[Cryptech Tech] Specifications and test vectors for RSA

Russ Housley housley at vigilsec.com
Fri Dec 5 17:17:29 UTC 2014


On Dec 5, 2014, at 6:15 AM, Rob Austein wrote:

> Joachim is starting to look at implementing RSA.  Current theory is
> that the Verilog (blue) will just do the basic RSA transformation: key
> generation and padding will be handled in software (green).
> 
> Some questions for people with more clue here than I:
> 
> * Do we want RFC 2437 (PKCS #1 2.0) or RFC 3447 (PKCS #1 2.1)?
>  Some references from other specifications point at one, some point
>  at the other, much of this is just due to relative ages of the specs
>  but it's not immediately obvious that everything tracked.

The immediate need is for v1.5.  The OAEP and PSS stuff was added in the later versions, but has seen very little actual use.  I wish these would take off, but they have not yet.

> 
> * Did the wire representation of the PKCS1-v1_5 encoding algorithm
>  change between these two specifications?  It looks like there's
>  leading zero octet in 2.1 that's not present in 2.0, but maybe I'm
>  reading it wrong?

There should not be a change in the v1.5 stuff.

> 
> * Which encoding algorithms do we need to support for DNSSEC and RPKI?
>  DNSSEC seems fairly clear about PKCS1-v1_5, modulo the leading-zero
>  question above.  RPKI doesn't nail this down quite so tightly; as a
>  practical matter I think what's in use is PKCS1-v1_5, but that's not
>  quite the same thing.

As above, we need v1.5.

> 
> Also, Joachim sends a plea for test vectors, which he has not been
> able to find.   Given the part of RSA that he thinks he's doing, this
> means: please supply sample input to the RSA process with padding
> already done, along with the corresponding expected output for a
> supplied RSA keypair.   Plan is to collect a few of these, put them up
> for scrutiny to make sure we believe that they're correct, then use
> them as test vectors for the Verilog code.

I think there are test vectors at NIST related to the FIPS 140 program.  I have not looked in a really long time.

Russ



More information about the Tech mailing list