[gnutls-dev] GnuTLS Fix: Decrypting PKCS#8 privkey with invalid password has same error as parse failure

Simon Josefsson simon at josefsson.org
Sat May 26 22:17:30 CEST 2007


Nate Nielsen <nielsen-list at memberwebs.com> writes:

> I'm working on using gnutls to parse certificates and keys in
> gnome-keyring.
>
> I've come across a problem where a invalid password for a PKCS#8
> encrypted key produces the same error as a ASN.1 parse failure.
>
> Attached is a patch which fixes the problem in a way that I hope makes
> sense. Any ASN.1 parse failures that late in the game, and immediately
> after decryption are treated as an invalid password.
>
> Given the terseness of DER encoded data, I don't think that there is a
> reliable (and quick) way of guaranteeing this in all extreme corner
> cases. However I believe that the fix makes gnutls more correct.
>
> Attached are test cases and patch.

Patch installed on 1.6.x branch, even though it is close to the ~10
lines limit that would require copyright assignments.  The self-test is
longer than 10 lines, though, and papers are required for it.  I'd like
to include it in 1.7.x with your co-operation, see the response to your
other report.

Thanks,
Simon

> In order for this to work, the patch from my earlier bug report (about
> PKCS#8 key parsing not reporting parse failures) will need to be applied.
>
> Cheers,
> Nate Nielsen
>
> /* gcc -g -O0 -o gnutls-test `pkg-config --libs --cflags gnutls` gnutls-test-pkcs8-password.c */
>
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
>
> #include <gnutls/gnutls.h>
> #include <gnutls/x509.h>
> #include <gcrypt.h>
>
> static void
> read_file (const char *file, gnutls_datum_t *datum)
> {
> 	FILE *f = fopen (file, "rb");
> 	if (f) {
> 		datum->data = malloc (8192);
> 		datum->size = fread (datum->data, 1, 8192, f);
> 	}
> 	if (!f || ferror (f))
> 		err (1, "couldn't read from file: %s", file);
> 	fclose (f);
> }
>
> int
> main (int argc, char **argv)
> {
> 	gnutls_x509_privkey_t privkey;
> 	gnutls_datum_t datum;
> 	int gerr;
>
> 	if (argc < 2)
> 		errx (1, "specify key to parse");
>
> 	gcry_check_version (GCRYPT_VERSION);
> 	gnutls_global_init ();
>
> 	read_file (argv[1], &datum);
> 				
> 	gnutls_x509_privkey_init (&privkey);
>
> 	gerr = gnutls_x509_privkey_import_pkcs8 (privkey, &datum, 
> 			GNUTLS_X509_FMT_DER, "test", GNUTLS_PKCS_PLAIN);
> 	printf ("no password: %d\n", gerr);
> 	printf ("       algo: %d\n", gnutls_x509_privkey_get_pk_algorithm (privkey));		
>
>
> 	gerr = gnutls_x509_privkey_import_pkcs8 (privkey, &datum, 
> 			GNUTLS_X509_FMT_DER, "test", GNUTLS_PKCS_USE_PBES2_3DES);
> 	printf ("pasword 'test': %d\n", gerr);		
> 	printf ("          algo: %d\n", gnutls_x509_privkey_get_pk_algorithm (privkey));		
>
> 	gerr = gnutls_x509_privkey_import_pkcs8 (privkey, &datum, 
> 			GNUTLS_X509_FMT_DER, "bork", GNUTLS_PKCS_USE_PBES2_3DES);
> 	printf ("pasword 'bork': %d\n", gerr);		
> 	printf ("          algo: %d\n", gnutls_x509_privkey_get_pk_algorithm (privkey));		
> 	
> 	gnutls_global_deinit ();
> 	return 0;
> }
>
> --- lib/x509/privkey_pkcs8.c.orig	2007-05-23 22:11:51.000000000 -0000
> +++ lib/x509/privkey_pkcs8.c	2007-05-23 22:43:49.000000000 -0000
> @@ -739,6 +739,25 @@
>  
>    if (result < 0)
>      {
> +      /* We've gotten this far. In the real world it's almost certain
> +       * that we're dealing with a good file, but wrong password. 
> +       * Sadly like 90% of random data is somehow valid DER for the 
> +       * a first small number of bytes, so no easy way to guarantee. */
> +      if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
> +          result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND ||
> +          result == GNUTLS_E_ASN1_DER_ERROR ||
> +          result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
> +          result == GNUTLS_E_ASN1_GENERIC_ERROR ||
> +          result == GNUTLS_E_ASN1_VALUE_NOT_VALID ||
> +          result == GNUTLS_E_ASN1_TAG_ERROR || 
> +          result == GNUTLS_E_ASN1_TAG_IMPLICIT ||
> +          result == GNUTLS_E_ASN1_TYPE_ANY_ERROR ||
> +          result == GNUTLS_E_ASN1_SYNTAX_ERROR ||
> +          result == GNUTLS_E_ASN1_DER_OVERFLOW)
> +        {
> +           result = GNUTLS_E_DECRYPTION_FAILED;
> +        }
> +
>        gnutls_assert ();
>        goto error;
>      }




More information about the Gnutls-devel mailing list