ARMmbed

Struggle with RSA public encryption

I am trying to get a simple RSA encryption without padding test to work. It supplies the keys from RAM. I’ve tried a number of key sizes and am not having much luck. The code is running on x86. Any ideas why it doesn’t produce expected results?

I have tried reversing parameters - all 8 combinations.

static void dump(uint8_t const * data, size_t dataLength)
{
    for (size_t i = 0; i < dataLength; i++)
    {
        if (i % 32 == 0)
        {
            printf("\n");
        }
        printf("%02X", data[i]);
    }
    printf("\n");
}

void main(int argc, char **argv)
{
    const uint8_t exponent[] = { 0x01, 0x00, 0x01 };
    const uint8_t modulus[] = {
        0x75, 0x0F, 0x2E, 0xEE, 0x73, 0x7D, 0xCF, 0xC4, 0x5F, 0xE6, 0x86, 0xF3, 0xA0, 0x5B, 0xF4, 0xB1,
        0x80, 0x42, 0x91, 0x8E, 0x18, 0x2C, 0xEA, 0xF0, 0x7B, 0xDC, 0x39, 0xF0, 0x07, 0xC2, 0xA5, 0x80,
        0x98, 0xC8, 0xFD, 0x79, 0x29, 0xD1, 0x59, 0x11, 0xA1, 0x10, 0x2D, 0x29, 0xE1, 0x6D, 0x2A, 0x12,
        0xA6, 0xD3, 0xED, 0xCD, 0x5E, 0x73, 0x8B, 0x54, 0xE5, 0xFB, 0x1F, 0x9F, 0x99, 0xC3, 0xD3, 0xA3
    };
    const uint8_t d[] = {
        0x5E, 0xED, 0xC8, 0x36, 0x71, 0x8C, 0x36, 0xA0, 0x5E, 0xD1, 0x18, 0xE1, 0x9B, 0x4A, 0xD7, 0x3D,
        0xD6, 0xF0, 0xA5, 0x0F, 0x61, 0x85, 0x93, 0xA5, 0x20, 0x1C, 0xF1, 0x13, 0x39, 0x87, 0xDD, 0x24,
        0x34, 0x89, 0x05, 0xD2, 0x25, 0x4A, 0x95, 0xE8, 0xA0, 0x98, 0xF5, 0x2E, 0x78, 0x9C, 0x2A, 0x75,
        0xC3, 0x00, 0xB5, 0x04, 0x7C, 0x52, 0xB2, 0xFE, 0xBF, 0x5F, 0x86, 0x50, 0xCC, 0x3E, 0x15, 0x51
    };
    const uint8_t input[] = {
        0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04,
        0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04,
        0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04,
        0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04, 0x01, 0x02, 0x03, 0x04
    };
    const uint8_t expected[] = {
        0x21, 0x29, 0x2A, 0x54, 0x5A, 0x99, 0xAD, 0x70, 0xBF, 0x81, 0x51, 0x95, 0xE5, 0xA9, 0x2B, 0xC3,
        0x43, 0x46, 0xC2, 0xA2, 0x27, 0x11, 0x37, 0x42, 0xCE, 0xFD, 0x93, 0x44, 0x30, 0x8D, 0xF4, 0x26,
        0x30, 0xBB, 0x7F, 0x58, 0x23, 0x24, 0x29, 0xFC, 0xF2, 0x27, 0x19, 0x75, 0xD2, 0x96, 0x4E, 0xC7,
        0x82, 0x1D, 0xD5, 0x75, 0x20, 0xF7, 0xCD, 0xE2, 0x61, 0x32, 0xD8, 0x48, 0x8C, 0x47, 0x80, 0x5E
    };
    uint8_t output[sizeof(input)];
    mbedtls_rsa_context rsa;

    printf("Expected:");
    dump(expected, sizeof(expected));

    memset(output, 0, sizeof(output));

    mbedtls_rsa_init(&rsa, MBEDTLS_RSA_PKCS_V15, 0);  // requires padding arg, but don't want padding
    mbedtls_rsa_import_raw(&rsa, modulus, sizeof(modulus), NULL, 0, NULL, 0, NULL, 0, exponent, sizeof(exponent));
    mbedtls_rsa_complete(&rsa);
    mbedtls_rsa_public(&rsa, input, output);
    mbedtls_rsa_free(&rsa);

    printf("\nActual:");
    dump(output, sizeof(output));    
}

Results:

Expected:
21292A545A99AD70BF815195E5A92BC34346C2A227113742CEFD9344308DF426
30BB7F58232429FCF2271975D2964EC7821DD57520F7CDE26132D8488C47805E

Actual:
5516F581673F83DE5A8676F4FCD103953ECA2D38C4A02D430AF879E60FA96DDC
8FC2EE940DA2E2AAA284944A00F6ED0F3D7CB1B6F3CE35238144A7E31A960D55

Hi @jimschm
I have tried the sample code you published, and i got the expected result:

Expected:
21292A545A99AD70BF815195E5A92BC34346C2A227113742CEFD9344308DF426
30BB7F58232429FCF2271975D2964EC7821DD57520F7CDE26132D8488C47805E

Actual:
21292A545A99AD70BF815195E5A92BC34346C2A227113742CEFD9344308DF426
30BB7F58232429FCF2271975D2964EC7821DD57520F7CDE26132D8488C47805E

So, your code sample is correct. My machine is also an x86.

Please check return code of your rsa functions, to see if something went wrong.
Regards,
Mbed TLS Team member
Ron

I found my issue. I had included a library that is for code coverage, and it takes over malloc. Somehow it messes with the math. I removed the library and mbedtls works.