214 lines
8.1 KiB
Python
214 lines
8.1 KiB
Python
# ===================================================================
|
|
#
|
|
# Copyright (c) 2014, Legrandin <helderijs@gmail.com>
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions
|
|
# are met:
|
|
#
|
|
# 1. Redistributions of source code must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
# 2. Redistributions in binary form must reproduce the above copyright
|
|
# notice, this list of conditions and the following disclaimer in
|
|
# the documentation and/or other materials provided with the
|
|
# distribution.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
# COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
|
# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
|
|
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
# POSSIBILITY OF SUCH DAMAGE.
|
|
# ===================================================================
|
|
|
|
import os
|
|
import re
|
|
import unittest
|
|
from binascii import unhexlify, hexlify
|
|
|
|
from Crypto.Util.py3compat import b, tobytes, bchr
|
|
from Crypto.Util.strxor import strxor_c
|
|
from Crypto.SelfTest.st_common import list_test_cases
|
|
|
|
from Crypto.Cipher import ChaCha20
|
|
|
|
|
|
class ChaCha20Test(unittest.TestCase):
|
|
|
|
def test_new_positive(self):
|
|
cipher = ChaCha20.new(key=b("0")*32, nonce=b("0")*8)
|
|
self.assertEqual(cipher.nonce, b("0") * 8)
|
|
|
|
def test_new_negative(self):
|
|
new = ChaCha20.new
|
|
self.assertRaises(TypeError, new)
|
|
self.assertRaises(TypeError, new, nonce=b("0"))
|
|
self.assertRaises(ValueError, new, nonce=b("0")*8, key=b("0"))
|
|
self.assertRaises(ValueError, new, nonce=b("0"), key=b("0")*32)
|
|
|
|
def test_default_nonce(self):
|
|
cipher1 = ChaCha20.new(key=bchr(1) * 32)
|
|
cipher2 = ChaCha20.new(key=bchr(1) * 32)
|
|
self.assertEqual(len(cipher1.nonce), 8)
|
|
self.assertNotEqual(cipher1.nonce, cipher2.nonce)
|
|
|
|
def test_eiter_encrypt_or_decrypt(self):
|
|
"""Verify that a cipher cannot be used for both decrypting and encrypting"""
|
|
|
|
c1 = ChaCha20.new(key=b("5") * 32, nonce=b("6") * 8)
|
|
c1.encrypt(b("8"))
|
|
self.assertRaises(TypeError, c1.decrypt, b("9"))
|
|
|
|
c2 = ChaCha20.new(key=b("5") * 32, nonce=b("6") * 8)
|
|
c2.decrypt(b("8"))
|
|
self.assertRaises(TypeError, c2.encrypt, b("9"))
|
|
|
|
def test_round_trip(self):
|
|
pt = b("A") * 1024
|
|
c1 = ChaCha20.new(key=b("5") * 32, nonce=b("6") * 8)
|
|
c2 = ChaCha20.new(key=b("5") * 32, nonce=b("6") * 8)
|
|
ct = c1.encrypt(pt)
|
|
self.assertEqual(c2.decrypt(ct), pt)
|
|
|
|
self.assertEqual(c1.encrypt(b("")), b(""))
|
|
self.assertEqual(c2.decrypt(b("")), b(""))
|
|
|
|
def test_streaming(self):
|
|
"""Verify that an arbitrary number of bytes can be encrypted/decrypted"""
|
|
from Crypto.Hash import SHA1
|
|
|
|
segments = (1, 3, 5, 7, 11, 17, 23)
|
|
total = sum(segments)
|
|
|
|
pt = b("")
|
|
while len(pt) < total:
|
|
pt += SHA1.new(pt).digest()
|
|
|
|
cipher1 = ChaCha20.new(key=b("7") * 32, nonce=b("t") * 8)
|
|
ct = cipher1.encrypt(pt)
|
|
|
|
cipher2 = ChaCha20.new(key=b("7") * 32, nonce=b("t") * 8)
|
|
cipher3 = ChaCha20.new(key=b("7") * 32, nonce=b("t") * 8)
|
|
idx = 0
|
|
for segment in segments:
|
|
self.assertEqual(cipher2.decrypt(ct[idx:idx+segment]), pt[idx:idx+segment])
|
|
self.assertEqual(cipher3.encrypt(pt[idx:idx+segment]), ct[idx:idx+segment])
|
|
idx += segment
|
|
|
|
def test_seek(self):
|
|
cipher1 = ChaCha20.new(key=b("9") * 32, nonce=b("e") * 8)
|
|
|
|
offset = 64 * 900 + 7
|
|
pt = b("1") * 64
|
|
|
|
cipher1.encrypt(b("0") * offset)
|
|
ct1 = cipher1.encrypt(pt)
|
|
|
|
cipher2 = ChaCha20.new(key=b("9") * 32, nonce=b("e") * 8)
|
|
cipher2.seek(offset)
|
|
ct2 = cipher2.encrypt(pt)
|
|
|
|
self.assertEqual(ct1, ct2)
|
|
|
|
def test_seek_tv(self):
|
|
# Test Vector #4, A.1 from
|
|
# http://tools.ietf.org/html/draft-nir-cfrg-chacha20-poly1305-04
|
|
key = bchr(0) + bchr(255) + bchr(0) * 30
|
|
nonce = bchr(0) * 8
|
|
cipher = ChaCha20.new(key=key, nonce=nonce)
|
|
cipher.seek(64 * 2)
|
|
expected_key_stream = unhexlify(b(
|
|
"72d54dfbf12ec44b362692df94137f32"
|
|
"8fea8da73990265ec1bbbea1ae9af0ca"
|
|
"13b25aa26cb4a648cb9b9d1be65b2c09"
|
|
"24a66c54d545ec1b7374f4872e99f096"
|
|
))
|
|
ct = cipher.encrypt(bchr(0) * len(expected_key_stream))
|
|
self.assertEqual(expected_key_stream, ct)
|
|
|
|
|
|
class ChaCha20_AGL_NIR(unittest.TestCase):
|
|
|
|
# From http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-04
|
|
# and http://tools.ietf.org/html/draft-nir-cfrg-chacha20-poly1305-04
|
|
tv = [
|
|
( "00" * 32,
|
|
"00" * 8,
|
|
"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc"
|
|
"8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11c"
|
|
"c387b669b2ee6586"
|
|
"9f07e7be5551387a98ba977c732d080d"
|
|
"cb0f29a048e3656912c6533e32ee7aed"
|
|
"29b721769ce64e43d57133b074d839d5"
|
|
"31ed1f28510afb45ace10a1f4b794d6f"
|
|
),
|
|
( "00" * 31 + "01",
|
|
"00" * 8,
|
|
"4540f05a9f1fb296d7736e7b208e3c96eb4fe1834688d2604f450952"
|
|
"ed432d41bbe2a0b6ea7566d2a5d1e7e20d42af2c53d792b1c43fea81"
|
|
"7e9ad275ae546963"
|
|
"3aeb5224ecf849929b9d828db1ced4dd"
|
|
"832025e8018b8160b82284f3c949aa5a"
|
|
"8eca00bbb4a73bdad192b5c42f73f2fd"
|
|
"4e273644c8b36125a64addeb006c13a0"
|
|
),
|
|
( "00" * 32,
|
|
"00" * 7 + "01",
|
|
"de9cba7bf3d69ef5e786dc63973f653a0b49e015adbff7134fcb7df1"
|
|
"37821031e85a050278a7084527214f73efc7fa5b5277062eb7a0433e"
|
|
"445f41e3"
|
|
),
|
|
( "00" * 32,
|
|
"01" + "00" * 7,
|
|
"ef3fdfd6c61578fbf5cf35bd3dd33b8009631634d21e42ac33960bd1"
|
|
"38e50d32111e4caf237ee53ca8ad6426194a88545ddc497a0b466e7d"
|
|
"6bbdb0041b2f586b"
|
|
),
|
|
( "000102030405060708090a0b0c0d0e0f101112131415161718191a1b"
|
|
"1c1d1e1f",
|
|
"0001020304050607",
|
|
"f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56"
|
|
"f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f1"
|
|
"5916155c2be8241a38008b9a26bc35941e2444177c8ade6689de9526"
|
|
"4986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e"
|
|
"09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a4750"
|
|
"32b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c5"
|
|
"07b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f7"
|
|
"6dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2"
|
|
"ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb3ab7"
|
|
"8fab78c9"
|
|
),
|
|
( "00" * 32,
|
|
"00" * 7 + "02",
|
|
"c2c64d378cd536374ae204b9ef933fcd"
|
|
"1a8b2288b3dfa49672ab765b54ee27c7"
|
|
"8a970e0e955c14f3a88e741b97c286f7"
|
|
"5f8fc299e8148362fa198a39531bed6d"
|
|
),
|
|
]
|
|
|
|
def runTest(self):
|
|
for (key, nonce, stream) in self.tv:
|
|
c = ChaCha20.new(key=unhexlify(b(key)), nonce=unhexlify(b(nonce)))
|
|
ct = unhexlify(b(stream))
|
|
pt = b("\x00") * len(ct)
|
|
self.assertEqual(c.encrypt(pt), ct)
|
|
|
|
def get_tests(config={}):
|
|
tests = []
|
|
tests += list_test_cases(ChaCha20Test)
|
|
tests.append(ChaCha20_AGL_NIR())
|
|
return tests
|
|
|
|
|
|
if __name__ == '__main__':
|
|
import unittest
|
|
suite = lambda: unittest.TestSuite(get_tests())
|
|
unittest.main(defaultTest='suite')
|