From e267774d4f569b110ecae23e035c6827d9714931 Mon Sep 17 00:00:00 2001 From: tb Date: Sat, 15 Sep 2018 22:03:28 +0000 Subject: [PATCH] add a brief comment on the acceptable AES CCM and AES GCM cases --- regress/lib/libcrypto/wycheproof/wycheproof.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/regress/lib/libcrypto/wycheproof/wycheproof.go b/regress/lib/libcrypto/wycheproof/wycheproof.go index 6cb853ad6fa..649e4e67f19 100644 --- a/regress/lib/libcrypto/wycheproof/wycheproof.go +++ b/regress/lib/libcrypto/wycheproof/wycheproof.go @@ -1,4 +1,4 @@ -/* $OpenBSD: wycheproof.go,v 1.50 2018/09/15 19:12:31 tb Exp $ */ +/* $OpenBSD: wycheproof.go,v 1.51 2018/09/15 22:03:28 tb Exp $ */ /* * Copyright (c) 2018 Joel Sing * Copyright (c) 2018 Theo Buehler @@ -567,7 +567,13 @@ func checkAesCcmOrGcm(algorithm string, ctx *C.EVP_CIPHER_CTX, doEncrypt int, ke fmt.Printf("FAIL: Test case %d (%q) [%v] - EVP_CIPHER_CTX_ctrl() = %d, want %v\n", wt.TCID, wt.Comment, action, ret, wt.Result) return false } - // XXX audit acceptable cases... + + // There are no acceptable CCM cases. All acceptable GCM test + // pass. They have len(IV) <= 48. NIST SP 800-38D, 5.2.1.1, p.8, + // allows 1 <= len(IV) 2^64-1, but notes: + // "For IVs it is recommended that implementations restrict + // support to the length of 96 bits, to promote + // interoperability, efficiency and simplicity of design." if bytes.Equal(tagOut, tag) != (wt.Result == "valid" || wt.Result == "acceptable") { fmt.Printf("FAIL: Test case %d (%q) [%v] - expected and computed tag do not match - ret: %d, Result: %v\n", wt.TCID, wt.Comment, action, ret, wt.Result) success = false -- 2.20.1