[security/nist-kat]: Add AES-CCM and plain SHA digest test vectors.
ClosedPublic
Actions

Authored by jhb on Apr 9 2019, 12:06 AM.

Details

Reviewers

jmg
cem
sef
bdrewery
ngie

Group Reviewers

Ports Committers

Commits

rP499798: Add AES-CCM and plain SHA digest test vectors.

Test Plan

use patched cryptotest.py that uses updated test vectors since FreeBSD head now supports plain SHA digests via OCF as well as AES-CCM
to date I've only tested plain SHA (and SHA224_HMAC), but will be working on CCM tests next

Diff Detail

Repository

rP FreeBSD ports repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

jhb created this revision.Apr 9 2019, 12:06 AM

Herald added a subscriber: mat. · View Herald TranscriptApr 9 2019, 12:06 AM

Harbormaster completed remote builds in B23581: Diff 55975.Apr 9 2019, 12:06 AM

LGTM, assuming those hashes match the ones from NIST :-).

You may need porter approval to commit? Although I guess core approval is also sufficient, so you can approve yourself.

This revision is now accepted and ready to land.Apr 10 2019, 6:22 PM

cem added inline comments.Apr 10 2019, 6:23 PM

security/nist-kat/Makefile
5–6 ↗	(On Diff #55975)	You might also consider just bumping the DISTVERSION to today's date instead of PORTREVISION. I'm not sure there's any particular magic to the DISTVERSION date corresponding to something NIST did, or if it is purely synthetic.

sef accepted this revision.Apr 10 2019, 7:35 PM

jhb added a child revision: D19884: Run the plain SHA digest tests from NIST..Apr 11 2019, 9:14 PM

I will need to get some ports person to sign off on this eventually, but that's not a big deal. BTW, I have CCM tests partially working and hope to upload that diff to phab soon.

security/nist-kat/Makefile
5–6 ↗	(On Diff #55975)	I don't really know. It does seem that it is perhaps arbitrary, maybe jmg@ could chime in? PORTREVISION seemed the simplest in terms of just adding new things from the upstream to the existing package.

BTW, sadly all the CCM descrypt vectors use nonce lens of either 7 or 13, never 12, so none of the decrypt tests can be run with OCF currently.

I should probably fix the OCF session to include an IV length at some point, but not today. Maybe after my pending rework branch gets merged.

In D19853#427108, @jhb wrote:

BTW, sadly all the CCM descrypt vectors use nonce lens of either 7 or 13, never 12, so none of the decrypt tests can be run with OCF currently.

I should probably fix the OCF session to include an IV length at some point, but not today. Maybe after my pending rework branch gets merged.

Ah, of course they do. Bummer.

jhb added a child revision: D19978: Test the AES-CCM test vectors from the NIST Known Answer Tests..Apr 19 2019, 10:17 PM

Ports approved

Though the normal timeout process applies for jmg@ to reply I think.

ngie accepted this revision.Apr 21 2019, 10:05 PM

ngie added a subscriber: ngie.

ngie added inline comments.

security/nist-kat/Makefile
5–6 ↗	(On Diff #55975)	I think `PORTREVISION` is the right thing to do, as long as the source archive hasn't changed.

Sidenote: given that it's been over 2 weeks since you put this out for review, I think you can put in Approved by: jmg (maintainer timeout) and commit the change.

Closed by commit rP499798: Add AES-CCM and plain SHA digest test vectors. (authored by jhb). · Explain WhyApr 23 2019, 9:39 PM

This revision was automatically updated to reflect the committed changes.