search

usnistgov / ACVP

Industry Working Group on Automated Cryptographic Algorithm Validation
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program
172 stars 66 forks source link

Demo Server: Create KAS ECC and FFC test sessions bounce with No Dkm Nonce Types supplied #1025

Closed jbarnesweb closed 4 years ago

jbarnesweb commented 4 years ago

The following minimal KAS algorithm test session request POSTed to /testSessions bounced with the error "KAS-ECC-1.0: No Dkm Nonce Types supplied"

The spec says that nonceType is a kdfKc option. See https://usnistgov.github.io/ACVP/draft-fussell-acvp-kas-ecc.html#name-supported-kas-ecc-kc-option. I'm trying to use the kdfNoKc option.

Is this a misunderstanding of the spec or a server error?


[
    {
        "acvVersion": "1.0"
    },
    {
        "isSample": false,
        "algorithms":
        [
            {
            "algorithm": "KAS-ECC",
            "revision": "1.0",
            "prereqVals": 
            [
                {
                    "algorithm": "ECDSA",
                    "valValue": "same"
                },
                {
                    "algorithm": "DRBG",
                    "valValue": "same"
                },
                {
                    "algorithm": "SHA",
                    "valValue": "same"
                },
                {
                    "algorithm": "HMAC",
                    "valValue": "same"
                }
            ],
            "function": ["keyPairGen", "dpGen", "dpVal", "partialVal"],
            "scheme": {
                "staticUnified": {
                    "kasRole": ["initiator", "responder"],
                    "kdfNoKc": {
                        "kdfOption": {
                            "concatenation": "uPartyInfo||vPartyInfo",
                            "ASN1": "uPartyInfo||vPartyInfo"
                        },
                        "parameterSet": {
                            "ec": {
                                "curve": "P-256",
                                "hashAlg": ["SHA2-256"],
                                "macOption": {
                                    "HMAC-SHA2-256": {
                                        "keyLen": [256],
                                        "macLen": 256
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        ]
    }
]
Kritner commented 4 years ago

The static schemes require an additional nonce over the non static schemes, so it is separate from "nonceTypes". The dkm nonce for static schemes are plugged in at the KDF level, but that is missing from the specification.

jbarnesweb commented 4 years ago

FWIW, I'm trying to get a vector set like the following CAVP request file.

#  CAVS 21.4
#  ECC Function Test for dhStaticUnified Key Agreement Role Initiator  - KEY AGREEMENT TESTING WITHOUT KEY CONFIRMATION - Information for "Win10-2004-SymCrypt-00"
#  KDF method tested: KDFConcat_
#  Parameter set(s) supported: EC ED EE
#  CAVSid: CAVSid (in hex: 434156536964)
[EC]

[Curve selected:  P-256]
[SHA(s) supported (Used in the KDF function):  SHA256]
[MAC algorithm supported:  HMAC]
[HMAC SHAs supported:  SHA256]
[HMACKeySize(in bits):  256]
[HMAC Tag length(in bits):  256]

...

jbarnesweb commented 4 years ago

Thank you!