Add the NIST AES key wrap algorithm, as specified in RFC 3394 and

http://csrc.nist.gov/groups/ST/toolkit/documents/kms/key-wrap.pdf

1 files changed, 86 insertions, 0 deletions

diff --git a/checks/validate.cpp b/checks/validate.cpp
index dd23eadc3..1f7a9013d 100644
--- a/checks/validate.cpp
+++ b/checks/validate.cpp
@@ -27,6 +27,10 @@
   #include <botan/cryptobox.h>
 #endif
 
+#if defined(BOTAN_HAS_RFC3394_KEYWRAP)
+  #include <botan/rfc3394.h>
+#endif
+
 using namespace Botan;
 
 #include "validate.h"
@@ -94,6 +98,82 @@ bool test_cryptobox(RandomNumberGenerator& rng)
    return true;
    }
 
+bool keywrap_test(const char* key_str,
+                  const char* expected_str,
+                  const char* kek_str)
+   {
+   std::cout << '.' << std::flush;
+
+   bool ok = true;
+
+   try
+      {
+      SymmetricKey key(key_str);
+      SymmetricKey expected(expected_str);
+      SymmetricKey kek(kek_str);
+
+      Algorithm_Factory& af = global_state().algorithm_factory();
+
+      SecureVector<byte> enc = rfc3394_keywrap(key.bits_of(), kek, af);
+
+      if(enc != expected.bits_of())
+         {
+         std::cout << "NIST key wrap encryption failure: "
+                   << hex_encode(enc) << " != " << hex_encode(expected.bits_of()) << "\n";
+         ok = false;
+         }
+
+      SecureVector<byte> dec = rfc3394_keyunwrap(expected.bits_of(), kek, af);
+
+      if(dec != key.bits_of())
+         {
+         std::cout << "NIST key wrap decryption failure: "
+                   << hex_encode(dec) << " != " << hex_encode(key.bits_of()) << "\n";
+         ok = false;
+         }
+      }
+   catch(std::exception& e)
+      {
+      std::cout << e.what() << "\n";
+      }
+
+   return ok;
+   }
+
+bool test_keywrap()
+   {
+   std::cout << "Testing NIST keywrap: " << std::flush;
+
+   bool ok = true;
+
+   ok &= keywrap_test("00112233445566778899AABBCCDDEEFF",
+                      "1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5",
+                      "000102030405060708090A0B0C0D0E0F");
+
+   ok &= keywrap_test("00112233445566778899AABBCCDDEEFF",
+                      "96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D",
+                      "000102030405060708090A0B0C0D0E0F1011121314151617");
+
+   ok &= keywrap_test("00112233445566778899AABBCCDDEEFF",
+                      "64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7",
+                      "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+
+   ok &= keywrap_test("00112233445566778899AABBCCDDEEFF0001020304050607",
+                      "031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2",
+                      "000102030405060708090A0B0C0D0E0F1011121314151617");
+
+   ok &= keywrap_test("00112233445566778899AABBCCDDEEFF0001020304050607",
+                      "A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1",
+                      "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+
+   ok &= keywrap_test("00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F",
+                      "28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B7A02DD21",
+                      "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F");
+
+   std::cout << "\n";
+   return ok;
+   }
+
 bool test_passhash(RandomNumberGenerator& rng)
    {
 #if defined(BOTAN_HAS_PASSHASH9)
@@ -265,6 +345,12 @@ u32bit do_validation_tests(const std::string& filename,
       errors++;
       }
 
+   if(should_pass && !test_keywrap())
+      {
+      std::cout << "NIST keywrap tests failed" << std::endl;
+      errors++;
+      }
+
    if(should_pass && !test_cryptobox(rng))
       {
       std::cout << "Cryptobox tests failed" << std::endl;