Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ACVP SHAKE test implementations #1663

Merged
merged 10 commits into from
Jun 28, 2024
Merged

Update ACVP SHAKE test implementations #1663

merged 10 commits into from
Jun 28, 2024

Conversation

billbo-yang
Copy link
Contributor

Issues:

Needed to move forward with ACVP testing in the future.

Description of changes:

Our SHAKE ACVP test implementations and registrations don't work with the current version of NIST's server, so this updates our logic to match what the server expects and fixes the following for SHAKE in our ACVP tool:

  • Interact with demo server to fetch / run vectors
  • Correct AFT/VOT tests
  • Correct MCT tests

Call-outs:

N/A

Testing:

SHA1/2/3 and SHAKE now properly pass tests run against the NIST demo server.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@billbo-yang billbo-yang requested a review from a team as a code owner June 25, 2024 20:57
@codecov-commenter
Copy link

codecov-commenter commented Jun 25, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 78.22%. Comparing base (b2bbd9c) to head (dfdace5).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1663   +/-   ##
=======================================
  Coverage   78.22%   78.22%           
=======================================
  Files         566      566           
  Lines       95193    95185    -8     
  Branches    13665    13663    -2     
=======================================
- Hits        74465    74462    -3     
+ Misses      20133    20129    -4     
+ Partials      595      594    -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

andrewhop
andrewhop reviewed Jun 25, 2024
View reviewed changes
util/fipstools/acvp/acvptool/test/expected/SHAKE-128.bz2 Outdated Show resolved Hide resolved
util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -268,18 +268,28 @@ static bool GetConfig(const Span<const uint8_t> args[], ReplyCallback write_repl
},
{
"algorithm": "SHAKE-128",
"revision": "2.0",
"revision": "1.0",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this going back to an older version? Is 1 the right thing to be testing?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Revision 2.0 doesn't exist as of right now: https://pages.nist.gov/ACVP/draft-celi-acvp-sha3.html#name-sha3-and-shake-algorithm-ca

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did it used to exist? I'm confused what happened here.

util/fipstools/acvp/modulewrapper/modulewrapper.cc Outdated Show resolved Hide resolved
util/fipstools/acvp/modulewrapper/modulewrapper.cc Outdated
if (md[i-1].size() < 16) {
memcpy(msg[i].data(), md[i-1].data(), md[i-1].size());
size_t pad_size = 16 - md[i-1].size();
memset(msg[i].data() + md[i-1].size(), 0, pad_size);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't everything in msg already zero from line 1251?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I believe so. Thanks for pointing that out

util/fipstools/acvp/modulewrapper/modulewrapper.cc Show resolved Hide resolved
util/fipstools/acvp/modulewrapper/modulewrapper.cc Show resolved Hide resolved
util/fipstools/acvp/acvptool/subprocess/hash.go Show resolved Hide resolved
@billbo-yang billbo-yang force-pushed the update-acvp-shake-mct branch from 45ba2f0 to 157258c Compare June 25, 2024 23:14
@billbo-yang billbo-yang merged commit 772e22d into aws:main Jun 28, 2024
96 of 99 checks passed
billbo-yang added a commit to billbo-yang/aws-lc that referenced this pull request Jun 28, 2024
@billbo-yang
Update ACVP SHAKE test implementations (aws#1663)
f19311e 
* Update ACVP tool to properly interact with SHAKE vectors
* Update modulewrapper to run SHAKE tests correctly
* Update modulewrapper to have updated registration json for SHAKE
* Update ACVP tool tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WillChilds-Klein WillChilds-Klein WillChilds-Klein approved these changes

@andrewhop andrewhop andrewhop approved these changes

@lilpoozie2005 lilpoozie2005 lilpoozie2005 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@billbo-yang @codecov-commenter @WillChilds-Klein @andrewhop @lilpoozie2005