Error appears in vector rather than response when creating test session with KAS-ECC registration #1399
Comments
|
@AlexThurston Can you provide me with the registration used to start please? Thanks! |
|
Sorry, to clarify the test was returned as canceled with no files available for me to use/test. Thanks :) |
|
I hope this helps. Server: Registration: {
"algorithm": "KDA",
"revision": "Sp800-56Cr2",
"mode": "HKDF",
"l": 2048,
"z": [
{
"max": 8192,
"min": 224,
"increment": 8
}
],
"hmacAlg": [
"SHA2-224",
"SHA2-256",
"SHA2-384",
"SHA2-512",
"SHA2-512/224",
"SHA2-512/256",
"SHA3-224",
"SHA3-256",
"SHA3-384",
"SHA3-512"
],
"encoding": [
"concatenation"
],
"macSaltMethods": [
"default",
"random"
],
"fixedInfoPattern": "algorithmId||l||uPartyInfo||vPartyInfo",
"performMultiExpansionTests": false
}The content of the vector set is: [
{
"acvVersion": "1.0"
},
{
"error": "The UsesHybridSharedSecret registration property is required for algo/mode/revision KDA_HKDF_Sp800_56Cr2 testing, but was not provided."
}
]Just to be clear, the error might be a legitimate error in the registration, but the problem is that normally that would be reported back when the test session is being created, not within the vector set. |
|
Thanks! |
|
After review, the errors are correct from an updated implementation by Ben in November. As far as the how it's reporting errors, it's using the same system as the other algorithms. It generates a response, etc, nothing has changed and it's reusing the same code. |
|
But doesn't this make the API a little inconsistent? In some cases, if I request a test session with algorithm registration values, I will get an error at that time (which I think is good). However, in other cases, the error will exist in the vector set which will only be discoverable later. IMO, this makes the API less worse because now a user must go through each and every vector set of a test session to ensure that they have been generated correctly and that the selections are good rather than being notified that a registration selection is incorrect from the time of test session creation. Also, the issue isn't necessarily about the error being correct but more so when it is delivered to the user. |
|
Sorry @AlexThurston . I am trying to clean up Github stuff currently and wanted to reply to this. I am keeping this in mind as I agree with you. It's a requirement of the algorithm and the check if it exists should be within the registration, one would assume. I am going to look into why this isn't being done there and ways to resolve it if it doesn't make sense, etc. |
|
@jbrock24 I was wondering if you had any thoughts on this and if you saw any technical reason why the check wasn't happening during registration. |
|
Hey @AlexThurston , this actually came up earlier this week from another dev on the team. I'm currently tracking down why this is going on. On the surface it's using the same system, but something somewhere is changing how it functions. Appreciate the feedback and am currently using your registration for testing. Will get back to you sometime soon regarding it. |
|
@jbrock24 Awesome. Let me know if there's anything I can do to help. |
|
Found the issue and fixed it. It will go out with the next release. Thanks for the ping @AlexThurston and for the info. I'll ping with the release to let you know it's out. |
|
NICE! @jbrock24! You are a scholar and a gentleman! |
|
The fix for this is on Demo in release v1.1.0.32. |
|
The fix for this is on Prod in release v1.1.0.32. |
I am creating a test session with a
KAS-ECCrevisionSp800-56Ar3algorithm registration (ID: 153) with errors within the selection. Normally, the response from the test session create when it errors contains the reasons why. However, in this case, the test session appears to be created successfully, but the errors seems to be captured within the vector set. And example of this is test session ID333097The sessions appears to have been created, but reading vector set
1319450shows that there were errors in the algorithm capabilities.The text was updated successfully, but these errors were encountered: