ACVP Client Integration for FIPS Algorithm Testing and Runtime Crypto Assessment (C23a)
As we move into a new dynamic of Automated Crypto Validations we must all consider how we will incorporate the ACV Protocol for FIPS algorithm testing. The Algorithm Test WG of the CMVP WG has developed an open-sourced ACV client to help address the needs of the community. This client has been developed on linux using openssl as both the crypto module under test as well as the transport for communicating with the NIST server. This implementation consists of a library, libacvp, and a small application that interfaces with libacvp and the module under test. It has been successfully demonstrated at ICMC in conjunction with the NIST ACV Server. While the open source ACV client will meet the needs of many crypto module validations as is, there are many consumers that will need to integrate libacvp into other environments therefore requiring a new interface to their crypto modules and also may desire a different transport. This session will provide a deep dive into the following work items associated with supporting new environments:
1. Supporting libacvp on windows, mac, etc.
2. Adaptation of the application software to other crypto modules’ interface
3. Use of a different TLS transport library, wolfSSL or other
4. How to convert your algorithm sheet into initialization and registration
5. Results gathering and debugging.
6. ACVP in a production environment for runtime crypto assessment (RCA)
Each topic will be covered by discussing integration steps as well as a walk through where we anticipate significant audience interaction.
Depending on availability, we may be able to provide direction on developing a java based ACVP client as well.