-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KMAC AFT tests seem incorrect #14
Comments
Thanks @dghgit, we agree on the above tests. Looks like there's something going on with the test case "set up" for AFT, rather than the crypto portion itself. |
I know we covered some customization string issue that was impacting KMAC from issue usnistgov/ACVP#904 - looking through the issue though I'm not actually seeing if you signed off on the KMAC fix. Previously I guess everything was failing under KMAC, but I guess even after the customization fix the AFT tests still weren't passing? Looking at what I believe is the issue, I can see why the MVTs would be passing but not the AFT, I'll put in a change. |
A change has been pushed out https://github.com/usnistgov/ACVP-Server/releases/tag/v1.1.0.12-1 that would at a minimum fix the problem I found with the AFT test generation. Not sure if that would have been the entirety of the problem, but let me know how it goes, thanks! |
Getting 500 errors when trying to connect. This might have to wait till tomorrow. |
Thanks @dghgit, tracking that issue in usnistgov/ACVP#1035, sorry about that |
Okay, so it is looking better. Still seeing some errors though. I've discovered 2 things:
Here's a sample for KMAC-256, msg = "205EF7EBD63E28D5F0C10A68E97CF6B92167D7F682A0FE7D04E9A4DCB707757A289075BBF7E1D692B09D4F22A05D1F6FC86CE1DCAF4120961AEECDADD0D8723FE4ABC508EBBE2602438738A336186BD19675B42A475926EE9861791DE41A19E841853B0C2EB6E47D972835D630B9F7940CB1C8EAC1B3C51FB7F4BFD03CBD2A795D685D2EAC78835F5F75DD0C79DDE25731B5DB0F9477509EB4E784B11544F37435AEB31211294AE7C05D61115179073BA6D4142F325F28117B6E57F65F44BCC0872F868018892C46E50E6FBD88CB0C0BDEE3F6D1047AA4BB2FCC9C3D6F2FF52F1AE9DD5E85E61F9CA619AAD71B58DD17ACC7255574D6AA658E0B673825D25F8FE58A1665E3B8D304396AA8AFE032C79704C210CFBEDBBA304FC11759EA58064EC88A0AE2EFE2D9BC97E4302E07FA26A56452912C212819EF6D0548BC756AE86A98AFA907D82CE996EE31F8D8CB2736977E8CC3D3C39FFE7291E20ED978C8EE8FBCFC563D92A432282654CC1F9AABD27CDFC08464FAA566EEED3BAC0A550FEABA5193839DA3155802F0BE78298EEBAD3DEC64E8628240223F99F953EAA723E79E7D5A0B48E9BFE0C82307A41DE4FFE84026532D3CAE67155DDB6C5C83DE7C0A95DC5D29762CD3911AA097CA989DFEACF67D3167B2B8C3FCA6D1371C7AD9805FEEA0411B90F565718D06E500AB0EE694F7E735043D6AABD7F8EE1EDC9E6197FFA042D97F31F6932B826FD15D8FBBEBC5AED57D12D921A2C71F73122421E8E15E6475BB96D4956A75F90F26DF32CA4A0A1240C57FC0FB755CD8AD149C6B8C3BA84E0328DAC6FD0673553D0E4E7E7A7534107EB05C9030628C4F8194DA08BFB3075EA45AA7FE5B88C39D55AF2288C5DE6C881D5C1F94994DA9AB27354EC1A3C9046096135CE7FE516C9D45F6DED90DB385D0557ED1C4139E710142A550C72508933489303C4AAFC206EE2032320B4FEC5177FD74CA37FD8D90D35E0CAA04408CCF78012DC55E2B824520B5CF51A371D00DECAA9054F58095614E8E67CDF4E2BCBE72D6A4DB5CD8FB08516A4BCC5FDC1E3A2C008DC1FEFEA61CDC8A9E5A33D4AF6B812E2EC2ACFC0E7A6B8E539C9D71ECEDE99BA1A44D3EECA09950D86B526797A406E83E4BC908D6CDA5DBFFEB9F3F6DB5F5F1C1CA79B653C07AF8CA82CAB3556A7AF2DB0B27E1DFAA661B5BA1FE669863D3A21EA8D21197E2F3652DA9B33CE8007CFD5137A34157149994DC10994725A7A17DBFB3B3D168CC297F4C7EF6783F422BF4E9230E39E19355D2793ADDC06140E32321F27F14F56520607085D4ADE713CEB9D1FA8709CAC3703EC7A837882C9A04212BDD8C0DFBFCEF702CD8FC51D11D7BB1C3095A66610F00AE007B11E4D64D386CD7A6CA62C492C32C61E919CB7170B9D98D0DD66507DBC7F63F509FBE28505946A36DC28BF609BE996E6241290640FF9F393A343093DCDA9932C16B832B318EA3121F0B700FF313C23D6A41E275FAB8ABD4CBF0B7F36C65AEDED17F09CBFC04B044B723BEEBD36B2AF1289CF98BB96BB1CB377F2FE1D25A35DEF6447B1E04EADA63CD9BE0AC83E253FBD2894DA144A5224D9D0EB6D6677DDF97CF42CE2767FC7B763E3E31DBB84FD9ED56975FB2F10521C56BE21A7F6118A2FE7799FB5CD0AA93313C3FA7666B8D30B88D17EF0A7B5730CA9F9FD1FA2EB7B5E5A49C69E907660546A2DA0922D0C0653CDD493616FE469AE18203C3D6F0350B45617726D0CA0E01C42EED501538B3CE6276C2303AFC175DCB6C34F7092B3433F2F041D59E23DBFE0E83332D5B1107157A0CEE0A2428FC8737164AABC91C85F75C49621D4E2DDB5181E65836834E731518FE148E23907D550D8F0279755CE567B9B77BCF2620138E9B119BA17D09163990BF08AE843EAED818893D62BB76631C88D6409A8703D421AD98CDD16896DE4BF1BEF0D8796D3DF95103D3FB41C12668E304385B5508F78198821CC13800DBEC847E23E2DF4721C03295A27F846CA3C95A05D2448263C914A0D0209A2D708FF4835868E48A816EB648BABF1F1D9852B81C4A32C8F45F44ED63AD634EFD6A7BF1B4C018D725C0138CCDC7A3C7502DC2041F1D04A96144B49B2F8EA49E0D3C7DEC820F4CDF9D71D621F3930CA9FA737B084B718B7A56FD0001A0B648FCE10720D9709E3ACB360E76AB985BA662455451778A86A52D16ED8BBDDB82ED141C6F7C9AF651FE4CEB068FF19FA268E2BADC848ECA656B5EA1162B6EEB26D1C5FF164D013D613EC9E21CDDF6E54744425C76E3AD48ED2A6A70BAFC341BE168C9FC7438E3E4C5589E89CC7BF5CFDC199E4A464F53EFCE3937FA31C696FFC7965E11ADD3FEE58E89ACC9D37B8124259C3750FBFCB13F7976CF721D726D712271044E9F1A6C14699947F88FCD669EAB556D9F37B871CCE4FE2B19E7687FD6813B9739192D7A923B6E096CC9963DA590B6DA9D48EFACB9AB1E7B1AACA7827306108FCC72F65486F2B58EE4721CEA6018D7C16ADB86E6110709306EB36C47CA537B89B4F7557C5121B5232F00B4C3DB8C2F86F471D5EF90C48722EF47753B15E58F9835F777909ECB3240CA16AB982AF877E4EF822D59EBB1812B88F44884618039DA99DEBC53701E0921CBC1A011F00F1737CBD7BB4FBF2977F24AE8AEA7EDFE016B279BA8413043BBABD1EC8263A3CB13369C358262EB61754220EC962CC9DA0D4D2544DD0346B36D4D39A7B0356B98DFE1147882FA4C27AF049EEEF59D91F5528221EDFB82AD28AF1F30CE8A9A651430158A27211C5C2F3B20C78A2BF6D39D1CC44215499CAD69093595DF2A8847778ECAE4C83BADB994976B8AA9ECB65D44FF5A56D212F4DF15DEC5D5DAB0F49AC6CAB440893AD2F87296540A29B28C2FDE1045D4C54E122BCF541F9B331F4FE8A1943C351B956E8AD41FA4E43DC3343579F9F52A99962E0200CFD6F8C5A618177A91CD5DE80528D33ADF6BF35112FBA54CE5414B36CA7A6FF1243B4469A86A3F13F5F73869811BBB452CF4130620273B143FA02FE62B0C71CA36DE03C16D002FF37214784E0FE4ED152877433B44A6CF28FCB269D75DB1286E45474D6E31E3BC703058ADF04F38C6A8788D98547BB711844D34A42A705F4B1F04C887D58D66A3C0CBBFF3562B1D5CA1DCD937A9D12D36CC1DDBD5D4A3882F23AED80DACD9A381AF366981B2842F5F220848B39F82F9F7127561780E16D9294D7177858B3F65E99078BAA3C83FAC2D96E9EBADCDD6A09A33634D12C333FA6AD932C15EB1C5490DB616893F1D2D5B5F8724AC0980B35C0ECF294AD44D1BFF19B8D8D0249F335242F36C602AE46FC47E389A2EC34CB342AA56609104073D7917406DAFE2AC93F9B5E8F9BCC25DB36E612D5212C733408768BA7DB899E93A3BB02EBEDD53D1F1D14A616104D41BFC270FF9" I get: Note, longer messages in the same test run passed. I think it's connected to the message length though (although there's obviously something going on with hexCustomisation which might be related), it seems particular long messages trip something over. I don't think it's anything I'm doing here as the failures are only in AFT, so we're in sync as far as MVT goes. If it's any help the vector set URLS for the above run were: |
Looking through the vector sets it's tough to see the rhyme or reason to our disagreements, especially since it's only one or two per vector set, and with such large lengths. To see if we can find out at what point in the process we disagree, I'm going to use the test case you posted in #14 (comment) and post some intermediate values with and without a customization (so using your original test case, and one modified without a customization to see if it could be around that). newX
newX with || separating "pieces"
customization:
customization as hex:
call to cshake:
mac w/ customization:
Running the same kmac test, this time w/o a customization:
I'm hoping we disagree at some point prior to actually entering the cshake invoke, if not I can drill down further. I have not yet looked into the differences between the This couldn't be related to usnistgov/ACVP#912 could it? I'm still not clear on what is special about the byte lengths provided in the issue to easily see which test cases it applies to. |
Found it! It was us, the section of KMAC doing bytePad() also had the extra padding issue. Sigh. Good guess on ACVP#912. I'll add our new vector tests - in this case the issue gets triggered by the key size passed to KMAC, so it's separate to the supporting cSHAKE function, but still the same thing. I've done a few more runs of KMAC with hexCustomization=false. All work. Thanks! I checked hexCustomization=true again. If hexCustomization is true I still get errors. Two interesting vectors for: This one passes: We both get: This one is different though (as are most of the others in the test group, seems to be about 1 in 10 pass): {"tcId":102,"key":"650CF430C32EBAD40B284B9D0FE3D631412EA94DB5DB7E9C46513C6CAF5D7F3D3E4EAA5789AF2DCCC5BA1B03FBA66F3024BAEC9FC3808A0F647DE0F0FB7F8F272C46437F14FBEB2ECD6CCD40EBE21A264237EB3E84AB8482CDBE5374DDFA3992FB06E615CCB16810F8714B470358CEB7F1BDEB35128A2D125C10307D0CE49F18B4D098B99A0BE42D6DFEC8B2BEE193FE3B5F587C13EE6393C08121B0DFD50FC1230A2996560A174A3AFE23761DEE947EC110521BA5C222DE67EEC4B1561E2C9075E6A0535F540E8E7AFE3F35CCCB81843377CF0B6684A7C45D89EA649991487A34F0419F72C7F6911CB99F4D877F6751525D439E996080B685131A56E62A48194BC7B5331DD4E27616696BE73A2DD878DFD08FE1AB9442E9245E73553E0CFA88A0DA7A5FF746","keyLen":2352,"msg":"0E240A787671A8158E0DB1DB5157F2A13EC681586DFE2278053F855E601DF4B80A8E1F85423C","msgLen":304,"macLen":952,"customizationHex":"E1D26B20"} I get: The server expects: Failures only in AFT tests with hexCustomization = true. One thing that also surprised me, even though hexCustomisation is set to true there are still vectors in the file with hexCustomization = false. That seems a bit odd. The URLs were: |
Awesome, good to hear!
The intention was that
I believe I've found the reasoning behind this. We were randomly picking "lengths" to use per test case for either the If you run the above test case with only the 28 most significant bits, I think we'll agree. Additionally, we do agree if I run the crypto against the full 32 bits of the That also explains why it's about "1 in 10" that were passing, only about that many test cases were generating I'll be putting in a change so that This oversight around |
Ah, so the zero was padding... Yes, that's correct, I've stayed away from hexCustomization outside of KMAC. I'll do a full round of testing with hexCustomization set to true and false when the next update is done. |
This change is on demo in release v1.1.0.13. |
I've given it a run, with both hexCustomozation true and false, over the full set of XOF functions. All seems to be working now. Thanks. Marking this one closed. |
This change is now on prod in release https://github.com/usnistgov/ACVP-Server/releases/tag/v1.1.0.13 |
- wasn't passing all of the group properties, so defaults were used - #14
… against a byte boundary. - previously a `hexCustomization` could be generated at 28 bits (as an example), then automatically padded during serialization, but the "original" length of the customization not communicated. - #14
environment
Demo
testSessionId
118292
vsId
340784,340785
Algorithm registration
[{"acvVersion":"1.0"},{"isSample":true,"algorithms":[{"algorithm":"KMAC-128","revision":"1.0","hexCustomization":true,"xof":[true,false],"msgLen":[{"min":0,"max":1024,"increment":8}],"keyLen":[{"min":128,"max":1024,"increment":8}],"macLen":[{"min":32,"max":512,"increment":8}]},{"algorithm":"KMAC-256","revision":"1.0","hexCustomization":false,"xof":[true,false],"msgLen":[{"min":0,"max":65536,"increment":8}],"keyLen":[{"min":128,"max":4096,"increment":8}],"macLen":[{"min":32,"max":4096,"increment":8}]}]}]
Endpoint in which the error is experienced
https://demo.acvts.nist.gov:443/acvp/v1 GET
Expected behavior
I think I expect the AFT test responses I'm generating to pass. The MVT tests now pass (fully) for both KMAC-128 and KMAC-256, however the AFT tests universally fail. I've tried swapping parameters and ignoring some, but I do not seem to be able to reproduce any of the AFT sample responses. The same code generating them is generating the MVT test results, it almost seems like the setup of the KMAC function in the server has an issue.
Additional context
A simple test vector for KMAC-128,
xof=true,
msg="",
customization="",
key="",
macLen=256,
mac="3f9259e80b35e0719c26025f7e38a4a38172bf1142a6a9c1930e50df03904312"
for KMAC-256 the same inputs produce:
mac="2c9683c318165466c0d3f9467ce77f0cea513f643ae3bd5b0969165aafae3f71"
The text was updated successfully, but these errors were encountered: