diff options
| author | tb <> | 2019-11-27 19:32:07 +0000 |
|---|---|---|
| committer | tb <> | 2019-11-27 19:32:07 +0000 |
| commit | c49e134a1cd492fd0aa9f867b5c402c88a0bc531 (patch) | |
| tree | 6d0b4c5ab564df507e9d56454f00d2e7bf2c1a28 | |
| parent | 129a3f1f94f711e71e6aeb818a884581ae73c71c (diff) | |
| download | openbsd-c49e134a1cd492fd0aa9f867b5c402c88a0bc531.tar.gz openbsd-c49e134a1cd492fd0aa9f867b5c402c88a0bc531.tar.bz2 openbsd-c49e134a1cd492fd0aa9f867b5c402c88a0bc531.zip | |
Run RSAES-PKCS1-v1_5 test vectors against libcrypto.
| -rw-r--r-- | src/regress/lib/libcrypto/wycheproof/wycheproof.go | 113 |
1 files changed, 104 insertions, 9 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 2c83f6b82c..b008ab58e7 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: wycheproof.go,v 1.93 2019/11/27 18:05:57 tb Exp $ */ | 1 | /* $OpenBSD: wycheproof.go,v 1.94 2019/11/27 19:32:07 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org> |
| @@ -289,7 +289,7 @@ type wycheproofPrivateKeyJwk struct { | |||
| 289 | QI string `json:"qi"` | 289 | QI string `json:"qi"` |
| 290 | } | 290 | } |
| 291 | 291 | ||
| 292 | type wycheproofTestRSAOAEP struct { | 292 | type wycheproofTestRsaes struct { |
| 293 | TCID int `json:"tcId"` | 293 | TCID int `json:"tcId"` |
| 294 | Comment string `json:"comment"` | 294 | Comment string `json:"comment"` |
| 295 | Msg string `json:"msg"` | 295 | Msg string `json:"msg"` |
| @@ -299,7 +299,7 @@ type wycheproofTestRSAOAEP struct { | |||
| 299 | Flags []string `json:"flags"` | 299 | Flags []string `json:"flags"` |
| 300 | } | 300 | } |
| 301 | 301 | ||
| 302 | type wycheproofTestGroupRSAESOAEP struct { | 302 | type wycheproofTestGroupRsaesOaep struct { |
| 303 | D string `json:"d"` | 303 | D string `json:"d"` |
| 304 | E string `json:"e"` | 304 | E string `json:"e"` |
| 305 | KeySize int `json:"keysize"` | 305 | KeySize int `json:"keysize"` |
| @@ -311,7 +311,19 @@ type wycheproofTestGroupRSAESOAEP struct { | |||
| 311 | PrivateKeyPkcs8 string `json:"privateKeyPkcs8"` | 311 | PrivateKeyPkcs8 string `json:"privateKeyPkcs8"` |
| 312 | SHA string `json:"sha"` | 312 | SHA string `json:"sha"` |
| 313 | Type string `json:"type"` | 313 | Type string `json:"type"` |
| 314 | Tests []*wycheproofTestRSAOAEP `json:"tests"` | 314 | Tests []*wycheproofTestRsaes `json:"tests"` |
| 315 | } | ||
| 316 | |||
| 317 | type wycheproofTestGroupRsaesPkcs1 struct { | ||
| 318 | D string `json:"d"` | ||
| 319 | E string `json:"e"` | ||
| 320 | KeySize int `json:"keysize"` | ||
| 321 | N string `json:"n"` | ||
| 322 | PrivateKeyJwk *wycheproofPrivateKeyJwk `json:"privateKeyJwk"` | ||
| 323 | PrivateKeyPem string `json:"privateKeyPem"` | ||
| 324 | PrivateKeyPkcs8 string `json:"privateKeyPkcs8"` | ||
| 325 | Type string `json:"type"` | ||
| 326 | Tests []*wycheproofTestRsaes `json:"tests"` | ||
| 315 | } | 327 | } |
| 316 | 328 | ||
| 317 | type wycheproofTestRSASSA struct { | 329 | type wycheproofTestRSASSA struct { |
| @@ -1843,7 +1855,7 @@ func runKWTestGroup(algorithm string, wtg *wycheproofTestGroupKW) bool { | |||
| 1843 | return success | 1855 | return success |
| 1844 | } | 1856 | } |
| 1845 | 1857 | ||
| 1846 | func runRSAOAEPTest(rsa *C.RSA, sha *C.EVP_MD, mgfSha *C.EVP_MD, wt *wycheproofTestRSAOAEP) bool { | 1858 | func runRsaesOaepTest(rsa *C.RSA, sha *C.EVP_MD, mgfSha *C.EVP_MD, wt *wycheproofTestRsaes) bool { |
| 1847 | ct, err := hex.DecodeString(wt.CT) | 1859 | ct, err := hex.DecodeString(wt.CT) |
| 1848 | if err != nil { | 1860 | if err != nil { |
| 1849 | log.Fatalf("Failed to decode cipher text %q: %v", wt.CT, err) | 1861 | log.Fatalf("Failed to decode cipher text %q: %v", wt.CT, err) |
| @@ -1907,7 +1919,7 @@ func runRSAOAEPTest(rsa *C.RSA, sha *C.EVP_MD, mgfSha *C.EVP_MD, wt *wycheproofT | |||
| 1907 | return success | 1919 | return success |
| 1908 | } | 1920 | } |
| 1909 | 1921 | ||
| 1910 | func runRSAOAEPTestGroup(algorithm string, wtg *wycheproofTestGroupRSAESOAEP) bool { | 1922 | func runRsaesOaepTestGroup(algorithm string, wtg *wycheproofTestGroupRsaesOaep) bool { |
| 1911 | fmt.Printf("Running %v test group %v with key size %d MGF %v and %v...\n", | 1923 | fmt.Printf("Running %v test group %v with key size %d MGF %v and %v...\n", |
| 1912 | algorithm, wtg.Type, wtg.KeySize, wtg.MGFSHA, wtg.SHA) | 1924 | algorithm, wtg.Type, wtg.KeySize, wtg.MGFSHA, wtg.SHA) |
| 1913 | 1925 | ||
| @@ -1947,7 +1959,84 @@ func runRSAOAEPTestGroup(algorithm string, wtg *wycheproofTestGroupRSAESOAEP) bo | |||
| 1947 | 1959 | ||
| 1948 | success := true | 1960 | success := true |
| 1949 | for _, wt := range wtg.Tests { | 1961 | for _, wt := range wtg.Tests { |
| 1950 | if !runRSAOAEPTest(rsa, sha, mgfSha, wt) { | 1962 | if !runRsaesOaepTest(rsa, sha, mgfSha, wt) { |
| 1963 | success = false | ||
| 1964 | } | ||
| 1965 | } | ||
| 1966 | return success | ||
| 1967 | } | ||
| 1968 | |||
| 1969 | func runRsaesPkcs1Test(rsa *C.RSA, wt *wycheproofTestRsaes) bool { | ||
| 1970 | ct, err := hex.DecodeString(wt.CT) | ||
| 1971 | if err != nil { | ||
| 1972 | log.Fatalf("Failed to decode cipher text %q: %v", wt.CT, err) | ||
| 1973 | } | ||
| 1974 | ctLen := len(ct) | ||
| 1975 | if ctLen == 0 { | ||
| 1976 | ct = append(ct, 0) | ||
| 1977 | } | ||
| 1978 | |||
| 1979 | rsaSize := C.RSA_size(rsa) | ||
| 1980 | decrypted := make([]byte, rsaSize) | ||
| 1981 | |||
| 1982 | success := true | ||
| 1983 | |||
| 1984 | ret := C.RSA_private_decrypt(C.int(ctLen), (*C.uchar)(unsafe.Pointer(&ct[0])), (*C.uchar)(unsafe.Pointer(&decrypted[0])), rsa, C.RSA_PKCS1_PADDING) | ||
| 1985 | |||
| 1986 | if ret == -1 { | ||
| 1987 | success = (wt.Result == "invalid") | ||
| 1988 | |||
| 1989 | if !success { | ||
| 1990 | fmt.Printf("FAIL: Test case %d (%q) %v - got %d, want %d. Expected: %v\n", wt.TCID, wt.Comment, wt.Flags, ret, len(wt.Msg)/2, wt.Result) | ||
| 1991 | } | ||
| 1992 | return success | ||
| 1993 | } | ||
| 1994 | |||
| 1995 | msg, err := hex.DecodeString(wt.Msg) | ||
| 1996 | if err != nil { | ||
| 1997 | log.Fatalf("Failed to decode message %q: %v", wt.Msg, err) | ||
| 1998 | } | ||
| 1999 | |||
| 2000 | if int(ret) != len(msg) { | ||
| 2001 | success = false | ||
| 2002 | fmt.Printf("FAIL: Test case %d (%q) %v - got %d, want %d. Expected: %v\n", wt.TCID, wt.Comment, wt.Flags, ret, len(msg), wt.Result) | ||
| 2003 | } else if !bytes.Equal(msg, decrypted[:len(msg)]) { | ||
| 2004 | success = false | ||
| 2005 | fmt.Printf("FAIL: Test case %d (%q) %v - expected and calculated message differ. Expected: %v", wt.TCID, wt.Comment, wt.Flags, wt.Result) | ||
| 2006 | } | ||
| 2007 | |||
| 2008 | return success | ||
| 2009 | } | ||
| 2010 | |||
| 2011 | func runRsaesPkcs1TestGroup(algorithm string, wtg *wycheproofTestGroupRsaesPkcs1) bool { | ||
| 2012 | fmt.Printf("Running %v test group %v with key size %d...\n", algorithm, wtg.Type, wtg.KeySize) | ||
| 2013 | rsa := C.RSA_new() | ||
| 2014 | if rsa == nil { | ||
| 2015 | log.Fatal("RSA_new failed") | ||
| 2016 | } | ||
| 2017 | defer C.RSA_free(rsa) | ||
| 2018 | |||
| 2019 | d := C.CString(wtg.D) | ||
| 2020 | if C.BN_hex2bn(&rsa.d, d) == 0 { | ||
| 2021 | log.Fatal("Failed to set RSA d") | ||
| 2022 | } | ||
| 2023 | C.free(unsafe.Pointer(d)) | ||
| 2024 | |||
| 2025 | e := C.CString(wtg.E) | ||
| 2026 | if C.BN_hex2bn(&rsa.e, e) == 0 { | ||
| 2027 | log.Fatal("Failed to set RSA e") | ||
| 2028 | } | ||
| 2029 | C.free(unsafe.Pointer(e)) | ||
| 2030 | |||
| 2031 | n := C.CString(wtg.N) | ||
| 2032 | if C.BN_hex2bn(&rsa.n, n) == 0 { | ||
| 2033 | log.Fatal("Failed to set RSA n") | ||
| 2034 | } | ||
| 2035 | C.free(unsafe.Pointer(n)) | ||
| 2036 | |||
| 2037 | success := true | ||
| 2038 | for _, wt := range wtg.Tests { | ||
| 2039 | if !runRsaesPkcs1Test(rsa, wt) { | ||
| 1951 | success = false | 2040 | success = false |
| 1952 | } | 2041 | } |
| 1953 | } | 2042 | } |
| @@ -2226,7 +2315,9 @@ func runTestVectors(path string, webcrypto bool) bool { | |||
| 2226 | case "KW": | 2315 | case "KW": |
| 2227 | wtg = &wycheproofTestGroupKW{} | 2316 | wtg = &wycheproofTestGroupKW{} |
| 2228 | case "RSAES-OAEP": | 2317 | case "RSAES-OAEP": |
| 2229 | wtg= &wycheproofTestGroupRSAESOAEP{} | 2318 | wtg= &wycheproofTestGroupRsaesOaep{} |
| 2319 | case "RSAES-PKCS1-v1_5": | ||
| 2320 | wtg= &wycheproofTestGroupRsaesPkcs1{} | ||
| 2230 | case "RSASSA-PSS": | 2321 | case "RSASSA-PSS": |
| 2231 | wtg = &wycheproofTestGroupRSASSA{} | 2322 | wtg = &wycheproofTestGroupRSASSA{} |
| 2232 | case "RSASig": | 2323 | case "RSASig": |
| @@ -2293,7 +2384,11 @@ func runTestVectors(path string, webcrypto bool) bool { | |||
| 2293 | success = false | 2384 | success = false |
| 2294 | } | 2385 | } |
| 2295 | case "RSAES-OAEP": | 2386 | case "RSAES-OAEP": |
| 2296 | if !runRSAOAEPTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRSAESOAEP)) { | 2387 | if !runRsaesOaepTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRsaesOaep)) { |
| 2388 | success = false | ||
| 2389 | } | ||
| 2390 | case "RSAES-PKCS1-v1_5": | ||
| 2391 | if !runRsaesPkcs1TestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRsaesPkcs1)) { | ||
| 2297 | success = false | 2392 | success = false |
| 2298 | } | 2393 | } |
| 2299 | case "RSASSA-PSS": | 2394 | case "RSASSA-PSS": |