acvp: test SHA-512/256 with HMAC, RSA (PSS), and ECDSA.
The module supports these operations, they should probably be tested
with ACVP.
Change-Id: I09a52281f0c6877862139b73a876c995aa9af92a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52428
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go
index d8d3fa3..c5003e1 100644
--- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go
+++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go
@@ -71,36 +71,37 @@
}
m.primitives = map[string]primitive{
- "SHA-1": &hashPrimitive{"SHA-1", 20},
- "SHA2-224": &hashPrimitive{"SHA2-224", 28},
- "SHA2-256": &hashPrimitive{"SHA2-256", 32},
- "SHA2-384": &hashPrimitive{"SHA2-384", 48},
- "SHA2-512": &hashPrimitive{"SHA2-512", 64},
- "SHA2-512/256": &hashPrimitive{"SHA2-512/256", 32},
- "ACVP-AES-ECB": &blockCipher{"AES", 16, 2, true, false, iterateAES},
- "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, 2, true, true, iterateAESCBC},
- "ACVP-AES-CBC-CS3": &blockCipher{"AES-CBC-CS3", 16, 1, false, true, iterateAESCBC},
- "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, 1, false, true, nil},
- "ACVP-AES-XTS": &xts{},
- "ACVP-AES-GCM": &aead{"AES-GCM", false},
- "ACVP-AES-GMAC": &aead{"AES-GCM", false},
- "ACVP-AES-CCM": &aead{"AES-CCM", true},
- "ACVP-AES-KW": &aead{"AES-KW", false},
- "ACVP-AES-KWP": &aead{"AES-KWP", false},
- "HMAC-SHA-1": &hmacPrimitive{"HMAC-SHA-1", 20},
- "HMAC-SHA2-224": &hmacPrimitive{"HMAC-SHA2-224", 28},
- "HMAC-SHA2-256": &hmacPrimitive{"HMAC-SHA2-256", 32},
- "HMAC-SHA2-384": &hmacPrimitive{"HMAC-SHA2-384", 48},
- "HMAC-SHA2-512": &hmacPrimitive{"HMAC-SHA2-512", 64},
- "ctrDRBG": &drbg{"ctrDRBG", map[string]bool{"AES-128": true, "AES-192": true, "AES-256": true}},
- "hmacDRBG": &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}},
- "KDF": &kdfPrimitive{},
- "KAS-KDF": &hkdf{},
- "CMAC-AES": &keyedMACPrimitive{"CMAC-AES"},
- "RSA": &rsa{},
- "kdf-components": &tlsKDF{},
- "KAS-ECC-SSC": &kas{},
- "KAS-FFC-SSC": &kasDH{},
+ "SHA-1": &hashPrimitive{"SHA-1", 20},
+ "SHA2-224": &hashPrimitive{"SHA2-224", 28},
+ "SHA2-256": &hashPrimitive{"SHA2-256", 32},
+ "SHA2-384": &hashPrimitive{"SHA2-384", 48},
+ "SHA2-512": &hashPrimitive{"SHA2-512", 64},
+ "SHA2-512/256": &hashPrimitive{"SHA2-512/256", 32},
+ "ACVP-AES-ECB": &blockCipher{"AES", 16, 2, true, false, iterateAES},
+ "ACVP-AES-CBC": &blockCipher{"AES-CBC", 16, 2, true, true, iterateAESCBC},
+ "ACVP-AES-CBC-CS3": &blockCipher{"AES-CBC-CS3", 16, 1, false, true, iterateAESCBC},
+ "ACVP-AES-CTR": &blockCipher{"AES-CTR", 16, 1, false, true, nil},
+ "ACVP-AES-XTS": &xts{},
+ "ACVP-AES-GCM": &aead{"AES-GCM", false},
+ "ACVP-AES-GMAC": &aead{"AES-GCM", false},
+ "ACVP-AES-CCM": &aead{"AES-CCM", true},
+ "ACVP-AES-KW": &aead{"AES-KW", false},
+ "ACVP-AES-KWP": &aead{"AES-KWP", false},
+ "HMAC-SHA-1": &hmacPrimitive{"HMAC-SHA-1", 20},
+ "HMAC-SHA2-224": &hmacPrimitive{"HMAC-SHA2-224", 28},
+ "HMAC-SHA2-256": &hmacPrimitive{"HMAC-SHA2-256", 32},
+ "HMAC-SHA2-384": &hmacPrimitive{"HMAC-SHA2-384", 48},
+ "HMAC-SHA2-512": &hmacPrimitive{"HMAC-SHA2-512", 64},
+ "HMAC-SHA2-512/256": &hmacPrimitive{"HMAC-SHA2-512/256", 32},
+ "ctrDRBG": &drbg{"ctrDRBG", map[string]bool{"AES-128": true, "AES-192": true, "AES-256": true}},
+ "hmacDRBG": &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}},
+ "KDF": &kdfPrimitive{},
+ "KAS-KDF": &hkdf{},
+ "CMAC-AES": &keyedMACPrimitive{"CMAC-AES"},
+ "RSA": &rsa{},
+ "kdf-components": &tlsKDF{},
+ "KAS-ECC-SSC": &kas{},
+ "KAS-FFC-SSC": &kasDH{},
}
m.primitives["ECDSA"] = &ecdsa{"ECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives}
diff --git a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-256.bz2 b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-256.bz2
new file mode 100644
index 0000000..6984115
--- /dev/null
+++ b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-256.bz2
Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/tests.json b/util/fipstools/acvp/acvptool/test/tests.json
index 514d9d0..5765de1 100644
--- a/util/fipstools/acvp/acvptool/test/tests.json
+++ b/util/fipstools/acvp/acvptool/test/tests.json
@@ -17,6 +17,7 @@
{"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-256.bz2", "Out": "expected/HMAC-SHA2-256.bz2"},
{"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-384.bz2", "Out": "expected/HMAC-SHA2-384.bz2"},
{"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-512.bz2", "Out": "expected/HMAC-SHA2-512.bz2"},
+{"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-512-256.bz2", "Out": "expected/HMAC-SHA2-512-256.bz2"},
{"Wrapper": "testmodulewrapper", "In": "vectors/hmacDRBG.bz2", "Out": "expected/hmacDRBG.bz2"},
{"Wrapper": "testmodulewrapper", "In": "vectors/KAS-KDF.bz2", "Out": "expected/KAS-KDF.bz2"},
{"Wrapper": "modulewrapper", "In": "vectors/KAS-ECC-SSC.bz2"},
diff --git a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-256.bz2 b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-256.bz2
new file mode 100644
index 0000000..d981300
--- /dev/null
+++ b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-256.bz2
Binary files differ
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index 1a01ddb..b4e556c 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -417,6 +417,16 @@
}]
},
{
+ "algorithm": "HMAC-SHA2-512/256",
+ "revision": "1.0",
+ "keyLen": [{
+ "min": 8, "max": 2048, "increment": 8
+ }],
+ "macLen": [{
+ "min": 32, "max": 256, "increment": 8
+ }]
+ },
+ {
"algorithm": "ctrDRBG",
"revision": "1.0",
"predResistanceEnabled": [false],
@@ -473,7 +483,8 @@
"SHA2-224",
"SHA2-256",
"SHA2-384",
- "SHA2-512"
+ "SHA2-512",
+ "SHA2-512/256"
]
}]
},
@@ -493,7 +504,8 @@
"SHA2-224",
"SHA2-256",
"SHA2-384",
- "SHA2-512"
+ "SHA2-512",
+ "SHA2-512/256"
]
}]
},
@@ -587,6 +599,9 @@
}, {
"hashAlg": "SHA2-512",
"saltLen": 64
+ }, {
+ "hashAlg": "SHA2-512/256",
+ "saltLen": 32
}]
}]
},{
@@ -605,6 +620,9 @@
}, {
"hashAlg": "SHA2-512",
"saltLen": 64
+ }, {
+ "hashAlg": "SHA2-512/256",
+ "saltLen": 32
}]
}]
},{
@@ -623,6 +641,9 @@
}, {
"hashAlg": "SHA2-512",
"saltLen": 64
+ }, {
+ "hashAlg": "SHA2-512/256",
+ "saltLen": 32
}]
}]
}]
@@ -711,6 +732,9 @@
"hashAlg": "SHA2-384",
"saltLen": 48
}, {
+ "hashAlg": "SHA2-512/256",
+ "saltLen": 32
+ }, {
"hashAlg": "SHA-1",
"saltLen": 20
}]
@@ -732,6 +756,9 @@
"hashAlg": "SHA2-512",
"saltLen": 64
}, {
+ "hashAlg": "SHA2-512/256",
+ "saltLen": 32
+ }, {
"hashAlg": "SHA-1",
"saltLen": 20
}]
@@ -753,6 +780,9 @@
"hashAlg": "SHA2-512",
"saltLen": 64
}, {
+ "hashAlg": "SHA2-512/256",
+ "saltLen": 32
+ }, {
"hashAlg": "SHA-1",
"saltLen": 20
}]
@@ -774,6 +804,9 @@
"hashAlg": "SHA2-512",
"saltLen": 64
}, {
+ "hashAlg": "SHA2-512/256",
+ "saltLen": 32
+ }, {
"hashAlg": "SHA-1",
"saltLen": 20
}]
@@ -1521,6 +1554,8 @@
return EVP_sha384();
} else if (StringEq(name, "SHA2-512")) {
return EVP_sha512();
+ } else if (StringEq(name, "SHA2-512/256")) {
+ return EVP_sha512_256();
} else {
return nullptr;
}
@@ -1919,6 +1954,7 @@
{"HMAC-SHA2-256", 2, HMAC<EVP_sha256>},
{"HMAC-SHA2-384", 2, HMAC<EVP_sha384>},
{"HMAC-SHA2-512", 2, HMAC<EVP_sha512>},
+ {"HMAC-SHA2-512/256", 2, HMAC<EVP_sha512_256>},
{"ctrDRBG/AES-256", 6, DRBG},
{"ECDSA/keyGen", 1, ECDSAKeyGen},
{"ECDSA/keyVer", 3, ECDSAKeyVer},
@@ -1936,6 +1972,7 @@
{"RSA/sigGen/SHA2-256/pss", 2, RSASigGen<EVP_sha256, true>},
{"RSA/sigGen/SHA2-384/pss", 2, RSASigGen<EVP_sha384, true>},
{"RSA/sigGen/SHA2-512/pss", 2, RSASigGen<EVP_sha512, true>},
+ {"RSA/sigGen/SHA2-512/256/pss", 2, RSASigGen<EVP_sha512_256, true>},
{"RSA/sigGen/SHA-1/pss", 2, RSASigGen<EVP_sha1, true>},
{"RSA/sigVer/SHA2-224/pkcs1v1.5", 4, RSASigVer<EVP_sha224, false>},
{"RSA/sigVer/SHA2-256/pkcs1v1.5", 4, RSASigVer<EVP_sha256, false>},
@@ -1946,6 +1983,7 @@
{"RSA/sigVer/SHA2-256/pss", 4, RSASigVer<EVP_sha256, true>},
{"RSA/sigVer/SHA2-384/pss", 4, RSASigVer<EVP_sha384, true>},
{"RSA/sigVer/SHA2-512/pss", 4, RSASigVer<EVP_sha512, true>},
+ {"RSA/sigVer/SHA2-512/256/pss", 4, RSASigVer<EVP_sha512_256, true>},
{"RSA/sigVer/SHA-1/pss", 4, RSASigVer<EVP_sha1, true>},
{"TLSKDF/1.0/SHA-1", 5, TLSKDF<EVP_md5_sha1>},
{"TLSKDF/1.2/SHA2-256", 5, TLSKDF<EVP_sha256>},