Commit 65ec1333 authored by Jonas Allmann's avatar Jonas Allmann

Bug 1508666 - AES-GCM Wycheproof testcases, r=franziskus

This patch also introduces the ./mach wycheproof command to update wycheproof test cases.

Differential Revision: https://phabricator.services.mozilla.com/D12559

--HG--
extra : amend_source : c26676c838d47f96e704dbd283cb221dedd9ef5e
parent 3b6a2dd9
This diff is collapsed.
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this file,
# You can obtain one at http://mozilla.org/MPL/2.0/.
import json
import os
script_dir = os.path.dirname(os.path.abspath(__file__))
source_file = os.path.join(script_dir, 'testvectors/aes_gcm_test.json')
base_file = os.path.join(script_dir, 'header_bases/gcm-vectors.h')
target_file = os.path.join(script_dir, '../gcm-vectors.h')
# Imports a JSON testvector file.
def import_testvector(file):
with open(file) as f:
vectors = json.loads(f.read())
return vectors
# Writes one testvector into C-header format. (Not clang-format conform)
def format_testcase(vector):
result = "{{ {},\n".format(vector["tcId"])
result += " \"{}\",\n".format(vector["key"])
result += " \"{}\",\n".format(vector["msg"])
result += " \"{}\",\n".format(vector["aad"])
result += " \"{}\",\n".format(vector["iv"])
result += " \"\",\n"
result += " \"{}\",\n".format(vector["tag"])
result += " \"{}\",\n".format(vector["ct"] + vector["tag"])
result += " {},\n".format(str(vector["result"] == "invalid").lower())
result += " {}}},\n\n".format(str("ZeroLengthIv" in vector["flags"]).lower())
return result
def generate_aes_gcm():
cases = import_testvector(source_file)
with open(base_file) as base:
header = base.read()
header = header[:-27]
header += "\n\n// Testvectors from project wycheproof\n"
header += "// <https://github.com/google/wycheproof>\n"
header += "const gcm_kat_value kGcmWycheproofVectors[] = {\n"
for group in cases["testGroups"]:
for test in group["tests"]:
header += format_testcase(test)
header = header[:-3] + "};\n\n"
header += "#endif // gcm_vectors_h__\n"
with open(target_file, 'w') as target:
target.write(header)
def main():
generate_aes_gcm()
if __name__ == '__main__':
main()
/* vim: set ts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
/* This file is generated from sources in nss/gtests/common/wycheproof
* automatically and should not be touched manually.
* Generation is trigged by calling ./mach wycheproof */
#ifndef gcm_vectors_h__
#define gcm_vectors_h__
#include <string>
typedef struct gcm_kat_str {
uint32_t test_id;
std::string key;
std::string plaintext;
std::string additional_data;
std::string iv;
std::string hash_key;
std::string ghash;
std::string result;
bool invalid_ct;
bool invalid_iv;
} gcm_kat_value;
/*
* http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
*/
const gcm_kat_value kGcmKatValues[] = {
{1, "00000000000000000000000000000000", "", "", "000000000000000000000000",
"66e94bd4ef8a2c3b884cfa59ca342b2e", "00000000000000000000000000000000",
"58e2fccefa7e3061367f1d57a4e7455a", false, false},
{2, "00000000000000000000000000000000", "00000000000000000000000000000000",
"", "000000000000000000000000", "66e94bd4ef8a2c3b884cfa59ca342b2e",
"f38cbb1ad69223dcc3457ae5b6b0f885",
"0388dace60b6a392f328c2b971b2fe78ab6e47d42cec13bdf53a67b21257bddf", false,
false},
{3, "feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"", "cafebabefacedbaddecaf888", "b83b533708bf535d0aa6e52980d53b78",
"7f1b32b81b820d02614f8895ac1d4eac",
"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
"466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f59854d5c2af327cd64a62c"
"f35abd2ba6fab4",
false, false},
{4, "feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
"b83b533708bf535d0aa6e52980d53b78", "698e57f70e6ecc7fd9463b7260a9ae5f",
"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25"
"466931c7d8f6a5aac84aa051ba30b396a0aac973d58e0915bc94fbc3221a5db94fae95ae7"
"121a47",
false, false},
{5, "feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
"b83b533708bf535d0aa6e52980d53b78", "df586bb4c249b92cb6922877e444d37b",
"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e"
"49f24b22b097544d4896b424989b5e1ebac0f07c23f45983612d2e79e3b0785561be14aac"
"a2fccb",
false, false},
{6, "feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
"6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
"b83b533708bf535d0aa6e52980d53b78", "1c5afe9760d3932f3c9a878aac3dc3de",
"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4f"
"ba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5619cc5aefffe0bfa462af43c16"
"99d050",
false, false},
{7, "000000000000000000000000000000000000000000000000", "", "",
"000000000000000000000000", "aae06992acbf52a3e8f4a96ec9300bd7",
"00000000000000000000000000000000", "cd33b28ac773f74ba00ed1f312572435",
false, false},
{8, "000000000000000000000000000000000000000000000000",
"00000000000000000000000000000000", "", "000000000000000000000000",
"aae06992acbf52a3e8f4a96ec9300bd7", "e2c63f0ac44ad0e02efa05ab6743d4ce",
"98e7247c07f0fe411c267e4384b0f6002ff58d80033927ab8ef4d4587514f0fb", false,
false},
{9, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"", "cafebabefacedbaddecaf888", "466923ec9ae682214f2c082badb39249",
"51110d40f6c8fff0eb1ae33445a889f0",
"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
"144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade2569924a7c8587336bfb1"
"18024db8674a14",
false, false},
{10, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
"466923ec9ae682214f2c082badb39249", "ed2ce3062e4a8ec06db8b4c490e8a268",
"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c"
"144c525ac619d18c84a3f4718e2448b2fe324d9ccda27102519498e80f1478f37ba55bd6d"
"27618c",
false, false},
{11, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
"466923ec9ae682214f2c082badb39249", "1e6a133806607858ee80eaf237064089",
"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9"
"a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f765dcc57fcf623a24094fcca40d"
"3533f8",
false, false},
{12, "feffe9928665731c6d6a8f9467308308feffe9928665731c",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
"6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
"466923ec9ae682214f2c082badb39249", "82567fb0b4cc371801eadec005968e94",
"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012a"
"f34ddd9e2f037589b292db3e67c036745fa22e7e9b7373bdcf566ff291c25bbb8568fc3d3"
"76a6d9",
false, false},
{13, "0000000000000000000000000000000000000000000000000000000000000000", "",
"", "000000000000000000000000", "dc95c078a2408989ad48a21492842087",
"00000000000000000000000000000000", "530f8afbc74536b9a963b4f1c4cb738b",
false, false},
{14, "0000000000000000000000000000000000000000000000000000000000000000",
"00000000000000000000000000000000", "", "000000000000000000000000",
"dc95c078a2408989ad48a21492842087", "83de425c5edc5d498f382c441041ca92",
"cea7403d4d606b6e074ec5d3baf39d18d0d1c8a799996bf0265b98b5d48ab919", false,
false},
{15, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
"", "cafebabefacedbaddecaf888", "acbef20579b4b8ebce889bac8732dad7",
"4db870d37cb75fcb46097c36230d1612",
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
"90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015adb094dac5d93471bdec"
"1a502270e3cc6c",
false, false},
{16, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbaddecaf888",
"acbef20579b4b8ebce889bac8732dad7", "8bd0c4d8aacd391e67cca447e8c38f65",
"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e485"
"90dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f66276fc6ece0f4e1768cddf8853bb"
"2d551b",
false, false},
{17, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2", "cafebabefacedbad",
"acbef20579b4b8ebce889bac8732dad7", "75a34288b8c68f811c52b2e9a2f97f63",
"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33"
"934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f3a337dbf46a792c45e454913fe"
"2ea8f2",
false, false},
{18, "feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c959"
"56809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
"feedfacedeadbeeffeedfacedeadbeefabaddad2",
"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c9515"
"6809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
"acbef20579b4b8ebce889bac8732dad7", "d5ffcf6fc5ac4d69722187421a7f170b",
"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b78"
"0f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3fa44a8266ee1c8eb0c8b5d4cf5a"
"e9f19a",
false, false},
/* Extra, non-NIST, test case to test 64-bit binary multiplication carry
* correctness. This is a GHASH-only test. */
{19, "", "", "", "", "0000000000000000fcefef64ffc4766c",
"3561e34e52d8b598f9937982512fff27",
"0000000000000000ffcef9ebbffdbd8b00000000000000000000000000000000", false,
false}};
#endif // gcm_vectors_h__
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -26,7 +26,11 @@ class Pkcs11AesGcmTest : public ::testing::TestWithParam<gcm_kat_value> {
std::vector<uint8_t> plaintext = hex_string_to_bytes(val.plaintext);
std::vector<uint8_t> aad = hex_string_to_bytes(val.additional_data);
std::vector<uint8_t> result = hex_string_to_bytes(val.result);
bool invalid_ct = val.invalid_ct;
bool invalid_iv = val.invalid_iv;
std::stringstream s;
s << "Test #" << val.test_id << " failed.";
std::string msg = s.str();
// Ignore GHASH-only vectors.
if (key.empty()) {
return;
......@@ -50,7 +54,7 @@ class Pkcs11AesGcmTest : public ::testing::TestWithParam<gcm_kat_value> {
// Import key.
ScopedPK11SymKey symKey(PK11_ImportSymKey(
slot.get(), mech, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr));
EXPECT_TRUE(!!symKey);
ASSERT_TRUE(!!symKey) << msg;
// Encrypt.
unsigned int outputLen = 0;
......@@ -58,11 +62,21 @@ class Pkcs11AesGcmTest : public ::testing::TestWithParam<gcm_kat_value> {
SECStatus rv =
PK11_Encrypt(symKey.get(), mech, &params, output.data(), &outputLen,
output.size(), plaintext.data(), plaintext.size());
EXPECT_EQ(rv, SECSuccess);
ASSERT_EQ(outputLen, output.size());
if (invalid_iv) {
EXPECT_EQ(rv, SECFailure) << msg;
return;
} else {
EXPECT_EQ(rv, SECSuccess) << msg;
}
ASSERT_EQ(outputLen, output.size()) << msg;
// Check ciphertext and tag.
EXPECT_EQ(result, output);
if (invalid_ct) {
EXPECT_NE(result, output) << msg;
} else {
EXPECT_EQ(result, output) << msg;
}
// Decrypt.
unsigned int decryptedLen = 0;
......@@ -72,13 +86,13 @@ class Pkcs11AesGcmTest : public ::testing::TestWithParam<gcm_kat_value> {
rv =
PK11_Decrypt(symKey.get(), mech, &params, decrypted.data(),
&decryptedLen, decrypted.size(), output.data(), outputLen);
EXPECT_EQ(rv, SECSuccess);
ASSERT_EQ(decryptedLen, plaintext.size());
EXPECT_EQ(rv, SECSuccess) << msg;
ASSERT_EQ(decryptedLen, plaintext.size()) << msg;
// Check the plaintext.
EXPECT_EQ(plaintext,
std::vector<uint8_t>(decrypted.begin(),
decrypted.begin() + decryptedLen));
EXPECT_EQ(plaintext, std::vector<uint8_t>(decrypted.begin(),
decrypted.begin() + decryptedLen))
<< msg;
}
SECStatus EncryptWithIV(std::vector<uint8_t>& iv) {
......@@ -117,6 +131,9 @@ TEST_P(Pkcs11AesGcmTest, TestVectors) { RunTest(GetParam()); }
INSTANTIATE_TEST_CASE_P(NISTTestVector, Pkcs11AesGcmTest,
::testing::ValuesIn(kGcmKatValues));
INSTANTIATE_TEST_CASE_P(WycheproofTestVector, Pkcs11AesGcmTest,
::testing::ValuesIn(kGcmWycheproofVectors));
TEST_F(Pkcs11AesGcmTest, ZeroLengthIV) {
std::vector<uint8_t> iv(0);
EXPECT_EQ(EncryptWithIV(iv), SECFailure);
......
......@@ -17,6 +17,7 @@ import platform
import tempfile
from hashlib import sha256
from gtests.common.wycheproof.genaesgcm import generate_aes_gcm
DEVNULL = open(os.devnull, 'wb')
cwd = os.path.dirname(os.path.abspath(__file__))
......@@ -212,6 +213,22 @@ class commandsAction(argparse.Action):
for c in commandsAction.commands:
print(c)
class wycheproofAction(argparse.Action):
tests = ['aes_gcm_test.json']
def __call__(self, parser, args, values, option_string=None):
self.update_tests()
generate_aes_gcm()
clangFormat = cfAction(None, None, None)
clangFormat(None, args, None)
def update_tests(self):
remote = "https://raw.githubusercontent.com/google/wycheproof/master/testvectors/"
for test in self.tests:
subprocess.check_call(['wget', remote+test, '-O',
'gtests/common/wycheproof/testvectors/'+test,
'--no-check-certificate'])
def parse_arguments():
parser = argparse.ArgumentParser(
......@@ -270,6 +287,18 @@ def parse_arguments():
nargs='*',
action=commandsAction)
parser_wycheproof = subparsers.add_parser(
'wycheproof',
help="generate wycheproof test headers")
parser_wycheproof.add_argument(
'--noroot',
help='On linux, suppress the use of \'sudo\' for running docker.',
action='store_true')
parser_wycheproof.add_argument(
'wycheproof',
nargs='*',
action=wycheproofAction)
commandsAction.commands = [c for c in subparsers.choices]
return parser.parse_args()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment