Skip to content

Change CrlBuilderTests to use a static RSA key with better support. #114804

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 19, 2025
Merged

Change CrlBuilderTests to use a static RSA key with better support. #114804

merged 1 commit into from
Apr 19, 2025
+142 −161

Conversation

@bartonjs
Copy link
Member

Change from using the "big exponent" key to some other key (which uses the normal exponent of F5), as not all versions of Android like big exponent keys.

Fixes #114772.

@bartonjs bartonjs added this to the 10.0.0 milestone Apr 17, 2025
@bartonjs bartonjs self-assigned this Apr 17, 2025
@Copilot Copilot AI review requested due to automatic review settings April 17, 2025 20:06
Copilot
Copilot AI reviewed Apr 17, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the CrlBuilderTests to use a static RSA key with the common F5 exponent rather than the previously used big exponent key, addressing compatibility issues on some Android versions.

  • Updated expected hex output values throughout the tests to match the new RSA key.
  • Replaced the creation of RSA using TestData.RsaBigExponentParams with RSA.Create() followed by ImportFromPem(TestData.RsaPkcs8Key).
  • Adjusted various expected byte arrays in test methods to reflect the new signature outputs.
Comments suppressed due to low confidence (3)

src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs:1478

  • The RSA key creation was updated to use RSA.Create() followed by ImportFromPem(TestData.RsaPkcs8Key). Please ensure that TestData.RsaPkcs8Key is accurate and maintained alongside the updated expected outputs; consider adding an inline comment explaining the rationale for this change.
RSA rsa = RSA.Create(TestData.RsaBigExponentParams);

src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs:623

  • Verify that the updated expected hex string reflects the correct output produced by the new RSA key and exponent F5; double-check that these values have been regenerated consistently.
"308201CA3081B3020101300D06092A864886F70D01010B05003025312330210603550403131A427...".HexToByteArray();

src/libraries/System.Security.Cryptography/tests/X509Certificates/CertificateCreation/CrlBuilderTests.cs:1158

  • Ensure that the updated expected byte arrays for the CRL output fully cover all test scenarios after switching to the static RSA key; review the generated values for consistency with security expectations.
byte[] expected = ( ... ).HexToByteArray();

@dotnet-policy-service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-security, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

@bartonjs
Copy link
Member Author

/azp run runtime-libraries-mono outerloop

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

This was referenced Apr 18, 2025
Open
Open
Open
Closed
Closed
@bartonjs bartonjs added the test-enhancement Improvements of test source code label Apr 19, 2025
@bartonjs
Copy link
Member Author

/ba-g None of the failing tests are the tests that were changed.

@bartonjs bartonjs merged commit ac8e79a into dotnet:main Apr 19, 2025
77 of 92 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators May 19, 2025
@bartonjs bartonjs deleted the crlbuilder_rsakey branch August 14, 2025 20:55
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@vcsjones vcsjones vcsjones approved these changes

Assignees

@bartonjs bartonjs

Labels

area-System.Security test-enhancement Improvements of test source code

Projects

None yet

Milestone

10.0.0

Development

Successfully merging this pull request may close these issues.

[Android] System.Security.Cryptography.Tests RSA signature validation failures

2 participants

@bartonjs @vcsjones