wycheproof: add support for EcCurve tests

This checks for a collection of prime order groups (secp, Brainpool, FRP) the curve parameters are corrct. The collection is a superset of our built-in curves, so we get one more validation for exxentially free.
author: tb <> 2025-09-05 14:06:15 +0000
committer: tb <> 2025-09-05 14:06:15 +0000
commit: 202355c2e341cf7389d3a0c48b1a96799216d222 (patch)
tree: 4743365df9f47e85a7b15f339f8c345f2a2ca678 /src
parent: a52f774428b343a9da61050f2a817d96cb494261 (diff)
download: openbsd-202355c2e341cf7389d3a0c48b1a96799216d222.tar.gz
openbsd-202355c2e341cf7389d3a0c48b1a96799216d222.tar.bz2
openbsd-202355c2e341cf7389d3a0c48b1a96799216d222.zip
1 files changed, 103 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 5a0c0d68ef..bf9901cf2f 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.177 2025/09/05 14:01:56 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.178 2025/09/05 14:06:15 tb Exp $ */
 /*
 * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2018,2019,2022-2024 Theo Buehler <tb@openbsd.org>
@@ -382,6 +382,32 @@ type wycheproofTestGroupECDSAWebCrypto struct {
        Tests  []*wycheproofTestECDSA `json:"tests"`
 }
+type wycheproofTestEcCurve struct {
+        TCID    int      `json:"tcId"`
+        Comment string   `json:"comment"`
+        Flags   []string `json:"flags"`
+        Name    string   `json:"name"`
+        OID     string   `json:"oid"`
+        Ref     string   `json:"ref"`
+        P       *BigInt  `json:"p"`
+        N       *BigInt  `json:"n"`
+        A       *BigInt  `json:"a"`
+        B       *BigInt  `json:"b"`
+        Gx      *BigInt  `json:"gx"`
+        Gy      *BigInt  `json:"gy"`
+        H       int      `json:"h"`
+        Result  string   `json:"result"`
+}
+func (wt *wycheproofTestEcCurve) String() string {
+        return wycheproofFormatTestCase(wt.TCID, wt.Comment, wt.Flags, wt.Result)
+}
+type wycheproofTestGroupEcCurve struct {
+        Type  string                   `json:"type"`
+        Tests []*wycheproofTestEcCurve `json:"tests"`
+}
 type wycheproofJWKEdDSA struct {
        Crv string `json:"crv"`
        D   string `json:"d"`
@@ -2030,6 +2056,79 @@ func (wtg *wycheproofTestGroupECDSAWebCrypto) run(algorithm string, variant test
        return success
 }
+func runEcCurveTest(wt *wycheproofTestEcCurve) bool {
+        oid := C.CString(wt.OID)
+        defer C.free(unsafe.Pointer(oid))
+        nid := C.OBJ_txt2nid(oid)
+        if nid == C.NID_undef {
+                fmt.Printf("INFO: %s: %s: unknown OID %s\n", wt, wt.Name, wt.OID)
+                return false
+        }
+        builtinGroup := C.EC_GROUP_new_by_curve_name(nid)
+        defer C.EC_GROUP_free(builtinGroup)
+        if builtinGroup == nil {
+                fmt.Printf("INFO: %s: %s: no builtin curve for OID %s\n", wt, wt.Name, wt.OID)
+                return true
+        }
+        
+        p := mustConvertBigIntToBigNum(wt.P)
+        defer C.BN_free(p)
+        a := mustConvertBigIntToBigNum(wt.A)
+        defer C.BN_free(a)
+        b := mustConvertBigIntToBigNum(wt.B)
+        defer C.BN_free(b)
+        n := mustConvertBigIntToBigNum(wt.N)
+        defer C.BN_free(n)
+        x := mustConvertBigIntToBigNum(wt.Gx)
+        defer C.BN_free(x)
+        y := mustConvertBigIntToBigNum(wt.Gy)
+        defer C.BN_free(y)
+        group := C.EC_GROUP_new_curve_GFp(p, a, b, (*C.BN_CTX)(nil))
+        defer C.EC_GROUP_free(group)
+        if group == nil {
+                log.Fatalf("EC_GROUP_new_curve_GFp failed")
+        }
+        point := C.EC_POINT_new(group)
+        defer C.EC_POINT_free(point)
+        if point == nil {
+                log.Fatalf("EC_POINT_new failed")
+        }
+        if C.EC_POINT_set_affine_coordinates(group, point, x, y, (*C.BN_CTX)(nil)) == 0 {
+                log.Fatalf("EC_POINT_set_affine_coordinates failed")
+        }
+        if C.EC_GROUP_set_generator(group, point, n, (*C.BIGNUM)(nil)) == 0 {
+                log.Fatalf("EC_POINT_set_generator failed")
+        }
+        success := true
+        if C.EC_GROUP_cmp(group, builtinGroup, (*C.BN_CTX)(nil)) != 0 {
+                fmt.Printf("FAIL: %s %s builtin curve has wrong parameters\n", wt, wt.Name)
+                success = false
+        }
+        return success
+}
+func (wtg *wycheproofTestGroupEcCurve) run(algorithm string, variant testVariant) bool {
+        fmt.Printf("Running %v test group %v...\n", algorithm, wtg.Type)
+        success := true
+        for _, wt := range wtg.Tests {
+                if !runEcCurveTest(wt) {
+                        success = false
+                }
+        }
+        return success
+}
 func runEdDSATest(pkey *C.EVP_PKEY, wt *wycheproofTestEdDSA) bool {
        mdctx := C.EVP_MD_CTX_new()
        if mdctx == nil {
@@ -2717,6 +2816,8 @@ func testGroupFromAlgorithm(algorithm string, variant testVariant) wycheproofTes
                return &wycheproofTestGroupChaCha{}
        case "DSA":
                return &wycheproofTestGroupDSA{}
+        case "EcCurveTest":
+                return &wycheproofTestGroupEcCurve{}
        case "ECDH":
                return &wycheproofTestGroupECDH{}
        case "ECDSA":
@@ -2846,6 +2947,7 @@ func main() {
                {v1, "ChaCha20-Poly1305", "chacha20_poly1305_test.json", Normal},
                {v1, "DSA", "dsa_*test.json", Normal},
                {v1, "DSA", "dsa_*_p1363_test.json", P1363},
+                {v1, "EcCurveTest", "ec_prime_order_curves_test.json", Normal},
                {v1, "ECDH", "ecdh_[^w_]*_test.json", Normal},
                {v1, "ECDH EcPoint", "ecdh_*_ecpoint_test.json", EcPoint},
                {v1, "ECDH webcrypto", "ecdh_*_webcrypto_test.json", Webcrypto},
author	tb <>	2025-09-05 14:06:15 +0000
committer	tb <>	2025-09-05 14:06:15 +0000
commit	202355c2e341cf7389d3a0c48b1a96799216d222 (patch)
tree	4743365df9f47e85a7b15f339f8c345f2a2ca678 /src
parent	a52f774428b343a9da61050f2a817d96cb494261 (diff)
download	openbsd-202355c2e341cf7389d3a0c48b1a96799216d222.tar.gz openbsd-202355c2e341cf7389d3a0c48b1a96799216d222.tar.bz2 openbsd-202355c2e341cf7389d3a0c48b1a96799216d222.zip

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 5a0c0d68ef..bf9901cf2f 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wycheproof.go,v 1.177 2025/09/05 14:01:56 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.178 2025/09/05 14:06:15 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2018,2019,2022-2024 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018,2019,2022-2024 Theo Buehler <tb@openbsd.org>
@@ -382,6 +382,32 @@ type wycheproofTestGroupECDSAWebCrypto struct {
382	Tests []*wycheproofTestECDSA `json:"tests"`	382	Tests []*wycheproofTestECDSA `json:"tests"`
383	}	383	}
384		384
		385	type wycheproofTestEcCurve struct {
		386	TCID int `json:"tcId"`
		387	Comment string `json:"comment"`
		388	Flags []string `json:"flags"`
		389	Name string `json:"name"`
		390	OID string `json:"oid"`
		391	Ref string `json:"ref"`
		392	P *BigInt `json:"p"`
		393	N *BigInt `json:"n"`
		394	A *BigInt `json:"a"`
		395	B *BigInt `json:"b"`
		396	Gx *BigInt `json:"gx"`
		397	Gy *BigInt `json:"gy"`
		398	H int `json:"h"`
		399	Result string `json:"result"`
		400	}
		401
		402	func (wt *wycheproofTestEcCurve) String() string {
		403	return wycheproofFormatTestCase(wt.TCID, wt.Comment, wt.Flags, wt.Result)
		404	}
		405
		406	type wycheproofTestGroupEcCurve struct {
		407	Type string `json:"type"`
		408	Tests []*wycheproofTestEcCurve `json:"tests"`
		409	}
		410
385	type wycheproofJWKEdDSA struct {	411	type wycheproofJWKEdDSA struct {
386	Crv string `json:"crv"`	412	Crv string `json:"crv"`
387	D string `json:"d"`	413	D string `json:"d"`
@@ -2030,6 +2056,79 @@ func (wtg *wycheproofTestGroupECDSAWebCrypto) run(algorithm string, variant test
2030	return success	2056	return success
2031	}	2057	}
2032		2058
		2059	func runEcCurveTest(wt *wycheproofTestEcCurve) bool {
		2060	oid := C.CString(wt.OID)
		2061	defer C.free(unsafe.Pointer(oid))
		2062
		2063	nid := C.OBJ_txt2nid(oid)
		2064	if nid == C.NID_undef {
		2065	fmt.Printf("INFO: %s: %s: unknown OID %s\n", wt, wt.Name, wt.OID)
		2066	return false
		2067	}
		2068
		2069	builtinGroup := C.EC_GROUP_new_by_curve_name(nid)
		2070	defer C.EC_GROUP_free(builtinGroup)
		2071
		2072	if builtinGroup == nil {
		2073	fmt.Printf("INFO: %s: %s: no builtin curve for OID %s\n", wt, wt.Name, wt.OID)
		2074	return true
		2075	}
		2076
		2077	p := mustConvertBigIntToBigNum(wt.P)
		2078	defer C.BN_free(p)
		2079	a := mustConvertBigIntToBigNum(wt.A)
		2080	defer C.BN_free(a)
		2081	b := mustConvertBigIntToBigNum(wt.B)
		2082	defer C.BN_free(b)
		2083	n := mustConvertBigIntToBigNum(wt.N)
		2084	defer C.BN_free(n)
		2085	x := mustConvertBigIntToBigNum(wt.Gx)
		2086	defer C.BN_free(x)
		2087	y := mustConvertBigIntToBigNum(wt.Gy)
		2088	defer C.BN_free(y)
		2089
		2090	group := C.EC_GROUP_new_curve_GFp(p, a, b, (*C.BN_CTX)(nil))
		2091	defer C.EC_GROUP_free(group)
		2092
		2093	if group == nil {
		2094	log.Fatalf("EC_GROUP_new_curve_GFp failed")
		2095	}
		2096
		2097	point := C.EC_POINT_new(group)
		2098	defer C.EC_POINT_free(point)
		2099
		2100	if point == nil {
		2101	log.Fatalf("EC_POINT_new failed")
		2102	}
		2103
		2104	if C.EC_POINT_set_affine_coordinates(group, point, x, y, (*C.BN_CTX)(nil)) == 0 {
		2105	log.Fatalf("EC_POINT_set_affine_coordinates failed")
		2106	}
		2107
		2108	if C.EC_GROUP_set_generator(group, point, n, (*C.BIGNUM)(nil)) == 0 {
		2109	log.Fatalf("EC_POINT_set_generator failed")
		2110	}
		2111
		2112	success := true
		2113	if C.EC_GROUP_cmp(group, builtinGroup, (*C.BN_CTX)(nil)) != 0 {
		2114	fmt.Printf("FAIL: %s %s builtin curve has wrong parameters\n", wt, wt.Name)
		2115	success = false
		2116	}
		2117	return success
		2118	}
		2119
		2120	func (wtg *wycheproofTestGroupEcCurve) run(algorithm string, variant testVariant) bool {
		2121	fmt.Printf("Running %v test group %v...\n", algorithm, wtg.Type)
		2122
		2123	success := true
		2124	for _, wt := range wtg.Tests {
		2125	if !runEcCurveTest(wt) {
		2126	success = false
		2127	}
		2128	}
		2129	return success
		2130	}
		2131
2033	func runEdDSATest(pkey C.EVP_PKEY, wt wycheproofTestEdDSA) bool {	2132	func runEdDSATest(pkey C.EVP_PKEY, wt wycheproofTestEdDSA) bool {
2034	mdctx := C.EVP_MD_CTX_new()	2133	mdctx := C.EVP_MD_CTX_new()
2035	if mdctx == nil {	2134	if mdctx == nil {
@@ -2717,6 +2816,8 @@ func testGroupFromAlgorithm(algorithm string, variant testVariant) wycheproofTes
2717	return &wycheproofTestGroupChaCha{}	2816	return &wycheproofTestGroupChaCha{}
2718	case "DSA":	2817	case "DSA":
2719	return &wycheproofTestGroupDSA{}	2818	return &wycheproofTestGroupDSA{}
		2819	case "EcCurveTest":
		2820	return &wycheproofTestGroupEcCurve{}
2720	case "ECDH":	2821	case "ECDH":
2721	return &wycheproofTestGroupECDH{}	2822	return &wycheproofTestGroupECDH{}
2722	case "ECDSA":	2823	case "ECDSA":
@@ -2846,6 +2947,7 @@ func main() {
2846	{v1, "ChaCha20-Poly1305", "chacha20_poly1305_test.json", Normal},	2947	{v1, "ChaCha20-Poly1305", "chacha20_poly1305_test.json", Normal},
2847	{v1, "DSA", "dsa_*test.json", Normal},	2948	{v1, "DSA", "dsa_*test.json", Normal},
2848	{v1, "DSA", "dsa_*_p1363_test.json", P1363},	2949	{v1, "DSA", "dsa_*_p1363_test.json", P1363},
		2950	{v1, "EcCurveTest", "ec_prime_order_curves_test.json", Normal},
2849	{v1, "ECDH", "ecdh_[^w_]*_test.json", Normal},	2951	{v1, "ECDH", "ecdh_[^w_]*_test.json", Normal},
2850	{v1, "ECDH EcPoint", "ecdh_*_ecpoint_test.json", EcPoint},	2952	{v1, "ECDH EcPoint", "ecdh_*_ecpoint_test.json", EcPoint},
2851	{v1, "ECDH webcrypto", "ecdh_*_webcrypto_test.json", Webcrypto},	2953	{v1, "ECDH webcrypto", "ecdh_*_webcrypto_test.json", Webcrypto},