X-Git-Url: https://www.bearssl.org/gitweb//home/git/?p=BearSSL;a=blobdiff_plain;f=test%2Ftest_crypto.c;h=bea236b73e925e8e472245ba9f34e00fc36b8a6d;hp=7e282ab06c63c24df3723988cf97447bab6aa439;hb=0cc2e23690c83b6ea015eea3e78cb4236b685509;hpb=ea95d8264c6aefe742a9c3f4f9d834b188566a29

diff --git a/test/test_crypto.c b/test/test_crypto.c
index 7e282ab..bea236b 100644
--- a/test/test_crypto.c
+++ b/test/test_crypto.c
@@ -4178,12 +4178,16 @@ static const struct {
 };
 
 static void
-test_ChaCha20_ct(void)
+test_ChaCha20_generic(const char *name, br_chacha20_run cr)
 {
 	size_t u;
 
-	printf("Test ChaCha20_ct: ");
+	printf("Test %s: ", name);
 	fflush(stdout);
+	if (cr == 0) {
+		printf("UNAVAILABLE\n");
+		return;
+	}
 
 	for (u = 0; KAT_CHACHA20[u].skey; u ++) {
 		unsigned char key[32], nonce[12], plain[400], cipher[400];
@@ -4199,10 +4203,11 @@ test_ChaCha20_ct(void)
 		for (v = 0; v < len; v ++) {
 			unsigned char tmp[400];
 			size_t w;
+			uint32_t cc2;
 
 			memset(tmp, 0, sizeof tmp);
 			memcpy(tmp, plain, v);
-			if (br_chacha20_ct_run(key, nonce, cc, tmp, v)
+			if (cr(key, nonce, cc, tmp, v)
 				!= cc + (uint32_t)((v + 63) >> 6))
 			{
 				fprintf(stderr, "ChaCha20: wrong counter\n");
@@ -4218,7 +4223,21 @@ test_ChaCha20_ct(void)
 					exit(EXIT_FAILURE);
 				}
 			}
-			br_chacha20_ct_run(key, nonce, cc, tmp, v);
+			for (w = 0, cc2 = cc; w < v; w += 64, cc2 ++) {
+				size_t x;
+
+				x = v - w;
+				if (x > 64) {
+					x = 64;
+				}
+				if (cr(key, nonce, cc2, tmp + w, x)
+					!= (cc2 + 1))
+				{
+					fprintf(stderr, "ChaCha20:"
+						" wrong counter (2)\n");
+					exit(EXIT_FAILURE);
+				}
+			}
 			if (memcmp(tmp, plain, v) != 0) {
 				fprintf(stderr, "ChaCha20 KAT fail (2)\n");
 				exit(EXIT_FAILURE);
@@ -4233,6 +4252,18 @@ test_ChaCha20_ct(void)
 	fflush(stdout);
 }
 
+static void
+test_ChaCha20_ct(void)
+{
+	test_ChaCha20_generic("ChaCha20_ct", &br_chacha20_ct_run);
+}
+
+static void
+test_ChaCha20_sse2(void)
+{
+	test_ChaCha20_generic("ChaCha20_sse2", br_chacha20_sse2_get());
+}
+
 static const struct {
 	const char *splain;
 	const char *saad;
@@ -4892,6 +4923,258 @@ test_GHASH_pwr8(void)
 	}
 }
 
+/*
+ * From: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf
+ *
+ * Order: key, plaintext, AAD, IV, ciphertext, tag
+ */
+static const char *const KAT_GCM[] = {
+	"00000000000000000000000000000000",
+	"",
+	"",
+	"000000000000000000000000",
+	"",
+	"58e2fccefa7e3061367f1d57a4e7455a",
+
+	"00000000000000000000000000000000",
+	"00000000000000000000000000000000",
+	"",
+	"000000000000000000000000",
+	"0388dace60b6a392f328c2b971b2fe78",
+	"ab6e47d42cec13bdf53a67b21257bddf",
+
+	"feffe9928665731c6d6a8f9467308308",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+	"",
+	"cafebabefacedbaddecaf888",
+	"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091473f5985",
+	"4d5c2af327cd64a62cf35abd2ba6fab4",
+
+	"feffe9928665731c6d6a8f9467308308",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+	"cafebabefacedbaddecaf888",
+	"42831ec2217774244b7221b784d0d49ce3aa212f2c02a4e035c17e2329aca12e21d514b25466931c7d8f6a5aac84aa051ba30b396a0aac973d58e091",
+	"5bc94fbc3221a5db94fae95ae7121a47",
+
+	"feffe9928665731c6d6a8f9467308308",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+	"cafebabefacedbad",
+	"61353b4c2806934a777ff51fa22a4755699b2a714fcdc6f83766e5f97b6c742373806900e49f24b22b097544d4896b424989b5e1ebac0f07c23f4598",
+	"3612d2e79e3b0785561be14aaca2fccb",
+
+	"feffe9928665731c6d6a8f9467308308",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+	"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+	"8ce24998625615b603a033aca13fb894be9112a5c3a211a8ba262a3cca7e2ca701e4a9a4fba43c90ccdcb281d48c7c6fd62875d2aca417034c34aee5",
+	"619cc5aefffe0bfa462af43c1699d050",
+
+	"000000000000000000000000000000000000000000000000",
+	"",
+	"",
+	"000000000000000000000000",
+	"",
+	"cd33b28ac773f74ba00ed1f312572435",
+
+	"000000000000000000000000000000000000000000000000",
+	"00000000000000000000000000000000",
+	"",
+	"000000000000000000000000",
+	"98e7247c07f0fe411c267e4384b0f600",
+	"2ff58d80033927ab8ef4d4587514f0fb",
+
+	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+	"",
+	"cafebabefacedbaddecaf888",
+	"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710acade256",
+	"9924a7c8587336bfb118024db8674a14",
+
+	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+	"cafebabefacedbaddecaf888",
+	"3980ca0b3c00e841eb06fac4872a2757859e1ceaa6efd984628593b40ca1e19c7d773d00c144c525ac619d18c84a3f4718e2448b2fe324d9ccda2710",
+	"2519498e80f1478f37ba55bd6d27618c",
+
+	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+	"cafebabefacedbad",
+	"0f10f599ae14a154ed24b36e25324db8c566632ef2bbb34f8347280fc4507057fddc29df9a471f75c66541d4d4dad1c9e93a19a58e8b473fa0f062f7",
+	"65dcc57fcf623a24094fcca40d3533f8",
+
+	"feffe9928665731c6d6a8f9467308308feffe9928665731c",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+	"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+	"d27e88681ce3243c4830165a8fdcf9ff1de9a1d8e6b447ef6ef7b79828666e4581e79012af34ddd9e2f037589b292db3e67c036745fa22e7e9b7373b",
+	"dcf566ff291c25bbb8568fc3d376a6d9",
+
+	"0000000000000000000000000000000000000000000000000000000000000000",
+	"",
+	"",
+	"000000000000000000000000",
+	"",
+	"530f8afbc74536b9a963b4f1c4cb738b",
+
+	"0000000000000000000000000000000000000000000000000000000000000000",
+	"00000000000000000000000000000000",
+	"",
+	"000000000000000000000000",
+	"cea7403d4d606b6e074ec5d3baf39d18",
+	"d0d1c8a799996bf0265b98b5d48ab919",
+
+	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b391aafd255",
+	"",
+	"cafebabefacedbaddecaf888",
+	"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662898015ad",
+	"b094dac5d93471bdec1a502270e3cc6c",
+
+	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+	"cafebabefacedbaddecaf888",
+	"522dc1f099567d07f47f37a32a84427d643a8cdcbfe5c0c97598a2bd2555d1aa8cb08e48590dbb3da7b08b1056828838c5f61e6393ba7a0abcc9f662",
+	"76fc6ece0f4e1768cddf8853bb2d551b",
+
+	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+	"cafebabefacedbad",
+	"c3762df1ca787d32ae47c13bf19844cbaf1ae14d0b976afac52ff7d79bba9de0feb582d33934a4f0954cc2363bc73f7862ac430e64abe499f47c9b1f",
+	"3a337dbf46a792c45e454913fe2ea8f2",
+
+	"feffe9928665731c6d6a8f9467308308feffe9928665731c6d6a8f9467308308",
+	"d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39",
+	"feedfacedeadbeeffeedfacedeadbeefabaddad2",
+	"9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b",
+	"5a8def2f0c9e53f1f75d7853659e2a20eeb2b22aafde6419a058ab4f6f746bf40fc0c3b780f244452da3ebf1c5d82cdea2418997200ef82e44ae7e3f",
+	"a44a8266ee1c8eb0c8b5d4cf5ae9f19a",
+
+	NULL
+};
+
+static void
+test_GCM(void)
+{
+	size_t u;
+
+	printf("Test GCM: ");
+	fflush(stdout);
+
+	for (u = 0; KAT_GCM[u]; u += 6) {
+		unsigned char key[32];
+		unsigned char plain[100];
+		unsigned char aad[100];
+		unsigned char iv[100];
+		unsigned char cipher[100];
+		unsigned char tag[100];
+		size_t key_len, plain_len, aad_len, iv_len;
+		br_aes_ct_ctr_keys bc;
+		br_gcm_context gc;
+		unsigned char tmp[100], out[16];
+		size_t v;
+
+		key_len = hextobin(key, KAT_GCM[u]);
+		plain_len = hextobin(plain, KAT_GCM[u + 1]);
+		aad_len = hextobin(aad, KAT_GCM[u + 2]);
+		iv_len = hextobin(iv, KAT_GCM[u + 3]);
+		hextobin(cipher, KAT_GCM[u + 4]);
+		hextobin(tag, KAT_GCM[u + 5]);
+
+		br_aes_ct_ctr_init(&bc, key, key_len);
+		br_gcm_init(&gc, &bc.vtable, br_ghash_ctmul32);
+
+		memset(tmp, 0x54, sizeof tmp);
+
+		/*
+		 * Basic operation.
+		 */
+		memcpy(tmp, plain, plain_len);
+		br_gcm_reset(&gc, iv, iv_len);
+		br_gcm_aad_inject(&gc, aad, aad_len);
+		br_gcm_flip(&gc);
+		br_gcm_run(&gc, 1, tmp, plain_len);
+		br_gcm_get_tag(&gc, out);
+		check_equals("KAT GCM 1", tmp, cipher, plain_len);
+		check_equals("KAT GCM 2", out, tag, 16);
+
+		br_gcm_reset(&gc, iv, iv_len);
+		br_gcm_aad_inject(&gc, aad, aad_len);
+		br_gcm_flip(&gc);
+		br_gcm_run(&gc, 0, tmp, plain_len);
+		check_equals("KAT GCM 3", tmp, plain, plain_len);
+		if (!br_gcm_check_tag(&gc, tag)) {
+			fprintf(stderr, "Tag not verified (1)\n");
+			exit(EXIT_FAILURE);
+		}
+
+		for (v = plain_len; v < sizeof tmp; v ++) {
+			if (tmp[v] != 0x54) {
+				fprintf(stderr, "overflow on data\n");
+				exit(EXIT_FAILURE);
+			}
+		}
+
+		/*
+		 * Byte-by-byte injection.
+		 */
+		br_gcm_reset(&gc, iv, iv_len);
+		for (v = 0; v < aad_len; v ++) {
+			br_gcm_aad_inject(&gc, aad + v, 1);
+		}
+		br_gcm_flip(&gc);
+		for (v = 0; v < plain_len; v ++) {
+			br_gcm_run(&gc, 1, tmp + v, 1);
+		}
+		check_equals("KAT GCM 4", tmp, cipher, plain_len);
+		if (!br_gcm_check_tag(&gc, tag)) {
+			fprintf(stderr, "Tag not verified (2)\n");
+			exit(EXIT_FAILURE);
+		}
+
+		br_gcm_reset(&gc, iv, iv_len);
+		for (v = 0; v < aad_len; v ++) {
+			br_gcm_aad_inject(&gc, aad + v, 1);
+		}
+		br_gcm_flip(&gc);
+		for (v = 0; v < plain_len; v ++) {
+			br_gcm_run(&gc, 0, tmp + v, 1);
+		}
+		br_gcm_get_tag(&gc, out);
+		check_equals("KAT GCM 5", tmp, plain, plain_len);
+		check_equals("KAT GCM 6", out, tag, 16);
+
+		/*
+		 * Check that alterations are detected.
+		 */
+		for (v = 0; v < aad_len; v ++) {
+			memcpy(tmp, cipher, plain_len);
+			br_gcm_reset(&gc, iv, iv_len);
+			aad[v] ^= 0x04;
+			br_gcm_aad_inject(&gc, aad, aad_len);
+			aad[v] ^= 0x04;
+			br_gcm_flip(&gc);
+			br_gcm_run(&gc, 0, tmp, plain_len);
+			check_equals("KAT GCM 7", tmp, plain, plain_len);
+			if (br_gcm_check_tag(&gc, tag)) {
+				fprintf(stderr, "Tag should have changed\n");
+				exit(EXIT_FAILURE);
+			}
+		}
+
+		printf(".");
+		fflush(stdout);
+	}
+
+	printf(" done.\n");
+	fflush(stdout);
+}
+
 static void
 test_EC_inner(const char *sk, const char *sU,
 	const br_ec_impl *impl, int curve)
@@ -5921,6 +6204,7 @@ static const struct {
 	STU(DES_tab),
 	STU(DES_ct),
 	STU(ChaCha20_ct),
+	STU(ChaCha20_sse2),
 	STU(Poly1305_ctmul),
 	STU(Poly1305_ctmul32),
 	STU(Poly1305_ctmulq),
@@ -5934,6 +6218,7 @@ static const struct {
 	STU(GHASH_ctmul64),
 	STU(GHASH_pclmul),
 	STU(GHASH_pwr8),
+	STU(GCM),
 	STU(EC_prime_i15),
 	STU(EC_prime_i31),
 	STU(EC_p256_m15),