public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

slhdsa: add Python script to convert NIST ACVP data to evp_test format

Browse source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26750)
This commit is contained in:
Pauli 2025-02-17 10:46:12 +11:00
parent 73e01df48d
commit 8c2cc4eea9
1 changed files with 149 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

149
test/slhdsa_parse.py Executable file
View file

@ -0,0 +1,149 @@
#!/usr/bin/env python3
#
# Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# A python program written to parse (version 42) of the ACVP test vectors for
# SLH_DSA. The 3 files that can be processed by this utility can be downloaded
# from
# https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/SLH-DSA-keyGen-FIPS204/internalProjection.json
# https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/SLH-DSA-sigGen-FIPS204/internalProjection.json
# https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/SLH-DSA-sigVer-FIPS204/internalProjection.json
# and output from this utility to
# test/recipes/30-test_evp_data/evppkey_slh_dsa_keygen.txt
# test/recipes/30-test_evp_data/evppkey_slh_dsa_siggen.txt
# test/recipes/30-test_evp_data/evppkey_slh_dsa_sigver.txt
#
# e.g. python3 slhdsa_parse.py ~/Downloads/keygen.json > ./test/recipes/30-test_evp_data/evppkey_slh_dsa_keygen.txt
#
import json
import argparse
import datetime
import re
import sys
def eprint(*args, **kwargs):
print(*args, file=sys.stderr, **kwargs)
def print_label(label, value):
print(label + " = " + value)
def print_hexlabel(label, tag, value):
print(label + " = hex" + tag + ":" + value)
def parse_slh_dsa_key_gen(groups):
for grp in groups:
name = grp['parameterSet'].replace('-', '_')
for tst in grp['tests']:
print("");
print_label("FIPSversion", ">=3.5.0")
print_label("KeyGen", grp['parameterSet'])
print_label("KeyName", "tcId" + str(tst['tcId']))
print_hexlabel("Ctrl", "seed", tst['skSeed'] + tst['skPrf'] + tst['pkSeed'])
print_hexlabel("CtrlOut", "pub", tst['pk'])
print_hexlabel("CtrlOut", "priv", tst['sk'])
def parse_slh_dsa_sig_gen(groups):
coverage = set()
for grp in groups:
name = grp['parameterSet'].replace('-', '_')
encoding = "1" if grp['preHash'] != 'none' else "0"
deterministic = "1" if grp['deterministic'] else "0"
for tst in grp['tests']:
if tst['hashAlg'] != 'none':
continue
# Check if there is a similar test already and skip if so
# Signature generation tests are very expensive, so we need to
# limit things substantially. By default, we only test one of
# the slow flavours and one of each kind of the fast ones.
if name.find('f') >= 0:
context = "1" if 'context' in tst else "0"
coverage_name = name + "_" + encoding + deterministic + context
else:
coverage_name = name
extended_test = coverage_name in coverage
coverage.add(coverage_name)
# Emit test case
testname = name + "_" + str(tst['tcId'])
print("");
print_label("PrivateKeyRaw", testname + ":" + grp['parameterSet'] + ":" + tst['sk'])
print("");
print_label("FIPSversion", ">=3.5.0")
print_label("Sign-Message", grp['parameterSet'] + ":" + testname)
if extended_test:
print_label("Extended-Test", "1")
print_label("Input", tst['message'])
print_label("Output", tst['signature'])
if 'additionalRandomness' in tst:
print_hexlabel("Ctrl", "test-entropy", tst['additionalRandomness']);
print_label("Ctrl", "deterministic:" + deterministic)
print_label("Ctrl", "message-encoding:" + encoding)
if 'context' in tst:
print_hexlabel("Ctrl", "context-string", tst["context"])
def parse_slh_dsa_sig_ver(groups):
for grp in groups:
name = grp['parameterSet'].replace('-', '_')
encoding = "1" if grp['preHash'] != 'none' else "0"
for tst in grp['tests']:
if tst['hashAlg'] != 'none':
continue
testname = name + "_" + str(tst['tcId'])
print("");
print_label("PublicKeyRaw", testname + ":" + grp['parameterSet'] + ":" + tst['pk'])
print("");
if "reason" in tst:
print("# " + tst['reason'])
print_label("FIPSversion", ">=3.5.0")
print_label("Verify-Message-Public", grp['parameterSet'] + ":" + testname)
print_label("Input", tst['message'])
print_label("Output", tst['signature'])
if 'additionalRandomness' in tst:
print_hexlabel("Ctrl", "test-entropy", tst['additionalRandomness']);
print_label("Ctrl", "message-encoding:" + encoding)
if 'context' in tst:
print_hexlabel("Ctrl", "context-string", tst["context"])
if not tst['testPassed']:
print_label("Result", "VERIFY_ERROR")
parser = argparse.ArgumentParser(description="")
parser.add_argument('filename', type=str)
args = parser.parse_args()
# Open and read the JSON file
with open(args.filename, 'r') as file:
data = json.load(file)
year = datetime.date.today().year
version = data['vsId']
algorithm = data['algorithm']
mode = data['mode']
print("# Copyright " + str(year) + " The OpenSSL Project Authors. All Rights Reserved.")
print("#")
print("# Licensed under the Apache License 2.0 (the \"License\"). You may not use")
print("# this file except in compliance with the License. You can obtain a copy")
print("# in the file LICENSE in the source distribution or at")
print("# https://www.openssl.org/source/license.html\n")
print("# ACVP test data for " + algorithm + " " + mode + " generated from")
print("# https://github.com/usnistgov/ACVP-Server/blob/master/gen-val/json-files/"
"SLH-DSA-" + mode + "-FIPS204/internalProjection.json")
print("# [version " + str(version) + "]")
if algorithm == "SLH-DSA":
if mode == 'sigVer':
parse_slh_dsa_sig_ver(data['testGroups'])
elif mode == 'sigGen':
parse_slh_dsa_sig_gen(data['testGroups'])
elif mode == 'keyGen':
parse_slh_dsa_key_gen(data['testGroups'])
else:
eprint("Unsupported mode " + mode)
else:
eprint("Unsupported algorithm " + algorithm)