1 (edited by crmoratelli 2016-12-19 15:39:31)

Topic: RsaUnPad error, bad formatting

Hi,

I am trying to create a HTTPS server using wolfssl and picoTCP on a pic32mz device. I already have the server running. However, when a browser try to connect to the webserver on the board I have the follwing set of messages:

Initializing pico stack
Protocol ipv4 registered (layer: 3).
Protocol icmp4 registered (layer: 4).
Protocol igmp registered (layer: 4).
Protocol udp registered (layer: 4).
Protocol tcp registered (layer: 4).
Assigned ipv4 192.168.0.150 to device virt-eth
wolfSSL Entering wolfSSL_Init
wolfSSL Entering WOLFSSL_CTX_new_ex
wolfSSL Entering wolfSSL_CertManagerNew
wolfSSL Leaving WOLFSSL_CTX_new, return 0
wolfSSL Entering wolfSSL_CTX_use_certificate_buffer
wolfSSL Entering PemToDer
Checking cert signature type
wolfSSL Entering GetExplicitVersion
wolfSSL Entering GetMyVersion
wolfSSL Entering GetSerialNumber
Got Cert Header
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Algo ID
Getting Cert Name
Getting Cert Name
Got Subject Name
wolfSSL Entering GetAlgoId
wolfSSL Entering GetObjectId()
Got Key
Not ECDSA cert signature
wolfSSL Entering wolfSSL_CTX_use_PrivateKey_buffer
wolfSSL Entering PemToDer
wolfSSL Entering GetMyVersion

en0: link up, 100Mbps, full duplexNew connection received
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering wolfSSL_set_using_nonblock
wolfSSL Entering SSL_accept()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_accept()
wolfSSL error occurred, error = -323
New connection received
wolfSSL Entering SSL_new
wolfSSL Leaving SSL_new, return 0
wolfSSL Entering wolfSSL_set_using_nonblock
wolfSSL Entering SSL_accept()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_accept()
wolfSSL error occurred, error = -323
wolfSSL Entering SSL_accept()
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing client hello
Matched No Compression
wolfSSL Entering MatchSuite
wolfSSL Entering VerifyServerSuite
Requires RSA
Verified suite validity
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
accept state ACCEPT_CLIENT_HELLO_DONE
accept state ACCEPT_FIRST_REPLY_DONE
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_SENT
growing output buffer

Shrinking output buffer

accept state CERT_SENT
wolfSSL Entering SendCertificateStatus
accept state CERT_STATUS_SENT
wolfSSL Entering SendServerKeyExchange
Using ephemeral ECDH
wolfSSL Entering EccMakeKey
wolfSSL Leaving EccMakeKey, return 0
wolfSSL Entering GetMyVersion
growing output buffer

wolfSSL Entering RsaSign
wolfSSL Leaving RsaSign, return 0
wolfSSL Entering VerifyRsaSign
wolfSSL Using RSA PKCSV15 padding
RsaUnPad error, bad formatting
wolfSSL Leaving VerifyRsaSign, return -201
wolfSSL Leaving SendServerKeyExchange, return -201
wolfSSL error occurred, error = -201
wolfSSL Entering SSL_accept()
wolfSSL Entering SendServerKeyExchange
Using ephemeral ECDH
wolfSSL Entering GetMyVersion
wolfSSL Entering RsaSign
wolfSSL Leaving RsaSign, return 0
wolfSSL Entering VerifyRsaSign
wolfSSL Using RSA PKCSV15 padding
RsaUnPad error, bad formatting
wolfSSL Leaving VerifyRsaSign, return -201
wolfSSL Leaving SendServerKeyExchange, return -201
wolfSSL error occurred, error = -201
wolfSSL Entering SSL_accept()
growing input buffer

received record layer msg
wolfSSL Entering DoHandShakeMsg()
wolfSSL Entering DoHandShakeMsgType
processing client hello
Matched No Compression
wolfSSL Entering MatchSuite
wolfSSL Entering VerifyServerSuite
Requires RSA
Verified suite validity
wolfSSL Leaving DoHandShakeMsgType(), return 0
wolfSSL Leaving DoHandShakeMsg(), return 0
accept state ACCEPT_CLIENT_HELLO_DONE
accept state ACCEPT_FIRST_REPLY_DONE
growing output buffer

Shrinking output buffer

accept state SERVER_HELLO_SENT
growing output buffer

Shrinking output buffer

accept state CERT_SENT
wolfSSL Entering SendCertificateStatus
accept state CERT_STATUS_SENT
wolfSSL Entering SendServerKeyExchange
Using ephemeral ECDH
wolfSSL Entering EccMakeKey
wolfSSL Leaving EccMakeKey, return 0
wolfSSL Entering GetMyVersion
growing output buffer

wolfSSL Entering RsaSign
wolfSSL Leaving RsaSign, return 0
wolfSSL Entering VerifyRsaSign
wolfSSL Using RSA PKCSV15 padding
RsaUnPad error, bad formatting
wolfSSL Leaving VerifyRsaSign, return -201
wolfSSL Leaving SendServerKeyExchange, return -201
wolfSSL error occurred, error = -201
wolfSSL Entering SSL_accept()
wolfSSL Entering SendServerKeyExchange
Using ephemeral ECDH
wolfSSL Entering GetMyVersion
wolfSSL Entering RsaSign
wolfSSL Leaving RsaSign, return 0
wolfSSL Entering VerifyRsaSign
wolfSSL Using RSA PKCSV15 padding
RsaUnPad error, bad formatting
wolfSSL Leaving VerifyRsaSign, return -201
wolfSSL Leaving SendServerKeyExchange, return -201
wolfSSL error occurred, error = -201
wolfSSL Entering SSL_accept()
wolfSSL Entering SendServerKeyExchange
Using ephemeral ECDH
wolfSSL Entering GetMyVersion
wolfSSL Entering RsaSign
wolfSSL Leaving RsaSign, return 0
wolfSSL Entering VerifyRsaSign
wolfSSL Using RSA PKCSV15 padding
RsaUnPad error, bad formatting
wolfSSL Leaving VerifyRsaSign, return -201
wolfSSL Leaving SendServerKeyExchange, return -201
wolfSSL error occurred, error = -201
wolfSSL Entering SSL_accept()
wolfSSL Entering SendServerKeyExchange
Using ephemeral ECDH
wolfSSL Entering GetMyVersion
wolfSSL Entering RsaSign
wolfSSL Leaving RsaSign, return 0
wolfSSL Entering VerifyRsaSign
wolfSSL Using RSA PKCSV15 padding
RsaUnPad error, bad formatting
wolfSSL Leaving VerifyRsaSign, return -201
wolfSSL Leaving SendServerKeyExchange, return -201
wolfSSL error occurred, error = -201

The browser returns a timeout error. On the log messages, it appears that this is the cause: "RsaUnPad error, bad formatting".

I could reproduce the same error on a simpler application.  The rsa_test() presented bellow is part of the original rsa_test() call obtained from wolfcrypt/test/test.c.



int rsa_test(void)
{
    byte*   tmp;
    size_t bytes;
    RsaKey key;
    WC_RNG rng;
    word32 idx = 0;
    int    ret;
    byte   in[] = "Everyone gets Friday off.";
    word32 inLen = (word32)XSTRLEN((char*)in);
    byte   out[256];
    byte   plain[256];


    tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmp == NULL)
        return -40;

    XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
    bytes = sizeof_client_key_der_1024;

    ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId);
    if (ret != 0) {
        XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -39;
    }
    ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
    if (ret != 0) {
        XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -41;
    }
    ret = wc_InitRng(&rng);
    if (ret != 0) {
        XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -42;
    }

    ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
    if (ret < 0) {
        XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -43;
    }

    idx = ret; /* save off encrypted length */
    ret = wc_RsaPrivateDecrypt(out, idx, plain, sizeof(plain), &key);
    printf("\n%d", ret);
    if (ret < 0) {
        XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -44;
    }


    return 0;
}


int main()
{
    uint8_t mac[6];
    uint32_t timer = 0;
    
    /* Obtain the ethernet MAC address */
//    eth_mac(mac);
    
/*    const char *ipaddr="192.168.0.150";
    uint16_t port_be = 0;*/

    wolfSSL_Debugging_ON();
    
    wolfCrypt_Init();
    
    
    if (CheckCtcSettings() != 1)
        printf("\nBuild vs runtime math mismatch\n", -1234);


    if (CheckFastMathSettings() != 1)
        printf("\nBuild vs runtime fastmath FP_MAX_BITS mismatch\n", -1235);
    
    //interrupt_register(irq_timer, GUEST_TIMER_INT);
    
    int32_t ret = rsa_test();
    printf("\nret %d", ret);
  

    return 0;
}

The output log message of this code is:

wolfSSL Entering GetMyVersion
wolfSSL Using RSA PKCSV15 padding
RsaUnPad error, bad formatting

I am compiling the wolfssl library with the following defines:

-DNO_DH -DWC_NO_RSA_OAEP -DUSE_FAST_MATH -DWOLFSSL_CERT_EXT -DWOLFSSL_DTLS -DNO_PSK -DCTYPE_USER -DOPENSSL_EXTRA -DWOLFSSL_LOG_PRINTF -DDEBUG_WOLFSSL  -DNO_WOLFSSL_MEMORY -DWOLFSSL_PICOTCP -DNO_WRITEV -DNO_ERROR_STRINGS -DSMALL_SESSION_CACHE   -DNO_FILESYSTEM -DNO_MD4 -DNO_DES3 -DPICOTCP -DHAVE_ECC -DSINGLE_THREADED -DWOLFSSL_USER_IO -DUSER_TIME -DXTIME=time -DXTOUPPER=toupper -DXISALPHA=isalpha -DXTOLOWER=tolower

Looking into the RsaUnPad() and RsaPad() function calls I couldn't figure out what is happening. It appears that I have some issue with RSA encrypt/decrypt.

I really apreciate if anyone could give a hint about this issue.

Regards

Share

Re: RsaUnPad error, bad formatting

Hi crmoratelli,

Which version of wolfSSL are you using? You can find it noted in wolfssl/version.h.

Can you try connecting to your https server using the following and send back the results?
openssl s_client -host [your host] -port [your port] -showcerts

For the wolfCrypt test I was not able to reproduce with the latest in master. But curious if changing your test so out and plain are sized as 128 and let me know your results:
byte   out[128];
byte   plain[128];

Also in the test try changing "ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId);" to use "ret = wc_InitRsaKey(&key);".

If you want to send an email to support@wolfssl.com with your https server host/port so we can test against it that would be wonderful.

Thanks,
David Garske, wolfSSL

Share

3 (edited by crmoratelli 2016-12-21 14:25:55)

Re: RsaUnPad error, bad formatting

Hi David,

The wolfSSL version is 3.9.10. I cloned from your repo (https://github.com/wolfSSL/wolfssl.git) and I am sync with the master branch.

The openssl command resulted in:

openssl s_client -host 192.168.0.150 -port 443 -showcerts
CONNECTED(00000003)
depth=0 C = BR, ST = Rio Grande, L = "Porto ", O = Self, OU = SF, CN = 192.168.0.150, emailAddress = crmoratelli@gmail.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = BR, ST = Rio Grande, L = "Porto ", O = Self, OU = SF, CN = 192.168.0.150, emailAddress = crmoratelli@gmail.com
verify return:1

Changing my test arrays out and plain to 128 bytes resulted in the exactly the same error:

wolfSSL Entering GetMyVersion
wolfSSL Using RSA PKCSV15 padding
RsaUnPad error, bad formatting

Changing "ret = wc_InitRsaKey_ex(&key, HEAP_HINT, devId);" to use "ret = wc_InitRsaKey(&key);" resulted in a compilation error:

../../apps/wolfssl/wolfssl_app.c:359:11: error: too few arguments to function ‘wc_InitRsaKey_ex’
     ret = wc_InitRsaKey_ex(&key);
           ^
In file included from ../../apps/wolfssl/wolfssl_app.c:62:0:
../../../../picotcp/build/include/wolfssl/wolfcrypt/rsa.h:99:18: note: declared here
WOLFSSL_API int  wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId);

                 

My server is running only locally right now. I can make it available to the Internet, but I am living the office for the holiday season tomorrow. I will retake the tests only on the first week of January.

Have a good holiday season!

Carlos

Share

Re: RsaUnPad error, bad formatting

Hi Carlos,

Try using wc_InitRsaKey(&key) and not the _ex version. If you use _ex make sure your HEAP_HINT is NULL and devId is INVALID_DEVID.

What key size are you trying to use with your RSA server certificate? Our library enables RSA 2048-bit by default and you would need to define a higher FP_MAX_BITS (key size * 2). Can send me the public self-signed server certificate that you are using?

Also make sure you have HAVE_TLS_EXTENSIONS and HAVE_SUPPORTED_CURVES defined if using ECDHE and TLS.

If you are able to make the server external that would help us be able to test against it. Feel free to reach out to us at support@wolfssl.com if you don't want any of your server information public on the forum.

You have a great holiday as well!

Thanks,
David Garske, wolfSSL

Share

5 (edited by crmoratelli 2016-12-22 09:15:46)

Re: RsaUnPad error, bad formatting

Hi David,

I used "wc_InitRsaKey(&key, NULL);" but the result is the same "RsaUnPad error, bad formatting" with the RSA test application. Should a "wc_InitRsaKey(&key)" call be available?

I tried 1024 and 2048 bits long keys with the RSA test application and the HTTPS server both resulting in the same error. The attached cert is the 2048 bits in der format. I tried this same cert converted to pem format with the HTTPS server.

I enabled HAVE_TLS_EXTENSIONS and HAVE_SUPPORTED_CURVES without success.

I am really curious why the simple RSA encrypt/decrypt application is not working and it returns the same "RsaUnPad error, bad formatting" that the HTTPS server does. I supose that solving the RsaUnPad error will make the HTTPS server work too.

I posted the complete application that performs the RSA encrypt/decrypt. I am disclosing the private key because it was generated only for this test and will never be used for anything else.

Anyway, I will make the HTTPS server available on my return from the holidays.

Thanks,
Carlos


#include <arch.h>
#include <eth.h>
#include <guest_interrupts.h>
#include <hypercalls.h>
#include <platform.h>
#include <libc.h>
#include <eth.h>

#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/error-crypt.h>

volatile unsigned int pico_ms_tick = 0;

int close(int __fildes){
    return 0;
}

#define byte char
#define HEAP_HINT 0
#define FOURK_BUF 4096

/* privkey.der, 2048-bit */
const unsigned char privkey_der_2048[] =
{
    0x30, 0x82, 0x04, 0xA4, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 
    0x01, 0x00, 0xC2, 0x54, 0x7D, 0xA8, 0x88, 0x36, 0xC6, 0x06, 
    0x15, 0xA9, 0xF4, 0x37, 0x26, 0x67, 0xA7, 0x64, 0xB5, 0xB1, 
    0xA2, 0x4C, 0xB1, 0xDC, 0x92, 0x6A, 0x34, 0xF3, 0xE5, 0xFB, 
    0x6F, 0x5F, 0x13, 0xEC, 0xB2, 0x7D, 0x2C, 0x26, 0x71, 0x96, 
    0x4D, 0xB7, 0x23, 0x29, 0x76, 0x54, 0x24, 0xA1, 0xB8, 0x63, 
    0xB8, 0xAB, 0x6D, 0x38, 0x0E, 0x4A, 0x11, 0x4E, 0x56, 0xEB, 
    0x44, 0x6A, 0x74, 0x84, 0xEA, 0x32, 0x32, 0x80, 0xD7, 0x38, 
    0xD1, 0xE4, 0x9C, 0x85, 0x0C, 0xAF, 0x0A, 0xD4, 0xC3, 0xB7, 
    0xB8, 0x94, 0xA7, 0xAB, 0x15, 0x8C, 0x70, 0x15, 0x0F, 0x37, 
    0x60, 0xA1, 0xC7, 0x66, 0x2F, 0x59, 0xD9, 0xD1, 0x6B, 0xA8, 
    0x62, 0xE8, 0x84, 0x07, 0x1E, 0x16, 0xE0, 0x57, 0xDE, 0x19, 
    0x07, 0xA0, 0x62, 0x00, 0x34, 0xC2, 0x78, 0x69, 0xF6, 0x67, 
    0x0B, 0x56, 0x79, 0x9B, 0xFD, 0x9F, 0x88, 0xB4, 0xAE, 0x6D, 
    0x40, 0x8F, 0xCE, 0x6A, 0xC3, 0x3F, 0xB3, 0x7F, 0xA7, 0x29, 
    0x67, 0x30, 0x52, 0x0A, 0x2D, 0x6E, 0xB6, 0xCE, 0xB9, 0xD0, 
    0xEF, 0x56, 0x12, 0x1F, 0xCE, 0xC0, 0x99, 0x8D, 0x53, 0x17, 
    0x07, 0xA5, 0xD1, 0xD2, 0x01, 0xA2, 0xC2, 0x6C, 0x60, 0x6D, 
    0xF0, 0x4D, 0x28, 0x01, 0x7E, 0x93, 0x54, 0x96, 0xD4, 0xF0, 
    0xFF, 0xAC, 0x45, 0x18, 0xCB, 0xE7, 0x78, 0x6B, 0xB6, 0x64, 
    0xC7, 0x48, 0x78, 0x94, 0x86, 0x1D, 0x57, 0x29, 0x69, 0x12, 
    0x54, 0x08, 0x46, 0x9B, 0x6D, 0x49, 0xB8, 0xC7, 0xCC, 0x89, 
    0xA7, 0x2A, 0xD3, 0x10, 0x46, 0x52, 0x3D, 0x64, 0x81, 0x98, 
    0x2B, 0x97, 0x75, 0x4B, 0xF9, 0x86, 0xDE, 0x72, 0x86, 0xE0, 
    0x66, 0x35, 0xEE, 0x7A, 0x71, 0x38, 0xBB, 0x0C, 0x04, 0xBC, 
    0x2D, 0x63, 0xAF, 0x73, 0xA3, 0x9F, 0x6B, 0xC8, 0x55, 0x5C, 
    0x3E, 0xE0, 0x69, 0x8A, 0x3D, 0x5E, 0xE2, 0xDB, 0x02, 0x03, 
    0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x08, 0x71, 0x21, 
    0x30, 0x54, 0x12, 0x85, 0x11, 0xB8, 0x99, 0x34, 0x79, 0xBC, 
    0xDA, 0x5D, 0xE4, 0x3B, 0x1C, 0x67, 0x5F, 0x8B, 0x8E, 0x78, 
    0x71, 0xD2, 0xB1, 0x11, 0xB9, 0x95, 0x81, 0xFC, 0xDC, 0x98, 
    0x78, 0x65, 0x95, 0x99, 0xF3, 0x9C, 0x96, 0xAB, 0x19, 0x5F, 
    0x01, 0x92, 0xC1, 0xCF, 0xBF, 0xCD, 0x42, 0xED, 0x30, 0xB5, 
    0x36, 0x34, 0x80, 0x41, 0xB8, 0x60, 0xB5, 0x7B, 0x30, 0x56, 
    0xF8, 0x2D, 0x47, 0x79, 0x92, 0x07, 0x54, 0x36, 0x14, 0x75, 
    0x93, 0x99, 0x15, 0xDB, 0x16, 0xBD, 0x17, 0x00, 0x1D, 0xA7, 
    0x86, 0xFD, 0x4B, 0x7C, 0xE8, 0xBB, 0xF2, 0xEB, 0x35, 0x9E, 
    0x32, 0xFA, 0x0A, 0x65, 0xF1, 0xDF, 0xB2, 0x18, 0x22, 0x33, 
    0x05, 0x6D, 0x63, 0x83, 0xCB, 0x74, 0x90, 0x5C, 0x11, 0x84, 
    0x39, 0x3A, 0x7F, 0xE7, 0xEB, 0x5C, 0x0B, 0xBA, 0xA6, 0xB3, 
    0x22, 0xDE, 0x0E, 0x73, 0x51, 0x4A, 0x39, 0x03, 0x60, 0x11, 
    0xA9, 0x64, 0x2E, 0x2C, 0xF9, 0x20, 0x99, 0x72, 0xDA, 0xCC, 
    0xAE, 0xAD, 0x15, 0x7B, 0x81, 0x82, 0x76, 0x3E, 0x3B, 0x3E, 
    0x01, 0x06, 0x2F, 0x5A, 0xD6, 0xBE, 0x7A, 0x4E, 0x1A, 0x57, 
    0x87, 0x39, 0x7C, 0x92, 0x88, 0x6F, 0xC1, 0x3E, 0xA1, 0x70, 
    0x25, 0x0F, 0x1D, 0x77, 0x39, 0xCB, 0x28, 0x54, 0x23, 0xEE, 
    0xC5, 0xB2, 0x66, 0x55, 0xBD, 0x41, 0xE7, 0xFF, 0x0F, 0x2E, 
    0x6D, 0xB7, 0xF7, 0x63, 0x60, 0xA0, 0x0D, 0x67, 0x23, 0x4D, 
    0xA2, 0xAB, 0x03, 0xF2, 0x3B, 0x37, 0x83, 0x44, 0x03, 0xF8, 
    0xBF, 0xBD, 0x2A, 0x47, 0x04, 0xAE, 0x51, 0xE6, 0x1C, 0x13, 
    0x5D, 0xA0, 0x95, 0x4D, 0x05, 0xBC, 0x69, 0xAB, 0x2E, 0xB8, 
    0x09, 0xFE, 0x77, 0x55, 0x46, 0x8C, 0xE6, 0x89, 0xF5, 0x40, 
    0x1D, 0xFF, 0x6E, 0xC9, 0x66, 0x5A, 0x94, 0xE4, 0x93, 0xC3, 
    0x43, 0xCE, 0xD9, 0x02, 0x81, 0x81, 0x00, 0xF4, 0xE9, 0x55, 
    0x00, 0x6A, 0x83, 0xD2, 0xF4, 0x40, 0xD4, 0x78, 0x6B, 0x2D, 
    0x02, 0xED, 0xEF, 0x8A, 0xDB, 0xD2, 0xE7, 0x26, 0xE4, 0xDE, 
    0x8C, 0xAE, 0x11, 0xE5, 0xD4, 0x8D, 0x43, 0x17, 0xAB, 0x85, 
    0x73, 0xBA, 0xAB, 0x0B, 0x07, 0x7A, 0xF2, 0xA7, 0xF6, 0xCC, 
    0x20, 0xD5, 0x0C, 0x39, 0xB0, 0x3A, 0x94, 0x51, 0x61, 0x9B, 
    0x6F, 0xAB, 0x53, 0x06, 0x62, 0x7A, 0x1B, 0x32, 0xF4, 0xE7, 
    0x5E, 0x9D, 0x21, 0xC4, 0x4E, 0x76, 0x91, 0xAB, 0x3C, 0x7E, 
    0xDC, 0x51, 0xCB, 0xC8, 0x50, 0x40, 0xDE, 0x71, 0x79, 0x1C, 
    0x7E, 0x79, 0x54, 0x83, 0xCF, 0x7E, 0xDA, 0xDC, 0x7C, 0x0F, 
    0xFB, 0x8F, 0xDF, 0xC2, 0x5F, 0xDC, 0xCE, 0xAA, 0x5C, 0x36, 
    0x2F, 0x6E, 0xF5, 0x0F, 0x9E, 0x72, 0xD4, 0x7F, 0xAD, 0x0B, 
    0x0A, 0x17, 0x07, 0xDE, 0x03, 0xE8, 0x78, 0x69, 0xBE, 0x54, 
    0xC1, 0x7F, 0x2C, 0x5A, 0x7D, 0x02, 0x81, 0x81, 0x00, 0xCB, 
    0x20, 0xE3, 0xF6, 0x58, 0xF6, 0x56, 0xBC, 0xC0, 0x67, 0x50, 
    0x8C, 0xE7, 0x80, 0x52, 0x28, 0x3D, 0xA6, 0x0E, 0xD6, 0x8B, 
    0x0C, 0xB3, 0x09, 0x59, 0xAA, 0xD1, 0x8A, 0x76, 0x54, 0x95, 
    0x55, 0xB1, 0xA6, 0x27, 0xE5, 0x03, 0x08, 0xD1, 0x3F, 0xBA, 
    0xEC, 0x4F, 0x3A, 0x3D, 0xF0, 0x8E, 0x94, 0x62, 0xDB, 0xCA, 
    0xC8, 0xF8, 0xF2, 0x26, 0x47, 0x30, 0x7B, 0x6B, 0x9F, 0x1F, 
    0xDB, 0xB5, 0x40, 0x91, 0x0C, 0xFB, 0x82, 0xF9, 0xB1, 0xE5, 
    0x7D, 0x2C, 0x7B, 0x82, 0x2E, 0xA9, 0x77, 0x29, 0xE9, 0x74, 
    0xF4, 0x34, 0xB4, 0x70, 0xD9, 0x95, 0xCA, 0xF2, 0x1B, 0xB1, 
    0x9B, 0x38, 0xE5, 0x74, 0xBD, 0x53, 0x05, 0x1F, 0x3B, 0x0E, 
    0xB8, 0x37, 0x67, 0x67, 0x44, 0xF9, 0x16, 0xBB, 0x30, 0x3A, 
    0x3F, 0xC8, 0x21, 0x11, 0x4A, 0x5A, 0x88, 0x5F, 0xD6, 0xCB, 
    0xC2, 0x64, 0x92, 0xCE, 0x3D, 0xDA, 0x37, 0x02, 0x81, 0x81, 
    0x00, 0xEB, 0xF6, 0x1B, 0x05, 0x69, 0x9A, 0x54, 0x97, 0x2C, 
    0x17, 0x09, 0x66, 0x09, 0x59, 0xF7, 0x30, 0x81, 0x92, 0xC5, 
    0xA2, 0x1B, 0xA1, 0x0A, 0xA2, 0x73, 0xDB, 0x9E, 0x99, 0xA8, 
    0xF8, 0x69, 0x47, 0xC2, 0x2D, 0xFC, 0x3D, 0x6B, 0x44, 0xEB, 
    0xB9, 0xFB, 0x06, 0x17, 0x29, 0xD2, 0xDA, 0x12, 0x82, 0xAE, 
    0x0D, 0xD4, 0x52, 0xBC, 0x55, 0x5C, 0xB5, 0x83, 0x43, 0x41, 
    0xEE, 0x0E, 0xAC, 0x52, 0x76, 0x9F, 0xE1, 0xB6, 0xA6, 0xFA, 
    0x29, 0xE2, 0xD7, 0x48, 0x4A, 0xB1, 0x2C, 0x2B, 0x74, 0xD6, 
    0xEA, 0xFA, 0x5C, 0xFB, 0x8D, 0x07, 0x0C, 0xDC, 0x6A, 0x00, 
    0x08, 0x91, 0xC1, 0x9E, 0x0C, 0x7B, 0x53, 0xD4, 0x8C, 0x53, 
    0xCB, 0x71, 0xEB, 0xA1, 0xF1, 0x15, 0x70, 0x5A, 0x7A, 0x08, 
    0x9C, 0x9F, 0xDE, 0x72, 0xF2, 0x67, 0xBA, 0x16, 0xB7, 0xA1, 
    0x34, 0xD2, 0x7C, 0xA4, 0x60, 0x41, 0x4C, 0xD4, 0x69, 0x02, 
    0x81, 0x80, 0x20, 0x92, 0x74, 0x9B, 0x93, 0x26, 0x65, 0x40, 
    0x3D, 0x26, 0x13, 0xFF, 0x94, 0x3B, 0xBA, 0x70, 0xE3, 0x79, 
    0xD6, 0x55, 0x46, 0xD4, 0xD1, 0x7C, 0xC5, 0x59, 0x23, 0xE2, 
    0xAD, 0x18, 0xE1, 0x1D, 0x6D, 0xB0, 0x34, 0x23, 0x7F, 0xFA, 
    0x10, 0xFB, 0xC4, 0x30, 0x92, 0x7F, 0xC7, 0x60, 0xE4, 0xAC, 
    0x1C, 0xB2, 0x1B, 0xF1, 0x60, 0x22, 0x0C, 0x4B, 0x4C, 0x15, 
    0xEE, 0x6B, 0x04, 0xC3, 0xC9, 0x6B, 0xC2, 0x16, 0xAF, 0xDA, 
    0x0F, 0xCA, 0x1B, 0xFF, 0x97, 0x7B, 0x72, 0xA3, 0xA2, 0xDF, 
    0x0D, 0xE4, 0x76, 0xB1, 0x96, 0x25, 0xFD, 0x16, 0x96, 0xF3, 
    0x85, 0x21, 0x35, 0xB8, 0xAB, 0x45, 0xF8, 0x13, 0x47, 0xD5, 
    0xC1, 0x6D, 0x49, 0xED, 0xF6, 0x4C, 0x69, 0x7D, 0xE0, 0xE7, 
    0x69, 0x3A, 0xD1, 0x8C, 0x5A, 0xBE, 0x1A, 0xB4, 0xAE, 0x91, 
    0xC1, 0xB4, 0x82, 0xD5, 0xF8, 0x24, 0xA6, 0x57, 0xBA, 0xBF, 
    0x02, 0x81, 0x81, 0x00, 0xCF, 0xD5, 0xF9, 0x2A, 0x0D, 0x81, 
    0x7A, 0x70, 0x40, 0x2E, 0xD2, 0x9E, 0x62, 0xD9, 0x7C, 0x3F, 
    0x13, 0xBB, 0x64, 0xC5, 0xA5, 0x3E, 0x41, 0x01, 0x28, 0x70, 
    0xDC, 0x04, 0xDC, 0x66, 0x69, 0xB0, 0x1C, 0xF2, 0xA8, 0x52, 
    0xA6, 0xDB, 0x50, 0x2D, 0xDA, 0xBE, 0xB8, 0x44, 0x6F, 0xB0, 
    0x5C, 0xFF, 0x98, 0x09, 0x25, 0xDC, 0xCC, 0x53, 0xCC, 0xD6, 
    0x46, 0x90, 0x5C, 0xC7, 0xA4, 0xD9, 0x9D, 0xE5, 0x5E, 0x25, 
    0x61, 0xBC, 0x10, 0xF0, 0xEC, 0xF1, 0x0A, 0x35, 0x8D, 0x5F, 
    0x5B, 0x42, 0x98, 0xD4, 0xCB, 0x06, 0x26, 0xAB, 0xF4, 0x3D, 
    0x7D, 0xD1, 0xB0, 0x53, 0x25, 0xDD, 0x94, 0xC5, 0xF0, 0x55, 
    0xDD, 0x68, 0x63, 0xCE, 0x07, 0x7B, 0x4C, 0x8B, 0x02, 0xE5, 
    0xD0, 0x44, 0xC7, 0x3B, 0xFD, 0x8F, 0x91, 0xCD, 0x2C, 0xDB, 
    0xCD, 0x93, 0x74, 0x3B, 0xF7, 0xBB, 0x1D, 0x67, 0x1A, 0xCD, 
    0x58, 0xE6
};
 
int rsa_test(void)
{
    byte*   tmp;
    size_t bytes;
    RsaKey key;
    WC_RNG rng;
    word32 idx = 0;
    int    ret;
    byte   in[] = "Everyone gets Friday off.";
    word32 inLen = (word32)XSTRLEN((char*)in);
    byte   out[256];
    byte   plain[256];


    tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmp == NULL)
        return -40;

    XMEMCPY(tmp, privkey_der_2048, sizeof(privkey_der_2048));
    bytes = sizeof(privkey_der_2048);
    
    ret = wc_InitRsaKey(&key, NULL);
    if (ret != 0) {
        XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -39;
    }
    ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
    if (ret != 0) {
        XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -41;
    }
    ret = wc_InitRng(&rng);
    if (ret != 0) {
        XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -42;
    }

    ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
    if (ret < 0) {
        XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -43;
    }

    idx = ret; /* save off encrypted length */
    ret = wc_RsaPrivateDecrypt(out, idx, plain, sizeof(plain), &key);
    printf("\n%d", ret);
    if (ret < 0) {
        XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -44;
    }

    return 0;
}


int main()
{
    uint8_t mac[6];
    uint32_t timer = 0;
    
    wolfSSL_Debugging_ON();
    wolfCrypt_Init();
    
    if (CheckCtcSettings() != 1)
        printf("\nBuild vs runtime math mismatch\n", -1234);

    if (CheckFastMathSettings() != 1)
        printf("\nBuild vs runtime fastmath FP_MAX_BITS mismatch\n", -1235);
    
    int32_t ret = rsa_test();

    printf("\nret %d", ret);

    return 0;
}
Post's attachments

cert.der 1 kb, 2 downloads since 2016-12-22 

You don't have the permssions to download the attachments of this post.

Share

Re: RsaUnPad error, bad formatting

Hi Carlos,

I was able to reproduce the UnPadding error if the server didn't have the right private key loaded for the certificate. In the example you provided above the private key is in DER (ASN1) format and the loading of the private key buffer should be done as follows:

ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, privkey_der_2048, sizeof(privkey_der_2048), SSL_FILETYPE_ASN1);

Make sure and check the return code for this call and the wolfSSL_CTX_use_certificate_buffer function. Its possible your call was using SSL_FILETYPE_PEM and failing.

As for the example you sent for rsa_test I was able to get it working, but I had to add an include for wolfssl/options.h prior to settings.h to make sure the compiled library settings matched the application.

Here is the working rsa_test example:

#ifdef HAVE_CONFIG_H
    #include <config.h>
#endif

#include <wolfssl/options.h>

#include <wolfssl/wolfcrypt/settings.h>

#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/rsa.h>
#include <wolfssl/wolfcrypt/memory.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/tfm.h>
#include <wolfssl/wolfcrypt/logging.h>

volatile unsigned int pico_ms_tick = 0;

int close(int __fildes){
    return 0;
}

#define HEAP_HINT 0
#define FOURK_BUF 4096

/* privkey.der, 2048-bit */
const unsigned char privkey_der_2048[] =
{
    ...
};

int rsa_test(void)
{
    byte*   tmp = NULL;
    size_t bytes;
    RsaKey key;
    WC_RNG rng;
    word32 idx = 0;
    int    ret;
    byte   in[] = "Everyone gets Friday off.";
    word32 inLen = (word32)XSTRLEN((char*)in);
    byte   out[256];
    byte   plain[256];
    byte*  outPtr = NULL;

    tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    if (tmp == NULL) {
        ret = MEMORY_E;
        goto exit;
    }

    XMEMCPY(tmp, privkey_der_2048, sizeof(privkey_der_2048));
    bytes = sizeof(privkey_der_2048);

    ret = wc_InitRsaKey_ex(&key, HEAP_HINT, INVALID_DEVID);
    if (ret < 0) {
        goto exit;
    }
    ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
    if (ret < 0) {
        goto exit;
    }

    printf("Key Size: %d\n", wc_RsaEncryptSize(&key));

    ret = wc_InitRng(&rng);
    if (ret < 0) {
        goto exit;
    }

#ifdef WC_RSA_BLINDING
    ret = wc_RsaSetRNG(&key, &rng);
    if (ret < 0) {
        goto exit;
    }
#endif

    ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
    printf("wc_RsaPublicEncrypt: %d\n", ret);
    if (ret < 0) {
        goto exit;
    }

    idx = ret; /* save off encrypted length */
    ret = wc_RsaPrivateDecrypt(out, idx, plain, sizeof(plain), &key);
    printf("wc_RsaPrivateDecrypt: %d\n", ret);
    printf("\n%d", ret);
    if (ret < 0) {
        goto exit;
    }

    if (XMEMCMP(plain, in, ret)) {
        printf("Compare failed!\n");
        goto exit;
    }

    ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
    printf("wc_RsaSSL_Sign: %d\n", ret);
    if (ret < 0) {
        goto exit;
    }

    idx = ret;
    XMEMSET(plain, 0, sizeof(plain));

    ret = wc_RsaSSL_VerifyInline(out, idx, &outPtr, &key);
    printf("wc_RsaSSL_Verify: %d\n", ret);
    if (ret < 0) {
        goto exit;
    }

    if (XMEMCMP(in, outPtr, ret)) {
        printf("Compare failed!\n");
        goto exit;
    }

    ret = 0; /* success */

exit:

    wc_FreeRsaKey(&key);
    XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    wc_FreeRng(&rng);

    return ret;
}


int main()
{
    int32_t ret;

#if defined(DEBUG_WOLFSSL)
    wolfSSL_Debugging_ON();
#endif

    wolfCrypt_Init();

#if !defined(NO_BIG_INT)
    if (CheckCtcSettings() != 1)
        printf("\nBuild vs runtime math mismatch\n");

#ifdef USE_FAST_MATH
    if (CheckFastMathSettings() != 1)
        printf("\nBuild vs runtime fastmath FP_MAX_BITS mismatch\n");
#endif /* USE_FAST_MATH */
#endif /* !NO_BIG_INT */

    ret = rsa_test();

    printf("\nret %d", ret);

    return 0;
}

Please let me know your results.

Thanks,
David Garske, wolfSSL

Share

Re: RsaUnPad error, bad formatting

Hello all,

Can you show results of this operation please ? I'm interested