Question about the adjustment of MPI values on gpg --import
Wiktor Kwapisiewicz
wiktor at metacode.biz
Thu Nov 14 09:29:40 CET 2024
Hello,
I've got a question about handling of certain keys.
I've noticed that GnuPG on import "adjusts" some MPIs but if my reading
of the spec is correct the adjustments breaks the spec alignment.
I managed to find a key where the last MPI (the S value of the EdDSA
signature) has a high bit set:
$ gpg --dearmor < ee.asc | xxd | tail -n 4
000006d0: eab4 2954 a0a9 eeaa 19fb 45e4 62b2 78e1 ..)T......E.b.x.
000006e0: ebdd 196f ae00 f8fa 84f1 fdc7 c908 7ddb ...o..........}.
000006f0: 0419 0dbb a934 ac0b d117 3b77 157c 5279 .....4....;w.|Ry
00000700: 05cc c5db c20f ......
Here, the length is "00 f8" and is followed by these bytes:
fa 84f1 fdc7 c908 7ddb 0419 0dbb a934 ac0b d117 3b77 157c 5279 05cc c5db
c20f
The first byte has a leading non-zero bit:
> 0xfa.toString(2)
'11111010'
So the length of the entire MPI is (in bits):
> 'fa 84f1 fdc7 c908 7ddb 0419 0dbb a934 ac0b d117 3b77 157c 5279 05cc
c5db c20f'.replace(/ +/g, '').length*4
248
That converted to hex gives us 0xf8.
Now, when the key gets imported and then exported the final field gets
extended with a leading zero byte *and* the MPI length is set to "01 00"
(256 in decimal).
$ gpg --export 4813CD31D15CC912 | xxd | tail -n 3
00000640: aa19 fb45 e462 b278 e1eb dd19 6fae 0100 ...E.b.x....o...
00000650: 00fa 84f1 fdc7 c908 7ddb 0419 0dbb a934 ........}......4
00000660: ac0b d117 3b77 157c 5279 05cc c5db c20f ....;w.|Ry......
The rest of the MPI is left as it was. I think the additional zero byte
is not that problematic (the spec doesn't seem to say in one way or
another; the additional zero reminds me of the ASN.1 encoding...). But
the spec is very clear that the length should be counted from the first
non-zero bit and from my understanding it seems the length erroneously
included the zero byte:
> The length field of an MPI describes the length starting from its
most significant non-zero bit. Thus, the MPI [00 02 01] is not formed
correctly. It should be [00 01 01].
https://www.ietf.org/archive/id/draft-koch-librepgp-02.html#section-3.2
I'm not sure if I'm holding it wrong but before I submit a but report
I'd like to hear your input if this looks like a bug or not. The test
key is attached to this e-mail.
Thanks for your time and have a nice day!
Kind regards,
Wiktor
-------------- next part --------------
-----BEGIN PGP PRIVATE KEY BLOCK-----
Comment: EEFE 02C7 97AF C775 558D A3BA 4813 CD31 D15C C912
Comment: foobar <foo at bar.xyz>
xVgEZzSiihYJKwYBBAHaRw8BAQdAjhs33uTNij023aLf8ylLwb7ecdKybZF6LsRi
sBx4eHEAAP4vcGDDVRn49+qH9flKhALQiQdVu8ZbwmXPry9h72C+jxKuwsARBB8W
CgCDBYJnNKKKBYkFpI+9AwsJBwkQSBPNMdFcyRJHFAAAAAAAHgAgc2FsdEBub3Rh
dGlvbnMuc2VxdW9pYS1wZ3Aub3JnrCMmsRx8d9HsrVGYq37VQUfiPvEedyd+q7xA
JI2HyxADFQoIApsBAh4BFiEE7v4Cx5evx3VVjaO6SBPNMdFcyRIAAErMAQCLnWg5
zpCC13rcj6lciHeQDGZ6WrsfdBoqQwj7u0c+1QD/XNDoCqVX/TrfWp0M4y5K55vX
XpvCWVazcSVG+ptS1gLNFGZvb2JhciA8Zm9vQGJhci54eXo+wsAUBBMWCgCGBYJn
NKKKBYkFpI+9AwsJBwkQSBPNMdFcyRJHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMu
c2VxdW9pYS1wZ3Aub3JnLC3U2UC0qdUXwFgJ3dw2ZUjJ9IoP6HTvJsLnWqhSw+4D
FQoIApkBApsBAh4BFiEE7v4Cx5evx3VVjaO6SBPNMdFcyRIAACzdAQD27HKtxxPV
LkhxXo51nTYFIW0f8TMT7HUIN+apHsxZQQD+KSiIty4p3VU+bds59Onz/UDTOa3/
kO4awlt4O3CEIAbHWARnNKKKFgkrBgEEAdpHDwEBB0A7xcGxFIU8rqSIL19f+bHM
JH19vZdDSVxdPn/vnJqMjAABAOel8BRs2CRFs6FIhE2izBrG0tLXwHsRQCJqEoZ1
mhgKD1XCwMUEGBYKATcFgmc0oooFiQWkj70JEEgTzTHRXMkSRxQAAAAAAB4AIHNh
bHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZxxYfEyDiuvSarUsnGm0vhLUkFkA
q7xUkpbXiWQ6K8X2ApsgvqAEGRYKAG8Fgmc0oooJEHCmvUYf8ZaQRxQAAAAAAB4A
IHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZ7Me7c6JZ8pmY6Ul9O04CL40
Q/b9fVhe30TGfo92/YnGFiEEAMexfFG1rq5i9RTMcKa9Rh/xlpAAAAi0AP9Ggjl3
BAqin5uJqs1EMYd8NFgnjvYFGcpyNvCY1RpK6AEAsFnhABAOsSXaAGXvAR4Mq5Zd
Ll+2g2oQfEYYiCB+fgYWIQTu/gLHl6/HdVWNo7pIE80x0VzJEgAAhAEBAORuiKkv
kThV7XsU8sTH4+0Q6jFkeeBtan7iyGcke4heAQCi3+upKwXZKlGPv/5BgCmP/RTh
4eu4pgAbDY+hwWwkB8dYBGc0oooWCSsGAQQB2kcPAQEHQEpuB6tqGgDc8EizPy3r
0ipvzXGEX/ogWmkEZ0yMpnfqAAD7BCazP8ZhFeaGrERevgm4UTT0UCCxgtkZmQqr
9FB1h2EPicLAxQQYFgoBNwWCZzSiigWJBaSPvQkQSBPNMdFcyRJHFAAAAAAAHgAg
c2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnv2Itxz+I6Wbx4gH/XwqwgTX0
TfiLduO6YdhL+QAHG8kCmwK+oAQZFgoAbwWCZzSiigkQDbLGCCtLsLZHFAAAAAAA
HgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnJXi9RWyBrWVqlTpPLwlV
zrEe/XryYnT8WNCukUeIwu0WIQS3HL1TC6231LgtOVoNssYIK0uwtgAAlQUBAM+4
dtKU6pr4st9Cf84aRnTTefqEKhi7/r6lSbTZe1EgAP97w4C9UsucyqiDa/cad2bj
W0OHMf95JlVbeOe9BY0yBBYhBO7+AseXr8d1VY2jukgTzTHRXMkSAADI8wEApLB0
o8t2jk7nojSsm44fBPe+eKs1NEko14aG0lU900oA/iZF51f+2xZWEtDueY5utZt+
rlucYxIDdXnGCSpKw7oLx10EZzSiihIKKwYBBAGXVQEFAQEHQIW6uKuk4sR5dEcc
PzK+t9gttOtj3oRaVYV0hXOc6Aw/AwEIBwAA/2OjmVgzib9/x8E4572SiXUfzn5c
C2GrTrJeWOWX+IWoEhnCwAUEGBYKAHgFgmc0oooFiQWkj70JEEgTzTHRXMkSRxQA
AAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZ6GfpchuhbxBSupd
fuRxIVdPKs4yYh1QGE4Y8nm/l7x4ApsMFiEE7v4Cx5evx3VVjaO6SBPNMdFcyRIA
ABDfAP0TxqDv9KhatU0V7eq0KVSgqe6qGftF5GKyeOHr3RlvrgD4+oTx/cfJCH3b
BBkNu6k0rAvRFzt3FXxSeQXMxdvCDw==
=4Aya
-----END PGP PRIVATE KEY BLOCK-----
More information about the Gnupg-devel
mailing list