The branch master has been updated via e4755452b7bd93c37d0d4b09ebfc7d2cb2f1f498 (commit) via 7f6a58bcc6ac8e06770d17be5ec24dd27fdc691b (commit) from ff67949521c929a243309f8a983b14a129820b0f (commit)
- Log ----------------------------------------------------------------- commit e4755452b7bd93c37d0d4b09ebfc7d2cb2f1f498 Author: Pauli <paul.d...@oracle.com> Date: Tue Jun 9 11:48:49 2020 +1000 NIST DRBG test vector data file. Current 2020-06-09. Vectors are from: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/68) commit 7f6a58bcc6ac8e06770d17be5ec24dd27fdc691b Author: Pauli <paul.d...@oracle.com> Date: Tue Jun 9 11:46:59 2020 +1000 rand-drbg: Add conversion script to create data for DRBG testing. NIST's DRBG test data set isn't ideal for evp_test to process. This script massages the data into a format which is more suitable. Reviewed-by: Matt Caswell <m...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/68) ----------------------------------------------------------------------- Summary of changes: nist-conversion/README.md | 10 +++ nist-conversion/convert_nist_drbg_test_data.lua | 88 ++++++++++++++++++++++++ nist-conversion/drbgtestvectors.zip | Bin 0 -> 13682977 bytes 3 files changed, 98 insertions(+) create mode 100644 nist-conversion/README.md create mode 100755 nist-conversion/convert_nist_drbg_test_data.lua create mode 100644 nist-conversion/drbgtestvectors.zip diff --git a/nist-conversion/README.md b/nist-conversion/README.md new file mode 100644 index 0000000..5d3d8bd --- /dev/null +++ b/nist-conversion/README.md @@ -0,0 +1,10 @@ +This directory contains tools that are used to convert between NIST supplied +test data sets and internal formats. + +The `convert_nist_drbg_test_data.lua` script converts the +[NIST DRBG test data]: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip +to a format suitable for use in evp_test. + +The `drbgtestvectors.zip` file contains the DRGB test vectors that the +`convert_nist_drbg_test_data.lua` script converted for the current OpenSSL +source repository. diff --git a/nist-conversion/convert_nist_drbg_test_data.lua b/nist-conversion/convert_nist_drbg_test_data.lua new file mode 100755 index 0000000..be7fe4b --- /dev/null +++ b/nist-conversion/convert_nist_drbg_test_data.lua @@ -0,0 +1,88 @@ +#!/usr/bin/env lua + +--[[ +A script to convert NIST DRBG test data into a format that evp_test can use. + +After unpacking the NIST DRBG test data found at: + https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip + +Each of the nine test files needs to be run through this script. The files are +three set of three corresponding to the no reseeding, no prediction resistance +and the prediction resistance suites. Each trio should be processed: + + ./convert_nist_drbg_test_data < CTR_DRBG.rsp >>evprand.txt + ./convert_nist_drbg_test_data < Hash_DRBG.rsp >>evprand.txt + ./convert_nist_drbg_test_data mac < HMAC_DRBG.rsp >>evprand.txt + +It is advisable to also include title lines between each of the test suites. + +--]] + +local hname = (arg[1] and arg[1]:find('mac')) and 'HMAC-DRBG' or 'HASH-DRBG' + +local state = 'skip' +local index +local remap = { + ReturnedBits = 'Count', + EntropyInput = 'Entropy', + PersonalizationString = 'PersonalisationString', + ReturnedBits = 'Output', + EntropyInputPR = 'EntropyPredictionResistance', + EntropyInputReseed = 'ReseedEntropy', + AdditionalInputReseed = 'ReseedAdditionalInput', +} + +for line in io.lines() do + line = line:gsub(string.char(13), '') + if line:len() > 1 and line:sub(1,1) ~= '#' then + if line:sub(1,1) == '[' then + if state == 'body' or state == 'skip' then + index = 0 + addin = string.byte('A') - 1 + if line:find 'AES' then + state = 'header' + print '' + print 'RAND = CTR-DRBG' + if line:find 'no df' then + print 'Availablein = default' + end + print('Cipher = ' .. line:sub(2):gsub('%s.*', '') .. '-CTR') + if line:find 'use df' then + print 'DerivationFunction = 1' + end + elseif line:find 'SHA' then + state = 'header' + print '' + print('RAND = ' .. hname) + print('Digest = ' .. line:gsub('[][]', '')) + else + state = 'skip' + end + end + if state ~= 'skip' and line:find 'PredictionResistance' then + print('PredictionResistance = ' .. (line:find('True') and 1 or 0)) + end + if state ~= 'skip' and line:find 'ReturnedBitsLen' then + print('GenerateBits = '.. line:sub(20):gsub(']', '')) + end + elseif state ~= 'skip' then + state = 'body' + local pos = line:find '=' + if pos then + local k, v = line:gsub('%s*=.*', ''), line:gsub('.*=%s*', '') + k = remap[k] and remap[k] or k + if k == 'COUNT' then + index = tonumber(v) + addin = string.byte('A') - 1 + elseif k == 'AdditionalInput' or k == 'EntropyPredictionResistance' then + if k == 'AdditionalInput' then addin = addin + 1 end + if v ~= '' then + print(string.format('%s%c.%d = %s', k, addin, index, v)) + end + elseif v ~= '' then + print(string.format('%s.%d = %s', k, index, v)) + end + end + end + end +end diff --git a/nist-conversion/drbgtestvectors.zip b/nist-conversion/drbgtestvectors.zip new file mode 100644 index 0000000..e2f2abc Binary files /dev/null and b/nist-conversion/drbgtestvectors.zip differ