Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

invalid padding error when using signature_algorithm=SignatureMethod.SHA256_RSA_MGF1 #230

Open
rahxam opened this issue Jul 3, 2023 · 0 comments
Open

invalid padding error when using signature_algorithm=SignatureMethod.SHA256_RSA_MGF1 #230

rahxam opened this issue Jul 3, 2023 · 0 comments

Comments

@rahxam
Copy link

rahxam commented Jul 3, 2023

Hello,

When using signature_algorithm=SignatureMethod.SHA256_RSA_MGF1 the signature cannot be verified.

If I remove signature_algorithm=SignatureMethod.SHA256_RSA_MGF1 the signature can be validated fine.

import os
from lxml import etree
from signxml import XMLSigner, XMLVerifier, InvalidCertificate, SignatureMethod, DigestAlgorithm, CanonicalizationMethod

current_path = os.path.dirname(os.path.abspath(__file__))
ca_cert_file = os.path.join(current_path, "public_cert.pem")
cert = open(ca_cert_file).read()
key = open(os.path.join(current_path, "private_key.pem")).read()

data_to_sign = '<Test />'
root = etree.fromstring(data_to_sign)
signer = XMLSigner(signature_algorithm=SignatureMethod.SHA256_RSA_MGF1, digest_algorithm=DigestAlgorithm.SHA256, c14n_algorithm=CanonicalizationMethod.EXCLUSIVE_XML_CANONICALIZATION_1_0  )
signed_root = signer.sign(root, key=key, cert=cert)
try:
    verified_data = XMLVerifier().verify(signed_root, ca_pem_file=ca_cert_file)
except InvalidCertificate as e:
    print(e)
else:
    print('verified signature')

Error message:

Traceback (most recent call last):
  File "/home/k/.local/lib/python3.11/site-packages/signxml/verifier.py", line 398, in verify
    openssl_verify(signing_cert, raw_signature, signed_info_c14n, digest_alg_name)
  File "/usr/lib/python3/dist-packages/OpenSSL/crypto.py", line 3162, in verify
    _raise_current_error()
  File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 57, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.crypto.Error: [('rsa routines', '', 'invalid padding'), ('rsa routines', '', 'padding check failed'), ('Provider routines', '', 'RSA lib')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/mnt/hgfs/k-share/python/python.py", line 15, in <module>
    verified_data = XMLVerifier().verify(signed_root, ca_pem_file=ca_cert_file)
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/k/.local/lib/python3.11/site-packages/signxml/verifier.py", line 404, in verify
    raise InvalidSignature(f"Signature verification failed: {reason}")
signxml.exceptions.InvalidSignature: Signature verification failed: invalid padding
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rahxam