kris
/
boringssl
1
0
複製 0
程式碼 問題管理 0 合併請求 0 版本發佈 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5693 Commit
12 分支
38 MiB
 
 
 
 
 
 
目錄樹: 1908667015
分支列表 標籤列表
${ item.name }
Create branch ${ searchTerm }
from '1908667015'
${ noResults }
boringssl/fipstools/cavp_tlskdf_test.cc

114 line
4.1 KiB
原始文件 Blame 文件歷史 

  1. /* Copyright (c) 2018, Google Inc.

  2.  *

  3.  * Permission to use, copy, modify, and/or distribute this software for any

  4.  * purpose with or without fee is hereby granted, provided that the above

  5.  * copyright notice and this permission notice appear in all copies.

  6.  *

  7.  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

  8.  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

  9.  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY

  10.  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

  11.  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION

  12.  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN

  13.  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */

  14. 

  15. // cavp_tlskdf_test processes NIST TLS KDF test vectors and emits the

  16. // corresponding response.

  17. // See https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/components/askdfvs.pdf, section 6.4.

  18. 

  19. #include <vector>

  20. 

  21. #include <errno.h>

  22. 

  23. #include <openssl/digest.h>

  24. 

  25. #include "cavp_test_util.h"

  26. #include "../crypto/fipsmodule/tls/internal.h"

  27. #include "../crypto/test/file_test.h"

  28. 

  29. 

  30. static bool TestTLSKDF(FileTest *t, void *arg) {

  31.   const EVP_MD *md = nullptr;

  32. 

  33.   if (t->HasInstruction("TLS 1.0/1.1")) {

  34.     md = EVP_md5_sha1();

  35.   } else if (t->HasInstruction("TLS 1.2")) {

  36.     if (t->HasInstruction("SHA-256")) {

  37.       md = EVP_sha256();

  38.     } else if (t->HasInstruction("SHA-384")) {

  39.       md = EVP_sha384();

  40.     } else if (t->HasInstruction("SHA-512")) {

  41.       md = EVP_sha512();

  42.     }

  43.   }

  44. 

  45.   if (md == nullptr) {

  46.     return false;

  47.   }

  48. 

  49.   std::string key_block_len_str;

  50.   std::vector<uint8_t> premaster, server_random, client_random,

  51.       key_block_server_random, key_block_client_random;

  52.   if (!t->GetBytes(&premaster, "pre_master_secret") ||

  53.       !t->GetBytes(&server_random, "serverHello_random") ||

  54.       !t->GetBytes(&client_random, "clientHello_random") ||

  55.       // The NIST tests specify different client and server randoms for the

  56.       // expansion step from the master-secret step. This is impossible in TLS.

  57.       !t->GetBytes(&key_block_server_random, "server_random") ||

  58.       !t->GetBytes(&key_block_client_random, "client_random") ||

  59.       !t->GetInstruction(&key_block_len_str, "key block length") ||

  60.       // These are ignored.

  61.       !t->HasAttribute("COUNT") ||

  62.       !t->HasInstruction("pre-master secret length")) {

  63.     return false;

  64.   }

  65. 

  66.   uint8_t master_secret[48];

  67.   static const char kMasterSecretLabel[] = "master secret";

  68.   if (!CRYPTO_tls1_prf(md, master_secret, sizeof(master_secret),

  69.                        premaster.data(), premaster.size(), kMasterSecretLabel,

  70.                        sizeof(kMasterSecretLabel) - 1, client_random.data(),

  71.                        client_random.size(), server_random.data(),

  72.                        server_random.size())) {

  73.     return false;

  74.   }

  75. 

  76.   errno = 0;

  77.   const long int key_block_bits =

  78.       strtol(key_block_len_str.c_str(), nullptr, 10);

  79.   if (errno != 0 || key_block_bits <= 0 || (key_block_bits & 7) != 0) {

  80.     return false;

  81.   }

  82.   const size_t key_block_len = key_block_bits / 8;

  83.   std::vector<uint8_t> key_block(key_block_len);

  84.   static const char kLabel[] = "key expansion";

  85.   if (!CRYPTO_tls1_prf(

  86.           md, key_block.data(), key_block.size(), master_secret,

  87.           sizeof(master_secret), kLabel, sizeof(kLabel) - 1,

  88.           key_block_server_random.data(), key_block_server_random.size(),

  89.           key_block_client_random.data(), key_block_client_random.size())) {

  90.     return false;

  91.   }

  92. 

  93.   printf("%smaster_secret = %s\r\nkey_block = %s\r\n\r\n",

  94.          t->CurrentTestToString().c_str(),

  95.          EncodeHex(master_secret, sizeof(master_secret)).c_str(),

  96.          EncodeHex(key_block.data(), key_block.size()).c_str());

  97. 

  98.   return true;

  99. }

  100. 

  101. int cavp_tlskdf_test_main(int argc, char **argv) {

  102.   if (argc != 2) {

  103.     fprintf(stderr, "usage: %s <test file>\n", argv[0]);

  104.     return 1;

  105.   }

  106. 

  107.   FileTest::Options opts;

  108.   opts.path = argv[1];

  109.   opts.callback = TestTLSKDF;

  110.   opts.silent = true;

  111.   opts.comment_callback = EchoComment;

  112.   return FileTestMain(opts);

  113. }