]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: 3310f32) | patch
crypto/internal/fips140test: add TLS-v1.3 ACVP tests
authorDaniel McCarney <daniel@binaryparadox.net>
Sat, 14 Dec 2024 19:36:21 +0000 (14:36 -0500)
committerGopher Robot <gobot@golang.org>
Mon, 10 Feb 2025 17:33:15 +0000 (09:33 -0800)
commit47d0b0f2bf9d507d5bc9ea8f456cc821829fe21c
tree6f312a75f861a76bb9d89cb9a198543e9f8e616ftree
parent3310f324ad33571f68d3f0534dd4ebe9872ab2bdcommit | diff
crypto/internal/fips140test: add TLS-v1.3 ACVP tests

Adds ACVP test coverage for the SP 800-56Crev2 IG 2.4.B TLS v1.3 KDF
based on the NIST spec:

  https://pages.nist.gov/ACVP/draft-hammett-acvp-kdf-tls-v1.3.html

Only SHA2-256 and SHA2-384 are valid hash algorithms for the TLS1.3 KDF
algorithm.

The BoringSSL acvptool "lowers" the more complicated TLS 1.3 KDF ACVP
test cases into simple invocations of our module wrapper's pre-existing
HKDF commands, and the new "HKDFExtract/$HASH" and
"HKDFExpandLabel/$HASH" commands added in this branch.

Updates #69642

Change-Id: I5fb1af5b5b33c1845b27cf8968e6523e89bcc589
Reviewed-on: https://go-review.googlesource.com/c/go/+/636117
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
src/crypto/internal/fips140test/acvp_capabilities.json diff | blob | history
src/crypto/internal/fips140test/acvp_test.config.json diff | blob | history
src/crypto/internal/fips140test/acvp_test.go diff | blob | history
Go GOST TLS 1.3