Date: Thu, 23 May 2019 19:20:37 +0000 (UTC) From: John Baldwin <jhb@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r348193 - stable/12/tests/sys/opencrypto Message-ID: <201905231920.x4NJKbNi091047@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jhb Date: Thu May 23 19:20:37 2019 New Revision: 348193 URL: https://svnweb.freebsd.org/changeset/base/348193 Log: MFC 346616: Run the plain SHA digest tests from NIST. Pass in an explicit digest length to the Crypto constructor since it was assuming only sessions with a MAC key would have a MAC. Passing an explicit size allows us to test the full digest in HMAC tests as well. Modified: stable/12/tests/sys/opencrypto/cryptodev.py stable/12/tests/sys/opencrypto/cryptotest.py Directory Properties: stable/12/ (props changed) Modified: stable/12/tests/sys/opencrypto/cryptodev.py ============================================================================== --- stable/12/tests/sys/opencrypto/cryptodev.py Thu May 23 19:19:09 2019 (r348192) +++ stable/12/tests/sys/opencrypto/cryptodev.py Thu May 23 19:20:37 2019 (r348193) @@ -151,8 +151,9 @@ class Crypto: return _findop(crid, '')[1] def __init__(self, cipher=0, key=None, mac=0, mackey=None, - crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE): + crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE, maclen=None): self._ses = None + self._maclen = maclen ses = SessionOp2() ses.cipher = cipher ses.mac = mac @@ -168,9 +169,6 @@ class Crypto: ses.mackeylen = len(mackey) mk = array.array('B', mackey) ses.mackey = mk.buffer_info()[0] - self._maclen = 16 # parameterize? - else: - self._maclen = None if not cipher and not mac: raise ValueError('one of cipher or mac MUST be specified.') Modified: stable/12/tests/sys/opencrypto/cryptotest.py ============================================================================== --- stable/12/tests/sys/opencrypto/cryptotest.py Thu May 23 19:19:09 2019 (r348192) +++ stable/12/tests/sys/opencrypto/cryptotest.py Thu May 23 19:20:37 2019 (r348193) @@ -114,7 +114,8 @@ def GenTestCase(cname): c = Crypto(cryptodev.CRYPTO_AES_NIST_GCM_16, cipherkey, mac=self._gmacsizes[len(cipherkey)], - mackey=cipherkey, crid=crid) + mackey=cipherkey, crid=crid, + maclen=16) except EnvironmentError, e: # Can't test algorithms the driver does not support. if e.errno != errno.EOPNOTSUPP: @@ -260,11 +261,55 @@ def GenTestCase(cname): ############### @unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname)) def test_sha(self): - # SHA not available in software - pass - #for i in iglob('SHA1*'): - # self.runSHA(i) + for i in katg('shabytetestvectors', 'SHA*Msg.rsp'): + self.runSHA(i) + def runSHA(self, fname): + # Skip SHA512_(224|256) tests + if fname.find('SHA512_') != -1: + return + + for hashlength, lines in cryptodev.KATParser(fname, + [ 'Len', 'Msg', 'MD' ]): + # E.g., hashlength will be "L=20" (bytes) + hashlen = int(hashlength.split("=")[1]) + + if hashlen == 20: + alg = cryptodev.CRYPTO_SHA1 + elif hashlen == 28: + alg = cryptodev.CRYPTO_SHA2_224 + elif hashlen == 32: + alg = cryptodev.CRYPTO_SHA2_256 + elif hashlen == 48: + alg = cryptodev.CRYPTO_SHA2_384 + elif hashlen == 64: + alg = cryptodev.CRYPTO_SHA2_512 + else: + # Skip unsupported hashes + # Slurp remaining input in section + for data in lines: + continue + continue + + for data in lines: + msg = data['Msg'].decode('hex') + msg = msg[:int(data['Len'])] + md = data['MD'].decode('hex') + + try: + c = Crypto(mac=alg, crid=crid, + maclen=hashlen) + except EnvironmentError, e: + # Can't test hashes the driver does not support. + if e.errno != errno.EOPNOTSUPP: + raise + continue + + _, r = c.encrypt(msg, iv="") + + self.assertEqual(r, md, "Actual: " + \ + repr(r.encode("hex")) + " Expected: " + repr(data) + " on " + cname) + @unittest.skipIf(cname not in shamodules, 'skipping SHA-HMAC on %s' % str(cname)) def test_sha1hmac(self): for i in katg('hmactestvectors', 'HMAC.rsp'): @@ -310,7 +355,7 @@ def GenTestCase(cname): try: c = Crypto(mac=alg, mackey=key, - crid=crid) + crid=crid, maclen=hashlen) except EnvironmentError, e: # Can't test hashes the driver does not support. if e.errno != errno.EOPNOTSUPP: @@ -319,13 +364,8 @@ def GenTestCase(cname): _, r = c.encrypt(msg, iv="") - # A limitation in cryptodev.py means we - # can only store MACs up to 16 bytes. - # That's good enough to validate the - # correct behavior, more or less. - maclen = min(tlen, 16) - self.assertEqual(r[:maclen], mac[:maclen], "Actual: " + \ - repr(r[:maclen].encode("hex")) + " Expected: " + repr(data)) + self.assertEqual(r[:tlen], mac, "Actual: " + \ + repr(r.encode("hex")) + " Expected: " + repr(data)) return GendCryptoTestCase
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905231920.x4NJKbNi091047>