Cypherpunks repositories - gostls13.git/commit

author	Daniel McCarney <daniel@binaryparadox.net>
	Thu, 19 Dec 2024 17:45:57 +0000 (12:45 -0500)
committer	Gopher Robot <gobot@golang.org>
	Mon, 10 Feb 2025 21:55:28 +0000 (13:55 -0800)
commit	0c94c5fcae909de059ff5c9273e2839e0d5742bf
tree	9ac8d6cd1dc86089e84e8f91efc5f7601f2265a7	tree
parent	0bc57a3e7f941f6a1aa32e0b0f708a1e02aa842e	commit \| diff

crypto/internal/fips140test: add counter KDF ACVP tests

Adds ACVP test coverage for the SP 800-108r1 KDF counter mode algorithm
based on the NIST spec:

https://pages.nist.gov/ACVP/draft-celi-acvp-kbkdf.html

The implementation in our FIPS module fixes some parameters, requiring
tailoring of the advertised capability to match. Notably:

* We only support macModes CMAC-AES-128, -192, and -256
* We only support supportedLengths 256 (matching the [32]byte output
from CounterKDF.DeriveKey)
* We only support fixedDataOrder "before fixed data"
* We only support counterLength 16

No acvp_test.config.json update accompanies this support because the
ACVP tests for this algorithm aren't amenable to fixed data testing.

Updates #69642

Change-Id: I9e02d6c8cb6e209ac8e4c9fba926fffbad916098
Reviewed-on: https://go-review.googlesource.com/c/go/+/639776
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

src/crypto/internal/fips140test/acvp_capabilities.json		diff \| blob \| history
src/crypto/internal/fips140test/acvp_test.go		diff \| blob \| history