Skip to content

Various Small Additions to ACVP Tool#3024

Open
nhatnghiho wants to merge 7 commits intoaws:mainfrom
nhatnghiho:acvp-small-additions
Open

Various Small Additions to ACVP Tool#3024
nhatnghiho wants to merge 7 commits intoaws:mainfrom
nhatnghiho:acvp-small-additions

Conversation

@nhatnghiho
Copy link
Contributor

@nhatnghiho nhatnghiho commented Feb 20, 2026

Issues:

Addresses P355857148

Description of changes:

This PR adds ACVP support for:

  • RSA signaturePrimitive
  • RSA decryptionPrimitive
  • KAS-ECC-SSC onePassDh
  • ECDSA sigGen componentTest

Call-outs:

Due to the random nature of ECDH and ECDSA sigGen, no expected vector was added for these 2. To review, please run the script locally to verify the result.

Testing:

Run check_expected.go on the new test vectors.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@nhatnghiho nhatnghiho requested a review from a team as a code owner February 20, 2026 17:57
github-actions[bot]
github-actions bot reviewed Feb 20, 2026
View reviewed changes
Copy link
Contributor

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

clang-tidy made some suggestions

@codecov-commenter
Copy link

codecov-commenter commented Feb 20, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 78.34%. Comparing base (110f184) to head (cd6a392).
⚠️ Report is 11 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3024      +/-   ##
==========================================
+ Coverage   78.31%   78.34%   +0.02%     
==========================================
  Files         689      689              
  Lines      120995   121010      +15     
  Branches    16971    16990      +19     
==========================================
+ Hits        94758    94803      +45     
+ Misses      25341    25312      -29     
+ Partials      896      895       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@justsmth justsmth requested a review from sgmenda February 26, 2026 13:41
justsmth
justsmth reviewed Feb 26, 2026
View reviewed changes
util/fipstools/acvp/modulewrapper/modulewrapper.cc
Comment on lines +2846 to +2848
BIGNUM *d = BN_new();
BIGNUM *n = BN_new();
BIGNUM *e = BN_new();
Copy link
Contributor

@justsmth justsmth Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should use bssl::UniquePtr<BIGNUM> to avoid leaks and be consistent with others.

Copy link
Contributor Author

@nhatnghiho nhatnghiho Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These values will be then used in bssl::UniquePtr<RSA> RSA key so they will be taken care there I believe.

util/fipstools/acvp/modulewrapper/modulewrapper.cc
Comment on lines +2849 to +2855
bssl::UniquePtr<RSA> key(RSA_new());
if (!BN_bin2bn(n_bytes.data(), n_bytes.size(), n) ||
!BN_bin2bn(e_bytes.data(), e_bytes.size(), e) ||
!BN_bin2bn(d_bytes.data(), d_bytes.size(), d) ||
!RSA_set0_key(key.get(), n, e, d)) {
return false;
}
Copy link
Contributor

@justsmth justsmth Feb 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we add || !RSA_check_key(key.get()) to this condition, similar to what's in RSADecryptionPrimitive?

Copy link
Contributor Author

@nhatnghiho nhatnghiho Feb 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not obvious but RSA_new_private_key_large_e runs RSA_check_key internally (code). RSADecryptionPrimitive uses a public key instead. But we don't have a correspondingRSA_new_public_key_large_e so hence this manual check.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@justsmth justsmth justsmth left review comments

@sgmenda sgmenda Awaiting requested review from sgmenda

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nhatnghiho @codecov-commenter @justsmth