Mirror of BoringSSL (grpc依赖)
https://boringssl.googlesource.com/boringssl
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
148 lines
4.6 KiB
148 lines
4.6 KiB
// Copyright (c) 2021, Google Inc. |
|
// |
|
// Permission to use, copy, modify, and/or distribute this software for any |
|
// purpose with or without fee is hereby granted, provided that the above |
|
// copyright notice and this permission notice appear in all copies. |
|
// |
|
// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
|
// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
|
// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
|
// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
|
// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
|
// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
|
// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
|
|
|
package subprocess |
|
|
|
import ( |
|
"encoding/binary" |
|
"encoding/hex" |
|
"encoding/json" |
|
"fmt" |
|
) |
|
|
|
// The following structures reflect the JSON of ACVP hash tests. See |
|
// https://pages.nist.gov/ACVP/draft-celi-acvp-symmetric.html |
|
|
|
type xtsTestVectorSet struct { |
|
Groups []xtsTestGroup `json:"testGroups"` |
|
} |
|
|
|
type xtsTestGroup struct { |
|
ID uint64 `json:"tgId"` |
|
Type string `json:"testType"` |
|
Direction string `json:"direction"` |
|
KeyLen int `json:"keyLen"` |
|
PayloadLen int `json:"payloadLen"` |
|
Tests []struct { |
|
ID uint64 `json:"tcId"` |
|
KeyHex string `json:"key"` |
|
PlaintextHex string `json:"pt"` |
|
CiphertextHex string `json:"ct"` |
|
SectorNum *uint64 `json:"sequenceNumber"` |
|
TweakHex *string `json:"tweakValue"` |
|
} `json:"tests"` |
|
} |
|
|
|
type xtsTestGroupResponse struct { |
|
ID uint64 `json:"tgId"` |
|
Tests []xtsTestResponse `json:"tests"` |
|
} |
|
|
|
type xtsTestResponse struct { |
|
ID uint64 `json:"tcId"` |
|
PlaintextHex string `json:"pt,omitempty"` |
|
CiphertextHex string `json:"ct,omitempty"` |
|
} |
|
|
|
// xts implements an ACVP algorithm by making requests to the subprocess to |
|
// encrypt/decrypt with AES-XTS. |
|
type xts struct{} |
|
|
|
func (h *xts) Process(vectorSet []byte, m Transactable) (interface{}, error) { |
|
var parsed xtsTestVectorSet |
|
if err := json.Unmarshal(vectorSet, &parsed); err != nil { |
|
return nil, err |
|
} |
|
|
|
var ret []xtsTestGroupResponse |
|
for _, group := range parsed.Groups { |
|
response := xtsTestGroupResponse{ |
|
ID: group.ID, |
|
} |
|
|
|
if group.Type != "AFT" { |
|
return nil, fmt.Errorf("unknown XTS test type %q", group.Type) |
|
} |
|
|
|
var decrypt bool |
|
switch group.Direction { |
|
case "encrypt": |
|
decrypt = false |
|
case "decrypt": |
|
decrypt = true |
|
default: |
|
return nil, fmt.Errorf("unknown XTS direction %q", group.Direction) |
|
} |
|
|
|
funcName := "AES-XTS/" + group.Direction |
|
|
|
for _, test := range group.Tests { |
|
if group.KeyLen != len(test.KeyHex)*4/2 { |
|
return nil, fmt.Errorf("test case %d/%d contains hex message of length %d but specifies a key length of %d (remember that XTS keys are twice the length of the underlying key size)", group.ID, test.ID, len(test.KeyHex), group.KeyLen) |
|
} |
|
key, err := hex.DecodeString(test.KeyHex) |
|
if err != nil { |
|
return nil, fmt.Errorf("failed to decode hex in test case %d/%d: %s", group.ID, test.ID, err) |
|
} |
|
|
|
var tweak [16]byte |
|
if test.TweakHex != nil { |
|
t, err := hex.DecodeString(*test.TweakHex) |
|
if err != nil { |
|
return nil, fmt.Errorf("failed to decode hex in test case %d/%d: %s", group.ID, test.ID, err) |
|
} |
|
if len(t) != len(tweak) { |
|
return nil, fmt.Errorf("wrong tweak length (%d bytes) in test case %d/%d", len(t), group.ID, test.ID) |
|
} |
|
copy(tweak[:], t) |
|
} else if test.SectorNum != nil { |
|
// Sector numbers (or "sequence numbers", as NIST calls them) are turned |
|
// into tweak values by encoding them in little-endian form. See IEEE |
|
// 1619-2007, section 5.1. |
|
binary.LittleEndian.PutUint64(tweak[:8], *test.SectorNum) |
|
} else { |
|
return nil, fmt.Errorf("neither sector number nor explicit tweak in test case %d/%d", group.ID, test.ID) |
|
} |
|
|
|
var msg []byte |
|
if decrypt { |
|
msg, err = hex.DecodeString(test.CiphertextHex) |
|
} else { |
|
msg, err = hex.DecodeString(test.PlaintextHex) |
|
} |
|
|
|
if err != nil { |
|
return nil, fmt.Errorf("failed to decode hex in test case %d/%d: %s", group.ID, test.ID, err) |
|
} |
|
|
|
result, err := m.Transact(funcName, 1, key, msg, tweak[:]) |
|
if err != nil { |
|
return nil, fmt.Errorf("submodule failed on test case %d/%d: %s", group.ID, test.ID, err) |
|
} |
|
|
|
testResponse := xtsTestResponse{ID: test.ID} |
|
if decrypt { |
|
testResponse.PlaintextHex = hex.EncodeToString(result[0]) |
|
} else { |
|
testResponse.CiphertextHex = hex.EncodeToString(result[0]) |
|
} |
|
|
|
response.Tests = append(response.Tests, testResponse) |
|
} |
|
|
|
ret = append(ret, response) |
|
} |
|
|
|
return ret, nil |
|
}
|
|
|