RSA_check_key failure 0x407b093 (value missing)

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

RSA_check_key failure 0x407b093 (value missing)

Jeffrey Walton-3
I've got n,e,d and loaded them into a RSA*. When I call RSA_check_key,
I get an 0x407b093 error:

    $ openssl errstr 0x407b093
    error:0407B093:rsa routines:RSA_check_key:value missing

How do I instruct he library to solve for the missing parameters so
the key can be verified?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: RSA_check_key failure 0x407b093 (value missing)

Tim Hudson
On 8/06/2014 8:25 AM, Jeffrey Walton wrote:
I've got n,e,d and loaded them into a RSA*. When I call RSA_check_key,
I get an 0x407b093 error:

    $ openssl errstr 0x407b093
    error:0407B093:rsa routines:RSA_check_key:value missing

How do I instruct he library to solve for the missing parameters so
the key can be verified?

What are you actually trying to do there in terms of your actual context of usage?

RSA_check_key is about checking that an RSA private key component values are mathematically consistent with respect to each other - i.e. it is about checking all the components are correct.  It isn't about doing anything other than that and without n,e,d and p and q there isn't much it is meant to do. Why are you missing p and q in your particular context?

Thanks,
Tim.


Reply | Threaded
Open this post in threaded view
|

Re: RSA_check_key failure 0x407b093 (value missing)

Jeffrey Walton-3
On Sat, Jun 7, 2014 at 7:30 PM, Tim Hudson <[hidden email]> wrote:

> On 8/06/2014 8:25 AM, Jeffrey Walton wrote:
>
> I've got n,e,d and loaded them into a RSA*. When I call RSA_check_key,
> I get an 0x407b093 error:
>
>     $ openssl errstr 0x407b093
>     error:0407B093:rsa routines:RSA_check_key:value missing
>
> How do I instruct he library to solve for the missing parameters so
> the key can be verified?
>
>
> What are you actually trying to do there in terms of your actual context of
> usage?
Validate the key - nothing more at this point. If the key is not
valid, then it can't be used.

> RSA_check_key is about checking that an RSA private key component values are
> mathematically consistent with respect to each other - i.e. it is about
> checking all the components are correct.
Right. e and n are co-prime, e*d === 1 mod n, etc. The other values
are just speedup and not required.

> It isn't about doing anything
> other than that and without n,e,d and p and q there isn't much it is meant
> to do.
OK, does the library provide the CRT solver (I don't believe so, but I
thought I would ask).

> Why are you missing p and q in your particular context?
http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-26#appendix-A.2
only provides {n,e,d}. Its pretty common in some places to only get
{e,d} or {d,n}.

Jeff
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: RSA_check_key failure 0x407b093 (value missing)

Mounir IDRASSI
On 6/8/2014 1:46 AM, Jeffrey Walton wrote:
> OK, does the library provide the CRT solver (I don't believe so, but I
> thought I would ask).
Few years ago, I needed such solver to convert from RSA SFM format
(n,e,d) to CRT representation. Obviously OpenSSL doesn't contain one so
I implemented it using OpenSSL routines and I released an Open Source
tool called RsaConverter that provide such functionality
(http://rsaconverter.sourceforge.net/).

You can have a look at the file librsaconverter.c from its source
(http://sourceforge.net/p/rsaconverter/code/HEAD/tree/Trunk/src/librsaconverter.c).
In your case, you can use the function SfmToCrt in order to compute the
CRT parameters, thus making RSA_check_key happy.

Before calling SfmToCrt, I advice to call CheckRsaSfmKey to verify that
the triplet (n,e,d) are valid for RSA otherwise SfmToCrt can't find the
CRT parameters (the algorithm is based on random search for a generator
that exists only for valid RSA parameters). In order to avoid infinite
loops, I implemented a configurable timeout.

Concerning its performance, the algorithm is fast : for RSA 2048, it
takes 250 ms on average on a Core i7-2600K and on the older Pentium III
M it takes 1 second on average.

I don't if there are many people who need use RSA SFM parameters but
having such conversion functionality inside OpenSSL can be interesting.
In such case, I can send a patch for it.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: RSA_check_key failure 0x407b093 (value missing)

Tim Hudson
On 8/06/2014 8:18 PM, Mounir IDRASSI wrote:

> On 6/8/2014 1:46 AM, Jeffrey Walton wrote:
>> OK, does the library provide the CRT solver (I don't believe so, but I
>> thought I would ask).
> Few years ago, I needed such solver to convert from RSA SFM format
> (n,e,d) to CRT representation. Obviously OpenSSL doesn't contain one
> so I implemented it using OpenSSL routines and I released an Open
> Source tool called RsaConverter that provide such functionality
> (http://rsaconverter.sourceforge.net/).
>
> You can have a look at the file librsaconverter.c from its source
> (http://sourceforge.net/p/rsaconverter/code/HEAD/tree/Trunk/src/librsaconverter.c).
>
> In your case, you can use the function SfmToCrt in order to compute
> the CRT parameters, thus making RSA_check_key happy.
>
> ...
>
> I don't if there are many people who need use RSA SFM parameters but
> having such conversion functionality inside OpenSSL can be
> interesting. In such case, I can send a patch for it.

A suggested patch contributed under the OpenSSL license (rather than the
LGPL) would be interesting to look at.

The timing based loop for if it is not a valid RSA key can be avoided
(by checking) or by making it a callers requirement to check - rather
than having a time out option check there - the 5 minute time out you
have noted there does need adjusting. If you expect things to be able to
take that long then a callback mechanism would be needed. Just
performing the check would be a simpler solution I think ...

Thanks,
Tim.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]