acvptool: KDA replaces KAS-KDF for HKDF.

For unknown reasons, ACVP now tests HKDF differently. This change
updates to reflect what the demo server is currently doing.

Bug: None
Change-Id: I64eec2279765b63ab1296ab6b441d2f7c669c616
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/55525
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>

util/fipstools/acvp/acvptool/subprocess/hkdf.go

@@ -19,11 +19,10 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"strings"
 )
 
 // The following structures reflect the JSON of ACVP KAS KDF tests. See
-// https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-kdf-twostep.html
+// https://pages.nist.gov/ACVP/draft-hammett-acvp-kas-kdf-hkdf.html
 
 type hkdfTestVectorSet struct {
 	Groups []hkdfTestGroup `json:"testGroups"`
@@ -46,33 +45,21 @@ type hkdfTest struct {
 
 type hkdfConfiguration struct {
 	Type               string `json:"kdfType"`
-	AdditionalNonce    bool   `json:"requiresAdditionalNoncePair"`
 	OutputBits         uint32 `json:"l"`
+	HashName           string `json:"hmacAlg"`
 	FixedInfoPattern   string `json:"fixedInfoPattern"`
 	FixedInputEncoding string `json:"fixedInfoEncoding"`
-	KDFMode            string `json:"kdfMode"`
-	MACMode            string `json:"macMode"`
-	CounterLocation    string `json:"counterLocation"`
-	CounterBits        uint   `json:"counterLen"`
 }
 
 func (c *hkdfConfiguration) extract() (outBytes uint32, hashName string, err error) {
-	if c.Type != "twoStep" ||
-		c.AdditionalNonce ||
+	if c.Type != "hkdf" ||
 		c.FixedInfoPattern != "uPartyInfo||vPartyInfo" ||
 		c.FixedInputEncoding != "concatenation" ||
-		c.KDFMode != "feedback" ||
-		c.CounterLocation != "after fixed data" ||
-		c.CounterBits != 8 ||
 		c.OutputBits%8 != 0 {
-		return 0, "", fmt.Errorf("KAS-KDF not configured for HKDF: %#v", c)
+		return 0, "", fmt.Errorf("KDA not configured for HKDF: %#v", c)
 	}
 
-	if !strings.HasPrefix(c.MACMode, "HMAC-") {
-		return 0, "", fmt.Errorf("MAC mode %q does't start with 'HMAC-'", c.MACMode)
-	}
-
-	return c.OutputBits / 8, c.MACMode[5:], nil
+	return c.OutputBits / 8, c.HashName, nil
 }
 
 type hkdfParameters struct {

util/fipstools/acvp/acvptool/subprocess/subprocess.go

@@ -106,7 +106,7 @@ func NewWithIO(cmd *exec.Cmd, in io.WriteCloser, out io.ReadCloser) *Subprocess
 		"ctrDRBG":           &drbg{"ctrDRBG", map[string]bool{"AES-128": true, "AES-192": true, "AES-256": true}},
 		"hmacDRBG":          &drbg{"hmacDRBG", map[string]bool{"SHA-1": true, "SHA2-224": true, "SHA2-256": true, "SHA2-384": true, "SHA2-512": true}},
 		"KDF":               &kdfPrimitive{},
-		"KAS-KDF":           &hkdf{},
+		"KDA":               &hkdf{},
 		"CMAC-AES":          &keyedMACPrimitive{"CMAC-AES"},
 		"RSA":               &rsa{},
 		"kdf-components":    &tlsKDF{},

util/fipstools/acvp/acvptool/test/tests.json

@@ -19,7 +19,7 @@
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-512.bz2", "Out": "expected/HMAC-SHA2-512.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/HMAC-SHA2-512-256.bz2", "Out": "expected/HMAC-SHA2-512-256.bz2"},
 {"Wrapper": "testmodulewrapper", "In": "vectors/hmacDRBG.bz2", "Out": "expected/hmacDRBG.bz2"},
-{"Wrapper": "testmodulewrapper", "In": "vectors/KAS-KDF.bz2", "Out": "expected/KAS-KDF.bz2"},
+{"Wrapper": "testmodulewrapper", "In": "vectors/KDA.bz2", "Out": "expected/KDA.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/KAS-ECC-SSC.bz2"},
 {"Wrapper": "modulewrapper", "In": "vectors/KAS-FFC-SSC.bz2"},
 {"Wrapper": "testmodulewrapper", "In": "vectors/KDF.bz2"},

util/fipstools/acvp/acvptool/testmodulewrapper/testmodulewrapper.go

@@ -91,36 +91,20 @@ func getConfig(args [][]byte) error {
 		  "number"
 		]
 	}, {
-		"algorithm": "KAS-KDF",
-		"mode": "TwoStep",
-		"revision": "Sp800-56Cr2",
-		"capabilities": [{
-			"macSaltMethods": [
-				"random",
-				"default"
-			],
-			"fixedInfoPattern": "uPartyInfo||vPartyInfo",
-			"encoding": [
-				"concatenation"
-			],
-			"kdfMode": "feedback",
-			"macMode": [
-				"HMAC-SHA2-256"
-			],
-			"supportedLengths": [{
-				"min": 128,
-				"max": 512,
-				"increment": 64
-			}],
-			"fixedDataOrder": [
-				"after fixed data"
-			],
-			"counterLength": [
-				8
-			],
-			"requiresEmptyIv": true,
-			"supportsEmptyIv": true
-		}],
+		"algorithm": "KDA",
+		"mode": "HKDF",
+		"revision": "Sp800-56Cr1",
+		"fixedInfoPattern": "uPartyInfo||vPartyInfo",
+		"encoding": [
+			"concatenation"
+		],
+		"hmacAlg": [
+			"SHA2-256"
+		],
+		"macSaltMethods": [
+			"default",
+			"random"
+		],
 		"l": 256,
 		"z": [256, 384]
 	}, {