-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RSA keyGen FIPS186-5 with modulo 15360 runs into timeout #313
Comments
Hi @Karen32123, your vector set should now be available for download. It just took a long time to generate. Keys take a while to generate for that modulo. We normally pre-compute values such as these, but we may not be doing that here. We'll look into computing these ahead of time to make vector set generation more or less instantaneous. |
Hello @livebe01, |
That's correct. It looks like the client you used to interact with ACVTS Demo is set to time out after ~1 hour and 30 minutes. It actually took the Demo server over 5 hours to create the vector set you requested. This follows as RSA keys with a 15360 modulo take a l long time to generate. But it's unusual for a vector set to take 5 hours to generate. There are some things that we can do on our end to speed up the process. We'll keep this ticket open until we've been able to put those things in place to speed up RSA keyGen FIPS186-5 modulo 15360 testing. |
Hi @Karen32123, we took a closer look at supporting the 15360 modulus for RSA keyGen FIPS186-5 modulo testing and we've decided to remove support for testing that modulus. The runtimes involved are just too high. We plan to remove support for RSA keyGen FIPS186-5 15360 modulus testing sometime next week in updates to the Demo and Prod servers. |
Hello livebe01, thanks for the information. |
The fix for this is on Demo in release v1.1.0.34. |
The fix for this is now on Prod as part of the v1.1.0.34 release. |
environment
Demo
testSessionId
487084
vsId
2166562
Algorithm registration
Testing capabilities (part of it):
"algorithm": "RSA",
"mode": "keyGen",
"revision": "FIPS186-5"
"modulo": 15360
Endpoint in which the error is experienced
https://demo.acvts.nist.gov:443/acvp/v1/
Expected behavior
Hello,
According to https://pages.nist.gov/ACVP/draft-celi-acvp-rsa.html#name-keygen-registration-table-2 it should now be possible to request a keyGen RSA test vector with "modulo"=15360. However, when trying to do so, I do not get any response back. After two hours the following error message occurs:
***ACVP [STATUS][acvp_retry_handler:2467]--> 200 OK KAT values not ready, server requests we wait 30 seconds and try again...
***ACVP [INFO][log_network_status:1064]--> GET Vector Set...
Status: 200
Url: https://demo.acvts.nist.gov:443/acvp/v1/testSessions/487084/vectorSets/2166562
Resp:
[
{
"acvVersion": "1.0"
},
{
"retry": 30
}
]
***ACVP [STATUS][acvp_retry_handler:2467]--> 200 OK KAT values not ready, server requests we wait 30 seconds and try again...
***ACVP [STATUS][acvp_process_vsid:2607]--> Maximum wait time with server reached! (Max: 7200 seconds)
***ACVP [ERR][acvp_process_tests:2432]--> Unable to process vector set! Error: 3
***ACVP [ERR][acvp_run:3294]--> Failed to process vectors
SUMMARY
Done 1 actions: 0 succeeded, 1 failed
Failures: rsa-keygen,
End of program at 2024-02-19 16:04:45. Duration: 125.82 minutes.
Could you please help me with that?
The text was updated successfully, but these errors were encountered: