acvp: test SHA-512/256 with HMAC, RSA (PSS), and ECDSA.

The module supports these operations, they should probably be tested with ACVP. Change-Id: I09a52281f0c6877862139b73a876c995aa9af92a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52428 Commit-Queue: Bob Beck <bbe@google.com> Reviewed-by: Bob Beck <bbe@google.com>
3 years ago · 097ffe139c
parent 1a541d4db6
commit 097ffe139c
5 changed files with 72 additions and 32 deletions
--- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go
+++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go
@ -92,6 +92,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess
 		"HMAC-SHA2-256":     &hmacPrimitive{"HMAC-SHA2-256", 32},
 		"HMAC-SHA2-384":     &hmacPrimitive{"HMAC-SHA2-384", 48},
 		"HMAC-SHA2-512":     &hmacPrimitive{"HMAC-SHA2-512", 64},
+		"HMAC-SHA2-512/256": &hmacPrimitive{"HMAC-SHA2-512/256", 32},
 		"ctrDRBG":           &drbg{"ctrDRBG", map[string]bool{"AES-128": true, "AES-192": true, "AES-256": true}},
 		"hmacDRBG":          &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}},
 		"KDF":               &kdfPrimitive{},
--- a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-256.bz2
+++ b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-256.bz2
--- a/util/fipstools/acvp/acvptool/test/tests.json
+++ b/util/fipstools/acvp/acvptool/test/tests.json
@ -17,6 +17,7 @@
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-256.bz2", "Out": "expected/HMAC-SHA2-256.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-384.bz2", "Out": "expected/HMAC-SHA2-384.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-512.bz2", "Out": "expected/HMAC-SHA2-512.bz2"},
+{"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-512-256.bz2", "Out": "expected/HMAC-SHA2-512-256.bz2"},
 {"Wrapper": "testmodulewrapper", "In": "vectors/hmacDRBG.bz2", "Out": "expected/hmacDRBG.bz2"},
 {"Wrapper": "testmodulewrapper", "In": "vectors/KAS-KDF.bz2", "Out": "expected/KAS-KDF.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/KAS-ECC-SSC.bz2"},
--- a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-256.bz2
+++ b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-256.bz2
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@ -416,6 +416,16 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
          "min": 32, "max": 512, "increment": 8
        }]
      },
+      {
+        "algorithm": "HMAC-SHA2-512/256",
+        "revision": "1.0",
+        "keyLen": [{
+          "min": 8, "max": 2048, "increment": 8
+        }],
+        "macLen": [{
+          "min": 32, "max": 256, "increment": 8
+        }]
+      },
      {
        "algorithm": "ctrDRBG",
        "revision": "1.0",
@ -473,7 +483,8 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
            "SHA2-224",
            "SHA2-256",
            "SHA2-384",
-            "SHA2-512"
+            "SHA2-512",
+            "SHA2-512/256"
          ]
        }]
      },
@ -493,7 +504,8 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
            "SHA2-224",
            "SHA2-256",
            "SHA2-384",
-            "SHA2-512"
+            "SHA2-512",
+            "SHA2-512/256"
          ]
        }]
      },
@ -587,6 +599,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
            }, {
              "hashAlg": "SHA2-512",
              "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
            }]
          }]
        },{
@ -605,6 +620,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
            }, {
              "hashAlg": "SHA2-512",
              "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
            }]
          }]
        },{
@ -623,6 +641,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
            }, {
              "hashAlg": "SHA2-512",
              "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
            }]
          }]
        }]
@ -710,6 +731,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
            }, {
              "hashAlg": "SHA2-384",
              "saltLen": 48
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
            }, {
              "hashAlg": "SHA-1",
              "saltLen": 20
@ -731,6 +755,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
            }, {
              "hashAlg": "SHA2-512",
              "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
            }, {
              "hashAlg": "SHA-1",
              "saltLen": 20
@ -752,6 +779,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
            }, {
              "hashAlg": "SHA2-512",
              "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
            }, {
              "hashAlg": "SHA-1",
              "saltLen": 20
@ -773,6 +803,9 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
            }, {
              "hashAlg": "SHA2-512",
              "saltLen": 64
+            }, {
+              "hashAlg": "SHA2-512/256",
+              "saltLen": 32
            }, {
              "hashAlg": "SHA-1",
              "saltLen": 20
@ -1521,6 +1554,8 @@ static const EVP_MD *HashFromName(Span<const uint8_t> name) {
    return EVP_sha384();
  } else if (StringEq(name, "SHA2-512")) {
    return EVP_sha512();
+  } else if (StringEq(name, "SHA2-512/256")) {
+    return EVP_sha512_256();
  } else {
    return nullptr;
  }
@ -1919,6 +1954,7 @@ static constexpr struct {
    {"HMAC-SHA2-256", 2, HMAC<EVP_sha256>},
    {"HMAC-SHA2-384", 2, HMAC<EVP_sha384>},
    {"HMAC-SHA2-512", 2, HMAC<EVP_sha512>},
+    {"HMAC-SHA2-512/256", 2, HMAC<EVP_sha512_256>},
    {"ctrDRBG/AES-256", 6, DRBG},
    {"ECDSA/keyGen", 1, ECDSAKeyGen},
    {"ECDSA/keyVer", 3, ECDSAKeyVer},
@ -1936,6 +1972,7 @@ static constexpr struct {
    {"RSA/sigGen/SHA2-256/pss", 2, RSASigGen<EVP_sha256, true>},
    {"RSA/sigGen/SHA2-384/pss", 2, RSASigGen<EVP_sha384, true>},
    {"RSA/sigGen/SHA2-512/pss", 2, RSASigGen<EVP_sha512, true>},
+    {"RSA/sigGen/SHA2-512/256/pss", 2, RSASigGen<EVP_sha512_256, true>},
    {"RSA/sigGen/SHA-1/pss", 2, RSASigGen<EVP_sha1, true>},
    {"RSA/sigVer/SHA2-224/pkcs1v1.5", 4, RSASigVer<EVP_sha224, false>},
    {"RSA/sigVer/SHA2-256/pkcs1v1.5", 4, RSASigVer<EVP_sha256, false>},
@ -1946,6 +1983,7 @@ static constexpr struct {
    {"RSA/sigVer/SHA2-256/pss", 4, RSASigVer<EVP_sha256, true>},
    {"RSA/sigVer/SHA2-384/pss", 4, RSASigVer<EVP_sha384, true>},
    {"RSA/sigVer/SHA2-512/pss", 4, RSASigVer<EVP_sha512, true>},
+    {"RSA/sigVer/SHA2-512/256/pss", 4, RSASigVer<EVP_sha512_256, true>},
    {"RSA/sigVer/SHA-1/pss", 4, RSASigVer<EVP_sha1, true>},
    {"TLSKDF/1.0/SHA-1", 5, TLSKDF<EVP_md5_sha1>},
    {"TLSKDF/1.2/SHA2-256", 5, TLSKDF<EVP_sha256>},