github.com/jcmturner/gokrb5/v8@v8.4.4/crypto/aes256-cts-hmac-sha384-192_test.go (about) 1 package crypto 2 3 import ( 4 "encoding/hex" 5 "testing" 6 7 "github.com/jcmturner/gokrb5/v8/crypto/common" 8 "github.com/jcmturner/gokrb5/v8/crypto/rfc8009" 9 "github.com/stretchr/testify/assert" 10 ) 11 12 func TestAes256CtsHmacSha384192_StringToKey(t *testing.T) { 13 t.Parallel() 14 // Test vectors from RFC 8009 Appendix A 15 // Random 16bytes in test vector as string 16 r, _ := hex.DecodeString("10DF9DD783E5BC8ACEA1730E74355F61") 17 s := string(r) 18 var tests = []struct { 19 iterations uint32 20 phrase string 21 salt string 22 saltp string 23 key string 24 }{ 25 {32768, "password", s + "ATHENA.MIT.EDUraeburn", "6165733235362d6374732d686d61632d7368613338342d3139320010df9dd783e5bc8acea1730e74355f61415448454e412e4d49542e4544557261656275726e", "45bd806dbf6a833a9cffc1c94589a222367a79bc21c413718906e9f578a78467"}, 26 } 27 var e Aes256CtsHmacSha384192 28 for _, test := range tests { 29 saltp := rfc8009.GetSaltP(test.salt, "aes256-cts-hmac-sha384-192") 30 assert.Equal(t, test.saltp, hex.EncodeToString([]byte(saltp)), "SaltP not as expected") 31 32 k, _ := e.StringToKey(test.phrase, test.salt, common.IterationsToS2Kparams(test.iterations)) 33 assert.Equal(t, test.key, hex.EncodeToString(k), "String to Key not as expected") 34 } 35 } 36 37 func TestAes256CtsHmacSha384192_DeriveKey(t *testing.T) { 38 t.Parallel() 39 // Test vectors from RFC 8009 Appendix A 40 protocolBaseKey, _ := hex.DecodeString("6d404d37faf79f9df0d33568d320669800eb4836472ea8a026d16b7182460c52") 41 testUsage := uint32(2) 42 var e Aes256CtsHmacSha384192 43 k, err := e.DeriveKey(protocolBaseKey, common.GetUsageKc(testUsage)) 44 if err != nil { 45 t.Fatalf("Error deriving checksum key: %v", err) 46 } 47 assert.Equal(t, "ef5718be86cc84963d8bbb5031e9f5c4ba41f28faf69e73d", hex.EncodeToString(k), "Checksum derived key not as epxected") 48 k, err = e.DeriveKey(protocolBaseKey, common.GetUsageKe(testUsage)) 49 if err != nil { 50 t.Fatalf("Error deriving encryption key: %v", err) 51 } 52 assert.Equal(t, "56ab22bee63d82d7bc5227f6773f8ea7a5eb1c825160c38312980c442e5c7e49", hex.EncodeToString(k), "Encryption derived key not as epxected") 53 k, err = e.DeriveKey(protocolBaseKey, common.GetUsageKi(testUsage)) 54 if err != nil { 55 t.Fatalf("Error deriving integrity key: %v", err) 56 } 57 assert.Equal(t, "69b16514e3cd8e56b82010d5c73012b622c4d00ffc23ed1f", hex.EncodeToString(k), "Integrity derived key not as epxected") 58 } 59 60 func TestAes256CtsHmacSha384192_Cypto(t *testing.T) { 61 t.Parallel() 62 protocolBaseKey, _ := hex.DecodeString("6d404d37faf79f9df0d33568d320669800eb4836472ea8a026d16b7182460c52") 63 testUsage := uint32(2) 64 var tests = []struct { 65 plain string 66 confounder string 67 ke string 68 ki string 69 encrypted string // AESOutput 70 hash string // TruncatedHMACOutput 71 cipher string // Ciphertext(AESOutput|HMACOutput) 72 }{ 73 // Test vectors from RFC 8009 Appendix A 74 {"", "f764e9fa15c276478b2c7d0c4e5f58e4", "56ab22bee63d82d7bc5227f6773f8ea7a5eb1c825160c38312980c442e5c7e49", "69b16514e3cd8e56b82010d5c73012b622c4d00ffc23ed1f", "41f53fa5bfe7026d91faf9be959195a0", "58707273a96a40f0a01960621ac612748b9bbfbe7eb4ce3c", "41f53fa5bfe7026d91faf9be959195a058707273a96a40f0a01960621ac612748b9bbfbe7eb4ce3c"}, 75 {"000102030405", "b80d3251c1f6471494256ffe712d0b9a", "56ab22bee63d82d7bc5227f6773f8ea7a5eb1c825160c38312980c442e5c7e49", "69b16514e3cd8e56b82010d5c73012b622c4d00ffc23ed1f", "4ed7b37c2bcac8f74f23c1cf07e62bc7b75fb3f637b9", "f559c7f664f69eab7b6092237526ea0d1f61cb20d69d10f2", "4ed7b37c2bcac8f74f23c1cf07e62bc7b75fb3f637b9f559c7f664f69eab7b6092237526ea0d1f61cb20d69d10f2"}, 76 {"000102030405060708090a0b0c0d0e0f", "53bf8a0d105265d4e276428624ce5e63", "56ab22bee63d82d7bc5227f6773f8ea7a5eb1c825160c38312980c442e5c7e49", "69b16514e3cd8e56b82010d5c73012b622c4d00ffc23ed1f", "bc47ffec7998eb91e8115cf8d19dac4bbbe2e163e87dd37f49beca92027764f6", "8cf51f14d798c2273f35df574d1f932e40c4ff255b36a266", "bc47ffec7998eb91e8115cf8d19dac4bbbe2e163e87dd37f49beca92027764f68cf51f14d798c2273f35df574d1f932e40c4ff255b36a266"}, 77 {"000102030405060708090a0b0c0d0e0f1011121314", "763e65367e864f02f55153c7e3b58af1", "56ab22bee63d82d7bc5227f6773f8ea7a5eb1c825160c38312980c442e5c7e49", "69b16514e3cd8e56b82010d5c73012b622c4d00ffc23ed1f", "40013e2df58e8751957d2878bcd2d6fe101ccfd556cb1eae79db3c3ee86429f2b2a602ac86", "fef6ecb647d6295fae077a1feb517508d2c16b4192e01f62", "40013e2df58e8751957d2878bcd2d6fe101ccfd556cb1eae79db3c3ee86429f2b2a602ac86fef6ecb647d6295fae077a1feb517508d2c16b4192e01f62"}, 78 } 79 var e Aes256CtsHmacSha384192 80 for i, test := range tests { 81 m, _ := hex.DecodeString(test.plain) 82 b, _ := hex.DecodeString(test.encrypted) 83 ke, _ := hex.DecodeString(test.ke) 84 cf, _ := hex.DecodeString(test.confounder) 85 ct, _ := hex.DecodeString(test.cipher) 86 cfm := append(cf, m...) 87 88 // Test encryption to raw encrypted bytes 89 _, c, err := e.EncryptData(ke, cfm) 90 if err != nil { 91 t.Errorf("encryption failed for test %v: %v", i+1, err) 92 } 93 assert.Equal(t, test.encrypted, hex.EncodeToString(c), "Encrypted result not as expected - test %v", i) 94 95 // Test decryption of raw encrypted bytes 96 p, err := e.DecryptData(ke, b) 97 //Remove the confounder bytes 98 p = p[e.GetConfounderByteSize():] 99 if err != nil { 100 t.Errorf("decryption failed for test %v: %v", i+1, err) 101 } 102 assert.Equal(t, test.plain, hex.EncodeToString(p), "Decrypted result not as expected - test %v", i) 103 104 // Test integrity check of complete ciphertext message 105 assert.True(t, e.VerifyIntegrity(protocolBaseKey, ct, ct, testUsage), "Integrity check of cipher text failed") 106 107 // Test encrypting and decrypting a complete cipertext message (with confounder, integrity hash) 108 _, cm, err := e.EncryptMessage(protocolBaseKey, m, testUsage) 109 if err != nil { 110 t.Errorf("encryption to message failed for test %v: %v", i+1, err) 111 } 112 dm, err := e.DecryptMessage(protocolBaseKey, cm, testUsage) 113 if err != nil { 114 t.Errorf("decrypting complete encrypted message failed for test %v: %v", i+1, err) 115 } 116 assert.Equal(t, m, dm, "Message not as expected after encrypting and decrypting for test %v: %v", i+1, err) 117 118 // Test the integrity hash 119 ivz := make([]byte, e.GetConfounderByteSize()) 120 hm := append(ivz, b...) 121 mac, _ := common.GetIntegrityHash(hm, protocolBaseKey, testUsage, e) 122 assert.Equal(t, test.hash, hex.EncodeToString(mac), "HMAC result not as expected - test %v", i) 123 } 124 } 125 126 func TestAes256CtsHmacSha384192_VerifyIntegrity(t *testing.T) { 127 t.Parallel() 128 // Test vectors from RFC 8009 129 protocolBaseKey, _ := hex.DecodeString("6d404d37faf79f9df0d33568d320669800eb4836472ea8a026d16b7182460c52") 130 testUsage := uint32(2) 131 var e Aes256CtsHmacSha384192 132 var tests = []struct { 133 kc string 134 pt string 135 chksum string 136 }{ 137 {"ef5718be86cc84963d8bbb5031e9f5c4ba41f28faf69e73d", "000102030405060708090a0b0c0d0e0f1011121314", "45ee791567eefca37f4ac1e0222de80d43c3bfa06699672a"}, 138 } 139 for _, test := range tests { 140 p, _ := hex.DecodeString(test.pt) 141 b, err := e.GetChecksumHash(protocolBaseKey, p, testUsage) 142 if err != nil { 143 t.Errorf("error generating checksum: %v", err) 144 } 145 assert.Equal(t, test.chksum, hex.EncodeToString(b), "Checksum not as expected") 146 } 147 }