certify operation: entropyId unparsable

[smuellerDD]

After updating our client to add the entropyId to the certify operation, the ESV server returns an error that it cannot parse it.

entropyId: 118

Certify request:

[{"esvVersion":"1.0"},{
"itar":false,
"limitEntropyAssessmentToSingleModule":false,
"entropyId":118,
"moduleId":12827,
"vendorId":11176,
"supportingDocumentation":[{
"sdId":20046,
"accessToken":nono"}],
"entropyAssessments":[{
"eaId":118,
"oeId":31916,
"accessToken":"nono"
}]}]

The error is:

[
  {
    "esvVersion": "1.0"
  },
  {
    "error": "Invalid JSON provided.",
    "context": "The JSON value could not be converted to System.String. Path: $.entropyId | LineNumber: 0 | BytePositionInLine: 74."
  }
]

[celic]

The requirement is 4 alphanumeric characters. You'd need it to be 0118.

[smuellerDD]

Am Freitag, 25. März 2022, 17:20:26 CET schrieb Chris Celi:

Hi Chris,

The requirement is 4 alphanumeric characters. You'd need it to be 0118.

A string? But the documentation says it is like the ACVP test ID, so a nummeric value.

Is it then to be expected that the ID could be something else than a number?

Ciao Stephan

[celic]

Entropy ID is more like a CMVP TID (test ID). I suppose that's an unfortunate consequence of using the word ID in multiple contexts. It's an identifier provided by the lab to track the submission through the system, the same way labs provide the TID to track module reports through the system.

I realize how confusing the name is though...

[smuellerDD]

Ok, I replaced it with a self-defined string. That string however must be exactly 4 characters in size. With that, the error goes away. But I am yet unsure how a 4 character string can be compared to a CMVP TID that has many more characters.

Could you please give us a helping hand and indicate how that ID is to be used?

[celic]

The TID is comprised of the LabCode-4 characters provided by lab-Extra identifying information provided by CMVP. The only part we need from the user is the middle 4 characters. There will also not be the end identifying information for the EID. We know the lab code based on the user certificate.

[smuellerDD]

After discussing that with my peers, we are yet puzzled which 4 character string is to be added. We are aware of the TID format as follows: DD-XXXX-YYYY, where DD is the LabCode, XXXX is the 4 characters provided by lab, and YYYY is the Extra identifying information provided by CMVP.

For a long while, after we submit FIPS reports to the CMVP with TID-11-XXXX-0000, the CCCS will assign a four-digit number YYYY to replace "0000". Recently, the CCCS stopped assigned their four digits.

If please you could provide guidance what exactly shall be provided in the field. Thanks.

[celic]

It would be the XXXX in DD-XXXX-YYYY.

[smuellerDD]

Thanks for the clarification.

[locksmithone]

Before closing the ticket, may I suggest expanding this field to more than 4 characters? Perhaps a lab, even in the future, may want a larger field to match their inner ID system.

[celic]

Expanding would be something to bring up to the overall CMVP. ESV will likely always match the format of the module submission process. I'll bring it up with the people involved (outside of ESV).