util/fipstools/cavp/cavp_kas_test.cc - boringssl - Git at Google

 /* Copyright (c) 2018, Google Inc.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

 // cavp_kas_test processes NIST CAVP ECC KAS test vector request files and
 // emits the corresponding response.

 #include <vector>

 #include <openssl/bn.h>
 #include <openssl/crypto.h>
 #include <openssl/digest.h>
 #include <openssl/ecdh.h>
 #include <openssl/ecdsa.h>
 #include <openssl/ec_key.h>
 #include <openssl/err.h>
 #include <openssl/nid.h>
 #include <openssl/sha.h>
 #include <openssl/span.h>

 #include "../crypto/internal.h"
 #include "../crypto/test/file_test.h"
 #include "../crypto/test/test_util.h"
 #include "cavp_test_util.h"


 static bool TestKAS(FileTest *t, void *arg) {
   const bool validate = *reinterpret_cast<bool *>(arg);

   int nid = NID_undef;
   size_t digest_len = 0;

   if (t->HasInstruction("EB - SHA224")) {
     nid = NID_secp224r1;
     digest_len = SHA224_DIGEST_LENGTH;
   } else if (t->HasInstruction("EC - SHA256")) {
     nid = NID_X9_62_prime256v1;
     digest_len = SHA256_DIGEST_LENGTH;
   } else if (t->HasInstruction("ED - SHA384")) {
     nid = NID_secp384r1;
     digest_len = SHA384_DIGEST_LENGTH;
   } else if (t->HasInstruction("EE - SHA512")) {
     nid = NID_secp521r1;
     digest_len = SHA512_DIGEST_LENGTH;
   } else {
     return false;
   }

   if (!t->HasAttribute("COUNT")) {
     return false;
   }

   bssl::UniquePtr<BIGNUM> their_x(GetBIGNUM(t, "QeCAVSx"));
   bssl::UniquePtr<BIGNUM> their_y(GetBIGNUM(t, "QeCAVSy"));
   bssl::UniquePtr<EC_KEY> ec_key(EC_KEY_new_by_curve_name(nid));
   bssl::UniquePtr<BN_CTX> ctx(BN_CTX_new());
   if (!their_x || !their_y || !ec_key || !ctx) {
     return false;
   }

   const EC_GROUP *const group = EC_KEY_get0_group(ec_key.get());
   bssl::UniquePtr<EC_POINT> their_point(EC_POINT_new(group));
   if (!their_point ||
       !EC_POINT_set_affine_coordinates_GFp(
           group, their_point.get(), their_x.get(), their_y.get(), ctx.get())) {
     return false;
   }

   if (validate) {
     bssl::UniquePtr<BIGNUM> our_k(GetBIGNUM(t, "deIUT"));
     if (!our_k ||
         !EC_KEY_set_private_key(ec_key.get(), our_k.get()) ||
         // These attributes are ignored.
         !t->HasAttribute("QeIUTx") ||
         !t->HasAttribute("QeIUTy")) {
       return false;
     }
   } else if (!EC_KEY_generate_key(ec_key.get())) {
     return false;
   }

   uint8_t digest[EVP_MAX_MD_SIZE];
   if (!ECDH_compute_key_fips(digest, digest_len, their_point.get(),
                              ec_key.get())) {
     return false;
   }

   if (validate) {
     std::vector<uint8_t> expected_shared_bytes;
     if (!t->GetBytes(&expected_shared_bytes, "CAVSHashZZ")) {
       return false;
     }
     const bool ok =
         digest_len == expected_shared_bytes.size() &&
         OPENSSL_memcmp(digest, expected_shared_bytes.data(), digest_len) == 0;

     printf("%sIUTHashZZ = %s\r\nResult = %c\r\n\r\n\r\n",
            t->CurrentTestToString().c_str(),
            EncodeHex(bssl::MakeConstSpan(digest, digest_len)).c_str(),
            ok ? 'P' : 'F');
   } else {
     const EC_POINT *pub = EC_KEY_get0_public_key(ec_key.get());
     bssl::UniquePtr<BIGNUM> x(BN_new());
     bssl::UniquePtr<BIGNUM> y(BN_new());
     if (!x || !y ||
         !EC_POINT_get_affine_coordinates_GFp(group, pub, x.get(), y.get(),
                                              ctx.get())) {
       return false;
     }
     bssl::UniquePtr<char> x_hex(BN_bn2hex(x.get()));
     bssl::UniquePtr<char> y_hex(BN_bn2hex(y.get()));

     printf("%sQeIUTx = %s\r\nQeIUTy = %s\r\nHashZZ = %s\r\n",
            t->CurrentTestToString().c_str(), x_hex.get(), y_hex.get(),
            EncodeHex(bssl::MakeConstSpan(digest, digest_len)).c_str());
   }

   return true;
 }

 int cavp_kas_test_main(int argc, char **argv) {
   if (argc != 3) {
     fprintf(stderr, "usage: %s (validity|function) <test file>\n",
             argv[0]);
     return 1;
   }

   bool validity;
   if (strcmp(argv[1], "validity") == 0) {
     validity = true;
   } else if (strcmp(argv[1], "function") == 0) {
     validity = false;
   } else {
     fprintf(stderr, "Unknown test type: %s\n", argv[1]);
     return 1;
   }

   FileTest::Options opts;
   opts.path = argv[2];
   opts.arg = &validity;
   opts.callback = TestKAS;
   opts.silent = true;
   opts.comment_callback = EchoComment;
   opts.is_kas_test = true;
   return FileTestMain(opts);
 }
	/* Copyright (c) 2018, Google Inc.
	*
	* Permission to use, copy, modify, and/or distribute this software for any
	* purpose with or without fee is hereby granted, provided that the above
	* copyright notice and this permission notice appear in all copies.
	*
	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
	* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
	* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
	* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

	// cavp_kas_test processes NIST CAVP ECC KAS test vector request files and
	// emits the corresponding response.

	#include <vector>

	#include <openssl/bn.h>
	#include <openssl/crypto.h>
	#include <openssl/digest.h>
	#include <openssl/ecdh.h>
	#include <openssl/ecdsa.h>
	#include <openssl/ec_key.h>
	#include <openssl/err.h>
	#include <openssl/nid.h>
	#include <openssl/sha.h>
	#include <openssl/span.h>

	#include "../crypto/internal.h"
	#include "../crypto/test/file_test.h"
	#include "../crypto/test/test_util.h"
	#include "cavp_test_util.h"


	static bool TestKAS(FileTest t, void arg) {
	const bool validate = reinterpret_cast<bool >(arg);

	int nid = NID_undef;
	size_t digest_len = 0;

	if (t->HasInstruction("EB - SHA224")) {
	nid = NID_secp224r1;
	digest_len = SHA224_DIGEST_LENGTH;
	} else if (t->HasInstruction("EC - SHA256")) {
	nid = NID_X9_62_prime256v1;
	digest_len = SHA256_DIGEST_LENGTH;
	} else if (t->HasInstruction("ED - SHA384")) {
	nid = NID_secp384r1;
	digest_len = SHA384_DIGEST_LENGTH;
	} else if (t->HasInstruction("EE - SHA512")) {
	nid = NID_secp521r1;
	digest_len = SHA512_DIGEST_LENGTH;
	} else {
	return false;
	}

	if (!t->HasAttribute("COUNT")) {
	return false;
	}

	bssl::UniquePtr<BIGNUM> their_x(GetBIGNUM(t, "QeCAVSx"));
	bssl::UniquePtr<BIGNUM> their_y(GetBIGNUM(t, "QeCAVSy"));
	bssl::UniquePtr<EC_KEY> ec_key(EC_KEY_new_by_curve_name(nid));
	bssl::UniquePtr<BN_CTX> ctx(BN_CTX_new());
	if (!their_x \|\| !their_y \|\| !ec_key \|\| !ctx) {
	return false;
	}

	const EC_GROUP *const group = EC_KEY_get0_group(ec_key.get());
	bssl::UniquePtr<EC_POINT> their_point(EC_POINT_new(group));
	if (!their_point \|\|
	!EC_POINT_set_affine_coordinates_GFp(
	group, their_point.get(), their_x.get(), their_y.get(), ctx.get())) {
	return false;
	}

	if (validate) {
	bssl::UniquePtr<BIGNUM> our_k(GetBIGNUM(t, "deIUT"));
	if (!our_k \|\|
	!EC_KEY_set_private_key(ec_key.get(), our_k.get()) \|\|
	// These attributes are ignored.
	!t->HasAttribute("QeIUTx") \|\|
	!t->HasAttribute("QeIUTy")) {
	return false;
	}
	} else if (!EC_KEY_generate_key(ec_key.get())) {
	return false;
	}

	uint8_t digest[EVP_MAX_MD_SIZE];
	if (!ECDH_compute_key_fips(digest, digest_len, their_point.get(),
	ec_key.get())) {
	return false;
	}

	if (validate) {
	std::vector<uint8_t> expected_shared_bytes;
	if (!t->GetBytes(&expected_shared_bytes, "CAVSHashZZ")) {
	return false;
	}
	const bool ok =
	digest_len == expected_shared_bytes.size() &&
	OPENSSL_memcmp(digest, expected_shared_bytes.data(), digest_len) == 0;

	printf("%sIUTHashZZ = %s\r\nResult = %c\r\n\r\n\r\n",
	t->CurrentTestToString().c_str(),
	EncodeHex(bssl::MakeConstSpan(digest, digest_len)).c_str(),
	ok ? 'P' : 'F');
	} else {
	const EC_POINT *pub = EC_KEY_get0_public_key(ec_key.get());
	bssl::UniquePtr<BIGNUM> x(BN_new());
	bssl::UniquePtr<BIGNUM> y(BN_new());
	if (!x \|\| !y \|\|
	!EC_POINT_get_affine_coordinates_GFp(group, pub, x.get(), y.get(),
	ctx.get())) {
	return false;
	}
	bssl::UniquePtr<char> x_hex(BN_bn2hex(x.get()));
	bssl::UniquePtr<char> y_hex(BN_bn2hex(y.get()));

	printf("%sQeIUTx = %s\r\nQeIUTy = %s\r\nHashZZ = %s\r\n",
	t->CurrentTestToString().c_str(), x_hex.get(), y_hex.get(),
	EncodeHex(bssl::MakeConstSpan(digest, digest_len)).c_str());
	}

	return true;
	}

	int cavp_kas_test_main(int argc, char **argv) {
	if (argc != 3) {
	fprintf(stderr, "usage: %s (validity\|function) <test file>\n",
	argv[0]);
	return 1;
	}

	bool validity;
	if (strcmp(argv[1], "validity") == 0) {
	validity = true;
	} else if (strcmp(argv[1], "function") == 0) {
	validity = false;
	} else {
	fprintf(stderr, "Unknown test type: %s\n", argv[1]);
	return 1;
	}

	FileTest::Options opts;
	opts.path = argv[2];
	opts.arg = &validity;
	opts.callback = TestKAS;
	opts.silent = true;
	opts.comment_callback = EchoComment;
	opts.is_kas_test = true;
	return FileTestMain(opts);
	}