All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.crypto.test.Salsa20Test Maven / Gradle / Ivy

There is a newer version: 1.2.2.1-jre17
Show newest version
package org.bouncycastle.crypto.test;

import java.security.SecureRandom;

import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.StreamCipher;
import org.bouncycastle.crypto.engines.Salsa20Engine;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.SimpleTest;

/**
 * Salsa20 Test
 */
public class Salsa20Test
    extends SimpleTest
{
    byte[] zeroes = Hex.decode(
                    "00000000000000000000000000000000"
                  + "00000000000000000000000000000000"
                  + "00000000000000000000000000000000"
                  + "00000000000000000000000000000000");

    String set1v0_0 = "4DFA5E481DA23EA09A31022050859936"
        + "DA52FCEE218005164F267CB65F5CFD7F"
        + "2B4F97E0FF16924A52DF269515110A07"
        + "F9E460BC65EF95DA58F740B7D1DBB0AA";

    String set1v0_192 = "DA9C1581F429E0A00F7D67E23B730676"
        + "783B262E8EB43A25F55FB90B3E753AEF"
        + "8C6713EC66C51881111593CCB3E8CB8F"
        + "8DE124080501EEEB389C4BCB6977CF95";

    String set1v0_256 = "7D5789631EB4554400E1E025935DFA7B"
        + "3E9039D61BDC58A8697D36815BF1985C"
        + "EFDF7AE112E5BB81E37ECF0616CE7147"
        + "FC08A93A367E08631F23C03B00A8DA2F";

    String set1v0_448 = "B375703739DACED4DD4059FD71C3C47F"
        + "C2F9939670FAD4A46066ADCC6A564578"
        + "3308B90FFB72BE04A6B147CBE38CC0C3"
        + "B9267C296A92A7C69873F9F263BE9703";

    String set1v9_0 = "0471076057830FB99202291177FBFE5D"
        + "38C888944DF8917CAB82788B91B53D1C"
        + "FB06D07A304B18BB763F888A61BB6B75"
        + "5CD58BEC9C4CFB7569CB91862E79C459";

    String set1v9_192 = "D1D7E97556426E6CFC21312AE3811425"
        + "9E5A6FB10DACBD88E4354B0472556935"
        + "2B6DA5ACAFACD5E266F9575C2ED8E6F2"
        + "EFE4B4D36114C3A623DD49F4794F865B";

    String set1v9_256 = "AF06FAA82C73291231E1BD916A773DE1"
        + "52FD2126C40A10C3A6EB40F22834B8CC"
        + "68BD5C6DBD7FC1EC8F34165C517C0B63"
        + "9DB0C60506D3606906B8463AA0D0EC2F";

    String set1v9_448 = "AB3216F1216379EFD5EC589510B8FD35"
        + "014D0AA0B613040BAE63ECAB90A9AF79"
        + "661F8DA2F853A5204B0F8E72E9D9EB4D"
        + "BA5A4690E73A4D25F61EE7295215140C";

    String set6v0_0 = "F5FAD53F79F9DF58C4AEA0D0ED9A9601"
        + "F278112CA7180D565B420A48019670EA"
        + "F24CE493A86263F677B46ACE1924773D"
        + "2BB25571E1AA8593758FC382B1280B71";

    String set6v0_65472 = "B70C50139C63332EF6E77AC54338A407"
        + "9B82BEC9F9A403DFEA821B83F7860791"
        + "650EF1B2489D0590B1DE772EEDA4E3BC"
        + "D60FA7CE9CD623D9D2FD5758B8653E70";

    String set6v0_65536 = "81582C65D7562B80AEC2F1A673A9D01C"
        + "9F892A23D4919F6AB47B9154E08E699B"
        + "4117D7C666477B60F8391481682F5D95"
        + "D96623DBC489D88DAA6956B9F0646B6E";

    String set6v1_0 = "3944F6DC9F85B128083879FDF190F7DE"
        + "E4053A07BC09896D51D0690BD4DA4AC1"
        + "062F1E47D3D0716F80A9B4D85E6D6085"
        + "EE06947601C85F1A27A2F76E45A6AA87";

    String set6v1_65472 = "36E03B4B54B0B2E04D069E690082C8C5"
        + "92DF56E633F5D8C7682A02A65ECD1371"
        + "8CA4352AACCB0DA20ED6BBBA62E177F2"
        + "10E3560E63BB822C4158CAA806A88C82";

    String set6v1_65536 = "1B779E7A917C8C26039FFB23CF0EF8E0"
        + "8A1A13B43ACDD9402CF5DF38501098DF"
        + "C945A6CC69A6A17367BC03431A86B3ED"
        + "04B0245B56379BF997E25800AD837D7D";

    // Salsa20/12
    String salsa12_set1v0_0 = "FC207DBFC76C5E1774961E7A5AAD0906"
            + "9B2225AC1CE0FE7A0CE77003E7E5BDF8"
            + "B31AF821000813E6C56B8C1771D6EE70"
            + "39B2FBD0A68E8AD70A3944B677937897";

    String salsa12_set1v0_192 = "4B62A4881FA1AF9560586510D5527ED4"
        + "8A51ECAFA4DECEEBBDDC10E9918D44AB"
        + "26B10C0A31ED242F146C72940C6E9C37"
        + "53F641DA84E9F68B4F9E76B6C48CA5AC";

    String salsa12_set1v0_256 = "F52383D9DEFB20810325F7AEC9EADE34"
        + "D9D883FEE37E05F74BF40875B2D0BE79"
        + "ED8886E5BFF556CEA8D1D9E86B1F68A9"
        + "64598C34F177F8163E271B8D2FEB5996";

    String salsa12_set1v0_448 = "A52ED8C37014B10EC0AA8E05B5CEEE12"
        + "3A1017557FB3B15C53E6C5EA8300BF74"
        + "264A73B5315DC821AD2CAB0F3BB2F152"
        + "BDAEA3AEE97BA04B8E72A7B40DCC6BA4";

    // Salsa20/8
    String salsa8_set1v0_0 = "A9C9F888AB552A2D1BBFF9F36BEBEB33"
            + "7A8B4B107C75B63BAE26CB9A235BBA9D"
            + "784F38BEFC3ADF4CD3E266687EA7B9F0"
            + "9BA650AE81EAC6063AE31FF12218DDC5";
    
    String salsa8_set1v0_192 = "BB5B6BB2CC8B8A0222DCCC1753ED4AEB"
            + "23377ACCBD5D4C0B69A8A03BB115EF71"
            + "871BC10559080ACA7C68F0DEF32A80DD"
            + "BAF497259BB76A3853A7183B51CC4B9F";
    
    String salsa8_set1v0_256 = "4436CDC0BE39559F5E5A6B79FBDB2CAE"
            + "4782910F27FFC2391E05CFC78D601AD8"
            + "CD7D87B074169361D997D1BED9729C0D"
            + "EB23418E0646B7997C06AA84E7640CE3";
    
    String salsa8_set1v0_448 = "BEE85903BEA506B05FC04795836FAAAC"
            + "7F93F785D473EB762576D96B4A65FFE4"
            + "63B34AAE696777FC6351B67C3753B89B"
            + "A6B197BD655D1D9CA86E067F4D770220";
    

    public String getName()
    {
        return "Salsa20";
    }

    public void performTest()
    {
        salsa20Test1(20, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")),
                  set1v0_0, set1v0_192,  set1v0_256,  set1v0_448);
        salsa20Test1(20, new ParametersWithIV(new KeyParameter(Hex.decode("00400000000000000000000000000000")), Hex.decode("0000000000000000")),
                  set1v9_0, set1v9_192,  set1v9_256,  set1v9_448);
        salsa20Test1(12, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")),
                salsa12_set1v0_0, salsa12_set1v0_192,  salsa12_set1v0_256,  salsa12_set1v0_448);
        salsa20Test1(8, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")),
                salsa8_set1v0_0, salsa8_set1v0_192,  salsa8_set1v0_256,  salsa8_set1v0_448);
        salsa20Test2(new ParametersWithIV(new KeyParameter(Hex.decode("0053A6F94C9FF24598EB3E91E4378ADD3083D6297CCF2275C81B6EC11467BA0D")), Hex.decode("0D74DB42A91077DE")),
                  set6v0_0, set6v0_65472, set6v0_65536);
        salsa20Test2(new ParametersWithIV(new KeyParameter(Hex.decode("0558ABFE51A4F74A9DF04396E93C8FE23588DB2E81D4277ACD2073C6196CBF12")), Hex.decode("167DE44BB21980E7")),
                  set6v1_0, set6v1_65472, set6v1_65536);
        reinitBug();
        skipTest();
    }

    private void salsa20Test1(int rounds, CipherParameters params, String v0, String v192, String v256, String v448)
    {
        StreamCipher salsa = new Salsa20Engine(rounds);
        byte[]       buf = new byte[64];

        salsa.init(true, params);

        for (int i = 0; i != 7; i++)
        {
            salsa.processBytes(zeroes, 0, 64, buf, 0);
            switch (i)
            {
            case 0:
                if (!areEqual(buf, Hex.decode(v0)))
                {
                    mismatch("v0/" + rounds, v0, buf);
                }
                break;
            case 3:
                if (!areEqual(buf, Hex.decode(v192)))
                {
                    mismatch("v192/" + rounds, v192, buf);
                }
                break;
            case 4:
                if (!areEqual(buf, Hex.decode(v256)))
                {
                    mismatch("v256/" + rounds, v256, buf);
                }
                break;
            default:
                // ignore
            }
        }

        for (int i = 0; i != 64; i++)
        {
            buf[i] = salsa.returnByte(zeroes[i]);
        }

        if (!areEqual(buf, Hex.decode(v448)))
        {
            mismatch("v448", v448, buf);
        }       
    }

    private void salsa20Test2(CipherParameters params, String v0, String v65472, String v65536)
    {
        StreamCipher salsa = new Salsa20Engine();
        byte[]       buf = new byte[64];

        salsa.init(true, params);

        for (int i = 0; i != 1025; i++)
        {
            salsa.processBytes(zeroes, 0, 64, buf, 0);
            switch (i)
            {
            case 0:
                if (!areEqual(buf, Hex.decode(v0)))
                {
                    mismatch("v0", v0, buf);
                }
                break;
            case 1023:
                if (!areEqual(buf, Hex.decode(v65472)))
                {
                    mismatch("v65472", v65472, buf);
                }
                break;
            case 1024:
                if (!areEqual(buf, Hex.decode(v65536)))
                {
                    mismatch("v65536", v65536, buf);
                }
                break;
            default:
                // ignore
            }
        }
    }

    private void mismatch(String name, String expected, byte[] found)
    {
        fail("mismatch on " + name, expected, new String(Hex.encode(found)));
    }


    private void reinitBug()
    {
        KeyParameter key = new KeyParameter(Hex.decode("80000000000000000000000000000000"));
        ParametersWithIV parameters = new ParametersWithIV(key, Hex.decode("0000000000000000"));

        StreamCipher salsa = new Salsa20Engine();

        salsa.init(true, parameters);

        try
        {
            salsa.init(true, key);
            fail("Salsa20 should throw exception if no IV in Init");
        }
        catch (IllegalArgumentException e)
        {
        }
    }

    private boolean areEqual(byte[] a, int aOff, byte[] b, int bOff)
    {
        for (int i = bOff; i != b.length; i++)
        {
            if (a[aOff + i - bOff] != b[i])
            {
                return false;
            }
        }

        return true;
    }

    private void skipTest()
    {
        SecureRandom rand = new SecureRandom();
        byte[]       plain = new byte[50000];
        byte[]       cipher = new byte[50000];

        rand.nextBytes(plain);

        CipherParameters params = new ParametersWithIV(new KeyParameter(Hex.decode("0053A6F94C9FF24598EB3E91E4378ADD3083D6297CCF2275C81B6EC11467BA0D")), Hex.decode("0D74DB42A91077DE"));
        Salsa20Engine    engine = new Salsa20Engine();

        engine.init(true, params);

        engine.processBytes(plain, 0, plain.length, cipher, 0);

        byte[]      fragment = new byte[20];

        engine.init(true, params);

        engine.skip(10);

        engine.processBytes(plain, 10, fragment.length, fragment, 0);

        if (!areEqual(cipher, 10, fragment, 0))
        {
            fail("skip forward 10 failed");
        }

        engine.skip(1000);

        engine.processBytes(plain, 1010 + fragment.length, fragment.length, fragment, 0);

        if (!areEqual(cipher, 1010 + fragment.length, fragment, 0))
        {
            fail("skip forward 1000 failed");
        }

        engine.skip(-10);

        engine.processBytes(plain, 1010 + 2 * fragment.length - 10, fragment.length, fragment, 0);

        if (!areEqual(cipher, 1010 + 2 * fragment.length - 10, fragment, 0))
        {
            fail("skip back 10 failed");
        }

        engine.skip(-1000);

        if (engine.getPosition() != 60)
        {
            fail("skip position incorrect - " + 60 + " got " + engine.getPosition());
        }

        engine.processBytes(plain, 60, fragment.length, fragment, 0);

        if (!areEqual(cipher, 60, fragment, 0))
        {
            fail("skip back 1000 failed");
        }

        long pos = engine.seekTo(1010);
        if (pos != 1010)
        {
            fail("position wrong");
        }

        engine.processBytes(plain, 1010, fragment.length, fragment, 0);

        if (!areEqual(cipher, 1010, fragment, 0))
        {
            fail("seek to 1010 failed");
        }

        engine.reset();

        for (int i = 0; i != 5000; i++)
        {
            engine.skip(i);

            if (engine.getPosition() != i)
            {
                fail("skip forward at wrong position");
            }

            engine.processBytes(plain, i, fragment.length, fragment, 0);

            if (!areEqual(cipher, i, fragment, 0))
            {
                fail("skip forward i failed: " + i);
            }

            if (engine.getPosition() != i + fragment.length)
            {
                fail("cipher at wrong position: " + engine.getPosition() + " [" + i + "]");
            }

            engine.skip(-fragment.length);

            if (engine.getPosition() != i)
            {
                fail("skip back at wrong position");
            }

            engine.processBytes(plain, i, fragment.length, fragment, 0);

            if (!areEqual(cipher, i, fragment, 0))
            {
                fail("skip back i failed: " + i);
            }

            engine.reset();
        }
    }

    public static void main(
        String[]    args)
    {
        runTest(new Salsa20Test());
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy