New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix parsing of PKCS#8 encoded Elliptic Curve keys. #1379
Conversation
--none-- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No major comments.
However, as in #1135 PR, I would like to ask you to add the key generation commands in tests/data_files/Makefile
for proper documentations
@@ -406,10 +406,6 @@ Parse EC Key #1 (SEC1 DER) | |||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED | |||
pk_parse_keyfile_ec:"data_files/ec_prv.sec1.der":"NULL":0 | |||
|
|||
Parse EC Key #1a (SEC1 DER, no optional part) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why was this removed? Wouldn't it be better to fix the renaming error?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The file is in the same format as test 5a (except PEM vs. DER). I only found out about this after I had already created my test case files. Having both is superfluous, choose one to keep.
# ec_prv.noopt.der
0:d=0 hl=2 l= 65 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :00
5:d=1 hl=2 l= 19 cons: SEQUENCE
7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
16:d=2 hl=2 l= 8 prim: OBJECT :prime256v1
26:d=1 hl=2 l= 39 prim: OCTET STRING [HEX DUMP]:30250201010420EBCB4887A86D06F43418A298FCAE9CFD81EA7FF7FB27D45FDCBD902AB10D4F37
# ec_prv.pk8nopub.pem
0:d=0 hl=2 l= 65 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :00
5:d=1 hl=2 l= 19 cons: SEQUENCE
7:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey
16:d=2 hl=2 l= 8 prim: OBJECT :prime256v1
26:d=1 hl=2 l= 39 prim: OCTET STRING [HEX DUMP]:30250201010420C7EFC5D45FE7319933D0D6156461BBB756F05CF5CF3613218A686BE4028D4F93
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for clarification. I would like to have both DER and PEM formats tested though
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PEM to DER conversion is already being tested, but I added the DER versions anyway (one is renamed from the original mislabeled test), as requested.
I created the keys by hand. If you know of a tool that can manipulate ASN.1 based on command line input I'll happily figure out the commands needed to generate these files. |
@jethrogb I don't understand your comment:
Maybe I am missing something. |
I took an existing key and manipulated the DER in a hex editor. |
Hi @jethrogb, Thanks for your contribution and for working with us to improve your PR in response to Ron's comments. I just had a look at it and I think it's a good improvement to our current codebase and tests. However, I have a few more requests for you:
and put your entry under that version.
Once those steps are done, can you please ping @RonEld and I to give your PR another round of reviews? Based on my preliminary review today, I expect mine should be an approval at this stage.
Once the main PR and backport have been reviewed and approved by two members of the team, your PR will be ready to merge. Thanks again for your interest in Mbed TLS, and I'm looking forward to working with you on finalizing this PR! |
Thanks for the rework! For the backports, the way we do this is create a new branch based on the target branch (here mbedtls-2.1), then usually cherry-pick commit(s) from the main branch (or any other method that suits you), then open a new PR with this branch, selecting the appropriate target branch (github should show just the commits you added). As github doesn't offer any special support for marking a PR as a backport of another, what we usually do is give the backport PR the same title as the original, with a "Backport 2.1: " prefix, and include links in the descriptions from one branch to the other. See for example #1486 #1487 #1488 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code (including tests and documentation in the Makefile) looks great to me, but there are minor things to fix in the ChangeLog entry.
I notice you didn't credit yourself in the ChangeLog. If that's a conscious decision, of course no problem. Otherwise, don't be shy about adding "Found and fixed by #1379" :)
ChangeLog
Outdated
Bugfix | ||
* Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously mbedTLS was | ||
unable to parse keys with only the optional parameters field of the | ||
ECPrivateKey strucutre. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Typo: structure.
ChangeLog
Outdated
= mbed TLS x.x.x branch released xxx-xx-xx | ||
|
||
Bugfix | ||
* Fix parsing of PKCS#8 encoded Elliptic Curve keys. Previously mbedTLS was |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use the the official spelling "Mbed TLS", thanks!
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are: PrivateKeyInfo ::= SEQUENCE { version Version, privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, privateKey PrivateKey, attributes [0] IMPLICIT Attributes OPTIONAL } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } ECParameters ::= CHOICE { namedCurve OBJECT IDENTIFIER -- implicitCurve NULL -- specifiedCurve SpecifiedECDomain } ECPrivateKey ::= SEQUENCE { version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), privateKey OCTET STRING, parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, publicKey [1] BIT STRING OPTIONAL } Because of the two optional fields, there are 4 possible variants that need to be parsed: no optional fields, only parameters, only public key, and both optional fields. Previously mbedTLS was unable to parse keys with "only parameters". Also, only "only public key" was tested. There was a test for "no optional fields", but it was labelled incorrectly as SEC.1 and not run because of a great renaming mixup.
Updated ChangeLog as requested and filed backport PR #1494 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for making those changes. I'm happy with the result!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
This needs a backport for 2.7. This PR as is doesn't apply cleanly to mbedtls-2.7. |
Indeed, I guess it has been rebased on top of current development since the time I marked it as suitable for 2.7. @jethrogb would you like to create a 2.7 backport like you did for the 2.1 backport? Otherwise let us know and one of us will take care of it. Thanks! |
2.7 backport created: #1529 |
@@ -1008,10 +1004,34 @@ Parse EC Key #4 (PKCS8 DER) | |||
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED | |||
pk_parse_keyfile_ec:"data_files/ec_prv.pk8.der":"NULL":0 | |||
|
|||
Parse EC Key #4a (PKCS8 DER, no public key) | |||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MBEDTLS_ECP_C
is already a dependency of test function pk_parse_keyfile_ec
in tests/suites/test_suite_pkparse.function
. Hence not required here and at other places.
Description
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:
Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
This contribution is submitted under CLA with Fortanix, Inc.
Status
READY
Requires Backporting
YES
Migrations
NO
Todos
Steps to test or reproduce
Run the test suite from this PR without the changes in
pkparse.c