smuellerDD
commented
3 years ago I am not sure which version of the proxy you use. But for IFC I ask you to use the latest one that was released (1.7.0) as IFC received a number of SPEC updates in the last weeks which I included into the proxy.
See the definition_impl_devel.c for the starting point. With that I get
{
"prereqVals":[
{
"algorithm":"RSA",
"valValue":"same"
},
{
"algorithm":"HMAC",
"valValue":"same"
},
{
"algorithm":"DRBG",
"valValue":"same"
}
],
"algorithm":"KTS-IFC",
"revision":"Sp800-56Br2",
"function":[
"keyPairGen",
"partialVal"
],
"iutId":"0123456789abcdef",
"keyGenerationMethods":[
"rsakpg1-basic",
"rsakpg1-prime-factor",
"rsakpg1-crt"
],
"modulo":[
6144,
8192,
2048
],
"fixedPubExp":"010001",
"scheme":{
"KTS-OAEP-basic":{
"kasRole":[
"initiator",
"responder"
],
"ktsMethod":{
"hashAlgs":[
"SHA2-256",
"SHA3-384"
],
"supportsNullAssociatedData":true,
"fixedInfoPattern":"uPartyInfo||vPartyInfo||literal[affeaffeaffe]",
"encoding":[
"concatenation"
]
},
"l":1024
}
}
},See, the modulo field is at a different hierarchy level.
I am trying to request KAS_IFC test vectors, here is my definition: const struct def_algo_kas_ifc_keygen kas_ifc_keygen = { .keygen_method = DEF_ALG_KAS_IFC_RSAKPG2_BASIC, .rsa_modulo = {DEF_ALG_RSA_MODULO_2048}, };
const struct def_algo_kts_method kas_ifc_kts_method = { .hashalg = ACVP_SHA256, .supports_null_association_data = false, .associated_data_pattern_type = {DEF_ALG_KAS_KDF_FI_PATTERN_LITERAL}, .literal = "12345678", .associated_data_pattern_encoding = DEF_ALG_KAS_KDF_FI_ENCODING_CONCATENATION, };
const struct def_algo_kas_mac_method kas_mac = { .mac = ACVP_HMACSHA2_256, .key_length = 512, .mac_length = 64, };
static const struct def_algo_kas_ifc_schema kas_ifc_schema = { .schema = DEF_ALG_KAS_IFC_KTS_OAEP_BASIC, .kas_ifc_role = DEF_ALG_KAS_IFC_INITIATOR | DEF_ALG_KAS_IFC_RESPONDER, .keygen = &kas_ifc_keygen, .keygen_num = 1, .onestekdf = kas_kdf_onestep, .kts_method = kas_ifc_kts_method, .mac = &kas_mac, .mac_entries = 1, .length = 512, };
define OPENSSL_KAS_IFC \
And here is my "acvp-proxy --request --dump-register" [ { "acvVersion":"1.0" }, { "isSample":false, "operation":"register", "certificateRequest":"no", "debugRequest":"yes", "production":"no", "encryptAtRest":"yes", "algorithms":[ { "prereqVals":[ { "algorithm":"SHA", "valValue":"same" }, { "algorithm":"DRBG", "valValue":"same" }, { "algorithm":"ECDSA", "valValue":"same" } ], "algorithm":"KTS-IFC", "revision":"Sp800-56Br2", "function":[ "keyPairGen" ], "iutId":"12345678", "scheme":{ "KTS-OAEP-basic":{ "kasRole":[ "initiator", "responder" ], "keyGenerationMethods":{ "rsakpg2-basic":{ "modulo":[ 2048 ] } }, "macMethods":{ "HMAC-SHA2-256":{ "keyLen":512, "macLen":64 } }, "ktsMethod":{ "hashAlgs":[ "SHA2-256" ], "supportsNullAssociatedData":false, "fixedInfoPattern":"literal[12345678]", "encoding":[ "concatenation" ] }, "l":512 } } } ] } ]
The server is responding with: { "acvVersion": "1.0" }, { "error": "Validation error(s) on JSON payload.", "context": [ "KTS-IFC-Sp800-56Br2: No keyGenerationMethods supplied.;No Modulus supplied." ] }
But my register dump shows that I am supplying the keyGeneration method and the modulus. This could again be a server bug, but maybe also me not having that part of the registration message at the right level