Skip to content

Commit 282b528

Browse files
bryce-shangbryce-shang
authored
Align the self-test of KAS-FFC with its ACVP tests. (#256)
* Add FFC DH self test. * Remove duplicate FFC DH test.
1 parent 16503c5 commit 282b528

1 file changed

Lines changed: 190 additions & 1 deletion

File tree

crypto/fipsmodule/self_check/self_check.c

Lines changed: 190 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -220,6 +220,119 @@ static RSA *self_test_rsa_key(void) {
220220
return rsa;
221221
}
222222

223+
static DH *self_test_ffc_dh_key(const uint8_t *p, size_t p_len,
224+
const uint8_t *q, size_t q_len,
225+
const uint8_t *g, size_t g_len,
226+
const uint8_t *priv_key, size_t priv_key_len,
227+
const uint8_t *pub_key, size_t pub_key_len) {
228+
DH *dh = DH_new();
229+
if (dh == NULL ||
230+
!set_bignum(&dh->p, p, p_len) ||
231+
!set_bignum(&dh->q, q, q_len) ||
232+
!set_bignum(&dh->g, g, g_len) ||
233+
!set_bignum(&dh->priv_key, priv_key, priv_key_len) ||
234+
!set_bignum(&dh->pub_key, pub_key, pub_key_len)) {
235+
DH_free(dh);
236+
return NULL;
237+
}
238+
return dh;
239+
}
240+
241+
// domainParameterGenerationMode is FB
242+
static DH *self_test_ffc_dh_fb_key(void) {
243+
// The data is fetched from ACVP data.
244+
// Details are available in CryptoAlg-851?selectedConversation=c0120d22-f2bd-4eae-8ae6-b04fcca86743
245+
// File name: 197488/683891/testvector-request.json
246+
// Other details: "tgId": 2, "tcId": 6
247+
static const uint8_t kDH_p[256] = {
248+
0xd9, 0xc4, 0x37, 0xc1, 0xa3, 0xe3, 0x5c, 0xb8, 0xbe, 0xc8, 0x0a, 0x83,
249+
0xa3, 0xd3, 0x04, 0x3f, 0xd1, 0x4c, 0x40, 0xbd, 0x3c, 0x3c, 0x29, 0x26,
250+
0xe5, 0x16, 0xde, 0xde, 0xd7, 0xdf, 0xe6, 0x68, 0x4f, 0x85, 0xa2, 0x46,
251+
0x65, 0xc1, 0xaf, 0xa8, 0x61, 0x99, 0xf8, 0xc3, 0xd9, 0xd3, 0xa9, 0xc9,
252+
0x15, 0xa9, 0x13, 0x5c, 0x0b, 0xac, 0xf6, 0x7c, 0xbc, 0xe9, 0x35, 0x6c,
253+
0xac, 0xf1, 0x28, 0xa2, 0x43, 0xef, 0xfd, 0x2a, 0x59, 0xd8, 0x5d, 0x89,
254+
0x7e, 0x28, 0x90, 0x46, 0xf5, 0x44, 0xa8, 0x07, 0x8e, 0x70, 0xef, 0x27,
255+
0x36, 0x78, 0x24, 0x3a, 0x22, 0xd4, 0x16, 0xa8, 0xb4, 0xea, 0x6c, 0x13,
256+
0x6c, 0xd9, 0x98, 0xc2, 0x59, 0xfe, 0xdb, 0x99, 0xf9, 0xeb, 0x07, 0x7d,
257+
0x43, 0xdd, 0x5e, 0xbf, 0x39, 0x59, 0xb4, 0xb8, 0x64, 0x88, 0xfe, 0xdb,
258+
0x6c, 0x8a, 0x43, 0xac, 0x67, 0x13, 0xa9, 0x78, 0x79, 0xa7, 0xff, 0x4e,
259+
0xc6, 0x1a, 0x3e, 0x13, 0x3e, 0xe8, 0x15, 0x57, 0xab, 0x29, 0xe7, 0x86,
260+
0x5e, 0x8c, 0xb3, 0x24, 0xb0, 0x3c, 0x6a, 0x3c, 0x7d, 0x4c, 0xc9, 0xb5,
261+
0x4d, 0x31, 0xb5, 0x0a, 0x28, 0xbb, 0x7d, 0x02, 0x75, 0x12, 0xa6, 0xca,
262+
0x9d, 0x1f, 0x28, 0x45, 0xb9, 0xaf, 0x63, 0x66, 0xbb, 0x49, 0x3f, 0x28,
263+
0x66, 0x8c, 0xb5, 0x1d, 0x81, 0x08, 0xbd, 0x1e, 0x6b, 0x43, 0x31, 0x4e,
264+
0x88, 0x48, 0x25, 0xe8, 0xc4, 0xd7, 0x83, 0x5f, 0xa3, 0x65, 0x1a, 0xc7,
265+
0x2d, 0x3b, 0xeb, 0xb0, 0xb2, 0xa9, 0x83, 0x96, 0xaa, 0x7c, 0x23, 0x15,
266+
0x0e, 0x2e, 0x6e, 0x46, 0x5d, 0x1b, 0x34, 0xc0, 0x70, 0xfd, 0xa8, 0x8d,
267+
0x82, 0x97, 0x10, 0xd4, 0x3e, 0x45, 0x16, 0x3e, 0x54, 0x42, 0x4a, 0x2a,
268+
0x76, 0x5c, 0x6f, 0x30, 0x44, 0x1d, 0xf8, 0xc7, 0x07, 0xe2, 0xb8, 0xd9,
269+
0xac, 0x74, 0x73, 0x09
270+
};
271+
static const uint8_t kDH_q[28] = {
272+
0xcc, 0x9c, 0x34, 0x91, 0x8e, 0x8b, 0xa0, 0x86, 0x23, 0xa2, 0x76, 0x82,
273+
0xeb, 0xd1, 0x98, 0x5f, 0xab, 0x27, 0x56, 0x44, 0x66, 0x70, 0x50, 0xc9,
274+
0x35, 0xdc, 0x14, 0xc7
275+
};
276+
static const uint8_t kDH_g[256] = {
277+
0x31, 0xee, 0x30, 0xb2, 0x17, 0x6f, 0x2a, 0xd1, 0x67, 0x09, 0xdf, 0x01,
278+
0x38, 0x0b, 0x81, 0xf6, 0x7a, 0x5d, 0xee, 0x06, 0xd0, 0xed, 0x20, 0x0e,
279+
0x80, 0xda, 0xe0, 0x97, 0x7d, 0xda, 0x02, 0xff, 0x86, 0xf2, 0x9f, 0x6a,
280+
0x30, 0x20, 0xe4, 0x3f, 0x71, 0x1a, 0x69, 0x04, 0x16, 0x60, 0xa6, 0xae,
281+
0x04, 0xb0, 0x33, 0xe5, 0xbd, 0xdb, 0x7a, 0x39, 0xaf, 0x70, 0xf7, 0x5c,
282+
0x55, 0xfb, 0x31, 0x56, 0xe7, 0xe4, 0xee, 0xa1, 0x15, 0x87, 0xf2, 0xdd,
283+
0x58, 0x65, 0x75, 0x09, 0xc1, 0x4d, 0xe9, 0xf4, 0x84, 0xb6, 0x8b, 0x66,
284+
0xf8, 0xde, 0xf0, 0x10, 0x0f, 0x8d, 0x6d, 0xc3, 0x7d, 0x82, 0x65, 0x3e,
285+
0x34, 0x99, 0xb6, 0x62, 0xe9, 0x71, 0x94, 0x5e, 0x6a, 0x55, 0x0f, 0x9e,
286+
0xc7, 0x7f, 0x53, 0xb3, 0x5c, 0x3b, 0x26, 0x83, 0xc1, 0xbc, 0x50, 0xc8,
287+
0xac, 0xbc, 0xd0, 0x40, 0xf9, 0x3c, 0x41, 0x28, 0xa0, 0xeb, 0xef, 0xb3,
288+
0x58, 0xe4, 0x57, 0xaa, 0xf8, 0x5d, 0x97, 0x1f, 0x29, 0xd5, 0x69, 0xcc,
289+
0x2d, 0xd3, 0xcf, 0xf9, 0x72, 0x8f, 0xae, 0xe3, 0x41, 0x93, 0x3f, 0x34,
290+
0x3e, 0x36, 0x8c, 0xdc, 0xd4, 0x37, 0x55, 0x8b, 0x81, 0xaa, 0xff, 0xa7,
291+
0x0b, 0xaf, 0xb3, 0x76, 0xe3, 0x12, 0xb4, 0x24, 0xcf, 0xfb, 0x42, 0x43,
292+
0x2e, 0xb7, 0x48, 0x01, 0xcf, 0x24, 0x03, 0x84, 0x74, 0x0a, 0x7a, 0xa2,
293+
0xaa, 0x3f, 0x38, 0xc0, 0x77, 0xa2, 0xb3, 0x60, 0x30, 0x00, 0x77, 0xdc,
294+
0x10, 0x5a, 0xd8, 0xc1, 0x82, 0xde, 0xb7, 0x48, 0x79, 0xa5, 0x0c, 0xd0,
295+
0x6c, 0x52, 0xde, 0x5d, 0xf0, 0x4a, 0x58, 0x3b, 0x8e, 0xde, 0xf1, 0xc0,
296+
0x42, 0x63, 0x1e, 0x4d, 0xcf, 0x26, 0x44, 0x9e, 0x50, 0x98, 0x03, 0xbc,
297+
0x5b, 0xfc, 0xef, 0x07, 0x3d, 0xae, 0xf7, 0xda, 0x9d, 0x76, 0x8a, 0x8d,
298+
0xa8, 0xb4, 0xe9, 0x79
299+
};
300+
const uint8_t kDH_private_key[28] = {
301+
0x75, 0x89, 0x8a, 0xbe, 0xc3, 0xc9, 0xc8, 0x7b, 0x04, 0x49, 0x47, 0xf6,
302+
0xc5, 0x1f, 0x9f, 0x71, 0x7f, 0x4a, 0x1d, 0x7c, 0xc3, 0x9a, 0xae, 0xcd,
303+
0x83, 0x53, 0xba, 0x25
304+
};
305+
const uint8_t kDH_public_key[256] = {
306+
0x80, 0xbc, 0xbe, 0xf0, 0xad, 0x46, 0xfe, 0x97, 0x79, 0x4b, 0xd1, 0x49,
307+
0x00, 0x04, 0xf0, 0x7f, 0x32, 0xac, 0x56, 0x17, 0x6b, 0xea, 0x84, 0xb5,
308+
0xdc, 0xc7, 0x2f, 0xec, 0x5e, 0x87, 0xd2, 0xd6, 0xa6, 0x9a, 0xbd, 0x73,
309+
0x12, 0x8b, 0x6a, 0x8a, 0x42, 0xe9, 0x21, 0x74, 0x28, 0xda, 0x64, 0xb2,
310+
0x8b, 0x05, 0x04, 0x80, 0x02, 0xcf, 0x8a, 0xab, 0xa0, 0xfe, 0x9c, 0xfb,
311+
0xfd, 0x3e, 0xb9, 0xa5, 0xfe, 0x08, 0xa5, 0xf3, 0x97, 0xdd, 0x28, 0x38,
312+
0x33, 0x41, 0x0d, 0x84, 0x1f, 0x46, 0xd3, 0x03, 0xfb, 0x6e, 0xac, 0x2f,
313+
0x17, 0x97, 0x5f, 0xad, 0x73, 0x23, 0xd2, 0xb3, 0x71, 0x26, 0xdb, 0x0e,
314+
0x97, 0xa4, 0x15, 0x36, 0x2c, 0x61, 0xc1, 0x21, 0xa6, 0xd1, 0x4d, 0xc6,
315+
0x54, 0xb4, 0xad, 0x5e, 0x9c, 0x0f, 0xe8, 0x00, 0xd5, 0x4a, 0x62, 0x32,
316+
0xfe, 0x62, 0x9e, 0x0b, 0x7c, 0xc8, 0x54, 0x8d, 0x83, 0xca, 0x36, 0x4d,
317+
0x0d, 0x5a, 0xbf, 0xe1, 0x5d, 0x5f, 0xfc, 0xc8, 0x3c, 0xc0, 0xec, 0xf4,
318+
0x35, 0x62, 0xd4, 0x16, 0xc3, 0x18, 0x0b, 0xf0, 0x41, 0x52, 0x9e, 0x57,
319+
0xa7, 0xf9, 0xfd, 0x14, 0xfc, 0x1b, 0x5c, 0xa5, 0x85, 0xf3, 0x05, 0xb6,
320+
0x6c, 0xde, 0xa0, 0x58, 0x49, 0xe0, 0xcc, 0x53, 0x25, 0x9f, 0xbd, 0xfb,
321+
0xab, 0x75, 0x83, 0x18, 0xc4, 0x9d, 0x2a, 0x95, 0xb0, 0x53, 0xc4, 0x7c,
322+
0xdc, 0x91, 0x55, 0x01, 0x93, 0xe1, 0x44, 0xd9, 0x64, 0x6c, 0xd9, 0xa5,
323+
0x70, 0xe9, 0x5b, 0x31, 0x83, 0x93, 0x1d, 0x79, 0x15, 0xfa, 0x8e, 0x84,
324+
0x4f, 0x04, 0x17, 0x8a, 0x12, 0x69, 0x83, 0x9c, 0xd6, 0x8b, 0x78, 0x58,
325+
0xfa, 0x2c, 0x6b, 0xeb, 0xe8, 0x47, 0xf8, 0x14, 0x0e, 0x33, 0x7a, 0x95,
326+
0xce, 0x34, 0x0f, 0x68, 0x32, 0x44, 0x76, 0xf6, 0xe8, 0x2e, 0x89, 0x72,
327+
0x11, 0x49, 0x04, 0x12
328+
};
329+
return self_test_ffc_dh_key(kDH_p, sizeof(kDH_p),
330+
kDH_q, sizeof(kDH_q),
331+
kDH_g, sizeof(kDH_g),
332+
kDH_private_key, sizeof(kDH_private_key),
333+
kDH_public_key, sizeof(kDH_public_key));
334+
}
335+
223336
static EC_KEY *self_test_ecdsa_key(void) {
224337
static const uint8_t kQx[] = {
225338
0xc8, 0x15, 0x61, 0xec, 0xf2, 0xe5, 0x4e, 0xde, 0xfe, 0x66, 0x17,
@@ -576,7 +689,65 @@ int boringssl_fips_self_test(
576689
0x00,
577690
#endif
578691
};
579-
692+
// |kDH_fb_peer_public| and |kDH_fb_z| is fetched from ACVP data.
693+
// domainParameterGenerationMode is FB.
694+
// Details are available in
695+
// CryptoAlg-851?selectedConversation=c0120d22-f2bd-4eae-8ae6-b04fcca86743
696+
// File name: 197488/683891/testvector-request.json
697+
// Other details: "tgId": 2, "tcId": 6
698+
const uint8_t kDH_fb_peer_public[256] = {
699+
0x8f, 0xbc, 0x50, 0x66, 0x4b, 0x2c, 0x9e, 0x2e, 0x7d, 0x4c, 0x64, 0x1a,
700+
0xe2, 0xd4, 0xd2, 0xcc, 0x6a, 0xcf, 0xe6, 0xbd, 0xf3, 0x3d, 0x39, 0xf2,
701+
0x1d, 0xe4, 0xc3, 0x45, 0xb4, 0x51, 0x7a, 0xbd, 0x9e, 0x7d, 0x49, 0xf2,
702+
0xbd, 0x03, 0x4d, 0x54, 0xf3, 0x97, 0x84, 0xfe, 0x07, 0x31, 0x98, 0x0e,
703+
0x78, 0x5f, 0xe8, 0x5d, 0xf4, 0x6a, 0xf4, 0xf9, 0xef, 0x25, 0x6b, 0x3e,
704+
0x1a, 0xb2, 0x0a, 0x42, 0xec, 0x19, 0xad, 0xe9, 0x68, 0xa9, 0x8f, 0xfd,
705+
0x51, 0xd4, 0x95, 0x88, 0x09, 0x83, 0x28, 0xc8, 0xd6, 0x54, 0x05, 0xd1,
706+
0xc3, 0x75, 0xb2, 0xbf, 0x03, 0xdd, 0x5f, 0x01, 0x18, 0x6b, 0xbb, 0x8d,
707+
0x49, 0x75, 0x2d, 0x0d, 0xdf, 0x62, 0x0b, 0xbf, 0x70, 0xbc, 0x58, 0x25,
708+
0xdb, 0x37, 0xde, 0xb2, 0xea, 0xd5, 0x11, 0x57, 0xc1, 0x83, 0x26, 0x53,
709+
0x5d, 0x61, 0x42, 0xf9, 0xbf, 0x51, 0xf8, 0x38, 0x93, 0x7f, 0x2d, 0xdd,
710+
0x5f, 0x57, 0xab, 0x41, 0xf2, 0xda, 0x88, 0xe8, 0x9d, 0x0d, 0xca, 0x5d,
711+
0x54, 0xe6, 0x79, 0xdf, 0xe2, 0x63, 0x8a, 0x62, 0x9f, 0x48, 0x1c, 0xc3,
712+
0x09, 0x80, 0x32, 0x46, 0x9c, 0x76, 0xe1, 0xf3, 0xa5, 0xa8, 0x4d, 0xac,
713+
0xb0, 0x2e, 0x42, 0x3c, 0x1d, 0x68, 0xf2, 0x88, 0xad, 0xd7, 0x3e, 0xa7,
714+
0xac, 0x4c, 0x13, 0x91, 0xc1, 0x43, 0xce, 0xa5, 0x20, 0x38, 0x7d, 0x8c,
715+
0x05, 0x2c, 0x96, 0xd2, 0xd6, 0x2a, 0x75, 0xc1, 0xf0, 0x15, 0xa1, 0x5c,
716+
0xed, 0x80, 0xf9, 0x2e, 0x47, 0x11, 0x2c, 0x15, 0x6d, 0x97, 0x6f, 0x7a,
717+
0x2e, 0x73, 0xf7, 0x1f, 0xc8, 0x89, 0xd9, 0x34, 0x62, 0x8a, 0xdc, 0xae,
718+
0xe2, 0xdf, 0xda, 0x03, 0x6d, 0xce, 0x8a, 0xe2, 0x02, 0xf3, 0xd9, 0xb7,
719+
0x86, 0xf5, 0x3d, 0x5f, 0x28, 0xeb, 0x74, 0x81, 0xd0, 0x40, 0x6e, 0xa6,
720+
0x90, 0x1f, 0x97, 0xbe
721+
};
722+
const uint8_t kDH_fb_z[256] = {
723+
0x8a, 0x03, 0x41, 0x31, 0x59, 0xda, 0x27, 0xff, 0x91, 0x0b, 0xd9, 0x46,
724+
0x08, 0x8f, 0x08, 0x67, 0x89, 0xa2, 0x0a, 0xac, 0x32, 0x9e, 0x8f, 0x05,
725+
0xde, 0x0d, 0x4f, 0xb8, 0x35, 0xf8, 0x5f, 0x56, 0x6f, 0x51, 0x75, 0xfd,
726+
0xa2, 0x50, 0x5e, 0x5e, 0x92, 0x42, 0x89, 0xd1, 0x6c, 0xe2, 0xab, 0x13,
727+
0x15, 0xd9, 0x72, 0x22, 0x66, 0x2e, 0x64, 0x83, 0x7d, 0x21, 0x51, 0x2b,
728+
0x8d, 0x79, 0xe5, 0x53, 0x4b, 0x7d, 0xf6, 0x6c, 0x8d, 0x13, 0x8a, 0xcc,
729+
0x9b, 0xed, 0x8d, 0xe9, 0x25, 0xd7, 0x31, 0x9b, 0x49, 0x0b, 0xc2, 0x5e,
730+
0x5e, 0xa7, 0x48, 0xb8, 0xf9, 0x66, 0xbc, 0x4e, 0x1e, 0x5b, 0xfe, 0x08,
731+
0x1f, 0x5f, 0x29, 0xdf, 0xfa, 0x27, 0x08, 0xad, 0x40, 0xff, 0x07, 0xd8,
732+
0xb6, 0xe8, 0x7e, 0x03, 0xc2, 0xe2, 0xdd, 0x29, 0xb1, 0x8d, 0x4b, 0x68,
733+
0x51, 0x94, 0xb9, 0x72, 0xb2, 0x49, 0x20, 0xa1, 0x80, 0x16, 0x09, 0x20,
734+
0x83, 0xa6, 0x13, 0x70, 0x0a, 0x42, 0x62, 0x8c, 0xd6, 0x1e, 0x9f, 0x64,
735+
0x18, 0x41, 0x48, 0x49, 0xe5, 0xcb, 0x3b, 0xd2, 0x86, 0x48, 0x92, 0x83,
736+
0x69, 0xc9, 0xa9, 0x99, 0xe6, 0xc7, 0xdc, 0x08, 0xee, 0xdc, 0x64, 0x43,
737+
0x42, 0xb7, 0x49, 0x39, 0x4b, 0x0d, 0x3a, 0xfc, 0x73, 0x63, 0xa7, 0x65,
738+
0x61, 0x9e, 0x45, 0xfd, 0x72, 0x0f, 0x6c, 0xef, 0x1a, 0x1d, 0xa7, 0xdc,
739+
0x81, 0xfd, 0x03, 0x62, 0x2a, 0x55, 0xbf, 0x88, 0x09, 0xf7, 0x1e, 0xd9,
740+
0xbc, 0xdd, 0x62, 0x33, 0xe7, 0xa0, 0xd5, 0xfa, 0x55, 0xca, 0xa0, 0xb8,
741+
0x47, 0xc7, 0xf4, 0xbc, 0x15, 0x98, 0x7d, 0x63, 0xf4, 0x71, 0xc0, 0x25,
742+
0x34, 0x96, 0x0f, 0xb5, 0xeb, 0xa9, 0x2e, 0x0c, 0xbf, 0x12, 0x99, 0xc0,
743+
0xbd, 0x0e, 0x65, 0xa3, 0xad, 0x77, 0x75, 0xc5, 0x99, 0xeb, 0x30, 0xe9,
744+
0x65, 0x90, 0xbc,
745+
#if !defined(BORINGSSL_FIPS_BREAK_FFC_DH)
746+
0x7e,
747+
#else
748+
0x00,
749+
#endif
750+
};
580751
EVP_AEAD_CTX aead_ctx;
581752
EVP_AEAD_CTX_zero(&aead_ctx);
582753
RSA *rsa_key = NULL;
@@ -803,6 +974,24 @@ int boringssl_fips_self_test(
803974
goto err;
804975
}
805976

977+
// FFC Diffie-Hellman KAT (domainParameterGenerationMode is FB).
978+
int fb_dh_ok = 0;
979+
DH *const fb_dh = self_test_ffc_dh_fb_key();
980+
BIGNUM* fb_peers_key = NULL;
981+
if (set_bignum(&fb_peers_key, kDH_fb_peer_public, sizeof(kDH_fb_peer_public)) && fb_dh) {
982+
uint8_t dh_out[sizeof(kDH_fb_z)];
983+
fb_dh_ok =
984+
sizeof(dh_out) == DH_size(fb_dh) &&
985+
DH_compute_key_padded(dh_out, fb_peers_key, fb_dh) == sizeof(dh_out) &&
986+
check_test(kDH_fb_z, dh_out, sizeof(dh_out), "FFC DH FB");
987+
}
988+
BN_free(fb_peers_key);
989+
DH_free(fb_dh);
990+
if (!fb_dh_ok) {
991+
fprintf(stderr, "FFDH FB failed.\n");
992+
goto err;
993+
}
994+
806995
// DBRG KAT
807996
CTR_DRBG_STATE drbg;
808997
if (!CTR_DRBG_init(&drbg, kDRBGEntropy, kDRBGPersonalization,

0 commit comments

Comments
 (0)