From 737cbabc457400382135f6eb288dbb9d3ce34390 Mon Sep 17 00:00:00 2001 From: damien Date: Tue, 12 Aug 2008 15:49:07 +0000 Subject: [PATCH] test vectors for HMAC-MD5, HMAC-SHA1, HMAC-SHA256, AES-128-CMAC, AES Key Wrap. ok djm@ --- regress/sys/crypto/Makefile | 5 +- regress/sys/crypto/cmac/Makefile | 27 +++++ regress/sys/crypto/cmac/cmac_test.c | 109 ++++++++++++++++++ regress/sys/crypto/cmac/cmac_test.txt | 38 ++++++ regress/sys/crypto/hmac/Makefile | 27 +++++ regress/sys/crypto/hmac/hmac_test.c | 76 ++++++++++++ regress/sys/crypto/hmac/hmac_test.txt | 9 ++ regress/sys/crypto/key_wrap/Makefile | 27 +++++ regress/sys/crypto/key_wrap/key_wrap_test.c | 63 ++++++++++ regress/sys/crypto/key_wrap/key_wrap_test.txt | 66 +++++++++++ 10 files changed, 446 insertions(+), 1 deletion(-) create mode 100644 regress/sys/crypto/cmac/Makefile create mode 100644 regress/sys/crypto/cmac/cmac_test.c create mode 100644 regress/sys/crypto/cmac/cmac_test.txt create mode 100644 regress/sys/crypto/hmac/Makefile create mode 100644 regress/sys/crypto/hmac/hmac_test.c create mode 100644 regress/sys/crypto/hmac/hmac_test.txt create mode 100644 regress/sys/crypto/key_wrap/Makefile create mode 100644 regress/sys/crypto/key_wrap/key_wrap_test.c create mode 100644 regress/sys/crypto/key_wrap/key_wrap_test.txt diff --git a/regress/sys/crypto/Makefile b/regress/sys/crypto/Makefile index c32525c4274..5977c1b3532 100644 --- a/regress/sys/crypto/Makefile +++ b/regress/sys/crypto/Makefile @@ -1,9 +1,12 @@ -# $OpenBSD: Makefile,v 1.6 2008/06/12 19:44:39 djm Exp $ +# $OpenBSD: Makefile,v 1.7 2008/08/12 15:49:07 damien Exp $ SUBDIR=enc SUBDIR+=aesctr SUBDIR+=aesxts SUBDIR+=aes +SUBDIR+=cmac +SUBDIR+=hmac +SUBDIR+=key_wrap install: diff --git a/regress/sys/crypto/cmac/Makefile b/regress/sys/crypto/cmac/Makefile new file mode 100644 index 00000000000..03e87879a9c --- /dev/null +++ b/regress/sys/crypto/cmac/Makefile @@ -0,0 +1,27 @@ +# $OpenBSD: Makefile,v 1.1 2008/08/12 15:49:07 damien Exp $ + +DIR=${.CURDIR}/../../../../sys + +PROG= cmac_test +SRCS+= rijndael.c cmac.c cmac_test.c +CDIAGFLAGS= -Wall +CDIAGFLAGS+= -Werror +CDIAGFLAGS+= -Wpointer-arith +CDIAGFLAGS+= -Wno-uninitialized +CDIAGFLAGS+= -Wstrict-prototypes +CDIAGFLAGS+= -Wmissing-prototypes +CDIAGFLAGS+= -Wunused +CDIAGFLAGS+= -Wsign-compare +CDIAGFLAGS+= -Wbounded +CDIAGFLAGS+= -Wshadow + +REGRESS_TARGETS= run-regress-${PROG} + +CFLAGS+= -I${DIR} + +.PATH: ${DIR}/crypto/ + +run-regress-${PROG}: ${PROG} + ./${PROG} | diff - ${PROG}.txt + +.include diff --git a/regress/sys/crypto/cmac/cmac_test.c b/regress/sys/crypto/cmac/cmac_test.c new file mode 100644 index 00000000000..5241e780903 --- /dev/null +++ b/regress/sys/crypto/cmac/cmac_test.c @@ -0,0 +1,109 @@ +#include +#include +#include + +void print_hex(char *str, unsigned char *buf, int len) +{ + int i; + + for ( i=0; i\n"); + + AES_CMAC_SetKey(&ctx, key); + AES_CMAC_Init(&ctx); + AES_CMAC_Update(&ctx, M, 0); + AES_CMAC_Final(T, &ctx); + printf("AES_CMAC "); print128(T); printf("\n"); + + printf("\nExample 2: len = 16\n"); + printf("M "); print_hex(" ",M,16); + + AES_CMAC_SetKey(&ctx, key); + AES_CMAC_Init(&ctx); + AES_CMAC_Update(&ctx, M, 16); + AES_CMAC_Final(T, &ctx); + printf("AES_CMAC "); print128(T); printf("\n"); + printf("\nExample 3: len = 40\n"); + printf("M "); print_hex(" ",M,40); + + AES_CMAC_SetKey(&ctx, key); + AES_CMAC_Init(&ctx); + AES_CMAC_Update(&ctx, M, 40); + AES_CMAC_Final(T, &ctx); + printf("AES_CMAC "); print128(T); printf("\n"); + + printf("\nExample 4: len = 64\n"); + printf("M "); print_hex(" ",M,64); + AES_CMAC_SetKey(&ctx, key); + AES_CMAC_Init(&ctx); + AES_CMAC_Update(&ctx, M, 64); + AES_CMAC_Final(T, &ctx); + printf("AES_CMAC "); print128(T); printf("\n"); + + printf("\nExample 4bis: len = 64\n"); + printf("M "); print_hex(" ",M,64); + AES_CMAC_SetKey(&ctx, key); + AES_CMAC_Init(&ctx); + AES_CMAC_Update(&ctx, M, 40); + AES_CMAC_Update(&ctx, M + 40, 24); + AES_CMAC_Final(T, &ctx); + printf("AES_CMAC "); print128(T); printf("\n"); + + printf("\nExample 4ter: len = 64\n"); + printf("M "); print_hex(" ",M,64); + AES_CMAC_SetKey(&ctx, key); + AES_CMAC_Init(&ctx); + AES_CMAC_Update(&ctx, M, 16); + AES_CMAC_Update(&ctx, M + 16, 16); + AES_CMAC_Update(&ctx, M + 32, 10); + AES_CMAC_Update(&ctx, M + 42, 0); + AES_CMAC_Update(&ctx, M + 42, 14); + AES_CMAC_Update(&ctx, M + 56, 8); + AES_CMAC_Final(T, &ctx); + printf("AES_CMAC "); print128(T); printf("\n"); + + printf("--------------------------------------------------\n"); + + return 0; +} diff --git a/regress/sys/crypto/cmac/cmac_test.txt b/regress/sys/crypto/cmac/cmac_test.txt new file mode 100644 index 00000000000..6f4140f54e6 --- /dev/null +++ b/regress/sys/crypto/cmac/cmac_test.txt @@ -0,0 +1,38 @@ +-------------------------------------------------- +K 2b7e1516 28aed2a6 abf71588 09cf4f3c + +Example 1: len = 0 +M +AES_CMAC bb1d6929 e9593728 7fa37d12 9b756746 + +Example 2: len = 16 +M 6bc1bee2 2e409f96 e93d7e11 7393172a +AES_CMAC 070a16b4 6b4d4144 f79bdd9d d04a287c + +Example 3: len = 40 +M 6bc1bee2 2e409f96 e93d7e11 7393172a + ae2d8a57 1e03ac9c 9eb76fac 45af8e51 + 30c81c46 a35ce411 +AES_CMAC dfa66747 de9ae630 30ca3261 1497c827 + +Example 4: len = 64 +M 6bc1bee2 2e409f96 e93d7e11 7393172a + ae2d8a57 1e03ac9c 9eb76fac 45af8e51 + 30c81c46 a35ce411 e5fbc119 1a0a52ef + f69f2445 df4f9b17 ad2b417b e66c3710 +AES_CMAC 51f0bebf 7e3b9d92 fc497417 79363cfe + +Example 4bis: len = 64 +M 6bc1bee2 2e409f96 e93d7e11 7393172a + ae2d8a57 1e03ac9c 9eb76fac 45af8e51 + 30c81c46 a35ce411 e5fbc119 1a0a52ef + f69f2445 df4f9b17 ad2b417b e66c3710 +AES_CMAC 51f0bebf 7e3b9d92 fc497417 79363cfe + +Example 4ter: len = 64 +M 6bc1bee2 2e409f96 e93d7e11 7393172a + ae2d8a57 1e03ac9c 9eb76fac 45af8e51 + 30c81c46 a35ce411 e5fbc119 1a0a52ef + f69f2445 df4f9b17 ad2b417b e66c3710 +AES_CMAC 51f0bebf 7e3b9d92 fc497417 79363cfe +-------------------------------------------------- diff --git a/regress/sys/crypto/hmac/Makefile b/regress/sys/crypto/hmac/Makefile new file mode 100644 index 00000000000..f31af2246e3 --- /dev/null +++ b/regress/sys/crypto/hmac/Makefile @@ -0,0 +1,27 @@ +# $OpenBSD: Makefile,v 1.1 2008/08/12 15:49:08 damien Exp $ + +DIR=${.CURDIR}/../../../../sys + +PROG= hmac_test +SRCS+= md5.c sha1.c sha2.c hmac.c hmac_test.c +CDIAGFLAGS= -Wall +CDIAGFLAGS+= -Werror +CDIAGFLAGS+= -Wpointer-arith +CDIAGFLAGS+= -Wno-uninitialized +CDIAGFLAGS+= -Wstrict-prototypes +CDIAGFLAGS+= -Wmissing-prototypes +CDIAGFLAGS+= -Wunused +CDIAGFLAGS+= -Wsign-compare +CDIAGFLAGS+= -Wbounded +CDIAGFLAGS+= -Wshadow + +REGRESS_TARGETS= run-regress-${PROG} + +CFLAGS+= -I${DIR} + +.PATH: ${DIR}/crypto/ + +run-regress-${PROG}: ${PROG} + ./${PROG} | diff - ${PROG}.txt + +.include diff --git a/regress/sys/crypto/hmac/hmac_test.c b/regress/sys/crypto/hmac/hmac_test.c new file mode 100644 index 00000000000..83495aa8e83 --- /dev/null +++ b/regress/sys/crypto/hmac/hmac_test.c @@ -0,0 +1,76 @@ +#include +#include +#include +#include +#include + +void +print_hex(unsigned char *buf, int len) +{ + int i; + + printf("digest = 0x"); + for (i = 0; i < len; i++) + printf("%02x", buf[i]); + printf("\n"); +} + +int +main(void) +{ + HMAC_MD5_CTX md5; + HMAC_SHA1_CTX sha1; + HMAC_SHA256_CTX sha256; + u_int8_t data[50], output[32]; + int i; + + HMAC_MD5_Init(&md5, "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", 16); + HMAC_MD5_Update(&md5, "Hi There", 8); + HMAC_MD5_Final(output, &md5); + print_hex(output, MD5_DIGEST_LENGTH); + + HMAC_MD5_Init(&md5, "Jefe", 4); + HMAC_MD5_Update(&md5, "what do ya want for nothing?", 28); + HMAC_MD5_Final(output, &md5); + print_hex(output, MD5_DIGEST_LENGTH); + + HMAC_MD5_Init(&md5, "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", 16); + memset(data, 0xDD, sizeof data); + HMAC_MD5_Update(&md5, data, sizeof data); + HMAC_MD5_Final(output, &md5); + print_hex(output, MD5_DIGEST_LENGTH); + + HMAC_SHA1_Init(&sha1, "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", 16); + HMAC_SHA1_Update(&sha1, "Hi There", 8); + HMAC_SHA1_Final(output, &sha1); + print_hex(output, SHA1_DIGEST_LENGTH); + + HMAC_SHA1_Init(&sha1, "Jefe", 4); + HMAC_SHA1_Update(&sha1, "what do ya want for nothing?", 28); + HMAC_SHA1_Final(output, &sha1); + print_hex(output, SHA1_DIGEST_LENGTH); + + HMAC_SHA1_Init(&sha1, "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", 16); + memset(data, 0xDD, sizeof data); + HMAC_SHA1_Update(&sha1, data, sizeof data); + HMAC_SHA1_Final(output, &sha1); + print_hex(output, SHA1_DIGEST_LENGTH); + + HMAC_SHA256_Init(&sha256, "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", 16); + HMAC_SHA256_Update(&sha256, "Hi There", 8); + HMAC_SHA256_Final(output, &sha256); + print_hex(output, SHA256_DIGEST_LENGTH); + + HMAC_SHA256_Init(&sha256, "Jefe", 4); + HMAC_SHA256_Update(&sha256, "what do ya want for nothing?", 28); + HMAC_SHA256_Final(output, &sha256); + print_hex(output, SHA256_DIGEST_LENGTH); + + HMAC_SHA256_Init(&sha256, "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", 16); + memset(data, 0xDD, sizeof data); + HMAC_SHA256_Update(&sha256, data, sizeof data); + HMAC_SHA256_Final(output, &sha256); + print_hex(output, SHA256_DIGEST_LENGTH); + + return 0; +} diff --git a/regress/sys/crypto/hmac/hmac_test.txt b/regress/sys/crypto/hmac/hmac_test.txt new file mode 100644 index 00000000000..d8375b615de --- /dev/null +++ b/regress/sys/crypto/hmac/hmac_test.txt @@ -0,0 +1,9 @@ +digest = 0x9294727a3638bb1c13f48ef8158bfc9d +digest = 0x750c783e6ab0b503eaa86e310a5db738 +digest = 0x56be34521d144c88dbb8c733f0e8b3f6 +digest = 0x675b0b3a1b4ddf4e124872da6c2f632bfed957e9 +digest = 0xeffcdf6ae5eb2fa2d27416d5f184df9c259a7c79 +digest = 0xd730594d167e35d5956fd8003d0db3d3f46dc7bb +digest = 0x492ce020fe2534a5789dc3848806c78f4f6711397f08e7e7a12ca5a4483c8aa6 +digest = 0x5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843 +digest = 0x7dda3cc169743a6484649f94f0eda0f9f2ff496a9733fb796ed5adb40a44c3c1 diff --git a/regress/sys/crypto/key_wrap/Makefile b/regress/sys/crypto/key_wrap/Makefile new file mode 100644 index 00000000000..2be26cc4c47 --- /dev/null +++ b/regress/sys/crypto/key_wrap/Makefile @@ -0,0 +1,27 @@ +# $OpenBSD: Makefile,v 1.1 2008/08/12 15:49:08 damien Exp $ + +DIR=${.CURDIR}/../../../../sys + +PROG= key_wrap_test +SRCS+= rijndael.c key_wrap.c key_wrap_test.c +CDIAGFLAGS= -Wall +CDIAGFLAGS+= -Werror +CDIAGFLAGS+= -Wpointer-arith +CDIAGFLAGS+= -Wno-uninitialized +CDIAGFLAGS+= -Wstrict-prototypes +CDIAGFLAGS+= -Wmissing-prototypes +CDIAGFLAGS+= -Wunused +CDIAGFLAGS+= -Wsign-compare +CDIAGFLAGS+= -Wbounded +CDIAGFLAGS+= -Wshadow + +REGRESS_TARGETS= run-regress-${PROG} + +CFLAGS+= -I${DIR} + +.PATH: ${DIR}/crypto/ + +run-regress-${PROG}: ${PROG} + ./${PROG} | diff - ${PROG}.txt + +.include diff --git a/regress/sys/crypto/key_wrap/key_wrap_test.c b/regress/sys/crypto/key_wrap/key_wrap_test.c new file mode 100644 index 00000000000..dfd990fdb68 --- /dev/null +++ b/regress/sys/crypto/key_wrap/key_wrap_test.c @@ -0,0 +1,63 @@ +#include +#include +#include + +void +print_hex(const char *str, unsigned char *buf, int len) +{ + int i; + + printf("%s", str); + for (i = 0; i < len; i++) { + if ((i % 8) == 0) + printf(" "); + printf("%02X", buf[i]); + } + printf("\n"); +} + +void +ovbcopy(const void *src, void *dst, size_t len) +{ + /* userspace does not have ovbcopy: fake it */ + memmove(dst, src, len); +} + +void +do_test(u_int kek_len, u_int data_len) +{ + aes_key_wrap_ctx ctx; + u_int8_t kek[32], data[32]; + u_int8_t output[64]; + int i; + + for (i = 0; i < kek_len; i++) + kek[i] = i; + printf("Input:\n"); + print_hex("KEK:\n ", kek, kek_len); + for (i = 0; i < 16; i++) + data[i] = i * 16 + i; + for (; i < data_len; i++) + data[i] = i - 16; + print_hex("Key Data:\n ", data, data_len); + aes_key_wrap_set_key(&ctx, kek, kek_len); + aes_key_wrap(&ctx, data, data_len / 8, output); + print_hex("Ciphertext:\n ", output, data_len + 8); + aes_key_unwrap(&ctx, output, output, data_len / 8); + printf("Output:\n"); + print_hex("Key Data:\n ", output, data_len); + printf("====\n"); +} + +int +main(void) +{ + do_test(16, 16); + do_test(24, 16); + do_test(32, 16); + do_test(24, 24); + do_test(32, 24); + do_test(32, 32); + + return 0; +} diff --git a/regress/sys/crypto/key_wrap/key_wrap_test.txt b/regress/sys/crypto/key_wrap/key_wrap_test.txt new file mode 100644 index 00000000000..94c7a467359 --- /dev/null +++ b/regress/sys/crypto/key_wrap/key_wrap_test.txt @@ -0,0 +1,66 @@ +Input: +KEK: + 0001020304050607 08090A0B0C0D0E0F +Key Data: + 0011223344556677 8899AABBCCDDEEFF +Ciphertext: + 1FA68B0A8112B447 AEF34BD8FB5A7B82 9D3E862371D2CFE5 +Output: +Key Data: + 0011223344556677 8899AABBCCDDEEFF +==== +Input: +KEK: + 0001020304050607 08090A0B0C0D0E0F 1011121314151617 +Key Data: + 0011223344556677 8899AABBCCDDEEFF +Ciphertext: + 96778B25AE6CA435 F92B5B97C050AED2 468AB8A17AD84E5D +Output: +Key Data: + 0011223344556677 8899AABBCCDDEEFF +==== +Input: +KEK: + 0001020304050607 08090A0B0C0D0E0F 1011121314151617 18191A1B1C1D1E1F +Key Data: + 0011223344556677 8899AABBCCDDEEFF +Ciphertext: + 64E8C3F9CE0F5BA2 63E9777905818A2A 93C8191E7D6E8AE7 +Output: +Key Data: + 0011223344556677 8899AABBCCDDEEFF +==== +Input: +KEK: + 0001020304050607 08090A0B0C0D0E0F 1011121314151617 +Key Data: + 0011223344556677 8899AABBCCDDEEFF 0001020304050607 +Ciphertext: + 031D33264E15D332 68F24EC260743EDC E1C6C7DDEE725A93 6BA814915C6762D2 +Output: +Key Data: + 0011223344556677 8899AABBCCDDEEFF 0001020304050607 +==== +Input: +KEK: + 0001020304050607 08090A0B0C0D0E0F 1011121314151617 18191A1B1C1D1E1F +Key Data: + 0011223344556677 8899AABBCCDDEEFF 0001020304050607 +Ciphertext: + A8F9BC1612C68B3F F6E6F4FBE30E71E4 769C8B80A32CB895 8CD5D17D6B254DA1 +Output: +Key Data: + 0011223344556677 8899AABBCCDDEEFF 0001020304050607 +==== +Input: +KEK: + 0001020304050607 08090A0B0C0D0E0F 1011121314151617 18191A1B1C1D1E1F +Key Data: + 0011223344556677 8899AABBCCDDEEFF 0001020304050607 08090A0B0C0D0E0F +Ciphertext: + 28C9F404C4B810F4 CBCCB35CFB87F826 3F5786E2D80ED326 CBC7F0E71A99F43B FB988B9B7A02DD21 +Output: +Key Data: + 0011223344556677 8899AABBCCDDEEFF 0001020304050607 08090A0B0C0D0E0F +==== -- 2.20.1