From 976d6ec143a65509f93ab589df3f2e3f52ebeb30 Mon Sep 17 00:00:00 2001 From: tb <> Date: Sat, 15 Sep 2018 22:03:28 +0000 Subject: add a brief comment on the acceptable AES CCM and AES GCM cases --- src/regress/lib/libcrypto/wycheproof/wycheproof.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/regress/lib/libcrypto/wycheproof/wycheproof.go b/src/regress/lib/libcrypto/wycheproof/wycheproof.go index 6cb853ad6f..649e4e67f1 100644 --- a/src/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/src/regress/lib/libcrypto/wycheproof/wycheproof.go @@ -1,4 +1,4 @@ -/* $OpenBSD: wycheproof.go,v 1.50 2018/09/15 19:12:31 tb Exp $ */ +/* $OpenBSD: wycheproof.go,v 1.51 2018/09/15 22:03:28 tb Exp $ */ /* * Copyright (c) 2018 Joel Sing * Copyright (c) 2018 Theo Buehler @@ -567,7 +567,13 @@ func checkAesCcmOrGcm(algorithm string, ctx *C.EVP_CIPHER_CTX, doEncrypt int, ke fmt.Printf("FAIL: Test case %d (%q) [%v] - EVP_CIPHER_CTX_ctrl() = %d, want %v\n", wt.TCID, wt.Comment, action, ret, wt.Result) return false } - // XXX audit acceptable cases... + + // There are no acceptable CCM cases. All acceptable GCM test + // pass. They have len(IV) <= 48. NIST SP 800-38D, 5.2.1.1, p.8, + // allows 1 <= len(IV) 2^64-1, but notes: + // "For IVs it is recommended that implementations restrict + // support to the length of 96 bits, to promote + // interoperability, efficiency and simplicity of design." if bytes.Equal(tagOut, tag) != (wt.Result == "valid" || wt.Result == "acceptable") { fmt.Printf("FAIL: Test case %d (%q) [%v] - expected and computed tag do not match - ret: %d, Result: %v\n", wt.TCID, wt.Comment, action, ret, wt.Result) success = false -- cgit v1.2.3-55-g6feb