wycheproof: retire the ECDSA webcrypto tests

The webcrypto test files for P-256, P-384, and P-521 are identical to the P1363 test files for these curves with the hashes SHA-256, SHA-384, and SHA-512, respectively. The only real differences in the test paths is the Go glue code to translate to libcrypto, so they're pointless.
author: tb <> 2025-09-07 19:26:28 +0000
committer: tb <> 2025-09-07 19:26:28 +0000
commit: 8c8f1d7b376ccf884f9621e1a973261f99fcf7e5 (patch)
tree: 6d0b132bcd9b426d9e44dfca02965a2657d109d2 /src/regress/lib/libc
parent: 98287b7cd5d64488bbaf57088225f91bd8e8a7f9 (diff)
download: openbsd-8c8f1d7b376ccf884f9621e1a973261f99fcf7e5.tar.gz
openbsd-8c8f1d7b376ccf884f9621e1a973261f99fcf7e5.tar.bz2
openbsd-8c8f1d7b376ccf884f9621e1a973261f99fcf7e5.zip
1 files changed, 2 insertions, 71 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 41e5794fdd..718369c5f4 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.183 2025/09/06 17:35:29 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.184 2025/09/07 19:26:28 tb Exp $ */
 /*
 * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org>
@@ -371,16 +371,6 @@ type wycheproofTestGroupECDSA struct {
        Tests  []*wycheproofTestECDSA `json:"tests"`
 }
-type wycheproofTestGroupECDSAWebCrypto struct {
-        JWK    *wycheproofJWKPublic   `json:"publicKeyJwk"`
-        Key    *wycheproofECDSAKey    `json:"publicKey"`
-        KeyDER string                 `json:"publicKeyDer"`
-        KeyPEM string                 `json:"publicKeyPem"`
-        SHA    string                 `json:"sha"`
-        Type   string                 `json:"type"`
-        Tests  []*wycheproofTestECDSA `json:"tests"`
-}
 type wycheproofTestEcCurve struct {
        TCID    int      `json:"tcId"`
        Comment string   `json:"comment"`
@@ -1858,7 +1848,7 @@ func runECDSATest(ecKey *C.EC_KEY, md *C.EVP_MD, nid int, variant testVariant, w
        msg, msgLen := mustHashHexMessage(md, wt.Msg)
        var ret C.int
-        if variant == Webcrypto || variant == P1363 {
+        if variant == P1363 {
                order_bytes := int((C.EC_GROUP_order_bits(C.EC_KEY_get0_group(ecKey)) + 7) / 8)
                if len(wt.Sig)/2 != 2*order_bytes {
                        if wt.Result == "valid" {
@@ -1993,61 +1983,6 @@ func encodeECDSAWebCryptoSig(wtSig string) (*C.uchar, C.int) {
        return cDer, derLen
 }
-func (wtg *wycheproofTestGroupECDSAWebCrypto) run(algorithm string, variant testVariant) bool {
-        fmt.Printf("Running %v test group %v with curve %v, key size %d and %v...\n", algorithm, wtg.Type, wtg.Key.Curve, wtg.Key.KeySize, wtg.SHA)
-        nid, err := nidFromString(wtg.JWK.Crv)
-        if err != nil {
-                log.Fatalf("Failed to get nid for curve: %v", err)
-        }
-        ecKey := C.EC_KEY_new_by_curve_name(C.int(nid))
-        if ecKey == nil {
-                log.Fatal("EC_KEY_new_by_curve_name failed")
-        }
-        defer C.EC_KEY_free(ecKey)
-        x, err := base64.RawURLEncoding.DecodeString(wtg.JWK.X)
-        if err != nil {
-                log.Fatalf("Failed to base64 decode X: %v", err)
-        }
-        bnX := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&x[0])), C.int(len(x)), nil)
-        if bnX == nil {
-                log.Fatal("Failed to decode X")
-        }
-        defer C.BN_free(bnX)
-        y, err := base64.RawURLEncoding.DecodeString(wtg.JWK.Y)
-        if err != nil {
-                log.Fatalf("Failed to base64 decode Y: %v", err)
-        }
-        bnY := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&y[0])), C.int(len(y)), nil)
-        if bnY == nil {
-                log.Fatal("Failed to decode Y")
-        }
-        defer C.BN_free(bnY)
-        if C.EC_KEY_set_public_key_affine_coordinates(ecKey, bnX, bnY) != 1 {
-                log.Fatal("Failed to set EC public key")
-        }
-        nid, err = nidFromString(wtg.SHA)
-        if err != nil {
-                log.Fatalf("Failed to get MD NID: %v", err)
-        }
-        md, err := hashEvpMdFromString(wtg.SHA)
-        if err != nil {
-                log.Fatalf("Failed to get hash: %v", err)
-        }
-        success := true
-        for _, wt := range wtg.Tests {
-                if !runECDSATest(ecKey, md, nid, Webcrypto, wt) {
-                        success = false
-                }
-        }
-        return success
-}
 func runEcCurveTest(wt *wycheproofTestEcCurve) bool {
        oid := C.CString(wt.OID)
        defer C.free(unsafe.Pointer(oid))
@@ -2794,9 +2729,6 @@ func testGroupFromAlgorithm(algorithm string, variant testVariant) wycheproofTes
        if algorithm == "ECDH" && variant == Webcrypto {
                return &wycheproofTestGroupECDHWebCrypto{}
        }
-        if algorithm == "ECDSA" && variant == Webcrypto {
-                return &wycheproofTestGroupECDSAWebCrypto{}
-        }
        switch algorithm {
        case "AES-CBC-PKCS5":
                return &wycheproofTestGroupAesCbcPkcs5{}
@@ -2936,7 +2868,6 @@ func main() {
                {"ECDH webcrypto", "ecdh_*_webcrypto_test.json", Webcrypto},
                {"ECDSA", "ecdsa_[^w]*test.json", Normal},
                {"ECDSA P1363", "ecdsa_*_sha[1-9][1-9][1-9]_p1363_test.json", P1363},
-                {"ECDSA webcrypto", "ecdsa_*_webcrypto_test.json", Webcrypto},
                {"ECDSA shake", "ecdsa_*_shake*_test.json", Skip},
                {"EDDSA", "ed25519_test.json", Normal},
                {"ED448", "ed448_test.json", Skip},
author	tb <>	2025-09-07 19:26:28 +0000
committer	tb <>	2025-09-07 19:26:28 +0000
commit	8c8f1d7b376ccf884f9621e1a973261f99fcf7e5 (patch)
tree	6d0b132bcd9b426d9e44dfca02965a2657d109d2 /src/regress/lib/libc
parent	98287b7cd5d64488bbaf57088225f91bd8e8a7f9 (diff)
download	openbsd-8c8f1d7b376ccf884f9621e1a973261f99fcf7e5.tar.gz openbsd-8c8f1d7b376ccf884f9621e1a973261f99fcf7e5.tar.bz2 openbsd-8c8f1d7b376ccf884f9621e1a973261f99fcf7e5.zip

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 41e5794fdd..718369c5f4 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wycheproof.go,v 1.183 2025/09/06 17:35:29 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.184 2025/09/07 19:26:28 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018,2019,2022-2025 Theo Buehler <tb@openbsd.org>
@@ -371,16 +371,6 @@ type wycheproofTestGroupECDSA struct {
371	Tests []*wycheproofTestECDSA `json:"tests"`	371	Tests []*wycheproofTestECDSA `json:"tests"`
372	}	372	}
373		373
374	type wycheproofTestGroupECDSAWebCrypto struct {
375	JWK *wycheproofJWKPublic `json:"publicKeyJwk"`
376	Key *wycheproofECDSAKey `json:"publicKey"`
377	KeyDER string `json:"publicKeyDer"`
378	KeyPEM string `json:"publicKeyPem"`
379	SHA string `json:"sha"`
380	Type string `json:"type"`
381	Tests []*wycheproofTestECDSA `json:"tests"`
382	}
383
384	type wycheproofTestEcCurve struct {	374	type wycheproofTestEcCurve struct {
385	TCID int `json:"tcId"`	375	TCID int `json:"tcId"`
386	Comment string `json:"comment"`	376	Comment string `json:"comment"`
@@ -1858,7 +1848,7 @@ func runECDSATest(ecKey C.EC_KEY, md C.EVP_MD, nid int, variant testVariant, w
1858	msg, msgLen := mustHashHexMessage(md, wt.Msg)	1848	msg, msgLen := mustHashHexMessage(md, wt.Msg)
1859		1849
1860	var ret C.int	1850	var ret C.int
1861	if variant == Webcrypto \|\| variant == P1363 {	1851	if variant == P1363 {
1862	order_bytes := int((C.EC_GROUP_order_bits(C.EC_KEY_get0_group(ecKey)) + 7) / 8)	1852	order_bytes := int((C.EC_GROUP_order_bits(C.EC_KEY_get0_group(ecKey)) + 7) / 8)
1863	if len(wt.Sig)/2 != 2*order_bytes {	1853	if len(wt.Sig)/2 != 2*order_bytes {
1864	if wt.Result == "valid" {	1854	if wt.Result == "valid" {
@@ -1993,61 +1983,6 @@ func encodeECDSAWebCryptoSig(wtSig string) (*C.uchar, C.int) {
1993	return cDer, derLen	1983	return cDer, derLen
1994	}	1984	}
1995		1985
1996	func (wtg *wycheproofTestGroupECDSAWebCrypto) run(algorithm string, variant testVariant) bool {
1997	fmt.Printf("Running %v test group %v with curve %v, key size %d and %v...\n", algorithm, wtg.Type, wtg.Key.Curve, wtg.Key.KeySize, wtg.SHA)
1998
1999	nid, err := nidFromString(wtg.JWK.Crv)
2000	if err != nil {
2001	log.Fatalf("Failed to get nid for curve: %v", err)
2002	}
2003	ecKey := C.EC_KEY_new_by_curve_name(C.int(nid))
2004	if ecKey == nil {
2005	log.Fatal("EC_KEY_new_by_curve_name failed")
2006	}
2007	defer C.EC_KEY_free(ecKey)
2008
2009	x, err := base64.RawURLEncoding.DecodeString(wtg.JWK.X)
2010	if err != nil {
2011	log.Fatalf("Failed to base64 decode X: %v", err)
2012	}
2013	bnX := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&x[0])), C.int(len(x)), nil)
2014	if bnX == nil {
2015	log.Fatal("Failed to decode X")
2016	}
2017	defer C.BN_free(bnX)
2018
2019	y, err := base64.RawURLEncoding.DecodeString(wtg.JWK.Y)
2020	if err != nil {
2021	log.Fatalf("Failed to base64 decode Y: %v", err)
2022	}
2023	bnY := C.BN_bin2bn((*C.uchar)(unsafe.Pointer(&y[0])), C.int(len(y)), nil)
2024	if bnY == nil {
2025	log.Fatal("Failed to decode Y")
2026	}
2027	defer C.BN_free(bnY)
2028
2029	if C.EC_KEY_set_public_key_affine_coordinates(ecKey, bnX, bnY) != 1 {
2030	log.Fatal("Failed to set EC public key")
2031	}
2032
2033	nid, err = nidFromString(wtg.SHA)
2034	if err != nil {
2035	log.Fatalf("Failed to get MD NID: %v", err)
2036	}
2037	md, err := hashEvpMdFromString(wtg.SHA)
2038	if err != nil {
2039	log.Fatalf("Failed to get hash: %v", err)
2040	}
2041
2042	success := true
2043	for _, wt := range wtg.Tests {
2044	if !runECDSATest(ecKey, md, nid, Webcrypto, wt) {
2045	success = false
2046	}
2047	}
2048	return success
2049	}
2050
2051	func runEcCurveTest(wt *wycheproofTestEcCurve) bool {	1986	func runEcCurveTest(wt *wycheproofTestEcCurve) bool {
2052	oid := C.CString(wt.OID)	1987	oid := C.CString(wt.OID)
2053	defer C.free(unsafe.Pointer(oid))	1988	defer C.free(unsafe.Pointer(oid))
@@ -2794,9 +2729,6 @@ func testGroupFromAlgorithm(algorithm string, variant testVariant) wycheproofTes
2794	if algorithm == "ECDH" && variant == Webcrypto {	2729	if algorithm == "ECDH" && variant == Webcrypto {
2795	return &wycheproofTestGroupECDHWebCrypto{}	2730	return &wycheproofTestGroupECDHWebCrypto{}
2796	}	2731	}
2797	if algorithm == "ECDSA" && variant == Webcrypto {
2798	return &wycheproofTestGroupECDSAWebCrypto{}
2799	}
2800	switch algorithm {	2732	switch algorithm {
2801	case "AES-CBC-PKCS5":	2733	case "AES-CBC-PKCS5":
2802	return &wycheproofTestGroupAesCbcPkcs5{}	2734	return &wycheproofTestGroupAesCbcPkcs5{}
@@ -2936,7 +2868,6 @@ func main() {
2936	{"ECDH webcrypto", "ecdh_*_webcrypto_test.json", Webcrypto},	2868	{"ECDH webcrypto", "ecdh_*_webcrypto_test.json", Webcrypto},
2937	{"ECDSA", "ecdsa_[^w]*test.json", Normal},	2869	{"ECDSA", "ecdsa_[^w]*test.json", Normal},
2938	{"ECDSA P1363", "ecdsa_*_sha[1-9][1-9][1-9]_p1363_test.json", P1363},	2870	{"ECDSA P1363", "ecdsa_*_sha[1-9][1-9][1-9]_p1363_test.json", P1363},
2939	{"ECDSA webcrypto", "ecdsa_*_webcrypto_test.json", Webcrypto},
2940	{"ECDSA shake", "ecdsa__shake_test.json", Skip},	2871	{"ECDSA shake", "ecdsa__shake_test.json", Skip},
2941	{"EDDSA", "ed25519_test.json", Normal},	2872	{"EDDSA", "ed25519_test.json", Normal},
2942	{"ED448", "ed448_test.json", Skip},	2873	{"ED448", "ed448_test.json", Skip},