3 * Testing for AEAD schemes based on Salsa20/ChaCha and Poly1305
5 * (c) 2018 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software: you can redistribute it and/or modify it
13 * under the terms of the GNU Library General Public License as published
14 * by the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb. If not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
28 /*----- Header files ------------------------------------------------------*/
30 #include <mLib/macros.h>
32 #include "latinpoly-def.h"
34 /*----- Main code ---------------------------------------------------------*/
36 /* --- @latinpoly_test@ --- *
38 * Arguments: @gcaead *aec@ = authenticated encryption class to test
39 * @dstr *v@ = pointer to test-vector
41 * Returns: Nonzero if the test passed, zero on failure.
44 int latinpoly_test(const gcaead *aec, dstr *v)
48 gaead_enc *e; gaead_dec *d;
49 dstr out = DSTR_INIT, tag = DSTR_INIT;
54 k = GAEAD_KEY(aec, v[0].buf, v[0].len);
56 dstr_reset(&out); dstr_ensure(&out, v[3].len);
57 dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ);
58 e = GAEAD_ENC(k, v[1].buf, v[1].len, 0, 0, 0);
59 a = GAEAD_AAD(e); GAEAD_HASH(a, v[2].buf, v[2].len);
60 buf_init(&b, out.buf, out.sz);
61 rc = GAEAD_ENCRYPT(e, v[3].buf, v[3].len, &b);
62 if (rc) { printf("!! encrypt reports failure\n"); goto encfail; }
63 rc = GAEAD_DONE(e, a, &b, tag.buf, POLY1305_TAGSZ);
64 if (rc) { printf("!! encryptdone reports failure\n"); goto encfail; }
66 out.len = BLEN(&b); tag.len = POLY1305_TAGSZ;
67 if (out.len != v[4].len ||
68 MEMCMP(out.buf, !=, v[4].buf, v[4].len) ||
69 MEMCMP(tag.buf, !=, v[5].buf, v[5].len)) {
72 printf("\n%s encrypt FAILED", aec->name);
73 printf("\n key = "); type_hex.dump(&v[0], stdout);
74 printf("\n nonce = "); type_hex.dump(&v[1], stdout);
75 printf("\n header = "); type_hex.dump(&v[2], stdout);
76 printf("\n message = "); type_hex.dump(&v[3], stdout);
77 printf("\n exp ct = "); type_hex.dump(&v[4], stdout);
78 printf("\n calc ct = "); type_hex.dump(&out, stdout);
79 printf("\n exp tag = "); type_hex.dump(&v[5], stdout);
80 printf("\ncalc tag = "); type_hex.dump(&tag, stdout);
86 dstr_reset(&out); dstr_ensure(&out, v[3].len);
87 dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ);
88 d = GAEAD_DEC(k, v[1].buf, v[1].len, 0, 0, 0);
89 a = GAEAD_AAD(d); GAEAD_HASH(a, v[2].buf, v[2].len);
90 buf_init(&b, out.buf, out.sz);
91 rc = GAEAD_DECRYPT(d, v[4].buf, v[4].len, &b);
92 if (rc) { printf("!! decrypt reports failure\n"); goto decfail; }
93 rc = GAEAD_DONE(e, a, &b, v[5].buf, POLY1305_TAGSZ);
94 if (rc < 0) { printf("!! decryptdone reports failure\n"); goto decfail; }
96 out.len = BLEN(&b); tag.len = POLY1305_TAGSZ;
97 if (out.len != v[3].len || MEMCMP(out.buf, !=, v[3].buf, v[3].len) ||
101 printf("\ndecrypt FAILED");
102 printf("\n key = "); type_hex.dump(&v[0], stdout);
103 printf("\n nonce = "); type_hex.dump(&v[1], stdout);
104 printf("\n header = "); type_hex.dump(&v[2], stdout);
105 printf("\n cipher = "); type_hex.dump(&v[4], stdout);
106 printf("\n exp msg = "); type_hex.dump(&v[3], stdout);
107 printf("\ncalc msg = "); type_hex.dump(&out, stdout);
108 printf("\n tag = "); type_hex.dump(&v[5], stdout);
109 printf("\n verify %s", rc > 0 ? "ok" : "FAILED");
116 dstr_destroy(&out); dstr_destroy(&tag);
120 /*----- That's all, folks -------------------------------------------------*/