Hidden Execution Paths: Testing PAA/PAI Correctly (G30c)
Cryptographic modules often have multiple algorithms implementations utilizing Processor Algorithm Acceleration (PAA) or Processor Algorithm Implementation (PAI) that are commonly provided by modern processors. The software implementations of algorithms with PAA/PAI provides both speed and flexibility for a wide range of platforms; however, vendors/labs often miss the testing of all possible execution paths for these implementations. In this talk the speakers provide guidelines for the correct testing of algorithms with PAA/PAI. First, the speakers cover the CMVP guidance that must be complied with (e.g., shall statements from IG 2.3.C); then, the speakers demonstrate test cases that guide the procedures for accurate PAA/PAI testing.
For instance, libraries such as OpenSSL commonly provide implementations for algorithm accelerations on different operational environments. Although, the genuine testing of PAA/PAI may be unintentionally omitted, especially with automated testing in place. Additionally, without accurate testing, certain algorithm implementations may be unintentionally listed under implementations that do not cover those algorithms. A general example is when an algorithm mode makes use of an accelerated function while another mode, without acceleration, is listed under the same implementation. This results in wrong claims of PAA/PAI. To avoid this issue, the tester must ensure that PAA/PAI code execution paths are properly identified and covered by testing.