Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EDDSA/sigVer test vectors are always for pureEdDSA even with preHash=true #268

Closed
naogot opened this issue Jun 15, 2023 · 8 comments
Closed
Milestone

Comments

@naogot
Copy link

naogot commented Jun 15, 2023

environment
Demo

testSessionId
413264

vsId
1688669

Algorithm registration

"registration": {
    "isSample": true,
    "algorithms": [
        {
            "algorithm": "EDDSA",
            "revision": "1.0",
            "mode": "sigVer",
            "curve": [
                "ED-25519"
            ],
            "pure": false,
            "preHash": true
        }
    ]
}

Endpoint in which the error is experienced
https://demo.acvts.nist.gov/acvp/v1/

Expected behavior
According to the expected results, the signature verification should be successful in tcId:5, but it failed. When I tried to process it as pureEdDSA (overwrote as "preHash": false), the verification succeeded.

"tgId": 1,
"testType": "AFT",
"curve": "ED-25519",
"preHash": true,
"tests": [
    {
        "tcId": 5,
        "message": "CF5BA1E5E1064CDCDDBCF640F9FFD6653AFC0668F6ED84F03096BD8DD643CB87B61CD428A49145AD5A057B74E8978C1F404296C1499BE3A483467726B4A6E15830DFD8851E16A7D1BD5004D9920736A7BD7134B79BFC668EA2F33E4C6303FD5EDE0D7C1F3F4A9074FA32BEB02A8598C292DA2AB105BF65ADFE17D0AF8BA1037C",
        "q": "BFBC0F10DDA703607499866836A82FFEE1211FB654BD8AD49B492C165257F5E7",
        "signature": "A42325A4D9FE3E4C90EBDF4BB432B8DE6A5573B566C8358E1715EFFB46D3997E14B89D52DC017E3B6783463727858C2124CC4767EFD7C5D5008ADEA72365B90C"

Additional context
Not sure if it is really related, but the following code does not care _param.PreHash (handled as false by default parameter).
https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/orleans/src/NIST.CVP.ACVTS.Libraries.Orleans.Grains/Eddsa/OracleObserverEddsaVerifySignatureCaseGrain.cs

63            var result = edDsa.Sign(domainParams, key, message);
@livebe01
Copy link
Collaborator

Thanks @naogot. Received. We'll take a look.

@celic
Copy link
Collaborator

celic commented Jun 30, 2023

Edit: Removed other text. I thought EdDSA pre-hash would be similar to the signature component (pre-hash) options for ECDSA. The code we have implemented is identical to FIPS 186-5. Turns out hashEdDSA still expects an arbitrary bitstring message that is immediately hashed, and the digest is used for the signature generation steps.

@naogot if I drop a vector set here for Ed25519, would you be able to test it out?

@celic
Copy link
Collaborator

celic commented Jun 30, 2023

EdDSA SigVer.zip

@naogot
Copy link
Author

naogot commented Jul 3, 2023

Thank you so much, @celic. Our result is consistent with expectedResults.json in the zip.

@celic
Copy link
Collaborator

celic commented Jul 5, 2023

Thanks. I'll make sure this goes into the next release.

@livebe01 livebe01 added this to the v1.1.0.30 milestone Jul 10, 2023
@livebe01
Copy link
Collaborator

The fix for this is on Demo in release v1.1.0.30

@naogot
Copy link
Author

naogot commented Jul 14, 2023

Thanks a lot, it is working fine.

@livebe01
Copy link
Collaborator

The fix for this is on Prod in release v1.1.0.30

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants