1 files changed, 158 insertions, 2 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index 2ae1c7e3c4..5b019cae10 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,7 +1,7 @@
-/* $OpenBSD: wycheproof.go,v 1.91 2019/11/27 12:26:40 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.92 2019/11/27 17:53:31 tb Exp $ */
 /*
 * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
+ * Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
@@ -275,6 +275,45 @@ type wycheproofTestGroupRSA struct {
        Tests   []*wycheproofTestRSA `json:"tests"`
 }
+type wycheproofPrivateKeyJwk struct {
+        Alg string `json:"alg"`
+        D   string `json:"d"`
+        DP  string `json:"dp"`
+        DQ  string `json:"dq"`
+        E   string `json:"e"`
+        KID string `json:"kid"`
+        Kty string `json:"kty"`
+        N   string `json:"n"`
+        P   string `json:"p"`
+        Q   string `json:"q"`
+        QI  string `json:"qi"`
+}
+type wycheproofTestRSAOAEP struct {
+        TCID    int      `json:"tcId"`
+        Comment string   `json:"comment"`
+        Msg     string   `json:"msg"`
+        CT      string   `json:"ct"`
+        Label   string   `json:"label"`
+        Result  string   `json:"result"`
+        Flags   []string `json:"flags"`
+}
+type wycheproofTestGroupRSAESOAEP struct {
+        D               string                   `json:"d"`
+        E               string                   `json:"e"`
+        KeySize         int                      `json:"keysize"`
+        MGF             string                   `json:"mgf"`
+        MGFSHA          string                   `json:"mgfSha"`
+        N               string                   `json:"n"`
+        PrivateKeyJwk   *wycheproofPrivateKeyJwk `json:"privateKeyJwk"`
+        PrivateKeyPem   string                   `json:"privateKeyPem"`
+        PrivateKeyPkcs8 string                   `json:"privateKeyPkcs8"`
+        SHA             string                   `json:"sha"`
+        Type            string                   `json:"type"`
+        Tests           []*wycheproofTestRSAOAEP `json:"tests"`
+}
 type wycheproofTestRSASSA struct {
        TCID    int      `json:"tcId"`
        Comment string   `json:"comment"`
@@ -1804,6 +1843,117 @@ func runKWTestGroup(algorithm string, wtg *wycheproofTestGroupKW) bool {
        return success
 }
+func runRSAOAEPTest(rsa *C.RSA, sha *C.EVP_MD, mgfSha *C.EVP_MD, wt *wycheproofTestRSAOAEP) bool {
+        ct, err := hex.DecodeString(wt.CT)
+        if err != nil {
+                log.Fatalf("Failed to decode cipher text %q: %v", wt.CT, err)
+        }
+        ctLen := len(ct)
+        if ctLen == 0 {
+                ct = append(ct, 0)
+        }
+        rsaSize := C.RSA_size(rsa)
+        decrypted := make([]byte, rsaSize)
+        success := true
+        ret := C.RSA_private_decrypt(C.int(ctLen), (*C.uchar)(unsafe.Pointer(&ct[0])), (*C.uchar)(unsafe.Pointer(&decrypted[0])), rsa, C.RSA_NO_PADDING)
+        if ret != rsaSize {
+                success = (wt.Result == "invalid")
+                if !success {
+                        fmt.Printf("FAIL: TCID: %d, got %d, want %d, expect %v, \"%v\"\n", wt.TCID, ret, rsaSize, wt.Result, wt.Comment)
+                }
+                return success
+        }
+        label, err := hex.DecodeString(wt.Label)
+        if err != nil {
+                log.Fatalf("Failed to decode label %q: %v", wt.Label, err)
+        }
+        labelLen := len(label)
+        if labelLen == 0 {
+                label = append(label, 0)
+        }
+        msg, err := hex.DecodeString(wt.Msg)
+        if err != nil {
+                log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
+        }
+        msgLen := len(msg)
+        to := make([]byte, rsaSize)
+        ret = C.RSA_padding_check_PKCS1_OAEP_mgf1((*C.uchar)(unsafe.Pointer(&to[0])), C.int(rsaSize),  (*C.uchar)(unsafe.Pointer(&decrypted[0])), C.int(rsaSize), C.int(rsaSize), (*C.uchar)(unsafe.Pointer(&label[0])), C.int(labelLen), sha, mgfSha)
+        if int(ret) != msgLen {
+                success = (wt.Result == "invalid")
+                if !success {
+                        fmt.Printf("FAIL: TCID: %d, got %d, want %d, expect %v, \"%v\"\n", wt.TCID, ret, msgLen, wt.Result, wt.Comment)
+                }
+                return success
+        }
+        to = to[:msgLen];
+        if !bytes.Equal(msg, to) {
+                success = false
+                fmt.Printf("FAIL: TCID: %d, expected and calculated message differ. expect %v", wt.Result)
+        }
+        return success
+}
+func runRSAOAEPTestGroup(algorithm string, wtg *wycheproofTestGroupRSAESOAEP) bool {
+        fmt.Printf("Running %v test group %v with key size %d MGF %v and %v...\n",
+                algorithm, wtg.Type, wtg.KeySize, wtg.MGFSHA, wtg.SHA)
+        rsa := C.RSA_new()
+        if rsa == nil {
+                log.Fatal("RSA_new failed")
+        }
+        defer C.RSA_free(rsa)
+        d := C.CString(wtg.D)
+        if C.BN_hex2bn(&rsa.d, d) == 0 {
+                log.Fatal("Failed to set RSA d")
+        }
+        C.free(unsafe.Pointer(d))
+        e := C.CString(wtg.E)
+        if C.BN_hex2bn(&rsa.e, e) == 0 {
+                log.Fatal("Failed to set RSA e")
+        }
+        C.free(unsafe.Pointer(e))
+        n := C.CString(wtg.N)
+        if C.BN_hex2bn(&rsa.n, n) == 0 {
+                log.Fatal("Failed to set RSA n")
+        }
+        C.free(unsafe.Pointer(n))
+        sha, err := hashEvpMdFromString(wtg.SHA)
+        if err != nil {
+                log.Fatalf("Failed to get hash: %v", err)
+        }
+        mgfSha, err := hashEvpMdFromString(wtg.MGFSHA)
+        if err != nil {
+                log.Fatalf("Failed to get MGF hash: %v", err)
+        }
+        success := true
+        for _, wt := range wtg.Tests {
+                if !runRSAOAEPTest(rsa, sha, mgfSha, wt) {
+                        success = false
+                }
+        }
+        return success
+}
 func runRSASSATest(rsa *C.RSA, h hash.Hash, sha *C.EVP_MD, mgfSha *C.EVP_MD, sLen int, wt *wycheproofTestRSASSA) bool {
        msg, err := hex.DecodeString(wt.Msg)
        if err != nil {
@@ -2075,6 +2225,8 @@ func runTestVectors(path string, webcrypto bool) bool {
                }
        case "KW":
                wtg = &wycheproofTestGroupKW{}
+        case "RSAES-OAEP":
+                wtg= &wycheproofTestGroupRSAESOAEP{}
        case "RSASSA-PSS":
                wtg = &wycheproofTestGroupRSASSA{}
        case "RSASig":
@@ -2140,6 +2292,10 @@ func runTestVectors(path string, webcrypto bool) bool {
                        if !runKWTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupKW)) {
                                success = false
                        }
+                case "RSAES-OAEP":
+                        if !runRSAOAEPTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRSAESOAEP)) {
+                                success = false
+                        }
                case "RSASSA-PSS":
                        if !runRSASSATestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRSASSA)) {
                                success = false

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 2ae1c7e3c4..5b019cae10 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,7 +1,7 @@
1	/* $OpenBSD: wycheproof.go,v 1.91 2019/11/27 12:26:40 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.92 2019/11/27 17:53:31 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org>
5	*	5	*
6	* Permission to use, copy, modify, and distribute this software for any	6	* Permission to use, copy, modify, and distribute this software for any
7	* purpose with or without fee is hereby granted, provided that the above	7	* purpose with or without fee is hereby granted, provided that the above
@@ -275,6 +275,45 @@ type wycheproofTestGroupRSA struct {
275	Tests []*wycheproofTestRSA `json:"tests"`	275	Tests []*wycheproofTestRSA `json:"tests"`
276	}	276	}
277		277
		278	type wycheproofPrivateKeyJwk struct {
		279	Alg string `json:"alg"`
		280	D string `json:"d"`
		281	DP string `json:"dp"`
		282	DQ string `json:"dq"`
		283	E string `json:"e"`
		284	KID string `json:"kid"`
		285	Kty string `json:"kty"`
		286	N string `json:"n"`
		287	P string `json:"p"`
		288	Q string `json:"q"`
		289	QI string `json:"qi"`
		290	}
		291
		292	type wycheproofTestRSAOAEP struct {
		293	TCID int `json:"tcId"`
		294	Comment string `json:"comment"`
		295	Msg string `json:"msg"`
		296	CT string `json:"ct"`
		297	Label string `json:"label"`
		298	Result string `json:"result"`
		299	Flags []string `json:"flags"`
		300	}
		301
		302	type wycheproofTestGroupRSAESOAEP struct {
		303	D string `json:"d"`
		304	E string `json:"e"`
		305	KeySize int `json:"keysize"`
		306	MGF string `json:"mgf"`
		307	MGFSHA string `json:"mgfSha"`
		308	N string `json:"n"`
		309	PrivateKeyJwk *wycheproofPrivateKeyJwk `json:"privateKeyJwk"`
		310	PrivateKeyPem string `json:"privateKeyPem"`
		311	PrivateKeyPkcs8 string `json:"privateKeyPkcs8"`
		312	SHA string `json:"sha"`
		313	Type string `json:"type"`
		314	Tests []*wycheproofTestRSAOAEP `json:"tests"`
		315	}
		316
278	type wycheproofTestRSASSA struct {	317	type wycheproofTestRSASSA struct {
279	TCID int `json:"tcId"`	318	TCID int `json:"tcId"`
280	Comment string `json:"comment"`	319	Comment string `json:"comment"`
@@ -1804,6 +1843,117 @@ func runKWTestGroup(algorithm string, wtg *wycheproofTestGroupKW) bool {
1804	return success	1843	return success
1805	}	1844	}
1806		1845
		1846	func runRSAOAEPTest(rsa C.RSA, sha C.EVP_MD, mgfSha C.EVP_MD, wt wycheproofTestRSAOAEP) bool {
		1847	ct, err := hex.DecodeString(wt.CT)
		1848	if err != nil {
		1849	log.Fatalf("Failed to decode cipher text %q: %v", wt.CT, err)
		1850	}
		1851	ctLen := len(ct)
		1852	if ctLen == 0 {
		1853	ct = append(ct, 0)
		1854	}
		1855
		1856	rsaSize := C.RSA_size(rsa)
		1857	decrypted := make([]byte, rsaSize)
		1858
		1859	success := true
		1860
		1861	ret := C.RSA_private_decrypt(C.int(ctLen), (C.uchar)(unsafe.Pointer(&ct[0])), (C.uchar)(unsafe.Pointer(&decrypted[0])), rsa, C.RSA_NO_PADDING)
		1862
		1863	if ret != rsaSize {
		1864	success = (wt.Result == "invalid")
		1865
		1866	if !success {
		1867	fmt.Printf("FAIL: TCID: %d, got %d, want %d, expect %v, \"%v\"\n", wt.TCID, ret, rsaSize, wt.Result, wt.Comment)
		1868	}
		1869	return success
		1870	}
		1871
		1872	label, err := hex.DecodeString(wt.Label)
		1873	if err != nil {
		1874	log.Fatalf("Failed to decode label %q: %v", wt.Label, err)
		1875	}
		1876	labelLen := len(label)
		1877	if labelLen == 0 {
		1878	label = append(label, 0)
		1879	}
		1880
		1881	msg, err := hex.DecodeString(wt.Msg)
		1882	if err != nil {
		1883	log.Fatalf("Failed to decode message %q: %v", wt.Msg, err)
		1884	}
		1885	msgLen := len(msg)
		1886
		1887	to := make([]byte, rsaSize)
		1888
		1889	ret = C.RSA_padding_check_PKCS1_OAEP_mgf1((C.uchar)(unsafe.Pointer(&to[0])), C.int(rsaSize), (C.uchar)(unsafe.Pointer(&decrypted[0])), C.int(rsaSize), C.int(rsaSize), (*C.uchar)(unsafe.Pointer(&label[0])), C.int(labelLen), sha, mgfSha)
		1890
		1891	if int(ret) != msgLen {
		1892	success = (wt.Result == "invalid")
		1893
		1894	if !success {
		1895	fmt.Printf("FAIL: TCID: %d, got %d, want %d, expect %v, \"%v\"\n", wt.TCID, ret, msgLen, wt.Result, wt.Comment)
		1896	}
		1897	return success
		1898	}
		1899
		1900
		1901	to = to[:msgLen];
		1902	if !bytes.Equal(msg, to) {
		1903	success = false
		1904	fmt.Printf("FAIL: TCID: %d, expected and calculated message differ. expect %v", wt.Result)
		1905	}
		1906
		1907	return success
		1908	}
		1909
		1910	func runRSAOAEPTestGroup(algorithm string, wtg *wycheproofTestGroupRSAESOAEP) bool {
		1911	fmt.Printf("Running %v test group %v with key size %d MGF %v and %v...\n",
		1912	algorithm, wtg.Type, wtg.KeySize, wtg.MGFSHA, wtg.SHA)
		1913
		1914	rsa := C.RSA_new()
		1915	if rsa == nil {
		1916	log.Fatal("RSA_new failed")
		1917	}
		1918	defer C.RSA_free(rsa)
		1919
		1920	d := C.CString(wtg.D)
		1921	if C.BN_hex2bn(&rsa.d, d) == 0 {
		1922	log.Fatal("Failed to set RSA d")
		1923	}
		1924	C.free(unsafe.Pointer(d))
		1925
		1926	e := C.CString(wtg.E)
		1927	if C.BN_hex2bn(&rsa.e, e) == 0 {
		1928	log.Fatal("Failed to set RSA e")
		1929	}
		1930	C.free(unsafe.Pointer(e))
		1931
		1932	n := C.CString(wtg.N)
		1933	if C.BN_hex2bn(&rsa.n, n) == 0 {
		1934	log.Fatal("Failed to set RSA n")
		1935	}
		1936	C.free(unsafe.Pointer(n))
		1937
		1938	sha, err := hashEvpMdFromString(wtg.SHA)
		1939	if err != nil {
		1940	log.Fatalf("Failed to get hash: %v", err)
		1941	}
		1942
		1943	mgfSha, err := hashEvpMdFromString(wtg.MGFSHA)
		1944	if err != nil {
		1945	log.Fatalf("Failed to get MGF hash: %v", err)
		1946	}
		1947
		1948	success := true
		1949	for _, wt := range wtg.Tests {
		1950	if !runRSAOAEPTest(rsa, sha, mgfSha, wt) {
		1951	success = false
		1952	}
		1953	}
		1954	return success
		1955	}
		1956
1807	func runRSASSATest(rsa C.RSA, h hash.Hash, sha C.EVP_MD, mgfSha C.EVP_MD, sLen int, wt wycheproofTestRSASSA) bool {	1957	func runRSASSATest(rsa C.RSA, h hash.Hash, sha C.EVP_MD, mgfSha C.EVP_MD, sLen int, wt wycheproofTestRSASSA) bool {
1808	msg, err := hex.DecodeString(wt.Msg)	1958	msg, err := hex.DecodeString(wt.Msg)
1809	if err != nil {	1959	if err != nil {
@@ -2075,6 +2225,8 @@ func runTestVectors(path string, webcrypto bool) bool {
2075	}	2225	}
2076	case "KW":	2226	case "KW":
2077	wtg = &wycheproofTestGroupKW{}	2227	wtg = &wycheproofTestGroupKW{}
		2228	case "RSAES-OAEP":
		2229	wtg= &wycheproofTestGroupRSAESOAEP{}
2078	case "RSASSA-PSS":	2230	case "RSASSA-PSS":
2079	wtg = &wycheproofTestGroupRSASSA{}	2231	wtg = &wycheproofTestGroupRSASSA{}
2080	case "RSASig":	2232	case "RSASig":
@@ -2140,6 +2292,10 @@ func runTestVectors(path string, webcrypto bool) bool {
2140	if !runKWTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupKW)) {	2292	if !runKWTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupKW)) {
2141	success = false	2293	success = false
2142	}	2294	}
		2295	case "RSAES-OAEP":
		2296	if !runRSAOAEPTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRSAESOAEP)) {
		2297	success = false
		2298	}
2143	case "RSASSA-PSS":	2299	case "RSASSA-PSS":
2144	if !runRSASSATestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRSASSA)) {	2300	if !runRSASSATestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupRSASSA)) {
2145	success = false	2301	success = false