RSA OAEP decryption error for KTS basic vector

mbwang commented 3 years ago

Hi,

I'm testing out the KTS IFC implementation and received the following error with the following test case. I got the test case manually from ACVP server and tested on fedora 29's openssl.

Error message

ACVPParser (18:34:13) Error: RSA OAEP decryption failed error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
ACVPParser (18:34:13) Error: Test execution failed
ACVPParser( 18:34:13) Parsing processdata failed

Test case

[
  {
    "acvVersion": "1.0"
  },  
  {
    "testGroups": [
      {
        "tests": [
          {
            "iutN": "8E145689BF9E9D97C9955815B2B9AB4D20041CDB9D8796993BEB5DD338B70B0FD95DD5C1723233B1908FE53A56F4F00D1242EB608CE772CBEEAB54F0C3FDA626841B4274C2C89FA7A9CD9EE4AC34FE043200517F6E0123F66A1643D974173C4CBD0FC785784A0CF27270819937E69246FD060FCADC4B140C11CFBECED6BB8483B1C70217BEB5DD23E68E0035E0E45F61E8A3325C9EB5C7D133FEE36C0C28DF3B66AFDF95B5D2049B85B65B738798D44B35623E717DC51764A42154F157230ABDB40E92BA0FC5FF2DD3CE23F4D651C5FD3C45B2ED7AF62340094CA5B48A0B79C8DA5CF78B2700AF5794F1D8F4DA5C101C8375E0C9430DA5C94559DEB2E9E0DD95",
            "serverC": "6D3B92640E8E8D2EB35BE81729716F5F9A2F8503CB7F3C79F387BE4613E58D3C5D274BC0EB782CDBF3C42F779E19607D9245EB540F9C296004618A70F0A4AA6724930BF1ADE6E948D788EA6D55EB7C62DEAA102E9F1D253B23F4FCF1CCC2EEA6A6B77ABF7713F202019B1E627EA9BA5EA7C3ECFEAC207EA8A63DED3F5B62B7805D684DE8FB3B0E1EB67AAC024BED6E9F49667D9D674C51336CCDD2BE5804AF9D6E88162FA1C71F882DE422BE437DD55EACBD32113601CC8D82FC78A44F74EFA20888226D8A1A39AECCF0883635CA8CFAA687C822E69905059A8AD430006D5EA953874D532B08DC54E28C863806230E69862CF7F56B29F4DFA0F80A753A53BBA8",
            "iutD": "194F2C1DDAC950F074F9464EF35FDB156FC8E462ACB323AD3816C986E85F604BF89B8911B35681F49AC08FDBC205B2F42E2FA93260B8A7F13C2FAEA9EBAC0A61303CCFD7892C6AC18A417D3347AE7D9D6962356BD3D1659BFA37DEC4F362A7D125D8A51745F0FA07A2442D30C12EA34586CA12E64CD4D627AC5BA3B7940396EB215ECC9830BD48C69A919D82EB34FF09ABA071391D3134ACCF5A421ED4C232E4E1AB55DE15A7C9FCFD4218DF7B2C6C44441D8A4960A9E7E226AFF34CD5C8FB77A4C83CF4501267040EBF6160DF08D8CBABF198365B778060C4394AAD8532BB5E93D9481A4DD289AE0E524CD9CB1B5279365335A93291D4B0628D2BFDF0A7F3E7",
            "iutE": "CFE9FA34CAB96F",
            "tcId": 11,
            "iutP": "BF3B6ACAB79735C67408C9C083358A940B70E31613EDB3CCD9BCBC70E47288C2C3F1B14AEEF7D996CBA32FFAEC4426FA0A690700D24EF7718659C1902E006AA402B605A92F95FE1371B5650B5E3A259A4DEB714E168A78C89BE1DFEC0A4A4C30AE8E3411DF73E57BB81E8B4A1792536645CBDB7B31183236C8E41D1510B631FD",
            "iutQ": "BE3330C8A40872723E957A0528203104A5BD52F0C806E20FBDA66C7FAD81D602B73CFD045E6181B0FBA6D846C38F23A9481881854C213FBC388F2925B86E1817DB3E954BCA791C26429F1208C21B9FE7CB25EDC598B1414C88C77E7B88C34F0DAE9B616376EECE36DD1A368D6DC883B60AB2E9087BC6B23DA20B3A99B0FA4179"
          },
        ],
        "modulo": 2048,
        "keyConfirmationDirection": "",
        "tgId": 2,
        "macConfiguration": {
          "keyLen": 128,
          "macLen": 128,
          "macType": "HMAC-SHA2-256"
        },

        "l": 512,
        "kasRole": "responder",
        "keyGenerationMethod": "rsakpg2-basic",
        "iutId": "CAFECAFE",
        "ktsConfiguration": {
          "encoding": "concatenation",
          "hashAlg": "SHA2-224",
          "associatedDataPattern": "l||uPartyInfo||vPartyInfo"
        },
        "scheme": "KTS-OAEP-basic",
        "testType": "AFT",
        "serverId": "434156536964",
        "keyConfirmationRole": ""
      }
    ],
    "algorithm": "KTS-IFC",
    "isSample": false,
    "vsId": 123456,
    "revision": "Sp800-56Br2"
  }
]

Thanks, Michelle

smuellerDD commented 3 years ago

Am Dienstag, dem 16.03.2021 um 16:19 -0700 schrieb mbwang:

Hi,

I'm testing out the KTS IFC implementation and received the following error with the following test case. I got the test case manually from ACVP server and tested on fedora 29's openssl.

Error message
ACVPParser (18:34:13) Error: RSA OAEP decryption failed error:04099079:rsa
routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
ACVPParser (18:34:13) Error: Test execution failed
ACVPParser( 18:34:13) Parsing processdata failed

I can confirm that I see that error with your test vector.

The test case looks a bit different than what I tested and which worked. I tried to re-test it but the server seems to be slow.

Here is the cipher request I send to the server

[
  {
    "acvVersion":"1.0"
  },
  {
    "isSample":false,
    "operation":"register",
    "certificateRequest":"no",
    "debugRequest":"yes",
    "production":"no",
    "encryptAtRest":"yes",
    "algorithms":[
      {
        "prereqVals":[
          {
            "algorithm":"SHA",
            "valValue":"same"
          },
          {
            "algorithm":"DRBG",
            "valValue":"same"
          }
        ],
        "algorithm":"KTS-IFC",
        "revision":"Sp800-56Br2",
        "function":[
          "partialVal"
        ],
        "iutId":"0123456789abcdef",
        "keyGenerationMethods":[
          "rsakpg1-basic"
        ],
        "modulo":[
          2048,
          3072,
          4096,
          6144,
          8192
        ],
        "fixedPubExp":"010001",
        "scheme":{
          "KTS-OAEP-basic":{
            "kasRole":[
              "initiator",
              "responder"
            ],
            "ktsMethod":{
              "hashAlgs":[
                "SHA2-224",
                "SHA2-256",
                "SHA2-384",
                "SHA2-512",
                "SHA3-224",
                "SHA3-256",
                "SHA3-384",
                "SHA3-512"
              ],
              "supportsNullAssociatedData":true,
              "fixedInfoPattern":"uPartyInfo||vPartyInfo",
              "encoding":[
                "concatenation"
              ]
            },
            "l":768
          }
        }
      }
    ]
  }
]

smuellerDD commented 3 years ago

confirmed - with the request given above, it works

mbwang commented 3 years ago

Thanks, that request worked for me too. The request I was using also had associatedDataPattern, which I think is causing the issue. Here is the request:

[
  {
    "acvVersion":"1.0"
  },
  {
    "isSample":false,
    "operation":"register",
    "certificateRequest":"no",
    "debugRequest":"yes",
    "production":"no",
    "encryptAtRest":"yes",
    "algorithms":[
      {
        "prereqVals":[
          {
            "algorithm":"SHA",
            "valValue":"same"
          },
          {
            "algorithm":"DRBG",
            "valValue":"same"
          }
        ],
        "algorithm":"KTS-IFC",
        "revision":"Sp800-56Br2",
        "function":[
          "partialVal"
        ],
        "iutId":"0123456789abcdef",
        "keyGenerationMethods":[
          "rsakpg1-basic"
        ],
        "modulo":[
          2048
        ],
        "fixedPubExp":"010001",
        "scheme":{
          "KTS-OAEP-basic":{
            "kasRole":[
              "initiator",
              "responder"
            ],
            "ktsMethod":{
              "hashAlgs":[
                "SHA2-224"
              ],
              "supportsNullAssociatedData":true,
              "associatedDataPattern":"uPartyInfo||vPartyInfo",
              "encoding":[
                "concatenation"
              ]
            },
            "l":768
          }
        }
      }
    ]
  }
]

smuellerDD commented 3 years ago

Am Montag, dem 22.03.2021 um 14:51 -0700 schrieb mbwang:

Thanks, that request worked for me too. The request I was using also had associatedDataPattern, which I think is causing the issue. Here is the request:

Thanks for the update. But I hope with the request that does work, you should be able to obtain an OAEP certificate - at least we obtained such certs and used those for FIPS validations.

Ciao Stephan

mbwang commented 3 years ago

Sounds good to me, thanks Stephan.

smuellerDD / acvpparser

RSA OAEP decryption error for KTS basic vector #10