diff options
Diffstat (limited to 'src/charon/plugins')
| -rw-r--r-- | src/charon/plugins/unit_tester/Makefile.am | 3 | ||||
| -rw-r--r-- | src/charon/plugins/unit_tester/tests.h | 4 | ||||
| -rw-r--r-- | src/charon/plugins/unit_tester/tests/test_aes.c | 467 | ||||
| -rw-r--r-- | src/charon/plugins/unit_tester/tests/test_fips_prf.c | 64 | ||||
| -rw-r--r-- | src/charon/plugins/unit_tester/tests/test_rng.c | 221 |
5 files changed, 0 insertions, 759 deletions
diff --git a/src/charon/plugins/unit_tester/Makefile.am b/src/charon/plugins/unit_tester/Makefile.am index af03e4e50..50c5e0362 100644 --- a/src/charon/plugins/unit_tester/Makefile.am +++ b/src/charon/plugins/unit_tester/Makefile.am @@ -8,7 +8,6 @@ plugin_LTLIBRARIES = libstrongswan-unit-tester.la libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \ tests/test_enumerator.c \ tests/test_auth_info.c \ - tests/test_fips_prf.c \ tests/test_curl.c \ tests/test_mysql.c \ tests/test_sqlite.c \ @@ -16,11 +15,9 @@ libstrongswan_unit_tester_la_SOURCES = unit_tester.c unit_tester.h tests.h \ tests/test_rsa_gen.c \ tests/test_cert.c \ tests/test_med_db.c \ - tests/test_aes.c \ tests/test_chunk.c \ tests/test_pool.c \ tests/test_agent.c \ - tests/test_rng.c \ tests/test_id.c libstrongswan_unit_tester_la_LDFLAGS = -module diff --git a/src/charon/plugins/unit_tester/tests.h b/src/charon/plugins/unit_tester/tests.h index 8810da4e2..dcf2a5d18 100644 --- a/src/charon/plugins/unit_tester/tests.h +++ b/src/charon/plugins/unit_tester/tests.h @@ -24,7 +24,6 @@ DEFINE_TEST("nested enumerator", test_enumerate_nested, FALSE) DEFINE_TEST("filtered enumerator", test_enumerate_filtered, FALSE) DEFINE_TEST("token enumerator", test_enumerate_token, FALSE) DEFINE_TEST("auth cfg", test_auth_cfg, FALSE) -DEFINE_TEST("FIPS PRF", fips_prf_test, FALSE) DEFINE_TEST("CURL get", test_curl_get, FALSE) DEFINE_TEST("MySQL operations", test_mysql, FALSE) DEFINE_TEST("SQLite operations", test_sqlite, FALSE) @@ -33,12 +32,9 @@ DEFINE_TEST("RSA key generation", test_rsa_gen, FALSE) DEFINE_TEST("RSA subjectPublicKeyInfo loading", test_rsa_load_any, FALSE) DEFINE_TEST("X509 certificate", test_cert_x509, FALSE) DEFINE_TEST("Mediation database key fetch", test_med_db, FALSE) -DEFINE_TEST("AES-128 encryption", test_aes128, FALSE) -DEFINE_TEST("AES-XCBC", test_aes_xcbc, FALSE) DEFINE_TEST("Base64 converter", test_chunk_base64, FALSE) DEFINE_TEST("IP pool", test_pool, FALSE) DEFINE_TEST("SSH agent", test_agent, FALSE) -DEFINE_TEST("RNG quality", test_rng, FALSE) DEFINE_TEST("ID parts", test_id_parts, FALSE) /** @}*/ diff --git a/src/charon/plugins/unit_tester/tests/test_aes.c b/src/charon/plugins/unit_tester/tests/test_aes.c deleted file mode 100644 index 06e891d83..000000000 --- a/src/charon/plugins/unit_tester/tests/test_aes.c +++ /dev/null @@ -1,467 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <daemon.h> -#include <library.h> -#include <utils/mutex.h> - -#include <unistd.h> -#include <sched.h> -#include <pthread.h> - -/** - * run a test using given values - */ -static bool do_aes_test(u_char *key, int keysize, u_char *iv, - u_char *plain, u_char *cipher, int len) -{ - crypter_t *crypter; - chunk_t enc, dec; - bool good = TRUE; - - crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, keysize); - if (!crypter) - { - return FALSE; - } - crypter->set_key(crypter, chunk_create(key, keysize)); - crypter->encrypt(crypter, - chunk_create(plain, len), chunk_create(iv, 16), &enc); - if (!memeq(enc.ptr, cipher, len)) - { - good = FALSE; - } - crypter->decrypt(crypter, enc, chunk_create(iv, 16), &dec); - if (!memeq(dec.ptr, plain, len)) - { - good = FALSE; - } - free(enc.ptr); - free(dec.ptr); - crypter->destroy(crypter); - return good; -} - -/******************************************************************************* - * AES-128 test - ******************************************************************************/ -bool test_aes128() -{ - /* - * Test 1 of RFC3602 - * Key : 0x06a9214036b8a15b512e03d534120006 - * IV : 0x3dafba429d9eb430b422da802c9fac41 - * Plaintext : "Single block msg" - * Ciphertext: 0xe353779c1079aeb82708942dbe77181a - */ - u_char key1[] = { - 0x06,0xa9,0x21,0x40,0x36,0xb8,0xa1,0x5b, - 0x51,0x2e,0x03,0xd5,0x34,0x12,0x00,0x06 - }; - u_char iv1[] = { - 0x3d,0xaf,0xba,0x42,0x9d,0x9e,0xb4,0x30, - 0xb4,0x22,0xda,0x80,0x2c,0x9f,0xac,0x41 - }; - u_char plain1[] = { - 'S','i','n','g','l','e',' ','b','l','o','c','k',' ','m','s','g' - }; - u_char cipher1[] = { - 0xe3,0x53,0x77,0x9c,0x10,0x79,0xae,0xb8, - 0x27,0x08,0x94,0x2d,0xbe,0x77,0x18,0x1a - }; - if (!do_aes_test(key1, 16, iv1, plain1, cipher1, sizeof(plain1))) - { - return FALSE; - } - - /* - * Test 2 of RFC3602 - * Key : 0xc286696d887c9aa0611bbb3e2025a45a - * IV : 0x562e17996d093d28ddb3ba695a2e6f58 - * Plaintext : 0x000102030405060708090a0b0c0d0e0f - * 101112131415161718191a1b1c1d1e1f - * Ciphertext: 0xd296cd94c2cccf8a3a863028b5e1dc0a - * 7586602d253cfff91b8266bea6d61ab1 - */ - u_char key2[] = { - 0xc2,0x86,0x69,0x6d,0x88,0x7c,0x9a,0xa0, - 0x61,0x1b,0xbb,0x3e,0x20,0x25,0xa4,0x5a - }; - u_char iv2[] = { - 0x56,0x2e,0x17,0x99,0x6d,0x09,0x3d,0x28, - 0xdd,0xb3,0xba,0x69,0x5a,0x2e,0x6f,0x58 - }; - u_char plain2[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, - 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17, - 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f - }; - u_char cipher2[] = { - 0xd2,0x96,0xcd,0x94,0xc2,0xcc,0xcf,0x8a, - 0x3a,0x86,0x30,0x28,0xb5,0xe1,0xdc,0x0a, - 0x75,0x86,0x60,0x2d,0x25,0x3c,0xff,0xf9, - 0x1b,0x82,0x66,0xbe,0xa6,0xd6,0x1a,0xb1 - }; - if (!do_aes_test(key2, 16, iv2, plain2, cipher2, sizeof(plain2))) - { - return FALSE; - } - - /* - * Test 3 of RFC3603 - * Key : 0x56e47a38c5598974bc46903dba290349 - * IV : 0x8ce82eefbea0da3c44699ed7db51b7d9 - * Plaintext : 0xa0a1a2a3a4a5a6a7a8a9aaabacadaeaf - * b0b1b2b3b4b5b6b7b8b9babbbcbdbebf - * c0c1c2c3c4c5c6c7c8c9cacbcccdcecf - * d0d1d2d3d4d5d6d7d8d9dadbdcdddedf - * Ciphertext: 0xc30e32ffedc0774e6aff6af0869f71aa - * 0f3af07a9a31a9c684db207eb0ef8e4e - * 35907aa632c3ffdf868bb7b29d3d46ad - * 83ce9f9a102ee99d49a53e87f4c3da55 - */ - u_char key3[] = { - 0x56,0xe4,0x7a,0x38,0xc5,0x59,0x89,0x74, - 0xbc,0x46,0x90,0x3d,0xba,0x29,0x03,0x49 - }; - u_char iv3[] = { - 0x8c,0xe8,0x2e,0xef,0xbe,0xa0,0xda,0x3c, - 0x44,0x69,0x9e,0xd7,0xdb,0x51,0xb7,0xd9 - }; - u_char plain3[] = { - 0xa0,0xa1,0xa2,0xa3,0xa4,0xa5,0xa6,0xa7, - 0xa8,0xa9,0xaa,0xab,0xac,0xad,0xae,0xaf, - 0xb0,0xb1,0xb2,0xb3,0xb4,0xb5,0xb6,0xb7, - 0xb8,0xb9,0xba,0xbb,0xbc,0xbd,0xbe,0xbf, - 0xc0,0xc1,0xc2,0xc3,0xc4,0xc5,0xc6,0xc7, - 0xc8,0xc9,0xca,0xcb,0xcc,0xcd,0xce,0xcf, - 0xd0,0xd1,0xd2,0xd3,0xd4,0xd5,0xd6,0xd7, - 0xd8,0xd9,0xda,0xdb,0xdc,0xdd,0xde,0xdf - }; - u_char cipher3[] = { - 0xc3,0x0e,0x32,0xff,0xed,0xc0,0x77,0x4e, - 0x6a,0xff,0x6a,0xf0,0x86,0x9f,0x71,0xaa, - 0x0f,0x3a,0xf0,0x7a,0x9a,0x31,0xa9,0xc6, - 0x84,0xdb,0x20,0x7e,0xb0,0xef,0x8e,0x4e, - 0x35,0x90,0x7a,0xa6,0x32,0xc3,0xff,0xdf, - 0x86,0x8b,0xb7,0xb2,0x9d,0x3d,0x46,0xad, - 0x83,0xce,0x9f,0x9a,0x10,0x2e,0xe9,0x9d, - 0x49,0xa5,0x3e,0x87,0xf4,0xc3,0xda,0x55 - }; - if (!do_aes_test(key3, 16, iv3, plain3, cipher3, sizeof(plain3))) - { - return FALSE; - } - return TRUE; -} - -/** - * run a single xcbc test for prf and signer - */ -static bool do_xcbc_test(u_int8_t *key, size_t keylen, u_int8_t *mac, - u_int8_t *plain, size_t len) -{ - signer_t *signer; - prf_t *prf; - u_int8_t res[16]; - - prf = lib->crypto->create_prf(lib->crypto, PRF_AES128_XCBC); - if (!prf) - { - return FALSE; - } - prf->set_key(prf, chunk_create(key, keylen)); - prf->get_bytes(prf, chunk_create(plain, len), res); - if (!memeq(res, mac, 16)) - { - DBG1(DBG_CFG, "expected %b\ngot %b", mac, 16, res, 16); - prf->destroy(prf); - return FALSE; - } - prf->destroy(prf); - - signer = lib->crypto->create_signer(lib->crypto, AUTH_AES_XCBC_96); - if (!signer) - { - return FALSE; - } - signer->set_key(signer, chunk_create(key, keylen)); - if (!signer->verify_signature(signer, chunk_create(plain, len), - chunk_create(mac, 12))) - { - return FALSE; - } - signer->destroy(signer); - return TRUE; -} - - -/******************************************************************************* - * AES_XCBC mac test - ******************************************************************************/ -bool test_aes_xcbc() -{ - /* Vectors from RFC 3566 */ - - /* Test Case #1 : AES-XCBC-MAC-96 with 0-byte input - * Key (K) : 000102030405060708090a0b0c0d0e0f - * Message (M) : <empty string> - * AES-XCBC-MAC : 75f0251d528ac01c4573dfd584d79f29 - * AES-XCBC-MAC-96: 75f0251d528ac01c4573dfd5 - */ - u_char key1[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - u_char plain1[] = { - }; - u_char mac1[] = { - 0x75,0xf0,0x25,0x1d,0x52,0x8a,0xc0,0x1c, - 0x45,0x73,0xdf,0xd5,0x84,0xd7,0x9f,0x29 - }; - if (!do_xcbc_test(key1, 16, mac1, plain1, sizeof(plain1))) - { - return FALSE; - } - - /* - * Test Case #2 : AES-XCBC-MAC-96 with 3-byte input - * Key (K) : 000102030405060708090a0b0c0d0e0f - * Message (M) : 000102 - * AES-XCBC-MAC : 5b376580ae2f19afe7219ceef172756f - * AES-XCBC-MAC-96: 5b376580ae2f19afe7219cee - */ - u_char key2[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - u_char plain2[] = { - 0x00,0x01,0x02 - }; - u_char mac2[] = { - 0x5b,0x37,0x65,0x80,0xae,0x2f,0x19,0xaf, - 0xe7,0x21,0x9c,0xee,0xf1,0x72,0x75,0x6f - }; - if (!do_xcbc_test(key2, 16, mac2, plain2, sizeof(plain2))) - { - return FALSE; - } - - /* Test Case #3 : AES-XCBC-MAC-96 with 16-byte input - * Key (K) : 000102030405060708090a0b0c0d0e0f - * Message (M) : 000102030405060708090a0b0c0d0e0f - * AES-XCBC-MAC : d2a246fa349b68a79998a4394ff7a263 - * AES-XCBC-MAC-96: d2a246fa349b68a79998a439 - */ - u_char key3[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - u_char plain3[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - u_char mac3[] = { - 0xd2,0xa2,0x46,0xfa,0x34,0x9b,0x68,0xa7, - 0x99,0x98,0xa4,0x39,0x4f,0xf7,0xa2,0x63 - }; - if (!do_xcbc_test(key3, 16, mac3, plain3, sizeof(plain3))) - { - return FALSE; - } - - /* Test Case #4 : AES-XCBC-MAC-96 with 20-byte input - * Key (K) : 000102030405060708090a0b0c0d0e0f - * Message (M) : 000102030405060708090a0b0c0d0e0f10111213 - * AES-XCBC-MAC : 47f51b4564966215b8985c63055ed308 - * AES-XCBC-MAC-96: 47f51b4564966215b8985c63 - */ - u_char key4[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - u_char plain4[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, - 0x10,0x11,0x12,0x13 - }; - u_char mac4[] = { - 0x47,0xf5,0x1b,0x45,0x64,0x96,0x62,0x15, - 0xb8,0x98,0x5c,0x63,0x05,0x5e,0xd3,0x08 - }; - if (!do_xcbc_test(key4, 16, mac4, plain4, sizeof(plain4))) - { - return FALSE; - } - - /* Test Case #5 : AES-XCBC-MAC-96 with 32-byte input - * Key (K) : 000102030405060708090a0b0c0d0e0f - * Message (M) : 000102030405060708090a0b0c0d0e0f10111213141516171819 - * 1a1b1c1d1e1f - * AES-XCBC-MAC : f54f0ec8d2b9f3d36807734bd5283fd4 - * AES-XCBC-MAC-96: f54f0ec8d2b9f3d36807734b - */ - u_char key5[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - u_char plain5[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, - 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17, - 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f - }; - u_char mac5[] = { - 0xf5,0x4f,0x0e,0xc8,0xd2,0xb9,0xf3,0xd3, - 0x68,0x07,0x73,0x4b,0xd5,0x28,0x3f,0xd4 - }; - if (!do_xcbc_test(key5, 16, mac5, plain5, sizeof(plain5))) - { - return FALSE; - } - - /* Test Case #7 : AES-XCBC-MAC-96 with 1000-byte input - * Key (K) : 000102030405060708090a0b0c0d0e0f - * Message (M) : 00000000000000000000 ... 00000000000000000000 - * [1000 bytes] - * AES-XCBC-MAC : f0dafee895db30253761103b5d84528f - * AES-XCBC-MAC-96: f0dafee895db30253761103b - */ - u_char key7[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - u_char plain7[1000]; - memset(plain7, 0, 1000); - u_char mac7[] = { - 0xf0,0xda,0xfe,0xe8,0x95,0xdb,0x30,0x25, - 0x37,0x61,0x10,0x3b,0x5d,0x84,0x52,0x8f - }; - if (!do_xcbc_test(key7, 16, mac7, plain7, sizeof(plain7))) - { - return FALSE; - } - - /* variable key test, RFC4434 */ - - /* Test Case AES-XCBC-PRF-128 with 20-byte input - * Key : 00010203040506070809 - * Message : 000102030405060708090a0b0c0d0e0f10111213 - * PRF Output : 0fa087af7d866e7653434e602fdde835 - */ - u_char key8[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09, - }; - u_char plain8[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, - 0x10,0x11,0x12,0x13 - }; - u_char mac8[] = { - 0x0f,0xa0,0x87,0xaf,0x7d,0x86,0x6e,0x76, - 0x53,0x43,0x4e,0x60,0x2f,0xdd,0xe8,0x35 - }; - if (!do_xcbc_test(key8, 10, mac8, plain8, sizeof(plain8))) - { - return FALSE; - } - - /* Test Case AES-XCBC-PRF-128 with 20-byte input - * Key : 000102030405060708090a0b0c0d0e0fedcb - * Message : 000102030405060708090a0b0c0d0e0f10111213 - * PRF Output : 8cd3c93ae598a9803006ffb67c40e9e4 - */ - u_char key9[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, - 0xed,0xcb - }; - u_char plain9[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, - 0x10,0x11,0x12,0x13 - }; - u_char mac9[] = { - 0x8c,0xd3,0xc9,0x3a,0xe5,0x98,0xa9,0x80, - 0x30,0x06,0xff,0xb6,0x7c,0x40,0xe9,0xe4 - }; - if (!do_xcbc_test(key9, 18, mac9, plain9, sizeof(plain9))) - { - return FALSE; - } - - - /* Test Case #10 : AES-XCBC-MAC-96 with 32-byte input using append mode - * Key (K) : 000102030405060708090a0b0c0d0e0f - * Message (M) : 000102030405060708090a0b0c0d0e0f10111213141516171819 - * 1a1b1c1d1e1f - * AES-XCBC-MAC : f54f0ec8d2b9f3d36807734bd5283fd4 - * AES-XCBC-MAC-96: f54f0ec8d2b9f3d36807734b - */ - u_char key10[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - }; - u_char plain10[] = { - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, - 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17, - 0x18,0x19,0x1a,0x1b,0x1c,0x1d,0x1e,0x1f - }; - u_char mac10[] = { - 0xf5,0x4f,0x0e,0xc8,0xd2,0xb9,0xf3,0xd3, - 0x68,0x07,0x73,0x4b,0xd5,0x28,0x3f,0xd4 - }; - int i; - prf_t *prf = lib->crypto->create_prf(lib->crypto, PRF_AES128_XCBC); - u_char res[16]; - if (!prf) - { - return FALSE; - } - prf->set_key(prf, chunk_create(key10, sizeof(key10))); - for (i = 0; i < 4; i++) - { /* bytes 0 - 3, 1 byte at once */ - prf->get_bytes(prf, chunk_create(plain10 + i, 1), NULL); - } - for (i = 4; i < 5; i+=8) - { /* bytes 4 - 11, at once */ - prf->get_bytes(prf, chunk_create(plain10 + i, 8), NULL); - } - for (i = 12; i < 24; i+=4) - { /* bytes 12 - 23, in blocks of 4 */ - prf->get_bytes(prf, chunk_create(plain10 + i, 4), NULL); - } - for (i = 0; i < 4; i++) - { /* 4 zero blobs */ - prf->get_bytes(prf, chunk_create(NULL, 0), NULL); - } - for (i = 24; i < 25; i+=8) - { /* bytes 24 - 32, at once */ - prf->get_bytes(prf, chunk_create(plain10 + i, 8), res); - } - if (!memeq(res, mac10, 16)) - { - DBG1(DBG_CFG, "expected %b\ngot %b", mac10, 16, res, 16); - prf->destroy(prf); - return FALSE; - } - prf->destroy(prf); - - return TRUE; -} - diff --git a/src/charon/plugins/unit_tester/tests/test_fips_prf.c b/src/charon/plugins/unit_tester/tests/test_fips_prf.c deleted file mode 100644 index 29612143e..000000000 --- a/src/charon/plugins/unit_tester/tests/test_fips_prf.c +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <utils/linked_list.h> -#include <daemon.h> - -/******************************************************************************* - * fips prf known value test - ******************************************************************************/ -bool fips_prf_test() -{ - prf_t *prf; - u_int8_t key_buf[] = { - 0xbd, 0x02, 0x9b, 0xbe, 0x7f, 0x51, 0x96, 0x0b, - 0xcf, 0x9e, 0xdb, 0x2b, 0x61, 0xf0, 0x6f, 0x0f, - 0xeb, 0x5a, 0x38, 0xb6 - }; - u_int8_t seed_buf[] = { - 0x00 - }; - u_int8_t result_buf[] = { - 0x20, 0x70, 0xb3, 0x22, 0x3d, 0xba, 0x37, 0x2f, - 0xde, 0x1c, 0x0f, 0xfc, 0x7b, 0x2e, 0x3b, 0x49, - 0x8b, 0x26, 0x06, 0x14, 0x3c, 0x6c, 0x18, 0xba, - 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78, - 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 - }; - chunk_t key = chunk_from_buf(key_buf); - chunk_t seed = chunk_from_buf(seed_buf); - chunk_t expected = chunk_from_buf(result_buf); - chunk_t result; - - prf = lib->crypto->create_prf(lib->crypto, PRF_FIPS_SHA1_160); - if (prf == NULL) - { - DBG1(DBG_CFG, "FIPS PRF implementation not found"); - return FALSE; - } - prf->set_key(prf, key); - prf->allocate_bytes(prf, seed, &result); - prf->destroy(prf); - if (!chunk_equals(result, expected)) - { - DBG1(DBG_CFG, "FIPS PRF result invalid:\nexpected: %Bresult: %B", - &expected, &result); - chunk_free(&result); - return FALSE; - } - chunk_free(&result); - return TRUE; -} - diff --git a/src/charon/plugins/unit_tester/tests/test_rng.c b/src/charon/plugins/unit_tester/tests/test_rng.c deleted file mode 100644 index 855c27fc3..000000000 --- a/src/charon/plugins/unit_tester/tests/test_rng.c +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -#include <daemon.h> -#include <library.h> -#include <utils/mutex.h> - -#include <unistd.h> -#include <sched.h> -#include <pthread.h> - -static bool test_monobit(chunk_t data) -{ - int i, j, bits = 0; - - for (i = 0; i < data.len; i++) - { - for (j = 0; j < 8; j++) - { - if (data.ptr[i] & (1<<j)) - { - bits++; - } - } - } - DBG1(DBG_CFG, " Monobit: %d/%d bits set", bits, data.len * 8); - if (bits > 9654 && bits < 10346) - { - return TRUE; - } - return FALSE; -} - -static bool test_poker(chunk_t data) -{ - int i, counter[16]; - double sum = 0.0; - - memset(counter, 0, sizeof(counter)); - - for (i = 0; i < data.len; i++) - { - counter[data.ptr[i] & 0x0F]++; - counter[(data.ptr[i] & 0xF0) >> 4]++; - } - - for (i = 0; i < countof(counter); i++) - { - sum += (counter[i] * counter[i]) / 5000.0 * 16.0; - } - sum -= 5000.0; - DBG1(DBG_CFG, " Poker: %f", sum); - if (sum > 1.03 && sum < 57.4) - { - return TRUE; - } - return FALSE; -} - -static bool test_runs(chunk_t data) -{ - int i, j, zero_runs[7], one_runs[7], zero = 0, one = 0, longrun = 0; - bool ok = TRUE; - - memset(one_runs, 0, sizeof(zero_runs)); - memset(zero_runs, 0, sizeof(one_runs)); - - for (i = 0; i < data.len; i++) - { - for (j = 0; j < 8; j++) - { - if (data.ptr[i] & (1<<j)) - { - if (one) - { - if (++one >= 34) - { - longrun++; - break; - } - } - else - { - zero_runs[min(6, zero)]++; - zero = 0; - one = 1; - } - } - else - { - if (zero) - { - if (++zero >= 34) - { - longrun++; - break; - } - } - else - { - one_runs[min(6, one)]++; - one = 0; - zero = 1; - } - } - } - } - - DBG1(DBG_CFG, " Runs: zero: %d/%d/%d/%d/%d/%d, one: %d/%d/%d/%d/%d/%d, " - "longruns: %d", - zero_runs[1], zero_runs[2], zero_runs[3], - zero_runs[4], zero_runs[5], zero_runs[6], - one_runs[1], one_runs[2], one_runs[3], - one_runs[4], one_runs[5], one_runs[6], - longrun); - - if (longrun) - { - return FALSE; - } - - for (i = 1; i < countof(zero_runs); i++) - { - switch (i) - { - case 1: - ok &= zero_runs[i] > 2267 && zero_runs[i] < 2733; - ok &= one_runs[i] > 2267 && one_runs[i] < 2733; - break; - case 2: - ok &= zero_runs[i] > 1079 && zero_runs[i] < 1421; - ok &= one_runs[i] > 1079 && one_runs[i] < 1421; - break; - case 3: - ok &= zero_runs[i] > 502 && zero_runs[i] < 748; - ok &= one_runs[i] > 502 && one_runs[i] < 748; - break; - case 4: - ok &= zero_runs[i] > 223 && zero_runs[i] < 402; - ok &= one_runs[i] > 223 && one_runs[i] < 402; - break; - case 5: - ok &= zero_runs[i] > 90 && zero_runs[i] < 223; - ok &= one_runs[i] > 90 && one_runs[i] < 223; - break; - case 6: - ok &= zero_runs[i] > 90 && zero_runs[i] < 223; - ok &= one_runs[i] > 90 && one_runs[i] < 223; - break; - } - if (!ok) - { - return FALSE; - } - } - return TRUE; -} - -static bool test_rng_quality(rng_quality_t quality) -{ - rng_t *rng; - chunk_t chunk; - - rng = lib->crypto->create_rng(lib->crypto, quality); - if (!rng) - { - return FALSE; - } - DBG1(DBG_CFG, "%N", rng_quality_names, quality); - rng->allocate_bytes(rng, 2500, &chunk); - - if (!test_monobit(chunk)) - { - return FALSE; - } - if (!test_poker(chunk)) - { - return FALSE; - } - if (!test_runs(chunk)) - { - return FALSE; - } - - free(chunk.ptr); - rng->destroy(rng); - return TRUE; -} - -/** - * run a test using given values - */ -bool test_rng() -{ - if (!test_rng_quality(RNG_WEAK)) - { - return FALSE; - } - if (!test_rng_quality(RNG_STRONG)) - { - return FALSE; - } - if (!test_rng_quality(RNG_TRUE)) - { - return FALSE; - } - return TRUE; -} - |