blob: 5b5b1d16b720edae694b6e302fa3200329523b05 [file] [log] [blame]
// Copyright (c) 2019, Google Inc.
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
package subprocess
import (
"bytes"
"encoding/hex"
"encoding/json"
"fmt"
)
// The following structures reflect the JSON of ACVP hash tests. See
// https://usnistgov.github.io/ACVP/artifacts/acvp_sub_ecdsa.html#test_vectors
type ecdsaTestVectorSet struct {
Groups []ecdsaTestGroup `json:"testGroups"`
Mode string `json:"mode"`
}
type ecdsaTestGroup struct {
ID uint64 `json:"tgId"`
Curve string `json:"curve"`
SecretGenerationMode string `json:"secretGenerationMode,omitempty"`
HashAlgo string `json:"hashAlg,omitEmpty"`
ComponentTest bool `json:"componentTest"`
Tests []struct {
ID uint64 `json:"tcId"`
QxHex string `json:"qx,omitempty"`
QyHex string `json:"qy,omitempty"`
RHex string `json:"r,omitempty"`
SHex string `json:"s,omitempty"`
MsgHex string `json:"message,omitempty"`
} `json:"tests"`
}
type ecdsaTestGroupResponse struct {
ID uint64 `json:"tgId"`
Tests []ecdsaTestResponse `json:"tests"`
QxHex string `json:"qx,omitempty"`
QyHex string `json:"qy,omitempty"`
}
type ecdsaTestResponse struct {
ID uint64 `json:"tcId"`
DHex string `json:"d,omitempty"`
QxHex string `json:"qx,omitempty"`
QyHex string `json:"qy,omitempty"`
RHex string `json:"r,omitempty"`
SHex string `json:"s,omitempty"`
Passed *bool `json:"testPassed,omitempty"` // using pointer so value is not omitted when it is false
}
// ecdsa implements an ACVP algorithm by making requests to the
// subprocess to generate and verify ECDSA keys and signatures.
type ecdsa struct {
// algo is the ACVP name for this algorithm and also the command name
// given to the subprocess to hash with this hash function.
algo string
curves map[string]bool // supported curve names
m *Subprocess
}
func (e *ecdsa) Process(vectorSet []byte) (interface{}, error) {
var parsed ecdsaTestVectorSet
if err := json.Unmarshal(vectorSet, &parsed); err != nil {
return nil, err
}
var ret []ecdsaTestGroupResponse
// See
// https://usnistgov.github.io/ACVP/artifacts/draft-celi-acvp-sha-00.html#rfc.section.3
// for details about the tests.
for _, group := range parsed.Groups {
if _, ok := e.curves[group.Curve]; !ok {
return nil, fmt.Errorf("curve %q in test group %d not supported", group.Curve, group.ID)
}
response := ecdsaTestGroupResponse{
ID: group.ID,
}
var sigGenPrivateKey []byte
for _, test := range group.Tests {
var testResp ecdsaTestResponse
switch parsed.Mode {
case "keyGen":
if group.SecretGenerationMode != "testing candidates" {
return nil, fmt.Errorf("invalid secret generation mode in test group %d: %q", group.ID, group.SecretGenerationMode)
}
result, err := e.m.transact(e.algo+"/"+"keyGen", 3, []byte(group.Curve))
if err != nil {
return nil, fmt.Errorf("key generation failed for test case %d/%d: %s", group.ID, test.ID, err)
}
testResp.DHex = hex.EncodeToString(result[0])
testResp.QxHex = hex.EncodeToString(result[1])
testResp.QyHex = hex.EncodeToString(result[2])
case "keyVer":
qx, err := hex.DecodeString(test.QxHex)
if err != nil {
return nil, fmt.Errorf("failed to decode qx in test case %d/%d: %s", group.ID, test.ID, err)
}
qy, err := hex.DecodeString(test.QyHex)
if err != nil {
return nil, fmt.Errorf("failed to decode qy in test case %d/%d: %s", group.ID, test.ID, err)
}
result, err := e.m.transact(e.algo+"/"+"keyVer", 1, []byte(group.Curve), qx, qy)
if err != nil {
return nil, fmt.Errorf("key verification failed for test case %d/%d: %s", group.ID, test.ID, err)
}
// result[0] should be a single byte: zero if false, one if true
switch {
case bytes.Equal(result[0], []byte{00}):
f := false
testResp.Passed = &f
case bytes.Equal(result[0], []byte{01}):
t := true
testResp.Passed = &t
default:
return nil, fmt.Errorf("key verification returned unexpected result: %q", result[0])
}
case "sigGen":
p := e.m.primitives[group.HashAlgo]
h, ok := p.(*hashPrimitive)
if !ok {
return nil, fmt.Errorf("unsupported hash algorithm %q in test group %d", group.HashAlgo, group.ID)
}
if len(sigGenPrivateKey) == 0 {
// Ask the subprocess to generate a key for this test group.
result, err := e.m.transact(e.algo+"/"+"keyGen", 3, []byte(group.Curve))
if err != nil {
return nil, fmt.Errorf("key generation failed for test case %d/%d: %s", group.ID, test.ID, err)
}
sigGenPrivateKey = result[0]
response.QxHex = hex.EncodeToString(result[1])
response.QyHex = hex.EncodeToString(result[2])
}
msg, err := hex.DecodeString(test.MsgHex)
if err != nil {
return nil, fmt.Errorf("failed to decode message hex in test case %d/%d: %s", group.ID, test.ID, err)
}
op := e.algo + "/" + "sigGen"
if group.ComponentTest {
if len(msg) != h.size {
return nil, fmt.Errorf("test case %d/%d contains message %q of length %d, but expected length %d", group.ID, test.ID, test.MsgHex, len(msg), h.size)
}
op += "/componentTest"
}
result, err := e.m.transact(op, 2, []byte(group.Curve), sigGenPrivateKey, []byte(group.HashAlgo), msg)
if err != nil {
return nil, fmt.Errorf("signature generation failed for test case %d/%d: %s", group.ID, test.ID, err)
}
testResp.RHex = hex.EncodeToString(result[0])
testResp.SHex = hex.EncodeToString(result[1])
case "sigVer":
p := e.m.primitives[group.HashAlgo]
_, ok := p.(*hashPrimitive)
if !ok {
return nil, fmt.Errorf("unsupported hash algorithm %q in test group %d", group.HashAlgo, group.ID)
}
msg, err := hex.DecodeString(test.MsgHex)
if err != nil {
return nil, fmt.Errorf("failed to decode message hex in test case %d/%d: %s", group.ID, test.ID, err)
}
qx, err := hex.DecodeString(test.QxHex)
if err != nil {
return nil, fmt.Errorf("failed to decode qx in test case %d/%d: %s", group.ID, test.ID, err)
}
qy, err := hex.DecodeString(test.QyHex)
if err != nil {
return nil, fmt.Errorf("failed to decode qy in test case %d/%d: %s", group.ID, test.ID, err)
}
r, err := hex.DecodeString(test.RHex)
if err != nil {
return nil, fmt.Errorf("failed to decode R in test case %d/%d: %s", group.ID, test.ID, err)
}
s, err := hex.DecodeString(test.SHex)
if err != nil {
return nil, fmt.Errorf("failed to decode S in test case %d/%d: %s", group.ID, test.ID, err)
}
result, err := e.m.transact(e.algo+"/"+"sigVer", 1, []byte(group.Curve), []byte(group.HashAlgo), msg, qx, qy, r, s)
if err != nil {
return nil, fmt.Errorf("signature verification failed for test case %d/%d: %s", group.ID, test.ID, err)
}
// result[0] should be a single byte: zero if false, one if true
switch {
case bytes.Equal(result[0], []byte{00}):
f := false
testResp.Passed = &f
case bytes.Equal(result[0], []byte{01}):
t := true
testResp.Passed = &t
default:
return nil, fmt.Errorf("signature verification returned unexpected result: %q", result[0])
}
default:
return nil, fmt.Errorf("invalid mode %q in ECDSA vector set", parsed.Mode)
}
testResp.ID = test.ID
response.Tests = append(response.Tests, testResp)
}
ret = append(ret, response)
}
return ret, nil
}