Test cases for XML Encryption 1.1

Status of This Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.

This is a first public working draft of Test Cases for XML Encryption 1.1 [XMLENC-CORE1] and is intended to become a W3C Note. The XML Security working group plans to revise and add additional test cases to this document.

This document was published by the XML Security Working Group as an Editor's Draft. If you wish to make comments regarding this document, please send them to public-xmlsec@w3.org (subscribe, archives). All feedback is welcome.

Publication as an Editor's Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

2. XML Encryption

The details about the encryption key are embedded in the <KeyInfo>

2.1 Symmetric Key encryption

In these tests the content is encrypted by the specified symmetric key.

#	Encryption Parameters			CipherText	Remarks
#	Plaintext	Symmetric Key	Content encryption algorithm	CipherText	Remarks
SYM.1	d9313225f88406e5 a55909c5aff5269a	feffe9928665731c 6d6a8f9467308308	aes128-gcm	cipherText	The plain text and the keys are specified as hex strings.

2.2 Key derivation

In these tests the content is encrypted with a symmetric key that is derived from another symmetric key. The key to be derived from is specified in the "Symmetric key" column below.

#	Encryption Parameters				CipherText	Remarks
#	Plaintext	Symmetric Key	Content encryption algorithm	Key Derivation algorithm	CipherText	Remarks
DRV.1	KDF-test-data.txt	0001020304050607 1011121314151617 2021222324252627 3031323334353637	aes256-cbc	ConcatKDF SHA256	cipherText	The symmetric key and plaintext are specified as hex strings.
DRV.2	KDF-test-data.txt	PASSWORD	aes256-cbc	PBKDF2 hmac-sha256, iteration=1024, salt=specified	cipherText	The symmetric key is the string "PASSWORD" converted into bytes.
DRV.3	clearText	secret.concat.kdf	aes256-cbc	ConcatKDF SHA256	cipherText	The symmetric key and plaintext are specified as binary files.
DRV.4	clearText	PASSWORD	aes256-cbc	PBKDF2 hmac-sha256, iteration=4096, salt=specified	cipherText	The symmetric key is the string "PASSWORD" converted into bytes.

2.3 Key wrapping

In these tests the

At first the content is encrypted by a random symmetric key .
The KeyInfo of the contents's EncryptedData has an EncryptedKey.
Then this symmetric key is wrapped by an public key.
The KeyInfo of this EncryptedKey has X509Data of the public key.

#	Encryption Parameters				CipherText	Remarks
#	Plaintext	Asymmetric Key Pvt key file and password	Content encryption algorithm	Key encryption algorithm	CipherText	Remarks
WRAP.1	plaintext.xml	RSA-2048 pvtKey "passwd"	aes128-gcm	rsa-oaep-mgf1p Digest:SHA256, MGF:SHA1 PSource: None	cipherText	All the examples in this table use the new AES-GCM algorithm.
WRAP.2	plaintext.xml	RSA-3072 pvtKey "passwd"	aes192-gcm	rsa-oaep-mgf1p Digest:SHA256, MGF:SHA1 PSource: None	cipherText	In this example the OAEP digest method is specified as SHA256. The MFG algorithm is SHA1.
WRAP.3	plaintext.xml	RSA-3072 pvtKey "passwd"	aes256-gcm	rsa-oaep Digest:SHA384, MGF:SHA1 PSource: None	cipherText	This example uses the new `#rsa-oaep` algorithm that takes in explicit `MGF` algorithm. The MGF has been specified as SHA1.
WRAP.4	plaintext.xml	RSA-4096 pvtKey "passwd"	aes256-gcm	rsa-oaep Digest:SHA512, MGF:SHA1 PSource: Specified 8 bytes	cipherText	This also uses `#rsa-oaep` but has a 8 byte PSource explicitly defined .

2.4 Key Agreement

In these tests the

At first the content is encrypted by a random symmetric key .
The KeyInfo of the content's EncryptedData has EncryptedKey.
Then this symmetric key is wrapped by a second symmetric key that is derived from the key agreement.
The KeyInfo of first symmetric key's EncryptedKey has AgreementMethod.
Key agreement is based on one sender's ephemeral key and receiver's static key.
The OriginatorKeyInfo of AgreementMethod has a temporary generated key indicated by KeyValue.
The RecipientKeyInfo of AgreementMethod has X509Data which is the receiver's public key.

#	Encryption Parameters						CipherText	Remarks
#	Plaintext	Asymmetric Key Pvt key file and password	Content encryption algorithm	Key Wrapping algorithm	Key Agreement algorithm	Key Derivation algorithm	CipherText	Remarks
AGRMNT.1	plaintext.xml	EC-P256 pvtKey "passwd"	aes128-gcm	kw-aes128	ECDH-ES	ConcatKDF SHA256	cipherText	In the first three examples the key wrapping algorithm size matches the symmetric algorithm key size. This is not required, the AES key wrapping algorithms can encrypt any data that is a multiple of 64 bits.
AGRMNT.2	plaintext.xml	EC-P384 pvtKey "passwd"	aes192-gcm	kw-aes192	ECDH-ES	ConcatKDF SHA384	cipherText
AGRMNT.3	plaintext.xml	EC-P521 pvtKey "passwd"	aes256-gcm	kw-aes256	ECDH-ES	ConcatKDF SHA512	cipherText
AGRMNT.4	d9313225f88406e5 a55909c5aff5269a	EC-P256 pvtKey "1234"	aes128-gcm	kw-aes128	ECDH-ES	ConcatKDF SHA256	cipherText	These three examples are very similar to the previous three, except that they encrypt binary data. The binary data is specified in the left column as a hex string.
AGRMNT.5	d9313225f88406e5 a55909c5aff5269a	EC-P384 pvtKey "1234"	aes192-gcm	kw-aes192	ECDH-ES	ConcatKDF SHA384	cipherText
AGRMNT.6	d9313225f88406e5 a55909c5aff5269a	EC-P521 pvtKey "1234"	aes256-gcm	kw-aes256	ECDH-ES	ConcatKDF SHA512	cipherText
AGRMNT.7	plaintext.xml	DH-1024 pvtKey "passwd"	aes128-gcm	kw-aes128	dh-es	ConcatKDF SHA256	cipherText	This example encrypts with a Diffie Hellman key with the new algorithm `#dh-es` in which the key derivation function is explicitly specified.
AGRMNT.8	d9313225f88406e5 a55909c5aff5269a	DH-2048 pvtKey in CNG blob format	aes256-gcm	kw-aes256	dh-es	ConcatKDF SHA256	cipherText	This example also uses the new algorithm `#dh-es`
AGRMNT.9	plaintext.xml	EC-P256 pvtKey "passwd"	aes128-gcm	kw-aes256	ECDH-ES	PBKDF2 hmac-sha256, iteration=2000, salt=specified	cipherText	This example uses EC keys, but not the ConcatKDF key derivation function. Instead it uses the PBKDF2 key derivation. Also notice that the encryption algorithm and key wrapping algorithm have different key lengths - 128 and 256 respectively . The PBKDF2 parameters specifies a key length of 32 to match the wrapping algorithm key length.
AGRMNT.10	plaintext.xml	DH-1024 pvtKey "passwd"	aes128-gcm	kw-aes128	dh-es	PBKDF2 hmac-sha256, iteration=2000, salt=specified	cipherText	This example encrypts with a Diffie Hellman key with PBKDF2 key derivation

Test cases for XML Encryption 1.1

W3C Editor's Draft 27 September 2012

Abstract

Status of This Document

Table of Contents

1. Introduction

2. XML Encryption

2.1 Symmetric Key encryption

2.2 Key derivation

2.3 Key wrapping

2.4 Key Agreement

A. References

A.1 Normative references