acvp: test CTR-DRBG with reseed in modulewrapper.
Change-Id: I45b5b4c3c1ba8f591bc4b9cb0bec17b800b75eaa
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52430
Reviewed-by: Bob Beck <bbe@google.com>
Commit-Queue: Bob Beck <bbe@google.com>
diff --git a/util/fipstools/acvp/acvptool/test/expected/ctrDRBG.bz2 b/util/fipstools/acvp/acvptool/test/expected/ctrDRBG.bz2
index 9f6e487..c3bd2a1 100644
--- a/util/fipstools/acvp/acvptool/test/expected/ctrDRBG.bz2
+++ b/util/fipstools/acvp/acvptool/test/expected/ctrDRBG.bz2
Binary files differ
diff --git a/util/fipstools/acvp/acvptool/test/vectors/ctrDRBG.bz2 b/util/fipstools/acvp/acvptool/test/vectors/ctrDRBG.bz2
index 16f447f..1231272 100644
--- a/util/fipstools/acvp/acvptool/test/vectors/ctrDRBG.bz2
+++ b/util/fipstools/acvp/acvptool/test/vectors/ctrDRBG.bz2
Binary files differ
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.cc b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
index b4e556c..628944a 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.cc
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.cc
@@ -430,7 +430,7 @@
"algorithm": "ctrDRBG",
"revision": "1.0",
"predResistanceEnabled": [false],
- "reseedImplemented": false,
+ "reseedImplemented": true,
"capabilities": [{
"mode": "AES-256",
"derFuncEnabled": false,
@@ -1419,17 +1419,31 @@
return write_reply({Span<const uint8_t>(digest, digest_len)});
}
+template <bool WithReseed>
static bool DRBG(const Span<const uint8_t> args[], ReplyCallback write_reply) {
const auto out_len_bytes = args[0];
const auto entropy = args[1];
const auto personalisation = args[2];
- const auto additional_data1 = args[3];
- const auto additional_data2 = args[4];
- const auto nonce = args[5];
+
+ Span<const uint8_t> reseed_additional_data, reseed_entropy, additional_data1,
+ additional_data2, nonce;
+ if (!WithReseed) {
+ additional_data1 = args[3];
+ additional_data2 = args[4];
+ nonce = args[5];
+ } else {
+ reseed_additional_data = args[3];
+ reseed_entropy = args[4];
+ additional_data1 = args[5];
+ additional_data2 = args[6];
+ nonce = args[7];
+ }
uint32_t out_len;
if (out_len_bytes.size() != sizeof(out_len) ||
entropy.size() != CTR_DRBG_ENTROPY_LEN ||
+ (!reseed_entropy.empty() &&
+ reseed_entropy.size() != CTR_DRBG_ENTROPY_LEN) ||
// nonces are not supported
nonce.size() != 0) {
return false;
@@ -1443,6 +1457,10 @@
CTR_DRBG_STATE drbg;
if (!CTR_DRBG_init(&drbg, entropy.data(), personalisation.data(),
personalisation.size()) ||
+ (!reseed_entropy.empty() &&
+ !CTR_DRBG_reseed(&drbg, reseed_entropy.data(),
+ reseed_additional_data.data(),
+ reseed_additional_data.size())) ||
!CTR_DRBG_generate(&drbg, out.data(), out_len, additional_data1.data(),
additional_data1.size()) ||
!CTR_DRBG_generate(&drbg, out.data(), out_len, additional_data2.data(),
@@ -1955,7 +1973,8 @@
{"HMAC-SHA2-384", 2, HMAC<EVP_sha384>},
{"HMAC-SHA2-512", 2, HMAC<EVP_sha512>},
{"HMAC-SHA2-512/256", 2, HMAC<EVP_sha512_256>},
- {"ctrDRBG/AES-256", 6, DRBG},
+ {"ctrDRBG/AES-256", 6, DRBG<false>},
+ {"ctrDRBG-reseed/AES-256", 8, DRBG<true>},
{"ECDSA/keyGen", 1, ECDSAKeyGen},
{"ECDSA/keyVer", 3, ECDSAKeyVer},
{"ECDSA/sigGen", 4, ECDSASigGen},
diff --git a/util/fipstools/acvp/modulewrapper/modulewrapper.h b/util/fipstools/acvp/modulewrapper/modulewrapper.h
index 0472800..cb8f9f3 100644
--- a/util/fipstools/acvp/modulewrapper/modulewrapper.h
+++ b/util/fipstools/acvp/modulewrapper/modulewrapper.h
@@ -26,7 +26,7 @@
// kMaxArgs is the maximum number of arguments (including the function name)
// that an ACVP request can contain.
-constexpr size_t kMaxArgs = 8;
+constexpr size_t kMaxArgs = 9;
// kMaxNameLength is the maximum length of a function name in an ACVP request.
constexpr size_t kMaxNameLength = 30;