1 /* Copyright (c) 2017, Google Inc. 2 * 3 * Permission to use, copy, modify, and/or distribute this software for any 4 * purpose with or without fee is hereby granted, provided that the above 5 * copyright notice and this permission notice appear in all copies. 6 * 7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ 14 15 // cavp_ctr_drbg_test processes a NIST CAVP DRBG800-90A test vector request 16 // file and emits the corresponding response. 17 18 #include <openssl/crypto.h> 19 20 #include <stdlib.h> 21 22 #include "cavp_test_util.h" 23 #include "../crypto/fipsmodule/rand/internal.h" 24 #include "../crypto/test/file_test.h" 25 26 27 static bool TestCTRDRBG(FileTest *t, void *arg) { 28 std::string test_type, prediction_resistance, entropy_input_len, nonce_len, 29 personalization_str_len, additional_input_len, returned_bits_len; 30 if (!t->GetInstruction(&test_type, "AES-256 no df") || 31 !t->GetInstruction(&prediction_resistance, "PredictionResistance") || 32 !t->GetInstruction(&entropy_input_len, "EntropyInputLen") || 33 !t->GetInstruction(&nonce_len, "NonceLen") || 34 !t->GetInstruction(&personalization_str_len, 35 "PersonalizationStringLen") || 36 !t->GetInstruction(&additional_input_len, "AdditionalInputLen") || 37 !t->GetInstruction(&returned_bits_len, "ReturnedBitsLen") || 38 !test_type.empty() || 39 prediction_resistance != "False" || 40 strtoul(entropy_input_len.c_str(), nullptr, 0) != 41 CTR_DRBG_ENTROPY_LEN * 8 || 42 nonce_len != "0") { 43 return false; 44 } 45 46 std::string count; 47 std::vector<uint8_t> entropy, nonce, personalization_str, ai1, ai2; 48 if (!t->GetAttribute(&count, "COUNT") || 49 !t->GetBytes(&entropy, "EntropyInput") || 50 !t->GetBytes(&nonce, "Nonce") || 51 !t->GetBytes(&personalization_str, "PersonalizationString") || 52 !t->GetBytes(&ai1, "AdditionalInput") || 53 !t->GetBytes(&ai2, "AdditionalInput/2") || 54 entropy.size() * 8 != strtoul(entropy_input_len.c_str(), nullptr, 0) || 55 nonce.size() != 0 || 56 personalization_str.size() * 8 != 57 strtoul(personalization_str_len.c_str(), nullptr, 0) || 58 ai1.size() != ai2.size() || 59 ai1.size() * 8 != strtoul(additional_input_len.c_str(), nullptr, 0)) { 60 return false; 61 } 62 63 CTR_DRBG_STATE drbg; 64 CTR_DRBG_init(&drbg, entropy.data(), 65 personalization_str.size() > 0 ? personalization_str.data() 66 : nullptr, 67 personalization_str.size()); 68 69 uint64_t out_len = strtoul(returned_bits_len.c_str(), nullptr, 0); 70 if (out_len == 0 || (out_len & 7) != 0) { 71 return false; 72 } 73 out_len /= 8; 74 75 std::vector<uint8_t> out; 76 out.resize(out_len); 77 78 CTR_DRBG_generate(&drbg, out.data(), out.size(), 79 ai1.size() > 0 ? ai1.data() : nullptr, ai1.size()); 80 CTR_DRBG_generate(&drbg, out.data(), out.size(), 81 ai2.size() > 0 ? ai2.data() : nullptr, ai2.size()); 82 83 printf("%s", t->CurrentTestToString().c_str()); 84 printf("ReturnedBits = %s\r\n\r\n", 85 EncodeHex(out.data(), out.size()).c_str()); 86 87 return true; 88 } 89 90 static int usage(char *arg) { 91 fprintf(stderr, "usage: %s <test file>\n", arg); 92 return 1; 93 } 94 95 int cavp_ctr_drbg_test_main(int argc, char **argv) { 96 if (argc != 2) { 97 return usage(argv[0]); 98 } 99 100 FileTest::Options opts; 101 opts.path = argv[1]; 102 opts.callback = TestCTRDRBG; 103 opts.silent = true; 104 opts.comment_callback = EchoComment; 105 return FileTestMain(opts); 106 } 107