Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated documentation for counterFieldLen support added to AES ctrDRBG #1548

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Updated documentation for counterFieldLen support added to AES ctrDRBG #1548

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c6a419a
Updated documentation for counterFieldLen support added to AES ctrDRBG
jbrock24 Nov 14, 2024
40fc160
Removed errant U
jbrock24 Nov 14, 2024
20e61fb
Suggested changes from PR gh1548
jbrock24 Nov 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions src/drbg/sections/05-capabilities.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ Each DRBG algorithm capability advertised is a self-contained JSON object. A reg
| persoStringLen | Personalization string length. See the notes below. | domain | Min: maximum security strength (see <<supported_values>>), Max: See <<supported_values>>. Set to 0 if not supported
| additionalInputLen | See the notes below. | domain | Min: maximum security strength (see <<supported_values>>), Max: See <<supported_values>>. Set to 0 if not supported
| returnedBitsLen | Returned bits length | integer | Min: See <<supported_values>>, Max: 4096.
| counterFieldLen | Optional: See the notes below. | integer | Min: 4, Max: 128. Set to 128 if not altered
jbrock24 marked this conversation as resolved.
Show resolved Hide resolved
|===


Expand All @@ -53,6 +54,8 @@ NOTE: ACVP allows bit length values for 'persoString' ranging from the maximum s

NOTE: The 'addtionalInput' configuration and restrictions are the same as those for the 'persoString'.

NOTE: The custom 'counterFieldLen' was introduced in the SP800-90Ar1 update. This is only valid for AES and not TDES ctrDRBG, please refer to SP800-90Ar1 for guidance.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Joel, use these words:
"NOTE: The 'counterFieldLen' property was introduced to support the concept of counter field length as introduced in SP800-90Ar1. See SP800-90Ar1 Section 10.2.1, Table 3."


[[value_req_per_option]]
=== Supported values per DRBG option

Expand All @@ -74,20 +77,20 @@ DRBG minimum/maximum values for the properties listed in <<capabilities-table>>
| hashDRBG | "SHA-1" | N/A | 128 | 128 | 65536 | 65536 | 65536 | 64 | 65536 | 160
| hashDRBG | "SHA2-224" | N/A | 192| 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
| hashDRBG | "SHA2-256" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
| hashDRBG | "SHA2-384" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 384
| hashDRBG | "SHA2-384" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 384
| hashDRBG | "SHA2-512" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 512
| hashDRBG | "SHA2-512/224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
| hashDRBG | "SHA2-512/256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
| hashDRBG | "SHA3-224" | N/A | 192| 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
| hashDRBG | "SHA3-256" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
| hashDRBG | "SHA3-384" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 384
| hashDRBG | "SHA3-384" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 384
| hashDRBG | "SHA3-512" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 65536 | 512
| hmacDRBG | "SHA-1" | N/A | 128 | 128 | 65536 | 65536 | 65536 | 64 | 65536 | 160
| hmacDRBG | "SHA2-224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
| hmacDRBG | "SHA2-256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
| hmacDRBG | "SHA2-384" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 384
| hmacDRBG | "SHA2-512" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 512
| hmacDRBG | "SHA2-512/224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
| hmacDRBG | "SHA2-512/224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
| hmacDRBG | "SHA2-512/256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
| hmacDRBG | "SHA3-224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 65536 | 224
| hmacDRBG | "SHA3-256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 65536 | 256
Expand Down Expand Up @@ -144,7 +147,8 @@ The following is an example registration.
"additionalInputLen": [
256
],
"returnedBitsLen": 512
"returnedBitsLen": 512,
"counterFieldLen": 100
}
]
}
Expand Down
1 change: 1 addition & 0 deletions src/drbg/sections/06-test-vectors.adoc
View file
Open in desktop
jbrock24 marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ Here is an abbreviated yet fully constructed example of the prompt
"persoStringLen": 256,
"additionalInputLen": 256,
"returnedBitsLen": 512,
"counterFieldLen": 100,
"mode": "AES-128",
"tests": [
{
Expand Down
13 changes: 9 additions & 4 deletions src/drbg/sections/97-examples.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,8 @@ The following is a example JSON object advertising support for ctrDRBG with TDES
"additionalInputLen": [
256
],
"returnedBitsLen": 512
"returnedBitsLen": 512,
"counterFieldLen": 75
},
{
"mode": "AES-192",
Expand Down Expand Up @@ -73,7 +74,8 @@ The following is a example JSON object advertising support for ctrDRBG with TDES
"additionalInputLen": [
384
],
"returnedBitsLen": 512
"returnedBitsLen": 512,
"counterFieldLen": 100
},
{
"mode": "TDES",
Expand Down Expand Up @@ -124,7 +126,8 @@ The following is a example JSON object advertising support for ctrDRBG with TDES
"additionalInputLen": [
320
],
"returnedBitsLen": 512
"returnedBitsLen": 512,
"counterFieldLen": 10
},
{
"mode": "AES-256",
Expand All @@ -141,7 +144,8 @@ The following is a example JSON object advertising support for ctrDRBG with TDES
"additionalInputLen": [
384
],
"returnedBitsLen": 512
"returnedBitsLen": 512,
"counterFieldLen": 50
},
{
"mode": "TDES",
Expand Down Expand Up @@ -336,6 +340,7 @@ The following is a example JSON object for ctrDRBG test vectors sent from the AC
"persoStringLen": 112,
"additionalInputLen": 112,
"returnedBitsLen": 256,
"counterFieldLen": 100,
"tests": [
{
"tcId": 1815,
Expand Down
1 change: 1 addition & 0 deletions src/drbg/sections/98-references.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
* [[[RFC7991,RFC 7991]]]
* [[[RFC8174,RFC 8174]]]
* [[[SP800-90A,NIST SP 800-90A]]]
* [[[SP800-90Ar1,NIST SP 800-90Ar1]]]

[%bibitem]
=== Automatic Cryptographic Validation Protocol
Expand Down
6 changes: 4 additions & 2 deletions src/drbg/sections/XX-examples.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,8 @@ The following is a example JSON object advertising support for ctrDRBG with 3Key
"additionalInputLen": [
256
],
"returnedBitsLen": 512
"returnedBitsLen": 512,
"counterFieldLen": 100
},
{
"mode": "AES-192",
Expand Down Expand Up @@ -141,7 +142,8 @@ The following is a example JSON object advertising support for ctrDRBG with 3Key
"additionalInputLen": [
384
],
"returnedBitsLen": 512
"returnedBitsLen": 512,
"counterFieldLen": 100
},
{
"mode": "TDES",
Expand Down