[cryptotest] Add RSA sign SHA-3 test vectors

Although there are no test vectors available that use SHA-3, reuse
some SHA-2 test vectors and manually override the mode to SHA-3.
This works as the verify-after-sign testing approach enable us to
do this.

Signed-off-by: Pascal Nasahl <nasahlpa@lowrisc.org>
(cherry picked from commit d493164)

Author: nasahlpa

sw/host/cryptotest/testvectors/data/BUILD

@@ -734,17 +734,26 @@ WYCHEPROOF_RSA_PSS_SUFFIXES = {
 # the output file name; the parser reads group["sha"] for the actual alg.
 WYCHEPROOF_RSA_OAEP_SIGN_SOURCES = {
     2048: [
-        ("sha256_mgf1sha256", "sha256"),
-        ("sha384_mgf1sha384", "sha384"),
-        ("sha512_mgf1sha512", "sha512"),
+        ("sha256_mgf1sha256", "sha256", None),
+        ("sha384_mgf1sha384", "sha384", None),
+        ("sha512_mgf1sha512", "sha512", None),
+        ("sha256_mgf1sha256", "sha3_256", "sha3-256"),
+        ("sha256_mgf1sha256", "sha3_384", "sha3-384"),
+        ("sha256_mgf1sha256", "sha3_512", "sha3-512"),
     ],
     3072: [
-        ("sha256_mgf1sha256", "sha256"),
-        ("sha512_mgf1sha512", "sha512"),
+        ("sha256_mgf1sha256", "sha256", None),
+        ("sha512_mgf1sha512", "sha512", None),
+        ("sha256_mgf1sha256", "sha3_256", "sha3-256"),
+        ("sha256_mgf1sha256", "sha3_384", "sha3-384"),
+        ("sha256_mgf1sha256", "sha3_512", "sha3-512"),
     ],
     4096: [
-        ("sha256_mgf1sha256", "sha256"),
-        ("sha512_mgf1sha512", "sha512"),
+        ("sha256_mgf1sha256", "sha256", None),
+        ("sha512_mgf1sha512", "sha512", None),
+        ("sha256_mgf1sha256", "sha3_256", "sha3-256"),
+        ("sha256_mgf1sha256", "sha3_384", "sha3-384"),
+        ("sha256_mgf1sha256", "sha3_512", "sha3-512"),
     ],
 }
 
@@ -787,15 +796,18 @@ WYCHEPROOF_RSA_OAEP_SIGN_SOURCES = {
             padding_mode,
             "--security_level",
             str(security_level),
-        ],
+        ] + ([
+            "--hash",
+            hash_override,
+        ] if hash_override else []),
         tool = "//sw/host/cryptotest/testvectors/parsers:wycheproof_rsa_parser",
     )
     for security_level in [
         2048,
         3072,
         4096,
     ]
-    for oaep_suffix, hash_suffix in WYCHEPROOF_RSA_OAEP_SIGN_SOURCES[security_level]
+    for oaep_suffix, hash_suffix, hash_override in WYCHEPROOF_RSA_OAEP_SIGN_SOURCES[security_level]
     for padding_mode in [
         "pkcs1_1.5",
         "pss",

sw/host/cryptotest/testvectors/parsers/wycheproof_rsa_parser.py

@@ -19,14 +19,19 @@ def parse_test_vectors(raw_data, args):
         # Parse tests within the group
         for test in group["tests"]:
             logging.debug(f"Parsing tcId {test['tcId']}")
+            hash_alg = (
+                args.hash
+                if args.operation == "sign" and args.hash
+                else group["sha"].lower().replace("shake", "shake-")
+            )
             test_vec = {
                 "vendor": "wycheproof",
                 "test_case_id": test["tcId"],
                 "algorithm": "rsa",
                 "operation": args.operation,
                 "padding": args.padding,
                 "security_level": int(args.security_level),
-                "hash_alg": group["sha"].lower().replace("shake", "shake-"),
+                "hash_alg": hash_alg,
                 "message": str_to_byte_array(test["msg"]),
             }
 
@@ -51,7 +56,12 @@ def parse_test_vectors(raw_data, args):
             else:
                 raise ValueError(f"Unsupported RSA operation: {args.operation}")
 
-            if test["result"] == "valid":
+            if args.operation == "sign":
+                # Sign-then-verify always succeeds regardless of the source
+                # vector's result; the OAEP result reflects ciphertext validity,
+                # not key validity.
+                test_vec["result"] = True
+            elif test["result"] == "valid":
                 test_vec["result"] = True
             elif test["result"] == "invalid":
                 test_vec["result"] = False
@@ -118,6 +128,13 @@ def main():
         help = "RSA security level",
         choices = ["2048", "3072", "4096"],
     )
+    parser.add_argument(
+        "--hash",
+        type = str,
+        help = "Hash algorithm override for sign operation (overrides group sha field)",
+        choices = ["sha-256", "sha-384", "sha-512", "sha3-256", "sha3-384", "sha3-512"],
+        default = None,
+    )
     args = parser.parse_args()
 
     testvecs = parse_test_vectors(json.load(args.src), args)