Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Errors in sample registration documentation for various Algorithms #1544

Open
chih-kao opened this issue Oct 30, 2024 · 8 comments
Open

Errors in sample registration documentation for various Algorithms #1544

chih-kao opened this issue Oct 30, 2024 · 8 comments
Assignees

Comments

@chih-kao
Copy link

I ran the examples from https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#name-ecdsa-algorithm-registratio and getting the following messages:

ECDSA-sigGen-1.0: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
ECDSA-sigGen-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
ECDSA-sigVer-1.0: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
ECDSA-sigVer-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
DetECDSA-sigGen-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1

@jbrock24 jbrock24 changed the title Generating ECDSA test vectors returns "Invalid Curves supplied: P-512" Invalid sample registrations for various Algorithms Oct 31, 2024
@jbrock24 jbrock24 changed the title Invalid sample registrations for various Algorithms Invalid sample registrations in documentation for various Algorithms Oct 31, 2024
@jbrock24 jbrock24 changed the title Invalid sample registrations in documentation for various Algorithms Errors in sample registration documentation for various Algorithms Oct 31, 2024
@jbrock24
Copy link
Collaborator

jbrock24 commented Oct 31, 2024

Hi @chih-kao, thank you for testing all of these and letting us know they aren't working. Sometimes this part of the documentation gets out-of-date from the code and sample files. We try to stop this from happening, but it does occur. You seem to have found a few of these, and I'm going to test to verify the issues and correct them when appropriate. To better help organize them all (there are just too many possible algorithms to have an open issue for each one ), I would like to make this Issue, #1544, the main one which re-titles the issue as "Errors in sample registration documentation for various Algorithms", under which we can list them all individually. We can use the markup here for them to organize.

Thanks again for the help, I will tackle these and mark them off when done. If you find some more, please update the message below, we'll use that for the organization.

@jbrock24
Copy link
Collaborator

jbrock24 commented Oct 31, 2024

ECDSA ( NO ISSUE )

https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#name-ecdsa-algorithm-registratio

  • ECDSA-sigGen-1.0: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
  • ECDSA-sigGen-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
  • ECDSA-sigVer-1.0: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
  • ECDSA-sigVer-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1
  • DetECDSA-sigGen-FIPS186-5: Invalid Curves supplied: P-512, intersect : 0, supplied: 1

KAS ( NO ISSUE )

https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-ifc.html#name-example-kts-ifc-registratio

  • KAS-IFC-Sp800-56Br2: macOptions contained no registered MAC algorithms.
  • KTS-IFC-Sp800-56Br2: macOptions contained no registered MAC algorithms.

https://pages.nist.gov/ACVP/draft-fussell-acvp-kas-ffc.html#name-example-kas-ffc-component-c
https://pages.nist.gov/ACVP/draft-fussell-acvp-kas-ffc.html#name-example-kas-ffc-capabilitie

  • KAS-FFC-1.0: KcOption is required when for key confirmation registrations

KDA

https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-kdf-twostep.html#name-registration-example

  • KDA-TwoStep-Sp800-56Cr1: Provided L value of 2048 was not contained within the SupportedLengths domain.

@livebe01
Copy link
Collaborator

Hi @chih-kao, thank you for testing all of these and letting us know they aren't working. Sometimes this part of the documentation gets out-of-date from the code and sample files. We try to stop this from happening, but it does occur. You seem to have found a few of these, and I'm going to test to verify the issues and correct them when appropriate. To better help organize them all (there are just too many possible algorithms to have an open issue for each one ), I would like to make this Issue, #1544, the main one which re-titles the issue as "Errors in sample registration documentation for various Algorithms", under which we can list them all individually. We can use the markup here for them to organize.

Thanks again for the help, I will tackle these and mark them off when done. If you find some more, please update the message below, we'll use that for the organization.

@chih-kao also, if you're not sure about something you're seeing in the algorithm specifications at https://pages.nist.gov/ACVP/#supported, you may try cross referencing the example json files that are here: https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files.

@chih-kao
Copy link
Author

chih-kao commented Nov 1, 2024

Hi @jbrock24, thank you for taking your time to help. Hi @livebe01, thank you for the information.

@jbrock24 jbrock24 self-assigned this Nov 1, 2024
@jbrock24
Copy link
Collaborator

jbrock24 commented Nov 4, 2024

Hi @chih-kao - I am unable to reproduce the ECDSA errors you showed here, but I will point out that the example registrations are not necessarily going to work without understanding the system. They aren't samples to run, they are examples of what a possible registration file could look like. If you want to locally run some examples through Generation to Validation, as Ben stated above the json sample files would be best. Those are designed to run locally without any IUT involvement.

Can you give those a try and let me know if they work for you?

@chih-kao
Copy link
Author

chih-kao commented Nov 4, 2024

I think it might be just a typo. Is curve "P-521" or "P-512"? I saw a few "P-512" in https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#name-ecdsa-algorithm-registratio

By the way, the https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/ECDSA-SigGen-1.0/registration.json generates vectors successfully without any errors.

@jbrock24
Copy link
Collaborator

jbrock24 commented Nov 4, 2024

I think it might be just a typo. Is curve "P-521" or "P-512"? I saw a few "P-512" in https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#name-ecdsa-algorithm-registratio

It's P-521 not P-512. P-512 is an error we will fix, ty.

@jbrock24
Copy link
Collaborator

jbrock24 commented Nov 5, 2024

Hi @chih-kao - I ran the KAS tests and they are fine up until Verification. Basically as stated before, an example is just not a sample. The example works fine if you make it a sample as expected.

I feel comfortable closing this as an open issue, please let me know if there is still something incorrect or that I'm missing, if not, feel free to close it or I can.

Thanks for the feedback, it's always helpful :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants