x/crypto/openpgp: Treat PubKeyAlgoRSA and PubKeyAlgoRSASignOnly as equivalent for signatures #27888

Merovius · 2018-09-26T23:18:59Z

What version of Go are you using (`go version`)?

go version go1.11 linux/amd64

Also golang/crypto@0e37d00

Does this issue reproduce with the latest release?

yes.

What operating system and processor architecture are you using (`go env`)?

GOARCH="amd64"
GOOS="linux"

What did you do?

This program is a slightly modified version of TestRSAPrivateKey using NewSignerPrivateKey:

package main

import (
	"crypto"
	"crypto/rsa"
	"crypto/x509"
	"encoding/hex"
	"hash"
	"time"

	"golang.org/x/crypto/openpgp/packet"
)

func main() {
	privKeyDER, _ := hex.DecodeString(pkcs1PrivKeyHex)
	rsaPriv, err := x509.ParsePKCS1PrivateKey(privKeyDER)
	if err != nil {
		panic(err)
	}

	priv := packet.NewSignerPrivateKey(time.Now(), &rsaSigner{*rsaPriv})

	sig := &packet.Signature{
		PubKeyAlgo: packet.PubKeyAlgoRSA,
		Hash:       crypto.SHA256,
	}
	msg := []byte("Hello World!")

	h, err := populateHash(sig.Hash, msg)
	if err != nil {
		panic(err)
	}
	if err := sig.Sign(h, priv, nil); err != nil {
		panic(err)
	}

	if h, err = populateHash(sig.Hash, msg); err != nil {
		panic(err)
	}
	if err := priv.VerifySignature(h, sig); err != nil {
		panic(err)
	}
}

type rsaSigner struct {
	rsa.PrivateKey
}

func (s *rsaSigner) Public() crypto.PublicKey {
	return s.PublicKey
}

func populateHash(hashFunc crypto.Hash, msg []byte) (hash.Hash, error) {
	h := hashFunc.New()
	if _, err := h.Write(msg); err != nil {
		return nil, err
	}
	return h, nil
}

const pkcs1PrivKeyHex = "3082025d02010002818100e98edfa1c3b35884a54d0b36a6a603b0290fa85e49e30fa23fc94fef9c6790bc4849928607aa48d809da326fb42a969d06ad756b98b9c1a90f5d4a2b6d0ac05953c97f4da3120164a21a679793ce181c906dc01d235cc085ddcdf6ea06c389b6ab8885dfd685959e693138856a68a7e5db263337ff82a088d583a897cf2d59e9020301000102818100b6d5c9eb70b02d5369b3ee5b520a14490b5bde8a317d36f7e4c74b7460141311d1e5067735f8f01d6f5908b2b96fbd881f7a1ab9a84d82753e39e19e2d36856be960d05ac9ef8e8782ea1b6d65aee28fdfe1d61451e8cff0adfe84322f12cf455028b581cf60eb9e0e140ba5d21aeba6c2634d7c65318b9a665fc01c3191ca21024100fa5e818da3705b0fa33278bb28d4b6f6050388af2d4b75ec9375dd91ccf2e7d7068086a8b82a8f6282e4fbbdb8a7f2622eb97295249d87acea7f5f816f54d347024100eecf9406d7dc49cdfb95ab1eff4064de84c7a30f64b2798936a0d2018ba9eb52e4b636f82e96c49cc63b80b675e91e40d1b2e4017d4b9adaf33ab3d9cf1c214f024100c173704ace742c082323066226a4655226819a85304c542b9dacbeacbf5d1881ee863485fcf6f59f3a604f9b42289282067447f2b13dfeed3eab7851fc81e0550240741fc41f3fc002b382eed8730e33c5d8de40256e4accee846667f536832f711ab1d4590e7db91a8a116ac5bff3be13d3f9243ff2e976662aa9b395d907f8e9c9024046a5696c9ef882363e06c9fa4e2f5b580906452befba03f4a99d0f873697ef1f851d2226ca7934b30b7c3e80cb634a67172bbbf4781735fe3e09263e2dd723e7"

What did you expect to see?

No output.

What did you see instead?

panic: openpgp: invalid argument: public key and signature use different algorithms

goroutine 1 [running]:
main.main()
	/home/mero/tmp/rsa.go:41 +0x341
exit status 2

NewSignerPrivateKey sets the signature algorithm to RSASignOnly, which is unequal to RSA, causing the signature verification to fail. I have a fix prepared, this is just to track the issue.

The text was updated successfully, but these errors were encountered:

gopherbot · 2018-09-26T23:28:17Z

Change https://golang.org/cl/137896 mentions this issue: openpgp: treat PubKeyAlgoRSA and PubKeyAlgoRSASignOnly as equivalent for signatures

These are deprecated according to RFC4880 and should no longer be generated: https://tools.ietf.org/html/rfc4880#section-13.5 With that, the notion of a "sign-only" private key doesn't make sense (as that is a signature property, not a private key property), so remove it from the comment. Fixes golang/go#27888 Change-Id: I7d41acd0793b2caf3c0897e580f42375c72d82a8 Reviewed-on: https://go-review.googlesource.com/c/137896 Reviewed-by: Filippo Valsorda <[email protected]> Run-TryBot: Filippo Valsorda <[email protected]> TryBot-Result: Gobot Gobot <[email protected]>

gopherbot added this to the Unreleased milestone Sep 26, 2018

gopherbot closed this as completed in golang/crypto@85e1b3f Oct 25, 2018

golang locked and limited conversation to collaborators Oct 25, 2019

gopherbot added the FrozenDueToAge label Oct 25, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/crypto/openpgp: Treat PubKeyAlgoRSA and PubKeyAlgoRSASignOnly as equivalent for signatures #27888

x/crypto/openpgp: Treat PubKeyAlgoRSA and PubKeyAlgoRSASignOnly as equivalent for signatures #27888

Merovius commented Sep 26, 2018

gopherbot commented Sep 26, 2018

x/crypto/openpgp: Treat PubKeyAlgoRSA and PubKeyAlgoRSASignOnly as equivalent for signatures #27888

x/crypto/openpgp: Treat PubKeyAlgoRSA and PubKeyAlgoRSASignOnly as equivalent for signatures #27888

Comments

Merovius commented Sep 26, 2018

What version of Go are you using (go version)?

Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

What did you do?

What did you expect to see?

What did you see instead?

gopherbot commented Sep 26, 2018

What version of Go are you using (`go version`)?

What operating system and processor architecture are you using (`go env`)?