From a66667bcc0a26df4292c740b9b4f18a6caff329e Mon Sep 17 00:00:00 2001 From: Joel Brockman Date: Thu, 23 Oct 2025 12:37:27 -0400 Subject: [PATCH 1/6] Added support for SHAKE-128/256 FIPS202. The changes are no longer supported the inBit, inEmpty, and outBit, and support for custom messageLength was added. --- src/sha3/sections/03-supported.adoc | 2 ++ src/sha3/sections/05-capabilities.adoc | 17 ++++++++++++----- src/sha3/sections/06-test-vectors.adoc | 4 ++-- src/sha3/sections/07-responses.adoc | 2 +- 4 files changed, 17 insertions(+), 8 deletions(-) diff --git a/src/sha3/sections/03-supported.adoc b/src/sha3/sections/03-supported.adoc index f180d9375..e853b985a 100644 --- a/src/sha3/sections/03-supported.adoc +++ b/src/sha3/sections/03-supported.adoc @@ -14,5 +14,7 @@ The following SHA3-based hash algorithms *MAY* be advertised by this ACVP compli * SHA3-512 / null / 2.0 * SHAKE-128 / null / 1.0 * SHAKE-256 / null / 1.0 +* SHAKE-128 / null / FIPS202 +* SHAKE-256 / null / FIPS202 Other hash algorithms *MAY* be advertised by the ACVP module elsewhere. diff --git a/src/sha3/sections/05-capabilities.adoc b/src/sha3/sections/05-capabilities.adoc index 96388bbaa..2aa3128f9 100644 --- a/src/sha3/sections/05-capabilities.adoc +++ b/src/sha3/sections/05-capabilities.adoc @@ -44,8 +44,12 @@ The following grid outlines which properties are *REQUIRED*, as well as all the | SHA3-512| 2.0 | | | | | {"Min": 0, "Max": 65536, "Inc": any} | [1, 2, 4, 8] | SHAKE-128| 1.0 | true, false| true, false| {"Min": 16, "Max": 65536, "Inc": any}| true, false | | | SHAKE-256| 1.0 | true, false| true, false| {"Min": 16, "Max": 65536, "Inc": any}| true, false | | +| SHAKE-128| FIPS202 | | | {"Min": 16, "Max": 65536, "Inc": any}| | {"Min": 0, "Max": 65536, "Inc": 8} | +| SHAKE-256| FIPS202 | | | {"Min": 16, "Max": 65536, "Inc": any}| | {"Min": 10, "Max": 65536, "Inc": 8} | |=== +NOTE: For SHAKE FIPS202 - inBit, inEmpty, and outBit support were removed, while support for custom MessageLengths was added. + The following is a example JSON object advertising support for SHA3-256 for testing revision 1.0. [source, json] @@ -60,22 +64,25 @@ The following is a example JSON object advertising support for SHA3-256 for test } ---- -The following is an example JSON object advertising support for SHAKE-128. +The following is an example JSON object advertising support for SHAKE-128 FIPS202. [source, json] ---- { "algorithm": "SHAKE-128", - "revision": "1.0", + "revision": "FIPS202", "mode": null, - "inBit": true, - "inEmpty": true, - "outBit": true, "outputLen": [ { "min": 16, "max": 1024 } + ], + "messageLength": [ + { + "min": 16, + "max": 1024 + } ] } ---- diff --git a/src/sha3/sections/06-test-vectors.adoc b/src/sha3/sections/06-test-vectors.adoc index fbc284e66..87f056b81 100644 --- a/src/sha3/sections/06-test-vectors.adoc +++ b/src/sha3/sections/06-test-vectors.adoc @@ -38,7 +38,7 @@ Each test group *SHALL* contain an array of one or more test cases. Each test c | largeMsg | Object describing the message for an LDT group | large data object, see <> for more information |=== -NOTE: The maximum value for SHAKE-128 for 'len' is 65,904 bits when the inBit parameter is set to true in the capabilities registration and 66,240 bits when it is set to false. The maximum value for SHAKE-256 for 'len' is 66,428 bits when the inBit parameter is set to true in the capabilities registration and 65,752 bits when it is set to false. +NOTE: The maximum value for SHAKE-128 v1.0 for 'len' is 65,904 bits when the inBit parameter is set to true in the capabilities registration and 66,240 bits when it is set to false. The maximum value for SHAKE-256 v1.0 for 'len' is 66,428 bits when the inBit parameter is set to true in the capabilities registration and 65,752 bits when it is set to false. The following are example JSON objects for secure hash test vectors sent from the ACVP server to the crypto module. Notice that the single bit message is represented as "01". This complies with the little-endian nature of SHA3. All hex displayed is little-endian bit order when associated with SHA3 or any of its variations. @@ -97,7 +97,7 @@ The following are example JSON objects for secure hash test vectors sent from th ] ---- -The following is an example JSON object for SHAKE. +The following is an example JSON object for SHAKE v1.0. [source, json] ---- diff --git a/src/sha3/sections/07-responses.adoc b/src/sha3/sections/07-responses.adoc index 592ce8f2d..0cbf30b7e 100644 --- a/src/sha3/sections/07-responses.adoc +++ b/src/sha3/sections/07-responses.adoc @@ -143,7 +143,7 @@ The following are examples of JSON objects for secure hash test results sent fro } ---- -The following is an example JSON object response for SHAKE-128. The group identified by tgId 1 is a group of AFTs. The group identified by tgId 2 is a group of MCTs. The group identified by tgId 3 is a group of VOTs. +The following is an example JSON object response for SHAKE-128 v1.0. The group identified by tgId 1 is a group of AFTs. The group identified by tgId 2 is a group of MCTs. The group identified by tgId 3 is a group of VOTs. [source, json] ---- From f60b017bb8babcfb53dba36cb6d9174599aeb64c Mon Sep 17 00:00:00 2001 From: Joel Brockman Date: Thu, 23 Oct 2025 12:40:11 -0400 Subject: [PATCH 2/6] Minor changes. --- src/sha3/sections/05-capabilities.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/sha3/sections/05-capabilities.adoc b/src/sha3/sections/05-capabilities.adoc index 2aa3128f9..3c28c3fcf 100644 --- a/src/sha3/sections/05-capabilities.adoc +++ b/src/sha3/sections/05-capabilities.adoc @@ -45,7 +45,7 @@ The following grid outlines which properties are *REQUIRED*, as well as all the | SHAKE-128| 1.0 | true, false| true, false| {"Min": 16, "Max": 65536, "Inc": any}| true, false | | | SHAKE-256| 1.0 | true, false| true, false| {"Min": 16, "Max": 65536, "Inc": any}| true, false | | | SHAKE-128| FIPS202 | | | {"Min": 16, "Max": 65536, "Inc": any}| | {"Min": 0, "Max": 65536, "Inc": 8} | -| SHAKE-256| FIPS202 | | | {"Min": 16, "Max": 65536, "Inc": any}| | {"Min": 10, "Max": 65536, "Inc": 8} | +| SHAKE-256| FIPS202 | | | {"Min": 16, "Max": 65536, "Inc": any}| | {"Min": 0, "Max": 65536, "Inc": 8} | |=== NOTE: For SHAKE FIPS202 - inBit, inEmpty, and outBit support were removed, while support for custom MessageLengths was added. @@ -80,8 +80,8 @@ The following is an example JSON object advertising support for SHAKE-128 FIPS20 ], "messageLength": [ { - "min": 16, - "max": 1024 + "min": 0, + "max": 65536 } ] } From b96e820c697babba3e4f9ec390963e3aeac289fa Mon Sep 17 00:00:00 2001 From: Joel Brockman Date: Fri, 24 Oct 2025 12:00:18 -0400 Subject: [PATCH 3/6] Just a blurb about MCT tests an FIPS202 revision not being supported. --- src/sha3/sections/04-testtypes.adoc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/sha3/sections/04-testtypes.adoc b/src/sha3/sections/04-testtypes.adoc index 52c0df16f..2b40324e3 100644 --- a/src/sha3/sections/04-testtypes.adoc +++ b/src/sha3/sections/04-testtypes.adoc @@ -65,6 +65,8 @@ The MCTs start with an initial condition (SEED which is a single message) and pe The SHAKE function used in the pseudocode takes in a bitstring and a desired output length in bits. The MSG[i] input to SHAKE MUST always contain at least 128 bits. If this is not the case as the previous digest was too short, append empty bits to the rightmost side of the digest. The MCT algorithm is shown below. +NOTE: SHAKE FIPS202 revisions do not support MCT. + .SHAKE Monte Carlo Test [source, code] ---- From 18ca9f08939b42c3c864ec57825d5ad25cae9d45 Mon Sep 17 00:00:00 2001 From: livebe01 Date: Fri, 31 Oct 2025 15:59:40 -0400 Subject: [PATCH 4/6] moves FIPS202 MCT note to top of section --- src/sha3/sections/04-testtypes.adoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/sha3/sections/04-testtypes.adoc b/src/sha3/sections/04-testtypes.adoc index 2b40324e3..15b26bd86 100644 --- a/src/sha3/sections/04-testtypes.adoc +++ b/src/sha3/sections/04-testtypes.adoc @@ -57,6 +57,7 @@ For 100 iterations [[SHAKE-MCT]] ==== SHAKE Monte Carlo Test +NOTE: The SHAKE "FIPS202" testing revision does not support MCT. The MCTs start with an initial condition (SEED which is a single message) and perform a series of chained computations. Some values used in the algorithm are based on properties provided during the registration. They are as follows. @@ -65,8 +66,6 @@ The MCTs start with an initial condition (SEED which is a single message) and pe The SHAKE function used in the pseudocode takes in a bitstring and a desired output length in bits. The MSG[i] input to SHAKE MUST always contain at least 128 bits. If this is not the case as the previous digest was too short, append empty bits to the rightmost side of the digest. The MCT algorithm is shown below. -NOTE: SHAKE FIPS202 revisions do not support MCT. - .SHAKE Monte Carlo Test [source, code] ---- From 2d8b9a6b02ebab8787cdb7e38a32b4d4a15b7130 Mon Sep 17 00:00:00 2001 From: livebe01 Date: Fri, 31 Oct 2025 16:05:02 -0400 Subject: [PATCH 5/6] Removes FIPS202 capabilities note --- src/sha3/sections/05-capabilities.adoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/sha3/sections/05-capabilities.adoc b/src/sha3/sections/05-capabilities.adoc index 3c28c3fcf..c3949395a 100644 --- a/src/sha3/sections/05-capabilities.adoc +++ b/src/sha3/sections/05-capabilities.adoc @@ -48,8 +48,6 @@ The following grid outlines which properties are *REQUIRED*, as well as all the | SHAKE-256| FIPS202 | | | {"Min": 16, "Max": 65536, "Inc": any}| | {"Min": 0, "Max": 65536, "Inc": 8} | |=== -NOTE: For SHAKE FIPS202 - inBit, inEmpty, and outBit support were removed, while support for custom MessageLengths was added. - The following is a example JSON object advertising support for SHA3-256 for testing revision 1.0. [source, json] From a9f0b6fcface27107c0a1c71cf3d8b89b48885f7 Mon Sep 17 00:00:00 2001 From: Joel Brockman Date: Fri, 7 Nov 2025 10:35:43 -0500 Subject: [PATCH 6/6] Updated documentation to show both SHAKE 1.0 and FIPS202 versions instead of a mix. --- src/sha3/sections/05-capabilities.adoc | 22 +++++++++++++- src/sha3/sections/06-test-vectors.adoc | 42 +++++++++++++++++++++++++- src/sha3/sections/07-responses.adoc | 39 ++++++++++++++++++++++-- 3 files changed, 99 insertions(+), 4 deletions(-) diff --git a/src/sha3/sections/05-capabilities.adoc b/src/sha3/sections/05-capabilities.adoc index c3949395a..5a65775b6 100644 --- a/src/sha3/sections/05-capabilities.adoc +++ b/src/sha3/sections/05-capabilities.adoc @@ -48,7 +48,7 @@ The following grid outlines which properties are *REQUIRED*, as well as all the | SHAKE-256| FIPS202 | | | {"Min": 16, "Max": 65536, "Inc": any}| | {"Min": 0, "Max": 65536, "Inc": 8} | |=== -The following is a example JSON object advertising support for SHA3-256 for testing revision 1.0. +The following is a example JSON object advertising support for SHA3-256 for testing revision v1.0. [source, json] ---- @@ -62,6 +62,26 @@ The following is a example JSON object advertising support for SHA3-256 for test } ---- +The following is an example JSON object advertising support for SHAKE-128 v1.0. + +[source, json] +---- +{ + "algorithm": "SHAKE-128", + "revision": "1.0", + "mode": null, + "inBit": true, + "inEmpty": true, + "outBit": true, + "outputLen": [ + { + "min": 16, + "max": 1024 + } + ] +} +---- + The following is an example JSON object advertising support for SHAKE-128 FIPS202. [source, json] diff --git a/src/sha3/sections/06-test-vectors.adoc b/src/sha3/sections/06-test-vectors.adoc index 87f056b81..31d2f3fab 100644 --- a/src/sha3/sections/06-test-vectors.adoc +++ b/src/sha3/sections/06-test-vectors.adoc @@ -97,7 +97,7 @@ The following are example JSON objects for secure hash test vectors sent from th ] ---- -The following is an example JSON object for SHAKE v1.0. +The following is an example JSON object for SHAKE-128 v1.0. [source, json] ---- @@ -158,3 +158,43 @@ The following is an example JSON object for SHAKE v1.0. } ] ---- + +The following is an example JSON object for SHAKE-128 FIPS202. + +[source, json] +---- +[ + { "acvVersion": }, + { + "vsId": 12345, + "algorithm": "SHAKE-128", + "revision": "FIPS202", + "testGroups": [ + { + "tgId": 1, + "testType": "AFT", + "tests": [ + { + "tcId": 1, + "msg": "3D955AA590240623A3BFCA54D8...", + "len": 31352, + "outLen": 504 + }, + { + "tcId": 2, + "msg": "AD2E9023C60D916A51DD73E75D...", + "len": 208, + "outLen": 360 + }, + { + "tcId": 3, + "msg": "418130A5678E5D1773...", + "len": 1104, + "outLen": 408 + } + ] + } + ] + } +] +---- \ No newline at end of file diff --git a/src/sha3/sections/07-responses.adoc b/src/sha3/sections/07-responses.adoc index 0cbf30b7e..d38cb614c 100644 --- a/src/sha3/sections/07-responses.adoc +++ b/src/sha3/sections/07-responses.adoc @@ -35,7 +35,7 @@ The following table describes the JSON elements for each test case object. | tcId| Numeric identifier for the test case, unique across the entire vector set.| integer | md| The IUT's digest response to a VOT, AFT or LDT| string (hex) -| resultsArray| Array of JSON objects that represent each iteration of a Monte Carlo Test. Each iteration will contain the msg and md (and outLen for SHAKE-128 and SHAKE-256)| array of objects containing the md (and potentially outLen) +| resultsArray| Array of JSON objects that represent each iteration of a Monte Carlo Test. Each iteration will contain the msg and md (and outLen for SHAKE-128 v1.0 and SHAKE-256 v1.0)| array of objects containing the md (and potentially outLen) |=== NOTE: The 'tcId' *MUST* be included in every test case object sent between the client and the server. @@ -148,7 +148,7 @@ The following is an example JSON object response for SHAKE-128 v1.0. The group i [source, json] ---- { - "vsId": 0, + "vsId": 12345, "algorithm": "SHAKE-128", "revision": "1.0", "testGroups": [ @@ -199,3 +199,38 @@ The following is an example JSON object response for SHAKE-128 v1.0. The group i ] } ---- + +The following is an example JSON object response for SHAKE-128 FIPS202. The group identified by tgId 1 is a group of AFTs. + +[source, json] +---- +{ + "vsId": 12345, + "algorithm": "SHAKE-128", + "revision": "FIPS202", + "testGroups": [ + { + "tgId": 1, + "tests": [ + { + "tcId": 1, + "md": "1991649A5A7766AC93F2C665186C..." + }, + { + "tcId": 2, + "md": "32C4F0A828FE7704B37FD92EBD34..." + }, + { + "tcId": 3, + "md": "0386A3F546FC3DD4958D0B1..." + }, + { + "tcId": 4, + "md": "0942D03460462EFC1A5F0A229D1..." + } + ] + } + ] +} +---- +