Re: [ease-dev] [EASE] Sign and Verify Script

[Varun Raval <vraval48@xxxxxxxxx>]

Hi,

I have prepared more scripts with valid/invalid signature and this time in python and _javascript_. Scripts are available here.

Format of signature is like this:

• At the end of script, a new line is added
• For _javascript_, Signature will start with /********BEGIN SIGNATURE********
  
• For python: """*****BEGIN SIGNSTURE********
  
• Then a signature in Base64 format is added
• A new line is added
• Certificate is encoded in Base64 and added
• A new line is added
• For _javascript_, Signature ends with ********END SIGNATURE********/
•  For python: ********BEGIN SIGNSTURE*****"""

At time of verification, if there is any change in above format, IOException is thrown and signature format will be considered invalid and signature verification will fail.

(a.) Original script is before new line added in first step above. So, for verification, this new line has to be excluded. So, malicious user might change this new line and add scripts instead. This needs to be prevented.

Following are the causes due to which signature verification will fail i.e. signature is invalid

1. Script modified after adding signature
2. Script added in new line. see (a.)
3. Starting line is in improper format
4. A line is missing after signature
5. Script is added after end of signature block
6. signature or certificate blocks are modified
   

(1) will cause verification error. i.e. signature is false

(2), (3), (4), (5) will throw IOException.

(6) may cause IOException or verification error depending upon how it is modified

I am looking for more ways by which signature verification may fail. It would be great if someone can point out those I am missing.

These scripts are signed by code that is written by me, available here. Core methods available here. I would like to generate more test data from some other signing utility but I am not able to find any. So if anyone knows about any other utility, I will be happy to use.

getSign(), getCert(), getContent() methods in Extract_Sign_Cert_Content.java file are used to extract signature, certificate and main content over which signature is applied from script file.

Sample signature with python script is attached here.

Thanks,

On Mon, May 30, 2016 at 12:56 AM Jonah Graham <jonah@xxxxxxxxxxxxxxxx> wrote:

Hi Varun,

Looks neat. I like the signature embedded in the script.

As the resident Python advocate I just wanted to point out that the comment format will need to be language dependent. Fortunately there are already some utilities in EASE to deal with comments, so have a look at org.eclipse.ease.ICodeParser and org.eclipse.ease.ICodeFactory, perhaps extending them as needed if the functionality you need isn't there.

Jonah

~~~
Jonah Graham
Kichwa Coders Ltd.
www.kichwacoders.com

On 29 May 2016 at 19:28, Varun Raval <vraval48@xxxxxxxxx> wrote:

Hi,

My task of 23 May - 3 June is to create scripts with valid/invalid signatures for testing purposes and method to extract signature from script.

I have prepared a sample script with signature which is attached here. The signature is created using a code that I have written using java security library and is here on Github. GetSigExistKeys.java contains methods for signing script. GenSigExistKeys.java shows how to use these methods.

As I mentioned in a previous post, we can attach certificate with signature and script. Since certificate and signature are in binary format, they are converted to Base64 format and then attached to script.

At the end of script, format is like this:

•  signature starts with /********BEGIN SIGNATURE********
  
• first line is the signature
• next set of lines is certificate in binary format
• signing part ends with ********END SIGNATURE********/
  

Simple method to extract certificate from script is here on Github.

If this format of signature is proper, I will create more scripts with valid/invalid signature.

Thanks,

On Sat, May 21, 2016 at 11:48 PM Varun Raval <vraval48@xxxxxxxxx> wrote:

Hi,

We have used Decorators in Project Explorer to tell user the status of that script: whether its signature is valid or invalid. I have attached a screenshot of same below. Here, for example, .java file is having broken(invalid) certificate decorator and .js file is having valid decorator. Plugin is available on Github.

We can control on what file to place which decorator by decorate() method of class implementing ILightWeightLabelDecorator. For the first time when file is executed, signature will be verified and result will be stored using setPersistentProperty() method of IFile. Then each time, we can see whether signature is valid or invalid by simply calling getPersistentProperty().

I was also able to solve the error of saving Preference Pages with help of Jonah Graham. Updated plugin is on Github and screenshot is attached here.

I have posted major bugs on BugZilla with a parent bug [1] and other child bugs are blocking this parent bug. Still several bugs are remaining to be posted. I will be posting them soon.

I was also experimenting on how to add Properties Page in Properties menu of Context Menu. I have simply added two labels whose screenshot is attached here. Again, plugin is on Github.

I studied documentations on how to use CertPath classes [2], [3] for getting certificate chain from Certificate file. From this certificate chain, one can tell whether it is valid, signed by root i.e. public key matches that of root, using CertPath class. CertificateFactory class is used to instantiate a certificate from certificate file or from any input stream [4].

[1]: https://bugs.eclipse.org/bugs/show_bug.cgi?id=494099

[2]: https://docs.oracle.com/javase/7/docs/api/java/security/cert/CertPath.html
[3]: https://docs.oracle.com/javase/7/docs/technotes/guides/security/certpath/CertPathProgGuide.html#CertPath
[4]: https://docs.oracle.com/javase/7/docs/api/java/security/cert/CertificateFactory.html

On Sun, May 15, 2016 at 12:40 PM, Jonah Graham <jonah@xxxxxxxxxxxxxxxx> wrote:

I have answered your question on SO, but repeated here for your convenience:

Your problem is you haven't checked: Activate this plug-in when one of its classes is loaded in the MANIFEST.MF configuration. Checking that adds:

Bundle-ActivationPolicy: lazy

to your MANIFEST.MF and everything then works.

When you have Bundle-ActivationPolicy: lazy it means you don't have to explicitly start your bundle, which is a good thing. In Eclipse you want to do as much lazily as possible and starting a bundle is a great example of that.

Read more about tracking lifecyles or starting them.

~~~
Jonah Graham
Kichwa Coders Ltd.
www.kichwacoders.com

On 15 May 2016 at 06:05, Varun Raval <vraval48@xxxxxxxxx> wrote:

Hi,

I have made sample Preference Page which can be seen in Attachment below. Problem with it is that once I enter values and close preferences and reopen preferences, values are lost.

I have followed tutorial on Vogella-Preferences. I have asked this question on Stack-Overflow.

Error is that Activator.start() is not called. I read on stack overflow that Activator.start() is not called until something else in the plugin is used on this link. Am I missing something here?

Plugin project is on github.

Thanks,

--

Varun Raval

_______________________________________________
ease-dev mailing list
ease-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/ease-dev

_______________________________________________
ease-dev mailing list
ease-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/ease-dev

--

Varun Raval

_______________________________________________
ease-dev mailing list
ease-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/ease-dev

_______________________________________________
ease-dev mailing list
ease-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/ease-dev

--

Varun Raval

 # ****************************************************************************
 # Copyright (c) 2015 UT-Battelle, LLC.
 # All rights reserved. This program and the accompanying materials
 # are made available under the terms of the Eclipse Public License v1.0
 # which accompanies this distribution, and is available at
 # http://www.eclipse.org/legal/epl-v10.html
 #
 # Contributors:
 #   Initial API and implementation and/or initial documentation - Kasper
 # Gammeltoft, Jay Jay Billings
 #
 # This is an example script designed to show how to use ease with ICE. It 
 # creates a new Reflectivity Model and processes it, but also edits the input
 # to the table beforehand. 
 # ****************************************************************************

# Load the Platform module for accessing OSGi services
loadModule('/System/Platform')

# Get the core service from ICE for creating and accessing objects. 
coreService = getService(org.eclipse.ice.core.iCore.ICore);

# Create the reflectivity model to be used and get its reference. The create item 
# method will return a string representing the number of that item, so use int() to 
# convert it to an integer. 
reflectModel = coreService.getItem(int(coreService.createItem("Reflectivity Model")))

# Gets the list component used as the data for the table (is on tab 2)
listComp = reflectModel.getComponent(2)

# Gets the third material and sets its thickness to 400
mat1 = listComp.get(2)
mat1.setProperty("Thickness (A)", 400)

# Get the total thickness and set the second material's thickness to depend
# on the thicknesses of the other materials
totThickness = 0
for i in xrange(0, listComp.size() - 1):
    if(i != 1):
        totThickness += listComp.get(i).getProperty("Thickness (A)")
    
# Set the thickness of the second material so that the total sums to 1000 (A)
listComp.get(1).setProperty("Thickness (A)", 1000-totThickness);
        

# Finally process the model to get the results. 
coreService.processItem(reflectModel.getId(), "Calculate Reflectivity", 1);


"""*****BEGIN SIGNSTURE********
MCwCFDP1HQOlr4RAVyvnApNb1weM2A6wAhRGI0FV1insKLVPG8iIHPwOh0gNEQ==

MIIDNzCCAvWgAwIBAgIELNrJgDALBgcqhkjOOAQDBQAwbTEL
MAkGA1UEBhMCSU4xEDAOBgNVBAgTB0d1amFyYXQxEjAQBgNV
BAcTCUFobWVkYWJhZDEQMA4GA1UEChMHVW5rbm93bjEQMA4G
A1UECxMHVW5rbm93bjEUMBIGA1UEAxMLVmFydW4gUmF2YWww
HhcNMTYwMzA1MTE1NjUwWhcNMTYwNjAzMTE1NjUwWjBtMQsw
CQYDVQQGEwJJTjEQMA4GA1UECBMHR3VqYXJhdDESMBAGA1UE
BxMJQWhtZWRhYmFkMRAwDgYDVQQKEwdVbmtub3duMRAwDgYD
VQQLEwdVbmtub3duMRQwEgYDVQQDEwtWYXJ1biBSYXZhbDCC
AbgwggEsBgcqhkjOOAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu
7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6v8X1ujD2
y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb
+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/Ii
Axmd0UgBxwIVAJdgUI8VIwvMspK5gqLrhAvwWBz1AoGBAPfh
oIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4JnUVlXjrrU
WU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj
rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4Vrl
nwaSi2ZegHtVJWQBTDv+z0kqA4GFAAKBgQDqLrJZitkj0fqO
RQ/kdKtwHK4Fq6kXfGedp5umydmCVqrIkuCKuw6X2P5gX4Vv
0kqTEG2iWL7Hv3iUCmtaCeKYLSlIyaloJMYPwgcKxWYYMtXn
njfoOAxHywwXxPAygkR/r9TH1VrUSKjvuGvOxdjSNnezjsVL
VEyIXiO76ZfawKMhMB8wHQYDVR0OBBYEFJw/5/p+5vXMZPXx
ZLBh9YLK/zr4MAsGByqGSM44BAMFAAMvADAsAhRA44+6n9Ya
UTnckDGsbZIv450sVAIUA1otxObPsQaTs1EcOEEqODrNHCY=

********END SIGNSTURE*****"""