1 #!/usr/local/bin/python3
3 # Copyright (c) 2014 The FreeBSD Foundation
5 # Copyright 2019 Enji Cooper
7 # This software was developed by John-Mark Gurney under
8 # the sponsorship from the FreeBSD Foundation.
9 # Redistribution and use in source and binary forms, with or without
10 # modification, are permitted provided that the following conditions
12 # 1. Redistributions of source code must retain the above copyright
13 # notice, this list of conditions and the following disclaimer.
14 # 2. Redistributions in binary form must reproduce the above copyright
15 # notice, this list of conditions and the following disclaimer in the
16 # documentation and/or other materials provided with the distribution.
18 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 from cryptodev import *
43 from glob import iglob
45 katdir = '/usr/local/share/nist-kat'
48 assert os.path.exists(katdir), "Please 'pkg install nist-kat'"
49 if not os.path.exists(os.path.join(katdir, base)):
50 raise unittest.SkipTest("Missing %s test vectors" % (base))
51 return iglob(os.path.join(katdir, base, glob))
53 aesmodules = [ 'cryptosoft0', 'aesni0', 'armv8crypto0', 'ccr0', 'ccp0', 'safexcel0', 'qat0' ]
54 shamodules = [ 'cryptosoft0', 'aesni0', 'armv8crypto0', 'ccr0', 'ccp0', 'ossl0', 'safexcel0', 'qat0' ]
56 def GenTestCase(cname):
58 crid = cryptodev.Crypto.findcrid(cname)
62 class GendCryptoTestCase(unittest.TestCase):
66 @unittest.skipIf(cname not in aesmodules, 'skipping AES-XTS on %s' % (cname))
68 for i in katg('XTSTestVectors/format tweak value input - data unit seq no', '*.rsp'):
69 self.runXTS(i, cryptodev.CRYPTO_AES_XTS)
71 @unittest.skipIf(cname not in aesmodules, 'skipping AES-CBC on %s' % (cname))
73 for i in katg('KAT_AES', 'CBC[GKV]*.rsp'):
76 @unittest.skipIf(cname not in aesmodules, 'skipping AES-CCM on %s' % (cname))
78 for i in katg('ccmtestvectors', 'V*.rsp'):
81 for i in katg('ccmtestvectors', 'D*.rsp'):
84 @unittest.skipIf(cname not in aesmodules, 'skipping AES-GCM on %s' % (cname))
86 for i in katg('gcmtestvectors', 'gcmEncrypt*'):
87 self.runGCM(i, 'ENCRYPT')
89 for i in katg('gcmtestvectors', 'gcmDecrypt*'):
90 self.runGCM(i, 'DECRYPT')
92 def runGCM(self, fname, mode):
96 curfun = Crypto.encrypt
97 elif mode == 'DECRYPT':
99 curfun = Crypto.decrypt
101 raise RuntimeError('unknown mode: %r' % repr(mode))
103 columns = [ 'Count', 'Key', 'IV', 'CT', 'AAD', 'Tag', 'PT', ]
104 with cryptodev.KATParser(fname, columns) as parser:
105 self.runGCMWithParser(parser, mode)
107 def runGCMWithParser(self, parser, mode):
108 for _, lines in next(parser):
110 curcnt = int(data['Count'])
111 cipherkey = binascii.unhexlify(data['Key'])
112 iv = binascii.unhexlify(data['IV'])
113 aad = binascii.unhexlify(data['AAD'])
114 tag = binascii.unhexlify(data['Tag'])
115 if 'FAIL' not in data:
116 pt = binascii.unhexlify(data['PT'])
117 ct = binascii.unhexlify(data['CT'])
120 # XXX - isn't supported
124 c = Crypto(cryptodev.CRYPTO_AES_NIST_GCM_16,
125 cipherkey, crid=crid,
127 except EnvironmentError as e:
128 # Can't test algorithms the driver does not support.
129 if e.errno != errno.EOPNOTSUPP:
133 if mode == 'ENCRYPT':
135 rct, rtag = c.encrypt(pt, iv, aad)
136 except EnvironmentError as e:
137 # Can't test inputs the driver does not support.
138 if e.errno != errno.EINVAL:
141 rtag = rtag[:len(tag)]
142 data['rct'] = binascii.hexlify(rct)
143 data['rtag'] = binascii.hexlify(rtag)
144 self.assertEqual(rct, ct, repr(data))
145 self.assertEqual(rtag, tag, repr(data))
149 args = (ct, iv, aad, tag)
151 self.assertRaises(IOError,
155 rpt, rtag = c.decrypt(*args)
156 except EnvironmentError as e:
157 # Can't test inputs the driver does not support.
158 if e.errno != errno.EINVAL:
161 data['rpt'] = binascii.hexlify(rpt)
162 data['rtag'] = binascii.hexlify(rtag)
163 self.assertEqual(rpt, pt,
166 def runCBC(self, fname):
167 columns = [ 'COUNT', 'KEY', 'IV', 'PLAINTEXT', 'CIPHERTEXT', ]
168 with cryptodev.KATParser(fname, columns) as parser:
169 self.runCBCWithParser(parser)
171 def runCBCWithParser(self, parser):
173 for mode, lines in next(parser):
174 if mode == 'ENCRYPT':
176 curfun = Crypto.encrypt
177 elif mode == 'DECRYPT':
179 curfun = Crypto.decrypt
181 raise RuntimeError('unknown mode: %r' % repr(mode))
184 curcnt = int(data['COUNT'])
185 cipherkey = binascii.unhexlify(data['KEY'])
186 iv = binascii.unhexlify(data['IV'])
187 pt = binascii.unhexlify(data['PLAINTEXT'])
188 ct = binascii.unhexlify(data['CIPHERTEXT'])
193 c = Crypto(cryptodev.CRYPTO_AES_CBC, cipherkey, crid=crid)
194 r = curfun(c, pt, iv)
195 self.assertEqual(r, ct)
197 def runXTS(self, fname, meth):
198 columns = [ 'COUNT', 'DataUnitLen', 'Key', 'DataUnitSeqNumber', 'PT',
200 with cryptodev.KATParser(fname, columns) as parser:
201 self.runXTSWithParser(parser, meth)
203 def runXTSWithParser(self, parser, meth):
205 for mode, lines in next(parser):
206 if mode == 'ENCRYPT':
208 curfun = Crypto.encrypt
209 elif mode == 'DECRYPT':
211 curfun = Crypto.decrypt
213 raise RuntimeError('unknown mode: %r' % repr(mode))
216 curcnt = int(data['COUNT'])
217 nbits = int(data['DataUnitLen'])
218 cipherkey = binascii.unhexlify(data['Key'])
219 iv = struct.pack('QQ', int(data['DataUnitSeqNumber']), 0)
220 pt = binascii.unhexlify(data['PT'])
221 ct = binascii.unhexlify(data['CT'])
224 # XXX - mark as skipped
230 c = Crypto(meth, cipherkey, crid=crid)
231 r = curfun(c, pt, iv)
232 except EnvironmentError as e:
233 # Can't test hashes the driver does not support.
234 if e.errno != errno.EOPNOTSUPP:
237 self.assertEqual(r, ct)
239 def runCCMEncrypt(self, fname):
240 with cryptodev.KATCCMParser(fname) as parser:
241 self.runCCMEncryptWithParser(parser)
243 def runCCMEncryptWithParser(self, parser):
244 for data in next(parser):
245 Nlen = int(data['Nlen'])
246 Tlen = int(data['Tlen'])
247 key = binascii.unhexlify(data['Key'])
248 nonce = binascii.unhexlify(data['Nonce'])
249 Alen = int(data['Alen'])
250 Plen = int(data['Plen'])
252 aad = binascii.unhexlify(data['Adata'])
256 payload = binascii.unhexlify(data['Payload'])
259 ct = binascii.unhexlify(data['CT'])
262 c = Crypto(crid=crid,
263 cipher=cryptodev.CRYPTO_AES_CCM_16,
265 mackey=key, maclen=Tlen, ivlen=Nlen)
266 r, tag = Crypto.encrypt(c, payload,
268 except EnvironmentError as e:
269 if e.errno != errno.EOPNOTSUPP:
274 self.assertEqual(out, ct,
275 "Count " + data['Count'] + " Actual: " + \
276 repr(binascii.hexlify(out)) + " Expected: " + \
277 repr(data) + " on " + cname)
279 def runCCMDecrypt(self, fname):
280 with cryptodev.KATCCMParser(fname) as parser:
281 self.runCCMDecryptWithParser(parser)
283 def runCCMDecryptWithParser(self, parser):
284 for data in next(parser):
285 Nlen = int(data['Nlen'])
286 Tlen = int(data['Tlen'])
287 key = binascii.unhexlify(data['Key'])
288 nonce = binascii.unhexlify(data['Nonce'])
289 Alen = int(data['Alen'])
290 Plen = int(data['Plen'])
292 aad = binascii.unhexlify(data['Adata'])
295 ct = binascii.unhexlify(data['CT'])
303 c = Crypto(crid=crid,
304 cipher=cryptodev.CRYPTO_AES_CCM_16,
306 mackey=key, maclen=Tlen, ivlen=Nlen)
307 except EnvironmentError as e:
308 if e.errno != errno.EOPNOTSUPP:
312 if data['Result'] == 'Fail':
313 self.assertRaises(IOError,
314 c.decrypt, payload, nonce, aad, tag)
316 r, tag = Crypto.decrypt(c, payload, nonce,
319 payload = binascii.unhexlify(data['Payload'])
320 payload = payload[:Plen]
321 self.assertEqual(r, payload,
322 "Count " + data['Count'] + \
323 " Actual: " + repr(binascii.hexlify(r)) + \
324 " Expected: " + repr(data) + \
330 @unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname))
332 for i in katg('shabytetestvectors', 'SHA*Msg.rsp'):
335 def runSHA(self, fname):
336 # Skip SHA512_(224|256) tests
337 if fname.find('SHA512_') != -1:
339 columns = [ 'Len', 'Msg', 'MD' ]
340 with cryptodev.KATParser(fname, columns) as parser:
341 self.runSHAWithParser(parser)
343 def runSHAWithParser(self, parser):
344 for hashlength, lines in next(parser):
345 # E.g., hashlength will be "L=20" (bytes)
346 hashlen = int(hashlength.split("=")[1])
349 alg = cryptodev.CRYPTO_SHA1
351 alg = cryptodev.CRYPTO_SHA2_224
353 alg = cryptodev.CRYPTO_SHA2_256
355 alg = cryptodev.CRYPTO_SHA2_384
357 alg = cryptodev.CRYPTO_SHA2_512
359 # Skip unsupported hashes
360 # Slurp remaining input in section
366 msg = binascii.unhexlify(data['Msg'])
367 msg = msg[:int(data['Len'])]
368 md = binascii.unhexlify(data['MD'])
371 c = Crypto(mac=alg, crid=crid,
373 except EnvironmentError as e:
374 # Can't test hashes the driver does not support.
375 if e.errno != errno.EOPNOTSUPP:
379 _, r = c.encrypt(msg, iv="")
381 self.assertEqual(r, md, "Actual: " + \
382 repr(binascii.hexlify(r)) + " Expected: " + repr(data) + " on " + cname)
384 @unittest.skipIf(cname not in shamodules, 'skipping SHA-HMAC on %s' % str(cname))
385 def test_sha1hmac(self):
386 for i in katg('hmactestvectors', 'HMAC.rsp'):
389 def runSHA1HMAC(self, fname):
390 columns = [ 'Count', 'Klen', 'Tlen', 'Key', 'Msg', 'Mac' ]
391 with cryptodev.KATParser(fname, columns) as parser:
392 self.runSHA1HMACWithParser(parser)
394 def runSHA1HMACWithParser(self, parser):
395 for hashlength, lines in next(parser):
396 # E.g., hashlength will be "L=20" (bytes)
397 hashlen = int(hashlength.split("=")[1])
401 alg = cryptodev.CRYPTO_SHA1_HMAC
404 alg = cryptodev.CRYPTO_SHA2_224_HMAC
407 alg = cryptodev.CRYPTO_SHA2_256_HMAC
410 alg = cryptodev.CRYPTO_SHA2_384_HMAC
413 alg = cryptodev.CRYPTO_SHA2_512_HMAC
416 # Skip unsupported hashes
417 # Slurp remaining input in section
423 key = binascii.unhexlify(data['Key'])
424 msg = binascii.unhexlify(data['Msg'])
425 mac = binascii.unhexlify(data['Mac'])
426 tlen = int(data['Tlen'])
428 if len(key) > blocksize:
432 c = Crypto(mac=alg, mackey=key,
433 crid=crid, maclen=hashlen)
434 except EnvironmentError as e:
435 # Can't test hashes the driver does not support.
436 if e.errno != errno.EOPNOTSUPP:
440 _, r = c.encrypt(msg, iv="")
442 self.assertEqual(r[:tlen], mac, "Actual: " + \
443 repr(binascii.hexlify(r)) + " Expected: " + repr(data))
445 return GendCryptoTestCase
447 cryptosoft = GenTestCase('cryptosoft0')
448 aesni = GenTestCase('aesni0')
449 armv8crypto = GenTestCase('armv8crypto0')
450 ccr = GenTestCase('ccr0')
451 ccp = GenTestCase('ccp0')
452 ossl = GenTestCase('ossl0')
453 safexcel = GenTestCase('safexcel0')
454 qat = GenTestCase('qat0')
456 if __name__ == '__main__':