Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cryptography / 3ce8883fd62043419b225790cd524b7619b4bb72^! / . / docs / development / test-vectors.rst
commit3ce8883fd62043419b225790cd524b7619b4bb72[log] [tgz]
authorDavid Benjamin <davidben@davidben.net>Thu Aug 23 14:58:30 2018 -0500
committerPaul Kehrer <paul.l.kehrer@gmail.com>Thu Aug 23 14:58:30 2018 -0500
tree2c522ad472b94daf04b9f8095168913260057851
parentfe33ec8ca04b74479c68806616b0e6a43503d794 [diff] [blame]
Fix encoding errors in RSA test keys. (#4410)

* Fix encoding errors in RSA test keys.

enc-rsa-pkcs8.pem and unenc-rsa-pkcs8.pem did not encode the RSA key
correctly. Per RFC 8017, appendix A.1:

   The object identifier rsaEncryption identifies RSA public and private
   keys as defined in Appendices A.1.1 and A.1.2.  The parameters field
   has associated with this OID in a value of type AlgorithmIdentifier
   SHALL have a value of type NULL.

      rsaEncryption    OBJECT IDENTIFIER ::= { pkcs-1 1 }

unenc-rsa-pkcs8.pem, however, was missing that NULL, which was, in turn,
carried into the encrypted payload of enc-rsa-pkcs8.pem. The DER
version, enc-rsa-pkcs8.der, carries this mistake too. Interestingly,
unenc-rsa-pkcs8.der does *not* have it. I'm guessing it was converted
with the openssl command-line tool which fixed the encoding in
conversion.

Current versions of OpenSSL are lax and ignore the parameters field, but
it's best to test against spec-compliant inputs. Fix unenc-rsa-pkcs8.pem
to match unenc-rsa-pkcs8.der and then refresh enc-rsa-pkcs8.{der,pem}
with the new encoding but otherwise the same encryption parameters.

I've refreshed the dumpasn1 (at least that's what it looks like)
preamble at the top of each file, but the current version of dumpasn1
appears to have changed the spacing slightly, so there's some whitespace
diff noise.

* Update test-vectors.rst.

diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index 4ae152b..5032c5f 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst

@@ -41,8 +41,10 @@
 * PKCS #8 PEM serialization vectors from
 
   * GnuTLS: `enc-rsa-pkcs8.pem`_, `enc2-rsa-pkcs8.pem`_,
-    `unenc-rsa-pkcs8.pem`_, `pkcs12_s2k_pem.c`_. The contents of
-    `enc2-rsa-pkcs8.pem`_ was re-encrypted using a stronger PKCS#8 cipher.
+    `unenc-rsa-pkcs8.pem`_, `pkcs12_s2k_pem.c`_. The encoding error in
+    `unenc-rsa-pkcs8.pem`_ was fixed, and the contents of `enc-rsa-pkcs8.pem`_
+    was re-encrypted to include it. The contents of `enc2-rsa-pkcs8.pem`_
+    was re-encrypted using a stronger PKCS#8 cipher.
   * `Botan's ECC private keys`_.
 * `asymmetric/public/PKCS1/dsa.pub.pem`_ is a PKCS1 DSA public key from the
   Ruby test suite.