def test_aes_128_cfb128(self):
plaintext = (
"6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"
)
ciphertext = (
"3b3fd92eb72dad20333449f8e83cfb4a"
+ "c8a64537a0b3a93fcde3cdad9f1ce58b"
+ "26751f67a3cbb140b1808cf187a4f4df"
+ "c04b05357c5d1c0eeac4c66f9ff7f2e6"
)
key = "2b7e151628aed2a6abf7158809cf4f3c"
iv = "000102030405060708090a0b0c0d0e0f"
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def test_aes_256_cfb128(self):
plaintext = (
"6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"
)
ciphertext = (
"dc7e84bfda79164b7ecd8486985d3860"
+ "39ffed143b28b1c832113c6331e5407b"
+ "df10132415e54b92a13ed0a8267ae2f9"
+ "75a385741ab9cef82031623d55b1e471"
)
key = "603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4"
iv = "000102030405060708090a0b0c0d0e0f"
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def test_des3(self):
# The following test vectors have been generated with gpg v1.4.0.
# The command line used was:
# gpg -c -z 0 --cipher-algo 3DES --passphrase secret_passphrase \
# --disable-mdc --s2k-mode 0 --output ct pt
# For an explanation, see test_AES.py .
plaintext = 'ac1762037074324fb53ba3596f73656d69746556616c6c6579'
ciphertext = '9979238528357b90e2e0be549cb0b2d5999b9a4a447e5c5c7d'
key = '7ade65b460f5ea9be35f9e14aa883a2048e3824aa616c0b2'
iv='cd47e2afb8b7e4b0'
encrypted_iv='6a7eef0b58050e8b904a'
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
key = unhexlify(key)
iv = unhexlify(iv)
encrypted_iv = unhexlify(encrypted_iv)
cipher = DES3.new(key, DES3.MODE_OPENPGP, iv)
ct = cipher.encrypt(plaintext)
self.assertEqual(ct[:10], encrypted_iv)
self.assertEqual(ct[10:], ciphertext)
cipher = DES3.new(key, DES3.MODE_OPENPGP, encrypted_iv)
pt = cipher.decrypt(ciphertext)
self.assertEqual(pt, plaintext)
def test_aes_256(self):
plaintext = '6bc1bee22e409f96e93d7e117393172a' +\
'ae2d8a571e03ac9c9eb76fac45af8e51' +\
'30c81c46a35ce411e5fbc1191a0a52ef' +\
'f69f2445df4f9b17ad2b417be66c3710'
ciphertext = 'dc7e84bfda79164b7ecd8486985d3860' +\
'4febdc6740d20b3ac88f6ad82a4fb08d' +\
'71ab47a086e86eedf39d1c5bba97c408' +\
'0126141d67f37be8538f5a8be740e484'
key = '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4'
iv = '000102030405060708090a0b0c0d0e0f'
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.encrypt(plaintext[:-8]), ciphertext[:-8])
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.decrypt(ciphertext[:-8]), plaintext[:-8])
def test_aes_192(self):
plaintext = '6bc1bee22e409f96e93d7e117393172a' +\
'ae2d8a571e03ac9c9eb76fac45af8e51' +\
'30c81c46a35ce411e5fbc1191a0a52ef' +\
'f69f2445df4f9b17ad2b417be66c3710'
ciphertext = 'cdc80d6fddf18cab34c25909c99a4174' +\
'fcc28b8d4c63837c09e81700c1100401' +\
'8d9a9aeac0f6596f559c6d4daf59a5f2' +\
'6d9f200857ca6c3e9cac524bd9acc92a'
key = '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b'
iv = '000102030405060708090a0b0c0d0e0f'
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.encrypt(plaintext[:-8]), ciphertext[:-8])
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.decrypt(ciphertext[:-8]), plaintext[:-8])
def test_aes_128(self):
plaintext = '6bc1bee22e409f96e93d7e117393172a' +\
'ae2d8a571e03ac9c9eb76fac45af8e51' +\
'30c81c46a35ce411e5fbc1191a0a52ef' +\
'f69f2445df4f9b17ad2b417be66c3710'
ciphertext = '3b3fd92eb72dad20333449f8e83cfb4a' +\
'7789508d16918f03f53c52dac54ed825' +\
'9740051e9c5fecf64344f7a82260edcc' +\
'304c6528f659c77866a510d9c1d6ae5e'
key = '2b7e151628aed2a6abf7158809cf4f3c'
iv = '000102030405060708090a0b0c0d0e0f'
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.encrypt(plaintext[:-8]), ciphertext[:-8])
cipher = AES.new(key, AES.MODE_OFB, iv)
self.assertEqual(cipher.decrypt(ciphertext[:-8]), plaintext[:-8])
def test_aes_192_cfb128(self):
plaintext = (
"6bc1bee22e409f96e93d7e117393172a"
+ "ae2d8a571e03ac9c9eb76fac45af8e51"
+ "30c81c46a35ce411e5fbc1191a0a52ef"
+ "f69f2445df4f9b17ad2b417be66c3710"
)
ciphertext = (
"cdc80d6fddf18cab34c25909c99a4174"
+ "67ce7f7f81173621961a2b70171d3d7a"
+ "2e1e8a1dd59b88b1c8e60fed1efac4c9"
+ "c05f9f9ca9834fa042ae8fba584b09ff"
)
key = "8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b"
iv = "000102030405060708090a0b0c0d0e0f"
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=128)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def test_1(self):
key = unhexlify("3da6c536d6295579c0959a7043efb503")
iv = unhexlify("2b926197d34e091ef722db94")
aad = unhexlify("00000000000000000000000000000000" +
"000102030405060708090a0b0c0d0e0f" +
"101112131415161718191a1b1c1d1e1f" +
"202122232425262728292a2b2c2d2e2f" +
"303132333435363738393a3b3c3d3e3f")
digest = unhexlify("69dd586555ce3fcc89663801a71d957b")
cipher = AES.new(key, AES.MODE_GCM, iv).update(aad)
self.assertEqual(digest, cipher.digest())
def test_aes_192_cfb8(self):
plaintext = '6bc1bee22e409f96e93d7e117393172aae2d'
ciphertext = 'cda2521ef0a905ca44cd057cbf0d47a0678a'
key = '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b'
iv = '000102030405060708090a0b0c0d0e0f'
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=8)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=8)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def test_aes_128_cfb8(self):
plaintext = '6bc1bee22e409f96e93d7e117393172aae2d'
ciphertext = '3b79424c9c0dd436bace9e0ed4586a4f32b9'
key = '2b7e151628aed2a6abf7158809cf4f3c'
iv = '000102030405060708090a0b0c0d0e0f'
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=8)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=8)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def test_aes_256_cfb8(self):
plaintext = '6bc1bee22e409f96e93d7e117393172aae2d'
ciphertext = 'dc1f1a8520a64db55fcc8ac554844e889700'
key = '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4'
iv = '000102030405060708090a0b0c0d0e0f'
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=8)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CFB, iv, segment_size=8)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def load_fips_test_module(desc, file_in):
"""Load and parse NIST test vector file
Return a list of objects with attributes:
"desc" : string
"key" : bytes
"iv" : bytes
"aad" : bytes (possibly empty)
"pt" : bytes (possibly empty) or "FAIL" if MAC tag is invalid
"ct" : bytes (possibly empty)
"tag" : bytes
"""
line_number = 0
group = 0
results = []
class TestVector(object):
def __init__(self, description):
self.desc = description
test_vector = None
while True:
line_number += 1
line = file_in.readline()
if not line:
break
line = line.strip()
# Skip comments and empty lines
if not line or line.startswith("#"):
continue
if line.startswith("["):
if line.startswith("[K"):
group += 1
continue
# FAIL is a special token that replaces PT
if line == "FAIL":
test_vector.pt = "FAIL"
continue
res = re.match("([A-Za-z]+) = ?([0-9A-Fa-f]*)", line)
if not res:
raise ValueError("Incorrect test vector format (line %d): %s" %
(line_number, line))
token = res.group(1).lower()
data = res.group(2)
if token == "count":
if test_vector is not None:
results.append(test_vector)
test_vector = TestVector("%s(G%d-#%s)" % (desc, group, data))
else:
setattr(test_vector, token, unhexlify(data))
# This line is ignored
return results
def test_hex_mac(self):
cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
mac_hex = cipher.hexdigest()
self.assertEqual(cipher.digest(), unhexlify(mac_hex))
cipher = AES.new(self.key_256, AES.MODE_SIV, nonce=self.nonce_96)
cipher.hexverify(mac_hex)
def setUp(self):
file_in = open(pycryptodome_filename(
"Crypto.SelfTest.Signature.test_vectors.wycheproof".split("."),
"rsa_signature_test.json"), "rt")
tv_tree = json.load(file_in)
class TestVector(object):
pass
self.tv = []
for group in tv_tree['testGroups']:
key = RSA.import_key(group['keyPem'])
hash_name = group['sha']
if hash_name == "SHA-256":
hash_module = SHA256
elif hash_name == "SHA-224":
hash_module = SHA224
elif hash_name == "SHA-1":
hash_module = SHA1
else:
assert False
assert group['type'] == "RSASigVer"
for test in group['tests']:
tv = TestVector()
tv.id = test['tcId']
tv.comment = test['comment']
for attr in 'msg', 'sig':
setattr(tv, attr, unhexlify(test[attr]))
tv.key = key
tv.hash_module = hash_module
tv.valid = test['result'] != "invalid"
tv.warning = test['result'] == "acceptable"
self.tv.append(tv)
def test3(self):
for keylen, taglen, result in self.tv3:
key = bchr(0) * (keylen // 8 - 1) + bchr(taglen)
C = b("")
for i in range(128):
S = bchr(0) * i
N = long_to_bytes(3 * i + 1, 12)
cipher = AES.new(key, AES.MODE_OCB, nonce=N, mac_len=taglen // 8)
cipher.update(S)
C += cipher.encrypt(S) + cipher.encrypt() + cipher.digest()
N = long_to_bytes(3 * i + 2, 12)
cipher = AES.new(key, AES.MODE_OCB, nonce=N, mac_len=taglen // 8)
C += cipher.encrypt(S) + cipher.encrypt() + cipher.digest()
N = long_to_bytes(3 * i + 3, 12)
cipher = AES.new(key, AES.MODE_OCB, nonce=N, mac_len=taglen // 8)
cipher.update(S)
C += cipher.encrypt() + cipher.digest()
N = long_to_bytes(385, 12)
cipher = AES.new(key, AES.MODE_OCB, nonce=N, mac_len=taglen // 8)
cipher.update(C)
result2 = cipher.encrypt() + cipher.digest()
self.assertEqual(unhexlify(b(result)), result2)
def load_fips_test_module(desc, file_in):
"""Load and parse NIST test vector file
Return a list of objects with attributes:
"desc" : string
"direction" : string ("ENC" or "DEC")
"key" : bytes
"iv" : bytes
"plaintext" : bytes
"ciphertext" : bytes
"""
line_number = 0
results = []
direction = "ENC"
class TestVector(object):
def __init__(self, description, direction):
self.desc = description
self.direction = direction
test_vector = None
while True:
line_number += 1
line = file_in.readline()
if not line:
if test_vector is not None:
results.append(test_vector)
break
line = line.strip()
# Skip comments and empty lines
if line.startswith('#') or not line:
continue
# Toggle direction
if line == "[ENCRYPT]":
direction = "ENC"
continue
elif line == "[DECRYPT]":
direction = "DEC"
continue
res = re.match("([A-Za-z0-9]+) = ([0-9A-Fa-f]+)", line)
if not res:
raise ValueError("Incorrect test vector format (line %d): %s" % (line_number, line))
token = res.group(1)
data = res.group(2)
if token == "COUNT":
if test_vector is not None:
results.append(test_vector)
test_vector = TestVector("%s(%s)" % (desc, data), direction)
else:
setattr(test_vector, token.lower(), unhexlify(data))
# This line is ignored
return results
def test1(self):
key = unhexlify(b(self.tv1_key))
for tv in self.tv1:
nonce, aad, pt, ct = [ unhexlify(b(x)) for x in tv ]
ct, mac_tag = ct[:-16], ct[-16:]
cipher = AES.new(key, AES.MODE_OCB, nonce=nonce)
cipher.update(aad)
ct2 = cipher.encrypt(pt) + cipher.encrypt()
self.assertEqual(ct, ct2)
self.assertEqual(mac_tag, cipher.digest())
cipher = AES.new(key, AES.MODE_OCB, nonce=nonce)
cipher.update(aad)
pt2 = cipher.decrypt(ct) + cipher.decrypt()
self.assertEqual(pt, pt2)
cipher.verify(mac_tag)
def test_aes(self):
# The following test vectors have been generated with gpg v1.4.0.
# The command line used was:
#
# gpg -c -z 0 --cipher-algo AES --passphrase secret_passphrase \
# --disable-mdc --s2k-mode 0 --output ct pt
#
# As result, the content of the file 'pt' is encrypted with a key derived
# from 'secret_passphrase' and written to file 'ct'.
# Test vectors must be extracted from 'ct', which is a collection of
# TLVs (see RFC4880 for all details):
# - the encrypted data (with the encrypted IV as prefix) is the payload
# of the TLV with tag 9 (Symmetrical Encrypted Data Packet).
# This is the ciphertext in the test vector.
# - inside the encrypted part, there is a further layer of TLVs. One must
# look for tag 11 (Literal Data Packet); in its payload, after a short
# but time dependent header, there is the content of file 'pt'.
# In the test vector, the plaintext is the complete set of TLVs that gets
# encrypted. It is not just the content of 'pt'.
# - the key is the leftmost 16 bytes of the SHA1 digest of the password.
# The test vector contains such shortened digest.
#
# Note that encryption uses a clear IV, and decryption an encrypted IV
plaintext = 'ac18620270744fb4f647426c61636b4361745768697465436174'
ciphertext = 'dc6b9e1f095de609765c59983db5956ae4f63aea7405389d2ebb'
key = '5baa61e4c9b93f3f0682250b6cf8331b'
iv = '3d7d3e62282add7eb203eeba5c800733'
encrypted_iv='fd934601ef49cb58b6d9aebca6056bdb96ef'
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
key = unhexlify(key)
iv = unhexlify(iv)
encrypted_iv = unhexlify(encrypted_iv)
cipher = AES.new(key, AES.MODE_OPENPGP, iv)
ct = cipher.encrypt(plaintext)
self.assertEqual(ct[:18], encrypted_iv)
self.assertEqual(ct[18:], ciphertext)
cipher = AES.new(key, AES.MODE_OPENPGP, encrypted_iv)
pt = cipher.decrypt(ciphertext)
self.assertEqual(pt, plaintext)
def test_aes_128(self):
key = '2b7e151628aed2a6abf7158809cf4f3c'
iv = '000102030405060708090a0b0c0d0e0f'
plaintext = '6bc1bee22e409f96e93d7e117393172a' +\
'ae2d8a571e03ac9c9eb76fac45af8e51' +\
'30c81c46a35ce411e5fbc1191a0a52ef' +\
'f69f2445df4f9b17ad2b417be66c3710'
ciphertext = '7649abac8119b246cee98e9b12e9197d' +\
'5086cb9b507219ee95db113a917678b2' +\
'73bed6b8e3c1743b7116e69e22229516' +\
'3ff1caa1681fac09120eca307586e1a7'
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CBC, iv)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CBC, iv)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def test_aes_256(self):
key = '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4'
iv = '000102030405060708090a0b0c0d0e0f'
plaintext = '6bc1bee22e409f96e93d7e117393172a' +\
'ae2d8a571e03ac9c9eb76fac45af8e51' +\
'30c81c46a35ce411e5fbc1191a0a52ef' +\
'f69f2445df4f9b17ad2b417be66c3710'
ciphertext = 'f58c4c04d6e5f1ba779eabfb5f7bfbd6' +\
'9cfc4e967edb808d679f777bc6702c7d' +\
'39f23369a9d9bacfa530e26304231461' +\
'b2eb05e2c39be9fcda6c19078c6a9d1b'
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CBC, iv)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CBC, iv)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def test_aes_192(self):
key = '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b'
iv = '000102030405060708090a0b0c0d0e0f'
plaintext = '6bc1bee22e409f96e93d7e117393172a' +\
'ae2d8a571e03ac9c9eb76fac45af8e51' +\
'30c81c46a35ce411e5fbc1191a0a52ef' +\
'f69f2445df4f9b17ad2b417be66c3710'
ciphertext = '4f021db243bc633d7178183a9fa071e8' +\
'b4d9ada9ad7dedf4e5e738763f69145a' +\
'571b242012fb7ae07fa9baac3df102e0' +\
'08b0e27988598881d920a9e64f5615cd'
key = unhexlify(key)
iv = unhexlify(iv)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CBC, iv)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CBC, iv)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def test_aes_256(self):
plaintext = '6bc1bee22e409f96e93d7e117393172a' +\
'ae2d8a571e03ac9c9eb76fac45af8e51' +\
'30c81c46a35ce411e5fbc1191a0a52ef' +\
'f69f2445df4f9b17ad2b417be66c3710'
ciphertext = '601ec313775789a5b7a7f504bbf3d228' +\
'f443e3ca4d62b59aca84e990cacaf5c5' +\
'2b0930daa23de94ce87017ba2d84988d' +\
'dfc9c58db67aada613c2dd08457941a6'
key = '603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4'
counter = Counter.new(nbits=16,
prefix=unhexlify('f0f1f2f3f4f5f6f7f8f9fafbfcfd'),
initial_value=0xfeff)
key = unhexlify(key)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CTR, counter=counter)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CTR, counter=counter)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def test_aes_192(self):
plaintext = '6bc1bee22e409f96e93d7e117393172a' +\
'ae2d8a571e03ac9c9eb76fac45af8e51' +\
'30c81c46a35ce411e5fbc1191a0a52ef' +\
'f69f2445df4f9b17ad2b417be66c3710'
ciphertext = '1abc932417521ca24f2b0459fe7e6e0b' +\
'090339ec0aa6faefd5ccc2c6f4ce8e94' +\
'1e36b26bd1ebc670d1bd1d665620abf7' +\
'4f78a7f6d29809585a97daec58c6b050'
key = '8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b'
counter = Counter.new(nbits=16,
prefix=unhexlify('f0f1f2f3f4f5f6f7f8f9fafbfcfd'),
initial_value=0xfeff)
key = unhexlify(key)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CTR, counter=counter)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CTR, counter=counter)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def test_aes_128(self):
plaintext = '6bc1bee22e409f96e93d7e117393172a' +\
'ae2d8a571e03ac9c9eb76fac45af8e51' +\
'30c81c46a35ce411e5fbc1191a0a52ef' +\
'f69f2445df4f9b17ad2b417be66c3710'
ciphertext = '874d6191b620e3261bef6864990db6ce' +\
'9806f66b7970fdff8617187bb9fffdff' +\
'5ae4df3edbd5d35e5b4f09020db03eab' +\
'1e031dda2fbe03d1792170a0f3009cee'
key = '2b7e151628aed2a6abf7158809cf4f3c'
counter = Counter.new(nbits=16,
prefix=unhexlify('f0f1f2f3f4f5f6f7f8f9fafbfcfd'),
initial_value=0xfeff)
key = unhexlify(key)
plaintext = unhexlify(plaintext)
ciphertext = unhexlify(ciphertext)
cipher = AES.new(key, AES.MODE_CTR, counter=counter)
self.assertEqual(cipher.encrypt(plaintext), ciphertext)
cipher = AES.new(key, AES.MODE_CTR, counter=counter)
self.assertEqual(cipher.decrypt(ciphertext), plaintext)
def hexverify(self, hex_mac_tag):
"""Validate the *printable* MAC tag.
This method is like `verify`.
:Parameters:
hex_mac_tag : string
This is the *printable* MAC, as received from the sender.
:Raises MacMismatchError:
if the MAC does not match. The message has been tampered with
or the key is incorrect.
"""
self.verify(unhexlify(hex_mac_tag))
def test2(self):
key, nonce, aad, pt, ct = [unhexlify(b(x)) for x in self.tv2]
ct, mac_tag = ct[:-12], ct[-12:]
cipher = AES.new(key, AES.MODE_OCB, nonce=nonce, mac_len=12)
cipher.update(aad)
ct2 = cipher.encrypt(pt) + cipher.encrypt()
self.assertEqual(ct, ct2)
self.assertEqual(mac_tag, cipher.digest())
cipher = AES.new(key, AES.MODE_OCB, nonce=nonce, mac_len=12)
cipher.update(aad)
pt2 = cipher.decrypt(ct) + cipher.decrypt()
self.assertEqual(pt, pt2)
cipher.verify(mac_tag)
def test2(self):
key, nonce, aad, pt, ct = [ unhexlify(b(x)) for x in self.tv2 ]
ct, mac_tag = ct[:-12], ct[-12:]
cipher = AES.new(key, AES.MODE_OCB, nonce=nonce, mac_len=12)
cipher.update(aad)
ct2 = cipher.encrypt(pt) + cipher.encrypt()
self.assertEqual(ct, ct2)
self.assertEqual(mac_tag, cipher.digest())
cipher = AES.new(key, AES.MODE_OCB, nonce=nonce, mac_len=12)
cipher.update(aad)
pt2 = cipher.decrypt(ct) + cipher.decrypt()
self.assertEqual(pt, pt2)
cipher.verify(mac_tag)
def setUp(self):
comps = "Crypto.SelfTest.Cipher.test_vectors.wycheproof".split(".")
with open(pycryptodome_filename(comps, "aes_siv_cmac_test.json"), "rt") as file_in:
tv_tree = json.load(file_in)
class TestVector(object):
pass
self.tv = []
for group in tv_tree['testGroups']:
for test in group['tests']:
tv = TestVector()
tv.id = test['tcId']
for attr in 'key', 'aad', 'msg', 'ct':
setattr(tv, attr, unhexlify(test[attr]))
tv.valid = test['result'] != "invalid"
self.tv.append(tv)
def setUp(self):
file_in = open(pycryptodome_filename(
"Crypto.SelfTest.Cipher.test_vectors.wycheproof".split("."),
"aes_siv_cmac_test.json"), "rt")
tv_tree = json.load(file_in)
class TestVector(object):
pass
self.tv = []
for group in tv_tree['testGroups']:
for test in group['tests']:
tv = TestVector()
tv.id = test['tcId']
for attr in 'key', 'aad', 'msg', 'ct':
setattr(tv, attr, unhexlify(test[attr]))
tv.valid = test['result'] != "invalid"
self.tv.append(tv)
def setUp(self):
comps = "Crypto.SelfTest.Cipher.test_vectors.wycheproof".split(".")
with open(pycryptodome_filename(comps, "aes_eax_test.json"), "rt") as file_in:
tv_tree = json.load(file_in)
class TestVector(object):
pass
self.tv = []
for group in tv_tree['testGroups']:
tag_size = group['tagSize'] // 8
for test in group['tests']:
tv = TestVector()
tv.tag_size = tag_size
tv.id = test['tcId']
tv.comment = test['comment']
for attr in 'key', 'iv', 'aad', 'msg', 'ct', 'tag':
setattr(tv, attr, unhexlify(test[attr]))
tv.valid = test['result'] != "invalid"
tv.warning = test['result'] == "acceptable"
self.tv.append(tv)
def test3(self):
for keylen, taglen, result in self.tv3:
key = bchr(0) * (keylen // 8 - 1) + bchr(taglen)
C = b("")
for i in xrange(128):
S = bchr(0) * i
N = long_to_bytes(3 * i + 1, 12)
cipher = AES.new(key,
AES.MODE_OCB,
nonce=N,
mac_len=taglen // 8)
cipher.update(S)
C += cipher.encrypt(S) + cipher.encrypt() + cipher.digest()
N = long_to_bytes(3 * i + 2, 12)
cipher = AES.new(key,
AES.MODE_OCB,
nonce=N,
mac_len=taglen // 8)
C += cipher.encrypt(S) + cipher.encrypt() + cipher.digest()
N = long_to_bytes(3 * i + 3, 12)
cipher = AES.new(key,
AES.MODE_OCB,
nonce=N,
mac_len=taglen // 8)
cipher.update(S)
C += cipher.encrypt() + cipher.digest()
N = long_to_bytes(385, 12)
cipher = AES.new(key, AES.MODE_OCB, nonce=N, mac_len=taglen // 8)
cipher.update(C)
result2 = cipher.encrypt() + cipher.digest()
self.assertEquals(unhexlify(b(result)), result2)
def setUp(self):
file_in = open(pycryptodome_filename(
"Crypto.SelfTest.Hash.test_vectors.wycheproof".split("."),
"aes_cmac_test.json"), "rt")
tv_tree = json.load(file_in)
class TestVector(object):
pass
self.tv = []
for group in tv_tree['testGroups']:
tag_size = group['tagSize'] // 8
for test in group['tests']:
tv = TestVector()
tv.tag_size = tag_size
tv.id = test['tcId']
tv.comment = test['comment']
for attr in 'key', 'msg', 'tag':
setattr(tv, attr, unhexlify(test[attr]))
tv.valid = test['result'] != "invalid"
tv.warning = test['result'] == "acceptable"
self.tv.append(tv)
def setUp(self):
file_in = open(
pycryptodome_filename(
"Crypto.SelfTest.Signature.test_vectors.wycheproof".split("."),
"rsa_signature_test.json"), "rt")
tv_tree = json.load(file_in)
class TestVector(object):
pass
self.tv = []
for group in tv_tree['testGroups']:
key = RSA.import_key(group['keyPem'])
hash_name = group['sha']
if hash_name == "SHA-256":
hash_module = SHA256
elif hash_name == "SHA-224":
hash_module = SHA224
elif hash_name == "SHA-1":
hash_module = SHA1
else:
assert False
assert group['type'] == "RSASigVer"
for test in group['tests']:
tv = TestVector()
tv.id = test['tcId']
tv.comment = test['comment']
for attr in 'msg', 'sig':
setattr(tv, attr, unhexlify(test[attr]))
tv.key = key
tv.hash_module = hash_module
tv.valid = test['result'] != "invalid"
tv.warning = test['result'] == "acceptable"
self.tv.append(tv)
def add_tests(self, filename):
file_in = open(
pycryptodome_filename(
"Crypto.SelfTest.Signature.test_vectors.wycheproof".split("."),
filename), "rt")
tv_tree = json.load(file_in)
for group in tv_tree['testGroups']:
try:
key = ECC.import_key(group['keyPem'])
except ValueError:
continue
hash_name = group['sha']
if hash_name == "SHA-256":
hash_module = SHA256
elif hash_name == "SHA-224":
hash_module = SHA224
elif hash_name == "SHA-1":
hash_module = SHA1
else:
assert False
assert group['type'] == "ECDSAVer"
for test in group['tests']:
tv = TestVector()
tv.id = test['tcId']
tv.comment = test['comment']
for attr in 'msg', 'sig':
setattr(tv, attr, unhexlify(test[attr]))
tv.key = key
tv.hash_module = hash_module
tv.valid = test['result'] != "invalid"
tv.warning = test['result'] == "acceptable"
self.tv.append(tv)
def test_2(self):
key = unhexlify("843ffcf5d2b72694d19ed01d01249412")
iv = unhexlify("dbcca32ebf9b804617c3aa9e")
aad = unhexlify("00000000000000000000000000000000" +
"101112131415161718191a1b1c1d1e1f")
pt = unhexlify("000102030405060708090a0b0c0d0e0f" +
"101112131415161718191a1b1c1d1e1f" +
"202122232425262728292a2b2c2d2e2f" +
"303132333435363738393a3b3c3d3e3f" +
"404142434445464748494a4b4c4d4e4f")
ct = unhexlify("6268c6fa2a80b2d137467f092f657ac0" +
"4d89be2beaa623d61b5a868c8f03ff95" +
"d3dcee23ad2f1ab3a6c80eaf4b140eb0" +
"5de3457f0fbc111a6b43d0763aa422a3" +
"013cf1dc37fe417d1fbfc449b75d4cc5")
digest = unhexlify("3b629ccfbc1119b7319e1dce2cd6fd6d")
cipher = AES.new(key, AES.MODE_GCM, iv).update(aad)
ct2, digest2 = cipher.encrypt_and_digest(pt)
self.assertEqual(ct, ct2)
self.assertEqual(digest, digest2)
def test_2(self):
key = unhexlify("843ffcf5d2b72694d19ed01d01249412")
iv = unhexlify("dbcca32ebf9b804617c3aa9e")
aad = unhexlify("00000000000000000000000000000000" +
"101112131415161718191a1b1c1d1e1f")
pt = unhexlify("000102030405060708090a0b0c0d0e0f" +
"101112131415161718191a1b1c1d1e1f" +
"202122232425262728292a2b2c2d2e2f" +
"303132333435363738393a3b3c3d3e3f" +
"404142434445464748494a4b4c4d4e4f")
ct = unhexlify("6268c6fa2a80b2d137467f092f657ac0" +
"4d89be2beaa623d61b5a868c8f03ff95" +
"d3dcee23ad2f1ab3a6c80eaf4b140eb0" +
"5de3457f0fbc111a6b43d0763aa422a3" +
"013cf1dc37fe417d1fbfc449b75d4cc5")
digest = unhexlify("3b629ccfbc1119b7319e1dce2cd6fd6d")
cipher = AES.new(key, AES.MODE_GCM, iv).update(aad)
ct2, digest2 = cipher.encrypt_and_digest(pt)
self.assertEqual(ct, ct2)
self.assertEqual(digest, digest2)
def compact(lines):
ext = b("").join(lines)
return unhexlify(tostr(ext).replace(" ", "").replace(":", ""))
class TestVectors(unittest.TestCase):
"""Class exercising the EAX test vectors found in
http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf"""
test_vectors = [
('6bfb914fd07eae6b', '', '', 'e037830e8389f27b025a2d6527e79d01',
'233952dee4d5ed5f9b9c6d6ff80ff478',
'62EC67F9C3A4A407FCB2A8C49031A8B3'),
('fa3bfd4806eb53fa', 'f7fb', '19dd',
'5c4c9331049d0bdab0277408f67967e5',
'91945d3f4dcbee0bf45ef52255f095a4',
'BECAF043B0A23D843194BA972C66DEBD'),
('234a3463c1264ac6', '1a47cb4933', 'd851d5bae0',
'3a59f238a23e39199dc9266626c40f80',
'01f74ad64077f2e704c0f60ada3dd523',
'70C3DB4F0D26368400A10ED05D2BFF5E'),
('33cce2eabff5a79d', '481c9e39b1', '632a9d131a',
'd4c168a4225d8e1ff755939974a7bede',
'd07cf6cbb7f313bdde66b727afd3c5e8',
'8408DFFF3C1A2B1292DC199E46B7D617'),
('aeb96eaebe2970e9', '40d0c07da5e4', '071dfe16c675',
'cb0677e536f73afe6a14b74ee49844dd',
'35b6d0580005bbc12b0587124557d2c2',
'FDB6B06676EEDC5C61D74276E1F8E816'),
('d4482d1ca78dce0f', '4de3b35c3fc039245bd1fb7d',
'835bb4f15d743e350e728414', 'abb8644fd6ccb86947c5e10590210a4f',
'bd8e6e11475e60b268784c38c62feb22',
'6EAC5C93072D8E8513F750935E46DA1B'),
('65d2017990d62528', '8b0a79306c9ce7ed99dae4f87f8dd61636',
'02083e3979da014812f59f11d52630da30',
'137327d10649b0aa6e1c181db617d7f2',
'7c77d6e813bed5ac98baa417477a2e7d',
'1A8C98DCD73D38393B2BF1569DEEFC19'),
('54b9f04e6a09189a', '1bda122bce8a8dbaf1877d962b8592dd2d56',
'2ec47b2c4954a489afc7ba4897edcdae8cc3',
'3b60450599bd02c96382902aef7f832a',
'5fff20cafab119ca2fc73549e20f5b0d',
'DDE59B97D722156D4D9AFF2BC7559826'),
('899a175897561d7e', '6cf36720872b8513f6eab1a8a44438d5ef11',
'0de18fd0fdd91e7af19f1d8ee8733938b1e8',
'e7f6d2231618102fdb7fe55ff1991700',
'a4a4782bcffd3ec5e7ef6d8c34a56123',
'B781FCF2F75FA5A8DE97A9CA48E522EC'),
('126735fcc320d25a', 'ca40d7446e545ffaed3bd12a740a659ffbbb3ceab7',
'cb8920f87a6c75cff39627b56e3ed197c552d295a7',
'cfc46afc253b4652b1af3795b124ab6e',
'8395fcf1e95bebd697bd010bc766aac3',
'22E7ADD93CFC6393C57EC0B3C17D6B44'),
]
for index, tv in enumerate(test_vectors):
test_vectors[index] = (unhexlify(x) for x in tv)
def runTest(self):
for assoc_data, pt, ct, mac, key, nonce in self.test_vectors:
# Encrypt
cipher = AES.new(key, AES.MODE_EAX, nonce, mac_len=len(mac))
cipher.update(assoc_data)
ct2, mac2 = cipher.encrypt_and_digest(pt)
self.assertEqual(ct, ct2)
self.assertEqual(mac, mac2)
# Decrypt
cipher = AES.new(key, AES.MODE_EAX, nonce, mac_len=len(mac))
cipher.update(assoc_data)
pt2 = cipher.decrypt_and_verify(ct, mac)
self.assertEqual(pt, pt2)
class Det_ECDSA_Tests(unittest.TestCase):
key_priv = ECC.construct(
curve="P-256",
d=0xC9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721)
key_pub = key_priv.public_key()
# This is a sequence of items:
# message, k, r, s, hash module
# taken from RFC6979
signatures_ = (
("sample",
"882905F1227FD620FBF2ABF21244F0BA83D0DC3A9103DBBEE43A1FB858109DB4",
"61340C88C3AAEBEB4F6D667F672CA9759A6CCAA9FA8811313039EE4A35471D32",
"6D7F147DAC089441BB2E2FE8F7A3FA264B9C475098FDCF6E00D7C996E1B8B7EB",
SHA1),
("sample",
"103F90EE9DC52E5E7FB5132B7033C63066D194321491862059967C715985D473",
"53B2FFF5D1752B2C689DF257C04C40A587FABABB3F6FC2702F1343AF7CA9AA3F",
"B9AFB64FDC03DC1A131C7D2386D11E349F070AA432A4ACC918BEA988BF75C74C",
SHA224),
("sample",
"A6E3C57DD01ABE90086538398355DD4C3B17AA873382B0F24D6129493D8AAD60",
"EFD48B2AACB6A8FD1140DD9CD45E81D69D2C877B56AAF991C34D0EA84EAF3716",
"F7CB1C942D657C41D436C7A1B6E29F65F3E900DBB9AFF4064DC4AB2F843ACDA8",
SHA256),
("sample",
"09F634B188CEFD98E7EC88B1AA9852D734D0BC272F7D2A47DECC6EBEB375AAD4",
"0EAFEA039B20E9B42309FB1D89E213057CBF973DC0CFC8F129EDDDC800EF7719",
"4861F0491E6998B9455193E34E7B0D284DDD7149A74B95B9261F13ABDE940954",
SHA384),
("sample",
"5FA81C63109BADB88C1F367B47DA606DA28CAD69AA22C4FE6AD7DF73A7173AA5",
"8496A60B5E9B47C825488827E0495B0E3FA109EC4568FD3F8D1097678EB97F00",
"2362AB1ADBE2B8ADF9CB9EDAB740EA6049C028114F2460F96554F61FAE3302FE",
SHA512),
("test",
"8C9520267C55D6B980DF741E56B4ADEE114D84FBFA2E62137954164028632A2E",
"0CBCC86FD6ABD1D99E703E1EC50069EE5C0B4BA4B9AC60E409E8EC5910D81A89",
"01B9D7B73DFAA60D5651EC4591A0136F87653E0FD780C3B1BC872FFDEAE479B1",
SHA1),
("test",
"669F4426F2688B8BE0DB3A6BD1989BDAEFFF84B649EEB84F3DD26080F667FAA7",
"C37EDB6F0AE79D47C3C27E962FA269BB4F441770357E114EE511F662EC34A692",
"C820053A05791E521FCAAD6042D40AEA1D6B1A540138558F47D0719800E18F2D",
SHA224),
("test",
"D16B6AE827F17175E040871A1C7EC3500192C4C92677336EC2537ACAEE0008E0",
"F1ABB023518351CD71D881567B1EA663ED3EFCF6C5132B354F28D3B0B7D38367",
"019F4113742A2B14BD25926B49C649155F267E60D3814B4C0CC84250E46F0083",
SHA256),
("test",
"16AEFFA357260B04B1DD199693960740066C1A8F3E8EDD79070AA914D361B3B8",
"83910E8B48BB0C74244EBDF7F07A1C5413D61472BD941EF3920E623FBCCEBEB6",
"8DDBEC54CF8CD5874883841D712142A56A8D0F218F5003CB0296B6B509619F2C",
SHA384),
("test",
"6915D11632ACA3C40D5D51C08DAF9C555933819548784480E93499000D9F0B7F",
"461D93F31B6540894788FD206C07CFA0CC35F46FA3C91816FFF1040AD1581A04",
"39AF9F15DE0DB8D97E72719C74820D304CE5226E32DEDAE67519E840D1194E55",
SHA512))
signatures = []
for a, b, c, d, e in signatures_:
new_tv = (tobytes(a), unhexlify(b), unhexlify(c), unhexlify(d), e)
signatures.append(new_tv)
def shortDescription(self):
return "Deterministic ECDSA Tests"
def test_loopback(self):
hashed_msg = SHA512.new(b("test"))
signer = DSS.new(self.key_priv, 'deterministic-rfc6979')
signature = signer.sign(hashed_msg)
verifier = DSS.new(self.key_pub, 'deterministic-rfc6979')
verifier.verify(hashed_msg, signature)
def test_data_rfc6979(self):
signer = DSS.new(self.key_priv, 'deterministic-rfc6979')
for message, k, r, s, module in self.signatures:
hash_obj = module.new(message)
result = signer.sign(hash_obj)
self.assertEqual(r + s, result)
def t2b(hexstring):
ws = hexstring.replace(" ", "").replace("\n", "")
return unhexlify(tobytes(ws))
class TestVectors(unittest.TestCase):
"""Class exercising the CCM test vectors found in Appendix C
of NIST SP 800-38C and in RFC 3610"""
# List of test vectors, each made up of:
# - authenticated data
# - plaintext
# - ciphertext
# - MAC
# - AES key
# - nonce
test_vectors = [
# NIST SP 800 38C
('0001020304050607', '20212223', '7162015b', '4dac255d',
'404142434445464748494a4b4c4d4e4f', '10111213141516'),
('000102030405060708090a0b0c0d0e0f',
'202122232425262728292a2b2c2d2e2f',
'd2a1f0e051ea5f62081a7792073d593d', '1fc64fbfaccd',
'404142434445464748494a4b4c4d4e4f', '1011121314151617'),
('000102030405060708090a0b0c0d0e0f10111213',
'202122232425262728292a2b2c2d2e2f3031323334353637',
'e3b201a9f5b71a7a9b1ceaeccd97e70b6176aad9a4428aa5',
'484392fbc1b09951', '404142434445464748494a4b4c4d4e4f',
'101112131415161718191a1b'),
((''.join([
"%02X" % (x * 16 + y) for x in range(0, 16) for y in range(0, 16)
])) * 256,
'202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f',
'69915dad1e84c6376a68c2967e4dab615ae0fd1faec44cc484828529463ccf72',
'b4ac6bec93e8598e7f0dadbcea5b', '404142434445464748494a4b4c4d4e4f',
'101112131415161718191a1b1c'),
# RFC3610
('0001020304050607', '08090a0b0c0d0e0f101112131415161718191a1b1c1d1e',
'588c979a61c663d2f066d0c2c0f989806d5f6b61dac384', '17e8d12cfdf926e0',
'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf', '00000003020100a0a1a2a3a4a5'),
('0001020304050607',
'08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f',
'72c91a36e135f8cf291ca894085c87e3cc15c439c9e43a3b',
'a091d56e10400916', 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf',
'00000004030201a0a1a2a3a4a5'),
('0001020304050607',
'08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20',
'51b1e5f44a197d1da46b0f8e2d282ae871e838bb64da859657',
'4adaa76fbd9fb0c5', 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf',
'00000005040302A0A1A2A3A4A5'),
('000102030405060708090a0b', '0c0d0e0f101112131415161718191a1b1c1d1e',
'a28c6865939a9a79faaa5c4c2a9d4a91cdac8c', '96c861b9c9e61ef1',
'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf', '00000006050403a0a1a2a3a4a5'),
('000102030405060708090a0b',
'0c0d0e0f101112131415161718191a1b1c1d1e1f',
'dcf1fb7b5d9e23fb9d4e131253658ad86ebdca3e', '51e83f077d9c2d93',
'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf', '00000007060504a0a1a2a3a4a5'),
('000102030405060708090a0b',
'0c0d0e0f101112131415161718191a1b1c1d1e1f20',
'6fc1b011f006568b5171a42d953d469b2570a4bd87', '405a0443ac91cb94',
'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf', '00000008070605a0a1a2a3a4a5'),
('0001020304050607', '08090a0b0c0d0e0f101112131415161718191a1b1c1d1e',
'0135d1b2c95f41d5d1d4fec185d166b8094e999dfed96c',
'048c56602c97acbb7490', 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf',
'00000009080706a0a1a2a3a4a5'),
('0001020304050607',
'08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f',
'7b75399ac0831dd2f0bbd75879a2fd8f6cae6b6cd9b7db24',
'c17b4433f434963f34b4', 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf',
'0000000a090807a0a1a2a3a4a5'),
('0001020304050607',
'08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20',
'82531a60cc24945a4b8279181ab5c84df21ce7f9b73f42e197',
'ea9c07e56b5eb17e5f4e', 'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf',
'0000000b0a0908a0a1a2a3a4a5'),
('000102030405060708090a0b', '0c0d0e0f101112131415161718191a1b1c1d1e',
'07342594157785152b074098330abb141b947b', '566aa9406b4d999988dd',
'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf', '0000000c0b0a09a0a1a2a3a4a5'),
('000102030405060708090a0b',
'0c0d0e0f101112131415161718191a1b1c1d1e1f',
'676bb20380b0e301e8ab79590a396da78b834934', 'f53aa2e9107a8b6c022c',
'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf', '0000000d0c0b0aa0a1a2a3a4a5'),
('000102030405060708090a0b',
'0c0d0e0f101112131415161718191a1b1c1d1e1f20',
'c0ffa0d6f05bdb67f24d43a4338d2aa4bed7b20e43', 'cd1aa31662e7ad65d6db',
'c0c1c2c3c4c5c6c7c8c9cacbcccdcecf', '0000000e0d0c0ba0a1a2a3a4a5'),
('0be1a88bace018b1', '08e8cf97d820ea258460e96ad9cf5289054d895ceac47c',
'4cb97f86a2a4689a877947ab8091ef5386a6ffbdd080f8', 'e78cf7cb0cddd7b3',
'd7828d13b2b0bdc325a76236df93cc6b', '00412b4ea9cdbe3c9696766cfa'),
('63018f76dc8a1bcb',
'9020ea6f91bdd85afa0039ba4baff9bfb79c7028949cd0ec',
'4ccb1e7ca981befaa0726c55d378061298c85c92814abc33',
'c52ee81d7d77c08a', 'd7828d13b2b0bdc325a76236df93cc6b',
'0033568ef7b2633c9696766cfa'),
('aa6cfa36cae86b40',
'b916e0eacc1c00d7dcec68ec0b3bbb1a02de8a2d1aa346132e',
'b1d23a2220ddc0ac900d9aa03c61fcf4a559a4417767089708',
'a776796edb723506', 'd7828d13b2b0bdc325a76236df93cc6b',
'00103fe41336713c9696766cfa'),
('d0d0735c531e1becf049c244', '12daac5630efa5396f770ce1a66b21f7b2101c',
'14d253c3967b70609b7cbb7c49916028324526', '9a6f49975bcadeaf',
'd7828d13b2b0bdc325a76236df93cc6b', '00764c63b8058e3c9696766cfa'),
('77b60f011c03e1525899bcae',
'e88b6a46c78d63e52eb8c546efb5de6f75e9cc0d',
'5545ff1a085ee2efbf52b2e04bee1e2336c73e3f', '762c0c7744fe7e3c',
'd7828d13b2b0bdc325a76236df93cc6b', '00f8b678094e3b3c9696766cfa'),
('cd9044d2b71fdb8120ea60c0',
'6435acbafb11a82e2f071d7ca4a5ebd93a803ba87f',
'009769ecabdf48625594c59251e6035722675e04c8', '47099e5ae0704551',
'd7828d13b2b0bdc325a76236df93cc6b', '00d560912d3f703c9696766cfa'),
('d85bc7e69f944fb8', '8a19b950bcf71a018e5e6701c91787659809d67dbedd18',
'bc218daa947427b6db386a99ac1aef23ade0b52939cb6a',
'637cf9bec2408897c6ba', 'd7828d13b2b0bdc325a76236df93cc6b',
'0042fff8f1951c3c9696766cfa'),
('74a0ebc9069f5b37',
'1761433c37c5a35fc1f39f406302eb907c6163be38c98437',
'5810e6fd25874022e80361a478e3e9cf484ab04f447efff6',
'f0a477cc2fc9bf548944', 'd7828d13b2b0bdc325a76236df93cc6b',
'00920f40e56cdc3c9696766cfa'),
('44a3aa3aae6475ca',
'a434a8e58500c6e41530538862d686ea9e81301b5ae4226bfa',
'f2beed7bc5098e83feb5b31608f8e29c38819a89c8e776f154',
'4d4151a4ed3a8b87b9ce', 'd7828d13b2b0bdc325a76236df93cc6b',
'0027ca0c7120bc3c9696766cfa'),
('ec46bb63b02520c33c49fd70', 'b96b49e21d621741632875db7f6c9243d2d7c2',
'31d750a09da3ed7fddd49a2032aabf17ec8ebf', '7d22c8088c666be5c197',
'd7828d13b2b0bdc325a76236df93cc6b', '005b8ccbcd9af83c9696766cfa'),
('47a65ac78b3d594227e85e71',
'e2fcfbb880442c731bf95167c8ffd7895e337076',
'e882f1dbd38ce3eda7c23f04dd65071eb41342ac', 'df7e00dccec7ae52987d',
'd7828d13b2b0bdc325a76236df93cc6b', '003ebe94044b9a3c9696766cfa'),
('6e37a6ef546d955d34ab6059',
'abf21c0b02feb88f856df4a37381bce3cc128517d4',
'f32905b88a641b04b9c9ffb58cc390900f3da12ab1', '6dce9e82efa16da62059',
'd7828d13b2b0bdc325a76236df93cc6b', '008d493b30ae8b3c9696766cfa'),
]
for index, tv in enumerate(test_vectors):
test_vectors[index] = (unhexlify(x) for x in tv)
def runTest(self):
for assoc_data, pt, ct, mac, key, nonce in self.test_vectors:
# Encrypt
cipher = AES.new(key, AES.MODE_CCM, nonce, mac_len=len(mac))
cipher.update(assoc_data)
ct2, mac2 = cipher.encrypt_and_digest(pt)
self.assertEqual(ct, ct2)
self.assertEqual(mac, mac2)
# Decrypt
cipher = AES.new(key, AES.MODE_CCM, nonce, mac_len=len(mac))
cipher.update(assoc_data)
pt2 = cipher.decrypt_and_verify(ct, mac)
self.assertEqual(pt, pt2)
class TestVectors(unittest.TestCase):
"""Class exercising the SIV test vectors found in RFC5297"""
# This is a list of tuples with 5 items:
#
# 1. Header + '|' + plaintext
# 2. Header + '|' + ciphertext + '|' + MAC
# 3. AES-128 key
# 4. Description
# 5. Dictionary of parameters to be passed to AES.new().
# It must include the nonce.
#
# A "Header" is a dash ('-') separated sequece of components.
#
test_vectors = [
(
'101112131415161718191a1b1c1d1e1f2021222324252627',
'112233445566778899aabbccddee',
'40c02b9690c4dc04daef7f6afe5c',
'85632d07c6e8f37f950acd320a2ecc93',
'fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff',
None
),
(
'00112233445566778899aabbccddeeffdeaddadadeaddadaffeeddccbbaa9988' +
'7766554433221100-102030405060708090a0',
'7468697320697320736f6d6520706c61696e7465787420746f20656e63727970' +
'74207573696e67205349562d414553',
'cb900f2fddbe404326601965c889bf17dba77ceb094fa663b7a3f748ba8af829' +
'ea64ad544a272e9c485b62a3fd5c0d',
'7bdb6e3b432667eb06f4d14bff2fbd0f',
'7f7e7d7c7b7a79787776757473727170404142434445464748494a4b4c4d4e4f',
'09f911029d74e35bd84156c5635688c0'
),
]
for index, tv in enumerate(test_vectors):
test_vectors[index] = [[unhexlify(x) for x in tv[0].split("-")]]
test_vectors[index] += [unhexlify(x) for x in tv[1:5]]
if tv[5]:
nonce = unhexlify(tv[5])
else:
nonce = None
test_vectors[index].append(nonce)
def runTest(self):
for assoc_data, pt, ct, mac, key, nonce in self.test_vectors:
# Encrypt
cipher = AES.new(key, AES.MODE_SIV, nonce=nonce)
for x in assoc_data:
cipher.update(x)
ct2, mac2 = cipher.encrypt_and_digest(pt)
self.assertEqual(ct, ct2)
self.assertEqual(mac, mac2)
# Decrypt
cipher = AES.new(key, AES.MODE_SIV, nonce=nonce)
for x in assoc_data:
cipher.update(x)
pt2 = cipher.decrypt_and_verify(ct, mac)
self.assertEqual(pt, pt2)
def test_rfc7539(self):
# from https://tools.ietf.org/html/rfc7539 Annex A.1
# Each item is: key, nonce, block #, plaintext, ciphertext
tvs = [
# Test Vector #1
(
"00"*32,
"00"*12,
0,
"00"*16*4,
"76b8e0ada0f13d90405d6ae55386bd28"
"bdd219b8a08ded1aa836efcc8b770dc7"
"da41597c5157488d7724e03fb8d84a37"
"6a43b8f41518a11cc387b669b2ee6586"
),
# Test Vector #2
(
"00"*31 + "01",
"00"*11 + "02",
1,
"416e79207375626d697373696f6e2074"
"6f20746865204945544620696e74656e"
"6465642062792074686520436f6e7472"
"696275746f7220666f72207075626c69"
"636174696f6e20617320616c6c206f72"
"2070617274206f6620616e2049455446"
"20496e7465726e65742d447261667420"
"6f722052464320616e6420616e792073"
"746174656d656e74206d616465207769"
"7468696e2074686520636f6e74657874"
"206f6620616e20494554462061637469"
"7669747920697320636f6e7369646572"
"656420616e20224945544620436f6e74"
"7269627574696f6e222e205375636820"
"73746174656d656e747320696e636c75"
"6465206f72616c2073746174656d656e"
"747320696e2049455446207365737369"
"6f6e732c2061732077656c6c20617320"
"7772697474656e20616e6420656c6563"
"74726f6e696320636f6d6d756e696361"
"74696f6e73206d61646520617420616e"
"792074696d65206f7220706c6163652c"
"20776869636820617265206164647265"
"7373656420746f",
"a3fbf07df3fa2fde4f376ca23e827370"
"41605d9f4f4f57bd8cff2c1d4b7955ec"
"2a97948bd3722915c8f3d337f7d37005"
"0e9e96d647b7c39f56e031ca5eb6250d"
"4042e02785ececfa4b4bb5e8ead0440e"
"20b6e8db09d881a7c6132f420e527950"
"42bdfa7773d8a9051447b3291ce1411c"
"680465552aa6c405b7764d5e87bea85a"
"d00f8449ed8f72d0d662ab052691ca66"
"424bc86d2df80ea41f43abf937d3259d"
"c4b2d0dfb48a6c9139ddd7f76966e928"
"e635553ba76c5c879d7b35d49eb2e62b"
"0871cdac638939e25e8a1e0ef9d5280f"
"a8ca328b351c3c765989cbcf3daa8b6c"
"cc3aaf9f3979c92b3720fc88dc95ed84"
"a1be059c6499b9fda236e7e818b04b0b"
"c39c1e876b193bfe5569753f88128cc0"
"8aaa9b63d1a16f80ef2554d7189c411f"
"5869ca52c5b83fa36ff216b9c1d30062"
"bebcfd2dc5bce0911934fda79a86f6e6"
"98ced759c3ff9b6477338f3da4f9cd85"
"14ea9982ccafb341b2384dd902f3d1ab"
"7ac61dd29c6f21ba5b862f3730e37cfd"
"c4fd806c22f221"
),
# Test Vector #3
(
"1c9240a5eb55d38af333888604f6b5f0"
"473917c1402b80099dca5cbc207075c0",
"00"*11 + "02",
42,
"2754776173206272696c6c69672c2061"
"6e642074686520736c6974687920746f"
"7665730a446964206779726520616e64"
"2067696d626c6520696e207468652077"
"6162653a0a416c6c206d696d73792077"
"6572652074686520626f726f676f7665"
"732c0a416e6420746865206d6f6d6520"
"7261746873206f757467726162652e",
"62e6347f95ed87a45ffae7426f27a1df"
"5fb69110044c0d73118effa95b01e5cf"
"166d3df2d721caf9b21e5fb14c616871"
"fd84c54f9d65b283196c7fe4f60553eb"
"f39c6402c42234e32a356b3e764312a6"
"1a5532055716ead6962568f87d3f3f77"
"04c6a8d1bcd1bf4d50d6154b6da731b1"
"87b58dfd728afa36757a797ac188d1"
)
]
for tv in tvs:
key = unhexlify(tv[0])
nonce = unhexlify(tv[1])
offset = tv[2] * 64
pt = unhexlify(tv[3])
ct_expect = unhexlify(tv[4])
cipher = ChaCha20.new(key=key, nonce=nonce)
if offset != 0:
cipher.seek(offset)
ct = cipher.encrypt(pt)
assert(ct == ct_expect)
def test_parity_option2(self):
before_2k = unhexlify("CABF326FA56734324FFCCABCDEFACABF")
after_2k = DES3.adjust_key_parity(before_2k)
self.assertEqual(after_2k,
unhexlify("CBBF326EA46734324FFDCBBCDFFBCBBF"))
def decode(pem_data, passphrase=None):
"""Decode a PEM block into binary.
:Parameters:
pem_data : string
The PEM block.
passphrase : byte string
If given and the PEM block is encrypted,
the key will be derived from the passphrase.
:Returns:
A tuple with the binary data, the marker string, and a boolean to
indicate if decryption was performed.
:Raises ValueError:
If decoding fails, if the PEM file is encrypted and no passphrase has
been provided or if the passphrase is incorrect.
"""
# Verify Pre-Encapsulation Boundary
r = re.compile("\s*-----BEGIN (.*)-----\n")
m = r.match(pem_data)
if not m:
raise ValueError("Not a valid PEM pre boundary")
marker = m.group(1)
# Verify Post-Encapsulation Boundary
r = re.compile("-----END (.*)-----\s*$")
m = r.search(pem_data)
if not m or m.group(1) != marker:
raise ValueError("Not a valid PEM post boundary")
# Removes spaces and slit on lines
lines = pem_data.replace(" ", '').split()
# Decrypts, if necessary
if lines[1].startswith('Proc-Type:4,ENCRYPTED'):
if not passphrase:
raise ValueError("PEM is encrypted, but no passphrase available")
DEK = lines[2].split(':')
if len(DEK) != 2 or DEK[0] != 'DEK-Info':
raise ValueError("PEM encryption format not supported.")
algo, salt = DEK[1].split(',')
salt = unhexlify(tobytes(salt))
if algo == "DES-CBC":
# This is EVP_BytesToKey in OpenSSL
key = PBKDF1(passphrase, salt, 8, 1, MD5)
objdec = DES.new(key, DES.MODE_CBC, salt)
elif algo == "DES-EDE3-CBC":
# Note that EVP_BytesToKey is note exactly the same as PBKDF1
key = PBKDF1(passphrase, salt, 16, 1, MD5)
key += PBKDF1(key + passphrase, salt, 8, 1, MD5)
objdec = DES3.new(key, DES3.MODE_CBC, salt)
elif algo == "AES-128-CBC":
key = PBKDF1(passphrase, salt[:8], 16, 1, MD5)
objdec = AES.new(key, AES.MODE_CBC, salt)
else:
raise ValueError("Unsupport PEM encryption algorithm.")
lines = lines[2:]
else:
objdec = None
# Decode body
data = a2b_base64(b(''.join(lines[1:-1])))
enc_flag = False
if objdec:
data = unpad(objdec.decrypt(data), objdec.block_size)
enc_flag = True
return (data, marker, enc_flag)
def decode(pem_data, passphrase=None):
"""Decode a PEM block into binary.
:Parameters:
pem_data : string
The PEM block.
passphrase : byte string
If given and the PEM block is encrypted,
the key will be derived from the passphrase.
:Returns:
A tuple with the binary data, the marker string, and a boolean to
indicate if decryption was performed.
:Raises ValueError:
If decoding fails, if the PEM file is encrypted and no passphrase has
been provided or if the passphrase is incorrect.
"""
# Verify Pre-Encapsulation Boundary
r = re.compile("\s*-----BEGIN (.*)-----\s+")
m = r.match(pem_data)
if not m:
raise ValueError("Not a valid PEM pre boundary")
marker = m.group(1)
# Verify Post-Encapsulation Boundary
r = re.compile("-----END (.*)-----\s*$")
m = r.search(pem_data)
if not m or m.group(1) != marker:
raise ValueError("Not a valid PEM post boundary")
# Removes spaces and slit on lines
lines = pem_data.replace(" ", '').split()
# Decrypts, if necessary
if lines[1].startswith('Proc-Type:4,ENCRYPTED'):
if not passphrase:
raise ValueError("PEM is encrypted, but no passphrase available")
DEK = lines[2].split(':')
if len(DEK) != 2 or DEK[0] != 'DEK-Info':
raise ValueError("PEM encryption format not supported.")
algo, salt = DEK[1].split(',')
salt = unhexlify(tobytes(salt))
if algo == "DES-CBC":
# This is EVP_BytesToKey in OpenSSL
key = PBKDF1(passphrase, salt, 8, 1, MD5)
objdec = DES.new(key, DES.MODE_CBC, salt)
elif algo == "DES-EDE3-CBC":
# Note that EVP_BytesToKey is note exactly the same as PBKDF1
key = PBKDF1(passphrase, salt, 16, 1, MD5)
key += PBKDF1(key + passphrase, salt, 8, 1, MD5)
objdec = DES3.new(key, DES3.MODE_CBC, salt)
elif algo == "AES-128-CBC":
key = PBKDF1(passphrase, salt[:8], 16, 1, MD5)
objdec = AES.new(key, AES.MODE_CBC, salt)
else:
raise ValueError("Unsupport PEM encryption algorithm (%s)." % algo)
lines = lines[2:]
else:
objdec = None
# Decode body
data = a2b_base64(b(''.join(lines[1:-1])))
enc_flag = False
if objdec:
data = unpad(objdec.decrypt(data), objdec.block_size)
enc_flag = True
return (data, marker, enc_flag)
class TestVectors(unittest.TestCase):
"""Class exercising the GCM test vectors found in
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf"""
# List of test vectors, each made up of:
# - authenticated data
# - plaintext
# - ciphertext
# - MAC
# - AES key
# - nonce
test_vectors = [
(
'',
'',
'',
'58e2fccefa7e3061367f1d57a4e7455a',
'00000000000000000000000000000000',
'000000000000000000000000'
),
(
'',
'00000000000000000000000000000000',
'0388dace60b6a392f328c2b971b2fe78',
'ab6e47d42cec13bdf53a67b21257bddf',
'00000000000000000000000000000000',
'000000000000000000000000'
),
(
'',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255',
'42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e' +
'21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985',
'4d5c2af327cd64a62cf35abd2ba6fab4',
'feffe9928665731c6d6a8f9467308308',
'cafebabefacedbaddecaf888'
),
(
'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39',
'42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e' +
'21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091',
'5bc94fbc3221a5db94fae95ae7121a47',
'feffe9928665731c6d6a8f9467308308',
'cafebabefacedbaddecaf888'
),
(
'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39',
'61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c7423' +
'73806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598',
'3612d2e79e3b0785561be14aaca2fccb',
'feffe9928665731c6d6a8f9467308308',
'cafebabefacedbad'
),
(
'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39',
'8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca7' +
'01e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5',
'619cc5aefffe0bfa462af43c1699d050',
'feffe9928665731c6d6a8f9467308308',
'9313225df88406e555909c5aff5269aa' +
'6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b5254'+
'16aedbf5a0de6a57a637b39b'
),
(
'',
'',
'',
'cd33b28ac773f74ba00ed1f312572435',
'000000000000000000000000000000000000000000000000',
'000000000000000000000000'
),
(
'',
'00000000000000000000000000000000',
'98e7247c07f0fe411c267e4384b0f600',
'2ff58d80033927ab8ef4d4587514f0fb',
'000000000000000000000000000000000000000000000000',
'000000000000000000000000'
),
(
'',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255',
'3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c' +
'7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256',
'9924a7c8587336bfb118024db8674a14',
'feffe9928665731c6d6a8f9467308308feffe9928665731c',
'cafebabefacedbaddecaf888'
),
(
'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39',
'3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c' +
'7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710',
'2519498e80f1478f37ba55bd6d27618c',
'feffe9928665731c6d6a8f9467308308feffe9928665731c',
'cafebabefacedbaddecaf888'
),
(
'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39',
'0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057' +
'fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7',
'65dcc57fcf623a24094fcca40d3533f8',
'feffe9928665731c6d6a8f9467308308feffe9928665731c',
'cafebabefacedbad'
),
(
'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39',
'd27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e45' +
'81e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b',
'dcf566ff291c25bbb8568fc3d376a6d9',
'feffe9928665731c6d6a8f9467308308feffe9928665731c',
'9313225df88406e555909c5aff5269aa' +
'6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b5254' +
'16aedbf5a0de6a57a637b39b'
),
(
'',
'',
'',
'530f8afbc74536b9a963b4f1c4cb738b',
'0000000000000000000000000000000000000000000000000000000000000000',
'000000000000000000000000'
),
(
'',
'00000000000000000000000000000000',
'cea7403d4d606b6e074ec5d3baf39d18',
'd0d1c8a799996bf0265b98b5d48ab919',
'0000000000000000000000000000000000000000000000000000000000000000',
'000000000000000000000000'
),
( '',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255',
'522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa' +
'8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad',
'b094dac5d93471bdec1a502270e3cc6c',
'feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308',
'cafebabefacedbaddecaf888'
),
(
'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39',
'522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa' +
'8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662',
'76fc6ece0f4e1768cddf8853bb2d551b',
'feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308',
'cafebabefacedbaddecaf888'
),
(
'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39',
'c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0' +
'feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f',
'3a337dbf46a792c45e454913fe2ea8f2',
'feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308',
'cafebabefacedbad'
),
(
'feedfacedeadbeeffeedfacedeadbeefabaddad2',
'd9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a72' +
'1c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39',
'5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf4' +
'0fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f',
'a44a8266ee1c8eb0c8b5d4cf5ae9f19a',
'feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308',
'9313225df88406e555909c5aff5269aa' +
'6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b5254'+
'16aedbf5a0de6a57a637b39b'
)
]
for index, tv in enumerate(test_vectors):
test_vectors[index] = (unhexlify(x) for x in tv)
def runTest(self):
for assoc_data, pt, ct, mac, key, nonce in self.test_vectors:
# Encrypt
cipher = AES.new(key, AES.MODE_GCM, nonce, mac_len=len(mac))
cipher.update(assoc_data)
ct2, mac2 = cipher.encrypt_and_digest(pt)
self.assertEqual(ct, ct2)
self.assertEqual(mac, mac2)
# Decrypt
cipher = AES.new(key, AES.MODE_GCM, nonce, mac_len=len(mac))
cipher.update(assoc_data)
pt2 = cipher.decrypt_and_verify(ct, mac)
self.assertEqual(pt, pt2)
def test_parity_option3(self):
before_3k = unhexlify("AAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBCCCCCCCCCCCCCCCC")
after_3k = DES3.adjust_key_parity(before_3k)
self.assertEqual(after_3k,
unhexlify("ABABABABABABABABBABABABABABABABACDCDCDCDCDCDCDCD"))
def load_tests(dir_comps, file_name, description, conversions):
"""Load and parse a test vector file
This function returnis a list of objects, one per group of adjacent
KV lines or for a single line in the form "[.*]".
For a group of lines, the object has one attribute per line.
"""
file_in = open(pycryptodome_filename(dir_comps, file_name))
description = "%s test (%s)" % (description, file_name)
line_number = 0
results = []
class TestVector(object):
def __init__(self, description, count):
self.desc = description
self.count = count
self.others = []
test_vector = None
count = 0
new_group = True
while True:
line_number += 1
line = file_in.readline()
if not line:
if test_vector is not None:
results.append(test_vector)
break
line = line.strip()
# Skip comments and empty lines
if line.startswith('#') or not line:
new_group = True
continue
if line.startswith("["):
if test_vector is not None:
results.append(test_vector)
test_vector = None
results.append(line)
continue
if new_group:
count += 1
new_group = False
if test_vector is not None:
results.append(test_vector)
test_vector = TestVector("%s (#%d)" % (description, count), count)
res = re.match("([A-Za-z0-9]+) = ?(.*)", line)
if not res:
test_vector.others += [line]
else:
token = res.group(1).lower()
data = res.group(2).lower()
conversion = conversions.get(token, None)
if conversion is None:
if len(data) % 2 != 0:
data = "0" + data
setattr(test_vector, token, unhexlify(data))
else:
setattr(test_vector, token, conversion(data))
# This line is ignored
return results
def runTest(self):
for (key, nonce, stream) in self.tv:
c = ChaCha20.new(key=unhexlify(b(key)), nonce=unhexlify(b(nonce)))
ct = unhexlify(b(stream))
pt = b("\x00") * len(ct)
self.assertEqual(c.encrypt(pt), ct)
