xref: /OK3568_Linux_fs/kernel/tools/crypto/gen_fips140_testvecs.py (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun#!/usr/bin/env python3
2*4882a593Smuzhiyun# SPDX-License-Identifier: GPL-2.0-only
3*4882a593Smuzhiyun#
4*4882a593Smuzhiyun# Copyright 2021 Google LLC
5*4882a593Smuzhiyun#
6*4882a593Smuzhiyun# Generate most of the test vectors for the FIPS 140 cryptographic self-tests.
7*4882a593Smuzhiyun#
8*4882a593Smuzhiyun# Usage:
9*4882a593Smuzhiyun#    tools/crypto/gen_fips140_testvecs.py > crypto/fips140-generated-testvecs.h
10*4882a593Smuzhiyun#
11*4882a593Smuzhiyun# Prerequisites:
12*4882a593Smuzhiyun#    Debian:      apt-get install python3-pycryptodome python3-cryptography
13*4882a593Smuzhiyun#    Arch Linux:  pacman -S python-pycryptodomex python-cryptography
14*4882a593Smuzhiyun
15*4882a593Smuzhiyunimport hashlib
16*4882a593Smuzhiyunimport hmac
17*4882a593Smuzhiyunimport os
18*4882a593Smuzhiyun
19*4882a593Smuzhiyunimport Cryptodome.Cipher.AES
20*4882a593Smuzhiyunimport Cryptodome.Util.Counter
21*4882a593Smuzhiyun
22*4882a593Smuzhiyunimport cryptography.hazmat.primitives.ciphers
23*4882a593Smuzhiyunimport cryptography.hazmat.primitives.ciphers.algorithms
24*4882a593Smuzhiyunimport cryptography.hazmat.primitives.ciphers.modes
25*4882a593Smuzhiyun
26*4882a593Smuzhiyunscriptname = os.path.basename(__file__)
27*4882a593Smuzhiyun
28*4882a593Smuzhiyunmessage     = bytes('This is a 32-byte test message.\0', 'ascii')
29*4882a593Smuzhiyunaes_key     = bytes('128-bit AES key\0', 'ascii')
30*4882a593Smuzhiyunaes_xts_key = bytes('This is an AES-128-XTS key.\0\0\0\0\0', 'ascii')
31*4882a593Smuzhiyunaes_iv      = bytes('ABCDEFGHIJKLMNOP', 'ascii')
32*4882a593Smuzhiyunassoc       = bytes('associated data string', 'ascii')
33*4882a593Smuzhiyunhmac_key    = bytes('128-bit HMAC key', 'ascii')
34*4882a593Smuzhiyun
35*4882a593Smuzhiyundef warn_generated():
36*4882a593Smuzhiyun    print(f'''/*
37*4882a593Smuzhiyun * This header was automatically generated by {scriptname}.
38*4882a593Smuzhiyun * Don't edit it directly.
39*4882a593Smuzhiyun */''')
40*4882a593Smuzhiyun
41*4882a593Smuzhiyundef is_string_value(value):
42*4882a593Smuzhiyun    return (value.isascii() and
43*4882a593Smuzhiyun            all(c == '\x00' or c.isprintable() for c in str(value, 'ascii')))
44*4882a593Smuzhiyun
45*4882a593Smuzhiyundef format_value(value, is_string):
46*4882a593Smuzhiyun    if is_string:
47*4882a593Smuzhiyun        return value
48*4882a593Smuzhiyun    hexstr = ''
49*4882a593Smuzhiyun    for byte in value:
50*4882a593Smuzhiyun        hexstr += f'\\x{byte:02x}'
51*4882a593Smuzhiyun    return hexstr
52*4882a593Smuzhiyun
53*4882a593Smuzhiyundef print_value(name, value):
54*4882a593Smuzhiyun    is_string = is_string_value(value)
55*4882a593Smuzhiyun    hdr = f'static const u8 fips_{name}[{len(value)}] __initconst ='
56*4882a593Smuzhiyun    print(hdr, end='')
57*4882a593Smuzhiyun    if is_string:
58*4882a593Smuzhiyun        value = str(value, 'ascii').rstrip('\x00')
59*4882a593Smuzhiyun        chars_per_byte = 1
60*4882a593Smuzhiyun    else:
61*4882a593Smuzhiyun        chars_per_byte = 4
62*4882a593Smuzhiyun    bytes_per_line = 64 // chars_per_byte
63*4882a593Smuzhiyun
64*4882a593Smuzhiyun    if len(hdr) + (chars_per_byte * len(value)) + 4 <= 80:
65*4882a593Smuzhiyun        print(f' "{format_value(value, is_string)}"', end='')
66*4882a593Smuzhiyun    else:
67*4882a593Smuzhiyun        for chunk in [value[i:i+bytes_per_line]
68*4882a593Smuzhiyun                      for i in range(0, len(value), bytes_per_line)]:
69*4882a593Smuzhiyun            print(f'\n\t"{format_value(chunk, is_string)}"', end='')
70*4882a593Smuzhiyun    print(';')
71*4882a593Smuzhiyun    print('')
72*4882a593Smuzhiyun
73*4882a593Smuzhiyundef generate_aes_testvecs():
74*4882a593Smuzhiyun    print_value('aes_key', aes_key)
75*4882a593Smuzhiyun    print_value('aes_iv', aes_iv)
76*4882a593Smuzhiyun
77*4882a593Smuzhiyun    cbc = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_CBC,
78*4882a593Smuzhiyun                                    iv=aes_iv)
79*4882a593Smuzhiyun    print_value('aes_cbc_ciphertext', cbc.encrypt(message))
80*4882a593Smuzhiyun
81*4882a593Smuzhiyun    ecb = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_ECB)
82*4882a593Smuzhiyun    print_value('aes_ecb_ciphertext', ecb.encrypt(message))
83*4882a593Smuzhiyun
84*4882a593Smuzhiyun    ctr = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_CTR,
85*4882a593Smuzhiyun                                    nonce=bytes(), initial_value=aes_iv)
86*4882a593Smuzhiyun    print_value('aes_ctr_ciphertext', ctr.encrypt(message))
87*4882a593Smuzhiyun
88*4882a593Smuzhiyun    print_value('aes_gcm_assoc', assoc)
89*4882a593Smuzhiyun    gcm = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_GCM,
90*4882a593Smuzhiyun                                    nonce=aes_iv[:12], mac_len=16)
91*4882a593Smuzhiyun    gcm.update(assoc)
92*4882a593Smuzhiyun    raw_ciphertext, tag = gcm.encrypt_and_digest(message)
93*4882a593Smuzhiyun    print_value('aes_gcm_ciphertext', raw_ciphertext + tag)
94*4882a593Smuzhiyun
95*4882a593Smuzhiyun    # Unfortunately, pycryptodome doesn't support XTS, so for it we need to use
96*4882a593Smuzhiyun    # a different Python package (the "cryptography" package).
97*4882a593Smuzhiyun    print_value('aes_xts_key', aes_xts_key)
98*4882a593Smuzhiyun    xts = cryptography.hazmat.primitives.ciphers.Cipher(
99*4882a593Smuzhiyun        cryptography.hazmat.primitives.ciphers.algorithms.AES(aes_xts_key),
100*4882a593Smuzhiyun        cryptography.hazmat.primitives.ciphers.modes.XTS(aes_iv)).encryptor()
101*4882a593Smuzhiyun    ciphertext = xts.update(message) + xts.finalize()
102*4882a593Smuzhiyun    print_value('aes_xts_ciphertext', ciphertext)
103*4882a593Smuzhiyun
104*4882a593Smuzhiyun    cmac = Cryptodome.Hash.CMAC.new(aes_key, ciphermod=Cryptodome.Cipher.AES)
105*4882a593Smuzhiyun    cmac.update(message)
106*4882a593Smuzhiyun    print_value('aes_cmac_digest', cmac.digest())
107*4882a593Smuzhiyun
108*4882a593Smuzhiyundef generate_sha_testvecs():
109*4882a593Smuzhiyun    print_value('hmac_key', hmac_key)
110*4882a593Smuzhiyun    for alg in ['sha1', 'sha256', 'hmac_sha256', 'sha512']:
111*4882a593Smuzhiyun        if alg.startswith('hmac_'):
112*4882a593Smuzhiyun            h = hmac.new(hmac_key, message, alg.removeprefix('hmac_'))
113*4882a593Smuzhiyun        else:
114*4882a593Smuzhiyun            h = hashlib.new(alg, message)
115*4882a593Smuzhiyun        print_value(f'{alg}_digest', h.digest())
116*4882a593Smuzhiyun
117*4882a593Smuzhiyunprint('/* SPDX-License-Identifier: GPL-2.0-only */')
118*4882a593Smuzhiyunprint('/* Copyright 2021 Google LLC */')
119*4882a593Smuzhiyunprint('')
120*4882a593Smuzhiyunwarn_generated()
121*4882a593Smuzhiyunprint('')
122*4882a593Smuzhiyunprint_value('message', message)
123*4882a593Smuzhiyungenerate_aes_testvecs()
124*4882a593Smuzhiyungenerate_sha_testvecs()
125*4882a593Smuzhiyunwarn_generated()
126