search

usnistgov / ACVP-Server

A repository tracking releases of NIST's ACVP server. See www.github.com/usnistgov/ACVP for the protocol.
39 stars 14 forks source link

Support for "alternate" SHA Monte Carlo Tests on demo server? #289

Closed ott-kiwi closed 7 months ago

ott-kiwi commented 9 months ago

I have sample vectors and expected results from a lab for the Monte Carlo "alternate" tests which, when run for SHA384 and SHA512 work fine. When running exactly the same tests with the only change being the md method (SHA-1 or SHA256), the AFT tests match the expected but not the MCT tests. I've broken it down to smaller pieces and verified using online sha calculators that the hashes are correct, but am otherwise at a complete loss why I'm not getting the expected result after 1000 iterations. I'd like to verify that it works using samples from the demo server, but currently it seems the demo only provides "standard" MCT tests. Are there any plans to support "alternate" MCT's in the demo environment any time soon? If not, any pointers as to what might be going wrong?

jbrock24 commented 9 months ago

Hi @ott-kiwi, can you provide me a VS/Test ID for the failure?

ott-kiwi commented 9 months ago

"vsId": 1833519

The lab ran my results and I got all passes for the AFTs, but the (alternate) MCT results just gave: { "tcId": 513, "result": "failed", "reason": "Digest does not match on iteration 0; Digest does not match on iteration 1; Digest does not match on iteration 2; Digest does not match on iteration 3; Digest does not match on iteration 4; Digest does not match on iteration 5; Digest does not match on iteration 6; Digest does not match on iteration 7; Digest does not match on iteration 8; Digest does not match on iteration 9; Digest does not match on iteration 10; Digest does not match on iteration 11; Digest does not match on iteration 12; Digest does not match on iteration 13; Digest does not match on iteration 14; Digest does not match on iteration 15; Digest does not match on iteration 16; Digest does not match on iteration 17; Digest does not match on iteration 18; Digest does not match on iteration 19; Digest does not match on iteration 20; Digest does not match on iteration 21; Digest does not match on iteration 22; Digest does not match on iteration 23; Digest does not match on iteration 24; Digest does not match on iteration 25; Digest does not match on iteration 26; Digest does not match on iteration 27; Digest does not match on iteration 28; Digest does not match on iteration 29; Digest does not match on iteration 30; Digest does not match on iteration 31; Digest does not match on iteration 32; Digest does not match on iteration 33; Digest does not match on iteration 34; Digest does not match on iteration 35; Digest does not match on iteration 36; Digest does not match on iteration 37; Digest does not match on iteration 38; Digest does not match on iteration 39; Digest does not match on iteration 40; Digest does not match on iteration 41; Digest does not match on iteration 42; Digest does not match on iteration 43; Digest does not match on iteration 44; Digest does not match on iteration 45; Digest does not match on iteration 46; Digest does not match on iteration 47; Digest does not match on iteration 48; Digest does not match on iteration 49; Digest does not match on iteration 50; Digest does not match on iteration 51; Digest does not match on iteration 52; Digest does not match on iteration 53; Digest does not match on iteration 54; Digest does not match on iteration 55; Digest does not match on iteration 56; Digest does not match on iteration 57; Digest does not match on iteration 58; Digest does not match on iteration 59; Digest does not match on iteration 60; Digest does not match on iteration 61; Digest does not match on iteration 62; Digest does not match on iteration 63; Digest does not match on iteration 64; Digest does not match on iteration 65; Digest does not match on iteration 66; Digest does not match on iteration 67; Digest does not match on iteration 68; Digest does not match on iteration 69; Digest does not match on iteration 70; Digest does not match on iteration 71; Digest does not match on iteration 72; Digest does not match on iteration 73; Digest does not match on iteration 74; Digest does not match on iteration 75; Digest does not match on iteration 76; Digest does not match on iteration 77; Digest does not match on iteration 78; Digest does not match on iteration 79; Digest does not match on iteration 80; Digest does not match on iteration 81; Digest does not match on iteration 82; Digest does not match on iteration 83; Digest does not match on iteration 84; Digest does not match on iteration 85; Digest does not match on iteration 86; Digest does not match on iteration 87; Digest does not match on iteration 88; Digest does not match on iteration 89; Digest does not match on iteration 90; Digest does not match on iteration 91; Digest does not match on iteration 92; Digest does not match on iteration 93; Digest does not match on iteration 94; Digest does not match on iteration 95; Digest does not match on iteration 96; Digest does not match on iteration 97; Digest does not match on iteration 98; Digest does not match on iteration 99" }

If I had the iterations for the inner loop I might be able to track down the problem (if it's our end)....

jbrock24 commented 9 months ago

Appreciated, I'll look into for you.

ott-kiwi commented 9 months ago

Thanks jbrock24.

I'm pretty sure it's something to do with the padding. SHA-1 and SHA256 both require padding with zeros after the first few iterations whereas SHA384 and SHA512 do not.

If it helps, here my debug for the first 8 iterations of the first run through the inner loop:

[ACVP]: Found new hash test vector... [ACVP]: Test case: 0 [ACVP]: tcId: 513 [ACVP]: len: 1024 [ACVP]: msg: B758DE130EEFBDDA3E540DCCD2D5CF57DDFEAC93050146D7BD360D4B6B9CE9011ACD3D020D2AE37B906A253C42B3AC5D5B2E80CF9D57B9F55BEB3EF26A4D446390507F7E322A855ECD49EBBFF6A1C3FB287898B0FF7A5199 4C702D9388B1C47B2A1CDE06AED5D6F4DE8049EFF10665897FC6A32FC86E7F6F562D54081F64DE17 [ACVP]: mct version: alternate [ACVP]: testtype: MCT m1_len=128,m2_len=128,m3_len=128 Hashing 128 bytes: b758de130eefbdda3e540dccd2d5cf57ddfeac93050146d7bd360d4b6b9ce9011acd3d020d2ae37b906a253c42b3ac5d5b2e80cf9d57b9f55beb3ef26a4d446390507f7e322a855ecd49ebbff6a1c3fb287898b0ff7a51994c702d9388b1c47b2a1cde06aed 5d6f4de8049eff10665897fc6a32fc86e7f6f562d54081f64de17 md: b1fe11b271d20fc342d8145026d335ac6a09847055f0dd49f0df7b0587f0393f m1_len=128,m2_len=128,m3_len=32 Hashing 128 bytes: b758de130eefbdda3e540dccd2d5cf57ddfeac93050146d7bd360d4b6b9ce9011acd3d020d2ae37b906a253c42b3ac5d5b2e80cf9d57b9f55beb3ef26a4d446390507f7e322a855ecd49ebbff6a1c3fb287898b0ff7a51994c702d9388b1c47b2a1cde06aed 5d6f4de8049eff10665897fc6a32fc86e7f6f562d54081f64de17 md: b1fe11b271d20fc342d8145026d335ac6a09847055f0dd49f0df7b0587f0393f m1_len=128,m2_len=32,m3_len=32 Hashing 128 bytes: b758de130eefbdda3e540dccd2d5cf57ddfeac93050146d7bd360d4b6b9ce9011acd3d020d2ae37b906a253c42b3ac5d5b2e80cf9d57b9f55beb3ef26a4d446390507f7e322a855ecd49ebbff6a1c3fb287898b0ff7a51994c702d9388b1c47b2a1cde06aed 5d6f4de8049eff10665897fc6a32fc86e7f6f562d54081f64de17 md: b1fe11b271d20fc342d8145026d335ac6a09847055f0dd49f0df7b0587f0393f m1_len=32,m2_len=32,m3_len=32 Hashing 128 bytes: b1fe11b271d20fc342d8145026d335ac6a09847055f0dd49f0df7b0587f0393fb1fe11b271d20fc342d8145026d335ac6a09847055f0dd49f0df7b0587f0393fb1fe11b271d20fc342d8145026d335ac6a09847055f0dd49f0df7b0587f0393f00000000000 00000000000000000000000000000000000000000000000000000 md: d3353c3bbd2f2b845f91ac9031d54570991f17f076b5d33f63c398d76c27908a m1_len=32,m2_len=32,m3_len=32 Hashing 128 bytes: b1fe11b271d20fc342d8145026d335ac6a09847055f0dd49f0df7b0587f0393fb1fe11b271d20fc342d8145026d335ac6a09847055f0dd49f0df7b0587f0393fd3353c3bbd2f2b845f91ac9031d54570991f17f076b5d33f63c398d76c27908a00000000000 00000000000000000000000000000000000000000000000000000 md: 930bcd80e0ebd455b79dbfe94e761b8b02769f79d32d14b68cdb499d7a9eb59c m1_len=32,m2_len=32,m3_len=32 Hashing 128 bytes: b1fe11b271d20fc342d8145026d335ac6a09847055f0dd49f0df7b0587f0393fd3353c3bbd2f2b845f91ac9031d54570991f17f076b5d33f63c398d76c27908a930bcd80e0ebd455b79dbfe94e761b8b02769f79d32d14b68cdb499d7a9eb59c00000000000 00000000000000000000000000000000000000000000000000000 md: 8a044c4f932c4fda77c50296e83fa53dc439f1cc4cb966f65be5fb0a9139bdad m1_len=32,m2_len=32,m3_len=32 Hashing 128 bytes: d3353c3bbd2f2b845f91ac9031d54570991f17f076b5d33f63c398d76c27908a930bcd80e0ebd455b79dbfe94e761b8b02769f79d32d14b68cdb499d7a9eb59c8a044c4f932c4fda77c50296e83fa53dc439f1cc4cb966f65be5fb0a9139bdad00000000000 00000000000000000000000000000000000000000000000000000 md: b65f72446129ff8edf8dd7146e13ad795eef225abf7f0b39b61c8c137475f88f m1_len=32,m2_len=32,m3_len=32 Hashing 128 bytes: 930bcd80e0ebd455b79dbfe94e761b8b02769f79d32d14b68cdb499d7a9eb59c8a044c4f932c4fda77c50296e83fa53dc439f1cc4cb966f65be5fb0a9139bdadb65f72446129ff8edf8dd7146e13ad795eef225abf7f0b39b61c8c137475f88f00000000000 00000000000000000000000000000000000000000000000000000 md: cb2caefe270c3b5cebadacc783463bd96f447d51dc88452d09805929940b9a90

jbrock24 commented 9 months ago

Appreciated

ott-kiwi commented 9 months ago

It looks to me like there is a problem at line 75 in AlternateSizeShaMct.cs where:

innerMessage.ConcatenateBits(BitString.Zeroes(seedLength - innerMessage.BitLength));

should be

innerMessage = innerMessage.ConcatenateBits(BitString.Zeroes(seedLength - innerMessage.BitLength));

When I remove the zero padding from the data to be hashed, I get a match with the expected.

jbrock24 commented 9 months ago

@ott-kiwi Was definitely an issue, fixed that and am currently testing. Appreciate the feedback a lot, it will go out with the next update and we'll let you know when it's published. Thanks again!

livebe01 commented 8 months ago

The fix for this is on Demo in release v1.1.0.32.

livebe01 commented 7 months ago

The fix for this is on Prod in release v1.1.0.32.