[tools] master update
Dr. Paul Dale
pauli at openssl.org
Tue Jun 23 23:18:21 UTC 2020
The branch master has been updated
via e4755452b7bd93c37d0d4b09ebfc7d2cb2f1f498 (commit)
via 7f6a58bcc6ac8e06770d17be5ec24dd27fdc691b (commit)
from ff67949521c929a243309f8a983b14a129820b0f (commit)
- Log -----------------------------------------------------------------
commit e4755452b7bd93c37d0d4b09ebfc7d2cb2f1f498
Author: Pauli <paul.dale at oracle.com>
Date: Tue Jun 9 11:48:49 2020 +1000
NIST DRBG test vector data file. Current 2020-06-09.
Vectors are from:
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/68)
commit 7f6a58bcc6ac8e06770d17be5ec24dd27fdc691b
Author: Pauli <paul.dale at oracle.com>
Date: Tue Jun 9 11:46:59 2020 +1000
rand-drbg: Add conversion script to create data for DRBG testing.
NIST's DRBG test data set isn't ideal for evp_test to process. This script
massages the data into a format which is more suitable.
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/68)
-----------------------------------------------------------------------
Summary of changes:
nist-conversion/README.md | 10 +++
nist-conversion/convert_nist_drbg_test_data.lua | 88 ++++++++++++++++++++++++
nist-conversion/drbgtestvectors.zip | Bin 0 -> 13682977 bytes
3 files changed, 98 insertions(+)
create mode 100644 nist-conversion/README.md
create mode 100755 nist-conversion/convert_nist_drbg_test_data.lua
create mode 100644 nist-conversion/drbgtestvectors.zip
diff --git a/nist-conversion/README.md b/nist-conversion/README.md
new file mode 100644
index 0000000..5d3d8bd
--- /dev/null
+++ b/nist-conversion/README.md
@@ -0,0 +1,10 @@
+This directory contains tools that are used to convert between NIST supplied
+test data sets and internal formats.
+
+The `convert_nist_drbg_test_data.lua` script converts the
+[NIST DRBG test data]: https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip
+to a format suitable for use in evp_test.
+
+The `drbgtestvectors.zip` file contains the DRGB test vectors that the
+`convert_nist_drbg_test_data.lua` script converted for the current OpenSSL
+source repository.
diff --git a/nist-conversion/convert_nist_drbg_test_data.lua b/nist-conversion/convert_nist_drbg_test_data.lua
new file mode 100755
index 0000000..be7fe4b
--- /dev/null
+++ b/nist-conversion/convert_nist_drbg_test_data.lua
@@ -0,0 +1,88 @@
+#!/usr/bin/env lua
+
+--[[
+A script to convert NIST DRBG test data into a format that evp_test can use.
+
+After unpacking the NIST DRBG test data found at:
+ https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip
+
+Each of the nine test files needs to be run through this script. The files are
+three set of three corresponding to the no reseeding, no prediction resistance
+and the prediction resistance suites. Each trio should be processed:
+
+ ./convert_nist_drbg_test_data < CTR_DRBG.rsp >>evprand.txt
+ ./convert_nist_drbg_test_data < Hash_DRBG.rsp >>evprand.txt
+ ./convert_nist_drbg_test_data mac < HMAC_DRBG.rsp >>evprand.txt
+
+It is advisable to also include title lines between each of the test suites.
+
+--]]
+
+local hname = (arg[1] and arg[1]:find('mac')) and 'HMAC-DRBG' or 'HASH-DRBG'
+
+local state = 'skip'
+local index
+local remap = {
+ ReturnedBits = 'Count',
+ EntropyInput = 'Entropy',
+ PersonalizationString = 'PersonalisationString',
+ ReturnedBits = 'Output',
+ EntropyInputPR = 'EntropyPredictionResistance',
+ EntropyInputReseed = 'ReseedEntropy',
+ AdditionalInputReseed = 'ReseedAdditionalInput',
+}
+
+for line in io.lines() do
+ line = line:gsub(string.char(13), '')
+ if line:len() > 1 and line:sub(1,1) ~= '#' then
+ if line:sub(1,1) == '[' then
+ if state == 'body' or state == 'skip' then
+ index = 0
+ addin = string.byte('A') - 1
+ if line:find 'AES' then
+ state = 'header'
+ print ''
+ print 'RAND = CTR-DRBG'
+ if line:find 'no df' then
+ print 'Availablein = default'
+ end
+ print('Cipher = ' .. line:sub(2):gsub('%s.*', '') .. '-CTR')
+ if line:find 'use df' then
+ print 'DerivationFunction = 1'
+ end
+ elseif line:find 'SHA' then
+ state = 'header'
+ print ''
+ print('RAND = ' .. hname)
+ print('Digest = ' .. line:gsub('[][]', ''))
+ else
+ state = 'skip'
+ end
+ end
+ if state ~= 'skip' and line:find 'PredictionResistance' then
+ print('PredictionResistance = ' .. (line:find('True') and 1 or 0))
+ end
+ if state ~= 'skip' and line:find 'ReturnedBitsLen' then
+ print('GenerateBits = '.. line:sub(20):gsub(']', ''))
+ end
+ elseif state ~= 'skip' then
+ state = 'body'
+ local pos = line:find '='
+ if pos then
+ local k, v = line:gsub('%s*=.*', ''), line:gsub('.*=%s*', '')
+ k = remap[k] and remap[k] or k
+ if k == 'COUNT' then
+ index = tonumber(v)
+ addin = string.byte('A') - 1
+ elseif k == 'AdditionalInput' or k == 'EntropyPredictionResistance' then
+ if k == 'AdditionalInput' then addin = addin + 1 end
+ if v ~= '' then
+ print(string.format('%s%c.%d = %s', k, addin, index, v))
+ end
+ elseif v ~= '' then
+ print(string.format('%s.%d = %s', k, index, v))
+ end
+ end
+ end
+ end
+end
diff --git a/nist-conversion/drbgtestvectors.zip b/nist-conversion/drbgtestvectors.zip
new file mode 100644
index 0000000..e2f2abc
Binary files /dev/null and b/nist-conversion/drbgtestvectors.zip differ
More information about the openssl-commits
mailing list