mdw@git.distorted.org.uk Git - catacomb/blob - symm/latinpoly-test.c

   1 /* -*-c-*-
   2  *
   3  * Testing for AEAD schemes based on Salsa20/ChaCha and Poly1305
   4  *
   5  * (c) 2018 Straylight/Edgeware
   6  */
   7
   8 /*----- Licensing notice --------------------------------------------------*
   9  *
  10  * This file is part of Catacomb.
  11  *
  12  * Catacomb is free software: you can redistribute it and/or modify it
  13  * under the terms of the GNU Library General Public License as published
  14  * by the Free Software Foundation; either version 2 of the License, or
  15  * (at your option) any later version.
  16  *
  17  * Catacomb is distributed in the hope that it will be useful, but
  18  * WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  20  * Library General Public License for more details.
  21  *
  22  * You should have received a copy of the GNU Library General Public
  23  * License along with Catacomb.  If not, write to the Free Software
  24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
  25  * USA.
  26  */
  27
  28 /*----- Header files ------------------------------------------------------*/
  29
  30 #include <mLib/macros.h>
  31
  32 #include "latinpoly-def.h"
  33
  34 /*----- Main code ---------------------------------------------------------*/
  35
  36 /* --- @latinpoly_test@ --- *
  37  *
  38  * Arguments:   @gcaead *aec@ = authenticated encryption class to test
  39  *              @dstr *v@ = pointer to test-vector
  40  *
  41  * Returns:     Nonzero if the test passed, zero on failure.
  42  */
  43
  44 int latinpoly_test(const gcaead *aec, dstr *v)
  45 {
  46   gaead_key *k;
  47   gaead_aad *a;
  48   gaead_enc *e; gaead_dec *d;
  49   dstr out = DSTR_INIT, tag = DSTR_INIT;
  50   buf b;
  51   int rc;
  52   int ok = 1;
  53
  54   k = GAEAD_KEY(aec, v[0].buf, v[0].len);
  55
  56   dstr_reset(&out); dstr_ensure(&out, v[3].len);
  57   dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ);
  58   e = GAEAD_ENC(k, v[1].buf, v[1].len, 0, 0, 0);
  59   a = GAEAD_AAD(e); GAEAD_HASH(a, v[2].buf, v[2].len);
  60   buf_init(&b, out.buf, out.sz);
  61   rc = GAEAD_ENCRYPT(e, v[3].buf, v[3].len, &b);
  62   if (rc) { printf("!! encrypt reports failure\n"); goto encfail; }
  63   rc = GAEAD_DONE(e, a, &b, tag.buf, POLY1305_TAGSZ);
  64   if (rc) { printf("!! encryptdone reports failure\n"); goto encfail; }
  65
  66   out.len = BLEN(&b); tag.len = POLY1305_TAGSZ;
  67   if (out.len != v[4].len ||
  68       MEMCMP(out.buf, !=, v[4].buf, v[4].len) ||
  69       MEMCMP(tag.buf, !=, v[5].buf, v[5].len)) {
  70   encfail:
  71     ok = 0;
  72     printf("\n%s encrypt FAILED", aec->name);
  73     printf("\n     key = "); type_hex.dump(&v[0], stdout);
  74     printf("\n   nonce = "); type_hex.dump(&v[1], stdout);
  75     printf("\n  header = "); type_hex.dump(&v[2], stdout);
  76     printf("\n message = "); type_hex.dump(&v[3], stdout);
  77     printf("\n  exp ct = "); type_hex.dump(&v[4], stdout);
  78     printf("\n calc ct = "); type_hex.dump(&out, stdout);
  79     printf("\n exp tag = "); type_hex.dump(&v[5], stdout);
  80     printf("\ncalc tag = "); type_hex.dump(&tag, stdout);
  81     putchar('\n');
  82   }
  83   GAEAD_DESTROY(a);
  84   GAEAD_DESTROY(e);
  85
  86   dstr_reset(&out); dstr_ensure(&out, v[3].len);
  87   dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ);
  88   d = GAEAD_DEC(k, v[1].buf, v[1].len, 0, 0, 0);
  89   a = GAEAD_AAD(d); GAEAD_HASH(a, v[2].buf, v[2].len);
  90   buf_init(&b, out.buf, out.sz);
  91   rc = GAEAD_DECRYPT(d, v[4].buf, v[4].len, &b);
  92   if (rc) { printf("!! decrypt reports failure\n"); goto decfail; }
  93   rc = GAEAD_DONE(e, a, &b, v[5].buf, POLY1305_TAGSZ);
  94   if (rc < 0) { printf("!! decryptdone reports failure\n"); goto decfail; }
  95
  96   out.len = BLEN(&b); tag.len = POLY1305_TAGSZ;
  97   if (out.len != v[3].len || MEMCMP(out.buf, !=, v[3].buf, v[3].len) ||
  98       !rc) {
  99   decfail:
 100     ok = 0;
 101     printf("\ndecrypt FAILED");
 102     printf("\n     key = "); type_hex.dump(&v[0], stdout);
 103     printf("\n   nonce = "); type_hex.dump(&v[1], stdout);
 104     printf("\n  header = "); type_hex.dump(&v[2], stdout);
 105     printf("\n  cipher = "); type_hex.dump(&v[4], stdout);
 106     printf("\n exp msg = "); type_hex.dump(&v[3], stdout);
 107     printf("\ncalc msg = "); type_hex.dump(&out, stdout);
 108     printf("\n     tag = "); type_hex.dump(&v[5], stdout);
 109     printf("\n  verify %s", rc > 0 ? "ok" : "FAILED");
 110     putchar('\n');
 111   }
 112   GAEAD_DESTROY(a);
 113   GAEAD_DESTROY(d);
 114
 115   GAEAD_DESTROY(k);
 116   dstr_destroy(&out); dstr_destroy(&tag);
 117   return (ok);
 118 }
 119
 120 /*----- That's all, folks -------------------------------------------------*/