HKDF, HKDF_expand, and PBKDF Truncated SHA2-512 #1946
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
skmcgrail
changed the title
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1946 +/- ##
==========================================
- Coverage 78.67% 78.67% -0.01%
==========================================
Files 585 585
Lines 100849 100849
Branches 14299 14297 -2
==========================================
- Hits 79347 79344 -3
- Misses 20868 20871 +3
Partials 634 634 ☔ View full report in Codecov by Sentry. |
darylmartin100
requested review from
justsmth
and removed request for
smittals2
justsmth
previously approved these changes
Oct 24, 2024
nebeid
previously approved these changes
Oct 24, 2024
There was a problem hiding this comment.
- What is the source of the added test vectors in
service_inidicator_test.cc, would be good to add the source to the comments if it's a standard or to the PR description. - The sets (mentioned in L3374-L3378) of PBKDF test cases can be commented on because it's not clear which ones have short password/salt. The titles set 1, 2 or 3 can be put before each set in the
PBKDF2TestVectorstruct. - Most of the zip files got smaller especially KDA-HKDF.bz2, do we have the same coverage we'd like?
There is a comment above each section. The HKDF ones from the RFC and the PBKDF ones come from a repository that contains python script for generating the vectors using OpenSSL via Python's cryptography pypi package.
There is a comment higher up describing the test cases, and that they are sourced from an external repository.
Yes, either I forgot to trim the files last time, or they compress better this time. But they have what is needed to test the ACVP tool and module wrapper. |
skmcgrail
force-pushed
the
acvp-testing
branch
from
28ef550 to
05e18a1
Compare
justsmth
previously approved these changes
Oct 24, 2024
skmcgrail
force-pushed
the
acvp-testing
branch
from
05e18a1 to
fad6c44
Compare
justsmth
approved these changes
Oct 24, 2024
nebeid
approved these changes
Oct 24, 2024
skmcgrail
added a commit
to skmcgrail/aws-lc
that referenced
this pull request
Oct 24, 2024
### Description of changes: * ACVP testing for SHA2-512/224 and SHA2-512/256 for PBKDF and KDA: HKDF. * Update service indicator for PBKDF, HKDF, and HKDF_expand (KBKDF feedback mode) to support SHA2-512/224 and SHA2-512/256 as approved algorithms. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license. (cherry picked from commit d93711c)
skmcgrail
added a commit
that referenced
this pull request
Oct 24, 2024
…1947) ### Description of changes: * ACVP testing for SHA2-512/224 and SHA2-512/256 for PBKDF and KDA: HKDF. * Update service indicator for PBKDF, HKDF, and HKDF_expand (KBKDF feedback mode) to support SHA2-512/224 and SHA2-512/256 as approved algorithms. (cherry picked from commit d93711c) By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
skmcgrail
added a commit
that referenced
this pull request
Nov 7, 2024
## What's Changed * 800-131Ar1: length of the key-derivation key shall be at least 112 bits. by @skmcgrail in #1924 * Marshalling/Unmarshalling DH public keys by @justsmth in #1916 * Also prune SSM documents from ec2-test-framework by @samuel40791765 in #1925 * Use illegal_parameter instead of decode_error for invalid key shares by @justsmth in #1923 * Add null check in dh testing by @torben-hansen in #1937 * DH paramgen callback by @justsmth in #1928 * Upstream merge 2024 10 17 by @torben-hansen in #1934 * Remove old Intel CPU types by @justsmth in #1942 * Remove retries on PCT failure in EC and RSA key generation. by @nebeid in #1938 * Add p4p, bump up time by @justsmth in #1943 * PQ README by @jakemas in #1932 * bump mysql CI to 9.1.0 by @justsmth in #1939 * HKDF, HKDF_expand, and PBKDF Truncated SHA2-512 by @skmcgrail in #1946 * Missing functionality + Adding Nmap to our CI by @smittals2 in #1915 * Fix FIPS.md typo by @justsmth in #1950 * Support encode or decode ∞ like OpenSSL by @samuel40791765 in #1930 * Expand support for EVP_PKEY_HMAC by @justsmth in #1933 * Add PKCS7-internal BIO_f_cipher by @WillChilds-Klein in #1836 * Add PKCS7-internal BIO_f_md by @WillChilds-Klein in #1886 * Ruby Support - DSA custom md by @justsmth in #1953 * Add support for POINT_CONVERSION_HYBRID by @samuel40791765 in #1936 * Fixes for Coverity Alerts by @smittals2 in #1960 * Also test w/ gcc 4.8 by @justsmth in #1962 * Actually add support for SSL_get_server/peer_tmp_key by @samuel40791765 in #1945 * Coverity Fix Null Check by @smittals2 in #1965 * ML-KEM keygen Pairwise Consistency Test by @dkostic in #1964 * EDDSA PCT by @torben-hansen in #1968 * Expose AES_cfb1_encrypt and AES_cfb8_encrypt by @skmcgrail in #1967 **Full Changelog**: v1.37.0...v1.38.0 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.