1 files changed, 153 insertions, 0 deletions

diff --git a/src/util/fipstools/cavp/cavp_kas_test.cc b/src/util/fipstools/cavp/cavp_kas_test.cc
new file mode 100644
index 00000000..f89bc973
--- /dev/null
+++ b/src/util/fipstools/cavp/cavp_kas_test.cc
@@ -0,0 +1,153 @@
+/* Copyright (c) 2018, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+// cavp_kas_test processes NIST CAVP ECC KAS test vector request files and
+// emits the corresponding response.
+
+#include <vector>
+
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include <openssl/digest.h>
+#include <openssl/ecdh.h>
+#include <openssl/ecdsa.h>
+#include <openssl/ec_key.h>
+#include <openssl/err.h>
+#include <openssl/nid.h>
+#include <openssl/sha.h>
+
+#include "../crypto/internal.h"
+#include "../crypto/test/file_test.h"
+#include "cavp_test_util.h"
+
+
+static bool TestKAS(FileTest *t, void *arg) {
+  const bool validate = *reinterpret_cast<bool *>(arg);
+
+  int nid = NID_undef;
+  size_t digest_len = 0;
+
+  if (t->HasInstruction("EB - SHA224")) {
+    nid = NID_secp224r1;
+    digest_len = SHA224_DIGEST_LENGTH;
+  } else if (t->HasInstruction("EC - SHA256")) {
+    nid = NID_X9_62_prime256v1;
+    digest_len = SHA256_DIGEST_LENGTH;
+  } else if (t->HasInstruction("ED - SHA384")) {
+    nid = NID_secp384r1;
+    digest_len = SHA384_DIGEST_LENGTH;
+  } else if (t->HasInstruction("EE - SHA512")) {
+    nid = NID_secp521r1;
+    digest_len = SHA512_DIGEST_LENGTH;
+  } else {
+    return false;
+  }
+
+  if (!t->HasAttribute("COUNT")) {
+    return false;
+  }
+
+  bssl::UniquePtr<BIGNUM> their_x(GetBIGNUM(t, "QeCAVSx"));
+  bssl::UniquePtr<BIGNUM> their_y(GetBIGNUM(t, "QeCAVSy"));
+  bssl::UniquePtr<EC_KEY> ec_key(EC_KEY_new_by_curve_name(nid));
+  bssl::UniquePtr<BN_CTX> ctx(BN_CTX_new());
+  if (!their_x || !their_y || !ec_key || !ctx) {
+    return false;
+  }
+
+  const EC_GROUP *const group = EC_KEY_get0_group(ec_key.get());
+  bssl::UniquePtr<EC_POINT> their_point(EC_POINT_new(group));
+  if (!their_point ||
+      !EC_POINT_set_affine_coordinates_GFp(
+          group, their_point.get(), their_x.get(), their_y.get(), ctx.get())) {
+    return false;
+  }
+
+  if (validate) {
+    bssl::UniquePtr<BIGNUM> our_k(GetBIGNUM(t, "deIUT"));
+    if (!our_k ||
+        !EC_KEY_set_private_key(ec_key.get(), our_k.get()) ||
+        // These attributes are ignored.
+        !t->HasAttribute("QeIUTx") ||
+        !t->HasAttribute("QeIUTy")) {
+      return false;
+    }
+  } else if (!EC_KEY_generate_key(ec_key.get())) {
+    return false;
+  }
+
+  uint8_t digest[EVP_MAX_MD_SIZE];
+  if (!ECDH_compute_key_fips(digest, digest_len, their_point.get(),
+                             ec_key.get())) {
+    return false;
+  }
+
+  if (validate) {
+    std::vector<uint8_t> expected_shared_bytes;
+    if (!t->GetBytes(&expected_shared_bytes, "CAVSHashZZ")) {
+      return false;
+    }
+    const bool ok =
+        digest_len == expected_shared_bytes.size() &&
+        OPENSSL_memcmp(digest, expected_shared_bytes.data(), digest_len) == 0;
+
+    printf("%sIUTHashZZ = %s\r\nResult = %c\r\n\r\n\r\n",
+           t->CurrentTestToString().c_str(),
+           EncodeHex(digest, digest_len).c_str(), ok ? 'P' : 'F');
+  } else {
+    const EC_POINT *pub = EC_KEY_get0_public_key(ec_key.get());
+    bssl::UniquePtr<BIGNUM> x(BN_new());
+    bssl::UniquePtr<BIGNUM> y(BN_new());
+    if (!x || !y ||
+        !EC_POINT_get_affine_coordinates_GFp(group, pub, x.get(), y.get(),
+                                             ctx.get())) {
+      return false;
+    }
+    bssl::UniquePtr<char> x_hex(BN_bn2hex(x.get()));
+    bssl::UniquePtr<char> y_hex(BN_bn2hex(y.get()));
+
+    printf("%sQeIUTx = %s\r\nQeIUTy = %s\r\nHashZZ = %s\r\n",
+           t->CurrentTestToString().c_str(), x_hex.get(), y_hex.get(),
+           EncodeHex(digest, digest_len).c_str());
+  }
+
+  return true;
+}
+
+int cavp_kas_test_main(int argc, char **argv) {
+  if (argc != 3) {
+    fprintf(stderr, "usage: %s (validity|function) <test file>\n",
+            argv[0]);
+    return 1;
+  }
+
+  bool validity;
+  if (strcmp(argv[1], "validity") == 0) {
+    validity = true;
+  } else if (strcmp(argv[1], "function") == 0) {
+    validity = false;
+  } else {
+    fprintf(stderr, "Unknown test type: %s\n", argv[1]);
+    return 1;
+  }
+
+  FileTest::Options opts;
+  opts.path = argv[2];
+  opts.arg = &validity;
+  opts.callback = TestKAS;
+  opts.silent = true;
+  opts.comment_callback = EchoComment;
+  opts.is_kas_test = true;
+  return FileTestMain(opts);
+}