20599e480f
Added a python script to convert the json files into evp_test data. Added a EVP_TEST_METHOD "KeyFromData" that can test failures when loading raw keys. (The existing "PrivateKeyRaw" and "PublicKeyRaw" were not fit for this purpose). Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26885)
144 lines
5.9 KiB
Python
Executable file
144 lines
5.9 KiB
Python
Executable file
#!/usr/bin/env python
|
|
# Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
# A python program written to parse (version 1) of the WYCHEPROOF test vectors for
|
|
# ML_DSA. The 6 files that can be processed by this utility can be downloaded
|
|
# from
|
|
# https://github.com/C2SP/wycheproof/blob/8e7fa6f87e6993d7b613cf48b46512a32df8084a/testvectors_v1/mldsa_*_standard_*_test.json")
|
|
# and output from this utility to
|
|
# test/recipes/30-test_evp_data/evppkey_ml_dsa_44_wycheproof_sign.txt
|
|
# test/recipes/30-test_evp_data/evppkey_ml_dsa_65_wycheproof_sign.txt
|
|
# test/recipes/30-test_evp_data/evppkey_ml_dsa_87_wycheproof_sign.txt
|
|
# test/recipes/30-test_evp_data/evppkey_ml_dsa_44_wycheproof_verify.txt
|
|
# test/recipes/30-test_evp_data/evppkey_ml_dsa_65_wycheproof_verify.txt
|
|
# test/recipes/30-test_evp_data/evppkey_ml_dsa_87_wycheproof_verify.txt
|
|
#
|
|
# e.g. python3 ./test/mldsa_wycheproof_parse.py -alg ML-DSA-44 ./wycheproof/testvectors_v1/mldsa_44_standard_sign_test.json > test/recipes/30-test_evp_data/evppkey_ml_dsa_44_wycheproof_sign.txt
|
|
|
|
import json
|
|
import argparse
|
|
import datetime
|
|
from _ast import Or
|
|
|
|
def print_label(label, value):
|
|
print(label + " = " + value)
|
|
|
|
def print_hexlabel(label, tag, value):
|
|
print(label + " = hex" + tag + ":" + value)
|
|
|
|
def parse_ml_dsa_sig_gen(alg, groups):
|
|
grpId = 1
|
|
for grp in groups:
|
|
keyOnly = False
|
|
first = True
|
|
name = alg.replace('-', '_')
|
|
keyname = name + "_" + str(grpId)
|
|
grpId += 1
|
|
|
|
for tst in grp['tests']:
|
|
if first:
|
|
first = False
|
|
if 'flags' in tst:
|
|
if 'IncorrectPrivateKeyLength' in tst['flags'] or 'InvalidPrivateKey' in tst['flags']:
|
|
keyOnly = True
|
|
if not keyOnly:
|
|
print("")
|
|
print_label("PrivateKeyRaw", keyname + ":" + alg + ":" + grp['privateKey'])
|
|
testname = name + "_" + str(tst['tcId'])
|
|
print("\n# " + str(tst['tcId']) + " " + tst['comment'])
|
|
|
|
print_label("FIPSversion", ">=3.5.0")
|
|
if keyOnly:
|
|
print_label("KeyFromData", alg)
|
|
print_hexlabel("Ctrl", "priv", grp['privateKey'])
|
|
print_label("Result", "KEY_FROMDATA_ERROR")
|
|
else:
|
|
print_label("Sign-Message", alg + ":" + keyname)
|
|
print_label("Input", tst['msg'])
|
|
print_label("Output", tst['sig'])
|
|
if 'ctx' in tst:
|
|
print_hexlabel("Ctrl", "context-string", tst['ctx'])
|
|
print_label("Ctrl", "message-encoding:1")
|
|
print_label("Ctrl", "deterministic:1")
|
|
if tst['result'] == "invalid":
|
|
print_label("Result", "PKEY_CTRL_ERROR")
|
|
|
|
def parse_ml_dsa_sig_ver(alg, groups):
|
|
grpId = 1
|
|
for grp in groups:
|
|
keyOnly = False
|
|
first = True
|
|
name = alg.replace('-', '_')
|
|
keyname = name + "_" + str(grpId)
|
|
grpId += 1
|
|
|
|
for tst in grp['tests']:
|
|
if first:
|
|
first = False
|
|
if 'flags' in tst:
|
|
if 'IncorrectPublicKeyLength' in tst['flags'] or 'InvalidPublicKey' in tst['flags']:
|
|
keyOnly = True
|
|
if not keyOnly:
|
|
print("")
|
|
print_label("PublicKeyRaw", keyname + ":" + alg + ":" + grp['publicKey'])
|
|
testname = name + "_" + str(tst['tcId'])
|
|
print("\n# " + str(tst['tcId']) + " " + tst['comment'])
|
|
|
|
print_label("FIPSversion", ">=3.5.0")
|
|
if keyOnly:
|
|
print_label("KeyFromData", alg)
|
|
print_hexlabel("Ctrl", "pub", grp['publicKey'])
|
|
print_label("Result", "KEY_FROMDATA_ERROR")
|
|
else:
|
|
print_label("Verify-Message-Public", alg + ":" + keyname)
|
|
print_label("Input", tst['msg'])
|
|
print_label("Output", tst['sig'])
|
|
if 'ctx' in tst:
|
|
print_hexlabel("Ctrl", "context-string", tst['ctx'])
|
|
print_label("Ctrl", "message-encoding:1")
|
|
print_label("Ctrl", "deterministic:1")
|
|
if tst['result'] == "invalid":
|
|
if 'InvalidContext' in tst['flags']:
|
|
print_label("Result", "PKEY_CTRL_ERROR")
|
|
else:
|
|
print_label("Result", "VERIFY_ERROR")
|
|
|
|
parser = argparse.ArgumentParser(description="")
|
|
parser.add_argument('filename', type=str)
|
|
parser.add_argument('-alg', type=str)
|
|
args = parser.parse_args()
|
|
|
|
# Open and read the JSON file
|
|
with open(args.filename, 'r') as file:
|
|
data = json.load(file)
|
|
|
|
year = datetime.date.today().year
|
|
version = data['generatorVersion']
|
|
algorithm = data['algorithm']
|
|
mode = data['testGroups'][0]['type']
|
|
|
|
print("# Copyright " + str(year) + " The OpenSSL Project Authors. All Rights Reserved.")
|
|
print("#")
|
|
print("# Licensed under the Apache License 2.0 (the \"License\"). You may not use")
|
|
print("# this file except in compliance with the License. You can obtain a copy")
|
|
print("# in the file LICENSE in the source distribution or at")
|
|
print("# https://www.openssl.org/source/license.html\n")
|
|
print("# Wycheproof test data for " + algorithm + " " + mode + " generated from")
|
|
print("# https://github.com/C2SP/wycheproof/blob/8e7fa6f87e6993d7b613cf48b46512a32df8084a/testvectors_v1/mldsa_*_standard_*_test.json")
|
|
|
|
print("# [version " + str(version) + "]")
|
|
|
|
if algorithm == "ML-DSA":
|
|
if mode == 'MlDsaSign':
|
|
parse_ml_dsa_sig_gen(args.alg, data['testGroups'])
|
|
elif mode == 'MlDsaVerify':
|
|
parse_ml_dsa_sig_ver(args.alg, data['testGroups'])
|
|
else:
|
|
print("Unsupported mode " + mode)
|
|
else:
|
|
print("Unsupported algorithm " + algorithm)
|