search

usnistgov / ACVP-Server

A repository tracking releases of NIST's ACVP server. See www.github.com/usnistgov/ACVP for the protocol.
46 stars 16 forks source link

Error when requesting RSA 1536-bit modulus #221

Closed jvdsn closed 2 years ago

jvdsn commented 2 years ago

environment Demo

Algorithm registration

[
  {
    "acvVersion":"1.0"
  },
  {
    "isSample":false,
    "operation":"register",
    "certificateRequest":"no",
    "debugRequest":"yes",
    "production":"no",
    "encryptAtRest":"yes",
    "algorithms":[
      {
        "revision":"FIPS186-4",
        "algorithm":"RSA",
        "mode":"sigVer",
        "pubExpMode":"fixed",
        "fixedPubExp":"010001",
        "capabilities":[
          {
            "sigType":"pkcs1v1.5",
            "properties":[
              {
                "modulo":1024,
                "hashPair":[
                  {
                    "hashAlg":"SHA-1"
                  },
                  {
                    "hashAlg":"SHA2-224"
                  },
                  {
                    "hashAlg":"SHA2-256"
                  },
                  {
                    "hashAlg":"SHA2-384"
                  },
                  {
                    "hashAlg":"SHA2-512"
                  }
                ]
              },
              {
                "modulo":1536,
                "hashPair":[
                  {
                    "hashAlg":"SHA-1"
                  },
                  {
                    "hashAlg":"SHA2-224"
                  },
                  {
                    "hashAlg":"SHA2-256"
                  },
                  {
                    "hashAlg":"SHA2-384"
                  },
                  {
                    "hashAlg":"SHA2-512"
                  }
                ]
              },
              {
                "modulo":2048,
                "hashPair":[
                  {
                    "hashAlg":"SHA-1"
                  },
                  {
                    "hashAlg":"SHA2-224"
                  },
                  {
                    "hashAlg":"SHA2-256"
                  },
                  {
                    "hashAlg":"SHA2-384"
                  },
                  {
                    "hashAlg":"SHA2-512"
                  }
                ]
              },
              {
                "modulo":3072,
                "hashPair":[
                  {
                    "hashAlg":"SHA-1"
                  },
                  {
                    "hashAlg":"SHA2-224"
                  },
                  {
                    "hashAlg":"SHA2-256"
                  },
                  {
                    "hashAlg":"SHA2-384"
                  },
                  {
                    "hashAlg":"SHA2-512"
                  }
                ]
              }
            ]
          },
          {
            "sigType":"pss",
            "properties":[
              {
                "modulo":1024,
                "hashPair":[
                  {
                    "hashAlg":"SHA-1",
                    "saltLen":20
                  },
                  {
                    "hashAlg":"SHA2-224",
                    "saltLen":28
                  },
                  {
                    "hashAlg":"SHA2-256",
                    "saltLen":32
                  },
                  {
                    "hashAlg":"SHA2-384",
                    "saltLen":48
                  },
                  {
                    "hashAlg":"SHA2-512",
                    "saltLen":62
                  }
                ]
              },
              {
                "modulo":1536,
                "hashPair":[
                  {
                    "hashAlg":"SHA-1"
                  },
                  {
                    "hashAlg":"SHA2-224"
                  },
                  {
                    "hashAlg":"SHA2-256"
                  },
                  {
                    "hashAlg":"SHA2-384"
                  },
                  {
                    "hashAlg":"SHA2-512"
                  }
                ]
              },
              {
                "modulo":2048,
                "hashPair":[
                  {
                    "hashAlg":"SHA-1",
                    "saltLen":20
                  },
                  {
                    "hashAlg":"SHA2-224",
                    "saltLen":28
                  },
                  {
                    "hashAlg":"SHA2-256",
                    "saltLen":32
                  },
                  {
                    "hashAlg":"SHA2-384",
                    "saltLen":48
                  },
                  {
                    "hashAlg":"SHA2-512",
                    "saltLen":64
                  }
                ]
              },
              {
                "modulo":3072,
                "hashPair":[
                  {
                    "hashAlg":"SHA-1",
                    "saltLen":20
                  },
                  {
                    "hashAlg":"SHA2-224",
                    "saltLen":28
                  },
                  {
                    "hashAlg":"SHA2-256",
                    "saltLen":32
                  },
                  {
                    "hashAlg":"SHA2-384",
                    "saltLen":48
                  },
                  {
                    "hashAlg":"SHA2-512",
                    "saltLen":64
                  }
                ]
              }
            ]
          }
        ],
        "prereqVals":[
          {
            "algorithm":"SHA",
            "valValue":"same"
          },
          {
            "algorithm":"DRBG",
            "valValue":"same"
          }
        ]
      }
      ...
    ]
  }
]

Endpoint in which the error is experienced POST /testSessions

[
  {
    "acvVersion": "1.0"
  },
  {
    "error": "Validation error(s) on JSON payload.",
    "context": [
      "RSA-sigVer-FIPS186-4: Invalid Modulo supplied: 1536;Invalid Modulo supplied: 1536"
    ]
  }
]

Expected behavior The request gets registered correctly.

Additional context More context for this issue can be found in https://github.com/usnistgov/ACVP/issues/1299. Because the modulus size was removed and then re-added to the protocol specification, I assume it's now intended to be there and this is a server issue rather than a specification oversight.

livebe01 commented 2 years ago

Hi @jvdsn, per ACVP #1299, modulo 1536 was removed from the spec for FIPS186-4 RSA sigVer and remains absent. See here. The addition you referenced is for FIPS186-2.

jvdsn commented 2 years ago

Hi @livebe01, thank you for the clarification, I used FIPS186-2 sigVer and it seems that I was able to get the vectors. Apologies for the inconvenience.