From 939db6051ccad6f2cc06b5e4d0a92ce099217c7f Mon Sep 17 00:00:00 2001 From: Sean McGrail Date: Tue, 3 Sep 2024 22:35:20 +0000 Subject: [PATCH] Update Allowed RSA KeySize Generation to FIPS 186-5 specification --- crypto/fipsmodule/rsa/rsa_impl.c | 11 +- .../service_indicator_test.cc | 10 +- util/fipstools/acvp/acvptool/test/tests.json | 1 + .../acvp/acvptool/test/vectors/RSA-KeyGen.bz2 | Bin 0 -> 545 bytes .../acvp/modulewrapper/modulewrapper.cc | 878 +++++++++--------- 5 files changed, 445 insertions(+), 455 deletions(-) create mode 100644 util/fipstools/acvp/acvptool/test/vectors/RSA-KeyGen.bz2 diff --git a/crypto/fipsmodule/rsa/rsa_impl.c b/crypto/fipsmodule/rsa/rsa_impl.c index 6114b4eed34..25ec3ae66d5 100644 --- a/crypto/fipsmodule/rsa/rsa_impl.c +++ b/crypto/fipsmodule/rsa/rsa_impl.c @@ -1252,11 +1252,12 @@ int RSA_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e_value, } int RSA_generate_key_fips(RSA *rsa, int bits, BN_GENCB *cb) { - // FIPS 186-4 allows 2048-bit and 3072-bit RSA keys (1024-bit and 1536-bit - // primes, respectively) with the prime generation method we use. - // Subsequently, IG A.14 stated that larger modulus sizes can be used and ACVP - // testing supports 4096 bits. - if (bits != 2048 && bits != 3072 && bits != 4096) { + // FIPS 186-5 Section 5.1: + // This standard specifies the use of a modulus whose bit length is an even + // integer and greater than or equal to 2048 bits. Furthermore, this standard + // specifies that p and q be of the same bit length – namely, half the bit + // length of n + if (bits < 2048 || bits % 2 != 0) { OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS); return 0; } diff --git a/crypto/fipsmodule/service_indicator/service_indicator_test.cc b/crypto/fipsmodule/service_indicator/service_indicator_test.cc index 1c30f277648..0b0caeedd0e 100644 --- a/crypto/fipsmodule/service_indicator/service_indicator_test.cc +++ b/crypto/fipsmodule/service_indicator/service_indicator_test.cc @@ -2012,9 +2012,8 @@ TEST(ServiceIndicatorTest, RSAKeyGen) { bssl::UniquePtr rsa(RSA_new()); ASSERT_TRUE(rsa); - // |RSA_generate_key_fips| may only be used for 2048-, 3072-, and 4096-bit - // keys. - for (const size_t bits : {512, 1024, 3071, 4095}) { + // |RSA_generate_key_fips| may only be used for bits >= 2048 && bits % 2 == 0 + for (const size_t bits : {512, 1024, 3071}) { SCOPED_TRACE(bits); rsa.reset(RSA_new()); @@ -2023,8 +2022,9 @@ TEST(ServiceIndicatorTest, RSAKeyGen) { EXPECT_EQ(approved, AWSLC_NOT_APPROVED); } - // Test that we can generate keys of the supported lengths: - for (const size_t bits : {2048, 3072, 4096}) { + // Test that we can generate keys with supported lengths, + // larger key sizes are supported but are omitted for time. + for (const size_t bits : {2048, 3072, 4096, 8192}) { SCOPED_TRACE(bits); rsa.reset(RSA_new()); diff --git a/util/fipstools/acvp/acvptool/test/tests.json b/util/fipstools/acvp/acvptool/test/tests.json index 6aa28a1d703..7a3ee8869e4 100644 --- a/util/fipstools/acvp/acvptool/test/tests.json +++ b/util/fipstools/acvp/acvptool/test/tests.json @@ -28,6 +28,7 @@ {"Wrapper": "modulewrapper", "In": "vectors/kdf-components.bz2", "Out": "expected/kdf-components.bz2"}, {"Wrapper": "modulewrapper", "In": "vectors/RSA.bz2", "Out": "expected/RSA.bz2"}, {"Wrapper": "modulewrapper", "In": "vectors/RSA-SigGen.bz2"}, +{"Wrapper": "modulewrapper", "In": "vectors/RSA-KeyGen.bz2"}, {"Wrapper": "modulewrapper", "In": "vectors/TLS-1.2-KDF.bz2", "Out": "expected/TLS-1.2-KDF.bz2"}, {"Wrapper": "modulewrapper", "In": "vectors/PBKDF.bz2", "Out": "expected/PBKDF.bz2"}, {"Wrapper": "modulewrapper", "In": "vectors/KDA-HKDF.bz2", "Out": "expected/KDA-HKDF.bz2"}, diff --git a/util/fipstools/acvp/acvptool/test/vectors/RSA-KeyGen.bz2 b/util/fipstools/acvp/acvptool/test/vectors/RSA-KeyGen.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..2d282e28ea9162986c7bbbf59fbc81688bd6df2b GIT binary patch literal 545 zcmV++0^a>XT4*^jL0KkKS=^QS=Kun5Uw~CmPzL|-H=uqRKkwh_Kmu0{wv7PECZp7P zo})uSpc)2EGy_cl0!nG9o|9^Z(@C_3h7&*l22C;?zyJUM000002&6$Y%6bh*^*kud zrjJm1ntFzhBp<3$fEMb45LIvMA{OAY4YeYaBuNrQ7_OE1B12tVOFI+cZ9wuttn*)<77@}kFMowQWE26kk)QvPi%SLU9;+{fPib6+nck}De zjnOC|%Abf%q%|mK(i}x$AZZj44x%Xns7d7_Cc-X}W+d`PyVBI{Pohmf!fa34RGJn= zDJ0gU3C$rPD!Cy!rd~;O?%0r&rRm7UFHGqqu{Vt=dTC6H$uc7%%tvBim9 literal 0 HcmV?d00001 diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc index 59d72e5bdb3..05c170b1fbb 100644 --- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc +++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc @@ -626,223 +626,224 @@ static bool GetConfig(const Span args[], "capabilities": [{ "randPQ": "probable", "properties": [{ - "modulo": 2048, - "primeTest": [ - "2powSecStr" - ], - "pMod8": 0, - "qMod8": 0 - },{ - "modulo": 3072, - "primeTest": [ - "2powSecStr" - ], - "pMod8": 0, - "qMod8": 0 - },{ - "modulo": 4096, - "primeTest": [ - "2powSecStr" - ], - "pMod8": 0, - "qMod8": 0 + "modulo": 2048, + "primeTest": [ + "2powSecStr" + ], + "pMod8": 0, + "qMod8": 0 + },{ + "modulo": 3072, + "primeTest": [ + "2powSecStr" + ], + "pMod8": 0, + "qMod8": 0 + },{ + "modulo": 4096, + "primeTest": [ + "2powSecStr" + ], + "pMod8": 0, + "qMod8": 0 + },{ + "modulo": 6144, + "primeTest": [ + "2powSecStr" + ], + "pMod8": 0, + "qMod8": 0 + },{ + "modulo": 8192, + "primeTest": [ + "2powSecStr" + ], + "pMod8": 0, + "qMod8": 0 }] }] - }, - { + },)" + R"({ "algorithm": "RSA", "mode": "sigGen", "revision": "FIPS186-5", "capabilities": [{ "sigType": "pkcs1v1.5", "properties": [{ - "modulo": 2048, - "hashPair": [{ - "hashAlg": "SHA2-224" - }, { - "hashAlg": "SHA2-256" - }, { - "hashAlg": "SHA2-384" - }, { - "hashAlg": "SHA2-512" - }, { - "hashAlg": "SHA2-512/224" - }, { - "hashAlg": "SHA2-512/256" - }, { - "hashAlg": "SHA3-224" - }, { - "hashAlg": "SHA3-256" - }, { - "hashAlg": "SHA3-384" - }, { - "hashAlg": "SHA3-512" - }] - }] - },{ - "sigType": "pkcs1v1.5", - "properties": [{ - "modulo": 3072, - "hashPair": [{ - "hashAlg": "SHA2-224" - }, { - "hashAlg": "SHA2-256" - }, { - "hashAlg": "SHA2-384" - }, { - "hashAlg": "SHA2-512" - }, { - "hashAlg": "SHA2-512/224" - }, { - "hashAlg": "SHA2-512/256" - }, { - "hashAlg": "SHA3-224" - }, { - "hashAlg": "SHA3-256" - }, { - "hashAlg": "SHA3-384" - }, { - "hashAlg": "SHA3-512" - }] - }] - },{ - "sigType": "pkcs1v1.5", - "properties": [{ - "modulo": 4096, - "hashPair": [{ - "hashAlg": "SHA2-224" - }, { - "hashAlg": "SHA2-256" - }, { - "hashAlg": "SHA2-384" - }, { - "hashAlg": "SHA2-512" - }, { - "hashAlg": "SHA2-512/224" - }, { - "hashAlg": "SHA2-512/256" - }, { - "hashAlg": "SHA3-224" - }, { - "hashAlg": "SHA3-256" - }, { - "hashAlg": "SHA3-384" - }, { - "hashAlg": "SHA3-512" + "modulo": 2048, + "hashPair": [{ + "hashAlg": "SHA2-224" + },{ + "hashAlg": "SHA2-256" + },{ + "hashAlg": "SHA2-384" + },{ + "hashAlg": "SHA2-512" + },{ + "hashAlg": "SHA2-512/224" + },{ + "hashAlg": "SHA2-512/256" + },{ + "hashAlg": "SHA3-224" + },{ + "hashAlg": "SHA3-256" + },{ + "hashAlg": "SHA3-384" + },{ + "hashAlg": "SHA3-512" + }] + },{ + "modulo": 3072, + "hashPair": [{ + "hashAlg": "SHA2-224" + },{ + "hashAlg": "SHA2-256" + },{ + "hashAlg": "SHA2-384" + },{ + "hashAlg": "SHA2-512" + },{ + "hashAlg": "SHA2-512/224" + },{ + "hashAlg": "SHA2-512/256" + },{ + "hashAlg": "SHA3-224" + },{ + "hashAlg": "SHA3-256" + },{ + "hashAlg": "SHA3-384" + },{ + "hashAlg": "SHA3-512" + }] + },{ + "modulo": 4096, + "hashPair": [{ + "hashAlg": "SHA2-224" + },{ + "hashAlg": "SHA2-256" + },{ + "hashAlg": "SHA2-384" + },{ + "hashAlg": "SHA2-512" + },{ + "hashAlg": "SHA2-512/224" + },{ + "hashAlg": "SHA2-512/256" + },{ + "hashAlg": "SHA3-224" + },{ + "hashAlg": "SHA3-256" + },{ + "hashAlg": "SHA3-384" + },{ + "hashAlg": "SHA3-512" + }] }] - }] - },)" - R"({ - "sigType": "pss", - "properties": [{ - "modulo": 2048, - "maskFunction": ["mgf1"], - "hashPair": [{ - "hashAlg": "SHA2-224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-256", - "saltLen": 32 - }, { - "hashAlg": "SHA2-384", - "saltLen": 48 - }, { - "hashAlg": "SHA2-512", - "saltLen": 64 - }, { - "hashAlg": "SHA2-512/224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-512/256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-224", - "saltLen": 28 - }, { - "hashAlg": "SHA3-256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-384", - "saltLen": 48 - }, { - "hashAlg": "SHA3-512", - "saltLen": 64 - }] - }] - },{ - "sigType": "pss", - "properties": [{ - "modulo": 3072, - "maskFunction": ["mgf1"], - "hashPair": [{ - "hashAlg": "SHA2-224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-256", - "saltLen": 32 - }, { - "hashAlg": "SHA2-384", - "saltLen": 48 - }, { - "hashAlg": "SHA2-512", - "saltLen": 64 - }, { - "hashAlg": "SHA2-512/224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-512/256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-224", - "saltLen": 28 - }, { - "hashAlg": "SHA3-256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-384", - "saltLen": 48 - }, { - "hashAlg": "SHA3-512", - "saltLen": 64 - }] - }] - },{ - "sigType": "pss", - "properties": [{ - "modulo": 4096, - "maskFunction": ["mgf1"], - "hashPair": [{ - "hashAlg": "SHA2-224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-256", - "saltLen": 32 - }, { - "hashAlg": "SHA2-384", - "saltLen": 48 - }, { - "hashAlg": "SHA2-512", - "saltLen": 64 - }, { - "hashAlg": "SHA2-512/224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-512/256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-224", - "saltLen": 28 - }, { - "hashAlg": "SHA3-256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-384", - "saltLen": 48 - }, { - "hashAlg": "SHA3-512", - "saltLen": 64 + },{ + "sigType": "pss", + "properties": [{ + "modulo": 2048, + "maskFunction": ["mgf1"], + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-256", + "saltLen": 32 + },{ + "hashAlg": "SHA2-384", + "saltLen": 48 + },{ + "hashAlg": "SHA2-512", + "saltLen": 64 + },{ + "hashAlg": "SHA2-512/224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-512/256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-224", + "saltLen": 28 + },{ + "hashAlg": "SHA3-256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-384", + "saltLen": 48 + },{ + "hashAlg": "SHA3-512", + "saltLen": 64 + }] + },{ + "modulo": 3072, + "maskFunction": ["mgf1"], + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-256", + "saltLen": 32 + },{ + "hashAlg": "SHA2-384", + "saltLen": 48 + },{ + "hashAlg": "SHA2-512", + "saltLen": 64 + },{ + "hashAlg": "SHA2-512/224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-512/256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-224", + "saltLen": 28 + },{ + "hashAlg": "SHA3-256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-384", + "saltLen": 48 + },{ + "hashAlg": "SHA3-512", + "saltLen": 64 + }] + },{ + "modulo": 4096, + "maskFunction": ["mgf1"], + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-256", + "saltLen": 32 + },{ + "hashAlg": "SHA2-384", + "saltLen": 48 + },{ + "hashAlg": "SHA2-512", + "saltLen": 64 + },{ + "hashAlg": "SHA2-512/224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-512/256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-224", + "saltLen": 28 + },{ + "hashAlg": "SHA3-256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-384", + "saltLen": 48 + },{ + "hashAlg": "SHA3-512", + "saltLen": 64 + }] }] - }] }] },)" R"({ @@ -852,256 +853,243 @@ static bool GetConfig(const Span args[], "pubExpMode": "fixed", "fixedPubExp": "010001", "capabilities": [{ - "sigType": "pkcs1v1.5", - "properties": [{ - "modulo": 1024, - "hashPair": [{ - "hashAlg": "SHA-1" - }] - }, { - "modulo": 2048, - "hashPair": [{ - "hashAlg": "SHA-1" - }] - }, { - "modulo": 3072, - "hashPair": [{ - "hashAlg": "SHA-1" - }] - }, { - "modulo": 4096, - "hashPair": [{ - "hashAlg": "SHA-1" - }] - }] - },{ - "sigType": "pss", - "properties": [{ - "modulo": 1024, - "hashPair": [{ - "hashAlg": "SHA-1", - "saltLen": 20 - }] - }, { - "modulo": 2048, - "hashPair": [{ - "hashAlg": "SHA-1", - "saltLen": 20 + "sigType": "pkcs1v1.5", + "properties": [{ + "modulo": 1024, + "hashPair": [{ + "hashAlg": "SHA-1" + }] + },{ + "modulo": 2048, + "hashPair": [{ + "hashAlg": "SHA-1" + }] + },{ + "modulo": 3072, + "hashPair": [{ + "hashAlg": "SHA-1" + }] + },{ + "modulo": 4096, + "hashPair": [{ + "hashAlg": "SHA-1" + }] }] - }, { - "modulo": 3072, - "hashPair": [{ - "hashAlg": "SHA-1", - "saltLen": 20 - }] - }, { - "modulo": 4096, - "hashPair": [{ - "hashAlg": "SHA-1", - "saltLen": 20 + },{ + "sigType": "pss", + "properties": [{ + "modulo": 1024, + "hashPair": [{ + "hashAlg": "SHA-1", + "saltLen": 20 + }] + },{ + "modulo": 2048, + "hashPair": [{ + "hashAlg": "SHA-1", + "saltLen": 20 + }] + },{ + "modulo": 3072, + "hashPair": [{ + "hashAlg": "SHA-1", + "saltLen": 20 + }] + },{ + "modulo": 4096, + "hashPair": [{ + "hashAlg": "SHA-1", + "saltLen": 20 + }] }] - }] }] - }, - { + },)" + R"({ "algorithm": "RSA", "mode": "sigVer", "revision": "FIPS186-5", "pubExpMode": "fixed", "fixedPubExp": "010001", "capabilities": [{ - "sigType": "pkcs1v1.5", - "properties": [{ - "modulo": 2048, - "hashPair": [{ - "hashAlg": "SHA2-224" - }, { - "hashAlg": "SHA2-256" - }, { - "hashAlg": "SHA2-384" - }, { - "hashAlg": "SHA2-512" - }, { - "hashAlg": "SHA2-512/224" - }, { - "hashAlg": "SHA2-512/256" - }, { - "hashAlg": "SHA3-224" - }, { - "hashAlg": "SHA3-256" - }, { - "hashAlg": "SHA3-384" - }, { - "hashAlg": "SHA3-512" - }] - }] - },{ - "sigType": "pkcs1v1.5", - "properties": [{ - "modulo": 3072, - "hashPair": [{ - "hashAlg": "SHA2-224" - }, { - "hashAlg": "SHA2-256" - }, { - "hashAlg": "SHA2-384" - }, { - "hashAlg": "SHA2-512" - }, { - "hashAlg": "SHA2-512/224" - }, { - "hashAlg": "SHA2-512/256" - }, { - "hashAlg": "SHA3-224" - }, { - "hashAlg": "SHA3-256" - }, { - "hashAlg": "SHA3-384" - }, { - "hashAlg": "SHA3-512" - }] - }] - },{ - "sigType": "pkcs1v1.5", - "properties": [{ - "modulo": 4096, - "hashPair": [{ - "hashAlg": "SHA2-224" - }, { - "hashAlg": "SHA2-256" - }, { - "hashAlg": "SHA2-384" - }, { - "hashAlg": "SHA2-512" - }, { - "hashAlg": "SHA2-512/224" - }, { - "hashAlg": "SHA2-512/256" - }, { - "hashAlg": "SHA3-224" - }, { - "hashAlg": "SHA3-256" - }, { - "hashAlg": "SHA3-384" - }, { - "hashAlg": "SHA3-512" - }] - }] - },)" - R"({ - "sigType": "pss", - "properties": [{ - "modulo": 2048, - "maskFunction": ["mgf1"], - "hashPair": [{ - "hashAlg": "SHA2-224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-256", - "saltLen": 32 - }, { - "hashAlg": "SHA2-384", - "saltLen": 48 - }, { - "hashAlg": "SHA2-512", - "saltLen": 64 - }, { - "hashAlg": "SHA2-512/224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-512/256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-224", - "saltLen": 28 - }, { - "hashAlg": "SHA3-256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-384", - "saltLen": 48 - }, { - "hashAlg": "SHA3-512", - "saltLen": 64 - }] - }] - },{ - "sigType": "pss", - "properties": [{ - "modulo": 3072, - "maskFunction": ["mgf1"], - "hashPair": [{ - "hashAlg": "SHA2-224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-256", - "saltLen": 32 - }, { - "hashAlg": "SHA2-384", - "saltLen": 48 - }, { - "hashAlg": "SHA2-512", - "saltLen": 64 - }, { - "hashAlg": "SHA2-512/224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-512/256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-224", - "saltLen": 28 - }, { - "hashAlg": "SHA3-256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-384", - "saltLen": 48 - }, { - "hashAlg": "SHA3-512", - "saltLen": 64 + "sigType": "pkcs1v1.5", + "properties": [{ + "modulo": 2048, + "hashPair": [{ + "hashAlg": "SHA2-224" + },{ + "hashAlg": "SHA2-256" + },{ + "hashAlg": "SHA2-384" + },{ + "hashAlg": "SHA2-512" + },{ + "hashAlg": "SHA2-512/224" + },{ + "hashAlg": "SHA2-512/256" + },{ + "hashAlg": "SHA3-224" + },{ + "hashAlg": "SHA3-256" + },{ + "hashAlg": "SHA3-384" + },{ + "hashAlg": "SHA3-512" + }] + },{ + "modulo": 3072, + "hashPair": [{ + "hashAlg": "SHA2-224" + },{ + "hashAlg": "SHA2-256" + },{ + "hashAlg": "SHA2-384" + },{ + "hashAlg": "SHA2-512" + },{ + "hashAlg": "SHA2-512/224" + },{ + "hashAlg": "SHA2-512/256" + },{ + "hashAlg": "SHA3-224" + },{ + "hashAlg": "SHA3-256" + },{ + "hashAlg": "SHA3-384" + },{ + "hashAlg": "SHA3-512" + }] + },{ + "modulo": 4096, + "hashPair": [{ + "hashAlg": "SHA2-224" + },{ + "hashAlg": "SHA2-256" + },{ + "hashAlg": "SHA2-384" + },{ + "hashAlg": "SHA2-512" + },{ + "hashAlg": "SHA2-512/224" + },{ + "hashAlg": "SHA2-512/256" + },{ + "hashAlg": "SHA3-224" + },{ + "hashAlg": "SHA3-256" + },{ + "hashAlg": "SHA3-384" + },{ + "hashAlg": "SHA3-512" + }] }] - }] - },{ - "sigType": "pss", - "properties": [{ - "modulo": 4096, - "maskFunction": ["mgf1"], - "hashPair": [{ - "hashAlg": "SHA2-224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-256", - "saltLen": 32 - }, { - "hashAlg": "SHA2-384", - "saltLen": 48 - }, { - "hashAlg": "SHA2-512", - "saltLen": 64 - }, { - "hashAlg": "SHA2-512/224", - "saltLen": 28 - }, { - "hashAlg": "SHA2-512/256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-224", - "saltLen": 28 - }, { - "hashAlg": "SHA3-256", - "saltLen": 32 - }, { - "hashAlg": "SHA3-384", - "saltLen": 48 - }, { - "hashAlg": "SHA3-512", - "saltLen": 64 + },{ + "sigType": "pss", + "properties": [{ + "modulo": 2048, + "maskFunction": ["mgf1"], + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-256", + "saltLen": 32 + },{ + "hashAlg": "SHA2-384", + "saltLen": 48 + },{ + "hashAlg": "SHA2-512", + "saltLen": 64 + },{ + "hashAlg": "SHA2-512/224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-512/256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-224", + "saltLen": 28 + },{ + "hashAlg": "SHA3-256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-384", + "saltLen": 48 + },{ + "hashAlg": "SHA3-512", + "saltLen": 64 + }] + },{ + "modulo": 3072, + "maskFunction": ["mgf1"], + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-256", + "saltLen": 32 + },{ + "hashAlg": "SHA2-384", + "saltLen": 48 + },{ + "hashAlg": "SHA2-512", + "saltLen": 64 + },{ + "hashAlg": "SHA2-512/224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-512/256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-224", + "saltLen": 28 + },{ + "hashAlg": "SHA3-256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-384", + "saltLen": 48 + },{ + "hashAlg": "SHA3-512", + "saltLen": 64 + }] + },{ + "modulo": 4096, + "maskFunction": ["mgf1"], + "hashPair": [{ + "hashAlg": "SHA2-224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-256", + "saltLen": 32 + },{ + "hashAlg": "SHA2-384", + "saltLen": 48 + },{ + "hashAlg": "SHA2-512", + "saltLen": 64 + },{ + "hashAlg": "SHA2-512/224", + "saltLen": 28 + },{ + "hashAlg": "SHA2-512/256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-224", + "saltLen": 28 + },{ + "hashAlg": "SHA3-256", + "saltLen": 32 + },{ + "hashAlg": "SHA3-384", + "saltLen": 48 + },{ + "hashAlg": "SHA3-512", + "saltLen": 64 + }] }] - }] }] - }, - { + },)" + R"({ "algorithm": "CMAC-AES", "acvptoolTestOnly": true, "revision": "1.0",