You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Original reporter: goertzenator
Affected version: OTP-20.0.4
Fixed in version: OTP-20.2
Component: crypto
Migrated from: https://bugs.erlang.org/browse/ERL-482
h1. Overview
1. Generate an EC key with openssl that explicitly specifies its curve parameters.
2. Load the key and curve parameters into Erlang, generate a new key using the loaded curve parameters.
3. The crypto:ec_key_generate() call rejects the curve parameters. The error appears to originate from crypto NIF code.
Note: this issue is not associated with the other public_key issues I've filed recently.
h1. Expectation
Curve parameters loaded from openssl-generated keys should be recognized by public_key/crypto.
h1. Detailed steps to reproduce
shell:
{code:java}
openssl ecparam -name secp521r1 -genkey -param_enc explicit -out ec_key.pem
{code}
erlang:
{code:java}
{ok, KeyPem} = file:read_file("ec_key.pem").
Entries = public_key:pem_decode(KeyPem).
[ParamInfo] = [Entry || Entry={'EcpkParameters', _, not_encrypted} <- Entries].
{ecParameters, Params} = public_key:pem_entry_decode(ParamInfo).
public_key:generate_key(Params).
{code}
The Params variable in my run was...
{code:java}
19> Params.
{'ECParameters',ecpVer1,
{'FieldID',{1,2,840,10045,1,1},
<<2,66,1,255,255,255,255,255,255,255,255,255,255,255,255,
255,255,255,255,255,255,255,255,...>>},
{'Curve',<<1,255,255,255,255,255,255,255,255,255,255,255,
255,255,255,255,255,255,255,255,255,255,255,...>>,
<<81,149,62,185,97,142,28,154,31,146,154,33,160,182,133,
64,238,162,218,114,91,153,...>>,
<<208,158,136,0,41,28,184,83,150,204,103,23,57,50,132,
170,160,218,100,186>>},
<<4,0,198,133,142,6,183,4,4,233,205,158,62,203,102,35,149,
180,66,156,100,129,57,5,...>>,
6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449,
1}
{code}
... and the resulting error was...
{code:java}
20> public_key:generate_key(Params).
** exception error: bad argument
in function crypto:ec_key_generate/2
called as crypto:ec_key_generate({{prime_field,<<2,66,1,255,255,255,255,255,255,255,255,
255,255,255,255,255,255,255,255,255,255,
255,255,255,255,...>>},
{<<1,255,255,255,255,255,255,255,255,255,255,255,255,255,
255,255,255,255,255,255,255,255,255,255,255,...>>,
<<81,149,62,185,97,142,28,154,31,146,154,33,160,182,133,
64,238,162,218,114,91,153,179,21,...>>,
none},
<<4,0,198,133,142,6,183,4,4,233,205,158,62,203,102,35,149,
180,66,156,100,129,57,5,63,...>>,
<<1,255,255,255,255,255,255,255,255,255,255,255,255,255,
255,255,255,255,255,255,255,255,255,255,...>>,
<<1>>},
undefined)
in call from public_key:ec_generate_key/1 (public_key.erl, line 1236)
{code}
The text was updated successfully, but these errors were encountered:
Humm ... I have a ticket to enhance ssl to be able to use non named curves. EC support was originally a contribution and it lacked support for unnamed curves. It should not be a big job to add to ssl but it has so far not been prioritized. And probably the biggest job is to create good test data. Maybe the contributed crypto code was incomplete too.
Turned out it was a data-format conversion missing in public_key, so crypto application did not get the input it expected. I have fixed public key. Crypto could have had better input checks we will look over that.
Original reporter:
goertzenator
Affected version:
OTP-20.0.4
Fixed in version:
OTP-20.2
Component:
crypto
Migrated from: https://bugs.erlang.org/browse/ERL-482
The text was updated successfully, but these errors were encountered: