[openssl-users] Testing OpenSSL based solution

Marcus Vinicius do Nascimento m.vinicius at samsung.com
Tue May 12 17:56:05 UTC 2015 

I'm working on a C++ security library solution that uses openssl internally.

It offers Sign/Verify, Digest and Encrypt/Decrypt as its features (please
check available methods below).

 

I'm using FIPS 2.0 test vectors to validate my library, but I'm having a bit
of trouble with that.

 

Testing Digest is easy. It is just a matter of providing any data and check
whether the returned value matches expected values.

FIPS 2.0 is working just fine here.

 

Testing Sign/Verify is a whole different story. My understanding is that
algorithms use random parameters to sign data, so two consecutive calls to
sign with the same parameters would yield different results.

I guess I have to sign some data, and verify it to make sure that's working.

FIPS provides testing parameters that are not trivial (message, y, r, s) and
I'm not sure how to handle them. Is it possible to use those parameters
considering my API (check below)?

 

I haven't tried testing the encrypt/decrypt methods, since I'm stuck in the
Sign/Verify.

 

Do you think using FIPS test vectors to validate my solution is a
good/feasible approach?

Is there any better/simpler testing approach?

 

This is my API:

    Sign/Verify:

 

        std::string /* B64 */ sign( std::string algorithm, std::string
private_key /* B64 */, std::string data /* B64 */, bool &error );

        bool verify( std::string algorithm, std::string data /* B64 */,
std::string signature /* B64 */, std::string public_key /* B64 */, bool
&error );

    

        Algorithims: SHA1, SHA256, SHA384, SHA512 with RSA, ECDSA and
SHA1withDSA.

 

    Digest:

 

        std::string /* B64 */ digest( std::string algorithm, std::string
data );

    

        Algorithms: SHA1, SHA256, SHA384, SHA512.

 

    Encrypt/Decrypt:

 

        std::string /* B64 */ encrypt( std::string algorithm, bool padding,
std::string data /* B64 */, std::string key  /* B64 */ );

        std::string /* B64 */ decrypt( std::string algorithm, bool padding,
std::string data /* B64 */, std::string key  /* B64 */ );

 

        Algorithms: des-ede-cbc, des-ede, des-ede-cfb, des-ede-ofb,
des-ede3-cbc, des-ede3, des3, des-ede3-cfb, des-ede3-ofb,
aes-[128|192|256]-cbc, aes-[128|192|256], aes-[128|192|256]-cfb,
aes-[128|192|256]-cfb1, aes-[128|192|256]-cfb8, aes-[128|192|256]-ecb,
aes-[128|192|256]-ofb.

 

Thanks very much,

 

Marcus

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150512/1488f720/attachment.html>

More information about the openssl-users mailing list