Adds ACVP test coverage for the hmacDRBG algorithm based on the NIST
spec:
https://pages.nist.gov/ACVP/draft-vassilev-acvp-drbg.html#section-7.2
The HMAC DRBG algorithm in our fips module is a minimal implementation
tailored for use for generating ECDSA nonces and so lives in
crypto/internal/fips140/ecdsa.
In order to be testable by crypto/internal/fips140test this changeset
exports a ecdsa.TestingOnlyNewDrbg() constructor to support the ACVP use-case.
All FIPS-compatible SHA2 and SHA3 digests are tested.
The ACVP capability registration is customized to match the limited
capabilities of our ecdsa-focused impl. Most notably:
* reseedImplemented is false - we expect this impl to be invoked
only once or twice per instantiation and do not support explicit
reseeding.
* predResistanceEnabled is false - this requires reseeding.
* Per mode:
* derFuncEnabled is always false - this is only used by ctrDRBG.
* additionalInputLen is 0 for all modes - this is only used with
preResistanceEnabled.
The other capability values are chosen based on Table 4:
https://pages.nist.gov/ACVP/draft-vassilev-acvp-drbg.html#section-7.4
Updates #69642
Change-Id: Ia58979d691f912e2ed739a05efb719f580fbbf89
Reviewed-on: https://go-review.googlesource.com/c/go/+/639775 Reviewed-by: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Filippo Valsorda <filippo@golang.org>