From 23508ac59c74d16141993582ecb8420ca19b1fa7 Mon Sep 17 00:00:00 2001
From: cem <cem@FreeBSD.org>
Date: Thu, 21 Sep 2017 21:07:21 +0000
Subject: [PATCH] cryptotest.py: Actually use NIST-KAT HMAC test vectors and
 test the right hashes

Previously, this test was entirely a no-op as no vector in the NIST-KAT file
has a precisely 20-byte key.

Additionally, not every vector in the file is SHA1.  The length field
determines the hash under test, and is now decoded correctly.

Finally, due to a limitation I didn't feel like fixing in cryptodev.py, MACs
are truncated to 16 bytes in this test.

With this change and the uncommitted D12437 (to allow key sizes other than
those used in IPSec), the SHA tests in cryptotest.py actually test something
and e.g. at least cryptosoft passes the test.

Sponsored by:	Dell EMC Isilon
---
 tests/sys/opencrypto/cryptotest.py | 50 +++++++++++++++++++++++++-----
 1 file changed, 43 insertions(+), 7 deletions(-)

diff --git a/tests/sys/opencrypto/cryptotest.py b/tests/sys/opencrypto/cryptotest.py
index cf1f41079b78..0281808d7dcc 100644
--- a/tests/sys/opencrypto/cryptotest.py
+++ b/tests/sys/opencrypto/cryptotest.py
@@ -242,22 +242,58 @@ def GenTestCase(cname):
 				self.runSHA1HMAC(i)
 
 		def runSHA1HMAC(self, fname):
-			for bogusmode, lines in cryptodev.KATParser(fname,
+			for hashlength, lines in cryptodev.KATParser(fname,
 			    [ 'Count', 'Klen', 'Tlen', 'Key', 'Msg', 'Mac' ]):
+				# E.g., hashlength will be "L=20" (bytes)
+				hashlen = int(hashlength.split("=")[1])
+
+				blocksize = None
+				if hashlen == 20:
+				    alg = cryptodev.CRYPTO_SHA1_HMAC
+				    blocksize = 64
+				elif hashlen == 28:
+				    # Cryptodev doesn't support SHA-224
+				    # Slurp remaining input in section
+				    for data in lines:
+					continue
+				    continue
+				elif hashlen == 32:
+				    alg = cryptodev.CRYPTO_SHA2_256_HMAC
+				    blocksize = 64
+				elif hashlen == 48:
+				    alg = cryptodev.CRYPTO_SHA2_384_HMAC
+				    blocksize = 128
+				elif hashlen == 64:
+				    alg = cryptodev.CRYPTO_SHA2_512_HMAC
+				    blocksize = 128
+				else:
+				    # Skip unsupported hashes
+				    # Slurp remaining input in section
+				    for data in lines:
+					continue
+				    continue
+
 				for data in lines:
 					key = data['Key'].decode('hex')
 					msg = data['Msg'].decode('hex')
 					mac = data['Mac'].decode('hex')
+					tlen = int(data['Tlen'])
 
-					if len(key) != 20:
-						# XXX - implementation bug
+					if len(key) > blocksize:
 						continue
 
-					c = Crypto(mac=cryptodev.CRYPTO_SHA1_HMAC,
-					    mackey=key, crid=crid)
+					c = Crypto(mac=alg, mackey=key,
+					    crid=crid)
 
-					r = c.encrypt(msg)
-					self.assertEqual(r, mac, `data`)
+					_, r = c.encrypt(msg, iv="")
+
+					# A limitation in cryptodev.py means we
+					# can only store MACs up to 16 bytes.
+					# That's good enough to validate the
+					# correct behavior, more or less.
+					maclen = min(tlen, 16)
+					self.assertEqual(r[:maclen], mac[:maclen], "Actual: " + \
+					    repr(r[:maclen].encode("hex")) + " Expected: " + repr(data))
 
 	return GendCryptoTestCase