ACVP_RESULT acvp_kdf135_ssh_kat_handler(ACVP_CTX *ctx, JSON_Object *obj) { unsigned int tc_id; JSON_Value *groupval; JSON_Object *groupobj = NULL; JSON_Value *testval; JSON_Object *testobj = NULL; JSON_Array *groups; JSON_Array *tests; JSON_Value *reg_arry_val = NULL; JSON_Object *reg_obj = NULL; JSON_Array *reg_arry = NULL; int i, g_cnt; int j, t_cnt; JSON_Value *r_vs_val = NULL; JSON_Object *r_vs = NULL; JSON_Array *r_tarr = NULL, *r_garr = NULL; /* Response testarray, grouparray */ JSON_Value *r_tval = NULL, *r_gval = NULL; /* Response testval, groupval */ JSON_Object *r_tobj = NULL, *r_gobj = NULL; /* Response testobj, groupobj */ ACVP_CAPS_LIST *cap; ACVP_KDF135_SSH_TC stc; ACVP_TEST_CASE tc; ACVP_RESULT rv; ACVP_CIPHER alg_id; const char *alg_str = NULL; const char *mode_str = NULL; const char *cipher_str = NULL; const char *shared_secret_str = NULL; const char *session_id_str = NULL; const char *hash_str = NULL; char *json_result; if (!ctx) { ACVP_LOG_ERR("No ctx for handler operation"); return ACVP_NO_CTX; } if (!obj) { ACVP_LOG_ERR("No obj for handler operation"); return ACVP_MALFORMED_JSON; } alg_str = json_object_get_string(obj, "algorithm"); if (!alg_str) { ACVP_LOG_ERR("unable to parse 'algorithm' from JSON"); return ACVP_MALFORMED_JSON; } mode_str = json_object_get_string(obj, "mode"); if (!mode_str) { ACVP_LOG_ERR("unable to parse 'mode' from JSON"); return ACVP_MALFORMED_JSON; } alg_id = acvp_lookup_cipher_w_mode_index(alg_str, mode_str); if (alg_id != ACVP_KDF135_SSH) { ACVP_LOG_ERR("Server JSON invalid 'algorithm' or 'mode'"); return ACVP_INVALID_ARG; } /* * Get a reference to the abstracted test case */ tc.tc.kdf135_ssh = &stc; /* * Get the crypto module handler for this hash algorithm */ cap = acvp_locate_cap_entry(ctx, alg_id); if (!cap) { ACVP_LOG_ERR("ACVP server requesting unsupported capability %s : %d.", alg_str, alg_id); return ACVP_UNSUPPORTED_OP; } /* * Create ACVP array for response */ rv = acvp_create_array(®_obj, ®_arry_val, ®_arry); if (rv != ACVP_SUCCESS) { ACVP_LOG_ERR("Failed to create JSON response struct. "); return rv; } /* * Start to build the JSON response */ rv = acvp_setup_json_rsp_group(&ctx, ®_arry_val, &r_vs_val, &r_vs, alg_str, &r_garr); if (rv != ACVP_SUCCESS) { ACVP_LOG_ERR("Failed to setup json response"); return rv; } groups = json_object_get_array(obj, "testGroups"); if (!groups) { ACVP_LOG_ERR("Failed to include testGroups. "); rv = ACVP_MISSING_ARG; goto err; } g_cnt = json_array_get_count(groups); for (i = 0; i < g_cnt; i++) { int tgId = 0; int diff = 1; unsigned int e_key_len = 0, i_key_len = 0, hash_len = 0, iv_len = 0; ACVP_HASH_ALG sha_type = 0; const char *sha_str = NULL; groupval = json_array_get_value(groups, i); groupobj = json_value_get_object(groupval); /* * Create a new group in the response with the tgid * and an array of tests */ r_gval = json_value_init_object(); r_gobj = json_value_get_object(r_gval); tgId = json_object_get_number(groupobj, "tgId"); if (!tgId) { ACVP_LOG_ERR("Missing tgid from server JSON groub obj"); rv = ACVP_MALFORMED_JSON; goto err; } json_object_set_number(r_gobj, "tgId", tgId); json_object_set_value(r_gobj, "tests", json_value_init_array()); r_tarr = json_object_get_array(r_gobj, "tests"); // Get the expected (user will generate) key and iv lengths cipher_str = json_object_get_string(groupobj, "cipher"); if (!cipher_str) { ACVP_LOG_ERR("Failed to include cipher. "); rv = ACVP_MISSING_ARG; goto err; } sha_str = json_object_get_string(groupobj, "hashAlg"); if (!sha_str) { ACVP_LOG_ERR("Failed to include hashAlg. "); rv = ACVP_MISSING_ARG; goto err; } sha_type = acvp_lookup_hash_alg(sha_str); if (sha_type == ACVP_SHA1) { i_key_len = hash_len = ACVP_SHA1_BYTE_LEN; } else if (sha_type == ACVP_SHA224) { i_key_len = hash_len = ACVP_SHA224_BYTE_LEN; } else if (sha_type == ACVP_SHA256) { i_key_len = hash_len = ACVP_SHA256_BYTE_LEN; } else if (sha_type == ACVP_SHA384) { i_key_len = hash_len = ACVP_SHA384_BYTE_LEN; } else if (sha_type == ACVP_SHA512) { i_key_len = hash_len = ACVP_SHA512_BYTE_LEN; } else { ACVP_LOG_ERR("ACVP server requesting invalid hashAlg"); rv = ACVP_NO_CAP; goto err; } /* * Determine the encrypt key_len, inferred from cipher. */ strcmp_s(ACVP_MODE_TDES, 4, cipher_str, &diff); if (!diff) { e_key_len = ACVP_KEY_LEN_TDES; iv_len = ACVP_BLOCK_LEN_TDES; } strcmp_s(ACVP_MODE_AES_128, 7, cipher_str, &diff); if (!diff) { e_key_len = ACVP_KEY_LEN_AES128; iv_len = ACVP_BLOCK_LEN_AES128; } strcmp_s(ACVP_MODE_AES_192, 7, cipher_str, &diff); if (!diff) { e_key_len = ACVP_KEY_LEN_AES192; iv_len = ACVP_BLOCK_LEN_AES192; } strcmp_s(ACVP_MODE_AES_256, 7, cipher_str, &diff); if (!diff) { e_key_len = ACVP_KEY_LEN_AES256; iv_len = ACVP_BLOCK_LEN_AES256; } if (!e_key_len || !iv_len) { ACVP_LOG_ERR("Unsupported cipher type"); rv = ACVP_NO_CAP; goto err; } /* * Log Test Group information... */ ACVP_LOG_INFO(" Test group: %d", i); ACVP_LOG_INFO(" cipher: %s", cipher_str); ACVP_LOG_INFO(" hashAlg: %s", sha_str); tests = json_object_get_array(groupobj, "tests"); if (!tests) { ACVP_LOG_ERR("Failed to include tests. "); rv = ACVP_MISSING_ARG; goto err; } t_cnt = json_array_get_count(tests); if (!t_cnt) { ACVP_LOG_ERR("Failed to include tests in array. "); rv = ACVP_MISSING_ARG; goto err; } for (j = 0; j < t_cnt; j++) { ACVP_LOG_INFO("Found new KDF SSH test vector..."); testval = json_array_get_value(tests, j); testobj = json_value_get_object(testval); tc_id = (unsigned int)json_object_get_number(testobj, "tcId"); if (!tc_id) { ACVP_LOG_ERR("Failed to include tc_id. "); rv = ACVP_MISSING_ARG; goto err; } shared_secret_str = json_object_get_string(testobj, "k"); if (!shared_secret_str) { ACVP_LOG_ERR("Failed to include k. "); rv = ACVP_MISSING_ARG; goto err; } hash_str = json_object_get_string(testobj, "h"); if (!hash_str) { ACVP_LOG_ERR("Failed to include h. "); rv = ACVP_MISSING_ARG; goto err; } session_id_str = json_object_get_string(testobj, "sessionId"); if (!session_id_str) { ACVP_LOG_ERR("Failed to include sessionId. "); rv = ACVP_MISSING_ARG; goto err; } ACVP_LOG_INFO(" Test case: %d", j); ACVP_LOG_INFO(" tcId: %d", tc_id); ACVP_LOG_INFO(" k: %s", shared_secret_str); ACVP_LOG_INFO(" h: %s", hash_str); ACVP_LOG_INFO(" session_id: %s", session_id_str); /* * Create a new test case in the response */ r_tval = json_value_init_object(); r_tobj = json_value_get_object(r_tval); json_object_set_number(r_tobj, "tcId", tc_id); /* * Setup the test case data that will be passed down to * the crypto module. */ rv = acvp_kdf135_ssh_init_tc(ctx, &stc, tc_id, alg_id, sha_type, e_key_len, i_key_len, iv_len, hash_len, shared_secret_str, hash_str, session_id_str); if (rv != ACVP_SUCCESS) { acvp_kdf135_ssh_release_tc(&stc); json_value_free(r_tval); goto err; } /* Process the current test vector... */ if ((cap->crypto_handler)(&tc)) { ACVP_LOG_ERR("crypto module failed the KDF SSH operation"); acvp_kdf135_ssh_release_tc(&stc); rv = ACVP_CRYPTO_MODULE_FAIL; json_value_free(r_tval); goto err; } /* * Output the test case results using JSON */ rv = acvp_kdf135_ssh_output_tc(ctx, &stc, r_tobj); if (rv != ACVP_SUCCESS) { ACVP_LOG_ERR("JSON output failure in hash module"); acvp_kdf135_ssh_release_tc(&stc); json_value_free(r_tval); goto err; } /* * Release all the memory associated with the test case */ acvp_kdf135_ssh_release_tc(&stc); /* Append the test response value to array */ json_array_append_value(r_tarr, r_tval); } json_array_append_value(r_garr, r_gval); } json_array_append_value(reg_arry, r_vs_val); json_result = json_serialize_to_string_pretty(ctx->kat_resp, NULL); if (ctx->debug == ACVP_LOG_LVL_VERBOSE) { printf("\n\n%s\n\n", json_result); } else { ACVP_LOG_INFO("\n\n%s\n\n", json_result); } json_free_serialized_string(json_result); rv = ACVP_SUCCESS; err: if (rv != ACVP_SUCCESS) { acvp_release_json(r_vs_val, r_gval); } return rv; }
ACVP_RESULT acvp_kdf135_ikev1_kat_handler(ACVP_CTX *ctx, JSON_Object *obj) { unsigned int tc_id; JSON_Value *groupval; JSON_Object *groupobj = NULL; JSON_Value *testval; JSON_Object *testobj = NULL; JSON_Array *groups; JSON_Array *tests; JSON_Value *reg_arry_val = NULL; JSON_Object *reg_obj = NULL; JSON_Array *reg_arry = NULL; int i, g_cnt; int j, t_cnt; JSON_Value *r_vs_val = NULL; JSON_Object *r_vs = NULL; JSON_Array *r_tarr = NULL, *r_garr = NULL; /* Response testarray, grouparray */ JSON_Value *r_tval = NULL, *r_gval = NULL; /* Response testval, groupval */ JSON_Object *r_tobj = NULL, *r_gobj = NULL; /* Response testobj, groupobj */ ACVP_CAPS_LIST *cap; ACVP_KDF135_IKEV1_TC stc; ACVP_TEST_CASE tc; ACVP_RESULT rv; const char *alg_str = json_object_get_string(obj, "algorithm"); const char *mode_str = NULL; ACVP_CIPHER alg_id; char *json_result; ACVP_HASH_ALG hash_alg = 0; ACVP_KDF135_IKEV1_AUTH_METHOD auth_method = 0; const char *hash_alg_str = NULL, *auth_method_str = NULL; char *init_ckey = NULL, *resp_ckey = NULL, *gxy = NULL, *psk = NULL, *init_nonce = NULL, *resp_nonce = NULL; int init_nonce_len = 0, resp_nonce_len = 0, dh_secret_len = 0, psk_len = 0; if (!ctx) { ACVP_LOG_ERR("No ctx for handler operation"); return ACVP_NO_CTX; } if (!alg_str) { ACVP_LOG_ERR("unable to parse 'algorithm' from JSON."); return ACVP_MALFORMED_JSON; } mode_str = json_object_get_string(obj, "mode"); if (!mode_str) { ACVP_LOG_ERR("unable to parse 'mode' from JSON."); return ACVP_MALFORMED_JSON; } alg_id = acvp_lookup_cipher_w_mode_index(alg_str, mode_str); if (alg_id != ACVP_KDF135_IKEV1) { ACVP_LOG_ERR("Server JSON invalid 'algorithm' or 'mode'"); return ACVP_INVALID_ARG; } /* * Get a reference to the abstracted test case */ tc.tc.kdf135_ikev1 = &stc; stc.cipher = alg_id; cap = acvp_locate_cap_entry(ctx, alg_id); if (!cap) { ACVP_LOG_ERR("ACVP server requesting unsupported capability %s : %d.", alg_str, alg_id); return ACVP_UNSUPPORTED_OP; } /* * Create ACVP array for response */ rv = acvp_create_array(®_obj, ®_arry_val, ®_arry); if (rv != ACVP_SUCCESS) { ACVP_LOG_ERR("Failed to create JSON response struct. "); return rv; } /* * Start to build the JSON response */ rv = acvp_setup_json_rsp_group(&ctx, ®_arry_val, &r_vs_val, &r_vs, alg_str, &r_garr); if (rv != ACVP_SUCCESS) { ACVP_LOG_ERR("Failed to setup json response"); return rv; } groups = json_object_get_array(obj, "testGroups"); g_cnt = json_array_get_count(groups); for (i = 0; i < g_cnt; i++) { int tgId = 0; groupval = json_array_get_value(groups, i); groupobj = json_value_get_object(groupval); /* * Create a new group in the response with the tgid * and an array of tests */ r_gval = json_value_init_object(); r_gobj = json_value_get_object(r_gval); tgId = json_object_get_number(groupobj, "tgId"); if (!tgId) { ACVP_LOG_ERR("Missing tgid from server JSON groub obj"); rv = ACVP_MALFORMED_JSON; goto err; } json_object_set_number(r_gobj, "tgId", tgId); json_object_set_value(r_gobj, "tests", json_value_init_array()); r_tarr = json_object_get_array(r_gobj, "tests"); hash_alg_str = json_object_get_string(groupobj, "hashAlg"); if (!hash_alg_str) { ACVP_LOG_ERR("Failed to include hashAlg"); rv = ACVP_MISSING_ARG; goto err; } hash_alg = acvp_lookup_hash_alg(hash_alg_str); if (hash_alg != ACVP_SHA1 && hash_alg != ACVP_SHA224 && hash_alg != ACVP_SHA256 && hash_alg != ACVP_SHA384 && hash_alg != ACVP_SHA512) { ACVP_LOG_ERR("ACVP server requesting invalid hashAlg"); rv = ACVP_INVALID_ARG; goto err; } auth_method_str = json_object_get_string(groupobj, "authenticationMethod"); if (!auth_method_str) { ACVP_LOG_ERR("Failed to include authenticationMethod"); rv = ACVP_MISSING_ARG; goto err; } auth_method = read_auth_method(auth_method_str); if (!auth_method) { ACVP_LOG_ERR("ACVP server requesting invalid authenticationMethod"); rv = ACVP_INVALID_ARG; goto err; } init_nonce_len = json_object_get_number(groupobj, "nInitLength"); if (!(init_nonce_len >= ACVP_KDF135_IKEV1_INIT_NONCE_BIT_MIN && init_nonce_len <= ACVP_KDF135_IKEV1_INIT_NONCE_BIT_MAX)) { ACVP_LOG_ERR("nInitLength incorrect, %d", init_nonce_len); rv = ACVP_INVALID_ARG; goto err; } resp_nonce_len = json_object_get_number(groupobj, "nRespLength"); if (!(resp_nonce_len >= ACVP_KDF135_IKEV1_RESP_NONCE_BIT_MIN && resp_nonce_len <= ACVP_KDF135_IKEV1_RESP_NONCE_BIT_MAX)) { ACVP_LOG_ERR("nRespLength incorrect, %d", resp_nonce_len); rv = ACVP_INVALID_ARG; goto err; } dh_secret_len = json_object_get_number(groupobj, "dhLength"); if (!(dh_secret_len >= ACVP_KDF135_IKEV1_DH_SHARED_SECRET_BIT_MIN && dh_secret_len <= ACVP_KDF135_IKEV1_DH_SHARED_SECRET_BIT_MAX)) { ACVP_LOG_ERR("dhLength incorrect, %d", dh_secret_len); rv = ACVP_INVALID_ARG; goto err; } if (auth_method == ACVP_KDF135_IKEV1_AMETH_PSK) { /* Only for PSK authentication method */ psk_len = json_object_get_number(groupobj, "preSharedKeyLength"); if (!(psk_len >= ACVP_KDF135_IKEV1_PSK_BIT_MIN && psk_len <= ACVP_KDF135_IKEV1_PSK_BIT_MAX)) { ACVP_LOG_ERR("preSharedKeyLength incorrect, %d", psk_len); rv = ACVP_INVALID_ARG; goto err; } } ACVP_LOG_INFO("\n Test group: %d", i); ACVP_LOG_INFO(" hash alg: %s", hash_alg_str); ACVP_LOG_INFO(" auth method: %s", auth_method_str); ACVP_LOG_INFO(" init nonce len: %d", init_nonce_len); ACVP_LOG_INFO(" resp nonce len: %d", resp_nonce_len); ACVP_LOG_INFO(" dh secret len: %d", dh_secret_len); ACVP_LOG_INFO(" psk len: %d", psk_len); tests = json_object_get_array(groupobj, "tests"); t_cnt = json_array_get_count(tests); for (j = 0; j < t_cnt; j++) { ACVP_LOG_INFO("Found new KDF IKEv1 test vector..."); testval = json_array_get_value(tests, j); testobj = json_value_get_object(testval); tc_id = (unsigned int)json_object_get_number(testobj, "tcId"); init_nonce = (char *)json_object_get_string(testobj, "nInit"); if (!init_nonce) { ACVP_LOG_ERR("Failed to include nInit"); rv = ACVP_MISSING_ARG; goto err; } if (strnlen_s((char *)init_nonce, ACVP_KDF135_IKEV1_INIT_NONCE_STR_MAX + 1) != ((init_nonce_len + 7) / 8) * 2) { ACVP_LOG_ERR("nInit length(%d) incorrect, expected(%d)", strnlen_s((char *)init_nonce, ACVP_KDF135_IKEV1_INIT_NONCE_STR_MAX + 1), ((init_nonce_len + 7) / 8) * 2); rv = ACVP_INVALID_ARG; goto err; } resp_nonce = (char *)json_object_get_string(testobj, "nResp"); if (!resp_nonce) { ACVP_LOG_ERR("Failed to include nResp"); rv = ACVP_MISSING_ARG; goto err; } if (strnlen_s((char *)resp_nonce, ACVP_KDF135_IKEV1_RESP_NONCE_STR_MAX + 1) != ((resp_nonce_len + 7) / 8) * 2) { ACVP_LOG_ERR("nResp length(%d) incorrect, expected(%d)", strnlen_s((char *)resp_nonce, ACVP_KDF135_IKEV1_RESP_NONCE_STR_MAX + 1), ((resp_nonce_len + 7) / 8) * 2); rv = ACVP_INVALID_ARG; goto err; } init_ckey = (char *)json_object_get_string(testobj, "ckyInit"); if (!init_ckey) { ACVP_LOG_ERR("Failed to include ckyInit"); rv = ACVP_MISSING_ARG; goto err; } if (strnlen_s((char *)init_ckey, ACVP_KDF135_IKEV1_COOKIE_STR_MAX + 1) > ACVP_KDF135_IKEV1_COOKIE_STR_MAX) { ACVP_LOG_ERR("ckyInit too long, max allowed=(%d)", ACVP_KDF135_IKEV1_COOKIE_STR_MAX); rv = ACVP_INVALID_ARG; goto err; } resp_ckey = (char *)json_object_get_string(testobj, "ckyResp"); if (!resp_ckey) { ACVP_LOG_ERR("Failed to include ckyResp"); rv = ACVP_MISSING_ARG; goto err; } if (strnlen_s((char *)resp_ckey, ACVP_KDF135_IKEV1_COOKIE_STR_MAX + 1) > ACVP_KDF135_IKEV1_COOKIE_STR_MAX) { ACVP_LOG_ERR("ckyResp too long, max allowed=(%d)", ACVP_KDF135_IKEV1_COOKIE_STR_MAX); rv = ACVP_INVALID_ARG; goto err; } gxy = (char *)json_object_get_string(testobj, "gxy"); if (!gxy) { ACVP_LOG_ERR("Failed to include gxy"); rv = ACVP_MISSING_ARG; goto err; } if (strnlen_s((char *)gxy, ACVP_KDF135_IKEV1_DH_SHARED_SECRET_STR_MAX + 1) > ACVP_KDF135_IKEV1_DH_SHARED_SECRET_STR_MAX) { ACVP_LOG_ERR("gxy too long, max allowed=(%d)", ACVP_KDF135_IKEV1_DH_SHARED_SECRET_STR_MAX); rv = ACVP_INVALID_ARG; goto err; } if (auth_method == ACVP_KDF135_IKEV1_AMETH_PSK) { /* Only for PSK authentication method */ psk = (char *)json_object_get_string(testobj, "preSharedKey"); if (!psk) { ACVP_LOG_ERR("Failed to include preSharedKey"); rv = ACVP_MISSING_ARG; goto err; } if (strnlen_s((char *)psk, ACVP_KDF135_IKEV1_PSK_STR_MAX + 1) > ACVP_KDF135_IKEV1_PSK_STR_MAX) { ACVP_LOG_ERR("preSharedKey too long, max allowed=(%d)", ACVP_KDF135_IKEV1_PSK_STR_MAX); rv = ACVP_INVALID_ARG; goto err; } } ACVP_LOG_INFO(" Test case: %d", j); ACVP_LOG_INFO(" tcId: %d", tc_id); /* * Create a new test case in the response */ r_tval = json_value_init_object(); r_tobj = json_value_get_object(r_tval); json_object_set_number(r_tobj, "tcId", tc_id); /* * Setup the test case data that will be passed down to * the crypto module2 */ rv = acvp_kdf135_ikev1_init_tc(ctx, &stc, tc_id, hash_alg, auth_method, init_nonce_len, resp_nonce_len, dh_secret_len, psk_len, init_nonce, resp_nonce, init_ckey, resp_ckey, gxy, psk); if (rv != ACVP_SUCCESS) { acvp_kdf135_ikev1_release_tc(&stc); json_value_free(r_tval); goto err; } /* Process the current test vector... */ if ((cap->crypto_handler)(&tc)) { ACVP_LOG_ERR("crypto module failed the KDF IKEv1 operation"); acvp_kdf135_ikev1_release_tc(&stc); rv = ACVP_CRYPTO_MODULE_FAIL; json_value_free(r_tval); goto err; } /* * Output the test case results using JSON */ rv = acvp_kdf135_ikev1_output_tc(ctx, &stc, r_tobj); if (rv != ACVP_SUCCESS) { ACVP_LOG_ERR("JSON output failure in hash module"); acvp_kdf135_ikev1_release_tc(&stc); json_value_free(r_tval); goto err; } /* * Release all the memory associated with the test case */ acvp_kdf135_ikev1_release_tc(&stc); /* Append the test response value to array */ json_array_append_value(r_tarr, r_tval); } json_array_append_value(r_garr, r_gval); } json_array_append_value(reg_arry, r_vs_val); json_result = json_serialize_to_string_pretty(ctx->kat_resp, NULL); if (ctx->debug == ACVP_LOG_LVL_VERBOSE) { printf("\n\n%s\n\n", json_result); } else { ACVP_LOG_INFO("\n\n%s\n\n", json_result); } json_free_serialized_string(json_result); rv = ACVP_SUCCESS; err: if (rv != ACVP_SUCCESS) { acvp_release_json(r_vs_val, r_gval); } return rv; }