| // Copyright (c) 2020, Google Inc. |
| // |
| // Permission to use, copy, modify, and/or distribute this software for any |
| // purpose with or without fee is hereby granted, provided that the above |
| // copyright notice and this permission notice appear in all copies. |
| // |
| // THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
| // WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
| // MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
| // SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
| // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
| // OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
| // CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| |
| package subprocess |
| |
| import ( |
| "encoding/hex" |
| "encoding/json" |
| "fmt" |
| ) |
| |
| // See https://pages.nist.gov/ACVP/draft-celi-acvp-rsa.html#name-test-vectors |
| // although, at the time of writing, that spec doesn't match what the NIST demo |
| // server actually produces. This code matches the server. |
| |
| type rsaTestVectorSet struct { |
| Mode string `json:"mode"` |
| } |
| |
| type rsaKeyGenTestVectorSet struct { |
| Groups []rsaKeyGenGroup `json:"testGroups"` |
| } |
| |
| type rsaKeyGenGroup struct { |
| ID uint64 `json:"tgId"` |
| Type string `json:"testType"` |
| ModulusBits uint32 `json:"modulo"` |
| Tests []rsaKeyGenTest `json:"tests"` |
| } |
| |
| type rsaKeyGenTest struct { |
| ID uint64 `json:"tcId"` |
| } |
| |
| type rsaKeyGenTestGroupResponse struct { |
| ID uint64 `json:"tgId"` |
| Tests []rsaKeyGenTestResponse `json:"tests"` |
| } |
| |
| type rsaKeyGenTestResponse struct { |
| ID uint64 `json:"tcId"` |
| E string `json:"e"` |
| P string `json:"p"` |
| Q string `json:"q"` |
| N string `json:"n"` |
| D string `json:"d"` |
| } |
| |
| type rsaSigGenTestVectorSet struct { |
| Groups []rsaSigGenGroup `json:"testGroups"` |
| } |
| |
| type rsaSigGenGroup struct { |
| ID uint64 `json:"tgId"` |
| Type string `json:"testType"` |
| SigType string `json:"sigType"` |
| ModulusBits uint32 `json:"modulo"` |
| Hash string `json:"hashAlg"` |
| Tests []rsaSigGenTest `json:"tests"` |
| } |
| |
| type rsaSigGenTest struct { |
| ID uint64 `json:"tcId"` |
| MessageHex string `json:"message"` |
| } |
| |
| type rsaSigGenTestGroupResponse struct { |
| ID uint64 `json:"tgId"` |
| N string `json:"n"` |
| E string `json:"e"` |
| Tests []rsaSigGenTestResponse `json:"tests"` |
| } |
| |
| type rsaSigGenTestResponse struct { |
| ID uint64 `json:"tcId"` |
| Sig string `json:"signature"` |
| } |
| |
| type rsaSigVerTestVectorSet struct { |
| Groups []rsaSigVerGroup `json:"testGroups"` |
| } |
| |
| type rsaSigVerGroup struct { |
| ID uint64 `json:"tgId"` |
| Type string `json:"testType"` |
| SigType string `json:"sigType"` |
| Hash string `json:"hashAlg"` |
| N string `json:"n"` |
| E string `json:"e"` |
| Tests []rsaSigVerTest `json:"tests"` |
| } |
| |
| type rsaSigVerTest struct { |
| ID uint64 `json:"tcId"` |
| MessageHex string `json:"message"` |
| SignatureHex string `json:"signature"` |
| } |
| |
| type rsaSigVerTestGroupResponse struct { |
| ID uint64 `json:"tgId"` |
| Tests []rsaSigVerTestResponse `json:"tests"` |
| } |
| |
| type rsaSigVerTestResponse struct { |
| ID uint64 `json:"tcId"` |
| Passed bool `json:"testPassed"` |
| } |
| |
| func processKeyGen(vectorSet []byte, m Transactable) (interface{}, error) { |
| var parsed rsaKeyGenTestVectorSet |
| if err := json.Unmarshal(vectorSet, &parsed); err != nil { |
| return nil, err |
| } |
| |
| var ret []rsaKeyGenTestGroupResponse |
| |
| for _, group := range parsed.Groups { |
| // GDT means "Generated data test", i.e. "please generate an RSA key". |
| const expectedType = "GDT" |
| if group.Type != expectedType { |
| return nil, fmt.Errorf("RSA KeyGen test group has type %q, but only generation tests (%q) are supported", group.Type, expectedType) |
| } |
| |
| response := rsaKeyGenTestGroupResponse{ |
| ID: group.ID, |
| } |
| |
| for _, test := range group.Tests { |
| results, err := m.Transact("RSA/keyGen", 5, uint32le(group.ModulusBits)) |
| if err != nil { |
| return nil, err |
| } |
| |
| response.Tests = append(response.Tests, rsaKeyGenTestResponse{ |
| ID: test.ID, |
| E: hex.EncodeToString(results[0]), |
| P: hex.EncodeToString(results[1]), |
| Q: hex.EncodeToString(results[2]), |
| N: hex.EncodeToString(results[3]), |
| D: hex.EncodeToString(results[4]), |
| }) |
| } |
| |
| ret = append(ret, response) |
| } |
| |
| return ret, nil |
| } |
| |
| func processSigGen(vectorSet []byte, m Transactable) (interface{}, error) { |
| var parsed rsaSigGenTestVectorSet |
| if err := json.Unmarshal(vectorSet, &parsed); err != nil { |
| return nil, err |
| } |
| |
| var ret []rsaSigGenTestGroupResponse |
| |
| for _, group := range parsed.Groups { |
| // GDT means "Generated data test", i.e. "please generate an RSA signature". |
| const expectedType = "GDT" |
| if group.Type != expectedType { |
| return nil, fmt.Errorf("RSA SigGen test group has type %q, but only generation tests (%q) are supported", group.Type, expectedType) |
| } |
| |
| response := rsaSigGenTestGroupResponse{ |
| ID: group.ID, |
| } |
| |
| operation := "RSA/sigGen/" + group.Hash + "/" + group.SigType |
| |
| for _, test := range group.Tests { |
| msg, err := hex.DecodeString(test.MessageHex) |
| if err != nil { |
| return nil, fmt.Errorf("test case %d/%d contains invalid hex: %s", group.ID, test.ID, err) |
| } |
| |
| results, err := m.Transact(operation, 3, uint32le(group.ModulusBits), msg) |
| if err != nil { |
| return nil, err |
| } |
| |
| if len(response.N) == 0 { |
| response.N = hex.EncodeToString(results[0]) |
| response.E = hex.EncodeToString(results[1]) |
| } else if response.N != hex.EncodeToString(results[0]) { |
| return nil, fmt.Errorf("module wrapper returned different RSA keys for the same SigGen configuration") |
| } |
| |
| response.Tests = append(response.Tests, rsaSigGenTestResponse{ |
| ID: test.ID, |
| Sig: hex.EncodeToString(results[2]), |
| }) |
| } |
| |
| ret = append(ret, response) |
| } |
| |
| return ret, nil |
| } |
| |
| func processSigVer(vectorSet []byte, m Transactable) (interface{}, error) { |
| var parsed rsaSigVerTestVectorSet |
| if err := json.Unmarshal(vectorSet, &parsed); err != nil { |
| return nil, err |
| } |
| |
| var ret []rsaSigVerTestGroupResponse |
| |
| for _, group := range parsed.Groups { |
| // GDT means "Generated data test", which makes no sense in this context. |
| const expectedType = "GDT" |
| if group.Type != expectedType { |
| return nil, fmt.Errorf("RSA SigVer test group has type %q, but only 'generation' tests (%q) are supported", group.Type, expectedType) |
| } |
| |
| n, err := hex.DecodeString(group.N) |
| if err != nil { |
| return nil, fmt.Errorf("test group %d contains invalid hex: %s", group.ID, err) |
| } |
| e, err := hex.DecodeString(group.E) |
| if err != nil { |
| return nil, fmt.Errorf("test group %d contains invalid hex: %s", group.ID, err) |
| } |
| |
| response := rsaSigVerTestGroupResponse{ |
| ID: group.ID, |
| } |
| |
| operation := "RSA/sigVer/" + group.Hash + "/" + group.SigType |
| |
| for _, test := range group.Tests { |
| msg, err := hex.DecodeString(test.MessageHex) |
| if err != nil { |
| return nil, fmt.Errorf("test case %d/%d contains invalid hex: %s", group.ID, test.ID, err) |
| } |
| sig, err := hex.DecodeString(test.SignatureHex) |
| if err != nil { |
| return nil, fmt.Errorf("test case %d/%d contains invalid hex: %s", group.ID, test.ID, err) |
| } |
| |
| results, err := m.Transact(operation, 1, n, e, msg, sig) |
| if err != nil { |
| return nil, err |
| } |
| |
| response.Tests = append(response.Tests, rsaSigVerTestResponse{ |
| ID: test.ID, |
| Passed: len(results[0]) == 1 && results[0][0] == 1, |
| }) |
| } |
| |
| ret = append(ret, response) |
| } |
| |
| return ret, nil |
| } |
| |
| type rsa struct{} |
| |
| func (*rsa) Process(vectorSet []byte, m Transactable) (interface{}, error) { |
| var parsed rsaTestVectorSet |
| if err := json.Unmarshal(vectorSet, &parsed); err != nil { |
| return nil, err |
| } |
| |
| switch parsed.Mode { |
| case "keyGen": |
| return processKeyGen(vectorSet, m) |
| case "sigGen": |
| return processSigGen(vectorSet, m) |
| case "sigVer": |
| return processSigVer(vectorSet, m) |
| default: |
| return nil, fmt.Errorf("Unknown RSA mode %q", parsed.Mode) |
| } |
| } |