Increase ACVP sizes.
Best to exercise the full range of lengths, where supported. This does
makes the downloads larger but the ACVP demo server seems to have mostly
solved its issue of hanging when serving large files. None the less, a
longer timeout is needed.
Change-Id: I1b4879ded8a03b40512b4e03e2b2ce59678974f7
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52745
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/util/fipstools/acvp/acvptool/acvp/acvp.go b/util/fipstools/acvp/acvptool/acvp/acvp.go
index 9419508..d70f98c 100644
--- a/util/fipstools/acvp/acvptool/acvp/acvp.go
+++ b/util/fipstools/acvp/acvptool/acvp/acvp.go
@@ -91,7 +91,7 @@
return conn, err
},
},
- Timeout: 30 * time.Second,
+ Timeout: 120 * time.Second,
}
return &Server{client: client, prefix: prefix, totpFunc: totp, PrefixTokens: make(map[string]string)}
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index 628944a..f3e583d 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -297,10 +297,10 @@
"direction": ["encrypt", "decrypt"],
"keyLen": [128, 192, 256],
"payloadLen": [{
- "min": 0, "max": 256, "increment": 8
+ "min": 0, "max": 65536, "increment": 8
}],
"aadLen": [{
- "min": 0, "max": 320, "increment": 8
+ "min": 0, "max": 65536, "increment": 8
}],
"tagLen": [32, 64, 96, 104, 112, 120, 128],
"ivLen": [96],
@@ -312,10 +312,10 @@
"direction": ["encrypt", "decrypt"],
"keyLen": [128, 192, 256],
"payloadLen": [{
- "min": 0, "max": 256, "increment": 8
+ "min": 0, "max": 65536, "increment": 8
}],
"aadLen": [{
- "min": 0, "max": 320, "increment": 8
+ "min": 0, "max": 65536, "increment": 8
}],
"tagLen": [32, 64, 96, 104, 112, 120, 128],
"ivLen": [96],
@@ -334,7 +334,7 @@
"keyLen": [
128, 192, 256
],
- "payloadLen": [{"min": 128, "max": 1024, "increment": 64}]
+ "payloadLen": [{"min": 128, "max": 4096, "increment": 64}]
},
{
"algorithm": "ACVP-AES-KWP",
@@ -363,14 +363,14 @@
],
"payloadLen": [{"min": 0, "max": 256, "increment": 8}],
"ivLen": [104],
- "tagLen": [32],
- "aadLen": [{"min": 0, "max": 1024, "increment": 8}]
+ "tagLen": [32, 64],
+ "aadLen": [{"min": 0, "max": 524288, "increment": 8}]
},
{
"algorithm": "HMAC-SHA-1",
"revision": "1.0",
"keyLen": [{
- "min": 8, "max": 2048, "increment": 8
+ "min": 8, "max": 524288, "increment": 8
}],
"macLen": [{
"min": 32, "max": 160, "increment": 8
@@ -380,7 +380,7 @@
"algorithm": "HMAC-SHA2-224",
"revision": "1.0",
"keyLen": [{
- "min": 8, "max": 2048, "increment": 8
+ "min": 8, "max": 524288, "increment": 8
}],
"macLen": [{
"min": 32, "max": 224, "increment": 8
@@ -390,7 +390,7 @@
"algorithm": "HMAC-SHA2-256",
"revision": "1.0",
"keyLen": [{
- "min": 8, "max": 2048, "increment": 8
+ "min": 8, "max": 524288, "increment": 8
}],
"macLen": [{
"min": 32, "max": 256, "increment": 8
@@ -400,7 +400,7 @@
"algorithm": "HMAC-SHA2-384",
"revision": "1.0",
"keyLen": [{
- "min": 8, "max": 2048, "increment": 8
+ "min": 8, "max": 524288, "increment": 8
}],
"macLen": [{
"min": 32, "max": 384, "increment": 8
@@ -410,7 +410,7 @@
"algorithm": "HMAC-SHA2-512",
"revision": "1.0",
"keyLen": [{
- "min": 8, "max": 2048, "increment": 8
+ "min": 8, "max": 524288, "increment": 8
}],
"macLen": [{
"min": 32, "max": 512, "increment": 8
@@ -420,7 +420,7 @@
"algorithm": "HMAC-SHA2-512/256",
"revision": "1.0",
"keyLen": [{
- "min": 8, "max": 2048, "increment": 8
+ "min": 8, "max": 524288, "increment": 8
}],
"macLen": [{
"min": 32, "max": 256, "increment": 8
@@ -821,12 +821,12 @@
"direction": ["gen", "ver"],
"msgLen": [{
"min": 0,
- "max": 65536,
+ "max": 524288,
"increment": 8
}],
"keyLen": [128, 256],
"macLen": [{
- "min": 32,
+ "min": 8,
"max": 128,
"increment": 8
}]
@@ -1096,10 +1096,21 @@
return false;
}
memcpy(&tag_len_32, tag_len_span.data(), sizeof(tag_len_32));
- if (tag_len_32 != 4) {
- LOG_ERROR("AES-CCM only supports 4-byte tags, but %u was requested\n",
- static_cast<unsigned>(tag_len_32));
- return false;
+ const EVP_AEAD *aead;
+ switch (tag_len_32) {
+ case 4:
+ aead = EVP_aead_aes_128_ccm_bluetooth();
+ break;
+
+ case 8:
+ aead = EVP_aead_aes_128_ccm_bluetooth_8();
+ break;
+
+ default:
+ LOG_ERROR(
+ "AES-CCM only supports 4- and 8-byte tags, but %u was requested\n",
+ static_cast<unsigned>(tag_len_32));
+ return false;
}
if (key.size() != 16) {
@@ -1108,8 +1119,8 @@
return false;
}
- if (!EVP_AEAD_CTX_init(ctx, EVP_aead_aes_128_ccm_bluetooth(), key.data(),
- key.size(), tag_len_32, nullptr)) {
+ if (!EVP_AEAD_CTX_init(ctx, aead, key.data(), key.size(), tag_len_32,
+ nullptr)) {
LOG_ERROR("Failed to setup AES-CCM with tag length %u\n",
static_cast<unsigned>(tag_len_32));
return false;
