AES Decrypt now supports Additional Authenticated Data in GCM mode. Added tests for ADD at each AES size.

This commit is contained in:
n1474335 2021-02-02 17:18:35 +00:00
parent fdffabfdd4
commit 4a673bd92a
6 changed files with 274 additions and 98 deletions

View File

@ -41,8 +41,33 @@ class AESDecrypt extends Operation {
},
{
"name": "Mode",
"type": "option",
"value": ["CBC", "CFB", "OFB", "CTR", "GCM", "ECB"]
"type": "argSelector",
"value": [
{
name: "CBC",
off: [5, 6]
},
{
name: "CFB",
off: [5, 6]
},
{
name: "OFB",
off: [5, 6]
},
{
name: "CTR",
off: [5, 6]
},
{
name: "GCM",
on: [5, 6]
},
{
name: "ECB",
off: [5, 6]
}
]
},
{
"name": "Input",
@ -59,6 +84,11 @@ class AESDecrypt extends Operation {
"type": "toggleString",
"value": "",
"toggleValues": ["Hex", "UTF8", "Latin1", "Base64"]
},
{
"name": "Additional Authenticated Data",
"type": "binaryString",
"value": ""
}
];
}
@ -76,7 +106,8 @@ class AESDecrypt extends Operation {
mode = args[2],
inputType = args[3],
outputType = args[4],
gcmTag = Utils.convertToByteString(args[5].string, args[5].option);
gcmTag = Utils.convertToByteString(args[5].string, args[5].option),
aad = args[6];
if ([16, 24, 32].indexOf(key.length) < 0) {
throw new OperationError(`Invalid key length: ${key.length} bytes
@ -92,7 +123,8 @@ The following algorithms will be used based on the size of the key:
const decipher = forge.cipher.createDecipher("AES-" + mode, key);
decipher.start({
iv: iv.length === 0 ? "" : iv,
tag: gcmTag
tag: mode === "GCM" ? gcmTag : undefined,
additionalData: mode === "GCM" ? aad : undefined
});
decipher.update(forge.util.createBuffer(input));
const result = decipher.finish();

View File

@ -56,7 +56,7 @@ class AESEncrypt extends Operation {
off: [5]
},
{
name:"CTR",
name: "CTR",
off: [5]
},
{
@ -81,7 +81,7 @@ class AESEncrypt extends Operation {
},
{
"name": "Additional Authenticated Data",
"type": "string",
"type": "binaryString",
"value": ""
}
];
@ -99,7 +99,8 @@ class AESEncrypt extends Operation {
iv = Utils.convertToByteString(args[1].string, args[1].option),
mode = args[2],
inputType = args[3],
outputType = args[4];
outputType = args[4],
aad = args[5];
if ([16, 24, 32].indexOf(key.length) < 0) {
throw new OperationError(`Invalid key length: ${key.length} bytes
@ -113,12 +114,10 @@ The following algorithms will be used based on the size of the key:
input = Utils.convertToByteString(input, inputType);
const cipher = forge.cipher.createCipher("AES-" + mode, key);
if (args[5])
cipher.start({iv: iv, additionalData: args[5]});
else
cipher.start({iv: iv});
cipher.start({
iv: iv,
additionalData: mode === "GCM" ? aad : undefined
});
cipher.update(forge.util.createBuffer(input));
cipher.finish();

View File

@ -104,26 +104,26 @@ TestRegister.addTests([
}
]
},
// This test is a bit slow - it takes about 12s on my test hardware
{
name: "Bombe: 4 rotor",
input: "LUOXGJSHGEDSRDOQQX",
expectedMatch: /<td>LHSC<\/td> {2}<td>SS<\/td> {2}<td>HHHSSSGQUUQPKSEKWK<\/td>/,
recipeConfig: [
{
"op": "Bombe",
"args": [
"4-rotor",
"LEYJVCNIXWPBQMDRTAKZGFUHOS", // Beta
"EKMFLGDQVZNTOWYHXUSPAIBRCJ<R", // I
"AJDKSIRUXBLHWTMCQGZNPYFVOE<F", // II
"BDFHJLCPRTXVZNYEIWGAKMUSQO<W", // III
"AE BN CK DQ FU GY HW IJ LO MP RX SZ TV", // B thin
"THISISATESTMESSAGE", 0, false
]
}
]
},
// Takes a while to run, so disabling for general purpose testing. Re-enable if modifying this operation.
// {
// name: "Bombe: 4 rotor",
// input: "LUOXGJSHGEDSRDOQQX",
// expectedMatch: /<td>LHSC<\/td> {2}<td>SS<\/td> {2}<td>HHHSSSGQUUQPKSEKWK<\/td>/,
// recipeConfig: [
// {
// "op": "Bombe",
// "args": [
// "4-rotor",
// "LEYJVCNIXWPBQMDRTAKZGFUHOS", // Beta
// "EKMFLGDQVZNTOWYHXUSPAIBRCJ<R", // I
// "AJDKSIRUXBLHWTMCQGZNPYFVOE<F", // II
// "BDFHJLCPRTXVZNYEIWGAKMUSQO<W", // III
// "AE BN CK DQ FU GY HW IJ LO MP RX SZ TV", // B thin
// "THISISATESTMESSAGE", 0, false
// ]
// }
// ]
// },
{
name: "Bombe: no crib",
input: "JBYALIHDYNUAAVKBYM",

File diff suppressed because one or more lines are too long

View File

@ -25,15 +25,18 @@ TestRegister.addTests([
*
* from Crypto.Cipher import AES
* import binascii
*
* input_data = "0123456789ABCDEF"
* key = binascii.unhexlify("00112233445566778899aabbccddeeff")
* iv = binascii.unhexlify("ffeeddccbbaa99887766554433221100")
* aad = b'additional data'
*
* cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
* cipher.update(aad)
* cipher_text, tag = cipher.encrypt_and_digest(binascii.unhexlify(input_data))
*
* cipher = AES.new(key, AES.MODE_GCM, nonce=iv)
* cipher.update(aad)
* decrypted = cipher.decrypt_and_verify(cipher_text, tag)
*
* key = binascii.hexlify(key).decode("UTF-8")
@ -42,7 +45,7 @@ TestRegister.addTests([
* tag = binascii.hexlify(tag).decode("UTF-8")
* decrypted = binascii.hexlify(decrypted).decode("UTF-8")
*
* print("Key: {}\nIV : {}\nInput data: {}\n\nEncrypted ciphertext: {}\nGCM tag: {}\n\nDecrypted plaintext : {}".format(key, iv, input_data, cipher_text, tag, decrypted))
* print("Key: {}\nIV : {}\nInput data: {}\nAAD: {}\n\nEncrypted ciphertext: {}\nGCM tag: {}\n\nDecrypted plaintext : {}".format(key, iv, input_data, aad, cipher_text, tag, decrypted))
*
*
* Outputs:
@ -192,7 +195,24 @@ Tag: 16a3e732a605cc9ca29108f742ca0743`,
"args": [
{"option": "Hex", "string": "00112233445566778899aabbccddeeff"},
{"option": "Hex", "string": ""},
"GCM", "Raw", "Hex"
"GCM", "Raw", "Hex", ""
]
}
],
},
{
name: "AES Encrypt: AES-128-GCM, ASCII, AAD",
input: "The quick brown fox jumps over the lazy dog.",
expectedOutput: `daa58faa056c52756aa488aeafbd265b6effcf4eca58220a97b0005b1a9b1e1c9e7a6725d35f5f79b9493de7
Tag: 3b5378917f67b0aade9891fc6c291646`,
recipeConfig: [
{
"op": "AES Encrypt",
"args": [
{"option": "Hex", "string": "00112233445566778899aabbccddeeff"},
{"option": "Hex", "string": "ffeeddccbbaa99887766554433221100"},
"GCM", "Raw", "Hex", "additional data"
]
}
],
@ -269,7 +289,24 @@ Tag: 70fad2ca19412c20f40fd06918736e56`,
"args": [
{"option": "Hex", "string": "51e201d463698ef5f717f71f5b4712af"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex"
"GCM", "Hex", "Hex", ""
]
}
],
},
{
name: "AES Encrypt: AES-128-GCM, Binary, AAD",
input: "7a0e643132750e96d805d11e9e48e281fa39a41039286423cc1c045e5442b40bf1c3f2822bded3f9c8ef11cb25da64dda9c7ab87c246bd305385150c98f31465c2a6180fe81d31ea289b916504d5a12e1de26cb10adba84a0cb0c86f94bc14bc554f3018",
expectedOutput: `5a29debb5c5f38cdf8aee421bd94dbbf3399947faddf205f88b3ad8ecb0c51214ec0e28bf78942dfa212d7eb15259bbdcac677b4c05f473eeb9331d74f31d441d97d56eb5c73b586342d72128ca528813543dc0fc7eddb7477172cc9194c18b2e1383e4e
Tag: 61cc4b70809452b0b3e38f913fa0a109`,
recipeConfig: [
{
"op": "AES Encrypt",
"args": [
{"option": "Hex", "string": "51e201d463698ef5f717f71f5b4712af"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex", "additional data"
]
}
],
@ -361,7 +398,24 @@ Tag: 86db597d5302595223cadbd990f1309b`,
"args": [
{"option": "Hex", "string": "6801ed503c9d96ee5f9d78b07ab1b295dba3c2adf81c7816"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex"
"GCM", "Hex", "Hex", ""
]
}
],
},
{
name: "AES Encrypt: AES-192-GCM, Binary, AAD",
input: "7a0e643132750e96d805d11e9e48e281fa39a41039286423cc1c045e5442b40bf1c3f2822bded3f9c8ef11cb25da64dda9c7ab87c246bd305385150c98f31465c2a6180fe81d31ea289b916504d5a12e1de26cb10adba84a0cb0c86f94bc14bc554f3018",
expectedOutput: `318b479d919d506f0cd904f2676fab263a7921b6d7e0514f36e03ae2333b77fa66ef5600babcb2ee9718aeb71fc357412343c1f2cb351d8715bb0aedae4a6468124f9c4aaf6a721b306beddbe63a978bec8baeeba4b663be33ee5bc982746bd4aed1c38b
Tag: aeedf3e6ca4201577c0cf3e9ce58159d`,
recipeConfig: [
{
"op": "AES Encrypt",
"args": [
{"option": "Hex", "string": "6801ed503c9d96ee5f9d78b07ab1b295dba3c2adf81c7816"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex", "additional data"
]
}
],
@ -453,7 +507,24 @@ Tag: 821b1e5f32dad052e502775a523d957a`,
"args": [
{"option": "Hex", "string": "2d767f6e9333d1c77581946e160b2b7368c2cdd5e2b80f04ca09d64e02afbfe1"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex"
"GCM", "Hex", "Hex", ""
]
}
],
},
{
name: "AES Encrypt: AES-256-GCM, Binary, AAD",
input: "7a0e643132750e96d805d11e9e48e281fa39a41039286423cc1c045e5442b40bf1c3f2822bded3f9c8ef11cb25da64dda9c7ab87c246bd305385150c98f31465c2a6180fe81d31ea289b916504d5a12e1de26cb10adba84a0cb0c86f94bc14bc554f3018",
expectedOutput: `1287f188ad4d7ab0d9ff69b3c29cb11f861389532d8cb9337181da2e8cfc74a84927e8c0dd7a28a32fd485afe694259a63c199b199b95edd87c7aa95329feac340f2b78b72956a85f367044d821766b1b7135815571df44900695f1518cf3ae38ecb650f
Tag: a8f04c4d93bbef82bef61a103371aef9`,
recipeConfig: [
{
"op": "AES Encrypt",
"args": [
{"option": "Hex", "string": "2d767f6e9333d1c77581946e160b2b7368c2cdd5e2b80f04ca09d64e02afbfe1"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex", "additional data"
]
}
],
@ -805,7 +876,25 @@ The following algorithms will be used based on the size of the key:
{"option": "Hex", "string": "00112233445566778899aabbccddeeff"},
{"option": "Hex", "string": ""},
"GCM", "Hex", "Raw",
{"option": "Hex", "string": "16a3e732a605cc9ca29108f742ca0743"}
{"option": "Hex", "string": "16a3e732a605cc9ca29108f742ca0743"},
""
]
}
],
},
{
name: "AES Decrypt: AES-128-GCM, ASCII, AAD",
input: "daa58faa056c52756aa488aeafbd265b6effcf4eca58220a97b0005b1a9b1e1c9e7a6725d35f5f79b9493de7",
expectedOutput: "The quick brown fox jumps over the lazy dog.",
recipeConfig: [
{
"op": "AES Decrypt",
"args": [
{"option": "Hex", "string": "00112233445566778899aabbccddeeff"},
{"option": "Hex", "string": "ffeeddccbbaa99887766554433221100"},
"GCM", "Hex", "Raw",
{"option": "Hex", "string": "3b5378917f67b0aade9891fc6c291646"},
"additional data"
]
}
],
@ -885,7 +974,25 @@ The following algorithms will be used based on the size of the key:
{"option": "Hex", "string": "51e201d463698ef5f717f71f5b4712af"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex",
{"option": "Hex", "string": "70fad2ca19412c20f40fd06918736e56"}
{"option": "Hex", "string": "70fad2ca19412c20f40fd06918736e56"},
""
]
}
],
},
{
name: "AES Decrypt: AES-128-GCM, Binary, AAD",
input: "5a29debb5c5f38cdf8aee421bd94dbbf3399947faddf205f88b3ad8ecb0c51214ec0e28bf78942dfa212d7eb15259bbdcac677b4c05f473eeb9331d74f31d441d97d56eb5c73b586342d72128ca528813543dc0fc7eddb7477172cc9194c18b2e1383e4e",
expectedOutput: "7a0e643132750e96d805d11e9e48e281fa39a41039286423cc1c045e5442b40bf1c3f2822bded3f9c8ef11cb25da64dda9c7ab87c246bd305385150c98f31465c2a6180fe81d31ea289b916504d5a12e1de26cb10adba84a0cb0c86f94bc14bc554f3018",
recipeConfig: [
{
"op": "AES Decrypt",
"args": [
{"option": "Hex", "string": "51e201d463698ef5f717f71f5b4712af"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex",
{"option": "Hex", "string": "61cc4b70809452b0b3e38f913fa0a109"},
"additional data"
]
}
],
@ -981,7 +1088,25 @@ The following algorithms will be used based on the size of the key:
{"option": "Hex", "string": "6801ed503c9d96ee5f9d78b07ab1b295dba3c2adf81c7816"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex",
{"option": "Hex", "string": "86db597d5302595223cadbd990f1309b"}
{"option": "Hex", "string": "86db597d5302595223cadbd990f1309b"},
""
]
}
],
},
{
name: "AES Decrypt: AES-192-GCM, Binary, AAD",
input: "318b479d919d506f0cd904f2676fab263a7921b6d7e0514f36e03ae2333b77fa66ef5600babcb2ee9718aeb71fc357412343c1f2cb351d8715bb0aedae4a6468124f9c4aaf6a721b306beddbe63a978bec8baeeba4b663be33ee5bc982746bd4aed1c38b",
expectedOutput: "7a0e643132750e96d805d11e9e48e281fa39a41039286423cc1c045e5442b40bf1c3f2822bded3f9c8ef11cb25da64dda9c7ab87c246bd305385150c98f31465c2a6180fe81d31ea289b916504d5a12e1de26cb10adba84a0cb0c86f94bc14bc554f3018",
recipeConfig: [
{
"op": "AES Decrypt",
"args": [
{"option": "Hex", "string": "6801ed503c9d96ee5f9d78b07ab1b295dba3c2adf81c7816"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex",
{"option": "Hex", "string": "aeedf3e6ca4201577c0cf3e9ce58159d"},
"additional data"
]
}
],
@ -1077,7 +1202,25 @@ The following algorithms will be used based on the size of the key:
{"option": "Hex", "string": "2d767f6e9333d1c77581946e160b2b7368c2cdd5e2b80f04ca09d64e02afbfe1"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex",
{"option": "Hex", "string": "821b1e5f32dad052e502775a523d957a"}
{"option": "Hex", "string": "821b1e5f32dad052e502775a523d957a"},
""
]
}
],
},
{
name: "AES Decrypt: AES-256-GCM, Binary, AAD",
input: "1287f188ad4d7ab0d9ff69b3c29cb11f861389532d8cb9337181da2e8cfc74a84927e8c0dd7a28a32fd485afe694259a63c199b199b95edd87c7aa95329feac340f2b78b72956a85f367044d821766b1b7135815571df44900695f1518cf3ae38ecb650f",
expectedOutput: "7a0e643132750e96d805d11e9e48e281fa39a41039286423cc1c045e5442b40bf1c3f2822bded3f9c8ef11cb25da64dda9c7ab87c246bd305385150c98f31465c2a6180fe81d31ea289b916504d5a12e1de26cb10adba84a0cb0c86f94bc14bc554f3018",
recipeConfig: [
{
"op": "AES Decrypt",
"args": [
{"option": "Hex", "string": "2d767f6e9333d1c77581946e160b2b7368c2cdd5e2b80f04ca09d64e02afbfe1"},
{"option": "Hex", "string": "1748e7179bd56570d51fa4ba287cc3e5"},
"GCM", "Hex", "Hex",
{"option": "Hex", "string": "a8f04c4d93bbef82bef61a103371aef9"},
"additional data"
]
}
],

View File

@ -63,7 +63,8 @@ TestRegister.addTests([
{
"option": "Hex",
"string": ""
}
},
""
]
}
]