[openssl-users] Testing OpenSSL based solution

Tue, 12 May 2015 11:04:40 -0700 

I'm working on a C++ security library solution that uses openssl internally.

It offers Sign/Verify, Digest and Encrypt/Decrypt as its features (please
check available methods below).

 

I'm using FIPS 2.0 test vectors to validate my library, but I'm having a bit
of trouble with that.

 

Testing Digest is easy. It is just a matter of providing any data and check
whether the returned value matches expected values.

FIPS 2.0 is working just fine here.

 

Testing Sign/Verify is a whole different story. My understanding is that
algorithms use random parameters to sign data, so two consecutive calls to
sign with the same parameters would yield different results.

I guess I have to sign some data, and verify it to make sure that's working.

FIPS provides testing parameters that are not trivial (message, y, r, s) and
I'm not sure how to handle them. Is it possible to use those parameters
considering my API (check below)?

 

I haven't tried testing the encrypt/decrypt methods, since I'm stuck in the
Sign/Verify.

 

Do you think using FIPS test vectors to validate my solution is a
good/feasible approach?

Is there any better/simpler testing approach?

 

This is my API:

    Sign/Verify:

 

        std::string /* B64 */ sign( std::string algorithm, std::string
private_key /* B64 */, std::string data /* B64 */, bool &error );

        bool verify( std::string algorithm, std::string data /* B64 */,
std::string signature /* B64 */, std::string public_key /* B64 */, bool
&error );

    

        Algorithims: SHA1, SHA256, SHA384, SHA512 with RSA, ECDSA and
SHA1withDSA.

 

    Digest:

 

        std::string /* B64 */ digest( std::string algorithm, std::string
data );

    

        Algorithms: SHA1, SHA256, SHA384, SHA512.

 

    Encrypt/Decrypt:

 

        std::string /* B64 */ encrypt( std::string algorithm, bool padding,
std::string data /* B64 */, std::string key  /* B64 */ );

        std::string /* B64 */ decrypt( std::string algorithm, bool padding,
std::string data /* B64 */, std::string key  /* B64 */ );

 

        Algorithms: des-ede-cbc, des-ede, des-ede-cfb, des-ede-ofb,
des-ede3-cbc, des-ede3, des3, des-ede3-cfb, des-ede3-ofb,
aes-[128|192|256]-cbc, aes-[128|192|256], aes-[128|192|256]-cfb,
aes-[128|192|256]-cfb1, aes-[128|192|256]-cfb8, aes-[128|192|256]-ecb,
aes-[128|192|256]-ofb.

 

Thanks very much,

 

Marcus

 


_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to