Skip to content

Commit

Permalink
resolved conflict from merging in master
Browse files Browse the repository at this point in the history
  • Loading branch information
jbrock24 committed Nov 7, 2023
2 parents 8cfd00c + 82a8b8d commit 99d00e9
Show file tree
Hide file tree
Showing 6 changed files with 23 additions and 9 deletions.
8 changes: 8 additions & 0 deletions src/drbg/sections/05-capabilities.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -78,13 +78,21 @@ DRBG minimum/maximum values for the properties listed in <<capabilities-table>>
| hashDRBG | "SHA2-512" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 512
| hashDRBG | "SHA2-512/224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 224
| hashDRBG | "SHA2-512/256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 256
| hashDRBG | "SHA3-224" | N/A | 192| 192 | 65536 | 65536 | 65536 | 96 | 224
| hashDRBG | "SHA3-256" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 256
| hashDRBG | "SHA3-384" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 384
| hashDRBG | "SHA3-512" | N/A | 256| 256 | 65536 | 65536 | 65536 | 128 | 512
| hmacDRBG | "SHA-1" | N/A | 128 | 128 | 65536 | 65536 | 65536 | 64 | 160
| hmacDRBG | "SHA2-224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 224
| hmacDRBG | "SHA2-256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 256
| hmacDRBG | "SHA2-384" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 384
| hmacDRBG | "SHA2-512" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 512
| hmacDRBG | "SHA2-512/224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 224
| hmacDRBG | "SHA2-512/256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 256
| hmacDRBG | "SHA3-224" | N/A | 192 | 192 | 65536 | 65536 | 65536 | 96 | 224
| hmacDRBG | "SHA3-256" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 256
| hmacDRBG | "SHA3-384" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 384
| hmacDRBG | "SHA3-512" | N/A | 256 | 256 | 65536 | 65536 | 65536 | 128 | 512
|===

=== DRBG Registration Example
Expand Down
9 changes: 7 additions & 2 deletions src/lms/sections/05-capabilities.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -27,12 +27,17 @@ Each LMS algorithm capability advertised is a self-contained JSON object using t
| mode | The LMS mode to be validated | string | See <<supported>>
| revision | The algorithm testing revision to use | string | See <<supported>>
| prereqVals | Prerequisite algorithm validations | array of prereqAlgVal objects | See <<prereq_algs>>
| capabilities | The general pairs of LMS and LMOTS modes that are supported | object | See <<capability_details>>
| specificCapabilities | The set of exact LMS and LMOTS mode matches that are supported | array of objects | See <<specific_capability_details>>
| capabilities | The general pairs of LMS and LMOTS modes that are supported. See note. | object | See <<capability_details>>
| specificCapabilities | The set of exact LMS and LMOTS mode matches that are supported. See note. | array of objects | See <<specific_capability_details>>
|===

The capabilities advertised by the module must use the following JSON object schema. The ACVP server *MAY* select any pairing of values from the arrays to test.

Note: The `capabilities` object is *preferred*, as it allows the ACVP server to select from a random sampling of the product of the registered capabilities.
The `specificCapabilities` object can be used as an alternative, if your IUT does not support a wide variety of capabilities, and needs to have *specific* combinations tested against.

The two `capabilities` and `specificCapabilities` cannot be used together with the same registration.

[[capability_details]]
.LMS Capability Details
|===
Expand Down
3 changes: 3 additions & 0 deletions src/protocol/sections/11-messaging.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -1633,6 +1633,8 @@ The client will send this request to learn the validation results for an individ
** `incomplete` - indicates not all tests have been processed by the server, however none have failed thus far.
** `expired` - indicates not all the test case responses were received from the client prior to expiry.
** `passed` - indicates all test cases have been processed by the server and have passed.
** `missing` - indicates that one or more test case responses were not received from the client.
** `error` - indicates that the server encountered an error while processing the responses provided by the client.
* *tests* - array of test result objects
** *tcId* - `number`
** *result* - `string`, the result for a test case with:
Expand All @@ -1641,6 +1643,7 @@ The client will send this request to learn the validation results for an individ
*** `incomplete` - indicates the server has not processed the test case.
*** `expired` - indicates the client did not send the test case response to the server prior to expiry.
*** `passed` - indicates the test case passed.
*** `missing` - indicates that a response was not received from the client for the test case.
** *reason* - `string`, provides additional detail in case of a `failed` `result` value.
** *expected* - `object`, provides the value(s) the server expected for the test case.
** *provided* - `object`, provides the value(s) the client provided for the test case.
Expand Down
5 changes: 2 additions & 3 deletions src/rsa/sections/05-decprim-capabilities.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ An example registration is the following

=== RSA DecryptionPrimitive SP800-56Br2 Mode Capabilities

The RSA decryptionPrimitive mode capabilities are advertised as JSON objects within the array of 'capabilities' as part of the 'capability_exchange' element of the ACVP JSON registration message. Two properties are supported in the registration. A 'modulus' array supports three modulo values of 2048, 3072, and 4096. For private 'keyFormat', the "standard" and "crt" (Chinese Remainder Theorem) private key formats are supported. "standard" equates to the prime-factor private key format described in <<SP800-56Br2>>. See the descriptions of basic, CRT, and prime-factor private key formats in Section 3.2 of <<SP800-56Br2>>.
The RSA decryptionPrimitive mode capabilities are advertised as JSON objects within the array of 'capabilities' as part of the 'capability_exchange' element of the ACVP JSON registration message. Two properties are supported in the registration. A 'modulo' array supports three modulus values of 2048, 3072, and 4096. For private 'keyFormat', the "standard" and "crt" (Chinese Remainder Theorem) private key formats are supported. "standard" equates to the prime-factor private key format described in <<SP800-56Br2>>. See the descriptions of basic, CRT, and prime-factor private key formats in Section 3.2 of <<SP800-56Br2>>.

When testing the "standard"/prime-factor private key format, a ciphertext (ct), along with private key p, q and d component values are provided, see <<SP800-56Br2>>, Section 7.1.2.2 for details. If an IUT supports the basic private key format, the p and q values provided by the "standard"/prime-factor testing can be multiplied to produce the needed n value. When testing for the Chinese Remainder Theorem private key format, a ciphertext (ct), the p, q, n, dmp1 (dP), dmq1 (dQ), and iqmp (qInv) values are provided, see <<SP800-56Br2>>, Section 7.1.2.3 for details.
See the ACVP specification for details on the registration message.
Expand All @@ -43,12 +43,11 @@ An example registration is the following
"algorithm": "RSA",
"mode": "decryptionPrimitive",
"revision": "Sp800-56Br2",
"isSample": true,
"keyFormat": [
"standard",
"crt"
],
"modulus": [
"modulo": [
2048,
3072,
4096
Expand Down
5 changes: 2 additions & 3 deletions src/rsa/sections/05-sigprim-capabilities.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ The following RSA / SignaturePrimitive / 2.0 capabilities *MAY* be advertised by
|===
| JSON value | Description | JSON type | Valid values

| modulo | supported RSA modulo for signature generation - see <<FIPS186-4>>, Section 5 | array of integer | any of the supported modulo sizes {2048, 3072, 4096}
| modulo | supported RSA moduli for signature generation - see <<FIPS186-4>>, Section 5 | array of integer | any of the supported modulus sizes {2048, 3072, 4096}
| keyFormat | The format by which the client expects the private key to be communicated. Standard refers to the default p, q, d values. Chinese Remainder Theorem uses decomposed values for optimized decryption p, q, dmp1, dmq1, iqmp | array of string | "standard", "crt"
| pubExpMode | Whether the IUT can handle a random or fixed public exponent | string | "random", "fixed"
| fixedPubExp | The fixed public exponent e | hex | Any value supported by <<FIPS186-4>>: 65537 - 2^256-1, odd
Expand All @@ -50,14 +50,13 @@ The following is an example of the registration
"algorithm": "RSA",
"mode": "signaturePrimitive",
"revision": "2.0",
"isSample": true,
"pubExpMode": "fixed",
"fixedPubExp": "010001"
"keyFormat": [
"standard",
"crt"
],
"modulus": [
"modulo": [
2048,
3072,
4096
Expand Down
2 changes: 1 addition & 1 deletion src/rsa/sections/06-sigprim-test-vectors.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ Here is an abbreviated yet fully constructed example of the prompt
"mode": "signaturePrimitive",
"revision": "2.0",
"isSample": false,
"testGroups": [
"testGroups":
{
"tgId": 1,
"modulo": 2048,
Expand Down

0 comments on commit 99d00e9

Please sign in to comment.