acvp: test SHA-512/256 with HMAC, RSA (PSS), and ECDSA.

The module supports these operations, they should probably be tested
with ACVP.

Change-Id: I09a52281f0c6877862139b73a876c995aa9af92a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52428
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

util/fipstools/acvp/acvptool/subprocess/subprocess.go

@@ -71,36 +71,37 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess
 	}
 
 	m.primitives = map[string]primitive{
-		"SHA-1":            &hashPrimitive{"SHA-1", 20},
-		"SHA2-224":         &hashPrimitive{"SHA2-224", 28},
-		"SHA2-256":         &hashPrimitive{"SHA2-256", 32},
-		"SHA2-384":         &hashPrimitive{"SHA2-384", 48},
-		"SHA2-512":         &hashPrimitive{"SHA2-512", 64},
-		"SHA2-512/256":     &hashPrimitive{"SHA2-512/256", 32},
-		"ACVP-AES-ECB":     &blockCipher{"AES", 16, 2, true, false, iterateAES},
-		"ACVP-AES-CBC":     &blockCipher{"AES-CBC", 16, 2, true, true, iterateAESCBC},
-		"ACVP-AES-CBC-CS3": &blockCipher{"AES-CBC-CS3", 16, 1, false, true, iterateAESCBC},
-		"ACVP-AES-CTR":     &blockCipher{"AES-CTR", 16, 1, false, true, nil},
-		"ACVP-AES-XTS":     &xts{},
-		"ACVP-AES-GCM":     &aead{"AES-GCM", false},
-		"ACVP-AES-GMAC":    &aead{"AES-GCM", false},
-		"ACVP-AES-CCM":     &aead{"AES-CCM", true},
-		"ACVP-AES-KW":      &aead{"AES-KW", false},
-		"ACVP-AES-KWP":     &aead{"AES-KWP", false},
-		"HMAC-SHA-1":       &hmacPrimitive{"HMAC-SHA-1", 20},
-		"HMAC-SHA2-224":    &hmacPrimitive{"HMAC-SHA2-224", 28},
-		"HMAC-SHA2-256":    &hmacPrimitive{"HMAC-SHA2-256", 32},
-		"HMAC-SHA2-384":    &hmacPrimitive{"HMAC-SHA2-384", 48},
-		"HMAC-SHA2-512":    &hmacPrimitive{"HMAC-SHA2-512", 64},
-		"ctrDRBG":          &drbg{"ctrDRBG", map[string]bool{"AES-128": true, "AES-192": true, "AES-256": true}},
-		"hmacDRBG":         &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}},
-		"KDF":              &kdfPrimitive{},
-		"KAS-KDF":          &hkdf{},
-		"CMAC-AES":         &keyedMACPrimitive{"CMAC-AES"},
-		"RSA":              &rsa{},
-		"kdf-components":   &tlsKDF{},
-		"KAS-ECC-SSC":      &kas{},
-		"KAS-FFC-SSC":      &kasDH{},
+		"SHA-1":             &hashPrimitive{"SHA-1", 20},
+		"SHA2-224":          &hashPrimitive{"SHA2-224", 28},
+		"SHA2-256":          &hashPrimitive{"SHA2-256", 32},
+		"SHA2-384":          &hashPrimitive{"SHA2-384", 48},
+		"SHA2-512":          &hashPrimitive{"SHA2-512", 64},
+		"SHA2-512/256":      &hashPrimitive{"SHA2-512/256", 32},
+		"ACVP-AES-ECB":      &blockCipher{"AES", 16, 2, true, false, iterateAES},
+		"ACVP-AES-CBC":      &blockCipher{"AES-CBC", 16, 2, true, true, iterateAESCBC},
+		"ACVP-AES-CBC-CS3":  &blockCipher{"AES-CBC-CS3", 16, 1, false, true, iterateAESCBC},
+		"ACVP-AES-CTR":      &blockCipher{"AES-CTR", 16, 1, false, true, nil},
+		"ACVP-AES-XTS":      &xts{},
+		"ACVP-AES-GCM":      &aead{"AES-GCM", false},
+		"ACVP-AES-GMAC":     &aead{"AES-GCM", false},
+		"ACVP-AES-CCM":      &aead{"AES-CCM", true},
+		"ACVP-AES-KW":       &aead{"AES-KW", false},
+		"ACVP-AES-KWP":      &aead{"AES-KWP", false},
+		"HMAC-SHA-1":        &hmacPrimitive{"HMAC-SHA-1", 20},
+		"HMAC-SHA2-224":     &hmacPrimitive{"HMAC-SHA2-224", 28},
+		"HMAC-SHA2-256":     &hmacPrimitive{"HMAC-SHA2-256", 32},
+		"HMAC-SHA2-384":     &hmacPrimitive{"HMAC-SHA2-384", 48},
+		"HMAC-SHA2-512":     &hmacPrimitive{"HMAC-SHA2-512", 64},
+		"HMAC-SHA2-512/256": &hmacPrimitive{"HMAC-SHA2-512/256", 32},
+		"ctrDRBG":           &drbg{"ctrDRBG", map[string]bool{"AES-128": true, "AES-192": true, "AES-256": true}},
+		"hmacDRBG":          &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}},
+		"KDF":               &kdfPrimitive{},
+		"KAS-KDF":           &hkdf{},
+		"CMAC-AES":          &keyedMACPrimitive{"CMAC-AES"},
+		"RSA":               &rsa{},
+		"kdf-components":    &tlsKDF{},
+		"KAS-ECC-SSC":       &kas{},
+		"KAS-FFC-SSC":       &kasDH{},
 	}
 	m.primitives["ECDSA"] = &ecdsa{"ECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives}
 

util/fipstools/acvp/acvptool/test/tests.json

@@ -17,6 +17,7 @@
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-256.bz2", "Out": "expected/HMAC-SHA2-256.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-384.bz2", "Out": "expected/HMAC-SHA2-384.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-512.bz2", "Out": "expected/HMAC-SHA2-512.bz2"},
+{"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-512-256.bz2", "Out": "expected/HMAC-SHA2-512-256.bz2"},
 {"Wrapper": "testmodulewrapper", "In": "vectors/hmacDRBG.bz2", "Out": "expected/hmacDRBG.bz2"},
 {"Wrapper": "testmodulewrapper", "In": "vectors/KAS-KDF.bz2", "Out": "expected/KAS-KDF.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/KAS-ECC-SSC.bz2"},

util/fipstools/acvp/modulewrapper/modulewrapper.cc

@@ -416,6 +416,16 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
           "min": 32, "max": 512, "increment": 8
         }]
       },
+      {
+        "algorithm": "HMAC-SHA2-512/256",
+        "revision": "1.0",
+        "keyLen": [{
+          "min": 8, "max": 2048, "increment": 8
+        }],
+        "macLen": [{
+          "min": 32, "max": 256, "increment": 8
+        }]
+      },
       {
         "algorithm": "ctrDRBG",
         "revision": "1.0",
@@ -473,7 +483,8 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
             "SHA2-224",
             "SHA2-256",
             "SHA2-384",
-            "SHA2-512"
+            "SHA2-512",
+            "SHA2-512/256"
           ]
         }]
       },
@@ -493,7 +504,8 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
             "SHA2-224",
             "SHA2-256",
             "SHA2-384",
-            "SHA2-512"
+            "SHA2-512",
+            "SHA2-512/256"
           ]
         }]
       },
@@ -587,6 +599,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
             }, {
               "hashAlg": "SHA2-512",
               "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
             }]
           }]
         },{
@@ -605,6 +620,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
             }, {
               "hashAlg": "SHA2-512",
               "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
             }]
           }]
         },{
@@ -623,6 +641,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
             }, {
               "hashAlg": "SHA2-512",
               "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
             }]
           }]
         }]
@@ -710,6 +731,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
             }, {
               "hashAlg": "SHA2-384",
               "saltLen": 48
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
             }, {
               "hashAlg": "SHA-1",
               "saltLen": 20
@@ -731,6 +755,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
             }, {
               "hashAlg": "SHA2-512",
               "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
             }, {
               "hashAlg": "SHA-1",
               "saltLen": 20
@@ -752,6 +779,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
             }, {
               "hashAlg": "SHA2-512",
               "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
             }, {
               "hashAlg": "SHA-1",
               "saltLen": 20
@@ -773,6 +803,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
             }, {
               "hashAlg": "SHA2-512",
               "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
             }, {
               "hashAlg": "SHA-1",
               "saltLen": 20
@@ -1521,6 +1554,8 @@ static const EVP_MD *HashFromName(Span<const uint8_t> name) {
     return EVP_sha384();
   } else if (StringEq(name, "SHA2-512")) {
     return EVP_sha512();
+  } else if (StringEq(name, "SHA2-512/256")) {
+    return EVP_sha512_256();
   } else {
     return nullptr;
   }
@@ -1919,6 +1954,7 @@ static constexpr struct {
     {"HMAC-SHA2-256", 2, HMAC<EVP_sha256>},
     {"HMAC-SHA2-384", 2, HMAC<EVP_sha384>},
     {"HMAC-SHA2-512", 2, HMAC<EVP_sha512>},
+    {"HMAC-SHA2-512/256", 2, HMAC<EVP_sha512_256>},
     {"ctrDRBG/AES-256", 6, DRBG},
     {"ECDSA/keyGen", 1, ECDSAKeyGen},
     {"ECDSA/keyVer", 3, ECDSAKeyVer},
@@ -1936,6 +1972,7 @@ static constexpr struct {
     {"RSA/sigGen/SHA2-256/pss", 2, RSASigGen<EVP_sha256, true>},
     {"RSA/sigGen/SHA2-384/pss", 2, RSASigGen<EVP_sha384, true>},
     {"RSA/sigGen/SHA2-512/pss", 2, RSASigGen<EVP_sha512, true>},
+    {"RSA/sigGen/SHA2-512/256/pss", 2, RSASigGen<EVP_sha512_256, true>},
     {"RSA/sigGen/SHA-1/pss", 2, RSASigGen<EVP_sha1, true>},
     {"RSA/sigVer/SHA2-224/pkcs1v1.5", 4, RSASigVer<EVP_sha224, false>},
     {"RSA/sigVer/SHA2-256/pkcs1v1.5", 4, RSASigVer<EVP_sha256, false>},
@@ -1946,6 +1983,7 @@ static constexpr struct {
     {"RSA/sigVer/SHA2-256/pss", 4, RSASigVer<EVP_sha256, true>},
     {"RSA/sigVer/SHA2-384/pss", 4, RSASigVer<EVP_sha384, true>},
     {"RSA/sigVer/SHA2-512/pss", 4, RSASigVer<EVP_sha512, true>},
+    {"RSA/sigVer/SHA2-512/256/pss", 4, RSASigVer<EVP_sha512_256, true>},
     {"RSA/sigVer/SHA-1/pss", 4, RSASigVer<EVP_sha1, true>},
     {"TLSKDF/1.0/SHA-1", 5, TLSKDF<EVP_md5_sha1>},
     {"TLSKDF/1.2/SHA2-256", 5, TLSKDF<EVP_sha256>},