diff options
| author | Oren Novotny <oren@novotny.org> | 2018-09-30 08:49:27 -0400 |
|---|---|---|
| committer | Oren Novotny <oren@novotny.org> | 2018-09-30 08:49:27 -0400 |
| commit | 22dcb7ce12fcd9142116aea0e36dffc3ce32b889 (patch) | |
| tree | 4dd606ea73cd53f42d11f4f219575fb07ceb0f88 /crypto/test/src | |
| parent | fix filter (diff) | |
| parent | RFC 8032: Avoid unnecessary doublings in precomputation (diff) | |
| download | BouncyCastle.NET-ed25519-22dcb7ce12fcd9142116aea0e36dffc3ce32b889.tar.xz | |
merge from master
Diffstat (limited to 'crypto/test/src')
20 files changed, 1621 insertions, 308 deletions
diff --git a/crypto/test/src/asn1/test/PrivateKeyInfoTest.cs b/crypto/test/src/asn1/test/PrivateKeyInfoTest.cs new file mode 100644 index 000000000..eb17a54c3 --- /dev/null +++ b/crypto/test/src/asn1/test/PrivateKeyInfoTest.cs @@ -0,0 +1,60 @@ +using System; + +using NUnit.Framework; + +using Org.BouncyCastle.Asn1.Pkcs; +using Org.BouncyCastle.Utilities.Encoders; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Asn1.Tests +{ + [TestFixture] + public class PrivateKeyInfoTest + : SimpleTest + { + private static readonly byte[] priv = Base64.Decode( + "MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC"); + + private static readonly byte[] privWithPub = Base64.Decode( + "MHICAQEwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC" + + "oB8wHQYKKoZIhvcNAQkJFDEPDA1DdXJkbGUgQ2hhaXJzgSEAGb9ECWmEzf6FQbrB" + + "Z9w7lshQhqowtrbLDFw4rXAxZuE="); + + public override string Name + { + get { return "PrivateKeyInfoTest"; } + } + + public override void PerformTest() + { + PrivateKeyInfo privInfo1 = PrivateKeyInfo.GetInstance(priv); + + IsTrue(!privInfo1.HasPublicKey); + + PrivateKeyInfo privInfo2 = new PrivateKeyInfo(privInfo1.PrivateKeyAlgorithm, privInfo1.ParsePrivateKey()); + + IsTrue("enc 1 failed", AreEqual(priv, privInfo2.GetEncoded())); + + privInfo1 = PrivateKeyInfo.GetInstance(privWithPub); + + IsTrue(privInfo1.HasPublicKey); + + privInfo2 = new PrivateKeyInfo(privInfo1.PrivateKeyAlgorithm, privInfo1.ParsePrivateKey(), privInfo1.Attributes, privInfo1.PublicKeyData.GetOctets()); + + IsTrue("enc 2 failed", AreEqual(privWithPub, privInfo2.GetEncoded())); + } + + public static void Main(string[] args) + { + RunTest(new PrivateKeyInfoTest()); + } + + [Test] + public void TestFunction() + { + string resultText = Perform().ToString(); + + Assert.AreEqual(Name + ": Okay", resultText); + } + } +} diff --git a/crypto/test/src/asn1/test/RegressionTest.cs b/crypto/test/src/asn1/test/RegressionTest.cs index f78c0dd72..b62c66b5f 100644 --- a/crypto/test/src/asn1/test/RegressionTest.cs +++ b/crypto/test/src/asn1/test/RegressionTest.cs @@ -51,6 +51,7 @@ namespace Org.BouncyCastle.Asn1.Tests new Pkcs10Test(), new Pkcs12Test(), new PkiFailureInfoTest(), + new PrivateKeyInfoTest(), new ProcurationSyntaxUnitTest(), new ProfessionInfoUnitTest(), new QCStatementUnitTest(), diff --git a/crypto/test/src/crypto/test/Blake2bDigestTest.cs b/crypto/test/src/crypto/test/Blake2bDigestTest.cs index fe2101fee..877c8bc16 100644 --- a/crypto/test/src/crypto/test/Blake2bDigestTest.cs +++ b/crypto/test/src/crypto/test/Blake2bDigestTest.cs @@ -14,226 +14,300 @@ namespace Org.BouncyCastle.Crypto.Tests public class Blake2bDigestTest : SimpleTest { - private static readonly string[][] keyedTestVectors = - { // input/message, key, hash - - // Vectors from BLAKE2 web site: https://blake2.net/blake2b-test.txt - new string[]{ - "", - "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", - "10ebb67700b1868efb4417987acf4690ae9d972fb7a590c2f02871799aaa4786b5e996e8f0f4eb981fc214b005f42d2ff4233499391653df7aefcbc13fc51568" }, - - new string[]{ - "00", - "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", - "961f6dd1e4dd30f63901690c512e78e4b45e4742ed197c3c5e45c549fd25f2e4187b0bc9fe30492b16b0d0bc4ef9b0f34c7003fac09a5ef1532e69430234cebd" }, - - new string[]{ - "0001", - "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", - "da2cfbe2d8409a0f38026113884f84b50156371ae304c4430173d08a99d9fb1b983164a3770706d537f49e0c916d9f32b95cc37a95b99d857436f0232c88a965" }, - - new string[]{ - "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d", - "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", - "f1aa2b044f8f0c638a3f362e677b5d891d6fd2ab0765f6ee1e4987de057ead357883d9b405b9d609eea1b869d97fb16d9b51017c553f3b93c0a1e0f1296fedcd" }, - - new string[]{ - "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3", - "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", - "c230f0802679cb33822ef8b3b21bf7a9a28942092901d7dac3760300831026cf354c9232df3e084d9903130c601f63c1f4a4a4b8106e468cd443bbe5a734f45f" }, - - new string[]{ - "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe", - "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", - "142709d62e28fcccd0af97fad0f8465b971e82201dc51070faa0372aa43e92484be1c1e73ba10906d5d1853db6a4106e0a7bf9800d373d6dee2d46d62ef2a461" } + private static readonly string[,] keyedTestVectors = { // input/message, key, hash + // Vectors from BLAKE2 web site: https://blake2.net/blake2b-test.txt + { + "", + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", + "10ebb67700b1868efb4417987acf4690ae9d972fb7a590c2f02871799aaa4786b5e996e8f0f4eb981fc214b005f42d2ff4233499391653df7aefcbc13fc51568" + }, + { + "00", + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", + "961f6dd1e4dd30f63901690c512e78e4b45e4742ed197c3c5e45c549fd25f2e4187b0bc9fe30492b16b0d0bc4ef9b0f34c7003fac09a5ef1532e69430234cebd" + }, + { + "0001", + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", + "da2cfbe2d8409a0f38026113884f84b50156371ae304c4430173d08a99d9fb1b983164a3770706d537f49e0c916d9f32b95cc37a95b99d857436f0232c88a965" + }, + { + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d", + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", + "f1aa2b044f8f0c638a3f362e677b5d891d6fd2ab0765f6ee1e4987de057ead357883d9b405b9d609eea1b869d97fb16d9b51017c553f3b93c0a1e0f1296fedcd" + }, + { + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3", + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", + "c230f0802679cb33822ef8b3b21bf7a9a28942092901d7dac3760300831026cf354c9232df3e084d9903130c601f63c1f4a4a4b8106e468cd443bbe5a734f45f" + }, + { + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe", + "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f", + "142709d62e28fcccd0af97fad0f8465b971e82201dc51070faa0372aa43e92484be1c1e73ba10906d5d1853db6a4106e0a7bf9800d373d6dee2d46d62ef2a461" + } }; - private static readonly string[][] unkeyedTestVectors = - { // from: http://fossies.org/linux/john/src/rawBLAKE2_512_fmt_plug.c - // hash, input/message - // digests without leading $BLAKE2$ - new string[]{ - "4245af08b46fbb290222ab8a68613621d92ce78577152d712467742417ebc1153668f1c9e1ec1e152a32a9c242dc686d175e087906377f0c483c5be2cb68953e", - "blake2" }, - new string[]{ - "021ced8799296ceca557832ab941a50b4a11f83478cf141f51f933f653ab9fbcc05a037cddbed06e309bf334942c4e58cdf1a46e237911ccd7fcf9787cbc7fd0", - "hello world" }, - new string[]{ - "1f7d9b7c9a90f7bfc66e52b69f3b6c3befbd6aee11aac860e99347a495526f30c9e51f6b0db01c24825092a09dd1a15740f0ade8def87e60c15da487571bcef7", - "verystrongandlongpassword" }, - new string[]{ - "a8add4bdddfd93e4877d2746e62817b116364a1fa7bc148d95090bc7333b3673f82401cf7aa2e4cb1ecd90296e3f14cb5413f8ed77be73045b13914cdcd6a918", - "The quick brown fox jumps over the lazy dog" }, - new string[]{ - "786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce", - "" }, - new string[]{ - "ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923", - "abc" }, - }; - - public override string Name - { - get { return "BLAKE2b"; } - } - - private void offsetTest( - IDigest digest, - byte[] input, - byte[] expected) - { - byte[] resBuf = new byte[expected.Length + 11]; - - digest.BlockUpdate(input, 0, input.Length); + // from: http://fossies.org/linux/john/src/rawBLAKE2_512_fmt_plug.c + private static readonly string[,] unkeyedTestVectors = { // hash, input/message + // digests without leading $BLAKE2$ + { + "4245af08b46fbb290222ab8a68613621d92ce78577152d712467742417ebc1153668f1c9e1ec1e152a32a9c242dc686d175e087906377f0c483c5be2cb68953e", + "blake2" + }, + { + "021ced8799296ceca557832ab941a50b4a11f83478cf141f51f933f653ab9fbcc05a037cddbed06e309bf334942c4e58cdf1a46e237911ccd7fcf9787cbc7fd0", + "hello world" + }, + { + "1f7d9b7c9a90f7bfc66e52b69f3b6c3befbd6aee11aac860e99347a495526f30c9e51f6b0db01c24825092a09dd1a15740f0ade8def87e60c15da487571bcef7", + "verystrongandlongpassword" + }, + { + "a8add4bdddfd93e4877d2746e62817b116364a1fa7bc148d95090bc7333b3673f82401cf7aa2e4cb1ecd90296e3f14cb5413f8ed77be73045b13914cdcd6a918", + "The quick brown fox jumps over the lazy dog" + }, + { + "786a02f742015903c6c6fd852552d272912f4740e15847618a86e217f71f5419d25e1031afee585313896444934eb04b903a685b1448b755d56f701afe9be2ce", + "" + }, + { + "ba80a53f981c4d0d6a2797b69f12f6e94c212f14685ac4b74b12bb6fdbffa2d17d87c5392aab792dc252d5de4533cc9518d38aa8dbf1925ab92386edd4009923", + "abc" + }, + }; + + public override string Name + { + get { return "BLAKE2b"; } + } + + private void offsetTest( + IDigest digest, + byte[] input, + byte[] expected) + { + byte[] resBuf = new byte[expected.Length + 11]; + + digest.BlockUpdate(input, 0, input.Length); digest.DoFinal(resBuf, 11); - if (!AreEqual(Arrays.CopyOfRange(resBuf, 11, resBuf.Length), expected)) - { - Fail("Offset failed got " + Hex.ToHexString(resBuf)); - } - } - - public override void PerformTest() - { - // test keyed test vectors: - - Blake2bDigest blake2bkeyed = new Blake2bDigest(Hex.Decode(keyedTestVectors[0][1])); - for (int tv = 0; tv < keyedTestVectors.Length; tv++) - { - - byte[] input = Hex.Decode(keyedTestVectors[tv][0]); - blake2bkeyed.Reset(); - - blake2bkeyed.BlockUpdate(input, 0, input.Length); - byte[] keyedHash = new byte[64]; - blake2bkeyed.DoFinal(keyedHash, 0); - - if (!Arrays.AreEqual(Hex.Decode(keyedTestVectors[tv][2]), keyedHash)) - { - Fail("BLAKE2b mismatch on test vector ", - keyedTestVectors[tv][2], - Hex.ToHexString(keyedHash)); - } - - offsetTest(blake2bkeyed, input, keyedHash); - } - - Blake2bDigest blake2bunkeyed = new Blake2bDigest(); - // test unkeyed test vectors: - for (int i = 0; i < unkeyedTestVectors.Length; i++) - { - // blake2bunkeyed.update( - // unkeyedTestVectors[i][1].getBytes("UTF-8")); - // test update(byte b) - byte[] unkeyedInput = Encoding.UTF8.GetBytes(unkeyedTestVectors[i][1]); - for (int j = 0; j < unkeyedInput.Length; j++) - { - blake2bunkeyed.Update(unkeyedInput[j]); - } + if (!AreEqual(Arrays.CopyOfRange(resBuf, 11, resBuf.Length), expected)) + { + Fail("Offset failed got " + Hex.ToHexString(resBuf)); + } + } + + public override void PerformTest() + { + // test keyed test vectors: + + Blake2bDigest blake2bkeyed = new Blake2bDigest(Hex.Decode(keyedTestVectors[0, 1])); + for (int tv = 0; tv < keyedTestVectors.GetLength(0); tv++) + { + byte[] input = Hex.Decode(keyedTestVectors[tv, 0]); + blake2bkeyed.Reset(); + + blake2bkeyed.BlockUpdate(input, 0, input.Length); + byte[] keyedHash = new byte[64]; + blake2bkeyed.DoFinal(keyedHash, 0); + + if (!Arrays.AreEqual(Hex.Decode(keyedTestVectors[tv, 2]), keyedHash)) + { + Fail("BLAKE2b mismatch on test vector ", keyedTestVectors[tv, 2], Hex.ToHexString(keyedHash)); + } + + offsetTest(blake2bkeyed, input, keyedHash); + } + + Blake2bDigest blake2bunkeyed = new Blake2bDigest(); + // test unkeyed test vectors: + for (int i = 0; i < unkeyedTestVectors.GetLength(0); i++) + { + // test update(byte b) + byte[] unkeyedInput = Encoding.UTF8.GetBytes(unkeyedTestVectors[i, 1]); + for (int j = 0; j < unkeyedInput.Length; j++) + { + blake2bunkeyed.Update(unkeyedInput[j]); + } byte[] unkeyedHash = new byte[64]; - blake2bunkeyed.DoFinal(unkeyedHash, 0); - blake2bunkeyed.Reset(); - - if (!Arrays.AreEqual(Hex.Decode(unkeyedTestVectors[i][0]), - unkeyedHash)) - { - Fail("BLAKE2b mismatch on test vector ", - unkeyedTestVectors[i][0], - Hex.ToHexString(unkeyedHash)); - } - } - - cloneTest(); - resetTest(); - } - - private void cloneTest() - { - Blake2bDigest blake2bCloneSource = new Blake2bDigest(Hex.Decode(keyedTestVectors[3][1]), 16, Hex.Decode("000102030405060708090a0b0c0d0e0f"), Hex.Decode("101112131415161718191a1b1c1d1e1f")); - byte[] expected = Hex.Decode("b6d48ed5771b17414c4e08bd8d8a3bc4"); - - checkClone(blake2bCloneSource, expected); - - // just digest size - blake2bCloneSource = new Blake2bDigest(160); - expected = Hex.Decode("64202454e538279b21cea0f5a7688be656f8f484"); - checkClone(blake2bCloneSource, expected); - - // null salt and personalisation - blake2bCloneSource = new Blake2bDigest(Hex.Decode(keyedTestVectors[3][1]), 16, null, null); - expected = Hex.Decode("2b4a081fae2d7b488f5eed7e83e42a20"); - checkClone(blake2bCloneSource, expected); - - // null personalisation - blake2bCloneSource = new Blake2bDigest(Hex.Decode(keyedTestVectors[3][1]), 16, Hex.Decode("000102030405060708090a0b0c0d0e0f"), null); - expected = Hex.Decode("00c3a2a02fcb9f389857626e19d706f6"); - checkClone(blake2bCloneSource, expected); - - // null salt - blake2bCloneSource = new Blake2bDigest(Hex.Decode(keyedTestVectors[3][1]), 16, null, Hex.Decode("101112131415161718191a1b1c1d1e1f")); - expected = Hex.Decode("f445ec9c062a3c724f8fdef824417abb"); - checkClone(blake2bCloneSource, expected); - } - - private void checkClone(Blake2bDigest blake2bCloneSource, byte[] expected) - { - byte[] message = Hex.Decode(keyedTestVectors[3][0]); - - blake2bCloneSource.BlockUpdate(message, 0, message.Length); - - byte[] hash = new byte[blake2bCloneSource.GetDigestSize()]; - - Blake2bDigest digClone = new Blake2bDigest(blake2bCloneSource); - - blake2bCloneSource.DoFinal(hash, 0); - if (!AreEqual(expected, hash)) - { - Fail("clone source not correct"); - } - - digClone.DoFinal(hash, 0); - if (!AreEqual(expected, hash)) - { - Fail("clone not correct"); - } - } - - private void resetTest() - { - // Generate a non-zero key - byte[] key = new byte[32]; - for (byte i = 0; i < key.Length; i++) - { - key[i] = i; - } - // Generate some non-zero input longer than the key - byte[] input = new byte[key.Length + 1]; - for (byte i = 0; i < input.Length; i++) - { - input[i] = i; - } - // Hash the input - Blake2bDigest digest = new Blake2bDigest(key); + blake2bunkeyed.DoFinal(unkeyedHash, 0); + blake2bunkeyed.Reset(); + + if (!Arrays.AreEqual(Hex.Decode(unkeyedTestVectors[i, 0]), unkeyedHash)) + { + Fail("BLAKE2b mismatch on test vector ", unkeyedTestVectors[i, 0], Hex.ToHexString(unkeyedHash)); + } + } + + CloneTest(); + ResetTest(); + DoTestNullKeyVsUnkeyed(); + DoTestLengthConstruction(); + } + + private void CloneTest() + { + Blake2bDigest blake2bCloneSource = new Blake2bDigest(Hex.Decode(keyedTestVectors[3, 1]), 16, + Hex.Decode("000102030405060708090a0b0c0d0e0f"), Hex.Decode("101112131415161718191a1b1c1d1e1f")); + byte[] expected = Hex.Decode("b6d48ed5771b17414c4e08bd8d8a3bc4"); + + CheckClone(blake2bCloneSource, expected); + + // just digest size + blake2bCloneSource = new Blake2bDigest(160); + expected = Hex.Decode("64202454e538279b21cea0f5a7688be656f8f484"); + CheckClone(blake2bCloneSource, expected); + + // null salt and personalisation + blake2bCloneSource = new Blake2bDigest(Hex.Decode(keyedTestVectors[3, 1]), 16, null, null); + expected = Hex.Decode("2b4a081fae2d7b488f5eed7e83e42a20"); + CheckClone(blake2bCloneSource, expected); + + // null personalisation + blake2bCloneSource = new Blake2bDigest(Hex.Decode(keyedTestVectors[3, 1]), 16, Hex.Decode("000102030405060708090a0b0c0d0e0f"), null); + expected = Hex.Decode("00c3a2a02fcb9f389857626e19d706f6"); + CheckClone(blake2bCloneSource, expected); + + // null salt + blake2bCloneSource = new Blake2bDigest(Hex.Decode(keyedTestVectors[3, 1]), 16, null, Hex.Decode("101112131415161718191a1b1c1d1e1f")); + expected = Hex.Decode("f445ec9c062a3c724f8fdef824417abb"); + CheckClone(blake2bCloneSource, expected); + } + + private void CheckClone(Blake2bDigest blake2bCloneSource, byte[] expected) + { + byte[] message = Hex.Decode(keyedTestVectors[3, 0]); + + blake2bCloneSource.BlockUpdate(message, 0, message.Length); + + byte[] hash = new byte[blake2bCloneSource.GetDigestSize()]; + + Blake2bDigest digClone = new Blake2bDigest(blake2bCloneSource); + + blake2bCloneSource.DoFinal(hash, 0); + if (!AreEqual(expected, hash)) + { + Fail("clone source not correct"); + } + + digClone.DoFinal(hash, 0); + if (!AreEqual(expected, hash)) + { + Fail("clone not correct"); + } + } + + private void DoTestLengthConstruction() + { + try + { + new Blake2bDigest(-1); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("BLAKE2b digest bit length must be a multiple of 8 and not greater than 512", e.Message); + } + + try + { + new Blake2bDigest(9); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("BLAKE2b digest bit length must be a multiple of 8 and not greater than 512", e.Message); + } + + try + { + new Blake2bDigest(520); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("BLAKE2b digest bit length must be a multiple of 8 and not greater than 512", e.Message); + } + + try + { + new Blake2bDigest(null, -1, null, null); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("Invalid digest length (required: 1 - 64)", e.Message); + } + + try + { + new Blake2bDigest(null, 65, null, null); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("Invalid digest length (required: 1 - 64)", e.Message); + } + } + + private void DoTestNullKeyVsUnkeyed() + { + byte[] abc = Strings.ToByteArray("abc"); + + for (int i = 1; i != 64; i++) + { + Blake2bDigest dig1 = new Blake2bDigest(i * 8); + Blake2bDigest dig2 = new Blake2bDigest(null, i, null, null); + + byte[] out1 = new byte[i]; + byte[] out2 = new byte[i]; + + dig1.BlockUpdate(abc, 0, abc.Length); + dig2.BlockUpdate(abc, 0, abc.Length); + + dig1.DoFinal(out1, 0); + dig2.DoFinal(out2, 0); + + IsTrue(Arrays.AreEqual(out1, out2)); + } + } + + private void ResetTest() + { + // Generate a non-zero key + byte[] key = new byte[32]; + for (byte i = 0; i < key.Length; i++) + { + key[i] = i; + } + // Generate some non-zero input longer than the key + byte[] input = new byte[key.Length + 1]; + for (byte i = 0; i < input.Length; i++) + { + input[i] = i; + } + // Hash the input + Blake2bDigest digest = new Blake2bDigest(key); digest.BlockUpdate(input, 0, input.Length); - byte[] hash = new byte[digest.GetDigestSize()]; - digest.DoFinal(hash, 0); - // Using a second instance, hash the input without calling doFinal() - Blake2bDigest digest1 = new Blake2bDigest(key); + byte[] hash = new byte[digest.GetDigestSize()]; + digest.DoFinal(hash, 0); + // Using a second instance, hash the input without calling doFinal() + Blake2bDigest digest1 = new Blake2bDigest(key); + digest1.BlockUpdate(input, 0, input.Length); + // Reset the second instance and hash the input again + digest1.Reset(); digest1.BlockUpdate(input, 0, input.Length); - // Reset the second instance and hash the input again - digest1.Reset(); - digest1.BlockUpdate(input, 0, input.Length); - byte[] hash1 = new byte[digest.GetDigestSize()]; - digest1.DoFinal(hash1, 0); - // The hashes should be identical - if (!Arrays.AreEqual(hash, hash1)) - { - Fail("state was not reset"); - } - } + byte[] hash1 = new byte[digest.GetDigestSize()]; + digest1.DoFinal(hash1, 0); + // The hashes should be identical + if (!Arrays.AreEqual(hash, hash1)) + { + Fail("state was not reset"); + } + } public static void MainOld(string[] args) { diff --git a/crypto/test/src/crypto/test/Blake2sDigestTest.cs b/crypto/test/src/crypto/test/Blake2sDigestTest.cs index f7c2c44fc..36ca7bce3 100644 --- a/crypto/test/src/crypto/test/Blake2sDigestTest.cs +++ b/crypto/test/src/crypto/test/Blake2sDigestTest.cs @@ -15,34 +15,33 @@ namespace Org.BouncyCastle.Crypto.Tests : SimpleTest { // Vectors from BLAKE2 web site: https://blake2.net/blake2s-test.txt - private static readonly string[][] keyedTestVectors = { - // input/message, key, hash - new string[]{ + private static readonly string[,] keyedTestVectors = { // input/message, key, hash + { "", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "48a8997da407876b3d79c0d92325ad3b89cbb754d86ab71aee047ad345fd2c49", }, - new string[]{ + { "00", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "40d15fee7c328830166ac3f918650f807e7e01e177258cdc0a39b11f598066f1", }, - new string[]{ + { "0001", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "6bb71300644cd3991b26ccd4d274acd1adeab8b1d7914546c1198bbe9fc9d803", }, - new string[]{ + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "172ffc67153d12e0ca76a8b6cd5d4731885b39ce0cac93a8972a18006c8b8baf", }, - new string[]{ + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "4f8ce1e51d2fe7f24043a904d898ebfc91975418753413aa099b795ecb35cedb", }, - new string[]{ + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "3fb735061abc519dfe979e54c1ee5bfad0a9d858b3315bad34bde999efd724dd", @@ -56,38 +55,32 @@ namespace Org.BouncyCastle.Crypto.Tests public void DoTestDigestWithKeyedTestVectors() { - Blake2sDigest digest = new Blake2sDigest(Hex.Decode( - keyedTestVectors[0][1])); - for (int i = 0; i != keyedTestVectors.Length; i++) + Blake2sDigest digest = new Blake2sDigest(Hex.Decode(keyedTestVectors[0, 1])); + for (int i = 0; i != keyedTestVectors.GetLength(0); i++) { - String[] keyedTestVector = keyedTestVectors[i]; - byte[] input = Hex.Decode(keyedTestVector[0]); + byte[] input = Hex.Decode(keyedTestVectors[i, 0]); digest.Reset(); digest.BlockUpdate(input, 0, input.Length); byte[] hash = new byte[32]; digest.DoFinal(hash, 0); - if (!AreEqual(Hex.Decode(keyedTestVector[2]), hash)) + if (!AreEqual(Hex.Decode(keyedTestVectors[i, 2]), hash)) { - Fail("BLAKE2s mismatch on test vector ", - keyedTestVector[2], - Hex.ToHexString(hash)); + Fail("BLAKE2s mismatch on test vector ", keyedTestVectors[i, 2], Hex.ToHexString(hash)); } } } public void DoTestDigestWithKeyedTestVectorsAndRandomUpdate() { - Blake2sDigest digest = new Blake2sDigest(Hex.Decode( - keyedTestVectors[0][1])); + Blake2sDigest digest = new Blake2sDigest(Hex.Decode(keyedTestVectors[0, 1])); Random random = new Random(); for (int i = 0; i < 100; i++) { - for (int j = 0; j != keyedTestVectors.Length; j++) + for (int j = 0; j != keyedTestVectors.GetLength(0); j++) { - String[] keyedTestVector = keyedTestVectors[j]; - byte[] input = Hex.Decode(keyedTestVector[0]); + byte[] input = Hex.Decode(keyedTestVectors[j, 0]); if (input.Length < 3) { continue; @@ -108,16 +101,89 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] hash = new byte[32]; digest.DoFinal(hash, 0); - if (!AreEqual(Hex.Decode(keyedTestVector[2]), hash)) + if (!AreEqual(Hex.Decode(keyedTestVectors[j, 2]), hash)) { - Fail("BLAKE2s mismatch on test vector ", - keyedTestVector[2], - Hex.ToHexString(hash)); + Fail("BLAKE2s mismatch on test vector ", keyedTestVectors[j, 2], Hex.ToHexString(hash)); } } } } + private void DoTestLengthConstruction() + { + try + { + new Blake2sDigest(-1); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("BLAKE2s digest bit length must be a multiple of 8 and not greater than 256", e.Message); + } + + try + { + new Blake2sDigest(9); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("BLAKE2s digest bit length must be a multiple of 8 and not greater than 256", e.Message); + } + + try + { + new Blake2sDigest(512); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("BLAKE2s digest bit length must be a multiple of 8 and not greater than 256", e.Message); + } + + try + { + new Blake2sDigest(null, -1, null, null); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("Invalid digest length (required: 1 - 32)", e.Message); + } + + try + { + new Blake2sDigest(null, 33, null, null); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("Invalid digest length (required: 1 - 32)", e.Message); + } + } + + private void DoTestNullKeyVsUnkeyed() + { + byte[] abc = Strings.ToByteArray("abc"); + + for (int i = 1; i != 32; i++) + { + Blake2sDigest dig1 = new Blake2sDigest(i * 8); + Blake2sDigest dig2 = new Blake2sDigest(null, i, null, null); + + byte[] out1 = new byte[i]; + byte[] out2 = new byte[i]; + + dig1.BlockUpdate(abc, 0, abc.Length); + dig2.BlockUpdate(abc, 0, abc.Length); + + dig1.DoFinal(out1, 0); + dig2.DoFinal(out2, 0); + + IsTrue(Arrays.AreEqual(out1, out2)); + } + } + public void DoTestReset() { // Generate a non-zero key @@ -225,6 +291,8 @@ namespace Org.BouncyCastle.Crypto.Tests DoTestDigestWithKeyedTestVectorsAndRandomUpdate(); DoTestReset(); RunSelfTest(); + DoTestNullKeyVsUnkeyed(); + DoTestLengthConstruction(); } public static void MainOld(string[] args) diff --git a/crypto/test/src/crypto/test/Ed25519Test.cs b/crypto/test/src/crypto/test/Ed25519Test.cs new file mode 100644 index 000000000..82e36d991 --- /dev/null +++ b/crypto/test/src/crypto/test/Ed25519Test.cs @@ -0,0 +1,111 @@ +using System; + +using NUnit.Framework; + +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Crypto.Signers; +using Org.BouncyCastle.Math.EC.Rfc8032; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Crypto.Tests +{ + [TestFixture] + public class Ed25519Test + : SimpleTest + { + private static readonly SecureRandom Random = new SecureRandom(); + + public override string Name + { + get { return "Ed25519"; } + } + + public static void Main(string[] args) + { + RunTest(new Ed25519Test()); + } + + [Test] + public void TestFunction() + { + string resultText = Perform().ToString(); + + Assert.AreEqual(Name + ": Okay", resultText); + } + + public override void PerformTest() + { + for (int i = 0; i < 10; ++i) + { + DoTestConsistency(Ed25519.Algorithm.Ed25519, null); + + byte[] context = RandomContext(Random.NextInt() & 255); + DoTestConsistency(Ed25519.Algorithm.Ed25519ctx, context); + DoTestConsistency(Ed25519.Algorithm.Ed25519ph, context); + } + } + + private ISigner CreateSigner(Ed25519.Algorithm algorithm, byte[] context) + { + switch (algorithm) + { + case Ed25519.Algorithm.Ed25519: + return new Ed25519Signer(); + case Ed25519.Algorithm.Ed25519ctx: + return new Ed25519ctxSigner(context); + case Ed25519.Algorithm.Ed25519ph: + return new Ed25519phSigner(context); + default: + throw new ArgumentException("algorithm"); + } + } + + private byte[] RandomContext(int length) + { + byte[] context = new byte[length]; + Random.NextBytes(context); + return context; + } + + private void DoTestConsistency(Ed25519.Algorithm algorithm, byte[] context) + { + Ed25519KeyPairGenerator kpg = new Ed25519KeyPairGenerator(); + kpg.Init(new Ed25519KeyGenerationParameters(Random)); + + AsymmetricCipherKeyPair kp = kpg.GenerateKeyPair(); + Ed25519PrivateKeyParameters privateKey = (Ed25519PrivateKeyParameters)kp.Private; + Ed25519PublicKeyParameters publicKey = (Ed25519PublicKeyParameters)kp.Public; + + byte[] msg = new byte[Random.NextInt() & 255]; + Random.NextBytes(msg); + + ISigner signer = CreateSigner(algorithm, context); + signer.Init(true, privateKey); + signer.BlockUpdate(msg, 0, msg.Length); + byte[] signature = signer.GenerateSignature(); + + ISigner verifier = CreateSigner(algorithm, context); + verifier.Init(false, publicKey); + verifier.BlockUpdate(msg, 0, msg.Length); + bool shouldVerify = verifier.VerifySignature(signature); + + if (!shouldVerify) + { + Fail("Ed25519(" + algorithm + ") signature failed to verify"); + } + + signature[Random.Next() % signature.Length] ^= (byte)(1 << (Random.NextInt() & 7)); + + verifier.Init(false, publicKey); + verifier.BlockUpdate(msg, 0, msg.Length); + bool shouldNotVerify = verifier.VerifySignature(signature); + + if (shouldNotVerify) + { + Fail("Ed25519(" + algorithm + ") bad signature incorrectly verified"); + } + } + } +} diff --git a/crypto/test/src/crypto/test/Ed448Test.cs b/crypto/test/src/crypto/test/Ed448Test.cs new file mode 100644 index 000000000..b035f554e --- /dev/null +++ b/crypto/test/src/crypto/test/Ed448Test.cs @@ -0,0 +1,107 @@ +using System; + +using NUnit.Framework; + +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Crypto.Signers; +using Org.BouncyCastle.Math.EC.Rfc8032; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Crypto.Tests +{ + [TestFixture] + public class Ed448Test + : SimpleTest + { + private static readonly SecureRandom Random = new SecureRandom(); + + public override string Name + { + get { return "Ed448"; } + } + + public static void Main(string[] args) + { + RunTest(new Ed448Test()); + } + + [Test] + public void TestFunction() + { + string resultText = Perform().ToString(); + + Assert.AreEqual(Name + ": Okay", resultText); + } + + public override void PerformTest() + { + for (int i = 0; i < 10; ++i) + { + byte[] context = RandomContext(Random.NextInt() & 255); + DoTestConsistency(Ed448.Algorithm.Ed448, context); + DoTestConsistency(Ed448.Algorithm.Ed448ph, context); + } + } + + private ISigner CreateSigner(Ed448.Algorithm algorithm, byte[] context) + { + switch (algorithm) + { + case Ed448.Algorithm.Ed448: + return new Ed448Signer(context); + case Ed448.Algorithm.Ed448ph: + return new Ed448phSigner(context); + default: + throw new ArgumentException("algorithm"); + } + } + + private byte[] RandomContext(int length) + { + byte[] context = new byte[length]; + Random.NextBytes(context); + return context; + } + + private void DoTestConsistency(Ed448.Algorithm algorithm, byte[] context) + { + Ed448KeyPairGenerator kpg = new Ed448KeyPairGenerator(); + kpg.Init(new Ed448KeyGenerationParameters(Random)); + + AsymmetricCipherKeyPair kp = kpg.GenerateKeyPair(); + Ed448PrivateKeyParameters privateKey = (Ed448PrivateKeyParameters)kp.Private; + Ed448PublicKeyParameters publicKey = (Ed448PublicKeyParameters)kp.Public; + + byte[] msg = new byte[Random.NextInt() & 255]; + Random.NextBytes(msg); + + ISigner signer = CreateSigner(algorithm, context); + signer.Init(true, privateKey); + signer.BlockUpdate(msg, 0, msg.Length); + byte[] signature = signer.GenerateSignature(); + + ISigner verifier = CreateSigner(algorithm, context); + verifier.Init(false, publicKey); + verifier.BlockUpdate(msg, 0, msg.Length); + bool shouldVerify = verifier.VerifySignature(signature); + + if (!shouldVerify) + { + Fail("Ed448(" + algorithm + ") signature failed to verify"); + } + + signature[Random.Next() % signature.Length] ^= (byte)(1 << (Random.NextInt() & 7)); + + verifier.Init(false, publicKey); + verifier.BlockUpdate(msg, 0, msg.Length); + bool shouldNotVerify = verifier.VerifySignature(signature); + + if (shouldNotVerify) + { + Fail("Ed448(" + algorithm + ") bad signature incorrectly verified"); + } + } + } +} diff --git a/crypto/test/src/crypto/test/RFC3211WrapTest.cs b/crypto/test/src/crypto/test/RFC3211WrapTest.cs index c129bc896..bb9304851 100644 --- a/crypto/test/src/crypto/test/RFC3211WrapTest.cs +++ b/crypto/test/src/crypto/test/RFC3211WrapTest.cs @@ -115,7 +115,7 @@ namespace Org.BouncyCastle.Crypto.Tests } catch (InvalidCipherTextException e) { - if (!e.Message.Equals("wrapped key fails checksum")) + if (!e.Message.Equals("wrapped key corrupted")) { Fail("wrong exception"); } diff --git a/crypto/test/src/crypto/test/RegressionTest.cs b/crypto/test/src/crypto/test/RegressionTest.cs index 1e2255147..d4bd8a628 100644 --- a/crypto/test/src/crypto/test/RegressionTest.cs +++ b/crypto/test/src/crypto/test/RegressionTest.cs @@ -133,6 +133,11 @@ namespace Org.BouncyCastle.Crypto.Tests new SM2EngineTest(), new SM2KeyExchangeTest(), new SM2SignerTest(), + new SM4Test(), + new X25519Test(), + new X448Test(), + new Ed25519Test(), + new Ed448Test(), }; public static void MainOld(string[] args) diff --git a/crypto/test/src/crypto/test/SM4Test.cs b/crypto/test/src/crypto/test/SM4Test.cs new file mode 100644 index 000000000..ae2f18b00 --- /dev/null +++ b/crypto/test/src/crypto/test/SM4Test.cs @@ -0,0 +1,93 @@ +using System; + +using NUnit.Framework; + +using Org.BouncyCastle.Crypto.Engines; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Utilities.Encoders; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Crypto.Tests +{ + /** + * SM4 tester, vectors from <a href="http://eprint.iacr.org/2008/329.pdf">http://eprint.iacr.org/2008/329.pdf</a> + */ + [TestFixture] + public class SM4Test + : CipherTest + { + static SimpleTest[] tests = + { + new BlockCipherVectorTest(0, new SM4Engine(), + new KeyParameter(Hex.Decode("0123456789abcdeffedcba9876543210")), + "0123456789abcdeffedcba9876543210", + "681edf34d206965e86b3e94f536e4246") + }; + + public SM4Test() + : base(tests, new SM4Engine(), new KeyParameter(new byte[16])) + { + } + + public override void PerformTest() + { + base.PerformTest(); + + DoTest1000000(); + } + + private void DoTest1000000() + { + byte[] plain = Hex.Decode("0123456789abcdeffedcba9876543210"); + byte[] key = Hex.Decode("0123456789abcdeffedcba9876543210"); + byte[] cipher = Hex.Decode("595298c7c6fd271f0402f804c33d3f66"); + byte[] buf = new byte[16]; + + IBlockCipher engine = new SM4Engine(); + + engine.Init(true, new KeyParameter(key)); + + Array.Copy(plain, 0, buf, 0, buf.Length); + + for (int i = 0; i != 1000000; i++) + { + engine.ProcessBlock(buf, 0, buf, 0); + } + + if (!AreEqual(cipher, buf)) + { + Fail("1000000 encryption test failed"); + } + + engine.Init(false, new KeyParameter(key)); + + for (int i = 0; i != 1000000; i++) + { + engine.ProcessBlock(buf, 0, buf, 0); + } + + if (!AreEqual(plain, buf)) + { + Fail("1000000 decryption test failed"); + } + } + + public override string Name + { + get { return "SM4"; } + } + + public static void Main(string[] args) + { + RunTest(new SM4Test()); + } + + [Test] + public void TestFunction() + { + string resultText = Perform().ToString(); + + Assert.AreEqual(Name + ": Okay", resultText); + } + } +} diff --git a/crypto/test/src/crypto/test/X25519Test.cs b/crypto/test/src/crypto/test/X25519Test.cs new file mode 100644 index 000000000..29466e0c6 --- /dev/null +++ b/crypto/test/src/crypto/test/X25519Test.cs @@ -0,0 +1,69 @@ +using System; + +using NUnit.Framework; + +using Org.BouncyCastle.Crypto.Agreement; +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Crypto.Tests +{ + [TestFixture] + public class X25519Test + : SimpleTest + { + private static readonly SecureRandom Random = new SecureRandom(); + + public override string Name + { + get { return "X25519"; } + } + + public static void Main(string[] args) + { + RunTest(new X25519Test()); + } + + [Test] + public void TestFunction() + { + string resultText = Perform().ToString(); + + Assert.AreEqual(Name + ": Okay", resultText); + } + + public override void PerformTest() + { + for (int i = 0; i < 10; ++i) + { + DoTestAgreement(); + } + } + + private void DoTestAgreement() + { + IAsymmetricCipherKeyPairGenerator kpGen = new X25519KeyPairGenerator(); + kpGen.Init(new X25519KeyGenerationParameters(Random)); + + AsymmetricCipherKeyPair kpA = kpGen.GenerateKeyPair(); + AsymmetricCipherKeyPair kpB = kpGen.GenerateKeyPair(); + + X25519Agreement agreeA = new X25519Agreement(); + agreeA.Init(kpA.Private); + byte[] secretA = new byte[agreeA.AgreementSize]; + agreeA.CalculateAgreement(kpB.Public, secretA, 0); + + X25519Agreement agreeB = new X25519Agreement(); + agreeB.Init(kpB.Private); + byte[] secretB = new byte[agreeB.AgreementSize]; + agreeB.CalculateAgreement(kpA.Public, secretB, 0); + + if (!AreEqual(secretA, secretB)) + { + Fail("X25519 agreement failed"); + } + } + } +} diff --git a/crypto/test/src/crypto/test/X448Test.cs b/crypto/test/src/crypto/test/X448Test.cs new file mode 100644 index 000000000..5d4b14b63 --- /dev/null +++ b/crypto/test/src/crypto/test/X448Test.cs @@ -0,0 +1,69 @@ +using System; + +using NUnit.Framework; + +using Org.BouncyCastle.Crypto.Agreement; +using Org.BouncyCastle.Crypto.Generators; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Crypto.Tests +{ + [TestFixture] + public class X448Test + : SimpleTest + { + private static readonly SecureRandom Random = new SecureRandom(); + + public override string Name + { + get { return "X448"; } + } + + public static void Main(string[] args) + { + RunTest(new X448Test()); + } + + [Test] + public void TestFunction() + { + string resultText = Perform().ToString(); + + Assert.AreEqual(Name + ": Okay", resultText); + } + + public override void PerformTest() + { + for (int i = 0; i < 10; ++i) + { + DoTestAgreement(); + } + } + + private void DoTestAgreement() + { + IAsymmetricCipherKeyPairGenerator kpGen = new X448KeyPairGenerator(); + kpGen.Init(new X448KeyGenerationParameters(Random)); + + AsymmetricCipherKeyPair kpA = kpGen.GenerateKeyPair(); + AsymmetricCipherKeyPair kpB = kpGen.GenerateKeyPair(); + + X448Agreement agreeA = new X448Agreement(); + agreeA.Init(kpA.Private); + byte[] secretA = new byte[agreeA.AgreementSize]; + agreeA.CalculateAgreement(kpB.Public, secretA, 0); + + X448Agreement agreeB = new X448Agreement(); + agreeB.Init(kpB.Private); + byte[] secretB = new byte[agreeB.AgreementSize]; + agreeB.CalculateAgreement(kpA.Public, secretB, 0); + + if (!AreEqual(secretA, secretB)) + { + Fail("X448 agreement failed"); + } + } + } +} diff --git a/crypto/test/src/math/ec/rfc7748/test/X25519Test.cs b/crypto/test/src/math/ec/rfc7748/test/X25519Test.cs index 89c325fd5..562e0e423 100644 --- a/crypto/test/src/math/ec/rfc7748/test/X25519Test.cs +++ b/crypto/test/src/math/ec/rfc7748/test/X25519Test.cs @@ -22,10 +22,10 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748.Tests [Test] public void TestConsistency() { - byte[] u = new byte[32]; u[0] = 9; - byte[] k = new byte[32]; - byte[] rF = new byte[32]; - byte[] rV = new byte[32]; + byte[] u = new byte[X25519.PointSize]; u[0] = 9; + byte[] k = new byte[X25519.ScalarSize]; + byte[] rF = new byte[X25519.PointSize]; + byte[] rV = new byte[X25519.PointSize]; for (int i = 1; i <= 100; ++i) { @@ -39,12 +39,12 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748.Tests [Test] public void TestECDH() { - byte[] kA = new byte[32]; - byte[] kB = new byte[32]; - byte[] qA = new byte[32]; - byte[] qB = new byte[32]; - byte[] sA = new byte[32]; - byte[] sB = new byte[32]; + byte[] kA = new byte[X25519.ScalarSize]; + byte[] kB = new byte[X25519.ScalarSize]; + byte[] qA = new byte[X25519.PointSize]; + byte[] qB = new byte[X25519.PointSize]; + byte[] sA = new byte[X25519.PointSize]; + byte[] sB = new byte[X25519.PointSize]; for (int i = 1; i <= 100; ++i) { @@ -116,38 +116,43 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748.Tests private static void CheckECDHVector(string sA, string sAPub, string sB, string sBPub, string sK, string text) { byte[] a = Hex.Decode(sA); + Assert.AreEqual(X25519.ScalarSize, a.Length); + byte[] b = Hex.Decode(sB); + Assert.AreEqual(X25519.ScalarSize, b.Length); - byte[] aPub = new byte[32]; + byte[] aPub = new byte[X25519.PointSize]; X25519.ScalarMultBase(a, 0, aPub, 0); CheckValue(aPub, text, sAPub); - byte[] bPub = new byte[32]; + byte[] bPub = new byte[X25519.PointSize]; X25519.ScalarMultBase(b, 0, bPub, 0); CheckValue(bPub, text, sBPub); - byte[] aK = new byte[32]; + byte[] aK = new byte[X25519.PointSize]; X25519.ScalarMult(a, 0, bPub, 0, aK, 0); CheckValue(aK, text, sK); - byte[] bK = new byte[32]; + byte[] bK = new byte[X25519.PointSize]; X25519.ScalarMult(b, 0, aPub, 0, bK, 0); CheckValue(bK, text, sK); } private static void CheckIterated(int count) { - byte[] k = new byte[32]; k[0] = 9; - byte[] u = new byte[32]; u[0] = 9; - byte[] r = new byte[32]; + Assert.AreEqual(X25519.PointSize, X25519.ScalarSize); + + byte[] k = new byte[X25519.PointSize]; k[0] = 9; + byte[] u = new byte[X25519.PointSize]; u[0] = 9; + byte[] r = new byte[X25519.PointSize]; int iterations = 0; while (iterations < count) { X25519.ScalarMult(k, 0, u, 0, r, 0); - Array.Copy(k, 0, u, 0, 32); - Array.Copy(r, 0, k, 0, 32); + Array.Copy(k, 0, u, 0, X25519.PointSize); + Array.Copy(r, 0, k, 0, X25519.PointSize); switch (++iterations) { @@ -175,8 +180,12 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748.Tests private static void CheckX25519Vector(string sk, string su, string se, string text) { byte[] k = Hex.Decode(sk); + Assert.AreEqual(X25519.ScalarSize, k.Length); + byte[] u = Hex.Decode(su); - byte[] r = new byte[32]; + Assert.AreEqual(X25519.PointSize, u.Length); + + byte[] r = new byte[X25519.PointSize]; X25519.ScalarMult(k, 0, u, 0, r, 0); CheckValue(r, text, se); } diff --git a/crypto/test/src/math/ec/rfc7748/test/X448Test.cs b/crypto/test/src/math/ec/rfc7748/test/X448Test.cs index b095eade0..df0158b96 100644 --- a/crypto/test/src/math/ec/rfc7748/test/X448Test.cs +++ b/crypto/test/src/math/ec/rfc7748/test/X448Test.cs @@ -22,10 +22,10 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748.Tests [Test] public void TestConsistency() { - byte[] u = new byte[56]; u[0] = 5; - byte[] k = new byte[56]; - byte[] rF = new byte[56]; - byte[] rV = new byte[56]; + byte[] u = new byte[X448.PointSize]; u[0] = 5; + byte[] k = new byte[X448.ScalarSize]; + byte[] rF = new byte[X448.PointSize]; + byte[] rV = new byte[X448.PointSize]; for (int i = 1; i <= 100; ++i) { @@ -39,12 +39,12 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748.Tests [Test] public void TestECDH() { - byte[] kA = new byte[56]; - byte[] kB = new byte[56]; - byte[] qA = new byte[56]; - byte[] qB = new byte[56]; - byte[] sA = new byte[56]; - byte[] sB = new byte[56]; + byte[] kA = new byte[X448.ScalarSize]; + byte[] kB = new byte[X448.ScalarSize]; + byte[] qA = new byte[X448.PointSize]; + byte[] qB = new byte[X448.PointSize]; + byte[] sA = new byte[X448.PointSize]; + byte[] sB = new byte[X448.PointSize]; for (int i = 1; i <= 100; ++i) { @@ -112,38 +112,43 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748.Tests private static void CheckECDHVector(string sA, string sAPub, string sB, string sBPub, string sK, string text) { byte[] a = Hex.Decode(sA); + Assert.AreEqual(X448.ScalarSize, a.Length); + byte[] b = Hex.Decode(sB); + Assert.AreEqual(X448.ScalarSize, b.Length); - byte[] aPub = new byte[56]; + byte[] aPub = new byte[X448.PointSize]; X448.ScalarMultBase(a, 0, aPub, 0); CheckValue(aPub, text, sAPub); - byte[] bPub = new byte[56]; + byte[] bPub = new byte[X448.PointSize]; X448.ScalarMultBase(b, 0, bPub, 0); CheckValue(bPub, text, sBPub); - byte[] aK = new byte[56]; + byte[] aK = new byte[X448.PointSize]; X448.ScalarMult(a, 0, bPub, 0, aK, 0); CheckValue(aK, text, sK); - byte[] bK = new byte[56]; + byte[] bK = new byte[X448.PointSize]; X448.ScalarMult(b, 0, aPub, 0, bK, 0); CheckValue(bK, text, sK); } private static void CheckIterated(int count) { - byte[] k = new byte[56]; k[0] = 5; - byte[] u = new byte[56]; u[0] = 5; - byte[] r = new byte[56]; + Assert.AreEqual(X448.PointSize, X448.ScalarSize); + + byte[] k = new byte[X448.PointSize]; k[0] = 5; + byte[] u = new byte[X448.PointSize]; u[0] = 5; + byte[] r = new byte[X448.PointSize]; int iterations = 0; while (iterations < count) { X448.ScalarMult(k, 0, u, 0, r, 0); - Array.Copy(k, 0, u, 0, 56); - Array.Copy(r, 0, k, 0, 56); + Array.Copy(k, 0, u, 0, X448.PointSize); + Array.Copy(r, 0, k, 0, X448.PointSize); switch (++iterations) { @@ -165,17 +170,21 @@ namespace Org.BouncyCastle.Math.EC.Rfc7748.Tests } } - private static void CheckValue(byte[] n, String text, String se) + private static void CheckValue(byte[] n, string text, string se) { byte[] e = Hex.Decode(se); Assert.IsTrue(Arrays.AreEqual(e, n), text); } - private static void CheckX448Vector(String sk, String su, String se, String text) + private static void CheckX448Vector(string sk, string su, string se, string text) { byte[] k = Hex.Decode(sk); + Assert.AreEqual(X448.ScalarSize, k.Length); + byte[] u = Hex.Decode(su); - byte[] r = new byte[56]; + Assert.AreEqual(X448.PointSize, u.Length); + + byte[] r = new byte[X448.PointSize]; X448.ScalarMult(k, 0, u, 0, r, 0); CheckValue(r, text, se); } diff --git a/crypto/test/src/math/ec/rfc8032/test/Ed25519Test.cs b/crypto/test/src/math/ec/rfc8032/test/Ed25519Test.cs index 43ea23988..8a61609af 100644 --- a/crypto/test/src/math/ec/rfc8032/test/Ed25519Test.cs +++ b/crypto/test/src/math/ec/rfc8032/test/Ed25519Test.cs @@ -2,6 +2,7 @@ using NUnit.Framework; +using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Encoders; @@ -35,21 +36,98 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032.Tests Random.NextBytes(sk); Ed25519.GeneratePublicKey(sk, 0, pk, 0); - int mLen = Random.Next() & 255; + int mLen = Random.NextInt() & 255; Ed25519.Sign(sk, 0, m, 0, mLen, sig1, 0); Ed25519.Sign(sk, 0, pk, 0, m, 0, mLen, sig2, 0); - Assert.IsTrue(Arrays.AreEqual(sig1, sig2), "Consistent signatures #" + i); + Assert.IsTrue(Arrays.AreEqual(sig1, sig2), "Ed25519 consistent signatures #" + i); bool shouldVerify = Ed25519.Verify(sig1, 0, pk, 0, m, 0, mLen); - Assert.IsTrue(shouldVerify, "Consistent sign/verify #" + i); + Assert.IsTrue(shouldVerify, "Ed25519 consistent sign/verify #" + i); sig1[Ed25519.PublicKeySize - 1] ^= 0x80; bool shouldNotVerify = Ed25519.Verify(sig1, 0, pk, 0, m, 0, mLen); - Assert.IsFalse(shouldNotVerify, "Consistent verification failure #" + i); + Assert.IsFalse(shouldNotVerify, "Ed25519 consistent verification failure #" + i); + } + } + + [Test] + public void TestEd25519ctxConsistency() + { + byte[] sk = new byte[Ed25519.SecretKeySize]; + byte[] pk = new byte[Ed25519.PublicKeySize]; + byte[] ctx = new byte[Random.NextInt() & 7]; + byte[] m = new byte[255]; + byte[] sig1 = new byte[Ed25519.SignatureSize]; + byte[] sig2 = new byte[Ed25519.SignatureSize]; + + Random.NextBytes(ctx); + Random.NextBytes(m); + + for (int i = 0; i < 10; ++i) + { + Random.NextBytes(sk); + Ed25519.GeneratePublicKey(sk, 0, pk, 0); + + int mLen = Random.NextInt() & 255; + + Ed25519.Sign(sk, 0, ctx, m, 0, mLen, sig1, 0); + Ed25519.Sign(sk, 0, pk, 0, ctx, m, 0, mLen, sig2, 0); + + Assert.IsTrue(Arrays.AreEqual(sig1, sig2), "Ed25519ctx consistent signatures #" + i); + + bool shouldVerify = Ed25519.Verify(sig1, 0, pk, 0, ctx, m, 0, mLen); + + Assert.IsTrue(shouldVerify, "Ed25519ctx consistent sign/verify #" + i); + + sig1[Ed25519.PublicKeySize - 1] ^= 0x80; + bool shouldNotVerify = Ed25519.Verify(sig1, 0, pk, 0, ctx, m, 0, mLen); + + Assert.IsFalse(shouldNotVerify, "Ed25519ctx consistent verification failure #" + i); + } + } + + [Test] + public void TestEd25519phConsistency() + { + byte[] sk = new byte[Ed25519.SecretKeySize]; + byte[] pk = new byte[Ed25519.PublicKeySize]; + byte[] ctx = new byte[Random.NextInt() & 7]; + byte[] m = new byte[255]; + byte[] ph = new byte[Ed25519.PrehashSize]; + byte[] sig1 = new byte[Ed25519.SignatureSize]; + byte[] sig2 = new byte[Ed25519.SignatureSize]; + + Random.NextBytes(ctx); + Random.NextBytes(m); + + for (int i = 0; i < 10; ++i) + { + Random.NextBytes(sk); + Ed25519.GeneratePublicKey(sk, 0, pk, 0); + + int mLen = Random.NextInt() & 255; + + IDigest prehash = Ed25519.CreatePrehash(); + prehash.BlockUpdate(m, 0, mLen); + prehash.DoFinal(ph, 0); + + Ed25519.SignPrehash(sk, 0, ctx, ph, 0, sig1, 0); + Ed25519.SignPrehash(sk, 0, pk, 0, ctx, ph, 0, sig2, 0); + + Assert.IsTrue(Arrays.AreEqual(sig1, sig2), "Ed25519ph consistent signatures #" + i); + + bool shouldVerify = Ed25519.VerifyPrehash(sig1, 0, pk, 0, ctx, ph, 0); + + Assert.IsTrue(shouldVerify, "Ed25519ph consistent sign/verify #" + i); + + sig1[Ed25519.PublicKeySize - 1] ^= 0x80; + bool shouldNotVerify = Ed25519.VerifyPrehash(sig1, 0, pk, 0, ctx, ph, 0); + + Assert.IsFalse(shouldNotVerify, "Ed25519ph consistent verification failure #" + i); } } @@ -201,18 +279,107 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032.Tests + "3dca179c138ac17ad9bef1177331a704"), "Ed25519 Vector SHA(abc)"); } - + + [Test] + public void TestEd25519ctxVector1() + { + CheckEd25519ctxVector( + ("0305334e381af78f141cb666f6199f57" + + "bc3495335a256a95bd2a55bf546663f6"), + ("dfc9425e4f968f7f0c29f0259cf5f9ae" + + "d6851c2bb4ad8bfb860cfee0ab248292"), + "f726936d19c800494e3fdaff20b276a8", + "666f6f", + ("55a4cc2f70a54e04288c5f4cd1e45a7b" + + "b520b36292911876cada7323198dd87a" + + "8b36950b95130022907a7fb7c4e9b2d5" + + "f6cca685a587b4b21f4b888e4e7edb0d"), + "Ed25519ctx Vector #1"); + } + + [Test] + public void TestEd25519ctxVector2() + { + CheckEd25519ctxVector( + ("0305334e381af78f141cb666f6199f57" + + "bc3495335a256a95bd2a55bf546663f6"), + ("dfc9425e4f968f7f0c29f0259cf5f9ae" + + "d6851c2bb4ad8bfb860cfee0ab248292"), + "f726936d19c800494e3fdaff20b276a8", + "626172", + ("fc60d5872fc46b3aa69f8b5b4351d580" + + "8f92bcc044606db097abab6dbcb1aee3" + + "216c48e8b3b66431b5b186d1d28f8ee1" + + "5a5ca2df6668346291c2043d4eb3e90d"), + "Ed25519ctx Vector #2"); + } + + [Test] + public void TestEd25519ctxVector3() + { + CheckEd25519ctxVector( + ("0305334e381af78f141cb666f6199f57" + + "bc3495335a256a95bd2a55bf546663f6"), + ("dfc9425e4f968f7f0c29f0259cf5f9ae" + + "d6851c2bb4ad8bfb860cfee0ab248292"), + "508e9e6882b979fea900f62adceaca35", + "666f6f", + ("8b70c1cc8310e1de20ac53ce28ae6e72" + + "07f33c3295e03bb5c0732a1d20dc6490" + + "8922a8b052cf99b7c4fe107a5abb5b2c" + + "4085ae75890d02df26269d8945f84b0b"), + "Ed25519ctx Vector #3"); + } + + [Test] + public void TestEd25519ctxVector4() + { + CheckEd25519ctxVector( + ("ab9c2853ce297ddab85c993b3ae14bca" + + "d39b2c682beabc27d6d4eb20711d6560"), + ("0f1d1274943b91415889152e893d80e9" + + "3275a1fc0b65fd71b4b0dda10ad7d772"), + "f726936d19c800494e3fdaff20b276a8", + "666f6f", + ("21655b5f1aa965996b3f97b3c849eafb" + + "a922a0a62992f73b3d1b73106a84ad85" + + "e9b86a7b6005ea868337ff2d20a7f5fb" + + "d4cd10b0be49a68da2b2e0dc0ad8960f"), + "Ed25519ctx Vector #4"); + } + + [Test] + public void TestEd25519phVector1() + { + CheckEd25519phVector( + ("833fe62409237b9d62ec77587520911e" + + "9a759cec1d19755b7da901b96dca3d42"), + ("ec172b93ad5e563bf4932c70e1245034" + + "c35467ef2efd4d64ebf819683467e2bf"), + "616263", + "", + ("98a70222f0b8121aa9d30f813d683f80" + + "9e462b469c7ff87639499bb94e6dae41" + + "31f85042463c2a355a2003d062adf5aa" + + "a10b8c61e636062aaad11c2a26083406"), + "Ed25519ph Vector #1"); + } + private static void CheckEd25519Vector(string sSK, string sPK, string sM, string sSig, string text) { byte[] sk = Hex.Decode(sSK); - byte[] pk = Hex.Decode(sPK); + byte[] pkGen = new byte[Ed25519.PublicKeySize]; Ed25519.GeneratePublicKey(sk, 0, pkGen, 0); Assert.IsTrue(Arrays.AreEqual(pk, pkGen), text); byte[] m = Hex.Decode(sM); byte[] sig = Hex.Decode(sSig); + + byte[] badsig = Arrays.Clone(sig); + badsig[Ed25519.SignatureSize - 1] ^= 0x80; + byte[] sigGen = new byte[Ed25519.SignatureSize]; Ed25519.Sign(sk, 0, m, 0, m.Length, sigGen, 0); Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); @@ -223,9 +390,109 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032.Tests bool shouldVerify = Ed25519.Verify(sig, 0, pk, 0, m, 0, m.Length); Assert.IsTrue(shouldVerify, text); - sig[Ed25519.SignatureSize - 1] ^= 0x80; - bool shouldNotVerify = Ed25519.Verify(sig, 0, pk, 0, m, 0, m.Length); + bool shouldNotVerify = Ed25519.Verify(badsig, 0, pk, 0, m, 0, m.Length); + Assert.IsFalse(shouldNotVerify, text); + } + + private static void CheckEd25519ctxVector(string sSK, string sPK, string sM, string sCTX, string sSig, string text) + { + byte[] sk = Hex.Decode(sSK); + byte[] pk = Hex.Decode(sPK); + + byte[] pkGen = new byte[Ed25519.PublicKeySize]; + Ed25519.GeneratePublicKey(sk, 0, pkGen, 0); + Assert.IsTrue(Arrays.AreEqual(pk, pkGen), text); + + byte[] m = Hex.Decode(sM); + byte[] ctx = Hex.Decode(sCTX); + byte[] sig = Hex.Decode(sSig); + + byte[] badsig = Arrays.Clone(sig); + badsig[Ed25519.SignatureSize - 1] ^= 0x80; + + byte[] sigGen = new byte[Ed25519.SignatureSize]; + Ed25519.Sign(sk, 0, ctx, m, 0, m.Length, sigGen, 0); + Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); + + Ed25519.Sign(sk, 0, pk, 0, ctx, m, 0, m.Length, sigGen, 0); + Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); + + bool shouldVerify = Ed25519.Verify(sig, 0, pk, 0, ctx, m, 0, m.Length); + Assert.IsTrue(shouldVerify, text); + + bool shouldNotVerify = Ed25519.Verify(badsig, 0, pk, 0, ctx, m, 0, m.Length); Assert.IsFalse(shouldNotVerify, text); } + + private static void CheckEd25519phVector(string sSK, string sPK, string sM, string sCTX, string sSig, string text) + { + byte[] sk = Hex.Decode(sSK); + byte[] pk = Hex.Decode(sPK); + + byte[] pkGen = new byte[Ed25519.PublicKeySize]; + Ed25519.GeneratePublicKey(sk, 0, pkGen, 0); + Assert.IsTrue(Arrays.AreEqual(pk, pkGen), text); + + byte[] m = Hex.Decode(sM); + byte[] ctx = Hex.Decode(sCTX); + byte[] sig = Hex.Decode(sSig); + + byte[] badsig = Arrays.Clone(sig); + badsig[Ed25519.SignatureSize - 1] ^= 0x80; + + byte[] sigGen = new byte[Ed25519.SignatureSize]; + + { + IDigest prehash = Ed25519.CreatePrehash(); + prehash.BlockUpdate(m, 0, m.Length); + + byte[] ph = new byte[Ed25519.PrehashSize]; + prehash.DoFinal(ph, 0); + + Ed25519.SignPrehash(sk, 0, ctx, ph, 0, sigGen, 0); + Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); + + Ed25519.SignPrehash(sk, 0, pk, 0, ctx, ph, 0, sigGen, 0); + Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); + + bool shouldVerify = Ed25519.VerifyPrehash(sig, 0, pk, 0, ctx, ph, 0); + Assert.IsTrue(shouldVerify, text); + + bool shouldNotVerify = Ed25519.VerifyPrehash(badsig, 0, pk, 0, ctx, ph, 0); + Assert.IsFalse(shouldNotVerify, text); + } + + { + IDigest ph = Ed25519.CreatePrehash(); + ph.BlockUpdate(m, 0, m.Length); + + Ed25519.SignPrehash(sk, 0, ctx, ph, sigGen, 0); + Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); + } + + { + IDigest ph = Ed25519.CreatePrehash(); + ph.BlockUpdate(m, 0, m.Length); + + Ed25519.SignPrehash(sk, 0, pk, 0, ctx, ph, sigGen, 0); + Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); + } + + { + IDigest ph = Ed25519.CreatePrehash(); + ph.BlockUpdate(m, 0, m.Length); + + bool shouldVerify = Ed25519.VerifyPrehash(sig, 0, pk, 0, ctx, ph); + Assert.IsTrue(shouldVerify, text); + } + + { + IDigest ph = Ed25519.CreatePrehash(); + ph.BlockUpdate(m, 0, m.Length); + + bool shouldNotVerify = Ed25519.VerifyPrehash(badsig, 0, pk, 0, ctx, ph); + Assert.IsFalse(shouldNotVerify, text); + } + } } } diff --git a/crypto/test/src/math/ec/rfc8032/test/Ed448Test.cs b/crypto/test/src/math/ec/rfc8032/test/Ed448Test.cs index 98c487c09..cc8e82de0 100644 --- a/crypto/test/src/math/ec/rfc8032/test/Ed448Test.cs +++ b/crypto/test/src/math/ec/rfc8032/test/Ed448Test.cs @@ -2,6 +2,7 @@ using NUnit.Framework; +using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Encoders; @@ -24,7 +25,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032.Tests { byte[] sk = new byte[Ed448.SecretKeySize]; byte[] pk = new byte[Ed448.PublicKeySize]; - byte[] ctx = new byte[Random.Next() & 7]; + byte[] ctx = new byte[Random.NextInt() & 7]; byte[] m = new byte[255]; byte[] sig1 = new byte[Ed448.SignatureSize]; byte[] sig2 = new byte[Ed448.SignatureSize]; @@ -37,21 +38,62 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032.Tests Random.NextBytes(sk); Ed448.GeneratePublicKey(sk, 0, pk, 0); - int mLen = Random.Next() & 255; + int mLen = Random.NextInt() & 255; Ed448.Sign(sk, 0, ctx, m, 0, mLen, sig1, 0); Ed448.Sign(sk, 0, pk, 0, ctx, m, 0, mLen, sig2, 0); - Assert.IsTrue(Arrays.AreEqual(sig1, sig2), "Consistent signatures #" + i); + Assert.IsTrue(Arrays.AreEqual(sig1, sig2), "Ed448 consistent signatures #" + i); bool shouldVerify = Ed448.Verify(sig1, 0, pk, 0, ctx, m, 0, mLen); - Assert.IsTrue(shouldVerify, "Consistent sign/verify #" + i); + Assert.IsTrue(shouldVerify, "Ed448 consistent sign/verify #" + i); sig1[Ed448.PublicKeySize - 1] ^= 0x80; bool shouldNotVerify = Ed448.Verify(sig1, 0, pk, 0, ctx, m, 0, mLen); - Assert.IsFalse(shouldNotVerify, "Consistent verification failure #" + i); + Assert.IsFalse(shouldNotVerify, "Ed448 consistent verification failure #" + i); + } + } + + [Test] + public void TestEd448phConsistency() + { + byte[] sk = new byte[Ed448.SecretKeySize]; + byte[] pk = new byte[Ed448.PublicKeySize]; + byte[] ctx = new byte[Random.NextInt() & 7]; + byte[] m = new byte[255]; + byte[] ph = new byte[Ed448.PrehashSize]; + byte[] sig1 = new byte[Ed448.SignatureSize]; + byte[] sig2 = new byte[Ed448.SignatureSize]; + + Random.NextBytes(ctx); + Random.NextBytes(m); + + for (int i = 0; i < 10; ++i) + { + Random.NextBytes(sk); + Ed448.GeneratePublicKey(sk, 0, pk, 0); + + int mLen = Random.NextInt() & 255; + + IXof prehash = Ed448.CreatePrehash(); + prehash.BlockUpdate(m, 0, mLen); + prehash.DoFinal(ph, 0, ph.Length); + + Ed448.SignPrehash(sk, 0, ctx, ph, 0, sig1, 0); + Ed448.SignPrehash(sk, 0, pk, 0, ctx, ph, 0, sig2, 0); + + Assert.IsTrue(Arrays.AreEqual(sig1, sig2), "Ed448ph consistent signatures #" + i); + + bool shouldVerify = Ed448.VerifyPrehash(sig1, 0, pk, 0, ctx, ph, 0); + + Assert.IsTrue(shouldVerify, "Ed448ph consistent sign/verify #" + i); + + sig1[Ed448.PublicKeySize - 1] ^= 0x80; + bool shouldNotVerify = Ed448.VerifyPrehash(sig1, 0, pk, 0, ctx, ph, 0); + + Assert.IsFalse(shouldNotVerify, "Ed448ph consistent verification failure #" + i); } } @@ -370,11 +412,61 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032.Tests "Ed448 Vector #1023"); } + [Test] + public void TestEd448phVector1() + { + CheckEd448phVector( + ("833fe62409237b9d62ec77587520911e" + + "9a759cec1d19755b7da901b96dca3d42" + + "ef7822e0d5104127dc05d6dbefde69e3" + + "ab2cec7c867c6e2c49"), + ("259b71c19f83ef77a7abd26524cbdb31" + + "61b590a48f7d17de3ee0ba9c52beb743" + + "c09428a131d6b1b57303d90d8132c276" + + "d5ed3d5d01c0f53880"), + "616263", + "", + ("822f6901f7480f3d5f562c592994d969" + + "3602875614483256505600bbc281ae38" + + "1f54d6bce2ea911574932f52a4e6cadd" + + "78769375ec3ffd1b801a0d9b3f4030cd" + + "433964b6457ea39476511214f97469b5" + + "7dd32dbc560a9a94d00bff07620464a3" + + "ad203df7dc7ce360c3cd3696d9d9fab9" + + "0f00"), + "Ed448ph Vector #1"); + } + + [Test] + public void TestEd448phVector2() + { + CheckEd448phVector( + ("833fe62409237b9d62ec77587520911e" + + "9a759cec1d19755b7da901b96dca3d42" + + "ef7822e0d5104127dc05d6dbefde69e3" + + "ab2cec7c867c6e2c49"), + ("259b71c19f83ef77a7abd26524cbdb31" + + "61b590a48f7d17de3ee0ba9c52beb743" + + "c09428a131d6b1b57303d90d8132c276" + + "d5ed3d5d01c0f53880"), + "616263", + "666f6f", + ("c32299d46ec8ff02b54540982814dce9" + + "a05812f81962b649d528095916a2aa48" + + "1065b1580423ef927ecf0af5888f90da" + + "0f6a9a85ad5dc3f280d91224ba9911a3" + + "653d00e484e2ce232521481c8658df30" + + "4bb7745a73514cdb9bf3e15784ab7128" + + "4f8d0704a608c54a6b62d97beb511d13" + + "2100"), + "Ed448ph Vector #2"); + } + private static void CheckEd448Vector(string sSK, string sPK, string sM, string sCTX, string sSig, string text) { byte[] sk = Hex.Decode(sSK); - byte[] pk = Hex.Decode(sPK); + byte[] pkGen = new byte[Ed448.PublicKeySize]; Ed448.GeneratePublicKey(sk, 0, pkGen, 0); Assert.IsTrue(Arrays.AreEqual(pk, pkGen), text); @@ -383,6 +475,10 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032.Tests byte[] ctx = Hex.Decode(sCTX); byte[] sig = Hex.Decode(sSig); byte[] sigGen = new byte[Ed448.SignatureSize]; + + byte[] badsig = Arrays.Clone(sig); + badsig[Ed448.SignatureSize - 1] ^= 0x80; + Ed448.Sign(sk, 0, ctx, m, 0, m.Length, sigGen, 0); Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); @@ -392,9 +488,79 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032.Tests bool shouldVerify = Ed448.Verify(sig, 0, pk, 0, ctx, m, 0, m.Length); Assert.IsTrue(shouldVerify, text); - sig[Ed448.SignatureSize - 1] ^= 0x80; - bool shouldNotVerify = Ed448.Verify(sig, 0, pk, 0, ctx, m, 0, m.Length); + bool shouldNotVerify = Ed448.Verify(badsig, 0, pk, 0, ctx, m, 0, m.Length); Assert.IsFalse(shouldNotVerify, text); } + + private static void CheckEd448phVector(string sSK, string sPK, string sM, string sCTX, string sSig, string text) + { + byte[] sk = Hex.Decode(sSK); + byte[] pk = Hex.Decode(sPK); + + byte[] pkGen = new byte[Ed448.PublicKeySize]; + Ed448.GeneratePublicKey(sk, 0, pkGen, 0); + Assert.IsTrue(Arrays.AreEqual(pk, pkGen), text); + + byte[] m = Hex.Decode(sM); + byte[] ctx = Hex.Decode(sCTX); + byte[] sig = Hex.Decode(sSig); + + byte[] badsig = Arrays.Clone(sig); + badsig[Ed448.SignatureSize - 1] ^= 0x80; + + byte[] sigGen = new byte[Ed448.SignatureSize]; + + { + IXof prehash = Ed448.CreatePrehash(); + prehash.BlockUpdate(m, 0, m.Length); + + byte[] ph = new byte[Ed448.PrehashSize]; + prehash.DoFinal(ph, 0, ph.Length); + + Ed448.SignPrehash(sk, 0, ctx, ph, 0, sigGen, 0); + Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); + + Ed448.SignPrehash(sk, 0, pk, 0, ctx, ph, 0, sigGen, 0); + Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); + + bool shouldVerify = Ed448.VerifyPrehash(sig, 0, pk, 0, ctx, ph, 0); + Assert.IsTrue(shouldVerify, text); + + bool shouldNotVerify = Ed448.VerifyPrehash(badsig, 0, pk, 0, ctx, ph, 0); + Assert.IsFalse(shouldNotVerify, text); + } + + { + IXof ph = Ed448.CreatePrehash(); + ph.BlockUpdate(m, 0, m.Length); + + Ed448.SignPrehash(sk, 0, ctx, ph, sigGen, 0); + Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); + } + + { + IXof ph = Ed448.CreatePrehash(); + ph.BlockUpdate(m, 0, m.Length); + + Ed448.SignPrehash(sk, 0, pk, 0, ctx, ph, sigGen, 0); + Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); + } + + { + IXof ph = Ed448.CreatePrehash(); + ph.BlockUpdate(m, 0, m.Length); + + bool shouldVerify = Ed448.VerifyPrehash(sig, 0, pk, 0, ctx, ph); + Assert.IsTrue(shouldVerify, text); + } + + { + IXof ph = Ed448.CreatePrehash(); + ph.BlockUpdate(m, 0, m.Length); + + bool shouldNotVerify = Ed448.VerifyPrehash(badsig, 0, pk, 0, ctx, ph); + Assert.IsFalse(shouldNotVerify, text); + } + } } } diff --git a/crypto/test/src/openpgp/examples/DirectKeySignature.cs b/crypto/test/src/openpgp/examples/DirectKeySignature.cs index a6bf8e755..3926a787b 100644 --- a/crypto/test/src/openpgp/examples/DirectKeySignature.cs +++ b/crypto/test/src/openpgp/examples/DirectKeySignature.cs @@ -38,11 +38,11 @@ namespace Org.BouncyCastle.Bcpg.OpenPgp.Examples Console.WriteLine("Signature date is: " + sig.GetHashedSubPackets().GetSignatureCreationTime()); - NotationData[] data = sig.GetHashedSubPackets().GetNotationDataOccurences(); + NotationData[] data = sig.GetHashedSubPackets().GetNotationDataOccurrences(); for (int i = 0; i < data.Length; i++) { - Console.WriteLine("Found Notaion named '" + data[i].GetNotationName() + Console.WriteLine("Found Notation named '" + data[i].GetNotationName() +"' with content '" + data[i].GetNotationValue() + "'."); } } diff --git a/crypto/test/src/security/test/TestSignerUtil.cs b/crypto/test/src/security/test/TestSignerUtil.cs index 144ab67b1..afd85ff4d 100644 --- a/crypto/test/src/security/test/TestSignerUtil.cs +++ b/crypto/test/src/security/test/TestSignerUtil.cs @@ -94,6 +94,14 @@ namespace Org.BouncyCastle.Security.Tests AsymmetricCipherKeyPair ecGostPair = ecGostKpg.GenerateKeyPair(); + IAsymmetricCipherKeyPairGenerator ed25519Kpg = GeneratorUtilities.GetKeyPairGenerator("Ed25519"); + ed25519Kpg.Init(new Ed25519KeyGenerationParameters(new SecureRandom())); + AsymmetricCipherKeyPair ed25519Pair = ed25519Kpg.GenerateKeyPair(); + + IAsymmetricCipherKeyPairGenerator ed448Kpg = GeneratorUtilities.GetKeyPairGenerator("Ed448"); + ed448Kpg.Init(new Ed448KeyGenerationParameters(new SecureRandom())); + AsymmetricCipherKeyPair ed448Pair = ed448Kpg.GenerateKeyPair(); + // // GOST3410 parameters // @@ -147,6 +155,16 @@ namespace Org.BouncyCastle.Security.Tests signParams = ecGostPair.Private; verifyParams = ecGostPair.Public; } + else if (cipherName == "ED25519") + { + signParams = ed25519Pair.Private; + verifyParams = ed25519Pair.Public; + } + else if (cipherName == "ED448") + { + signParams = ed448Pair.Private; + verifyParams = ed448Pair.Public; + } else if (cipherName == "GOST3410") { signParams = gostPair.Private; diff --git a/crypto/test/src/test/RegressionTest.cs b/crypto/test/src/test/RegressionTest.cs index 9b55dffa6..6d323e84f 100644 --- a/crypto/test/src/test/RegressionTest.cs +++ b/crypto/test/src/test/RegressionTest.cs @@ -64,6 +64,7 @@ namespace Org.BouncyCastle.Tests new MqvTest(), new CMacTest(), new Crl5Test(), + new SM4Test() }; public static void MainOld( diff --git a/crypto/test/src/test/SM4Test.cs b/crypto/test/src/test/SM4Test.cs new file mode 100644 index 000000000..5d36b3431 --- /dev/null +++ b/crypto/test/src/test/SM4Test.cs @@ -0,0 +1,149 @@ +using System; +using System.IO; + +using NUnit.Framework; + +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.IO; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Security; +using Org.BouncyCastle.Utilities.Encoders; + +namespace Org.BouncyCastle.Tests +{ + /** + * basic test class for SM4 + */ + [TestFixture] + public class SM4Test + : BaseBlockCipherTest + { + internal static readonly string[] cipherTests = + { + "128", + "0123456789abcdeffedcba9876543210", + "0123456789abcdeffedcba9876543210", + "681edf34d206965e86b3e94f536e4246" + }; + + public SM4Test() + : base("SM4") + { + } + + public void DoTest( + int strength, + byte[] keyBytes, + byte[] input, + byte[] output) + { + KeyParameter key = ParameterUtilities.CreateKeyParameter("SM4", keyBytes); + + IBufferedCipher inCipher = CipherUtilities.GetCipher("SM4/ECB/NoPadding"); + IBufferedCipher outCipher = CipherUtilities.GetCipher("SM4/ECB/NoPadding"); + + try + { + outCipher.Init(true, key); + } + catch (Exception e) + { + Fail("SM4 failed initialisation - " + e, e); + } + + try + { + inCipher.Init(false, key); + } + catch (Exception e) + { + Fail("SM4 failed initialisation - " + e, e); + } + + // + // encryption pass + // + MemoryStream bOut = new MemoryStream(); + + CipherStream cOut = new CipherStream(bOut, null, outCipher); + + try + { + for (int i = 0; i != input.Length / 2; i++) + { + cOut.WriteByte(input[i]); + } + cOut.Write(input, input.Length / 2, input.Length - input.Length / 2); + cOut.Close(); + } + catch (IOException e) + { + Fail("SM4 failed encryption - " + e, e); + } + + byte[] bytes = bOut.ToArray(); + + if (!AreEqual(bytes, output)) + { + Fail("SM4 failed encryption - expected " + + Hex.ToHexString(output) + " got " + + Hex.ToHexString(bytes)); + } + + // + // decryption pass + // + MemoryStream bIn = new MemoryStream(bytes, false); + + CipherStream cIn = new CipherStream(bIn, inCipher, null); + + try + { +// DataInputStream dIn = new DataInputStream(cIn); + BinaryReader dIn = new BinaryReader(cIn); + + bytes = new byte[input.Length]; + + for (int i = 0; i != input.Length / 2; i++) + { +// bytes[i] = (byte)dIn.read(); + bytes[i] = dIn.ReadByte(); + } + + int remaining = bytes.Length - input.Length / 2; +// dIn.readFully(bytes, input.Length / 2, remaining); + byte[] extra = dIn.ReadBytes(remaining); + if (extra.Length < remaining) + throw new EndOfStreamException(); + extra.CopyTo(bytes, input.Length / 2); + } + catch (Exception e) + { + Fail("SM4 failed encryption - " + e, e); + } + + if (!AreEqual(bytes, input)) + { + Fail("SM4 failed decryption - expected " + + Hex.ToHexString(input) + " got " + + Hex.ToHexString(bytes)); + } + } + + public override void PerformTest() + { + for (int i = 0; i != cipherTests.Length; i += 4) + { + DoTest(int.Parse(cipherTests[i]), + Hex.Decode(cipherTests[i + 1]), + Hex.Decode(cipherTests[i + 2]), + Hex.Decode(cipherTests[i + 3])); + } + } + + public static void Main(string[] args) + { + RunTest(new SM4Test()); + } + } +} diff --git a/crypto/test/src/util/test/SimpleTest.cs b/crypto/test/src/util/test/SimpleTest.cs index 45b8a6a06..2e24964e2 100644 --- a/crypto/test/src/util/test/SimpleTest.cs +++ b/crypto/test/src/util/test/SimpleTest.cs @@ -27,6 +27,21 @@ namespace Org.BouncyCastle.Utilities.Test throw new TestFailedException(SimpleTestResult.Failed(this, message)); } + internal void Fail( + string message, + Exception throwable) + { + throw new TestFailedException(SimpleTestResult.Failed(this, message, throwable)); + } + + internal void Fail( + string message, + object expected, + object found) + { + throw new TestFailedException(SimpleTestResult.Failed(this, message, expected, found)); + } + internal void IsTrue(bool value) { if (!value) @@ -39,22 +54,44 @@ namespace Org.BouncyCastle.Utilities.Test throw new TestFailedException(SimpleTestResult.Failed(this, message)); } - internal void Fail( - string message, - Exception throwable) + internal void IsEquals(object a, object b) { - throw new TestFailedException(SimpleTestResult.Failed(this, message, throwable)); + if (!a.Equals(b)) + throw new TestFailedException(SimpleTestResult.Failed(this, "no message")); } - internal void Fail( - string message, - object expected, - object found) + internal void IsEquals(int a, int b) { - throw new TestFailedException(SimpleTestResult.Failed(this, message, expected, found)); + if (a != b) + throw new TestFailedException(SimpleTestResult.Failed(this, "no message")); + } + + internal void IsEquals(string message, bool a, bool b) + { + if (a != b) + throw new TestFailedException(SimpleTestResult.Failed(this, message)); + } + + internal void IsEquals(string message, long a, long b) + { + if (a != b) + throw new TestFailedException(SimpleTestResult.Failed(this, message)); + } + + internal void IsEquals(string message, object a, object b) + { + if (a == null && b == null) + return; + + if (a == null) + throw new TestFailedException(SimpleTestResult.Failed(this, message)); + if (b == null) + throw new TestFailedException(SimpleTestResult.Failed(this, message)); + if (!a.Equals(b)) + throw new TestFailedException(SimpleTestResult.Failed(this, message)); } - internal bool AreEqual( + internal bool AreEqual( byte[] a, byte[] b) { |