Updater signature validation - format incompatible w/RFC8017 #6250
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The signed updates code (#5213) does not correctly implement PKCS#1. This makes it harder to verify the updates in other applications, like a python script.
According to the RFC 8017 section 9.2 step 2:
Currently the signed data looks like this:
RFC 8017 step 5 says the encoded message is a concatenation of:
EM = 0x00 || 0x01 || PS || 0x00 || T
T
should be the DER of DigestInfo. In this case the DigestInfo should look like:That would encode to
EM
:The currently used version of BearSSL supports proper PKCS#1 signatures, with an OID.
The signing.py is executing:
openssl rsautl -sign -inkey <privatekey>
on a pre-computed hash.To create a signature with a valid PKCS#1 padded signature it should use
openssl dgst -sha256 -sign <privatekey>
on the raw binary.This PR includes, changes to:
A few more details are in the issue that I initially created #6201.