Issue with AES-XTS

Question

Issue with AES-XTS

nssathyan opened this issue 2 years ago · 8 comments

I had used libacvp to run tests for AES-XTS a few months back and now I find that the tests report the following error when I try to run them. I understand there could be a change on the NIST server that could be causing this. Can you please tell me what I need to do to overcome this issue and run AES-XTS?

***ACVP [INFO][log_network_status:1468]--> POST Registration...
Status: 400
Url: https://demo.acvts.nist.gov:443/acvp/v1/testSessions
Resp: Recieved

***ACVP [ERR][log_network_status:1491]--> 400 error received from server. Message:
***ACVP [ERR][log_network_status:1492]--> [
{
"acvVersion": "1.0"
},
{
"error": "Validation error(s) on JSON payload.",
"context": [
"Unable to map ACVP-AES-XTS-1.0 - index 9 to an internal algorithm id."
]
}

Regards,
Sathya.

Answer 1 · 2022-06-28T13:17:18.000Z

ACVP-AES-XTS-1.0 is no longer supported, this may be the origin of the error. Use XTS-2.0 by setting dataUnitLenMatchesPayload to false, and other related options.

…

On Tue, Jun 28, 2022 at 8:11 AM nssathyan ***@***.***> wrote: I had used libacvp to run tests for AES-XTS a few months back and now I find that the tests report the following error when I try to run them. I understand there could be a change on the NIST server that could be causing this. Can you please tell me what I need to do to overcome this issue and run AES-XTS? ***ACVP [INFO][log_network_status:1468]--> POST Registration... Status: 400 Url: https://demo.acvts.nist.gov:443/acvp/v1/testSessions Resp: Recieved ***ACVP [ERR][log_network_status:1491]--> 400 error received from server. Message: ***ACVP [ERR][log_network_status:1492]--> [ { "acvVersion": "1.0" }, { "error": "Validation error(s) on JSON payload.", "context": [ "Unable to map ACVP-AES-XTS-1.0 - index 9 to an internal algorithm id." ] } Regards, Sathya. — Reply to this email directly, view it on GitHub <#705>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAHDIKR57R4EBSMANXGWP7TVRL2ZJANCNFSM52CD7V5A> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

Answer 2 · 2022-06-28T13:21:00.000Z

Hello,

As @locksmithone mentioned, revision 1.0 is no longer supported by NIST as of January. 2.0 is tested by default in release 1.4.1 (updating to the latest is always suggested). You shouldn't need to modify your registration at all unless you need the new options; if updating the client is a headache, changing the revision string for XTS in acvp_lcl.h to "2.0" should make old registrations continue to work.

Thanks,
Andrew

Answer 3 · 2022-06-28T14:00:56.000Z

Hello,

As @locksmithone mentioned, revision 1.0 is no longer supported by NIST as of January. 2.0 is tested by default in release 1.4.1 (updating to the latest is always suggested). You shouldn't need to modify your registration at all unless you need the new options; if updating the client is a headache, changing the revision string for XTS in acvp_lcl.h to "2.0" should make old registrations continue to work.

Thanks, Andrew

Thank you @locksmithone and @abkarcher. As you mentioned, I shall change the AES revision string to 2.0 Can you also please suggest where I need to change the "DataUnitLen"?

Regards,
Sathya.

Answer 4 · 2022-06-28T14:06:50.000Z

Hello,

Unless you require the dataunitlen options, you should not need to add them at all. This is a feature for people whose AES-XTS implementations support working with smaller sections of the total payload in the test case at a time. If you do need those features, you'd have to update the client; but since you imply that your testing process has not changed, I do not think it applies to you.

Either way, the 2.0 string change I mentioned is a workaround and I would recommend updating the client when it becomes feasible.

Thanks,
Andrew

Answer 5 · 2022-07-06T15:20:11.000Z

Hello,

I hope you have been able to get this working; otherwise, please let us know if you need any further assistance with this issue! I'll otherwise close it in a few days.

Thanks,
Andrew

Answer 6 · 2022-07-11T06:24:11.000Z

Hi @abkarcher ! Thank you for your inputs. I tried the 2.0 string change, but ended up having to pick many changes in other related files. So I currently am trying to pull the latest from github. You can close this issue. I shall get back to you once I have some update.

Regards,
Sathya.

Answer 7 · 2022-07-11T11:52:22.000Z

Apologies the string change didn't work, I got a bit ahead of myself it seems 🙂 The latest should get you up and running.

Thanks,
Andrew

Answer 8 · 2022-07-13T10:13:14.000Z

I was able to run AES XTS after getting the changes from cisco/libacvp.

Thanks,
Sathya.