[catacomb] / utils / poly1305-mct.c

#include <stdio.h>
#include <stdlib.h>

#include <mLib/bits.h>

#include "ct.h"
#include "rijndael-ecb.h"
#include "poly1305.h"

#define MSZMAX 1000
#define NITER 1000000

int main(void)
{
  unsigned i, msz, ii;
  rijndael_ecbctx rij;
  poly1305_key key;
  poly1305_ctx mac;
  octet
    r[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
    n[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
    k[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
    s[16], t[16],
    m[MSZMAX] = { 0 };
#ifdef notdef
  octet t0[16], t1[16];
#endif

  rijndael_ecbinit(&rij, k, sizeof(k), 0);
  poly1305_keyinit(&key, r, sizeof(r));
  for (ii = 0; ii < NITER; ii++) {
    msz = 0;
    for (;;) {
      rijndael_ecbencrypt(&rij, n, s, 16);

      poly1305_macinit(&mac, &key, s);
      poly1305_hash(&mac, m, msz);
      poly1305_done(&mac, t);
      for (i = 0; i < sizeof(t); i++) printf("%02x", t[i]);
      putchar('\n');

#ifdef notdef
      poly1305_macinit(&mac, &key, s);
      poly1305_hash(&mac, m, msz);
      poly1305_done(&mac, t0);
      if (!ct_memeq(t, t0, sizeof(t))) {
	fprintf(stderr, "verify failed\n");
	exit(112);
      }

      t0[rand()%16] += 1 + rand()%255;
      poly1305_macinit(&mac, &key, s);
      poly1305_hash(&mac, m, msz);
      poly1305_done(&mac, t1);
      if (ct_memeq(t0, t1, sizeof(t))) {
	fprintf(stderr, "verify accepted wrong tag\n");
	exit(112);
      }
#endif

      if (msz >= MSZMAX) break;
      n[0] ^= ii;
      for (i = 0; i < 16; i++) n[i] ^= t[i];
      if (msz%2) {
	for (i = 0; i < 16; i++) k[i] ^= t[i];
	rijndael_ecbinit(&rij, k, sizeof(k), 0);
      }
      if (msz%3) {
	for (i = 0; i < 16; i++) r[i] ^= t[i];
	poly1305_keyinit(&key, r, sizeof(r));
      }
      m[msz++] ^= t[0];
    }
  }

  return (0);
}
Commit	Line	Data
47af781c MW	1	#include <stdio.h>
	2	#include <stdlib.h>
	3
	4	#include <mLib/bits.h>
	5
	6	#include "ct.h"
	7	#include "rijndael-ecb.h"
	8	#include "poly1305.h"
	9
	10	#define MSZMAX 1000
	11	#define NITER 1000000
	12
	13	int main(void)
	14	{
	15	unsigned i, msz, ii;
	16	rijndael_ecbctx rij;
	17	poly1305_key key;
	18	poly1305_ctx mac;
	19	octet
	20	r[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
	21	n[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
	22	k[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
	23	s[16], t[16],
	24	m[MSZMAX] = { 0 };
	25	#ifdef notdef
	26	octet t0[16], t1[16];
	27	#endif
	28
	29	rijndael_ecbinit(&rij, k, sizeof(k), 0);
	30	poly1305_keyinit(&key, r, sizeof(r));
	31	for (ii = 0; ii < NITER; ii++) {
	32	msz = 0;
	33	for (;;) {
	34	rijndael_ecbencrypt(&rij, n, s, 16);
	35
	36	poly1305_macinit(&mac, &key, s);
	37	poly1305_hash(&mac, m, msz);
	38	poly1305_done(&mac, t);
	39	for (i = 0; i < sizeof(t); i++) printf("%02x", t[i]);
	40	putchar('\n');
	41
	42	#ifdef notdef
	43	poly1305_macinit(&mac, &key, s);
	44	poly1305_hash(&mac, m, msz);
	45	poly1305_done(&mac, t0);
	46	if (!ct_memeq(t, t0, sizeof(t))) {
	47	fprintf(stderr, "verify failed\n");
	48	exit(112);
	49	}
	50
	51	t0[rand()%16] += 1 + rand()%255;
	52	poly1305_macinit(&mac, &key, s);
	53	poly1305_hash(&mac, m, msz);
	54	poly1305_done(&mac, t1);
	55	if (ct_memeq(t0, t1, sizeof(t))) {
	56	fprintf(stderr, "verify accepted wrong tag\n");
	57	exit(112);
	58	}
	59	#endif
	60
	61	if (msz >= MSZMAX) break;
	62	n[0] ^= ii;
	63	for (i = 0; i < 16; i++) n[i] ^= t[i];
	64	if (msz%2) {
65	for (i = 0; i < 16; i++) k[i] ^= t[i];
66	rijndael_ecbinit(&rij, k, sizeof(k), 0);
67	}
68	if (msz%3) {
69	for (i = 0; i < 16; i++) r[i] ^= t[i];
70	poly1305_keyinit(&key, r, sizeof(r));
71	}
72	m[msz++] ^= t[0];
73	}
74	}
75
76	return (0);
77	}