-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KAS-ECC: fixedInfoPattern restrictions #1466
Comments
Hi @smuellerDD, no I don't think there's a particularly good reason for that. I'm sure KAS could be updated to allow multiple literals in the construction. But I wonder if it would be more productive to update KAS to remove the fixedInfo construction from the testing scope, i.e., allow the tester to specify the fixedInfo value that was used? |
Hi @livebe01. I am working with @smuellerDD on this issue and wanted to add a bit of background. The implementation we are attempting to test is protocol specific format used for PIVP. Our customer implements the fixed inf as such: literal1 || partyU ID || literal2 || partyU leftmost 16 bytes public key || partyV ID || partyV nonce || literal3 |
Sure, can you get me the registration you would like to use? |
So, you are saying that we shall have a generic registration, send the test session to you and you will "fix" the fixed info definition? |
Not quite. I'm saying, can you send me the registration that you would use for the algorithm assuming that ACVTS supported the fixedInfoPattern you need. I'd like to look at the registration and think about how to handle it. ACVTS doesn't support the fixedInfoPattern you need, but pretend that it does. I'm thinking that we'll want to accomplish this testing by CAVP generating a custom vector set for your IUT. |
Am Donnerstag, 7. September 2023, 18:07:49 CEST schrieb livebe01:
Hi livebe01,
Not quite. I'm saying, can you send me the registration that you would use
for the algorithm assuming that ACVTS supported the fixedInfoPattern you
need. I'd like to look at the registration and think about how to handle
it. ACVTS doesn't support the fixedInfoPattern you need, but pretend that
it does. I'm thinking that we'll want to accomplish this testing by CAVP
generating a custom vector set for your IUT.
Well, this would require adding new keywords, such as a reference to the used
key and a substring thereof.
Ciao
Stephan
|
Hi Stephan, you and @rnunez83 have described your needs in relation to |
@livebe01, this is the FixedInfo usually prepared to derive the keys: [literal1 : e.g: 0x0409090909] || [partyU ID] || [literal2 : 0x0100] || [partyU leftmost 16 bytes public key] || [partyV ID] || [partyV nonce (16 bytes for ECC P-256, 24 bytes for ECC P-384/512)] || [literal3 : 0x0100] Is this what you are looking for? |
Not exactly. I think that I understand how the IUT in question is preparing the FixedInfo. What I'm asking for is for you to describe its other attributes in relation to its implementing/conforming to KAS-ECC Sp800-56Ar3. What would the rest of its registration look like? E.g., https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-ecc-sp800-56ar3.html#name-example-kas-ecc-registratio. |
Hi @livebe01
Ok. how about this then:
|
Thanks @rnunez83, this is helpful. Let me take a look and come up with some options for addressing this. |
Hi, I'm picking this item up from Ben, @livebe01. From what I see, you tried a registration that was rejected because it contained duplicate If you have the Gen/Vals running yourself, you can remove the lines around https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/src/generation/src/NIST.CVP.ACVTS.Libraries.Generation/KAS/Sp800_56Ar3/ParameterValidator.cs#L621. Otherwise if you send me a registration that was failing previously, I can generate some files for you. The registration @rnunez83 provided a couple weeks ago runs without issue already. |
hi @celic. the registration request is the following: |
This is the same one that you posted a couple comments ago? This ran with no issues. I'm looking for the one that you all want to run but are prevented due to the original error message. |
@celic, see that is the thing. I am unable to create a request that allows two different literal values. What I am trying to form is the following fixedinfo: |
Totally agree. Why do we need to test fixedInfo construction? Allow the tester to specify fixedInfo would be more favourable. |
Protocol Section
See FixedInfoPatternConstruction in the KAS-ECC (and perhaps in the FFC specification).
Protocol Question
The specification outlines a number of options. It does not hint that the listed options can only be used once. With that in mind, I tried to define a fixedInfoPattern with multiple literals which is used by one of our clients.
E.g. I would like to define a fixedInfoPattern along the following line of tought:
literal1 || partyUId || literal2 || some other data || partyVId || some other data || literal3
Note, this "some other data" is even a part that is not yet defined in the specification. Anyhow, leaving that out for the moment, the server still returns me:
Thus, the server seems to require the uniqueness of fixedInfoPattern components. Is there a reason for that?
Can we add additional components to the fixedInfoPattern which implies that the protocol is extended by more possibilities?
The text was updated successfully, but these errors were encountered: