search

usnistgov / ACVP

Industry Working Group on Automated Cryptographic Algorithm Validation
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program
160 stars 65 forks source link

Allow Supported Message Lengths to be Provided for LMS #1523

Closed sim-nvidia closed 1 month ago

sim-nvidia commented 1 month ago

Support for setting message length in LMS capabilities registration There should be an option to set the message length for LMS since not all implementations may allow arbitrary length inputs (ex. messages could be hashed and thus the digest may only be needed)

livebe01 commented 1 month ago

We agree. Ideally, all of our digital signature algorithm tests would allow the supported message lengths to be indicated in the capabilities registration, but I think only ML-DSA and SLH-DSA allow this at the moment. Do you have an implementation that will require this for testing?

sim-nvidia commented 1 month ago

Yes. Some implementations may restrict the message size to a digest length for example assuming messages are hashed. In these cases, setting the message length would be needed.

livebe01 commented 1 month ago

Thanks @sim-nvidia. I understand that this may be an issue for some implementations and we would like to address this. I just want to confirm, do you currently have an LMS implementation for which this will be an issue?

sim-nvidia commented 1 month ago

Yes. This is an issue for LMS, RSA, ECDSA, and EDDSA.

livebe01 commented 1 month ago

For a particular cryptographic module that you're involved with developing?

sim-nvidia commented 1 month ago

Yes. We are working on a suite of hardware implementations that verifies immutable code. So in this case, we need a way to set the message length input for the DSA algorithms mentioned.

livebe01 commented 1 month ago

Great. Thank you for the additional information. I've opened a ticket for adding messageLength to LMS in our internal system for tracking feature requests.

I'm going to close this ticket, but feel free reach out if you have additional questions.

We plan to add support for specifying the supported message lengths to LMS, but I don't have a timeframe for that. Reach out if you need it and don't see that it's available. We'll work with you to make sure you can test your implementation.

I don't know if we'll go back and add support for specifying the supported message lengths to RSA, ECDSA, and EDDSA. But if the RSA, ECDSA, and EDDSA testing that's available won't allow you to test your implementation, let us know and we'll work with you to make a way for you to test.

sim-nvidia commented 1 month ago

That sounds good to me. Thank you.