search

smuellerDD / acvpproxy

ACVP Proxy for accessing the NIST ACVP server for testing cryptographic implementations
https://www.chronox.de/acvpproxy
Other
16 stars 10 forks source link

Maclength Range when requesting KDF KAS_ECC #20

Closed mikebusa closed 3 years ago

mikebusa commented 3 years ago

I am trying to request KDF KAS_ECC test vectors, and I am getting an error I can't figure out. This is what I have where I think the error is:

static const struct def_algo_kas_ecc_kdfnokc openssl_kas_ecc_kdfnokc_eb = { .kas_ecc_paramset = DEF_ALG_KAS_ECC_EB, .curve = ACVP_NISTP224, .mac = ACVP_HMACSHA2_224, .keylen = {376,496,512}, .kas_ecc_kdfoption = DEF_ALG_KAS_ECC_ASN1, .oipattern = "counter", .hashalg = ACVP_SHA224 }; ...

define __OPENSSL_KAS_ECC(paramset) \

{                               \
.type = DEF_ALG_TYPE_KAS_ECC,                   \
.algo.kas_ecc = {                       \
    DEF_PREREQS(openssl_ecdh_prereqs),          \
    .kas_ecc_function = DEF_ALG_KAS_ECC_PARTIALVAL,     \
    .kas_ecc_schema = DEF_ALG_KAS_ECC_EPHEMERAL_UNIFIED | \
            DEF_ALG_KAS_ECC_FULL_UNIFIED |  \
            DEF_ALG_KAS_ECC_ONE_PASS_DH |   \
            DEF_ALG_KAS_ECC_ONE_PASS_UNIFIED |  \
            DEF_ALG_KAS_ECC_STATIC_UNIFIED, \
    .kas_ecc_role = DEF_ALG_KAS_ECC_INITIATOR |     \
            DEF_ALG_KAS_ECC_RESPONDER,      \
    .kas_ecc_dh_type = DEF_ALG_KAS_ECC_KDF_NO_KC,   \
    .type_info.kdfnokc = paramset,          \
    },                          \
}

define OPENSSL_KAS_ECC \

__OPENSSL_KAS_ECC(&openssl_kas_ecc_kdfnokc_eb)      \

The error I get from the proxy is: { "error": "Validation error(s) on JSON payload.", "context": [ "KAS-ECC-1.0: MacLength Range" ] }

I am defining the .mac member as ACVP_HMACSHA2_224, and I thought I only had to declare a maclen if I was using AES_CCM, so I'm confused how the maclen could be the issue.

smuellerDD commented 3 years ago

Am Dienstag, 2. Februar 2021, 20:19:46 CET schrieb mikebusa:

Hi mikebusa,

I am trying to request KDF KAS_ECC test vectors, and I am getting an error I can't figure out. This is what I have where I think the error is:

static const struct def_algo_kas_ecc_kdfnokc openssl_kas_ecc_kdfnokc_eb = { .kas_ecc_paramset = DEF_ALG_KAS_ECC_EB, .curve = ACVP_NISTP224, .mac = ACVP_HMACSHA2_224, .keylen = {376,496,512}, .kas_ecc_kdfoption = DEF_ALG_KAS_ECC_ASN1, .oipattern = "counter", .hashalg = ACVP_SHA224 }; ...

define __OPENSSL_KAS_ECC(paramset) \

{ \ .type = DEF_ALG_TYPE_KAS_ECC, \ .algo.kas_ecc = { \ DEF_PREREQS(openssl_ecdh_prereqs), \ .kas_ecc_function = DEF_ALG_KAS_ECC_PARTIALVAL, \ .kas_ecc_schema = DEF_ALG_KAS_ECC_EPHEMERAL_UNIFIED | \ DEF_ALG_KAS_ECC_FULL_UNIFIED | \ DEF_ALG_KAS_ECC_ONE_PASS_DH | \ DEF_ALG_KAS_ECC_ONE_PASS_UNIFIED | \ DEF_ALG_KAS_ECC_STATIC_UNIFIED, \ .kas_ecc_role = DEF_ALG_KAS_ECC_INITIATOR | \ DEF_ALG_KAS_ECC_RESPONDER, \ .kas_ecc_dh_type = DEF_ALG_KAS_ECC_KDF_NO_KC, \ .type_info.kdfnokc = paramset, \ }, \ }

define OPENSSL_KAS_ECC \

__OPENSSL_KAS_ECC(&openssl_kas_ecc_kdfnokc_eb) \

The error I get from the proxy is: { "error": "Validation error(s) on JSON payload.", "context": [ "KAS-ECC-1.0: MacLength Range" ] }

I am defining the .mac member as ACVP_HMACSHA2_224, and I thought I only had to declare a maclen if I was using AES_CCM, so I'm confused how the maclen could be the issue.

The error you see is not the proxy but the server that sends you the error.

You seem to request the KDF without key confirmation. So, a MAC length is invalid. Only for key confirmation, the mac length is relevant.

Ciao Stephan

mikebusa commented 3 years ago

I understand, however I am not trying to specify the mac length. The NIST site says the mac length is only required when AES_CCM is selected as the MAC, otherwise it is not required. If I am not specifying the mac length (because it is not required), and am instead specifying the mac as ACVP_HMACSHA2_224, how can the MacLength Range be invalid?

smuellerDD commented 3 years ago

Am Dienstag, 2. Februar 2021, 21:23:24 CET schrieb mikebusa:

Hi mikebusa,

I understand, however I am not trying to specify the mac length. The NIST site says the mac length is only required when AES_CCM is selected as the MAC, otherwise it is not required. If I am not specifying the mac length (because it is not required), and am instead specifying the mac as ACVP_HMACSHA2_224, how can the MacLength Range be invalid?

I am slightly unsure how CCM plays in here.

Sorry, you are right, there is no maclen.

Can you paste what --request --dump-register shows you?

Thanks

Ciao Stephan

mikebusa commented 3 years ago

[ { "acvVersion":"1.0" }, { "isSample":false, "operation":"register", "certificateRequest":"no", "debugRequest":"yes", "production":"no", "encryptAtRest":"yes", "algorithms":[ { "revision":"1.0", "algorithm":"KAS-ECC", "prereqVals":[ { "algorithm":"SHA", "valValue":"same" }, { "algorithm":"DRBG", "valValue":"same" }, { "algorithm":"ECDSA", "valValue":"same" } ], "function":[ "keyPairGen" ], "scheme":{ "ephemeralUnified":{ "kasRole":[ "initiator", "responder" ], "kdfNoKc":{ "kdfOption":{ "concatenation":"counter" }, "parameterSet":{ "eb":{ "curve":"P-224", "hashAlg":[ "SHA2-224" ], "macOption":{ "HMAC-SHA2-224":{ "keyLen":[ 376, 496, 512 ] } } } } } }, } } ] } ]

smuellerDD commented 3 years ago

Am Dienstag, 2. Februar 2021, 21:35:53 CET schrieb mikebusa:

Hi mikebusa,

see issue https://github.com/usnistgov/ACVP-Server/issues/74 and let us wait.

Note, the ASN1 type is not (yet) supported for KAS.

Ciao Stephan

mikebusa commented 3 years ago

Thank you

smuellerDD commented 3 years ago

As stated in the issue #74, the maclen is mandatory. I have added a comment update to my code that will be pushed in the future.

The NIST team will also update their spec accordingly.