Cryptographic Test Cases

This page describes tests a provider can write to verify the cryptographic components of their provider implementation.

Google recommends implementing these tests early to ease Fast Pair integration.

Test Cases

These cases cover:

Hashing
The Bloom Filter
AES Encryption and Public Key Exchange
Message enciphering and deciphering

SHA-256 Hashing

Input value:

0x11, 0x22, 0x33, 0x44, 0x55, 0x66

Hashed result:

0xBB, 0x00, 0x0D, 0xDD, 0x92, 0xA0, 0xA2, 0xA3, 0x46, 0xF0, 0xB5, 0x31,
0xF2, 0x78, 0xAF, 0x06, 0xE3, 0x70, 0xF8, 0x69, 0x32, 0xCC, 0xAF, 0xCC,
0xC8, 0x92, 0xD6, 0x8D, 0x35, 0x0F, 0x80, 0xF8

AES Encryption

Input value:

0xF3, 0x0F, 0x4E, 0x78, 0x6C, 0x59, 0xA7, 0xBB, 0xF3, 0x87, 0x3B, 0x5A,
0x49, 0xBA, 0x97, 0xEA

Secret key:

0xA0, 0xBA, 0xF0, 0xBB, 0x95, 0x1F, 0xF7, 0xB6, 0xCF, 0x5E, 0x3F, 0x45,
0x61, 0xC3, 0x32, 0x1D

Encrypted output:

0xAC, 0x9A, 0x16, 0xF0, 0x95, 0x3A, 0x3F, 0x22, 0x3D, 0xD1, 0x0C, 0xF5,
0x36, 0xE0, 0x9E, 0x9C

ECDH Key Exchange

Bob's private key:

0x02, 0xB4, 0x37, 0xB0, 0xED, 0xD6, 0xBB, 0xD4, 0x29, 0x06, 0x4A, 0x4E,
0x52, 0x9F, 0xCB, 0xF1, 0xC4, 0x8D, 0x0D, 0x62, 0x49, 0x24, 0xD5, 0x92,
0x27, 0x4B, 0x7E, 0xD8, 0x11, 0x93, 0xD7, 0x63

Bob's public key:

0xF7, 0xD4, 0x96, 0xA6, 0x2E, 0xCA, 0x41, 0x63, 0x51, 0x54, 0x0A, 0xA3,
0x43, 0xBC, 0x69, 0x0A, 0x61, 0x09, 0xF5, 0x51, 0x50, 0x06, 0x66, 0xB8,
0x3B, 0x12, 0x51, 0xFB, 0x84, 0xFA, 0x28, 0x60, 0x79, 0x5E, 0xBD, 0x63,
0xD3, 0xB8, 0x83, 0x6F, 0x44, 0xA9, 0xA3, 0xE2, 0x8B, 0xB3, 0x40, 0x17,
0xE0, 0x15, 0xF5, 0x97, 0x93, 0x05, 0xD8, 0x49, 0xFD, 0xF8, 0xDE, 0x10,
0x12, 0x3B, 0x61, 0xD2

Alice's private key:

0xD7, 0x5E, 0x54, 0xC7, 0x7D, 0x76, 0x24, 0x89, 0xE5, 0x7C, 0xFA, 0x92,
0x37, 0x43, 0xF1, 0x67, 0x77, 0xA4, 0x28, 0x3D, 0x99, 0x80, 0x0B, 0xAC,
0x55, 0x58, 0x48, 0x38, 0x93, 0xE5, 0xB0, 0x6D

Alice's public key:

0x36, 0xAC, 0x68, 0x2C, 0x50, 0x82, 0x15, 0x66, 0x8F, 0xBE, 0xFE, 0x24,
0x7D, 0x01, 0xD5, 0xEB, 0x96, 0xE6, 0x31, 0x8E, 0x85, 0x5B, 0x2D, 0x64,
0xB5, 0x19, 0x5D, 0x38, 0xEE, 0x7E, 0x37, 0xBE, 0x18, 0x38, 0xC0, 0xB9,
0x48, 0xC3, 0xF7, 0x55, 0x20, 0xE0, 0x7E, 0x70, 0xF0, 0x72, 0x91, 0x41,
0x9A, 0xCE, 0x2D, 0x28, 0x14, 0x3C, 0x5A, 0xDB, 0x2D, 0xBD, 0x98, 0xEE,
0x3C, 0x8E, 0x4F, 0xBF

Generated shared key (either Alice's public + Bob's private or Bob's public + Alice's private):

0x9D, 0xAD, 0xE4, 0xF8, 0x6A, 0xC3, 0x48, 0x8B, 0xBA, 0xC2, 0xAC, 0x34,
0xB5, 0xFE, 0x68, 0xA0, 0xEE, 0x5A, 0x67, 0x06, 0xF5, 0x43, 0xD9, 0x06,
0x1A, 0xD5, 0x78, 0x89, 0x49, 0x8A, 0xE6, 0xBA

AES Key from ECDH Shared Secret

This is step 1b (AES key generation) in the GATT procedure.

ECDH shared key:

0x9D, 0xAD, 0xE4, 0xF8, 0x6A, 0xC3, 0x48, 0x8B, 0xBA, 0xC2, 0xAC, 0x34,
0xB5, 0xFE, 0x68, 0xA0, 0xEE, 0x5A, 0x67, 0x06, 0xF5, 0x43, 0xD9, 0x06,
0x1A, 0xD5, 0x78, 0x89, 0x49, 0x8A, 0xE6, 0xBA

Generated AES key:

0xB0, 0x7F, 0x1F, 0x17, 0xC2, 0x36, 0xCB, 0xD3, 0x35, 0x23, 0xC5, 0x15,
0xF3, 0x50, 0xAE, 0x57

Bloom Filter

Random salt:

0xC7C8

First account key added to the filter (combine with the above random salt):

0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0xAA, 0xBB,
0xCC, 0xDD, 0xEE, 0xFF

Resulting bloom filter:

0x02, 0x0C, 0x80, 0x2A

Battery data (if it is contained in the advertisement):

0b00110011, // length = 3, show UI indication.
0b01000000, // left bud: not charging, battery level = 64.
0b01000000, // right bud: not charging, battery level = 64.
0b01000000  // case: not charging, battery level = 64.

Resulting bloom filter with battery data:

0x01, 0x01, 0x46, 0x0A

Second account key added to the filter (combine with the above random salt):

0x11, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x55, 0x55, 0x66, 0x66,
0x77, 0x77, 0x88, 0x88

Resulting bloom filter from both added account keys:

0x84, 0x4A, 0x62, 0x20, 0x8B

Battery data (if it is contained in the advertisement):

0b00110011, // length = 3, show UI indication.
0b01000000, // left bud: not charging, battery level = 64.
0b01000000, // right bud: not charging, battery level = 64.
0b01000000  // case: not charging, battery level = 64.

Resulting bloom filter from both added account keys with battery data:

0x46, 0x15, 0x24, 0xD0, 0x08

AES-CTR Encryption

Input data: "Someone's Google Headphone" with utf-8 encoding

0x53, 0x6F, 0x6D, 0x65, 0x6F, 0x6E, 0x65, 0x27, 0x73, 0x20, 0x47, 0x6F,
0x6F, 0x67, 0x6C, 0x65, 0x20, 0x48, 0x65, 0x61, 0x64, 0x70, 0x68, 0x6F,
0x6E, 0x65

Secret key:

0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23, 0x45, 0x67,
0x89, 0xAB, 0xCD, 0xEF

Nonce:

0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07

Expected encryption result:

0xEE, 0x4A, 0x24, 0x83, 0x73, 0x80, 0x52, 0xE4, 0x4E, 0x9B, 0x2A, 0x14,
0x5E, 0x5D, 0xDF, 0xAA, 0x44, 0xB9, 0xE5, 0x53, 0x6A, 0xF4, 0x38, 0xE1,
0xE5, 0xC6

HMAC-SHA256

Input data:

0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0xEE, 0x4A, 0x24, 0x83,
0x73, 0x80, 0x52, 0xE4, 0x4E, 0x9B, 0x2A, 0x14, 0x5E, 0x5D, 0xDF, 0xAA,
0x44, 0xB9, 0xE5, 0x53, 0x6A, 0xF4, 0x38, 0xE1, 0xE5, 0xC6

Secret key:

0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23, 0x45, 0x67,
0x89, 0xAB, 0xCD, 0xEF

Expected HMAC-SHA256 result:

0x55, 0xEC, 0x5E, 0x60, 0x55, 0xAF, 0x6E, 0x92, 0x61, 0x8B, 0x7D, 0x87,
0x10, 0xD4, 0x41, 0x37, 0x09, 0xAB, 0x5D, 0xA2, 0x7C, 0xA2, 0x6A, 0x66,
0xF5, 0x2E, 0x5A, 0xD4, 0xE8, 0x20, 0x90, 0x52

Encode personalized name to additional data packet

Input data: "Someone's Google Headphone" with utf-8 encoding

0x53, 0x6F, 0x6D, 0x65, 0x6F, 0x6E, 0x65, 0x27, 0x73, 0x20, 0x47, 0x6F,
0x6F, 0x67, 0x6C, 0x65, 0x20, 0x48, 0x65, 0x61, 0x64, 0x70, 0x68, 0x6F,
0x6E, 0x65

Secret key:

0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23, 0x45, 0x67,
0x89, 0xAB, 0xCD, 0xEF

Nonce:

0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07

Expected additional data packet:

0x55, 0xEC, 0x5E, 0x60, 0x55, 0xAF, 0x6E, 0x92, 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07, 0xEE, 0x4A, 0x24, 0x83, 0x73, 0x80, 0x52, 0xE4,
0x4E, 0x9B, 0x2A, 0x14, 0x5E, 0x5D, 0xDF, 0xAA, 0x44, 0xB9, 0xE5, 0x53,
0x6A, 0xF4, 0x38, 0xE1, 0xE5, 0xC6

Decode additional data packet to get personalized name

Input data:

0x55, 0xEC, 0x5E, 0x60, 0x55, 0xAF, 0x6E, 0x92, 0x00, 0x01, 0x02, 0x03,
0x04, 0x05, 0x06, 0x07, 0xEE, 0x4A, 0x24, 0x83, 0x73, 0x80, 0x52, 0xE4,
0x4E, 0x9B, 0x2A, 0x14, 0x5E, 0x5D, 0xDF, 0xAA, 0x44, 0xB9, 0xE5, 0x53,
0x6A, 0xF4, 0x38, 0xE1, 0xE5, 0xC6

Secret key:

0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, 0x01, 0x23, 0x45, 0x67,
0x89, 0xAB, 0xCD, 0xEF

Expected name: "Someone's Google Headphone" with utf-8 encoding

0x53, 0x6F, 0x6D, 0x65, 0x6F, 0x6E, 0x65, 0x27, 0x73, 0x20, 0x47, 0x6F,
0x6F, 0x67, 0x6C, 0x65, 0x20, 0x48, 0x65, 0x61, 0x64, 0x70, 0x68, 0x6F,
0x6E, 0x65

Encrypted connection status field

Field length and type:

0b001100101 (length = 3, type = connection status field)

Connection state:

0b10000101:

* on head detection = 1
* connection availability = 0
* focus mode = 0
* auto-reconnected = 0
* connection state = 0x5 (A2DP with AVRCP)

Custom data:

0x38

Connected devices bitmap:

0b00001001

Connection status field raw data (combine above 4 bytes):

0x35853809

In use account key (this is the Key):

0x04, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0xAA, 0xBB,
0xCC, 0xDD, 0xEE, 0xFF

Non-in use account key:

0x04, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, 0x55, 0x55, 0x66, 0x66,
0x77, 0x77, 0x88, 0x88

Random salt:

0xC7C8

Account key filter (this is IV): this is generated by changing the first byte of in use account key from 0b00000100 to 0b00000110.

0x8C, 0xA9, 0x0C, 0x08, 0x1C

Encrypted connection status field:

0xF4, 0xBB, 0x40, 0x6F

Cryptographic Test Cases Stay organized with collections Save and categorize content based on your preferences.

Test Cases

SHA-256 Hashing

AES Encryption

ECDH Key Exchange

AES Key from ECDH Shared Secret

Bloom Filter

AES-CTR Encryption

HMAC-SHA256

Encode personalized name to additional data packet

Decode additional data packet to get personalized name

Encrypted connection status field

Cryptographic Test Cases