static bool test_ctr_vector(const struct encrypt_desc *encrypt_desc,
const struct ctr_test_vector *test)
{
DBG(DBG_CRYPT, DBG_log("test_ctr_vector: %s", test->description));
bool ok = TRUE;
PK11SymKey *sym_key = decode_to_key(encrypt_desc, test->key);
if (!test_ctr_op(encrypt_desc, test->description, 1, sym_key,
test->cb, test->output_cb,
"Plaintext", test->plaintext,
"Ciphertext", test->ciphertext)) {
ok = FALSE;
}
if (!test_ctr_op(encrypt_desc, test->description, 0, sym_key,
test->cb, test->output_cb,
"Ciphertext", test->ciphertext,
"Plaintext", test->plaintext)) {
ok = FALSE;
}
/* Clean up. */
release_symkey(__func__, "sym_key", &sym_key);
DBG(DBG_CRYPT, DBG_log("test_ctr_vector: %s %s",
test->description, ok ? "passed" : "failed"));
return ok;
}
static void ppk_recalc_one(PK11SymKey **sk /* updated */, PK11SymKey *ppk_key, const struct prf_desc *prf_desc, const char *name)
{
PK11SymKey *t = ikev2_prfplus(prf_desc, ppk_key, *sk, prf_desc->prf_key_size);
release_symkey(__func__, name, sk);
*sk = t;
DBG(DBG_PRIVATE, {
chunk_t chunk_sk = chunk_from_symkey("sk_chunk", *sk);
DBG_dump_chunk(name, chunk_sk);
freeanychunk(chunk_sk);
});
static void ikev1_skeyid_alphabet(PK11SymKey *skeyid)
{
PK11SymKey *skeyid_d =
ikev1_skeyid_d(prf->prf, skeyid,
g_xy, cky_i, cky_r);
print_symkey("SKEYID_d", skeyid_d, 0);
PK11SymKey *skeyid_a =
ikev1_skeyid_a(prf->prf, skeyid, skeyid_d,
g_xy, cky_i, cky_r);
print_symkey("SKEYID_a", skeyid_a, 0);
PK11SymKey *skeyid_e =
ikev1_skeyid_e(prf->prf, skeyid, skeyid_a,
g_xy, cky_i, cky_r);
print_symkey("SKEYID_e", skeyid_e, 0);
release_symkey(__func__, "skeyid_d", &skeyid_d);
release_symkey(__func__, "skeyid_e", &skeyid_e);
release_symkey(__func__, "skeyid_a", &skeyid_a);
}
static void gcm_run_test(void)
{
print_number("Count", NULL, count);
print_symkey("Key", NULL, key, 0);
print_chunk("IV", NULL, iv, 0);
print_chunk("CT", NULL, ct, 0);
print_chunk("AAD", NULL, aad, 0);
print_chunk("Tag", NULL, tag, 0);
const struct encrypt_desc *gcm_alg = lookup_by_taglen();
if (gcm_alg == NULL) {
fprintf(stderr, "taglen %lu not supported\n",
taglen);
return;
}
PK11SymKey *gcm_key = encrypt_key_from_symkey_bytes("GCM key", gcm_alg,
0, sizeof_symkey(key),
key);
chunk_t text_and_tag = clone_chunk_chunk(ct, tag, "text-and-tag");
bool result = gcm_alg->encrypt_ops
->do_aead(gcm_alg,
salt.ptr, salt.len,
iv.ptr, iv.len,
aad.ptr, aad.len,
text_and_tag.ptr,
ct.len, tag.len,
gcm_key,
FALSE/*encrypt*/);
if (result) {
/* plain text */
chunk_t pt = {
.ptr = text_and_tag.ptr,
.len = ct.len,
};
print_chunk("PT", NULL, pt, 0);
} else {
print_line("FAIL");
}
release_symkey(__func__, "GCM-key", &gcm_key);
freeanychunk(text_and_tag);
}
static void run_psk(void)
{
print_number("COUNT", count);
print_chunk("CKY_I", cky_i, 0);
print_chunk("CKY_R", cky_r, 0);
print_chunk("Ni", ni, 0);
print_chunk("Nr", nr, 0);
print_symkey("g^xy", g_xy, 0);
print_chunk("pre-shared-key", psk, 0);
if (prf == NULL) {
print_line(prf->key);
return;
}
PK11SymKey *skeyid = ikev1_pre_shared_key_skeyid(prf->prf, psk,
ni, nr);
print_symkey("SKEYID", skeyid, 0);
ikev1_skeyid_alphabet(skeyid);
release_symkey(__func__, "skeyid", &skeyid);
}
static bool test_gcm_vector(const struct encrypt_desc *encrypt_desc,
const struct gcm_test_vector *test)
{
DBG(DBG_CRYPT, DBG_log("test_gcm_vector: enter"));
const size_t salt_size = encrypt_desc->salt_size;
bool ok = TRUE;
PK11SymKey *sym_key = decode_to_key(encrypt_desc, test->key);
chunk_t salted_iv = decode_to_chunk("salted IV", test->salted_iv);
passert(salted_iv.len == encrypt_desc->wire_iv_size + salt_size);
chunk_t salt = { .ptr = salted_iv.ptr, .len = salt_size };
chunk_t wire_iv = { .ptr = salted_iv.ptr + salt_size, .len = salted_iv.len - salt_size };
chunk_t aad = decode_to_chunk("AAD", test->aad);
chunk_t plaintext = decode_to_chunk("plaintext", test->plaintext);
chunk_t ciphertext = decode_to_chunk("ciphertext", test->ciphertext);
passert(plaintext.len == ciphertext.len);
size_t len = plaintext.len;
chunk_t tag = decode_to_chunk("tag", test->tag);
chunk_t text_and_tag;
text_and_tag.len = len + tag.len;
text_and_tag.ptr = alloc_bytes(text_and_tag.len, "GCM data");
/* macro to test encryption or decryption
*
* This would be better as a function but it uses too many locals
* from test_gcm_vector to be pleasant:
* text_and_tag, len, tag, aad, salt, wire_iv, sym_key
*/
# define try(enc, desc, from, to) { \
memcpy(text_and_tag.ptr, from.ptr, from.len); \
text_and_tag.len = len + tag.len; \
DBG(DBG_CRYPT, \
DBG_log("test_gcm_vector: %s: aad-size=%zd salt-size=%zd wire-IV-size=%zd text-size=%zd tag-size=%zd", \
desc, aad.len, salt.len, wire_iv.len, len, tag.len); \
DBG_dump_chunk("test_gcm_vector: text+tag on call", \
text_and_tag)); \
if (!encrypt_desc->encrypt_ops->do_aead(encrypt_desc, \
salt.ptr, salt.len, \
wire_iv.ptr, wire_iv.len, \
aad.ptr, aad.len, \
text_and_tag.ptr, \
len, tag.len, \
sym_key, enc) || \
!verify_chunk_data("output ciphertext", \
to, text_and_tag.ptr) || \
!verify_chunk_data("TAG", tag, text_and_tag.ptr + len)) \
ok = FALSE; \
DBG(DBG_CRYPT, DBG_dump_chunk("test_gcm_vector: text+tag on return", \
text_and_tag)); \
}
/* test decryption */
memcpy(text_and_tag.ptr + len, tag.ptr, tag.len);
try(FALSE, "decrypt", ciphertext, plaintext);
/* test encryption */
memset(text_and_tag.ptr + len, '\0', tag.len);
try(TRUE, "encrypt", plaintext, ciphertext);
# undef try
freeanychunk(salted_iv);
freeanychunk(aad);
freeanychunk(plaintext);
freeanychunk(ciphertext);
freeanychunk(tag);
freeanychunk(text_and_tag);
/* Clean up. */
release_symkey(__func__, "sym_key", &sym_key);
DBG(DBG_CRYPT, DBG_log("test_gcm_vector: %s", ok ? "passed" : "failed"));
return ok;
}
bool test_gcm_vectors(const struct encrypt_desc *encrypt_desc,
const struct gcm_test_vector *tests)
{
bool ok = TRUE;
const struct gcm_test_vector *test;
for (test = tests; test->key != NULL; test++) {
if (!test_gcm_vector(encrypt_desc, test)) {
ok = FALSE;
}
}
return ok;
}
