IETF Logo Mail Archive

Re: [jose] JOSE in Python

Richard Barnes <rlb@ipv.sx> Fri, 16 August 2013 17:08 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 206E911E8186 for <jose@ietfa.amsl.com>; Fri, 16 Aug 2013 10:08:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.664
X-Spam-Level:
X-Spam-Status: No, score=-2.664 tagged_above=-999 required=5 tests=[AWL=0.312, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HTSLPjoX0veY for <jose@ietfa.amsl.com>; Fri, 16 Aug 2013 10:08:23 -0700 (PDT)
Received: from mail-ob0-f181.google.com (mail-ob0-f181.google.com [209.85.214.181]) by ietfa.amsl.com (Postfix) with ESMTP id 1F4B711E8174 for <jose@ietf.org>; Fri, 16 Aug 2013 10:08:14 -0700 (PDT)
Received: by mail-ob0-f181.google.com with SMTP id dn14so2343556obc.12 for <jose@ietf.org>; Fri, 16 Aug 2013 10:08:13 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=L6acTkf2OACdQtC7IsldzKCD4NfgFTgADT4egYVozek=; b=LUgPlEzIEOCGaRlbLyRs53S08BKdsTCB30znSHY5XeKLQXr+Hmma7Dzfs4yTbA7KZ5 nyCWkFvha+MttSqIyux9EwLUnPIRsE0kYle8iNwoywyfWE5+9+EdqjNnCkOsaRh8flAP tIKg9HjSBdk0T37X2OBGwN9Mu0kaj7bqGNd9RxkqAhit/H4AnOq0hgOapeFMyogjsKnV kqBHBtJeQR7d+7uJodtJICEKqjwcQ1RnYeU6gbIEAB9VwezcZngfhIiI7g+YAz0ywNQg PjzirpxrIRefWSoQFFyfIfGZyjUYH5Ustkhaqglhmn1TpT7/ZQsli1gVnWNnb4leCwfB PEVA==
X-Gm-Message-State: ALoCoQmvrOhzN07JyIm+5+vWZZ1lu/eUryH9ivuWjdnc5orUYl2+mDfcgZzy/4DBn0qHi7brzUW7
MIME-Version: 1.0
X-Received: by 10.182.18.102 with SMTP id v6mr906921obd.71.1376672893598; Fri, 16 Aug 2013 10:08:13 -0700 (PDT)
Received: by 10.60.31.74 with HTTP; Fri, 16 Aug 2013 10:08:13 -0700 (PDT)
X-Originating-IP: [192.1.51.54]
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739436B782E64@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <CAL02cgTPyqUkr5Awj4iW=QNkC5hBtR=RnaTcm5hUtdEzjh1nOQ@mail.gmail.com> <4E1F6AAD24975D4BA5B16804296739436B782E64@TK5EX14MBXC283.redmond.corp.microsoft.com>
Date: Fri, 16 Aug 2013 13:08:13 -0400
Message-ID: <CAL02cgQc0YyHi9YAbw=p7Jh60fBL6awVb6ctv9HTkyxG1xSuiw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="001a11c339e6cb9a1f04e413a2ea"
Cc: "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] JOSE in Python
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Aug 2013 17:08:37 -0000

After some bug fixes in my code (to be committed soon), I agree with the
"usEpwFIC_qrmBExntFwxMA" group (so I disagree with the spec).

The input to SHA256 invocation inside of concat should be (in hex, line
breaks and comments for convenience):
00000001  # Counter
9e56d91d817135d372834283bf84269cfb316ea3da806a48f6daa7798cfe90c4 # Z
4131323847434d00000005416c69636500000003426f6200000080 # otherInfo

The otherInfo string is as presented in the spec
(0x4131323847434d00000005416c69636500000003426f6200000080).  And I assume
the folks matching the spec have the counter right.  So the error has to be
in how they're computing Z.  I tried to reproduce the error in a couple of
different ways, but none of them yielded the result in the spec.  I tried:
-- Starting the counter at 0 instead of 1 (yielded: lGZD7e8MGEHfW_miuv-PNg)
-- Instead of X, setting Z to X||Y (yielded: z0MmMHWswff5FElNp1-vQg)
-- Instead of X, setting Z to Y||X (yielded: P51_EtE5Fe7SJPpz2JgA0g)
-- Instead of X, setting Z to Y (yielded: PgBvVvYjmlP-XxNCO_w-ng)
-- Using "epk" for both private and public keys (yielded: header["epk"])
-- Using public key for both private and public keys (yielded:
_YWu37A851QNMpnI1KFCEg)

So, without some code to look at, I'm not sure how people are getting the
result in the spec.  Maybe it has to do with how the points are getting
decoded.




On Thu, Aug 15, 2013 at 8:38 PM, Mike Jones <Michael.Jones@microsoft.com>wrote:

>  How is the ES512 example broken and what needs to be done to fix it?  ***
> *
>
> ** **
>
> Did you also verify that you can reproduce the key agreement result at
> http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-14#appendix-D?
> I ask that because since it was published, three other implementations have
> produced the key value usEpwFIC_qrmBExntFwxMA rather than
> jSNmj9QK9ZGQJ2xg5_TJpA as published.****
>
> ** **
>
>                                                                 -- Mike***
> *
>
> ** **
>
> *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf
> Of *Richard Barnes
> *Sent:* Thursday, August 15, 2013 4:47 PM
> *To:* jose@ietf.org
> *Subject:* [jose] JOSE in Python****
>
> ** **
>
> Hey all,****
>
> ** **
>
> I've just pushed to GitHub a pretty complete JOSE library I've worked up
> in Python.  ****
>
> <https://github.com/bifurcation/pyjose>****
>
> ** **
>
> It supports pretty much all of the current specs, including:****
>
> ** **
>
> -- JSON and compact serializations****
>
> -- Custom levels of header protection (all/none/some)****
>
> -- Multi-signer JWS and multi-recipient JWE****
>
> -- All JWA algorithms besides "none" (which should not be used anyway)****
>
> ** **
>
> It successfully processes the examples in the current specs (except the
> "ES512" one, which is broken), and successfully interoperates with itself
> in all 288 different configurations ("alg" + "enc" + "protected").  I have
> not yet tested it against any other JOSE implementations.  ****
>
> ** **
>
> I also took this opportunity to start up a list of implementations on the
> JOSE wiki.  Right now it's pretty short because I don't know of that many
> off the top of my head.****
>
> <http://trac.tools.ietf.org/wg/jose/trac/wiki/WikiStart>****
>
> ** **
>
> Comments / bugs welcome!****
>
> ** **
>
> Thanks,****
>
> --Richard****
>

v2.23.0 | Report a Bug | By Email