Skip to content

Add ACVP Support for KAS-ECC#3010

Open
nhatnghiho wants to merge 4 commits intoaws:mainfrom
nhatnghiho:acvp-kas-ecc
Open

Add ACVP Support for KAS-ECC#3010
nhatnghiho wants to merge 4 commits intoaws:mainfrom
nhatnghiho:acvp-kas-ecc

Conversation

@nhatnghiho
Copy link
Contributor

@nhatnghiho nhatnghiho commented Feb 19, 2026

Issues:

Addresses P355857148

Description of changes:

This PR adds ACVP support for KAS-ECC onePassDh and ephemeralUnified

Call-outs:

Due to the random nature of ECDH, no expected vector was added. To review, please run the script locally to verify the result.

Testing:

Run check_expected.go on the new KAS-ECC test vectors.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@nhatnghiho nhatnghiho requested a review from a team as a code owner February 19, 2026 01:19
github-actions[bot]
github-actions bot reviewed Feb 19, 2026
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clang-tidy made some suggestions

util/fipstools/acvp/modulewrapper/modulewrapper.cc Outdated
const Span<const uint8_t> info = args[3];
const Span<const uint8_t> out_len_bytes = args[4];

uint32_t out_len;
Copy link
Contributor

@github-actions github-actions bot Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

warning: variable 'out_len' is not initialized [cppcoreguidelines-init-variables]

Suggested change
uint32_t out_len;
uint32_t out_len = 0;

@codecov-commenter
Copy link

codecov-commenter commented Feb 19, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.35%. Comparing base (110f184) to head (e4243eb).
⚠️ Report is 21 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3010      +/-   ##
==========================================
+ Coverage   78.31%   78.35%   +0.03%     
==========================================
  Files         689      689              
  Lines      120995   121025      +30     
  Branches    16971    16963       -8     
==========================================
+ Hits        94758    94827      +69     
+ Misses      25341    25304      -37     
+ Partials      896      894       -2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

sgmenda
sgmenda previously approved these changes Feb 19, 2026
View reviewed changes
skmcgrail
skmcgrail requested changes Feb 23, 2026
View reviewed changes
skmcgrail
skmcgrail requested changes Feb 23, 2026
View reviewed changes
Copy link
Member

@skmcgrail skmcgrail left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you tested this with the ACVP demo server?

util/fipstools/acvp/acvptool/subprocess/kasEcc.go Outdated
Comment on lines 73 to 74
EphemeralXHex string `json:"ephemeralPublicIutX,omitempty"`
EphemeralYHex string `json:"ephemeralPublicIutY,omitempty"`
Copy link
Member

@skmcgrail skmcgrail Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
EphemeralXHex string `json:"ephemeralPublicIutX,omitempty"`
EphemeralYHex string `json:"ephemeralPublicIutY,omitempty"`
EphemeralXHex hexEncodedByteString `json:"ephemeralPublicIutX,omitempty"`
EphemeralYHex hexEncodedByteString `json:"ephemeralPublicIutY,omitempty"`

Then you don't need to call hex.EncodeString(result[0]) etc.

util/fipstools/acvp/acvptool/subprocess/kasEcc.go Outdated
Comment on lines 168 to 176
iutId, err := hex.DecodeString(group.IutId)
if err != nil {
return nil, err
}

serverId, err := hex.DecodeString(group.ServerId)
if err != nil {
return nil, err
}
Copy link
Member

@skmcgrail skmcgrail Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm confused these aren't hex values so why are you calling hex.DecodeString?

Copy link
Contributor Author

@nhatnghiho nhatnghiho Feb 23, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As counter-intuitive as it sounds, they are hex values (as noted in the JSON specifications here). I'll change their type from string to hexEncodedByteString

util/fipstools/acvp/acvptool/subprocess/kasEcc.go Outdated
EphemeralXHex string `json:"ephemeralPublicIutX,omitempty"`
EphemeralYHex string `json:"ephemeralPublicIutY,omitempty"`

Dkm string `json:"dkm,omitempty"`
Copy link
Member

@skmcgrail skmcgrail Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Dkm string `json:"dkm,omitempty"`
Dkm hexEncodedByteString `json:"dkm,omitempty"`

util/fipstools/acvp/modulewrapper/modulewrapper.cc Outdated
{"auxFunctionName": "SHA2-384"},
{"auxFunctionName": "SHA2-512"}
],
"fixedInfoPattern": "algorithmId",
Copy link
Member

@skmcgrail skmcgrail Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't match the fixedInfoPattern you are constructing in Go?

github-actions[bot]
github-actions bot reviewed Feb 27, 2026
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clang-tidy made some suggestions

util/fipstools/acvp/modulewrapper/modulewrapper.cc
p += x.size();

memcpy(fixed_info.get() + p, y.data(), y.size());
p += y.size();
Copy link
Contributor

@github-actions github-actions bot Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

warning: Value stored to 'p' is never read [clang-analyzer-deadcode.DeadStores]

    p += y.size();
    ^
Additional context

util/fipstools/acvp/modulewrapper/modulewrapper.cc:2981: Value stored to 'p' is never read

    p += y.size();
    ^

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@skmcgrail skmcgrail skmcgrail requested changes

@sgmenda sgmenda sgmenda left review comments

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nhatnghiho @codecov-commenter @skmcgrail @sgmenda