search

usnistgov / ACVP-Server

A repository tracking releases of NIST's ACVP server. See www.github.com/usnistgov/ACVP for the protocol.
51 stars 18 forks source link

FIPS186-5 SHAKE in PSS appears to be half length #258

Closed mwcw closed 1 year ago

mwcw commented 1 year ago

Hi,

The following vector:

{
    "vsId": 1556377,
    "algorithm": "RSA",
    "mode": "sigVer",
    "revision": "FIPS186-5",
    "isSample": true,
    "testGroups": [
      {
        "tgId": 1,
        "sigType": "pss",
        "modulo": 2048,
        "hashAlg": "SHAKE-128",
        "saltLen": 16,
        "n": "C383ED742B0D31FF8CE9B836531705E53438FC0C50336B006980362D288E5575397098A2A066363300184EFA17F9DB857F5F7BC3C2B645F5F98BA02FB49E38E459B12609195C9631FB7DDF823E13546F027A97425B94E3FFC4C2472EBE5DEEAC1F7EC8E799DB58EA4F272AA0E18320C2E12EC1D74D7876C65AC2A0262E13E17066D402ACFC4AD77EE4B943BA741576FA6D6E66E68F682235287D3FE342E312C75AFD265FCC902539F62386371466DFE8A84ECDACCF5F77AE05B932C48C5E99220130102BA8103463C7C84B2B688BFCF6AA0995D6DD7FAA2C4132B5D7CA37468C51B3FF8A0DA1D0D5195652808221C8308A57E672EC234930600F84F11F8412C5",
        "e": "03668DFF8CA82F",
        "maskFunction": "shake-128",
        "testType": "GDT",
        "tests": [
          {
            "tcId": 1,
            "message": "E818458726E6CB1CBF8875E7D06B951C6D40A62792563877A7955C37D92713DF40C0704B44D50A9D4D107FB84F2A442EFF4685D4C569D058648A5C3084182C3E40C511149A9563F3146B9062AE9D0104C6E050056654A451D50AE1A8C81F09DE732D55512E0A0F504BEB286ABBA563453224508EF79F6C96163F1EA9E5AFDF3D",
            "signature": "BFD6900544DE2356D3C63C9822CDCC346086D59BEE97C68D06A2F182EED1F8984A8EAE3853250220C3DCE50D0A45EAE41342E693A32A47EBCF2219FC1D3966D3AC04627497684FA7480BDD5EF43928A42310DF3CA38A37BE9FDB18BF93FDB2BCCFB6C8624FA95AFD728A0C78DA7F6EB104CB364A56A5CB0DCA01DA81C6335705CD05FBBCC93689EBC23072C9B485F08B4CD573E5A25FBD549B0EE6CD1E19D4C1BBF87B8DE1128A44D471244A02E48099127CF704C1FDBE5706FA81DD617B8F2D4F377971C31D315AC2C37E4C45D2AF370373A7E1735ACEA8D7F70024F24A2E8A2AAAE2EB7E5DAA7E5221216D8811265EA050E43C338D01CDE9CD26AD5542ED6D"
          },

tcid 1 is expected to pass according to the sample file.

{
  "vsId": 1556377,
  "algorithm": "RSA",
  "mode": "sigVer",
  "revision": "FIPS186-5",
  "isSample": true,
  "testGroups": [
    {
      "tgId": 1,
      "tests": [
        {
          "tcId": 1,
          "testPassed": true
        },

But only does so if the output of shake-128 is set to 16 which is contary to FIPS-PUB 186-5 section 5.4(b).

This issue may also be present setting of the salt length and shake-256.

Setting of the salt length appears to be limited to 32 bytes for shake-256.

Please let me know if you need any more information.

Cheers

Megan

livebe01 commented 1 year ago

Thanks, we'll take a look!

livebe01 commented 1 year ago

It looks to me like you are correct on both counts. I.e., salt length limits and the output lengths we're using for both shakes. I'm working on a fix.

livebe01 commented 1 year ago

Just an update that I worked on this last week and am continuing the work. Think we're getting close to a fix on this. Hope to have it out in a release either later this week or mid-to-early next week.

livebe01 commented 1 year ago

The fix for this is now on Demo in release v1.1.0.29.

dghgit commented 1 year ago

We've tried a few different runs now, seems to be working for the correct range of salt values and the right digest size. Thanks, this one can be closed.

livebe01 commented 1 year ago

The fix for this is on Prod in release v1.1.0.29-hotfix-1.