Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ed25519 PKCS#8 v2 private keys with correctly-formed (implicitly tagged) public keys are rejected #834

Closed
briansmith opened this issue Jun 11, 2019 · 3 comments
Closed

Ed25519 PKCS#8 v2 private keys with correctly-formed (implicitly tagged) public keys are rejected #834

briansmith opened this issue Jun 11, 2019 · 3 comments

Comments

@briansmith
Copy link
Owner

See the second example in https://tools.ietf.org/html/rfc8410#section-10.3:

-----BEGIN PRIVATE KEY-----
   MHICAQEwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC
   oB8wHQYKKoZIhvcNAQkJFDEPDA1DdXJkbGUgQ2hhaXJzgSEAGb9ECWmEzf6FQbrB
   Z9w7lshQhqowtrbLDFw4rXAxZuE=
-----END PRIVATE KEY-----

Reported by @est31 in openssl/openssl#9134 (comment).
@ShadowJonathan ShadowJonathan mentioned this issue Feb 19, 2022
Closed
@briansmith
Copy link
Owner Author

Working on the solution for #1424, I read the code and it seems like we do indeed skip over attributes. See

ring/src/pkcs8.rs

Lines 138 to 142 in 24c9d3b

// Ignore any attributes that are present.
if input.peek(der::Tag::ContextSpecificConstructed0 as u8) {
let _ = der::expect_tag_and_get_value(input, der::Tag::ContextSpecificConstructed0)
.map_err(|error::Unspecified| error::KeyRejected::invalid_encoding())?;
}

If we encounter [0] then we skip it and carry on.

The reason the RFC example isn't accepted is due to our misunderstanding about the encoding of the public key [1]; it is IMPLICITLY tagged, not EXPLICITLY tagged. See #1464; Thanks to @ShadowJonathan for figuring this out.

@briansmith briansmith changed the title Ed25519 PKCS#8 private keys with extra attributes are rejected Ed25519 PKCS#8 v2 private keys with correctly-formed (implicitly tagged) public keys are rejected Feb 20, 2022
@briansmith
Copy link
Owner Author

PR #1466 is the first step towards fixing this by improving the testing scaffolding.

@briansmith briansmith mentioned this issue Apr 6, 2022
Merged
@briansmith
Copy link
Owner Author

Fixed in #1680

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@briansmith