xref: /freebsd/tests/sys/opencrypto/cryptotest.py (revision c03414326909ed7a740be3ba63fbbef01fe513a8)
1369ee090SLi-Wen Hsu#!/usr/local/bin/python2
208fca7a5SJohn-Mark Gurney#
308fca7a5SJohn-Mark Gurney# Copyright (c) 2014 The FreeBSD Foundation
408fca7a5SJohn-Mark Gurney# All rights reserved.
5f2a34445SEnji Cooper# Copyright 2019 Enji Cooper
608fca7a5SJohn-Mark Gurney#
708fca7a5SJohn-Mark Gurney# This software was developed by John-Mark Gurney under
808fca7a5SJohn-Mark Gurney# the sponsorship from the FreeBSD Foundation.
908fca7a5SJohn-Mark Gurney# Redistribution and use in source and binary forms, with or without
1008fca7a5SJohn-Mark Gurney# modification, are permitted provided that the following conditions
1108fca7a5SJohn-Mark Gurney# are met:
1208fca7a5SJohn-Mark Gurney# 1.  Redistributions of source code must retain the above copyright
1308fca7a5SJohn-Mark Gurney#     notice, this list of conditions and the following disclaimer.
1408fca7a5SJohn-Mark Gurney# 2.  Redistributions in binary form must reproduce the above copyright
1508fca7a5SJohn-Mark Gurney#     notice, this list of conditions and the following disclaimer in the
1608fca7a5SJohn-Mark Gurney#     documentation and/or other materials provided with the distribution.
1708fca7a5SJohn-Mark Gurney#
1808fca7a5SJohn-Mark Gurney# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
1908fca7a5SJohn-Mark Gurney# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2008fca7a5SJohn-Mark Gurney# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2108fca7a5SJohn-Mark Gurney# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
2208fca7a5SJohn-Mark Gurney# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2308fca7a5SJohn-Mark Gurney# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2408fca7a5SJohn-Mark Gurney# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2508fca7a5SJohn-Mark Gurney# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2608fca7a5SJohn-Mark Gurney# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2708fca7a5SJohn-Mark Gurney# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2808fca7a5SJohn-Mark Gurney# SUCH DAMAGE.
2908fca7a5SJohn-Mark Gurney#
3008fca7a5SJohn-Mark Gurney# $FreeBSD$
3108fca7a5SJohn-Mark Gurney#
3208fca7a5SJohn-Mark Gurney
33d86680b0SEnji Cooperfrom __future__ import print_function
34d99c2cecSEnji Cooper
35d99c2cecSEnji Cooperimport binascii
36a317fb03SConrad Meyerimport errno
3708fca7a5SJohn-Mark Gurneyimport cryptodev
3808fca7a5SJohn-Mark Gurneyimport itertools
3908fca7a5SJohn-Mark Gurneyimport os
4008fca7a5SJohn-Mark Gurneyimport struct
4108fca7a5SJohn-Mark Gurneyimport unittest
4208fca7a5SJohn-Mark Gurneyfrom cryptodev import *
4308fca7a5SJohn-Mark Gurneyfrom glob import iglob
4408fca7a5SJohn-Mark Gurney
4508fca7a5SJohn-Mark Gurneykatdir = '/usr/local/share/nist-kat'
4608fca7a5SJohn-Mark Gurney
4708fca7a5SJohn-Mark Gurneydef katg(base, glob):
48aeb5c8e6SJohn Baldwin    assert os.path.exists(katdir), "Please 'pkg install nist-kat'"
49aeb5c8e6SJohn Baldwin    if not os.path.exists(os.path.join(katdir, base)):
50aeb5c8e6SJohn Baldwin        raise unittest.SkipTest("Missing %s test vectors" % (base))
5108fca7a5SJohn-Mark Gurney    return iglob(os.path.join(katdir, base, glob))
5208fca7a5SJohn-Mark Gurney
5384a457c6SEnji Cooperaesmodules = [ 'cryptosoft0', 'aesni0', 'armv8crypto0', 'ccr0', 'ccp0' ]
5408fca7a5SJohn-Mark Gurneydesmodules = [ 'cryptosoft0', ]
5584a457c6SEnji Coopershamodules = [ 'cryptosoft0', 'aesni0', 'armv8crypto0', 'ccr0', 'ccp0' ]
5608fca7a5SJohn-Mark Gurney
5708fca7a5SJohn-Mark Gurneydef GenTestCase(cname):
5808fca7a5SJohn-Mark Gurney    try:
5908fca7a5SJohn-Mark Gurney        crid = cryptodev.Crypto.findcrid(cname)
6008fca7a5SJohn-Mark Gurney    except IOError:
6108fca7a5SJohn-Mark Gurney        return None
6208fca7a5SJohn-Mark Gurney
6308fca7a5SJohn-Mark Gurney    class GendCryptoTestCase(unittest.TestCase):
6408fca7a5SJohn-Mark Gurney        ###############
6508fca7a5SJohn-Mark Gurney        ##### AES #####
6608fca7a5SJohn-Mark Gurney        ###############
67c091d0d9SJohn Baldwin        @unittest.skipIf(cname not in aesmodules, 'skipping AES-XTS on %s' % (cname))
6808fca7a5SJohn-Mark Gurney        def test_xts(self):
6908fca7a5SJohn-Mark Gurney            for i in katg('XTSTestVectors/format tweak value input - data unit seq no', '*.rsp'):
7008fca7a5SJohn-Mark Gurney                self.runXTS(i, cryptodev.CRYPTO_AES_XTS)
7108fca7a5SJohn-Mark Gurney
72c091d0d9SJohn Baldwin        @unittest.skipIf(cname not in aesmodules, 'skipping AES-CBC on %s' % (cname))
7308fca7a5SJohn-Mark Gurney        def test_cbc(self):
7408fca7a5SJohn-Mark Gurney            for i in katg('KAT_AES', 'CBC[GKV]*.rsp'):
7508fca7a5SJohn-Mark Gurney                self.runCBC(i)
7608fca7a5SJohn-Mark Gurney
77151f0ca8SJohn Baldwin        @unittest.skipIf(cname not in aesmodules, 'skipping AES-CCM on %s' % (cname))
78151f0ca8SJohn Baldwin        def test_ccm(self):
79151f0ca8SJohn Baldwin            for i in katg('ccmtestvectors', 'V*.rsp'):
80151f0ca8SJohn Baldwin                self.runCCMEncrypt(i)
81151f0ca8SJohn Baldwin
82151f0ca8SJohn Baldwin            for i in katg('ccmtestvectors', 'D*.rsp'):
83151f0ca8SJohn Baldwin                self.runCCMDecrypt(i)
84151f0ca8SJohn Baldwin
85c091d0d9SJohn Baldwin        @unittest.skipIf(cname not in aesmodules, 'skipping AES-GCM on %s' % (cname))
8608fca7a5SJohn-Mark Gurney        def test_gcm(self):
8708fca7a5SJohn-Mark Gurney            for i in katg('gcmtestvectors', 'gcmEncrypt*'):
8808fca7a5SJohn-Mark Gurney                self.runGCM(i, 'ENCRYPT')
8908fca7a5SJohn-Mark Gurney
9008fca7a5SJohn-Mark Gurney            for i in katg('gcmtestvectors', 'gcmDecrypt*'):
9108fca7a5SJohn-Mark Gurney                self.runGCM(i, 'DECRYPT')
9208fca7a5SJohn-Mark Gurney
9308fca7a5SJohn-Mark Gurney        def runGCM(self, fname, mode):
9408fca7a5SJohn-Mark Gurney            curfun = None
9508fca7a5SJohn-Mark Gurney            if mode == 'ENCRYPT':
9608fca7a5SJohn-Mark Gurney                swapptct = False
9708fca7a5SJohn-Mark Gurney                curfun = Crypto.encrypt
9808fca7a5SJohn-Mark Gurney            elif mode == 'DECRYPT':
9908fca7a5SJohn-Mark Gurney                swapptct = True
10008fca7a5SJohn-Mark Gurney                curfun = Crypto.decrypt
10108fca7a5SJohn-Mark Gurney            else:
102d86680b0SEnji Cooper                raise RuntimeError('unknown mode: %r' % repr(mode))
10308fca7a5SJohn-Mark Gurney
104a60d9a98SEnji Cooper            columns = [ 'Count', 'Key', 'IV', 'CT', 'AAD', 'Tag', 'PT', ]
105a60d9a98SEnji Cooper            with cryptodev.KATParser(fname, columns) as parser:
106a60d9a98SEnji Cooper                self.runGCMWithParser(parser, mode)
107a60d9a98SEnji Cooper
108a60d9a98SEnji Cooper        def runGCMWithParser(self, parser, mode):
109a60d9a98SEnji Cooper            for _, lines in next(parser):
11008fca7a5SJohn-Mark Gurney                for data in lines:
11108fca7a5SJohn-Mark Gurney                    curcnt = int(data['Count'])
112d99c2cecSEnji Cooper                    cipherkey = binascii.unhexlify(data['Key'])
113d99c2cecSEnji Cooper                    iv = binascii.unhexlify(data['IV'])
114d99c2cecSEnji Cooper                    aad = binascii.unhexlify(data['AAD'])
115d99c2cecSEnji Cooper                    tag = binascii.unhexlify(data['Tag'])
11608fca7a5SJohn-Mark Gurney                    if 'FAIL' not in data:
117d99c2cecSEnji Cooper                        pt = binascii.unhexlify(data['PT'])
118d99c2cecSEnji Cooper                    ct = binascii.unhexlify(data['CT'])
11908fca7a5SJohn-Mark Gurney
12008fca7a5SJohn-Mark Gurney                    if len(iv) != 12:
12108fca7a5SJohn-Mark Gurney                        # XXX - isn't supported
12208fca7a5SJohn-Mark Gurney                        continue
12308fca7a5SJohn-Mark Gurney
124844d9543SConrad Meyer                    try:
12508fca7a5SJohn-Mark Gurney                        c = Crypto(cryptodev.CRYPTO_AES_NIST_GCM_16,
126*c0341432SJohn Baldwin                            cipherkey, crid=crid,
127de0f7dcaSJohn Baldwin                            maclen=16)
128b106e0fcSEnji Cooper                    except EnvironmentError as e:
129844d9543SConrad Meyer                        # Can't test algorithms the driver does not support.
130844d9543SConrad Meyer                        if e.errno != errno.EOPNOTSUPP:
131844d9543SConrad Meyer                            raise
132844d9543SConrad Meyer                        continue
13308fca7a5SJohn-Mark Gurney
13408fca7a5SJohn-Mark Gurney                    if mode == 'ENCRYPT':
135844d9543SConrad Meyer                        try:
13608fca7a5SJohn-Mark Gurney                            rct, rtag = c.encrypt(pt, iv, aad)
137b106e0fcSEnji Cooper                        except EnvironmentError as e:
138844d9543SConrad Meyer                            # Can't test inputs the driver does not support.
139844d9543SConrad Meyer                            if e.errno != errno.EINVAL:
140844d9543SConrad Meyer                                raise
141844d9543SConrad Meyer                            continue
14208fca7a5SJohn-Mark Gurney                        rtag = rtag[:len(tag)]
143d99c2cecSEnji Cooper                        data['rct'] = binascii.hexlify(rct)
144d99c2cecSEnji Cooper                        data['rtag'] = binascii.hexlify(rtag)
145d86680b0SEnji Cooper                        self.assertEqual(rct, ct, repr(data))
146d86680b0SEnji Cooper                        self.assertEqual(rtag, tag, repr(data))
14708fca7a5SJohn-Mark Gurney                    else:
14808fca7a5SJohn-Mark Gurney                        if len(tag) != 16:
14908fca7a5SJohn-Mark Gurney                            continue
15008fca7a5SJohn-Mark Gurney                        args = (ct, iv, aad, tag)
15108fca7a5SJohn-Mark Gurney                        if 'FAIL' in data:
15208fca7a5SJohn-Mark Gurney                            self.assertRaises(IOError,
15308fca7a5SJohn-Mark Gurney                                c.decrypt, *args)
15408fca7a5SJohn-Mark Gurney                        else:
155844d9543SConrad Meyer                            try:
15608fca7a5SJohn-Mark Gurney                                rpt, rtag = c.decrypt(*args)
157b106e0fcSEnji Cooper                            except EnvironmentError as e:
158844d9543SConrad Meyer                                # Can't test inputs the driver does not support.
159844d9543SConrad Meyer                                if e.errno != errno.EINVAL:
160844d9543SConrad Meyer                                    raise
161844d9543SConrad Meyer                                continue
162d99c2cecSEnji Cooper                            data['rpt'] = binascii.hexlify(rpt)
163d99c2cecSEnji Cooper                            data['rtag'] = binascii.hexlify(rtag)
16408fca7a5SJohn-Mark Gurney                            self.assertEqual(rpt, pt,
165d86680b0SEnji Cooper                                repr(data))
16608fca7a5SJohn-Mark Gurney
16708fca7a5SJohn-Mark Gurney        def runCBC(self, fname):
168a60d9a98SEnji Cooper            columns = [ 'COUNT', 'KEY', 'IV', 'PLAINTEXT', 'CIPHERTEXT', ]
169a60d9a98SEnji Cooper            with cryptodev.KATParser(fname, columns) as parser:
170a60d9a98SEnji Cooper                self.runCBCWithParser(parser)
171a60d9a98SEnji Cooper
172a60d9a98SEnji Cooper        def runCBCWithParser(self, parser):
17308fca7a5SJohn-Mark Gurney            curfun = None
174a60d9a98SEnji Cooper            for mode, lines in next(parser):
17508fca7a5SJohn-Mark Gurney                if mode == 'ENCRYPT':
17608fca7a5SJohn-Mark Gurney                    swapptct = False
17708fca7a5SJohn-Mark Gurney                    curfun = Crypto.encrypt
17808fca7a5SJohn-Mark Gurney                elif mode == 'DECRYPT':
17908fca7a5SJohn-Mark Gurney                    swapptct = True
18008fca7a5SJohn-Mark Gurney                    curfun = Crypto.decrypt
18108fca7a5SJohn-Mark Gurney                else:
182d86680b0SEnji Cooper                    raise RuntimeError('unknown mode: %r' % repr(mode))
18308fca7a5SJohn-Mark Gurney
18408fca7a5SJohn-Mark Gurney                for data in lines:
18508fca7a5SJohn-Mark Gurney                    curcnt = int(data['COUNT'])
186d99c2cecSEnji Cooper                    cipherkey = binascii.unhexlify(data['KEY'])
187d99c2cecSEnji Cooper                    iv = binascii.unhexlify(data['IV'])
188d99c2cecSEnji Cooper                    pt = binascii.unhexlify(data['PLAINTEXT'])
189d99c2cecSEnji Cooper                    ct = binascii.unhexlify(data['CIPHERTEXT'])
19008fca7a5SJohn-Mark Gurney
19108fca7a5SJohn-Mark Gurney                    if swapptct:
19208fca7a5SJohn-Mark Gurney                        pt, ct = ct, pt
19308fca7a5SJohn-Mark Gurney                    # run the fun
19408fca7a5SJohn-Mark Gurney                    c = Crypto(cryptodev.CRYPTO_AES_CBC, cipherkey, crid=crid)
19508fca7a5SJohn-Mark Gurney                    r = curfun(c, pt, iv)
19608fca7a5SJohn-Mark Gurney                    self.assertEqual(r, ct)
19708fca7a5SJohn-Mark Gurney
19808fca7a5SJohn-Mark Gurney        def runXTS(self, fname, meth):
199a60d9a98SEnji Cooper            columns = [ 'COUNT', 'DataUnitLen', 'Key', 'DataUnitSeqNumber', 'PT',
200a60d9a98SEnji Cooper                        'CT']
201a60d9a98SEnji Cooper            with cryptodev.KATParser(fname, columns) as parser:
202a60d9a98SEnji Cooper                self.runXTSWithParser(parser, meth)
203a60d9a98SEnji Cooper
204a60d9a98SEnji Cooper        def runXTSWithParser(self, parser, meth):
20508fca7a5SJohn-Mark Gurney            curfun = None
206a60d9a98SEnji Cooper            for mode, lines in next(parser):
20708fca7a5SJohn-Mark Gurney                if mode == 'ENCRYPT':
20808fca7a5SJohn-Mark Gurney                    swapptct = False
20908fca7a5SJohn-Mark Gurney                    curfun = Crypto.encrypt
21008fca7a5SJohn-Mark Gurney                elif mode == 'DECRYPT':
21108fca7a5SJohn-Mark Gurney                    swapptct = True
21208fca7a5SJohn-Mark Gurney                    curfun = Crypto.decrypt
21308fca7a5SJohn-Mark Gurney                else:
214d86680b0SEnji Cooper                    raise RuntimeError('unknown mode: %r' % repr(mode))
21508fca7a5SJohn-Mark Gurney
21608fca7a5SJohn-Mark Gurney                for data in lines:
21708fca7a5SJohn-Mark Gurney                    curcnt = int(data['COUNT'])
21808fca7a5SJohn-Mark Gurney                    nbits = int(data['DataUnitLen'])
219d99c2cecSEnji Cooper                    cipherkey = binascii.unhexlify(data['Key'])
22008fca7a5SJohn-Mark Gurney                    iv = struct.pack('QQ', int(data['DataUnitSeqNumber']), 0)
221d99c2cecSEnji Cooper                    pt = binascii.unhexlify(data['PT'])
222d99c2cecSEnji Cooper                    ct = binascii.unhexlify(data['CT'])
22308fca7a5SJohn-Mark Gurney
22408fca7a5SJohn-Mark Gurney                    if nbits % 128 != 0:
22508fca7a5SJohn-Mark Gurney                        # XXX - mark as skipped
22608fca7a5SJohn-Mark Gurney                        continue
22708fca7a5SJohn-Mark Gurney                    if swapptct:
22808fca7a5SJohn-Mark Gurney                        pt, ct = ct, pt
22908fca7a5SJohn-Mark Gurney                    # run the fun
230844d9543SConrad Meyer                    try:
23108fca7a5SJohn-Mark Gurney                        c = Crypto(meth, cipherkey, crid=crid)
23208fca7a5SJohn-Mark Gurney                        r = curfun(c, pt, iv)
233b106e0fcSEnji Cooper                    except EnvironmentError as e:
234844d9543SConrad Meyer                        # Can't test hashes the driver does not support.
235844d9543SConrad Meyer                        if e.errno != errno.EOPNOTSUPP:
236844d9543SConrad Meyer                            raise
237844d9543SConrad Meyer                        continue
23808fca7a5SJohn-Mark Gurney                    self.assertEqual(r, ct)
23908fca7a5SJohn-Mark Gurney
240151f0ca8SJohn Baldwin        def runCCMEncrypt(self, fname):
241a60d9a98SEnji Cooper            with cryptodev.KATCCMParser(fname) as parser:
242a60d9a98SEnji Cooper                self.runCCMEncryptWithParser(parser)
243a60d9a98SEnji Cooper
244a60d9a98SEnji Cooper        def runCCMEncryptWithParser(self, parser):
245a60d9a98SEnji Cooper            for data in next(parser):
246151f0ca8SJohn Baldwin                Nlen = int(data['Nlen'])
247151f0ca8SJohn Baldwin                if Nlen != 12:
248151f0ca8SJohn Baldwin                    # OCF only supports 12 byte IVs
249151f0ca8SJohn Baldwin                    continue
250d99c2cecSEnji Cooper                key = binascii.unhexlify(data['Key'])
251d99c2cecSEnji Cooper                nonce = binascii.unhexlify(data['Nonce'])
252151f0ca8SJohn Baldwin                Alen = int(data['Alen'])
253151f0ca8SJohn Baldwin                if Alen != 0:
254d99c2cecSEnji Cooper                    aad = binascii.unhexlify(data['Adata'])
255151f0ca8SJohn Baldwin                else:
256151f0ca8SJohn Baldwin                    aad = None
257d99c2cecSEnji Cooper                payload = binascii.unhexlify(data['Payload'])
258d99c2cecSEnji Cooper                ct = binascii.unhexlify(data['CT'])
259151f0ca8SJohn Baldwin
260151f0ca8SJohn Baldwin                try:
261151f0ca8SJohn Baldwin                    c = Crypto(crid=crid,
262151f0ca8SJohn Baldwin                        cipher=cryptodev.CRYPTO_AES_CCM_16,
263151f0ca8SJohn Baldwin                        key=key,
264151f0ca8SJohn Baldwin                        mac=cryptodev.CRYPTO_AES_CCM_CBC_MAC,
265151f0ca8SJohn Baldwin                        mackey=key, maclen=16)
266151f0ca8SJohn Baldwin                    r, tag = Crypto.encrypt(c, payload,
267151f0ca8SJohn Baldwin                        nonce, aad)
268b106e0fcSEnji Cooper                except EnvironmentError as e:
269151f0ca8SJohn Baldwin                    if e.errno != errno.EOPNOTSUPP:
270151f0ca8SJohn Baldwin                        raise
271151f0ca8SJohn Baldwin                    continue
272151f0ca8SJohn Baldwin
273151f0ca8SJohn Baldwin                out = r + tag
274151f0ca8SJohn Baldwin                self.assertEqual(out, ct,
275151f0ca8SJohn Baldwin                    "Count " + data['Count'] + " Actual: " + \
276e8b4bbdfSEnji Cooper                    repr(binascii.hexlify(out)) + " Expected: " + \
277151f0ca8SJohn Baldwin                    repr(data) + " on " + cname)
278151f0ca8SJohn Baldwin
279151f0ca8SJohn Baldwin        def runCCMDecrypt(self, fname):
280a60d9a98SEnji Cooper            with cryptodev.KATCCMParser(fname) as parser:
281a60d9a98SEnji Cooper                self.runCCMDecryptWithParser(parser)
282a60d9a98SEnji Cooper
283a60d9a98SEnji Cooper        def runCCMDecryptWithParser(self, parser):
284151f0ca8SJohn Baldwin            # XXX: Note that all of the current CCM
285151f0ca8SJohn Baldwin            # decryption test vectors use IV and tag sizes
286151f0ca8SJohn Baldwin            # that aren't supported by OCF none of the
287151f0ca8SJohn Baldwin            # tests are actually ran.
288a60d9a98SEnji Cooper            for data in next(parser):
289151f0ca8SJohn Baldwin                Nlen = int(data['Nlen'])
290151f0ca8SJohn Baldwin                if Nlen != 12:
291151f0ca8SJohn Baldwin                    # OCF only supports 12 byte IVs
292151f0ca8SJohn Baldwin                    continue
293151f0ca8SJohn Baldwin                Tlen = int(data['Tlen'])
294151f0ca8SJohn Baldwin                if Tlen != 16:
295151f0ca8SJohn Baldwin                    # OCF only supports 16 byte tags
296151f0ca8SJohn Baldwin                    continue
297d99c2cecSEnji Cooper                key = binascii.unhexlify(data['Key'])
298d99c2cecSEnji Cooper                nonce = binascii.unhexlify(data['Nonce'])
299151f0ca8SJohn Baldwin                Alen = int(data['Alen'])
300151f0ca8SJohn Baldwin                if Alen != 0:
301d99c2cecSEnji Cooper                    aad = binascii.unhexlify(data['Adata'])
302151f0ca8SJohn Baldwin                else:
303151f0ca8SJohn Baldwin                    aad = None
304d99c2cecSEnji Cooper                ct = binascii.unhexlify(data['CT'])
305151f0ca8SJohn Baldwin                tag = ct[-16:]
306151f0ca8SJohn Baldwin                ct = ct[:-16]
307151f0ca8SJohn Baldwin
308151f0ca8SJohn Baldwin                try:
309151f0ca8SJohn Baldwin                    c = Crypto(crid=crid,
310151f0ca8SJohn Baldwin                        cipher=cryptodev.CRYPTO_AES_CCM_16,
311151f0ca8SJohn Baldwin                        key=key,
312151f0ca8SJohn Baldwin                        mac=cryptodev.CRYPTO_AES_CCM_CBC_MAC,
313151f0ca8SJohn Baldwin                        mackey=key, maclen=16)
314b106e0fcSEnji Cooper                except EnvironmentError as e:
315151f0ca8SJohn Baldwin                    if e.errno != errno.EOPNOTSUPP:
316151f0ca8SJohn Baldwin                        raise
317151f0ca8SJohn Baldwin                    continue
318151f0ca8SJohn Baldwin
319151f0ca8SJohn Baldwin                if data['Result'] == 'Fail':
320151f0ca8SJohn Baldwin                    self.assertRaises(IOError,
321151f0ca8SJohn Baldwin                        c.decrypt, payload, nonce, aad, tag)
322151f0ca8SJohn Baldwin                else:
323151f0ca8SJohn Baldwin                    r = Crypto.decrypt(c, payload, nonce,
324151f0ca8SJohn Baldwin                        aad, tag)
325151f0ca8SJohn Baldwin
326d99c2cecSEnji Cooper                    payload = binascii.unhexlify(data['Payload'])
3272a96ae15SEnji Cooper                    plen = int(data('Plen'))
328151f0ca8SJohn Baldwin                    payload = payload[:plen]
329151f0ca8SJohn Baldwin                    self.assertEqual(r, payload,
330151f0ca8SJohn Baldwin                        "Count " + data['Count'] + \
331e8b4bbdfSEnji Cooper                        " Actual: " + repr(binascii.hexlify(r)) + \
332151f0ca8SJohn Baldwin                        " Expected: " + repr(data) + \
333151f0ca8SJohn Baldwin                        " on " + cname)
334151f0ca8SJohn Baldwin
33508fca7a5SJohn-Mark Gurney        ###############
33608fca7a5SJohn-Mark Gurney        ##### DES #####
33708fca7a5SJohn-Mark Gurney        ###############
338d86680b0SEnji Cooper        @unittest.skipIf(cname not in desmodules, 'skipping DES on %s' % (cname))
33908fca7a5SJohn-Mark Gurney        def test_tdes(self):
34008fca7a5SJohn-Mark Gurney            for i in katg('KAT_TDES', 'TCBC[a-z]*.rsp'):
34108fca7a5SJohn-Mark Gurney                self.runTDES(i)
34208fca7a5SJohn-Mark Gurney
34308fca7a5SJohn-Mark Gurney        def runTDES(self, fname):
344a60d9a98SEnji Cooper            columns = [ 'COUNT', 'KEYs', 'IV', 'PLAINTEXT', 'CIPHERTEXT', ]
345a60d9a98SEnji Cooper            with cryptodev.KATParser(fname, columns) as parser:
346a60d9a98SEnji Cooper                self.runTDESWithParser(parser)
347a60d9a98SEnji Cooper
348a60d9a98SEnji Cooper        def runTDESWithParser(self, parser):
34908fca7a5SJohn-Mark Gurney            curfun = None
350a60d9a98SEnji Cooper            for mode, lines in next(parser):
35108fca7a5SJohn-Mark Gurney                if mode == 'ENCRYPT':
35208fca7a5SJohn-Mark Gurney                    swapptct = False
35308fca7a5SJohn-Mark Gurney                    curfun = Crypto.encrypt
35408fca7a5SJohn-Mark Gurney                elif mode == 'DECRYPT':
35508fca7a5SJohn-Mark Gurney                    swapptct = True
35608fca7a5SJohn-Mark Gurney                    curfun = Crypto.decrypt
35708fca7a5SJohn-Mark Gurney                else:
358d86680b0SEnji Cooper                    raise RuntimeError('unknown mode: %r' % repr(mode))
35908fca7a5SJohn-Mark Gurney
36008fca7a5SJohn-Mark Gurney                for data in lines:
36108fca7a5SJohn-Mark Gurney                    curcnt = int(data['COUNT'])
36208fca7a5SJohn-Mark Gurney                    key = data['KEYs'] * 3
363d99c2cecSEnji Cooper                    cipherkey = binascii.unhexlify(key)
364d99c2cecSEnji Cooper                    iv = binascii.unhexlify(data['IV'])
365d99c2cecSEnji Cooper                    pt = binascii.unhexlify(data['PLAINTEXT'])
366d99c2cecSEnji Cooper                    ct = binascii.unhexlify(data['CIPHERTEXT'])
36708fca7a5SJohn-Mark Gurney
36808fca7a5SJohn-Mark Gurney                    if swapptct:
36908fca7a5SJohn-Mark Gurney                        pt, ct = ct, pt
37008fca7a5SJohn-Mark Gurney                    # run the fun
37108fca7a5SJohn-Mark Gurney                    c = Crypto(cryptodev.CRYPTO_3DES_CBC, cipherkey, crid=crid)
37208fca7a5SJohn-Mark Gurney                    r = curfun(c, pt, iv)
37308fca7a5SJohn-Mark Gurney                    self.assertEqual(r, ct)
37408fca7a5SJohn-Mark Gurney
37508fca7a5SJohn-Mark Gurney        ###############
37608fca7a5SJohn-Mark Gurney        ##### SHA #####
37708fca7a5SJohn-Mark Gurney        ###############
378d86680b0SEnji Cooper        @unittest.skipIf(cname not in shamodules, 'skipping SHA on %s' % str(cname))
37908fca7a5SJohn-Mark Gurney        def test_sha(self):
380de0f7dcaSJohn Baldwin            for i in katg('shabytetestvectors', 'SHA*Msg.rsp'):
381de0f7dcaSJohn Baldwin                self.runSHA(i)
382de0f7dcaSJohn Baldwin
383de0f7dcaSJohn Baldwin        def runSHA(self, fname):
384de0f7dcaSJohn Baldwin            # Skip SHA512_(224|256) tests
385de0f7dcaSJohn Baldwin            if fname.find('SHA512_') != -1:
386de0f7dcaSJohn Baldwin                return
387a60d9a98SEnji Cooper            columns = [ 'Len', 'Msg', 'MD' ]
388a60d9a98SEnji Cooper            with cryptodev.KATParser(fname, columns) as parser:
389a60d9a98SEnji Cooper                self.runSHAWithParser(parser)
390de0f7dcaSJohn Baldwin
391a60d9a98SEnji Cooper        def runSHAWithParser(self, parser):
392a60d9a98SEnji Cooper            for hashlength, lines in next(parser):
393de0f7dcaSJohn Baldwin                # E.g., hashlength will be "L=20" (bytes)
394de0f7dcaSJohn Baldwin                hashlen = int(hashlength.split("=")[1])
395de0f7dcaSJohn Baldwin
396de0f7dcaSJohn Baldwin                if hashlen == 20:
397de0f7dcaSJohn Baldwin                    alg = cryptodev.CRYPTO_SHA1
398de0f7dcaSJohn Baldwin                elif hashlen == 28:
399de0f7dcaSJohn Baldwin                    alg = cryptodev.CRYPTO_SHA2_224
400de0f7dcaSJohn Baldwin                elif hashlen == 32:
401de0f7dcaSJohn Baldwin                    alg = cryptodev.CRYPTO_SHA2_256
402de0f7dcaSJohn Baldwin                elif hashlen == 48:
403de0f7dcaSJohn Baldwin                    alg = cryptodev.CRYPTO_SHA2_384
404de0f7dcaSJohn Baldwin                elif hashlen == 64:
405de0f7dcaSJohn Baldwin                    alg = cryptodev.CRYPTO_SHA2_512
406de0f7dcaSJohn Baldwin                else:
407de0f7dcaSJohn Baldwin                    # Skip unsupported hashes
408de0f7dcaSJohn Baldwin                    # Slurp remaining input in section
409de0f7dcaSJohn Baldwin                    for data in lines:
410de0f7dcaSJohn Baldwin                        continue
411de0f7dcaSJohn Baldwin                    continue
412de0f7dcaSJohn Baldwin
413de0f7dcaSJohn Baldwin                for data in lines:
414d99c2cecSEnji Cooper                    msg = binascii.unhexlify(data['Msg'])
415de0f7dcaSJohn Baldwin                    msg = msg[:int(data['Len'])]
416d99c2cecSEnji Cooper                    md = binascii.unhexlify(data['MD'])
417de0f7dcaSJohn Baldwin
418de0f7dcaSJohn Baldwin                    try:
419de0f7dcaSJohn Baldwin                        c = Crypto(mac=alg, crid=crid,
420de0f7dcaSJohn Baldwin                            maclen=hashlen)
421b106e0fcSEnji Cooper                    except EnvironmentError as e:
422de0f7dcaSJohn Baldwin                        # Can't test hashes the driver does not support.
423de0f7dcaSJohn Baldwin                        if e.errno != errno.EOPNOTSUPP:
424de0f7dcaSJohn Baldwin                            raise
425de0f7dcaSJohn Baldwin                        continue
426de0f7dcaSJohn Baldwin
427de0f7dcaSJohn Baldwin                    _, r = c.encrypt(msg, iv="")
428de0f7dcaSJohn Baldwin
429de0f7dcaSJohn Baldwin                    self.assertEqual(r, md, "Actual: " + \
430e8b4bbdfSEnji Cooper                        repr(binascii.hexlify(r)) + " Expected: " + repr(data) + " on " + cname)
43108fca7a5SJohn-Mark Gurney
432c091d0d9SJohn Baldwin        @unittest.skipIf(cname not in shamodules, 'skipping SHA-HMAC on %s' % str(cname))
43308fca7a5SJohn-Mark Gurney        def test_sha1hmac(self):
43408fca7a5SJohn-Mark Gurney            for i in katg('hmactestvectors', 'HMAC.rsp'):
43508fca7a5SJohn-Mark Gurney                self.runSHA1HMAC(i)
43608fca7a5SJohn-Mark Gurney
43708fca7a5SJohn-Mark Gurney        def runSHA1HMAC(self, fname):
438a60d9a98SEnji Cooper            columns = [ 'Count', 'Klen', 'Tlen', 'Key', 'Msg', 'Mac' ]
439a60d9a98SEnji Cooper            with cryptodev.KATParser(fname, columns) as parser:
440a60d9a98SEnji Cooper                self.runSHA1HMACWithParser(parser)
441a60d9a98SEnji Cooper
442a60d9a98SEnji Cooper        def runSHA1HMACWithParser(self, parser):
443a60d9a98SEnji Cooper            for hashlength, lines in next(parser):
444005fdbbcSConrad Meyer                # E.g., hashlength will be "L=20" (bytes)
445005fdbbcSConrad Meyer                hashlen = int(hashlength.split("=")[1])
446005fdbbcSConrad Meyer
447005fdbbcSConrad Meyer                blocksize = None
448005fdbbcSConrad Meyer                if hashlen == 20:
449005fdbbcSConrad Meyer                    alg = cryptodev.CRYPTO_SHA1_HMAC
450005fdbbcSConrad Meyer                    blocksize = 64
451005fdbbcSConrad Meyer                elif hashlen == 28:
452c87ada6aSJohn Baldwin                    alg = cryptodev.CRYPTO_SHA2_224_HMAC
453c87ada6aSJohn Baldwin                    blocksize = 64
454005fdbbcSConrad Meyer                elif hashlen == 32:
455005fdbbcSConrad Meyer                    alg = cryptodev.CRYPTO_SHA2_256_HMAC
456005fdbbcSConrad Meyer                    blocksize = 64
457005fdbbcSConrad Meyer                elif hashlen == 48:
458005fdbbcSConrad Meyer                    alg = cryptodev.CRYPTO_SHA2_384_HMAC
459005fdbbcSConrad Meyer                    blocksize = 128
460005fdbbcSConrad Meyer                elif hashlen == 64:
461005fdbbcSConrad Meyer                    alg = cryptodev.CRYPTO_SHA2_512_HMAC
462005fdbbcSConrad Meyer                    blocksize = 128
463005fdbbcSConrad Meyer                else:
464005fdbbcSConrad Meyer                    # Skip unsupported hashes
465005fdbbcSConrad Meyer                    # Slurp remaining input in section
466005fdbbcSConrad Meyer                    for data in lines:
467005fdbbcSConrad Meyer                        continue
468005fdbbcSConrad Meyer                    continue
469005fdbbcSConrad Meyer
47008fca7a5SJohn-Mark Gurney                for data in lines:
471d99c2cecSEnji Cooper                    key = binascii.unhexlify(data['Key'])
472d99c2cecSEnji Cooper                    msg = binascii.unhexlify(data['Msg'])
473d99c2cecSEnji Cooper                    mac = binascii.unhexlify(data['Mac'])
474005fdbbcSConrad Meyer                    tlen = int(data['Tlen'])
47508fca7a5SJohn-Mark Gurney
476005fdbbcSConrad Meyer                    if len(key) > blocksize:
47708fca7a5SJohn-Mark Gurney                        continue
47808fca7a5SJohn-Mark Gurney
479a317fb03SConrad Meyer                    try:
480005fdbbcSConrad Meyer                        c = Crypto(mac=alg, mackey=key,
481de0f7dcaSJohn Baldwin                            crid=crid, maclen=hashlen)
482b106e0fcSEnji Cooper                    except EnvironmentError as e:
483a317fb03SConrad Meyer                        # Can't test hashes the driver does not support.
484a317fb03SConrad Meyer                        if e.errno != errno.EOPNOTSUPP:
485a317fb03SConrad Meyer                            raise
486a317fb03SConrad Meyer                        continue
48708fca7a5SJohn-Mark Gurney
488005fdbbcSConrad Meyer                    _, r = c.encrypt(msg, iv="")
489005fdbbcSConrad Meyer
490de0f7dcaSJohn Baldwin                    self.assertEqual(r[:tlen], mac, "Actual: " + \
491e8b4bbdfSEnji Cooper                        repr(binascii.hexlify(r)) + " Expected: " + repr(data))
49208fca7a5SJohn-Mark Gurney
49308fca7a5SJohn-Mark Gurney    return GendCryptoTestCase
49408fca7a5SJohn-Mark Gurney
49508fca7a5SJohn-Mark Gurneycryptosoft = GenTestCase('cryptosoft0')
49608fca7a5SJohn-Mark Gurneyaesni = GenTestCase('aesni0')
49784a457c6SEnji Cooperarmv8crypto = GenTestCase('armv8crypto0')
4986720b890SJohn Baldwinccr = GenTestCase('ccr0')
499844d9543SConrad Meyerccp = GenTestCase('ccp0')
50008fca7a5SJohn-Mark Gurney
50108fca7a5SJohn-Mark Gurneyif __name__ == '__main__':
50208fca7a5SJohn-Mark Gurney    unittest.main()
503