bug: unable to verify AWS KMS asymmetric key signatures generated by localstack locally with OpenSSL

[jean-pasqualini]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

unable to load Public Key
4343219756:error:0DFFF0A8:asn1 encoding routines:CRYPTO_internal:wrong tag:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/crypto/asn1/tasn_dec.c:1144:
4343219756:error:0DFFF03A:asn1 encoding routines:CRYPTO_internal:nested asn1 error:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/crypto/asn1/tasn_dec.c:317:Type=X509_ALGOR
4343219756:error:0DFFF03A:asn1 encoding routines:CRYPTO_internal:nested asn1 error:/AppleInternal/Library/BuildRoots/a0876c02-1788-11ed-b9c4-96898e02b808/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2.8/crypto/asn1/tasn_dec.c:646:Field=algor, Type=X509_PUBKEY

I followed these steps "https://aws.amazon.com/fr/blogs/security/how-to-verify-aws-kms-asymmetric-key-signatures-locally-with-openssl/".

Expected Behavior

Generated a file inst.pem without error.

How are you starting LocalStack?

With a docker-compose file

Steps To Reproduce

How are you starting localstack (e.g., bin/localstack command, arguments, or docker-compose.yml)

version: '3.2'

networks:
netapp:

services:
localstack:
image: localstack/localstack:1.2
environment:
AWS_ENDPOINT: "http://localstack:4566"
SERVICES: lambda,apigateway,iam,s3,dynamodb,sts,cloudwatch,events,kms,ssm,kinesis,logs,sns,sqs,secretsmanager
LAMBDA_EXECUTOR: docker
DOCKER_HOST: unix:///var/run/docker.sock
LAMBDA_CONTAINER_REGISTRY: "lambci/lambda"
LAMBDA_REMOTE_DOCKER: "true"
LAMBDA_DOCKER_NETWORK: netapp
HOSTNAME_EXTERNAL: localstack
EDGE_PORT: 4566
DEBUG: 1
ports:
- 4566:4566
volumes:
- /var/run/docker.sock:/var/run/docker.sock

Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)

1. Run AWS_REGION=eu-west-3 AWS_ACCESS_KEY_ID=fake AWS_SECRET_ACCESS_KEY=fake aws --endpoint-url="http://localhost:4566" kms create-key --customer-master-key-spec="RSA_2048" --key-usage="SIGN_VERIFY" --description="test1839"
2. Take the value of "KeyMetadata.KeyId"
3. Run AWS_REGION=eu-west-3 AWS_ACCESS_KEY_ID=fake AWS_SECRET_ACCESS_KEY=fake aws --endpoint-url="http://localhost:4566" kms get-public-key --key-id [keyid] --output text --query PublicKey | base64 -d > inst.der
4. Run openssl rsa -pubin -inform DER -outform PEM -in inst.der -pubout -out inst.pem

Then you obtains this result

I followed these steps "https://aws.amazon.com/fr/blogs/security/how-to-verify-aws-kms-asymmetric-key-signatures-locally-with-openssl/".

I have the version 1.2.0 of localstack, arch arm64.

Environment

- OS: macOs Montery 12.6.1 (MacBook Air (M1, 2020)
- Chip: Apple M1
- Memory: 16 GB
- LocalStack: 1.2.0

Anything else?

It works with the current original AWS.

We started to investigate when the error "x509: malformed tbs certificate" appers in our logs from our application in go.

[localstack-bot]

Welcome to LocalStack! Thanks for reporting your first issue and our team will be working towards fixing the issue for you or reach out for more background information. We recommend joining our Slack Community for real-time help and drop a message to LocalStack Pro Support if you are a Pro user! If you are willing to contribute towards fixing this issue, please have a look at our contributing guidelines and our developer guide.

[laszlovandenhoek]

I can confirm this issue, even with the fixes from #7817 applied (although I'm not sure if those are relevant to this issue).

The problem is that AWS output conforms to the SubjectPublicKeyInfo (SPKI) format from RFC5280 (per the AWS documentation), but Localstack does not. The RFC defines its structure as follows:

SubjectPublicKeyInfo  ::=  SEQUENCE  {
     algorithm            AlgorithmIdentifier,
     subjectPublicKey     BIT STRING  }

with AlgorithmIdentifier as follows:

AlgorithmIdentifier  ::=  SEQUENCE  {
     algorithm               OBJECT IDENTIFIER,
     parameters              ANY DEFINED BY algorithm OPTIONAL  }

If I write my Base64-encoded output of the PublicKey returned by LocalStack to file (i.e. step 3 in the "steps to reproduce" section of this issue) and then parse its ASN.1 structure:

echo "MIIBCgKCAQEAoeqAe4TF48Dw7FYWtUDIEPfIexvppoPXaAlV6c3FHLyyQmFnSTi1LYrqywGXO9W/9I5LoVDJJ8UL6he/aOnDC9TP0egecSuSlTV+GaQmo5YN+Nm7OPVFI3JxoL+cngmE1ms8pJXcEa8lSVwl+CiisvDnSRWR87l6EZAPKi7cSqR+nHJGhYAul04T/e6wmNnh5jOz1bMxG9frTq8AoxSArNEfViOQhvTjN1tXcPansiTxJnqP0BzlqZV18x+E5RUAPRWaAFASBCzdMq6/g84R3bEXSq5Ld556KFnEdtwtM7lWWRiMw8+JHUgl07HXiw9gA/n1tPCgLwkgWl5fXBJUVQIDAQAB" | base64 -d > local.der

openssl asn1parse -in local.der -inform der

...we can see that the structure is as follows, which does not conform to the SPKI format; in particular, the used algorithm (rsaEncryption) is missing:

    0:d=0  hl=4 l= 266 cons: SEQUENCE
    4:d=1  hl=4 l= 257 prim: INTEGER           :A1EA807B84C5E3C0F0EC5616B540C810F7C87B1BE9A683D7680955E9CDC51CBCB24261674938B52D8AEACB01973BD5BFF48E4BA150C927C50BEA17BF68E9C30BD4CFD1E81E712B9295357E19A426A3960DF8D9BB38F545237271A0BF9C9E0984D66B3CA495DC11AF25495C25F828A2B2F0E7491591F3B97A11900F2A2EDC4AA47E9C724685802E974E13FDEEB098D9E1E633B3D5B3311BD7EB4EAF00A31480ACD11F56239086F4E3375B5770F6A7B224F1267A8FD01CE5A99575F31F84E515003D159A005012042CDD32AEBF83CE11DDB1174AAE4B779E7A2859C476DC2D33B95659188CC3CF891D4825D3B1D78B0F6003F9F5B4F0A02F09205A5E5F5C125455
  265:d=1  hl=2 l=   3 prim: INTEGER           :010001

By contrast, if I take a GetPublicKey response from AWS and do the same thing:

echo "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtePdm6LRqs8IoTaPg6bcmDzRd0u0wjlAU7fu7yxwau6viLiT16e5eGFXs2wDkAR2JY7MGkkBWfsMO7VnADI0ggAiBynWJ394WE2tE1q5LY+tSNYnEpcaMYR6JifLVsI0+sNIMvL+95nQEzNUa7/qnX0AFSe4SKQ96KVY4HuuQuX0upmiHueZK0jo/RiYzxiTcyDgnqvzRwx5I+RhnihptJWYOVqYwHNPx9Lfwih2bnYm3V0d5H2hvQQdYnvxl7A3SWSF1bb9CO6V3jqDQ2wOCLubhYLh8y0f8g5W4Ty79WPm9N0gay+GDr3e/avbPzDK5n7CzZDDtjnETidoNn735QIDAQAB" | base64 -d > aws.der

openssl asn1parse -in aws.der -inform der

...we see that the output is in the correct format (i.e., SPKI):

    0:d=0  hl=4 l= 290 cons: SEQUENCE
    4:d=1  hl=2 l=  13 cons: SEQUENCE
    6:d=2  hl=2 l=   9 prim: OBJECT            :rsaEncryption
   17:d=2  hl=2 l=   0 prim: NULL
   19:d=1  hl=4 l= 271 prim: BIT STRING

Update: I think the issue is here; this also explains why ECDSA signatures work fine...

localstack/localstack/services/kms/models.py

Lines 161 to 168 in 1195593

	if key_spec.startswith("RSA"):
	key_size = RSA_CRYPTO_KEY_LENGTHS.get(key_spec)
	self.key = rsa.generate_private_key(public_exponent=65537, key_size=key_size)
	public_format = crypto_serialization.PublicFormat.PKCS1
	elif key_spec.startswith("ECC"):
	curve = ECC_CURVES.get(key_spec)
	self.key = ec.generate_private_key(curve)
	public_format = crypto_serialization.PublicFormat.SubjectPublicKeyInfo