1 #!/usr/local/bin/python2
3 # Copyright (c) 2014 The FreeBSD Foundation
6 # This software was developed by John-Mark Gurney under
7 # the sponsorship from the FreeBSD Foundation.
8 # Redistribution and use in source and binary forms, with or without
9 # modification, are permitted provided that the following conditions
11 # 1. Redistributions of source code must retain the above copyright
12 # notice, this list of conditions and the following disclaimer.
13 # 2. Redistributions in binary form must reproduce the above copyright
14 # notice, this list of conditions and the following disclaimer in the
15 # documentation and/or other materials provided with the distribution.
17 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 from __future__ import print_function
41 from cryptodev import *
42 from glob import iglob
44 katdir = '/usr/local/share/nist-kat'
47 assert os.path.exists(katdir), "Please 'pkg install nist-kat'"
48 if not os.path.exists(os.path.join(katdir, base)):
49 raise unittest.SkipTest("Missing %s test vectors" % (base))
50 return iglob(os.path.join(katdir, base, glob))
52 aesmodules = [ 'cryptosoft0', 'aesni0', 'ccr0', 'ccp0' ]
53 desmodules = [ 'cryptosoft0', ]
54 shamodules = [ 'cryptosoft0', 'aesni0', 'ccr0', 'ccp0' ]
56 def GenTestCase(cname):
58 crid = cryptodev.Crypto.findcrid(cname)
62 class GendCryptoTestCase(unittest.TestCase):
66 @unittest.skipIf(cname not in aesmodules, 'skipping AES-XTS on %s' % (cname))
68 for i in katg('XTSTestVectors/format tweak value input - data unit seq no', '*.rsp'):
69 self.runXTS(i, cryptodev.CRYPTO_AES_XTS)
71 @unittest.skipIf(cname not in aesmodules, 'skipping AES-CBC on %s' % (cname))
73 for i in katg('KAT_AES', 'CBC[GKV]*.rsp'):
76 @unittest.skipIf(cname not in aesmodules, 'skipping AES-CCM on %s' % (cname))
78 for i in katg('ccmtestvectors', 'V*.rsp'):
81 for i in katg('ccmtestvectors', 'D*.rsp'):
84 @unittest.skipIf(cname not in aesmodules, 'skipping AES-GCM on %s' % (cname))
86 for i in katg('gcmtestvectors', 'gcmEncrypt*'):
87 self.runGCM(i, 'ENCRYPT')
89 for i in katg('gcmtestvectors', 'gcmDecrypt*'):
90 self.runGCM(i, 'DECRYPT')
92 _gmacsizes = { 32: cryptodev.CRYPTO_AES_256_NIST_GMAC,
93 24: cryptodev.CRYPTO_AES_192_NIST_GMAC,
94 16: cryptodev.CRYPTO_AES_128_NIST_GMAC,
96 def runGCM(self, fname, mode):
100 curfun = Crypto.encrypt
101 elif mode == 'DECRYPT':
103 curfun = Crypto.decrypt
105 raise RuntimeError('unknown mode: %r' % repr(mode))
107 for bogusmode, lines in cryptodev.KATParser(fname,
108 [ 'Count', 'Key', 'IV', 'CT', 'AAD', 'Tag', 'PT', ]):
110 curcnt = int(data['Count'])
111 cipherkey = binascii.unhexlify(data['Key'])
112 iv = binascii.unhexlify(data['IV'])
113 aad = binascii.unhexlify(data['AAD'])
114 tag = binascii.unhexlify(data['Tag'])
115 if 'FAIL' not in data:
116 pt = binascii.unhexlify(data['PT'])
117 ct = binascii.unhexlify(data['CT'])
120 # XXX - isn't supported
124 c = Crypto(cryptodev.CRYPTO_AES_NIST_GCM_16,
126 mac=self._gmacsizes[len(cipherkey)],
127 mackey=cipherkey, crid=crid,
129 except EnvironmentError as e:
130 # Can't test algorithms the driver does not support.
131 if e.errno != errno.EOPNOTSUPP:
135 if mode == 'ENCRYPT':
137 rct, rtag = c.encrypt(pt, iv, aad)
138 except EnvironmentError as e:
139 # Can't test inputs the driver does not support.
140 if e.errno != errno.EINVAL:
143 rtag = rtag[:len(tag)]
144 data['rct'] = binascii.hexlify(rct)
145 data['rtag'] = binascii.hexlify(rtag)
146 self.assertEqual(rct, ct, repr(data))
147 self.assertEqual(rtag, tag, repr(data))
151 args = (ct, iv, aad, tag)
153 self.assertRaises(IOError,
157 rpt, rtag = c.decrypt(*args)
158 except EnvironmentError as e:
159 # Can't test inputs the driver does not support.
160 if e.errno != errno.EINVAL:
163 data['rpt'] = binascii.hexlify(rpt)
164 data['rtag'] = binascii.hexlify(rtag)
165 self.assertEqual(rpt, pt,
168 def runCBC(self, fname):
170 for mode, lines in cryptodev.KATParser(fname,
171 [ 'COUNT', 'KEY', 'IV', 'PLAINTEXT', 'CIPHERTEXT', ]):
172 if mode == 'ENCRYPT':
174 curfun = Crypto.encrypt
175 elif mode == 'DECRYPT':
177 curfun = Crypto.decrypt
179 raise RuntimeError('unknown mode: %r' % repr(mode))
182 curcnt = int(data['COUNT'])
183 cipherkey = binascii.unhexlify(data['KEY'])
184 iv = binascii.unhexlify(data['IV'])
185 pt = binascii.unhexlify(data['PLAINTEXT'])
186 ct = binascii.unhexlify(data['CIPHERTEXT'])
191 c = Crypto(cryptodev.CRYPTO_AES_CBC, cipherkey, crid=crid)
192 r = curfun(c, pt, iv)
193 self.assertEqual(r, ct)
195 def runXTS(self, fname, meth):
197 for mode, lines in cryptodev.KATParser(fname,
198 [ 'COUNT', 'DataUnitLen', 'Key', 'DataUnitSeqNumber', 'PT',
200 if mode == 'ENCRYPT':
202 curfun = Crypto.encrypt
203 elif mode == 'DECRYPT':
205 curfun = Crypto.decrypt
207 raise RuntimeError('unknown mode: %r' % repr(mode))
210 curcnt = int(data['COUNT'])
211 nbits = int(data['DataUnitLen'])
212 cipherkey = binascii.unhexlify(data['Key'])
213 iv = struct.pack('QQ', int(data['DataUnitSeqNumber']), 0)
214 pt = binascii.unhexlify(data['PT'])
215 ct = binascii.unhexlify(data['CT'])
218 # XXX - mark as skipped
224 c = Crypto(meth, cipherkey, crid=crid)
225 r = curfun(c, pt, iv)
226 except EnvironmentError as e:
227 # Can't test hashes the driver does not support.
228 if e.errno != errno.EOPNOTSUPP:
231 self.assertEqual(r, ct)
233 def runCCMEncrypt(self, fname):
234 for data in cryptodev.KATCCMParser(fname):
235 Nlen = int(data['Nlen'])
237 # OCF only supports 12 byte IVs
239 key = binascii.unhexlify(data['Key'])
240 nonce = binascii.unhexlify(data['Nonce'])
241 Alen = int(data['Alen'])
243 aad = binascii.unhexlify(data['Adata'])
246 payload = binascii.unhexlify(data['Payload'])
247 ct = binascii.unhexlify(data['CT'])
250 c = Crypto(crid=crid,
251 cipher=cryptodev.CRYPTO_AES_CCM_16,
253 mac=cryptodev.CRYPTO_AES_CCM_CBC_MAC,
254 mackey=key, maclen=16)
255 r, tag = Crypto.encrypt(c, payload,
257 except EnvironmentError as e:
258 if e.errno != errno.EOPNOTSUPP:
263 self.assertEqual(out, ct,
264 "Count " + data['Count'] + " Actual: " + \
265 repr(binascii.hexlify(out)) + " Expected: " + \
266 repr(data) + " on " + cname)
268 def runCCMDecrypt(self, fname):
269 # XXX: Note that all of the current CCM
270 # decryption test vectors use IV and tag sizes
271 # that aren't supported by OCF none of the
272 # tests are actually ran.
273 for data in cryptodev.KATCCMParser(fname):
274 Nlen = int(data['Nlen'])
276 # OCF only supports 12 byte IVs
278 Tlen = int(data['Tlen'])
280 # OCF only supports 16 byte tags
282 key = binascii.unhexlify(data['Key'])
283 nonce = binascii.unhexlify(data['Nonce'])
284 Alen = int(data['Alen'])
286 aad = binascii.unhexlify(data['Adata'])
289 ct = binascii.unhexlify(data['CT'])
294 c = Crypto(crid=crid,
295 cipher=cryptodev.CRYPTO_AES_CCM_16,
297 mac=cryptodev.CRYPTO_AES_CCM_CBC_MAC,
298 mackey=key, maclen=16)
299 except EnvironmentError as e:
300 if e.errno != errno.EOPNOTSUPP:
304 if data['Result'] == 'Fail':
305 self.assertRaises(IOError,
306 c.decrypt, payload, nonce, aad, tag)
308 r = Crypto.decrypt(c, payload, nonce,
311 payload = binascii.unhexlify(data['Payload'])
312 plen = int(data('Plen'))
313 payload = payload[:plen]
314 self.assertEqual(r, payload,
315 "Count " + data['Count'] + \
316 " Actual: " + repr(binascii.hexlify(r)) + \
317 " Expected: " + repr(data) + \
323 @unittest.skipIf(cname not in desmodules, 'skipping DES on %s' % (cname))
325 for i in katg('KAT_TDES', 'TCBC[a-z]*.rsp'):
328 def runTDES(self, fname):
330 for mode, lines in cryptodev.KATParser(fname,
331 [ 'COUNT', 'KEYs', 'IV', 'PLAINTEXT', 'CIPHERTEXT', ]):
332 if mode == 'ENCRYPT':
334 curfun = Crypto.encrypt
335 elif mode == 'DECRYPT':
337 curfun = Crypto.decrypt
339 raise RuntimeError('unknown mode: %r' % repr(mode))
342 curcnt = int(data['COUNT'])
343 key = data['KEYs'] * 3
344 cipherkey = binascii.unhexlify(key)
345 iv = binascii.unhexlify(data['IV'])
346 pt = binascii.unhexlify(data['PLAINTEXT'])
347 ct = binascii.unhexlify(data['CIPHERTEXT'])
352 c = Crypto(cryptodev.CRYPTO_3DES_CBC, cipherkey, crid=crid)
353 r = curfun(c, pt, iv)
354 self.assertEqual(r, ct)
359 @unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname))
361 for i in katg('shabytetestvectors', 'SHA*Msg.rsp'):
364 def runSHA(self, fname):
365 # Skip SHA512_(224|256) tests
366 if fname.find('SHA512_') != -1:
369 for hashlength, lines in cryptodev.KATParser(fname,
370 [ 'Len', 'Msg', 'MD' ]):
371 # E.g., hashlength will be "L=20" (bytes)
372 hashlen = int(hashlength.split("=")[1])
375 alg = cryptodev.CRYPTO_SHA1
377 alg = cryptodev.CRYPTO_SHA2_224
379 alg = cryptodev.CRYPTO_SHA2_256
381 alg = cryptodev.CRYPTO_SHA2_384
383 alg = cryptodev.CRYPTO_SHA2_512
385 # Skip unsupported hashes
386 # Slurp remaining input in section
392 msg = binascii.unhexlify(data['Msg'])
393 msg = msg[:int(data['Len'])]
394 md = binascii.unhexlify(data['MD'])
397 c = Crypto(mac=alg, crid=crid,
399 except EnvironmentError as e:
400 # Can't test hashes the driver does not support.
401 if e.errno != errno.EOPNOTSUPP:
405 _, r = c.encrypt(msg, iv="")
407 self.assertEqual(r, md, "Actual: " + \
408 repr(binascii.hexlify(r)) + " Expected: " + repr(data) + " on " + cname)
410 @unittest.skipIf(cname not in shamodules, 'skipping SHA-HMAC on %s' % str(cname))
411 def test_sha1hmac(self):
412 for i in katg('hmactestvectors', 'HMAC.rsp'):
415 def runSHA1HMAC(self, fname):
416 for hashlength, lines in cryptodev.KATParser(fname,
417 [ 'Count', 'Klen', 'Tlen', 'Key', 'Msg', 'Mac' ]):
418 # E.g., hashlength will be "L=20" (bytes)
419 hashlen = int(hashlength.split("=")[1])
423 alg = cryptodev.CRYPTO_SHA1_HMAC
426 alg = cryptodev.CRYPTO_SHA2_224_HMAC
429 alg = cryptodev.CRYPTO_SHA2_256_HMAC
432 alg = cryptodev.CRYPTO_SHA2_384_HMAC
435 alg = cryptodev.CRYPTO_SHA2_512_HMAC
438 # Skip unsupported hashes
439 # Slurp remaining input in section
445 key = binascii.unhexlify(data['Key'])
446 msg = binascii.unhexlify(data['Msg'])
447 mac = binascii.unhexlify(data['Mac'])
448 tlen = int(data['Tlen'])
450 if len(key) > blocksize:
454 c = Crypto(mac=alg, mackey=key,
455 crid=crid, maclen=hashlen)
456 except EnvironmentError as e:
457 # Can't test hashes the driver does not support.
458 if e.errno != errno.EOPNOTSUPP:
462 _, r = c.encrypt(msg, iv="")
464 self.assertEqual(r[:tlen], mac, "Actual: " + \
465 repr(binascii.hexlify(r)) + " Expected: " + repr(data))
467 return GendCryptoTestCase
469 cryptosoft = GenTestCase('cryptosoft0')
470 aesni = GenTestCase('aesni0')
471 ccr = GenTestCase('ccr0')
472 ccp = GenTestCase('ccp0')
474 if __name__ == '__main__':