Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add the ability to load a PKCS10 into CertificateRequest #73023

Merged
merged 4 commits into from
Aug 3, 2022
Merged

Add the ability to load a PKCS10 into CertificateRequest #73023

merged 4 commits into from
Aug 3, 2022

Conversation

bartonjs
Copy link
Member

Fixes #29547.

@bartonjs bartonjs added this to the 7.0.0 milestone Jul 28, 2022
@bartonjs bartonjs self-assigned this Jul 28, 2022
@dotnet-issue-labeler
Copy link

Note regarding the new-api-needs-documentation label:

This serves as a reminder for when your PR is modifying a ref *.cs file and adding/modifying public APIs, to please make sure the API implementation in the src *.cs file is documented with triple slash comments, so the PR reviewers can sign off that change.

@ghost
Copy link

ghost commented Jul 28, 2022

Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

Fixes #29547.

Author: bartonjs
Assignees: bartonjs
Labels:

area-System.Security, cryptographic-docs-impact
Milestone: 7.0.0

@runfoapp runfoapp bot mentioned this pull request Jul 29, 2022
Closed
vcsjones
vcsjones reviewed Jul 29, 2022
View reviewed changes
src/libraries/System.Security.Cryptography/src/Resources/Strings.resx Outdated Show resolved Hide resolved
...ty.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.Load.cs Outdated Show resolved Hide resolved
...ty.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.Load.cs Outdated Show resolved Hide resolved
...ty.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.Load.cs Outdated Show resolved Hide resolved
...ty.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.Load.cs Outdated Show resolved Hide resolved
...ecurity.Cryptography/src/System/Security/Cryptography/X509Certificates/CertificateRequest.cs Show resolved Hide resolved
vcsjones
vcsjones approved these changes Aug 2, 2022
View reviewed changes
Copy link
Member

@vcsjones vcsjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A non-blocking suggestion, otherwise looks fine to me.

src/libraries/Common/src/System/Security/Cryptography/Asn1/PssParamsAsn.manual.cs
Comment on lines +44 to +49
int saltSize = digestValueLength.GetValueOrDefault();

if (!digestValueLength.HasValue)
{
saltSize = Helpers.HashOidToByteLength(HashAlgorithm.Algorithm);
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
int saltSize = digestValueLength.GetValueOrDefault();
if (!digestValueLength.HasValue)
{
saltSize = Helpers.HashOidToByteLength(HashAlgorithm.Algorithm);
}
int saltSize = digestValueLength ?? Helpers.HashOidToByteLength(HashAlgorithm.Algorithm);

@vcsjones
Copy link
Member

vcsjones commented Aug 2, 2022

@bartonjs actually, one other question: some of these are "big exponent" tests. Are they going to fail on Android like you observed at #72906 (comment)?

@bartonjs
Copy link
Member Author

bartonjs commented Aug 2, 2022

/azp run runtime-extra-platforms

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@bartonjs
Copy link
Member Author

bartonjs commented Aug 2, 2022

I was going to say "no", because the PSS tests all just use a new ephemeral RSA key... but it does look like there might be at least one, so let's see.

This was referenced Aug 2, 2022
Open
Closed
@bartonjs
Copy link
Member Author

bartonjs commented Aug 2, 2022

Hmmm.... I can't actually find any big-exponent Verify tests that run. I thought we had big-exponent tests in the base algorithms library, but we don't... TestData.RsaBigExponentParams.Modulus gets used as an input; and we test that we can import and export the key, but we never Verify with it.

In the CRLBuilder tests, the Pkcs1 path didn't bother asking if the signature checked out, because the signature algorithm is deterministic, and if the signature generator can generate the right signature then clearly it can verify it... right?

RSAAndroid uses RsaPaddingProcessor instead of OS routines for sign and verify, but we know those implementations are "correct" because macOS also uses them (at least, for PSS, which we've already seen as not working). This makes it seem like Android's RsaSignPrimitive is working correctly for big exponents, but RsaVerificationPrimitive isn't... which seems... odd.

I was concerned that we broke it with moving off of RsaPaddingProcessor recently, but that was only for OAEP encryption, the current source for RSAAndroid shows it's still using RsaPaddingProcessor for RSA sign and RSA verify (both PSS and PKCS1).

As far as this PR, it's one of:

  • Disable all of the failing tests on Android, linking to RSAAndroid fails to verify RSA signatures when the public exponent is bigger than 2^32 #72906.
  • Make all of those tests pass SkipSignatureVerification for Android only
  • Make all of those tests pass SkipSignatureVerification unconditionally
  • Rewrite all of the tests to not use big-exponent RSA (which is, apparently, a fantastically good test case... but not so fantastic when it blocks a feature from being completed).

Hmm.

@vcsjones
Copy link
Member

vcsjones commented Aug 2, 2022

My 2 cents: We should disable the tests for Android and create an issue to investigate post 7 since there seems to be some ambiguity around "RsaSignPrimitive is working correctly for big exponents, but RsaVerificationPrimitive isn't"

That leaves one of two things. Either we figure out that something isn't quite right with verification, we fix it, and then remove the ignores. Or, if everything is working on our side, we can write tests against the primitives to codify that Android throws the correct CryptographicException for big exponent RSA. We can then handle the disabled tests accordingly.

Or some variation on this idea.

@vcsjones
Copy link
Member

vcsjones commented Aug 3, 2022

RSAAndroid shows it's still using RsaPaddingProcessor for RSA sign and RSA verify (both PSS and PKCS1).

Anecdotally, I was investigating getting Android off RSAPaddingProcessor for PKCS1 / PSS like we did with OAEP... but... it seems that Android has no capability to sign pre-hashed data. It always wants the message and does the hash + sign in one step, unless you fall back to raw RSA and do it yourself.

@bartonjs
Copy link
Member Author

bartonjs commented Aug 3, 2022

/azp run runtime-extra-platforms

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@bartonjs bartonjs merged commit 761f774 into dotnet:main Aug 3, 2022
@bartonjs bartonjs deleted the load_pkcs10 branch August 3, 2022 20:42
@bartonjs bartonjs mentioned this pull request Aug 3, 2022
Closed
@karelz karelz mentioned this pull request Aug 7, 2022
Closed
@bartonjs bartonjs added the needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration label Aug 19, 2022
@ghost ghost locked as resolved and limited conversation to collaborators Sep 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@vcsjones vcsjones vcsjones approved these changes

Assignees

@bartonjs bartonjs

Labels
area-System.Security needs-further-triage Issue has been initially triaged, but needs deeper consideration or reconsideration new-api-needs-documentation
Projects
None yet
Milestone
7.0.0
Development

Successfully merging this pull request may close these issues.

Provide a way to load a CertificateRequest from a byte[]
2 participants
@bartonjs @vcsjones