Adds HMAC revision 2.0

Author: celic

src/mac/sections/03-supported.adoc

@@ -2,19 +2,30 @@
 [#supported]
 == Supported HMAC, CMAC, and GMAC Algorithms
 
-The following Message Authentication Code Algorithms *MAY* be advertised by the ACVP compliant cryptographic module:
+The following Message Authentication Code Algorithms *MAY* be advertised by the ACVP compliant cryptographic module as "algorithm" / "mode" / "revision":
 
-* HMAC-SHA-1
-* HMAC-SHA2-224
-* HMAC-SHA2-256
-* HMAC-SHA2-384
-* HMAC-SHA2-512
-* HMAC-SHA2-512/224
-* HMAC-SHA2-512/256
-* HMAC-SHA3-224
-* HMAC-SHA3-256
-* HMAC-SHA3-384
-* HMAC-SHA3-512
-* CMAC-AES
-* CMAC-TDES
-* ACVP-AES-GMAC
+* HMAC-SHA-1 / / 1.0
+* HMAC-SHA2-224 / / 1.0
+* HMAC-SHA2-256 / / 1.0
+* HMAC-SHA2-384 / / 1.0
+* HMAC-SHA2-512 / / 1.0
+* HMAC-SHA2-512/224 / / 1.0
+* HMAC-SHA2-512/256 / / 1.0
+* HMAC-SHA3-224 / / 1.0
+* HMAC-SHA3-256 / / 1.0
+* HMAC-SHA3-384 / / 1.0
+* HMAC-SHA3-512 / / 1.0
+* HMAC-SHA-1 / / 2.0
+* HMAC-SHA2-224 / / 2.0
+* HMAC-SHA2-256 / / 2.0
+* HMAC-SHA2-384 / / 2.0
+* HMAC-SHA2-512 / / 2.0
+* HMAC-SHA2-512/224 / / 2.0
+* HMAC-SHA2-512/256 / / 2.0
+* HMAC-SHA3-224 / / 2.0
+* HMAC-SHA3-256 / / 2.0
+* HMAC-SHA3-384 / / 2.0
+* HMAC-SHA3-512 / / 2.0
+* CMAC-AES / / 1.0
+* CMAC-TDES / / 1.0
+* ACVP-AES-GMAC / / 1.0

src/mac/sections/04-testtypes.adoc

@@ -9,7 +9,7 @@ The ACVP server performs a set of tests on the MAC algorithms in order to assess
 
 There is a single test type for MACs (broken into subsections for CMACs). the single test type, algorithm functional test (AFT) can be described as follows:
 
-* "AFT" - Algorithm Function Test. The IUT processes all of HMAC, GMAC and the "gen" direction of CMAC by running the randomly chosen key and message data (with constraints as per the IUT's capabilities registration) through the MAC algorithm. CMAC has an additional "ver" direction present in its testing to ensure the IUT can successfully determine when a MAC does not match its originating message/key combination.
+* "AFT" - Algorithm Function Test. The IUT processes all of HMAC, GMAC and the "gen" direction of CMAC by running the randomly chosen key and message data (with constraints as per the IUT's capabilities registration) through the MAC algorithm. CMAC has an additional "ver" direction present in its testing to ensure the IUT can successfully determine when a MAC does not match its originating message/key combination. All property lengths used are randomly selected from the domains provided but *SHALL* include the minimum and maximum in every test group. 
 
 [[test_coverage]]
 === Test Coverage

src/mac/sections/05-hmac-capabilities.adoc

@@ -7,7 +7,7 @@
 Each algorithm capability advertised is a self-contained JSON object using the following values.
 
 [[hmac_caps_table2]]
-.HMAC Algorithm Capabilities JSON Values
+.HMAC Revision 1.0 Algorithm Capabilities JSON Values
 |===
 | JSON Value | Description | JSON type | Valid Values
 
@@ -18,17 +18,30 @@ Each algorithm capability advertised is a self-contained JSON object using the f
 | macLen | The supported mac sizes, maximum is dependent on algorithm, see <<hmac_supported_algs>> | domain | Min: 32
 |===
 
+[[hmac_caps_table3]]
+.HMAC Revision 2.0 Algorithm Capabilities JSON Values
+|===
+| JSON Value | Description | JSON type | Valid Values
+
+| algorithm | The MAC algorithm and mode to be validated | string | See <<hmac_supported_algs>>
+| revision | The algorithm testing revision to use | string | "2.0"
+| prereqVals | prerequisite algorithm validations | array of prereqAlgVal objects | See <<prereq_algs>>
+| keyLen | The keyLen Domain supported by the IUT in bits | domain | Min: 8, Max: 524288, Increment: 8
+| macLen | The supported mac sizes, maximum is dependent on algorithm, see <<hmac_supported_algs>> | domain | Min: 32
+| messageLen | The supported message sizes | domain | Min: 8, Max: 4096, Increment: 8
+|===
+
 'keyLen' for HMAC contains a Domain of values, the server *MAY* choose values defined by these rules:
 
-* 2 values below the Hash's block length. See <<hmac_supported_algs>>
+* Values below the Hash's block length. See <<hmac_supported_algs>>
 * The Hash's block length.
-* 2 values above the Hash's block length.
+* Values above the Hash's block length.
 
-'macLen' for HMAC contains a Domain of values, the server *MAY* choose values defined by these rules:
+'macLen' and 'messageLen' for HMAC contains a Domain of values, the server *MAY* choose values defined by these rules:
 
-* The smallest HMAC length supported
-* A second HMAC length supported
-* The largest HMAC length supported
+* The smallest length supported
+* The largest length supported
+* Other random lengths
 
 [[hmac_supported_algs]]
 === Supported HMAC Algorithms
@@ -56,7 +69,7 @@ The following HMAC algorithms contain specific individual properties:
 [[hmac_app-reg-ex]]
 ==== Example HMAC Capabilities JSON Object
 
-The following is an example JSON object advertising support for HMAC.
+The following is an example JSON object advertising support for HMAC revision 1.0.
 
 [source, json]
 ----
@@ -79,3 +92,34 @@ The following is an example JSON object advertising support for HMAC.
   ]
 }
 ----
+
+The following is an example JSON object advertising support for HMAC revision 2.0.
+
+[source, json]
+----
+{
+  "algorithm": "HMAC-SHA-1",
+  "revision": "2.0",
+  "keyLen": [
+    {
+      "min": 8,
+      "max": 2048,
+      "increment": 8
+    }
+  ],
+  "macLen": [
+    {
+      "min": 80,
+      "max": 160,
+      "increment": 8
+    }
+  ],
+  "messageLen": [
+    {
+      "min": 8,
+      "max": 4096,
+      "increment": 8
+    }
+  ]
+}
+----

src/mac/sections/06-hmac-test-vectors.adoc

@@ -4,11 +4,13 @@
 [[hmac_tgjs]]
 ==== HMAC Test Groups JSON Schema
 
-The testGroups element at the top level in the test vector JSON object is an array of test groups. Test vectors are grouped into similar test cases to reduce the amount of data transmitted in the vector set. For instance, all test vectors that use the same key size would be grouped together. The Test Group JSON object contains meta data that applies to all test vectors within the group. The following table describes the secure HMAC JSON elements of the Test Group JSON object.
+In HMAC revision 1.0, the testGroups element at the top level in the test vector JSON object is an array of test groups. Test vectors are grouped into similar test cases to reduce the amount of data transmitted in the vector set. For instance, all test vectors that use the same key size would be grouped together. The Test Group JSON object contains meta data that applies to all test vectors within the group. The following table describes the secure HMAC JSON elements of the Test Group JSON object.
+
+In HMAC revision 2.0, there *SHALL* be one single test group that contains all of the test cases for the test vector object. 
 
 [[hmac_vs_tg_table]]
 [cols="<,<,<"]
-.HMAC Test Group JSON Object
+.HMAC revision 1.0 Test Group JSON Object
 |===
 | JSON Value | Description | JSON type
 
@@ -20,27 +22,49 @@ The testGroups element at the top level in the test vector JSON object is an arr
 | tests | Array of individual test vector JSON objects, which are defined in <<hmac_tvjs>> | array
 |===
 
+[[hmac_vs_tg_table2]]
+[cols="<,<,<"]
+.HMAC revision 2.0 Test Group JSON Object
+|===
+| JSON Value | Description | JSON type
+
+| tgId | Numeric identifier for the test group, unique across the entire vector set | integer
+| testType | Test category type | string
+| tests | Array of individual test vector JSON objects, which are defined in <<hmac_tvjs>> | array
+|===
+
 [[hmac_tvjs]]
 ==== HMAC Test Case JSON Schema
 
 Each test group contains an array of one or more test cases. Each test case is a JSON object that represents a single test vector to be processed by the ACVP client. The following table describes the JSON elements for each secure MAC test vector.
 
 [[hmac_vs_tc_table2]]
+[cols="<,<,<"]
+.HMAC Revision 1.0 Test Case JSON Object
+|===
+| JSON Value | Description | JSON type
+
+| tcId | Numeric identifier for the test case, unique across the entire vector set | integer
+| key | The value of the key | hex
+| msg | Value of the message | hex
+|===
 
+[[hmac_vs_tc_table3]]
 [cols="<,<,<"]
-.HMAC Test Case JSON Object
+.HMAC Revision 2.0 Test Case JSON Object
 |===
 | JSON Value | Description | JSON type
 
 | tcId | Numeric identifier for the test case, unique across the entire vector set | integer
 | key | The value of the key | hex
 | msg | Value of the message | hex
+| macLen | Length of MAC in bits to generate | integer
 |===
 
 [[hmac_test_vector_json]]
 ==== Example HMAC Test Vector JSON Object
 
-The following is an example JSON test vector object for HMAC, truncated for brevity.
+The following is an example JSON test vector object for HMAC revision 1.0, truncated for brevity.
 
 [source, json]
 ----
@@ -73,3 +97,37 @@ The following is an example JSON test vector object for HMAC, truncated for brev
     }]
 }
 ----
+
+The following is an example JSON test vector object for HMAC revision 2.0, truncated for brevity.
+
+[source, json]
+----
+{
+    "vsId": 1,
+    "algorithm": "HMAC-SHA-1",
+    "revision": "2.0",
+    "testGroups": [{
+        "tgId": 1,
+        "testType": "AFT",
+        "tests": [{
+                "tcId": 1,
+                "key": "0CBB3AA866",
+                "msg": "28CD4091D45F28CD",
+                "macLen": 128
+            },
+            {
+                "tcId": 2,
+                "key": "7FB3F60ACB9FB7",
+                "msg": "9F224BF653F9BE143FF8D12761F7",
+                "macLen": 80
+            },
+            {
+                "tcId": 3,
+                "key": "3834463234DA",
+                "msg": "F0FA740D261D5916B06F09AFBB04C94E",
+                "macLen": 160
+            }
+        ]
+    }]
+}
+----

src/mac/sections/07-hmac-responses.adoc

@@ -18,7 +18,7 @@ Each test group contains an array of one or more test cases. Each test case is a
 [[hmac_test_vector_response_json]]
 ==== Example HMAC Test Vector Response JSON Object
 
-The following is an example JSON test vector response object for HMAC.
+The following is an example JSON test vector response object for HMAC. The responses are the same for HMAC revision 1.0 and HMAC revision 2.0. 
 
 [source, json]
 ----