search

usnistgov / ACVP

Industry Working Group on Automated Cryptographic Algorithm Validation
https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program
162 stars 65 forks source link

Unable to request ECDSA 186-5 Production Vectors with B and K Curves #1515

Closed ik572 closed 4 months ago

ik572 commented 4 months ago

New issue related to:

Github Issue #1508

https://github.com/usnistgov/ACVP/pull/1508/files

It seems that the effort to update the ECDSA 186-5 documentation to show correct curve support in tables (pull #1508) was reflecting the following FIPS 140-3 IG C.K. Resolution 4: ...Despite their deprecation status, these curves (i.e., K-233, B-233, K-283, B-283, K-409, B-409, K-571, B-571) are still considered approved and therefore will be included in the CAVP FIPS 186-5 testing.

However, we were unable to request ECDSA 186-5 production vectors with the B and K curves added to the request. The following registration for ECDSA 186-5 KeyGen works on the demo server but the request does not succeed using the production server. This is the example registration file, but with the B and K curves added from Table 5: ECDSA keyGen FIPS186-5 Capabilities JSON Values. This same result exists for ECDSA 186-5 KeyGen, KeyVer, SigGen, and SigVer respectively.

[

  {

    "acvVersion": "1.0"

  },

  {

    "algorithms": [

      {

        "algorithm": "ECDSA",

        "revision": "FIPS186-5",

        "mode": "keyGen",

        "prereqVals": [

          {

            "algorithm": "DRBG",

            "valValue": "same"

          }

        ],

        "curve": [

          "P-224",

          "P-256",

          "P-384",

          "P-521",

          "B-233",

          "B-283",

          "B-409",

          "B-571",

          "K-233",

          "K-283",

          "K-409",

          "K-571"

        ],

        "secretGenerationMode": [

          "extra bits"

        ]

      }

    ]

  }

]

Is there some mistake in our request or our understanding of the testable curves?

Thank you for your assistance!

livebe01 commented 4 months ago

Hi @ik572, this would be expected. The B and K curves were re-enabled for ECDSA FIPS186-5 in ACVTS release v1.1.0.34. v1.1.0.34 is on ACVTS Demo, but it has yet to be deployed to ACVTS Prod. We expect to deploy v1.1.0.34 to Prod this week. You can track the dates specific releases have been deployed to the environments via https://github.com/usnistgov/ACVP-Server/releases. The version of ACVTS can also be determined per environment by accessing the following endpoint with your ACVP client: https://github.com/usnistgov/ACVP-Server/wiki/Health-Check---Server-Version-Endpoint.