1 files changed, 31 insertions, 53 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index c7ea768939..abf0d1da02 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.72 2018/10/06 05:02:21 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.73 2018/10/06 08:16:48 tb Exp $ */
 /*
 * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -1269,7 +1269,7 @@ func runECDHTestGroup(algorithm string, wtg *wycheproofTestGroupECDH) bool {
        return success
 }
-func runECDSATest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA) bool {
+func runECDSATest(ecKey *C.EC_KEY, nid int, h hash.Hash, webcrypto bool, wt *wycheproofTestECDSA) bool {
        msg, err := hex.DecodeString(wt.Msg)
        if err != nil {
                log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
@@ -1279,20 +1279,35 @@ func runECDSATest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA
        h.Write(msg)
        msg = h.Sum(nil)
-        sig, err := hex.DecodeString(wt.Sig)
+        msgLen := len(msg)
-        if err != nil {
-                log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err)
-        }
-        msgLen, sigLen := len(msg), len(sig)
        if msgLen == 0 {
                msg = append(msg, 0)
        }
-        if sigLen == 0 {
-                sig = append(sig, 0)
+        var ret C.int
+        if webcrypto {
+                cDer, derLen := encodeECDSAWebCryptoSig(wt.Sig)
+                if cDer == nil {
+                        fmt.Print("FAIL: unable to decode signature")
+                        return false
+                }
+                defer C.free(unsafe.Pointer(cDer))
+                ret = C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
+                        (*C.uchar)(unsafe.Pointer(cDer)), C.int(derLen), ecKey)
+        } else {
+                sig, err := hex.DecodeString(wt.Sig)
+                if err != nil {
+                        log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err)
+                }
+                sigLen := len(sig)
+                if sigLen == 0 {
+                        sig = append(sig, 0)
+                }
+                ret = C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
+                        (*C.uchar)(unsafe.Pointer(&sig[0])), C.int(sigLen), ecKey)
        }
-        ret := C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
-                (*C.uchar)(unsafe.Pointer(&sig[0])), C.int(sigLen), ecKey)
        // XXX audit acceptable cases...
        success := true
@@ -1350,7 +1365,7 @@ func runECDSATestGroup(algorithm string, wtg *wycheproofTestGroupECDSA) bool {
        success := true
        for _, wt := range wtg.Tests {
-                if !runECDSATest(ecKey, nid, h, wt) {
+                if !runECDSATest(ecKey, nid, h, false, wt) {
                        success = false
                }
        }
@@ -1369,10 +1384,10 @@ func encodeECDSAWebCryptoSig(wtSig string) (*C.uchar, C.int) {
        r := C.CString(wtSig[:sigLen/2])
        s := C.CString(wtSig[sigLen/2:])
        if C.BN_hex2bn(&cSig.r, r) == 0 {
-                log.Fatal("Failed to set ECDSA r")
+                return nil, 0
        }
        if C.BN_hex2bn(&cSig.s, s) == 0 {
-                log.Fatal("Failed to set ECDSA s")
+                return nil, 0
        }
        C.free(unsafe.Pointer(r))
        C.free(unsafe.Pointer(s))
@@ -1396,43 +1411,6 @@ func encodeECDSAWebCryptoSig(wtSig string) (*C.uchar, C.int) {
        return cDer, derLen
 }
-func runECDSAWebCryptoTest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA) bool {
-        msg, err := hex.DecodeString(wt.Msg)
-        if err != nil {
-                log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
-        }
-        h.Reset()
-        h.Write(msg)
-        msg = h.Sum(nil)
-        msgLen := len(msg)
-        if msgLen == 0 {
-                msg = append(msg, 0)
-        }
-        cDer, derLen := encodeECDSAWebCryptoSig(wt.Sig)
-        if cDer == nil {
-                fmt.Print("FAIL: unable to decode signature")
-                return false
-        }
-        defer C.free(unsafe.Pointer(cDer))
-        ret := C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
-                (*C.uchar)(unsafe.Pointer(cDer)), C.int(derLen), ecKey)
-        // XXX audit acceptable cases...
-        success := true
-        if (ret == 1) != (wt.Result == "valid") && wt.Result != "acceptable" {
-                fmt.Printf("FAIL: Test case %d (%q) %v - ECDSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, wt.Flags,  int(ret), wt.Result)
-                success = false
-        }
-        if acceptableAudit && ret == 1 && wt.Result == "acceptable" {
-                gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
-        }
-        return success
-}
 func runECDSAWebCryptoTestGroup(algorithm string, wtg *wycheproofTestGroupECDSAWebCrypto) bool {
        fmt.Printf("Running %v test group %v with curve %v, key size %d and %v...\n", algorithm, wtg.Type, wtg.Key.Curve, wtg.Key.KeySize, wtg.SHA)
@@ -1483,7 +1461,7 @@ func runECDSAWebCryptoTestGroup(algorithm string, wtg *wycheproofTestGroupECDSAW
        success := true
        for _, wt := range wtg.Tests {
-                if !runECDSAWebCryptoTest(ecKey, nid, h, wt) {
+                if !runECDSATest(ecKey, nid, h, true, wt) {
                        success = false
                }
        }

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index c7ea768939..abf0d1da02 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wycheproof.go,v 1.72 2018/10/06 05:02:21 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.73 2018/10/06 08:16:48 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -1269,7 +1269,7 @@ func runECDHTestGroup(algorithm string, wtg *wycheproofTestGroupECDH) bool {
1269	return success	1269	return success
1270	}	1270	}
1271		1271
1272	func runECDSATest(ecKey C.EC_KEY, nid int, h hash.Hash, wt wycheproofTestECDSA) bool {	1272	func runECDSATest(ecKey C.EC_KEY, nid int, h hash.Hash, webcrypto bool, wt wycheproofTestECDSA) bool {
1273	msg, err := hex.DecodeString(wt.Msg)	1273	msg, err := hex.DecodeString(wt.Msg)
1274	if err != nil {	1274	if err != nil {
1275	log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)	1275	log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
@@ -1279,20 +1279,35 @@ func runECDSATest(ecKey C.EC_KEY, nid int, h hash.Hash, wt wycheproofTestECDSA
1279	h.Write(msg)	1279	h.Write(msg)
1280	msg = h.Sum(nil)	1280	msg = h.Sum(nil)
1281		1281
1282	sig, err := hex.DecodeString(wt.Sig)	1282	msgLen := len(msg)
1283	if err != nil {
1284	log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err)
1285	}
1286
1287	msgLen, sigLen := len(msg), len(sig)
1288	if msgLen == 0 {	1283	if msgLen == 0 {
1289	msg = append(msg, 0)	1284	msg = append(msg, 0)
1290	}	1285	}
1291	if sigLen == 0 {	1286
1292	sig = append(sig, 0)	1287	var ret C.int
		1288	if webcrypto {
		1289	cDer, derLen := encodeECDSAWebCryptoSig(wt.Sig)
		1290	if cDer == nil {
		1291	fmt.Print("FAIL: unable to decode signature")
		1292	return false
		1293	}
		1294	defer C.free(unsafe.Pointer(cDer))
		1295
		1296	ret = C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
		1297	(*C.uchar)(unsafe.Pointer(cDer)), C.int(derLen), ecKey)
		1298	} else {
		1299	sig, err := hex.DecodeString(wt.Sig)
		1300	if err != nil {
		1301	log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err)
		1302	}
		1303
		1304	sigLen := len(sig)
		1305	if sigLen == 0 {
		1306	sig = append(sig, 0)
		1307	}
		1308	ret = C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
		1309	(*C.uchar)(unsafe.Pointer(&sig[0])), C.int(sigLen), ecKey)
1293	}	1310	}
1294	ret := C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
1295	(*C.uchar)(unsafe.Pointer(&sig[0])), C.int(sigLen), ecKey)
1296		1311
1297	// XXX audit acceptable cases...	1312	// XXX audit acceptable cases...
1298	success := true	1313	success := true
@@ -1350,7 +1365,7 @@ func runECDSATestGroup(algorithm string, wtg *wycheproofTestGroupECDSA) bool {
1350		1365
1351	success := true	1366	success := true
1352	for _, wt := range wtg.Tests {	1367	for _, wt := range wtg.Tests {
1353	if !runECDSATest(ecKey, nid, h, wt) {	1368	if !runECDSATest(ecKey, nid, h, false, wt) {
1354	success = false	1369	success = false
1355	}	1370	}
1356	}	1371	}
@@ -1369,10 +1384,10 @@ func encodeECDSAWebCryptoSig(wtSig string) (*C.uchar, C.int) {
1369	r := C.CString(wtSig[:sigLen/2])	1384	r := C.CString(wtSig[:sigLen/2])
1370	s := C.CString(wtSig[sigLen/2:])	1385	s := C.CString(wtSig[sigLen/2:])
1371	if C.BN_hex2bn(&cSig.r, r) == 0 {	1386	if C.BN_hex2bn(&cSig.r, r) == 0 {
1372	log.Fatal("Failed to set ECDSA r")	1387	return nil, 0
1373	}	1388	}
1374	if C.BN_hex2bn(&cSig.s, s) == 0 {	1389	if C.BN_hex2bn(&cSig.s, s) == 0 {
1375	log.Fatal("Failed to set ECDSA s")	1390	return nil, 0
1376	}	1391	}
1377	C.free(unsafe.Pointer(r))	1392	C.free(unsafe.Pointer(r))
1378	C.free(unsafe.Pointer(s))	1393	C.free(unsafe.Pointer(s))
@@ -1396,43 +1411,6 @@ func encodeECDSAWebCryptoSig(wtSig string) (*C.uchar, C.int) {
1396	return cDer, derLen	1411	return cDer, derLen
1397	}	1412	}
1398		1413
1399	func runECDSAWebCryptoTest(ecKey C.EC_KEY, nid int, h hash.Hash, wt wycheproofTestECDSA) bool {
1400	msg, err := hex.DecodeString(wt.Msg)
1401	if err != nil {
1402	log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
1403	}
1404
1405	h.Reset()
1406	h.Write(msg)
1407	msg = h.Sum(nil)
1408
1409	msgLen := len(msg)
1410	if msgLen == 0 {
1411	msg = append(msg, 0)
1412	}
1413
1414	cDer, derLen := encodeECDSAWebCryptoSig(wt.Sig)
1415	if cDer == nil {
1416	fmt.Print("FAIL: unable to decode signature")
1417	return false
1418	}
1419	defer C.free(unsafe.Pointer(cDer))
1420
1421	ret := C.ECDSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen),
1422	(*C.uchar)(unsafe.Pointer(cDer)), C.int(derLen), ecKey)
1423
1424	// XXX audit acceptable cases...
1425	success := true
1426	if (ret == 1) != (wt.Result == "valid") && wt.Result != "acceptable" {
1427	fmt.Printf("FAIL: Test case %d (%q) %v - ECDSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, wt.Flags, int(ret), wt.Result)
1428	success = false
1429	}
1430	if acceptableAudit && ret == 1 && wt.Result == "acceptable" {
1431	gatherAcceptableStatistics(wt.TCID, wt.Comment, wt.Flags)
1432	}
1433	return success
1434	}
1435
1436	func runECDSAWebCryptoTestGroup(algorithm string, wtg *wycheproofTestGroupECDSAWebCrypto) bool {	1414	func runECDSAWebCryptoTestGroup(algorithm string, wtg *wycheproofTestGroupECDSAWebCrypto) bool {
1437	fmt.Printf("Running %v test group %v with curve %v, key size %d and %v...\n", algorithm, wtg.Type, wtg.Key.Curve, wtg.Key.KeySize, wtg.SHA)	1415	fmt.Printf("Running %v test group %v with curve %v, key size %d and %v...\n", algorithm, wtg.Type, wtg.Key.Curve, wtg.Key.KeySize, wtg.SHA)
1438		1416
@@ -1483,7 +1461,7 @@ func runECDSAWebCryptoTestGroup(algorithm string, wtg *wycheproofTestGroupECDSAW
1483		1461
1484	success := true	1462	success := true
1485	for _, wt := range wtg.Tests {	1463	for _, wt := range wtg.Tests {
1486	if !runECDSAWebCryptoTest(ecKey, nid, h, wt) {	1464	if !runECDSATest(ecKey, nid, h, true, wt) {
1487	success = false	1465	success = false
1488	}	1466	}
1489	}	1467	}