infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-04-04 20:18:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

8349017: Update ML tests to verify against ACVP 1.1.0.38 version

Browse Source 
Reviewed-by: weijun
Backport-of: 13d852a0b81a1fbf49e8b32ec8dc06e044263809
This commit is contained in:
Rajan Halade 2025-01-31 17:49:28 +00:00
parent 926455d6c5
commit 15f90f0c7b
8 changed files with 121 additions and 3173 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
test/jdk/sun/security/provider/acvp/Launcher.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2024, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -20,13 +20,19 @@
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import jdk.test.lib.artifacts.Artifact;
import jdk.test.lib.artifacts.ArtifactResolver;
import jdk.test.lib.artifacts.ArtifactResolverException;
import jdk.test.lib.json.JSONValue;
import jtreg.SkippedException;
import java.nio.file.Files;
import java.io.InputStream;
import java.nio.file.Path;
import java.security.Provider;
import java.security.Security;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
/*
* @test
@ -35,19 +41,17 @@ import java.security.Security;
* @modules java.base/sun.security.provider
*/
/// This test runs on `internalProjection.json`-style files generated
/// by NIST's ACVP Server. See [https://github.com/usnistgov/ACVP-Server].
/// This test runs on `internalProjection.json`-style files generated by NIST's
/// ACVP Server ([GitHub repository](https://github.com/usnistgov/ACVP-Server)).
/// These files are included in ZIP archives available under the
/// [tags section](https://github.com/usnistgov/ACVP-Server/tags)
/// of the repository.
///
/// The files are either put into the `data` directory or another
/// directory specified by the `test.acvp.data` test property.
/// The test walks through the directory recursively and looks for
/// file names equal to or ending with `internalProjection.json` and
/// runs tests on them.
/// The zip archive is either hosted on artifactory server or
/// specified with local path to the test.
/// The test looks for test data files in the archive listed with `TEST_FILES`.
///
/// Set the `test.acvp.alg` test property to only test the specified algorithm.
///
/// Sample files can be downloaded from
/// [https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files].
/// These tests are currently compatible with ACVP version 1.1.0.38.
///
/// By default, the test uses system-preferred implementations.
/// If you want to test a specific provider, set the
@ -58,19 +62,30 @@ import java.security.Security;
/// [https://github.com/usnistgov/ACVP?tab=readme-ov-file#supported-algorithms].
///
/// Example:
///
/// Run locally with ArtifactResolver
/// ```
/// jtreg -Dtest.acvp.provider=SunJCE \
/// -Dtest.acvp.alg=ML-KEM \
/// -Dtest.acvp.data=/path/to/json-files/ \
/// -jdk:/path/to/jdk Launcher.java
/// jtreg -Djdk.test.lib.artifacts.ACVP-Server=<path-to-archive-file>
/// ```
/// OR host the zip archive on artifactory server.
///
public class Launcher {
private static final String ONLY_ALG
= System.getProperty("test.acvp.alg");
private static final Provider PROVIDER;
private static final String ACVP_BUNDLE_LOC = "jpg.tests.jdk";
private static final String ACVP_BUNDLE_NAME = "ACVP-Server";
private static final String ACVP_BUNDLE_VERSION = "1.1.0.38";
// Zip archive entry name, do not update to use File.separator
private static final String[] TEST_FILES = {
"gen-val/json-files/ML-DSA-keyGen-FIPS204/internalProjection.json",
"gen-val/json-files/ML-DSA-sigGen-FIPS204/internalProjection.json",
"gen-val/json-files/ML-DSA-sigVer-FIPS204/internalProjection.json",
"gen-val/json-files/ML-KEM-encapDecap-FIPS203/internalProjection.json",
"gen-val/json-files/ML-KEM-keyGen-FIPS203/internalProjection.json"
};
private static int count = 0;
private static int invalidTest = 0;
private static int unsupportedTest = 0;
@ -91,24 +106,26 @@ public class Launcher {
public static void main(String[] args) throws Exception {
var testDataProp = System.getProperty("test.acvp.data");
Path dataPath = testDataProp != null
? Path.of(testDataProp)
: Path.of(System.getProperty("test.src"), "data");
System.out.println("Data path: " + dataPath);
Path archivePath = fetchACVPServerTests(ACVP_SERVER_TESTS.class);
System.out.println("Data path: " + archivePath);
if (PROVIDER != null) {
System.out.println("Provider: " + PROVIDER.getName());
}
if (ONLY_ALG != null) {
System.out.println("Algorithm: " + ONLY_ALG);
}
try (var stream = Files.walk(dataPath)) {
stream.filter(Files::isRegularFile)
.filter(p -> p.getFileName().toString()
.endsWith("internalProjection.json"))
.forEach(Launcher::run);
// Read test data files from zip archive
try (ZipFile zf = new ZipFile(archivePath.toFile())) {
for (String testFile : TEST_FILES) {
// Zip archive entry name, do not update to use File.separator
String fullEntryName = ACVP_BUNDLE_NAME + "-" + ACVP_BUNDLE_VERSION + "/" + testFile;
System.out.println("Find and test with: " + fullEntryName);
ZipEntry ze = zf.getEntry(fullEntryName);
if (ze != null) {
run(zf.getInputStream(ze));
} else {
throw new RuntimeException("Entry not found: " + fullEntryName);
}
}
}
if (count > 0) {
@ -117,25 +134,25 @@ public class Launcher {
System.out.println("Invalid tests: " + invalidTest);
System.out.println("Unsupported tests: " + unsupportedTest);
} else {
throw new SkippedException("No supported test found");
throw new RuntimeException("No supported test found");
}
if (invalidTest != 0 || unsupportedTest != 0){
throw new RuntimeException("Invalid or Unsupported tests found");
}
}
static void run(Path test) {
static void run(InputStream test) {
try {
JSONValue kat;
try {
kat = JSONValue.parse(Files.readString(test));
try (test) {
kat = JSONValue.parse(new String(test.readAllBytes()));
} catch (Exception e) {
System.out.println("Warning: cannot parse " + test + ". Skipped");
invalidTest++;
return;
}
var alg = kat.get("algorithm").asString();
if (ONLY_ALG != null && !alg.equals(ONLY_ALG)) {
return;
}
System.out.println(">>> Testing " + test + "...");
switch (alg) {
case "ML-DSA" -> {
ML_DSA_Test.run(kat, PROVIDER);
@ -160,4 +177,28 @@ public class Launcher {
throw new RuntimeException(e);
}
}
private static Path fetchACVPServerTests(Class<?> clazz) {
try {
return ArtifactResolver.resolve(clazz).entrySet().stream()
.findAny().get().getValue();
} catch (ArtifactResolverException e) {
Throwable cause = e.getCause();
if (cause == null) {
throw new SkippedException("Cannot resolve artifact, "
+ "please check if JIB jar is present in classpath.", e);
}
throw new SkippedException("Fetch artifact failed: " + clazz, e);
}
}
@Artifact(
organization = ACVP_BUNDLE_LOC,
name = ACVP_BUNDLE_NAME,
revision = ACVP_BUNDLE_VERSION,
extension = "zip",
unpack = false)
private static class ACVP_SERVER_TESTS {
}
}

51
test/jdk/sun/security/provider/acvp/ML_DSA_Test.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2024, 2025, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -36,10 +36,6 @@ public class ML_DSA_Test {
public static void run(JSONValue kat, Provider provider) throws Exception {
// We only have ML-DSA test for internal functions, which
// is equivalent to the FIP 204 draft.
ML_DSA_Impls.version = ML_DSA_Impls.Version.DRAFT;
var mode = kat.get("mode").asString();
switch (mode) {
case "keyGen" -> keyGenTest(kat, provider);
@ -50,7 +46,7 @@ public class ML_DSA_Test {
}
static NamedParameterSpec genParams(String pname) {
return switch (pname) {
return switch (pname) {
case "ML-DSA-44" -> NamedParameterSpec.ML_DSA_44;
case "ML-DSA-65" -> NamedParameterSpec.ML_DSA_65;
case "ML-DSA-87" -> NamedParameterSpec.ML_DSA_87;
@ -89,9 +85,23 @@ public class ML_DSA_Test {
: Signature.getInstance("ML-DSA", p);
for (var t : kat.get("testGroups").asArray()) {
var pname = t.get("parameterSet").asString();
var det = Boolean.parseBoolean(t.get("deterministic").asString());
System.out.println(">> " + pname + " sign");
var det = Boolean.parseBoolean(t.get("deterministic").asString());
if (t.get("signatureInterface").asString().equals("internal")) {
ML_DSA_Impls.version = ML_DSA_Impls.Version.DRAFT;
} else {
ML_DSA_Impls.version = ML_DSA_Impls.Version.FINAL;
}
if (t.get("externalMu").asString().equals("true")) {
continue; // Not supported
}
for (var c : t.get("tests").asArray()) {
var cstr = c.get("context");
var ctxt = cstr == null ? new byte[0] : toByteArray(cstr.asString());
var hashAlg = c.get("hashAlg").asString();
if (!hashAlg.equals("none") || ctxt.length != 0) {
continue; // Not supported
}
System.out.print(Integer.parseInt(c.get("tcId").asString()) + " ");
var sk = new PrivateKey() {
public String getAlgorithm() { return pname; }
@ -116,14 +126,31 @@ public class ML_DSA_Test {
: Signature.getInstance("ML-DSA", p);
for (var t : kat.get("testGroups").asArray()) {
var pname = t.get("parameterSet").asString();
var pk = new PublicKey() {
public String getAlgorithm() { return pname; }
public String getFormat() { return "RAW"; }
public byte[] getEncoded() { return toByteArray(t.get("pk").asString()); }
};
System.out.println(">> " + pname + " verify");
if (t.get("signatureInterface").asString().equals("internal")) {
ML_DSA_Impls.version = ML_DSA_Impls.Version.DRAFT;
} else {
ML_DSA_Impls.version = ML_DSA_Impls.Version.FINAL;
}
if (t.get("externalMu").asString().equals("true")) {
continue; // Not supported
}
for (var c : t.get("tests").asArray()) {
var cstr = c.get("context");
var ctxt = cstr == null ? new byte[0] : toByteArray(cstr.asString());
var hashAlg = c.get("hashAlg").asString();
if (!hashAlg.equals("none") || ctxt.length != 0) {
continue; // Not supported
}
System.out.print(c.get("tcId").asString() + " ");
var pk = new PublicKey() {
public String getAlgorithm() { return pname; }
public String getFormat() { return "RAW"; }
public byte[] getEncoded() { return toByteArray(c.get("pk").asString()); }
};
// Only ML-DSA sigVer has negative tests
var expected = Boolean.parseBoolean(c.get("testPassed").asString());
var actual = true;

555
test/jdk/sun/security/provider/acvp/data/ML-DSA-keyGen-FIPS204/internalProjection.json
View File

File diff suppressed because one or more lines are too long

507
test/jdk/sun/security/provider/acvp/data/ML-DSA-sigGen-FIPS204/internalProjection.json
View File

File diff suppressed because one or more lines are too long

396
test/jdk/sun/security/provider/acvp/data/ML-DSA-sigVer-FIPS204/internalProjection.json
View File

File diff suppressed because one or more lines are too long

1023
test/jdk/sun/security/provider/acvp/data/ML-KEM-encapDecap-FIPS203/internalProjection.json
View File

File diff suppressed because one or more lines are too long

630
test/jdk/sun/security/provider/acvp/data/ML-KEM-keyGen-FIPS203/internalProjection.json
View File

File diff suppressed because one or more lines are too long

9
test/jdk/sun/security/provider/acvp/data/acvp.md
View File

@ -1,9 +0,0 @@
# Automated Cryptographic Validation Test System Sample JSON files v1.1.0.36
## License
NIST-developed software is provided by NIST as a public service. You may use, copy, and distribute copies of the software in any medium, provided that you keep intact this entire notice. You may improve, modify, and create derivative works of the software or any portion of the software, and you may copy and distribute such modifications or works. Modified works should carry a notice stating that you changed the software and should note the date and nature of any such change. Please explicitly acknowledge the National Institute of Standards and Technology as the source of the software.
NIST-developed software is expressly provided "AS IS." NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED, IN FACT, OR ARISING BY OPERATION OF LAW, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND DATA ACCURACY. NIST NEITHER REPRESENTS NOR WARRANTS THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR-FREE, OR THAT ANY DEFECTS WILL BE CORRECTED. NIST DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF THE SOFTWARE OR THE RESULTS THEREOF, INCLUDING BUT NOT LIMITED TO THE CORRECTNESS, ACCURACY, RELIABILITY, OR USEFULNESS OF THE SOFTWARE.
You are solely responsible for determining the appropriateness of using and distributing the software and you assume all risks associated with its use, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and the unavailability or interruption of operation. This software is not intended to be used in any situation where a failure could cause risk of injury or damage to property. The software developed by NIST employees is not subject to copyright protection within the United States.