3 * Testing for AEAD schemes based on Salsa20/ChaCha and Poly1305
5 * (c) 2018 Straylight/Edgeware
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of Catacomb.
12 * Catacomb is free software: you can redistribute it and/or modify it
13 * under the terms of the GNU Library General Public License as published
14 * by the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * Catacomb is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * Library General Public License for more details.
22 * You should have received a copy of the GNU Library General Public
23 * License along with Catacomb. If not, write to the Free Software
24 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
28 /*----- Header files ------------------------------------------------------*/
30 #include "latinpoly-def.h"
32 /*----- Main code ---------------------------------------------------------*/
34 /* --- @latinpoly_test@ --- *
36 * Arguments: @gcaead *aec@ = authenticated encryption class to test
37 * @dstr *v@ = pointer to test-vector
39 * Returns: Nonzero if the test passed, zero on failure.
42 int latinpoly_test(const gcaead *aec, dstr *v)
46 gaead_enc *e; gaead_dec *d;
47 dstr out = DSTR_INIT, tag = DSTR_INIT;
52 k = GAEAD_KEY(aec, v[0].buf, v[0].len);
54 dstr_reset(&out); dstr_ensure(&out, v[3].len);
55 dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ);
56 e = GAEAD_ENC(k, v[1].buf, v[1].len, 0, 0, 0);
57 a = GAEAD_AAD(e); GAEAD_HASH(a, v[2].buf, v[2].len);
58 buf_init(&b, out.buf, out.sz);
59 rc = GAEAD_ENCRYPT(e, v[3].buf, v[3].len, &b);
60 if (rc) { printf("!! encrypt reports failure\n"); goto encfail; }
61 rc = GAEAD_DONE(e, a, &b, tag.buf, POLY1305_TAGSZ);
62 if (rc) { printf("!! encryptdone reports failure\n"); goto encfail; }
64 out.len = BLEN(&b); tag.len = POLY1305_TAGSZ;
65 if (out.len != v[4].len || memcmp(out.buf, v[4].buf, v[4].len) ||
66 memcmp(tag.buf, v[5].buf, v[5].len)) {
69 printf("\n%s encrypt FAILED", aec->name);
70 printf("\n key = "); type_hex.dump(&v[0], stdout);
71 printf("\n nonce = "); type_hex.dump(&v[1], stdout);
72 printf("\n header = "); type_hex.dump(&v[2], stdout);
73 printf("\n message = "); type_hex.dump(&v[3], stdout);
74 printf("\n exp ct = "); type_hex.dump(&v[4], stdout);
75 printf("\n calc ct = "); type_hex.dump(&out, stdout);
76 printf("\n exp tag = "); type_hex.dump(&v[5], stdout);
77 printf("\ncalc tag = "); type_hex.dump(&tag, stdout);
83 dstr_reset(&out); dstr_ensure(&out, v[3].len);
84 dstr_reset(&tag); dstr_ensure(&tag, POLY1305_TAGSZ);
85 d = GAEAD_DEC(k, v[1].buf, v[1].len, 0, 0, 0);
86 a = GAEAD_AAD(d); GAEAD_HASH(a, v[2].buf, v[2].len);
87 buf_init(&b, out.buf, out.sz);
88 rc = GAEAD_DECRYPT(d, v[4].buf, v[4].len, &b);
89 if (rc) { printf("!! decrypt reports failure\n"); goto decfail; }
90 rc = GAEAD_DONE(e, a, &b, v[5].buf, POLY1305_TAGSZ);
91 if (rc < 0) { printf("!! decryptdone reports failure\n"); goto decfail; }
93 out.len = BLEN(&b); tag.len = POLY1305_TAGSZ;
94 if (out.len != v[3].len || memcmp(out.buf, v[3].buf, v[3].len) || !rc) {
97 printf("\ndecrypt FAILED");
98 printf("\n key = "); type_hex.dump(&v[0], stdout);
99 printf("\n nonce = "); type_hex.dump(&v[1], stdout);
100 printf("\n header = "); type_hex.dump(&v[2], stdout);
101 printf("\n cipher = "); type_hex.dump(&v[4], stdout);
102 printf("\n exp msg = "); type_hex.dump(&v[3], stdout);
103 printf("\ncalc msg = "); type_hex.dump(&out, stdout);
104 printf("\n tag = "); type_hex.dump(&v[5], stdout);
105 printf("\n verify %s", rc > 0 ? "ok" : "FAILED");
112 dstr_destroy(&out); dstr_destroy(&tag);
116 /*----- That's all, folks -------------------------------------------------*/
~mdw / catacomb / blob