1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
/* Copyright (c) 2018, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
// cavp_tlskdf_test processes NIST TLS KDF test vectors and emits the
// corresponding response.
// See https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/components/askdfvs.pdf, section 6.4.
#include <vector>
#include <errno.h>
#include <openssl/digest.h>
#include "cavp_test_util.h"
#include "../crypto/fipsmodule/tls/internal.h"
#include "../crypto/test/file_test.h"
static bool TestTLSKDF(FileTest *t, void *arg) {
const EVP_MD *md = nullptr;
if (t->HasInstruction("TLS 1.0/1.1")) {
md = EVP_md5_sha1();
} else if (t->HasInstruction("TLS 1.2")) {
if (t->HasInstruction("SHA-256")) {
md = EVP_sha256();
} else if (t->HasInstruction("SHA-384")) {
md = EVP_sha384();
} else if (t->HasInstruction("SHA-512")) {
md = EVP_sha512();
}
}
if (md == nullptr) {
return false;
}
std::string key_block_len_str;
std::vector<uint8_t> premaster, server_random, client_random,
key_block_server_random, key_block_client_random;
if (!t->GetBytes(&premaster, "pre_master_secret") ||
!t->GetBytes(&server_random, "serverHello_random") ||
!t->GetBytes(&client_random, "clientHello_random") ||
// The NIST tests specify different client and server randoms for the
// expansion step from the master-secret step. This is impossible in TLS.
!t->GetBytes(&key_block_server_random, "server_random") ||
!t->GetBytes(&key_block_client_random, "client_random") ||
!t->GetInstruction(&key_block_len_str, "key block length") ||
// These are ignored.
!t->HasAttribute("COUNT") ||
!t->HasInstruction("pre-master secret length")) {
return false;
}
uint8_t master_secret[48];
static const char kMasterSecretLabel[] = "master secret";
if (!CRYPTO_tls1_prf(md, master_secret, sizeof(master_secret),
premaster.data(), premaster.size(), kMasterSecretLabel,
sizeof(kMasterSecretLabel) - 1, client_random.data(),
client_random.size(), server_random.data(),
server_random.size())) {
return false;
}
errno = 0;
const long int key_block_bits =
strtol(key_block_len_str.c_str(), nullptr, 10);
if (errno != 0 || key_block_bits <= 0 || (key_block_bits & 7) != 0) {
return false;
}
const size_t key_block_len = key_block_bits / 8;
std::vector<uint8_t> key_block(key_block_len);
static const char kLabel[] = "key expansion";
if (!CRYPTO_tls1_prf(
md, key_block.data(), key_block.size(), master_secret,
sizeof(master_secret), kLabel, sizeof(kLabel) - 1,
key_block_server_random.data(), key_block_server_random.size(),
key_block_client_random.data(), key_block_client_random.size())) {
return false;
}
printf("%smaster_secret = %s\r\nkey_block = %s\r\n\r\n",
t->CurrentTestToString().c_str(),
EncodeHex(master_secret, sizeof(master_secret)).c_str(),
EncodeHex(key_block.data(), key_block.size()).c_str());
return true;
}
int cavp_tlskdf_test_main(int argc, char **argv) {
if (argc != 2) {
fprintf(stderr, "usage: %s <test file>\n", argv[0]);
return 1;
}
FileTest::Options opts;
opts.path = argv[1];
opts.callback = TestTLSKDF;
opts.silent = true;
opts.comment_callback = EchoComment;
return FileTestMain(opts);
}
|
