rand/rand-x86ish.S: Hoist argument register allocation outside.

[catacomb] / utils / poly1305-mct.c

#include <stdio.h>
#include <stdlib.h>

#include <mLib/bits.h>

#include "ct.h"
#include "rijndael-ecb.h"
#include "poly1305.h"

#define MSZMAX 1000
#define NITER 1000000

int main(void)
{
  unsigned i, msz, ii;
  rijndael_ecbctx rij;
  poly1305_key key;
  poly1305_ctx mac;
  octet
    r[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
    n[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
    k[16] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 },
    s[16], t[16],
    m[MSZMAX] = { 0 };
#ifdef notdef
  octet t0[16], t1[16];
#endif

  rijndael_ecbinit(&rij, k, sizeof(k), 0);
  poly1305_keyinit(&key, r, sizeof(r));
  for (ii = 0; ii < NITER; ii++) {
    msz = 0;
    for (;;) {
      rijndael_ecbencrypt(&rij, n, s, 16);

      poly1305_macinit(&mac, &key, s);
      poly1305_hash(&mac, m, msz);
      poly1305_done(&mac, t);
      for (i = 0; i < sizeof(t); i++) printf("%02x", t[i]);
      putchar('\n');

#ifdef notdef
      poly1305_macinit(&mac, &key, s);
      poly1305_hash(&mac, m, msz);
      poly1305_done(&mac, t0);
      if (!ct_memeq(t, t0, sizeof(t))) {
        fprintf(stderr, "verify failed\n");
        exit(112);
      }

      t0[rand()%16] += 1 + rand()%255;
      poly1305_macinit(&mac, &key, s);
      poly1305_hash(&mac, m, msz);
      poly1305_done(&mac, t1);
      if (ct_memeq(t0, t1, sizeof(t))) {
        fprintf(stderr, "verify accepted wrong tag\n");
        exit(112);
      }
#endif

      if (msz >= MSZMAX) break;
      n[0] ^= ii;
      for (i = 0; i < 16; i++) n[i] ^= t[i];
      if (msz%2) {
        for (i = 0; i < 16; i++) k[i] ^= t[i];
        rijndael_ecbinit(&rij, k, sizeof(k), 0);
      }
      if (msz%3) {
        for (i = 0; i < 16; i++) r[i] ^= t[i];
        poly1305_keyinit(&key, r, sizeof(r));
      }
      m[msz++] ^= t[0];
    }
  }

  return (0);
}