Q: Is there a policy (de facto or otherwise) on adding tests to testmgr.h?
Two cases:
1) Tests from the NIST document(s) on various ciphers and hashes wherein
we add to an existing set of tests? For example, 3DES ECB mode, or AES
GCM? I suppose this question is really about, "how much is enough?"
2) Adding testing for a mode that has not heretofore been included? For
example, 3DES CFB mode? Pretty sure the answer here is "yes".
Over-arching concern: do we want to include official NIST test cases, or
eschew them?
There was no obvious reference to this (by way of grepping for testmgr)
in any of the existing Documentation. That I could find. If I missed
something, please excuse me.
Thanks,
Gary
Am Dienstag, 9. August 2016, 08:21:43 CEST schrieb Gary R Hook:
Hi Gary,
> Q: Is there a policy (de facto or otherwise) on adding tests to testmgr.h?
> Two cases:
>
> 1) Tests from the NIST document(s) on various ciphers and hashes wherein
> we add to an existing set of tests? For example, 3DES ECB mode, or AES
> GCM? I suppose this question is really about, "how much is enough?"
>
> 2) Adding testing for a mode that has not heretofore been included? For
> example, 3DES CFB mode? Pretty sure the answer here is "yes".
>
> Over-arching concern: do we want to include official NIST test cases, or
> eschew them?
>
> There was no obvious reference to this (by way of grepping for testmgr)
> in any of the existing Documentation. That I could find. If I missed
> something, please excuse me.
It is always helpful to use test vectors that are created by some third
parties. These are NIST test vectors or test vectors in RFCs. In some cases,
vectors were created using OpenSSL.
Regarding the question how much: I can only answer to the FIPS 140-2
requirements: all tests that need to be there for FIPS 140-2 are there for
those with fips_allowed=1.
Ciao
Stephan