Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose SHAKE through the EVP API #1199

Merged
merged 36 commits into from
Oct 9, 2023
Merged

Expose SHAKE through the EVP API #1199

merged 36 commits into from
Oct 9, 2023

Conversation

WillChilds-Klein
Copy link
Contributor

@WillChilds-Klein WillChilds-Klein commented Sep 19, 2023
edited
Loading

Issues

Resolves CryptoAlg-2034

Notes

This commit exposes our extant SHAKE implementation through the EVP digest API and incorporates that implementation into the FIPS service indicator and ACVP tooling. SHAKE differs from traditional digest functions in that it does not have a fixed output digest size. When using the incremental EVP API, the output size is specified on finalization through EVP_DigestFinalXOF. This additional parameter percolates throughout the EVP and test code, as the function signature of EVP_DigestFinalXOF is different from that of EVP_DigestFinal or EVP_DigestFinal_ex.

We also add SHA3 to the self tests. As noted below, while the self-tests don't include actual tests for every approved digest algorithm we support, they do cover the core implementation of every approved digest. SHA224 is covered by the SHA256 self-test; SHA384, SHA512-224, and SHA512-256 are covered by the SHA512 self-test; SHAKE-128, SHAKE-256, and all the SHA3 variants are covered by the SHA3-512 self-test.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@WillChilds-Klein WillChilds-Klein changed the title Shake Expose SHAKE through the EVP API Sep 19, 2023
@WillChilds-Klein WillChilds-Klein force-pushed the shake branch 3 times, most recently from d2d298b to 48be6d7 Compare September 20, 2023 20:41
@samuel40791765
Copy link
Contributor

Only reviewed 48be6d7, but hte service indicator changes/tests lgtm 👍

@WillChilds-Klein WillChilds-Klein force-pushed the shake branch 4 times, most recently from 9c09d51 to 3439c15 Compare September 26, 2023 15:24
@WillChilds-Klein WillChilds-Klein marked this pull request as ready for review September 26, 2023 15:25
@WillChilds-Klein WillChilds-Klein requested a review from a team as a code owner September 26, 2023 15:25
andrewhop
andrewhop reviewed Sep 29, 2023
View reviewed changes
crypto/fipsmodule/digest/internal.h Show resolved Hide resolved
util/fipstools/acvp/acvptool/test/expected/SHAKE-128.bz2 Outdated Show resolved Hide resolved
crypto/fipsmodule/digest/digest.c Outdated Show resolved Hide resolved
dkostic
dkostic reviewed Sep 29, 2023
View reviewed changes
crypto/fipsmodule/digest/digest.c Outdated Show resolved Hide resolved
crypto/fipsmodule/sha/internal.h Outdated Show resolved Hide resolved
darylmartin100
darylmartin100 reviewed Oct 2, 2023
View reviewed changes
Copy link
Contributor

@darylmartin100 darylmartin100 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since you are marking this as an approved algorithm, do we need to add a corresponding self test in self_check.c?

@WillChilds-Klein
Copy link
Contributor Author

WillChilds-Klein commented Oct 2, 2023
edited
Loading

Since you are marking this as an approved algorithm, do we need to add a corresponding self test in self_check.c?

@darylmartin100 --That's a good question. Right now, we're missing coverage in self_check.c for the following approved hash algorithms:

  • SHA2: SHA224, SHA384, SHA512-224, SHA512-256
  • SHA3: SHA3-224, SHA3-256, SHA3-384, SHA3-512
  • SHAKE: SHAKE-128, SHAKE-256

I'm not sure what the decision criterion is for adding an algorithm to self_check.c, but it seems like if we add SHAKE, we should add the other missing ones as well.

@dkostic
Copy link
Contributor

dkostic commented Oct 2, 2023

one general question: can the finalXOF function be called more than once on the same context object and what's the expected behavior in that case?

@WillChilds-Klein
Copy link
Contributor Author

one general question: can the finalXOF function be called more than once on the same context object and what's the expected behavior in that case?

@dkostic -- I don't think we should allow that (neither does OpenSSL). For regular digests, we technically allow multiple calls to EVP_DigestFinal_ex, but advise against it in our documentation. EVP_DigestFinal cleans up the ctx, so it can't be called again without re-initialization.

I've added a test case to digest_test.cc to assert this behavior.

dkostic
dkostic reviewed Oct 6, 2023
View reviewed changes
crypto/fipsmodule/digest/digest.c Outdated Show resolved Hide resolved
crypto/fipsmodule/digest/digest.c Outdated Show resolved Hide resolved
WillChilds-Klein and others added 23 commits October 9, 2023 20:47
@WillChilds-Klein
Add SHAKE ACVP modulewrapper JSON configs
7a13102
@WillChilds-Klein
Clarify and add comments to digest_test.cc
bd165b9
@WillChilds-Klein
Add SHAKE monte carlo tests
3f2d652
@WillChilds-Klein
Fix SHA2 tests, account for weird golang case/switch impl
a267d1e
@WillChilds-Klein
Fix SHAKE MCTs
efae2df
@WillChilds-Klein
Update formatting for SHAKE128 expected ACVP vectors
a252647
@WillChilds-Klein
Replace SHAKE256 ACVP vectors with byte-aligned vectors
4e215b6
@WillChilds-Klein
Reformat expected SHAKE-256 ACVP vectors
38f3cdd
@WillChilds-Klein
Clean up TODOs
0e068cb
@WillChilds-Klein
Support sha3 in EVP_getdigestbyname
82261a1
@WillChilds-Klein @dkostic
Update crypto/fipsmodule/sha/internal.h
5754d19 
Co-authored-by: dkostic <[email protected]>
@WillChilds-Klein
Trim ACVP vectors, adjust error code in EVP_Digest
e3409f7
@WillChilds-Klein
Fix merge typo
3222991
@WillChilds-Klein
Add test case for successive digest finalization
69a1754
@WillChilds-Klein
Add self check for SHA3/SHAKE
46ff043
@WillChilds-Klein
Add SHA3-512 to self_check.c and test_fips.c
b2160e2
@WillChilds-Klein
Add SHA3 to break-kat.go, use unique input in self-check.c
c5448db
@WillChilds-Klein
Revert "Add SHA3 to break-kat.go, use unique input in self-check.c"
c11b642 
This reverts commit 090e2ba.
@WillChilds-Klein
Revert "Add SHA3-512 to self_check.c and test_fips.c"
2a3a4b2 
This reverts commit 5d23a69.
@WillChilds-Klein
Revert "Add self check for SHA3/SHAKE"
083d02f 
This reverts commit 1726039.
@WillChilds-Klein @dkostic
Update crypto/fipsmodule/digest/digest.c
a134981 
Co-authored-by: dkostic <[email protected]>
@WillChilds-Klein
Simplify ctx cleansing
b18c7cd
@WillChilds-Klein
Refactor EVP_digest for better failure perf, add test
8311023
@WillChilds-Klein WillChilds-Klein enabled auto-merge (squash) October 9, 2023 21:47
@WillChilds-Klein WillChilds-Klein merged commit bb1aaba into aws:main Oct 9, 2023
4 of 5 checks passed
@WillChilds-Klein WillChilds-Klein deleted the shake branch October 9, 2023 22:27
@skmcgrail skmcgrail mentioned this pull request Oct 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@andrewhop andrewhop andrewhop approved these changes

@dkostic dkostic dkostic approved these changes

@samuel40791765 samuel40791765 Awaiting requested review from samuel40791765

@darylmartin100 darylmartin100 Awaiting requested review from darylmartin100

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@WillChilds-Klein @samuel40791765 @dkostic @andrewhop @darylmartin100