Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 03 Sep 2019 14:07:45 -0000
From:      John Baldwin <jhb@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r346616 - head/tests/sys/opencrypto
Message-ID:  <201904240016.x3O0GdlS024521@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: jhb
Date: Wed Apr 24 00:16:39 2019
New Revision: 346616
URL: https://svnweb.freebsd.org/changeset/base/346616

Log:
  Run the plain SHA digest tests from NIST.
  
  Pass in an explicit digest length to the Crypto constructor since it
  was assuming only sessions with a MAC key would have a MAC.  Passing
  an explicit size allows us to test the full digest in HMAC tests as
  well.
  
  Reviewed by:	cem
  MFC after:	1 month
  Sponsored by:	Chelsio Communications
  Differential Revision:	https://reviews.freebsd.org/D19884

Modified:
  head/tests/sys/opencrypto/cryptodev.py
  head/tests/sys/opencrypto/cryptotest.py

Modified: head/tests/sys/opencrypto/cryptodev.py
==============================================================================
--- head/tests/sys/opencrypto/cryptodev.py	Wed Apr 24 00:14:37 2019	(r346615)
+++ head/tests/sys/opencrypto/cryptodev.py	Wed Apr 24 00:16:39 2019	(r346616)
@@ -151,8 +151,9 @@ class Crypto:
 		return _findop(crid, '')[1]
 
 	def __init__(self, cipher=0, key=None, mac=0, mackey=None,
-	    crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE):
+	    crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE, maclen=None):
 		self._ses = None
+		self._maclen = maclen
 		ses = SessionOp2()
 		ses.cipher = cipher
 		ses.mac = mac
@@ -168,9 +169,6 @@ class Crypto:
 			ses.mackeylen = len(mackey)
 			mk = array.array('B', mackey)
 			ses.mackey = mk.buffer_info()[0]
-			self._maclen = 16	# parameterize?
-		else:
-			self._maclen = None
 
 		if not cipher and not mac:
 			raise ValueError('one of cipher or mac MUST be specified.')

Modified: head/tests/sys/opencrypto/cryptotest.py
==============================================================================
--- head/tests/sys/opencrypto/cryptotest.py	Wed Apr 24 00:14:37 2019	(r346615)
+++ head/tests/sys/opencrypto/cryptotest.py	Wed Apr 24 00:16:39 2019	(r346616)
@@ -114,7 +114,8 @@ def GenTestCase(cname):
 						c = Crypto(cryptodev.CRYPTO_AES_NIST_GCM_16,
 						    cipherkey,
 						    mac=self._gmacsizes[len(cipherkey)],
-						    mackey=cipherkey, crid=crid)
+						    mackey=cipherkey, crid=crid,
+						    maclen=16)
 					except EnvironmentError, e:
 						# Can't test algorithms the driver does not support.
 						if e.errno != errno.EOPNOTSUPP:
@@ -260,11 +261,55 @@ def GenTestCase(cname):
 		###############
 		@unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname))
 		def test_sha(self):
-			# SHA not available in software
-			pass
-			#for i in iglob('SHA1*'):
-			#	self.runSHA(i)
+			for i in katg('shabytetestvectors', 'SHA*Msg.rsp'):
+				self.runSHA(i)
 
+		def runSHA(self, fname):
+			# Skip SHA512_(224|256) tests
+			if fname.find('SHA512_') != -1:
+				return
+
+			for hashlength, lines in cryptodev.KATParser(fname,
+			    [ 'Len', 'Msg', 'MD' ]):
+				# E.g., hashlength will be "L=20" (bytes)
+				hashlen = int(hashlength.split("=")[1])
+
+				if hashlen == 20:
+					alg = cryptodev.CRYPTO_SHA1
+				elif hashlen == 28:
+					alg = cryptodev.CRYPTO_SHA2_224
+				elif hashlen == 32:
+					alg = cryptodev.CRYPTO_SHA2_256
+				elif hashlen == 48:
+					alg = cryptodev.CRYPTO_SHA2_384
+				elif hashlen == 64:
+					alg = cryptodev.CRYPTO_SHA2_512
+				else:
+					# Skip unsupported hashes
+					# Slurp remaining input in section
+					for data in lines:
+						continue
+					continue
+
+				for data in lines:
+					msg = data['Msg'].decode('hex')
+                                        msg = msg[:int(data['Len'])]
+					md = data['MD'].decode('hex')
+
+					try:
+						c = Crypto(mac=alg, crid=crid,
+						    maclen=hashlen)
+					except EnvironmentError, e:
+						# Can't test hashes the driver does not support.
+						if e.errno != errno.EOPNOTSUPP:
+							raise
+						continue
+
+					_, r = c.encrypt(msg, iv="")
+
+					self.assertEqual(r, md, "Actual: " + \
+					    repr(r.encode("hex")) + " Expected: " + repr(data) + " on " + cname)
+
 		@unittest.skipIf(cname not in shamodules, 'skipping SHA-HMAC on %s' % str(cname))
 		def test_sha1hmac(self):
 			for i in katg('hmactestvectors', 'HMAC.rsp'):
@@ -310,7 +355,7 @@ def GenTestCase(cname):
 
 					try:
 						c = Crypto(mac=alg, mackey=key,
-						    crid=crid)
+						    crid=crid, maclen=hashlen)
 					except EnvironmentError, e:
 						# Can't test hashes the driver does not support.
 						if e.errno != errno.EOPNOTSUPP:
@@ -319,13 +364,8 @@ def GenTestCase(cname):
 
 					_, r = c.encrypt(msg, iv="")
 
-					# A limitation in cryptodev.py means we
-					# can only store MACs up to 16 bytes.
-					# That's good enough to validate the
-					# correct behavior, more or less.
-					maclen = min(tlen, 16)
-					self.assertEqual(r[:maclen], mac[:maclen], "Actual: " + \
-					    repr(r[:maclen].encode("hex")) + " Expected: " + repr(data))
+					self.assertEqual(r[:tlen], mac, "Actual: " + \
+					    repr(r.encode("hex")) + " Expected: " + repr(data))
 
 	return GendCryptoTestCase
 





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201904240016.x3O0GdlS024521>