livebe01
commented
10 months ago Thanks for mentioning this @mmccarl. We agree, ivGen and ivGenMode should be arrays. I think the cleanest way to address this is to create new versions of the algorithm testing, e.g., ACVP-AES-GCM 2.0. We'll plan to do this for AES-GCM, GMAC, and for some RSA keyGen registration properties as well. We'd like to run through the other algorithms and see if we find anything else that should change. We have some items ahead of this, but we've added it to our queue. Let us know if you find any other related issues.
Demo and Prod
In the course of generating vectors for customers, we have encountered situations where an implementation supports several options that can't be specified in a single algorithm request but does require that the vector sets generated are within the same test session. For example, an AES-GCM may support both internal or external IV generation with the added option of specifying the generation mode. Because these fields are not defined as arrays, separate algorithm registrations must be created in the request so that the vector sets are within the same test session. Creating separate items in the algorithms array has proven to be error prone and difficult for vendors to understand the reasoning why it needs to be done.
in addition to AES-GCM IV generation, this issue exists for GMAC as well.
There may be other algorithms/options that have a similar issue. I will attempt to add to this issue as they are identified.