|
0 |
# rebuild:
|
|
1 |
# rm -f src/liballinone.a && touch CryptX.xs && make && perl -Mblib t/wycheproof.t
|
|
2 |
|
|
3 |
use strict;
|
|
4 |
use warnings;
|
|
5 |
|
|
6 |
use Test::More;
|
|
7 |
|
|
8 |
plan skip_all => "No JSON::* module installed" unless eval { require JSON::PP } || eval { require JSON::XS } || eval { require Cpanel::JSON::XS };
|
|
9 |
plan tests => 762;
|
|
10 |
|
|
11 |
use CryptX;
|
|
12 |
use Crypt::Misc 'read_rawfile';
|
|
13 |
|
|
14 |
if (1) {
|
|
15 |
use Crypt::AuthEnc::GCM qw(gcm_encrypt_authenticate gcm_decrypt_verify);
|
|
16 |
|
|
17 |
my $tests = CryptX::_decode_json read_rawfile 't/wycheproof/aes_gcm_test.json';
|
|
18 |
for my $g (@{$tests->{testGroups}}) {
|
|
19 |
my $type = $g->{type};
|
|
20 |
for my $t (@{$g->{tests}}) {
|
|
21 |
my $tcId = $t->{tcId}; # 1
|
|
22 |
my $comment = $t->{comment}; # ""
|
|
23 |
my $result = $t->{result}; # "valid"
|
|
24 |
my $aad = pack "H*", $t->{aad}; # "6578616d706c65"
|
|
25 |
my $ct = pack "H*", $t->{ct}; # "5d349ead175ef6b1def6fd"
|
|
26 |
my $iv = pack "H*", $t->{iv}; # "752abad3e0afb5f434dc4310"
|
|
27 |
my $key = pack "H*", $t->{key}; # "ee8e1ed9ff2540ae8f2ba9f50bc2f27c"
|
|
28 |
my $msg = pack "H*", $t->{msg}; # "48656c6c6f20776f726c64"
|
|
29 |
my $tag = pack "H*", $t->{tag}; # "4fbcdeb7e4793f4a1d7e4faa70100af1"
|
|
30 |
# do the test
|
|
31 |
my ($ct2, $tag2) = eval { gcm_encrypt_authenticate('AES', $key, $iv, $aad, $msg) };
|
|
32 |
my $pt2 = eval { gcm_decrypt_verify('AES', $key, $iv, $aad, $ct, $tag) };
|
|
33 |
my $testname = "type=$type tcId=$tcId comment='$comment' expected-result=$result";
|
|
34 |
if ($result eq 'valid') {
|
|
35 |
is(unpack("H*", $ct2), $t->{ct}, "$testname CT-v");
|
|
36 |
is(unpack("H*", $tag2), $t->{tag}, "$testname TAG-v");
|
|
37 |
is(unpack("H*", $pt2), $t->{msg}, "$testname PT-v");
|
|
38 |
}
|
|
39 |
elsif ($result eq 'invalid') {
|
|
40 |
#isnt(unpack("H*", $ct2), $t->{ct}, "$testname CT-i");
|
|
41 |
#isnt(unpack("H*", $tag2), $t->{tag}, "$testname TAG-i");
|
|
42 |
is($pt2, undef, "$testname PT-i");
|
|
43 |
}
|
|
44 |
else {
|
|
45 |
ok(0, "UNEXPECTED result=$result");
|
|
46 |
}
|
|
47 |
}
|
|
48 |
}
|
|
49 |
}
|
|
50 |
|
|
51 |
if (1) {
|
|
52 |
use Crypt::PK::RSA;
|
|
53 |
|
|
54 |
my $tests = CryptX::_decode_json read_rawfile 't/wycheproof/rsa_signature_test.json';
|
|
55 |
for my $g (@{$tests->{testGroups}}) {
|
|
56 |
my $type = $g->{type};
|
|
57 |
my $keyDer = pack "H*", $g->{keyDer};
|
|
58 |
my $keyPem = $g->{keyPem};
|
|
59 |
my $sha = $g->{sha};
|
|
60 |
$sha =~ s/-//g; # SHA-1 >> SHA1
|
|
61 |
ok(Crypt::PK::RSA->new( \$keyDer ), "Crypt::PK::RSA->new + DER type: $type/$sha");
|
|
62 |
ok(Crypt::PK::RSA->new( \$keyPem ), "Crypt::PK::RSA->new + PEM type: $type/$sha");
|
|
63 |
for my $t (@{$g->{tests}}) {
|
|
64 |
my $tcId = $t->{tcId};
|
|
65 |
my $comment = $t->{comment};
|
|
66 |
my $result = $t->{result};
|
|
67 |
my $message = pack "H*", $t->{message};
|
|
68 |
my $sig = pack "H*", $t->{sig};
|
|
69 |
# do the test
|
|
70 |
my $testname = "type=$type/$sha tcId=$tcId comment='$comment' expected-result=$result";
|
|
71 |
my $pk = Crypt::PK::RSA->new( \$keyPem );
|
|
72 |
my $valid = $pk->verify_message($sig, $message, $sha,"v1.5");
|
|
73 |
if ($result eq 'valid' || $result eq 'acceptable') {
|
|
74 |
ok($valid, $testname);
|
|
75 |
}
|
|
76 |
elsif ($result eq 'invalid') {
|
|
77 |
ok(!$valid, $testname);
|
|
78 |
}
|
|
79 |
else {
|
|
80 |
ok(0, "UNEXPECTED result=$result");
|
|
81 |
}
|
|
82 |
}
|
|
83 |
}
|
|
84 |
}
|
|
85 |
|
|
86 |
if (1) {
|
|
87 |
use Crypt::PK::DSA;
|
|
88 |
|
|
89 |
my $tests = CryptX::_decode_json read_rawfile 't/wycheproof/dsa_test.json';
|
|
90 |
for my $g (@{$tests->{testGroups}}) {
|
|
91 |
my $type = $g->{type}; # "DSAVer"
|
|
92 |
my $keyDer = pack "H*", $g->{keyDer};
|
|
93 |
my $keyPem = $g->{keyPem};
|
|
94 |
my $sha = $g->{sha}; # "SHA-1"
|
|
95 |
$sha =~ s/-//g; # SHA-1 >> SHA1
|
|
96 |
ok(Crypt::PK::DSA->new( \$keyDer ), "Crypt::PK::DSA->new + DER type=$type/$sha");
|
|
97 |
ok(Crypt::PK::DSA->new( \$keyPem ), "Crypt::PK::DSA->new + PEM type=$type/$sha");
|
|
98 |
for my $t (@{$g->{tests}}) {
|
|
99 |
my $tcId = $t->{tcId};
|
|
100 |
my $comment = $t->{comment};
|
|
101 |
my $result = $t->{result};
|
|
102 |
my $message = pack "H*", $t->{message};
|
|
103 |
my $sig = pack "H*", $t->{sig};
|
|
104 |
# skip unsupported tests:
|
|
105 |
next if $tcId==12 && $result eq 'acceptable' && $comment eq "Legacy:ASN encoding of s misses leading 0";
|
|
106 |
next if $tcId==13 && $result eq 'acceptable' && $comment eq "BER:long form encoding of length";
|
|
107 |
next if $tcId==14 && $result eq 'acceptable' && $comment eq "BER:long form encoding of length";
|
|
108 |
next if $tcId==15 && $result eq 'acceptable' && $comment eq "BER:long form encoding of length";
|
|
109 |
next if $tcId==16 && $result eq 'acceptable' && $comment eq "BER:length contains leading 0";
|
|
110 |
next if $tcId==17 && $result eq 'acceptable' && $comment eq "BER:length contains leading 0";
|
|
111 |
next if $tcId==18 && $result eq 'acceptable' && $comment eq "BER:length contains leading 0";
|
|
112 |
next if $tcId==19 && $result eq 'acceptable' && $comment eq "BER:indefinite length";
|
|
113 |
next if $tcId==20 && $result eq 'acceptable' && $comment eq "BER:prepending 0's to integer";
|
|
114 |
next if $tcId==21 && $result eq 'acceptable' && $comment eq "BER:prepending 0's to integer";
|
|
115 |
# do the test
|
|
116 |
my $testname = "type=$type/$sha tcId=$tcId comment='$comment' expected-result=$result";
|
|
117 |
my $pk = Crypt::PK::DSA->new( \$keyPem );
|
|
118 |
my $valid = $pk->verify_message($sig, $message, $sha);
|
|
119 |
if ($result eq 'valid' || $result eq 'acceptable') {
|
|
120 |
ok($valid, $testname);
|
|
121 |
}
|
|
122 |
elsif ($result eq 'invalid') {
|
|
123 |
ok(!$valid, $testname);
|
|
124 |
}
|
|
125 |
else {
|
|
126 |
ok(0, "UNEXPECTED result=$result");
|
|
127 |
}
|
|
128 |
}
|
|
129 |
}
|
|
130 |
}
|
|
131 |
|
|
132 |
if (0) {
|
|
133 |
#XXX-TODO:
|
|
134 |
# not ok 749 - type=ECDSAVer/SHA256 tcId=50 comment='appending unused 0's' expected-result=invalid verify_message=1
|
|
135 |
# not ok 819 - type=ECDSAVer/SHA256 tcId=120 comment='Modified r or s, e.g. by adding or subtracting the order of the group' expected-result=invalid verify_message=1
|
|
136 |
# not ok 820 - type=ECDSAVer/SHA256 tcId=121 comment='Modified r or s, e.g. by adding or subtracting the order of the group' expected-result=invalid verify_message=1
|
|
137 |
# not ok 821 - type=ECDSAVer/SHA256 tcId=122 comment='Modified r or s, e.g. by adding or subtracting the order of the group' expected-result=invalid verify_message=1
|
|
138 |
|
|
139 |
use Crypt::PK::ECC;
|
|
140 |
|
|
141 |
my $tests = CryptX::_decode_json read_rawfile 't/wycheproof/ecdsa_test.json';
|
|
142 |
for my $g (@{$tests->{testGroups}}) {
|
|
143 |
my $type = $g->{type};
|
|
144 |
my $keyDer = pack "H*", $g->{keyDer};
|
|
145 |
my $keyPem = $g->{keyPem};
|
|
146 |
my $sha = $g->{sha};
|
|
147 |
$sha =~ s/-//g; # SHA-1 >> SHA1
|
|
148 |
ok(Crypt::PK::ECC->new( \$keyDer ), "Crypt::PK::ECC->new + DER type=$type/$sha");
|
|
149 |
ok(Crypt::PK::ECC->new( \$keyPem ), "Crypt::PK::ECC->new + PEM type=$type/$sha");
|
|
150 |
for my $t (@{$g->{tests}}) {
|
|
151 |
my $tcId = $t->{tcId};
|
|
152 |
my $comment = $t->{comment};
|
|
153 |
my $result = $t->{result};
|
|
154 |
my $message = pack "H*", $t->{message};
|
|
155 |
my $sig = pack "H*", $t->{sig};
|
|
156 |
# do the test
|
|
157 |
my $testname = "type=$type/$sha tcId=$tcId comment='$comment' expected-result=$result";
|
|
158 |
my $pk = Crypt::PK::ECC->new( \$keyPem );
|
|
159 |
my $valid = $pk->verify_message($sig, $message, $sha);
|
|
160 |
if ($result eq 'valid') {
|
|
161 |
ok($valid, "$testname verify_message=$valid");
|
|
162 |
}
|
|
163 |
elsif ($result eq 'acceptable') {
|
|
164 |
#XXX-TODO
|
|
165 |
#ok($valid, "$testname verify_message=$valid");
|
|
166 |
}
|
|
167 |
elsif ($result eq 'invalid') {
|
|
168 |
ok(!$valid, "$testname verify_message=$valid");
|
|
169 |
}
|
|
170 |
else {
|
|
171 |
ok(0, "UNEXPECTED result=$result");
|
|
172 |
}
|
|
173 |
}
|
|
174 |
}
|
|
175 |
}
|
|
176 |
|
|
177 |
if (0) {
|
|
178 |
use Crypt::PK::ECC;
|
|
179 |
|
|
180 |
my $tests = CryptX::_decode_json read_rawfile 't/wycheproof/ecdsa_webcrypto_test.json';
|
|
181 |
for my $g (@{$tests->{testGroups}}) {
|
|
182 |
my $type = $g->{type};
|
|
183 |
my $keyDer = pack "H*", $g->{keyDer};
|
|
184 |
my $keyPem = $g->{keyPem};
|
|
185 |
my $sha = $g->{sha};
|
|
186 |
my $jwk = $g->{jwk};
|
|
187 |
$sha =~ s/-//g; # SHA-1 >> SHA1
|
|
188 |
ok(Crypt::PK::ECC->new( \$keyDer ), "Crypt::PK::ECC->new + DER type=$type/$sha");
|
|
189 |
ok(Crypt::PK::ECC->new( \$keyPem ), "Crypt::PK::ECC->new + PEM type=$type/$sha");
|
|
190 |
ok(Crypt::PK::ECC->new( $jwk ), "Crypt::PK::ECC->new + JWK type=$type/$sha");
|
|
191 |
for my $t (@{$g->{tests}}) {
|
|
192 |
my $tcId = $t->{tcId};
|
|
193 |
my $comment = $t->{comment};
|
|
194 |
my $result = $t->{result};
|
|
195 |
my $message = pack "H*", $t->{message};
|
|
196 |
my $sig = pack "H*", $t->{sig};
|
|
197 |
# do the test
|
|
198 |
my $testname = "type=$type/$sha tcId=$tcId comment='$comment' expected-result=$result";
|
|
199 |
my $pk = Crypt::PK::ECC->new( \$keyPem );
|
|
200 |
my $valid = $pk->verify_message($sig, $message, $sha);
|
|
201 |
if ($result eq 'valid') {
|
|
202 |
ok($valid, "$testname verify_message=$valid");
|
|
203 |
}
|
|
204 |
elsif ($result eq 'acceptable') {
|
|
205 |
#XXX-TODO
|
|
206 |
#ok($valid, "$testname verify_message=$valid");
|
|
207 |
}
|
|
208 |
elsif ($result eq 'invalid') {
|
|
209 |
ok(!$valid, "$testname verify_message=$valid");
|
|
210 |
}
|
|
211 |
else {
|
|
212 |
ok(0, "UNEXPECTED result=$result");
|
|
213 |
}
|
|
214 |
}
|
|
215 |
}
|
|
216 |
}
|
|
217 |
|
|
218 |
if (1) {
|
|
219 |
use Crypt::PK::ECC;
|
|
220 |
|
|
221 |
my $tests = CryptX::_decode_json read_rawfile 't/wycheproof/ecdh_webcrypto_test.json';
|
|
222 |
for my $g (@{$tests->{testGroups}}) {
|
|
223 |
my $type = $g->{type};
|
|
224 |
for my $t (@{$g->{tests}}) {
|
|
225 |
my $tcId = $t->{tcId};
|
|
226 |
my $comment = $t->{comment};
|
|
227 |
my $name = $t->{name};
|
|
228 |
my $result = $t->{result};
|
|
229 |
my $shared = pack "H*", $t->{shared};
|
|
230 |
# do the test
|
|
231 |
my $testname = "type=$type/$name tcId=$tcId comment='$comment' expected-result=$result";
|
|
232 |
my $pub = Crypt::PK::ECC->new( $t->{public} );
|
|
233 |
my $pri = Crypt::PK::ECC->new( $t->{private} );
|
|
234 |
my $shared_hex = unpack "H*", $pri->shared_secret($pub);
|
|
235 |
if ($result eq 'valid' || $result eq 'acceptable') {
|
|
236 |
is($shared_hex, $t->{shared}, $testname);
|
|
237 |
}
|
|
238 |
elsif ($result eq 'invalid') {
|
|
239 |
isnt($shared_hex, $t->{shared}, $testname);
|
|
240 |
}
|
|
241 |
else {
|
|
242 |
ok(0, "UNEXPECTED result=$result");
|
|
243 |
}
|
|
244 |
}
|
|
245 |
}
|
|
246 |
}
|