Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

CCSDS Cryptographic Algorithms Test Report

advertisement 
CCSDS
CRYPTOGRAPHIC
ALGORITHMS TEST
REPORT
DRAFT CCSDS RECORD
CCSDS 352.1-Y-1
Draft Yellow Book
November 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
FOREWORD
[Foreword text specific to this document goes here. The text below is boilerplate.]
Through the process of normal evolution, it is expected that expansion, deletion, or
modification of this document may occur. This document is therefore subject to CCSDS
document management and change control procedures, which are defined in the Procedures
Manual for the Consultative Committee for Space Data Systems. Current versions of CCSDS
documents are maintained at the CCSDS Web site:
http://www.ccsds.org/
Questions relating to the contents or status of this document should be addressed to the
CCSDS Secretariat at the address indicated on page i.
CCSDS 352.1-Y-1
Page i
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
At time of publication, the active Member and Observer Agencies of the CCSDS were:
Member Agencies
–
–
–
–
–
–
–
–
–
–
–
Agenzia Spaziale Italiana (ASI)/Italy.
British National Space Centre (BNSC)/United Kingdom.
Canadian Space Agency (CSA)/Canada.
Centre National d’Etudes Spatiales (CNES)/France.
China National Space Administration (CNSA)/People’s Republic of China.
Deutsches Zentrum für Luft- und Raumfahrt e.V. (DLR)/Germany.
European Space Agency (ESA)/Europe.
Federal Space Agency (FSA)/Russian Federation.
Instituto Nacional de Pesquisas Espaciais (INPE)/Brazil.
Japan Aerospace Exploration Agency (JAXA)/Japan.
National Aeronautics and Space Administration (NASA)/USA.
Observer Agencies
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
Austrian Space Agency (ASA)/Austria.
Belgian Federal Science Policy Office (BFSPO)/Belgium.
Central Research Institute of Machine Building (TsNIIMash)/Russian Federation.
Centro Tecnico Aeroespacial (CTA)/Brazil.
Chinese Academy of Sciences (CAS)/China.
Chinese Academy of Space Technology (CAST)/China.
Commonwealth Scientific and Industrial Research Organization (CSIRO)/Australia.
Danish National Space Center (DNSC)/Denmark.
European Organization for the Exploitation of Meteorological Satellites
(EUMETSAT)/Europe.
European Telecommunications Satellite Organization (EUTELSAT)/Europe.
Hellenic National Space Committee (HNSC)/Greece.
Indian Space Research Organization (ISRO)/India.
Institute of Space Research (IKI)/Russian Federation.
KFKI Research Institute for Particle & Nuclear Physics (KFKI)/Hungary.
Korea Aerospace Research Institute (KARI)/Korea.
MIKOMTEK: CSIR (CSIR)/Republic of South Africa.
Ministry of Communications (MOC)/Israel.
National Institute of Information and Communications Technology (NICT)/Japan.
National Oceanic and Atmospheric Administration (NOAA)/USA.
National Space Organization (NSPO)/Chinese Taipei.
Naval Center for Space Technology (NCST)/USA.
Space and Upper Atmosphere Research Commission (SUPARCO)/Pakistan.
Swedish Space Corporation (SSC)/Sweden.
United States Geological Survey (USGS)/USA.
CCSDS 352.1-Y-1
Page ii
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
DOCUMENT CONTROL
Document
Title and Issue
Date
Status
CCSDS
352.1-Y-1
CCSDS Cryptographic Algorithms
Test Report, Draft CCSDS Record,
Issue 1
November
2011
Current draft
CCSDS 352.1-Y-1
Page iii
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
CONTENTS
Section
Page
DOCUMENT CONTROL.................................................................................................... III
CONTENTS........................................................................................................................... IV
1 INTRODUCTION.......................................................................................................... 1-1
1.1 PURPOSE ............................................................................................................... 1-1
1.2 SCOPE .................................................................................................................... 1-1
1.3 APPLICABILITY ................................................................................................... 1-1
1.4 RATIONALE.......................................................................................................... 1-1
1.5 DOCUMENT STRUCTURE ................................................................................. 1-1
1.6 REFERENCES ....................................................................................................... 1-1
2 OVERVIEW ................................................................................................................... 2-1
3 ALGORITHM TESTING GOALS .............................................................................. 3-2
3.1 CONFIDENTIALITY ALGORITHMS ................................................................. 3-2
3.2 AUTHENTICATION ALGORITHMS .................................................................. 3-2
4 TEST PLAN DETAILS ................................................................................................. 4-4
4.1 CONFIDENTIALITY TEST CASE #1: AES COUNTER MODE TEST WITH
128-BIT KEY ......................................................................................................... 4-5
4.1.1 TEST DESCRIPTION ................................................................................ 4-6
4.1.2 EXPECTED RESULTS .............................................................................. 4-6
4.2 CONFIDENTIALITY TEST CASE #2: AES COUNTER MODE TEST WITH
192-BIT KEY ......................................................................................................... 4-7
4.2.1 TEST DESCRIPTION ................................................................................ 4-7
4.2.2 EXPECTED RESULTS .............................................................................. 4-7
4.3 CONFIDENTIALITY TEST CASE #3: AES COUNTER MODE TEST WITH
256-BIT KEY ......................................................................................................... 4-7
4.3.1 TEST DESCRIPTION ................................................................................ 4-7
4.3.2 EXPECTED RESULTS .............................................................................. 4-8
4.4 CONFIDENTIALITY TEST CASE #4: AES GCM TEST WITH 128-BIT KEY 4-8
4.4.1 TEST DESCRIPTION ................................................................................ 4-8
4.4.2 EXPECTED RESULTS .............................................................................. 4-8
4.5 CONFIDENTIALITY TEST CASE #5: AES GCM TEST WITH 192-BIT KEY 4-9
4.5.1 TEST DESCRIPTION ................................................................................ 4-9
4.5.2 EXPECTED RESULTS .............................................................................. 4-9
4.6 CONFIDENTIALITY TEST CASE #6: AES GCM TEST WITH 256-BIT KEY 4-9
4.6.1 TEST DESCRIPTION ................................................................................ 4-9
4.6.2 EXPECTED RESULTS ............................................................................ 4-10
4.7 CONFIDENTIALITY TEST CASE #7: AES ECB TEST WITH 128-BIT KEY . 4-5
4.7.1 TEST DESCRIPTION ................................................................................ 4-5
4.7.2 EXPECTED RESULTS .............................................................................. 4-5
4.8 CONFIDENTIALITY TEST CASE #8: AES ECB WITH 192-BIT KEY ............ 4-5
4.8.1 TEST DESCRIPTION ................................................................................ 4-5
4.8.2 EXPECTED RESULTS .............................................................................. 4-5
4.9 CONFIDENTIALITY TEST CASE #9: AES ECB WITH 256-BIT KEY ............ 4-5
CCSDS 352.1-Y-1
Page iv
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.9.1 TEST DESCRIPTION ................................................................................ 4-5
4.9.2 EXPECTED RESULTS .............................................................................. 4-6
4.10 AUTHENTICATION TEST CASE #1: HMAC AUTHENTICATION WITH SHA256
4-10
4.10.1 TEST DESCRIPTION .............................................................................. 4-10
4.10.2 EXPECTED RESULTS ............................................................................ 4-11
4.11 AUTHENTICATION TEST CASE #2: CMAC AUTHENTICATION WITH AES
USING A 128-BIT KEY ...................................................................................... 4-11
4.11.1 TEST DESCRIPTION .............................................................................. 4-11
4.11.2 EXPECTED RESULTS ............................................................................ 4-11
4.12 AUTHENTICATION TEST CASE #3: CMAC AUTHENTICATION WITH AES
USING A 192-BIT KEY ...................................................................................... 4-11
4.12.1 TEST DESCRIPTION .............................................................................. 4-11
4.12.2 EXPECTED RESULTS ............................................................................ 4-12
4.13 AUTHENTICATION TEST CASE #4: CMAC AUTHENTICATION WITH AES
USING A 256-BIT KEY ...................................................................................... 4-12
4.13.1 TEST DESCRIPTION .............................................................................. 4-12
4.13.2 EXPECTED RESULTS ............................................................................ 4-12
4.14 AUTHENTICATION TEST CASE #5: DIGITAL SIGNATURE
AUTHENTICATION ........................................................................................... 4-12
4.14.1 TEST DESCRIPTION .............................................................................. 4-12
4.14.2 EXPECTED RESULTS ............................................................................ 4-13
5 TEST RESULTS .......................................................................................................... 5-14
5.1 CONFIDENTIALITY TEST RESULTS.............................................................. 5-14
5.2 AUTHENTICATION TEST RESULTS .............................................................. 5-14
Table
Page
Table 1- Confidentiality Algorithm Tests .............................................................................. 4-4
Table 2- Authentication/Integrity Algorithm Tests ............................................................... 4-4
CCSDS 352.1-Y-1
Page v
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
1
1.1
INTRODUCTION
PURPOSE
The purpose of this document is to describe the prototype testing to be conducted for the
CCSDS Cryptographic Algorithms specified in CCSDS 353.0-B-1 (reference [1]).
1.2
SCOPE
The scope of this document is the testing of the CCSDS cryptographic algorithms to provide
confidentiality, authentication, and integrity for spacecraft and ground systems.
1.3
APPLICABILITY
The CCSDS Cryptographic Algorithms will be used to provide data confidentiality,
command authentication, and data/command integrity. The algorithms may be Agencyimplemented for specific missions, may be government produced, may be open source, or
may be purchased as commercial-off-the-shelf products. In any case, the algorithms must be
shown to be in conformance with their respective specifications, must be proven to be bug
and malware free, and must be proven to be interoperable with other implementations of the
same algorithm.
1.4
RATIONALE
The CCSDS Procedures Manual states that for a Recommendation to become a Blue Book,
the standard must be tested in an operational manner. The following requirement for an
implementation exercise were excerpted from reference [2]:
“At least two independent and interoperable prototypes or implementations must have
been developed and demonstrated in an operationally relevant environment, either real
or simulated.”
This document outlines the Security Working Group’s approach to meeting this requirement.
1.5
DOCUMENT STRUCTURE
This document describes the testing that must be accomplished to allow the CCSDS
Cryptographic Algorithms to proceed forward as a Recommendation.
1.6
REFERENCES
The following documents are referenced in this document. At the time of publication, the
editions indicated were valid. All documents are subject to revision, and users of this
CCSDS 352.1-Y-1
Page 1-1
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
document are encouraged to investigate the possibility of applying the most recent editions of
the documents indicated below. The CCSDS Secretariat maintains a register of currently
valid CCSDS documents.
[1] CCSDS Cryptographic Algorithms. CCSDS 352.0-B-1.
Washington DC: CCSDS, November 2012.
Blue Book.
Issue 1.
[2] Procedures Manual for the Consultative Committee for Space Data Systems, CCSDS
A00.0-Y-9. Yellow Book. Issue 9. Washington DC: CCSDS, November 2003.
[3] Advanced Encryption Standard (AES). Federal Information Processing Standards
Special
Publication
197.
Gaithersburg,
Maryland:
NIST,
2001.
http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
[4] NIST, The Keyed Hash Message Authentication Code, Federal Information
Processing Standard 198-1 (FIPS-198-1), U.S. National Institute of Standards and
Technology
(NIST),
http://csrc.nist.gov/publications/fips/fips198-1/FIPS-1981_final.pdf, July 2008.
[5] NIST, Digital Signature Standard, Federal Information Processing Standard 186-3,
U.S.
National
Institute
of
Standards
and
Technology
(NIST),
http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf, June 2009.
[6] Dworkin, M.
Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC. National Institute of Standards and
Technology Special Publication 800-38D. Gaithersburg, Maryland: NIST, November
2007. http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
[7] Dworkin, M.; Recommendation for Block Cipher Modes of Operation: The CMAC
Mode for Authentication; NIST Special Publication 800-38B; National Institute of
Standards and Technology (NIST); http://csrc.nist.gov/publications/nistpubs/80038B/SP_800-38B.pdf; May 2005.
[8] Dworkin, M. Recommendation for Block Cipher Modes of Operation: Methods and
Techniques. National Institute of Standards and Technology Special Publication 80038A.
Gaithersburg,
Maryland:
NIST,
2001.
http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf.
[9] Bassham, L.; The Advanced Encryption Standard Algorithm Validation Suite
(AESAVS); National Institute of Standards and Technology; Nov 2002;
http://csrc.nist.gov/groups/STM/cavp/documents/aes/AESAVS.pdf
[10]
Hall, T; The FIPS 186-3 Digital Signature Algorithm Validation System
(DSA2VS); National Institute of Standards and Technology; June 2011;
http://csrc.nist.gov/groups/STM/cavp/documents/dss2/dsa2vs.pdf
CCSDS 352.1-Y-1
Page 1-2
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
[11]
Keller, S; The RSA Validation System (RSAVS); National Institute of
Standards
and
Technology;
Nov
2004;
http://csrc.nist.gov/groups/STM/cavp/documents/dss/RSAVS.pdf
[12]
Keller, S; The 186-3 RSA Validation System (RSA2VS); National Institute of
Standards
and
Technology;
June
2011;
http://csrc.nist.gov/groups/STM/cavp/documents/dss2/rsa2vs.pdf
[13]
Bassham, L; The Secure Hash Algorithm Validation System (SHAVS);
National
Institute
of
Standards
and
Technology;
July
2004;
http://csrc.nist.gov/groups/STM/cavp/documents/shs/SHAVS.pdf
[14]
Keller, S; The CMAC Validation System (CMACVS); National Institute of
Standards
and
Technology;
Aug
2011;
http://csrc.nist.gov/groups/STM/cavp/documents/mac/CMACVS.pdf
[15]
Hall, L; Keller, S; The Galois/Counter Mode (GCM) and GMAC Validation
System (GCMVS); National Institute of Standards and Technology; Feb 2009;
http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmvs.pdf
[16]
Bassham, L; The Keyed-Hash Message Authentication Code Validation
System (HMACVS); National Institute of Standards and Technology; Dec 2004;
http://csrc.nist.gov/groups/STM/cavp/documents/mac/HMACVS.pdf
CCSDS 352.1-Y-1
Page 1-3
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
2
OVERVIEW
This CCSDS Cryptographic Algorithms test plan describes the manner in which algorithm
testing will be accomplished. It describes the manner in which the algorithms are to be
implemented, keyed, and data exchanged between the testing parties to determine if the
algorithms are performing as expected.
The CCSDS Procedures Manual requires that testing be performed in an “operational-like”
setting. However, in this case, we are testing “raw” algorithms and not flight systems. This
plan provides the details to test the cryptographic algorithms to ensure their correctness and
interoperation. We propose that an independent algorithm implementation is used to encrypt
data and another independent implementation is used to decrypt it. This would be performed
using all the recommended modes for encryption.
Likewise, for authentication one independent algorithm implementation is used to create a
message authentication code (MAC) with a different independent algorithm implementation
used to verify the MAC. Testing in this manner is performed for all of the specified
authentication algorithms: HMAC, CMAC, and RSA Digital Signature.
This testing could be performed in a single laboratory by one tester using multiple
implementations of each algorithm under test. However, optimally the testing should be
conducted at multiple sites via the internet potentially using something as simple as email to
send encrypted or MAC’d data between the testing parties which would then be fed into the
various independent algorithm implementations. For example, Test Agent A at site X could
encrypt data using AES/GCM using a pre-distributed key. Test Agent A would email the
ciphertext as an attachment to Test Agent B at site Y. Using the pre-distributed key and a
different implementation of AES/GCM than used by Test Agent A, Test Agent B would
attempt to decrypt the ciphertext. If the resulting plaintext (agreed to in advance by both
testing agents) is an exact match, the test passes.
In a more elaborate testing setup, the test sites could be interconnected and a simple network
application could be used to provide the test framework of encrypting/authentication data,
transmitting it, and on the receiving end, decrypting/authenticating the data.
CCSDS 352.1-Y-1
Page 2-1
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
3
ALGORITHM TESTING GOALS
All algorithm implementations must conform to their respective specifications.
AES must be shown to be conformant with FIPS Pub 197 (reference [3]) and tested in
accordance with reference [9] .
AES/GCM must be shown to be conformant with FIPS Pub 800-38D (reference [6] and
tested in accordance with reference [15].
HMAC must be shown to be conformant with FIPS Pub 198-1 (reference [4]) and tested in
accordance with reference [16].
CMAC must be shown to be conformant with FIPS Pub 800-38B (reference [7]) and tested in
accordance with reference [14].
RSA Digital Signature must be shown to be conformant with FIPS Pub 186-3 (reference [5])
and tested in accordance with references [10], [11], and [12].
For reference, test vectors for each of the respective algorithms may be obtained from the
National
Institute
of
Standards
and
Technology:
http://csrc.nist.gov/groups/STM/cavp/index.html.
3.1
CONFIDENTIALITY ALGORITHMS
The CCSDS confidentiality algorithms will be tested to confirm that independent
implementations can successfully interoperate in the cryptographic modes specified in
CCSDS 353.0-B-1 (reference [1]).
Testing will confirm that the implementations of the AES algorithm will support multiple
key sizes. Specifically they must support 128-bit, 192-bit, and 256-bit size keys. Testing
will be carried out using all three key sizes in electronic code book mode to confirm the
correct operation of the base AES algorithm.
Testing will also confirm that the implementations of AES operate correctly in counter mode.
Testing will be carried out using all three key sizes with AES in counter mode (reference
[8]).
To confirm that authenticated encryption operates correctly, AES will be tested using the
Galois/Counter Mode (GCM). Again, all three key sizes will be tested with AES in GCM
mode (reference [6]).
3.2
AUTHENTICATION ALGORITHMS
The CCSDS authentication algorithms will be tested to confirm that independent
implementations can successfully interoperate.
Three authentication algorithms are specified in CCSDS 353.0-B-1 (reference [1]).
CCSDS 352.1-Y-1
Page 3-2
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
For hash-based authentication, testing will confirm that the implementations of HMAC
utilize the SHA-256 hash algorithm and interoperate (reference [4]). Testing will be carried
out using a reference test key known to the testing parties. Testing will be carried out
without truncation of the resulting MAC.
For cryptographic-based authentication, testing will confirm that the implementations of
CMAC are interoperable (reference [7]).
For digital signature-based authentication, testing will confirm that the implementations
utilize the RSA Digital Signature Algorithm (DSA) (reference [5]) and that they are
interoperable.
CCSDS 352.1-Y-1
Page 3-3
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4
TEST PLAN DETAILS
Table 1 synopsizes the tests to be performed on the confidentiality algorithm and modes.
#
Confidentiality
Algorithm
Mode
Key Size
1
AES
ECB
128
2
AES
ECB
192
3
AES
ECB
256
4
AES
Counter
128
5
AES
Counter
192
6
AES
Counter
256
7
AES
GCM
128
8
AES
GCM
192
9
AES
GCM
256
Table 1- Confidentiality Algorithm Tests
Table 2 synopsizes the tests to be performed on the authentication/integrity algorithms.
#
Authentication/Integrity
Algorithm
Mode
Key Size
MAC
Length
1
HMAC w/SHA-256
w/o truncation
256
256
2
CMAC w/AES
N/A
128
128
3
CMAC w/AES
N/A
192
128
4
CMAC w/AES
N/A
256
128
5
Digital Signature
RSA
2048
-
Table 2- Authentication/Integrity Algorithm Tests
CCSDS 352.1-Y-1
Page 4-4
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.1
CONFIDENTIALITY TEST CASE #1: AES ECB TEST WITH 128-BIT KEY
4.1.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt plaintext data using a 128-bit
test key. The resultant cipher text will be sent to one or more recipient testers either via a
network connection, via email, or some other agreed-to method. The recipient tester(s) will
use the same 128-bit test key to decrypt the cipher text.
128-bit Plaintext input data: 00112233445566778899aabbccddeeff
128-Bit Key: 000102030405060708090a0b0c0d0e0f
4.1.2 EXPECTED RESULTS
If the resultant plain text matches, the AES ECB encryption/decryption test is successful.
4.2
CONFIDENTIALITY TEST CASE #2: AES ECB WITH 192-BIT KEY
4.2.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt data using a 192-bit test key.
The resultant cipher text will be sent to one or more recipient testers either via a network
connection, via email, or some other agreed-to method. The recipient tester(s) will use the
same 192-bit test key.
128-bit Plaintext input data: 00112233445566778899aabbccddeeff
192-bit Key: 000102030405060708090a0b0c0d0e0f1011121314151617
4.2.2 EXPECTED RESULTS
If the resultant plain text matches, the AES ECB encryption/decryption test is successful.
4.3
CONFIDENTIALITY TEST CASE #3: AES ECB WITH 256-BIT KEY
4.3.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt plaintext data using a 256-bit
test key. The resultant cipher text will be sent to one or more recipient testers either via a
CCSDS 352.1-Y-1
Page 4-5
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
network connection, via email, or some other agreed-to method. The recipient tester(s) will
use the same 256-bit test key to decrypt the cipher text.
128-bit Plaintext input data: 00112233445566778899aabbccddeeff
256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
4.3.2 EXPECTED RESULTS
If the resultant plain text matches, the AES ECB encryption/decryption test is successful.
4.4
CONFIDENTIALITY TEST CASE #4: AES COUNTER MODE TEST WITH
128-BIT KEY
4.4.1 TEST DESCRIPTION
Two or more testers may participate.
One tester will encrypt plaintext data using a 128-bit test key and a 128-bit IV using AES in
Counter Mode. The resultant cipher text will be sent to one or more recipient testers either
via a network connection, via email, or some other agreed-to transfer method. The recipient
tester(s) will use the same 128-bit test key and 128-bit IV to decrypt the cipher text.
1024-bit Plaintext input data:
2b9179d21cb884581b0e4f462455167f1f7899717245d4aed3d8db5983daccccebfc
2130a20c284563bea5997cc0438c83d8fa7bb9e3588efed285a0fcc31456dc9a3122
b97bb22f7edc36973475925828c323565e417ec95190db63b21881016b5332f2e400
bb4724c86a8ee0247149370ee5412f743dc6bf7ca5bcc31afa0f
128-Bit Key: 000102030405060708090a0b0c0d0e0f
128-bit IV: 00112233445566778899010203040506
4.4.2 EXPECTED RESULTS
If the resultant plain text matches, the AES counter mode encryption/decryption test is
successful.
CCSDS 352.1-Y-1
Page 4-6
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.5
CONFIDENTIALITY TEST CASE #5: AES COUNTER MODE TEST WITH
192-BIT KEY
4.5.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt platintext data using a 192-bit
test key and a 128-bit IV using AES in Counter Mode. The resultant cipher text will be sent
to one or more recipient testers either via a network connection, via email, or some other
agreed-to method. The recipient tester(s) will use the same 192-bit test key and 128-bit IV to
decrypt the cipher text.
1024-bit Plaintext input data:
7f4e4f11091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719
aab7dc2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e
501440134e04e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c
299c325c8a7cc1de9174f544bc60828c1eebad49287caa4108a0
192-bit Key: 000102030405060708090a0b0c0d0e0f1011121314151617
128-bit IV: 00112233445566778899010203040506
4.5.2 EXPECTED RESULTS
If the resultant plain text matches, the AES counter mode encryption/decryption test is
successful.
4.6
CONFIDENTIALITY TEST CASE #6: AES COUNTER MODE TEST WITH
256-BIT KEY
4.6.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt plaintext data using a 256-bit
test key and 128-bit IV using AES in Counter Mode. The resultant cipher text will be sent to
one or more recipient testers either via a network connection, via email, or some other agreeto method. The recipient tester(s) will use the same 256-bit test key and 128-bit IV to
decrypt the cipher text.
1024-bit Plaintext input data:
bc7aa1b735a5f465cffeccd8dd4b0a33a571e9f006dc63b2a6f4df272a673bb2cc00
e603248ab6be5627eebc10934fe4d1dc5cd120a475936eefa2c7bddea9f36c6c794d
2c6bd2594094e56cac12d8f03e38f222a7ee4fc6c2adffe71c9c13003e301c31ff3a
0405dde89bb213044d41782c4bb4eb3c262595d1c0e00522047c
256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
128-bit IV: 00112233445566778899010203040506
CCSDS 352.1-Y-1
Page 4-7
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.6.2 EXPECTED RESULTS
If the resultant plain text matches, the AES counter mode encryption/decryption test is
successful.
4.7
CONFIDENTIALITY TEST CASE #7: AES GCM TEST WITH 128-BIT KEY
4.7.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt and authenticate plaintext data
using a 128-bit test key and 96-bit IV using AES GCM with a 128-bit authentication tag.
The Additional Authenticated Data (AAD) will be authenticated and not encrypted. The
resultant cipher text and authentication tag will be sent to one or more recipient testers either
via a network connection, via email, or some other agreed-to method. The recipient tester(s)
will use the same 128-bit test key to decrypt and authenticate the cipher text. The AAD will
be authenticated without decryption.
1024-bit Plaintext input data:
9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68
c040f2328009fffe62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf4
1cce0d523016ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3d
a881481f46f21dda62e3e4c898bb9f819b22f816b7c4e2fb6729
1024-bit Additional Authenticated Data:
45fa52a0e8321d82caea95bd9506f7331923e2aa95e9238908f3ff30e17a96389dfe
a75e225e34e1605354eaaf999a950f469c6e2e8722da5ad9daded6722baca00e5d1b
8e63266ad1b42cae161b9c089f4ffdfbbaa2f1fb0245d1a4c306d46e215e8c6c6ae3
7652a8f6016f92adb7695d40bde8c202ab9c2d70a96220b4b01b
128-Bit Key: 000102030405060708090a0b0c0d0e0f
96-bit IV: 001122334455667788990102
4.7.2 EXPECTED RESULTS
If the resultant plain text matches, the AES GCM encryption/decryption test is successful.
If the resultant authentication tag matches, the AES GCM authentication test is successful.
CCSDS 352.1-Y-1
Page 4-8
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.8
CONFIDENTIALITY TEST CASE #8: AES GCM TEST WITH 192-BIT KEY
4.8.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt data using a 192-bit test key
and a 96-bit IV using AES in GCM with a 128-bit authentication tag. The Additional
Authenticated Data (AAD) will be authenticated and not encrypted. The resultant cipher text
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed-to method. The recipient tester(s) will use the same 192-bit test key and
128-bit IV to decrypt and authenticate the cipher text. The AAD will be authenticated
without decryption.
1024-bit Plaintext input data:
d406138587fbcb498e8ec37f0f3d7f6b2faa02e6880424e74cdba67ae3468b6823d3
7fd917a7fede6b34a2f0fc47c520e4088766ba82a989f0d8051a3a80cc8b1e3e1e2b
1c6620b90e99b27e65951aeb3936263fc2f76c1c8effa742f53987f8a38c731a411f
a53b9f6c81340e0d7ce395c4190b364d9188dc5923f3126546c3
1024-bit Additional Authenticated Data:
756cf485b6a8e672d90d930a653c69fdbf260d3ea18cd3d0c02175d3966a88b70ab8
235d998b745a0eb6a5c92899f41e8c0b7aa4ec132c8cbb1bac97a45766a03923c9b9
3c2a055abd0127a83f81e6df603a375ca8cc1a2ee0a8b7fd226226b0b19bd2e81f73
c34dfafa4fcea08dd93dd4ab7e4b437408af91bff566068a5f34
192-bit Key: 000102030405060708090a0b0c0d0e0f1011121314151617
96-bit IV: 001122334455667788990102
4.8.2 EXPECTED RESULTS
If the resultant plain text matches, the AES GCM encryption/decryption test is successful.
If the resultant authentication tag matches, the AES GCM authentication test is successful.
4.9
CONFIDENTIALITY TEST CASE #9: AES GCM TEST WITH 256-BIT KEY
4.9.1 TEST DESCRIPTION
Two or more testers may participate. One tester will encrypt plaintext data using a 256-bit
test key and 96-bit IV using AES GCM with a 128-bit authentication tag. The Additional
Authenticated Data (AAD) will be authenticated and not encrypted. The resultant cipher text
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed-to method. The recipient tester(s) will use the same 256-bit test key to
decrypt and authenticate the cipher text. The AAD will be authenticated without decryption.
CCSDS 352.1-Y-1
Page 4-9
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
1024-bit Plaintext input data:
bfc89d5049a5b4015c9eb64fdaf9fe9f4be7229e67c713a7b368f0550b3a5e12ba3a
4399c64f60b7157e1b289b154a494deadecff0d0686ab44fae2a34ae4cb120a7f002
68ab551f41c16a05f8999157be1103464127a8a9bccf736c32db045124178c90472e
664d8e67a2ade0efe9a3b048c453d2fb5292dd8d29e62d52c5b5
1024-bit Additional Authenticated Data:
335cc5c8fb5920b09e0263133eb481fd97f8d9f29db8689fb63034bc40959a176ccd
ca6725e1f94f822e4d871138fc39776fbe062f07bf80e5c8891c2e1007efeb77c158
ced8d6c002b04442ed35c40a2187a59c02339c05762942208e3be964736a431017f4
72dfd5fdaf8fb8c645cdb684f9632057b9eb755253b4b75e3688
256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
96-bit IV: 001122334455667788990102
4.9.2 EXPECTED RESULTS
If the resultant plain text matches, the AES GCM encryption/decryption test is successful.
If the resultant authentication tag matches, the AES GCM authentication test is successful.
4.10 AUTHENTICATION TEST CASE #1: HMAC AUTHENTICATION WITH
SHA-256
4.10.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create a Message Authentication Code
(MAC) over a data set using a 256-bit test key using HMAC with SHA-256. The resultant
MAC will be sent to one or more recipient testers either via a network connection, via email,
or some other agreed-to method. The recipient tester(s) will use the same 256-bit test key to
verify the authenticity of the MAC.
Test Data: Mary had a little lamp whose fleece was white as snow
256-bit Key: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
CCSDS 352.1-Y-1
Page 4-10
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.10.2 EXPECTED RESULTS
If the MAC is verified, the HMAC/SHA-256 test is successful.
4.11 AUTHENTICATION TEST CASE #2: CMAC AUTHENTICATION WITH AES
USING A 128-BIT KEY
4.11.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create a Message Authentication Code
(MAC) over a data set using a 128-bit test key using CMAC with AES. The resultant MAC
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed-to method. The recipient tester(s) will use the same 128-bit test key to
verify the authenticity of the MAC.
Test Data: Mary had a little lamb whose fleece was white as snow
128-bit Key: 2b7e151628aed2a6abf7158809cf4f3c
4.11.2 EXPECTED RESULTS
If the MAC is verified, the CMAC/AES/128 test is successful.
4.12 AUTHENTICATION TEST CASE #3: CMAC AUTHENTICATION WITH AES
USING A 192-BIT KEY
4.12.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create a Message Authentication Code
(MAC) over a data set using a 192-bit test key using CMAC with AES. The resultant MAC
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed-to method. The recipient tester(s) will use the same 192-bit test key to
verify the authenticity of the MAC.
Test Data: Mary had a little lamb whose fleece was white as snow
192-bit Key: 8e73b0f7da0e6452c810f32b809079e562f8ead2522c6b7b
CCSDS 352.1-Y-1
Page 4-11
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.12.2 EXPECTED RESULTS
If the MAC is verified, the CMAC/AES/192 test is successful.
4.13 AUTHENTICATION TEST CASE #4: CMAC AUTHENTICATION WITH AES
USING A 256-BIT KEY
4.13.1 TEST DESCRIPTION
Two or more testers may participate. One tester will create an Message Authentication Code
(MAC) over a data set using a 256-bit test key using CMAC with AES. The resultant MAC
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed-to method. The recipient tester(s) will use the same 256-bit test key to
verify the authenticity of the MAC.
Test Data: Mary had a little lamb whose fleece was white as snow
256-bit Key: 603deb1015ca71be2b73aef0857d77811f352c073b6108d72d9810a30914dff4
4.13.2 EXPECTED RESULTS
If the MAC is verified, the CMAC/AES/256 test is successful.
4.14 AUTHENTICATION TEST CASE #5: DIGITAL SIGNATURE
AUTHENTICATION
4.14.1 TEST DESCRIPTION
Two or more testers may participate. All testers involved must first obtain or generate a
public/private key pair of 2048 bits. The public keys of all involved testers must be shared
either directly, via a public key server, pre-cached, or by some other means determined by
the testers.
One tester will use the RSA Digital Signature Algorithm with the SHA-256 hash to digitally
sign a test data set using the tester’s private key. The resultant digitally signed data will be
sent to one or more recipient testers either via a network connection, via email, or some other
agreed-to method. The recipient tester(s) will use the signer’s public key to verify the
authenticity of the data.
Test Data: Mary had a little lamb whose fleece was white as snow
Test Key: 2048-bit generated RSA public/private key pairs
CCSDS 352.1-Y-1
Page 4-12
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
4.14.2 EXPECTED RESULTS
If the digital signature is verified, the Digital Signature Authentication test is successful.
CCSDS 352.1-Y-1
Page 4-13
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
5
TEST RESULTS
5.1
CONFIDENTIALITY TEST RESULTS
CONFIDENTIALITY
TEST #
CONFIDENTIALITY
ALGORITHM
ALGORITHM
MODE
KEY SIZE
TEST RESULT
1
AES
Counter
128
Passed
2
AES
Counter
192
Passed
3
AES
Counter
256
Passed
4
AES
GCM
128
Passed
5
AES
GCM
192
Passed
6
AES
GCM
256
Passed
7
AES
ECB
128
Passed
8
AES
ECB
192
Passed
9
AES
ECB
256
Passed
5.2
AUTHENTICATION TEST RESULTS
AUTH
TEST #
AUTHENTICATION
ALGORITHM
ALGORITHM
MODE
KEY
SIZE
MAC
LENGTH
TEST RESULT
1
HMAC w/SHA-256
No truncation
256
256
Passed
2
CMAC w/AES
N/A
128
128
Passed
3
CMAC w/AES
N/A
192
128
Passed
4
CMAC w/AES
N/A
256
128
Passed
5
DIGITAL
SIGNATURE
RSA
2048
-
Passed
CCSDS 352.1-Y-1
Page 5-14
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
ANNEX A
TEST RESULTS
A.1 SOFTWARE
Two independent implementations have been used for each test case:
a) Several Perl-Scripts, based on Perl modules published on cpan (www.cpan.org).
a. Confidentiality test cases #1 - #6: AES_ECB_CTR.pl
b. Confidentiality test cases #7 - #9: AES_GCM.pl
c. Authentication test case #1: HMAC.pl
d. Authentication test cases #2 - #4: CMAC.pl
e. Authentication test case #5: Digital_Signature.pl
b) A Java-Program named ccsds_sec.sh covering all the different algorithms and
modes, based on Java Bouncy Castle Crypto API (www.bouncycastle.org).
All tests have been performed under Linux openSUSE 12.1.
A.2 DESCRIPTION OF THE TESTS
A.2.1 CONFIDENTIALITY ALGORITHMS AND MODES (CONFIDENTIALITY
TEST CASES #1 - #9)
For all these test cases, the following aspects have been tested:
a) Encryption of the plaintext using implementation #1, afterwards decryption of the
resulting cipher text by also using implementation #1.
When the resultant plain text matched the original text, the encryption/decryption test
was successful.
b) Same as described in a) but using implementation #2.
When the resultant plain text matched the original text, the encryption/decryption test
was successful.
c) Comparison of the cipher texts gained by the two different implementations.
When the two resultant cipher texts matched, the test was successful.
For confidentiality test cases #7 - #9 (AES GCM) there has been an additional test:
d) Comparison of the authentication tags gained by the two different implementations.
When the two resultant authentication tags matched, the test was successful.
To show interoperability, the two following tests have been performed:
e) Encryption of the plaintext by using implementation #1 and decryption of the resulting
cipher text by using implementation #2.
When the resultant plain text matched the original text, the interoperability
encryption/decryption test was successful.
f) Same as described in e) but using implementation #2 for encryption and
implementation #1 for decryption.
When the resultant plain text matched the original text, the interoperability
encryption/decryption test was successful.
CCSDS 352.1-Y-1
Page 15
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
A.2.2 AUTHENTICATION / INTEGRITY ALGORITHMS (AUTHENTICATION
TEST CASES #1 - #5)
For authentication test cases #1 - #4, the following aspects have been tested:
a) A Message Authentication Code (MAC) was computed over a data set using
implementation #1.The authenticity of the MAC was verified by using the same key
but implementation #2.
When the MAC could be verified, the test was successful.
b) Same as described in a) but using implementation #2 for computing the MAC and
implementation #1 for verifying.
When the MAC could be verified, the test was successful.
For authentication test case #5 (Digital Signature), the following aspects have been tested:
c) A Message Digest was computed over the plaintext using the specified hash function.
Afterwards a digital signature was created by applying the tester`s private key and
using implementation #1. In a second step, the signature was verified by using
implementation #1 together with the tester`s public key.
When the signature could be verified, the test was successful.
d) Same as described in c) but using implementation #2.
When the signature could be verified, the test was successful.
To show interoperability, the two following tests have been performed:
e) A Message Digest was computed over the plaintext using the specified hash function.
Afterwards a digital signature was created by applying the tester`s private key and
using implementation #1. In a second step, the signature was verified by using
implementation #2 together with the tester`s public key.
When the signature could be verified, the interoperability test was successful.
f) Same as described in e) but using implementation #2 for signing and implementation
#1 for verifying.
When the signature could be verified, the interoperability test was successful.
.
CCSDS 352.1-Y-1
Page 16
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN
Table A-1 synopsizes the tests on the confidentiality algorithm and modes (Confidentiality test cases #1 - #9). Successful tests are marked with “x”.
#
Confidentiality
Algorithm
Mode
Key Size
Test a)
Test b)
Test c)
Test d)
Test e)
Test f)
1
AES
ECB
128
x
x
x
N/A
x
x
2
AES
ECB
192
x
x
x
N/A
x
x
3
AES
ECB
256
x
x
x
N/A
x
x
4
AES
Counter (CTR)
128
x
x
x
N/A
x
x
5
AES
Counter (CTR)
192
x
x
x
N/A
x
x
6
AES
Counter (CTR)
256
x
x
x
N/A
x
x
7
AES
GCM
128
x
x
x
x
x
x
8
AES
GCM
192
x
x
x
x
x
x
9
AES
GCM
256
x
x
x
x
x
x
CCSDS 352.1-Y-1
Page 17
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN
Table A-2 synopsizes the tests on the authentication / integrity algorithms (Authentication test cases #1 - #5). Successful tests are marked with “x”.
#
Authentication/Integrity
Algorithm
Mode
Key
Size
MAC
Length
Hash
Function
Test
a)
Test
b)
Test
c)
Test
d)
Test
e)
Test
f)
1
HMAC w/SHA-256
w/o
truncation
256
256
-
x
x
N/A
N/A
N/A
N/A
2
CMAC w/AES
N/A
128
128
-
x
x
N/A
N/A
N/A
N/A
3
CMAC w/AES
N/A
192
128
-
x
x
N/A
N/A
N/A
N/A
4
CMAC w/AES
N/A
256
128
-
x
x
N/A
N/A
N/A
N/A
5a
Digital Signature
RSA
2048
-
SHA-256
N/A
N/A
x
x
x
x
5b
Digital Signature
RSA
2048
-
SHA-512
N/A
N/A
x
x
x
x
CCSDS 352.1-Y-1
Page 18
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
A.3 EXAMPLES FOR CONFIDENTIALITY TESTING
A.3.1 CONFIDENTIALITY TEST CASE #3: AES ECB TEST WITH 256-BIT KEY
A.3.1.1 IMPLEMENTATION #1
richter@rbod099:~/Algorithms_Tests_final/Skripte> ./AES_ECB_CTR.pl
Please choose the algorithm - aes128, aes192 or aes256 is possible!
aes256
Chosen algorithm: aes256
Please choose the mode - ecb or ctr is possible!
ecb
Chosen mode: ecb
Key_hex: 000102030405060708090a0b0c0d0e0f101112131415161718191A1B1C1D1E1F
Reading in cleartext:
Length(/home/richter/Algorithms_Tests_final/Cleartext_ecb.hex) = 16
open(/home/richter/Algorithms_Tests_final/Cleartext_ecb.hex) = 1
16 Bytes read
Cleartext_Hex: 00112233445566778899aabbccddeeff
Encrypted Message:
8ea2b7ca516745bfeafc49904b496089
Writing encrypted message in file.
open(/home/richter/Algorithms_Tests_final/aes256_ecb_ciphertext.hex) = 1
Length(/home/richter/Algorithms_Tests_final/aes256_ecb_ciphertext.hex) =
16
Decryption:
Decrypted Message: 00112233445566778899aabbccddeeff
A.3.1.2 IMPLEMENTATION #2
---------------------------------------------------------------------------- TEST REPORT AES_ECB_256: AES/ECB/NoPadding Encryption 256 bits key ---------------------------------------------------------------------------- GENERATED ON: 2012.03.28 17:41:01
- PROVIDER: BC
- OPMODE: Encryption
- ALGORITHM: AES
- MODE: ECB
- PADDING: NoPadding
- KEY (256 BITS):
000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
- UNENCRYPTED MSG [BASE64]: ABEiM0RVZneImaq7zN3u/w==
- UNENCRYPTED MSG
[HEX]: 00112233445566778899aabbccddeeff
- ENCRYPTED MSG [BASE64]: jqK3ylFnRb/q/EmQS0lgiQ==
- ENCRYPTED MSG
[HEX]: 8ea2b7ca516745bfeafc49904b496089
---------------------------------------- END OF TEST REPORT AES_ECB_256 ---------------------------------------------------------------------------------------------------------------------- TEST REPORT AES_ECB_256_DECR: AES/ECB/NoPadding Decryption 256 bits
key --
CCSDS 352.1-Y-1
Page A-1
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
----------------------------------------------------------------------------- GENERATED ON: 2012.12.03 14:37:26
- PROVIDER: BC
- OPMODE: Decryption
- ALGORITHM: AES
- MODE: ECB
- PADDING: NoPadding
- KEY (256 BITS):
000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
- ENCRYPTED MSG [BASE64]: jqK3ylFnRb/q/EmQS0lgiQ==
- ENCRYPTED MSG
[HEX]: 8ea2b7ca516745bfeafc49904b496089
- DECRYPTED MSG [BASE64]: ABEiM0RVZneImaq7zN3u/w==
- DECRYPTED MSG
[HEX]: 00112233445566778899aabbccddeeff
--------------------------------------------- END OF TEST REPORT AES_ECB_256_DECR ---------------------------------------------
A.3.2 CONFIDENTIALITY TEST CASE #5: AES CTR TEST WITH 192-BIT KEY
A.3.2.1 IMPLEMENTATION #1
richter@rbod099:~/Algorithms_Tests_final/Skripte> ./AES_ECB_CTR.pl
Please choose the algorithm - aes128, aes192 or aes256 is possible!
aes192
Chosen algorithm: aes192
Please choose the mode - ecb or ctr is possible!
ctr
Chosen mode: ctr
Key_hex: 000102030405060708090a0b0c0d0e0f1011121314151617
IV_hex: 00112233445566778899010203040506
Reading in cleartext:
Length(/home/richter/Algorithms_Tests_final/Plaintext_Two.hex) = 128
open(/home/richter/Algorithms_Tests_final/Plaintext_Two.hex) = 1
128 Bytes read
Cleartext_Hex:
7f4e4f11091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719aab7dc
2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e501440134e04
e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c299c325c8a7cc1de91
74f544bc60828c1eebad49287caa4108a0
Encrypted Message:
391a021f77389e9cf60e022f43cefd443e1a03e55c41f4fdcdafc3ef561136484c2138061a
435e3b2084011fa0864ec44e8dc963c3dc82d850896f6c2a12624fee71a3eb00b73ef903d7
adcdb6bc3920f1d2eaf4a32be2c78ea8e8b41938be10fe8a46d2017cabeb7ff52be3b6bdf6
4fe6f2e0f61888cac401271e1e68444ad8
Writing encrypted message in file.
open(/home/richter/Algorithms_Tests_final/aes192_ctr_ciphertext.hex) = 1
Length(/home/richter/Algorithms_Tests_final/aes192_ctr_ciphertext.hex) =
128
Decryption:
Decrypted Message:
7f4e4f11091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719aab7dc
CCSDS 352.1-Y-1
Page A-2
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e501440134e04
e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c299c325c8a7cc1de91
74f544bc60828c1eebad49287caa4108a0
A.3.2.2 IMPLEMENTATION #2
--------------------------------------------------------------------------- TEST REPORT AES_CTR192: AES/CTR/NoPadding Encryption 192 bits key --------------------------------------------------------------------------- GENERATED ON: 2012.04.11 11:25:31
- PROVIDER: BC
- OPMODE: Encryption
- ALGORITHM: AES
- MODE: CTR
- PADDING: NoPadding
- INIT. VECTOR (128 bits): 00112233445566778899010203040506
- KEY (192 BITS): 000102030405060708090a0b0c0d0e0f1011121314151617
- UNENCRYPTED MSG [BASE64]:
f05PEQkb9Rl2wPxx7LzQmFza0hNVScgYwJVngB2KmkLHGaq33Cy1ihC1Bn0UxSyr5rubk557nN
OV6vELpqU/0uZEbh5QFEATTgTmYu9+uxyceLvT/Xy53ouYVBi+G0PrtdeQLMtMKZwyXIp8wd6R
dPVEvGCCjB7rrUkofKpBCKA=
- UNENCRYPTED MSG
[HEX]:
7f4e4f11091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719aab7dc
2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e501440134e04
e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c299c325c8a7cc1de91
74f544bc60828c1eebad49287caa4108a0
- ENCRYPTED MSG [BASE64]:
ORoCH3c4npz2DgIvQ879RD4aA+VcQfT9za/D71YRNkhMITgGGkNeOyCEAR+ghk7ETo3JY8Pcgt
hQiW9sKhJiT+5xo+sAtz75A9etzba8OSDx0ur0oyvix46o6LQZOL4Q/opG0gF8q+t/9Svjtr32
T+by4PYYiMrEASceHmhEStg=
- ENCRYPTED MSG
[HEX]:
391a021f77389e9cf60e022f43cefd443e1a03e55c41f4fdcdafc3ef561136484c2138061a
435e3b2084011fa0864ec44e8dc963c3dc82d850896f6c2a12624fee71a3eb00b73ef903d7
adcdb6bc3920f1d2eaf4a32be2c78ea8e8b41938be10fe8a46d2017cabeb7ff52be3b6bdf6
4fe6f2e0f61888cac401271e1e68444ad8
--------------------------------------- END OF TEST REPORT AES_CTR192 --------------------------------------------------------------------------------------------------------------------- TEST REPORT AES_CTR_192_DECR: AES/CTR/NoPadding Decryption 192 bits
key ------------------------------------------------------------------------------ GENERATED ON: 2012.12.03 14:42:25
- PROVIDER: BC
- OPMODE: Decryption
- ALGORITHM: AES
- MODE: CTR
- PADDING: NoPadding
- INIT. VECTOR (128 bits): 00112233445566778899010203040506
CCSDS 352.1-Y-1
Page A-3
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
- KEY (192 BITS): 000102030405060708090a0b0c0d0e0f1011121314151617
- ENCRYPTED MSG [BASE64]:
ORoCH3c4npz2DgIvQ879RD4aA+VcQfT9za/D71YRNkhMITgGGkNeOyCEAR+ghk7ETo3JY8Pcgt
hQiW9sKhJiT+5xo+sAtz75A9etzba8OSDx0ur0oyvix46o6LQZOL4Q/opG0gF8q+t/9Svjtr32
T+by4PYYiMrEASceHmhEStg=
- ENCRYPTED MSG
[HEX]:
391a021f77389e9cf60e022f43cefd443e1a03e55c41f4fdcdafc3ef561136484c2138061a
435e3b2084011fa0864ec44e8dc963c3dc82d850896f6c2a12624fee71a3eb00b73ef903d7
adcdb6bc3920f1d2eaf4a32be2c78ea8e8b41938be10fe8a46d2017cabeb7ff52be3b6bdf6
4fe6f2e0f61888cac401271e1e68444ad8
- DECRYPTED MSG [BASE64]:
f05PEQkb9Rl2wPxx7LzQmFza0hNVScgYwJVngB2KmkLHGaq33Cy1ihC1Bn0UxSyr5rubk557nN
OV6vELpqU/0uZEbh5QFEATTgTmYu9+uxyceLvT/Xy53ouYVBi+G0PrtdeQLMtMKZwyXIp8wd6R
dPVEvGCCjB7rrUkofKpBCKA=
- DECRYPTED MSG
[HEX]:
7f4e4f11091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719aab7dc
2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e501440134e04
e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c299c325c8a7cc1de91
74f544bc60828c1eebad49287caa4108a0
--------------------------------------------- END OF TEST REPORT AES_CTR_192_DECR ---------------------------------------------
A.3.3 CONFIDENTIALITY TEST CASE #7: AES GCM TEST WITH 128-BIT KEY
A.3.3.1 IMPLEMENTATION #1
richter@rbod099:~/Algorithms_Tests_final/Skripte> ./AES_GCM.pl
Please choose the algorithm - possible values are aes128, aes192 or
aes256!
aes128
Chosen algorithm: aes128
Key_hex: 000102030405060708090a0b0c0d0e0f
IV_hex: 001122334455667788990102
Reading input data:
Length(/home/richter/Algorithms_Tests_final/Plaintext_Four.hex) = 128
open(/home/richter/Algorithms_Tests_final/Plaintext_Four.hex) = 1
128 Bytes read
Input Data:
9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68c040f2
328009fffe62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf41cce0d523016
ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3da881481f46f21dda62
e3e4c898bb9f819b22f816b7c4e2fb6729
Reading additional data:
Length(/home/richter/Algorithms_Tests_final/AAD_One.hex) = 128
open(/home/richter/Algorithms_Tests_final/AAD_One.hex) = 1
128 Bytes read
Additional Data:
45fa52a0e8321d82caea95bd9506f7331923e2aa95e9238908f3ff30e17a96389dfea75e22
5e34e1605354eaaf999a950f469c6e2e8722da5ad9daded6722baca00e5d1b8e63266ad1b4
2cae161b9c089f4ffdfbbaa2f1fb0245d1a4c306d46e215e8c6c6ae37652a8f6016f92adb7
695d40bde8c202ab9c2d70a96220b4b01b
Encrypting data...
Encrypted Message:
CCSDS 352.1-Y-1
Page A-4
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
12eb27cfca2313dc6aefa493366657b38f7fd03b9b52dadf92d2362888800dc83055627871
2c6d1433a121c234c2375b660f6c7872a092b71c63c92f710db74c719dab172dcfd33126ea
74189118fc871f82437ae1ce3f5940bb985bf34050ef271903b8f6c70ed04a7edc767df9c9
787aaa86390f1deb1c212cdc882e18d9a5
Tag_hex:
edb704f5cbbee325c68b5d4f5255bfac
Writing encrypted message in file:
open(/home/richter/Algorithms_Tests_final/AES128_GCM_Ciphertext.hex) = 1
Length(/home/richter/Algorithms_Tests_final/AES128_GCM_Ciphertext.hex) =
128
Decrypting data...
Decrypted Message:
9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68c040f2
328009fffe62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf41cce0d523016
ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3da881481f46f21dda62
e3e4c898bb9f819b22f816b7c4e2fb6729
A.3.3.2 IMPLEMENTATION #2
------------------------------------------------------------------------------ TEST REPORT AES_GCM128_128: AES/GCM/NoPadding Encryption 128 bits key
------------------------------------------------------------------------------ GENERATED ON: 2012.04.12 11:00:18
- PROVIDER: BC
- OPMODE: Encryption
- ALGORITHM: AES
- MODE: GCM
- PADDING: NoPadding
- INIT. VECTOR (96 bits): 001122334455667788990102
- KEY (128 BITS): 000102030405060708090a0b0c0d0e0f
- ADD. AUTH. DATA (AAD) [BASE64]:
RfpSoOgyHYLK6pW9lQb3Mxkj4qqV6SOJCPP/MOF6ljid/qdeIl404WBTVOqvmZqVD0acbi6HIt
pa2dre1nIrrKAOXRuOYyZq0bQsrhYbnAifT/37uqLx+wJF0aTDBtRuIV6MbGrjdlKo9gFvkq23
aV1AvejCAqucLXCpYiC0sBs=
- ADD. AUTH. DATA (AAD)
[HEX]:
45fa52a0e8321d82caea95bd9506f7331923e2aa95e9238908f3ff30e17a96389dfea75e22
5e34e1605354eaaf999a950f469c6e2e8722da5ad9daded6722baca00e5d1b8e63266ad1b4
2cae161b9c089f4ffdfbbaa2f1fb0245d1a4c306d46e215e8c6c6ae37652a8f6016f92adb7
695d40bde8c202ab9c2d70a96220b4b01b
- UNENCRYPTED MSG [BASE64]:
nu98mg+j6af8xLL50hCpfWZT3teRPy+y3oJaDf14rhzKaMBA8jKACf/+YpN9Yw7p1uDme8EsOM
Cz0DVpfUwjETcarPQczg1SMBbuQ2pH2Trw33cBETGFbQcscYwxDwmVtxUw1wo9qIFIH0byHdpi
4+TImLufgZsi+Ba3xOL7Zyk=
- UNENCRYPTED MSG
[HEX]:
9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68c040f2
328009fffe62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf41cce0d523016
ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3da881481f46f21dda62
e3e4c898bb9f819b22f816b7c4e2fb6729
- ENCRYPTED MSG [BASE64]:
Eusnz8ojE9xq76STNmZXs49/0DubUtrfktI2KIiADcgwVWJ4cSxtFDOhIcI0wjdbZg9seHKgkr
ccY8kvcQ23THGdqxctz9MxJup0GJEY/IcfgkN64c4/WUC7mFvzQFDvJxkDuPbHDtBKftx2ffnJ
eHqqhjkPHescISzciC4Y2aU=
- ENCRYPTED MSG
[HEX]:
12eb27cfca2313dc6aefa493366657b38f7fd03b9b52dadf92d2362888800dc83055627871
CCSDS 352.1-Y-1
Page A-5
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
2c6d1433a121c234c2375b660f6c7872a092b71c63c92f710db74c719dab172dcfd33126ea
74189118fc871f82437ae1ce3f5940bb985bf34050ef271903b8f6c70ed04a7edc767df9c9
787aaa86390f1deb1c212cdc882e18d9a5
- AUTH. TAG (128 bits) [BASE64]: 7bcE9cu+4yXGi11PUlW/rA==
- AUTH. TAG (128 bits)
[HEX]: edb704f5cbbee325c68b5d4f5255bfac
------------------------------------------- END OF TEST REPORT AES_GCM128_128 ------------------------------------------------------------------------------------------------------------------------- TEST REPORT aes_gcm_128_decr: AES/GCM/NoPadding Decryption 128 bits
key ------------------------------------------------------------------------------ GENERATED ON: 2012.10.11 14:22:31
- PROVIDER: BC
- OPMODE: Decryption
- ALGORITHM: AES
- MODE: GCM
- PADDING: NoPadding
- INIT. VECTOR (96 bits): 001122334455667788990102
- KEY (128 BITS): 000102030405060708090a0b0c0d0e0f
- ADD. AUTH. DATA (AAD) [BASE64]:
RfpSoOgyHYLK6pW9lQb3Mxkj4qqV6SOJCPP/MOF6ljid/qdeIl404WBTVOqvmZqVD0acbi6HIt
pa2dre1nIrrKAOXRuOYyZq0bQsrhYbnAifT/37uqLx+wJF0aTDBtRuIV6MbGrjdlKo9gFvkq23
aV1AvejCAqucLXCpYiC0sBs=
- ADD. AUTH. DATA (AAD)
[HEX]:
45fa52a0e8321d82caea95bd9506f7331923e2aa95e9238908f3ff30e17a96389dfea75e22
5e34e1605354eaaf999a950f469c6e2e8722da5ad9daded6722baca00e5d1b8e63266ad1b4
2cae161b9c089f4ffdfbbaa2f1fb0245d1a4c306d46e215e8c6c6ae37652a8f6016f92adb7
695d40bde8c202ab9c2d70a96220b4b01b
- ENCRYPTED MSG [BASE64]:
Eusnz8ojE9xq76STNmZXs49/0DubUtrfktI2KIiADcgwVWJ4cSxtFDOhIcI0wjdbZg9seHKgkr
ccY8kvcQ23THGdqxctz9MxJup0GJEY/IcfgkN64c4/WUC7mFvzQFDvJxkDuPbHDtBKftx2ffnJ
eHqqhjkPHescISzciC4Y2aU=
- ENCRYPTED MSG
[HEX]:
12eb27cfca2313dc6aefa493366657b38f7fd03b9b52dadf92d2362888800dc83055627871
2c6d1433a121c234c2375b660f6c7872a092b71c63c92f710db74c719dab172dcfd33126ea
74189118fc871f82437ae1ce3f5940bb985bf34050ef271903b8f6c70ed04a7edc767df9c9
787aaa86390f1deb1c212cdc882e18d9a5
- DECRYPTED MSG [BASE64]:
nu98mg+j6af8xLL50hCpfWZT3teRPy+y3oJaDf14rhzKaMBA8jKACf/+YpN9Yw7p1uDme8EsOM
Cz0DVpfUwjETcarPQczg1SMBbuQ2pH2Trw33cBETGFbQcscYwxDwmVtxUw1wo9qIFIH0byHdpi
4+TImLufgZsi+Ba3xOL7Zyk=
- DECRYPTED MSG
[HEX]:
9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68c040f2
328009fffe62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf41cce0d523016
ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3da881481f46f21dda62
e3e4c898bb9f819b22f816b7c4e2fb6729
- AUTH. TAG (128 bits) [BASE64]: 7bcE9cu+4yXGi11PUlW/rA==
- AUTH. TAG (128 bits)
[HEX]: edb704f5cbbee325c68b5d4f5255bfac
--------------------------------------------- END OF TEST REPORT aes_gcm_128_decr ---------------------------------------------
CCSDS 352.1-Y-1
Page A-6
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
A.4 EXAMPLES FOR AUTHENTICATION TESTING
A.4.1 AUTHENTICATION TEST CASE #1: HMAC TEST WITH SHA-256
A.4.1.1 IMPLEMENTATION #1
richter@rbod099:~/Algorithms_Tests_final/Skripte> ./HMAC.pl
Key_hex: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F
Text: Mary had a little lamb whose fleece was white as snow
MAC: bdb295ba36fe5aebc553834daad212556d909cda2515ff794376cd61f16b9073
open(/home/richter/Algorithms_Tests_final/HMAC.hex) = 1
Length(/home/richter/Algorithms_Tests_final/HMAC.hex) = 32
MAC has been written in file successfully!
A.4.1.2 IMPLEMENTATION #2
---------------------------------------------------- TEST REPORT HMAC: HMac-SHA256 256 bits key ---------------------------------------------------- GENERATED ON: 2012.03.28 18:01:29
- PROVIDER: BC
- ALGORITHM: HMac-SHA256
- KEY (256 BITS):
000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
- ENCRYPTED MSG [BASE64]:
TWFyeSBoYWQgYSBsaXR0bGUgbGFtYiB3aG9zZSBmbGVlY2Ugd2FzIHdoaXRlIGFzIHNub3c=
- ENCRYPTED MSG
[HEX]:
4d617279206861642061206c6974746c65206c616d622077686f736520666c656563652077
617320776869746520617320736e6f77
- ENCRYPTED MSG
[ASCII]: Mary had a little lamb whose fleece was white
as snow
- MAC [BASE64]: vbKVujb+WuvFU4NNqtISVW2QnNolFf95Q3bNYfFrkHM=
- MAC
[HEX]:
bdb295ba36fe5aebc553834daad212556d909cda2515ff794376cd61f16b9073
--------------------------------- END OF TEST REPORT HMAC ---------------------------------
A.4.2 AUTHENTICATION TEST CASE #2: CMAC TEST WITH AES 128-BIT KEY
A.4.2.1 IMPLEMENTATION #1
richter@rbod099:~/Algorithms_Tests_final/Skripte> ./CMAC.pl
Please chose the keysize!
128
Chosen keysize: 128
Key_hex: 2b7e151628aed2a6abf7158809cf4f3c
Input data: Mary had a little lamb whose fleece was white as snow
Tag_hex: a077d45177b7dde98328691b23bb6ec0
A.4.2.2 IMPLEMENTATION #2
CCSDS 352.1-Y-1
Page A-7
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
---------------------------------------------------- TEST REPORT CMAC_128: AESCMAC 128 bits key ---------------------------------------------------- GENERATED ON: 2012.03.28 17:45:26
- PROVIDER: BC
- ALGORITHM: AESCMAC
- KEY (128 BITS): 2b7e151628aed2a6abf7158809cf4f3c
- ENCRYPTED MSG [BASE64]:
TWFyeSBoYWQgYSBsaXR0bGUgbGFtYiB3aG9zZSBmbGVlY2Ugd2FzIHdoaXRlIGFzIHNub3c=
- ENCRYPTED MSG
[HEX]:
4d617279206861642061206c6974746c65206c616d622077686f736520666c656563652077
617320776869746520617320736e6f77
- ENCRYPTED MSG
[ASCII]: Mary had a little lamb whose fleece was white
as snow
- MAC [BASE64]: oHfUUXe33emDKGkbI7tuwA==
- MAC
[HEX]: a077d45177b7dde98328691b23bb6ec0
------------------------------------- END OF TEST REPORT CMAC_128 -------------------------------------
A.4.3 AUTHENTICATION TEST CASE #5: DIGITAL SIGNATURE
A.4.3.1 IMPLEMENTATION #1
richter@rbod099:~/Algorithms_Tests_final/Skripte> ./Digital_Signature.pl
Input Data: Mary had a little lamb whose fleece was white as snow
Read in of Private Key:
Length(/home/richter/lse-sec/keys/id_rsa) = 1675
open(/home/richter/lse-sec/keys/id_rsa) = 1
1675 Bits read
private key is:
-----BEGIN RSA PRIVATE KEY----MIIEowIBAAKCAQEA3eb6s4qHKZyBhCDxilBxgOO8fCHCc29HC8M9Wh+FfA2h3O2x
lGc+qTAcf+hJHVp6/IWtEuPqxOVT1cMADhzFFH/iYGhz1Jk+as3KgVXVpTADaniW
gNTPHhRe4XVJpO8XPqAHhozLCCQN5lgmb4r0JU9qsiwjv4CE4s16kp742yUbid8V
YyzB/aWWKi/CLOFMNDGhh4K36YXWtSatnq0qEkEV1Bmxt7/zDgJH6HmomT3+t9BL
OVvFa0EAMl1A32QwBaVnkB+B6R7/WlsKnSDMg2oRwRhU/Gl2+LXyuuBvT7jQC3ac
4jbFkB6Uie/90YS3H4mKx3N8CqC7HEwlRCiDFQIDAQABAoIBAFn1z0NEcOFswpEX
bfTeAfX33a0RXqy/uzTIlTHZP5t4R1uyvWBlruCWUaeFO0b8LIn9g5n57m6ebitm
H7qY7UkPQ25ESlkxOz2/ak6exrtuSKQ8eP+HxuPx7DlI/G8yQuEvrX1dzN3jCAOP
Tx2/XpVVqfLLtD5p0vXDyeJxMoBcvEMecUjoFwmGmGUvzXwoHotheGqY+vtyKUSl
qA2KMsS7N5QJPOsvgDXjoXt9OBAVGBTExoZ5lNO4rUfkNSFYXHdvUwlQfKBNVcG8
1eigQu5rcuiOMd22ICCJ1w4I9w12CtN3Ff6wmOs7WA4S8VNK1srHzM6qrRulPXSG
0xrmKk0CgYEA/NulAkx6GgUfhXTciWk5uX0o5+VYsVXRpydZRKA3XN0lCxhdLNw6
DOM7xJoPfj9/vjypnQFB6cJ+qR1heVe6WxwPjBxdRI1dC35JIEef6VVv3wQ1piVU
qvsGc6/ePIjjdGZsIY9fsBubU948cVAEUlDg7Hlw/yYIvz8kpwrZ6u8CgYEA4Kjc
40ZmCW95ka3CbP9gvzmmYTM6sGx6KjBcLdnGtMXmL/O4HbegpwhtWp/9bQYbezqO
uDViARHzzsaTktRHSxxJzSWyvyhOOPkOjlngUdCn6N+ogrsP2IoSb3HWEWBtvMD+
Z38PeSmpyn/e1huKERl7Ca0HPX/QmY6pmhd+gjsCgYEA9tDjcan66Zkkmp1mg86t
CCSDS 352.1-Y-1
Page A-8
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
pOyR2EHbYEZXviS/kygcwk2u0fS3Rom1NE0+Uvrasq4C4EvQeEv47deG0Ua3lb1X
T4XFe0tYkwi10Pk1IggoBJf7+iHeyE3aJoefVZ9Oe6JW+5DabavIiFt6M9RTBXxI
q5z84HbuIHAcy6kz+sWxzwsCgYAkWo7r5B9s1XIZpcF5e9W+++g1gGG13Mfj/dFc
xgnGhOObzNd1T5qajN2NNah/tOZLiY1At7q1K5+FTVLiBqHGwLwci0YicrY9t+eo
F1kaRCZ3o4GULgsBYk5bZFNcmnsHeT9xpfjuBVTpZMm9YdV0sOfdB/fM9trdjl1Z
hwW8swKBgFeWIB8qjgj7pzP/bGO2JxNyXndwuSOyc5xmcK1heECUGrFwl3AIrAaf
40Ntb6VigHwWSvAUJQdvSLwtOCfAPHmDqbHXwNyxtoEUnl+NNDR/vgZf97D6wMBk
mlmpn6g+YGD1kzYTxNLrAEC+JjQuoZe5a8nzu7ImMb3/fNtoewVn
-----END RSA PRIVATE KEY----Read in of Public Key:
Length(/home/richter/lse-sec/keys/id_rsa.pub) = 451
open(/home/richter/lse-sec/keys/id_rsa.pub) = 1
451 Bits read
public key is:
-----BEGIN RSA PUBLIC KEY----MIIBCgKCAQEA3eb6s4qHKZyBhCDxilBxgOO8fCHCc29HC8M9Wh+FfA2h3O2xlGc+
qTAcf+hJHVp6/IWtEuPqxOVT1cMADhzFFH/iYGhz1Jk+as3KgVXVpTADaniWgNTP
HhRe4XVJpO8XPqAHhozLCCQN5lgmb4r0JU9qsiwjv4CE4s16kp742yUbid8VYyzB
/aWWKi/CLOFMNDGhh4K36YXWtSatnq0qEkEV1Bmxt7/zDgJH6HmomT3+t9BLOVvF
a0EAMl1A32QwBaVnkB+B6R7/WlsKnSDMg2oRwRhU/Gl2+LXyuuBvT7jQC3ac4jbF
kB6Uie/90YS3H4mKx3N8CqC7HEwlRCiDFQIDAQAB
-----END RSA PUBLIC KEY----Please choose a hash function - possible values are sha256 or sha512!
sha256
Signing the data...
Writing Signature in file.
open(/home/richter/Algorithms_Tests_final/Signature_sha256.hex) = 1
Length in Bytes(/home/richter/Algorithms_Tests_final/Signature_sha256.hex)
= 256
Please enter the path to file containing the signature you want to verify!
/home/richter/Algorithms_Tests_final/Signature_sha256.hex
Length in Bytes(/home/richter/Algorithms_Tests_final/Signature_sha256.hex)
= 256
open(/home/richter/Algorithms_Tests_final/Signature_sha256.hex) = 1
Verifying Signature...
Signed correctly!
A.4.3.2 IMPLEMENTATION #2
------------------------------------------------------ TEST REPORT: RSA_SHA256_SIGN: RSA Encryption ------------------------------------------------------ GENERATED ON: 2013.01.22 11:06:04
- PROVIDER: BC
- OPMODE: Encryption
- ALGORITHM: RSA
- USAGE: Authentication
- PRIVATE KEY: **** Secret ****
- SIGNATURE (SHA256 with RSA Encryption) [BASE64]:
ocI9oyuF5efXrJWeUGZlXZJ82ncjTDkDZpaGHhEy6EHcb/iUeDm/iwCRPd8g+Kzdg/vDwc9FQl
QXF5qHpaPXFI46l5Tj6QN70uulWqVWECbPw1dRyNDkCikpYabX6bvKhsiHWR4igFgoEMqMjxGl
LLRb/YGz2CpCbPq7K2eDArfTX4eEeCd1OpGWXdXzlfkptL+CgWysdNzDlQPwED/Hieiebs4dGM
CCSDS 352.1-Y-1
Page A-9
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
X7xStYGFiVzEZ+RRTOI0ax2HrBHoKb4ztkow7NJqnxe4fF50M2ygqjGeVdfD9M5LpX9YE15zga
JiFKt8sEsMlWE5lym/voec15WGUKNb3Wur2Q2BWXBKL7dw==
- SIGNATURE (SHA256 with RSA Encryption)
[HEX]:
a1c23da32b85e5e7d7ac959e5066655d927cda77234c39036696861e1132e841dc6ff89478
39bf8b00913ddf20f8acdd83fbc3c1cf45425417179a87a5a3d7148e3a9794e3e9037bd2eb
a55aa5561026cfc35751c8d0e40a292961a6d7e9bbca86c887591e2280582810ca8c8f11a5
2cb45bfd81b3d82a426cfabb2b678302b7d35f87847827753a91965dd5f395f929b4bf8281
6cac74dcc39503f0103fc789e89e6ece1d18c5fbc52b58185895cc467e4514ce2346b1d87a
c11e829be33b64a30ecd26a9f17b87c5e74336ca0aa319e55d7c3f4ce4ba57f58135e7381a
26214ab7cb04b0c9561399729bfbe879cd7958650a35bdd6babd90d8159704a2fb77
- INPUT MSG [BASE64]:
TWFyeSBoYWQgYSBsaXR0bGUgbGFtYiB3aG9zZSBmbGVlY2Ugd2FzIHdoaXRlIGFzIHNub3c=
- INPUT MSG
[HEX]:
4d617279206861642061206c6974746c65206c616d622077686f736520666c656563652077
617320776869746520617320736e6f77
- INPUT MSG [ASCII]: Mary had a little lamb whose fleece was white as
snow
--------------------------------------------- END OF TEST REPORT: RSA_SHA256_SIGN ------------------------------------------------------------------------------------------------- TEST REPORT: RSA_SHA256_VER: RSA Decryption ----------------------------------------------------- GENERATED ON: 2013.01.22 11:07:30
- PROVIDER: BC
- OPMODE: Decryption
- ALGORITHM: RSA
- USAGE: Authentication
- PUBLIC KEY:
-----BEGIN PUBLIC KEY----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eb6s4qHKZyBhCDxilBx
gOO8fCHCc29HC8M9Wh+FfA2h3O2xlGc+qTAcf+hJHVp6/IWtEuPqxOVT1cMADhzF
FH/iYGhz1Jk+as3KgVXVpTADaniWgNTPHhRe4XVJpO8XPqAHhozLCCQN5lgmb4r0
JU9qsiwjv4CE4s16kp742yUbid8VYyzB/aWWKi/CLOFMNDGhh4K36YXWtSatnq0q
EkEV1Bmxt7/zDgJH6HmomT3+t9BLOVvFa0EAMl1A32QwBaVnkB+B6R7/WlsKnSDM
g2oRwRhU/Gl2+LXyuuBvT7jQC3ac4jbFkB6Uie/90YS3H4mKx3N8CqC7HEwlRCiD
FQIDAQAB
-----END PUBLIC KEY----- SIGNATURE (SHA256 with RSA Encryption) [BASE64]:
ocI9oyuF5efXrJWeUGZlXZJ82ncjTDkDZpaGHhEy6EHcb/iUeDm/iwCRPd8g+Kzdg/vDwc9FQl
QXF5qHpaPXFI46l5Tj6QN70uulWqVWECbPw1dRyNDkCikpYabX6bvKhsiHWR4igFgoEMqMjxGl
LLRb/YGz2CpCbPq7K2eDArfTX4eEeCd1OpGWXdXzlfkptL+CgWysdNzDlQPwED/Hieiebs4dGM
X7xStYGFiVzEZ+RRTOI0ax2HrBHoKb4ztkow7NJqnxe4fF50M2ygqjGeVdfD9M5LpX9YE15zga
JiFKt8sEsMlWE5lym/voec15WGUKNb3Wur2Q2BWXBKL7dw==
- SIGNATURE (SHA256 with RSA Encryption)
[HEX]:
a1c23da32b85e5e7d7ac959e5066655d927cda77234c39036696861e1132e841dc6ff89478
39bf8b00913ddf20f8acdd83fbc3c1cf45425417179a87a5a3d7148e3a9794e3e9037bd2eb
a55aa5561026cfc35751c8d0e40a292961a6d7e9bbca86c887591e2280582810ca8c8f11a5
2cb45bfd81b3d82a426cfabb2b678302b7d35f87847827753a91965dd5f395f929b4bf8281
6cac74dcc39503f0103fc789e89e6ece1d18c5fbc52b58185895cc467e4514ce2346b1d87a
c11e829be33b64a30ecd26a9f17b87c5e74336ca0aa319e55d7c3f4ce4ba57f58135e7381a
26214ab7cb04b0c9561399729bfbe879cd7958650a35bdd6babd90d8159704a2fb77
- SIGNATURE VER.: >>>>> SUCCESSFUL <<<<<
- INPUT MSG [BASE64]:
TWFyeSBoYWQgYSBsaXR0bGUgbGFtYiB3aG9zZSBmbGVlY2Ugd2FzIHdoaXRlIGFzIHNub3c=
CCSDS 352.1-Y-1
Page A-10
Nov 2012
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN
- INPUT MSG
[HEX]:
4d617279206861642061206c6974746c65206c616d622077686f736520666c656563652077
617320776869746520617320736e6f77
- INPUT MSG [ASCII]: Mary had a little lamb whose fleece was white as
snow
-------------------------------------------- END OF TEST REPORT: RSA_SHA256_VER --------------------------------------------
CCSDS 352.1-Y-1
Page A-11
Nov 2012
Related documents
Claire Addison - Foundation Scotland
Claire Addison - Foundation Scotland
Tutorial 4
Tutorial 4
Clinical Trial Protocol Outline
Clinical Trial Protocol Outline
AES Encryption
AES Encryption
CCSDS 130.0-G-2.1_change_request_GJK_July23_2014
CCSDS 130.0-G-2.1_change_request_GJK_July23_2014
Meeting 53 Slides
Meeting 53 Slides
BITTT and CCSDS in China
BITTT and CCSDS in China
Chris Shelton - Storage Arrays
Chris Shelton - Storage Arrays
Protocol PT 23_4 - Ing. Iva Bogumská
Protocol PT 23_4 - Ing. Iva Bogumská
Download
advertisement