diff options
Diffstat (limited to 'core/src/test/java/org/spongycastle/crypto/test/EAXTest.java')
-rw-r--r-- | core/src/test/java/org/spongycastle/crypto/test/EAXTest.java | 355 |
1 files changed, 355 insertions, 0 deletions
diff --git a/core/src/test/java/org/spongycastle/crypto/test/EAXTest.java b/core/src/test/java/org/spongycastle/crypto/test/EAXTest.java new file mode 100644 index 00000000..38c0a685 --- /dev/null +++ b/core/src/test/java/org/spongycastle/crypto/test/EAXTest.java @@ -0,0 +1,355 @@ +package org.spongycastle.crypto.test; + +import java.security.SecureRandom; + +import org.spongycastle.crypto.InvalidCipherTextException; +import org.spongycastle.crypto.engines.AESEngine; +import org.spongycastle.crypto.engines.AESFastEngine; +import org.spongycastle.crypto.modes.AEADBlockCipher; +import org.spongycastle.crypto.modes.EAXBlockCipher; +import org.spongycastle.crypto.params.AEADParameters; +import org.spongycastle.crypto.params.KeyParameter; +import org.spongycastle.crypto.params.ParametersWithIV; +import org.spongycastle.util.Strings; +import org.spongycastle.util.encoders.Hex; +import org.spongycastle.util.test.SimpleTest; + +public class EAXTest + extends SimpleTest +{ + private byte[] K1 = Hex.decode("233952DEE4D5ED5F9B9C6D6FF80FF478"); + private byte[] N1 = Hex.decode("62EC67F9C3A4A407FCB2A8C49031A8B3"); + private byte[] A1 = Hex.decode("6BFB914FD07EAE6B"); + private byte[] P1 = Hex.decode(""); + private byte[] C1 = Hex.decode("E037830E8389F27B025A2D6527E79D01"); + private byte[] T1 = Hex.decode("E037830E8389F27B025A2D6527E79D01"); + + private byte[] K2 = Hex.decode("91945D3F4DCBEE0BF45EF52255F095A4"); + private byte[] N2 = Hex.decode("BECAF043B0A23D843194BA972C66DEBD"); + private byte[] A2 = Hex.decode("FA3BFD4806EB53FA"); + private byte[] P2 = Hex.decode("F7FB"); + private byte[] C2 = Hex.decode("19DD5C4C9331049D0BDAB0277408F67967E5"); + private byte[] T2 = Hex.decode("5C4C9331049D0BDAB0277408F67967E5"); + + private byte[] K3 = Hex.decode("01F74AD64077F2E704C0F60ADA3DD523"); + private byte[] N3 = Hex.decode("70C3DB4F0D26368400A10ED05D2BFF5E"); + private byte[] A3 = Hex.decode("234A3463C1264AC6"); + private byte[] P3 = Hex.decode("1A47CB4933"); + private byte[] C3 = Hex.decode("D851D5BAE03A59F238A23E39199DC9266626C40F80"); + private byte[] T3 = Hex.decode("3A59F238A23E39199DC9266626C40F80"); + + private byte[] K4 = Hex.decode("D07CF6CBB7F313BDDE66B727AFD3C5E8"); + private byte[] N4 = Hex.decode("8408DFFF3C1A2B1292DC199E46B7D617"); + private byte[] A4 = Hex.decode("33CCE2EABFF5A79D"); + private byte[] P4 = Hex.decode("481C9E39B1"); + private byte[] C4 = Hex.decode("632A9D131AD4C168A4225D8E1FF755939974A7BEDE"); + private byte[] T4 = Hex.decode("D4C168A4225D8E1FF755939974A7BEDE"); + + private byte[] K5 = Hex.decode("35B6D0580005BBC12B0587124557D2C2"); + private byte[] N5 = Hex.decode("FDB6B06676EEDC5C61D74276E1F8E816"); + private byte[] A5 = Hex.decode("AEB96EAEBE2970E9"); + private byte[] P5 = Hex.decode("40D0C07DA5E4"); + private byte[] C5 = Hex.decode("071DFE16C675CB0677E536F73AFE6A14B74EE49844DD"); + private byte[] T5 = Hex.decode("CB0677E536F73AFE6A14B74EE49844DD"); + + private byte[] K6 = Hex.decode("BD8E6E11475E60B268784C38C62FEB22"); + private byte[] N6 = Hex.decode("6EAC5C93072D8E8513F750935E46DA1B"); + private byte[] A6 = Hex.decode("D4482D1CA78DCE0F"); + private byte[] P6 = Hex.decode("4DE3B35C3FC039245BD1FB7D"); + private byte[] C6 = Hex.decode("835BB4F15D743E350E728414ABB8644FD6CCB86947C5E10590210A4F"); + private byte[] T6 = Hex.decode("ABB8644FD6CCB86947C5E10590210A4F"); + + private byte[] K7 = Hex.decode("7C77D6E813BED5AC98BAA417477A2E7D"); + private byte[] N7 = Hex.decode("1A8C98DCD73D38393B2BF1569DEEFC19"); + private byte[] A7 = Hex.decode("65D2017990D62528"); + private byte[] P7 = Hex.decode("8B0A79306C9CE7ED99DAE4F87F8DD61636"); + private byte[] C7 = Hex.decode("02083E3979DA014812F59F11D52630DA30137327D10649B0AA6E1C181DB617D7F2"); + private byte[] T7 = Hex.decode("137327D10649B0AA6E1C181DB617D7F2"); + + private byte[] K8 = Hex.decode("5FFF20CAFAB119CA2FC73549E20F5B0D"); + private byte[] N8 = Hex.decode("DDE59B97D722156D4D9AFF2BC7559826"); + private byte[] A8 = Hex.decode("54B9F04E6A09189A"); + private byte[] P8 = Hex.decode("1BDA122BCE8A8DBAF1877D962B8592DD2D56"); + private byte[] C8 = Hex.decode("2EC47B2C4954A489AFC7BA4897EDCDAE8CC33B60450599BD02C96382902AEF7F832A"); + private byte[] T8 = Hex.decode("3B60450599BD02C96382902AEF7F832A"); + + private byte[] K9 = Hex.decode("A4A4782BCFFD3EC5E7EF6D8C34A56123"); + private byte[] N9 = Hex.decode("B781FCF2F75FA5A8DE97A9CA48E522EC"); + private byte[] A9 = Hex.decode("899A175897561D7E"); + private byte[] P9 = Hex.decode("6CF36720872B8513F6EAB1A8A44438D5EF11"); + private byte[] C9 = Hex.decode("0DE18FD0FDD91E7AF19F1D8EE8733938B1E8E7F6D2231618102FDB7FE55FF1991700"); + private byte[] T9 = Hex.decode("E7F6D2231618102FDB7FE55FF1991700"); + + private byte[] K10 = Hex.decode("8395FCF1E95BEBD697BD010BC766AAC3"); + private byte[] N10 = Hex.decode("22E7ADD93CFC6393C57EC0B3C17D6B44"); + private byte[] A10 = Hex.decode("126735FCC320D25A"); + private byte[] P10 = Hex.decode("CA40D7446E545FFAED3BD12A740A659FFBBB3CEAB7"); + private byte[] C10 = Hex.decode("CB8920F87A6C75CFF39627B56E3ED197C552D295A7CFC46AFC253B4652B1AF3795B124AB6E"); + private byte[] T10 = Hex.decode("CFC46AFC253B4652B1AF3795B124AB6E"); + + private byte[] K11 = Hex.decode("8395FCF1E95BEBD697BD010BC766AAC3"); + private byte[] N11 = Hex.decode("22E7ADD93CFC6393C57EC0B3C17D6B44"); + private byte[] A11 = Hex.decode("126735FCC320D25A"); + private byte[] P11 = Hex.decode("CA40D7446E545FFAED3BD12A740A659FFBBB3CEAB7"); + private byte[] C11 = Hex.decode("CB8920F87A6C75CFF39627B56E3ED197C552D295A7CFC46AFC"); + private byte[] T11 = Hex.decode("CFC46AFC"); + + private static final int NONCE_LEN = 8; + private static final int MAC_LEN = 8; + private static final int AUTHEN_LEN = 20; + + public String getName() + { + return "EAX"; + } + + public void performTest() + throws Exception + { + checkVectors(1, K1, 128, N1, A1, P1, T1, C1); + checkVectors(2, K2, 128, N2, A2, P2, T2, C2); + checkVectors(3, K3, 128, N3, A3, P3, T3, C3); + checkVectors(4, K4, 128, N4, A4, P4, T4, C4); + checkVectors(5, K5, 128, N5, A5, P5, T5, C5); + checkVectors(6, K6, 128, N6, A6, P6, T6, C6); + checkVectors(7, K7, 128, N7, A7, P7, T7, C7); + checkVectors(8, K8, 128, N8, A8, P8, T8, C8); + checkVectors(9, K9, 128, N9, A9, P9, T9, C9); + checkVectors(10, K10, 128, N10, A10, P10, T10, C10); + checkVectors(11, K11, 32, N11, A11, P11, T11, C11); + + EAXBlockCipher eax = new EAXBlockCipher(new AESFastEngine()); + ivParamTest(1, eax, K1, N1); + + // + // exception tests + // + + try + { + eax.init(false, new AEADParameters(new KeyParameter(K1), 32, N2, A2)); + + byte[] enc = new byte[C2.length]; + int len = eax.processBytes(C2, 0, C2.length, enc, 0); + + len += eax.doFinal(enc, len); + + fail("invalid cipher text not picked up"); + } + catch (InvalidCipherTextException e) + { + // expected + } + + try + { + eax.init(false, new KeyParameter(K1)); + + fail("illegal argument not picked up"); + } + catch (IllegalArgumentException e) + { + // expected + } + + randomTests(); + AEADTestUtil.testReset(this, new EAXBlockCipher(new AESEngine()), new EAXBlockCipher(new AESEngine()), new AEADParameters(new KeyParameter(K1), 32, N2)); + AEADTestUtil.testTampering(this, eax, new AEADParameters(new KeyParameter(K1), 32, N2)); + AEADTestUtil.testOutputSizes(this, new EAXBlockCipher(new AESEngine()), new AEADParameters( + new KeyParameter(K1), 32, N2)); + AEADTestUtil.testBufferSizeChecks(this, new EAXBlockCipher(new AESEngine()), new AEADParameters( + new KeyParameter(K1), 32, N2)); + } + + private void checkVectors( + int count, + byte[] k, + int macSize, + byte[] n, + byte[] a, + byte[] p, + byte[] t, + byte[] c) + throws InvalidCipherTextException + { + byte[] fa = new byte[a.length / 2]; + byte[] la = new byte[a.length - (a.length / 2)]; + System.arraycopy(a, 0, fa, 0, fa.length); + System.arraycopy(a, fa.length, la, 0, la.length); + + checkVectors(count, "all initial associated data", k, macSize, n, a, null, p, t, c); + checkVectors(count, "subsequent associated data", k, macSize, n, null, a, p, t, c); + checkVectors(count, "split associated data", k, macSize, n, fa, la, p, t, c); + } + + private void checkVectors( + int count, + String additionalDataType, + byte[] k, + int macSize, + byte[] n, + byte[] a, + byte[] sa, + byte[] p, + byte[] t, + byte[] c) + throws InvalidCipherTextException + { + EAXBlockCipher encEax = new EAXBlockCipher(new AESFastEngine()); + EAXBlockCipher decEax = new EAXBlockCipher(new AESFastEngine()); + + AEADParameters parameters = new AEADParameters(new KeyParameter(k), macSize, n, a); + encEax.init(true, parameters); + decEax.init(false, parameters); + + runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c); + runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c); + + // key reuse test + parameters = new AEADParameters(null, macSize, n, a); + encEax.init(true, parameters); + decEax.init(false, parameters); + + runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c); + runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c); + } + + private void runCheckVectors( + int count, + EAXBlockCipher encEax, + EAXBlockCipher decEax, + String additionalDataType, + byte[] sa, + byte[] p, + byte[] t, + byte[] c) + throws InvalidCipherTextException + { + byte[] enc = new byte[c.length]; + + if (sa != null) + { + encEax.processAADBytes(sa, 0, sa.length); + } + + int len = encEax.processBytes(p, 0, p.length, enc, 0); + + len += encEax.doFinal(enc, len); + + if (!areEqual(c, enc)) + { + fail("encrypted stream fails to match in test " + count + " with " + additionalDataType); + } + + byte[] tmp = new byte[enc.length]; + + if (sa != null) + { + decEax.processAADBytes(sa, 0, sa.length); + } + + len = decEax.processBytes(enc, 0, enc.length, tmp, 0); + + len += decEax.doFinal(tmp, len); + + byte[] dec = new byte[len]; + + System.arraycopy(tmp, 0, dec, 0, len); + + if (!areEqual(p, dec)) + { + fail("decrypted stream fails to match in test " + count + " with " + additionalDataType); + } + + if (!areEqual(t, decEax.getMac())) + { + fail("MAC fails to match in test " + count + " with " + additionalDataType); + } + } + + private void ivParamTest( + int count, + AEADBlockCipher eax, + byte[] k, + byte[] n) + throws InvalidCipherTextException + { + byte[] p = Strings.toByteArray("hello world!!"); + + eax.init(true, new ParametersWithIV(new KeyParameter(k), n)); + + byte[] enc = new byte[p.length + 8]; + + int len = eax.processBytes(p, 0, p.length, enc, 0); + + len += eax.doFinal(enc, len); + + eax.init(false, new ParametersWithIV(new KeyParameter(k), n)); + + byte[] tmp = new byte[enc.length]; + + len = eax.processBytes(enc, 0, enc.length, tmp, 0); + + len += eax.doFinal(tmp, len); + + byte[] dec = new byte[len]; + + System.arraycopy(tmp, 0, dec, 0, len); + + if (!areEqual(p, dec)) + { + fail("decrypted stream fails to match in test " + count); + } + } + + private void randomTests() + throws InvalidCipherTextException + { + SecureRandom srng = new SecureRandom(); + for (int i = 0; i < 10; ++i) + { + randomTest(srng); + } + } + + private void randomTest( + SecureRandom srng) + throws InvalidCipherTextException + { + int DAT_LEN = srng.nextInt() >>> 22; // Note: JDK1.0 compatibility + byte[] nonce = new byte[NONCE_LEN]; + byte[] authen = new byte[AUTHEN_LEN]; + byte[] datIn = new byte[DAT_LEN]; + byte[] key = new byte[16]; + srng.nextBytes(nonce); + srng.nextBytes(authen); + srng.nextBytes(datIn); + srng.nextBytes(key); + + AESFastEngine engine = new AESFastEngine(); + KeyParameter sessKey = new KeyParameter(key); + EAXBlockCipher eaxCipher = new EAXBlockCipher(engine); + + AEADParameters params = new AEADParameters(sessKey, MAC_LEN * 8, nonce, authen); + eaxCipher.init(true, params); + + byte[] intrDat = new byte[eaxCipher.getOutputSize(datIn.length)]; + int outOff = eaxCipher.processBytes(datIn, 0, DAT_LEN, intrDat, 0); + outOff += eaxCipher.doFinal(intrDat, outOff); + + eaxCipher.init(false, params); + byte[] datOut = new byte[eaxCipher.getOutputSize(outOff)]; + int resultLen = eaxCipher.processBytes(intrDat, 0, outOff, datOut, 0); + eaxCipher.doFinal(datOut, resultLen); + + if (!areEqual(datIn, datOut)) + { + fail("EAX roundtrip failed to match"); + } + } + + public static void main(String[] args) + { + runTest(new EAXTest()); + } +} |