kernel_samsung_a53x/tools/crypto/gen_fips140_testvecs.py

#!/usr/bin/env python3
# SPDX-License-Identifier: GPL-2.0-only
#
# Copyright 2021 Google LLC
#
# Generate most of the test vectors for the FIPS 140 cryptographic self-tests.
#
# Usage:
#    tools/crypto/gen_fips140_testvecs.py > crypto/fips140-generated-testvecs.h
#
# Prerequisites:
#    Debian:      apt-get install python3-pycryptodome python3-cryptography
#    Arch Linux:  pacman -S python-pycryptodomex python-cryptography

import hashlib
import hmac
import os

import Cryptodome.Cipher.AES
import Cryptodome.Util.Counter

import cryptography.hazmat.primitives.ciphers
import cryptography.hazmat.primitives.ciphers.algorithms
import cryptography.hazmat.primitives.ciphers.modes

scriptname = os.path.basename(__file__)

message     = bytes('This is a 32-byte test message.\0', 'ascii')
aes_key     = bytes('128-bit AES key\0', 'ascii')
aes_xts_key = bytes('This is an AES-128-XTS key.\0\0\0\0\0', 'ascii')
aes_iv      = bytes('ABCDEFGHIJKLMNOP', 'ascii')
assoc       = bytes('associated data string', 'ascii')
hmac_key    = bytes('128-bit HMAC key', 'ascii')

def warn_generated():
    print(f'''/*
 * This header was automatically generated by {scriptname}.
 * Don't edit it directly.
 */''')

def is_string_value(value):
    return (value.isascii() and
            all(c == '\x00' or c.isprintable() for c in str(value, 'ascii')))

def format_value(value, is_string):
    if is_string:
        return value
    hexstr = ''
    for byte in value:
        hexstr += f'\\x{byte:02x}'
    return hexstr

def print_value(name, value):
    is_string = is_string_value(value)
    hdr = f'static const u8 fips_{name}[{len(value)}] __initconst ='
    print(hdr, end='')
    if is_string:
        value = str(value, 'ascii').rstrip('\x00')
        chars_per_byte = 1
    else:
        chars_per_byte = 4
    bytes_per_line = 64 // chars_per_byte

    if len(hdr) + (chars_per_byte * len(value)) + 4 <= 80:
        print(f' "{format_value(value, is_string)}"', end='')
    else:
        for chunk in [value[i:i+bytes_per_line]
                      for i in range(0, len(value), bytes_per_line)]:
            print(f'\n\t"{format_value(chunk, is_string)}"', end='')
    print(';')
    print('')

def generate_aes_testvecs():
    print_value('aes_key', aes_key)
    print_value('aes_iv', aes_iv)

    cbc = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_CBC,
                                    iv=aes_iv)
    print_value('aes_cbc_ciphertext', cbc.encrypt(message))

    ecb = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_ECB)
    print_value('aes_ecb_ciphertext', ecb.encrypt(message))

    ctr = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_CTR,
                                    nonce=bytes(), initial_value=aes_iv)
    print_value('aes_ctr_ciphertext', ctr.encrypt(message))

    print_value('aes_gcm_assoc', assoc)
    gcm = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_GCM,
                                    nonce=aes_iv[:12], mac_len=16)
    gcm.update(assoc)
    raw_ciphertext, tag = gcm.encrypt_and_digest(message)
    print_value('aes_gcm_ciphertext', raw_ciphertext + tag)

    # Unfortunately, pycryptodome doesn't support XTS, so for it we need to use
    # a different Python package (the "cryptography" package).
    print_value('aes_xts_key', aes_xts_key)
    xts = cryptography.hazmat.primitives.ciphers.Cipher(
        cryptography.hazmat.primitives.ciphers.algorithms.AES(aes_xts_key),
        cryptography.hazmat.primitives.ciphers.modes.XTS(aes_iv)).encryptor()
    ciphertext = xts.update(message) + xts.finalize()
    print_value('aes_xts_ciphertext', ciphertext)

    cmac = Cryptodome.Hash.CMAC.new(aes_key, ciphermod=Cryptodome.Cipher.AES)
    cmac.update(message)
    print_value('aes_cmac_digest', cmac.digest())

def generate_sha_testvecs():
    print_value('hmac_key', hmac_key)
    for alg in ['sha1', 'sha256', 'hmac_sha256', 'sha512']:
        if alg.startswith('hmac_'):
            h = hmac.new(hmac_key, message, alg.removeprefix('hmac_'))
        else:
            h = hashlib.new(alg, message)
        print_value(f'{alg}_digest', h.digest())

print('/* SPDX-License-Identifier: GPL-2.0-only */')
print('/* Copyright 2021 Google LLC */')
print('')
warn_generated()
print('')
print_value('message', message)
generate_aes_testvecs()
generate_sha_testvecs()
warn_generated()
Import A536BXXU9EXDC 2024-06-15 21:02:09 +02:00			`#!/usr/bin/env python3`
			`# SPDX-License-Identifier: GPL-2.0-only`
			`#`
			`# Copyright 2021 Google LLC`
			`#`
			`# Generate most of the test vectors for the FIPS 140 cryptographic self-tests.`
			`#`
			`# Usage:`
			`# tools/crypto/gen_fips140_testvecs.py > crypto/fips140-generated-testvecs.h`
			`#`
			`# Prerequisites:`
			`# Debian: apt-get install python3-pycryptodome python3-cryptography`
			`# Arch Linux: pacman -S python-pycryptodomex python-cryptography`

			`import hashlib`
			`import hmac`
			`import os`

			`import Cryptodome.Cipher.AES`
			`import Cryptodome.Util.Counter`

			`import cryptography.hazmat.primitives.ciphers`
			`import cryptography.hazmat.primitives.ciphers.algorithms`
			`import cryptography.hazmat.primitives.ciphers.modes`

			`scriptname = os.path.basename(__file__)`

			`message = bytes('This is a 32-byte test message.\0', 'ascii')`
			`aes_key = bytes('128-bit AES key\0', 'ascii')`
			`aes_xts_key = bytes('This is an AES-128-XTS key.\0\0\0\0\0', 'ascii')`
			`aes_iv = bytes('ABCDEFGHIJKLMNOP', 'ascii')`
			`assoc = bytes('associated data string', 'ascii')`
			`hmac_key = bytes('128-bit HMAC key', 'ascii')`

			`def warn_generated():`
			`print(f'''/*`
			`* This header was automatically generated by {scriptname}.`
			`* Don't edit it directly.`
			`*/''')`

			`def is_string_value(value):`
			`return (value.isascii() and`
			`all(c == '\x00' or c.isprintable() for c in str(value, 'ascii')))`

			`def format_value(value, is_string):`
			`if is_string:`
			`return value`
			`hexstr = ''`
			`for byte in value:`
			`hexstr += f'\\x{byte:02x}'`
			`return hexstr`

			`def print_value(name, value):`
			`is_string = is_string_value(value)`
			`hdr = f'static const u8 fips_{name}[{len(value)}] __initconst ='`
			`print(hdr, end='')`
			`if is_string:`
			`value = str(value, 'ascii').rstrip('\x00')`
			`chars_per_byte = 1`
			`else:`
			`chars_per_byte = 4`
			`bytes_per_line = 64 // chars_per_byte`

			`if len(hdr) + (chars_per_byte * len(value)) + 4 <= 80:`
			`print(f' "{format_value(value, is_string)}"', end='')`
			`else:`
			`for chunk in [value[i:i+bytes_per_line]`
			`for i in range(0, len(value), bytes_per_line)]:`
			`print(f'\n\t"{format_value(chunk, is_string)}"', end='')`
			`print(';')`
			`print('')`

			`def generate_aes_testvecs():`
			`print_value('aes_key', aes_key)`
			`print_value('aes_iv', aes_iv)`

			`cbc = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_CBC,`
			`iv=aes_iv)`
			`print_value('aes_cbc_ciphertext', cbc.encrypt(message))`

			`ecb = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_ECB)`
			`print_value('aes_ecb_ciphertext', ecb.encrypt(message))`

			`ctr = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_CTR,`
			`nonce=bytes(), initial_value=aes_iv)`
			`print_value('aes_ctr_ciphertext', ctr.encrypt(message))`

			`print_value('aes_gcm_assoc', assoc)`
			`gcm = Cryptodome.Cipher.AES.new(aes_key, Cryptodome.Cipher.AES.MODE_GCM,`
			`nonce=aes_iv[:12], mac_len=16)`
			`gcm.update(assoc)`
			`raw_ciphertext, tag = gcm.encrypt_and_digest(message)`
			`print_value('aes_gcm_ciphertext', raw_ciphertext + tag)`

			`# Unfortunately, pycryptodome doesn't support XTS, so for it we need to use`
			`# a different Python package (the "cryptography" package).`
			`print_value('aes_xts_key', aes_xts_key)`
			`xts = cryptography.hazmat.primitives.ciphers.Cipher(`
			`cryptography.hazmat.primitives.ciphers.algorithms.AES(aes_xts_key),`
			`cryptography.hazmat.primitives.ciphers.modes.XTS(aes_iv)).encryptor()`
			`ciphertext = xts.update(message) + xts.finalize()`
			`print_value('aes_xts_ciphertext', ciphertext)`

			`cmac = Cryptodome.Hash.CMAC.new(aes_key, ciphermod=Cryptodome.Cipher.AES)`
			`cmac.update(message)`
			`print_value('aes_cmac_digest', cmac.digest())`

			`def generate_sha_testvecs():`
			`print_value('hmac_key', hmac_key)`
			`for alg in ['sha1', 'sha256', 'hmac_sha256', 'sha512']:`
			`if alg.startswith('hmac_'):`
			`h = hmac.new(hmac_key, message, alg.removeprefix('hmac_'))`
			`else:`
			`h = hashlib.new(alg, message)`
			`print_value(f'{alg}_digest', h.digest())`

			`print('/* SPDX-License-Identifier: GPL-2.0-only */')`
			`print('/* Copyright 2021 Google LLC */')`
			`print('')`
			`warn_generated()`
			`print('')`
			`print_value('message', message)`
			`generate_aes_testvecs()`
			`generate_sha_testvecs()`
			`warn_generated()`