Strange behavior for EdDSA SigGen contextLength

[jvdsn]

For example, the following registration:

[
  {
    "acvVersion":"1.0"
  },
  {
    "isSample":false,
    "operation":"register",
    "certificateRequest":"no",
    "debugRequest":"yes",
    "production":"no",
    "encryptAtRest":"yes",
    "algorithms":[
      {
        "algorithm":"EDDSA",
        "mode":"sigGen",
        "revision":"1.0",
        "curve":[
          "ED-25519",
          "ED-448"
        ],
        "pure":true,
        "preHash":false,
        "contextLength":[
          0
        ],
        "prereqVals":[
          {
            "algorithm":"SHA",
            "valValue":"same"
          }
        ]
      },
    ]
  }
]

results in the following response:

[
  {
    "acvVersion": "1.0"
  },
  {
    "error": "General exception. Contact service provider."
  }
]

On the other hand, the following registration:

[
  {
    "acvVersion":"1.0"
  },
  {
    "isSample":false,
    "operation":"register",
    "certificateRequest":"no",
    "debugRequest":"yes",
    "production":"no",
    "encryptAtRest":"yes",
    "algorithms":[
      {
        "algorithm":"EDDSA",
        "mode":"sigGen",
        "revision":"1.0",
        "curve":[
          "ED-25519",
          "ED-448"
        ],
        "pure":true,
        "preHash":false,
        "contextLength":[
          1
        ],
        "prereqVals":[
          {
            "algorithm":"SHA",
            "valValue":"same"
          }
        ]
      }
    ]
  }
]

results in test vectors that look like this:

[
  {
    "acvVersion": "1.0"
  },
  {
    "vsId": 2245694,
    "algorithm": "EDDSA",
    "mode": "sigGen",
    "revision": "1.0",
    "isSample": false,
    "testGroups": [
      {
        "tgId": 1,
        "testType": "AFT",
        "curve": "ED-25519",
        "preHash": false,
        "tests": [
...
        ]
      },
      {
        "tgId": 2,
        "testType": "AFT",
        "curve": "ED-448",
        "preHash": false,
        "tests": [
          {
            "tcId": 11,
            "message": "576B9022BAD47CFACA5FAA56FF7F3AE7D8E6E5CC1902EE0FD59FC51F33E83776246C4119F1CA1D2F5497291D695550601AB8CC595BA3B5988582EDD803D091F47C13AB50DF559FA43F406FCE9B7392C278C8F0C4DCB48AD0BD216E916F5D6FC365C591FB17C8280A7CA90DE57372BAF4145C367394F6B90E0FC319085F1C4E4D",
            "context": "",
            "contextLength": 0
          },
...
        ]
      },
...
    ]
  }
]

I think the logic here must be incorrect: https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/EDDSA/v1_0/SigGen/TestCaseGenerator.cs#L30-L39

[jvdsn]

I believe the following is happening for "contextLength":[ 0 ],:

            var min = group.ContextLength.GetDomainMinMax().Minimum == 0 ? 1 : group.ContextLength.GetDomainMinMax().Minimum;
            var max = group.ContextLength.GetDomainMinMax().Maximum;

            var lengths = group.ContextLength.GetRandomValues(min, max, NumberOfTestCasesToGenerate - 2).ToList();

Because of the ternary, min = 1 and max = 0. In GetRandomValues:

        public IEnumerable<int> GetRandomValues(int min, int max, int numberOfValuesPerSegment)
        {
            if (min > max) // 1 > 0
            {
                throw new ArgumentException($"{nameof(min)} must be less than or equal to {nameof(max)}");
            }
...
        }

This explains the internal server error.

[jvdsn]

@jbrock24 do you need any help debugging this? I'd like this to be fixed as we have a module (specifically OpenSSL 3.0/3.1) which does not support the context for Ed25519. Because of this, Ed25519 cannot be approved (as it cannot be ACVP tested).

[livebe01]

Hi @jvdsn, we have the fix for this prepared and it will be included in the next hotfix for Demo. We'd like to deploy the hotfix near the end of this week or the beginning of next.

[jvdsn]

Thank you!

[livebe01]

The fix for this issue is now on Demo as of today's hotfix deployment.

[jvdsn]

Confirmed fixed.