util/fipstools: adjust KDF-counter command docs This commit adjusts the ACVP.md documentation for the KDF-counter command to match the implementation. Prior to this the kdf struct in subprocess that dispatches KDF-counter command invocations had a few divergences from the docs: * If the test case has the "Deferred" property set to true, then the key argument provided to the wrapper is empty. * The wrapper is expected to output three values: the input key (since for deferred tests it was generated module-side), the fixed counter data, and the derived key. For deferred tests the returned key is written to the response `KeyIn`. For non-deferred tests the returned key is verified to match the one that was sent to the submodule as a command arg. Change-Id: If266383e279d2222f55975aa3376e8fb134899d7 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/74727 Commit-Queue: Adam Langley <agl@google.com> Reviewed-by: Bob Beck <bbe@google.com> Reviewed-by: Adam Langley <agl@google.com>
diff --git a/util/fipstools/acvp/ACVP.md b/util/fipstools/acvp/ACVP.md index 79cf9c8..9b8f9bc 100644 --- a/util/fipstools/acvp/ACVP.md +++ b/util/fipstools/acvp/ACVP.md
@@ -94,7 +94,7 @@ | hmacDRBG/<HASH>| Output length, entropy, personalisation, ad1, ad2, nonce | Output | | hmacDRBG-reseed/<HASH>| Output length, entropy, personalisation, reseedAD, reseedEntropy, ad1, ad2, nonce | Output | | hmacDRBG-pr/<HASH>| Output length, entropy, personalisation, ad1, entropy1, ad2, entropy2, nonce | Output | -| KDF-counter | Number output bytes, PRF name, counter location string, key, number of counter bits | Counter, output | +| KDF-counter | Number output bytes, PRF name, counter location string, key (or empty), number of counter bits | key, counter, derived key | | RSA/keyGen | Modulus bit-size | e, p, q, n, d | | RSA/sigGen/<HASH>/pkcs1v1.5 | Modulus bit-size | n, e, signature | | RSA/sigGen/<HASH>/pss | Modulus bit-size | n, e, signature |