ACVP Vector Test Harness for OSSL 3.x

Jonathan Plata and Greg McLearnACVP, Tools

Lightship has released, as open source, an ACVP vector test harness for OpenSSL 3.x.

The code can be found in our GitHub repository at https://github.com/lightshipsec/ls-acvp-harness.

The README.md contains the current capabilities which we expect to update and maintain. At the moment, we include most of the typical algorithms and properties that are often claimed or required in FIPS 140-3 and Common Criteria. The full set of supported algorithms, operating modes and properties are described in the README.md. Additional algorithms can be added as needed.

One of the main design philosophies of this test harness was to try to ensure it was as readable as possible and therefore easily modifiable by the community. In addition, during development, each algorithm was added incrementally as a standalone capability. Therefore, initial development shows a lot of repeated code structures and functions. Over time, this will be refactored as appropriate, while trying to maintain the core design philosophies. Our intention is to maintain and augment the code base.

In addition to the OpenSSL 3.x test harness, Lightship has a variant of the test harness for OpenSSL 1.0.2 with the FIPS Object Module (FOM) 2.x and OpenSSL 1.1.x. However, these have not been publicly released at this time.

 

If you need help using this harness within your development environment or to support additional ACVP algorithms, please contact us to discuss.

Jonathan Plata

Jonathan is a software developer at Lightship Security Inc. He has worked as a back-end developer for 5+ years, specializing in database and API programming. He builds tooling with a focus on automating Common Criteria, FIPS and other scheme testing processes.

Greg McLearn is Lightship’s Technical Director. He has been doing Common Criteria and security certifications for 10+ years and enjoys getting his hands on some of the latest technology. He has authored several tools to help facilitate security testing.