aboutsummaryrefslogtreecommitdiff
path: root/java/com/google/security/wycheproof/testcases/AesEaxTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'java/com/google/security/wycheproof/testcases/AesEaxTest.java')
-rw-r--r--java/com/google/security/wycheproof/testcases/AesEaxTest.java285
1 files changed, 285 insertions, 0 deletions
diff --git a/java/com/google/security/wycheproof/testcases/AesEaxTest.java b/java/com/google/security/wycheproof/testcases/AesEaxTest.java
new file mode 100644
index 0000000..3237afa
--- /dev/null
+++ b/java/com/google/security/wycheproof/testcases/AesEaxTest.java
@@ -0,0 +1,285 @@
+/**
+ * @license
+ * Copyright 2016 Google Inc. All rights reserved.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// TODO(bleichen):
+// - So far only 16 byte tags are tested.
+// - default values: BC uses a 64-bit default for tags.
+// Tag size is not such a big problem as with AES-GCM,
+// since a 64 bit tag gives 64 bit strength for AES-EAX.
+
+package com.google.security.wycheproof;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import junit.framework.TestCase;
+
+/** AES-EAX tests */
+public class AesEaxTest extends TestCase {
+
+ /** Test vectors */
+ public static class EaxTestVector {
+ final byte[] pt;
+ final byte[] aad;
+ final byte[] ct;
+ final String ptHex;
+ final String ctHex;
+ final GCMParameterSpec parameters;
+ final SecretKeySpec key;
+
+ public EaxTestVector(
+ String message, String keyMaterial, String nonce, String aad, String ciphertext) {
+ this.ptHex = message;
+ this.pt = TestUtil.hexToBytes(message);
+ this.aad = TestUtil.hexToBytes(aad);
+ this.ct = TestUtil.hexToBytes(ciphertext);
+ this.ctHex = ciphertext;
+ // BouncyCastle uses GCMParameterSpec to specify the parameters for EAX.
+ // This solution is a bit of a hack, but so far we don't know a better way to
+ // specify these parameters.
+ // So far all test vectors use a 128 bit tag.
+ this.parameters = new GCMParameterSpec(128, TestUtil.hexToBytes(nonce));
+ this.key = new SecretKeySpec(TestUtil.hexToBytes(keyMaterial), "AES");
+ }
+ };
+
+ private static final EaxTestVector[] EAX_TEST_VECTOR = {
+ new EaxTestVector(
+ "",
+ "010511c5e24ee7097dca93272ebfae9e",
+ "93ad516bc6f7302b8edb884ca37f2e65",
+ "",
+ "12edfdb379ef62e845da3d17995b4a1e"),
+ new EaxTestVector(
+ "",
+ "acf877a5aa71e794efd6dc82d5b1a155",
+ "4e301710ae15b2f0ee6335d774741f7e",
+ "c0e0f00a919b7652",
+ "eb3dae1fc33be95848da9fd24e7dbae3"),
+ new EaxTestVector(
+ "c3",
+ "95d8e3675bbc3b96befdc5efb7433a68",
+ "0d40fdefd9289e3a49114454b3c4a5f4",
+ "f2",
+ "c5814dfc2f4ee1719bd5f1d5a649174c1a"),
+ new EaxTestVector(
+ "5810842d",
+ "2eed51af91b178b26e9b53c8877a7af6",
+ "e78747ca46cb9f2068e07717d5226e8a",
+ "",
+ "24245c5bb54aa8bfaceca3665867fa2d7de1653d"),
+ new EaxTestVector(
+ "5ae11bb3b7d60e55",
+ "cb782da180e97023530d1612e2287f0d",
+ "ba641ebe03057b387dd3132e0c7a3853",
+ "",
+ "f6f64fa858708b8f445812fd75a9639f635045fd5972b820"),
+ new EaxTestVector(
+ "54332ed26cd966761710ea58a8f248",
+ "8b4457d52e5c04b38d306f8f38480e97",
+ "3f9d6faca5dd97eb1bc74e1954304cca",
+ "",
+ "3ebbf1fe11e2f454e0ef587fb42a7588e1e32ea788cae20d1700584f448814"),
+ new EaxTestVector(
+ "82ce1f2934dcafe9dee7e0e7cbfdfcd0",
+ "2892cf62d2cc0e8e9c796624e05920f5",
+ "8a0da6d1c4b7a4f426ad62f6829cc310",
+ "c3ed66484eb367c8",
+ "c374afaa42d9497326af332f42d2dee8fb478c82a2b2567b0ab9597c93f137cf"),
+ new EaxTestVector(
+ "e0c993ff5d1d00b4cbee523a1df01db011794d54ab7a504c",
+ "463d89aadfa7d8158dcff9b9c3fc32aa",
+ "356ab4709b32fc85ff82f40561e9f08b",
+ "5ab01a3bfa141f8d33720bd1",
+ "d34bc706a9d7a2be6c2d8805cec2fac270ec6d17844b0911accb612cbb3b373438c74c1280445359"),
+ new EaxTestVector(
+ "e9dfb2897e44236880baf166fa62fa5b8a4713aa981dbc3fe6cf65d9f0c30f47",
+ "54617abbeb90fff7095b26af0e596064",
+ "2621c97c4fe379d9d42f04c479ae1bac",
+ "b6b29c2fbe29dcd2",
+ "212263116062443db28d6abd2c3bca880ea4d178282247fffbc10532d40e9cea"
+ + "6f580fdaca33d446dd6f38a4425be844"),
+ new EaxTestVector(
+ "7537f3e4cbe228468a7837c66aec8a9b6033cba4f1b3d8",
+ "7c74da83b1f292b869c891c80850e85f8237412e13a0bf3f",
+ "cfab2c573a0e723613e6e5b58787af60",
+ "",
+ "98a55f7db58fde8ed8bc00c01c97a6e5bda137b03e56e0dddfbe396c44a14646cbc89979f38736"),
+ // Some test vectors for counter overflow:
+ // Initial counter value == 2^128-1
+ new EaxTestVector(
+ "0000000000000000000000000000000011111111111111111111111111111111",
+ "000102030405060708090a0b0c0d0e0f",
+ "3c8cc2970a008f75cc5beae2847258c2",
+ "",
+ "3c441f32ce07822364d7a2990e50bb13d7b02a26969e4a937e5e9073b0d9c968"
+ + "db90bdb3da3d00afd0fc6a83551da95e"),
+ // counter value overflows at 64-bit boundary
+ new EaxTestVector(
+ "0000000000000000000000000000000011111111111111111111111111111111",
+ "000102030405060708090a0b0c0d0e0f",
+ "aef03d00598494e9fb03cd7d8b590866",
+ "",
+ "d19ac59849026a91aa1b9aec29b11a202a4d739fd86c28e3ae3d588ea21d70c6"
+ + "c30f6cd9202074ed6e2a2a360eac8c47"),
+ // no counter overflow, but the 64 most significant bits are set.
+ new EaxTestVector(
+ "0000000000000000000000000000000011111111111111111111111111111111",
+ "000102030405060708090a0b0c0d0e0f",
+ "55d12511c696a80d0514d1ffba49cada",
+ "",
+ "2108558ac4b2c2d5cc66cea51d6210e046177a67631cd2dd8f09469733acb517"
+ + "fc355e87a267be3ae3e44c0bf3f99b2b"),
+ // counter value overflows at 32-bit boundary
+ new EaxTestVector(
+ "0000000000000000000000000000000011111111111111111111111111111111",
+ "000102030405060708090a0b0c0d0e0f",
+ "79422ddd91c4eee2deaef1f968305304",
+ "",
+ "4d2c1524ca4baa4eefcce6b91b227ee83abaff8105dcafa2ab191f5df2575035"
+ + "e2c865ce2d7abdac024c6f991a848390"),
+ // no counter overflow, but bits 32-64 and 96-128 are set.
+ new EaxTestVector(
+ "0000000000000000000000000000000011111111111111111111111111111111",
+ "000102030405060708090a0b0c0d0e0f",
+ "0af5aa7a7676e28306306bcd9bf2003a",
+ "",
+ "8eb01e62185d782eb9287a341a6862ac5257d6f9adc99ee0a24d9c22b3e9b38a"
+ + "39c339bc8a74c75e2c65c6119544d61e"),
+ // no counter overflow, lower 64 bits are 2^63-1
+ new EaxTestVector(
+ "0000000000000000000000000000000011111111111111111111111111111111",
+ "000102030405060708090a0b0c0d0e0f",
+ "af5a03ae7edd73471bdcdfac5e194a60",
+ "",
+ "94c5d2aca6dbbce8c24513a25e095c0e54a942860d327a222a815cc713b163b4"
+ + "f50b30304e45c9d411e8df4508a98612"),
+ // counter overflow between block 2 and block 3.
+ new EaxTestVector(
+ "0000000000000000000000000000000011111111111111111111111111111111"
+ + "2222222222222222222222222222222233333333333333333333333333333333",
+ "000102030405060708090a0b0c0d0e0f",
+ "b37087680f0edd5a52228b8c7aaea664",
+ "",
+ "3bb6173e3772d4b62eef37f9ef0781f360b6c74be3bf6b371067bc1b090d9d66"
+ + "22a1fbec6ac471b3349cd4277a101d40890fbf27dfdcd0b4e3781f9806daabb6"
+ + "a0498745e59999ddc32d5b140241124e"),
+ // no counter overflow, the lower 64 bits are 2^63-4.
+ new EaxTestVector(
+ "0000000000000000000000000000000011111111111111111111111111111111"
+ + "2222222222222222222222222222222233333333333333333333333333333333"
+ + "44444444444444444444444444444444",
+ "000102030405060708090a0b0c0d0e0f",
+ "4f802da62a384555a19bc2b382eb25af",
+ "",
+ "e9b0bb8857818ce3201c3690d21daa7f264fb8ee93cc7a4674ea2fc32bf182fb"
+ + "2a7e8ad51507ad4f31cefc2356fe7936a7f6e19f95e88fdbf17620916d3a6f3d"
+ + "01fc17d358672f777fd4099246e436e167910be744b8315ae0eb6124590c5d8b"),
+ // 192-bit keys
+ new EaxTestVector(
+ "",
+ "03dd258601c1d4872a52b27892db0356911b2df1436dc7f4",
+ "723cb2022102113018dcd2d204022114",
+ "",
+ "c472b1c6c22b4f2b7e02409499aa2ade"),
+ new EaxTestVector(
+ "",
+ "d33dda72649575e42d6eb1f3255e686084b8a9cf4480803c",
+ "ad2a1d2ef236dfaeb109ab29b1084d63",
+ "fb9c0938a5d317fad5f43edc",
+ "6edc358f22358e1d328c4c1cd98184c6"),
+ new EaxTestVector(
+ "abcdef",
+ "03dd258601c1d4872a52b27892db0356911b2df1436dc7f4",
+ "025f3d2286c143976412022102696708231208",
+ "8917328de211",
+ "520f4f2cf1b893ae3ba8ecbac3a08ea57de2cd"),
+ new EaxTestVector(
+ "4e43dbebe316b7d684b56236fdd928dd",
+ "a36eed1cb54130f547664c184c249e777a3d8ba2e2251b58",
+ "e9587847b1e81511e0643f7dda5b725c",
+ "80c7cb954463b6067b081ff66b1d40cc",
+ "e2645cd32a6e8c1e7cd1991d879b335756f848aba8e51f0b56712bb2889c4783"),
+ new EaxTestVector(
+ "1111111111111111111111111111111122222222222222222222222222222222",
+ "0172acf299142c001d0c231287c1182784554ca3a21908276ac2c92af1294612",
+ "000102030405060708090a0b0c0d0e0f1a1b1c1d",
+ "77922d34e452e0a40962873d22901dd22ad1c303",
+ "5917879b9fa85f4007b7bd0cd46f067d5a7bf287f19dfcc5475c95a4acce520a"
+ + "4c5df804bc091a3b5d6c838b7e494571"),
+ // 256-bit keys
+ new EaxTestVector(
+ "",
+ "0172acf299142c001d0c231287c1182784554ca3a21908276ac2c92af1294612",
+ "696708231208",
+ "",
+ "7c8f86f837a4f72c574678d92f637f07"),
+ new EaxTestVector(
+ "abcdef",
+ "0172acf299142c001d0c231287c1182784554ca3a21908276ac2c92af1294612",
+ "696708231208",
+ "8917328de211",
+ "12486c87bf9a7f22fa65a9493ec0f57f8070f5"),
+ new EaxTestVector(
+ "13d106d7be0890093f44a457d4cc5309",
+ "db50934278a8d8101d1c538acfbfaa13aba9fe53408b6205a0c996d53cf04e8d",
+ "eaef04607a36b2e1b1c539bc335aee9a",
+ "d50e7dbdcc7cf92822dd9dd762a0fc12",
+ "2202165697a2d21316c5f65d2aedb3c52b5567b3f8a25e247cfda1f02bc6cf6f"),
+ new EaxTestVector(
+ "17672288fff3e93a45b3b951bbcfa8a4cb",
+ "1cd28aca6542a4df7316b2c6e9232a4e2cc88cf7aaece33eec7da32ab514051f",
+ "d219298abb115ccbb473cf8e2da9671a",
+ "9c504ab2e5ce0f46844833aba6a11c9186e500239460bb26",
+ "aa518b62c5422e56ce393951aa0441e99df8cafb1555d5a30c90391bb9272c32b9"),
+ new EaxTestVector(
+ "1111111111111111111111111111111122222222222222222222222222222222",
+ "0172acf299142c001d0c231287c1182784554ca3a21908276ac2c92af1294612",
+ "000102030405060708090a0b0c0d0e0f1a1b1c1d",
+ "92d3e42e0409273291d2dc034450",
+ "5917879b9fa85f4007b7bd0cd46f067d5a7bf287f19dfcc5475c95a4acce520a"
+ + "e632946e4999be20159977431bef0454"),
+ };
+
+ public void testEax() throws Exception {
+ for (EaxTestVector test : EAX_TEST_VECTOR) {
+ Cipher cipher = Cipher.getInstance("AES/EAX/NoPadding");
+ cipher.init(Cipher.ENCRYPT_MODE, test.key, test.parameters);
+ cipher.updateAAD(test.aad);
+ byte[] ct = cipher.doFinal(test.pt);
+ assertEquals(test.ctHex, TestUtil.bytesToHex(ct));
+ }
+ }
+
+ public void testLateUpdateAAD() throws Exception {
+ for (EaxTestVector test : EAX_TEST_VECTOR) {
+ Cipher cipher = Cipher.getInstance("AES/EAX/NoPadding");
+ cipher.init(Cipher.ENCRYPT_MODE, test.key, test.parameters);
+ byte[] c0 = cipher.update(test.pt);
+ try {
+ cipher.updateAAD(test.aad);
+ } catch (java.lang.IllegalStateException ex) {
+ // Typically one should pass the AAD in first.
+ // Hence it is OK to get this exception.
+ // For example, this is the behaviour of SUNJce.
+ continue;
+ }
+ byte[] c1 = cipher.doFinal();
+ String result = TestUtil.bytesToHex(c0) + TestUtil.bytesToHex(c1);
+ assertEquals(test.ctHex, result);
+ }
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-04 09:56:36 +0000