Closed
Bug 312395
Opened 20 years ago
Closed 19 years ago
Enhance fipstest to perform FIPS AES algorithm testing
Categories
(NSS :: Test, enhancement, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
3.11.2
People
(Reporter: wtc, Assigned: wtc)
Details
Attachments
(1 file, 1 obsolete file)
|
27.57 KB,
patch
|
Details | Diff | Splinter Review |
We need to enhance nss/cmd/fipstest/fipstest.c to
be able to perform the various tests in the FIPS
AES Algorithm Validation Suite (AESAVS):
http://csrc.nist.gov/cryptval/aes/AESAVS.pdf
NSS support the following:
key size: 128, 192, and 256 bits
mode of operation: ECB and CBC
There are three types of tests:
- Known Answer Test (KAT): this in turn has four types
* GFSbox
* KeySbox
* Variable Key
* Variable Text
They all have the same structure. Plaintext or
ciphertext is exactly one block long.
- Multi-block Message Test (MMT): this has the same
structure as the KAT. The only difference is that
the plaintext or ciphertext has multiple blocks.
- Monte Carlo Test (MCT): this tests 100 blocks generated
from the given test input using an algorithm specified
in the Validation Suite. It tests our encryption and
decryption functions in streaming mode.
|
Assignee | |
Comment 1•20 years ago
|
||
The test input file is called a REQUEST file and
has the .req suffix.
fipstest writes its output to stdout. In our script,
we will redirect stdout to the test output file,
which is called a RESPONSE file and has the .rsp
suffix.
To run a Known Answer Test (ECB and CBC modes):
fipstest aes kat test-name.req
To run a Multi-block Message Test (ECB and CBC modes):
fipstest aes mmt test-name.req
To run a Monte Carlo Test in ECB mode:
fipstest aes mct ecb test-name.req
To run a Monte Carlo Test in CBC mode:
fipstest aes mct cbc test-name.req
I will enhance fipstest to be able to determine
the mode for Monte Carlo Test.
|
|
Assignee | |
Comment 2•20 years ago
|
||
Comment on attachment 199499 [details] [diff] [review]
Proposed patch v1
I forgot to mention that this patch contains several
"int" to "unsigned int" changes. Those are to fix
Visual C++ compiler warnings about signed/unsigned
comparisons.
|
|
Assignee | |
Comment 3•20 years ago
|
||
Hopefully this new patch is ready for checkin. I
added doublechecking to MCT and tried to put common
code in subroutines.
Usage:
fipstest aes kat|mmt|mct ecb|cbc test-name.req
kat = Known Answer Test
mmt = Multi-block Message Test
mct = Monte Carlo Test
ecb = ECB mode
cbc = CBC mode
Attachment #199499 -
Attachment is obsolete: true
|
||
Comment 4•19 years ago
|
||
Wan-Teh did this ever get checked in? The wiki FIPS doc says it did at http://wiki.mozilla.org/FIPS_Validation
I changed the target just so it gets on your radar.
Target Milestone: --- → 3.11.2
|
||
Updated•19 years ago
|
QA Contact: jason.m.reid → test
|
||
Updated•19 years ago
|
Priority: -- → P1
|
|
||
Comment 5•19 years ago
|
||
Glen Beasley says this is fixed.
|
||
Updated•19 years ago
|
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•