Merge branch 'blake2b' into 'master'

Use BLAKE2b for hashing See merge request akwizgran/briar!667
2026-02-14 19:59:05 +01:00 · 2018-01-19 11:04:27 +00:00
parent 711475d45a 45bc6a51b0
commit f641e16512
7 changed files with 52 additions and 593 deletions
--- a/bramble-core/src/test/java/org/briarproject/bramble/crypto/Blake2bDigestTest.java
+++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/Blake2bDigestTest.java
@@ -3,75 +3,76 @@ package org.briarproject.bramble.crypto;
 import org.briarproject.bramble.test.BrambleTestCase;
 import org.briarproject.bramble.util.StringUtils;
 import org.junit.Test;
+import org.spongycastle.crypto.digests.Blake2bDigest;

 import java.util.Random;

 import static org.junit.Assert.assertArrayEquals;

-public class Blake2sDigestTest extends BrambleTestCase {
+public class Blake2bDigestTest extends BrambleTestCase {

-	// Vectors from BLAKE2 web site: https://blake2.net/blake2s-test.txt
-	private static final String[][] keyedTestVectors = {
+	// Vectors from BLAKE2 web site: https://blake2.net/Blake2b-test.txt
+	private static final String[][] KEYED_TEST_VECTORS = {
 			// input/message, key, hash
 			{
 					"",
-					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
-					"48a8997da407876b3d79c0d92325ad3b89cbb754d86ab71aee047ad345fd2c49",
+					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+					"10ebb67700b1868efb4417987acf4690ae9d972fb7a590c2f02871799aaa4786b5e996e8f0f4eb981fc214b005f42d2ff4233499391653df7aefcbc13fc51568",
 			},
 			{
 					"00",
-					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
-					"40d15fee7c328830166ac3f918650f807e7e01e177258cdc0a39b11f598066f1",
+					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+					"961f6dd1e4dd30f63901690c512e78e4b45e4742ed197c3c5e45c549fd25f2e4187b0bc9fe30492b16b0d0bc4ef9b0f34c7003fac09a5ef1532e69430234cebd",
 			},
 			{
 					"0001",
-					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
-					"6bb71300644cd3991b26ccd4d274acd1adeab8b1d7914546c1198bbe9fc9d803",
+					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+					"da2cfbe2d8409a0f38026113884f84b50156371ae304c4430173d08a99d9fb1b983164a3770706d537f49e0c916d9f32b95cc37a95b99d857436f0232c88a965",
 			},
 			{
 					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d",
-					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
-					"172ffc67153d12e0ca76a8b6cd5d4731885b39ce0cac93a8972a18006c8b8baf",
+					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+					"f1aa2b044f8f0c638a3f362e677b5d891d6fd2ab0765f6ee1e4987de057ead357883d9b405b9d609eea1b869d97fb16d9b51017c553f3b93c0a1e0f1296fedcd",
 			},
 			{
 					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3",
-					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
-					"4f8ce1e51d2fe7f24043a904d898ebfc91975418753413aa099b795ecb35cedb",
+					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+					"c230f0802679cb33822ef8b3b21bf7a9a28942092901d7dac3760300831026cf354c9232df3e084d9903130c601f63c1f4a4a4b8106e468cd443bbe5a734f45f",
 			},
 			{
 					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfe",
-					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
-					"3fb735061abc519dfe979e54c1ee5bfad0a9d858b3315bad34bde999efd724dd",
+					"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f",
+					"142709d62e28fcccd0af97fad0f8465b971e82201dc51070faa0372aa43e92484be1c1e73ba10906d5d1853db6a4106e0a7bf9800d373d6dee2d46d62ef2a461",
 			},
 	};

 	@Test
 	public void testDigestWithKeyedTestVectors() {
-		Blake2sDigest digest = new Blake2sDigest(StringUtils.fromHexString(
-				keyedTestVectors[0][1]));
-		for (String[] keyedTestVector : keyedTestVectors) {
+		for (String[] keyedTestVector : KEYED_TEST_VECTORS) {
 			byte[] input = StringUtils.fromHexString(keyedTestVector[0]);
-			digest.reset();
+			byte[] key = StringUtils.fromHexString(keyedTestVector[1]);
+			byte[] expected = StringUtils.fromHexString(keyedTestVector[2]);

+			Blake2bDigest digest = new Blake2bDigest(key);
 			digest.update(input, 0, input.length);
-			byte[] hash = new byte[32];
+			byte[] hash = new byte[64];
 			digest.doFinal(hash, 0);

-			assertArrayEquals(StringUtils.fromHexString(keyedTestVector[2]),
-					hash);
+			assertArrayEquals(expected, hash);
 		}
 	}

 	@Test
 	public void testDigestWithKeyedTestVectorsAndRandomUpdate() {
-		Blake2sDigest digest = new Blake2sDigest(StringUtils.fromHexString(
-				keyedTestVectors[0][1]));
 		Random random = new Random();
 		for (int i = 0; i < 100; i++) {
-			for (String[] keyedTestVector : keyedTestVectors) {
+			for (String[] keyedTestVector : KEYED_TEST_VECTORS) {
 				byte[] input = StringUtils.fromHexString(keyedTestVector[0]);
-				if (input.length < 3) continue;
-				digest.reset();
+				if (input.length == 0) continue;
+				byte[] key = StringUtils.fromHexString(keyedTestVector[1]);
+				byte[] expected = StringUtils.fromHexString(keyedTestVector[2]);
+
+				Blake2bDigest digest = new Blake2bDigest(key);

 				int pos = random.nextInt(input.length);
 				if (pos > 0)
@@ -80,11 +81,10 @@ public class Blake2sDigestTest extends BrambleTestCase {
 				if (pos < (input.length - 1))
 					digest.update(input, pos + 1, input.length - (pos + 1));

-				byte[] hash = new byte[32];
+				byte[] hash = new byte[64];
 				digest.doFinal(hash, 0);

-				assertArrayEquals(StringUtils.fromHexString(keyedTestVector[2]),
-						hash);
+				assertArrayEquals(expected, hash);
 			}
 		}
 	}
@@ -98,12 +98,12 @@ public class Blake2sDigestTest extends BrambleTestCase {
 		byte[] input = new byte[key.length + 1];
 		for (byte i = 0; i < input.length; i++) input[i] = i;
 		// Hash the input
-		Blake2sDigest digest = new Blake2sDigest(key);
+		Blake2bDigest digest = new Blake2bDigest(key);
 		digest.update(input, 0, input.length);
 		byte[] hash = new byte[digest.getDigestSize()];
 		digest.doFinal(hash, 0);
 		// Create a second instance, hash the input without calling doFinal()
-		Blake2sDigest digest1 = new Blake2sDigest(key);
+		Blake2bDigest digest1 = new Blake2bDigest(key);
 		digest1.update(input, 0, input.length);
 		// Reset the second instance and hash the input again
 		digest1.reset();
@@ -116,9 +116,10 @@ public class Blake2sDigestTest extends BrambleTestCase {

 	// Self-test routine from https://tools.ietf.org/html/rfc7693#appendix-E
 	private static final String SELF_TEST_RESULT =
-			"6A411F08CE25ADCDFB02ABA641451CEC53C598B24F4FC787FBDC88797F4C1DFE";
-	private static final int[] SELF_TEST_DIGEST_LEN = {16, 20, 28, 32};
-	private static final int[] SELF_TEST_INPUT_LEN = {0, 3, 64, 65, 255, 1024};
+			"C23A7800D98123BD10F506C61E29DA5603D763B8BBAD2E737F5E765A7BCCD475";
+	private static final int[] SELF_TEST_DIGEST_LEN = {20, 32, 48, 64};
+	private static final int[] SELF_TEST_INPUT_LEN =
+			{0, 3, 128, 129, 255, 1024};

 	private static byte[] selfTestSequence(int len, int seed) {
 		int a = 0xDEAD4BAD * seed;
@@ -138,8 +139,8 @@ public class Blake2sDigestTest extends BrambleTestCase {

 	@Test
 	public void runSelfTest() {
-		Blake2sDigest testDigest = new Blake2sDigest();
-		byte[] md = new byte[32];
+		Blake2bDigest testDigest = new Blake2bDigest(256);
+		byte[] md = new byte[64];

 		for (int i = 0; i < 4; i++) {
 			int outlen = SELF_TEST_DIGEST_LEN[i];
@@ -148,7 +149,7 @@ public class Blake2sDigestTest extends BrambleTestCase {

 				// unkeyed hash
 				byte[] in = selfTestSequence(inlen, inlen);
-				Blake2sDigest unkeyedDigest = new Blake2sDigest(outlen * 8);
+				Blake2bDigest unkeyedDigest = new Blake2bDigest(outlen * 8);
 				unkeyedDigest.update(in, 0, inlen);
 				unkeyedDigest.doFinal(md, 0);
 				// hash the hash
@@ -156,7 +157,7 @@ public class Blake2sDigestTest extends BrambleTestCase {

 				// keyed hash
 				byte[] key = selfTestSequence(outlen, outlen);
-				Blake2sDigest keyedDigest = new Blake2sDigest(key, outlen, null,
+				Blake2bDigest keyedDigest = new Blake2bDigest(key, outlen, null,
 						null);
 				keyedDigest.update(in, 0, inlen);
 				keyedDigest.doFinal(md, 0);
--- a/bramble-core/src/test/java/org/briarproject/bramble/crypto/EllipticCurvePerformanceTest.java
+++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/EllipticCurvePerformanceTest.java
@@ -6,6 +6,7 @@ import org.spongycastle.asn1.x9.X9ECParameters;
 import org.spongycastle.crypto.AsymmetricCipherKeyPair;
 import org.spongycastle.crypto.Digest;
 import org.spongycastle.crypto.agreement.ECDHCBasicAgreement;
+import org.spongycastle.crypto.digests.Blake2bDigest;
 import org.spongycastle.crypto.generators.ECKeyPairGenerator;
 import org.spongycastle.crypto.params.ECDomainParameters;
 import org.spongycastle.crypto.params.ECKeyGenerationParameters;
@@ -82,7 +83,7 @@ public class EllipticCurvePerformanceTest {
 		List<byte[]> signatures = new ArrayList<>();
 		samples.clear();
 		for (int i = 0; i < SAMPLES; i++) {
-			Digest digest = new Blake2sDigest();
+			Digest digest = new Blake2bDigest(256);
 			DSAKCalculator calculator = new HMacDSAKCalculator(digest);
 			DSADigestSigner signer = new DSADigestSigner(new ECDSASigner(
 					calculator), digest);
@@ -96,7 +97,7 @@ public class EllipticCurvePerformanceTest {
 		// Time some signature verifications
 		samples.clear();
 		for (int i = 0; i < SAMPLES; i++) {
-			Digest digest = new Blake2sDigest();
+			Digest digest = new Blake2bDigest(256);
 			DSAKCalculator calculator = new HMacDSAKCalculator(digest);
 			DSADigestSigner signer = new DSADigestSigner(new ECDSASigner(
 					calculator), digest);
--- a/bramble-core/src/test/java/org/briarproject/bramble/crypto/PseudoRandom.java
+++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/PseudoRandom.java
@@ -2,6 +2,7 @@ package org.briarproject.bramble.crypto;

 import org.briarproject.bramble.api.nullsafety.NotNullByDefault;
 import org.spongycastle.crypto.Digest;
+import org.spongycastle.crypto.digests.Blake2bDigest;
 import org.spongycastle.crypto.engines.Salsa20Engine;
 import org.spongycastle.crypto.params.KeyParameter;
 import org.spongycastle.crypto.params.ParametersWithIV;
@@ -17,7 +18,7 @@ class PseudoRandom {
 	PseudoRandom(byte[] seed) {
 		// Hash the seed to produce a 32-byte key
 		byte[] key = new byte[32];
-		Digest digest = new Blake2sDigest();
+		Digest digest = new Blake2bDigest(256);
 		digest.update(seed, 0, seed.length);
 		digest.doFinal(key, 0);
 		// Initialise the stream cipher with an all-zero nonce