summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authortb <>2018-08-27 21:24:13 +0000
committertb <>2018-08-27 21:24:13 +0000
commit60fd3234c9ab1fe3b8ab8ad02617026e5be3efba (patch)
tree28483378c4d9d1c2958006e878f8e7bb571b977b /src
parent9836b4d1c110f719e329161d6fdb950c2019d862 (diff)
downloadopenbsd-60fd3234c9ab1fe3b8ab8ad02617026e5be3efba.tar.gz
openbsd-60fd3234c9ab1fe3b8ab8ad02617026e5be3efba.tar.bz2
openbsd-60fd3234c9ab1fe3b8ab8ad02617026e5be3efba.zip
dedup AES-CBC-PKCS5 encryption and decryption checks
Diffstat (limited to 'src')
-rw-r--r--src/regress/lib/libcrypto/wycheproof/wycheproof.go90
1 files changed, 24 insertions, 66 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 3fbc4ee286..db74f0e789 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1/* $OpenBSD: wycheproof.go,v 1.26 2018/08/27 21:02:25 tb Exp $ */ 1/* $OpenBSD: wycheproof.go,v 1.27 2018/08/27 21:24:13 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -264,100 +264,58 @@ func hashFromString(hs string) (hash.Hash, error) {
264 } 264 }
265} 265}
266 266
267func checkAesCbcPkcs5Open(ctx *C.EVP_CIPHER_CTX, key []byte, keyLen int, iv []byte, ivLen int, ct []byte, ctLen int, msg []byte, msgLen int, wt *wycheproofTestAesCbcPkcs5) bool { 267func checkAesCbcPkcs5(ctx *C.EVP_CIPHER_CTX, doEncrypt int, key []byte, keyLen int, iv []byte, ivLen int, in []byte, inLen int, out []byte, outLen int, wt *wycheproofTestAesCbcPkcs5) bool {
268 ret := C.EVP_CipherInit_ex(ctx, nil, nil, (*C.uchar)(unsafe.Pointer(&key[0])), (*C.uchar)(unsafe.Pointer(&iv[0])), 0) 268 var action string
269 if ret != 1 { 269 if doEncrypt == 1 {
270 log.Fatalf("EVP_CipherInit_ex failed: %d", ret) 270 action = "encrypting"
271 }
272
273 out := make([]byte, ctLen)
274 var outlen C.int
275
276 ret = C.EVP_CipherUpdate(ctx, (*C.uchar)(unsafe.Pointer(&out[0])), &outlen, (*C.uchar)(unsafe.Pointer(&ct[0])), C.int(ctLen))
277 if ret != 1 {
278 if wt.Result == "invalid" {
279 fmt.Printf("INFO: Test case %d (%q) - EVP_CipherUpdate() = %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result)
280 return true
281 }
282 fmt.Printf("FAIL: Test case %d (%q) - EVP_CipherUpdate() = %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result)
283 return false
284 }
285
286 var finallen C.int
287 ret = C.EVP_CipherFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(&out[outlen])), &finallen)
288 if ret != 1 {
289 if wt.Result == "invalid" {
290 return true
291 }
292 fmt.Printf("FAIL: Test case %d (%q) - EVP_CipherFinal_ex() = %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result)
293 return false
294 }
295
296 outlen += finallen
297 if (outlen != C.int(msgLen)) {
298 fmt.Printf("FAIL: Test case %d (%q) - open length mismatch: got %d, want %d\n", wt.TCID, wt.Comment, outlen, msgLen)
299 return false
300 }
301
302 openedMsg := out[0:outlen]
303 if (msgLen == 0) {
304 msg = nil
305 }
306
307 success := false
308 if (bytes.Equal(openedMsg, msg)) || wt.Result == "invalid" {
309 success = true
310 } else { 271 } else {
311 fmt.Printf("FAIL: Test case %d (%q) - msg match: %t; want %v\n", wt.TCID, wt.Comment, bytes.Equal(openedMsg, msg), wt.Result) 272 action = "decrypting"
312 } 273 }
313 return success
314}
315 274
316func checkAesCbcPkcs5Seal(ctx *C.EVP_CIPHER_CTX, key []byte, keyLen int, iv []byte, ivLen int, ct []byte, ctLen int, msg []byte, msgLen int, wt *wycheproofTestAesCbcPkcs5) bool { 275 ret := C.EVP_CipherInit_ex(ctx, nil, nil, (*C.uchar)(unsafe.Pointer(&key[0])), (*C.uchar)(unsafe.Pointer(&iv[0])), C.int(doEncrypt))
317 ret := C.EVP_CipherInit_ex(ctx, nil, nil, (*C.uchar)(unsafe.Pointer(&key[0])), (*C.uchar)(unsafe.Pointer(&iv[0])), 1)
318 if ret != 1 { 276 if ret != 1 {
319 log.Fatalf("EVP_CipherInit_ex failed: %d", ret) 277 log.Fatalf("EVP_CipherInit_ex failed: %d", ret)
320 } 278 }
321 279
322 out := make([]byte, msgLen + C.EVP_MAX_BLOCK_LENGTH) 280 cipherOut := make([]byte, inLen + C.EVP_MAX_BLOCK_LENGTH)
323 var outlen C.int 281 var cipherOutLen C.int
324 282
325 ret = C.EVP_CipherUpdate(ctx, (*C.uchar)(unsafe.Pointer(&out[0])), &outlen, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen)) 283 ret = C.EVP_CipherUpdate(ctx, (*C.uchar)(unsafe.Pointer(&cipherOut[0])), &cipherOutLen, (*C.uchar)(unsafe.Pointer(&in[0])), C.int(inLen))
326 if ret != 1 { 284 if ret != 1 {
327 if wt.Result == "invalid" { 285 if wt.Result == "invalid" {
328 fmt.Printf("INFO: Test case %d (%q) - EVP_CipherUpdate() = %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result) 286 fmt.Printf("INFO: Test case %d (%q) [%v] - EVP_CipherUpdate() = %d, want %v\n", wt.TCID, wt.Comment, action, ret, wt.Result)
329 return true 287 return true
330 } 288 }
331 fmt.Printf("FAIL: Test case %d (%q) - EVP_CipherUpdate() = %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result) 289 fmt.Printf("FAIL: Test case %d (%q) [%v] - EVP_CipherUpdate() = %d, want %v\n", wt.TCID, wt.Comment, action, ret, wt.Result)
332 return false 290 return false
333 } 291 }
334 292
335 var finallen C.int 293 var finallen C.int
336 ret = C.EVP_CipherFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(&out[outlen])), &finallen) 294 ret = C.EVP_CipherFinal_ex(ctx, (*C.uchar)(unsafe.Pointer(&cipherOut[cipherOutLen])), &finallen)
337 if ret != 1 { 295 if ret != 1 {
338 if wt.Result == "invalid" { 296 if wt.Result == "invalid" {
339 return true 297 return true
340 } 298 }
341 fmt.Printf("FAIL: Test case %d (%q) - EVP_CipherFinal_ex() = %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result) 299 fmt.Printf("FAIL: Test case %d (%q) [%v] - EVP_CipherFinal_ex() = %d, want %v\n", wt.TCID, wt.Comment, action, ret, wt.Result)
342 return false 300 return false
343 } 301 }
344 302
345 outlen += finallen 303 cipherOutLen += finallen
346 if (outlen != C.int(ctLen) && wt.Result != "invalid") { 304 if cipherOutLen != C.int(outLen) && wt.Result != "invalid" {
347 fmt.Printf("FAIL: Test case %d (%q) - open length mismatch: got %d, want %d; result: %v\n", wt.TCID, wt.Comment, outlen, msgLen, wt.Result) 305 fmt.Printf("FAIL: Test case %d (%q) [%v] - open length mismatch: got %d, want %d\n", wt.TCID, wt.Comment, action, cipherOutLen, outLen)
348 return false 306 return false
349 } 307 }
350 308
351 sealedMsg := out[0:outlen] 309 openedMsg := out[0:cipherOutLen]
352 if (ctLen == 0) { 310 if outLen == 0 {
353 ct = nil 311 out = nil
354 } 312 }
355 313
356 success := false 314 success := false
357 if (bytes.Equal(sealedMsg, ct)) || wt.Result == "invalid" { 315 if bytes.Equal(openedMsg, out) || wt.Result == "invalid" {
358 success = true 316 success = true
359 } else { 317 } else {
360 fmt.Printf("FAIL: Test case %d (%q) - msg match: %t; want %v\n", wt.TCID, wt.Comment, bytes.Equal(sealedMsg, ct), wt.Result) 318 fmt.Printf("FAIL: Test case %d (%q) [%v] - msg match: %t; want %v\n", wt.TCID, wt.Comment, action, bytes.Equal(openedMsg, out), wt.Result)
361 } 319 }
362 return success 320 return success
363} 321}
@@ -395,8 +353,8 @@ func runAesCbcPkcs5Test(ctx *C.EVP_CIPHER_CTX, wt *wycheproofTestAesCbcPkcs5) bo
395 msg = append(msg, 0) 353 msg = append(msg, 0)
396 } 354 }
397 355
398 openSuccess := checkAesCbcPkcs5Open(ctx, key, keyLen, iv, ivLen, ct, ctLen, msg, msgLen, wt) 356 openSuccess := checkAesCbcPkcs5(ctx, 0, key, keyLen, iv, ivLen, ct, ctLen, msg, msgLen, wt)
399 sealSuccess := checkAesCbcPkcs5Seal(ctx, key, keyLen, iv, ivLen, ct, ctLen, msg, msgLen, wt) 357 sealSuccess := checkAesCbcPkcs5(ctx, 1, key, keyLen, iv, ivLen, msg, msgLen, ct, ctLen, wt)
400 358
401 return openSuccess && sealSuccess 359 return openSuccess && sealSuccess
402} 360}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 00:32:59 +0000