Google Git
Sign in
boringssl / boringssl / 683262795801abab5d0d5b2dd533d82dcfd64248^! / .
commit683262795801abab5d0d5b2dd533d82dcfd64248[log] [tgz]
authorDaniel McCarney <daniel@binaryparadox.net>Wed Dec 11 17:01:52 2024 -0500
committerBoringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Dec 11 15:22:59 2024 -0800
tree6c401b730b43c03c3b2718ddb768860251443ed8
parentea92d98040761248d50d05654242d9c2dfbadcba [diff]
utils/fipstools: add DetECDSA ACVP support

Very little needs to change in acvptool in order to support the
deterministic ACVP algorithm spec from the NIST spec:

  https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html

Only the sigGen test mode is specified for this algorithm, and without
any support for the componentTest property, so we make sure to check
these are sane when processing DetECDSA algorithm vectors.

A module wrapper only needs to know it's DetECDSA and can otherwise
treat the operation the same as ECDSA/sigGen.

Change-Id: Iecd3dc79d31f448272accd63ef24c882c3fc3b55
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/74189
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Bob Beck <bbe@google.com>
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Bob Beck <bbe@google.com>

diff --git a/util/fipstools/acvp/ACVP.md b/util/fipstools/acvp/ACVP.md
index b904951..db3aca2 100644
--- a/util/fipstools/acvp/ACVP.md
+++ b/util/fipstools/acvp/ACVP.md

@@ -75,6 +75,7 @@
 | ECDSA/keyVer         | Curve name, X, Y | Single-byte valid flag |
 | ECDSA/sigGen         | Curve name, private key, hash name, message | R, S |
 | ECDSA/sigVer         | Curve name, hash name, message, X, Y, R, S | Single-byte validity flag |
+| DetECDSA/sigGen      | Curve name, private key, hash name, message | R, S |
 | EDDSA/keyGen         | Curve name | private key seed (D), public key (Q) |
 | EDDSA/keyVer         | Curve name, public key (Q) | Single-byte valid flag |
 | EDDSA/sigGen         | Curve name, private key seed (D), message, single-byte prehash flag, prehash context | Signature |

diff --git a/util/fipstools/acvp/acvptool/subprocess/ecdsa.go b/util/fipstools/acvp/acvptool/subprocess/ecdsa.go
index 057a2cf..9098281 100644
--- a/util/fipstools/acvp/acvptool/subprocess/ecdsa.go
+++ b/util/fipstools/acvp/acvptool/subprocess/ecdsa.go

@@ -26,6 +26,7 @@
 
 type ecdsaTestVectorSet struct {
 	Groups []ecdsaTestGroup `json:"testGroups"`
+	Algorithm string        `json:"algorithm"`
 	Mode   string           `json:"mode"`
 }
 
@@ -78,6 +79,10 @@
 		return nil, err
 	}
 
+	if parsed.Algorithm == "DetECDSA" && parsed.Mode != "sigGen" {
+		return nil, fmt.Errorf("DetECDSA only specifies sigGen mode")
+	}
+
 	var ret []ecdsaTestGroupResponse
 	// See
 	// https://pages.nist.gov/ACVP/draft-fussell-acvp-ecdsa.html#name-test-vectors
@@ -139,6 +144,10 @@
 				})
 
 			case "sigGen":
+				if group.ComponentTest && parsed.Algorithm == "DetECDSA" {
+					return nil, fmt.Errorf("DetECDSA does not support component tests")
+				}
+
 				p := e.primitives[group.HashAlgo]
 				h, ok := p.(*hashPrimitive)
 				if !ok {
@@ -147,7 +156,13 @@
 
 				if len(sigGenPrivateKey) == 0 {
 					// Ask the subprocess to generate a key for this test group.
-					result, err := m.Transact(e.algo+"/"+"keyGen", 3, []byte(group.Curve))
+					cmd := e.algo + "/keyGen"
+					if e.algo == "DetECDSA" {
+						// Use "ECDSA/keyGen" for DetECDSA to avoid the module wrapper needing to support a second
+						// keyGen command for DetECDSA.
+						cmd = "ECDSA/keyGen"
+					}
+					result, err := m.Transact(cmd, 3, []byte(group.Curve))
 					if err != nil {
 						return nil, fmt.Errorf("key generation failed for test case %d/%d: %s", group.ID, test.ID, err)
 					}

diff --git a/util/fipstools/acvp/acvptool/subprocess/subprocess.go b/util/fipstools/acvp/acvptool/subprocess/subprocess.go
index d8403af..ac479ff 100644
--- a/util/fipstools/acvp/acvptool/subprocess/subprocess.go
+++ b/util/fipstools/acvp/acvptool/subprocess/subprocess.go

@@ -146,6 +146,7 @@
 		"PBKDF":             &pbkdf{},
 	}
 	m.primitives["ECDSA"] = &ecdsa{"ECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives}
+	m.primitives["DetECDSA"] = &ecdsa{"DetECDSA", map[string]bool{"P-224": true, "P-256": true, "P-384": true, "P-521": true}, m.primitives}
 	m.primitives["EDDSA"] = &eddsa{"EDDSA", map[string]bool{"ED-25519": true}}
 
 	go m.readerRoutine()