Commit | Line | Data |
---|---|---|
aac19f0d MW |
1 | /* -*-c-*- |
2 | * | |
3 | * Testing for AEAD schemes based on Salsa20/ChaCha and Poly1305 | |
4 | * | |
5 | * (c) 2018 Straylight/Edgeware | |
6 | */ | |
7 | ||
8 | /*----- Licensing notice --------------------------------------------------* | |
9 | * | |
10 | * This file is part of Catacomb. | |
11 | * | |
12 | * Catacomb is free software: you can redistribute it and/or modify it | |
13 | * under the terms of the GNU Library General Public License as published | |
14 | * by the Free Software Foundation; either version 2 of the License, or | |
15 | * (at your option) any later version. | |
16 | * | |
17 | * Catacomb is distributed in the hope that it will be useful, but | |
18 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
20 | * Library General Public License for more details. | |
21 | * | |
22 | * You should have received a copy of the GNU Library General Public | |
23 | * License along with Catacomb. If not, write to the Free Software | |
24 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
25 | * USA. | |
26 | */ | |
27 | ||
28 | /*----- Header files ------------------------------------------------------*/ | |
29 | ||
30 | #include "latinpoly-def.h" | |
31 | ||
32 | /*----- Main code ---------------------------------------------------------*/ | |
33 | ||
34 | /* --- @latinpoly_test@ --- * | |
35 | * | |
36 | * Arguments: @gcaead *aec@ = authenticated encryption class to test | |
37 | * @dstr *v@ = pointer to test-vector | |
38 | * | |
39 | * Returns: Nonzero if the test passed, zero on failure. | |
40 | */ | |
41 | ||
42 | int latinpoly_test(const gcaead *aec, dstr *v) | |
43 | { | |
44 | gaead_key *k; | |
45 | gaead_aad *a; | |
46 | gaead_enc *e; gaead_dec *d; | |
47 | dstr out = DSTR_INIT, tag = DSTR_INIT; | |
48 | buf b; | |
49 | int rc; | |
50 | int ok = 1; | |
51 | ||
52 | k = GAEAD_KEY(aec, v[0].buf, v[0].len); | |
53 | ||
54 | dstr_reset(&out); dstr_ensure(&out, v[3].len); | |
55 | dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ); | |
56 | e = GAEAD_ENC(k, v[1].buf, v[1].len, 0, 0, 0); | |
57 | a = GAEAD_AAD(e); GAEAD_HASH(a, v[2].buf, v[2].len); | |
58 | buf_init(&b, out.buf, out.sz); | |
59 | rc = GAEAD_ENCRYPT(e, v[3].buf, v[3].len, &b); | |
60 | if (rc) { printf("!! encrypt reports failure\n"); goto encfail; } | |
61 | rc = GAEAD_DONE(e, a, &b, tag.buf, POLY1305_TAGSZ); | |
62 | if (rc) { printf("!! encryptdone reports failure\n"); goto encfail; } | |
63 | ||
64 | out.len = BLEN(&b); tag.len = POLY1305_TAGSZ; | |
65 | if (out.len != v[4].len || memcmp(out.buf, v[4].buf, v[4].len) || | |
66 | memcmp(tag.buf, v[5].buf, v[5].len)) { | |
67 | encfail: | |
68 | ok = 0; | |
69 | printf("\n%s encrypt FAILED", aec->name); | |
70 | printf("\n key = "); type_hex.dump(&v[0], stdout); | |
71 | printf("\n nonce = "); type_hex.dump(&v[1], stdout); | |
72 | printf("\n header = "); type_hex.dump(&v[2], stdout); | |
73 | printf("\n message = "); type_hex.dump(&v[3], stdout); | |
74 | printf("\n exp ct = "); type_hex.dump(&v[4], stdout); | |
75 | printf("\n calc ct = "); type_hex.dump(&out, stdout); | |
76 | printf("\n exp tag = "); type_hex.dump(&v[5], stdout); | |
77 | printf("\ncalc tag = "); type_hex.dump(&tag, stdout); | |
78 | putchar('\n'); | |
79 | } | |
80 | GAEAD_DESTROY(a); | |
81 | GAEAD_DESTROY(e); | |
82 | ||
83 | dstr_reset(&out); dstr_ensure(&out, v[3].len); | |
84 | dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ); | |
85 | d = GAEAD_DEC(k, v[1].buf, v[1].len, 0, 0, 0); | |
86 | a = GAEAD_AAD(d); GAEAD_HASH(a, v[2].buf, v[2].len); | |
87 | buf_init(&b, out.buf, out.sz); | |
88 | rc = GAEAD_DECRYPT(d, v[4].buf, v[4].len, &b); | |
89 | if (rc) { printf("!! decrypt reports failure\n"); goto decfail; } | |
90 | rc = GAEAD_DONE(e, a, &b, v[5].buf, POLY1305_TAGSZ); | |
91 | if (rc < 0) { printf("!! decryptdone reports failure\n"); goto decfail; } | |
92 | ||
93 | out.len = BLEN(&b); tag.len = POLY1305_TAGSZ; | |
94 | if (out.len != v[3].len || memcmp(out.buf, v[3].buf, v[3].len) || !rc) { | |
95 | decfail: | |
96 | ok = 0; | |
97 | printf("\ndecrypt FAILED"); | |
98 | printf("\n key = "); type_hex.dump(&v[0], stdout); | |
99 | printf("\n nonce = "); type_hex.dump(&v[1], stdout); | |
100 | printf("\n header = "); type_hex.dump(&v[2], stdout); | |
101 | printf("\n cipher = "); type_hex.dump(&v[4], stdout); | |
102 | printf("\n exp msg = "); type_hex.dump(&v[3], stdout); | |
103 | printf("\ncalc msg = "); type_hex.dump(&out, stdout); | |
104 | printf("\n tag = "); type_hex.dump(&v[5], stdout); | |
105 | printf("\n verify %s", rc > 0 ? "ok" : "FAILED"); | |
106 | putchar('\n'); | |
107 | } | |
108 | GAEAD_DESTROY(a); | |
109 | GAEAD_DESTROY(d); | |
110 | ||
111 | GAEAD_DESTROY(k); | |
112 | dstr_destroy(&out); dstr_destroy(&tag); | |
113 | return (ok); | |
114 | } | |
115 | ||
116 | /*----- That's all, folks -------------------------------------------------*/ |