rsa encryption with stonybrook modula

hi,

i have a program that uses the rsa encryption of the stonybrook
library. it works, but every once in a while the en/decryption fails.
does anyone know of a fix, workaround or of demo source code for the
rsa?

thanx

rko

"rko" <rko@compugroup.com> wrote in message
news:1121927933.667492.280920@f14g2000cwb.googlegr oups.com...
> hi,
>
> i have a program that uses the rsa encryption of the stonybrook
> library. it works, but every once in a while the en/decryption fails.
> does anyone know of a fix, workaround or of demo source code for the
> rsa?
>

1. Define fail.
2. Got an example to demonstrate failure.

Norman

Norman Black wrote:
> "rko" <rko@compugroup.com> wrote in message
> news:1121927933.667492.280920@f14g2000cwb.googlegr oups.com...
> > hi,
> >
> > i have a program that uses the rsa encryption of the stonybrook
> > library. it works, but every once in a while the en/decryption fails.
> > does anyone know of a fix, workaround or of demo source code for the
> > rsa?
> >
>
> 1. Define fail.
> 2. Got an example to demonstrate failure.
>
> Norman

i use the following functions of class (content shortend):

CLASS KEYHANDLING;

VAR
lock : CriticalSection;
tester: BOOLEAN;


PROCEDURE EncryptPublic(VAR PublicKey: ARRAY OF CHAR; VAR input :
ARRAY OF BYTE; VAR INOUT (*128*)howoutput : CARDINAL;
VAR output : ARRAY OF BYTE; VAR INOUT
(*128*)outputSize : CARDINAL) : BOOLEAN;
VAR
p,q,m,c,t,e,n: VLI.VLI;
retb : BOOLEAN;
rsa : RSA;
BEGIN
EnterCriticalSection(lock);
p := VLI.Create(); q := VLI.Create(); m := VLI.Create(); c :=
VLI.Create(); t := VLI.Create(); e := VLI.Create();
n := VLI.Create();
(*VLI.SetValue(e, 65537);*)
retb := VLI.FromHexString(PublicKey[0..255], n);
IF NOT retb THEN
VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
VLI.Dispose(m); VLI.Dispose(c); VLI.Dispose(t);
LeaveCriticalSection(lock);
RETURN FALSE;
END;
rsa := Create(ee, NIL, NIL, n);
IF rsa = NIL THEN
VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
VLI.Dispose(m); VLI.Dispose(c); VLI.Dispose(t);
LeaveCriticalSection(lock);
RETURN FALSE;
END;
retb := PublicFunction(rsa, ADR(input), howoutput, ADR(output),
outputSize);
Destroy(rsa);
VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
VLI.Dispose(m); VLI.Dispose(c); VLI.Dispose(t);
IF NOT retb THEN outputSize := 0; END;
EnterCriticalSection(lock);
RETURN retb;
EXCEPT
IF IsM2Exception() THEN
VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p);
VLI.Dispose(q); VLI.Dispose(m); VLI.Dispose(c); VLI.Dispose(t);
IF rsa # NIL THEN Destroy(rsa); END;
LeaveCriticalSection(lock);
RETURN FALSE;
END;
END EncryptPublic;

PROCEDURE DecryptPrivate(VAR PrivateKey: ARRAY OF CHAR; VAR input :
ARRAY OF BYTE; inputsize : CARDINAL;
VAR output : ARRAY OF BYTE; VAR INOUT
(*128*)outputSize : CARDINAL) : BOOLEAN;
VAR
p,q,m,c,t,e,n: VLI.VLI;
retb : BOOLEAN;
rsa : RSA;
msgLen: CARDINAL = 0;
BEGIN
EnterCriticalSection(lock);
msgLen := inputsize;
IF msgLen > 128 THEN
LeaveCriticalSection(lock);
RETURN FALSE;
END;
p := VLI.Create(); q := VLI.Create(); m := VLI.Create(); c :=
VLI.Create();
t := VLI.Create(); e := VLI.Create(); n := VLI.Create();
(*VLI.SetValue(e, 65537);*)
retb := VLI.FromHexString(PrivateKey[0..127], p);
IF NOT retb THEN
VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
VLI.Dispose(m);
VLI.Dispose(c); VLI.Dispose(t);
LeaveCriticalSection(lock);
RETURN FALSE;
END;
retb := VLI.FromHexString(PrivateKey[128..255], q);
IF NOT retb THEN
VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
VLI.Dispose(m);
VLI.Dispose(c); VLI.Dispose(t);
LeaveCriticalSection(lock);
RETURN FALSE;
END;
rsa := Create(ee, p, q, NIL);
IF rsa = NIL THEN
VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
VLI.Dispose(m);
VLI.Dispose(c); VLI.Dispose(t);
LeaveCriticalSection(lock);
RETURN FALSE;
END;
retb := PrivateFunction(rsa,ADR(input), msgLen,ADR(output),
outputSize);
VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
VLI.Dispose(m);
VLI.Dispose(c); VLI.Dispose(t);
Destroy(rsa);
IF NOT retb THEN outputSize := 0; END;
LeaveCriticalSection(lock);
RETURN retb;
EXCEPT
IF IsM2Exception() THEN
VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
VLI.Dispose(m);
VLI.Dispose(c); VLI.Dispose(t);
IF rsa # NIL THEN Destroy(rsa); END;
LeaveCriticalSection(lock);
RETURN FALSE;
END;
END DecryptPrivate;

BEGIN
tester := CreateCriticalSection(lock);
FINALLY
tester := CloseCriticalSection(lock);
END KEYHANDLING;




privatekey:="9AF57B9FEE686548A7A1E905A28425E68057A 63BBB3FD894467EC794323CCCDA2E2B46D8BAF44CEE7"+

"CEE1DFC11CA46622B02FE00F7A8A86ED3161F24AA49DB29EB EAFA0533077E73F41E6B29975E135720D4685BEBD77A76"+

"5466CD036B605264702FCC7F75850562BAB36DA129064674E D4DDABA05577C667B713BCAB47F76CB";

publickey:="8ECD9435B072CA3A21FFBDB4FBC5D6309237A5 0AA258817DF66A986FFDB0A09EE24F97F90B751E36204"+

"C54EBBDA42900BF163E8D199F780910B58A9CB277530A7F7D 26A164AB2A8DB6076C88C5BAC6F6A0A6295B43D9E4E99ED"+

"CD6697C50EAC9DF4C84F95C2724C6723EB328D94C6CD4AC9D 311B88EDC676A3B462A7A0ECAF83";



it is called such as:

FROM GenerateRSAKeys IMPORT KEYHANDLING;

VAR
rsa : KEYHANDLING;
btmp,btmp1,btmp2,btmp3 : ARRAY[0..128] OF BYTE;
atmp,atmp2,atmp3 : ARRAY[0..128] OF BYTE;
atmp1:ARRAY[0..128] OF BYTE = "5CFC7DE295D0EB7CF6B4CBFE9FDFA140";
(*sample will change an can contain binary values such as 0H .., but
will never contain more then 40 bytes*)

-->> loop

CREATE(rsa);
tmppc := 128; tmppc1 := 128;
rets := rsa.EncryptPublic(publickey, atmp1, tmppc1, btmp1, tmppc);
DESTROY(rsa);

CREATE(rsa);
tmppc := 128; tmppc1 := 128;
rets := rsa.DecryptPrivate(privatekey, btmp1, tmppc1, btmp2,
tmppc);
DESTROY(rsa);

-->> endloop

If i would do that in loop i will at some time not be able to decrypt
it. btmp2 will not be equal to atmp1 at unpredictable times. it's
driving me nuts - please help.

richard

i hope i pasted that correctly.

That is not a compilable and executable example. I will not bother looking
at something unless it is functional.

Noman

"rko" <rko@compugroup.com> wrote in message
news:1122409015.159288.273050@g43g2000cwa.googlegr oups.com...
>
> Norman Black wrote:
>> "rko" <rko@compugroup.com> wrote in message
>> news:1121927933.667492.280920@f14g2000cwb.googlegr oups.com...
>> > hi,
>> >
>> > i have a program that uses the rsa encryption of the stonybrook
>> > library. it works, but every once in a while the en/decryption fails.
>> > does anyone know of a fix, workaround or of demo source code for the
>> > rsa?
>> >
>>
>> 1. Define fail.
>> 2. Got an example to demonstrate failure.
>>
>> Norman
>
> i use the following functions of class (content shortend):
>
> CLASS KEYHANDLING;
>
> VAR
> lock : CriticalSection;
> tester: BOOLEAN;
>
>
> PROCEDURE EncryptPublic(VAR PublicKey: ARRAY OF CHAR; VAR input :
> ARRAY OF BYTE; VAR INOUT (*128*)howoutput : CARDINAL;
> VAR output : ARRAY OF BYTE; VAR INOUT
> (*128*)outputSize : CARDINAL) : BOOLEAN;
> VAR
> p,q,m,c,t,e,n: VLI.VLI;
> retb : BOOLEAN;
> rsa : RSA;
> BEGIN
> EnterCriticalSection(lock);
> p := VLI.Create(); q := VLI.Create(); m := VLI.Create(); c :=
> VLI.Create(); t := VLI.Create(); e := VLI.Create();
> n := VLI.Create();
> (*VLI.SetValue(e, 65537);*)
> retb := VLI.FromHexString(PublicKey[0..255], n);
> IF NOT retb THEN
> VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
> VLI.Dispose(m); VLI.Dispose(c); VLI.Dispose(t);
> LeaveCriticalSection(lock);
> RETURN FALSE;
> END;
> rsa := Create(ee, NIL, NIL, n);
> IF rsa = NIL THEN
> VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
> VLI.Dispose(m); VLI.Dispose(c); VLI.Dispose(t);
> LeaveCriticalSection(lock);
> RETURN FALSE;
> END;
> retb := PublicFunction(rsa, ADR(input), howoutput, ADR(output),
> outputSize);
> Destroy(rsa);
> VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
> VLI.Dispose(m); VLI.Dispose(c); VLI.Dispose(t);
> IF NOT retb THEN outputSize := 0; END;
> EnterCriticalSection(lock);
> RETURN retb;
> EXCEPT
> IF IsM2Exception() THEN
> VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p);
> VLI.Dispose(q); VLI.Dispose(m); VLI.Dispose(c); VLI.Dispose(t);
> IF rsa # NIL THEN Destroy(rsa); END;
> LeaveCriticalSection(lock);
> RETURN FALSE;
> END;
> END EncryptPublic;
>
> PROCEDURE DecryptPrivate(VAR PrivateKey: ARRAY OF CHAR; VAR input :
> ARRAY OF BYTE; inputsize : CARDINAL;
> VAR output : ARRAY OF BYTE; VAR INOUT
> (*128*)outputSize : CARDINAL) : BOOLEAN;
> VAR
> p,q,m,c,t,e,n: VLI.VLI;
> retb : BOOLEAN;
> rsa : RSA;
> msgLen: CARDINAL = 0;
> BEGIN
> EnterCriticalSection(lock);
> msgLen := inputsize;
> IF msgLen > 128 THEN
> LeaveCriticalSection(lock);
> RETURN FALSE;
> END;
> p := VLI.Create(); q := VLI.Create(); m := VLI.Create(); c :=
> VLI.Create();
> t := VLI.Create(); e := VLI.Create(); n := VLI.Create();
> (*VLI.SetValue(e, 65537);*)
> retb := VLI.FromHexString(PrivateKey[0..127], p);
> IF NOT retb THEN
> VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
> VLI.Dispose(m);
> VLI.Dispose(c); VLI.Dispose(t);
> LeaveCriticalSection(lock);
> RETURN FALSE;
> END;
> retb := VLI.FromHexString(PrivateKey[128..255], q);
> IF NOT retb THEN
> VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
> VLI.Dispose(m);
> VLI.Dispose(c); VLI.Dispose(t);
> LeaveCriticalSection(lock);
> RETURN FALSE;
> END;
> rsa := Create(ee, p, q, NIL);
> IF rsa = NIL THEN
> VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
> VLI.Dispose(m);
> VLI.Dispose(c); VLI.Dispose(t);
> LeaveCriticalSection(lock);
> RETURN FALSE;
> END;
> retb := PrivateFunction(rsa,ADR(input), msgLen,ADR(output),
> outputSize);
> VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
> VLI.Dispose(m);
> VLI.Dispose(c); VLI.Dispose(t);
> Destroy(rsa);
> IF NOT retb THEN outputSize := 0; END;
> LeaveCriticalSection(lock);
> RETURN retb;
> EXCEPT
> IF IsM2Exception() THEN
> VLI.Dispose(e); VLI.Dispose(n); VLI.Dispose(p); VLI.Dispose(q);
> VLI.Dispose(m);
> VLI.Dispose(c); VLI.Dispose(t);
> IF rsa # NIL THEN Destroy(rsa); END;
> LeaveCriticalSection(lock);
> RETURN FALSE;
> END;
> END DecryptPrivate;
>
> BEGIN
> tester := CreateCriticalSection(lock);
> FINALLY
> tester := CloseCriticalSection(lock);
> END KEYHANDLING;
>
>
>
>
> privatekey:="9AF57B9FEE686548A7A1E905A28425E68057A 63BBB3FD894467EC794323CCCDA2E2B46D8BAF44CEE7"+
>
> "CEE1DFC11CA46622B02FE00F7A8A86ED3161F24AA49DB29EB EAFA0533077E73F41E6B29975E135720D4685BEBD77A76"+
>
> "5466CD036B605264702FCC7F75850562BAB36DA129064674E D4DDABA05577C667B713BCAB47F76CB";
>
> publickey:="8ECD9435B072CA3A21FFBDB4FBC5D6309237A5 0AA258817DF66A986FFDB0A09EE24F97F90B751E36204"+
>
> "C54EBBDA42900BF163E8D199F780910B58A9CB277530A7F7D 26A164AB2A8DB6076C88C5BAC6F6A0A6295B43D9E4E99ED"+
>
> "CD6697C50EAC9DF4C84F95C2724C6723EB328D94C6CD4AC9D 311B88EDC676A3B462A7A0ECAF83";
>
>
>
> it is called such as:
>
> FROM GenerateRSAKeys IMPORT KEYHANDLING;
>
> VAR
> rsa : KEYHANDLING;
> btmp,btmp1,btmp2,btmp3 : ARRAY[0..128] OF BYTE;
> atmp,atmp2,atmp3 : ARRAY[0..128] OF BYTE;
> atmp1:ARRAY[0..128] OF BYTE = "5CFC7DE295D0EB7CF6B4CBFE9FDFA140";
> (*sample will change an can contain binary values such as 0H .., but
> will never contain more then 40 bytes*)
>
> -->> loop
>
> CREATE(rsa);
> tmppc := 128; tmppc1 := 128;
> rets := rsa.EncryptPublic(publickey, atmp1, tmppc1, btmp1, tmppc);
> DESTROY(rsa);
>
> CREATE(rsa);
> tmppc := 128; tmppc1 := 128;
> rets := rsa.DecryptPrivate(privatekey, btmp1, tmppc1, btmp2,
> tmppc);
> DESTROY(rsa);
>
> -->> endloop
>
> If i would do that in loop i will at some time not be able to decrypt
> it. btmp2 will not be equal to atmp1 at unpredictable times. it's
> driving me nuts - please help.
>
> richard
>
> i hope i pasted that correctly.
>

Here is an example test program I just created from using the RSA module
SelfTest procedure. The program runs without errors.

MODULE bug;

FROM SYSTEM IMPORT
BYTE, ADR;

FROM RSA IMPORT *;
IMPORT VLI;
FROM STextIO IMPORT
WriteString, WriteLn, ReadChar;

(* test vectors taken from rsa-oaep_spec.pdf found at www.rsasecurity.com *)
CONST
ps = "ee cf ae 81 b1 b9 b3 c9 08 81 0b 10 a1 b5 60 01 99 eb 9f 44 ae f4
fd a4 " +
"93 b8 1a 9e 3d 84 f6 32 12 4e f0 23 6e 5d 1e 3b 7e 28 fa e7 aa 04
0a 2d " +
"5b 25 21 76 45 9d 1f 39 75 41 ba 2a 58 fb 65 99";

qs = "c9 7f b1 f0 27 f4 53 f6 34 12 33 ea aa d1 d9 35 3f 6c 42 d0 88 66
b1 d0 " +
"5a 0f 20 35 02 8b 9d 86 98 40 b4 16 66 b4 2e 92 ea 0d a3 b4 32 04
b5 cf " +
"ce 33 52 52 4d 04 16 a5 a4 41 e7 00 af 46 15 03";

em : ARRAY [0..126] OF CARDINAL8 =
{
0ebh, 07ah, 019h, 0ach, 0e9h, 0e3h, 000h, 063h,
050h, 0e3h, 029h, 050h, 04bh, 045h, 0e2h, 0cah,
082h, 031h, 00bh, 026h, 0dch, 0d8h, 07dh, 05ch,
068h, 0f1h, 0eeh, 0a8h, 0f5h, 052h, 067h, 0c3h,
01bh, 02eh, 08bh, 0b4h, 025h, 01fh, 084h, 0d7h,
0e0h, 0b2h, 0c0h, 046h, 026h, 0f5h, 0afh, 0f9h,
03eh, 0dch, 0fbh, 025h, 0c9h, 0c2h, 0b3h, 0ffh,
08ah, 0e1h, 00eh, 083h, 09ah, 02dh, 0dbh, 04ch,
0dch, 0feh, 04fh, 0f4h, 077h, 028h, 0b4h, 0a1h,
0b7h, 0c1h, 036h, 02bh, 0aah, 0d2h, 09ah, 0b4h,
08dh, 028h, 069h, 0d5h, 002h, 041h, 021h, 043h,
058h, 011h, 059h, 01bh, 0e3h, 092h, 0f9h, 082h,
0fbh, 03eh, 087h, 0d0h, 095h, 0aeh, 0b4h, 004h,
048h, 0dbh, 097h, 02fh, 03ah, 0c1h, 04fh, 07bh,
0c2h, 075h, 019h, 052h, 081h, 0ceh, 032h, 0d2h,
0f1h, 0b7h, 06dh, 04dh, 035h, 03eh, 02dh
};

ct : ARRAY [0..127] OF CARDINAL8 =
{
012h, 053h, 0e0h, 04dh, 0c0h, 0a5h, 039h, 07bh,
0b4h, 04ah, 07ah, 0b8h, 07eh, 09bh, 0f2h, 0a0h,
039h, 0a3h, 03dh, 01eh, 099h, 06fh, 0c8h, 02ah,
094h, 0cch, 0d3h, 000h, 074h, 0c9h, 05dh, 0f7h,
063h, 072h, 020h, 017h, 006h, 09eh, 052h, 068h,
0dah, 05dh, 01ch, 00bh, 04fh, 087h, 02ch, 0f6h,
053h, 0c1h, 01dh, 0f8h, 023h, 014h, 0a6h, 079h,
068h, 0dfh, 0eah, 0e2h, 08dh, 0efh, 004h, 0bbh,
06dh, 084h, 0b1h, 0c3h, 01dh, 065h, 04ah, 019h,
070h, 0e5h, 078h, 03bh, 0d6h, 0ebh, 096h, 0a0h,
024h, 0c2h, 0cah, 02fh, 04ah, 090h, 0feh, 09fh,
02eh, 0f5h, 0c9h, 0c1h, 040h, 0e5h, 0bbh, 048h,
0dah, 095h, 036h, 0adh, 087h, 000h, 0c8h, 04fh,
0c9h, 013h, 00ah, 0deh, 0a7h, 04eh, 055h, 08dh,
051h, 0a7h, 04dh, 0dfh, 085h, 0d8h, 0b5h, 00dh,
0e9h, 068h, 038h, 0d6h, 006h, 03eh, 009h, 055h
};
(*
ems = "eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2 ca 82 31 0b 26 dc
d8 7d 5c " +
"68 f1 ee a8 f5 52 67 c3 1b 2e 8b b4 25 1f 84 d7 e0 b2 c0 46 26
f5 af f9 " +
"3e dc fb 25 c9 c2 b3 ff 8a e1 0e 83 9a 2d db 4c dc fe 4f f4 77
28 b4 a1 " +
"b7 c1 36 2b aa d2 9a b4 8d 28 69 d5 02 41 21 43 58 11 59 1b e3
92 f9 82 " +
"fb 3e 87 d0 95 ae b4 04 48 db 97 2f 3a c1 4f 7b c2 75 19 52 81
ce 32 d2 " +
"f1 b7 6d 4d 35 3e 2d";

cs = "12 53 e0 4d c0 a5 39 7b b4 4a 7a b8 7e 9b f2 a0 39 a3 3d 1e 99 6f
c8 2a " +
"94 cc d3 00 74 c9 5d f7 63 72 20 17 06 9e 52 68 da 5d 1c 0b 4f 87
2c f6 " +
"53 c1 1d f8 23 14 a6 79 68 df ea e2 8d ef 04 bb 6d 84 b1 c3 1d 65
4a 19 " +
"70 e5 78 3b d6 eb 96 a0 24 c2 ca 2f 4a 90 fe 9f 2e f5 c9 c1 40 e5
bb 48 " +
"da 95 36 ad 87 00 c8 4f c9 13 0a de a7 4e 55 8d 51 a7 4d df 85 d8
b5 0d " +
"e9 68 38 d6 06 3e 09 55";*)

e = 17;

iterations = 5000;

VAR
p, q, n : VLI.VLI;
m, c : VLI.VLI;
t : VLI.VLI;
output : ARRAY [0..127] OF CARDINAL8;
outputLen : CARDINAL;
msgLen : CARDINAL;
cryptPQ,
cryptN : RSA;
ch : CHAR;

i : CARDINAL;

PROCEDURE verify(a, b : ARRAY OF BYTE; count : CARDINAL) : BOOLEAN;
VAR
i : CARDINAL;
BEGIN
FOR i := 0 TO count-1 DO
IF a[i] <> b[i] THEN
RETURN FALSE;
END;
END;
RETURN TRUE;
END verify;

BEGIN
p := VLI.Create();
q := VLI.Create();
n := VLI.Create();
m := VLI.Create();
c := VLI.Create();
t := VLI.Create();

IF VLI.FromHexString(ps, p) AND VLI.FromHexString(qs, q) THEN
VLI.Multiply(p, q, n);
cryptPQ := Create(e, p, q, NIL);
cryptN := Create(e, NIL, NIL, n);
IF (cryptPQ <> NIL) AND (cryptN <> NIL) THEN
i := 0;
LOOP
IF i < iterations THEN
INC(i);

outputLen := SIZE(output);
IF PublicFunction(cryptN(*cryptPQ*), ADR(em), SIZE(em),
ADR(output), outputLen) THEN
IF outputLen = SIZE(ct) THEN
IF verify(ct, output, SIZE(ct)) THEN
msgLen := outputLen;
outputLen := SIZE(output);
IF PrivateFunction(cryptPQ,
ADR(output), msgLen,
ADR(output), outputLen)
THEN
IF outputLen = SIZE(em) THEN
IF NOT verify(output, em, SIZE(em))
THEN
WriteString("Failed
PrivateFunction verify. Press a key");
WriteLn;
ReadChar(ch);
EXIT;
END;
ELSE
WriteString("Failed PrivateFunction
length. Press a key");
WriteLn;
ReadChar(ch);
EXIT;
END;
ELSE
WriteString("Failed PrivateFunction.
Press a key");
WriteLn;
ReadChar(ch);
EXIT;
END;
ELSE
WriteString("Failed PublicFunction verify.
Press a key");
WriteLn;
ReadChar(ch);
EXIT;
END;
ELSE
WriteString("Failed PublicFunction length. Press
a key");
WriteLn;
ReadChar(ch);
EXIT;
END;
ELSE
WriteString("Failed PublicFunction. Press a key");
WriteLn;
ReadChar(ch);
EXIT;
END;
ELSE
EXIT;
END;
END;

Destroy(cryptPQ);
Destroy(cryptN);
ELSE
WriteString("Failed Create. Press a key");
WriteLn;
ReadChar(ch);
END;
ELSE
WriteString("Failed FromHexString. Press a key");
WriteLn;
ReadChar(ch);
END;

VLI.Dispose(t);
VLI.Dispose(c);
VLI.Dispose(m);
VLI.Dispose(q);
VLI.Dispose(p);
END bug.

thanx for the answer. i tried the following:

MODULE rsatests;
FROM RSA IMPORT *;

VAR
counter: INTEGER = 1;
BEGIN
WHILE counter < 10000 DO
IF NOT SelfTest() THEN
HALT;
END;
INC(counter);
END;

HALT;
END rsatests.

the selftest will fail everytime. the highest counter i got was about
500 and i desparatly need this to work all the time.

richard

Norman Black schrieb:
> Here is an example test program I just created from using the RSA module
> SelfTest procedure. The program runs without errors.
>
> MODULE bug;
>
> FROM SYSTEM IMPORT
> BYTE, ADR;
>
> FROM RSA IMPORT *;
> IMPORT VLI;
> FROM STextIO IMPORT
> WriteString, WriteLn, ReadChar;
>
> (* test vectors taken from rsa-oaep_spec.pdf found at www.rsasecurity.com *)
> CONST
> ps = "ee cf ae 81 b1 b9 b3 c9 08 81 0b 10 a1 b5 60 01 99 eb 9f 44 ae f4
> fd a4 " +
> "93 b8 1a 9e 3d 84 f6 32 12 4e f0 23 6e 5d 1e 3b 7e 28 fa e7 aa 04
> 0a 2d " +
> "5b 25 21 76 45 9d 1f 39 75 41 ba 2a 58 fb 65 99";
>
> qs = "c9 7f b1 f0 27 f4 53 f6 34 12 33 ea aa d1 d9 35 3f 6c 42 d0 88 66
> b1 d0 " +
> "5a 0f 20 35 02 8b 9d 86 98 40 b4 16 66 b4 2e 92 ea 0d a3 b4 32 04
> b5 cf " +
> "ce 33 52 52 4d 04 16 a5 a4 41 e7 00 af 46 15 03";
>
> em : ARRAY [0..126] OF CARDINAL8 =
> {
> 0ebh, 07ah, 019h, 0ach, 0e9h, 0e3h, 000h, 063h,
> 050h, 0e3h, 029h, 050h, 04bh, 045h, 0e2h, 0cah,
> 082h, 031h, 00bh, 026h, 0dch, 0d8h, 07dh, 05ch,
> 068h, 0f1h, 0eeh, 0a8h, 0f5h, 052h, 067h, 0c3h,
> 01bh, 02eh, 08bh, 0b4h, 025h, 01fh, 084h, 0d7h,
> 0e0h, 0b2h, 0c0h, 046h, 026h, 0f5h, 0afh, 0f9h,
> 03eh, 0dch, 0fbh, 025h, 0c9h, 0c2h, 0b3h, 0ffh,
> 08ah, 0e1h, 00eh, 083h, 09ah, 02dh, 0dbh, 04ch,
> 0dch, 0feh, 04fh, 0f4h, 077h, 028h, 0b4h, 0a1h,
> 0b7h, 0c1h, 036h, 02bh, 0aah, 0d2h, 09ah, 0b4h,
> 08dh, 028h, 069h, 0d5h, 002h, 041h, 021h, 043h,
> 058h, 011h, 059h, 01bh, 0e3h, 092h, 0f9h, 082h,
> 0fbh, 03eh, 087h, 0d0h, 095h, 0aeh, 0b4h, 004h,
> 048h, 0dbh, 097h, 02fh, 03ah, 0c1h, 04fh, 07bh,
> 0c2h, 075h, 019h, 052h, 081h, 0ceh, 032h, 0d2h,
> 0f1h, 0b7h, 06dh, 04dh, 035h, 03eh, 02dh
> };
>
> ct : ARRAY [0..127] OF CARDINAL8 =
> {
> 012h, 053h, 0e0h, 04dh, 0c0h, 0a5h, 039h, 07bh,
> 0b4h, 04ah, 07ah, 0b8h, 07eh, 09bh, 0f2h, 0a0h,
> 039h, 0a3h, 03dh, 01eh, 099h, 06fh, 0c8h, 02ah,
> 094h, 0cch, 0d3h, 000h, 074h, 0c9h, 05dh, 0f7h,
> 063h, 072h, 020h, 017h, 006h, 09eh, 052h, 068h,
> 0dah, 05dh, 01ch, 00bh, 04fh, 087h, 02ch, 0f6h,
> 053h, 0c1h, 01dh, 0f8h, 023h, 014h, 0a6h, 079h,
> 068h, 0dfh, 0eah, 0e2h, 08dh, 0efh, 004h, 0bbh,
> 06dh, 084h, 0b1h, 0c3h, 01dh, 065h, 04ah, 019h,
> 070h, 0e5h, 078h, 03bh, 0d6h, 0ebh, 096h, 0a0h,
> 024h, 0c2h, 0cah, 02fh, 04ah, 090h, 0feh, 09fh,
> 02eh, 0f5h, 0c9h, 0c1h, 040h, 0e5h, 0bbh, 048h,
> 0dah, 095h, 036h, 0adh, 087h, 000h, 0c8h, 04fh,
> 0c9h, 013h, 00ah, 0deh, 0a7h, 04eh, 055h, 08dh,
> 051h, 0a7h, 04dh, 0dfh, 085h, 0d8h, 0b5h, 00dh,
> 0e9h, 068h, 038h, 0d6h, 006h, 03eh, 009h, 055h
> };
> (*
> ems = "eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2 ca 82 31 0b 26 dc
> d8 7d 5c " +
> "68 f1 ee a8 f5 52 67 c3 1b 2e 8b b4 25 1f 84 d7 e0 b2 c0 46 26
> f5 af f9 " +
> "3e dc fb 25 c9 c2 b3 ff 8a e1 0e 83 9a 2d db 4c dc fe 4f f4 77
> 28 b4 a1 " +
> "b7 c1 36 2b aa d2 9a b4 8d 28 69 d5 02 41 21 43 58 11 59 1b e3
> 92 f9 82 " +
> "fb 3e 87 d0 95 ae b4 04 48 db 97 2f 3a c1 4f 7b c2 75 19 52 81
> ce 32 d2 " +
> "f1 b7 6d 4d 35 3e 2d";
>
> cs = "12 53 e0 4d c0 a5 39 7b b4 4a 7a b8 7e 9b f2 a0 39 a3 3d 1e 99 6f
> c8 2a " +
> "94 cc d3 00 74 c9 5d f7 63 72 20 17 06 9e 52 68 da 5d 1c 0b 4f 87
> 2c f6 " +
> "53 c1 1d f8 23 14 a6 79 68 df ea e2 8d ef 04 bb 6d 84 b1 c3 1d 65
> 4a 19 " +
> "70 e5 78 3b d6 eb 96 a0 24 c2 ca 2f 4a 90 fe 9f 2e f5 c9 c1 40 e5
> bb 48 " +
> "da 95 36 ad 87 00 c8 4f c9 13 0a de a7 4e 55 8d 51 a7 4d df 85 d8
> b5 0d " +
> "e9 68 38 d6 06 3e 09 55";*)
>
> e = 17;
>
> iterations = 5000;
>
> VAR
> p, q, n : VLI.VLI;
> m, c : VLI.VLI;
> t : VLI.VLI;
> output : ARRAY [0..127] OF CARDINAL8;
> outputLen : CARDINAL;
> msgLen : CARDINAL;
> cryptPQ,
> cryptN : RSA;
> ch : CHAR;
>
> i : CARDINAL;
>
> PROCEDURE verify(a, b : ARRAY OF BYTE; count : CARDINAL) : BOOLEAN;
> VAR
> i : CARDINAL;
> BEGIN
> FOR i := 0 TO count-1 DO
> IF a[i] <> b[i] THEN
> RETURN FALSE;
> END;
> END;
> RETURN TRUE;
> END verify;
>
> BEGIN
> p := VLI.Create();
> q := VLI.Create();
> n := VLI.Create();
> m := VLI.Create();
> c := VLI.Create();
> t := VLI.Create();
>
> IF VLI.FromHexString(ps, p) AND VLI.FromHexString(qs, q) THEN
> VLI.Multiply(p, q, n);
> cryptPQ := Create(e, p, q, NIL);
> cryptN := Create(e, NIL, NIL, n);
> IF (cryptPQ <> NIL) AND (cryptN <> NIL) THEN
> i := 0;
> LOOP
> IF i < iterations THEN
> INC(i);
>
> outputLen := SIZE(output);
> IF PublicFunction(cryptN(*cryptPQ*), ADR(em), SIZE(em),
> ADR(output), outputLen) THEN
> IF outputLen = SIZE(ct) THEN
> IF verify(ct, output, SIZE(ct)) THEN
> msgLen := outputLen;
> outputLen := SIZE(output);
> IF PrivateFunction(cryptPQ,
> ADR(output), msgLen,
> ADR(output), outputLen)
> THEN
> IF outputLen = SIZE(em) THEN
> IF NOT verify(output, em, SIZE(em))
> THEN
> WriteString("Failed
> PrivateFunction verify. Press a key");
> WriteLn;
> ReadChar(ch);
> EXIT;
> END;
> ELSE
> WriteString("Failed PrivateFunction
> length. Press a key");
> WriteLn;
> ReadChar(ch);
> EXIT;
> END;
> ELSE
> WriteString("Failed PrivateFunction.
> Press a key");
> WriteLn;
> ReadChar(ch);
> EXIT;
> END;
> ELSE
> WriteString("Failed PublicFunction verify.
> Press a key");
> WriteLn;
> ReadChar(ch);
> EXIT;
> END;
> ELSE
> WriteString("Failed PublicFunction length. Press
> a key");
> WriteLn;
> ReadChar(ch);
> EXIT;
> END;
> ELSE
> WriteString("Failed PublicFunction. Press a key");
> WriteLn;
> ReadChar(ch);
> EXIT;
> END;
> ELSE
> EXIT;
> END;
> END;
>
> Destroy(cryptPQ);
> Destroy(cryptN);
> ELSE
> WriteString("Failed Create. Press a key");
> WriteLn;
> ReadChar(ch);
> END;
> ELSE
> WriteString("Failed FromHexString. Press a key");
> WriteLn;
> ReadChar(ch);
> END;
>
> VLI.Dispose(t);
> VLI.Dispose(c);
> VLI.Dispose(m);
> VLI.Dispose(q);
> VLI.Dispose(p);
> END bug.

I found an error in this but it is related to the OAEP encoding procedures.
OAEP uses a random number to hash with and some random number the algorithm
is failing. OAEP randomizes it random number generator with the current time
so that adds to the sporadic nature of the failures. It will likely take me
some time to decipher this problem.

Your original example did not show you using OAEP encoding. I cannot get the
RSA to fail when not using OAEP encoding.

I did find a trivial inconsequential error in RSA.mod. In the Destroy
procedure.

Reallocated(crypt, SIZE(crypt), crypt^.heap);
should be
Reallocated(crypt, SIZE(crypt^), crypt^.heap);

The size parameter to deallocate is ignored unless you enable the debug mode
of the ExStorage module.

Norman

"rko" <rko@compugroup.com> wrote in message
news:1122450362.018580.215240@o13g2000cwo.googlegr oups.com...
> thanx for the answer. i tried the following:
>
> MODULE rsatests;
> FROM RSA IMPORT *;
>
> VAR
> counter: INTEGER = 1;
> BEGIN
> WHILE counter < 10000 DO
> IF NOT SelfTest() THEN
> HALT;
> END;
> INC(counter);
> END;
>
> HALT;
> END rsatests.
>
> the selftest will fail everytime. the highest counter i got was about
> 500 and i desparatly need this to work all the time.
>
> richard
>
> Norman Black schrieb:
>> Here is an example test program I just created from using the RSA module
>> SelfTest procedure. The program runs without errors.
>>
>> MODULE bug;
>>
>> FROM SYSTEM IMPORT
>> BYTE, ADR;
>>
>> FROM RSA IMPORT *;
>> IMPORT VLI;
>> FROM STextIO IMPORT
>> WriteString, WriteLn, ReadChar;
>>
>> (* test vectors taken from rsa-oaep_spec.pdf found at www.rsasecurity.com
>> *)
>> CONST
>> ps = "ee cf ae 81 b1 b9 b3 c9 08 81 0b 10 a1 b5 60 01 99 eb 9f 44 ae
>> f4
>> fd a4 " +
>> "93 b8 1a 9e 3d 84 f6 32 12 4e f0 23 6e 5d 1e 3b 7e 28 fa e7 aa
>> 04
>> 0a 2d " +
>> "5b 25 21 76 45 9d 1f 39 75 41 ba 2a 58 fb 65 99";
>>
>> qs = "c9 7f b1 f0 27 f4 53 f6 34 12 33 ea aa d1 d9 35 3f 6c 42 d0 88
>> 66
>> b1 d0 " +
>> "5a 0f 20 35 02 8b 9d 86 98 40 b4 16 66 b4 2e 92 ea 0d a3 b4 32
>> 04
>> b5 cf " +
>> "ce 33 52 52 4d 04 16 a5 a4 41 e7 00 af 46 15 03";
>>
>> em : ARRAY [0..126] OF CARDINAL8 =
>> {
>> 0ebh, 07ah, 019h, 0ach, 0e9h, 0e3h, 000h, 063h,
>> 050h, 0e3h, 029h, 050h, 04bh, 045h, 0e2h, 0cah,
>> 082h, 031h, 00bh, 026h, 0dch, 0d8h, 07dh, 05ch,
>> 068h, 0f1h, 0eeh, 0a8h, 0f5h, 052h, 067h, 0c3h,
>> 01bh, 02eh, 08bh, 0b4h, 025h, 01fh, 084h, 0d7h,
>> 0e0h, 0b2h, 0c0h, 046h, 026h, 0f5h, 0afh, 0f9h,
>> 03eh, 0dch, 0fbh, 025h, 0c9h, 0c2h, 0b3h, 0ffh,
>> 08ah, 0e1h, 00eh, 083h, 09ah, 02dh, 0dbh, 04ch,
>> 0dch, 0feh, 04fh, 0f4h, 077h, 028h, 0b4h, 0a1h,
>> 0b7h, 0c1h, 036h, 02bh, 0aah, 0d2h, 09ah, 0b4h,
>> 08dh, 028h, 069h, 0d5h, 002h, 041h, 021h, 043h,
>> 058h, 011h, 059h, 01bh, 0e3h, 092h, 0f9h, 082h,
>> 0fbh, 03eh, 087h, 0d0h, 095h, 0aeh, 0b4h, 004h,
>> 048h, 0dbh, 097h, 02fh, 03ah, 0c1h, 04fh, 07bh,
>> 0c2h, 075h, 019h, 052h, 081h, 0ceh, 032h, 0d2h,
>> 0f1h, 0b7h, 06dh, 04dh, 035h, 03eh, 02dh
>> };
>>
>> ct : ARRAY [0..127] OF CARDINAL8 =
>> {
>> 012h, 053h, 0e0h, 04dh, 0c0h, 0a5h, 039h, 07bh,
>> 0b4h, 04ah, 07ah, 0b8h, 07eh, 09bh, 0f2h, 0a0h,
>> 039h, 0a3h, 03dh, 01eh, 099h, 06fh, 0c8h, 02ah,
>> 094h, 0cch, 0d3h, 000h, 074h, 0c9h, 05dh, 0f7h,
>> 063h, 072h, 020h, 017h, 006h, 09eh, 052h, 068h,
>> 0dah, 05dh, 01ch, 00bh, 04fh, 087h, 02ch, 0f6h,
>> 053h, 0c1h, 01dh, 0f8h, 023h, 014h, 0a6h, 079h,
>> 068h, 0dfh, 0eah, 0e2h, 08dh, 0efh, 004h, 0bbh,
>> 06dh, 084h, 0b1h, 0c3h, 01dh, 065h, 04ah, 019h,
>> 070h, 0e5h, 078h, 03bh, 0d6h, 0ebh, 096h, 0a0h,
>> 024h, 0c2h, 0cah, 02fh, 04ah, 090h, 0feh, 09fh,
>> 02eh, 0f5h, 0c9h, 0c1h, 040h, 0e5h, 0bbh, 048h,
>> 0dah, 095h, 036h, 0adh, 087h, 000h, 0c8h, 04fh,
>> 0c9h, 013h, 00ah, 0deh, 0a7h, 04eh, 055h, 08dh,
>> 051h, 0a7h, 04dh, 0dfh, 085h, 0d8h, 0b5h, 00dh,
>> 0e9h, 068h, 038h, 0d6h, 006h, 03eh, 009h, 055h
>> };
>> (*
>> ems = "eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2 ca 82 31 0b 26
>> dc
>> d8 7d 5c " +
>> "68 f1 ee a8 f5 52 67 c3 1b 2e 8b b4 25 1f 84 d7 e0 b2 c0 46
>> 26
>> f5 af f9 " +
>> "3e dc fb 25 c9 c2 b3 ff 8a e1 0e 83 9a 2d db 4c dc fe 4f f4
>> 77
>> 28 b4 a1 " +
>> "b7 c1 36 2b aa d2 9a b4 8d 28 69 d5 02 41 21 43 58 11 59 1b
>> e3
>> 92 f9 82 " +
>> "fb 3e 87 d0 95 ae b4 04 48 db 97 2f 3a c1 4f 7b c2 75 19 52
>> 81
>> ce 32 d2 " +
>> "f1 b7 6d 4d 35 3e 2d";
>>
>> cs = "12 53 e0 4d c0 a5 39 7b b4 4a 7a b8 7e 9b f2 a0 39 a3 3d 1e 99
>> 6f
>> c8 2a " +
>> "94 cc d3 00 74 c9 5d f7 63 72 20 17 06 9e 52 68 da 5d 1c 0b 4f
>> 87
>> 2c f6 " +
>> "53 c1 1d f8 23 14 a6 79 68 df ea e2 8d ef 04 bb 6d 84 b1 c3 1d
>> 65
>> 4a 19 " +
>> "70 e5 78 3b d6 eb 96 a0 24 c2 ca 2f 4a 90 fe 9f 2e f5 c9 c1 40
>> e5
>> bb 48 " +
>> "da 95 36 ad 87 00 c8 4f c9 13 0a de a7 4e 55 8d 51 a7 4d df 85
>> d8
>> b5 0d " +
>> "e9 68 38 d6 06 3e 09 55";*)
>>
>> e = 17;
>>
>> iterations = 5000;
>>
>> VAR
>> p, q, n : VLI.VLI;
>> m, c : VLI.VLI;
>> t : VLI.VLI;
>> output : ARRAY [0..127] OF CARDINAL8;
>> outputLen : CARDINAL;
>> msgLen : CARDINAL;
>> cryptPQ,
>> cryptN : RSA;
>> ch : CHAR;
>>
>> i : CARDINAL;
>>
>> PROCEDURE verify(a, b : ARRAY OF BYTE; count : CARDINAL) : BOOLEAN;
>> VAR
>> i : CARDINAL;
>> BEGIN
>> FOR i := 0 TO count-1 DO
>> IF a[i] <> b[i] THEN
>> RETURN FALSE;
>> END;
>> END;
>> RETURN TRUE;
>> END verify;
>>
>> BEGIN
>> p := VLI.Create();
>> q := VLI.Create();
>> n := VLI.Create();
>> m := VLI.Create();
>> c := VLI.Create();
>> t := VLI.Create();
>>
>> IF VLI.FromHexString(ps, p) AND VLI.FromHexString(qs, q) THEN
>> VLI.Multiply(p, q, n);
>> cryptPQ := Create(e, p, q, NIL);
>> cryptN := Create(e, NIL, NIL, n);
>> IF (cryptPQ <> NIL) AND (cryptN <> NIL) THEN
>> i := 0;
>> LOOP
>> IF i < iterations THEN
>> INC(i);
>>
>> outputLen := SIZE(output);
>> IF PublicFunction(cryptN(*cryptPQ*), ADR(em),
>> SIZE(em),
>> ADR(output), outputLen) THEN
>> IF outputLen = SIZE(ct) THEN
>> IF verify(ct, output, SIZE(ct)) THEN
>> msgLen := outputLen;
>> outputLen := SIZE(output);
>> IF PrivateFunction(cryptPQ,
>> ADR(output), msgLen,
>> ADR(output),
>> outputLen)
>> THEN
>> IF outputLen = SIZE(em) THEN
>> IF NOT verify(output, em,
>> SIZE(em))
>> THEN
>> WriteString("Failed
>> PrivateFunction verify. Press a key");
>> WriteLn;
>> ReadChar(ch);
>> EXIT;
>> END;
>> ELSE
>> WriteString("Failed
>> PrivateFunction
>> length. Press a key");
>> WriteLn;
>> ReadChar(ch);
>> EXIT;
>> END;
>> ELSE
>> WriteString("Failed PrivateFunction.
>> Press a key");
>> WriteLn;
>> ReadChar(ch);
>> EXIT;
>> END;
>> ELSE
>> WriteString("Failed PublicFunction
>> verify.
>> Press a key");
>> WriteLn;
>> ReadChar(ch);
>> EXIT;
>> END;
>> ELSE
>> WriteString("Failed PublicFunction length.
>> Press
>> a key");
>> WriteLn;
>> ReadChar(ch);
>> EXIT;
>> END;
>> ELSE
>> WriteString("Failed PublicFunction. Press a
>> key");
>> WriteLn;
>> ReadChar(ch);
>> EXIT;
>> END;
>> ELSE
>> EXIT;
>> END;
>> END;
>>
>> Destroy(cryptPQ);
>> Destroy(cryptN);
>> ELSE
>> WriteString("Failed Create. Press a key");
>> WriteLn;
>> ReadChar(ch);
>> END;
>> ELSE
>> WriteString("Failed FromHexString. Press a key");
>> WriteLn;
>> ReadChar(ch);
>> END;
>>
>> VLI.Dispose(t);
>> VLI.Dispose(c);
>> VLI.Dispose(m);
>> VLI.Dispose(q);
>> VLI.Dispose(p);
>> END bug.
>

I have been able to duplicate the problem in all cases. The problem is in
the conversion from raw byte data to/from a VLI number. The problem occurs
with leading zero byes in the raw data. I will look into what the best
solution is.

Norman

"Norman Black" <nospam@nospam.com> wrote in message
news:x4bGe.10318$6M3.7699@trnddc03...
>I found an error in this but it is related to the OAEP encoding procedures.
>OAEP uses a random number to hash with and some random number the algorithm
>is failing. OAEP randomizes it random number generator with the current
>time so that adds to the sporadic nature of the failures. It will likely
>take me some time to decipher this problem.
>
> Your original example did not show you using OAEP encoding. I cannot get
> the RSA to fail when not using OAEP encoding.
>
> I did find a trivial inconsequential error in RSA.mod. In the Destroy
> procedure.
>
> Reallocated(crypt, SIZE(crypt), crypt^.heap);
> should be
> Reallocated(crypt, SIZE(crypt^), crypt^.heap);
>
> The size parameter to deallocate is ignored unless you enable the debug
> mode of the ExStorage module.
>
> Norman
>
> "rko" <rko@compugroup.com> wrote in message
> news:1122450362.018580.215240@o13g2000cwo.googlegr oups.com...
>> thanx for the answer. i tried the following:
>>
>> MODULE rsatests;
>> FROM RSA IMPORT *;
>>
>> VAR
>> counter: INTEGER = 1;
>> BEGIN
>> WHILE counter < 10000 DO
>> IF NOT SelfTest() THEN
>> HALT;
>> END;
>> INC(counter);
>> END;
>>
>> HALT;
>> END rsatests.
>>
>> the selftest will fail everytime. the highest counter i got was about
>> 500 and i desparatly need this to work all the time.
>>
>> richard
>>
>> Norman Black schrieb:
>>> Here is an example test program I just created from using the RSA module
>>> SelfTest procedure. The program runs without errors.
>>>
>>> MODULE bug;
>>>
>>> FROM SYSTEM IMPORT
>>> BYTE, ADR;
>>>
>>> FROM RSA IMPORT *;
>>> IMPORT VLI;
>>> FROM STextIO IMPORT
>>> WriteString, WriteLn, ReadChar;
>>>
>>> (* test vectors taken from rsa-oaep_spec.pdf found at
>>> www.rsasecurity.com *)
>>> CONST
>>> ps = "ee cf ae 81 b1 b9 b3 c9 08 81 0b 10 a1 b5 60 01 99 eb 9f 44
>>> ae f4
>>> fd a4 " +
>>> "93 b8 1a 9e 3d 84 f6 32 12 4e f0 23 6e 5d 1e 3b 7e 28 fa e7
>>> aa 04
>>> 0a 2d " +
>>> "5b 25 21 76 45 9d 1f 39 75 41 ba 2a 58 fb 65 99";
>>>
>>> qs = "c9 7f b1 f0 27 f4 53 f6 34 12 33 ea aa d1 d9 35 3f 6c 42 d0
>>> 88 66
>>> b1 d0 " +
>>> "5a 0f 20 35 02 8b 9d 86 98 40 b4 16 66 b4 2e 92 ea 0d a3 b4
>>> 32 04
>>> b5 cf " +
>>> "ce 33 52 52 4d 04 16 a5 a4 41 e7 00 af 46 15 03";
>>>
>>> em : ARRAY [0..126] OF CARDINAL8 =
>>> {
>>> 0ebh, 07ah, 019h, 0ach, 0e9h, 0e3h, 000h, 063h,
>>> 050h, 0e3h, 029h, 050h, 04bh, 045h, 0e2h, 0cah,
>>> 082h, 031h, 00bh, 026h, 0dch, 0d8h, 07dh, 05ch,
>>> 068h, 0f1h, 0eeh, 0a8h, 0f5h, 052h, 067h, 0c3h,
>>> 01bh, 02eh, 08bh, 0b4h, 025h, 01fh, 084h, 0d7h,
>>> 0e0h, 0b2h, 0c0h, 046h, 026h, 0f5h, 0afh, 0f9h,
>>> 03eh, 0dch, 0fbh, 025h, 0c9h, 0c2h, 0b3h, 0ffh,
>>> 08ah, 0e1h, 00eh, 083h, 09ah, 02dh, 0dbh, 04ch,
>>> 0dch, 0feh, 04fh, 0f4h, 077h, 028h, 0b4h, 0a1h,
>>> 0b7h, 0c1h, 036h, 02bh, 0aah, 0d2h, 09ah, 0b4h,
>>> 08dh, 028h, 069h, 0d5h, 002h, 041h, 021h, 043h,
>>> 058h, 011h, 059h, 01bh, 0e3h, 092h, 0f9h, 082h,
>>> 0fbh, 03eh, 087h, 0d0h, 095h, 0aeh, 0b4h, 004h,
>>> 048h, 0dbh, 097h, 02fh, 03ah, 0c1h, 04fh, 07bh,
>>> 0c2h, 075h, 019h, 052h, 081h, 0ceh, 032h, 0d2h,
>>> 0f1h, 0b7h, 06dh, 04dh, 035h, 03eh, 02dh
>>> };
>>>
>>> ct : ARRAY [0..127] OF CARDINAL8 =
>>> {
>>> 012h, 053h, 0e0h, 04dh, 0c0h, 0a5h, 039h, 07bh,
>>> 0b4h, 04ah, 07ah, 0b8h, 07eh, 09bh, 0f2h, 0a0h,
>>> 039h, 0a3h, 03dh, 01eh, 099h, 06fh, 0c8h, 02ah,
>>> 094h, 0cch, 0d3h, 000h, 074h, 0c9h, 05dh, 0f7h,
>>> 063h, 072h, 020h, 017h, 006h, 09eh, 052h, 068h,
>>> 0dah, 05dh, 01ch, 00bh, 04fh, 087h, 02ch, 0f6h,
>>> 053h, 0c1h, 01dh, 0f8h, 023h, 014h, 0a6h, 079h,
>>> 068h, 0dfh, 0eah, 0e2h, 08dh, 0efh, 004h, 0bbh,
>>> 06dh, 084h, 0b1h, 0c3h, 01dh, 065h, 04ah, 019h,
>>> 070h, 0e5h, 078h, 03bh, 0d6h, 0ebh, 096h, 0a0h,
>>> 024h, 0c2h, 0cah, 02fh, 04ah, 090h, 0feh, 09fh,
>>> 02eh, 0f5h, 0c9h, 0c1h, 040h, 0e5h, 0bbh, 048h,
>>> 0dah, 095h, 036h, 0adh, 087h, 000h, 0c8h, 04fh,
>>> 0c9h, 013h, 00ah, 0deh, 0a7h, 04eh, 055h, 08dh,
>>> 051h, 0a7h, 04dh, 0dfh, 085h, 0d8h, 0b5h, 00dh,
>>> 0e9h, 068h, 038h, 0d6h, 006h, 03eh, 009h, 055h
>>> };
>>> (*
>>> ems = "eb 7a 19 ac e9 e3 00 63 50 e3 29 50 4b 45 e2 ca 82 31 0b 26
>>> dc
>>> d8 7d 5c " +
>>> "68 f1 ee a8 f5 52 67 c3 1b 2e 8b b4 25 1f 84 d7 e0 b2 c0 46
>>> 26
>>> f5 af f9 " +
>>> "3e dc fb 25 c9 c2 b3 ff 8a e1 0e 83 9a 2d db 4c dc fe 4f f4
>>> 77
>>> 28 b4 a1 " +
>>> "b7 c1 36 2b aa d2 9a b4 8d 28 69 d5 02 41 21 43 58 11 59 1b
>>> e3
>>> 92 f9 82 " +
>>> "fb 3e 87 d0 95 ae b4 04 48 db 97 2f 3a c1 4f 7b c2 75 19 52
>>> 81
>>> ce 32 d2 " +
>>> "f1 b7 6d 4d 35 3e 2d";
>>>
>>> cs = "12 53 e0 4d c0 a5 39 7b b4 4a 7a b8 7e 9b f2 a0 39 a3 3d 1e
>>> 99 6f
>>> c8 2a " +
>>> "94 cc d3 00 74 c9 5d f7 63 72 20 17 06 9e 52 68 da 5d 1c 0b
>>> 4f 87
>>> 2c f6 " +
>>> "53 c1 1d f8 23 14 a6 79 68 df ea e2 8d ef 04 bb 6d 84 b1 c3
>>> 1d 65
>>> 4a 19 " +
>>> "70 e5 78 3b d6 eb 96 a0 24 c2 ca 2f 4a 90 fe 9f 2e f5 c9 c1
>>> 40 e5
>>> bb 48 " +
>>> "da 95 36 ad 87 00 c8 4f c9 13 0a de a7 4e 55 8d 51 a7 4d df
>>> 85 d8
>>> b5 0d " +
>>> "e9 68 38 d6 06 3e 09 55";*)
>>>
>>> e = 17;
>>>
>>> iterations = 5000;
>>>
>>> VAR
>>> p, q, n : VLI.VLI;
>>> m, c : VLI.VLI;
>>> t : VLI.VLI;
>>> output : ARRAY [0..127] OF CARDINAL8;
>>> outputLen : CARDINAL;
>>> msgLen : CARDINAL;
>>> cryptPQ,
>>> cryptN : RSA;
>>> ch : CHAR;
>>>
>>> i : CARDINAL;
>>>
>>> PROCEDURE verify(a, b : ARRAY OF BYTE; count : CARDINAL) : BOOLEAN;
>>> VAR
>>> i : CARDINAL;
>>> BEGIN
>>> FOR i := 0 TO count-1 DO
>>> IF a[i] <> b[i] THEN
>>> RETURN FALSE;
>>> END;
>>> END;
>>> RETURN TRUE;
>>> END verify;
>>>
>>> BEGIN
>>> p := VLI.Create();
>>> q := VLI.Create();
>>> n := VLI.Create();
>>> m := VLI.Create();
>>> c := VLI.Create();
>>> t := VLI.Create();
>>>
>>> IF VLI.FromHexString(ps, p) AND VLI.FromHexString(qs, q) THEN
>>> VLI.Multiply(p, q, n);
>>> cryptPQ := Create(e, p, q, NIL);
>>> cryptN := Create(e, NIL, NIL, n);
>>> IF (cryptPQ <> NIL) AND (cryptN <> NIL) THEN
>>> i := 0;
>>> LOOP
>>> IF i < iterations THEN
>>> INC(i);
>>>
>>> outputLen := SIZE(output);
>>> IF PublicFunction(cryptN(*cryptPQ*), ADR(em),
>>> SIZE(em),
>>> ADR(output), outputLen) THEN
>>> IF outputLen = SIZE(ct) THEN
>>> IF verify(ct, output, SIZE(ct)) THEN
>>> msgLen := outputLen;
>>> outputLen := SIZE(output);
>>> IF PrivateFunction(cryptPQ,
>>> ADR(output), msgLen,
>>> ADR(output),
>>> outputLen)
>>> THEN
>>> IF outputLen = SIZE(em) THEN
>>> IF NOT verify(output, em,
>>> SIZE(em))
>>> THEN
>>> WriteString("Failed
>>> PrivateFunction verify. Press a key");
>>> WriteLn;
>>> ReadChar(ch);
>>> EXIT;
>>> END;
>>> ELSE
>>> WriteString("Failed
>>> PrivateFunction
>>> length. Press a key");
>>> WriteLn;
>>> ReadChar(ch);
>>> EXIT;
>>> END;
>>> ELSE
>>> WriteString("Failed PrivateFunction.
>>> Press a key");
>>> WriteLn;
>>> ReadChar(ch);
>>> EXIT;
>>> END;
>>> ELSE
>>> WriteString("Failed PublicFunction
>>> verify.
>>> Press a key");
>>> WriteLn;
>>> ReadChar(ch);
>>> EXIT;
>>> END;
>>> ELSE
>>> WriteString("Failed PublicFunction length.
>>> Press
>>> a key");
>>> WriteLn;
>>> ReadChar(ch);
>>> EXIT;
>>> END;
>>> ELSE
>>> WriteString("Failed PublicFunction. Press a
>>> key");
>>> WriteLn;
>>> ReadChar(ch);
>>> EXIT;
>>> END;
>>> ELSE
>>> EXIT;
>>> END;
>>> END;
>>>
>>> Destroy(cryptPQ);
>>> Destroy(cryptN);
>>> ELSE
>>> WriteString("Failed Create. Press a key");
>>> WriteLn;
>>> ReadChar(ch);
>>> END;
>>> ELSE
>>> WriteString("Failed FromHexString. Press a key");
>>> WriteLn;
>>> ReadChar(ch);
>>> END;
>>>
>>> VLI.Dispose(t);
>>> VLI.Dispose(c);
>>> VLI.Dispose(m);
>>> VLI.Dispose(q);
>>> VLI.Dispose(p);
>>> END bug.
>>
>
>

"Norman Black" <nospam@nospam.com> wrote in message
news:U4gGe.8269$wA1.942@trnddc09...
>I have been able to duplicate the problem in all cases. The problem is in
>the conversion from raw byte data to/from a VLI number. The problem occurs
>with leading zero byes in the raw data. I will look into what the best
>solution is.

I can elaborate on this further. Say you want to encrypt 4 bytes of data and
that data is 0000FFFFh. That is a numerical 65535. RSA does not encrypt
bytes of data like symmetric encryption algorithms like DES. RSA encrypts
numbers. Encrypt(public) 65535 in RSA and that results in a number. Then
decrypt(private) the number and you get back 65535. How many bytes should be
stored for the 65535. 2 bytes, 4 bytes, 5 bytes? RSA does not know nor does
it care. It operates on numbers not bytes of data. 65535 takes two bytyes
minimum but can be stored in a number of bytes more than that. FFFFh =
0000000000000000FFFFh. When you decrypt an encrypted RSA item you have to
know what the size of the resulting item needs to be so you can add leading
pad zeros if necessary. Or just never encrypt any data bytes with leading
zeros. Say you are encrypting 40 bytes of data. Fudge it to 41 with a
leading 1 byte. When you decrypt you can ignore the extra byte you added.

Norman

"Norman Black" <nospam@nospam.com> wrote in message
news:NwgGe.8272$wA1.7848@trnddc09...
> "Norman Black" <nospam@nospam.com> wrote in message
> news:U4gGe.8269$wA1.942@trnddc09...
>>I have been able to duplicate the problem in all cases. The problem is in
>>the conversion from raw byte data to/from a VLI number. The problem occurs
>>with leading zero byes in the raw data. I will look into what the best
>>solution is.
>
> I can elaborate on this further. Say you want to encrypt 4 bytes of data
> and that data is 0000FFFFh. That is a numerical 65535. RSA does not
> encrypt bytes of data like symmetric encryption algorithms like DES. RSA
> encrypts numbers. Encrypt(public) 65535 in RSA and that results in a
> number. Then decrypt(private) the number and you get back 65535. How many
> bytes should be stored for the 65535. 2 bytes, 4 bytes, 5 bytes? RSA does
> not know nor does it care. It operates on numbers not bytes of data. 65535
> takes two bytyes minimum but can be stored in a number of bytes more than
> that. FFFFh = 0000000000000000FFFFh. When you decrypt an encrypted RSA
> item you have to know what the size of the resulting item needs to be so
> you can add leading pad zeros if necessary. Or just never encrypt any data
> bytes with leading zeros. Say you are encrypting 40 bytes of data. Fudge
> it to 41 with a leading 1 byte. When you decrypt you can ignore the extra
> byte you added.
>

To elaborate on my elaboration. This issue is one good reason why you use an
encoding algorithm like OAEP when using RSA encryption. The encoding
algorithm always results in a known encrpytion data size regardless of the
input message length. Since you know the size data in then you know what the
data output size should be.

Of course another reason for the encoding algorithms is additional security.
OAEP encodes using a random number. The decode does not need to know
anything about the encoding randomness. Cool how people come up with
algorithms like that.

Norman