headers
Ryan B | 27 May 2012 22:34
Picon

starting on salmon bridges for facebook and twitter

hi all! i've been slowly building facebook and twitter bridges for the
ostatus component protocols, and i'm starting on the one for salmon
now. i wanted to give you all a heads up and solicit any thoughts or
feedback you might have.

background:
http://snarfed.org/2012-03-12_activitystreams_for_facebook_and_twitter
http://snarfed.org/2012-02-22_portablecontacts_for_facebook_and_twitter
http://snarfed.org/2012-01-16_webfinger_for_facebook_and_twitter

i also wanted to check on the status of python libraries. i've looked
at the reference code in http://code.google.com/p/salmon-protocol/ and
a django library,
https://github.com/paulosman/django-salmon/tree/master/django_salmon ,
from paul osman, who i've cc'ed and talked with offline . they're both
good starting points, but reference lib is a bit incomplete, the magic
sig part has two branches :/, and paul's lib is tightly integrated
with django.

do i have that all right? any recommendations on specific code to
reuse or avoid?

btw, the code for this project is in
https://github.com/snarfed/salmon-unofficial , alongside the other
bridges.

thanks in advance!

--

-- 
http://snarfed.org/
(Continue reading)

Permalink | Reply | 0 comments |
headers
salmon | 29 May 2012 05:06

Issue 36 in salmon-protocol: PATCH: minor bug fix to magic signatures spec

Status: New
Owner: johnrobertpanzer

New issue 36 by heaven: PATCH: minor bug fix to magic signatures spec
http://code.google.com/p/salmon-protocol/issues/detail?id=36

...specifically, s/"data" parameter/"value" parameter/.

Attachments:
	magicsigs_spec_fix.patch  2.5 KB
Permalink | Reply | 0 comments |
headers
Nils D. | 26 Nov 2011 18:46
Picon

Re: Magic Signatures implementation in Perl

Thank you for your answers!

Yes, there is an OpenSSL wrapper on CPAN as well as Crypt::RSA, which
is based on PARI.
I tried these as well (although I always wanted as few dependencies as
possible),
but I didn't get it to work with some of the examples I found on the
web.

Today I tried to follow all steps using the implementation of the
MiniMe Microblogging tool [1] and most of all examples now work in my
implementation - in case I sign and verify against the magic envelope
data section instead of the signature base string.
The same seems to be true for one example from the salmon magicsig
reference implementation [2].
So, when I am using the payload instead of the signature base string
for M in [3] and [4] I can verify most of the examples I found.

Any idea what I am doing wrong or am I just misunderstanding the spec?

Thank you very much,
Nils

P.S. The github repository is not up to date regarding the signature -
as I think my implementation is still wrong.

[1] https://code.google.com/p/minime-microblogger/
[2] https://code.google.com/p/salmon-protocol/source/browse/trunk/lib/python/magicsig_hjfreyer/magicsig_test.py
[3] https://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html#rfc.section.7.1
[4] https://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html#rfc.section.7.1
(Continue reading)

Permalink | Reply | 3 comments |
headers
Nils D. | 25 Oct 2011 16:05
Picon

Magic Signatures implementation in Perl

Hi everyone,

I am afraid, I need some help with my MagicSignatures implementation
in Perl.
I started following the textbooks pretty straight and then adjusted it
to come closer to real world examples I found in some test suites of
other implementations.

However, verification does not work - either because the final
encoding messages do not match or
the length of the signature is not equivalent to the length of the RSA
modulus.

It would be great to have an example with traces of all function input-
outputs for the signing
and verification flows following https://www.ietf.org/rfc/rfc3447.txt
so an implementor could see
where he or she is wrong (with base64enc for binary data of course)!
Is there something available like that?

Or is there a canonical test suite an implementation has to pass?
I read that there are lots of broken (against the spec)
implementations out there which makes
testing especially hard as you don't know, if the signature should
really be verified.

Oh - and ... well - it would be GREAT if someone could look in to the
code and help me ...
(the documentation should be okay, I believe).
(Continue reading)

Permalink | Reply | 2 comments |
headers
salmon | 2 Sep 2011 02:38

Issue 35 in salmon-protocol: signing unicode fails in Envelope

Status: New
Owner: johnrobertpanzer

New issue 35 by mimecuv...@...: signing unicode fails in Envelope
http://code.google.com/p/salmon-protocol/issues/detail?id=35

The problem is in magicsig/__init__.py

It seems that all places where it does et.XML(data) should be  
et.XML(data.encode('utf8'))
Permalink | Reply | 0 comments |
headers
salmon | 26 Aug 2011 22:36

Issue 34 in salmon-protocol: test_salmon fails

Status: New
Owner: johnrobertpanzer

New issue 34 by mimecuv...@...: test_salmon fails
http://code.google.com/p/salmon-protocol/issues/detail?id=34

Traceback (most recent call last):
   File "test_salmon.py", line 36, in <module>
     class TestSalmonProtocol(unittest.TestCase):
   File "test_salmon.py", line 39, in TestSalmonProtocol
     class MockKeyRetriever(magicsig.PublicKeyRetriever):
AttributeError: 'module' object has no attribute 'PublicKeyRetriever'

Should be changed to KeyRetriever.

Then, this error:
Traceback (most recent call last):
   File "test_salmon.py", line 80, in testSignSalmon
     'acct:test@...')

File "/Users/mime/Sites/helloworld/packages/salmon/../salmon/__init__.py",  
line 61, in SignSalmon
     if not self.magicenv.CheckAuthorship(text,
AttributeError: 'MagicEnvelopeProtocol' object has no  
attribute 'CheckAuthorship'

Should be changed to IsAllowedSigner

and then some more errors - not sure if the file just needs to be rewritten  
completely...
(Continue reading)

Permalink | Reply | 0 comments |
headers
Mike Macgirvin | 26 Aug 2011 03:55
Gravatar

namespace for key_id

In the latest experimental draft,

<Property type="ns:magic_key" mpk:key_id="1">

RSA.mVgY8RN6URBTstndvmUUPb4UZTdwvwmddSKE5z_jvKUEK6yk1u3rrC9yN8k6FilGj9K0eeUPe2hf4Pj-5CmHww.AQAB
</Property>
<Property type="ns:magic_key" mpk:key_id="2">

RSA.wvwmdK0eeUPe2hURBTstndvmUUPb4UZTd6wvwmddSrrC89yN8k6FilGwvwmddSKE5z_jvKUEKj9f4Pj-5CmHww.AQAB
</Property>

So that I may parse this correctly, what is the XML namespace attached
to 'mpk'?
Permalink | Reply | 1 comment |
headers
Astro | 25 Jul 2011 17:33

Salmon magic signature implementations broken

Hi

(Apologies for cross-posting, but the issue is pertaining to
implementers, which are more likely interested in the full OStatus
suite.)

Today I was pointed to a microblog entry[1] claiming that almost all
implementations of the RSASSA-PKCS1-v1_5 padding are broken. This is a
confirmation of my own experience, having unsuccessfully tried to
implement it both with OpenSSL[2] and manually[3].

I propose a few things we could do about this:

* Decide whether to stick with real PKCS padding, or to keep the
  different but already-implemented padding

* Fix the examples in the Salmon protocol specification (known issue[4]
  if you discover it after wondering why your own tests fail)

* Appoint a reference (or known-to-work) implementation for developers
  to test against. I was happy to have had a VM image w/ StatusNet from
  FSW2011, but the OStatus plugin I tested against came with its own PHP
  RSA implementation that hasn't been reviewed as much as OpenSSL has.
  Hence, the potential location of errors isn't as narrow.

[1] http://macgirvin.com/display/mike/22042
[2] https://github.com/astro/node-ostatus/blob/dev-salmon/src/provenance.cc
[3] https://github.com/astro/node-ostatus/blob/dev-salmon-manual-emsa/src/provenance.cc
[4] http://code.google.com/p/salmon-protocol/issues/detail?id=8
(Continue reading)

Permalink | Reply | 22 comments |
headers
salmon | 4 Aug 2011 02:47

Issue 33 in salmon-protocol: RSA PKCS algorithm summary is misleading

Status: New
Owner: johnrobertpanzer

New issue 33 by johnrobertpanzer: RSA PKCS algorithm summary is misleading
http://code.google.com/p/salmon-protocol/issues/detail?id=33

In the magic signature spec, the final step of the signing algorithm  
description is misleading at best:

  6. RSA sign the emsa byte sequence

This should read something like "encrypt the emsa byte sequence with the  
RSA private key; the resulting byte sequence is the magic signature in  
binary form".

(Some libraries call this "sign()" and others call something else "sign()"  
so it's much much better to be explicit here.)
Permalink | Reply | 0 comments |
headers
salmon | 8 Jun 2011 22:41

Issue 32 in salmon-protocol: public key modulus bytes count

Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 32 by m...@...: public key modulus bytes count
http://code.google.com/p/salmon-protocol/issues/detail?id=32

shouldn't
http://code.google.com/p/salmon-protocol/source/browse/trunk/lib/python/magicsig_hjfreyer/magicsigalg.py#225
be
pad_string = chr(0xFF) * (msg_size_bits - len(encoded) - 3)
instead of
pad_string = chr(0xFF) * (msg_size_bits / 8 - len(encoded) - 3)
?

You did the /8 one line above:
msg_size_bits = modulus_size + 8-(modulus_size % 8)  # Round up to next byte

I had problems running this reference implementation agains Status.Net and  
this one fixed this issue.
Permalink | Reply | 0 comments |
headers
elf Pavlik | 3 May 2011 18:02
Gravatar

Invitation: Federated Social Web - Conference Europe & W3C Group

Hello,

I would like to invite you to join us for the upcoming Federated Social Web Europe Conference - June 3-5th in Berlin
http://d-cent.org/fsw2011/

And also consider joining W3C Federated Social Web incubator group (soon changing into community group)
http://www.w3.org/2005/Incubator/federatedsocialweb/

We send invites to various projects working on protocols for federated social networking and developers
of open source platforms implementing them. You can see growing list of invites here:
http://www.w3.org/2005/Incubator/federatedsocialweb/wiki/FSWE2011_-_Sent_Invitations

If you would like to join us for the conference but need help with organizing your travel and stay in Berlin,
please add yourself to the list on this page:
http://www.w3.org/2005/Incubator/federatedsocialweb/wiki/FSWE2011_-_Travel_Support_Requests

Please also feel invited to take a closer look on the wiki of our group, still in it's early stage but already
providing some information about group participants, related protocols and software - including list
of open source platforms where developers already work on implementing federation or consider
implementing it:
http://www.w3.org/2005/Incubator/federatedsocialweb/wiki/Main_Page

Last but not least, our public mailing list with its archives stays available here:
http://lists.w3.org/Archives/Public/public-xg-federatedsocialweb/

Looking forward to work together with you on improving interoperability of social networking platforms
and increasing freedom of all of us using them!

elf Pavlik
Participant of W3C Federated Social Web Incubator Group
(Continue reading)

Permalink | Reply | 0 comments |

Gmane