12 years, 5 months ago
(2012-10-25 15:20:57 UTC)
#3
https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go
File src/pkg/crypto/x509/sec1.go (right):
https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go#...
src/pkg/crypto/x509/sec1.go:32: func ParseSEC1PrivateKey(der []byte) (key
*ecdsa.PrivateKey, err error) {
On 2012/10/25 14:19:03, agl1 wrote:
> Where is this format from? It's odd to have two ASN.1 values concatenated,
> rather than in a SEQUENCE and SEC1 C.2 doesn't seem to specify this format.
Agreed. It appears that 'openssl ecparam' writes out an ECDomainParameters
immediately followed by the ECPrivateKey structure. This is similar to what it
does in the PEM case, where there are two PEM blocks in the same file (the first
an 'EC PARAMS' block, the second an 'EC PRIVATE KEY' block). In the case of a
named curve, the ASN.1 can simply be an OID. I'm not entirely sure how we should
handle this...
https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go#...
src/pkg/crypto/x509/sec1.go:52: return nil, fmt.Errorf("crypto/x509: failed to
parse EC private key: %v", err)
On 2012/10/25 14:19:03, agl1 wrote:
> errors.New("crypto/x509: failed to parse EC private key: " + err.Error())
Done.
https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go#...
src/pkg/crypto/x509/sec1.go:52: return nil, fmt.Errorf("crypto/x509: failed to
parse EC private key: %v", err)
On 2012/10/25 14:19:03, agl1 wrote:
> errors.New("crypto/x509: failed to parse EC private key: " + err.Error())
Done.
https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go#...
src/pkg/crypto/x509/sec1.go:55: return nil, fmt.Errorf("crypto/x509: unknown
version %d\n", privKey.Version)
On 2012/10/25 14:19:03, agl1 wrote:
> no \n at the end
>
> s/unknown version/unknown EC private key version/
>
Done.
https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go#...
src/pkg/crypto/x509/sec1.go:58: var namedCurve elliptic.Curve
On 2012/10/25 14:19:03, agl1 wrote:
> s/namedCurve/curve/
Done.
https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go#...
src/pkg/crypto/x509/sec1.go:69: priv := new(ecdsa.PrivateKey)
On 2012/10/25 14:19:03, agl1 wrote:
> if k.Cmp(curve.Params().N) >= 0 {
> return nil, errors.New("crypto/x509: invalid elliptic curve private key
> value")
> }
Done.
https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go#...
src/pkg/crypto/x509/sec1.go:72: priv.X, priv.Y =
namedCurve.ScalarBaseMult(k.Bytes())
On 2012/10/25 14:19:03, agl1 wrote:
> s/k.Bytes()/privKey/PrivateKey/
Done.
12 years, 5 months ago
(2012-10-29 13:46:37 UTC)
#4
https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go
File src/pkg/crypto/x509/sec1.go (right):
https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go#...
src/pkg/crypto/x509/sec1.go:32: func ParseSEC1PrivateKey(der []byte) (key
*ecdsa.PrivateKey, err error) {
On 2012/10/25 15:20:58, jsing wrote:
> On 2012/10/25 14:19:03, agl1 wrote:
> > Where is this format from? It's odd to have two ASN.1 values concatenated,
> > rather than in a SEQUENCE and SEC1 C.2 doesn't seem to specify this format.
>
> Agreed. It appears that 'openssl ecparam' writes out an ECDomainParameters
> immediately followed by the ECPrivateKey structure. This is similar to what it
> does in the PEM case, where there are two PEM blocks in the same file (the
first
> an 'EC PARAMS' block, the second an 'EC PRIVATE KEY' block). In the case of a
> named curve, the ASN.1 can simply be an OID. I'm not entirely sure how we
should
> handle this...
I don't think that we should handle it. I think it's basically a problem with
OpenSSL. It makes sense in the PEM case, but it's nonsense for DER.
If we eliminate this method, we can remove the current ParseECPrivateKey wrapper
too, right?
12 years, 4 months ago
(2012-11-13 14:03:13 UTC)
#5
On 2012/10/29 13:46:37, agl1 wrote:
> https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go
> File src/pkg/crypto/x509/sec1.go (right):
>
>
https://codereview.appspot.com/6767045/diff/8001/src/pkg/crypto/x509/sec1.go#...
> src/pkg/crypto/x509/sec1.go:32: func ParseSEC1PrivateKey(der []byte) (key
> *ecdsa.PrivateKey, err error) {
> On 2012/10/25 15:20:58, jsing wrote:
> > On 2012/10/25 14:19:03, agl1 wrote:
> > > Where is this format from? It's odd to have two ASN.1 values concatenated,
> > > rather than in a SEQUENCE and SEC1 C.2 doesn't seem to specify this
format.
> >
> > Agreed. It appears that 'openssl ecparam' writes out an ECDomainParameters
> > immediately followed by the ECPrivateKey structure. This is similar to what
it
> > does in the PEM case, where there are two PEM blocks in the same file (the
> first
> > an 'EC PARAMS' block, the second an 'EC PRIVATE KEY' block). In the case of
a
> > named curve, the ASN.1 can simply be an OID. I'm not entirely sure how we
> should
> > handle this...
>
> I don't think that we should handle it. I think it's basically a problem with
> OpenSSL. It makes sense in the PEM case, but it's nonsense for DER.
Apologies for the delay in getting back to this.
Generally speaking, I agree with your sentiment. OpenSSL seems to take the
approach that EC keys can be generated with non-named parameters, which means
that the curve parameters need to be included separately. This is obvious in the
PEM case where there are two PEM blocks, however their DER output also includes
two ASN.1 values (this occurs even in the named curve case). If we choose not
support this then we will not be able to load DER EC keys as currently generated
by OpenSSL.
> If we eliminate this method, we can remove the current ParseECPrivateKey
wrapper
> too, right?
Yes.
On Tue, Nov 13, 2012 at 10:57 AM, Joel Sing <jsing@google.com> wrote: > If the ...
12 years, 4 months ago
(2012-11-13 16:35:12 UTC)
#8
On Tue, Nov 13, 2012 at 10:57 AM, Joel Sing <jsing@google.com> wrote:
> If the decision is to not to support DER generated via OpenSSL ecparam
> then we can drop ParseSEC1PrivateKey. The ParseECPrivateKey() function
> is still needed for PEM EC PRIVATE KEY blocks, with parseECPrivateKey
> being necessary to handle PKCS8 encapsulated EC keys.
I'm pretty certain that the DER output of ecparam is a bug. It makes
some sense in PEM format because they are two separate PEM blocks, but
ramming two DER streams together is completely non-standard.
Cheers
AGL
On 2012/11/13 16:35:12, agl1 wrote: > On Tue, Nov 13, 2012 at 10:57 AM, Joel ...
12 years, 4 months ago
(2012-11-14 10:39:56 UTC)
#9
On 2012/11/13 16:35:12, agl1 wrote:
> On Tue, Nov 13, 2012 at 10:57 AM, Joel Sing <mailto:jsing@google.com> wrote:
> > If the decision is to not to support DER generated via OpenSSL ecparam
> > then we can drop ParseSEC1PrivateKey. The ParseECPrivateKey() function
> > is still needed for PEM EC PRIVATE KEY blocks, with parseECPrivateKey
> > being necessary to handle PKCS8 encapsulated EC keys.
>
> I'm pretty certain that the DER output of ecparam is a bug. It makes
> some sense in PEM format because they are two separate PEM blocks, but
> ramming two DER streams together is completely non-standard.
Agreed. I've removed ParseSEC1PrivateKey() and the associated test.
PTAL.
Issue 6767045: code review 6767045: crypto/x509: add support for SEC1/EC private keys.
(Closed)
Created 12 years, 5 months ago by jsing
Modified 12 years, 4 months ago
Reviewers:
Base URL:
Comments: 16
