aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/lib/pubkey/ecies/ecies.h4
-rw-r--r--src/tests/data/pubkey/ecies.vec203
-rw-r--r--src/tests/test_ecies.cpp208
3 files changed, 385 insertions, 30 deletions
diff --git a/src/lib/pubkey/ecies/ecies.h b/src/lib/pubkey/ecies/ecies.h
index 1008473c9..0bc0bf76e 100644
--- a/src/lib/pubkey/ecies/ecies.h
+++ b/src/lib/pubkey/ecies/ecies.h
@@ -126,8 +126,6 @@ class BOTAN_DLL ECIES_System_Params : public ECIES_KA_Params
* @param dem_key_len length of the key used for the data encryption method
* @param mac_spec name of the message authentication code
* @param mac_key_len length of the key used for the message authentication code
- * @param compression_type format of encoded keys (affects the secret derivation if single_hash_mode is used)
- * @param flags options, see documentation of ECIES_Flags
*/
ECIES_System_Params(const EC_Group& domain, const std::string& kdf_spec, const std::string& dem_algo_spec,
size_t dem_key_len, const std::string& mac_spec, size_t mac_key_len);
@@ -139,6 +137,8 @@ class BOTAN_DLL ECIES_System_Params : public ECIES_KA_Params
* @param dem_key_len length of the key used for the data encryption method
* @param mac_spec name of the message authentication code
* @param mac_key_len length of the key used for the message authentication code
+ * @param compression_type format of encoded keys (affects the secret derivation if single_hash_mode is used)
+ * @param flags options, see documentation of ECIES_Flags
*/
ECIES_System_Params(const EC_Group& domain, const std::string& kdf_spec, const std::string& dem_algo_spec,
size_t dem_key_len, const std::string& mac_spec, size_t mac_key_len,
diff --git a/src/tests/data/pubkey/ecies.vec b/src/tests/data/pubkey/ecies.vec
index 7ae73c30f..a8dd03a48 100644
--- a/src/tests/data/pubkey/ecies.vec
+++ b/src/tests/data/pubkey/ecies.vec
@@ -1,34 +1,55 @@
# random keys created by botan
-# ciphertext created with bouncycastle 1.54. example:
-# public static void main( String[] args )
-# throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidCipherTextException
-# {
-# X9ECParameters spec = SECNamedCurves.getByName( "secp160r1" );
-# ECDomainParameters ecDomain = new ECDomainParameters( spec.getCurve(), spec.getG(), spec.getN() );
+#public static void main(String[] args)
+# throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidCipherTextException {
+# X9ECParameters spec = SECNamedCurves.getByName("secp521r1");
+# ECDomainParameters ecDomain = new ECDomainParameters(spec.getCurve(), spec.getG(), spec.getN());
+#
+# ECPrivateKeyParameters alice = new ECPrivateKeyParameters(
+# new BigInteger("4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823", 10), ecDomain);
+# ECPrivateKeyParameters bob = new ECPrivateKeyParameters(
+# new BigInteger("2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153", 10), ecDomain);
+# ECPublicKeyParameters alicePublicKey = new ECPublicKeyParameters(
+# alice.getParameters().getG().multiply(alice.getD()), alice.getParameters());
+# ECPublicKeyParameters bobPublicKey = new ECPublicKeyParameters(bob.getParameters().getG().multiply(bob.getD()),
+# bob.getParameters());
#
-# ECPrivateKeyParameters alice = new ECPrivateKeyParameters( new BigInteger( "1239488582848888730519239446720775754920686817364", 10 ), ecDomain );
-# ECPrivateKeyParameters bob = new ECPrivateKeyParameters( new BigInteger( "1255825134563225934367124570783723166851629196761", 10 ), ecDomain );
-# ECPublicKeyParameters alicePublicKey = new ECPublicKeyParameters( alice.getParameters().getG().multiply( alice.getD() ), alice.getParameters() );
-# ECPublicKeyParameters bobPublicKey = new ECPublicKeyParameters( bob.getParameters().getG().multiply( bob.getD() ), bob.getParameters() );
+# byte[] d = new byte[0];
+# byte[] e = "Test".getBytes();
+# //byte[] e = new byte[0];
+# //byte[] iv = new byte[16];
+# byte[] iv = Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
+# int mac_key_len = 128;
+# int dem_key_len = 256;
+# CipherParameters p = new ParametersWithIV(new IESWithCipherParameters(d, e, mac_key_len, dem_key_len), iv);
+#
+# IESEngine ecies = new IESEngine(new ECDHBasicAgreement(), new KDF1BytesGenerator(new SHA512Digest()),
+# new HMac(new SHA512Digest()), new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine())));
+# ecies.init(true, alice, bobPublicKey, p);
#
-# byte[] d = new byte[ 0 ];
-# byte[] e = new byte[ 0 ];
-# byte[] iv = new byte[ 16 ];
-# CipherParameters p = new ParametersWithIV( new IESWithCipherParameters( d, e, 160, 256 ), iv );
-#
-# IESEngine ecies =
-# new IESEngine( new ECDHBasicAgreement(), new KDF2BytesGenerator( new SHA1Digest() ), new HMac( new SHA256Digest() ), new PaddedBufferedBlockCipher( new CBCBlockCipher(
-# new AESEngine() ) ) );
-# ecies.init( true, alice, bobPublicKey, p );
-#
-# byte[] message = Hex.decode( "00" );
-# byte[] result = ecies.processBlock( message, 0, message.length );
-#
-# byte[] ephPublicKey = alicePublicKey.getQ().getEncoded( true );
-# byte[] out = Arrays.concatenate( ephPublicKey, result );
-#
-# System.out.println( Hex.toHexString( out ) );
+# byte[] message = Hex.decode("000102030405060708090A0B0C0D0E0F");
+# byte[] result = ecies.processBlock(message, 0, message.length);
+#
+# byte[] ephPublicKey = alicePublicKey.getQ().getEncoded(true);
+# byte[] out = Arrays.concatenate(ephPublicKey, result);
+#
+# System.out.println("Curve = secp521r1");
+# System.out.println("PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823");
+# System.out.println("OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153");
+# System.out.println("Kdf = KDF1-18033(SHA-512)");
+# System.out.println("Dem = AES-256/CBC");
+# System.out.println("DemKeyLen = " + dem_key_len / 8);
+# System.out.println("Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
+# System.out.println("Mac = HMAC(SHA-512)");
+# System.out.println("MacKeyLen = " + mac_key_len / 8 );
+# System.out.println("Format = uncompressed");
+# System.out.println("CofactorMode = 0");
+# System.out.println("OldCofactorMode = 0");
+# System.out.println("CheckMode = 0");
+# System.out.println("SingleHashMode = 1");
+# System.out.println("Label = Test");
+# System.out.println("Plaintext = " + Hex.toHexString(message).toUpperCase() );
+# System.out.println("Ciphertext = " + Hex.toHexString( out ).toUpperCase());
# }
Curve = secp160r1
@@ -49,6 +70,24 @@ Label =
Plaintext = 00
Ciphertext = 02b26eafa6b51a39790c32a75c2f10b3e8e89d698a6da2667af153734225c8922800db5e10b73975848cceac0fc78cef589b2e93a81cc204dbc7b9b901cbaa4509e61141d7
+Curve = secp160r1
+PrivateKey = 1239488582848888730519239446720775754920686817364
+OtherPrivateKey = 1255825134563225934367124570783723166851629196761
+Kdf = KDF1-18033(SHA-1)
+Dem = AES-256/CBC
+DemKeyLen = 32
+Iv = 00000000000000000000000000000000
+Mac = HMAC(SHA-256)
+MacKeyLen = 20
+Format = compressed
+CofactorMode = 0
+OldCofactorMode = 0
+CheckMode = 0
+SingleHashMode = 1
+Label =
+Plaintext = 00
+Ciphertext = 02b26eafa6b51a39790c32a75c2f10b3e8e89d698aa9467d2b3b27cf8b50794387d9736d99eb055524f926f1b4a60371f016977c0e164045a0547f8bd2bcdb29728183c222
+
Curve = secp521r1
PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823
OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153
@@ -67,6 +106,60 @@ Label = Test
Plaintext = 000102030405060708090A0B0C0D0E0F
Ciphertext = 0401519eaa0489ff9d51e98e4c22349463e2001cd06f8ce47d81d4007a79acf98e92c814686477cea666efc277dc84e15fc95e38aff8e16d478a44cd5c5f1517f8b1f300000591317f261c3d04a7207f01eae3ec70f23600f82c53cc0b85be7ac9f6ce79ef2ab416e5934d61ba9d346385d7545c57f77c7ea7c58e18c70cbfb0a24ae1b994eda8dbc666713558717077dde021d9252b7f68eef0bc369086f6a6cb991fcc2fbcac3671a122ba18541790974cef7420cb53e7d6f30d1b808dddd58a63413f7b
+Curve = secp521r1
+PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823
+OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153
+Kdf = KDF1-18033(SHA-1)
+Dem = Camellia-128/CBC
+DemKeyLen = 16
+Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+Mac = HMAC(SHA-256)
+MacKeyLen = 16
+Format = uncompressed
+CofactorMode = 0
+OldCofactorMode = 0
+CheckMode = 0
+SingleHashMode = 1
+Label = Test
+Plaintext = 000102030405060708090a0b0c0d0e0f
+Ciphertext = 0401519eaa0489ff9d51e98e4c22349463e2001cd06f8ce47d81d4007a79acf98e92c814686477cea666efc277dc84e15fc95e38aff8e16d478a44cd5c5f1517f8b1f300000591317f261c3d04a7207f01eae3ec70f23600f82c53cc0b85be7ac9f6ce79ef2ab416e5934d61ba9d346385d7545c57f77c7ea7c58e18c70cbfb0a24ae1b994df33ebfb0412ed20e9b10fa3371b64420cb9075da96e37ee2301092f373a857c8f63180bac35e5728890000f19c6322834e911e74f55c8fcb506a9d1533a75e7
+
+Curve = secp521r1
+PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823
+OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153
+Kdf = KDF2(SHA-512)
+Dem = AES-256/CBC
+DemKeyLen = 32
+Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+Mac = HMAC(SHA-512)
+MacKeyLen = 16
+Format = compressed
+CofactorMode = 0
+OldCofactorMode = 0
+CheckMode = 0
+SingleHashMode = 1
+Label = Test
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 0201519EAA0489FF9D51E98E4C22349463E2001CD06F8CE47D81D4007A79ACF98E92C814686477CEA666EFC277DC84E15FC95E38AFF8E16D478A44CD5C5F1517F8B1F30C4363152545731911C03AE45244C41218A63E8DED4C56B9AE2FD7C022C75023D42A3D8D31BE83D80802938B5FEA25DA10323FEAC30ECB37C612EBF00D583FA02B0812F3F52F271B0C50AA2798594AF5CDA577C701F693A3255D0321CDFCC88A
+
+Curve = secp521r1
+PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823
+OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153
+Kdf = KDF1-18033(SHA-512)
+Dem = AES-256/CBC
+DemKeyLen = 32
+Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+Mac = HMAC(SHA-512)
+MacKeyLen = 16
+Format = compressed
+CofactorMode = 0
+OldCofactorMode = 0
+CheckMode = 0
+SingleHashMode = 1
+Label = Test
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 0201519EAA0489FF9D51E98E4C22349463E2001CD06F8CE47D81D4007A79ACF98E92C814686477CEA666EFC277DC84E15FC95E38AFF8E16D478A44CD5C5F1517F8B1F3B4D4D7BF8B86834928A86567A7C5AF80538D7F5EFF49F3A14947503EB8ACCC90D916CDC07C0AC00A9D558857F2C2EC3DC5142713F4A4AE0334987BCC3DCE9ABB4403A674F3821124D29D92F184568BA31FC60F1C0C58B4CBBCD6BD588462FC50
+
# use secp112r2 - curve with cofactor != 1
Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS-----
PrivateKey = 656008468895526658474428975817604
@@ -105,7 +198,61 @@ Label = Test
Plaintext = 000102030405060708090A0B0C0D0E0F
Ciphertext = 048c40bda0986dadeb651178b4a8e64b7735fb02f43e621151849ea761230f2bddf1ffa3262673bcb3f468dd8b92c31a32e23935cfd27dfcc123928a18bbc82bdcada733be6d42119d3fb968ac4b77fff9a47d336fa025bfad3ee54286
-# bouncycastle does not support aead ciphers with IESEngine -> the following ciphertext has been created with botan (asserts deterministic ciphertext)
+Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS-----
+PrivateKey = 656008468895526658474428975817604
+OtherPrivateKey = 563449446384594847151017584539074
+Kdf = KDF1-18033(SHA-1)
+Dem = Camellia-128/CBC
+DemKeyLen = 16
+Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+Mac = HMAC(SHA-256)
+MacKeyLen = 16
+Format = uncompressed
+CofactorMode = 1
+OldCofactorMode = 0
+CheckMode = 0
+SingleHashMode = 1
+Label = Test
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 048C40BDA0986DADEB651178B4A8E64B7735FB02F43E621151849EA76156865605D031B2DE966E35FE7A8201139C30B19DF8E3CE86657032AE1A1397FD00B223AFC1123550A8ABB3983A9F62C5CC1D9A34B8BD938921D67AE08E07211E
+
+Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS-----
+PrivateKey = 656008468895526658474428975817604
+OtherPrivateKey = 563449446384594847151017584539074
+Kdf = KDF2(SHA-512)
+Dem = AES-256/CBC
+DemKeyLen = 32
+Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+Mac = HMAC(SHA-512)
+MacKeyLen = 16
+Format = uncompressed
+CofactorMode = 1
+OldCofactorMode = 0
+CheckMode = 0
+SingleHashMode = 1
+Label = Test
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 048C40BDA0986DADEB651178B4A8E64B7735FB02F43E621151849EA7616B60902979DFC4E153E419820187D5240C4056F0B59714BFD01F1F7F6F95BD208C8A415DFC474CE1A39D5129B30787338BF3A1607CBEBA9D182EA586917339748BFFA0D4112D84DCFA199E945E0318504B5BA906D70210E5044462BDC646BE95
+
+Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS-----
+PrivateKey = 656008468895526658474428975817604
+OtherPrivateKey = 563449446384594847151017584539074
+Kdf = KDF1-18033(SHA-512)
+Dem = AES-256/CBC
+DemKeyLen = 32
+Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+Mac = HMAC(SHA-512)
+MacKeyLen = 16
+Format = uncompressed
+CofactorMode = 1
+OldCofactorMode = 0
+CheckMode = 0
+SingleHashMode = 1
+Label = Test
+Plaintext = 000102030405060708090A0B0C0D0E0F
+Ciphertext = 048C40BDA0986DADEB651178B4A8E64B7735FB02F43E621151849EA76132283FD2CF897E305A0517EECD84B2D9022E5C5EB8E3BA9489F090070530B3CE946017112D1754A4AE14D981EEB2B4A4A0216D8DEAB1ED4330B49535A132DB0E9D5BD4B9FA1EB042A323A3C262B95980CFFCF77B23B9D17EA2377D2AD1811CE4
+
+######################## bouncycastle does not support aead ciphers with IESEngine -> the following ciphertext has been created with botan (asserts deterministic ciphertext)
Curve = brainpool512r1
PrivateKey = 7978796978847894400103470063598909318992754342406974939475470191530421638356103244921001321651015274653183103561457607601257178840534133802655904526250737
diff --git a/src/tests/test_ecies.cpp b/src/tests/test_ecies.cpp
index 40fb7a2dc..dea9b6266 100644
--- a/src/tests/test_ecies.cpp
+++ b/src/tests/test_ecies.cpp
@@ -1,5 +1,6 @@
/*
* (C) 2016 Philipp Weber
+* (C) 2016 Daniel Neus
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -248,6 +249,213 @@ class ECIES_Tests : public Text_Based_Test
BOTAN_REGISTER_TEST("ecies", ECIES_Tests);
+#if defined(BOTAN_HAS_KDF1_18033) && defined(BOTAN_HAS_HMAC) && defined(BOTAN_HAS_AES)
+
+Test::Result test_other_key_not_set()
+ {
+ Test::Result result("ECIES other key not set");
+
+ const Flags flags = ecies_flags(false, false, false, true);
+ const Botan::EC_Group domain("secp521r1");
+ const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407"
+ "5002761777100287880684822948852132235484464537021197213998300006"
+ "547176718172344447619746779823");
+
+ const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value);
+ const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32,
+ "HMAC(SHA-512)", 20, Botan::PointGFp::Compression_Type::COMPRESSED,
+ flags);
+
+ Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params);
+
+ result.test_throws("encrypt not possible without setting other public key", [ &ecies_enc ]()
+ {
+ ecies_enc.encrypt(std::vector<byte>(8), Test::rng());
+ });
+
+ return result;
+ }
+
+Test::Result test_kdf_not_found()
+ {
+ Test::Result result("ECIES kdf not found");
+
+ const Flags flags = ecies_flags(false, false, false, true);
+ const Botan::EC_Group domain("secp521r1");
+ const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407"
+ "5002761777100287880684822948852132235484464537021197213998300006"
+ "547176718172344447619746779823");
+
+ const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value);
+ const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF-XYZ(SHA-512)", "AES-256/CBC", 32,
+ "HMAC(SHA-512)", 20, Botan::PointGFp::Compression_Type::COMPRESSED,
+ flags);
+
+ Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params);
+
+ result.test_throws("kdf not found", [ &ecies_enc ]()
+ {
+ ecies_enc.encrypt(std::vector<byte>(8), Test::rng());
+ });
+
+ return result;
+ }
+
+Test::Result test_mac_not_found()
+ {
+ Test::Result result("ECIES mac not found");
+
+ const Flags flags = ecies_flags(false, false, false, true);
+ const Botan::EC_Group domain("secp521r1");
+ const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407"
+ "5002761777100287880684822948852132235484464537021197213998300006"
+ "547176718172344447619746779823");
+
+ const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value);
+ const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32,
+ "XYZMAC(SHA-512)", 20, Botan::PointGFp::Compression_Type::COMPRESSED,
+ flags);
+
+ Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params);
+
+ result.test_throws("mac not found", [ &ecies_enc ]()
+ {
+ ecies_enc.encrypt(std::vector<byte>(8), Test::rng());
+ });
+
+ return result;
+ }
+
+Test::Result test_cipher_not_found()
+ {
+ Test::Result result("ECIES cipher not found");
+
+ const Flags flags = ecies_flags(false, false, false, true);
+ const Botan::EC_Group domain("secp521r1");
+ const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407"
+ "5002761777100287880684822948852132235484464537021197213998300006"
+ "547176718172344447619746779823");
+
+ const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value);
+ const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF1-18033(SHA-512)", "AES-XYZ-256/CBC", 32,
+ "HMAC(SHA-512)", 20, Botan::PointGFp::Compression_Type::COMPRESSED,
+ flags);
+
+ Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params);
+
+ result.test_throws("cipher not found", [ &ecies_enc ]()
+ {
+ ecies_enc.encrypt(std::vector<byte>(8), Test::rng());
+ });
+
+ return result;
+ }
+
+Test::Result test_system_params_short_ctor()
+ {
+ Test::Result result("ECIES short system params ctor");
+
+ const Botan::EC_Group domain("secp521r1");
+ const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407"
+ "5002761777100287880684822948852132235484464537021197213998300006"
+ "547176718172344447619746779823");
+
+ const Botan::BigInt other_private_key_value("2294226772740614508941417891614236736606752960073669253551166842"
+ "5866095315090327914760325168219669828915074071456176066304457448"
+ "25404691681749451640151380153");
+
+ const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value);
+ const Botan::ECDH_PrivateKey other_private_key(Test::rng(), domain, other_private_key_value);
+
+ const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32,
+ "HMAC(SHA-512)", 16);
+
+ const Botan::InitializationVector iv("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF");
+ const std::string label = "Test";
+
+ const std::vector<byte> plaintext = Botan::hex_decode("000102030405060708090A0B0C0D0E0F");
+
+ // generated with botan
+ const std::vector<byte> ciphertext = Botan::hex_decode("0401519EAA0489FF9D51E98E4C22349463E2001CD06F8CE47D81D4007A"
+ "79ACF98E92C814686477CEA666EFC277DC84E15FC95E38AFF8E16D478A"
+ "44CD5C5F1517F8B1F300000591317F261C3D04A7207F01EAE3EC70F2360"
+ "0F82C53CC0B85BE7AC9F6CE79EF2AB416E5934D61BA9D346385D7545C57F"
+ "77C7EA7C58E18C70CBFB0A24AE1B9943EC5A8D0657522CCDF30BA95674D81"
+ "B397635D215178CD13BD9504AE957A9888F4128FFC0F0D3F1CEC646AEC8CE"
+ "3F2463D233B22A7A12B679F4C06501F584D4DEFF6D26592A8D873398BD892"
+ "B477B3468813C053DA43C4F3D49009F7A12D6EF7");
+
+ check_encrypt_decrypt(result, private_key, other_private_key, ecies_params, iv, label, plaintext, ciphertext);
+
+ return result;
+ }
+
+Test::Result test_ciphertext_too_short()
+ {
+ Test::Result result("ECIES ciphertext too short");
+
+ const Botan::EC_Group domain("secp521r1");
+ const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407"
+ "5002761777100287880684822948852132235484464537021197213998300006"
+ "547176718172344447619746779823");
+
+ const Botan::BigInt other_private_key_value("2294226772740614508941417891614236736606752960073669253551166842"
+ "5866095315090327914760325168219669828915074071456176066304457448"
+ "25404691681749451640151380153");
+
+ const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value);
+ const Botan::ECDH_PrivateKey other_private_key(Test::rng(), domain, other_private_key_value);
+
+ const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32,
+ "HMAC(SHA-512)", 16);
+
+ Botan::ECIES_Decryptor ecies_dec(other_private_key, ecies_params);
+
+ result.test_throws("ciphertext too short", [ &ecies_dec ]()
+ {
+ ecies_dec.decrypt(Botan::hex_decode("0401519EAA0489FF9D51E98E4C22349A"));
+ });
+
+ return result;
+ }
+
+class ECIES_Unit_Tests : public Test
+ {
+ public:
+ std::vector<Test::Result> run() override
+ {
+ std::vector<Test::Result> results;
+
+ std::vector<std::function<Test::Result()>> fns =
+ {
+ test_other_key_not_set,
+ test_kdf_not_found,
+ test_mac_not_found,
+ test_cipher_not_found,
+ test_system_params_short_ctor,
+ test_ciphertext_too_short
+ };
+
+ for(size_t i = 0; i != fns.size(); ++i)
+ {
+ try
+ {
+ results.push_back(fns[ i ]());
+ }
+ catch(std::exception& e)
+ {
+ results.push_back(Test::Result::Failure("ECIES unit tests " + std::to_string(i), e.what()));
+ }
+ }
+
+ return results;
+ }
+ };
+
+BOTAN_REGISTER_TEST("ecies-unit", ECIES_Unit_Tests);
+
+#endif
+
#endif
}