diff options
Diffstat (limited to 'crypto/test')
-rw-r--r-- | crypto/test/src/test/GcmSivTest.cs | 458 | ||||
-rw-r--r-- | crypto/test/src/test/ParallelHashTest.cs | 141 | ||||
-rw-r--r-- | crypto/test/src/test/SP80038GTest.cs | 582 | ||||
-rw-r--r-- | crypto/test/src/test/TupleHashTest.cs | 108 |
4 files changed, 1289 insertions, 0 deletions
diff --git a/crypto/test/src/test/GcmSivTest.cs b/crypto/test/src/test/GcmSivTest.cs new file mode 100644 index 000000000..03f1003f4 --- /dev/null +++ b/crypto/test/src/test/GcmSivTest.cs @@ -0,0 +1,458 @@ + +using NUnit.Framework; + +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Digests; +using Org.BouncyCastle.Crypto.Engines; +using Org.BouncyCastle.Crypto.Encodings; +using Org.BouncyCastle.Crypto.Modes; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Encoders; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Crypto.Tests +{ + + /** + * ISO vector test for Whirlpool + * + */ + [TestFixture] +public class GcmSivTest + : SimpleTest +{ + public override string Name + { + get { return "GCM-SIV"; } + } + + public override void PerformTest() + { + new AESGcmSiv128Test1().testTheCipher(this); + new AESGcmSiv128Test2().testTheCipher(this); + new AESGcmSiv128Test3().testTheCipher(this); + new AESGcmSiv256Test1().testTheCipher(this); + new AESGcmSiv256Test2().testTheCipher(this); + new AESGcmSiv256Test3().testTheCipher(this); + new AESGcmSiv256Test4().testTheCipher(this); + } + + /** + * Test the GcmSivCipher against the results. + * @param pCipher the cipher to test. + * @param pKey the key to test + * @param pNonce the nonce + * @param pAEAD the AEAD + * @param pData the data to test + * @param pExpected the expected results + */ + void testSIVCipher(GcmSivBlockCipher pCipher, + string pKey, + string pNonce, + string pAEAD, + string pData, + string pExpected) + { + /* protect against exceptions */ + try + { + /* Access the key and the data */ + KeyParameter myKey = new KeyParameter(Hex.Decode(pKey)); + byte[] myNonce = Hex.Decode(pNonce); + byte[] myAEAD = Hex.Decode(pAEAD); + byte[] myData = Hex.Decode(pData); + + /* Initialise the cipher */ + AeadParameters myParams = new AeadParameters(myKey, 128, myNonce, myAEAD); + pCipher.Init(true, myParams); + + /* Create the output buffers */ + byte[] myOutput = new byte[pCipher.GetOutputSize(myData.Length)]; + byte[] myFinal = new byte[myData.Length]; + + /* Process the data */ + pCipher.ProcessBytes(myData, 0, myData.Length, null, 0); + pCipher.DoFinal(myOutput, 0); + + /* Check the encryption */ + byte[] myExpected = Hex.Decode(pExpected); + IsTrue("Encryption mismatch", Arrays.AreEqual(myExpected, myOutput)); + + /* Repeat processing byte at a time */ + for (int i = 0; i != myData.Length; i++) + { + pCipher.ProcessByte(myData[i], null, 0); + } + pCipher.DoFinal(myOutput, 0); + IsTrue("Encryption mismatch", Arrays.AreEqual(myExpected, myOutput)); + + /* Re-initialise the cipher */ + pCipher.Init(false, myParams); + pCipher.ProcessBytes(myOutput, 0, myOutput.Length, null, 0); + pCipher.DoFinal(myFinal, 0); + IsTrue("Decryption mismatch", Arrays.AreEqual(myData, myFinal)); + } + catch (InvalidCipherTextException e) + { + Fail("Bad Text", e); + } + } + + /** + * AES-GCM-SIV-128 Set 1. + */ + class AESGcmSiv128Test1 + { + private readonly string EMPTY = ""; + private readonly string KEY_1 = "01000000000000000000000000000000"; + private readonly string NONCE_1 = "030000000000000000000000"; + private readonly string DATA_8 = "0100000000000000"; + private readonly string DATA_12 = "010000000000000000000000"; + private readonly string DATA_16 = "01000000000000000000000000000000"; + private readonly string DATA_32 = "01000000000000000000000000000000" + "02000000000000000000000000000000"; + private readonly string DATA_48 = "01000000000000000000000000000000" + "02000000000000000000000000000000" + + "03000000000000000000000000000000"; + private readonly string DATA_64 = "01000000000000000000000000000000" + "02000000000000000000000000000000" + + "03000000000000000000000000000000" + "04000000000000000000000000000000"; + private readonly string EXPECTED_1 = "dc20e2d83f25705bb49e439eca56de25"; + private readonly string EXPECTED_2 = "b5d839330ac7b786578782fff6013b81" + "5b287c22493a364c"; + private readonly string EXPECTED_3 = "7323ea61d05932260047d942a4978db3" + "57391a0bc4fdec8b0d106639"; + private readonly string EXPECTED_4 = "743f7c8077ab25f8624e2e948579cf77" + "303aaf90f6fe21199c6068577437a0c4"; + private readonly string EXPECTED_5 = "84e07e62ba83a6585417245d7ec413a9" + "fe427d6315c09b57ce45f2e3936a9445" + + "1a8e45dcd4578c667cd86847bf6155ff"; + private readonly string EXPECTED_6 = "3fd24ce1f5a67b75bf2351f181a475c7" + "b800a5b4d3dcf70106b1eea82fa1d64d" + + "f42bf7226122fa92e17a40eeaac1201b" + "5e6e311dbf395d35b0fe39c2714388f8"; + private readonly string EXPECTED_7 = "2433668f1058190f6d43e360f4f35cd8" + "e475127cfca7028ea8ab5c20f7ab2af0" + + "2516a2bdcbc08d521be37ff28c152bba" + "36697f25b4cd169c6590d1dd39566d3f" + + "8a263dd317aa88d56bdf3936dba75bb8"; + + /** + * Test cipher. + * @param pTest the test engine + */ + internal void testTheCipher(GcmSivTest pTest) + { + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, EMPTY, EXPECTED_1); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_8, EXPECTED_2); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_12, EXPECTED_3); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_16, EXPECTED_4); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_32, EXPECTED_5); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_48, EXPECTED_6); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_64, EXPECTED_7); + } + } + + /** + * AES-GCM-SIV-128 Set 2. + */ + class AESGcmSiv128Test2 + { + private readonly string KEY_1 = "01000000000000000000000000000000"; + private readonly string NONCE_1 = "030000000000000000000000"; + private readonly string AEAD_1 = "01"; + private readonly string AEAD_12 = "010000000000000000000000"; + private readonly string AEAD_18 = "01000000000000000000000000000000" + "0200"; + private readonly string AEAD_20 = "01000000000000000000000000000000" + "02000000"; + private readonly string DATA_4 = "02000000"; + private readonly string DATA_8 = "0200000000000000"; + private readonly string DATA_12 = "020000000000000000000000"; + private readonly string DATA_16 = "02000000000000000000000000000000"; + private readonly string DATA_18 = "03000000000000000000000000000000" + "0400"; + private readonly string DATA_20 = "03000000000000000000000000000000" + "04000000"; + private readonly string DATA_32 = "02000000000000000000000000000000" + "03000000000000000000000000000000"; + private readonly string DATA_48 = "02000000000000000000000000000000" + "03000000000000000000000000000000" + + "04000000000000000000000000000000"; + private readonly string DATA_64 = "02000000000000000000000000000000" + "03000000000000000000000000000000" + + "04000000000000000000000000000000" + "05000000000000000000000000000000"; + private readonly string EXPECTED_1 = "1e6daba35669f4273b0a1a2560969cdf" + "790d99759abd1508"; + private readonly string EXPECTED_2 = "296c7889fd99f41917f4462008299c51" + "02745aaa3a0c469fad9e075a"; + private readonly string EXPECTED_3 = "e2b0c5da79a901c1745f700525cb335b" + "8f8936ec039e4e4bb97ebd8c4457441f"; + private readonly string EXPECTED_4 = "620048ef3c1e73e57e02bb8562c416a3" + "19e73e4caac8e96a1ecb2933145a1d71" + + "e6af6a7f87287da059a71684ed3498e1"; + private readonly string EXPECTED_5 = "50c8303ea93925d64090d07bd109dfd9" + "515a5a33431019c17d93465999a8b005" + + "3201d723120a8562b838cdff25bf9d1e" + "6a8cc3865f76897c2e4b245cf31c51f2"; + private readonly string EXPECTED_6 = "2f5c64059db55ee0fb847ed513003746" + "aca4e61c711b5de2e7a77ffd02da42fe" + + "ec601910d3467bb8b36ebbaebce5fba3" + "0d36c95f48a3e7980f0e7ac299332a80" + + "cdc46ae475563de037001ef84ae21744"; + private readonly string EXPECTED_7 = "a8fe3e8707eb1f84fb28f8cb73de8e99" + "e2f48a14"; + private readonly string EXPECTED_8 = "6bb0fecf5ded9b77f902c7d5da236a43" + "91dd029724afc9805e976f451e6d87f6" + + "fe106514"; + private readonly string EXPECTED_9 = "44d0aaf6fb2f1f34add5e8064e83e12a" + "2adabff9b2ef00fb47920cc72a0c0f13" + + "b9fd"; + + /** + * Test cipher. + * @param pTest the test engine + */ + internal void testTheCipher(GcmSivTest pTest) + { + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_8, EXPECTED_1); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_12, EXPECTED_2); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_16, EXPECTED_3); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_32, EXPECTED_4); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_48, EXPECTED_5); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_64, EXPECTED_6); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_12, DATA_4, EXPECTED_7); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_18, DATA_20, EXPECTED_8); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_20, DATA_18, EXPECTED_9); + } + } + + /** + * AES-GCM-SIV-128 Set 3. + */ + class AESGcmSiv128Test3 + { + private readonly string EMPTY = ""; + private readonly string KEY_1 = "e66021d5eb8e4f4066d4adb9c33560e4"; + private readonly string KEY_2 = "36864200e0eaf5284d884a0e77d31646"; + private readonly string KEY_3 = "aedb64a6c590bc84d1a5e269e4b47801"; + private readonly string KEY_4 = "d5cc1fd161320b6920ce07787f86743b"; + private readonly string KEY_5 = "b3fed1473c528b8426a582995929a149"; + private readonly string KEY_6 = "2d4ed87da44102952ef94b02b805249b"; + private readonly string KEY_7 = "bde3b2f204d1e9f8b06bc47f9745b3d1"; + private readonly string KEY_8 = "f901cfe8a69615a93fdf7a98cad48179"; + private readonly string NONCE_1 = "f46e44bb3da0015c94f70887"; + private readonly string NONCE_2 = "bae8e37fc83441b16034566b"; + private readonly string NONCE_3 = "afc0577e34699b9e671fdd4f"; + private readonly string NONCE_4 = "275d1ab32f6d1f0434d8848c"; + private readonly string NONCE_5 = "9e9ad8780c8d63d0ab4149c0"; + private readonly string NONCE_6 = "ac80e6f61455bfac8308a2d4"; + private readonly string NONCE_7 = "ae06556fb6aa7890bebc18fe"; + private readonly string NONCE_8 = "6245709fb18853f68d833640"; + private readonly string AEAD_2 = "46bb91c3c5"; + private readonly string AEAD_3 = "fc880c94a95198874296"; + private readonly string AEAD_4 = "046787f3ea22c127aaf195d1894728"; + private readonly string AEAD_5 = "c9882e5386fd9f92ec489c8fde2be2cf" + "97e74e93"; + private readonly string AEAD_6 = "2950a70d5a1db2316fd568378da107b5" + "2b0da55210cc1c1b0a"; + private readonly string AEAD_7 = "1860f762ebfbd08284e421702de0de18" + "baa9c9596291b08466f37de21c7f"; + private readonly string AEAD_8 = "7576f7028ec6eb5ea7e298342a94d4b2" + "02b370ef9768ec6561c4fe6b7e7296fa" + + "859c21"; + private readonly string DATA_2 = "7a806c"; + private readonly string DATA_3 = "bdc66f146545"; + private readonly string DATA_4 = "1177441f195495860f"; + private readonly string DATA_5 = "9f572c614b4745914474e7c7"; + private readonly string DATA_6 = "0d8c8451178082355c9e940fea2f58"; + private readonly string DATA_7 = "6b3db4da3d57aa94842b9803a96e07fb" + "6de7"; + private readonly string DATA_8 = "e42a3c02c25b64869e146d7b233987bd" + "dfc240871d"; + private readonly string EXPECTED_1 = "a4194b79071b01a87d65f706e3949578"; + private readonly string EXPECTED_2 = "af60eb711bd85bc1e4d3e0a462e074ee" + "a428a8"; + private readonly string EXPECTED_3 = "bb93a3e34d3cd6a9c45545cfc11f03ad" + "743dba20f966"; + private readonly string EXPECTED_4 = "4f37281f7ad12949d01d02fd0cd174c8" + "4fc5dae2f60f52fd2b"; + private readonly string EXPECTED_5 = "f54673c5ddf710c745641c8bc1dc2f87" + "1fb7561da1286e655e24b7b0"; + private readonly string EXPECTED_6 = "c9ff545e07b88a015f05b274540aa183" + "b3449b9f39552de99dc214a1190b0b"; + private readonly string EXPECTED_7 = "6298b296e24e8cc35dce0bed484b7f30" + "d5803e377094f04709f64d7b985310a4" + + "db84"; + private readonly string EXPECTED_8 = "391cc328d484a4f46406181bcd62efd9" + "b3ee197d052d15506c84a9edd65e13e9" + + "d24a2a6e70"; + + /** + * Test cipher. + * @param pTest the test engine + */ + internal void testTheCipher(GcmSivTest pTest) + { + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, EMPTY, EXPECTED_1); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_2, NONCE_2, AEAD_2, DATA_2, EXPECTED_2); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_3, NONCE_3, AEAD_3, DATA_3, EXPECTED_3); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_4, NONCE_4, AEAD_4, DATA_4, EXPECTED_4); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_5, NONCE_5, AEAD_5, DATA_5, EXPECTED_5); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_6, NONCE_6, AEAD_6, DATA_6, EXPECTED_6); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_7, NONCE_7, AEAD_7, DATA_7, EXPECTED_7); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_8, NONCE_8, AEAD_8, DATA_8, EXPECTED_8); + } + } + + /** + * AES-GCM-SIV-256 Set 1. + */ + class AESGcmSiv256Test1 + { + private readonly string EMPTY = ""; + private readonly string KEY_1 = "01000000000000000000000000000000" + "00000000000000000000000000000000"; + private readonly string NONCE_1 = "030000000000000000000000"; + private readonly string DATA_8 = "0100000000000000"; + private readonly string DATA_12 = "010000000000000000000000"; + private readonly string DATA_16 = "01000000000000000000000000000000"; + private readonly string DATA_32 = "01000000000000000000000000000000" + "02000000000000000000000000000000"; + private readonly string DATA_48 = "01000000000000000000000000000000" + "02000000000000000000000000000000" + + "03000000000000000000000000000000"; + private readonly string DATA_64 = "01000000000000000000000000000000" + "02000000000000000000000000000000" + + "03000000000000000000000000000000" + "04000000000000000000000000000000"; + private readonly string EXPECTED_1 = "07f5f4169bbf55a8400cd47ea6fd400f"; + private readonly string EXPECTED_2 = "c2ef328e5c71c83b843122130f7364b7" + "61e0b97427e3df28"; + private readonly string EXPECTED_3 = "9aab2aeb3faa0a34aea8e2b18ca50da9" + "ae6559e48fd10f6e5c9ca17e"; + private readonly string EXPECTED_4 = "85a01b63025ba19b7fd3ddfc033b3e76" + "c9eac6fa700942702e90862383c6c366"; + private readonly string EXPECTED_5 = "4a6a9db4c8c6549201b9edb53006cba8" + "21ec9cf850948a7c86c68ac7539d027f" + + "e819e63abcd020b006a976397632eb5d"; + private readonly string EXPECTED_6 = "c00d121893a9fa603f48ccc1ca3c57ce" + "7499245ea0046db16c53c7c66fe717e3" + + "9cf6c748837b61f6ee3adcee17534ed5" + "790bc96880a99ba804bd12c0e6a22cc4"; + private readonly string EXPECTED_7 = "c2d5160a1f8683834910acdafc41fbb1" + "632d4a353e8b905ec9a5499ac34f96c7" + + "e1049eb080883891a4db8caaa1f99dd0" + "04d80487540735234e3744512c6f90ce" + + "112864c269fc0d9d88c61fa47e39aa08"; + + /** + * Test cipher. + * @param pTest the test engine + */ + internal void testTheCipher(GcmSivTest pTest) + { + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, EMPTY, EXPECTED_1); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_8, EXPECTED_2); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_12, EXPECTED_3); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_16, EXPECTED_4); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_32, EXPECTED_5); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_48, EXPECTED_6); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_64, EXPECTED_7); + } + } + + /** + * AES-GCM-SIV-256 Set 2. + */ + class AESGcmSiv256Test2 + { + private readonly string KEY_1 = "01000000000000000000000000000000" + "00000000000000000000000000000000"; + private readonly string NONCE_1 = "030000000000000000000000"; + private readonly string AEAD_1 = "01"; + private readonly string AEAD_12 = "010000000000000000000000"; + private readonly string AEAD_18 = "01000000000000000000000000000000" + "0200"; + private readonly string AEAD_20 = "01000000000000000000000000000000" + "02000000"; + private readonly string DATA_4 = "02000000"; + private readonly string DATA_8 = "0200000000000000"; + private readonly string DATA_12 = "020000000000000000000000"; + private readonly string DATA_16 = "02000000000000000000000000000000"; + private readonly string DATA_18 = "03000000000000000000000000000000" + "0400"; + private readonly string DATA_20 = "03000000000000000000000000000000" + "04000000"; + private readonly string DATA_32 = "02000000000000000000000000000000" + "03000000000000000000000000000000"; + private readonly string DATA_48 = "02000000000000000000000000000000" + "03000000000000000000000000000000" + + "04000000000000000000000000000000"; + private readonly string DATA_64 = "02000000000000000000000000000000" + "03000000000000000000000000000000" + + "04000000000000000000000000000000" + "05000000000000000000000000000000"; + private readonly string EXPECTED_1 = "1de22967237a813291213f267e3b452f" + "02d01ae33e4ec854"; + private readonly string EXPECTED_2 = "163d6f9cc1b346cd453a2e4cc1a4a19a" + "e800941ccdc57cc8413c277f"; + private readonly string EXPECTED_3 = "c91545823cc24f17dbb0e9e807d5ec17" + "b292d28ff61189e8e49f3875ef91aff7"; + private readonly string EXPECTED_4 = "07dad364bfc2b9da89116d7bef6daaaf" + "6f255510aa654f920ac81b94e8bad365" + + "aea1bad12702e1965604374aab96dbbc"; + private readonly string EXPECTED_5 = "c67a1f0f567a5198aa1fcc8e3f213143" + "36f7f51ca8b1af61feac35a86416fa47" + + "fbca3b5f749cdf564527f2314f42fe25" + "03332742b228c647173616cfd44c54eb"; + private readonly string EXPECTED_6 = "67fd45e126bfb9a79930c43aad2d3696" + "7d3f0e4d217c1e551f59727870beefc9" + + "8cb933a8fce9de887b1e40799988db1f" + "c3f91880ed405b2dd298318858467c89" + + "5bde0285037c5de81e5b570a049b62a0"; + private readonly string EXPECTED_7 = "22b3f4cd1835e517741dfddccfa07fa4" + "661b74cf"; + private readonly string EXPECTED_8 = "43dd0163cdb48f9fe3212bf61b201976" + "067f342bb879ad976d8242acc188ab59" + + "cabfe307"; + private readonly string EXPECTED_9 = "462401724b5ce6588d5a54aae5375513" + "a075cfcdf5042112aa29685c912fc205" + + "6543"; + + /** + * Test cipher. + * @param pTest the test engine + */ + internal void testTheCipher(GcmSivTest pTest) + { + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_8, EXPECTED_1); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_12, EXPECTED_2); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_16, EXPECTED_3); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_32, EXPECTED_4); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_48, EXPECTED_5); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_1, DATA_64, EXPECTED_6); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_12, DATA_4, EXPECTED_7); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_18, DATA_20, EXPECTED_8); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, AEAD_20, DATA_18, EXPECTED_9); + } + } + + /** + * AES-GCM-SIV-256 Set 3. + */ + class AESGcmSiv256Test3 + { + private readonly string EMPTY = ""; + private readonly string KEY_1 = "e66021d5eb8e4f4066d4adb9c33560e4" + "f46e44bb3da0015c94f7088736864200"; + private readonly string KEY_2 = "bae8e37fc83441b16034566b7a806c46" + "bb91c3c5aedb64a6c590bc84d1a5e269"; + private readonly string KEY_3 = "6545fc880c94a95198874296d5cc1fd1" + "61320b6920ce07787f86743b275d1ab3"; + private readonly string KEY_4 = "d1894728b3fed1473c528b8426a58299" + "5929a1499e9ad8780c8d63d0ab4149c0"; + private readonly string KEY_5 = "a44102952ef94b02b805249bac80e6f6" + "1455bfac8308a2d40d8c845117808235"; + private readonly string KEY_6 = "9745b3d1ae06556fb6aa7890bebc18fe" + "6b3db4da3d57aa94842b9803a96e07fb"; + private readonly string KEY_7 = "b18853f68d833640e42a3c02c25b6486" + "9e146d7b233987bddfc240871d7576f7"; + private readonly string KEY_8 = "3c535de192eaed3822a2fbbe2ca9dfc8" + "8255e14a661b8aa82cc54236093bbc23"; + private readonly string NONCE_1 = "e0eaf5284d884a0e77d31646"; + private readonly string NONCE_2 = "e4b47801afc0577e34699b9e"; + private readonly string NONCE_3 = "2f6d1f0434d8848c1177441f"; + private readonly string NONCE_4 = "9f572c614b4745914474e7c7"; + private readonly string NONCE_5 = "5c9e940fea2f582950a70d5a"; + private readonly string NONCE_6 = "6de71860f762ebfbd08284e4"; + private readonly string NONCE_7 = "028ec6eb5ea7e298342a94d4"; + private readonly string NONCE_8 = "688089e55540db1872504e1c"; + private readonly string AEAD_2 = "4fbdc66f14"; + private readonly string AEAD_3 = "6787f3ea22c127aaf195"; + private readonly string AEAD_4 = "489c8fde2be2cf97e74e932d4ed87d"; + private readonly string AEAD_5 = "0da55210cc1c1b0abde3b2f204d1e9f8" + "b06bc47f"; + private readonly string AEAD_6 = "f37de21c7ff901cfe8a69615a93fdf7a" + "98cad481796245709f"; + private readonly string AEAD_7 = "9c2159058b1f0fe91433a5bdc20e214e" + "ab7fecef4454a10ef0657df21ac7"; + private readonly string AEAD_8 = "734320ccc9d9bbbb19cb81b2af4ecbc3" + "e72834321f7aa0f70b7282b4f33df23f" + + "167541"; + private readonly string DATA_2 = "671fdd"; + private readonly string DATA_3 = "195495860f04"; + private readonly string DATA_4 = "c9882e5386fd9f92ec"; + private readonly string DATA_5 = "1db2316fd568378da107b52b"; + private readonly string DATA_6 = "21702de0de18baa9c9596291b08466"; + private readonly string DATA_7 = "b202b370ef9768ec6561c4fe6b7e7296" + "fa85"; + private readonly string DATA_8 = "ced532ce4159b035277d4dfbb7db6296" + "8b13cd4eec"; + private readonly string EXPECTED_1 = "169fbb2fbf389a995f6390af22228a62"; + private readonly string EXPECTED_2 = "0eaccb93da9bb81333aee0c785b240d3" + "19719d"; + private readonly string EXPECTED_3 = "a254dad4f3f96b62b84dc40c84636a5e" + "c12020ec8c2c"; + private readonly string EXPECTED_4 = "0df9e308678244c44bc0fd3dc6628dfe" + "55ebb0b9fb2295c8c2"; + private readonly string EXPECTED_5 = "8dbeb9f7255bf5769dd56692404099c2" + "587f64979f21826706d497d5"; + private readonly string EXPECTED_6 = "793576dfa5c0f88729a7ed3c2f1bffb3" + "080d28f6ebb5d3648ce97bd5ba67fd"; + private readonly string EXPECTED_7 = "857e16a64915a787637687db4a951963" + "5cdd454fc2a154fea91f8363a39fec7d" + + "0a49"; + private readonly string EXPECTED_8 = "626660c26ea6612fb17ad91e8e767639" + "edd6c9faee9d6c7029675b89eaf4ba1d" + + "ed1a286594"; + + /** + * Test cipher. + * @param pTest the test engine + */ + internal void testTheCipher(GcmSivTest pTest) + { + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, EMPTY, EXPECTED_1); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_2, NONCE_2, AEAD_2, DATA_2, EXPECTED_2); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_3, NONCE_3, AEAD_3, DATA_3, EXPECTED_3); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_4, NONCE_4, AEAD_4, DATA_4, EXPECTED_4); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_5, NONCE_5, AEAD_5, DATA_5, EXPECTED_5); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_6, NONCE_6, AEAD_6, DATA_6, EXPECTED_6); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_7, NONCE_7, AEAD_7, DATA_7, EXPECTED_7); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_8, NONCE_8, AEAD_8, DATA_8, EXPECTED_8); + } + } + + /** + * AES-GCM-SIV-256 Set 4. + */ + class AESGcmSiv256Test4 + { + private readonly string EMPTY = ""; + private readonly string KEY_1 = "00000000000000000000000000000000" + "00000000000000000000000000000000"; + private readonly string NONCE_1 = "000000000000000000000000"; + private readonly string DATA_1 = "00000000000000000000000000000000" + "4db923dc793ee6497c76dcc03a98e108"; + private readonly string DATA_2 = "eb3640277c7ffd1303c7a542d02d3e4c" + "0000000000000000"; + private readonly string EXPECTED_1 = "f3f80f2cf0cb2dd9c5984fcda908456c" + "c537703b5ba70324a6793a7bf218d3ea" + + "ffffffff000000000000000000000000"; + private readonly string EXPECTED_2 = "18ce4f0b8cb4d0cac65fea8f79257b20" + "888e53e72299e56dffffffff00000000" + + "0000000000000000"; + + /** + * Test cipher. + * @param pTest the test engine + */ + internal void testTheCipher(GcmSivTest pTest) + { + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_1, EXPECTED_1); + pTest.testSIVCipher(new GcmSivBlockCipher(), KEY_1, NONCE_1, EMPTY, DATA_2, EXPECTED_2); + } + } +} +} diff --git a/crypto/test/src/test/ParallelHashTest.cs b/crypto/test/src/test/ParallelHashTest.cs new file mode 100644 index 000000000..4edffc7c3 --- /dev/null +++ b/crypto/test/src/test/ParallelHashTest.cs @@ -0,0 +1,141 @@ +using System; + +using NUnit.Framework; + +using Org.BouncyCastle.Crypto.Engines; +using Org.BouncyCastle.Crypto.Digests; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Encoders; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Crypto.Tests +{ + [TestFixture] + +/** + * ParallelHash test vectors from: + * <p> + * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/KMAC_samples.pdf + */ +public class ParallelHashTest + : SimpleTest +{ + public override string Name + { + get { return "ParallelHash"; } + } + + public override void PerformTest() + { + ParallelHash pHash = new ParallelHash(128, new byte[0], 8); + + byte[] data = Hex.Decode("00 01 02 03 04 05 06 07 10 11 12 13 14 15 16 17 20 21 22 23 24 25 26 27"); + pHash.BlockUpdate(data, 0, data.Length); + + byte[] res = new byte[pHash.GetDigestSize()]; + + pHash.DoFinal(res, 0); + + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("BA 8D C1 D1 D9 79 33 1D 3F 81 36 03 C6 7F 72 609A B5 E4 4B 94 A0 B8 F9 AF 46 51 44 54 A2 B4 F5"), res)); + + pHash = new ParallelHash(128, Strings.ToByteArray("Parallel Data"), 8); + + pHash.BlockUpdate(data, 0, data.Length); + + res = new byte[pHash.GetDigestSize()]; + + pHash.DoFinal(res, 0); + + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("FC 48 4D CB 3F 84 DC EE DC 35 34 38 15 1B EE 58 15 7D 6E FE D0 44 5A 81 F1 65 E4 95 79 5B 72 06"), res)); + + pHash = new ParallelHash(128, Strings.ToByteArray("Parallel Data"), 12); + + data = Hex.Decode("00 01 02 03 04 05 06 07 08 09 0A 0B 10 11 12 13 14 15 16 17 18 19 1A 1B 20 21 22 23 24 25 26 27 28 29 2A 2B 30 31 32 33 34 35 36 37 38 39 3A 3B 40 41 42 43 44 45 46 47 48 49 4A 4B 50 51 52 53 54 55 56 57 58 59 5A 5B"); + + pHash.BlockUpdate(data, 0, data.Length); + + res = new byte[pHash.GetDigestSize()]; + + pHash.DoFinal(res, 0); + + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("F7 FD 53 12 89 6C 66 85 C8 28 AF 7E 2A DB 97 E3 93 E7 F8 D5 4E 3C 2E A4 B9 5E 5A CA 37 96 E8 FC"), res)); + + pHash = new ParallelHash(256, new byte[0], 8); + + data = Hex.Decode("00 01 02 03 04 05 06 07 10 11 12 13 14 15 16 17 20 21 22 23 24 25 26 27"); + + pHash.BlockUpdate(data, 0, data.Length); + + res = new byte[pHash.GetDigestSize()]; + + pHash.DoFinal(res, 0); + + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("BC 1E F1 24 DA 34 49 5E 94 8E AD 20 7D D9 84 22 35 DA 43 2D 2B BC 54 B4 C1 10 E6 4C 45 11 05 53 1B 7F 2A 3E 0C E0 55 C0 28 05 E7 C2 DE 1F B7 46 AF 97 A1 DD 01 F4 3B 82 4E 31 B8 76 12 41 04 29"), res)); + + pHash = new ParallelHash(256, Strings.ToByteArray("Parallel Data"), 8); + + data = Hex.Decode("00 01 02 03 04 05 06 07 10 11 12 13 14 15 16 17 20 21 22 23 24 25 26 27"); + + pHash.BlockUpdate(data, 0, data.Length); + + res = new byte[pHash.GetDigestSize()]; + + pHash.DoFinal(res, 0); + + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("CD F1 52 89 B5 4F 62 12 B4 BC 27 05 28 B4 95 26 00 6D D9 B5 4E 2B 6A DD 1E F6 90 0D DA 39 63 BB 33 A7 24 91 F2 36 96 9C A8 AF AE A2 9C 68 2D 47 A3 93 C0 65 B3 8E 29 FA E6 51 A2 09 1C 83 31 10"), res)); + + pHash = new ParallelHash(256, Strings.ToByteArray("Parallel Data"), 12); + + data = Hex.Decode("00 01 02 03 04 05 06 07 08 09 0A 0B 10 11 12 13 14 15 16 17 18 19 1A 1B 20 21 22 23 24 25 26 27 28 29 2A 2B 30 31 32 33 34 35 36 37 38 39 3A 3B 40 41 42 43 44 45 46 47 48 49 4A 4B 50 51 52 53 54 55 56 57 58 59 5A 5B"); + + pHash.BlockUpdate(data, 0, data.Length); + + res = new byte[pHash.GetDigestSize()]; + + pHash.DoFinal(res, 0); + + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("69 D0 FC B7 64 EA 05 5D D0 93 34 BC 60 21 CB 7E 4B 61 34 8D FF 37 5D A2 62 67 1C DE C3 EF FA 8D 1B 45 68 A6 CC E1 6B 1C AD 94 6D DD E2 7F 6C E2 B8 DE E4 CD 1B 24 85 1E BF 00 EB 90 D4 38 13 E9"), res)); + + pHash = new ParallelHash(128, Strings.ToByteArray("Parallel Data"), 12); + + data = Hex.Decode("00 01 02 03 04 05 06 07 08 09 0A 0B 10 11 12 13 14 15 16 17 18 19 1A 1B 20 21 22 23 24 25 26 27 28 29 2A 2B 30 31 32 33 34 35 36 37 38 39 3A 3B 40 41 42 43 44 45 46 47 48 49 4A 4B 50 51 52 53 54 55 56 57 58 59 5A 5B"); + pHash.BlockUpdate(data, 0, data.Length); + + res = new byte[32]; + + pHash.DoOutput(res, 0, res.Length); + + IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("F7 FD 53 12 89 6C 66 85 C8 28 AF 7E 2A DB 97 E3 93 E7 F8 D5 4E 3C 2E A4 B9 5E 5A CA 37 96 E8 FC"), res)); + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("0127ad9772ab904691987fcc4a24888f341fa0db2145e872d4efd255376602f0"), res)); + + pHash = new ParallelHash(256, Strings.ToByteArray("Parallel Data"), 12); + + data = Hex.Decode("00 01 02 03 04 05 06 07 08 09 0A 0B 10 11 12 13 14 15 16 17 18 19 1A 1B 20 21 22 23 24 25 26 27 28 29 2A 2B 30 31 32 33 34 35 36 37 38 39 3A 3B 40 41 42 43 44 45 46 47 48 49 4A 4B 50 51 52 53 54 55 56 57 58 59 5A 5B"); + pHash.BlockUpdate(data, 0, data.Length); + + res = new byte[64]; + + pHash.DoOutput(res, 0, res.Length); + + IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("69 D0 FC B7 64 EA 05 5D D0 93 34 BC 60 21 CB 7E 4B 61 34 8D FF 37 5D A2 62 67 1C DE C3 EF FA 8D 1B 45 68 A6 CC E1 6B 1C AD 94 6D DD E2 7F 6C E2 B8 DE E4 CD 1B 24 85 1E BF 00 EB 90 D4 38 13 E9"), res)); + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("6b3e790b330c889a204c2fbc728d809f19367328d852f4002dc829f73afd6bcefb7fe5b607b13a801c0be5c1170bdb794e339458fdb0e62a6af3d42558970249"), res)); + + testEmpty(); + } + + private void testEmpty() + { + //{"tcId":90,"msg":"","len":0,"blockSize":62,"customization":"Ny0LL2tUmt\u003C\u002BkuN5:Z7pZ_7]R; l/i:%pWbo4}","outLen":16}, + //{"tcId":90,"md":"13C4","outLen":16} + ParallelHash pHash = new ParallelHash(256, Strings.ToByteArray("Ny0LL2tUmt\u003C\u002BkuN5:Z7pZ_7]R; l/i:%pWbo4}"), 62); + + pHash.BlockUpdate(new byte[0], 0, 0); + + byte[] res = new byte[16 / 8]; + + pHash.DoOutput(res, 0, res.Length); + + IsTrue(Arrays.AreEqual(Hex.Decode("13C4"), res)); + } +} +} diff --git a/crypto/test/src/test/SP80038GTest.cs b/crypto/test/src/test/SP80038GTest.cs new file mode 100644 index 000000000..0d2426c60 --- /dev/null +++ b/crypto/test/src/test/SP80038GTest.cs @@ -0,0 +1,582 @@ + +using NUnit.Framework; + +using System; + +using Org.BouncyCastle.Crypto; +using Org.BouncyCastle.Crypto.Digests; +using Org.BouncyCastle.Crypto.Utilities; +using Org.BouncyCastle.Crypto.Fpe; +using Org.BouncyCastle.Crypto.Parameters; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Encoders; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Crypto.Tests +{ + [TestFixture] + public class SP80038GTest + : SimpleTest +{ + private class FFSample + { + private readonly int radix; + private readonly byte[] key; + private readonly byte[] plaintext; + private readonly byte[] ciphertext; + private readonly byte[] tweak; + + public static FFSample from(int radix, String hexKey, String asciiPT, String asciiCT, String hexTweak) + { + return new FFSample(radix, fromHex(hexKey), fromAscii(radix, asciiPT), fromAscii(radix, asciiCT), fromHex(hexTweak)); + } + + private static byte fromAlphaNumeric(char c) + { + if (c >= '0' && c <= '9') + { + return (byte)(c - '0'); + } + else if (c >= 'a' && c <= 'z') + { + return (byte)(10 + (c - 'a')); + } + else if (c >= 'A' && c <= 'Z') + { + return (byte)(36 + (c - 'A')); + } + else + { + throw new ArgumentException(); + } + } + + private static byte[] fromAscii(int radix, string ascii) + { + byte[] result = new byte[ascii.Length]; + for (int i = 0; i < result.Length; ++i) + { + result[i] = fromAlphaNumeric(ascii[i]); + if (result[i] < 0 || result[i] >= radix) + { + throw new ArgumentException(); + } + } + return result; + } + + private static byte[] fromHex(string hex) + { + return Hex.Decode(hex); + } + + private FFSample(int radix, byte[] key, byte[] plaintext, byte[] ciphertext, byte[] tweak) + { + this.radix = radix; + this.key = key; + this.plaintext = plaintext; + this.ciphertext = ciphertext; + this.tweak = tweak; + } + + public byte[] getCiphertext() + { + return ciphertext; + } + + public byte[] getKey() + { + return key; + } + + public byte[] getPlaintext() + { + return plaintext; + } + + public int getRadix() + { + return radix; + } + + public byte[] getTweak() + { + return tweak; + } + } + + private static FFSample[] ff1Samples = new FFSample[] + { + // FF1-AES128 + FFSample.from(10, "2B7E151628AED2A6ABF7158809CF4F3C", "0123456789", "2433477484", ""), + FFSample.from(10, "2B7E151628AED2A6ABF7158809CF4F3C", "0123456789", "6124200773", "39383736353433323130"), + FFSample.from(36, "2B7E151628AED2A6ABF7158809CF4F3C", "0123456789abcdefghi", "a9tv40mll9kdu509eum", "3737373770717273373737"), + + // FF1-AES192 + FFSample.from(10, "2B7E151628AED2A6ABF7158809CF4F3CEF4359D8D580AA4F", "0123456789", "2830668132", ""), + FFSample.from(10, "2B7E151628AED2A6ABF7158809CF4F3CEF4359D8D580AA4F", "0123456789", "2496655549", "39383736353433323130"), + FFSample.from(36, "2B7E151628AED2A6ABF7158809CF4F3CEF4359D8D580AA4F", "0123456789abcdefghi", "xbj3kv35jrawxv32ysr", "3737373770717273373737"), + + // FF1-AES256 + FFSample.from(10, "2B7E151628AED2A6ABF7158809CF4F3CEF4359D8D580AA4F7F036D6F04FC6A94", "0123456789", "6657667009", ""), + FFSample.from(10, "2B7E151628AED2A6ABF7158809CF4F3CEF4359D8D580AA4F7F036D6F04FC6A94", "0123456789", "1001623463", "39383736353433323130"), + FFSample.from(36, "2B7E151628AED2A6ABF7158809CF4F3CEF4359D8D580AA4F7F036D6F04FC6A94", "0123456789abcdefghi", "xs8a0azh2avyalyzuwd", "3737373770717273373737"), + }; + + private static FFSample[] ff3_1Samples = new FFSample[] + { + // FF3-AES128 + FFSample.from(62, "7793833CE891B496381BD5B882F77EA1", "YbpT3hDo0J9xwCQ5qUWt93iv", "dDEYxViK56lGbV1WdZTPTe4w", "C58797C2580174"), + }; + + private void testFF1() + { + for (int i = 0; i < ff1Samples.Length; ++i) + { + testFF1Sample(ff1Samples[i]); + } + + byte[] key = Hex.Decode("EF4359D8D580AA4F7F036D6F04FC6A942B7E151628AED2A6"); + byte[] plainText = Hex.Decode("0327035100210215"); + byte[] tweak = Hex.Decode("39383736353433323130"); + + FpeEngine fpeEngine = new FpeFf1Engine(); + + fpeEngine.Init(true, new FpeParameters(new KeyParameter(key), 24, tweak)); + + try + { + fpeEngine.ProcessBlock(plainText, 0, plainText.Length, plainText, 0); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("input data outside of radix", e.Message); + } + + try + { + fpeEngine.ProcessBlock(new byte[] { 1 }, 0, 1, plainText, 0); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("input too short", e.Message); + } + } + + public void testFF1w() + { + byte[] key = Hex.Decode("EF4359D8D580AA4F7F036D6F04FC6A942B7E151628AED2A6"); + byte[] plainText = Hex.Decode("0327035100210215"); + byte[] cipherText = Hex.Decode("022701f80217020a"); + byte[] tweak = Hex.Decode("39383736353433323130"); + + FpeEngine fpeEngine = new FpeFf1Engine(); + + fpeEngine.Init(true, new FpeParameters(new KeyParameter(key), 1024, tweak)); + + byte[] enc = new byte[plainText.Length]; + + fpeEngine.ProcessBlock(plainText, 0, plainText.Length, enc, 0); + + AreEqual(cipherText, enc); + + fpeEngine.Init(false, new FpeParameters(new KeyParameter(key), 1024, tweak)); + + fpeEngine.ProcessBlock(cipherText, 0, cipherText.Length, enc, 0); + + AreEqual(plainText, enc); + + byte[] outPt = Hex.Decode("03270F5100210215"); + + try + { + fpeEngine.ProcessBlock(outPt, 0, outPt.Length, enc, 0); + } + catch (ArgumentException e) + { + IsEquals("input data outside of radix", e.Message); + } + } + + public void testFF3_1() + { + for (int i = 0; i < ff3_1Samples.Length; ++i) + { + testFF3_1Sample(ff3_1Samples[i]); + } + + byte[] key = Hex.Decode("EF4359D8D580AA4F7F036D6F04FC6A942B7E151628AED2A6"); + byte[] plainText = Hex.Decode("0327035100210215"); + byte[] tweak = Hex.Decode("39383736353433"); + + FpeEngine fpeEngine = new FpeFf3_1Engine(); + + fpeEngine.Init(true, new FpeParameters(new KeyParameter(key), 24, tweak)); + + try + { + fpeEngine.ProcessBlock(plainText, 0, plainText.Length, plainText, 0); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("input data outside of radix", e.Message); + } + + try + { + fpeEngine.Init(true, new FpeParameters(new KeyParameter(key), 24, Hex.Decode("beef"))); + + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("tweak should be 56 bits", e.Message); + } + } + + private void testFF3_1w() + { + byte[] key = Hex.Decode("EF4359D8D580AA4F7F036D6F04FC6A942B7E151628AED2A6"); + byte[] plainText = Hex.Decode("0327035100210215"); + byte[] cipherText = Hex.Decode("02fb024900310220"); + byte[] tweak = Hex.Decode("39383736353433"); + + FpeEngine fpeEngine = new FpeFf3_1Engine(); + + fpeEngine.Init(true, new FpeParameters(new KeyParameter(key), 1024, tweak)); + + byte[] enc = new byte[plainText.Length]; + + fpeEngine.ProcessBlock(plainText, 0, plainText.Length, enc, 0); + + IsTrue("enc failed: " + Hex.ToHexString(enc), AreEqual(cipherText, enc)); + + fpeEngine.Init(false, new FpeParameters(new KeyParameter(key), 1024, tweak)); + + fpeEngine.ProcessBlock(cipherText, 0, cipherText.Length, enc, 0); + + IsTrue(AreEqual(plainText, enc)); + + byte[] outPt = Hex.Decode("03270F5100210215"); + + try + { + fpeEngine.ProcessBlock(outPt, 0, outPt.Length, enc, 0); + } + catch (ArgumentException e) + { + IsEquals("input data outside of radix", e.Message); + } + } + + private void testDisable() + { + Environment.SetEnvironmentVariable("org.bouncycastle.fpe.disable", "true"); + try + { + testFF1(); + Fail("no exception"); + } + catch (InvalidOperationException e) + { + IsEquals("FF1 encryption disabled", e.Message); + } + + try + { + testFF3_1(); + Fail("no exception"); + } + catch (InvalidOperationException e) + { + IsEquals("Fpe disabled", e.Message); + } + Environment.SetEnvironmentVariable("org.bouncycastle.fpe.disable", "false"); + + Environment.SetEnvironmentVariable("org.bouncycastle.fpe.disable_ff1", "true"); + try + { + testFF1(); + Fail("no exception"); + } + catch (InvalidOperationException e) + { + IsEquals("FF1 encryption disabled", e.Message); + } + + testFF3_1(); + Environment.SetEnvironmentVariable("org.bouncycastle.fpe.disable_ff1", "false"); + } + + private void testFF3_1_255() + { + byte[] key = Hex.Decode("339BB5B1F2D44BAABF87CA1B7380CDC8"); + byte[] tweak = Hex.Decode("3F096DE35BFA31"); + int radix = 256; + + FpeEngine fpeEngine = new FpeFf3_1Engine(); + + fpeEngine.Init(true, new FpeParameters(new KeyParameter(key), radix, tweak)); + + ulong valueToEncrypt = 0x31009155FFL; + + byte[] bytes = Hex.Decode("31009155FF"); + byte[] enc = new byte[bytes.Length]; + //Encrypt + + fpeEngine.ProcessBlock(bytes, 0, bytes.Length, enc, 0); + + IsTrue(Arrays.AreEqual(Hex.Decode("18fa139dc978a681"), enc)); + + //Decrypt + fpeEngine.Init(false, new FpeParameters(new KeyParameter(key), radix, tweak)); + + fpeEngine.ProcessBlock(enc, 0, enc.Length, enc, 0); + + IsTrue(Arrays.AreEqual(bytes, enc)); + } + + private void testFF1Sample(FFSample ff1) + { + FpeEngine fpeEngine = new FpeFf1Engine(); + + fpeEngine.Init(true, new FpeParameters(new KeyParameter(ff1.getKey()), ff1.getRadix(), ff1.getTweak())); + + byte[] plain = ff1.getPlaintext(); + byte[] enc = new byte[plain.Length]; + + fpeEngine.ProcessBlock(plain, 0, plain.Length, enc, 0); + + IsTrue(AreEqual(ff1.getCiphertext(), enc)); + + fpeEngine.Init(false, new FpeParameters(new KeyParameter(ff1.getKey()), ff1.getRadix(), ff1.getTweak())); + + fpeEngine.ProcessBlock(ff1.getCiphertext(), 0, ff1.getCiphertext().Length, enc, 0); + + IsTrue(AreEqual(ff1.getPlaintext(), enc)); + } + + private void testFF3_1Sample(FFSample ff3_1) + { + FpeEngine fpeEngine = new FpeFf3_1Engine(); + + fpeEngine.Init(true, new FpeParameters(new KeyParameter(ff3_1.getKey()), ff3_1.getRadix(), ff3_1.getTweak())); + + byte[] plain = ff3_1.getPlaintext(); + byte[] enc = new byte[plain.Length]; + + fpeEngine.ProcessBlock(plain, 0, plain.Length, enc, 0); + + IsTrue(AreEqual(ff3_1.getCiphertext(), enc)); + + fpeEngine.Init(false, new FpeParameters(new KeyParameter(ff3_1.getKey()), ff3_1.getRadix(), ff3_1.getTweak())); + + fpeEngine.ProcessBlock(ff3_1.getCiphertext(), 0, plain.Length, enc, 0); + + IsTrue(AreEqual(ff3_1.getPlaintext(), enc)); + } + + public void testFF1Bounds() + { + byte[] key = Hex.Decode("339BB5B1F2D44BAABF87CA1B7380CDC8"); + byte[] tweak = Hex.Decode("3F096DE35BFA31"); + + FpeEngine fpeEngine = new FpeFf1Engine(); + + try + { + IAlphabetMapper alphabetMapper = new BasicAlphabetMapper("ABCDEFGHI"); + + fpeEngine.Init(true, new FpeParameters(new KeyParameter(key), + alphabetMapper.Radix, tweak)); + + process(fpeEngine, new byte[] { 1, 2, 3 }); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("input too short", e.Message); + } + + try + { + IAlphabetMapper alphabetMapper = new BasicAlphabetMapper("ABCD"); + + fpeEngine.Init(true, new FpeParameters(new KeyParameter(key), + alphabetMapper.Radix, tweak)); + + process(fpeEngine, new byte[] { 1, 2, 3 }); + Fail("no exception"); + } + catch (ArgumentException e) + { + IsEquals("input too short", e.Message); + } + } + + private void testFF3_1Bounds() + { + String bigAlpha = "+-ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz"; + + IAlphabetMapper alphabetMapper = new BasicAlphabetMapper(bigAlpha); + + ff3_1Test(alphabetMapper, "467094C27E47978FE616F475215BF4F1", "ECC8AA7B87B41C", "9RwG+t8cKfa9JweBYgHAA6fHUShNZ5tc", "-DXMBhb3AFPq5Xf4oUva4WbB8eagGK2u"); + ff3_1Test(alphabetMapper, "4DB04B58E97819015A08BA7A39A79C303968A34DB0936FAD", "26B3A632FAADFE", "k5Kop6xYpT0skr1zHHPEt5rPWQ4s4O-3", "JyWzuPL6SNsciOXdEgwnKZJxHiKaTu4Z"); + ff3_1Test(alphabetMapper, "15567AA6CD8CCA401ADB6A10730655AEEC10E9101FD3969A", "379B9572B687A6", "ZpztPp90Oo5ekoNRzqArsAqAbnmM--W6", "NPxEDufvnYzVX3jxupv+iJOuPVpWRPjD"); + try + { + ff3_1Test(alphabetMapper, "15567AA6CD8CCA401ADB6A10730655AEEC10E9101FD3969A", "379B9572B687A6", "ZpztPp90Oo5ekoNRzqArsAqAbnmM+-W6ZZ", "L1yx-4YLQG9W1P5yTI7Wp2h0IDcRoBq1kk"); + Fail("no exception 1"); + } + catch (ArgumentException e) + { + IsEquals("maximum input length is 32", e.Message); + } + + try + { + ff3_1Test(alphabetMapper, "15567AA6CD8CCA401ADB6A10730655AEEC10E9101FD3969A", "379B9572B687A6", "Z", "L"); + Fail("no exception 2"); + } + catch (ArgumentException e) + { + IsEquals("input too short", e.Message); + } + + try + { + alphabetMapper = new BasicAlphabetMapper("ABCDEFGHI"); + + ff3_1Test(alphabetMapper, "15567AA6CD8CCA401ADB6A10730655AEEC10E9101FD3969A", "379B9572B687A6", "AB", "ZZ"); + Fail("no exception 3"); + } + catch (ArgumentException e) + { + IsEquals("input too short", e.Message); + } + } + + private void ff3_1Test(IAlphabetMapper alphabetMapper, String skey, String stweak, String input, String output) + { + FpeEngine fpeEncEngine = new FpeFf3_1Engine(); + FpeEngine fpeDecEngine = new FpeFf3_1Engine(); + + byte[] key = Hex.Decode(skey); + byte[] tweak = Hex.Decode(stweak); + int radix = alphabetMapper.Radix; + + fpeEncEngine.Init(true, new FpeParameters(new KeyParameter(key), radix, tweak)); + fpeDecEngine.Init(false, new FpeParameters(new KeyParameter(key), radix, tweak)); + + byte[] bytes = alphabetMapper.ConvertToIndexes(input.ToCharArray()); + + byte[] encryptedBytes = process(fpeEncEngine, bytes); + IsEquals(output, new String(alphabetMapper.ConvertToChars(encryptedBytes))); + + byte[] decryptedBytes = process(fpeDecEngine, encryptedBytes); + IsTrue(Arrays.AreEqual(bytes, decryptedBytes)); + char[] chars = alphabetMapper.ConvertToChars(decryptedBytes); + IsEquals(input, new String(chars)); + } + + private byte[] process(FpeEngine fpeEngine, byte[] bytes) + { + byte[] rv = new byte[bytes.Length]; + + fpeEngine.ProcessBlock(bytes, 0, bytes.Length, rv, 0); + + return rv; + } + + public void testUtility() + { + FpeCharEncryptor fpeEnc = new FpeCharEncryptor(new FpeFf1Engine(), Hex.Decode("2B7E151628AED2A6ABF7158809CF4F3C"), "0123456789".ToCharArray()); + + char[] input = "01234567890123456".ToCharArray(); + char[] encrypted = fpeEnc.Process(input); + + FpeCharDecryptor fpeDec = new FpeCharDecryptor(new FpeFf1Engine(), Hex.Decode("2B7E151628AED2A6ABF7158809CF4F3C"), "0123456789".ToCharArray()); + char[] decrypted = fpeDec.Process(encrypted); + + IsTrue("no match", Arrays.AreEqual(input, decrypted)); + } + + public override string Name + { + get { return "SP80038GTest"; } + } + + public override void PerformTest() + { + testFF1(); + testFF1w(); + testFF1Bounds(); + testFF3_1(); + testFF3_1w(); + testFF3_1_255(); + testFF3_1Bounds(); + testDisable(); + testUtility(); + } + + public class FpeCharEncryptor + { + private readonly FpeEngine fpeEngine; + private IAlphabetMapper alphabetMapper; + + public FpeCharEncryptor(FpeEngine fpeEngine, byte[] key, char[] alphabet): this(fpeEngine, key, new byte[0], alphabet) + { + + } + + public FpeCharEncryptor(FpeEngine fpeEngine, byte[] key, byte[] tweak, char[] alphabet) + { + this.fpeEngine = fpeEngine; + + alphabetMapper = new BasicAlphabetMapper(alphabet); + + fpeEngine.Init(true, new FpeParameters(new KeyParameter(key), alphabetMapper.Radix, tweak)); + } + + public char[] Process(char[] input) + { + byte[] bytes = alphabetMapper.ConvertToIndexes(input); + + fpeEngine.ProcessBlock(bytes, 0, bytes.Length, bytes, 0); + + return alphabetMapper.ConvertToChars(bytes); + } + } + + public class FpeCharDecryptor + { + private readonly FpeEngine fpeEngine; + private IAlphabetMapper alphabetMapper; + + public FpeCharDecryptor(FpeEngine fpeEngine, byte[] key, char[] alphabet): this(fpeEngine, key, new byte[0], alphabet) + { + } + + public FpeCharDecryptor(FpeEngine fpeEngine, byte[] key, byte[] tweak, char[] alphabet) + { + this.fpeEngine = fpeEngine; + + alphabetMapper = new BasicAlphabetMapper(alphabet); + + fpeEngine.Init(false, new FpeParameters(new KeyParameter(key), alphabetMapper.Radix, tweak)); + } + + public char[] Process(char[] input) + { + byte[] bytes = alphabetMapper.ConvertToIndexes(input); + + fpeEngine.ProcessBlock(bytes, 0, bytes.Length, bytes, 0); + + return alphabetMapper.ConvertToChars(bytes); + } + } +} +} diff --git a/crypto/test/src/test/TupleHashTest.cs b/crypto/test/src/test/TupleHashTest.cs new file mode 100644 index 000000000..f212f4abe --- /dev/null +++ b/crypto/test/src/test/TupleHashTest.cs @@ -0,0 +1,108 @@ +using System; + +using NUnit.Framework; + +using Org.BouncyCastle.Crypto.Digests; +using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Encoders; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Crypto.Tests +{ + [TestFixture] +/** + * TupleHash test vectors from: + * <p> + * https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/KMAC_samples.pdf + */ +public class TupleHashTest + : SimpleTest +{ + public override string Name + { + get { return "TupleHash"; } + } + + public override void PerformTest() + { + TupleHash tHash = new TupleHash(128, new byte[0]); + + tHash.BlockUpdate(Hex.Decode("000102"), 0, 3); + tHash.BlockUpdate(Hex.Decode("101112131415"), 0, 6); + + byte[] res = new byte[tHash.GetDigestSize()]; + + tHash.DoFinal(res, 0); + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("C5 D8 78 6C 1A FB 9B 82 11 1A B3 4B 65 B2 C0 04 8F A6 4E 6D 48 E2 63 26 4C E1 70 7D 3F FC 8E D1"), res)); + + tHash = new TupleHash(128, Strings.ToByteArray("My Tuple App")); + + tHash.BlockUpdate(Hex.Decode("000102"), 0, 3); + tHash.BlockUpdate(Hex.Decode("101112131415"), 0, 6); + + tHash.DoFinal(res, 0); + + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("75 CD B2 0F F4 DB 11 54 E8 41 D7 58 E2 41 60 C5 4B AE 86 EB 8C 13 E7 F5 F4 0E B3 55 88 E9 6D FB"), res)); + + tHash.BlockUpdate(Hex.Decode("000102"), 0, 3); + tHash.BlockUpdate(Hex.Decode("101112131415"), 0, 6); + tHash.BlockUpdate(Hex.Decode("202122232425262728"), 0, 9); + + tHash.DoFinal(res, 0); + + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("E6 0F 20 2C 89 A2 63 1E DA 8D 4C 58 8C A5 FD 07 F3 9E 51 51 99 8D EC CF 97 3A DB 38 04 BB 6E 84"), res)); + + tHash = new TupleHash(256, new byte[0]); + + tHash.BlockUpdate(Hex.Decode("000102"), 0, 3); + tHash.BlockUpdate(Hex.Decode("101112131415"), 0, 6); + + res = new byte[tHash.GetDigestSize()]; + + tHash.DoFinal(res, 0); + + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("CF B7 05 8C AC A5 E6 68 F8 1A 12 A2 0A 21 95 CE 97 A9 25 F1 DB A3 E7 44 9A 56 F8 22 01 EC 60 73 11 AC 26 96 B1 AB 5E A2 35 2D F1 42 3B DE 7B D4 BB 78 C9 AE D1 A8 53 C7 86 72 F9 EB 23 BB E1 94"), res)); + + tHash = new TupleHash(256, Strings.ToByteArray("My Tuple App")); + + tHash.BlockUpdate(Hex.Decode("000102"), 0, 3); + tHash.BlockUpdate(Hex.Decode("101112131415"), 0, 6); + + tHash.DoFinal(res, 0); + + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("14 7C 21 91 D5 ED 7E FD 98 DB D9 6D 7A B5 A1 16 92 57 6F 5F E2 A5 06 5F 3E 33 DE 6B BA 9F 3A A1 C4 E9 A0 68 A2 89 C6 1C 95 AA B3 0A EE 1E 41 0B 0B 60 7D E3 62 0E 24 A4 E3 BF 98 52 A1 D4 36 7E"), res)); + + tHash.BlockUpdate(Hex.Decode("000102"), 0, 3); + tHash.BlockUpdate(Hex.Decode("101112131415"), 0, 6); + tHash.BlockUpdate(Hex.Decode("202122232425262728"), 0, 9); + + tHash.DoFinal(res, 0); + + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("45 00 0B E6 3F 9B 6B FD 89 F5 47 17 67 0F 69 A9 BC 76 35 91 A4 F0 5C 50 D6 88 91 A7 44 BC C6 E7 D6 D5 B5 E8 2C 01 8D A9 99 ED 35 B0 BB 49 C9 67 8E 52 6A BD 8E 85 C1 3E D2 54 02 1D B9 E7 90 CE"), res)); + + tHash = new TupleHash(128, Strings.ToByteArray("My Tuple App")); + + tHash.BlockUpdate(Hex.Decode("000102"), 0, 3); + tHash.BlockUpdate(Hex.Decode("101112131415"), 0, 6); + tHash.BlockUpdate(Hex.Decode("202122232425262728"), 0, 9); + + res = new byte[32]; + tHash.DoOutput(res, 0, res.Length); + + IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("E6 0F 20 2C 89 A2 63 1E DA 8D 4C 58 8C A5 FD 07 F3 9E 51 51 99 8D EC CF 97 3A DB 38 04 BB 6E 84"), res)); + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("900fe16cad098d28e74d632ed852f99daab7f7df4d99e775657885b4bf76d6f8"), res)); + + tHash = new TupleHash(256, Strings.ToByteArray("My Tuple App")); + + tHash.BlockUpdate(Hex.Decode("000102"), 0, 3); + tHash.BlockUpdate(Hex.Decode("101112131415"), 0, 6); + tHash.BlockUpdate(Hex.Decode("202122232425262728"), 0, 9); + + res = new byte[64]; + tHash.DoOutput(res, 0, res.Length); + + IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("45 00 0B E6 3F 9B 6B FD 89 F5 47 17 67 0F 69 A9 BC 76 35 91 A4 F0 5C 50 D6 88 91 A7 44 BC C6 E7 D6 D5 B5 E8 2C 01 8D A9 99 ED 35 B0 BB 49 C9 67 8E 52 6A BD 8E 85 C1 3E D2 54 02 1D B9 E7 90 CE"), res)); + IsTrue("oops!", Arrays.AreEqual(Hex.Decode("0c59b11464f2336c34663ed51b2b950bec743610856f36c28d1d088d8a2446284dd09830a6a178dc752376199fae935d86cfdee5913d4922dfd369b66a53c897"), res)); + } +} +} |