implemented XCBC algorithms (signer, prf) for IKE on top of a crypter
[strongswan.git] / src / charon / plugins / unit_tester / tests / test_aes.c
1 /*
2 * Copyright (C) 2008 Martin Willi
3 * Hochschule fuer Technik Rapperswil
4 *
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; either version 2 of the License, or (at your
8 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9 *
10 * This program is distributed in the hope that it will be useful, but
11 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * for more details.
14 */
15
16 #include <daemon.h>
17 #include <library.h>
18 #include <utils/mutex.h>
19
20 #include <unistd.h>
21 #include <sched.h>
22 #include <pthread.h>
23
24 /**
25 * run a test using given values
26 */
27 static bool do_aes_test(u_char *key, int keysize, u_char *iv,
28 u_char *plain, u_char *cipher, int len)
29 {
30 crypter_t *crypter;
31 chunk_t enc, dec;
32 bool good = TRUE;
33
34 crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, keysize);
35 if (!crypter)
36 {
37 return FALSE;
38 }
39 crypter->set_key(crypter, chunk_create(key, keysize));
40 crypter->encrypt(crypter,
41 chunk_create(plain, len), chunk_create(iv, 16), &enc);
42 if (!memeq(enc.ptr, cipher, len))
43 {
44 good = FALSE;
45 }
46 crypter->decrypt(crypter, enc, chunk_create(iv, 16), &dec);
47 if (!memeq(dec.ptr, plain, len))
48 {
49 good = FALSE;
50 }
51 free(enc.ptr);
52 free(dec.ptr);
53 crypter->destroy(crypter);
54 return good;
55 }
56
57 /*******************************************************************************
58 * AES-128 test
59 ******************************************************************************/
60 bool test_aes128()
61 {
62 /*
63 * Test 1 of RFC3602
64 * Key : 0x06a9214036b8a15b512e03d534120006
65 * IV : 0x3dafba429d9eb430b422da802c9fac41
66 * Plaintext : "Single block msg"
67 * Ciphertext: 0xe353779c1079aeb82708942dbe77181a
68 */
69 u_char key1[] = {
70 0x06,0xa9,0x21,0x40,0x36,0xb8,0xa1,0x5b,
71 0x51,0x2e,0x03,0xd5,0x34,0x12,0x00,0x06
72 };
73 u_char iv1[] = {
74 0x3d,0xaf,0xba,0x42,0x9d,0x9e,0xb4,0x30,
75 0xb4,0x22,0xda,0x80,0x2c,0x9f,0xac,0x41
76 };
77 u_char plain1[] = {
78 'S','i','n','g','l','e',' ','b','l','o','c','k',' ','m','s','g'
79 };
80 u_char cipher1[] = {
81 0xe3,0x53,0x77,0x9c,0x10,0x79,0xae,0xb8,
82 0x27,0x08,0x94,0x2d,0xbe,0x77,0x18,0x1a
83 };
84 if (!do_aes_test(key1, 16, iv1, plain1, cipher1, sizeof(plain1)))
85 {
86 return FALSE;
87 }
88
89 /*
90 * Test 2 of RFC3602
91 * Key : 0xc286696d887c9aa0611bbb3e2025a45a
92 * IV : 0x562e17996d093d28ddb3ba695a2e6f58
93 * Plaintext : 0x000102030405060708090a0b0c0d0e0f
94 * 101112131415161718191a1b1c1d1e1f
95 * Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a
96 * 7586602d253cfff91b8266bea6d61ab1
97 */
98 u_char key2[] = {
99 0xc2,0x86,0x69,0x6d,0x88,0x7c,0x9a,0xa0,
100 0x61,0x1b,0xbb,0x3e,0x20,0x25,0xa4,0x5a
101 };
102 u_char iv2[] = {
103 0x56,0x2e,0x17,0x99,0x6d,0x09,0x3d,0x28,
104 0xdd,0xb3,0xba,0x69,0x5a,0x2e,0x6f,0x58
105 };
106 u_char plain2[] = {
107 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
108 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
109 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
110 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
111 };
112 u_char cipher2[] = {
113 0xd2,0x96,0xcd,0x94,0xc2,0xcc,0xcf,0x8a,
114 0x3a,0x86,0x30,0x28,0xb5,0xe1,0xdc,0x0a,
115 0x75,0x86,0x60,0x2d,0x25,0x3c,0xff,0xf9,
116 0x1b,0x82,0x66,0xbe,0xa6,0xd6,0x1a,0xb1
117 };
118 if (!do_aes_test(key2, 16, iv2, plain2, cipher2, sizeof(plain2)))
119 {
120 return FALSE;
121 }
122
123 /*
124 * Test 3 of RFC3603
125 * Key : 0x56e47a38c5598974bc46903dba290349
126 * IV : 0x8ce82eefbea0da3c44699ed7db51b7d9
127 * Plaintext : 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
128 * b0b1b2b3b4b5b6b7b8b9babbbcbdbebf
129 * c0c1c2c3c4c5c6c7c8c9cacbcccdcecf
130 * d0d1d2d3d4d5d6d7d8d9dadbdcdddedf
131 * Ciphertext: 0xc30e32ffedc0774e6aff6af0869f71aa
132 * 0f3af07a9a31a9c684db207eb0ef8e4e
133 * 35907aa632c3ffdf868bb7b29d3d46ad
134 * 83ce9f9a102ee99d49a53e87f4c3da55
135 */
136 u_char key3[] = {
137 0x56,0xe4,0x7a,0x38,0xc5,0x59,0x89,0x74,
138 0xbc,0x46,0x90,0x3d,0xba,0x29,0x03,0x49
139 };
140 u_char iv3[] = {
141 0x8c,0xe8,0x2e,0xef,0xbe,0xa0,0xda,0x3c,
142 0x44,0x69,0x9e,0xd7,0xdb,0x51,0xb7,0xd9
143 };
144 u_char plain3[] = {
145 0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,
146 0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,
147 0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,
148 0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,
149 0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,
150 0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf,
151 0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,
152 0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf
153 };
154 u_char cipher3[] = {
155 0xc3,0x0e,0x32,0xff,0xed,0xc0,0x77,0x4e,
156 0x6a,0xff,0x6a,0xf0,0x86,0x9f,0x71,0xaa,
157 0x0f,0x3a,0xf0,0x7a,0x9a,0x31,0xa9,0xc6,
158 0x84,0xdb,0x20,0x7e,0xb0,0xef,0x8e,0x4e,
159 0x35,0x90,0x7a,0xa6,0x32,0xc3,0xff,0xdf,
160 0x86,0x8b,0xb7,0xb2,0x9d,0x3d,0x46,0xad,
161 0x83,0xce,0x9f,0x9a,0x10,0x2e,0xe9,0x9d,
162 0x49,0xa5,0x3e,0x87,0xf4,0xc3,0xda,0x55
163 };
164 if (!do_aes_test(key3, 16, iv3, plain3, cipher3, sizeof(plain3)))
165 {
166 return FALSE;
167 }
168 return TRUE;
169 }
170
171 /**
172 * run a single xcbc test for prf and signer
173 */
174 static bool do_xcbc_test(u_int8_t *key, size_t keylen, u_int8_t *mac,
175 u_int8_t *plain, size_t len)
176 {
177 signer_t *signer;
178 prf_t *prf;
179 u_int8_t res[16];
180
181 prf = lib->crypto->create_prf(lib->crypto, PRF_AES128_CBC);
182 if (!prf)
183 {
184 return FALSE;
185 }
186 prf->set_key(prf, chunk_create(key, keylen));
187 prf->get_bytes(prf, chunk_create(plain, len), res);
188 if (!memeq(res, mac, 16))
189 {
190 DBG1(DBG_CFG, "expected %b\ngot %b", mac, 16, res, 16);
191 prf->destroy(prf);
192 return FALSE;
193 }
194 prf->destroy(prf);
195
196 signer = lib->crypto->create_signer(lib->crypto, AUTH_AES_XCBC_96);
197 if (!signer)
198 {
199 return FALSE;
200 }
201 signer->set_key(signer, chunk_create(key, keylen));
202 if (!signer->verify_signature(signer, chunk_create(plain, len),
203 chunk_create(mac, 12)))
204 {
205 return FALSE;
206 }
207 signer->destroy(signer);
208 return TRUE;
209 }
210
211
212 /*******************************************************************************
213 * AES_XCBC mac test
214 ******************************************************************************/
215 bool test_aes_xcbc()
216 {
217 /* Vectors from RFC 3566 */
218
219 /* Test Case #1 : AES-XCBC-MAC-96 with 0-byte input
220 * Key (K) : 000102030405060708090a0b0c0d0e0f
221 * Message (M) : <empty string>
222 * AES-XCBC-MAC : 75f0251d528ac01c4573dfd584d79f29
223 * AES-XCBC-MAC-96: 75f0251d528ac01c4573dfd5
224 */
225 u_char key1[] = {
226 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
227 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
228 };
229 u_char plain1[] = {
230 };
231 u_char mac1[] = {
232 0x75,0xf0,0x25,0x1d,0x52,0x8a,0xc0,0x1c,
233 0x45,0x73,0xdf,0xd5,0x84,0xd7,0x9f,0x29
234 };
235 if (!do_xcbc_test(key1, 16, mac1, plain1, sizeof(plain1)))
236 {
237 return FALSE;
238 }
239
240 /*
241 * Test Case #2 : AES-XCBC-MAC-96 with 3-byte input
242 * Key (K) : 000102030405060708090a0b0c0d0e0f
243 * Message (M) : 000102
244 * AES-XCBC-MAC : 5b376580ae2f19afe7219ceef172756f
245 * AES-XCBC-MAC-96: 5b376580ae2f19afe7219cee
246 */
247 u_char key2[] = {
248 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
249 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
250 };
251 u_char plain2[] = {
252 0x00,0x01,0x02
253 };
254 u_char mac2[] = {
255 0x5b,0x37,0x65,0x80,0xae,0x2f,0x19,0xaf,
256 0xe7,0x21,0x9c,0xee,0xf1,0x72,0x75,0x6f
257 };
258 if (!do_xcbc_test(key2, 16, mac2, plain2, sizeof(plain2)))
259 {
260 return FALSE;
261 }
262
263 /* Test Case #3 : AES-XCBC-MAC-96 with 16-byte input
264 * Key (K) : 000102030405060708090a0b0c0d0e0f
265 * Message (M) : 000102030405060708090a0b0c0d0e0f
266 * AES-XCBC-MAC : d2a246fa349b68a79998a4394ff7a263
267 * AES-XCBC-MAC-96: d2a246fa349b68a79998a439
268 */
269 u_char key3[] = {
270 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
271 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
272 };
273 u_char plain3[] = {
274 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
275 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
276 };
277 u_char mac3[] = {
278 0xd2,0xa2,0x46,0xfa,0x34,0x9b,0x68,0xa7,
279 0x99,0x98,0xa4,0x39,0x4f,0xf7,0xa2,0x63
280 };
281 if (!do_xcbc_test(key3, 16, mac3, plain3, sizeof(plain3)))
282 {
283 return FALSE;
284 }
285
286 /* Test Case #4 : AES-XCBC-MAC-96 with 20-byte input
287 * Key (K) : 000102030405060708090a0b0c0d0e0f
288 * Message (M) : 000102030405060708090a0b0c0d0e0f10111213
289 * AES-XCBC-MAC : 47f51b4564966215b8985c63055ed308
290 * AES-XCBC-MAC-96: 47f51b4564966215b8985c63
291 */
292 u_char key4[] = {
293 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
294 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
295 };
296 u_char plain4[] = {
297 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
298 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
299 0x10,0x11,0x12,0x13
300 };
301 u_char mac4[] = {
302 0x47,0xf5,0x1b,0x45,0x64,0x96,0x62,0x15,
303 0xb8,0x98,0x5c,0x63,0x05,0x5e,0xd3,0x08
304 };
305 if (!do_xcbc_test(key4, 16, mac4, plain4, sizeof(plain4)))
306 {
307 return FALSE;
308 }
309
310 /* Test Case #5 : AES-XCBC-MAC-96 with 32-byte input
311 * Key (K) : 000102030405060708090a0b0c0d0e0f
312 * Message (M) : 000102030405060708090a0b0c0d0e0f10111213141516171819
313 * 1a1b1c1d1e1f
314 * AES-XCBC-MAC : f54f0ec8d2b9f3d36807734bd5283fd4
315 * AES-XCBC-MAC-96: f54f0ec8d2b9f3d36807734b
316 */
317 u_char key5[] = {
318 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
319 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
320 };
321 u_char plain5[] = {
322 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
323 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
324 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
325 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
326 };
327 u_char mac5[] = {
328 0xf5,0x4f,0x0e,0xc8,0xd2,0xb9,0xf3,0xd3,
329 0x68,0x07,0x73,0x4b,0xd5,0x28,0x3f,0xd4
330 };
331 if (!do_xcbc_test(key5, 16, mac5, plain5, sizeof(plain5)))
332 {
333 return FALSE;
334 }
335
336 /* Test Case #7 : AES-XCBC-MAC-96 with 1000-byte input
337 * Key (K) : 000102030405060708090a0b0c0d0e0f
338 * Message (M) : 00000000000000000000 ... 00000000000000000000
339 * [1000 bytes]
340 * AES-XCBC-MAC : f0dafee895db30253761103b5d84528f
341 * AES-XCBC-MAC-96: f0dafee895db30253761103b
342 */
343 u_char key7[] = {
344 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
345 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
346 };
347 u_char plain7[1000];
348 memset(plain7, 0, 1000);
349 u_char mac7[] = {
350 0xf0,0xda,0xfe,0xe8,0x95,0xdb,0x30,0x25,
351 0x37,0x61,0x10,0x3b,0x5d,0x84,0x52,0x8f
352 };
353 if (!do_xcbc_test(key7, 16, mac7, plain7, sizeof(plain7)))
354 {
355 return FALSE;
356 }
357
358 /* variable key test, RFC4434 */
359
360 /* Test Case AES-XCBC-PRF-128 with 20-byte input
361 * Key : 00010203040506070809
362 * Message : 000102030405060708090a0b0c0d0e0f10111213
363 * PRF Output : 0fa087af7d866e7653434e602fdde835
364 */
365 u_char key8[] = {
366 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
367 0x08,0x09,
368 };
369 u_char plain8[] = {
370 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
371 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
372 0x10,0x11,0x12,0x13
373 };
374 u_char mac8[] = {
375 0x0f,0xa0,0x87,0xaf,0x7d,0x86,0x6e,0x76,
376 0x53,0x43,0x4e,0x60,0x2f,0xdd,0xe8,0x35
377 };
378 if (!do_xcbc_test(key8, 10, mac8, plain8, sizeof(plain8)))
379 {
380 return FALSE;
381 }
382
383 /* Test Case AES-XCBC-PRF-128 with 20-byte input
384 * Key : 000102030405060708090a0b0c0d0e0fedcb
385 * Message : 000102030405060708090a0b0c0d0e0f10111213
386 * PRF Output : 8cd3c93ae598a9803006ffb67c40e9e4
387 */
388 u_char key9[] = {
389 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
390 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
391 0xed,0xcb
392 };
393 u_char plain9[] = {
394 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
395 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
396 0x10,0x11,0x12,0x13
397 };
398 u_char mac9[] = {
399 0x8c,0xd3,0xc9,0x3a,0xe5,0x98,0xa9,0x80,
400 0x30,0x06,0xff,0xb6,0x7c,0x40,0xe9,0xe4
401 };
402 if (!do_xcbc_test(key9, 18, mac9, plain9, sizeof(plain9)))
403 {
404 return FALSE;
405 }
406 return TRUE;
407 }
408