Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-482

can't generate EC key using openssl EC params

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 20.0.4
    • Fix Version/s: 20.2
    • Component/s: crypto, public_key
    • Labels:
      None

      Description

      Overview

      1. Generate an EC key with openssl that explicitly specifies its curve parameters.
      2. Load the key and curve parameters into Erlang, generate a new key using the loaded curve parameters.
      3. The crypto:ec_key_generate() call rejects the curve parameters. The error appears to originate from crypto NIF code.

      Note: this issue is not associated with the other public_key issues I've filed recently.

      Expectation

      Curve parameters loaded from openssl-generated keys should be recognized by public_key/crypto.

      Detailed steps to reproduce

      shell:

      openssl ecparam -name secp521r1 -genkey -param_enc explicit -out ec_key.pem
      

      erlang:

      {ok, KeyPem} = file:read_file("ec_key.pem").
      Entries = public_key:pem_decode(KeyPem).
      [ParamInfo] = [Entry || Entry={'EcpkParameters', _, not_encrypted} <- Entries].
      {ecParameters, Params} = public_key:pem_entry_decode(ParamInfo).
      public_key:generate_key(Params).
      

      The Params variable in my run was...

      19> Params.
      {'ECParameters',ecpVer1,
                      {'FieldID',{1,2,840,10045,1,1},
                                 <<2,66,1,255,255,255,255,255,255,255,255,255,255,255,255,
                                   255,255,255,255,255,255,255,255,...>>},
                      {'Curve',<<1,255,255,255,255,255,255,255,255,255,255,255,
                                 255,255,255,255,255,255,255,255,255,255,255,...>>,
                               <<81,149,62,185,97,142,28,154,31,146,154,33,160,182,133,
                                 64,238,162,218,114,91,153,...>>,
                               <<208,158,136,0,41,28,184,83,150,204,103,23,57,50,132,
                                 170,160,218,100,186>>},
                      <<4,0,198,133,142,6,183,4,4,233,205,158,62,203,102,35,149,
                        180,66,156,100,129,57,5,...>>,
                      6864797660130609714981900799081393217269435300143305409394463459185543183397655394245057746333217197532963996371363321113864768612440380340372808892707005449,
                      1}
      

      ... and the resulting error was...

      20> public_key:generate_key(Params).
      ** exception error: bad argument
           in function  crypto:ec_key_generate/2
              called as crypto:ec_key_generate({{prime_field,<<2,66,1,255,255,255,255,255,255,255,255,
                                                               255,255,255,255,255,255,255,255,255,255,
                                                               255,255,255,255,...>>},
                                                {<<1,255,255,255,255,255,255,255,255,255,255,255,255,255,
                                                   255,255,255,255,255,255,255,255,255,255,255,...>>,
                                                 <<81,149,62,185,97,142,28,154,31,146,154,33,160,182,133,
                                                   64,238,162,218,114,91,153,179,21,...>>,
                                                 none},
                                                <<4,0,198,133,142,6,183,4,4,233,205,158,62,203,102,35,149,
                                                  180,66,156,100,129,57,5,63,...>>,
                                                <<1,255,255,255,255,255,255,255,255,255,255,255,255,255,
                                                  255,255,255,255,255,255,255,255,255,255,...>>,
                                                <<1>>},
                                               undefined)
           in call from public_key:ec_generate_key/1 (public_key.erl, line 1236)
      

        Attachments

          Activity

            People

            Assignee:
            otp_team_ps Team PS
            Reporter:
            goertzenator Daniel Goertzen
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: