// run_cavp.go processes CAVP input files and generates suitable response
// files, optionally comparing the results against the provided FAX files.
package main
import (
"bufio"
"errors"
"flag"
"fmt"
"os"
"os/exec"
"path"
"path/filepath"
"runtime"
"strings"
"sync"
"time"
)
var (
oraclePath = flag.String("oracle-bin", "", "Path to the oracle binary")
suiteDir = flag.String("suite-dir", "", "Base directory containing the CAVP test suite")
noFAX = flag.Bool("no-fax", false, "Skip comparing against FAX files")
android = flag.Bool("android", false, "Run tests via ADB")
)
const (
androidTmpPath = "/data/local/tmp/"
androidCAVPPath = androidTmpPath + "cavp"
androidLibCryptoPath = androidTmpPath + "libcrypto.so"
)
// test describes a single request file.
type test struct {
// inFile is the base of the filename without an extension, i.e.
// “ECBMCT128”.
inFile string
// args are the arguments (not including the input filename) to the
// oracle binary.
args []string
// noFAX, if true, indicates that the output cannot be compared against
// the FAX file. (E.g. because the primitive is non-deterministic.)
noFAX bool
}
// nextLineState can be used by FAX next-line function to store state.
type nextLineState struct {
// State used by the KAS test.
nextIsIUTHash bool
}
// testSuite describes a series of tests that are handled by a single oracle
// binary.
type testSuite struct {
// directory is the name of the directory in the CAVP input, i.e. “AES”.
directory string
// suite names the test suite to pass as the first command-line argument.
suite string
// nextLineFunc, if not nil, is the function used to read the next line
// from the FAX file. This can be used to skip lines and/or mutate them
// as needed. The second argument can be used by the scanner to store
// state, if needed. If isWildcard is true on return then line is not
// meaningful and any line from the response file should be accepted.
nextLineFunc func(*bufio.Scanner, *nextLineState) (line string, isWildcard, ok bool)
tests []test
}
func (t *testSuite) getDirectory() string {
return filepath.Join(*suiteDir, t.directory)
}
var aesGCMTests = testSuite{
"AES_GCM",
"aes_gcm",
nil,
[]test{
{"gcmDecrypt128", []string{"dec", "aes-128-gcm"}, false},
{"gcmDecrypt256", []string{"dec", "aes-256-gcm"}, false},
{"gcmEncryptExtIV128", []string{"enc", "aes-128-gcm"}, false},
{"gcmEncryptExtIV256", []string{"enc", "aes-256-gcm"}, false},
},
}
var aesTests = testSuite{
"AES",
"aes",
nil,
[]test{
{"CBCGFSbox128", []string{"kat", "aes-128-cbc"}, false},
{"CBCGFSbox192", []string{"kat", "aes-192-cbc"}, false},
{"CBCGFSbox256", []string{"kat", "aes-256-cbc"}, false},
{"CBCKeySbox128", []string{"kat", "aes-128-cbc"}, false},
{"CBCKeySbox192", []string{"kat", "aes-192-cbc"}, false},
{"CBCKeySbox256", []string{"kat", "aes-256-cbc"}, false},
{"CBCMMT128", []string{"kat", "aes-128-cbc"}, false},
{"CBCMMT192", []string{"kat", "aes-192-cbc"}, false},
{"CBCMMT256", []string{"kat", "aes-256-cbc"}, false},
{"CBCVarKey128", []string{"kat", "aes-128-cbc"}, false},
{"CBCVarKey192", []string{"kat", "aes-192-cbc"}, false},
{"CBCVarKey256", []string{"kat", "aes-256-cbc"}, false},
{"CBCVarTxt128", []string{"kat", "aes-128-cbc"}, false},
{"CBCVarTxt192", []string{"kat", "aes-192-cbc"}, false},
{"CBCVarTxt256", []string{"kat", "aes-256-cbc"}, false},
{"ECBGFSbox128", []string{"kat", "aes-128-ecb"}, false},
{"ECBGFSbox192", []string{"kat", "aes-192-ecb"}, false},
{"ECBGFSbox256", []string{"kat", "aes-256-ecb"}, false},
{"ECBKeySbox128", []string{"kat", "aes-128-ecb"}, false},
{"ECBKeySbox192", []string{"kat", "aes-192-ecb"}, false},
{"ECBKeySbox256", []string{"kat", "aes-256-ecb"}, false},
{"ECBMMT128", []string{"kat", "aes-128-ecb"}, false},
{"ECBMMT192", []string{"kat", "aes-192-ecb"}, false},
{"ECBMMT256", []string{"kat", "aes-256-ecb"}, false},
{"ECBVarKey128", []string{"kat", "aes-128-ecb"}, false},
{"ECBVarKey192", []string{"kat", "aes-192-ecb"}, false},
{"ECBVarKey256", []string{"kat", "aes-256-ecb"}, false},
{"ECBVarTxt128", []string{"kat", "aes-128-ecb"}, false},
{"ECBVarTxt192", []string{"kat", "aes-192-ecb"}, false},
{"ECBVarTxt256", []string{"kat", "aes-256-ecb"}, false},
// AES Monte-Carlo tests
{"ECBMCT128", []string{"mct", "aes-128-ecb"}, false},
{"ECBMCT192", []string{"mct", "aes-192-ecb"}, false},
{"ECBMCT256", []string{"mct", "aes-256-ecb"}, false},
{"CBCMCT128", []string{"mct", "aes-128-cbc"}, false},
{"CBCMCT192", []string{"mct", "aes-192-cbc"}, false},
{"CBCMCT256", []string{"mct", "aes-256-cbc"}, false},
},
}
var ecdsa2KeyPairTests = testSuite{
"ECDSA2",
"ecdsa2_keypair",
nil,
[]test{{"KeyPair", nil, true}},
}
var ecdsa2PKVTests = testSuite{
"ECDSA2",
"ecdsa2_pkv",
nil,
[]test{{"PKV", nil, false}},
}
var ecdsa2SigGenTests = testSuite{
"ECDSA2",
"ecdsa2_siggen",
nil,
[]test{
{"SigGen", []string{"SigGen"}, true},
{"SigGenComponent", []string{"SigGenComponent"}, true},
},
}
var ecdsa2SigVerTests = testSuite{
"ECDSA2",
"ecdsa2_sigver",
nil,
[]test{{"SigVer", nil, false}},
}
var rsa2KeyGenTests = testSuite{
"RSA2",
"rsa2_keygen",
nil,
[]test{
{"KeyGen_RandomProbablyPrime3_3", nil, true},
},
}
var rsa2SigGenTests = testSuite{
"RSA2",
"rsa2_siggen",
nil,
[]test{
{"SigGen15_186-3", []string{"pkcs15"}, true},
{"SigGenPSS_186-3", []string{"pss"}, true},
},
}
var rsa2SigVerTests = testSuite{
"RSA2",
"rsa2_sigver",
func(s *bufio.Scanner, state *nextLineState) (string, bool, bool) {
for {
if !s.Scan() {
return "", false, false
}
line := s.Text()
if strings.HasPrefix(line, "p = ") || strings.HasPrefix(line, "d = ") || strings.HasPrefix(line, "SaltVal = ") || strings.HasPrefix(line, "EM with ") {
continue
}
if strings.HasPrefix(line, "q = ") {
// Skip the "q = " line and an additional blank line.
if !s.Scan() ||
len(strings.TrimSpace(s.Text())) > 0 {
return "", false, false
}
continue
}
return line, false, true
}
},
[]test{
{"SigVer15_186-3", []string{"pkcs15"}, false},
{"SigVerPSS_186-3", []string{"pss"}, false},
},
}
var hmacTests = testSuite{
"HMAC",
"hmac",
nil,
[]test{{"HMAC", nil, false}},
}
var shaTests = testSuite{
"SHA",
"sha",
nil,
[]test{
{"SHA1LongMsg", []string{"SHA1"}, false},
{"SHA1ShortMsg", []string{"SHA1"}, false},
{"SHA224LongMsg", []string{"SHA224"}, false},
{"SHA224ShortMsg", []string{"SHA224"}, false},
{"SHA256LongMsg", []string{"SHA256"}, false},
{"SHA256ShortMsg", []string{"SHA256"}, false},
{"SHA384LongMsg", []string{"SHA384"}, false},
{"SHA384ShortMsg", []string{"SHA384"}, false},
{"SHA512LongMsg", []string{"SHA512"}, false},
{"SHA512ShortMsg", []string{"SHA512"}, false},
},
}
var shaMonteTests = testSuite{
"SHA",
"sha_monte",
nil,
[]test{
{"SHA1Monte", []string{"SHA1"}, false},
{"SHA224Monte", []string{"SHA224"}, false},
{"SHA256Monte", []string{"SHA256"}, false},
{"SHA384Monte", []string{"SHA384"}, false},
{"SHA512Monte", []string{"SHA512"}, false},
},
}
var ctrDRBGTests = testSuite{
"DRBG800-90A",
"ctr_drbg",
nil,
[]test{{"CTR_DRBG", nil, false}},
}
var tdesTests = testSuite{
"TDES",
"tdes",
nil,
[]test{
{"TCBCMMT2", []string{"kat", "des-ede-cbc"}, false},
{"TCBCMMT3", []string{"kat", "des-ede3-cbc"}, false},
{"TCBCMonte2", []string{"mct", "des-ede3-cbc"}, false},
{"TCBCMonte3", []string{"mct", "des-ede3-cbc"}, false},
{"TCBCinvperm", []string{"kat", "des-ede3-cbc"}, false},
{"TCBCpermop", []string{"kat", "des-ede3-cbc"}, false},
{"TCBCsubtab", []string{"kat", "des-ede3-cbc"}, false},
{"TCBCvarkey", []string{"kat", "des-ede3-cbc"}, false},
{"TCBCvartext", []string{"kat", "des-ede3-cbc"}, false},
{"TECBMMT2", []string{"kat", "des-ede"}, false},
{"TECBMMT3", []string{"kat", "des-ede3"}, false},
{"TECBMonte2", []string{"mct", "des-ede3"}, false},
{"TECBMonte3", []string{"mct", "des-ede3"}, false},
{"TECBinvperm", []string{"kat", "des-ede3"}, false},
{"TECBpermop", []string{"kat", "des-ede3"}, false},
{"TECBsubtab", []string{"kat", "des-ede3"}, false},
{"TECBvarkey", []string{"kat", "des-ede3"}, false},
{"TECBvartext", []string{"kat", "des-ede3"}, false},
},
}
var keyWrapTests = testSuite{
"KeyWrap38F",
"keywrap",
nil,
[]test{
{"KW_AD_128", []string{"dec", "128"}, false},
{"KW_AD_256", []string{"dec", "256"}, false},
{"KW_AE_128", []string{"enc", "128"}, false},
{"KW_AE_256", []string{"enc", "256"}, false},
},
}
var kasTests = testSuite{
"KAS",
"kas",
func(s *bufio.Scanner, state *nextLineState) (line string, isWildcard, ok bool) {
for {
// If the response file will include the IUT hash next,
// return a wildcard signal because this cannot be
// matched against the FAX file.
if state.nextIsIUTHash {
state.nextIsIUTHash = false
return "", true, true
}
if !s.Scan() {
return "", false, false
}
line := s.Text()
if strings.HasPrefix(line, "deCAVS = ") || strings.HasPrefix(line, "Z = ") {
continue
}
if strings.HasPrefix(line, "CAVSHashZZ = ") {
state.nextIsIUTHash = true
}
return line, false, true
}
},
[]test{
{"KASFunctionTest_ECCEphemeralUnified_NOKC_ZZOnly_init", []string{"function"}, true},
{"KASFunctionTest_ECCEphemeralUnified_NOKC_ZZOnly_resp", []string{"function"}, true},
{"KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_init", []string{"validity"}, false},
{"KASValidityTest_ECCEphemeralUnified_NOKC_ZZOnly_resp", []string{"validity"}, false},
},
}
var tlsKDFTests = testSuite{
"KDF135",
"tlskdf",
nil,
[]test{
{"tls", nil, false},
},
}
var testSuites = []*testSuite{
&aesGCMTests,
&aesTests,
&ctrDRBGTests,
&ecdsa2KeyPairTests,
&ecdsa2PKVTests,
&ecdsa2SigGenTests,
&ecdsa2SigVerTests,
&hmacTests,
&keyWrapTests,
&rsa2KeyGenTests,
&rsa2SigGenTests,
&rsa2SigVerTests,
&shaTests,
&shaMonteTests,
&tdesTests,
&kasTests,
&tlsKDFTests,
}
// testInstance represents a specific test in a testSuite.
type testInstance struct {
suite *testSuite
testIndex int
}
func worker(wg *sync.WaitGroup, work <-chan testInstance) {
defer wg.Done()
for ti := range work {
test := ti.suite.tests[ti.testIndex]
if err := doTest(ti.suite, test); err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err)
os.Exit(2)
}
if !*noFAX && !test.noFAX {
if err := compareFAX(ti.suite, test); err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err)
os.Exit(3)
}
}
}
}
func checkAndroidPrereqs() error {
// The cavp binary, and a matching libcrypto.so, are required to be placed
// in /data/local/tmp before running this script.
if err := exec.Command("adb", "shell", "ls", androidCAVPPath).Run(); err != nil {
return errors.New("failed to list cavp binary; ensure that adb works and cavp binary is in place: " + err.Error())
}
if err := exec.Command("adb", "shell", "ls", androidLibCryptoPath).Run(); err != nil {
return errors.New("failed to list libcrypto.so; ensure that library is in place: " + err.Error())
}
return nil
}
func main() {
flag.Parse()
if *android {
if err := checkAndroidPrereqs(); err != nil {
fmt.Fprintf(os.Stderr, "%s\n", err)
os.Exit(1)
}
} else if len(*oraclePath) == 0 {
fmt.Fprintf(os.Stderr, "Must give -oracle-bin\n")
os.Exit(1)
}
work := make(chan testInstance)
var wg sync.WaitGroup
numWorkers := runtime.NumCPU()
if *android {
numWorkers = 1
}
for i := 0; i < numWorkers; i++ {
wg.Add(1)
go worker(&wg, work)
}
for _, suite := range testSuites {
for i := range suite.tests {
work <- testInstance{suite, i}
}
}
close(work)
wg.Wait()
}
func doTest(suite *testSuite, test test) error {
bin := *oraclePath
var args []string
if *android {
bin = "adb"
args = []string{"shell", "LD_LIBRARY_PATH=" + androidTmpPath, androidCAVPPath}
}
args = append(args, suite.suite)
args = append(args, test.args...)
reqPath := filepath.Join(suite.getDirectory(), "req", test.inFile+".req")
var reqPathOnDevice string
if *android {
reqPathOnDevice = path.Join(androidTmpPath, test.inFile+".req")
if err := exec.Command("adb", "push", reqPath, reqPathOnDevice).Run(); err != nil {
return errors.New("failed to push request file: " + err.Error())
}
args = append(args, reqPathOnDevice)
} else {
args = append(args, reqPath)
}
respDir := filepath.Join(suite.getDirectory(), "resp")
if err := os.Mkdir(respDir, 0755); err != nil && !os.IsExist(err) {
return fmt.Errorf("cannot create resp directory: %s", err)
}
outPath := filepath.Join(respDir, test.inFile+".rsp")
outFile, err := os.OpenFile(outPath, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
if err != nil {
return fmt.Errorf("cannot open output file for %q %q: %s", suite.getDirectory(), test.inFile, err)
}
defer outFile.Close()
cmd := exec.Command(bin, args...)
cmd.Stdout = outFile
cmd.Stderr = os.Stderr
cmdLine := strings.Join(append([]string{bin}, args...), " ")
startTime := time.Now()
if err := cmd.Run(); err != nil {
return fmt.Errorf("cannot run command for %q %q (%s): %s", suite.getDirectory(), test.inFile, cmdLine, err)
}
fmt.Printf("%s (%ds)\n", cmdLine, int(time.Since(startTime).Seconds()))
if *android {
exec.Command("adb", "shell", "rm", reqPathOnDevice).Run()
}
return nil
}
func canonicalizeLine(in string) string {
if strings.HasPrefix(in, "Result = P (") {
return "Result = P"
}
if strings.HasPrefix(in, "Result = F (") {
return "Result = F"
}
return in
}
func compareFAX(suite *testSuite, test test) error {
nextLineFunc := suite.nextLineFunc
if nextLineFunc == nil {
nextLineFunc = func(s *bufio.Scanner, state *nextLineState) (string, bool, bool) {
if !s.Scan() {
return "", false, false
}
return s.Text(), false, true
}
}
respPath := filepath.Join(suite.getDirectory(), "resp", test.inFile+".rsp")
respFile, err := os.Open(respPath)
if err != nil {
return fmt.Errorf("cannot read output of %q %q: %s", suite.getDirectory(), test.inFile, err)
}
defer respFile.Close()
faxPath := filepath.Join(suite.getDirectory(), "fax", test.inFile+".fax")
faxFile, err := os.Open(faxPath)
if err != nil {
return fmt.Errorf("cannot open fax file for %q %q: %s", suite.getDirectory(), test.inFile, err)
}
defer faxFile.Close()
respScanner := bufio.NewScanner(respFile)
faxScanner := bufio.NewScanner(faxFile)
var nextLineState nextLineState
lineNo := 0
inHeader := true
for respScanner.Scan() {
lineNo++
respLine := respScanner.Text()
var faxLine string
var isWildcard, ok bool
if inHeader && (len(respLine) == 0 || respLine[0] == '#') {
continue
}
for {
haveFaxLine := false
if inHeader {
for {
if faxLine, isWildcard, ok = nextLineFunc(faxScanner, &nextLineState); !ok {
break
}
if len(faxLine) != 0 && faxLine[0] != '#' {
haveFaxLine = true
break
}
}
inHeader = false
} else {
faxLine, isWildcard, haveFaxLine = nextLineFunc(faxScanner, &nextLineState)
}
if !haveFaxLine {
// Ignore blank lines at the end of the generated file.
if len(respLine) == 0 {
break
}
return fmt.Errorf("resp file is longer than fax for %q %q", suite.getDirectory(), test.inFile)
}
if strings.HasPrefix(faxLine, " (Reason: ") {
continue
}
break
}
if isWildcard || canonicalizeLine(faxLine) == canonicalizeLine(respLine) {
continue
}
return fmt.Errorf("resp and fax differ at line %d for %q %q: %q vs %q", lineNo, suite.getDirectory(), test.inFile, respLine, faxLine)
}
if _, _, ok := nextLineFunc(faxScanner, &nextLineState); ok {
return fmt.Errorf("fax file is longer than resp for %q %q", suite.getDirectory(), test.inFile)
}
return nil
}