[Cryptech Tech] Specifications and test vectors for RSA

Rob Austein sra at hactrn.net
Sun Dec 7 08:42:02 UTC 2014


At Sun, 07 Dec 2014 16:48:33 +1300, Peter Gutmann wrote:
> 
> RFC 2313 is a much clearer reference

Indeed.

> PKCS #1 v1.5.  OAEP and PSS (and any other schemes) are pretty much
> irrelevant, I've only ever had one use of OAEP in my code and that was for
> Windows Vista DRM (and HDCP).  Since it's unlikely that the Cryptech product
> will be used for Windows DRM, there's no need to support OAEP.

Thanks.  This is consistent with what I've seen in the wild, but I
prefer to ask the experts when I have some available.

> >Also, Joachim sends a plea for test vectors, which he has not been able to
> >find.   Given the part of RSA that he thinks he's doing, this means: please
> >supply sample input to the RSA process with padding already done, along with
> >the corresponding expected output for a supplied RSA keypair.
> 
> If you're using cryptlib as the HAL, you can just run the software
> implemetation alongside the hardware.  Break in the debugger at whatever point
> you like, look at the values, feed in any data you need to...

We'll probably do that kind of testing eventually too, but I think
Joachim's initial need is for test data he can use in a Verilog
testbench running under something like the Icarus Verilog interpreter,
because that lets him isolate behavior of the RSA crypto core from
behavior of the larger system (such as timing issues related to a
particular board or I/O bus, to pick a topical example).


More information about the Tech mailing list