algorithm testing using libacvp
Closed this issue · 8 comments
Hi,
We have a vector request JSON file from third party, How can we pass existing JSON file to libacvp for algorithm testing? and get the test vector responses and upload to demo server? The test intended to run only AES algorithm. Can you provide steps will be helpful?
Hello,
Please view the comment here -
You would then run ./acvp_app --aes --vector_req <modified_input_file>.json --vector_rsp <output_file>.json
And remove the info you added from the output file.
Let us know if you have any further questions!
Thanks,
Andrew
Hi Andrew,
Thanks, that worked. How to upload test vector responses to demo server?
when i run this getting below error
./acvp_app --vector_upload <output_file>.json
***ACVP [STATUS][acvp_upload_vectors_from_file:1045]--> Uploading vectors from response file...
***ACVP [WARN][acvp_upload_vectors_from_file:1106]--> Missing indication of whether tests are sample in file, continuing
***ACVP [STATUS][acvp_upload_vectors_from_file:1178]--> Sending responses for vector set 562917
***ACVP [ERR][log_network_status:1107]--> 403 error received from server. Message:
***ACVP [ERR][log_network_status:1108]--> (null)
***ACVP [ERR][acvp_upload_vectors_from_file:1181]--> Failed to submit test results for vector set - skipping...
***ACVP [STATUS][acvp_upload_vectors_from_file:1194]--> Tests complete, checking results...
***ACVP [ERR][log_network_status:1107]--> 403 error received from server. Message:
***ACVP [ERR][log_network_status:1108]--> (null)
***ACVP [ERR][acvp_get_result_test_session:2782]--> Error retrieving vector set results!
***ACVP [ERR][acvp_upload_vectors_from_file:1197]--> Unable to retrieve test results
Please advise.
Thanks
Hello,
To submit them, you need the test session URL and JWT associated with it. If you received the vector set from elsewhere without that info, you would have to get that info from the source and fill them into the block we added to JSON.
Andrew
Hi,
URL and JWT associated is there in JSON block, but getting 403 forbidden error.
***ACVP [STATUS][acvp_upload_vectors_from_file:1045]--> Uploading vectors from response file...
***ACVP [WARN][acvp_upload_vectors_from_file:1106]--> Missing indication of whether tests are sample in file, continuing
***ACVP [STATUS][acvp_upload_vectors_from_file:1178]--> Sending responses for vector set 562917
***ACVP [ERR][log_network_status:1107]--> 403 error received from server. Message:
***ACVP [ERR][log_network_status:1108]--> (null)
***ACVP [ERR][acvp_upload_vectors_from_file:1181]--> Failed to submit test results for vector set - skipping...
***ACVP [STATUS][acvp_upload_vectors_from_file:1194]--> Tests complete, checking results...
***ACVP [ERR][log_network_status:1107]--> 403 error received from server. Message:
***ACVP [ERR][log_network_status:1108]--> (null)
***ACVP [ERR][acvp_get_result_test_session:2782]--> Error retrieving vector set results!
***ACVP [ERR][acvp_upload_vectors_from_file:1197]--> Unable to retrieve test results
Please check.
Thanks.
Hello,
Do you have all of the other appropriate credentials to access the server? (key, cert, and TOTP seed, acquired from NIST)
Thanks,
Andrew
Hi,
Yes, all are acquired from NIST, able to communicate with demo server.
able to run sample too.
./acvp_app --aes --sample
Using the following parameters:
ACV_SERVER: demo.acvts.nist.gov
ACV_PORT: 443
ACV_URI_PREFIX: /acvp/v1/
ACV_CA_FILE: /data/mozzila_trust_anchors.pem
ACV_CERT_FILE: /data/xxx.cer
ACV_KEY_FILE: /data/xxx_Demo.key
***ACVP [WARN][acvp_http_user_agent_check_env_for_var:1234]--> Unable to collect info for HTTP user-agent - please define ACV_OE_PROCESSOR (64 char max.)
***ACVP [STATUS][acvp_login:2521]--> Logging in...
***ACVP [STATUS][acvp_login:2541]--> Login successful
***ACVP [STATUS][acvp_register:1975]--> Building registration of capabilities...
***ACVP [STATUS][acvp_register:1983]--> Sending registration of capabilities...
***ACVP [STATUS][acvp_register:1992]--> Successfully sent registration and received list of vector set URLs
***ACVP [STATUS][acvp_register:1993]--> Test session URL: /acvp/v1/testSessions/179019
***ACVP [STATUS][acvp_run:3286]--> Beginning to download and process vector sets...
***ACVP [STATUS][acvp_retry_handler:2467]--> 200 OK KAT values not ready, server requests we wait 30 seconds and try again...
***ACVP [STATUS][acvp_retry_handler:2467]--> 200 OK KAT values not ready, server requests we wait 30 seconds and try again...
***ACVP [STATUS][acvp_dispatch_vector_set:2697]--> Processing vector set: 566845
***ACVP [STATUS][acvp_dispatch_vector_set:2698]--> Algorithm: ACVP-AES-CTR
***ACVP [STATUS][acvp_process_vector_set:2746]--> Successfully processed vector set
***ACVP [STATUS][acvp_process_vsid:2668]--> Posting vector set responses for vsId 566845...
***ACVP [STATUS][acvp_run:3305]--> Tests complete, checking results...
***ACVP [STATUS][acvp_get_result_test_session:2916]--> TestSession results incomplete...
***ACVP [STATUS][acvp_retry_handler:2469]--> 200 OK results not ready, waiting 30 seconds and trying again...
***ACVP [STATUS][acvp_get_result_test_session:2916]--> TestSession results incomplete...
***ACVP [STATUS][acvp_retry_handler:2469]--> 200 OK results not ready, waiting 30 seconds and trying again...
***ACVP [STATUS][acvp_get_result_test_session:2899]--> Passed all vectors in test session!
Hello,
My mistake for not pointing it out sooner.
The output file also needs a list of VectorSet URLs, which is the test session URL followed by /vectorSets/[vsid]
Also want to ensure that any forward slashes are escaped in JSON.
Here is an example from a file I just created for two algorithms, with identifying info removed -
[ {
"jwt": "insertRealJwtHere",
"url": "\/acvp\/v1\/testSessions\/000000",
"isSample": false,
"vectorSetUrls": [
"\/acvp\/v1\/testSessions\/000000\/vectorSets\/00001",
"\/acvp\/v1\/testSessions\/000000\/vectorSets\/00002"
]
}, {
"vsId": 00001,
"algorithm": "KAS-KDF",
"mode": "HKDF",
"revision": "Sp800-56Cr1",
"isSample": false,
....etc
Hopefully this helps.
Thanks,
Andrew
Hello,
I am closing this issue due to inactivity. If you have further questions about this issue, you may reopen it.
Thanks,
Andrew