search

usnistgov / ACVP-Server

A repository tracking releases of NIST's ACVP server. See www.github.com/usnistgov/ACVP for the protocol.
46 stars 16 forks source link

ACVP Server includes maskFunction for PKCS#1 v1.5 SigGen #345

Open jvdsn opened 1 month ago

jvdsn commented 1 month ago

environment Demo

testSessionId 525016

vsId 2428060

Algorithm registration

[
  {
    "acvVersion":"1.0"
  },
  {
    "isSample":false,
    "operation":"register",
    "certificateRequest":"no",
    "debugRequest":"yes",
    "production":"no",
    "encryptAtRest":"yes",
    "algorithms":[
      {
        "revision":"FIPS186-5",
        "algorithm":"RSA",
        "mode":"sigGen",
        "capabilities":[
          {
            "sigType":"pkcs1v1.5",
            "properties":[
              {
                "modulo":2048,
                "hashPair":[
                  {
                    "hashAlg":"SHA2-224"
                  },
                  {
                    "hashAlg":"SHA2-256"
                  },
                  {
                    "hashAlg":"SHA2-384"
                  },
                  {
                    "hashAlg":"SHA2-512"
                  },
                  {
                    "hashAlg":"SHA3-224"
                  },
                  {
                    "hashAlg":"SHA3-256"
                  },
                  {
                    "hashAlg":"SHA3-384"
                  },
                  {
                    "hashAlg":"SHA3-512"
                  }
                ]
              },
              {
                "modulo":3072,
                "hashPair":[
                  {
                    "hashAlg":"SHA2-224"
                  },
                  {
                    "hashAlg":"SHA2-256"
                  },
                  {
                    "hashAlg":"SHA2-384"
                  },
                  {
                    "hashAlg":"SHA2-512"
                  },
                  {
                    "hashAlg":"SHA3-224"
                  },
                  {
                    "hashAlg":"SHA3-256"
                  },
                  {
                    "hashAlg":"SHA3-384"
                  },
                  {
                    "hashAlg":"SHA3-512"
                  }
                ]
              },
              {
                "modulo":4096,
                "hashPair":[
                  {
                    "hashAlg":"SHA2-224"
                  },
                  {
                    "hashAlg":"SHA2-256"
                  },
                  {
                    "hashAlg":"SHA2-384"
                  },
                  {
                    "hashAlg":"SHA2-512"
                  },
                  {
                    "hashAlg":"SHA3-224"
                  },
                  {
                    "hashAlg":"SHA3-256"
                  },
                  {
                    "hashAlg":"SHA3-384"
                  },
                  {
                    "hashAlg":"SHA3-512"
                  }
                ]
              }
            ]
          },
          {
            "sigType":"pss",
            "properties":[
              {
                "modulo":2048,
                "maskFunction":[
                  "mgf1"
                ],
                "hashPair":[
                  {
                    "hashAlg":"SHA2-256",
                    "saltLen":32
                  },
                  {
                    "hashAlg":"SHA2-384",
                    "saltLen":48
                  },
                  {
                    "hashAlg":"SHA2-512",
                    "saltLen":64
                  }
                ]
              },
              {
                "modulo":3072,
                "maskFunction":[
                  "mgf1"
                ],
                "hashPair":[
                  {
                    "hashAlg":"SHA2-256",
                    "saltLen":32
                  },
                  {
                    "hashAlg":"SHA2-384",
                    "saltLen":48
                  },
                  {
                    "hashAlg":"SHA2-512",
                    "saltLen":64
                  }
                ]
              },
              {
                "modulo":4096,
                "maskFunction":[
                  "mgf1"
                ],
                "hashPair":[
                  {
                    "hashAlg":"SHA2-256",
                    "saltLen":32
                  },
                  {
                    "hashAlg":"SHA2-384",
                    "saltLen":48
                  },
                  {
                    "hashAlg":"SHA2-512",
                    "saltLen":64
                  }
                ]
              }
            ]
          }
        ],
        "prereqVals":[
          {
            "algorithm":"SHA",
            "valValue":"same"
          },
          {
            "algorithm":"DRBG",
            "valValue":"same"
          }
        ]
      },
    ]
  }
]

Expected behavior According to https://github.com/usnistgov/ACVP/blob/master/src/rsa/sections/06-siggen-test-vectors.adoc:

The 'maskFunction' property will only be present for RSA / sigGen / FIPS186-5 inside of test groups for the 'sigType' "pss".

Additional context The actual test vectors contain a maskFunction property for PKCS#1 v1.5 padding too:

[
  {
    "acvVersion": "1.0"
  },
  {
    "vsId": 2428060,
    "algorithm": "RSA",
    "mode": "sigGen",
    "revision": "FIPS186-5",
    "isSample": false,
    "testGroups": [
      {
        "tgId": 1,
        "sigType": "pkcs1v1.5",
        "modulo": 2048,
        "hashAlg": "SHA2-224",
        "saltLen": 0,
        "maskFunction": "none",
        "testType": "GDT",
        "tests": [
          ...
        ]
      },
      ...
  }
]
jvdsn commented 1 month ago

@livebe01 this ticket has been open for a while now, is this something the CAVP is looking at?

livebe01 commented 3 weeks ago

Sure, this is something we can look at. I'm thinking it'd be quicker to update the documentation to match the behavior than to update the behavior to match the documentation.

jvdsn commented 3 weeks ago

@livebe01 it's a pretty simple fix, because it works fine with SigVer. Compare https://github.com/usnistgov/ACVP-Server/blob/65370b861b96efd30dfe0daae607bde26a78a5c8/gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/RSA/Fips186_5/SigGen/ContractResolvers/PromptProjectionContractResolver.cs#L12-L22 with https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/RSA/Fips186_5/SigVer/ContractResolvers/PromptProjectionContractResolver.cs#L13-L29

Simply follow the same method as SigVer and it should work. If you want, I can open a PR to ACVP-Server, but I cannot test it (and I know you cannot merge it).

livebe01 commented 2 weeks ago

You're right. Very straightforward. We'll get this fixed.