diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-02-18 15:15:45 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2023-02-18 15:15:45 +0700 |
| commit | 709c01752120684ece71f8e3aa4b71867b20e4ed (patch) | |
| tree | 0ac2c1d15c22e4a64895384ed37333f90b653a7c /crypto/test | |
| parent | ASN.1: "Alternative algorithm" types and extension OIDs (diff) | |
| download | BouncyCastle.NET-ed25519-709c01752120684ece71f8e3aa4b71867b20e4ed.tar.xz | |
Remove unready LWC engines for this release
Diffstat (limited to 'crypto/test')
| -rw-r--r-- | crypto/test/src/crypto/test/ElephantTest.cs | 408 | ||||
| -rw-r--r-- | crypto/test/src/crypto/test/ISAPTest.cs | 486 | ||||
| -rw-r--r-- | crypto/test/src/crypto/test/PhotonBeetleTest.cs | 468 | ||||
| -rw-r--r-- | crypto/test/src/crypto/test/SparkleTest.cs | 484 | ||||
| -rw-r--r-- | crypto/test/src/crypto/test/XoodyakTest.cs | 459 |
5 files changed, 0 insertions, 2305 deletions
diff --git a/crypto/test/src/crypto/test/ElephantTest.cs b/crypto/test/src/crypto/test/ElephantTest.cs deleted file mode 100644 index 7e7e131ab..000000000 --- a/crypto/test/src/crypto/test/ElephantTest.cs +++ /dev/null @@ -1,408 +0,0 @@ -using System; -using System.Collections.Generic; -using System.IO; - -using NUnit.Framework; - -using Org.BouncyCastle.Crypto.Engines; -using Org.BouncyCastle.Crypto.Modes; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Encoders; -using Org.BouncyCastle.Utilities.Test; - -namespace Org.BouncyCastle.Crypto.Tests -{ - public class ElephantTest - : SimpleTest - { - public override string Name => "Elephant"; - - [Test] - public override void PerformTest() - { - ImplTestVectors(ElephantEngine.ElephantParameters.elephant160, "v160"); - ImplTestVectors(ElephantEngine.ElephantParameters.elephant176, "v176"); - ImplTestVectors(ElephantEngine.ElephantParameters.elephant200, "v200"); - ElephantEngine elephantEngine = new ElephantEngine(ElephantEngine.ElephantParameters.elephant160); - ImplTestExceptions(elephantEngine, elephantEngine.GetKeyBytesSize(), elephantEngine.GetIVBytesSize(), elephantEngine.GetBlockSize()); - ImplTestParameters(elephantEngine, 16, 12, 8, 20); - elephantEngine = new ElephantEngine(ElephantEngine.ElephantParameters.elephant176); - ImplTestExceptions(elephantEngine, elephantEngine.GetKeyBytesSize(), elephantEngine.GetIVBytesSize(), elephantEngine.GetBlockSize()); - ImplTestParameters(elephantEngine, 16, 12, 8, 22); - elephantEngine = new ElephantEngine(ElephantEngine.ElephantParameters.elephant200); - ImplTestExceptions(elephantEngine, elephantEngine.GetKeyBytesSize(), elephantEngine.GetIVBytesSize(), elephantEngine.GetBlockSize()); - ImplTestParameters(elephantEngine, 16, 12, 16, 25); - } - - private void ImplTestVectors(ElephantEngine.ElephantParameters pbp, String filename) - { - ElephantEngine Elephant = new ElephantEngine(pbp); - ICipherParameters param; - var buf = new Dictionary<string, string>(); - using (var src = new StreamReader(SimpleTest.GetTestDataAsStream("crypto.elephant." + filename + "_LWC_AEAD_KAT_128_96.txt"))) - { - Dictionary<string, string> map = new Dictionary<string, string>(); - string line; - while ((line = src.ReadLine()) != null) - { - var data = line.Split(' '); - if (data.Length == 1) - { - byte[] key = Hex.Decode(map["Key"]); - byte[] nonce = Hex.Decode(map["Nonce"]); - byte[] ad = Hex.Decode(map["AD"]); - byte[] pt = Hex.Decode(map["PT"]); - byte[] ct = Hex.Decode(map["CT"]); - map.Clear(); - - param = new ParametersWithIV(new KeyParameter(key), nonce); - Elephant.Init(true, param); - Elephant.ProcessAadBytes(ad, 0, ad.Length); - byte[] rv = new byte[Elephant.GetOutputSize(pt.Length)]; - int len = Elephant.ProcessBytes(pt, 0, pt.Length, rv, 0); - Elephant.DoFinal(rv, len); - Assert.True(Arrays.AreEqual(rv, ct)); - Elephant.Reset(); - Elephant.Init(false, param); - //Decrypt - Elephant.ProcessAadBytes(ad, 0, ad.Length); - rv = new byte[pt.Length + 16]; - len = Elephant.ProcessBytes(ct, 0, ct.Length, rv, 0); - Elephant.DoFinal(rv, len); - byte[] pt_recovered = new byte[pt.Length]; - Array.Copy(rv, 0, pt_recovered, 0, pt.Length); - Assert.True(Arrays.AreEqual(pt, pt_recovered)); - Elephant.Reset(); - } - else - { - if (data.Length >= 3) - { - map[data[0].Trim()] = data[2].Trim(); - } - else - { - map[data[0].Trim()] = ""; - } - - } - } - } - } - - private void ImplTestExceptions(ElephantEngine elephantEngine, int keysize, int ivsize, int blocksize) - { - byte[] k = new byte[keysize]; - byte[] iv = new byte[ivsize]; - byte[] m = new byte[0]; - byte[] c1 = new byte[elephantEngine.GetOutputSize(m.Length)]; - var param = new ParametersWithIV(new KeyParameter(k), iv); - //try - //{ - // aeadBlockCipher.ProcessBytes(m, 0, m.Length, c1, 0); - // Assert.Fail(aeadBlockCipher.AlgorithmName + " needs to be initialized before ProcessBytes"); - //} - //catch (ArgumentException e) - //{ - // //expected - //} - - //try - //{ - // aeadBlockCipher.ProcessByte((byte)0, c1, 0); - // Assert.Fail(aeadBlockCipher.AlgorithmName + " needs to be initialized before ProcessByte"); - //} - //catch (ArgumentException e) - //{ - // //expected - //} - - //try - //{ - // aeadBlockCipher.Reset(); - // Assert.Fail(aeadBlockCipher.AlgorithmName + " needs to be initialized before Reset"); - //} - //catch (ArgumentException e) - //{ - // //expected - //} - - try - { - elephantEngine.DoFinal(c1, m.Length); - Assert.Fail(elephantEngine.AlgorithmName + " needs to be initialized before DoFinal"); - } - catch (ArgumentException) - { - //expected - } - - try - { - elephantEngine.GetMac(); - elephantEngine.GetOutputSize(0); - elephantEngine.GetUpdateOutputSize(0); - } - catch (ArgumentException) - { - //expected - Assert.Fail(elephantEngine.AlgorithmName + " functions can be called before initialization"); - } - Random rand = new Random(); - int randomNum; - while ((randomNum = rand.Next(100)) == keysize) ; - byte[] k1 = new byte[randomNum]; - while ((randomNum = rand.Next(100)) == ivsize) ; - byte[] iv1 = new byte[randomNum]; - try - { - elephantEngine.Init(true, new ParametersWithIV(new KeyParameter(k1), iv)); - Assert.Fail(elephantEngine.AlgorithmName + " k size does not match"); - } - catch (ArgumentException) - { - //expected - } - try - { - elephantEngine.Init(true, new ParametersWithIV(new KeyParameter(k), iv1)); - Assert.Fail(elephantEngine.AlgorithmName + "iv size does not match"); - } - catch (ArgumentException) - { - //expected - } - - - elephantEngine.Init(true, param); - try - { - elephantEngine.DoFinal(c1, m.Length); - } - catch (Exception) - { - Assert.Fail(elephantEngine.AlgorithmName + " allows no input for AAD and plaintext"); - } - byte[] mac2 = elephantEngine.GetMac(); - if (mac2 == null) - { - Assert.Fail("mac should not be empty after dofinal"); - } - if (!Arrays.AreEqual(mac2, c1)) - { - Assert.Fail("mac should be equal when calling dofinal and getMac"); - } - elephantEngine.ProcessAadByte((byte)0); - byte[] mac1 = new byte[elephantEngine.GetOutputSize(0)]; - elephantEngine.DoFinal(mac1, 0); - if (Arrays.AreEqual(mac1, mac2)) - { - Assert.Fail("mac should not match"); - } - //aeadBlockCipher.Reset(); - //aeadBlockCipher.ProcessBytes(new byte[blocksize], 0, blocksize, new byte[blocksize], 0); - //try - //{ - // aeadBlockCipher.ProcessAadByte((byte)0); - // Assert.Fail("ProcessAadByte(s) cannot be called after encryption/decryption"); - //} - //catch (ArgumentException e) - //{ - // //expected - //} - //try - //{ - // aeadBlockCipher.ProcessAadBytes(new byte[] { 0 }, 0, 1); - // Assert.Fail("ProcessAadByte(s) cannot be called once only"); - //} - //catch (ArgumentException e) - //{ - // //expected - //} - - elephantEngine.Reset(); - try - { - elephantEngine.ProcessAadBytes(new byte[] { 0 }, 1, 1); - Assert.Fail("input for ProcessAadBytes is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - elephantEngine.ProcessBytes(new byte[] { 0 }, 1, 1, c1, 0); - Assert.Fail("input for ProcessBytes is too short"); - } - catch (DataLengthException) - { - //expected - } - //try - //{ - // aeadBlockCipher.ProcessBytes(new byte[blocksize], 0, blocksize, new byte[blocksize], blocksize >> 1); - // Assert.Fail("output for ProcessBytes is too short"); - //} - //catch (OutputLengthException) - //{ - // //expected - //} - try - { - elephantEngine.DoFinal(new byte[2], 2); - Assert.Fail("output for DoFinal is too short"); - } - catch (OutputLengthException) - { - //expected - } - - mac1 = new byte[elephantEngine.GetOutputSize(0)]; - mac2 = new byte[elephantEngine.GetOutputSize(0)]; - elephantEngine.Reset(); - elephantEngine.ProcessAadBytes(new byte[] { 0, 0 }, 0, 2); - elephantEngine.DoFinal(mac1, 0); - elephantEngine.Reset(); - elephantEngine.ProcessAadByte((byte)0); - elephantEngine.ProcessAadByte((byte)0); - elephantEngine.DoFinal(mac2, 0); - if (!Arrays.AreEqual(mac1, mac2)) - { - Assert.Fail("mac should match for the same AAD with different ways of inputting"); - } - - byte[] c2 = new byte[elephantEngine.GetOutputSize(10)]; - byte[] c3 = new byte[elephantEngine.GetOutputSize(10) + 2]; - byte[] aad2 = { 0, 1, 2, 3, 4 }; - byte[] aad3 = { 0, 0, 1, 2, 3, 4, 5 }; - byte[] m2 = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; - byte[] m3 = { 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }; - byte[] m4 = new byte[m2.Length]; - elephantEngine.Reset(); - elephantEngine.ProcessAadBytes(aad2, 0, aad2.Length); - int offset = elephantEngine.ProcessBytes(m2, 0, m2.Length, c2, 0); - elephantEngine.DoFinal(c2, offset); - elephantEngine.Reset(); - elephantEngine.ProcessAadBytes(aad3, 1, aad2.Length); - offset = elephantEngine.ProcessBytes(m3, 1, m2.Length, c3, 1); - elephantEngine.DoFinal(c3, offset + 1); - byte[] c3_partial = new byte[c2.Length]; - Array.Copy(c3, 1, c3_partial, 0, c2.Length); - if (!Arrays.AreEqual(c2, c3_partial)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } - elephantEngine.Reset(); - elephantEngine.Init(false, param); - elephantEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = elephantEngine.ProcessBytes(c2, 0, c2.Length, m4, 0); - elephantEngine.DoFinal(m4, offset); - if (!Arrays.AreEqual(m2, m4)) - { - Assert.Fail("The encryption and decryption does not recover the plaintext"); - } - Console.WriteLine(elephantEngine.AlgorithmName + " test Exceptions pass"); - c2[c2.Length - 1] ^= 1; - elephantEngine.Reset(); - elephantEngine.Init(false, param); - elephantEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = elephantEngine.ProcessBytes(c2, 0, c2.Length, m4, 0); - try - { - elephantEngine.DoFinal(m4, offset); - Assert.Fail("The decryption should fail"); - } - catch (InvalidCipherTextException) - { - //expected; - } - c2[c2.Length - 1] ^= 1; - - byte[] m7 = new byte[blocksize * 2]; - for (int i = 0; i < m7.Length; ++i) - { - m7[i] = (byte)rand.Next(); - } - byte[] c7 = new byte[elephantEngine.GetOutputSize(m7.Length)]; - byte[] c8 = new byte[c7.Length]; - byte[] c9 = new byte[c7.Length]; - elephantEngine.Init(true, param); - elephantEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = elephantEngine.ProcessBytes(m7, 0, m7.Length, c7, 0); - elephantEngine.DoFinal(c7, offset); - elephantEngine.Reset(); - elephantEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = elephantEngine.ProcessBytes(m7, 0, blocksize, c8, 0); - offset += elephantEngine.ProcessBytes(m7, blocksize, m7.Length - blocksize, c8, offset); - elephantEngine.DoFinal(c8, offset); - elephantEngine.Reset(); - int split = rand.Next(blocksize * 2); - elephantEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = elephantEngine.ProcessBytes(m7, 0, split, c9, 0); - offset += elephantEngine.ProcessBytes(m7, split, m7.Length - split, c9, offset); - elephantEngine.DoFinal(c9, offset); - if (!Arrays.AreEqual(c7, c8) || !Arrays.AreEqual(c7, c9)) - { - Assert.Fail("Splitting input of plaintext should output the same ciphertext"); - } -#if NET6_0_OR_GREATER || NETSTANDARD2_1_OR_GREATER - Span<byte> c4_1 = new byte[c2.Length]; - Span<byte> c4_2 = new byte[c2.Length]; - ReadOnlySpan<byte> m5 = new ReadOnlySpan<byte>(m2); - ReadOnlySpan<byte> aad4 = new ReadOnlySpan<byte>(aad2); - elephantEngine.Init(true, param); - elephantEngine.ProcessAadBytes(aad4); - offset = elephantEngine.ProcessBytes(m5, c4_1); - elephantEngine.DoFinal(c4_2); - byte[] c5 = new byte[c2.Length]; - c4_1[..offset].CopyTo(c5); - c4_2[..(c5.Length - offset)].CopyTo(c5.AsSpan(offset)); - if (!Arrays.AreEqual(c2, c5)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } - elephantEngine.Reset(); - elephantEngine.Init(false, param); - Span<byte> m6_1 = new byte[m2.Length]; - Span<byte> m6_2 = new byte[m2.Length]; - ReadOnlySpan<byte> c6 = new ReadOnlySpan<byte>(c2); - elephantEngine.ProcessAadBytes(aad4); - offset = elephantEngine.ProcessBytes(c6, m6_1); - elephantEngine.DoFinal(m6_2); - byte[] m6 = new byte[m2.Length]; - m6_1[..offset].CopyTo(m6); - m6_2[..(m6.Length - offset)].CopyTo(m6.AsSpan(offset)); - if (!Arrays.AreEqual(m2, m6)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } -#endif - - } - - private void ImplTestParameters(ElephantEngine Elephant, int keySize, int ivSize, int macSize, int blockSize) - { - if (Elephant.GetKeyBytesSize() != keySize) - { - Assert.Fail("key bytes of " + Elephant.AlgorithmName + " is not correct"); - } - if (Elephant.GetIVBytesSize() != ivSize) - { - Assert.Fail("iv bytes of " + Elephant.AlgorithmName + " is not correct"); - } - if (Elephant.GetOutputSize(0) != macSize) - { - Assert.Fail("mac bytes of " + Elephant.AlgorithmName + " is not correct"); - } - if (Elephant.GetBlockSize() != blockSize) - { - Assert.Fail("block size of " + Elephant.AlgorithmName + " is not correct"); - } - Console.WriteLine(Elephant.AlgorithmName + " test Parameters pass"); - } - - } -} - diff --git a/crypto/test/src/crypto/test/ISAPTest.cs b/crypto/test/src/crypto/test/ISAPTest.cs deleted file mode 100644 index 38cf7c633..000000000 --- a/crypto/test/src/crypto/test/ISAPTest.cs +++ /dev/null @@ -1,486 +0,0 @@ -using System; -using System.Collections.Generic; -using System.IO; - -using NUnit.Framework; - -using Org.BouncyCastle.Crypto.Digests; -using Org.BouncyCastle.Crypto.Engines; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Encoders; -using Org.BouncyCastle.Utilities.Test; - -namespace Org.BouncyCastle.Crypto.Tests -{ - [TestFixture] - public class IsapTest - : SimpleTest - { - public override string Name => "ISAP"; - - [Test] - public override void PerformTest() - { - IsapEngine isapEngine = new IsapEngine(IsapEngine.IsapType.ISAP_K_128A); - ImplTestExceptions(isapEngine); - ImplTestParameters(isapEngine, 16, 16, 16); - isapEngine = new IsapEngine(IsapEngine.IsapType.ISAP_K_128); - ImplTestExceptions(isapEngine); - ImplTestParameters(isapEngine, 16, 16, 16); - isapEngine = new IsapEngine(IsapEngine.IsapType.ISAP_A_128A); - ImplTestExceptions(isapEngine); - ImplTestParameters(isapEngine, 16, 16, 16); - isapEngine = new IsapEngine(IsapEngine.IsapType.ISAP_A_128); - ImplTestExceptions(isapEngine); - ImplTestParameters(isapEngine, 16, 16, 16); - ImplTestExceptions(new IsapDigest(), 32); - ImplTestVectors("isapa128av20", IsapEngine.IsapType.ISAP_A_128A); - ImplTestVectors("isapa128v20", IsapEngine.IsapType.ISAP_A_128); - ImplTestVectors("isapk128av20", IsapEngine.IsapType.ISAP_K_128A); - ImplTestVectors("isapk128v20", IsapEngine.IsapType.ISAP_K_128); - ImplTestVectors(); - } - - private void ImplTestVectors(string filename, IsapEngine.IsapType isapType) - { - Random random = new Random(); - IsapEngine isapEngine = new IsapEngine(isapType); - var buf = new Dictionary<string, string>(); - //TestSampler sampler = new TestSampler(); - using (var src = new StreamReader(SimpleTest.GetTestDataAsStream("crypto.isap." + filename + "_LWC_AEAD_KAT_128_128.txt"))) - { - Dictionary<string, string> map = new Dictionary<string, string>(); - string line; - while ((line = src.ReadLine()) != null) - { - var data = line.Split(' '); - if (data.Length == 1) - { - byte[] key = Hex.Decode(map["Key"]); - byte[] nonce = Hex.Decode(map["Nonce"]); - byte[] ad = Hex.Decode(map["AD"]); - byte[] pt = Hex.Decode(map["PT"]); - byte[] ct = Hex.Decode(map["CT"]); - map.Clear(); - - var parameters = new ParametersWithIV(new KeyParameter(key), nonce); - - // Encrypt - { - isapEngine.Init(true, parameters); - - var rv = new byte[isapEngine.GetOutputSize(pt.Length)]; - random.NextBytes(rv); // should overwrite any existing data - - isapEngine.ProcessAadBytes(ad, 0, ad.Length); - int len = isapEngine.ProcessBytes(pt, 0, pt.Length, rv, 0); - len += isapEngine.DoFinal(rv, len); - - Assert.True(Arrays.AreEqual(rv, 0, len, ct, 0, ct.Length)); - } - - // Decrypt - { - isapEngine.Init(false, parameters); - - var rv = new byte[isapEngine.GetOutputSize(ct.Length)]; - random.NextBytes(rv); // should overwrite any existing data - - isapEngine.ProcessAadBytes(ad, 0, ad.Length); - int len = isapEngine.ProcessBytes(ct, 0, ct.Length, rv, 0); - len += isapEngine.DoFinal(rv, len); - - Assert.True(Arrays.AreEqual(rv, 0, len, pt, 0, pt.Length)); - } - } - else - { - if (data.Length >= 3) - { - map[data[0].Trim()] = data[2].Trim(); - } - else - { - map[data[0].Trim()] = ""; - } - } - } - } - } - - private void ImplTestVectors() - { - IsapDigest isap = new IsapDigest(); - var buf = new Dictionary<string, string>(); - //TestSampler sampler = new TestSampler(); - using (var src = new StreamReader(SimpleTest.GetTestDataAsStream("crypto.isap.LWC_HASH_KAT_256.txt"))) - { - string line; - string[] data; - byte[] ptByte; - Dictionary<string, string> map = new Dictionary<string, string>(); - while ((line = src.ReadLine()) != null) - { - data = line.Split(' '); - if (data.Length == 1) - { - ptByte = Hex.Decode(map["Msg"]); - isap.BlockUpdate(ptByte, 0, ptByte.Length); - byte[] hash = new byte[32]; - isap.DoFinal(hash, 0); - Assert.True(Arrays.AreEqual(hash, Hex.Decode(map["MD"]))); - map.Clear(); - isap.Reset(); - } - else - { - if (data.Length >= 3) - { - map[data[0].Trim()] = data[2].Trim(); - } - else - { - map[data[0].Trim()] = ""; - } - - } - } - } - } - - private void ImplTestExceptions(IsapEngine isapEngine) - { - int keySize = isapEngine.GetKeyBytesSize(), ivSize = isapEngine.GetIVBytesSize(); - int offset; - byte[] k = new byte[keySize]; - byte[] iv = new byte[ivSize]; - byte[] m = Array.Empty<byte>(); - ICipherParameters param = new ParametersWithIV(new KeyParameter(k), iv); - try - { - isapEngine.ProcessBytes(m, 0, m.Length, null, 0); - Assert.Fail(isapEngine.AlgorithmName + " need to be initialized before ProcessBytes"); - } - catch (ArgumentException) - { - //expected - } - - try - { - isapEngine.ProcessByte((byte)0, null, 0); - Assert.Fail(isapEngine.AlgorithmName + " need to be initialized before ProcessByte"); - } - catch (ArgumentException) - { - //expected - } - - try - { - isapEngine.Reset(); - Assert.Fail(isapEngine.AlgorithmName + " need to be initialized before Reset"); - } - catch (ArgumentException) - { - //expected - } - - try - { - isapEngine.DoFinal(null, m.Length); - Assert.Fail(isapEngine.AlgorithmName + " need to be initialized before DoFinal"); - } - catch (ArgumentException) - { - //expected - } - - try - { - isapEngine.GetMac(); - isapEngine.GetOutputSize(0); - isapEngine.GetUpdateOutputSize(0); - } - catch (ArgumentException) - { - Assert.Fail(isapEngine.AlgorithmName + " functions can be called before initialization"); - } - Random rand = new Random(); - int randomNum; - while ((randomNum = rand.Next(100)) == keySize) ; - byte[] k1 = new byte[randomNum]; - while ((randomNum = rand.Next(100)) == ivSize) ; - byte[] iv1 = new byte[randomNum]; - try - { - isapEngine.Init(true, new ParametersWithIV(new KeyParameter(k1), iv)); - Assert.Fail(isapEngine.AlgorithmName + " k size does not match"); - } - catch (ArgumentException) - { - //expected - } - try - { - isapEngine.Init(true, new ParametersWithIV(new KeyParameter(k), iv1)); - Assert.Fail(isapEngine.AlgorithmName + "iv size does not match"); - } - catch (ArgumentException) - { - //expected - } - - isapEngine.Init(true, param); - byte[] c1 = new byte[isapEngine.GetOutputSize(m.Length)]; - try - { - isapEngine.DoFinal(c1, m.Length); - } - catch (Exception) - { - Assert.Fail(isapEngine.AlgorithmName + " allows no input for AAD and plaintext"); - } - byte[] mac2 = isapEngine.GetMac(); - if (mac2 == null) - { - Assert.Fail("mac should not be empty after Dofinal"); - } - if (!Arrays.AreEqual(mac2, c1)) - { - Assert.Fail("mac should be equal when calling Dofinal and GetMac"); - } - isapEngine.ProcessAadByte(0x00); - byte[] mac1 = new byte[isapEngine.GetOutputSize(0)]; - isapEngine.DoFinal(mac1, 0); - if (Arrays.AreEqual(mac1, mac2)) - { - Assert.Fail("mac should not match"); - } - isapEngine.Reset(); - isapEngine.ProcessBytes(new byte[16], 0, 16, new byte[16], 0); - //try - //{ - // aeadBlockCipher.ProcessAadByte((byte)0); - // Assert.Fail("ProcessAadByte(s) cannot be called after encryption/decryption"); - //} - //catch (ArgumentException) - //{ - // //expected - //} - //try - //{ - // aeadBlockCipher.ProcessAadBytes(new byte[] { 0 }, 0, 1); - // Assert.Fail("ProcessAadByte(s) cannot be called once only"); - //} - //catch (ArgumentException) - //{ - // //expected - //} - - isapEngine.Reset(); - try - { - isapEngine.ProcessAadBytes(new byte[] { 0 }, 1, 1); - Assert.Fail("input for ProcessAadBytes is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - isapEngine.ProcessBytes(new byte[] { 0 }, 1, 1, c1, 0); - Assert.Fail("input for ProcessBytes is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - int inputSize = rand.Next(32, 64); - int outputSize = isapEngine.GetUpdateOutputSize(inputSize); - isapEngine.ProcessBytes(new byte[inputSize], 0, inputSize, new byte[outputSize], 1); - Assert.Fail("output for ProcessBytes is too short"); - } - catch (OutputLengthException) - { - //expected - } - try - { - isapEngine.DoFinal(new byte[2], 2); - Assert.Fail("output for DoFinal is too short"); - } - catch (OutputLengthException) - { - //expected - } - - mac1 = new byte[isapEngine.GetOutputSize(0)]; - mac2 = new byte[isapEngine.GetOutputSize(0)]; - isapEngine.Reset(); - isapEngine.ProcessAadBytes(new byte[] { 0, 0 }, 0, 2); - isapEngine.DoFinal(mac1, 0); - isapEngine.Reset(); - isapEngine.ProcessAadByte((byte)0); - isapEngine.ProcessAadByte((byte)0); - isapEngine.DoFinal(mac2, 0); - if (!Arrays.AreEqual(mac1, mac2)) - { - Assert.Fail("mac should match for the same AAD with different ways of inputting"); - } - - byte[] c2 = new byte[isapEngine.GetOutputSize(10)]; - byte[] c3 = new byte[isapEngine.GetOutputSize(10) + 2]; - byte[] aad2 = { 0, 1, 2, 3, 4 }; - byte[] aad3 = { 0, 0, 1, 2, 3, 4, 5 }; - byte[] m2 = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; - byte[] m3 = { 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }; - byte[] m4 = new byte[m2.Length]; - isapEngine.Reset(); - isapEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = isapEngine.ProcessBytes(m2, 0, m2.Length, c2, 0); - isapEngine.DoFinal(c2, offset); - isapEngine.Reset(); - isapEngine.ProcessAadBytes(aad3, 1, aad2.Length); - offset = isapEngine.ProcessBytes(m3, 1, m2.Length, c3, 1); - isapEngine.DoFinal(c3, offset + 1); - byte[] c3_partial = new byte[c2.Length]; - Array.Copy(c3, 1, c3_partial, 0, c2.Length); - if (!Arrays.AreEqual(c2, c3_partial)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } - isapEngine.Reset(); - isapEngine.Init(false, param); - isapEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = isapEngine.ProcessBytes(c2, 0, c2.Length, m4, 0); - offset += isapEngine.DoFinal(m4, offset); - if (!Arrays.AreEqual(m2, m4)) - { - Assert.Fail("The encryption and decryption does not recover the plaintext"); - } - c2[c2.Length - 1] ^= 1; - isapEngine.Reset(); - isapEngine.Init(false, param); - isapEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = isapEngine.ProcessBytes(c2, 0, c2.Length, m4, 0); - try - { - offset += isapEngine.DoFinal(m4, offset); - Assert.Fail("The decryption should fail"); - } - catch (InvalidCipherTextException) - { - //expected; - } - c2[c2.Length - 1] ^= 1; - - byte[] m7 = new byte[32 + rand.Next(32)]; - rand.NextBytes(m7); - - isapEngine.Init(true, param); - byte[] c7 = new byte[isapEngine.GetOutputSize(m7.Length)]; - byte[] c8 = new byte[c7.Length]; - byte[] c9 = new byte[c7.Length]; - isapEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = isapEngine.ProcessBytes(m7, 0, m7.Length, c7, 0); - offset += isapEngine.DoFinal(c7, offset); - isapEngine.Reset(); - isapEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = isapEngine.ProcessBytes(m7, 0, m7.Length / 2, c8, 0); - offset += isapEngine.ProcessBytes(m7, m7.Length / 2, m7.Length - m7.Length / 2, c8, offset); - offset += isapEngine.DoFinal(c8, offset); - isapEngine.Reset(); - int split = rand.Next(1, m7.Length); - isapEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = isapEngine.ProcessBytes(m7, 0, split, c9, 0); - offset += isapEngine.ProcessBytes(m7, split, m7.Length - split, c9, offset); - isapEngine.DoFinal(c9, offset); - if (!Arrays.AreEqual(c7, c8) || !Arrays.AreEqual(c7, c9)) - { - Assert.Fail("Splitting input of plaintext should output the same ciphertext"); - } - // NOTE: .NET Core 3.1 has Span<T>, but is tested against our .NET Standard 2.0 assembly. -//#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER -#if NET6_0_OR_GREATER || NETSTANDARD2_1_OR_GREATER - Span<byte> c4_1 = new byte[c2.Length]; - Span<byte> c4_2 = new byte[c2.Length]; - ReadOnlySpan<byte> m5 = new ReadOnlySpan<byte>(m2); - ReadOnlySpan<byte> aad4 = new ReadOnlySpan<byte>(aad2); - isapEngine.Init(true, param); - isapEngine.ProcessAadBytes(aad4); - offset = isapEngine.ProcessBytes(m5, c4_1); - isapEngine.DoFinal(c4_2); - byte[] c5 = new byte[c2.Length]; - c4_1[..offset].CopyTo(c5); - c4_2[..(c5.Length - offset)].CopyTo(c5.AsSpan(offset)); - if (!Arrays.AreEqual(c2, c5)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } - isapEngine.Reset(); - isapEngine.Init(false, param); - Span<byte> m6_1 = new byte[m2.Length]; - Span<byte> m6_2 = new byte[m2.Length]; - ReadOnlySpan<byte> c6 = new ReadOnlySpan<byte>(c2); - isapEngine.ProcessAadBytes(aad4); - offset = isapEngine.ProcessBytes(c6, m6_1); - isapEngine.DoFinal(m6_2); - byte[] m6 = new byte[m2.Length]; - m6_1[..offset].CopyTo(m6); - m6_2[..(m6.Length - offset)].CopyTo(m6.AsSpan(offset)); - if (!Arrays.AreEqual(m2, m6)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } -#endif - } - - private void ImplTestParameters(IsapEngine isapEngine, int keySize, int ivSize, int macSize) - { - Assert.AreEqual(keySize, isapEngine.GetKeyBytesSize(), - "key bytes of " + isapEngine.AlgorithmName + " is not correct"); - Assert.AreEqual(ivSize, isapEngine.GetIVBytesSize(), - "iv bytes of " + isapEngine.AlgorithmName + " is not correct"); - - var parameters = new ParametersWithIV(new KeyParameter(new byte[keySize]), new byte[ivSize]); - - isapEngine.Init(true, parameters); - Assert.AreEqual(macSize, isapEngine.GetOutputSize(0), - "GetOutputSize of " + isapEngine.AlgorithmName + " is incorrect for encryption"); - - isapEngine.Init(false, parameters); - Assert.AreEqual(0, isapEngine.GetOutputSize(macSize), - "GetOutputSize of " + isapEngine.AlgorithmName + " is incorrect for decryption"); - } - - private void ImplTestExceptions(IsapDigest isapDigest, int digestSize) - { - Assert.AreEqual(digestSize, isapDigest.GetDigestSize(), - isapDigest.AlgorithmName + ": digest size is not correct"); - - try - { - isapDigest.BlockUpdate(new byte[1], 1, 1); - Assert.Fail(isapDigest.AlgorithmName + ": input for BlockUpdate is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - isapDigest.DoFinal(new byte[isapDigest.GetDigestSize() - 1], 2); - Assert.Fail(isapDigest.AlgorithmName + ": output for DoFinal is too short"); - } - catch (OutputLengthException) - { - //expected - } - } - } -} diff --git a/crypto/test/src/crypto/test/PhotonBeetleTest.cs b/crypto/test/src/crypto/test/PhotonBeetleTest.cs deleted file mode 100644 index b9a648f17..000000000 --- a/crypto/test/src/crypto/test/PhotonBeetleTest.cs +++ /dev/null @@ -1,468 +0,0 @@ -using System; -using System.Collections.Generic; -using System.IO; - -using NUnit.Framework; - -using Org.BouncyCastle.Crypto.Digests; -using Org.BouncyCastle.Crypto.Engines; -using Org.BouncyCastle.Crypto.Modes; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Encoders; -using Org.BouncyCastle.Utilities.Test; - -namespace Org.BouncyCastle.Crypto.Tests -{ - [TestFixture] - public class PhotonBeetleTest - : SimpleTest - { - public override string Name => "Photon-Beetle"; - - [Test] - public override void PerformTest() - { - ImplTestVectors("v32", PhotonBeetleEngine.PhotonBeetleParameters.pb32); - ImplTestVectors("v128", PhotonBeetleEngine.PhotonBeetleParameters.pb128); - ImplTestVectors(); - PhotonBeetleEngine photonBeetleEngine = new PhotonBeetleEngine(PhotonBeetleEngine.PhotonBeetleParameters.pb32); - ImplTestExceptions(photonBeetleEngine, photonBeetleEngine.GetKeyBytesSize(), photonBeetleEngine.GetIVBytesSize(), photonBeetleEngine.GetBlockSize()); - ImplTestParameters(photonBeetleEngine, 16, 16, 16, 4); - photonBeetleEngine = new PhotonBeetleEngine(PhotonBeetleEngine.PhotonBeetleParameters.pb128); - ImplTestExceptions(photonBeetleEngine, photonBeetleEngine.GetKeyBytesSize(), photonBeetleEngine.GetIVBytesSize(), photonBeetleEngine.GetBlockSize()); - ImplTestParameters(photonBeetleEngine, 16, 16, 16, 16); - ImplTestExceptions(new PhotonBeetleDigest(), 32); - } - - private void ImplTestVectors(String filename, PhotonBeetleEngine.PhotonBeetleParameters PhotonBeetleType) - { - PhotonBeetleEngine PhotonBeetle = new PhotonBeetleEngine(PhotonBeetleType); - var buf = new Dictionary<string, string>(); - using (var src = new StreamReader(SimpleTest.GetTestDataAsStream("crypto.photonbeetle." + filename + "_LWC_AEAD_KAT_128_128.txt"))) - { - Dictionary<string, string> map = new Dictionary<string, string>(); - string line; - while ((line = src.ReadLine()) != null) - { - var data = line.Split(' '); - if (data.Length == 1) - { - byte[] key = Hex.Decode(map["Key"]); - byte[] nonce = Hex.Decode(map["Nonce"]); - byte[] ad = Hex.Decode(map["AD"]); - byte[] pt = Hex.Decode(map["PT"]); - byte[] ct = Hex.Decode(map["CT"]); - map.Clear(); - - var param = new ParametersWithIV(new KeyParameter(key), nonce); - PhotonBeetle.Init(true, param); - PhotonBeetle.ProcessAadBytes(ad, 0, ad.Length); - byte[] rv = new byte[PhotonBeetle.GetOutputSize(pt.Length)]; - int len = PhotonBeetle.ProcessBytes(pt, 0, pt.Length, rv, 0); - PhotonBeetle.DoFinal(rv, len); - Assert.True(Arrays.AreEqual(rv, ct)); - PhotonBeetle.Reset(); - PhotonBeetle.Init(false, param); - //Decrypt - PhotonBeetle.ProcessAadBytes(ad, 0, ad.Length); - rv = new byte[pt.Length + 16]; - len = PhotonBeetle.ProcessBytes(ct, 0, ct.Length, rv, 0); - PhotonBeetle.DoFinal(rv, len); - byte[] pt_recovered = new byte[pt.Length]; - Array.Copy(rv, 0, pt_recovered, 0, pt.Length); - Assert.True(Arrays.AreEqual(pt, pt_recovered)); - PhotonBeetle.Reset(); - } - else - { - if (data.Length >= 3) - { - map[data[0].Trim()] = data[2].Trim(); - } - else - { - map[data[0].Trim()] = ""; - } - - } - } - } - } - - private void ImplTestVectors() - { - PhotonBeetleDigest PhotonBeetle = new PhotonBeetleDigest(); - var buf = new Dictionary<string, string>(); - //TestSampler sampler = new TestSampler(); - using (var src = new StreamReader(SimpleTest.GetTestDataAsStream("crypto.photonbeetle.LWC_HASH_KAT_256.txt"))) - { - string line; - string[] data; - byte[] ptByte; - Dictionary<string, string> map = new Dictionary<string, string>(); - while ((line = src.ReadLine()) != null) - { - data = line.Split(' '); - if (data.Length == 1) - { - ptByte = Hex.Decode(map["Msg"]); - PhotonBeetle.BlockUpdate(ptByte, 0, ptByte.Length); - byte[] hash = new byte[32]; - PhotonBeetle.DoFinal(hash, 0); - Assert.True(Arrays.AreEqual(hash, Hex.Decode(map["MD"]))); - map.Clear(); - PhotonBeetle.Reset(); - } - else - { - if (data.Length >= 3) - { - map[data[0].Trim()] = data[2].Trim(); - } - else - { - map[data[0].Trim()] = ""; - } - - } - } - } - } - - private void ImplTestExceptions(IAeadBlockCipher aeadBlockCipher, int keysize, int ivsize, int blocksize) - { - ICipherParameters param; - byte[] k = new byte[keysize]; - byte[] iv = new byte[ivsize]; - byte[] m = new byte[0]; - byte[] c1 = new byte[aeadBlockCipher.GetOutputSize(m.Length)]; - param = new ParametersWithIV(new KeyParameter(k), iv); - //try - //{ - // aeadBlockCipher.ProcessBytes(m, 0, m.Length, c1, 0); - // Assert.Fail(aeadBlockCipher.AlgorithmName + " needs to be initialized before ProcessBytes"); - //} - //catch (ArgumentException e) - //{ - // //expected - //} - - //try - //{ - // aeadBlockCipher.ProcessByte((byte)0, c1, 0); - // Assert.Fail(aeadBlockCipher.AlgorithmName + " needs to be initialized before ProcessByte"); - //} - //catch (ArgumentException e) - //{ - // //expected - //} - - try - { - aeadBlockCipher.Reset(); - Assert.Fail(aeadBlockCipher.AlgorithmName + " needs to be initialized before Reset"); - } - catch (ArgumentException) - { - //expected - } - - try - { - aeadBlockCipher.DoFinal(c1, m.Length); - Assert.Fail(aeadBlockCipher.AlgorithmName + " needs to be initialized before DoFinal"); - } - catch (ArgumentException) - { - //expected - } - - try - { - aeadBlockCipher.GetMac(); - aeadBlockCipher.GetOutputSize(0); - aeadBlockCipher.GetUpdateOutputSize(0); - } - catch (ArgumentException) - { - //expected - Assert.Fail(aeadBlockCipher.AlgorithmName + " functions can be called before initialization"); - } - Random rand = new Random(); - int randomNum; - while ((randomNum = rand.Next(100)) == keysize) ; - byte[] k1 = new byte[randomNum]; - while ((randomNum = rand.Next(100)) == ivsize) ; - byte[] iv1 = new byte[randomNum]; - try - { - aeadBlockCipher.Init(true, new ParametersWithIV(new KeyParameter(k1), iv)); - Assert.Fail(aeadBlockCipher.AlgorithmName + " k size does not match"); - } - catch (ArgumentException) - { - //expected - } - try - { - aeadBlockCipher.Init(true, new ParametersWithIV(new KeyParameter(k), iv1)); - Assert.Fail(aeadBlockCipher.AlgorithmName + "iv size does not match"); - } - catch (ArgumentException) - { - //expected - } - - - aeadBlockCipher.Init(true, param); - try - { - aeadBlockCipher.DoFinal(c1, m.Length); - } - catch (Exception) - { - Assert.Fail(aeadBlockCipher.AlgorithmName + " allows no input for AAD and plaintext"); - } - byte[] mac2 = aeadBlockCipher.GetMac(); - if (mac2 == null) - { - Assert.Fail("mac should not be empty after DoFinal"); - } - if (!Arrays.AreEqual(mac2, c1)) - { - Assert.Fail("mac should be equal when calling DoFinal and GetMac"); - } - aeadBlockCipher.ProcessAadByte((byte)0); - byte[] mac1 = new byte[aeadBlockCipher.GetOutputSize(0)]; - aeadBlockCipher.DoFinal(mac1, 0); - if (Arrays.AreEqual(mac1, mac2)) - { - Assert.Fail("mac should not match"); - } - //aeadBlockCipher.Reset(); - //aeadBlockCipher.ProcessBytes(new byte[blocksize], 0, blocksize, new byte[blocksize], 0); - //try - //{ - // aeadBlockCipher.ProcessAadByte((byte)0); - // Assert.Fail("ProcessAadByte(s) cannot be called after encryption/decryption"); - //} - //catch (ArgumentException) - //{ - // //expected - //} - //try - //{ - // aeadBlockCipher.ProcessAadBytes(new byte[] { 0 }, 0, 1); - // Assert.Fail("ProcessAadByte(s) cannot be called once only"); - //} - //catch (ArgumentException) - //{ - // //expected - //} - - aeadBlockCipher.Reset(); - try - { - aeadBlockCipher.ProcessAadBytes(new byte[] { 0 }, 1, 1); - Assert.Fail("input for ProcessAadBytes is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - aeadBlockCipher.ProcessBytes(new byte[] { 0 }, 1, 1, c1, 0); - Assert.Fail("input for ProcessBytes is too short"); - } - catch (DataLengthException) - { - //expected - } - //try - //{ - // aeadBlockCipher.ProcessBytes(new byte[blocksize], 0, blocksize, new byte[blocksize], blocksize >> 1); - // Assert.Fail("output for ProcessBytes is too short"); - //} - //catch (OutputLengthException) - //{ - // //expected - //} - try - { - aeadBlockCipher.DoFinal(new byte[2], 2); - Assert.Fail("output for DoFinal is too short"); - } - catch (OutputLengthException) - { - //expected - } - - mac1 = new byte[aeadBlockCipher.GetOutputSize(0)]; - mac2 = new byte[aeadBlockCipher.GetOutputSize(0)]; - aeadBlockCipher.Reset(); - aeadBlockCipher.ProcessAadBytes(new byte[] { 0, 0 }, 0, 2); - aeadBlockCipher.DoFinal(mac1, 0); - aeadBlockCipher.Reset(); - aeadBlockCipher.ProcessAadByte((byte)0); - aeadBlockCipher.ProcessAadByte((byte)0); - aeadBlockCipher.DoFinal(mac2, 0); - if (!Arrays.AreEqual(mac1, mac2)) - { - Assert.Fail("mac should match for the same AAD with different ways of inputting"); - } - - byte[] c2 = new byte[aeadBlockCipher.GetOutputSize(10)]; - byte[] c3 = new byte[aeadBlockCipher.GetOutputSize(10) + 2]; - byte[] aad2 = { 0, 1, 2, 3, 4 }; - byte[] aad3 = { 0, 0, 1, 2, 3, 4, 5 }; - byte[] m2 = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; - byte[] m3 = { 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }; - byte[] m4 = new byte[m2.Length]; - aeadBlockCipher.Reset(); - aeadBlockCipher.ProcessAadBytes(aad2, 0, aad2.Length); - int offset = aeadBlockCipher.ProcessBytes(m2, 0, m2.Length, c2, 0); - aeadBlockCipher.DoFinal(c2, offset); - aeadBlockCipher.Reset(); - aeadBlockCipher.ProcessAadBytes(aad3, 1, aad2.Length); - offset = aeadBlockCipher.ProcessBytes(m3, 1, m2.Length, c3, 1); - aeadBlockCipher.DoFinal(c3, offset + 1); - byte[] c3_partial = new byte[c2.Length]; - Array.Copy(c3, 1, c3_partial, 0, c2.Length); - if (!Arrays.AreEqual(c2, c3_partial)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } - aeadBlockCipher.Reset(); - aeadBlockCipher.Init(false, param); - aeadBlockCipher.ProcessAadBytes(aad2, 0, aad2.Length); - offset = aeadBlockCipher.ProcessBytes(c2, 0, c2.Length, m4, 0); - aeadBlockCipher.DoFinal(m4, offset); - if (!Arrays.AreEqual(m2, m4)) - { - Assert.Fail("The encryption and decryption does not recover the plaintext"); - } - c2[c2.Length - 1] ^= 1; - aeadBlockCipher.Reset(); - aeadBlockCipher.Init(false, param); - aeadBlockCipher.ProcessAadBytes(aad2, 0, aad2.Length); - offset = aeadBlockCipher.ProcessBytes(c2, 0, c2.Length, m4, 0); - try - { - aeadBlockCipher.DoFinal(m4, offset); - Assert.Fail("The decryption should fail"); - } - catch (InvalidCipherTextException) - { - //expected; - } - c2[c2.Length - 1] ^= 1; - - byte[] m7 = new byte[blocksize * 2]; - for (int i = 0; i < m7.Length; ++i) - { - m7[i] = (byte)rand.Next(); - } - byte[] c7 = new byte[aeadBlockCipher.GetOutputSize(m7.Length)]; - byte[] c8 = new byte[c7.Length]; - byte[] c9 = new byte[c7.Length]; - aeadBlockCipher.Init(true, param); - aeadBlockCipher.ProcessAadBytes(aad2, 0, aad2.Length); - offset = aeadBlockCipher.ProcessBytes(m7, 0, m7.Length, c7, 0); - aeadBlockCipher.DoFinal(c7, offset); - aeadBlockCipher.Reset(); - aeadBlockCipher.ProcessAadBytes(aad2, 0, aad2.Length); - offset = aeadBlockCipher.ProcessBytes(m7, 0, blocksize, c8, 0); - offset += aeadBlockCipher.ProcessBytes(m7, blocksize, m7.Length - blocksize, c8, offset); - aeadBlockCipher.DoFinal(c8, offset); - aeadBlockCipher.Reset(); - int split = rand.Next(blocksize * 2); - aeadBlockCipher.ProcessAadBytes(aad2, 0, aad2.Length); - offset = aeadBlockCipher.ProcessBytes(m7, 0, split, c9, 0); - offset += aeadBlockCipher.ProcessBytes(m7, split, m7.Length - split, c9, offset); - aeadBlockCipher.DoFinal(c9, offset); - if (!Arrays.AreEqual(c7, c8) || !Arrays.AreEqual(c7, c9)) - { - Assert.Fail("Splitting input of plaintext should output the same ciphertext"); - } -#if NET6_0_OR_GREATER || NETSTANDARD2_1_OR_GREATER - Span<byte> c4_1 = new byte[c2.Length]; - Span<byte> c4_2 = new byte[c2.Length]; - ReadOnlySpan<byte> m5 = new ReadOnlySpan<byte>(m2); - ReadOnlySpan<byte> aad4 = new ReadOnlySpan<byte>(aad2); - aeadBlockCipher.Init(true, param); - aeadBlockCipher.ProcessAadBytes(aad4); - offset = aeadBlockCipher.ProcessBytes(m5, c4_1); - aeadBlockCipher.DoFinal(c4_2); - byte[] c5 = new byte[c2.Length]; - c4_1[..offset].CopyTo(c5); - c4_2[..(c5.Length - offset)].CopyTo(c5.AsSpan(offset)); - if (!Arrays.AreEqual(c2, c5)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } - aeadBlockCipher.Reset(); - aeadBlockCipher.Init(false, param); - Span<byte> m6_1 = new byte[m2.Length]; - Span<byte> m6_2 = new byte[m2.Length]; - ReadOnlySpan<byte> c6 = new ReadOnlySpan<byte>(c2); - aeadBlockCipher.ProcessAadBytes(aad4); - offset = aeadBlockCipher.ProcessBytes(c6, m6_1); - aeadBlockCipher.DoFinal(m6_2); - byte[] m6 = new byte[m2.Length]; - m6_1[..offset].CopyTo(m6); - m6_2[..(m6.Length - offset)].CopyTo(m6.AsSpan(offset)); - if (!Arrays.AreEqual(m2, m6)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } -#endif - } - - private void ImplTestParameters(PhotonBeetleEngine photonBeetleEngine, int keySize, int ivSize, int macSize, int blockSize) - { - if (photonBeetleEngine.GetKeyBytesSize() != keySize) - { - Assert.Fail("key bytes of " + photonBeetleEngine.AlgorithmName + " is not correct"); - } - if (photonBeetleEngine.GetIVBytesSize() != ivSize) - { - Assert.Fail("iv bytes of " + photonBeetleEngine.AlgorithmName + " is not correct"); - } - if (photonBeetleEngine.GetOutputSize(0) != macSize) - { - Assert.Fail("mac bytes of " + photonBeetleEngine.AlgorithmName + " is not correct"); - } - if (photonBeetleEngine.GetBlockSize() != blockSize) - { - Assert.Fail("block size of " + photonBeetleEngine.AlgorithmName + " is not correct"); - } - } - - private void ImplTestExceptions(PhotonBeetleDigest photonBeetleDigest, int digestSize) - { - Assert.AreEqual(digestSize, photonBeetleDigest.GetDigestSize(), - photonBeetleDigest.AlgorithmName + ": digest size is not correct"); - - try - { - photonBeetleDigest.BlockUpdate(new byte[1], 1, 1); - Assert.Fail(photonBeetleDigest.AlgorithmName + ": input for BlockUpdate is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - photonBeetleDigest.DoFinal(new byte[digestSize - 1], 2); - Assert.Fail(photonBeetleDigest.AlgorithmName + ": output for DoFinal is too short"); - } - catch (OutputLengthException) - { - //expected - } - } - } -} diff --git a/crypto/test/src/crypto/test/SparkleTest.cs b/crypto/test/src/crypto/test/SparkleTest.cs deleted file mode 100644 index ea4520226..000000000 --- a/crypto/test/src/crypto/test/SparkleTest.cs +++ /dev/null @@ -1,484 +0,0 @@ -using System; -using System.Collections.Generic; -using System.IO; - -using NUnit.Framework; - -using Org.BouncyCastle.Crypto.Digests; -using Org.BouncyCastle.Crypto.Engines; -using Org.BouncyCastle.Crypto.Modes; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Encoders; -using Org.BouncyCastle.Utilities.Test; - -namespace Org.BouncyCastle.Crypto.Tests -{ - [TestFixture] - public class SparkleTest - : SimpleTest - { - public override string Name => "Sparkle"; - - [Test] - public override void PerformTest() - { - SparkleEngine sparkleEngine = new SparkleEngine(SparkleEngine.SparkleParameters.SCHWAEMM128_128); - ImplTestExceptions(sparkleEngine); - ImplTestParameters(sparkleEngine, 16, 16, 16, 16); - sparkleEngine = new SparkleEngine(SparkleEngine.SparkleParameters.SCHWAEMM192_192); - ImplTestExceptions(sparkleEngine); - ImplTestParameters(sparkleEngine, 24, 24, 24, 24); - sparkleEngine = new SparkleEngine(SparkleEngine.SparkleParameters.SCHWAEMM256_128); - ImplTestExceptions(sparkleEngine); - ImplTestParameters(sparkleEngine, 16, 32, 16, 32); - sparkleEngine = new SparkleEngine(SparkleEngine.SparkleParameters.SCHWAEMM256_256); - ImplTestExceptions(sparkleEngine); - ImplTestParameters(sparkleEngine, 32, 32, 32, 32); - ImplTestExceptions(new SparkleDigest(SparkleDigest.SparkleParameters.ESCH256), 32); - ImplTestExceptions(new SparkleDigest(SparkleDigest.SparkleParameters.ESCH384), 48); - ImplTestVectors("128_128", SparkleEngine.SparkleParameters.SCHWAEMM128_128); - ImplTestVectors("192_192", SparkleEngine.SparkleParameters.SCHWAEMM192_192); - ImplTestVectors("128_256", SparkleEngine.SparkleParameters.SCHWAEMM256_128); - ImplTestVectors("256_256", SparkleEngine.SparkleParameters.SCHWAEMM256_256); - ImplTestVectors("256", SparkleDigest.SparkleParameters.ESCH256); - ImplTestVectors("384", SparkleDigest.SparkleParameters.ESCH384); - } - - private void ImplTestVectors(string filename, SparkleEngine.SparkleParameters SparkleType) - { - SparkleEngine Sparkle = new SparkleEngine(SparkleType); - ICipherParameters param; - var buf = new Dictionary<string, string>(); - using (var src = new StreamReader(SimpleTest.GetTestDataAsStream("crypto.sparkle.LWC_AEAD_KAT_" + filename + ".txt"))) - { - Dictionary<string, string> map = new Dictionary<string, string>(); - string line; - while ((line = src.ReadLine()) != null) - { - var data = line.Split(' '); - if (data.Length == 1) - { - //if (!map["Count"].Equals("562")) - //{ - // continue; - //} - byte[] key = Hex.Decode(map["Key"]); - byte[] nonce = Hex.Decode(map["Nonce"]); - byte[] ad = Hex.Decode(map["AD"]); - byte[] pt = Hex.Decode(map["PT"]); - byte[] ct = Hex.Decode(map["CT"]); - param = new ParametersWithIV(new KeyParameter(key), nonce); - Sparkle.Init(true, param); - Sparkle.ProcessAadBytes(ad, 0, ad.Length); - byte[] rv = new byte[Sparkle.GetOutputSize(pt.Length)]; - int len = Sparkle.ProcessBytes(pt, 0, pt.Length, rv, 0); - Sparkle.DoFinal(rv, len); - Assert.True(Arrays.AreEqual(rv, ct)); - Sparkle.Reset(); - Sparkle.Init(false, param); - //Decrypt - Sparkle.ProcessAadBytes(ad, 0, ad.Length); - rv = new byte[pt.Length + 16]; - len = Sparkle.ProcessBytes(ct, 0, ct.Length, rv, 0); - Sparkle.DoFinal(rv, len); - byte[] pt_recovered = new byte[pt.Length]; - Array.Copy(rv, 0, pt_recovered, 0, pt.Length); - Assert.True(Arrays.AreEqual(pt, pt_recovered)); - map.Clear(); - Sparkle.Reset(); - - } - else - { - if (data.Length >= 3) - { - map[data[0].Trim()] = data[2].Trim(); - } - else - { - map[data[0].Trim()] = ""; - } - - } - } - } - } - - private void ImplTestVectors(String filename, SparkleDigest.SparkleParameters SparkleType) - { - SparkleDigest Sparkle = new SparkleDigest(SparkleType); - var buf = new Dictionary<string, string>(); - //TestSampler sampler = new TestSampler(); - using (var src = new StreamReader(SimpleTest.GetTestDataAsStream("crypto.sparkle.LWC_HASH_KAT_" + filename + ".txt"))) - { - Dictionary<string, string> map = new Dictionary<string, string>(); - string line; - while ((line = src.ReadLine()) != null) - { - var data = line.Split(' '); - if (data.Length == 1) - { - var ptByte = Hex.Decode(map["Msg"]); - Sparkle.BlockUpdate(ptByte, 0, ptByte.Length); - byte[] hash = new byte[Sparkle.GetDigestSize()]; - Sparkle.DoFinal(hash, 0); - Assert.True(Arrays.AreEqual(hash, Hex.Decode(map["MD"]))); - map.Clear(); - Sparkle.Reset(); - } - else - { - if (data.Length >= 3) - { - map[data[0].Trim()] = data[2].Trim(); - } - else - { - map[data[0].Trim()] = ""; - } - - } - } - } - } - - private void ImplTestExceptions(SparkleEngine sparkleEngine) - { - int blocksize = sparkleEngine.GetBlockSize(); - int keysize = sparkleEngine.GetKeyBytesSize(), ivsize = sparkleEngine.GetIVBytesSize(); - byte[] k = new byte[keysize]; - byte[] iv = new byte[ivsize]; - byte[] m = new byte[0]; - byte[] c1 = new byte[sparkleEngine.GetOutputSize(m.Length)]; - var param = new ParametersWithIV(new KeyParameter(k), iv); - try - { - sparkleEngine.ProcessBytes(m, 0, m.Length, c1, 0); - Assert.Fail(sparkleEngine.AlgorithmName + " needs to be initialized before ProcessBytes"); - } - catch (ArgumentException) - { - //expected - } - - try - { - sparkleEngine.ProcessByte((byte)0, c1, 0); - Assert.Fail(sparkleEngine.AlgorithmName + " needs to be initialized before ProcessByte"); - } - catch (ArgumentException) - { - //expected - } - - try - { - sparkleEngine.Reset(); - Assert.Fail(sparkleEngine.AlgorithmName + " needs to be initialized before Reset"); - } - catch (ArgumentException) - { - //expected - } - - try - { - sparkleEngine.DoFinal(c1, m.Length); - Assert.Fail(sparkleEngine.AlgorithmName + " needs to be initialized before DoFinal"); - } - catch (ArgumentException) - { - //expected - } - - try - { - sparkleEngine.GetMac(); - sparkleEngine.GetOutputSize(0); - sparkleEngine.GetUpdateOutputSize(0); - } - catch (ArgumentException) - { - //expected - Assert.Fail(sparkleEngine.AlgorithmName + " functions can be called before initialization"); - } - Random rand = new Random(); - int randomNum; - while ((randomNum = rand.Next(100)) == keysize) ; - byte[] k1 = new byte[randomNum]; - while ((randomNum = rand.Next(100)) == ivsize) ; - byte[] iv1 = new byte[randomNum]; - try - { - sparkleEngine.Init(true, new ParametersWithIV(new KeyParameter(k1), iv)); - Assert.Fail(sparkleEngine.AlgorithmName + " k size does not match"); - } - catch (ArgumentException) - { - //expected - } - try - { - sparkleEngine.Init(true, new ParametersWithIV(new KeyParameter(k), iv1)); - Assert.Fail(sparkleEngine.AlgorithmName + "iv size does not match"); - } - catch (ArgumentException) - { - //expected - } - - - sparkleEngine.Init(true, param); - try - { - sparkleEngine.DoFinal(c1, m.Length); - } - catch (Exception) - { - Assert.Fail(sparkleEngine.AlgorithmName + " allows no input for AAD and plaintext"); - } - byte[] mac2 = sparkleEngine.GetMac(); - if (mac2 == null) - { - Assert.Fail("mac should not be empty after DoFinal"); - } - if (!Arrays.AreEqual(mac2, c1)) - { - Assert.Fail("mac should be equal when calling DoFinal and GetMac"); - } - sparkleEngine.ProcessAadByte((byte)0); - byte[] mac1 = new byte[sparkleEngine.GetOutputSize(0)]; - sparkleEngine.DoFinal(mac1, 0); - if (Arrays.AreEqual(mac1, mac2)) - { - Assert.Fail("mac should not match"); - } - sparkleEngine.Reset(); - sparkleEngine.ProcessBytes(new byte[blocksize+1], 0, blocksize+1, new byte[blocksize+1], 0); - try - { - sparkleEngine.ProcessAadByte((byte)0); - Assert.Fail("ProcessAadByte(s) cannot be called after encryption/decryption"); - } - catch (ArgumentException) - { - //expected - } - try - { - sparkleEngine.ProcessAadBytes(new byte[] { 0 }, 0, 1); - Assert.Fail("ProcessAadByte(s) cannot be called once only"); - } - catch (ArgumentException) - { - //expected - } - - sparkleEngine.Reset(); - try - { - sparkleEngine.ProcessAadBytes(new byte[] { 0 }, 1, 1); - Assert.Fail("input for ProcessAadBytes is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - sparkleEngine.ProcessBytes(new byte[] { 0 }, 1, 1, c1, 0); - Assert.Fail("input for ProcessBytes is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - sparkleEngine.ProcessBytes(new byte[blocksize+1], 0, blocksize+1, new byte[blocksize+1], blocksize >> 1); - Assert.Fail("output for ProcessBytes is too short"); - } - catch (OutputLengthException) - { - //expected - } - try - { - sparkleEngine.DoFinal(new byte[2], 2); - Assert.Fail("output for DoFinal is too short"); - } - catch (OutputLengthException) - { - //expected - } - - mac1 = new byte[sparkleEngine.GetOutputSize(0)]; - mac2 = new byte[sparkleEngine.GetOutputSize(0)]; - sparkleEngine.Reset(); - sparkleEngine.ProcessAadBytes(new byte[] { 0, 0 }, 0, 2); - sparkleEngine.DoFinal(mac1, 0); - sparkleEngine.Reset(); - sparkleEngine.ProcessAadByte((byte)0); - sparkleEngine.ProcessAadByte((byte)0); - sparkleEngine.DoFinal(mac2, 0); - if (!Arrays.AreEqual(mac1, mac2)) - { - Assert.Fail("mac should match for the same AAD with different ways of inputting"); - } - - byte[] c2 = new byte[sparkleEngine.GetOutputSize(10)]; - byte[] c3 = new byte[sparkleEngine.GetOutputSize(10) + 2]; - byte[] aad2 = { 0, 1, 2, 3, 4 }; - byte[] aad3 = { 0, 0, 1, 2, 3, 4, 5 }; - byte[] m2 = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; - byte[] m3 = { 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }; - byte[] m4 = new byte[m2.Length]; - sparkleEngine.Reset(); - sparkleEngine.ProcessAadBytes(aad2, 0, aad2.Length); - int offset = sparkleEngine.ProcessBytes(m2, 0, m2.Length, c2, 0); - sparkleEngine.DoFinal(c2, offset); - sparkleEngine.Reset(); - sparkleEngine.ProcessAadBytes(aad3, 1, aad2.Length); - offset = sparkleEngine.ProcessBytes(m3, 1, m2.Length, c3, 1); - sparkleEngine.DoFinal(c3, offset + 1); - byte[] c3_partial = new byte[c2.Length]; - Array.Copy(c3, 1, c3_partial, 0, c2.Length); - if (!Arrays.AreEqual(c2, c3_partial)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } - sparkleEngine.Reset(); - sparkleEngine.Init(false, param); - sparkleEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = sparkleEngine.ProcessBytes(c2, 0, c2.Length, m4, 0); - sparkleEngine.DoFinal(m4, offset); - if (!Arrays.AreEqual(m2, m4)) - { - Assert.Fail("The encryption and decryption does not recover the plaintext"); - } - c2[c2.Length - 1] ^= 1; - sparkleEngine.Reset(); - sparkleEngine.Init(false, param); - sparkleEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = sparkleEngine.ProcessBytes(c2, 0, c2.Length, m4, 0); - try - { - sparkleEngine.DoFinal(m4, offset); - Assert.Fail("The decryption should fail"); - } - catch (InvalidCipherTextException) - { - //expected; - } - c2[c2.Length - 1] ^= 1; - - byte[] m7 = new byte[blocksize * 2]; - for (int i = 0; i < m7.Length; ++i) - { - m7[i] = (byte)rand.Next(); - } - byte[] c7 = new byte[sparkleEngine.GetOutputSize(m7.Length)]; - byte[] c8 = new byte[c7.Length]; - byte[] c9 = new byte[c7.Length]; - sparkleEngine.Init(true, param); - sparkleEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = sparkleEngine.ProcessBytes(m7, 0, m7.Length, c7, 0); - sparkleEngine.DoFinal(c7, offset); - sparkleEngine.Reset(); - sparkleEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = sparkleEngine.ProcessBytes(m7, 0, blocksize, c8, 0); - offset += sparkleEngine.ProcessBytes(m7, blocksize, m7.Length - blocksize, c8, offset); - sparkleEngine.DoFinal(c8, offset); - sparkleEngine.Reset(); - int split = rand.Next(blocksize * 2); - sparkleEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = sparkleEngine.ProcessBytes(m7, 0, split, c9, 0); - offset += sparkleEngine.ProcessBytes(m7, split, m7.Length - split, c9, offset); - sparkleEngine.DoFinal(c9, offset); - if (!Arrays.AreEqual(c7, c8) || !Arrays.AreEqual(c7, c9)) - { - Assert.Fail("Splitting input of plaintext should output the same ciphertext"); - } -#if NET6_0_OR_GREATER || NETSTANDARD2_1_OR_GREATER - Span<byte> c4_1 = new byte[c2.Length]; - Span<byte> c4_2 = new byte[c2.Length]; - ReadOnlySpan<byte> m5 = new ReadOnlySpan<byte>(m2); - ReadOnlySpan<byte> aad4 = new ReadOnlySpan<byte>(aad2); - sparkleEngine.Init(true, param); - sparkleEngine.ProcessAadBytes(aad4); - offset = sparkleEngine.ProcessBytes(m5, c4_1); - sparkleEngine.DoFinal(c4_2); - byte[] c5 = new byte[c2.Length]; - Array.Copy(c4_1.ToArray(), 0, c5, 0, offset); - Array.Copy(c4_2.ToArray(), 0, c5, offset, c5.Length - offset); - if (!Arrays.AreEqual(c2, c5)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } - sparkleEngine.Reset(); - sparkleEngine.Init(false, param); - Span<byte> m6_1 = new byte[m2.Length]; - Span<byte> m6_2 = new byte[m2.Length]; - ReadOnlySpan<byte> c6 = new ReadOnlySpan<byte>(c2); - sparkleEngine.ProcessAadBytes(aad4); - offset = sparkleEngine.ProcessBytes(c6, m6_1); - sparkleEngine.DoFinal(m6_2); - byte[] m6 = new byte[m2.Length]; - Array.Copy(m6_1.ToArray(), 0, m6, 0, offset); - Array.Copy(m6_2.ToArray(), 0, m6, offset, m6.Length - offset); - if (!Arrays.AreEqual(m2, m6)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } -#endif - } - - private void ImplTestParameters(SparkleEngine sparkleEngine, int keySize, int ivSize, int macSize, int blockSize) - { - if (sparkleEngine.GetKeyBytesSize() != keySize) - { - Assert.Fail("key bytes of " + sparkleEngine.AlgorithmName + " is not correct"); - } - if (sparkleEngine.GetIVBytesSize() != ivSize) - { - Assert.Fail("iv bytes of " + sparkleEngine.AlgorithmName + " is not correct"); - } - if (sparkleEngine.GetOutputSize(0) != macSize) - { - Assert.Fail("mac bytes of " + sparkleEngine.AlgorithmName + " is not correct"); - } - if (sparkleEngine.GetBlockSize() != blockSize) - { - Assert.Fail("block size of " + sparkleEngine.AlgorithmName + " is not correct"); - } - } - - private void ImplTestExceptions(SparkleDigest sparkleDigest, int digestsize) - { - if (sparkleDigest.GetDigestSize() != digestsize) - { - Assert.Fail(sparkleDigest.AlgorithmName + ": digest size is not correct"); - } - - try - { - sparkleDigest.BlockUpdate(new byte[1], 1, 1); - Assert.Fail(sparkleDigest.AlgorithmName + ": input for BlockUpdate is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - sparkleDigest.DoFinal(new byte[sparkleDigest.GetDigestSize() - 1], 2); - Assert.Fail(sparkleDigest.AlgorithmName + ": output for DoFinal is too short"); - } - catch (OutputLengthException) - { - //expected - } - } - } -} diff --git a/crypto/test/src/crypto/test/XoodyakTest.cs b/crypto/test/src/crypto/test/XoodyakTest.cs deleted file mode 100644 index 5cbff7a41..000000000 --- a/crypto/test/src/crypto/test/XoodyakTest.cs +++ /dev/null @@ -1,459 +0,0 @@ -using System; -using System.Collections.Generic; -using System.IO; - -using NUnit.Framework; - -using Org.BouncyCastle.Crypto.Digests; -using Org.BouncyCastle.Crypto.Engines; -using Org.BouncyCastle.Crypto.Parameters; -using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Utilities.Encoders; -using Org.BouncyCastle.Utilities.Test; - -namespace Org.BouncyCastle.Crypto.Tests -{ - [TestFixture] - public class XoodyakTest - : SimpleTest - { - public override string Name => "Xoodyak"; - - [Test] - public override void PerformTest() - { - ImplTestVectorsHash(); - ImplTestVectors(); - XoodyakEngine xoodyakEngine = new XoodyakEngine(); - ImplTestExceptions(xoodyakEngine, xoodyakEngine.GetKeyBytesSize(), xoodyakEngine.GetIVBytesSize(), xoodyakEngine.GetBlockSize()); - ImplTestParameters(xoodyakEngine, 16, 16, 16, 24); - ImplTestExceptions(new XoodyakDigest(), 32); - } - - private void ImplTestVectors() - { - XoodyakEngine xoodyak = new XoodyakEngine(); - var buf = new Dictionary<string, string>(); - using (var src = new StreamReader(SimpleTest.GetTestDataAsStream("crypto.xoodyak.LWC_AEAD_KAT_128_128.txt"))) - { - Dictionary<string, string> map = new Dictionary<string, string>(); - string line; - while ((line = src.ReadLine()) != null) - { - var data = line.Split(' '); - if (data.Length == 1) - { - byte[] key = Hex.Decode(map["Key"]); - byte[] nonce = Hex.Decode(map["Nonce"]); - byte[] ad = Hex.Decode(map["AD"]); - byte[] pt = Hex.Decode(map["PT"]); - byte[] ct = Hex.Decode(map["CT"]); - map.Clear(); - - var param = new ParametersWithIV(new KeyParameter(key), nonce); - xoodyak.Init(true, param); - xoodyak.ProcessAadBytes(ad, 0, ad.Length); - byte[] rv = new byte[xoodyak.GetOutputSize(pt.Length)]; - int len = xoodyak.ProcessBytes(pt, 0, pt.Length, rv, 0); - xoodyak.DoFinal(rv, len); - Assert.True(Arrays.AreEqual(rv, ct)); - xoodyak.Reset(); - xoodyak.Init(false, param); - //Decrypt - xoodyak.ProcessAadBytes(ad, 0, ad.Length); - rv = new byte[pt.Length + 16]; - len = xoodyak.ProcessBytes(ct, 0, ct.Length, rv, 0); - xoodyak.DoFinal(rv, len); - byte[] pt_recovered = new byte[pt.Length]; - Array.Copy(rv, 0, pt_recovered, 0, pt.Length); - Assert.True(Arrays.AreEqual(pt, pt_recovered)); - xoodyak.Reset(); - } - else - { - if (data.Length >= 3) - { - map[data[0].Trim()] = data[2].Trim(); - } - else - { - map[data[0].Trim()] = ""; - } - } - } - } - } - private void ImplTestVectorsHash() - { - XoodyakDigest xoodyak = new XoodyakDigest(); - var buf = new Dictionary<string, string>(); - //TestSampler sampler = new TestSampler(); - using (var src = new StreamReader(SimpleTest.GetTestDataAsStream("crypto.xoodyak.LWC_HASH_KAT_256.txt"))) - { - Dictionary<string, string> map = new Dictionary<string, string>(); - string line; - while ((line = src.ReadLine()) != null) - { - var data = line.Split(' '); - if (data.Length == 1) - { - var ptByte = Hex.Decode(map["Msg"]); - xoodyak.BlockUpdate(ptByte, 0, ptByte.Length); - byte[] hash = new byte[32]; - xoodyak.DoFinal(hash, 0); - Assert.True(Arrays.AreEqual(hash, Hex.Decode(map["MD"]))); - map.Clear(); - xoodyak.Reset(); - } - else - { - if (data.Length >= 3) - { - map[data[0].Trim()] = data[2].Trim(); - } - else - { - map[data[0].Trim()] = ""; - } - - } - } - } - } - - private void ImplTestExceptions(XoodyakEngine xoodyakEngine, int keysize, int ivsize, int blocksize) - { - byte[] k = new byte[keysize]; - byte[] iv = new byte[ivsize]; - byte[] m = new byte[0]; - byte[] c1 = new byte[xoodyakEngine.GetOutputSize(m.Length)]; - var param = new ParametersWithIV(new KeyParameter(k), iv); - try - { - xoodyakEngine.ProcessBytes(m, 0, m.Length, c1, 0); - Assert.Fail(xoodyakEngine.AlgorithmName + " needs to be initialized before ProcessBytes"); - } - catch (ArgumentException) - { - //expected - } - - try - { - xoodyakEngine.ProcessByte((byte)0, c1, 0); - Assert.Fail(xoodyakEngine.AlgorithmName + " needs to be initialized before ProcessByte"); - } - catch (ArgumentException) - { - //expected - } - - try - { - xoodyakEngine.Reset(); - Assert.Fail(xoodyakEngine.AlgorithmName + " needs to be initialized before Reset"); - } - catch (ArgumentException) - { - //expected - } - - try - { - xoodyakEngine.DoFinal(c1, m.Length); - Assert.Fail(xoodyakEngine.AlgorithmName + " needs to be initialized before DoFinal"); - } - catch (ArgumentException) - { - //expected - } - - try - { - xoodyakEngine.GetMac(); - xoodyakEngine.GetOutputSize(0); - xoodyakEngine.GetUpdateOutputSize(0); - } - catch (ArgumentException) - { - //expected - Assert.Fail(xoodyakEngine.AlgorithmName + " functions can be called before initialization"); - } - Random rand = new Random(); - int randomNum; - while ((randomNum = rand.Next(100)) == keysize) ; - byte[] k1 = new byte[randomNum]; - while ((randomNum = rand.Next(100)) == ivsize) ; - byte[] iv1 = new byte[randomNum]; - try - { - xoodyakEngine.Init(true, new ParametersWithIV(new KeyParameter(k1), iv)); - Assert.Fail(xoodyakEngine.AlgorithmName + " k size does not match"); - } - catch (ArgumentException) - { - //expected - } - try - { - xoodyakEngine.Init(true, new ParametersWithIV(new KeyParameter(k), iv1)); - Assert.Fail(xoodyakEngine.AlgorithmName + "iv size does not match"); - } - catch (ArgumentException) - { - //expected - } - - - xoodyakEngine.Init(true, param); - try - { - xoodyakEngine.DoFinal(c1, m.Length); - } - catch (Exception) - { - Assert.Fail(xoodyakEngine.AlgorithmName + " allows no input for AAD and plaintext"); - } - byte[] mac2 = xoodyakEngine.GetMac(); - if (mac2 == null) - { - Assert.Fail("mac should not be empty after DoFinal"); - } - if (!Arrays.AreEqual(mac2, c1)) - { - Assert.Fail("mac should be equal when calling DoFinal and GetMac"); - } - xoodyakEngine.ProcessAadByte((byte)0); - byte[] mac1 = new byte[xoodyakEngine.GetOutputSize(0)]; - xoodyakEngine.DoFinal(mac1, 0); - if (Arrays.AreEqual(mac1, mac2)) - { - Assert.Fail("mac should not match"); - } - xoodyakEngine.Reset(); - xoodyakEngine.ProcessBytes(new byte[blocksize], 0, blocksize, new byte[blocksize], 0); - try - { - xoodyakEngine.ProcessAadByte((byte)0); - Assert.Fail("ProcessAadByte(s) cannot be called after encryption/decryption"); - } - catch (ArgumentException) - { - //expected - } - try - { - xoodyakEngine.ProcessAadBytes(new byte[] { 0 }, 0, 1); - Assert.Fail("ProcessAadByte(s) cannot be called once only"); - } - catch (ArgumentException) - { - //expected - } - - xoodyakEngine.Reset(); - try - { - xoodyakEngine.ProcessAadBytes(new byte[] { 0 }, 1, 1); - Assert.Fail("input for ProcessAadBytes is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - xoodyakEngine.ProcessBytes(new byte[] { 0 }, 1, 1, c1, 0); - Assert.Fail("input for ProcessBytes is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - xoodyakEngine.ProcessBytes(new byte[blocksize], 0, blocksize, new byte[blocksize], blocksize >> 1); - Assert.Fail("output for ProcessBytes is too short"); - } - catch (OutputLengthException) - { - //expected - } - try - { - xoodyakEngine.DoFinal(new byte[2], 2); - Assert.Fail("output for DoFinal is too short"); - } - catch (OutputLengthException) - { - //expected - } - - mac1 = new byte[xoodyakEngine.GetOutputSize(0)]; - mac2 = new byte[xoodyakEngine.GetOutputSize(0)]; - xoodyakEngine.Reset(); - xoodyakEngine.ProcessAadBytes(new byte[] { 0, 0 }, 0, 2); - xoodyakEngine.DoFinal(mac1, 0); - xoodyakEngine.Reset(); - xoodyakEngine.ProcessAadByte((byte)0); - xoodyakEngine.ProcessAadByte((byte)0); - xoodyakEngine.DoFinal(mac2, 0); - if (!Arrays.AreEqual(mac1, mac2)) - { - Assert.Fail("mac should match for the same AAD with different ways of inputting"); - } - - byte[] c2 = new byte[xoodyakEngine.GetOutputSize(10)]; - byte[] c3 = new byte[xoodyakEngine.GetOutputSize(10) + 2]; - byte[] aad2 = { 0, 1, 2, 3, 4 }; - byte[] aad3 = { 0, 0, 1, 2, 3, 4, 5 }; - byte[] m2 = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; - byte[] m3 = { 0, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 }; - byte[] m4 = new byte[m2.Length]; - xoodyakEngine.Reset(); - xoodyakEngine.ProcessAadBytes(aad2, 0, aad2.Length); - int offset = xoodyakEngine.ProcessBytes(m2, 0, m2.Length, c2, 0); - xoodyakEngine.DoFinal(c2, offset); - xoodyakEngine.Reset(); - xoodyakEngine.ProcessAadBytes(aad3, 1, aad2.Length); - offset = xoodyakEngine.ProcessBytes(m3, 1, m2.Length, c3, 1); - xoodyakEngine.DoFinal(c3, offset + 1); - byte[] c3_partial = new byte[c2.Length]; - Array.Copy(c3, 1, c3_partial, 0, c2.Length); - if (!Arrays.AreEqual(c2, c3_partial)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } - xoodyakEngine.Reset(); - xoodyakEngine.Init(false, param); - xoodyakEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = xoodyakEngine.ProcessBytes(c2, 0, c2.Length, m4, 0); - xoodyakEngine.DoFinal(m4, offset); - if (!Arrays.AreEqual(m2, m4)) - { - Assert.Fail("The encryption and decryption does not recover the plaintext"); - } - c2[c2.Length - 1] ^= 1; - xoodyakEngine.Reset(); - xoodyakEngine.Init(false, param); - xoodyakEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = xoodyakEngine.ProcessBytes(c2, 0, c2.Length, m4, 0); - try - { - xoodyakEngine.DoFinal(m4, offset); - Assert.Fail("The decryption should fail"); - } - catch (InvalidCipherTextException) - { - //expected; - } - c2[c2.Length - 1] ^= 1; - - byte[] m7 = new byte[blocksize * 2]; - for (int i = 0; i < m7.Length; ++i) - { - m7[i] = (byte)rand.Next(); - } - byte[] c7 = new byte[xoodyakEngine.GetOutputSize(m7.Length)]; - byte[] c8 = new byte[c7.Length]; - byte[] c9 = new byte[c7.Length]; - xoodyakEngine.Init(true, param); - xoodyakEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = xoodyakEngine.ProcessBytes(m7, 0, m7.Length, c7, 0); - xoodyakEngine.DoFinal(c7, offset); - xoodyakEngine.Reset(); - xoodyakEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = xoodyakEngine.ProcessBytes(m7, 0, blocksize, c8, 0); - offset += xoodyakEngine.ProcessBytes(m7, blocksize, m7.Length - blocksize, c8, offset); - xoodyakEngine.DoFinal(c8, offset); - xoodyakEngine.Reset(); - int split = rand.Next(blocksize * 2); - xoodyakEngine.ProcessAadBytes(aad2, 0, aad2.Length); - offset = xoodyakEngine.ProcessBytes(m7, 0, split, c9, 0); - offset += xoodyakEngine.ProcessBytes(m7, split, m7.Length - split, c9, offset); - xoodyakEngine.DoFinal(c9, offset); - if (!Arrays.AreEqual(c7, c8) || !Arrays.AreEqual(c7, c9)) - { - Assert.Fail("Splitting input of plaintext should output the same ciphertext"); - } -#if NET6_0_OR_GREATER || NETSTANDARD2_1_OR_GREATER - Span<byte> c4_1 = new byte[c2.Length]; - Span<byte> c4_2 = new byte[c2.Length]; - ReadOnlySpan<byte> m5 = new ReadOnlySpan<byte>(m2); - ReadOnlySpan<byte> aad4 = new ReadOnlySpan<byte>(aad2); - xoodyakEngine.Init(true, param); - xoodyakEngine.ProcessAadBytes(aad4); - offset = xoodyakEngine.ProcessBytes(m5, c4_1); - xoodyakEngine.DoFinal(c4_2); - byte[] c5 = new byte[c2.Length]; - c4_1[..offset].CopyTo(c5); - c4_2[..(c5.Length - offset)].CopyTo(c5.AsSpan(offset)); - if (!Arrays.AreEqual(c2, c5)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } - xoodyakEngine.Reset(); - xoodyakEngine.Init(false, param); - Span<byte> m6_1 = new byte[m2.Length]; - Span<byte> m6_2 = new byte[m2.Length]; - ReadOnlySpan<byte> c6 = new ReadOnlySpan<byte>(c2); - xoodyakEngine.ProcessAadBytes(aad4); - offset = xoodyakEngine.ProcessBytes(c6, m6_1); - xoodyakEngine.DoFinal(m6_2); - byte[] m6 = new byte[m2.Length]; - m6_1[..offset].CopyTo(m6); - m6_2[..(m6.Length - offset)].CopyTo(m6.AsSpan(offset)); - if (!Arrays.AreEqual(m2, m6)) - { - Assert.Fail("mac should match for the same AAD and message with different offset for both input and output"); - } -#endif - - } - - private void ImplTestParameters(XoodyakEngine xoodyak, int keySize, int ivSize, int macSize, int blockSize) - { - if (xoodyak.GetKeyBytesSize() != keySize) - { - Assert.Fail("key bytes of " + xoodyak.AlgorithmName + " is not correct"); - } - if (xoodyak.GetIVBytesSize() != ivSize) - { - Assert.Fail("iv bytes of " + xoodyak.AlgorithmName + " is not correct"); - } - if (xoodyak.GetOutputSize(0) != macSize) - { - Assert.Fail("mac bytes of " + xoodyak.AlgorithmName + " is not correct"); - } - if (xoodyak.GetBlockSize() != blockSize) - { - Assert.Fail("block size of " + xoodyak.AlgorithmName + " is not correct"); - } - } - - private void ImplTestExceptions(XoodyakDigest xoodyakDigest, int digestSize) - { - Assert.AreEqual(digestSize, xoodyakDigest.GetDigestSize(), - xoodyakDigest.AlgorithmName + ": digest size is not correct"); - - try - { - xoodyakDigest.BlockUpdate(new byte[1], 1, 1); - Assert.Fail(xoodyakDigest.AlgorithmName + ": input for BlockUpdate is too short"); - } - catch (DataLengthException) - { - //expected - } - try - { - xoodyakDigest.DoFinal(new byte[xoodyakDigest.GetDigestSize() - 1], 2); - Assert.Fail(xoodyakDigest.AlgorithmName + ": output for DoFinal is too short"); - } - catch (OutputLengthException) - { - //expected - } - } - } -} |