--- /dev/null
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <mLib/bits.h>
+
+#include "ct.h"
+#include "rijndael-ecb.h"
+#include "poly1305.h"
+
+#define MSZMAX 1000
+#define NITER 1000000
+
+int main(void)
+{
+ unsigned i, msz, ii;
+ rijndael_ecbctx rij;
+ poly1305_key key;
+ poly1305_ctx mac;
+ octet
+ r[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
+ n[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
+ k[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
+ s[16], t[16],
+ m[MSZMAX] = { 0 };
+#ifdef notdef
+ octet t0[16], t1[16];
+#endif
+
+ rijndael_ecbinit(&rij, k, sizeof(k), 0);
+ poly1305_keyinit(&key, r, sizeof(r));
+ for (ii = 0; ii < NITER; ii++) {
+ msz = 0;
+ for (;;) {
+ rijndael_ecbencrypt(&rij, n, s, 16);
+
+ poly1305_macinit(&mac, &key, s);
+ poly1305_hash(&mac, m, msz);
+ poly1305_done(&mac, t);
+ for (i = 0; i < sizeof(t); i++) printf("%02x", t[i]);
+ putchar('\n');
+
+#ifdef notdef
+ poly1305_macinit(&mac, &key, s);
+ poly1305_hash(&mac, m, msz);
+ poly1305_done(&mac, t0);
+ if (!ct_memeq(t, t0, sizeof(t))) {
+ fprintf(stderr, "verify failed\n");
+ exit(112);
+ }
+
+ t0[rand()%16] += 1 + rand()%255;
+ poly1305_macinit(&mac, &key, s);
+ poly1305_hash(&mac, m, msz);
+ poly1305_done(&mac, t1);
+ if (ct_memeq(t0, t1, sizeof(t))) {
+ fprintf(stderr, "verify accepted wrong tag\n");
+ exit(112);
+ }
+#endif
+
+ if (msz >= MSZMAX) break;
+ n[0] ^= ii;
+ for (i = 0; i < 16; i++) n[i] ^= t[i];
+ if (msz%2) {
+ for (i = 0; i < 16; i++) k[i] ^= t[i];
+ rijndael_ecbinit(&rij, k, sizeof(k), 0);
+ }
+ if (msz%3) {
+ for (i = 0; i < 16; i++) r[i] ^= t[i];
+ poly1305_keyinit(&key, r, sizeof(r));
+ }
+ m[msz++] ^= t[0];
+ }
+ }
+
+ return (0);
+}
~mdw / catacomb / blobdiff