package org.bouncycastle.crypto.test;

import java.security.SecureRandom;

import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.StreamCipher;
import org.bouncycastle.crypto.engines.Salsa20Engine;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.SimpleTest;

Salsa20 Test
/** * Salsa20 Test */
public class Salsa20Test extends SimpleTest { byte[] zeroes = Hex.decode( "00000000000000000000000000000000" + "00000000000000000000000000000000" + "00000000000000000000000000000000" + "00000000000000000000000000000000"); String set1v0_0 = "4DFA5E481DA23EA09A31022050859936" + "DA52FCEE218005164F267CB65F5CFD7F" + "2B4F97E0FF16924A52DF269515110A07" + "F9E460BC65EF95DA58F740B7D1DBB0AA"; String set1v0_192 = "DA9C1581F429E0A00F7D67E23B730676" + "783B262E8EB43A25F55FB90B3E753AEF" + "8C6713EC66C51881111593CCB3E8CB8F" + "8DE124080501EEEB389C4BCB6977CF95"; String set1v0_256 = "7D5789631EB4554400E1E025935DFA7B" + "3E9039D61BDC58A8697D36815BF1985C" + "EFDF7AE112E5BB81E37ECF0616CE7147" + "FC08A93A367E08631F23C03B00A8DA2F"; String set1v0_448 = "B375703739DACED4DD4059FD71C3C47F" + "C2F9939670FAD4A46066ADCC6A564578" + "3308B90FFB72BE04A6B147CBE38CC0C3" + "B9267C296A92A7C69873F9F263BE9703"; String set1v9_0 = "0471076057830FB99202291177FBFE5D" + "38C888944DF8917CAB82788B91B53D1C" + "FB06D07A304B18BB763F888A61BB6B75" + "5CD58BEC9C4CFB7569CB91862E79C459"; String set1v9_192 = "D1D7E97556426E6CFC21312AE3811425" + "9E5A6FB10DACBD88E4354B0472556935" + "2B6DA5ACAFACD5E266F9575C2ED8E6F2" + "EFE4B4D36114C3A623DD49F4794F865B"; String set1v9_256 = "AF06FAA82C73291231E1BD916A773DE1" + "52FD2126C40A10C3A6EB40F22834B8CC" + "68BD5C6DBD7FC1EC8F34165C517C0B63" + "9DB0C60506D3606906B8463AA0D0EC2F"; String set1v9_448 = "AB3216F1216379EFD5EC589510B8FD35" + "014D0AA0B613040BAE63ECAB90A9AF79" + "661F8DA2F853A5204B0F8E72E9D9EB4D" + "BA5A4690E73A4D25F61EE7295215140C"; String set6v0_0 = "F5FAD53F79F9DF58C4AEA0D0ED9A9601" + "F278112CA7180D565B420A48019670EA" + "F24CE493A86263F677B46ACE1924773D" + "2BB25571E1AA8593758FC382B1280B71"; String set6v0_65472 = "B70C50139C63332EF6E77AC54338A407" + "9B82BEC9F9A403DFEA821B83F7860791" + "650EF1B2489D0590B1DE772EEDA4E3BC" + "D60FA7CE9CD623D9D2FD5758B8653E70"; String set6v0_65536 = "81582C65D7562B80AEC2F1A673A9D01C" + "9F892A23D4919F6AB47B9154E08E699B" + "4117D7C666477B60F8391481682F5D95" + "D96623DBC489D88DAA6956B9F0646B6E"; String set6v1_0 = "3944F6DC9F85B128083879FDF190F7DE" + "E4053A07BC09896D51D0690BD4DA4AC1" + "062F1E47D3D0716F80A9B4D85E6D6085" + "EE06947601C85F1A27A2F76E45A6AA87"; String set6v1_65472 = "36E03B4B54B0B2E04D069E690082C8C5" + "92DF56E633F5D8C7682A02A65ECD1371" + "8CA4352AACCB0DA20ED6BBBA62E177F2" + "10E3560E63BB822C4158CAA806A88C82"; String set6v1_65536 = "1B779E7A917C8C26039FFB23CF0EF8E0" + "8A1A13B43ACDD9402CF5DF38501098DF" + "C945A6CC69A6A17367BC03431A86B3ED" + "04B0245B56379BF997E25800AD837D7D"; // Salsa20/12 String salsa12_set1v0_0 = "FC207DBFC76C5E1774961E7A5AAD0906" + "9B2225AC1CE0FE7A0CE77003E7E5BDF8" + "B31AF821000813E6C56B8C1771D6EE70" + "39B2FBD0A68E8AD70A3944B677937897"; String salsa12_set1v0_192 = "4B62A4881FA1AF9560586510D5527ED4" + "8A51ECAFA4DECEEBBDDC10E9918D44AB" + "26B10C0A31ED242F146C72940C6E9C37" + "53F641DA84E9F68B4F9E76B6C48CA5AC"; String salsa12_set1v0_256 = "F52383D9DEFB20810325F7AEC9EADE34" + "D9D883FEE37E05F74BF40875B2D0BE79" + "ED8886E5BFF556CEA8D1D9E86B1F68A9" + "64598C34F177F8163E271B8D2FEB5996"; String salsa12_set1v0_448 = "A52ED8C37014B10EC0AA8E05B5CEEE12" + "3A1017557FB3B15C53E6C5EA8300BF74" + "264A73B5315DC821AD2CAB0F3BB2F152" + "BDAEA3AEE97BA04B8E72A7B40DCC6BA4"; // Salsa20/8 String salsa8_set1v0_0 = "A9C9F888AB552A2D1BBFF9F36BEBEB33" + "7A8B4B107C75B63BAE26CB9A235BBA9D" + "784F38BEFC3ADF4CD3E266687EA7B9F0" + "9BA650AE81EAC6063AE31FF12218DDC5"; String salsa8_set1v0_192 = "BB5B6BB2CC8B8A0222DCCC1753ED4AEB" + "23377ACCBD5D4C0B69A8A03BB115EF71" + "871BC10559080ACA7C68F0DEF32A80DD" + "BAF497259BB76A3853A7183B51CC4B9F"; String salsa8_set1v0_256 = "4436CDC0BE39559F5E5A6B79FBDB2CAE" + "4782910F27FFC2391E05CFC78D601AD8" + "CD7D87B074169361D997D1BED9729C0D" + "EB23418E0646B7997C06AA84E7640CE3"; String salsa8_set1v0_448 = "BEE85903BEA506B05FC04795836FAAAC" + "7F93F785D473EB762576D96B4A65FFE4" + "63B34AAE696777FC6351B67C3753B89B" + "A6B197BD655D1D9CA86E067F4D770220"; public String getName() { return "Salsa20"; } public void performTest() { salsa20Test1(20, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")), set1v0_0, set1v0_192, set1v0_256, set1v0_448); salsa20Test1(20, new ParametersWithIV(new KeyParameter(Hex.decode("00400000000000000000000000000000")), Hex.decode("0000000000000000")), set1v9_0, set1v9_192, set1v9_256, set1v9_448); salsa20Test1(12, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")), salsa12_set1v0_0, salsa12_set1v0_192, salsa12_set1v0_256, salsa12_set1v0_448); salsa20Test1(8, new ParametersWithIV(new KeyParameter(Hex.decode("80000000000000000000000000000000")), Hex.decode("0000000000000000")), salsa8_set1v0_0, salsa8_set1v0_192, salsa8_set1v0_256, salsa8_set1v0_448); salsa20Test2(new ParametersWithIV(new KeyParameter(Hex.decode("0053A6F94C9FF24598EB3E91E4378ADD3083D6297CCF2275C81B6EC11467BA0D")), Hex.decode("0D74DB42A91077DE")), set6v0_0, set6v0_65472, set6v0_65536); salsa20Test2(new ParametersWithIV(new KeyParameter(Hex.decode("0558ABFE51A4F74A9DF04396E93C8FE23588DB2E81D4277ACD2073C6196CBF12")), Hex.decode("167DE44BB21980E7")), set6v1_0, set6v1_65472, set6v1_65536); reinitBug(); skipTest(); } private void salsa20Test1(int rounds, CipherParameters params, String v0, String v192, String v256, String v448) { StreamCipher salsa = new Salsa20Engine(rounds); byte[] buf = new byte[64]; salsa.init(true, params); for (int i = 0; i != 7; i++) { salsa.processBytes(zeroes, 0, 64, buf, 0); switch (i) { case 0: if (!areEqual(buf, Hex.decode(v0))) { mismatch("v0/" + rounds, v0, buf); } break; case 3: if (!areEqual(buf, Hex.decode(v192))) { mismatch("v192/" + rounds, v192, buf); } break; case 4: if (!areEqual(buf, Hex.decode(v256))) { mismatch("v256/" + rounds, v256, buf); } break; default: // ignore } } for (int i = 0; i != 64; i++) { buf[i] = salsa.returnByte(zeroes[i]); } if (!areEqual(buf, Hex.decode(v448))) { mismatch("v448", v448, buf); } } private void salsa20Test2(CipherParameters params, String v0, String v65472, String v65536) { StreamCipher salsa = new Salsa20Engine(); byte[] buf = new byte[64]; salsa.init(true, params); for (int i = 0; i != 1025; i++) { salsa.processBytes(zeroes, 0, 64, buf, 0); switch (i) { case 0: if (!areEqual(buf, Hex.decode(v0))) { mismatch("v0", v0, buf); } break; case 1023: if (!areEqual(buf, Hex.decode(v65472))) { mismatch("v65472", v65472, buf); } break; case 1024: if (!areEqual(buf, Hex.decode(v65536))) { mismatch("v65536", v65536, buf); } break; default: // ignore } } } private void mismatch(String name, String expected, byte[] found) { fail("mismatch on " + name, expected, new String(Hex.encode(found))); } private void reinitBug() { KeyParameter key = new KeyParameter(Hex.decode("80000000000000000000000000000000")); ParametersWithIV parameters = new ParametersWithIV(key, Hex.decode("0000000000000000")); StreamCipher salsa = new Salsa20Engine(); salsa.init(true, parameters); try { salsa.init(true, key); fail("Salsa20 should throw exception if no IV in Init"); } catch (IllegalArgumentException e) { } } private boolean areEqual(byte[] a, int aOff, byte[] b, int bOff) { for (int i = bOff; i != b.length; i++) { if (a[aOff + i - bOff] != b[i]) { return false; } } return true; } private void skipTest() { SecureRandom rand = new SecureRandom(); byte[] plain = new byte[50000]; byte[] cipher = new byte[50000]; rand.nextBytes(plain); CipherParameters params = new ParametersWithIV(new KeyParameter(Hex.decode("0053A6F94C9FF24598EB3E91E4378ADD3083D6297CCF2275C81B6EC11467BA0D")), Hex.decode("0D74DB42A91077DE")); Salsa20Engine engine = new Salsa20Engine(); engine.init(true, params); engine.processBytes(plain, 0, plain.length, cipher, 0); byte[] fragment = new byte[20]; engine.init(true, params); engine.skip(10); engine.processBytes(plain, 10, fragment.length, fragment, 0); if (!areEqual(cipher, 10, fragment, 0)) { fail("skip forward 10 failed"); } engine.skip(1000); engine.processBytes(plain, 1010 + fragment.length, fragment.length, fragment, 0); if (!areEqual(cipher, 1010 + fragment.length, fragment, 0)) { fail("skip forward 1000 failed"); } engine.skip(-10); engine.processBytes(plain, 1010 + 2 * fragment.length - 10, fragment.length, fragment, 0); if (!areEqual(cipher, 1010 + 2 * fragment.length - 10, fragment, 0)) { fail("skip back 10 failed"); } engine.skip(-1000); if (engine.getPosition() != 60) { fail("skip position incorrect - " + 60 + " got " + engine.getPosition()); } engine.processBytes(plain, 60, fragment.length, fragment, 0); if (!areEqual(cipher, 60, fragment, 0)) { fail("skip back 1000 failed"); } long pos = engine.seekTo(1010); if (pos != 1010) { fail("position wrong"); } engine.processBytes(plain, 1010, fragment.length, fragment, 0); if (!areEqual(cipher, 1010, fragment, 0)) { fail("seek to 1010 failed"); } engine.reset(); for (int i = 0; i != 5000; i++) { engine.skip(i); if (engine.getPosition() != i) { fail("skip forward at wrong position"); } engine.processBytes(plain, i, fragment.length, fragment, 0); if (!areEqual(cipher, i, fragment, 0)) { fail("skip forward i failed: " + i); } if (engine.getPosition() != i + fragment.length) { fail("cipher at wrong position: " + engine.getPosition() + " [" + i + "]"); } engine.skip(-fragment.length); if (engine.getPosition() != i) { fail("skip back at wrong position"); } engine.processBytes(plain, i, fragment.length, fragment, 0); if (!areEqual(cipher, i, fragment, 0)) { fail("skip back i failed: " + i); } engine.reset(); } } public static void main( String[] args) { runTest(new Salsa20Test()); } }