OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] Inconsistent CKA_EC_POINT encoding

On 6/3/20 6:46 AM, Jonathan Schulze-Hewett wrote:

All,

 

I just bumped into this today. My understanding is that CKA_EC_POINT needs to be ASN.1 DER-encoded as an OCTET STRING (0x04). For public key values with length less than 128 bytes I believe there is only one way to encode it (0x04|1-byte length|public key). However, for public key values with 128 or more bytes there are multiple ways to encode it

0x04|1-byte length bytes|1-byte length|public key

0x04|1-byte length bytes|2-byte length|public key

0x04|1-byte length bytes|3-byte length|public key

…

Where the X-byte length field is zero padded.

DER already specifies mimimum encoding of the length field. Not holding to the DER specification can lead to issues (including security issues).

DER means Distinguished Encoding Rules, which means only one way to encode an ASN.1 value, as opposed to BER (Basic Encoding Rules), which allows multiple ways. In BER you can extend the length value with zero padding.


bob

 

For example:

0481850401a8f3fad872e92fa34e3cb0c1ec631fa8a6b2797c727aadea6b41bd1c28972c6d12fac8fc9e6d0d544a7d062cd9d427c36102a49cbc6d960edcd87d8730e1b8d33c005e2bb06e2b7cddad51b2c9a599fca8025f884ccd722c19701cf00cc1e8708d2a9a23b6056252e5982ac71593b2e548754fbf19180f2898189c3a238f583b261f7f

vs

048200850401a8f3fad872e92fa34e3cb0c1ec631fa8a6b2797c727aadea6b41bd1c28972c6d12fac8fc9e6d0d544a7d062cd9d427c36102a49cbc6d960edcd87d8730e1b8d33c005e2bb06e2b7cddad51b2c9a599fca8025f884ccd722c19701cf00cc1e8708d2a9a23b6056252e5982ac71593b2e548754fbf19180f2898189c3a238f583b261f7f

 

This makes it difficult to find objects with a particular public key in them without trying multiple types of encoding.

 

Is it correct that both encodings are acceptable? If so, can we clarify the spec so that the minimal length DER-encoded value is used?

 

Thanks,

Jonathan

 

Jonathan Schulze-Hewett

Director of Development

Information Security Corp

708-445-1704 (o) | 708-822-2926 (m)

schulze-hewett@infoseccorp.com

 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]