ACVP-Server icon indicating copy to clipboard operation
ACVP-Server copied to clipboard

Published 20 hours ago verified publisher icon usnistgov

ACVP Server DB consistency issue?

Open smuellerDD opened this issue 4 years ago • 2 comments

During preparation of a search capability following https://github.com/usnistgov/ACVP/wiki/Finding-ACVTS-Metadata-IDs-of-Legacy-Validation-Data I tried to query the certificate for our ACVP Proxy tool: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=11251.

I queried the Prod server for /acvp/v1/validations/11251 and got:

[
  {
    "acvVersion": "1.0"
  },
  {
    "url": "/acvp/v1/validations/11251",
    "validationId": "AES2189",
    "moduleUrl": "/acvp/v1/modules/428",
    "oeUrls": [
      "/acvp/v1/oes/744"
    ]
  }
]

This is followed by querying the Prod server /acvp/v1/modules/428 and I got

[
  {
    "acvVersion": "1.0"
  },
  {
    "url": "/acvp/v1/modules/428",
    "name": "AES GCM for User Data and Key Wrapping",
    "version": "POPOVICH10 1.0 (Firmware)",
    "type": "Firmware",
    "website": "www.hp.com",
    "vendorUrl": "/acvp/v1/vendors/428",
    "addressUrl": "/acvp/v1/vendors/428/addresses/428",
    "contactUrls": [
      "/acvp/v1/persons/553"
    ],
    "description": "The Hewlett Packard LTO-6 Tape Drive is a multi-chip standalone module composed of hardware and firmware components, providing cryptographic services to a host."
  }
]

This is strange - shouldn't there be my ACVP Proxy entries?

Besides, applying the same queries to the demo server, I get the very same data. What am I missing?

smuellerDD avatar Dec 08 '20 09:12 smuellerDD

The CSRC URL you listed is the one that shows all the validations for a given product - you then used that product ID on the validation endpoint. You want the ID from URL from CSRC that is for a single validation, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=xxxxxx

shaneshaffer avatar Dec 08 '20 14:12 shaneshaffer

Am Dienstag, den 08.12.2020, 06:12 -0800 schrieb shaneshaffer:

The CSRC URL you listed is the one that shows all the validations for a given product - you then used that product ID on the validation endpoint. You want the ID from URL from CSRC that is for a single validation, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=xxxxxx

Agreed, ist.gov/projects/cryptographic-algorithm-validation- program/details?product=11251 shows the validation of our ACVP Proxy.

However, https://github.com/usnistgov/ACVP/wiki/Finding-ACVTS-Metadata-IDs-of-Legacy-Validation-Data says that the ID number in that URL can be used to request validation details via ACVP.

And indeed, this works as outlined in the communication mentioned above. But the returned data is unexpected.

smuellerDD avatar Dec 08 '20 15:12 smuellerDD