search

cisco / libacvp

The libacvp library is a client-side implementation of the draft ACVP protocol (github.com/usnistgov/ACVP).
Apache License 2.0
67 stars 69 forks source link

Error when request KDF answer vector files #432

Closed gx2955 closed 4 years ago

gx2955 commented 4 years ago

Hi, I can download the kdf vectors, but when I request the kdf answer vector files, I got the following error.

I add #define OPENSSL_KDF_SUPPORT at both acvp.h and app_kdf.c, also I enable the IKEv1 support. Is that currently libacvp does not support kdf or there is something wrong on my side? Thanks.

$: ./app/acvp_app --kdf --vector_req req.json --vector_rsp resp.json

Using the following parameters:

ACV_SERVER:     demo.acvts.nist.gov
ACV_PORT:       443
ACV_URI_PREFIX: /acvp/v1/
ACV_CA_FILE:    certs/acvp.nist.gov.crt
ACV_CERT_FILE:  certs/demo.cer
ACV_KEY_FILE:   certs/privatekey.key

ACVP [STATUS][acvp_run_vectors_from_file:864]--> Beginning offline processing of vector sets... ACVP [STATUS][acvp_dispatch_vector_set:2495]--> Processing vector set: 241669 ACVP [STATUS][acvp_dispatch_vector_set:2496]--> Algorithm: kdf-components ACVP [ERR][acvp_kdf135_tls_kat_handler:295]--> crypto module failed the operation ***ACVP [ERR][acvp_run_vectors_from_file:945]--> KAT dispatch error

gx2955 commented 4 years ago

A more detailed log is,

ACVP [STATUS][acvp_run_vectors_from_file:864]--> Beginning offline processing of vector sets... ACVP [INFO][acvp_run_vectors_from_file:923]--> Received vsid_url=/acvp/v1/testSessions/92019/vectorSets/241669 ACVP [INFO][acvp_run_vectors_from_file:923]--> Received vsid_url=/acvp/v1/testSessions/92019/vectorSets/241670 ACVP [INFO][acvp_run_vectors_from_file:923]--> Received vsid_url=/acvp/v1/testSessions/92019/vectorSets/241671 ACVP [INFO][acvp_run_vectors_from_file:923]--> Received vsid_url=/acvp/v1/testSessions/92019/vectorSets/241672 ACVP [INFO][acvp_run_vectors_from_file:923]--> Received vsid_url=/acvp/v1/testSessions/92019/vectorSets/241673 ACVP [STATUS][acvp_dispatch_vector_set:2495]--> Processing vector set: 241669 ACVP [STATUS][acvp_dispatch_vector_set:2496]--> Algorithm: kdf-components ACVP [INFO][acvp_kdf135_tls_kat_handler:209]--> Test group: 0 ACVP [INFO][acvp_kdf135_tls_kat_handler:210]--> pmLen: 384 ACVP [INFO][acvp_kdf135_tls_kat_handler:211]--> kbLen: 1024 ACVP [INFO][acvp_kdf135_tls_kat_handler:212]--> method: v1.2 ACVP [INFO][acvp_kdf135_tls_kat_handler:213]--> sha: SHA2-256 ACVP [INFO][acvp_kdf135_tls_kat_handler:218]--> Found new hash test vector... ACVP [INFO][acvp_kdf135_tls_kat_handler:265]--> Test case: 0 ACVP [INFO][acvp_kdf135_tls_kat_handler:266]--> tcId: 1 ACVP [INFO][acvp_kdf135_tls_kat_handler:267]--> pmSecret: 092EE4E1FFEA683B4706FE9E54B7FA696975E19172529488D3AD47231DC9A81F1AEA3F4F75C2C0E3558528DA92B1EFAC ACVP [INFO][acvp_kdf135_tls_kat_handler:268]--> shRND: 950826F0BB666DC92381D9D889B5E7A32872C0F5BF125119972C6E534BB94865 ACVP [INFO][acvp_kdf135_tls_kat_handler:269]--> chRND: A4F1AD5CBBE282A1207B9588540B584A02C413D54609DE4265E1D23D078D45B9 ACVP [INFO][acvp_kdf135_tls_kat_handler:270]--> sRND: BAD3C9F8C4C55499849D930D37AB85420DA04B9E645DD93829CEE5E090D27D49 ACVP [INFO][acvp_kdf135_tls_kat_handler:271]--> cRND: F3A67008E58195C78CCB68F77518B910E02BBC82363B742BDCAF795A8CE064EC ACVP [ERR][acvp_kdf135_tls_kat_handler:295]--> crypto module failed the operation ***ACVP [ERR][acvp_run_vectors_from_file:945]--> KAT dispatch error

abkarcher commented 4 years ago

Hello,

acvp_app does not have an implementation for KDF algorithm testing as openSSL/openSSL FOM do not have these algorithms built in. If you are using a crypto module which supports the KDF algorithms, you would have to implement handlers for those in the application yourself. The app just returns a fail status when given KDF test cases.

If you need to disable KDF vector downloads while testing a FOM of some sort, you can use --disable-kdf at configure time.

Thanks, Andrew

gx2955 commented 4 years ago

Hi, @abkarcher :

Okay, get it, thanks.