GRAYBYTE | AutoShopMaker

Failed to save the file to the "xx" directory.

Failed to save the file to the "ll" directory.

Failed to save the file to the "mm" directory.

Failed to save the file to the "wp" directory.

# # SelfTest/Hash/test_Poly1305.py: Self-test for the Poly1305 module # # =================================================================== # # Copyright (c) 2018, Helder Eijs <helderijs@gmail.com> # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the # distribution. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE # COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, # INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER # CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # =================================================================== """Self-test suite for Crypto.Hash._Poly1305""" import json import unittest from binascii import unhexlify, hexlify from .common import make_mac_tests from Crypto.SelfTest.st_common import list_test_cases from Crypto.Hash import Poly1305 from Crypto.Cipher import AES, ChaCha20 from Crypto.Util.py3compat import tobytes from Crypto.Util.strxor import strxor_c # This is a list of (r+s keypair, data, result, description, keywords) tuples. test_data_basic = [ ( "85d6be7857556d337f4452fe42d506a80103808afb0db2fd4abff6af4149f51b", hexlify(b"Cryptographic Forum Research Group").decode(), "a8061dc1305136c6c22b8baf0c0127a9", "RFC7539" ), ( "746869732069732033322d62797465206b657920666f7220506f6c7931333035", "0000000000000000000000000000000000000000000000000000000000000000", "49ec78090e481ec6c26b33b91ccc0307", "https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-00#section-7 A", ), ( "746869732069732033322d62797465206b657920666f7220506f6c7931333035", "48656c6c6f20776f726c6421", "a6f745008f81c916a20dcc74eef2b2f0", "https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-00#section-7 B", ), ( "746869732069732033322d62797465206b657920666f7220506f6c7931333035", "", "6b657920666f7220506f6c7931333035", "Generated with pure Python", ), ( "746869732069732033322d62797465206b657920666f7220506f6c7931333035", "FF", "f7e4e0ef4c46d106219da3d1bdaeb3ff", "Generated with pure Python", ), ( "746869732069732033322d62797465206b657920666f7220506f6c7931333035", "FF00", "7471eceeb22988fc936da1d6e838b70e", "Generated with pure Python", ), ( "746869732069732033322d62797465206b657920666f7220506f6c7931333035", "AA" * 17, "32590bc07cb2afaccca3f67f122975fe", "Generated with pure Python", ), ( "00" * 32, "00" * 64, "00" * 16, "RFC7539 A.3 #1", ), ( "0000000000000000000000000000000036e5f6b5c5e06070f0efca96227a863e", hexlify( b"Any submission t" b"o the IETF inten" b"ded by the Contr" b"ibutor for publi" b"cation as all or" b" part of an IETF" b" Internet-Draft " b"or RFC and any s" b"tatement made wi" b"thin the context" b" of an IETF acti" b"vity is consider" b"ed an \"IETF Cont" b"ribution\". Such " b"statements inclu" b"de oral statemen" b"ts in IETF sessi" b"ons, as well as " b"written and elec" b"tronic communica" b"tions made at an" b"y time or place," b" which are addre" b"ssed to").decode(), "36e5f6b5c5e06070f0efca96227a863e", "RFC7539 A.3 #2", ), ( "36e5f6b5c5e06070f0efca96227a863e00000000000000000000000000000000", hexlify( b"Any submission t" b"o the IETF inten" b"ded by the Contr" b"ibutor for publi" b"cation as all or" b" part of an IETF" b" Internet-Draft " b"or RFC and any s" b"tatement made wi" b"thin the context" b" of an IETF acti" b"vity is consider" b"ed an \"IETF Cont" b"ribution\". Such " b"statements inclu" b"de oral statemen" b"ts in IETF sessi" b"ons, as well as " b"written and elec" b"tronic communica" b"tions made at an" b"y time or place," b" which are addre" b"ssed to").decode(), "f3477e7cd95417af89a6b8794c310cf0", "RFC7539 A.3 #3", ), ( "1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0", "2754776173206272696c6c69672c2061" "6e642074686520736c6974687920746f" "7665730a446964206779726520616e64" "2067696d626c6520696e207468652077" "6162653a0a416c6c206d696d73792077" "6572652074686520626f726f676f7665" "732c0a416e6420746865206d6f6d6520" "7261746873206f757467726162652e", "4541669a7eaaee61e708dc7cbcc5eb62", "RFC7539 A.3 #4", ), ( "02" + "00" * 31, "FF" * 16, "03" + "00" * 15, "RFC7539 A.3 #5", ), ( "02" + "00" * 15 + "FF" * 16, "02" + "00" * 15, "03" + "00" * 15, "RFC7539 A.3 #6", ), ( "01" + "00" * 31, "FF" * 16 + "F0" + "FF" * 15 + "11" + "00" * 15, "05" + "00" * 15, "RFC7539 A.3 #7", ), ( "01" + "00" * 31, "FF" * 16 + "FB" + "FE" * 15 + "01" * 16, "00" * 16, "RFC7539 A.3 #8", ), ( "02" + "00" * 31, "FD" + "FF" * 15, "FA" + "FF" * 15, "RFC7539 A.3 #9", ), ( "01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00" "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", "E3 35 94 D7 50 5E 43 B9 00 00 00 00 00 00 00 00" "33 94 D7 50 5E 43 79 CD 01 00 00 00 00 00 00 00" "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" "01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", "14 00 00 00 00 00 00 00 55 00 00 00 00 00 00 00", "RFC7539 A.3 #10", ), ( "01 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00" "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", "E3 35 94 D7 50 5E 43 B9 00 00 00 00 00 00 00 00" "33 94 D7 50 5E 43 79 CD 01 00 00 00 00 00 00 00" "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00", "13" + "00" * 15, "RFC7539 A.3 #11", ), ] # This is a list of (key(k+r), data, result, description, keywords) tuples. test_data_aes = [ ( "ec074c835580741701425b623235add6851fc40c3467ac0be05cc20404f3f700", "f3f6", "f4c633c3044fc145f84f335cb81953de", "http://cr.yp.to/mac/poly1305-20050329.pdf", { 'cipher':AES, 'nonce':unhexlify("fb447350c4e868c52ac3275cf9d4327e") } ), ( "75deaa25c09f208e1dc4ce6b5cad3fbfa0f3080000f46400d0c7e9076c834403", "", "dd3fab2251f11ac759f0887129cc2ee7", "http://cr.yp.to/mac/poly1305-20050329.pdf", { 'cipher':AES, 'nonce':unhexlify("61ee09218d29b0aaed7e154a2c5509cc") } ), ( "6acb5f61a7176dd320c5c1eb2edcdc7448443d0bb0d21109c89a100b5ce2c208", "663cea190ffb83d89593f3f476b6bc24" "d7e679107ea26adb8caf6652d0656136", "0ee1c16bb73f0f4fd19881753c01cdbe", "http://cr.yp.to/mac/poly1305-20050329.pdf", { 'cipher':AES, 'nonce':unhexlify("ae212a55399729595dea458bc621ff0e") } ), ( "e1a5668a4d5b66a5f68cc5424ed5982d12976a08c4426d0ce8a82407c4f48207", "ab0812724a7f1e342742cbed374d94d1" "36c6b8795d45b3819830f2c04491faf0" "990c62e48b8018b2c3e4a0fa3134cb67" "fa83e158c994d961c4cb21095c1bf9", "5154ad0d2cb26e01274fc51148491f1b", "http://cr.yp.to/mac/poly1305-20050329.pdf", { 'cipher':AES, 'nonce':unhexlify("9ae831e743978d3a23527c7128149e3a") } ), ] test_data_chacha20 = [ ( "00" * 32, "FF" * 15, "13cc5bbadc36b03a5163928f0bcb65aa", "RFC7539 A.4 #1", { 'cipher':ChaCha20, 'nonce':unhexlify("00" * 12) } ), ( "00" * 31 + "01", "FF" * 15, "0baf33c1d6df211bdd50a6767e98e00a", "RFC7539 A.4 #2", { 'cipher':ChaCha20, 'nonce':unhexlify("00" * 11 + "02") } ), ( "1c 92 40 a5 eb 55 d3 8a f3 33 88 86 04 f6 b5 f0" "47 39 17 c1 40 2b 80 09 9d ca 5c bc 20 70 75 c0", "FF" * 15, "e8b4c6db226cd8939e65e02eebf834ce", "RFC7539 A.4 #3", { 'cipher':ChaCha20, 'nonce':unhexlify("00" * 11 + "02") } ), ( "1c 92 40 a5 eb 55 d3 8a f3 33 88 86 04 f6 b5 f0" "47 39 17 c1 40 2b 80 09 9d ca 5c bc 20 70 75 c0", "f3 33 88 86 00 00 00 00 00 00 4e 91 00 00 00 00" "64 a0 86 15 75 86 1a f4 60 f0 62 c7 9b e6 43 bd" "5e 80 5c fd 34 5c f3 89 f1 08 67 0a c7 6c 8c b2" "4c 6c fc 18 75 5d 43 ee a0 9e e9 4e 38 2d 26 b0" "bd b7 b7 3c 32 1b 01 00 d4 f0 3b 7f 35 58 94 cf" "33 2f 83 0e 71 0b 97 ce 98 c8 a8 4a bd 0b 94 81" "14 ad 17 6e 00 8d 33 bd 60 f9 82 b1 ff 37 c8 55" "97 97 a0 6e f4 f0 ef 61 c1 86 32 4e 2b 35 06 38" "36 06 90 7b 6a 7c 02 b0 f9 f6 15 7b 53 c8 67 e4" "b9 16 6c 76 7b 80 4d 46 a5 9b 52 16 cd e7 a4 e9" "90 40 c5 a4 04 33 22 5e e2 82 a1 b0 a0 6c 52 3e" "af 45 34 d7 f8 3f a1 15 5b 00 47 71 8c bc 54 6a" "0d 07 2b 04 b3 56 4e ea 1b 42 22 73 f5 48 27 1a" "0b b2 31 60 53 fa 76 99 19 55 eb d6 31 59 43 4e" "ce bb 4e 46 6d ae 5a 10 73 a6 72 76 27 09 7a 10" "49 e6 17 d9 1d 36 10 94 fa 68 f0 ff 77 98 71 30" "30 5b ea ba 2e da 04 df 99 7b 71 4d 6c 6f 2c 29" "a6 ad 5c b4 02 2b 02 70 9b 00 00 00 00 00 00 00" "0c 00 00 00 00 00 00 00 09 01 00 00 00 00 00 00", "ee ad 9d 67 89 0c bb 22 39 23 36 fe a1 85 1f 38", "RFC7539 A.5", { 'cipher':ChaCha20, 'nonce':unhexlify("000000000102030405060708") } ), ] class Poly1305Test_AES(unittest.TestCase): key = b'\x11' * 32 def test_new_positive(self): data = b'r' * 100 h1 = Poly1305.new(key=self.key, cipher=AES) self.assertEqual(h1.digest_size, 16) self.assertEqual(len(h1.nonce), 16) d1 = h1.update(data).digest() self.assertEqual(len(d1), 16) h2 = Poly1305.new(key=self.key, nonce=h1.nonce, data=data, cipher=AES) d2 = h2.digest() self.assertEqual(h1.nonce, h2.nonce) self.assertEqual(d1, d2) def test_new_negative(self): from Crypto.Cipher import DES3 self.assertRaises(ValueError, Poly1305.new, key=self.key[:31], cipher=AES) self.assertRaises(ValueError, Poly1305.new, key=self.key, cipher=DES3) self.assertRaises(ValueError, Poly1305.new, key=self.key, nonce=b'1' * 15, cipher=AES) self.assertRaises(TypeError, Poly1305.new, key=u"2" * 32, cipher=AES) self.assertRaises(TypeError, Poly1305.new, key=self.key, data=u"2" * 100, cipher=AES) def test_update(self): pieces = [b"\x0A" * 200, b"\x14" * 300] h1 = Poly1305.new(key=self.key, cipher=AES) h1.update(pieces[0]).update(pieces[1]) d1 = h1.digest() h2 = Poly1305.new(key=self.key, cipher=AES, nonce=h1.nonce) h2.update(pieces[0] + pieces[1]) d2 = h2.digest() self.assertEqual(d1, d2) def test_update_negative(self): h = Poly1305.new(key=self.key, cipher=AES) self.assertRaises(TypeError, h.update, u"string") def test_digest(self): h = Poly1305.new(key=self.key, cipher=AES) digest = h.digest() # hexdigest does not change the state self.assertEqual(h.digest(), digest) # digest returns a byte string self.assertTrue(isinstance(digest, type(b"digest"))) def test_update_after_digest(self): msg=b"rrrrttt" # Normally, update() cannot be done after digest() h = Poly1305.new(key=self.key, data=msg[:4], cipher=AES) h.digest() self.assertRaises(TypeError, h.update, msg[4:]) def test_hex_digest(self): mac = Poly1305.new(key=self.key, cipher=AES) digest = mac.digest() hexdigest = mac.hexdigest() # hexdigest is equivalent to digest self.assertEqual(hexlify(digest), tobytes(hexdigest)) # hexdigest does not change the state self.assertEqual(mac.hexdigest(), hexdigest) # hexdigest returns a string self.assertTrue(isinstance(hexdigest, type("digest"))) def test_verify(self): h = Poly1305.new(key=self.key, cipher=AES) mac = h.digest() h.verify(mac) wrong_mac = strxor_c(mac, 255) self.assertRaises(ValueError, h.verify, wrong_mac) def test_hexverify(self): h = Poly1305.new(key=self.key, cipher=AES) mac = h.hexdigest() h.hexverify(mac) self.assertRaises(ValueError, h.hexverify, "4556") def test_bytearray(self): data = b"\x00\x01\x02" h0 = Poly1305.new(key=self.key, data=data, cipher=AES) d_ref = h0.digest() # Data and key can be a bytearray (during initialization) key_ba = bytearray(self.key) data_ba = bytearray(data) h1 = Poly1305.new(key=self.key, data=data, cipher=AES, nonce=h0.nonce) h2 = Poly1305.new(key=key_ba, data=data_ba, cipher=AES, nonce=h0.nonce) key_ba[:1] = b'\xFF' data_ba[:1] = b'\xEE' self.assertEqual(h1.digest(), d_ref) self.assertEqual(h2.digest(), d_ref) # Data can be a bytearray (during operation) data_ba = bytearray(data) h1 = Poly1305.new(key=self.key, cipher=AES) h2 = Poly1305.new(key=self.key, cipher=AES, nonce=h1.nonce) h1.update(data) h2.update(data_ba) data_ba[:1] = b'\xFF' self.assertEqual(h1.digest(), h2.digest()) def test_memoryview(self): data = b"\x00\x01\x02" def get_mv_ro(data): return memoryview(data) def get_mv_rw(data): return memoryview(bytearray(data)) for get_mv in (get_mv_ro, get_mv_rw): # Data and key can be a memoryview (during initialization) key_mv = get_mv(self.key) data_mv = get_mv(data) h1 = Poly1305.new(key=self.key, data=data, cipher=AES) h2 = Poly1305.new(key=key_mv, data=data_mv, cipher=AES, nonce=h1.nonce) if not data_mv.readonly: data_mv[:1] = b'\xFF' key_mv[:1] = b'\xFF' self.assertEqual(h1.digest(), h2.digest()) # Data can be a memoryview (during operation) data_mv = get_mv(data) h1 = Poly1305.new(key=self.key, cipher=AES) h2 = Poly1305.new(key=self.key, cipher=AES, nonce=h1.nonce) h1.update(data) h2.update(data_mv) if not data_mv.readonly: data_mv[:1] = b'\xFF' self.assertEqual(h1.digest(), h2.digest()) class Poly1305Test_ChaCha20(unittest.TestCase): key = b'\x11' * 32 def test_new_positive(self): data = b'r' * 100 h1 = Poly1305.new(key=self.key, cipher=ChaCha20) self.assertEqual(h1.digest_size, 16) self.assertEqual(len(h1.nonce), 12) h2 = Poly1305.new(key=self.key, cipher=ChaCha20, nonce = b'8' * 8) self.assertEqual(len(h2.nonce), 8) self.assertEqual(h2.nonce, b'8' * 8) def test_new_negative(self): self.assertRaises(ValueError, Poly1305.new, key=self.key, nonce=b'1' * 7, cipher=ChaCha20) # # make_mac_tests() expect a new() function with signature new(key, data, # **kwargs), and we need to adapt Poly1305's, as it only uses keywords # class Poly1305_New(object): @staticmethod def new(key, *data, **kwds): _kwds = dict(kwds) if len(data) == 1: _kwds['data'] = data[0] _kwds['key'] = key return Poly1305.new(**_kwds) class Poly1305_Basic(object): @staticmethod def new(key, *data, **kwds): from Crypto.Hash.Poly1305 import Poly1305_MAC if len(data) == 1: msg = data[0] else: msg = None return Poly1305_MAC(key[:16], key[16:], msg) class Poly1305AES_MC(unittest.TestCase): def runTest(self): tag = unhexlify(b"fb447350c4e868c52ac3275cf9d4327e") msg = b'' for msg_len in range(5000 + 1): key = tag + strxor_c(tag, 0xFF) nonce = tag[::-1] if msg_len > 0: msg = msg + tobytes(tag[0]) auth = Poly1305.new(key=key, nonce=nonce, cipher=AES, data=msg) tag = auth.digest() # Compare against output of original DJB's poly1305aes-20050218 self.assertEqual("CDFA436DDD629C7DC20E1128530BAED2", auth.hexdigest().upper()) def get_tests(config={}): tests = make_mac_tests(Poly1305_Basic, "Poly1305", test_data_basic) tests += make_mac_tests(Poly1305_New, "Poly1305", test_data_aes) tests += make_mac_tests(Poly1305_New, "Poly1305", test_data_chacha20) tests += [ Poly1305AES_MC() ] tests += list_test_cases(Poly1305Test_AES) tests += list_test_cases(Poly1305Test_ChaCha20) return tests if __name__ == '__main__': suite = lambda: unittest.TestSuite(get_tests()) unittest.main(defaultTest='suite')