Open prashantawde opened 1 year ago
@prashantawde I'll take a look at this and get back to you.
@prashantawde Thanks for making us aware of this bug. I've found the issue and resolved it. I am currently implementing other changes into this algo as a HOTFIX, and it will be released as a part of that. In the mean time, you can safely remove the added empty byte to continue with your testing. When the HOTFIX is released, I will respond here and let you know and close the thread. Thanks again!
@jbrock24 is there an ETA for the hotfix? Is removing the extra byte a valid technique for official runs with production vectors?
@ehanson12 It's currently set for review this week, the code is done and just needs last testing. It should be out shortly after that with the next patch. The extra byte removal will not need to be removed by the user after this update as I've fixed it. This algo isn't in production yet, and will not be for a bit of time after it's released to demo for testing. Once it's been used enough and we are confident it's working properly for the population, we will officially unlock it on Production.
Thanks for the updates @jbrock24
Thank You @jbrock24
environment Demo
testSessionId 376767
vsId 1527529
Algorithm registration [ { "acvVersion": "1.0" }, { "isSample": true, "algorithms": [ { "algorithm": "RSA", "mode": "decryptionPrimitive", "revision": "Sp800-56Br2", "keyFormat": [ "standard", "crt" ], "modulus": [ 2048, 3072, 4096 ] } ] } ]
Endpoint in which the error is experienced acvts.nist.gov:443
Expected behavior We have generated a set of test vectors from the ACVP server for the Demo environment and run them through our in-house harnesses to test the client's application. The majority of the "plaintext" generated by the client's application is as per the expected results. But we got a failure for a few test vectors. While observing closely we have seen the following finding,
Case 1: tcId 8, 18
"Expected plaintext" and "generated plaintext" is the same, the only difference is "Expected plaintext" is prepended with "00".
Here expected plaintext is "0095410A501C3F92059DAB8E293D5B021AAF2E5E61E649EFD4BA9665F8956BFBB2721C39B4A0496195C8D4BF70655D7020442A21E3198F677186C209C4F1596005CC53242AB4A6D43189C9A34A5F12DC940833A7D7A14C101731CA1C9CADEED7D9820F5EB38827F280F54A58DF3D9DF43E968142048704848151C786B7F08389EF38DBB09CB4EF84B514F1725D326D0C874806E3054755D0365C161B1E3BC7C691B9F24254C82EC030A86A3936C05A85C07A2D46D1EC01299CE4CC3301230F7D8BA0A5D0760E3B3FE2892187698C28DADAC15907406AEB0FAF55B0AB1F0E52BEF338FFD60A87A82C5E69EA9A74F594F90E338D5478207969191137270ED9AD8E2C"
and generate plaintext is "95410A501C3F92059DAB8E293D5B021AAF2E5E61E649EFD4BA9665F8956BFBB2721C39B4A0496195C8D4BF70655D7020442A21E3198F677186C209C4F1596005CC53242AB4A6D43189C9A34A5F12DC940833A7D7A14C101731CA1C9CADEED7D9820F5EB38827F280F54A58DF3D9DF43E968142048704848151C786B7F08389EF38DBB09CB4EF84B514F1725D326D0C874806E3054755D0365C161B1E3BC7C691B9F24254C82EC030A86A3936C05A85C07A2D46D1EC01299CE4CC3301230F7D8BA0A5D0760E3B3FE2892187698C28DADAC15907406AEB0FAF55B0AB1F0E52BEF338FFD60A87A82C5E69EA9A74F594F90E338D5478207969191137270ED9AD8E2C"
"Expected plaintext" is prepended by "00", it seems two additional bytes were added here, it also results in the total length of the "Expected plaintext" to "4112" bits, which is not aligned with the requirement of "4096" bits. however, "generated plaintext" is having "4096" bits length.
Case 2: tcId 6, 7
Here we are suspecting the length of the input value "d" which turns out to be "4080" instead of "4096", which results in wrong and different plaintext generation while running it through the client's application.
{ "tcId": 6, "ct": "94B8E39B6A4695DECFC11A858F51D301FC12155834B476326ED26866179462F196A51F40A9923B218E21220222B5EFE7EFE9500D69FEA6B3F88C2DA6682400F1C43C3B7F38C3EA4C1F7F56DA686FBE9C78D08A1885262DD125580394DF5BA0E5FC8A71E15168B77A01D63497CFCB0CFB200D010809FD7B361D8DE8F03DEC22541626A6746ADFA97AD99416015D4B5E0D49408002AFB70BA3FFDCC0FBE2900E17D791E32ED9553CA00FB1C014A17B13DE88CA814B04FAE5F9557FCAA780B82B99A9B77C702AE6D7CA8C84FC94B16023CA8441B30D2AB7CF53010D14B120C8250C457175C445971F3CD7AC02D34EE7076930EB6FA5C5710B1E7CC1074A22AF778F", "p": "FB567CA4DA04AAAD7E4741BACC61C03810B817DCC4E9A5D4102E3931A2B9D6727662B4809E2649BFD2C8E37BB21BEC8CC2928307C14A0DAFD71ACA23C37C7562C2F3D6B9ED83CA93C0D826D2997CEFDB51FCAE181C99664D1BA20469BA0997F89B7CF7A1F63E8970AA9FA027972952DB83842C5B7510DEB995CDF777F3753361", "q": "FF06A24AEC604F0D5EB7E761B70DA3E0F7451F949C86594065C0704B1895BBCBBF38FF246E41B993AE8226C6E8FB5FBF005B05E53E2EF2FF2B108BA5F4FD90847ECF5C16CDA43CFD2B5DC28F858450F1656549A91A399B1C4FCDC9AA3EE4F17111AB4B39ECC42449051F1FD94A42CCF4BACA89E56FA130C90848DBF2EE411D4B", "d": "7A75688D24D287D91EF62683EE124D62DE5334B82EC1483CFCE3021B588F29ECFA07257A7DA0FB57F0930FD4A77A664DBA93A4DA425871AC8E4E192A13157F7D73961A857F286FA754F01946B0A6EF5D19CF5FEC922E9B9C5C0E445C4F31D00EDEF52A7E8F86FD5DA5BE4F80849B5079FD4D47DA4D02743797AF0E31736E23E47187FD231A902D8849BD645021E1301A5CE78B82512DD48914785B6ECCFE0A75A7C25E3FF45CA55099627AF852710CDC8C014CD8E83DA74C2D8EE8939839EFD88194009620D5998AEA7E8F92AF4DB26E28CADBD26DA4FA11349D4B005F8B43DE37FEE94553A22FEA1E005802FAFEB37A0BB1B8E5D93B8410C42742E57C8427" },
both "d" values turn out to be "4080" bits in length.
Vector with proper results:
{ "tcId": 5, "ct": "19397BD9A0A0ACF4F74F3B68E0E26FB073649FC1CDDB846198C8B9CAB3A6FB2C57AC94782BB6D2174EBC2AFC4FD732D8F752588CAC6DADADB2A68F72B7FBB1214B8B4013BA6702CBF04C2F7A893708273B71C564C847B897BF4FE02E82C3637E36B33457FF6E49BDB620D465056DFC92D511351B79E7D57FE340810424B9ECC4B134E786C9DD39718D3E4C9DC79CD8415305E86E8815B31E3AFE3539DFD6FC03BE9B01DDAE5098BE7FBD312C06107D197960DB21BDAB60B21296D7629CB92EBE6A52AE45B552A22E26A519E9C8C5B41160D2F20E9567556CE1B630507FBE6399A6F9F2BA21DEEB6C6F70881317426943E656200052D5B75D0DD023A1BE119FAF", "p": "EC383EFA7587352086D68674647D10F90F8907D33D53AC213D66BEC436FD2585B274FE74E0FDD6933C79442BCF65C72AE281228E47094FEBAC1FF84B1A719ACA0256DA2CA8F27B32174FDC8C3F594035B1D936D0C727DB8CA0A7675B2FEDE219068384109A79041852EAB52395EF92137A2739FD8BA04D876774A5AD0BCD1DCD", "q": "D894EDFEE958D7EFDC0E570C89E0B68616CCC1ADC9F4BD63104E2F9D985FAAFC282C59D39E1240431998134452FC69ED14F4E7B2AC00A132678B112A9BF088EF53AA08F2CECB7BFD7E6EAE6B2624EF2278CB8E204FFEA6311F289E1A10BFB1C7043A69421EE1B8A21536B05332C15A06A521E94DB88C29BCEC27D4866D91342F", "d": "1CC668EB6BB9E27B4FED22D83534353A54686DF60BB1C9A169736E38EFDEF74EB7AC3F98DBF9725B4F5C7AE42982DA1140DAE25DF00695F1F3FBB7A1C2B41E75B055AB2106BFC3CA4697FFD1F26C490EAC1CD71AD75D22A95AE2274654CBC0A93ADB1465F6A7BAE0EA459714625CAFEEADD747DA6BA6DE281D9FEDBE3D94A7481FC95214F14BBAAB6CF1AE64586A6EDE6D093EB39D3954B146A8C60A761717E176DDAA640D08BA28C27303100A1C0A72F748047B7D59D1ADC110B084BF0C7B57B1B6292BBFA0782188E554CB3730E359A1CCA94ACFB9E1FD2B8ADB3342541BEF38A15348C40A4C7335A53072DF8DFEBBC05D803593DBCB6785B379346A270BD5" },
Here "d" value turns out to be "4096" bits in length.
your guidance will be helpful here, to use any workaround or to fix this problem.
Additional context Referred documentation: https://pages.nist.gov/ACVP/draft-celi-acvp-rsa.html