CCSDS CRYPTOGRAPHIC ALGORITHMS TEST REPORT

convertingtownSoftware and s/w Development

Nov 4, 2013 (3 years and 5 months ago)

179 views



CCSDS
CRYPTOGRAPHIC
ALGORITHMS TEST
REPORT

DRAFT CCSDS RECORD

CCSDS
352
.
1
-
Y
-
1

Draft Yellow Book

November

201
2
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
i

Nov

201
2

FOREWORD

[Foreword text specific to this document goes here. The text below is boilerplate.]

Through the process of normal evolution, it is expected that expansion, deletion, or
modification of this document may occur. This document is therefore subject to CCSDS
document management and change control procedures, which are defined in the
Procedure
s
Manual for the Consultative Committee for Space Data Systems
. Current versions of CCSDS
documents are maintained at the CCSDS Web site:

http://www.ccsds.org/

Questions relating to the contents or status of this document should be addressed to the
CCSDS
Secretariat at the address indicated on page i.

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
ii

Nov

201
2

At time of publication, the active Member and Observer Agencies of the CCSDS were:


Member Agencies




Agenzia Spaziale Italiana (ASI)/Italy.



British National Space Centre (BNSC)/United Kingdom.



Canadian Space
Agency (CSA)/Canada.



Centre National d’Etudes Spatiales (CNES)/France.



China National Space Administration

(CNSA)/People’s Republic of China.



Deutsches Zentrum für Luft
-

und Raumfahrt e.V. (DLR)/Germany.



European Space Agency (ESA)/Europe.



Federal Space Ag
ency

(FSA)/
Russian Federation.



Instituto Nacional de Pesquisas Espaciais (INPE)/Brazil.



Japan Aerospace Exploration Agency (JAXA)/Japan.



National Aeronautics and Space Administration (NASA)/USA.


Observer Agencies




Austrian Space Agency (ASA)/Austria.



Belg
ian Federal Science Policy Office (
B
FSPO)/Belgium.



Central Research Institute of Machine Building (TsNIIMash)/Russian Federation.



Centro Tecnico Aeroespacial (CTA)/Brazil.



Chinese Academy of
Sciences

(CAS)/China.



Chinese Academy of Space Technology (CAST)/
China.



Commonwealth Scientific and Industrial Research Organization (CSIRO)/Australia.



Danish National Space Center (DNSC)/Denmark.



European Organization for the Exploitation of Meteorological Satellites
(EUMETSAT)/Europe.



European Telecommunications

Satellite Organization (EUTELSAT)/Europe.



Hellenic National Space Committee (HNSC)/Greece.



Indian Space Research Organization (ISRO)/India.



Institute of Space Research (IKI)/Russian Federation.



KFKI Research Institute for Particle & Nuclear Physics (KFKI)
/Hungary.



Korea Aerospace Research Institute (KARI)/Korea.



MIKOMTEK: CSIR (CSIR)/Republic of South Africa.



Ministry of Communications (MOC)/Israel.



National Institute of Information and Communications Technology (NICT)/Japan.



National Oceanic and Atmospher
ic Administration (NOAA)/USA.



National Space Organization
(NSPO)/Chinese Taipei.



Naval Center for Space Technology

(
NCST
)/USA.



Space and Upper Atmosphere Research Commission (SUPARCO)/Pakistan.



Swedish Space Corporation (SSC)/Sweden.



United States Geologic
al Survey (USGS)/USA.

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
iii

Nov

201
2

DOCUMENT CONTROL


Document

Title

and Issue

Date

Status

CCSDS
352
.
1
-
Y
-
1

CCSDS Cryptographic Algorithms
Test
Report
,
Draft CCSDS Record
,
Issue
1

November

2011

Current draft











DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
iv

Nov

201
2

CONTENTS

Section

Page

DOCUMENT CONTROL
................................
................................
................................
....

III

CONTENTS
................................
................................
................................
...........................

IV

1

INTRODUCTION
................................
................................
................................
..........

1
-
1

1.1

PURPOSE

................................
................................
................................
...............

1
-
1

1.2

SCOPE

................................
................................
................................
....................

1
-
1

1.3

APPLICABILITY

................................
................................
................................
...

1
-
1

1.4

RATIONALE
................................
................................
................................
..........

1
-
1

1.5

DOCUMENT STRUCTURE

................................
................................
.................

1
-
1

1.6

REFERENCES

................................
................................
................................
.......

1
-
1

2

OVERVIEW

................................
................................
................................
...................

2
-
1

3

ALGORITHM TESTING GO
ALS

................................
................................
..............

3
-
2

3.1

CONFIDENTIALITY ALGO
RITHMS

................................
................................
.

3
-
2

3.2

AUTHENTICATION ALGOR
ITHMS

................................
................................
..

3
-
2

4

TEST PLAN DETAILS

................................
................................
................................
.

4
-
4

4.1

CONFIDENTIALITY TEST

CASE #1: AES COUNTER

MODE TEST WITH
128
-
BIT KEY

................................
................................
................................
.........

4
-
5

4.1.1

TEST DESCRIPTION

................................
................................
................

4
-
6

4.1.
2

EXPECTED RESULTS

................................
................................
..............

4
-
6

4.2

CONFIDENTIALITY TEST

CASE #2: AES COUNTER

MODE TEST WITH
192
-
BIT KEY

................................
................................
................................
.........

4
-
7

4.2.1

TEST DESCRIPTION

................................
................................
................

4
-
7

4.2.2

EXPECTED RESULTS

................................
................................
..............

4
-
7

4.3

CONFIDENTIALITY TEST

CASE #3: AES COUNTER

MODE TEST WITH
256
-
BIT KEY

................................
................................
................................
.........

4
-
7

4.3.1

TEST DESCRIPTION

................................
................................
................

4
-
7

4.3.2

EXPECTED RESULTS

................................
................................
..............

4
-
8

4.4

CONFIDENTIALITY TEST

CASE #4: AES GCM TES
T WITH 128
-
BIT KEY

4
-
8

4.4.1

TEST DESCRIPTION

................................
................................
................

4
-
8

4.4.2

EXPECTED RESULTS

................................
................................
..............

4
-
8

4.5

CONFIDENTIALITY TEST

CASE #5: AES GCM TES
T WITH 192
-
BIT KEY

4
-
9

4.5.1

TEST DESCRIPTION

................................
................................
................

4
-
9

4.5.2

EXPECTED RESULTS

................................
................................
..............

4
-
9

4.6

CONFIDENTIALITY TEST

CASE #6: AES GCM TES
T WITH 256
-
BIT KEY

4
-
9

4.6.1

TEST DESCRIPTION

................................
................................
................

4
-
9

4.6.2

EXPECTED RESULTS

................................
................................
............

4
-
10

4.7

CONFIDENTIALITY TEST

CASE #7: AES ECB TES
T WITH 128
-
BIT KEY

.

4
-
5

4.7.1

TEST DESCRIPTION

................................
................................
................

4
-
5

4.7.2

EXPECTED RESULTS

................................
................................
..............

4
-
5

4.8

CONFIDENTIALITY TEST

CASE #8: AES ECB WIT
H 192
-
BIT KEY

............

4
-
5

4.8.1

TEST DESCRIPTION

................................
................................
................

4
-
5

4.8.2

EXPECTED RESULTS

................................
................................
..............

4
-
5

4.9

CONFIDENTIALITY TEST

CASE #9: AES ECB WIT
H 256
-
BIT KEY

............

4
-
5

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
v

Nov

201
2

4.9.1

TEST DESCRIPTION

................................
................................
................

4
-
5

4.9.2

EXPECTED RESULTS

................................
................................
..............

4
-
6

4.10

AUTHENTICATION TEST
CASE #1: HMAC AUTHEN
TICATION WITH SHA
-
256

4
-
10

4.10.1

TEST DESCRIPTION

................................
................................
..............

4
-
10

4.10.2

EXPECTED RESULTS

................................
................................
............

4
-
11

4.11

AUTHENTICATION TEST
CASE #2: CMAC AUTHEN
TICATION WITH AES
USING A 128
-
BIT KEY

................................
................................
......................

4
-
11

4.11.1

TEST DESCRIPTION

................................
................................
..............

4
-
11

4.11.2

EXPECTED RESULTS

................................
................................
............

4
-
11

4.12

AUTHENTICATION TEST
CASE #3: CMAC AUTHEN
TICATION WITH AES
USING A 192
-
BIT KEY

................................
................................
......................

4
-
11

4.12.1

TEST DESCRIPTION

................................
................................
..............

4
-
11

4.12.2

EXPECTED RESULTS

................................
................................
............

4
-
12

4.13

AUTHENTICATION TEST
CASE #4: CMAC AUTHEN
TICATION WITH AES
USING A 256
-
BIT KEY

................................
................................
......................

4
-
12

4.13.1

TEST DESCRIPTION

................................
................................
..............

4
-
12

4.13.2

EXPECTED RESULTS

................................
................................
............

4
-
12

4.14

AUTHENTICATION TEST
CASE #5: DIGITAL SIG
NATURE
AUTHENTICATION

................................
................................
...........................

4
-
12

4.14.1

TEST DESCRIPTION

................................
................................
..............

4
-
12

4.14.2

EXPECTED RESULTS

................................
................................
............

4
-
13

5

TEST RESULTS

................................
................................
................................
..........

5
-
14

5.1

CONFIDENTIALITY TEST

RESULTS
................................
..............................

5
-
14

5.2

AUTHENTICATION TEST
RESULTS

................................
..............................

5
-
14


Table












Page

Table 1
-

Confidentiality Algorithm Tests

................................
................................
..............

4
-
4

Table 2
-

Authentication/Integrity Algorithm Tests

................................
...............................

4
-
4



DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
1
-
1

Nov

201
2

1

INTRODUCTION

1.1

PURPOSE

The purpose of this document is to describe the prototype testing to be conducted for the
CCSDS Cryptographic Algorithms specified in CCSDS 353.0
-
B
-
1 (reference [1]).

1.2

SCOPE

The scope of this document is the testing of the CCSDS cryptographic algorithms t
o provide
confidentiality, authentication, and integrity for spacecraft and ground systems.

1.3

APPLICABILITY

The CCSDS Cryptographic Algorithms will be used to provide data confidentiality,
command authentication, and data/command integrity. The algorithms

may be Agency
-
implemented for specific missions, may be government produced, may be open source, or
may be purchased as commercial
-
off
-
the
-
shelf products. In any case, the algorithms must be
shown to be in conformance with their respective specifications
, must be proven to be bug
and malware free, and must be proven to be interoperable with other implementations of the
same algorithm.

1.4

RATIONALE

The CCSDS Procedures Manual states that for a Recommendation to become a Blue Book,
the standard must be teste
d in an operational manner. The following requirement for an
implementation exercise were excerpted from reference [2]:

“At least two independent and interoperable prototypes or implementations must have
been developed and demonstrated in an operationall
y relevant environment, either real
or simulated.”

This document outlines the Security Working Group’s approach to meeting this requirement.

1.5

DOCUMENT STRUCTURE

This document describes the testing that must be accomplished to allow the CCSDS
Cryptographic Algorithms to proceed forward as a Recommendation.

1.6

REFERENCES

The following documents
are
reference
d

in this
document
. At the time of publication, the
edit
ions indicated were valid. All documents are subject to revision, and users of this
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
1
-
2

Nov

201
2

document
are encouraged to investigate the possibility of applying the most recent editions of
the documents indicated below. The CCSDS Secretariat maintains a register o
f currently
valid CCSDS
documents
.

[1]

CCSDS Cryptographic Algorithms
. CCSDS
352
.0
-
B
-
1. Blue Book. Issue 1.
Washington DC: CCSDS,
November 2012.

[2]

Procedures Manual for the Consultative Committee for Space Data Systems
, CCSDS
A00.0
-
Y
-
9. Yellow Book.

Issue 9. Washington DC: CCSDS, November 2003.

[3]

Advanced Encryption Standard (AES)
. Federal Information Processing Standards
Special Publication 197. Gaithersburg, Maryland: NIST, 2001.
http://csrc.nist.gov/publications/fips/fips197/fips
-
197.pdf
.

[4]

NIST,
The Keyed Hash Message Authentication Code
,

Federal Information
Processing Standard 198
-
1 (FIPS
-
198
-
1), U.S. National Institute of Standards and
Technology (NIST),
http://csrc.nist.gov/publications/fips/fips198
-
1/FIPS
-
198
-
1_final.pdf
, July 2008.

[5]

NIST,
Digital Signature Standard
, Federal Information Processing Standard 186
-
3,
U.S. National Institute
of Standards and Technology (NIST),

http://csrc.nist.gov/publications/fips/fips186
-
3/fips_186
-
3.pdf
,

June 2009.

[6]

Dworkin
, M
.
Recommendation for Block Cipher Modes of Operation:
Galois/Counter Mode (GCM) and GMAC
. National Institute of Standards and
Technology Special Publication 800
-
38D. Gaithersburg, Maryland: NIST, November
2007.
http://csrc.nist.gov/publications/nistpubs/800
-
38D/SP
-
800
-
38D.pdf

[7]

Dworkin, M.;
Recommendation for Block Cipher Modes of Operation: The CMAC
Mode for Authentication
; NIST Specia
l Publication 800
-
38B; National Institute of
Standards and Technology (NIST);
http://csrc.nist.gov/publications/nistpubs/800
-
38B/SP_800
-
38B.pdf
; May 2005.

[8]

Dworkin
, M
.
Recomm
endation for Block Cipher Modes of Operation: Methods and
Techniques
. National Institute of Standards and Technology Special Publication 800
-
38A. Gaithersburg, Maryland: NIST, 2001.
http://csrc.nist.gov/publications/nistpubs/800
-
38a/sp800
-
38a.pdf
.

[9]

Bassham, L.; Th
e Advanced Encryption Standard Algorithm Validation Suite
(AESAVS)
; National Institute of Standards and Technology
; Nov 2002
;
http://csrc.nist.gov/groups/STM/cavp/documents/aes/AESAVS.pdf

[10]

Hall, T;
The FIPS 186
-
3 Digital Signature Algorithm Validation System
(DSA2VS)
;
National Institute of Standards and Technology;
June 2011;

http://csrc.nist.gov/groups/STM/cavp/documents/dss2/dsa2vs.pdf

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
1
-
3

Nov

201
2

[11]

Keller, S;
The RSA Validation System (RSAVS)
; National Institute of
Standards and Technology;
Nov 2004;
http://csrc.nist.gov/groups/STM/cavp/documents/dss/RSAVS.pdf

[12]

Keller, S;
The 186
-
3 RSA Validation System (RSA2VS)
; National Institute of
Standards and Technology;
June 2011;
http://
csrc.nist.gov/groups/STM/cavp/documents/dss2/rsa2vs.pdf

[13]

Bassham, L;
The Secure Hash Algorithm Validation System (SHAVS)
;
National Institute of Standards and Technology;
July 2004;
http://csrc.nist.gov/groups/STM/cavp/documents/shs/SHAVS.pdf

[14]

Keller, S;
The CMAC Validation System (CMACVS)
; National Institute of
Standards and Technology; Aug 2011;
http://cs
rc.nist.gov/groups/STM/cavp/documents/mac/CMACVS.pdf

[15]

Hall, L; Keller, S;
The Galois/Counter Mode (GCM) and GMAC Validation
System (GCMVS)
; National Institute of Standards and Technology; Feb 2009;
http://csrc.nist.gov/groups/STM/cavp/documents/mac/gcmvs.pdf


[16]

Bassham, L;
The Keyed
-
Hash Message Authentication Code Validation
System (HMACVS)
; National Institute of Standards and Technology; Dec 2004;
http://csrc.nist.gov/groups/STM/cavp/documents/mac/HMACVS.pdf


DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
2
-
1

Nov

201
2

2

OVERVIEW

This CCSDS Cryptographic Algorithms test
plan
describe
s

the
manner in which algorithm

testing will be accomplished. It
describe
s

the manner in which the algorithms are to be
implemented, keyed, and data exchanged between the testing parties to determine if the
algorithms are performing as expected.

The

CCSDS Procedures Manual requi
res that testing be performed in an “operational
-
like”
setting
. However, in this case, we are testing “raw
” algorithms and not flight systems.

This
plan
provides the details
to test
the cryptographic algorithms to ensure their corre
ctness and
interoperation
.
We
propose that an independent
algorithm
implementation is used to encrypt
data and another
independent
implementation is used to decrypt it. This would be
performed
using all the recommended modes for encryption.

Like
wise, for authentication
one independent algorithm
implementation
is

used to create a
message authentication code (MAC) with a different
independent algorithm
implementation
used to verify the MAC.
Testing in this manner
is

performed for
all of the specified
authentication algorithms:
HMAC, CMAC, and
RSA
Digital Signature
.

This testing could be performed in a single laboratory

by one tester using multiple
implementations of each algorithm under test
.
However, optimally
th
e testing

sh
ould
be
conducted
at multiple sites
via the internet potentially using something as simple as email to
send encrypted or MAC’d data between the testing parties which would then be fed into

the
various independent
algorithm implementations.

For example, Test Agent A
at site X

could
encrypt data using AES/GCM
using

a pre
-
distributed key. Test Agent A
w
ould
email

the
ciphertext
as an attachment
to Test Agent B
at site Y
. Using
the
pre
-
distributed key

and a
different implementation of AES/GCM than used by Test Agent A, Test Agent B would
attempt to
decrypt the ciphertext
. If the resulting plaintext (agreed to in advance by both
testing agents) is
an exact match
, the test passes.

In
a more elaborate testing setup, the test sites could be interconnected and a

simple network

application could be used to provide the test framework of encrypting
/authentication

data,
transmitting it, and on the receiving end,
decrypting/authenticating the
data.

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
3
-
2

Nov

201
2

3

ALGORITHM TESTING GO
ALS

All algorithm implementations must conform to their respective specifications.

AES must be shown to be conformant with FIPS Pub 197 (reference [3])

and tested in
accordance with
reference
[9]

.

AES/GCM must be shown to be

conformant with FIPS Pub 800
-
38D (reference [
6] and
tested in accordance with reference [15].

HMAC must be shown to be conformant with FIPS Pub 198
-
1 (reference [4])

and tested in
accordance with reference [16]
.

CMAC must be shown to be conformant with
FIPS Pub 800
-
38B (reference [7])

and tested in
accordance with reference [14]
.

RSA
Digital Signature must be shown to be conformant with FIPS Pub 186
-
3
(reference [5])

and tested in accordance with reference
s

[
10], [11], and [12]
.

For reference, t
est v
ectors for each of the respective algorithms may be obtained from the
National Institu
te of Standards and Technology:
http://csrc.nist.gov/groups/STM/cavp/index.html
.

3.1

CONFIDENTIALITY
ALGORITHMS

The CCSDS confidentiality algorithms will be tested to confirm that independent
implementations can successfully interoperate in the cryptographic modes specified in
CCSDS 353.0
-
B
-
1 (reference [1]).

Testing will confirm that the implementation
s of the AES algorithm will support multiple
key sizes. Specifically they must support 128
-
bit, 192
-
bit, and 256
-
bit size keys. Testing
will be carried out using all three key sizes

in electronic code book mode to confirm the
correct operation of the bas
e AES algorithm
.

Testing will also confirm that the implementations of AES operate correctly in counter mode.
Testing will be carried out using all three key sizes with AES in counter mode (reference
[8]).

To confirm that authenticated encryption operates

correctly, AES will be tested using the
Galois/Counter Mode (GCM). Again, all three key sizes will be tested with AES in GCM
mode (reference [6]).

3.2

AUTHENTICATION ALGOR
ITHMS

The CCSDS authentication algorithms will be tested to confirm that independent
implementations can successfully interoperate.

Three authentication algorithms are specified in CCSDS 353.0
-
B
-
1 (reference [1]).

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
3
-
3

Nov

201
2

For hash
-
based authentication, testing will confirm that the implementations of HMAC
utilize the SHA
-
256 hash algorithm and i
nteroperate (reference [4]). Testing will be carried
out using a reference test key known to the testing parties. Testing will be carried out
without truncation of the resulting MAC.

For cryptographic
-
based authentication, testing will confirm

that the implementations of
CMAC are interoperable (reference [7]).

For digital signature
-
based authentication, testing will confirm that the implementations
utilize the RSA Digital Signature Algorithm (DSA) (reference [5]) and that they are
interoperabl
e.

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
4
-
4

Nov

201
2

4


TEST PLAN DETAILS

Table 1
synopsizes the

tests to be performed
on
the confidentiality
algorithm and modes
.


#

Confidentiality
Algorithm

Mode

Key Size

1

AES

ECB

128

2

AES

ECB

192

3

AES

ECB

256

4

AES

Counter

128

5

AES

Counter

192

6

AES

Counter

256

7

AES

GCM

128

8

AES

GCM

192

9

AES

GCM

256

Table
1
-

Confidentiality Algorithm Tests

Table 2
synopsizes the tests to be performed on the authentication/integrity algorithms.


#

Authentication/Integrity

Algorithm

Mode

Key Size

MAC
Length

1

HMAC w/SHA
-
256

w/o truncation

256

256

2

CMAC w/AES

N/A

128

128

3

CMAC
w/AES

N/A

192

128

4

CMAC w/AES

N/A

256

128

5

Digital Signature

RSA

2048

-

Table
2
-

Authentication/Integrity Algorithm Tests

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
4
-
5

Nov

201
2

4.1

CONFIDENTIALITY TEST

CASE #1: AES ECB TES
T WITH 128
-
BIT KEY

4.1.1

TEST DESCRIPTION

Two or more testers
may participate. One tester will encrypt plaintext data using a 128
-
bit
test key. The resultant cipher text will be sent to one or more recipient testers either via a
network connection, via email, or some other agreed
-
to method. The recipient tester(s)

will
use the same 128
-
bit test key to decrypt the cipher text.

128
-
bit Plaintext input data:
00112233445566778899aabbccddeeff

128
-
Bit Key:
000102030405060708090a0b0c0d0e0f


4.1.2

EXPECTED RESULTS

If the resultant plain text matches, the AES ECB
encryption/decryption test is successful.


4.2

CONFIDENTIALITY TEST

CASE #2: AES ECB WIT
H 192
-
BIT KEY

4.2.1

TEST DESCRIPTION

Two or more testers may participate. One tester will encrypt data using a 192
-
bit test key.
The resultant cipher text will be sent to one
or more recipient testers either via a network
connection, via email, or some other agreed
-
to method. The recipient tester(s) will use the
same 192
-
bit test key.

128
-
bit Plaintext input data:
00112233445566778899aabbccddeeff

192
-
bit Key:
00010203040506070
8090a0b0c0d0e0f1011121314151617


4.2.2

EXPECTED RESULTS

If the resultant plain text matches, the AES ECB encryption/decryption test is successful.


4.3

CONFIDENTIALITY TEST

CASE #3: AES ECB WIT
H 256
-
BIT KEY

4.3.1

TEST DESCRIPTION

Two or more testers may participate. One
tester will encrypt plaintext data using a 256
-
bit
test key. The resultant cipher text will be sent to one or more recipient testers either via a
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
4
-
6

Nov

201
2

network connection, via email, or some other agreed
-
to method. The recipient tester(s) will
use the same 256
-
bit test key to decrypt the cipher text.

128
-
bit Plaintext input data:
00112233445566778899aabbccddeeff

256
-
bit Key:
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F


4.3.2

EXPECTED RESULTS

If the resultant plain text matches, the AES ECB encryp
tion/decryption test is successful.


4.4

CONFIDENTIALITY
TEST CASE #
4
: AES COUNTER MODE T
EST WITH
128
-
BIT KEY

4.4.1

TEST DESCRIPTION

Two or more testers may participate.

One tester will encrypt
plaintext
data

using a 128
-
bit test key

and
a
128
-
bit

IV
using AES in
Counter Mode. The resultant cipher text will be sent to one or more recipient testers either
via a network connection, via email,
or
some oth
er agreed
-
to
transfer
method
. The recipient
tester
(
s
)

will use the
same 128
-
bit test key
and
128
-
bit IV
to decrypt the cipher text.

1024
-
bit
Plaintext input data:
2b9179d21cb884581b0e4f462455167f1f7899717245d4aed3d8db5983daccccebfc
2130a20c284563bea5997cc0438c83d8fa7bb9e3588efed285a0fcc31456dc9a3122
b97bb22f7edc36973475925828c323565e417ec95190db63b21881016b5332f2e400
bb4724c86a8ee0247149370ee5412f743dc6bf7ca5bcc31afa0f

128
-
Bit
Key:
000102030405060708090a0b0c0d0e0f

128
-
bit
IV:
00112233445566778899010203040506

4.4.2

EXPECTED RESULTS

If the resultant plain text matches, the AES counter mode encryption/decryption test is
successful.

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
4
-
7

Nov

201
2

4.5

CONFIDENTIALITY
TEST CASE #
5
: AES COUNTER
MODE TEST WITH
192
-
BIT KEY

4.5.1

TEST DESCRIPTION

Two or more testers may participate. One tester will encrypt
platintext
data

using a 192
-
bit
test key

and a
128
-
bit IV

usi
ng AES in Counter Mode. The resultant cipher text will be sent
to one or more recipient testers either via a network connection, via email, or
some other
agreed
-
to method
. The recipient tester
(
s
)

will use the same 192
-
bit test key
and
128
-
bit IV
to
decrypt the cipher text.

1024
-
bit
Plaintext input data:
7f4e4f11091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719
aab7dc2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e
501440134e04e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1
b43ebb5d7902ccb4c
299c325c8a7cc1de9174f544bc60828c1eebad49287caa4108a0

192
-
bit
Key:
000102030405060708090a0b0c0d0e0f1011121314151617

128
-
bit IV:
00112233445566778899010203040506


4.5.2

EXPECTED RESULTS

If the resultant plain text matches, the AES counter mode
encryption/decryption test is
successful.

4.6

CONFIDENTIALITY
TEST CASE #
6
: AES COUNTER MODE T
EST WITH
256
-
BIT KEY

4.6.1

TEST DESCRIPTION

Two or more testers may participate. One tester will encrypt
plaintext
data

using a 256
-
bit
t
est key

and
128
-
bit IV

using AES in Counter Mode. The resultant cipher text will be sent to
one or more recipient testers either via a network connection, via email, or
some other agree
-
to method
. The recipient tester
(
s
)

will use the same 256
-
bit test key
and
128
-
bit IV
to
decrypt the cipher text.

1024
-
bit Plaintext input data:
bc7aa1b735a5f465cffeccd8dd4b0a33a571e9f006dc63b2a6f4df272a673bb2cc00
e603248ab6be5627eebc1
0934fe4d1dc5cd120a475936eefa2c7bddea9f36c6c794d
2c6bd2594094e56cac12d8f03e38f222a7ee4fc6c2adffe71c9c13003e301c31ff3a
0405dde89bb213044d41782c4bb4eb3c262595d1c0e00522047c

256
-
bit Key:
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F

128
-
bit IV
:
00112233445566778899010203040506

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
4
-
8

Nov

201
2


4.6.2

EXPECTED RESULTS

If the resultant plain text matches, the AES counter mode encryption/decryption test is
successful.

4.7

CONFIDENTIALITY
TEST CASE #
7
: AES GCM TEST WITH
128
-
BIT KEY

4.7.1

TEST DESCRIPTION

Two or more testers may participate. One tester will encrypt
and authenticate
plaintext
data

using a 128
-
bit test key

and 96
-
bit IV

using AES GCM

with a
128
-
bit
authentication
tag
.
The Additional Authenticated Data (AAD) will be authenticated and not encrypted.
The
resultant cipher text
and authentication tag
will be sent to one or more recipient testers either
via a network connection, via email, or
some other agreed
-
to method
. The recipient tester
(
s
)

will use the same 128
-
bit test key to decrypt
and authenticate
the cipher text.

The AAD will
be authenticated without decryption.

1024
-
bit Plaintext input data:
9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd
78ae1cca68
c040f2328009fffe62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf4
1cce0d523016ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3d
a881481f46f21dda62e3e4c898bb9f819b22f816b7c4e2fb6729

1024
-
bit Additional Authenticated Data:

45fa52a0e8321d82caea95bd9506f7331923e2aa95e9238908f3ff30e17a96389dfe
a75e225e34e1605354eaaf999a950f469c6e2e8722da5ad9daded6722baca00e5d1b
8e63266ad1b42cae161b9c089f4ffdfbbaa2f1fb0245d1a4c306d46e215e8c6c6ae3
7652a8f6016f92adb7695d40bde8c202ab9c2d70a96220b4b01b

128
-
Bit Key:
000102030405060708090a0b0c0d0e0f

96
-
bit IV:
001122334455667788990102


4.7.2

EXPECTED RESULTS

If the resultant plain text matches, the AES GCM encryption/decryption test is successful.

If the resultant authentication tag matches, the AES GCM authent
ication test is successful.


DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
4
-
9

Nov

201
2

4.8

CONFIDENTIALITY
TEST CASE #
8
: AES GCM TEST WITH
192
-
BIT KEY

4.8.1

TEST DESCRIPTION

Two or more testers may participate. One tester will encrypt data

using a 192
-
bit test key

and a 96
-
bit IV

using AES in
GCM

with a
128
-
bit
authentication
tag
.
The Additional
Authenticated Data (AAD) will be authenticated and not encrypted.
The resultant cipher text
will be sent to o
ne or more recipient testers either via a network connection, via email, or
some other agreed
-
to method
. The recipient tester
(
s
)

will use the same 192
-
bit test key
and
128
-
bit IV
to decrypt
and authenticate
the cipher text.

The AAD will be
authenticated
without decryption.

1024
-
bit Plaintext input data:
d406138587fbcb498e8ec37f0f3d7f6b2faa02e6880424e74cdba67ae3468b6823d3
7fd917a7fede6b34a2f0fc47c520e4088766ba82a989f0d8051a3a80cc8b1e3e1e2b
1c6620b90e99b27e65951aeb3936263fc2f76c1c8effa742f53987f8a38c731a411f
a53b9f6c81340e0d7ce395c4190b364d9188dc5923f3126546c3

1024
-
bit Additional Authenticated Data:
756cf485b6a8e672d90d930a653c69fdbf260d3ea18cd3d0c02175d3966a88b70ab8
235d998b745a0eb6a5c92899f41e8c0b7aa4ec132c8cbb1bac97a45766a03923c9b9
3c2a055abd0127a83f81e6df603a375ca8cc1a2ee0a8b7fd226226b0b19bd2e81f73
c34dfafa4fc
ea08dd93dd4ab7e4b437408af91bff566068a5f34

192
-
bit Key:
000102030405060708090a0b0c0d0e0f1011121314151617

96
-
bit IV:
001122334455667788990102


4.8.2

EXPECTED RESULTS

If the resultant plain text matches, the AES GCM encryption/decryption test is successful.

If the
resultant authentication tag matches, the AES GCM authentication test is successful.


4.9

CONFIDENTIALITY
TEST CASE #
9
: AES GCM TEST WITH
256
-
BIT KEY

4.9.1

TEST DESCRIPTION

Two or more testers may participate. One tester will encrypt
plaintext
data

using a 256
-
bit
test key

and 96
-
bit IV

using AES
GCM

with a
128
-
bit
authentication
tag
.
The Additional
Authenticated Data (AAD) will be authenticated
and not encrypted.
The resultant cipher text
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed
-
to method
. The recipient tester
(
s
)

will use the same 256
-
bit test key to
decrypt
and

authenticate
the cipher text.

The AAD will be authenticated without decryption.

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
4
-
10

Nov

201
2

1024
-
bit Plaintext input data:
bfc89d5049a5b4015c9eb64fdaf9fe9f4be7229e67c713a7b368f0550b3a5e12ba3a
4399c64f60b7157e1b289b154a494deadecff0d0686ab44fae2a34ae4cb120a7f002
68ab551f41c16a05f8999157be1103464127a8a9bccf736c32db045124178c90472e
664d8e67a2ade0efe9a3b048c453d2fb5292dd8d29e62d52c5b5

1024
-
bit Additional Authenticated Data:
335cc5c8fb5920b09e0263133eb481fd97f8d9f29db8689fb63034bc40959a176ccd
ca6725e1f94f822e4d871138fc39776fbe062f07bf80e5c8891c2e1007efeb77c158
ced8d6c002b04442ed35c40a2187a59c02339c05762942208e3be964736a431017f4
72dfd5fdaf8
fb8c645cdb684f9632057b9eb755253b4b75e3688

256
-
bit Key:
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F

96
-
bit IV:
001122334455667788990102


4.9.2

EXPECTED RESULTS

If the resultant plain text matches, the AES GCM encryption/decryption test is suc
cessful.


If the resultant authentication tag matches, the AES GCM authentication test is successful.




4.10

AUTHENTICATION
TEST CASE #
1
: HMAC AUTHENTICATIO
N WITH
SHA
-
256

4.10.1

TEST DESCRIPTION

Two or more testers may participate. One tester will create a

Message Authentication Code
(MAC) over a data set
using a 256
-
bit test key
using HMAC with SHA
-
256. The resultant
MAC
will be sent to one or more recipient testers either via a network connection, via email,
or
some other
agreed
-
to method
. The recipient tester
(
s
)

will use the same 256
-
bit test key to
verify the authenticity of the MAC.

Test Data:
Mary had a

little lamp whose fleece was white as snow

256
-
bit Key:
000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F


DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
4
-
11

Nov

201
2

4.10.2

EXPECTED RESULTS

If the MAC is verified, the HMAC/SHA
-
256 test is successful.



4.11

AUTHENTICATION
TEST CASE #
2
: CMAC AUTHENTICATIO
N WITH AES
USING A
128
-
BIT KEY

4.11.1

TEST
DESCRIPTION

Two or more testers may participate. One tester will create a

Message Authentication Code
(MAC) over a data
set

using a 128
-
bit test
key

using CMAC with AES. The resultant MAC
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed
-
to method
. The recipient tester
(
s
)

will use the same 128
-
bit test key to
verify the authenticity of the MAC.

Test Data:
Mary had a little lamb

whose fleece was white as snow

128
-
bit Key:
2b7e151628aed2a6abf7158809cf4f3c


4.11.2

EXPECTED RESULTS

If the MAC is verified, the CMAC/AES/128 test is suc
cessful.


4.12

AUTHENTICATION
TEST CASE #
3
: CMAC AUTHENTICATIO
N WITH AES
USING A
192
-
BIT KEY

4.12.1

TEST DESCRIPTION

Two or more testers may participate. One tester will create a

Message Authentication Code
(MAC) over a data set
using a 192
-
bit test key
using CMAC with AES. The resultant MAC
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed
-
to method
. The recipient tester
(
s
)

will use the same 192
-
bit test key to
verify the authenticity of the MAC.

Test Data:
Mary had a little lamb

whose fleece was white as snow

192
-
bit Key:
8e73b0f7da0e6452c810f32b809079e562f
8ead2
522c6b7b


DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
4
-
12

Nov

201
2

4.12.2

EXPECTED RESULTS

If the MAC is verified, the CMAC/AES/192 test is successful.


4.13

AUTHENTICATION
TEST CASE #
4
: CMAC AUTHENTICATIO
N WITH AES
USING A
256
-
BIT KEY

4.13.1

TEST DESCRIPTION

Two or more testers may participate. One tester will create an

Message Authentication Code
(MAC) over a data set
using a 256
-
bit test key
using CMAC with AES. The resultant MAC
will be sent to one or more recipient testers either via a network connection, via email, or
some other agreed
-
to method
. The recipient tester
(
s
)

will use the same 256
-
bit test key to
verify the authen
ticity of the MAC.

Test Data:
Mary had a little lamb

whose fleece was white as snow

256
-
bit Key:
603deb101
5ca71be2b73aef0857d77811f352c07
3b6108d72d9810a30914dff4


4.13.2

EXPECTED RESULTS

If the MAC is verified, the CMAC/AES/256 test is successful.


4.14

AUTHENTICATION
TEST CASE #
5
: DIGITAL SIGNATURE
AUTHENTICATION

4.14.1

TEST DESCRIPTION

Two or more testers may participate. All testers involved must first obtain or generate a
public/private key pair
of

2048
bits. The public keys of all invol
ved testers must be shared
either directly, via a public key server, pre
-
cached, or by some other means determined by
the testers.

One tester will use the RSA Digital Signature Algorithm

with the SHA
-
256 hash

to digitally
sign a
test
data set
using the tester’s private key. The resultant digitally signed data will be
sent to one or more recipient testers either via a network connection, via email, or
some other
agreed
-
to method
. The recipient tester
(
s
)

will use the signer’s public key to verify the
authenticity of the data.

Test Data:
Mary had a little lamb

whose fleece was white as snow

Test Key: 2048
-
bit generated RSA public/private key pairs

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
4
-
13

Nov

201
2


4.14.2

EXPECTED RESULTS

If
the digital signature is verified, the Digital Signature Authentication test is successful.

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
5
-
14

Nov

201
2

5

TEST RESULTS

5.1

CONFIDENTIALITY TEST

RESULTS


CONFIDENTIALITY
TEST #

CONFIDENTIALITY
ALGORITHM

ALGORITHM
MODE

KEY SIZE

TEST RESULT

1

AES

Counter

128

Passed

2

AES

Counter

192

Passed

3

AES

Counter

256

Passed

4

AES

GCM

128

Passed

5

AES

GCM

192

Passed

6

AES

GCM

256

Passed

7

AES

ECB

128

Passed

8

AES

ECB

192

Passed

9

AES

ECB

256

Passed


5.2

AUTHENTICATION TEST
RESULTS


AUTH
TEST #

AUTHENTICATION
ALGORITHM

ALGORITHM
MODE

KEY
SIZE

MAC
LENGTH

TEST RESULT

1

HMAC

w/SHA
-
256

No truncation

256

256

Passed

2

CMAC w/AES

N/A

128

128

Passed

3

CMAC w/AES

N/A

192

128

Passed

4

CMAC w/AES

N/A

256

128

Passed

5

DIGITAL
SIGNATURE

RSA

2048

-

Passed

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
15

Nov

201
2

ANNEX A


TEST RESULTS


A.1 SOFTWARE


Two independent
implementations have been used for each test case:

a)

Several Perl
-
Scripts, based on Perl modules published on cpan (www.cpan.org).

a.

Confidentiality test cases #1
-

#6: AES_ECB_CTR.pl

b.

Confidentiality test cases #7
-

#9: AES_GCM.pl

c.

Authentication test case #1:
HMAC.pl

d.

Authentication test cases #2
-

#4: CMAC.pl

e.

Authentication test case #5: Digital_Signature.pl

b)

A Java
-
Program named ccsds_sec.sh covering all the different algorithms and
modes, based on Java Bouncy Castle Crypto API (www.bouncycastle.org).


All tests have been performed under Linux openSUSE 12.1.




A.2 DESCRIPTION OF THE TESTS


A.2.1 CONFIDENTIALITY ALGORITHMS AND MODES (CONFIDENTIALITY
TEST CASES #1
-

#9)


For all these test cases, the following aspects have been tested:

a)

Encryption of the p
laintext using implementation #1, afterwards decryption of the
resulting cipher text by also using implementation #1.

When the resultant plain text matched the original text, the encryption/decryption test
was successful.

b)

Same as described in a) but using

implementation #2.

When the resultant plain text matched the original text, the encryption/decryption test
was successful.

c)

Comparison of the cipher texts gained by the two different implementations.

When the two resultant cipher texts matched, the test wa
s successful.


For confidentiality test cases #7
-

#9 (AES GCM) there has been an additional test:

d)

Comparison of the authentication tags gained by the two different implementations.

When the two resultant authentication tags matched, the test was
successful.


To show interoperability, the two following tests have been performed:

e)

Encryption of the plaintext by using implementation #1 and decryption of the resulting
cipher text by using implementation #2.

When the resultant plain text matched the or
iginal text, the interoperability
encryption/decryption test was successful.

f)

Same as described in e) but using implementation #2 for encryption and
implementation #1 for decryption.

When the resultant plain text matched the original text, the interoperabil
ity
encryption/decryption test was successful.

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
16

Nov

201
2



A.2.2 AUTHENTICATION / INTEGRITY ALGORITHMS (AUTHENTICATION
TEST CASES #1
-

#5)


For authentication test cases #1
-

#4, the following aspects have been tested:

a)

A Message Authentication Code (MAC) was compute
d over a data set using
implementation #1.The authenticity of the MAC was verified by using the same key
but implementation #2.

When the MAC could be verified, the test was successful.

b)

Same as described in a) but using implementation #2 for computing the MAC and
implementation #1 for verifying.

When the MAC could be verified, the test was successful.


For authentication test case #5 (Digital Signature), the following aspects have been
tested:

c)

A Message Digest was computed over the plaintext using the specified hash function.
Afterwards a digital signature was created by applying the tester`s private key and
using implementation #1. In a second step, the signature was verified by using
i
mplementation #1 together with the tester`s public key.

When the signature could be verified, the test was successful.

d)

Same as described in c) but using implementation #2.

When the signature could be verified, the test was successful.


To show interoperab
ility, the two following tests have been performed:

e)

A Message Digest was computed over the plaintext using the specified hash function.
Afterwards a digital signature was created by applying the tester`s private key and
using implementation #1. In a second

step, the signature was verified by using
implementation #2 together with the tester`s public key.

When the signature could be verified, the interoperability test was successful.

f)

Same as described in e) but using implementation #2 for signing and impleme
ntation
#1 for verifying.

When the signature could be verified, the interoperability test was successful.

.


DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN

CCSDS
352
.
1
-
Y
-
1

Page
17

Nov

201
2

Table A
-
1 synopsizes the tests on the confidentiality algorithm and modes (
Confidentiality test case
s #1
-

#9). Success
ful tests are marked with “x”.



#

Confidentiality
Algorithm

Mode

Key Size

Test a)

Test b)

Test c)

Test d)

Test e)

Test f)

1

AES

ECB

128

x

x

x

N/A

x

x

2

AES

ECB

192

x

x

x

N/A

x

x

3

AES

ECB

256

x

x

x

N/A

x

x

4

AES

Counter (CTR)

128

x

x

x

N/A

x

x

5

AES

Counter (CTR)

192

x

x

x

N/A

x

x

6

AES

Counter (CTR)

256

x

x

x

N/A

x

x

7

AES

GCM

128

x

x

x

x

x

x

8

AES

GCM

192

x

x

x

x

x

x

9

AES

GCM

256

x

x

x

x

x

x

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST PLAN

CCSDS
352
.
1
-
Y
-
1

Page
18

Nov

201
2

Table A
-
2
synopsizes the tests on the authentication / integrity algorithms
(Authentication test cases #1
-

#5). Successful tests are marked with “x”.



#

Authentication/Integrity
Algorithm

Mode

Key
Size

MAC
Length

Hash
Function

Test
a)

Test
b)

Test
c)

Test
d)

Test
e)

Test
f)

1

HMAC w/SHA
-
256

w/o
truncation

256

256

-

x

x

N/A

N/A

N/A

N/A

2

CMAC w/AES

N/A

128

128

-

x

x

N/A

N/A

N/A

N/A

3

CMAC w/AES

N/A

192

128

-

x

x

N/A

N/A

N/A

N/A

4

CMAC w/AES

N/A

256

128

-

x

x

N/A

N/A

N/A

N/A

5a

Digital Signature

RSA

2048

-

SHA
-
256

N/A

N/A

x

x

x

x

5b

Digital Signature

RSA

2048

-

SHA
-
512

N/A

N/A

x

x

x

x









DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
A
-
1

Nov

201
2

A.3 EXAMPLES FOR CONFIDENTIALITY TESTING


A.3.1 CONFIDENTIALITY TEST CASE #3: AES ECB TEST WITH 256
-
BIT KEY


A.3.1.1 IMPLEMENTATION #1


richter@rbod099:~/Algorithms_Tests_final/Skripte> ./AES_ECB_CTR.pl


Please choose the algorithm
-

aes128, aes192 or aes256 is possible!

aes256

Chosen algorithm: aes256


Please choose the mode
-

ecb or ctr is possible!

ecb

Chosen mode: ecb

Key_hex: 000102030405060708090a0b0c0d0e0f101112131415161718191A1B1C1D1E1F

Reading in
cleartext:

Length(/home/richter/Algorithms_Tests_final/Cleartext_ecb.hex) = 16

open(/home/richter/Algorithms_Tests_final/Cleartext_ecb.hex) = 1

16 Bytes read

Cleartext_Hex: 00112233445566778899aabbccddeeff

Encrypted Message:

8ea2b7ca516745bfeafc49904b49608
9

Writing encrypted message in file.

open(/home/richter/Algorithms_Tests_final/aes256_ecb_ciphertext.hex) = 1

Length(/home/richter/Algorithms_Tests_final/aes256_ecb_ciphertext.hex) =
16

Decryption:

Decrypted Message: 00112233445566778899aabbccddeeff


A.3.1.2 IMPLEMENTATION #2


--------------------------------------------------------------------------

---

TEST REPORT AES_ECB_256: AES/ECB/NoPadding Encryption 256 bits key
---

--------------------------------------------------------------------------

-

GE
NERATED ON: 2012.03.28 17:41:01

-

PROVIDER: BC

-

OPMODE: Encryption

-

ALGORITHM: AES

-

MODE: ECB

-

PADDING: NoPadding

-

KEY (256 BITS):
000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f

-

UNENCRYPTED MSG [BASE64]: ABEiM0RVZneImaq7zN3u/w==

-

UNENCRYPTED MSG [HEX]: 00112233445566778899aabbccddeeff

-

ENCRYPTED MSG [BASE64]: jqK3ylFnRb/q/EmQS0lgiQ==

-

ENCRYPTED MSG [HEX]: 8ea2b7ca516745bfeafc49904b496089

--------------------------------------

---

END OF TEST REPORT AES_ECB_256
---

-----
---------------------------------


--------------------------------------------------------------------------
----

---

TEST REPORT AES_ECB_256_DECR: AES/ECB/NoPadding Decryption 256 bits
key
--

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
A
-
2

Nov

201
2

---------------------------------------------------------------
-----------
----

-

GENERATED ON: 2012.12.03 14:37:26

-

PROVIDER: BC

-

OPMODE: Decryption

-

ALGORITHM: AES

-

MODE: ECB

-

PADDING: NoPadding

-

KEY (256 BITS):
000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f

-

ENCRYPTED MSG [BASE64]:
jqK3ylFnRb/q/EmQS0lgiQ==

-

ENCRYPTED MSG [HEX]: 8ea2b7ca516745bfeafc49904b496089

-

DECRYPTED MSG [BASE64]: ABEiM0RVZneImaq7zN3u/w==

-

DECRYPTED MSG [HEX]: 00112233445566778899aabbccddeeff

-------------------------------------------

---

END OF TEST

REPORT AES_ECB_256_DECR
---

-------------------------------------------



A.3.2 CONFIDENTIALITY TEST CASE #5: AES CTR TEST WITH 192
-
BIT KEY


A.3.2.1 IMPLEMENTATION #1


richter@rbod099:~/Algorithms_Tests_final/Skripte> ./AES_ECB_CTR.pl


Please choose the
algorithm
-

aes128, aes192 or aes256 is possible!

aes192

Chosen algorithm: aes192


Please choose the mode
-

ecb or ctr is possible!

ctr

Chosen mode: ctr

Key_hex: 000102030405060708090a0b0c0d0e0f1011121314151617

IV_hex: 00112233445566778899010203040506

Reading in cleartext:

Length(/home/richter/Algorithms_Tests_final/Plaintext_Two.hex) = 128

open(/home/richter/Algorithms_Tests_final/Plaintext_Two.hex) = 1

128 Bytes read

Cleartext_Hex:
7f4e4f11091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719aa
b7dc
2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e501440134e04
e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c299c325c8a7cc1de91
74f544bc60828c1eebad49287caa4108a0

Encrypted Message:

391a021f77389e9cf60e022f43cefd443e1a03e55c41f4fdcdafc3ef561136484c2138061a
435e3b2084011fa0864ec44e8dc963c3dc82d850896f6c2a12624fee71a3eb00b73ef903d7
adcdb6bc3920f1d2eaf4a32be2c78ea8e8b41938be10fe8a46d2017cabeb7ff52be3b6bdf6
4fe6f2e0f61888cac401271e1e68444ad8

Writing encrypted message in file.

open(/home/richter/Algorithms_Tests_final/aes192_ctr_ciphertext.hex) = 1

Length(/home/richter/Algorithms_Tests_final/aes192_ctr_ciphertext.hex) =
128

Decryption:

Decrypted Message:
7f4e4f11091bf51976c0fc71ecbcd0985cdad21
35549c818c09567801d8a9a42c719aab7dc
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
A
-
3

Nov

201
2

2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e501440134e04
e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c299c325c8a7cc1de91
74f544bc60828c1eebad49287caa4108a0





A.3.2.2 IMPLEMENTATION #2


-------
------------------------------------------------------------------

---

TEST REPORT AES_CTR192: AES/CTR/NoPadding Encryption 192 bits key
---

-------------------------------------------------------------------------

-

GENERATED ON: 2012.04.11 11:25:31

-

PROVIDER: BC

-

OPMODE: Encryption

-

ALGORITHM: AES

-

MODE: CTR

-

PADDING: NoPadding

-

INIT. VECTOR (128 bits): 00112233445566778899010203040506

-

KEY (192 BITS): 000102030405060708090a0b0c0d0e0f1011121314151617

-

UNENCRYPTED MSG [BASE64]:
f05PEQkb9Rl2wPxx
7LzQmFza0hNVScgYwJVngB2KmkLHGaq33Cy1ihC1Bn0UxSyr5rubk557nN
OV6vELpqU/0uZEbh5QFEATTgTmYu9+uxyceLvT/Xy53ouYVBi+G0PrtdeQLMtMKZwyXIp8wd6R
dPVEvGCCjB7rrUkofKpBCKA=

-

UNENCRYPTED MSG [HEX]:
7f4e4f11091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719aa
b7dc
2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e501440134e04
e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c299c325c8a7cc1de91
74f544bc60828c1eebad49287caa4108a0

-

ENCRYPTED MSG [BASE64]:
ORoCH3c4npz2DgIvQ879RD4aA+VcQfT9za/D71YRNkhMITgGGkNeOyCEAR+ghk7ETo3JY8Pcgt
hQiW9sKhJiT+5xo+sAtz75A9etzba8OSDx0ur0oyvix46o6LQZOL4Q/opG0gF8q+t/9Svjtr32
T+by4PYYiMrEASceHmhEStg=

-

ENCRYPTED MSG [HEX]:
391a021f77389e9cf60e022f43cefd443e1a03e55c41f4fdcdafc3ef
561136484c2138061a
435e3b2084011fa0864ec44e8dc963c3dc82d850896f6c2a12624fee71a3eb00b73ef903d7
adcdb6bc3920f1d2eaf4a32be2c78ea8e8b41938be10fe8a46d2017cabeb7ff52be3b6bdf6
4fe6f2e0f61888cac401271e1e68444ad8

-------------------------------------

---

END OF TEST R
EPORT AES_CTR192
---

-------------------------------------


--------------------------------------------------------------------------
----

---

TEST REPORT AES_CTR_192_DECR: AES/CTR/NoPadding Decryption 192 bits
key
--

--------------------------------------
------------------------------------
----

-

GENERATED ON: 2012.12.03 14:42:25

-

PROVIDER: BC

-

OPMODE: Decryption

-

ALGORITHM: AES

-

MODE: CTR

-

PADDING: NoPadding

-

INIT. VECTOR (128 bits): 00112233445566778899010203040506

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
A
-
4

Nov

201
2

-

KEY (192 BITS):
000102030405060708090a0b0c0d0e0f1011121314151617

-

ENCRYPTED MSG [BASE64]:
ORoCH3c4npz2DgIvQ879RD4aA+VcQfT9za/D71YRNkhMITgGGkNeOyCEAR+ghk7ETo3JY8Pcgt
hQiW9sKhJiT+5xo+sAtz75A9etzba8OSDx0ur0oyvix46o6LQZOL4Q/opG0gF8q+t/9Svjtr32
T+by4PYYiMrEASceHmhEStg=

-

ENCRY
PTED MSG [HEX]:
391a021f77389e9cf60e022f43cefd443e1a03e55c41f4fdcdafc3ef561136484c2138061a
435e3b2084011fa0864ec44e8dc963c3dc82d850896f6c2a12624fee71a3eb00b73ef903d7
adcdb6bc3920f1d2eaf4a32be2c78ea8e8b41938be10fe8a46d2017cabeb7ff52be3b6bdf6
4fe6f2e0f61888
cac401271e1e68444ad8

-

DECRYPTED MSG [BASE64]:
f05PEQkb9Rl2wPxx7LzQmFza0hNVScgYwJVngB2KmkLHGaq33Cy1ihC1Bn0UxSyr5rubk557nN
OV6vELpqU/0uZEbh5QFEATTgTmYu9+uxyceLvT/Xy53ouYVBi+G0PrtdeQLMtMKZwyXIp8wd6R
dPVEvGCCjB7rrUkofKpBCKA=

-

DECRYPTED MSG [HEX]:
7f4e4f11
091bf51976c0fc71ecbcd0985cdad2135549c818c09567801d8a9a42c719aab7dc
2cb58a10b5067d14c52cabe6bb9b939e7b9cd395eaf10ba6a53fd2e6446e1e501440134e04
e662ef7ebb1c9c78bbd3fd7cb9de8b985418be1b43ebb5d7902ccb4c299c325c8a7cc1de91
74f544bc60828c1eebad49287caa4108a0

-------
------------------------------------

---

END OF TEST REPORT AES_CTR_192_DECR
---

-------------------------------------------



A.3.3 CONFIDENTIALITY TEST CASE #7: AES GCM TEST WITH 128
-
BIT KEY


A.3.3.1 IMPLEMENTATION #1


richter@rbod099:~/
Algorithms_Tests_final/Skripte> ./AES_GCM.pl

Please choose the algorithm
-

possible values are aes128, aes192 or
aes256!

aes128

Chosen algorithm: aes128

Key_hex: 000102030405060708090a0b0c0d0e0f

IV_hex: 001122334455667788990102

Reading input data:

Length(
/home/richter/Algorithms_Tests_final/Plaintext_Four.hex) = 128

open(/home/richter/Algorithms_Tests_final/Plaintext_Four.hex) = 1

128 Bytes read

Input Data:

9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68c040f2
328009fffe62937d630ee9d6e0
e67bc12c38c0b3d035697d4c2311371aacf41cce0d523016
ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3da881481f46f21dda62
e3e4c898bb9f819b22f816b7c4e2fb6729

Reading additional data:

Length(/home/richter/Algorithms_Tests_final/AAD_One.hex) = 128

open(/home/
richter/Algorithms_Tests_final/AAD_One.hex) = 1

128 Bytes read

Additional Data:

45fa52a0e8321d82caea95bd9506f7331923e2aa95e9238908f3ff30e17a96389dfea75e22
5e34e1605354eaaf999a950f469c6e2e8722da5ad9daded6722baca00e5d1b8e63266ad1b4
2cae161b9c089f4ffdfbbaa2f1fb
0245d1a4c306d46e215e8c6c6ae37652a8f6016f92adb7
695d40bde8c202ab9c2d70a96220b4b01b

Encrypting data...

Encrypted Message:

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
A
-
5

Nov

201
2

12eb27cfca2313dc6aefa493366657b38f7fd03b9b52dadf92d2362888800dc83055627871
2c6d1433a121c234c2375b660f6c7872a092b71c63c92f710db74c719dab172dcfd33126ea
74189118fc871f82437ae1ce3f5940bb985bf34050ef271903b8f6c70ed04a7edc767df9c9
787aaa86390f1deb1c212cdc882e18d9a5

Tag_hex:

edb704f5cbbee325c68b5d4f5255bfac

Writing encrypted message in file:

open(/home/richter/Algorithms_Tests_final/AES128_GCM_Ciphertext.hex) = 1

Length(/home/richter/Algorithms_Tests_final/AES128_GCM_Ciphertext.hex) =
128

Decrypting data...

Decrypted

Message:

9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68c040f2
328009fffe62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf41cce0d523016
ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3da881481f46f21dda62
e3e4c898bb9f819b22f816b7
c4e2fb6729

A.3.3.2 IMPLEMENTATION #2


--------------------------------------------------------------------------
---

---

TEST REPORT AES_GCM128_128: AES/GCM/NoPadding Encryption 128 bits key
---

--------------------------------------------------------------
------------
---

-

GENERATED ON: 2012.04.12 11:00:18

-

PROVIDER: BC

-

OPMODE: Encryption

-

ALGORITHM: AES

-

MODE: GCM

-

PADDING: NoPadding

-

INIT. VECTOR (96 bits): 001122334455667788990102

-

KEY (128 BITS): 000102030405060708090a0b0c0d0e0f

-

ADD. AUTH. DAT
A (AAD) [BASE64]:
RfpSoOgyHYLK6pW9lQb3Mxkj4qqV6SOJCPP/MOF6ljid/qdeIl404WBTVOqvmZqVD0acbi6HIt
pa2dre1nIrrKAOXRuOYyZq0bQsrhYbnAifT/37uqLx+wJF0aTDBtRuIV6MbGrjdlKo9gFvkq23
aV1AvejCAqucLXCpYiC0sBs=

-

ADD. AUTH. DATA (AAD) [HEX]:
45fa52a0e8321d82caea95bd9506f7331923e2aa95e9238908f3ff30e17a96389dfea75e22
5e34e1605354eaaf999a950f469c6e2e8722da5ad9daded6722baca00e5d1b8e63266ad1b4
2cae161b9c089f4ffdfbbaa2f1fb0245d1a4c306d46e215e8c6c6ae37652a8f6016f92adb7
695d40bde8c202ab9c2d70a96220b4b01b

-

UNENCRYPTED MSG [BASE64]:
nu98mg+j6af8xLL50hCpfWZT3teRPy+y3oJaDf14rhzKaMBA8jKACf/+YpN9Yw7p1uDme8EsOM
Cz0DVpfUwjETcarPQczg1SMBbuQ2pH2Trw33cBETGFbQcscYwxDwmVtxUw1wo9qIFIH0byHdpi
4+TImLufgZsi+Ba3xOL7Zyk=

-

UNENCRYPTED MSG [HEX]:
9eef7c9a0fa3e9a7fcc4b2f9
d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68c040f2
328009fffe62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf41cce0d523016
ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3da881481f46f21dda62
e3e4c898bb9f819b22f816b7c4e2fb6729

-

ENCRYPTED MSG [BASE6
4]:
Eusnz8ojE9xq76STNmZXs49/0DubUtrfktI2KIiADcgwVWJ4cSxtFDOhIcI0wjdbZg9seHKgkr
ccY8kvcQ23THGdqxctz9MxJup0GJEY/IcfgkN64c4/WUC7mFvzQFDvJxkDuPbHDtBKftx2ffnJ
eHqqhjkPHescISzciC4Y2aU=

-

ENCRYPTED MSG [HEX]:
12eb27cfca2313dc6aefa493366657b38f7fd03b9b52dadf92d2362888800dc83055627871
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
A
-
6

Nov

201
2

2c6d1433a121c234c2375b660f6c7872a092b71c63c92f710db74c719dab172dcfd33126ea
74189118fc871f82437ae1ce3f5940bb985bf34050ef271903b8f6c70ed04a7edc767df9c9
787aaa86390f1deb1c212cdc882e18d9a5

-

AUTH. TAG (128 bits) [BASE64]: 7bcE9cu+4yXGi11PUlW/rA==

-

AUTH. TAG (128 bits) [HEX]: edb704f5cbbee325c68b5d4f5255bfac

-----------------------------------------

---

END OF TEST REPORT AES_GCM128_128
---

-----------------------------------------


----
----------------------------------------------------------------------
----

---

TEST REPORT aes_gcm_128_decr: AES/GCM/NoPadding Decryption 128 bits
key
--

--------------------------------------------------------------------------
----

-

GENERATED ON: 2012.10
.11 14:22:31

-

PROVIDER: BC

-

OPMODE: Decryption

-

ALGORITHM: AES

-

MODE: GCM

-

PADDING: NoPadding

-

INIT. VECTOR (96 bits): 001122334455667788990102

-

KEY (128 BITS): 000102030405060708090a0b0c0d0e0f

-

ADD. AUTH. DATA (AAD) [BASE64]:
RfpSoOgyHYLK6pW9lQb3M
xkj4qqV6SOJCPP/MOF6ljid/qdeIl404WBTVOqvmZqVD0acbi6HIt
pa2dre1nIrrKAOXRuOYyZq0bQsrhYbnAifT/37uqLx+wJF0aTDBtRuIV6MbGrjdlKo9gFvkq23
aV1AvejCAqucLXCpYiC0sBs=

-

ADD. AUTH. DATA (AAD) [HEX]:
45fa52a0e8321d82caea95bd9506f7331923e2aa95e9238908f3ff30e17a96389dfea7
5e22
5e34e1605354eaaf999a950f469c6e2e8722da5ad9daded6722baca00e5d1b8e63266ad1b4
2cae161b9c089f4ffdfbbaa2f1fb0245d1a4c306d46e215e8c6c6ae37652a8f6016f92adb7
695d40bde8c202ab9c2d70a96220b4b01b

-

ENCRYPTED MSG [BASE64]:
Eusnz8ojE9xq76STNmZXs49/0DubUtrfktI2KIiADcgwVWJ4cSxtFDOhIcI0wjdbZg9seHKgkr
ccY8kvcQ23THGdqxctz9MxJup0GJEY/IcfgkN64c4/WUC7mFvzQFDvJxkDuPbHDtBKftx2ffnJ
eHqqhjkPHescISzciC4Y2aU=

-

ENCRYPTED MSG [HEX]:
12eb27cfca2313dc6aefa493366657b38f7fd03b9b52dadf92d23628
88800dc83055627871
2c6d1433a121c234c2375b660f6c7872a092b71c63c92f710db74c719dab172dcfd33126ea
74189118fc871f82437ae1ce3f5940bb985bf34050ef271903b8f6c70ed04a7edc767df9c9
787aaa86390f1deb1c212cdc882e18d9a5

-

DECRYPTED MSG [BASE64]:
nu98mg+j6af8xLL50hCpfWZT3teR
Py+y3oJaDf14rhzKaMBA8jKACf/+YpN9Yw7p1uDme8EsOM
Cz0DVpfUwjETcarPQczg1SMBbuQ2pH2Trw33cBETGFbQcscYwxDwmVtxUw1wo9qIFIH0byHdpi
4+TImLufgZsi+Ba3xOL7Zyk=

-

DECRYPTED MSG [HEX]:
9eef7c9a0fa3e9a7fcc4b2f9d210a97d6653ded7913f2fb2de825a0dfd78ae1cca68c040f2
328009fffe
62937d630ee9d6e0e67bc12c38c0b3d035697d4c2311371aacf41cce0d523016
ee436a47d93af0df77011131856d072c718c310f0995b71530d70a3da881481f46f21dda62
e3e4c898bb9f819b22f816b7c4e2fb6729

-

AUTH. TAG (128 bits) [BASE64]: 7bcE9cu+4yXGi11PUlW/rA==

-

AUTH. TAG (128 bits)

[HEX]: edb704f5cbbee325c68b5d4f5255bfac

-------------------------------------------

---

END OF TEST REPORT aes_gcm_128_decr
---

-------------------------------------------


DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
A
-
7

Nov

201
2


A.4 EXAMPLES FOR AUTHENTICATION TESTING


A.4.1 AUTHENTICATION TEST CASE #1: HMAC
TEST WITH SHA
-
256


A.4.1.1 IMPLEMENTATION #1


richter@rbod099:~/Algorithms_Tests_final/Skripte> ./HMAC.pl

Key_hex: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F

Text: Mary had a little lamb whose fleece was white as snow

MAC: bdb295ba36f
e5aebc553834daad212556d909cda2515ff794376cd61f16b9073

open(/home/richter/Algorithms_Tests_final/HMAC.hex) = 1

Length(/home/richter/Algorithms_Tests_final/HMAC.hex) = 32

MAC has been written in file successfully!


A.4.1.2 IMPLEMENTATION #2


----------------
----------------------------------

---

TEST REPORT HMAC: HMac
-
SHA256 256 bits key
---

--------------------------------------------------

-

GENERATED ON: 2012.03.28 18:01:29

-

PROVIDER: BC

-

ALGORITHM: HMac
-
SHA256

-

KEY (256 BITS):
000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f

-

ENCRYPTED MSG [BASE64]:
TWFyeSBoYWQgYSBsaXR0bGUgbGFtYiB3aG9zZSBmbGVlY2Ugd2FzIHdoaXRlIGFzIHNub3c=

-

ENCRYPTED MSG [HEX]:
4d617279206861642061206c6974746c65206c616d622077686f736520666c65
6563652077
617320776869746520617320736e6f77

-

ENCRYPTED MSG [ASCII]: Mary had a little lamb whose fleece was white
as snow

-

MAC [BASE64]: vbKVujb+WuvFU4NNqtISVW2QnNolFf95Q3bNYfFrkHM=

-

MAC [HEX]:
bdb295ba36fe5aebc553834daad212556d909cda2515ff794376c
d61f16b9073

-------------------------------

---

END OF TEST REPORT HMAC
---

-------------------------------



A.4.2 AUTHENTICATION TEST CASE #2: CMAC TEST WITH AES 128
-
BIT KEY


A.4.2.1 IMPLEMENTATION #1


richter@rbod099:~/Algorithms_Tests_final/Skripte>

./CMAC.pl

Please chose the keysize!

128

Chosen keysize: 128

Key_hex: 2b7e151628aed2a6abf7158809cf4f3c

Input data: Mary had a little lamb whose fleece was white as snow

Tag_hex: a077d45177b7dde98328691b23bb6ec0


A.4.2.2 IMPLEMENTATION #2

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
A
-
8

Nov

201
2


--------------------------------------------------

---

TEST REPORT CMAC_128: AESCMAC 128 bits key
---

--------------------------------------------------

-

GENERATED ON: 2012.03.28 17:45:26

-

PROVIDER: BC

-

ALGORITHM: AESCMAC

-

KEY (128 BITS): 2b7e151628aed
2a6abf7158809cf4f3c

-

ENCRYPTED MSG [BASE64]:
TWFyeSBoYWQgYSBsaXR0bGUgbGFtYiB3aG9zZSBmbGVlY2Ugd2FzIHdoaXRlIGFzIHNub3c=

-

ENCRYPTED MSG [HEX]:
4d617279206861642061206c6974746c65206c616d622077686f736520666c656563652077
617320776869746520617320736e6f77

-

ENCRYPTED MSG [ASCII]: Mary had a little lamb whose fleece was white
as snow

-

MAC [BASE64]: oHfUUXe33emDKGkbI7tuwA==

-

MAC [HEX]: a077d45177b7dde98328691b23bb6ec0

-----------------------------------

---

END OF TEST REPORT CMAC_128
---

-----------------------------------






A.4.3 AUTHENTICATION TEST CASE #5: DIGITAL SIGNATURE


A.4.3.1 IMPLEMENTATION #1


richter@rbod099:~/Algorithms_Tests_final/Skripte> ./Digital_Signature.pl

Input Data: Mary had a little lamb whose fleece was white as

snow


Read in of Private Key:

Length(/home/richter/lse
-
sec/keys/id_rsa) = 1675

open(/home/richter/lse
-
sec/keys/id_rsa) = 1

1675 Bits read

private key is:

-----
BEGIN RSA PRIVATE KEY
-----

MIIEowIBAAKCAQEA3eb6s4qHKZyBhCDxilBxgOO8fCHCc29HC8M9Wh+FfA2h3O2x

lGc+
qTAcf+hJHVp6/IWtEuPqxOVT1cMADhzFFH/iYGhz1Jk+as3KgVXVpTADaniW

gNTPHhRe4XVJpO8XPqAHhozLCCQN5lgmb4r0JU9qsiwjv4CE4s16kp742yUbid8V

YyzB/aWWKi/CLOFMNDGhh4K36YXWtSatnq0qEkEV1Bmxt7/zDgJH6HmomT3+t9BL

OVvFa0EAMl1A32QwBaVnkB+B6R7/WlsKnSDMg2oRwRhU/Gl2+LXyuuBvT7jQC3ac

4jbFkB6Uie/90YS3H4mKx3N8CqC7HEwlRCiDFQIDAQABAoIBAFn1z0NEcOFswpEX

bfTeAfX33a0RXqy/uzTIlTHZP5t4R1uyvWBlruCWUaeFO0b8LIn9g5n57m6ebitm

H7qY7UkPQ25ESlkxOz2/ak6exrtuSKQ8eP+HxuPx7DlI/G8yQuEvrX1dzN3jCAOP

Tx2/XpVVqfLLtD5p0vXDyeJxMoBcvEMecUjoFwmGmGUvzXwoHotheGqY+vtyK
USl

qA2KMsS7N5QJPOsvgDXjoXt9OBAVGBTExoZ5lNO4rUfkNSFYXHdvUwlQfKBNVcG8

1eigQu5rcuiOMd22ICCJ1w4I9w12CtN3Ff6wmOs7WA4S8VNK1srHzM6qrRulPXSG

0xrmKk0CgYEA/NulAkx6GgUfhXTciWk5uX0o5+VYsVXRpydZRKA3XN0lCxhdLNw6

DOM7xJoPfj9/vjypnQFB6cJ+qR1heVe6WxwPjBxdRI1dC35JIEef6VVv3
wQ1piVU

qvsGc6/ePIjjdGZsIY9fsBubU948cVAEUlDg7Hlw/yYIvz8kpwrZ6u8CgYEA4Kjc

40ZmCW95ka3CbP9gvzmmYTM6sGx6KjBcLdnGtMXmL/O4HbegpwhtWp/9bQYbezqO

uDViARHzzsaTktRHSxxJzSWyvyhOOPkOjlngUdCn6N+ogrsP2IoSb3HWEWBtvMD+

Z38PeSmpyn/e1huKERl7Ca0HPX/QmY6pmhd+gjsCgYEA9tDjcan66Zkkmp1mg86t

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
A
-
9

Nov

201
2

pOyR2EHbYEZXviS/kygcwk2u0fS3Rom1NE0+Uvrasq4C4EvQeEv47deG0Ua3lb1X

T4XFe0tYkwi10Pk1IggoBJf7+iHeyE3aJoefVZ9Oe6JW+5DabavIiFt6M9RTBXxI

q5z84HbuIHAcy6kz+sWxzwsCgYAkWo7r5B9s1XIZpcF5e9W+++g1gGG13Mfj/
dFc

xgnGhOObzNd1T5qajN2NNah/tOZLiY1At7q1K5+FTVLiBqHGwLwci0YicrY9t+eo

F1kaRCZ3o4GULgsBYk5bZFNcmnsHeT9xpfjuBVTpZMm9YdV0sOfdB/fM9trdjl1Z

hwW8swKBgFeWIB8qjgj7pzP/bGO2JxNyXndwuSOyc5xmcK1heECUGrFwl3AIrAaf

40Ntb6VigHwWSvAUJQdvSLwtOCfAPHmDqbHXwNyxtoEUnl+NNDR/vgZf9
7D6wMBk

mlmpn6g+YGD1kzYTxNLrAEC+JjQuoZe5a8nzu7ImMb3/fNtoewVn

-----
END RSA PRIVATE KEY
-----


Read in of Public Key:

Length(/home/richter/lse
-
sec/keys/id_rsa.pub) = 451

open(/home/richter/lse
-
sec/keys/id_rsa.pub) = 1

451 Bits read

public key is:

-----
BEGIN R
SA PUBLIC KEY
-----

MIIBCgKCAQEA3eb6s4qHKZyBhCDxilBxgOO8fCHCc29HC8M9Wh+FfA2h3O2xlGc+

qTAcf+hJHVp6/IWtEuPqxOVT1cMADhzFFH/iYGhz1Jk+as3KgVXVpTADaniWgNTP

HhRe4XVJpO8XPqAHhozLCCQN5lgmb4r0JU9qsiwjv4CE4s16kp742yUbid8VYyzB

/aWWKi
/CLOFMNDGhh4K36YXWtSatnq0qEkEV1Bmxt7/zDgJH6HmomT3+t9BLOVvF

a0EAMl1A32QwBaVnkB+B6R7/WlsKnSDMg2oRwRhU/Gl2+LXyuuBvT7jQC3ac4jbF

kB6Uie/90YS3H4mKx3N8CqC7HEwlRCiDFQIDAQAB

-----
END RSA PUBLIC KEY
-----


Please choose a hash function
-

possible values are sha256 or

sha512!

sha256

Signing the data...

Writing Signature in file.

open(/home/richter/Algorithms_Tests_final/Signature_sha256.hex) = 1

Length in Bytes(/home/richter/Algorithms_Tests_final/Signature_sha256.hex)
= 256


Please enter the path to file containing
the signature you want to verify!

/home/richter/Algorithms_Tests_final/Signature_sha256.hex

Length in Bytes(/home/richter/Algorithms_Tests_final/Signature_sha256.hex)
= 256

open(/home/richter/Algorithms_Tests_final/Signature_sha256.
hex) = 1

Verifying Signature...

Signed correctly!


A.4.3.2 IMPLEMENTATION #2


----------------------------------------------------

---

TEST REPORT: RSA_SHA256_SIGN: RSA Encryption
---

----------------------------------------------------

-

GENERATED ON:
2013.01.22 11:06:04

-

PROVIDER: BC

-

OPMODE: Encryption

-

ALGORITHM: RSA

-

USAGE: Authentication

-

PRIVATE KEY: **** Secret ****

-

SIGNATURE (SHA256 with RSA Encryption) [BASE64]:
ocI9oyuF5efXrJWeUGZlXZJ82ncjTDkDZpaGHhEy6EHcb/iUeDm/iwCRPd8g+Kzdg/vDwc9FQl
QX
F5qHpaPXFI46l5Tj6QN70uulWqVWECbPw1dRyNDkCikpYabX6bvKhsiHWR4igFgoEMqMjxGl
LLRb/YGz2CpCbPq7K2eDArfTX4eEeCd1OpGWXdXzlfkptL+CgWysdNzDlQPwED/Hieiebs4dGM
DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
A
-
10

Nov

201
2

X7xStYGFiVzEZ+RRTOI0ax2HrBHoKb4ztkow7NJqnxe4fF50M2ygqjGeVdfD9M5LpX9YE15zga
JiFKt8sEsMlWE5lym/voec15WGUKNb3Wur2Q
2BWXBKL7dw==

-

SIGNATURE (SHA256 with RSA Encryption) [HEX]:
a1c23da32b85e5e7d7ac959e5066655d927cda77234c39036696861e1132e841dc6ff89478
39bf8b00913ddf20f8acdd83fbc3c1cf45425417179a87a5a3d7148e3a9794e3e9037bd2eb
a55aa5561026cfc35751c8d0e40a292961a6d7e9bbca
86c887591e2280582810ca8c8f11a5
2cb45bfd81b3d82a426cfabb2b678302b7d35f87847827753a91965dd5f395f929b4bf8281
6cac74dcc39503f0103fc789e89e6ece1d18c5fbc52b58185895cc467e4514ce2346b1d87a
c11e829be33b64a30ecd26a9f17b87c5e74336ca0aa319e55d7c3f4ce4ba57f58135e7381a
2621
4ab7cb04b0c9561399729bfbe879cd7958650a35bdd6babd90d8159704a2fb77

-

INPUT MSG [BASE64]:
TWFyeSBoYWQgYSBsaXR0bGUgbGFtYiB3aG9zZSBmbGVlY2Ugd2FzIHdoaXRlIGFzIHNub3c=

-

INPUT MSG [HEX]:
4d617279206861642061206c6974746c65206c616d622077686f736520666c656563652077
617320776869746520617320736e6f77

-

INPUT MSG [ASCII]: Mary had a little lamb whose fleece was white as
snow

-------------------------------------------

---

END OF TEST REPORT: RSA_S
HA256_SIGN
---

-------------------------------------------


---------------------------------------------------

---

TEST REPORT: RSA_SHA256_VER: RSA Decryption
---

---------------------------------------------------

-

GENERATED ON: 2013.01.22 11:07:30

-

PROVIDER: BC

-

OPMODE: Decryption

-

ALGORITHM: RSA

-

USAGE: Authentication

-

PUBLIC KEY:

-----
BEGIN PUBLIC KEY
-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3eb6s4qHKZyBhCDxilBx

gOO8fCHCc29HC8M9Wh+FfA2h3O2xlGc+qTAcf+hJHVp6/IWtEuPqxOVT1cMADhzF

FH/iYGhz1
Jk+as3KgVXVpTADaniWgNTPHhRe4XVJpO8XPqAHhozLCCQN5lgmb4r0

JU9qsiwjv4CE4s16kp742yUbid8VYyzB/aWWKi/CLOFMNDGhh4K36YXWtSatnq0q

EkEV1Bmxt7/zDgJH6HmomT3+t9BLOVvFa0EAMl1A32QwBaVnkB+B6R7/WlsKnSDM

g2oRwRhU/Gl2+LXyuuBvT7jQC3ac4jbFkB6Uie/90YS3H4mKx3N8CqC7HEwlRCiD

FQIDA
QAB

-----
END PUBLIC KEY
-----


-

SIGNATURE (SHA256 with RSA Encryption) [BASE64]:
ocI9oyuF5efXrJWeUGZlXZJ82ncjTDkDZpaGHhEy6EHcb/iUeDm/iwCRPd8g+Kzdg/vDwc9FQl
QXF5qHpaPXFI46l5Tj6QN70uulWqVWECbPw1dRyNDkCikpYabX6bvKhsiHWR4igFgoEMqMjxGl
LLRb/YGz2CpCbPq7K2eDArfTX4e
EeCd1OpGWXdXzlfkptL+CgWysdNzDlQPwED/Hieiebs4dGM
X7xStYGFiVzEZ+RRTOI0ax2HrBHoKb4ztkow7NJqnxe4fF50M2ygqjGeVdfD9M5LpX9YE15zga
JiFKt8sEsMlWE5lym/voec15WGUKNb3Wur2Q2BWXBKL7dw==

-

SIGNATURE (SHA256 with RSA Encryption) [HEX]:
a1c23da32b85e5e7d7ac959e5066655d927
cda77234c39036696861e1132e841dc6ff89478
39bf8b00913ddf20f8acdd83fbc3c1cf45425417179a87a5a3d7148e3a9794e3e9037bd2eb
a55aa5561026cfc35751c8d0e40a292961a6d7e9bbca86c887591e2280582810ca8c8f11a5
2cb45bfd81b3d82a426cfabb2b678302b7d35f87847827753a91965dd5f395f929b4b
f8281
6cac74dcc39503f0103fc789e89e6ece1d18c5fbc52b58185895cc467e4514ce2346b1d87a
c11e829be33b64a30ecd26a9f17b87c5e74336ca0aa319e55d7c3f4ce4ba57f58135e7381a
26214ab7cb04b0c9561399729bfbe879cd7958650a35bdd6babd90d8159704a2fb77

-

SIGNATURE VER.: >>>>> SUCCESSFUL

<<<<<

-

INPUT MSG [BASE64]:
TWFyeSBoYWQgYSBsaXR0bGUgbGFtYiB3aG9zZSBmbGVlY2Ugd2FzIHdoaXRlIGFzIHNub3c=

DRAFT CCSDS RECORD CONCERNING CCSDS CRYPTOGRAPHIC ALGORITHMS TEST
PLAN

CCSDS
352
.
1
-
Y
-
1

Page
A
-
11

Nov

201
2

-

INPUT MSG [HEX]:
4d617279206861642061206c6974746c65206c616d622077686f736520666c656563652077
617320776869746520617320736e6f77

-

INPUT MSG [ASCII]: Mar
y had a little lamb whose fleece was white as
snow

------------------------------------------

---

END OF TEST REPORT: RSA_SHA256_VER
---

------------------------------------------