Crypto: RSA key validation fails with IPP 8.0.1, worked with 7.1.1

Crypto: RSA key validation fails with IPP 8.0.1, worked with 7.1.1

Hello,

I've originally submitted this issue through Premier support (#6000034472) but I haven't received any reply for one month now, so I'm trying here instead.

After upgrading IPP from 7.1.1 to 8.0.1, calling ippsRSAValidate results in IS_INVALID_KEY.

I have attached a test case rsa.zip. Just compile and link both rsa.cpp and bignumber.cpp. The main function is in rsa.cpp. It uses two prime numbers to set the public key (with N and E) and the private key (with P, Q and D). Then it validates the keys with ippsRSAValidate. Although all IPP calls return success status, the result of ippsRSAValidate is IS_INVALID_KEY when using IPP 8.0.1. It worked fine with IPP 7.1.1.

I'm linking to the static libraries. I have tested X86 and X64, both with the same issue. My CPU is Core i7 3770K.

Let me know if any other information is needed. Thank you.

AttachmentSize
Download rsa.zip5.1 KB
15 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Hi Ricardo,

we can't compile the code you've attached:

1>Deleting intermediate and output files for project 'xxx', configuration 'Debug|x64'

1>Compiling...

1>stdafx.cpp

1>rsa.cpp

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(84) : error C2143: syntax error : missing ')' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(84) : error C2143: syntax error : missing ';' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(84) : error C2652: 'utils::BigNumber' : illegal copy constructor: first parameter must not be a 'utils::BigNumber'

1>        c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(24) : see declaration of 'utils::BigNumber'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(84) : error C2059: syntax error : ')'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(84) : error C2238: unexpected token(s) preceding ';'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(104) : error C2143: syntax error : missing ')' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(104) : error C2143: syntax error : missing ';' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(104) : error C2059: syntax error : ')'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(104) : error C2238: unexpected token(s) preceding ';'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(260) : warning C4521: 'utils::BigNumber' : multiple copy constructors specified

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(260) : warning C4522: 'utils::BigNumber' : multiple assignment operators specified

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(268) : error C2614: 'utils::BigNumber' : illegal member initialization: 'BigNumber' is not a base or member

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(271) : error C2143: syntax error : missing ')' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(271) : error C2143: syntax error : missing ';' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(271) : error C2761: '{ctor}' : member function redeclaration not allowed

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(271) : error C2059: syntax error : ')'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(272) : error C2143: syntax error : missing ';' before '{'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(272) : error C2447: '{' : missing function header (old-style formal list?)

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(277) : error C2143: syntax error : missing ')' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(277) : error C2143: syntax error : missing ';' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(277) : error C2761: '=' : member function redeclaration not allowed

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(277) : error C2059: syntax error : ')'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(278) : error C2143: syntax error : missing ';' before '{'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(278) : error C2447: '{' : missing function header (old-style formal list?)

1>.\rsa.cpp(62) : fatal error C1903: unable to recover from previous error(s); stopping compilation

1>bignumber.cpp

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(84) : error C2143: syntax error : missing ')' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(84) : error C2143: syntax error : missing ';' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(84) : error C2652: 'utils::BigNumber' : illegal copy constructor: first parameter must not be a 'utils::BigNumber'

1>        c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(24) : see declaration of 'utils::BigNumber'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(84) : error C2059: syntax error : ')'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(84) : error C2238: unexpected token(s) preceding ';'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(104) : error C2143: syntax error : missing ')' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(104) : error C2143: syntax error : missing ';' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(104) : error C2059: syntax error : ')'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(104) : error C2238: unexpected token(s) preceding ';'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(260) : warning C4521: 'utils::BigNumber' : multiple copy constructors specified

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(260) : warning C4522: 'utils::BigNumber' : multiple assignment operators specified

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(268) : error C2614: 'utils::BigNumber' : illegal member initialization: 'BigNumber' is not a base or member

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(271) : error C2143: syntax error : missing ')' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(271) : error C2143: syntax error : missing ';' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(271) : error C2761: '{ctor}' : member function redeclaration not allowed

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(271) : error C2059: syntax error : ')'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(272) : error C2143: syntax error : missing ';' before '{'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(272) : error C2447: '{' : missing function header (old-style formal list?)

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(277) : error C2143: syntax error : missing ')' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(277) : error C2143: syntax error : missing ';' before '&&'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(277) : error C2761: '=' : member function redeclaration not allowed

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(277) : error C2059: syntax error : ')'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(278) : error C2143: syntax error : missing ';' before '{'

1>c:\users\skirillo\gres\my_2013\gres_prod_ms2008\ippcp_own\xxx\bignumber.h(278) : error C2447: '{' : missing function header (old-style formal list?)

1>.\bignumber.cpp(18) : error C2065: 'nullptr' : undeclared identifier

1>.\bignumber.cpp(27) : error C2065: 'nullptr' : undeclared identifier

1>.\bignumber.cpp(37) : error C2065: 'nullptr' : undeclared identifier

1>.\bignumber.cpp(51) : error C2065: 'nullptr' : undeclared identifier

1>.\bignumber.cpp(74) : fatal error C1903: unable to recover from previous error(s); stopping compilation

1>Generating Code...

1>Build log was saved at "file://c:\Users\skirillo\Gres\MY_2013\gres_prod_ms2008\IPPCP_OWN\xxx\x64\Debug\BuildLog.htm"

1>xxx - 50 error(s), 4 warning(s)

regards, Igor

 

Hi Igor, try to compile with the /Qstd=c++11 flag, that error seems to be the move constructor not being recognized. Thanks.

Just one note:

Recommendation: to add 2 lines at your rsa.cpp:

    ret = ippsRSASetKey(numE, IppRSAkeyE, privateKey);

    ret = ippsRSASetKey(numN, IppRSAkeyN, privateKey);

regards, Igor

Hi Igor,

The public key numbers are set at lines 106 and 108:

// Set up public RSA (N,E)
    IppStatus ret;
    ret = ippsRSASetKey(numN, IppRSAkeyN, publicKey);
    std::cout << "ippsRSASetKey(N) returned " << ret << std::endl;
    ret = ippsRSASetKey(numE, IppRSAkeyE, publicKey);
    std::cout << "ippsRSASetKey(E) returned " << ret << std::endl;

Or do you mean to use privateKey instead? It shouldn't be needed as N and E are used for encryption only. Also, that code follows the example found in IPP documentation, "Example of Using RSA Primitive Functions".

Thanks.

It seems my other post didn't went through: to solve the compile errors, you have to use the compiler flag /Qstd=c++11

Thanks.

Hi Ricardo, 

Sorry for the delay as new year holiday.  Thanks for the submitting.  we can reproduce the problem and was investigating it. I will get back to you if any news. 

( not sure if there is problem with permier.intel.com.  I can't search the issue 6000034472 in the system.  )

Best Regards,

Ying 

Hi Ricardo, 

I heard back from our experts.  The root of the problem is in the function.  We made copy-paste error. In result the input parameter pE in

ippsRSAValidate(const IppsBigNumState* pE,

                int nTrials, Ipp32u* pResult, IppsRSAState* pCtx,

                IppBitSupplier rndFunc, void* pRndParam)

does not use, but instead uses internal value of E stored in pCtx.

So, the workaround is as Igor mentioned : setup both E and N before ippsRSAValidate  call again as below.  

( we will fix the problem in 8.1, which targeted to be release in the late of year, then the two call will not needed by that time) 

Both E and N should be set before validation.

// Validate RSA keys

    ret = ippsRSASetKey(numE, IppRSAkeyE,  privateKey);

    std::cout << "ippsRSASetKey(E) returned " << ret << std::endl;

    ret = ippsRSASetKey(numN, IppRSAkeyN,  privateKey);

    std::cout << "ippsRSASetKey(N) returned " << ret << std::endl;

    IppsPRNGState* pRand = CreatePRNG();

    Ipp32u result;

    ret = ippsRSAValidate(numE, 50, &result, privateKey, ippsPRNGen, pRand);

    std::cout << "ippsRSAValidate(E) returned " << ret << std::endl;

    DeletePRNG(pRand);   

    std::cout << "ippsRSAValidate(E) result: ";

    switch (result)

Moreover, could you please check if you can open the issue  6000034472 when you log in premier Support and send one screenshot to me?  We haven't found the issue in the system, so may report the issue to the system admin. 

Thanks,

Ying 

Hi Ying,

Thanks for the update. I've attached the screenshots of the Premier support issue.

Regards,

Ricardo

Attachments: 

AttachmentSize
Download issue2.png62 KB
Download issue1.png81.98 KB

Hi Ricardo,

Thanks much for the reply.  I realized IPS admin may miss to give us the access right of  the product "Cryptography for Intel® Integrated Performance Primitives (Intel® IPP)", so we can't see any issues from the product category. I will report the problem to the product admin and hope be solved soon.

Thanks

Ying

Hi Ricardo,

Just let you know.

For some reason, IPS support system did not give any internal engineer access to the IPP crypto package, so that many issues in the “Cryptography for Intel® Integrated Performance Primitives” product were not attended for long time.

Now, we should have access for the “Cryptography for Intel® Integrated Performance Primitives” products.

Thanks

Ying

Hi Ying,

After upgrading to IPP 8.1 and doing some tests, it seems I have another issue with RSA. The previous sample now works correctly, but the decryption is still not working. I've added a few lines of code to the previous sample as follows:

 char* text = "1234567890X"; // string has 12 bytes including null terminator
 BigNumber msg((uint*)text, 12/4); // equivalent to 12/4 unsigned ints
 
 BigNumber enc(0, BitSizeToDwordSize(modBitSize));
 ret = ippsRSAEncrypt(msg, enc, publicKey);
 std::cout << "ippsRSAEncrypt returned " << ret << std::endl;
 
 BigNumber dec(0, BitSizeToDwordSize(modBitSize));
 ret = ippsRSADecrypt(enc, dec, privateKey);
 std::cout << "ippsRSADecrypt returned " << ret << std::endl;
 
 if (strcmp((char*)dec.GetArray(), text) != 0)
 {
  std::cout << "decrypted text is not the same as plain text!" << std::endl;
 }

 

But ippsRSADecrypt is returning -11 (ippStsOutOfRangeErr). It works fine in 7.1.1. I have attached the updated files for testing (updated-rsa.zip). Please use the following command-line to compile:

icl rsa.cpp bignumber.cpp /Qstd=c++11 /Qipp:crypto /Qipp-link:static

And then run rsa.exe.

Thanks.

Attachments: 

AttachmentSize
Download updated-rsa.zip5.32 KB

Problem persists with the IPP update 8.1.1.

Hi Ricardo, 

Could you please try IPP 8.2 where i heard the issue is fixed. 

Thanks

Ying 

 

Yes, 8.2 fixed it. Thanks.

Leave a Comment

Please sign in to add a comment. Not a member? Join today