Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

INTEGER length error in the tlv #200

Open
EKA-13 opened this issue Apr 20, 2021 · 1 comment
Open

INTEGER length error in the tlv #200

EKA-13 opened this issue Apr 20, 2021 · 1 comment

Comments

@EKA-13
Copy link

EKA-13 commented Apr 20, 2021
edited
Loading

Hi

I am trying to create the following structure

 0x30, 0x82, 0x02, 0x12,         ; SEQUENCE (530 Bytes)
    0x30, 0x82, 0x01, 0x0A,     ; SEQUENCE (266 Bytes) (public key) 
        0x02, 0x82, 0x01, 0x01  ; INTEGER  (277 Bytes)
            <257 bytes public key-modulus  >,
        0x02, 0x03,             ; INTEGER  ( 03 Bytes)
            <3 bytes PK-exponent (value: 65537)>,
    0x02, 0x82, 0x01, 0x00,     ; INTEGER  (256 Bytes)
        <256byte Signature { public key  } *singed by CA private key >_


class publicKey(Sequence):

    componentType = NamedTypes(
        NamedType('pk',Integer()),
        NamedType('exponent', Integer())
    )


class SrklHost(Sequence):
    componentType = NamedTypes(
        NamedType('hostPk',publicKey()),        
        NamedType('signature', Integer())
    )


ca_key = serialization.load_pem_private_key( ...

host_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=0x800,
    backend=default_backend()
    )

host_key_pk = host_key.public_key().public_bytes(serialization.Encoding.DER,format=serialization.PublicFormat.PKCS1)
chosen_hash = hashes.SHA256()
hasher = hashes.Hash(chosen_hash, default_backend())
hasher.update(host_key_pk)
digest = hasher.finalize()

sig = ca_key.sign(
       digest,
       padding.PKCS1v15(),
       utils.Prehashed(hashes.SHA256()))


message , _ = decode(host_key_pk)

pk , _ = decode(host_key_pk, asn1Spec= publicKey())

print(len(host_key_pk))
print(len(encode(pk)))



signedItem = SrklHost()
signedItem['hostPk'] = pk
signedItem['signature'] = int.from_bytes(sig,'big')

print(len(encode(signedItem)))

The signedItem message should be in total 534 bytes long
But sometimes it return an extra byte resulting to 535 bytes in total

I can see that in the 0x02, 0x82, 0x01, 0x00, ; INTEGER (256 Bytes) section of signature adds an extra byte
Resulting to 0x02 0x82 0x01 0x01 0x00.

Am I doing something wrong ?

I am using cryptography io for other cryptography functionality

Thank you !
@fvanderwerf
Copy link

I have seen a similar issue where an encoded integer is one byte too long. I have the following testcode:

from pyasn1.type import univ
from pyasn1.codec.der import encoder

from binascii import hexlify

val = -2 ** 63
print(val)
asn1 = encoder.encode(univ.Integer(val))
print(hexlify(asn1).decode('ascii'))

With current master (db8f1a7) this gives on Python2:

-9223372036854775808
02088000000000000000

which looks correct. With Python3 an extra byte (0xff) is prepended:

-9223372036854775808
0209ff8000000000000000

Seems like length calculation is wrong under Python3.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fvanderwerf @EKA-13