From 892113862defb1846a98a8485f2e0385354c5822 Mon Sep 17 00:00:00 2001 From: Joachim Vandersmissen Date: Fri, 28 Mar 2025 19:26:58 -0500 Subject: [PATCH] Add XECDH protocol specification --- src/draft-vandersmissen-acvp-xecdh.adoc | 78 +++++++++++++++++++ src/xecdh/sections/03-supported.adoc | 9 +++ src/xecdh/sections/04-testtypes.adoc | 29 +++++++ src/xecdh/sections/05-capabilities.adoc | 34 ++++++++ .../05-xecdh-keygen-capabilities.adoc | 37 +++++++++ .../05-xecdh-keyver-capabilities.adoc | 37 +++++++++ .../sections/05-xecdh-ssc-capabilities.adoc | 37 +++++++++ src/xecdh/sections/06-test-vectors.adoc | 33 ++++++++ .../06-xecdh-keygen-test-vectors.adoc | 61 +++++++++++++++ .../06-xecdh-keyver-test-vectors.adoc | 61 +++++++++++++++ .../sections/06-xecdh-ssc-test-vectors.adoc | 71 +++++++++++++++++ src/xecdh/sections/07-responses.adoc | 15 ++++ .../sections/07-xecdh-keygen-responses.adoc | 51 ++++++++++++ .../sections/07-xecdh-keyver-responses.adoc | 49 ++++++++++++ .../sections/07-xecdh-ssc-responses.adoc | 61 +++++++++++++++ src/xecdh/sections/98-references.adoc | 26 +++++++ 16 files changed, 689 insertions(+) create mode 100644 src/draft-vandersmissen-acvp-xecdh.adoc create mode 100644 src/xecdh/sections/03-supported.adoc create mode 100644 src/xecdh/sections/04-testtypes.adoc create mode 100644 src/xecdh/sections/05-capabilities.adoc create mode 100644 src/xecdh/sections/05-xecdh-keygen-capabilities.adoc create mode 100644 src/xecdh/sections/05-xecdh-keyver-capabilities.adoc create mode 100644 src/xecdh/sections/05-xecdh-ssc-capabilities.adoc create mode 100644 src/xecdh/sections/06-test-vectors.adoc create mode 100644 src/xecdh/sections/06-xecdh-keygen-test-vectors.adoc create mode 100644 src/xecdh/sections/06-xecdh-keyver-test-vectors.adoc create mode 100644 src/xecdh/sections/06-xecdh-ssc-test-vectors.adoc create mode 100644 src/xecdh/sections/07-responses.adoc create mode 100644 src/xecdh/sections/07-xecdh-keygen-responses.adoc create mode 100644 src/xecdh/sections/07-xecdh-keyver-responses.adoc create mode 100644 src/xecdh/sections/07-xecdh-ssc-responses.adoc create mode 100644 src/xecdh/sections/98-references.adoc diff --git a/src/draft-vandersmissen-acvp-xecdh.adoc b/src/draft-vandersmissen-acvp-xecdh.adoc new file mode 100644 index 000000000..754638205 --- /dev/null +++ b/src/draft-vandersmissen-acvp-xecdh.adoc @@ -0,0 +1,78 @@ += ACVP XECDH JSON Specification +:doctype: internet-draft +:docname: acvp-xecdh +:docnumber: draft-vandersmissen-acvp-xecdh-01 +:abbrev: ACVP XECDH +:ipr: trust200902 +:submission-type: independent +:area: Internet +:intended-series: informational +:revdate: 2025-03-28 +:forename_initials: J. +:lastname: Vandersmissen +:fullname: Joachim Vandersmissen +:organization: atsec information security corporation +:street: 4516 Seton Center Parkway, Suite 250 +:city: Austin +:code: 78759 +:country: United States of America +:email: joachim@atsec.com +:role: editor +:docfile: draft-vandersmissen-acvp-xecdh.adoc +:mn-document-class: ietf +:mn-output-extensions: xml,rfc,txt,html +:area: General +:keyword: acvp, crypto + +// Singular name of the algorithm +:spec-algorithm: Elliptic Curve Diffie-Hellman using Curve25519 and Curve448 (XECDH) +:algo-short-name: XECDH + +include::common/common-sections/00-abstract.adoc[] + +include::common/common-sections/01-intro.adoc[] + +include::common/common-sections/02-conventions.adoc[] + +include::xecdh/sections/03-supported.adoc[] + +include::xecdh/sections/04-testtypes.adoc[] + +include::common/common-sections/05-capabilities-description.adoc[] + +include::common/common-sections/051-prerequisites.adoc[] + +include::xecdh/sections/05-capabilities.adoc[] + +include::xecdh/sections/05-xecdh-keygen-capabilities.adoc[] + +include::xecdh/sections/05-xecdh-keyver-capabilities.adoc[] + +include::xecdh/sections/05-xecdh-ssc-capabilities.adoc[] + +//include::common/common-sections/06-test-vector-intro.adoc[] + +include::xecdh/sections/06-test-vectors.adoc[] + +include::xecdh/sections/06-xecdh-keygen-test-vectors.adoc[] + +include::xecdh/sections/06-xecdh-keyver-test-vectors.adoc[] + +include::xecdh/sections/06-xecdh-ssc-test-vectors.adoc[] + +include::xecdh/sections/07-responses.adoc[] + +include::xecdh/sections/07-xecdh-keygen-responses.adoc[] + +include::xecdh/sections/07-xecdh-keyver-responses.adoc[] + +include::xecdh/sections/07-xecdh-ssc-responses.adoc[] + +include::common/common-sections/10-security.adoc[] + +include::common/common-sections/11-iana.adoc[] + +include::common/common-sections/99-acknowledgements.adoc[] + +// References must be given before appendixes +include::xecdh/sections/98-references.adoc[] diff --git a/src/xecdh/sections/03-supported.adoc b/src/xecdh/sections/03-supported.adoc new file mode 100644 index 000000000..f3d8d5ceb --- /dev/null +++ b/src/xecdh/sections/03-supported.adoc @@ -0,0 +1,9 @@ + +[#supported] +== Supported XECDH Algorithms + +The following XECDH algorithms *MAY* be advertised by the ACVP compliant cryptographic module: + +* XECDH / keyGen / RFC7748 +* XECDH / keyVer / RFC7748 +* XECDH / SSC / RFC7748 diff --git a/src/xecdh/sections/04-testtypes.adoc b/src/xecdh/sections/04-testtypes.adoc new file mode 100644 index 000000000..713b71dce --- /dev/null +++ b/src/xecdh/sections/04-testtypes.adoc @@ -0,0 +1,29 @@ + +[#testtypes] +== Test Types and Test Coverage + +[#ttypes] +=== Test Types + +The ACVP server performs a set of tests on the specified XECDH algorithm in order to assess the correctness and robustness of the implementation, conformant to <>. A typical ACVP validation session *SHALL* require multiple tests to be performed for every supported permutation of XECDH capabilities. This section describes the design of the tests used to validate implementations of the XECDH algorithms. + +* XECDH / keyGen / RFC7748 "AFT" - Algorithm Functional Test. The IUT is *REQUIRED* for each test case provided, to generate a key pair based on a curve. This information is then communicated to the ACVP server and validated. + +* XECDH / keyVer / RFC7748 "AFT" - Algorithm Functional Test. The ACVP server is *REQUIRED* to generate a series of public keys based on the IUT provided curve(s). The public keys generated by the server *MAY* or *MAY NOT* be valid, the IUT is *REQUIRED* to determine if the public keys provided in the test cases are valid or invalid keys as they relate to the curve. + +* XECDH / SSC / RFC7748 "AFT" - Algorithm Functional Test. The IUT *SHALL* act as a party in the Shared Secret Computation with the ACVP server. The server *SHALL* generate and provide all necessary information for the IUT to successfully compute a secret shared with the server. + +[[test_coverage]] +=== Test Coverage + +* TBD... + +[[requirements_covered]] +==== Requirements Covered + +* TBD... + +[[requirements_not_covered]] +==== Requirements Not Covered + +* TBD... diff --git a/src/xecdh/sections/05-capabilities.adoc b/src/xecdh/sections/05-capabilities.adoc new file mode 100644 index 000000000..1deb7c694 --- /dev/null +++ b/src/xecdh/sections/05-capabilities.adoc @@ -0,0 +1,34 @@ + +[[prereq_algs]] +=== Required Prerequisite Algorithms for XECDH Validations + +Each XECDH implementation relies on other cryptographic primitives. For example, XECDH uses an underlying DRBG algorithm. Each of these underlying algorithm primitives must be validated, either separately or as part of the same submission. ACVP provides a mechanism for specifying the required prerequisites: + +[[rereqs_table]] +.Required XECDH Prerequisite Algorithms JSON Values +|=== +| JSON Value | Description | JSON type | Valid Values + +| algorithm | a prerequisite algorithm | string | DRBG +| valValue | algorithm validation number | string | actual number or "same" +| prereqAlgVal | prerequisite algorithm validation | object with algorithm and valValue properties | see above +| prereqVals | prerequisite algorithm validations | array of prereqAlgVal objects | see above +|=== + +[[XECDH_caps_reg]] +=== XECDH Algorithm Capabilities Registration + +Each algorithm capability advertised is a self-contained JSON object using the following values + +[[caps_table]] +.XECDH Algorithm Capabilities JSON Values +|=== +| JSON Value | Description | JSON type | Valid Values + +| algorithm | The algorithm under test | string | "XECDH" +| mode | The XECDH mode to be validated | string | "keyGen", "keyVer", or "SSC" +| revision | The algorithm testing revision to use | string | "RFC7748" +| prereqVals | prerequisite algorithm validations| array of prereqAlgVal objects | See <> +|=== + +The follwing sections offer additional *REQUIRED* JSON properties for each algorithm / mode / revision. diff --git a/src/xecdh/sections/05-xecdh-keygen-capabilities.adoc b/src/xecdh/sections/05-xecdh-keygen-capabilities.adoc new file mode 100644 index 000000000..70cb1aa94 --- /dev/null +++ b/src/xecdh/sections/05-xecdh-keygen-capabilities.adoc @@ -0,0 +1,37 @@ +[[mode_keyGen]] +==== The XECDH keyGen Mode Capabilities + +Each XECDH keyGen mode capability set is advertised as a self-contained JSON object. + +[[mode_keyGenFullSet]] +===== XECDH keyGen Full Set of Capabilities + +The complete list of XECDH key generation capabilities may be advertised by the ACVP compliant crypto module: + +[[keyGen_table]] +.XECDH keyGen Capabilities JSON Values +|=== +| JSON Value | Description | JSON type | Valid Values + +| curve | The curve names supported for the IUT in keyGen | array | Any non-empty subset of {"Curve25519", "Curve448"} +|=== + +An example of this is the following + +[source, json] +---- +{ + "algorithm": "XECDH", + "mode": "keyGen", + "revision": "RFC7748", + "prereqVals": [{ + "algorithm": "DRBG", + "valValue": "123456" + } + ], + "curve": [ + "Curve25519", + "Curve448" + ] +} +---- diff --git a/src/xecdh/sections/05-xecdh-keyver-capabilities.adoc b/src/xecdh/sections/05-xecdh-keyver-capabilities.adoc new file mode 100644 index 000000000..eece051e3 --- /dev/null +++ b/src/xecdh/sections/05-xecdh-keyver-capabilities.adoc @@ -0,0 +1,37 @@ +[[mode_keyVer]] +==== The XECDH keyVer Mode Capabilities + +Each XECDH keyVer mode capability set is advertised as a self-contained JSON object. + +[[mode_keyVerFullSet]] +===== XECDH keyVer Full Set of Capabilities + +The complete list of XECDH key verification capabilities may be advertised by the ACVP compliant crypto module: + +[[keyVer_table]] +.XECDH keyVer Capabilities JSON Values +|=== +| JSON Value | Description | JSON type | Valid Values + +| curve | The curve names supported for the IUT in keyVer | array | Any non-empty subset of {"Curve25519", "Curve448"} +|=== + +An example of this is the following + +[source, json] +---- +{ + "algorithm": "XECDH", + "mode": "keyVer", + "revision": "RFC7748", + "prereqVals": [{ + "algorithm": "DRBG", + "valValue": "123456" + } + ], + "curve": [ + "Curve25519", + "Curve448" + ] +} +---- diff --git a/src/xecdh/sections/05-xecdh-ssc-capabilities.adoc b/src/xecdh/sections/05-xecdh-ssc-capabilities.adoc new file mode 100644 index 000000000..d3fa30576 --- /dev/null +++ b/src/xecdh/sections/05-xecdh-ssc-capabilities.adoc @@ -0,0 +1,37 @@ +[[mode_SSC]] +==== The XECDH SSC Mode Capabilities + +Each XECDH SSC mode capability set is advertised as a self-contained JSON object. + +[[mode_SSCFullSet]] +===== XECDH SSC Full Set of Capabilities + +The complete list of XECDH shared secret computation capabilities may be advertised by the ACVP compliant crypto module: + +[[SSC_table]] +.XECDH SSC Capabilities JSON Values +|=== +| JSON Value | Description | JSON type | Valid Values + +| curve | The curve names supported for the IUT in SSC | array | Any non-empty subset of {"Curve25519", "Curve448"} +|=== + +An example of this is the following + +[source, json] +---- +{ + "algorithm": "XECDH", + "mode": "SSC", + "revision": "RFC7748", + "prereqVals": [{ + "algorithm": "DRBG", + "valValue": "123456" + } + ], + "curve": [ + "Curve25519", + "Curve448" + ] +} +---- diff --git a/src/xecdh/sections/06-test-vectors.adoc b/src/xecdh/sections/06-test-vectors.adoc new file mode 100644 index 000000000..0c01749a6 --- /dev/null +++ b/src/xecdh/sections/06-test-vectors.adoc @@ -0,0 +1,33 @@ +[[tgjs]] +== Test Vectors + +The ACVP server provides test vectors to the ACVP client, which are then processed and returned to the ACVP server for validation. A typical ACVP validation session would require multiple test vector sets to be downloaded and processed by the ACVP client. Each test vector set represents an individual XECDH function. This section describes the JSON schema for a test vector set used with XECDH algorithms. + +The test vector set JSON schema is a multi-level hierarchy that contains meta data for the entire vector set as well as individual test vectors to be processed by the ACVP client.The following table describes the JSON elements at the top level of the hierarchy. + +[[vs_top_table]] +.Vector Set JSON Object +|=== +| JSON Value | Description | JSON type + +| acvVersion | Protocol version identifier | string +| vsId | Unique numeric identifier for the vector set | string +| algorithm | Algorithm defined in the capability exchange | string +| mode | Mode defined in the capability exchange | string +| revision | Protocol test revision selected | string +| testGroups | Array of test group JSON objects, which are defined in <>, <>, and <> | array +|=== + +An example of this would look like this + +[source,json] +---- +{ + "acvVersion": "version", + "vsId": 1, + "algorithm": "Alg1", + "mode": "Mode1", + "revision": "RFC7748", + "testGroups": [ ... ] +} +---- diff --git a/src/xecdh/sections/06-xecdh-keygen-test-vectors.adoc b/src/xecdh/sections/06-xecdh-keygen-test-vectors.adoc new file mode 100644 index 000000000..625417bd0 --- /dev/null +++ b/src/xecdh/sections/06-xecdh-keygen-test-vectors.adoc @@ -0,0 +1,61 @@ +[[XECDH_keyGen_tgjs]] +=== XECDH keyGen Test Groups JSON Schema + +The testGroups element at the top level in the test vector JSON object is an array of test groups. Test vectors are grouped into similar test cases to reduce the amount of data transmitted in the vector set. For instance, all test vectors that use the same key size would be grouped together. The Test Group JSON object contains meta data that applies to all test vectors within the group. The following table describes the JSON elements of the Test Group JSON object. + +The test group for XECDH / keyGen / RFC7748 is as follows: + +[[XECDH_keyGen_vs_tg_table5]] +.XECDH keyGen Test Group JSON Object +|=== +| JSON Value | Description | JSON type + +| tgId | The test group identifier | integer +| curve | The curve type used for the test vectors | string +| testType | The testType for the group | string +| tests | Array of individual test vector JSON objects, which are defined in <> | array +|=== + +[[XECDH_keyGen_tvjs]] +=== XECDH keyGen Test Case JSON Schema + +Each test group contains an array of one or more test cases. Each test case is a JSON object that represents a single test vector to be processed by the ACVP client. The following table describes the JSON elements for each XECDH test vector. + +[[XECDH_keyGen_vs_tc_table5]] +.Test Case JSON Object +|=== +| JSON Value | Description | JSON type + +| tcId | Numeric identifier for the test case, unique across the entire vector set | integer +|=== + +NOTE: The client is responsible for generating a single key pair per test case. + +The following is an example of a prompt for XECDH / keyGen / RFC7748 + +[source, json] +---- +[ + { + "acvVersion": + }, + { + "vsId": 1234, + "algorithm": "XECDH", + "mode": "keyGen", + "revision": "RFC7748", + "testGroups": [ + { + "tgId": 1, + "curve": "Curve25519", + "testType": "AFT", + "tests": [ + { + "tcId": 1 + } + ] + } + ] + } +] +---- diff --git a/src/xecdh/sections/06-xecdh-keyver-test-vectors.adoc b/src/xecdh/sections/06-xecdh-keyver-test-vectors.adoc new file mode 100644 index 000000000..d82020731 --- /dev/null +++ b/src/xecdh/sections/06-xecdh-keyver-test-vectors.adoc @@ -0,0 +1,61 @@ +[[XECDH_keyVer_tgjs]] +=== XECDH keyVer Test Groups JSON Schema + +The testGroups element at the top level in the test vector JSON object is an array of test groups. Test vectors are grouped into similar test cases to reduce the amount of data transmitted in the vector set. For instance, all test vectors that use the same key size would be grouped together. The Test Group JSON object contains meta data that applies to all test vectors within the group. The following table describes the JSON elements of the Test Group JSON object. + +The test group for XECDH / keyVer / RFC7748 is as follows: + +[[XECDH_keyVer_vs_tg_table5]] +.XECDH keyVer Test Group JSON Object +|=== +| JSON Value | Description | JSON type + +| tgId | The test group identifier | integer +| curve | The curve type used for the test vectors | string +| testType | The testType for the group | string +| tests | Array of individual test vector JSON objects, which are defined in <> | array +|=== + +[[XECDH_keyVer_tvjs]] +=== XECDH keyVer Test Case JSON Schema + +Each test group contains an array of one or more test cases. Each test case is a JSON object that represents a single test vector to be processed by the ACVP client. The following table describes the JSON elements for each XECDH test vector. + +[[XECDH_keyVer_vs_tc_table5]] +.Test Case JSON Object +|=== +| JSON Value | Description | JSON type + +| tcId | Numeric identifier for the test case, unique across the entire vector set | integer +| publicKey | The (little-endian encoded) XECDH public key | hex +|=== + +The following is an example of a prompt for XECDH / keyVer / RFC7748 + +[source, json] +---- +[ + { + "acvVersion": + }, + { + "vsId": 1234, + "algorithm": "XECDH", + "mode": "keyVer", + "revision": "RFC7748", + "testGroups": [ + { + "tgId": 1, + "curve": "Curve25519", + "testType": "AFT", + "tests": [ + { + "tcId": 1, + "publicKey": "2DAD64ED8A...", + } + ] + } + ] + } +] +---- diff --git a/src/xecdh/sections/06-xecdh-ssc-test-vectors.adoc b/src/xecdh/sections/06-xecdh-ssc-test-vectors.adoc new file mode 100644 index 000000000..2c4aaf7ad --- /dev/null +++ b/src/xecdh/sections/06-xecdh-ssc-test-vectors.adoc @@ -0,0 +1,71 @@ +[[XECDH_SSC_tgjs]] +=== XECDH SSC Test Groups JSON Schema + +The testGroups element at the top level in the test vector JSON object is an array of test groups. Test vectors are grouped into similar test cases to reduce the amount of data transmitted in the vector set. For instance, all test vectors that use the same curve would be grouped together. The Test Group JSON object contains meta data that applies to all test vectors within the group. The following table describes the JSON elements of the Test Group JSON object. + +The test group for XECDH / SSC / RFC7748 is as follows: + +[[XECDH_SSC_vs_tg_table5]] +.XECDH SSC Test Group JSON Object +|=== +| JSON Value | Description | JSON type + +| tgId | The test group identifier | integer +| curve | The curve type used for the test vectors | string +| testType | The testType for the group | string +| tests | Array of individual test vector JSON objects, which are defined in <> | array +|=== + +[[XECDH_SSC_tvjs]] +=== XECDH SSC Test Case JSON Schema + +Each test group contains an array of one or more test cases. Each test case is a JSON object that represents a single test vector to be processed by the ACVP client. The following table describes the JSON elements for each XECDH test vector. + +[[XECDH_SSC_vs_tc_table5]] +.Test Case JSON Object +|=== +| JSON Value | Description | JSON type + +| tcId | Numeric identifier for the test case, unique across the entire vector set | integer +| publicServer | The (little-endian encoded) server's XECDH public key | hex +|=== + +NOTE: The client is responsible for generating a single key pair per test case. + +The following is an example of a prompt for XECDH / SSC / RFC7748 + +[source, json] +---- +[ + { + "acvVersion": + }, + { + "vsId": 1234, + "algorithm": "XECDH", + "mode": "SSC", + "revision": "RFC7748", + "testGroups": [ + { + "tgId": 1, + "testType": "AFT", + "curve": "Curve25519", + "tests": [ + { + "tcId": 1, + "publicServer": "47765AC7B6..." + }, + { + "tcId": 2, + "publicServer": "F00F87E4CC..." + }, + { + "tcId": 3, + "publicServer": "8DD0547F17..." + } + ] + } + ] + } +] +---- diff --git a/src/xecdh/sections/07-responses.adoc b/src/xecdh/sections/07-responses.adoc new file mode 100644 index 000000000..307c88ea7 --- /dev/null +++ b/src/xecdh/sections/07-responses.adoc @@ -0,0 +1,15 @@ + +[[responses]] +== Test Vector Responses + +After the ACVP client downloads and processes a vector set, it must send the response vectors back to the ACVP server. The following table describes the JSON object that represents a vector set response. + +[[vr_top_table]] +.Vector Set Response JSON Object +|=== +| JSON Value | Description | JSON type + +| acvVersion | Protocol version identifier | string +| vsId | Unique numeric identifier for the vector set | integer +| testGroups | Array of JSON objects that are defined in <>, <> and <> | array +|=== diff --git a/src/xecdh/sections/07-xecdh-keygen-responses.adoc b/src/xecdh/sections/07-xecdh-keygen-responses.adoc new file mode 100644 index 000000000..b24aa896e --- /dev/null +++ b/src/xecdh/sections/07-xecdh-keygen-responses.adoc @@ -0,0 +1,51 @@ +[[XECDH_keyGen_responses]] +=== XECDH keyGen Test Group Responses + +The following table describes the JSON object that represents a test group response for XECDH / keyGen / RFC7748. + +[[XECDH_keyGen_vr_top_table2]] +.XECDH keyGen Test Group Response JSON Object +|=== +| JSON Value | Description | JSON type + +| tgId | Unique numeric identifier for the test group | integer +| tests | Array of JSON objects that represent each result, as defined by the table below | array +|=== + +The following table describes the JSON object that represents a test case response for XECDH / keyGen / RFC7748. + +[[XECDH_keyGen_vr_top_table5]] +.XECDH keyGen Test Case Response JSON Object +|=== +| JSON Value | Description | JSON type + +| tcId | The test case identifier | integer +| privateKey | The (little-endian encoded) private key | hex +| publicKey | The (little-endian encoded) public key | hex +|=== + +The following is an example of the response for XECDH / keyGen / RFC7748 + +[source, json] +---- +[ + { + "acvVersion": + }, + { + "vsId": 1234, + "testGroups": [ + { + "tgId": 1, + "tests": [ + { + "tcId": 1, + "privateKey": "9DD56FCF1E...", + "publicKey": "9A77B54FE9..." + } + ] + } + ] + } +] +---- diff --git a/src/xecdh/sections/07-xecdh-keyver-responses.adoc b/src/xecdh/sections/07-xecdh-keyver-responses.adoc new file mode 100644 index 000000000..392433d7d --- /dev/null +++ b/src/xecdh/sections/07-xecdh-keyver-responses.adoc @@ -0,0 +1,49 @@ +[[XECDH_keyVer_responses]] +=== XECDH keyVer Test Group Responses + +The following table describes the JSON object that represents a test group response for XECDH / keyVer / RFC7748. + +[[XECDH_keyVer_vr_top_table2]] +.XECDH keyVer Test Group Response JSON Object +|=== +| JSON Value | Description | JSON type + +| tgId | Unique numeric identifier for the test group | integer +| tests | Array of JSON objects that represent each result, as defined by the table below | array +|=== + +The following table describes the JSON object that represents a test case response for XECDH / keyVer / RFC7748. + +[[XECDH_keyVer_vr_top_table5]] +.XECDH keyVer Test Case Response JSON Object +|=== +| JSON Value | Description | JSON type + +| tcId | The test case identifier | integer +| testPassed | Whether or not the public key provided was valid | boolean +|=== + +The following is an example of the response for XECDH / keyVer / RFC7748 + +[source, json] +---- +[ + { + "acvVersion": + }, + { + "vsId": 1234, + "testGroups": [ + { + "tgId": 1, + "tests": [ + { + "tcId": 1, + "testPassed": true + } + ] + } + ] + } +] +---- diff --git a/src/xecdh/sections/07-xecdh-ssc-responses.adoc b/src/xecdh/sections/07-xecdh-ssc-responses.adoc new file mode 100644 index 000000000..670d2cd4c --- /dev/null +++ b/src/xecdh/sections/07-xecdh-ssc-responses.adoc @@ -0,0 +1,61 @@ +[[XECDH_SSC_responses]] +=== XECDH SSC Test Group Responses + +The following table describes the JSON object that represents a test group response for XECDH / SSC / RFC7748. + +[[XECDH_SSC_vr_top_table2]] +.XECDH SSC Test Group Response JSON Object +|=== +| JSON Value | Description | JSON type + +| tgId | Unique numeric identifier for the test group | integer +| tests | Array of JSON objects that represent each result, as defined by the table below | array +|=== + +The following table describes the JSON object that represents a test case response for XECDH / SSC / RFC7748. + +[[XECDH_SSC_vr_top_table5]] +.XECDH SSC Test Case Response JSON Object +|=== +| JSON Value | Description | JSON type + +| tcId | The test case identifier | integer +| publicIut | The (little-endian encoded) IUT's XECDH public key | hex +| z | The shared secret Z | hex +|=== + +The following is an example of the response for XECDH / SSC / RFC7748 + +[source, json] +---- +[ + { + "acvVersion": + }, + { + "vsId": 1234, + "testGroups": [ + { + "tgId": 1, + "tests": [ + { + "tcId": 1, + "publicIut": "A642C3C8E...", + "z": "454E7B7320..." + }, + { + "tcId": 2, + "publicIut": "C7F611263...", + "z": "079E3669F4..." + }, + { + "tcId": 3, + "publicIut": "A642C3C8E...", + "z": "454E7B7320..." + } + ] + } + ] + } +] +---- diff --git a/src/xecdh/sections/98-references.adoc b/src/xecdh/sections/98-references.adoc new file mode 100644 index 000000000..000014e5b --- /dev/null +++ b/src/xecdh/sections/98-references.adoc @@ -0,0 +1,26 @@ + +[bibliography] +== Normative References + +* [[[RFC2119,RFC 2119]]] +* [[[RFC7991,RFC 7991]]] +* [[[RFC8174,RFC 8174]]] + +* [[[RFC7748,RFC 7748]]] + +[%bibitem] +=== Automatic Cryptographic Validation Protocol +id:: ACVP +docid:: + id::: ACVP +contributor:: +contributor.person.name.initial:: J. +contributor.person.name.surname:: Vandersmissen +contributor.person.affiliation.organization.name:: atsec information security corporation +contributor:: +contributor.role:: publisher +contributor.organization.name:: National Institute of Standards and Technology +contributor.organization.abbreviation:: NIST +date:: +date.type:: published +date.value:: 2025-03-28