On 04/02/2012 03:28 PM, Tamir Khason via RT wrote: > Hello, Erwann > This is not related to .NET. Integer is not only value, but also size. > Both exponents and its coefficients should be the same length > (according RSA definition, both integers) so those numbers should be > serialized into ASN1_INTEGER. In for some reason, you want to have > integer with different size (for me it's wrong, but it might be your > decision because of size optimization), you should use variouse size > serialization. > > This is what is this bug about.
The is no logic in openssl INTEGER encoding that trims
'trailing' octets? Are you talking abut "leading" octets?
The 'high values'?
There is no question of optimisation. Thus, integers have
different sizes in encoding.
BER and DER encoding of integers is done in 2complement with
a minimal number ot octets, i.e. you cannot have either 9 zor
or 1s at the high order.
See the layman rsa asn.1 guid for some simple examples using
small integers, the length fields for RSA moduli are normally 82 (today)
indicating >1024 bits = 128 octets.
*BER encoding.* Primitive. Contents octets give the value of the
integer, base 256, in two's complement form, most significant digit
first, with the minimum number of octets. The value 0 is encoded as a
single 00 octet.
Some example BER encodings (which also happen to be DER encodings) are
given in Table 3.
Integer
value BER encoding
0 02 01 00
127 02 01 7F
128 02 02 00 80
256 02 02 01 00
-128 02 01 80
-129 02 02 FF 7F
Table 3. Example BER encodings of INTEGER values.
*DER encoding.* Primitive. Contents octets are as for a primitive BER
encoding.
On 04/02/2012 03:28 PM, Tamir Khason via RT wrote:
Hello, Erwann This is not related to .NET. Integer is not only value, but also size. Both exponents and its coefficients should be the same length (according RSA definition, both integers) so those numbers should be serialized into ASN1_INTEGER. In for some reason, you want to have integer with different size (for me it's wrong, but it might be your decision because of size optimization), you should use variouse size serialization. This is what is this bug about. The is no logic in openssl INTEGER encoding that trims 'trailing' octets? Are you talking abut "leading" octets? The 'high values'? There is no question of optimisation. Thus, integers have different sizes in encoding. BER and DER encoding of integers is done in 2complement with a minimal number ot octets, i.e. you cannot have either 9 zor or 1s at the high order. See the layman rsa asn.1 guid for some simple examples using small integers, the length fields for RSA moduli are normally 82 (today) indicating >1024 bits = 128 octets. BER encoding. Primitive. Contents octets give the value of the integer, base 256, in two's complement form, most significant digit first, with the minimum number of octets. The value 0 is encoded as a single 00 octet. Some example BER encodings (which also happen to be DER encodings) are given in Table 3.
DER encoding. Primitive. Contents octets are as for a primitive BER encoding. |
