Can't load openssl generated rsa-pss keys

[est31]

While Ring can load traditional PKCS#1 1.5 RSA keys, it can't load RSA-PSS (PKCS#1 2.1) keys. Example:

extern crate ring;
extern crate pem;

fn main() {
    use ring::signature::RsaKeyPair;
    /*
    Generated by: openssl genpkey -algorithm RSA \
    -pkeyopt rsa_keygen_bits:2048 \
    -pkeyopt rsa_keygen_pubexp:65537 | \
    openssl pkcs8 -topk8 -nocrypt -outform pem
    */
    let pem_1 = "
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCyWjDPqoE7YDwj
1EkccsLWukm5NucXpSE25sNcycVMVPn0AjRjUcsHOA4wGq51NsKuT+bE4HNt+K0s
ItNuX1u9OGGvdqBaa7XtaZtoIzCU4f5QyFbJ04JpwVjWEQ9AkeOU4N7OkawV+Rka
hYJZCkymmASjzBD6TU4NxIx+M+cII/fbItSHZIWLEzpgXqxLc+Ca9KhT0aDzbSbv
4F57yO2Rm/A4ymC7/vzo9tHUxs2OsgijrYDasoTaHqhsoVa1WQ/FHtymvT+sDrqB
0mB0R+jsO684pig87GhD/hrwoaY8GnaP+Utt7pqekhWd/ULyaYehNHqMhO1P+SRh
KB/xpPgfAgMBAAECggEBAK87GdYPCeXSiYQSYLrIrlHWufR10ttSbK3KUIvr2iND
IknxmJM0m6u+EYKF1H5pjSFCc9NfS0nzGAHTPbSlkDb7HE8O2EG+rgJSzlOkr2i4
Gew4ybyGSQ2q36ODI18nd1ihD4gZa+Ay281I+2aMTf8oQPbF2rByH4w7XmXojMdb
Gp/lQhOi124DXEO7J3JHFZC9Het6+XfJVKpVfhBDFmAKJj0CJMY8KHXkmTNwiv3z
Tf7OSFqVQnfB3Sw5jauilh3hK1qOp2jne8ukeuuGlqPurgDRtbWO81xxxZSLoRFS
IlBsmK92NNA1HHYsttz1K1hpxHiAx5dsMuz1Y4qfURECgYEA5Mbv744qRj2ejPyF
cSZjmzGV5uCmQbLbzFrdPegBRXBbXSRm3eHUpTXtmYcnoodAxDFFtXNZDgQUhuX/
yeRi/4IG/saAX7n/FOXMnpzYjy7vofw0X+PBZpowWJ9+98Tl/kJ9OBFa/WwKeA/z
A/iQekjkuOu2sdai5xiQ3xGzBEsCgYEAx5Mzi+uusYPhhmAbDqRp1HwFkYoZHphd
lmUagNLg+NFURPeODYJ+88OeZP+qcxmUKLIQfWth55GtxywRaa59fsdcsLxwnZmA
T0BO6si17YRPoVHZ5eYvn2iQlGta2EVmT8mOlRlLiD5Qcelh+KVWtY25wUDbdpva
+SBSrWO07v0CgYAe8GR8ci53Z1fs2y20uqtXzqHmIlV5pxWgkl0/RQP+/w3sD8M1
mJfoa92hGK0chswUfFFgE6Rkh9q6z5oDFLbqtQv7Ip8z0vSTP+ynOrDy1DcmIfR3
T1bVaF7HbXJ/UYqFEzrZ/Ubf5N+ZkxabX98yGm+MLpx7enp3ZFQbRsp99wKBgQC/
LSAUqbjXbUjNSyTAGvkRxZgj+ZDkgPothj4kJ13Am+1If4eBI39vDPWfNFXYGimV
7jTjn8jSZfd8spcfkDnBB0KgPnL2VUPXJvgx6gB0POl21AySMLVv01+j/U6xm5FN
XvuJkgiLw32WEQV7hQ6RrejB2dohPV0+hhsM41VAFQKBgCFZlWZaec0TBpAfV0CZ
+gj427qOTbz67ZjFM8+edbfeMF31gV9ruKkrV1hD+tYZGCtbK2mZr6m99cpc2BX8
F+0MBNYuYJ0XUTDThvUnIoTLfAdSgPUThOoWZeQWYcdfi3iLSHaW49sVCWtuRyTu
bYW+oSEH9nLG36a5ImFJ0DHF
-----END PRIVATE KEY-----
    ";
    let der_1 = pem::parse(&pem_1).unwrap();
    RsaKeyPair::from_pkcs8(&der_1.contents).unwrap(); // works
    /*
    Generated by: openssl genpkey -algorithm rsa-pss \
    -pkeyopt rsa_keygen_bits:2048 \
    -pkeyopt rsa_keygen_pubexp:65537 | \
    openssl pkcs8 -topk8 -nocrypt -outform pem
    */
    let pem_pss = "
-----BEGIN PRIVATE KEY-----
MIIEvAIBADALBgkqhkiG9w0BAQoEggSoMIIEpAIBAAKCAQEAoQV7lKOh/lOy2Xxo
/EDOnbS+/MMN6WN0gnBIggHhndaR5qNZPZOPolifO+CTJ2OfIJJjR3l/fjj7pUt4
8kxlPtUN8Z3r3sBmaL8XW/sICf9Ke3NjWXd3IkO50TK0xa8HRFGLRnjXQTG3PZr/
Py2MnQ21Ze+5LnB1lXOsSEgs0Z47LbppS7I4VY3WDhpx3ZVwSjXJmhhw6ag9r2Uo
TIoRPZXQkHJA34XUW/oZmddXBwJbycN5cWypWappBAGHWhUC5oPhX3yDRDTuKWav
Hh/LBOBS4ckkHt2AHAPei8J5NF/2ctlQoVjKafMOATmHOf2XBepp/iHddYaSz8I8
n3rw5QIDAQABAoIBABJ05m1rNC5Kub1kHUSMySIajam7UeTmmXw6EpWUUaAd8CtX
nesI9vXM4rOiUju5l4vMO8T9kDePoIiZ1gsv5osFMMv5JggqVZK8FJledNVwhcEQ
wNqIbwdma+4mucHPBi42iphRUZsPb8mH8qnzNqLp51j/2WIRUekHkT/XxgtgwSlV
t2OgTSmwMcfSSjz1kF6Jy4n0pvYpHKsiHJIxucArIwLoNcVt+SetepyhNQG0wJPW
lzMLwehDp/mKe+4rZsg4+xf5G4zvl+65MqpNFW+KxvR+BSnViravdHxzNWWbv2mm
dubIwUFGSwNfofyEeKamcUvG9/49frUrryguzgECgYEAz7CM1/D3ssasgZ8Xah/B
cU/Hegn6OqNV4eO6oqQ96tQo3Os/PXNnqzkZxogeNAvu/kIIerSW81ytJDtpnkjW
BYXJJkT4ONQGZMitqEOPzqphDGuuOiQt7QsR9CJ0EgTUNNJ1ix3hTuX1SILRMA88
/wZ1LPhbYipFTmebjGDM5pUCgYEAxnnx1ki+215xKRW5E8NJlz0mz5JK5GPDZ1++
+r3ksExcNoGlxIZvc+rCzWiP6ebXTw+HXUjduJPWRj4DaboG7ohE12y1PoJXQ+oX
CXX4aYVK+z2ARq22PDnEAXOtNyzH1imYXtNb8gpp3BC4T6ofkM2Y9G1dqbx7cQcD
XyRN3RECgYBKr1NGh/mayUTZa+tQl1DJvYWfBh18nqXQkELaH7PAUUDMiK/6Ghjq
gqMZOHOcBbqQphBEh9JMe0Qr5k2JxOlpnP2DjIOyc9REw8Fm47y/9Zbmj4ZclAwL
1NJE92rD3AavZAsu1rTh2WHGDHzLCn/FuX3DiR/bghXgJvPRnDGyrQKBgQC9FcgU
AdHyZBMitRNRhKdDcnrbHeBDnde3UDw93VNVsinXs8QdaoYbxPg5gPg6OjW9mGm5
sYWqJw3odYQC4btg3GnZYjN5jetdRFMWLFGxFc/Nc1YV/8Cxt8bIK1BGVF895PrI
vEvIV6tqgHNXUhgod/bURq0I3AwuLiREK+4SQQKBgQCmhMEoRKGKvr2hUjeqO64P
UTAUDKRcHwiB+5ckxxnlReEBWuPPXhHUCQf2jLA3wEJrbiMCMaFjtLJ1Xc7Lbj+0
h61oPBPfMNYitaaqEsO1MfbYimzEvLGa4fGnKtmLtL/2htR3e8OOvV4DoAJhLNsd
YgYBu3+tziXFye91JcKheg==
-----END PRIVATE KEY-----
    ";
    let der_pss = pem::parse(&pem_pss).unwrap();
    RsaKeyPair::from_pkcs8(&der_pss.contents).unwrap(); // ERROR: WrongAlgorithm
}

See also this gist which creates an entire certificate that uses RSA-PSS.

[briansmith]

This is due to this code:

    pub fn from_pkcs8(pkcs8: &[u8]) -> Result<Self, KeyRejected> {
        const RSA_ENCRYPTION: &[u8] = include_bytes!("../data/alg-rsa-encryption.der");
        let (der, _) = pkcs8::unwrap_key_(
            untrusted::Input::from(RSA_ENCRYPTION),

Basically, ring expects the RSA keypair to have the old rsaEncryption algorithm identifier.

When the PSS algorithm identifier is used, the expectation is that the keypair would be restricted to PSS. So in addition to extending the above logic to recognize and accept the PSS algorithm identifier, we'd also need for the key to remember that it is only to be used to sign using PSS. This in term would require us to add metadata to each keypair and to each padding scheme for this, add checks that the metadata is consistent, and add tests to verify that all of this is working as corrected.

I would be happy to accept a PR that does this.

[briansmith]

The OID of the keypair not being accepted is indeed 1.2.840.113549.1.1.10, which is the rsaPSS OID.