[tools] master update

Dr. Paul Dale pauli at openssl.org
Tue Jun 23 23:18:21 UTC 2020


The branch master has been updated
       via  e4755452b7bd93c37d0d4b09ebfc7d2cb2f1f498 (commit)
       via  7f6a58bcc6ac8e06770d17be5ec24dd27fdc691b (commit)
      from  ff67949521c929a243309f8a983b14a129820b0f (commit)


- Log -----------------------------------------------------------------
commit e4755452b7bd93c37d0d4b09ebfc7d2cb2f1f498
Author: Pauli <paul.dale at oracle.com>
Date:   Tue Jun 9 11:48:49 2020 +1000

    NIST DRBG test vector data file.  Current 2020-06-09.
    Vectors are from:
        https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/68)

commit 7f6a58bcc6ac8e06770d17be5ec24dd27fdc691b
Author: Pauli <paul.dale at oracle.com>
Date:   Tue Jun 9 11:46:59 2020 +1000

    rand-drbg: Add conversion script to create data for DRBG testing.
    
    NIST's DRBG test data set isn't ideal for evp_test to process.  This script
    massages the data into a format which is more suitable.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/68)

-----------------------------------------------------------------------

Summary of changes:
 nist-conversion/README.md                       |  10 +++
 nist-conversion/convert_nist_drbg_test_data.lua |  88 ++++++++++++++++++++++++
 nist-conversion/drbgtestvectors.zip             | Bin 0 -> 13682977 bytes
 3 files changed, 98 insertions(+)
 create mode 100644 nist-conversion/README.md
 create mode 100755 nist-conversion/convert_nist_drbg_test_data.lua
 create mode 100644 nist-conversion/drbgtestvectors.zip

diff --git a/nist-conversion/README.md b/nist-conversion/README.md
new file mode 100644
index 0000000..5d3d8bd
--- /dev/null
+++ b/nist-conversion/README.md
@@ -0,0 +1,10 @@
+This directory contains tools that are used to convert between NIST supplied
+test data sets and internal formats.
+
+The `convert_nist_drbg_test_data.lua` script converts the
+[NIST DRBG test data]: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip
+to a format suitable for use in evp_test.
+
+The `drbgtestvectors.zip` file contains the DRGB test vectors that the
+`convert_nist_drbg_test_data.lua` script converted for the current OpenSSL
+source repository.
diff --git a/nist-conversion/convert_nist_drbg_test_data.lua b/nist-conversion/convert_nist_drbg_test_data.lua
new file mode 100755
index 0000000..be7fe4b
--- /dev/null
+++ b/nist-conversion/convert_nist_drbg_test_data.lua
@@ -0,0 +1,88 @@
+#!/usr/bin/env lua
+
+--[[
+A script to convert NIST DRBG test data into a format that evp_test can use.
+
+After unpacking the NIST DRBG test data found at:
+    https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip
+
+Each of the nine test files needs to be run through this script.  The files are
+three set of three corresponding to the no reseeding, no prediction resistance
+and the prediction resistance suites.  Each trio should be processed:
+
+    ./convert_nist_drbg_test_data < CTR_DRBG.rsp >>evprand.txt
+    ./convert_nist_drbg_test_data < Hash_DRBG.rsp >>evprand.txt
+    ./convert_nist_drbg_test_data mac < HMAC_DRBG.rsp >>evprand.txt
+
+It is advisable to also include title lines between each of the test suites.
+
+--]]
+
+local hname = (arg[1] and arg[1]:find('mac')) and 'HMAC-DRBG' or 'HASH-DRBG'
+
+local state = 'skip'
+local index
+local remap = {
+    ReturnedBits = 'Count',
+    EntropyInput = 'Entropy',
+    PersonalizationString = 'PersonalisationString',
+    ReturnedBits = 'Output',
+    EntropyInputPR = 'EntropyPredictionResistance',
+    EntropyInputReseed = 'ReseedEntropy',
+    AdditionalInputReseed = 'ReseedAdditionalInput',
+}
+
+for line in io.lines() do
+    line = line:gsub(string.char(13), '')
+    if line:len() > 1 and line:sub(1,1) ~= '#' then
+        if line:sub(1,1) ==  '[' then
+            if state == 'body' or state == 'skip' then
+                index = 0
+                addin = string.byte('A') - 1
+                if line:find 'AES' then
+                    state = 'header'
+                    print ''
+                    print 'RAND = CTR-DRBG'
+                    if line:find 'no df' then
+                        print 'Availablein = default'
+                    end
+                    print('Cipher = ' .. line:sub(2):gsub('%s.*', '') .. '-CTR')
+                    if line:find 'use df' then
+                        print 'DerivationFunction = 1'
+                    end
+                elseif line:find 'SHA' then
+                    state = 'header'
+                    print ''
+                    print('RAND = ' .. hname)
+                    print('Digest = ' .. line:gsub('[][]', ''))
+                else
+                    state = 'skip'
+                end
+            end
+            if state ~= 'skip' and line:find 'PredictionResistance' then
+                print('PredictionResistance = ' .. (line:find('True') and 1 or 0))
+            end
+            if state ~= 'skip' and line:find 'ReturnedBitsLen' then
+                print('GenerateBits = '.. line:sub(20):gsub(']', ''))
+            end
+        elseif state ~= 'skip' then
+            state = 'body'
+            local pos = line:find '='
+            if pos then
+                local k, v = line:gsub('%s*=.*', ''), line:gsub('.*=%s*', '')
+                k = remap[k] and remap[k] or k
+                if k == 'COUNT' then
+                    index = tonumber(v)
+                    addin = string.byte('A') - 1
+                elseif k == 'AdditionalInput' or k == 'EntropyPredictionResistance' then
+                    if k == 'AdditionalInput' then addin = addin + 1 end
+                    if v ~= '' then
+                        print(string.format('%s%c.%d = %s', k, addin, index, v))
+                    end
+                elseif v ~= '' then
+                    print(string.format('%s.%d = %s', k, index, v))
+                end
+            end
+        end
+    end
+end
diff --git a/nist-conversion/drbgtestvectors.zip b/nist-conversion/drbgtestvectors.zip
new file mode 100644
index 0000000..e2f2abc
Binary files /dev/null and b/nist-conversion/drbgtestvectors.zip differ


More information about the openssl-commits mailing list