Google Git
Sign in
boringssl / boringssl.git / fc03aae5d669b1735ac26cad31823cce49063803^! / .
commitfc03aae5d669b1735ac26cad31823cce49063803[log] [tgz]
authorDaniel McCarney <daniel@binaryparadox.net>Wed Oct 09 15:39:46 2024 -0400
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Oct 09 20:31:33 2024 +0000
tree8b53f708007d69e1884cda300fba0911ffc67022
parentd0a175601b9e180ce58cb1e33649057f5c484146 [diff]
util/fipstools: SHA2-512-224 ACVP primitives

Previously `SHA2-512/256` and `HMAC-SHA2-512/256` were supported, but
not `SHA2-512/224` and `HMAC-SHA2-512/224`.

This commit adds both as known primitives since they are listed as
supported by the NIST ACVTS[0][1].

Without this change a module wrapper advertising capabilities for either
algorithm produces a "wrapper config advertises support for unknown
algorithm" error message.

[0]: https://github.com/usnistgov/ACVP?tab=readme-ov-file#secure-hash
[1]: https://github.com/usnistgov/ACVP?tab=readme-ov-file#message-authentication

Change-Id: Ica3c79cdf3b04712533355b9fdbed83534905800
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/71887
Commit-Queue: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Bob Beck <bbe@google.com>

diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go
index 0e6ca44..82a8e88 100644
--- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go
+++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go

@@ -102,6 +102,7 @@
 		"SHA2-256":          &hashPrimitive{"SHA2-256", 32},
 		"SHA2-384":          &hashPrimitive{"SHA2-384", 48},
 		"SHA2-512":          &hashPrimitive{"SHA2-512", 64},
+		"SHA2-512/224":      &hashPrimitive{"SHA2-512/224", 28},
 		"SHA2-512/256":      &hashPrimitive{"SHA2-512/256", 32},
 		"SHA3-224":          &hashPrimitive{"SHA3-224", 28},
 		"SHA3-256":          &hashPrimitive{"SHA3-256", 32},
@@ -124,6 +125,7 @@
 		"HMAC-SHA2-256":     &hmacPrimitive{"HMAC-SHA2-256", 32},
 		"HMAC-SHA2-384":     &hmacPrimitive{"HMAC-SHA2-384", 48},
 		"HMAC-SHA2-512":     &hmacPrimitive{"HMAC-SHA2-512", 64},
+		"HMAC-SHA2-512/224": &hmacPrimitive{"HMAC-SHA2-512/224", 28},
 		"HMAC-SHA2-512/256": &hmacPrimitive{"HMAC-SHA2-512/256", 32},
 		"HMAC-SHA3-224":     &hmacPrimitive{"HMAC-SHA3-224", 28},
 		"HMAC-SHA3-256":     &hmacPrimitive{"HMAC-SHA3-256", 32},
@@ -141,7 +143,7 @@
 		"KAS-FFC-SSC":       &kasDH{},
 	}
 	m.primitives["ECDSA"] = &ecdsa{"ECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives}
-        m.primitives["EDDSA"] = &ecdsa{"ECDSA", map[string]bool{"ED-25519": true}, nil}
+	m.primitives["EDDSA"] = &ecdsa{"ECDSA", map[string]bool{"ED-25519": true}, nil}
 
 	go m.readerRoutine()
 	return m