kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Teach evp_test to verify by round-tripping.

Browse Source 
We have no tests for encryption right now, and evp_tests.txt needs to
force RSA-PSS to have salt length 0, even though other salt values are
more common. This also lets us test the salt length -2 silliness.

Change-Id: I30f52d36c38732c9b63a02c66ada1d08488417d4
Reviewed-on: https://boringssl-review.googlesource.com/19965
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
This commit is contained in:
David Benjamin 2017-09-03 12:56:14 -04:00 committed by CQ bot account: commit-bot@chromium.org
parent 8459d06599
commit 24e36099ce
2 changed files with 99 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
crypto/evp/evp_test.cc
View File

@ -261,6 +261,9 @@ static bool TestEVP(FileTest *t, KeyMap *key_map) {
} else if (t->GetType() == "VerifyMessage") {
md_op_init = EVP_DigestVerifyInit;
is_verify = true;
} else if (t->GetType() == "Encrypt") {
key_op_init = EVP_PKEY_encrypt_init;
key_op = EVP_PKEY_encrypt;
} else {
ADD_FAILURE() << "Unknown test " << t->GetType();
return false;
@ -338,8 +341,58 @@ static bool TestEVP(FileTest *t, KeyMap *key_map) {
return false;
}
actual.resize(len);
if (!key_op(ctx.get(), actual.data(), &len, input.data(), input.size()) ||
!t->GetBytes(&output, "Output")) {
if (!key_op(ctx.get(), actual.data(), &len, input.data(), input.size())) {
return false;
}
// Encryption is non-deterministic, so we check by decrypting.
if (t->HasAttribute("CheckDecrypt")) {
size_t plaintext_len;
ctx.reset(EVP_PKEY_CTX_new(key, nullptr));
if (!ctx ||
!EVP_PKEY_decrypt_init(ctx.get()) ||
(digest != nullptr &&
!EVP_PKEY_CTX_set_signature_md(ctx.get(), digest)) ||
!SetupContext(t, ctx.get()) ||
!EVP_PKEY_decrypt(ctx.get(), nullptr, &plaintext_len, actual.data(),
actual.size())) {
return false;
}
output.resize(plaintext_len);
if (!EVP_PKEY_decrypt(ctx.get(), output.data(), &plaintext_len,
actual.data(), actual.size())) {
ADD_FAILURE() << "Could not decrypt result.";
return false;
}
output.resize(plaintext_len);
EXPECT_EQ(Bytes(input), Bytes(output)) << "Decrypted result mismatch.";
return true;
}
// Some signature schemes are non-deterministic, so we check by verifying.
if (t->HasAttribute("CheckVerify")) {
ctx.reset(EVP_PKEY_CTX_new(key, nullptr));
if (!ctx ||
!EVP_PKEY_verify_init(ctx.get()) ||
(digest != nullptr &&
!EVP_PKEY_CTX_set_signature_md(ctx.get(), digest)) ||
!SetupContext(t, ctx.get())) {
return false;
}
if (t->HasAttribute("VerifyPSSSaltLength") &&
!EVP_PKEY_CTX_set_rsa_pss_saltlen(
ctx.get(),
atoi(t->GetAttributeOrDie("VerifyPSSSaltLength").c_str()))) {
return false;
}
EXPECT_TRUE(EVP_PKEY_verify(ctx.get(), actual.data(), actual.size(),
input.data(), input.size()))
<< "Could not verify result.";
return true;
}
// By default, check by comparing the result against Output.
if (!t->GetBytes(&output, "Output")) {
return false;
}
actual.resize(len);

44
crypto/evp/evp_tests.txt
View File

@ -261,6 +261,14 @@ Digest = SHA256
Input = "0123456789ABCDEF0123456789ABCDEF"
Output = 4de433d5844043ef08d354da03cb29068780d52706d7d1e4d50efb7d58c9d547d83a747ddd0635a96b28f854e50145518482cb49e963054621b53c60c498d07c16e9c2789c893cf38d4d86900de71bde463bd2761d1271e358c7480a1ac0bab930ddf39602ad1bc165b5d7436b516b7a7858e8eb7ab1c420eeb482f4d207f0e462b1724959320a084e13848d11d10fb593e66bf680bf6d3f345fc3e9c3de60abbac37e1c6ec80a268c8d9fc49626c679097aa690bc1aa662b95eb8db70390861aa0898229f9349b4b5fdd030d4928c47084708a933144be23bd3c6e661b85b2c0ef9ed36d498d5b7320e8194d363d4ad478c059bae804181965e0b81b663158a
# A non-zero salt length must be checked by round-tripping.
Sign = RSA-2048
RSAPadding = PSS
PSSSaltLength = 32
Digest = SHA256
Input = "0123456789ABCDEF0123456789ABCDEF"
CheckVerify
# Auto-detected salt length
Verify = RSA-2048-SPKI
RSAPadding = PSS
@ -269,6 +277,24 @@ Digest = SHA256
Input = "0123456789ABCDEF0123456789ABCDEF"
Output = 4de433d5844043ef08d354da03cb29068780d52706d7d1e4d50efb7d58c9d547d83a747ddd0635a96b28f854e50145518482cb49e963054621b53c60c498d07c16e9c2789c893cf38d4d86900de71bde463bd2761d1271e358c7480a1ac0bab930ddf39602ad1bc165b5d7436b516b7a7858e8eb7ab1c420eeb482f4d207f0e462b1724959320a084e13848d11d10fb593e66bf680bf6d3f345fc3e9c3de60abbac37e1c6ec80a268c8d9fc49626c679097aa690bc1aa662b95eb8db70390861aa0898229f9349b4b5fdd030d4928c47084708a933144be23bd3c6e661b85b2c0ef9ed36d498d5b7320e8194d363d4ad478c059bae804181965e0b81b663158a
# Signing with salt length -1 means to match the digest length.
Sign = RSA-2048
RSAPadding = PSS
PSSSaltLength = -1
VerifyPSSSaltLength = 32
Digest = SHA256
Input = "0123456789ABCDEF0123456789ABCDEF"
CheckVerify
# Signing with salt length -2 means to maximize the salt length.
Sign = RSA-2048
RSAPadding = PSS
PSSSaltLength = -2
VerifyPSSSaltLength = 222 # 256 - 32 - 2
Digest = SHA256
Input = "0123456789ABCDEF0123456789ABCDEF"
CheckVerify
# Wrong digest
Verify = RSA-2048-SPKI
RSAPadding = PSS
@ -496,6 +522,24 @@ RSAPadding = OAEP
Input = 458708dfbd42a1297ce7a9c86c7087ab80b1754810929b89c5107ca55368587686986fce94d86cc1595b3fb736223a656ec0f34d18ba1cc5665593610f56c58e26b272d584f3d983a5c91085700755aebd921fb280bba3eda7046ec07b43e7298e52d59edc92be4639a8ce08b2f85976ecf6d98cc469eeb9d5d8e2a32ea8a6626edafe1038b3df455668a9f3c77cad8b92fb872e00058c3d2a7ede1a1f03fc5622084ae04d9d24f6bf0995c58d35b93b699b9763595e123f2ab0863cc9229eb290e2ede7715c7a8f39e0b9a3e2e1b56ebb62f1cbfbb5986fb212ebd785b83d01d968b11d1756c7337f70c1f1a63bff03608e24f3a2fd44e67f832a8701c5d5ac
Error = OAEP_DECODING_ERROR
# Test that RSA encryption successfully round-trips through decryption
# with various parameters.
Encrypt = RSA-2048
Input = "Hello World"
CheckDecrypt
Encrypt = RSA-2048
RSAPadding = OAEP
Input = "Hello World"
CheckDecrypt
Encrypt = RSA-2048
RSAPadding = OAEP
OAEPDigest = SHA512
OAEPLabel = 00112233445566778899aabbccddeeff
Input = "Hello World"
CheckDecrypt
# EC tests