package org.bouncycastle.crypto.test;

import java.security.SecureRandom;

import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.Wrapper;
import org.bouncycastle.crypto.engines.DESEngine;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.RFC3211WrapEngine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.prng.FixedSecureRandom;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.SimpleTest;

Wrap Test based on RFC3211 test vectors
/** * Wrap Test based on RFC3211 test vectors */
public class RFC3211WrapTest extends SimpleTest { SecureRandom r1 = new FixedSecureRandom(Hex.decode("C436F541")); SecureRandom r2 = new FixedSecureRandom(Hex.decode("FA060A45")); public String getName() { return "RFC3211Wrap"; } private void wrapTest( int id, BlockCipher engine, byte[] kek, byte[] iv, SecureRandom rand, byte[] in, byte[] out) throws Exception { Wrapper wrapper = new RFC3211WrapEngine(engine); wrapper.init(true, new ParametersWithRandom(new ParametersWithIV(new KeyParameter(kek), iv), rand)); byte[] cText = wrapper.wrap(in, 0, in.length); if (!Arrays.areEqual(cText, out)) { fail("failed wrap test " + id + " expected " + new String(Hex.encode(out)) + " got " + new String(Hex.encode(cText))); } wrapper.init(false, new ParametersWithIV(new KeyParameter(kek), iv)); byte[] pText = wrapper.unwrap(out, 0, out.length); if (!Arrays.areEqual(pText, in)) { fail("rfailed unwrap test " + id + " expected " + new String(Hex.encode(in)) + " got " + new String(Hex.encode(pText))); } } private void testCorruption() throws InvalidCipherTextException { byte[] kek = Hex.decode("D1DAA78615F287E6"); byte[] iv = Hex.decode("EFE598EF21B33D6D"); Wrapper wrapper = new RFC3211WrapEngine(new DESEngine()); wrapper.init(false, new ParametersWithIV(new KeyParameter(kek), iv)); byte[] block = Hex.decode("ff739D838C627C897323A2F8C436F541"); encryptBlock(kek, iv, block); try { wrapper.unwrap(block, 0, block.length); fail("bad length not detected"); } catch (InvalidCipherTextException e) { if (!e.getMessage().equals("wrapped key corrupted")) { fail("wrong exception on length"); } } block = Hex.decode("08639D838C627C897323A2F8C436F541"); testChecksum(kek, iv, block, wrapper); block = Hex.decode("08736D838C627C897323A2F8C436F541"); testChecksum(kek, iv, block, wrapper); block = Hex.decode("08739D638C627C897323A2F8C436F541"); testChecksum(kek, iv, block, wrapper); } private void testChecksum(byte[] kek, byte[] iv, byte[] block, Wrapper wrapper) { encryptBlock(kek, iv, block); try { wrapper.unwrap(block, 0, block.length); fail("bad checksum not detected"); } catch (InvalidCipherTextException e) { if (!e.getMessage().equals("wrapped key corrupted")) { fail("wrong exception"); } } } private void encryptBlock(byte[] key, byte[] iv, byte[] cekBlock) { BlockCipher engine = new CBCBlockCipher(new DESEngine()); engine.init(true, new ParametersWithIV(new KeyParameter(key), iv)); for (int i = 0; i < cekBlock.length; i += 8) { engine.processBlock(cekBlock, i, cekBlock, i); } for (int i = 0; i < cekBlock.length; i += 8) { engine.processBlock(cekBlock, i, cekBlock, i); } } public void performTest() throws Exception { wrapTest(1, new DESEngine(), Hex.decode("D1DAA78615F287E6"), Hex.decode("EFE598EF21B33D6D"), r1, Hex.decode("8C627C897323A2F8"), Hex.decode("B81B2565EE373CA6DEDCA26A178B0C10")); wrapTest(2, new DESedeEngine(), Hex.decode("6A8970BF68C92CAEA84A8DF28510858607126380CC47AB2D"), Hex.decode("BAF1CA7931213C4E"), r2, Hex.decode("8C637D887223A2F965B566EB014B0FA5D52300A3F7EA40FFFC577203C71BAF3B"), Hex.decode("C03C514ABDB9E2C5AAC038572B5E24553876B377AAFB82ECA5A9D73F8AB143D9EC74E6CAD7DB260C")); testCorruption(); Wrapper wrapper = new RFC3211WrapEngine(new DESEngine()); ParametersWithIV params = new ParametersWithIV(new KeyParameter(new byte[16]), new byte[16]); byte[] buf = new byte[16]; try { wrapper.init(true, params); wrapper.unwrap(buf, 0, buf.length); fail("failed unwrap state test."); } catch (IllegalStateException e) { // expected } catch (InvalidCipherTextException e) { fail("unexpected exception: " + e, e); } try { wrapper.init(false, params); wrapper.wrap(buf, 0, buf.length); fail("failed unwrap state test."); } catch (IllegalStateException e) { // expected } // // short test // try { wrapper.init(false, params); wrapper.unwrap(buf, 0, buf.length / 2); fail("failed unwrap short test."); } catch (InvalidCipherTextException e) { // expected } } public static void main( String[] args) { runTest(new RFC3211WrapTest()); } }