diff options
Diffstat (limited to 'java/com/google/security/wycheproof/testcases/AesEaxTest.java')
-rw-r--r-- | java/com/google/security/wycheproof/testcases/AesEaxTest.java | 268 |
1 files changed, 268 insertions, 0 deletions
diff --git a/java/com/google/security/wycheproof/testcases/AesEaxTest.java b/java/com/google/security/wycheproof/testcases/AesEaxTest.java new file mode 100644 index 0000000..a40f1cc --- /dev/null +++ b/java/com/google/security/wycheproof/testcases/AesEaxTest.java @@ -0,0 +1,268 @@ +/** + * @license + * Copyright 2016 Google Inc. All rights reserved. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// TODO(bleichen): +// - So far only 16 byte tags are tested. +// Tested providers: +// BC : ok +// BC uses a 64-bit default for tags. This is not such a big +// problem as with AES-GCM, since the tag gives 64 bit strength. + +package com.google.security.wycheproof; + +import javax.crypto.Cipher; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import junit.framework.TestCase; + +/** AES-EAX tests */ +public class AesEaxTest extends TestCase { + + /** Test vectors */ + public static class EaxTestVector { + final byte[] pt; + final byte[] aad; + final byte[] ct; + final String ptHex; + final String ctHex; + final GCMParameterSpec parameters; + final SecretKeySpec key; + + public EaxTestVector( + String message, String keyMaterial, String nonce, String aad, String ciphertext) { + this.ptHex = message; + this.pt = TestUtil.hexToBytes(message); + this.aad = TestUtil.hexToBytes(aad); + this.ct = TestUtil.hexToBytes(ciphertext); + this.ctHex = ciphertext; + // Ugly hack from + // https://github.com/bcgit/bc-java/blob/master/prov/src/test/java/org/bouncycastle/jce/provider/test/AEADTest.java + // Apparently, one way to specify the tag length is to use GCMParameterSpec. + // BouncyCastle is using a 64-bit tag by default. + // So far all test vectors use a 128 bit tag. + this.parameters = new GCMParameterSpec(128, TestUtil.hexToBytes(nonce)); + this.key = new SecretKeySpec(TestUtil.hexToBytes(keyMaterial), "AES"); + } + }; + + private static final EaxTestVector[] EAX_TEST_VECTOR = { + // Test vectors from + // http://csrc.nist.gov/groups/ST/toolkit/BCM/modes_development.html + // TODO(bleichen): Check if we can include test cases from NIST and + // republish. + new EaxTestVector( + "", + "233952dee4d5ed5f9b9c6d6ff80ff478", + "62ec67f9c3a4a407fcb2a8c49031a8b3", + "6bfb914fd07eae6b", + "e037830e8389f27b025a2d6527e79d01"), + new EaxTestVector( + "f7fb", + "91945d3f4dcbee0bf45ef52255f095a4", + "becaf043b0a23d843194ba972c66debd", + "fa3bfd4806eb53fa", + "19dd5c4c9331049d0bdab0277408f67967e5"), + new EaxTestVector( + "1a47cb4933", + "01f74ad64077f2e704c0f60ada3dd523", + "70c3db4f0d26368400a10ed05d2bff5e", + "234a3463c1264ac6", + "d851d5bae03a59f238a23e39199dc9266626c40f80"), + new EaxTestVector( + "481c9e39b1", + "d07cf6cbb7f313bdde66b727afd3c5e8", + "8408dfff3c1a2b1292dc199e46b7d617", + "33cce2eabff5a79d", + "632a9d131ad4c168a4225d8e1ff755939974a7bede"), + new EaxTestVector( + "40d0c07da5e4", + "35b6d0580005bbc12b0587124557d2c2", + "fdb6b06676eedc5c61d74276e1f8e816", + "aeb96eaebe2970e9", + "071dfe16c675cb0677e536f73afe6a14b74ee49844dd"), + new EaxTestVector( + "4de3b35c3fc039245bd1fb7d", + "bd8e6e11475e60b268784c38c62feb22", + "6eac5c93072d8e8513f750935e46da1b", + "d4482d1ca78dce0f", + "835bb4f15d743e350e728414abb8644fd6ccb86947c5e10590210a4f"), + new EaxTestVector( + "8b0a79306c9ce7ed99dae4f87f8dd61636", + "7c77d6e813bed5ac98baa417477a2e7d", + "1a8c98dcd73d38393b2bf1569deefc19", + "65d2017990d62528", + "02083e3979da014812f59f11d52630da30137327d10649b0aa6e1c181db617d7" + "f2"), + new EaxTestVector( + "1bda122bce8a8dbaf1877d962b8592dd2d56", + "5fff20cafab119ca2fc73549e20f5b0d", + "dde59b97d722156d4d9aff2bc7559826", + "54b9f04e6a09189a", + "2ec47b2c4954a489afc7ba4897edcdae8cc33b60450599bd02c96382902aef7f" + "832a"), + new EaxTestVector( + "6cf36720872b8513f6eab1a8a44438d5ef11", + "a4a4782bcffd3ec5e7ef6d8c34a56123", + "b781fcf2f75fa5a8de97a9ca48e522ec", + "899a175897561d7e", + "0de18fd0fdd91e7af19f1d8ee8733938b1e8e7f6d2231618102fdb7fe55ff199" + "1700"), + new EaxTestVector( + "ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7", + "8395fcf1e95bebd697bd010bc766aac3", + "22e7add93cfc6393c57ec0b3c17d6b44", + "126735fcc320d25a", + "cb8920f87a6c75cff39627b56e3ed197c552d295a7cfc46afc253b4652b1af37" + "95b124ab6e"), + // The tests are self generated. + // + // Some test vectors for counter overflow: + // Initial counter value == 2^128-1 + new EaxTestVector( + "0000000000000000000000000000000011111111111111111111111111111111", + "000102030405060708090a0b0c0d0e0f", + "3c8cc2970a008f75cc5beae2847258c2", + "", + "3c441f32ce07822364d7a2990e50bb13d7b02a26969e4a937e5e9073b0d9c968" + + "db90bdb3da3d00afd0fc6a83551da95e"), + // counter value overflows at 64-bit boundary + new EaxTestVector( + "0000000000000000000000000000000011111111111111111111111111111111", + "000102030405060708090a0b0c0d0e0f", + "aef03d00598494e9fb03cd7d8b590866", + "", + "d19ac59849026a91aa1b9aec29b11a202a4d739fd86c28e3ae3d588ea21d70c6" + + "c30f6cd9202074ed6e2a2a360eac8c47"), + // no counter overflow, but the 64 most significant bits are set. + new EaxTestVector( + "0000000000000000000000000000000011111111111111111111111111111111", + "000102030405060708090a0b0c0d0e0f", + "55d12511c696a80d0514d1ffba49cada", + "", + "2108558ac4b2c2d5cc66cea51d6210e046177a67631cd2dd8f09469733acb517" + + "fc355e87a267be3ae3e44c0bf3f99b2b"), + // counter value overflows at 32-bit boundary + new EaxTestVector( + "0000000000000000000000000000000011111111111111111111111111111111", + "000102030405060708090a0b0c0d0e0f", + "79422ddd91c4eee2deaef1f968305304", + "", + "4d2c1524ca4baa4eefcce6b91b227ee83abaff8105dcafa2ab191f5df2575035" + + "e2c865ce2d7abdac024c6f991a848390"), + // no counter overflow, but bits 32-64 and 96-128 are set. + new EaxTestVector( + "0000000000000000000000000000000011111111111111111111111111111111", + "000102030405060708090a0b0c0d0e0f", + "0af5aa7a7676e28306306bcd9bf2003a", + "", + "8eb01e62185d782eb9287a341a6862ac5257d6f9adc99ee0a24d9c22b3e9b38a" + + "39c339bc8a74c75e2c65c6119544d61e"), + // no counter overflow, lower 64 bits are 2^63-1 + new EaxTestVector( + "0000000000000000000000000000000011111111111111111111111111111111", + "000102030405060708090a0b0c0d0e0f", + "af5a03ae7edd73471bdcdfac5e194a60", + "", + "94c5d2aca6dbbce8c24513a25e095c0e54a942860d327a222a815cc713b163b4" + + "f50b30304e45c9d411e8df4508a98612"), + // counter overflow between block 2 and block 3. + new EaxTestVector( + "0000000000000000000000000000000011111111111111111111111111111111" + + "2222222222222222222222222222222233333333333333333333333333333333", + "000102030405060708090a0b0c0d0e0f", + "b37087680f0edd5a52228b8c7aaea664", + "", + "3bb6173e3772d4b62eef37f9ef0781f360b6c74be3bf6b371067bc1b090d9d66" + + "22a1fbec6ac471b3349cd4277a101d40890fbf27dfdcd0b4e3781f9806daabb6" + + "a0498745e59999ddc32d5b140241124e"), + // no counter overflow, the lower 64 bits are 2^63-4. + new EaxTestVector( + "0000000000000000000000000000000011111111111111111111111111111111" + + "2222222222222222222222222222222233333333333333333333333333333333" + + "44444444444444444444444444444444", + "000102030405060708090a0b0c0d0e0f", + "4f802da62a384555a19bc2b382eb25af", + "", + "e9b0bb8857818ce3201c3690d21daa7f264fb8ee93cc7a4674ea2fc32bf182fb" + + "2a7e8ad51507ad4f31cefc2356fe7936a7f6e19f95e88fdbf17620916d3a6f3d" + + "01fc17d358672f777fd4099246e436e167910be744b8315ae0eb6124590c5d8b"), + // 192-bit keys + new EaxTestVector( + "", + "03dd258601c1d4872a52b27892db0356911b2df1436dc7f4", + "723cb2022102113018dcd2d204022114", + "", + "c472b1c6c22b4f2b7e02409499aa2ade"), + new EaxTestVector( + "abcdef", + "03dd258601c1d4872a52b27892db0356911b2df1436dc7f4", + "025f3d2286c143976412022102696708231208", + "8917328de211", + "520f4f2cf1b893ae3ba8ecbac3a08ea57de2cd"), + new EaxTestVector( + "1111111111111111111111111111111122222222222222222222222222222222", + "0172acf299142c001d0c231287c1182784554ca3a21908276ac2c92af1294612", + "000102030405060708090a0b0c0d0e0f1a1b1c1d", + "77922d34e452e0a40962873d22901dd22ad1c303", + "5917879b9fa85f4007b7bd0cd46f067d5a7bf287f19dfcc5475c95a4acce520a" + + "4c5df804bc091a3b5d6c838b7e494571"), + // 256-bit keys + new EaxTestVector( + "", + "0172acf299142c001d0c231287c1182784554ca3a21908276ac2c92af1294612", + "696708231208", + "", + "7c8f86f837a4f72c574678d92f637f07"), + new EaxTestVector( + "abcdef", + "0172acf299142c001d0c231287c1182784554ca3a21908276ac2c92af1294612", + "696708231208", + "8917328de211", + "12486c87bf9a7f22fa65a9493ec0f57f8070f5"), + new EaxTestVector( + "1111111111111111111111111111111122222222222222222222222222222222", + "0172acf299142c001d0c231287c1182784554ca3a21908276ac2c92af1294612", + "000102030405060708090a0b0c0d0e0f1a1b1c1d", + "92d3e42e0409273291d2dc034450", + "5917879b9fa85f4007b7bd0cd46f067d5a7bf287f19dfcc5475c95a4acce520a" + + "e632946e4999be20159977431bef0454"), + }; + + public void testEax() throws Exception { + for (EaxTestVector test : EAX_TEST_VECTOR) { + Cipher cipher = Cipher.getInstance("AES/EAX/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, test.key, test.parameters); + cipher.updateAAD(test.aad); + byte[] ct = cipher.doFinal(test.pt); + assertEquals(test.ctHex, TestUtil.bytesToHex(ct)); + } + } + + public void testLateUpdateAAD() throws Exception { + for (EaxTestVector test : EAX_TEST_VECTOR) { + Cipher cipher = Cipher.getInstance("AES/EAX/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, test.key, test.parameters); + byte[] c0 = cipher.update(test.pt); + try { + cipher.updateAAD(test.aad); + } catch (java.lang.IllegalStateException ex) { + // Typically one should pass the AAD in first. + // Hence it is OK to get this exception. + // For example, this is the behaviour of SUNJce. + continue; + } + byte[] c1 = cipher.doFinal(); + String result = TestUtil.bytesToHex(c0) + TestUtil.bytesToHex(c1); + assertEquals(test.ctHex, result); + } + } +} |