-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RSA/sigGen expected results contain the OID of the SHA2 algorithm instead of SHA3 #256
Comments
Thanks @szendros. Btw, same issue with RSA sigVer. We'll get this fixed |
The fix for this is now on Demo in release v1.1.0.29. |
I tried RSA/sigGen after the fix, and we stil have a problem for SHA3 signatures. the length of the sequence that contains the OID seems to be off by 2 bytes we think it should be: OpenSSL parser also throws an error: This problem can be encountered only for SHA3 OIDs it is all right for SHA2 OIDs. Can you please confirm if this error is on the ACVP side? |
@sandor-szendro-i4p I'm looking into this. |
OK, I see the error and have fixed it, sorry about that. It will be out with the next HOTFIX ASAP. |
@jbrock24 Thank you |
The fix for this is on Demo with release v1.1.0.29-hotfix-1 |
Thanks, it's working. |
The fix for this is on Prod in release v1.1.0.29-hotfix-1. |
environment
Demo
testSessionId
384995
vsId
1563841
Algorithm registration
Endpoint in which the error is experienced
https://demo.acvts.nist.gov/acvp/v1/testSessions GET
Expected behavior
For RSA/sigGen where the digest was SHA3 and sigType: pkcs1v1.5
the expected results returned by ACVP server contained a DigestInfo structure with the OID of the SHA2 algorithm (not the SHA3 algorithm as expected)
Additional context
For example:
Expected result:
"tcId": 37, "signature": "710E8AE0047954FA798E74F020F952142F8291D355E35DB8350946C6DE556046659074A54E25F79BC34B5E8B8B612F0C060F8D0A3780541BDF3BF50313B3CEABFA5B1D017DB5B9066FD2FABEC50B7AB643049EDD09C590B61CBBAE261ACBE64BB6EC13C40545D44C68520B5BFFFC4C9558DBC4E2F5EB89AFCB29077E24C812CA77EE4B8FC39654B4EA4E7B0886CF51243C3E082F038EC3C6375BF37BB7B4C9EE6BC9A11B5AB74741DEACCBC32F1739069CC58F0C0A114637579934E77148A2B1111330A443B4B950BC9290E338AB80A0832071FB3DB52049707900A89ABAC151A8284632D9FC6038054C08974D16E3B18D5B83923BDE122855AA971C10E5D6F80A9C2AF052B9C19A844D0C516287FE70F4F88B0D76B81A0A3EAE6118D99A67E215A153ECC91CFD8F56FDD64E33003BE5EF9898E2A8BE79207F4710E22BB7F76C9016E8297993192DAC879DBCFA7EF724147E91A021298C2C7A11620D2A0D204448B967F00E861C077E1326849B2481BC1D39C92B5D555811058EB80C9A68E27C" },
The request testvector for tcId: 37 has "hashAlg": "SHA3-256",
In the decoded DigestInfo structure the ASN.1 structure:
OID 2.16.840.1.101.3.4.2.1 is the OID of SHA2-256, which is expected to be 2.16.840.1.101.3.4.2.8 (SHA3-256)
The text was updated successfully, but these errors were encountered: