svn commit: r346616 - head/tests/sys/opencrypto
John Baldwin
jhb at FreeBSD.org
Wed Apr 24 00:16:40 UTC 2019
Author: jhb
Date: Wed Apr 24 00:16:39 2019
New Revision: 346616
URL: https://svnweb.freebsd.org/changeset/base/346616
Log:
Run the plain SHA digest tests from NIST.
Pass in an explicit digest length to the Crypto constructor since it
was assuming only sessions with a MAC key would have a MAC. Passing
an explicit size allows us to test the full digest in HMAC tests as
well.
Reviewed by: cem
MFC after: 1 month
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D19884
Modified:
head/tests/sys/opencrypto/cryptodev.py
head/tests/sys/opencrypto/cryptotest.py
Modified: head/tests/sys/opencrypto/cryptodev.py
==============================================================================
--- head/tests/sys/opencrypto/cryptodev.py Wed Apr 24 00:14:37 2019 (r346615)
+++ head/tests/sys/opencrypto/cryptodev.py Wed Apr 24 00:16:39 2019 (r346616)
@@ -151,8 +151,9 @@ class Crypto:
return _findop(crid, '')[1]
def __init__(self, cipher=0, key=None, mac=0, mackey=None,
- crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE):
+ crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE, maclen=None):
self._ses = None
+ self._maclen = maclen
ses = SessionOp2()
ses.cipher = cipher
ses.mac = mac
@@ -168,9 +169,6 @@ class Crypto:
ses.mackeylen = len(mackey)
mk = array.array('B', mackey)
ses.mackey = mk.buffer_info()[0]
- self._maclen = 16 # parameterize?
- else:
- self._maclen = None
if not cipher and not mac:
raise ValueError('one of cipher or mac MUST be specified.')
Modified: head/tests/sys/opencrypto/cryptotest.py
==============================================================================
--- head/tests/sys/opencrypto/cryptotest.py Wed Apr 24 00:14:37 2019 (r346615)
+++ head/tests/sys/opencrypto/cryptotest.py Wed Apr 24 00:16:39 2019 (r346616)
@@ -114,7 +114,8 @@ def GenTestCase(cname):
c = Crypto(cryptodev.CRYPTO_AES_NIST_GCM_16,
cipherkey,
mac=self._gmacsizes[len(cipherkey)],
- mackey=cipherkey, crid=crid)
+ mackey=cipherkey, crid=crid,
+ maclen=16)
except EnvironmentError, e:
# Can't test algorithms the driver does not support.
if e.errno != errno.EOPNOTSUPP:
@@ -260,11 +261,55 @@ def GenTestCase(cname):
###############
@unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname))
def test_sha(self):
- # SHA not available in software
- pass
- #for i in iglob('SHA1*'):
- # self.runSHA(i)
+ for i in katg('shabytetestvectors', 'SHA*Msg.rsp'):
+ self.runSHA(i)
+ def runSHA(self, fname):
+ # Skip SHA512_(224|256) tests
+ if fname.find('SHA512_') != -1:
+ return
+
+ for hashlength, lines in cryptodev.KATParser(fname,
+ [ 'Len', 'Msg', 'MD' ]):
+ # E.g., hashlength will be "L=20" (bytes)
+ hashlen = int(hashlength.split("=")[1])
+
+ if hashlen == 20:
+ alg = cryptodev.CRYPTO_SHA1
+ elif hashlen == 28:
+ alg = cryptodev.CRYPTO_SHA2_224
+ elif hashlen == 32:
+ alg = cryptodev.CRYPTO_SHA2_256
+ elif hashlen == 48:
+ alg = cryptodev.CRYPTO_SHA2_384
+ elif hashlen == 64:
+ alg = cryptodev.CRYPTO_SHA2_512
+ else:
+ # Skip unsupported hashes
+ # Slurp remaining input in section
+ for data in lines:
+ continue
+ continue
+
+ for data in lines:
+ msg = data['Msg'].decode('hex')
+ msg = msg[:int(data['Len'])]
+ md = data['MD'].decode('hex')
+
+ try:
+ c = Crypto(mac=alg, crid=crid,
+ maclen=hashlen)
+ except EnvironmentError, e:
+ # Can't test hashes the driver does not support.
+ if e.errno != errno.EOPNOTSUPP:
+ raise
+ continue
+
+ _, r = c.encrypt(msg, iv="")
+
+ self.assertEqual(r, md, "Actual: " + \
+ repr(r.encode("hex")) + " Expected: " + repr(data) + " on " + cname)
+
@unittest.skipIf(cname not in shamodules, 'skipping SHA-HMAC on %s' % str(cname))
def test_sha1hmac(self):
for i in katg('hmactestvectors', 'HMAC.rsp'):
@@ -310,7 +355,7 @@ def GenTestCase(cname):
try:
c = Crypto(mac=alg, mackey=key,
- crid=crid)
+ crid=crid, maclen=hashlen)
except EnvironmentError, e:
# Can't test hashes the driver does not support.
if e.errno != errno.EOPNOTSUPP:
@@ -319,13 +364,8 @@ def GenTestCase(cname):
_, r = c.encrypt(msg, iv="")
- # A limitation in cryptodev.py means we
- # can only store MACs up to 16 bytes.
- # That's good enough to validate the
- # correct behavior, more or less.
- maclen = min(tlen, 16)
- self.assertEqual(r[:maclen], mac[:maclen], "Actual: " + \
- repr(r[:maclen].encode("hex")) + " Expected: " + repr(data))
+ self.assertEqual(r[:tlen], mac, "Actual: " + \
+ repr(r.encode("hex")) + " Expected: " + repr(data))
return GendCryptoTestCase
More information about the svn-src-head
mailing list