KTS Responder VAL – expected failure root cause

[gafnir]

We are running KTS Responder VAL test, which is a part of example vectors package we have.
Looking at the test results, where test cases are expected to fail (i.e., <”testPassed” = false>), we have a few test cases where the dkm that our cryptographic library outputs is equal to the input dkm and our library completes the operation successfully.
In these cases, what may be the root cause for the expected failure?
Can the root cause be a failure in the input validity check?
Please note that in NIST 800-56B specification, Section 7.2.2.4, “RSA-OAEP Decryption Operation (RSA-OAEP.DECRYPT)”, it is mentioned that developer shall assume that the input private key is valid. Therefore our library validates only the input cypher text.
Also please be informed that in the old CAVP format, the example test vectors of VAL tests included the failure reason together with the expected result.

[smuellerDD]

Am Mittwoch, 21. Oktober 2020, 10:33:28 CEST schrieb Rotem: Hi Rotem,

old CAVP format, the example test vectors of VAL tests included the failure reason together with the expected result.

Please ignore the failure reason in the expected values. The real result data only need to contain pass or fail verdicts but not the reason. Ciao Stephan

[gafnir]

Thanks Stephan for the quick response, I’m aware of that the response file that the parser is generating should only include the result pass/fail, but in the cases of expected failure I wish to better understand what may be the failure root cause.

[Kritner]

It depends on the registration options and test, if you have a question about a specific test case I'll need the vsId, environment, tcId, etc.

[gafnir]

Attached the KTS OAEP sample vectors - request and expected JSON files. We have failures in both tgId 7 and 8, for example, in tgId 7 the following tcId's failed: 95, 101, 105, 114.
Note that vsId is 251358 and the test directory structure is 93895/251358/<json_files>.
testvector-expected.json.txt
testvector-request.json.txt

In general, is there any public documentation for KTS OAEP ACVP test describing the IUT requirements?
For example, for SHA test we are familiar with https://csrc.nist.gov/csrc/media/projects/cryptographic-algorithm-validation-program/documents/shs/shavs.pdf.

[gafnir]

With regards to KTS OAEP initiator tests, tgId 5 and tgId 6 group of tests are of testType VAL. How can the IUT validate the initiator operation (i.e., RSA-OAEP encrypt) without comparing its result to an expected input Cypher Text?
We do see ‘serverC’ as input for tgId 7 & 8 (responder), and therefore we expected to see ‘iutC’ in tgId 5 and 6 (initiator). Unfortunately it seems to be missing from the request vectors.

[Kritner]

Oh I'm sorry I didn't realize that this was an issue with the documentation. The VAL type tests were removed from KTS testing due to issue #942. This vector set doesn't exist on our demo server, but looking at the vector set number we're currently on, it would have been some time ago.

The VAL tests for KTS testing should no longer be present in newly generated test sessions. I will leave this issue open as a reminder that the documentation needs to be updated to remove the KTS VAL tests from the sample json in the specification.