Google Git
Sign in
android / platform / external / bouncycastle / 1b335c5efbcf241b55345622fe9978047c3fdf9e / . / bcprov / src / main / java / org / bouncycastle / crypto / test / EAXTest.java
blob: 7eb8582ec4d700843222722b31a47330ee5b0f88 [file] [log] [blame]
package org.bouncycastle.crypto.test;
import java.security.SecureRandom;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.modes.AEADBlockCipher;
import org.bouncycastle.crypto.modes.EAXBlockCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.SimpleTest;
public class EAXTest
extends SimpleTest
{
private byte[] K1 = Hex.decode("233952DEE4D5ED5F9B9C6D6FF80FF478");
private byte[] N1 = Hex.decode("62EC67F9C3A4A407FCB2A8C49031A8B3");
private byte[] A1 = Hex.decode("6BFB914FD07EAE6B");
private byte[] P1 = Hex.decode("");
private byte[] C1 = Hex.decode("E037830E8389F27B025A2D6527E79D01");
private byte[] T1 = Hex.decode("E037830E8389F27B025A2D6527E79D01");
private byte[] K2 = Hex.decode("91945D3F4DCBEE0BF45EF52255F095A4");
private byte[] N2 = Hex.decode("BECAF043B0A23D843194BA972C66DEBD");
private byte[] A2 = Hex.decode("FA3BFD4806EB53FA");
private byte[] P2 = Hex.decode("F7FB");
private byte[] C2 = Hex.decode("19DD5C4C9331049D0BDAB0277408F67967E5");
private byte[] T2 = Hex.decode("5C4C9331049D0BDAB0277408F67967E5");
private byte[] K3 = Hex.decode("01F74AD64077F2E704C0F60ADA3DD523");
private byte[] N3 = Hex.decode("70C3DB4F0D26368400A10ED05D2BFF5E");
private byte[] A3 = Hex.decode("234A3463C1264AC6");
private byte[] P3 = Hex.decode("1A47CB4933");
private byte[] C3 = Hex.decode("D851D5BAE03A59F238A23E39199DC9266626C40F80");
private byte[] T3 = Hex.decode("3A59F238A23E39199DC9266626C40F80");
private byte[] K4 = Hex.decode("D07CF6CBB7F313BDDE66B727AFD3C5E8");
private byte[] N4 = Hex.decode("8408DFFF3C1A2B1292DC199E46B7D617");
private byte[] A4 = Hex.decode("33CCE2EABFF5A79D");
private byte[] P4 = Hex.decode("481C9E39B1");
private byte[] C4 = Hex.decode("632A9D131AD4C168A4225D8E1FF755939974A7BEDE");
private byte[] T4 = Hex.decode("D4C168A4225D8E1FF755939974A7BEDE");
private byte[] K5 = Hex.decode("35B6D0580005BBC12B0587124557D2C2");
private byte[] N5 = Hex.decode("FDB6B06676EEDC5C61D74276E1F8E816");
private byte[] A5 = Hex.decode("AEB96EAEBE2970E9");
private byte[] P5 = Hex.decode("40D0C07DA5E4");
private byte[] C5 = Hex.decode("071DFE16C675CB0677E536F73AFE6A14B74EE49844DD");
private byte[] T5 = Hex.decode("CB0677E536F73AFE6A14B74EE49844DD");
private byte[] K6 = Hex.decode("BD8E6E11475E60B268784C38C62FEB22");
private byte[] N6 = Hex.decode("6EAC5C93072D8E8513F750935E46DA1B");
private byte[] A6 = Hex.decode("D4482D1CA78DCE0F");
private byte[] P6 = Hex.decode("4DE3B35C3FC039245BD1FB7D");
private byte[] C6 = Hex.decode("835BB4F15D743E350E728414ABB8644FD6CCB86947C5E10590210A4F");
private byte[] T6 = Hex.decode("ABB8644FD6CCB86947C5E10590210A4F");
private byte[] K7 = Hex.decode("7C77D6E813BED5AC98BAA417477A2E7D");
private byte[] N7 = Hex.decode("1A8C98DCD73D38393B2BF1569DEEFC19");
private byte[] A7 = Hex.decode("65D2017990D62528");
private byte[] P7 = Hex.decode("8B0A79306C9CE7ED99DAE4F87F8DD61636");
private byte[] C7 = Hex.decode("02083E3979DA014812F59F11D52630DA30137327D10649B0AA6E1C181DB617D7F2");
private byte[] T7 = Hex.decode("137327D10649B0AA6E1C181DB617D7F2");
private byte[] K8 = Hex.decode("5FFF20CAFAB119CA2FC73549E20F5B0D");
private byte[] N8 = Hex.decode("DDE59B97D722156D4D9AFF2BC7559826");
private byte[] A8 = Hex.decode("54B9F04E6A09189A");
private byte[] P8 = Hex.decode("1BDA122BCE8A8DBAF1877D962B8592DD2D56");
private byte[] C8 = Hex.decode("2EC47B2C4954A489AFC7BA4897EDCDAE8CC33B60450599BD02C96382902AEF7F832A");
private byte[] T8 = Hex.decode("3B60450599BD02C96382902AEF7F832A");
private byte[] K9 = Hex.decode("A4A4782BCFFD3EC5E7EF6D8C34A56123");
private byte[] N9 = Hex.decode("B781FCF2F75FA5A8DE97A9CA48E522EC");
private byte[] A9 = Hex.decode("899A175897561D7E");
private byte[] P9 = Hex.decode("6CF36720872B8513F6EAB1A8A44438D5EF11");
private byte[] C9 = Hex.decode("0DE18FD0FDD91E7AF19F1D8EE8733938B1E8E7F6D2231618102FDB7FE55FF1991700");
private byte[] T9 = Hex.decode("E7F6D2231618102FDB7FE55FF1991700");
private byte[] K10 = Hex.decode("8395FCF1E95BEBD697BD010BC766AAC3");
private byte[] N10 = Hex.decode("22E7ADD93CFC6393C57EC0B3C17D6B44");
private byte[] A10 = Hex.decode("126735FCC320D25A");
private byte[] P10 = Hex.decode("CA40D7446E545FFAED3BD12A740A659FFBBB3CEAB7");
private byte[] C10 = Hex.decode("CB8920F87A6C75CFF39627B56E3ED197C552D295A7CFC46AFC253B4652B1AF3795B124AB6E");
private byte[] T10 = Hex.decode("CFC46AFC253B4652B1AF3795B124AB6E");
private byte[] K11 = Hex.decode("8395FCF1E95BEBD697BD010BC766AAC3");
private byte[] N11 = Hex.decode("22E7ADD93CFC6393C57EC0B3C17D6B44");
private byte[] A11 = Hex.decode("126735FCC320D25A");
private byte[] P11 = Hex.decode("CA40D7446E545FFAED3BD12A740A659FFBBB3CEAB7");
private byte[] C11 = Hex.decode("CB8920F87A6C75CFF39627B56E3ED197C552D295A7CFC46AFC");
private byte[] T11 = Hex.decode("CFC46AFC");
private static final int NONCE_LEN = 8;
private static final int MAC_LEN = 8;
private static final int AUTHEN_LEN = 20;
public String getName()
{
return "EAX";
}
public void performTest()
throws Exception
{
checkVectors(1, K1, 128, N1, A1, P1, T1, C1);
checkVectors(2, K2, 128, N2, A2, P2, T2, C2);
checkVectors(3, K3, 128, N3, A3, P3, T3, C3);
checkVectors(4, K4, 128, N4, A4, P4, T4, C4);
checkVectors(5, K5, 128, N5, A5, P5, T5, C5);
checkVectors(6, K6, 128, N6, A6, P6, T6, C6);
checkVectors(7, K7, 128, N7, A7, P7, T7, C7);
checkVectors(8, K8, 128, N8, A8, P8, T8, C8);
checkVectors(9, K9, 128, N9, A9, P9, T9, C9);
checkVectors(10, K10, 128, N10, A10, P10, T10, C10);
checkVectors(11, K11, 32, N11, A11, P11, T11, C11);
EAXBlockCipher eax = new EAXBlockCipher(new AESEngine());
ivParamTest(1, eax, K1, N1);
//
// exception tests
//
try
{
eax.init(false, new AEADParameters(new KeyParameter(K1), 32, N2, A2));
byte[] enc = new byte[C2.length];
int len = eax.processBytes(C2, 0, C2.length, enc, 0);
len += eax.doFinal(enc, len);
fail("invalid cipher text not picked up");
}
catch (InvalidCipherTextException e)
{
// expected
}
try
{
eax.init(false, new KeyParameter(K1));
fail("illegal argument not picked up");
}
catch (IllegalArgumentException e)
{
// expected
}
randomTests();
AEADTestUtil.testReset(this, new EAXBlockCipher(new AESEngine()), new EAXBlockCipher(new AESEngine()), new AEADParameters(new KeyParameter(K1), 32, N2));
AEADTestUtil.testTampering(this, eax, new AEADParameters(new KeyParameter(K1), 32, N2));
AEADTestUtil.testOutputSizes(this, new EAXBlockCipher(new AESEngine()), new AEADParameters(
new KeyParameter(K1), 32, N2));
AEADTestUtil.testBufferSizeChecks(this, new EAXBlockCipher(new AESEngine()), new AEADParameters(
new KeyParameter(K1), 32, N2));
}
private void checkVectors(
int count,
byte[] k,
int macSize,
byte[] n,
byte[] a,
byte[] p,
byte[] t,
byte[] c)
throws InvalidCipherTextException
{
byte[] fa = new byte[a.length / 2];
byte[] la = new byte[a.length - (a.length / 2)];
System.arraycopy(a, 0, fa, 0, fa.length);
System.arraycopy(a, fa.length, la, 0, la.length);
checkVectors(count, "all initial associated data", k, macSize, n, a, null, p, t, c);
checkVectors(count, "subsequent associated data", k, macSize, n, null, a, p, t, c);
checkVectors(count, "split associated data", k, macSize, n, fa, la, p, t, c);
}
private void checkVectors(
int count,
String additionalDataType,
byte[] k,
int macSize,
byte[] n,
byte[] a,
byte[] sa,
byte[] p,
byte[] t,
byte[] c)
throws InvalidCipherTextException
{
EAXBlockCipher encEax = new EAXBlockCipher(new AESEngine());
EAXBlockCipher decEax = new EAXBlockCipher(new AESEngine());
AEADParameters parameters = new AEADParameters(new KeyParameter(k), macSize, n, a);
encEax.init(true, parameters);
decEax.init(false, parameters);
runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c);
runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c);
// key reuse test
parameters = new AEADParameters(null, macSize, n, a);
encEax.init(true, parameters);
decEax.init(false, parameters);
runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c);
runCheckVectors(count, encEax, decEax, additionalDataType, sa, p, t, c);
}
private void runCheckVectors(
int count,
EAXBlockCipher encEax,
EAXBlockCipher decEax,
String additionalDataType,
byte[] sa,
byte[] p,
byte[] t,
byte[] c)
throws InvalidCipherTextException
{
byte[] enc = new byte[c.length];
if (sa != null)
{
encEax.processAADBytes(sa, 0, sa.length);
}
int len = encEax.processBytes(p, 0, p.length, enc, 0);
len += encEax.doFinal(enc, len);
if (!areEqual(c, enc))
{
fail("encrypted stream fails to match in test " + count + " with " + additionalDataType);
}
byte[] tmp = new byte[enc.length];
if (sa != null)
{
decEax.processAADBytes(sa, 0, sa.length);
}
len = decEax.processBytes(enc, 0, enc.length, tmp, 0);
len += decEax.doFinal(tmp, len);
byte[] dec = new byte[len];
System.arraycopy(tmp, 0, dec, 0, len);
if (!areEqual(p, dec))
{
fail("decrypted stream fails to match in test " + count + " with " + additionalDataType);
}
if (!areEqual(t, decEax.getMac()))
{
fail("MAC fails to match in test " + count + " with " + additionalDataType);
}
}
private void ivParamTest(
int count,
AEADBlockCipher eax,
byte[] k,
byte[] n)
throws InvalidCipherTextException
{
byte[] p = Strings.toByteArray("hello world!!");
eax.init(true, new ParametersWithIV(new KeyParameter(k), n));
byte[] enc = new byte[p.length + 8];
int len = eax.processBytes(p, 0, p.length, enc, 0);
len += eax.doFinal(enc, len);
eax.init(false, new ParametersWithIV(new KeyParameter(k), n));
byte[] tmp = new byte[enc.length];
len = eax.processBytes(enc, 0, enc.length, tmp, 0);
len += eax.doFinal(tmp, len);
byte[] dec = new byte[len];
System.arraycopy(tmp, 0, dec, 0, len);
if (!areEqual(p, dec))
{
fail("decrypted stream fails to match in test " + count);
}
}
private void randomTests()
throws InvalidCipherTextException
{
SecureRandom srng = new SecureRandom();
for (int i = 0; i < 10; ++i)
{
randomTest(srng);
}
}
private void randomTest(
SecureRandom srng)
throws InvalidCipherTextException
{
int DAT_LEN = srng.nextInt() >>> 22; // Note: JDK1.0 compatibility
byte[] nonce = new byte[NONCE_LEN];
byte[] authen = new byte[AUTHEN_LEN];
byte[] datIn = new byte[DAT_LEN];
byte[] key = new byte[16];
srng.nextBytes(nonce);
srng.nextBytes(authen);
srng.nextBytes(datIn);
srng.nextBytes(key);
AESEngine engine = new AESEngine();
KeyParameter sessKey = new KeyParameter(key);
EAXBlockCipher eaxCipher = new EAXBlockCipher(engine);
AEADParameters params = new AEADParameters(sessKey, MAC_LEN * 8, nonce, authen);
eaxCipher.init(true, params);
byte[] intrDat = new byte[eaxCipher.getOutputSize(datIn.length)];
int outOff = eaxCipher.processBytes(datIn, 0, DAT_LEN, intrDat, 0);
outOff += eaxCipher.doFinal(intrDat, outOff);
eaxCipher.init(false, params);
byte[] datOut = new byte[eaxCipher.getOutputSize(outOff)];
int resultLen = eaxCipher.processBytes(intrDat, 0, outOff, datOut, 0);
eaxCipher.doFinal(datOut, resultLen);
if (!areEqual(datIn, datOut))
{
fail("EAX roundtrip failed to match");
}
}
public static void main(String[] args)
{
runTest(new EAXTest());
}
}