search

usnistgov / ACVP-Server

A repository tracking releases of NIST's ACVP server. See www.github.com/usnistgov/ACVP for the protocol.
39 stars 14 forks source link

RSA Decryption Primitive sp800-56Br2 Standard/CRT Calculations, Issue with inconsistency across the vectors between public exponent "e" and private exponent "d". #265

Open prashantawde opened 1 year ago

prashantawde commented 1 year ago

environment Demo, Prod

testSessionId Demo: 410717, Prod: 21355

vsId Demo: 1678302, Prod: 1678302

Algorithm registration [ { "acvVersion": "1.0" }, { "isSample": false, "algorithms": [ { "algorithm": "RSA", "mode": "decryptionPrimitive", "revision": "Sp800-56Br2", "keyFormat": [ "standard", "crt" ], "modulus": [ 2048, 3072, 4096 ] } ] } ]

Endpoint in which the error is experienced acvts.nist.gov:443

Expected behavior Consistent private exponent "d" and public exponent "e" should be part of test vectors.

Related Issues https://github.com/usnistgov/ACVP/issues/1408 https://github.com/usnistgov/ACVP/issues/1409 https://github.com/usnistgov/ACVP-Server/issues/250

Additional context I have previously raised issues regarding RSA Decryption Primitive sp800-56Br2 Standard/CRT Calculations, mentioned ticket details above.

After fixing these issues, I generated a new set of vectors from the ACVP Demo and Prod server, I have run them through in-house harnesses to test the client's application and retrieved the results (plaintext) from the client's application. When I have validated the results on ACVP Server, I am getting the proper Passed results and expected output.

But just to cross-check whether everything is in place and whether I am getting proper vector values or not. I have decided to match the public exponent "e" getting from the ACVP server, and public exponent "e" calculated using the client's given workaround (this workaround I am using when I am not getting public exponent "e" from the ACVP server, mentioned in https://github.com/usnistgov/ACVP/issues/1409 ticket), I have started getting different value between them for most of the vectors (the difference is inconsistent across the vectors, sometimes they match, sometimes not).

To troubleshoot more on this, I have checked whether we are getting the right private exponent "d" and public exponent "e" combinations, I have internally calculated the private exponent "d" using public exponent "e" using the following modular multiplicative inverse formula and compare them with ACVP generated private exponent "d".

d = e^-1 mod ((p-1)(q-1))

but they are not matching and are inconsistent across the vectors. Please find some screenshots to validate my claim.

Matching private exponent from ACVP Server: image

Not matching private exponent from ACVP Server: image

this observation is constant across the different sets of vectors (from both Demo and Prod server), seeking your attention to check whether anything is missing.

jbrock24 commented 1 year ago

@prashantawde Thanks, I am looking into this.

jbrock24 commented 7 months ago

Hi @prashantawde Sorry for the delay here, but RSADP sp800-56Br2 has went through quite a lot of changes over the last few months. Can you please verify if your issue still exists, if not, can this be closed? Thanks!