NIST SP800-20：TDEA操作验证系统：自动化测试与加密标准要求

需积分: 10 69 浏览量更新于2024-07-16 收藏 2.95MB PDF 举报

NIST SP800-20.pdf文件主要关注的是美国国家标准与技术研究院(National Institute of Standards and Technology, NIST)发布的《Triple Data Encryption Algorithm (TDEA)操作模式验证系统(TMOVS)的要求与程序》。这份文档旨在规范对Triple DES算法在FIPS PUB 46-3数据加密标准(DES)及其ANSI X9.52-1998版本中的实施进行自动化测试的过程。TDEA是三重数据加密标准的一种实现，它是一种秘密密钥加密算法，适用于联邦信息安全(Federal Information Processing Standard, FIPS)环境。 TMOVS的设计目的是对被测实施(Implementations Under Test, IUTs)进行自动化的功能和安全性评估，确保其符合NIST的官方认可。该文档分为两大部分，首先概述了Triple DES算法的基本原理，包括其工作模式（如Cipher Block Chaining (CBC), Output Feedback (OFB), Counter (CTR)等）和安全特性。其次，详细介绍了TMOVS的结构和配置，包括两种主要测试类型的规范：已知答案测试(Known Answer tests)和蒙特卡洛测试(Monte Carlo tests)。已知答案测试着重于检查特定输入和预期输出之间的固定关系，而蒙特卡洛测试则更侧重于算法在大量随机输入下的行为一致性。为了获得NIST正式的验证，实施者必须遵循一系列要求，包括IUT与TMOVS之间的通信协议、通过的测试类型以及如何接入和接口。此外，文件还提供了关于已知答案测试的表格和结果，作为测试过程中参考的重要资源。值得注意的是，文档中提到的一个修订内容涉及OFB模式的“PerformTripleDES”伪代码，其中对一个错误进行了修正，这表明NIST对文档的维护性和准确性非常重视。 NIST SP800-20.pdf文件是信息安全专业人员在设计和验证TDEA应用时的重要参考资料，对于确保加密算法的正确实现和联邦政府机构的安全性具有重要意义。

xvi

Table 44 The Variable TEXT Known Answer Test - TCFB-P Mode ............................................186

Table 45 The Inverse Permutation Known Answer Test - TCFB-P Mode .....................................190

Table 46 The Variable KEY Known Answer Test - TCFB-P Mode...............................................194

Table 47 The Permutation Operation Known Answer Test - TCFB-P Mode .................................198

Table 48 The Substitution Table Known Answer Test - TCFB-P Mode ........................................202

Table 49 The Monte Carlo Test for the Encryption Process - K-bit TCFB-P Mode.......................206

Table 50 The Monte Carlo Test for the Decryption Process - K-bit TCFB-P Mode ......................209

Table 51 The Variable TEXT Known Answer Test - TOFB Mode................................................215

Table 52 The Inverse Permutation Known Answer Test - TOFB Mode.........................................217

Table 53 The Variable Key Known Answer Test - TOFB Mode....................................................219

Table 54 The Permutation Operation Known Answer Test - TOFB Mode ....................................221

Table 55 The Substitution Table Known Answer Test - TOFB Mode ...........................................223

Table 56 The Monte Carlo Test - TOFB Mode ...............................................................................225

Table 57 The Variable TEXT Known Answer Test - TOFB-I Mode .............................................230

Table 58 The Inverse Permutation Known Answer Test - TOFB-I Mode ......................................234

Table 59 The Variable KEY Known Answer Test - TOFB-I Mode ...............................................238

Table 60 The Permutation Operation Known Answer Test - TOFB-I Mode ..................................242

Table 61 The Substitution Table Known Answer Test - TOFB-I Mode.........................................246

Table 62 The Monte Carlo Test - TOFB-I Mode……………………………………………......250

Table A.1 Resulting Ciphertext from the Variable Plaintext Known Answer Test for the TECB,

TCBC, TCFB, and TOFB Modes of Operation .......................................................................255

Table A.2 Resulting Ciphertext from the Variable Key Known Answer Test for the TECB, TCBC,

TCFB, and TOFB Modes of Operation ....................................................................................260

Table A.3 Values To Be Used for the Permutation Operation Known Answer Test for the TECB,

TCBC, TCFB, and TOFB Modes of Operation .......................................................................264

Table A.4 Values To Be Used for the Substitution Table Known Answer Test for the TECB, TCBC,

TCFB, and TOFB Modes of Operation ....................................................................................267

ABSTRACT

The National Institute of Standards and Technology (NIST) Triple Data Encryption Algorithm

(TDEA) Modes of Operation Validation System (TMOVS) specifies the procedures involved in

validating implementations of the Triple DES algorithm in FIPS PUB 46-3 Data Encryption

Standard (DES) (and ANSI X9.52 – 1998). The TMOVS is designed to perform automated testing

on Implementations Under Test (IUTs). This publication provides brief overviews of the Triple DES

algorithm and introduces the basic design and configuration of the TMOVS. Included in this

overview are the specifications for the two categories of tests that make up the TMOVS, i.e., the

Known Answer tests and the Monte Carlo tests. The requirements and administrative procedures to

be followed by those seeking formal NIST validation of an implementation of the Triple DES

algorithm are presented. The requirements described include the specific protocols for

communication between the IUT and the TMOVS, the types of tests which the IUT must pass for

formal NIST validation, and general instructions for accessing and interfacing with the TMOVS. An

appendix with tables of values and results for the Triple DES Known Answer tests is also provided.

Key words: automated testing, computer security, cryptographic algorithms, cryptography, Triple

Data Encryption Algorithm (TDEA), Triple Data Encryption Standard (TDES), Federal

Information Processing Standard (FIPS), NVLAP, secret key cryptography, validation.

1. Introduction

1.1 Background

The publication specifies the tests required to validate Implementations Under Test (IUTs) for

conformance to the Triple DES algorithm (TDEA) as specified in ANSI X9.52, Triple Data

Encryption Algorithm Modes of Operation. When applied to IUTs that implement the TDEA, the

TDEA Modes of Operation Validation System (TMOVS) provides testing to determine the

correctness of the algorithm implementation. This involves both testing the specific components of

the algorithm, as well as, exercising the entire algorithm implementation. In addition to determining

conformance, the TMOVS is structured to detect implementation flaws including pointer problems,

insufficient allocation of space, improper error handling, and incorrect behavior of the TDEA

implementation.

The TMOVS is composed of two types of validation tests, the Known Answer tests and the Monte

Carlo tests. The validation tests are based on the standard DES test set and the Monte Carlo test

described in Special Publication 800-17, Modes of Operation Validation System (MOVS):

Requirements and Procedures. By applying the same framework specified in Special Publication

800-17 to TDES, the TMOVS specifies how to validate implementations of the TDEA in software,

firmware, hardware, or any combination thereof.

The Known Answer tests are designed to verify the components of the DES algorithm in the IUT

(e.g., S boxes, permutation tables,…). The tests exercise each bit of every component of the

algorithm implementation. This is accomplished by processing all possible basis vectors through the

IUT. To perform the Known Answer tests, the TMOVS supplies known values to the IUT and the

IUT then processes the input through the implemented algorithm. The results produced by the IUT

are compared to the expected values.

The Monte Carlo Test is designed to exercise the entire implementation of the TDEA, as opposed to

testing only the individual components. The purpose of the Monte Carlo Test is to detect the

presence of flaws in the IUT that were not detected with the controlled input of the Known Answer

test. The Monte Carlo Test does not guarantee ultimate reliability of the IUT that implements the

TDEA (i.e., hardware failure, software corruption, etc.). To perform the Monte Carlo Test, the

TMOVS supplies the IUT with pseudorandom values for the initial plaintext, key(s), and, if

applicable, initialization vector(s). Using these values, the IUT is exercised through four million

DES encryption/decryption iterations. The results are then compared to the expected values.

The successful completion of the tests contained within the TMOVS is required to claim

conformance of Triple DES implementations as defined in FIPS PUB 46-3, Data Encryption

Standard (DES). Testing for single DES implementations is defined in Special Publication 800-17,

Modes of Operation Validation System (MOVS): Requirements and Procedures. Testing for the

cryptographic module in which Triple DES is implemented is defined in FIPS PUB 140-1, Security

Requirements for Cryptographic Modules.

1.2 Organization

Section 2 gives a brief overview of the Triple DES algorithm and the five modes of operation

allowed by this algorithm as well as the interleaved and pipelined versions of several of these modes.

Section 3 provides an overview of the tests that make up the Triple DES Modes of Operation

Validation System (TMOVS). Section 4 describes the basic protocol used by the TMOVS. Section 5

provides a detailed explanation of each test required by the TMOVS to validate an IUT of the

TDEA. Section 6 outlines the design of the TMOVS. Appendix A provides tables of values for the

Known Answer tests for TDEA. These tables include:

— For modes of operation including TECB, TCBC, TCFB, and TOFB:

Table A.1 - Resulting Ciphertext from the Variable Plaintext Known Answer Test

Table A.2 - Resulting Ciphertext from the Variable Key Known Answer Test

Table A.3 - Values to be Used for the Permutation Operation Known Answer Test

Table A.4 - Values to be Used for the Substitution Tables Known Answer Test

— For the TCBC-I mode of operation:

Table A.5 - Resulting Ciphertext from the Variable Plaintext Known Answer Test for

TCBC-I

Table A.6 - Resulting Ciphertext from the Inverse Permutation Known Answer Test for

TCBC-I

剩余312页未读，继续阅读

艾米的爸爸

粉丝: 791
资源: 314

NIST SP800-20：TDEA操作验证系统：自动化测试与加密标准要求

NIST SP800-177r1.pdf

NIST SP800-30信息安全文档

NIST SP800-178.pdf

NIST SP800-49.pdf

NIST SP800-146.pdf

NIST SP800-106.pdf

NIST SP800-152.pdf

NIST SP800-54.pdf

NIST SP800-144.pdf

NIST SP800-13.pdf

最新资源