This is required to run SHA3 tests otherwise we get an error of unknown
algorithm.
Change-Id: I085da2b6757ba1f452f33abc7f1bafc4a404e025
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52926
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Corie Pressley <cpressley@google.com>
Best to exercise the full range of lengths, where supported. This does
makes the downloads larger but the ACVP demo server seems to have mostly
solved its issue of hanging when serving large files. None the less, a
longer timeout is needed.
Change-Id: I1b4879ded8a03b40512b4e03e2b2ce59678974f7
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52745
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
I'm collecting these changes, made by `go fmt` into their own change so
that they don't add noise to a meaningful change in the future.
Change-Id: I0ca931816fdba60ecde43e3eaffd0339d1773e73
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52429
Reviewed-by: Bob Beck <bbe@google.com>
The module supports these operations, they should probably be tested
with ACVP.
Change-Id: I09a52281f0c6877862139b73a876c995aa9af92a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52428
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
3DES is no longer acceptable for FIPS validation.
Change-Id: Id4f80f6201220eff28cb3597540a3b796bfcf54f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52426
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
ACVP authorisation tokens expire and, once expired, need to be renewed
by sending a new TOTP code. We almost never hit this but some FIPS
modules are slow enough that they can't compute the response within the
token lifetime.
But the ACVP code was putting an Authorization header on the renewal
message because it put that header on every message. But doing so breaks
the renewal because the server rejects the request because the token has
expired before noticing that it's a renewal request.
Also, put a 10 second buffer on deciding if a token has expired to
account for the transmission delay.
Change-Id: I50643a223cdb313d07dd7b2c559ad160cbe608ff
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51385
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CS3 is ciphertext-stealing variant three from SP 800-38A.
Change-Id: I992dc22778c91efad361f25ff65ae5966fc447c6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49505
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Some JSON files have a header, but without a URL. Thus consider a block
that doesn't contain an algorithm to also be a header.
Change-Id: Ic35a827843e9d0169ba8398df69c46a5baeffb44
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48605
Reviewed-by: David Benjamin <davidben@google.com>
NIST breaks these URLs so often it's unclear if it's worth including
them. If they do it again it might be a signal to remove them all.
However, until then, this change updates many of them. Some were deleted
because the format of the anchors has been switched and all the section
numbers remove, and I don't think it's worth trying to unpick all that.
Change-Id: I31457c225e68ee44d383a5a148fdcc80a3430864
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47464
Commit-Queue: Adam Langley <agl@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
In cases where the RPC from acvptool to modulewrapper is expensive,
these iterated tests take excessive amounts of time. By moving the
inner loop into the module wrapper the number of round-trips is reduced
by 1000×.
Change-Id: Ic047db071239492e416a08cab60d6a7e2905e8dc
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47364
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
When updating the test file for SHA-1 support, I forgot to remove the
non-deterministic bits (i.e. key and signature generation) from the
input vectors.
Change-Id: Id47f9b2cc85282f68b71aedc271d4b4b53e04c70
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47285
Reviewed-by: David Benjamin <davidben@google.com>
It's defined as GCM without a plaintext input, so this is trivial.
Change-Id: Id430e998447e489c2bf2dd5c6541877870104ade
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/46844
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Sometimes JSON vector files contain a header element that must be
duplicated into the output and sometimes they don't. Auto-detect this by
looking for a “url” field in the first element.
Change-Id: I76046adb8ea64fe5ac9bae9d6583546504723918
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45524
Reviewed-by: David Benjamin <davidben@google.com>
CMAC-AES isn't inside our FIPS module, it's only included in
modulewrapper in order to test acvptool. Mark it with a special tag to
avoid it appearing when dumping regcap JSON because NIST paperwork is
such that it's better not to ACVP test such code.
Change-Id: I0c6d3a38bce9bf5766b889677eb3f7de94262c24
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45465
Reviewed-by: David Benjamin <davidben@google.com>
This is only used for testing acvptool but, yea, |memcmp| doesn't return
a bool 😳
This wasn't noticed because "ver" mode was missing from the registration
and thus from the test vectors.
Change-Id: I181c9b66aea4032543d39ebcc8728a01e0f34f55
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45464
Commit-Queue: Adam Langley <alangley@gmail.com>
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
CMAC is not inside our FIPS module and we have ACVP support for it just
for testing (other modules need to validate CMAC). This change makes the
CMAC verify test an explicit action for the module wrapper so that a
verification function exposed by a FIPS module can be tested.
Change-Id: I3943bde175f2c1d62881002b4e12d7bca68a9018
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45264
Reviewed-by: David Benjamin <davidben@google.com>
Revision 1.0 is this test is reportedly no longer acceptable and we have
to use the “SSC” version now. The documentation for this test doesn't
mention that a “z” field is possible, but that's what the test vectors
from the demo server contain and, after guessing at the correct response
format, this makes the NIST server happy.
Change-Id: Ic63d9e19998dc015733d847cd0330a3af1d5e7e6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45224
Reviewed-by: David Benjamin <davidben@google.com>
NIST currently seems to have a bug where they don't respect the regcap
for AES-CTR and return fractional-byte tests when not allowed.
Previously we didn't notice that the specified payload length didn't
match the actual value.
Change-Id: I0e48d5246f7250e6047d983cd016b0de290d0f70
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45205
Reviewed-by: David Benjamin <davidben@google.com>
Since we don't have XTS in the FIPS module, this change uses
testmodulewrapper for testing.
Change-Id: I82117472ea4288d017983fe9cc11d4ba808a972a
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45064
Reviewed-by: David Benjamin <davidben@google.com>
It has been subsumed by the tests added in the previous change.
Change-Id: Ie53e8bd1116d2a70b9b88b2b59163e0f9a3140e8
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44747
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
This change causes the run_tests target, in FIPS builds, to run ACVP
for each supported algorithm. For most of them the output can be compared
against a known result. For some of them the output is too variable and
they are only run to ensure that they don't have local errors.
The ACVP test vectors have been trimmed significantly because they're
often huge. Firstly an included tool drops all but one test from each
group. Some vector sets have been manually trimmed to remove tests that
cause variable output.
Change-Id: Iff73851e3d47813041cc7ea6d881282750274940
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44746
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
The config file is only needed if interacting with an ACVP server.
Invocations that just want to process input from a file don't need it.
By moving this chunk of code down, the config isn't loaded until
after handling JSON inputs and just can be ignore if not needed.
Change-Id: Ibce334f63ddf8df34cf2917b923db20b3aaa735f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44744
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
This involves adding a new function |DH_compute_key_hashed| that
combines the FFDH with the output hashing inside the FIPS module. This
new function uses the padded FFDH output, as newly specified in SP
800-56Ar3.
Change-Id: Iafcb7e276f16d39bf7d25d3b2f163b5cd6f67883
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44504
Reviewed-by: David Benjamin <davidben@google.com>
The docs at os/signal.Notify warn about this signal delivery loss bug at
https://golang.org/pkg/os/signal/#Notify, which says:
Package signal will not block sending to c: the caller must ensure
that c has sufficient buffer space to keep up with the expected signal
rate. For a channel used for notification of just one signal value,
a buffer of size 1 is sufficient.
Discovered by one of Orijtech, Inc's internal static
analyzers that will eventually be donated to the Go project, and will
then be included when one runs:
go test
Change-Id: I5713f7087a195ac706240d32b53d2e4855d93a1c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/44264
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
The ACVP MCT tests involve a double loop where the inner loop iterates
1000 (AES) or 10000 (3DES) times. This change moves that inner loop
into the subprocess. This significantly reduces the amount of IPC
traffic at the cost of making the subprocesses more complex. The traffic
volume is unimportant when talking over a local pipe, but it's
significant when channels like serial links are used.
Change-Id: Ia9d51335f06b743791f7885d366c8fd2f0f7eaf6
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43844
Commit-Queue: Adam Langley <alangley@gmail.com>
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Use empty() over size() == 0, and don't export the IterateAES*
functions. (They return private types.)
Change-Id: I8a8f33a64e28cc2eab789563c6ba91afa6df87f9
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43544
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
A recent change broke this but I didn't notice. (Which suggests that the
test isn't very useful, which is true, but I'm not ready to pull the
trigger on deleting it just yet.)
Change-Id: If120a553c095fa0be9f8e85fc05ee996a486621f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43484
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
(There's going to be more and it was getting too big.)
Change-Id: I16a49f77975697bb5a04f2adfd465b09c2a09ef3
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43404
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
This change adds a config parameter PrivateKeyFile (to replace
PrivateKeyDERFile, although that still exists) because taking PKCS#1 DER
is a little odd for people. Also probe for PEM/DER and PKCS#1/8
automatically to try and work with whatever private key the user has.
Change-Id: I0f4efcd79528cfb26f791e9ee8c5141fc6a93723
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/43344
Reviewed-by: David Benjamin <davidben@google.com>
Sureshbhai Dave
Adam Langley
Gurleen Grewal
Emmanuel T Odeke
David Benjamin
Adam Langley