File: KAT_CMAC.hs

package info (click to toggle)
haskell-cryptonite 0.30-3
links: PTS, VCS
area: main
in suites: forky, sid, trixie
size: 3,372 kB
sloc: ansic: 22,009; haskell: 18,423; makefile: 8
file content (210 lines) | stat: -rw-r--r-- 6,327 bytes
parent folder | download | duplicates (6)

module KAT_CMAC (tests) where

import qualified Crypto.MAC.CMAC as CMAC
import           Crypto.Cipher.Types (Cipher, cipherInit, BlockCipher, ecbEncrypt, blockSize)
import           Crypto.Error (eitherCryptoError)
import           Crypto.Cipher.AES (AES128, AES192, AES256)
import           Crypto.Cipher.TripleDES (DES_EDE3, DES_EDE2)

import           Imports

import           Data.Char (digitToInt)
import qualified Data.ByteString as BS
import qualified Data.ByteArray as B


hxs :: String -> ByteString
hxs = BS.pack . rec' where
    dtoW8 = fromIntegral . digitToInt
    rec' (' ':xs)  =  rec' xs
    rec' (x:y:xs)  =  dtoW8 x * 16 + dtoW8 y : rec' xs
    rec' [_]       =  error "hxs: invalid hex pattern."
    rec' []        =  []

unsafeCipher :: Cipher k => ByteString -> k
unsafeCipher = either (error . show) id . eitherCryptoError . cipherInit

ecb0 :: BlockCipher k => k -> ByteString
ecb0 k = ecbEncrypt k $ BS.replicate (blockSize k) 0

{- Test vectors from NIST data-sheet
   (AES128-CMAC, AES192-CMAC, AES256-CMAC, Three Key TDEA, Two Key TDEA)
   http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf
   The data of AES128-CMAC is same as them in RFC4493.
 -}

msg512 :: ByteString
msg512 =
  hxs $
  "6bc1bee2 2e409f96 e93d7e11 7393172a" ++
  "ae2d8a57 1e03ac9c 9eb76fac 45af8e51" ++
  "30c81c46 a35ce411 e5fbc119 1a0a52ef" ++
  "f69f2445 df4f9b17 ad2b417b e66c3710"

msg320 :: ByteString
msg320 = BS.take 40 msg512

msg256 :: ByteString
msg256 = BS.take 32 msg512

msg160 :: ByteString
msg160 = BS.take 20 msg512

msg128 :: ByteString
msg128 = BS.take 16 msg512

msg64 :: ByteString
msg64 = BS.take 8 msg512

msg0 :: ByteString
msg0 = BS.empty

bsCMAC :: BlockCipher k => k -> ByteString -> ByteString
bsCMAC k = B.convert . CMAC.cmac k

gAES128 :: TestTree
gAES128 =
    igroup "aes128"
    [ ecb0 aes128key @?=  hxs "7df76b0c 1ab899b3 3e42f047 b91b546f"
    , aes128k1 @?=        hxs "fbeed618 35713366 7c85e08f 7236a8de"
    , aes128k2 @?=        hxs "f7ddac30 6ae266cc f90bc11e e46d513b"

    , bsCMAC aes128key msg0
      @?=                 hxs "bb1d6929 e9593728 7fa37d12 9b756746"
    , bsCMAC aes128key msg128
      @?=                 hxs "070a16b4 6b4d4144 f79bdd9d d04a287c"
    , bsCMAC aes128key msg320
      @?=                 hxs "dfa66747 de9ae630 30ca3261 1497c827"
    , bsCMAC aes128key msg512
      @?=                 hxs "51f0bebf 7e3b9d92 fc497417 79363cfe"
    ]
  where
    aes128key :: AES128
    aes128key =
        unsafeCipher $ hxs
        "2b7e1516 28aed2a6 abf71588 09cf4f3c"

    aes128k1, aes128k2 :: ByteString
    (aes128k1, aes128k2) = CMAC.subKeys aes128key


gAES192 :: TestTree
gAES192 =
    igroup "aes192"
    [ ecb0 aes192key @?=  hxs "22452d8e 49a8a593 9f7321ce ea6d514b"
    , aes192k1 @?=        hxs "448a5b1c 93514b27 3ee6439d d4daa296"
    , aes192k2 @?=        hxs "8914b639 26a2964e 7dcc873b a9b5452c"

    , bsCMAC aes192key msg0
      @?=                 hxs "d17ddf46 adaacde5 31cac483 de7a9367"
    , bsCMAC aes192key msg128
      @?=                 hxs "9e99a7bf 31e71090 0662f65e 617c5184"
    , bsCMAC aes192key msg320
      @?=                 hxs "8a1de5be 2eb31aad 089a82e6 ee908b0e"
    , bsCMAC aes192key msg512
      @?=                 hxs "a1d5df0e ed790f79 4d775896 59f39a11"
    ]
  where
    aes192key :: AES192
    aes192key =
        unsafeCipher . hxs $
        "8e73b0f7 da0e6452 c810f32b 809079e5" ++
        "62f8ead2 522c6b7b"

    aes192k1, aes192k2 :: ByteString
    (aes192k1, aes192k2) = CMAC.subKeys aes192key

gAES256 :: TestTree
gAES256 =
    igroup "aes256"
    [ ecb0 aes256key @?=  hxs "e568f681 94cf76d6 174d4cc0 4310a854"
    , aes256k1 @?=        hxs "cad1ed03 299eedac 2e9a9980 8621502f"
    , aes256k2 @?=        hxs "95a3da06 533ddb58 5d353301 0c42a0d9"

    , bsCMAC aes256key msg0
      @?=                 hxs "028962f6 1b7bf89e fc6b551f 4667d983"
    , bsCMAC aes256key msg128
      @?=                 hxs "28a7023f 452e8f82 bd4bf28d 8c37c35c"
    , bsCMAC aes256key msg320
      @?=                 hxs "aaf3d8f1 de5640c2 32f5b169 b9c911e6"
    , bsCMAC aes256key msg512
      @?=                 hxs "e1992190 549f6ed5 696a2c05 6c315410"
    ]
  where
    aes256key :: AES256
    aes256key =
        unsafeCipher . hxs $
        "603deb10 15ca71be 2b73aef0 857d7781" ++
        "1f352c07 3b6108d7 2d9810a3 0914dff4"

    aes256k1, aes256k2 :: ByteString
    (aes256k1, aes256k2) = CMAC.subKeys aes256key

gTDEA3 :: TestTree
gTDEA3 =
    igroup "Three Key TDEA"
    [ ecb0 tdea3key @?=  hxs "c8cc74e9 8a7329a2"
    , tdea3k1 @?=        hxs "9198e9d3 14e6535f"
    , tdea3k2 @?=        hxs "2331d3a6 29cca6a5"

    , bsCMAC tdea3key msg0
      @?=                hxs "b7a688e1 22ffaf95"
    , bsCMAC tdea3key msg64
      @?=                hxs "8e8f2931 36283797"
    , bsCMAC tdea3key msg160
      @?=                hxs "743ddbe0 ce2dc2ed"
    , bsCMAC tdea3key msg256
      @?=                hxs "33e6b109 2400eae5"
    ]
  where
    tdea3key :: DES_EDE3
    tdea3key =
        unsafeCipher . hxs $
        "8aa83bf8 cbda1062" ++
        "0bc1bf19 fbb6cd58" ++
        "bc313d4a 371ca8b5"

    tdea3k1, tdea3k2 :: ByteString
    (tdea3k1, tdea3k2) = CMAC.subKeys tdea3key

gTDEA2 :: TestTree
gTDEA2 =
    igroup "Two Key TDEA"
    [ ecb0 tdea2key @?=  hxs "c7679b9f 6b8d7d7a"
    , tdea2k1 @?=        hxs "8ecf373e d71afaef"
    , tdea2k2 @?=        hxs "1d9e6e7d ae35f5c5"

    , bsCMAC tdea2key msg0
      @?=                hxs "bd2ebf9a 3ba00361"
    , bsCMAC tdea2key msg64
      @?=                hxs "4ff2ab81 3c53ce83"
    , bsCMAC tdea2key msg160
      @?=                hxs "62dd1b47 1902bd4e"
    , bsCMAC tdea2key msg256
      @?=                hxs "31b1e431 dabc4eb8"
    ]
  where
    tdea2key :: DES_EDE2
    tdea2key =
          unsafeCipher . hxs $
          "4cf15134 a2850dd5" ++
          "8a3d10ba 80570d38"

    tdea2k1, tdea2k2 :: ByteString
    (tdea2k1, tdea2k2) = CMAC.subKeys tdea2key

igroup :: TestName -> [Assertion] -> TestTree
igroup nm = testGroup nm . zipWith (flip ($)) [1..] . map icase
  where
    icase c i = testCase (show (i :: Int)) c

nistVectors :: TestTree
nistVectors =
    testGroup "KAT - NIST test vectors"
    [ gAES128, gAES192, gAES256, gTDEA3, gTDEA2 ]

tests :: TestTree
tests =
    testGroup "CMAC"
    [ nistVectors ]