3 * Testing for AEAD schemes based on Salsa20/ChaCha and Poly1305
5 * (c) 2018 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software: you can redistribute it and/or modify it
13 * under the terms of the GNU Library General Public License as published
14 * by the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb. If not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
28 /*----- Header files ------------------------------------------------------*/
30 #include "latinpoly-def.h"
32 /*----- Main code ---------------------------------------------------------*/
34 /* --- @latinpoly_test@ --- *
36 * Arguments: @gcaead *aec@ = authenticated encryption class to test
37 * @dstr *v@ = pointer to test-vector
39 * Returns: Nonzero if the test passed, zero on failure.
42 int latinpoly_test(const gcaead
*aec
, dstr
*v
)
46 gaead_enc
*e
; gaead_dec
*d
;
47 dstr out
= DSTR_INIT
, tag
= DSTR_INIT
;
52 k
= GAEAD_KEY(aec
, v
[0].buf
, v
[0].len
);
54 dstr_reset(&out
); dstr_ensure(&out
, v
[3].len
);
55 dstr_reset(&tag
); dstr_ensure(&tag
, POLY1305_TAGSZ
);
56 e
= GAEAD_ENC(k
, v
[1].buf
, v
[1].len
, 0, 0, 0);
57 a
= GAEAD_AAD(e
); GAEAD_HASH(a
, v
[2].buf
, v
[2].len
);
58 buf_init(&b
, out
.buf
, out
.sz
);
59 rc
= GAEAD_ENCRYPT(e
, v
[3].buf
, v
[3].len
, &b
);
60 if (rc
) { printf("!! encrypt reports failure\n"); goto encfail
; }
61 rc
= GAEAD_DONE(e
, a
, &b
, tag
.buf
, POLY1305_TAGSZ
);
62 if (rc
) { printf("!! encryptdone reports failure\n"); goto encfail
; }
64 out
.len
= BLEN(&b
); tag
.len
= POLY1305_TAGSZ
;
65 if (out
.len
!= v
[4].len
|| memcmp(out
.buf
, v
[4].buf
, v
[4].len
) ||
66 memcmp(tag
.buf
, v
[5].buf
, v
[5].len
)) {
69 printf("\n%s encrypt FAILED", aec
->name
);
70 printf("\n key = "); type_hex
.dump(&v
[0], stdout
);
71 printf("\n nonce = "); type_hex
.dump(&v
[1], stdout
);
72 printf("\n header = "); type_hex
.dump(&v
[2], stdout
);
73 printf("\n message = "); type_hex
.dump(&v
[3], stdout
);
74 printf("\n exp ct = "); type_hex
.dump(&v
[4], stdout
);
75 printf("\n calc ct = "); type_hex
.dump(&out
, stdout
);
76 printf("\n exp tag = "); type_hex
.dump(&v
[5], stdout
);
77 printf("\ncalc tag = "); type_hex
.dump(&tag
, stdout
);
83 dstr_reset(&out
); dstr_ensure(&out
, v
[3].len
);
84 dstr_reset(&tag
); dstr_ensure(&tag
, POLY1305_TAGSZ
);
85 d
= GAEAD_DEC(k
, v
[1].buf
, v
[1].len
, 0, 0, 0);
86 a
= GAEAD_AAD(d
); GAEAD_HASH(a
, v
[2].buf
, v
[2].len
);
87 buf_init(&b
, out
.buf
, out
.sz
);
88 rc
= GAEAD_DECRYPT(d
, v
[4].buf
, v
[4].len
, &b
);
89 if (rc
) { printf("!! decrypt reports failure\n"); goto decfail
; }
90 rc
= GAEAD_DONE(e
, a
, &b
, v
[5].buf
, POLY1305_TAGSZ
);
91 if (rc
< 0) { printf("!! decryptdone reports failure\n"); goto decfail
; }
93 out
.len
= BLEN(&b
); tag
.len
= POLY1305_TAGSZ
;
94 if (out
.len
!= v
[3].len
|| memcmp(out
.buf
, v
[3].buf
, v
[3].len
) || !rc
) {
97 printf("\ndecrypt FAILED");
98 printf("\n key = "); type_hex
.dump(&v
[0], stdout
);
99 printf("\n nonce = "); type_hex
.dump(&v
[1], stdout
);
100 printf("\n header = "); type_hex
.dump(&v
[2], stdout
);
101 printf("\n cipher = "); type_hex
.dump(&v
[4], stdout
);
102 printf("\n exp msg = "); type_hex
.dump(&v
[3], stdout
);
103 printf("\ncalc msg = "); type_hex
.dump(&out
, stdout
);
104 printf("\n tag = "); type_hex
.dump(&v
[5], stdout
);
105 printf("\n verify %s", rc
> 0 ?
"ok" : "FAILED");
112 dstr_destroy(&out
); dstr_destroy(&tag
);
116 /*----- That's all, folks -------------------------------------------------*/