From a3f161c147cd509acc8ccca825d8ba06ff6486a6 Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 22 Sep 2018 00:10:18 +0000 Subject: [PATCH] Introduce a couple of convenience targets to help with auditing the acceptable cases. --- regress/lib/libcrypto/wycheproof/Makefile | 11 ++++-- .../lib/libcrypto/wycheproof/wycheproof.go | 35 +++++++++++++++++-- 2 files changed, 41 insertions(+), 5 deletions(-) diff --git a/regress/lib/libcrypto/wycheproof/Makefile b/regress/lib/libcrypto/wycheproof/Makefile index e7338cb1f04..4359db438c8 100644 --- a/regress/lib/libcrypto/wycheproof/Makefile +++ b/regress/lib/libcrypto/wycheproof/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2018/07/25 18:04:09 jsing Exp $ +# $OpenBSD: Makefile,v 1.2 2018/09/22 00:10:18 tb Exp $ GO_VERSION != sh -c "(go version) 2>/dev/null || true" @@ -11,8 +11,15 @@ regress: CLEANFILES+=wycheproof REGRESS_TARGETS=regress-wycheproof -regress-wycheproof: +audit: wycheproof + ./wycheproof -v + +wycheproof: wycheproof.go go build -o wycheproof ${.CURDIR}/wycheproof.go + +regress-wycheproof: wycheproof ./wycheproof +.PHONY: audit + .include diff --git a/regress/lib/libcrypto/wycheproof/wycheproof.go b/regress/lib/libcrypto/wycheproof/wycheproof.go index 313965d2605..adf147651d5 100644 --- a/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/regress/lib/libcrypto/wycheproof/wycheproof.go @@ -1,4 +1,4 @@ -/* $OpenBSD: wycheproof.go,v 1.58 2018/09/21 23:16:16 tb Exp $ */ +/* $OpenBSD: wycheproof.go,v 1.59 2018/09/22 00:10:18 tb Exp $ */ /* * Copyright (c) 2018 Joel Sing * Copyright (c) 2018 Theo Buehler @@ -46,6 +46,7 @@ import ( "crypto/sha512" "encoding/hex" "encoding/json" + "flag" "fmt" "hash" "io/ioutil" @@ -56,6 +57,7 @@ import ( ) const testVectorPath = "/usr/local/share/wycheproof/testvectors" +var acceptableAudit = false type wycheproofTestGroupAesCbcPkcs5 struct { IVSize int `json:"ivSize"` @@ -369,6 +371,9 @@ func checkAesCbcPkcs5(ctx *C.EVP_CIPHER_CTX, doEncrypt int, key []byte, keyLen i success := false if bytes.Equal(openedMsg, out) || wt.Result == "invalid" { success = true + if acceptableAudit && wt.Result == "acceptable" { + fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) + } } else { fmt.Printf("FAIL: Test case %d (%q) [%v] %v - msg match: %t; want %v\n", wt.TCID, wt.Comment, wt.Flags, action, bytes.Equal(openedMsg, out), wt.Result) } @@ -578,6 +583,9 @@ func checkAesAead(algorithm string, ctx *C.EVP_CIPHER_CTX, doEncrypt int, key [] fmt.Printf("FAIL: Test case %d (%q) [%v] %v - expected and computed tag do not match - ret: %d, Result: %v\n", wt.TCID, wt.Comment, wt.Flags, action, ret, wt.Result) success = false } + if success && acceptableAudit && wt.Result == "acceptable" { + fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) + } } return success } @@ -1131,7 +1139,13 @@ func runECDHTest(nid int, doECpoint bool, wt *wycheproofTestECDH) bool { C.free(unsafe.Pointer(Cpub)) if pubKey == nil { - if wt.Result == "invalid" || wt.Result == "acceptable" { + if wt.Result == "invalid" { + return true + } + if wt.Result == "acceptable" { + if acceptableAudit { + fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) + } return true } fmt.Printf("FAIL: Test case %d (%q) - ASN decoding failed: want %v\n", wt.TCID, wt.Comment, wt.Result) @@ -1229,6 +1243,9 @@ func runECDSATest(ecKey *C.EC_KEY, nid int, h hash.Hash, wt *wycheproofTestECDSA fmt.Printf("FAIL: Test case %d (%q) - ECDSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, int(ret), wt.Result) success = false } + if success && acceptableAudit && wt.Result == "acceptable" { + fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) + } return success } @@ -1327,9 +1344,12 @@ func runRSASSATest(rsa *C.RSA, h hash.Hash, sha *C.EVP_MD, mgfSha *C.EVP_MD, sLe ret = C.RSA_verify_PKCS1_PSS_mgf1(rsa, (*C.uchar)(unsafe.Pointer(&msg[0])), sha, mgfSha, (*C.uchar)(unsafe.Pointer(&sigOut[0])), C.int(sLen)) - // XX: audit acceptable cases... + // XXX: audit acceptable cases... success := false if ret == 1 && (wt.Result == "valid" || wt.Result == "acceptable") { + if acceptableAudit && wt.Result == "acceptable" { + fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) + } success = true } else if ret == 0 && (wt.Result == "invalid" || wt.Result == "acceptable") { success = true @@ -1415,6 +1435,9 @@ func runRSATest(rsa *C.RSA, nid int, h hash.Hash, wt *wycheproofTestRSA) bool { fmt.Printf("FAIL: Test case %d (%q) - RSA_verify() = %d, want %v\n", wt.TCID, wt.Comment, int(ret), wt.Result) success = false } + if success && acceptableAudit && wt.Result == "acceptable" { + fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) + } return success } @@ -1486,6 +1509,9 @@ func runX25519Test(wt *wycheproofTestX25519) bool { fmt.Printf("FAIL: Test case %d (%q) - X25519(), want %v\n", wt.TCID, wt.Comment, wt.Result) success = false } + if success && acceptableAudit && wt.Result == "acceptable" { + fmt.Printf("AUDIT: Test case %d (%q) %v\n", wt.TCID, wt.Comment, wt.Flags) + } return success } @@ -1604,6 +1630,9 @@ func main() { os.Exit(0) } + flag.BoolVar(&acceptableAudit, "v", false, "audit acceptable cases") + flag.Parse() + tests := []struct { name string pattern string -- 2.20.1