Different skey size returned by i2d_RSAPrivateKey

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Different skey size returned by i2d_RSAPrivateKey

alpt

Hi there,

I want to pack a RSA priv key and this is what I'm doing:

...
rsa=RSA_generate_key(1024, RSA_F4, NULL, NULL);
len=i2d_RSAPrivateKey(rsa, priv);
...


Why isn't `len' always the same?
Is it normal?
If yes, what is its maximum value for a key of 1024 bits?
Is it the same for the public key?

Here it is the real code:
http://hinezumilabs.org/cgi-bin/viewcvs.cgi/*checkout*/netsukuku/src/crypto.c?rev=HEAD&content-type=text/plain

Thanks in advance
--
:wq!
"I don't know nothing" The One Who reached the Thinking Matter   '.'

[ Alpt --- Freaknet Medialab ]
[ GPG Key ID 441CF0EE ]
[ Key fingerprint = 8B02 26E8 831A 7BB9 81A9  5277 BFF8 037E 441C F0EE ]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Different skey size returned by i2d_RSAPrivateKey

Dr. Stephen Henson
On Tue, Feb 21, 2006, Alpt wrote:

>
> Hi there,
>
> I want to pack a RSA priv key and this is what I'm doing:
>
> ...
> rsa=RSA_generate_key(1024, RSA_F4, NULL, NULL);
> len=i2d_RSAPrivateKey(rsa, priv);
> ...
>
>
> Why isn't `len' always the same?
> Is it normal?

Yes its normal. Some key components have lengths which may be less than the
maximum value.

The way you are supposed to use this stuff is to first get the length, then
allocate enough memory and finally write out the encoding.

It isn't a good idea to make assumptions about the maximum size. It risks
buffer overrun vulnerabilities. There have been actual cases of that
happening.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Different skey size returned by i2d_RSAPrivateKey

alpt
On Tue, Feb 21, 2006 at 01:49:25PM +0100, <Dr. Stephen Henson>:
~> The way you are supposed to use this stuff is to first get the length, then
~> allocate enough memory and finally write out the encoding.
~>
~> It isn't a good idea to make assumptions about the maximum size. It risks
~> buffer overrun vulnerabilities. There have been actual cases of that
~> happening.

Ok, but I need to know its upper bound limit in order to reject bad headers
where the skey_len is > of the maximum allowed value.
What is it for a key of 1024 bits?
700 bytes are sufficient?

Does the pkey_len change too?
With a key of 1024 I've only got pkey of 140 bytes (packed).

cya ;)
--
:wq!
"I don't know nothing" The One Who reached the Thinking Matter   '.'

[ Alpt --- Freaknet Medialab ]
[ GPG Key ID 441CF0EE ]
[ Key fingerprint = 8B02 26E8 831A 7BB9 81A9  5277 BFF8 037E 441C F0EE ]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Different skey size returned by i2d_RSAPrivateKey

Kyle Hamilton
On 2/21/06, Alpt <[hidden email]> wrote:

> On Tue, Feb 21, 2006 at 01:49:25PM +0100, <Dr. Stephen Henson>:
> ~> The way you are supposed to use this stuff is to first get the length, then
> ~> allocate enough memory and finally write out the encoding.
> ~>
> ~> It isn't a good idea to make assumptions about the maximum size. It risks
> ~> buffer overrun vulnerabilities. There have been actual cases of that
> ~> happening.
>
> Ok, but I need to know its upper bound limit in order to reject bad headers
> where the skey_len is > of the maximum allowed value.
> What is it for a key of 1024 bits?
> 700 bytes are sufficient?

My "best-practice" suggestion is to not constrain it, and try to
handle it regardless, no matter what the size is said to be.  I know
people paranoid enough to use 4096-bit keys.
(1981: "640k should be enough for anybody."  -Bill Gates)  Why
constrain your users to arbitrary limits?

> Does the pkey_len change too?
> With a key of 1024 I've only got pkey of 140 bytes (packed).

1024 bits / 8 bits per byte = 128 bytes.  Add a bit more for overhead,
and 140 is a reasonable number.

-Kyle H
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Different skey size returned by i2d_RSAPrivateKey

Dr. Stephen Henson
In reply to this post by alpt
On Wed, Feb 22, 2006, Alpt wrote:

> On Tue, Feb 21, 2006 at 01:49:25PM +0100, <Dr. Stephen Henson>:
> ~> The way you are supposed to use this stuff is to first get the length, then
> ~> allocate enough memory and finally write out the encoding.
> ~>
> ~> It isn't a good idea to make assumptions about the maximum size. It risks
> ~> buffer overrun vulnerabilities. There have been actual cases of that
> ~> happening.
>
> Ok, but I need to know its upper bound limit in order to reject bad headers
> where the skey_len is > of the maximum allowed value.
> What is it for a key of 1024 bits?
> 700 bytes are sufficient?
>

If the key is generated by OpenSSL then it will never exceed a certain length.
If it comes from outside by including invalid data it can be any size at all.

If you want an idea of the maximum length here goes...

The version number is zero. It has a header of two bytes and one byte content.

The maximum value of the modulus is and private exponent is 129 octets with a
three byte header.

The other 5 components can be 65 bytes with a two byte header.

The whole thing is surrounded by a 4 byte SEQUENCE header.

Adding those up or correcting any typos left as an exercise to the reader...

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Different skey size returned by i2d_RSAPrivateKey

alpt
In reply to this post by Kyle Hamilton
On Wed, Feb 22, 2006 at 03:34:05AM -0700, <Kyle Hamilton>:
~> > Ok, but I need to know its upper bound limit in order to reject bad headers
~> > where the skey_len is > of the maximum allowed value.
~> > What is it for a key of 1024 bits?
~> > 700 bytes are sufficient?
~>
~> My "best-practice" suggestion is to not constrain it, and try to
~> handle it regardless, no matter what the size is said to be.  I know
~> people paranoid enough to use 4096-bit keys.
~> (1981: "640k should be enough for anybody."  -Bill Gates)  Why
~> constrain your users to arbitrary limits?

I'm not constraining users. The number of bits of the privkey are defined in
a protocol, therefore the packets must be maximum of a pre-defined length.
This is why I need to know the maximum size of a packed privkey of 1024 bits
(especially when the packets have to be unpacked and read).
The same holds for the pubkey.

~> > Does the pkey_len change too?
~> > With a key of 1024 I've only got pkey of 140 bytes (packed).
~>
~> 1024 bits / 8 bits per byte = 128 bytes.  Add a bit more for overhead,
~> and 140 is a reasonable number.
 
So, the 1024 bits public key packed with i2d_RSAPublicKey is always 140 bytes.

^_^
--
:wq!
"I don't know nothing" The One Who reached the Thinking Matter   '.'

[ Alpt --- Freaknet Medialab ]
[ GPG Key ID 441CF0EE ]
[ Key fingerprint = 8B02 26E8 831A 7BB9 81A9  5277 BFF8 037E 441C F0EE ]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]