[Opendnssec-develop] signature verification

Roy Arends roy at nominet.org.uk
Fri Nov 27 19:48:26 UTC 2009

Roland van Rijswijk wrote on 11/27/2009 03:42:03 PM:

> Hi Matthijs,
> IMHO this is a blocking issue, right? It is not acceptable if the
> signatures output by the signer are invalid because of a bug in either
> softHSM or Botan. I assume that Rickard is checking out what causes
> this?

At the moment it is unknown if the bug is in softhsm/botan or the signer. 
The work-around is to verify signatures immediately in two places: 
softhsm/botan and the signer and when a signature fails, log it, 
regenerate it immediately, check it, etc. 

> If this cannot be fixed at short notice we should consider a 'plan
> B' so the release of OpenDNSSEC does not have to be postponed because of
> a bug in either softHSM or Botan.

We don't know where the bug is, as it might just as well be in opendnssec 
part, and I don't want to assume anything right now. The 'plan b' is the 
work-around above. That work-around guarantees that there will not be any 
false signatures due to this specific bug.
> BTW, is it a reproducable bug -- i.e. will it consistently output a
> wrong signature given the same input data or is the problem
> intermittent? (the latter would be far worse than the former)

The latter. It only occurred once. On 2009-11-23 12:52:08. We haven't been 
able to reproduce it. 

We're going to soak-test it, starting monday. Continuous signing loop on 
softhsm without the ods signer. Continuous signing loop on an sca6000 
using OpenDNSSEC.

There are a few coincidences. 

1) The first 52 characters (40 bytes) of the bad signature are correct. 
The presentation format causes a wrap after 26 characters. So the first 
two lines of the presentation format are correct. This might be a complete 
coincidence, but worth checking out. (this is the signer part).
2) Additionally, 40 bytes is a multiple of 20 bytes, which is exactly the 
size of the output of SHA1. This is even more far fetched, but I'm just 
thinking out loud. (this is botan/softhsm).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20091127/8e2fbfc4/attachment.htm>

More information about the Opendnssec-develop mailing list