Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

slh-dsa: implement changes from FIP 205 Initial Public Draft -> FIPS 205 Final #844

Merged
merged 3 commits into from
Aug 18, 2024
Merged

slh-dsa: implement changes from FIP 205 Initial Public Draft -> FIPS 205 Final #844

merged 3 commits into from
Aug 18, 2024

Conversation

tjade273
Copy link
Contributor

@tjade273 tjade273 commented Aug 14, 2024
edited
Loading

Addresses #843

  • Implement new context string handling for "pure" algorithms
  • Change existing KAT to use deterministic *_internal functions specified in the new standard
  • Known-answer tests for top-level signatures with context (not sure these exist yet)
  • End-to-end tests for signatures with non-empty context
  • Implement new pre-hash variants (using DigestSigner)
  • Integrate NIST CVP KATs

@tjade273
Copy link
Contributor Author

AFAICT there are no published KATs for the full end-to-end signature (with a context string). I'm not too worried about that, it's a very simple spec change.

I'm going to hold off on the pre-hash DigestSigner implementation for a separate feature. The requirement to include the hash OID in the context makes integrating arbitrary digests a pain. I don't expect pre-hash to have much demand right now anyway.

@tjade273 tjade273 changed the title WIP: Implement changes from FIP 205 Initial Public Draft -> FIPS 205 Final Implement changes from FIP 205 Initial Public Draft -> FIPS 205 Final Aug 15, 2024
@tjade273
Copy link
Contributor Author

@tarcieri This is ready for review. I'll open a new issue for supporting the pre-hash variant, but now at least the normal variant that 99% of users need matches the final spec.

@tarcieri
Copy link
Member

The requirement to include the hash OID in the context makes integrating arbitrary digests a pain.

You can use the AssociatedOid trait, namely AssociatedOid + Digest.

See this for an example: https://docs.rs/rsa/latest/rsa/pkcs1v15/struct.SigningKey.html

@tarcieri
Copy link
Member

Updated test vectors are available here:

@tjade273
Copy link
Contributor Author

You can use the AssociatedOid trait, namely AssociatedOid + Digest.

Thanks! Saves me from having to implement the consts myself...

I started working on the Oid/DigestSigner feature but have to go through and update various things to the newest pre-release versions to match the pre-release digest crate used by signature.

@tjade273
Copy link
Contributor Author

Updated test vectors are available here:

Yep, already incorporated!

https://github.com/RustCrypto/signatures/pull/844/files#diff-bcecd5d27d356a81e18400b7905fdc36196cc3e0de024579b21b5dea7aa808fd

@tarcieri tarcieri merged commit cf34cd2 into RustCrypto:master Aug 18, 2024
43 checks passed
@tarcieri tarcieri changed the title Implement changes from FIP 205 Initial Public Draft -> FIPS 205 Final slh-dsa: implement changes from FIP 205 Initial Public Draft -> FIPS 205 Final Aug 18, 2024
This was referenced Aug 18, 2024
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tjade273 @tarcieri