diff options
Diffstat (limited to 'regress')
| -rw-r--r-- | regress/lib/libcrypto/wycheproof/wycheproof.go | 148 |
1 files changed, 144 insertions, 4 deletions
diff --git a/regress/lib/libcrypto/wycheproof/wycheproof.go b/regress/lib/libcrypto/wycheproof/wycheproof.go index 16b38331ac0..bf9d09fb097 100644 --- a/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/regress/lib/libcrypto/wycheproof/wycheproof.go @@ -1,4 +1,4 @@ -/* $OpenBSD: wycheproof.go,v 1.84 2018/10/19 04:32:33 tb Exp $ */ +/* $OpenBSD: wycheproof.go,v 1.85 2018/10/19 06:12:35 tb Exp $ */ /* * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> @@ -24,6 +24,7 @@ package main #include <string.h> +#include <openssl/aes.h> #include <openssl/bio.h> #include <openssl/bn.h> #include <openssl/cmac.h> @@ -235,6 +236,22 @@ type wycheproofTestGroupECDSAWebCrypto struct { Tests []*wycheproofTestECDSA `json:"tests"` } +type wycheproofTestKW struct { + TCID int `json:"tcId"` + Comment string `json:"comment"` + Key string `json:"key"` + Msg string `json:"msg"` + CT string `json:"ct"` + Result string `json:"result"` + Flags []string `json:"flags"` +} + +type wycheproofTestGroupKW struct { + KeySize int `json:"keySize"` + Type string `json:"type"` + Tests []*wycheproofTestKW `json:"tests"` +} + type wycheproofTestRSA struct { TCID int `json:"tcId"` Comment string `json:"comment"` @@ -361,9 +378,8 @@ func printAcceptableStatistics() { sort.Strings(comments) for _, comment := range comments { prcomment := comment - if len(comment) > 42 { - prcomment = comment[0:42] - prcomment += "..." + if len(comment) > 45 { + prcomment = comment[0:42] + "..." } fmt.Printf("%-45v %5d\n", prcomment, acceptableComments[comment]) } @@ -1675,6 +1691,123 @@ func runECDSAWebCryptoTestGroup(algorithm string, wtg *wycheproofTestGroupECDSAW return success } +func runKWTestWrap(keySize int, key []byte, keyLen int, msg []byte, msgLen int, ct []byte, ctLen int, wt *wycheproofTestKW) bool { + var aesKey C.AES_KEY + + ret := C.AES_set_encrypt_key((*C.uchar)(unsafe.Pointer(&key[0])), (C.int)(keySize), (*C.AES_KEY)(unsafe.Pointer(&aesKey))) + if ret != 0 { + fmt.Printf("FAIL: Test case %d (%q) %v - AES_set_encrypt_key() = %d, want %v\n", + wt.TCID, wt.Comment, wt.Flags, int(ret), wt.Result) + return false + } + + outLen := msgLen + 8 + out := make([]byte, outLen) + // XXX remove workaround once fix to aes_wrap.c is committed + ret = -1 + if msgLen > 8 { + ret = C.AES_wrap_key((*C.AES_KEY)(unsafe.Pointer(&aesKey)), nil, (*C.uchar)(unsafe.Pointer(&out[0])), (*C.uchar)(unsafe.Pointer(&msg[0])), (C.uint)(msgLen)) + } + success := false + if ret == C.int(outLen) && bytes.Equal(out, ct) { + if acceptableAudit && wt.Result == "acceptable" { + gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags) + } + if wt.Result != "invalid" { + success = true + } + } else if wt.Result != "valid" { + success = true + } + if !success { + fmt.Printf("FAIL: Test case %d (%q) %v - msgLen = %d, AES_wrap_key() = %d, want %v\n", + wt.TCID, wt.Comment, wt.Flags, msgLen, int(ret), wt.Result) + } + return success +} + +func runKWTestUnWrap(keySize int, key []byte, keyLen int, msg []byte, msgLen int, ct []byte, ctLen int, wt *wycheproofTestKW) bool { + var aesKey C.AES_KEY + + ret := C.AES_set_decrypt_key((*C.uchar)(unsafe.Pointer(&key[0])), (C.int)(keySize), (*C.AES_KEY)(unsafe.Pointer(&aesKey))) + if ret != 0 { + fmt.Printf("FAIL: Test case %d (%q) %v - AES_set_encrypt_key() = %d, want %v\n", + wt.TCID, wt.Comment, wt.Flags, int(ret), wt.Result) + return false + } + + out := make([]byte, ctLen) + if ctLen == 0 { + out = append(out, 0) + } + // XXX remove workaround once fix to aes_wrap.c is committed + ret = -1 + if ctLen > 16 { + ret = C.AES_unwrap_key((*C.AES_KEY)(unsafe.Pointer(&aesKey)), nil, (*C.uchar)(unsafe.Pointer(&out[0])), (*C.uchar)(unsafe.Pointer(&ct[0])), (C.uint)(ctLen)) + } + success := false + if ret == C.int(ctLen - 8) && bytes.Equal(out[0:ret], msg[0:ret]) { + if acceptableAudit && wt.Result == "acceptable" { + gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags) + } + if wt.Result != "invalid" { + success = true + } + } else if wt.Result != "valid" { + success = true + } + if !success { + fmt.Printf("FAIL: Test case %d (%q) %v - keyLen = %d, AES_unwrap_key() = %d, want %v\n", + wt.TCID, wt.Comment, wt.Flags, keyLen, int(ret), wt.Result) + } + return success +} + +func runKWTest(keySize int, wt *wycheproofTestKW) bool { + key, err := hex.DecodeString(wt.Key) + if err != nil { + log.Fatalf("Failed to decode key %q: %v", wt.Key, err) + } + msg, err := hex.DecodeString(wt.Msg) + if err != nil { + log.Fatalf("Failed to decode msg %q: %v", wt.Msg, err) + } + ct, err := hex.DecodeString(wt.CT) + if err != nil { + log.Fatalf("Failed to decode ct %q: %v", wt.CT, err) + } + + keyLen, msgLen, ctLen := len(key), len(msg), len(ct) + + if keyLen == 0 { + key = append(key, 0) + } + if msgLen == 0 { + msg = append(msg, 0) + } + if ctLen == 0 { + ct = append(ct, 0) + } + + wrapSuccess := runKWTestWrap(keySize, key, keyLen, msg, msgLen, ct, ctLen, wt) + unwrapSuccess := runKWTestUnWrap(keySize, key, keyLen, msg, msgLen, ct, ctLen, wt) + + return wrapSuccess && unwrapSuccess +} + +func runKWTestGroup(algorithm string, wtg *wycheproofTestGroupKW) bool { + fmt.Printf("Running %v test group %v with key size %d...\n", + algorithm, wtg.Type, wtg.KeySize) + + success := true + for _, wt := range wtg.Tests { + if !runKWTest(wtg.KeySize, wt) { + success = false + } + } + return success +} + func runRSASSATest(rsa *C.RSA, h hash.Hash, sha *C.EVP_MD, mgfSha *C.EVP_MD, sLen int, wt *wycheproofTestRSASSA) bool { msg, err := hex.DecodeString(wt.Msg) if err != nil { @@ -1944,6 +2077,8 @@ func runTestVectors(path string, webcrypto bool) bool { } else { wtg = &wycheproofTestGroupECDSA{} } + case "KW": + wtg = &wycheproofTestGroupKW{} case "RSASSA-PSS": wtg = &wycheproofTestGroupRSASSA{} case "RSASig": @@ -2004,6 +2139,10 @@ func runTestVectors(path string, webcrypto bool) bool { success = false } } + case "KW": + if !runKWTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupKW)) { + success = false + } case "RSASSA-PSS": if !runRSASSATestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRSASSA)) { success = false @@ -2047,6 +2186,7 @@ func main() { {"ECDHWebCrypto", "ecdh_w*_test.json"}, {"ECDSA", "ecdsa_[^w]*test.json"}, {"ECDSAWebCrypto", "ecdsa_w*_test.json"}, + {"KW", "kw_test.json"}, {"RSA", "rsa_*test.json"}, {"X25519", "x25519_*test.json"}, } |