X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=test%2Ftest_crypto.c;h=58615ecd25346f7c70b41f31d992dffb24cbdc86;hp=ce0f64ff27873dd7ca1d560a79717cccc7885a3b;hb=b42bd5972f935ffc32019acac6f8a07ae08ae9c2;hpb=9e71c0673a9f46f82e43125919619f296698292e;ds=sidebyside

diff --git a/test/test_crypto.c b/test/test_crypto.c
index ce0f64f..58615ec 100644
--- a/test/test_crypto.c
+++ b/test/test_crypto.c
@@ -4006,6 +4006,162 @@ test_DES_ct(void)
 		1, 1);
 }
 
+static const struct {
+	const char *skey;
+	const char *snonce;
+	uint32_t counter;
+	const char *splain;
+	const char *scipher;
+} KAT_CHACHA20[] = {
+	{
+		"0000000000000000000000000000000000000000000000000000000000000000",
+		"000000000000000000000000",
+		0,
+		"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000",
+		"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586"
+	},
+	{
+		"0000000000000000000000000000000000000000000000000000000000000001",
+		"000000000000000000000002",
+		1,
+		"416e79207375626d697373696f6e20746f20746865204945544620696e74656e6465642062792074686520436f6e7472696275746f7220666f72207075626c69636174696f6e20617320616c6c206f722070617274206f6620616e204945544620496e7465726e65742d4472616674206f722052464320616e6420616e792073746174656d656e74206d6164652077697468696e2074686520636f6e74657874206f6620616e204945544620616374697669747920697320636f6e7369646572656420616e20224945544620436f6e747269627574696f6e222e20537563682073746174656d656e747320696e636c756465206f72616c2073746174656d656e747320696e20494554462073657373696f6e732c2061732077656c6c206173207772697474656e20616e6420656c656374726f6e696320636f6d6d756e69636174696f6e73206d61646520617420616e792074696d65206f7220706c6163652c207768696368206172652061646472657373656420746f",
+		"a3fbf07df3fa2fde4f376ca23e82737041605d9f4f4f57bd8cff2c1d4b7955ec2a97948bd3722915c8f3d337f7d370050e9e96d647b7c39f56e031ca5eb6250d4042e02785ececfa4b4bb5e8ead0440e20b6e8db09d881a7c6132f420e52795042bdfa7773d8a9051447b3291ce1411c680465552aa6c405b7764d5e87bea85ad00f8449ed8f72d0d662ab052691ca66424bc86d2df80ea41f43abf937d3259dc4b2d0dfb48a6c9139ddd7f76966e928e635553ba76c5c879d7b35d49eb2e62b0871cdac638939e25e8a1e0ef9d5280fa8ca328b351c3c765989cbcf3daa8b6ccc3aaf9f3979c92b3720fc88dc95ed84a1be059c6499b9fda236e7e818b04b0bc39c1e876b193bfe5569753f88128cc08aaa9b63d1a16f80ef2554d7189c411f5869ca52c5b83fa36ff216b9c1d30062bebcfd2dc5bce0911934fda79a86f6e698ced759c3ff9b6477338f3da4f9cd8514ea9982ccafb341b2384dd902f3d1ab7ac61dd29c6f21ba5b862f3730e37cfdc4fd806c22f221"
+	},
+	{
+		"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0",
+		"000000000000000000000002",
+		42,
+		"2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e",
+		"62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1"
+	},
+	{ 0, 0, 0, 0, 0 }
+};
+
+static void
+test_ChaCha20_ct(void)
+{
+	size_t u;
+
+	printf("Test ChaCha20_ct: ");
+	fflush(stdout);
+
+	for (u = 0; KAT_CHACHA20[u].skey; u ++) {
+		unsigned char key[32], nonce[12], plain[400], cipher[400];
+		uint32_t cc;
+		size_t v, len;
+
+		hextobin(key, KAT_CHACHA20[u].skey);
+		hextobin(nonce, KAT_CHACHA20[u].snonce);
+		cc = KAT_CHACHA20[u].counter;
+		len = hextobin(plain, KAT_CHACHA20[u].splain);
+		hextobin(cipher, KAT_CHACHA20[u].scipher);
+
+		for (v = 0; v < len; v ++) {
+			unsigned char tmp[400];
+			size_t w;
+
+			memset(tmp, 0, sizeof tmp);
+			memcpy(tmp, plain, v);
+			if (br_chacha20_ct_run(key, nonce, cc, tmp, v)
+				!= cc + (uint32_t)((v + 63) >> 6))
+			{
+				fprintf(stderr, "ChaCha20: wrong counter\n");
+				exit(EXIT_FAILURE);
+			}
+			if (memcmp(tmp, cipher, v) != 0) {
+				fprintf(stderr, "ChaCha20 KAT fail (1)\n");
+				exit(EXIT_FAILURE);
+			}
+			for (w = v; w < sizeof tmp; w ++) {
+				if (tmp[w] != 0) {
+					fprintf(stderr, "ChaCha20: overrun\n");
+					exit(EXIT_FAILURE);
+				}
+			}
+			br_chacha20_ct_run(key, nonce, cc, tmp, v);
+			if (memcmp(tmp, plain, v) != 0) {
+				fprintf(stderr, "ChaCha20 KAT fail (2)\n");
+				exit(EXIT_FAILURE);
+			}
+		}
+
+		printf(".");
+		fflush(stdout);
+	}
+
+	printf(" done.\n");
+	fflush(stdout);
+}
+
+static const struct {
+	const char *splain;
+	const char *saad;
+	const char *skey;
+	const char *snonce;
+	const char *scipher;
+	const char *stag;
+} KAT_POLY1305[] = {
+	{
+		"4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e652074697020666f7220746865206675747572652c2073756e73637265656e20776f756c642062652069742e",
+		"50515253c0c1c2c3c4c5c6c7",
+		"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f",
+		"070000004041424344454647",
+		"d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d26586cec64b6116",
+		"1ae10b594f09e26a7e902ecbd0600691"
+	},
+	{ 0, 0, 0, 0, 0, 0 }
+};
+
+static void
+test_Poly1305_ctmul(void)
+{
+	size_t u;
+
+	printf("Test Poly1305_ctmul: ");
+	fflush(stdout);
+
+	for (u = 0; KAT_POLY1305[u].skey; u ++) {
+		unsigned char key[32], nonce[12], plain[400], cipher[400];
+		unsigned char aad[400], tag[16], data[400], tmp[16];
+		size_t len, aad_len;
+
+		len = hextobin(plain, KAT_POLY1305[u].splain);
+		aad_len = hextobin(aad, KAT_POLY1305[u].saad);
+		hextobin(key, KAT_POLY1305[u].skey);
+		hextobin(nonce, KAT_POLY1305[u].snonce);
+		hextobin(cipher, KAT_POLY1305[u].scipher);
+		hextobin(tag, KAT_POLY1305[u].stag);
+
+		memcpy(data, plain, len);
+		br_poly1305_ctmul_run(key, nonce, data, len,
+			aad, aad_len, tmp, br_chacha20_ct_run, 1);
+		if (memcmp(data, cipher, len) != 0) {
+			fprintf(stderr, "ChaCha20+Poly1305 KAT failed (1)\n");
+			exit(EXIT_FAILURE);
+		}
+		if (memcmp(tmp, tag, 16) != 0) {
+			fprintf(stderr, "ChaCha20+Poly1305 KAT failed (2)\n");
+			exit(EXIT_FAILURE);
+		}
+		br_poly1305_ctmul_run(key, nonce, data, len,
+			aad, aad_len, tmp, br_chacha20_ct_run, 0);
+		if (memcmp(data, plain, len) != 0) {
+			fprintf(stderr, "ChaCha20+Poly1305 KAT failed (3)\n");
+			exit(EXIT_FAILURE);
+		}
+		if (memcmp(tmp, tag, 16) != 0) {
+			fprintf(stderr, "ChaCha20+Poly1305 KAT failed (4)\n");
+			exit(EXIT_FAILURE);
+		}
+
+		printf(".");
+		fflush(stdout);
+	}
+
+	printf(" done.\n");
+	fflush(stdout);
+}
+
 /*
  * A 1024-bit RSA key, generated with OpenSSL.
  */
@@ -5115,6 +5271,8 @@ static const struct {
 	STU(AES_ct64),
 	STU(DES_tab),
 	STU(DES_ct),
+	STU(ChaCha20_ct),
+	STU(Poly1305_ctmul),
 	STU(RSA_i31),
 	STU(RSA_i32),
 	STU(GHASH_ctmul),