|
4116 | 4116 | ensure that hash-based signature algorithms do not reuse private keys</TSS> |
4117 | 4117 | <Guidance/> |
4118 | 4118 | <Tests> |
4119 | | - Boilerplate text goes here <h:p/> |
| 4119 | + The following tests are conditional based upon the selections made in the SFR. The evaluator |
| 4120 | + shall perform the following test or witness respective tests executed by the developer. The tests |
| 4121 | + must be executed on a platform that is as close as practically possible to the operational platform |
| 4122 | + (but which may be instrumented in terms of, for example, use of a debug mode). Where the test |
| 4123 | + is not carried out on the TOE itself, the test platform shall be identified and the differences |
| 4124 | + between test environment and TOE execution environment shall be described.<h:p/> |
4120 | 4125 |
|
4121 | 4126 | <!-- RSA-PKCS Signature Generation --> |
4122 | 4127 | <h:br/><h:b>RSA-PKCS Signature Generation </h:b><h:p/> |
|
4214 | 4219 | generate 10 test cases using random data. The evaluator shall compare the results against those |
4215 | 4220 | from a known-good implementation.<h:p/> |
4216 | 4221 |
|
| 4222 | + <!-- LMS Signature Genration --> |
| 4223 | + <h:br/><h:b>LMS Signature Gneration </h:b><h:p/> |
| 4224 | + <h:table border="1"> |
| 4225 | + <h:tr class="header" bgcolor="#cccccc"> |
| 4226 | + <h:td valign="top">Identifier</h:td> |
| 4227 | + <h:td valign="top">Cryptogrphic Algorithm Parameters</h:td> |
| 4228 | + <h:td valign="top">Cryptographic Key Sizes</h:td> |
| 4229 | + <h:td valign="top">List of Standards</h:td> |
| 4230 | + </h:tr> |
| 4231 | + <h:tr> |
| 4232 | + <h:td valign="top">LMS</h:td> |
| 4233 | + <h:td valign="top">LMS</h:td> |
| 4234 | + <h:td valign="top">Private key size = [<h:b>selection:</h:b> |
| 4235 | + 192 bits with [<h:b>selection:</h:b> SHA256/192, SHAKE256/192], |
| 4236 | + 256 bits with [<h:b>selection:</h:b> SHA-256, SHAKE256]] , |
| 4237 | + Winternitz parameter = [<h:b>selection:</h:b> 1, 2, 4, 8], |
| 4238 | + and tree height = [<h:b>selection:</h:b> 5, 10, 15, 20, 25]</h:td> |
| 4239 | + <h:td valign="top">RFC 8554 [LMS]<h:p/> |
| 4240 | + NIST SP 800-208 [parameters] </h:td> |
| 4241 | + </h:tr> |
| 4242 | + </h:table><h:p/> |
| 4243 | + To test the TOE’s ability to generate cryptographic digital signature using LMS, the |
| 4244 | + evaluator shall perform the Algorithm Functional Test using the following input parameters:<h:ul> |
| 4245 | + <h:li>Hash algorithm [SHA-256/192, SHAKE256/192, SHA-256, SHAKE256]</h:li> |
| 4246 | + <h:li>Winterlitz [1, 2, 4, 8]</h:li> |
| 4247 | + <h:li>Tree height [5, 10, 15, 20, 25]</h:li></h:ul><h:p/> |
| 4248 | + <h:br/><h:b>Algorithm Functional Test</h:b><h:p/> |
| 4249 | + For each supported combination of the above parameters, the evaluator shall generate 10 |
| 4250 | + signatures. The evaluator shall verify the correctness of the implementation by comparing values |
| 4251 | + generated by the TOE with those generated by a known good implementation using the same |
| 4252 | + input parameters.<h:p/> |
4217 | 4253 |
|
4218 | 4254 | <!-- ML-DSA Signature Generation --> |
4219 | 4255 | <h:br/><h:b>ML-DSA Signature Generation</h:b><h:p/> |
|
4249 | 4285 | <h:br/><h:b>Known Answer Test for Rejection Cases</h:b><h:p/> |
4250 | 4286 | For each supported parameter set, the evaluator shall cause the TOE to generate signatures using |
4251 | 4287 | the data below and a deterministic seed of all 0’s. Correctness is determined by |
4252 | | - comparing the hash of the resulting signature with the hash of the signature.<h:p/> |
4253 | | - The values are defined as follows:<h:ul> |
| 4288 | + comparing the hash of the resulting signature with the hash in the fourth row |
| 4289 | + for each corresponding test case below.<h:p/> |
| 4290 | + The test values are defined as follows:<h:ul> |
4254 | 4291 | <h:li><h:i>Seed</h:i> is the seed to generate the key pair (<h:i>pk, sk</h:i>)</h:li> |
4255 | 4292 | <h:li><h:i>Hash of keys</h:i> is computed by SHA-256(<h:i>pk</h:i>||<h:i>sk</h:i>)</h:li> |
4256 | 4293 | <h:li><h:i>Message</h:i> is the message to be signed</h:li> |
|
4321 | 4358 | <h:br/><h:b>Known Answer Test for Large Number of Rejection Cases (Total Rejection Count)</h:b><h:p/> |
4322 | 4359 | For each supported parameter set, the evaluator shall cause the TOE to generate signatures using |
4323 | 4360 | the data below and a deterministic seed of all 0’s. Correctness is determined by |
4324 | | - comparing the hash of the resulting signature with the hash of the signature.<h:p/> |
| 4361 | + comparing the hash of the resulting signature with the hash in the fourth row |
| 4362 | + of the corresponding test case below.<h:p/> |
4325 | 4363 | <h:p/><h:b>ML-DSA-87 Test Cases for Total Rejection Count</h:b><h:p/> |
4326 | 4364 | <h:pre> |
4327 | 4365 | Test case 87-LN-01 |
|
4384 | 4422 | Message: 9831A830231A160B9847203341A5F30BF3E87A2A482AEEA6886315C92B5C4E4C |
4385 | 4423 | Hash of sig: 46C669D2FEB643A38E54FF87B790CC33F44043A1B6B31DB9474D301328CA2A7F |
4386 | 4424 | </h:pre> |
| 4425 | + |
| 4426 | + <!-- XMSS Signature Gneration --> |
| 4427 | + <h:br/><h:b>XMSS Signature Gneration</h:b><h:p/> |
| 4428 | + <h:table border="1"> |
| 4429 | + <h:tr class="header" bgcolor="#cccccc"> |
| 4430 | + <h:td valign="top">Identifier</h:td> |
| 4431 | + <h:td valign="top">Cryptogrphic Algorithm Parameters</h:td> |
| 4432 | + <h:td valign="top">Cryptographic Key Sizes</h:td> |
| 4433 | + <h:td valign="top">List of Standards</h:td> |
| 4434 | + </h:tr> |
| 4435 | + <h:tr> |
| 4436 | + <h:td valign="top">XMSS</h:td> |
| 4437 | + <h:td valign="top">XMSS</h:td> |
| 4438 | + <h:td valign="top">Private key size = [<h:b>selection:</h:b> |
| 4439 | + 192 bits with [<h:b>selection:</h:b> SHA256/192, SHAKE256/192], |
| 4440 | + 256 bits with [<h:b>selection:</h:b> SHA-256, SHAKE256]] , |
| 4441 | + and tree height = [<h:b>selection:</h:b> 10, 16, 20] </h:td> |
| 4442 | + <h:td valign="top">RFC 8391 [XMSS] <h:p/> |
| 4443 | + NIST SP 800-208 [parameters]</h:td> |
| 4444 | + </h:tr> |
| 4445 | + </h:table><h:p/> |
| 4446 | + To test the TOE’s ability to generate digital signatures using XMSS, the evaluator |
| 4447 | + shall perform the XMSS Key Generation Test using the following input parameters:<h:ul> |
| 4448 | + <h:li>Hash algorithm [SHA-256/192, SHAKE256/192, SHA-256, SHAKE256]</h:li> |
| 4449 | + <h:li>Tree height [10, 16, 20]</h:li></h:ul><h:p/> |
| 4450 | + <h:br/><h:b>XMSS Key Generation Test</h:b><h:p/> |
| 4451 | + For each supported combination of the above parameters, the evaluator shall generate 10 |
| 4452 | + signatures. The evaluator shall verify the correctness of the implementation by comparing values |
| 4453 | + generated by the TOE with those generated by a known-good implementation using the same |
| 4454 | + input parameters.<h:p/> |
| 4455 | + |
4387 | 4456 | </Tests> |
4388 | 4457 | </aactivity> |
4389 | 4458 | </f-element> |
|
0 commit comments