diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-02-02 11:56:16 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2014-02-02 11:56:16 +0700 |
| commit | 362bdfcfe97b7fb2fa78990a8f937de1661e9c89 (patch) | |
| tree | 7a9e532954c91c6fc81538139525ed82698039b8 /crypto | |
| parent | Add custom curve for secp521r1 (P-521) (diff) | |
| download | BouncyCastle.NET-ed25519-362bdfcfe97b7fb2fa78990a8f937de1661e9c89.tar.xz | |
Bring OCB test vectors up-to-date with draft v06
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/src/crypto/modes/OCBBlockCipher.cs | 6 | ||||
| -rw-r--r-- | crypto/test/src/crypto/test/OCBTest.cs | 207 |
2 files changed, 132 insertions, 81 deletions
diff --git a/crypto/src/crypto/modes/OCBBlockCipher.cs b/crypto/src/crypto/modes/OCBBlockCipher.cs index 9f0e0f6bb..38669e22f 100644 --- a/crypto/src/crypto/modes/OCBBlockCipher.cs +++ b/crypto/src/crypto/modes/OCBBlockCipher.cs @@ -8,7 +8,7 @@ namespace Org.BouncyCastle.Crypto.Modes { /** * An implementation of the "work in progress" Internet-Draft <a - * href="http://tools.ietf.org/html/draft-irtf-cfrg-ocb-05">The OCB Authenticated-Encryption + * href="http://tools.ietf.org/html/draft-irtf-cfrg-ocb-06">The OCB Authenticated-Encryption * Algorithm</a>, licensed per: * * <blockquote><p><a href="http://www.cs.ucdavis.edu/~rogaway/ocb/license1.pdf">License for @@ -150,6 +150,10 @@ namespace Org.BouncyCastle.Crypto.Modes { // TODO } + else + { + KtopInput = null; + } // hashCipher always used in forward mode hashCipher.Init(true, keyParameter); diff --git a/crypto/test/src/crypto/test/OCBTest.cs b/crypto/test/src/crypto/test/OCBTest.cs index a28e6c3f1..2f159994e 100644 --- a/crypto/test/src/crypto/test/OCBTest.cs +++ b/crypto/test/src/crypto/test/OCBTest.cs @@ -14,60 +14,91 @@ namespace Org.BouncyCastle.Crypto.Tests { /** * Test vectors from the "work in progress" Internet-Draft <a - * href="http://tools.ietf.org/html/draft-irtf-cfrg-ocb-05">The OCB Authenticated-Encryption + * href="http://tools.ietf.org/html/draft-irtf-cfrg-ocb-06">The OCB Authenticated-Encryption * Algorithm</a> */ public class OcbTest : SimpleTest { - private const string K = "000102030405060708090A0B0C0D0E0F"; - private const string N = "000102030405060708090A0B"; + private const string KEY_128 = "000102030405060708090A0B0C0D0E0F"; + private const string KEY_96 = "0F0E0D0C0B0A09080706050403020100"; /* - * Test vectors contain the strings A, P, C in order + * Test vectors from Appendix A of the specification, containing the strings N, A, P, C in order */ - // Sample data for 96 bit tag, taken from a CFRG post - private static readonly string[][] TEST_VECTORS_96 = new string[][]{ new string[]{ - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", - "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", - "09A4FD29DE949D9A9AA9924248422097AD4883B4713E6C214FF6567ADA08A96766FC4E2EE3E3A5A11B6C44F34E3ABB3CBF8976E7" } }; - - // Test vectors from Appendix A of the specification private static readonly string[][] TEST_VECTORS_128 = new string[][]{ - new string[]{ "", "", "197B9C3C441D3C83EAFB2BEF633B9182" }, - new string[]{ "0001020304050607", "0001020304050607", "92B657130A74B85A16DC76A46D47E1EAD537209E8A96D14E" }, - new string[]{ "0001020304050607", "", "98B91552C8C009185044E30A6EB2FE21" }, - new string[]{ "", "0001020304050607", "92B657130A74B85A971EFFCAE19AD4716F88E87B871FBEED" }, - new string[]{ "000102030405060708090A0B0C0D0E0F", "000102030405060708090A0B0C0D0E0F", - "BEA5E8798DBE7110031C144DA0B26122776C9924D6723A1F" + "C4524532AC3E5BEB" }, - new string[]{ "000102030405060708090A0B0C0D0E0F", "", "7DDB8E6CEA6814866212509619B19CC6" }, - new string[]{ "", "000102030405060708090A0B0C0D0E0F", - "BEA5E8798DBE7110031C144DA0B2612213CC8B747807121A" + "4CBB3E4BD6B456AF" }, - new string[]{ "000102030405060708090A0B0C0D0E0F1011121314151617", "000102030405060708090A0B0C0D0E0F1011121314151617", - "BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48" + "5FA94FC3F38820F1DC3F3D1FD4E55E1C" }, - new string[]{ "000102030405060708090A0B0C0D0E0F1011121314151617", "", "282026DA3068BC9FA118681D559F10F6" }, - new string[]{ "", "000102030405060708090A0B0C0D0E0F1011121314151617", - "BEA5E8798DBE7110031C144DA0B26122FCFCEE7A2A8D4D48" + "6EF2F52587FDA0ED97DC7EEDE241DF68" }, - new string[]{ "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F", - "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F", - "BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A6" + "57149D53773463CBB2A040DD3BD5164372D76D7BB6824240" }, - new string[]{ "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F", "", - "E1E072633BADE51A60E85951D9C42A1B" }, - new string[]{ "", "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F", - "BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A6" + "57149D53773463CB4A3BAE824465CFDAF8C41FC50C7DF9D9" }, - new string[]{ - "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F2021222324252627", - "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F2021222324252627", - "BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A6" + "57149D53773463CB68C65778B058A635659C623211DEEA0D" - + "E30D2C381879F4C8" }, - new string[]{ "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F2021222324252627", "", - "7AEB7A69A1687DD082CA27B0D9A37096" }, - new string[]{ - "", - "000102030405060708090A0B0C0D0E0F1011121314151617" + "18191A1B1C1D1E1F2021222324252627", - "BEA5E8798DBE7110031C144DA0B26122CEAAB9B05DF771A6" + "57149D53773463CB68C65778B058A635060C8467F4ABAB5E" - + "8B3C2067A2E115DC" }, + new string[]{ "BBAA99887766554433221100", + "", + "", + "785407BFFFC8AD9EDCC5520AC9111EE6" }, + new string[]{ "BBAA99887766554433221101", + "0001020304050607", + "0001020304050607", + "6820B3657B6F615A5725BDA0D3B4EB3A257C9AF1F8F03009" }, + new string[]{ "BBAA99887766554433221102", + "0001020304050607", + "", + "81017F8203F081277152FADE694A0A00" }, + new string[]{ "BBAA99887766554433221103", + "", + "0001020304050607", + "45DD69F8F5AAE72414054CD1F35D82760B2CD00D2F99BFA9" }, + new string[]{ "BBAA99887766554433221104", + "000102030405060708090A0B0C0D0E0F", + "000102030405060708090A0B0C0D0E0F", + "571D535B60B277188BE5147170A9A22C3AD7A4FF3835B8C5701C1CCEC8FC3358" }, + new string[]{ "BBAA99887766554433221105", + "000102030405060708090A0B0C0D0E0F", + "", + "8CF761B6902EF764462AD86498CA6B97" }, + new string[]{ "BBAA99887766554433221106", + "", + "000102030405060708090A0B0C0D0E0F", + "5CE88EC2E0692706A915C00AEB8B2396F40E1C743F52436BDF06D8FA1ECA343D" }, + new string[]{ "BBAA99887766554433221107", + "000102030405060708090A0B0C0D0E0F1011121314151617", + "000102030405060708090A0B0C0D0E0F1011121314151617", + "1CA2207308C87C010756104D8840CE1952F09673A448A122C92C62241051F57356D7F3C90BB0E07F" }, + new string[]{ "BBAA99887766554433221108", + "000102030405060708090A0B0C0D0E0F1011121314151617", + "", + "6DC225A071FC1B9F7C69F93B0F1E10DE" }, + new string[]{ "BBAA99887766554433221109", + "", + "000102030405060708090A0B0C0D0E0F1011121314151617", + "221BD0DE7FA6FE993ECCD769460A0AF2D6CDED0C395B1C3CE725F32494B9F914D85C0B1EB38357FF" }, + new string[]{ "BBAA9988776655443322110A", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + "BD6F6C496201C69296C11EFD138A467ABD3C707924B964DEAFFC40319AF5A48540FBBA186C5553C68AD9F592A79A4240" }, + new string[]{ "BBAA9988776655443322110B", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + "", + "FE80690BEE8A485D11F32965BC9D2A32" }, + new string[]{ "BBAA9988776655443322110C", + "", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + "2942BFC773BDA23CABC6ACFD9BFD5835BD300F0973792EF46040C53F1432BCDFB5E1DDE3BC18A5F840B52E653444D5DF" }, + new string[]{ "BBAA9988776655443322110D", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", + "D5CA91748410C1751FF8A2F618255B68A0A12E093FF454606E59F9C1D0DDC54B65E8628E568BAD7AED07BA06A4A69483A7035490C5769E60" }, + new string[]{ "BBAA9988776655443322110E", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", + "", + "C5CD9D1850C141E358649994EE701B68" }, + new string[]{ "BBAA9988776655443322110F", + "", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", + "4412923493C57D5DE0D700F753CCE0D1D2D95060122E9F15A5DDBFC5787E50B5CC55EE507BCB084E479AD363AC366B95A98CA5F3000B1479" }, + }; + + private static readonly string[][] TEST_VECTORS_96 = new string[][]{ + new string[]{ "BBAA9988776655443322110D", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252627", + "1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1A0124B0A55BAE884ED93481529C76B6AD0C515F4D1CDD4FDAC4F02AA" }, }; public override string Name @@ -77,31 +108,34 @@ namespace Org.BouncyCastle.Crypto.Tests public override void PerformTest() { - for (int i = 0; i < TEST_VECTORS_96.Length; ++i) + byte[] K128 = Hex.Decode(KEY_128); + for (int i = 0; i < TEST_VECTORS_128.Length; ++i) { - RunTestCase("Test Case " + i, TEST_VECTORS_96[i], 96); + RunTestCase("Test Case " + i, TEST_VECTORS_128[i], 128, K128); } - for (int i = 0; i < TEST_VECTORS_128.Length; ++i) + + byte[] K96 = Hex.Decode(KEY_96); + for (int i = 0; i < TEST_VECTORS_96.Length; ++i) { - RunTestCase("Test Case " + i, TEST_VECTORS_128[i], 128); + RunTestCase("Test Case " + i, TEST_VECTORS_96[i], 96, K96); } - RunLongerTestCase(128, 128, Hex.Decode("B2B41CBF9B05037DA7F16C24A35C1C94")); - RunLongerTestCase(192, 128, Hex.Decode("1529F894659D2B51B776740211E7D083")); - RunLongerTestCase(256, 128, Hex.Decode("42B83106E473C0EEE086C8D631FD4C7B")); - RunLongerTestCase(128, 96, Hex.Decode("1A4F0654277709A5BDA0D380")); - RunLongerTestCase(192, 96, Hex.Decode("AD819483E01DD648978F4522")); - RunLongerTestCase(256, 96, Hex.Decode("CD2E41379C7E7C4458CCFB4A")); - RunLongerTestCase(128, 64, Hex.Decode("B7ECE9D381FE437F")); - RunLongerTestCase(192, 64, Hex.Decode("DE0574C87FF06DF9")); - RunLongerTestCase(256, 64, Hex.Decode("833E45FF7D332F7E")); + RunLongerTestCase(128, 128, Hex.Decode("67E944D23256C5E0B6C61FA22FDF1EA2")); + RunLongerTestCase(192, 128, Hex.Decode("F673F2C3E7174AAE7BAE986CA9F29E17")); + RunLongerTestCase(256, 128, Hex.Decode("D90EB8E9C977C88B79DD793D7FFA161C")); + RunLongerTestCase(128, 96, Hex.Decode("77A3D8E73589158D25D01209")); + RunLongerTestCase(192, 96, Hex.Decode("05D56EAD2752C86BE6932C5E")); + RunLongerTestCase(256, 96, Hex.Decode("5458359AC23B0CBA9E6330DD")); + RunLongerTestCase(128, 64, Hex.Decode("192C9B7BD90BA06A")); + RunLongerTestCase(192, 64, Hex.Decode("0066BC6E0EF34E24")); + RunLongerTestCase(256, 64, Hex.Decode("7D4EA5D445501CBE")); DoTestExceptions(); } private void DoTestExceptions() { - OcbBlockCipher ocb = new OcbBlockCipher(new AesFastEngine(), new AesFastEngine()); + IAeadBlockCipher ocb = CreateOcbCipher(); try { @@ -124,16 +158,14 @@ namespace Org.BouncyCastle.Crypto.Tests } // TODO - //AEADTestUtil.testReset(this, new OCBBlockCipher(new AESEngine(), new AESEngine()), new OCBBlockCipher(new AESEngine(), new AESEngine()), new AEADParameters(new KeyParameter(new byte[16]), 128, new byte[15])); + //AEADTestUtil.testReset(this, createOCBCipher(), createOCBCipher(), new AEADParameters(new KeyParameter(new byte[16]), 128, new byte[15])); //AEADTestUtil.testTampering(this, ocb, new AEADParameters(new KeyParameter(new byte[16]), 128, new byte[15])); } - private void RunTestCase(string testName, string[] testVector, int macLengthBits) + private void RunTestCase(string testName, string[] testVector, int macLengthBits, byte[] K) { - byte[] key = Hex.Decode(K); - byte[] nonce = Hex.Decode(N); - int pos = 0; + byte[] N = Hex.Decode(testVector[pos++]); byte[] A = Hex.Decode(testVector[pos++]); byte[] P = Hex.Decode(testVector[pos++]); byte[] C = Hex.Decode(testVector[pos++]); @@ -142,11 +174,11 @@ namespace Org.BouncyCastle.Crypto.Tests // TODO Variations processing AAD and cipher bytes incrementally - KeyParameter keyParameter = new KeyParameter(key); - AeadParameters aeadParameters = new AeadParameters(keyParameter, macLengthBits, nonce, A); + KeyParameter keyParameter = new KeyParameter(K); + AeadParameters aeadParameters = new AeadParameters(keyParameter, macLengthBits, N, A); - OcbBlockCipher encCipher = InitCipher(true, aeadParameters); - OcbBlockCipher decCipher = InitCipher(false, aeadParameters); + IAeadBlockCipher encCipher = InitOcbCipher(true, aeadParameters); + IAeadBlockCipher decCipher = InitOcbCipher(false, aeadParameters); CheckTestCase(encCipher, decCipher, testName, macLengthBytes, P, C); CheckTestCase(encCipher, decCipher, testName + " (reused)", macLengthBytes, P, C); @@ -154,14 +186,24 @@ namespace Org.BouncyCastle.Crypto.Tests // TODO Key reuse } - private OcbBlockCipher InitCipher(bool forEncryption, AeadParameters parameters) + private IBlockCipher CreateUnderlyingCipher() + { + return new AesEngine(); + } + + private IAeadBlockCipher CreateOcbCipher() + { + return new OcbBlockCipher(CreateUnderlyingCipher(), CreateUnderlyingCipher()); + } + + private IAeadBlockCipher InitOcbCipher(bool forEncryption, AeadParameters parameters) { - OcbBlockCipher c = new OcbBlockCipher(new AesFastEngine(), new AesFastEngine()); + IAeadBlockCipher c = CreateOcbCipher(); c.Init(forEncryption, parameters); return c; } - private void CheckTestCase(OcbBlockCipher encCipher, OcbBlockCipher decCipher, string testName, + private void CheckTestCase(IAeadBlockCipher encCipher, IAeadBlockCipher decCipher, string testName, int macLengthBytes, byte[] P, byte[] C) { byte[] tag = Arrays.Copy(C, C.Length - macLengthBytes, macLengthBytes); @@ -209,28 +251,28 @@ namespace Org.BouncyCastle.Crypto.Tests } } - private void RunLongerTestCase(int aesKeySize, int tagLen, byte[] expectedOutput) + private void RunLongerTestCase(int keyLen, int tagLen, byte[] expectedOutput) { - KeyParameter key = new KeyParameter(new byte[aesKeySize / 8]); - byte[] N = new byte[12]; + byte[] keyBytes = new byte[keyLen / 8]; + keyBytes[keyBytes.Length - 1] = (byte)tagLen; + KeyParameter key = new KeyParameter(keyBytes); - IAeadBlockCipher c1 = new OcbBlockCipher(new AesFastEngine(), new AesFastEngine()); - c1.Init(true, new AeadParameters(key, tagLen, N)); + IAeadBlockCipher c1 = InitOcbCipher(true, new AeadParameters(key, tagLen, CreateNonce(385))); - IAeadBlockCipher c2 = new OcbBlockCipher(new AesFastEngine(), new AesFastEngine()); + IAeadBlockCipher c2 = CreateOcbCipher(); long total = 0; byte[] S = new byte[128]; + uint n = 0; for (int i = 0; i < 128; ++i) { - N[11] = (byte) i; - - c2.Init(true, new AeadParameters(key, tagLen, N)); - + c2.Init(true, new AeadParameters(key, tagLen, CreateNonce(++n))); total += UpdateCiphers(c1, c2, S, i, true, true); + c2.Init(true, new AeadParameters(key, tagLen, CreateNonce(++n))); total += UpdateCiphers(c1, c2, S, i, false, true); + c2.Init(true, new AeadParameters(key, tagLen, CreateNonce(++n))); total += UpdateCiphers(c1, c2, S, i, true, false); } @@ -250,6 +292,11 @@ namespace Org.BouncyCastle.Crypto.Tests } } + private byte[] CreateNonce(uint n) + { + return new byte[]{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, (byte)(n >> 8), (byte)n }; + } + private int UpdateCiphers(IAeadBlockCipher c1, IAeadBlockCipher c2, byte[] S, int i, bool includeAAD, bool includePlaintext) { |