diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/regress/lib/libcrypto/wycheproof/wycheproof.go | 57 |
1 files changed, 43 insertions, 14 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index a3c4f2cea2..f37aede93c 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: wycheproof.go,v 1.100 2019/11/28 07:54:49 tb Exp $ */ | 1 | /* $OpenBSD: wycheproof.go,v 1.101 2019/11/28 16:54:00 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018 Joel Sing <jsing@openbsd.org> |
| 4 | * Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org> | 4 | * Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org> |
| @@ -1015,13 +1015,20 @@ func checkAeadOpen(ctx *C.EVP_AEAD_CTX, iv []byte, ivLen int, aad []byte, aadLen | |||
| 1015 | maxOutLen := ctLen + tagLen | 1015 | maxOutLen := ctLen + tagLen |
| 1016 | 1016 | ||
| 1017 | opened := make([]byte, maxOutLen) | 1017 | opened := make([]byte, maxOutLen) |
| 1018 | if maxOutLen == 0 { | ||
| 1019 | opened = append(opened, 0) | ||
| 1020 | } | ||
| 1018 | var openedMsgLen C.size_t | 1021 | var openedMsgLen C.size_t |
| 1019 | 1022 | ||
| 1020 | catCtTag := append(ct, tag...) | 1023 | catCtTag := append(ct, tag...) |
| 1024 | catCtTagLen := len(catCtTag) | ||
| 1025 | if catCtTagLen == 0 { | ||
| 1026 | catCtTag = append(catCtTag, 0) | ||
| 1027 | } | ||
| 1021 | openRet := C.EVP_AEAD_CTX_open(ctx, (*C.uint8_t)(unsafe.Pointer(&opened[0])), | 1028 | openRet := C.EVP_AEAD_CTX_open(ctx, (*C.uint8_t)(unsafe.Pointer(&opened[0])), |
| 1022 | (*C.size_t)(unsafe.Pointer(&openedMsgLen)), C.size_t(maxOutLen), | 1029 | (*C.size_t)(unsafe.Pointer(&openedMsgLen)), C.size_t(maxOutLen), |
| 1023 | (*C.uint8_t)(unsafe.Pointer(&iv[0])), C.size_t(ivLen), | 1030 | (*C.uint8_t)(unsafe.Pointer(&iv[0])), C.size_t(ivLen), |
| 1024 | (*C.uint8_t)(unsafe.Pointer(&catCtTag[0])), C.size_t(len(catCtTag)), | 1031 | (*C.uint8_t)(unsafe.Pointer(&catCtTag[0])), C.size_t(catCtTagLen), |
| 1025 | (*C.uint8_t)(unsafe.Pointer(&aad[0])), C.size_t(aadLen)) | 1032 | (*C.uint8_t)(unsafe.Pointer(&aad[0])), C.size_t(aadLen)) |
| 1026 | 1033 | ||
| 1027 | if openRet != 1 { | 1034 | if openRet != 1 { |
| @@ -1062,6 +1069,9 @@ func checkAeadSeal(ctx *C.EVP_AEAD_CTX, iv []byte, ivLen int, aad []byte, aadLen | |||
| 1062 | maxOutLen := msgLen + tagLen | 1069 | maxOutLen := msgLen + tagLen |
| 1063 | 1070 | ||
| 1064 | sealed := make([]byte, maxOutLen) | 1071 | sealed := make([]byte, maxOutLen) |
| 1072 | if maxOutLen == 0 { | ||
| 1073 | sealed = append(sealed, 0) | ||
| 1074 | } | ||
| 1065 | var sealedLen C.size_t | 1075 | var sealedLen C.size_t |
| 1066 | 1076 | ||
| 1067 | sealRet := C.EVP_AEAD_CTX_seal(ctx, (*C.uint8_t)(unsafe.Pointer(&sealed[0])), | 1077 | sealRet := C.EVP_AEAD_CTX_seal(ctx, (*C.uint8_t)(unsafe.Pointer(&sealed[0])), |
| @@ -1071,9 +1081,11 @@ func checkAeadSeal(ctx *C.EVP_AEAD_CTX, iv []byte, ivLen int, aad []byte, aadLen | |||
| 1071 | (*C.uint8_t)(unsafe.Pointer(&aad[0])), C.size_t(aadLen)) | 1081 | (*C.uint8_t)(unsafe.Pointer(&aad[0])), C.size_t(aadLen)) |
| 1072 | 1082 | ||
| 1073 | if sealRet != 1 { | 1083 | if sealRet != 1 { |
| 1074 | fmt.Printf("FAIL: Test case %d (%q) %v - EVP_AEAD_CTX_seal() = %d, want %v\n", | 1084 | success := (wt.Result == "invalid") |
| 1075 | wt.TCID, wt.Comment, wt.Flags, int(sealRet), wt.Result) | 1085 | if !success { |
| 1076 | return false | 1086 | fmt.Printf("FAIL: Test case %d (%q) %v - EVP_AEAD_CTX_seal() = %d, want %v\n", wt.TCID, wt.Comment, wt.Flags, int(sealRet), wt.Result) |
| 1087 | } | ||
| 1088 | return success | ||
| 1077 | } | 1089 | } |
| 1078 | 1090 | ||
| 1079 | if sealedLen != C.size_t(maxOutLen) { | 1091 | if sealedLen != C.size_t(maxOutLen) { |
| @@ -1099,8 +1111,14 @@ func checkAeadSeal(ctx *C.EVP_AEAD_CTX, iv []byte, ivLen int, aad []byte, aadLen | |||
| 1099 | return success | 1111 | return success |
| 1100 | } | 1112 | } |
| 1101 | 1113 | ||
| 1102 | func runChaCha20Poly1305Test(wt *wycheproofTestAead) bool { | 1114 | func runChaCha20Poly1305Test(algorithm string, wt *wycheproofTestAead) bool { |
| 1103 | aead := C.EVP_aead_chacha20_poly1305() | 1115 | var aead *C.EVP_AEAD |
| 1116 | switch algorithm { | ||
| 1117 | case "CHACHA20-POLY1305": | ||
| 1118 | aead = C.EVP_aead_chacha20_poly1305() | ||
| 1119 | case "XCHACHA20-POLY1305": | ||
| 1120 | aead = C.EVP_aead_xchacha20_poly1305() | ||
| 1121 | } | ||
| 1104 | 1122 | ||
| 1105 | key, err := hex.DecodeString(wt.Key) | 1123 | key, err := hex.DecodeString(wt.Key) |
| 1106 | if err != nil { | 1124 | if err != nil { |
| @@ -1138,6 +1156,12 @@ func runChaCha20Poly1305Test(wt *wycheproofTestAead) bool { | |||
| 1138 | if msgLen == 0 { | 1156 | if msgLen == 0 { |
| 1139 | msg = append(msg, 0) | 1157 | msg = append(msg, 0) |
| 1140 | } | 1158 | } |
| 1159 | if ctLen == 0 { | ||
| 1160 | msg = append(ct, 0) | ||
| 1161 | } | ||
| 1162 | if tagLen == 0 { | ||
| 1163 | msg = append(tag, 0) | ||
| 1164 | } | ||
| 1141 | 1165 | ||
| 1142 | var ctx C.EVP_AEAD_CTX | 1166 | var ctx C.EVP_AEAD_CTX |
| 1143 | if C.EVP_AEAD_CTX_init(&ctx, aead, (*C.uchar)(unsafe.Pointer(&key[0])), C.size_t(keyLen), C.size_t(tagLen), nil) != 1 { | 1167 | if C.EVP_AEAD_CTX_init(&ctx, aead, (*C.uchar)(unsafe.Pointer(&key[0])), C.size_t(keyLen), C.size_t(tagLen), nil) != 1 { |
| @@ -1152,8 +1176,8 @@ func runChaCha20Poly1305Test(wt *wycheproofTestAead) bool { | |||
| 1152 | } | 1176 | } |
| 1153 | 1177 | ||
| 1154 | func runChaCha20Poly1305TestGroup(algorithm string, wtg *wycheproofTestGroupAead) bool { | 1178 | func runChaCha20Poly1305TestGroup(algorithm string, wtg *wycheproofTestGroupAead) bool { |
| 1155 | // We currently only support nonces of length 12 (96 bits) | 1179 | // ChaCha20-Poly1305 currently only supports nonces of length 12 (96 bits) |
| 1156 | if wtg.IVSize != 96 { | 1180 | if algorithm == "CHACHA20-POLY1305" && wtg.IVSize != 96 { |
| 1157 | return true | 1181 | return true |
| 1158 | } | 1182 | } |
| 1159 | 1183 | ||
| @@ -1162,7 +1186,7 @@ func runChaCha20Poly1305TestGroup(algorithm string, wtg *wycheproofTestGroupAead | |||
| 1162 | 1186 | ||
| 1163 | success := true | 1187 | success := true |
| 1164 | for _, wt := range wtg.Tests { | 1188 | for _, wt := range wtg.Tests { |
| 1165 | if !runChaCha20Poly1305Test(wt) { | 1189 | if !runChaCha20Poly1305Test(algorithm, wt) { |
| 1166 | success = false | 1190 | success = false |
| 1167 | } | 1191 | } |
| 1168 | } | 1192 | } |
| @@ -2297,6 +2321,8 @@ func runTestVectors(path string, webcrypto bool) bool { | |||
| 2297 | case "AES-GCM": | 2321 | case "AES-GCM": |
| 2298 | wtg = &wycheproofTestGroupAead{} | 2322 | wtg = &wycheproofTestGroupAead{} |
| 2299 | case "CHACHA20-POLY1305": | 2323 | case "CHACHA20-POLY1305": |
| 2324 | fallthrough | ||
| 2325 | case "XCHACHA20-POLY1305": | ||
| 2300 | wtg = &wycheproofTestGroupAead{} | 2326 | wtg = &wycheproofTestGroupAead{} |
| 2301 | case "DSA": | 2327 | case "DSA": |
| 2302 | wtg = &wycheproofTestGroupDSA{} | 2328 | wtg = &wycheproofTestGroupDSA{} |
| @@ -2356,6 +2382,8 @@ func runTestVectors(path string, webcrypto bool) bool { | |||
| 2356 | success = false | 2382 | success = false |
| 2357 | } | 2383 | } |
| 2358 | case "CHACHA20-POLY1305": | 2384 | case "CHACHA20-POLY1305": |
| 2385 | fallthrough | ||
| 2386 | case "XCHACHA20-POLY1305": | ||
| 2359 | if !runChaCha20Poly1305TestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupAead)) { | 2387 | if !runChaCha20Poly1305TestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupAead)) { |
| 2360 | success = false | 2388 | success = false |
| 2361 | } | 2389 | } |
| @@ -2435,7 +2463,6 @@ func main() { | |||
| 2435 | // hkdf_sha*_test.json | 2463 | // hkdf_sha*_test.json |
| 2436 | // primality_test.json | 2464 | // primality_test.json |
| 2437 | // x25519_{asn,jwk,pem}_test.json | 2465 | // x25519_{asn,jwk,pem}_test.json |
| 2438 | // xchacha20_poly1305_test.json | ||
| 2439 | // What's up with the *_p1363_test.json files? | 2466 | // What's up with the *_p1363_test.json files? |
| 2440 | tests := []struct { | 2467 | tests := []struct { |
| 2441 | name string | 2468 | name string |
| @@ -2451,6 +2478,7 @@ func main() { | |||
| 2451 | {"KW", "kw_test.json"}, | 2478 | {"KW", "kw_test.json"}, |
| 2452 | {"RSA", "rsa_*test.json"}, | 2479 | {"RSA", "rsa_*test.json"}, |
| 2453 | {"X25519", "x25519_test.json"}, | 2480 | {"X25519", "x25519_test.json"}, |
| 2481 | {"XCHACHA20-POLY1305", "xchacha20_poly1305_test.json"}, | ||
| 2454 | } | 2482 | } |
| 2455 | 2483 | ||
| 2456 | success := true | 2484 | success := true |
| @@ -2463,9 +2491,10 @@ func main() { | |||
| 2463 | if err != nil { | 2491 | if err != nil { |
| 2464 | log.Fatalf("Failed to glob %v test vectors: %v", test.name, err) | 2492 | log.Fatalf("Failed to glob %v test vectors: %v", test.name, err) |
| 2465 | } | 2493 | } |
| 2466 | if len(tvs) == 0 { | 2494 | // XXX put check back after wycheproof-testvectors update to 20191126 |
| 2467 | log.Fatalf("Failed to find %v test vectors at %q\n", test.name, testVectorPath) | 2495 | // if len(tvs) == 0 { |
| 2468 | } | 2496 | // log.Fatalf("Failed to find %v test vectors at %q\n", test.name, testVectorPath) |
| 2497 | // } | ||
| 2469 | for _, tv := range tvs { | 2498 | for _, tv := range tvs { |
| 2470 | if skip.Match([]byte(tv)) { | 2499 | if skip.Match([]byte(tv)) { |
| 2471 | fmt.Printf("INFO: Skipping tests from \"%s\"\n", strings.TrimPrefix(tv, testVectorPath+"/")) | 2500 | fmt.Printf("INFO: Skipping tests from \"%s\"\n", strings.TrimPrefix(tv, testVectorPath+"/")) |