Structurally unsound access token causes "Internal Server Error" on renewal.

[mwcw]

Hi,

This was an accident on our part, we were trying to renew (single renewal not tested with multi) a persisted session token and accidentally including a trailing line feed character along with the token.

The result was the ACVP demo server would return a 500 error.

It looks like any malformed token with a valid password returns a 500 error.

[{"acvVersion":"1.0"},{"password":"-- snip --","accessToken":"cats"}]

[acvptestsuite] Body: [
[acvptestsuite]   {
[acvptestsuite]     "acvVersion": "1.0"
[acvptestsuite]   },
[acvptestsuite]   {
[acvptestsuite]     "error": "Internal service error. Contact service provider."
[acvptestsuite]   }
[acvptestsuite] ]

Fixing our trailing whitespace problem resolved this for us, but a more descriptive 4xx error message would have been advantageous.

MW

[dsikkema-atsec]

I am seeing the "error": "Internal service error. Contact service provider." message when trying to process test vector responses.
I first had a failure on one instance of SHA512, and now have this error on one RSA Keygen.
The test vector and response file looks fine, so not sure why it would fail like this.
For the last error with RSA Keygen the testID is 61833 and vsid is 1460429

[livebe01]

hi @dsikkema-atsec, what is the vsId for the SHA512 instance?

[dsikkema-atsec]

I no longer have the vsID for SHA512, I had deleted when I did the new test vectors I had deleted the older ones.

[livebe01]

Hi @dsikkema-atsec,

it looks like you are encountering the same issue as usnistgov/ACVP-Server#233. Specifically, tcId 18 is failing with the following error message "Failed prime gen: Failed to generate q: Failed to Compute a Probable Prime Factor Based on Aux Primes at FIPS 186-5 B.9/FIPS 186-4 C.9 Step 9 (i>=X*(nlen/2))". If you have further questions after looking at usnistgov/ACVP-Server#233, please leave a comment on that ticket.

Best,

Ben