1 files changed, 104 insertions, 9 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 2c83f6b82c..b008ab58e7 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.93 2019/11/27 18:05:57 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.94 2019/11/27 19:32:07 tb Exp $ */
 /*
 * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org>
@@ -289,7 +289,7 @@ type wycheproofPrivateKeyJwk struct {
        QI  string `json:"qi"`
 }
-type wycheproofTestRSAOAEP struct {
+type wycheproofTestRsaes struct {
        TCID    int      `json:"tcId"`
        Comment string   `json:"comment"`
        Msg     string   `json:"msg"`
@@ -299,7 +299,7 @@ type wycheproofTestRSAOAEP struct {
        Flags   []string `json:"flags"`
 }
-type wycheproofTestGroupRSAESOAEP struct {
+type wycheproofTestGroupRsaesOaep struct {
        D               string                   `json:"d"`
        E               string                   `json:"e"`
        KeySize         int                      `json:"keysize"`
@@ -311,7 +311,19 @@ type wycheproofTestGroupRSAESOAEP struct {
        PrivateKeyPkcs8 string                   `json:"privateKeyPkcs8"`
        SHA             string                   `json:"sha"`
        Type            string                   `json:"type"`
-        Tests           []*wycheproofTestRSAOAEP `json:"tests"`
+        Tests           []*wycheproofTestRsaes   `json:"tests"`
+}
+type wycheproofTestGroupRsaesPkcs1 struct {
+        D               string                   `json:"d"`
+        E               string                   `json:"e"`
+        KeySize         int                      `json:"keysize"`
+        N               string                   `json:"n"`
+        PrivateKeyJwk   *wycheproofPrivateKeyJwk `json:"privateKeyJwk"`
+        PrivateKeyPem   string                   `json:"privateKeyPem"`
+        PrivateKeyPkcs8 string                   `json:"privateKeyPkcs8"`
+        Type            string                   `json:"type"`
+        Tests           []*wycheproofTestRsaes   `json:"tests"`
 }
 type wycheproofTestRSASSA struct {
@@ -1843,7 +1855,7 @@ func runKWTestGroup(algorithm string, wtg *wycheproofTestGroupKW) bool {
        return success
 }
-func runRSAOAEPTest(rsa *C.RSA, sha *C.EVP_MD, mgfSha *C.EVP_MD, wt *wycheproofTestRSAOAEP) bool {
+func runRsaesOaepTest(rsa *C.RSA, sha *C.EVP_MD, mgfSha *C.EVP_MD, wt *wycheproofTestRsaes) bool {
        ct, err := hex.DecodeString(wt.CT)
        if err != nil {
                log.Fatalf("Failed to decode cipher text %q: %v", wt.CT, err)
@@ -1907,7 +1919,7 @@ func runRSAOAEPTest(rsa *C.RSA, sha *C.EVP_MD, mgfSha *C.EVP_MD, wt *wycheproofT
        return success
 }
-func runRSAOAEPTestGroup(algorithm string, wtg *wycheproofTestGroupRSAESOAEP) bool {
+func runRsaesOaepTestGroup(algorithm string, wtg *wycheproofTestGroupRsaesOaep) bool {
        fmt.Printf("Running %v test group %v with key size %d MGF %v and %v...\n",
                algorithm, wtg.Type, wtg.KeySize, wtg.MGFSHA, wtg.SHA)
@@ -1947,7 +1959,84 @@ func runRSAOAEPTestGroup(algorithm string, wtg *wycheproofTestGroupRSAESOAEP) bo
        success := true
        for _, wt := range wtg.Tests {
-                if !runRSAOAEPTest(rsa, sha, mgfSha, wt) {
+                if !runRsaesOaepTest(rsa, sha, mgfSha, wt) {
+                        success = false
+                }
+        }
+        return success
+}
+func runRsaesPkcs1Test(rsa *C.RSA, wt *wycheproofTestRsaes) bool {
+        ct, err := hex.DecodeString(wt.CT)
+        if err != nil {
+                log.Fatalf("Failed to decode cipher text %q: %v", wt.CT, err)
+        }
+        ctLen := len(ct)
+        if ctLen == 0 {
+                ct = append(ct, 0)
+        }
+        rsaSize := C.RSA_size(rsa)
+        decrypted := make([]byte, rsaSize)
+        success := true
+        ret := C.RSA_private_decrypt(C.int(ctLen), (*C.uchar)(unsafe.Pointer(&ct[0])), (*C.uchar)(unsafe.Pointer(&decrypted[0])), rsa, C.RSA_PKCS1_PADDING)
+        if ret == -1 {
+                success = (wt.Result == "invalid")
+                if !success {
+                        fmt.Printf("FAIL: Test case %d (%q) %v - got %d, want %d. Expected: %v\n", wt.TCID, wt.Comment, wt.Flags, ret, len(wt.Msg)/2, wt.Result)
+                }
+                return success
+        }
+        msg, err := hex.DecodeString(wt.Msg)
+        if err != nil {
+                log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
+        }
+        if int(ret) != len(msg) {
+                success = false
+                fmt.Printf("FAIL: Test case %d (%q) %v - got %d, want %d. Expected: %v\n", wt.TCID, wt.Comment, wt.Flags, ret, len(msg), wt.Result)
+        } else if !bytes.Equal(msg, decrypted[:len(msg)]) {
+                success = false
+                fmt.Printf("FAIL: Test case %d (%q) %v - expected and calculated message differ. Expected: %v", wt.TCID, wt.Comment, wt.Flags, wt.Result)
+        }
+        return success
+}
+func runRsaesPkcs1TestGroup(algorithm string, wtg *wycheproofTestGroupRsaesPkcs1) bool {
+        fmt.Printf("Running %v test group %v with key size %d...\n", algorithm, wtg.Type, wtg.KeySize)
+        rsa := C.RSA_new()
+        if rsa == nil {
+                log.Fatal("RSA_new failed")
+        }
+        defer C.RSA_free(rsa)
+        d := C.CString(wtg.D)
+        if C.BN_hex2bn(&rsa.d, d) == 0 {
+                log.Fatal("Failed to set RSA d")
+        }
+        C.free(unsafe.Pointer(d))
+        e := C.CString(wtg.E)
+        if C.BN_hex2bn(&rsa.e, e) == 0 {
+                log.Fatal("Failed to set RSA e")
+        }
+        C.free(unsafe.Pointer(e))
+        n := C.CString(wtg.N)
+        if C.BN_hex2bn(&rsa.n, n) == 0 {
+                log.Fatal("Failed to set RSA n")
+        }
+        C.free(unsafe.Pointer(n))
+        success := true
+        for _, wt := range wtg.Tests {
+                if !runRsaesPkcs1Test(rsa, wt) {
                        success = false
                }
        }
@@ -2226,7 +2315,9 @@ func runTestVectors(path string, webcrypto bool) bool {
        case "KW":
                wtg = &wycheproofTestGroupKW{}
        case "RSAES-OAEP":
-                wtg= &wycheproofTestGroupRSAESOAEP{}
+                wtg= &wycheproofTestGroupRsaesOaep{}
+        case "RSAES-PKCS1-v1_5":
+                wtg= &wycheproofTestGroupRsaesPkcs1{}
        case "RSASSA-PSS":
                wtg = &wycheproofTestGroupRSASSA{}
        case "RSASig":
@@ -2293,7 +2384,11 @@ func runTestVectors(path string, webcrypto bool) bool {
                                success = false
                        }
                case "RSAES-OAEP":
-                        if !runRSAOAEPTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRSAESOAEP)) {
+                        if !runRsaesOaepTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRsaesOaep)) {
+                                success = false
+                        }
+                case "RSAES-PKCS1-v1_5":
+                        if !runRsaesPkcs1TestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRsaesPkcs1)) {
                                success = false
                        }
                case "RSASSA-PSS":

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 2c83f6b82c..b008ab58e7 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wycheproof.go,v 1.93 2019/11/27 18:05:57 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.94 2019/11/27 19:32:07 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org>
@@ -289,7 +289,7 @@ type wycheproofPrivateKeyJwk struct {
289	QI string `json:"qi"`	289	QI string `json:"qi"`
290	}	290	}
291		291
292	type wycheproofTestRSAOAEP struct {	292	type wycheproofTestRsaes struct {
293	TCID int `json:"tcId"`	293	TCID int `json:"tcId"`
294	Comment string `json:"comment"`	294	Comment string `json:"comment"`
295	Msg string `json:"msg"`	295	Msg string `json:"msg"`
@@ -299,7 +299,7 @@ type wycheproofTestRSAOAEP struct {
299	Flags []string `json:"flags"`	299	Flags []string `json:"flags"`
300	}	300	}
301		301
302	type wycheproofTestGroupRSAESOAEP struct {	302	type wycheproofTestGroupRsaesOaep struct {
303	D string `json:"d"`	303	D string `json:"d"`
304	E string `json:"e"`	304	E string `json:"e"`
305	KeySize int `json:"keysize"`	305	KeySize int `json:"keysize"`
@@ -311,7 +311,19 @@ type wycheproofTestGroupRSAESOAEP struct {
311	PrivateKeyPkcs8 string `json:"privateKeyPkcs8"`	311	PrivateKeyPkcs8 string `json:"privateKeyPkcs8"`
312	SHA string `json:"sha"`	312	SHA string `json:"sha"`
313	Type string `json:"type"`	313	Type string `json:"type"`
314	Tests []*wycheproofTestRSAOAEP `json:"tests"`	314	Tests []*wycheproofTestRsaes `json:"tests"`
		315	}
		316
		317	type wycheproofTestGroupRsaesPkcs1 struct {
		318	D string `json:"d"`
		319	E string `json:"e"`
		320	KeySize int `json:"keysize"`
		321	N string `json:"n"`
		322	PrivateKeyJwk *wycheproofPrivateKeyJwk `json:"privateKeyJwk"`
		323	PrivateKeyPem string `json:"privateKeyPem"`
		324	PrivateKeyPkcs8 string `json:"privateKeyPkcs8"`
		325	Type string `json:"type"`
		326	Tests []*wycheproofTestRsaes `json:"tests"`
315	}	327	}
316		328
317	type wycheproofTestRSASSA struct {	329	type wycheproofTestRSASSA struct {
@@ -1843,7 +1855,7 @@ func runKWTestGroup(algorithm string, wtg *wycheproofTestGroupKW) bool {
1843	return success	1855	return success
1844	}	1856	}
1845		1857
1846	func runRSAOAEPTest(rsa C.RSA, sha C.EVP_MD, mgfSha C.EVP_MD, wt wycheproofTestRSAOAEP) bool {	1858	func runRsaesOaepTest(rsa C.RSA, sha C.EVP_MD, mgfSha C.EVP_MD, wt wycheproofTestRsaes) bool {
1847	ct, err := hex.DecodeString(wt.CT)	1859	ct, err := hex.DecodeString(wt.CT)
1848	if err != nil {	1860	if err != nil {
1849	log.Fatalf("Failed to decode cipher text %q: %v", wt.CT, err)	1861	log.Fatalf("Failed to decode cipher text %q: %v", wt.CT, err)
@@ -1907,7 +1919,7 @@ func runRSAOAEPTest(rsa C.RSA, sha C.EVP_MD, mgfSha C.EVP_MD, wt wycheproofT
1907	return success	1919	return success
1908	}	1920	}
1909		1921
1910	func runRSAOAEPTestGroup(algorithm string, wtg *wycheproofTestGroupRSAESOAEP) bool {	1922	func runRsaesOaepTestGroup(algorithm string, wtg *wycheproofTestGroupRsaesOaep) bool {
1911	fmt.Printf("Running %v test group %v with key size %d MGF %v and %v...\n",	1923	fmt.Printf("Running %v test group %v with key size %d MGF %v and %v...\n",
1912	algorithm, wtg.Type, wtg.KeySize, wtg.MGFSHA, wtg.SHA)	1924	algorithm, wtg.Type, wtg.KeySize, wtg.MGFSHA, wtg.SHA)
1913		1925
@@ -1947,7 +1959,84 @@ func runRSAOAEPTestGroup(algorithm string, wtg *wycheproofTestGroupRSAESOAEP) bo
1947		1959
1948	success := true	1960	success := true
1949	for _, wt := range wtg.Tests {	1961	for _, wt := range wtg.Tests {
1950	if !runRSAOAEPTest(rsa, sha, mgfSha, wt) {	1962	if !runRsaesOaepTest(rsa, sha, mgfSha, wt) {
		1963	success = false
		1964	}
		1965	}
		1966	return success
		1967	}
		1968
		1969	func runRsaesPkcs1Test(rsa C.RSA, wt wycheproofTestRsaes) bool {
		1970	ct, err := hex.DecodeString(wt.CT)
		1971	if err != nil {
		1972	log.Fatalf("Failed to decode cipher text %q: %v", wt.CT, err)
		1973	}
		1974	ctLen := len(ct)
		1975	if ctLen == 0 {
		1976	ct = append(ct, 0)
		1977	}
		1978
		1979	rsaSize := C.RSA_size(rsa)
		1980	decrypted := make([]byte, rsaSize)
		1981
		1982	success := true
		1983
		1984	ret := C.RSA_private_decrypt(C.int(ctLen), (C.uchar)(unsafe.Pointer(&ct[0])), (C.uchar)(unsafe.Pointer(&decrypted[0])), rsa, C.RSA_PKCS1_PADDING)
		1985
		1986	if ret == -1 {
		1987	success = (wt.Result == "invalid")
		1988
		1989	if !success {
		1990	fmt.Printf("FAIL: Test case %d (%q) %v - got %d, want %d. Expected: %v\n", wt.TCID, wt.Comment, wt.Flags, ret, len(wt.Msg)/2, wt.Result)
		1991	}
		1992	return success
		1993	}
		1994
		1995	msg, err := hex.DecodeString(wt.Msg)
		1996	if err != nil {
		1997	log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
		1998	}
		1999
		2000	if int(ret) != len(msg) {
		2001	success = false
		2002	fmt.Printf("FAIL: Test case %d (%q) %v - got %d, want %d. Expected: %v\n", wt.TCID, wt.Comment, wt.Flags, ret, len(msg), wt.Result)
		2003	} else if !bytes.Equal(msg, decrypted[:len(msg)]) {
		2004	success = false
		2005	fmt.Printf("FAIL: Test case %d (%q) %v - expected and calculated message differ. Expected: %v", wt.TCID, wt.Comment, wt.Flags, wt.Result)
		2006	}
		2007
		2008	return success
		2009	}
		2010
		2011	func runRsaesPkcs1TestGroup(algorithm string, wtg *wycheproofTestGroupRsaesPkcs1) bool {
		2012	fmt.Printf("Running %v test group %v with key size %d...\n", algorithm, wtg.Type, wtg.KeySize)
		2013	rsa := C.RSA_new()
		2014	if rsa == nil {
		2015	log.Fatal("RSA_new failed")
		2016	}
		2017	defer C.RSA_free(rsa)
		2018
		2019	d := C.CString(wtg.D)
		2020	if C.BN_hex2bn(&rsa.d, d) == 0 {
		2021	log.Fatal("Failed to set RSA d")
		2022	}
		2023	C.free(unsafe.Pointer(d))
		2024
		2025	e := C.CString(wtg.E)
		2026	if C.BN_hex2bn(&rsa.e, e) == 0 {
		2027	log.Fatal("Failed to set RSA e")
		2028	}
		2029	C.free(unsafe.Pointer(e))
		2030
		2031	n := C.CString(wtg.N)
		2032	if C.BN_hex2bn(&rsa.n, n) == 0 {
		2033	log.Fatal("Failed to set RSA n")
		2034	}
		2035	C.free(unsafe.Pointer(n))
		2036
		2037	success := true
		2038	for _, wt := range wtg.Tests {
		2039	if !runRsaesPkcs1Test(rsa, wt) {
1951	success = false	2040	success = false
1952	}	2041	}
1953	}	2042	}
@@ -2226,7 +2315,9 @@ func runTestVectors(path string, webcrypto bool) bool {
2226	case "KW":	2315	case "KW":
2227	wtg = &wycheproofTestGroupKW{}	2316	wtg = &wycheproofTestGroupKW{}
2228	case "RSAES-OAEP":	2317	case "RSAES-OAEP":
2229	wtg= &wycheproofTestGroupRSAESOAEP{}	2318	wtg= &wycheproofTestGroupRsaesOaep{}
		2319	case "RSAES-PKCS1-v1_5":
		2320	wtg= &wycheproofTestGroupRsaesPkcs1{}
2230	case "RSASSA-PSS":	2321	case "RSASSA-PSS":
2231	wtg = &wycheproofTestGroupRSASSA{}	2322	wtg = &wycheproofTestGroupRSASSA{}
2232	case "RSASig":	2323	case "RSASig":
@@ -2293,7 +2384,11 @@ func runTestVectors(path string, webcrypto bool) bool {
2293	success = false	2384	success = false
2294	}	2385	}
2295	case "RSAES-OAEP":	2386	case "RSAES-OAEP":
2296	if !runRSAOAEPTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRSAESOAEP)) {	2387	if !runRsaesOaepTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRsaesOaep)) {
		2388	success = false
		2389	}
		2390	case "RSAES-PKCS1-v1_5":
		2391	if !runRsaesPkcs1TestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRsaesPkcs1)) {
2297	success = false	2392	success = false
2298	}	2393	}
2299	case "RSASSA-PSS":	2394	case "RSASSA-PSS":