From 8b47caf26813f241b83377afd47faa4c3a8bf8ac Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Mon, 8 Jul 2024 18:06:05 -0400 Subject: [PATCH] Fix exchange with keys that had Q automatically computed fixes #10790 closes #10864 --- docs/development/test-vectors.rst | 4 ++ src/rust/src/backend/dh.rs | 58 +++++++++++++++---- tests/hazmat/primitives/test_dh.py | 10 ++++ .../asymmetric/DH/dhpub_cryptography_old.pem | 15 +++++ 4 files changed, 77 insertions(+), 10 deletions(-) create mode 100644 vectors/cryptography_vectors/asymmetric/DH/dhpub_cryptography_old.pem diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst index 4f564d79b24f..c906f611ceff 100644 --- a/docs/development/test-vectors.rst +++ b/docs/development/test-vectors.rst @@ -224,6 +224,10 @@ Key exchange * ``vectors/cryptoraphy_vectors/asymmetric/ECDH/brainpool.txt`` contains Brainpool vectors from :rfc:`7027`. +* ``vectors/cryptography_vectors/asymmetric/DH/dhpub_cryptography_old.pem`` + contains a Diffie-Hellman public key generated with a previous version of + ``cryptography``. + X.509 ~~~~~ diff --git a/src/rust/src/backend/dh.rs b/src/rust/src/backend/dh.rs index e615d623ffa3..dc442544030c 100644 --- a/src/rust/src/backend/dh.rs +++ b/src/rust/src/backend/dh.rs @@ -25,6 +25,9 @@ pub(crate) struct DHPublicKey { #[pyo3::pyclass(frozen, module = "cryptography.hazmat.bindings._rust.openssl.dh")] struct DHParameters { dh: openssl::dh::Dh, + + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + is_dhx: bool, } #[pyo3::pyfunction] @@ -51,7 +54,11 @@ fn generate_parameters( let dh = openssl::dh::Dh::generate_params(key_size, generator) .map_err(|_| pyo3::exceptions::PyValueError::new_err("Unable to generate DH parameters"))?; - Ok(DHParameters { dh }) + Ok(DHParameters { + dh, + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + is_dhx: false, + }) } pub(crate) fn private_key_from_pkey( @@ -73,12 +80,14 @@ pub(crate) fn public_key_from_pkey( #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] fn pkey_from_dh( dh: openssl::dh::Dh, + is_dhx: bool, ) -> CryptographyResult> { cfg_if::cfg_if! { if #[cfg(CRYPTOGRAPHY_IS_LIBRESSL)] { + let _ = is_dhx; Ok(openssl::pkey::PKey::from_dh(dh)?) } else { - if dh.prime_q().is_some() { + if is_dhx { Ok(openssl::pkey::PKey::from_dhx(dh)?) } else { Ok(openssl::pkey::PKey::from_dh(dh)?) @@ -87,6 +96,18 @@ fn pkey_from_dh( } } +#[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] +fn is_dhx(id: openssl::pkey::Id) -> bool { + cfg_if::cfg_if! { + if #[cfg(CRYPTOGRAPHY_IS_LIBRESSL)] { + let _ = id; + false + } else { + id == openssl::pkey::Id::DHX + } + } +} + #[pyo3::pyfunction] #[pyo3(signature = (data, backend=None))] fn from_der_parameters( @@ -105,6 +126,8 @@ fn from_der_parameters( Ok(DHParameters { dh: openssl::dh::Dh::from_pqg(p, q, g)?, + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + is_dhx: asn1_params.q.is_some(), }) } @@ -214,7 +237,10 @@ impl DHPrivateKey { let orig_dh = self.pkey.dh().unwrap(); let dh = clone_dh(&orig_dh)?; - let pkey = pkey_from_dh(dh.set_public_key(orig_dh.public_key().to_owned()?)?)?; + let pkey = pkey_from_dh( + dh.set_public_key(orig_dh.public_key().to_owned()?)?, + is_dhx(self.pkey.id()), + )?; Ok(DHPublicKey { pkey }) } @@ -222,6 +248,8 @@ impl DHPrivateKey { fn parameters(&self) -> CryptographyResult { Ok(DHParameters { dh: clone_dh(&self.pkey.dh().unwrap())?, + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + is_dhx: is_dhx(self.pkey.id()), }) } @@ -280,6 +308,9 @@ impl DHPublicKey { fn parameters(&self) -> CryptographyResult { Ok(DHParameters { dh: clone_dh(&self.pkey.dh().unwrap())?, + + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + is_dhx: is_dhx(self.pkey.id()), }) } @@ -322,7 +353,7 @@ impl DHParameters { fn generate_private_key(&self) -> CryptographyResult { let dh = clone_dh(&self.dh)?.generate_key()?; Ok(DHPrivateKey { - pkey: pkey_from_dh(dh)?, + pkey: pkey_from_dh(dh, self.is_dhx)?, }) } @@ -421,9 +452,11 @@ impl DHPrivateNumbers { ) -> CryptographyResult { let _ = backend; - let dh = dh_parameters_from_numbers(py, self.public_numbers.get().parameter_numbers.get())?; + let public_numbers = self.public_numbers.get(); + let parameter_numbers = public_numbers.parameter_numbers.get(); + let dh = dh_parameters_from_numbers(py, parameter_numbers)?; - let pub_key = utils::py_int_to_bn(py, self.public_numbers.get().y.bind(py))?; + let pub_key = utils::py_int_to_bn(py, public_numbers.y.bind(py))?; let priv_key = utils::py_int_to_bn(py, self.x.bind(py))?; let dh = dh.set_key(pub_key, priv_key)?; @@ -435,7 +468,7 @@ impl DHPrivateNumbers { )); } - let pkey = pkey_from_dh(dh)?; + let pkey = pkey_from_dh(dh, parameter_numbers.q.is_some())?; Ok(DHPrivateKey { pkey }) } @@ -474,11 +507,12 @@ impl DHPublicNumbers { ) -> CryptographyResult { let _ = backend; - let dh = dh_parameters_from_numbers(py, self.parameter_numbers.get())?; + let parameter_numbers = self.parameter_numbers.get(); + let dh = dh_parameters_from_numbers(py, parameter_numbers)?; let pub_key = utils::py_int_to_bn(py, self.y.bind(py))?; - let pkey = pkey_from_dh(dh.set_public_key(pub_key)?)?; + let pkey = pkey_from_dh(dh.set_public_key(pub_key)?, parameter_numbers.q.is_some())?; Ok(DHPublicKey { pkey }) } @@ -535,7 +569,11 @@ impl DHParameterNumbers { let _ = backend; let dh = dh_parameters_from_numbers(py, self)?; - Ok(DHParameters { dh }) + Ok(DHParameters { + dh, + #[cfg(not(CRYPTOGRAPHY_IS_BORINGSSL))] + is_dhx: self.q.is_some(), + }) } fn __eq__( diff --git a/tests/hazmat/primitives/test_dh.py b/tests/hazmat/primitives/test_dh.py index d287d29460ae..c1f847a212a1 100644 --- a/tests/hazmat/primitives/test_dh.py +++ b/tests/hazmat/primitives/test_dh.py @@ -441,6 +441,16 @@ def test_dh_vectors_with_q(self, backend, vector): assert int.from_bytes(symkey1, "big") == int(vector["z"], 16) assert int.from_bytes(symkey2, "big") == int(vector["z"], 16) + def test_exchange_old_key(self, backend): + k = load_vectors_from_file( + os.path.join("asymmetric", "DH", "dhpub_cryptography_old.pem"), + lambda f: serialization.load_pem_public_key(f.read()), + mode="rb", + ) + assert isinstance(k, dh.DHPublicKey) + # Ensure this doesn't raise. + k.parameters().generate_private_key().exchange(k) + def test_public_key_equality(self, backend): key_bytes = load_vectors_from_file( os.path.join("asymmetric", "DH", "dhpub.pem"), diff --git a/vectors/cryptography_vectors/asymmetric/DH/dhpub_cryptography_old.pem b/vectors/cryptography_vectors/asymmetric/DH/dhpub_cryptography_old.pem new file mode 100644 index 000000000000..22f9caaa13e0 --- /dev/null +++ b/vectors/cryptography_vectors/asymmetric/DH/dhpub_cryptography_old.pem @@ -0,0 +1,15 @@ +-----BEGIN PUBLIC KEY----- +MIICJTCCARcGCSqGSIb3DQEDATCCAQgCggEBAP//////////yQ/aoiFowjTExmKL +gNwc0SkCTgiKZ8x0Agu+pjsTmyJRSgh5jjQE3e+VGbPNOkMbMCsKbfJfFDdP4TVt +bVHCReSFtXZiXn7G9ExC6aY37WsL/1y29Aa37e44a/taiZ+lrp8kEXxLH+ZJKGZR +7ORbPcIAfLihY78FmNpINhxV05ppFj+o/STPX4NlXSPco62WHGLzViCFUrue1SkH +cJaWbWcMNU5KvJgE8XRsCMoYIXwykF5GLjbOO+OedywYDoY DmyeDouwHoo+1xV3w +b0xSyd4ry/aVWBcYOZVJfOqVauUV0iYYmPoFEBVyjlqKrKpo//////////8CAQID +ggEGAAKCAQEAoely6vSHw+/Q3zGYLaJj7eeQkfd25K8SvtC+FMY9D7jwS4g71pyr +U3FJ98Fi45Wdksh+d4u7U089trF5Xbgui29bZ0HcQZtfHEEz0Mh69tkipCm2/QIj +6eDlo6sPk9hhhvgg4MMGiWKhCtHrub3x1FHdmf7KjOhrGeb5apiudo7blGFzGhZ3 +NFnbff+ArVNd+rdVmSoZn0aMhXRConlDu/44IYe5/24VLl7G+BzZlIZO4P2M83fd +mBOvR13cmYssQjEFTbaZVQvQHa3t0+aywfdCgsXGmTTK6QDCBP8D+vf1bmhEswzs +oYn1GLtJ3VyYyMBPDBomd2ctchZgTzsX1w== +-----END PUBLIC KEY----- +