ACVP updates.

Tweaks to the ACVP regcap in light of FIPS 186-5. These are needed for future validations. Change-Id: Ib3d478a21b3ffebbf2ac8aa05a70dc787520087a Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/68447 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com> Commit-Queue: Adam Langley <agl@google.com> Auto-Submit: Adam Langley <agl@google.com>
author: Adam Langley <agl@imperialviolet.org> 2024-05-14 19:54:45 +0000
committer: Adam Langley <agl@google.com> 2024-05-14 21:02:24 +0000
commit: b8912d713cb82a748bbe63f28f28b17632c70964 (patch)
tree: d4d63ac68f48c05713b27aea1fd02b22d0a6164b /util
parent: b6bca9c6dde177f641137d2991aa677997c54c67 (diff)
download: boringssl-b8912d713cb82a748bbe63f28f28b17632c70964.zip
boringssl-b8912d713cb82a748bbe63f28f28b17632c70964.tar.gz
boringssl-b8912d713cb82a748bbe63f28f28b17632c70964.tar.bz2
1 files changed, 29 insertions, 8 deletions
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index dd17f56..816bd16 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -357,6 +357,21 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
         "ivGenMode": "8.2.2"
       },
       {
+        "algorithm": "ACVP-AES-GCM",
+        "revision": "1.0",
+        "direction": ["encrypt", "decrypt"],
+        "keyLen": [128, 192, 256],
+        "payloadLen": [{
+          "min": 0, "max": 65536, "increment": 8
+        }],
+        "aadLen": [{
+          "min": 0, "max": 65536, "increment": 8
+        }],
+        "tagLen": [32, 64, 96, 104, 112, 120, 128],
+        "ivLen": [96],
+        "ivGen": "external"
+      },
+      {
         "algorithm": "ACVP-AES-GMAC",
         "revision": "1.0",
         "direction": ["encrypt", "decrypt"],
@@ -496,7 +511,7 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
       {
         "algorithm": "ECDSA",
         "mode": "keyGen",
-        "revision": "1.0",
+        "revision": "FIPS186-5",
         "curve": [
           "P-224",
           "P-256",
@@ -510,7 +525,7 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
       {
         "algorithm": "ECDSA",
         "mode": "keyVer",
-        "revision": "1.0",
+        "revision": "FIPS186-5",
         "curve": [
           "P-224",
           "P-256",
@@ -521,7 +536,7 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
       {
         "algorithm": "ECDSA",
         "mode": "sigGen",
-        "revision": "1.0",
+        "revision": "FIPS186-5",
         "capabilities": [{
           "curve": [
             "P-224",
@@ -541,7 +556,7 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
       {
         "algorithm": "ECDSA",
         "mode": "sigVer",
-        "revision": "1.0",
+        "revision": "FIPS186-5",
         "capabilities": [{
           "curve": [
             "P-224",
@@ -567,21 +582,21 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
         "fixedPubExp": "010001",
         "keyFormat": "standard",
         "capabilities": [{
-          "randPQ": "B.3.3",
+          "randPQ": "probable",
           "properties": [{
             "modulo": 2048,
             "primeTest": [
-              "tblC2"
+              "2powSecStr"
             ]
           },{
             "modulo": 3072,
             "primeTest": [
-              "tblC2"
+              "2powSecStr"
             ]
           },{
             "modulo": 4096,
             "primeTest": [
-              "tblC2"
+              "2powSecStr"
             ]
           }]
         }]
@@ -635,6 +650,7 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
         },{
           "sigType": "pss",
           "properties": [{
+            "maskFunction": ["mgf1"],
             "modulo": 2048,
             "hashPair": [{
               "hashAlg": "SHA2-224",
@@ -656,6 +672,7 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
         },{
           "sigType": "pss",
           "properties": [{
+            "maskFunction": ["mgf1"],
             "modulo": 3072,
             "hashPair": [{
               "hashAlg": "SHA2-224",
@@ -677,6 +694,7 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
         },{
           "sigType": "pss",
           "properties": [{
+            "maskFunction": ["mgf1"],
             "modulo": 4096,
             "hashPair": [{
               "hashAlg": "SHA2-224",
@@ -748,6 +766,7 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
         },{
           "sigType": "pss",
           "properties": [{
+            "maskFunction": ["mgf1"],
             "modulo": 2048,
             "hashPair": [{
               "hashAlg": "SHA2-224",
@@ -769,6 +788,7 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
         },{
           "sigType": "pss",
           "properties": [{
+            "maskFunction": ["mgf1"],
             "modulo": 3072,
             "hashPair": [{
               "hashAlg": "SHA2-224",
@@ -790,6 +810,7 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
         },{
           "sigType": "pss",
           "properties": [{
+            "maskFunction": ["mgf1"],
             "modulo": 4096,
             "hashPair": [{
               "hashAlg": "SHA2-224",
author	Adam Langley <agl@imperialviolet.org>	2024-05-14 19:54:45 +0000
committer	Adam Langley <agl@google.com>	2024-05-14 21:02:24 +0000
commit	b8912d713cb82a748bbe63f28f28b17632c70964 (patch)
tree	d4d63ac68f48c05713b27aea1fd02b22d0a6164b /util
parent	b6bca9c6dde177f641137d2991aa677997c54c67 (diff)
download	boringssl-b8912d713cb82a748bbe63f28f28b17632c70964.zip boringssl-b8912d713cb82a748bbe63f28f28b17632c70964.tar.gz boringssl-b8912d713cb82a748bbe63f28f28b17632c70964.tar.bz2