3 # Copyright (c) 2014 The FreeBSD Foundation
6 # This software was developed by John-Mark Gurney under
7 # the sponsorship from the FreeBSD Foundation.
8 # Redistribution and use in source and binary forms, with or without
9 # modification, are permitted provided that the following conditions
11 # 1. Redistributions of source code must retain the above copyright
12 # notice, this list of conditions and the following disclaimer.
13 # 2. Redistributions in binary form must reproduce the above copyright
14 # notice, this list of conditions and the following disclaimer in the
15 # documentation and/or other materials provided with the distribution.
17 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 from __future__ import print_function
39 from cryptodev import *
40 from glob import iglob
42 katdir = '/usr/local/share/nist-kat'
45 assert os.path.exists(os.path.join(katdir, base)), "Please 'pkg install nist-kat'"
46 return iglob(os.path.join(katdir, base, glob))
48 aesmodules = [ 'cryptosoft0', 'aesni0', 'ccr0', 'ccp0' ]
49 desmodules = [ 'cryptosoft0', ]
50 shamodules = [ 'cryptosoft0', 'aesni0', 'ccr0', 'ccp0' ]
52 def GenTestCase(cname):
54 crid = cryptodev.Crypto.findcrid(cname)
58 class GendCryptoTestCase(unittest.TestCase):
62 @unittest.skipIf(cname not in aesmodules, 'skipping AES on %s' % (cname))
64 for i in katg('XTSTestVectors/format tweak value input - data unit seq no', '*.rsp'):
65 self.runXTS(i, cryptodev.CRYPTO_AES_XTS)
67 @unittest.skipIf(cname not in aesmodules, 'skipping AES on %s' % (cname))
69 for i in katg('KAT_AES', 'CBC[GKV]*.rsp'):
72 @unittest.skipIf(cname not in aesmodules, 'skipping AES on %s' % (cname))
74 for i in katg('gcmtestvectors', 'gcmEncrypt*'):
75 self.runGCM(i, 'ENCRYPT')
77 for i in katg('gcmtestvectors', 'gcmDecrypt*'):
78 self.runGCM(i, 'DECRYPT')
80 _gmacsizes = { 32: cryptodev.CRYPTO_AES_256_NIST_GMAC,
81 24: cryptodev.CRYPTO_AES_192_NIST_GMAC,
82 16: cryptodev.CRYPTO_AES_128_NIST_GMAC,
84 def runGCM(self, fname, mode):
88 curfun = Crypto.encrypt
89 elif mode == 'DECRYPT':
91 curfun = Crypto.decrypt
93 raise RuntimeError('unknown mode: %r' % repr(mode))
95 for bogusmode, lines in cryptodev.KATParser(fname,
96 [ 'Count', 'Key', 'IV', 'CT', 'AAD', 'Tag', 'PT', ]):
98 curcnt = int(data['Count'])
99 cipherkey = data['Key'].decode('hex')
100 iv = data['IV'].decode('hex')
101 aad = data['AAD'].decode('hex')
102 tag = data['Tag'].decode('hex')
103 if 'FAIL' not in data:
104 pt = data['PT'].decode('hex')
105 ct = data['CT'].decode('hex')
108 # XXX - isn't supported
112 c = Crypto(cryptodev.CRYPTO_AES_NIST_GCM_16,
114 mac=self._gmacsizes[len(cipherkey)],
115 mackey=cipherkey, crid=crid)
116 except EnvironmentError, e:
117 # Can't test algorithms the driver does not support.
118 if e.errno != errno.EOPNOTSUPP:
122 if mode == 'ENCRYPT':
124 rct, rtag = c.encrypt(pt, iv, aad)
125 except EnvironmentError, e:
126 # Can't test inputs the driver does not support.
127 if e.errno != errno.EINVAL:
130 rtag = rtag[:len(tag)]
131 data['rct'] = rct.encode('hex')
132 data['rtag'] = rtag.encode('hex')
133 self.assertEqual(rct, ct, repr(data))
134 self.assertEqual(rtag, tag, repr(data))
138 args = (ct, iv, aad, tag)
140 self.assertRaises(IOError,
144 rpt, rtag = c.decrypt(*args)
145 except EnvironmentError, e:
146 # Can't test inputs the driver does not support.
147 if e.errno != errno.EINVAL:
150 data['rpt'] = rpt.encode('hex')
151 data['rtag'] = rtag.encode('hex')
152 self.assertEqual(rpt, pt,
155 def runCBC(self, fname):
157 for mode, lines in cryptodev.KATParser(fname,
158 [ 'COUNT', 'KEY', 'IV', 'PLAINTEXT', 'CIPHERTEXT', ]):
159 if mode == 'ENCRYPT':
161 curfun = Crypto.encrypt
162 elif mode == 'DECRYPT':
164 curfun = Crypto.decrypt
166 raise RuntimeError('unknown mode: %r' % repr(mode))
169 curcnt = int(data['COUNT'])
170 cipherkey = data['KEY'].decode('hex')
171 iv = data['IV'].decode('hex')
172 pt = data['PLAINTEXT'].decode('hex')
173 ct = data['CIPHERTEXT'].decode('hex')
178 c = Crypto(cryptodev.CRYPTO_AES_CBC, cipherkey, crid=crid)
179 r = curfun(c, pt, iv)
180 self.assertEqual(r, ct)
182 def runXTS(self, fname, meth):
184 for mode, lines in cryptodev.KATParser(fname,
185 [ 'COUNT', 'DataUnitLen', 'Key', 'DataUnitSeqNumber', 'PT',
187 if mode == 'ENCRYPT':
189 curfun = Crypto.encrypt
190 elif mode == 'DECRYPT':
192 curfun = Crypto.decrypt
194 raise RuntimeError('unknown mode: %r' % repr(mode))
197 curcnt = int(data['COUNT'])
198 nbits = int(data['DataUnitLen'])
199 cipherkey = data['Key'].decode('hex')
200 iv = struct.pack('QQ', int(data['DataUnitSeqNumber']), 0)
201 pt = data['PT'].decode('hex')
202 ct = data['CT'].decode('hex')
205 # XXX - mark as skipped
211 c = Crypto(meth, cipherkey, crid=crid)
212 r = curfun(c, pt, iv)
213 except EnvironmentError, e:
214 # Can't test hashes the driver does not support.
215 if e.errno != errno.EOPNOTSUPP:
218 self.assertEqual(r, ct)
223 @unittest.skipIf(cname not in desmodules, 'skipping DES on %s' % (cname))
225 for i in katg('KAT_TDES', 'TCBC[a-z]*.rsp'):
228 def runTDES(self, fname):
230 for mode, lines in cryptodev.KATParser(fname,
231 [ 'COUNT', 'KEYs', 'IV', 'PLAINTEXT', 'CIPHERTEXT', ]):
232 if mode == 'ENCRYPT':
234 curfun = Crypto.encrypt
235 elif mode == 'DECRYPT':
237 curfun = Crypto.decrypt
239 raise RuntimeError('unknown mode: %r' % repr(mode))
242 curcnt = int(data['COUNT'])
243 key = data['KEYs'] * 3
244 cipherkey = key.decode('hex')
245 iv = data['IV'].decode('hex')
246 pt = data['PLAINTEXT'].decode('hex')
247 ct = data['CIPHERTEXT'].decode('hex')
252 c = Crypto(cryptodev.CRYPTO_3DES_CBC, cipherkey, crid=crid)
253 r = curfun(c, pt, iv)
254 self.assertEqual(r, ct)
259 @unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname))
261 # SHA not available in software
263 #for i in iglob('SHA1*'):
266 @unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname))
267 def test_sha1hmac(self):
268 for i in katg('hmactestvectors', 'HMAC.rsp'):
271 def runSHA1HMAC(self, fname):
272 for hashlength, lines in cryptodev.KATParser(fname,
273 [ 'Count', 'Klen', 'Tlen', 'Key', 'Msg', 'Mac' ]):
274 # E.g., hashlength will be "L=20" (bytes)
275 hashlen = int(hashlength.split("=")[1])
279 alg = cryptodev.CRYPTO_SHA1_HMAC
282 # Cryptodev doesn't support SHA-224
283 # Slurp remaining input in section
288 alg = cryptodev.CRYPTO_SHA2_256_HMAC
291 alg = cryptodev.CRYPTO_SHA2_384_HMAC
294 alg = cryptodev.CRYPTO_SHA2_512_HMAC
297 # Skip unsupported hashes
298 # Slurp remaining input in section
304 key = data['Key'].decode('hex')
305 msg = data['Msg'].decode('hex')
306 mac = data['Mac'].decode('hex')
307 tlen = int(data['Tlen'])
309 if len(key) > blocksize:
313 c = Crypto(mac=alg, mackey=key,
315 except EnvironmentError, e:
316 # Can't test hashes the driver does not support.
317 if e.errno != errno.EOPNOTSUPP:
321 _, r = c.encrypt(msg, iv="")
323 # A limitation in cryptodev.py means we
324 # can only store MACs up to 16 bytes.
325 # That's good enough to validate the
326 # correct behavior, more or less.
327 maclen = min(tlen, 16)
328 self.assertEqual(r[:maclen], mac[:maclen], "Actual: " + \
329 repr(r[:maclen].encode("hex")) + " Expected: " + repr(data))
331 return GendCryptoTestCase
333 cryptosoft = GenTestCase('cryptosoft0')
334 aesni = GenTestCase('aesni0')
335 ccr = GenTestCase('ccr0')
336 ccp = GenTestCase('ccp0')
338 if __name__ == '__main__':