Json Web Keys again

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Json Web Keys again

Angus Robertson - Magenta Systems Ltd
Google has started using RSA-PSS private keys for Json Web Keys.  

I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key, but this
does not work for RSA-PSS.  EVP_PKEY_print_private does work OK, but
parsing data from the output is messy.

EVP_PKEY_set_alias_type seemed worth a try, but does not set the
base_id.  

Are there any other workarounds?  Is RSA-PSS fully supported in 3.0?

Angus






Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Matt Caswell-2


On 03/12/2019 16:29, Angus Robertson - Magenta Systems Ltd wrote:
> Google has started using RSA-PSS private keys for Json Web Keys.  
>
> I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key, but this
> does not work for RSA-PSS.

In what way does this not work?

Perhaps you are missing access to the PSS parameters? I notice that 3.0
recently had the accessor RSA_get0_pss_params() added. Probably that
should also have been backported to 1.1.1.


> Are there any other workarounds?  Is RSA-PSS fully supported in 3.0?

Aside from the possible missing accessor (which looks like a bug), its
fully supported in 1.1.1.

Matt

Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Angus Robertson - Magenta Systems Ltd
> > I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key,
> > but this  does not work for RSA-PSS.
>
> In what way does this not work?

error:0607907F:digital envelope routines: EVP_PKEY_get0_RSA:expecting
an rsa key

> I notice that 3.0 recently had the accessor RSA_get0_pss_params()
> added. Probably that should also have been backported to 1.1.1.

Others have asked for that here before, so please.  But I don't need it
for JWK.

Angus

Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Matt Caswell-2


On 03/12/2019 16:59, Angus Robertson - Magenta Systems Ltd wrote:
>>> I create an RSA JWK using EVP_PKEY_get1_RSA and RSA_get0_key,
>>> but this  does not work for RSA-PSS.
>>
>> In what way does this not work?
>
> error:0607907F:digital envelope routines: EVP_PKEY_get0_RSA:expecting
> an rsa key

Hmm. That is odd because that function *does* support PSS:

RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
{
    if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) {
        EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
        return NULL;
    }
    return pkey->pkey.rsa;
}

What does EVP_PKEY_base_id() return for your pkey? How did you create it?

Matt


>
>> I notice that 3.0 recently had the accessor RSA_get0_pss_params()
>> added. Probably that should also have been backported to 1.1.1.
>
> Others have asked for that here before, so please.  But I don't need it
> for JWK.
>
> Angus
>
Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Angus Robertson - Magenta Systems Ltd
> What does EVP_PKEY_base_id() return for your pkey? How did you
> create it?

base_id is 912, EVP_PKEY_RSA_PSS=NID_rsassaPss.  

But my code is Pascal so not using your header files directly, seems
okay though.

It was created with OpenSSL APIs and EVP_PKEY_print_private reports:
RSA-PSS Private-Key: (2048 bit, 2 primes)

Angus

 

Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Matt Caswell-2


On 03/12/2019 17:23, Angus Robertson - Magenta Systems Ltd wrote:
>> What does EVP_PKEY_base_id() return for your pkey? How did you
>> create it?
>
> base_id is 912, EVP_PKEY_RSA_PSS=NID_rsassaPss.

Sorry. My mistake. I actually meant what does EVP_PKEY_id() return.

That just does this:

int EVP_PKEY_id(const EVP_PKEY *pkey)
{
    return pkey->type;
}

So if you get EVP_PKEY_RSA_PSS returned from that I don't currently
understand how this:

RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
{
    if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) {
        EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
        return NULL;
    }
    return pkey->pkey.rsa;
}

Can return the error you saw!! Something strange going on...


Matt


>
> But my code is Pascal so not using your header files directly, seems
> okay though.
>
> It was created with OpenSSL APIs and EVP_PKEY_print_private reports:
> RSA-PSS Private-Key: (2048 bit, 2 primes)
>
> Angus
>
>  
>
Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Angus Robertson - Magenta Systems Ltd
>> Sorry. My mistake. I actually meant what does EVP_PKEY_id()
> return.

Also returns 912, the same as base_id.  RSA keys both return 6.

> So if you get EVP_PKEY_RSA_PSS returned from that I don't
> currently understand how this:
>
> RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
> {
>     if (pkey->type != EVP_PKEY_RSA && pkey->type !=
> EVP_PKEY_RSA_PSS) {
>         EVPerr(EVP_F_EVP_PKEY_GET0_RSA,
> EVP_R_EXPECTING_AN_RSA_KEY);
>         return NULL;
>     }
>     return pkey->pkey.rsa;
> }
>
> Can return the error you saw!! Something strange going on...

Agreed, code looks clear enough, but was this was for 1.1.1 or master?

Just created a new RSA-PSS key with the latest OpenSSL and same error.

Angus



Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Matt Caswell-2


On 03/12/2019 18:02, Angus Robertson - Magenta Systems Ltd wrote:

>>> Sorry. My mistake. I actually meant what does EVP_PKEY_id()
>> return.
>
> Also returns 912, the same as base_id.  RSA keys both return 6.
>
>> So if you get EVP_PKEY_RSA_PSS returned from that I don't
>> currently understand how this:
>>
>> RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey)
>> {
>>     if (pkey->type != EVP_PKEY_RSA && pkey->type !=
>> EVP_PKEY_RSA_PSS) {
>>         EVPerr(EVP_F_EVP_PKEY_GET0_RSA,
>> EVP_R_EXPECTING_AN_RSA_KEY);
>>         return NULL;
>>     }
>>     return pkey->pkey.rsa;
>> }
>>
>> Can return the error you saw!! Something strange going on...
>
> Agreed, code looks clear enough, but was this was for 1.1.1 or master?

This code looks the same in 1.1.1 and master.

Perhaps some form of memory corruption? Maybe you could step through it
in a debugger?

Matt

>
> Just created a new RSA-PSS key with the latest OpenSSL and same error.
>
> Angus
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Angus Robertson - Magenta Systems Ltd
> > Agreed, code looks clear enough, but was this was for 1.1.1 or
> > master?
>
> This code looks the same in 1.1.1 and master.

It seems the EVP_PKEY_RSA_PSS addition was only committed 28th October
2019, so need to wait for 1.1.1e, hopefully real soon...

RSA_get0_pss_params as well would be good.  

Thanks for your help.

Angus

Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Matt Caswell-2


On 03/12/2019 19:07, Angus Robertson - Magenta Systems Ltd wrote:
>>> Agreed, code looks clear enough, but was this was for 1.1.1 or
>>> master?
>>
>> This code looks the same in 1.1.1 and master.
>
> It seems the EVP_PKEY_RSA_PSS addition was only committed 28th October
> 2019, so need to wait for 1.1.1e, hopefully real soon...

Ah, that explains it!

>
> RSA_get0_pss_params as well would be good.  

Backport PR here:

https://github.com/openssl/openssl/pull/10568

Matt

Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Angus Robertson - Magenta Systems Ltd
> > It seems the EVP_PKEY_RSA_PSS addition was only committed 28th
> > October 2019, so need to wait for 1.1.1e, hopefully real soon...
>
> Ah, that explains it!

Now tested with 1.1.1e-dev and I can generate a JWK from an RSA-PSS key.


Since JWK is for signing, I also tried to support ED25519 private keys,
but get:

error:0D0A40A7:asn1 encoding routines:i2d_PublicKey:unsupported public
key type
 
A binary public key is all I need for JWK, simple format. A search of
master suggests nothing yet.

Angus
 


Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Matt Caswell-2


On 04/12/2019 11:22, Angus Robertson - Magenta Systems Ltd wrote:

>>> It seems the EVP_PKEY_RSA_PSS addition was only committed 28th
>>> October 2019, so need to wait for 1.1.1e, hopefully real soon...
>>
>> Ah, that explains it!
>
> Now tested with 1.1.1e-dev and I can generate a JWK from an RSA-PSS key.
>
>
> Since JWK is for signing, I also tried to support ED25519 private keys,
> but get:
>
> error:0D0A40A7:asn1 encoding routines:i2d_PublicKey:unsupported public
> key type
>  
> A binary public key is all I need for JWK, simple format. A search of
> master suggests nothing yet.


i2d_PublicKey() serializes a public key using key specific (legacy)
formats where available. There isn't a key specific format for Ed25519.
It just uses the generic SubjectPublicKeyInfo format.

You need to use i2d_PUBKEY() for that.

Arguably we should make i2d_PublicKey() fallback to i2d_PUBKEY() where
no key specific format is available.

Matt
Reply | Threaded
Open this post in threaded view
|

Re: Json Web Keys again

Angus Robertson - Magenta Systems Ltd
> There isn't a key specific format for Ed25519.
> You need to use i2d_PUBKEY() for that.

I used EVP_PKEY_get_raw_public_key which got added for these raw keys,
works fine for Ed25519.  

On the EVP_PKEY_get_raw_public_key.html page, it would help if it
mentioned that *len should be set to the passed buffer size on the
get_raw functions which fail if you pass zero.

Angus