Drop CAVP code.
All FIPS testing is done with ACVP now. We can delete all the CAVP
stuff.
Change-Id: I459873474e40b0371f9cf760090a130ef9a90a8c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/51330
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: Adam Langley <agl@google.com>
diff --git a/CMakeLists.txt b/CMakeLists.txt
index c64ba8e..35ff4c1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -593,7 +593,7 @@
add_subdirectory(ssl)
add_subdirectory(ssl/test)
add_subdirectory(tool)
-add_subdirectory(util/fipstools/cavp)
+add_subdirectory(util/fipstools)
add_subdirectory(util/fipstools/acvp/modulewrapper)
add_subdirectory(decrepit)
diff --git a/crypto/fipsmodule/FIPS.md b/crypto/fipsmodule/FIPS.md
index 9e4463a..3a733a8 100644
--- a/crypto/fipsmodule/FIPS.md
+++ b/crypto/fipsmodule/FIPS.md
@@ -13,12 +13,9 @@
1. 2019-08-08: certificate [#3678](https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3678), [security policy](/crypto/fipsmodule/policydocs/BoringCrypto-Security-Policy-20190808.docx) (in docx format).
1. 2019-10-20: certificate [#3753](https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program/Certificate/3753), [security policy](/crypto/fipsmodule/policydocs/BoringCrypto-Android-Security-Policy-20191020.docx) (in docx format).
-## Running CAVP tests
+## Running ACVP tests
-CAVP results are calculated by `util/fipstools/cavp`, but that binary is almost always run by `util/fipstools/run_cavp.go`. The latter knows the set of tests to be processed and the flags needed to configure `cavp` for each one. It must be run from the top of a CAVP directory and needs the following options:
-
-1. `-oracle-bin`: points to the location of `util/fipstools/cavp`
-2. `-no-fax`: this is needed to suppress checking of the FAX files, which are only included in sample sets.
+See `util/fipstools/acvp/ACVP.md` for details of how ACVP testing is done.
## Breaking known-answer and continuous tests
diff --git a/util/fipstools/CMakeLists.txt b/util/fipstools/CMakeLists.txt
new file mode 100644
index 0000000..6359383
--- /dev/null
+++ b/util/fipstools/CMakeLists.txt
@@ -0,0 +1,12 @@
+include_directories(../../include)
+
+if(FIPS)
+ add_executable(
+ test_fips
+
+ test_fips.c
+ )
+
+ add_dependencies(test_fips global_target)
+ target_link_libraries(test_fips crypto)
+endif()
diff --git a/util/fipstools/cavp/CMakeLists.txt b/util/fipstools/cavp/CMakeLists.txt
deleted file mode 100644
index a50c9ab..0000000
--- a/util/fipstools/cavp/CMakeLists.txt
+++ /dev/null
@@ -1,42 +0,0 @@
-include_directories(../../../include)
-
-if(FIPS)
- add_executable(
- cavp
-
- cavp_main.cc
-
- cavp_aes_gcm_test.cc
- cavp_aes_test.cc
- cavp_ctr_drbg_test.cc
- cavp_ecdsa2_keypair_test.cc
- cavp_ecdsa2_pkv_test.cc
- cavp_ecdsa2_siggen_test.cc
- cavp_ecdsa2_sigver_test.cc
- cavp_hmac_test.cc
- cavp_kas_test.cc
- cavp_keywrap_test.cc
- cavp_rsa2_keygen_test.cc
- cavp_rsa2_siggen_test.cc
- cavp_rsa2_sigver_test.cc
- cavp_sha_monte_test.cc
- cavp_sha_test.cc
- cavp_tdes_test.cc
- cavp_tlskdf_test.cc
-
- cavp_test_util.cc
- )
-
- add_dependencies(cavp global_target)
-
- add_executable(
- test_fips
-
- test_fips.c
- )
-
- add_dependencies(test_fips global_target)
-
- target_link_libraries(cavp test_support_lib crypto)
- target_link_libraries(test_fips test_support_lib crypto)
-endif()
diff --git a/util/fipstools/cavp/cavp_aes_gcm_test.cc b/util/fipstools/cavp/cavp_aes_gcm_test.cc
deleted file mode 100644
index 6ee991d..0000000
--- a/util/fipstools/cavp/cavp_aes_gcm_test.cc
+++ /dev/null
@@ -1,166 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_aes_gcm_test processes a NIST CAVP AES GCM test vector request file and
-// emits the corresponding response.
-
-#include <stdlib.h>
-
-#include <openssl/aead.h>
-#include <openssl/cipher.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-
-namespace {
-
-struct TestCtx {
- const EVP_AEAD *aead;
-};
-
-}
-
-static const EVP_AEAD *GetAEAD(const std::string &name, const bool enc) {
- if (name == "aes-128-gcm") {
- return EVP_aead_aes_128_gcm();
- } else if (name == "aes-192-gcm") {
- return EVP_aead_aes_192_gcm();
- } else if (name == "aes-256-gcm") {
- return EVP_aead_aes_256_gcm();
- }
- return nullptr;
-}
-
-static bool TestAEADEncrypt(FileTest *t, void *arg) {
- TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
-
- std::string key_len_str, iv_len_str, pt_len_str, aad_len_str, tag_len_str;
- if (!t->GetInstruction(&key_len_str, "Keylen") ||
- !t->GetInstruction(&iv_len_str, "IVlen") ||
- !t->GetInstruction(&pt_len_str, "PTlen") ||
- !t->GetInstruction(&aad_len_str, "AADlen") ||
- !t->GetInstruction(&tag_len_str, "Taglen")) {
- return false;
- }
-
- std::string count;
- std::vector<uint8_t> key, iv, pt, aad, tag, ct;
- if (!t->GetAttribute(&count, "Count") ||
- !t->GetBytes(&key, "Key") ||
- !t->GetBytes(&iv, "IV") ||
- !t->GetBytes(&pt, "PT") ||
- !t->GetBytes(&aad, "AAD") ||
- key.size() * 8 != strtoul(key_len_str.c_str(), nullptr, 0) ||
- iv.size() * 8 != strtoul(iv_len_str.c_str(), nullptr, 0) ||
- pt.size() * 8 != strtoul(pt_len_str.c_str(), nullptr, 0) ||
- aad.size() * 8 != strtoul(aad_len_str.c_str(), nullptr, 0) ||
- iv.size() != 12) {
- return false;
- }
-
- const size_t tag_len = strtoul(tag_len_str.c_str(), nullptr, 0) / 8;
- if (!AEADEncrypt(ctx->aead, &ct, &tag, tag_len, key, pt, aad, iv)) {
- return false;
- }
- printf("%s", t->CurrentTestToString().c_str());
- printf("CT = %s\r\n", EncodeHex(ct).c_str());
- printf("Tag = %s\r\n\r\n", EncodeHex(tag).c_str());
-
- return true;
-}
-
-static bool TestAEADDecrypt(FileTest *t, void *arg) {
- TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
-
- std::string key_len, iv_len, pt_len_str, aad_len_str, tag_len;
- if (!t->GetInstruction(&key_len, "Keylen") ||
- !t->GetInstruction(&iv_len, "IVlen") ||
- !t->GetInstruction(&pt_len_str, "PTlen") ||
- !t->GetInstruction(&aad_len_str, "AADlen") ||
- !t->GetInstruction(&tag_len, "Taglen")) {
- t->PrintLine("Invalid instruction block.");
- return false;
- }
- size_t aad_len = strtoul(aad_len_str.c_str(), nullptr, 0) / 8;
- size_t pt_len = strtoul(pt_len_str.c_str(), nullptr, 0) / 8;
-
- std::string count;
- std::vector<uint8_t> key, iv, ct, aad, tag, pt;
- if (!t->GetAttribute(&count, "Count") ||
- !t->GetBytes(&key, "Key") ||
- !t->GetBytes(&aad, "AAD") ||
- !t->GetBytes(&tag, "Tag") ||
- !t->GetBytes(&iv, "IV") ||
- !t->GetBytes(&ct, "CT") ||
- key.size() * 8 != strtoul(key_len.c_str(), nullptr, 0) ||
- iv.size() * 8 != strtoul(iv_len.c_str(), nullptr, 0) ||
- ct.size() != pt_len ||
- aad.size() != aad_len ||
- tag.size() * 8 != strtoul(tag_len.c_str(), nullptr, 0)) {
- t->PrintLine("Invalid test case");
- return false;
- }
-
- printf("%s", t->CurrentTestToString().c_str());
- bool aead_result =
- AEADDecrypt(ctx->aead, &pt, pt_len, key, aad, ct, tag, iv);
- if (aead_result) {
- printf("PT = %s\r\n\r\n", EncodeHex(pt).c_str());
- } else {
- printf("FAIL\r\n\r\n");
- }
-
- return true;
-}
-
-static int usage(char *arg) {
- fprintf(stderr, "usage: %s (enc|dec) <cipher> <test file>\n", arg);
- return 1;
-}
-
-int cavp_aes_gcm_test_main(int argc, char **argv) {
- if (argc != 4) {
- return usage(argv[0]);
- }
-
- const std::string mode(argv[1]);
- bool (*test_fn)(FileTest * t, void *arg);
- if (mode == "enc") {
- test_fn = &TestAEADEncrypt;
- } else if (mode == "dec") {
- test_fn = &TestAEADDecrypt;
- } else {
- return usage(argv[0]);
- }
-
- const EVP_AEAD *aead = GetAEAD(argv[2], mode == "enc");
- if (aead == nullptr) {
- fprintf(stderr, "invalid aead: %s\n", argv[2]);
- return 1;
- }
-
- TestCtx ctx = {aead};
-
- FileTest::Options opts;
- opts.path = argv[3];
- opts.callback = test_fn;
- opts.arg = &ctx;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_aes_test.cc b/util/fipstools/cavp/cavp_aes_test.cc
deleted file mode 100644
index d1f49b4..0000000
--- a/util/fipstools/cavp/cavp_aes_test.cc
+++ /dev/null
@@ -1,225 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_aes_test processes a NIST CAVP AES test vector request file and emits
-// the corresponding response.
-
-#include <stdlib.h>
-
-#include <openssl/cipher.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-
-namespace {
-
-struct TestCtx {
- const EVP_CIPHER *cipher;
- bool has_iv;
- enum Mode {
- kKAT, // Known Answer Test
- kMCT, // Monte Carlo Test
- };
- Mode mode;
-};
-
-}
-
-static bool MonteCarlo(const TestCtx *ctx, FileTest *t,
- const EVP_CIPHER *cipher, std::vector<uint8_t> *out,
- bool encrypt, std::vector<uint8_t> key,
- std::vector<uint8_t> iv, std::vector<uint8_t> in) {
- const std::string in_label = encrypt ? "PLAINTEXT" : "CIPHERTEXT",
- result_label = encrypt ? "CIPHERTEXT" : "PLAINTEXT";
- std::vector<uint8_t> prev_result, result, prev_in;
- for (int i = 0; i < 100; i++) {
- printf("COUNT = %d\r\nKEY = %s\r\n", i, EncodeHex(key).c_str());
- if (ctx->has_iv) {
- printf("IV = %s\r\n", EncodeHex(iv).c_str());
- }
- printf("%s = %s\r\n", in_label.c_str(), EncodeHex(in).c_str());
-
- if (!ctx->has_iv) { // ECB mode
- for (int j = 0; j < 1000; j++) {
- prev_result = result;
- if (!CipherOperation(cipher, &result, encrypt, key, iv, in)) {
- return false;
- }
- in = result;
- }
- } else {
- for (int j = 0; j < 1000; j++) {
- prev_result = result;
- if (j > 0) {
- if (encrypt) {
- iv = result;
- } else {
- iv = prev_in;
- }
- }
-
- if (!CipherOperation(cipher, &result, encrypt, key, iv, in)) {
- return false;
- }
-
- prev_in = in;
-
- if (j == 0) {
- in = iv;
- } else {
- in = prev_result;
- }
- }
- }
-
- printf("%s = %s\r\n\r\n", result_label.c_str(), EncodeHex(result).c_str());
-
- const size_t key_len = key.size() * 8;
- if (key_len == 128) {
- for (size_t k = 0; k < key.size(); k++) {
- key[k] ^= result[k];
- }
- } else if (key_len == 192) {
- for (size_t k = 0; k < key.size(); k++) {
- // Key[i+1] = Key[i] xor (last 64-bits of CT[j-1] || CT[j])
- if (k < 8) {
- key[k] ^= prev_result[prev_result.size() - 8 + k];
- } else {
- key[k] ^= result[k - 8];
- }
- }
- } else { // key_len == 256
- for (size_t k = 0; k < key.size(); k++) {
- // Key[i+1] = Key[i] xor (CT[j-1] || CT[j])
- if (k < 16) {
- key[k] ^= prev_result[k];
- } else {
- key[k] ^= result[k - 16];
- }
- }
- }
-
- if (ctx->has_iv) {
- iv = result;
- in = prev_result;
- } else {
- in = result;
- }
- }
-
- return true;
-}
-
-static bool TestCipher(FileTest *t, void *arg) {
- TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
-
- if (t->HasInstruction("ENCRYPT") == t->HasInstruction("DECRYPT")) {
- t->PrintLine("Want either ENCRYPT or DECRYPT");
- return false;
- }
- enum {
- kEncrypt,
- kDecrypt,
- } operation = t->HasInstruction("ENCRYPT") ? kEncrypt : kDecrypt;
-
- std::string count;
- std::vector<uint8_t> key, iv, in, result;
- if (!t->GetAttribute(&count, "COUNT") ||
- !t->GetBytes(&key, "KEY") ||
- (ctx->has_iv && !t->GetBytes(&iv, "IV"))) {
- return false;
- }
-
- const EVP_CIPHER *cipher = ctx->cipher;
- if (operation == kEncrypt) {
- if (!t->GetBytes(&in, "PLAINTEXT")) {
- return false;
- }
- } else { // operation == kDecrypt
- if (!t->GetBytes(&in, "CIPHERTEXT")) {
- return false;
- }
- }
-
- if (ctx->mode == TestCtx::kKAT) {
- if (!CipherOperation(cipher, &result, operation == kEncrypt, key, iv, in)) {
- return false;
- }
- const std::string label =
- operation == kEncrypt ? "CIPHERTEXT" : "PLAINTEXT";
- printf("%s%s = %s\r\n\r\n", t->CurrentTestToString().c_str(), label.c_str(),
- EncodeHex(result).c_str());
- } else { // ctx->mode == kMCT
- const std::string op_label =
- operation == kEncrypt ? "[ENCRYPT]" : "[DECRYPT]";
- printf("%s\r\n\r\n", op_label.c_str());
- if (!MonteCarlo(ctx, t, cipher, &result, operation == kEncrypt, key, iv,
- in)) {
- return false;
- }
- if (operation == kEncrypt) {
- // MCT tests contain a stray blank line after the ENCRYPT section.
- printf("\r\n");
- }
- }
-
- return true;
-}
-
-static int usage(char *arg) {
- fprintf(stderr, "usage: %s (kat|mct) <cipher> <test file>\n", arg);
- return 1;
-}
-
-int cavp_aes_test_main(int argc, char **argv) {
- if (argc != 4) {
- return usage(argv[0]);
- }
-
- const std::string tm(argv[1]);
- enum TestCtx::Mode test_mode;
- if (tm == "kat") {
- test_mode = TestCtx::kKAT;
- } else if (tm == "mct") {
- test_mode = TestCtx::kMCT;
- } else {
- fprintf(stderr, "invalid test_mode: %s\n", tm.c_str());
- return usage(argv[0]);
- }
-
- const std::string cipher_name(argv[2]);
- const EVP_CIPHER *cipher = GetCipher(argv[2]);
- if (cipher == nullptr) {
- fprintf(stderr, "invalid cipher: %s\n", argv[2]);
- return 1;
- }
- const bool has_iv =
- (cipher_name != "aes-128-ecb" &&
- cipher_name != "aes-192-ecb" &&
- cipher_name != "aes-256-ecb");
-
- TestCtx ctx = {cipher, has_iv, test_mode};
-
- FileTest::Options opts;
- opts.path = argv[3];
- opts.callback = TestCipher;
- opts.arg = &ctx;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_ctr_drbg_test.cc b/util/fipstools/cavp/cavp_ctr_drbg_test.cc
deleted file mode 100644
index a27736e..0000000
--- a/util/fipstools/cavp/cavp_ctr_drbg_test.cc
+++ /dev/null
@@ -1,106 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_ctr_drbg_test processes a NIST CAVP DRBG800-90A test vector request
-// file and emits the corresponding response.
-
-#include <openssl/crypto.h>
-
-#include <stdlib.h>
-
-#include "cavp_test_util.h"
-#include "../crypto/fipsmodule/rand/internal.h"
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-
-
-static bool TestCTRDRBG(FileTest *t, void *arg) {
- std::string test_type, prediction_resistance, entropy_input_len, nonce_len,
- personalization_str_len, additional_input_len, returned_bits_len;
- if (!t->GetInstruction(&test_type, "AES-256 no df") ||
- !t->GetInstruction(&prediction_resistance, "PredictionResistance") ||
- !t->GetInstruction(&entropy_input_len, "EntropyInputLen") ||
- !t->GetInstruction(&nonce_len, "NonceLen") ||
- !t->GetInstruction(&personalization_str_len,
- "PersonalizationStringLen") ||
- !t->GetInstruction(&additional_input_len, "AdditionalInputLen") ||
- !t->GetInstruction(&returned_bits_len, "ReturnedBitsLen") ||
- !test_type.empty() ||
- prediction_resistance != "False" ||
- strtoul(entropy_input_len.c_str(), nullptr, 0) !=
- CTR_DRBG_ENTROPY_LEN * 8 ||
- nonce_len != "0") {
- return false;
- }
-
- std::string count;
- std::vector<uint8_t> entropy, nonce, personalization_str, ai1, ai2;
- if (!t->GetAttribute(&count, "COUNT") ||
- !t->GetBytes(&entropy, "EntropyInput") ||
- !t->GetBytes(&nonce, "Nonce") ||
- !t->GetBytes(&personalization_str, "PersonalizationString") ||
- !t->GetBytes(&ai1, "AdditionalInput") ||
- !t->GetBytes(&ai2, "AdditionalInput/2") ||
- entropy.size() * 8 != strtoul(entropy_input_len.c_str(), nullptr, 0) ||
- nonce.size() != 0 ||
- personalization_str.size() * 8 !=
- strtoul(personalization_str_len.c_str(), nullptr, 0) ||
- ai1.size() != ai2.size() ||
- ai1.size() * 8 != strtoul(additional_input_len.c_str(), nullptr, 0)) {
- return false;
- }
-
- CTR_DRBG_STATE drbg;
- CTR_DRBG_init(&drbg, entropy.data(),
- personalization_str.size() > 0 ? personalization_str.data()
- : nullptr,
- personalization_str.size());
-
- uint64_t out_len = strtoul(returned_bits_len.c_str(), nullptr, 0);
- if (out_len == 0 || (out_len & 7) != 0) {
- return false;
- }
- out_len /= 8;
-
- std::vector<uint8_t> out;
- out.resize(out_len);
-
- CTR_DRBG_generate(&drbg, out.data(), out.size(),
- ai1.size() > 0 ? ai1.data() : nullptr, ai1.size());
- CTR_DRBG_generate(&drbg, out.data(), out.size(),
- ai2.size() > 0 ? ai2.data() : nullptr, ai2.size());
-
- printf("%s", t->CurrentTestToString().c_str());
- printf("ReturnedBits = %s\r\n\r\n", EncodeHex(out).c_str());
-
- return true;
-}
-
-static int usage(char *arg) {
- fprintf(stderr, "usage: %s <test file>\n", arg);
- return 1;
-}
-
-int cavp_ctr_drbg_test_main(int argc, char **argv) {
- if (argc != 2) {
- return usage(argv[0]);
- }
-
- FileTest::Options opts;
- opts.path = argv[1];
- opts.callback = TestCTRDRBG;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_ecdsa2_keypair_test.cc b/util/fipstools/cavp/cavp_ecdsa2_keypair_test.cc
deleted file mode 100644
index f8c4a01..0000000
--- a/util/fipstools/cavp/cavp_ecdsa2_keypair_test.cc
+++ /dev/null
@@ -1,92 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_ecdsa2_keypair_test processes a NIST CAVP ECDSA2 KeyPair test vector
-// request file and emits the corresponding response.
-
-#include <stdlib.h>
-
-#include <vector>
-
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/ec_key.h>
-#include <openssl/err.h>
-#include <openssl/nid.h>
-
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-
-static bool TestECDSA2KeyPair(FileTest *t, void *arg) {
- std::string n_str;
- const char *group_str;
- int nid = GetECGroupNIDFromInstruction(t, &group_str);
- if (nid == NID_undef ||
- !t->GetAttribute(&n_str, "N")) {
- return false;
- }
-
- // Don't use CurrentTestToString to avoid printing the N.
- printf(
- "[%s]\r\n\r\n[B.4.2 Key Pair Generation by Testing Candidates]\r\n\r\n",
- group_str);
-
- unsigned long n = strtoul(n_str.c_str(), nullptr, 10);
- for (unsigned long i = 0; i < n; i++) {
- bssl::UniquePtr<BIGNUM> qx(BN_new()), qy(BN_new());
- bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(nid));
- if (!key ||
- !EC_KEY_generate_key_fips(key.get()) ||
- !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(key.get()),
- EC_KEY_get0_public_key(key.get()),
- qx.get(), qy.get(), nullptr)) {
- return false;
- }
-
- size_t degree_len =
- (EC_GROUP_get_degree(EC_KEY_get0_group(key.get())) + 7) / 8;
- size_t order_len =
- BN_num_bytes(EC_GROUP_get0_order(EC_KEY_get0_group(key.get())));
- std::vector<uint8_t> qx_bytes(degree_len), qy_bytes(degree_len);
- std::vector<uint8_t> d_bytes(order_len);
- if (!BN_bn2bin_padded(qx_bytes.data(), qx_bytes.size(), qx.get()) ||
- !BN_bn2bin_padded(qy_bytes.data(), qy_bytes.size(), qy.get()) ||
- !BN_bn2bin_padded(d_bytes.data(), d_bytes.size(),
- EC_KEY_get0_private_key(key.get()))) {
- return false;
- }
-
- printf("d = %s\r\nQx = %s\r\nQy = %s\r\n\r\n", EncodeHex(d_bytes).c_str(),
- EncodeHex(qx_bytes).c_str(), EncodeHex(qy_bytes).c_str());
- }
-
- return true;
-}
-
-int cavp_ecdsa2_keypair_test_main(int argc, char **argv) {
- if (argc != 2) {
- fprintf(stderr, "usage: %s <test file>\n",
- argv[0]);
- return 1;
- }
-
- FileTest::Options opts;
- opts.path = argv[1];
- opts.callback = TestECDSA2KeyPair;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_ecdsa2_pkv_test.cc b/util/fipstools/cavp/cavp_ecdsa2_pkv_test.cc
deleted file mode 100644
index d823e7a..0000000
--- a/util/fipstools/cavp/cavp_ecdsa2_pkv_test.cc
+++ /dev/null
@@ -1,66 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_ecdsa2_pkv_test processes a NIST CAVP ECDSA2 PKV test vector request file
-// and emits the corresponding response.
-
-#include <vector>
-
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/ec_key.h>
-#include <openssl/err.h>
-#include <openssl/nid.h>
-
-#include "../crypto/test/file_test.h"
-#include "cavp_test_util.h"
-
-
-static bool TestECDSA2PKV(FileTest *t, void *arg) {
- int nid = GetECGroupNIDFromInstruction(t);
- if (nid == NID_undef) {
- return false;
- }
- bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(nid));
- bssl::UniquePtr<BIGNUM> qx = GetBIGNUM(t, "Qx");
- bssl::UniquePtr<BIGNUM> qy = GetBIGNUM(t, "Qy");
- if (!key || !qx || !qy) {
- return false;
- }
-
- if (EC_KEY_set_public_key_affine_coordinates(key.get(), qx.get(), qy.get())) {
- printf("%sResult = P\r\n\r\n", t->CurrentTestToString().c_str());
- } else {
- char buf[256];
- ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
- printf("%sResult = F (%s)\r\n\r\n", t->CurrentTestToString().c_str(), buf);
- }
- ERR_clear_error();
- return true;
-}
-
-int cavp_ecdsa2_pkv_test_main(int argc, char **argv) {
- if (argc != 2) {
- fprintf(stderr, "usage: %s <test file>\n",
- argv[0]);
- return 1;
- }
-
- FileTest::Options opts;
- opts.path = argv[1];
- opts.callback = TestECDSA2PKV;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_ecdsa2_siggen_test.cc b/util/fipstools/cavp/cavp_ecdsa2_siggen_test.cc
deleted file mode 100644
index 1282eaa..0000000
--- a/util/fipstools/cavp/cavp_ecdsa2_siggen_test.cc
+++ /dev/null
@@ -1,123 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_ecdsa2_siggen_test processes NIST CAVP ECDSA2 SigGen and
-// SigGenComponent test vector request files and emits the corresponding
-// response.
-
-#include <vector>
-
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/digest.h>
-#include <openssl/ec_key.h>
-#include <openssl/ecdsa.h>
-#include <openssl/err.h>
-#include <openssl/nid.h>
-
-#include "../crypto/internal.h"
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-
-static bool TestECDSA2SigGenImpl(FileTest *t, bool is_component) {
- int nid = GetECGroupNIDFromInstruction(t);
- const EVP_MD *md = GetDigestFromInstruction(t);
- if (nid == NID_undef || md == nullptr) {
- return false;
- }
- bssl::UniquePtr<BIGNUM> qx(BN_new()), qy(BN_new());
- bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(nid));
- std::vector<uint8_t> msg;
- if (!qx || !qy || !key ||
- !EC_KEY_generate_key_fips(key.get()) ||
- !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(key.get()),
- EC_KEY_get0_public_key(key.get()),
- qx.get(), qy.get(), nullptr) ||
- !t->GetBytes(&msg, "Msg")) {
- return false;
- }
-
- uint8_t digest[EVP_MAX_MD_SIZE];
- unsigned digest_len;
- if (is_component) {
- if (msg.size() != EVP_MD_size(md)) {
- t->PrintLine("Bad input length.");
- return false;
- }
- digest_len = EVP_MD_size(md);
- OPENSSL_memcpy(digest, msg.data(), msg.size());
- } else if (!EVP_Digest(msg.data(), msg.size(), digest, &digest_len, md,
- nullptr)) {
- return false;
- }
-
- bssl::UniquePtr<ECDSA_SIG> sig(ECDSA_do_sign(digest, digest_len, key.get()));
- if (!sig) {
- return false;
- }
-
- size_t degree_len =
- (EC_GROUP_get_degree(EC_KEY_get0_group(key.get())) + 7) / 8;
- size_t order_len =
- BN_num_bytes(EC_GROUP_get0_order(EC_KEY_get0_group(key.get())));
- std::vector<uint8_t> qx_bytes(degree_len), qy_bytes(degree_len);
- std::vector<uint8_t> r_bytes(order_len), s_bytes(order_len);
- if (!BN_bn2bin_padded(qx_bytes.data(), qx_bytes.size(), qx.get()) ||
- !BN_bn2bin_padded(qy_bytes.data(), qy_bytes.size(), qy.get()) ||
- !BN_bn2bin_padded(r_bytes.data(), r_bytes.size(), sig->r) ||
- !BN_bn2bin_padded(s_bytes.data(), s_bytes.size(), sig->s)) {
- return false;
- }
-
- printf("%sQx = %s\r\nQy = %s\r\nR = %s\r\nS = %s\r\n\r\n",
- t->CurrentTestToString().c_str(), EncodeHex(qx_bytes).c_str(),
- EncodeHex(qy_bytes).c_str(), EncodeHex(r_bytes).c_str(),
- EncodeHex(s_bytes).c_str());
- return true;
-}
-
-static bool TestECDSA2SigGen(FileTest *t, void *arg) {
- return TestECDSA2SigGenImpl(t, false);
-}
-
-static bool TestECDSA2SigGenComponent(FileTest *t, void *arg) {
- return TestECDSA2SigGenImpl(t, true);
-}
-
-int cavp_ecdsa2_siggen_test_main(int argc, char **argv) {
- if (argc != 3) {
- fprintf(stderr, "usage: %s (SigGen|SigGenComponent) <test file>\n",
- argv[0]);
- return 1;
- }
-
- static bool (*test_func)(FileTest *, void *);
- if (strcmp(argv[1], "SigGen") == 0) {
- test_func = TestECDSA2SigGen;
- } else if (strcmp(argv[1], "SigGenComponent") == 0) {
- test_func = TestECDSA2SigGenComponent;
- } else {
- fprintf(stderr, "Unknown test type: %s\n", argv[1]);
- return 1;
- }
-
- FileTest::Options opts;
- opts.path = argv[2];
- opts.callback = test_func;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_ecdsa2_sigver_test.cc b/util/fipstools/cavp/cavp_ecdsa2_sigver_test.cc
deleted file mode 100644
index f3fd4b1..0000000
--- a/util/fipstools/cavp/cavp_ecdsa2_sigver_test.cc
+++ /dev/null
@@ -1,84 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_ecdsa2_sigver_test processes a NIST CAVP ECDSA2 SigVer test vector
-// request file and emits the corresponding response.
-
-#include <vector>
-
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/digest.h>
-#include <openssl/ec_key.h>
-#include <openssl/ecdsa.h>
-#include <openssl/err.h>
-#include <openssl/nid.h>
-
-#include "../crypto/test/file_test.h"
-#include "cavp_test_util.h"
-
-
-static bool TestECDSA2SigVer(FileTest *t, void *arg) {
- int nid = GetECGroupNIDFromInstruction(t);
- const EVP_MD *md = GetDigestFromInstruction(t);
- if (nid == NID_undef || md == nullptr) {
- return false;
- }
- bssl::UniquePtr<ECDSA_SIG> sig(ECDSA_SIG_new());
- bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(nid));
- bssl::UniquePtr<BIGNUM> qx = GetBIGNUM(t, "Qx");
- bssl::UniquePtr<BIGNUM> qy = GetBIGNUM(t, "Qy");
- bssl::UniquePtr<BIGNUM> r = GetBIGNUM(t, "R");
- bssl::UniquePtr<BIGNUM> s = GetBIGNUM(t, "S");
- std::vector<uint8_t> msg;
- uint8_t digest[EVP_MAX_MD_SIZE];
- unsigned digest_len;
- if (!sig || !key || !qx || !qy || !r || !s ||
- !EC_KEY_set_public_key_affine_coordinates(key.get(), qx.get(),
- qy.get()) ||
- !t->GetBytes(&msg, "Msg") ||
- !EVP_Digest(msg.data(), msg.size(), digest, &digest_len, md, nullptr)) {
- return false;
- }
-
- BN_free(sig->r);
- sig->r = r.release();
- BN_free(sig->s);
- sig->s = s.release();
-
- if (ECDSA_do_verify(digest, digest_len, sig.get(), key.get())) {
- printf("%sResult = P\r\n\r\n", t->CurrentTestToString().c_str());
- } else {
- char buf[256];
- ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
- printf("%sResult = F (%s)\r\n\r\n", t->CurrentTestToString().c_str(), buf);
- }
- ERR_clear_error();
- return true;
-}
-
-int cavp_ecdsa2_sigver_test_main(int argc, char **argv) {
- if (argc != 2) {
- fprintf(stderr, "usage: %s <test file>\n",
- argv[0]);
- return 1;
- }
-
- FileTest::Options opts;
- opts.path = argv[1];
- opts.callback = TestECDSA2SigVer;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_hmac_test.cc b/util/fipstools/cavp/cavp_hmac_test.cc
deleted file mode 100644
index c88226a..0000000
--- a/util/fipstools/cavp/cavp_hmac_test.cc
+++ /dev/null
@@ -1,106 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_hmac_test processes a NIST CAVP HMAC test vector request file and emits
-// the corresponding response.
-
-#include <stdlib.h>
-
-#include <openssl/crypto.h>
-#include <openssl/hmac.h>
-#include <openssl/span.h>
-
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-
-static bool TestHMAC(FileTest *t, void *arg) {
- std::string md_len_str;
- if (!t->GetInstruction(&md_len_str, "L")) {
- return false;
- }
- const size_t md_len = strtoul(md_len_str.c_str(), nullptr, 0);
-
- const EVP_MD *md;
- switch (md_len) {
- case 20:
- md = EVP_sha1();
- break;
- case 28:
- md = EVP_sha224();
- break;
- case 32:
- md = EVP_sha256();
- break;
- case 48:
- md = EVP_sha384();
- break;
- case 64:
- md = EVP_sha512();
- break;
- default:
- return false;
- }
-
- std::string count_str, k_len_str, t_len_str;
- std::vector<uint8_t> key, msg;
- if (!t->GetAttribute(&count_str, "Count") ||
- !t->GetAttribute(&k_len_str, "Klen") ||
- !t->GetAttribute(&t_len_str, "Tlen") ||
- !t->GetBytes(&key, "Key") ||
- !t->GetBytes(&msg, "Msg")) {
- return false;
- }
-
- size_t k_len = strtoul(k_len_str.c_str(), nullptr, 0);
- size_t t_len = strtoul(t_len_str.c_str(), nullptr, 0);
- if (key.size() < k_len) {
- return false;
- }
- unsigned out_len;
- uint8_t out[EVP_MAX_MD_SIZE];
- if (HMAC(md, key.data(), k_len, msg.data(), msg.size(), out, &out_len) ==
- NULL) {
- return false;
- }
-
- if (out_len < t_len) {
- return false;
- }
-
- printf("%s", t->CurrentTestToString().c_str());
- printf("Mac = %s\r\n\r\n",
- EncodeHex(bssl::MakeConstSpan(out, t_len)).c_str());
-
- return true;
-}
-
-static int usage(char *arg) {
- fprintf(stderr, "usage: %s <test file>\n", arg);
- return 1;
-}
-
-int cavp_hmac_test_main(int argc, char **argv) {
- if (argc != 2) {
- return usage(argv[0]);
- }
-
- FileTest::Options opts;
- opts.path = argv[1];
- opts.callback = TestHMAC;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_kas_test.cc b/util/fipstools/cavp/cavp_kas_test.cc
deleted file mode 100644
index 9a74f1d..0000000
--- a/util/fipstools/cavp/cavp_kas_test.cc
+++ /dev/null
@@ -1,156 +0,0 @@
-/* Copyright (c) 2018, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_kas_test processes NIST CAVP ECC KAS test vector request files and
-// emits the corresponding response.
-
-#include <vector>
-
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/digest.h>
-#include <openssl/ecdh.h>
-#include <openssl/ecdsa.h>
-#include <openssl/ec_key.h>
-#include <openssl/err.h>
-#include <openssl/nid.h>
-#include <openssl/sha.h>
-#include <openssl/span.h>
-
-#include "../crypto/internal.h"
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-
-static bool TestKAS(FileTest *t, void *arg) {
- const bool validate = *reinterpret_cast<bool *>(arg);
-
- int nid = NID_undef;
- size_t digest_len = 0;
-
- if (t->HasInstruction("EB - SHA224")) {
- nid = NID_secp224r1;
- digest_len = SHA224_DIGEST_LENGTH;
- } else if (t->HasInstruction("EC - SHA256")) {
- nid = NID_X9_62_prime256v1;
- digest_len = SHA256_DIGEST_LENGTH;
- } else if (t->HasInstruction("ED - SHA384")) {
- nid = NID_secp384r1;
- digest_len = SHA384_DIGEST_LENGTH;
- } else if (t->HasInstruction("EE - SHA512")) {
- nid = NID_secp521r1;
- digest_len = SHA512_DIGEST_LENGTH;
- } else {
- return false;
- }
-
- if (!t->HasAttribute("COUNT")) {
- return false;
- }
-
- bssl::UniquePtr<BIGNUM> their_x(GetBIGNUM(t, "QeCAVSx"));
- bssl::UniquePtr<BIGNUM> their_y(GetBIGNUM(t, "QeCAVSy"));
- bssl::UniquePtr<EC_KEY> ec_key(EC_KEY_new_by_curve_name(nid));
- bssl::UniquePtr<BN_CTX> ctx(BN_CTX_new());
- if (!their_x || !their_y || !ec_key || !ctx) {
- return false;
- }
-
- const EC_GROUP *const group = EC_KEY_get0_group(ec_key.get());
- bssl::UniquePtr<EC_POINT> their_point(EC_POINT_new(group));
- if (!their_point ||
- !EC_POINT_set_affine_coordinates_GFp(
- group, their_point.get(), their_x.get(), their_y.get(), ctx.get())) {
- return false;
- }
-
- if (validate) {
- bssl::UniquePtr<BIGNUM> our_k(GetBIGNUM(t, "deIUT"));
- if (!our_k ||
- !EC_KEY_set_private_key(ec_key.get(), our_k.get()) ||
- // These attributes are ignored.
- !t->HasAttribute("QeIUTx") ||
- !t->HasAttribute("QeIUTy")) {
- return false;
- }
- } else if (!EC_KEY_generate_key(ec_key.get())) {
- return false;
- }
-
- uint8_t digest[EVP_MAX_MD_SIZE];
- if (!ECDH_compute_key_fips(digest, digest_len, their_point.get(),
- ec_key.get())) {
- return false;
- }
-
- if (validate) {
- std::vector<uint8_t> expected_shared_bytes;
- if (!t->GetBytes(&expected_shared_bytes, "CAVSHashZZ")) {
- return false;
- }
- const bool ok =
- digest_len == expected_shared_bytes.size() &&
- OPENSSL_memcmp(digest, expected_shared_bytes.data(), digest_len) == 0;
-
- printf("%sIUTHashZZ = %s\r\nResult = %c\r\n\r\n\r\n",
- t->CurrentTestToString().c_str(),
- EncodeHex(bssl::MakeConstSpan(digest, digest_len)).c_str(),
- ok ? 'P' : 'F');
- } else {
- const EC_POINT *pub = EC_KEY_get0_public_key(ec_key.get());
- bssl::UniquePtr<BIGNUM> x(BN_new());
- bssl::UniquePtr<BIGNUM> y(BN_new());
- if (!x || !y ||
- !EC_POINT_get_affine_coordinates_GFp(group, pub, x.get(), y.get(),
- ctx.get())) {
- return false;
- }
- bssl::UniquePtr<char> x_hex(BN_bn2hex(x.get()));
- bssl::UniquePtr<char> y_hex(BN_bn2hex(y.get()));
-
- printf("%sQeIUTx = %s\r\nQeIUTy = %s\r\nHashZZ = %s\r\n",
- t->CurrentTestToString().c_str(), x_hex.get(), y_hex.get(),
- EncodeHex(bssl::MakeConstSpan(digest, digest_len)).c_str());
- }
-
- return true;
-}
-
-int cavp_kas_test_main(int argc, char **argv) {
- if (argc != 3) {
- fprintf(stderr, "usage: %s (validity|function) <test file>\n",
- argv[0]);
- return 1;
- }
-
- bool validity;
- if (strcmp(argv[1], "validity") == 0) {
- validity = true;
- } else if (strcmp(argv[1], "function") == 0) {
- validity = false;
- } else {
- fprintf(stderr, "Unknown test type: %s\n", argv[1]);
- return 1;
- }
-
- FileTest::Options opts;
- opts.path = argv[2];
- opts.arg = &validity;
- opts.callback = TestKAS;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- opts.is_kas_test = true;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_keywrap_test.cc b/util/fipstools/cavp/cavp_keywrap_test.cc
deleted file mode 100644
index 67397ec..0000000
--- a/util/fipstools/cavp/cavp_keywrap_test.cc
+++ /dev/null
@@ -1,166 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_keywrap_test processes a NIST CAVP AES test vector request file and
-// emits the corresponding response.
-
-#include <stdlib.h>
-
-#include <openssl/aes.h>
-#include <openssl/crypto.h>
-
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-
-namespace {
-
-struct TestCtx {
- bool encrypt;
- bool padding;
-};
-
-} // namespace
-
-static bool AESKeyWrap(std::vector<uint8_t> *out, bool encrypt,
- const std::vector<uint8_t> &key,
- const std::vector<uint8_t> &in) {
- size_t key_bits = key.size() * 8;
- if (key_bits != 128 && key_bits != 192 && key_bits != 256) {
- return false;
- }
- AES_KEY aes_key;
-
- if (encrypt) {
- out->resize(in.size() + 8);
- if (AES_set_encrypt_key(key.data(), key_bits, &aes_key) ||
- AES_wrap_key(&aes_key, nullptr, out->data(), in.data(), in.size()) ==
- -1) {
- return false;
- }
- } else {
- out->resize(in.size() - 8);
- if (AES_set_decrypt_key(key.data(), key_bits, &aes_key) ||
- AES_unwrap_key(&aes_key, nullptr, out->data(), in.data(), in.size()) ==
- -1) {
- return false;
- }
- }
-
- return true;
-}
-
-static bool AESKeyWrapWithPadding(std::vector<uint8_t> *out, bool encrypt,
- const std::vector<uint8_t> &key,
- const std::vector<uint8_t> &in) {
- const size_t key_bits = key.size() * 8;
- if (key_bits != 128 && key_bits != 192 && key_bits != 256) {
- return false;
- }
- AES_KEY aes_key;
-
- size_t out_len;
- if (encrypt) {
- out->resize(in.size() + 15);
- if (AES_set_encrypt_key(key.data(), key_bits, &aes_key) ||
- !AES_wrap_key_padded(&aes_key, out->data(), &out_len, out->size(),
- in.data(), in.size())) {
- return false;
- }
- } else {
- out->resize(in.size());
- if (AES_set_decrypt_key(key.data(), key_bits, &aes_key) ||
- !AES_unwrap_key_padded(&aes_key, out->data(), &out_len, out->size(),
- in.data(), in.size())) {
- return false;
- }
- }
-
- out->resize(out_len);
- return true;
-}
-
-static bool TestCipher(FileTest *t, void *arg) {
- TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
-
- std::string count, unused, in_label = ctx->encrypt ? "P" : "C",
- result_label = ctx->encrypt ? "C" : "P";
- std::vector<uint8_t> key, in, result;
- // clang-format off
- if (!t->GetInstruction(&unused, "PLAINTEXT LENGTH") ||
- !t->GetAttribute(&count, "COUNT") ||
- !t->GetBytes(&key, "K") ||
- !t->GetBytes(&in, in_label)) {
- return false;
- }
- // clang-format on
-
- auto wrap_function = AESKeyWrap;
- if (ctx->padding) {
- wrap_function = AESKeyWrapWithPadding;
- }
-
- printf("%s", t->CurrentTestToString().c_str());
- if (!wrap_function(&result, ctx->encrypt, key, in)) {
- if (ctx->encrypt) {
- return false;
- } else {
- printf("FAIL\r\n\r\n");
- }
- } else {
- printf("%s = %s\r\n\r\n", result_label.c_str(), EncodeHex(result).c_str());
- }
-
- return true;
-}
-
-static int usage(char *arg) {
- fprintf(
- stderr,
- "usage: %s (enc|dec|enc-pad|dec-pad) (128|192|256) <test file>\n",
- arg);
- return 1;
-}
-
-int cavp_keywrap_test_main(int argc, char **argv) {
- if (argc != 4) {
- return usage(argv[0]);
- }
-
- const std::string op(argv[1]);
- bool encrypt = false;
- bool padding = false;
- if (op == "enc") {
- encrypt = true;
- } else if (op == "dec") {
- } else if (op == "enc-pad") {
- encrypt = true;
- padding = true;
- } else if (op == "dec-pad") {
- padding = true;
- } else {
- return usage(argv[0]);
- }
-
- TestCtx ctx = {encrypt, padding};
-
- FileTest::Options opts;
- opts.path = argv[3];
- opts.callback = TestCipher;
- opts.arg = &ctx;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_main.cc b/util/fipstools/cavp/cavp_main.cc
deleted file mode 100644
index 64dbd69..0000000
--- a/util/fipstools/cavp/cavp_main.cc
+++ /dev/null
@@ -1,73 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_main is a wrapper that invokes the main entry function of one of the
-// CAVP validation suite binaries.
-
-#include <stdlib.h>
-#include <cstdio>
-#include <string>
-
-#include <openssl/crypto.h>
-
-#include "cavp_test_util.h"
-
-
-static int usage(char *arg) {
- fprintf(stderr, "usage: %s <validation suite> <args ...>\n", arg);
- return 1;
-}
-
-struct TestSuite {
- std::string name;
- int (*main_func)(int argc, char **argv);
-};
-
-static TestSuite all_test_suites[] = {
- {"aes", &cavp_aes_test_main},
- {"aes_gcm", &cavp_aes_gcm_test_main},
- {"ctr_drbg", &cavp_ctr_drbg_test_main},
- {"ecdsa2_keypair", &cavp_ecdsa2_keypair_test_main},
- {"ecdsa2_pkv", &cavp_ecdsa2_pkv_test_main},
- {"ecdsa2_siggen", &cavp_ecdsa2_siggen_test_main},
- {"ecdsa2_sigver", &cavp_ecdsa2_sigver_test_main},
- {"hmac", &cavp_hmac_test_main},
- {"kas", &cavp_kas_test_main},
- {"keywrap", &cavp_keywrap_test_main},
- {"rsa2_keygen", &cavp_rsa2_keygen_test_main},
- {"rsa2_siggen", &cavp_rsa2_siggen_test_main},
- {"rsa2_sigver", &cavp_rsa2_sigver_test_main},
- {"tlskdf", &cavp_tlskdf_test_main},
- {"sha", &cavp_sha_test_main},
- {"sha_monte", &cavp_sha_monte_test_main},
- {"tdes", &cavp_tdes_test_main}
-};
-
-int main(int argc, char **argv) {
- CRYPTO_library_init();
-
- if (argc < 3) {
- return usage(argv[0]);
- }
-
- const std::string suite(argv[1]);
- for (const TestSuite &s : all_test_suites) {
- if (s.name == suite) {
- return s.main_func(argc - 1, &argv[1]);
- }
- }
-
- fprintf(stderr, "invalid test suite: %s\n\n", argv[1]);
- return usage(argv[0]);
-}
diff --git a/util/fipstools/cavp/cavp_rsa2_keygen_test.cc b/util/fipstools/cavp/cavp_rsa2_keygen_test.cc
deleted file mode 100644
index e7088c7..0000000
--- a/util/fipstools/cavp/cavp_rsa2_keygen_test.cc
+++ /dev/null
@@ -1,93 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_rsa2_keygen_test processes NIST CAVP RSA2 KeyGen test vector request
-// files and emits the corresponding response.
-
-#include <vector>
-
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/rsa.h>
-
-#include "../crypto/internal.h"
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-
-static bool TestRSA2KeyGen(FileTest *t, void *arg) {
- std::string mod_str, table, count_str;
- if (!t->GetInstruction(&mod_str, "mod") ||
- !t->GetInstruction(&table, "Table for M-R Test") ||
- table != "C.2" ||
- !t->GetAttribute(&count_str, "N")) {
- return false;
- }
-
- printf("[mod = %s]\r\n", mod_str.c_str());
- printf("[Table for M-R Test = %s]\r\n\r\n", table.c_str());
-
- size_t bits = strtoul(mod_str.c_str(), nullptr, 0);
- size_t count = strtoul(count_str.c_str(), nullptr, 0);
- for (size_t i = 0; i < count; i++) {
- bssl::UniquePtr<RSA> key(RSA_new());
- if (key == nullptr ||
- bits == 0 ||
- !RSA_generate_key_fips(key.get(), bits, nullptr)) {
- return 0;
- }
-
- const BIGNUM *n, *e, *d, *p, *q;
- RSA_get0_key(key.get(), &n, &e, &d);
- RSA_get0_factors(key.get(), &p, &q);
- std::vector<uint8_t> n_bytes(BN_num_bytes(n)), e_bytes(BN_num_bytes(e)),
- d_bytes((bits + 7) / 8), p_bytes(BN_num_bytes(p)),
- q_bytes(BN_num_bytes(q));
- if (n == NULL ||
- BN_bn2bin(n, n_bytes.data()) != n_bytes.size() ||
- e == NULL ||
- BN_bn2bin(e, e_bytes.data()) != e_bytes.size() ||
- d == NULL ||
- !BN_bn2bin_padded(d_bytes.data(), d_bytes.size(), d) ||
- p == NULL ||
- BN_bn2bin(p, p_bytes.data()) != p_bytes.size() ||
- q == NULL ||
- BN_bn2bin(q, q_bytes.data()) != q_bytes.size()) {
- return false;
- }
-
- printf("e = %s\r\np = %s\r\nq = %s\r\nn = %s\r\nd = %s\r\n\r\n",
- EncodeHex(e_bytes).c_str(), EncodeHex(p_bytes).c_str(),
- EncodeHex(q_bytes).c_str(), EncodeHex(n_bytes).c_str(),
- EncodeHex(d_bytes).c_str());
- }
-
- return true;
-}
-
-int cavp_rsa2_keygen_test_main(int argc, char **argv) {
- if (argc != 2) {
- fprintf(stderr, "usage: %s <test file>\n",
- argv[0]);
- return 1;
- }
-
- FileTest::Options opts;
- opts.path = argv[1];
- opts.callback = TestRSA2KeyGen;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_rsa2_siggen_test.cc b/util/fipstools/cavp/cavp_rsa2_siggen_test.cc
deleted file mode 100644
index 636a73a..0000000
--- a/util/fipstools/cavp/cavp_rsa2_siggen_test.cc
+++ /dev/null
@@ -1,128 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_rsa2_siggen_test processes NIST CAVP RSA2 SigGen test vector request
-// files and emits the corresponding response.
-
-#include <vector>
-
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/digest.h>
-#include <openssl/rsa.h>
-
-#include "../crypto/internal.h"
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-namespace {
-
-struct TestCtx {
- bssl::UniquePtr<RSA> key;
- bool is_pss;
-};
-
-}
-
-static bool TestRSA2SigGen(FileTest *t, void *arg) {
- TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
-
- std::string mod_str, hash;
- std::vector<uint8_t> msg;
- if (!t->GetInstruction(&mod_str, "mod") ||
- !t->GetAttribute(&hash, "SHAAlg") ||
- !t->GetBytes(&msg, "Msg")) {
- return false;
- }
-
- std::string test = t->CurrentTestToString();
- if (t->IsAtNewInstructionBlock()) {
- int mod_bits = strtoul(mod_str.c_str(), nullptr, 0);
- ctx->key = bssl::UniquePtr<RSA>(RSA_new());
- if (ctx->key == nullptr ||
- mod_bits == 0 ||
- !RSA_generate_key_fips(ctx->key.get(), mod_bits, nullptr)) {
- return false;
- }
-
- const BIGNUM *n, *e;
- RSA_get0_key(ctx->key.get(), &n, &e, nullptr);
-
- std::vector<uint8_t> n_bytes(BN_num_bytes(n));
- std::vector<uint8_t> e_bytes(BN_num_bytes(e));
- if (!BN_bn2bin_padded(n_bytes.data(), n_bytes.size(), n) ||
- !BN_bn2bin_padded(e_bytes.data(), e_bytes.size(), e)) {
- return false;
- }
-
- printf("[mod = %s]\r\n\r\nn = %s\r\n\r\ne = %s", mod_str.c_str(),
- EncodeHex(n_bytes).c_str(), EncodeHex(e_bytes).c_str());
- test = test.substr(test.find("]") + 3);
- }
-
- const EVP_MD *md = EVP_get_digestbyname(hash.c_str());
- uint8_t digest_buf[EVP_MAX_MD_SIZE];
- std::vector<uint8_t> sig(RSA_size(ctx->key.get()));
- unsigned digest_len;
- size_t sig_len;
- if (md == NULL ||
- !EVP_Digest(msg.data(), msg.size(), digest_buf, &digest_len, md, NULL)) {
- return false;
- }
-
- if (ctx->is_pss) {
- if (!RSA_sign_pss_mgf1(ctx->key.get(), &sig_len, sig.data(), sig.size(),
- digest_buf, digest_len, md, md, -1)) {
- return false;
- }
- } else {
- unsigned sig_len_u;
- if (!RSA_sign(EVP_MD_type(md), digest_buf, digest_len, sig.data(),
- &sig_len_u, ctx->key.get())) {
- return false;
- }
- sig_len = sig_len_u;
- }
-
- sig.resize(sig_len);
- printf("%sS = %s\r\n\r\n", test.c_str(), EncodeHex(sig).c_str());
- return true;
-}
-
-int cavp_rsa2_siggen_test_main(int argc, char **argv) {
- if (argc != 3) {
- fprintf(stderr, "usage: %s (pkcs15|pss) <test file>\n",
- argv[0]);
- return 1;
- }
-
- TestCtx ctx;
- if (strcmp(argv[1], "pkcs15") == 0) {
- ctx = {nullptr, false};
- } else if (strcmp(argv[1], "pss") == 0) {
- ctx = {nullptr, true};
- } else {
- fprintf(stderr, "Unknown test type: %s\n", argv[1]);
- return 1;
- }
-
- FileTest::Options opts;
- opts.path = argv[2];
- opts.callback = TestRSA2SigGen;
- opts.arg = &ctx;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_rsa2_sigver_test.cc b/util/fipstools/cavp/cavp_rsa2_sigver_test.cc
deleted file mode 100644
index cbcfc1f..0000000
--- a/util/fipstools/cavp/cavp_rsa2_sigver_test.cc
+++ /dev/null
@@ -1,125 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_rsa2_sigver_test processes NIST CAVP RSA2 SigVer test vector request
-// files and emits the corresponding response.
-
-#include <vector>
-
-#include <openssl/bn.h>
-#include <openssl/crypto.h>
-#include <openssl/digest.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-
-#include "../crypto/internal.h"
-#include "../crypto/test/file_test.h"
-#include "cavp_test_util.h"
-
-
-namespace {
-
-struct TestCtx {
- std::vector<uint8_t> N;
- bool is_pss;
-};
-
-}
-
-static bool TestRSA2SigVer(FileTest *t, void *arg) {
- TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
-
- std::string mod_str;
- if (!t->GetInstruction(&mod_str, "mod")) {
- return false;
- }
-
- printf("%s", t->CurrentTestToString().c_str());
-
- if (t->HasAttribute("n")) {
- printf("\r\n");
- return t->GetBytes(&ctx->N, "n");
- }
-
- std::string hash;
- std::vector<uint8_t> e_bytes, msg, sig;
- if (!t->GetAttribute(&hash, "SHAAlg") ||
- !t->GetBytes(&e_bytes, "e") ||
- !t->GetBytes(&msg, "Msg") ||
- !t->GetBytes(&sig, "S")) {
- return false;
- }
-
- bssl::UniquePtr<RSA> key(RSA_new());
- key->n = BN_new();
- key->e = BN_new();
- if (key == nullptr ||
- !BN_bin2bn(ctx->N.data(), ctx->N.size(), key->n) ||
- !BN_bin2bn(e_bytes.data(), e_bytes.size(), key->e)) {
- return false;
- }
-
- const EVP_MD *md = EVP_get_digestbyname(hash.c_str());
- uint8_t digest_buf[EVP_MAX_MD_SIZE];
- unsigned digest_len;
- if (md == NULL ||
- !EVP_Digest(msg.data(), msg.size(), digest_buf, &digest_len, md, NULL)) {
- return false;
- }
-
- int ok;
- if (ctx->is_pss) {
- ok = RSA_verify_pss_mgf1(key.get(), digest_buf, digest_len, md, md, -1,
- sig.data(), sig.size());
- } else {
- ok = RSA_verify(EVP_MD_type(md), digest_buf, digest_len, sig.data(),
- sig.size(), key.get());
- }
-
- if (ok) {
- printf("Result = P\r\n\r\n");
- } else {
- char buf[256];
- ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
- printf("Result = F (%s)\r\n\r\n", buf);
- }
- ERR_clear_error();
- return true;
-}
-
-int cavp_rsa2_sigver_test_main(int argc, char **argv) {
- if (argc != 3) {
- fprintf(stderr, "usage: %s (pkcs15|pss) <test file>\n",
- argv[0]);
- return 1;
- }
-
- TestCtx ctx;
- if (strcmp(argv[1], "pkcs15") == 0) {
- ctx = {std::vector<uint8_t>(), false};
- } else if (strcmp(argv[1], "pss") == 0) {
- ctx = {std::vector<uint8_t>(), true};
- } else {
- fprintf(stderr, "Unknown test type: %s\n", argv[1]);
- return 1;
- }
-
- FileTest::Options opts;
- opts.path = argv[2];
- opts.callback = TestRSA2SigVer;
- opts.arg = &ctx;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_sha_monte_test.cc b/util/fipstools/cavp/cavp_sha_monte_test.cc
deleted file mode 100644
index f5bcdd1..0000000
--- a/util/fipstools/cavp/cavp_sha_monte_test.cc
+++ /dev/null
@@ -1,103 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_sha_monte_test processes a NIST CAVP SHA-Monte test vector request file
-// and emits the corresponding response.
-
-#include <stdlib.h>
-
-#include <openssl/crypto.h>
-#include <openssl/digest.h>
-
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-
-namespace {
-
-struct TestCtx {
- std::string hash;
-};
-
-}
-
-static bool TestSHAMonte(FileTest *t, void *arg) {
- TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
-
- const EVP_MD *md = EVP_get_digestbyname(ctx->hash.c_str());
- if (md == nullptr) {
- return false;
- }
- const size_t md_len = EVP_MD_size(md);
-
- std::string out_len;
- if (!t->GetInstruction(&out_len, "L") ||
- md_len != strtoul(out_len.c_str(), nullptr, 0)) {
- return false;
- }
-
- std::vector<uint8_t> seed;
- if (!t->GetBytes(&seed, "Seed") ||
- seed.size() != md_len) {
- return false;
- }
-
- std::vector<uint8_t> out = seed;
-
- printf("%s\r\n", t->CurrentTestToString().c_str());
-
- for (int count = 0; count < 100; count++) {
- std::vector<uint8_t> msg;
- msg.insert(msg.end(), out.begin(), out.end());
- msg.insert(msg.end(), out.begin(), out.end());
- msg.insert(msg.end(), out.begin(), out.end());
- for (int i = 0; i < 1000; i++) {
- unsigned digest_len;
- if (!EVP_Digest(msg.data(), msg.size(), out.data(), &digest_len, md,
- nullptr) ||
- digest_len != out.size()) {
- return false;
- }
-
- msg.erase(msg.begin(), msg.begin() + out.size());
- msg.insert(msg.end(), out.begin(), out.end());
- }
- printf("COUNT = %d\r\n", count);
- printf("MD = %s\r\n\r\n", EncodeHex(out).c_str());
- }
-
- return true;
-}
-
-static int usage(char *arg) {
- fprintf(stderr, "usage: %s <hash> <test file>\n", arg);
- return 1;
-}
-
-int cavp_sha_monte_test_main(int argc, char **argv) {
- if (argc != 3) {
- return usage(argv[0]);
- }
-
- TestCtx ctx = {std::string(argv[1])};
-
- FileTest::Options opts;
- opts.path = argv[2];
- opts.callback = TestSHAMonte;
- opts.arg = &ctx;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_sha_test.cc b/util/fipstools/cavp/cavp_sha_test.cc
deleted file mode 100644
index c046451..0000000
--- a/util/fipstools/cavp/cavp_sha_test.cc
+++ /dev/null
@@ -1,97 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_sha_test processes a NIST CAVP SHA test vector request file and emits
-// the corresponding response.
-
-#include <stdlib.h>
-
-#include <openssl/crypto.h>
-#include <openssl/digest.h>
-
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-namespace {
-
-struct TestCtx {
- std::string hash;
-};
-
-}
-
-static bool TestSHA(FileTest *t, void *arg) {
- TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
-
- const EVP_MD *md = EVP_get_digestbyname(ctx->hash.c_str());
- if (md == nullptr) {
- return false;
- }
- const size_t md_len = EVP_MD_size(md);
-
- std::string out_len;
- if (!t->GetInstruction(&out_len, "L") ||
- md_len != strtoul(out_len.c_str(), nullptr, 0)) {
- return false;
- }
-
- std::string msg_len_str;
- std::vector<uint8_t> msg;
- if (!t->GetAttribute(&msg_len_str, "Len") ||
- !t->GetBytes(&msg, "Msg")) {
- return false;
- }
-
- size_t msg_len = strtoul(msg_len_str.c_str(), nullptr, 0);
- if (msg_len % 8 != 0 ||
- msg_len / 8 > msg.size()) {
- return false;
- }
- msg_len /= 8;
-
- std::vector<uint8_t> out;
- out.resize(md_len);
- unsigned digest_len;
- if (!EVP_Digest(msg.data(), msg_len, out.data(), &digest_len, md, nullptr) ||
- digest_len != out.size()) {
- return false;
- }
-
- printf("%s", t->CurrentTestToString().c_str());
- printf("MD = %s\r\n\r\n", EncodeHex(out).c_str());
-
- return true;
-}
-
-static int usage(char *arg) {
- fprintf(stderr, "usage: %s <hash> <test file>\n", arg);
- return 1;
-}
-
-int cavp_sha_test_main(int argc, char **argv) {
- if (argc != 3) {
- return usage(argv[0]);
- }
-
- TestCtx ctx = {std::string(argv[1])};
-
- FileTest::Options opts;
- opts.path = argv[2];
- opts.callback = TestSHA;
- opts.arg = &ctx;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_tdes_test.cc b/util/fipstools/cavp/cavp_tdes_test.cc
deleted file mode 100644
index 7b8839d..0000000
--- a/util/fipstools/cavp/cavp_tdes_test.cc
+++ /dev/null
@@ -1,336 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_tdes_test processes a NIST TMOVS test vector request file and emits the
-// corresponding response.
-
-#include <stdlib.h>
-
-#include <openssl/cipher.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-#include "cavp_test_util.h"
-
-
-namespace {
-
-struct TestCtx {
- const EVP_CIPHER *cipher;
- enum Mode {
- kKAT, // Known Answer Test
- kMCT, // Monte Carlo Test
- };
- bool has_iv;
- Mode mode;
-};
-
-}
-
-static bool TestKAT(FileTest *t, void *arg) {
- TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
-
- if (t->HasInstruction("ENCRYPT") == t->HasInstruction("DECRYPT")) {
- t->PrintLine("Want either ENCRYPT or DECRYPT");
- return false;
- }
- enum {
- kEncrypt,
- kDecrypt,
- } operation = t->HasInstruction("ENCRYPT") ? kEncrypt : kDecrypt;
-
- if (t->HasAttribute("NumKeys")) {
- // Another file format quirk: NumKeys is a single attribute line immediately
- // following an instruction and should probably have been an instruction
- // instead. If it is present, the file has separate attributes "KEY{1,2,3}".
- // If it is not, the keys are concatenated in a single attribute "KEYs".
- std::string num_keys;
- t->GetAttribute(&num_keys, "NumKeys");
- t->InjectInstruction("NumKeys", num_keys);
-
- std::string header = operation == kEncrypt ? "[ENCRYPT]" : "[DECRYPT]";
- printf("%s\r\n\r\n", header.c_str());
-
- return true;
- }
-
- enum {
- kNotPresent,
- kTwo,
- kThree,
- } num_keys = kNotPresent;
- if (t->HasInstruction("NumKeys")) {
- std::string num_keys_str;
- t->GetInstruction(&num_keys_str, "NumKeys");
- const int n = strtoul(num_keys_str.c_str(), nullptr, 0);
- if (n == 2) {
- num_keys = kTwo;
- } else if (n == 3) {
- num_keys = kThree;
- } else {
- t->PrintLine("invalid NumKeys value");
- return false;
- }
- }
-
- std::string count;
- std::vector<uint8_t> keys, key1, key2, key3, iv, in, result;
- const std::string in_label =
- operation == kEncrypt ? "PLAINTEXT" : "CIPHERTEXT";
- // clang-format off
- if (!t->GetAttribute(&count, "COUNT") ||
- (num_keys == 0 && !t->GetBytes(&keys, "KEYs")) ||
- (num_keys > 0 &&
- (!t->GetBytes(&key1, "KEY1") ||
- !t->GetBytes(&key2, "KEY2") ||
- !t->GetBytes(&key3, "KEY3"))) ||
- (ctx->has_iv && !t->GetBytes(&iv, "IV")) ||
- !t->GetBytes(&in, in_label)) {
- return false;
- }
- // clang-format on
- std::vector<uint8_t> key;
- if (num_keys != kNotPresent) {
- key.insert(key.end(), key1.begin(), key1.end());
- key.insert(key.end(), key2.begin(), key2.end());
- if (num_keys == kThree) {
- key.insert(key.end(), key3.begin(), key3.end());
- }
- } else {
- key.insert(key.end(), keys.begin(), keys.end());
- key.insert(key.end(), keys.begin(), keys.end());
- key.insert(key.end(), keys.begin(), keys.end());
- }
-
- if (!CipherOperation(ctx->cipher, &result, operation == kEncrypt, key, iv,
- in)) {
- return false;
- }
-
- // TDES fax files output format differs from file to file, and the input
- // format is inconsistent with the output, so we construct the output manually
- // rather than printing CurrentTestToString().
- if (t->IsAtNewInstructionBlock() && num_keys == kNotPresent) {
- // If NumKeys is present, header is printed when parsing NumKeys.
- std::string header = operation == kEncrypt ? "[ENCRYPT]" : "[DECRYPT]";
- printf("%s\r\n", header.c_str());
- }
- const std::string result_label =
- operation == kEncrypt ? "CIPHERTEXT" : "PLAINTEXT";
- printf("COUNT = %s\r\n", count.c_str());
- if (num_keys == kNotPresent) {
- printf("KEYs = %s\r\n", EncodeHex(keys).c_str());
- } else {
- printf("KEY1 = %s\r\nKEY2 = %s\r\nKEY3 = %s\r\n", EncodeHex(key1).c_str(),
- EncodeHex(key2).c_str(), EncodeHex(key3).c_str());
- }
- if (ctx->has_iv) {
- printf("IV = %s\r\n", EncodeHex(iv).c_str());
- }
- printf("%s = %s\r\n", in_label.c_str(), EncodeHex(in).c_str());
- printf("%s = %s\r\n\r\n", result_label.c_str(), EncodeHex(result).c_str());
-
- return true;
-}
-
-// XORKeyWithOddParityLSB sets |*key| to |key| XOR |value| and then writes
-// the LSB of each byte to establish odd parity for that byte. This parity-based
-// embedded of a DES key into 64 bits is an old tradition and something that
-// NIST's tests require.
-static void XORKeyWithOddParityLSB(std::vector<uint8_t> *key,
- const std::vector<uint8_t> &value) {
- for (size_t i = 0; i < key->size(); i++) {
- uint8_t v = (*key)[i] ^ value[i];
-
- // Use LSB to establish odd parity.
- v |= 0x01;
- for (uint8_t j = 1; j < 8; j++) {
- v ^= ((v >> j) & 0x01);
- }
- (*key)[i] = v;
- }
-}
-
-static bool TestMCT(FileTest *t, void *arg) {
- TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
-
- if (t->HasInstruction("ENCRYPT") == t->HasInstruction("DECRYPT")) {
- t->PrintLine("Want either ENCRYPT or DECRYPT");
- return false;
- }
- enum {
- kEncrypt,
- kDecrypt,
- } operation = t->HasInstruction("ENCRYPT") ? kEncrypt : kDecrypt;
-
- if (t->HasAttribute("NumKeys")) {
- // Another file format quirk: NumKeys is a single attribute line immediately
- // following an instruction and should probably have been an instruction
- // instead.
- std::string num_keys;
- t->GetAttribute(&num_keys, "NumKeys");
- t->InjectInstruction("NumKeys", num_keys);
- return true;
- }
-
- enum {
- kTwo,
- kThree,
- } num_keys;
- std::string num_keys_str;
- if (!t->GetInstruction(&num_keys_str, "NumKeys")) {
- return false;
- } else {
- const int n = strtoul(num_keys_str.c_str(), nullptr, 0);
- if (n == 2) {
- num_keys = kTwo;
- } else if (n == 3) {
- num_keys = kThree;
- } else {
- t->PrintLine("invalid NumKeys value");
- return false;
- }
- }
-
- std::string count;
- std::vector<uint8_t> key1, key2, key3, iv, in, result;
- const std::string in_label =
- operation == kEncrypt ? "PLAINTEXT" : "CIPHERTEXT";
- // clang-format off
- if (!t->GetBytes(&key1, "KEY1") ||
- !t->GetBytes(&key2, "KEY2") ||
- !t->GetBytes(&key3, "KEY3") ||
- (ctx->has_iv && !t->GetBytes(&iv, "IV")) ||
- !t->GetBytes(&in, in_label)) {
- return false;
- }
- // clang-format on
-
- for (int i = 0; i < 400; i++) {
- std::vector<uint8_t> current_iv = iv, current_in = in, prev_result,
- prev_prev_result;
-
- std::vector<uint8_t> key(key1);
- key.insert(key.end(), key2.begin(), key2.end());
- key.insert(key.end(), key3.begin(), key3.end());
-
- for (int j = 0; j < 10000; j++) {
- prev_prev_result = prev_result;
- prev_result = result;
- const EVP_CIPHER *cipher = ctx->cipher;
- if (!CipherOperation(cipher, &result, operation == kEncrypt, key,
- current_iv, current_in)) {
- t->PrintLine("CipherOperation failed");
- return false;
- }
- if (ctx->has_iv) {
- if (operation == kEncrypt) {
- if (j == 0) {
- current_in = current_iv;
- } else {
- current_in = prev_result;
- }
- current_iv = result;
- } else { // operation == kDecrypt
- current_iv = current_in;
- current_in = result;
- }
- } else {
- current_in = result;
- }
- }
-
- // Output result for COUNT = i.
- const std::string result_label =
- operation == kEncrypt ? "CIPHERTEXT" : "PLAINTEXT";
- if (i == 0) {
- const std::string op_label =
- operation == kEncrypt ? "ENCRYPT" : "DECRYPT";
- printf("[%s]\n\n", op_label.c_str());
- }
- printf("COUNT = %d\r\nKEY1 = %s\r\nKEY2 = %s\r\nKEY3 = %s\r\n", i,
- EncodeHex(key1).c_str(), EncodeHex(key2).c_str(),
- EncodeHex(key3).c_str());
- if (ctx->has_iv) {
- printf("IV = %s\r\n", EncodeHex(iv).c_str());
- }
- printf("%s = %s\r\n", in_label.c_str(), EncodeHex(in).c_str());
- printf("%s = %s\r\n\r\n", result_label.c_str(), EncodeHex(result).c_str());
-
-
- XORKeyWithOddParityLSB(&key1, result);
- XORKeyWithOddParityLSB(&key2, prev_result);
- if (num_keys == kThree) {
- XORKeyWithOddParityLSB(&key3, prev_prev_result);
- } else {
- XORKeyWithOddParityLSB(&key3, result);
- }
-
- if (ctx->has_iv) {
- if (operation == kEncrypt) {
- in = prev_result;
- iv = result;
- } else {
- iv = current_iv;
- in = current_in;
- }
- } else {
- in = result;
- }
- }
-
- return true;
-}
-
-static int usage(char *arg) {
- fprintf(stderr, "usage: %s (kat|mct) <cipher> <test file>\n", arg);
- return 1;
-}
-
-int cavp_tdes_test_main(int argc, char **argv) {
- if (argc != 4) {
- return usage(argv[0]);
- }
-
- const std::string tm(argv[1]);
- enum TestCtx::Mode test_mode;
- if (tm == "kat") {
- test_mode = TestCtx::kKAT;
- } else if (tm == "mct") {
- test_mode = TestCtx::kMCT;
- } else {
- fprintf(stderr, "invalid test_mode: %s\n", tm.c_str());
- return usage(argv[0]);
- }
-
- const std::string cipher_name(argv[2]);
- const EVP_CIPHER *cipher = GetCipher(argv[2]);
- if (cipher == nullptr) {
- fprintf(stderr, "invalid cipher: %s\n", argv[2]);
- return 1;
- }
- bool has_iv = cipher_name != "des-ede" && cipher_name != "des-ede3";
- TestCtx ctx = {cipher, has_iv, test_mode};
-
- FileTestFunc test_fn = test_mode == TestCtx::kKAT ? &TestKAT : &TestMCT;
- FileTest::Options opts;
- opts.path = argv[3];
- opts.callback = test_fn;
- opts.arg = &ctx;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/cavp_test_util.cc b/util/fipstools/cavp/cavp_test_util.cc
deleted file mode 100644
index 1b4e3a1..0000000
--- a/util/fipstools/cavp/cavp_test_util.cc
+++ /dev/null
@@ -1,220 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-#include "cavp_test_util.h"
-
-#include <openssl/bn.h>
-#include <openssl/digest.h>
-#include <openssl/ec.h>
-#include <openssl/nid.h>
-
-
-const EVP_CIPHER *GetCipher(const std::string &name) {
- if (name == "des-cbc") {
- return EVP_des_cbc();
- } else if (name == "des-ecb") {
- return EVP_des_ecb();
- } else if (name == "des-ede") {
- return EVP_des_ede();
- } else if (name == "des-ede3") {
- return EVP_des_ede3();
- } else if (name == "des-ede-cbc") {
- return EVP_des_ede_cbc();
- } else if (name == "des-ede3-cbc") {
- return EVP_des_ede3_cbc();
- } else if (name == "rc4") {
- return EVP_rc4();
- } else if (name == "aes-128-ecb") {
- return EVP_aes_128_ecb();
- } else if (name == "aes-256-ecb") {
- return EVP_aes_256_ecb();
- } else if (name == "aes-128-cbc") {
- return EVP_aes_128_cbc();
- } else if (name == "aes-128-gcm") {
- return EVP_aes_128_gcm();
- } else if (name == "aes-128-ofb") {
- return EVP_aes_128_ofb();
- } else if (name == "aes-192-cbc") {
- return EVP_aes_192_cbc();
- } else if (name == "aes-192-ctr") {
- return EVP_aes_192_ctr();
- } else if (name == "aes-192-ecb") {
- return EVP_aes_192_ecb();
- } else if (name == "aes-256-cbc") {
- return EVP_aes_256_cbc();
- } else if (name == "aes-128-ctr") {
- return EVP_aes_128_ctr();
- } else if (name == "aes-256-ctr") {
- return EVP_aes_256_ctr();
- } else if (name == "aes-256-gcm") {
- return EVP_aes_256_gcm();
- } else if (name == "aes-256-ofb") {
- return EVP_aes_256_ofb();
- }
- return nullptr;
-}
-
-bool CipherOperation(const EVP_CIPHER *cipher, std::vector<uint8_t> *out,
- bool encrypt, const std::vector<uint8_t> &key,
- const std::vector<uint8_t> &iv,
- const std::vector<uint8_t> &in) {
- bssl::ScopedEVP_CIPHER_CTX ctx;
- if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, nullptr, nullptr,
- encrypt ? 1 : 0)) {
- return false;
- }
- if (!iv.empty() && iv.size() != EVP_CIPHER_CTX_iv_length(ctx.get())) {
- return false;
- }
-
- int result_len1 = 0, result_len2;
- *out = std::vector<uint8_t>(in.size());
- if (!EVP_CIPHER_CTX_set_key_length(ctx.get(), key.size()) ||
- !EVP_CipherInit_ex(ctx.get(), nullptr, nullptr, key.data(), iv.data(),
- -1) ||
- !EVP_CIPHER_CTX_set_padding(ctx.get(), 0) ||
- !EVP_CipherUpdate(ctx.get(), out->data(), &result_len1, in.data(),
- in.size()) ||
- !EVP_CipherFinal_ex(ctx.get(), out->data() + result_len1, &result_len2)) {
- return false;
- }
- out->resize(result_len1 + result_len2);
-
- return true;
-}
-
-bool AEADEncrypt(const EVP_AEAD *aead, std::vector<uint8_t> *ct,
- std::vector<uint8_t> *tag, size_t tag_len,
- const std::vector<uint8_t> &key,
- const std::vector<uint8_t> &pt,
- const std::vector<uint8_t> &aad,
- const std::vector<uint8_t> &iv) {
- bssl::ScopedEVP_AEAD_CTX ctx;
- if (!EVP_AEAD_CTX_init(ctx.get(), aead, key.data(), key.size(), tag_len,
- nullptr)) {
- return false;
- }
-
- std::vector<uint8_t> out;
- out.resize(pt.size() + EVP_AEAD_max_overhead(aead));
- size_t out_len;
- if (!EVP_AEAD_CTX_seal(ctx.get(), out.data(), &out_len, out.size(), iv.data(),
- iv.size(), pt.data(), pt.size(), aad.data(),
- aad.size())) {
- return false;
- }
- out.resize(out_len);
-
- ct->assign(out.begin(), out.end() - tag_len);
- tag->assign(out.end() - tag_len, out.end());
-
- return true;
-}
-
-bool AEADDecrypt(const EVP_AEAD *aead, std::vector<uint8_t> *pt, size_t pt_len,
- const std::vector<uint8_t> &key,
- const std::vector<uint8_t> &aad,
- const std::vector<uint8_t> &ct,
- const std::vector<uint8_t> &tag,
- const std::vector<uint8_t> &iv) {
- bssl::ScopedEVP_AEAD_CTX ctx;
- if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.data(), key.size(),
- tag.size(), evp_aead_open)) {
- return false;
- }
- std::vector<uint8_t> in = ct;
- in.reserve(ct.size() + tag.size());
- in.insert(in.end(), tag.begin(), tag.end());
-
- pt->resize(pt_len);
- size_t out_pt_len;
- if (!EVP_AEAD_CTX_open(ctx.get(), pt->data(), &out_pt_len, pt->size(),
- iv.data(), iv.size(), in.data(), in.size(), aad.data(),
- aad.size()) ||
- out_pt_len != pt_len) {
- return false;
- }
- return true;
-}
-
-static int HexToBIGNUM(bssl::UniquePtr<BIGNUM> *out, const char *in) {
- BIGNUM *raw = NULL;
- int ret = BN_hex2bn(&raw, in);
- out->reset(raw);
- return ret;
-}
-
-bssl::UniquePtr<BIGNUM> GetBIGNUM(FileTest *t, const char *attribute) {
- std::string hex;
- if (!t->GetAttribute(&hex, attribute)) {
- return nullptr;
- }
-
- bssl::UniquePtr<BIGNUM> ret;
- if (HexToBIGNUM(&ret, hex.c_str()) != static_cast<int>(hex.size())) {
- t->PrintLine("Could not decode '%s'.", hex.c_str());
- return nullptr;
- }
- return ret;
-}
-
-int GetECGroupNIDFromInstruction(FileTest *t, const char **out_str) {
- const char *dummy;
- if (out_str == nullptr) {
- out_str = &dummy;
- }
-
- if (t->HasInstruction("P-224")) {
- *out_str = "P-224";
- return NID_secp224r1;
- }
- if (t->HasInstruction("P-256")) {
- *out_str = "P-256";
- return NID_X9_62_prime256v1;
- }
- if (t->HasInstruction("P-384")) {
- *out_str = "P-384";
- return NID_secp384r1;
- }
- if (t->HasInstruction("P-521")) {
- *out_str = "P-521";
- return NID_secp521r1;
- }
- t->PrintLine("No supported group specified.");
- return NID_undef;
-}
-
-const EVP_MD *GetDigestFromInstruction(FileTest *t) {
- if (t->HasInstruction("SHA-1")) {
- return EVP_sha1();
- }
- if (t->HasInstruction("SHA-224")) {
- return EVP_sha224();
- }
- if (t->HasInstruction("SHA-256")) {
- return EVP_sha256();
- }
- if (t->HasInstruction("SHA-384")) {
- return EVP_sha384();
- }
- if (t->HasInstruction("SHA-512")) {
- return EVP_sha512();
- }
- t->PrintLine("No supported digest function specified.");
- return nullptr;
-}
-
-void EchoComment(const std::string& comment) {
- fwrite(comment.c_str(), comment.size(), 1, stdout);
-}
diff --git a/util/fipstools/cavp/cavp_test_util.h b/util/fipstools/cavp/cavp_test_util.h
deleted file mode 100644
index d51dfe6..0000000
--- a/util/fipstools/cavp/cavp_test_util.h
+++ /dev/null
@@ -1,76 +0,0 @@
-/* Copyright (c) 2017, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-#ifndef OPENSSL_HEADER_CRYPTO_FIPSMODULE_CAVP_TEST_UTIL_H
-#define OPENSSL_HEADER_CRYPTO_FIPSMODULE_CAVP_TEST_UTIL_H
-
-#include <stdlib.h>
-#include <string>
-#include <vector>
-
-#include <openssl/aead.h>
-#include <openssl/cipher.h>
-
-#include "../crypto/test/file_test.h"
-
-
-const EVP_CIPHER *GetCipher(const std::string &name);
-
-bool CipherOperation(const EVP_CIPHER *cipher, std::vector<uint8_t> *out,
- bool encrypt, const std::vector<uint8_t> &key,
- const std::vector<uint8_t> &iv,
- const std::vector<uint8_t> &in);
-
-bool AEADEncrypt(const EVP_AEAD *aead, std::vector<uint8_t> *ct,
- std::vector<uint8_t> *tag, size_t tag_len,
- const std::vector<uint8_t> &key,
- const std::vector<uint8_t> &pt,
- const std::vector<uint8_t> &aad,
- const std::vector<uint8_t> &iv);
-
-bool AEADDecrypt(const EVP_AEAD *aead, std::vector<uint8_t> *pt, size_t pt_len,
- const std::vector<uint8_t> &key,
- const std::vector<uint8_t> &aad,
- const std::vector<uint8_t> &ct,
- const std::vector<uint8_t> &tag,
- const std::vector<uint8_t> &iv);
-
-bssl::UniquePtr<BIGNUM> GetBIGNUM(FileTest *t, const char *attribute);
-
-int GetECGroupNIDFromInstruction(FileTest *t, const char **out_str = nullptr);
-
-const EVP_MD *GetDigestFromInstruction(FileTest *t);
-
-void EchoComment(const std::string& comment);
-
-int cavp_aes_gcm_test_main(int argc, char **argv);
-int cavp_aes_test_main(int argc, char **argv);
-int cavp_ctr_drbg_test_main(int argc, char **argv);
-int cavp_ecdsa2_keypair_test_main(int argc, char **argv);
-int cavp_ecdsa2_pkv_test_main(int argc, char **argv);
-int cavp_ecdsa2_siggen_test_main(int argc, char **argv);
-int cavp_ecdsa2_sigver_test_main(int argc, char **argv);
-int cavp_hmac_test_main(int argc, char **argv);
-int cavp_kas_test_main(int argc, char **argv);
-int cavp_keywrap_test_main(int argc, char **argv);
-int cavp_rsa2_keygen_test_main(int argc, char **argv);
-int cavp_rsa2_siggen_test_main(int argc, char **argv);
-int cavp_rsa2_sigver_test_main(int argc, char **argv);
-int cavp_sha_monte_test_main(int argc, char **argv);
-int cavp_sha_test_main(int argc, char **argv);
-int cavp_tdes_test_main(int argc, char **argv);
-int cavp_tlskdf_test_main(int argc, char **argv);
-
-
-#endif // OPENSSL_HEADER_CRYPTO_FIPSMODULE_CAVP_TEST_UTIL_H
diff --git a/util/fipstools/cavp/cavp_tlskdf_test.cc b/util/fipstools/cavp/cavp_tlskdf_test.cc
deleted file mode 100644
index 0243439..0000000
--- a/util/fipstools/cavp/cavp_tlskdf_test.cc
+++ /dev/null
@@ -1,113 +0,0 @@
-/* Copyright (c) 2018, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-
-// cavp_tlskdf_test processes NIST TLS KDF test vectors and emits the
-// corresponding response.
-// See https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/components/askdfvs.pdf, section 6.4.
-
-#include <vector>
-
-#include <errno.h>
-
-#include <openssl/digest.h>
-
-#include "cavp_test_util.h"
-#include "../crypto/fipsmodule/tls/internal.h"
-#include "../crypto/test/file_test.h"
-#include "../crypto/test/test_util.h"
-
-
-static bool TestTLSKDF(FileTest *t, void *arg) {
- const EVP_MD *md = nullptr;
-
- if (t->HasInstruction("TLS 1.0/1.1")) {
- md = EVP_md5_sha1();
- } else if (t->HasInstruction("TLS 1.2")) {
- if (t->HasInstruction("SHA-256")) {
- md = EVP_sha256();
- } else if (t->HasInstruction("SHA-384")) {
- md = EVP_sha384();
- } else if (t->HasInstruction("SHA-512")) {
- md = EVP_sha512();
- }
- }
-
- if (md == nullptr) {
- return false;
- }
-
- std::string key_block_len_str;
- std::vector<uint8_t> premaster, server_random, client_random,
- key_block_server_random, key_block_client_random;
- if (!t->GetBytes(&premaster, "pre_master_secret") ||
- !t->GetBytes(&server_random, "serverHello_random") ||
- !t->GetBytes(&client_random, "clientHello_random") ||
- // The NIST tests specify different client and server randoms for the
- // expansion step from the master-secret step. This is impossible in TLS.
- !t->GetBytes(&key_block_server_random, "server_random") ||
- !t->GetBytes(&key_block_client_random, "client_random") ||
- !t->GetInstruction(&key_block_len_str, "key block length") ||
- // These are ignored.
- !t->HasAttribute("COUNT") ||
- !t->HasInstruction("pre-master secret length")) {
- return false;
- }
-
- uint8_t master_secret[48];
- static const char kMasterSecretLabel[] = "master secret";
- if (!CRYPTO_tls1_prf(md, master_secret, sizeof(master_secret),
- premaster.data(), premaster.size(), kMasterSecretLabel,
- sizeof(kMasterSecretLabel) - 1, client_random.data(),
- client_random.size(), server_random.data(),
- server_random.size())) {
- return false;
- }
-
- errno = 0;
- const long int key_block_bits =
- strtol(key_block_len_str.c_str(), nullptr, 10);
- if (errno != 0 || key_block_bits <= 0 || (key_block_bits & 7) != 0) {
- return false;
- }
- const size_t key_block_len = key_block_bits / 8;
- std::vector<uint8_t> key_block(key_block_len);
- static const char kLabel[] = "key expansion";
- if (!CRYPTO_tls1_prf(
- md, key_block.data(), key_block.size(), master_secret,
- sizeof(master_secret), kLabel, sizeof(kLabel) - 1,
- key_block_server_random.data(), key_block_server_random.size(),
- key_block_client_random.data(), key_block_client_random.size())) {
- return false;
- }
-
- printf("%smaster_secret = %s\r\nkey_block = %s\r\n\r\n",
- t->CurrentTestToString().c_str(), EncodeHex(master_secret).c_str(),
- EncodeHex(key_block).c_str());
-
- return true;
-}
-
-int cavp_tlskdf_test_main(int argc, char **argv) {
- if (argc != 2) {
- fprintf(stderr, "usage: %s <test file>\n", argv[0]);
- return 1;
- }
-
- FileTest::Options opts;
- opts.path = argv[1];
- opts.callback = TestTLSKDF;
- opts.silent = true;
- opts.comment_callback = EchoComment;
- return FileTestMain(opts);
-}
diff --git a/util/fipstools/cavp/run_cavp.go b/util/fipstools/cavp/run_cavp.go
deleted file mode 100644
index 51a4100..0000000
--- a/util/fipstools/cavp/run_cavp.go
+++ /dev/null
@@ -1,592 +0,0 @@
-// run_cavp.go processes CAVP input files and generates suitable response
-// files, optionally comparing the results against the provided FAX files.
-package main
-
-import (
- "bufio"
- "errors"
- "flag"
- "fmt"
- "os"
- "os/exec"
- "path"
- "path/filepath"
- "runtime"
- "strings"
- "sync"
- "time"
-)
-
-var (
- oraclePath = flag.String("oracle-bin", "", "Path to the oracle binary")
- suiteDir = flag.String("suite-dir", "", "Base directory containing the CAVP test suite")
- noFAX = flag.Bool("no-fax", false, "Skip comparing against FAX files")
- android = flag.Bool("android", false, "Run tests via ADB")
-)
-
-const (
- androidTmpPath = "/data/local/tmp/"
- androidCAVPPath = androidTmpPath + "cavp"
- androidLibCryptoPath = androidTmpPath + "libcrypto.so"
-)
-
-// test describes a single request file.
-type test struct {
- // inFile is the base of the filename without an extension, i.e.
- // “ECBMCT128”.
- inFile string
- // args are the arguments (not including the input filename) to the
- // oracle binary.
- args []string
- // noFAX, if true, indicates that the output cannot be compared against
- // the FAX file. (E.g. because the primitive is non-deterministic.)
- noFAX bool
-}
-
-// nextLineState can be used by FAX next-line function to store state.
-type nextLineState struct {
- // State used by the KAS test.
- nextIsIUTHash bool
-}
-
-// testSuite describes a series of tests that are handled by a single oracle
-// binary.
-type testSuite struct {
- // directory is the name of the directory in the CAVP input, i.e. “AES”.
- directory string
- // suite names the test suite to pass as the first command-line argument.
- suite string
- // nextLineFunc, if not nil, is the function used to read the next line
- // from the FAX file. This can be used to skip lines and/or mutate them
- // as needed. The second argument can be used by the scanner to store
- // state, if needed. If isWildcard is true on return then line is not
- // meaningful and any line from the response file should be accepted.
- nextLineFunc func(*bufio.Scanner, *nextLineState) (line string, isWildcard, ok bool)
- tests []test
-}
-
-func (t *testSuite) getDirectory() string {
- return filepath.Join(*suiteDir, t.directory)
-}
-
-var aesGCMTests = testSuite{
- "AES_GCM",
- "aes_gcm",
- nil,
- []test{
- {"gcmDecrypt128", []string{"dec", "aes-128-gcm"}, false},
- {"gcmDecrypt192", []string{"dec", "aes-192-gcm"}, false},
- {"gcmDecrypt256", []string{"dec", "aes-256-gcm"}, false},
- {"gcmEncryptExtIV128", []string{"enc", "aes-128-gcm"}, false},
- {"gcmEncryptExtIV192", []string{"enc", "aes-192-gcm"}, false},
- {"gcmEncryptExtIV256", []string{"enc", "aes-256-gcm"}, false},
- },
-}
-
-var aesTests = testSuite{
- "AES",
- "aes",
- nil,
- []test{
- {"CBCGFSbox128", []string{"kat", "aes-128-cbc"}, false},
- {"CBCGFSbox192", []string{"kat", "aes-192-cbc"}, false},
- {"CBCGFSbox256", []string{"kat", "aes-256-cbc"}, false},
- {"CBCKeySbox128", []string{"kat", "aes-128-cbc"}, false},
- {"CBCKeySbox192", []string{"kat", "aes-192-cbc"}, false},
- {"CBCKeySbox256", []string{"kat", "aes-256-cbc"}, false},
- {"CBCMMT128", []string{"kat", "aes-128-cbc"}, false},
- {"CBCMMT192", []string{"kat", "aes-192-cbc"}, false},
- {"CBCMMT256", []string{"kat", "aes-256-cbc"}, false},
- {"CBCVarKey128", []string{"kat", "aes-128-cbc"}, false},
- {"CBCVarKey192", []string{"kat", "aes-192-cbc"}, false},
- {"CBCVarKey256", []string{"kat", "aes-256-cbc"}, false},
- {"CBCVarTxt128", []string{"kat", "aes-128-cbc"}, false},
- {"CBCVarTxt192", []string{"kat", "aes-192-cbc"}, false},
- {"CBCVarTxt256", []string{"kat", "aes-256-cbc"}, false},
- {"ECBGFSbox128", []string{"kat", "aes-128-ecb"}, false},
- {"ECBGFSbox192", []string{"kat", "aes-192-ecb"}, false},
- {"ECBGFSbox256", []string{"kat", "aes-256-ecb"}, false},
- {"ECBKeySbox128", []string{"kat", "aes-128-ecb"}, false},
- {"ECBKeySbox192", []string{"kat", "aes-192-ecb"}, false},
- {"ECBKeySbox256", []string{"kat", "aes-256-ecb"}, false},
- {"ECBMMT128", []string{"kat", "aes-128-ecb"}, false},
- {"ECBMMT192", []string{"kat", "aes-192-ecb"}, false},
- {"ECBMMT256", []string{"kat", "aes-256-ecb"}, false},
- {"ECBVarKey128", []string{"kat", "aes-128-ecb"}, false},
- {"ECBVarKey192", []string{"kat", "aes-192-ecb"}, false},
- {"ECBVarKey256", []string{"kat", "aes-256-ecb"}, false},
- {"ECBVarTxt128", []string{"kat", "aes-128-ecb"}, false},
- {"ECBVarTxt192", []string{"kat", "aes-192-ecb"}, false},
- {"ECBVarTxt256", []string{"kat", "aes-256-ecb"}, false},
- // AES Monte-Carlo tests
- {"ECBMCT128", []string{"mct", "aes-128-ecb"}, false},
- {"ECBMCT192", []string{"mct", "aes-192-ecb"}, false},
- {"ECBMCT256", []string{"mct", "aes-256-ecb"}, false},
- {"CBCMCT128", []string{"mct", "aes-128-cbc"}, false},
- {"CBCMCT192", []string{"mct", "aes-192-cbc"}, false},
- {"CBCMCT256", []string{"mct", "aes-256-cbc"}, false},
- },
-}
-
-var ecdsa2KeyPairTests = testSuite{
- "ECDSA2",
- "ecdsa2_keypair",
- nil,
- []test{{"KeyPair", nil, true}},
-}
-
-var ecdsa2PKVTests = testSuite{
- "ECDSA2",
- "ecdsa2_pkv",
- nil,
- []test{{"PKV", nil, false}},
-}
-
-var ecdsa2SigGenTests = testSuite{
- "ECDSA2",
- "ecdsa2_siggen",
- nil,
- []test{
- {"SigGen", []string{"SigGen"}, true},
- {"SigGenComponent", []string{"SigGenComponent"}, true},
- },
-}
-
-var ecdsa2SigVerTests = testSuite{
- "ECDSA2",
- "ecdsa2_sigver",
- nil,
- []test{{"SigVer", nil, false}},
-}
-
-var rsa2KeyGenTests = testSuite{
- "RSA2",
- "rsa2_keygen",
- nil,
- []test{
- {"KeyGen_RandomProbablyPrime3_3", nil, true},
- },
-}
-
-var rsa2SigGenTests = testSuite{
- "RSA2",
- "rsa2_siggen",
- nil,
- []test{
- {"SigGen15_186-3", []string{"pkcs15"}, true},
- {"SigGenPSS_186-3", []string{"pss"}, true},
- },
-}
-
-var rsa2SigVerTests = testSuite{
- "RSA2",
- "rsa2_sigver",
- func(s *bufio.Scanner, state *nextLineState) (string, bool, bool) {
- for {
- if !s.Scan() {
- return "", false, false
- }
-
- line := s.Text()
- if strings.HasPrefix(line, "p = ") || strings.HasPrefix(line, "d = ") || strings.HasPrefix(line, "SaltVal = ") || strings.HasPrefix(line, "EM with ") {
- continue
- }
- if strings.HasPrefix(line, "q = ") {
- // Skip the "q = " line and an additional blank line.
- if !s.Scan() ||
- len(strings.TrimSpace(s.Text())) > 0 {
- return "", false, false
- }
- continue
- }
- return line, false, true
- }
- },
- []test{
- {"SigVer15_186-3", []string{"pkcs15"}, false},
- {"SigVerPSS_186-3", []string{"pss"}, false},
- },
-}
-
-var hmacTests = testSuite{
- "HMAC",
- "hmac",
- nil,
- []test{{"HMAC", nil, false}},
-}
-
-var shaTests = testSuite{
- "SHA",
- "sha",
- nil,
- []test{
- {"SHA1LongMsg", []string{"SHA1"}, false},
- {"SHA1ShortMsg", []string{"SHA1"}, false},
- {"SHA224LongMsg", []string{"SHA224"}, false},
- {"SHA224ShortMsg", []string{"SHA224"}, false},
- {"SHA256LongMsg", []string{"SHA256"}, false},
- {"SHA256ShortMsg", []string{"SHA256"}, false},
- {"SHA384LongMsg", []string{"SHA384"}, false},
- {"SHA384ShortMsg", []string{"SHA384"}, false},
- {"SHA512LongMsg", []string{"SHA512"}, false},
- {"SHA512ShortMsg", []string{"SHA512"}, false},
- },
-}
-
-var shaMonteTests = testSuite{
- "SHA",
- "sha_monte",
- nil,
- []test{
- {"SHA1Monte", []string{"SHA1"}, false},
- {"SHA224Monte", []string{"SHA224"}, false},
- {"SHA256Monte", []string{"SHA256"}, false},
- {"SHA384Monte", []string{"SHA384"}, false},
- {"SHA512Monte", []string{"SHA512"}, false},
- },
-}
-
-var ctrDRBGTests = testSuite{
- "DRBG800-90A",
- "ctr_drbg",
- nil,
- []test{{"CTR_DRBG", nil, false}},
-}
-
-var tdesTests = testSuite{
- "TDES",
- "tdes",
- nil,
- []test{
- {"TCBCMMT2", []string{"kat", "des-ede-cbc"}, false},
- {"TCBCMMT3", []string{"kat", "des-ede3-cbc"}, false},
- {"TCBCMonte2", []string{"mct", "des-ede3-cbc"}, false},
- {"TCBCMonte3", []string{"mct", "des-ede3-cbc"}, false},
- {"TCBCinvperm", []string{"kat", "des-ede3-cbc"}, false},
- {"TCBCpermop", []string{"kat", "des-ede3-cbc"}, false},
- {"TCBCsubtab", []string{"kat", "des-ede3-cbc"}, false},
- {"TCBCvarkey", []string{"kat", "des-ede3-cbc"}, false},
- {"TCBCvartext", []string{"kat", "des-ede3-cbc"}, false},
- {"TECBMMT2", []string{"kat", "des-ede"}, false},
- {"TECBMMT3", []string{"kat", "des-ede3"}, false},
- {"TECBMonte2", []string{"mct", "des-ede3"}, false},
- {"TECBMonte3", []string{"mct", "des-ede3"}, false},
- {"TECBinvperm", []string{"kat", "des-ede3"}, false},
- {"TECBpermop", []string{"kat", "des-ede3"}, false},
- {"TECBsubtab", []string{"kat", "des-ede3"}, false},
- {"TECBvarkey", []string{"kat", "des-ede3"}, false},
- {"TECBvartext", []string{"kat", "des-ede3"}, false},
- },
-}
-
-var keyWrapTests = testSuite{
- "KeyWrap38F",
- "keywrap",
- nil,
- []test{
- {"KW_AD_128", []string{"dec", "128"}, false},
- {"KW_AD_192", []string{"dec", "192"}, false},
- {"KW_AD_256", []string{"dec", "256"}, false},
- {"KW_AE_128", []string{"enc", "128"}, false},
- {"KW_AE_192", []string{"enc", "192"}, false},
- {"KW_AE_256", []string{"enc", "256"}, false},
- {"KWP_AD_128", []string{"dec-pad", "128"}, false},
- {"KWP_AD_192", []string{"dec-pad", "192"}, false},
- {"KWP_AD_256", []string{"dec-pad", "256"}, false},
- {"KWP_AE_128", []string{"enc-pad", "128"}, false},
- {"KWP_AE_192", []string{"enc-pad", "192"}, false},
- {"KWP_AE_256", []string{"enc-pad", "256"}, false},
- },
-}
-
-var kasTests = testSuite{
- "KAS",
- "kas",
- func(s *bufio.Scanner, state *nextLineState) (line string, isWildcard, ok bool) {
- for {
- // If the response file will include the IUT hash next,
- // return a wildcard signal because this cannot be
- // matched against the FAX file.
- if state.nextIsIUTHash {
- state.nextIsIUTHash = false
- return "", true, true
- }
-
- if !s.Scan() {
- return "", false, false
- }
-
- line := s.Text()
- if strings.HasPrefix(line, "deCAVS = ") || strings.HasPrefix(line, "Z = ") {
- continue
- }
- if strings.HasPrefix(line, "CAVSHashZZ = ") {
- state.nextIsIUTHash = true
- }
- return line, false, true
- }
- },
- []test{
- {"KASFunctionTest_ECCEphemeralUnified_NOKC_ZZOnly_init", []string{"function"}, true},
- {"KASFunctionTest_ECCEphemeralUnified_NOKC_ZZOnly_resp", []string{"function"}, true},
- {"KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init", []string{"validity"}, false},
- {"KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp", []string{"validity"}, false},
- },
-}
-
-var tlsKDFTests = testSuite{
- "KDF135",
- "tlskdf",
- nil,
- []test{
- {"tls", nil, false},
- },
-}
-
-var testSuites = []*testSuite{
- &aesGCMTests,
- &aesTests,
- &ctrDRBGTests,
- &ecdsa2KeyPairTests,
- &ecdsa2PKVTests,
- &ecdsa2SigGenTests,
- &ecdsa2SigVerTests,
- &hmacTests,
- &keyWrapTests,
- &rsa2KeyGenTests,
- &rsa2SigGenTests,
- &rsa2SigVerTests,
- &shaTests,
- &shaMonteTests,
- &tdesTests,
- &kasTests,
- &tlsKDFTests,
-}
-
-// testInstance represents a specific test in a testSuite.
-type testInstance struct {
- suite *testSuite
- testIndex int
-}
-
-func worker(wg *sync.WaitGroup, work <-chan testInstance) {
- defer wg.Done()
-
- for ti := range work {
- test := ti.suite.tests[ti.testIndex]
-
- if err := doTest(ti.suite, test); err != nil {
- fmt.Fprintf(os.Stderr, "%s\n", err)
- os.Exit(2)
- }
-
- if !*noFAX && !test.noFAX {
- if err := compareFAX(ti.suite, test); err != nil {
- fmt.Fprintf(os.Stderr, "%s\n", err)
- os.Exit(3)
- }
- }
- }
-}
-
-func checkAndroidPrereqs() error {
- // The cavp binary, and a matching libcrypto.so, are required to be placed
- // in /data/local/tmp before running this script.
- if err := exec.Command("adb", "shell", "ls", androidCAVPPath).Run(); err != nil {
- return errors.New("failed to list cavp binary; ensure that adb works and cavp binary is in place: " + err.Error())
- }
- if err := exec.Command("adb", "shell", "ls", androidLibCryptoPath).Run(); err != nil {
- return errors.New("failed to list libcrypto.so; ensure that library is in place: " + err.Error())
- }
- return nil
-}
-
-func main() {
- flag.Parse()
-
- if *android {
- if err := checkAndroidPrereqs(); err != nil {
- fmt.Fprintf(os.Stderr, "%s\n", err)
- os.Exit(1)
- }
- } else if len(*oraclePath) == 0 {
- fmt.Fprintf(os.Stderr, "Must give -oracle-bin\n")
- os.Exit(1)
- }
-
- work := make(chan testInstance)
- var wg sync.WaitGroup
-
- numWorkers := runtime.NumCPU()
- if *android {
- numWorkers = 1
- }
-
- for i := 0; i < numWorkers; i++ {
- wg.Add(1)
- go worker(&wg, work)
- }
-
- for _, suite := range testSuites {
- for i := range suite.tests {
- work <- testInstance{suite, i}
- }
- }
-
- close(work)
- wg.Wait()
-}
-
-func doTest(suite *testSuite, test test) error {
- bin := *oraclePath
- var args []string
-
- if *android {
- bin = "adb"
- args = []string{"shell", "LD_LIBRARY_PATH=" + androidTmpPath, androidCAVPPath}
- }
-
- args = append(args, suite.suite)
- args = append(args, test.args...)
- reqPath := filepath.Join(suite.getDirectory(), "req", test.inFile+".req")
- var reqPathOnDevice string
-
- if *android {
- reqPathOnDevice = path.Join(androidTmpPath, test.inFile+".req")
- if err := exec.Command("adb", "push", reqPath, reqPathOnDevice).Run(); err != nil {
- return errors.New("failed to push request file: " + err.Error())
- }
- args = append(args, reqPathOnDevice)
- } else {
- args = append(args, reqPath)
- }
-
- respDir := filepath.Join(suite.getDirectory(), "resp")
- if err := os.Mkdir(respDir, 0755); err != nil && !os.IsExist(err) {
- return fmt.Errorf("cannot create resp directory: %s", err)
- }
- outPath := filepath.Join(respDir, test.inFile+".rsp")
- outFile, err := os.OpenFile(outPath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
- if err != nil {
- return fmt.Errorf("cannot open output file for %q %q: %s", suite.getDirectory(), test.inFile, err)
- }
- defer outFile.Close()
-
- cmd := exec.Command(bin, args...)
- cmd.Stdout = outFile
- cmd.Stderr = os.Stderr
-
- cmdLine := strings.Join(append([]string{bin}, args...), " ")
- startTime := time.Now()
- if err := cmd.Run(); err != nil {
- return fmt.Errorf("cannot run command for %q %q (%s): %s", suite.getDirectory(), test.inFile, cmdLine, err)
- }
-
- fmt.Printf("%s (%ds)\n", cmdLine, int(time.Since(startTime).Seconds()))
-
- if *android {
- exec.Command("adb", "shell", "rm", reqPathOnDevice).Run()
- }
-
- return nil
-}
-
-func canonicalizeLine(in string) string {
- if strings.HasPrefix(in, "Result = P (") {
- return "Result = P"
- }
- if strings.HasPrefix(in, "Result = F (") {
- return "Result = F"
- }
- return in
-}
-
-func compareFAX(suite *testSuite, test test) error {
- nextLineFunc := suite.nextLineFunc
- if nextLineFunc == nil {
- nextLineFunc = func(s *bufio.Scanner, state *nextLineState) (string, bool, bool) {
- if !s.Scan() {
- return "", false, false
- }
- return s.Text(), false, true
- }
- }
-
- respPath := filepath.Join(suite.getDirectory(), "resp", test.inFile+".rsp")
- respFile, err := os.Open(respPath)
- if err != nil {
- return fmt.Errorf("cannot read output of %q %q: %s", suite.getDirectory(), test.inFile, err)
- }
- defer respFile.Close()
-
- faxPath := filepath.Join(suite.getDirectory(), "fax", test.inFile+".fax")
- faxFile, err := os.Open(faxPath)
- if err != nil {
- return fmt.Errorf("cannot open fax file for %q %q: %s", suite.getDirectory(), test.inFile, err)
- }
- defer faxFile.Close()
-
- respScanner := bufio.NewScanner(respFile)
- faxScanner := bufio.NewScanner(faxFile)
- var nextLineState nextLineState
-
- lineNo := 0
- inHeader := true
-
- for respScanner.Scan() {
- lineNo++
- respLine := respScanner.Text()
- var faxLine string
- var isWildcard, ok bool
-
- if inHeader && (len(respLine) == 0 || respLine[0] == '#') {
- continue
- }
-
- for {
- haveFaxLine := false
-
- if inHeader {
- for {
- if faxLine, isWildcard, ok = nextLineFunc(faxScanner, &nextLineState); !ok {
- break
- }
- if len(faxLine) != 0 && faxLine[0] != '#' {
- haveFaxLine = true
- break
- }
- }
-
- inHeader = false
- } else {
- faxLine, isWildcard, haveFaxLine = nextLineFunc(faxScanner, &nextLineState)
- }
-
- if !haveFaxLine {
- // Ignore blank lines at the end of the generated file.
- if len(respLine) == 0 {
- break
- }
- return fmt.Errorf("resp file is longer than fax for %q %q", suite.getDirectory(), test.inFile)
- }
-
- if strings.HasPrefix(faxLine, " (Reason: ") {
- continue
- }
-
- break
- }
-
- if isWildcard || canonicalizeLine(faxLine) == canonicalizeLine(respLine) {
- continue
- }
-
- return fmt.Errorf("resp and fax differ at line %d for %q %q: %q vs %q", lineNo, suite.getDirectory(), test.inFile, respLine, faxLine)
- }
-
- if _, _, ok := nextLineFunc(faxScanner, &nextLineState); ok {
- return fmt.Errorf("fax file is longer than resp for %q %q", suite.getDirectory(), test.inFile)
- }
-
- return nil
-}
diff --git a/util/fipstools/test-break-kat.sh b/util/fipstools/test-break-kat.sh
index d343aa4..d2c44a7 100644
--- a/util/fipstools/test-break-kat.sh
+++ b/util/fipstools/test-break-kat.sh
@@ -18,7 +18,7 @@
set -x
set -e
-TEST_FIPS_BIN="build/util/fipstools/cavp/test_fips"
+TEST_FIPS_BIN="build/util/fipstools/test_fips"
if [ ! -f $TEST_FIPS_BIN ]; then
echo "$TEST_FIPS_BIN is missing. Run this script from the top level of a"
diff --git a/util/fipstools/cavp/test_fips.c b/util/fipstools/test_fips.c
similarity index 98%
rename from util/fipstools/cavp/test_fips.c
rename to util/fipstools/test_fips.c
index dd82d65..b3d5521 100644
--- a/util/fipstools/cavp/test_fips.c
+++ b/util/fipstools/test_fips.c
@@ -30,9 +30,9 @@
#include <openssl/rsa.h>
#include <openssl/sha.h>
-#include "../crypto/fipsmodule/rand/internal.h"
-#include "../crypto/fipsmodule/tls/internal.h"
-#include "../crypto/internal.h"
+#include "../../crypto/fipsmodule/rand/internal.h"
+#include "../../crypto/fipsmodule/tls/internal.h"
+#include "../../crypto/internal.h"
static void hexdump(const void *a, size_t len) {
