X-Git-Url: https://git.distorted.org.uk/~mdw/catacomb/blobdiff_plain/a9a5bfa088ebf3b16dec488c384ad24762184ed0..2e572d839ee0e730bebccab3b5dc3ba3a40a37ee:/symm/poly1305.c?ds=sidebyside

diff --git a/symm/poly1305.c b/symm/poly1305.c
index df389395..d59615e6 100644
--- a/symm/poly1305.c
+++ b/symm/poly1305.c
@@ -956,7 +956,7 @@ static int vrf_cat(dstr v[])
 static int vrf_mct(dstr v[])
 {
   unsigned j, msz;
-  unsigned long i, niter;
+  unsigned long i, start_iter, end_iter;
   rijndael_ecbctx rij;
   poly1305_key key;
   poly1305_ctx mac;
@@ -972,18 +972,22 @@ static int vrf_mct(dstr v[])
   DENSURE(&dm, MSZMAX); m = (octet *)dm.buf; dm.len = MSZMAX;
   memset(m, 0, MSZMAX);
 
-  if (v[0].len != 16) { fprintf(stderr, "AES key len\n"); exit(2); }
-  if (v[1].len != 16) { fprintf(stderr, "poly key len\n"); exit(2); }
-  if (v[2].len != 16) { fprintf(stderr, "nonce len\n"); exit(2); }
-  if (v[4].len != 16) { fprintf(stderr, "result len\n"); exit(2); }
+  if (v[0].len != 16)     { fprintf(stderr, "AES key len\n"); exit(2); }
+  if (v[1].len != 16)     { fprintf(stderr, "poly key len\n"); exit(2); }
+  if (v[2].len != 16)     { fprintf(stderr, "nonce len\n"); exit(2); }
+  if (v[3].len != MSZMAX) { fprintf(stderr, "msgbuf len\n"); exit(2); }
+  if (v[6].len != 16)     { fprintf(stderr, "result len\n"); exit(2); }
   memcpy(k, v[0].buf, 16);
   memcpy(r, v[1].buf, 16);
   memcpy(n, v[2].buf, 16);
-  niter = *(unsigned long *)v[3].buf;
+  memcpy(m, v[3].buf, MSZMAX);
+  start_iter = *(unsigned long *)v[4].buf;
+  end_iter = *(unsigned long *)v[5].buf;
+  if (end_iter < start_iter) { fprintf(stderr, "iter bounds\n"); exit(2); }
 
   rijndael_ecbinit(&rij, k, 16, 0);
   poly1305_keyinit(&key, r, 16);
-  for (i = 0; i < niter; i++) {
+  for (i = start_iter; i < end_iter; i++) {
     msz = 0;
     for (;;) {
       rijndael_ecbencrypt(&rij, n, s, 16);
@@ -1005,14 +1009,20 @@ static int vrf_mct(dstr v[])
     }
   }
 
-  if (MEMCMP(t, !=, v[4].buf, 16)) {
+  if (MEMCMP(t, !=, v[6].buf, 16)) {
     ok = 0;
     fprintf(stderr, "failed...");
     fprintf(stderr, "\n\tinitial k = "); type_hex.dump(&v[0], stderr);
     fprintf(stderr, "\n\tinitial r = "); type_hex.dump(&v[1], stderr);
     fprintf(stderr, "\n\tinitial n = "); type_hex.dump(&v[2], stderr);
-    fprintf(stderr, "\n\titerations = %lu", niter);
-    fprintf(stderr, "\n\texpected = "); type_hex.dump(&v[4], stderr);
+    fprintf(stderr, "\n\tinitial m = "); type_hex.dump(&v[3], stderr);
+    fprintf(stderr, "\n\tstart iter = %lu", start_iter);
+    fprintf(stderr, "\n\tend iter = %lu", end_iter);
+    fprintf(stderr, "\n\tfinal k = "); type_hex.dump(&dk, stderr);
+    fprintf(stderr, "\n\tfinal r = "); type_hex.dump(&dr, stderr);
+    fprintf(stderr, "\n\tfinal n = "); type_hex.dump(&dn, stderr);
+    fprintf(stderr, "\n\tfinal m = "); type_hex.dump(&dm, stderr);
+    fprintf(stderr, "\n\texpected = "); type_hex.dump(&v[6], stderr);
     fprintf(stderr, "\n\tcalculated = "); type_hex.dump(&dt, stderr);
     fputc('\n', stderr);
   }
@@ -1031,7 +1041,8 @@ static const struct test_chunk tests[] = {
   { "poly1305-cat", vrf_cat,
     { &type_hex, &type_hex, &type_hex, &type_hex, &type_hex, &type_hex } },
   { "poly1305-mct", vrf_mct,
-    { &type_hex, &type_hex, &type_hex, &type_ulong, &type_hex } },
+    { &type_hex, &type_hex, &type_hex, &type_hex,
+      &type_ulong, &type_ulong, &type_hex } },
   { 0, 0, { 0 } }
 };