Page MenuHomeFreeBSD

[security/nist-kat]: Add AES-CCM and plain SHA digest test vectors.
ClosedPublic

Authored by jhb on Apr 9 2019, 12:06 AM.

Details

Test Plan
  • use patched cryptotest.py that uses updated test vectors since FreeBSD head now supports plain SHA digests via OCF as well as AES-CCM
  • to date I've only tested plain SHA (and SHA224_HMAC), but will be working on CCM tests next

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

cem added a reviewer: Ports Committers.

LGTM, assuming those hashes match the ones from NIST :-).

You may need porter approval to commit? Although I guess core approval is also sufficient, so you can approve yourself.

This revision is now accepted and ready to land.Apr 10 2019, 6:22 PM
security/nist-kat/Makefile
5–6 ↗(On Diff #55975)

You might also consider just bumping the DISTVERSION to today's date instead of PORTREVISION. I'm not sure there's any particular magic to the DISTVERSION date corresponding to something NIST did, or if it is purely synthetic.

I will need to get some ports person to sign off on this eventually, but that's not a big deal. BTW, I have CCM tests partially working and hope to upload that diff to phab soon.

security/nist-kat/Makefile
5–6 ↗(On Diff #55975)

I don't really know. It does seem that it is perhaps arbitrary, maybe jmg@ could chime in? PORTREVISION seemed the simplest in terms of just adding new things from the upstream to the existing package.

BTW, sadly all the CCM descrypt vectors use nonce lens of either 7 or 13, never 12, so none of the decrypt tests can be run with OCF currently.

I should probably fix the OCF session to include an IV length at some point, but not today. Maybe after my pending rework branch gets merged.

In D19853#427108, @jhb wrote:

BTW, sadly all the CCM descrypt vectors use nonce lens of either 7 or 13, never 12, so none of the decrypt tests can be run with OCF currently.

I should probably fix the OCF session to include an IV length at some point, but not today. Maybe after my pending rework branch gets merged.

Ah, of course they do. Bummer.

bdrewery added a subscriber: bdrewery.

Ports approved

Though the normal timeout process applies for jmg@ to reply I think.

ngie added a subscriber: ngie.
ngie added inline comments.
security/nist-kat/Makefile
5–6 ↗(On Diff #55975)

I think PORTREVISION is the right thing to do, as long as the source archive hasn't changed.

Sidenote: given that it's been over 2 weeks since you put this out for review, I think you can put in Approved by: jmg (maintainer timeout) and commit the change.

This revision was automatically updated to reflect the committed changes.