FATAL: ecc_set_key failed: Invalid input packet. error in CryptX 0.066

DCIT / perl-CryptX

https://metacpan.org/pod/CryptX

Other

35 stars 23 forks source link

FATAL: ecc_set_key failed: Invalid input packet. error in CryptX 0.066 #58

Closed bakkiaraj closed 5 years ago

bakkiaraj commented 5 years ago

Hi,

The following code works well in CryptX 0.059

my $pk1 = Crypt::PK::ECC->new();
print "\n VERSION: ",$Crypt::PK::VERSION;
#generate_key for curve
$pk1->generate_key('BRAINPOOLP256R1'); #nistp256 
$pk1->import_key({
        curve_name => "BRAINPOOLP256R1",
        k          => "AA112345FFfFFFFFFFBBBBBCCCCCCCCCBBBBBBBBBBBEEEEEE227755449988566",
        pub_x      => "556677aabbcceeff332256743ee1200000ffaa56437899966552211ffccaabbb",
        pub_y      => "00eeff55662233449977446ddeeaabbff66677733344229966554433ffaabbcc",
});

The same code gives following error in 0.066 Version.

 VERSION: 0.066FATAL: ecc_set_key failed: Invalid input packet. at ...

What could be the cause?

karel-m commented 5 years ago

Your k value is too big, It should be smaller than BRAINPOOLP256R1 curve prime which is A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377.

And do not mix key loading and key generation:

use Crypt::PK::ECC;
use Data::Dumper;

# generate a new key
my $pk1 = Crypt::PK::ECC->new();
$pk1->generate_key('BRAINPOOLP256R1');
print Dumper($pk1->key2hash);

# import an existing key (public only)
my $pk2 = Crypt::PK::ECC->new();
$pk2->import_key({
  curve_name => "BRAINPOOLP256R1",
  pub_x      => "86E819FEF7505865C174C6D610FECF1A88BD328DA058CC3FC25B456DA332B62F",
  pub_y      => "A373B076CDDB12182CA21090270D57AEA6290D5DF9F7E90EF0AB85D28541BCCF",
});
print Dumper($pk2->key2hash);

bakkiaraj commented 5 years ago

Hi,

Thanks for quick reply. Sorry I gave a dummy key , x,y data because i could not provide real data which I use in project.

The confusion point is that, My k, pub_x, pub_y works well in old version of CryptX but not with CryptX 0.066.

Is this means some checks are newly added in version 0.066?

karel-m commented 5 years ago

Is this means some checks are newly added in version 0.066?

Yes the newer libtomcrypt (library behind CryptX) is stricter.

A possible workaround might be: k = k modulo prime

bakkiaraj commented 5 years ago

Understood. Yes my key is bigger than prime. When key is reduced, its working fine. Thanks a lot for lightning fast help.