Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Zero-length KWP keys should set 'invalid' result #98

Open
dspdon opened this issue Dec 19, 2023 · 4 comments
Open

Zero-length KWP keys should set 'invalid' result #98

dspdon opened this issue Dec 19, 2023 · 4 comments

Comments

@dspdon
Copy link

dspdon commented Dec 19, 2023
edited
Loading

I noticed the KWP test vector file (kwp_test.json) has 3 test cases where key length (where key is 'key to be wrapped') is set to 0 and msg = ''. These cases are tcId 11, 86 and 171. I think these cases should be recorded with result set to 'invalid'. They currently have result set to 'acceptable'.

According to NIST SP 800-38F, length of the KWP key to be wrapped must be at least 1 byte. The language in SP 800-38F Sec 5.2 states this as: "KW-AE and TKW-AE are defined on two or more semiblocks. For KWP-AE, the domain of possible inputs is extended to nonempty octet strings." Wrapping a key with 0 length would be invalid.
@dspdon dspdon changed the title Zero-length key to be wrapped by KWP should have result set to 'invalid' Zero-length KWP keys should have result set to 'invalid' Dec 20, 2023
@dspdon dspdon changed the title Zero-length KWP keys should have result set to 'invalid' Zero-length KWP keys should set 'invalid' result Dec 20, 2023
@bleichenbacher-daniel
Copy link

The latest version of the test vectors in wycheproof/testvectors_v1/aes_kwp_test.json should be better.

@dspdon
Copy link
Author

dspdon commented Dec 21, 2023 via email
edited
Loading

@bleichenbacher-daniel
Copy link

testvectors_v1 generally contains the latest version. The main difference is that the format for the flags has changed, so that it is possible to add more comments. The main purpose of the new flags was to describe what a test vector checks and to make a preliminary guess about the seriousness of the bug.

The main disadvantage of testvectors_v1 is that the documentation never has been updated for the new format.

@dspdon
Copy link
Author

dspdon commented Dec 24, 2023

Thanks again Daniel. I'm now running the test cases in the "v1" folder. The KWP test cases in v1 all seem to be fine with regard to this setting --- no similar issues were found for the "result" enum values.

After reviewing the newer v1 format and folder, and noting your guidance for the "v0" folder, it still seems worth considering an update to the "result" enumeration for these three KWP test cases. Otherwise part of the KWP spec needs to be known and utilized in the test jig itself, to identify these test cases and override the result flag. You may know more about the impact of legacy use of the "v0" content however, so I'll leave it there.

Backing up slightly, I should have stated that the test cases in this repo are terrific and I'm definitely finding benefit from these. So some slightly belated thanks to everyone making these tests available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dspdon @bleichenbacher-daniel