acvp: check that the payloadLen of cipher tests is correct.
NIST currently seems to have a bug where they don't respect the regcap
for AES-CTR and return fractional-byte tests when not allowed.
Previously we didn't notice that the specified payload length didn't
match the actual value.
Change-Id: I0e48d5246f7250e6047d983cd016b0de290d0f70
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45205
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/util/fipstools/acvp/acvptool/subprocess/block.go b/util/fipstools/acvp/acvptool/subprocess/block.go
index f0431be..1b1e93b 100644
--- a/util/fipstools/acvp/acvptool/subprocess/block.go
+++ b/util/fipstools/acvp/acvptool/subprocess/block.go
@@ -250,11 +250,12 @@
Direction string `json:"direction"`
KeyBits int `json:"keylen"`
Tests []struct {
- ID uint64 `json:"tcId"`
- PlaintextHex string `json:"pt"`
- CiphertextHex string `json:"ct"`
- IVHex string `json:"iv"`
- KeyHex string `json:"key"`
+ ID uint64 `json:"tcId"`
+ InputBits *uint64 `json:"payloadLen"`
+ PlaintextHex string `json:"pt"`
+ CiphertextHex string `json:"ct"`
+ IVHex string `json:"iv"`
+ KeyHex string `json:"key"`
// 3DES tests serialise the key differently.
Key1Hex string `json:"key1"`
@@ -366,6 +367,15 @@
inputHex = test.CiphertextHex
}
+ if test.InputBits != nil {
+ if *test.InputBits%8 != 0 {
+ return nil, fmt.Errorf("input to test case %d/%d is not a whole number of bytes", group.ID, test.ID)
+ }
+ if inputBits := 4 * uint64(len(inputHex)); *test.InputBits != inputBits {
+ return nil, fmt.Errorf("input to test case %d/%d is %q (%d bits), but %d bits is specified", group.ID, test.ID, inputHex, inputBits, *test.InputBits)
+ }
+ }
+
input, err := hex.DecodeString(inputHex)
if err != nil {
return nil, fmt.Errorf("failed to decode hex in test case %d/%d: %s", group.ID, test.ID, err)