Run our DSA against wycheproof test vectors.

author: tb <> 2018-08-23 19:46:59 +0000
committer: tb <> 2018-08-23 19:46:59 +0000
commit: 989b6eb5582fc0c90a8895a39845fa0f37d77657 (patch)
tree: 39ffb843b1e47ef3f9592266236d60bbbdae8b0b
parent: 37c6f3566288574dd01341987798ab2cbef6d907 (diff)
download: openbsd-989b6eb5582fc0c90a8895a39845fa0f37d77657.tar.gz
openbsd-989b6eb5582fc0c90a8895a39845fa0f37d77657.tar.bz2
openbsd-989b6eb5582fc0c90a8895a39845fa0f37d77657.zip
1 files changed, 129 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index d30637612d..a9db5f530a 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.15 2018/08/21 16:34:40 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.16 2018/08/23 19:46:59 tb Exp $ */
 /*
 * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
 *
@@ -23,10 +23,12 @@ package main
 #include <openssl/bn.h>
 #include <openssl/curve25519.h>
+#include <openssl/dsa.h>
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
 #include <openssl/evp.h>
 #include <openssl/objects.h>
+#include <openssl/x509.h>
 #include <openssl/rsa.h>
 */
 import "C"
@@ -70,6 +72,33 @@ type wycheproofTestChaCha20Poly1305 struct {
        Flags   []string `json:"flags"`
 }
+type wycheproofDSAKey struct {
+        G       string `json:"g"`
+        KeySize int    `json:"keySize"`
+        P       string `json:"p"` 
+        Q       string `json:"q"`
+        Type    string `json:"type"`
+        Y       string `json:"y"` 
+}
+type wycheproofTestDSA struct {
+        TCID    int      `json:"tcId"`
+        Comment string   `json:"comment"`
+        Msg     string   `json:"msg"`
+        Sig     string   `json:"sig"`
+        Result  string   `json:"result"`
+        Flags   []string `json:"flags"`
+}
+type wycheproofTestGroupDSA struct {
+        Key    *wycheproofDSAKey    `json:"key"`
+        KeyDER string               `json:"keyDer"`
+        KeyPEM string               `json:"keyPem"`
+        SHA    string               `json:"sha"`
+        Type   string               `json:"type"`
+        Tests  []*wycheproofTestDSA `json:"tests"`
+}
 type wycheproofECDSAKey struct {
        Curve        string `json:"curve"`
        KeySize      int    `json:"keySize"`
@@ -339,6 +368,98 @@ func runChaCha20Poly1305TestGroup(wtg *wycheproofTestGroupChaCha20Poly1305) bool
        return success
 }
+func runDSATest(dsa *C.DSA, h hash.Hash, wt *wycheproofTestDSA) bool {
+        msg, err := hex.DecodeString(wt.Msg)
+        if err != nil {
+                log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
+        }
+        h.Reset()
+        h.Write(msg)
+        msg = h.Sum(nil)
+        sig, err := hex.DecodeString(wt.Sig)
+        if err != nil {
+                log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err)
+        }
+        msgLen, sigLen := len(msg), len(sig)
+        if msgLen == 0 {
+                msg = append(msg, 0)
+        }
+        if sigLen == 0 {
+                sig = append(msg, 0)
+        }
+        ret := C.DSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
+                (*C.uchar)(unsafe.Pointer(&sig[0])), C.int(sigLen), dsa)
+        success := true
+        if (ret == 1) != (wt.Result == "valid") {
+                fmt.Printf("FAIL: Test case %d (%q) - DSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result)
+                success = false
+        }
+        return success
+}
+func runDSATestGroup(wtg *wycheproofTestGroupDSA) bool {
+        fmt.Printf("Running DSA test group %v, key size %d and %v...\n", wtg.Type, wtg.Key.KeySize, wtg.SHA)
+        dsa := C.DSA_new()
+        if dsa == nil {
+                log.Fatal("DSA_new failed")
+        }
+        defer C.DSA_free(dsa)
+        var bnG *C.BIGNUM
+        wg := C.CString(wtg.Key.G)
+        if C.BN_hex2bn(&bnG, wg) == 0 {
+                log.Fatal("Failed to decode g")
+        }
+        var bnP *C.BIGNUM
+        wp := C.CString(wtg.Key.P)
+        if C.BN_hex2bn(&bnP, wp) == 0 {
+                log.Fatal("Failed to decode p")
+        }
+        var bnQ *C.BIGNUM
+        wq := C.CString(wtg.Key.Q)
+        if C.BN_hex2bn(&bnQ, wq) == 0 {
+                log.Fatal("Failed to decode q")
+        }
+        ret := C.DSA_set0_pqg(dsa, bnP, bnQ, bnG)
+        if ret != 1 {
+                log.Fatalf("DSA_set0_pqg returned %d", ret)
+        }
+        var bnY *C.BIGNUM
+        wy := C.CString(wtg.Key.Y)
+        if C.BN_hex2bn(&bnY, wy) == 0 {
+                log.Fatal("Failed to decode y")
+        }
+        ret = C.DSA_set0_key(dsa, bnY, nil)
+        if ret != 1 {
+                log.Fatalf("DSA_set0_key returned %d", ret)
+        }
+        h, err := hashFromString(wtg.SHA)
+        if err != nil {
+                log.Fatalf("Failed to get hash: %v", err)
+        }
+        /// XXX audit acceptable cases
+        success := true
+        for _, wt := range wtg.Tests {
+                if !runDSATest(dsa, h, wt) {
+                        success = false
+                }
+        }
+        return success
+}
 func runECDSATest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA) bool {
        msg, err := hex.DecodeString(wt.Msg)
        if err != nil {
@@ -562,6 +683,8 @@ func runTestVectors(path string) bool {
        switch wtv.Algorithm {
        case "CHACHA20-POLY1305":
                wtg = &wycheproofTestGroupChaCha20Poly1305{}
+        case "DSA":
+                wtg = &wycheproofTestGroupDSA{}
        case "ECDSA":
                wtg = &wycheproofTestGroupECDSA{}
        case "RSASig":
@@ -582,6 +705,10 @@ func runTestVectors(path string) bool {
                        if !runChaCha20Poly1305TestGroup(wtg.(*wycheproofTestGroupChaCha20Poly1305)) {
                                success = false
                        }
+                case "DSA":
+                        if !runDSATestGroup(wtg.(*wycheproofTestGroupDSA)) {
+                                success = false
+                        }
                case "ECDSA":
                        if !runECDSATestGroup(wtg.(*wycheproofTestGroupECDSA)) {
                                success = false
@@ -614,6 +741,7 @@ func main() {
                pattern string
        }{
                {"ChaCha20-Poly1305", "chacha20_poly1305_test.json"},
+                {"DSA", "dsa_test.json"},
                {"ECDSA", "ecdsa_[^w]*test.json"}, // Skip ecdsa_webcrypto_test.json for now.
                {"RSA signature", "rsa_signature_*test.json"},
                {"X25519", "x25519_*test.json"},
author	tb <>	2018-08-23 19:46:59 +0000
committer	tb <>	2018-08-23 19:46:59 +0000
commit	989b6eb5582fc0c90a8895a39845fa0f37d77657 (patch)
tree	39ffb843b1e47ef3f9592266236d60bbbdae8b0b
parent	37c6f3566288574dd01341987798ab2cbef6d907 (diff)
download	openbsd-989b6eb5582fc0c90a8895a39845fa0f37d77657.tar.gz openbsd-989b6eb5582fc0c90a8895a39845fa0f37d77657.tar.bz2 openbsd-989b6eb5582fc0c90a8895a39845fa0f37d77657.zip

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index d30637612d..a9db5f530a 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wycheproof.go,v 1.15 2018/08/21 16:34:40 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.16 2018/08/23 19:46:59 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -23,10 +23,12 @@ package main
23		23
24	#include <openssl/bn.h>	24	#include <openssl/bn.h>
25	#include <openssl/curve25519.h>	25	#include <openssl/curve25519.h>
		26	#include <openssl/dsa.h>
26	#include <openssl/ec.h>	27	#include <openssl/ec.h>
27	#include <openssl/ecdsa.h>	28	#include <openssl/ecdsa.h>
28	#include <openssl/evp.h>	29	#include <openssl/evp.h>
29	#include <openssl/objects.h>	30	#include <openssl/objects.h>
		31	#include <openssl/x509.h>
30	#include <openssl/rsa.h>	32	#include <openssl/rsa.h>
31	*/	33	*/
32	import "C"	34	import "C"
@@ -70,6 +72,33 @@ type wycheproofTestChaCha20Poly1305 struct {
70	Flags []string `json:"flags"`	72	Flags []string `json:"flags"`
71	}	73	}
72		74
		75	type wycheproofDSAKey struct {
		76	G string `json:"g"`
		77	KeySize int `json:"keySize"`
		78	P string `json:"p"`
		79	Q string `json:"q"`
		80	Type string `json:"type"`
		81	Y string `json:"y"`
		82	}
		83
		84	type wycheproofTestDSA struct {
		85	TCID int `json:"tcId"`
		86	Comment string `json:"comment"`
		87	Msg string `json:"msg"`
		88	Sig string `json:"sig"`
		89	Result string `json:"result"`
		90	Flags []string `json:"flags"`
		91	}
		92
		93	type wycheproofTestGroupDSA struct {
		94	Key *wycheproofDSAKey `json:"key"`
		95	KeyDER string `json:"keyDer"`
		96	KeyPEM string `json:"keyPem"`
		97	SHA string `json:"sha"`
		98	Type string `json:"type"`
		99	Tests []*wycheproofTestDSA `json:"tests"`
		100	}
		101
73	type wycheproofECDSAKey struct {	102	type wycheproofECDSAKey struct {
74	Curve string `json:"curve"`	103	Curve string `json:"curve"`
75	KeySize int `json:"keySize"`	104	KeySize int `json:"keySize"`
@@ -339,6 +368,98 @@ func runChaCha20Poly1305TestGroup(wtg *wycheproofTestGroupChaCha20Poly1305) bool
339	return success	368	return success
340	}	369	}
341		370
		371	func runDSATest(dsa C.DSA, h hash.Hash, wt wycheproofTestDSA) bool {
		372	msg, err := hex.DecodeString(wt.Msg)
		373	if err != nil {
		374	log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
		375	}
		376
		377	h.Reset()
		378	h.Write(msg)
		379	msg = h.Sum(nil)
		380
		381	sig, err := hex.DecodeString(wt.Sig)
		382	if err != nil {
		383	log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err)
		384	}
		385
		386	msgLen, sigLen := len(msg), len(sig)
		387	if msgLen == 0 {
		388	msg = append(msg, 0)
		389	}
		390	if sigLen == 0 {
		391	sig = append(msg, 0)
		392	}
		393
		394	ret := C.DSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
		395	(*C.uchar)(unsafe.Pointer(&sig[0])), C.int(sigLen), dsa)
		396
		397	success := true
		398	if (ret == 1) != (wt.Result == "valid") {
		399	fmt.Printf("FAIL: Test case %d (%q) - DSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result)
		400	success = false
		401	}
		402	return success
		403	}
		404
		405	func runDSATestGroup(wtg *wycheproofTestGroupDSA) bool {
		406	fmt.Printf("Running DSA test group %v, key size %d and %v...\n", wtg.Type, wtg.Key.KeySize, wtg.SHA)
		407
		408	dsa := C.DSA_new()
		409	if dsa == nil {
		410	log.Fatal("DSA_new failed")
		411	}
		412	defer C.DSA_free(dsa)
		413
		414	var bnG *C.BIGNUM
		415	wg := C.CString(wtg.Key.G)
		416	if C.BN_hex2bn(&bnG, wg) == 0 {
		417	log.Fatal("Failed to decode g")
		418	}
		419
		420	var bnP *C.BIGNUM
		421	wp := C.CString(wtg.Key.P)
		422	if C.BN_hex2bn(&bnP, wp) == 0 {
		423	log.Fatal("Failed to decode p")
		424	}
		425
		426	var bnQ *C.BIGNUM
		427	wq := C.CString(wtg.Key.Q)
		428	if C.BN_hex2bn(&bnQ, wq) == 0 {
		429	log.Fatal("Failed to decode q")
		430	}
		431
		432	ret := C.DSA_set0_pqg(dsa, bnP, bnQ, bnG)
		433	if ret != 1 {
		434	log.Fatalf("DSA_set0_pqg returned %d", ret)
		435	}
		436
		437	var bnY *C.BIGNUM
		438	wy := C.CString(wtg.Key.Y)
		439	if C.BN_hex2bn(&bnY, wy) == 0 {
		440	log.Fatal("Failed to decode y")
		441	}
		442
		443	ret = C.DSA_set0_key(dsa, bnY, nil)
		444	if ret != 1 {
		445	log.Fatalf("DSA_set0_key returned %d", ret)
		446	}
		447
		448	h, err := hashFromString(wtg.SHA)
		449	if err != nil {
		450	log.Fatalf("Failed to get hash: %v", err)
		451	}
		452
		453	/// XXX audit acceptable cases
		454	success := true
		455	for _, wt := range wtg.Tests {
		456	if !runDSATest(dsa, h, wt) {
		457	success = false
		458	}
		459	}
		460	return success
		461	}
		462
342	func runECDSATest(ecKey C.EC_KEY, nid int, h hash.Hash, wt wycheproofTestECDSA) bool {	463	func runECDSATest(ecKey C.EC_KEY, nid int, h hash.Hash, wt wycheproofTestECDSA) bool {
343	msg, err := hex.DecodeString(wt.Msg)	464	msg, err := hex.DecodeString(wt.Msg)
344	if err != nil {	465	if err != nil {
@@ -562,6 +683,8 @@ func runTestVectors(path string) bool {
562	switch wtv.Algorithm {	683	switch wtv.Algorithm {
563	case "CHACHA20-POLY1305":	684	case "CHACHA20-POLY1305":
564	wtg = &wycheproofTestGroupChaCha20Poly1305{}	685	wtg = &wycheproofTestGroupChaCha20Poly1305{}
		686	case "DSA":
		687	wtg = &wycheproofTestGroupDSA{}
565	case "ECDSA":	688	case "ECDSA":
566	wtg = &wycheproofTestGroupECDSA{}	689	wtg = &wycheproofTestGroupECDSA{}
567	case "RSASig":	690	case "RSASig":
@@ -582,6 +705,10 @@ func runTestVectors(path string) bool {
582	if !runChaCha20Poly1305TestGroup(wtg.(*wycheproofTestGroupChaCha20Poly1305)) {	705	if !runChaCha20Poly1305TestGroup(wtg.(*wycheproofTestGroupChaCha20Poly1305)) {
583	success = false	706	success = false
584	}	707	}
		708	case "DSA":
		709	if !runDSATestGroup(wtg.(*wycheproofTestGroupDSA)) {
		710	success = false
		711	}
585	case "ECDSA":	712	case "ECDSA":
586	if !runECDSATestGroup(wtg.(*wycheproofTestGroupECDSA)) {	713	if !runECDSATestGroup(wtg.(*wycheproofTestGroupECDSA)) {
587	success = false	714	success = false
@@ -614,6 +741,7 @@ func main() {
614	pattern string	741	pattern string
615	}{	742	}{
616	{"ChaCha20-Poly1305", "chacha20_poly1305_test.json"},	743	{"ChaCha20-Poly1305", "chacha20_poly1305_test.json"},
		744	{"DSA", "dsa_test.json"},
617	{"ECDSA", "ecdsa_[^w]*test.json"}, // Skip ecdsa_webcrypto_test.json for now.	745	{"ECDSA", "ecdsa_[^w]*test.json"}, // Skip ecdsa_webcrypto_test.json for now.
618	{"RSA signature", "rsa_signature_*test.json"},	746	{"RSA signature", "rsa_signature_*test.json"},
619	{"X25519", "x25519_*test.json"},	747	{"X25519", "x25519_*test.json"},