[Curdle] AlgorithmIdentifier parameters in draft-ietf-curdle-pkix-03
str4d <str4d@i2pmail.org> Sat, 18 February 2017 20:41 UTC
Return-Path: <str4d@i2pmail.org>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DCC1128E19 for <curdle@ietfa.amsl.com>; Sat, 18 Feb 2017 12:41:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: YES
X-Spam-Score: 6.814
X-Spam-Level: ******
X-Spam-Status: Yes, score=6.814 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543, RCVD_IN_BRBL_LASTEXT=1.449, RCVD_IN_SORBS_HTTP=0.001, RCVD_IN_SORBS_SOCKS=1.927, RCVD_IN_SORBS_WEB=3.795, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id REEH4I9wYBsW for <curdle@ietfa.amsl.com>; Sat, 18 Feb 2017 12:41:48 -0800 (PST)
Received: from mail01.sigterm.no (mail01.sigterm.no [193.150.121.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D9B21294AE for <curdle@ietf.org>; Sat, 18 Feb 2017 12:41:48 -0800 (PST)
Received: from smtp.postman.i2p (i2p-outproxy01.privacysolutions.no [193.150.121.66]) by postman.meeh.i2p (Postfix) with ESMTP id 592192E06FB for <curdle@ietf.org>; Sat, 18 Feb 2017 21:41:39 +0100 (CET)
To: curdle@ietf.org
X-Virus-Scanned: clamav-milter 0.97 on milter.postman.i2p
X-Mailer: smtp.postman.i2p - Official I2P Mailer
From: str4d <str4d@i2pmail.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="uNm5tlajknB2H3NqOb9R2u7RLA15Rx7Hd"
Message-Id: <20170218131518.D515DADF18@smtp.postman.i2p>
Date: Sat, 18 Feb 2017 13:15:18 +0000
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/uMc4eDdj_k4jfR1HMGeCYJwOl80>
Subject: [Curdle] AlgorithmIdentifier parameters in draft-ietf-curdle-pkix-03
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Feb 2017 20:41:50 -0000
Hi all, In draft-ietf-curdle-pkix-03 there is very clear language around the expected behaviour of parser implementations regarding AlgorithmIdentifier parameters: [snip] The fields in AlgorithmIdentifier have the following meanings: o algorithm identifies the cryptographic algorithm with an object identifier. This is one of the OIDs defined below. o parameters, which are optional, are the associated parameters for the algorithm identifier in the algorithm field. When the 1997 syntax for AlgorithmIdentifier was initially defined, it omitted the OPTIONAL key word. The optionality of the parameters field was later recovered via a defect report, but by then many people thought that the field was mandatory. For this reason, a small number of implementations may still require the field to be present. In this document we defined six new OIDs for identifying the different curve/algorithm pairs. The curves being Curve25519 and Curve448. The algorithms being ECDH, EdDSA in pure mode and EdDSA in pre-hash mode. For all of the OIDs, the parameters MUST be absent. Regardless of the defect in the original 1997 syntax, implementations MUST NOT accept a parameters value of NULL. [/snip] However, for Java implementations such as my own, we run into a problem. Oracle Java's default keystore implementation requires that all private keys be in PKCS#8 format [0] (which draft-ietf-curdle-pkix-03 does seem to be using, despite never actually referencing PKCS#8 anywhere). The internal JCA workflow for retrieving a key from a keystore is as follows (references here are to Java 6, but the relevant code has not changed as of Java 8): - Read keystore data and pass it to PKCS8Key [1] - Read AlgorithmId from start of data [2] - Encode AlgorithmId + rest of data as a DerOutputStream [3] - Wrap that in a PKCS8EncodedKeySpec - Call KeyFactory.getInstance(algid.getName()).generatePrivate(spec) The problem is that the Sun AlgorithmId class always adds a NULL when encoding if there are no parameters, for compatibility with Solaris [4]. So AFAICT it is presently impossible for me to write an implementation that simultaneously: - follows draft-ietf-curdle-pkix-03 correctly - can retrieve EdDSA keys from a default Java keystore Is anyone in the WG aware of a workaround for this, or have links to past WG discussion on this point? I would think that Oracle should at least be made aware of this issue, but even if they changes this in Java 10, that doesn't help my implementation run on earlier Java versions. The only alternatives I see at this point are: - Remove the NULL restriction from draft-ietf-curdle-pkix-03 - Require that my library not be used with incompatible keystores (but a) I have yet to find a way to enforce this via the JCA, other than just refusing to implement support for PKCS8EncodedKeySpec, which is not particularly usable, and b) I don't yet know of a keystore that *will* implement this properly) Cheers, str4d [0] https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.html#setKeyEntry-java.lang.String-byte:A-java.security.cert.Certificate:A- [1] http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/pkcs/PKCS8Key.java#PKCS8Key.parseKey%28sun.security.util.DerValue%29 [2] http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/pkcs/PKCS8Key.java#131 [3] http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/pkcs/PKCS8Key.java#171 [4] http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/6-b14/sun/security/x509/AlgorithmId.java#AlgorithmId.derEncode%28java.io.OutputStream%29
- [Curdle] AlgorithmIdentifier parameters in draft-… str4d
- Re: [Curdle] AlgorithmIdentifier parameters in dr… Ilari Liusvaara
- Re: [Curdle] AlgorithmIdentifier parameters in dr… str4d
- Re: [Curdle] AlgorithmIdentifier parameters in dr… Ilari Liusvaara
- Re: [Curdle] AlgorithmIdentifier parameters in dr… str4d
- Re: [Curdle] AlgorithmIdentifier parameters in dr… str4d
- Re: [Curdle] AlgorithmIdentifier parameters in dr… Daniel Migault
- Re: [Curdle] AlgorithmIdentifier parameters in dr… David Benjamin
- Re: [Curdle] AlgorithmIdentifier parameters in dr… str4d
- Re: [Curdle] AlgorithmIdentifier parameters in dr… Russ Housley
- Re: [Curdle] AlgorithmIdentifier parameters in dr… David Benjamin
- Re: [Curdle] AlgorithmIdentifier parameters in dr… str4d