On 04/17/2013 06:28 PM, Bharath wrote:
Hi ,
We were planning on using the nss drbg model for validating the HASH_DRBG
implementation inside (nss-3.14.3/mozilla/security/nss/cmd/fipstest) .
The fipstest.c needs updating for FIPS SP800-90A testing to validate drbg .
Please refer to the following documents
Validation document ->
http://csrc.nist.gov/groups/STM/cavp/documents/drbg/DRBGVS.pdf
In the above document the steps for Generating random number has changed to
(1) instantiate drbg
(2) reseed
(3) generate ReturnedBitsLen random bits, do not print
(4) generate ReturnedBitsLen random bits, print out
(5) uninstantiate.
For Prediction resistance false
Previously it was
(1) instantiate drbg
(2) generate ReturnedBitsLen random bits, do not print
(3) reseed
(4) generate ReturnedBitsLen random bits, print out
(5) uninstantiate.
The fipstest,.c and drbg.c needs updating .
I may have the required fipstest changes on the NSS 3.12.9.1 branch in
CVS. Your best best is to write a bug and attach a patch to it, and
request me to review it. That will put it on a list that will eventually
get my attention.
bob
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
