package org.bouncycastle.crypto.test;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.DESEngine;
import org.bouncycastle.crypto.modes.CCMBlockCipher;
import org.bouncycastle.crypto.params.AEADParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.SimpleTest;
/**
* First four test vectors from
* NIST Special Publication 800-38C.
*/
public class CCMTest
extends SimpleTest
{
private byte[] K1 = Hex.decode("404142434445464748494a4b4c4d4e4f");
private byte[] N1 = Hex.decode("10111213141516");
private byte[] A1 = Hex.decode("0001020304050607");
private byte[] P1 = Hex.decode("20212223");
private byte[] C1 = Hex.decode("7162015b4dac255d");
private byte[] T1 = Hex.decode("6084341b");
private byte[] K2 = Hex.decode("404142434445464748494a4b4c4d4e4f");
private byte[] N2 = Hex.decode("1011121314151617");
private byte[] A2 = Hex.decode("000102030405060708090a0b0c0d0e0f");
private byte[] P2 = Hex.decode("202122232425262728292a2b2c2d2e2f");
private byte[] C2 = Hex.decode("d2a1f0e051ea5f62081a7792073d593d1fc64fbfaccd");
private byte[] T2 = Hex.decode("7f479ffca464");
private byte[] K3 = Hex.decode("404142434445464748494a4b4c4d4e4f");
private byte[] N3 = Hex.decode("101112131415161718191a1b");
private byte[] A3 = Hex.decode("000102030405060708090a0b0c0d0e0f10111213");
private byte[] P3 = Hex.decode("202122232425262728292a2b2c2d2e2f3031323334353637");
private byte[] C3 = Hex.decode("e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5484392fbc1b09951");
private byte[] T3 = Hex.decode("67c99240c7d51048");
private byte[] K4 = Hex.decode("404142434445464748494a4b4c4d4e4f");
private byte[] N4 = Hex.decode("101112131415161718191a1b1c");
private byte[] A4 = Hex.decode("000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff");
private byte[] P4 = Hex.decode("202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f");
private byte[] C4 = Hex.decode("69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72b4ac6bec93e8598e7f0dadbcea5b");
private byte[] T4 = Hex.decode("f4dd5d0ee404617225ffe34fce91");
//
// long data vector
//
private byte[] C5 = Hex.decode("49b17d8d3ea4e6174a48e2b65e6d8b417ac0dd3f8ee46ce4a4a2a509661cef52528c1cd9805333a5cfd482fa3f095a3c2fdd1cc47771c5e55fddd60b5c8d6d3fa5c8dd79d08b16242b6642106e7c0c28bd1064b31e6d7c9800c8397dbc3fa8071e6a38278b386c18d65d39c6ad1ef9501a5c8f68d38eb6474799f3cc898b4b9b97e87f9c95ce5c51bc9d758f17119586663a5684e0a0daf6520ec572b87473eb141d10471e4799ded9e607655402eca5176bbf792ef39dd135ac8d710da8e9e854fd3b95c681023f36b5ebe2fb213d0b62dd6e9e3cfe190b792ccb20c53423b2dca128f861a61d306910e1af418839467e466f0ec361d2539eedd99d4724f1b51c07beb40e875a87491ec8b27cd1");
private byte[] T5 = Hex.decode("5c768856796b627b13ec8641581b");
public void performTest()
throws Exception
{
CCMBlockCipher ccm = new CCMBlockCipher(new AESEngine());
checkVectors(0, ccm, K1, 32, N1, A1, P1, T1, C1);
checkVectors(1, ccm, K2, 48, N2, A2, P2, T2, C2);
checkVectors(2, ccm, K3, 64, N3, A3, P3, T3, C3);
ivParamTest(0, ccm, K1, N1);
//
// 4 has a reduced associated text which needs to be replicated
//
byte[] a4 = new byte[65536]; // 524288 / 8
for (int i = 0; i < a4.length; i += A4.length)
{
System.arraycopy(A4, 0, a4, i, A4.length);
}
checkVectors(3, ccm, K4, 112, N4, a4, P4, T4, C4);
//
// long data test
//
checkVectors(4, ccm, K4, 112, N4, A4, A4, T5, C5);
// decryption with output specified, non-zero offset.
ccm.init(false, new AEADParameters(new KeyParameter(K2), 48, N2, A2));
byte[] inBuf = new byte[C2.length + 10];
byte[] outBuf = new byte[ccm.getOutputSize(C2.length) + 10];
System.arraycopy(C2, 0, inBuf, 10, C2.length);
int len = ccm.processPacket(inBuf, 10, C2.length, outBuf, 10);
byte[] out = ccm.processPacket(C2, 0, C2.length);
if (len != out.length || !isEqual(out, outBuf, 10))
{
fail("decryption output incorrect");
}
// encryption with output specified, non-zero offset.
ccm.init(true, new AEADParameters(new KeyParameter(K2), 48, N2, A2));
int inLen = len;
inBuf = outBuf;
outBuf = new byte[ccm.getOutputSize(inLen) + 10];
len = ccm.processPacket(inBuf, 10, inLen, outBuf, 10);
out = ccm.processPacket(inBuf, 10, inLen);
if (len != out.length || !isEqual(out, outBuf, 10))
{
fail("encryption output incorrect");
}
//
// exception tests
//
try
{
ccm.init(false, new AEADParameters(new KeyParameter(K1), 32, N2, A2));
ccm.processPacket(C2, 0, C2.length);
fail("invalid cipher text not picked up");
}
catch (InvalidCipherTextException e)
{
// expected
}
try
{
ccm = new CCMBlockCipher(new DESEngine());
fail("incorrect block size not picked up");
}
catch (IllegalArgumentException e)
{
// expected
}
try
{
ccm.init(false, new KeyParameter(K1));
fail("illegal argument not picked up");
}
catch (IllegalArgumentException e)
{
// expected
}
AEADTestUtil.testReset(this, new CCMBlockCipher(new AESEngine()), new CCMBlockCipher(new AESEngine()), new AEADParameters(new KeyParameter(K1), 32, N2));
AEADTestUtil.testTampering(this, ccm, new AEADParameters(new KeyParameter(K1), 32, N2));
}
private boolean isEqual(byte[] exp, byte[] other, int off)
{
for (int i = 0; i != exp.length; i++)
{
if (exp[i] != other[off + i])
{
return false;
}
}
return true;
}
private void checkVectors(
int count,
CCMBlockCipher ccm,
byte[] k,
int macSize,
byte[] n,
byte[] a,
byte[] p,
byte[] t,
byte[] c)
throws InvalidCipherTextException
{
byte[] fa = new byte[a.length / 2];
byte[] la = new byte[a.length - (a.length / 2)];
System.arraycopy(a, 0, fa, 0, fa.length);
System.arraycopy(a, fa.length, la, 0, la.length);
checkVectors(count, ccm, "all initial associated data", k, macSize, n, a, null, p, t, c);
checkVectors(count, ccm, "subsequent associated data", k, macSize, n, null, a, p, t, c);
checkVectors(count, ccm, "split associated data", k, macSize, n, fa, la, p, t, c);
checkVectors(count, ccm, "reuse key", null, macSize, n, fa, la, p, t, c);
}
private void checkVectors(
int count,
CCMBlockCipher ccm,
String additionalDataType,
byte[] k,
int macSize,
byte[] n,
byte[] a,
byte[] sa,
byte[] p,
byte[] t,
byte[] c)
throws InvalidCipherTextException
{
KeyParameter keyParam = (k == null) ? null : new KeyParameter(k);
ccm.init(true, new AEADParameters(keyParam, macSize, n, a));
byte[] enc = new byte[c.length];
if (sa != null)
{
ccm.processAADBytes(sa, 0, sa.length);
}
int len = ccm.processBytes(p, 0, p.length, enc, 0);
len += ccm.doFinal(enc, len);
if (!areEqual(c, enc))
{
fail("encrypted stream fails to match in test " + count + " with " + additionalDataType);
}
ccm.init(false, new AEADParameters(keyParam, macSize, n, a));
byte[] tmp = new byte[enc.length];
if (sa != null)
{
ccm.processAADBytes(sa, 0, sa.length);
}
len = ccm.processBytes(enc, 0, enc.length, tmp, 0);
len += ccm.doFinal(tmp, len);
byte[] dec = new byte[len];
System.arraycopy(tmp, 0, dec, 0, len);
if (!areEqual(p, dec))
{
fail("decrypted stream fails to match in test " + count + " with " + additionalDataType,
new String(Hex.encode(p)), new String(Hex.encode(dec)));
}
if (!areEqual(t, ccm.getMac()))
{
fail("MAC fails to match in test " + count + " with " + additionalDataType);
}
}
private void ivParamTest(
int count,
CCMBlockCipher ccm,
byte[] k,
byte[] n)
throws InvalidCipherTextException
{
byte[] p = Strings.toByteArray("hello world!!");
ccm.init(true, new ParametersWithIV(new KeyParameter(k), n));
byte[] enc = new byte[p.length + 8];
int len = ccm.processBytes(p, 0, p.length, enc, 0);
len += ccm.doFinal(enc, len);
ccm.init(false, new ParametersWithIV(new KeyParameter(k), n));
byte[] tmp = new byte[enc.length];
len = ccm.processBytes(enc, 0, enc.length, tmp, 0);
len += ccm.doFinal(tmp, len);
byte[] dec = new byte[len];
System.arraycopy(tmp, 0, dec, 0, len);
if (!areEqual(p, dec))
{
fail("decrypted stream fails to match in test " + count);
}
}
public String getName()
{
return "CCM";
}
public static void main(
String[] args)
{
runTest(new CCMTest());
}
}