introduced encryption test vectors
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 14 May 2009 11:55:48 +0000 (13:55 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 14 May 2009 11:55:56 +0000 (13:55 +0200)
src/pluto/alg/ike_alg_blowfish.c
src/pluto/alg/ike_alg_serpent.c
src/pluto/alg/ike_alg_twofish.c
src/pluto/crypto.c
src/pluto/crypto.h
src/pluto/ike_alg.c
src/pluto/ike_alg.h

index 2bbef05..3172cd8 100644 (file)
 #define  BLOWFISH_KEY_MAX_LEN  448
 
 
+/**
+ * Blowfish CBC encryption test vectors
+ */
+
+/**
+ * Test vector by Eric Young
+ */
+
+static const u_char bf_test0_key[] = {
+       0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+       0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87
+};
+
+static const u_char bf_test0_iv[] = { 
+       0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 
+};
+
+static const u_char bf_test0_plain[] = {
+       /* "7654321 Now is the time for " */
+       0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
+       0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
+       0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20,
+       0x66, 0x6F, 0x72, 0x20, 0x00, 0x00, 0x00, 0x00
+};
+
+static const u_char bf_test0_cipher[] = {
+       0x6B, 0x77, 0xB4, 0xD6, 0x30, 0x06, 0xDE, 0xE6,
+       0x05, 0xB1, 0x56, 0xE2, 0x74, 0x03, 0x97, 0x93,
+       0x58, 0xDE, 0xB9, 0xE7, 0x15, 0x46, 0x16, 0xD9,
+       0x59, 0xF1, 0x65, 0x2B, 0xD5, 0xFF, 0x92, 0xCC
+};
+
+/**
+ * Test vector by Chilkat Software 
+ * (www.chilkatsoft.com/p/php_blowfish.asp)
+ */
+
+static const u_char bf_test1_key[] = {
+       0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
+       0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
+       0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
+       0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50
+};
+
+static const u_char bf_test1_iv[] = {
+       0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38
+};
+
+static const u_char bf_test1_plain[] = {
+       /* "The quick brown fox jumped over the lazy dog" */
+       0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63,
+       0x6b, 0x20, 0x62, 0x72, 0x6f, 0x77, 0x6e, 0x20,
+       0x66, 0x6f, 0x78, 0x20, 0x6a, 0x75, 0x6d, 0x70,
+       0x65, 0x64, 0x20, 0x6f, 0x76, 0x65, 0x72, 0x20,
+       0x74, 0x68, 0x65, 0x20, 0x6c, 0x61, 0x7a, 0x79,
+       0x20, 0x64, 0x6f, 0x67, 0x00, 0x00, 0x00, 0x00
+}; 
+
+static const u_char bf_test1_cipher[] = {
+       0x27, 0x68, 0x55, 0xca, 0x6c, 0x0d, 0x60, 0xf7,
+       0xd9, 0x70, 0x82, 0x10, 0x44, 0x0c, 0x10, 0x72,
+       0xe0, 0x5d, 0x07, 0x8e, 0x73, 0x3b, 0x34, 0xb4,
+       0x19, 0x8d, 0x60, 0x9d, 0xc2, 0xfc, 0xc2, 0xf0,
+       0xc3, 0x09, 0x26, 0xcd, 0xef, 0x3b, 0x6d, 0x52,
+       0xba, 0xf6, 0xe3, 0x45, 0xaa, 0x03, 0xf8, 0x3e
+};
+
+static const enc_testvector_t bf_enc_testvectors[] = {
+       { sizeof(bf_test0_key), bf_test0_key, bf_test0_iv,
+         sizeof(bf_test0_plain), bf_test0_plain, bf_test0_cipher },
+       { sizeof(bf_test1_key), bf_test1_key, bf_test1_iv,
+         sizeof(bf_test1_plain), bf_test1_plain, bf_test1_cipher },
+       { 0, NULL, NULL, 0, NULL, NULL }
+};
+
 static void
 do_blowfish(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
 {
@@ -36,6 +111,7 @@ struct encrypt_desc algo_blowfish =
        keydeflen: BLOWFISH_KEY_MIN_LEN,
        keymaxlen: BLOWFISH_KEY_MAX_LEN,
        do_crypt: do_blowfish,
+       enc_testvectors: bf_enc_testvectors,
 };
 
 int ike_alg_blowfish_init(void);
index fb01caa..c7b6cfe 100644 (file)
@@ -50,10 +50,11 @@ struct encrypt_desc encrypt_desc_serpent =
        algo_next:      NULL,
        enc_ctxsize:    sizeof(struct serpent_context),
        enc_blocksize:  SERPENT_CBC_BLOCK_SIZE,
-        keyminlen:     SERPENT_KEY_MIN_LEN,
-        keydeflen:     SERPENT_KEY_DEF_LEN,
-        keymaxlen:     SERPENT_KEY_MAX_LEN,
-        do_crypt:      do_serpent,
+       keyminlen:      SERPENT_KEY_MIN_LEN,
+       keydeflen:      SERPENT_KEY_DEF_LEN,
+       keymaxlen:      SERPENT_KEY_MAX_LEN,
+       do_crypt:       do_serpent,
+       enc_testvectors: NULL           
 };
 
 int ike_alg_serpent_init(void);
index 1788bc3..9d40e3e 100644 (file)
@@ -48,11 +48,12 @@ struct encrypt_desc encrypt_desc_twofish =
        algo_id:        OAKLEY_TWOFISH_CBC,
        algo_next:      NULL,
        enc_ctxsize:    sizeof(twofish_context),
-        enc_blocksize:         TWOFISH_CBC_BLOCK_SIZE,
-        keydeflen:     TWOFISH_KEY_MIN_LEN,
-        keyminlen:     TWOFISH_KEY_DEF_LEN,
+       enc_blocksize:  TWOFISH_CBC_BLOCK_SIZE,
+       keydeflen:      TWOFISH_KEY_MIN_LEN,
+       keyminlen:      TWOFISH_KEY_DEF_LEN,
        keymaxlen:      TWOFISH_KEY_MAX_LEN,
        do_crypt:       do_twofish,
+       enc_testvectors: NULL
 };
 
 struct encrypt_desc encrypt_desc_twofish_ssh =
index 579e257..52cf0ce 100644 (file)
@@ -61,6 +61,7 @@ static struct encrypt_desc crypto_encryptor_3des =
                keyminlen:      DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE,
                keymaxlen:      DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE,
                do_crypt:       do_3des,
+               enc_testvectors: NULL
 };
 
 /* MD5 hash test vectors
@@ -297,12 +298,12 @@ static const hmac_testvector_t md5_hmac_testvectors[] = {
 
 static struct hash_desc crypto_hasher_md5 =
 {       
-               algo_type: IKE_ALG_HASH,
-               algo_id:   OAKLEY_MD5,
-               algo_next: NULL, 
-               hash_digest_size: HASH_SIZE_MD5,
-               hash_testvectors: md5_hash_testvectors,
-               hmac_testvectors: md5_hmac_testvectors,
+       algo_type: IKE_ALG_HASH,
+       algo_id:   OAKLEY_MD5,
+       algo_next: NULL, 
+       hash_digest_size: HASH_SIZE_MD5,
+       hash_testvectors: md5_hash_testvectors,
+       hmac_testvectors: md5_hmac_testvectors,
 };
 
 /* SHA-1 test vectors
@@ -433,12 +434,12 @@ static const hmac_testvector_t sha1_hmac_testvectors[] = {
 
 static struct hash_desc crypto_hasher_sha1 =
 {       
-               algo_type: IKE_ALG_HASH,
-               algo_id:   OAKLEY_SHA,
-               algo_next: NULL, 
-               hash_digest_size: HASH_SIZE_SHA1,
-               hash_testvectors: sha1_hash_testvectors,
-               hmac_testvectors: sha1_hmac_testvectors
+       algo_type: IKE_ALG_HASH,
+       algo_id:   OAKLEY_SHA,
+       algo_next: NULL, 
+       hash_digest_size: HASH_SIZE_SHA1,
+       hash_testvectors: sha1_hash_testvectors,
+       hmac_testvectors: sha1_hmac_testvectors
 };
 
 void init_crypto(void)
@@ -557,6 +558,34 @@ void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf,
        */
 }
 
+encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
+{
+       switch (alg)
+       {
+               case OAKLEY_DES_CBC:
+                       return ENCR_DES;
+               case OAKLEY_IDEA_CBC:
+                       return ENCR_IDEA; 
+               case OAKLEY_BLOWFISH_CBC:
+                       return ENCR_BLOWFISH;
+               case OAKLEY_RC5_R16_B64_CBC:
+                       return ENCR_RC5;
+               case OAKLEY_3DES_CBC:
+                       return ENCR_3DES;
+               case OAKLEY_CAST_CBC:
+                       return ENCR_CAST;
+               case OAKLEY_AES_CBC:
+                       return ENCR_AES_CBC;
+               case OAKLEY_SERPENT_CBC:
+                       return ENCR_SERPENT_CBC;
+               case OAKLEY_TWOFISH_CBC:
+               case OAKLEY_TWOFISH_CBC_SSH:
+                       return ENCR_TWOFISH_CBC;
+               default:
+                       return ENCR_UNDEFINED;
+       }
+}
+
 hash_algorithm_t oakley_to_hash_algorithm(int alg)
 {
        switch (alg)
index 4fc9b23..c07f695 100644 (file)
@@ -12,8 +12,7 @@
  * for more details.
  */
 
-#include <gmp.h>    /* GNU MP library */
-
+#include <crypto/hashers/hasher.h>
 #include <crypto/hashers/hasher.h>
 #include <crypto/prfs/prf.h>
 
@@ -60,7 +59,7 @@ void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf, s
 
 /* unification of cryptographic hashing mechanisms */
 
-
+extern encryption_algorithm_t oakley_to_encryption_algorithm(int alg);
 extern hash_algorithm_t oakley_to_hash_algorithm(int alg);
 extern pseudo_random_function_t oakley_to_prf(int alg);
 
index e0c8c97..5e4a431 100644 (file)
@@ -22,7 +22,9 @@
 #include <ipsec_policy.h>
 
 #include <library.h>
+#include <debug.h>
 #include <crypto/hashers/hasher.h>
+#include <crypto/crypters/crypter.h>
 #include <crypto/prfs/prf.h>
 
 #include "constants.h"
@@ -42,7 +44,7 @@
 
 #define return_on(var, val) do { var=val;goto return_out; } while(0);
 
-/*
+/**
  * IKE algorithm list handling - registration and lookup
  */
 
 
 static struct ike_alg *ike_alg_base[IKE_ALG_MAX+1] = {NULL, NULL};
 
-/*
- * return ike_algo object by {type, id}
+/**
+ * Return ike_algo object by {type, id}
  */
-static struct ike_alg *
-ike_alg_find(u_int algo_type, u_int algo_id, u_int keysize __attribute__((unused)))
+static struct ike_alg *ike_alg_find(u_int algo_type, u_int algo_id,
+                                                                       u_int keysize __attribute__((unused)))
 {
        struct ike_alg *e = ike_alg_base[algo_type];
 
@@ -65,11 +67,10 @@ ike_alg_find(u_int algo_type, u_int algo_id, u_int keysize __attribute__((unused
        return (e != NULL && e->algo_id == algo_id) ? e : NULL;
 }
 
-/*
+/**
  * "raw" ike_alg list adding function
  */
-int
-ike_alg_add(struct ike_alg* a)
+int ike_alg_add(struct ike_alg* a)
 {
        if (a->algo_type > IKE_ALG_MAX)
        {
@@ -98,45 +99,42 @@ ike_alg_add(struct ike_alg* a)
        }
 }
 
-/*
- * get IKE hash algorithm
+/**
+ * Get IKE hash algorithm
  */
 struct hash_desc *ike_alg_get_hasher(u_int alg)
 {
        return (struct hash_desc *) ike_alg_find(IKE_ALG_HASH, alg, 0);
 }
 
-/*
- * get IKE encryption algorithm
+/**
+ * Get IKE encryption algorithm
  */
 struct encrypt_desc *ike_alg_get_encrypter(u_int alg)
 {
        return (struct encrypt_desc *) ike_alg_find(IKE_ALG_ENCRYPT, alg, 0);
 }
 
-/*
- * check if IKE hash algorithm is present
+/**
+ * Check if IKE hash algorithm is present
  */
-bool
-ike_alg_hash_present(u_int halg)
+bool ike_alg_hash_present(u_int halg)
 {
        return ike_alg_get_hasher(halg) != NULL;
 }
 
-/*
+/**
  * check if IKE encryption algorithm is present
  */
-bool
-ike_alg_enc_present(u_int ealg)
+bool ike_alg_enc_present(u_int ealg)
 {
        return ike_alg_get_encrypter(ealg) != NULL;
 }
 
-/*
+/**
  * Validate and register IKE hash algorithm object
  */
-int
-ike_alg_register_hash(struct hash_desc *hash_desc)
+int ike_alg_register_hash(struct hash_desc *hash_desc)
 {
        const char *alg_name = NULL;
        int ret = 0;
@@ -166,11 +164,10 @@ return_out:
        return ret;
 }
 
-/*
+/**
  * Validate and register IKE encryption algorithm object
  */
-int
-ike_alg_register_enc(struct encrypt_desc *enc_desc)
+int ike_alg_register_enc(struct encrypt_desc *enc_desc)
 {
        int ret = ike_alg_add((struct ike_alg *)enc_desc);
 
@@ -192,11 +189,10 @@ ike_alg_register_enc(struct encrypt_desc *enc_desc)
        return ret;
 }
 
-/*
+/**
  * Get pfsgroup for this connection
  */
-const struct oakley_group_desc *
-ike_alg_pfsgroup(struct connection *c, lset_t policy)
+const struct oakley_group_desc *ike_alg_pfsgroup(struct connection *c, lset_t policy)
 {
        const struct oakley_group_desc * ret = NULL;
 
@@ -207,11 +203,10 @@ ike_alg_pfsgroup(struct connection *c, lset_t policy)
        return ret;
 }
 
-/*
+/**
  * Create an OAKLEY proposal based on alg_info and policy
  */
-struct db_context *
-ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
+struct db_context *ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
 {
        struct db_context *db_ctx = NULL;
        struct ike_info *ike_info;
@@ -318,11 +313,10 @@ fail:
        return db_ctx;
 }
 
-/*
+/**
  * Show registered IKE algorithms
  */
-void
-ike_alg_list(void)
+void ike_alg_list(void)
 {
        u_int i;
        struct ike_alg *a;
@@ -374,14 +368,13 @@ ike_alg_list(void)
        }
 }
 
-/*  Show IKE algorithms for
- *    - this connection (result from ike= string)
- *    - newest SA
+/**
+ * Show IKE algorithms for this connection (result from ike= string)
+ * and newest SA
  */
-void
-ike_alg_show_connection(struct connection *c, const char *instance)
+void ike_alg_show_connection(struct connection *c, const char *instance)
 {
-       char buf[256];
+       char buf[BUF_LEN];
        struct state *st;
 
        if (c->alg_info_ike)
@@ -420,11 +413,72 @@ ike_alg_show_connection(struct connection *c, const char *instance)
                );
 }
 
-/*
+/**
+ * Apply a suite of testvectors to an encryption algorithm
+ */
+static bool ike_encrypt_test(const struct encrypt_desc *desc)
+{
+       bool encrypt_results = TRUE;
+
+       if (desc->enc_testvectors == NULL)
+       {
+               plog("  %s encryption self-test not available",
+                        enum_name(&oakley_enc_names, desc->algo_id));
+       }
+       else
+       {
+               int i;
+               encryption_algorithm_t enc_alg;
+
+               enc_alg = oakley_to_encryption_algorithm(desc->algo_id);
+       
+               for (i = 0; desc->enc_testvectors[i].key != NULL; i++)
+               {
+                       bool result;
+                       crypter_t *crypter;
+                       chunk_t key =    { (u_char*)desc->enc_testvectors[i].key,
+                                                                           desc->enc_testvectors[i].key_size };
+                       chunk_t plain =  { (u_char*)desc->enc_testvectors[i].plain,
+                                                                           desc->enc_testvectors[i].data_size};
+                       chunk_t cipher = { (u_char*)desc->enc_testvectors[i].cipher,
+                                                                           desc->enc_testvectors[i].data_size};
+                       chunk_t encrypted = chunk_empty;
+                       chunk_t decrypted = chunk_empty;
+                       chunk_t iv;
+
+                       crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, key.len);
+                       if (crypter == NULL)
+                       {
+                               plog("  %s encryption function not available",
+                                        enum_name(&oakley_enc_names, desc->algo_id));
+                               return FALSE;
+                       }
+                       iv = chunk_create((u_char*)desc->enc_testvectors[i].iv,
+                                                         crypter->get_block_size(crypter));
+                       crypter->set_key(crypter, key);
+                       crypter->decrypt(crypter, cipher, iv, &decrypted);
+                       result = chunk_equals(decrypted, plain);
+                       crypter->encrypt(crypter, plain, iv, &encrypted);
+                       result &= chunk_equals(encrypted, cipher);
+                       DBG(DBG_CRYPT,
+                               DBG_log("  enc testvector %d: %s", i, result ? "ok":"failed")
+                       )
+                       encrypt_results &= result;
+                       crypter->destroy(crypter);
+                       free(encrypted.ptr);
+                       free(decrypted.ptr);
+               }
+               plog("  %s encryption self-test %s",
+                        enum_name(&oakley_enc_names, desc->algo_id),
+                        encrypt_results ? "passed":"failed");
+       }
+       return encrypt_results;
+}
+
+/**
  * Apply a suite of testvectors to a hash algorithm
  */
-static bool
-ike_hash_test(const struct hash_desc *desc)
+static bool ike_hash_test(const struct hash_desc *desc)
 {
        bool hash_results = TRUE;
        bool hmac_results = TRUE;
@@ -513,23 +567,22 @@ ike_hash_test(const struct hash_desc *desc)
        return hash_results && hmac_results;
 }
 
-/*
+/**
  * Apply test vectors to registered encryption and hash algorithms
  */
-bool
-ike_alg_test(void)
+bool ike_alg_test(void)
 {
        bool all_results = TRUE;
        struct ike_alg *a;
-
+       
        plog("Testing registered IKE encryption algorithms:");
 
        for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
        {
-               plog("  %s self-test not available", enum_name(&oakley_enc_names, a->algo_id));
-       }
+               struct encrypt_desc *desc = (struct encrypt_desc*)a;
 
-       plog("Testing registered IKE hash algorithms:");
+               all_results &= ike_encrypt_test(desc);
+       }
 
        for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
        {
@@ -545,12 +598,11 @@ ike_alg_test(void)
        return all_results;
 }
 
-/*
+/**
  * ML: make F_STRICT logic consider enc,hash/auth,modp algorithms
  */
-bool
-ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group
-, struct alg_info_ike *alg_info_ike)
+bool ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group,
+                                         struct alg_info_ike *alg_info_ike)
 {
        /*
         * simple test to discard low key_len, will accept it only
index 3bf93b9..4bc1f90 100644 (file)
@@ -23,6 +23,17 @@ struct ike_alg {
        struct ike_alg *algo_next;
 };
 
+typedef struct enc_testvector enc_testvector_t;
+
+struct enc_testvector {
+       const size_t  key_size;
+       const u_char *key;
+       const u_char *iv;
+       const size_t  data_size;
+       const u_char *plain;
+       const u_char *cipher;
+};
+
 struct encrypt_desc {
        u_int16_t algo_type;
        u_int16_t algo_id;
@@ -34,6 +45,7 @@ struct encrypt_desc {
        u_int keymaxlen;
        u_int keyminlen;
        void (*do_crypt)(u_int8_t *dat, size_t datasize, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc);
+       const enc_testvector_t *enc_testvectors;
 };
 
 typedef struct hash_testvector hash_testvector_t;