AnsweredAssumed Answered

K81 KSDK MBEDTLS RSA 2048 bit key check error

Question asked by Stefko Urumov on Oct 13, 2017
Latest reply on Oct 19, 2017 by Stefko Urumov

My current project requires RSA 2048 bit operations performed on K81 MCU.

I am using KSDK 2.1 and mbedtls 2.2.1.

 

I can successfully generate a RSA 2048bit key pair using mbedtls_rsa_gen_key function.

Then I perform mbedtls_rsa_check_privkey at the newly generated key.

 

The problem is that this check fails when the key is longer than 2016 bits, e.g 2044 or 2048bits

I followed the execution path like this:

 

bignum.c:mbedtls_rsa_check_privkey: Line 210: MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L1, &L2, &H, &G2 ) );

 

bignum.c:mbedtls_mpi_div_mpi: Line 1400: MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &X, &X, &T1 ) );

 

bignum.c:mbedtls_mpi_sub_mpi: Line 1043: MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( X, A, B ) );

 

ksdk_mbedtls.c: mbedtls_mpi_sub_abs:
Line 767:
if ((sizeA > sizeN) || (sizeB > sizeN))
    {
        return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
    }

 

mbedtls_mpi_sub_abs returns MBEDTLS_ERR_MPI_BAD_INPUT_DATA because the size of A and/or B (260 bytes) is greater than size of N (256 bytes), i.e. A.n (or B.n) == 0x41.

Apparently the maximum value(number of limbs) of A.n (or B.n) that can be handled by this function is 0x40.

It looks like at some point earlier in this execution path due to left shift the size of X is increased above 0x40.

My question is:

Is this limitation known to NXP and is it possible that this limitation could affect encryption/decryption functions when used with an RSA 2048bit keys ?

Outcomes