From d50f8723dc82f35a92c352a6d7fdb9d76bbad848 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Joachim=20Stro=CC=88mbergson?= <joachim@secworks.se>
Date: Fri, 29 Jun 2018 09:06:01 +0200
Subject: Added test vectors from NISTs set of vectors for SP800-38F KWP. Added
 header with short description and copyright, license used in Cryptech.

---
 src/model/aes_keywrap.py | 111 ++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 105 insertions(+), 6 deletions(-)

diff --git a/src/model/aes_keywrap.py b/src/model/aes_keywrap.py
index 382c310..49d02e1 100755
--- a/src/model/aes_keywrap.py
+++ b/src/model/aes_keywrap.py
@@ -1,10 +1,13 @@
 #!/usr/bin/env python
-
-"""
-Python implementation of RFC 5649  AES Key Wrap With Padding,
-using PyCrypto to supply the AES code.
-"""
-
+#======================================================================
+#
+# aes_keywrap.py
+# --------------
+# Python funnctional model of AES Key Wrap including test cases.
+# Used to generate test vectors for internal states to drive
+# verification of the hardware implementation.
+#
+#
 # Terminology mostly follows the RFC, including variable names.
 #
 # Block sizes get confusing: AES Key Wrap uses 64-bit blocks, not to
@@ -13,6 +16,43 @@ using PyCrypto to supply the AES code.
 # concatenate two 64-bit blocks just prior to performing an AES ECB
 # operation, then immediately split the result back into a pair of
 # 64-bit blocks.
+#
+#
+# Copyright (c) 2018, NORDUnet A/S
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# - Redistributions of source code must retain the above copyright notice,
+#   this list of conditions and the following disclaimer.
+#
+# - Redistributions in binary form must reproduce the above copyright
+#   notice, this list of conditions and the following disclaimer in the
+#   documentation and/or other materials provided with the distribution.
+#
+# - Neither the name of the NORDUnet nor the names of its contributors may
+#   be used to endorse or promote products derived from this software
+#   without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
+# IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+# PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#======================================================================
+
+"""
+Python implementation of RFC 5649  AES Key Wrap With Padding,
+using PyCrypto to supply the AES code.
+"""
 
 class AESKeyWrapWithPadding(object):
     """
@@ -155,6 +195,7 @@ if __name__ == "__main__":
             self.assertEqual(q, Q, "Input and output plaintext did not match: {} <> {}".format(self.bin2hex(Q), self.bin2hex(q)))
             self.assertEqual(c, C, "Input and output ciphertext did not match: {} <> {}".format(self.bin2hex(C), self.bin2hex(c)))
 
+
         def test_rfc5649_1(self):
             self.rfc5649_test(K = "5840df6e29b02af1 ab493b705bf16ea1 ae8338f4dcc176a8",
                               Q = "c37b7e6492584340 bed1220780894115 5068f738",
@@ -165,6 +206,7 @@ if __name__ == "__main__":
                               Q = "466f7250617369",
                               C = "afbeb0f07dfbf541 9200f2ccb50bb24f")
 
+
         def test_mangled_1(self):
             self.assertRaises(AESKeyWrapWithPadding.UnwrapError, self.rfc5649_test,
                               K = "5840df6e29b02af0 ab493b705bf16ea1 ae8338f4dcc176a8",
@@ -183,6 +225,59 @@ if __name__ == "__main__":
                               Q = "c37b7e6492584340 bed1220780894115 5068f738",
                               C = "138bdeaa9b8fa7fc 61f97742e72248ee 5ae6ae5360d1ae6a")
 
+
+        # This one should fail. But it doesn't. Que pasa?!?
+        def test_mangled_4(self):
+            self.assertRaises(AESKeyWrapWithPadding.UnwrapError, self.rfc5649_test,
+                              K = "5840df6e29b02af1 ab493b705bf16ea1 ae8338f4dcc176a8",
+                              Q = "c37b7e6492584340 bed1220780894115 5068f738",
+                              C = "238bdeaa9b8fa7fc 61f97742e72248ee 5ae6ae5360d1ae6a")
+
+
+        # Test vectors from NISTs set of test vectors for SP800-38F KWP algorithm.
+        # 128 bit key.
+        def test_kwp_ae_128_1(self):
+            self.rfc5649_test(K = "7efb9b3964de316e 7245c86186d98b5f",
+                              Q = "3e",
+                              C = "116a4054c13b7fea de9c22aa57b3caed")
+
+        def test_kwp_ae_128_2(self):
+            self.rfc5649_test(K = "45c770fc26717507 2d70a38269c54685",
+                              Q = "cc5fb15a17795c34",
+                              C = "78ffa3f03b65c55b 812f355730af71ac")
+
+        def test_kwp_ae_128_3(self):
+            self.rfc5649_test(K = "853e2bac0f1e6298 67acea0d2b3c087e",
+                              Q = "49575527bc59530f be",
+                              C = "b43781062eb0317e b2dec6329f2d64de 1c33d85570d57db6")
+
+        def test_kwp_ae_128_4(self):
+            self.rfc5649_test(K = "c03db3cc1416dcd1 c069a195a8d77e3d",
+                              Q = "46f87f58cdda4200 f53d99ce2e49bdb7 6212511fe0cd4d0 b5f37a27d45a288",
+                              C = "57e3b6699c6e8177 59a69492bb7e2cd0 0160d2ebef9bf4d 4eb16fbf798f134 0f6df6558a4fb84cd0")
+
+
+        def test_kwp_ae_256_1(self):
+            self.rfc5649_test(K = "2800f18237cf8d2b a1dfe361784fd751 9b0fdb0ec73e2ab1 c0b966b9173fc5b5",
+                              Q = "ad",
+                              C = "c1eccf2d077a385e 67aaeb35552c893c")
+
+        def test_kwp_ae_256_2(self):
+            self.rfc5649_test(K = "1c997c2bb5a15a45 93e337b3249675d55 7467417917f6bc51 65c9af6a3e29504",
+                              Q = "3e3eafc50cd4e939",
+                              C = "163eb9e7dbc8ed00 86dffbc6ab00e329")
+
+        def test_kwp_ae_256_3(self):
+            self.rfc5649_test(K = "8df1533f99be6fe6 0f951057fed1daccd 14bd4e34118f24af 677bbf46bf11fe7",
+                              Q = "fb36b1f3907fb5ed ce",
+                              C = "6974d7bae0221b4e d91336c26af77e327 61f6024d8bbf292")
+
+        def test_kwp_ae_256_4(self):
+            self.rfc5649_test(K = "dea4667d911b5c9e c996cdb35da0e29bc 996cbfb0e0a56bac 12fccc334d732eb",
+                              Q = "25d58d437a56a733 2a18541333201f992 9fccde11b06844c1 9ba1ca224cfd6",
+                              C = "86d4e258391f15d7 d4f0ab3e15d6f45e6 5dd2f8caf4c67209 63bb8970fc2f3a4 a58dc74674347ec9")
+
+
         def test_loopback_1(self):
             self.loopback_test("!")
 
@@ -219,3 +314,7 @@ if __name__ == "__main__":
             self.assertEqual(I, O, "Input and output plaintext did not match: {!r} <> {!r}".format(I, O))
 
     unittest.main(verbosity = 9)
+
+#======================================================================
+# OEF aes_keywrap.py
+#======================================================================
-- 
cgit v1.2.3