Analyze and test CC/FIPS140 certificates for non-standard vendor-specific algorithm constants

Question

Analyze and test CC/FIPS140 certificates for non-standard vendor-specific algorithm constants

petrs opened this issue 2 years ago · 0 comments

Example: Oberthur ID-One Cosmo128 v5.5 D, security policy document
https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp944.pdf
2.3.2 Additional Cryptographic Algorithms

Alternative: Scan whole range of constants for a given algorithm build factory-style method

Examples from Oberthur ID-One Cosmo128 v5.5 D, security policy document
ALG_SHA_224 (0x08) Message Digest operationsALG_SHA_CHAIN (0x81)
ALG_SHA2_CHAIN (0x82)
Elliptic Curves ALG_ECDSA_SHA224(0x21)
GF(p) algorithm
Signature/verification operations
Elliptic Curves ALG_ECDSA_SHA256(0x22)
Elliptic Curves ALG_ECDSA_SHA384(0x23)
ALG_ECDSA_SHA_LDS (0x25)
ALG_ECDSA_SHA256_LDS(0x26)
ALG_ECDSA_SHA384_LDS(0x27)
Diffie-Hellman KEYAGREEMENT_ALGO_RSA(0x81) Key Agreement OperationsDiffie-Hellman ALG_EC_SVDP_DH_GK (0x82)
Diffie-Hellman ALG_EC_SVDP_DHC_GK (0x83)
Non-Deterministic Random Number Generator (NDRNG) Hardware Seed Generation for
the Deterministic RNG