dropbear: libtomcrypt/notes/etc/NoekeonVects.java comparison

comparison libtomcrypt/notes/etc/NoekeonVects.java @ 1471:6dba84798cd5

Update to libtomcrypt 1.18.1, merged with Dropbear changes

author	Matt Johnston <matt@ucc.asn.au>
date	Fri, 09 Feb 2018 21:44:05 +0800
parents
children

comparison

equal deleted inserted replaced

-:8bba51a55704
+:6dba84798cd5
+/*
+NoekeonVects.java - Generate Noekeon test vectors using BouncyCastle.
+Written in 2011 by Patrick Pelletier <[email protected]>
+To the extent possible under law, the author(s) have dedicated all
+copyright and related and neighboring rights to this software to
+the public domain worldwide.  This software is distributed without
+any warranty.
+This file is dedicated to the public domain with the CC0 Public Domain
+Dedication: http://creativecommons.org/publicdomain/zero/1.0/legalcode.txt
+You may also consider this file to be covered by the WTFPL, as contained
+in the LibTomCrypt LICENSE file, if that makes you happier for some reason.
+----------------------------------------------------------------------
+This program was inspired by the comment in Botan 1.10.1's
+doc/examples/eax_test.cpp:
+// Noekeon: unknown cause, though LTC's lone test vector does not
+// match Botan
+So, I investigated the discrepancy by comparing them with a third
+implementation, BouncyCastle: http://www.bouncycastle.org/java.html
+I determined that there are two reasons why LibTomCrypt's Noekeon does
+not match Botan:
+1) Botan uses "indirect Noekeon" (with a key schedule), while
+LibTomCrypt and BouncyCastle both use "direct Noekeon" (without
+a key schedule).  See slide 14 of
+http://gro.noekeon.org/Noekeon-slides.pdf
+2) However, LibTomCrypt's direct Noekeon still does not match
+BouncyCastle's direct Noekeon.  This is because of a bug in
+LibTomCrypt's PI1 and PI2 functions:
+https://github.com/libtom/libtomcrypt/issues/5
+This program uses BouncyCastle to produce test vectors which are
+suitable for Botan (by explicitly scheduling the key, thus
+building indirect Noekeon out of BouncyCastle's direct Noekeon),
+and also produces test vectors which would be suitable for
+LibTomCrypt (direct Noekeon) once its PI1 and PI2 functions are
+fixed to match the Noekeon specification.
+Although this program uses a PRNG from BouncyCastle to generate
+data for the test vectors, it uses a fixed seed and thus will
+produce the same output every time it is run.
+*/
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Locale;
+import org.bouncycastle.crypto.digests.RIPEMD128Digest;
+import org.bouncycastle.crypto.engines.NoekeonEngine;
+import org.bouncycastle.crypto.modes.EAXBlockCipher;
+import org.bouncycastle.crypto.params.AEADParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.prng.DigestRandomGenerator;
+import org.bouncycastle.util.encoders.HexEncoder;
+public class NoekeonVects
+{
+private final DigestRandomGenerator r =
+new DigestRandomGenerator(new RIPEMD128Digest());
+private final HexEncoder h = new HexEncoder();
+private final NoekeonEngine noekeon = new NoekeonEngine();
+private final KeyParameter null_key = new KeyParameter(new byte[16]);
+private final boolean schedule_key;
+private final boolean botan_format;
+private byte[] randomBytes(int n)
+{
+byte[] b = new byte[n];
+r.nextBytes(b);
+return b;
+}
+private void hexOut(byte[] b) throws IOException
+{
+// HexEncoder uses lowercase, and Botan's test vectors must
+// be in uppercase, so...
+ByteArrayOutputStream os = new ByteArrayOutputStream();
+h.encode(b, 0, b.length, os);
+String s = os.toString("US-ASCII");
+System.out.print(s.toUpperCase(Locale.US));
+}
+private void printCArray(byte[] a) throws IOException
+{
+byte[] b = new byte[1];
+for (int i = 0; i < a.length; i++)
+{
+if (i > 0)
+System.out.print(", ");
+System.out.print("0x");
+b[0] = a[i];
+hexOut(b);
+}
+}
+private void printVector(byte[] key, byte[] plaintext, byte[] ciphertext)
+throws IOException
+{
+if (botan_format)
+{
+hexOut(plaintext);
+System.out.print(":");
+hexOut(ciphertext);
+System.out.println(":\\");
+hexOut(key);
+System.out.println();
+}
+else
+{
+System.out.println("   {");
+System.out.println("      16,");
+System.out.print("      { ");
+printCArray (key);
+System.out.println(" },");
+System.out.print("      { ");
+printCArray (plaintext);
+System.out.println(" },");
+System.out.print("      { ");
+printCArray (ciphertext);
+System.out.println(" }");
+System.out.println("   },");
+}
+}
+private KeyParameter maybe_schedule_key(byte[] key)
+{
+if (schedule_key)
+{
+noekeon.init(true, null_key);
+byte[] scheduled = new byte[16];
+noekeon.processBlock(key, 0, scheduled, 0);
+return new KeyParameter(scheduled);
+}
+else
+return new KeyParameter(key);
+}
+private byte[] encrypt(byte[] plaintext, byte[] key)
+{
+KeyParameter kp = maybe_schedule_key(key);
+noekeon.init(true, kp);
+byte[] ciphertext = new byte[16];
+noekeon.processBlock(plaintext, 0, ciphertext, 0);
+return ciphertext;
+}
+public NoekeonVects(long seed, boolean schedule_key, boolean botan_format)
+{
+this.schedule_key = schedule_key;
+this.botan_format = botan_format;
+r.addSeedMaterial(seed);
+}
+public void ecb_vectors() throws IOException
+{
+for (int i = 0; i < 8; i++)
+{
+byte[] key = randomBytes(16);
+byte[] plaintext = randomBytes(16);
+byte[] ciphertext = encrypt(plaintext, key);
+printVector(key, plaintext, ciphertext);
+}
+}
+public void eax_vectors() throws Exception
+{
+System.out.println("EAX-noekeon (16 byte key)");
+EAXBlockCipher eax = new EAXBlockCipher(new NoekeonEngine());
+byte[] output = new byte[48];
+byte[] tag = new byte[16];
+for (int j = 0; j < 16; j++)
+tag[j] = (byte) j;
+for (int i = 0; i <= 32; i++)
+{
+byte[] header_nonce_plaintext = new byte[i];
+for (int j = 0; j < i; j++)
+header_nonce_plaintext[j] = (byte) j;
+AEADParameters params =
+new AEADParameters(maybe_schedule_key(tag),
+128,
+header_nonce_plaintext,
+header_nonce_plaintext);
+eax.init(true, params);
+int off = eax.processBytes(header_nonce_plaintext, 0, i,
+output, 0);
+off += eax.doFinal(output, off);
+if (off != i + 16)
+throw new RuntimeException("didn't expect that");
+byte[] ciphertext = new byte[i];
+for (int j = 0; j < i; j++)
+ciphertext[j] = output[j];
+for (int j = 0; j < 16; j++)
+tag[j] = output[i + j];
+System.out.print(i < 10 ? "  " : " ");
+System.out.print(i);
+System.out.print(": ");
+hexOut(ciphertext);
+System.out.print(", ");
+hexOut(tag);
+System.out.println();
+}
+}
+public static void main(String[] argv) throws Exception
+{
+NoekeonVects bot = new NoekeonVects(0xdefacedbadfacadeL, true, true);
+NoekeonVects tom = new NoekeonVects(0xdefacedbadfacadeL, false, false);
+System.out.println("# ECB vectors for indirect Noekeon, in Botan's");
+System.out.println("# test vector format, suitable for insertion");
+System.out.println("# into Botan's file checks/validate.dat");
+System.out.println("# Block cipher format is plaintext:ciphertext:key");
+bot.ecb_vectors();
+System.out.println();
+System.out.println("/* ECB vectors for direct Noekeon, as C arrays");
+System.out.println(" * suitable for insertion into LibTomCrypt's");
+System.out.println(" * noekeon_test() in src/ciphers/noekeon.c,");
+System.out.println(" * once LTC's PI1/PI2 bug is fixed. */");
+tom.ecb_vectors();
+System.out.println();
+System.out.println("# EAX vectors for indirect Noekeon, in the format");
+System.out.println("# generated by LTC's demos/tv_gen.c and consumed");
+System.out.println("# by Botan's doc/examples/eax_test.cpp, suitable");
+System.out.println("# for insertion in Botan's doc/examples/eax.vec");
+bot.eax_vectors();
+System.out.println();
+System.out.println("# EAX vectors for direct Noekeon, in the format");
+System.out.println("# generated by LTC's demos/tv_gen.c and consumed");
+System.out.println("# by Botan's doc/examples/eax_test.cpp, which");
+System.out.println("# should match LTC's notes/eax_tv.txt, once");
+System.out.println("# LTC's PI1/PI2 bug is fixed.");
+tom.eax_vectors();
+System.out.flush();
+}
+}

Mercurial > dropbear

comparison libtomcrypt/notes/etc/NoekeonVects.java @ 1471:6dba84798cd5