Add HMAC CAVP tests.

Change-Id: Idb84c8dbd7c0d74d8e56703d18f422a1841b14ba Reviewed-on: https://boringssl-review.googlesource.com/15744 Reviewed-by: Steven Valdez <svaldez@google.com> Reviewed-by: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Steven Valdez <svaldez@google.com> Commit-Queue: David Benjamin <davidben@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2017-05-01 17:02:01 -04:00 · 2017-05-01 17:02:01 -04:00 · 493b2a4bf8
commit 493b2a4bf8
parent 1ac76f7ed0
3 changed files with 128 additions and 0 deletions
--- a/fipsoracle/CMakeLists.txt
+++ b/fipsoracle/CMakeLists.txt
@ -49,6 +49,15 @@ if (FIPS)
    $<TARGET_OBJECTS:test_support>
  )

+  add_executable(
+    cavp_hmac_test
+
+    cavp_hmac_test.cc
+    cavp_test_util.h
+    cavp_test_util.cc
+    $<TARGET_OBJECTS:test_support>
+  )
+
  add_executable(
    cavp_sha_test

@ -84,6 +93,8 @@ if (FIPS)
  target_link_libraries(cavp_ecdsa2_siggen_test crypto)
  target_link_libraries(cavp_ecdsa2_sigver_test crypto)

+  target_link_libraries(cavp_hmac_test crypto)
+
  target_link_libraries(cavp_sha_test crypto)
  target_link_libraries(cavp_sha_monte_test crypto)

--- a/fipsoracle/cavp_hmac_test.cc
+++ b/fipsoracle/cavp_hmac_test.cc
@ -0,0 +1,106 @@
+/* Copyright (c) 2017, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+// cavp_hmac_test processes a NIST CAVP HMAC test vector request file and emits
+// the corresponding response.
+
+#include <stdlib.h>
+
+#include <openssl/crypto.h>
+#include <openssl/hmac.h>
+
+#include "../crypto/test/file_test.h"
+#include "cavp_test_util.h"
+
+
+static bool TestHMAC(FileTest *t, void *arg) {
+  std::string md_len_str;
+  if (!t->GetInstruction(&md_len_str, "L")) {
+    return false;
+  }
+  const size_t md_len = strtoul(md_len_str.c_str(), nullptr, 0);
+
+  const EVP_MD *md;
+  switch (md_len) {
+    case 20:
+      md = EVP_sha1();
+      break;
+    case 28:
+      md = EVP_sha224();
+      break;
+    case 32:
+      md = EVP_sha256();
+      break;
+    case 48:
+      md = EVP_sha384();
+      break;
+    case 64:
+      md = EVP_sha512();
+      break;
+    default:
+      return false;
+  }
+
+  std::string count_str, k_len_str, t_len_str;
+  std::vector<uint8_t> key, msg;
+  if (!t->GetAttribute(&count_str, "Count") ||
+      !t->GetAttribute(&k_len_str, "Klen") ||
+      !t->GetAttribute(&t_len_str, "Tlen") ||
+      !t->GetBytes(&key, "Key") ||
+      !t->GetBytes(&msg, "Msg")) {
+    return false;
+  }
+
+  size_t k_len = strtoul(k_len_str.c_str(), nullptr, 0);
+  size_t t_len = strtoul(t_len_str.c_str(), nullptr, 0);
+  if (key.size() < k_len) {
+    return false;
+  }
+  unsigned out_len;
+  uint8_t out[EVP_MAX_MD_SIZE];
+  if (HMAC(md, key.data(), k_len, msg.data(), msg.size(), out, &out_len) ==
+      NULL) {
+    return false;
+  }
+
+  if (out_len < t_len) {
+    return false;
+  }
+
+  printf("%s", t->CurrentTestToString().c_str());
+  printf("Mac = %s\r\n\r\n", EncodeHex(out, t_len).c_str());
+
+  return true;
+}
+
+static int usage(char *arg) {
+  fprintf(stderr, "usage: %s <test file>\n", arg);
+  return 1;
+}
+
+int main(int argc, char **argv) {
+  CRYPTO_library_init();
+
+  if (argc != 2) {
+    return usage(argv[0]);
+  }
+
+  printf("# Generated by");
+  for (int i = 0; i < argc; i++) {
+    printf(" %s", argv[i]);
+  }
+  printf("\r\n\r\n");
+
+  return FileTestMainSilent(TestHMAC, nullptr, argv[1]);
+}
--- a/fipsoracle/run_cavp.go
+++ b/fipsoracle/run_cavp.go
@ -126,6 +126,12 @@ var ecdsa2SigVerTests = testSuite{
 	[]test{{"SigVer", nil, false}},
 }

+var hmacTests = testSuite{
+	"HMAC",
+	"cavp_hmac_test",
+	[]test{{"HMAC", nil, false}},
+}
+
 var shaTests = testSuite{
 	"SHA",
 	"cavp_sha_test",
@ -169,6 +175,7 @@ var allTestSuites = []*testSuite{
 	&ecdsa2PKVTests,
 	&ecdsa2SigGenTests,
 	&ecdsa2SigVerTests,
+	&hmacTests,
 	&shaTests,
 	&shaMonteTests,
 }
@ -284,6 +291,10 @@ func compareFAX(suite *testSuite, test test) error {
 			}

 			if !haveFaxLine {
+				// Ignore blank lines at the end of the generated file.
+				if len(respLine) == 0 {
+					break
+				}
 				return fmt.Errorf("resp file is longer than fax for %q %q", suite.getDirectory(), test.inFile)
 			}