search

usnistgov / ESV-Server

Entropy Source Validation Protocol and Server specifications
13 stars 12 forks source link

ESV Prod: data uploaded #28

Closed smuellerDD closed 1 year ago

smuellerDD commented 1 year ago

Test ID: 30.

For the test session, NIST reviewers mentioned that some of the supporting documents are not uploaded into the right places - it is stated that the EAR is not uploaded. Looking at the log on our side I see it uploaded. Allow me to show the log.

Mind especially the file sizes.

MIME type of first file:

ACVPProxy (13:28:59) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_common_init:348]: Setting certificate with type PEM
ACVPProxy (13:28:59) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_common_init:357]: Setting private key with type PEM
ACVPProxy (13:28:59) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:584]: Set mime type sdFile
ACVPProxy (13:28:59) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:589]: Add mime data of length 1509411
ACVPProxy (13:28:59) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:594]: Add file name EntropyAnalysisReport-EAR-v1.0.pdf
ACVPProxy (13:28:59) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:584]: Set mime type isITAR
ACVPProxy (13:28:59) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:589]: Add mime data of length 5
ACVPProxy (13:28:59) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:584]: Set mime type sdComments
ACVPProxy (13:28:59) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:589]: Add mime data of length 34
ACVPProxy (13:28:59) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:584]: Set mime type sdType
ACVPProxy (13:28:59) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:589]: Add mime data of length 5

POST operation of our client:

> POST /esv/v1/supportingDocumentation HTTP/1.1

Response from server:


  {
    "esvVersion": "1.0"
  },
  {
    "sdId": 40042,
    "uploadType": "UploadSupportingDocumentation",
    "status": "success",
    "dataLengthBytes": 1509411,
    "accessToken":"youwhish"

2nd document MIME data:

ACVPProxy (13:29:00) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:584]: Set mime type sdFile
ACVPProxy (13:29:00) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:589]: Add mime data of length 378733
ACVPProxy (13:29:00) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:594]: Add file name publicUseDocument-v1.0.pdf
ACVPProxy (13:29:00) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:584]: Set mime type isITAR
ACVPProxy (13:29:00) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:589]: Add mime data of length 5
ACVPProxy (13:29:00) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:584]: Set mime type sdComments
ACVPProxy (13:29:00) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:589]: Add mime data of length 26
ACVPProxy (13:29:00) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:584]: Set mime type sdType
ACVPProxy (13:29:00) (tid30) Debug - HTTP operation [lib/common/network_backend_curl.c:acvp_curl_http_post_multi:589]: Add mime data of length 17

client POST

POST /esv/v1/supportingDocumentation HTTP/1.1

Report from server:

[
  {
    "esvVersion": "1.0"
  },
  {
    "sdId": 40043,
    "uploadType": "UploadSupportingDocumentation",
    "status": "success",
    "dataLengthBytes": 378733,
    "accessToken":youwish

With this, both files are uploaded to the server to sdId 40042 (EAR) and 40043 (public use document). Can you please help us why the uploads are considered to be inappropriate?

celic commented 1 year ago

During the Certify request, both supporting documentation IDs are needed. It appears that one was not provided.

After the Certify request is sent, file transfer happens over PGP-encrypted email according to the "usual" CMVP process. At that point it doesn't matter if the file is uploaded to ESV, there is no way to link it to the existing validation in progress.