Point Intervention: Improving ACVP Test Vector Generation Through Human Assisted Fuzzing
Iaroslav Gridin, Antonis Michalas
TL;DR
The paper addresses the challenge of achieving high-coverage automated testing for cryptographic modules via ACVP, where purely random fuzzing often misses deep, structured code paths. It introduces acvp-rust, a Rust-based framework that combines hybrid fuzzing with human-assisted test case design to generate well-covering ACVP test vectors and run them against cryptographic libraries. The approach is demonstrated by testing Mozilla NSS, where it uncovers previously unknown vulnerabilities (including an RSA modulus-related issue) and delivers improved coverage relative to standard coverage-guided fuzzing, supported by open-source tooling under MPL 2.0. In addition, the paper proposes enhancements to the ACVP test vector format and shows how the framework can be extended to additional libraries, underscoring the practical impact on improving cryptographic software security and reproducible research.
Abstract
Automated Cryptographic Validation Protocol (ACVP) is an existing protocol that is used to validate a software or hardware cryptographic module automatically. In this work, we present a system providing the method and tools to produce well-covering tests in ACVP format for cryptographic libraries. The system achieves better coverage than existing fuzzing methods by using a hybrid approach to fuzzing cryptographic primitives. In addition, the system offers a framework that allows to creates easily and securely create testing modules for cryptographic libraries. The work demonstrates how this system has been used to improve automated testing of NSS (Network Security Services), a popular cryptographic library, detect its vulnerabilities and suggest ways to improve and further develop the ACVP test format.