1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /**
27 * \file KMSAgentKnownAnswerTests.cpp
28 */
29
30 #if defined(K_SOLARIS_PLATFORM) && !defined(SOLARIS10)
31 #include <aes_impl.h>
32 #define AES_MAXKEYBYTES AES_MAX_KEY_BYTES
33 #define AES_MAXKEYBITS AES_MAXBITS
34 #else
35 #include "rijndael.h"
36 #endif
37 #include "KMSAgentCryptoUtilities.h"
38 #include "KMSAgentStringUtilities.h"
39
40 #ifdef METAWARE
41 #include "debug.h"
42 #include "sizet.h"
43 typedef unsigned char uint8_t;
44 typedef unsigned short uint16_t;
45 typedef unsigned int uint32_t;
46 typedef unsigned long long uint64_t;
47 #endif
48
49 #include "KMSAgentAESKeyWrap.h"
50 #include "KMSAgentKnownAnswerTests.h"
51
KnownAnswerTestAESKeyWrap(void)52 int KnownAnswerTestAESKeyWrap (void)
53 {
54
55 /*
56 * Test Vectors from RFC3394 for 256 bit KEK and 256 bit Key
57 * Wrap Input:
58 KEK:
59 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
60 Key Data:
61 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
62
63 Output:
64 Ciphertext 28C9F404C4B810F4 CBCCB35CFB87F826 3F5786E2D80ED326
65 CBC7F0E71A99F43B FB988B9B7A02DD21
66
67 Unwrap:
68 Plaintext A6A6A6A6A6A6A6A6 0011223344556677 8899AABBCCDDEEFF
69 0001020304050607 08090A0B0C0D0E0F
70
71 Output:
72 Key Data:
73 00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F
74
75 */
76
77 static char sKEK[] = "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F";
78 static char sKey[] = "00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F";
79 static char sKnownCiphertext[] = "28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21";
80
81 //#ifdef KAT_DEBUG
82 // printf("\nAES Key Wrap Test using Test Vectors from RFC 3394 for 256b KEK and 256b Key\n\n");
83 // printf("KEK=%s\n", sKEK);
84 // printf("Key=%s\n", sKey);
85 //#endif
86
87 // key-encryption key
88 unsigned char acKEK[AES_MAXKEYBYTES];
89
90 // plaintext key
91 unsigned char acKey[AES_MAXKEYBYTES];
92
93 // the wrapped key includes an extra 64bits for the integrity check register
94 unsigned char acWrappedKey[AES_MAXKEYBYTES + 8];
95 unsigned char acUnWrappedKey[AES_MAXKEYBYTES];
96 unsigned char acExpectedWrappedKey[AES_MAXKEYBYTES + 8];
97
98 if ((size_t) ConvertUTF8HexStringToBinary(
99 sKnownCiphertext,
100 acExpectedWrappedKey) != strlen(sKnownCiphertext) / 2)
101 {
102 return -1;
103 }
104
105 if (ConvertUTF8HexStringToBinary(
106 sKEK,
107 acKEK) != AES_MAXKEYBYTES)
108 {
109 return -1;
110 }
111
112 if (ConvertUTF8HexStringToBinary(
113 sKey,
114 acKey) != AES_MAXKEYBYTES)
115 {
116 return -1;
117 }
118
119 // for 256 bit Key n=64
120 aes_key_wrap(acKEK, sizeof (acKEK), acKey,
121 4, acWrappedKey);
122
123 if (memcmp(acWrappedKey, acExpectedWrappedKey, sizeof (acWrappedKey)) != 0)
124 {
125 return -1;
126 }
127
128 if (aes_key_unwrap(acKEK, sizeof (acKEK), acWrappedKey,
129 acUnWrappedKey, 4) != 0)
130 {
131 return -1;
132 }
133
134 if (memcmp(acKey, acUnWrappedKey, sizeof (acKey)) != 0)
135 {
136 return -1;
137 }
138
139 return 0;
140 }
141
AES_ECB_TestExecution(const char * const i_sPlainText,const char * const i_sKnownCypherText,const unsigned char * const i_pKey)142 static int AES_ECB_TestExecution (
143 const char * const i_sPlainText,
144 const char * const i_sKnownCypherText,
145 const unsigned char * const i_pKey)
146 {
147 unsigned char acPlainText[256];
148 unsigned char acCypherText[sizeof (acPlainText)];
149 unsigned char acKnownCypherText[sizeof (acPlainText)];
150 unsigned char acDecryptedCypherText[sizeof (acPlainText)];
151 memset(acDecryptedCypherText, 0, sizeof (acDecryptedCypherText));
152
153 #ifdef KAT_DEBUG
154 char sComputedCypherText[256];
155 #endif
156
157 #if defined(K_SOLARIS_PLATFORM) && !defined(SOLARIS10)
158 void *ks;
159 size_t ks_size;
160 #else
161 rijndael_ctx ctx;
162 #endif
163
164 if ((size_t) ConvertUTF8HexStringToBinary(
165 i_sPlainText,
166 acPlainText) != strlen(i_sPlainText) / 2)
167 {
168 return -1;
169 }
170 if ((size_t) ConvertUTF8HexStringToBinary(
171 i_sKnownCypherText,
172 acKnownCypherText) != strlen(i_sKnownCypherText) / 2)
173 {
174 return -1;
175 }
176
177 #if defined(K_SOLARIS_PLATFORM) && !defined(SOLARIS10)
178 ks = aes_alloc_keysched(&ks_size, 0);
179 if (ks == NULL)
180 return (-1);
181 aes_init_keysched(i_pKey, AES_MAXKEYBITS, ks);
182 (void) aes_encrypt_block(ks, acPlainText, acCypherText);
183 #else
184 rijndael_set_key_enc_only(&ctx, (uint8_t *) i_pKey, AES_MAXKEYBITS);
185
186 rijndael_encrypt(&ctx, acPlainText, (uint8_t *) acCypherText);
187 #endif
188
189 #ifdef KAT_DEBUG
190 ConvertBinaryToUTF8HexString(sComputedCypherText,
191 acCypherText,
192 strlen(i_sPlainText) / 2);
193 printf("PlainText=%s\n", i_sPlainText);
194 printf("CypherText=%s\n", sComputedCypherText);
195 #endif
196
197 if (memcmp(acCypherText, acKnownCypherText, strlen(i_sKnownCypherText) / 2) != 0)
198 {
199 #if defined(K_SOLARIS_PLATFORM) && !defined(SOLARIS10)
200 free(ks);
201 #endif
202 return -1;
203 }
204
205 #if defined(K_SOLARIS_PLATFORM) && !defined(SOLARIS10)
206 aes_init_keysched(i_pKey, AES_MAXKEYBITS, ks);
207 (void) aes_decrypt_block(ks, acCypherText, acDecryptedCypherText);
208 free(ks);
209 #else
210 rijndael_set_key(&ctx, (uint8_t *) i_pKey, AES_MAXKEYBITS);
211 rijndael_decrypt(&ctx, (uint8_t *) acCypherText, acDecryptedCypherText);
212 #endif
213
214 if (memcmp(acPlainText, acDecryptedCypherText, strlen(i_sPlainText) / 2) != 0)
215 {
216 return -1;
217 }
218
219 return 0;
220
221 }
222
KnownAnswerTestAESECB_GFSbox(void)223 static int KnownAnswerTestAESECB_GFSbox (void)
224 {
225 /*
226 * Test Vectors from AES Algorithm Validation Suite(AESAVS)
227 */
228 unsigned char acKey[AES_MAXKEYBYTES];
229 memset(acKey, 0, sizeof (acKey));
230
231 /*
232 # CAVS 6.1
233 # Config info for Sun 1820 AES
234 # AESVS GFSbox test data for ECB
235 # State : Encrypt and Decrypt
236 # Key Length : 256
237 # Generated on Wed Aug 13 13:39:06 2008
238 */
239 const size_t GFSboxCount = 5;
240 static char sPlainText[GFSboxCount][33];
241 static char sKnownCypherText[GFSboxCount][33];
242 strcpy(sPlainText[0], "014730f80ac625fe84f026c60bfd547d");
243 strcpy(sPlainText[1], "0b24af36193ce4665f2825d7b4749c98");
244 strcpy(sPlainText[2], "761c1fe41a18acf20d241650611d90f1");
245 strcpy(sPlainText[3], "8a560769d605868ad80d819bdba03771");
246 strcpy(sPlainText[4], "91fbef2d15a97816060bee1feaa49afe");
247
248 strcpy(sKnownCypherText[0], "5c9d844ed46f9885085e5d6a4f94c7d7");
249 strcpy(sKnownCypherText[1], "a9ff75bd7cf6613d3731c77c3b6d0c04");
250 strcpy(sKnownCypherText[2], "623a52fcea5d443e48d9181ab32c7421" );
251 strcpy(sKnownCypherText[3], "38f2c7ae10612415d27ca190d27da8b4" );
252 strcpy(sKnownCypherText[4], "1bc704f1bce135ceb810341b216d7abe" );
253
254
255 for (size_t i = 0; i < GFSboxCount; i++)
256 {
257 if (AES_ECB_TestExecution(sPlainText[i], sKnownCypherText[i], acKey) != 0)
258 {
259 #ifdef KAT_DEBUG
260 printf("GFSbox[%d]: failed\n", i);
261 #endif
262 return -1;
263 }
264 #ifdef KAT_DEBUG
265 printf("GFSbox[%d]: passed\n", i);
266 #endif
267 }
268 return 0;
269 }
270
KnownAnswerTestAESECB_KeySbox(void)271 static int KnownAnswerTestAESECB_KeySbox (void)
272 {
273 unsigned char acKey[AES_MAXKEYBYTES];
274 memset(acKey, 0, sizeof (acKey));
275
276 /*
277 # CAVS 6.1
278 # Config info for Sun 1820 AES
279 # AESVS KeySbox test data for ECB
280 # State : Encrypt and Decrypt
281 # Key Length : 256
282 # Generated on Wed Aug 13 13:39:07 2008
283 */
284 const size_t KeySboxCount = 16;
285 static char sKey[KeySboxCount][65];
286 static char sKnownCypherText[KeySboxCount][33];
287 static char sPlainText[] = "00000000000000000000000000000000";
288
289 strcpy(sKey[0], "c47b0294dbbbee0fec4757f22ffeee3587ca4730c3d33b691df38bab076bc558");
290 strcpy(sKey[1], "28d46cffa158533194214a91e712fc2b45b518076675affd910edeca5f41ac64");
291 strcpy(sKey[2], "c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c");
292 strcpy(sKey[3], "984ca75f4ee8d706f46c2d98c0bf4a45f5b00d791c2dfeb191b5ed8e420fd627");
293 strcpy(sKey[4], "b43d08a447ac8609baadae4ff12918b9f68fc1653f1269222f123981ded7a92f");
294 strcpy(sKey[5], "1d85a181b54cde51f0e098095b2962fdc93b51fe9b88602b3f54130bf76a5bd9");
295 strcpy(sKey[6], "dc0eba1f2232a7879ded34ed8428eeb8769b056bbaf8ad77cb65c3541430b4cf");
296 strcpy(sKey[7], "f8be9ba615c5a952cabbca24f68f8593039624d524c816acda2c9183bd917cb9");
297 strcpy(sKey[8], "797f8b3d176dac5b7e34a2d539c4ef367a16f8635f6264737591c5c07bf57a3e");
298 strcpy(sKey[9], "6838d40caf927749c13f0329d331f448e202c73ef52c5f73a37ca635d4c47707");
299 strcpy(sKey[10], "ccd1bc3c659cd3c59bc437484e3c5c724441da8d6e90ce556cd57d0752663bbc");
300 strcpy(sKey[11], "13428b5e4c005e0636dd338405d173ab135dec2a25c22c5df0722d69dcc43887");
301 strcpy(sKey[12], "07eb03a08d291d1b07408bf3512ab40c91097ac77461aad4bb859647f74f00ee");
302 strcpy(sKey[13], "90143ae20cd78c5d8ebdd6cb9dc1762427a96c78c639bccc41a61424564eafe1");
303 strcpy(sKey[14], "b7a5794d52737475d53d5a377200849be0260a67a2b22ced8bbef12882270d07");
304 strcpy(sKey[15], "fca02f3d5011cfc5c1e23165d413a049d4526a991827424d896fe3435e0bf68e");
305 strcpy(sKnownCypherText[0], "46f2fb342d6f0ab477476fc501242c5f");
306 strcpy(sKnownCypherText[1], "4bf3b0a69aeb6657794f2901b1440ad4");
307 strcpy(sKnownCypherText[2], "352065272169abf9856843927d0674fd");
308 strcpy(sKnownCypherText[3], "4307456a9e67813b452e15fa8fffe398");
309 strcpy(sKnownCypherText[4], "4663446607354989477a5c6f0f007ef4");
310 strcpy(sKnownCypherText[5], "531c2c38344578b84d50b3c917bbb6e1");
311 strcpy(sKnownCypherText[6], "fc6aec906323480005c58e7e1ab004ad");
312 strcpy(sKnownCypherText[7], "a3944b95ca0b52043584ef02151926a8");
313 strcpy(sKnownCypherText[8], "a74289fe73a4c123ca189ea1e1b49ad5");
314 strcpy(sKnownCypherText[9], "b91d4ea4488644b56cf0812fa7fcf5fc");
315 strcpy(sKnownCypherText[10], "304f81ab61a80c2e743b94d5002a126b");
316 strcpy(sKnownCypherText[11], "649a71545378c783e368c9ade7114f6c");
317 strcpy(sKnownCypherText[12], "47cb030da2ab051dfc6c4bf6910d12bb");
318 strcpy(sKnownCypherText[13], "798c7c005dee432b2c8ea5dfa381ecc3");
319 strcpy(sKnownCypherText[14], "637c31dc2591a07636f646b72daabbe7");
320 strcpy(sKnownCypherText[15], "179a49c712154bbffbe6e7a84a18e220");
321
322 for (size_t i = 0; i < KeySboxCount; i++)
323 {
324 #ifdef KAT_DEBUG
325 printf("KeySbox[%d]: \n", i);
326 #endif
327 unsigned char acKey[256];
328 if ((size_t) ConvertUTF8HexStringToBinary(
329 sKey[i],
330 acKey) != strlen(sKey[i]) / 2)
331 {
332 #ifdef KAT_DEBUG
333 printf("KeySbox[%d]: failed hex to binary conversion\n", i);
334 #endif
335 return -1;
336 }
337 if (AES_ECB_TestExecution(sPlainText, sKnownCypherText[i], acKey) != 0)
338 {
339 #ifdef KAT_DEBUG
340 printf("KeySbox[%d]: failed test\n", i);
341 #endif
342 return -1;
343 }
344 #ifdef KAT_DEBUG
345 printf("KeySbox[%d]: passed\n", i);
346 #endif
347 }
348 return 0;
349 }
350
KnownAnswerTestHMACSHA1(void)351 int KnownAnswerTestHMACSHA1 (void)
352 {
353 /* Test Data from RFC2202 */
354 const static char sKey[] = "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b";
355 unsigned char acKey[HMAC_LENGTH];
356 const static char sPlainText[] = "Hi There";
357 const static char sCypherText[] = "b617318655057264e28bc0b6fb378c8ef146be00";
358 const unsigned char* aBuffersToHMAC[1];
359 int aBuffersToHMACSize[1];
360 unsigned char acCypherText[HMAC_LENGTH];
361 unsigned char acComputedCypherText[HMAC_LENGTH];
362 if ((size_t) ConvertUTF8HexStringToBinary(
363 sKey,
364 acKey) != sizeof (acKey))
365 {
366 #ifdef KAT_DEBUG
367 printf("HMAC-SHA1: failed hex to binary conversion for Key\n");
368 #endif
369 return -1;
370 }
371 if ((size_t) ConvertUTF8HexStringToBinary(
372 sCypherText,
373 acCypherText) != sizeof (acCypherText))
374 {
375 #ifdef KAT_DEBUG
376 printf("HMAC-SHA1: failed hex to binary conversion for CypherText\n");
377 #endif
378 return -1;
379 }
380
381 aBuffersToHMAC[0] = (unsigned char *) sPlainText;
382 aBuffersToHMACSize[0] = strlen(sPlainText);
383
384 if (!HMACBuffers(
385 1,
386 aBuffersToHMAC,
387 aBuffersToHMACSize,
388 acKey,
389 sizeof (acKey),
390 acComputedCypherText))
391 {
392 #ifdef KAT_DEBUG
393 printf("HMAC-SHA1: failed in HMACBuffers\n");
394 #endif
395 return -1;
396 }
397 if (memcmp(acCypherText, acComputedCypherText, sizeof (acCypherText)) != 0)
398 {
399 #ifdef KAT_DEBUG
400 printf("HMAC-SHA1: failed comparison with expected cycphertext\n");
401 #endif
402 return -1;
403 }
404
405 return 0;
406 }
407
408
KnownAnswerTestAESECB(void)409 int KnownAnswerTestAESECB (void)
410 {
411 if (KnownAnswerTestAESECB_GFSbox() != 0)
412 {
413 #ifdef KAT_DEBUG
414 printf("GFSbox: test suite failed\n");
415 #endif
416 return -1;
417 }
418
419 if (KnownAnswerTestAESECB_KeySbox() != 0)
420 {
421 #ifdef KAT_DEBUG
422 printf("KeySbox: test suite failed\n");
423 #endif
424 return -1;
425 }
426
427 return 0;
428 }
429
430 #ifdef STAND_ALONE_TEST
431
main()432 int main ()
433 {
434 // Known Answer Test on AES Key Wrap code
435 if (KnownAnswerTestAESKeyWrap() != 0)
436 {
437 return -1;
438 }
439
440 if (KnownAnswerTestAESECB() != 0)
441 {
442 return -1;
443 }
444
445 if (KnownAnswerTestHMACSHA1() != 0)
446 {
447 return -1;
448 }
449
450 return 0;
451 }
452 #endif
453
454
455