Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make Counter Tests for AES-CTR and TDES-CTR Optional #937

Closed
celic opened this issue Jul 31, 2020 · 7 comments · Fixed by #956
Closed

Make Counter Tests for AES-CTR and TDES-CTR Optional #937

celic opened this issue Jul 31, 2020 · 7 comments · Fixed by #956
Milestone
v1.1.0.11 Release

Comments

@celic
Copy link
Collaborator

celic commented Jul 31, 2020

Some implementations use a LFSR counter approach which is valid according to the CTR mode standards. However it isn't compatible for the "CTR" test groups in ACVP. We will introduce a new registration parameter for CTR modes "performCounterTests": true/false that allows the client to determine if these tests are applicable.

This does have repercussions for CMVP validations. If tests were not performed, a justification may be needed during a module validation.
@smuellerDD
Copy link
Contributor

smuellerDD commented Jul 31, 2020 via email

@AlexThurston
Copy link

Specifically (and because this just happens to be something top of mind), is this related to the test group/test case that ends up having a payload length of 12800 for example?

@celic
Copy link
Collaborator Author

celic commented Jul 31, 2020

Default to true yes.

The large payload test groups are indeed the "CTR" test groups.

@AlexThurston
Copy link

Is there an ETA on when this setting will be available?

@AlexThurston
Copy link

This does have repercussions for CMVP validations. If tests were not performed, a justification may be needed during a module validation.

Also, what kind of repercussions for CMVP?

@celic
Copy link
Collaborator Author

celic commented Aug 4, 2020

Next release this will be on demo.

When going through a CMVP validation for a module with a CTR mode, if these tests aren't performed additional justification will be needed to explain the counter mechanism. The CMVP should have more details coming soon but as I understand it the reviewer might just ask for this information after reviewing the algorithm certificates. (It will state on the certificate whether or not the tests were performed)

@celic celic added this to the v1.1.0.11 Release milestone Aug 17, 2020
@celic
Copy link
Collaborator Author

celic commented Aug 18, 2020

This was deployed last night. Leaving issue open until I can put together the documentation update.

@celic celic mentioned this issue Aug 18, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.1.0.11 Release
Development

Successfully merging a pull request may close this issue.

Adds performCounterTests to capabilities table and updates examples usnistgov/ACVP
3 participants
@celic @AlexThurston @smuellerDD