1 files changed, 95 insertions, 1 deletions
diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
index f37aede93c..0babddaa1d 100644
--- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go
+++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
-/* $OpenBSD: wycheproof.go,v 1.101 2019/11/28 16:54:00 tb Exp $ */
+/* $OpenBSD: wycheproof.go,v 1.102 2019/11/28 21:35:47 tb Exp $ */
 /*
 * Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org>
@@ -33,6 +33,7 @@ package main
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
 #include <openssl/evp.h>
+#include <openssl/hkdf.h>
 #include <openssl/objects.h>
 #include <openssl/pem.h>
 #include <openssl/x509.h>
@@ -238,6 +239,24 @@ type wycheproofTestGroupECDSAWebCrypto struct {
        Tests  []*wycheproofTestECDSA `json:"tests"`
 }
+type wycheproofTestHkdf struct {
+        TCID    int      `json:"tcId"`
+        Comment string   `json:"comment"`
+        Ikm     string   `json:"ikm"`
+        Salt    string   `json:"salt"`
+        Info    string   `json:"info"`
+        Size    int      `json:"size"`
+        Okm     string   `json:"okm"`
+        Result  string   `json:"result"`
+        Flags   []string `json:"flags"`
+}
+type wycheproofTestGroupHkdf struct {
+        Type    string                `json:"type"`
+        KeySize int                   `json:"keySize"`
+        Tests   []*wycheproofTestHkdf `json:"tests"`
+}
 type wycheproofTestKW struct {
        TCID    int      `json:"tcId"`
        Comment string   `json:"comment"`
@@ -1835,6 +1854,74 @@ func runKWTestUnWrap(keySize int, key []byte, keyLen int, msg []byte, msgLen int
        return success
 }
+func runHkdfTest(md *C.EVP_MD, wt *wycheproofTestHkdf) bool {
+        ikm, err := hex.DecodeString(wt.Ikm)
+        if err != nil {
+                log.Fatalf("Failed to decode ikm %q: %v", wt.Ikm, err)
+        }
+        salt, err := hex.DecodeString(wt.Salt)
+        if err != nil {
+                log.Fatalf("Failed to decode salt %q: %v", wt.Salt, err)
+        }
+        info, err := hex.DecodeString(wt.Info)
+        if err != nil {
+                log.Fatalf("Failed to decode info %q: %v", wt.Info, err)
+        }
+        ikmLen, saltLen, infoLen := len(ikm), len(salt), len(info)
+        if ikmLen == 0 {
+                ikm = append(ikm, 0)
+        }
+        if saltLen == 0 {
+                salt = append(salt, 0)
+        }
+        if infoLen == 0 {
+                info = append(info, 0)
+        }
+        outLen := wt.Size
+        out := make([]byte, outLen)
+        if outLen == 0 {
+                out = append(out, 0)
+        }
+        ret := C.HKDF((*C.uchar)(unsafe.Pointer(&out[0])), C.size_t(outLen), md, (*C.uchar)(unsafe.Pointer(&ikm[0])), C.size_t(ikmLen), (*C.uchar)(&salt[0]), C.size_t(saltLen), (*C.uchar)(unsafe.Pointer(&info[0])), C.size_t(infoLen))
+        if ret != 1 {
+                success := wt.Result == "invalid"
+                if !success {
+                        fmt.Printf("FAIL: Test case %d (%q) %v - got %d, want %v\n", wt.TCID, wt.Comment, wt.Flags, ret, wt.Result)
+                }
+                return success
+        }
+        okm, err := hex.DecodeString(wt.Okm)
+        if err != nil {
+                log.Fatalf("Failed to decode okm %q: %v", wt.Okm, err)
+        }
+        if !bytes.Equal(out[:outLen], okm) {
+                fmt.Printf("FAIL: Test case %d (%q) %v - expected and computed output don't match: %v", wt.TCID, wt.Comment, wt.Flags, wt.Result)
+        }
+        return wt.Result == "valid"
+}
+func runHkdfTestGroup(algorithm string, wtg *wycheproofTestGroupHkdf) bool {
+        fmt.Printf("Running %v test group %v with key size %d...\n", algorithm, wtg.Type, wtg.KeySize)
+        md, err := hashEvpMdFromString(strings.TrimPrefix(algorithm, "HKDF-"))
+        if err != nil {
+                log.Fatalf("Failed to get hash: %v", err)
+        }
+        success := true
+        for _, wt := range wtg.Tests {
+                if !runHkdfTest(md, wt) {
+                        success = false
+                }
+        }
+        return success
+}
 func runKWTest(keySize int, wt *wycheproofTestKW) bool {
        key, err := hex.DecodeString(wt.Key)
        if err != nil {
@@ -2338,6 +2425,8 @@ func runTestVectors(path string, webcrypto bool) bool {
                } else {
                        wtg = &wycheproofTestGroupECDSA{}
                }
+        case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":
+                wtg = &wycheproofTestGroupHkdf{}
        case "KW":
                wtg = &wycheproofTestGroupKW{}
        case "RSAES-OAEP":
@@ -2411,6 +2500,10 @@ func runTestVectors(path string, webcrypto bool) bool {
                                        success = false
                                }
                        }
+                case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":
+                        if !runHkdfTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupHkdf)) {
+                                success = false
+                        }
                case "KW":
                        if !runKWTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupKW)) {
                                success = false
@@ -2475,6 +2568,7 @@ func main() {
                {"ECDHWebCrypto", "ecdh_w*_test.json"},
                {"ECDSA", "ecdsa_[^w]*test.json"},
                {"ECDSAWebCrypto", "ecdsa_w*_test.json"},
+                {"HKDF", "hkdf_sha*_test.json"},
                {"KW", "kw_test.json"},
                {"RSA", "rsa_*test.json"},
                {"X25519", "x25519_test.json"},

diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index f37aede93c..0babddaa1d 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go
@@ -1,4 +1,4 @@
1	/* $OpenBSD: wycheproof.go,v 1.101 2019/11/28 16:54:00 tb Exp $ */	1	/* $OpenBSD: wycheproof.go,v 1.102 2019/11/28 21:35:47 tb Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018, 2019 Theo Buehler <tb@openbsd.org>
@@ -33,6 +33,7 @@ package main
33	#include <openssl/ec.h>	33	#include <openssl/ec.h>
34	#include <openssl/ecdsa.h>	34	#include <openssl/ecdsa.h>
35	#include <openssl/evp.h>	35	#include <openssl/evp.h>
		36	#include <openssl/hkdf.h>
36	#include <openssl/objects.h>	37	#include <openssl/objects.h>
37	#include <openssl/pem.h>	38	#include <openssl/pem.h>
38	#include <openssl/x509.h>	39	#include <openssl/x509.h>
@@ -238,6 +239,24 @@ type wycheproofTestGroupECDSAWebCrypto struct {
238	Tests []*wycheproofTestECDSA `json:"tests"`	239	Tests []*wycheproofTestECDSA `json:"tests"`
239	}	240	}
240		241
		242	type wycheproofTestHkdf struct {
		243	TCID int `json:"tcId"`
		244	Comment string `json:"comment"`
		245	Ikm string `json:"ikm"`
		246	Salt string `json:"salt"`
		247	Info string `json:"info"`
		248	Size int `json:"size"`
		249	Okm string `json:"okm"`
		250	Result string `json:"result"`
		251	Flags []string `json:"flags"`
		252	}
		253
		254	type wycheproofTestGroupHkdf struct {
		255	Type string `json:"type"`
		256	KeySize int `json:"keySize"`
		257	Tests []*wycheproofTestHkdf `json:"tests"`
		258	}
		259
241	type wycheproofTestKW struct {	260	type wycheproofTestKW struct {
242	TCID int `json:"tcId"`	261	TCID int `json:"tcId"`
243	Comment string `json:"comment"`	262	Comment string `json:"comment"`
@@ -1835,6 +1854,74 @@ func runKWTestUnWrap(keySize int, key []byte, keyLen int, msg []byte, msgLen int
1835	return success	1854	return success
1836	}	1855	}
1837		1856
		1857	func runHkdfTest(md C.EVP_MD, wt wycheproofTestHkdf) bool {
		1858	ikm, err := hex.DecodeString(wt.Ikm)
		1859	if err != nil {
		1860	log.Fatalf("Failed to decode ikm %q: %v", wt.Ikm, err)
		1861	}
		1862	salt, err := hex.DecodeString(wt.Salt)
		1863	if err != nil {
		1864	log.Fatalf("Failed to decode salt %q: %v", wt.Salt, err)
		1865	}
		1866	info, err := hex.DecodeString(wt.Info)
		1867	if err != nil {
		1868	log.Fatalf("Failed to decode info %q: %v", wt.Info, err)
		1869	}
		1870
		1871	ikmLen, saltLen, infoLen := len(ikm), len(salt), len(info)
		1872	if ikmLen == 0 {
		1873	ikm = append(ikm, 0)
		1874	}
		1875	if saltLen == 0 {
		1876	salt = append(salt, 0)
		1877	}
		1878	if infoLen == 0 {
		1879	info = append(info, 0)
		1880	}
		1881
		1882	outLen := wt.Size
		1883	out := make([]byte, outLen)
		1884	if outLen == 0 {
		1885	out = append(out, 0)
		1886	}
		1887
		1888	ret := C.HKDF((C.uchar)(unsafe.Pointer(&out[0])), C.size_t(outLen), md, (C.uchar)(unsafe.Pointer(&ikm[0])), C.size_t(ikmLen), (C.uchar)(&salt[0]), C.size_t(saltLen), (C.uchar)(unsafe.Pointer(&info[0])), C.size_t(infoLen))
		1889
		1890	if ret != 1 {
		1891	success := wt.Result == "invalid"
		1892	if !success {
		1893	fmt.Printf("FAIL: Test case %d (%q) %v - got %d, want %v\n", wt.TCID, wt.Comment, wt.Flags, ret, wt.Result)
		1894	}
		1895	return success
		1896	}
		1897
		1898	okm, err := hex.DecodeString(wt.Okm)
		1899	if err != nil {
		1900	log.Fatalf("Failed to decode okm %q: %v", wt.Okm, err)
		1901	}
		1902	if !bytes.Equal(out[:outLen], okm) {
		1903	fmt.Printf("FAIL: Test case %d (%q) %v - expected and computed output don't match: %v", wt.TCID, wt.Comment, wt.Flags, wt.Result)
		1904	}
		1905
		1906	return wt.Result == "valid"
		1907	}
		1908
		1909	func runHkdfTestGroup(algorithm string, wtg *wycheproofTestGroupHkdf) bool {
		1910	fmt.Printf("Running %v test group %v with key size %d...\n", algorithm, wtg.Type, wtg.KeySize)
		1911	md, err := hashEvpMdFromString(strings.TrimPrefix(algorithm, "HKDF-"))
		1912	if err != nil {
		1913	log.Fatalf("Failed to get hash: %v", err)
		1914	}
		1915
		1916	success := true
		1917	for _, wt := range wtg.Tests {
		1918	if !runHkdfTest(md, wt) {
		1919	success = false
		1920	}
		1921	}
		1922	return success
		1923	}
		1924
1838	func runKWTest(keySize int, wt *wycheproofTestKW) bool {	1925	func runKWTest(keySize int, wt *wycheproofTestKW) bool {
1839	key, err := hex.DecodeString(wt.Key)	1926	key, err := hex.DecodeString(wt.Key)
1840	if err != nil {	1927	if err != nil {
@@ -2338,6 +2425,8 @@ func runTestVectors(path string, webcrypto bool) bool {
2338	} else {	2425	} else {
2339	wtg = &wycheproofTestGroupECDSA{}	2426	wtg = &wycheproofTestGroupECDSA{}
2340	}	2427	}
		2428	case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":
		2429	wtg = &wycheproofTestGroupHkdf{}
2341	case "KW":	2430	case "KW":
2342	wtg = &wycheproofTestGroupKW{}	2431	wtg = &wycheproofTestGroupKW{}
2343	case "RSAES-OAEP":	2432	case "RSAES-OAEP":
@@ -2411,6 +2500,10 @@ func runTestVectors(path string, webcrypto bool) bool {
2411	success = false	2500	success = false
2412	}	2501	}
2413	}	2502	}
		2503	case "HKDF-SHA-1", "HKDF-SHA-256", "HKDF-SHA-384", "HKDF-SHA-512":
		2504	if !runHkdfTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupHkdf)) {
		2505	success = false
		2506	}
2414	case "KW":	2507	case "KW":
2415	if !runKWTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupKW)) {	2508	if !runKWTestGroup(wtv.Algorithm, wtg.(*wycheproofTestGroupKW)) {
2416	success = false	2509	success = false
@@ -2475,6 +2568,7 @@ func main() {
2475	{"ECDHWebCrypto", "ecdh_w*_test.json"},	2568	{"ECDHWebCrypto", "ecdh_w*_test.json"},
2476	{"ECDSA", "ecdsa_[^w]*test.json"},	2569	{"ECDSA", "ecdsa_[^w]*test.json"},
2477	{"ECDSAWebCrypto", "ecdsa_w*_test.json"},	2570	{"ECDSAWebCrypto", "ecdsa_w*_test.json"},
		2571	{"HKDF", "hkdf_sha*_test.json"},
2478	{"KW", "kw_test.json"},	2572	{"KW", "kw_test.json"},
2479	{"RSA", "rsa_*test.json"},	2573	{"RSA", "rsa_*test.json"},
2480	{"X25519", "x25519_test.json"},	2574	{"X25519", "x25519_test.json"},