search

aws / aws-lc

AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project.
Other
398 stars 118 forks source link

Wire-up ACVP Testing for SHA3 Signatures with RSA #1805

Closed skmcgrail closed 2 months ago

skmcgrail commented 2 months ago

Description of changes:

Enables ACVP testing of SHA3 signatures with RSA for PKCS#1.5 signatures and PSS signatures.

How are new algorithms added to kPKCS1SigPrefixes?

This is my outline of how I generated the prefixes for additional algorithms:

For each algorithm:

  1. Generate an arbitrary digest using the digest algorithm

    $ echo -n "" | openssl sha3-256
SHA3-256(stdin)= a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

  2. Make a file with the ASN.1 definition and content, being sure to set id to the correct algorithm OID name, and digest to the arbitrary digest from step 1.

    
$ cat > ~/encoding.txt <<EOF
asn1 = SEQUENCE:info

[info] alg = SEQUENCE:alg digest = FORMAT:HEX,OCT:a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a

[alg] id = OID:SHA3-256 param = NULL

EOF


3. Generate the output DER using the definition defined in step 4

$ openssl asn1parse -genconf ~/encoding.txt -out ~/encoding.der


4. Output the DER encoding in hex format suitable for C

$ xxd -i < ~/encoding.der 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08, 0x05, 0x00, 0x04, 0x20, 0xa7, 0xff, 0xc6, 0xf8, 0xbf, 0x1e, 0xd7, 0x66, 0x51, 0xc1, 0x47, 0x56, 0xa0, 0x61, 0xd6, 0x62, 0xf5, 0x80, 0xff, 0x4d, 0xe4, 0x3b, 0x49, 0xfa, 0x82, 0xd8, 0x0a, 0x4b, 0x80, 0xf8, 0x43, 0x4a


5. Finally, strip out off the bytes from the end that are the digest hash produced in step 1 and used in step 2. This is your final prefix bytes to use with `kPKCS1SigPrefixes`.

0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08, 0x05, 0x00, 0x04, 0x20



By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
codecov-commenter commented 2 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 78.34%. Comparing base (79ec696) to head (c8abc8c). Report is 15 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1805 +/- ## ========================================== + Coverage 78.33% 78.34% +0.01% ========================================== Files 581 581 Lines 97335 97343 +8 Branches 13958 13960 +2 ========================================== + Hits 76244 76264 +20 + Misses 20469 20457 -12 Partials 622 622 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.