Пример #1
0
        private void testSequential()
        {
            // Sequential test, adapted from test-poly1305aes
            int len;

            byte[] kr     = new byte[32];
            byte[] m      = new byte[MAXLEN];
            byte[] n      = new byte[16];
            byte[] output = new byte[16];

            int  c   = 0;
            IMac mac = new Poly1305(new AesFastEngine());

            for (int loop = 0; loop < 13; loop++)
            {
                len = 0;
                for (;;)
                {
                    c++;
                    mac.Init(new ParametersWithIV(new KeyParameter(kr), n));
                    mac.BlockUpdate(m, 0, len);
                    mac.DoFinal(output, 0);

                    // if (c == 678)
                    // {
                    // TestCase tc = CASES[0];
                    //
                    // if (!Arrays.AreEqual(tc.key, kr))
                    // {
                    // System.err.println("Key bad");
                    // System.err.println(Hex.ToHexString(tc.key)));
                    // System.err.println(Hex.ToHexString(kr)));
                    // System.exit(1);
                    // }
                    // if (!Arrays.AreEqual(tc.nonce, n))
                    // {
                    // System.err.println("Nonce bad");
                    // System.exit(1);
                    // }
                    // System.out.printf("[%d] m: %s\n", c, Hex.ToHexString(m, 0, len)));
                    // System.out.printf("[%d] K: %s\n", c, new string(Hex.encodje(kr)));
                    // System.out.printf("[%d] N: %s\n", c, Hex.ToHexString(n)));
                    // System.out.printf("[%d] M: ", c);
                    // }
                    // System.out.printf("%d/%s\n", c, Hex.ToHexString(out)));

                    if (len >= MAXLEN)
                    {
                        break;
                    }
                    n[0] = (byte)(n[0] ^ loop);
                    for (int i = 0; i < 16; ++i)
                    {
                        n[i] ^= output[i];
                    }
                    if (len % 2 != 0)
                    {
                        for (int i = 0; i < 16; ++i)
                        {
                            kr[i] ^= output[i];
                        }
                    }
                    if (len % 3 != 0)
                    {
                        for (int i = 0; i < 16; ++i)
                        {
                            kr[i + 16] ^= output[i];
                        }
                    }
                    Poly1305KeyGenerator.Clamp(kr);
                    m[len++] ^= output[0];
                }
            }
            // Output after 13 loops as generated by poly1305 ref
            if (c != 13013 || !Arrays.AreEqual(output, Hex.Decode("c96f60a23701a5b0fd2016f58cbe4f7e")))
            {
                Fail("Sequential Poly1305 " + c, "c96f60a23701a5b0fd2016f58cbe4f7e", Hex.ToHexString(output));
            }
        }
Пример #2
0
 public void VerifyMacWhenKeyLengthIsLessThan32Fails()
 {
     // Arrange, Act & Assert
     Assert.Throws <CryptographicException>(() => Poly1305.VerifyMac(new byte[Poly1305.MAC_KEY_SIZE_IN_BYTES - 1], new byte[0], new byte[0]));
 }
Пример #3
0
        public static int CryptoOnetimeauth(byte[] Outv, int Outvoffset, byte[] Inv, int Invoffset, long Inlen, byte[] K)
        {
            int j;

            int[] r = new int[17];
            int[] h = new int[17];
            int[] c = new int[17];

            r[0]  = K[0] & 0xFF;
            r[1]  = K[1] & 0xFF;
            r[2]  = K[2] & 0xFF;
            r[3]  = K[3] & 15;
            r[4]  = K[4] & 252;
            r[5]  = K[5] & 0xFF;
            r[6]  = K[6] & 0xFF;
            r[7]  = K[7] & 15;
            r[8]  = K[8] & 252;
            r[9]  = K[9] & 0xFF;
            r[10] = K[10] & 0xFF;
            r[11] = K[11] & 15;
            r[12] = K[12] & 252;
            r[13] = K[13] & 0xFF;
            r[14] = K[14] & 0xFF;
            r[15] = K[15] & 15;
            r[16] = 0;

            for (j = 0; j < 17; ++j)
            {
                h[j] = 0;
            }

            while (Inlen > 0)
            {
                for (j = 0; j < 17; ++j)
                {
                    c[j] = 0;
                }

                for (j = 0; j < 16 && j < Inlen; ++j)
                {
                    c[j] = Inv[Invoffset + j] & 0xff;
                }

                c[j]       = 1;
                Invoffset += j;
                Inlen     -= j;
                Poly1305.Add(h, c);
                Poly1305.Mulmod(h, r);
            }

            Poly1305.Freeze(h);

            for (j = 0; j < 16; ++j)
            {
                c[j] = K[j + 16] & 0xFF;
            }

            c[16] = 0;
            Poly1305.Add(h, c);

            for (j = 0; j < 16; ++j)
            {
                Outv[j + Outvoffset] = (byte)h[j];
            }

            return(0);
        }
Пример #4
0
        public void Compute()
        {
            var mac = new byte[Poly1305.MAC_TAG_SIZE_IN_BYTES];

            Poly1305.ComputeMac(key.Span, data.Span, mac);
        }
Пример #5
0
 public void ComputeMacWhenKeyLengthIsGreaterThan32Fails()
 {
     // Arrange, Act & Assert
     Assert.Throws <CryptographicException>(() => Poly1305.ComputeMac(new byte[Poly1305.MAC_KEY_SIZE_IN_BYTES + 1], new byte[0]));
 }
Пример #6
0
        private void WriteLE(Poly1305 mac, int length)
        {
            var s = Utils.ToBytes((ulong)length, true);

            mac.BlockUpdate(s, 0, 8);
        }
Пример #7
0
 protected /*virtual */ void UpdateRecordMacLength(Poly1305 mac, int len)
 {
     byte[] longLen = Pack.UInt64_To_LE((ulong)len);
     mac.BlockUpdate(longLen, 0, longLen.Length);
 }
Пример #8
0
 public byte[] Compute() => Poly1305.ComputeMac(key, data);
Пример #9
0
        public void VerifyFails()
        {
            var key = new Key(1, 0, 0, 0, 0, 0, 0, 0);

            Assert.False(Poly1305.Verify(new byte[] { 1 }, 0, 1, in key, default));
        }
Пример #10
0
        public static void SelfTest()
        {
            byte[] key = new byte[] {
                0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
                0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
            };

            byte[] nonce = new byte[] {
                0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08
            };

            byte[] cipherText = new byte[] {
                0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd,
                0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89, 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2,
                0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee, 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
                0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf,
                0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce, 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81,
                0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd, 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
                0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38,
                0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0, 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4,
                0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46, 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
                0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e,
                0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15, 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a,
                0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea, 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
                0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
                0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10, 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10,
                0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94, 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
                0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29,
                0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70, 0x9b,
                0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
            };

            byte[] aad = new byte[] {
                0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4e, 0x91
            };

            byte[] plainText = new byte[] {
                0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20,
                0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66, 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
                0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
                0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d,
                0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65,
                0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
                0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64,
                0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
                0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61, 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
                0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72,
                0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20, 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65,
                0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
                0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
                0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65,
                0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20, 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
                0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67,
                0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80, 0x9d
            };

            Poly1305 p = new Poly1305();

            byte[]       pKey    = new byte[] { 0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33, 0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8, 0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd, 0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b };
            KeyParameter paramsX = new KeyParameter(pKey);

            p.Init(paramsX);

            byte[] msg = Encoding.ASCII.GetBytes("Cryptographic Forum Research Group");
            p.BlockUpdate(msg, 0, msg.Length);
            byte[] output = new byte[30];
            p.DoFinal(output, 0);


            ChaCha20Poly1305 cipher = new ChaCha20Poly1305();

            KeyParameter   contentKey = new KeyParameter(key);
            AeadParameters parameters = new AeadParameters(contentKey, 128, nonce, aad);

            cipher.Init(true, parameters);

            byte[] C   = new byte[cipher.GetOutputSize(plainText.Length)];
            int    len = cipher.ProcessBytes(plainText, 0, plainText.Length, C, 0);

            len += cipher.DoFinal(C, len);
        }