Google Git
Sign in
boringssl/boringssl.git/aaa4045b04e95060416c87d9d5bafda3ae72977c^!/.
commit
aaa4045b04e95060416c87d9d5bafda3ae72977c
[log]
author
Adam Langley <agl@google.com>
Fri Apr 28 09:00:03 2017 -0700
committer
Adam Langley <agl@google.com>
Fri Apr 28 16:49:43 2017 +0000
tree
a56fb8facc211179cba1a9648e49e38019da6b37
parent
7c12587994519512ddc708c74f6ebc142fb4a575 [diff]
Add tool to run CAVP tests.

Change-Id: If503b65de2879186b23ad148363b8ec8be4c611c
Reviewed-on: https://boringssl-review.googlesource.com/15644
Reviewed-by: Martin Kreichgauer <martinkr@google.com>
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/fipsoracle/run_cavp.go b/crypto/fipsoracle/run_cavp.go
new file mode 100644
index 0000000..88ef35d
--- /dev/null
+++ b/crypto/fipsoracle/run_cavp.go

@@ -0,0 +1,226 @@
+// run_cavp.go processes CAVP input files and generates suitable response
+// files, optionally comparing the results against the provided FAX files.
+package main
+
+import (
+	"bufio"
+	"flag"
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+)
+
+var (
+	binaryDir = flag.String("bin-dir", "", "Directory containing fipsoracle binaries")
+)
+
+// test describes a single request file.
+type test struct {
+	// inFile is the base of the filename without an extension, i.e.
+	// “ECBMCT128”.
+	inFile string
+	// args are the arguments (not including the input filename) to the
+	// oracle binary.
+	args   []string
+	// noFAX, if true, indicates that the output cannot be compared against
+	// the FAX file. (E.g. because the primitive is non-deterministic.)
+	noFAX bool
+}
+
+// testSuite describes a series of tests that are handled by a single oracle
+// binary.
+type testSuite struct {
+	// directory is the name of the directory in the CAVP input, i.e. “AES”.
+	directory string
+	// binary is the name of the binary that can process these tests.
+	binary    string
+	tests     []test
+}
+
+var aesGCMTests = testSuite{
+	"AES_GCM",
+	"cavp_aes_gcm_test",
+	[]test{
+		{"gcmDecrypt128", []string{"dec", "aes-128-gcm"}, false},
+		{"gcmDecrypt256", []string{"dec", "aes-256-gcm"}, false},
+		{"gcmEncryptIntIV128", []string{"enc", "aes-128-gcm"}, true},
+		{"gcmEncryptIntIV256", []string{"enc", "aes-256-gcm"}, true},
+	},
+}
+
+var aesTests = testSuite{
+	"AES",
+	"cavp_aes_test",
+	[]test{
+		{"CBCGFSbox128", []string{"aes-128-cbc"}, false},
+		{"CBCGFSbox192", []string{"aes-192-cbc"}, false},
+		{"CBCGFSbox256", []string{"aes-256-cbc"}, false},
+		{"CBCKeySbox128", []string{"aes-128-cbc"}, false},
+		{"CBCKeySbox192", []string{"aes-192-cbc"}, false},
+		{"CBCKeySbox256", []string{"aes-256-cbc"}, false},
+		{"CBCMMT128", []string{"aes-128-cbc"}, false},
+		{"CBCMMT192", []string{"aes-192-cbc"}, false},
+		{"CBCMMT256", []string{"aes-256-cbc"}, false},
+		{"CBCVarKey128", []string{"aes-128-cbc"}, false},
+		{"CBCVarKey192", []string{"aes-192-cbc"}, false},
+		{"CBCVarKey256", []string{"aes-256-cbc"}, false},
+		{"CBCVarTxt128", []string{"aes-128-cbc"}, false},
+		{"CBCVarTxt192", []string{"aes-192-cbc"}, false},
+		{"CBCVarTxt256", []string{"aes-256-cbc"}, false},
+		{"ECBGFSbox128", []string{"aes-128-ecb"}, false},
+		{"ECBGFSbox192", []string{"aes-192-ecb"}, false},
+		{"ECBGFSbox256", []string{"aes-256-ecb"}, false},
+		{"ECBKeySbox128", []string{"aes-128-ecb"}, false},
+		{"ECBKeySbox192", []string{"aes-192-ecb"}, false},
+		{"ECBKeySbox256", []string{"aes-256-ecb"}, false},
+		{"ECBMMT128", []string{"aes-128-ecb"}, false},
+		{"ECBMMT192", []string{"aes-192-ecb"}, false},
+		{"ECBMMT256", []string{"aes-256-ecb"}, false},
+		{"ECBVarKey128", []string{"aes-128-ecb"}, false},
+		{"ECBVarKey192", []string{"aes-192-ecb"}, false},
+		{"ECBVarKey256", []string{"aes-256-ecb"}, false},
+		{"ECBVarTxt128", []string{"aes-128-ecb"}, false},
+		{"ECBVarTxt192", []string{"aes-192-ecb"}, false},
+		{"ECBVarTxt256", []string{"aes-256-ecb"}, false},
+	},
+}
+
+// AES Monte-Carlo tests need a different binary.
+//{"ECBMCT128", []string{"aes-128-ecb"}, false},
+//{"ECBMCT192", []string{"aes-192-ecb"}, false},
+//{"ECBMCT256", []string{"aes-256-ecb"}, false},
+//{"CBCMCT128", []string{"aes-128-cbc"}, false},
+//{"CBCMCT192", []string{"aes-192-cbc"}, false},
+//{"CBCMCT256", []string{"aes-256-cbc"}, false},
+
+var allTestSuites = []*testSuite{
+	&aesGCMTests,
+	&aesTests,
+}
+
+func main() {
+	flag.Parse()
+
+	if len(*binaryDir) == 0 {
+		fmt.Fprintf(os.Stderr, "Must give -bin-dir\n")
+		os.Exit(1)
+	}
+
+	for _, suite := range allTestSuites {
+		for _, test := range suite.tests {
+			if err := doTest(suite, test); err != nil {
+				fmt.Fprintf(os.Stderr, "%s\n", err)
+				os.Exit(2)
+			}
+
+			if !test.noFAX {
+				if err := compareFAX(suite, test); err != nil {
+					fmt.Fprintf(os.Stderr, "%s\n", err)
+					os.Exit(3)
+				}
+			}
+		}
+	}
+}
+
+func doTest(suite *testSuite, test test) error {
+	binary := filepath.Join(*binaryDir, suite.binary)
+
+	var args []string
+	args = append(args, test.args...)
+	args = append(args, filepath.Join(suite.directory, "req", test.inFile+".req"))
+
+	outPath := filepath.Join(suite.directory, "resp", test.inFile+".resp")
+	outFile, err := os.OpenFile(outPath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
+	if err != nil {
+		return fmt.Errorf("cannot open output file for %q %q: %s", suite.directory, test.inFile, err)
+	}
+	defer outFile.Close()
+
+	cmd := exec.Command(binary, args...)
+	cmd.Stdout = outFile
+	cmd.Stderr = os.Stderr
+
+	if err := cmd.Run(); err != nil {
+		return fmt.Errorf("cannot run command for %q %q: %s", suite.directory, test.inFile, err)
+	}
+
+	return nil
+}
+
+func compareFAX(suite *testSuite, test test) error {
+	respPath := filepath.Join(suite.directory, "resp", test.inFile+".resp")
+	respFile, err := os.Open(respPath)
+	if err != nil {
+		return fmt.Errorf("cannot read output of %q %q: %s", suite.directory, test.inFile, err)
+	}
+	defer respFile.Close()
+
+	faxPath := filepath.Join(suite.directory, "fax", test.inFile+".fax")
+	faxFile, err := os.Open(faxPath)
+	if err != nil {
+		return fmt.Errorf("cannot open fax file for %q %q: %s", suite.directory, test.inFile, err)
+	}
+	defer faxFile.Close()
+
+	respScanner := bufio.NewScanner(respFile)
+	faxScanner := bufio.NewScanner(faxFile)
+
+	lineNo := 0
+	inHeader := true
+
+	for respScanner.Scan() {
+		lineNo++
+		respLine := respScanner.Text()
+		var faxLine string
+
+		if inHeader && (len(respLine) == 0 || respLine[0] == '#') {
+			continue
+		}
+
+		for {
+			haveFaxLine := false
+
+			if inHeader {
+				for faxScanner.Scan() {
+					faxLine = faxScanner.Text()
+					if len(faxLine) != 0 && faxLine[0] != '#' {
+						haveFaxLine = true
+						break
+					}
+				}
+
+				inHeader = false
+			} else {
+				if faxScanner.Scan() {
+					faxLine = faxScanner.Text()
+					haveFaxLine = true
+				}
+			}
+
+			if !haveFaxLine {
+				return fmt.Errorf("resp file is longer than fax for %q %q", suite.directory, test.inFile)
+			}
+
+			if strings.HasPrefix(faxLine, " (Reason: ") {
+				continue
+			}
+
+			break
+		}
+
+		if faxLine == respLine {
+			continue
+		}
+
+		return fmt.Errorf("resp and fax differ at line %d for %q %q: %q vs %q", lineNo, suite.directory, test.inFile, respLine, faxLine)
+	}
+
+	if faxScanner.Scan() {
+		return fmt.Errorf("fax file is longer than resp for %q %q", suite.directory, test.inFile)
+	}
+
+	return nil
+}