1/* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 22/* 23 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. 24 */ 25 26/** 27 * \file KMSAgentKnownAnswerTests.cpp 28 */ 29 30#if defined(K_SOLARIS_PLATFORM) && !defined(SOLARIS10) 31#include <aes_impl.h> 32#define AES_MAXKEYBYTES AES_MAX_KEY_BYTES 33#define AES_MAXKEYBITS AES_MAXBITS 34#else 35#include "rijndael.h" 36#endif 37#include "KMSAgentCryptoUtilities.h" 38#include "KMSAgentStringUtilities.h" 39 40#ifdef METAWARE 41#include "debug.h" 42#include "sizet.h" 43typedef unsigned char uint8_t; 44typedef unsigned short uint16_t; 45typedef unsigned int uint32_t; 46typedef unsigned long long uint64_t; 47#endif 48 49#include "KMSAgentAESKeyWrap.h" 50#include "KMSAgentKnownAnswerTests.h" 51 52int KnownAnswerTestAESKeyWrap (void) 53{ 54 55 /* 56 * Test Vectors from RFC3394 for 256 bit KEK and 256 bit Key 57 * Wrap Input: 58 KEK: 59 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F 60 Key Data: 61 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F 62 63 Output: 64 Ciphertext 28C9F404C4B810F4 CBCCB35CFB87F826 3F5786E2D80ED326 65 CBC7F0E71A99F43B FB988B9B7A02DD21 66 67 Unwrap: 68 Plaintext A6A6A6A6A6A6A6A6 0011223344556677 8899AABBCCDDEEFF 69 0001020304050607 08090A0B0C0D0E0F 70 71 Output: 72 Key Data: 73 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F 74 75 */ 76 77 static char sKEK[] = "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F"; 78 static char sKey[] = "00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F"; 79 static char sKnownCiphertext[] = "28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21"; 80 81 //#ifdef KAT_DEBUG 82 // printf("\nAES Key Wrap Test using Test Vectors from RFC 3394 for 256b KEK and 256b Key\n\n"); 83 // printf("KEK=%s\n", sKEK); 84 // printf("Key=%s\n", sKey); 85 //#endif 86 87 // key-encryption key 88 unsigned char acKEK[AES_MAXKEYBYTES]; 89 90 // plaintext key 91 unsigned char acKey[AES_MAXKEYBYTES]; 92 93 // the wrapped key includes an extra 64bits for the integrity check register 94 unsigned char acWrappedKey[AES_MAXKEYBYTES + 8]; 95 unsigned char acUnWrappedKey[AES_MAXKEYBYTES]; 96 unsigned char acExpectedWrappedKey[AES_MAXKEYBYTES + 8]; 97 98 if ((size_t) ConvertUTF8HexStringToBinary( 99 sKnownCiphertext, 100 acExpectedWrappedKey) != strlen(sKnownCiphertext) / 2) 101 { 102 return -1; 103 } 104 105 if (ConvertUTF8HexStringToBinary( 106 sKEK, 107 acKEK) != AES_MAXKEYBYTES) 108 { 109 return -1; 110 } 111 112 if (ConvertUTF8HexStringToBinary( 113 sKey, 114 acKey) != AES_MAXKEYBYTES) 115 { 116 return -1; 117 } 118 119 // for 256 bit Key n=64 120 aes_key_wrap(acKEK, sizeof (acKEK), acKey, 121 4, acWrappedKey); 122 123 if (memcmp(acWrappedKey, acExpectedWrappedKey, sizeof (acWrappedKey)) != 0) 124 { 125 return -1; 126 } 127 128 if (aes_key_unwrap(acKEK, sizeof (acKEK), acWrappedKey, 129 acUnWrappedKey, 4) != 0) 130 { 131 return -1; 132 } 133 134 if (memcmp(acKey, acUnWrappedKey, sizeof (acKey)) != 0) 135 { 136 return -1; 137 } 138 139 return 0; 140} 141 142static int AES_ECB_TestExecution ( 143 const char * const i_sPlainText, 144 const char * const i_sKnownCypherText, 145 const unsigned char * const i_pKey) 146{ 147 unsigned char acPlainText[256]; 148 unsigned char acCypherText[sizeof (acPlainText)]; 149 unsigned char acKnownCypherText[sizeof (acPlainText)]; 150 unsigned char acDecryptedCypherText[sizeof (acPlainText)]; 151 memset(acDecryptedCypherText, 0, sizeof (acDecryptedCypherText)); 152 153#ifdef KAT_DEBUG 154 char sComputedCypherText[256]; 155#endif 156 157#if defined(K_SOLARIS_PLATFORM) && !defined(SOLARIS10) 158 void *ks; 159 size_t ks_size; 160#else 161 rijndael_ctx ctx; 162#endif 163 164 if ((size_t) ConvertUTF8HexStringToBinary( 165 i_sPlainText, 166 acPlainText) != strlen(i_sPlainText) / 2) 167 { 168 return -1; 169 } 170 if ((size_t) ConvertUTF8HexStringToBinary( 171 i_sKnownCypherText, 172 acKnownCypherText) != strlen(i_sKnownCypherText) / 2) 173 { 174 return -1; 175 } 176 177#if defined(K_SOLARIS_PLATFORM) && !defined(SOLARIS10) 178 ks = aes_alloc_keysched(&ks_size, 0); 179 if (ks == NULL) 180 return (-1); 181 aes_init_keysched(i_pKey, AES_MAXKEYBITS, ks); 182 (void) aes_encrypt_block(ks, acPlainText, acCypherText); 183#else 184 rijndael_set_key_enc_only(&ctx, (uint8_t *) i_pKey, AES_MAXKEYBITS); 185 186 rijndael_encrypt(&ctx, acPlainText, (uint8_t *) acCypherText); 187#endif 188 189#ifdef KAT_DEBUG 190 ConvertBinaryToUTF8HexString(sComputedCypherText, 191 acCypherText, 192 strlen(i_sPlainText) / 2); 193 printf("PlainText=%s\n", i_sPlainText); 194 printf("CypherText=%s\n", sComputedCypherText); 195#endif 196 197 if (memcmp(acCypherText, acKnownCypherText, strlen(i_sKnownCypherText) / 2) != 0) 198 { 199#if defined(K_SOLARIS_PLATFORM) && !defined(SOLARIS10) 200 free(ks); 201#endif 202 return -1; 203 } 204 205#if defined(K_SOLARIS_PLATFORM) && !defined(SOLARIS10) 206 aes_init_keysched(i_pKey, AES_MAXKEYBITS, ks); 207 (void) aes_decrypt_block(ks, acCypherText, acDecryptedCypherText); 208 free(ks); 209#else 210 rijndael_set_key(&ctx, (uint8_t *) i_pKey, AES_MAXKEYBITS); 211 rijndael_decrypt(&ctx, (uint8_t *) acCypherText, acDecryptedCypherText); 212#endif 213 214 if (memcmp(acPlainText, acDecryptedCypherText, strlen(i_sPlainText) / 2) != 0) 215 { 216 return -1; 217 } 218 219 return 0; 220 221} 222 223static int KnownAnswerTestAESECB_GFSbox (void) 224{ 225 /* 226 * Test Vectors from AES Algorithm Validation Suite(AESAVS) 227 */ 228 unsigned char acKey[AES_MAXKEYBYTES]; 229 memset(acKey, 0, sizeof (acKey)); 230 231 /* 232 # CAVS 6.1 233 # Config info for Sun 1820 AES 234 # AESVS GFSbox test data for ECB 235 # State : Encrypt and Decrypt 236 # Key Length : 256 237 # Generated on Wed Aug 13 13:39:06 2008 238 */ 239 const size_t GFSboxCount = 5; 240 static char sPlainText[GFSboxCount][33]; 241 static char sKnownCypherText[GFSboxCount][33]; 242 strcpy(sPlainText[0], "014730f80ac625fe84f026c60bfd547d"); 243 strcpy(sPlainText[1], "0b24af36193ce4665f2825d7b4749c98"); 244 strcpy(sPlainText[2], "761c1fe41a18acf20d241650611d90f1"); 245 strcpy(sPlainText[3], "8a560769d605868ad80d819bdba03771"); 246 strcpy(sPlainText[4], "91fbef2d15a97816060bee1feaa49afe"); 247 248 strcpy(sKnownCypherText[0], "5c9d844ed46f9885085e5d6a4f94c7d7"); 249 strcpy(sKnownCypherText[1], "a9ff75bd7cf6613d3731c77c3b6d0c04"); 250 strcpy(sKnownCypherText[2], "623a52fcea5d443e48d9181ab32c7421" ); 251 strcpy(sKnownCypherText[3], "38f2c7ae10612415d27ca190d27da8b4" ); 252 strcpy(sKnownCypherText[4], "1bc704f1bce135ceb810341b216d7abe" ); 253 254 255 for (size_t i = 0; i < GFSboxCount; i++) 256 { 257 if (AES_ECB_TestExecution(sPlainText[i], sKnownCypherText[i], acKey) != 0) 258 { 259#ifdef KAT_DEBUG 260 printf("GFSbox[%d]: failed\n", i); 261#endif 262 return -1; 263 } 264#ifdef KAT_DEBUG 265 printf("GFSbox[%d]: passed\n", i); 266#endif 267 } 268 return 0; 269} 270 271static int KnownAnswerTestAESECB_KeySbox (void) 272{ 273 unsigned char acKey[AES_MAXKEYBYTES]; 274 memset(acKey, 0, sizeof (acKey)); 275 276 /* 277 # CAVS 6.1 278 # Config info for Sun 1820 AES 279 # AESVS KeySbox test data for ECB 280 # State : Encrypt and Decrypt 281 # Key Length : 256 282 # Generated on Wed Aug 13 13:39:07 2008 283 */ 284 const size_t KeySboxCount = 16; 285 static char sKey[KeySboxCount][65]; 286 static char sKnownCypherText[KeySboxCount][33]; 287 static char sPlainText[] = "00000000000000000000000000000000"; 288 289 strcpy(sKey[0], "c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558"); 290 strcpy(sKey[1], "28d46cffa158533194214a91e712fc2b45b518076675affd910edeca5f41ac64"); 291 strcpy(sKey[2], "c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c"); 292 strcpy(sKey[3], "984ca75f4ee8d706f46c2d98c0bf4a45f5b00d791c2dfeb191b5ed8e420fd627"); 293 strcpy(sKey[4], "b43d08a447ac8609baadae4ff12918b9f68fc1653f1269222f123981ded7a92f"); 294 strcpy(sKey[5], "1d85a181b54cde51f0e098095b2962fdc93b51fe9b88602b3f54130bf76a5bd9"); 295 strcpy(sKey[6], "dc0eba1f2232a7879ded34ed8428eeb8769b056bbaf8ad77cb65c3541430b4cf"); 296 strcpy(sKey[7], "f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9"); 297 strcpy(sKey[8], "797f8b3d176dac5b7e34a2d539c4ef367a16f8635f6264737591c5c07bf57a3e"); 298 strcpy(sKey[9], "6838d40caf927749c13f0329d331f448e202c73ef52c5f73a37ca635d4c47707"); 299 strcpy(sKey[10], "ccd1bc3c659cd3c59bc437484e3c5c724441da8d6e90ce556cd57d0752663bbc"); 300 strcpy(sKey[11], "13428b5e4c005e0636dd338405d173ab135dec2a25c22c5df0722d69dcc43887"); 301 strcpy(sKey[12], "07eb03a08d291d1b07408bf3512ab40c91097ac77461aad4bb859647f74f00ee"); 302 strcpy(sKey[13], "90143ae20cd78c5d8ebdd6cb9dc1762427a96c78c639bccc41a61424564eafe1"); 303 strcpy(sKey[14], "b7a5794d52737475d53d5a377200849be0260a67a2b22ced8bbef12882270d07"); 304 strcpy(sKey[15], "fca02f3d5011cfc5c1e23165d413a049d4526a991827424d896fe3435e0bf68e"); 305 strcpy(sKnownCypherText[0], "46f2fb342d6f0ab477476fc501242c5f"); 306 strcpy(sKnownCypherText[1], "4bf3b0a69aeb6657794f2901b1440ad4"); 307 strcpy(sKnownCypherText[2], "352065272169abf9856843927d0674fd"); 308 strcpy(sKnownCypherText[3], "4307456a9e67813b452e15fa8fffe398"); 309 strcpy(sKnownCypherText[4], "4663446607354989477a5c6f0f007ef4"); 310 strcpy(sKnownCypherText[5], "531c2c38344578b84d50b3c917bbb6e1"); 311 strcpy(sKnownCypherText[6], "fc6aec906323480005c58e7e1ab004ad"); 312 strcpy(sKnownCypherText[7], "a3944b95ca0b52043584ef02151926a8"); 313 strcpy(sKnownCypherText[8], "a74289fe73a4c123ca189ea1e1b49ad5"); 314 strcpy(sKnownCypherText[9], "b91d4ea4488644b56cf0812fa7fcf5fc"); 315 strcpy(sKnownCypherText[10], "304f81ab61a80c2e743b94d5002a126b"); 316 strcpy(sKnownCypherText[11], "649a71545378c783e368c9ade7114f6c"); 317 strcpy(sKnownCypherText[12], "47cb030da2ab051dfc6c4bf6910d12bb"); 318 strcpy(sKnownCypherText[13], "798c7c005dee432b2c8ea5dfa381ecc3"); 319 strcpy(sKnownCypherText[14], "637c31dc2591a07636f646b72daabbe7"); 320 strcpy(sKnownCypherText[15], "179a49c712154bbffbe6e7a84a18e220"); 321 322 for (size_t i = 0; i < KeySboxCount; i++) 323 { 324#ifdef KAT_DEBUG 325 printf("KeySbox[%d]: \n", i); 326#endif 327 unsigned char acKey[256]; 328 if ((size_t) ConvertUTF8HexStringToBinary( 329 sKey[i], 330 acKey) != strlen(sKey[i]) / 2) 331 { 332#ifdef KAT_DEBUG 333 printf("KeySbox[%d]: failed hex to binary conversion\n", i); 334#endif 335 return -1; 336 } 337 if (AES_ECB_TestExecution(sPlainText, sKnownCypherText[i], acKey) != 0) 338 { 339#ifdef KAT_DEBUG 340 printf("KeySbox[%d]: failed test\n", i); 341#endif 342 return -1; 343 } 344#ifdef KAT_DEBUG 345 printf("KeySbox[%d]: passed\n", i); 346#endif 347 } 348 return 0; 349} 350 351int KnownAnswerTestHMACSHA1 (void) 352{ 353 /* Test Data from RFC2202 */ 354 const static char sKey[] = "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b"; 355 unsigned char acKey[HMAC_LENGTH]; 356 const static char sPlainText[] = "Hi There"; 357 const static char sCypherText[] = "b617318655057264e28bc0b6fb378c8ef146be00"; 358 const unsigned char* aBuffersToHMAC[1]; 359 int aBuffersToHMACSize[1]; 360 unsigned char acCypherText[HMAC_LENGTH]; 361 unsigned char acComputedCypherText[HMAC_LENGTH]; 362 if ((size_t) ConvertUTF8HexStringToBinary( 363 sKey, 364 acKey) != sizeof (acKey)) 365 { 366#ifdef KAT_DEBUG 367 printf("HMAC-SHA1: failed hex to binary conversion for Key\n"); 368#endif 369 return -1; 370 } 371 if ((size_t) ConvertUTF8HexStringToBinary( 372 sCypherText, 373 acCypherText) != sizeof (acCypherText)) 374 { 375#ifdef KAT_DEBUG 376 printf("HMAC-SHA1: failed hex to binary conversion for CypherText\n"); 377#endif 378 return -1; 379 } 380 381 aBuffersToHMAC[0] = (unsigned char *) sPlainText; 382 aBuffersToHMACSize[0] = strlen(sPlainText); 383 384 if (!HMACBuffers( 385 1, 386 aBuffersToHMAC, 387 aBuffersToHMACSize, 388 acKey, 389 sizeof (acKey), 390 acComputedCypherText)) 391 { 392#ifdef KAT_DEBUG 393 printf("HMAC-SHA1: failed in HMACBuffers\n"); 394#endif 395 return -1; 396 } 397 if (memcmp(acCypherText, acComputedCypherText, sizeof (acCypherText)) != 0) 398 { 399#ifdef KAT_DEBUG 400 printf("HMAC-SHA1: failed comparison with expected cycphertext\n"); 401#endif 402 return -1; 403 } 404 405 return 0; 406} 407 408 409int KnownAnswerTestAESECB (void) 410{ 411 if (KnownAnswerTestAESECB_GFSbox() != 0) 412 { 413#ifdef KAT_DEBUG 414 printf("GFSbox: test suite failed\n"); 415#endif 416 return -1; 417 } 418 419 if (KnownAnswerTestAESECB_KeySbox() != 0) 420 { 421#ifdef KAT_DEBUG 422 printf("KeySbox: test suite failed\n"); 423#endif 424 return -1; 425 } 426 427 return 0; 428} 429 430#ifdef STAND_ALONE_TEST 431 432int main () 433{ 434 // Known Answer Test on AES Key Wrap code 435 if (KnownAnswerTestAESKeyWrap() != 0) 436 { 437 return -1; 438 } 439 440 if (KnownAnswerTestAESECB() != 0) 441 { 442 return -1; 443 } 444 445 if (KnownAnswerTestHMACSHA1() != 0) 446 { 447 return -1; 448 } 449 450 return 0; 451} 452#endif 453 454 455