From owner-svn-src-head@freebsd.org  Thu Sep 21 21:07:22 2017
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5F56FE22A42;
 Thu, 21 Sep 2017 21:07:22 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 369C46B026;
 Thu, 21 Sep 2017 21:07:22 +0000 (UTC) (envelope-from cem@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v8LL7LFM046002;
 Thu, 21 Sep 2017 21:07:21 GMT (envelope-from cem@FreeBSD.org)
Received: (from cem@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id v8LL7Lva046001;
 Thu, 21 Sep 2017 21:07:21 GMT (envelope-from cem@FreeBSD.org)
Message-Id: <201709212107.v8LL7Lva046001@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: cem set sender to cem@FreeBSD.org
 using -f
From: Conrad Meyer <cem@FreeBSD.org>
Date: Thu, 21 Sep 2017 21:07:21 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r323878 - head/tests/sys/opencrypto
X-SVN-Group: head
X-SVN-Commit-Author: cem
X-SVN-Commit-Paths: head/tests/sys/opencrypto
X-SVN-Commit-Revision: 323878
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Sep 2017 21:07:22 -0000

Author: cem
Date: Thu Sep 21 21:07:21 2017
New Revision: 323878
URL: https://svnweb.freebsd.org/changeset/base/323878

Log:
  cryptotest.py: Actually use NIST-KAT HMAC test vectors and test the right hashes
  
  Previously, this test was entirely a no-op as no vector in the NIST-KAT file
  has a precisely 20-byte key.
  
  Additionally, not every vector in the file is SHA1.  The length field
  determines the hash under test, and is now decoded correctly.
  
  Finally, due to a limitation I didn't feel like fixing in cryptodev.py, MACs
  are truncated to 16 bytes in this test.
  
  With this change and the uncommitted D12437 (to allow key sizes other than
  those used in IPSec), the SHA tests in cryptotest.py actually test something
  and e.g. at least cryptosoft passes the test.
  
  Sponsored by:	Dell EMC Isilon

Modified:
  head/tests/sys/opencrypto/cryptotest.py

Modified: head/tests/sys/opencrypto/cryptotest.py
==============================================================================
--- head/tests/sys/opencrypto/cryptotest.py	Thu Sep 21 20:59:36 2017	(r323877)
+++ head/tests/sys/opencrypto/cryptotest.py	Thu Sep 21 21:07:21 2017	(r323878)
@@ -242,22 +242,58 @@ def GenTestCase(cname):
 				self.runSHA1HMAC(i)
 
 		def runSHA1HMAC(self, fname):
-			for bogusmode, lines in cryptodev.KATParser(fname,
+			for hashlength, lines in cryptodev.KATParser(fname,
 			    [ 'Count', 'Klen', 'Tlen', 'Key', 'Msg', 'Mac' ]):
+				# E.g., hashlength will be "L=20" (bytes)
+				hashlen = int(hashlength.split("=")[1])
+
+				blocksize = None
+				if hashlen == 20:
+				    alg = cryptodev.CRYPTO_SHA1_HMAC
+				    blocksize = 64
+				elif hashlen == 28:
+				    # Cryptodev doesn't support SHA-224
+				    # Slurp remaining input in section
+				    for data in lines:
+					continue
+				    continue
+				elif hashlen == 32:
+				    alg = cryptodev.CRYPTO_SHA2_256_HMAC
+				    blocksize = 64
+				elif hashlen == 48:
+				    alg = cryptodev.CRYPTO_SHA2_384_HMAC
+				    blocksize = 128
+				elif hashlen == 64:
+				    alg = cryptodev.CRYPTO_SHA2_512_HMAC
+				    blocksize = 128
+				else:
+				    # Skip unsupported hashes
+				    # Slurp remaining input in section
+				    for data in lines:
+					continue
+				    continue
+
 				for data in lines:
 					key = data['Key'].decode('hex')
 					msg = data['Msg'].decode('hex')
 					mac = data['Mac'].decode('hex')
+					tlen = int(data['Tlen'])
 
-					if len(key) != 20:
-						# XXX - implementation bug
+					if len(key) > blocksize:
 						continue
 
-					c = Crypto(mac=cryptodev.CRYPTO_SHA1_HMAC,
-					    mackey=key, crid=crid)
+					c = Crypto(mac=alg, mackey=key,
+					    crid=crid)
 
-					r = c.encrypt(msg)
-					self.assertEqual(r, mac, `data`)
+					_, r = c.encrypt(msg, iv="")
+
+					# A limitation in cryptodev.py means we
+					# can only store MACs up to 16 bytes.
+					# That's good enough to validate the
+					# correct behavior, more or less.
+					maclen = min(tlen, 16)
+					self.assertEqual(r[:maclen], mac[:maclen], "Actual: " + \
+					    repr(r[:maclen].encode("hex")) + " Expected: " + repr(data))
 
 	return GendCryptoTestCase