[openssl-dev] Does CAVS test harness support testing of Component Vectors like TLS, SSH etc.
Steve Marquess
marquess at openssl.com
Thu Apr 14 13:54:50 UTC 2016
On 04/14/2016 08:34 AM, cyriac wrote:
> I am specifically referring to the Key Derivation Function test vectors for
> conformance with SP800-135 specification.
> http://csrc.nist.gov/groups/STM/cavp/component-testing.html#KDF135
> There we have *test vectors for SP 800-135 like “TLS KDF Test Vectors”, “SSH
> Test Vectors”.*
> (We have currently upgraded to openssl-fips 2.0.12)
>
> In my understanding /fips_algvs/ supports test vectors for specific crypto
> modules like AES, SHA, HMAC, RSA etc (with the respective
> fips_<cryptoname>_main() routine).
> However, *test vectors for applications utilizing one or more of these
> cryptos like TSL, SSH etc. are not at all supported by the CAVS test
> harness* ?
>
> *We could not also find any such vectors being uploaded in the test vectors
> repository* at
> http://opensslfoundation.com/testing/validation-2.0/testvectors/ (In fact we
> have randomly downloaded few of those and we could not find)
>
> I am clueless how to go about generating response vectors for request
> vectors like *tls.req* using the test harness.
> In case the harness does not support, do you recommend any other resources
> for reference implementation for these tests.
> It looks like a tough ask!
>
> Kindly pour in your suggestions/experiences.
There are many types of CAVP/CAVS algorithm tests, only some of which
are addressed by the OpenSSL FIPS Object Module. The selection of
algorithm tests is a function of your requirements and is unique to each
validation. You'll need to consult with your accredited test lab.
-Steve M.
--
Steve Marquess
OpenSSL Validation Services, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877 673 6775 s/b
+1 301 874 2571 direct
marquess at openssl.com
gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc
More information about the openssl-dev
mailing list