From owner-svn-src-all@freebsd.org Thu May 23 19:20:38 2019 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 422FF15B34BB; Thu, 23 May 2019 19:20:38 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DA56683AAB; Thu, 23 May 2019 19:20:37 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id B8FAD9715; Thu, 23 May 2019 19:20:37 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x4NJKbFn091049; Thu, 23 May 2019 19:20:37 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x4NJKbNi091047; Thu, 23 May 2019 19:20:37 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201905231920.x4NJKbNi091047@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin Date: Thu, 23 May 2019 19:20:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r348193 - stable/12/tests/sys/opencrypto X-SVN-Group: stable-12 X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: stable/12/tests/sys/opencrypto X-SVN-Commit-Revision: 348193 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: DA56683AAB X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.97 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-0.99)[-0.995,0]; NEURAL_HAM_SHORT(-0.97)[-0.972,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 May 2019 19:20:38 -0000 Author: jhb Date: Thu May 23 19:20:37 2019 New Revision: 348193 URL: https://svnweb.freebsd.org/changeset/base/348193 Log: MFC 346616: Run the plain SHA digest tests from NIST. Pass in an explicit digest length to the Crypto constructor since it was assuming only sessions with a MAC key would have a MAC. Passing an explicit size allows us to test the full digest in HMAC tests as well. Modified: stable/12/tests/sys/opencrypto/cryptodev.py stable/12/tests/sys/opencrypto/cryptotest.py Directory Properties: stable/12/ (props changed) Modified: stable/12/tests/sys/opencrypto/cryptodev.py ============================================================================== --- stable/12/tests/sys/opencrypto/cryptodev.py Thu May 23 19:19:09 2019 (r348192) +++ stable/12/tests/sys/opencrypto/cryptodev.py Thu May 23 19:20:37 2019 (r348193) @@ -151,8 +151,9 @@ class Crypto: return _findop(crid, '')[1] def __init__(self, cipher=0, key=None, mac=0, mackey=None, - crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE): + crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE, maclen=None): self._ses = None + self._maclen = maclen ses = SessionOp2() ses.cipher = cipher ses.mac = mac @@ -168,9 +169,6 @@ class Crypto: ses.mackeylen = len(mackey) mk = array.array('B', mackey) ses.mackey = mk.buffer_info()[0] - self._maclen = 16 # parameterize? - else: - self._maclen = None if not cipher and not mac: raise ValueError('one of cipher or mac MUST be specified.') Modified: stable/12/tests/sys/opencrypto/cryptotest.py ============================================================================== --- stable/12/tests/sys/opencrypto/cryptotest.py Thu May 23 19:19:09 2019 (r348192) +++ stable/12/tests/sys/opencrypto/cryptotest.py Thu May 23 19:20:37 2019 (r348193) @@ -114,7 +114,8 @@ def GenTestCase(cname): c = Crypto(cryptodev.CRYPTO_AES_NIST_GCM_16, cipherkey, mac=self._gmacsizes[len(cipherkey)], - mackey=cipherkey, crid=crid) + mackey=cipherkey, crid=crid, + maclen=16) except EnvironmentError, e: # Can't test algorithms the driver does not support. if e.errno != errno.EOPNOTSUPP: @@ -260,11 +261,55 @@ def GenTestCase(cname): ############### @unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname)) def test_sha(self): - # SHA not available in software - pass - #for i in iglob('SHA1*'): - # self.runSHA(i) + for i in katg('shabytetestvectors', 'SHA*Msg.rsp'): + self.runSHA(i) + def runSHA(self, fname): + # Skip SHA512_(224|256) tests + if fname.find('SHA512_') != -1: + return + + for hashlength, lines in cryptodev.KATParser(fname, + [ 'Len', 'Msg', 'MD' ]): + # E.g., hashlength will be "L=20" (bytes) + hashlen = int(hashlength.split("=")[1]) + + if hashlen == 20: + alg = cryptodev.CRYPTO_SHA1 + elif hashlen == 28: + alg = cryptodev.CRYPTO_SHA2_224 + elif hashlen == 32: + alg = cryptodev.CRYPTO_SHA2_256 + elif hashlen == 48: + alg = cryptodev.CRYPTO_SHA2_384 + elif hashlen == 64: + alg = cryptodev.CRYPTO_SHA2_512 + else: + # Skip unsupported hashes + # Slurp remaining input in section + for data in lines: + continue + continue + + for data in lines: + msg = data['Msg'].decode('hex') + msg = msg[:int(data['Len'])] + md = data['MD'].decode('hex') + + try: + c = Crypto(mac=alg, crid=crid, + maclen=hashlen) + except EnvironmentError, e: + # Can't test hashes the driver does not support. + if e.errno != errno.EOPNOTSUPP: + raise + continue + + _, r = c.encrypt(msg, iv="") + + self.assertEqual(r, md, "Actual: " + \ + repr(r.encode("hex")) + " Expected: " + repr(data) + " on " + cname) + @unittest.skipIf(cname not in shamodules, 'skipping SHA-HMAC on %s' % str(cname)) def test_sha1hmac(self): for i in katg('hmactestvectors', 'HMAC.rsp'): @@ -310,7 +355,7 @@ def GenTestCase(cname): try: c = Crypto(mac=alg, mackey=key, - crid=crid) + crid=crid, maclen=hashlen) except EnvironmentError, e: # Can't test hashes the driver does not support. if e.errno != errno.EOPNOTSUPP: @@ -319,13 +364,8 @@ def GenTestCase(cname): _, r = c.encrypt(msg, iv="") - # A limitation in cryptodev.py means we - # can only store MACs up to 16 bytes. - # That's good enough to validate the - # correct behavior, more or less. - maclen = min(tlen, 16) - self.assertEqual(r[:maclen], mac[:maclen], "Actual: " + \ - repr(r[:maclen].encode("hex")) + " Expected: " + repr(data)) + self.assertEqual(r[:tlen], mac, "Actual: " + \ + repr(r.encode("hex")) + " Expected: " + repr(data)) return GendCryptoTestCase