TY - GEN
T1 - Formal Verification of PKCS#1 Signature Parser Using Frama-C
AU - Hána, Martin
AU - Kosmatov, Nikolai
AU - Prevosto, Virgile
AU - Signoles, Julien
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.
PY - 2026/1/1
Y1 - 2026/1/1
N2 - Message parsing represents a complex security-critical problem. It has been demonstrated by numerous real-world exploits on parsers, e.g. on PKCS#1 (Public-Key Cryptography Standard) v1.5 signature, X.509 certificate chain, or infamously on a TLS extension during the Heartbleed attack. In this case study, we perform formal verification of a PKCS#1 v1.5 signature parser using Frama-C, where the verification of the parser is realized for the first time directly over the actual implementation in C. This brings highest guarantees of security and functional properties, while leaving developers the flexibility to adapt the code to the project’s specific requirements. We present the proven properties, our verification approach and results. In particular, this work rules out applications of any variants of Bleichenbacher’s signature forgery and ensures that we are able to detect potential parser incompatibilities. This work opens the door to future extensions to other protocols, for example, for parsing DER ASN.1 encoding of X.509 certificates and CRLs (Certificate Revocation Lists).
AB - Message parsing represents a complex security-critical problem. It has been demonstrated by numerous real-world exploits on parsers, e.g. on PKCS#1 (Public-Key Cryptography Standard) v1.5 signature, X.509 certificate chain, or infamously on a TLS extension during the Heartbleed attack. In this case study, we perform formal verification of a PKCS#1 v1.5 signature parser using Frama-C, where the verification of the parser is realized for the first time directly over the actual implementation in C. This brings highest guarantees of security and functional properties, while leaving developers the flexibility to adapt the code to the project’s specific requirements. We present the proven properties, our verification approach and results. In particular, this work rules out applications of any variants of Bleichenbacher’s signature forgery and ensures that we are able to detect potential parser incompatibilities. This work opens the door to future extensions to other protocols, for example, for parsing DER ASN.1 encoding of X.509 certificates and CRLs (Certificate Revocation Lists).
UR - https://www.scopus.com/pages/publications/105022918430
U2 - 10.1007/978-3-032-10794-7_17
DO - 10.1007/978-3-032-10794-7_17
M3 - Conference contribution
AN - SCOPUS:105022918430
SN - 9783032107930
T3 - Lecture Notes in Computer Science
SP - 336
EP - 358
BT - Integrated Formal Methods - 20th International Conference, iFM 2025, Proceedings
A2 - Damiani, Ferruccio
A2 - Farrell, Marie
PB - Springer Science and Business Media Deutschland GmbH
T2 - 20th International Conference on integrated Formal Methods, iFM 2025
Y2 - 19 November 2025 through 21 November 2025
ER -