| commit | 269416b6e6ddc36d60807fd9cb1892f7c5c0d8ef | [log] [tgz] |
|---|---|---|
| author | Adam Langley <agl@imperialviolet.org> | Thu Apr 17 00:10:33 2025 +0000 |
| committer | Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> | Wed Apr 16 17:35:09 2025 -0700 |
| tree | d25856c434ff17cb94fccb6e70e5724feee3c0f2 | |
| parent | 129da2cf422b964358e82a76ec400914887ed62d [diff] |
Update ACVP tests in light of 99bd1df99b 99bd1df99b removed MAC truncation from ACVP but the ACVP tests aren't run on the commit queue and so I missed updating the tests accordingly. This change fixes them. NIST appears to include tests with huge messages and keys now, so the trimming script it updated to ignore those so that we aren't checking in megabytes of test vectors. Change-Id: I09b0eae2fb9b4d5865d51e17e95b1e61e38a5726 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/78628 Commit-Queue: Adam Langley <agl@google.com> Auto-Submit: Adam Langley <agl@google.com> Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2 b/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2 index f80e502..5c71478 100644 --- a/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2 +++ b/util/fipstools/acvp/acvptool/test/expected/CMAC-AES.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA-1.bz2 b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA-1.bz2 index a95786d..de6c60f 100644 --- a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA-1.bz2 +++ b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA-1.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-224.bz2 b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-224.bz2 index c8ab1f9..8a14531 100644 --- a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-224.bz2 +++ b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-224.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-256.bz2 b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-256.bz2 index 1090835..6639cf0 100644 --- a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-256.bz2 +++ b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-256.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-384.bz2 b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-384.bz2 index 5b445a5..8d799b7 100644 --- a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-384.bz2 +++ b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-384.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-256.bz2 b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-256.bz2 index 1fdfa42..5f869cd 100644 --- a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-256.bz2 +++ b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512-256.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512.bz2 b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512.bz2 index 3e46724..a1b2fd4 100644 --- a/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512.bz2 +++ b/util/fipstools/acvp/acvptool/test/expected/HMAC-SHA2-512.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/trim_vectors.go b/util/fipstools/acvp/acvptool/test/trim_vectors.go index 33dc947..59e5791 100644 --- a/util/fipstools/acvp/acvptool/test/trim_vectors.go +++ b/util/fipstools/acvp/acvptool/test/trim_vectors.go
@@ -15,11 +15,13 @@ //go:build ignore // trimvectors takes an ACVP vector set file and discards all but a single test -// from each test group. This hope is that this achieves good coverage without -// having to check in megabytes worth of JSON files. +// from each test group, and also discards any test that serializes to more than +// 4096 bytes. This hope is that this achieves good coverage without having to +// check in megabytes worth of JSON files. package main import ( + "bytes" "encoding/json" "os" ) @@ -39,12 +41,22 @@ testGroup := testGroupInterface.(map[string]any) tests := testGroup["tests"].([]any) - keepIndex := 10 - if keepIndex >= len(tests) { - keepIndex = len(tests) - 1 + var keptTests []any + for _, test := range tests { + var b bytes.Buffer + encoder := json.NewEncoder(&b) + if err := encoder.Encode(test); err != nil { + panic(err) + } + if b.Len() <= 4096 { + keptTests = append(keptTests, test) + } + // We only keep the first test that meets the size criteria. + if len(keptTests) >= 1 { + break + } } - - testGroup["tests"] = []any{tests[keepIndex]} + testGroup["tests"] = keptTests } }
diff --git a/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2 b/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2 index ff34573..f38d822 100644 --- a/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2 +++ b/util/fipstools/acvp/acvptool/test/vectors/CMAC-AES.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA-1.bz2 b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA-1.bz2 index d427f2e..b379dee 100644 --- a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA-1.bz2 +++ b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA-1.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-224.bz2 b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-224.bz2 index dd67b61..62b52d4 100644 --- a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-224.bz2 +++ b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-224.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-256.bz2 b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-256.bz2 index b137466..5cb072a 100644 --- a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-256.bz2 +++ b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-256.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-384.bz2 b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-384.bz2 index 2c1b317..6d1eb6d 100644 --- a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-384.bz2 +++ b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-384.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-256.bz2 b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-256.bz2 index d981300..68b34e0 100644 --- a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-256.bz2 +++ b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512-256.bz2 Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512.bz2 b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512.bz2 index a3ffe61..5ce2742 100644 --- a/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512.bz2 +++ b/util/fipstools/acvp/acvptool/test/vectors/HMAC-SHA2-512.bz2 Binary files differ