summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2025-09-05 11:25:50 +0000
committertb <>2025-09-05 11:25:50 +0000
commit3391ce89dec660073cd78f2b759e1b6ed694db25 (patch)
treeaa63560e924958484e83481795d3f953b587fc7a /src
parent9efa66bc164487616dbc6774e8f3fa925a4cee04 (diff)
downloadopenbsd-3391ce89dec660073cd78f2b759e1b6ed694db25.tar.gz
openbsd-3391ce89dec660073cd78f2b759e1b6ed694db25.tar.bz2
openbsd-3391ce89dec660073cd78f2b759e1b6ed694db25.zip
wycheproof: move ECDSA tests to v1
This excludes the bitcoin tests since our ECDSA_verify() doesn't have the logic to enforce s < order / 2 to avoid the well-known malleability issue with secp256k1 that (r, s) is valid if and only if (r, order - s) is valid. Moreover, add a workaround for overly picky P1363 tests where only correctly padded P1363 signatures are accepted. As the test authors say "To our knowledge no standard (i.e., IEEE P1363 or RFC 7515) requires any explicit checks of the signature size during signature verification." In fact, the problem really is in the test code, not in libcrypto and is a bit annoying to fix in a non-silly way.
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libcrypto/wycheproof/wycheproof.go29
1 files changed, 15 insertions, 14 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index ae7de6995b..3a2a1b7fde 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1/* $OpenBSD: wycheproof.go,v 1.174 2025/09/05 11:12:59 tb Exp $ */ 1/* $OpenBSD: wycheproof.go,v 1.175 2025/09/05 11:25:50 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018,2023 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2018,2019,2022-2024 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018,2019,2022-2024 Theo Buehler <tb@openbsd.org>
@@ -85,6 +85,7 @@ import (
85 "path/filepath" 85 "path/filepath"
86 "regexp" 86 "regexp"
87 "runtime" 87 "runtime"
88 "slices"
88 "strings" 89 "strings"
89 "sync" 90 "sync"
90 "unsafe" 91 "unsafe"
@@ -309,19 +310,19 @@ func (wt *wycheproofTestECDSA) String() string {
309} 310}
310 311
311type wycheproofTestGroupECDSA struct { 312type wycheproofTestGroupECDSA struct {
312 Key *wycheproofECDSAKey `json:"key"` 313 Key *wycheproofECDSAKey `json:"publicKey"`
313 KeyDER string `json:"keyDer"` 314 KeyDER string `json:"publicKeyDer"`
314 KeyPEM string `json:"keyPem"` 315 KeyPEM string `json:"publicKeyPem"`
315 SHA string `json:"sha"` 316 SHA string `json:"sha"`
316 Type string `json:"type"` 317 Type string `json:"type"`
317 Tests []*wycheproofTestECDSA `json:"tests"` 318 Tests []*wycheproofTestECDSA `json:"tests"`
318} 319}
319 320
320type wycheproofTestGroupECDSAWebCrypto struct { 321type wycheproofTestGroupECDSAWebCrypto struct {
321 JWK *wycheproofJWKPublic `json:"jwk"` 322 JWK *wycheproofJWKPublic `json:"publicKeyJwk"`
322 Key *wycheproofECDSAKey `json:"key"` 323 Key *wycheproofECDSAKey `json:"publicKey"`
323 KeyDER string `json:"keyDer"` 324 KeyDER string `json:"publicKeyDer"`
324 KeyPEM string `json:"keyPem"` 325 KeyPEM string `json:"publicKeyPem"`
325 SHA string `json:"sha"` 326 SHA string `json:"sha"`
326 Type string `json:"type"` 327 Type string `json:"type"`
327 Tests []*wycheproofTestECDSA `json:"tests"` 328 Tests []*wycheproofTestECDSA `json:"tests"`
@@ -1799,7 +1800,7 @@ func runECDSATest(ecKey *C.EC_KEY, md *C.EVP_MD, nid int, variant testVariant, w
1799 1800
1800 // XXX audit acceptable cases... 1801 // XXX audit acceptable cases...
1801 success := true 1802 success := true
1802 if ret == 1 != (wt.Result == "valid") && wt.Result != "acceptable" { 1803 if ret == 1 != (wt.Result == "valid") && wt.Result != "acceptable" && !slices.Contains(wt.Flags, "SignatureSize") {
1803 fmt.Printf("FAIL: %s - ECDSA_verify() = %d.\n", wt, int(ret)) 1804 fmt.Printf("FAIL: %s - ECDSA_verify() = %d.\n", wt, int(ret))
1804 success = false 1805 success = false
1805 } 1806 }
@@ -2763,10 +2764,10 @@ func main() {
2763 {v1, "ECDH", "ecdh_[^w_]*_test.json", Normal}, 2764 {v1, "ECDH", "ecdh_[^w_]*_test.json", Normal},
2764 {v1, "ECDH EcPoint", "ecdh_*_ecpoint_test.json", EcPoint}, 2765 {v1, "ECDH EcPoint", "ecdh_*_ecpoint_test.json", EcPoint},
2765 {v1, "ECDH webcrypto", "ecdh_*_webcrypto_test.json", Webcrypto}, 2766 {v1, "ECDH webcrypto", "ecdh_*_webcrypto_test.json", Webcrypto},
2766 {v0, "ECDSA", "ecdsa_test.json", Normal}, 2767 {v1, "ECDSA", "ecdsa_[^w]*test.json", Normal},
2767 {v0, "ECDSA", "ecdsa_[^w]*test.json", Normal}, 2768 {v1, "ECDSA P1363", "ecdsa_*_sha[1-9][1-9][1-9]_p1363_test.json", P1363},
2768 {v0, "ECDSA P1363", "ecdsa_*_p1363_test.json", P1363}, 2769 {v1, "ECDSA webcrypto", "ecdsa_*_webcrypto_test.json", Webcrypto},
2769 {v0, "ECDSA webcrypto", "ecdsa_webcrypto_test.json", Webcrypto}, 2770 {v1, "ECDSA shake", "ecdsa_*_shake*_test.json", Skip},
2770 {v1, "EDDSA", "ed25519_test.json", Normal}, 2771 {v1, "EDDSA", "ed25519_test.json", Normal},
2771 {v1, "ED448", "ed448_test.json", Skip}, 2772 {v1, "ED448", "ed448_test.json", Skip},
2772 {v1, "HKDF", "hkdf_sha*_test.json", Normal}, 2773 {v1, "HKDF", "hkdf_sha*_test.json", Normal},
@@ -2794,7 +2795,7 @@ func main() {
2794 2795
2795 testc = newTestCoordinator() 2796 testc = newTestCoordinator()
2796 2797
2797 skipNormal := regexp.MustCompile(`_(ecpoint|webcrypto|pem|gmac|p1363|sect\d{3}[rk]1|secp(160|192))_`) 2798 skipNormal := regexp.MustCompile(`_(ecpoint|webcrypto|pem|bitcoin|shake\d{3}|gmac|p1363|sect\d{3}[rk]1|secp(160|192))_`)
2798 2799
2799 for _, test := range tests { 2800 for _, test := range tests {
2800 path := testVectorPath 2801 path := testVectorPath
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-08 07:00:27 +0000