Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt

Brian Smith <brian@briansmith.org> Wed, 10 May 2017 01:31 UTC

Return-Path: <brian@briansmith.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3799212EBA9 for <curdle@ietfa.amsl.com>; Tue, 9 May 2017 18:31:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.2
X-Spam-Level:
X-Spam-Status: No, score=-1.2 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=briansmith-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 85YRAFXvInZE for <curdle@ietfa.amsl.com>; Tue, 9 May 2017 18:31:53 -0700 (PDT)
Received: from mail-io0-x22f.google.com (mail-io0-x22f.google.com [IPv6:2607:f8b0:4001:c06::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 103141294DB for <curdle@ietf.org>; Tue, 9 May 2017 18:31:52 -0700 (PDT)
Received: by mail-io0-x22f.google.com with SMTP id f102so4804348ioi.2 for <curdle@ietf.org>; Tue, 09 May 2017 18:31:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=briansmith-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=MfDVYsHsV9uTSXKBvNUOS32YNfOvVg6BZVZl+xubSO0=; b=ef/lmI0fMCktMkp6vp25MZfmTgjQ1G+xwuAobqvZwLADpqN8nJCe+O1uNkmCjZsSkS HlNg+sc67DgUOwopXX9uoj5EF96g0Cdg0yyH7w4Qq6Z0NhUj/GMzcOJYSNwEnxU7+52T ZSHy3y0lsC30jdp2dPnRF59Q5gKmnACYilxatIhU8RRjcpruPUdSnb/6v6TzV/8nQ9jQ uXPIs2hrwi14Y2Tt+hYrXfDQvpIr59PUR4r9gbiSXzNLQ6jDjZTbJXw4uLDSr2ZcSvyH qdUNSJUHeE/mEG2W2XtnpN3LAlUHGPHSoij67Z4RdRVnkJbAJVWoGRXj4h+scSF2NtJh FHFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=MfDVYsHsV9uTSXKBvNUOS32YNfOvVg6BZVZl+xubSO0=; b=DekhsMPhQ2f/Um/JPTWeOpBiE7F1ByhlkVP2z7tTlPaRNvOh41Q3nIrcl9kDZ1sNMR b7JbherlPXwida2b8EHh8XpFXFUOVKxaVwQ3kDLTPXAfSmW+8CxvVqSU4oMQx0NKPb3B jn5GDM0cHeph2Y5Wuhy3NdSVK/TrVFX5kQxpaHsWVI9e8995wPOEYgOCE2zV7tRu17IK E17atQbq3PlRwEyRESGalW7UD/uWCj/aOXXQPze56rBgmMGHr71tg56T1BBQJqbrefk3 jW85GsF+ZfRybgsM2TnqvGliosy7FDZJ+gCIIEFoKUi7j2bxzd+hpywPA/nT8LXBhnk7 q9Rg==
X-Gm-Message-State: AODbwcDiBsZdGq7FQhD66qoGM1UTMYuLUBVhi/UNNChAmE3vCQTJbWEN dHH0wzAV02smnF8u5dcF9yO2dk6cCXI5
X-Received: by 10.107.12.28 with SMTP id w28mr1259471ioi.209.1494379912059; Tue, 09 May 2017 18:31:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.77.84 with HTTP; Tue, 9 May 2017 18:31:51 -0700 (PDT)
In-Reply-To: <CAFewVt4dv0Q2C_N+Cn2or6D+_CdZCDwfoe-g1sOTJqNSJON_nw@mail.gmail.com>
References: <149073663013.1172.4888065212435317707.idtracker@ietfa.amsl.com> <051401d2a80b$e9bdea90$bd39bfb0$@augustcellars.com> <CAFewVt6-0WSqmwD7xVvKWDg3P9vNpFZDqB-n61hiU9qQp1c2cw@mail.gmail.com> <006d01d2c194$0e99b280$2bcd1780$@augustcellars.com> <CAFewVt7iuyzY-VkQn7V7PjEOWyk0k7-KLsmpEGjhSdTh7JW2Og@mail.gmail.com> <CAFewVt5v_bqQMo7ZpnnUWa2c41Xy-SkUWw63sh8Yn-UWskKdmw@mail.gmail.com> <CAFewVt4dv0Q2C_N+Cn2or6D+_CdZCDwfoe-g1sOTJqNSJON_nw@mail.gmail.com>
From: Brian Smith <brian@briansmith.org>
Date: Tue, 09 May 2017 15:31:51 -1000
Message-ID: <CAFewVt4sJE9+sdPAjtQKL0L+RqkgS9AXaa5ytGOK80Bcgua8sA@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: curdle <curdle@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/uL_kvxCPrhm-x5GxsjNHAmJ6OF4>
Subject: Re: [Curdle] FW: New Version Notification for draft-ietf-curdle-pkix-04.txt
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 May 2017 01:31:55 -0000

Here are some more test vectors for INVALID edge cases of Ed25519 and
X25519 PKCS#8 v2 keys that I would like to have included in the RFC.

Ed25519 INVALID. The first byte of the public key, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VwBCIEIC3GfeUYbZGTAhwLEE2cbvJL7ivTlcy17VottfN6L8HwoS
IDIADBfk2Lv/J8H7YYwj/OmIcDx++jzVkKrKwS0/HjyQyM
-----END PRIVATE KEY-----

Ed25519 INVALID. The last byte of the public key, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VwBCIEILJXn1VaLqvausjUaZexwI/ozmOFjfEk78KcYN+7hsNJoS
IDIACdQhJwzi/MCGcsQeQnIUh2JFybDxSrZxuLudJmpJLk
-----END PRIVATE KEY-----

Ed25519 INVALID. The first byte of the private key, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VwBCEEH7GnwgsrTtnHjzaG24L4VHNM3JW+Ud7zBNmODNML9JChIw
MhAGNFfNTf3Q6YpTeWJlgx1GrGpaaF8qVMlpejiyyADWC6
-----END PRIVATE KEY-----

Ed25519 INVALID. The last byte of the private key, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VwBCEEH6Iu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJqhIw
MhABrrjj7lulr9kRE0ZtGfTqd/oP7/vYxa3LSZkn8SU193
-----END PRIVATE KEY-----

Ed25519 INVALID. The version is v1 but the publicKey field is included.
-----BEGIN PRIVATE KEY-----
MFMCAQAwBQYDK2VwBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
MDIQAa644+5bpa/ZERNGbRn06nf6D+/72MWty0mZJ/ElNfdw==
-----END PRIVATE KEY-----

Ed25519 INVALID. The version is v2 but the publicKey field is missing.
-----BEGIN PRIVATE KEY-----
MC4CAQEwBQYDK2VwBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoA
-----END PRIVATE KEY-----

Ed25519 INVALID. The publicKey field is indicated with [0] instead of [1];
i.e. the attributes are invalid and publicKey is missing.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VwBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoC
MDIQAa644+5bpa/ZERNGbRn06nf6D+/72MWty0mZJ/ElNfdw==
-----END PRIVATE KEY-----

X25519 INVALID. The private key's last byte, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VuBCEEH6Iu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJqhIw
MhAOWJcLaHaY9hIDkvGBm2JKcXLJyuxCsL83hbQMYGzChg
-----END PRIVATE KEY-----

X25519 INVALID. The private key's first byte, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VuBCEEH7GnwgsrTtnHjzaG24L4VHNM3JW+Ud7zBNmODNML9JChIw
MhANTsroYyWV7Klhb92EAP8ungtlqQxS58Bm7mPT7RjB4H
-----END PRIVATE KEY-----

X25519 INVALID. The public key's first byte, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VuBCIEILk6+PsBTElrUDbktWya6voRhmEjk7/6kA3NocUxR5yAoS
IDIAA7eraRAqyFgDnLBqnjanLu6rRLHvnWHAaB5BRwLf8P
-----END PRIVATE KEY-----

X25519 INVALID. The public key's last byte, zero, is omitted.
-----BEGIN PRIVATE KEY-----
MFICAQEwBQYDK2VuBCIEIHLXzckbjCm4crsB85VeSSH7kxonnTnUMO+QfBbe2JVIoS
IDIACZxD/fCNjPVwXxYAKr8DhD7Vw0q8PrhpvXW5j2krCY
-----END PRIVATE KEY-----

X25519 INVALID. The version is v1 but it has a publicKey field.
-----BEGIN PRIVATE KEY-----
MFMCAQAwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswoYA==
-----END PRIVATE KEY-----

X25519 INVALID. The publicKey field is indicated with [0] instead of [1];
i.e. the attributes are invalid and publicKey is missing.
-----BEGIN PRIVATE KEY-----
MFMCAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoC
MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswoYA==
-----END PRIVATE KEY-----

X25519 INVALID. The version is v2 but there is no publicKey field.
-----BEGIN PRIVATE KEY-----
MC4CAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoA
-----END PRIVATE KEY-----

Cheers,
Brian

On Sun, May 7, 2017 at 7:39 PM, Brian Smith <brian@briansmith.org> wrote:
> On Sun, May 7, 2017 at 1:46 PM, Brian Smith <brian@briansmith.org> wrote:
>> Here are 5 examples of v2 PKCS#8 Ed25519 private keys, with the public
>> key included, that I'd like to have included in the RFC as test
>> vectors. The first four examples are valid (I hope!) and 5th example
>> is invalid.
>
> Here are 4 pairs of example X25519 PKCS#8 v2 keys. The first key in
> each pair has its public key's high bit clear. The second key in each
> pair is the same except it has its public key's high bit set.
>
> The private key ends with a zero byte. The public key's high bit
> is zero.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
> MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswoYA==
> -----END PRIVATE KEY-----
>
> The private key is the same as the previous one. The public key is
> also the same except its high bit is one.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIKIu/bcT8OFgDSpc6UjjIco6GBN8R/FQkaEscSbBdJoAoS
> MDIQDliXC2h2mPYSA5LxgZtiSnFyycrsQrC/N4W0DGBswo4A==
> -----END PRIVATE KEY-----
>
> The private key starts with a zero byte. The public key's high bit
> is zero.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIACxp8ILK07Zx482htuC+FRzTNyVvlHe8wTZjgzTC/SQoS
> MDIQDU7K6GMlleypYW/dhAD/Lp4LZakMUufAZu5j0+0YweBw==
> -----END PRIVATE KEY-----
>
> The private key is the same as the previous one. The public key is
> also the same except its high bit is one.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIACxp8ILK07Zx482htuC+FRzTNyVvlHe8wTZjgzTC/SQoS
> MDIQDU7K6GMlleypYW/dhAD/Lp4LZakMUufAZu5j0+0Ywehw==
> -----END PRIVATE KEY-----
>
> The public key starts with a zero byte. The public key's high bit
> is zero.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEILk6+PsBTElrUDbktWya6voRhmEjk7/6kA3NocUxR5yAoS
> MDIQAAO3q2kQKshYA5ywap42py7uq0Sx751hwGgeQUcC3/Dw==
> -----END PRIVATE KEY-----
>
> The private key is the same as the previous one. The public key is
> also the same except its high bit is one.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEILk6+PsBTElrUDbktWya6voRhmEjk7/6kA3NocUxR5yAoS
> MDIQAAO3q2kQKshYA5ywap42py7uq0Sx751hwGgeQUcC3/jw==
> -----END PRIVATE KEY-----
>
> The public key ends with a zero byte, and thus its high bit is
> zero.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIHLXzckbjCm4crsB85VeSSH7kxonnTnUMO+QfBbe2JVIoS
> MDIQCZxD/fCNjPVwXxYAKr8DhD7Vw0q8PrhpvXW5j2krCYAA==
> -----END PRIVATE KEY-----
>
> The private key is the same as the previous one. The public key is
> also the same except its high bit is one.
> -----BEGIN PRIVATE KEY-----
> MFMCAQEwBQYDK2VuBCIEIHLXzckbjCm4crsB85VeSSH7kxonnTnUMO+QfBbe2JVIoS
> MDIQCZxD/fCNjPVwXxYAKr8DhD7Vw0q8PrhpvXW5j2krCYgA==
> -----END PRIVATE KEY-----
>
> Cheers,
> Brian
> --
> https://briansmith.org/



-- 
https://briansmith.org/