cisco / libacvp

The libacvp library is a client-side implementation of the draft ACVP protocol (github.com/usnistgov/ACVP).
Apache License 2.0
67 stars 69 forks source link

algorithm testing using libacvp #618

Closed jithueee closed 3 years ago

jithueee commented 3 years ago

Hi, We have a vector request JSON file from third party, How can we pass existing JSON file to libacvp for algorithm testing? and get the test vector responses and upload to demo server? The test intended to run only AES algorithm. Can you provide steps will be helpful?

abkarcher commented 3 years ago

Hello,

Please view the comment here -

https://github.com/cisco/libacvp/issues/592#issuecomment-822854657

You would then run ./acvp_app --aes --vector_req .json --vector_rsp .json

And remove the info you added from the output file.

Let us know if you have any further questions!

Thanks, Andrew

jithueee commented 3 years ago

Hi Andrew,

Thanks, that worked. How to upload test vector responses to demo server? when i run this getting below error ./acvp_app --vector_upload .json

ACVP [STATUS][acvp_upload_vectors_from_file:1045]--> Uploading vectors from response file... ACVP [WARN][acvp_upload_vectors_from_file:1106]--> Missing indication of whether tests are sample in file, continuing ACVP [STATUS][acvp_upload_vectors_from_file:1178]--> Sending responses for vector set 562917 ACVP [ERR][log_network_status:1107]--> 403 error received from server. Message: ACVP [ERR][log_network_status:1108]--> (null) ACVP [ERR][acvp_upload_vectors_from_file:1181]--> Failed to submit test results for vector set - skipping... ACVP [STATUS][acvp_upload_vectors_from_file:1194]--> Tests complete, checking results... ACVP [ERR][log_network_status:1107]--> 403 error received from server. Message: ACVP [ERR][log_network_status:1108]--> (null) ACVP [ERR][acvp_get_result_test_session:2782]--> Error retrieving vector set results! ***ACVP [ERR][acvp_upload_vectors_from_file:1197]--> Unable to retrieve test results

Please advise.

Thanks

abkarcher commented 3 years ago

Hello,

To submit them, you need the test session URL and JWT associated with it. If you received the vector set from elsewhere without that info, you would have to get that info from the source and fill them into the block we added to JSON.

Andrew

jithueee commented 3 years ago

Hi, URL and JWT associated is there in JSON block, but getting 403 forbidden error.

ACVP [STATUS][acvp_upload_vectors_from_file:1045]--> Uploading vectors from response file... ACVP [WARN][acvp_upload_vectors_from_file:1106]--> Missing indication of whether tests are sample in file, continuing ACVP [STATUS][acvp_upload_vectors_from_file:1178]--> Sending responses for vector set 562917 ACVP [ERR][log_network_status:1107]--> 403 error received from server. Message: ACVP [ERR][log_network_status:1108]--> (null) ACVP [ERR][acvp_upload_vectors_from_file:1181]--> Failed to submit test results for vector set - skipping... ACVP [STATUS][acvp_upload_vectors_from_file:1194]--> Tests complete, checking results... ACVP [ERR][log_network_status:1107]--> 403 error received from server. Message: ACVP [ERR][log_network_status:1108]--> (null) ACVP [ERR][acvp_get_result_test_session:2782]--> Error retrieving vector set results! ***ACVP [ERR][acvp_upload_vectors_from_file:1197]--> Unable to retrieve test results

Please check.

Thanks.

abkarcher commented 3 years ago

Hello,

Do you have all of the other appropriate credentials to access the server? (key, cert, and TOTP seed, acquired from NIST)

Thanks, Andrew

jithueee commented 3 years ago

Hi, Yes, all are acquired from NIST, able to communicate with demo server.

able to run sample too.

./acvp_app --aes --sample

Using the following parameters:

ACV_SERVER:     demo.acvts.nist.gov
ACV_PORT:       443
ACV_URI_PREFIX: /acvp/v1/
ACV_CA_FILE:    /data/mozzila_trust_anchors.pem
ACV_CERT_FILE:  /data/xxx.cer
ACV_KEY_FILE:   /data/xxx_Demo.key

ACVP [WARN][acvp_http_user_agent_check_env_for_var:1234]--> Unable to collect info for HTTP user-agent - please define ACV_OE_PROCESSOR (64 char max.) ACVP [STATUS][acvp_login:2521]--> Logging in... ACVP [STATUS][acvp_login:2541]--> Login successful ACVP [STATUS][acvp_register:1975]--> Building registration of capabilities... ACVP [STATUS][acvp_register:1983]--> Sending registration of capabilities... ACVP [STATUS][acvp_register:1992]--> Successfully sent registration and received list of vector set URLs ACVP [STATUS][acvp_register:1993]--> Test session URL: /acvp/v1/testSessions/179019 ACVP [STATUS][acvp_run:3286]--> Beginning to download and process vector sets... ACVP [STATUS][acvp_retry_handler:2467]--> 200 OK KAT values not ready, server requests we wait 30 seconds and try again... ACVP [STATUS][acvp_retry_handler:2467]--> 200 OK KAT values not ready, server requests we wait 30 seconds and try again... ACVP [STATUS][acvp_dispatch_vector_set:2697]--> Processing vector set: 566845 ACVP [STATUS][acvp_dispatch_vector_set:2698]--> Algorithm: ACVP-AES-CTR ACVP [STATUS][acvp_process_vector_set:2746]--> Successfully processed vector set ACVP [STATUS][acvp_process_vsid:2668]--> Posting vector set responses for vsId 566845... ACVP [STATUS][acvp_run:3305]--> Tests complete, checking results... ACVP [STATUS][acvp_get_result_test_session:2916]--> TestSession results incomplete... ACVP [STATUS][acvp_retry_handler:2469]--> 200 OK results not ready, waiting 30 seconds and trying again... ACVP [STATUS][acvp_get_result_test_session:2916]--> TestSession results incomplete... ACVP [STATUS][acvp_retry_handler:2469]--> 200 OK results not ready, waiting 30 seconds and trying again... ACVP [STATUS][acvp_get_result_test_session:2899]--> Passed all vectors in test session!

abkarcher commented 3 years ago

Hello,

My mistake for not pointing it out sooner. The output file also needs a list of VectorSet URLs, which is the test session URL followed by /vectorSets/[vsid] Also want to ensure that any forward slashes are escaped in JSON. Here is an example from a file I just created for two algorithms, with identifying info removed -

[ {
    "jwt": "insertRealJwtHere",
    "url": "\/acvp\/v1\/testSessions\/000000",
    "isSample": false,
    "vectorSetUrls": [
        "\/acvp\/v1\/testSessions\/000000\/vectorSets\/00001",
        "\/acvp\/v1\/testSessions\/000000\/vectorSets\/00002"
    ]
}, {
    "vsId": 00001,
    "algorithm": "KAS-KDF",
    "mode": "HKDF",
    "revision": "Sp800-56Cr1",
    "isSample": false,
     ....etc

Hopefully this helps.

Thanks, Andrew

abkarcher commented 3 years ago

Hello,

I am closing this issue due to inactivity. If you have further questions about this issue, you may reopen it.

Thanks, Andrew