Add initial Wycheproof EdDSA test coverage

author: tb <> 2022-11-17 19:07:52 +0000
committer: tb <> 2022-11-17 19:07:52 +0000
commit: 0504f59283ccc7094091b7208ebf93447dac3e17 (patch)
tree: f5f516907f1d86a06de9d785baded98af0222d03 /src
parent: e165e48439b7352951e9b611223bb89cf830062e (diff)
download: openbsd-0504f59283ccc7094091b7208ebf93447dac3e17.tar.gz
openbsd-0504f59283ccc7094091b7208ebf93447dac3e17.tar.bz2
openbsd-0504f59283ccc7094091b7208ebf93447dac3e17.zip
1 files changed, 111 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 1d671742ee..d004ee619f 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.129 2022/11/16 08:34:07 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.130 2022/11/17 19:07:52 tb Exp $ */
 /*
 * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2018,2019,2022 Theo Buehler <tb@openbsd.org>
@@ -298,6 +298,40 @@ type wycheproofTestGroupECDSAWebCrypto struct {
        Tests  []*wycheproofTestECDSA `json:"tests"`
 }
+type wycheproofJWKEdDSA struct {
+        Crv string `json:"crv"`
+        D   string `json:"d"`
+        KID string `json:"kid"`
+        KTY string `json:"kty"`
+        X   string `json:"x"`
+}
+type wycheproofEdDSAKey struct {
+        Curve   string `json:"curve"`
+        KeySize int    `json:"keySize"`
+        Pk      string `json:"pk"`
+        Sk      string `json:"sk"`
+        Type    string `json:"type"`
+}
+type wycheproofTestEdDSA struct {
+        TCID    int      `json:"tcId"`
+        Comment string   `json:"comment"`
+        Msg     string   `json:"msg"`
+        Sig     string   `json:"sig"`
+        Result  string   `json:"result"`
+        Flags   []string `json:"flags"`
+}
+type wycheproofTestGroupEdDSA struct {
+        JWK    *wycheproofJWKEdDSA    `json:"jwk"`
+        Key    *wycheproofEdDSAKey    `json:"key"`
+        KeyDer string                 `json:"keyDer"`
+        KeyPem string                 `json:"keyPem"`
+        Type   string                 `json:"type"`
+        Tests  []*wycheproofTestEdDSA `json:"tests"`
+}
 type wycheproofTestHkdf struct {
        TCID    int      `json:"tcId"`
        Comment string   `json:"comment"`
@@ -1956,6 +1990,74 @@ func runECDSAWebCryptoTestGroup(algorithm string, wtg *wycheproofTestGroupECDSAW
        return success
 }
+func runEdDSATest(pkey *C.EVP_PKEY, wt *wycheproofTestEdDSA) bool {
+        mdctx := C.EVP_MD_CTX_new()
+        if mdctx == nil {
+                log.Fatal("EVP_MD_CTX_new failed")
+        }
+        defer C.EVP_MD_CTX_free(mdctx)
+        if C.EVP_DigestVerifyInit(mdctx, nil, nil, nil, pkey) != 1 {
+                log.Fatal("EVP_DigestVerifyInit failed")
+        }
+        msg, err := hex.DecodeString(wt.Msg)
+        if err != nil {
+                log.Fatalf("Failed to decode Message %q: %v", wt.Msg, err)
+        }
+        msgLen := len(msg);
+        if msgLen == 0 {
+                msg = append(msg, 0)
+        }
+        sig, err := hex.DecodeString(wt.Sig)
+        if err != nil {
+                log.Fatalf("Failed to decode Signature %q: %v", wt.Sig, err)
+        }
+        sigLen := len(sig)
+        if sigLen == 0 {
+                sig = append(sig, 0)
+        }
+        ret := C.EVP_DigestVerify(mdctx, (*C.uchar)(unsafe.Pointer(&sig[0])), (C.size_t)(sigLen), (*C.uchar)(unsafe.Pointer(&msg[0])), (C.size_t)(msgLen))
+        success := true
+        if (ret == 1) != (wt.Result == "valid") {
+                fmt.Printf("FAIL: Test case %d (%q) %v - EVP_DigestVerify() = %d, want %v\n",
+                        wt.TCID, wt.Comment, wt.Flags, int(ret), wt.Result)
+                success = false
+        }
+        return success
+}
+func runEdDSATestGroup(algorithm string, wtg *wycheproofTestGroupEdDSA) bool {
+        fmt.Printf("Running %v test group %v...\n", algorithm, wtg.Type)
+        if wtg.Key.Curve != "edwards25519" || wtg.Key.KeySize != 255 {
+                fmt.Printf("INFO: Unexpected curve or key size. want (\"edwards25519\", 255), got (%q, %d)\n", wtg.Key.Curve, wtg.Key.KeySize)
+                return false
+        }
+        pubKey, err := hex.DecodeString(wtg.Key.Pk)
+        if err != nil {
+                log.Fatalf("Failed to decode Pubkey %q: %v", wtg.Key.Pk, err)
+        }
+        pkey := C.EVP_PKEY_new_raw_public_key(C.EVP_PKEY_ED25519, nil, (*C.uchar)(unsafe.Pointer(&pubKey[0])), (C.size_t)(len(pubKey)))
+        if pkey == nil {
+                log.Fatal("EVP_PKEY_new_raw_public_key failed")
+        }
+        defer C.EVP_PKEY_free(pkey)
+        success := true
+        for _, wt := range wtg.Tests {
+                if !runEdDSATest(pkey, wt) {
+                        success = false
+                }
+        }
+        return success
+}
 func runHkdfTest(md *C.EVP_MD, wt *wycheproofTestHkdf) bool {
        ikm, err := hex.DecodeString(wt.Ikm)
        if err != nil {
@@ -2769,6 +2871,8 @@ func runTestVectors(path string, variant testVariant) bool {
                default:
                        wtg = &wycheproofTestGroupECDSA{}
                }
+        case "EDDSA":
+                wtg = &wycheproofTestGroupEdDSA{}
        case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":
                wtg = &wycheproofTestGroupHkdf{}
        case "HMACSHA1", "HMACSHA224", "HMACSHA256", "HMACSHA384", "HMACSHA512":
@@ -2844,6 +2948,10 @@ func runTestVectors(path string, variant testVariant) bool {
                                        success = false
                                }
                        }
+                case "EDDSA":
+                        if !runEdDSATestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupEdDSA)) {
+                                success = false
+                        }
                case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":
                        if !runHkdfTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupHkdf)) {
                                success = false
@@ -2917,6 +3025,8 @@ func main() {
                {"ECDSA", "ecdsa_[^w]*test.json", Normal},
                {"ECDSA P1363", "ecdsa_*_p1363_test.json", P1363},
                {"ECDSA webcrypto", "ecdsa_webcrypto_test.json", Webcrypto},
+                {"EDDSA", "eddsa_test.json", Normal},
+                {"ED448", "ed448_test.json", Skip},
                {"HKDF", "hkdf_sha*_test.json", Normal},
                {"HMAC", "hmac_sha*_test.json", Normal},
                {"KW", "kw_test.json", Normal},
author	tb <>	2022-11-17 19:07:52 +0000
committer	tb <>	2022-11-17 19:07:52 +0000
commit	0504f59283ccc7094091b7208ebf93447dac3e17 (patch)
tree	f5f516907f1d86a06de9d785baded98af0222d03 /src
parent	e165e48439b7352951e9b611223bb89cf830062e (diff)
download	openbsd-0504f59283ccc7094091b7208ebf93447dac3e17.tar.gz openbsd-0504f59283ccc7094091b7208ebf93447dac3e17.tar.bz2 openbsd-0504f59283ccc7094091b7208ebf93447dac3e17.zip

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 1d671742ee..d004ee619f 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wycheproof.go,v 1.129 2022/11/16 08:34:07 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.130 2022/11/17 19:07:52 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2018,2019,2022 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018,2019,2022 Theo Buehler <tb@openbsd.org>
@@ -298,6 +298,40 @@ type wycheproofTestGroupECDSAWebCrypto struct {
298	Tests []*wycheproofTestECDSA `json:"tests"`	298	Tests []*wycheproofTestECDSA `json:"tests"`
299	}	299	}
300		300
		301	type wycheproofJWKEdDSA struct {
		302	Crv string `json:"crv"`
		303	D string `json:"d"`
		304	KID string `json:"kid"`
		305	KTY string `json:"kty"`
		306	X string `json:"x"`
		307	}
		308
		309	type wycheproofEdDSAKey struct {
		310	Curve string `json:"curve"`
		311	KeySize int `json:"keySize"`
		312	Pk string `json:"pk"`
		313	Sk string `json:"sk"`
		314	Type string `json:"type"`
		315	}
		316
		317	type wycheproofTestEdDSA struct {
		318	TCID int `json:"tcId"`
		319	Comment string `json:"comment"`
		320	Msg string `json:"msg"`
		321	Sig string `json:"sig"`
		322	Result string `json:"result"`
		323	Flags []string `json:"flags"`
		324	}
		325
		326	type wycheproofTestGroupEdDSA struct {
		327	JWK *wycheproofJWKEdDSA `json:"jwk"`
		328	Key *wycheproofEdDSAKey `json:"key"`
		329	KeyDer string `json:"keyDer"`
		330	KeyPem string `json:"keyPem"`
		331	Type string `json:"type"`
		332	Tests []*wycheproofTestEdDSA `json:"tests"`
		333	}
		334
301	type wycheproofTestHkdf struct {	335	type wycheproofTestHkdf struct {
302	TCID int `json:"tcId"`	336	TCID int `json:"tcId"`
303	Comment string `json:"comment"`	337	Comment string `json:"comment"`
@@ -1956,6 +1990,74 @@ func runECDSAWebCryptoTestGroup(algorithm string, wtg *wycheproofTestGroupECDSAW
1956	return success	1990	return success
1957	}	1991	}
1958		1992
		1993	func runEdDSATest(pkey C.EVP_PKEY, wt wycheproofTestEdDSA) bool {
		1994	mdctx := C.EVP_MD_CTX_new()
		1995	if mdctx == nil {
		1996	log.Fatal("EVP_MD_CTX_new failed")
		1997	}
		1998	defer C.EVP_MD_CTX_free(mdctx)
		1999
		2000	if C.EVP_DigestVerifyInit(mdctx, nil, nil, nil, pkey) != 1 {
		2001	log.Fatal("EVP_DigestVerifyInit failed")
		2002	}
		2003
		2004	msg, err := hex.DecodeString(wt.Msg)
		2005	if err != nil {
		2006	log.Fatalf("Failed to decode Message %q: %v", wt.Msg, err)
		2007	}
		2008	msgLen := len(msg);
		2009	if msgLen == 0 {
		2010	msg = append(msg, 0)
		2011	}
		2012
		2013	sig, err := hex.DecodeString(wt.Sig)
		2014	if err != nil {
		2015	log.Fatalf("Failed to decode Signature %q: %v", wt.Sig, err)
		2016	}
		2017	sigLen := len(sig)
		2018	if sigLen == 0 {
		2019	sig = append(sig, 0)
		2020	}
		2021
		2022	ret := C.EVP_DigestVerify(mdctx, (C.uchar)(unsafe.Pointer(&sig[0])), (C.size_t)(sigLen), (C.uchar)(unsafe.Pointer(&msg[0])), (C.size_t)(msgLen))
		2023
		2024	success := true
		2025	if (ret == 1) != (wt.Result == "valid") {
		2026	fmt.Printf("FAIL: Test case %d (%q) %v - EVP_DigestVerify() = %d, want %v\n",
		2027	wt.TCID, wt.Comment, wt.Flags, int(ret), wt.Result)
		2028	success = false
		2029	}
		2030	return success
		2031	}
		2032
		2033	func runEdDSATestGroup(algorithm string, wtg *wycheproofTestGroupEdDSA) bool {
		2034	fmt.Printf("Running %v test group %v...\n", algorithm, wtg.Type)
		2035
		2036	if wtg.Key.Curve != "edwards25519" \|\| wtg.Key.KeySize != 255 {
		2037	fmt.Printf("INFO: Unexpected curve or key size. want (\"edwards25519\", 255), got (%q, %d)\n", wtg.Key.Curve, wtg.Key.KeySize)
		2038	return false
		2039	}
		2040
		2041	pubKey, err := hex.DecodeString(wtg.Key.Pk)
		2042	if err != nil {
		2043	log.Fatalf("Failed to decode Pubkey %q: %v", wtg.Key.Pk, err)
		2044	}
		2045
		2046	pkey := C.EVP_PKEY_new_raw_public_key(C.EVP_PKEY_ED25519, nil, (*C.uchar)(unsafe.Pointer(&pubKey[0])), (C.size_t)(len(pubKey)))
		2047	if pkey == nil {
		2048	log.Fatal("EVP_PKEY_new_raw_public_key failed")
		2049	}
		2050	defer C.EVP_PKEY_free(pkey)
		2051
		2052	success := true
		2053	for _, wt := range wtg.Tests {
		2054	if !runEdDSATest(pkey, wt) {
		2055	success = false
		2056	}
		2057	}
		2058	return success
		2059	}
		2060
1959	func runHkdfTest(md C.EVP_MD, wt wycheproofTestHkdf) bool {	2061	func runHkdfTest(md C.EVP_MD, wt wycheproofTestHkdf) bool {
1960	ikm, err := hex.DecodeString(wt.Ikm)	2062	ikm, err := hex.DecodeString(wt.Ikm)
1961	if err != nil {	2063	if err != nil {
@@ -2769,6 +2871,8 @@ func runTestVectors(path string, variant testVariant) bool {
2769	default:	2871	default:
2770	wtg = &wycheproofTestGroupECDSA{}	2872	wtg = &wycheproofTestGroupECDSA{}
2771	}	2873	}
		2874	case "EDDSA":
		2875	wtg = &wycheproofTestGroupEdDSA{}
2772	case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":	2876	case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":
2773	wtg = &wycheproofTestGroupHkdf{}	2877	wtg = &wycheproofTestGroupHkdf{}
2774	case "HMACSHA1", "HMACSHA224", "HMACSHA256", "HMACSHA384", "HMACSHA512":	2878	case "HMACSHA1", "HMACSHA224", "HMACSHA256", "HMACSHA384", "HMACSHA512":
@@ -2844,6 +2948,10 @@ func runTestVectors(path string, variant testVariant) bool {
2844	success = false	2948	success = false
2845	}	2949	}
2846	}	2950	}
		2951	case "EDDSA":
		2952	if !runEdDSATestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupEdDSA)) {
		2953	success = false
		2954	}
2847	case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":	2955	case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":
2848	if !runHkdfTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupHkdf)) {	2956	if !runHkdfTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupHkdf)) {
2849	success = false	2957	success = false
@@ -2917,6 +3025,8 @@ func main() {
2917	{"ECDSA", "ecdsa_[^w]*test.json", Normal},	3025	{"ECDSA", "ecdsa_[^w]*test.json", Normal},
2918	{"ECDSA P1363", "ecdsa_*_p1363_test.json", P1363},	3026	{"ECDSA P1363", "ecdsa_*_p1363_test.json", P1363},
2919	{"ECDSA webcrypto", "ecdsa_webcrypto_test.json", Webcrypto},	3027	{"ECDSA webcrypto", "ecdsa_webcrypto_test.json", Webcrypto},
		3028	{"EDDSA", "eddsa_test.json", Normal},
		3029	{"ED448", "ed448_test.json", Skip},
2920	{"HKDF", "hkdf_sha*_test.json", Normal},	3030	{"HKDF", "hkdf_sha*_test.json", Normal},
2921	{"HMAC", "hmac_sha*_test.json", Normal},	3031	{"HMAC", "hmac_sha*_test.json", Normal},
2922	{"KW", "kw_test.json", Normal},	3032	{"KW", "kw_test.json", Normal},