upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-11 08:50:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Remove AES algorithm for DNS cookies

Browse source 
The AES algorithm for DNS cookies was being kept for legacy reasons, and
it can be safely removed in the next major release.  Remove both the AES
usage for DNS cookies and the AES implementation itself.
This commit is contained in:
Ondřej Surý 2023-11-07 14:42:33 +01:00
parent 25cfec4d2b
commit 17da9fed58
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
15 changed files with 21 additions and 466 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
bin/named/server.c
View file

@ -32,7 +32,6 @@
#include <systemd/sd-daemon.h>
#endif
#include <isc/aes.h>
#include <isc/async.h>
#include <isc/attributes.h>
#include <isc/base64.h>
@ -9418,8 +9417,6 @@ load_configuration(const char *filename, named_server_t *server,
INSIST(result == ISC_R_SUCCESS);
if (strcasecmp(cfg_obj_asstring(obj), "siphash24") == 0) {
server->sctx->cookiealg = ns_cookiealg_siphash24;
} else if (strcasecmp(cfg_obj_asstring(obj), "aes") == 0) {
server->sctx->cookiealg = ns_cookiealg_aes;
} else {
UNREACHABLE();
}
@ -9486,21 +9483,6 @@ load_configuration(const char *filename, named_server_t *server,
goto cleanup_altsecrets;
}
break;
case ns_cookiealg_aes:
expectedlength = ISC_AES128_KEYLENGTH;
if (usedlength != expectedlength) {
result = ISC_R_RANGE;
isc_log_write(
named_g_lctx,
NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER,
ISC_LOG_ERROR,
"AES cookie-secret must be 128 "
"bits: %s",
isc_result_totext(result));
goto cleanup_altsecrets;
}
break;
}
}
} else {

0
bin/tests/system/cookie/good-cookie-aes.conf → bin/tests/system/cookie/bad-cookie-aes.conf
View file

17
bin/tests/system/cookie/bad-cookie-badaes.conf
View file

@ -1,17 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
cookie-algorithm aes;
cookie-secret "ebc7701beabb4a40c57d140eeb6733faaa"; // 136 bits
};

6
configure.ac
View file

@ -764,12 +764,6 @@ AC_CHECK_FUNCS([EVP_sha1], [:],
AC_CHECK_FUNCS([EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512], [:],
[AC_MSG_FAILURE([SHA-2 support in OpenSSL is mandatory.])])
#
# Check for OpenSSL AES support
#
AC_CHECK_FUNCS([EVP_aes_128_ecb EVP_aes_192_ecb EVP_aes_256_ecb], [:],
[AC_MSG_FAILURE([AES support in OpenSSL is mandatory.])])
#
# Check for OpenSSL 1.1.x/LibreSSL functions
#

9
doc/arm/reference.rst
View file

@ -2371,9 +2371,9 @@ Boolean Options
:tags: server
:short: Sets the algorithm to be used when generating a server cookie.
This sets the algorithm to be used when generating the server cookie; the options are
"aes" or "siphash24". The default is "siphash24". The "aes" option remains for legacy
purposes.
This sets the algorithm to be used when generating the server cookie. The
default is "siphash24", which is the only supported option, as the
previously supported "aes" option has been removed.
.. namedconf:statement:: cookie-secret
:tags: server
@ -2382,8 +2382,7 @@ Boolean Options
If set, this is a shared secret used for generating and verifying
EDNS COOKIE options within an anycast cluster. If not set, the system
generates a random secret at startup. The shared secret is
encoded as a hex string and needs to be 128 bits for either "siphash24"
or "aes".
encoded as a hex string and needs to be 128 bits.
If there are multiple secrets specified, the first one listed in
:iscman:`named.conf` is used to generate new server cookies. The others

2
doc/misc/options
View file

@ -92,7 +92,7 @@ options {
check-svcb <boolean>;
check-wildcard <boolean>;
clients-per-query <integer>;
cookie-algorithm ( aes | siphash24 );
cookie-algorithm ( siphash24 );
cookie-secret <string>; // may occur multiple times
deny-answer-addresses { <address_match_element>; ... } [ except-from { <string>; ... } ];
deny-answer-aliases { <string>; ... } [ except-from { <string>; ... } ];

2
lib/isc/Makefile.am
View file

@ -4,7 +4,6 @@ lib_LTLIBRARIES = libisc.la
libisc_ladir = $(includedir)/isc
libisc_la_HEADERS = \
include/isc/aes.h \
include/isc/align.h \
include/isc/ascii.h \
include/isc/assertions.h \
@ -112,7 +111,6 @@ libisc_la_SOURCES = \
netmgr/timer.c \
netmgr/tlsstream.c \
netmgr/udp.c \
aes.c \
ascii.c \
assertions.c \
async.c \

71
lib/isc/aes.c
View file

@ -1,71 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file isc/aes.c */
#include <openssl/evp.h>
#include <openssl/opensslv.h>
#include <isc/aes.h>
#include <isc/assertions.h>
#include <isc/string.h>
#include <isc/types.h>
#include <isc/util.h>
void
isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out) {
EVP_CIPHER_CTX *c;
int len;
c = EVP_CIPHER_CTX_new();
RUNTIME_CHECK(c != NULL);
RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_128_ecb(), key, NULL) == 1);
EVP_CIPHER_CTX_set_padding(c, 0);
RUNTIME_CHECK(
EVP_EncryptUpdate(c, out, &len, in, ISC_AES_BLOCK_LENGTH) == 1);
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
EVP_CIPHER_CTX_free(c);
}
void
isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out) {
EVP_CIPHER_CTX *c;
int len;
c = EVP_CIPHER_CTX_new();
RUNTIME_CHECK(c != NULL);
RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_192_ecb(), key, NULL) == 1);
EVP_CIPHER_CTX_set_padding(c, 0);
RUNTIME_CHECK(
EVP_EncryptUpdate(c, out, &len, in, ISC_AES_BLOCK_LENGTH) == 1);
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
EVP_CIPHER_CTX_free(c);
}
void
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out) {
EVP_CIPHER_CTX *c;
int len;
c = EVP_CIPHER_CTX_new();
RUNTIME_CHECK(c != NULL);
RUNTIME_CHECK(EVP_EncryptInit(c, EVP_aes_256_ecb(), key, NULL) == 1);
EVP_CIPHER_CTX_set_padding(c, 0);
RUNTIME_CHECK(
EVP_EncryptUpdate(c, out, &len, in, ISC_AES_BLOCK_LENGTH) == 1);
RUNTIME_CHECK(len == ISC_AES_BLOCK_LENGTH);
EVP_CIPHER_CTX_free(c);
}

40
lib/isc/include/isc/aes.h
View file

@ -1,40 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file isc/aes.h */
#pragma once
#include <isc/lang.h>
#include <isc/types.h>
#define ISC_AES128_KEYLENGTH 16U
#define ISC_AES192_KEYLENGTH 24U
#define ISC_AES256_KEYLENGTH 32U
#define ISC_AES_BLOCK_LENGTH 16U
ISC_LANG_BEGINDECLS
void
isc_aes128_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out);
void
isc_aes192_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out);
void
isc_aes256_crypt(const unsigned char *key, const unsigned char *in,
unsigned char *out);
ISC_LANG_ENDDECLS

17
lib/isccfg/check.c
View file

@ -25,7 +25,6 @@
#include <fstrm.h>
#endif
#include <isc/aes.h>
#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/dir.h>
@ -1563,7 +1562,11 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
ccalg = cfg_obj_asstring(obj);
if (strcasecmp(ccalg, "aes") == 0) {
cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
"cookie-algorithm 'aes' is deprecated");
"cookie-algorithm 'aes' is obsolete and "
"should be removed");
if (result == ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
}
}
@ -1599,16 +1602,6 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
}
usedlength = isc_buffer_usedlength(&b);
if (strcasecmp(ccalg, "aes") == 0 &&
usedlength != ISC_AES128_KEYLENGTH)
{
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"AES cookie-secret must be 128 "
"bits");
if (result == ISC_R_SUCCESS) {
result = ISC_R_RANGE;
}
}
if (strcasecmp(ccalg, "siphash24") == 0 &&
usedlength != ISC_SIPHASH24_KEY_LENGTH)
{

2
lib/isccfg/namedconf.c
View file

@ -1082,7 +1082,7 @@ static cfg_type_t cfg_type_bracketed_portlist = { "bracketed_portlist",
&cfg_rep_list,
&cfg_type_portrange };
static const char *cookiealg_enums[] = { "aes", "siphash24", NULL };
static const char *cookiealg_enums[] = { "siphash24", NULL };
static cfg_type_t cfg_type_cookiealg = { "cookiealg", cfg_parse_enum,
cfg_print_ustring, cfg_doc_enum,
&cfg_rep_string, &cookiealg_enums };

68
lib/ns/client.c
View file

@ -15,7 +15,6 @@
#include <limits.h>
#include <stdbool.h>
#include <isc/aes.h>
#include <isc/async.h>
#include <isc/atomic.h>
#include <isc/formatcheck.h>
@ -23,7 +22,6 @@
#include <isc/hmac.h>
#include <isc/log.h>
#include <isc/mutex.h>
#include <isc/nonce.h>
#include <isc/once.h>
#include <isc/random.h>
#include <isc/safe.h>
@ -122,8 +120,8 @@ clientmgr_destroy_cb(void *arg);
static void
ns_client_dumpmessage(ns_client_t *client, const char *reason);
static void
compute_cookie(ns_client_t *client, uint32_t when, uint32_t nonce,
const unsigned char *secret, isc_buffer_t *buf);
compute_cookie(ns_client_t *client, uint32_t when, const unsigned char *secret,
isc_buffer_t *buf);
void
ns_client_recursing(ns_client_t *client) {
@ -1006,14 +1004,11 @@ no_nsid:
if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0) {
isc_buffer_t buf;
isc_stdtime_t now = isc_stdtime_now();
uint32_t nonce;
isc_buffer_init(&buf, cookie, sizeof(cookie));
isc_random_buf(&nonce, sizeof(nonce));
compute_cookie(client, now, nonce,
client->manager->sctx->secret, &buf);
compute_cookie(client, now, client->manager->sctx->secret,
&buf);
INSIST(count < DNS_EDNSOPTIONS);
ednsopts[count].code = DNS_OPT_COOKIE;
@ -1145,13 +1140,11 @@ no_nsid:
}
static void
compute_cookie(ns_client_t *client, uint32_t when, uint32_t nonce,
const unsigned char *secret, isc_buffer_t *buf) {
compute_cookie(ns_client_t *client, uint32_t when, const unsigned char *secret,
isc_buffer_t *buf) {
unsigned char digest[ISC_MAX_MD_SIZE] ISC_NONSTRING = { 0 };
STATIC_ASSERT(ISC_MAX_MD_SIZE >= ISC_SIPHASH24_TAG_LENGTH,
"You need to increase the digest buffer.");
STATIC_ASSERT(ISC_MAX_MD_SIZE >= ISC_AES_BLOCK_LENGTH,
"You need to increase the digest buffer.");
switch (client->manager->sctx->cookiealg) {
case ns_cookiealg_siphash24: {
@ -1188,48 +1181,6 @@ compute_cookie(ns_client_t *client, uint32_t when, uint32_t nonce,
isc_buffer_putmem(buf, digest, 8);
break;
}
case ns_cookiealg_aes: {
unsigned char input[4 + 4 + 16] ISC_NONSTRING = { 0 };
isc_netaddr_t netaddr;
unsigned char *cp;
unsigned int i;
isc_buffer_putmem(buf, client->cookie, 8);
isc_buffer_putuint32(buf, nonce);
isc_buffer_putuint32(buf, when);
memmove(input, (unsigned char *)isc_buffer_used(buf) - 16, 16);
isc_aes128_crypt(secret, input, digest);
for (i = 0; i < 8; i++) {
input[i] = digest[i] ^ digest[i + 8];
}
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
switch (netaddr.family) {
case AF_INET:
cp = (unsigned char *)&netaddr.type.in;
memmove(input + 8, cp, 4);
memset(input + 12, 0, 4);
isc_aes128_crypt(secret, input, digest);
break;
case AF_INET6:
cp = (unsigned char *)&netaddr.type.in6;
memmove(input + 8, cp, 16);
isc_aes128_crypt(secret, input, digest);
for (i = 0; i < 8; i++) {
input[i + 8] = digest[i] ^ digest[i + 8];
}
isc_aes128_crypt(client->manager->sctx->secret,
input + 8, digest);
break;
default:
UNREACHABLE();
}
for (i = 0; i < 8; i++) {
digest[i] ^= digest[i + 8];
}
isc_buffer_putmem(buf, digest, 8);
break;
}
default:
UNREACHABLE();
}
@ -1242,7 +1193,6 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
unsigned char *old;
isc_stdtime_t now;
uint32_t when;
uint32_t nonce;
isc_buffer_t db;
/*
@ -1285,7 +1235,7 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
old = isc_buffer_current(buf);
memmove(client->cookie, old, 8);
isc_buffer_forward(buf, 8);
nonce = isc_buffer_getuint32(buf);
isc_buffer_forward(buf, 4); /* version + reserved */
when = isc_buffer_getuint32(buf);
isc_buffer_forward(buf, 8);
@ -1304,7 +1254,7 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
}
isc_buffer_init(&db, dbuf, sizeof(dbuf));
compute_cookie(client, when, nonce, client->manager->sctx->secret, &db);
compute_cookie(client, when, client->manager->sctx->secret, &db);
if (isc_safe_memequal(old, dbuf, COOKIE_SIZE)) {
ns_stats_increment(client->manager->sctx->nsstats,
@ -1317,7 +1267,7 @@ process_cookie(ns_client_t *client, isc_buffer_t *buf, size_t optlen) {
altsecret != NULL; altsecret = ISC_LIST_NEXT(altsecret, link))
{
isc_buffer_init(&db, dbuf, sizeof(dbuf));
compute_cookie(client, when, nonce, altsecret->secret, &db);
compute_cookie(client, when, altsecret->secret, &db);
if (isc_safe_memequal(old, dbuf, COOKIE_SIZE)) {
ns_stats_increment(client->manager->sctx->nsstats,
ns_statscounter_cookiematch);

2
lib/ns/include/ns/types.h
View file

@ -28,6 +28,6 @@ typedef struct ns_server ns_server_t;
typedef struct ns_stats ns_stats_t;
typedef struct ns_hookasync ns_hookasync_t;
typedef enum { ns_cookiealg_aes, ns_cookiealg_siphash24 } ns_cookiealg_t;
typedef enum { ns_cookiealg_siphash24 } ns_cookiealg_t;
#define NS_COOKIE_VERSION_1 1

1
tests/isc/Makefile.am
View file

@ -13,7 +13,6 @@ LDADD += \
check_PROGRAMS = \
ascii_test \
aes_test \
async_test \
buffer_test \
counter_test \

232
tests/isc/aes_test.c
View file

@ -1,232 +0,0 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
#include <inttypes.h>
#include <sched.h> /* IWYU pragma: keep */
#include <setjmp.h>
#include <stdarg.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define UNIT_TESTING
#include <cmocka.h>
#include <isc/aes.h>
#include <isc/buffer.h>
#include <isc/hex.h>
#include <isc/region.h>
#include <isc/string.h>
#include <isc/util.h>
#include <tests/isc.h>
/*
* Test data from NIST KAT
*/
isc_result_t
tohexstr(unsigned char *d, char *out);
size_t
fromhexstr(const char *in, unsigned char *d);
unsigned char plaintext[3 * ISC_AES_BLOCK_LENGTH];
unsigned char ciphertext[ISC_AES_BLOCK_LENGTH];
char str[2 * ISC_AES_BLOCK_LENGTH + 1];
unsigned char key[ISC_AES256_KEYLENGTH + 1];
size_t len;
isc_result_t
tohexstr(unsigned char *d, char *out) {
isc_buffer_t b;
isc_region_t r;
isc_buffer_init(&b, out, 2 * ISC_AES_BLOCK_LENGTH + 1);
r.base = d;
r.length = ISC_AES_BLOCK_LENGTH;
return (isc_hex_totext(&r, 0, "", &b));
}
size_t
fromhexstr(const char *in, unsigned char *d) {
isc_buffer_t b;
isc_result_t ret;
isc_buffer_init(&b, d, ISC_AES256_KEYLENGTH + 1);
ret = isc_hex_decodestring(in, &b);
if (ret != ISC_R_SUCCESS) {
return (0);
}
return (isc_buffer_usedlength(&b));
}
typedef struct aes_testcase {
const char *key;
const char *input;
const char *result;
} aes_testcase_t;
/* AES 128 test vectors */
ISC_RUN_TEST_IMPL(isc_aes128_test) {
aes_testcase_t testcases[] = { /* Test 1 (KAT ECBVarTxt128 #3) */
{ "00000000000000000000000000000000",
"F0000000000000000000000000000000",
"96D9FD5CC4F07441727DF0F33E401A36" },
/* Test 2 (KAT ECBVarTxt128 #123) */
{ "00000000000000000000000000000000",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0",
"F9B0FDA0C4A898F5B9E6F661C4CE4D07" },
/* Test 3 (KAT ECBVarKey128 #3) */
{ "F0000000000000000000000000000000",
"00000000000000000000000000000000",
"970014D634E2B7650777E8E84D03CCD8" },
/* Test 4 (KAT ECBVarKey128 #123) */
{ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0",
"00000000000000000000000000000000",
"41C78C135ED9E98C096640647265DA1E" },
/* Test 5 (KAT ECBGFSbox128 #3) */
{ "00000000000000000000000000000000",
"6A118A874519E64E9963798A503F1D35",
"DC43BE40BE0E53712F7E2BF5CA707209" },
/* Test 6 (KAT ECBKeySbox128 #3) */
{ "B6364AC4E1DE1E285EAF144A2415F7A0",
"00000000000000000000000000000000",
"5D9B05578FC944B3CF1CCF0E746CD581" },
{ NULL, NULL, NULL }
};
aes_testcase_t *testcase = testcases;
UNUSED(state);
while (testcase->key != NULL) {
len = fromhexstr(testcase->key, key);
assert_int_equal(len, ISC_AES128_KEYLENGTH);
len = fromhexstr(testcase->input, plaintext);
assert_int_equal(len, ISC_AES_BLOCK_LENGTH);
isc_aes128_crypt(key, plaintext, ciphertext);
assert_int_equal(tohexstr(ciphertext, str), ISC_R_SUCCESS);
assert_string_equal(str, testcase->result);
testcase++;
}
}
/* AES 192 test vectors */
ISC_RUN_TEST_IMPL(isc_aes192_test) {
aes_testcase_t testcases[] = {
/* Test 1 (KAT ECBVarTxt192 #3) */
{ "000000000000000000000000000000000000000000000000",
"F0000000000000000000000000000000",
"2A560364CE529EFC21788779568D5555" },
/* Test 2 (KAT ECBVarTxt192 #123) */
{ "000000000000000000000000000000000000000000000000",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0",
"2AABB999F43693175AF65C6C612C46FB" },
/* Test 3 (KAT ECBVarKey192 #3) */
{ "F00000000000000000000000000000000000000000000000",
"00000000000000000000000000000000",
"180B09F267C45145DB2F826C2582D35C" },
/* Test 4 (KAT ECBVarKey192 #187) */
{ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0",
"00000000000000000000000000000000",
"EACF1E6C4224EFB38900B185AB1DFD42" },
/* Test 5 (KAT ECBGFSbox192 #3) */
{ "000000000000000000000000000000000000000000000000",
"51719783D3185A535BD75ADC65071CE1",
"4F354592FF7C8847D2D0870CA9481B7C" },
/* Test 6 (KAT ECBKeySbox192 #3) */
{ "CD62376D5EBB414917F0C78F05266433DC9192A1EC943300",
"00000000000000000000000000000000",
"7F6C25FF41858561BB62F36492E93C29" },
{ NULL, NULL, NULL }
};
aes_testcase_t *testcase = testcases;
while (testcase->key != NULL) {
len = fromhexstr(testcase->key, key);
assert_int_equal(len, ISC_AES192_KEYLENGTH);
len = fromhexstr(testcase->input, plaintext);
assert_int_equal(len, ISC_AES_BLOCK_LENGTH);
isc_aes192_crypt(key, plaintext, ciphertext);
assert_int_equal(tohexstr(ciphertext, str), ISC_R_SUCCESS);
assert_string_equal(str, testcase->result);
testcase++;
}
}
/* AES 256 test vectors */
ISC_RUN_TEST_IMPL(isc_aes256_test) {
aes_testcase_t testcases[] = { /* Test 1 (KAT ECBVarTxt256 #3) */
{ "00000000000000000000000000000000"
"00000000000000000000000000000000",
"F0000000000000000000000000000000",
"7F2C5ECE07A98D8BEE13C51177395FF7" },
/* Test 2 (KAT ECBVarTxt256 #123) */
{ "00000000000000000000000000000000"
"00000000000000000000000000000000",
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0",
"7240E524BC51D8C4D440B1BE55D1062C" },
/* Test 3 (KAT ECBVarKey256 #3) */
{ "F0000000000000000000000000000000"
"00000000000000000000000000000000",
"00000000000000000000000000000000",
"1C777679D50037C79491A94DA76A9A35" },
/* Test 4 (KAT ECBVarKey256 #251) */
{ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0",
"00000000000000000000000000000000",
"03720371A04962EAEA0A852E69972858" },
/* Test 5 (KAT ECBGFSbox256 #3) */
{ "00000000000000000000000000000000"
"00000000000000000000000000000000",
"8A560769D605868AD80D819BDBA03771",
"38F2C7AE10612415D27CA190D27DA8B4" },
/* Test 6 (KAT ECBKeySbox256 #3) */
{ "984CA75F4EE8D706F46C2D98C0BF4A45"
"F5B00D791C2DFEB191B5ED8E420FD627",
"00000000000000000000000000000000",
"4307456A9E67813B452E15FA8FFFE398" },
{ NULL, NULL, NULL }
};
aes_testcase_t *testcase = testcases;
UNUSED(state);
while (testcase->key != NULL) {
len = fromhexstr(testcase->key, key);
assert_int_equal(len, ISC_AES256_KEYLENGTH);
len = fromhexstr(testcase->input, plaintext);
assert_int_equal(len, ISC_AES_BLOCK_LENGTH);
isc_aes256_crypt(key, plaintext, ciphertext);
assert_int_equal(tohexstr(ciphertext, str), ISC_R_SUCCESS);
assert_string_equal(str, testcase->result);
testcase++;
}
}
ISC_TEST_LIST_START
ISC_TEST_ENTRY(isc_aes128_test)
ISC_TEST_ENTRY(isc_aes192_test)
ISC_TEST_ENTRY(isc_aes256_test)
ISC_TEST_LIST_END
ISC_TEST_MAIN