[openssl-users] [EXTERNAL] Re: error making Private RSA
Sands, Daniel
dnsands at sandia.gov
Fri Mar 10 00:05:09 UTC 2017
First, to get intelligible text errors, replace your initial call with
ERR_load_crypto_strings(). The ERR_load_ERR_strings call doesn't even
seem to be documented, likely because it only loads the strings
associated with the ERR API, and you likely need PEM and BIO error
strings. When I did this, the error message was "no start line" for
method 1.
Second, it seems to matter whether you use PEM_load_bio_RSA_PUBKEY vs
PEM_load_bio_RSAPublicKey.
Next, CheckKey will likely only work when the private key is also read
in. Otherwise it segfaults.
As a side note, the [n]curses library would be more portable with
whatever terminal you run the program over.
As for method 4:
d2i_xxxx and i2d_xxxx are for DER formatted buffers. You're writing out
as PEM format. You need to read it back in as PEM format, as attempted
in some of the previous methods. So it makes sense that this method
fails.
On Thu, 2017-03-09 at 15:01 -0800, william estrada wrote:
> I have been tiring to keep my posting to a minim but I am not getting
> across what I am looking to
> fix. And I have been getting reports that my source code is not
> viewable. In my Apache logs I see that some people have be using the
> wrong link, they are tiring to use
> "http://mt-umunhum-wireless.net/mt-umunhum-wireless.net/Sources"
> This is wrong! use:
> "http://mt-umunhum-wireless.net/Sources/rsa"
> or
> "216.173.131.138/Sources/rsa"
>
> The most recent attempt is the rsapost.c with the output rsapost.txt
>
> What I am attempting to do is:
> 1) generate a RSA key pair, working but always the same keys.
> 2) remove the public key, working
> 3) create a RSA structure with the public key, 4 methods, all fail.
> 4) use the public key to encrypt a sting, don't get here.
> 5) use the RSA pair to decrypt the string.
>
> The code is not clean but here it is:
>
> #include <openssl/err.h>
> #include <openssl/bio.h>
> #include <openssl/rsa.h>
> #include <openssl/pem.h>
> #include <string.h>
> #include <stdio.h>
> #include <stdlib.h>
> #include <ctype.h>
> #include <termios.h>
> #include <termio.h>
>
> #define OFF "\x1B[0;0;0m"
> #define DEFAULT "\x1B[0;0;0m"
> #define RED "\x1B[1;31;40m"
> #define BLUE "\x1B[1;34;40m"
> #define GREEN "\x1B[1;32;40m"
> #define YELLOW "\x1B[1;33;40m"
> #define CLEAR_EOL "\x1B[K"
>
> void Dump( char *, int );
> typedef unsigned char* UcharP;
> typedef unsigned char uchar;
>
> #define Check_Key( Key, Action ) \
> if( RSA_check_key( Key ) != 1 ) { \
> printf( RED "%d %s Make Key Failed!\n" OFF, __LINE__, "(Key)" );\
> printf( RED "%s\n", \
> ERR_error_string( ERR_get_error(), NULL ) ); \
> Action ; } \
> else { \
> printf( BLUE "%d %s check key good\n" OFF , __LINE__, "Key" ); }
>
> int main() { // main()
>
> ERR_load_ERR_strings();
>
> RSA *My_RSA = RSA_new();
>
> char Str[] = "1234567890";
> unsigned char Out[1024];
> unsigned char In[ 1024];
> int RC, L, RSA_Len;
>
> unsigned long Error = ERR_get_error();
> char *MSG = ERR_error_string( Error, NULL);
> const char *MSG2 = ERR_reason_error_string( Error );
> char *ErrStr[100];
>
> BIGNUM *bne = BN_new();
> BN_set_word( bne, RSA_F4 );
>
> RC = RSA_generate_key_ex( My_RSA, 2048, bne, NULL );
> BN_free( bne );
>
> Check_Key( My_RSA, "return 1" );
>
> L = strlen( Str );
> printf ( BLUE "String: %s" OFF, Str );
> Dump( Str, L );
>
> RSA *Pub_RSA = RSA_new();
>
> // Extract Key from RSA Key pair
> BIO * Key_Bio = BIO_new( BIO_s_mem() );
>
> RC = PEM_write_bio_RSAPublicKey( Key_Bio, My_RSA );
>
> printf( BLUE "%d RC: %d\n" OFF, __LINE__ );
>
> size_t Key_Len = BIO_pending( Key_Bio );
> char *Key = malloc( Key_Len + 1 );
> RC = BIO_read( Key_Bio, Key, Key_Len );
> Key[ Key_Len ] = '\0';
>
> printf( BLUE "%d RC: %d, Len: %d\n" OFF, __LINE__, RC, Key_Len );
>
> // Let's see the data
> printf( BLUE "\nKey type %s\n" OFF, "Public" );
> Dump( (char*) Key, -Key_Len );
>
> // Now try to fill in to RSA using the BIO method
> BIO* bio = BIO_new( BIO_s_mem() );
> bio = BIO_new_mem_buf( (void*)Key, -1 ) ;
>
> // Load the RSA key from the BIO
> printf( "Method 1\n" );
> RSA* RSA1 = NULL;
> RSA1 = PEM_read_bio_RSA_PUBKEY( bio, NULL, NULL, NULL ) ;
> if( !RSA1 )
> printf( RED
> " ERROR: Could not load PUBLIC KEY!\n"
> " PEM_read_bio_RSA_PUBKEY FAILED:\n %s\n" OFF,
> ERR_error_string( ERR_get_error(), NULL ) ) ;
>
> else Check_Key( RSA1, ";" );
>
> printf( "Method 2\n" );
> RSA *RSA2 = RSA_new();
> BIO_new_mem_buf( (void*)Key, -1 ) ;
> RC = PEM_write_bio_RSA_PUBKEY( bio, RSA2 ) ;
> if( !RSA2 )
> printf( RED
> " ERROR: Could not load PUBLIC KEY!\n"
> " PEM_write_bio_RSA_PUBKEY FAILED:\n %s\n" OFF,
> ERR_error_string( ERR_get_error(), NULL ) ) ;
>
> else Check_Key( RSA2, ";" );
>
> // Try Bio method 3
> printf( OFF "Method 3\n" );
> RSA *RSA3 = RSA_new();
> BIO* Pem = BIO_new( BIO_s_mem() );
> BIO_puts( Pem, Key );
> ERR_print_errors( Pem );
>
> if( RSA3 ) Check_Key( RSA3, ";" );
>
> RC = PEM_write_bio_RSA_PUBKEY( Pem, RSA3 );
> printf( OFF "BIO RC: %d\n", RC );
>
> if( RSA3 ) Check_Key( RSA3, ";" );
>
> // Now try to fill in to RSA using the EVP method
>
> printf( OFF "Method 4\n" );
>
> RSA *RSA4 = RSA_new();
>
> EVP_PKEY* EVP_PEM_Key;
>
> EVP_PKEY* EVP_Pub_Key = d2i_PUBKEY_bio( Pem, NULL);
>
> ERR_print_errors( Pem );
>
> if( EVP_Pub_Key == NULL ) {
> Error = ERR_get_error( );
> MSG = (char*) ERR_reason_error_string( Error );
> printf( RED "EVP Error: %s" OFF "\n", MSG ); }
> else {
> RSA4 = EVP_PKEY_get1_RSA( EVP_Pub_Key ); }
>
> Check_Key( RSA4, "return 1;" );
>
> while(1) {
> if( RSA1 && RSA_check_key( RSA1 ) == 1 ) {
> Pub_RSA = RSA1;break; }
> if( RSA2 && RSA_check_key( RSA2 ) == 1 ) {
> Pub_RSA = RSA2;break; }
> if( RSA3 && RSA_check_key( RSA3 ) == 1 ) {
> Pub_RSA = RSA3;break; }
> if( RSA4 && RSA_check_key( RSA4 ) == 1 ) {
> Pub_RSA = RSA4;break; }
> printf( BLUE " No usable RSA structures, quiting\n" OFF );
> return 1; }
>
> // Free used memory
> BIO_free( Key_Bio );
> BIO_free( Pem );
>
> int In_Len;
> In_Len = RSA_public_encrypt( L,
> (uchar*) Str,
> (uchar*) In,
> Pub_RSA,
> RSA_PKCS1_OAEP_PADDING );
>
> printf( BLUE "Encrypted: %d" OFF, In_Len );
> Dump( In, In_Len );
>
> int Out_Len;
> Out_Len = RSA_private_decrypt( RSA_Len,
> (uchar*) In,
> (uchar*) Out,
> My_RSA,
> RSA_PKCS1_OAEP_PADDING );
>
> printf( BLUE "Decrypted: %d" OFF, Out_Len );
> Dump( Out, Out_Len );
>
> if( !memcmp( (char *)Key, (char *)Out, Out_Len ) ) {
> printf( "Ecrypt/Decrypt failed\n" ); }
> else {
> printf( "Ecrypt/Decrypt Passed\n" ); }
>
> return 0; }
>
> /* -------------------------------------------------------------- */
>
> void
> Dump( char *P, int Len ) { // Dump()
>
> int I, E, C, L, Done, Min, Max;
> char Buf[20], S[100];
>
> unsigned char D;
>
> unsigned char Hex[20] = "0123456789ABCDEF";
>
> if( Len < 0 ) {
> Len = abs( Len );
> Min = .20 *Len;
> Max = Len-Min; }
> else {
> Min = Len;
> Max = 0; }
>
> int Note;
> Done = 0, Note = 0;
>
> printf( "\n" );
> for( C = 0; C < Len ; C += 16,Done += L ) { // For()
>
> // printf( "C: %d, Min: %d, Max: %d\n", C, Min, Max );
> if( C > Min && C < Max ) {
> if( Note == 0 )
> printf( RED ". . " "Output trimed.\n" OFF );
> Note = 1;
> continue; }
>
> if( (L = Len -C) > 16 ) L = 16;
> if( L < 1 ) break;
>
> strcpy( Buf, " " );
> strcpy( S, " " );
> E = 0;
> for( I = 0; I < L; I++ ) {
>
> D = P[ ( I +Done ) ];
>
> if( isprint( D ) ) { Buf[I] = D; }
> else { Buf[I] = '.'; }
>
> if( I && !(I % 4) ) { S[E++] = ' '; }
>
> S[E++] = Hex[ D >> 4 ];
> S[E++] = Hex[ D & 15 ]; }
>
> printf( "%4.4d %4.4x %-35s" BLUE "/*" YELLOW " %16.16s" BLUE " */\n"
> OFF , Done, Done, S, Buf ); fflush(stdout);
>
> }
>
> printf( BLUE "End of block - %3d bytes"
> YELLOW " --------------------- "
> BLUE " /* "
> YELLOW "---------------- "
> BLUE "*/\n" OFF, Done );
> printf( OFF ); fflush(NULL);
> return; }
>
> This outputs:
>
> 5 Key check key good
> String: 1234567890
> 0000 0000 31323334 35363738 3930 /* 1234567890 */
> End of block - 10 bytes --------------------- /* ---------------- */
> 68 RC: -141075560
> 75 RC: 426, Len: 426
>
> Key type Public
>
> 0000 0000 2D2D2D2D 2D424547 494E2052 53412050 /* -----BEGIN RSA P */
> 0016 0010 55424C49 43204B45 592D2D2D 2D2D0A4D /* UBLIC KEY-----.M */
> 0032 0020 49494243 674B4341 5145416F 7142344D /* IIBCgKCAQEAoqB4M */
> 0048 0030 32307751 467A4972 634E4E39 31454364 /* 20wQFzIrcNN91ECd */
> 0064 0040 5344505A 31723259 38346355 43457961 /* SDPZ1r2Y84cUCEya */
> 0080 0050 394B585A 6C45475A 516B4245 445A6E0A /* 9KXZlEGZQkBEDZn. */
> . . Output trimed.
> 0352 0160 2B494F0A 6F636748 486A6F44 67746A45 /* +IO.ocgHHjoDgtjE */
> 0368 0170 58677779 646A6D31 725A4369 5459722B /* Xgwydjm1rZCiTYr+ */
> 0384 0180 3270506F 6C774944 41514142 0A2D2D2D /* 2pPolwIDAQAB.--- */
> 0400 0190 2D2D454E 44205253 41205055 424C4943 /* --END RSA PUBLIC */
> 0416 01a0 204B4559 2D2D2D2D 2D0A /* KEY-----. */
> End of block - 426 bytes --------------------- /* ---------------- */
> Method 1
> ERROR: Could not load PUBLIC KEY!
> PEM_read_bio_RSA_PUBKEY FAILED:
> error:0906D06C:PEM routines:func(109):reason(108)
> Method 2
> 107 (Key) Make Key Failed!
> error:2007507E:BIO routines:func(117):reason(126)
> Method 3
> 116 (Key) Make Key Failed!
> error:0407B093:rsa routines:func(123):reason(147)
> BIO RC: 1
> 121 (Key) Make Key Failed!
> error:0407B093:rsa routines:func(123):reason(147)
> Method 4
> EVP Error: (null)
> 142 (Key) Make Key Failed!
> error:0407B093:rsa routines:func(123):reason(147)
> No usable RSA structures, quiting
>
> Hope this clarifies what I am attempting to do?
>
> Appreciate any help, thanks for your time.
>
> --
> William Estrada
> Mt Umunhum, CA, USA, Earth
> HTTP:// Mt-Umunhum-Wireless.net
> Skype: MrUmunhum
>
More information about the openssl-users
mailing list