Re: inconsistent timings for rsa sign/verify with 100K bit rsa keys

2010-09-02 Thread Georgi Guninski 
On Mon, Aug 30, 2010 at 05:34:49PM +0200, Mounir IDRASSI wrote:
 So, the modular exponentiation with the public exponent of key2 is 4
 times slower that the signing operation of key1 and it should cost 4
 x 5 min = 20 min which is very close to the 21 min you actually
 obtained.
 
 Does this answer your question?


yes, thanks.

i didn't know about the implementation details + openssl being visibly slower 
than
general purpose programs on generic 100K exponentiations added up to the
confusion. 

thanks.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl-1.0.0a and glibc detected sthg ;)

2010-08-09 Thread Georgi Guninski 
hi,


On Mon, Aug 09, 2010 at 10:36:03AM +0200, Mounir IDRASSI wrote:
  Hi,
 
 Signature verification is done through a modular exponentiation
 (using public exponent and modulus) that always leads to a result
 even fur a bogus RSA modulus.
 This result is checked against the PKCS#1 padding format. Since the
 RSA private key is invalid, the output of this exponentiation is
 different from DataToBeSigned used during certificate creation and
 thus the code doesn't find the PKCS#1 padding block header.
 So, the signature is bad because the decrypted signature has a bad format!
 I hope this clarifies things to you.


ok. i expected a message bad number instead of bad signature format


 You say at the end of your message that the private key was
 generated by a python wrapper, certainly a wrapper of OpenSSL, but
 in a previous message you are saying that you generated the key
 yourself (pen and paper). Which statement is correct? Maybe your
 wrapper wraps something else...
 

lol. the pen/paper generation was just humour.

this key was generated with pycrypto + some other pure python code for export to
your format. (the small prime was included on purpose).

i don't know if pycrypto depends on openssl (though it is not a
 direct wrapper).

the cert was generated entirely by openssl.


the imports:

from Crypto.PublicKey import RSA
from Crypto.Util.number import inverse
import random
import sys
from Crypto.PublicKey import pubkey
from Crypto.Util import number
import crypto # utils
import Crypto
from fractions import gcd
from Crypto.Hash import MD5


__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl-1.0.0a and glibc detected sthg ;)

2010-08-08 Thread Georgi Guninski 
i was pointing out this:

~/local/bin/openssl s_client -connect localhost:

depth=0 CN = CA
verify return:1
*** glibc detected *** /home/build/local/bin/openssl: double free or
corruption (fasttop): 0x00979300 ***

the glibc message means that the current heap operation is on invalid
pointer. the testcase crashed browser links on arch linux too (when
trying to connect to s_server -www).

btw, it seems *important* to use |s_server| from *1.0.0a*


On Sat, Aug 07, 2010 at 02:21:09PM +0300, Georgi Guninski wrote:
 openssl-1.0.0a on ubuntu, debian and arch.
 attached a private key and a cert.
 
 ~/local/bin/openssl s_server -www -accept  -cert /tmp/CA.cert  -key 
 /tmp/CA.key
 
 ~/local/bin/openssl s_client -connect localhost:
 
 depth=0 CN = CA
 verify return:1
 *** glibc detected *** /home/build/local/bin/openssl: double free or 
 corruption (fasttop): 0x00979300 ***
 
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

Re: openssl-1.0.0a and glibc detected sthg ;)

2010-08-08 Thread Georgi Guninski 
is the certificate at http://marc.info/?l=openssl-devm=128118163216952w=2
(with the malformed key) *syntactically* correct modulo the bad self signature?

with 1.0.0a
~/local/bin/openssl verify -check_ss_sig -CAfile /tmp/CA-P.cert /tmp/CA-P.cert 


/tmp/CA-P.cert: CN = CA
error 7 at 0 depth lookup:certificate signature failure
139828504536744:error:0407006A:rsa 
routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100:
139828504536744:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding 
check failed:rsa_eay.c:699:
139828504536744:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP 
lib:a_verify.c:184:

echo $?
0

i would expect an error about bad self signature, not format stuff.

the private key was generated by a python wrapper, the cert was generated with 
ubuntu's 0.9.8k 25 Mar 2009


On Sun, Aug 08, 2010 at 03:21:34PM +0200, Mounir IDRASSI wrote:
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

openssl-1.0.0a and glibc detected sthg ;)

2010-08-07 Thread Georgi Guninski 
openssl-1.0.0a on ubuntu, debian and arch.
attached a private key and a cert.

~/local/bin/openssl s_server -www -accept  -cert /tmp/CA.cert  -key 
/tmp/CA.key

~/local/bin/openssl s_client -connect localhost:

depth=0 CN = CA
verify return:1
*** glibc detected *** /home/build/local/bin/openssl: double free or corruption 
(fasttop): 0x00979300 ***

 ~/local/bin/openssl rsa -check -in /tmp/CA.key |more
writing RSA key
RSA key error: q not prime # definitely


CA.key
Description: application/pgp-keys
-BEGIN CERTIFICATE-
MIIE9DCCAuegAwIBAgIJAM0Vp3F9zD86MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV
BAMTAkNBMB4XDTEwMDgwNzA5MTQxMFoXDTExMDgwNzA5MTQxMFowDTELMAkGA1UE
AxMCQ0EwggIWMA0GCSqGSIb3DQEBAQUAA4ICAwAwggH+AoIB9TX4Eo4zvnzt6RIG
+EleSA89D6zfHzPx2L9jsZPxZcJ01lYDGiOAuFW09lloJ6iLMSS2GlA8pB5/1E8u
75vubs0w4L1QPrMRxQdUjp/j9yWwCxvYraL2tfyJVxTmMn6vUcZ5nuU7O3f6VBP1
hD4LeKII9H0sp5PzWaoXy/gBQKdAn7dV7dlCS/8V4AjF/HCqY/mwjkjdB37WEqQj
j/vYICARw7hdOKOW3D86uN4g209Kwc1wf34TUZCYVdP77o0xXHgaz9L10+j5cBSz
viC2Z7nOJ0mneAJSlEC892nvMoIvMhYwYr/twZjudNNc4tIXyfeQqM34AlwHYn3y
Jo560YpzX2IF1cs6wFdDqJxpyW1VuYlZAFbufn9A86wsFBr0QxppDjcaxZqBVOdz
t7bi8nXJE+JWpIDDrAW4T2ihqZENNbM7gkNL8+bjg3LcG2jbUOr3H5zVK+Q0x9+6
tLdIG5iRQCu8OI4Rd8nl8SqBAqjAXgniqRFqEzTKMEXN/9hzwl+jL2PrUfHOUxh3
J3IgAlqmlwVh+1gJl9VJf1DEn3Yn3ffMSLl/2L2dTVDxvoHnsjPEgtIAg6QzZR71
SQWeAHaZE3bJQAz1X9nWIxhw7bnRRj/EhwHJMQEalRRu2jIq+WN3aovrAMKEJeeL
U5i9LzVW8lLX7QIDAQABo24wbDAdBgNVHQ4EFgQUOod0n0f3AaUF0Tf9ttbmA3Fc
EjowPQYDVR0jBDYwNIAUOod0n0f3AaUF0Tf9ttbmA3FcEjqhEaQPMA0xCzAJBgNV
BAMTAkNBggkAzRWncX3MPzowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOC
AfYAHKLWDAa/aR62Xi2jAOGOBtcoYYdttizIkMtEnxd2QivssVBn156sIbMIsXgi
emUWhm35E4LKYfoK9aEorsfno8aMrzeYCuL0Zbbn67C2dUT61B2T5XN8eru8HYAa
nVxvHNj92auUjeAy7yWc7Kyx+RWXtkLG9BJ6fJVHzOwifEgfhS1ngjBe3MuviXOy
2h7BfaNQ3IOvAhSnjlWNoPcBFoOoRIVjfRSViD5X8jj47ab2JTKVFAH4bXf2eXUp
shcG77QeANoGFvmTpiPuUhmuZSXG4dyKmSqeq9SgouKZkq7aT24fNAqdwJp+ZJWH
2wP8LLvfSoyFZICMZU3AFfa5r3BOom8YCSwmeGhk9QVfLMD3TDvnV0aGEwz5BGjA
obLckVV2/VzbwublODRPtdr92ZAygRwDaUlqlDdfTcwajcUhlEpl8GtU+qmTgLe7
mT9Diich73DTsowN83p8v0s2waNVgpW3cxmCEonwD+1f1qiFM2uaTNYNMFVdBLyP
Kl9IFqC3v7Wt8VYuMbPnjNezhr7enpfa4eB1CeF+pdCdq3FK03UsFzBMZ63Vt8ia
NVlc3+esFSiea9hL+ROA4tfGjhQZcbHn/yZ8gL3dyyzoz2JV5pKWHV4+7nkq2h6A
QdRYHN8MDeQlxKw9nGSmpyzoQrqDyepn
-END CERTIFICATE-

Re: openssl-1.0.0a and glibc detected sthg ;)

2010-08-07 Thread Georgi Guninski 
On Sun, Aug 08, 2010 at 02:46:33AM +0200, Mounir IDRASSI wrote:
  Hi,
 

hi,

10x for your reply.

i have no complaints about the openssl key generation process for rsa
keys of this size. and don't expect vanilla openssl to do correct math
with this key.


 I checked the parameters of your 4008 bits key and it is indeed
 invalid (q is not prime).

agreed. (though the *public* key seems fine, even with the weak factor)

 How did you generate it? It would be surprising if it was done
 through OpenSSL.

pen and paper ;-) first trial factoring, then (optionally) a few
elliptic curves, then fermat's little theorem. i know a deterministic
primality test would be more scientific, but it is a bit slower on paper
;-)


 Anyway, you must generate a new RSA key.
 

yeah, i am generating a new key. sorry for the composite miztake.

 --
 Mounir IDRASSI
 IDRIX
 http://www.idrix.fr
 
 On 8/7/2010 1:21 PM, Georgi Guninski wrote:
 openssl-1.0.0a on ubuntu, debian and arch.
 attached a private key and a cert.
 
 ~/local/bin/openssl s_server -www -accept  -cert /tmp/CA.cert  -key 
 /tmp/CA.key
 
 ~/local/bin/openssl s_client -connect localhost:
 
 depth=0 CN = CA
 verify return:1
 *** glibc detected *** /home/build/local/bin/openssl: double free or 
 corruption (fasttop): 0x00979300 ***
 
   ~/local/bin/openssl rsa -check -in /tmp/CA.key |more
 writing RSA key
 RSA key error: q not prime # definitely
 
 __
 OpenSSL Project http://www.openssl.org
 Development Mailing List   openssl-dev@openssl.org
 Automated List Manager   majord...@openssl.org
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org