[Cryptech Tech] FIPS 140-2 test program

[Stephan Mueller]

Am Dienstag, 15. Juli 2014, 08:34:14 schrieb Joachim Strömbergson:

Hi Joachim,

>Aloha!
>
>Stephan Mueller wrote:
>> This is no current FIPS 140-2 test suite for non-deterministic RNGs.
>> The program is from 2001. If you are looking for a current entropy
>> assessment discussion, have a look at SP800-90B and C.
>> 
>> But in any case, the ent tool gives you a "smoke" test indicator
>> whether the statistics look good -- in particular the Chi-Square
>> test. The dieharder test suite is a more comprehensive testset.
>
>The reason for posting about the tool is that it is the only open
>implementation of FIPS 140-2 tests I have found to date. There are
>several other tools to use, but there is also a general lack of good,
>well maintained, open and easy to use tools (imho). I plan to build a
>list of test suites and tools on the wiki. But if anybody have a list
>or can build one instead it would be great.
>
>There are for example several instances in more or less dead state of
>the Marsaglia diehard test. Then we have Dieharder that is a superset
>of diehard and a few other sets.
>
>Ent as you say is fast and gives a smoke test.
>
>Haveged (the entropy source) contains a test that when we tested was
>unable to detect a broken implementation.
>
>As you say, we have test specified in SP800-90, there are also
>requirements in SP 800-21. Then there is FIPS 140-2, which is probably
>the most often sited suites for HSMs and TRNGs. But finding real code
>usable to test for FIPS 140-2 has at least for me been less then
>satisfactory. Finally there is also tests and requirements in FIPS 186.

For FIPS 140-2, there is no TRNG test suite any more. They had a test 
tool called sts, but I never managed to get it working.

The German BSI has another set of statistical tests defined that need to 
be applied for entropy assessment. The tests are defined in AIS20/31 
section 2.4.4.1. I have an implementation of these tests if you are 
interested.
>
>Stepping away from NIST, SBI in germany has the AIS-31 tests for
>physical based TRNGs as well as AIS-20 (if I remember correctly) for
>testing CSPRNGs. Finally there are some ISO/IEC counterparts to FIPS
>140-2, again if I remember correctly.
>
>A clarified list like this above and tools to allow Cryptech
>implementers and users to test their implementations is one of the most
>important things that we could produce (imho). Any contributions in
>terms if text, links etc would be greatly appreciated.

After I dealt extensively with the issue of entropy assessment (as 
outlined in [1]), I think the most extensive test is dieharder, followed 
by the Chi-Square test offered by ent. The least helpful test is the BSI 
test batch.

[1] http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html

Ciao
Stephan