c-blind-rsa-signatures icon indicating copy to clipboard operation
c-blind-rsa-signatures copied to clipboard

Published 20 hours ago verified publisher icon jedisct1

Import Public Keys with Extra ASN1 Data

Open Brandr0id opened this issue 3 years ago • 5 comments

Currently it looks like brsa_publickey_import expects only the raw key structure (Sequence[2] -> [int][int]) when importing a key. Has any consideration been given to having import handle/skip over additional asn1 data if present prior to unpacking the key data or should the caller ensure it is removed prior to using?

Example of public key with extra data:

openssl.exe asn1parse -in public.txt -inform pem
    0:d=0  hl=4 l= 594 cons: SEQUENCE
    4:d=1  hl=2 l=  61 cons: SEQUENCE
    6:d=2  hl=2 l=   9 prim: OBJECT            :rsassaPss
   17:d=2  hl=2 l=  48 cons: SEQUENCE
   19:d=3  hl=2 l=  13 cons: cont [ 0 ]
   21:d=4  hl=2 l=  11 cons: SEQUENCE
   23:d=5  hl=2 l=   9 prim: OBJECT            :sha384
   34:d=3  hl=2 l=  26 cons: cont [ 1 ]
   36:d=4  hl=2 l=  24 cons: SEQUENCE
   38:d=5  hl=2 l=   9 prim: OBJECT            :mgf1
   49:d=5  hl=2 l=  11 cons: SEQUENCE
   51:d=6  hl=2 l=   9 prim: OBJECT            :sha384
   62:d=3  hl=2 l=   3 cons: cont [ 2 ]
   64:d=4  hl=2 l=   1 prim: INTEGER           :30
   67:d=1  hl=4 l= 527 prim: BIT STRING

openssl.exe asn1parse -strparse 67 -in public.txt -inform pem
    0:d=0  hl=4 l= 522 cons: SEQUENCE
    4:d=1  hl=4 l= 513 prim: INTEGER           :<removed>
  521:d=1  hl=2 l=   3 prim: INTEGER           :<removed>

Brandr0id avatar Jan 28 '22 22:01 Brandr0id

Hi!

import() is the direct counterpart of serialize(); it expects the raw key.

Your public.txt file looks like SPKI.

This code can export public keys as SPKI, but cannot import them yet. So, you indeed have to skip other data.

jedisct1 avatar Jan 28 '22 22:01 jedisct1

Thanks! Indeed the data is SPKI formatted. What are your thoughts on having import directly support SPKI import by optionally skipping that data within the import call if present?

Perhaps something along the lines of peeking the provided asn1 tag to see if we have raw data (CBS_ASN1_SEQUENCE/CBS_ASN1_INTEGER) and if not trying to find the CBS_ASN1_BITSTRING element, skipping the next Byte and proceeding with the import?

Brandr0id avatar Jan 29 '22 00:01 Brandr0id

An additional import function for SPKI can always be added.

Is it something you could possibly contribute (preferably to the Zig implementation, from which the C version is a conversion of)?

jedisct1 avatar Jan 29 '22 09:01 jedisct1

A dedicated function is necessary since we need to also recover the salt length and hash algorithm, which are part of the SPKI-encoded data.

jedisct1 avatar Jan 29 '22 09:01 jedisct1

It looks like you added a basic import using SPKI data; thanks! Things will still need to be init'd with the correct hash/salt-length but this is helpful.

Brandr0id avatar Feb 03 '22 21:02 Brandr0id