Prod: 2022-9-23
Demo: 2022-8-12
POTENTIALLY CLIENT BREAKING CHANGE -- PLEASE SEE THE "SHAKE, cSHAKE, KMAC, ParallelHash, and TupleHash" SECTION OF THE RELEASE NOTES FOR A POTENTIALLY CLIENT BREAKING CHANGE RELATED TO AN UPDATE TO THE CASING OF THE cSHAKE, ParallelHash, and TupleHash ALGORITHM NAMES
- KDF KMAC Sp800-108r1 - New algorithm to support the addition of KMAC in SP 800-108r1.
- RSA sigVer - Updates the "reason" given when an IUT returns testPassed:false when testPassed:true is expected for RSA sigVer to give the tester some additional clarity. Changes reason from "No modification" to "No modification, i.e., "testPassed": true expected".
- AES KWP - AES KW payloadLens are limited to multiples of 64 and AES KWP payloadLens must be multiples of 8. The "multiple of 64" AES KW restriction was inadvertently also being applied to AES KWP payloadLens. The inadvertent restriction on AES KWP payloadLens is now removed.
- KTS IFC - For KTS IFC, "encoding" was being required in the registration when an associatedDataPattern was not supplied. This behavior is now corrected. "encoding" is now only required when an associatedDataPattern is supplied.
- AES XTS - Fixes the AES XTS implementation mistakenly setting the data unit length for each test case to be the length of the payload instead of the actual value of the data unit length for the test case. It will now be possible for "dataUnitLenMatchesPayload": false to be tested for XTS.
- AES-GCM-SIV - Fixes an issue where the AES-GCM-SIV testing was incrementing the counter by 8 bits vs the required 32 bits. The counter is now incremented by 32 bits.
- KAS - Enforces case sensitivity for some registration parameters where enforcement of case sensitivity had been previously overlooked/not enforced
- Updates GenValAppRunner to use the -a and -b switches in lieu of -n and -r as using '-r' as a command line switch conflicts with the -r switch for
dotnet run. - KDA - Corrects saltLen values for KDA/TwoStep/56C, KDA/OneStep/56C, KDA/OneStepNoCounter/56C and KDA/HKDF/56C to be the length of the hash's input block for HMAC and the values set out in the SP for the KMAC when they are used.
- Addresses #210
- ECDSA SigVer
- Adds tests to cover CVE-2022-21449
- SHAKE, cSHAKE, KMAC, ParallelHash, and TupleHash
- Updates the casing of several XOF algorithm names from all caps to cSHAKE, ParallelHash, and TupleHash. <-- NOTE: THIS IS A POTENTIALLY CLIENT BREAKING CHANGE. AFTER THIS CHANGE ACVTS WILL NO LONGER ACCEPT REGISTRATIONS FOR "CSHAKE-128", "CSHAKE-256", "PARALLELHASH-128", "PARALLELHASH-256", "TUPLEHASH-128", AND "TUPLEHASH-256", BUT WILL REQUIRE "cSHAKE-128", "cSHAKE-256", "ParallelHash-128", "ParallelHash-256", "TupleHash-128", AND "TupleHash-256".
- Adds the outLenIncrement value to cSHAKE, ParallelHash, and TupleHash prompts at the test group level for MCT tests.
- Corrects an issue where the server was including two additional name/value pairs, tuple and customization, in the TupleHash MCT resultsArray objects when Expected Results were generated. Also updates the example TupleHash json files to remove these additional name/value pairs.
- SHAKE, cSHAKE, KMAC, ParallelHash & TupleHash - Updates the type used internally by ACVTS for several XOF properties from the Range type to the Domain type.
- Algorithms and Properties:
- cSHAKE: msgLen & outputLen
- KMAC: msgLen, keyLen & macLen
- ParallelHash: msgLen & outputLen
- SHAKE: outputLen
- TupleHash: msgLen & outputLen
- #184
- Algorithms and Properties: