Merge pull request #904 from reaperhulk/seed-bespoke-vectors

add SEED CFB/OFB bespoke vectors and documentation

4 files changed, 125 insertions, 0 deletions

diff --git a/docs/development/custom-vectors/seed.rst b/docs/development/custom-vectors/seed.rst
new file mode 100644
index 00000000..e8fda542
--- /dev/null
+++ b/docs/development/custom-vectors/seed.rst
@@ -0,0 +1,30 @@
+SEED vector creation
+=====================
+
+This page documents the code that was used to generate the SEED CFB and OFB
+test vectors as well as the code used to verify them against another
+implementation. For SEED the vectors were generated using OpenSSL and verified
+with `Botan`_.
+
+Creation
+--------
+
+``cryptography`` was modified to support SEED in CFB and OFB modes. Then
+the following python script was run to generate the vector files.
+
+.. literalinclude:: /development/custom-vectors/seed/generate_seed.py
+
+Download link: :download:`generate_seed.py </development/custom-vectors/seed/generate_seed.py>`
+
+
+Verification
+------------
+
+The following python code was used to verify the vectors using the `Botan`_
+project's Python bindings.
+
+.. literalinclude:: /development/custom-vectors/seed/verify_seed.py
+
+Download link: :download:`verify_seed.py </development/custom-vectors/seed/verify_seed.py>`
+
+.. _`Botan`: http://botan.randombit.net
diff --git a/docs/development/custom-vectors/seed/generate_seed.py b/docs/development/custom-vectors/seed/generate_seed.py
new file mode 100644
index 00000000..d59597fd
--- /dev/null
+++ b/docs/development/custom-vectors/seed/generate_seed.py
@@ -0,0 +1,57 @@
+import binascii
+
+from cryptography.hazmat.backends.openssl.backend import backend
+from cryptography.hazmat.primitives.ciphers import algorithms, base, modes
+
+
+def encrypt(mode, key, iv, plaintext):
+    cipher = base.Cipher(
+        algorithms.SEED(binascii.unhexlify(key)),
+        mode(binascii.unhexlify(iv)),
+        backend
+    )
+    encryptor = cipher.encryptor()
+    ct = encryptor.update(binascii.unhexlify(plaintext))
+    ct += encryptor.finalize()
+    return binascii.hexlify(ct)
+
+
+def build_vectors(mode, filename):
+    with open(filename, "r") as f:
+        vector_file = f.read().splitlines()
+
+    count = 0
+    output = []
+    key = None
+    iv = None
+    plaintext = None
+    for line in vector_file:
+        line = line.strip()
+        if line.startswith("KEY"):
+            if count != 0:
+                output.append("CIPHERTEXT = {0}".format(
+                    encrypt(mode, key, iv, plaintext))
+                )
+            output.append("\nCOUNT = {0}".format(count))
+            count += 1
+            name, key = line.split(" = ")
+            output.append("KEY = {0}".format(key))
+        elif line.startswith("IV"):
+            name, iv = line.split(" = ")
+            output.append("IV = {0}".format(iv))
+        elif line.startswith("PLAINTEXT"):
+            name, plaintext = line.split(" = ")
+            output.append("PLAINTEXT = {0}".format(plaintext))
+
+    output.append("CIPHERTEXT = {0}".format(encrypt(mode, key, iv, plaintext)))
+    return "\n".join(output)
+
+
+def write_file(data, filename):
+    with open(filename, "w") as f:
+        f.write(data)
+
+OFB_PATH = "vectors/cryptography_vectors/ciphers/AES/OFB/OFBMMT128.rsp"
+write_file(build_vectors(modes.OFB, OFB_PATH), "seed-ofb.txt")
+CFB_PATH = "vectors/cryptography_vectors/ciphers/AES/CFB/CFB128MMT128.rsp"
+write_file(build_vectors(modes.CFB, CFB_PATH), "seed-cfb.txt")
diff --git a/docs/development/custom-vectors/seed/verify_seed.py b/docs/development/custom-vectors/seed/verify_seed.py
new file mode 100644
index 00000000..e626428c
--- /dev/null
+++ b/docs/development/custom-vectors/seed/verify_seed.py
@@ -0,0 +1,35 @@
+import binascii
+
+import botan
+
+from tests.utils import load_nist_vectors
+
+
+def encrypt(mode, key, iv, plaintext):
+    encryptor = botan.Cipher("SEED/{0}/NoPadding".format(mode), "encrypt",
+                             binascii.unhexlify(key))
+
+    cipher_text = encryptor.cipher(binascii.unhexlify(plaintext),
+                                   binascii.unhexlify(iv))
+    return binascii.hexlify(cipher_text)
+
+
+def verify_vectors(mode, filename):
+    with open(filename, "r") as f:
+        vector_file = f.read().splitlines()
+
+    vectors = load_nist_vectors(vector_file)
+    for vector in vectors:
+        ct = encrypt(
+            mode,
+            vector["key"],
+            vector["iv"],
+            vector["plaintext"]
+        )
+        assert ct == vector["ciphertext"]
+
+
+ofb_path = "vectors/cryptography_vectors/ciphers/SEED/seed-ofb.txt"
+verify_vectors("OFB", ofb_path)
+cfb_path = "vectors/cryptography_vectors/ciphers/SEED/seed-cfb.txt"
+verify_vectors("CFB", cfb_path)
diff --git a/docs/development/test-vectors.rst b/docs/development/test-vectors.rst
index d2e9548b..a1692c19 100644
--- a/docs/development/test-vectors.rst
+++ b/docs/development/test-vectors.rst
@@ -79,6 +79,8 @@ Symmetric ciphers
   See: :doc:`/development/custom-vectors/idea`
 * SEED (ECB) from :rfc:`4269`.
 * SEED (CBC) from :rfc:`4196`.
+* SEED (CFB, OFB) generated by this project.
+  See: :doc:`/development/custom-vectors/seed`
 
 Two factor authentication
 ~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -98,6 +100,7 @@ its own using existing vectors as source material. Current custom vectors:
 
     custom-vectors/cast5
     custom-vectors/idea
+    custom-vectors/seed
 
 If official test vectors appear in the future the custom generated vectors
 should be discarded.