Errors in sample registration documentation for various Algorithms

[chih-kao]

I ran the examples from https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#name-ecdsa-algorithm-registratio and getting the following messages:

ECDSA-sigGen-1.0: Invalid Curves supplied: P-512, intersect : 0, supplied: 1 ECDSA-sigGen-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1 ECDSA-sigVer-1.0: Invalid Curves supplied: P-512, intersect : 0, supplied: 1 ECDSA-sigVer-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1 DetECDSA-sigGen-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1

[jbrock24]

Hi @chih-kao, thank you for testing all of these and letting us know they aren't working. Sometimes this part of the documentation gets out-of-date from the code and sample files. We try to stop this from happening, but it does occur. You seem to have found a few of these, and I'm going to test to verify the issues and correct them when appropriate. To better help organize them all (there are just too many possible algorithms to have an open issue for each one ), I would like to make this Issue, #1544, the main one which re-titles the issue as "Errors in sample registration documentation for various Algorithms", under which we can list them all individually. We can use the markup here for them to organize.

Thanks again for the help, I will tackle these and mark them off when done. If you find some more, please update the message below, we'll use that for the organization.

[jbrock24]

ECDSA ( NO ISSUE )

https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#name-ecdsa-algorithm-registratio

• ECDSA-sigGen-1.0: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
• ECDSA-sigGen-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
• ECDSA-sigVer-1.0: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
• ECDSA-sigVer-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
• DetECDSA-sigGen-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1

KAS ( NO ISSUE )

https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-ifc.html#name-example-kts-ifc-registratio

• KAS-IFC-Sp800-56Br2: macOptions contained no registered MAC algorithms.
• KTS-IFC-Sp800-56Br2: macOptions contained no registered MAC algorithms.

https://pages.nist.gov/ACVP/draft-fussell-acvp-kas-ffc.html#name-example-kas-ffc-component-c https://pages.nist.gov/ACVP/draft-fussell-acvp-kas-ffc.html#name-example-kas-ffc-capabilitie

• KAS-FFC-1.0: KcOption is required when for key confirmation registrations

KDA

https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-kdf-twostep.html#name-registration-example

• KDA-TwoStep-Sp800-56Cr1: Provided L value of 2048 was not contained within the SupportedLengths domain.

[livebe01]

Hi @chih-kao, thank you for testing all of these and letting us know they aren't working. Sometimes this part of the documentation gets out-of-date from the code and sample files. We try to stop this from happening, but it does occur. You seem to have found a few of these, and I'm going to test to verify the issues and correct them when appropriate. To better help organize them all (there are just too many possible algorithms to have an open issue for each one ), I would like to make this Issue, #1544, the main one which re-titles the issue as "Errors in sample registration documentation for various Algorithms", under which we can list them all individually. We can use the markup here for them to organize.

Thanks again for the help, I will tackle these and mark them off when done. If you find some more, please update the message below, we'll use that for the organization.

@chih-kao also, if you're not sure about something you're seeing in the algorithm specifications at https://pages.nist.gov/ACVP/#supported, you may try cross referencing the example json files that are here: https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files.

[chih-kao]

Hi @jbrock24, thank you for taking your time to help. Hi @livebe01, thank you for the information.

[jbrock24]

Hi @chih-kao - I am unable to reproduce the ECDSA errors you showed here, but I will point out that the example registrations are not necessarily going to work without understanding the system. They aren't samples to run, they are examples of what a possible registration file could look like. If you want to locally run some examples through Generation to Validation, as Ben stated above the json sample files would be best. Those are designed to run locally without any IUT involvement.

Can you give those a try and let me know if they work for you?

[chih-kao]

I think it might be just a typo. Is curve "P-521" or "P-512"? I saw a few "P-512" in https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#name-ecdsa-algorithm-registratio

By the way, the https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/ECDSA-SigGen-1.0/registration.json generates vectors successfully without any errors.

[jbrock24]

I think it might be just a typo. Is curve "P-521" or "P-512"? I saw a few "P-512" in https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#name-ecdsa-algorithm-registratio

It's P-521 not P-512. P-512 is an error we will fix, ty.

[jbrock24]

Hi @chih-kao - I ran the KAS tests and they are fine up until Verification. Basically as stated before, an example is just not a sample. The example works fine if you make it a sample as expected.

I feel comfortable closing this as an open issue, please let me know if there is still something incorrect or that I'm missing, if not, feel free to close it or I can.

Thanks for the feedback, it's always helpful :D