From owner-svn-src-head@freebsd.org Tue Sep 3 14:07:45 2019 Return-Path: Delivered-To: svn-src-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 09F3FDDACF; Tue, 3 Sep 2019 14:07:26 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46N80Y3g4Xz4QbP; Tue, 3 Sep 2019 14:07:25 +0000 (UTC) (envelope-from yuripv@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1452) id 2416F1B608; Tue, 3 Sep 2019 14:06:39 +0000 (UTC) X-Original-To: yuripv@localmail.freebsd.org Delivered-To: yuripv@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 211B3E5E4; Wed, 24 Apr 2019 00:16:44 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2B1716AB72; Wed, 24 Apr 2019 00:16:43 +0000 (UTC) (envelope-from owner-src-committers@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 538) id 0ECC8E57B; Wed, 24 Apr 2019 00:16:43 +0000 (UTC) Delivered-To: src-committers@localmail.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mx1.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by freefall.freebsd.org (Postfix) with ESMTPS id 466E4E579 for ; Wed, 24 Apr 2019 00:16:40 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E8FB16AB6D; Wed, 24 Apr 2019 00:16:39 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id BD2F5450B; Wed, 24 Apr 2019 00:16:39 +0000 (UTC) (envelope-from jhb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x3O0GdiP024522; Wed, 24 Apr 2019 00:16:39 GMT (envelope-from jhb@FreeBSD.org) Received: (from jhb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id x3O0GdlS024521; Wed, 24 Apr 2019 00:16:39 GMT (envelope-from jhb@FreeBSD.org) Message-Id: <201904240016.x3O0GdlS024521@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jhb set sender to jhb@FreeBSD.org using -f From: John Baldwin To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r346616 - head/tests/sys/opencrypto X-SVN-Group: head X-SVN-Commit-Author: jhb X-SVN-Commit-Paths: head/tests/sys/opencrypto X-SVN-Commit-Revision: 346616 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk X-Loop: FreeBSD.org Sender: owner-src-committers@freebsd.org X-Rspamd-Queue-Id: 2B1716AB72 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.98)[-0.979,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Status: O X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Tue, 03 Sep 2019 14:07:45 -0000 X-Original-Date: Wed, 24 Apr 2019 00:16:39 +0000 (UTC) X-List-Received-Date: Tue, 03 Sep 2019 14:07:45 -0000 Author: jhb Date: Wed Apr 24 00:16:39 2019 New Revision: 346616 URL: https://svnweb.freebsd.org/changeset/base/346616 Log: Run the plain SHA digest tests from NIST. Pass in an explicit digest length to the Crypto constructor since it was assuming only sessions with a MAC key would have a MAC. Passing an explicit size allows us to test the full digest in HMAC tests as well. Reviewed by: cem MFC after: 1 month Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D19884 Modified: head/tests/sys/opencrypto/cryptodev.py head/tests/sys/opencrypto/cryptotest.py Modified: head/tests/sys/opencrypto/cryptodev.py ============================================================================== --- head/tests/sys/opencrypto/cryptodev.py Wed Apr 24 00:14:37 2019 (r346615) +++ head/tests/sys/opencrypto/cryptodev.py Wed Apr 24 00:16:39 2019 (r346616) @@ -151,8 +151,9 @@ class Crypto: return _findop(crid, '')[1] def __init__(self, cipher=0, key=None, mac=0, mackey=None, - crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE): + crid=CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_HARDWARE, maclen=None): self._ses = None + self._maclen = maclen ses = SessionOp2() ses.cipher = cipher ses.mac = mac @@ -168,9 +169,6 @@ class Crypto: ses.mackeylen = len(mackey) mk = array.array('B', mackey) ses.mackey = mk.buffer_info()[0] - self._maclen = 16 # parameterize? - else: - self._maclen = None if not cipher and not mac: raise ValueError('one of cipher or mac MUST be specified.') Modified: head/tests/sys/opencrypto/cryptotest.py ============================================================================== --- head/tests/sys/opencrypto/cryptotest.py Wed Apr 24 00:14:37 2019 (r346615) +++ head/tests/sys/opencrypto/cryptotest.py Wed Apr 24 00:16:39 2019 (r346616) @@ -114,7 +114,8 @@ def GenTestCase(cname): c = Crypto(cryptodev.CRYPTO_AES_NIST_GCM_16, cipherkey, mac=self._gmacsizes[len(cipherkey)], - mackey=cipherkey, crid=crid) + mackey=cipherkey, crid=crid, + maclen=16) except EnvironmentError, e: # Can't test algorithms the driver does not support. if e.errno != errno.EOPNOTSUPP: @@ -260,11 +261,55 @@ def GenTestCase(cname): ############### @unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname)) def test_sha(self): - # SHA not available in software - pass - #for i in iglob('SHA1*'): - # self.runSHA(i) + for i in katg('shabytetestvectors', 'SHA*Msg.rsp'): + self.runSHA(i) + def runSHA(self, fname): + # Skip SHA512_(224|256) tests + if fname.find('SHA512_') != -1: + return + + for hashlength, lines in cryptodev.KATParser(fname, + [ 'Len', 'Msg', 'MD' ]): + # E.g., hashlength will be "L=20" (bytes) + hashlen = int(hashlength.split("=")[1]) + + if hashlen == 20: + alg = cryptodev.CRYPTO_SHA1 + elif hashlen == 28: + alg = cryptodev.CRYPTO_SHA2_224 + elif hashlen == 32: + alg = cryptodev.CRYPTO_SHA2_256 + elif hashlen == 48: + alg = cryptodev.CRYPTO_SHA2_384 + elif hashlen == 64: + alg = cryptodev.CRYPTO_SHA2_512 + else: + # Skip unsupported hashes + # Slurp remaining input in section + for data in lines: + continue + continue + + for data in lines: + msg = data['Msg'].decode('hex') + msg = msg[:int(data['Len'])] + md = data['MD'].decode('hex') + + try: + c = Crypto(mac=alg, crid=crid, + maclen=hashlen) + except EnvironmentError, e: + # Can't test hashes the driver does not support. + if e.errno != errno.EOPNOTSUPP: + raise + continue + + _, r = c.encrypt(msg, iv="") + + self.assertEqual(r, md, "Actual: " + \ + repr(r.encode("hex")) + " Expected: " + repr(data) + " on " + cname) + @unittest.skipIf(cname not in shamodules, 'skipping SHA-HMAC on %s' % str(cname)) def test_sha1hmac(self): for i in katg('hmactestvectors', 'HMAC.rsp'): @@ -310,7 +355,7 @@ def GenTestCase(cname): try: c = Crypto(mac=alg, mackey=key, - crid=crid) + crid=crid, maclen=hashlen) except EnvironmentError, e: # Can't test hashes the driver does not support. if e.errno != errno.EOPNOTSUPP: @@ -319,13 +364,8 @@ def GenTestCase(cname): _, r = c.encrypt(msg, iv="") - # A limitation in cryptodev.py means we - # can only store MACs up to 16 bytes. - # That's good enough to validate the - # correct behavior, more or less. - maclen = min(tlen, 16) - self.assertEqual(r[:maclen], mac[:maclen], "Actual: " + \ - repr(r[:maclen].encode("hex")) + " Expected: " + repr(data)) + self.assertEqual(r[:tlen], mac, "Actual: " + \ + repr(r.encode("hex")) + " Expected: " + repr(data)) return GendCryptoTestCase