search

bcgit / bc-java

Bouncy Castle Java Distribution (Mirror)
https://www.bouncycastle.org/java.html
MIT License
2.29k stars 1.13k forks source link

BC-FIPS DRBG test result not matching NIST vectors #1799

Open akxhw1996 opened 1 month ago

akxhw1996 commented 1 month ago

Hi, I am trying to use NIST ACVP vectors to test BC-FIPS version 1.0.2 for hashDRBG and the result of my computation does not match NIST vector expected result. Is there any problem in my process of calling BC-FIPS API? Or am I missing something? Any comment is appreciated!

Vector example https://github.com/usnistgov/ACVP-Server/tree/master/gen-val/json-files/hashDRBG-1.0 testCaseId = 166:

{
    "tgId": 12,
    "testType": "AFT",
    "derFunc": false,
    "reSeed": true,
    "predResistance": false,
    "entropyInputLen": 800,
    "nonceLen": 160,
    "persoStringLen": 640,
    "additionalInputLen": 480,
    "returnedBitsLen": 4096,
    "mode": "SHA-1",
    "tests": [
        {
            "tcId": 166,
            "entropyInput": "8FF8CB3E0F06FD04356658F70BA1FE0C8E8474A45AA38849760E606D9B1C34ABDCBE0899D266DF0B33E9456612ECBCF97C913C9C0B79B897929DA4EF1131EE7BCD6AE4C89A7A9ECA20801E123B1AE71BFD729E8A980116C087A3147030FF8B52FC8181F9",
            "nonce": "9BC6D75B978F8FA1DDC875AE980FF51F67609DF9",
            "persoString": "4644ACC94FB73682064E1BEB3279D14AEA01215344C262565EACAF683F82882E8D4E493DB03F9F5E389A0DB845285D0566B46F6E75938890825C08EF166E1C140760148F7E38FE596F97E7CD52E4B367",
            "otherInput": [
                {
                    "intendedUse": "reSeed",
                    "additionalInput": "0FCCAD7E1536192246E571716DD86087F879A7B61C6ADEDC14AF116ACFCEC63F01A203DCFBD1E212A106BD32F9A3F167F70CBF95A8782312A8A94FF8",
                    "entropyInput": "49BA2904186B145E3F5893B80E502E3F7D878564A85A25F9D2DEAA160143348F89F163D0463BB97F0799C21D059273538E2455DD39D9E9AC8B703FD1EA1CF80275994A82A3BD64D364BE3E9107B06912B09433FA45A928D473078DAB0F1E3E462BC9CD6F"
                },
                {
                    "intendedUse": "generate",
                    "additionalInput": "68ED9BE64AE45038A5ACCB2E38F39153E32B81D24A08AB3D3F9C5B112E969ADB50AC87E1CD8F352B7C74D8686BEAEA52541D8E41568D3DF0CE697680",
                    "entropyInput": ""
                },
                {
                    "intendedUse": "generate",
                    "additionalInput": "07BA6B1A1BD49D213A3F3BA60ED5EF9D83EAFC4E64EB830695B99FBDA1585176C1F5F0ED0F2274944F7AAC0AA9A92AD0BD2DAB4DF742EFF7A77B3C90",
                    "entropyInput": ""
                }
            ]
        }
    ]
}

my code:

import org.bouncycastle.crypto.fips.FipsDRBG;
import org.bouncycastle.crypto.fips.FipsSecureRandom;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.test.FixedEntropySourceProvider;

public class DrbgTest {
    public static void main(String[] args) {
        String entropyInput = "8FF8CB3E0F06FD04356658F70BA1FE0C8E8474A45AA38849760E606D9B1C34ABDCBE0899D266DF0B33E9456612ECBCF97C913C9C0B79B897929DA4EF1131EE7BCD6AE4C89A7A9ECA20801E123B1AE71BFD729E8A980116C087A3147030FF8B52FC8181F9"
            + "49BA2904186B145E3F5893B80E502E3F7D878564A85A25F9D2DEAA160143348F89F163D0463BB97F0799C21D059273538E2455DD39D9E9AC8B703FD1EA1CF80275994A82A3BD64D364BE3E9107B06912B09433FA45A928D473078DAB0F1E3E462BC9CD6F";
        String nonce = "9BC6D75B978F8FA1DDC875AE980FF51F67609DF9";
        String persoString = "4644ACC94FB73682064E1BEB3279D14AEA01215344C262565EACAF683F82882E8D4E493DB03F9F5E389A0DB845285D0566B46F6E75938890825C08EF166E1C140760148F7E38FE596F97E7CD52E4B367";
        String additionalInput1 = "0FCCAD7E1536192246E571716DD86087F879A7B61C6ADEDC14AF116ACFCEC63F01A203DCFBD1E212A106BD32F9A3F167F70CBF95A8782312A8A94FF8";
        String additionalInput2 = "68ED9BE64AE45038A5ACCB2E38F39153E32B81D24A08AB3D3F9C5B112E969ADB50AC87E1CD8F352B7C74D8686BEAEA52541D8E41568D3DF0CE697680";
        String additionalInput3 = "07BA6B1A1BD49D213A3F3BA60ED5EF9D83EAFC4E64EB830695B99FBDA1585176C1F5F0ED0F2274944F7AAC0AA9A92AD0BD2DAB4DF742EFF7A77B3C90";

        FixedEntropySourceProvider entropySource = new FixedEntropySourceProvider(Hex.decode(entropyInput), false);
        FipsSecureRandom random = FipsDRBG.SHA1.fromEntropySource(entropySource)
            .setSecurityStrength(112)
            .setEntropyBitsRequired(800)
            .setPersonalizationString(Hex.decode(persoString)).build(
                Hex.decode(nonce),
                false);
        byte[] bytes = new byte[4096 / 8];
        random.reseed(Hex.decode(additionalInput1));
        random.nextBytes(bytes, Hex.decode(additionalInput2));
        random.nextBytes(bytes, Hex.decode(additionalInput3));
        System.out.println(Hex.toHexString(bytes));
    }
}

My result: 92e5595665d10484462d321d484bcefad7c9fef005f5c906dedc76f41d744528a2cccbbcb42c1d70b673c3f81a9fbeb0b6e162400e130173707f328bea6a8c85721b23baaf0bca377541a8c188fd61f69d6c1a8a2cdfcb42abc0feddd48152edefd878ca7327880f60d18ea98c569475b7409eb5d84c2cc5d4cef3ac163b1f97f9d55ab333a8e42dba915724fcfb48cf28e58d5116c10e7fc0257fd7b7b5cf6d1691d7171c6bdd15aa3723c8af668d9854f3f9ef744bc900394325efb81e5172051a06780fe09b9eeb995eb495fd62bd91aa7a08419829324c1f296a08462f2a3a9f11c915e48eb9188a91d458e437975b92030ebf9d011e715b2e6c470b74b4b4696ed445da8fc836ac7e45c6f5d43d307f294bb592131b0df453e833ce12f21948c61d91e53d6abcea0439508abd4169173f0360cc4c13bb6c05fa843837fd9cb4a77aeaa0cb3319faac5b5b20e7dfd1cbd9f25ef9637fd7947faac38222d14c7f69a24b0f0ab01e6ca1c6b555f96e845113367159bf6ca16413876b5bbfd8443975d5256599e3bd0bd11be8f1069ea2880bdf8c64211102cbe5e0a068426c864dbeb1caa043bc76499830087829235ca0b68c84f0b82572c2194a06b71a6281007166945690bbafe7c4f190ca24443025a7e9306d228959cdb7820fd88c274595db727e37a78e56613ce8fdb5610153985a8f823502ea0d4eb0fcddb8ebc2

NIST vector expected result: 6F4D6902A63F3FD858A63B3B2EF4C14A946C4C100A99BA2A274BAE2E0E458A7D64FFAA0892AA6EA4EEBDC8D1BDF0F46D9948DCAB8407158E31D976576A6C929279576C8570458C14445AE99D84A09296C6996B802BA206A8F79C0587A09FBFB7C810B4BAF13656A976E332493C5BB2E52B8BB3EB3857349E93FFD164B5F8DA4E1840E9FD3B9637A6BE1D52EDB35ED8B5C32106BB8C1CCC0EBEE7FA8F399E74467D6C36BD76D201281482449122774D4F6FB9749627C66F5E3A9A82C5F8003B6B685D99F24D5E64F035B0F1D6C0FF4D4FD1DC66B72B728E5ACEF03D5844B431D8CC8D2D2B12DA4CCC15DB42574FF4880F40E2FAB955C6E80E629CA3AA3E7DFD6B0D7510C87C44D078C2B238AA045A161DEA2CDE84DC5558EAE27CFEFF444038CDD7F4B7A0486B6C70015E2928DCA108C41988E813358D1031C856E6C3C70E1BFAC5B6C57F95A13CAC74F3DE6D742DB6E8261071915BFF3E6E68165224B46A613824D36F4BB88333E9F00FD57843C01DD713ADAE5D0C02E35C78C40FDFDE0AA4376B6F354B9F551BABCBD326C5B1F6BCE066763DBF2B58137E4C52BB23275F5003DBB58DF2074E8B53039C7BE6EAB5435A766A44B6DDCC276A6ED74C137823EE994C25CCC233C18EA3EC0A7074B959477BD6FAFFC7943904DE078F15D51FF7E5D0EB6CF574DAD4BB17B3C25D185070796641594E52ED4743A097DD0A41A0AF3F06