Add crypto/fipsoracle.
This CL adds utility code to process NIST CAVP test vectors using the
existing FileTest code.
Also add binaries for processing AESAVS (AES) and GCMVS (AES-GCM) vector
files.
Change-Id: I8e5ebf751d7d4b5504bbb52f3e087b0065babbe0
Reviewed-on: https://boringssl-review.googlesource.com/15484
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
index 5996577..1548b76 100644
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -122,6 +122,7 @@
add_subdirectory(test)
add_subdirectory(fipsmodule)
+add_subdirectory(fipsoracle)
add_library(
crypto_base
diff --git a/crypto/fipsoracle/CMakeLists.txt b/crypto/fipsoracle/CMakeLists.txt
new file mode 100644
index 0000000..71b2ee1
--- /dev/null
+++ b/crypto/fipsoracle/CMakeLists.txt
@@ -0,0 +1,24 @@
+include_directories(../../include)
+
+if (FIPS)
+ add_executable(
+ cavp_aes_test
+
+ cavp_aes_test.cc
+ cavp_test_util.h
+ cavp_test_util.cc
+ $<TARGET_OBJECTS:test_support>
+ )
+
+ add_executable(
+ cavp_aes_gcm_test
+
+ cavp_aes_gcm_test.cc
+ cavp_test_util.h
+ cavp_test_util.cc
+ $<TARGET_OBJECTS:test_support>
+ )
+
+ target_link_libraries(cavp_aes_test crypto)
+ target_link_libraries(cavp_aes_gcm_test crypto)
+endif()
diff --git a/crypto/fipsoracle/cavp_aes_gcm_test.cc b/crypto/fipsoracle/cavp_aes_gcm_test.cc
new file mode 100644
index 0000000..171a4e7
--- /dev/null
+++ b/crypto/fipsoracle/cavp_aes_gcm_test.cc
@@ -0,0 +1,211 @@
+/* Copyright (c) 2017, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+// cavp_aes_gcm_test processes a NIST CAVP AES GCM test vector request file and
+// emits the corresponding response. An optional sample vector file can be
+// passed to verify the result.
+
+#include <stdlib.h>
+
+#include <openssl/aead.h>
+#include <openssl/cipher.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+
+#include "../test/file_test.h"
+#include "cavp_test_util.h"
+
+
+struct TestCtx {
+ const EVP_AEAD *aead;
+ std::unique_ptr<FileTest> response_sample;
+};
+
+static const EVP_AEAD *GetAEAD(const std::string &name, const bool enc) {
+ if (name == "aes-128-gcm") {
+ return EVP_aead_aes_128_gcm_fips_testonly();
+ } else if (name == "aes-256-gcm") {
+ return EVP_aead_aes_256_gcm_fips_testonly();
+ }
+ return nullptr;
+}
+
+static bool TestAEADEncrypt(FileTest *t, void *arg) {
+ TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
+
+ std::string key_len_str, iv_len_str, pt_len_str, aad_len_str, tag_len_str;
+ if (!t->GetInstruction(&key_len_str, "Keylen") ||
+ !t->GetInstruction(&iv_len_str, "IVlen") ||
+ !t->GetInstruction(&pt_len_str, "PTlen") ||
+ !t->GetInstruction(&aad_len_str, "AADlen") ||
+ !t->GetInstruction(&tag_len_str, "Taglen")) {
+ return false;
+ }
+
+ std::string count;
+ std::vector<uint8_t> key, iv, pt, aad, tag, ct;
+ if (!t->GetAttribute(&count, "Count") ||
+ !t->GetBytes(&key, "Key") ||
+ !t->GetBytes(&aad, "AAD") ||
+ !t->GetBytes(&pt, "PT") ||
+ key.size() * 8 != strtoul(key_len_str.c_str(), nullptr, 0) ||
+ pt.size() * 8 != strtoul(pt_len_str.c_str(), nullptr, 0) ||
+ aad.size() * 8 != strtoul(aad_len_str.c_str(), nullptr, 0)) {
+ return false;
+ }
+
+ size_t tag_len = strtoul(tag_len_str.c_str(), nullptr, 0) / 8;
+ if (!AEADEncrypt(ctx->aead, &ct, &tag, tag_len, key, pt, aad, &iv)) {
+ return false;
+ }
+ printf("%s", t->CurrentTestToString().c_str());
+ printf("IV = %s\r\n", EncodeHex(iv.data(), iv.size()).c_str());
+ printf("CT = %s\r\n", EncodeHex(ct.data(), ct.size()).c_str());
+ printf("Tag = %s\r\n\r\n", EncodeHex(tag.data(), tag.size()).c_str());
+
+ // Check if sample response file matches.
+ if (ctx->response_sample) {
+ ctx->response_sample->ReadNext();
+ std::string expected_count;
+ std::vector<uint8_t> expected_iv, expected_ct, expected_tag;
+ if (!ctx->response_sample->GetAttribute(&expected_count, "Count") ||
+ count != expected_count ||
+ !ctx->response_sample->GetBytes(&expected_iv, "IV") ||
+ !t->ExpectBytesEqual(expected_iv.data(), expected_iv.size(), iv.data(),
+ iv.size()) ||
+ !ctx->response_sample->GetBytes(&expected_ct, "CT") ||
+ !t->ExpectBytesEqual(expected_ct.data(), expected_ct.size(), ct.data(),
+ ct.size()) ||
+ !ctx->response_sample->GetBytes(&expected_tag, "Tag") ||
+ !t->ExpectBytesEqual(expected_tag.data(), expected_tag.size(),
+ tag.data(), tag.size())) {
+ t->PrintLine("result doesn't match");
+ return false;
+ }
+ }
+
+ return true;
+}
+
+static bool TestAEADDecrypt(FileTest *t, void *arg) {
+ TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
+
+ std::string key_len, iv_len, pt_len_str, aad_len_str, tag_len;
+ if (!t->GetInstruction(&key_len, "Keylen") ||
+ !t->GetInstruction(&iv_len, "IVlen") ||
+ !t->GetInstruction(&pt_len_str, "PTlen") ||
+ !t->GetInstruction(&aad_len_str, "AADlen") ||
+ !t->GetInstruction(&tag_len, "Taglen")) {
+ t->PrintLine("Invalid instruction block.");
+ return false;
+ }
+ size_t aad_len = strtoul(aad_len_str.c_str(), nullptr, 0) / 8;
+ size_t pt_len = strtoul(pt_len_str.c_str(), nullptr, 0) / 8;
+
+ std::string count;
+ std::vector<uint8_t> key, iv, ct, aad, tag, pt;
+ if (!t->GetAttribute(&count, "Count") ||
+ !t->GetBytes(&key, "Key") ||
+ !t->GetBytes(&aad, "AAD") ||
+ !t->GetBytes(&tag, "Tag") ||
+ !t->GetBytes(&iv, "IV") ||
+ !t->GetBytes(&ct, "CT") ||
+ key.size() * 8 != strtoul(key_len.c_str(), nullptr, 0) ||
+ iv.size() * 8 != strtoul(iv_len.c_str(), nullptr, 0) ||
+ ct.size() != pt_len ||
+ aad.size() != aad_len ||
+ tag.size() * 8 != strtoul(tag_len.c_str(), nullptr, 0)) {
+ t->PrintLine("Invalid test case");
+ return false;
+ }
+
+ printf("%s", t->CurrentTestToString().c_str());
+ bool aead_result =
+ AEADDecrypt(ctx->aead, &pt, &aad, pt_len, aad_len, key, ct, tag, iv);
+ if (aead_result) {
+ printf("PT = %s\r\n\r\n", EncodeHex(pt.data(), pt.size()).c_str());
+ } else {
+ printf("FAIL\r\n\r\n");
+ }
+
+ // Check if sample response file matches.
+ if (ctx->response_sample) {
+ ctx->response_sample->ReadNext();
+ std::string expected_count;
+ std::vector<uint8_t> expected_pt;
+ if (!ctx->response_sample->GetAttribute(&expected_count, "Count") ||
+ count != expected_count ||
+ (!aead_result && (ctx->response_sample->HasAttribute("PT") ||
+ !ctx->response_sample->HasAttribute("FAIL"))) ||
+ (aead_result &&
+ (ctx->response_sample->HasAttribute("FAIL") ||
+ !ctx->response_sample->GetBytes(&expected_pt, "PT") ||
+ !t->ExpectBytesEqual(expected_pt.data(), expected_pt.size(),
+ pt.data(), pt.size())))) {
+ t->PrintLine("result doesn't match");
+ return false;
+ }
+ }
+
+ return true;
+}
+
+static int usage(char *arg) {
+ fprintf(stderr,
+ "usage: %s (enc|dec) <cipher> <test file> [<sample response file>]\n",
+ arg);
+ return 1;
+}
+
+int main(int argc, char **argv) {
+ CRYPTO_library_init();
+
+ if (argc < 4 || argc > 5) {
+ return usage(argv[0]);
+ }
+
+ const std::string mode(argv[1]);
+ bool (*test_fn)(FileTest * t, void *arg);
+ if (mode == "enc") {
+ test_fn = &TestAEADEncrypt;
+ } else if (mode == "dec") {
+ test_fn = &TestAEADDecrypt;
+ } else {
+ return usage(argv[0]);
+ }
+
+ const EVP_AEAD *aead = GetAEAD(argv[2], mode == "enc");
+ if (aead == nullptr) {
+ fprintf(stderr, "invalid aead: %s\n", argv[2]);
+ return 1;
+ }
+
+ TestCtx ctx = {aead, nullptr};
+
+ if (argc == 5) {
+ ctx.response_sample.reset(new FileTest(argv[4]));
+ if (!ctx.response_sample->is_open()) {
+ return 1;
+ }
+ ctx.response_sample->SetIgnoreUnusedAttributes(true);
+ }
+
+ printf("# Generated by");
+ for (int i = 0; i < argc; i++) {
+ printf(" %s", argv[i]);
+ }
+ printf("\n\n");
+
+ return FileTestMainSilent(test_fn, &ctx, argv[3]);
+}
diff --git a/crypto/fipsoracle/cavp_aes_test.cc b/crypto/fipsoracle/cavp_aes_test.cc
new file mode 100644
index 0000000..83dc0fe
--- /dev/null
+++ b/crypto/fipsoracle/cavp_aes_test.cc
@@ -0,0 +1,135 @@
+/* Copyright (c) 2017, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+// cavp_aes_test processes a NIST CAVP AES test vector request file and emits
+// the corresponding response. An optional sample vector file can be passed to
+// verify the result.
+
+#include <stdlib.h>
+
+#include <openssl/cipher.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+
+#include "../test/file_test.h"
+#include "cavp_test_util.h"
+
+
+struct TestCtx {
+ const EVP_CIPHER *cipher;
+ std::unique_ptr<FileTest> response_sample;
+ bool has_iv;
+};
+
+static bool TestCipher(FileTest *t, void *arg) {
+ TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
+
+ if (t->HasInstruction("ENCRYPT") == t->HasInstruction("DECRYPT")) {
+ t->PrintLine("Want either ENCRYPT or DECRYPT");
+ return false;
+ }
+ enum {
+ kEncrypt,
+ kDecrypt,
+ } operation = t->HasInstruction("ENCRYPT") ? kEncrypt : kDecrypt;
+
+ std::string count;
+ std::vector<uint8_t> key, iv, in, result;
+ if (!t->GetAttribute(&count, "COUNT") ||
+ !t->GetBytes(&key, "KEY") ||
+ (ctx->has_iv && !t->GetBytes(&iv, "IV"))) {
+ return false;
+ }
+
+ const EVP_CIPHER *cipher = ctx->cipher;
+ if (operation == kEncrypt) {
+ if (!t->GetBytes(&in, "PLAINTEXT") ||
+ !CipherOperation(cipher, &result, true /* encrypt */, key, iv, in)) {
+ return false;
+ }
+ printf("%sCIPHERTEXT = %s\r\n\r\n", t->CurrentTestToString().c_str(),
+ EncodeHex(result.data(), result.size()).c_str());
+ } else {
+ if (!t->GetBytes(&in, "CIPHERTEXT") ||
+ !CipherOperation(cipher, &result, false /* decrypt */, key, iv, in)) {
+ return false;
+ }
+ printf("%sPLAINTEXT = %s\r\n\r\n", t->CurrentTestToString().c_str(),
+ EncodeHex(result.data(), result.size()).c_str());
+ }
+
+ // Check if sample response file matches.
+ if (ctx->response_sample) {
+ if (ctx->response_sample->ReadNext() != FileTest::kReadSuccess) {
+ t->PrintLine("invalid sample file");
+ return false;
+ }
+ std::string expected_count;
+ std::vector<uint8_t> expected_result;
+ if (!ctx->response_sample->GetAttribute(&expected_count, "COUNT") ||
+ count != expected_count ||
+ (operation == kEncrypt &&
+ (!ctx->response_sample->GetBytes(&expected_result, "CIPHERTEXT") ||
+ !t->ExpectBytesEqual(expected_result.data(), expected_result.size(),
+ result.data(), result.size()))) ||
+ (operation == kDecrypt &&
+ (!ctx->response_sample->GetBytes(&expected_result, "PLAINTEXT") ||
+ !t->ExpectBytesEqual(expected_result.data(), expected_result.size(),
+ result.data(), result.size())))) {
+ t->PrintLine("result doesn't match");
+ return false;
+ }
+ }
+
+ return true;
+}
+
+int main(int argc, char **argv) {
+ CRYPTO_library_init();
+
+ if (argc < 3 || argc > 4) {
+ fprintf(stderr, "usage: %s <cipher> <test file> [<sample response file>]\n",
+ argv[0]);
+ return 1;
+ }
+
+ const EVP_CIPHER *cipher = GetCipher(argv[1]);
+ if (cipher == nullptr) {
+ fprintf(stderr, "invalid cipher: %s\n", argv[1]);
+ return 1;
+ }
+ const std::string cipher_name(argv[1]);
+ const bool has_iv =
+ (cipher_name != "aes-128-ecb" &&
+ cipher_name != "aes-192-ecb" &&
+ cipher_name != "aes-256-ecb");
+
+ TestCtx ctx = {cipher, nullptr, has_iv};
+
+ if (argc == 4) {
+ ctx.response_sample.reset(new FileTest(argv[3]));
+ if (!ctx.response_sample->is_open()) {
+ return 1;
+ }
+ ctx.response_sample->SetIgnoreUnusedAttributes(true);
+ }
+
+ printf("# Generated by");
+ for (int i = 0; i < argc; i++) {
+ printf(" %s", argv[i]);
+ }
+ printf("\r\n\r\n");
+
+ return FileTestMainSilent(TestCipher, &ctx, argv[2]);
+}
diff --git a/crypto/fipsoracle/cavp_test_util.cc b/crypto/fipsoracle/cavp_test_util.cc
new file mode 100644
index 0000000..0f5b196
--- /dev/null
+++ b/crypto/fipsoracle/cavp_test_util.cc
@@ -0,0 +1,156 @@
+/* Copyright (c) 2017, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include "cavp_test_util.h"
+
+
+std::string EncodeHex(const uint8_t *in, size_t in_len) {
+ static const char kHexDigits[] = "0123456789abcdef";
+ std::string ret;
+ ret.reserve(in_len * 2);
+ for (size_t i = 0; i < in_len; i++) {
+ ret += kHexDigits[in[i] >> 4];
+ ret += kHexDigits[in[i] & 0xf];
+ }
+ return ret;
+}
+
+const EVP_CIPHER *GetCipher(const std::string &name) {
+ if (name == "des-cbc") {
+ return EVP_des_cbc();
+ } else if (name == "des-ecb") {
+ return EVP_des_ecb();
+ } else if (name == "des-ede") {
+ return EVP_des_ede();
+ } else if (name == "des-ede3") {
+ return EVP_des_ede3();
+ } else if (name == "des-ede-cbc") {
+ return EVP_des_ede_cbc();
+ } else if (name == "des-ede3-cbc") {
+ return EVP_des_ede3_cbc();
+ } else if (name == "rc4") {
+ return EVP_rc4();
+ } else if (name == "aes-128-ecb") {
+ return EVP_aes_128_ecb();
+ } else if (name == "aes-256-ecb") {
+ return EVP_aes_256_ecb();
+ } else if (name == "aes-128-cbc") {
+ return EVP_aes_128_cbc();
+ } else if (name == "aes-128-gcm") {
+ return EVP_aes_128_gcm();
+ } else if (name == "aes-128-ofb") {
+ return EVP_aes_128_ofb();
+ } else if (name == "aes-192-cbc") {
+ return EVP_aes_192_cbc();
+ } else if (name == "aes-192-ctr") {
+ return EVP_aes_192_ctr();
+ } else if (name == "aes-192-ecb") {
+ return EVP_aes_192_ecb();
+ } else if (name == "aes-256-cbc") {
+ return EVP_aes_256_cbc();
+ } else if (name == "aes-128-ctr") {
+ return EVP_aes_128_ctr();
+ } else if (name == "aes-256-ctr") {
+ return EVP_aes_256_ctr();
+ } else if (name == "aes-256-gcm") {
+ return EVP_aes_256_gcm();
+ } else if (name == "aes-256-ofb") {
+ return EVP_aes_256_ofb();
+ }
+ return nullptr;
+}
+
+bool CipherOperation(const EVP_CIPHER *cipher, std::vector<uint8_t> *out,
+ bool encrypt, const std::vector<uint8_t> &key,
+ const std::vector<uint8_t> &iv,
+ const std::vector<uint8_t> &in) {
+ bssl::ScopedEVP_CIPHER_CTX ctx;
+ if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr,
+ encrypt ? 1 : 0)) {
+ return false;
+ }
+ if (!iv.empty() && iv.size() != EVP_CIPHER_CTX_iv_length(ctx.get())) {
+ return false;
+ }
+
+ int result_len1 = 0, result_len2;
+ *out = std::vector<uint8_t>(in.size());
+ if (!EVP_CIPHER_CTX_set_key_length(ctx.get(), key.size()) ||
+ !EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, key.data(), iv.data(),
+ -1) ||
+ !EVP_CIPHER_CTX_set_padding(ctx.get(), 0) ||
+ !EVP_CipherUpdate(ctx.get(), out->data(), &result_len1, in.data(),
+ in.size()) ||
+ !EVP_CipherFinal_ex(ctx.get(), out->data() + result_len1, &result_len2)) {
+ return false;
+ }
+ out->resize(result_len1 + result_len2);
+
+ return true;
+}
+
+bool AEADEncrypt(const EVP_AEAD *aead, std::vector<uint8_t> *ct,
+ std::vector<uint8_t> *tag, size_t tag_len,
+ const std::vector<uint8_t> &key,
+ const std::vector<uint8_t> &pt,
+ const std::vector<uint8_t> &aad, std::vector<uint8_t> *iv) {
+ bssl::ScopedEVP_AEAD_CTX ctx;
+ if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
+ tag->size(), evp_aead_seal)) {
+ return false;
+ }
+
+ std::vector<uint8_t> out;
+ out.resize(pt.size() + EVP_AEAD_max_overhead(aead));
+ size_t out_len;
+ if (!EVP_AEAD_CTX_seal(ctx.get(), out.data(), &out_len, out.size(),
+ nullptr /* iv */, 0 /* iv_len */, pt.data(), pt.size(),
+ aad.data(), aad.size())) {
+ return false;
+ }
+
+ static const size_t iv_len = EVP_AEAD_nonce_length(aead);
+ iv->assign(out.begin(), out.begin() + iv_len);
+ ct->assign(out.begin() + iv_len, out.end() - tag_len);
+ tag->assign(out.end() - tag_len, out.end());
+
+ return true;
+}
+
+bool AEADDecrypt(const EVP_AEAD *aead, std::vector<uint8_t> *pt,
+ std::vector<uint8_t> *aad, size_t pt_len, size_t aad_len,
+ const std::vector<uint8_t> &key,
+ const std::vector<uint8_t> &ct,
+ const std::vector<uint8_t> &tag, std::vector<uint8_t> &iv) {
+ bssl::ScopedEVP_AEAD_CTX ctx;
+ if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
+ tag.size(), evp_aead_open)) {
+ return false;
+ }
+ std::vector<uint8_t> in = iv;
+ in.reserve(in.size() + ct.size() + tag.size());
+ in.insert(in.end(), ct.begin(), ct.end());
+ in.insert(in.end(), tag.begin(), tag.end());
+
+ pt->resize(pt_len);
+ aad->resize(aad_len);
+ size_t out_pt_len;
+ if (!EVP_AEAD_CTX_open(ctx.get(), pt->data(), &out_pt_len, pt->size(),
+ nullptr /* iv */, 0 /* iv_len */, in.data(), in.size(),
+ aad->data(), aad->size()) ||
+ out_pt_len != pt_len) {
+ return false;
+ }
+ return true;
+}
diff --git a/crypto/fipsoracle/cavp_test_util.h b/crypto/fipsoracle/cavp_test_util.h
new file mode 100644
index 0000000..6b4966c
--- /dev/null
+++ b/crypto/fipsoracle/cavp_test_util.h
@@ -0,0 +1,48 @@
+/* Copyright (c) 2017, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef OPENSSL_HEADER_CRYPTO_FIPSMODULE_CAVP_TEST_UTIL_H
+#define OPENSSL_HEADER_CRYPTO_FIPSMODULE_CAVP_TEST_UTIL_H
+
+#include <stdlib.h>
+#include <string>
+#include <vector>
+
+#include <openssl/aead.h>
+#include <openssl/cipher.h>
+
+
+std::string EncodeHex(const uint8_t *in, size_t in_len);
+
+const EVP_CIPHER *GetCipher(const std::string &name);
+
+bool CipherOperation(const EVP_CIPHER *cipher, std::vector<uint8_t> *out,
+ bool encrypt, const std::vector<uint8_t> &key,
+ const std::vector<uint8_t> &iv,
+ const std::vector<uint8_t> &in);
+
+bool AEADEncrypt(const EVP_AEAD *aead, std::vector<uint8_t> *ct,
+ std::vector<uint8_t> *tag, size_t tag_len,
+ const std::vector<uint8_t> &key,
+ const std::vector<uint8_t> &pt,
+ const std::vector<uint8_t> &aad, std::vector<uint8_t> *iv);
+
+bool AEADDecrypt(const EVP_AEAD *aead, std::vector<uint8_t> *pt,
+ std::vector<uint8_t> *aad, size_t pt_len, size_t aad_len,
+ const std::vector<uint8_t> &key,
+ const std::vector<uint8_t> &ct,
+ const std::vector<uint8_t> &tag, std::vector<uint8_t> &iv);
+
+
+#endif // OPENSSL_HEADER_CRYPTO_FIPSMODULE_CAVP_TEST_UTIL_H
diff --git a/crypto/test/file_test.cc b/crypto/test/file_test.cc
index 715907e..4f319f2 100644
--- a/crypto/test/file_test.cc
+++ b/crypto/test/file_test.cc
@@ -14,6 +14,7 @@
#include "file_test.h"
+#include <algorithm>
#include <memory>
#include <ctype.h>
@@ -60,26 +61,46 @@
str++;
len--;
}
- while (len > 0 && isspace(str[len-1])) {
+ while (len > 0 && isspace(str[len - 1])) {
len--;
}
return std::string(str, len);
}
+static std::pair<std::string, std::string> ParseKeyValue(const char *str, const size_t len) {
+ const char *delimiter = FindDelimiter(str);
+ std::string key, value;
+ if (delimiter == nullptr) {
+ key = StripSpace(str, len);
+ } else {
+ key = StripSpace(str, delimiter - str);
+ value = StripSpace(delimiter + 1, str + len - delimiter - 1);
+ }
+ return {key, value};
+}
+
FileTest::ReadResult FileTest::ReadNext() {
- // If the previous test had unused attributes, it is an error.
- if (!unused_attributes_.empty()) {
+ // If the previous test had unused attributes or instructions, it is an error.
+ if (!unused_attributes_.empty() && !ignore_unused_attributes_) {
for (const std::string &key : unused_attributes_) {
PrintLine("Unused attribute: %s", key.c_str());
}
return kReadError;
}
+ if (!unused_instructions_.empty() && !ignore_unused_attributes_) {
+ for (const std::string &key : unused_instructions_) {
+ PrintLine("Unused instruction: %s", key.c_str());
+ }
+ return kReadError;
+ }
ClearTest();
- static const size_t kBufLen = 64 + 8192*2;
+ static const size_t kBufLen = 64 + 8192 * 2;
std::unique_ptr<char[]> buf(new char[kBufLen]);
+ bool in_instruction_block = false;
+
while (true) {
// Read the next line.
if (fgets(buf.get(), kBufLen, file_) == nullptr) {
@@ -99,21 +120,51 @@
return kReadError;
}
- if (buf[0] == '\n' || buf[0] == '\0') {
+ if (buf[0] == '\n' || buf[0] == '\r' || buf[0] == '\0') {
// Empty lines delimit tests.
if (start_line_ > 0) {
return kReadSuccess;
}
- } else if (buf[0] != '#') { // Comment lines are ignored.
- // Parse the line as an attribute.
- const char *delimiter = FindDelimiter(buf.get());
- if (delimiter == nullptr) {
- fprintf(stderr, "Line %u: Could not parse attribute.\n", line_);
+ if (in_instruction_block) {
+ in_instruction_block = false;
+ // Delimit instruction block from test with a blank line.
+ current_test_ += "\r\n";
+ }
+ } else if (buf[0] == '[') { // Inside an instruction block.
+ if (start_line_ != 0) {
+ // Instructions should be separate blocks.
+ fprintf(stderr, "Line %u is an instruction in a test case.\n", line_);
return kReadError;
}
- std::string key = StripSpace(buf.get(), delimiter - buf.get());
- std::string value = StripSpace(delimiter + 1,
- buf.get() + len - delimiter - 1);
+ if (!in_instruction_block) {
+ ClearInstructions();
+ in_instruction_block = true;
+ }
+
+ // Parse the line as an instruction ("[key = value]" or "[key]").
+ std::string kv = StripSpace(buf.get(), len);
+ if (kv[kv.size() - 1] != ']') {
+ fprintf(stderr, "Line %u, invalid instruction: %s\n", line_,
+ kv.c_str());
+ return kReadError;
+ }
+ current_test_ += kv + "\r\n";
+ kv = std::string(kv.begin() + 1, kv.end() - 1);
+
+ std::string key, value;
+ std::tie(key, value) = ParseKeyValue(kv.c_str(), kv.size());
+ instructions_[key] = value;
+ } else if (buf[0] != '#') { // Comment lines are ignored.
+ if (in_instruction_block) {
+ // Test cases should be separate blocks.
+ fprintf(stderr, "Line %u is a test case attribute in an instruction block.\n",
+ line_);
+ return kReadError;
+ }
+
+ current_test_ += std::string(buf.get(), len);
+ std::string key, value;
+ std::tie(key, value) = ParseKeyValue(buf.get(), len);
unused_attributes_.insert(key);
attributes_[key] = value;
@@ -122,6 +173,9 @@
type_ = key;
parameter_ = value;
start_line_ = line_;
+ for (const auto &kv : instructions_) {
+ unused_instructions_.insert(kv.first);
+ }
}
}
}
@@ -171,6 +225,26 @@
return attributes_[key];
}
+bool FileTest::HasInstruction(const std::string &key) {
+ OnInstructionUsed(key);
+ return instructions_.count(key) > 0;
+}
+
+bool FileTest::GetInstruction(std::string *out_value, const std::string &key) {
+ OnInstructionUsed(key);
+ auto iter = instructions_.find(key);
+ if (iter == instructions_.end()) {
+ PrintLine("Missing instruction '%s'.", key.c_str());
+ return false;
+ }
+ *out_value = iter->second;
+ return true;
+}
+
+const std::string &FileTest::CurrentTestToString() const {
+ return current_test_;
+}
+
static bool FromHexDigit(uint8_t *out, char c) {
if ('0' <= c && c <= '9') {
*out = c - '0';
@@ -206,7 +280,7 @@
out->reserve(value.size() / 2);
for (size_t i = 0; i < value.size(); i += 2) {
uint8_t hi, lo;
- if (!FromHexDigit(&hi, value[i]) || !FromHexDigit(&lo, value[i+1])) {
+ if (!FromHexDigit(&hi, value[i]) || !FromHexDigit(&lo, value[i + 1])) {
PrintLine("Error decoding value: %s", value.c_str());
return false;
}
@@ -246,14 +320,28 @@
parameter_.clear();
attributes_.clear();
unused_attributes_.clear();
+ current_test_ = "";
+}
+
+void FileTest::ClearInstructions() {
+ instructions_.clear();
+ unused_attributes_.clear();
}
void FileTest::OnKeyUsed(const std::string &key) {
unused_attributes_.erase(key);
}
-int FileTestMain(bool (*run_test)(FileTest *t, void *arg), void *arg,
- const char *path) {
+void FileTest::OnInstructionUsed(const std::string &key) {
+ unused_instructions_.erase(key);
+}
+
+void FileTest::SetIgnoreUnusedAttributes(bool ignore) {
+ ignore_unused_attributes_ = ignore;
+}
+
+int FileTestMainSilent(bool (*run_test)(FileTest *t, void *arg), void *arg,
+ const char *path) {
FileTest t(path);
if (!t.is_open()) {
return 1;
@@ -278,8 +366,8 @@
uint32_t err = ERR_peek_error();
if (ERR_reason_error_string(err) != t.GetAttributeOrDie("Error")) {
t.PrintLine("Unexpected error; wanted '%s', got '%s'.",
- t.GetAttributeOrDie("Error").c_str(),
- ERR_reason_error_string(err));
+ t.GetAttributeOrDie("Error").c_str(),
+ ERR_reason_error_string(err));
failed = true;
ERR_clear_error();
continue;
@@ -295,10 +383,14 @@
}
}
- if (failed) {
- return 1;
- }
+ return failed ? 1 : 0;
+}
- printf("PASS\n");
- return 0;
+int FileTestMain(bool (*run_test)(FileTest *t, void *arg), void *arg,
+ const char *path) {
+ int result = FileTestMainSilent(run_test, arg, path);
+ if (!result) {
+ printf("PASS\n");
+ }
+ return result;
}
diff --git a/crypto/test/file_test.h b/crypto/test/file_test.h
index a859127..18d7e99 100644
--- a/crypto/test/file_test.h
+++ b/crypto/test/file_test.h
@@ -21,11 +21,11 @@
#include <stdio.h>
OPENSSL_MSVC_PRAGMA(warning(push))
-OPENSSL_MSVC_PRAGMA(warning(disable: 4702))
+OPENSSL_MSVC_PRAGMA(warning(disable : 4702))
-#include <string>
#include <map>
#include <set>
+#include <string>
#include <vector>
OPENSSL_MSVC_PRAGMA(warning(pop))
@@ -33,31 +33,46 @@
// File-based test framework.
//
// This module provides a file-based test framework. The file format is based on
-// that of OpenSSL upstream's evp_test and BoringSSL's aead_test. Each input
-// file is a sequence of attributes and blank lines.
+// that of OpenSSL upstream's evp_test and BoringSSL's aead_test. NIST CAVP test
+// vector files are also supported. Each input file is a sequence of attributes,
+// instructions and blank lines.
//
// Each attribute has the form:
//
// Name = Value
//
+// Instructions are enclosed in square brackets and may appear without a value:
+//
+// [Name = Value]
+//
+// or
+//
+// [Name]
+//
// Either '=' or ':' may be used to delimit the name from the value. Both the
// name and value have leading and trailing spaces stripped.
//
-// Lines beginning with # are ignored.
+// Each file contains a number of instruction blocks and test cases.
//
-// A test is a sequence of one or more attributes followed by a blank line.
-// Blank lines are otherwise ignored. For tests that process multiple kinds of
-// test cases, the first attribute is parsed out as the test's type and
-// parameter. Otherwise, attributes are unordered. The first attribute is also
-// included in the set of attributes, so tests which do not dispatch may ignore
-// this mechanism.
+// An instruction block is a sequence of instructions followed by a blank line.
+// Instructions apply to all test cases following its appearance, until the next
+// instruction block. Instructions are unordered.
+//
+// A test is a sequence of one or more attributes followed by a blank line. For
+// tests that process multiple kinds of test cases, the first attribute is
+// parsed out as the test's type and parameter. Otherwise, attributes are
+// unordered. The first attribute is also included in the set of attributes, so
+// tests which do not dispatch may ignore this mechanism.
+//
+// Additional blank lines and lines beginning with # are ignored.
//
// Functions in this module freely output to |stderr| on failure. Tests should
// also do so, and it is recommended they include the corresponding test's line
// number in any output. |PrintLine| does this automatically.
//
-// Each attribute in a test must be consumed. When a test completes, if any
-// attributes haven't been processed, the framework reports an error.
+// Each attribute in a test and all instructions applying to it must be
+// consumed. When a test completes, if any attributes or insturctions haven't
+// been processed, the framework reports an error.
class FileTest {
@@ -115,9 +130,28 @@
bool ExpectBytesEqual(const uint8_t *expected, size_t expected_len,
const uint8_t *actual, size_t actual_len);
+ // HasInstruction returns true if the current test has an instruction.
+ bool HasInstruction(const std::string &key);
+
+ // GetInstruction looks up the instruction with key |key|. It sets
+ // |*out_value| to the value (empty string if the instruction has no value)
+ // and returns true if it exists and returns false with an error to |stderr|
+ // otherwise.
+ bool GetInstruction(std::string *out_value, const std::string &key);
+
+ // CurrentTestToString returns the file content parsed for the current test.
+ // If the current test was preceded by an instruction block, the return test
+ // case is preceded by the instruction block and a single blank line. All
+ // other blank or comment lines are omitted.
+ const std::string &CurrentTestToString() const;
+
+ void SetIgnoreUnusedAttributes(bool ignore);
+
private:
void ClearTest();
+ void ClearInstructions();
void OnKeyUsed(const std::string &key);
+ void OnInstructionUsed(const std::string &key);
FILE *file_ = nullptr;
// line_ is the number of lines read.
@@ -131,12 +165,21 @@
std::string parameter_;
// attributes_ contains all attributes in the test, including the first.
std::map<std::string, std::string> attributes_;
+ // instructions_ contains all instructions in scope for the test.
+ std::map<std::string, std::string> instructions_;
- // unused_attributes_ is the set of attributes that have been queried.
+ // unused_attributes_ is the set of attributes that have not been queried.
std::set<std::string> unused_attributes_;
- FileTest(const FileTest&) = delete;
- FileTest &operator=(const FileTest&) = delete;
+ // unused_instructions_ is the set of instructions that have not been queried.
+ std::set<std::string> unused_instructions_;
+
+ std::string current_test_;
+
+ bool ignore_unused_attributes_ = false;
+
+ FileTest(const FileTest &) = delete;
+ FileTest &operator=(const FileTest &) = delete;
};
// FileTestMain runs a file-based test out of |path| and returns an exit code
@@ -153,5 +196,9 @@
int FileTestMain(bool (*run_test)(FileTest *t, void *arg), void *arg,
const char *path);
+// FileTestMainSilent behaves like FileTestMain but does not print a final
+// FAIL/PASS message to stdout.
+int FileTestMainSilent(bool (*run_test)(FileTest *t, void *arg), void *arg,
+ const char *path);
#endif /* OPENSSL_HEADER_CRYPTO_TEST_FILE_TEST_H */