libksba/gpgsm: support for RSA-PSS signatures made with a maximum saltLength value
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	zablockil
	Fri, Jan 17, 12:55 PM

Description

I came across such certificates in the wild. They are signed with a maximum salt-length value and correctly pass validation by openssl and windows10/cryptoAPI.

I found a specimen for creating signatures with such saltlength values on this site. I created test certificates, package max_salt_rsapss_certs.tar.lz. The request also applies to signatures on CRL and CMS messages.

thank you

steps:

import user+root cert --> OK (?)
encrypt file to user cert --> FAILED

$ gpgsm --version
gpgsm (GnuPG) 2.4.7
libgcrypt 1.11.0
libksba 1.6.7

$ gpgsm --import --batch --disable-crl-checks --disable-policy-checks --debug-level guru R:\max_salt_rsapss_certs\sha256\pair_2048.pem

gpgsm: enabled debug flags: x509 mpi crypto memory cache memstat hashing ipc clock lookup
gpgsm: enabled compatibility flags:
gpgsm: DBG: [no clock] keydb_new: enter
gpgsm: brak działającego keyboxd - uruchamianie „C:\\Program Files (x86)\\Gpg4win\\..\\GnuPG\\bin\\keyboxd.exe”
gpgsm: oczekiwanie na uruchomienie procesu keyboxd... (8s)
gpgsm: DBG: chan_0x0000027c <- # Home: C:\Users\warm_face\AppData\Roaming\gnupg
gpgsm: DBG: chan_0x0000027c <- # Config: [none]
gpgsm: DBG: chan_0x0000027c <- OK Keyboxd 2.4.7 at your service, process 6864
gpgsm: ustanowiono połączenie z procesem keyboxd
gpgsm: DBG: chan_0x0000027c -> GETINFO version
gpgsm: DBG: chan_0x0000027c <- D 2.4.7
gpgsm: DBG: chan_0x0000027c <- OK
gpgsm: DBG: [no clock] keydb_new: leave (hd=0x024f1c38)
gpgsm: DBG: [no clock] keydb_search_reset: enter (hd=0x024f1c38)
gpgsm: DBG: [no clock] keydb_search_reset: leave (err=Sukces)
gpgsm: DBG: looking for parent certificate
gpgsm: DBG: [no clock] keydb_search_reset: enter (hd=0x024f1c38)
gpgsm: DBG: [no clock] keydb_search_reset: leave (err=Sukces)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x024f1c38)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: SUBJECT: '2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT'
gpgsm: DBG: chan_0x0000027c -> SEARCH --x509 /2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG: chan_0x0000027c <- ERR 134217755 Nie znaleziono <Keybox>
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: DBG: [no clock] keydb_search_reset: enter (hd=0x024f1c38)
gpgsm: DBG: [no clock] keydb_search_reset: leave (err=Sukces)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x024f1c38)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: SUBJECT: '2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT'
gpgsm: DBG: chan_0x0000027c -> SEARCH --x509 /2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG: chan_0x0000027c <- ERR 134217755 Nie znaleziono <Keybox>
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: poszukiwanie wystawcy w pamięci podręcznej Dirmngr
gpgsm: brak działającego dirmngr - uruchamianie „C:\\Program Files (x86)\\Gpg4win\\..\\GnuPG\\bin\\dirmngr.exe”
gpgsm: oczekiwanie na uruchomienie procesu dirmngr... (8s)
gpgsm: DBG: chan_0x00000270 <- # Home: C:\Users\warm_face\AppData\Roaming\gnupg
gpgsm: DBG: chan_0x00000270 <- # Config: C:/Users/warm_face/AppData/Roaming/gnupg/dirmngr.conf
gpgsm: DBG: chan_0x00000270 <- OK Dirmngr 2.4.7 at your service, process 7164
gpgsm: ustanowiono połączenie z procesem dirmngr
gpgsm: DBG: chan_0x00000270 -> GETINFO version
gpgsm: DBG: chan_0x00000270 <- D 2.4.7
gpgsm: DBG: chan_0x00000270 <- OK
gpgsm: DBG: chan_0x00000270 -> OPTION audit-events=1
gpgsm: DBG: chan_0x00000270 <- OK
gpgsm: DBG: chan_0x00000270 -> LOOKUP --cache-only /2.5.4.5=#6670687A742D3036353639,CN=2048%20ROOT
gpgsm: DBG: chan_0x00000270 <- ERR 167772218 Brak danych <Dirmngr>
gpgsm: liczba pasujących certyfikatów: 0
gpgsm: wyszukiwanie klucza tylko w pamięci podręcznej dirmngr nie powiodło się: Brak danych
gpgsm: issuer certificate {57F5A0F31CBDAA0F675F2FCF5A74EEE2BFBA40D5} not found using authorityKeyIdentifier
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x024f1c38)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: SUBJECT: '2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT'
gpgsm: DBG: chan_0x0000027c -> NEXT --x509
gpgsm: DBG: chan_0x0000027c <- ERR 134217854 Nic nie znaleziono <Keybox> - no previous SEARCH
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: poszukiwanie wystawcy w pamięci podręcznej Dirmngr
gpgsm: DBG: chan_0x00000270 -> LOOKUP --cache-only #/2.5.4.5=#6670687A742D3036353639,CN=2048%20ROOT
gpgsm: DBG: chan_0x00000270 <- ERR 167772218 Brak danych <Dirmngr>
gpgsm: liczba pasujących certyfikatów: 0
gpgsm: wyszukiwanie klucza tylko w pamięci podręcznej dirmngr nie powiodło się: Brak danych
gpgsm: DBG: [no clock] keydb_search_reset: enter (hd=0x024f1c38)
gpgsm: DBG: [no clock] keydb_search_reset: leave (err=Sukces)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x024f1c38)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: SUBJECT: '2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT'
gpgsm: DBG: chan_0x0000027c -> SEARCH --x509 /2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG: chan_0x0000027c <- ERR 134217755 Nie znaleziono <Keybox>
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: issuer certificate (#/2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT) not found
gpgsm: DBG: [no clock] keydb_release: enter (hd=0x024f1c38)
gpgsm: DBG: [no clock] close_context (found)
gpgsm: DBG: [no clock] keydb_release: leave
gpgsm: DBG: [no clock] keydb_new: enter
gpgsm: DBG: [no clock] keydb_new: leave (hd=0x024f1c38)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x024f1c38)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: FPR20: 'A1:72:B2:68:F2:9D:43:43:96:EB:C9:1A:3C:3F:59:AE:6A:BC:82:9B'
gpgsm: DBG: chan_0x0000027c -> SEARCH --x509 0xA172B268F29D434396EBC91A3C3F59AE6ABC829B
gpgsm: DBG: chan_0x0000027c <- ERR 134217755 Nie znaleziono <Keybox>
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: DBG: [no clock] keydb_insert_cert: enter (hd=0x024f1c38)
gpgsm: DBG: chan_0x0000027c -> STORE --insert
gpgsm: DBG: chan_0x0000027c <- INQUIRE BLOB
gpgsm: DBG: chan_0000027c -> [ 44 20 30 82 03 32 30 82 01 e5 a0 03 02 01 02 02 ...(850 byte(s) skipped) ]
gpgsm: DBG: chan_0x0000027c -> END
gpgsm: DBG: chan_0x0000027c <- OK
gpgsm: DBG: [no clock] keydb_insert_cert: leave (err=Sukces)
gpgsm: DBG: [no clock] keydb_release: enter (hd=0x024f1c38)
gpgsm: DBG: [no clock] close_context (found)
gpgsm: DBG: [no clock] keydb_release: leave
gpgsm: certificate imported
gpgsm: DBG: [no clock] keydb_new: enter
gpgsm: DBG: [no clock] keydb_new: leave (hd=0x024f1c38)
gpgsm: DBG: looking for parent certificate
gpgsm: DBG: [no clock] keydb_search_reset: enter (hd=0x024f1c38)
gpgsm: DBG: [no clock] keydb_search_reset: leave (err=Sukces)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x024f1c38)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: SUBJECT: '2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT'
gpgsm: DBG: chan_0x0000027c -> SEARCH --x509 /2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG: chan_0x0000027c <- ERR 134217755 Nie znaleziono <Keybox>
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: DBG: [no clock] keydb_search_reset: enter (hd=0x024f1c38)
gpgsm: DBG: [no clock] keydb_search_reset: leave (err=Sukces)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x024f1c38)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: SUBJECT: '2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT'
gpgsm: DBG: chan_0x0000027c -> SEARCH --x509 /2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG: chan_0x0000027c <- ERR 134217755 Nie znaleziono <Keybox>
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: poszukiwanie wystawcy w pamięci podręcznej Dirmngr
gpgsm: DBG: chan_0x00000270 -> LOOKUP --cache-only /2.5.4.5=#6670687A742D3036353639,CN=2048%20ROOT
gpgsm: DBG: chan_0x00000270 <- ERR 167772218 Brak danych <Dirmngr>
gpgsm: liczba pasujących certyfikatów: 0
gpgsm: wyszukiwanie klucza tylko w pamięci podręcznej dirmngr nie powiodło się: Brak danych
gpgsm: issuer certificate {57F5A0F31CBDAA0F675F2FCF5A74EEE2BFBA40D5} not found using authorityKeyIdentifier
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x024f1c38)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: SUBJECT: '2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT'
gpgsm: DBG: chan_0x0000027c -> NEXT --x509
gpgsm: DBG: chan_0x0000027c <- ERR 134217854 Nic nie znaleziono <Keybox> - no previous SEARCH
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: poszukiwanie wystawcy w pamięci podręcznej Dirmngr
gpgsm: DBG: chan_0x00000270 -> LOOKUP --cache-only #/2.5.4.5=#6670687A742D3036353639,CN=2048%20ROOT
gpgsm: DBG: chan_0x00000270 <- ERR 167772218 Brak danych <Dirmngr>
gpgsm: liczba pasujących certyfikatów: 0
gpgsm: wyszukiwanie klucza tylko w pamięci podręcznej dirmngr nie powiodło się: Brak danych
gpgsm: DBG: [no clock] keydb_search_reset: enter (hd=0x024f1c38)
gpgsm: DBG: [no clock] keydb_search_reset: leave (err=Sukces)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x024f1c38)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: SUBJECT: '2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT'
gpgsm: DBG: chan_0x0000027c -> SEARCH --x509 /2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG: chan_0x0000027c <- ERR 134217755 Nie znaleziono <Keybox>
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: DBG: [no clock] keydb_release: enter (hd=0x024f1c38)
gpgsm: DBG: [no clock] close_context (found)
gpgsm: DBG: [no clock] keydb_release: leave
gpgsm: DBG: [no clock] keydb_new: enter
gpgsm: DBG: [no clock] keydb_new: leave (hd=0x00ece4e8)
gpgsm: DBG: sigval: (sig-val
gpgsm: DBG:          (rsa
gpgsm: DBG:           (s #8320A2F9AE0AC07B69848906FA18E54EC76CFB23F9F54B072B20AD32ED0334C7FE391350F5520CB8ABF545147C0CBBA1D095A3CEE5A237C0BA8A2E10C26A4C9E66AA4A1A3C80C5C9C792CB53F718AE8A98B7FA528592157A6398332CA0B891CD854D9815D209AADBADF2FB1F570878E7125F04D513622F02202F260D0B8D7E75525D1B4F54E3037F02E8B1B6678A8B7CEC55B1F6C54604E5E92CDB17AAE022193DDB4F21AB118C6DC57E5C1DC911BCFBF0049FF07494945BF7AE4F1DABE8BA65BCA821C56F854445101ABB949C6284C49DBDD0E8A6B5D6B75595D70E9DB4EA39B4D74DA2D412F2AEB9CF4E2FFC8890811D3FC5A33B956DBE8479EBAEF1DE6BC9#)
gpgsm: DBG:           )
gpgsm: DBG:          (hash sha256))
gpgsm: DBG: pubkey:: (public-key
gpgsm: DBG:           (rsa
gpgsm: DBG:            (n #00B74232E883B9BB58EDF32B5AC8EB9C8DFBED3579C7976367F6B5C173687306B1B0A2CB2B11B69109FD06FE004B510A5CAD838D9880566D6C1687BA4B28D47C883E3F6C3807FB89DEC0FF94CEC13A5FB00EBD3A891ABE29DD1BAF27FFC07FC47C97871DB93C7F694048C2C497B2F25ABB98343F7BCB4C2AAFEC0207F222FC6A3CB392F4C626B6F243CAFA043D15B3178FC52CA4DD1A4F3E8DDC8EF36F68F916BACE4D7417E5D02C9E3C33C99BC3392D43851656F2F1B0161DE26608A49A22C7C1B6B9757F3CCACD50C80613787489BAEDDA93B9CB039A02A39260AA3DE22E143BFC7579FB2CA954526A2A2DE61CDC89FB5669B4DF40C97B93A3304A1CADB67225#)
gpgsm: DBG:            (e #010001#)))
gpgsm: DBG: encoded hash: 00 01 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 30 31 30 0D 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20 91 3D FF F3 B6 C7 9C AD 43 15 34 44 A9 1C C4 85 5F 46 7A D1 A9 05 50 1B F5 65 07 80 66 F8 C3 C3
gpgsm: DBG: data:: #01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF003031300D060960864801650304020105000420913DFFF3B6C79CAD43153444A91CC4855F467AD1A905501BF565078066F8C3C3#
gpgsm: DBG: rsa_verify data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffff003031300d06096086480165030402010500042091 \
gpgsm: DBG:                  3dfff3b6c79cad43153444a91cc4855f467ad1a905501bf565078066f8c3c3
gpgsm: DBG: rsa_verify  sig:+8320a2f9ae0ac07b69848906fa18e54ec76cfb23f9f54b072b20ad32ed0334c7 \
gpgsm: DBG:                  fe391350f5520cb8abf545147c0cbba1d095a3cee5a237c0ba8a2e10c26a4c9e \
gpgsm: DBG:                  66aa4a1a3c80c5c9c792cb53f718ae8a98b7fa528592157a6398332ca0b891cd \
gpgsm: DBG:                  854d9815d209aadbadf2fb1f570878e7125f04d513622f02202f260d0b8d7e75 \
gpgsm: DBG:                  525d1b4f54e3037f02e8b1b6678a8b7cec55b1f6c54604e5e92cdb17aae02219 \
gpgsm: DBG:                  3ddb4f21ab118c6dc57e5c1dc911bcfbf0049ff07494945bf7ae4f1dabe8ba65 \
gpgsm: DBG:                  bca821c56f854445101abb949c6284c49dbdd0e8a6b5d6b75595d70e9db4ea39 \
gpgsm: DBG:                  b4d74da2d412f2aeb9cf4e2ffc8890811d3fc5a33b956dbe8479ebaef1de6bc9
gpgsm: DBG: rsa_verify    n:+b74232e883b9bb58edf32b5ac8eb9c8dfbed3579c7976367f6b5c173687306b1 \
gpgsm: DBG:                  b0a2cb2b11b69109fd06fe004b510a5cad838d9880566d6c1687ba4b28d47c88 \
gpgsm: DBG:                  3e3f6c3807fb89dec0ff94cec13a5fb00ebd3a891abe29dd1baf27ffc07fc47c \
gpgsm: DBG:                  97871db93c7f694048c2c497b2f25abb98343f7bcb4c2aafec0207f222fc6a3c \
gpgsm: DBG:                  b392f4c626b6f243cafa043d15b3178fc52ca4dd1a4f3e8ddc8ef36f68f916ba \
gpgsm: DBG:                  ce4d7417e5d02c9e3c33c99bc3392d43851656f2f1b0161de26608a49a22c7c1 \
gpgsm: DBG:                  b6b9757f3ccacd50c80613787489baedda93b9cb039a02a39260aa3de22e143b \
gpgsm: DBG:                  fc7579fb2ca954526a2a2de61cdc89fb5669b4df40c97b93a3304a1cadb67225
gpgsm: DBG: rsa_verify    e:+010001
gpgsm: DBG: rsa_verify  cmp:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
gpgsm: DBG:                  ffffffffffffffffffffff003031300d06096086480165030402010500042091 \
gpgsm: DBG:                  3dfff3b6c79cad43153444a91cc4855f467ad1a905501bf565078066f8c3c3
gpgsm: DBG: rsa_verify    => Good
gpgsm: DBG: gcry_pk_verify: Sukces
gpgsm: DBG: [no clock] keydb_release: enter (hd=0x00ece4e8)
gpgsm: DBG: [no clock] close_context (found)
gpgsm: DBG: [no clock] keydb_release: leave
gpgsm: DBG: [no clock] keydb_new: enter
gpgsm: DBG: [no clock] keydb_new: leave (hd=0x00ece4e8)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x00ece4e8)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: FPR20: 'DD:FC:26:1A:2F:E6:D0:06:F0:47:1B:40:1C:60:8A:C4:45:E9:51:E0'
gpgsm: DBG: chan_0x0000027c -> SEARCH --x509 0xDDFC261A2FE6D006F0471B401C608AC445E951E0
gpgsm: DBG: chan_0x0000027c <- ERR 134217755 Nie znaleziono <Keybox>
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: DBG: [no clock] keydb_insert_cert: enter (hd=0x00ece4e8)
gpgsm: DBG: chan_0x0000027c -> STORE --insert
gpgsm: DBG: chan_0x0000027c <- INQUIRE BLOB
gpgsm: DBG: chan_0000027c -> [ 44 20 30 82 03 1a 30 82 02 02 a0 03 02 01 02 02 ...(808 byte(s) skipped) ]
gpgsm: DBG: chan_0x0000027c -> END
gpgsm: DBG: chan_0x0000027c <- OK
gpgsm: DBG: [no clock] keydb_insert_cert: leave (err=Sukces)
gpgsm: DBG: [no clock] keydb_release: enter (hd=0x00ece4e8)
gpgsm: DBG: [no clock] close_context (found)
gpgsm: DBG: [no clock] keydb_release: leave
gpgsm: certificate imported
gpgsm: DBG: [no clock] keydb_new: enter
gpgsm: DBG: [no clock] keydb_new: leave (hd=0x00ece4e8)
gpgsm: DBG: [no clock] keydb_release: enter (hd=0x00ece4e8)
gpgsm: DBG: [no clock] close_context (found)
gpgsm: DBG: [no clock] keydb_release: leave
gpgsm: całkowita liczba przetworzonych: 2
gpgsm:          dołączono do zbioru: 2
gpgsm: DBG: chan_0x0000027c -> BYE
gpgsm: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpgsm: rndjent stat: collector=0x00000000 calls=0 bytes=0
gpgsm: secmem usage: 0/16384 bytes in 0 blocks

$ gpgsm --encrypt --debug-level guru --output ENCRYPTED.der --recipient a172b268f29d434396ebc91a3c3f59ae6abc829b FILE.in

gpgsm: enabled debug flags: x509 mpi crypto memory cache memstat hashing ipc clock lookup
gpgsm: enabled compatibility flags:
gpgsm: DBG: [no clock] keydb_new: enter
gpgsm: DBG: chan_0x0000025c <- # Home: C:\Users\warm_face\AppData\Roaming\gnupg
gpgsm: DBG: chan_0x0000025c <- # Config: [none]
gpgsm: DBG: chan_0x0000025c <- OK Keyboxd 2.4.7 at your service, process 6864
gpgsm: DBG: connection to the keyboxd established
gpgsm: DBG: chan_0x0000025c -> GETINFO version
gpgsm: DBG: chan_0x0000025c <- D 2.4.7
gpgsm: DBG: chan_0x0000025c <- OK
gpgsm: DBG: [no clock] keydb_new: leave (hd=0x00ffc460)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x00ffc460)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: FPR20: 'A1:72:B2:68:F2:9D:43:43:96:EB:C9:1A:3C:3F:59:AE:6A:BC:82:9B'
gpgsm: DBG: chan_0x0000025c -> SEARCH --x509 0xA172B268F29D434396EBC91A3C3F59AE6ABC829B
gpgsm: DBG: chan_0x0000025c <- S PUBKEY_INFO 2 A172B268F29D434396EBC91A3C3F59AE6ABC829B -- 0 1
gpgsm: DBG: chan_0000025c <- [ 44 20 30 82 03 32 30 82 01 e5 a0 03 02 01 02 02 ...(850 byte(s) skipped) ]
gpgsm: DBG: chan_0x0000025c <- OK
gpgsm: DBG: [no clock] keydb_search: leave (Sukces)
gpgsm: DBG: [no clock] keydb_get_cert: enter (hd=0x00ffc460)
gpgsm: DBG: [no clock] keydb_get_cert: leave (rc=0)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x00ffc460)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: FPR20: 'A1:72:B2:68:F2:9D:43:43:96:EB:C9:1A:3C:3F:59:AE:6A:BC:82:9B'
gpgsm: DBG: chan_0x0000025c -> NEXT --x509
gpgsm: DBG: chan_0x0000025c <- ERR 134217755 Nie znaleziono <Keybox>
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: DBG: [no clock] keydb_new: enter
gpgsm: DBG: chan_0x00000260 <- # Home: C:\Users\warm_face\AppData\Roaming\gnupg
gpgsm: DBG: chan_0x00000260 <- # Config: [none]
gpgsm: DBG: chan_0x00000260 <- OK Keyboxd 2.4.7 at your service, process 6864
gpgsm: DBG: connection to the keyboxd established
gpgsm: DBG: chan_0x00000260 -> GETINFO version
gpgsm: DBG: chan_0x00000260 <- D 2.4.7
gpgsm: DBG: chan_0x00000260 <- OK
gpgsm: DBG: [no clock] keydb_new: leave (hd=0x00740b78)
gpgsm: DBG: BEGIN Certificate 'target':
gpgsm: DBG:      serial: 539AF04249AD6C89
gpgsm: DBG:   notBefore: 2025-01-01 00:40:14
gpgsm: DBG:    notAfter: 2124-12-31 00:40:14
gpgsm: DBG:      issuer: 2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG:     subject: 2.5.4.5=#323034382D71353033582D3338333939,CN=222_salt_sha256 USER 221.875
gpgsm: DBG:   hash algo: 1.2.840.113549.1.1.10
gpgsm: DBG:   SHA1 Fingerprint: A1:72:B2:68:F2:9D:43:43:96:EB:C9:1A:3C:3F:59:AE:6A:BC:82:9B
gpgsm: DBG: END Certificate
gpgsm: DBG: [no clock] keydb_search_reset: enter (hd=0x00740b78)
gpgsm: DBG: [no clock] keydb_search_reset: leave (err=Sukces)
gpgsm: DBG: looking for parent certificate
gpgsm: DBG: [no clock] keydb_search_reset: enter (hd=0x00740b78)
gpgsm: DBG: [no clock] keydb_search_reset: leave (err=Sukces)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x00740b78)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: SUBJECT: '2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT'
gpgsm: DBG: chan_0x00000260 -> SEARCH --x509 /2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG: chan_0x00000260 <- S PUBKEY_INFO 2 DDFC261A2FE6D006F0471B401C608AC445E951E0 -- 2 0
gpgsm: DBG: chan_00000260 <- [ 44 20 30 82 03 1a 30 82 02 02 a0 03 02 01 02 02 ...(808 byte(s) skipped) ]
gpgsm: DBG: chan_0x00000260 <- OK
gpgsm: DBG: [no clock] keydb_search: leave (Sukces)
gpgsm: DBG: [no clock] keydb_get_cert: enter (hd=0x00740b78)
gpgsm: DBG: [no clock] keydb_get_cert: leave (rc=0)
gpgsm: DBG: [no clock] keydb_push_found_state: done (hd=0x00740b78)
gpgsm: DBG: [no clock] keydb_search: enter (hd=0x00740b78)
gpgsm: DBG: keydb_search: 1 search description(s):
gpgsm: DBG: keydb_search:   0: SUBJECT: '2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT'
gpgsm: DBG: chan_0x00000260 -> NEXT --x509
gpgsm: DBG: chan_0x00000260 <- ERR 134217755 Nie znaleziono <Keybox>
gpgsm: DBG: [no clock] keydb_search: leave (Nie znaleziono)
gpgsm: DBG: [no clock] keydb_pop_found_state: done (hd=0x00740b78)
gpgsm: DBG:   found via authid and keyid
gpgsm: DBG: [no clock] keydb_get_cert: enter (hd=0x00740b78)
gpgsm: DBG: [no clock] keydb_get_cert: leave (rc=0)
gpgsm: DBG: got issuer's certificate:
gpgsm: DBG: BEGIN Certificate 'issuer':
gpgsm: DBG:      serial: 3B44CE248C6D6018
gpgsm: DBG:   notBefore: 2025-01-01 00:40:14
gpgsm: DBG:    notAfter: 2125-01-01 00:40:14
gpgsm: DBG:      issuer: 2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG:     subject: 2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG:   hash algo: 1.2.840.113549.1.1.11
gpgsm: DBG:   SHA1 Fingerprint: DD:FC:26:1A:2F:E6:D0:06:F0:47:1B:40:1C:60:8A:C4:45:E9:51:E0
gpgsm: DBG: END Certificate
gpgsm: DBG: sigval: (sig-val
gpgsm: DBG:          (rsa
gpgsm: DBG:           (s #882CB71022B7D0191B3A81656D15E1996481521607D9EB51165707BAD137B6FA02F1542725DC1801E0AA91C88A272E9E7287E20CEDD03EFDE81049A11506BF607144B1AC2703EBC8C8E90A2AB67DBE0EC47F86D1F7C108EBF40136B63B8C06A1405D57C5AB04E2C57054B7EF76911EB9A1A2AD97077AC14A5ADBDE630BEA0735EA10571992F9416425C0D46ABCF20A5A1EC24B051CE68BAA82EC989CC718EFBBE691C09AA9F5E2CCE6946B1E7B5DB47E0596088B90C3975256F59096D7C78FD33D33D143FA492FD08857BE16511128172C970FB87C673CF996B3B78E7A620153248E2925BD4715660A530C6D0ADEB14B64E21DF185E75A1F3BA8EEC9C29C0947#)
gpgsm: DBG:           )
gpgsm: DBG:          (flags pss)
gpgsm: DBG:          (hash-algo "2.16.840.1.101.3.4.2.1")
gpgsm: DBG:          (salt-length "222"))
gpgsm: PSS hash algorithm 'SHA256' rejected due to salt length 222
gpgsm: certyfikat ma ZŁY podpis
gpgsm: DBG: BEGIN Certificate 'signing issuer':
gpgsm: DBG:      serial: 3B44CE248C6D6018
gpgsm: DBG:   notBefore: 2025-01-01 00:40:14
gpgsm: DBG:    notAfter: 2125-01-01 00:40:14
gpgsm: DBG:      issuer: 2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG:     subject: 2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG:   hash algo: 1.2.840.113549.1.1.11
gpgsm: DBG:   SHA1 Fingerprint: DD:FC:26:1A:2F:E6:D0:06:F0:47:1B:40:1C:60:8A:C4:45:E9:51:E0
gpgsm: DBG: END Certificate
gpgsm: DBG: BEGIN Certificate 'signed subject':
gpgsm: DBG:      serial: 539AF04249AD6C89
gpgsm: DBG:   notBefore: 2025-01-01 00:40:14
gpgsm: DBG:    notAfter: 2124-12-31 00:40:14
gpgsm: DBG:      issuer: 2.5.4.5=#6670687A742D3036353639,CN=2048 ROOT
gpgsm: DBG:     subject: 2.5.4.5=#323034382D71353033582D3338333939,CN=222_salt_sha256 USER 221.875
gpgsm: DBG:   hash algo: 1.2.840.113549.1.1.10
gpgsm: DBG:   SHA1 Fingerprint: A1:72:B2:68:F2:9D:43:43:96:EB:C9:1A:3C:3F:59:AE:6A:BC:82:9B
gpgsm: DBG: END Certificate
gpgsm: DBG: [no clock] keydb_release: enter (hd=0x00740b78)
gpgsm: DBG: [no clock] close_context (found)
gpgsm: DBG: [no clock] keydb_release: leave
gpgsm: użyty model poprawności: powłokowy
gpgsm: DBG: [no clock] keydb_release: enter (hd=0x00ffc460)
gpgsm: DBG: [no clock] close_context (found)
gpgsm: DBG: [no clock] keydb_release: leave
gpgsm: can't encrypt to 'a172b268f29d434396ebc91a3c3f59ae6abc829b': Błędny łańcuch certyfikatów
gpgsm: random usage: poolsize=600 mixed=0 polls=0/0 added=0/0
              outmix=0 getlvl1=0/0 getlvl2=0/0
gpgsm: rndjent stat: collector=0x00000000 calls=0 bytes=0
gpgsm: secmem usage: 0/16384 bytes in 0 blocks

$ certutil.exe ROOT.txt
...
Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA
    Algorithm Parameters:
    05 00

$ certutil.exe USER.txt
...
Signature Algorithm:
    Algorithm ObjectId: 1.2.840.113549.1.1.10 RSASSA-PSS
    Algorithm Parameters:
    0000  30 35 a0 0f 30 0d 06 09  60 86 48 01 65 03 04 02
    0010  01 05 00 a1 1c 30 1a 06  09 2a 86 48 86 f7 0d 01
    0020  01 08 30 0d 06 09 60 86  48 01 65 03 04 02 01 05
    0030  00 a2 04 02 02 00 de
            2.16.840.1.101.3.4.2.1 sha256 (sha256NoSign)
            05 00
            1.2.840.113549.1.1.8 mgf1
                2.16.840.1.101.3.4.2.1 sha256 (sha256NoSign)
                05 00
            0xde (222)

$ der2ascii -i USER.der
...
  SEQUENCE {
    # rsassa-pss
    OBJECT_IDENTIFIER { 1.2.840.113549.1.1.10 }
    SEQUENCE {
      [0] {
        SEQUENCE {
          # sha256
          OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
          NULL {}
        }
      }
      [1] {
        SEQUENCE {
          # mgf1
          OBJECT_IDENTIFIER { 1.2.840.113549.1.1.8 }
          SEQUENCE {
            # sha256
            OBJECT_IDENTIFIER { 2.16.840.1.101.3.4.2.1 }
            NULL {}
          }
        }
      }
      [2] {
        INTEGER { 222 }
      }
    }
  }

Related Objects

Mentioned Here: T4538: Support PSS signed CRLs

Event Timeline

zablockil created this task.Fri, Jan 17, 12:55 PM

• werner added projects: S/MIME, gnupg.Fri, Jan 17, 4:17 PM

See this comment which is related to T4538:

/* PSS has no hash function firewall like PKCS#1 and thus offers
 * a path for hash algorithm replacement.  To avoid this it makes
 * sense to restrict the allowed hash algorithms and also allow only
 * matching salt lengths.  According to Peter Gutmann:
 *  "Beware of bugs in the above signature scheme;
 *   I have only proved it secure, not implemented it"
 *   - Apologies to Donald Knuth.`

https://www.metzdowd.com/pipermail/cryptography/2019-November/035449.html

* Given the set of supported algorithms currently available in
* Libgcrypt and the extra hash checks we have in some compliance
* modes, it would be hard to trick gpgsm to verify a forged
* signature.  However, if eventually someone adds the xor256 hash
* algorithm (1.3.6.1.4.1.3029.3.2) to Libgcrypt we would be doomed.
*/

Thus I tend not to change this or at best to introduce a debug option.

libksba/gpgsm: support for RSA-PSS signatures made with a maximum saltLength valueOpen, Needs TriagePublicActions

Description

Related Objects

Event Timeline

libksba/gpgsm: support for RSA-PSS signatures made with a maximum saltLength value
Open, Needs TriagePublic
Actions