RSA-SigGen: Supported Hash Algorithms inconsistency with Specification #85
Labels
documentation
Improvements or additions to documentation
Comments
|
Just going off of usnistgov/ACVP#1053 seems that it's a documentation issue, SHA1 should be removed from the specification as a valid hash algorithm for SigGen. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
environment
Demo
testSessionId
Null
vsId
Null
Algorithm registration
[
{
"algorithm": "RSA",
"revision": "FIPS186-4",
"mode": "sigGen",
"capabilities": [
{
"sigType": "ansx9.31",
"properties": [
{
"modulo": 2048,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
},
{
"modulo": 3072,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
},
{
"modulo": 4096,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
}
]
},
{
"sigType": "pkcs1v1.5",
"properties": [
{
"modulo": 2048,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
},
{
"modulo": 3072,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
},
{
"modulo": 4096,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
}
]
},
{
"sigType": "pss",
"properties": [
{
"modulo": 2048,
"hashPair": [
{
"hashAlg": "SHA-1",
"saltLen": 20
}
]
},
{
"modulo": 3072,
"hashPair": [
{
"hashAlg": "SHA-1",
"saltLen": 20
}
]
},
{
"modulo": 4096,
"hashPair": [
{
"hashAlg": "SHA-1",
"saltLen": 20
}
]
}
]
}
],
"pubExpMode": "random"
},
{
"algorithm": "RSA",
"revision": "FIPS186-4",
"mode": "sigGen",
"capabilities": [
{
"sigType": "ansx9.31",
"properties": [
{
"modulo": 2048,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
},
{
"modulo": 3072,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
},
{
"modulo": 4096,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
}
]
},
{
"sigType": "pkcs1v1.5",
"properties": [
{
"modulo": 2048,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
},
{
"modulo": 3072,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
},
{
"modulo": 4096,
"hashPair": [
{
"hashAlg": "SHA-1"
}
]
}
]
},
{
"sigType": "pss",
"properties": [
{
"modulo": 2048,
"hashPair": [
{
"hashAlg": "SHA-1",
"saltLen": 20
}
]
},
{
"modulo": 3072,
"hashPair": [
{
"hashAlg": "SHA-1",
"saltLen": 20
}
]
},
{
"modulo": 4096,
"hashPair": [
{
"hashAlg": "SHA-1",
"saltLen": 20
}
]
}
]
}
],
"pubExpMode": "fixed",
"fixedPubExp": "010001"
}
]
Server output
{
"error": "Validation error(s) on JSON payload.",
"context": [
"RSA-sigGen-FIPS186-4: Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1",
"RSA-sigGen-FIPS186-4: Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1;Invalid Hash Algorithms supplied: SHA-1"
]
}
Endpoint in which the error is experienced
acvp/v1/testSessions POST
Expected behavior
Test session is created.
Additional context
According to the documentation found at https://pages.nist.gov/ACVP/draft-celi-acvp-rsa.html#name-rsa-siggen-10-capabilities-, where RSA-SigGen-FIPS186-4 seems to be using the Table for 1.0 SHA-1 is a valid hash algorithm to use for this request. however the server is rejecting the request when SHA-1 is present stating invalid hash Algorithms supplied.
Please either update the server to accept SHA-1 or update the specification to indicate that SHA-1 is not an accepted value.
The text was updated successfully, but these errors were encountered: