From a2db843da3ff7d909373e2c724015306bdb4cb55 Mon Sep 17 00:00:00 2001 From: Jonas Schnelli Date: Fri, 22 Mar 2019 12:15:13 +0100 Subject: [PATCH] Apply clang-format --- bench.c | 218 ++++++++++++++++--------------- chachapoly_aead.c | 198 ++++++++++++++-------------- chachapoly_aead.h | 29 ++--- tests.c | 321 +++++++++++++++++++++++----------------------- 4 files changed, 387 insertions(+), 379 deletions(-) diff --git a/bench.c b/bench.c index a104521..f6a5dc5 100644 --- a/bench.c +++ b/bench.c @@ -11,10 +11,10 @@ static const uint8_t testkey[32] = { 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}; static const uint8_t testnonce[32] = {0x00, 0x01, 0x02, 0x03, - 0x04, 0x05, 0x06, 0x07}; + 0x04, 0x05, 0x06, 0x07}; static const uint8_t testdata[12] = {0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, - 0x77, 0x6f, 0x72, 0x6c, 0x64, 0x21}; + 0x77, 0x6f, 0x72, 0x6c, 0x64, 0x21}; static const uint64_t BUFFER_SIZE = 1000 * 1000; @@ -26,127 +26,135 @@ static const uint8_t aead_keys[64] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; -static double gettimedouble(void) { - struct timeval tv; - gettimeofday(&tv, NULL); - return tv.tv_usec * 0.000001 + tv.tv_sec; +static double gettimedouble(void) +{ + struct timeval tv; + gettimeofday(&tv, NULL); + return tv.tv_usec * 0.000001 + tv.tv_sec; } -static void print_number(double x) { - double y = x; - int c = 0; - if (y < 0.0) { - y = -y; - } - while (y < 100.0) { - y *= 10.0; - c++; - } - printf("%.*f", c, x); -} - -static void run_benchmark(char *name, void (*benchmark)(void *), - void (*setup)(void *), void (*teardown)(void *), - void *data, int count, int iter) { - int i; - double min = HUGE_VAL; - double sum = 0.0; - double max = 0.0; - for (i = 0; i < count; i++) { - double begin, total; - if (setup != NULL) { - setup(data); - } - begin = gettimedouble(); - benchmark(data); - total = gettimedouble() - begin; - if (teardown != NULL) { - teardown(data); +static void print_number(double x) +{ + double y = x; + int c = 0; + if (y < 0.0) { + y = -y; } - if (total < min) { - min = total; + while (y < 100.0) { + y *= 10.0; + c++; } - if (total > max) { - max = total; + printf("%.*f", c, x); +} + +static void run_benchmark(char* name, void (*benchmark)(void*), void (*setup)(void*), void (*teardown)(void*), void* data, int count, int iter) +{ + int i; + double min = HUGE_VAL; + double sum = 0.0; + double max = 0.0; + for (i = 0; i < count; i++) { + double begin, total; + if (setup != NULL) { + setup(data); + } + begin = gettimedouble(); + benchmark(data); + total = gettimedouble() - begin; + if (teardown != NULL) { + teardown(data); + } + if (total < min) { + min = total; + } + if (total > max) { + max = total; + } + sum += total; } - sum += total; - } - printf("%s: min ", name); - print_number(min * 1000000000.0 / iter); - printf("ns / avg "); - print_number((sum / count) * 1000000000.0 / iter); - printf("ns / max "); - print_number(max * 1000000000.0 / iter); - printf("ns\n"); + printf("%s: min ", name); + print_number(min * 1000000000.0 / iter); + printf("ns / avg "); + print_number((sum / count) * 1000000000.0 / iter); + printf("ns / max "); + print_number(max * 1000000000.0 / iter); + printf("ns\n"); } -static void bench_chacha_ivsetup(void *data) { - struct chacha_ctx *ctx = (struct chacha_ctx *)data; - int i; - for (i = 0; i < 50000; i++) { - chacha_ivsetup(ctx, testnonce, NULL); - } +static void bench_chacha_ivsetup(void* data) +{ + struct chacha_ctx* ctx = (struct chacha_ctx*)data; + int i; + for (i = 0; i < 50000; i++) { + chacha_ivsetup(ctx, testnonce, NULL); + } } -static void bench_chacha_keysetup(void *data) { - struct chacha_ctx *ctx = (struct chacha_ctx *)data; - int i; - for (i = 0; i < 50000; i++) { - chacha_keysetup(ctx, testkey, 256); - } +static void bench_chacha_keysetup(void* data) +{ + struct chacha_ctx* ctx = (struct chacha_ctx*)data; + int i; + for (i = 0; i < 50000; i++) { + chacha_keysetup(ctx, testkey, 256); + } } -static void bench_chacha_encrypt(void *data) { - struct chacha_ctx *ctx = (struct chacha_ctx *)data; - uint8_t scratch[16] = {0}; - int i; - for (i = 0; i < 4000000 / 16; i++) { - chacha_encrypt_bytes(ctx, scratch, scratch, 16); - } +static void bench_chacha_encrypt(void* data) +{ + struct chacha_ctx* ctx = (struct chacha_ctx*)data; + uint8_t scratch[16] = {0}; + int i; + for (i = 0; i < 4000000 / 16; i++) { + chacha_encrypt_bytes(ctx, scratch, scratch, 16); + } } -static void bench_poly1305_auth(void *data) { - struct chacha_ctx *ctx = (struct chacha_ctx *)data; - uint8_t poly1305_tag[16] = {0}; - int i; - for (i = 0; i < 4000000 / 12; i++) { - poly1305_auth(poly1305_tag, testdata, 12, testkey); - } +static void bench_poly1305_auth(void* data) +{ + struct chacha_ctx* ctx = (struct chacha_ctx*)data; + uint8_t poly1305_tag[16] = {0}; + int i; + for (i = 0; i < 4000000 / 12; i++) { + poly1305_auth(poly1305_tag, testdata, 12, testkey); + } } -static void bench_chacha20poly1305_init(void *data) { - struct chachapolyaead_ctx *ctx = (struct chachapolyaead_ctx *)data; - int i; - for (i = 0; i < 50000; i++) { - chacha20poly1305_init(ctx, aead_keys, 32, aead_keys+32, 32); - } +static void bench_chacha20poly1305_init(void* data) +{ + struct chachapolyaead_ctx* ctx = (struct chachapolyaead_ctx*)data; + int i; + for (i = 0; i < 50000; i++) { + chacha20poly1305_init(ctx, aead_keys, 32, aead_keys + 32, 32); + } } -static void bench_chacha20poly1305_crypt(void *data) { - struct chachapolyaead_ctx *ctx = (struct chachapolyaead_ctx *)data; - int i; - uint32_t seqnr = 0; +static void bench_chacha20poly1305_crypt(void* data) +{ + struct chachapolyaead_ctx* ctx = (struct chachapolyaead_ctx*)data; + int i; + uint32_t seqnr = 0; - uint8_t buffer[BUFFER_SIZE + 16]; - for (i = 0; i < 30; i++) { - chacha20poly1305_crypt(ctx, seqnr, seqnr, 0, buffer, BUFFER_SIZE+16, buffer, BUFFER_SIZE, 1); - } + uint8_t buffer[BUFFER_SIZE + 16]; + for (i = 0; i < 30; i++) { + chacha20poly1305_crypt(ctx, seqnr, seqnr, 0, buffer, BUFFER_SIZE + 16, buffer, BUFFER_SIZE, 1); + } } -int main(void) { - struct chacha_ctx ctx_chacha; - struct chachapolyaead_ctx aead_ctx; - run_benchmark("chacha_ivsetup", bench_chacha_ivsetup, NULL, NULL, &ctx_chacha, - 20, 50000); - run_benchmark("chacha_keysetup", bench_chacha_keysetup, NULL, NULL, - &ctx_chacha, 20, 50000); - run_benchmark("chacha_encrypt", bench_chacha_encrypt, NULL, NULL, &ctx_chacha, - 20, 4000000); - run_benchmark("poly1305_auth", bench_poly1305_auth, NULL, NULL, &ctx_chacha, - 20, 4000000); - run_benchmark("chacha20poly1305_init", bench_chacha20poly1305_init, NULL, - NULL, &aead_ctx, 20, 4000000); - run_benchmark("chacha20poly1305_crypt 1MB", bench_chacha20poly1305_crypt, - NULL, NULL, &aead_ctx, 20, 30); - return 0; +int main(void) +{ + struct chacha_ctx ctx_chacha; + struct chachapolyaead_ctx aead_ctx; + run_benchmark("chacha_ivsetup", bench_chacha_ivsetup, NULL, NULL, &ctx_chacha, + 20, 50000); + run_benchmark("chacha_keysetup", bench_chacha_keysetup, NULL, NULL, + &ctx_chacha, 20, 50000); + run_benchmark("chacha_encrypt", bench_chacha_encrypt, NULL, NULL, &ctx_chacha, + 20, 4000000); + run_benchmark("poly1305_auth", bench_poly1305_auth, NULL, NULL, &ctx_chacha, + 20, 4000000); + run_benchmark("chacha20poly1305_init", bench_chacha20poly1305_init, NULL, + NULL, &aead_ctx, 20, 4000000); + run_benchmark("chacha20poly1305_crypt 1MB", bench_chacha20poly1305_crypt, + NULL, NULL, &aead_ctx, 20, 30); + return 0; } \ No newline at end of file diff --git a/chachapoly_aead.c b/chachapoly_aead.c index b2dd0bf..0f0b8fa 100644 --- a/chachapoly_aead.c +++ b/chachapoly_aead.c @@ -2,10 +2,10 @@ #define __STDC_WANT_LIB_EXT1__ 1 #include "poly1305.h" -#include +#include #include #include -#include +#include #if (defined(_WIN16) || defined(_WIN32) || defined(_WIN64)) && \ !defined(__WINDOWS__) @@ -59,126 +59,128 @@ #ifndef HAVE_TIMINGSAFE_BCMP -int timingsafe_bcmp(const void *b1, const void *b2, size_t n) { - const unsigned char *p1 = b1, *p2 = b2; - int ret = 0; +int timingsafe_bcmp(const void* b1, const void* b2, size_t n) +{ + const unsigned char *p1 = b1, *p2 = b2; + int ret = 0; - for (; n > 0; n--) - ret |= *p1++ ^ *p2++; - return (ret != 0); + for (; n > 0; n--) + ret |= *p1++ ^ *p2++; + return (ret != 0); } #endif /* TIMINGSAFE_BCMP */ #ifndef HAVE_MEMSET_S -void memory_cleanse(void *p, size_t n) { +void memory_cleanse(void* p, size_t n) +{ #if defined(__has_feature) #if __has_feature(memory_sanitizer) - memset(p, 0, n); + memset(p, 0, n); #endif #endif } #else /* no memset_s available */ -void memory_cleanse(void *p, size_t n) { (void)memset_s(p, n, 0, n); } +void memory_cleanse(void* p, size_t n) { (void)memset_s(p, n, 0, n); } #endif #define XOR(v, w) ((v) ^ (w)) -int chacha20poly1305_init(struct chachapolyaead_ctx *ctx, const uint8_t *k_1, - int k_1_len, const uint8_t *k_2, int k_2_len) { - if (k_1_len != CHACHA20_POLY1305_AEAD_KEY_LEN || k_2_len != CHACHA20_POLY1305_AEAD_KEY_LEN) - return -1; - chacha_keysetup(&ctx->main_ctx, k_1, 256); - chacha_keysetup(&ctx->header_ctx, k_2, 256); - ctx->cached_aad_seqnr = UINT64_MAX; - return 0; +int chacha20poly1305_init(struct chachapolyaead_ctx* ctx, const uint8_t* k_1, int k_1_len, const uint8_t* k_2, int k_2_len) +{ + if (k_1_len != CHACHA20_POLY1305_AEAD_KEY_LEN || k_2_len != CHACHA20_POLY1305_AEAD_KEY_LEN) + return -1; + chacha_keysetup(&ctx->main_ctx, k_1, 256); + chacha_keysetup(&ctx->header_ctx, k_2, 256); + ctx->cached_aad_seqnr = UINT64_MAX; + return 0; } -int chacha20poly1305_crypt(struct chachapolyaead_ctx *ctx, uint64_t seqnr, uint64_t seqnr_aad, - int pos_aad, - uint8_t *dest, size_t dest_len, const uint8_t *src, size_t src_len, - int is_encrypt) { - const uint8_t one[8] = {1, 0, 0, 0, 0, 0, 0, 0}; /* NB little-endian */ - uint64_t aad_chacha_nonce_hdr = 0; - uint8_t expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; - int r = -1; - int aad_pos = 0; - - if ( - // if we encrypt, make sure the source contains at least the expected AAD and the destination has at least space for the source + MAC - (is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN || dest_len < src_len + POLY1305_TAGLEN)) || - // if we decrypt, make sure the source contains at least the expected AAD+MAC and the destination has at least space for the source - MAc - (!is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN || dest_len < src_len - POLY1305_TAGLEN))) { - return r; - } +int chacha20poly1305_crypt(struct chachapolyaead_ctx* ctx, uint64_t seqnr, uint64_t seqnr_aad, int pos_aad, uint8_t* dest, size_t dest_len, const uint8_t* src, size_t src_len, int is_encrypt) +{ + const uint8_t one[8] = {1, 0, 0, 0, 0, 0, 0, 0}; /* NB little-endian */ + uint64_t aad_chacha_nonce_hdr = 0; + uint8_t expected_tag[POLY1305_TAGLEN], poly_key[POLY1305_KEYLEN]; + int r = -1; + int aad_pos = 0; + + if ( + // if we encrypt, make sure the source contains at least the expected AAD and the destination has at least space for the source + MAC + (is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN || dest_len < src_len + POLY1305_TAGLEN)) || + // if we decrypt, make sure the source contains at least the expected AAD+MAC and the destination has at least space for the source - MAc + (!is_encrypt && (src_len < CHACHA20_POLY1305_AEAD_AAD_LEN + POLY1305_TAGLEN || dest_len < src_len - POLY1305_TAGLEN))) { + return r; + } - uint64_t chacha_iv = htole64(seqnr); - memset(poly_key, 0, sizeof(poly_key)); - chacha_ivsetup(&ctx->main_ctx, (uint8_t *)&chacha_iv, NULL); - chacha_encrypt_bytes(&ctx->main_ctx, poly_key, poly_key, sizeof(poly_key)); + uint64_t chacha_iv = htole64(seqnr); + memset(poly_key, 0, sizeof(poly_key)); + chacha_ivsetup(&ctx->main_ctx, (uint8_t*)&chacha_iv, NULL); + chacha_encrypt_bytes(&ctx->main_ctx, poly_key, poly_key, sizeof(poly_key)); - if (!is_encrypt) { - const uint8_t *tag = src + src_len - POLY1305_TAGLEN; + if (!is_encrypt) { + const uint8_t* tag = src + src_len - POLY1305_TAGLEN; - poly1305_auth(expected_tag, src, src_len - POLY1305_TAGLEN, poly_key); - if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0) { - goto out; + poly1305_auth(expected_tag, src, src_len - POLY1305_TAGLEN, poly_key); + if (timingsafe_bcmp(expected_tag, tag, POLY1305_TAGLEN) != 0) { + goto out; + } + /* MAC has been successfully verified, make sure we don't covert it in decryption */ + src_len -= POLY1305_TAGLEN; } - /* MAC has been successfully verified, make sure we don't covert it in decryption */ - src_len -= POLY1305_TAGLEN; - } - - /* add AAD (encrypted length) */ - if (ctx->cached_aad_seqnr != seqnr_aad) { - ctx->cached_aad_seqnr = seqnr_aad; - aad_chacha_nonce_hdr = htole64(seqnr_aad); - chacha_ivsetup(&ctx->header_ctx, (uint8_t *)&aad_chacha_nonce_hdr, NULL); // block counter 0 - chacha_encrypt_bytes(&ctx->header_ctx, NULL, ctx->aad_keystream_buffer, CHACHA20_ROUND_OUTPUT); - } - /* crypt the AAD (3 byte length) */ - dest[0] = XOR(src[0], ctx->aad_keystream_buffer[aad_pos+0]); - dest[1] = XOR(src[1], ctx->aad_keystream_buffer[aad_pos+1]); - dest[2] = XOR(src[2], ctx->aad_keystream_buffer[aad_pos+2]); - - /* Set Chacha's block counter to 1 and encipher */ - chacha_ivsetup(&ctx->main_ctx, (uint8_t *)&chacha_iv, one); - chacha_encrypt_bytes(&ctx->main_ctx, src + CHACHA20_POLY1305_AEAD_AAD_LEN, dest + CHACHA20_POLY1305_AEAD_AAD_LEN, src_len - CHACHA20_POLY1305_AEAD_AAD_LEN); - - /* If encrypting, calculate and append tag */ - if (is_encrypt) { - poly1305_auth(dest + src_len, dest, src_len, poly_key); - } - r = 0; + + /* add AAD (encrypted length) */ + if (ctx->cached_aad_seqnr != seqnr_aad) { + ctx->cached_aad_seqnr = seqnr_aad; + aad_chacha_nonce_hdr = htole64(seqnr_aad); + chacha_ivsetup(&ctx->header_ctx, (uint8_t*)&aad_chacha_nonce_hdr, NULL); // block counter 0 + chacha_encrypt_bytes(&ctx->header_ctx, NULL, ctx->aad_keystream_buffer, CHACHA20_ROUND_OUTPUT); + } + /* crypt the AAD (3 byte length) */ + dest[0] = XOR(src[0], ctx->aad_keystream_buffer[aad_pos + 0]); + dest[1] = XOR(src[1], ctx->aad_keystream_buffer[aad_pos + 1]); + dest[2] = XOR(src[2], ctx->aad_keystream_buffer[aad_pos + 2]); + + /* Set Chacha's block counter to 1 and encipher */ + chacha_ivsetup(&ctx->main_ctx, (uint8_t*)&chacha_iv, one); + chacha_encrypt_bytes(&ctx->main_ctx, src + CHACHA20_POLY1305_AEAD_AAD_LEN, dest + CHACHA20_POLY1305_AEAD_AAD_LEN, src_len - CHACHA20_POLY1305_AEAD_AAD_LEN); + + /* If encrypting, calculate and append tag */ + if (is_encrypt) { + poly1305_auth(dest + src_len, dest, src_len, poly_key); + } + r = 0; out: - memory_cleanse(expected_tag, sizeof(expected_tag)); - memory_cleanse(&chacha_iv, sizeof(chacha_iv)); - memory_cleanse(poly_key, sizeof(poly_key)); - return r; + memory_cleanse(expected_tag, sizeof(expected_tag)); + memory_cleanse(&chacha_iv, sizeof(chacha_iv)); + memory_cleanse(poly_key, sizeof(poly_key)); + return r; } -int chacha20poly1305_get_length(struct chachapolyaead_ctx *ctx, - uint32_t *len_out, uint64_t seqnr, - const uint8_t *ciphertext) { - uint8_t buf[3], seqbuf[8]; - - int pos = seqnr % AAD_PACKAGES_PER_ROUND * CHACHA20_POLY1305_AEAD_AAD_LEN; - seqnr = seqnr / (float)AAD_PACKAGES_PER_ROUND; /* 21 x 3byte length packages fits in a ChaCha20 round */ - if (ctx->cached_aad_seqnr != seqnr) { - /* we need to calculate the 64 keystream bytes since we reached a new sequence number */ - ctx->cached_aad_seqnr = seqnr; - seqnr = htole64(seqnr); // use LE for the nonce - chacha_ivsetup(&ctx->header_ctx, (uint8_t *)&seqnr, NULL); // block counter 0 - chacha_encrypt_bytes(&ctx->header_ctx, NULL, ctx->aad_keystream_buffer, CHACHA20_ROUND_OUTPUT); - } - - /* decrypt the ciphertext length by XORing the right position of the 64byte keystream cache with the ciphertext */ - *len_out = 0; - *len_out = XOR(ciphertext[0], ctx->aad_keystream_buffer[pos+0]) | - XOR(ciphertext[1], ctx->aad_keystream_buffer[pos+1]) << 8 | - XOR(ciphertext[2], ctx->aad_keystream_buffer[pos+2]) << 16; - - /* convert to host endianness 32bit integer (only 24bit though) */ - *len_out = le32toh(*len_out); - return 0; +int chacha20poly1305_get_length(struct chachapolyaead_ctx* ctx, + uint32_t* len_out, + uint64_t seqnr, + const uint8_t* ciphertext) +{ + uint8_t buf[3], seqbuf[8]; + + int pos = seqnr % AAD_PACKAGES_PER_ROUND * CHACHA20_POLY1305_AEAD_AAD_LEN; + seqnr = seqnr / (float)AAD_PACKAGES_PER_ROUND; /* 21 x 3byte length packages fits in a ChaCha20 round */ + if (ctx->cached_aad_seqnr != seqnr) { + /* we need to calculate the 64 keystream bytes since we reached a new sequence number */ + ctx->cached_aad_seqnr = seqnr; + seqnr = htole64(seqnr); // use LE for the nonce + chacha_ivsetup(&ctx->header_ctx, (uint8_t*)&seqnr, NULL); // block counter 0 + chacha_encrypt_bytes(&ctx->header_ctx, NULL, ctx->aad_keystream_buffer, CHACHA20_ROUND_OUTPUT); + } + + /* decrypt the ciphertext length by XORing the right position of the 64byte keystream cache with the ciphertext */ + *len_out = 0; + *len_out = XOR(ciphertext[0], ctx->aad_keystream_buffer[pos + 0]) | + XOR(ciphertext[1], ctx->aad_keystream_buffer[pos + 1]) << 8 | + XOR(ciphertext[2], ctx->aad_keystream_buffer[pos + 2]) << 16; + + /* convert to host endianness 32bit integer (only 24bit though) */ + *len_out = le32toh(*len_out); + return 0; } \ No newline at end of file diff --git a/chachapoly_aead.h b/chachapoly_aead.h index 48588a8..3f842b7 100644 --- a/chachapoly_aead.h +++ b/chachapoly_aead.h @@ -4,24 +4,21 @@ #include "chacha.h" #define CHACHA_KEYLEN 32 /* 2 x 256 bit keys */ -#define CHACHA20_POLY1305_AEAD_KEY_LEN 32 +#define CHACHA20_POLY1305_AEAD_KEY_LEN 32 #define CHACHA20_POLY1305_AEAD_AAD_LEN 3 /* 3 bytes length */ -#define CHACHA20_ROUND_OUTPUT 64 /* 64 bytes per round */ -#define AAD_PACKAGES_PER_ROUND 21 /* 64 / 3 round down*/ +#define CHACHA20_ROUND_OUTPUT 64 /* 64 bytes per round */ +#define AAD_PACKAGES_PER_ROUND 21 /* 64 / 3 round down*/ struct chachapolyaead_ctx { - struct chacha_ctx main_ctx, header_ctx; - uint8_t aad_keystream_buffer[CHACHA20_ROUND_OUTPUT]; - uint64_t cached_aad_seqnr; + struct chacha_ctx main_ctx, header_ctx; + uint8_t aad_keystream_buffer[CHACHA20_ROUND_OUTPUT]; + uint64_t cached_aad_seqnr; }; -int chacha20poly1305_init(struct chachapolyaead_ctx *cpctx, const uint8_t *k_1, - int k_1_len, const uint8_t *k_2, int k_2_len); -int chacha20poly1305_crypt(struct chachapolyaead_ctx *ctx, uint64_t seqnr, uint64_t seqnr_aad, - int pos_aad, - uint8_t *dest, size_t dest_len, const uint8_t *src, size_t srv_len, - int is_encrypt); -int chacha20poly1305_get_length(struct chachapolyaead_ctx *ctx, - uint32_t *len_out, uint64_t seqnr, - const uint8_t *ciphertext); -#endif /* CHACHA20_POLY_AEAD_H */ \ No newline at end of file +int chacha20poly1305_init(struct chachapolyaead_ctx* cpctx, const uint8_t* k_1, int k_1_len, const uint8_t* k_2, int k_2_len); +int chacha20poly1305_crypt(struct chachapolyaead_ctx* ctx, uint64_t seqnr, uint64_t seqnr_aad, int pos_aad, uint8_t* dest, size_t dest_len, const uint8_t* src, size_t srv_len, int is_encrypt); +int chacha20poly1305_get_length(struct chachapolyaead_ctx* ctx, + uint32_t* len_out, + uint64_t seqnr, + const uint8_t* ciphertext); +#endif /* CHACHA20_POLY_AEAD_H */ diff --git a/tests.c b/tests.c index 886fdc6..5f660dd 100644 --- a/tests.c +++ b/tests.c @@ -14,17 +14,17 @@ #include "poly1305.h" struct chacha20_testvector { - uint8_t key[32]; - uint8_t nonce[8]; - uint8_t resulting_keystream[512]; - int keystream_check_size; + uint8_t key[32]; + uint8_t nonce[8]; + uint8_t resulting_keystream[512]; + int keystream_check_size; }; struct poly1305_testvector { - uint8_t input[64]; - int inputlen; - uint8_t key[64]; - uint8_t resulting_tag[16]; + uint8_t input[64]; + int inputlen; + uint8_t key[64]; + uint8_t resulting_tag[16]; }; /* @@ -34,175 +34,176 @@ struct poly1305_testvector { static const struct chacha20_testvector chacha20_testvectors[] = { {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90, 0x40, 0x5d, 0x6a, - 0xe5, 0x53, 0x86, 0xbd, 0x28, 0xbd, 0xd2, 0x19, 0xb8, 0xa0, 0x8d, - 0xed, 0x1a, 0xa8, 0x36, 0xef, 0xcc, 0x8b, 0x77, 0x0d, 0xc7, 0xda, - 0x41, 0x59, 0x7c, 0x51, 0x57, 0x48, 0x8d, 0x77, 0x24, 0xe0, 0x3f, - 0xb8, 0xd8, 0x4a, 0x37, 0x6a, 0x43, 0xb8, 0xf4, 0x15, 0x18, 0xa1, - 0x1c, 0xc3, 0x87, 0xb6, 0x69, 0xb2, 0xee, 0x65, 0x86}, - 64}, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x76, 0xb8, 0xe0, 0xad, 0xa0, 0xf1, 0x3d, 0x90, 0x40, 0x5d, 0x6a, + 0xe5, 0x53, 0x86, 0xbd, 0x28, 0xbd, 0xd2, 0x19, 0xb8, 0xa0, 0x8d, + 0xed, 0x1a, 0xa8, 0x36, 0xef, 0xcc, 0x8b, 0x77, 0x0d, 0xc7, 0xda, + 0x41, 0x59, 0x7c, 0x51, 0x57, 0x48, 0x8d, 0x77, 0x24, 0xe0, 0x3f, + 0xb8, 0xd8, 0x4a, 0x37, 0x6a, 0x43, 0xb8, 0xf4, 0x15, 0x18, 0xa1, + 0x1c, 0xc3, 0x87, 0xb6, 0x69, 0xb2, 0xee, 0x65, 0x86}, + 64}, {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x45, 0x40, 0xf0, 0x5a, 0x9f, 0x1f, 0xb2, 0x96, 0xd7, 0x73, 0x6e, - 0x7b, 0x20, 0x8e, 0x3c, 0x96, 0xeb, 0x4f, 0xe1, 0x83, 0x46, 0x88, - 0xd2, 0x60, 0x4f, 0x45, 0x09, 0x52, 0xed, 0x43, 0x2d, 0x41, 0xbb, - 0xe2, 0xa0, 0xb6, 0xea, 0x75, 0x66, 0xd2, 0xa5, 0xd1, 0xe7, 0xe2, - 0x0d, 0x42, 0xaf, 0x2c, 0x53, 0xd7, 0x92, 0xb1, 0xc4, 0x3f, 0xea, - 0x81, 0x7e, 0x9a, 0xd2, 0x75, 0xae, 0x54, 0x69, 0x63}, - 64}, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x45, 0x40, 0xf0, 0x5a, 0x9f, 0x1f, 0xb2, 0x96, 0xd7, 0x73, 0x6e, + 0x7b, 0x20, 0x8e, 0x3c, 0x96, 0xeb, 0x4f, 0xe1, 0x83, 0x46, 0x88, + 0xd2, 0x60, 0x4f, 0x45, 0x09, 0x52, 0xed, 0x43, 0x2d, 0x41, 0xbb, + 0xe2, 0xa0, 0xb6, 0xea, 0x75, 0x66, 0xd2, 0xa5, 0xd1, 0xe7, 0xe2, + 0x0d, 0x42, 0xaf, 0x2c, 0x53, 0xd7, 0x92, 0xb1, 0xc4, 0x3f, 0xea, + 0x81, 0x7e, 0x9a, 0xd2, 0x75, 0xae, 0x54, 0x69, 0x63}, + 64}, {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, - {0xde, 0x9c, 0xba, 0x7b, 0xf3, 0xd6, 0x9e, 0xf5, 0xe7, 0x86, 0xdc, 0x63, - 0x97, 0x3f, 0x65, 0x3a, 0x0b, 0x49, 0xe0, 0x15, 0xad, 0xbf, 0xf7, 0x13, - 0x4f, 0xcb, 0x7d, 0xf1, 0x37, 0x82, 0x10, 0x31, 0xe8, 0x5a, 0x05, 0x02, - 0x78, 0xa7, 0x08, 0x45, 0x27, 0x21, 0x4f, 0x73, 0xef, 0xc7, 0xfa, 0x5b, - 0x52, 0x77, 0x06, 0x2e, 0xb7, 0xa0, 0x43, 0x3e, 0x44, 0x5f, 0x41, 0xe3}, - 60}, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, + {0xde, 0x9c, 0xba, 0x7b, 0xf3, 0xd6, 0x9e, 0xf5, 0xe7, 0x86, 0xdc, 0x63, + 0x97, 0x3f, 0x65, 0x3a, 0x0b, 0x49, 0xe0, 0x15, 0xad, 0xbf, 0xf7, 0x13, + 0x4f, 0xcb, 0x7d, 0xf1, 0x37, 0x82, 0x10, 0x31, 0xe8, 0x5a, 0x05, 0x02, + 0x78, 0xa7, 0x08, 0x45, 0x27, 0x21, 0x4f, 0x73, 0xef, 0xc7, 0xfa, 0x5b, + 0x52, 0x77, 0x06, 0x2e, 0xb7, 0xa0, 0x43, 0x3e, 0x44, 0x5f, 0x41, 0xe3}, + 60}, {{0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - {0xef, 0x3f, 0xdf, 0xd6, 0xc6, 0x15, 0x78, 0xfb, 0xf5, 0xcf, 0x35, - 0xbd, 0x3d, 0xd3, 0x3b, 0x80, 0x09, 0x63, 0x16, 0x34, 0xd2, 0x1e, - 0x42, 0xac, 0x33, 0x96, 0x0b, 0xd1, 0x38, 0xe5, 0x0d, 0x32, 0x11, - 0x1e, 0x4c, 0xaf, 0x23, 0x7e, 0xe5, 0x3c, 0xa8, 0xad, 0x64, 0x26, - 0x19, 0x4a, 0x88, 0x54, 0x5d, 0xdc, 0x49, 0x7a, 0x0b, 0x46, 0x6e, - 0x7d, 0x6b, 0xbd, 0xb0, 0x04, 0x1b, 0x2f, 0x58, 0x6b}, - 64}, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + {0xef, 0x3f, 0xdf, 0xd6, 0xc6, 0x15, 0x78, 0xfb, 0xf5, 0xcf, 0x35, + 0xbd, 0x3d, 0xd3, 0x3b, 0x80, 0x09, 0x63, 0x16, 0x34, 0xd2, 0x1e, + 0x42, 0xac, 0x33, 0x96, 0x0b, 0xd1, 0x38, 0xe5, 0x0d, 0x32, 0x11, + 0x1e, 0x4c, 0xaf, 0x23, 0x7e, 0xe5, 0x3c, 0xa8, 0xad, 0x64, 0x26, + 0x19, 0x4a, 0x88, 0x54, 0x5d, 0xdc, 0x49, 0x7a, 0x0b, 0x46, 0x6e, + 0x7d, 0x6b, 0xbd, 0xb0, 0x04, 0x1b, 0x2f, 0x58, 0x6b}, + 64}, {{0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, - 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, - 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, - {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}, - {0xf7, 0x98, 0xa1, 0x89, 0xf1, 0x95, 0xe6, 0x69, 0x82, 0x10, 0x5f, 0xfb, - 0x64, 0x0b, 0xb7, 0x75, 0x7f, 0x57, 0x9d, 0xa3, 0x16, 0x02, 0xfc, 0x93, - 0xec, 0x01, 0xac, 0x56, 0xf8, 0x5a, 0xc3, 0xc1, 0x34, 0xa4, 0x54, 0x7b, - 0x73, 0x3b, 0x46, 0x41, 0x30, 0x42, 0xc9, 0x44, 0x00, 0x49, 0x17, 0x69, - 0x05, 0xd3, 0xbe, 0x59, 0xea, 0x1c, 0x53, 0xf1, 0x59, 0x16, 0x15, 0x5c, - 0x2b, 0xe8, 0x24, 0x1a, 0x38, 0x00, 0x8b, 0x9a, 0x26, 0xbc, 0x35, 0x94, - 0x1e, 0x24, 0x44, 0x17, 0x7c, 0x8a, 0xde, 0x66, 0x89, 0xde, 0x95, 0x26, - 0x49, 0x86, 0xd9, 0x58, 0x89, 0xfb, 0x60, 0xe8, 0x46, 0x29, 0xc9, 0xbd, - 0x9a, 0x5a, 0xcb, 0x1c, 0xc1, 0x18, 0xbe, 0x56, 0x3e, 0xb9, 0xb3, 0xa4, - 0xa4, 0x72, 0xf8, 0x2e, 0x09, 0xa7, 0xe7, 0x78, 0x49, 0x2b, 0x56, 0x2e, - 0xf7, 0x13, 0x0e, 0x88, 0xdf, 0xe0, 0x31, 0xc7, 0x9d, 0xb9, 0xd4, 0xf7, - 0xc7, 0xa8, 0x99, 0x15, 0x1b, 0x9a, 0x47, 0x50, 0x32, 0xb6, 0x3f, 0xc3, - 0x85, 0x24, 0x5f, 0xe0, 0x54, 0xe3, 0xdd, 0x5a, 0x97, 0xa5, 0xf5, 0x76, - 0xfe, 0x06, 0x40, 0x25, 0xd3, 0xce, 0x04, 0x2c, 0x56, 0x6a, 0xb2, 0xc5, - 0x07, 0xb1, 0x38, 0xdb, 0x85, 0x3e, 0x3d, 0x69, 0x59, 0x66, 0x09, 0x96, - 0x54, 0x6c, 0xc9, 0xc4, 0xa6, 0xea, 0xfd, 0xc7, 0x77, 0xc0, 0x40, 0xd7, - 0x0e, 0xaf, 0x46, 0xf7, 0x6d, 0xad, 0x39, 0x79, 0xe5, 0xc5, 0x36, 0x0c, - 0x33, 0x17, 0x16, 0x6a, 0x1c, 0x89, 0x4c, 0x94, 0xa3, 0x71, 0x87, 0x6a, - 0x94, 0xdf, 0x76, 0x28, 0xfe, 0x4e, 0xaa, 0xf2, 0xcc, 0xb2, 0x7d, 0x5a, - 0xaa, 0xe0, 0xad, 0x7a, 0xd0, 0xf9, 0xd4, 0xb6, 0xad, 0x3b, 0x54, 0x09, - 0x87, 0x46, 0xd4, 0x52, 0x4d, 0x38, 0x40, 0x7a, 0x6d, 0xeb, 0x3a, 0xb7, - 0x8f, 0xab, 0x78, 0xc9}, - 256}}; + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}, + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}, + {0xf7, 0x98, 0xa1, 0x89, 0xf1, 0x95, 0xe6, 0x69, 0x82, 0x10, 0x5f, 0xfb, + 0x64, 0x0b, 0xb7, 0x75, 0x7f, 0x57, 0x9d, 0xa3, 0x16, 0x02, 0xfc, 0x93, + 0xec, 0x01, 0xac, 0x56, 0xf8, 0x5a, 0xc3, 0xc1, 0x34, 0xa4, 0x54, 0x7b, + 0x73, 0x3b, 0x46, 0x41, 0x30, 0x42, 0xc9, 0x44, 0x00, 0x49, 0x17, 0x69, + 0x05, 0xd3, 0xbe, 0x59, 0xea, 0x1c, 0x53, 0xf1, 0x59, 0x16, 0x15, 0x5c, + 0x2b, 0xe8, 0x24, 0x1a, 0x38, 0x00, 0x8b, 0x9a, 0x26, 0xbc, 0x35, 0x94, + 0x1e, 0x24, 0x44, 0x17, 0x7c, 0x8a, 0xde, 0x66, 0x89, 0xde, 0x95, 0x26, + 0x49, 0x86, 0xd9, 0x58, 0x89, 0xfb, 0x60, 0xe8, 0x46, 0x29, 0xc9, 0xbd, + 0x9a, 0x5a, 0xcb, 0x1c, 0xc1, 0x18, 0xbe, 0x56, 0x3e, 0xb9, 0xb3, 0xa4, + 0xa4, 0x72, 0xf8, 0x2e, 0x09, 0xa7, 0xe7, 0x78, 0x49, 0x2b, 0x56, 0x2e, + 0xf7, 0x13, 0x0e, 0x88, 0xdf, 0xe0, 0x31, 0xc7, 0x9d, 0xb9, 0xd4, 0xf7, + 0xc7, 0xa8, 0x99, 0x15, 0x1b, 0x9a, 0x47, 0x50, 0x32, 0xb6, 0x3f, 0xc3, + 0x85, 0x24, 0x5f, 0xe0, 0x54, 0xe3, 0xdd, 0x5a, 0x97, 0xa5, 0xf5, 0x76, + 0xfe, 0x06, 0x40, 0x25, 0xd3, 0xce, 0x04, 0x2c, 0x56, 0x6a, 0xb2, 0xc5, + 0x07, 0xb1, 0x38, 0xdb, 0x85, 0x3e, 0x3d, 0x69, 0x59, 0x66, 0x09, 0x96, + 0x54, 0x6c, 0xc9, 0xc4, 0xa6, 0xea, 0xfd, 0xc7, 0x77, 0xc0, 0x40, 0xd7, + 0x0e, 0xaf, 0x46, 0xf7, 0x6d, 0xad, 0x39, 0x79, 0xe5, 0xc5, 0x36, 0x0c, + 0x33, 0x17, 0x16, 0x6a, 0x1c, 0x89, 0x4c, 0x94, 0xa3, 0x71, 0x87, 0x6a, + 0x94, 0xdf, 0x76, 0x28, 0xfe, 0x4e, 0xaa, 0xf2, 0xcc, 0xb2, 0x7d, 0x5a, + 0xaa, 0xe0, 0xad, 0x7a, 0xd0, 0xf9, 0xd4, 0xb6, 0xad, 0x3b, 0x54, 0x09, + 0x87, 0x46, 0xd4, 0x52, 0x4d, 0x38, 0x40, 0x7a, 0x6d, 0xeb, 0x3a, 0xb7, + 0x8f, 0xab, 0x78, 0xc9}, + 256}}; static const struct poly1305_testvector poly1305_testvectors[] = { { {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 32, {0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x33, 0x32, 0x2d, - 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, - 0x72, 0x20, 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35}, + 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35}, {0x49, 0xec, 0x78, 0x09, 0x0e, 0x48, 0x1e, 0xc6, 0xc2, 0x6b, 0x33, 0xb9, - 0x1c, 0xcc, 0x03, 0x07}, + 0x1c, 0xcc, 0x03, 0x07}, }, {{0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64, 0x21}, - 12, - {0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x33, 0x32, 0x2d, - 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, - 0x72, 0x20, 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35}, - {0xa6, 0xf7, 0x45, 0x00, 0x8f, 0x81, 0xc9, 0x16, 0xa2, 0x0d, 0xcc, 0x74, - 0xee, 0xf2, 0xb2, 0xf0}}}; + 12, + {0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x33, 0x32, 0x2d, + 0x62, 0x79, 0x74, 0x65, 0x20, 0x6b, 0x65, 0x79, 0x20, 0x66, 0x6f, + 0x72, 0x20, 0x50, 0x6f, 0x6c, 0x79, 0x31, 0x33, 0x30, 0x35}, + {0xa6, 0xf7, 0x45, 0x00, 0x8f, 0x81, 0xc9, 0x16, 0xa2, 0x0d, 0xcc, 0x74, + 0xee, 0xf2, 0xb2, 0xf0}}}; -int main(void) { - struct chacha_ctx ctx; - uint8_t iv[8] = {0, 0, 0, 0, 0, 0, 0, 0}; - unsigned int i = 0; - uint8_t keystream[512]; - uint8_t poly1305_tag[16]; +int main(void) +{ + struct chacha_ctx ctx; + uint8_t iv[8] = {0, 0, 0, 0, 0, 0, 0, 0}; + unsigned int i = 0; + uint8_t keystream[512]; + uint8_t poly1305_tag[16]; - /* test chacha20 */ - for (i = 0; - i < (sizeof(chacha20_testvectors) / sizeof(chacha20_testvectors[0])); - i++) { - chacha_ivsetup(&ctx, chacha20_testvectors[i].nonce, NULL); - memset(keystream, 0, 512); - chacha_keysetup(&ctx, chacha20_testvectors[i].key, 256); - chacha_encrypt_bytes(&ctx, keystream, keystream, 512); - assert(memcmp(keystream, chacha20_testvectors[i].resulting_keystream, - chacha20_testvectors[i].keystream_check_size) == 0); - } + /* test chacha20 */ + for (i = 0; + i < (sizeof(chacha20_testvectors) / sizeof(chacha20_testvectors[0])); + i++) { + chacha_ivsetup(&ctx, chacha20_testvectors[i].nonce, NULL); + memset(keystream, 0, 512); + chacha_keysetup(&ctx, chacha20_testvectors[i].key, 256); + chacha_encrypt_bytes(&ctx, keystream, keystream, 512); + assert(memcmp(keystream, chacha20_testvectors[i].resulting_keystream, + chacha20_testvectors[i].keystream_check_size) == 0); + } - /* test poly1305 */ - for (i = 0; - i < (sizeof(poly1305_testvectors) / sizeof(poly1305_testvectors[0])); - i++) { - memset(poly1305_tag, 0, 16); - poly1305_auth(poly1305_tag, poly1305_testvectors[i].input, - poly1305_testvectors[i].inputlen, - poly1305_testvectors[i].key); - assert(memcmp(poly1305_tag, poly1305_testvectors[i].resulting_tag, 16) == - 0); - int i = 100; - } + /* test poly1305 */ + for (i = 0; + i < (sizeof(poly1305_testvectors) / sizeof(poly1305_testvectors[0])); + i++) { + memset(poly1305_tag, 0, 16); + poly1305_auth(poly1305_tag, poly1305_testvectors[i].input, + poly1305_testvectors[i].inputlen, + poly1305_testvectors[i].key); + assert(memcmp(poly1305_tag, poly1305_testvectors[i].resulting_tag, 16) == + 0); + int i = 100; + } - /* test chacha20poly1305 AEAD */ - struct chachapolyaead_ctx aead_ctx; - uint32_t seqnr = 0; - uint32_t seqnr_aad = 0; - int pos_aad = 0; - uint8_t aead_k_1[64] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, - 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, - 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}; - uint8_t aead_k_2[64] = { - 0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, - 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, - 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}; + /* test chacha20poly1305 AEAD */ + struct chachapolyaead_ctx aead_ctx; + uint32_t seqnr = 0; + uint32_t seqnr_aad = 0; + int pos_aad = 0; + uint8_t aead_k_1[64] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}; + uint8_t aead_k_2[64] = { + 0xff, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, + 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, + 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f}; - uint8_t plaintext_buf[256] = { - 0xff, 0x00, 0x00, 0xf1, 0x95, 0xe6, 0x69, 0x82, 0x10, 0x5f, 0xfb, - 0x64, 0x0b, 0xb7, 0x75, 0x7f, 0x57, 0x9d, 0xa3, 0x16, 0x02, 0xfc, 0x93, - 0xec, 0x01, 0xac, 0x56, 0xf8, 0x5a, 0xc3, 0xc1, 0x34, 0xa4, 0x54, 0x7b, - 0x73, 0x3b, 0x46, 0x41, 0x30, 0x42, 0xc9, 0x44, 0x00, 0x49, 0x17, 0x69, - 0x05, 0xd3, 0xbe, 0x59, 0xea, 0x1c, 0x53, 0xf1, 0x59, 0x16, 0x15, 0x5c, - 0x2b, 0xe8, 0x24, 0x1a, 0x38, 0x00, 0x8b, 0x9a, 0x26, 0xbc, 0x35, 0x94, - 0x1e, 0x24, 0x44, 0x17, 0x7c, 0x8a, 0xde, 0x66, 0x89, 0xde, 0x95, 0x26, - 0x49, 0x86, 0xd9, 0x58, 0x89, 0xfb, 0x60, 0xe8, 0x46, 0x29, 0xc9, 0xbd, - 0x9a, 0x5a, 0xcb, 0x1c, 0xc1, 0x18, 0xbe, 0x56, 0x3e, 0xb9, 0xb3, 0xa4, - 0xa4, 0x72, 0xf8, 0x2e, 0x09, 0xa7, 0xe7, 0x78, 0x49, 0x2b, 0x56, 0x2e, - 0xf7, 0x13, 0x0e, 0x88, 0xdf, 0xe0, 0x31, 0xc7, 0x9d, 0xb9, 0xd4, 0xf7, - 0xc7, 0xa8, 0x99, 0x15, 0x1b, 0x9a, 0x47, 0x50, 0x32, 0xb6, 0x3f, 0xc3, - 0x85, 0x24, 0x5f, 0xe0, 0x54, 0xe3, 0xdd, 0x5a, 0x97, 0xa5, 0xf5, 0x76, - 0xfe, 0x06, 0x40, 0x25, 0xd3, 0xce, 0x04, 0x2c, 0x56, 0x6a, 0xb2, 0xc5, - 0x07, 0xb1, 0x38, 0xdb, 0x85, 0x3e, 0x3d, 0x69, 0x59, 0x66, 0x09, 0x96, - 0x54, 0x6c, 0xc9, 0xc4, 0xa6, 0xea, 0xfd, 0xc7, 0x77, 0xc0, 0x40, 0xd7, - 0x0e, 0xaf, 0x46, 0xf7, 0x6d, 0xad, 0x39, 0x79, 0xe5, 0xc5, 0x36, 0x0c, - 0x33, 0x17, 0x16, 0x6a, 0x1c, 0x89, 0x4c, 0x94, 0xa3, 0x71, 0x87, 0x6a, - 0x94, 0xdf, 0x76, 0x28, 0xfe, 0x4e, 0xaa, 0xf2, 0xcc, 0xb2, 0x7d, 0x5a, - 0xaa, 0xe0, 0xad, 0x7a, 0xd0, 0xf9, 0xd4, 0xb6, 0xad, 0x3b, 0x54, 0x09, - 0x87, 0x46, 0xd4, 0x52, 0x4d, 0x38, 0x40, 0x7a, 0x6d, 0xeb, 0x3a, 0xb7, - 0x8f, 0xab, 0x78, 0xc9}; + uint8_t plaintext_buf[256] = { + 0xff, 0x00, 0x00, 0xf1, 0x95, 0xe6, 0x69, 0x82, 0x10, 0x5f, 0xfb, + 0x64, 0x0b, 0xb7, 0x75, 0x7f, 0x57, 0x9d, 0xa3, 0x16, 0x02, 0xfc, 0x93, + 0xec, 0x01, 0xac, 0x56, 0xf8, 0x5a, 0xc3, 0xc1, 0x34, 0xa4, 0x54, 0x7b, + 0x73, 0x3b, 0x46, 0x41, 0x30, 0x42, 0xc9, 0x44, 0x00, 0x49, 0x17, 0x69, + 0x05, 0xd3, 0xbe, 0x59, 0xea, 0x1c, 0x53, 0xf1, 0x59, 0x16, 0x15, 0x5c, + 0x2b, 0xe8, 0x24, 0x1a, 0x38, 0x00, 0x8b, 0x9a, 0x26, 0xbc, 0x35, 0x94, + 0x1e, 0x24, 0x44, 0x17, 0x7c, 0x8a, 0xde, 0x66, 0x89, 0xde, 0x95, 0x26, + 0x49, 0x86, 0xd9, 0x58, 0x89, 0xfb, 0x60, 0xe8, 0x46, 0x29, 0xc9, 0xbd, + 0x9a, 0x5a, 0xcb, 0x1c, 0xc1, 0x18, 0xbe, 0x56, 0x3e, 0xb9, 0xb3, 0xa4, + 0xa4, 0x72, 0xf8, 0x2e, 0x09, 0xa7, 0xe7, 0x78, 0x49, 0x2b, 0x56, 0x2e, + 0xf7, 0x13, 0x0e, 0x88, 0xdf, 0xe0, 0x31, 0xc7, 0x9d, 0xb9, 0xd4, 0xf7, + 0xc7, 0xa8, 0x99, 0x15, 0x1b, 0x9a, 0x47, 0x50, 0x32, 0xb6, 0x3f, 0xc3, + 0x85, 0x24, 0x5f, 0xe0, 0x54, 0xe3, 0xdd, 0x5a, 0x97, 0xa5, 0xf5, 0x76, + 0xfe, 0x06, 0x40, 0x25, 0xd3, 0xce, 0x04, 0x2c, 0x56, 0x6a, 0xb2, 0xc5, + 0x07, 0xb1, 0x38, 0xdb, 0x85, 0x3e, 0x3d, 0x69, 0x59, 0x66, 0x09, 0x96, + 0x54, 0x6c, 0xc9, 0xc4, 0xa6, 0xea, 0xfd, 0xc7, 0x77, 0xc0, 0x40, 0xd7, + 0x0e, 0xaf, 0x46, 0xf7, 0x6d, 0xad, 0x39, 0x79, 0xe5, 0xc5, 0x36, 0x0c, + 0x33, 0x17, 0x16, 0x6a, 0x1c, 0x89, 0x4c, 0x94, 0xa3, 0x71, 0x87, 0x6a, + 0x94, 0xdf, 0x76, 0x28, 0xfe, 0x4e, 0xaa, 0xf2, 0xcc, 0xb2, 0x7d, 0x5a, + 0xaa, 0xe0, 0xad, 0x7a, 0xd0, 0xf9, 0xd4, 0xb6, 0xad, 0x3b, 0x54, 0x09, + 0x87, 0x46, 0xd4, 0x52, 0x4d, 0x38, 0x40, 0x7a, 0x6d, 0xeb, 0x3a, 0xb7, + 0x8f, 0xab, 0x78, 0xc9}; - uint8_t ciphertext_buf[255+16] = {0}; - uint8_t plaintext_buf_new[255] = {0}; - chacha20poly1305_init(&aead_ctx, aead_k_1, 32, aead_k_2, 32); - assert((uint32_t)plaintext_buf[0] == 255); - chacha20poly1305_crypt(&aead_ctx, seqnr, seqnr_aad, pos_aad, ciphertext_buf, 300, plaintext_buf, 255, 1); - uint32_t out_len = 0; - chacha20poly1305_get_length(&aead_ctx, &out_len, seqnr, ciphertext_buf); - assert(out_len == 255); - chacha20poly1305_crypt(&aead_ctx, seqnr, seqnr_aad, pos_aad, plaintext_buf_new, 255, ciphertext_buf, - sizeof(ciphertext_buf), 0); - assert(memcmp(plaintext_buf, plaintext_buf_new, 252) == 0); + uint8_t ciphertext_buf[255 + 16] = {0}; + uint8_t plaintext_buf_new[255] = {0}; + chacha20poly1305_init(&aead_ctx, aead_k_1, 32, aead_k_2, 32); + assert((uint32_t)plaintext_buf[0] == 255); + chacha20poly1305_crypt(&aead_ctx, seqnr, seqnr_aad, pos_aad, ciphertext_buf, 300, plaintext_buf, 255, 1); + uint32_t out_len = 0; + chacha20poly1305_get_length(&aead_ctx, &out_len, seqnr, ciphertext_buf); + assert(out_len == 255); + chacha20poly1305_crypt(&aead_ctx, seqnr, seqnr_aad, pos_aad, plaintext_buf_new, 255, ciphertext_buf, + sizeof(ciphertext_buf), 0); + assert(memcmp(plaintext_buf, plaintext_buf_new, 252) == 0); }