Cypherpunks repositories - gostls13.git/commit

author	Daniel McCarney <daniel@binaryparadox.net>
	Thu, 14 Nov 2024 19:25:44 +0000 (14:25 -0500)
committer	Gopher Robot <gobot@golang.org>
	Fri, 22 Nov 2024 00:00:23 +0000 (00:00 +0000)
commit	3467a91c0b05dcfb54030ab50c708d0b935618a1
tree	eaca34d4b0dc3b8ee897bfd747cd8c168a75e5a4	tree
parent	03c41d2910032b1d07c83d6d18689189339a4f21	commit \| diff

crypto/internal/fips/pbkdf2: add CAST testing

Per IG 10 3.A a module implementing PBKDF2 must perform a CAST
on the derivation of a master key. This commit adds the required CAST
test.

The salt length (16 bytes), and output length (14 bytes) for the test
are selected to meet FIPS requirements. The iteration count must be
at least 2 so we use that value exactly for the fastest self-test
allowable.

We test all underlying prerequisite algorithms (HMAC, digest algorithms)
separately.

For #69536

Change-Id: Iba9e87ab89eeec1c73adc7e56016674ac8065c39
Reviewed-on: https://go-review.googlesource.com/c/go/+/623195
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>

src/crypto/internal/fips140/pbkdf2/cast.go	[new file with mode: 0644]	blob
src/crypto/internal/fips140/pbkdf2/pbkdf2.go		diff \| blob \| history