-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Safeprimes keyvery spec update #849
Comments
@smuellerDD I'm not really following, can you provide an example of json that you think the server expects? IIRC for keyVer we're only expecting |
Am Montag, 27. April 2020, 13:11:44 CEST schrieb Russ Hammett:
Hi Russ,
@smuellerDD I'm not really following, can you provide an example of json
that you think the server expects? IIRC for keyVer we're only expecting
`"testPassed": true` and `"testPassed": false` for all test cases for that
algorithm type.
It is not about JSON, it is about what tests are actually expected to happen.
For the KAS-FFC tests, for example, the test for 1 < y < p and y^q = 1 mod p
is needed. Initially I requested the IUT to perform this test. The ACVP server
replied that even more failing keys should have been detected.
Then I added the test that y is re-created from x and then memcmp'ed with the
provided y. And this was the solution to make the keyver pass.
However, it was not clear from the SPEC which tests are actually expected to
be executed. All I would suggest is to update the SPEC stating exactly what
the IUT shall do.
Ciao
Stephan
|
Just to close the loop a bit and make the eventual spec update easier... This is what the server checks considers an invalid key...
These come from the DSA KeyVer methods in FIPS186-4. Eventually these should live elsewhere in a standard once FIPS186-5 is published. |
Am Montag, 27. April 2020, 17:37:56 CEST schrieb Chris Celi:
Hi Chris,
Just to close the loop a bit and make the eventual spec update easier...
This is what the server checks considers an invalid key...
```
Invalid key pair, x must satisfy 0 < x < q
Invalid key pair, y != g^x mod p
```
These come from the DSA KeyVer methods in FIPS186-4. Eventually these should
live elsewhere in a standard once FIPS186-5 is published.
Ohh, I see, so it is NOT the SP800-56A partial / full key check specified in
section 5.6 then.
Thank you for specifying that. Thus, may I ask for an update of the SPEC to
point to that test? Thanks.
Ciao
Stephan
|
The safe prime key verification spec does not seem to document which checks are to be performed by the IUT. Casually, I would test that y is proper (i.e. complies with SP800-56A rev 3). However, the ACVP server seems to require in addition that the IUT re-calculates y from the provided x and compares the provided y with the calculated y. Only with both tests, I get a passing safeprimes key verification test.
May I ask to clarify that in the spec?
The text was updated successfully, but these errors were encountered: