1
2
3
4
5 package fipstest
6
7 import (
8 "bytes"
9 "crypto/internal/fips140/ssh"
10 "crypto/sha256"
11 "encoding/hex"
12 "testing"
13 )
14
15 func TestSSHACVPVector(t *testing.T) {
16
17 K := fromHex("0000010100E534CD9780786AF19994DD68C3FD7FE1E1F77C3938B2005C49B080CF88A63A44079774A36F23BA4D73470CB318C30524854D2F36BAB9A45AD73DBB3BC5DD39A547F62BC921052E102E37F3DD0CD79A04EB46ACC14B823B326096A89E33E8846624188BB3C8F16B320E7BB8F5EB05F080DCEE244A445DBED3A9F3BA8C373D8BE62CDFE2FC5876F30F90F01F0A55E5251B23E0DBBFCFB1450715E329BB00FB222E850DDB11201460B8AEF3FC8965D3B6D3AFBB885A6C11F308F10211B82EA2028C7A84DD0BB8D5D6AC3A48D0C2B93609269C585E03889DB3621993E7F7C09A007FB6B5C06FFA532B0DBF11F71F740D9CD8FAD2532E21B9423BF3D85EE4E396BE32")
18 H := fromHex("8FB22F0864960DA5679FD377248E41C2D0390E5AB3BB7955A3B6C588FB75B20D")
19 sessionID := fromHex("269A512E7B560E13396E0F3F56BDA730E23EE122EE6D59C91C58FB07872BCCCC")
20
21
22 initialIVClient := fromHex("82321D9FE2ACD958D3F55F4D3FF5C79D")
23 initialIVServer := fromHex("03F336F61311770BD5346B41E04CDB1F")
24 encryptionKeyClient := fromHex("20E55008D0120C400F42E5D2E148AB75")
25 encryptionKeyServer := fromHex("8BF4DEBEC96F4ADBBE5BB43828D56E6D")
26 integrityKeyClient := fromHex("15F53BCCE2645D0AD1C539C09BF9054AA3A4B10B71E96B9E3A15672405341BB5")
27 integrityKeyServer := fromHex("00BB773FD63AC7B7281A7B54C130CCAD363EE8928104E67CA5A3211EE3BBAB93")
28
29 gotIVClient, gotKeyClient, gotIntegrityClient := ssh.Keys(
30 sha256.New, ssh.ClientKeys, K, H, sessionID, 16, 16, 32)
31 gotIVServer, gotKeyServer, gotIntegrityServer := ssh.Keys(
32 sha256.New, ssh.ServerKeys, K, H, sessionID, 16, 16, 32)
33
34 if !bytes.Equal(gotIVClient, initialIVClient) {
35 t.Errorf("got IV client %x, want %x", gotIVClient, initialIVClient)
36 }
37 if !bytes.Equal(gotKeyClient, encryptionKeyClient) {
38 t.Errorf("got key client %x, want %x", gotKeyClient, encryptionKeyClient)
39 }
40 if !bytes.Equal(gotIntegrityClient, integrityKeyClient) {
41 t.Errorf("got integrity key client %x, want %x", gotIntegrityClient, integrityKeyClient)
42 }
43 if !bytes.Equal(gotIVServer, initialIVServer) {
44 t.Errorf("got IV server %x, want %x", gotIVServer, initialIVServer)
45 }
46 if !bytes.Equal(gotKeyServer, encryptionKeyServer) {
47 t.Errorf("got key server %x, want %x", gotKeyServer, encryptionKeyServer)
48 }
49 if !bytes.Equal(gotIntegrityServer, integrityKeyServer) {
50 t.Errorf("got integrity key server %x, want %x", gotIntegrityServer, integrityKeyServer)
51 }
52 }
53
54 func fromHex(s string) []byte {
55 b, err := hex.DecodeString(s)
56 if err != nil {
57 panic(err)
58 }
59 return b
60 }
61
View as plain text