diff options
| author | tb <> | 2018-09-22 00:10:18 +0000 |
|---|---|---|
| committer | tb <> | 2018-09-22 00:10:18 +0000 |
| commit | 4941f886ff136d1a43b7f4fe0145c79ab2d6f4bc (patch) | |
| tree | ec5d92f0e264be7cbb42d506b850ab4407b8571e | |
| parent | 5cfc2bfe4187eb0aafadc7826e3b911184bfffae (diff) | |
| download | openbsd-4941f886ff136d1a43b7f4fe0145c79ab2d6f4bc.tar.gz openbsd-4941f886ff136d1a43b7f4fe0145c79ab2d6f4bc.tar.bz2 openbsd-4941f886ff136d1a43b7f4fe0145c79ab2d6f4bc.zip | |
Introduce a couple of convenience targets to help with auditing the
acceptable cases.
Diffstat (limited to '')
| -rw-r--r-- | src/regress/lib/libcrypto/wycheproof/Makefile | 11 | ||||
| -rw-r--r-- | src/regress/lib/libcrypto/wycheproof/wycheproof.go | 35 |
2 files changed, 41 insertions, 5 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/Makefile b/src/regress/lib/libcrypto/wycheproof/Makefile index e7338cb1f0..4359db438c 100644 --- a/src/regress/lib/libcrypto/wycheproof/Makefile +++ b/src/regress/lib/libcrypto/wycheproof/Makefile | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $OpenBSD: Makefile,v 1.1 2018/07/25 18:04:09 jsing Exp $ | 1 | # $OpenBSD: Makefile,v 1.2 2018/09/22 00:10:18 tb Exp $ |
| 2 | 2 | ||
| 3 | GO_VERSION != sh -c "(go version) 2>/dev/null || true" | 3 | GO_VERSION != sh -c "(go version) 2>/dev/null || true" |
| 4 | 4 | ||
| @@ -11,8 +11,15 @@ regress: | |||
| 11 | CLEANFILES+=wycheproof | 11 | CLEANFILES+=wycheproof |
| 12 | REGRESS_TARGETS=regress-wycheproof | 12 | REGRESS_TARGETS=regress-wycheproof |
| 13 | 13 | ||
| 14 | regress-wycheproof: | 14 | audit: wycheproof |
| 15 | ./wycheproof -v | ||
| 16 | |||
| 17 | wycheproof: wycheproof.go | ||
| 15 | go build -o wycheproof ${.CURDIR}/wycheproof.go | 18 | go build -o wycheproof ${.CURDIR}/wycheproof.go |
| 19 | |||
| 20 | regress-wycheproof: wycheproof | ||
| 16 | ./wycheproof | 21 | ./wycheproof |
| 17 | 22 | ||
| 23 | .PHONY: audit | ||
| 24 | |||
| 18 | .include <bsd.regress.mk> | 25 | .include <bsd.regress.mk> |
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 313965d260..adf147651d 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: wycheproof.go,v 1.58 2018/09/21 23:16:16 tb Exp $ */ | 1 | /* $OpenBSD: wycheproof.go,v 1.59 2018/09/22 00:10:18 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| @@ -46,6 +46,7 @@ import ( | |||
| 46 | "crypto/sha512" | 46 | "crypto/sha512" |
| 47 | "encoding/hex" | 47 | "encoding/hex" |
| 48 | "encoding/json" | 48 | "encoding/json" |
| 49 | "flag" | ||
| 49 | "fmt" | 50 | "fmt" |
| 50 | "hash" | 51 | "hash" |
| 51 | "io/ioutil" | 52 | "io/ioutil" |
| @@ -56,6 +57,7 @@ import ( | |||
| 56 | ) | 57 | ) |
| 57 | 58 | ||
| 58 | const testVectorPath = "/usr/local/share/wycheproof/testvectors" | 59 | const testVectorPath = "/usr/local/share/wycheproof/testvectors" |
| 60 | var acceptableAudit = false | ||
| 59 | 61 | ||
| 60 | type wycheproofTestGroupAesCbcPkcs5 struct { | 62 | type wycheproofTestGroupAesCbcPkcs5 struct { |
| 61 | IVSize int `json:"ivSize"` | 63 | IVSize int `json:"ivSize"` |
| @@ -369,6 +371,9 @@ func checkAesCbcPkcs5(ctx *C.EVP_CIPHER_CTX, doEncrypt int, key []byte, keyLen i | |||
| 369 | success := false | 371 | success := false |
| 370 | if bytes.Equal(openedMsg, out) || wt.Result == "invalid" { | 372 | if bytes.Equal(openedMsg, out) || wt.Result == "invalid" { |
| 371 | success = true | 373 | success = true |
| 374 | if acceptableAudit && wt.Result == "acceptable" { | ||
| 375 | fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) | ||
| 376 | } | ||
| 372 | } else { | 377 | } else { |
| 373 | fmt.Printf("FAIL: Test case %d (%q) [%v] %v - msg match: %t; want %v\n", wt.TCID, wt.Comment, wt.Flags, action, bytes.Equal(openedMsg, out), wt.Result) | 378 | fmt.Printf("FAIL: Test case %d (%q) [%v] %v - msg match: %t; want %v\n", wt.TCID, wt.Comment, wt.Flags, action, bytes.Equal(openedMsg, out), wt.Result) |
| 374 | } | 379 | } |
| @@ -578,6 +583,9 @@ func checkAesAead(algorithm string, ctx *C.EVP_CIPHER_CTX, doEncrypt int, key [] | |||
| 578 | fmt.Printf("FAIL: Test case %d (%q) [%v] %v - expected and computed tag do not match - ret: %d, Result: %v\n", wt.TCID, wt.Comment, wt.Flags, action, ret, wt.Result) | 583 | fmt.Printf("FAIL: Test case %d (%q) [%v] %v - expected and computed tag do not match - ret: %d, Result: %v\n", wt.TCID, wt.Comment, wt.Flags, action, ret, wt.Result) |
| 579 | success = false | 584 | success = false |
| 580 | } | 585 | } |
| 586 | if success && acceptableAudit && wt.Result == "acceptable" { | ||
| 587 | fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) | ||
| 588 | } | ||
| 581 | } | 589 | } |
| 582 | return success | 590 | return success |
| 583 | } | 591 | } |
| @@ -1131,7 +1139,13 @@ func runECDHTest(nid int, doECpoint bool, wt *wycheproofTestECDH) bool { | |||
| 1131 | C.free(unsafe.Pointer(Cpub)) | 1139 | C.free(unsafe.Pointer(Cpub)) |
| 1132 | 1140 | ||
| 1133 | if pubKey == nil { | 1141 | if pubKey == nil { |
| 1134 | if wt.Result == "invalid" || wt.Result == "acceptable" { | 1142 | if wt.Result == "invalid" { |
| 1143 | return true | ||
| 1144 | } | ||
| 1145 | if wt.Result == "acceptable" { | ||
| 1146 | if acceptableAudit { | ||
| 1147 | fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) | ||
| 1148 | } | ||
| 1135 | return true | 1149 | return true |
| 1136 | } | 1150 | } |
| 1137 | fmt.Printf("FAIL: Test case %d (%q) - ASN decoding failed: want %v\n", wt.TCID, wt.Comment, wt.Result) | 1151 | fmt.Printf("FAIL: Test case %d (%q) - ASN decoding failed: want %v\n", wt.TCID, wt.Comment, wt.Result) |
| @@ -1229,6 +1243,9 @@ func runECDSATest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA | |||
| 1229 | fmt.Printf("FAIL: Test case %d (%q) - ECDSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, int(ret), wt.Result) | 1243 | fmt.Printf("FAIL: Test case %d (%q) - ECDSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, int(ret), wt.Result) |
| 1230 | success = false | 1244 | success = false |
| 1231 | } | 1245 | } |
| 1246 | if success && acceptableAudit && wt.Result == "acceptable" { | ||
| 1247 | fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) | ||
| 1248 | } | ||
| 1232 | return success | 1249 | return success |
| 1233 | } | 1250 | } |
| 1234 | 1251 | ||
| @@ -1327,9 +1344,12 @@ func runRSASSATest(rsa *C.RSA, h hash.Hash, sha *C.EVP_MD, mgfSha *C.EVP_MD, sLe | |||
| 1327 | 1344 | ||
| 1328 | ret = C.RSA_verify_PKCS1_PSS_mgf1(rsa, (*C.uchar)(unsafe.Pointer(&msg[0])), sha, mgfSha, (*C.uchar)(unsafe.Pointer(&sigOut[0])), C.int(sLen)) | 1345 | ret = C.RSA_verify_PKCS1_PSS_mgf1(rsa, (*C.uchar)(unsafe.Pointer(&msg[0])), sha, mgfSha, (*C.uchar)(unsafe.Pointer(&sigOut[0])), C.int(sLen)) |
| 1329 | 1346 | ||
| 1330 | // XX: audit acceptable cases... | 1347 | // XXX: audit acceptable cases... |
| 1331 | success := false | 1348 | success := false |
| 1332 | if ret == 1 && (wt.Result == "valid" || wt.Result == "acceptable") { | 1349 | if ret == 1 && (wt.Result == "valid" || wt.Result == "acceptable") { |
| 1350 | if acceptableAudit && wt.Result == "acceptable" { | ||
| 1351 | fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) | ||
| 1352 | } | ||
| 1333 | success = true | 1353 | success = true |
| 1334 | } else if ret == 0 && (wt.Result == "invalid" || wt.Result == "acceptable") { | 1354 | } else if ret == 0 && (wt.Result == "invalid" || wt.Result == "acceptable") { |
| 1335 | success = true | 1355 | success = true |
| @@ -1415,6 +1435,9 @@ func runRSATest(rsa *C.RSA, nid int, h hash.Hash, wt *wycheproofTestRSA) bool { | |||
| 1415 | fmt.Printf("FAIL: Test case %d (%q) - RSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, int(ret), wt.Result) | 1435 | fmt.Printf("FAIL: Test case %d (%q) - RSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, int(ret), wt.Result) |
| 1416 | success = false | 1436 | success = false |
| 1417 | } | 1437 | } |
| 1438 | if success && acceptableAudit && wt.Result == "acceptable" { | ||
| 1439 | fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) | ||
| 1440 | } | ||
| 1418 | return success | 1441 | return success |
| 1419 | } | 1442 | } |
| 1420 | 1443 | ||
| @@ -1486,6 +1509,9 @@ func runX25519Test(wt *wycheproofTestX25519) bool { | |||
| 1486 | fmt.Printf("FAIL: Test case %d (%q) - X25519(), want %v\n", wt.TCID, wt.Comment, wt.Result) | 1509 | fmt.Printf("FAIL: Test case %d (%q) - X25519(), want %v\n", wt.TCID, wt.Comment, wt.Result) |
| 1487 | success = false | 1510 | success = false |
| 1488 | } | 1511 | } |
| 1512 | if success && acceptableAudit && wt.Result == "acceptable" { | ||
| 1513 | fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) | ||
| 1514 | } | ||
| 1489 | return success | 1515 | return success |
| 1490 | } | 1516 | } |
| 1491 | 1517 | ||
| @@ -1604,6 +1630,9 @@ func main() { | |||
| 1604 | os.Exit(0) | 1630 | os.Exit(0) |
| 1605 | } | 1631 | } |
| 1606 | 1632 | ||
| 1633 | flag.BoolVar(&acceptableAudit, "v", false, "audit acceptable cases") | ||
| 1634 | flag.Parse() | ||
| 1635 | |||
| 1607 | tests := []struct { | 1636 | tests := []struct { |
| 1608 | name string | 1637 | name string |
| 1609 | pattern string | 1638 | pattern string |