Remove MAC truncation from FIPS interface.
This is only valid in ACVP if the truncation occurs within the FIPS
module. But that's not a useful service: the caller can always discard a
few bytes and is better positioned to do so.
Change-Id: Id5e6459c9fa6d8b1b8f7a398feab6c4816adf8ab
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/78247
Commit-Queue: Adam Langley <agl@google.com>
Auto-Submit: Adam Langley <agl@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
diff --git a/util/fipstools/acvp/acvptool/subprocess/hmac.go b/util/fipstools/acvp/acvptool/subprocess/hmac.go
index 3273f3c..e4d5e40 100644
--- a/util/fipstools/acvp/acvptool/subprocess/hmac.go
+++ b/util/fipstools/acvp/acvptool/subprocess/hmac.go
@@ -119,14 +119,14 @@
}
m.TransactAsync(h.algo, 1, [][]byte{msg, key}, func(result [][]byte) error {
- if l := len(result[0]); l < outBytes {
- return fmt.Errorf("HMAC result too short: %d bytes but wanted %d", l, outBytes)
+ if l := len(result[0]); l != outBytes {
+ return fmt.Errorf("incorrect HMAC length: %d bytes but wanted %d", l, outBytes)
}
// https://pages.nist.gov/ACVP/draft-fussell-acvp-mac.html#name-test-vectors
response.Tests = append(response.Tests, hmacTestResponse{
ID: test.ID,
- MACHex: hex.EncodeToString(result[0][:outBytes]),
+ MACHex: hex.EncodeToString(result[0]),
})
return nil
})
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index 7f4d9fa..018aceb 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -442,9 +442,7 @@
"keyLen": [{
"min": 8, "max": 524288, "increment": 8
}],
- "macLen": [{
- "min": 32, "max": 160, "increment": 8
- }]
+ "macLen": [160]
},
{
"algorithm": "HMAC-SHA2-224",
@@ -452,9 +450,7 @@
"keyLen": [{
"min": 8, "max": 524288, "increment": 8
}],
- "macLen": [{
- "min": 32, "max": 224, "increment": 8
- }]
+ "macLen": [224]
},
{
"algorithm": "HMAC-SHA2-256",
@@ -462,9 +458,7 @@
"keyLen": [{
"min": 8, "max": 524288, "increment": 8
}],
- "macLen": [{
- "min": 32, "max": 256, "increment": 8
- }]
+ "macLen": [256]
},
{
"algorithm": "HMAC-SHA2-384",
@@ -472,9 +466,7 @@
"keyLen": [{
"min": 8, "max": 524288, "increment": 8
}],
- "macLen": [{
- "min": 32, "max": 384, "increment": 8
- }]
+ "macLen": [384]
},
{
"algorithm": "HMAC-SHA2-512",
@@ -482,9 +474,7 @@
"keyLen": [{
"min": 8, "max": 524288, "increment": 8
}],
- "macLen": [{
- "min": 32, "max": 512, "increment": 8
- }]
+ "macLen": [512]
},
{
"algorithm": "HMAC-SHA2-512/256",
@@ -492,9 +482,7 @@
"keyLen": [{
"min": 8, "max": 524288, "increment": 8
}],
- "macLen": [{
- "min": 32, "max": 256, "increment": 8
- }]
+ "macLen": [256]
},
{
"algorithm": "ctrDRBG",
@@ -848,11 +836,7 @@
"increment": 8
}],
"keyLen": [128, 256],
- "macLen": [{
- "min": 8,
- "max": 128,
- "increment": 8
- }]
+ "macLen": [128]
}]
},
{
@@ -1966,11 +1950,11 @@
return false;
}
memcpy(&mac_len, args[0].data(), sizeof(mac_len));
- if (mac_len > sizeof(mac)) {
+ if (mac_len != sizeof(mac)) {
return false;
}
- return write_reply({Span<const uint8_t>(mac, mac_len)});
+ return write_reply({Span<const uint8_t>(mac, sizeof(mac))});
}
static bool CMAC_AESVerify(const Span<const uint8_t> args[],
