Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ERL-482: can't generate EC key using openssl EC params #3280

Closed
OTP-Maintainer opened this issue Sep 8, 2017 · 2 comments
Closed

ERL-482: can't generate EC key using openssl EC params #3280

OTP-Maintainer opened this issue Sep 8, 2017 · 2 comments
Labels
bug Issue is reported as a bug priority:medium team:PS Assigned to OTP team PS
Milestone
OTP-20.2

Comments

@OTP-Maintainer
Copy link

Original reporter: goertzenator
Affected version: OTP-20.0.4
Fixed in version: OTP-20.2
Component: crypto
Migrated from: https://bugs.erlang.org/browse/ERL-482

h1. Overview

1. Generate an EC key with openssl that explicitly specifies its curve parameters.
2. Load the key and curve parameters into Erlang, generate a new key using the loaded curve parameters.
3. The crypto:ec_key_generate() call rejects the curve parameters.  The error appears to originate from crypto NIF code.

Note: this issue is not associated with the other public_key issues I've filed recently.

h1. Expectation

Curve parameters loaded from openssl-generated keys should be recognized by public_key/crypto.


h1. Detailed steps to reproduce

shell:
{code:java}
openssl ecparam -name secp521r1 -genkey -param_enc explicit -out ec_key.pem
{code}

erlang:
{code:java}
{ok, KeyPem} = file:read_file("ec_key.pem").
Entries = public_key:pem_decode(KeyPem).
[ParamInfo] = [Entry || Entry={'EcpkParameters', _, not_encrypted} <- Entries].
{ecParameters, Params} = public_key:pem_entry_decode(ParamInfo).
public_key:generate_key(Params).
{code}


The Params variable in my run was...
{code:java}
19> Params.
{'ECParameters',ecpVer1,
                {'FieldID',{1,2,840,10045,1,1},
                           <<2,66,1,255,255,255,255,255,255,255,255,255,255,255,255,
                             255,255,255,255,255,255,255,255,...>>},
                {'Curve',<<1,255,255,255,255,255,255,255,255,255,255,255,
                           255,255,255,255,255,255,255,255,255,255,255,...>>,
                         <<81,149,62,185,97,142,28,154,31,146,154,33,160,182,133,
                           64,238,162,218,114,91,153,...>>,
                         <<208,158,136,0,41,28,184,83,150,204,103,23,57,50,132,
                           170,160,218,100,186>>},
                <<4,0,198,133,142,6,183,4,4,233,205,158,62,203,102,35,149,
                  180,66,156,100,129,57,5,...>>,
                6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449,
                1}
{code}

... and the resulting error was...

{code:java}
20> public_key:generate_key(Params).
** exception error: bad argument
     in function  crypto:ec_key_generate/2
        called as crypto:ec_key_generate({{prime_field,<<2,66,1,255,255,255,255,255,255,255,255,
                                                         255,255,255,255,255,255,255,255,255,255,
                                                         255,255,255,255,...>>},
                                          {<<1,255,255,255,255,255,255,255,255,255,255,255,255,255,
                                             255,255,255,255,255,255,255,255,255,255,255,...>>,
                                           <<81,149,62,185,97,142,28,154,31,146,154,33,160,182,133,
                                             64,238,162,218,114,91,153,179,21,...>>,
                                           none},
                                          <<4,0,198,133,142,6,183,4,4,233,205,158,62,203,102,35,149,
                                            180,66,156,100,129,57,5,63,...>>,
                                          <<1,255,255,255,255,255,255,255,255,255,255,255,255,255,
                                            255,255,255,255,255,255,255,255,255,255,...>>,
                                          <<1>>},
                                         undefined)
     in call from public_key:ec_generate_key/1 (public_key.erl, line 1236)
{code}
@OTP-Maintainer
Copy link
Author

ingela said:

Humm ... I have a ticket to enhance ssl to be able to use  non named curves.  EC support was originally a contribution and it lacked support for unnamed curves. It should not be a big job to add to ssl but it has so far not been prioritized. And probably the biggest job is to create good test data. Maybe the contributed crypto code was incomplete too.

@OTP-Maintainer
Copy link
Author

ingela said:

Turned out it was a data-format conversion missing in public_key, so crypto application did not get the input it expected. I have fixed public key. Crypto could have had better input checks we will look over that.

@OTP-Maintainer OTP-Maintainer added bug Issue is reported as a bug team:PS Assigned to OTP team PS priority:medium labels Feb 10, 2021
@OTP-Maintainer OTP-Maintainer added this to the OTP-20.2 milestone Feb 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Issue is reported as a bug priority:medium team:PS Assigned to OTP team PS
Projects
None yet
Milestone
OTP-20.2
Development

No branches or pull requests
1 participant
@OTP-Maintainer