mdw@git.distorted.org.uk Git - catacomb/blob - symm/latinpoly-test.c

   1 /* -*-c-*-
   2  *
   3  * Testing for AEAD schemes based on Salsa20/ChaCha and Poly1305
   4  *
   5  * (c) 2018 Straylight/Edgeware
   6  */
   7
   8 /*----- Licensing notice --------------------------------------------------*
   9  *
  10  * This file is part of Catacomb.
  11  *
  12  * Catacomb is free software: you can redistribute it and/or modify it
  13  * under the terms of the GNU Library General Public License as published
  14  * by the Free Software Foundation; either version 2 of the License, or
  15  * (at your option) any later version.
  16  *
  17  * Catacomb is distributed in the hope that it will be useful, but
  18  * WITHOUT ANY WARRANTY; without even the implied warranty of
  19  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  20  * Library General Public License for more details.
  21  *
  22  * You should have received a copy of the GNU Library General Public
  23  * License along with Catacomb.  If not, write to the Free Software
  24  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
  25  * USA.
  26  */
  27
  28 /*----- Header files ------------------------------------------------------*/
  29
  30 #include "latinpoly-def.h"
  31
  32 /*----- Main code ---------------------------------------------------------*/
  33
  34 /* --- @latinpoly_test@ --- *
  35  *
  36  * Arguments:   @gcaead *aec@ = authenticated encryption class to test
  37  *              @dstr *v@ = pointer to test-vector
  38  *
  39  * Returns:     Nonzero if the test passed, zero on failure.
  40  */
  41
  42 int latinpoly_test(const gcaead *aec, dstr *v)
  43 {
  44   gaead_key *k;
  45   gaead_aad *a;
  46   gaead_enc *e; gaead_dec *d;
  47   dstr out = DSTR_INIT, tag = DSTR_INIT;
  48   buf b;
  49   int rc;
  50   int ok = 1;
  51
  52   k = GAEAD_KEY(aec, v[0].buf, v[0].len);
  53
  54   dstr_reset(&out); dstr_ensure(&out, v[3].len);
  55   dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ);
  56   e = GAEAD_ENC(k, v[1].buf, v[1].len, 0, 0, 0);
  57   a = GAEAD_AAD(e); GAEAD_HASH(a, v[2].buf, v[2].len);
  58   buf_init(&b, out.buf, out.sz);
  59   rc = GAEAD_ENCRYPT(e, v[3].buf, v[3].len, &b);
  60   if (rc) { printf("!! encrypt reports failure\n"); goto encfail; }
  61   rc = GAEAD_DONE(e, a, &b, tag.buf, POLY1305_TAGSZ);
  62   if (rc) { printf("!! encryptdone reports failure\n"); goto encfail; }
  63
  64   out.len = BLEN(&b); tag.len = POLY1305_TAGSZ;
  65   if (out.len != v[4].len || memcmp(out.buf, v[4].buf, v[4].len) ||
  66       memcmp(tag.buf, v[5].buf, v[5].len)) {
  67   encfail:
  68     ok = 0;
  69     printf("\n%s encrypt FAILED", aec->name);
  70     printf("\n     key = "); type_hex.dump(&v[0], stdout);
  71     printf("\n   nonce = "); type_hex.dump(&v[1], stdout);
  72     printf("\n  header = "); type_hex.dump(&v[2], stdout);
  73     printf("\n message = "); type_hex.dump(&v[3], stdout);
  74     printf("\n  exp ct = "); type_hex.dump(&v[4], stdout);
  75     printf("\n calc ct = "); type_hex.dump(&out, stdout);
  76     printf("\n exp tag = "); type_hex.dump(&v[5], stdout);
  77     printf("\ncalc tag = "); type_hex.dump(&tag, stdout);
  78     putchar('\n');
  79   }
  80   GAEAD_DESTROY(a);
  81   GAEAD_DESTROY(e);
  82
  83   dstr_reset(&out); dstr_ensure(&out, v[3].len);
  84   dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ);
  85   d = GAEAD_DEC(k, v[1].buf, v[1].len, 0, 0, 0);
  86   a = GAEAD_AAD(d); GAEAD_HASH(a, v[2].buf, v[2].len);
  87   buf_init(&b, out.buf, out.sz);
  88   rc = GAEAD_DECRYPT(d, v[4].buf, v[4].len, &b);
  89   if (rc) { printf("!! decrypt reports failure\n"); goto decfail; }
  90   rc = GAEAD_DONE(e, a, &b, v[5].buf, POLY1305_TAGSZ);
  91   if (rc < 0) { printf("!! decryptdone reports failure\n"); goto decfail; }
  92
  93   out.len = BLEN(&b); tag.len = POLY1305_TAGSZ;
  94   if (out.len != v[3].len || memcmp(out.buf, v[3].buf, v[3].len) || !rc) {
  95   decfail:
  96     ok = 0;
  97     printf("\ndecrypt FAILED");
  98     printf("\n     key = "); type_hex.dump(&v[0], stdout);
  99     printf("\n   nonce = "); type_hex.dump(&v[1], stdout);
 100     printf("\n  header = "); type_hex.dump(&v[2], stdout);
 101     printf("\n  cipher = "); type_hex.dump(&v[4], stdout);
 102     printf("\n exp msg = "); type_hex.dump(&v[3], stdout);
 103     printf("\ncalc msg = "); type_hex.dump(&out, stdout);
 104     printf("\n     tag = "); type_hex.dump(&v[5], stdout);
 105     printf("\n  verify %s", rc > 0 ? "ok" : "FAILED");
 106     putchar('\n');
 107   }
 108   GAEAD_DESTROY(a);
 109   GAEAD_DESTROY(d);
 110
 111   GAEAD_DESTROY(k);
 112   dstr_destroy(&out); dstr_destroy(&tag);
 113   return (ok);
 114 }
 115
 116 /*----- That's all, folks -------------------------------------------------*/