IETF Logo Mail Archive

[CFRG] Re: Where should test vectors live?

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 26 September 2024 16:48 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C60EC14CE3F for <cfrg@ietfa.amsl.com>; Thu, 26 Sep 2024 09:48:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.655
X-Spam-Level:
X-Spam-Status: No, score=-1.655 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pgOZNQfOKBgz for <cfrg@ietfa.amsl.com>; Thu, 26 Sep 2024 09:48:54 -0700 (PDT)
Received: from mail-oi1-f180.google.com (mail-oi1-f180.google.com [209.85.167.180]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB8FAC14F739 for <cfrg@irtf.org>; Thu, 26 Sep 2024 09:48:54 -0700 (PDT)
Received: by mail-oi1-f180.google.com with SMTP id 5614622812f47-3e037b80140so615436b6e.3 for <cfrg@irtf.org>; Thu, 26 Sep 2024 09:48:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727369334; x=1727974134; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=i/10+YcFvBkoG3/UHXgd3rMmYQ4gp/eVp8YRST7bCGI=; b=dbfeQWPBatGwtCS7FV1tZVMXB4AtlvvqVfpmDsEJcNz+Zjah3K9n+kEZgxUeEYDLyx 3H2lXmd7egWZAwHbJV/jYz7qnTk6e8a2FBIaIkGvFV10dwhCNnT1cfwvKdIXGMNSVso1 c0MWNzM7ugkQkbo6GdsSyi48a2fO1kE5pCi/cOqihdmjT2NZLuJs3b8LWPyScp3HWhUe GvSWAO7lcxQWVA46N9V7yD6AuPEzNAd76k/LIhE2xn4K6MsXPi3Cr9H4Ob1X6wYR2wHG VkyoddRFkEENhP5M/qitzid0JGGGHDytCLdBQfPPRGKLOZIPuHIbfREmY+sJEGqaN4IL GD3Q==
X-Gm-Message-State: AOJu0YwqqOeY+GiO9EB/ShLieCO94Lc7h8hsJUu2XHfUDrbcT0Fo9dzl bH7gYFe1P93ZCxxFhrJv03HplG0ZwvcWydws8ursBWzO0X+sHy7PWoIoF/G65zS4oYm5i8OfRfI YueXBsohDY4MLvew0DhUjcVo9kXfVoK+m
X-Google-Smtp-Source: AGHT+IEQDvZ2N2JLk+AtSEDH7BBOCxlgjwOSC4XS70BbZiBNT4r54ubUvP5xN/aRtzvRxn3gFxgez6cNz27ITyuW9ok=
X-Received: by 2002:a05:6808:17a6:b0:3e0:c510:5406 with SMTP id 5614622812f47-3e3939d4595mr218590b6e.33.1727369333920; Thu, 26 Sep 2024 09:48:53 -0700 (PDT)
MIME-Version: 1.0
References: <CAG2Zi20N98cxpgjfRe6gWw1SQEoux+5P3NhLBFUfUHk_udYeFg@mail.gmail.com>
In-Reply-To: <CAG2Zi20N98cxpgjfRe6gWw1SQEoux+5P3NhLBFUfUHk_udYeFg@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 26 Sep 2024 12:48:42 -0400
Message-ID: <CAMm+LwhArqrfPO+p9RcL-2+nisG7z_76gy_fopOPRUPvtRZ8Qg@mail.gmail.com>
To: Christopher Patton <cpatton=40cloudflare.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008b5e80062308830f"
Message-ID-Hash: PMR4OSYGYVRHVMSEAGPNEQLSI6ZYPHPQ
X-Message-ID-Hash: PMR4OSYGYVRHVMSEAGPNEQLSI6ZYPHPQ
X-MailFrom: hallam@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: CFRG <cfrg@irtf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: Where should test vectors live?
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/1OuXL43xHdzgCewvtuRN1BzuBEk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Surprised nobody mentioned the NIST AVCP project here.

They have test vectors and code. Wow do they have a lot of test vectors.
https://github.com/usnistgov/ACVP-Server/tree/master

They also have a pile of Internet Drafts:
https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html

More information:
https://www.nccoe.nist.gov/automation-nist-cryptographic-module-validation-program


I converted my back end to use their JSON file formats for my test system
so I am slightly biased here. But that only took me a day and I could have
done that faster if I was only looking to do ML-KEM and ML-DSA. And anyone
who is getting their module validated has to use these formats.

There is definitely value in progressing at minimum a draft describing the
meta format to standard. And we should probably do the lot.

The big caveat here is that right now, there are so many test vector sets,
it is difficult to know which one is the right one to use. Some
algorithms are easy, SHA2, SHA3, etc. Others are pretty difficult. I still
haven't found a test vector set for ECDH key exchange with P256/P384/P521
for use in JOSE/COSE. There are a dozen that look relevant but none seems
to be the one.

A small caveat is that while I don't accept the legitimacy of groups like
JOSE and COSE saying they MUST support the algorithm of choice when they
were meeting, that is an application choice, it is certainly legitimate for
a group to say MUST NOT. And so we probably want to look into testing to
see that MUST NOT is managed as we would want. We definitely want to
continue to erase SHA-1, etc.


We might want to extend the approach somewhat to go beyond algorithms to
protocol test sets. But it seems capable enough.

v2.39.1 | Report a Bug | By Email | System Status