search

usnistgov / ACVP-Server

A repository tracking releases of NIST's ACVP server. See www.github.com/usnistgov/ACVP for the protocol.
60 stars 20 forks source link

SHAKE capability digest size property? #363

Open cpu opened 4 weeks ago

cpu commented 4 weeks ago

Hi folks,

I was using a SHAKE-128 capability based on the example in this repo. It has a digestSize array property that isn't described in draft-celi-acvp-sha3.html as far as I can tell.

Additionally, when it's provided as written in the demo environment I get the following error:

[
  {
    "acvVersion": "1.0"
  },
  {
    "error": "Invalid JSON provided.",
    "context": "The JSON value could not be converted to System.Collections.Generic.List\u00601[System.String]. Path: $.digestSize[0] | LineNumber: 0 | BytePositionInLine: 99."
  }
]

As hinted at by the System.Collections.Generic.List\u00601[System.String] portion of the error I'm able to resolve the issue by changing my capability to use a digestSize property that's an array of strings. I also seem to be able to delete that property without adverse affect.

Should this property be provided at all? If it should be, is the intent that it's an array of integers or an array of strings? The registration.json in this repo might need an update, or perhaps it's a server-side bug.

environment Demo

testSessionId N/A

vsId N/A

Algorithm registration

I used the following registration based on the example in-repo: 

{
  "algorithm": "SHAKE-128",
  "digestSize": [
    128
  ],
  "inBit": false,
  "outBit": false,
  "inEmpty": false,
  "outputLen": [
    {
      "min": 128,
      "max": 4096,
      "increment": 8
    }
  ],
  "revision": "1.0"
}

Endpoint in which the error is experienced

POSTing /acvp/v1/testSessions

Expected behavior

I expect the capability to be recognized and appropriate test vectors created.

Additional context

N/A

livebe01 commented 3 weeks ago

Thanks for mentioning this @cpu. digestSize is not meant to be a valid registration property, although it appears that the server is accepting values for it. We'll look into fixing that. Its appearing in the example registration is likely an artifact of how the example JSON files are getting produced. You'll probably find a few other algorithms whose example registration files contain similar quirks. If you do, let us know. Just take them with a grain of salt and be sure to consult the individual algorithm specifications here: https://pages.nist.gov/ACVP/#supported.

cpu commented 3 weeks ago

Thanks for confirming this is a quirk of the example registration.

You'll probably find a few other algorithms whose example registration files contain similar quirks. If you do, let us know

Understood, thanks!