cybercyst/go
1
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-05-05 23:53:05 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

crypto/internal/fips140test: add OneStepNoCounter ACVP tests

Browse Source 
Adds ACVP test coverage for the SP 800-56Crev2 IG D.P KDA
OneStepNoCounter mode algorithm based on the NIST spec:

  https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-kdf-onestepnocounter.html

Coverage is added for all SHA2 and SHA3 HMACs.

Updates #69642

Change-Id: I337bf824a71fce6c796a1440b7f08c4f5413d92f
Reviewed-on: https://go-review.googlesource.com/c/go/+/648435
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
This commit is contained in:
Daniel McCarney 2025-01-14 14:56:20 -05:00 committed by Gopher Robot
parent 8c6fec6d25
commit 11c642c2d3
2 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/crypto/internal/fips140test/acvp_capabilities.json
View File

@ -27,6 +27,7 @@
{"algorithm":"HMAC-SHA3-512","keyLen":[{"increment":8,"max":524288,"min":8}],"macLen":[{"increment":8,"max":512,"min":32}],"revision":"1.0"},
{"algorithm":"KDA","mode":"HKDF","revision":"Sp800-56Cr1","fixedInfoPattern":"uPartyInfo||vPartyInfo","encoding":["concatenation"],"hmacAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"],"macSaltMethods":["default","random"],"l":2048,"z":[{"min":224,"max":65336,"increment":8}]},
{"algorithm":"KDA","mode":"OneStepNoCounter","revision":"Sp800-56Cr2","auxFunctions":[{"auxFunctionName":"HMAC-SHA2-224","l":224,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-256","l":256,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-384","l":384,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-512","l":512,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-512/224","l":224,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA2-512/256","l":256,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-224","l":224,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-256","l":256,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-384","l":384,"macSaltMethods":["default","random"]},{"auxFunctionName":"HMAC-SHA3-512","l":512,"macSaltMethods":["default","random"]}],"fixedInfoPattern":"uPartyInfo||vPartyInfo","encoding":["concatenation"],"z":[{"min":224,"max":65336,"increment":8}]},
{"algorithm":"PBKDF","capabilities":[{"iterationCount":[{"min":1,"max":10000,"increment":1}],"keyLen":[{"min":112,"max":4096,"increment":8}],"passwordLen":[{"min":8,"max":64,"increment":1}],"saltLen":[{"min":128,"max":512,"increment":8}],"hmacAlg":["SHA2-224","SHA2-256","SHA2-384","SHA2-512","SHA2-512/224","SHA2-512/256","SHA3-224","SHA3-256","SHA3-384","SHA3-512"]}],"revision":"1.0"},

45
src/crypto/internal/fips140test/acvp_test.go
View File

@ -121,6 +121,8 @@ var (
// https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html#section-7.3
// HKDF KDA algorithm capabilities:
// https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-kdf-hkdf.html#section-7.3
// OneStepNoCounter KDA algorithm capabilities:
// https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-kdf-onestepnocounter.html#section-7.2
// TLS 1.2 KDF algorithm capabilities:
// https://pages.nist.gov/ACVP/draft-celi-acvp-kdf-tls.html#section-7.2
// TLS 1.3 KDF algorithm capabilities:
@ -294,6 +296,17 @@ var (
"KDF-counter": cmdKdfCounterAft(),
"KDF-feedback": cmdKdfFeedbackAft(),
"OneStepNoCounter/HMAC-SHA2-224": cmdOneStepNoCounterHmacAft(func() fips140.Hash { return sha256.New224() }),
"OneStepNoCounter/HMAC-SHA2-256": cmdOneStepNoCounterHmacAft(func() fips140.Hash { return sha256.New() }),
"OneStepNoCounter/HMAC-SHA2-384": cmdOneStepNoCounterHmacAft(func() fips140.Hash { return sha512.New384() }),
"OneStepNoCounter/HMAC-SHA2-512": cmdOneStepNoCounterHmacAft(func() fips140.Hash { return sha512.New() }),
"OneStepNoCounter/HMAC-SHA2-512/224": cmdOneStepNoCounterHmacAft(func() fips140.Hash { return sha512.New512_224() }),
"OneStepNoCounter/HMAC-SHA2-512/256": cmdOneStepNoCounterHmacAft(func() fips140.Hash { return sha512.New512_256() }),
"OneStepNoCounter/HMAC-SHA3-224": cmdOneStepNoCounterHmacAft(func() fips140.Hash { return sha3.New224() }),
"OneStepNoCounter/HMAC-SHA3-256": cmdOneStepNoCounterHmacAft(func() fips140.Hash { return sha3.New256() }),
"OneStepNoCounter/HMAC-SHA3-384": cmdOneStepNoCounterHmacAft(func() fips140.Hash { return sha3.New384() }),
"OneStepNoCounter/HMAC-SHA3-512": cmdOneStepNoCounterHmacAft(func() fips140.Hash { return sha3.New512() }),
}
)
@ -1829,14 +1842,42 @@ func getRSAKey(bits int) (*rsa.PrivateKey, error) {
return key, nil
}
func cmdOneStepNoCounterHmacAft(h func() fips140.Hash) command {
return command{
requiredArgs: 4, // key, info, salt, outBytes
handler: func(args [][]byte) ([][]byte, error) {
key := args[0]
info := args[1]
salt := args[2]
outBytes := binary.LittleEndian.Uint32(args[3])
mac := hmac.New(h, salt)
mac.Size()
if outBytes != uint32(mac.Size()) {
return nil, fmt.Errorf("invalid output length: got %d, want %d", outBytes, mac.Size())
}
data := make([]byte, 0, len(key)+len(info))
data = append(data, key...)
data = append(data, info...)
mac.Write(data)
out := mac.Sum(nil)
return [][]byte{out}, nil
},
}
}
func TestACVP(t *testing.T) {
testenv.SkipIfShortAndSlow(t)
const (
bsslModule = "boringssl.googlesource.com/boringssl.git"
bsslVersion = "v0.0.0-20250123161947-ba24bde161f7"
bsslVersion = "v0.0.0-20250207174145-0bb19f6126cb"
goAcvpModule = "github.com/cpu/go-acvp"
goAcvpVersion = "v0.0.0-20250110181646-e47fea3b5d7d"
goAcvpVersion = "v0.0.0-20250117180340-0406d83a4b0d"
)
// In crypto/tls/bogo_shim_test.go the test is skipped if run on a builder with runtime.GOOS == "windows"