Run Wycheproof AES-CMAC testvectors against libcrypto.

author: tb <> 2018-08-28 18:28:30 +0000
committer: tb <> 2018-08-28 18:28:30 +0000
commit: f70290a1beb8f016823855989b446793a6df6f93 (patch)
tree: 67f28c4a2031d52903c172fd5e3f09afe6a4c26b /src
parent: b6220631528c7c26f70cbdc98066b7bfb5565498 (diff)
download: openbsd-f70290a1beb8f016823855989b446793a6df6f93.tar.gz
openbsd-f70290a1beb8f016823855989b446793a6df6f93.tar.bz2
openbsd-f70290a1beb8f016823855989b446793a6df6f93.zip
1 files changed, 116 insertions, 2 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 2f1ef5d716..672a8673b1 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.30 2018/08/28 18:25:33 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.31 2018/08/28 18:28:30 tb Exp $ */
 /*
 * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -26,6 +26,7 @@ package main
 #include <openssl/bio.h>
 #include <openssl/bn.h>
+#include <openssl/cmac.h>
 #include <openssl/curve25519.h>
 #include <openssl/dsa.h>
 #include <openssl/ec.h>
@@ -95,6 +96,23 @@ type wycheproofTestAesCcm struct {
        Flags   []string `json:"flags"`
 }
+type wycheproofTestGroupAesCmac struct {
+        KeySize int                      `json:"keySize"`
+        TagSize int                      `json:"tagSize"`
+        Type    string                   `json:"type"`
+        Tests   []*wycheproofTestAesCmac `json:"tests"`
+}
+type wycheproofTestAesCmac struct {
+        TCID    int      `json:"tcId"`
+        Comment string   `json:"comment"`
+        Key     string   `json:"key"`
+        Msg     string   `json:"msg"`
+        Tag     string   `json:"tag"`
+        Result  string   `json:"result"`
+        Flags   []string `json:"flags"`
+}
 type wycheproofTestGroupChaCha20Poly1305 struct {
        IVSize  int                               `json:"ivSize"`
        KeySize int                               `json:"keySize"`
@@ -565,6 +583,96 @@ func runAesCcmTestGroup(wtg *wycheproofTestGroupAesCcm) bool {
        return success
 }
+func runAesCmacTest(cipher *C.EVP_CIPHER, wt *wycheproofTestAesCmac) bool {
+        key, err := hex.DecodeString(wt.Key)
+        if err != nil {
+                log.Fatalf("Failed to decode key %q: %v", wt.Key, err)
+        }
+        msg, err := hex.DecodeString(wt.Msg)
+        if err != nil {
+                log.Fatalf("Failed to decode msg %q: %v", wt.Msg, err)
+        }
+        tag, err := hex.DecodeString(wt.Tag)
+        if err != nil {
+                log.Fatalf("Failed to decode tag %q: %v", wt.Tag, err)
+        }
+        keyLen, msgLen, tagLen := len(key), len(msg), len(tag)
+        if keyLen == 0 {
+                key = append(key, 0)
+        }
+        if msgLen == 0 {
+                msg = append(msg, 0)
+        }
+        if tagLen == 0 {
+                tag = append(tag, 0)
+        }
+        ctx := C.CMAC_CTX_new()
+        if ctx == nil {
+                log.Fatal("CMAC_CTX_new failed")
+        }
+        defer C.CMAC_CTX_free(ctx)
+        ret := C.CMAC_Init(ctx, unsafe.Pointer(&key[0]), C.size_t(keyLen), cipher, nil)
+        if ret != 1 {
+                fmt.Printf("FAIL: Test case %d (%q) - CMAC_Init() failed. got %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result)
+                return false
+        }
+        ret = C.CMAC_Update(ctx, unsafe.Pointer(&msg[0]), C.size_t(msgLen))
+        if ret != 1 {
+                fmt.Printf("FAIL: Test case %d (%q) - CMAC_Update() failed. got %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result)
+                return false
+        }
+        var outLen C.size_t
+        outTag := make([]byte, 16)
+        ret = C.CMAC_Final(ctx, (*C.uchar)(unsafe.Pointer(&outTag[0])), &outLen)
+        if ret != 1 {
+                fmt.Printf("FAIL: Test case %d (%q) - CMAC_Final() failed. got %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result)
+                return false
+        }
+        outTag = outTag[0:tagLen]
+        success := true
+        if bytes.Equal(tag, outTag) != (wt.Result == "valid") {
+                fmt.Printf("FAIL: Test case %d (%q) - want %v\n", wt.TCID, wt.Comment, wt.Result)
+                success = false
+        }
+        return success
+}
+func runAesCmacTestGroup(wtg *wycheproofTestGroupAesCmac) bool {
+        fmt.Printf("Running AES-CMAC test group %v with key size %d and tag size %d...\n", wtg.Type, wtg.KeySize, wtg.TagSize)
+        var cipher *C.EVP_CIPHER
+        switch wtg.KeySize {
+        case 128:
+                cipher = C.EVP_aes_128_cbc()
+        case 192:
+                cipher = C.EVP_aes_192_cbc()
+        case 256:
+                cipher = C.EVP_aes_256_cbc()
+        default:
+                fmt.Printf("INFO: Skipping tests with invalid key size %d\n", wtg.KeySize)
+                return true
+        }
+        success := true
+        for _, wt := range wtg.Tests {
+                if !runAesCmacTest(cipher, wt) {
+                        success = false
+                }
+        }
+        return success
+}
 func checkChaCha20Poly1305Open(ctx *C.EVP_AEAD_CTX, iv []byte, ivLen int, aad []byte, aadLen int, msg []byte, msgLen int, ct []byte, ctLen int, tag []byte, tagLen int, wt *wycheproofTestChaCha20Poly1305) bool {
        maxOutLen := ctLen + tagLen
@@ -1072,6 +1180,8 @@ func runTestVectors(path string) bool {
                wtg = &wycheproofTestGroupAesCbcPkcs5{}
        case "AES-CCM":
                wtg = &wycheproofTestGroupAesCcm{}
+        case "AES-CMAC":
+                wtg = &wycheproofTestGroupAesCmac{}
        case "CHACHA20-POLY1305":
                wtg = &wycheproofTestGroupChaCha20Poly1305{}
        case "DSA":
@@ -1100,6 +1210,10 @@ func runTestVectors(path string) bool {
                        if !runAesCcmTestGroup(wtg.(*wycheproofTestGroupAesCcm)) {
                                success = false
                        }
+                case "AES-CMAC":
+                        if !runAesCmacTestGroup(wtg.(*wycheproofTestGroupAesCmac)) {
+                                success = false
+                        }
                case "CHACHA20-POLY1305":
                        if !runChaCha20Poly1305TestGroup(wtg.(*wycheproofTestGroupChaCha20Poly1305)) {
                                success = false
@@ -1139,7 +1253,7 @@ func main() {
                name    string
                pattern string
        }{
-                {"AES", "aes_c[bc]*test.json"},
+                {"AES", "aes_c*test.json"},
                {"ChaCha20-Poly1305", "chacha20_poly1305_test.json"},
                {"DSA", "dsa_test.json"},
                {"ECDSA", "ecdsa_[^w]*test.json"}, // Skip ecdsa_webcrypto_test.json for now.
author	tb <>	2018-08-28 18:28:30 +0000
committer	tb <>	2018-08-28 18:28:30 +0000
commit	f70290a1beb8f016823855989b446793a6df6f93 (patch)
tree	67f28c4a2031d52903c172fd5e3f09afe6a4c26b /src
parent	b6220631528c7c26f70cbdc98066b7bfb5565498 (diff)
download	openbsd-f70290a1beb8f016823855989b446793a6df6f93.tar.gz openbsd-f70290a1beb8f016823855989b446793a6df6f93.tar.bz2 openbsd-f70290a1beb8f016823855989b446793a6df6f93.zip

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 2f1ef5d716..672a8673b1 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wycheproof.go,v 1.30 2018/08/28 18:25:33 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.31 2018/08/28 18:28:30 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -26,6 +26,7 @@ package main
26		26
27	#include <openssl/bio.h>	27	#include <openssl/bio.h>
28	#include <openssl/bn.h>	28	#include <openssl/bn.h>
		29	#include <openssl/cmac.h>
29	#include <openssl/curve25519.h>	30	#include <openssl/curve25519.h>
30	#include <openssl/dsa.h>	31	#include <openssl/dsa.h>
31	#include <openssl/ec.h>	32	#include <openssl/ec.h>
@@ -95,6 +96,23 @@ type wycheproofTestAesCcm struct {
95	Flags []string `json:"flags"`	96	Flags []string `json:"flags"`
96	}	97	}
97		98
		99	type wycheproofTestGroupAesCmac struct {
		100	KeySize int `json:"keySize"`
		101	TagSize int `json:"tagSize"`
		102	Type string `json:"type"`
		103	Tests []*wycheproofTestAesCmac `json:"tests"`
		104	}
		105
		106	type wycheproofTestAesCmac struct {
		107	TCID int `json:"tcId"`
		108	Comment string `json:"comment"`
		109	Key string `json:"key"`
		110	Msg string `json:"msg"`
		111	Tag string `json:"tag"`
		112	Result string `json:"result"`
		113	Flags []string `json:"flags"`
		114	}
		115
98	type wycheproofTestGroupChaCha20Poly1305 struct {	116	type wycheproofTestGroupChaCha20Poly1305 struct {
99	IVSize int `json:"ivSize"`	117	IVSize int `json:"ivSize"`
100	KeySize int `json:"keySize"`	118	KeySize int `json:"keySize"`
@@ -565,6 +583,96 @@ func runAesCcmTestGroup(wtg *wycheproofTestGroupAesCcm) bool {
565	return success	583	return success
566	}	584	}
567		585
		586	func runAesCmacTest(cipher C.EVP_CIPHER, wt wycheproofTestAesCmac) bool {
		587	key, err := hex.DecodeString(wt.Key)
		588	if err != nil {
		589	log.Fatalf("Failed to decode key %q: %v", wt.Key, err)
		590	}
		591
		592	msg, err := hex.DecodeString(wt.Msg)
		593	if err != nil {
		594	log.Fatalf("Failed to decode msg %q: %v", wt.Msg, err)
		595	}
		596
		597	tag, err := hex.DecodeString(wt.Tag)
		598	if err != nil {
		599	log.Fatalf("Failed to decode tag %q: %v", wt.Tag, err)
		600	}
		601
		602	keyLen, msgLen, tagLen := len(key), len(msg), len(tag)
		603
		604	if keyLen == 0 {
		605	key = append(key, 0)
		606	}
		607	if msgLen == 0 {
		608	msg = append(msg, 0)
		609	}
		610	if tagLen == 0 {
		611	tag = append(tag, 0)
		612	}
		613
		614	ctx := C.CMAC_CTX_new()
		615	if ctx == nil {
		616	log.Fatal("CMAC_CTX_new failed")
		617	}
		618	defer C.CMAC_CTX_free(ctx)
		619
		620	ret := C.CMAC_Init(ctx, unsafe.Pointer(&key[0]), C.size_t(keyLen), cipher, nil)
		621	if ret != 1 {
		622	fmt.Printf("FAIL: Test case %d (%q) - CMAC_Init() failed. got %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result)
		623	return false
		624	}
		625
		626	ret = C.CMAC_Update(ctx, unsafe.Pointer(&msg[0]), C.size_t(msgLen))
		627	if ret != 1 {
		628	fmt.Printf("FAIL: Test case %d (%q) - CMAC_Update() failed. got %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result)
		629	return false
		630	}
		631
		632	var outLen C.size_t
		633	outTag := make([]byte, 16)
		634
		635	ret = C.CMAC_Final(ctx, (*C.uchar)(unsafe.Pointer(&outTag[0])), &outLen)
		636	if ret != 1 {
		637	fmt.Printf("FAIL: Test case %d (%q) - CMAC_Final() failed. got %d, want %v\n", wt.TCID, wt.Comment, ret, wt.Result)
		638	return false
		639	}
		640
		641	outTag = outTag[0:tagLen]
		642
		643	success := true
		644	if bytes.Equal(tag, outTag) != (wt.Result == "valid") {
		645	fmt.Printf("FAIL: Test case %d (%q) - want %v\n", wt.TCID, wt.Comment, wt.Result)
		646	success = false
		647	}
		648	return success
		649	}
		650
		651	func runAesCmacTestGroup(wtg *wycheproofTestGroupAesCmac) bool {
		652	fmt.Printf("Running AES-CMAC test group %v with key size %d and tag size %d...\n", wtg.Type, wtg.KeySize, wtg.TagSize)
		653	var cipher *C.EVP_CIPHER
		654
		655	switch wtg.KeySize {
		656	case 128:
		657	cipher = C.EVP_aes_128_cbc()
		658	case 192:
		659	cipher = C.EVP_aes_192_cbc()
		660	case 256:
		661	cipher = C.EVP_aes_256_cbc()
		662	default:
		663	fmt.Printf("INFO: Skipping tests with invalid key size %d\n", wtg.KeySize)
		664	return true
		665	}
		666
		667	success := true
		668	for _, wt := range wtg.Tests {
		669	if !runAesCmacTest(cipher, wt) {
		670	success = false
		671	}
		672	}
		673	return success
		674	}
		675
568	func checkChaCha20Poly1305Open(ctx C.EVP_AEAD_CTX, iv []byte, ivLen int, aad []byte, aadLen int, msg []byte, msgLen int, ct []byte, ctLen int, tag []byte, tagLen int, wt wycheproofTestChaCha20Poly1305) bool {	676	func checkChaCha20Poly1305Open(ctx C.EVP_AEAD_CTX, iv []byte, ivLen int, aad []byte, aadLen int, msg []byte, msgLen int, ct []byte, ctLen int, tag []byte, tagLen int, wt wycheproofTestChaCha20Poly1305) bool {
569	maxOutLen := ctLen + tagLen	677	maxOutLen := ctLen + tagLen
570		678
@@ -1072,6 +1180,8 @@ func runTestVectors(path string) bool {
1072	wtg = &wycheproofTestGroupAesCbcPkcs5{}	1180	wtg = &wycheproofTestGroupAesCbcPkcs5{}
1073	case "AES-CCM":	1181	case "AES-CCM":
1074	wtg = &wycheproofTestGroupAesCcm{}	1182	wtg = &wycheproofTestGroupAesCcm{}
		1183	case "AES-CMAC":
		1184	wtg = &wycheproofTestGroupAesCmac{}
1075	case "CHACHA20-POLY1305":	1185	case "CHACHA20-POLY1305":
1076	wtg = &wycheproofTestGroupChaCha20Poly1305{}	1186	wtg = &wycheproofTestGroupChaCha20Poly1305{}
1077	case "DSA":	1187	case "DSA":
@@ -1100,6 +1210,10 @@ func runTestVectors(path string) bool {
1100	if !runAesCcmTestGroup(wtg.(*wycheproofTestGroupAesCcm)) {	1210	if !runAesCcmTestGroup(wtg.(*wycheproofTestGroupAesCcm)) {
1101	success = false	1211	success = false
1102	}	1212	}
		1213	case "AES-CMAC":
		1214	if !runAesCmacTestGroup(wtg.(*wycheproofTestGroupAesCmac)) {
		1215	success = false
		1216	}
1103	case "CHACHA20-POLY1305":	1217	case "CHACHA20-POLY1305":
1104	if !runChaCha20Poly1305TestGroup(wtg.(*wycheproofTestGroupChaCha20Poly1305)) {	1218	if !runChaCha20Poly1305TestGroup(wtg.(*wycheproofTestGroupChaCha20Poly1305)) {
1105	success = false	1219	success = false
@@ -1139,7 +1253,7 @@ func main() {
1139	name string	1253	name string
1140	pattern string	1254	pattern string
1141	}{	1255	}{
1142	{"AES", "aes_c[bc]*test.json"},	1256	{"AES", "aes_c*test.json"},
1143	{"ChaCha20-Poly1305", "chacha20_poly1305_test.json"},	1257	{"ChaCha20-Poly1305", "chacha20_poly1305_test.json"},
1144	{"DSA", "dsa_test.json"},	1258	{"DSA", "dsa_test.json"},
1145	{"ECDSA", "ecdsa_[^w]*test.json"}, // Skip ecdsa_webcrypto_test.json for now.	1259	{"ECDSA", "ecdsa_[^w]*test.json"}, // Skip ecdsa_webcrypto_test.json for now.