RSA-PSS FIPS 186-5, hash algs SHAKE-128 or 256

[mwcw]

Hi,

We are trying to fetch vectors for RSA-RSS FIPS 186-5, using the attached capabilities file and we are getting the following error:

 [
   {
    "acvVersion": "1.0"
  },
 {
   "error": "Validation error(s) on JSON payload.",
   "context": [
      "RSA-sigVer-FIPS186-5: Invalid Hash Algorithms supplied: SHAKE-256;Invalid Hash Algorithms supplied: SHAKE-128"
    ]
 }
]

From FIPS 186-5 "(b) For RSASSA-PSS, either an approved hash function or XOF (extendable-output function) shall be used as the function “Hash” in Sections 9.1.1 and 9.1.2 of RFC 8017. Approved XOFs are SHAKE128 and SHAKE256, which are specified in FIPS 202. When SHAKE128 or SHAKE256 is used as the function “Hash,” the output length shall be 256 or 512 bits, respectively."

I have attached the capabilities request.

Let me know if you need any further information.

MW

rsa-shakemgf.zip

[celic]

For right now, SHAKE is allowed as a masking function and not as a hash function. The reason doesn't directly relate to PSS though. PKCSv1.15 is the other signature scheme allowed there, and it requires OIDs for each hash function in order to produce the correct result. The OIDs do not exist for anything newer than SHA2.

We can update the code to allow SHA3 and SHAKE for PSS while keeping it disabled for PKCS.

[jvdsn]

@celic any update on this now that FIPS 186-5 has been released?

[livebe01]

The fix for this is on Demo in release v1.1.0.28.

[livebe01]

The fix for this is on Prod in release v1.1.0.28.