On 9/13/06, Richard Liang <[EMAIL PROTECTED]> wrote:
After two-day struggling with JarFile, ObjectInputStream and
MessageDigest, in the end, I have identified the root cause. And now I
have two panda-eyes[1] ;-)
Interesting!
It seems a bug of
org.apache.harmony.security.provider.crypto.SHA1Impl. As I have no
idea about SHA1. Could any one have a look at this problem?
The following test case passes on RI, but fails on Harmony.
public void testUpdate() throws NoSuchAlgorithmException {
byte[] bytes = { 0x6e, 0x61, 0x6d, 0x65};
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
byte[] digest1 = sha1.digest();
byte b = 0x04;
sha1.update(b);
for (int i = 0; i < bytes.length; i++) {
sha1.update(bytes[i]);
}
byte[] digest2 = sha1.digest();
sha1.reset();
byte[] digest3 = sha1.digest();
assertTrue(MessageDigest.isEqual(digest1, digest3));
sha1.update(b);
sha1.update(bytes, 0, bytes.length);
byte[] digest4 = sha1.digest();
assertTrue(MessageDigest.isEqual(digest2, digest4));
}
Interesting bug too!
I'm not clear about sha1 alogrithm, but guess whether following code causes
the bug:
for ( ; ( i <= toByte ) && ( byteIndex < 4 ) ; i++ ) { // andrew comment :
The break condition is either 1. byteIndex == 4 or 2. i > toByte
intArray[wordIndex] |= ( byteInput[i] & 0xFF ) << ((3 -
byteIndex)<<3) ;
byteIndex++;
}
if ( byteIndex == 4 ) { // andrew comment: break condition 1
wordIndex++;
if ( wordIndex == 16 ) { // intArray is full,
computing hash
computeHash(intArray);
wordIndex = 0;
}
}
if ( i >= toByte ) { // all input bytes
appended
// andrew comment: is it break condition 2? or it should be (i > toByte) ?
p.s: all tests could pass if using i > toByte.
return ;
}
Of course, I could be totally wrong. Let security guys fix the problem. I
don't want to have panda eyes too as Richard. :-)
[1]http://www.panda.org.cn/zhuye/bbe.jpg
Best regards,
Richard
On 9/11/06, Richard Liang <[EMAIL PROTECTED]> wrote:
> On 9/9/06, Geir Magnusson Jr. <[EMAIL PROTECTED]> wrote:
> > I was trying the latest snapshot with the JBoss installer (4.0.1) and
> > found a problem processing the SHA signatures int the jar manifest.
> >
> > I've entered a JIRA - HARMONY-1412
> >
>
> I will have a look at it. ;-)
>
> > geir
> >
> > ---------------------------------------------------------------------
> > Terms of use : http://incubator.apache.org/harmony/mailing.html
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
> --
> Richard Liang
> China Software Development Lab, IBM
>
--
Richard Liang
China Development Lab, IBM
---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Andrew Zhang
China Software Development Lab, IBM
