#29429: Tor 0.3.5.7 may be generating v2 RSA keys that are unparsable by STEM/PyCrypto? ------------------------------------------+-------------------------------- Reporter: alecmuffett | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Tor: | unspecified Component: Core Tor/Tor | Version: Tor: 0.3.5.7 Severity: Normal | Resolution: Keywords: rsa key format not supported | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: ------------------------------------------+--------------------------------
Comment (by yawning): `secrets.d/ntz22knrkak4od7q.key` appears to be well-formed: {{{ SEQUENCE (9 elem) INTEGER 0 INTEGER (1024 bit) 165755330484047200219364772901691969775438019984010204690806665657623… INTEGER 65537 INTEGER (1022 bit) 346068661521463881563325783544234741052736382111053546971070937972940… INTEGER (512 bit) 1292592463411186436245179016401295264821905996683157528634376452165948… INTEGER (512 bit) 1282347957117237125403480981340955515808793868467580464551866348900888… INTEGER (512 bit) 6954954916652984924746898340686768531274680128940626505978915243713907… INTEGER (508 bit) 5926777182519967732497892629326570116704818083812657318961202329708092… INTEGER (512 bit) 1220298207425842139178939640359368043909653140162843027417635854509182… }}} `lib/Crypto/PublicKey/RSA.py` (fresh checkout from github): {{{ def _importKeyDER(self, extern_key, passphrase=None): """Import an RSA key (public or private half), encoded in DER form.""" try: der = decode_der(DerSequence, extern_key) # Try PKCS#1 first, for a private key if len(der) == 9 and der.hasOnlyInts() and der[0] == 0: # ASN.1 RSAPrivateKey element del der[6:] # Remove d mod (p-1), # d mod (q-1), and # q^{-1} mod p der.append(inverse(der[4], der[5])) # Add p^{-1} mod q del der[0] # Remove version return self.construct(der[:]) # Public key import elided for brevity. except (ValueError, EOFError): pass raise ValueError("RSA key format is not supported") }}} The de-serialized DER is indeed a sequence of 9 elements, only containing `INTEGER`s, with the version being `0`, so it's probably failing to decode what appears to be well formed DER. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29429#comment:4> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs