fixed aes code, we support now aes128, aes192, aes256 in IKE
authorMartin Willi <martin@strongswan.org>
Thu, 15 Jun 2006 13:14:09 +0000 (13:14 -0000)
committerMartin Willi <martin@strongswan.org>
Thu, 15 Jun 2006 13:14:09 +0000 (13:14 -0000)
src/charon/config/credentials/credential_store.h
src/charon/sa/ike_sa.c
src/charon/testing/aes_cbc_crypter_test.c
src/charon/testing/testcases.c
src/libstrongswan/crypto/crypters/aes_cbc_crypter.c

index 6f395ce..e7f6066 100755 (executable)
@@ -85,8 +85,6 @@ struct credential_store_t {
        /**
         * @brief Is there a matching RSA private key belonging to an RSA public key?
         * 
-        * The returned rsa_private_key_t must be destroyed by the caller after usage.
-        * 
         * @param this                                  calling object
         * @param pubkey                                public key 
         * @return                                              TRUE if matching private key was found 
index 4bffae9..61dc7b6 100644 (file)
@@ -435,7 +435,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
        /* SK_ai/SK_ar used for integrity protection */
        if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &algo))
        {
-               this->logger->log(this->logger, ERROR|LEVEL2, "No integrity algoithm selected?!");
+               this->logger->log(this->logger, ERROR, "No integrity algoithm selected?!");
                return FAILED;
        }
        if (this->signer_initiator != NULL)
@@ -451,7 +451,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
        this->signer_responder = signer_create(algo->algorithm);
        if (this->signer_initiator == NULL || this->signer_responder == NULL)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1
+               this->logger->log(this->logger, ERROR, 
                                                  "INTEGRITY_ALGORITHM %s not supported!",
                                                  mapping_find(integrity_algorithm_m,algo->algorithm));
                return FAILED;
@@ -459,12 +459,12 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
        key_size = this->signer_initiator->get_key_size(this->signer_initiator);
        
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       this->logger->log_chunk(this->logger, PRIVATE, "Sk_ai secret", key);
+       this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "Sk_ai secret", key);
        this->signer_initiator->set_key(this->signer_initiator, key);
        chunk_free(&key);
 
        prf_plus->allocate_bytes(prf_plus, key_size, &key);
-       this->logger->log_chunk(this->logger, PRIVATE, "Sk_ar secret", key);
+       this->logger->log_chunk(this->logger, CONTROL|LEVEL1, "Sk_ar secret", key);
        this->signer_responder->set_key(this->signer_responder, key);
        chunk_free(&key);
        
@@ -472,7 +472,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
        /* SK_ei/SK_er used for encryption */
        if (!proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, &algo))
        {
-               this->logger->log(this->logger, ERROR|LEVEL2, "No encryption algoithm selected!?");
+               this->logger->log(this->logger, ERROR, "No encryption algoithm selected!?");
                return FAILED;
        }
        if (this->crypter_initiator != NULL)
@@ -488,7 +488,7 @@ static status_t build_transforms(private_ike_sa_t *this, proposal_t *proposal, d
        this->crypter_responder = crypter_create(algo->algorithm, algo->key_size / 8);
        if (this->crypter_initiator == NULL || this->crypter_responder == NULL)
        {
-               this->logger->log(this->logger, ERROR|LEVEL1
+               this->logger->log(this->logger, ERROR, 
                                                  "ENCRYPTION_ALGORITHM %s (key size %d) not supported!",
                                                  mapping_find(encryption_algorithm_m, algo->algorithm),
                                                  algo->key_size);
index 30dae39..c65a473 100644 (file)
@@ -197,5 +197,106 @@ void test_aes_cbc_crypter(protected_tester_t *tester)
        chunk_free(&decrypted3);
        
        crypter->destroy(crypter);
+       
+       /**
+        * Test4: Own en-/decrypt test using AES-256
+        *
+        * PLAINTEXT:  00112233445566778899aabbccddeeff
+        * KEY:        000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+        * INPUT:      00112233445566778899aabbccddeeff
+        * OUTPUT:     8ea2b7ca516745bfeafc49904b496089
+        */
+       u_int8_t key4[] = {
+               0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+               0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+               0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
+               0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f
+       };
+       chunk_t key4_chunk = {ptr: key4, len : 32};
+       u_int8_t iv4[] = {
+               0x8c,0xe8,0x2e,0xef,0xbe,0xa0,0xda,0x3c,
+               0x44,0x69,0x9e,0xd7,0xdb,0x51,0xb7,0xd9
+       };
+       chunk_t iv4_chunk = {ptr: iv4, len : 16};
+       u_int8_t plaintext4[] = {
+               0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,
+               0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,
+               0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,
+               0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,
+               0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,
+               0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf,
+               0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,
+               0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf
+       };
+       chunk_t data4 = {ptr: plaintext4, len : 64};
+       chunk_t encrypted4;
+       chunk_t decrypted4;
+
+       crypter = (crypter_t *) aes_cbc_crypter_create(32);
+       tester->assert_true(tester, (crypter != NULL), "create call test");
+
+       tester->assert_true(tester, (crypter->set_key(crypter,key4_chunk) == SUCCESS), "set_key call test"); 
+
+       tester->assert_true(tester, (crypter->encrypt(crypter,data4,iv4_chunk,&encrypted4) == SUCCESS), "encrypt call test");
+
+       tester->assert_true(tester, (crypter->decrypt(crypter,encrypted4,iv4_chunk,&decrypted4) == SUCCESS), "decrypt call test");
+       chunk_free(&encrypted4);
+
+       logger->log_chunk(logger,RAW,"expected decrypted :", data4);
+       logger->log_chunk(logger,RAW,"decrypted :", decrypted4);
+       tester->assert_true(tester, (memcmp(decrypted4.ptr, plaintext4, 64) == 0), "decrypted value");
+
+       chunk_free(&decrypted4);
+       crypter->destroy(crypter);
+       
+       /**
+        * Test4: Own en-/decrypt test using AES-192
+        *
+        * PLAINTEXT:  00112233445566778899aabbccddeeff
+        * KEY:        000102030405060708090a0b0c0d0e0f1011121314151617
+        * INPUT:      00112233445566778899aabbccddeeff
+        * OUTPUT:     8ea2b7ca516745bfeafc49904b496089
+        */
+       u_int8_t key5[] = {
+               0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+               0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f,
+               0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17
+       };
+       chunk_t key5_chunk = {ptr: key5, len : 24};
+       u_int8_t iv5[] = {
+               0x8c,0xe8,0x2e,0xef,0xbe,0xa0,0xda,0x3c,
+               0x44,0x69,0x9e,0xd7,0xdb,0x51,0xb7,0xd9
+       };
+       chunk_t iv5_chunk = {ptr: iv5, len : 16};
+       u_int8_t plaintext5[] = {
+               0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7,
+               0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf,
+               0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7,
+               0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf,
+               0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7,
+               0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf,
+               0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7,
+               0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf
+       };
+       chunk_t data5 = {ptr: plaintext5, len : 64};
+       chunk_t encrypted5;
+       chunk_t decrypted5;
+
+       crypter = (crypter_t *) aes_cbc_crypter_create(24);
+       tester->assert_true(tester, (crypter != NULL), "create call test");
+
+       tester->assert_true(tester, (crypter->set_key(crypter,key5_chunk) == SUCCESS), "set_key call test"); 
+
+       tester->assert_true(tester, (crypter->encrypt(crypter,data5,iv5_chunk,&encrypted5) == SUCCESS), "encrypt call test");
+
+       tester->assert_true(tester, (crypter->decrypt(crypter,encrypted5,iv5_chunk,&decrypted5) == SUCCESS), "decrypt call test");
+       chunk_free(&encrypted4);
+
+       logger->log_chunk(logger,RAW,"expected decrypted :", data5);
+       logger->log_chunk(logger,RAW,"decrypted :", decrypted5);
+       tester->assert_true(tester, (memcmp(decrypted5.ptr, plaintext5, 64) == 0), "decrypted value");
+
+       chunk_free(&decrypted5);
+       crypter->destroy(crypter);
 }
 
index c4a4ad9..5e9bac5 100644 (file)
@@ -252,7 +252,7 @@ int main()
        tester_t *tester = tester_create(test_output, FALSE);
        
        //tester->perform_tests(tester,all_tests);
-       tester->perform_test(tester,&proposal_test);
+       tester->perform_test(tester,&aes_cbc_crypter_test);
        
        
        tester->destroy(tester);
index 9b7b07c..9793640 100644 (file)
@@ -77,11 +77,6 @@ struct private_aes_cbc_crypter_t {
        u_int32_t    aes_d_key[AES_KS_LENGTH];
        
        /**
-       * The number of columns in the cipher state.
-       */
-       u_int32_t    aes_Ncol;
-       
-       /**
        * Key size of this AES cypher object.
        */
        u_int32_t    key_size;
@@ -967,7 +962,7 @@ static void gen_tabs(void)
     f2 ^= f4 ^ f8 ^ upr(f2 ^ f9,3) ^ upr(f4 ^ f9,2) ^ upr(f9,1))
 #endif
 
-#define nc   (this->aes_Ncol)
+#define nc   (AES_BLOCK_SIZE/4)
 
 // Initialise the key schedule from the user supplied key. The key
 // length is now specified in bytes - 16, 24 or 32 as appropriate.
@@ -1490,7 +1485,7 @@ static status_t set_key (private_aes_cbc_crypter_t *this, chunk_t key)
                return INVALID_ARG;
        }
        
-       this->aes_Nrnd = (this->aes_Nkey > (this->aes_Ncol) ? this->aes_Nkey : (this->aes_Ncol)) + 6; 
+       this->aes_Nrnd = (this->aes_Nkey > (nc) ? this->aes_Nkey : (nc)) + 6; 
        
        this->aes_e_key[0] = const_word_in(in_key     );
        this->aes_e_key[1] = const_word_in(in_key +  4);
@@ -1595,15 +1590,12 @@ aes_cbc_crypter_t *aes_cbc_crypter_create(size_t key_size)
        this->key_size = key_size;
        switch(key_size) {
        case 32:        /* bytes */
-               this->aes_Ncol = 8;
                this->aes_Nkey = 8;
                break;
        case 24:        /* bytes */
-               this->aes_Ncol = 6;
                this->aes_Nkey = 6;
                break;
        case 16:        /* bytes */
-               this->aes_Ncol = 4;
                this->aes_Nkey = 4;
                break;
        default: