From f71dce662eda1652f2214465d688a12c8bdba2b5 Mon Sep 17 00:00:00 2001 From: Simon Tatham Date: Tue, 15 Jan 2019 19:51:10 +0000 Subject: [PATCH] Add comprehensive DES test vectors. I found some that look pretty good - in particular exercising every entry in every S-box. These will come in useful when I finish writing a replacement for the venerable current DES implementation. --- test/cryptsuite.py | 145 +++++++++++++++++++++++++++++++++++++++++++++ testcrypt.c | 1 - 2 files changed, 145 insertions(+), 1 deletion(-) diff --git a/test/cryptsuite.py b/test/cryptsuite.py index 4753edd3..3f6cdce3 100755 --- a/test/cryptsuite.py +++ b/test/cryptsuite.py @@ -977,6 +977,151 @@ class standard_test_vectors(MyTestBase): vector('aes256', fullkey[:32], plaintext, unhex('8ea2b7ca516745bfeafc49904b496089')) + def testDES(self): + c = ssh2_cipher_new("des") + def vector(key, plaintext, ciphertext): + key = unhex(key) + plaintext = unhex(plaintext) + ciphertext = unhex(ciphertext) + + # Similarly to above, we fake DES ECB by using DES CBC and + # resetting the IV to zero all the time + ssh2_cipher_setkey(c, key) + ssh2_cipher_setiv(c, b'\x00' * 8) + self.assertEqualBin(ssh2_cipher_encrypt(c, plaintext), ciphertext) + ssh2_cipher_setiv(c, b'\x00' * 8) + self.assertEqualBin(ssh2_cipher_decrypt(c, ciphertext), plaintext) + + # Source: FIPS SP PUB 500-20 + + # 'Initial permutation and expansion tests': key fixed at 8 + # copies of the byte 01, but ciphertext and plaintext in turn + # run through all possible values with exactly 1 bit set. + # Expected plaintexts and ciphertexts (respectively) listed in + # the arrays below. + ipe_key = '01' * 8 + ipe_plaintexts = [ +'166B40B44ABA4BD6', '06E7EA22CE92708F', 'D2FD8867D50D2DFE', 'CC083F1E6D9E85F6', +'5B711BC4CEEBF2EE', '0953E2258E8E90A1', 'E07C30D7E4E26E12', '2FBC291A570DB5C4', +'DD7C0BBD61FAFD54', '48221B9937748A23', 'E643D78090CA4207', '8405D1ABE24FB942', +'CE332329248F3228', '1D1CA853AE7C0C5F', '5D86CB23639DBEA9', '1029D55E880EC2D0', +'8DD45A2DDF90796C', 'CAFFC6AC4542DE31', 'EA51D3975595B86B', '8B54536F2F3E64A8', +'866ECEDD8072BB0E', '79E90DBC98F92CCA', 'AB6A20C0620D1C6F', '25EB5FC3F8CF0621', +'4D49DB1532919C9F', '814EEB3B91D90726', '5E0905517BB59BCF', 'CA3A2B036DBC8502', +'FA0752B07D9C4AB8', 'B160E4680F6C696F', 'DF98C8276F54B04B', 'E943D7568AEC0C5C', +'AEB5F5EDE22D1A36', 'E428581186EC8F46', 'E1652C6B138C64A5', 'D106FF0BED5255D7', +'9D64555A9A10B852', 'F02B263B328E2B60', '64FEED9C724C2FAF', '750D079407521363', +'FBE00A8A1EF8AD72', 'A484C3AD38DC9C19', '12A9F5817FF2D65D', 'E7FCE22557D23C97', +'329A8ED523D71AEC', 'E19E275D846A1298', '889DE068A16F0BE6', '2B9F982F20037FA9', +'F356834379D165CD', 'ECBFE3BD3F591A5E', 'E6D5F82752AD63D1', 'ADD0CC8D6E5DEBA1', +'F15D0F286B65BD28', 'B8061B7ECD9A21E5', '424250B37C3DD951', 'D9031B0271BD5A0A', +'0D9F279BA5D87260', '6CC5DEFAAF04512F', '55579380D77138EF', '20B9E767B2FB1456', +'4BD388FF6CD81D4F', '2E8653104F3834EA', 'DD7F121CA5015619', '95F8A5E5DD31D900', + ] + ipe_ciphertexts = [ +'166B40B44ABA4BD6', '06E7EA22CE92708F', 'D2FD8867D50D2DFE', 'CC083F1E6D9E85F6', +'5B711BC4CEEBF2EE', '0953E2258E8E90A1', 'E07C30D7E4E26E12', '2FBC291A570DB5C4', +'DD7C0BBD61FAFD54', '48221B9937748A23', 'E643D78090CA4207', '8405D1ABE24FB942', +'CE332329248F3228', '1D1CA853AE7C0C5F', '5D86CB23639DBEA9', '1029D55E880EC2D0', +'8DD45A2DDF90796C', 'CAFFC6AC4542DE31', 'EA51D3975595B86B', '8B54536F2F3E64A8', +'866ECEDD8072BB0E', '79E90DBC98F92CCA', 'AB6A20C0620D1C6F', '25EB5FC3F8CF0621', +'4D49DB1532919C9F', '814EEB3B91D90726', '5E0905517BB59BCF', 'CA3A2B036DBC8502', +'FA0752B07D9C4AB8', 'B160E4680F6C696F', 'DF98C8276F54B04B', 'E943D7568AEC0C5C', +'AEB5F5EDE22D1A36', 'E428581186EC8F46', 'E1652C6B138C64A5', 'D106FF0BED5255D7', +'9D64555A9A10B852', 'F02B263B328E2B60', '64FEED9C724C2FAF', '750D079407521363', +'FBE00A8A1EF8AD72', 'A484C3AD38DC9C19', '12A9F5817FF2D65D', 'E7FCE22557D23C97', +'329A8ED523D71AEC', 'E19E275D846A1298', '889DE068A16F0BE6', '2B9F982F20037FA9', +'F356834379D165CD', 'ECBFE3BD3F591A5E', 'E6D5F82752AD63D1', 'ADD0CC8D6E5DEBA1', +'F15D0F286B65BD28', 'B8061B7ECD9A21E5', '424250B37C3DD951', 'D9031B0271BD5A0A', +'0D9F279BA5D87260', '6CC5DEFAAF04512F', '55579380D77138EF', '20B9E767B2FB1456', +'4BD388FF6CD81D4F', '2E8653104F3834EA', 'DD7F121CA5015619', '95F8A5E5DD31D900', + ] + ipe_single_bits = ["{:016x}".format(1 << bit) for bit in range(64)] + for plaintext, ciphertext in zip(ipe_plaintexts, ipe_single_bits): + vector(ipe_key, plaintext, ciphertext) + for plaintext, ciphertext in zip(ipe_single_bits, ipe_ciphertexts): + vector(ipe_key, plaintext, ciphertext) + + # 'Key permutation tests': plaintext fixed at all zeroes, key + # is a succession of tweaks of the previous key made by + # replacing each 01 byte in turn with one containing a + # different single set bit (e.g. 01 20 01 01 01 01 01 01). + # Expected ciphertexts listed. + kp_ciphertexts = [ +'95A8D72813DAA94D', '0EEC1487DD8C26D5', '7AD16FFB79C45926', 'D3746294CA6A6CF3', +'809F5F873C1FD761', 'C02FAFFEC989D1FC', '4615AA1D33E72F10', '2055123350C00858', +'DF3B99D6577397C8', '31FE17369B5288C9', 'DFDD3CC64DAE1642', '178C83CE2B399D94', +'50F636324A9B7F80', 'A8468EE3BC18F06D', 'A2DC9E92FD3CDE92', 'CAC09F797D031287', +'90BA680B22AEB525', 'CE7A24F350E280B6', '882BFF0AA01A0B87', '25610288924511C2', +'C71516C29C75D170', '5199C29A52C9F059', 'C22F0A294A71F29F', 'EE371483714C02EA', +'A81FBD448F9E522F', '4F644C92E192DFED', '1AFA9A66A6DF92AE', 'B3C1CC715CB879D8', +'19D032E64AB0BD8B', '3CFAA7A7DC8720DC', 'B7265F7F447AC6F3', '9DB73B3C0D163F54', +'8181B65BABF4A975', '93C9B64042EAA240', '5570530829705592', '8638809E878787A0', +'41B9A79AF79AC208', '7A9BE42F2009A892', '29038D56BA6D2745', '5495C6ABF1E5DF51', +'AE13DBD561488933', '024D1FFA8904E389', 'D1399712F99BF02E', '14C1D7C1CFFEC79E', +'1DE5279DAE3BED6F', 'E941A33F85501303', 'DA99DBBC9A03F379', 'B7FC92F91D8E92E9', +'AE8E5CAA3CA04E85', '9CC62DF43B6EED74', 'D863DBB5C59A91A0', 'A1AB2190545B91D7', +'0875041E64C570F7', '5A594528BEBEF1CC', 'FCDB3291DE21F0C0', '869EFD7F9F265A09', + ] + kp_key_repl_bytes = ["{:02x}".format(0x80>>i) for i in range(7)] + kp_keys = ['01'*j + b + '01'*(7-j) + for j in range(8) for b in kp_key_repl_bytes] + kp_plaintext = '0' * 16 + for key, ciphertext in zip(kp_keys, kp_ciphertexts): + vector(key, kp_plaintext, ciphertext) + + # 'Data permutation test': plaintext fixed at all zeroes, + # pairs of key and expected ciphertext listed below. + dp_keys_and_ciphertexts = [ +'1046913489980131:88D55E54F54C97B4', '1007103489988020:0C0CC00C83EA48FD', +'10071034C8980120:83BC8EF3A6570183', '1046103489988020:DF725DCAD94EA2E9', +'1086911519190101:E652B53B550BE8B0', '1086911519580101:AF527120C485CBB0', +'5107B01519580101:0F04CE393DB926D5', '1007B01519190101:C9F00FFC74079067', +'3107915498080101:7CFD82A593252B4E', '3107919498080101:CB49A2F9E91363E3', +'10079115B9080140:00B588BE70D23F56', '3107911598080140:406A9A6AB43399AE', +'1007D01589980101:6CB773611DCA9ADA', '9107911589980101:67FD21C17DBB5D70', +'9107D01589190101:9592CB4110430787', '1007D01598980120:A6B7FF68A318DDD3', +'1007940498190101:4D102196C914CA16', '0107910491190401:2DFA9F4573594965', +'0107910491190101:B46604816C0E0774', '0107940491190401:6E7E6221A4F34E87', +'19079210981A0101:AA85E74643233199', '1007911998190801:2E5A19DB4D1962D6', +'10079119981A0801:23A866A809D30894', '1007921098190101:D812D961F017D320', +'100791159819010B:055605816E58608F', '1004801598190101:ABD88E8B1B7716F1', +'1004801598190102:537AC95BE69DA1E1', '1004801598190108:AED0F6AE3C25CDD8', +'1002911498100104:B3E35A5EE53E7B8D', '1002911598190104:61C79C71921A2EF8', +'1002911598100201:E2F5728F0995013C', '1002911698100101:1AEAC39A61F0A464', + ] + dp_plaintext = '0' * 16 + for key_and_ciphertext in dp_keys_and_ciphertexts: + key, ciphertext = key_and_ciphertext.split(":") + vector(key, dp_plaintext, ciphertext) + + # Tests intended to select every entry in every S-box. Full + # arbitrary triples (key, plaintext, ciphertext). + sb_complete_tests = [ + '7CA110454A1A6E57:01A1D6D039776742:690F5B0D9A26939B', + '0131D9619DC1376E:5CD54CA83DEF57DA:7A389D10354BD271', + '07A1133E4A0B2686:0248D43806F67172:868EBB51CAB4599A', + '3849674C2602319E:51454B582DDF440A:7178876E01F19B2A', + '04B915BA43FEB5B6:42FD443059577FA2:AF37FB421F8C4095', + '0113B970FD34F2CE:059B5E0851CF143A:86A560F10EC6D85B', + '0170F175468FB5E6:0756D8E0774761D2:0CD3DA020021DC09', + '43297FAD38E373FE:762514B829BF486A:EA676B2CB7DB2B7A', + '07A7137045DA2A16:3BDD119049372802:DFD64A815CAF1A0F', + '04689104C2FD3B2F:26955F6835AF609A:5C513C9C4886C088', + '37D06BB516CB7546:164D5E404F275232:0A2AEEAE3FF4AB77', + '1F08260D1AC2465E:6B056E18759F5CCA:EF1BF03E5DFA575A', + '584023641ABA6176:004BD6EF09176062:88BF0DB6D70DEE56', + '025816164629B007:480D39006EE762F2:A1F9915541020B56', + '49793EBC79B3258F:437540C8698F3CFA:6FBF1CAFCFFD0556', + '4FB05E1515AB73A7:072D43A077075292:2F22E49BAB7CA1AC', + '49E95D6D4CA229BF:02FE55778117F12A:5A6B612CC26CCE4A', + '018310DC409B26D6:1D9D5C5018F728C2:5F4C038ED12B2E41', + '1C587F1C13924FEF:305532286D6F295A:63FAC0D034D9F793', + ] + for test in sb_complete_tests: + key, plaintext, ciphertext = test.split(":") + vector(key, plaintext, ciphertext) + def testMD5(self): MD5 = lambda s: hash_str('md5', s) diff --git a/testcrypt.c b/testcrypt.c index 30f068e7..277bbfa7 100644 --- a/testcrypt.c +++ b/testcrypt.c @@ -268,7 +268,6 @@ static const ssh2_cipheralg *get_ssh2_cipheralg(BinarySource *in) {"3des_ctr", &ssh_3des_ssh2_ctr}, {"3des", &ssh_3des_ssh2}, {"des", &ssh_des_ssh2}, - {"des_sshcom", &ssh_des_sshcom_ssh2}, {"aes256_ctr", &ssh_aes256_sdctr}, {"aes256_ctr_hw", &ssh_aes256_sdctr_hw}, {"aes256_ctr_sw", &ssh_aes256_sdctr_sw},