ACVP
ACVP copied to clipboard
usnistgov
KAS-ECC Revision Sp800-56Ar3 fullMqv scheme generates unselected auxFunctions
Apologies for the lengthy issue, but I'm trying to capture as much information as possible.
The TL;DR version is that it appears that when requesting vectors sets for KAS-ECC revision Sp800-56Ar3, in certain circumstances, testing groups for unselected auxFunctions are being produced.
Using the following registration payload:
{
"iutId": "0123456789CAFE",
"scheme": {
"fullMqv": {
"l": 256,
"kasRole": [
"initiator"
],
"kdfMethods": {
"oneStepKdf": {
"encoding": [
"concatenation"
],
"auxFunctions": [
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-224"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-256"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-384"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-512"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-224"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-256"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-384"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-512"
}
],
"fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo"
}
}
},
"onePassDh": {
"l": 256,
"kasRole": [
"initiator"
],
"kdfMethods": {
"oneStepKdf": {
"encoding": [
"concatenation"
],
"auxFunctions": [
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-224"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-256"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-384"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-512"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-224"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-256"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-384"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-512"
},
{
"macSaltMethods": [
"default"
],
"auxFunctionName": "KMAC-128"
},
{
"macSaltMethods": [
"default"
],
"auxFunctionName": "KMAC-256"
}
],
"fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo"
}
}
},
"staticUnified": {
"l": 256,
"kasRole": [
"initiator",
"responder"
],
"kdfMethods": {
"oneStepKdf": {
"encoding": [
"concatenation"
],
"auxFunctions": [
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-224"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-256"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-384"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-512"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-224"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-256"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-384"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-512"
},
{
"macSaltMethods": [
"default"
],
"auxFunctionName": "KMAC-128"
},
{
"macSaltMethods": [
"default"
],
"auxFunctionName": "KMAC-256"
}
],
"fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo"
}
}
},
"ephemeralUnified": {
"l": 256,
"kasRole": [
"initiator",
"responder"
],
"kdfMethods": {
"oneStepKdf": {
"encoding": [
"concatenation"
],
"auxFunctions": [
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-224"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-256"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-384"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA2-512"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-224"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-256"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-384"
},
{
"macSaltMethods": [],
"auxFunctionName": "SHA3-512"
},
{
"macSaltMethods": [
"default"
],
"auxFunctionName": "KMAC-128"
},
{
"macSaltMethods": [
"default"
],
"auxFunctionName": "KMAC-256"
}
],
"fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo"
}
}
}
},
"function": [
"keyPairGen",
"fullVal"
],
"revision": "Sp800-56Ar3",
"algorithm": "KAS-ECC",
"domainParameterGenerationMethods": [
"P-521",
"P-384",
"P-256",
"P-224",
"K-233",
"K-283",
"K-409",
"K-571",
"B-233",
"B-283",
"B-409",
"B-571"
]
}
You can see that KMAC-128 and KMAC-256 are selected for onePassDh, staticUnified and ephemeralUnified however, they are NOT selected for fullMqv.
When a test session is created with the above capabilites, the vector sets appear to have generated test groups for KMAC regardless (tests are redacted for brevity's sake) :
{
"tgId": 11,
"testType": "AFT",
"tests": [ ... ],
"domainParameterGenerationMode": "B-283",
"scheme": "fullMqv",
"kasRole": "initiator",
"l": 256,
"iutId": "0123456789CAFE",
"serverId": "434156536964",
"kdfConfiguration": {
"kdfType": "oneStep",
"saltMethod": "default",
"fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo",
"fixedInfoEncoding": "concatenation",
"auxFunction": "KMAC-128"
}
}
AND
{
"tgId": 19,
"testType": "AFT",
"tests": [ ... ],
"domainParameterGenerationMode": "P-521",
"scheme": "fullMqv",
"kasRole": "initiator",
"l": 256,
"iutId": "0123456789CAFE",
"serverId": "434156536964",
"kdfConfiguration": {
"kdfType": "oneStep",
"saltMethod": "default",
"fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo",
"fixedInfoEncoding": "concatenation",
"auxFunction": "KMAC-256"
}
}
With some further testing, if I created a test session with only fullMqv or other smaller combinations, this didn't seem to end up being the case and the unwanted KMAC testing groups were not present so I wasn't able to pinpoint about about the provided registration caused the issue.
Hi @AlexThurston, I am currently looking into this and will get back to you. Thanks!
