| 1 | /* -*-c-*- |
| 2 | * |
| 3 | * Testing for AEAD schemes based on Salsa20/ChaCha and Poly1305 |
| 4 | * |
| 5 | * (c) 2018 Straylight/Edgeware |
| 6 | */ |
| 7 | |
| 8 | /*----- Licensing notice --------------------------------------------------* |
| 9 | * |
| 10 | * This file is part of Catacomb. |
| 11 | * |
| 12 | * Catacomb is free software: you can redistribute it and/or modify it |
| 13 | * under the terms of the GNU Library General Public License as published |
| 14 | * by the Free Software Foundation; either version 2 of the License, or |
| 15 | * (at your option) any later version. |
| 16 | * |
| 17 | * Catacomb is distributed in the hope that it will be useful, but |
| 18 | * WITHOUT ANY WARRANTY; without even the implied warranty of |
| 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 20 | * Library General Public License for more details. |
| 21 | * |
| 22 | * You should have received a copy of the GNU Library General Public |
| 23 | * License along with Catacomb. If not, write to the Free Software |
| 24 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
| 25 | * USA. |
| 26 | */ |
| 27 | |
| 28 | /*----- Header files ------------------------------------------------------*/ |
| 29 | |
| 30 | #include <mLib/macros.h> |
| 31 | |
| 32 | #include "latinpoly-def.h" |
| 33 | |
| 34 | /*----- Main code ---------------------------------------------------------*/ |
| 35 | |
| 36 | /* --- @latinpoly_test@ --- * |
| 37 | * |
| 38 | * Arguments: @gcaead *aec@ = authenticated encryption class to test |
| 39 | * @dstr *v@ = pointer to test-vector |
| 40 | * |
| 41 | * Returns: Nonzero if the test passed, zero on failure. |
| 42 | */ |
| 43 | |
| 44 | int latinpoly_test(const gcaead *aec, dstr *v) |
| 45 | { |
| 46 | gaead_key *k; |
| 47 | gaead_aad *a; |
| 48 | gaead_enc *e; gaead_dec *d; |
| 49 | dstr out = DSTR_INIT, tag = DSTR_INIT; |
| 50 | buf b; |
| 51 | int rc; |
| 52 | int ok = 1; |
| 53 | |
| 54 | k = GAEAD_KEY(aec, v[0].buf, v[0].len); |
| 55 | |
| 56 | dstr_reset(&out); dstr_ensure(&out, v[3].len); |
| 57 | dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ); |
| 58 | e = GAEAD_ENC(k, v[1].buf, v[1].len, 0, 0, 0); |
| 59 | a = GAEAD_AAD(e); GAEAD_HASH(a, v[2].buf, v[2].len); |
| 60 | buf_init(&b, out.buf, out.sz); |
| 61 | rc = GAEAD_ENCRYPT(e, v[3].buf, v[3].len, &b); |
| 62 | if (rc) { printf("!! encrypt reports failure\n"); goto encfail; } |
| 63 | rc = GAEAD_DONE(e, a, &b, tag.buf, POLY1305_TAGSZ); |
| 64 | if (rc) { printf("!! encryptdone reports failure\n"); goto encfail; } |
| 65 | |
| 66 | out.len = BLEN(&b); tag.len = POLY1305_TAGSZ; |
| 67 | if (out.len != v[4].len || |
| 68 | MEMCMP(out.buf, !=, v[4].buf, v[4].len) || |
| 69 | MEMCMP(tag.buf, !=, v[5].buf, v[5].len)) { |
| 70 | encfail: |
| 71 | ok = 0; |
| 72 | printf("\n%s encrypt FAILED", aec->name); |
| 73 | printf("\n key = "); type_hex.dump(&v[0], stdout); |
| 74 | printf("\n nonce = "); type_hex.dump(&v[1], stdout); |
| 75 | printf("\n header = "); type_hex.dump(&v[2], stdout); |
| 76 | printf("\n message = "); type_hex.dump(&v[3], stdout); |
| 77 | printf("\n exp ct = "); type_hex.dump(&v[4], stdout); |
| 78 | printf("\n calc ct = "); type_hex.dump(&out, stdout); |
| 79 | printf("\n exp tag = "); type_hex.dump(&v[5], stdout); |
| 80 | printf("\ncalc tag = "); type_hex.dump(&tag, stdout); |
| 81 | putchar('\n'); |
| 82 | } |
| 83 | GAEAD_DESTROY(a); |
| 84 | GAEAD_DESTROY(e); |
| 85 | |
| 86 | dstr_reset(&out); dstr_ensure(&out, v[3].len); |
| 87 | dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ); |
| 88 | d = GAEAD_DEC(k, v[1].buf, v[1].len, 0, 0, 0); |
| 89 | a = GAEAD_AAD(d); GAEAD_HASH(a, v[2].buf, v[2].len); |
| 90 | buf_init(&b, out.buf, out.sz); |
| 91 | rc = GAEAD_DECRYPT(d, v[4].buf, v[4].len, &b); |
| 92 | if (rc) { printf("!! decrypt reports failure\n"); goto decfail; } |
| 93 | rc = GAEAD_DONE(e, a, &b, v[5].buf, POLY1305_TAGSZ); |
| 94 | if (rc < 0) { printf("!! decryptdone reports failure\n"); goto decfail; } |
| 95 | |
| 96 | out.len = BLEN(&b); tag.len = POLY1305_TAGSZ; |
| 97 | if (out.len != v[3].len || MEMCMP(out.buf, !=, v[3].buf, v[3].len) || |
| 98 | !rc) { |
| 99 | decfail: |
| 100 | ok = 0; |
| 101 | printf("\ndecrypt FAILED"); |
| 102 | printf("\n key = "); type_hex.dump(&v[0], stdout); |
| 103 | printf("\n nonce = "); type_hex.dump(&v[1], stdout); |
| 104 | printf("\n header = "); type_hex.dump(&v[2], stdout); |
| 105 | printf("\n cipher = "); type_hex.dump(&v[4], stdout); |
| 106 | printf("\n exp msg = "); type_hex.dump(&v[3], stdout); |
| 107 | printf("\ncalc msg = "); type_hex.dump(&out, stdout); |
| 108 | printf("\n tag = "); type_hex.dump(&v[5], stdout); |
| 109 | printf("\n verify %s", rc > 0 ? "ok" : "FAILED"); |
| 110 | putchar('\n'); |
| 111 | } |
| 112 | GAEAD_DESTROY(a); |
| 113 | GAEAD_DESTROY(d); |
| 114 | |
| 115 | GAEAD_DESTROY(k); |
| 116 | dstr_destroy(&out); dstr_destroy(&tag); |
| 117 | return (ok); |
| 118 | } |
| 119 | |
| 120 | /*----- That's all, folks -------------------------------------------------*/ |