Ability to specify size of exponent for random tests in RSA SigVer

[sim-nvidia]

I have an implementation with a limited number of bits for the exponent field for RSA SigVer.
For now, I am specifying fixed values for the exponent but it would be great if the exponent field could be a domain that can be specified so I can have more flexibility and test cases.

[livebe01]

Thanks @sim-nvidia. How many bits does your implementation allow for the exponent?

[sim-nvidia]

The implementation can handle up to 32 bits.

[celic]

This is likely not something we will support on the server. We try to avoid capabilities that disrupt or impact FIPS validations. For RSA SigGen, it is not well defined in the standard how to handle public keys that are not valid for a specific implementation. We wouldn't want people to interpret the ability to specify various e sizes as an implicit encouragement for general implementations. It is understandable in specific instances where you know the key is coming from a specific source. I recognize there's a chance that our 64-bit e values are the most that implementations could handle, the same way your implementation uses a 32-bit e.

See https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/oracle/src/NIST.CVP.ACVTS.Libraries.Crypto.Oracle/Oracle.Rsa.cs#L23 where we define the minimum and maximum bitlength for e.

We can generate test vectors for you or show you where to make modifications to create your own. Feel free to provide an RSA SigVer registration.json file.