LinuxLists.cc - [PATCH] crypto: testmgr - Fix wrong test case of RSA

2021-11-05 12:46:24

Subject: [PATCH] crypto: testmgr - Fix wrong test case of RSA

According to the BER encoding rules, integer value should be encoded
as two's complement, and if the highest bit of a positive integer
is 1, should add a leading zero-octet.

The kernel's built-in RSA algorithm cannot recognize negative numbers
when parsing keys, so it can pass this test case.

Export the key to file and run the following command to verify the
fix result:

openssl asn1parse -inform DER -in /path/to/key/file

Signed-off-by: Lei He <[email protected]>
---
crypto/testmgr.h | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/testmgr.h b/crypto/testmgr.h
index 779720bf9364..a253d66ba1c1 100644
--- a/crypto/testmgr.h
+++ b/crypto/testmgr.h
@@ -257,9 +257,9 @@ static const struct akcipher_testvec rsa_tv_template[] = {
}, {
#endif
.key =
- "\x30\x82\x02\x1F" /* sequence of 543 bytes */
+ "\x30\x82\x02\x20" /* sequence of 544 bytes */
"\x02\x01\x01" /* version - integer of 1 byte */
- "\x02\x82\x01\x00" /* modulus - integer of 256 bytes */
+ "\x02\x82\x01\x01\x00" /* modulus - integer of 256 bytes */
"\xDB\x10\x1A\xC2\xA3\xF1\xDC\xFF\x13\x6B\xED\x44\xDF\xF0\x02\x6D"
"\x13\xC7\x88\xDA\x70\x6B\x54\xF1\xE8\x27\xDC\xC3\x0F\x99\x6A\xFA"
"\xC6\x67\xFF\x1D\x1E\x3C\x1D\xC1\xB5\x5F\x6C\xC0\xB2\x07\x3A\x6D"
@@ -299,7 +299,7 @@ static const struct akcipher_testvec rsa_tv_template[] = {
"\x02\x01\x00" /* exponent1 - integer of 1 byte */
"\x02\x01\x00" /* exponent2 - integer of 1 byte */
"\x02\x01\x00", /* coefficient - integer of 1 byte */
- .key_len = 547,
+ .key_len = 548,
.m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a",
.c =
"\xb2\x97\x76\xb4\xae\x3e\x38\x3c\x7e\x64\x1f\xcc\xa2\x7f\xf6\xbe"
--
2.11.0

2021-11-20 04:30:55

by Herbert Xu

[permalink] [raw]

Subject: Re: [PATCH] crypto: testmgr - Fix wrong test case of RSA

On Fri, Nov 05, 2021 at 08:25:31PM +0800, Lei He wrote:
> According to the BER encoding rules, integer value should be encoded
> as two's complement, and if the highest bit of a positive integer
> is 1, should add a leading zero-octet.
>
> The kernel's built-in RSA algorithm cannot recognize negative numbers
> when parsing keys, so it can pass this test case.
>
> Export the key to file and run the following command to verify the
> fix result:
>
> openssl asn1parse -inform DER -in /path/to/key/file
>
> Signed-off-by: Lei He <[email protected]>
> ---
> crypto/testmgr.h | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)

Patch applied. Thanks.
--
Email: Herbert Xu <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt