diff options
Diffstat (limited to 'sbin/isakmpd/regress')
30 files changed, 2166 insertions, 0 deletions
diff --git a/sbin/isakmpd/regress/Makefile b/sbin/isakmpd/regress/Makefile new file mode 100644 index 00000000000..8b102ccee45 --- /dev/null +++ b/sbin/isakmpd/regress/Makefile @@ -0,0 +1,38 @@ +# $Id: Makefile,v 1.1 1998/11/15 00:03:49 niklas Exp $ + +# +# Copyright (c) 1998 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Ericsson Radio Systems. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +SUBDIR= asn b2n crypto dh ec2n exchange group hmac pkcs prf rsakeygen x509 + +.include <bsd.subdir.mk> diff --git a/sbin/isakmpd/regress/asn/Makefile b/sbin/isakmpd/regress/asn/Makefile new file mode 100644 index 00000000000..62c5e1effaf --- /dev/null +++ b/sbin/isakmpd/regress/asn/Makefile @@ -0,0 +1,14 @@ +# Test ASN + +PROG= asntest +SRCS= asntest.c conf.c asn.c asn_useful.c gmp_util.c log.c pkcs.c \ + sysdep.c hash.c x509.c +TOPOBJ!= cd ${.CURDIR}/../..; printf "all:\n\t@pwd\n" |${MAKE} -f- +.PATH: ${.CURDIR}/../.. ${TOPOBJ} +LDADD+= -lgmp +DPADD+= ${LIBDES} +NOMAN= +CFLAGS+= -I${.CURDIR}/../.. -I${TOPOBJ} -Wall +DEBUG= -g + +.include <bsd.prog.mk> diff --git a/sbin/isakmpd/regress/asn/asntest.c b/sbin/isakmpd/regress/asn/asntest.c new file mode 100644 index 00000000000..2d254cfd764 --- /dev/null +++ b/sbin/isakmpd/regress/asn/asntest.c @@ -0,0 +1,147 @@ +/* $Id: asntest.c,v 1.1 1998/11/15 00:03:49 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <sys/param.h> +#include <stdio.h> +#include <string.h> +#include <gmp.h> + +#include "conf.h" +#include "asn.h" +#include "asn_useful.h" +#include "pkcs.h" +#include "x509.h" + +int +main (void) +{ + char buf[1000]; + char buf2[1000]; + u_int32_t len; + struct norm_type test = SEQ("test", Signed); + struct norm_type test2 = SEQ("cert", Certificate); + struct norm_type *tmp, *tmp2; + struct rsa_public_key key; + struct x509_certificate cert; + int i, j; + u_int8_t *asn; + char *p; + + FILE *f = fopen ("ssh-test-ca.pem", "r"); + len = 0; + while (conf_get_line (f, buf + len, sizeof (buf) - len)) + if (buf[len] != '-') + len = strlen (buf); + + conf_decode_base64 (buf, &len, buf); + + asn_template_clone (&test, 1); + + asn_decode_sequence (buf, len, &test); + + p = ASN_SIGNED_ALGORITHM(&test); + + printf ("ObjectId: %s = %s\n", p, asn_parse_objectid (asn_ids, p)); + + asn_template_clone (&test2, 1); + + len = asn_get_len (ASN_SIGNED_DATA(&test)); + asn_decode_sequence (ASN_SIGNED_DATA(&test), len, &test2); + + tmp = asn_decompose ("cert.version", &test2); + printf ("Version: "); mpz_out_str (stdout, 16, tmp->data); + tmp = asn_decompose ("cert.serialNumber", &test2); + printf ("\nSerialNumber: "); mpz_out_str (stdout, 16, tmp->data); + tmp = asn_decompose ("cert.signature.algorithm", &test2); + printf ("\nsignature: %s\n", + asn_parse_objectid (asn_ids, (char *)tmp->data)); + + tmp = ASN_CERT_VALIDITY(&test2); + printf ("Begin: %s, End: %s\n", ASN_VAL_BEGIN(tmp), ASN_VAL_END(tmp)); + + i = 0; + while (1) + { + sprintf (buf2, "cert.issuer.RelativeDistinguishedName[%d]", i++); + tmp = asn_decompose (buf2, &test2); + if (tmp == NULL) + break; + + j = 0; + while (1) + { + sprintf (buf2, "RelativeDistinguishedName.AttributeValueAssertion[%d].AttributeType", j); + tmp2 = asn_decompose (buf2, tmp); + if (tmp2 == NULL) + break; + + printf ("Issuer: (%s) ", + asn_parse_objectid (asn_ids, tmp2->data)); + sprintf (buf2, "RelativeDistinguishedName.AttributeValueAssertion[%d].AttributeValue", j++); + tmp2 = asn_decompose (buf2, tmp); + printf ("%s\n", (char *)tmp2->data); + } + }; + + tmp = asn_decompose ("cert.subjectPublicKeyInfo.algorithm.algorithm", &test2); + printf ("Key: %s\n", asn_parse_objectid (asn_ids, tmp->data)); + + tmp = asn_decompose ("cert.subjectPublicKeyInfo.subjectPublicKey", &test2); + asn = tmp->data + 1; + + pkcs_public_key_from_asn (&key, asn, asn_get_len (asn)); + printf ("n (%u): 0x", (unsigned int)mpz_sizeinbase (key.n, 2)); + mpz_out_str (stdout, 16, key.n); + printf ("\ne: 0x"); mpz_out_str (stdout, 16, key.e); + printf ("\n"); + + printf ("Validate SIGNED: "); + if (!x509_validate_signed (buf, asn_get_len (buf), &key, &asn, &len)) + printf ("FAILED "); + else + printf ("OKAY "); + printf ("\n"); + + memset (&cert, 0, sizeof (cert)); + x509_decode_certificate (buf, asn_get_len (buf), &cert); + + printf ("Encoding Certificiate: "); + if (!x509_encode_certificate(&cert, &asn, &len)) + printf ("FAILED "); + else + printf ("OKAY "); + printf ("\n"); + return 1; +} diff --git a/sbin/isakmpd/regress/asn/ssh-test-ca.pem b/sbin/isakmpd/regress/asn/ssh-test-ca.pem new file mode 100644 index 00000000000..4721db3bedb --- /dev/null +++ b/sbin/isakmpd/regress/asn/ssh-test-ca.pem @@ -0,0 +1,12 @@ +-----BEGIN X509 CERTIFICATE----- +MIIB/DCCAWWgAwIBAgIDAeD0MA0GCSqGSIb3DQEBBAUAMDgxCzAJBgNVBAYTAkZJMSkwJwYDVQQ +KEyBTc2ggQ29tbXVuaWNhdGlvbnMgU2VjdXJpdHkgTHRkLjAeFw05NzEyMzEwMDAwMDBaFw05OD +EyMzEwMDAwMDBaMDgxCzAJBgNVBAYTAkZJMSkwJwYDVQQKEyBTc2ggQ29tbXVuaWNhdGlvbnMgU +2VjdXJpdHkgTHRkLjCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAmxrZfHh3PXzt4STZ27xN +v6ccHA5Zs2rJ/NmjTz+cDtJriGtfroPjPuI82H7QifrGAmG9+iHLP9bZKvs8Bur5avXTQmxg2kT +/53K74Tiox2hJEPWKNAPWKf8Y/sCXKJF0TEYtFlFCzkm+lmBmtuSDixgD5Xa1DNl3Ket7m4vOhq +8CASmjFjAUMBIGA1UdEwEB/wQIMAYBAf8CAQowDQYJKoZIhvcNAQEEBQADgYEAP66aK4rdFAT/H +PKGTEM1UQgmo8b/fi7rB90jonodOI4Xros/3R1Nj8Z5zQcx2hG5xjIAl9YpHmmPSbgtYD1SIFxF +0sWBa12FU7u/Sa8OjBvs9K0Ofnw/Sdp7on0M6f/xTVHKFCunfAbHsqFhieej6esDJBKODpbb2pJ +c6VphrlE= +-----END X509 CERTIFICATE----- diff --git a/sbin/isakmpd/regress/b2n/Makefile b/sbin/isakmpd/regress/b2n/Makefile new file mode 100644 index 00000000000..b84f0240a60 --- /dev/null +++ b/sbin/isakmpd/regress/b2n/Makefile @@ -0,0 +1,12 @@ + +# Test HMAC: + +PROG= b2ntest +SRCS= math_2n.c b2ntest.c util.c sysdep.c +.PATH: ${.CURDIR}/../../ +NOMAN= +TOPOBJ!= cd ${.CURDIR}/../..; printf "all:\n\t@pwd\n" |${MAKE} -f- +CFLAGS+= -I${TOPOBJ} -I${.CURDIR}/../../ -Wall +DEBUG= -g + +.include <bsd.prog.mk>
\ No newline at end of file diff --git a/sbin/isakmpd/regress/b2n/b2ntest.c b/sbin/isakmpd/regress/b2n/b2ntest.c new file mode 100644 index 00000000000..94176384c0a --- /dev/null +++ b/sbin/isakmpd/regress/b2n/b2ntest.c @@ -0,0 +1,367 @@ +/* $Id: b2ntest.c,v 1.1 1998/11/15 00:03:50 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +/* + * B2N is a module for doing arithmetic on the Field GF(2**n) which is + * isomorph to ring of polynomials GF(2)[x]/p(x) where p(x) is an + * irreduciable polynomial over GF(2)[x] with grade n. + */ + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> + +#include "math_2n.h" + +#define CMP_FAIL(n,x) b2n_sprint (buf, n); if (strcmp (buf, (x))) \ + printf ("FAILED: %s != %s ", buf, x); else printf ("OKAY "); + +int +main (void) +{ + int i; + b2n_t n, m, d, r; + char buf[200]; + + b2n_init (n); + b2n_init (m); + b2n_init (d); + b2n_init (r); + + printf ("Arithimetic Tests for GF(2)[x]:\n"); + printf ("Testing: b2n_set*: "); + b2n_set_ui (n, 0xffc0); + CMP_FAIL (n, "0xffc0"); + + b2n_set_str (m, "0x180c0"); + CMP_FAIL (m, "0x0180c0"); + b2n_set_str (m, "0x808b8080c0"); + CMP_FAIL (m, "0x808b8080c0"); + + printf ("\nTesting: b2n_add: "); + b2n_add (d, n, m); + CMP_FAIL (d, "0x808b807f00"); + b2n_add (n, n, m); + CMP_FAIL (n, "0x808b807f00"); + b2n_add (n, n, n); + CMP_FAIL (n, "0x00"); + b2n_set_str (n, "0x9090900000000000000000"); + b2n_set_ui (m, 0); + b2n_add (n, n, m); + CMP_FAIL (n, "0x9090900000000000000000"); + + printf ("\nTesting: b2n_lshift: "); + b2n_set_str (m, "0x808b8080c0"); + b2n_lshift (n, m, 3); + CMP_FAIL (n, "0x04045c040600"); + b2n_lshift (n, m, 11); + CMP_FAIL (n, "0x04045c04060000"); + b2n_set (n, m); + for (i = 0; i < 11; i++) + b2n_lshift (n, n, 1); + CMP_FAIL (n, "0x04045c04060000"); + b2n_lshift (d, m, 12); + CMP_FAIL (d, "0x0808b8080c0000"); + b2n_set_str (m, "0xdeadbeef"); + b2n_lshift (d, m, 103); + CMP_FAIL (d, "0x6f56df7780000000000000000000000000"); + + printf ("\nTesting: b2n_rshift: "); + b2n_rshift (m, n, 3); + CMP_FAIL (m, "0x808b8080c000"); + b2n_rshift (m, m, 11); + CMP_FAIL (m, "0x1011701018"); + b2n_set_str (m, "0x12381998713258186712365"); + b2n_rshift (m, m, 23); + CMP_FAIL (m, "0x024703330e264b030c"); + b2n_set_str (m, "0x12381998713258186712365"); + for (i=0; i<23; i++) + b2n_rshift (m, m, 1); + CMP_FAIL (m, "0x024703330e264b030c"); + + printf ("\nTesting: b2n_mul: 0x9 o 0x5: "); + b2n_set_ui (n, 9); + b2n_set_ui (m, 5); + b2n_mul (d, n, m); + CMP_FAIL (d, "0x2d"); + b2n_mul (n, n, m); + CMP_FAIL (d, "0x2d"); + + printf ("\nTesting: b2n_mul: 0x9 o 0x0: "); + b2n_set_ui (n, 9); + b2n_set_ui (m, 0); + b2n_mul (d, n, m); + CMP_FAIL (d, "0x00"); + b2n_set_ui (n, 0); + b2n_set_ui (m, 9); + b2n_mul (d, n, m); + CMP_FAIL (d, "0x00"); + + printf ("\nTesting: b2n_mul: 0x9 o 0x1: "); + b2n_set_ui (n, 9); + b2n_set_ui (m, 1); + b2n_mul (d, n, m); + CMP_FAIL (d, "0x09"); + + printf ("\nTesting: b2n_mul: 0x12329 o 0x1235: "); + b2n_set_str (n, "0x12329"); + b2n_set_str (m, "0x1235"); + b2n_mul (d, n, m); + CMP_FAIL (d, "0x10473a3d"); + b2n_mul (n, n, m); + CMP_FAIL (d, "0x10473a3d"); + + printf ("\nTesting: b2n_square: 0x1235 o 0x1235: "); + b2n_set_str (m, "0x1235"); + b2n_square (n, m); + CMP_FAIL (n, "0x01040511"); + + printf ("\nTesting: b2n_square: 0x80c1235 o 0x80c1235: "); + b2n_set_str (m, "0x80c1235"); + b2n_square (n, m); + CMP_FAIL (n, "0x40005001040511"); + + b2n_set_str (m, "0x12329"); + printf ("\nTesting: sigbit: 0x12329: %d, %s", + b2n_sigbit(m), b2n_sigbit(m) == 17 ? "OKAY" : "FAILED"); + b2n_set_ui (m, 0); + printf ("\nTesting: sigbit: 0x0: %d, %s", + b2n_sigbit(m), b2n_sigbit(m) == 0 ? "OKAY" : "FAILED"); + b2n_set_str (m, "0x7f3290000"); + printf ("\nTesting: sigbit: 0x7f3290000: %d, %s", + b2n_sigbit(m), b2n_sigbit(m) == 35 ? "OKAY" : "FAILED"); + + printf ("\nTesting: b2n_cmp: "); + b2n_set_str (m, "0x2234"); + b2n_set_str (n, "0x1234"); + printf ("%d <-> %d, ", b2n_sigbit (m), b2n_sigbit(n)); + printf ("%d, %d ,%d: ", b2n_cmp (m,m), b2n_cmp (m,n), b2n_cmp (n,m)); + if (b2n_cmp (m,m) || b2n_cmp (m,n) != 1 || b2n_cmp (n,m) != -1) + printf ("FAILED"); + else + printf ("OKAY"); + printf ("\nTesting: b2n_cmp_null: "); + b2n_set_str (m, "0x2234"); + b2n_set_ui (n, 0); + printf ("%d, %d: ", b2n_cmp_null (m), b2n_cmp_null (n)); + if (b2n_cmp_null (m) != 1 || b2n_cmp_null (n)) + printf ("FAILED"); + else + printf ("OKAY"); + + printf ("\nTesting: b2n_div: 0x2d / 0x5: "); + b2n_set_str (n, "0x2d"); + b2n_set_ui (m, 5); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x09"); + CMP_FAIL (m, "0x00"); + printf ("\nTesting: b2n_div: 0x2d / 0x1: "); + b2n_set_str (n, "0x2d"); + b2n_set_ui (m, 1); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x2d"); + CMP_FAIL (m, "0x00"); + + printf ("\nTesting: b2n_div: 0x10473a3d / 0x1235: "); + b2n_set_str (n, "0x10473a3d"); + b2n_set_str (m, "0x1235"); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x012329"); + CMP_FAIL (m, "0x00"); + + printf ("\nTesting: b2n_div: 0x10473a3d / 0x1536: "); + b2n_set_str (n, "0x10473a3d"); + b2n_set_str (m, "0x1536"); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x014331"); + CMP_FAIL (m, "0xab"); + b2n_set_str (n, "0x10473a3d"); + b2n_set_str (m, "0x1536"); + b2n_div_q (d, n, m); + CMP_FAIL (d, "0x014331"); + b2n_div_r (d, n, m); + CMP_FAIL (d, "0xab"); + + printf ("\nTesting: b2n_div: 0x0800000000000000000000004000000000000001 / 0xffab09909a00: "); + b2n_set_str (n, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0xffab09909a00"); + b2n_div_q (d, n, m); + CMP_FAIL (d, "0x18083e83a98647cedae0b3e69a5e"); + b2n_div_r (d, n, m); + CMP_FAIL (d, "0x5b8bf98cac01"); + b2n_set (d, m); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x18083e83a98647cedae0b3e69a5e"); + CMP_FAIL (m, "0x5b8bf98cac01"); + + printf ("\nTesting: b2n_div: 0x0800000000000000000000004000000000000001 / 0x7b: "); + b2n_set_str (n, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0x7b"); + b2n_div (n, m, n, m); + CMP_FAIL (n, "0x32dea27065bd44e0cb7a89c000000000000000"); + CMP_FAIL (m, "0x01"); + + printf ("\n\nArithimetic Tests for GF(2**m) ~= GF(2)[x]/p(x):\n"); + printf ("Testing: b2n_gcd: "); + b2n_set_str (d, "0x771"); + b2n_set_str (m, "0x26d"); + b2n_gcd (n, m, d); + CMP_FAIL (n, "0x0b"); + b2n_set_str (d, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0xffab09909a00"); + b2n_gcd (n, m, d); + CMP_FAIL (n, "0x01"); + b2n_set_str (d, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0x7b"); + b2n_gcd (n, m, d); + CMP_FAIL (n, "0x01"); + + printf ("\nTesting: b2n_mul_inv: "); + b2n_set_str (d, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0xffab09909a00"); + b2n_mul_inv (n, m, d); + CMP_FAIL (n, "0x074029149f69304174d28858ae5c60df208a22a8"); + b2n_set_str (n, "0xffab09909a00"); + b2n_mul_inv (n, n, d); + CMP_FAIL (n, "0x074029149f69304174d28858ae5c60df208a22a8"); + b2n_mul (n, n, m); + b2n_mod (n, n, d); + CMP_FAIL (n, "0x01"); + b2n_set_str (d, "0x0800000000000000000000004000000000000001"); + b2n_set_str (m, "0x7b"); + b2n_mul_inv (n, m, d); + CMP_FAIL (n, "0x32dea27065bd44e0cb7a89c000000000000000"); + b2n_mul (n, n, m); + b2n_mod (n, n, d); + CMP_FAIL (n, "0x01"); + + printf ("\nTesting: b2n_random: "); + b2n_random (m, 155); + b2n_sprint (buf, m); + printf ("%s, %d", buf, b2n_sigbit(m)); + + printf ("\nTesting: b2n_sqrt: "); + b2n_set_str (n, "0x0800000000000000000000004000000000000001"); + b2n_set_ui (d, 2); + b2n_sqrt (m, d, n); + b2n_square (d, m); + b2n_add (d, d, m); + b2n_mod (d, d, n); + CMP_FAIL (d, "0x02"); + + /* x**3 + b */ + b2n_set_ui (n, 0x7b); + b2n_square (d, n); + b2n_mul (d, d, n); + b2n_set_str (n, "0x07338f"); + b2n_add (d, d, n); + b2n_set_str (n, "0x0800000000000000000000004000000000000001"); + b2n_mod (d, d, n); + /* \alpha = x**3 + b - end */ + + /* \beta = x**(-2)*\alpha */ + b2n_set_ui (m, 0x7b); + b2n_mul_inv (m, m, n); + b2n_square (m, m); + b2n_mod (m, m, n); + b2n_mul (d, d, m); + b2n_mod (d, d, n); + b2n_set (r, d); + /* \beta = x**(-2)*\alpha - end */ + + b2n_sqrt (m, d, n); + CMP_FAIL (m, "0x0690aec7cd215d8f9a42bb1f0000000000000004"); + b2n_square (d, m); + b2n_mod (d, d, n); + b2n_add (d, d, m); + b2n_mod (d, d, n); + printf ("Squaring Check: "); + CMP_FAIL (d, "0x03d5af92c8311d9e8f56be4b3e690aec7cd215cc"); + + printf ("\nTesting: b2n_trace: "); + b2n_set_ui (m, 2); + b2n_trace (d, m, n); + CMP_FAIL (d, "0x00"); + b2n_set_ui (m, 0x11223); + b2n_trace (d, m, n); + CMP_FAIL (d, "0x01"); + + printf ("\nTesting: b2n_exp_mod: "); + b2n_set_ui (m, 0x7b); + b2n_exp_mod (d, m, 5, n); + CMP_FAIL (d, "0x7cccb7cb"); + b2n_set_str (m, "0x123456789abcdef"); + b2n_exp_mod (d, m, 13, n); + CMP_FAIL (d, "0x043f0a8550cb69b3c50d0340d1c6d5c97ecd60d4"); + + printf ("\nTesting: b2n_3mul: "); + b2n_set_ui (m, 0x7b); + b2n_3mul (m, m); + CMP_FAIL (m, "0x0171"); + + b2n_set_ui (m, 0x7fffffff); + b2n_3mul (m, m); + CMP_FAIL (m, "0x017ffffffd"); + + printf ("\nTesting: b2n_nadd: "); + b2n_set_str (m, "0x7fffffff"); + b2n_set_str (n, "0x10203045"); + b2n_nadd (d, n, m); + CMP_FAIL (d, "0x90203044"); + + b2n_set_str (m, "0x9a4a54d8b8dfa566112849991214329a233d"); + b2n_set_str (n, "0x70ee40dd60c8657e58eda9a17ad9176e28b4b457e5a34a0948e335"); + b2n_nadd (d, n, m); + CMP_FAIL (d, "0x70ee40dd60c8657e5987f3f65391f7138ec5dca17eb55e3be30672"); + + printf ("\nTesting: b2n_nsub: "); + b2n_set_str (n, "0x90203044"); + b2n_set_str (m, "0x10203045"); + b2n_nsub (d, n, m); + CMP_FAIL (d, "0x7fffffff"); + + b2n_set_str (n, "0x70ee40dd60c8657e5987f3f65391f7138ec5dca17eb55e3be30672"); + b2n_set_str (m, "0x70ee40dd60c8657e58eda9a17ad9176e28b4b457e5a34a0948e335"); + b2n_nsub (d, n, m); + CMP_FAIL (d, "0x9a4a54d8b8dfa566112849991214329a233d"); + + b2n_clear (n); + b2n_clear (m); + b2n_clear (d); + b2n_clear (r); + + printf ("\n"); + return 1; +} diff --git a/sbin/isakmpd/regress/check.sh b/sbin/isakmpd/regress/check.sh new file mode 100644 index 00000000000..f5d1d128cad --- /dev/null +++ b/sbin/isakmpd/regress/check.sh @@ -0,0 +1,92 @@ +#!/bin/sh +# $Id: check.sh,v 1.1 1998/11/15 00:03:49 niklas Exp $ + +# +# Copyright (c) 1998 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Niklas Hallqvist. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson. +# + +PROGNAME=$0 +NC=/usr/bin/nc +HOST=localhost +ISAKMP_PORT=500 + +set -- `getopt p: $*` +if [ $? != 0 ]; then + echo 'usage: $PROGNAME [-p port] host' >&2 + exit 2 +fi +for i; do + case "$i" in + -p) + ISAKMP_PORT=$2; shift; shift;; + --) + shift; break;; + esac +done + +if [ $# -gt 0 ]; then + HOST=$1 +fi + +send () { + ${NC} -u -w 1 ${HOST} ${ISAKMP_PORT} +} + +# Short message +printf "SHORT!" |send + +# (Most probably) invalid cookie +printf "INVALID COOKIES!\0\x10\0\0\0\0\0\0\0\0\0\x1c" |send + +# Invalid next payload type +printf "01234567\0\0\0\0\0\0\0\0!\x10\0\0\0\0\0\0\0\0\0\x1c" |send + +# Invalid major version +printf "01234567\0\0\0\0\0\0\0\0\0\x20\0\0\0\0\0\0\0\0\0\x1c" |send + +# Invalid minor version +printf "01234567\0\0\0\0\0\0\0\0\0\x11\0\0\0\0\0\0\0\0\0\x1c" |send + +# Invalid exchange type +printf "01234567\0\0\0\0\0\0\0\0\0\x10!\0\0\0\0\0\0\0\0\x1c" |send + +# Invalid flags +printf "01234567\0\0\0\0\0\0\0\0\0\x10\2\x80\0\0\0\0\0\0\0\x1c" |send + +# Invalid message ID +printf "01234567\0\0\0\0\0\0\0\0\0\x10\2\0BAD!\0\0\0\x1c" |send + +# Short length +printf "01234567\0\0\0\0\0\0\0\0\0\x10\2\0\0\0\0\0\0\0\0\x1b" |send + +# Long length +printf "01234567\0\0\0\0\0\0\0\0\0\x10\2\0\0\0\0\0\0\0\0\x1d" |send diff --git a/sbin/isakmpd/regress/crypto/Makefile b/sbin/isakmpd/regress/crypto/Makefile new file mode 100644 index 00000000000..26ed4656086 --- /dev/null +++ b/sbin/isakmpd/regress/crypto/Makefile @@ -0,0 +1,12 @@ +# Test Crypto: + +PROG= cryptotest +SRCS= log.c crypto.c cryptotest.c +.PATH: ${.CURDIR}/../../ +LDADD+= -ldes +DPADD+= ${LIBDES} +NOMAN= +CFLAGS+= -I${.CURDIR}/../../ -Wall +DEBUG= -g + +.include <bsd.prog.mk> diff --git a/sbin/isakmpd/regress/crypto/cryptotest.c b/sbin/isakmpd/regress/crypto/cryptotest.c new file mode 100644 index 00000000000..05aaa533912 --- /dev/null +++ b/sbin/isakmpd/regress/crypto/cryptotest.c @@ -0,0 +1,167 @@ +/* $Id: cryptotest.c,v 1.1 1998/11/15 00:03:50 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <sys/param.h> +#include <ctype.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> + +#include "crypto.h" + +void test_crypto (enum transform); + +#define SET_KEY(x,y) {int i; for (i=0; i < (y); i++) (x)[i] = i;} + +int +verify_buf (u_int8_t *buf, u_int16_t len) +{ + int i; + + for (i = 0; i < len; i++) + if (buf[i] != i) + return 0; + + return 1; +} + +#define nibble2bin(y) (tolower((y)) < 'a' ? (y) - '0': tolower((y)) - 'a' + 10) +#define hexchar2bin(x) ((nibble2bin((x)[0]) << 4) + nibble2bin((x)[1])) +#define nibble2c(x) ((x) >= 10 ? ('a'-10+(x)) : ('0' + (x))) + +void asc2bin (u_int8_t *bin, u_int8_t *asc, u_int16_t len) +{ + int i; + + for (i = 0; i < len; i += 2, asc += 2) + { + *bin++ = hexchar2bin(asc); + } +} + +void +special_test_blf (void) +{ + u_int8_t *akey = "0123456789ABCDEFF0E1D2C3B4A59687"; + u_int8_t *aiv = "FEDCBA9876543210"; + u_int8_t data[] = "7654321 Now is the time for \0\0\0"; /* len 29 */ + u_int8_t *acipher = "6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CCE7"; + u_int8_t key[16], cipher[32], iv[8]; + struct crypto_xf *xf; + struct keystate *ks; + enum cryptoerr err; + int i; + + asc2bin (key, akey, strlen (akey)); + asc2bin (iv, aiv, strlen (aiv)); + asc2bin (cipher, acipher, 64); + + xf = crypto_get (BLOWFISH_CBC); + printf ("Special Test-Case %s: ", xf->name); + + ks = crypto_init (xf, key, 16, &err); + if (!ks) + { + printf ("FAILED (init %d)", err); + goto fail; + } + + crypto_init_iv (ks, iv, xf->blocksize); + crypto_encrypt (ks, data, 32); + + for (i = 0; i < 32; i++) + if (data[i] != cipher[i]) + break; + if (i < 32) + printf ("FAILED "); + else + printf ("OKAY "); + + free (ks); + +fail: + printf ("\n"); + return; +} + +int +main (void) +{ + test_crypto (DES_CBC); + + test_crypto (TRIPLEDES_CBC); + + test_crypto (BLOWFISH_CBC); + + test_crypto (CAST_CBC); + + special_test_blf (); + + return 1; +} + +void +test_crypto (enum transform which) +{ + u_int8_t buf[256]; + struct crypto_xf *xf; + struct keystate *ks; + enum cryptoerr err; + + xf = crypto_get (which); + printf ("Testing %s: ", xf->name); + + SET_KEY (buf, xf->keymax); + ks = crypto_init (xf, buf, xf->keymax, &err); + if (!ks) + { + printf ("FAILED (init %d)", err); + goto fail; + } + SET_KEY (buf, sizeof (buf)); + crypto_init_iv (ks, buf, xf->blocksize); + crypto_encrypt (ks, buf, sizeof (buf)); + crypto_decrypt (ks, buf, sizeof (buf)); + if (!verify_buf (buf, sizeof (buf))) + printf ("FAILED "); + else + printf ("OKAY "); + + free (ks); + + fail: + printf ("\n"); + return; +} diff --git a/sbin/isakmpd/regress/dh/Makefile b/sbin/isakmpd/regress/dh/Makefile new file mode 100644 index 00000000000..39a873f4cdb --- /dev/null +++ b/sbin/isakmpd/regress/dh/Makefile @@ -0,0 +1,14 @@ +# Test DH: + +PROG= dhtest +SRCS= math_2n.c math_ec2n.c math_group.c dh.c dhtest.c util.c \ + log.c sysdep.c gmp_util.c +.PATH: ${.CURDIR}/../../ +NOMAN= +LDADD+= -lgmp +DPADD+= ${LIBGMP} +TOPOBJ!= cd ${.CURDIR}/../..; printf "all:\n\t@pwd\n" |${MAKE} -f- +CFLAGS+= -I${.CURDIR}/../../ -I${TOPOBJ} -Wall +DEBUG= -g + +.include <bsd.prog.mk> diff --git a/sbin/isakmpd/regress/dh/dhtest.c b/sbin/isakmpd/regress/dh/dhtest.c new file mode 100644 index 00000000000..cd9361177f9 --- /dev/null +++ b/sbin/isakmpd/regress/dh/dhtest.c @@ -0,0 +1,106 @@ +/* $Id: dhtest.c,v 1.1 1998/11/15 00:03:50 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +/* + * This module does a Diffie-Hellman Exchange + */ + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> + +#include "math_group.h" +#include "dh.h" + +#define DUMP_X(_x_) point = (_x_); b2n_print (point->x); + +int +main (void) +{ + int len; + char buf[100], buf2[100]; + char sec[100], sec2[100]; + struct group *group, *group2; + + group_init (); + group = group_get (4); + group2 = group_get (4); + + printf ("Testing DH (elliptic curve): \n"); + + printf ("dh_getlen\n"); + len = dh_getlen (group); + printf ("dh_create_exchange\n"); + dh_create_exchange (group, buf); + dh_create_exchange (group2, buf2); + + printf ("dh_create_shared\n"); + dh_create_shared (group, sec, buf2); + dh_create_shared (group2, sec2, buf); + + printf ("Result: "); + if (memcmp (sec, sec2, len)) + printf ("FAILED "); + else + printf ("OKAY "); + + group_free (group); + group_free (group2); + + printf ("\nTesting DH (MODP): \n"); + + group = group_get (1); + group2 = group_get (1); + + printf ("dh_getlen\n"); + len = dh_getlen (group); + printf ("dh_create_exchange\n"); + dh_create_exchange (group, buf); + dh_create_exchange (group2, buf2); + + printf ("dh_create_shared\n"); + dh_create_shared (group, sec, buf2); + dh_create_shared (group2, sec2, buf); + + printf ("Result: "); + if (memcmp (sec, sec2, len)) + printf ("FAILED "); + else + printf ("OKAY "); + + + printf ("\n"); + return 1; +} diff --git a/sbin/isakmpd/regress/ec2n/Makefile b/sbin/isakmpd/regress/ec2n/Makefile new file mode 100644 index 00000000000..9b51dd07aa5 --- /dev/null +++ b/sbin/isakmpd/regress/ec2n/Makefile @@ -0,0 +1,12 @@ + +# Test EC2N: + +PROG= ec2ntest +SRCS= math_2n.c math_ec2n.c ec2ntest.c util.c sysdep.c +.PATH: ${.CURDIR}/../../ +NOMAN= +TOPOBJ!= cd ${.CURDIR}/../..; printf "all:\n\t@pwd\n" |${MAKE} -f- +CFLAGS+= -I${TOPOBJ} -I${.CURDIR}/../../ -Wall +DEBUG= -g + +.include <bsd.prog.mk> diff --git a/sbin/isakmpd/regress/ec2n/ec2ntest.c b/sbin/isakmpd/regress/ec2n/ec2ntest.c new file mode 100644 index 00000000000..cbc5863f1f8 --- /dev/null +++ b/sbin/isakmpd/regress/ec2n/ec2ntest.c @@ -0,0 +1,146 @@ +/* $Id: ec2ntest.c,v 1.1 1998/11/15 00:03:50 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +/* + * B2N is a module for doing arithmetic on the Field GF(2**n) which is + * isomorph to ring of polynomials GF(2)[x]/p(x) where p(x) is an + * irreduciable polynomial over GF(2)[x] with grade n. + */ + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> + +#include "math_2n.h" +#include "math_ec2n.h" + +#define CMP_FAIL(n,x) b2n_sprint (buf, n); if (strcmp (buf, (x))) \ + printf ("FAILED: %s != %s ", buf, x); else printf ("OKAY "); + +int +main (void) +{ + b2n_t k; + ec2np_t p, q, r; + ec2ng_t g; + char buf[200]; + + b2n_init (k); + ec2np_init (p); + ec2np_init (q); + ec2np_init (r); + ec2ng_init (g); + + printf ("Testing: ec2ng_set* :"); + /* Init Group */ + ec2ng_set_p_str (g, "0x0800000000000000000000004000000000000001"); + CMP_FAIL (g->p, "0x0800000000000000000000004000000000000001"); + ec2ng_set_a_ui (g, 0); + CMP_FAIL (g->a, "0x00"); + ec2ng_set_b_str (g, "0x07338f"); + CMP_FAIL (g->b, "0x07338f"); + + printf ("\nTesting: ec2np_find_y: "); + /* Init Point */ + ec2np_set_x_ui (p, 0x7b); + ec2np_find_y (p, g); + + CMP_FAIL (p->y, "0x01c8"); + + printf ("\nTesting: ec2np_ison: "); + if (ec2np_ison (p, g)) + printf ("OKAY "); + else + printf ("FAILED "); + + ec2np_set_x_ui (q, 0x4); + ec2np_find_y (q, g); + if (ec2np_ison (q, g)) + printf ("OKAY "); + else + printf ("FAILED "); + + printf ("\nTesting: ec2np_add: "); + ec2np_set (r, p); + b2n_add (r->y, r->y, r->x); + ec2np_add (r, r, p, g); + if (!r->inf) + printf ("FAILED "); + else + printf ("OKAY "); + + ec2np_add (q, p, q, g); + CMP_FAIL (q->x, "0x06f32d7cc82cec8612a87a86e026350fb7595469"); + CMP_FAIL (q->y, "0x4ab92e21e51358ca8deab3fbbc9f7d8a7d1575"); + if (ec2np_ison (q, g)) + printf ("OKAY "); + else + printf ("FAILED "); + + ec2np_add (p, q, q, g); + CMP_FAIL (p->x, "0x0390001461385559a22ac9b6181c1e1889b38451"); + CMP_FAIL (p->y, "0x0188e61f38d747d7813c6a8b33d14dfb7418b04c"); + if (ec2np_ison (p, g)) + printf ("OKAY "); + else + printf ("FAILED "); + + printf ("\nTesting: ec2np_mul: "); + b2n_set_ui (k, 57); + ec2np_set (q, p); + ec2np_mul (q, q, k, g); + if (ec2np_ison (q, g)) + printf ("OKAY "); + else + printf ("FAILED "); + CMP_FAIL (q->x, "0x06bcf88caab88f99399350c46559da3b91afbf9d"); + + b2n_set_str (k, "0x0800000000000000000057db5698537193aef943"); + ec2np_set (q, p); + ec2np_mul (q, q, k, g); + if (ec2np_ison (q, g)) + printf ("OKAY "); + else + printf ("FAILED "); + CMP_FAIL (q->x, "0x0390001461385559a22ac9b6181c1e1889b38451"); + + printf ("\n"); + ec2np_clear (p); + ec2np_clear (q); + ec2np_clear (r); + ec2ng_clear (g); + b2n_clear (k); + return 1; +} diff --git a/sbin/isakmpd/regress/exchange/Makefile b/sbin/isakmpd/regress/exchange/Makefile new file mode 100644 index 00000000000..b2e08338197 --- /dev/null +++ b/sbin/isakmpd/regress/exchange/Makefile @@ -0,0 +1,58 @@ +# $Id: Makefile,v 1.1 1998/11/15 00:03:50 niklas Exp $ + +# +# Copyright (c) 1998 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Ericsson Radio Systems. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson Radio Systems. +# + +TOPOBJ!= cd ${.CURDIR}/../..; printf "all:\n\t@pwd\n" |${MAKE} -f- +RUN= ISAKMPD=${TOPOBJ}/isakmpd ${.CURDIR}/run.sh + +TESTS= def + +all: + +test: ${TESTS:S/^/test-/} + +.for TEST in ${TESTS} +test-${TEST}: +.ifdef ONLY_INIT + @echo Testing "${TEST}" test as initiator + @${RUN} ${RUNFLAGS} ${.CURDIR}/${TEST} +.endif +.ifdef ONLY_RESP + @echo Testing "${TEST}" test as responder + @${RUN} -r ${RUNFLAGS} ${.CURDIR}/${TEST} +.endif +.endfor + +.include <bsd.obj.mk> +.include <bsd.subdir.mk> diff --git a/sbin/isakmpd/regress/exchange/def-i.1 b/sbin/isakmpd/regress/exchange/def-i.1 Binary files differnew file mode 100644 index 00000000000..17122493534 --- /dev/null +++ b/sbin/isakmpd/regress/exchange/def-i.1 diff --git a/sbin/isakmpd/regress/exchange/def-r.1 b/sbin/isakmpd/regress/exchange/def-r.1 Binary files differnew file mode 100644 index 00000000000..56f5e627c8e --- /dev/null +++ b/sbin/isakmpd/regress/exchange/def-r.1 diff --git a/sbin/isakmpd/regress/exchange/run.sh b/sbin/isakmpd/regress/exchange/run.sh new file mode 100644 index 00000000000..eb26c066c9d --- /dev/null +++ b/sbin/isakmpd/regress/exchange/run.sh @@ -0,0 +1,141 @@ +#!/bin/sh +# $Id: run.sh,v 1.1 1998/11/15 00:03:50 niklas Exp $ + +# +# Copyright (c) 1998 Niklas Hallqvist. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# 3. All advertising materials mentioning features or use of this software +# must display the following acknowledgement: +# This product includes software developed by Niklas Hallqvist. +# 4. The name of the author may not be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +# +# This code was written under funding by Ericsson. +# + +# Defaults +SRCPORT=1500 +DSTPORT=1501 +FIFO=test.fifo +TIMEOUT=2 + +NC=${NC:-/usr/bin/nc} +ISAKMPD=${ISAKMPD:-/usr/sbin/isakmpd} + +progname=`basename $0` +indent=`echo -n $progname |sed 's/./ /g'` +seed=980801 +initiator=yes +retval=0 +verbose=no +clean=yes + +usage () +{ + echo "usage: $progname [-nrv] [-d dst-port] [-f fifo] [-s src-port]" >&2 + echo " $indent [-t timeout] testsuite" >&2 + exit 2 +} + +set -- `getopt d:f:nrs:t:v $*` +if [ $? != 0 ]; then + usage +fi +for i; do + case "$i" in + -d) + DSTPORT=$2; shift; shift;; + -f) + FIFO=$2; shift; shift;; + -n) + clean=no; shift;; + -r) + initiator=no; shift;; + -s) + SRCPORT=$2; shift; shift;; + -t) + TIMEOUT=$2; shift; shift;; + -v) + verbose=yes; shift;; + --) + shift; break;; + esac +done + +if [ $# -eq 1 ]; then + suite=$1 +else + usage +fi + +[ ${verbose} = yes ] && set -x + +# Start isakmpd and wait for the fifo to get created +rm -f ${FIFO} +${ISAKMPD} -d -p${SRCPORT} -f${FIFO} -r${seed} & +isakmpd_pid=$! +trap 'kill $isakmpd_pid; rm -f${FIFO}; [ $clean = yes ] && rm -f packet' 1 2 15 +while [ ! -p ${FIFO} ]; do + sleep 1 +done + +# Start the exchange +if [ $initiator = yes ]; then + ${NC} -nul -w${TIMEOUT} -p${DSTPORT} 127.0.0.1 </dev/null >packet & +# ${NC} -nu -w${TIMEOUT} -p${DSTPORT} 127.0.0.1 ${SRCPORT} </dev/null >packet + sleep 1 + echo "c udp 127.0.0.1:${DSTPORT} 2 1" >${FIFO} + in_packets=`ls ${suite}-i.* 2>/dev/null` + out_packets=`ls ${suite}-r.* 2>/dev/null` +else + in_packets=`ls ${suite}-r.* 2>/dev/null` + out_packets=`ls ${suite}-i.* 2>/dev/null` +fi +his_turn=$initiator +while [ \( $his_turn = yes -a X"$in_packets" != X \) \ + -o \( $his_turn = no -a X"$out_packets" != X \) ]; do + if [ $his_turn = no ]; then + set $out_packets + packet=$1 + shift + out_packets=$* + cat $packet |${NC} -nu -w${TIMEOUT} -p${DSTPORT} 127.0.0.1 ${SRCPORT} \ + >packet + my_turn=no + else + set $in_packets + packet=$1 + shift + in_packets=$* + if ! cmp $packet packet 2>/dev/null; then + retval=1 + break + fi + my_turn=yes + fi +done +kill $isakmpd_pid +rm -f ${FIFO} +[ $clean = yes ] && rm -f packet +exit $retval diff --git a/sbin/isakmpd/regress/group/Makefile b/sbin/isakmpd/regress/group/Makefile new file mode 100644 index 00000000000..85ac9019fab --- /dev/null +++ b/sbin/isakmpd/regress/group/Makefile @@ -0,0 +1,14 @@ +# Test Group: + +PROG= grouptest +SRCS= math_2n.c math_ec2n.c math_group.c grouptest.c util.c \ + log.c sysdep.c gmp_util.c +.PATH: ${.CURDIR}/../../ +NOMAN= +TOPOBJ!= cd ${.CURDIR}/../..; printf "all:\n\t@pwd\n" |${MAKE} -f- +CFLAGS+= -I${TOPOBJ} -I${.CURDIR}/../../ -Wall +LDADD+= -lgmp +DPADD+= ${LIBGMP} +DEBUG= -g + +.include <bsd.prog.mk> diff --git a/sbin/isakmpd/regress/group/grouptest.c b/sbin/isakmpd/regress/group/grouptest.c new file mode 100644 index 00000000000..7d4b16bb612 --- /dev/null +++ b/sbin/isakmpd/regress/group/grouptest.c @@ -0,0 +1,125 @@ +/* $Id: grouptest.c,v 1.1 1998/11/15 00:03:50 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +/* + * This module exercises the operations supplied by the group abstraction. + */ + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> + +#include "math_2n.h" +#include "math_ec2n.h" +#include "math_group.h" + +#define DUMP_X(_x_) point = (_x_); b2n_print (point->x); + +int +main (void) +{ + int i; + char buf[100]; + char buf2[100]; + struct group *group, *group2; + ec2np_ptr point; + + group_init (); + group = group_get (3); + group2 = group_get (3); + + printf ("Testing: setraw, getraw: "); + for (i = 0; i < 20; i++) + buf[i] = i; + + group->setraw (group, group->c, buf, 20); + if (group->getlen (group) != 20) + printf ("FAILED "); + else + printf ("OKAY "); + + group->getraw (group, group->c, buf2); + for (i = 0; i < 20; i++) + if (buf2[i] != i) + break; + if (i < 20) + printf ("FAILED "); + else + printf ("OKAY "); + + printf ("\nTesting: setrandom: "); + group->setrandom (group, group->c); + DUMP_X (group->c); + group2->setrandom (group2, group2->c); + DUMP_X (group2->c); + + printf ("\nTesting: operation:\n"); + group->operation (group, group->a, group->gen, group->c); + point = group->a; + printf ("\tX (%d): ", point->x->chunks); b2n_print (point->x); + printf ("\tY (%d): ", point->y->chunks); b2n_print (point->y); + + group2->operation (group2, group2->a, group2->gen, group2->c); + point = group2->a; + printf ("\tX (%d): ", point->x->chunks); b2n_print (point->x); + printf ("\tY (%d): ", point->y->chunks); b2n_print (point->y); + + printf ("Exchange Value 1: "); b2n_print (group->d); + printf ("Exchange Value 2: "); b2n_print (group2->d); + + printf ("Testing: operation ...:\n"); + group->getraw (group, group->a, buf); + group2->setraw (group2, group2->b, buf, 20); + + group2->getraw (group2, group2->a, buf); + group->setraw (group, group->b, buf, 20); + + group2->operation (group2, group2->a, group2->b, group2->c); + printf ("Exchange Value 21: "); DUMP_X (group2->a); + + group->operation (group, group->a, group->b, group->c); + printf ("Exchange Value 12: "); DUMP_X (group->a); + + group->getraw (group, group->a, buf); + group2->getraw (group2, group2->a, buf2); + printf ("Testing: operation ...: "); + if (memcmp(buf, buf2, 20)) + printf ("FAILED "); + else + printf ("OKAY "); + + printf ("\n"); + return 1; +} diff --git a/sbin/isakmpd/regress/hmac/Makefile b/sbin/isakmpd/regress/hmac/Makefile new file mode 100644 index 00000000000..009bd692d33 --- /dev/null +++ b/sbin/isakmpd/regress/hmac/Makefile @@ -0,0 +1,10 @@ +# Test HMAC: + +PROG= hmactest +SRCS= hash.c hmactest.c +.PATH: ${.CURDIR}/../../ +NOMAN= +CFLAGS+= -I${.CURDIR}/../../ -Wall +DEBUG= -g + +.include <bsd.prog.mk>
\ No newline at end of file diff --git a/sbin/isakmpd/regress/hmac/hmactest.c b/sbin/isakmpd/regress/hmac/hmactest.c new file mode 100644 index 00000000000..487f5a61c3d --- /dev/null +++ b/sbin/isakmpd/regress/hmac/hmactest.c @@ -0,0 +1,97 @@ +/* $Id: hmactest.c,v 1.1 1998/11/15 00:03:50 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <sys/param.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +#include "hash.h" + +int test_hmac(char *, struct hash *, char *, int, char *, int, char *); + +#define nibble2c(x) ((x) >= 10 ? ('a'-10+(x)) : ('0' + (x))) + +int +main (void) +{ + char key[100]; + + memset(key, 11, 20); + test_hmac ("HMAC-MD5 Test Case 1", hash_get (HASH_MD5), + key, 16, "Hi There", 8, "9294727a3638bb1c13f48ef8158bfc9d"); + test_hmac ("HMAC-MD5 Test Case 2", hash_get (HASH_MD5), + "Jefe", 4, + "what do ya want for nothing?", 28, + "750c783e6ab0b503eaa86e310a5db738"); + test_hmac ("HMAC-SHA1 Test Case 1", hash_get (HASH_SHA1), + key, 20, "Hi There", 8, + "b617318655057264e28bc0b6fb378c8ef146be00"); + test_hmac ("HMAC-SHA1 Test Case 2", hash_get (HASH_SHA1), + "Jefe", 4, "what do ya want for nothing?", 28, + "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79"); + + return 1; +} + +int +test_hmac(char *test, struct hash *hash, char *key, int klen, + char *data, int dlen, char *cmp) +{ + char output[2*HASH_MAX+1]; + int i; + + printf("Testing %s: ", test); + + hash->HMACInit(hash, key, klen); + hash->Update(hash->ctx, data, dlen); + hash->HMACFinal(hash->digest, hash); + + for (i=0; i<hash->hashsize; i++) + { + output[2*i] = nibble2c((hash->digest[i] >> 4) & 0xf); + output[2*i+1] = nibble2c(hash->digest[i] & 0xf); + } + output[2*i] = 0; + + if (!strcmp(output, cmp)) + { + printf("OKAY\n"); + return 1; + } + + printf("%s <-> %s\n", output, cmp); + return 0; +} diff --git a/sbin/isakmpd/regress/pkcs/Makefile b/sbin/isakmpd/regress/pkcs/Makefile new file mode 100644 index 00000000000..05a9566ca77 --- /dev/null +++ b/sbin/isakmpd/regress/pkcs/Makefile @@ -0,0 +1,13 @@ +# Test PKCS#1 + +PROG= pkcstest +SRCS= log.c asn.c gmp_util.c pkcs.c pkcstest.c sysdep.c \ + asn_useful.c hash.c +.PATH: ${.CURDIR}/../../ +LDADD+= -lgmp +DPADD+= ${LIBDES} +NOMAN= +CFLAGS+= -I${.CURDIR}/../../ -Wall +DEBUG= -g + +.include <bsd.prog.mk> diff --git a/sbin/isakmpd/regress/pkcs/pkcstest.c b/sbin/isakmpd/regress/pkcs/pkcstest.c new file mode 100644 index 00000000000..1e1f520c6b4 --- /dev/null +++ b/sbin/isakmpd/regress/pkcs/pkcstest.c @@ -0,0 +1,124 @@ +/* $Id: pkcstest.c,v 1.1 1998/11/15 00:03:50 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <sys/param.h> +#include <ctype.h> +#include <stdio.h> +#include <gmp.h> +#include <stdlib.h> +#include <string.h> + +#include "gmp_util.h" +#include "asn.h" +#include "pkcs.h" + +#define nibble2bin(y) (tolower((y)) < 'a' ? (y) - '0': tolower((y)) - 'a' + 10) +#define hexchar2bin(x) ((nibble2bin((x)[0]) << 4) + nibble2bin((x)[1])) +#define nibble2c(x) ((x) >= 10 ? ('a'-10+(x)) : ('0' + (x))) + +void asc2bin (u_int8_t *bin, u_int8_t *asc, u_int16_t len) +{ + int i; + + for (i = 0; i < len; i += 2, asc += 2) + { + *bin++ = hexchar2bin(asc); + } +} + +int +main (void) +{ + char buf[500]; + char *publickey = "304702400a66791dc6988168de7ab77419bb7fb0c001c6271027" + "0075142942e19a8d8c51d053b3e3782a1de5dc5af4ebe99468170114a1dfe67cdc9a9" + "af55d655620bbab0203010001"; + char *privatekey = "3082013602010002400a66791dc6988168de7ab77419bb7fb0c001" + "c62710270075142942e19a8d8c51d053b3e3782a1de5dc5af4ebe99468170114a1dfe67" + "cdc9a9af55d655620bbab020301000102400123c5b61ba36edb1d3679904199a89ea80c" + "09b9122e1400c09adcf7784676d01d23356a7d44d6bd8bd50e94bfc723fa87d8862b751" + "77691c11d757692df8881022033d48445c859e52340de704bcdda065fbb4058d740bd1d" + "67d29e9c146c11cf610220335e8408866b0fd38dc7002d3f972c67389a65d5d8306566d" + "5c4f2a5aa52628b0220045ec90071525325d3d46db79695e9afacc4523964360e02b119" + "baa366316241022015eb327360c7b60d12e5e2d16bdcd97981d17fba6b70db13b20b436" + "e24eada5902202ca6366d72781dfa24d34a9a24cbc2ae927a9958af426563ff63fb1165" + "8a461d"; + char *data = "Niels ist ein Luser!"; + u_int8_t *enc, *dec; + u_int16_t len; + u_int32_t enclen; + int erg = 0; + + struct rsa_public_key key; + struct rsa_private_key priv; + + asc2bin (buf, publickey, strlen (publickey)); + pkcs_public_key_from_asn (&key, buf, sizeof (buf)); + + printf ("n: 0x"); mpz_out_str (stdout, 16, key.n); + printf ("\ne: 0x"); mpz_out_str (stdout, 16, key.e); + printf ("\n"); + + asc2bin (buf, privatekey, strlen (privatekey)); + pkcs_private_key_from_asn (&priv, buf, sizeof (buf)); + + printf ("n: 0x"); mpz_out_str (stdout, 16, priv.n); + printf ("\ne: 0x"); mpz_out_str (stdout, 16, priv.e); + printf ("\nd: 0x"); mpz_out_str (stdout, 16, priv.d); + printf ("\np: 0x"); mpz_out_str (stdout, 16, priv.p); + printf ("\nq: 0x"); mpz_out_str (stdout, 16, priv.q); + printf ("\n"); + + printf ("Testing Signing/Verifying: "); + /* Sign with Private Key */ + if (!pkcs_rsa_encrypt (PKCS_PRIVATE, priv.n, priv.d, data, strlen(data)+1, + &enc, &enclen)) + printf ("FAILED "); + else + /* Decrypt/Verify with Public Key */ + erg = pkcs_rsa_decrypt (PKCS_PRIVATE, key.n, key.e, enc, &dec, &len); + + if (!erg || strcmp(data,dec)) + printf ("FAILED "); + else + printf ("OKAY "); + + printf ("\n"); + + pkcs_free_public_key (&key); + pkcs_free_private_key (&priv); + + return 1; +} diff --git a/sbin/isakmpd/regress/prf/Makefile b/sbin/isakmpd/regress/prf/Makefile new file mode 100644 index 00000000000..7d58f825d23 --- /dev/null +++ b/sbin/isakmpd/regress/prf/Makefile @@ -0,0 +1,10 @@ +# Test HMAC: + +PROG= prftest +SRCS= log.c prf.c hash.c prftest.c +.PATH: ${.CURDIR}/../../ +NOMAN= +CFLAGS+= -I${.CURDIR}/../../ -Wall +DEBUG= -g + +.include <bsd.prog.mk> diff --git a/sbin/isakmpd/regress/prf/prftest.c b/sbin/isakmpd/regress/prf/prftest.c new file mode 100644 index 00000000000..1ba253865aa --- /dev/null +++ b/sbin/isakmpd/regress/prf/prftest.c @@ -0,0 +1,115 @@ +/* $Id: prftest.c,v 1.1 1998/11/15 00:03:50 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <sys/param.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> + +#include "hash.h" +#include "prf.h" + +int test_prf(char *, enum hashes, char *, int, char *, int, char *); + +#define nibble2c(x) ((x) >= 10 ? ('a'-10+(x)) : ('0' + (x))) + +/* + * Basically the same as the HMAC regress, but to keep with modularity + * prf seems to be useful. So here we just check the HMAC test cases, + * until there are more PRFs. + */ + +int +main (void) +{ + char key[100]; + + memset(key, 11, 20); + test_prf ("PRF MD5 Test Case 1", HASH_MD5, + key, 16, "Hi There", 8, "9294727a3638bb1c13f48ef8158bfc9d"); + test_prf ("PRF MD5 Test Case 2", HASH_MD5, + "Jefe", 4, + "what do ya want for nothing?", 28, + "750c783e6ab0b503eaa86e310a5db738"); + test_prf ("PRF SHA1 Test Case 1", HASH_SHA1, + key, 20, "Hi There", 8, + "b617318655057264e28bc0b6fb378c8ef146be00"); + test_prf ("PRF SHA1 Test Case 2", HASH_SHA1, + "Jefe", 4, "what do ya want for nothing?", 28, + "effcdf6ae5eb2fa2d27416d5f184df9c259a7c79"); + + return 1; +} + +int +test_prf(char *test, enum hashes hash, char *key, int klen, + char *data, int dlen, char *cmp) +{ + char output[2*HASH_MAX+1]; + char digest[HASH_MAX]; + struct prf *prf; + int i; + + printf("Testing %s: ", test); + + prf = prf_alloc(PRF_HMAC, hash, key, klen); + if (prf == NULL) + { + printf("prf_alloc() returned NULL\n"); + return 0; + } + + prf->Init(prf->prfctx); + prf->Update(prf->prfctx, data, dlen); + prf->Final(digest, prf->prfctx); + + prf_free(prf); + + for (i=0; i<prf->blocksize; i++) + { + output[2*i] = nibble2c((digest[i] >> 4) & 0xf); + output[2*i+1] = nibble2c(digest[i] & 0xf); + } + output[2*i] = 0; + + if (!strcmp(output, cmp)) + { + printf("OKAY\n"); + return 1; + } + + printf("%s <-> %s\n", output, cmp); + return 0; +} diff --git a/sbin/isakmpd/regress/rsakeygen/Makefile b/sbin/isakmpd/regress/rsakeygen/Makefile new file mode 100644 index 00000000000..95db8b1c9a6 --- /dev/null +++ b/sbin/isakmpd/regress/rsakeygen/Makefile @@ -0,0 +1,12 @@ +# RSA Key Generation + +PROG= rsakeygen +SRCS= log.c asn.c gmp_util.c pkcs.c rsakeygen.c sysdep.c +.PATH: ${.CURDIR}/../../ +LDADD+= -lgmp +DPADD+= ${LIBDES} +NOMAN= +CFLAGS+= -I${.CURDIR}/../../ -Wall +DEBUG= -g + +.include <bsd.prog.mk> diff --git a/sbin/isakmpd/regress/rsakeygen/rsakeygen.c b/sbin/isakmpd/regress/rsakeygen/rsakeygen.c new file mode 100644 index 00000000000..665a5c25fe2 --- /dev/null +++ b/sbin/isakmpd/regress/rsakeygen/rsakeygen.c @@ -0,0 +1,121 @@ +/* $Id: rsakeygen.c,v 1.1 1998/11/15 00:03:50 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <sys/param.h> +#include <ctype.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <gmp.h> + +#include "log.h" +#include "gmp_util.h" +#include "asn.h" +#include "pkcs.h" + +#define nibble2bin(y) (tolower((y)) < 'a' ? (y) - '0': tolower((y)) - 'a' + 10) +#define hexchar2bin(x) ((nibble2bin((x)[0]) << 4) + nibble2bin((x)[1])) +#define nibble2c(x) ((x) >= 10 ? ('a'-10+(x)) : ('0' + (x))) + +void asc2bin (u_int8_t *bin, u_int8_t *asc, u_int16_t len) +{ + int i; + + for (i = 0; i < len; i += 2, asc += 2) + { + *bin++ = hexchar2bin(asc); + } +} + +int +main (void) +{ + char *data = "Niels ist ein Luser!"; + u_int8_t *enc, *dec, *asn; + u_int32_t enclen; + u_int16_t len; + FILE *fd; + int erg = 0; + + struct rsa_public_key key; + struct rsa_private_key priv; + + log_debug_cmd ((enum log_classes)LOG_CRYPTO, 99); + pkcs_generate_rsa_keypair (&key, &priv, 1024); + + printf ("n: 0x"); mpz_out_str (stdout, 16, key.n); + printf ("\ne: 0x"); mpz_out_str (stdout, 16, key.e); + printf ("\n"); + + printf ("n: 0x"); mpz_out_str (stdout, 16, priv.n); + printf ("\ne: 0x"); mpz_out_str (stdout, 16, priv.e); + printf ("\nd: 0x"); mpz_out_str (stdout, 16, priv.d); + printf ("\np: 0x"); mpz_out_str (stdout, 16, priv.p); + printf ("\nq: 0x"); mpz_out_str (stdout, 16, priv.q); + printf ("\n"); + + printf ("Testing Signing/Verifying: "); + /* Sign with Private Key */ + if (!pkcs_rsa_encrypt (PKCS_PRIVATE, priv.n, priv.d, data, strlen(data)+1, + &enc, &enclen)) + printf ("FAILED "); + else + /* Decrypt/Verify with Public Key */ + erg = pkcs_rsa_decrypt (PKCS_PRIVATE, key.n, key.e, enc, &dec, &len); + + if (!erg || strcmp(data,dec)) + printf ("FAILED "); + else + printf ("OKAY "); + + printf ("\n"); + + asn = pkcs_public_key_to_asn (&key); + fd = fopen ("isakmpd_key.pub", "w"); + fwrite (asn, asn_get_len (asn), 1, fd); + fclose (fd); + free (asn); + + asn = pkcs_private_key_to_asn (&priv); + fd = fopen ("isakmpd_key", "w"); + fwrite (asn, asn_get_len (asn), 1, fd); + fclose (fd); + free (asn); + + pkcs_free_public_key (&key); + pkcs_free_private_key (&priv); + + return 1; +} diff --git a/sbin/isakmpd/regress/x509/Makefile b/sbin/isakmpd/regress/x509/Makefile new file mode 100644 index 00000000000..3a7bdc0a7b3 --- /dev/null +++ b/sbin/isakmpd/regress/x509/Makefile @@ -0,0 +1,14 @@ +# Test X509 + +PROG= x509test +SRCS= x509test.c conf.c asn.c asn_useful.c gmp_util.c log.c pkcs.c \ + sysdep.c hash.c x509.c +TOPOBJ!= cd ${.CURDIR}/../..; printf "all:\n\t@pwd\n" |${MAKE} -f- +.PATH: ${.CURDIR}/../.. ${TOPOBJ} +LDADD+= -lgmp +DPADD+= ${LIBDES} +NOMAN= +CFLAGS+= -I${.CURDIR}/../.. -I${TOPOBJ} -Wall +DEBUG= -g + +.include <bsd.prog.mk> diff --git a/sbin/isakmpd/regress/x509/certificate.txt b/sbin/isakmpd/regress/x509/certificate.txt new file mode 100644 index 00000000000..5ebe7b81482 --- /dev/null +++ b/sbin/isakmpd/regress/x509/certificate.txt @@ -0,0 +1,8 @@ +version: 2 +serialnumber: 0 +issuer1: SE +issuer2: We, our grandmother and God himself +subject1: SE +subject2: We, our grandmother and God himself +start: 980101000000Z +end: 990101000000Z diff --git a/sbin/isakmpd/regress/x509/x509test.c b/sbin/isakmpd/regress/x509/x509test.c new file mode 100644 index 00000000000..f481029adf4 --- /dev/null +++ b/sbin/isakmpd/regress/x509/x509test.c @@ -0,0 +1,165 @@ +/* $Id: x509test.c,v 1.1 1998/11/15 00:03:50 niklas Exp $ */ + +/* + * Copyright (c) 1998 Niels Provos. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * This product includes software developed by Ericsson Radio Systems. + * 4. The name of the author may not be used to endorse or promote products + * derived from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#include <sys/param.h> +#include <sys/types.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <ctype.h> +#include <fcntl.h> +#include <stdio.h> +#include <gmp.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include "conf.h" +#include "asn.h" +#include "asn_useful.h" +#include "pkcs.h" +#include "x509.h" +#include "log.h" + +u_int32_t file_sz; + +#define LINECOL(x,y) (x) = strsep (&(y), "\n\r"); \ + (x) = strchr ((x), ':') + 1; \ + while (isspace((x)[0])) (x)++; \ + + +u_int8_t * +open_file (char *name) +{ + int fd; + struct stat st; + u_int8_t *addr; + + if (stat (name, &st) == -1) + log_fatal ("stat (\"%s\", &st)", name); + file_sz = st.st_size; + fd = open (name, O_RDONLY); + if (fd == -1) + log_fatal ("open (\"%s\", O_RDONLY)", name); + addr = mmap (0, file_sz, PROT_READ | PROT_WRITE, MAP_FILE | MAP_PRIVATE, + fd, 0); + if (!addr) + log_fatal ("mmap (0, %d, PROT_READ | PROT_WRITE, MAP_FILE | MAP_PRIVATE," + "%d, 0)", file_sz, fd); + close (fd); + + return addr; +} + +int +main (void) +{ + struct rsa_private_key priv; + struct x509_certificate cert; + FILE *fd; + char *p, *p2; + u_int8_t *addr, *asn; + u_int32_t asnlen, len; + + addr = open_file ("isakmpd_key"); + if (!pkcs_private_key_from_asn (&priv, addr, asn_get_len (addr))) + { + munmap (addr, file_sz); + exit (1); + } + munmap (addr, file_sz); + + addr = open_file ("isakmpd_key.pub"); + if (!pkcs_public_key_from_asn (&cert.key, addr, asn_get_len (addr))) + { + munmap (addr, file_sz); + exit (1); + } + munmap (addr, file_sz); + + cert.signaturetype = strdup (ASN_ID_MD5WITHRSAENC); + cert.issuer1.type = strdup (ASN_ID_COUNTRY_NAME); + cert.issuer2.type = strdup (ASN_ID_ORGANIZATION_NAME); + cert.subject1.type = strdup (ASN_ID_COUNTRY_NAME); + cert.subject2.type = strdup (ASN_ID_ORGANIZATION_NAME); + + addr = open_file ("certificate.txt"); + p = addr; + + LINECOL (p2, p); cert.version = atoi (p2); + LINECOL (p2, p); cert.serialnumber = atoi (p2); + LINECOL (p2, p); cert.issuer1.val = strdup (p2); + LINECOL (p2, p); cert.issuer2.val = strdup (p2); + LINECOL (p2, p); cert.subject1.val = strdup (p2); + LINECOL (p2, p); cert.subject2.val = strdup (p2); + LINECOL (p2, p); cert.start = strdup (p2); + LINECOL (p2, p); cert.end = strdup (p2); + munmap (addr, file_sz); + + /* XXX - just put any IP number in there - XXX */ + cert.extension.type = strdup (ASN_ID_SUBJECT_ALT_NAME); + cert.extension.val = p = malloc (8); + /* XXX - this could also be encoded as norm_type, but time is lacking */ + p[0] = 0x30; p[1] = 0x06; p[2] = 0x87; p[3] = 0x04; + memset (p + 4, 0, 4); + + printf ("Encoding Certificiate: "); + if (!x509_encode_certificate(&cert, &asn, &asnlen)) + printf ("FAILED "); + else + printf ("OKAY "); + printf ("\n"); + + printf ("Creating Signature: "); + if (!x509_create_signed (asn, asnlen, &priv, &addr, &len)) + printf ("FAILED "); + else + printf ("OKAY "); + printf ("\n"); + + printf ("Validate SIGNED: "); + if (!x509_validate_signed (addr, len, &cert.key, &asn, &asnlen)) + printf ("FAILED "); + else + printf ("OKAY "); + printf ("\n"); + + fd = fopen ("cert.asn", "w"); + fwrite (addr, len, 1, fd); + fclose (fd); + + free (addr); + + return 1; +} |