diff options
| author | tb <> | 2025-09-05 14:06:15 +0000 |
|---|---|---|
| committer | tb <> | 2025-09-05 14:06:15 +0000 |
| commit | 202355c2e341cf7389d3a0c48b1a96799216d222 (patch) | |
| tree | 4743365df9f47e85a7b15f339f8c345f2a2ca678 | |
| parent | a52f774428b343a9da61050f2a817d96cb494261 (diff) | |
| download | openbsd-202355c2e341cf7389d3a0c48b1a96799216d222.tar.gz openbsd-202355c2e341cf7389d3a0c48b1a96799216d222.tar.bz2 openbsd-202355c2e341cf7389d3a0c48b1a96799216d222.zip | |
wycheproof: add support for EcCurve tests
This checks for a collection of prime order groups (secp, Brainpool, FRP)
the curve parameters are corrct. The collection is a superset of our
built-in curves, so we get one more validation for exxentially free.
| -rw-r--r-- | src/regress/lib/libcrypto/wycheproof/wycheproof.go | 104 |
1 files changed, 103 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 5a0c0d68ef..bf9901cf2f 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: wycheproof.go,v 1.177 2025/09/05 14:01:56 tb Exp $ */ | 1 | /* $OpenBSD: wycheproof.go,v 1.178 2025/09/05 14:06:15 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2018,2019,2022-2024 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018,2019,2022-2024 Theo Buehler <tb@openbsd.org> |
| @@ -382,6 +382,32 @@ type wycheproofTestGroupECDSAWebCrypto struct { | |||
| 382 | Tests []*wycheproofTestECDSA `json:"tests"` | 382 | Tests []*wycheproofTestECDSA `json:"tests"` |
| 383 | } | 383 | } |
| 384 | 384 | ||
| 385 | type wycheproofTestEcCurve struct { | ||
| 386 | TCID int `json:"tcId"` | ||
| 387 | Comment string `json:"comment"` | ||
| 388 | Flags []string `json:"flags"` | ||
| 389 | Name string `json:"name"` | ||
| 390 | OID string `json:"oid"` | ||
| 391 | Ref string `json:"ref"` | ||
| 392 | P *BigInt `json:"p"` | ||
| 393 | N *BigInt `json:"n"` | ||
| 394 | A *BigInt `json:"a"` | ||
| 395 | B *BigInt `json:"b"` | ||
| 396 | Gx *BigInt `json:"gx"` | ||
| 397 | Gy *BigInt `json:"gy"` | ||
| 398 | H int `json:"h"` | ||
| 399 | Result string `json:"result"` | ||
| 400 | } | ||
| 401 | |||
| 402 | func (wt *wycheproofTestEcCurve) String() string { | ||
| 403 | return wycheproofFormatTestCase(wt.TCID, wt.Comment, wt.Flags, wt.Result) | ||
| 404 | } | ||
| 405 | |||
| 406 | type wycheproofTestGroupEcCurve struct { | ||
| 407 | Type string `json:"type"` | ||
| 408 | Tests []*wycheproofTestEcCurve `json:"tests"` | ||
| 409 | } | ||
| 410 | |||
| 385 | type wycheproofJWKEdDSA struct { | 411 | type wycheproofJWKEdDSA struct { |
| 386 | Crv string `json:"crv"` | 412 | Crv string `json:"crv"` |
| 387 | D string `json:"d"` | 413 | D string `json:"d"` |
| @@ -2030,6 +2056,79 @@ func (wtg *wycheproofTestGroupECDSAWebCrypto) run(algorithm string, variant test | |||
| 2030 | return success | 2056 | return success |
| 2031 | } | 2057 | } |
| 2032 | 2058 | ||
| 2059 | func runEcCurveTest(wt *wycheproofTestEcCurve) bool { | ||
| 2060 | oid := C.CString(wt.OID) | ||
| 2061 | defer C.free(unsafe.Pointer(oid)) | ||
| 2062 | |||
| 2063 | nid := C.OBJ_txt2nid(oid) | ||
| 2064 | if nid == C.NID_undef { | ||
| 2065 | fmt.Printf("INFO: %s: %s: unknown OID %s\n", wt, wt.Name, wt.OID) | ||
| 2066 | return false | ||
| 2067 | } | ||
| 2068 | |||
| 2069 | builtinGroup := C.EC_GROUP_new_by_curve_name(nid) | ||
| 2070 | defer C.EC_GROUP_free(builtinGroup) | ||
| 2071 | |||
| 2072 | if builtinGroup == nil { | ||
| 2073 | fmt.Printf("INFO: %s: %s: no builtin curve for OID %s\n", wt, wt.Name, wt.OID) | ||
| 2074 | return true | ||
| 2075 | } | ||
| 2076 | |||
| 2077 | p := mustConvertBigIntToBigNum(wt.P) | ||
| 2078 | defer C.BN_free(p) | ||
| 2079 | a := mustConvertBigIntToBigNum(wt.A) | ||
| 2080 | defer C.BN_free(a) | ||
| 2081 | b := mustConvertBigIntToBigNum(wt.B) | ||
| 2082 | defer C.BN_free(b) | ||
| 2083 | n := mustConvertBigIntToBigNum(wt.N) | ||
| 2084 | defer C.BN_free(n) | ||
| 2085 | x := mustConvertBigIntToBigNum(wt.Gx) | ||
| 2086 | defer C.BN_free(x) | ||
| 2087 | y := mustConvertBigIntToBigNum(wt.Gy) | ||
| 2088 | defer C.BN_free(y) | ||
| 2089 | |||
| 2090 | group := C.EC_GROUP_new_curve_GFp(p, a, b, (*C.BN_CTX)(nil)) | ||
| 2091 | defer C.EC_GROUP_free(group) | ||
| 2092 | |||
| 2093 | if group == nil { | ||
| 2094 | log.Fatalf("EC_GROUP_new_curve_GFp failed") | ||
| 2095 | } | ||
| 2096 | |||
| 2097 | point := C.EC_POINT_new(group) | ||
| 2098 | defer C.EC_POINT_free(point) | ||
| 2099 | |||
| 2100 | if point == nil { | ||
| 2101 | log.Fatalf("EC_POINT_new failed") | ||
| 2102 | } | ||
| 2103 | |||
| 2104 | if C.EC_POINT_set_affine_coordinates(group, point, x, y, (*C.BN_CTX)(nil)) == 0 { | ||
| 2105 | log.Fatalf("EC_POINT_set_affine_coordinates failed") | ||
| 2106 | } | ||
| 2107 | |||
| 2108 | if C.EC_GROUP_set_generator(group, point, n, (*C.BIGNUM)(nil)) == 0 { | ||
| 2109 | log.Fatalf("EC_POINT_set_generator failed") | ||
| 2110 | } | ||
| 2111 | |||
| 2112 | success := true | ||
| 2113 | if C.EC_GROUP_cmp(group, builtinGroup, (*C.BN_CTX)(nil)) != 0 { | ||
| 2114 | fmt.Printf("FAIL: %s %s builtin curve has wrong parameters\n", wt, wt.Name) | ||
| 2115 | success = false | ||
| 2116 | } | ||
| 2117 | return success | ||
| 2118 | } | ||
| 2119 | |||
| 2120 | func (wtg *wycheproofTestGroupEcCurve) run(algorithm string, variant testVariant) bool { | ||
| 2121 | fmt.Printf("Running %v test group %v...\n", algorithm, wtg.Type) | ||
| 2122 | |||
| 2123 | success := true | ||
| 2124 | for _, wt := range wtg.Tests { | ||
| 2125 | if !runEcCurveTest(wt) { | ||
| 2126 | success = false | ||
| 2127 | } | ||
| 2128 | } | ||
| 2129 | return success | ||
| 2130 | } | ||
| 2131 | |||
| 2033 | func runEdDSATest(pkey *C.EVP_PKEY, wt *wycheproofTestEdDSA) bool { | 2132 | func runEdDSATest(pkey *C.EVP_PKEY, wt *wycheproofTestEdDSA) bool { |
| 2034 | mdctx := C.EVP_MD_CTX_new() | 2133 | mdctx := C.EVP_MD_CTX_new() |
| 2035 | if mdctx == nil { | 2134 | if mdctx == nil { |
| @@ -2717,6 +2816,8 @@ func testGroupFromAlgorithm(algorithm string, variant testVariant) wycheproofTes | |||
| 2717 | return &wycheproofTestGroupChaCha{} | 2816 | return &wycheproofTestGroupChaCha{} |
| 2718 | case "DSA": | 2817 | case "DSA": |
| 2719 | return &wycheproofTestGroupDSA{} | 2818 | return &wycheproofTestGroupDSA{} |
| 2819 | case "EcCurveTest": | ||
| 2820 | return &wycheproofTestGroupEcCurve{} | ||
| 2720 | case "ECDH": | 2821 | case "ECDH": |
| 2721 | return &wycheproofTestGroupECDH{} | 2822 | return &wycheproofTestGroupECDH{} |
| 2722 | case "ECDSA": | 2823 | case "ECDSA": |
| @@ -2846,6 +2947,7 @@ func main() { | |||
| 2846 | {v1, "ChaCha20-Poly1305", "chacha20_poly1305_test.json", Normal}, | 2947 | {v1, "ChaCha20-Poly1305", "chacha20_poly1305_test.json", Normal}, |
| 2847 | {v1, "DSA", "dsa_*test.json", Normal}, | 2948 | {v1, "DSA", "dsa_*test.json", Normal}, |
| 2848 | {v1, "DSA", "dsa_*_p1363_test.json", P1363}, | 2949 | {v1, "DSA", "dsa_*_p1363_test.json", P1363}, |
| 2950 | {v1, "EcCurveTest", "ec_prime_order_curves_test.json", Normal}, | ||
| 2849 | {v1, "ECDH", "ecdh_[^w_]*_test.json", Normal}, | 2951 | {v1, "ECDH", "ecdh_[^w_]*_test.json", Normal}, |
| 2850 | {v1, "ECDH EcPoint", "ecdh_*_ecpoint_test.json", EcPoint}, | 2952 | {v1, "ECDH EcPoint", "ecdh_*_ecpoint_test.json", EcPoint}, |
| 2851 | {v1, "ECDH webcrypto", "ecdh_*_webcrypto_test.json", Webcrypto}, | 2953 | {v1, "ECDH webcrypto", "ecdh_*_webcrypto_test.json", Webcrypto}, |