diff options
-rw-r--r-- | src/lib/pubkey/ecies/ecies.h | 4 | ||||
-rw-r--r-- | src/tests/data/pubkey/ecies.vec | 203 | ||||
-rw-r--r-- | src/tests/test_ecies.cpp | 208 |
3 files changed, 385 insertions, 30 deletions
diff --git a/src/lib/pubkey/ecies/ecies.h b/src/lib/pubkey/ecies/ecies.h index 1008473c9..0bc0bf76e 100644 --- a/src/lib/pubkey/ecies/ecies.h +++ b/src/lib/pubkey/ecies/ecies.h @@ -126,8 +126,6 @@ class BOTAN_DLL ECIES_System_Params : public ECIES_KA_Params * @param dem_key_len length of the key used for the data encryption method * @param mac_spec name of the message authentication code * @param mac_key_len length of the key used for the message authentication code - * @param compression_type format of encoded keys (affects the secret derivation if single_hash_mode is used) - * @param flags options, see documentation of ECIES_Flags */ ECIES_System_Params(const EC_Group& domain, const std::string& kdf_spec, const std::string& dem_algo_spec, size_t dem_key_len, const std::string& mac_spec, size_t mac_key_len); @@ -139,6 +137,8 @@ class BOTAN_DLL ECIES_System_Params : public ECIES_KA_Params * @param dem_key_len length of the key used for the data encryption method * @param mac_spec name of the message authentication code * @param mac_key_len length of the key used for the message authentication code + * @param compression_type format of encoded keys (affects the secret derivation if single_hash_mode is used) + * @param flags options, see documentation of ECIES_Flags */ ECIES_System_Params(const EC_Group& domain, const std::string& kdf_spec, const std::string& dem_algo_spec, size_t dem_key_len, const std::string& mac_spec, size_t mac_key_len, diff --git a/src/tests/data/pubkey/ecies.vec b/src/tests/data/pubkey/ecies.vec index 7ae73c30f..a8dd03a48 100644 --- a/src/tests/data/pubkey/ecies.vec +++ b/src/tests/data/pubkey/ecies.vec @@ -1,34 +1,55 @@ # random keys created by botan -# ciphertext created with bouncycastle 1.54. example: -# public static void main( String[] args ) -# throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidCipherTextException -# { -# X9ECParameters spec = SECNamedCurves.getByName( "secp160r1" ); -# ECDomainParameters ecDomain = new ECDomainParameters( spec.getCurve(), spec.getG(), spec.getN() ); +#public static void main(String[] args) +# throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidCipherTextException { +# X9ECParameters spec = SECNamedCurves.getByName("secp521r1"); +# ECDomainParameters ecDomain = new ECDomainParameters(spec.getCurve(), spec.getG(), spec.getN()); +# +# ECPrivateKeyParameters alice = new ECPrivateKeyParameters( +# new BigInteger("4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823", 10), ecDomain); +# ECPrivateKeyParameters bob = new ECPrivateKeyParameters( +# new BigInteger("2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153", 10), ecDomain); +# ECPublicKeyParameters alicePublicKey = new ECPublicKeyParameters( +# alice.getParameters().getG().multiply(alice.getD()), alice.getParameters()); +# ECPublicKeyParameters bobPublicKey = new ECPublicKeyParameters(bob.getParameters().getG().multiply(bob.getD()), +# bob.getParameters()); # -# ECPrivateKeyParameters alice = new ECPrivateKeyParameters( new BigInteger( "1239488582848888730519239446720775754920686817364", 10 ), ecDomain ); -# ECPrivateKeyParameters bob = new ECPrivateKeyParameters( new BigInteger( "1255825134563225934367124570783723166851629196761", 10 ), ecDomain ); -# ECPublicKeyParameters alicePublicKey = new ECPublicKeyParameters( alice.getParameters().getG().multiply( alice.getD() ), alice.getParameters() ); -# ECPublicKeyParameters bobPublicKey = new ECPublicKeyParameters( bob.getParameters().getG().multiply( bob.getD() ), bob.getParameters() ); +# byte[] d = new byte[0]; +# byte[] e = "Test".getBytes(); +# //byte[] e = new byte[0]; +# //byte[] iv = new byte[16]; +# byte[] iv = Hex.decode("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); +# int mac_key_len = 128; +# int dem_key_len = 256; +# CipherParameters p = new ParametersWithIV(new IESWithCipherParameters(d, e, mac_key_len, dem_key_len), iv); +# +# IESEngine ecies = new IESEngine(new ECDHBasicAgreement(), new KDF1BytesGenerator(new SHA512Digest()), +# new HMac(new SHA512Digest()), new PaddedBufferedBlockCipher(new CBCBlockCipher(new AESEngine()))); +# ecies.init(true, alice, bobPublicKey, p); # -# byte[] d = new byte[ 0 ]; -# byte[] e = new byte[ 0 ]; -# byte[] iv = new byte[ 16 ]; -# CipherParameters p = new ParametersWithIV( new IESWithCipherParameters( d, e, 160, 256 ), iv ); -# -# IESEngine ecies = -# new IESEngine( new ECDHBasicAgreement(), new KDF2BytesGenerator( new SHA1Digest() ), new HMac( new SHA256Digest() ), new PaddedBufferedBlockCipher( new CBCBlockCipher( -# new AESEngine() ) ) ); -# ecies.init( true, alice, bobPublicKey, p ); -# -# byte[] message = Hex.decode( "00" ); -# byte[] result = ecies.processBlock( message, 0, message.length ); -# -# byte[] ephPublicKey = alicePublicKey.getQ().getEncoded( true ); -# byte[] out = Arrays.concatenate( ephPublicKey, result ); -# -# System.out.println( Hex.toHexString( out ) ); +# byte[] message = Hex.decode("000102030405060708090A0B0C0D0E0F"); +# byte[] result = ecies.processBlock(message, 0, message.length); +# +# byte[] ephPublicKey = alicePublicKey.getQ().getEncoded(true); +# byte[] out = Arrays.concatenate(ephPublicKey, result); +# +# System.out.println("Curve = secp521r1"); +# System.out.println("PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823"); +# System.out.println("OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153"); +# System.out.println("Kdf = KDF1-18033(SHA-512)"); +# System.out.println("Dem = AES-256/CBC"); +# System.out.println("DemKeyLen = " + dem_key_len / 8); +# System.out.println("Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); +# System.out.println("Mac = HMAC(SHA-512)"); +# System.out.println("MacKeyLen = " + mac_key_len / 8 ); +# System.out.println("Format = uncompressed"); +# System.out.println("CofactorMode = 0"); +# System.out.println("OldCofactorMode = 0"); +# System.out.println("CheckMode = 0"); +# System.out.println("SingleHashMode = 1"); +# System.out.println("Label = Test"); +# System.out.println("Plaintext = " + Hex.toHexString(message).toUpperCase() ); +# System.out.println("Ciphertext = " + Hex.toHexString( out ).toUpperCase()); # } Curve = secp160r1 @@ -49,6 +70,24 @@ Label = Plaintext = 00 Ciphertext = 02b26eafa6b51a39790c32a75c2f10b3e8e89d698a6da2667af153734225c8922800db5e10b73975848cceac0fc78cef589b2e93a81cc204dbc7b9b901cbaa4509e61141d7 +Curve = secp160r1 +PrivateKey = 1239488582848888730519239446720775754920686817364 +OtherPrivateKey = 1255825134563225934367124570783723166851629196761 +Kdf = KDF1-18033(SHA-1) +Dem = AES-256/CBC +DemKeyLen = 32 +Iv = 00000000000000000000000000000000 +Mac = HMAC(SHA-256) +MacKeyLen = 20 +Format = compressed +CofactorMode = 0 +OldCofactorMode = 0 +CheckMode = 0 +SingleHashMode = 1 +Label = +Plaintext = 00 +Ciphertext = 02b26eafa6b51a39790c32a75c2f10b3e8e89d698aa9467d2b3b27cf8b50794387d9736d99eb055524f926f1b4a60371f016977c0e164045a0547f8bd2bcdb29728183c222 + Curve = secp521r1 PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823 OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153 @@ -67,6 +106,60 @@ Label = Test Plaintext = 000102030405060708090A0B0C0D0E0F Ciphertext = 0401519eaa0489ff9d51e98e4c22349463e2001cd06f8ce47d81d4007a79acf98e92c814686477cea666efc277dc84e15fc95e38aff8e16d478a44cd5c5f1517f8b1f300000591317f261c3d04a7207f01eae3ec70f23600f82c53cc0b85be7ac9f6ce79ef2ab416e5934d61ba9d346385d7545c57f77c7ea7c58e18c70cbfb0a24ae1b994eda8dbc666713558717077dde021d9252b7f68eef0bc369086f6a6cb991fcc2fbcac3671a122ba18541790974cef7420cb53e7d6f30d1b808dddd58a63413f7b +Curve = secp521r1 +PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823 +OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153 +Kdf = KDF1-18033(SHA-1) +Dem = Camellia-128/CBC +DemKeyLen = 16 +Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Mac = HMAC(SHA-256) +MacKeyLen = 16 +Format = uncompressed +CofactorMode = 0 +OldCofactorMode = 0 +CheckMode = 0 +SingleHashMode = 1 +Label = Test +Plaintext = 000102030405060708090a0b0c0d0e0f +Ciphertext = 0401519eaa0489ff9d51e98e4c22349463e2001cd06f8ce47d81d4007a79acf98e92c814686477cea666efc277dc84e15fc95e38aff8e16d478a44cd5c5f1517f8b1f300000591317f261c3d04a7207f01eae3ec70f23600f82c53cc0b85be7ac9f6ce79ef2ab416e5934d61ba9d346385d7545c57f77c7ea7c58e18c70cbfb0a24ae1b994df33ebfb0412ed20e9b10fa3371b64420cb9075da96e37ee2301092f373a857c8f63180bac35e5728890000f19c6322834e911e74f55c8fcb506a9d1533a75e7 + +Curve = secp521r1 +PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823 +OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153 +Kdf = KDF2(SHA-512) +Dem = AES-256/CBC +DemKeyLen = 32 +Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Mac = HMAC(SHA-512) +MacKeyLen = 16 +Format = compressed +CofactorMode = 0 +OldCofactorMode = 0 +CheckMode = 0 +SingleHashMode = 1 +Label = Test +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 0201519EAA0489FF9D51E98E4C22349463E2001CD06F8CE47D81D4007A79ACF98E92C814686477CEA666EFC277DC84E15FC95E38AFF8E16D478A44CD5C5F1517F8B1F30C4363152545731911C03AE45244C41218A63E8DED4C56B9AE2FD7C022C75023D42A3D8D31BE83D80802938B5FEA25DA10323FEAC30ECB37C612EBF00D583FA02B0812F3F52F271B0C50AA2798594AF5CDA577C701F693A3255D0321CDFCC88A + +Curve = secp521r1 +PrivateKey = 4050298667054381376040649773970530311598264897556821662677634075002761777100287880684822948852132235484464537021197213998300006547176718172344447619746779823 +OtherPrivateKey = 2294226772740614508941417891614236736606752960073669253551166842586609531509032791476032516821966982891507407145617606630445744825404691681749451640151380153 +Kdf = KDF1-18033(SHA-512) +Dem = AES-256/CBC +DemKeyLen = 32 +Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Mac = HMAC(SHA-512) +MacKeyLen = 16 +Format = compressed +CofactorMode = 0 +OldCofactorMode = 0 +CheckMode = 0 +SingleHashMode = 1 +Label = Test +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 0201519EAA0489FF9D51E98E4C22349463E2001CD06F8CE47D81D4007A79ACF98E92C814686477CEA666EFC277DC84E15FC95E38AFF8E16D478A44CD5C5F1517F8B1F3B4D4D7BF8B86834928A86567A7C5AF80538D7F5EFF49F3A14947503EB8ACCC90D916CDC07C0AC00A9D558857F2C2EC3DC5142713F4A4AE0334987BCC3DCE9ABB4403A674F3821124D29D92F184568BA31FC60F1C0C58B4CBBCD6BD588462FC50 + # use secp112r2 - curve with cofactor != 1 Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS----- PrivateKey = 656008468895526658474428975817604 @@ -105,7 +198,61 @@ Label = Test Plaintext = 000102030405060708090A0B0C0D0E0F Ciphertext = 048c40bda0986dadeb651178b4a8e64b7735fb02f43e621151849ea761230f2bddf1ffa3262673bcb3f468dd8b92c31a32e23935cfd27dfcc123928a18bbc82bdcada733be6d42119d3fb968ac4b77fff9a47d336fa025bfad3ee54286 -# bouncycastle does not support aead ciphers with IESEngine -> the following ciphertext has been created with botan (asserts deterministic ciphertext) +Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS----- +PrivateKey = 656008468895526658474428975817604 +OtherPrivateKey = 563449446384594847151017584539074 +Kdf = KDF1-18033(SHA-1) +Dem = Camellia-128/CBC +DemKeyLen = 16 +Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Mac = HMAC(SHA-256) +MacKeyLen = 16 +Format = uncompressed +CofactorMode = 1 +OldCofactorMode = 0 +CheckMode = 0 +SingleHashMode = 1 +Label = Test +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 048C40BDA0986DADEB651178B4A8E64B7735FB02F43E621151849EA76156865605D031B2DE966E35FE7A8201139C30B19DF8E3CE86657032AE1A1397FD00B223AFC1123550A8ABB3983A9F62C5CC1D9A34B8BD938921D67AE08E07211E + +Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS----- +PrivateKey = 656008468895526658474428975817604 +OtherPrivateKey = 563449446384594847151017584539074 +Kdf = KDF2(SHA-512) +Dem = AES-256/CBC +DemKeyLen = 32 +Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Mac = HMAC(SHA-512) +MacKeyLen = 16 +Format = uncompressed +CofactorMode = 1 +OldCofactorMode = 0 +CheckMode = 0 +SingleHashMode = 1 +Label = Test +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 048C40BDA0986DADEB651178B4A8E64B7735FB02F43E621151849EA7616B60902979DFC4E153E419820187D5240C4056F0B59714BFD01F1F7F6F95BD208C8A415DFC474CE1A39D5129B30787338BF3A1607CBEBA9D182EA586917339748BFFA0D4112D84DCFA199E945E0318504B5BA906D70210E5044462BDC646BE95 + +Curve = -----BEGIN EC PARAMETERS-----MHMCAQEwGgYHKoZIzj0BAQIPANt8Kr9i415mgHa+rSCLMCAEDmEnwkwF84oKqvZcDvAsBA5R3vGBXbXtdPzDTIXXCQQdBEujCrXokrThZJ3QkoZDrc1G9YguN0fe826VbpcCDjbfCq/YuNdZfKEFINBLAgEE-----END EC PARAMETERS----- +PrivateKey = 656008468895526658474428975817604 +OtherPrivateKey = 563449446384594847151017584539074 +Kdf = KDF1-18033(SHA-512) +Dem = AES-256/CBC +DemKeyLen = 32 +Iv = FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF +Mac = HMAC(SHA-512) +MacKeyLen = 16 +Format = uncompressed +CofactorMode = 1 +OldCofactorMode = 0 +CheckMode = 0 +SingleHashMode = 1 +Label = Test +Plaintext = 000102030405060708090A0B0C0D0E0F +Ciphertext = 048C40BDA0986DADEB651178B4A8E64B7735FB02F43E621151849EA76132283FD2CF897E305A0517EECD84B2D9022E5C5EB8E3BA9489F090070530B3CE946017112D1754A4AE14D981EEB2B4A4A0216D8DEAB1ED4330B49535A132DB0E9D5BD4B9FA1EB042A323A3C262B95980CFFCF77B23B9D17EA2377D2AD1811CE4 + +######################## bouncycastle does not support aead ciphers with IESEngine -> the following ciphertext has been created with botan (asserts deterministic ciphertext) Curve = brainpool512r1 PrivateKey = 7978796978847894400103470063598909318992754342406974939475470191530421638356103244921001321651015274653183103561457607601257178840534133802655904526250737 diff --git a/src/tests/test_ecies.cpp b/src/tests/test_ecies.cpp index 40fb7a2dc..dea9b6266 100644 --- a/src/tests/test_ecies.cpp +++ b/src/tests/test_ecies.cpp @@ -1,5 +1,6 @@ /* * (C) 2016 Philipp Weber +* (C) 2016 Daniel Neus * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -248,6 +249,213 @@ class ECIES_Tests : public Text_Based_Test BOTAN_REGISTER_TEST("ecies", ECIES_Tests); +#if defined(BOTAN_HAS_KDF1_18033) && defined(BOTAN_HAS_HMAC) && defined(BOTAN_HAS_AES) + +Test::Result test_other_key_not_set() + { + Test::Result result("ECIES other key not set"); + + const Flags flags = ecies_flags(false, false, false, true); + const Botan::EC_Group domain("secp521r1"); + const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407" + "5002761777100287880684822948852132235484464537021197213998300006" + "547176718172344447619746779823"); + + const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value); + const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32, + "HMAC(SHA-512)", 20, Botan::PointGFp::Compression_Type::COMPRESSED, + flags); + + Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params); + + result.test_throws("encrypt not possible without setting other public key", [ &ecies_enc ]() + { + ecies_enc.encrypt(std::vector<byte>(8), Test::rng()); + }); + + return result; + } + +Test::Result test_kdf_not_found() + { + Test::Result result("ECIES kdf not found"); + + const Flags flags = ecies_flags(false, false, false, true); + const Botan::EC_Group domain("secp521r1"); + const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407" + "5002761777100287880684822948852132235484464537021197213998300006" + "547176718172344447619746779823"); + + const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value); + const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF-XYZ(SHA-512)", "AES-256/CBC", 32, + "HMAC(SHA-512)", 20, Botan::PointGFp::Compression_Type::COMPRESSED, + flags); + + Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params); + + result.test_throws("kdf not found", [ &ecies_enc ]() + { + ecies_enc.encrypt(std::vector<byte>(8), Test::rng()); + }); + + return result; + } + +Test::Result test_mac_not_found() + { + Test::Result result("ECIES mac not found"); + + const Flags flags = ecies_flags(false, false, false, true); + const Botan::EC_Group domain("secp521r1"); + const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407" + "5002761777100287880684822948852132235484464537021197213998300006" + "547176718172344447619746779823"); + + const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value); + const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32, + "XYZMAC(SHA-512)", 20, Botan::PointGFp::Compression_Type::COMPRESSED, + flags); + + Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params); + + result.test_throws("mac not found", [ &ecies_enc ]() + { + ecies_enc.encrypt(std::vector<byte>(8), Test::rng()); + }); + + return result; + } + +Test::Result test_cipher_not_found() + { + Test::Result result("ECIES cipher not found"); + + const Flags flags = ecies_flags(false, false, false, true); + const Botan::EC_Group domain("secp521r1"); + const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407" + "5002761777100287880684822948852132235484464537021197213998300006" + "547176718172344447619746779823"); + + const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value); + const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF1-18033(SHA-512)", "AES-XYZ-256/CBC", 32, + "HMAC(SHA-512)", 20, Botan::PointGFp::Compression_Type::COMPRESSED, + flags); + + Botan::ECIES_Encryptor ecies_enc(private_key, ecies_params); + + result.test_throws("cipher not found", [ &ecies_enc ]() + { + ecies_enc.encrypt(std::vector<byte>(8), Test::rng()); + }); + + return result; + } + +Test::Result test_system_params_short_ctor() + { + Test::Result result("ECIES short system params ctor"); + + const Botan::EC_Group domain("secp521r1"); + const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407" + "5002761777100287880684822948852132235484464537021197213998300006" + "547176718172344447619746779823"); + + const Botan::BigInt other_private_key_value("2294226772740614508941417891614236736606752960073669253551166842" + "5866095315090327914760325168219669828915074071456176066304457448" + "25404691681749451640151380153"); + + const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value); + const Botan::ECDH_PrivateKey other_private_key(Test::rng(), domain, other_private_key_value); + + const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32, + "HMAC(SHA-512)", 16); + + const Botan::InitializationVector iv("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"); + const std::string label = "Test"; + + const std::vector<byte> plaintext = Botan::hex_decode("000102030405060708090A0B0C0D0E0F"); + + // generated with botan + const std::vector<byte> ciphertext = Botan::hex_decode("0401519EAA0489FF9D51E98E4C22349463E2001CD06F8CE47D81D4007A" + "79ACF98E92C814686477CEA666EFC277DC84E15FC95E38AFF8E16D478A" + "44CD5C5F1517F8B1F300000591317F261C3D04A7207F01EAE3EC70F2360" + "0F82C53CC0B85BE7AC9F6CE79EF2AB416E5934D61BA9D346385D7545C57F" + "77C7EA7C58E18C70CBFB0A24AE1B9943EC5A8D0657522CCDF30BA95674D81" + "B397635D215178CD13BD9504AE957A9888F4128FFC0F0D3F1CEC646AEC8CE" + "3F2463D233B22A7A12B679F4C06501F584D4DEFF6D26592A8D873398BD892" + "B477B3468813C053DA43C4F3D49009F7A12D6EF7"); + + check_encrypt_decrypt(result, private_key, other_private_key, ecies_params, iv, label, plaintext, ciphertext); + + return result; + } + +Test::Result test_ciphertext_too_short() + { + Test::Result result("ECIES ciphertext too short"); + + const Botan::EC_Group domain("secp521r1"); + const Botan::BigInt private_key_value("405029866705438137604064977397053031159826489755682166267763407" + "5002761777100287880684822948852132235484464537021197213998300006" + "547176718172344447619746779823"); + + const Botan::BigInt other_private_key_value("2294226772740614508941417891614236736606752960073669253551166842" + "5866095315090327914760325168219669828915074071456176066304457448" + "25404691681749451640151380153"); + + const Botan::ECDH_PrivateKey private_key(Test::rng(), domain, private_key_value); + const Botan::ECDH_PrivateKey other_private_key(Test::rng(), domain, other_private_key_value); + + const Botan::ECIES_System_Params ecies_params(private_key.domain(), "KDF1-18033(SHA-512)", "AES-256/CBC", 32, + "HMAC(SHA-512)", 16); + + Botan::ECIES_Decryptor ecies_dec(other_private_key, ecies_params); + + result.test_throws("ciphertext too short", [ &ecies_dec ]() + { + ecies_dec.decrypt(Botan::hex_decode("0401519EAA0489FF9D51E98E4C22349A")); + }); + + return result; + } + +class ECIES_Unit_Tests : public Test + { + public: + std::vector<Test::Result> run() override + { + std::vector<Test::Result> results; + + std::vector<std::function<Test::Result()>> fns = + { + test_other_key_not_set, + test_kdf_not_found, + test_mac_not_found, + test_cipher_not_found, + test_system_params_short_ctor, + test_ciphertext_too_short + }; + + for(size_t i = 0; i != fns.size(); ++i) + { + try + { + results.push_back(fns[ i ]()); + } + catch(std::exception& e) + { + results.push_back(Test::Result::Failure("ECIES unit tests " + std::to_string(i), e.what())); + } + } + + return results; + } + }; + +BOTAN_REGISTER_TEST("ecies-unit", ECIES_Unit_Tests); + +#endif + #endif } |