bcprov/src/main/java/org/bouncycastle/jce/provider/test/HMacTest.java

package org.bouncycastle.jce.provider.test;

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Security;
import java.util.Arrays;

import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.RC5ParameterSpec;
import javax.crypto.spec.SecretKeySpec;

import org.bouncycastle.asn1.iana.IANAObjectIdentifiers;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.rosstandart.RosstandartObjectIdentifiers;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.SimpleTest;

/**
 * HMAC tester
 */
public class HMacTest
    extends SimpleTest
{
    static byte[] keyBytes = Hex.decode("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
    static byte[] message = Hex.decode("4869205468657265");
    static byte[] output1 = Hex.decode("b617318655057264e28bc0b6fb378c8ef146be00");
    static byte[] outputMD5 = Hex.decode("5ccec34ea9656392457fa1ac27f08fbc");
    static byte[] outputMD2 = Hex.decode("dc1923ef5f161d35bef839ca8c807808");
    static byte[] outputMD4 = Hex.decode("5570ce964ba8c11756cdc3970278ff5a");
    static byte[] output224 = Hex.decode("896fb1128abbdf196832107cd49df33f47b4b1169912ba4f53684b22");
    static byte[] output256 = Hex.decode("b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7");
    static byte[] output384 = Hex.decode("afd03944d84895626b0825f4ab46907f15f9dadbe4101ec682aa034c7cebc59cfaea9ea9076ede7f4af152e8b2fa9cb6");
    static byte[] output512 = Hex.decode("87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854");
    static byte[] output512_224 = Hex.decode("b244ba01307c0e7a8ccaad13b1067a4cf6b961fe0c6a20bda3d92039");
    static byte[] output512_256 = Hex.decode("9f9126c3d9c3c330d760425ca8a217e31feae31bfe70196ff81642b868402eab");
    static byte[] outputRipeMD128 = Hex.decode("fda5717fb7e20cf05d30bb286a44b05d");
    static byte[] outputRipeMD160 = Hex.decode("24cb4bd67d20fc1a5d2ed7732dcc39377f0a5668");
    static byte[] outputTiger = Hex.decode("1d7a658c75f8f004916e7b07e2a2e10aec7de2ae124d3647");
    static byte[] outputOld384 = Hex.decode("0a046aaa0255e432912228f8ccda437c8a8363fb160afb0570ab5b1fd5ddc20eb1888b9ed4e5b6cb5bc034cd9ef70e40");
    static byte[] outputOld512 = Hex.decode("9656975ee5de55e75f2976ecce9a04501060b9dc22a6eda2eaef638966280182477fe09f080b2bf564649cad42af8607a2bd8d02979df3a980f15e2326a0a22a");

    static byte[] outputKck224 = Hex.decode("b73d595a2ba9af815e9f2b4e53e78581ebd34a80b3bbaac4e702c4cc");
    static byte[] outputKck256 = Hex.decode("9663d10c73ee294054dc9faf95647cb99731d12210ff7075fb3d3395abfb9821");
    static byte[] outputKck288 = Hex.decode("36145df8742160a1811139494d708f9a12757c30dedc622a98aa6ecb69da32a34ea55441");
    static byte[] outputKck384 = Hex.decode("892dfdf5d51e4679bf320cd16d4c9dc6f749744608e003add7fba894acff87361efa4e5799be06b6461f43b60ae97048");
    static byte[] outputKck512 = Hex.decode("8852c63be8cfc21541a4ee5e5a9a852fc2f7a9adec2ff3a13718ab4ed81aaea0b87b7eb397323548e261a64e7fc75198f6663a11b22cd957f7c8ec858a1c7755");

    static byte[] outputSha3_224 = Hex.decode("3b16546bbc7be2706a031dcafd56373d9884367641d8c59af3c860f7");
    static byte[] outputSha3_256 = Hex.decode("ba85192310dffa96e2a3a40e69774351140bb7185e1202cdcc917589f95e16bb");
    static byte[] outputSha3_384 = Hex.decode("68d2dcf7fd4ddd0a2240c8a437305f61fb7334cfb5d0226e1bc27dc10a2e723a20d370b47743130e26ac7e3d532886bd");
    static byte[] outputSha3_512 = Hex.decode("eb3fbd4b2eaab8f5c504bd3a41465aacec15770a7cabac531e482f860b5ec7ba47ccb2c6f2afce8f88d22b6dc61380f23a668fd3888bb80537c0a0b86407689e");

    static byte[] outputGost2012_256 = Hex.decode("f03422dfa37a507ca126ce01b8eba6b7fdda8f8a60dd8f2703e3a372120b8294");
    static byte[] outputGost2012_512 = Hex.decode("86b6a06bfa9f1974aff6ccd7fa3f835f0bd850395d6084efc47b9dda861a2cdf0dcaf959160733d5269f6567966dd7a9f932a77cd6f080012cd476f1c2cc31bb");

    public HMacTest()
    {
    }

    public void testHMac(
        String hmacName,
        byte[] output)
        throws Exception
    {
        SecretKey key = new SecretKeySpec(keyBytes, hmacName);
        byte[] out;
        Mac mac;

        mac = Mac.getInstance(hmacName, "BC");

        mac.init(key);

        mac.reset();

        mac.update(message, 0, message.length);

        out = mac.doFinal();

        if (!areEqual(out, output))
        {
            fail("Failed - expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
        }

        // no key generator for the old algorithms
        if (hmacName.startsWith("Old"))
        {
            return;
        }

        KeyGenerator kGen = KeyGenerator.getInstance(hmacName, "BC");

        mac.init(kGen.generateKey());

        mac.update(message);

        out = mac.doFinal();
    }

    public void testHMac(
        String hmacName,
        int defKeySize,
        byte[] output)
        throws Exception
    {
        SecretKey key = new SecretKeySpec(keyBytes, hmacName);
        byte[] out;
        Mac mac;

        mac = Mac.getInstance(hmacName, "BC");

        mac.init(key);

        mac.reset();

        mac.update(message, 0, message.length);

        out = mac.doFinal();

        if (!areEqual(out, output))
        {
            fail("Failed - expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(out)));
        }

        KeyGenerator kGen = KeyGenerator.getInstance(hmacName, "BC");

        SecretKey secretKey = kGen.generateKey();

        mac.init(secretKey);

        mac.update(message);

        out = mac.doFinal();

        isTrue("default key wrong length", secretKey.getEncoded().length == defKeySize / 8);
    }


    private void testExceptions()
        throws Exception
    {
        Mac mac = null;

        mac = Mac.getInstance("HmacSHA1", "BC");

        byte[] b = {(byte)1, (byte)2, (byte)3, (byte)4, (byte)5};
        SecretKeySpec sks = new SecretKeySpec(b, "HmacSHA1");
        RC5ParameterSpec algPS = new RC5ParameterSpec(100, 100, 100);

        try
        {
            mac.init(sks, algPS);
        }
        catch (InvalidAlgorithmParameterException e)
        {
            // ignore okay
        }

        try
        {
            mac.init(null, null);
        }
        catch (InvalidKeyException e)
        {
            // ignore okay
        }
        catch (InvalidAlgorithmParameterException e)
        {
            // ignore okay
        }

        try
        {
            mac.init(null);
        }
        catch (InvalidKeyException e)
        {
            // ignore okay
        }
    }

    public void performTest()
        throws Exception
    {
        testHMac("HMac-SHA1", 160, output1);
        testHMac("HMac-MD5", outputMD5);
        testHMac("HMac-MD4", outputMD4);
        testHMac("HMac-MD2", outputMD2);
        testHMac("HMac-SHA224", 224, output224);
        testHMac("HMac-SHA256", 256, output256);
        testHMac("HMac-SHA384", 384, output384);
        testHMac("HMac-SHA512", 512, output512);
        testHMac("HMac-SHA512/224", output512_224);
        testHMac("HMac-SHA512/256", output512_256);
        testHMac("HMac-RIPEMD128", 128, outputRipeMD128);
        testHMac("HMac-RIPEMD160", 160, outputRipeMD160);
        testHMac("HMac-TIGER", 192, outputTiger);
        testHMac("HMac-KECCAK224", 224, outputKck224);
        testHMac("HMac-KECCAK256", 256, outputKck256);
        testHMac("HMac-KECCAK288", 288, outputKck288);
        testHMac("HMac-KECCAK384", 384, outputKck384);
        testHMac("HMac-KECCAK512", 512, outputKck512);
        testHMac("HMac-SHA3-224", 224, outputSha3_224);
        testHMac("HMac-SHA3-256", 256, outputSha3_256);
        testHMac("HMac-SHA3-384", 384, outputSha3_384);
        testHMac("HMac-SHA3-512", 512, outputSha3_512);

        testHMac("HMac-GOST3411-2012-256", 256, outputGost2012_256);
        testHMac("HMac-GOST3411-2012-512", 512, outputGost2012_512);

        testHMac("HMac/SHA1", output1);
        testHMac("HMac/MD5", outputMD5);
        testHMac("HMac/MD4", outputMD4);
        testHMac("HMac/MD2", outputMD2);
        testHMac("HMac/SHA224", 224, output224);
        testHMac("HMac/SHA256", 256, output256);
        testHMac("HMac/SHA384", 384, output384);
        testHMac("HMac/SHA512", 512, output512);
        testHMac("HMac/RIPEMD128", 128, outputRipeMD128);
        testHMac("HMac/RIPEMD160", 160, outputRipeMD160);
        testHMac("HMac/TIGER", 192, outputTiger);
        testHMac("HMac/KECCAK224", 224, outputKck224);
        testHMac("HMac/KECCAK256", 256, outputKck256);
        testHMac("HMac/KECCAK288", 288, outputKck288);
        testHMac("HMac/KECCAK384", 384, outputKck384);
        testHMac("HMac/KECCAK512", 512, outputKck512);
        testHMac("HMac/SHA3-224", 224, outputSha3_224);
        testHMac("HMac/SHA3-256", 256, outputSha3_256);
        testHMac("HMac/SHA3-384", 384, outputSha3_384);
        testHMac("HMac/SHA3-512", 512, outputSha3_512);
        testHMac("HMac/GOST3411-2012-256", 256, outputGost2012_256);
        testHMac("HMac/GOST3411-2012-512", 512, outputGost2012_512);

        testHMac(PKCSObjectIdentifiers.id_hmacWithSHA1.getId(), 160, output1);
        testHMac(PKCSObjectIdentifiers.id_hmacWithSHA224.getId(), 224, output224);
        testHMac(PKCSObjectIdentifiers.id_hmacWithSHA256.getId(), 256, output256);
        testHMac(PKCSObjectIdentifiers.id_hmacWithSHA384.getId(), 384, output384);
        testHMac(PKCSObjectIdentifiers.id_hmacWithSHA512.getId(), 512, output512);
        testHMac(IANAObjectIdentifiers.hmacSHA1.getId(), 160, output1);
        testHMac(IANAObjectIdentifiers.hmacMD5.getId(), outputMD5);
        testHMac(IANAObjectIdentifiers.hmacRIPEMD160.getId(), 160, outputRipeMD160);
        testHMac(IANAObjectIdentifiers.hmacTIGER.getId(), 192, outputTiger);

        testHMac(NISTObjectIdentifiers.id_hmacWithSHA3_224.getId(), 224, outputSha3_224);
        testHMac(NISTObjectIdentifiers.id_hmacWithSHA3_256.getId(), 256, outputSha3_256);
        testHMac(NISTObjectIdentifiers.id_hmacWithSHA3_384.getId(), 384, outputSha3_384);
        testHMac(NISTObjectIdentifiers.id_hmacWithSHA3_512.getId(), 512, outputSha3_512);

        testHMac(RosstandartObjectIdentifiers.id_tc26_hmac_gost_3411_12_256.getId(), 256, outputGost2012_256);
        testHMac(RosstandartObjectIdentifiers.id_tc26_hmac_gost_3411_12_512.getId(), 512, outputGost2012_512);

        // test for compatibility with broken HMac.
        testHMac("OldHMacSHA384", outputOld384);
        testHMac("OldHMacSHA512", outputOld512);

        testExceptions();

        testPBEWITHHMACSHAVariants();
    }

    private static final int[] SUN_JCA_VARIANTS = {
        1, 224, 256, 384, 512
    };

    private static final byte[][] SUN_JCA_KNOWN_ANSWERS_FOR_SHA_VARIANTS = {
        Hex.decode("2cb29f938331443af79de5863a1b072d57a4b640"),
        Hex.decode("3bf31c354fb1817503e9b581d4d1d51c4c8e921a3b46a513cc24c0ca"),
        Hex.decode("583697860e49d8d534ebdf99205173356f4e209447b6ac7d500ddddc1b382068"),
        Hex.decode("ad3ca42cc656876872bd0e5054d0f2260ec2a07635c5dfa655926989af392bbe636a23f08d1dc8ccd966ffa66ecc30e0"),
        Hex.decode("eabbb30bf280870530126bea40d3123c18d6bd6f6e9ded0eebd51a44d8527b27732206bd1bb7c1c8d941b5f2fba2f87ed49f5f1f3d7bef0e7547d335b4a55b87")
    };

    /**
     * Test that BC has the same results as the SunJCA provider for PBEwithHMACSHA.
     * <p>
     * Test courtesy of the Android project.
     * </p>
     */
    public void testPBEWITHHMACSHAVariants()
        throws Exception
    {
        byte[] plaintext = new byte[]{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
            17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34};
        byte[] salt = "saltsalt".getBytes();
        char[] password = "password".toCharArray();
        int iterationCount = 100;

        for (int shaVariantIndex = 0; shaVariantIndex < SUN_JCA_VARIANTS.length; shaVariantIndex++)
        {
            int shaVariant = SUN_JCA_VARIANTS[shaVariantIndex];
            SecretKeyFactory secretKeyFactory =
                SecretKeyFactory.getInstance("PBKDF2WITHHMACSHA" + shaVariant, "BC");
            PBEKeySpec pbeKeySpec = new PBEKeySpec(password,
                salt,
                iterationCount,
                // Key depending on block size!
                (shaVariant < 384) ? 64 : 128);
            SecretKey secretKey = secretKeyFactory.generateSecret(pbeKeySpec);
            Mac mac = Mac.getInstance("PBEWITHHMACSHA" + shaVariant, "BC");
            mac.init(secretKey);

            byte[] bcResult = mac.doFinal(plaintext);

            isTrue("value mismatch", Arrays.equals(SUN_JCA_KNOWN_ANSWERS_FOR_SHA_VARIANTS[shaVariantIndex], bcResult));
        }
    }

    public String getName()
    {
        return "HMac";
    }

    public static void main(
        String[] args)
    {
        Security.addProvider(new BouncyCastleProvider());

        runTest(new HMacTest());
    }
}