Skip to content

CryptoLib: Testing and Validation

Jump to bottom
Robert Brown edited this page Dec 6, 2021 · 16 revisions

Unit Tests

TC_APPLYSECURITY

HAPPY_PATH

This is the nominal test case. Optimal inputs are given, and CRYPTO_LIB_SUCCESS is expected from the final output of the TC_APPLY_SECURITY function

NO_CRYPTO_INIT

Testing to verify that CRYPTO_LIB_ERR_NO_INIT is returned when the Crypto_Init() function is not called before attempting to process any other inputs

BAD_SPACE_CRAFT_ID

Validates that proper response is given (CRYPTO_LIB_ERR_INVALID_SCID) when invalid space craft ID is passed as one of the parameters of a data input

BAD_VIRTUAL_CHANNEL_ID

Validates that proper response is given (CRYTPO_LIB_ERR_INVALID_VCID) when invalid virtual channel ID is passed as one of the parameters of a data input

NULL_BUFFER

Verifies the proper OS_ERROR response when an invalid or NULL buffer is passed to the TC_APPLY_SECURITY. This should be verified and checked by external users to be sure this already does not happen, but it tested here to be sure it is handled in this location as well.

Validation

VALIDATION_TEST

AUTH_ENCRYPTION_TEST

ET_VALIDATION.AUTH_ENCRYPTION_TEST Makes use of the Python3 Cryptodome module to verify that TC_APPLY_SECURITY properly utilizes LibGCrypt to produce the same results as an external third party software. This external Python program is internalized.

AUTH_DECRYPTION_TEST

DT_VALIDATION.AUTH_DECRYPTION_TEST Reverses the AUTH_ENCRYPTION_TEST to verify that TC_PROCESSSECURITY is functioning properly and makes appropriate use of libgcrypt. Output should be comparable to the original data that is passed into the authorization test.

The following validation tests make use of NIST vectors with known outputs to verify that TC_APPLYSECURITY and TC_PROCESSSECURITY generate the output that is expected via known output tests through the NIST standard, and referenced from the following page and document: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/CAVP-TESTING-BLOCK-CIPHER-MODES.

NIST_ENC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_0, NIST_DEC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_0

Test Vector 0: Standard 256-bit Key, 96 bit IV, 128 bit plain-text, MAC Length 120 bits

NIST_ENC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_1, NIST_DEC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_1

Test Vector 1: Standard 256-bit Key, 96 bit IV, 128 bit plain-text, MAC Length 120 bits

NIST_ENC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_2, NIST_DEC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_2

Test Vector 2: Standard 256-bit Key, 96 bit IV, 128 bit plain-text, MAC Length 120 bits

NIST_ENC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_3, NIST_DEC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_3

Test Vector 3: Standard 256-bit Key, 96 bit IV, 128 bit plain-text, MAC Length 120 bits

NIST_ENC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_4, NIST_DEC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_4

Test Vector 4: Standard 256-bit Key, 96 bit IV, 128 bit plain-text, MAC Length 120 bits

NIST_ENC_MAC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_0, NIST_DEC_MAC_VALIDATION.AES_GCM_256_IV_96_PT_128_TEST_0

Authorization only MAC validation. Making use of both TC_Apply and TC_Process fucntionality.

Clone this wiki locally