Algorithmic Testing: Efficient and Effective Approach (U23c)
Cryptographic algorithm testing is and was always an integral part of FIPS 140-2 validations. In the past, the Cryptographic Algorithm Validation System (CAVS) was provided by NIST. Now, NIST is offering a whole new approach to CAVS with the new Automated Cryptographic Validation Testing (ACVT) system. Apple has performed testing for FIPS 140-2 validations of its Corecrypto module in multiple execution environments on a large number of devices for years. A short history is provided about how the cryptographic algorithm testing was conducted and has changed. This will show how much effort was spent on only this testing aspect both by Apple as well as by atsec to process the appropriate test vectors. With the advent of ACVT, atsec and Apple are on the forefront of adopting the new testing methodology. Using ACVT, a massive effort reduction is achieved while increasing the number of execution environments and algorithms. Illustrating how such a reduction in effort is achieved, this presentation is intended to provide guidance to other vendors on how to apply ACVT effectively and efficiently. By using ACVT, a previously unavailable regression testing methodology emerges that allows for immediate and continual in-house regression testing. Thus, with ACVT the test approach truly becomes fully automated and is already applied as part of the regular Apple development and regression testing strategy. The goal is to present a possible path for other vendors to reduce their effort that needs to be spent while increasing their efficiency and effectiveness of algorithmic testing and thus the overall FIPS 140-2 validation effort and time to market.