Switch CAVP testing for AES-GCM to use external nonces.
Change-Id: I5a46917695d28b98cb274573d427126a2e8f7879
Reviewed-on: https://boringssl-review.googlesource.com/16724
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/fipstools/cavp_aes_gcm_test.cc b/fipstools/cavp_aes_gcm_test.cc
index 2b44eee..21d03bf 100644
--- a/fipstools/cavp_aes_gcm_test.cc
+++ b/fipstools/cavp_aes_gcm_test.cc
@@ -36,9 +36,9 @@
static const EVP_AEAD *GetAEAD(const std::string &name, const bool enc) {
if (name == "aes-128-gcm") {
- return EVP_aead_aes_128_gcm_tls12();
+ return EVP_aead_aes_128_gcm();
} else if (name == "aes-256-gcm") {
- return EVP_aead_aes_256_gcm_tls12();
+ return EVP_aead_aes_256_gcm();
}
return nullptr;
}
@@ -59,20 +59,22 @@
std::vector<uint8_t> key, iv, pt, aad, tag, ct;
if (!t->GetAttribute(&count, "Count") ||
!t->GetBytes(&key, "Key") ||
- !t->GetBytes(&aad, "AAD") ||
+ !t->GetBytes(&iv, "IV") ||
!t->GetBytes(&pt, "PT") ||
+ !t->GetBytes(&aad, "AAD") ||
key.size() * 8 != strtoul(key_len_str.c_str(), nullptr, 0) ||
+ iv.size() * 8 != strtoul(iv_len_str.c_str(), nullptr, 0) ||
pt.size() * 8 != strtoul(pt_len_str.c_str(), nullptr, 0) ||
- aad.size() * 8 != strtoul(aad_len_str.c_str(), nullptr, 0)) {
+ aad.size() * 8 != strtoul(aad_len_str.c_str(), nullptr, 0) ||
+ iv.size() != 12) {
return false;
}
- size_t tag_len = strtoul(tag_len_str.c_str(), nullptr, 0) / 8;
- if (!AEADEncrypt(ctx->aead, &ct, &tag, tag_len, key, pt, aad, &iv)) {
+ const size_t tag_len = strtoul(tag_len_str.c_str(), nullptr, 0) / 8;
+ if (!AEADEncrypt(ctx->aead, &ct, &tag, tag_len, key, pt, aad, iv)) {
return false;
}
printf("%s", t->CurrentTestToString().c_str());
- printf("IV = %s\r\n", EncodeHex(iv.data(), iv.size()).c_str());
printf("CT = %s\r\n", EncodeHex(ct.data(), ct.size()).c_str());
printf("Tag = %s\r\n\r\n", EncodeHex(tag.data(), tag.size()).c_str());
@@ -113,7 +115,7 @@
printf("%s", t->CurrentTestToString().c_str());
bool aead_result =
- AEADDecrypt(ctx->aead, &pt, &aad, pt_len, aad_len, key, ct, tag, iv);
+ AEADDecrypt(ctx->aead, &pt, pt_len, key, aad, ct, tag, iv);
if (aead_result) {
printf("PT = %s\r\n\r\n", EncodeHex(pt.data(), pt.size()).c_str());
} else {
diff --git a/fipstools/cavp_test_util.cc b/fipstools/cavp_test_util.cc
index 5cffb85..98be3fa 100644
--- a/fipstools/cavp_test_util.cc
+++ b/fipstools/cavp_test_util.cc
@@ -109,22 +109,23 @@
std::vector<uint8_t> *tag, size_t tag_len,
const std::vector<uint8_t> &key,
const std::vector<uint8_t> &pt,
- const std::vector<uint8_t> &aad, std::vector<uint8_t> *iv) {
+ const std::vector<uint8_t> &aad,
+ const std::vector<uint8_t> &iv) {
bssl::ScopedEVP_AEAD_CTX ctx;
- if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
- tag->size(), evp_aead_seal)) {
+ if (!EVP_AEAD_CTX_init(ctx.get(), aead, key.data(), key.size(), tag_len,
+ nullptr)) {
return false;
}
std::vector<uint8_t> out;
- iv->resize(EVP_AEAD_nonce_length(aead));
out.resize(pt.size() + EVP_AEAD_max_overhead(aead));
size_t out_len;
- if (!EVP_AEAD_CTX_seal(ctx.get(), out.data(), &out_len, out.size(),
- iv->data(), iv->size(), pt.data(), pt.size(),
- aad.data(), aad.size())) {
+ if (!EVP_AEAD_CTX_seal(ctx.get(), out.data(), &out_len, out.size(), iv.data(),
+ iv.size(), pt.data(), pt.size(), aad.data(),
+ aad.size())) {
return false;
}
+ out.resize(out_len);
ct->assign(out.begin(), out.end() - tag_len);
tag->assign(out.end() - tag_len, out.end());
@@ -132,11 +133,12 @@
return true;
}
-bool AEADDecrypt(const EVP_AEAD *aead, std::vector<uint8_t> *pt,
- std::vector<uint8_t> *aad, size_t pt_len, size_t aad_len,
+bool AEADDecrypt(const EVP_AEAD *aead, std::vector<uint8_t> *pt, size_t pt_len,
const std::vector<uint8_t> &key,
+ const std::vector<uint8_t> &aad,
const std::vector<uint8_t> &ct,
- const std::vector<uint8_t> &tag, std::vector<uint8_t> &iv) {
+ const std::vector<uint8_t> &tag,
+ const std::vector<uint8_t> &iv) {
bssl::ScopedEVP_AEAD_CTX ctx;
if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
tag.size(), evp_aead_open)) {
@@ -147,11 +149,10 @@
in.insert(in.end(), tag.begin(), tag.end());
pt->resize(pt_len);
- aad->resize(aad_len);
size_t out_pt_len;
if (!EVP_AEAD_CTX_open(ctx.get(), pt->data(), &out_pt_len, pt->size(),
- iv.data(), iv.size(), in.data(), in.size(),
- aad->data(), aad->size()) ||
+ iv.data(), iv.size(), in.data(), in.size(), aad.data(),
+ aad.size()) ||
out_pt_len != pt_len) {
return false;
}
diff --git a/fipstools/cavp_test_util.h b/fipstools/cavp_test_util.h
index d851c5e..54fd57d 100644
--- a/fipstools/cavp_test_util.h
+++ b/fipstools/cavp_test_util.h
@@ -38,13 +38,15 @@
std::vector<uint8_t> *tag, size_t tag_len,
const std::vector<uint8_t> &key,
const std::vector<uint8_t> &pt,
- const std::vector<uint8_t> &aad, std::vector<uint8_t> *iv);
+ const std::vector<uint8_t> &aad,
+ const std::vector<uint8_t> &iv);
-bool AEADDecrypt(const EVP_AEAD *aead, std::vector<uint8_t> *pt,
- std::vector<uint8_t> *aad, size_t pt_len, size_t aad_len,
+bool AEADDecrypt(const EVP_AEAD *aead, std::vector<uint8_t> *pt, size_t pt_len,
const std::vector<uint8_t> &key,
+ const std::vector<uint8_t> &aad,
const std::vector<uint8_t> &ct,
- const std::vector<uint8_t> &tag, std::vector<uint8_t> &iv);
+ const std::vector<uint8_t> &tag,
+ const std::vector<uint8_t> &iv);
bssl::UniquePtr<BIGNUM> GetBIGNUM(FileTest *t, const char *attribute);
diff --git a/fipstools/run_cavp.go b/fipstools/run_cavp.go
index ffcbdd8..92ddc1b 100644
--- a/fipstools/run_cavp.go
+++ b/fipstools/run_cavp.go
@@ -58,8 +58,8 @@
[]test{
{"gcmDecrypt128", []string{"dec", "aes-128-gcm"}, false},
{"gcmDecrypt256", []string{"dec", "aes-256-gcm"}, false},
- {"gcmEncryptIntIV128", []string{"enc", "aes-128-gcm"}, true},
- {"gcmEncryptIntIV256", []string{"enc", "aes-256-gcm"}, true},
+ {"gcmEncryptExtIV128", []string{"enc", "aes-128-gcm"}, false},
+ {"gcmEncryptExtIV256", []string{"enc", "aes-256-gcm"}, false},
},
}