KAS-ECC Revision Sp800-56Ar3 fullMqv scheme generates unselected auxFunctions #1404

AlexThurston · 2023-01-19T20:07:56Z

Apologies for the lengthy issue, but I'm trying to capture as much information as possible.

The TL;DR version is that it appears that when requesting vectors sets for KAS-ECC revision Sp800-56Ar3, in certain circumstances, testing groups for unselected auxFunctions are being produced.

Using the following registration payload:

{
    "iutId": "0123456789CAFE",
    "scheme": {
        "fullMqv": {
            "l": 256,
            "kasRole": [
                "initiator"
            ],
            "kdfMethods": {
                "oneStepKdf": {
                    "encoding": [
                        "concatenation"
                    ],
                    "auxFunctions": [
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-224"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-256"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-384"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-512"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-224"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-256"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-384"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-512"
                        }
                    ],
                    "fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo"
                }
            }
        },
        "onePassDh": {
            "l": 256,
            "kasRole": [
                "initiator"
            ],
            "kdfMethods": {
                "oneStepKdf": {
                    "encoding": [
                        "concatenation"
                    ],
                    "auxFunctions": [
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-224"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-256"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-384"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-512"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-224"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-256"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-384"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-512"
                        },
                        {
                            "macSaltMethods": [
                                "default"
                            ],
                            "auxFunctionName": "KMAC-128"
                        },
                        {
                            "macSaltMethods": [
                                "default"
                            ],
                            "auxFunctionName": "KMAC-256"
                        }
                    ],
                    "fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo"
                }
            }
        },
        "staticUnified": {
            "l": 256,
            "kasRole": [
                "initiator",
                "responder"
            ],
            "kdfMethods": {
                "oneStepKdf": {
                    "encoding": [
                        "concatenation"
                    ],
                    "auxFunctions": [
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-224"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-256"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-384"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-512"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-224"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-256"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-384"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-512"
                        },
                        {
                            "macSaltMethods": [
                                "default"
                            ],
                            "auxFunctionName": "KMAC-128"
                        },
                        {
                            "macSaltMethods": [
                                "default"
                            ],
                            "auxFunctionName": "KMAC-256"
                        }
                    ],
                    "fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo"
                }
            }
        },
        "ephemeralUnified": {
            "l": 256,
            "kasRole": [
                "initiator",
                "responder"
            ],
            "kdfMethods": {
                "oneStepKdf": {
                    "encoding": [
                        "concatenation"
                    ],
                    "auxFunctions": [
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-224"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-256"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-384"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA2-512"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-224"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-256"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-384"
                        },
                        {
                            "macSaltMethods": [],
                            "auxFunctionName": "SHA3-512"
                        },
                        {
                            "macSaltMethods": [
                                "default"
                            ],
                            "auxFunctionName": "KMAC-128"
                        },
                        {
                            "macSaltMethods": [
                                "default"
                            ],
                            "auxFunctionName": "KMAC-256"
                        }
                    ],
                    "fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo"
                }
            }
        }
    },
    "function": [
        "keyPairGen",
        "fullVal"
    ],
    "revision": "Sp800-56Ar3",
    "algorithm": "KAS-ECC",
    "domainParameterGenerationMethods": [
        "P-521",
        "P-384",
        "P-256",
        "P-224",
        "K-233",
        "K-283",
        "K-409",
        "K-571",
        "B-233",
        "B-283",
        "B-409",
        "B-571"
    ]
}

You can see that KMAC-128 and KMAC-256 are selected for onePassDh, staticUnified and ephemeralUnified however, they are NOT selected for fullMqv.

When a test session is created with the above capabilites, the vector sets appear to have generated test groups for KMAC regardless (tests are redacted for brevity's sake) :

{
            "tgId": 11,
            "testType": "AFT",
            "tests": [ ... ],
            "domainParameterGenerationMode": "B-283",
            "scheme": "fullMqv",
            "kasRole": "initiator",
            "l": 256,
            "iutId": "0123456789CAFE",
            "serverId": "434156536964",
            "kdfConfiguration": {
                "kdfType": "oneStep",
                "saltMethod": "default",
                "fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo",
                "fixedInfoEncoding": "concatenation",
                "auxFunction": "KMAC-128"
            }
        }

AND

{
            "tgId": 19,
            "testType": "AFT",
            "tests": [ ... ],
            "domainParameterGenerationMode": "P-521",
            "scheme": "fullMqv",
            "kasRole": "initiator",
            "l": 256,
            "iutId": "0123456789CAFE",
            "serverId": "434156536964",
            "kdfConfiguration": {
                "kdfType": "oneStep",
                "saltMethod": "default",
                "fixedInfoPattern": "label||literal[00]||context||l||uPartyInfo||vPartyInfo",
                "fixedInfoEncoding": "concatenation",
                "auxFunction": "KMAC-256"
            }
        }

With some further testing, if I created a test session with only fullMqv or other smaller combinations, this didn't seem to end up being the case and the unwanted KMAC testing groups were not present so I wasn't able to pinpoint about about the provided registration caused the issue.

The text was updated successfully, but these errors were encountered:

AlexThurston · 2023-02-28T13:50:01Z

bump wondering if anyone had a chance to look at this?

jbrock24 · 2023-02-28T19:42:09Z

Hi @AlexThurston, I am currently looking into this and will get back to you. Thanks!

AlexThurston changed the title ~~KAS-ECC Revision Sp800-56Ar3 fullMqv scheme generation unselected auxFunctions~~ KAS-ECC Revision Sp800-56Ar3 fullMqv scheme generates unselected auxFunctions Jan 19, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

KAS-ECC Revision Sp800-56Ar3 fullMqv scheme generates unselected auxFunctions #1404

KAS-ECC Revision Sp800-56Ar3 fullMqv scheme generates unselected auxFunctions #1404

AlexThurston commented Jan 19, 2023

AlexThurston commented Feb 28, 2023

jbrock24 commented Feb 28, 2023

KAS-ECC Revision Sp800-56Ar3 fullMqv scheme generates unselected auxFunctions #1404

KAS-ECC Revision Sp800-56Ar3 fullMqv scheme generates unselected auxFunctions #1404

Comments

AlexThurston commented Jan 19, 2023

AlexThurston commented Feb 28, 2023

jbrock24 commented Feb 28, 2023