Skip to content

GitLab

Commit 04d29c83 authored by Nikos Mavrogiannopoulos's avatar Nikos Mavrogiannopoulos Committed by Niels Möller
Browse files

First implementation of poly1305.

parent a7eb86b4
Hide whitespace changes
Inline Side-by-side
Showing with 550 additions and 1 deletion
ChangeLog
View file @ 04d29c83
2013-11-08 Nikos Mavrogiannopoulos <nmav@gnutls.org>
* poly1305.h: New file.
* poly1305.c: New file.
* poly1305-aes.h: New file.
* poly1305-aes.c: New file.
* Makefile.in (nettle_SOURCES): Added poly1305-aes.c and poly1305.c.
(HEADERS): Added poly1305-aes.h and poly1305.h.
* testsuite/poly1305-test.c: New file.
* testsuite/Makefile.in (TS_NETTLE_SOURCES): Added poly1305-test.c.
* examples/nettle-benchmark.c (time_poly1305_aes): New function.
(main): Benchmark poly1305.
2013-10-05 Niels Möller <nisse@lysator.liu.se>
* Makefile.in (nettle_SOURCES): Added eax.c.
......
Makefile.in
View file @ 04d29c83
......@@ -103,6 +103,7 @@ nettle_SOURCES = aes-decrypt-internal.c aes-decrypt.c \
serpent-set-key.c serpent-encrypt.c serpent-decrypt.c \
serpent-meta.c \
twofish.c twofish-meta.c \
poly1305-aes.c poly1305.c \
umac-nh.c umac-nh-n.c umac-l2.c umac-l3.c \
umac-poly64.c umac-poly128.c umac-set-key.c \
umac32.c umac64.c umac96.c umac128.c \
......@@ -162,7 +163,7 @@ HEADERS = aes.h arcfour.h arctwo.h asn1.h bignum.h blowfish.h \
pgp.h pkcs1.h realloc.h ripemd160.h rsa.h rsa-compat.h \
salsa20.h sexp.h \
serpent.h sha.h sha1.h sha2.h sha3.h twofish.h \
umac.h yarrow.h
umac.h yarrow.h poly1305-aes.h poly1305.h
INSTALL_HEADERS = $(HEADERS) nettle-stdint.h
......
examples/nettle-benchmark.c
View file @ 04d29c83
......@@ -56,6 +56,7 @@
#include "sha3.h"
#include "twofish.h"
#include "umac.h"
#include "poly1305-aes.h"
#include "nettle-meta.h"
#include "nettle-internal.h"
......@@ -398,6 +399,23 @@ time_umac(void)
time_function(bench_hash, &info));
}
static void
time_poly1305_aes(void)
{
static uint8_t data[BENCH_BLOCK];
struct bench_hash_info info;
struct poly1305_aes_ctx ctx;
uint8_t key[32];
poly1305_aes_set_key (&ctx, key);
info.ctx = &ctx;
info.update = (nettle_hash_update_func *) poly1305_aes_update;
info.data = data;
display("poly1305-aes", "update", 1024,
time_function(bench_hash, &info));
}
static void
time_gcm(void)
{
......@@ -718,6 +736,9 @@ main(int argc, char **argv)
if (!alg || strstr ("umac", alg))
time_umac();
if (!alg || strstr ("poly1305-aes", alg))
time_poly1305_aes();
for (i = 0; ciphers[i]; i++)
if (!alg || strstr(ciphers[i]->name, alg))
time_cipher(ciphers[i]);
......
poly1305-aes.c 0 → 100644
View file @ 04d29c83
/* nettle, low-level cryptographics library
*
* Copyright (C) 2013 Nikos Mavrogiannopoulos
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include <string.h>
#include "macros.h"
#include "nettle-types.h"
#include "poly1305-aes.h"
void
poly1305_aes_set_key (struct poly1305_aes_ctx *ctx, const uint8_t * key)
{
POLY1305_SET_KEY(ctx, aes_set_encrypt_key, key);
}
void
poly1305_aes_set_nonce (struct poly1305_aes_ctx *ctx,
const uint8_t * nonce)
{
POLY1305_SET_NONCE(ctx, nonce);
}
void
poly1305_aes_update (struct poly1305_aes_ctx *ctx,
size_t length, const uint8_t * data)
{
POLY1305_UPDATE(ctx, length, data);
}
void
poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
size_t length, uint8_t * digest)
{
POLY1305_DIGEST(ctx, aes_encrypt, length, digest);
}
poly1305-aes.h 0 → 100644
View file @ 04d29c83
/* poly1305-aes.h
*
* Poly1305 message authentication code.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2013 Nikos Mavrogiannopoulos
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#ifndef NETTLE_POLY1305_AES_H_INCLUDED
#define NETTLE_POLY1305_AES_H_INCLUDED
#ifdef __cplusplus
extern "C" {
#endif
#include "nettle-types.h"
#include "poly1305.h"
#include "aes.h"
#define POLY1305_AES_KEY_SIZE 32
#define POLY1305_AES_DIGEST_SIZE 16
#define poly1305_aes_set_key nettle_poly1305_aes_set_key
#define poly1305_aes_set_nonce nettle_poly1305_aes_set_nonce
#define poly1305_aes_update nettle_poly1305_aes_update
#define poly1305_aes_digest nettle_poly1305_aes_digest
struct poly1305_aes_ctx POLY1305_CTX(struct aes_ctx);
/* The _set_key function initialize the nonce to zero. */
void
poly1305_aes_set_key (struct poly1305_aes_ctx *ctx, const uint8_t *key);
/* Optional, if not used, messages get incrementing nonces starting from zero. */
void
poly1305_aes_set_nonce (struct poly1305_aes_ctx *ctx,
const uint8_t *nonce);
void
poly1305_aes_update (struct poly1305_aes_ctx *ctx,
size_t length, const uint8_t *data);
/* The _digest functions increment the nonce */
void
poly1305_aes_digest (struct poly1305_aes_ctx *ctx,
size_t length, uint8_t *digest);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_POLY1305_AES_H_INCLUDED */
poly1305.c 0 → 100644
View file @ 04d29c83
/* nettle, low-level cryptographics library
*
* Placed by the author under public domain or the MIT license.
* (see https://github.com/floodyberry/poly1305-donna )
* Modified for nettle by Nikos Mavrogiannopoulos.
*
* Copyright: 2012-2013 Andrew M. (floodyberry)
*
* Permission is hereby granted, free of charge, to any person obtaining a
* copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif
#include <string.h>
#include "macros.h"
#include "nettle-types.h"
#include "poly1305.h"
#define mul32x32_64(a,b) ((uint64_t)(a) * (b))
void poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16])
{
uint32_t t0,t1,t2,t3;
t0 = LE_READ_UINT32(key);
t1 = LE_READ_UINT32(key+4);
t2 = LE_READ_UINT32(key+8);
t3 = LE_READ_UINT32(key+12);
ctx->r0 = t0 & 0x3ffffff; t0 >>= 26; t0 |= t1 << 6;
ctx->r1 = t0 & 0x3ffff03; t1 >>= 20; t1 |= t2 << 12;
ctx->r2 = t1 & 0x3ffc0ff; t2 >>= 14; t2 |= t3 << 18;
ctx->r3 = t2 & 0x3f03fff; t3 >>= 8;
ctx->r4 = t3 & 0x00fffff;
ctx->s1 = ctx->r1 * 5;
ctx->s2 = ctx->r2 * 5;
ctx->s3 = ctx->r3 * 5;
ctx->s4 = ctx->r4 * 5;
ctx->h0 = 0;
ctx->h1 = 0;
ctx->h2 = 0;
ctx->h3 = 0;
ctx->h4 = 0;
}
void
poly1305_set_nonce (struct poly1305_ctx *ctx, const uint8_t * nonce)
{
memcpy (ctx->nonce, nonce, 16);
}
void
poly1305_set_s (struct poly1305_ctx *ctx, const uint8_t * s)
{
memcpy (ctx->s, s, 16);
}
void
poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16])
{
uint32_t t0,t1,t2,t3;
uint32_t b;
uint64_t t[5];
uint64_t c;
/* full blocks */
t0 = LE_READ_UINT32(m);
t1 = LE_READ_UINT32(m+4);
t2 = LE_READ_UINT32(m+8);
t3 = LE_READ_UINT32(m+12);
ctx->h0 += t0 & 0x3ffffff;
ctx->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
ctx->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
ctx->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
ctx->h4 += (t3 >> 8) | (1 << 24);
/* poly1305_donna_mul: */
t[0] = mul32x32_64(ctx->h0,ctx->r0) + mul32x32_64(ctx->h1,ctx->s4) + mul32x32_64(ctx->h2,ctx->s3) + mul32x32_64(ctx->h3,ctx->s2) + mul32x32_64(ctx->h4,ctx->s1);
t[1] = mul32x32_64(ctx->h0,ctx->r1) + mul32x32_64(ctx->h1,ctx->r0) + mul32x32_64(ctx->h2,ctx->s4) + mul32x32_64(ctx->h3,ctx->s3) + mul32x32_64(ctx->h4,ctx->s2);
t[2] = mul32x32_64(ctx->h0,ctx->r2) + mul32x32_64(ctx->h1,ctx->r1) + mul32x32_64(ctx->h2,ctx->r0) + mul32x32_64(ctx->h3,ctx->s4) + mul32x32_64(ctx->h4,ctx->s3);
t[3] = mul32x32_64(ctx->h0,ctx->r3) + mul32x32_64(ctx->h1,ctx->r2) + mul32x32_64(ctx->h2,ctx->r1) + mul32x32_64(ctx->h3,ctx->r0) + mul32x32_64(ctx->h4,ctx->s4);
t[4] = mul32x32_64(ctx->h0,ctx->r4) + mul32x32_64(ctx->h1,ctx->r3) + mul32x32_64(ctx->h2,ctx->r2) + mul32x32_64(ctx->h3,ctx->r1) + mul32x32_64(ctx->h4,ctx->r0);
ctx->h0 = (uint32_t)t[0] & 0x3ffffff; c = (t[0] >> 26);
t[1] += c; ctx->h1 = (uint32_t)t[1] & 0x3ffffff; b = (uint32_t)(t[1] >> 26);
t[2] += b; ctx->h2 = (uint32_t)t[2] & 0x3ffffff; b = (uint32_t)(t[2] >> 26);
t[3] += b; ctx->h3 = (uint32_t)t[3] & 0x3ffffff; b = (uint32_t)(t[3] >> 26);
t[4] += b; ctx->h4 = (uint32_t)t[4] & 0x3ffffff; b = (uint32_t)(t[4] >> 26);
ctx->h0 += b * 5;
}
void
poly1305_digest (struct poly1305_ctx *ctx,
size_t length, uint8_t *digest)
{
uint32_t t0,t1,t2,t3;
uint32_t b, nb;
size_t j;
uint64_t t[5];
uint64_t f0,f1,f2,f3;
uint32_t g0,g1,g2,g3,g4;
uint64_t c;
uint8_t mp[16];
uint8_t td[16];
/* final bytes */
/* poly1305_donna_atmost15bytes: */
if (!ctx->index) goto poly1305_donna_finish;
for (j = 0; j < ctx->index; j++) mp[j] = ctx->block[j];
mp[j++] = 1;
for (; j < 16; j++) mp[j] = 0;
t0 = LE_READ_UINT32(mp);
t1 = LE_READ_UINT32(mp+4);
t2 = LE_READ_UINT32(mp+8);
t3 = LE_READ_UINT32(mp+12);
ctx->h0 += t0 & 0x3ffffff;
ctx->h1 += ((((uint64_t)t1 << 32) | t0) >> 26) & 0x3ffffff;
ctx->h2 += ((((uint64_t)t2 << 32) | t1) >> 20) & 0x3ffffff;
ctx->h3 += ((((uint64_t)t3 << 32) | t2) >> 14) & 0x3ffffff;
ctx->h4 += (t3 >> 8);
/* poly1305_donna_mul: */
t[0] = mul32x32_64(ctx->h0,ctx->r0) + mul32x32_64(ctx->h1,ctx->s4) + mul32x32_64(ctx->h2,ctx->s3) + mul32x32_64(ctx->h3,ctx->s2) + mul32x32_64(ctx->h4,ctx->s1);
t[1] = mul32x32_64(ctx->h0,ctx->r1) + mul32x32_64(ctx->h1,ctx->r0) + mul32x32_64(ctx->h2,ctx->s4) + mul32x32_64(ctx->h3,ctx->s3) + mul32x32_64(ctx->h4,ctx->s2);
t[2] = mul32x32_64(ctx->h0,ctx->r2) + mul32x32_64(ctx->h1,ctx->r1) + mul32x32_64(ctx->h2,ctx->r0) + mul32x32_64(ctx->h3,ctx->s4) + mul32x32_64(ctx->h4,ctx->s3);
t[3] = mul32x32_64(ctx->h0,ctx->r3) + mul32x32_64(ctx->h1,ctx->r2) + mul32x32_64(ctx->h2,ctx->r1) + mul32x32_64(ctx->h3,ctx->r0) + mul32x32_64(ctx->h4,ctx->s4);
t[4] = mul32x32_64(ctx->h0,ctx->r4) + mul32x32_64(ctx->h1,ctx->r3) + mul32x32_64(ctx->h2,ctx->r2) + mul32x32_64(ctx->h3,ctx->r1) + mul32x32_64(ctx->h4,ctx->r0);
ctx->h0 = (uint32_t)t[0] & 0x3ffffff; c = (t[0] >> 26);
t[1] += c; ctx->h1 = (uint32_t)t[1] & 0x3ffffff; b = (uint32_t)(t[1] >> 26);
t[2] += b; ctx->h2 = (uint32_t)t[2] & 0x3ffffff; b = (uint32_t)(t[2] >> 26);
t[3] += b; ctx->h3 = (uint32_t)t[3] & 0x3ffffff; b = (uint32_t)(t[3] >> 26);
t[4] += b; ctx->h4 = (uint32_t)t[4] & 0x3ffffff; b = (uint32_t)(t[4] >> 26);
ctx->h0 += b * 5;
poly1305_donna_finish:
b = ctx->h0 >> 26; ctx->h0 = ctx->h0 & 0x3ffffff;
ctx->h1 += b; b = ctx->h1 >> 26; ctx->h1 = ctx->h1 & 0x3ffffff;
ctx->h2 += b; b = ctx->h2 >> 26; ctx->h2 = ctx->h2 & 0x3ffffff;
ctx->h3 += b; b = ctx->h3 >> 26; ctx->h3 = ctx->h3 & 0x3ffffff;
ctx->h4 += b; b = ctx->h4 >> 26; ctx->h4 = ctx->h4 & 0x3ffffff;
ctx->h0 += b * 5; b = ctx->h0 >> 26; ctx->h0 = ctx->h0 & 0x3ffffff;
ctx->h1 += b;
g0 = ctx->h0 + 5; b = g0 >> 26; g0 &= 0x3ffffff;
g1 = ctx->h1 + b; b = g1 >> 26; g1 &= 0x3ffffff;
g2 = ctx->h2 + b; b = g2 >> 26; g2 &= 0x3ffffff;
g3 = ctx->h3 + b; b = g3 >> 26; g3 &= 0x3ffffff;
g4 = ctx->h4 + b - (1 << 26);
b = (g4 >> 31) - 1;
nb = ~b;
ctx->h0 = (ctx->h0 & nb) | (g0 & b);
ctx->h1 = (ctx->h1 & nb) | (g1 & b);
ctx->h2 = (ctx->h2 & nb) | (g2 & b);
ctx->h3 = (ctx->h3 & nb) | (g3 & b);
ctx->h4 = (ctx->h4 & nb) | (g4 & b);
f0 = ((ctx->h0 ) | (ctx->h1 << 26)) + (uint64_t)LE_READ_UINT32(ctx->s);
f1 = ((ctx->h1 >> 6) | (ctx->h2 << 20)) + (uint64_t)LE_READ_UINT32(ctx->s+4);
f2 = ((ctx->h2 >> 12) | (ctx->h3 << 14)) + (uint64_t)LE_READ_UINT32(ctx->s+8);
f3 = ((ctx->h3 >> 18) | (ctx->h4 << 8)) + (uint64_t)LE_READ_UINT32(ctx->s+12);
LE_WRITE_UINT32(td, f0);
f1 += (f0 >> 32);
LE_WRITE_UINT32(&td[4], f1);
f2 += (f1 >> 32);
LE_WRITE_UINT32(&td[8], f2);
f3 += (f2 >> 32);
LE_WRITE_UINT32(&td[12], f3);
memcpy(digest, td, length);
}
poly1305.h 0 → 100644
View file @ 04d29c83
/* poly1305-aes.h
*
* Poly1305 message authentication code.
*/
/* nettle, low-level cryptographics library
*
* Copyright (C) 2013 Nikos Mavrogiannopoulos
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version.
*
* The nettle library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
* License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with the nettle library; see the file COPYING.LIB. If not, write to
* the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02111-1301, USA.
*/
#ifndef NETTLE_POLY1305_H_INCLUDED
#define NETTLE_POLY1305_H_INCLUDED
#ifdef __cplusplus
extern "C" {
#endif
/* Low level functions/macros for the poly1305 construction.
* For the macros to be useful include macros.h
*/
#include "nettle-types.h"
struct poly1305_ctx {
uint32_t h0; uint32_t h1; uint32_t h2; uint32_t h3; uint32_t h4;
uint32_t r0; uint32_t r1; uint32_t r2; uint32_t r3; uint32_t r4;
uint32_t s1; uint32_t s2; uint32_t s3; uint32_t s4;
uint8_t s[16]; /* typically AES_k(nonce) */
uint8_t nonce[16];
uint8_t block[16];
unsigned index;
};
/* All-in-one context, with cipher, and state. Cipher must have a 128-bit block */
#define POLY1305_CTX(type) \
{ struct poly1305_ctx pctx; type cipher; }
#define poly1305_set_key nettle_poly1305_set_key
#define poly1305_set_nonce nettle_poly1305_set_nonce
#define poly1305_set_s nettle_poly1305_set_s
#define poly1305_block nettle_poly1305_round
#define poly1305_digest nettle_poly1305_digest
void poly1305_set_key(struct poly1305_ctx *ctx, const uint8_t key[16]);
void poly1305_set_nonce (struct poly1305_ctx *ctx, const uint8_t * nonce);
void poly1305_set_s (struct poly1305_ctx *ctx, const uint8_t *s);
void poly1305_block (struct poly1305_ctx *ctx, const uint8_t m[16]);
void poly1305_digest (struct poly1305_ctx *ctx, size_t length, uint8_t *digest);
#define POLY1305_SET_KEY(ctx, set_key, key) \
do { \
poly1305_set_key(&(ctx)->pctx, (key+16)); \
(set_key)(&(ctx)->cipher, 16, (key)); \
(ctx)->pctx.index = 0; \
} while (0)
#define POLY1305_SET_NONCE(ctx, data) \
poly1305_set_nonce(&(ctx)->pctx, (data))
#define _POLY1305_BLOCK(ctx, block) do { \
poly1305_block(ctx, block); \
} while (0)
#define POLY1305_UPDATE(ctx, length, data) \
MD_UPDATE (&(ctx)->pctx, (length), (data), _POLY1305_BLOCK, (void) 0)
#define POLY1305_DIGEST(ctx, encrypt, length, digest) \
do { \
uint8_t _ts[16]; \
(encrypt)(&(ctx)->cipher, 16, _ts, (ctx)->pctx.nonce); \
poly1305_set_s(&(ctx)->pctx, _ts); \
poly1305_digest (&(ctx)->pctx, (length), (digest)); \
INCREMENT (16, (ctx)->pctx.nonce); \
(ctx)->pctx.index = 0; \
} while(0);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_POLY1305_H_INCLUDED */
testsuite/.test-rules.make
View file @ 04d29c83
......@@ -106,6 +106,9 @@ gcm-test$(EXEEXT): gcm-test.$(OBJEXT)
eax-test$(EXEEXT): eax-test.$(OBJEXT)
$(LINK) eax-test.$(OBJEXT) $(TEST_OBJS) -o eax-test$(EXEEXT)
poly1305-test$(EXEEXT): poly1305-test.$(OBJEXT)
$(LINK) poly1305-test.$(OBJEXT) $(TEST_OBJS) -o poly1305-test$(EXEEXT)
hmac-test$(EXEEXT): hmac-test.$(OBJEXT)
$(LINK) hmac-test.$(OBJEXT) $(TEST_OBJS) -o hmac-test$(EXEEXT)
......
testsuite/Makefile.in
View file @ 04d29c83
......@@ -26,6 +26,7 @@ TS_NETTLE_SOURCES = aes-test.c arcfour-test.c arctwo-test.c \
serpent-test.c twofish-test.c \
knuth-lfib-test.c \
cbc-test.c ctr-test.c gcm-test.c eax-test.c \
poly1305-test.c \
hmac-test.c umac-test.c \
meta-hash-test.c meta-cipher-test.c meta-armor-test.c \
buffer-test.c yarrow-test.c pbkdf2-test.c
......
testsuite/poly1305-test.c 0 → 100644
View file @ 04d29c83
#include "testutils.h"
#include "poly1305-aes.h"
static void
update (void *ctx, nettle_hash_update_func *f,
const struct tstring *msg,
unsigned length)
{
for (; length > msg->length; length -= msg->length)
f(ctx, msg->length, msg->data);
f(ctx, length, msg->data);
}
static void
check_digest (const char *name, void *ctx, nettle_hash_digest_func *f,
const struct tstring *msg, unsigned length,
unsigned tag_length, const uint8_t *ref)
{
uint8_t tag[16];
f(ctx, tag_length, tag);
if (memcmp (tag, ref, tag_length) != 0)
{
printf ("%s failed\n", name);
printf ("msg: "); print_hex (msg->length, msg->data);
printf ("length: %u\n", length);
printf ("tag: "); print_hex (tag_length, tag);
printf ("ref: "); print_hex (tag_length, ref);
abort ();
}
}
static void
test_poly1305 (const struct tstring *key,
const struct tstring *nonce,
const struct tstring *msg,
unsigned length,
const struct tstring *ref)
{
struct poly1305_aes_ctx ctx;
ASSERT (key->length == POLY1305_AES_KEY_SIZE);
ASSERT (ref->length == POLY1305_AES_DIGEST_SIZE);
poly1305_aes_set_key (&ctx, key->data);
poly1305_aes_set_nonce (&ctx, nonce->data);
update(&ctx, (nettle_hash_update_func *) poly1305_aes_update, msg, length);
check_digest ("poly1305-aes", &ctx, (nettle_hash_digest_func *) poly1305_aes_digest,
msg, length, 16, ref->data);
}
void
test_main(void)
{
/* From Bernstein's paper. */
test_poly1305
(SHEX("75deaa25c09f208e1dc4ce6b5cad3fbfa0f3080000f46400d0c7e9076c834403"),
SHEX("61ee09218d29b0aaed7e154a2c5509cc"),
SHEX(""), 0,
SHEX("dd3fab2251f11ac759f0887129cc2ee7"));
test_poly1305
(SHEX("ec074c835580741701425b623235add6851fc40c3467ac0be05cc20404f3f700"),
SHEX("fb447350c4e868c52ac3275cf9d4327e"),
SHEX("f3f6"), 2,
SHEX("f4c633c3044fc145f84f335cb81953de"));
test_poly1305
(SHEX("6acb5f61a7176dd320c5c1eb2edcdc74"
"48443d0bb0d21109c89a100b5ce2c208"),
SHEX("ae212a55399729595dea458bc621ff0e"),
SHEX("663cea190ffb83d89593f3f476b6bc24"
"d7e679107ea26adb8caf6652d0656136"), 32,
SHEX("0ee1c16bb73f0f4fd19881753c01cdbe"));
test_poly1305
(SHEX("e1a5668a4d5b66a5f68cc5424ed5982d12976a08c4426d0ce8a82407c4f48207"),
SHEX("9ae831e743978d3a23527c7128149e3a"),
SHEX("ab0812724a7f1e342742cbed374d94d136c6b8795d45b3819830f2c04491"
"faf0990c62e48b8018b2c3e4a0fa3134cb67fa83e158c994d961c4cb2109"
"5c1bf9"), 63,
SHEX("5154ad0d2cb26e01274fc51148491f1b"));
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment