HI, Can you please let me know if there is anything wrong with the request file. If there is a sample input file could you please share it.
Thanks Shruthi From: Vasantharangan, Shruthi M. Sent: Tuesday, 31 July, 2012 5:08 PM To: dev-tech-crypto@lists.mozilla.org Subject: RE: RandomNumberGenerator that is FIPS 140-2 level 2 complaint Yes. I tried to use the fipstest and below is the output file contents for the inputfile from NIST. I am using source from the bundle nss-3.12.9-with-nspr-4.8.7.tar.gz. # CAVS 11.1 # DRBG800-90 information for "drbg_values" # Generated on Fri May 20 11:16:40 2011 # Hash_DRBG options: SHA-1 :: SHA-224 :: SHA-256 :: SHA-384 :: SHA-512 [SHA-256] [PredictionResistance = True] [EntropyInputLen = 256] [NonceLen = 128] [PersonalizationStringLen = 0] [AdditionalInputLen = 0] COUNT = 0 EntropyInput = 0dc8e193bfac4bd7467c5540a2f3bb2033abf037344cb77d76f4ff335fe8032b Nonce = cc0678c49c3e51d03b5942d08b1d056a PersonalizationString = # PRNGTEST_Instantiate(0dc8e193bfac4bd7467c5540a2f3bb2033abf037344cb77d76f4ff335fe8032b,32,cc0678c49c3e51d03b5942d08b1d056a,16,,0) AdditionalInput = # PRNGTEST_Generate(returnbytes,32,,0) #ReturnedBits = 8e680727b74f18a9d0c13829850888db2ac3a24bd9e4c9a8055cfd9cb1b0a592 EntropyInputPR = e4685b570f4fd1cb024345cdd124e7b3573819175d77aec1f01865d9fe5aa14d AdditionalInput = # PRNGTEST_Generate(returnbytes,32,,0) ReturnedBits = b916aaa5b91579e206c427159c726aec147d73ab62f5c3265307f9a88f13c71e # PRNGTEST_Uninstantiate() EntropyInputPR = 81d0bab3ee9043cae5708beb6ad46bb5c3b33746b68815cc04779f4f25bdbbbc # Generate failed: # predicted=ec0efb7e001817cca4089f660c1f22de57be9a32eda0df8764aed4c746ff1ba0 # actual = b916aaa5b91579e206c427159c726aec147d73ab62f5c3265307f9a88f13c71e Rgds Shruthi -----Original Message----- From: dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozilla.org<mailto:dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozilla.org> [mailto:dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozilla.org]<mailto:[mailto:dev-tech-crypto-bounces+svasantharangan=idirect....@lists.mozilla.org]> On Behalf Of Robert Relyea Sent: Tuesday, 31 July, 2012 4:59 PM To: dev-tech-crypto@lists.mozilla.org<mailto:dev-tech-crypto@lists.mozilla.org> Subject: Re: RandomNumberGenerator that is FIPS 140-2 level 2 complaint On 07/31/2012 09:08 AM, Vasantharangan, Shruthi M. wrote: > Hi, > I have downloaded the source for 3.12.9 which supports the DRBG. The > fipstest tool which uses the private interface for random number generation > which calls from ~lib/freebl/drbg.c. > I notice that for a DRBG input file (got from DRBG) consisting of input type > Hash SHA256_DRBG, the generated bits does not match what is predicted by > NIST. The fipstest.c correctly reads and sets the various parameters from the > input file correctly. > I am trying to do a sanity check before using the NSS api. We are looking > at an option to install NSS manually (since the default shipped with RHEL 5 > uses libsoftoken for 3.11.4). > > Rgds > Shruthi you need cmd/fipstest which calls drbg.c. bob _____________________________________________________ This electronic message and any files transmitted with it contains information from iDirect, which may be privileged, proprietary and/or confidential. It is intended solely for the use of the individual or entity to whom they are addressed. If you are not the original recipient or the person responsible for delivering the email to the intended recipient, be advised that you have received this email in error, and that any use, dissemination, forwarding, printing, or copying of this email is strictly prohibited. If you received this email in error, please delete it and immediately notify the sender. _____________________________________________________ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
