slontis
commented
1 month ago Looks like a problem internal to OpenSSL related to shake default sizes..
Closed slontis closed 1 month ago
slontis
commented
1 month ago Looks like a problem internal to OpenSSL related to shake default sizes..
I am trying to test some new code in OpenSSL to handle RSA PSS SHAKE manually by extracting a test vector from https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/RSA-SigGen-FIPS186-5/internalProjection.json and are unable to verify the signature currently, so I am trying to figure out what input is different. i.e
1) In the case where "hashAlg" = "SHAKE-128" and "maskFunction" = "mgf1" i) Does it actually use the mgf1 algorithm - and if it does what is the default mgf1 hash algorithm used? ii) What is the size of the SHAKE-128 hash used (Is the hashAlg hash length 32 bytes?).
2) Are all the combinations of hashAlgorithm + maskgenFunction + mgf1Algorithm listed in the .json file actually useful?
https://tools.ietf.org/html/rfc8017#appendix-A.2.3 defines the following
RSASSA-AlgorithmIdentifier ::= { algorithm id-RSASSA-PSS, parameters RSASSA-PSS-params : { hashAlgorithm, maskGenAlgorithm, saltLength, trailerField, } } In https://datatracker.ietf.org/doc/html/rfc8702#section-3.2.1 RSA PSS SHAKE seems to constrain the algorithm and maskGenAlgorithm to be the same value hence the params are omitted.
With the above example of 1) would this still use the RSASSA-AlgorithmIdentifier encoding?
Example test vector from the file listed above "tgId": 7, "sigType": "pss", "modulo": 2048, "hashAlg": "SHAKE-128", "saltLen": 32, "n": "BC79FC4261BEB1115A181CDD1F78BF90174D10E124CDDFE95BB965D59D838BDBF6FAFAD32DF32CEAC86D2967EE49DB492F1272E425ED3E740C2389476EA1AAC5F89F24F531E3E597CCE1CCC83CDB31E784AE3EF90BCB4ED7CA152D18290236E17E55838A6C96CB23AD70B8B9B9AF704D5EAE639EFDD3054110832ECA36F47E9ADF328501BCDE0A1F8CB87D74909152181856E0858E3397CCCA533F7F355367FE5530BDA847E8D2F5429D37425737109BDE25EFFBE4E9EFB67806681769E67216105737A80D2C9D7404D9F866F351AD566FED254FD5AEF4D4C59511F94BF10226CFE300AF81C1188AE200C039980A729E4A8A3452E55EE7455FFAB7215A3C7BDF", "e": "083F9519F7", "maskFunction": "mgf1", "testType": "GDT", "tests": [ { "tcId": 19, "deferred": false, "message": "73C3AAEAB5D76249D35C10DCBF56E391A0F09F52692E0607010BB652985D2D74177C29D687446C8D4E962D1E925192BAF41031493D8A459D9A312E2165B1DF007AA22E5111D8A1D139DCDDAECBA038302D1B03775DA71745CD3BAE2915A56A2B45F8BECB82BFD6F8888FF155D012D8485B44C7CFDD24F9396EB011E8D02A602A", "signature": "5AE358C6D51109946FA5C3DFCEF01671380BA8EC4C14FBCF9955621CE448C12F2C6E249A7D7CF423EB8A6F841D982AAAC3DBD04BB85528AC0E46A5A0B94D6D1F7F13E88C571CF31635F976AD14E4ABC6B42368FF3D2D54454EEE495FDEC88315EA652FBDEE45B1A5A22962FA4130E3612ADE68D9DA974B4695255F747DD20FF2D605A85AFEB92066EE74567EBD8C9CCC85719309B6FB326FCFA9AA6A59A91A8677348A3B3030A3BA99B7D13B232B7DF1D7DAB92D5B3EE3E328E5C46547BABA53293BB94E52D977638A3DD7416C76FCCEF4358FF2A95C7145B464F11855B8C9470CE1C4CA8C5D4B6A4F717E2DD99DBE8CA928445FEC04D0B994F8AC62F1649CDF", "salt": "5D1656DEEF4F8AD0643ABCD2F2F6A37CEEFB2DFF188A508604A278D41CC873C9" }, }