search

ocheron / cryptostore

Serialization of cryptographic data types
Other
10 stars 10 forks source link

Test failure for 0.2.1.0 in EncryptedPrivateKey PBSE1 #7

Closed sternenseemann closed 2 years ago

sternenseemann commented 2 years ago

For cryptostore-0.2.1.0 I sometimes get this test failure, rerunning the test suite often makes it go away (experienced on both x86_64 and aarch64):

Edit: I had flaky failures before, but now they happen consistently; not sure what exactly changed. How can you debug this better?

Running 1 test suites...
Test suite test-cryptostore: RUNNING...
cryptostore
  KeyWrap.AES
    AES128
      properties
        unwrap . wrap == id:           OK (0.07s)
          +++ OK, passed 100 tests.
        unwrapPad . wrapPad == id:     OK
          +++ OK, passed 100 tests.
      vectors
        1
          Wrap:                        OK
          Unwrap:                      OK
    AES192
      properties
        unwrap . wrap == id:           OK (0.08s)
          +++ OK, passed 100 tests.
        unwrapPad . wrapPad == id:     OK
          +++ OK, passed 100 tests.
      vectors
        1
          Wrap:                        OK
          Unwrap:                      OK
        2
          Wrap:                        OK
          Unwrap:                      OK
        Pad1
          Wrap:                        OK
          Unwrap:                      OK
        Pad2
          Wrap:                        OK
          Unwrap:                      OK
    AES256
      properties
        unwrap . wrap == id:           OK (0.05s)
          +++ OK, passed 100 tests.
        unwrapPad . wrapPad == id:     OK
          +++ OK, passed 100 tests.
      vectors
        1
          Wrap:                        OK
          Unwrap:                      OK
        2
          Wrap:                        OK
          Unwrap:                      OK
        3
          Wrap:                        OK
          Unwrap:                      OK
  KeyWrap.TripleDES
    3DES_EDE
      properties
        unwrap . wrap == id:           OK (0.31s)
          +++ OK, passed 10 tests.
      vectors
        1
          Wrap:                        OK
          Unwrap:                      OK (0.02s)
    3DES_EEE
      properties
        unwrap . wrap == id:           OK (0.30s)
          +++ OK, passed 10 tests.
    2DES_EDE
      properties
        unwrap . wrap == id:           OK (0.31s)
          +++ OK, passed 10 tests.
    2DES_EEE
      properties
        unwrap . wrap == id:           OK (0.28s)
          +++ OK, passed 10 tests.
  KeyWrap.RC2
    properties
      unwrap . wrap == id:             OK (0.01s)
        +++ OK, passed 100 tests.
    vectors
      1
        Wrap:                          OK
        Unwrap:                        OK
      2
        Wrap:                          OK
        Unwrap:                        OK
  Cipher.RC2
    properties
      decrypt . encrypt == id:         OK (0.01s)
        +++ OK, passed 100 tests.
    vectors
      1
        Encrypt:                       OK
        Decrypt:                       OK
      2
        Encrypt:                       OK
        Decrypt:                       OK
      3
        Encrypt:                       OK
        Decrypt:                       OK
      4
        Encrypt:                       OK
        Decrypt:                       OK
      5
        Encrypt:                       OK
        Decrypt:                       OK
      6
        Encrypt:                       OK
        Decrypt:                       OK
      7
        Encrypt:                       OK
        Decrypt:                       OK
      8
        Encrypt:                       OK
        Decrypt:                       OK
  CMS
    Data
      read:                            OK
      write:                           OK
    SignedData:                        OK
      verifying RSA
      verifying DSA
      verifying EC (named curve)
      verifying EC (explicit prime curve)
      verifying RSA-PSS
    SignedDataDetached:                OK
      verifying RSA
      verifying DSA
      verifying EC (named curve)
      verifying EC (explicit prime curve)
      verifying RSA-PSS
    EnvelopedData
      KTRI:                            OK (0.01s)
        testing 3DES_CBC with RSAES-PKCS1
        testing 3DES_CBC with RSAES-OAEP
        testing AES128_CBC with RSAES-PKCS1
        testing AES128_CBC with RSAES-OAEP
        testing AES192_CBC with RSAES-PKCS1
        testing AES192_CBC with RSAES-OAEP
        testing AES256_CBC with RSAES-PKCS1
        testing AES256_CBC with RSAES-OAEP
        testing CAST5_CBC (128 bits) with RSAES-PKCS1
        testing CAST5_CBC (128 bits) with RSAES-OAEP
        testing Camellia128_CBC with RSAES-PKCS1
        testing Camellia128_CBC with RSAES-OAEP
        testing RC2 (128 bits) with RSAES-PKCS1
        testing RC2 (128 bits) with RSAES-OAEP
        testing AES128_ECB with RSAES-PKCS1
        testing AES128_ECB with RSAES-OAEP
        testing AES192_ECB with RSAES-PKCS1
        testing AES192_ECB with RSAES-OAEP
        testing AES256_ECB with RSAES-PKCS1
        testing AES256_ECB with RSAES-OAEP
        testing Camellia128_ECB with RSAES-PKCS1
        testing Camellia128_ECB with RSAES-OAEP
      KARI:                            OK (0.19s)
        testing 3DES_CBC with SHA1               (0.02s)
        testing 3DES_CBC with SHA224             (0.02s)
        testing 3DES_CBC with SHA256             (0.02s)
        testing 3DES_CBC with SHA384             (0.02s)
        testing 3DES_CBC with SHA512             (0.02s)
        testing AES128_CBC with SHA1
        testing AES128_CBC with SHA224
        testing AES128_CBC with SHA256
        testing AES128_CBC with SHA384
        testing AES128_CBC with SHA512
        testing AES192_CBC with SHA1
        testing AES192_CBC with SHA224
        testing AES192_CBC with SHA256
        testing AES192_CBC with SHA384
        testing AES192_CBC with SHA512
        testing AES256_CBC with SHA1
        testing AES256_CBC with SHA224
        testing AES256_CBC with SHA256
        testing AES256_CBC with SHA384
        testing AES256_CBC with SHA512
        testing CAST5_CBC (128 bits) with SHA1
        testing CAST5_CBC (128 bits) with SHA224
        testing CAST5_CBC (128 bits) with SHA256
        testing CAST5_CBC (128 bits) with SHA384
        testing CAST5_CBC (128 bits) with SHA512
        testing Camellia128_CBC with SHA1
        testing Camellia128_CBC with SHA224
        testing Camellia128_CBC with SHA256
        testing Camellia128_CBC with SHA384
        testing Camellia128_CBC with SHA512
        testing RC2 (128 bits) with SHA1
        testing RC2 (128 bits) with SHA224
        testing RC2 (128 bits) with SHA256
        testing RC2 (128 bits) with SHA384
        testing RC2 (128 bits) with SHA512
        testing AES128_ECB with SHA1
        testing AES128_ECB with SHA224
        testing AES128_ECB with SHA256
        testing AES128_ECB with SHA384
        testing AES128_ECB with SHA512
        testing AES192_ECB with SHA1
        testing AES192_ECB with SHA224
        testing AES192_ECB with SHA256
        testing AES192_ECB with SHA384
        testing AES192_ECB with SHA512
        testing AES256_ECB with SHA1
        testing AES256_ECB with SHA224
        testing AES256_ECB with SHA256
        testing AES256_ECB with SHA384
        testing AES256_ECB with SHA512
        testing Camellia128_ECB with SHA1
        testing Camellia128_ECB with SHA224
        testing Camellia128_ECB with SHA256
        testing Camellia128_ECB with SHA384
        testing Camellia128_ECB with SHA512
      KEKRI:                           OK
        testing 3DES_CBC
        testing AES128_CBC
        testing AES192_CBC
        testing AES256_CBC
        testing CAST5_CBC (128 bits)
        testing Camellia128_CBC
        testing RC2 (128 bits)
        testing AES128_ECB
        testing AES192_ECB
        testing AES256_ECB
        testing Camellia128_ECB
      PWRI:                            OK (0.02s)
        testing 3DES_CBC             (0.02s)
        testing AES128_CBC
        testing AES192_CBC
        testing AES256_CBC
        testing CAST5_CBC (128 bits)
        testing Camellia128_CBC
        testing RC2 (128 bits)
    DigestedData:                      OK
      verifying MD5
      digesting MD5
      verifying SHA1
      digesting SHA1
      verifying SHA224
      digesting SHA224
      verifying SHA256
      digesting SHA256
      verifying SHA384
      digesting SHA384
      verifying SHA512
      digesting SHA512
    EncryptedData:                     OK (0.01s)
      decrypting DES_CBC
      encrypting DES_CBC
      decrypting 3DES_CBC
      encrypting 3DES_CBC
      decrypting AES128_CBC
      encrypting AES128_CBC
      decrypting AES192_CBC
      encrypting AES192_CBC
      decrypting AES256_CBC
      encrypting AES256_CBC
      decrypting CAST5_CBC (40 bits)
      encrypting CAST5_CBC (40 bits)
      decrypting CAST5_CBC (128 bits)
      encrypting CAST5_CBC (128 bits)
      decrypting Camellia128_CBC
      encrypting Camellia128_CBC
      decrypting RC2 (40 bits)
      encrypting RC2 (40 bits)
      decrypting RC2 (64 bits)
      encrypting RC2 (64 bits)
      decrypting RC2 (128 bits)
      encrypting RC2 (128 bits)
      decrypting DES_ECB
      encrypting DES_ECB
      decrypting AES128_ECB
      encrypting AES128_ECB
      decrypting AES192_ECB
      encrypting AES192_ECB
      decrypting AES256_ECB
      encrypting AES256_ECB
      decrypting Camellia128_ECB
      encrypting Camellia128_ECB
    AuthEnvelopedData:                 OK (0.03s)
      testing vector 0         (0.02s)
      testing encoded vector 0 (0.02s)
      testing vector 1
      testing encoded vector 1
    properties
      marshalling:                     OK (18.99s)
        +++ OK, passed 100 tests:
        57% 0 .. 1 KB
         9% 1 .. 2 KB
         9% 2 .. 3 KB
         7% 3 .. 4 KB
         6% 4 .. 5 KB
         3% 11 .. 12 KB
         2% 6 .. 7 KB
         2% 7 .. 8 KB
         2% 9 .. 10 KB
         1% 14 .. 15 KB
         1% 17 .. 18 KB
         1% 5 .. 6 KB
      signing:                         OK (17.35s)
        +++ OK, passed 100 tests:
        10% Ed448
         8% ECDSA SHA224
         8% ECDSA SHA384
         7% DSA SHA256
         7% RSA MD5
         7% RSA SHA1
         6% DSA SHA1
         6% ECDSA SHA256
         6% ECDSA SHA512
         6% RSA SHA224
         5% DSA SHA224
         5% RSAAnyHash
         4% RSA MD2
         4% RSA SHA512
         3% Ed25519
         2% RSA SHA384
         1% ECDSA SHA1
         1% RSA SHA256
         1% RSAPSS (PSSParams {pssHashAlgorithm = MD5, pssMaskGenAlgorithm = MGF1 SHA256, pssSaltLength = 23})
         1% RSAPSS (PSSParams {pssHashAlgorithm = SHA224, pssMaskGenAlgorithm = MGF1 MD2, pssSaltLength = 18})
         1% RSAPSS (PSSParams {pssHashAlgorithm = SHA512, pssMaskGenAlgorithm = MGF1 MD2, pssSaltLength = 24})
         1% RSAPSS (PSSParams {pssHashAlgorithm = SHAKE128_256, pssMaskGenAlgorithm = MGF1 MD5, pssSaltLength = 29})
      enveloping:                      OK (20.86s)
        +++ OK, passed 100 tests:
        11% CAST5_CBC
        10% RC2_CBC
         8% AES192_CBC
         7% Camellia128_CFB
         7% Camellia128_ECB
         6% AES128_ECB
         6% AES256_CFB
         6% Camellia128_CTR
         6% DES_CBC
         5% Camellia128_CBC
         4% AES128_CBC
         4% AES192_CFB
         4% AES192_ECB
         4% AES256_CBC
         4% AES256_ECB
         3% DES_ECB
         2% AES128_CFB
         2% DES_CFB
         1% DES_EDE3_CBC
      digesting:                       OK (10.72s)
        +++ OK, passed 100 tests:
        15% SHA256
        11% SHAKE128 Proxy
         9% SHA512
         9% SHAKE128_256
         9% SHAKE256_512
         8% MD2
         8% MD5
         8% SHA1
         7% SHAKE256 Proxy
         6% MD4
         6% SHA384
         4% SHA224
      encrypting:                      OK (21.92s)
        +++ OK, passed 100 tests:
         8% Camellia128_CBC
         8% DES_CBC
         8% DES_ECB
         8% DES_EDE3_CBC
         7% AES192_CFB
         6% AES128_CBC
         6% AES256_CFB
         6% CAST5_CBC
         6% Camellia128_ECB
         6% DES_CFB
         5% AES128_CFB
         5% AES192_ECB
         4% Camellia128_CFB
         4% RC2_CBC
         3% AES192_CBC
         3% AES256_CBC
         3% Camellia128_CTR
         2% AES128_ECB
         2% AES256_ECB
      authenticating:                  OK (21.66s)
        +++ OK, passed 100 tests:
        22% HMAC SHA384
        19% HMAC SHA1
        16% HMAC SHA224
        15% HMAC SHA512
        14% HMAC MD5
        14% HMAC SHA256
      enveloping with authentication:  OK (16.87s)
        +++ OK, passed 100 tests:
        16% AES256_GCM
        13% AES128_CCM
        13% AES192_CCM
        13% AUTH_ENC_256
        11% AES192_GCM
        11% AES256_CCM
        10% CHACHA20_POLY1305
         8% AUTH_ENC_128
         5% AES128_GCM
  X509
    RSA
      read public key:                 OK
      read certificate:                OK
      same key:                        OK
      write certificate:               OK
      write public key:                OK
    DSA
      read public key:                 OK
      read certificate:                OK
      same key:                        OK
      write certificate:               OK
      write public key:                OK
    EC (named curve)
      read public key:                 OK
      read certificate:                OK
      same key:                        OK
      write certificate:               OK
      write public key:                OK
    X25519
      read public key:                 OK
      read certificate:                OK
      same key:                        OK
      write certificate:               OK
      write public key:                OK
    X448
      read public key:                 OK
      read certificate:                OK
      same key:                        OK
      write certificate:               OK
      write public key:                OK
    Ed25519
      read public key:                 OK
      read certificate:                OK
      same key:                        OK
      write certificate:               OK
      write public key:                OK
    Ed448
      read public key:                 OK
      read certificate:                OK
      same key:                        OK
      write certificate:               OK
      write public key:                OK
    properties
      marshalling public keys:         OK (0.47s)
        +++ OK, passed 100 tests.
      marshalling certificates:        OK (1.55s)
        +++ OK, passed 100 tests.
      marshalling CRLs:                OK
        +++ OK, passed 100 tests.
  PKCS8
    RSA
      PrivateKey
        read outer:                    OK
        read inner:                    OK
        same key:                      OK
        write outer:                   OK
        write inner:                   OK
      EncryptedPrivateKey
        PBES1
          read unencrypted:            OK
          read encrypted:              OK
          same keys:                   OK (0.39s)
        PBKDF2
          read unencrypted:            OK
          read encrypted:              OK
          same keys:                   OK (0.18s)
        Scrypt
          read unencrypted:            OK
          read encrypted:              OK
          same keys:                   OK (0.11s)
    DSA
      PrivateKey
        read outer:                    OK
        read inner:                    OK
        same key:                      OK
        write outer:                   OK
        write inner:                   OK
      EncryptedPrivateKey
        PBES1
          read unencrypted:            OK
          read encrypted:              OK
          same keys:                   
Test suite test-cryptostore: FAIL
Test suite logged to: dist/test/cryptostore-0.2.1.0-test-cryptostore.log
0 of 1 test suites (0 of 1 test cases) passed.
ocheron commented 2 years ago

OK I will fix this. Do you use the package or just report build failures with NixOS?

sternenseemann commented 2 years ago

I'm not an user, no, this showed up on CI since a few NixOS packages depend on it. If you run into trouble diagnosing the issue, let me know — I can try to bisect the issue to confirm if it is caused by a specific external change.

ocheron commented 2 years ago

Fine, now this should be fixed in cryptostore-0.2.2.0.

sternenseemann commented 2 years ago

Thanks a lot for looking into and fixing this so quickly!