Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DER encoding/decoding support #21

Closed
caelunshun opened this issue Aug 8, 2019 · 17 comments
Closed

Add DER encoding/decoding support #21

caelunshun opened this issue Aug 8, 2019 · 17 comments
Labels
enhancement New feature or request help wanted Extra attention is needed

Comments

@caelunshun
Copy link

No description provided.

@dignifiedquire dignifiedquire added enhancement New feature or request help wanted Extra attention is needed labels Aug 27, 2019
@caelunshun
Copy link
Author

caelunshun commented Sep 1, 2019
edited
Loading

I've implemented a quick version of this at https://github.com/caelunshun/rsa-der. I can look into making a PR for this.

@tarcieri
Copy link
Member

tarcieri commented Sep 1, 2019

You might want to check out @alex's asn1 crate (revamp): alex/rust-asn1#54

@alex
Copy link

alex commented Sep 1, 2019 via email

@newpavlov
Copy link
Member

Also I think it will be worth to check out the ring code as well (although note the license), it was proposed to split this code into a different crate in briansmith/ring#586, but unfortunately without much success.

@tarcieri
Copy link
Member

tarcieri commented Sep 1, 2019

Re: that, there's derp, but it's only a parser

@roblabla
Copy link
Contributor

roblabla commented Sep 25, 2019
edited
Loading

In my code I ended up using pem and yasna to parse private keys generated with openssl: https://github.com/MegatonHammer/linkle/blob/npdm/src/format/npdm.rs#L323

The ASN.1 key format is standardized in RFC 3447, Appendix C. Look for "RSAPrivateKey".

@tarcieri
Copy link
Member

@roblabla oh joy, I think you're talking about the "SSLeay format". Does it start with this?

-----BEGIN RSA PRIVATE KEY-----

If so, that's a bespoke PEM encoding of PKCS#1 (i.e. RFC 3447) added to SSLeay, the library which would eventually become OpenSSL.

Personally I'd suggest using PKCS#8 (RFC 5208/5958) instead unless you really, really need to support the SSLeay format for something. These keys start with:

-----BEGIN PRIVATE KEY-----

or

-----BEGIN ENCRYPTED PRIVATE KEY-----

PKCS#8 has the advantage of being reusable for things like ECDSA (and even Ed25519).

@roblabla
Copy link
Contributor

Well I mostly parsed what openssl gave me as an output - which is PKCS#1. I suppose we can get openssl to give us a PKCS#8? (Probably using openssl genpkey instead of openssl genrsa). I’ll look into it.

@tarcieri
Copy link
Member

If you're using the OpenSSL CLI, the PKCS#8 functionality is under openssl pkcs8

@nickray
Copy link
Member

nickray commented Jan 3, 2020

@tarcieri would you know what's the current state of no_std DER? I need to encode some FIDO2 stuff (signatures, maybe certificates), would lightly prefer to not do things too manually, but also not pull in some huge ASN.1 dependency. The things I've surfaced are all std.

cf. heartsucker/derp#6

@tarcieri
Copy link
Member

tarcieri commented Jan 3, 2020

For signatures, you could look at potentially translating the relevant BearSSL C code. That’s what I did in the ecdsa crate.

For certificates, perhaps consider @Geal’s cookie-factory. If you’re talking about X.509 certificates, you might be able to add no_std support to @str4d’s x509.rs:

https://github.com/str4d/x509.rs

@nickray
Copy link
Member

nickray commented Jan 3, 2020

For signatures, you could look at potentially translating the relevant BearSSL C code. That’s what I did in the ecdsa crate.

Ah perfect, your conversions there are exactly what I need, will add them to nisty. Thanks!

@tarcieri
Copy link
Member

tarcieri commented Jan 4, 2020
edited
Loading

@nickray you might also look at:

https://www.bearssl.org/gitweb/?p=BearSSL;a=blob_plain;f=src/rsa/rsa_pkcs1_sig_pad.c
https://www.bearssl.org/gitweb/?p=BearSSL;a=blob_plain;f=src/rsa/rsa_pss_sig_pad.c

It looks like BearSSL just hardcodes the relevant ASN.1 DER. See also the relevant decoding code here:

https://www.bearssl.org/gitweb/?p=BearSSL;a=blob_plain;f=src/rsa/rsa_pkcs1_sig_unpad.c
https://www.bearssl.org/gitweb/?p=BearSSL;a=blob_plain;f=src/rsa/rsa_pss_sig_unpad.c

@nickray
Copy link
Member

nickray commented Jan 4, 2020

I ended up with a manual mashup of your stuff and derp stuff, I only need ECDSA DER encoding (as the certificates can be hardcoded): https://github.com/nickray/usbd-ctaphid/blob/main/src/derpy.rs. Not super-efficient, but at least it's readable (at least for my mind). Very much hoping I don't have to dig much deeper into this, as I find myself wondering how many semi-efficient pseudo-consistent serialization formats mankind has to come up with...

Funny how Microsoft has the best docs I know of on how this is supposed to work:

@dignifiedquire
Copy link
Member

I think most of this is fixed with #38

Could folks confirm if their favorite format is supported by this, or if they are still missing one?

@kitlith
Copy link

kitlith commented May 22, 2020
edited
Loading

@dignifiedquire afaict that PR exposes parsing PEM files (#20) but does not directly expose parsing DER. You could parse DER by turning it into a PEM and then feeding it through, but it would be nice if you could just feed it the bytes directly. nope nvm sorry about that.

@tarcieri
Copy link
Member

Seems like we can close this issue then?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@alex @tarcieri @newpavlov @dignifiedquire @roblabla @nickray @kitlith @caelunshun