ARMmbed

Mbedtls_x509_crt_parse CRT returns -0x3B00 MBEDTLS_ERR_PK_INVALID_PUBKEY

I am testing with ssl_server.c and config-suite-b.h but slightly modified for RSA key exchange instead of ECDSA (without modification, ECDSA is successful on the server but takes so long that the client times-out).

After modifying config-suite-b.h for RSA key exchange, mbedtls_x509_crt_parse fails and returns MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00.

Why would the test certificate failing? Perhaps I have missed something when changing from ECDSA to RSA? Or is it related to disabled entropy?

The modified config-suite-b.h follows…

#define MBEDTLS_PLATFORM_C

/* System support */
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME

/*
 * Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
 *
 * Distinguishing features:
 * - no RSA or classic DH, fully based on ECC
 * - optimized for low RAM usage
 *
 * Possible improvements:
 * - if 128-bit security is enough, disable secp384r1 and SHA-512
 * - use embedded certs in DER format and disable PEM_PARSE_C and BASE64_C
 *
 * See README.txt for usage instructions.
 */

/* mbed TLS feature support */
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_PKCS1_V15
//#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2

/* mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
#define MBEDTLS_BIGNUM_C
#define MBEDTLS_CIPHER_C
#define MBEDTLS_CTR_DRBG_C
#define MBEDTLS_ECDH_C
//#define MBEDTLS_ECDSA_C
#define MBEDTLS_ECP_C
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_GCM_C
#define MBEDTLS_MD_C
#define MBEDTLS_MD5_C
//#define MBEDTLS_NET_C
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
#define MBEDTLS_RSA_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA512_C
//#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
#define MBEDTLS_X509_CRT_PARSE_C
#define MBEDTLS_X509_USE_C

/* For test certificates */
#define MBEDTLS_BASE64_C
#define MBEDTLS_CERTS_C
#define MBEDTLS_PEM_PARSE_C

/* Save RAM at the expense of ROM */
#define MBEDTLS_AES_ROM_TABLES

/* Save RAM by adjusting to our exact needs */
#define MBEDTLS_ECP_MAX_BITS   384
#define MBEDTLS_MPI_MAX_SIZE    48 // 384 bits is 48 bytes

/* Save RAM at the expense of speed, see ecp.h */
#define MBEDTLS_ECP_WINDOW_SIZE        2
#define MBEDTLS_ECP_FIXED_POINT_OPTIM  0

/* Significant speed benefit at the expense of some ROM */
#define MBEDTLS_ECP_NIST_OPTIM

/*
 * You should adjust this to the exact number of sources you're using: default
 * is the "mbedtls_platform_entropy_poll" source, but you may want to add other ones.
 * Minimum is 2 for the entropy test suite.
 */
//#define MBEDTLS_ENTROPY_MAX_SOURCES 2
#define MBEDTLS_NO_PLATFORM_ENTROPY
#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
#define MBEDTLS_TEST_NULL_ENTROPY // *** TESTING - REMOVE FOR PRODUCTION ***

/* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
#define MBEDTLS_SSL_CIPHERSUITES                        \
        MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, \
        MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

#define MBEDTLS_SSL_OUT_CONTENT_LEN    8192

Hi @matthewb
Thank you for your question.
Please note that RSA key are much bigger than the ECC keys, so you will need to increase the size of MBEDTLS_MPI_MAX_SIZE to a size that will suit your RSA key size.
For example, if your RSA key size is 2048 bit, you will need to change MBEDTLS_MPI_MAX_SIZE to at least 256.
The issue you got was because the pub key components buffers were not big enough.
Regards,
Mbed Support
Ron

Thank you Ron! I very much appreciate the answer.

Perhaps that could be an additional configuration check done by …\mbedtls\include\mbedtls\check_config.h ?

Hi Matthew,

Thank you for your suggestion, however, the application doesn’t know in advance what key size you intend on using and supporting.

I believe that adding such a check will make this part a bit more complicated, and might introduce new bugs.

For example, Are we using ECC only? RSA only? both? What key sizes?

Regards,
Mbed TLS Support
Ron

Hi Matthew,
Since you are using RSA only, I would suggest you disable all ECP related configuration, to reduce code size.