IETF Logo Mail Archive

Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt

Jim Schaad <ietf@augustcellars.com> Wed, 10 May 2017 14:21 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CBF21129B76 for <curdle@ietfa.amsl.com>; Wed, 10 May 2017 07:21:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=augustcellars.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 74m3qlZfNq-5 for <curdle@ietfa.amsl.com>; Wed, 10 May 2017 07:21:27 -0700 (PDT)
Received: from mail4.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AEBA412946C for <curdle@ietf.org>; Wed, 10 May 2017 07:21:27 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-us
DKIM-Signature: v=1; a=rsa-sha256; d=augustcellars.com; s=winery; c=simple/simple; t=1494426082; h=from:subject:to:date:message-id; bh=Hjg/4/0aoW7UMzNzyNmECU+veIEfn2mJvSmiyFYaHkk=; b=Hh5Uz4RBMbT6p37zdrwrCdpsOKCBB0g6hXX0BTAHnidgvGKUUX3y5ixV4KkwYa1eHuK1QXbaxQm PDjdJlnab8YKZjpN9UfermOErbwQinxN6DDrAbew3SxP8ld55uswLZnEapiGuETqgOt8zQggr7uh3 70qthclq2v7GAHI6vDXJiT8eISrZAKosKxSpHrAFPHC9zbg2LRGBOtDU1eFj/WmWdLIiEOqqTDcTM CLhS3zrbLH0ZrFmuo98LGOBCBdlSFU5Zuy/HpENujGJsMXI2v/RrdfS9PnRzXicC9u56yf5bPAWsi u9Ob4q/DpZwbyymLdt/lo1OuxBykZA1lMKMg==
Received: from mail2.augustcellars.com (192.168.1.201) by mail4.augustcellars.com (192.168.1.153) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 10 May 2017 07:21:22 -0700
Received: from Hebrews (24.21.96.37) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Wed, 10 May 2017 07:21:11 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Brian Smith' <brian@briansmith.org>
CC: 'curdle' <curdle@ietf.org>
References: <149073663013.1172.4888065212435317707.idtracker@ietfa.amsl.com> <051401d2a80b$e9bdea90$bd39bfb0$@augustcellars.com> <CAFewVt6-0WSqmwD7xVvKWDg3P9vNpFZDqB-n61hiU9qQp1c2cw@mail.gmail.com> <006d01d2c194$0e99b280$2bcd1780$@augustcellars.com> <CAFewVt7iuyzY-VkQn7V7PjEOWyk0k7-KLsmpEGjhSdTh7JW2Og@mail.gmail.com> <CAFewVt5v_bqQMo7ZpnnUWa2c41Xy-SkUWw63sh8Yn-UWskKdmw@mail.gmail.com> <CAFewVt4dv0Q2C_N+Cn2or6D+_CdZCDwfoe-g1sOTJqNSJON_nw@mail.gmail.com> <CAFewVt4sJE9+sdPAjtQKL0L+RqkgS9AXaa5ytGOK80Bcgua8sA@mail.gmail.com>
In-Reply-To: <CAFewVt4sJE9+sdPAjtQKL0L+RqkgS9AXaa5ytGOK80Bcgua8sA@mail.gmail.com>
Date: Wed, 10 May 2017 07:21:31 -0700
Message-ID: <001c01d2c998$ba1f6f80$2e5e4e80$@augustcellars.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQEf37CDGDDCSU9BXbxVbCIypDLQdwJ1Iy/iAhSOZKsB1zCbUwHBSJH8AuMjGPgCXdDW9gIx5lJ3otbFd+A=
X-Originating-IP: [24.21.96.37]
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/Tjo1i_Aj5EPdID4snA5LrRXkOQ0>
Subject: Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2017 14:21:30 -0000

I have not yet gotten to the point of validating the edge cases, although the number seems to be getting to the point of a test suite which I would prefer to handle in a different manner.

I have been reading the curve drafts and looking at my implementation to try and figure out what the rules are and what the implications are relative to what is being asked for.

Public keys - I think that it makes sense to talk about saying that checks needs to be done on public keys.  For the set of checks I can just reference the two drafts, I do not think that I need to re-state them in this draft.

Private keys - There is a slightly interesting trade-off that may need to be considered at this point.  One can either have the keys in the correct format, or one can require that the correct masking be applied during the import step.  The reason for requiring the latter is that it removes some of the fixed structure of the private key.  This has a (very small) advantage as a totally random item is harder to make guesses at.  It is true however that there is other structure in the text that is encrypted so this would be a very small advantage.  When I wrote my code, I did the import and then the masking step as the masking needs to be done in a lot of cases when operations are done.  Do people have opinions on this?

OneAsymmetricKey version numbering - I am looking at putting some guidance text on this into the document.  I will send it out once I am happy with it.

Jim




-----Original Message-----
From: Brian Smith [mailto:brian@briansmith.org] 
Sent: Tuesday, May 9, 2017 6:32 PM
To: Jim Schaad <ietf@augustcellars.com>
Cc: curdle <curdle@ietf.org>
Subject: Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt

Here are some more test vectors for INVALID edge cases of Ed25519 and
X25519 PKCS#8 v2 keys that I would like to have included in the RFC.

Ed25519 INVALID. The first byte of the public key, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VwBCIEIC3GfeUYbZGTAhwLEE2cbvJL7ivTlcy17VottfN6L8HwoS
IDIADBfk2Lv/J8H7YYwj/OmIcDx++jzVkKrKwS0/HjyQyM
-----END PRIVATE KEY-----

Ed25519 INVALID. The last byte of the public key, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VwBCIEILJXn1VaLqvausjUaZexwI/ozmOFjfEk78KcYN+7hsNJoS
IDIACdQhJwzi/MCGcsQeQnIUh2JFybDxSrZxuLudJmpJLk
-----END PRIVATE KEY-----

Ed25519 INVALID. The first byte of the private key, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VwBCEEH7GnwgsrTtnHjzaG24L4VHNM3JW+Ud7zBNmODNML9JChIw
MhAGNFfNTf3Q6YpTeWJlgx1GrGpaaF8qVMlpejiyyADWC6
-----END PRIVATE KEY-----

Ed25519 INVALID. The last byte of the private key, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VwBCEEH6Iu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJqhIw
MhABrrjj7lulr9kRE0ZtGfTqd/oP7/vYxa3LSZkn8SU193
-----END PRIVATE KEY-----

Ed25519 INVALID. The version is v1 but the publicKey field is included.
-----BEGIN PRIVATE KEY-----
MFMCAQAwBQYDK2VwBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
MDIQAa644+5bpa/ZERNGbRn06nf6D+/72MWty0mZJ/ElNfdw==
-----END PRIVATE KEY-----

Ed25519 INVALID. The version is v2 but the publicKey field is missing.
-----BEGIN PRIVATE KEY-----
MC4CAQEwBQYDK2VwBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoA
-----END PRIVATE KEY-----

Ed25519 INVALID. The publicKey field is indicated with [0] instead of [1]; i.e. the attributes are invalid and publicKey is missing.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VwBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoC
MDIQAa644+5bpa/ZERNGbRn06nf6D+/72MWty0mZJ/ElNfdw==
-----END PRIVATE KEY-----

X25519 INVALID. The private key's last byte, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VuBCEEH6Iu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJqhIw
MhAOWJcLaHaY9hIDkvGBm2JKcXLJyuxCsL83hbQMYGzChg
-----END PRIVATE KEY-----

X25519 INVALID. The private key's first byte, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VuBCEEH7GnwgsrTtnHjzaG24L4VHNM3JW+Ud7zBNmODNML9JChIw
MhANTsroYyWV7Klhb92EAP8ungtlqQxS58Bm7mPT7RjB4H
-----END PRIVATE KEY-----

X25519 INVALID. The public key's first byte, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VuBCIEILk6+PsBTElrUDbktWya6voRhmEjk7/6kA3NocUxR5yAoS
IDIAA7eraRAqyFgDnLBqnjanLu6rRLHvnWHAaB5BRwLf8P
-----END PRIVATE KEY-----

X25519 INVALID. The public key's last byte, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VuBCIEIHLXzckbjCm4crsB85VeSSH7kxonnTnUMO+QfBbe2JVIoS
IDIACZxD/fCNjPVwXxYAKr8DhD7Vw0q8PrhpvXW5j2krCY
-----END PRIVATE KEY-----

X25519 INVALID. The version is v1 but it has a publicKey field.
-----BEGIN PRIVATE KEY-----
MFMCAQAwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswoYA==
-----END PRIVATE KEY-----

X25519 INVALID. The publicKey field is indicated with [0] instead of [1]; i.e. the attributes are invalid and publicKey is missing.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoC
MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswoYA==
-----END PRIVATE KEY-----

X25519 INVALID. The version is v2 but there is no publicKey field.
-----BEGIN PRIVATE KEY-----
MC4CAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoA
-----END PRIVATE KEY-----

Cheers,
Brian

On Sun, May 7, 2017 at 7:39 PM, Brian Smith <brian@briansmith.org> wrote:
> On Sun, May 7, 2017 at 1:46 PM, Brian Smith <brian@briansmith.org> wrote:
>> Here are 5 examples of v2 PKCS#8 Ed25519 private keys, with the 
>> public key included, that I'd like to have included in the RFC as 
>> test vectors. The first four examples are valid (I hope!) and 5th 
>> example is invalid.
>
> Here are 4 pairs of example X25519 PKCS#8 v2 keys. The first key in 
> each pair has its public key's high bit clear. The second key in each 
> pair is the same except it has its public key's high bit set.
>
> The private key ends with a zero byte. The public key's high bit is 
> zero.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
> MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswoYA==
> -----END PRIVATE KEY-----
>
> The private key is the same as the previous one. The public key is 
> also the same except its high bit is one.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
> MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswo4A==
> -----END PRIVATE KEY-----
>
> The private key starts with a zero byte. The public key's high bit is 
> zero.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIACxp8ILK07Zx482htuC+FRzTNyVvlHe8wTZjgzTC/SQoS
> MDIQDU7K6GMlleypYW/dhAD/Lp4LZakMUufAZu5j0+0YweBw==
> -----END PRIVATE KEY-----
>
> The private key is the same as the previous one. The public key is 
> also the same except its high bit is one.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIACxp8ILK07Zx482htuC+FRzTNyVvlHe8wTZjgzTC/SQoS
> MDIQDU7K6GMlleypYW/dhAD/Lp4LZakMUufAZu5j0+0Ywehw==
> -----END PRIVATE KEY-----
>
> The public key starts with a zero byte. The public key's high bit is 
> zero.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEILk6+PsBTElrUDbktWya6voRhmEjk7/6kA3NocUxR5yAoS
> MDIQAAO3q2kQKshYA5ywap42py7uq0Sx751hwGgeQUcC3/Dw==
> -----END PRIVATE KEY-----
>
> The private key is the same as the previous one. The public key is 
> also the same except its high bit is one.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEILk6+PsBTElrUDbktWya6voRhmEjk7/6kA3NocUxR5yAoS
> MDIQAAO3q2kQKshYA5ywap42py7uq0Sx751hwGgeQUcC3/jw==
> -----END PRIVATE KEY-----
>
> The public key ends with a zero byte, and thus its high bit is zero.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIHLXzckbjCm4crsB85VeSSH7kxonnTnUMO+QfBbe2JVIoS
> MDIQCZxD/fCNjPVwXxYAKr8DhD7Vw0q8PrhpvXW5j2krCYAA==
> -----END PRIVATE KEY-----
>
> The private key is the same as the previous one. The public key is 
> also the same except its high bit is one.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIHLXzckbjCm4crsB85VeSSH7kxonnTnUMO+QfBbe2JVIoS
> MDIQCZxD/fCNjPVwXxYAKr8DhD7Vw0q8PrhpvXW5j2krCYgA==
> -----END PRIVATE KEY-----
>
> Cheers,
> Brian
> --
> https://briansmith.org/



--
https://briansmith.org/

v2.23.0 | Report a Bug | By Email