-
Notifications
You must be signed in to change notification settings - Fork 2
/
alltest.sh
executable file
·201 lines (177 loc) · 7.06 KB
/
alltest.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
#!/bin/bash
# set -x
# Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# An OpenSSL-based HPKE implementation of RFC9180
#
# run through all the options and see what happens
# If you wanna use valgrind uncomment this
# VALGRIND="valgrind --leak-check=full --show-leak-kinds=all"
# if you want verbose output...
# VERBOSE=yes
# just in case...
BINDIR=$HOME/code/happykey
: ${OSSL:=$HOME/code/openssl}
: ${NSSL:=$HOME/code/dist/Debug/lib}
export LD_LIBRARY_PATH=$OSSL:$NSSL
if [ ! -f $BINDIR/hpkemain ]
then
echo "You probably need to run make first ..."
exit 1
fi
SCRATCH=$BINDIR/scratch
mkdir -p $SCRATCH
if [ ! -f $SCRATCH/plain ]
then
echo "$RANDOM$RANDOM$RANDOM$RANDOM" >>$SCRATCH/plain
echo "$RANDOM$RANDOM$RANDOM$RANDOM" >>$SCRATCH/plain
echo "$RANDOM$RANDOM$RANDOM$RANDOM" >>$SCRATCH/plain
fi
TMPNAM=`mktemp $SCRATCH/tmpXXXX`
cp $SCRATCH/plain $TMPNAM.plain
# overall result
overall=0
# count things
passed=0
failed=0
# go through the modes, kems... (kdfs,aeads later)
for mode in base psk auth pskauth
do
for kem in 0x10 0x11 0x12 0x20 0x21
do
# new recipient key pair - only the KEM matters for key generation
$VALGRIND $BINDIR/hpkemain -k -p $TMPNAM.$mode.$kem.rpriv -P $TMPNAM.$mode.$kem.rpub -m $mode -c $kem,1,1
res=$?
if [[ "$res" != 0 ]]
then
echo "$mode,$kem recipient key gen failed!"
overall=1
failed=$((failed+1))
continue
else
passed=$((passed+1))
fi
# if a psk mode then generate both good and bad PSK and PSKID
if [[ "$mode" == "psk" || "$mode" == "pskauth" ]]
then
GOODPSKPARMS="-s $RADNDOM$RANDOM -n $RANDOM$RANDOM"
BADPSKPARMS="-s $RADNDOM$RANDOM -n $RANDOM$RANDOM"
else
GOODPSKPARMS=" "
BADPSKPARMS=" "
fi
if [[ "$mode" == "auth" || "$mode" == "pskauth" ]]
then
# new sender key pair for auth modes
$VALGRIND $BINDIR/hpkemain -k -p $TMPNAM.$mode.$kem.spriv -P $TMPNAM.$mode.$kem.spub -m $mode -c $kem,1,1
if [[ "$res" != 0 ]]
then
echo "$mode,$kem sender key gen failed!"
overall=1
failed=$((failed+1))
continue
else
passed=$((passed+1))
fi
AUTHEPARMS="-p $TMPNAM.$mode.$kem.spriv "
AUTHDPARMS="-P $TMPNAM.$mode.$kem.spub "
else
AUTHEPARMS=" "
AUTHDPARMS=" "
fi
# go through the kdfs aeads...
for kdf in 1 2 3
do
for aead in 1 2 3
do
# setup good info/aad
# setup overall result optimistically
ores=0
# encrypt
$VALGRIND $BINDIR/hpkemain -e -P $TMPNAM.$mode.$kem.rpub $AUTHEPARMS $GOODPSKPARMS \
-i $TMPNAM.plain -o $TMPNAM.$mode.$kem.$kdf.$aead.cipher \
-m $mode -c $kem,$kdf,$aead
res=$?
if [[ "$res" != 0 ]]
then
# encrypt failed!
echo "$mode,$kem,$kdf,$aead ENCRYPT FAILED!"
echo "What failed was: "
echo "$BINDIR/hpkemain -e -P $TMPNAM.$mode.$kem.rpub $AUTHEPARMS $GOODPSKPARMS \
-i $TMPNAM.plain -o $TMPNAM.$mode.$kem.$kdf.$aead.cipher \
-m $mode -c $kem,$kdf,$aead"
ores=1
overall=1
failed=$((failed+1))
else
# this refers to the encrypt above
passed=$((passed+1))
# should be good decrypt
$VALGRIND $BINDIR/hpkemain -d -p $TMPNAM.$mode.$kem.rpriv $AUTHDPARMS $GOODPSKPARMS \
-i $TMPNAM.$mode.$kem.$kdf.$aead.cipher -o $TMPNAM.$mode.$kem.$kdf.$aead.recovered \
-m $mode -c $kem,$kdf,$aead
res=$?
if [[ "$res" != "0" || ! -f $TMPNAM.$mode.$kem.$kdf.$aead.recovered ]]
then
# decrypt failed!
echo "$mode,$kem,$kdf,$aead DECRYPT FAILED when it shouldn't!"
echo "What failed was: "
echo "$BINDIR/hpkemain -d -p $TMPNAM.$mode.$kem.rpriv $AUTHDPARMS $GOODPSKPARMS \
-i $TMPNAM.$mode.$kem.$kdf.$aead.cipher -o $TMPNAM.$mode.$kem.$kdf.$aead.recovered \
-m $mode -c $kem,$kdf,$aead"
overall=1
ores=1
failed=$((failed+1))
else
passed=$((passed+1))
# try some bad decrypts - these should fail
ores=0
# give bad PSK stuff
if [[ "$mode" == "psk" || "$mode" == "pskauth" ]]
then
$VALGRIND $BINDIR/hpkemain -d -p $TMPNAM.$mode.$kem.rpriv $AUTHDPARMS $BADPSKPARMS \
-i $TMPNAM.$mode.$kem.$kdf.$aead.cipher -o $TMPNAM.$mode.$kem.$kdf.$aead.unrecovered \
-m $mode -c $kem,$kdf,$aead 2>/dev/null
res=$?
if [[ "$res" == 0 || -f $TMPNAM.$mode.$kem.$kdf.$aead.unrecovered ]]
then
echo "$mode,$kem,$kdf,$aead DECRYPT WORKED when it shouldn't!"
echo "What failed was: $VALGRIND $BINDIR/hpkemain -d -p $TMPNAM.$mode.$kem.rpriv $AUTHDPARMS $BADPSKPARMS \
-i $TMPNAM.$mode.$kem.$kdf.$aead.cipher -o $TMPNAM.$mode.$kem.$kdf.$aead.unrecovered \
-m $mode -c $kem,$kdf,$aead "
echo "PSK good params: $GOODPSKPARMS, bad params: $BADPSKPARMS"
overall=1
ores=1
failed=$((failed+1))
else
# echo "$mode,$kem,$kdf,$aead DECRYPT failed as planned"
passed=$((passed+1))
fi
fi
# give bad info/aad
fi
fi
if [[ "$ores" == "0" ]]
then
if [[ "$VERBOSE" != "" ]]
then
echo "$mode,$kem,$kdf,$aead is good"
fi
else
echo "$mode,$kem,$kdf,$aead is BAD!"
fi
done
done
done
done
if [[ "$overall" == "0" ]]
then
echo "All done. All good. ($passed tests)"
else
echo "Some problems - passed: $passed but failed: $failed "
fi