def WEPtestVector(testCase,plainText,iv,key,keyId,cipherText): """ Process WEP test vectors from RFCxxxx""" print '%s %s %s'%('='*((54-len(testCase))/2),testCase,'='*((54-len(testCase))/2)) # Convert from octet lists to string pt = a2b_p(plainText) iv = a2b_p(iv) key = a2b_p(key) kct = a2b_p(cipherText) alg = WEP(key,keyId=keyId) print 'key: %s'%b2a_p(key)[9:] print 'keyId: %x'%keyId print 'iv: %s'%b2a_p(iv)[9:] print 'pt: %s'%b2a_p(pt)[9:] print 'kct: %s'%b2a_p(kct)[9:] ct = alg.encrypt(pt, iv, keyId) print 'ct: %s'%b2a_p(ct)[9:] print 'crc: %s'%b2a_p(pack('<I',crc32(plainText)))[9:] print '========================================================' self.assertEqual( ct, kct ) alg.setKey(key,keyId=keyId) dct = alg.decrypt( ct ) self.assertEqual( dct, pt )
def checkTKIPtestVector(self, description, key, ta, iv, plainText, cipherText): """ Process TKIP encryption test vectors (no MIC) """ print '%s %s %s'%('='*((54-len(description))/2),description,'='*((54-len(description))/2)) # Convert from octet lists to string key = a2b_p(key) ta = a2b_p(ta) iv = a2b_p(iv) pt = a2b_p(plainText) kct = a2b_p(cipherText) mixer = TKIP_Mixer(key,ta) rc4key = mixer.newKey(iv) alg = TKIP_encr(key) alg.setTA(ta) print 'key: %s'%b2a_p(key)[9:] print 'rc4Key %s'%b2a_p(rc4key)[9:] # calculated print 'ta: %s'%b2a_p(ta)[9:] print 'iv: %s'%b2a_p(iv)[9:] print 'pt: %s'%b2a_p(pt)[9:] print 'kct: %s'%b2a_p(kct)[9:] ct = alg.encrypt(pt, iv) print 'ct: %s'%b2a_p(ct)[9:] cpt = alg.decrypt(kct) print 'cpt: %s'%b2a_p(cpt)[9:] print '========================================================' self.assertEqual( ct, kct ) alg.setKey(key) dct = alg.decrypt( ct ) self.assertEqual( dct, pt )
def CBCtestVector(key, iv, pt, kct): """ CBC test vectors using AES algorithm """ key, iv, pt, kct = a2b_hex(key), a2b_hex(iv), a2b_p(pt), a2b_p(kct) alg = AES_CBC(key, padding=noPadding()) self.assertEqual(alg.encrypt(pt, iv=iv), kct) self.assertEqual(alg.decrypt(iv + kct), pt)
def xtestTKIP_Mixer_TV_values(self): """ Test using vectors from IEEE 802.11TGi D2.4.2 """ for testCase in TKIP_TestVector: description = testCase['testCase'] tk = a2b_p(testCase['TK']) ta = a2b_p(testCase['TA']) pn = testCase['PN'] pnField = pack('<Q', pn)[:6] print '===========================================================' print 'testCase:%s'%description print 'TK: %s'%b2a_p(tk)[9:] print 'TA: %s'%b2a_p(ta)[9:] keyId = 0 eh1 = chr((ord(pnField[1])|0x20)&0x7f) eh = pnField[0]+eh1+pnField[1]+chr((keyId<<6)|0x20)+pnField[2:] print 'EncHdr: %s (with KeyId=0)' % b2a_p(eh)[9:] print 'PNfield: %s' % b2a_p(pnField)[9:] print 'PNvalue: 0x%06X' % pn print 'TSC?: [0x%04x, 0x%04x, 0x%04x]' % (unpack('<H',pnField[0:2])[0],\ unpack('<H',pnField[2:4])[0],unpack('<H',pnField[4:6])[0]) mixer = TKIP_Mixer(tk,ta) newRC4Key = mixer.newKey(pnField) p1kstring = ''.join([pack('>H',i) for i in mixer.phase1Key]) # a list of int's print 'TTAK: [0x%04x, 0x%04x, 0x%04x, 0x%04x, 0x%04x]' % (mixer.phase1Key[0], \ mixer.phase1Key[1],mixer.phase1Key[2],mixer.phase1Key[3],mixer.phase1Key[4]) print 'P1K: %s'%b2a_p(p1kstring)[9:] print 'RC4Key: %s' % b2a_p( newRC4Key )[9:] print 'kRC4Key: %s' % b2a_p( a2b_p(testCase['RC4KEY']))[9:] self.assertEqual(newRC4Key, a2b_p(testCase['RC4KEY'])) print '==========================================================='
def CBCtestVector(key,iv,pt,kct): """ CBC test vectors using AES algorithm """ key,iv,pt,kct = a2b_hex(key),a2b_hex(iv),a2b_p(pt),a2b_p(kct) alg = AES_CBC(key, padding=noPadding()) self.assertEqual( alg.encrypt(pt,iv=iv), kct ) self.assertEqual( alg.decrypt(iv+kct), pt )
def CCMtestVector(testCase, macSize, key, nonce, addAuth, pt, kct): """ CCM test vectors using AES algorithm """ print '%s %s %s' % ('=' * ((54 - len(testCase)) / 2), testCase, '=' * ((54 - len(testCase)) / 2)) key, nonce, pt, addAuth, kct = a2b_p(key), a2b_p(nonce), a2b_p( pt), a2b_p(addAuth), a2b_p(kct) alg = CCM(AES(key, keySize=len(key)), macSize=macSize, nonceSize=len(nonce)) print 'alg=%s%skeySize=%3d blockSize=%3d M=%2d L=%2d' % ( alg.baseCipher.name, ' ' * (10 - len(alg.baseCipher.name)), alg.keySize, alg.blockSize, alg.M, alg.L) print 'key: %s' % b2a_p(key)[9:] print 'nonce: %s' % b2a_p(nonce)[9:] print 'addAuth:%s' % b2a_p(addAuth)[9:] print 'pt: %s' % b2a_p(pt)[9:] ct = alg.encrypt(pt, nonce=nonce, addAuthData=addAuth) print 'ct: %s' % b2a_p(ct)[9:] print 'kct: %s' % b2a_p(kct)[9:] print '========================================================' self.assertEqual(ct, kct) dct = alg.decrypt(ct, nonce=nonce, addAuthData=addAuth) self.assertEqual(dct, pt)
def testCBC_Rijndael_variable_data(self): """ Rijndael CBC 256 """ key = '2b7e151628aed2a6abf7158809cf4f3c' iv = '000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f' key,iv = a2b_p(key),a2b_p(iv) alg = CBC(Rijndael(key, blockSize=32)) for i in range(100): pt = i*'a' ct = alg.encrypt(pt,iv=iv) self.assertEqual( alg.decrypt(iv+ct), pt )
def testCBC_Rijndael_256(self): """ Rijndael CBC 256 """ key = '2b7e151628aed2a6abf7158809cf4f3c' iv = '000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f' pt = """6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710""" key,iv,pt = a2b_p(key),a2b_p(iv),a2b_p(pt) alg = CBC(Rijndael(key, blockSize=32)) ct = alg.encrypt(pt,iv=iv) self.assertEqual( alg.decrypt(iv+ct), pt )
def testCBC_Rijndael_variable_data(self): """ Rijndael CBC 256 """ key = '2b7e151628aed2a6abf7158809cf4f3c' iv = '000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f' key, iv = a2b_p(key), a2b_p(iv) alg = CBC(Rijndael(key, blockSize=32)) for i in range(100): pt = i * 'a' ct = alg.encrypt(pt, iv=iv) self.assertEqual(alg.decrypt(iv + ct), pt)
def testCBC_Rijndael_256(self): """ Rijndael CBC 256 """ key = '2b7e151628aed2a6abf7158809cf4f3c' iv = '000102030405060708090a0b0c0d0e0f000102030405060708090a0b0c0d0e0f' pt = """6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e51 30c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710""" key, iv, pt = a2b_p(key), a2b_p(iv), a2b_p(pt) alg = CBC(Rijndael(key, blockSize=32)) ct = alg.encrypt(pt, iv=iv) self.assertEqual(alg.decrypt(iv + ct), pt)
def testKnownAnswerRFC3211_1(self): description = "RFC3211 KAT Test 1" password = "******" salt = a2b_p("12 34 56 78 78 56 34 12") iterations = 5 keySize = 8 knownAnswer = "D1 DA A7 86 15 F2 87 E6" self.pbkdf2KAT(description, password, salt, iterations, keySize, knownAnswer)
def testIVuniqueness(self): """ Test that two different instances have different IVs """ key = a2b_p('2b7e151628aed2a6abf7158809cf4f3c') pt = "This is a test case" alg1 = CBC(Rijndael(key, blockSize=32)) alg2 = CBC(Rijndael(key, blockSize=32)) ct1 = alg1.encrypt(pt) ct2 = alg2.encrypt(pt) self.assertNotEqual(ct1, ct2)
def testIVuniqueness(self): """ Test that two different instances have different IVs """ key = a2b_p('2b7e151628aed2a6abf7158809cf4f3c') pt = "This is a test case" alg1 = CBC(Rijndael(key, blockSize=32)) alg2 = CBC(Rijndael(key, blockSize=32)) ct1 = alg1.encrypt(pt) ct2 = alg2.encrypt(pt) self.assertNotEqual( ct1,ct2 )
def testDot11PassPhraseToPSK(self): passPhrase = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ssid = "ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ" knownAnswer = """be cb 93 86 6b b8 c3 83 2c b7 77 c2 f5 59 80 7c 8c 59 af cb 6e ae 73 48 85 00 13 00 a9 81 cc 62""" key = dot11PassPhraseToPSK( passPhrase, ssid ) self.assertEqual( a2b_p(knownAnswer), key )
def testIVmultencryptUnique(self): """ Test that two different encrypts have different IVs """ key = a2b_p('2b7e151628aed2a6abf7158809cf4f3c') pt = "This is yet another test case" alg1 = CBC(Rijndael(key, blockSize=32)) ct1 = alg1.encrypt(pt) ct2 = alg1.encrypt(pt) self.assertNotEqual(ct1, ct2) self.assertEqual(alg1.decrypt(ct1), pt) self.assertEqual(alg1.decrypt(ct1), alg1.decrypt(ct2))
def testIVmultencryptUnique(self): """ Test that two different encrypts have different IVs """ key = a2b_p('2b7e151628aed2a6abf7158809cf4f3c') pt = "This is yet another test case" alg1 = CBC(Rijndael(key, blockSize=32)) ct1 = alg1.encrypt(pt) ct2 = alg1.encrypt(pt) self.assertNotEqual( ct1, ct2 ) self.assertEqual( alg1.decrypt(ct1), pt ) self.assertEqual( alg1.decrypt(ct1), alg1.decrypt(ct2) )
def xtestTKIP_Mixer_TV_values(self): """ Test using vectors from IEEE 802.11TGi D2.4.2 """ for testCase in TKIP_TestVector: description = testCase["testCase"] tk = a2b_p(testCase["TK"]) ta = a2b_p(testCase["TA"]) pn = testCase["PN"] pnField = pack("<Q", pn)[:6] print "===========================================================" print "testCase:%s" % description print "TK: %s" % b2a_p(tk)[9:] print "TA: %s" % b2a_p(ta)[9:] keyId = 0 eh1 = chr((ord(pnField[1]) | 0x20) & 0x7F) eh = pnField[0] + eh1 + pnField[1] + chr((keyId << 6) | 0x20) + pnField[2:] print "EncHdr: %s (with KeyId=0)" % b2a_p(eh)[9:] print "PNfield: %s" % b2a_p(pnField)[9:] print "PNvalue: 0x%06X" % pn print "TSC?: [0x%04x, 0x%04x, 0x%04x]" % ( unpack("<H", pnField[0:2])[0], unpack("<H", pnField[2:4])[0], unpack("<H", pnField[4:6])[0], ) mixer = TKIP_Mixer(tk, ta) newRC4Key = mixer.newKey(pnField) p1kstring = "".join([pack(">H", i) for i in mixer.phase1Key]) # a list of int's print "TTAK: [0x%04x, 0x%04x, 0x%04x, 0x%04x, 0x%04x]" % ( mixer.phase1Key[0], mixer.phase1Key[1], mixer.phase1Key[2], mixer.phase1Key[3], mixer.phase1Key[4], ) print "P1K: %s" % b2a_p(p1kstring)[9:] print "RC4Key: %s" % b2a_p(newRC4Key)[9:] print "kRC4Key: %s" % b2a_p(a2b_p(testCase["RC4KEY"]))[9:] self.assertEqual(newRC4Key, a2b_p(testCase["RC4KEY"])) print "==========================================================="
def pbkdf2KAT(self,testDescription, password, salt, iterations, keySize, ka): """ Know Answer Tests from IEEE """ knownAnswer = a2b_p(ka) # convert ascii 2 binary derivedKey = pbkdf2(password, salt, iterations, keySize) print "========== %s ==========" % testDescription print 'password = "******"' % password print "salt/ssid = %s" % b2a_pter(salt, frnt=' ')[15:] print "iterations =", iterations print "keySize =", keySize print "derivedKey =", b2a_p(derivedKey, frnt=' ')[15:] #print "knownAnswer =", b2a_p(knownAnswer, frnt=' ')[15:] self.assertEqual(derivedKey, knownAnswer), "KAT Failed-> %s "% testDescription
def CCMtestVector(testCase,macSize,key,nonce,addAuth,pt,kct): """ CCM test vectors using AES algorithm """ print '%s %s %s'%('='*((54-len(testCase))/2),testCase,'='*((54-len(testCase))/2)) key,nonce,pt,addAuth,kct = a2b_p(key),a2b_p(nonce),a2b_p(pt),a2b_p(addAuth),a2b_p(kct) alg = CCM(AES(key,keySize=len(key)),macSize=macSize, nonceSize=len(nonce)) print 'alg=%s%skeySize=%3d blockSize=%3d M=%2d L=%2d'%(alg.baseCipher.name, ' '*(10-len(alg.baseCipher.name)), alg.keySize, alg.blockSize, alg.M, alg.L) print 'key: %s'%b2a_p(key)[9:] print 'nonce: %s'%b2a_p(nonce)[9:] print 'addAuth:%s'%b2a_p(addAuth)[9:] print 'pt: %s'%b2a_p(pt)[9:] ct = alg.encrypt(pt,nonce=nonce,addAuthData=addAuth) print 'ct: %s'%b2a_p(ct)[9:] print 'kct: %s'%b2a_p(kct)[9:] print '========================================================' self.assertEqual( ct, kct ) dct = alg.decrypt(ct,nonce=nonce,addAuthData=addAuth) self.assertEqual( dct, pt )
def checkTKIPtestVector(self, description, key, ta, iv, plainText, cipherText): """ Process TKIP encryption test vectors (no MIC) """ print '%s %s %s' % ('=' * ((54 - len(description)) / 2), description, '=' * ((54 - len(description)) / 2)) # Convert from octet lists to string key = a2b_p(key) ta = a2b_p(ta) iv = a2b_p(iv) pt = a2b_p(plainText) kct = a2b_p(cipherText) mixer = TKIP_Mixer(key, ta) rc4key = mixer.newKey(iv) alg = TKIP_encr(key) alg.setTA(ta) print 'key: %s' % b2a_p(key)[9:] print 'rc4Key %s' % b2a_p(rc4key)[9:] # calculated print 'ta: %s' % b2a_p(ta)[9:] print 'iv: %s' % b2a_p(iv)[9:] print 'pt: %s' % b2a_p(pt)[9:] print 'kct: %s' % b2a_p(kct)[9:] ct = alg.encrypt(pt, iv) print 'ct: %s' % b2a_p(ct)[9:] cpt = alg.decrypt(kct) print 'cpt: %s' % b2a_p(cpt)[9:] print '========================================================' self.assertEqual(ct, kct) alg.setKey(key) dct = alg.decrypt(ct) self.assertEqual(dct, pt)
def testTKIP_Mixer_KnowValues(self): """ Test using vectors from IEEE 802.11TGi D2.4.2 """ for testCase in TKIP_MixerTestCases: description = testCase["testCase"] tk = a2b_p(testCase["TK"]) ta = a2b_p(testCase["TA"]) iv32 = a2b_p(testCase["IV32"]) # last 4 octets of PN/IV field iv16 = a2b_p(testCase["IV16"]) # NOTE - iv16 and iv32 are confused notation from early drafts # may not match notation in the future pnField = iv16[1] + iv16[0] + iv32[3] + iv32[2] + iv32[1] + iv32[0] pn = unpack("<Q", pnField + 2 * chr(0))[0] knownP1key = a2b_p(testCase["P1K"]) knownRC4Key = a2b_p(testCase["RC4KEY"]) print "===========================================================" print "testCase:%s" % description print "TK: %s" % b2a_p(tk)[9:] print "TA: %s" % b2a_p(ta)[9:] print "IV32: %s" % b2a_p(iv32)[9:] print "IV16: %s" % b2a_p(iv16)[9:] keyId = 0 eh1 = chr((ord(pnField[1]) | 0x20) & 0x7F) eh = pnField[0] + eh1 + pnField[1] + chr((keyId << 6) | 0x20) + pnField[2:] print "EncHdr: %s (with KeyId=0)" % b2a_p(eh)[9:] print "PNfield: %s" % b2a_p(pnField)[9:] print "PNvalue: hex 0x%012X decimal %d" % (pn, pn) # print 'TSC: [0x%04x, 0x%04x, 0x%04x]' % (unpack('<H',pnField[0:2])[0],\ # unpack('<H',pnField[2:4])[0],unpack('<H',pnField[4:6])[0]) mixer = TKIP_Mixer(tk, ta) newRC4Key = mixer.newKey(pnField) p1kstring = "".join([pack(">H", i) for i in mixer.phase1Key]) # a list of int's print "TTAK: [0x%04x, 0x%04x, 0x%04x, 0x%04x, 0x%04x]" % ( mixer.phase1Key[0], mixer.phase1Key[1], mixer.phase1Key[2], mixer.phase1Key[3], mixer.phase1Key[4], ) print "P1K: %s" % b2a_p(p1kstring)[9:] # print 'knownP1K:%s'%b2a_p(knownP1key)[9:] self.assertEqual(p1kstring, knownP1key), "Phase1 Keys dont match" print "RC4Key: %s" % b2a_p(newRC4Key)[9:] # print 'knownRC4Key: %s'% b2a_p(knownRC4Key)[9:] self.assertEqual(newRC4Key, knownRC4Key), "Final Key does not match" print "==========================================================="
def testKnowValues(self): """ Test vectors from 11-02-298r0-I-suggested-changes-to-RSN.doc Modified to show prefix and correct length. """ for [key, data, digest, prf_know_value] in prfTestVectors: # the 298r test vectors do not include the prefix :-( prefix = 'prefix' # remove white spaces and convert to binary string prf_value = a2b_p(prf_know_value) lengthInBits = 8 * len(prf_value) a_prf = PRF(key, prefix, data, lengthInBits) print 'key = ', b2a_p(key) print 'prefix = ', '"' + prefix + '"' print 'data = ', b2a_p(data) print 'PRF = ', b2a_p(a_prf) print 'PRF_v = ', b2a_p(prf_value) print 'len prf= ', len(a_prf) * 8 self.assertEqual(a_prf, prf_value)
def testKnowValues(self): """ Test vectors from 11-02-298r0-I-suggested-changes-to-RSN.doc Modified to show prefix and correct length. """ for [key,data,digest,prf_know_value] in prfTestVectors: # the 298r test vectors do not include the prefix :-( prefix = 'prefix' # remove white spaces and convert to binary string prf_value = a2b_p(prf_know_value) lengthInBits=8*len(prf_value) a_prf = PRF(key,prefix,data,lengthInBits) print 'key = ', b2a_p(key) print 'prefix = ', '"'+prefix+'"' print 'data = ', b2a_p(data) print 'PRF = ', b2a_p(a_prf) print 'PRF_v = ', b2a_p(prf_value) print 'len prf= ', len(a_prf)* 8 self.assertEqual(a_prf, prf_value)
def testTKIP_Mixer_KnowValues(self): """ Test using vectors from IEEE 802.11TGi D2.4.2 """ for testCase in TKIP_MixerTestCases: description = testCase['testCase'] tk = a2b_p(testCase['TK']) ta = a2b_p(testCase['TA']) iv32 = a2b_p(testCase['IV32']) # last 4 octets of PN/IV field iv16 = a2b_p(testCase['IV16']) # NOTE - iv16 and iv32 are confused notation from early drafts # may not match notation in the future pnField = iv16[1] + iv16[0] + iv32[3] + iv32[2] + iv32[1] + iv32[0] pn = unpack('<Q', pnField + 2 * chr(0))[0] knownP1key = a2b_p(testCase['P1K']) knownRC4Key = a2b_p(testCase['RC4KEY']) print '===========================================================' print 'testCase:%s' % description print 'TK: %s' % b2a_p(tk)[9:] print 'TA: %s' % b2a_p(ta)[9:] print 'IV32: %s' % b2a_p(iv32)[9:] print 'IV16: %s' % b2a_p(iv16)[9:] keyId = 0 eh1 = chr((ord(pnField[1]) | 0x20) & 0x7f) eh = pnField[0] + eh1 + pnField[1] + chr((keyId << 6) | 0x20) + pnField[2:] print 'EncHdr: %s (with KeyId=0)' % b2a_p(eh)[9:] print 'PNfield: %s' % b2a_p(pnField)[9:] print 'PNvalue: hex 0x%012X decimal %d' % (pn, pn) #print 'TSC: [0x%04x, 0x%04x, 0x%04x]' % (unpack('<H',pnField[0:2])[0],\ # unpack('<H',pnField[2:4])[0],unpack('<H',pnField[4:6])[0]) mixer = TKIP_Mixer(tk, ta) newRC4Key = mixer.newKey(pnField) p1kstring = ''.join([pack('>H', i) for i in mixer.phase1Key]) # a list of int's print 'TTAK: [0x%04x, 0x%04x, 0x%04x, 0x%04x, 0x%04x]' % (mixer.phase1Key[0], \ mixer.phase1Key[1],mixer.phase1Key[2],mixer.phase1Key[3],mixer.phase1Key[4]) print 'P1K: %s' % b2a_p(p1kstring)[9:] #print 'knownP1K:%s'%b2a_p(knownP1key)[9:] self.assertEqual(p1kstring, knownP1key), 'Phase1 Keys dont match' print 'RC4Key: %s' % b2a_p(newRC4Key)[9:] #print 'knownRC4Key: %s'% b2a_p(knownRC4Key)[9:] self.assertEqual(newRC4Key, knownRC4Key), 'Final Key does not match' print '==========================================================='
def xtestGunarExample1(self): """ Test example from Gunnar 2003-01-27 """ tk1 = a2b_p( "A9 90 6D C8 3E 78 92 3F 86 04 E9 9E F6 CD BA BB" ) ta = a2b_p( "50 30 F1 84 44 08" ) iv32 = a2b_p( "B5039776" ) # [transmitted as B5 03 97 76] iv16 = a2b_p( "E70C" ) p1k = a2b_p( "26D5 F1E1 2A59 2021 0E8E" ) rc4Key = a2b_p( "E7 67 0C 68 15 E0 2E 3F 1C 15 92 92 D4 E2 78 82" ) mixer = TKIP_Mixer(tk1,ta) newRC4Key = mixer.newKey(iv16+iv32) print "=== Gunnar Example ===" print "rc4Key = ", b2a_p( rc4Key ) print "newRC4Key = ", b2a_p( newRC4Key ) print "knownp1K = ", b2a_p( p1k ) print "calcp1K = %04X %04X %04x %04x %04x" % (mixer.phase1Key[0],mixer.phase1Key[1],mixer.phase1Key[2],mixer.phase1Key[3],mixer.phase1Key[4]) self.assertEqual(rc4Key,newRC4Key)