Adding RSA2 PKCS15 CAVP tests.
Change-Id: I7ee611484b576a2195405ee47c29af7168b9556e
Reviewed-on: https://boringssl-review.googlesource.com/15804
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/fipsoracle/CMakeLists.txt b/fipsoracle/CMakeLists.txt
index 683bb99..a585987 100644
--- a/fipsoracle/CMakeLists.txt
+++ b/fipsoracle/CMakeLists.txt
@@ -50,6 +50,22 @@
)
add_executable(
+ cavp_rsa2_siggen_test
+
+ cavp_rsa2_siggen_test.cc
+ cavp_test_util.cc
+ $<TARGET_OBJECTS:test_support>
+ )
+
+ add_executable(
+ cavp_rsa2_sigver_test
+
+ cavp_rsa2_sigver_test.cc
+ cavp_test_util.cc
+ $<TARGET_OBJECTS:test_support>
+ )
+
+ add_executable(
cavp_hmac_test
cavp_hmac_test.cc
@@ -97,6 +113,8 @@
target_link_libraries(cavp_ecdsa2_pkv_test crypto)
target_link_libraries(cavp_ecdsa2_siggen_test crypto)
target_link_libraries(cavp_ecdsa2_sigver_test crypto)
+ target_link_libraries(cavp_rsa2_siggen_test crypto)
+ target_link_libraries(cavp_rsa2_sigver_test crypto)
target_link_libraries(cavp_hmac_test crypto)
target_link_libraries(cavp_sha_test crypto)
target_link_libraries(cavp_sha_monte_test crypto)
diff --git a/fipsoracle/cavp_rsa2_siggen_test.cc b/fipsoracle/cavp_rsa2_siggen_test.cc
new file mode 100644
index 0000000..fcd5871
--- /dev/null
+++ b/fipsoracle/cavp_rsa2_siggen_test.cc
@@ -0,0 +1,116 @@
+/* Copyright (c) 2017, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+// cavp_rsa2_siggen_test processes NIST CAVP RSA2 SigGen test vector request
+// files and emits the corresponding response.
+
+#include <vector>
+
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/digest.h>
+#include <openssl/rsa.h>
+
+#include "../crypto/internal.h"
+#include "../crypto/test/file_test.h"
+#include "cavp_test_util.h"
+
+struct TestCtx {
+ bssl::UniquePtr<RSA> key;
+ bool is_pss;
+};
+
+static bool TestRSA2SigGen(FileTest *t, void *arg) {
+ TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
+
+ std::string mod_str, hash;
+ std::vector<uint8_t> msg;
+ if (!t->GetInstruction(&mod_str, "mod") ||
+ !t->GetAttribute(&hash, "SHAAlg") ||
+ !t->GetBytes(&msg, "Msg")) {
+ return false;
+ }
+
+ std::string test = t->CurrentTestToString();
+ if (t->IsAtNewInstructionBlock()) {
+ int mod_bits = strtoul(mod_str.c_str(), nullptr, 0);
+ ctx->key = bssl::UniquePtr<RSA>(RSA_new());
+ bssl::UniquePtr<BIGNUM> e(BN_new());
+ if (ctx->key == nullptr ||
+ mod_bits == 0 ||
+ !BN_set_word(e.get(), RSA_F4) ||
+ !RSA_generate_key_ex(ctx->key.get(), mod_bits, e.get(), nullptr)) {
+ return false;
+ }
+
+ const BIGNUM *n;
+ RSA_get0_key(ctx->key.get(), &n, nullptr, nullptr);
+
+ std::vector<uint8_t> n_bytes(BN_num_bytes(n));
+ std::vector<uint8_t> e_bytes(BN_num_bytes(e.get()));
+ if (!BN_bn2bin_padded(n_bytes.data(), n_bytes.size(), n) ||
+ !BN_bn2bin_padded(e_bytes.data(), e_bytes.size(), e.get())) {
+ return false;
+ }
+
+ printf("[mod = %s]\r\n\r\nn = %s\r\n\r\ne = %s",
+ mod_str.c_str(),
+ EncodeHex(n_bytes.data(), n_bytes.size()).c_str(),
+ EncodeHex(e_bytes.data(), e_bytes.size()).c_str());
+ test = test.substr(test.find("]") + 3);
+ }
+
+ const EVP_MD *md = EVP_get_digestbyname(hash.c_str());
+ uint8_t digest_buf[EVP_MAX_MD_SIZE];
+ std::vector<uint8_t> sig(RSA_size(ctx->key.get()));
+ unsigned digest_len, sig_len;
+ if (md == NULL ||
+ !EVP_Digest(msg.data(), msg.size(), digest_buf, &digest_len, md, NULL) ||
+ !RSA_sign(EVP_MD_type(md), digest_buf, digest_len, sig.data(), &sig_len,
+ ctx->key.get())) {
+ return false;
+ }
+
+ printf("%sS = %s\r\n\r\n", test.c_str(),
+ EncodeHex(sig.data(), sig_len).c_str());
+ return true;
+}
+
+int main(int argc, char **argv) {
+ CRYPTO_library_init();
+
+ if (argc != 3) {
+ fprintf(stderr, "usage: %s (pkcs15|pss) <test file>\n",
+ argv[0]);
+ return 1;
+ }
+
+ TestCtx ctx;
+ if (strcmp(argv[1], "pkcs15") == 0) {
+ ctx = {nullptr, false};
+ } else if (strcmp(argv[1], "pss") == 0) {
+ ctx = {nullptr, true};
+ } else {
+ fprintf(stderr, "Unknown test type: %s\n", argv[1]);
+ return 1;
+ }
+
+ printf("# Generated by");
+ for (int i = 0; i < argc; i++) {
+ printf(" %s", argv[i]);
+ }
+ printf("\r\n\r\n");
+
+ return FileTestMainSilent(TestRSA2SigGen, &ctx, argv[2]);
+}
diff --git a/fipsoracle/cavp_rsa2_sigver_test.cc b/fipsoracle/cavp_rsa2_sigver_test.cc
new file mode 100644
index 0000000..553663f
--- /dev/null
+++ b/fipsoracle/cavp_rsa2_sigver_test.cc
@@ -0,0 +1,114 @@
+/* Copyright (c) 2017, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+// cavp_rsa2_sigver_test processes NIST CAVP RSA2 SigVer test vector request
+// files and emits the corresponding response.
+
+#include <vector>
+
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/digest.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+
+#include "../crypto/internal.h"
+#include "../crypto/test/file_test.h"
+#include "cavp_test_util.h"
+
+struct TestCtx {
+ std::vector<uint8_t> N;
+ bool is_pss;
+};
+
+static bool TestRSA2SigVer(FileTest *t, void *arg) {
+ TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
+
+ std::string mod_str;
+ if (!t->GetInstruction(&mod_str, "mod")) {
+ return false;
+ }
+
+ printf("%s", t->CurrentTestToString().c_str());
+
+ if (t->HasAttribute("n")) {
+ printf("\r\n");
+ return t->GetBytes(&ctx->N, "n");
+ }
+
+ std::string hash;
+ std::vector<uint8_t> e_bytes, msg, sig;
+ if (!t->GetAttribute(&hash, "SHAAlg") ||
+ !t->GetBytes(&e_bytes, "e") ||
+ !t->GetBytes(&msg, "Msg") ||
+ !t->GetBytes(&sig, "S")) {
+ return false;
+ }
+
+ bssl::UniquePtr<RSA> key(RSA_new());
+ key->n = BN_new();
+ key->e = BN_new();
+ if (key == nullptr ||
+ !BN_bin2bn(ctx->N.data(), ctx->N.size(), key->n) ||
+ !BN_bin2bn(e_bytes.data(), e_bytes.size(), key->e)) {
+ return false;
+ }
+
+ const EVP_MD *md = EVP_get_digestbyname(hash.c_str());
+ uint8_t digest_buf[EVP_MAX_MD_SIZE];
+ unsigned digest_len;
+ if (md == NULL ||
+ !EVP_Digest(msg.data(), msg.size(), digest_buf, &digest_len, md, NULL)) {
+ return false;
+ }
+
+ if (RSA_verify(EVP_MD_type(md), digest_buf, digest_len, sig.data(),
+ sig.size(), key.get())) {
+ printf("Result = P\r\n\r\n");
+ } else {
+ char buf[256];
+ ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
+ printf("Result = F (%s)\r\n\r\n", buf);
+ }
+ ERR_clear_error();
+ return true;
+}
+
+int main(int argc, char **argv) {
+ CRYPTO_library_init();
+
+ if (argc != 3) {
+ fprintf(stderr, "usage: %s (pkcs15|pss) <test file>\n",
+ argv[0]);
+ return 1;
+ }
+
+ TestCtx ctx;
+ if (strcmp(argv[1], "pkcs15") == 0) {
+ ctx = {std::vector<uint8_t>(), false};
+ } else if (strcmp(argv[1], "pss") == 0) {
+ ctx = {std::vector<uint8_t>(), true};
+ } else {
+ fprintf(stderr, "Unknown test type: %s\n", argv[1]);
+ return 1;
+ }
+
+ printf("# Generated by");
+ for (int i = 0; i < argc; i++) {
+ printf(" %s", argv[i]);
+ }
+ printf("\r\n\r\n");
+
+ return FileTestMainSilent(TestRSA2SigVer, &ctx, argv[2]);
+}
diff --git a/fipsoracle/run_cavp.go b/fipsoracle/run_cavp.go
index 6ef4dab..cb322a0 100644
--- a/fipsoracle/run_cavp.go
+++ b/fipsoracle/run_cavp.go
@@ -126,6 +126,24 @@
[]test{{"SigVer", nil, false}},
}
+var rsa2SigGenTests = testSuite{
+ "RSA2",
+ "cavp_rsa2_siggen_test",
+ []test{
+ {"SigGen15_186-3", []string{"pkcs15"}, true},
+ // {"SigGenPSS_186-3", []string{"pss"}, true},
+ },
+}
+
+var rsa2SigVerTests = testSuite{
+ "RSA2",
+ "cavp_rsa2_sigver_test",
+ []test{
+ {"SigVer15_186-3", []string{"pkcs15"}, true},
+ // {"SigVerPSS_186-3", []string{"pss"}, true},
+ },
+}
+
var hmacTests = testSuite{
"HMAC",
"cavp_hmac_test",
@@ -200,6 +218,8 @@
&ecdsa2PKVTests,
&ecdsa2SigGenTests,
&ecdsa2SigVerTests,
+ &rsa2SigGenTests,
+ &rsa2SigVerTests,
&hmacTests,
&shaTests,
&shaMonteTests,
