search

erlang / otp

Erlang/OTP
http://erlang.org
Apache License 2.0
11.37k stars 2.95k forks source link

ERL-482: can't generate EC key using openssl EC params #3280

Closed OTP-Maintainer closed 3 years ago

OTP-Maintainer commented 7 years ago

Original reporter: goertzenator Affected version: OTP-20.0.4 Fixed in version: OTP-20.2 Component: crypto Migrated from: https://bugs.erlang.org/browse/ERL-482

h1. Overview

1. Generate an EC key with openssl that explicitly specifies its curve parameters.
2. Load the key and curve parameters into Erlang, generate a new key using the loaded curve parameters.
3. The crypto:ec_key_generate() call rejects the curve parameters.  The error appears to originate from crypto NIF code.

Note: this issue is not associated with the other public_key issues I've filed recently.

h1. Expectation

Curve parameters loaded from openssl-generated keys should be recognized by public_key/crypto.

h1. Detailed steps to reproduce

shell:
{code:java}
openssl ecparam -name secp521r1 -genkey -param_enc explicit -out ec_key.pem
{code}

erlang:
{code:java}
{ok, KeyPem} = file:read_file("ec_key.pem").
Entries = public_key:pem_decode(KeyPem).
[ParamInfo] = [Entry || Entry={'EcpkParameters', _, not_encrypted} <- Entries].
{ecParameters, Params} = public_key:pem_entry_decode(ParamInfo).
public_key:generate_key(Params).
{code}

The Params variable in my run was...
{code:java}
19> Params.
{'ECParameters',ecpVer1,
                {'FieldID',{1,2,840,10045,1,1},
                           <<2,66,1,255,255,255,255,255,255,255,255,255,255,255,255,
                             255,255,255,255,255,255,255,255,...>>},
                {'Curve',<<1,255,255,255,255,255,255,255,255,255,255,255,
                           255,255,255,255,255,255,255,255,255,255,255,...>>,
                         <<81,149,62,185,97,142,28,154,31,146,154,33,160,182,133,
                           64,238,162,218,114,91,153,...>>,
                         <<208,158,136,0,41,28,184,83,150,204,103,23,57,50,132,
                           170,160,218,100,186>>},
                <<4,0,198,133,142,6,183,4,4,233,205,158,62,203,102,35,149,
                  180,66,156,100,129,57,5,...>>,
                6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449,
                1}
{code}

... and the resulting error was...

{code:java}
20> public_key:generate_key(Params).
** exception error: bad argument
     in function  crypto:ec_key_generate/2
        called as crypto:ec_key_generate({{prime_field,<<2,66,1,255,255,255,255,255,255,255,255,
                                                         255,255,255,255,255,255,255,255,255,255,
                                                         255,255,255,255,...>>},
                                          {<<1,255,255,255,255,255,255,255,255,255,255,255,255,255,
                                             255,255,255,255,255,255,255,255,255,255,255,...>>,
                                           <<81,149,62,185,97,142,28,154,31,146,154,33,160,182,133,
                                             64,238,162,218,114,91,153,179,21,...>>,
                                           none},
                                          <<4,0,198,133,142,6,183,4,4,233,205,158,62,203,102,35,149,
                                            180,66,156,100,129,57,5,63,...>>,
                                          <<1,255,255,255,255,255,255,255,255,255,255,255,255,255,
                                            255,255,255,255,255,255,255,255,255,255,...>>,
                                          <<1>>},
                                         undefined)
     in call from public_key:ec_generate_key/1 (public_key.erl, line 1236)
{code}
OTP-Maintainer commented 7 years ago

ingela said:

Humm ... I have a ticket to enhance ssl to be able to use  non named curves.  EC support was originally a contribution and it lacked support for unnamed curves. It should not be a big job to add to ssl but it has so far not been prioritized. And probably the biggest job is to create good test data. Maybe the contributed crypto code was incomplete too.
OTP-Maintainer commented 7 years ago

ingela said:

Turned out it was a data-format conversion missing in public_key, so crypto application did not get the input it expected. I have fixed public key. Crypto could have had better input checks we will look over that.