The crypto/internal/fips140/entropy package vendors a minimal
implementation of SHA2-384 to insulate it from changes in the FIPS
module implementation. This means it also requires ACVP testing separate
from the FIPS module implementation. This commit implements the
required ACVP testing support.
There's no way via the ACVP protocol, or acvptool, to specify that we
want to test a specific SHA2-384 implementation compared to normal. We
use a new environment variable (GOENTROPYSOURCEACVP=1) to make that
distinction.
The capabilities we advertise when testing the entropy SHA2-384
implementation are limited to something that best describes the
input sizes that the entropy module's implementation supports within the
requirements imposed by ACVP. We allow 144 byte messages (3*digest size)
to support MCT and in particular the "standard" MCT algorithm, and allow
1024 byte messages as the production supported message size used by the
entropy module itself.
Change-Id: I6e693a3fa23efba35d8a7d029ddf0b11036621c3
Reviewed-on: https://go-review.googlesource.com/c/go/+/711740
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: David Chase <drchase@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>