Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: RSAES-OAEP support #30416

Open
DenisKarch opened this issue Feb 26, 2019 · 5 comments

Comments

@DenisKarch
Copy link

commented Feb 26, 2019

x509 currently does not support parsing rsaesoap pub keys.
Use case is calling x509 to extract the public EK from TPMs for verification purposes.
There are many old TPM units that use this key type.

@agnivade

This comment has been minimized.

Copy link
Member

commented Feb 27, 2019

@bcmills

This comment has been minimized.

Copy link
Member

commented Feb 27, 2019

CC @agl

@FiloSottile FiloSottile changed the title crypto/x509: rsaesoap support crypto/x509: RSAES-OAEP support Mar 1, 2019

@FiloSottile

This comment has been minimized.

Copy link
Member

commented Mar 1, 2019

I'm assuming this is about RSAES-OAEP public keys, specified in RFC 4055 and 5756.

I imagine these keys are encryption only, so not very useful for TLS.

Note that we don't even support certificate keys with id-RSASSA-PSS OID at the moment.

@DenisKarch

This comment has been minimized.

Copy link
Author

commented Mar 1, 2019

Yes both your assumptions are correct. TPM manufacturers have since switched to using rsaEncryption keys, however a significant portion of machines still have TPMs whose public keys are RSAES-OAEP. From what I can gather the difficulty with adding proper support for RSAES-OAEP public keys is that their parameters have non-integer default values (which is not currently supported). For our purposes we do not need to parse the parameters so leaving them as a RawValue is fine.
(I currently have a "working" hack in place that parses the parameters somewhat successfully)

@FiloSottile

This comment has been minimized.

Copy link
Member

commented Mar 1, 2019

The main problem with id-RSASSA-PSS and id-RSAES-OAEP keys is that if we parse them into a *rsa.PublicKey, all current crypto/x509 users (including crypto/tls) will accept them and treat them as if they were rsaEncryption, which might be incorrect and unexpected, so we need some other wrapper time or something like that.

For parsing we can use golang.org/x/crypto/cryptobyte if encoding/asn1 does not fit.

daviddrysdale added a commit to google/certificate-transparency-go that referenced this issue Mar 12, 2019
Added support for parsing certificates with RSAES-OAEP public keys (#470
)

This currently populates an *rsa.PublicKey value, but it does not
return or expose the associated hashing and masking algorithms,
so the key can't be used to validate signatures.

Upstream `crypto/x509` issue for support is:
golang/go#30416
DenisKarch added a commit to DenisKarch/go-tspi that referenced this issue Mar 12, 2019
Fix to GenerateChallenge
crypto/x509 now enforces that rsa public keys must have NULL parameters.
The old no longer solves the issue and instead will silently fail when
parsing the key, ultimately causing a null pointer dereference at
(pubkey := cert.PublicKey.(*rsa.PublicKey)).
Currently working with crypto/x509 to add support for RSAES-OAEP keys
golang/go#30416
DenisKarch added a commit to DenisKarch/go-tspi that referenced this issue Mar 12, 2019
Fix to GenerateChallenge
crypto/x509 now enforces that rsa public keys must have NULL parameters.
The old no longer solves the issue and instead will silently fail when
parsing the key, ultimately causing a null pointer dereference at
(pubkey := cert.PublicKey.(*rsa.PublicKey)).
Currently working with crypto/x509 to add support for RSAES-OAEP keys
golang/go#30416
DenisKarch added a commit to DenisKarch/go-tspi that referenced this issue Mar 12, 2019
Fix to GenerateChallenge
crypto/x509 now enforces that rsa public keys must have NULL parameters.
The old fix no longer solves the issue and instead will silently fail when
parsing the key, ultimately causing a null pointer dereference at
(pubkey := cert.PublicKey.(*rsa.PublicKey)).
Currently working with crypto/x509 to add support for RSAES-OAEP keys
golang/go#30416

For certificate-transparency-go have accepted a temporary fix to /x509
google/certificate-transparency-go#470
so we will be building against them for the time being.
DenisKarch added a commit to DenisKarch/go-tspi that referenced this issue Mar 12, 2019
Fix to GenerateChallenge
crypto/x509 now enforces that rsa public keys must have NULL parameters.
The old fix no longer solves the issue and instead will silently fail when
parsing the key, ultimately causing a null pointer dereference at
(pubkey := cert.PublicKey.(*rsa.PublicKey)).
Currently working with crypto/x509 to add support for RSAES-OAEP keys
golang/go#30416

certificate-transparency-go have accepted a temporary fix to /x509
google/certificate-transparency-go#470
so we will be building against them for the time being.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
4 participants
You can’t perform that action at this time.