Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

public_key:sign/3 returns different result on OTP 25 and earlier versions #6219

Closed
hauleth opened this issue Aug 12, 2022 · 5 comments
Closed

public_key:sign/3 returns different result on OTP 25 and earlier versions #6219

hauleth opened this issue Aug 12, 2022 · 5 comments
Assignees
@HansN
Labels
bug Issue is reported as a bug in progress team:PS Assigned to OTP team PS
Milestone
OTP-25.1

Comments

@hauleth
Copy link
Contributor

hauleth commented Aug 12, 2022
edited
Loading

Describe the bug

Different signature returned on different Erlang versions.

To Reproduce

OTP 24:

Key = {'ECPrivateKey',1,
                      <<15,192,10,239,169,93,9,105,143,13,221,71,191,255,201,
                        60,8,80,43,234,82,68,151,219,233,144,174,41,227,241,
                        229,232>>,
                      {namedCurve,{1,3,101,112}},
                      <<209,208,142,135,125,251,57,203,2,49,232,74,238,214,170,
                        181,23,107,221,39,187,225,106,19,34,133,117,198,138,
                        180,16,70>>,
                      asn1_NOVALUE},
Algo = sha512,
Body = <<83,83,72,83,73,71,0,0,0,4,116,101,120,116,0,0,0,0,0,0,0,6,115,104,97,
         53,49,50,0,0,0,64,119,199,206,154,93,134,187,56,109,68,59,185,99,144,
         250,161,32,99,49,88,105,156,136,68,195,11,19,171,11,249,39,96,183,228,
         65,106,234,57,125,185,27,74,192,229,221,86,184,239,126,75,6,97,98,171,
         31,220,8,131,25,206,109,239,200,118>>,
<<203,148,171,54,165,4,216,251,189,124,35,227,88,183,187,225,142,10,132,163,98,
  48,167,195,67,12,49,148,85,146,41,14,58,0,198,68,103,114,90,61,31,38,200,198,
  64,179,135,138,31,172,236,105,0,71,50,195,168,247,216,110,210,61,159,5>> = public_key:sign(Body, Algo, Key).

OTP 25:

Key = {'ECPrivateKey',1,
                      <<15,192,10,239,169,93,9,105,143,13,221,71,191,255,201,
                        60,8,80,43,234,82,68,151,219,233,144,174,41,227,241,
                        229,232>>,
                      {namedCurve,{1,3,101,112}},
                      <<209,208,142,135,125,251,57,203,2,49,232,74,238,214,170,
                        181,23,107,221,39,187,225,106,19,34,133,117,198,138,
                        180,16,70>>,
                      asn1_NOVALUE},
Algo = sha512,
Body = <<83,83,72,83,73,71,0,0,0,4,116,101,120,116,0,0,0,0,0,0,0,6,115,104,97,
         53,49,50,0,0,0,64,119,199,206,154,93,134,187,56,109,68,59,185,99,144,
         250,161,32,99,49,88,105,156,136,68,195,11,19,171,11,249,39,96,183,228,
         65,106,234,57,125,185,27,74,192,229,221,86,184,239,126,75,6,97,98,171,
         31,220,8,131,25,206,109,239,200,118>>,
<<131,113,32,77,175,76,58,217,159,175,79,84,2,117,64,59,26,203,233,186,196,57,
  179,86,111,161,107,196,14,189,57,22,196,212,161,37,237,115,105,247,152,115,3,
  91,80,32,151,126,174,160,223,168,130,119,204,213,198,111,139,95,230,65,99,7>> = public_key:sign(Body, Algo, Key).

Expected behavior

public_key:sign/3 should return the same value on all versions. The result on OTP 24 is the correct one (checked against OpenSSL ssh-keygen signing functionality).

Affected versions

  • OTP 25
@hauleth hauleth added the bug Issue is reported as a bug label Aug 12, 2022
@rickard-green rickard-green added the team:PS Assigned to OTP team PS label Aug 12, 2022
@HansN
Copy link
Contributor

HansN commented Aug 15, 2022

Which versions of OpenSSL cryptolib did you link to Erlang in the two cases?

(Call crypto:info() to get that information)

@hauleth
Copy link
Contributor Author

hauleth commented Aug 15, 2022

OTP 24:

1> crypto:info_lib().
[{<<"OpenSSL">>,269488415,<<"OpenSSL 1.1.1q  5 Jul 2022">>}]

OTP 25:

1> crypto:info_lib().
[{<<"OpenSSL">>,269488415,<<"OpenSSL 1.1.1q  5 Jul 2022">>}]

Both installations use the same version.

@HansN HansN self-assigned this Aug 16, 2022
@hauleth
Copy link
Contributor Author

hauleth commented Aug 16, 2022

If it can help, I use versions packaged by Nix on macOS and I haven't compiled them on my machine.

@HansN
Copy link
Contributor

HansN commented Aug 16, 2022

Thanks for info of the versions information!

A "funny" thing is that in OTP-24 it seems as it does not matter if one writes public_key:sign(Body, sha512, Key) or public_key:sign(Body, none, Key) with ed25519 as you use.
In OTP-25 it matters. I get the same as in OTP-24 if I call public_key:sign(Body, none, Key) in OTP-25.

We are right now investigating why and also how it should be.

HansN added a commit that referenced this issue Aug 19, 2022
@HansN
Merge branch 'hans/crypto/sign_different_results/GH-6219/OTP-18205' i…
a0f6a6c 
…nto maint

* hans/crypto/sign_different_results/GH-6219/OTP-18205:
  public_key: Add test case
  crypto: Make sign/verify for eddsa skip the Type arg
@HansN
Copy link
Contributor

HansN commented Aug 19, 2022

Fixed in maint and master. It will be released in OTP-25.1

Thanks for the report!

@HansN HansN closed this as completed Aug 19, 2022
@IngelaAndin IngelaAndin mentioned this issue Sep 2, 2022
Closed
@IngelaAndin IngelaAndin added this to the OTP-25.1 milestone Sep 2, 2022
@IngelaAndin IngelaAndin mentioned this issue Sep 19, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@HansN HansN

Labels
bug Issue is reported as a bug in progress team:PS Assigned to OTP team PS
Projects
None yet
Milestone
OTP-25.1
Development

No branches or pull requests
4 participants
@rickard-green @HansN @hauleth @IngelaAndin