diff options
Diffstat (limited to 'test/tpm_test/crypto_test.py')
-rw-r--r-- | test/tpm_test/crypto_test.py | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/test/tpm_test/crypto_test.py b/test/tpm_test/crypto_test.py index 1c292dcdbc..5790c1ee1c 100644 --- a/test/tpm_test/crypto_test.py +++ b/test/tpm_test/crypto_test.py @@ -36,7 +36,7 @@ def get_attribute(tdesc, attr_name, required=True): """ # Fields stored in hex format by default. - default_hex = ('cipher_text', 'iv', 'key') + default_hex = ('aad', 'cipher_text', 'iv', 'key', 'tag') data = tdesc.find(attr_name) if data is None: @@ -108,7 +108,7 @@ SUPPORTED_MODES = { }), } -def crypto_run(node_name, op_type, key, iv, in_text, out_text, tpm): +def crypto_run(node_name, op_type, key, iv, aad, in_text, out_text, tpm): """Perform a basic operation(encrypt or decrypt). This function creates an extended command with the requested parameters, @@ -125,6 +125,7 @@ def crypto_run(node_name, op_type, key, iv, in_text, out_text, tpm): directly to the device as a field in the extended command key: a binary string iv: a binary string, might be empty + aad: additional authenticated data in_text: a binary string, the input of the encrypt/decrypt operation out_text: a binary string, might be empty, the expected output of the operation. Note that it could be shorter than actual output (padded to @@ -156,6 +157,9 @@ def crypto_run(node_name, op_type, key, iv, in_text, out_text, tpm): cmd += '%c' % len(iv) if iv: cmd += iv + cmd += '%c' % len(aad) + if aad: + cmd += aad cmd += struct.pack('>H', len(in_text)) cmd += in_text if tpm.debug_enabled(): @@ -203,18 +207,33 @@ def crypto_test(tdesc, tpm): node_name, ''.join('%2.2x' % ord(x) for x in key))) iv = get_attribute(tdesc, 'iv', required=False) - if iv and len(iv) != 16: + if iv and not node_name.startswith('AES:GCM') and len(iv) != 16: raise subcmd.TpmTestError('wrong iv size "%s:%s"' % ( node_name, ''.join('%2.2x' % ord(x) for x in iv))) - clear_text = get_attribute(tdesc, 'clear_text') + clear_text = get_attribute(tdesc, 'clear_text', required=False) + if clear_text: + clear_text_len = get_attribute(tdesc, 'clear_text_len', required=False) + if clear_text_len: + clear_text = clear_text[:int(clear_text_len)] + else: + clear_text_len = None if tpm.debug_enabled(): print('clear text size', len(clear_text)) cipher_text = get_attribute(tdesc, 'cipher_text', required=False) + if clear_text_len: + cipher_text = cipher_text[:int(clear_text_len)] + tag = get_attribute(tdesc, 'tag', required=False) + aad = get_attribute(tdesc, 'aad', required=False) + if aad: + aad_len = get_attribute(tdesc, 'aad_len', required=False) + if aad_len: + aad = aad[:int(aad_len)] real_cipher_text = crypto_run(node_name, ENCRYPT, key, iv, - clear_text, cipher_text, tpm) - crypto_run(node_name, DECRYPT, key, iv, real_cipher_text, - clear_text, tpm) + aad or '', clear_text, cipher_text + tag, tpm) + crypto_run(node_name, DECRYPT, key, iv, aad or '', + real_cipher_text[:len(real_cipher_text) - len(tag)], + clear_text + tag, tpm) print(utils.cursor_back() + 'SUCCESS: %s' % node_name) def crypto_tests(tpm, xml_file): |