RSASigner chokes on a valid private key about rustls HOT 11 CLOSED

This is caused by briansmith/ring#220

from rustls.

Could you tell me what program generated this key originally? Was it openssl?

from rustls.

I actually don't know what originally generated this key, it was provided by a service to access a particular endpoint. I'll note that both curl and kubectl (go code) were happy to use the key.

I'll do a bit more reading, but from a quick scan of the linked bug, do you know if there's a way to 'normalize' the key so it'll work and ring will accept it?

from rustls.

I wrote a quick python script (using pyca/cryptography) which, applied to your key, makes it acceptable to ring.

import sys

from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import serialization

if __name__ == '__main__':
    _, infile, outfile = sys.argv

    with open(infile) as f:
        priv = serialization.load_pem_private_key(f.read(),
                password = None,
                backend = default_backend())

    comp = priv.private_numbers()
    if comp.p < comp.q:
        p, q = comp.q, comp.p
        assert p > q
        iqmp = rsa.rsa_crt_iqmp(p, q)
        dmp1 = rsa.rsa_crt_dmp1(comp.d, p)
        dmq1 = rsa.rsa_crt_dmq1(comp.d, q)
        new_comp = rsa.RSAPrivateNumbers(p, q, comp.d, dmp1, dmq1, iqmp, comp.public_numbers)
        priv = new_comp.private_key(default_backend())
        print 'fixed key such that p > q'

    with open(outfile, 'w') as f:
        pem = priv.private_bytes(
                encoding = serialization.Encoding.PEM,
                format = serialization.PrivateFormat.TraditionalOpenSSL,
                encryption_algorithm = serialization.NoEncryption()
        )
        f.write(pem)

from rustls.

@ctz thanks so much, that's great! I may try and re-implement that in rust, I'll keep you posted if I do

from rustls.

I added some details in briansmith/ring#220 (comment).
Answering some questions above:

• the generator of those keys is some kubernetes deployment component, possibly written in golang, possibly using stdlib crypto/rsa primitives
• manually swapping primes with the script above works and fixes the issue for my local setup, but won't scale for general public and client/library developers

from rustls.

The underlying ring issue is fixed. If people encounter similar issues with ring and Rustls being too strict w.r.t. the contents of RSA keys, please file new issues. (ring does some NIST/FIPS-mandated consistency checks for the components of RSA private keys that many other implementations don't do.)

from rustls.

@briansmith 🎉

Do we want to have a test case covering this for future regressions, or should the ticket just be closed?

from rustls.

@lucab We have a test case in ring already, but I think it would be great if you could submit a similar test case for Rustls too..

from rustls.

I've just realized that briansmith/ring#604 is not yet part of any ring release, so I'll hold this for a bit until a new ring is out and rustls is updated to it (yes, I've read about release plan/blocker, I'm not in a hurry).

from rustls.

This has been long-fixed upstream.

from rustls.