diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2018-10-06 05:02:22 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2018-10-06 05:02:22 +0000 |
| commit | 9e365f84a26efda4fec07cca65bcdb44f0507e3b (patch) | |
| tree | d4cada97c6bfe6de4de18862d567028897f6824f /regress/lib/libcrypto | |
| parent | dcf8e78cee320eee98dca6ea08213bef90f218ac (diff) | |
factor ECDSA signature extraction into its own function
Diffstat (limited to 'regress/lib/libcrypto')
| -rw-r--r-- | regress/lib/libcrypto/wycheproof/wycheproof.go | 59 |
1 files changed, 35 insertions, 24 deletions
diff --git a/regress/lib/libcrypto/wycheproof/wycheproof.go b/regress/lib/libcrypto/wycheproof/wycheproof.go index 1a5aac87f14..c7ea7689395 100644 --- a/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/regress/lib/libcrypto/wycheproof/wycheproof.go @@ -1,4 +1,4 @@ -/* $OpenBSD: wycheproof.go,v 1.71 2018/10/06 04:35:54 tb Exp $ */ +/* $OpenBSD: wycheproof.go,v 1.72 2018/10/06 05:02:21 tb Exp $ */ /* * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> @@ -1357,31 +1357,17 @@ func runECDSATestGroup(algorithm string, wtg *wycheproofTestGroupECDSA) bool { return success } -func runECDSAWebCryptoTest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA) bool { - msg, err := hex.DecodeString(wt.Msg) - if err != nil { - log.Fatalf("Failed to decode message %q: %v", wt.Msg, err) - } - - h.Reset() - h.Write(msg) - msg = h.Sum(nil) - - msgLen := len(msg) - if msgLen == 0 { - msg = append(msg, 0) - } - - // DER encode the signature (so that ECDSA_verify() can decode and encode it again...) +// DER encode the signature (so that ECDSA_verify() can decode and encode it again...) +func encodeECDSAWebCryptoSig(wtSig string) (*C.uchar, C.int) { cSig := C.ECDSA_SIG_new() if cSig == nil { log.Fatal("ECDSA_SIG_new() failed") } defer C.ECDSA_SIG_free(cSig) - sigLen := len(wt.Sig) - r := C.CString(wt.Sig[:sigLen/2]) - s := C.CString(wt.Sig[sigLen/2:]) + sigLen := len(wtSig) + r := C.CString(wtSig[:sigLen/2]) + s := C.CString(wtSig[sigLen/2:]) if C.BN_hex2bn(&cSig.r, r) == 0 { log.Fatal("Failed to set ECDSA r") } @@ -1393,21 +1379,46 @@ func runECDSAWebCryptoTest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproof derLen := C.i2d_ECDSA_SIG(cSig, nil) if derLen == 0 { - log.Fatal("i2d_ECDSA_SIG(cSig, nil) failed") + return nil, 0 } cDer := (*C.uchar)(C.malloc(C.ulong(derLen))) if cDer == nil { log.Fatal("malloc failed") } - defer C.free(unsafe.Pointer(cDer)) p := cDer ret := C.i2d_ECDSA_SIG(cSig, (**C.uchar)(&p)) if ret == 0 || ret != derLen { - log.Fatalf("i2d_ECDSA_SIG(cSig, nil) failed, got %d, want %d", ret, derLen) + C.free(unsafe.Pointer(cDer)) + return nil, 0 } - ret = C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen), + return cDer, derLen +} + +func runECDSAWebCryptoTest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA) bool { + msg, err := hex.DecodeString(wt.Msg) + if err != nil { + log.Fatalf("Failed to decode message %q: %v", wt.Msg, err) + } + + h.Reset() + h.Write(msg) + msg = h.Sum(nil) + + msgLen := len(msg) + if msgLen == 0 { + msg = append(msg, 0) + } + + cDer, derLen := encodeECDSAWebCryptoSig(wt.Sig) + if cDer == nil { + fmt.Print("FAIL: unable to decode signature") + return false + } + defer C.free(unsafe.Pointer(cDer)) + + ret := C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen), (*C.uchar)(unsafe.Pointer(cDer)), C.int(derLen), ecKey) // XXX audit acceptable cases... |