All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.bouncycastle.pqc.legacy.crypto.test.QTESLATest Maven / Gradle / Ivy

Go to download

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

There is a newer version: 1.79
Show newest version
package org.bouncycastle.pqc.legacy.crypto.test;

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import junit.framework.TestCase;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.pqc.legacy.crypto.qtesla.QTESLAKeyGenerationParameters;
import org.bouncycastle.pqc.legacy.crypto.qtesla.QTESLAKeyPairGenerator;
import org.bouncycastle.pqc.legacy.crypto.qtesla.QTESLAPrivateKeyParameters;
import org.bouncycastle.pqc.legacy.crypto.qtesla.QTESLAPublicKeyParameters;
import org.bouncycastle.pqc.legacy.crypto.qtesla.QTESLASecurityCategory;
import org.bouncycastle.pqc.legacy.crypto.qtesla.QTESLASigner;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Integers;
import org.bouncycastle.util.encoders.Hex;

public class QTESLATest
    extends TestCase
{
    static SecureRandom secureRandom = new SecureRandom();

    private static String asString(Map values, String key)
    {
        if (values.containsKey(key))
        {
            return (String)values.get(key);
        }
        return null;
    }

    private static Integer asInt(Map values, String key, int def)
        throws Exception
    {
        String value = asString(values, key);
        if (value != null)
        {
            return Integers.valueOf(Integer.parseInt(value));
        }
        return Integers.valueOf(def);
    }

    private static byte[] asByteArray(Map values, String key)
    {
        String value = asString(values, key);
        if (value != null)
        {
            return Hex.decode(value);
        }
        return null;
    }


    private void doTestKAT(int securityCategory, byte[] pubKey, byte[] privKey, byte[] seed, byte[] msg, byte[] expected)
    {
        //
        // Validate Key Generation.
        //
        // Invoke the key generator with the Fixed Random that uses the seed from the vector.
        // This ensures we can generate the same keys as the vector.
        // USE A REAL RANDOM NUMBER GENERATOR IN PRODUCTION.
        //
        QTESLAKeyGenerationParameters keyGenerationParameters = new QTESLAKeyGenerationParameters(securityCategory, QTESLASecureRandomFactory.getFixedNoDiscard(seed, 256));
        QTESLAKeyPairGenerator keyGen = new QTESLAKeyPairGenerator();
        keyGen.init(keyGenerationParameters);
        AsymmetricCipherKeyPair acp = keyGen.generateKeyPair();

        //
        // Test generated keys from seed match supplied keys in vector.
        //
        assertTrue(Arrays.areEqual(pubKey, ((QTESLAPublicKeyParameters)acp.getPublic()).getPublicData()));
        assertTrue(Arrays.areEqual(privKey, ((QTESLAPrivateKeyParameters)acp.getPrivate()).getSecret()));

        //
        // Set up for sign / verify testing.
        //
        QTESLAPublicKeyParameters qPub = new QTESLAPublicKeyParameters(securityCategory, pubKey);
        QTESLAPrivateKeyParameters qPriv = new QTESLAPrivateKeyParameters(securityCategory, privKey);

        // For signing..
        QTESLASigner signer = new QTESLASigner();
        signer.init(true, new ParametersWithRandom(qPriv, QTESLASecureRandomFactory.getFixed(seed, 256)));
        byte[] sig = signer.generateSignature(msg);


        //
        // Verify signature matches vector, NB signatures in the vector are [sig][msg] hence the concatenation.
        //
        assertTrue(Arrays.areEqual(expected, Arrays.concatenate(sig, msg)));

        //
        // Set up for verification.
        //
        signer = new QTESLASigner();
        signer.init(false, qPub);

        // Verify verification.
        assertTrue(signer.verifySignature(msg, sig));


        //
        // Damage signature, expect failure.
        //
        {
            byte[] damagedSig = Arrays.copyOf(sig, sig.length);
            damagedSig[0] ^= 1;
            assertFalse(signer.verifySignature(msg, damagedSig));
        }

        //
        // Damage Message, expect failure.
        //
        {
            byte[] damagedMsg = Arrays.copyOf(msg, msg.length);
            damagedMsg[0] ^= 1;
            assertFalse(signer.verifySignature(damagedMsg, sig));
        }
    }

    public void testSignQ1p()
        throws Exception
    {
        byte[] seed = Hex.decode("061550234D158C5EC95595FE04EF7A25767F2E24CC2BC479D09D86DC9ABCFDE7056A8C266F9EF97ED08541DBD2E1FFA1");
        byte[] publicKey = Hex.decode
        byte[] sk = Hex.decode(""
            + "3E8FE33CAE1CEEC574275C02B17AE78A0018BD4212E087C0901E518796AAA752B6282A7D0DB145AE");


        //
        // Key generation.
        //

        //
        // The QTESLASecureRandomFactory.getFixedNoDiscard(...) is used so the same key values can be generated for a given seed
        // for testing purposes. You MUST use a real SecureRandom instance in reality.
        //
        QTESLAKeyGenerationParameters keyGenerationParameters = new QTESLAKeyGenerationParameters(QTESLASecurityCategory.PROVABLY_SECURE_I, QTESLASecureRandomFactory.getFixedNoDiscard(seed, 256));
        QTESLAKeyPairGenerator keyGen = new QTESLAKeyPairGenerator();
        keyGen.init(keyGenerationParameters);
        AsymmetricCipherKeyPair acp = keyGen.generateKeyPair();
        assertTrue(Arrays.areEqual(publicKey, ((QTESLAPublicKeyParameters)acp.getPublic()).getPublicData()));
        assertTrue(Arrays.areEqual(sk, ((QTESLAPrivateKeyParameters)acp.getPrivate()).getSecret()));


        byte[] msg = Hex.decode("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8");


        QTESLAPrivateKeyParameters qPriv = new QTESLAPrivateKeyParameters(QTESLASecurityCategory.PROVABLY_SECURE_I, sk);
        QTESLASigner signer = new QTESLASigner();

        signer.init(true, new ParametersWithRandom(qPriv, QTESLASecureRandomFactory.getFixed(seed, 256)));

        byte[] sig = signer.generateSignature(msg);

        //
        // The expect sig from the C version is [sig][message] so to validate we need to append the message to our generated signature.
        //
        byte[] expectedSig = Hex.decode("77CA5E0F6AB8586FAE62A68BD7A97DDA9435AF9335EF76BEF113A56D64420A8FDC2669E234AAD20193D2085F9E4B9DFFADA03E33DB4119FABBBCD91B19530793E0BAB71ED5CD61A607055E93FB56F66E8EBEBC6B63020E75579ACF8E2F16E5F6179AFD9E7B20DF0C010C1554791E6D41C224639B9D070AB04F6914E74644B14AEE4C7731675DB2B94237FFF00BFDAD7A070D73BD1DBACEC15094D091A0563F6ECC749FA57AFC4BF8B3009836DC5ED692DEC837953D776076F1D9A0AE98D812758A08F184751D33D29EEFB8868B97E21E115C568BEA8521B60E7D9ECD30CA5DD48EE82FEE169A2A3A1F9EC1366203FF1B1732C1598906F6715B88576EDA2C29FE0D0B4006B03E1B21171E923B5C3775ABBCCD2313186793CA98BA96B932D2561DD915E4B7BBB08B6946C37D71A4077CE9E3868148C33377068A70F1B21C13CDBBBF200F39F52E7A4C2B094F8EFE208CACDA1F7789A4FC471574ABA28BF06CB8940207E06A5B2A0B3CFD2BCBF6421A85D32F5831084A78C914FEDA6D7F1D6977397202CD24A4260B90C11077CA337F10A852A34FBAB455F2B7530E336AF3F2C6AE04B652D7E05FC02264E5C81E0E09FACD01A70F4F66F368D7F308284988BC3E6B4C026F97A65C0B31C1187CD05409C5BA4C22317C3A1CE08EAC8FC25A4D3644B610481E07FE372D19FA622365394E37A6BB61EE38E309736A807A2DD85AC76F88451354FB12AA778E3F05EC69D83AC8EED551070DA0ADC0222E7839D79E2847037A2DB1B2E0F15C376451CE38A11E57896F67D804DA2A4F84BA51308ED69F161A9E08207DA401D9F5EAABDC4F50B4D96357929126A208B0DB29D03CD71A2F203309E41DA4661162A48944F463AA642D67AE9C36FCDCA4F14AF4B136A943B74AD5B8CE6ED6BFDC3755B1750B901584B2C1614A2634D0DAD3F2D54BBE3BFBEE7C07E4D7AE64430364A5A0EE4E4A0D436D569B2DD6C8A121FB33329FD25E2FE7297E939736721E6A2BC37398DD16C7E2CA087182C5958A4D9A21EA3E2BA3754B630BDB7F146F090649ED7A4B1ABB64D58BF1CC54E3FCC8358EA6AF1B2C7622B633AEE12C6664A51F1437368E8D9EC67AB6C2939749A671465EE7A77F9368E145047072664084EAE6233F91010DD5148E2F7A66F69BC5849F80186CE26C0D927BCA38E5BB8A28302946A43CE57872FE5D735793337127E41EAAD931AD96FED22862FC0AEA72569E9B56596B8BC36A186D4D03C87D484111F18A6187CD7522EC926153488DB161D8ED5CB05F144C01ED77C7614FB42FCE566898BC9F5AA9FEF0F7093818A390A22EBA9404EBC3A79FB3543640DF29D2B5B9A601E916DB36CFD66A5067E7FA379A640D12B99D75B67F8ED059B761D3FBBDAC235024D071EAB9A2C6F13D5C6DAE1BF952EEA902A5A25F1FCFFCF8B0ABAFF0B242B48EBFFA6CBA9CE3654673F3AD4CD5E2ADD2F3E630B7FD48B1F7578CEE7D1ADC54360952ED1F1951F3F4ED531BA57BADDBFB7EC437E42A429DEC044EDBA509E5C18BCF8DE6118D6935EE38B3F94C12300D49E9F434F227407F3C7FA1ECED88D08DF04B4A518C508A3B93A3A8C60ADBB8C0B5F3923213CA531007E0CAA77E5361CBBA1CA6E49E81BA87ABE3C07E9E4590635486B44212298CBF9EC48920C0A899CF257421B734377B18141550B3954E23EEF90D6E20FEF7BF04C17DFE8083C0116786DC771DD802A69B2516396A45F6C755E05F228B4C31835F8E46591C80CD10250470B4421FD5C86B97B48C35CFE22721C3A9BA3DB8BCC739AC0CE5D2BE05B8569C0E3AB51CD112E4BF0137D6902E08E5636861E00EF3D58F3B05C63A5ED8286EE075B46EFBF2CE806301C059602FFEACD4CA5E25FC72424D4A982FE4AA6A6B7821AEEA4A4C209E78034CD69E5AEB14D57E5685E0F90BCA8507FF339CC084889541BACDC155FF24CEFBB79FB2496224A06517CD7A5B3B0C829A6ADE5FFDF70BF197E1927D080C20EFADA5BF44764D7062609F62B8C878C9A66063C957837DEF9065E571E12F44AE02E0A023F1DF37E0F5AE70C5F2699654450C112AE96927D2E46AD1F2116885D40D0373BF5B9AC1B07D99B3EBB739EE4B9F9E369F83F5806AE6A528E8E373B512A83E2DE089F3C52C155C282A78D3D8F1BD9EDA5399D48476DE5F2074F4122504E003072BABEC347678E91B921D5B583DB4B4030BDC547E948CDFA07019B180823AF3C88AFB4954F239662614826C26E3D68B12270D0426418D0DD2815F8AA43E6DBC95CAD2B55E0F5438AD46806B3CD319430550317B7C80BC8DECCBCBC651C6AA00EAC9E514FB92188F49E48C74CF2A595D42BDEC4AC6A5229179C16760885168B18D5C5F86CD500BED77F5D4041C4AA244A1679682E9A62BBD5303A9811DA40AB7D5233B13F19A6C30F700C7D5C670CE4C14B7F7CBB6BD593029B4E55D4FC010171FAE640FF6D6FDDDFEA1E1A197B41369580A38FA6979EBA701F4BB00D8F6D4B24E180A532FB235F12003EBA74BBB329D68488BE399EC1066F768204388CAB27D2766E1E5502E3F690DEE57273951BB799F237FC0F1CE7AC404F64DF1238F352D70658755184E027D0BAD33616A821E1C8CA4F281D14A531D34113AD17D971A3D5E6B022725D395AD3F594277690C96877CD96FD1761E226E5D3A98F16F33E590EEF6CFDDF7A9E5D2A2288F4B5195BF3CF923229D617D4D594D5A76BB74E2A5558DEB44CDBAEF71ADDC3A4AF7D1570347FE0F7C715656061D0B8967D5B8147D13AF1A515C1E07EDE157BEBF8F73FD0AAF94B7F3695BADC3D5D81454BA9A19DED20969CB1EA356DAEA186D25EE563CED503EE3B0F4ACC8B59C2071F4D7454ED60083BEB7F33DD9E4975E85AA49A17ADD101DA612EC0D74CFF4B1E6616A8B7A7F7771AB0BFC956152F4679F3864BA08000F232F62F33D3328443505B5CB6F15EF4CDB365B1CBDF0D750DB39F49EF9BF31484CB79CA5F5AD334E7CAFFE7D7AFEC3E821DFEF387AA0677085941522EBF93D2414E9C1365B534555895B635F731E44480556ECD61DF5DD27794209066C7BB7814170E12C6E3EE938B3FF0984F1BACBCAB09DA34D015721B55E156A9276E2AB76C9B80886CA04B825BD140D1AC4C6CE873A4D38AD274F007E989FCA8BC3D05B19475B414A9C093ECA93BBBB45F8A4DD0360807ECFAE3A7DFD1B0AE736B7C17755A404E5FF6DB6B9A61B16A66A08BCE6D6C6AB31917A9EAA5E4715387A634F232CF90CC9AA9E1609F0E567516567EE1FDDC535FC5E5628E811B43C9993FCA6E4241913C2665E4E7A09AF46FF90659CDF0D022A30D253FCCDA2EE8F18714E1869DA71730AF568161AA0417E7A7B338D94BD85F5D6C30A5D0E6C38F5EFAAEC68D7D383D2529F7F696A3A061BE6FAB1EF8F2D7F91C6F10A7898C87BE2679F0CB3EFE5883AE4D954C5913FDED07FDF70A8AE16B2D11E8B0D8A73904388071E49997FF18766592B59EC2443B3C7C5B465508A40559D764CD499D8574992FC571F483B0A3BC8B28BEC0D042585435CA275875E0ED0E9E00BF401D0071769EF7345FF3F7A87DD10204D154422C7F182754DC9AA3CB764EA920329199FDEF60D8D85F5ABA944050A3A4824EC5032B67FFC7C56A591B2A2C3843617AF31B1C1C75E029093BBEC7374C98E79C21A0EFF8DBD15298173D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8");
        byte[] generatedSig = Arrays.concatenate(sig, msg);

        assertTrue(Arrays.areEqual(expectedSig, generatedSig));


        //
        // Round trip against the public key generated by the C version.
        //

        QTESLAPublicKeyParameters qPub = new QTESLAPublicKeyParameters(QTESLASecurityCategory.PROVABLY_SECURE_I, publicKey);

        QTESLASigner verifier = new QTESLASigner();

        verifier.init(false, qPub);

        assertTrue(verifier.verifySignature(msg, sig));
        assertFalse(verifier.verifySignature(Arrays.append(msg, (byte)0x00), sig));
        assertFalse(verifier.verifySignature(msg, Arrays.append(sig, (byte)0x00)));
    }

    public void testSignQ3p()
        throws Exception
    {
        //
        // Values put in file because vectors exceeded length of string constant.
        //
        BufferedReader bin = new BufferedReader(new InputStreamReader(this.getClass().getResourceAsStream("/org/bouncycastle/pqc/crypto/test/q3pIII.txt")));

        byte[] seed = Hex.decode(bin.readLine());
        byte[] msg = Hex.decode(bin.readLine());
        byte[] publicKey = Hex.decode(bin.readLine());
        byte[] sk = Hex.decode(bin.readLine());
        byte[] sm = Hex.decode(bin.readLine());

        bin.close();


        //
        // Key generation.
        //

        //
        // The QTESLASecureRandomFactory.getFixedNoDiscard(...) is used so the same key values can be generated for a given seed
        // for testing purposes. You MUST use a real SecureRandom instance in reality.
        //
        QTESLAKeyGenerationParameters keyGenerationParameters = new QTESLAKeyGenerationParameters(QTESLASecurityCategory.PROVABLY_SECURE_III, QTESLASecureRandomFactory.getFixedNoDiscard(seed, 256));
        QTESLAKeyPairGenerator keyGen = new QTESLAKeyPairGenerator();
        keyGen.init(keyGenerationParameters);
        AsymmetricCipherKeyPair acp = keyGen.generateKeyPair();
        assertTrue(Arrays.areEqual(publicKey, ((QTESLAPublicKeyParameters)acp.getPublic()).getPublicData()));
        assertTrue(Arrays.areEqual(sk, ((QTESLAPrivateKeyParameters)acp.getPrivate()).getSecret()));


        QTESLAPrivateKeyParameters qPriv = new QTESLAPrivateKeyParameters(QTESLASecurityCategory.PROVABLY_SECURE_III, sk);
        QTESLASigner signer = new QTESLASigner();

        signer.init(true, new ParametersWithRandom(qPriv, QTESLASecureRandomFactory.getFixed(seed, 256)));

        byte[] sig = signer.generateSignature(msg);


        //
        // The expected sig from the C version is [sig][message] so to validate we need to append the message to our generated signature.
        //
        byte[] expectedSig = sm;
        byte[] generatedSig = Arrays.concatenate(sig, msg);

        assertTrue(Arrays.areEqual(expectedSig, generatedSig));


        //
        // Round trip against the public key generated by the C version.
        //

        QTESLAPublicKeyParameters qPub = new QTESLAPublicKeyParameters(QTESLASecurityCategory.PROVABLY_SECURE_III, publicKey);

        QTESLASigner verifier = new QTESLASigner();

        verifier.init(false, qPub);

        assertTrue(verifier.verifySignature(msg, sig));
        assertFalse(verifier.verifySignature(Arrays.append(msg, (byte)0x00), sig));
        assertFalse(verifier.verifySignature(msg, Arrays.append(sig, (byte)0x00)));
    }

    public void testKATVectors()
        throws Exception
    {
        String[] files = new String[]{
            "/org/bouncycastle/pqc/crypto/test/qTeslaR2/KAT/ref/PQCsignKAT_qTesla-p-I.rsp",
            "/org/bouncycastle/pqc/crypto/test/qTeslaR2/KAT/ref/PQCsignKAT_qTesla-p-III.rsp",
        };

        for (int f = 0; f != files.length; f++)
        {
            String file = files[f];

            List vectors =
                new QTeslaKatParser(file, QTESLATest.class.getResourceAsStream(file))
                    .parse("count");

            TestCase.assertEquals(100, vectors.size());

            int type;

            if (file.endsWith("qTesla-p-I.rsp"))
            {
                type = QTESLASecurityCategory.PROVABLY_SECURE_I;
            }
            else if (file.endsWith("qTesla-p-III.rsp"))
            {
                type = QTESLASecurityCategory.PROVABLY_SECURE_III;
            }
            else
            {
                throw new Exception("unable to determine file type for. " + file);
            }

            for (int i = 0; i != vectors.size(); i++)
            {
                QTeslaKatVector vector = (QTeslaKatVector)vectors.get(i);
                try
                {
                    doTestKAT(type, vector.pk, vector.sk, vector.seed, vector.msg, vector.sm);
                }
                catch (Exception ex)
                {
                    throw new Exception(file + " count =" + vector.count + " failed", ex);
                }
            }
        }
    }

    public static class QTeslaKatVector
    {
        final int count;
        final byte[] seed;
        final int mlen;
        final byte[] msg;
        final byte[] pk;
        final byte[] sk;
        final int smlen;
        final byte[] sm;


        QTeslaKatVector(Map parameters)
            throws Exception
        {
            count = asInt(parameters, "count", -1).intValue();
            seed = asByteArray(parameters, "seed");
            mlen = asInt(parameters, "mlen", -1).intValue();
            msg = asByteArray(parameters, "msg");
            pk = asByteArray(parameters, "pk");
            sk = asByteArray(parameters, "sk");
            smlen = asInt(parameters, "smlen", -1).intValue();
            sm = asByteArray(parameters, "sm");
        }

        public boolean equals(Object o)
        {
            if (this == o)
            {
                return true;
            }
            if (o == null || getClass() != o.getClass())
            {
                return false;
            }

            QTeslaKatVector that = (QTeslaKatVector)o;

//            if (count != that.count)
//            {
//                return false;
//            }
            if (mlen != that.mlen)
            {
                return false;
            }
            if (smlen != that.smlen)
            {
                return false;
            }
            if (!Arrays.areEqual(seed, that.seed))
            {
                return false;
            }
            if (!Arrays.areEqual(msg, that.msg))
            {
                return false;
            }
            if (!Arrays.areEqual(pk, that.pk))
            {
                return false;
            }
            if (!Arrays.areEqual(sk, that.sk))
            {
                return false;
            }
            return Arrays.areEqual(sm, that.sm);
        }

        public int hashCode()
        {
            int result;// = count;
            result = Arrays.hashCode(seed);//   31 * result + java.util.Arrays.hashCode(seed);
            result = 31 * result + mlen;
            result = 31 * result + Arrays.hashCode(msg);
            result = 31 * result + Arrays.hashCode(pk);
            result = 31 * result + Arrays.hashCode(sk);
            result = 31 * result + smlen;
            result = 31 * result + Arrays.hashCode(sm);
            return result;
        }
    }

    public static class QTeslaKatParser
    {

        private final InputStream src;
        private final String srcLabel;

        public QTeslaKatParser(String label, InputStream src)
        {
            this.src = src;
            this.srcLabel = label;
        }


        public List parse(String blockDelimField)
            throws Exception
        {

            List vectors = new ArrayList();
            Map extractedParameters = new HashMap();
            BufferedReader bin = new BufferedReader(new InputStreamReader(src));
            Set duplicateTrap = new HashSet();


            String line = null;

            while ((line = bin.readLine()) != null)
            {
                line = line.trim();
                if (line.length() == 0 || line.startsWith("#"))
                {
                    continue;
                }


                //
                // Vector parameter.
                //
                if (line.indexOf('=') >= 0)
                {
                    String[] kv = line.split("=");

                    for (int t = 0; t < kv.length; t++)
                    {
                        kv[t] = kv[t].trim();
                    }

                    if (kv.length > 0)
                    {
                        if (!extractedParameters.isEmpty() && kv[0].equals(blockDelimField))
                        {
                            QTeslaKatVector vector = new QTeslaKatVector(extractedParameters);
                            vectors.add(vector);

                            if (duplicateTrap.contains(vector))
                            {
                                throw new Exception("Duplicate Vector encountered, set : " + vector.count + " in " + srcLabel);
                            }

                            duplicateTrap.add(vector);

                            extractedParameters.clear();
                        }

                        if (kv.length > 1)
                        {
                            extractedParameters.put(kv[0], kv[1]);
                        }
                        else
                        {
                            extractedParameters.put(kv[0], null);
                        }
                    }
                }
            }

            //
            // Trailing block.
            //
            if (!extractedParameters.isEmpty())
            {
                vectors.add(new QTeslaKatVector(extractedParameters));
            }

            return vectors;
        }
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy