1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-18 10:35:55 +00:00

cryptotest.py: Actually use NIST-KAT HMAC test vectors and test the right hashes

Previously, this test was entirely a no-op as no vector in the NIST-KAT file
has a precisely 20-byte key.

Additionally, not every vector in the file is SHA1.  The length field
determines the hash under test, and is now decoded correctly.

Finally, due to a limitation I didn't feel like fixing in cryptodev.py, MACs
are truncated to 16 bytes in this test.

With this change and the uncommitted D12437 (to allow key sizes other than
those used in IPSec), the SHA tests in cryptotest.py actually test something
and e.g. at least cryptosoft passes the test.

Sponsored by:	Dell EMC Isilon
This commit is contained in:
Conrad Meyer 2017-09-21 21:07:21 +00:00
parent a0fcc37122
commit 005fdbbc69
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=323878

View File

@ -242,22 +242,58 @@ def test_sha1hmac(self):
self.runSHA1HMAC(i)
def runSHA1HMAC(self, fname):
for bogusmode, lines in cryptodev.KATParser(fname,
for hashlength, lines in cryptodev.KATParser(fname,
[ 'Count', 'Klen', 'Tlen', 'Key', 'Msg', 'Mac' ]):
# E.g., hashlength will be "L=20" (bytes)
hashlen = int(hashlength.split("=")[1])
blocksize = None
if hashlen == 20:
alg = cryptodev.CRYPTO_SHA1_HMAC
blocksize = 64
elif hashlen == 28:
# Cryptodev doesn't support SHA-224
# Slurp remaining input in section
for data in lines:
continue
continue
elif hashlen == 32:
alg = cryptodev.CRYPTO_SHA2_256_HMAC
blocksize = 64
elif hashlen == 48:
alg = cryptodev.CRYPTO_SHA2_384_HMAC
blocksize = 128
elif hashlen == 64:
alg = cryptodev.CRYPTO_SHA2_512_HMAC
blocksize = 128
else:
# Skip unsupported hashes
# Slurp remaining input in section
for data in lines:
continue
continue
for data in lines:
key = data['Key'].decode('hex')
msg = data['Msg'].decode('hex')
mac = data['Mac'].decode('hex')
tlen = int(data['Tlen'])
if len(key) != 20:
# XXX - implementation bug
if len(key) > blocksize:
continue
c = Crypto(mac=cryptodev.CRYPTO_SHA1_HMAC,
mackey=key, crid=crid)
c = Crypto(mac=alg, mackey=key,
crid=crid)
r = c.encrypt(msg)
self.assertEqual(r, mac, `data`)
_, r = c.encrypt(msg, iv="")
# A limitation in cryptodev.py means we
# can only store MACs up to 16 bytes.
# That's good enough to validate the
# correct behavior, more or less.
maclen = min(tlen, 16)
self.assertEqual(r[:maclen], mac[:maclen], "Actual: " + \
repr(r[:maclen].encode("hex")) + " Expected: " + repr(data))
return GendCryptoTestCase