0

Heija everyone,

i think i’m missing something. I generated a private and public key pair with openSSL. Lines used:

openssl ecparam -name secp256k1 -genkey -noout -out priv_key.pem

openssl ec -in .\priv_key.pem -pubout -out public_key.pem

This gives me my key pair. for example this private key:

-----BEGIN EC PRIVATE KEY-----
MHQCAQEEIOBYwBnXMgYHsRSv99H4zgtzSClALIcNBN97QbBPNFzHoAcGBSuBBAAK
oUQDQgAESqPVjJtZ+f7Q5DnhBX/7Xy6CUWi0aEuNbA0JilgF4+T8ruuWl16vrOrI
3dSDDfsafxatLS3BytvtmyOQxye98Q==
-----END EC PRIVATE KEY-----

public key:

-----BEGIN PUBLIC KEY-----
MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAESqPVjJtZ+f7Q5DnhBX/7Xy6CUWi0aEuN
bA0JilgF4+T8ruuWl16vrOrI3dSDDfsafxatLS3BytvtmyOQxye98Q==
-----END PUBLIC KEY-----

Im trying to parse my public key with mbedtls_pk_parse_public_key to an pk_context. My code looks like this:

int32_t s32Err = 0; 

mbedtls_pk_init(&pk);

int32_t tempsize = strlen(ecdsaPublic);

s32Err = mbedtls_pk_parse_public_key(&pk, ecdsaPublic, tempsize + 1);

my public key (ecdsaPublic) is copy/pasted and formatted like the following:

const char* ecdsaPublic =  "-----BEGIN PUBLIC KEY-----\n"
                      "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAESqPVjJtZ+f7Q5DnhBX/7Xy6CUWi0aEuN\n"
                      "bA0JilgF4+T8ruuWl16vrOrI3dSDDfsafxatLS3BytvtmyOQxye98Q==\n"
                      "-----END PUBLIC KEY-----\n";

If I now let this run, i get 0xFFFFFFF0 as an error code in s32Err. Sadly I cant find this error code anywhere in the library or im not searching at the right place.

If I try the exact same code with another public key, like this one:

-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMALAAUWI7loxRd++n5VG+E6gl1NEC8Z
yQmtyzKEdwwJ+qrC9BSi6f5FmutbJYqu1wR6QitVCEXUrtN1rOBCQ78CAwEAAQ==
-----END PUBLIC KEY-----

The parsing returns 0.

Has anyone an idea or a hint? Is my key generation wrong?

Best wishes and thanks for the help and suggestions!

Marc

csa_msa
  • 11
  • 3
  • Why `tempsize + 1`? – Maarten Bodewes Sep 22 '21 at 07:35
  • I need the whole string with the trailing `\0`. this is why I added the `tempsize + 1`. I added the variable `tempsize` to see the size i pass to the function `mbedtls_pk_parse_public_key`. – csa_msa Sep 22 '21 at 07:42
  • `s32Err` is a signed integer, so it's -16, which is written as `-0x0010` in `mbedtls/bignum.h`. If you build mbedtls natively, you can run `programs/util/strerror -16`. Actually `programs/util/strerror 0xfffffff0` works too. – Gilles 'SO- stop being evil' Sep 24 '21 at 18:26
  • @Gilles'SO-stopbeingevil' you are absolutely right. I add this information to my answer! – csa_msa Sep 27 '21 at 06:21

1 Answers1

1

I found the problem: Since I'm using the Zephyr O/S, I have a configuration called CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE. This was to small, so I got the error code 0xfffffff0, which stands for MBEDTLS_ERR_MPI_ALLOC_FAILED.

I now doubled my CONFIG_MINIMAL_LIBC_MALLOC_ARENA_SIZE and the parsing works as intended.

Edit: As @Gilles 'SO- stop being evil' mentioned sinced s32Err is a signed integer the value 0xfffffff0 represents -16 (-0x0010) which can be found in mbedtls/bignum.h.

csa_msa
  • 11
  • 3