diff options
Diffstat (limited to 'src/regress')
| -rw-r--r-- | src/regress/lib/libcrypto/wycheproof/wycheproof.go | 90 |
1 files changed, 71 insertions, 19 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 535b9f9e69..9ef56dbdd7 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: wycheproof.go,v 1.111 2019/12/03 16:07:22 tb Exp $ */ | 1 | /* $OpenBSD: wycheproof.go,v 1.112 2019/12/09 19:46:56 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org> |
| @@ -1240,7 +1240,46 @@ func runChaCha20Poly1305TestGroup(algorithm string, wtg *wycheproofTestGroupAead | |||
| 1240 | return success | 1240 | return success |
| 1241 | } | 1241 | } |
| 1242 | 1242 | ||
| 1243 | func runDSATest(dsa *C.DSA, h hash.Hash, wt *wycheproofTestDSA) bool { | 1243 | // DER encode the signature (so DSA_verify() can decode and encode it again) |
| 1244 | func encodeDSAP1363Sig(wtSig string) (*C.uchar, C.int) { | ||
| 1245 | cSig := C.DSA_SIG_new() | ||
| 1246 | if cSig == nil { | ||
| 1247 | log.Fatal("DSA_SIG_new() failed") | ||
| 1248 | } | ||
| 1249 | defer C.DSA_SIG_free(cSig) | ||
| 1250 | |||
| 1251 | sigLen := len(wtSig) | ||
| 1252 | r := C.CString(wtSig[:sigLen/2]) | ||
| 1253 | s := C.CString(wtSig[sigLen/2:]) | ||
| 1254 | defer C.free(unsafe.Pointer(r)) | ||
| 1255 | defer C.free(unsafe.Pointer(s)) | ||
| 1256 | if C.BN_hex2bn(&cSig.r, r) == 0 { | ||
| 1257 | return nil, 0 | ||
| 1258 | } | ||
| 1259 | if C.BN_hex2bn(&cSig.s, s) == 0 { | ||
| 1260 | return nil, 0 | ||
| 1261 | } | ||
| 1262 | |||
| 1263 | derLen := C.i2d_DSA_SIG(cSig, nil) | ||
| 1264 | if derLen == 0 { | ||
| 1265 | return nil, 0 | ||
| 1266 | } | ||
| 1267 | cDer := (*C.uchar)(C.malloc(C.ulong(derLen))) | ||
| 1268 | if cDer == nil { | ||
| 1269 | log.Fatal("malloc failed") | ||
| 1270 | } | ||
| 1271 | |||
| 1272 | p := cDer | ||
| 1273 | ret := C.i2d_DSA_SIG(cSig, (**C.uchar)(&p)) | ||
| 1274 | if ret == 0 || ret != derLen { | ||
| 1275 | C.free(unsafe.Pointer(cDer)) | ||
| 1276 | return nil, 0 | ||
| 1277 | } | ||
| 1278 | |||
| 1279 | return cDer, derLen | ||
| 1280 | } | ||
| 1281 | |||
| 1282 | func runDSATest(dsa *C.DSA, variant testVariant, h hash.Hash, wt *wycheproofTestDSA) bool { | ||
| 1244 | msg, err := hex.DecodeString(wt.Msg) | 1283 | msg, err := hex.DecodeString(wt.Msg) |
| 1245 | if err != nil { | 1284 | if err != nil { |
| 1246 | log.Fatalf("Failed to decode message %q: %v", wt.Msg, err) | 1285 | log.Fatalf("Failed to decode message %q: %v", wt.Msg, err) |
| @@ -1250,21 +1289,34 @@ func runDSATest(dsa *C.DSA, h hash.Hash, wt *wycheproofTestDSA) bool { | |||
| 1250 | h.Write(msg) | 1289 | h.Write(msg) |
| 1251 | msg = h.Sum(nil) | 1290 | msg = h.Sum(nil) |
| 1252 | 1291 | ||
| 1253 | sig, err := hex.DecodeString(wt.Sig) | 1292 | msgLen := len(msg) |
| 1254 | if err != nil { | ||
| 1255 | log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err) | ||
| 1256 | } | ||
| 1257 | |||
| 1258 | msgLen, sigLen := len(msg), len(sig) | ||
| 1259 | if msgLen == 0 { | 1293 | if msgLen == 0 { |
| 1260 | msg = append(msg, 0) | 1294 | msg = append(msg, 0) |
| 1261 | } | 1295 | } |
| 1262 | if sigLen == 0 { | ||
| 1263 | sig = append(msg, 0) | ||
| 1264 | } | ||
| 1265 | 1296 | ||
| 1266 | ret := C.DSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen), | 1297 | var ret C.int |
| 1267 | (*C.uchar)(unsafe.Pointer(&sig[0])), C.int(sigLen), dsa) | 1298 | if variant == P1363 { |
| 1299 | cDer, derLen := encodeDSAP1363Sig(wt.Sig) | ||
| 1300 | if cDer == nil { | ||
| 1301 | fmt.Print("FAIL: unable to decode signature") | ||
| 1302 | return false | ||
| 1303 | } | ||
| 1304 | defer C.free(unsafe.Pointer(cDer)) | ||
| 1305 | |||
| 1306 | ret = C.DSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen), | ||
| 1307 | (*C.uchar)(unsafe.Pointer(cDer)), C.int(derLen), dsa) | ||
| 1308 | } else { | ||
| 1309 | sig, err := hex.DecodeString(wt.Sig) | ||
| 1310 | if err != nil { | ||
| 1311 | log.Fatalf("Failed to decode signature %q: %v", wt.Sig, err) | ||
| 1312 | } | ||
| 1313 | sigLen := len(sig) | ||
| 1314 | if sigLen == 0 { | ||
| 1315 | sig = append(msg, 0) | ||
| 1316 | } | ||
| 1317 | ret = C.DSA_verify(0, (*C.uchar)(unsafe.Pointer(&msg[0])), C.int(msgLen), | ||
| 1318 | (*C.uchar)(unsafe.Pointer(&sig[0])), C.int(sigLen), dsa) | ||
| 1319 | } | ||
| 1268 | 1320 | ||
| 1269 | success := true | 1321 | success := true |
| 1270 | if ret == 1 != (wt.Result == "valid") { | 1322 | if ret == 1 != (wt.Result == "valid") { |
| @@ -1275,7 +1327,7 @@ func runDSATest(dsa *C.DSA, h hash.Hash, wt *wycheproofTestDSA) bool { | |||
| 1275 | return success | 1327 | return success |
| 1276 | } | 1328 | } |
| 1277 | 1329 | ||
| 1278 | func runDSATestGroup(algorithm string, wtg *wycheproofTestGroupDSA) bool { | 1330 | func runDSATestGroup(algorithm string, variant testVariant, wtg *wycheproofTestGroupDSA) bool { |
| 1279 | fmt.Printf("Running %v test group %v, key size %d and %v...\n", | 1331 | fmt.Printf("Running %v test group %v, key size %d and %v...\n", |
| 1280 | algorithm, wtg.Type, wtg.Key.KeySize, wtg.SHA) | 1332 | algorithm, wtg.Type, wtg.Key.KeySize, wtg.SHA) |
| 1281 | 1333 | ||
| @@ -1365,13 +1417,13 @@ func runDSATestGroup(algorithm string, wtg *wycheproofTestGroupDSA) bool { | |||
| 1365 | 1417 | ||
| 1366 | success := true | 1418 | success := true |
| 1367 | for _, wt := range wtg.Tests { | 1419 | for _, wt := range wtg.Tests { |
| 1368 | if !runDSATest(dsa, h, wt) { | 1420 | if !runDSATest(dsa, variant, h, wt) { |
| 1369 | success = false | 1421 | success = false |
| 1370 | } | 1422 | } |
| 1371 | if !runDSATest(dsaDER, h, wt) { | 1423 | if !runDSATest(dsaDER, variant, h, wt) { |
| 1372 | success = false | 1424 | success = false |
| 1373 | } | 1425 | } |
| 1374 | if !runDSATest(dsaPEM, h, wt) { | 1426 | if !runDSATest(dsaPEM, variant, h, wt) { |
| 1375 | success = false | 1427 | success = false |
| 1376 | } | 1428 | } |
| 1377 | } | 1429 | } |
| @@ -2500,7 +2552,7 @@ func runTestVectors(path string, variant testVariant) bool { | |||
| 2500 | success = false | 2552 | success = false |
| 2501 | } | 2553 | } |
| 2502 | case "DSA": | 2554 | case "DSA": |
| 2503 | if !runDSATestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupDSA)) { | 2555 | if !runDSATestGroup(wtv.Algorithm, variant, wtg.(*wycheproofTestGroupDSA)) { |
| 2504 | success = false | 2556 | success = false |
| 2505 | } | 2557 | } |
| 2506 | case "ECDH": | 2558 | case "ECDH": |
| @@ -2585,7 +2637,7 @@ func main() { | |||
| 2585 | {"AES", "aes_[cg]*[^xv]_test.json", Normal}, // Skip AES-EAX, AES-GCM-SIV and AES-SIV-CMAC. | 2637 | {"AES", "aes_[cg]*[^xv]_test.json", Normal}, // Skip AES-EAX, AES-GCM-SIV and AES-SIV-CMAC. |
| 2586 | {"ChaCha20-Poly1305", "chacha20_poly1305_test.json", Normal}, | 2638 | {"ChaCha20-Poly1305", "chacha20_poly1305_test.json", Normal}, |
| 2587 | {"DSA", "dsa_*test.json", Normal}, | 2639 | {"DSA", "dsa_*test.json", Normal}, |
| 2588 | {"DSA", "dsa_*_p1363_test.json", Skip}, | 2640 | {"DSA", "dsa_*_p1363_test.json", P1363}, |
| 2589 | {"ECDH", "ecdh_test.json", Normal}, | 2641 | {"ECDH", "ecdh_test.json", Normal}, |
| 2590 | {"ECDH", "ecdh_[^w_]*_test.json", Normal}, | 2642 | {"ECDH", "ecdh_[^w_]*_test.json", Normal}, |
| 2591 | {"ECDH EcPoint", "ecdh_*_ecpoint_test.json", EcPoint}, | 2643 | {"ECDH EcPoint", "ecdh_*_ecpoint_test.json", EcPoint}, |