Page MenuHomeFreeBSD

[security/nist-kat]: Add AES-CCM and plain SHA digest test vectors.
ClosedPublic

Authored by jhb on Apr 9 2019, 12:06 AM.

Details

Test Plan
  • use patched cryptotest.py that uses updated test vectors since FreeBSD head now supports plain SHA digests via OCF as well as AES-CCM
  • to date I've only tested plain SHA (and SHA224_HMAC), but will be working on CCM tests next

Diff Detail

Repository
rP FreeBSD ports repository
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

jhb created this revision.Apr 9 2019, 12:06 AM
cem accepted this revision.Apr 10 2019, 6:22 PM
cem added a reviewer: Ports Committers.

LGTM, assuming those hashes match the ones from NIST :-).

You may need porter approval to commit? Although I guess core approval is also sufficient, so you can approve yourself.

This revision is now accepted and ready to land.Apr 10 2019, 6:22 PM
cem added inline comments.Apr 10 2019, 6:23 PM
security/nist-kat/Makefile
5–6 ↗(On Diff #55975)

You might also consider just bumping the DISTVERSION to today's date instead of PORTREVISION. I'm not sure there's any particular magic to the DISTVERSION date corresponding to something NIST did, or if it is purely synthetic.

sef accepted this revision.Apr 10 2019, 7:35 PM
jhb added a comment.Apr 11 2019, 9:17 PM

I will need to get some ports person to sign off on this eventually, but that's not a big deal. BTW, I have CCM tests partially working and hope to upload that diff to phab soon.

security/nist-kat/Makefile
5–6 ↗(On Diff #55975)

I don't really know. It does seem that it is perhaps arbitrary, maybe jmg@ could chime in? PORTREVISION seemed the simplest in terms of just adding new things from the upstream to the existing package.

jhb added a comment.Apr 11 2019, 9:45 PM

BTW, sadly all the CCM descrypt vectors use nonce lens of either 7 or 13, never 12, so none of the decrypt tests can be run with OCF currently.

I should probably fix the OCF session to include an IV length at some point, but not today. Maybe after my pending rework branch gets merged.

cem added a comment.Apr 11 2019, 9:57 PM
In D19853#427108, @jhb wrote:

BTW, sadly all the CCM descrypt vectors use nonce lens of either 7 or 13, never 12, so none of the decrypt tests can be run with OCF currently.
I should probably fix the OCF session to include an IV length at some point, but not today. Maybe after my pending rework branch gets merged.

Ah, of course they do. Bummer.

bdrewery accepted this revision.Apr 19 2019, 10:55 PM
bdrewery added a subscriber: bdrewery.

Ports approved

Though the normal timeout process applies for jmg@ to reply I think.

ngie accepted this revision.Apr 21 2019, 10:05 PM
ngie added a subscriber: ngie.
ngie added inline comments.
security/nist-kat/Makefile
5–6 ↗(On Diff #55975)

I think PORTREVISION is the right thing to do, as long as the source archive hasn't changed.

ngie added a comment.EditedApr 21 2019, 10:06 PM

Sidenote: given that it's been over 2 weeks since you put this out for review, I think you can put in Approved by: jmg (maintainer timeout) and commit the change.

This revision was automatically updated to reflect the committed changes.