372)

* Update net.i2p.crypto:eddsa to 0.2.0

* Update net.i2p.crypto.eddsa to 0.2.0

* Update net.i2p.crypto.eddsa to 0.2.0

* Update net.i2p.crypto.eddsa to 0.2.0

* Log security provider registration failures (hierynomus#374)

* Migrate remaining block ciphers

* Updated README for v0.23.0 release

* Using new release plugin

* Updated build plugins

* Fix escaping in WildcardHostMatcher (hierynomus#382)

* Escape '[' and ']' in WildcardHostMatcher

* Anchoring regex to match entire string (Fixes hierynomus#381)

* Updated builds to include CodeCov

* - Experimenting with travis

* - fix ip for online testing

* - account for different working dir

* - yaml-yaml

* - double before_install

* - still -d

* - try common format

* - Fixed server keys
- Use sshj branding

* - grr, ip

* - minor improvements

* - eh?

* - switch username back

* - orly?

* - desperation

* - One more time

* Upgraded gradle to cope with java9

* Separated out integration tests

* Fixed length bug in putString (Fixes hierynomus#187)

* Removed docker from travis yml as it is included in gradle build now

* Added integration test to travis

* Update AndroidConfig (hierynomus#389)

* Add EdDSA signature for AndroidConfig.

* Initialize KeyExchange- and FileKeyProviderFactories with registered "bouncyCastle" (in fact, SpongyCastle is registered).

See hierynomus#308 for discussion.

* Added integration test for append scenario (Fixes hierynomus#390)

* Fixed headers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kokowo @charego