Add SHA CAVP test driver.

Change-Id: I1e5c209456d9fa5f1f743ffd4844b4f8f3fb777a
Reviewed-on: https://boringssl-review.googlesource.com/15665
Reviewed-by: Adam Langley <agl@google.com>

crypto/fipsoracle/CMakeLists.txt

@@ -33,8 +33,30 @@ if (FIPS)
     $<TARGET_OBJECTS:test_support>
   )
 
+  add_executable(
+    cavp_sha_test
+
+    cavp_sha_test.cc
+    cavp_test_util.h
+    cavp_test_util.cc
+    $<TARGET_OBJECTS:test_support>
+  )
+
+  add_executable(
+    cavp_sha_monte_test
+
+    cavp_sha_monte_test.cc
+    cavp_test_util.h
+    cavp_test_util.cc
+    $<TARGET_OBJECTS:test_support>
+  )
+
   target_link_libraries(cavp_aes_test crypto)
   target_link_libraries(cavp_aes_gcm_test crypto)
+
   target_link_libraries(cavp_ecdsa2_pkv_test crypto)
   target_link_libraries(cavp_ecdsa2_sigver_test crypto)
+
+  target_link_libraries(cavp_sha_test crypto)
+  target_link_libraries(cavp_sha_monte_test crypto)
 endif()

crypto/fipsoracle/cavp_sha_monte_test.cc

@@ -0,0 +1,101 @@
+/* Copyright (c) 2017, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+// cavp_sha_monte_test processes a NIST CAVP SHA-Monte test vector request file
+// and emits the corresponding response. An optional sample vector file can be
+// passed to verify the result.
+
+#include <stdlib.h>
+
+#include <openssl/crypto.h>
+#include <openssl/digest.h>
+
+#include "../test/file_test.h"
+#include "cavp_test_util.h"
+
+
+struct TestCtx {
+  std::string hash;
+};
+
+static bool TestSHAMonte(FileTest *t, void *arg) {
+  TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
+
+  const EVP_MD *md = EVP_get_digestbyname(ctx->hash.c_str());
+  if (md == nullptr) {
+    return false;
+  }
+  const size_t md_len = EVP_MD_size(md);
+
+  std::string out_len;
+  if (!t->GetInstruction(&out_len, "L") ||
+      md_len != strtoul(out_len.c_str(), nullptr, 0)) {
+    return false;
+  }
+
+  std::vector<uint8_t> seed;
+  if (!t->GetBytes(&seed, "Seed") ||
+      seed.size() != md_len) {
+    return false;
+  }
+
+  std::vector<uint8_t> out = seed;
+
+  printf("%s\r\n", t->CurrentTestToString().c_str());
+
+  for (int count = 0; count < 100; count++) {
+    std::vector<uint8_t> msg;
+    msg.insert(msg.end(), out.begin(), out.end());
+    msg.insert(msg.end(), out.begin(), out.end());
+    msg.insert(msg.end(), out.begin(), out.end());
+    for (int i = 0; i < 1000; i++) {
+      unsigned digest_len;
+      if (!EVP_Digest(msg.data(), msg.size(), out.data(), &digest_len, md,
+                      nullptr) ||
+          digest_len != out.size()) {
+        return false;
+      }
+
+      msg.erase(msg.begin(), msg.begin() + out.size());
+      msg.insert(msg.end(), out.begin(), out.end());
+    }
+    printf("COUNT = %d\r\n", count);
+    printf("MD = %s\r\n\r\n", EncodeHex(out.data(), out.size()).c_str());
+  }
+
+  return true;
+}
+
+static int usage(char *arg) {
+  fprintf(stderr, "usage: %s <hash> <test file>\n", arg);
+  return 1;
+}
+
+int main(int argc, char **argv) {
+  CRYPTO_library_init();
+
+  if (argc != 3) {
+    return usage(argv[0]);
+  }
+
+  TestCtx ctx = {std::string(argv[1])};
+
+  printf("# Generated by");
+  for (int i = 0; i < argc; i++) {
+    printf(" %s", argv[i]);
+  }
+  printf("\r\n\r\n");
+
+  return FileTestMainSilent(TestSHAMonte, &ctx, argv[2]);
+}

crypto/fipsoracle/cavp_sha_test.cc

@@ -0,0 +1,96 @@
+/* Copyright (c) 2017, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+// cavp_sha_test processes a NIST CAVP SHA test vector request file and emits
+// the corresponding response. An optional sample vector file can be passed to
+// verify the result.
+
+#include <stdlib.h>
+
+#include <openssl/crypto.h>
+#include <openssl/digest.h>
+
+#include "../test/file_test.h"
+#include "cavp_test_util.h"
+
+
+struct TestCtx {
+  std::string hash;
+};
+
+static bool TestSHA(FileTest *t, void *arg) {
+  TestCtx *ctx = reinterpret_cast<TestCtx *>(arg);
+
+  const EVP_MD *md = EVP_get_digestbyname(ctx->hash.c_str());
+  if (md == nullptr) {
+    return false;
+  }
+  const size_t md_len = EVP_MD_size(md);
+
+  std::string out_len;
+  if (!t->GetInstruction(&out_len, "L") ||
+      md_len != strtoul(out_len.c_str(), nullptr, 0)) {
+    return false;
+  }
+
+  std::string msg_len_str;
+  std::vector<uint8_t> msg;
+  if (!t->GetAttribute(&msg_len_str, "Len") ||
+      !t->GetBytes(&msg, "Msg")) {
+    return false;
+  }
+
+  size_t msg_len = strtoul(msg_len_str.c_str(), nullptr, 0);
+  if (msg_len % 8 != 0 ||
+      msg_len / 8 > msg.size()) {
+    return false;
+  }
+  msg_len /= 8;
+
+  std::vector<uint8_t> out;
+  out.resize(md_len);
+  unsigned digest_len;
+  if (!EVP_Digest(msg.data(), msg_len, out.data(), &digest_len, md, nullptr) ||
+      digest_len != out.size()) {
+    return false;
+  }
+
+  printf("%s", t->CurrentTestToString().c_str());
+  printf("MD = %s\r\n\r\n", EncodeHex(out.data(), out.size()).c_str());
+
+  return true;
+}
+
+static int usage(char *arg) {
+  fprintf(stderr, "usage: %s <hash> <test file>\n", arg);
+  return 1;
+}
+
+int main(int argc, char **argv) {
+  CRYPTO_library_init();
+
+  if (argc != 3) {
+    return usage(argv[0]);
+  }
+
+  TestCtx ctx = {std::string(argv[1])};
+
+  printf("# Generated by");
+  for (int i = 0; i < argc; i++) {
+    printf(" %s", argv[i]);
+  }
+  printf("\r\n\r\n");
+
+  return FileTestMainSilent(TestSHA, &ctx, argv[2]);
+}

crypto/fipsoracle/run_cavp.go

@@ -111,11 +111,42 @@ var ecdsa2SigVerTests = testSuite{
 	[]test{{"SigVer", nil, false}},
 }
 
+var shaTests = testSuite{
+	"SHA",
+	"cavp_sha_test",
+	[]test{
+		{"SHA1LongMsg", []string{"SHA1"}, false},
+		{"SHA1ShortMsg", []string{"SHA1"}, false},
+		{"SHA224LongMsg", []string{"SHA224"}, false},
+		{"SHA224ShortMsg", []string{"SHA224"}, false},
+		{"SHA256LongMsg", []string{"SHA256"}, false},
+		{"SHA256ShortMsg", []string{"SHA256"}, false},
+		{"SHA384LongMsg", []string{"SHA384"}, false},
+		{"SHA384ShortMsg", []string{"SHA384"}, false},
+		{"SHA512LongMsg", []string{"SHA512"}, false},
+		{"SHA512ShortMsg", []string{"SHA512"}, false},
+	},
+}
+
+var shaMonteTests = testSuite{
+	"SHA",
+	"cavp_sha_monte_test",
+	[]test{
+		{"SHA1Monte", []string{"SHA1"}, false},
+		{"SHA224Monte", []string{"SHA224"}, false},
+		{"SHA256Monte", []string{"SHA256"}, false},
+		{"SHA384Monte", []string{"SHA384"}, false},
+		{"SHA512Monte", []string{"SHA512"}, false},
+	},
+}
+
 var allTestSuites = []*testSuite{
 	&aesGCMTests,
 	&aesTests,
 	&ecdsa2PKVTests,
 	&ecdsa2SigVerTests,
+	&shaTests,
+	&shaMonteTests,
 }
 
 func main() {

crypto/test/file_test.cc

@@ -96,7 +96,7 @@ FileTest::ReadResult FileTest::ReadNext() {
 
   ClearTest();
 
-  static const size_t kBufLen = 64 + 8192 * 2;
+  static const size_t kBufLen = 8192 * 4;
   std::unique_ptr<char[]> buf(new char[kBufLen]);
 
   bool in_instruction_block = false;