Re: [openpgp] RSA-PSS and RSA-OAEP for v5

Peter Gutmann <pgut001@cs.auckland.ac.nz> Mon, 01 March 2021 13:29 UTC

Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 189083A1C1D for <openpgp@ietfa.amsl.com>; Mon, 1 Mar 2021 05:29:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id re8tnNBCZGn8 for <openpgp@ietfa.amsl.com>; Mon, 1 Mar 2021 05:29:20 -0800 (PST)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A8EE3A1C1B for <openpgp@ietf.org>; Mon, 1 Mar 2021 05:29:19 -0800 (PST)
Received: from AUS01-SY4-obe.outbound.protection.outlook.com (mail-sy4aus01lp2177.outbound.protection.outlook.com [104.47.71.177]) (Using TLS) by relay.mimecast.com with ESMTP id au-mta-38-cSYBKw80PN-Z0fUdAYfZ9Q-1; Tue, 02 Mar 2021 00:29:15 +1100
X-MC-Unique: cSYBKw80PN-Z0fUdAYfZ9Q-1
Received: from HK2PR02CA0163.apcprd02.prod.outlook.com (2603:1096:201:1f::23) by SYXPR01MB0927.ausprd01.prod.outlook.com (2603:10c6:0:9::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Mon, 1 Mar 2021 13:29:09 +0000
Received: from HK2APC01FT046.eop-APC01.prod.protection.outlook.com (2603:1096:201:1f:cafe::1e) by HK2PR02CA0163.outlook.office365.com (2603:1096:201:1f::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19 via Frontend Transport; Mon, 1 Mar 2021 13:29:08 +0000
X-MS-Exchange-Authentication-Results: spf=none (sender IP is 130.216.95.208) smtp.mailfrom=cs.auckland.ac.nz; crustytoothpaste.net; dkim=none (message not signed) header.d=none;crustytoothpaste.net; dmarc=none action=none header.from=cs.auckland.ac.nz
Received: from uxcn13-tdc-e.UoA.auckland.ac.nz (130.216.95.208) by HK2APC01FT046.mail.protection.outlook.com (10.152.249.180) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.3890.19 via Frontend Transport; Mon, 1 Mar 2021 13:29:08 +0000
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz (10.6.2.5) by uxcn13-tdc-e.UoA.auckland.ac.nz (10.6.3.9) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 2 Mar 2021 02:29:06 +1300
Received: from uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) by uxcn13-ogg-d.UoA.auckland.ac.nz ([10.6.2.5]) with mapi id 15.00.1497.010; Tue, 2 Mar 2021 02:29:06 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: "brian m. carlson" <sandals@crustytoothpaste.net>, "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: [openpgp] RSA-PSS and RSA-OAEP for v5
Thread-Index: AQHXDWPcH6D7hziraEeY3WgYIFAhT6pt6Q09//8xegCAAgew5Q==
Date: Mon, 1 Mar 2021 13:29:05 +0000
Message-ID: <1614604853195.25383@cs.auckland.ac.nz>
References: <YDrbaRiQ34MstP30@camp.crustytoothpaste.net> <87ft1g9goo.fsf@wheatstone.g10code.de>, <YDvuaAXgwEDffYbt@camp.crustytoothpaste.net>
In-Reply-To: <YDvuaAXgwEDffYbt@camp.crustytoothpaste.net>
Accept-Language: en-NZ, en-GB, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [130.216.158.4]
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: e2af2bcd-434c-4dcd-7547-08d8dcb5fe21
X-MS-TrafficTypeDiagnostic: SYXPR01MB0927:
X-Microsoft-Antispam-PRVS: <SYXPR01MB09270347F34DE8133E7D5936EE9A9@SYXPR01MB0927.ausprd01.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:7219
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: Al8k5yFBN5WTTfp58/ae1oB0KzRXpeM3wEN+TDkohqm/RbztSdcy3XpaG7SMKdfbSSNbxHKo1qttm5niS+TrMcUQa+3Mv4THbUt8FhaWpHfKJplMHQ5BftjkQ8Duw3Y3E9cmQ9w7w/QiPQZ1aFOw1Ex35cqI7AS9+aMwNHhw/oCW88uG2P/Gojf0hUL3OM64lsYMXad1cSxTuE7pOgaFTqzub22XUZ6kGppRkY0URzN6+0aRpn/POjUw0j7uNNjNM3yQeTNDkE7ywJ/PjwIBAkpbRvlK+JkNwqkcNUWYBC6HQhJtKXpx89ZLP4JJgCo+dwLFFmFOmzxigzUDpP3yZTwZAC43vWoHVl6YBQqPvW3tnUjLZkes5wGB9fhoYfappz7pa8w2NpOCWK8PZT2QhiTNuw/cpHElU9fSAp0T/t1ppw8TUikLGZLhvkIohW0eWUOnh/5JeG0ROUvfjMz/U6M3OmPoGTHFY03HJptKMAZm3b8x3qNorw0FVLr4Hm7t0PoHEzjJoVEBUUG79dCqJ0zHw0sOhJaV6xJFtNKcx3biJns61oxDvckrJDA3kb4JFRKiMpfwK22XL8fUDgee4HDt0OJ76TIUFpYDHKiMdoWGBz6KDAcsbJqeD30yFY7P+VM9wLtpLcN4T5AY6Vx5Aw==
X-Forefront-Antispam-Report: CIP:130.216.95.208; CTRY:NZ; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:uxcn13-tdc-e.UoA.auckland.ac.nz; PTR:natgate1-1.auckland.ac.nz; CAT:NONE; SFS:(4636009)(39860400002)(136003)(396003)(346002)(376002)(36840700001)(46966006)(786003)(316002)(336012)(186003)(110136005)(83380400001)(82310400003)(70586007)(36906005)(478600001)(47076005)(5660300002)(26005)(2616005)(70206006)(36860700001)(8676002)(8936002)(7636003)(82740400003)(86362001)(356005)(2906002); DIR:OUT; SFP:1101
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Mar 2021 13:29:08.0273 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: e2af2bcd-434c-4dcd-7547-08d8dcb5fe21
X-MS-Exchange-CrossTenant-Id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=d1b36e95-0d50-42e9-958f-b63fa906beaa; Ip=[130.216.95.208]; Helo=[uxcn13-tdc-e.UoA.auckland.ac.nz]
X-MS-Exchange-CrossTenant-AuthSource: HK2APC01FT046.eop-APC01.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SYXPR01MB0927
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ZU2vG-5v69Loea9-jKHRCk5OT1I>
Subject: Re: [openpgp] RSA-PSS and RSA-OAEP for v5
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Mar 2021 13:29:22 -0000

brian m. carlson <sandals@crustytoothpaste.net> writes:

>Most cryptographic libraries already support RSA-PSS and RSA-OAEP, so there's
>little code to add.

*Some* crypto libraries support OAEP and PSS, but they're virtually never
used.  When they are used, they often only support the single parameter set
that whoever decided to use PSS instead of PKCS #1 went for, and fail
mysteriously if you modify any one of the 8,000 parameters that PSS and OAEP
can work with.  Admittedly this is a miniscule sample size because virtually
nothing uses them, but from the few times I've run into them it's been an
interop nightmare trying to guess what the other side will do.  The best
approach seems to be to request sample messages from the other side and then
use exactly that parameter set and nothing else for anything you send them.

Although this would tend to suggest an approach of fixing all parameters at a
given set of values, all this is then doing is reinventing an incredibly
complex equivalent to PKCS #1, which seems excessive when a much simpler
solution is to say "use encode-then-memcmp() to verify the signature" in the
spec.

Peter.