introduced encryption test vectors

7 files changed, 246 insertions, 76 deletions

diff --git a/src/pluto/alg/ike_alg_blowfish.c b/src/pluto/alg/ike_alg_blowfish.c
index 2bbef051b..3172cd817 100644
--- a/src/pluto/alg/ike_alg_blowfish.c
+++ b/src/pluto/alg/ike_alg_blowfish.c
@@ -16,6 +16,81 @@
 #define  BLOWFISH_KEY_MAX_LEN	448
 
 
+/**
+ * Blowfish CBC encryption test vectors
+ */
+
+/**
+ * Test vector by Eric Young
+ */
+
+static const u_char bf_test0_key[] = {
+	0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
+	0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87
+};
+
+static const u_char bf_test0_iv[] = { 
+	0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 
+};
+
+static const u_char bf_test0_plain[] = {
+	/* "7654321 Now is the time for " */
+	0x37, 0x36, 0x35, 0x34, 0x33, 0x32, 0x31, 0x20,
+	0x4E, 0x6F, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
+	0x68, 0x65, 0x20, 0x74, 0x69, 0x6D, 0x65, 0x20,
+	0x66, 0x6F, 0x72, 0x20, 0x00, 0x00, 0x00, 0x00
+};
+
+static const u_char bf_test0_cipher[] = {
+	0x6B, 0x77, 0xB4, 0xD6, 0x30, 0x06, 0xDE, 0xE6,
+	0x05, 0xB1, 0x56, 0xE2, 0x74, 0x03, 0x97, 0x93,
+	0x58, 0xDE, 0xB9, 0xE7, 0x15, 0x46, 0x16, 0xD9,
+	0x59, 0xF1, 0x65, 0x2B, 0xD5, 0xFF, 0x92, 0xCC
+};
+
+/**
+ * Test vector by Chilkat Software 
+ * (www.chilkatsoft.com/p/php_blowfish.asp)
+ */
+
+static const u_char bf_test1_key[] = {
+	0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38,
+	0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36,
+	0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48,
+	0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50
+};
+
+static const u_char bf_test1_iv[] = {
+	0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38
+};
+
+static const u_char bf_test1_plain[] = {
+	/* "The quick brown fox jumped over the lazy dog" */
+	0x54, 0x68, 0x65, 0x20, 0x71, 0x75, 0x69, 0x63,
+	0x6b, 0x20, 0x62, 0x72, 0x6f, 0x77, 0x6e, 0x20,
+	0x66, 0x6f, 0x78, 0x20, 0x6a, 0x75, 0x6d, 0x70,
+	0x65, 0x64, 0x20, 0x6f, 0x76, 0x65, 0x72, 0x20,
+	0x74, 0x68, 0x65, 0x20, 0x6c, 0x61, 0x7a, 0x79,
+	0x20, 0x64, 0x6f, 0x67, 0x00, 0x00, 0x00, 0x00
+}; 
+
+static const u_char bf_test1_cipher[] = {
+	0x27, 0x68, 0x55, 0xca, 0x6c, 0x0d, 0x60, 0xf7,
+	0xd9, 0x70, 0x82, 0x10, 0x44, 0x0c, 0x10, 0x72,
+	0xe0, 0x5d, 0x07, 0x8e, 0x73, 0x3b, 0x34, 0xb4,
+	0x19, 0x8d, 0x60, 0x9d, 0xc2, 0xfc, 0xc2, 0xf0,
+	0xc3, 0x09, 0x26, 0xcd, 0xef, 0x3b, 0x6d, 0x52,
+	0xba, 0xf6, 0xe3, 0x45, 0xaa, 0x03, 0xf8, 0x3e
+};
+
+static const enc_testvector_t bf_enc_testvectors[] = {
+	{ sizeof(bf_test0_key), bf_test0_key, bf_test0_iv,
+	  sizeof(bf_test0_plain), bf_test0_plain, bf_test0_cipher },
+	{ sizeof(bf_test1_key), bf_test1_key, bf_test1_iv,
+	  sizeof(bf_test1_plain), bf_test1_plain, bf_test1_cipher },
+	{ 0, NULL, NULL, 0, NULL, NULL }
+};
+
 static void
 do_blowfish(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc)
 {
@@ -36,6 +111,7 @@ struct encrypt_desc algo_blowfish =
 	keydeflen: BLOWFISH_KEY_MIN_LEN,
 	keymaxlen: BLOWFISH_KEY_MAX_LEN,
 	do_crypt: do_blowfish,
+	enc_testvectors: bf_enc_testvectors,
 };
 
 int ike_alg_blowfish_init(void);
diff --git a/src/pluto/alg/ike_alg_serpent.c b/src/pluto/alg/ike_alg_serpent.c
index fb01caa41..c7b6cfe68 100644
--- a/src/pluto/alg/ike_alg_serpent.c
+++ b/src/pluto/alg/ike_alg_serpent.c
@@ -50,10 +50,11 @@ struct encrypt_desc encrypt_desc_serpent =
 	algo_next: 	NULL,
 	enc_ctxsize: 	sizeof(struct serpent_context),
 	enc_blocksize: 	SERPENT_CBC_BLOCK_SIZE,
-        keyminlen: 	SERPENT_KEY_MIN_LEN,
-        keydeflen: 	SERPENT_KEY_DEF_LEN,
-        keymaxlen: 	SERPENT_KEY_MAX_LEN,
-        do_crypt: 	do_serpent,
+	keyminlen: 	SERPENT_KEY_MIN_LEN,
+	keydeflen: 	SERPENT_KEY_DEF_LEN,
+	keymaxlen: 	SERPENT_KEY_MAX_LEN,
+	do_crypt: 	do_serpent,
+	enc_testvectors: NULL		
 };
 
 int ike_alg_serpent_init(void);
diff --git a/src/pluto/alg/ike_alg_twofish.c b/src/pluto/alg/ike_alg_twofish.c
index 1788bc394..9d40e3e50 100644
--- a/src/pluto/alg/ike_alg_twofish.c
+++ b/src/pluto/alg/ike_alg_twofish.c
@@ -48,11 +48,12 @@ struct encrypt_desc encrypt_desc_twofish =
 	algo_id:   	OAKLEY_TWOFISH_CBC,
 	algo_next: 	NULL,
 	enc_ctxsize: 	sizeof(twofish_context),
-        enc_blocksize: 	TWOFISH_CBC_BLOCK_SIZE,
-        keydeflen: 	TWOFISH_KEY_MIN_LEN,
-        keyminlen: 	TWOFISH_KEY_DEF_LEN,
+	enc_blocksize: 	TWOFISH_CBC_BLOCK_SIZE,
+	keydeflen: 	TWOFISH_KEY_MIN_LEN,
+	keyminlen: 	TWOFISH_KEY_DEF_LEN,
 	keymaxlen: 	TWOFISH_KEY_MAX_LEN,
 	do_crypt: 	do_twofish,
+	enc_testvectors: NULL
 };
 
 struct encrypt_desc encrypt_desc_twofish_ssh =
diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c
index 579e257f2..52cf0ce7f 100644
--- a/src/pluto/crypto.c
+++ b/src/pluto/crypto.c
@@ -61,6 +61,7 @@ static struct encrypt_desc crypto_encryptor_3des =
 		keyminlen:      DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE,
 		keymaxlen:      DES_CBC_BLOCK_SIZE * 3 * BITS_PER_BYTE,
 		do_crypt:       do_3des,
+		enc_testvectors: NULL
 };
 
 /* MD5 hash test vectors
@@ -297,12 +298,12 @@ static const hmac_testvector_t md5_hmac_testvectors[] = {
 
 static struct hash_desc crypto_hasher_md5 =
 {       
-		algo_type: IKE_ALG_HASH,
-		algo_id:   OAKLEY_MD5,
-		algo_next: NULL, 
-		hash_digest_size: HASH_SIZE_MD5,
-		hash_testvectors: md5_hash_testvectors,
-		hmac_testvectors: md5_hmac_testvectors,
+	algo_type: IKE_ALG_HASH,
+	algo_id:   OAKLEY_MD5,
+	algo_next: NULL, 
+	hash_digest_size: HASH_SIZE_MD5,
+	hash_testvectors: md5_hash_testvectors,
+	hmac_testvectors: md5_hmac_testvectors,
 };
 
 /* SHA-1 test vectors
@@ -433,12 +434,12 @@ static const hmac_testvector_t sha1_hmac_testvectors[] = {
 
 static struct hash_desc crypto_hasher_sha1 =
 {       
-		algo_type: IKE_ALG_HASH,
-		algo_id:   OAKLEY_SHA,
-		algo_next: NULL, 
-		hash_digest_size: HASH_SIZE_SHA1,
-		hash_testvectors: sha1_hash_testvectors,
-		hmac_testvectors: sha1_hmac_testvectors
+	algo_type: IKE_ALG_HASH,
+	algo_id:   OAKLEY_SHA,
+	algo_next: NULL, 
+	hash_digest_size: HASH_SIZE_SHA1,
+	hash_testvectors: sha1_hash_testvectors,
+	hmac_testvectors: sha1_hmac_testvectors
 };
 
 void init_crypto(void)
@@ -557,6 +558,34 @@ void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf,
 	*/
 }
 
+encryption_algorithm_t oakley_to_encryption_algorithm(int alg)
+{
+	switch (alg)
+	{
+		case OAKLEY_DES_CBC:
+			return ENCR_DES;
+		case OAKLEY_IDEA_CBC:
+			return ENCR_IDEA; 
+		case OAKLEY_BLOWFISH_CBC:
+			return ENCR_BLOWFISH;
+		case OAKLEY_RC5_R16_B64_CBC:
+			return ENCR_RC5;
+		case OAKLEY_3DES_CBC:
+			return ENCR_3DES;
+		case OAKLEY_CAST_CBC:
+			return ENCR_CAST;
+		case OAKLEY_AES_CBC:
+			return ENCR_AES_CBC;
+		case OAKLEY_SERPENT_CBC:
+			return ENCR_SERPENT_CBC;
+		case OAKLEY_TWOFISH_CBC:
+		case OAKLEY_TWOFISH_CBC_SSH:
+			return ENCR_TWOFISH_CBC;
+		default:
+			return ENCR_UNDEFINED;
+	}
+}
+
 hash_algorithm_t oakley_to_hash_algorithm(int alg)
 {
 	switch (alg)
diff --git a/src/pluto/crypto.h b/src/pluto/crypto.h
index 4fc9b2356..c07f695da 100644
--- a/src/pluto/crypto.h
+++ b/src/pluto/crypto.h
@@ -12,8 +12,7 @@
  * for more details.
  */
 
-#include <gmp.h>    /* GNU MP library */
-
+#include <crypto/hashers/hasher.h>
 #include <crypto/hashers/hasher.h>
 #include <crypto/prfs/prf.h>
 
@@ -60,7 +59,7 @@ void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf, s
 
 /* unification of cryptographic hashing mechanisms */
 
-
+extern encryption_algorithm_t oakley_to_encryption_algorithm(int alg);
 extern hash_algorithm_t oakley_to_hash_algorithm(int alg);
 extern pseudo_random_function_t oakley_to_prf(int alg);
 
diff --git a/src/pluto/ike_alg.c b/src/pluto/ike_alg.c
index e0c8c97be..5e4a431ec 100644
--- a/src/pluto/ike_alg.c
+++ b/src/pluto/ike_alg.c
@@ -22,7 +22,9 @@
 #include <ipsec_policy.h>
 
 #include <library.h>
+#include <debug.h>
 #include <crypto/hashers/hasher.h>
+#include <crypto/crypters/crypter.h>
 #include <crypto/prfs/prf.h>
 
 #include "constants.h"
@@ -42,7 +44,7 @@
 
 #define return_on(var, val) do { var=val;goto return_out; } while(0);
 
-/*
+/**
  * IKE algorithm list handling - registration and lookup
  */
 
@@ -50,11 +52,11 @@
 
 static struct ike_alg *ike_alg_base[IKE_ALG_MAX+1] = {NULL, NULL};
 
-/*
- * return ike_algo object by {type, id}
+/**
+ * Return ike_algo object by {type, id}
  */
-static struct ike_alg *
-ike_alg_find(u_int algo_type, u_int algo_id, u_int keysize __attribute__((unused)))
+static struct ike_alg *ike_alg_find(u_int algo_type, u_int algo_id,
+									u_int keysize __attribute__((unused)))
 {
 	struct ike_alg *e = ike_alg_base[algo_type];
 
@@ -65,11 +67,10 @@ ike_alg_find(u_int algo_type, u_int algo_id, u_int keysize __attribute__((unused
 	return (e != NULL && e->algo_id == algo_id) ? e : NULL;
 }
 
-/*
+/**
  * "raw" ike_alg list adding function
  */
-int
-ike_alg_add(struct ike_alg* a)
+int ike_alg_add(struct ike_alg* a)
 {
 	if (a->algo_type > IKE_ALG_MAX)
 	{
@@ -98,45 +99,42 @@ ike_alg_add(struct ike_alg* a)
 	}
 }
 
-/*
- * get IKE hash algorithm
+/**
+ * Get IKE hash algorithm
  */
 struct hash_desc *ike_alg_get_hasher(u_int alg)
 {
 	return (struct hash_desc *) ike_alg_find(IKE_ALG_HASH, alg, 0);
 }
 
-/*
- * get IKE encryption algorithm
+/**
+ * Get IKE encryption algorithm
  */
 struct encrypt_desc *ike_alg_get_encrypter(u_int alg)
 {
 	return (struct encrypt_desc *) ike_alg_find(IKE_ALG_ENCRYPT, alg, 0);
 }
 
-/*
- * check if IKE hash algorithm is present
+/**
+ * Check if IKE hash algorithm is present
  */
-bool
-ike_alg_hash_present(u_int halg)
+bool ike_alg_hash_present(u_int halg)
 {
 	return ike_alg_get_hasher(halg) != NULL;
 }
 
-/*
+/**
  * check if IKE encryption algorithm is present
  */
-bool
-ike_alg_enc_present(u_int ealg)
+bool ike_alg_enc_present(u_int ealg)
 {
 	return ike_alg_get_encrypter(ealg) != NULL;
 }
 
-/*
+/**
  * Validate and register IKE hash algorithm object
  */
-int
-ike_alg_register_hash(struct hash_desc *hash_desc)
+int ike_alg_register_hash(struct hash_desc *hash_desc)
 {
 	const char *alg_name = NULL;
 	int ret = 0;
@@ -166,11 +164,10 @@ return_out:
 	return ret;
 }
 
-/*
+/**
  * Validate and register IKE encryption algorithm object
  */
-int
-ike_alg_register_enc(struct encrypt_desc *enc_desc)
+int ike_alg_register_enc(struct encrypt_desc *enc_desc)
 {
 	int ret = ike_alg_add((struct ike_alg *)enc_desc);
 
@@ -192,11 +189,10 @@ ike_alg_register_enc(struct encrypt_desc *enc_desc)
 	return ret;
 }
 
-/*
+/**
  * Get pfsgroup for this connection
  */
-const struct oakley_group_desc *
-ike_alg_pfsgroup(struct connection *c, lset_t policy)
+const struct oakley_group_desc *ike_alg_pfsgroup(struct connection *c, lset_t policy)
 {
 	const struct oakley_group_desc * ret = NULL;
 
@@ -207,11 +203,10 @@ ike_alg_pfsgroup(struct connection *c, lset_t policy)
 	return ret;
 }
 
-/*
+/**
  * Create an OAKLEY proposal based on alg_info and policy
  */
-struct db_context *
-ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
+struct db_context *ike_alg_db_new(struct alg_info_ike *ai , lset_t policy)
 {
 	struct db_context *db_ctx = NULL;
 	struct ike_info *ike_info;
@@ -318,11 +313,10 @@ fail:
 	return db_ctx;
 }
 
-/*
+/**
  * Show registered IKE algorithms
  */
-void
-ike_alg_list(void)
+void ike_alg_list(void)
 {
 	u_int i;
 	struct ike_alg *a;
@@ -374,14 +368,13 @@ ike_alg_list(void)
 	}
 }
 
-/*  Show IKE algorithms for
- *    - this connection (result from ike= string)
- *    - newest SA
+/**
+ * Show IKE algorithms for this connection (result from ike= string)
+ * and newest SA
  */
-void
-ike_alg_show_connection(struct connection *c, const char *instance)
+void ike_alg_show_connection(struct connection *c, const char *instance)
 {
-	char buf[256];
+	char buf[BUF_LEN];
 	struct state *st;
 
 	if (c->alg_info_ike)
@@ -420,11 +413,72 @@ ike_alg_show_connection(struct connection *c, const char *instance)
 		);
 }
 
-/*
+/**
+ * Apply a suite of testvectors to an encryption algorithm
+ */
+static bool ike_encrypt_test(const struct encrypt_desc *desc)
+{
+	bool encrypt_results = TRUE;
+
+	if (desc->enc_testvectors == NULL)
+	{
+		plog("  %s encryption self-test not available",
+			 enum_name(&oakley_enc_names, desc->algo_id));
+	}
+	else
+	{
+		int i;
+		encryption_algorithm_t enc_alg;
+
+		enc_alg = oakley_to_encryption_algorithm(desc->algo_id);
+	
+		for (i = 0; desc->enc_testvectors[i].key != NULL; i++)
+		{
+			bool result;
+			crypter_t *crypter;
+			chunk_t key =    { (u_char*)desc->enc_testvectors[i].key,
+									    desc->enc_testvectors[i].key_size };
+			chunk_t plain =  { (u_char*)desc->enc_testvectors[i].plain,
+									    desc->enc_testvectors[i].data_size};
+			chunk_t cipher = { (u_char*)desc->enc_testvectors[i].cipher,
+									    desc->enc_testvectors[i].data_size};
+			chunk_t encrypted = chunk_empty;
+			chunk_t decrypted = chunk_empty;
+			chunk_t iv;
+
+			crypter = lib->crypto->create_crypter(lib->crypto, enc_alg, key.len);
+			if (crypter == NULL)
+			{
+				plog("  %s encryption function not available",
+					 enum_name(&oakley_enc_names, desc->algo_id));
+				return FALSE;
+			}
+			iv = chunk_create((u_char*)desc->enc_testvectors[i].iv,
+							  crypter->get_block_size(crypter));
+			crypter->set_key(crypter, key);
+			crypter->decrypt(crypter, cipher, iv, &decrypted);
+			result = chunk_equals(decrypted, plain);
+			crypter->encrypt(crypter, plain, iv, &encrypted);
+			result &= chunk_equals(encrypted, cipher);
+			DBG(DBG_CRYPT,
+				DBG_log("  enc testvector %d: %s", i, result ? "ok":"failed")
+			)
+			encrypt_results &= result;
+			crypter->destroy(crypter);
+			free(encrypted.ptr);
+			free(decrypted.ptr);
+		}
+		plog("  %s encryption self-test %s",
+			 enum_name(&oakley_enc_names, desc->algo_id),
+			 encrypt_results ? "passed":"failed");
+	}
+	return encrypt_results;
+}
+
+/**
  * Apply a suite of testvectors to a hash algorithm
  */
-static bool
-ike_hash_test(const struct hash_desc *desc)
+static bool ike_hash_test(const struct hash_desc *desc)
 {
 	bool hash_results = TRUE;
 	bool hmac_results = TRUE;
@@ -513,23 +567,22 @@ ike_hash_test(const struct hash_desc *desc)
 	return hash_results && hmac_results;
 }
 
-/*
+/**
  * Apply test vectors to registered encryption and hash algorithms
  */
-bool
-ike_alg_test(void)
+bool ike_alg_test(void)
 {
 	bool all_results = TRUE;
 	struct ike_alg *a;
-
+	
 	plog("Testing registered IKE encryption algorithms:");
 
 	for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
 	{
-		plog("  %s self-test not available", enum_name(&oakley_enc_names, a->algo_id));
-	}
+		struct encrypt_desc *desc = (struct encrypt_desc*)a;
 
-	plog("Testing registered IKE hash algorithms:");
+		all_results &= ike_encrypt_test(desc);
+	}
 
 	for (a = ike_alg_base[IKE_ALG_HASH]; a != NULL; a = a->algo_next)
 	{
@@ -545,12 +598,11 @@ ike_alg_test(void)
 	return all_results;
 }
 
-/*
+/**
  * ML: make F_STRICT logic consider enc,hash/auth,modp algorithms
  */
-bool
-ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group
-, struct alg_info_ike *alg_info_ike)
+bool ike_alg_ok_final(u_int ealg, u_int key_len, u_int aalg, u_int group,
+					  struct alg_info_ike *alg_info_ike)
 {
 	/*
 	 * simple test to discard low key_len, will accept it only
diff --git a/src/pluto/ike_alg.h b/src/pluto/ike_alg.h
index 3bf93b9f6..4bc1f90d4 100644
--- a/src/pluto/ike_alg.h
+++ b/src/pluto/ike_alg.h
@@ -23,6 +23,17 @@ struct ike_alg {
 	struct ike_alg *algo_next;
 };
 
+typedef struct enc_testvector enc_testvector_t;
+
+struct enc_testvector {
+	const size_t  key_size;
+	const u_char *key;
+	const u_char *iv;
+	const size_t  data_size;
+	const u_char *plain;
+	const u_char *cipher;
+};
+
 struct encrypt_desc {
 	u_int16_t algo_type;
 	u_int16_t algo_id;
@@ -34,6 +45,7 @@ struct encrypt_desc {
 	u_int keymaxlen;
 	u_int keyminlen;
 	void (*do_crypt)(u_int8_t *dat, size_t datasize, u_int8_t *key, size_t key_size, u_int8_t *iv, bool enc);
+	const enc_testvector_t *enc_testvectors;
 };
 
 typedef struct hash_testvector hash_testvector_t;