Bug #211

Cannot parse RSA private key without openssl or gcrypt

Added by Peter van Liesdonk 10 months ago. Updated 16 days ago.

Status:ClosedStart date:03.08.2012
Priority:LowDue date:
Assignee:Martin Willi% Done:

0%

Category:-
Target version:-
Affected version:5.0.0 Resolution:

Description

I'm making a minimal build of of strongswan 5.0.0 without using openssl or gcrypt. ( --disable-gcrypt --disable-openssl )

Then reading of RSA private keys is broken:

> /sbin/ipsec pki --gen --size 3072 > key.der 
> /sbin/ipsec pki --pub --in key.der          
building CRED_PRIVATE_KEY - RSA failed, tried 4 builders
parsing private key failed

This happens also when reading the key through ipsec.secrets.
The created key key.der is a valid private key.
Keys created using openssl result in the same error.

When using either --enable-openssl or --enable-gcrypt, the problem is gone.

Associated revisions

Revision 7c6d6b0d
Added by Martin Willi 10 months ago

PEM loading soft-depends on MD5 only, as unencrypted files don't need MD5

Fixes #211.

History

#1 Updated by Martin Willi 10 months ago

  • Status changed from New to Feedback

Have you enabled the gmp plugin in your build? You need at least one of openssl, gcrypt, gmp to read in private keys. With gcrypt and gmp, you additionally need the pkcs1 plugin that parses the key.

When you re-./configure strongSwan, make sure to call "make clean" before building again, as the plugin list might not be updated otherwise.

If nothing helps, please post the output of "ipsec listplugins".

#2 Updated by Peter van Liesdonk 10 months ago

As it turns out i was a bit too fast with my minimal example.
There was another option i gave: --disable-md5, to avoid using it.
When removed (--enable-md5), reading the key works again.

Though my need for a build without openssl or gcrypt is now satisfied, this is still strange behaviour: the DER-formatted RSA key does not contain any MD5 hashes.
The 'ipsec pki' utility is able to generate RSA keys, but not read them back.

Running on a minimal opensuse 12.1 installation (only compilers, no additional development libraries)

gmp 5.0.2 built on a clean system with

> ./configure --prefix=/opt/csn2 --enable-cxx --enable-fat --enable-mpbsd
> make
> make install

strongswan 5.0.0 built with

> ./configure --prefix=/opt/csn2 \
  --disable-gcrypt \
  --disable-openssl \
  --disable-md5 \
  --with-lib-prefix=/opt/csn2
> make
> make install

The md5 plugin is indeed missing, but the pkcs1 is available.

> /opt/csn2/sbin/ipsec pki
...
strongSwan 5.0.0 PKI tool
loaded plugins: aes des sha1 sha2 random x509 pkcs1 pkcs8 pem gmp
...

No cigar:

> /opt/csn2/sbin/ipsec pki --gen > a.der
> /opt/csn2/sbin/ipsec pki --pub --in a.der 
building CRED_PRIVATE_KEY - RSA failed, tried 4 builders
parsing private key failed
> openssl rsa -inform der -in a.der -check -noout
RSA key ok

output of ipsec listplugins
This mentions md5 again.

> /opt/csn2/sbin/ipsec listplugins

List of loaded Plugins:

charon:
    CUSTOM:libcharon
        HASHER:HASH_SHA1
        RNG:RNG_STRONG
        NONCE_GEN
        CUSTOM:kernel-ipsec
        CUSTOM:kernel-net
        CUSTOM:socket
aes:
    CRYPTER:AES_CBC-16
    CRYPTER:AES_CBC-24
    CRYPTER:AES_CBC-32
des:
    CRYPTER:3DES_CBC-24
    CRYPTER:DES_CBC-8
    CRYPTER:DES_ECB-8
sha1:
    HASHER:HASH_SHA1
    PRF:PRF_KEYED_SHA1
sha2:
    HASHER:HASH_SHA224
    HASHER:HASH_SHA256
    HASHER:HASH_SHA384
    HASHER:HASH_SHA512
md5:
    HASHER:HASH_MD5
random:
    RNG:RNG_STRONG
    RNG:RNG_TRUE
nonce:
    NONCE_GEN
        RNG:RNG_WEAK
x509:
    CERT_ENCODE:X509
        HASHER:HASH_SHA1
    CERT_DECODE:X509
        HASHER:HASH_SHA1
        PUBKEY:RSA (soft)
        PUBKEY:ECDSA (soft)
        PUBKEY:DSA (soft)
    CERT_ENCODE:X509_AC
    CERT_DECODE:X509_AC
    CERT_ENCODE:X509_CRL
    CERT_DECODE:X509_CRL
    CERT_ENCODE:X509_OCSP_REQUEST
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
    CERT_DECODE:X509_OCSP_RESPONSE
    CERT_ENCODE:PKCS10_REQUEST
    CERT_DECODE:PKCS10_REQUEST
revocation:
constraints:
pubkey:
    CERT_ENCODE:TRUSTED_PUBKEY
    CERT_DECODE:TRUSTED_PUBKEY
        PUBKEY:RSA (soft)
        PUBKEY:ECDSA (soft)
        PUBKEY:DSA (soft)
pkcs1:
    PRIVKEY:RSA
    PUBKEY:ANY
    PUBKEY:RSA
pkcs8:
    PRIVKEY:RSA
    PRIVKEY:ECDSA
dnskey:
    PUBKEY:ANY
    PUBKEY:RSA
pem:
    PRIVKEY:ANY (not loaded)
        PRIVKEY:ANY
        HASHER:HASH_MD5
    PRIVKEY:RSA
        PRIVKEY:RSA
        HASHER:HASH_MD5
    PRIVKEY:ECDSA
        PRIVKEY:ECDSA
        HASHER:HASH_MD5
    PRIVKEY:DSA (not loaded)
        PRIVKEY:DSA
        HASHER:HASH_MD5
    PUBKEY:ANY
        PUBKEY:ANY
    PUBKEY:RSA
        PUBKEY:RSA
    PUBKEY:ECDSA (not loaded)
        PUBKEY:ECDSA
    PUBKEY:DSA (not loaded)
        PUBKEY:DSA
    CERT_DECODE:ANY
        CERT_DECODE:X509 (soft)
        CERT_DECODE:PGP (soft)
    CERT_DECODE:X509
        CERT_DECODE:X509
    CERT_DECODE:X509_CRL
        CERT_DECODE:X509_CRL
    CERT_DECODE:X509_OCSP_REQUEST (not loaded)
        CERT_DECODE:X509_OCSP_REQUEST
    CERT_DECODE:X509_OCSP_RESPONSE
        CERT_DECODE:X509_OCSP_RESPONSE
    CERT_DECODE:X509_AC
        CERT_DECODE:X509_AC
    CERT_DECODE:PKCS10_REQUEST
        CERT_DECODE:PKCS10_REQUEST
    CERT_DECODE:TRUSTED_PUBKEY
        CERT_DECODE:TRUSTED_PUBKEY
    CERT_DECODE:PGP (not loaded)
        CERT_DECODE:PGP
    CERT_DECODE:PLUTO_CERT
    CERT_DECODE:PLUTO_AC
fips-prf:
    PRF:PRF_FIPS_SHA1_160
        PRF:PRF_KEYED_SHA1
gmp:
    DH:MODP_2048
        RNG:RNG_STRONG
    DH:MODP_2048_224
        RNG:RNG_STRONG
    DH:MODP_2048_256
        RNG:RNG_STRONG
    DH:MODP_1536
        RNG:RNG_STRONG
    DH:MODP_3072
        RNG:RNG_STRONG
    DH:MODP_4096
        RNG:RNG_STRONG
    DH:MODP_6144
        RNG:RNG_STRONG
    DH:MODP_8192
        RNG:RNG_STRONG
    DH:MODP_1024
        RNG:RNG_STRONG
    DH:MODP_1024_160
        RNG:RNG_STRONG
    DH:MODP_768
        RNG:RNG_STRONG
    DH:MODP_CUSTOM
        RNG:RNG_STRONG
    PRIVKEY:RSA
    PRIVKEY_GEN:RSA
        RNG:RNG_TRUE
    PUBKEY:RSA
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1
        HASHER:HASH_SHA1
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224
        HASHER:HASH_SHA224
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256
        HASHER:HASH_SHA256
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384
        HASHER:HASH_SHA384
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512
        HASHER:HASH_SHA512
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5
        HASHER:HASH_MD5
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
        HASHER:HASH_SHA1
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224
        HASHER:HASH_SHA224
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256
        HASHER:HASH_SHA256
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384
        HASHER:HASH_SHA384
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512
        HASHER:HASH_SHA512
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5
        HASHER:HASH_MD5
    PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1
    PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1
        RNG:RNG_WEAK
xcbc:
    PRF:PRF_AES128_XCBC
        CRYPTER:AES_CBC-16
    PRF:PRF_CAMELLIA128_XCBC (not loaded)
        CRYPTER:CAMELLIA_CBC-16
    SIGNER:CAMELLIA_XCBC_96 (not loaded)
        CRYPTER:CAMELLIA_CBC-16
    SIGNER:AES_XCBC_96
        CRYPTER:AES_CBC-16
cmac:
    PRF:PRF_AES128_CMAC
        CRYPTER:AES_CBC-16
    SIGNER:AES_CMAC_96
        CRYPTER:AES_CBC-16
hmac:
    PRF:PRF_HMAC_SHA1
        HASHER:HASH_SHA1
    PRF:PRF_HMAC_MD5
        HASHER:HASH_MD5
    PRF:PRF_HMAC_SHA2_256
        HASHER:HASH_SHA256
    PRF:PRF_HMAC_SHA2_384
        HASHER:HASH_SHA384
    PRF:PRF_HMAC_SHA2_512
        HASHER:HASH_SHA512
    SIGNER:HMAC_SHA1_96
        HASHER:HASH_SHA1
    SIGNER:HMAC_SHA1_128
        HASHER:HASH_SHA1
    SIGNER:HMAC_SHA1_160
        HASHER:HASH_SHA1
    SIGNER:HMAC_MD5_96
        HASHER:HASH_MD5
    SIGNER:HMAC_MD5_128
        HASHER:HASH_MD5
    SIGNER:HMAC_SHA2_256_128
        HASHER:HASH_SHA256
    SIGNER:HMAC_SHA2_256_256
        HASHER:HASH_SHA256
    SIGNER:HMAC_SHA2_384_192
        HASHER:HASH_SHA384
    SIGNER:HMAC_SHA2_384_384
        HASHER:HASH_SHA384
    SIGNER:HMAC_SHA2_512_256
        HASHER:HASH_SHA512
attr:
kernel-netlink:
    CUSTOM:kernel-ipsec
    CUSTOM:kernel-net
resolve:
socket-default:
    CUSTOM:socket
stroke:
    CUSTOM:stroke
        PRIVKEY:RSA (soft)
        PRIVKEY:ECDSA (soft)
        PRIVKEY:DSA (soft)
        CERT_DECODE:ANY (soft)
        CERT_DECODE:X509 (soft)
        CERT_DECODE:X509_CRL (soft)
        CERT_DECODE:X509_AC (soft)
        CERT_DECODE:TRUSTED_PUBKEY (soft)
updown:
xauth-generic:
    XAUTH_SERVER:generic
    XAUTH_CLIENT:generic

#3 Updated by Martin Willi 10 months ago

  • Status changed from Feedback to Closed

Though my need for a build without openssl or gcrypt is now satisfied

This is our default, btw., if not enabled explicitly we stick with gmp and our own crypto plugins.

this is still strange behaviour: the DER-formatted RSA key does not contain any MD5 hashes.

The dependencies of the pem plugin seem to be a little too strict. MD5 is used for passwords to decrypt PEM keys. But we use the same function to read in plain PEM or DER encoded files.

I've reduced MD5 to a soft-dependency for these functions with the referenced patch, it fixes the issue here when loading keys without MD5.

#4 Updated by Andreas Steffen 16 days ago

  • Assignee set to Martin Willi

Also available in: Atom PDF