On 04/14/2016 08:34 AM, cyriac wrote: > I am specifically referring to the Key Derivation Function test vectors for > conformance with SP800-135 specification. > http://csrc.nist.gov/groups/STM/cavp/component-testing.html#KDF135 > There we have *test vectors for SP 800-135 like “TLS KDF Test Vectors”, “SSH > Test Vectors”.* > (We have currently upgraded to openssl-fips 2.0.12) > > In my understanding /fips_algvs/ supports test vectors for specific crypto > modules like AES, SHA, HMAC, RSA etc (with the respective > fips_<cryptoname>_main() routine). > However, *test vectors for applications utilizing one or more of these > cryptos like TSL, SSH etc. are not at all supported by the CAVS test > harness* ? > > *We could not also find any such vectors being uploaded in the test vectors > repository* at > http://opensslfoundation.com/testing/validation-2.0/testvectors/ (In fact we > have randomly downloaded few of those and we could not find) > > I am clueless how to go about generating response vectors for request > vectors like *tls.req* using the test harness. > In case the harness does not support, do you recommend any other resources > for reference implementation for these tests. > It looks like a tough ask! > > Kindly pour in your suggestions/experiences.
There are many types of CAVP/CAVS algorithm tests, only some of which are addressed by the OpenSSL FIPS Object Module. The selection of algorithm tests is a function of your requirements and is unique to each validation. You'll need to consult with your accredited test lab. -Steve M. -- Steve Marquess OpenSSL Validation Services, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct [email protected] gpg/pgp key: http://openssl.com/docs/0x6D1892F5.asc -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
