RSA encryption: the parameter is incorrect

Question

I'm using test vectors from https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/Component-Testing#RSADP (RSADP Decryption Operation Primitive Component Test Vectors)

Public key info and message (RSADPComponent800_56B.txt):

n = d0b750c8554b64c7a9d34d068e020fb52fea1b39c47971a359f0eec5da0437ea3fc94597d8dbff5444f6ce5a3293ac89b1eebb3f712b3ad6a06386e6401985e19898715b1ea32ac03456fe1796d31ed4af389f4f675c23c421a125491e740fdac4322ec2d46ec945ddc349227b492191c9049145fb2f8c2998c486a840eac4d3
e = 859e499b8a186c8ee6196954170eb8068593f0d764150a6d2e5d3fea7d9d0d33ac553eecd5c3f27a310115d283e49377820195c8e67781b6f112a625b14b747fa4cc13d06eba0917246c775f5c732865701ae9349ea8729cde0bbade38204e63359a46e672a8d0a2fd530069
message = 5c7bce723cf4da053e503147242c60678c67e8c22467f0336b6d5c31f14088cb3d6cefb648db132cb32e95092f3d9bcd1cab51e68bd3a892ab359cdff556785ae06708633d39a0618f9d6d70f6bdeb6b777e7dd9acc41f19560c71a68479c8a07b14fb9a4c765fd292ae56dd2f2143b62649cc70fb604fdc5cc1ade6e29de235
d (not necessary) = 27b7119a09edb827c13418c820b522a1ee08de0e4bb28106db6bb91498a3b361ab293af83fefcdd8a6bd2134ca4afacf64a0e33c014f48f47530f8847cc9185cbedec0d9238c8f1d5498f71c7c0cff48dc213421742e34350ca94007753cc0e5a783264cf49ff644ffea94253cfe86859acd2a2276ca4e7215f8ebaa2f188f51

Code:

public void Encrypt()
{
    RSAParameters keyParameters = new RSAParameters();
    keyParameters.Exponent = e; // Convert e from hex to byte[] before
    keyParameters.Modulus = n; // Convert as well
    byte[] data = message; // Convert as well

    RSA rsa = new RSACng();
    rsa.ImportParameters(keyParameters);
    var res = rsa.Encrypt(data, RSAEncryptionPadding.Pkcs1)
}

Last line throws an exception

The parameter is incorrect

Converting from hex to byte[] (simplified version for example purposes, tested):

public byte[] ConvertFromHexToByte(string data)
{
    byte[] byteArray = new byte[data.Length / 2];

    for (int x = 0; x < data.Length; x += 2)
    {
       byteArray[x / 2] = Convert.ToByte(data.Substring(x, 2), 16);
    }

    return byteArray;
 }

I tested encryption code by using RSAParameters from a random RSACng object, it seemed to work. I then tried to import all of the parameters (file also provides d, so all the parameters can be calculated and imported) using this answer (https://stackoverflow.com/a/44441955/7343355), it still throws me exception.

P.S. Ignore the padding mode, I haven't yet figured out which padding mode is in the test vectors and this is not a current problem

EDIT: Full stack trace

NCryptNative.EncryptData[T](SafeNCryptKeyHandle key, Byte[] data, T& paddingInfo, AsymmetricPaddingMode paddingMode, NCryptEncryptor`1 encryptor)

NCryptnative.EncryptDataPkcs1(SafeNCryptKeyHandle key, Byte[] data)

RSACng.Encrypt(Byte[] data, RSAEncryptionPadding padding)

Encrypt d__4.MoveNext()

I looked into NCryptNative.EncryptData, but did not really find what could be causing this

"file also provides d", but where do you set D in your example? — Hyarus, Aug 15 '18 at 12:45
I don't, but it is not necessary either way, should work fine with `n` and `e` — karolyzz, Aug 15 '18 at 12:46
I'm probably going to close this question as a dupe, as I've already answered it [here](https://stackoverflow.com/q/27474550/589259). Unless there is more information required on your part? — Maarten Bodewes, Aug 15 '18 at 13:51
Yup, just as I thought, my bad, you can close it as duplicate — karolyzz, Aug 15 '18 at 13:52
This question contains a helpful stacktrace and is specific to NIST test vectors. I don't mind if it was left closed as a duplicate; *no need to delete it*. — Maarten Bodewes, Aug 15 '18 at 13:58
Duplicates can still be valuable to the site if the question is stated differently (as this is) but turns out to be essentially the same question. Other programmers who encounter this problem may find your question as a close match and then have a quick path to the answer. — President James K. Polk, Aug 15 '18 at 17:27
@MaartenBodewes Not sure how this is a duplicate of exponent size. The problem here is mainly that these test vectors are for the RSA primitive (aka "raw RSA" or "textbook RSA") and .NET doesn't expose that. The input (`k` in the source) is the same number of hex characters as `n`, definitely not 11 bytes left over for PKCS1 padding. — bartonjs, Aug 16 '18 at 14:51
@bartonjs you are actually right, I shortened the message and the error is now gone. Wow, I tried different keys with smaller exponents (and obviously different `n` size) to test the previous hypothesis and since the error was gone as well, I simply assumed exponent was actually the cause. I wasn't even aware of the fact that the length of `k` can't exceed `n`. So it is really quite impossible to test these vectors, since, as you said, .NET doesn't offer "no padding" for `RSA` encryption. BTW ironically the padding mode did indeed turn out to be the problem — karolyzz, Aug 16 '18 at 15:08
Hmm, interesting. Does that mean that encryption with a large public exponent **is** possible now? Because that would mean changing the other answer as well. Note that the test reads: primitive **component**. It is therefore not very well suited to high level API testing. — Maarten Bodewes, Aug 16 '18 at 17:24
It works with RSACng, and with RSA.Create()’s opaque type on .NET Core. The code here was explicitly using RSACng — bartonjs, Aug 16 '18 at 18:37

RSA encryption: the parameter is incorrect

0 Answers0