Diffie-Hellman PrivKey generation fails in OpenSSL when providing q #12232
Comments
|
I'm able to reproduce with: from cryptography.hazmat.primitives.asymmetric import dh
params = dh.generate_parameters(generator=2, key_size=2048)
p = params.parameter_numbers().p
g = params.parameter_numbers().g
print(p)
print(g)
parameters = dh.DHParameterNumbers(p, g).parameters()
print(parameters.generate_private_key())
q = (p - 1) // 2 if (p - 1) % 2 == 0 else None
print(q)
parameters = dh.DHParameterNumbers(p, g, q).parameters()
print(parameters.generate_private_key()) |
|
Could the issue here be that Specifically, we check simple example:
|
|
Sorry, are you asking if there may be a bug in OP's code, or
suggesting that this is the bug in cryptography? (Notwithstanding that
I did basic triage, I haven't dug into this in depth)
…On Tue, Jan 28, 2025 at 7:09 PM Tanmay Ghai ***@***.***> wrote:
Could the issue here be that q = (p - 1) // 2 if (p - 1) % 2 == 0 else None assumes p is a safe prime?
Specifically, we check (p - 1) % 2, which checks p = 2q + 1 and thus ensures p - 1 is even, but we also need to check that q is prime to satisfy p being safe prime. i.e. q = (p - 1) // 2 should also be checked for primality
simple example:
p = 23, so p - 1 = 22 ✅
q = 22/2 = 11 (11 is prime) ✅
p = 21, so p - 1 = 20 ✅
q = 20 / 2 = 10 (but 10 is not prime) ❌
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.Message ID: ***@***.***>
--
All that is necessary for evil to succeed is for good people to do nothing.
|
|
Not really suggesting a bug per-say, but I was just suggesting that perhaps the parameters |
|
Thanks for looking at this @tanmayghai18. |
Trying to use this function which optionally accepts a subgroup order value q: https://cryptography.io/en/latest/hazmat/primitives/asymmetric/dh/#cryptography.hazmat.primitives.asymmetric.dh.DHParameterNumbers
It points to https://github.com/openssl/openssl/blob/master/crypto/dh/dh_key.c#L378 which has many possible points of failure, none of which look like obvious issues with my code.
> docker run -it ubuntu:24.04 [...] root@7891502d861a:/# apt update [...] root@7891502d861a:/# apt install python3 python3-pip python3-venv [...] Setting up openssl (3.0.13-0ubuntu3.4) ... [...] root@7891502d861a:/# python3 -m venv venv [...] root@7891502d861a:/# . venv/bin/activate (venv) root@7891502d861a:/# pip install --upgrade pip setuptools [...] Successfully installed pip-24.3.1 setuptools-75.6.0 (venv) root@7891502d861a:/# pip install --upgrade cryptography [...] Successfully installed cffi-1.17.1 cryptography-44.0.0 pycparser-2.22 (venv) root@7891502d861a:/# python Python 3.12.3 (main, Nov 6 2024, 18:32:19) [GCC 13.2.0] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from cryptography.hazmat.primitives.asymmetric import dh >>> from cryptography.hazmat.backends import default_backend >>> params = dh.generate_parameters(generator=2, key_size=2048) >>> p = params.parameter_numbers().p >>> g = params.parameter_numbers().g >>> p 27959375644344463256751989350921832803570460731596420086495116779797809201458510262261192513317138047331433751306682833062850443350129629576537357367083523062689316143098333136760243118401118959114204204146330220074115929544235092751355252066718380339944684013475359264972395317916808865346000118170327257593289467488709867204896596610310360956180170034165285113072925707274818648535508355000730552796522590254858283760710129528157667353952606117128856742682684800197270523634625205767541132241705030383732412203388550936036674882008256768803496179751877223196884900008877371926673824831535296158294177744741203133743 >>> g 2 >>> parameters = dh.DHParameterNumbers(p, g).parameters(default_backend()) >>> parameters.generate_private_key() <cryptography.hazmat.bindings._rust.openssl.dh.DHPrivateKey object at 0x7ff8868c5770> >>> q = (p - 1) // 2 if (p - 1) % 2 == 0 else None >>> q 13979687822172231628375994675460916401785230365798210043247558389898904600729255131130596256658569023665716875653341416531425221675064814788268678683541761531344658071549166568380121559200559479557102102073165110037057964772117546375677626033359190169972342006737679632486197658958404432673000059085163628796644733744354933602448298305155180478090085017082642556536462853637409324267754177500365276398261295127429141880355064764078833676976303058564428371341342400098635261817312602883770566120852515191866206101694275468018337441004128384401748089875938611598442450004438685963336912415767648079147088872370601566871 >>> parameters = dh.DHParameterNumbers(p, g, q).parameters(default_backend()) >>> parameters.generate_private_key() Traceback (most recent call last): File "", line 1, in cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug. Otherwise please file an issue at https://github.com/pyca/cryptography/issues with information on how to reproduce this. (error:02880003:Diffie-Hellman routines:generate_key:BN lib:crypto/dh/dh_key.c:378:) >>>The text was updated successfully, but these errors were encountered: