Closed sim-nvidia closed 1 month ago
We agree. Ideally, all of our digital signature algorithm tests would allow the supported message lengths to be indicated in the capabilities registration, but I think only ML-DSA and SLH-DSA allow this at the moment. Do you have an implementation that will require this for testing?
Yes. Some implementations may restrict the message size to a digest length for example assuming messages are hashed. In these cases, setting the message length would be needed.
Thanks @sim-nvidia. I understand that this may be an issue for some implementations and we would like to address this. I just want to confirm, do you currently have an LMS implementation for which this will be an issue?
Yes. This is an issue for LMS, RSA, ECDSA, and EDDSA.
For a particular cryptographic module that you're involved with developing?
Yes. We are working on a suite of hardware implementations that verifies immutable code. So in this case, we need a way to set the message length input for the DSA algorithms mentioned.
Great. Thank you for the additional information. I've opened a ticket for adding messageLength to LMS in our internal system for tracking feature requests.
I'm going to close this ticket, but feel free reach out if you have additional questions.
We plan to add support for specifying the supported message lengths to LMS, but I don't have a timeframe for that. Reach out if you need it and don't see that it's available. We'll work with you to make sure you can test your implementation.
I don't know if we'll go back and add support for specifying the supported message lengths to RSA, ECDSA, and EDDSA. But if the RSA, ECDSA, and EDDSA testing that's available won't allow you to test your implementation, let us know and we'll work with you to make a way for you to test.
That sounds good to me. Thank you.
Support for setting message length in LMS capabilities registration There should be an option to set the message length for LMS since not all implementations may allow arbitrary length inputs (ex. messages could be hashed and thus the digest may only be needed)