Mbedtls_x509_crt_parse CRT returns -0x3B00 MBEDTLS_ERR_PK_INVALID_PUBKEY

matthewb · August 21, 2019, 11:24pm

I am testing with ssl_server.c and config-suite-b.h but slightly modified for RSA key exchange instead of ECDSA (without modification, ECDSA is successful on the server but takes so long that the client times-out).

After modifying config-suite-b.h for RSA key exchange, mbedtls_x509_crt_parse fails and returns MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00.

Why would the test certificate failing? Perhaps I have missed something when changing from ECDSA to RSA? Or is it related to disabled entropy?

The modified config-suite-b.h follows…

#define MBEDTLS_PLATFORM_C

/* System support */
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME

/*
 * Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
 *
 * Distinguishing features:
 * - no RSA or classic DH, fully based on ECC
 * - optimized for low RAM usage
 *
 * Possible improvements:
 * - if 128-bit security is enough, disable secp384r1 and SHA-512
 * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C
 *
 * See README.txt for usage instructions.
 */

/* mbed TLS feature support */
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_PKCS1_V15
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2

/* mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ECDH_C
//#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_GCM_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
//#define MBEDTLS_NET_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA512_C
//#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C

/* For test certificates */
#define MBEDTLS_BASE64_C
#define MBEDTLS_CERTS_C
#define MBEDTLS_PEM_PARSE_C

/* Save RAM at the expense of ROM */
#define MBEDTLS_AES_ROM_TABLES

/* Save RAM by adjusting to our exact needs */
#define MBEDTLS_ECP_MAX_BITS   384
#define MBEDTLS_MPI_MAX_SIZE    48 // 384 bits is 48 bytes

/* Save RAM at the expense of speed, see ecp.h */
#define MBEDTLS_ECP_WINDOW_SIZE        2
#define MBEDTLS_ECP_FIXED_POINT_OPTIM  0

/* Significant speed benefit at the expense of some ROM */
#define MBEDTLS_ECP_NIST_OPTIM

/*
 * You should adjust this to the exact number of sources you're using: default
 * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones.
 * Minimum is 2 for the entropy test suite.
 */
//#define MBEDTLS_ENTROPY_MAX_SOURCES 2
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
#define MBEDTLS_TEST_NULL_ENTROPY // *** TESTING - REMOVE FOR PRODUCTION ***

/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES                        \
        MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, \
        MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

#define MBEDTLS_SSL_OUT_CONTENT_LEN    8192

roneld01 · August 22, 2019, 9:07am

Hi @matthewb
Thank you for your question.
Please note that RSA key are much bigger than the ECC keys, so you will need to increase the size of MBEDTLS_MPI_MAX_SIZE to a size that will suit your RSA key size.
For example, if your RSA key size is 2048 bit, you will need to change MBEDTLS_MPI_MAX_SIZE to at least 256.
The issue you got was because the pub key components buffers were not big enough.
Regards,
Mbed Support
Ron

matthewb · August 22, 2019, 4:54pm

Thank you Ron! I very much appreciate the answer.

Perhaps that could be an additional configuration check done by …\mbedtls\include\mbedtls\check_config.h ?

roneld01 · August 25, 2019, 7:07am

Hi Matthew,

Thank you for your suggestion, however, the application doesn’t know in advance what key size you intend on using and supporting.

I believe that adding such a check will make this part a bit more complicated, and might introduce new bugs.

For example, Are we using ECC only? RSA only? both? What key sizes?

Regards,
Mbed TLS Support
Ron

roneld01 · August 25, 2019, 10:47am

Hi Matthew,
Since you are using RSA only, I would suggest you disable all ECP related configuration, to reduce code size.

Topic		Replies	Views
Mbedtls_x509_crt_parse return -0x3B00 Crypto and SSL questions	2	3148	March 18, 2020
Mbedtls can not parse file of ed25519 cert and key Mbed TLS mbed_tls	1	739	July 27, 2022
Error using mbedtls_x509_crt_parse Generic	3	4663	December 6, 2018
MbedTLS handshake is not functioning properly when attempting client authentication Platform specific questions mbed_client , mbed_tls , stmicroelectronics	2	2691	January 1, 2024
ECDSA verify problems Crypto and SSL questions mbed_tls	8	2986	October 13, 2022

Mbedtls_x509_crt_parse CRT returns -0x3B00 MBEDTLS_ERR_PK_INVALID_PUBKEY

Related Topics