[tor-bugs] #29429 [Core Tor/Tor]: Tor 0.3.5.7 may be generating v2 RSA keys that are unparsable by STEM/PyCrypto?

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Feb 8 11:39:35 UTC 2019 

#29429: Tor 0.3.5.7 may be generating v2 RSA keys that are unparsable by
STEM/PyCrypto?
------------------------------------------+--------------------------------
 Reporter:  alecmuffett                   |          Owner:  (none)
     Type:  defect                        |         Status:  new
 Priority:  Medium                        |      Milestone:  Tor:
                                          |  unspecified
Component:  Core Tor/Tor                  |        Version:  Tor: 0.3.5.7
 Severity:  Normal                        |     Resolution:
 Keywords:  rsa key format not supported  |  Actual Points:
Parent ID:                                |         Points:
 Reviewer:                                |        Sponsor:
------------------------------------------+--------------------------------

Comment (by yawning):

 `secrets.d/ntz22knrkak4od7q.key` appears to be well-formed:
 {{{
 SEQUENCE (9 elem)
   INTEGER 0
   INTEGER (1024 bit)
 165755330484047200219364772901691969775438019984010204690806665657623…
   INTEGER 65537
   INTEGER (1022 bit)
 346068661521463881563325783544234741052736382111053546971070937972940…
   INTEGER (512 bit)
 1292592463411186436245179016401295264821905996683157528634376452165948…
   INTEGER (512 bit)
 1282347957117237125403480981340955515808793868467580464551866348900888…
   INTEGER (512 bit)
 6954954916652984924746898340686768531274680128940626505978915243713907…
   INTEGER (508 bit)
 5926777182519967732497892629326570116704818083812657318961202329708092…
   INTEGER (512 bit)
 1220298207425842139178939640359368043909653140162843027417635854509182…
 }}}

 `lib/Crypto/PublicKey/RSA.py` (fresh checkout from github):
 {{{
     def _importKeyDER(self, extern_key, passphrase=None):
         """Import an RSA key (public or private half), encoded in DER
 form."""

         try:

             der = decode_der(DerSequence, extern_key)

             # Try PKCS#1 first, for a private key
             if len(der) == 9 and der.hasOnlyInts() and der[0] == 0:
                 # ASN.1 RSAPrivateKey element
                 del der[6:]     # Remove d mod (p-1),
                                 # d mod (q-1), and
                                 # q^{-1} mod p
                 der.append(inverse(der[4], der[5]))  # Add p^{-1} mod q
                 del der[0]      # Remove version
                 return self.construct(der[:])

             # Public key import elided for brevity.

         except (ValueError, EOFError):
             pass

         raise ValueError("RSA key format is not supported")
 }}}

 The de-serialized DER is indeed a sequence of 9 elements, only containing
 `INTEGER`s, with the version being `0`, so it's probably failing to decode
 what appears to be well formed DER.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29429#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list