Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 23 May 2019 19:20:37 +0000 (UTC)
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org
Subject:   svn commit: r348193 - stable/12/tests/sys/opencrypto
Message-ID:  <201905231920.x4NJKbNi091047@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jhb
Date: Thu May 23 19:20:37 2019
New Revision: 348193
URL: https://svnweb.freebsd.org/changeset/base/348193

Log:
  MFC 346616: Run the plain SHA digest tests from NIST.
  
  Pass in an explicit digest length to the Crypto constructor since it
  was assuming only sessions with a MAC key would have a MAC.  Passing
  an explicit size allows us to test the full digest in HMAC tests as
  well.

Modified:
  stable/12/tests/sys/opencrypto/cryptodev.py
  stable/12/tests/sys/opencrypto/cryptotest.py
Directory Properties:
  stable/12/   (props changed)

Modified: stable/12/tests/sys/opencrypto/cryptodev.py
==============================================================================
--- stable/12/tests/sys/opencrypto/cryptodev.py	Thu May 23 19:19:09 2019	(r348192)
+++ stable/12/tests/sys/opencrypto/cryptodev.py	Thu May 23 19:20:37 2019	(r348193)
@@ -151,8 +151,9 @@ class Crypto:
 		return _findop(crid, '')[1]
 
 	def __init__(self, cipher=0, key=None, mac=0, mackey=None,
-	    crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE):
+	    crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE, maclen=None):
 		self._ses = None
+		self._maclen = maclen
 		ses = SessionOp2()
 		ses.cipher = cipher
 		ses.mac = mac
@@ -168,9 +169,6 @@ class Crypto:
 			ses.mackeylen = len(mackey)
 			mk = array.array('B', mackey)
 			ses.mackey = mk.buffer_info()[0]
-			self._maclen = 16	# parameterize?
-		else:
-			self._maclen = None
 
 		if not cipher and not mac:
 			raise ValueError('one of cipher or mac MUST be specified.')

Modified: stable/12/tests/sys/opencrypto/cryptotest.py
==============================================================================
--- stable/12/tests/sys/opencrypto/cryptotest.py	Thu May 23 19:19:09 2019	(r348192)
+++ stable/12/tests/sys/opencrypto/cryptotest.py	Thu May 23 19:20:37 2019	(r348193)
@@ -114,7 +114,8 @@ def GenTestCase(cname):
 						c = Crypto(cryptodev.CRYPTO_AES_NIST_GCM_16,
 						    cipherkey,
 						    mac=self._gmacsizes[len(cipherkey)],
-						    mackey=cipherkey, crid=crid)
+						    mackey=cipherkey, crid=crid,
+						    maclen=16)
 					except EnvironmentError, e:
 						# Can't test algorithms the driver does not support.
 						if e.errno != errno.EOPNOTSUPP:
@@ -260,11 +261,55 @@ def GenTestCase(cname):
 		###############
 		@unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname))
 		def test_sha(self):
-			# SHA not available in software
-			pass
-			#for i in iglob('SHA1*'):
-			#	self.runSHA(i)
+			for i in katg('shabytetestvectors', 'SHA*Msg.rsp'):
+				self.runSHA(i)
 
+		def runSHA(self, fname):
+			# Skip SHA512_(224|256) tests
+			if fname.find('SHA512_') != -1:
+				return
+
+			for hashlength, lines in cryptodev.KATParser(fname,
+			    [ 'Len', 'Msg', 'MD' ]):
+				# E.g., hashlength will be "L=20" (bytes)
+				hashlen = int(hashlength.split("=")[1])
+
+				if hashlen == 20:
+					alg = cryptodev.CRYPTO_SHA1
+				elif hashlen == 28:
+					alg = cryptodev.CRYPTO_SHA2_224
+				elif hashlen == 32:
+					alg = cryptodev.CRYPTO_SHA2_256
+				elif hashlen == 48:
+					alg = cryptodev.CRYPTO_SHA2_384
+				elif hashlen == 64:
+					alg = cryptodev.CRYPTO_SHA2_512
+				else:
+					# Skip unsupported hashes
+					# Slurp remaining input in section
+					for data in lines:
+						continue
+					continue
+
+				for data in lines:
+					msg = data['Msg'].decode('hex')
+                                        msg = msg[:int(data['Len'])]
+					md = data['MD'].decode('hex')
+
+					try:
+						c = Crypto(mac=alg, crid=crid,
+						    maclen=hashlen)
+					except EnvironmentError, e:
+						# Can't test hashes the driver does not support.
+						if e.errno != errno.EOPNOTSUPP:
+							raise
+						continue
+
+					_, r = c.encrypt(msg, iv="")
+
+					self.assertEqual(r, md, "Actual: " + \
+					    repr(r.encode("hex")) + " Expected: " + repr(data) + " on " + cname)
+
 		@unittest.skipIf(cname not in shamodules, 'skipping SHA-HMAC on %s' % str(cname))
 		def test_sha1hmac(self):
 			for i in katg('hmactestvectors', 'HMAC.rsp'):
@@ -310,7 +355,7 @@ def GenTestCase(cname):
 
 					try:
 						c = Crypto(mac=alg, mackey=key,
-						    crid=crid)
+						    crid=crid, maclen=hashlen)
 					except EnvironmentError, e:
 						# Can't test hashes the driver does not support.
 						if e.errno != errno.EOPNOTSUPP:
@@ -319,13 +364,8 @@ def GenTestCase(cname):
 
 					_, r = c.encrypt(msg, iv="")
 
-					# A limitation in cryptodev.py means we
-					# can only store MACs up to 16 bytes.
-					# That's good enough to validate the
-					# correct behavior, more or less.
-					maclen = min(tlen, 16)
-					self.assertEqual(r[:maclen], mac[:maclen], "Actual: " + \
-					    repr(r[:maclen].encode("hex")) + " Expected: " + repr(data))
+					self.assertEqual(r[:tlen], mac, "Actual: " + \
+					    repr(r.encode("hex")) + " Expected: " + repr(data))
 
 	return GendCryptoTestCase
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905231920.x4NJKbNi091047>