📄 ecrypt-test.c
字号:
fprintf(fd, "\n");
memset(t.plaintext, 0, sizeof(t.plaintext));
memset(t.ciphertext, 0, sizeof(t.ciphertext));
/* check key stream */
t.fd = fd;
t.keysize = keysize;
t.ivsize = ivsize;
#ifdef ECRYPT_AE
t.macsize = macsize;
t.aadlen = 0;
#endif
t.msglen = TEST_STREAM_SIZEB;
fprintf(t.fd, "Test vectors -- set 1\n");
fprintf(t.fd, "=====================\n\n");
fprintf(t.fd, "(stream is generated by encrypting %d zero bytes)\n\n",
t.msglen);
memset(t.iv, 0, sizeof(t.iv));
for (v = 0; v < t.keysize; v++)
{
memset(t.key, 0, sizeof(t.key));
t.key[v >> 3] = 1 << (7 - (v & 7));
STREAM_VECTOR(1, v);
}
fprintf(t.fd, "Test vectors -- set 2\n");
fprintf(t.fd, "=====================\n\n");
memset(t.iv, 0, sizeof(t.iv));
for (v = 0; v < 256; v++)
{
memset(t.key, v, sizeof(t.key));
STREAM_VECTOR(2, v);
}
fprintf(fd, "Test vectors -- set 3\n");
fprintf(fd, "=====================\n\n");
memset(t.iv, 0, sizeof(t.iv));
for (v = 0; v < 256; v++)
{
for (i = 0; i < sizeof(t.key); i++)
t.key[i] = (i + v) & 0xFF;
STREAM_VECTOR(3, v);
}
t.msglen = TEST_STREAM_SIZEB_SET4;
fprintf(t.fd, "Test vectors -- set 4\n");
fprintf(t.fd, "=====================\n\n");
for (v = 0; v < 4; v++)
{
for (i = 0; i< sizeof(t.key); i++)
t.key[i] = (i * 0x53 + v * 5) & 0xFF;
STREAM_VECTOR(4, v);
}
t.msglen = TEST_STREAM_SIZEB;
fprintf(t.fd, "Test vectors -- set 5\n");
fprintf(t.fd, "=====================\n\n");
memset(t.key, 0, sizeof(t.key));
for (v = 0; v < t.ivsize; v++)
{
memset(t.iv, 0, sizeof(t.iv));
t.iv[v >> 3] = 1 << (7 - (v & 7));
STREAM_VECTOR(5, v);
}
fprintf(t.fd, "Test vectors -- set 6\n");
fprintf(t.fd, "=====================\n\n");
for (v = 0; v < 4; v++)
{
for (i = 0; i < sizeof(t.key); i++)
t.key[i] = (i * 0x53 + v * 5) & 0xFF;
for (i = 0; i < sizeof(t.iv); i++)
t.iv[i] = (i * 0x67 + v * 9 + 13) & 0xFF;
STREAM_VECTOR(6, v);
}
#if defined(ECRYPT_AE) || !defined(ECRYPT_GENERATES_KEYSTREAM)
/* check MAC */
fprintf(t.fd, "Test vectors -- set 7\n");
fprintf(t.fd, "=====================\n\n");
memset(t.key, 0, sizeof(t.key));
memset(t.iv, 0, sizeof(t.iv));
memset(t.plaintext, 0, sizeof(t.plaintext));
for (i = 0; i < sizeof(t.key); i++)
t.key[i] = (i * 0x11) & 0xFF;
for (v = 0; v <= TEST_CHUNK; v++)
{
t.msglen = v;
MAC_VECTOR(7, v);
}
t.msglen = TEST_CHUNK / 2;
fprintf(t.fd, "Test vectors -- set 8\n");
fprintf(t.fd, "=====================\n\n");
memset(t.key, 0, sizeof(t.key));
memset(t.iv, 0, sizeof(t.iv));
for (v = 0; v < t.msglen * 8; v++)
{
memset(t.plaintext, 0, sizeof(t.plaintext));
t.plaintext[v >> 3] = 1 << (7 - (v & 7));
MAC_VECTOR(8, v);
}
fprintf(t.fd, "Test vectors -- set 9\n");
fprintf(t.fd, "=====================\n\n");
for (v = 0; v < 4; v++)
{
for (i = 0; i < sizeof(t.key); i++)
t.key[i] = (i * 0x53 + v * 5) & 0xFF;
for (i = 0; i < sizeof(t.iv); i++)
t.iv[i] = (i * 0x67 + v * 9 + 13) & 0xFF;
for (i = 0; i < t.msglen; i++)
t.plaintext[i] = (i * 0x61 + v * 7 + 109) & 0xFF;
MAC_VECTOR(9, v);
}
#ifdef ECRYPT_SUPPORTS_AAD
/* check AAD */
t.msglen = TEST_CHUNK / 2;
fprintf(t.fd, "Test vectors -- set 10\n");
fprintf(t.fd, "======================\n\n");
memset(t.key, 0, sizeof(t.key));
memset(t.iv, 0, sizeof(t.iv));
memset(t.plaintext, 0, sizeof(t.plaintext));
memset(t.aad, 0, sizeof(t.aad));
for (i = 0; i < sizeof(t.key); i++)
t.key[i] = (i * 0x11) & 0xFF;
for (v = 0; v <= TEST_CHUNK; v++)
{
t.aadlen = v;
AAD_VECTOR(10, v);
}
t.aadlen = TEST_CHUNK / 2;
fprintf(t.fd, "Test vectors -- set 11\n");
fprintf(t.fd, "======================\n\n");
memset(t.key, 0, sizeof(t.key));
memset(t.iv, 0, sizeof(t.iv));
memset(t.plaintext, 0, sizeof(t.plaintext));
for (v = 0; v < t.aadlen * 8; v++)
{
memset(t.aad, 0, sizeof(t.aad));
t.aad[v >> 3] = 1 << (7 - (v & 7));
AAD_VECTOR(11, v);
}
fprintf(t.fd, "Test vectors -- set 12\n");
fprintf(t.fd, "======================\n\n");
for (v = 0; v < 4; v++)
{
for (i = 0; i < sizeof(t.key); i++)
t.key[i] = (i * 0x53 + v * 5) & 0xFF;
for (i = 0; i < sizeof(t.iv); i++)
t.iv[i] = (i * 0x67 + v * 9 + 13) & 0xFF;
for (i = 0; i < t.msglen; i++)
t.plaintext[i] = (i * 0x61 + v * 7 + 109) & 0xFF;
for (i = 0; i < t.aadlen; i++)
t.aad[i] = (i * 0x25 + v * 13 + 11) & 0xFF;
AAD_VECTOR(12, v);
}
#endif
#endif
fprintf(t.fd, "\n\nEnd of test vectors\n");
}
/* ------------------------------------------------------------------------- */
void test_if_conform_to_api(FILE *fd, int keysize, int ivsize, int macsize)
{
CTX ctx[2];
u8 key[2][MAXKEYSIZEB];
u8 iv[2][MAXIVSIZEB];
u8 plaintext[TEST_CHUNK + ECRYPT_BLOCKLENGTH];
u8 ciphertext[3][TEST_CHUNK + ECRYPT_BLOCKLENGTH];
#ifdef ECRYPT_AE
u8 mac[3][MAXMACSIZEB];
#endif
int msglen = TEST_CHUNK;
int i;
for(i = 0; i < MAXKEYSIZEB; i++)
{
key[0][i] = 3 * i + 5;
key[1][i] = 240 - 5 * i;
}
for(i = 0; i < MAXIVSIZEB; i++)
{
iv[0][i] = 9 * i + 25;
iv[1][i] = 11 * i + 17;
}
memset(plaintext, 0, sizeof(plaintext));
memset(ciphertext, 0, sizeof(ciphertext));
KEYSETUP(&ctx[0], key[0], keysize, ivsize, macsize);
IVSETUP(&ctx[0], iv[0]);
ENCRYPT_BYTES(&ctx[0], plaintext, ciphertext[0], msglen);
FINALIZE(&ctx[0], mac[0]);
IVSETUP(&ctx[0], iv[0]);
ENCRYPT_BYTES(&ctx[0], plaintext, ciphertext[1], msglen);
FINALIZE(&ctx[0], mac[1]);
if (compare_blocks(ciphertext[0], ciphertext[1], msglen * 8) != 0)
{
++errors;
fprintf(fd,
"*** ERROR: Code does not conform to ECRYPT API:\n"
"*** Two calls to ivsetup produced different results:\n");
print_data(fd, "K", key[0], (keysize + 7) / 8);
print_data(fd, "IV", iv[0], (ivsize + 7) / 8);
print_data(fd, "P", plaintext, msglen);
print_data(fd, "C after 1st IV setup", ciphertext[0], msglen);
print_data(fd, "C after 2nd IV setup", ciphertext[1], msglen);
fprintf(fd, "\n");
fflush(fd);
}
#ifdef ECRYPT_AE
else if (compare_blocks(mac[0], mac[1], macsize) != 0)
{
++errors;
fprintf(fd,
"*** ERROR: Code does not conform to ECRYPT API:\n"
"*** Two calls to ivsetup produced different results:\n");
print_data(fd, "K", key[0], (keysize + 7) / 8);
print_data(fd, "IV", iv[0], (ivsize + 7) / 8);
print_data(fd, "P", plaintext, msglen);
print_data(fd, "MAC after 1st IV setup", mac[0], (macsize + 7) / 8);
print_data(fd, "MAC after 2nd IV setup", mac[1], (macsize + 7) / 8);
fprintf(fd, "\n");
fflush(fd);
}
#endif
memset(ciphertext, 0, sizeof(ciphertext));
KEYSETUP(&ctx[0], key[0], keysize, ivsize, macsize);
IVSETUP(&ctx[0], iv[0]);
ENCRYPT_BYTES(&ctx[0], plaintext, ciphertext[0], msglen);
FINALIZE(&ctx[0], mac[0]);
KEYSETUP(&ctx[1], key[1], keysize, ivsize, macsize);
IVSETUP(&ctx[1], iv[1]);
ENCRYPT_BYTES(&ctx[1], plaintext, ciphertext[1], msglen);
FINALIZE(&ctx[1], mac[1]);
IVSETUP(&ctx[0], iv[0]);
IVSETUP(&ctx[1], iv[1]);
ENCRYPT_BYTES(&ctx[0], plaintext, ciphertext[2], msglen);
FINALIZE(&ctx[0], mac[2]);
if (compare_blocks(ciphertext[0], ciphertext[2], msglen * 8) != 0)
{
++errors;
fprintf(fd,
"*** ERROR: Code does not conform to ECRYPT API:\n"
"*** code produces inconsistent results when calls with different\n"
"*** contexts are interleaved:\n");
if (compare_blocks(ciphertext[1], ciphertext[2], msglen * 8) == 0)
fprintf(fd,
"*** (this is probably due to the use of static state variables)\n");
print_data(fd, "K1", key[0], (keysize + 7) / 8);
print_data(fd, "K2", key[1], (keysize + 7) / 8);
print_data(fd, "IV1", iv[0], (ivsize + 7) / 8);
print_data(fd, "IV2", iv[0], (ivsize + 7) / 8);
print_data(fd, "P", plaintext, msglen);
print_data(fd, "C by K1", ciphertext[0], msglen);
print_data(fd, "C by K2", ciphertext[1], msglen);
print_data(fd, "C by K1 after IV2 setup", ciphertext[2], msglen);
fprintf(fd, "\n");
fflush(fd);
}
#ifdef ECRYPT_AE
else if (compare_blocks(mac[0], mac[2], macsize) != 0)
{
++errors;
fprintf(fd,
"*** ERROR: Code does not conform to ECRYPT API:\n"
"*** code produces inconsistent results when calls with different\n"
"*** contexts are interleaved:\n");
if (compare_blocks(mac[1], mac[2], macsize) == 0)
fprintf(fd,
"*** (this is probably due to the use of static state variables)\n");
print_data(fd, "K1", key[0], (keysize + 7) / 8);
print_data(fd, "K2", key[1], (keysize + 7) / 8);
print_data(fd, "IV1", iv[0], (ivsize + 7) / 8);
print_data(fd, "IV2", iv[0], (ivsize + 7) / 8);
print_data(fd, "P", plaintext, msglen);
print_data(fd, "MAC by K1", mac[0], (macsize + 7) / 8);
print_data(fd, "MAC by K2", mac[1], (macsize + 7) / 8);
print_data(fd, "MAC by K1 after IV2 setup", mac[2], (macsize + 7) / 8);
fprintf(fd, "\n");
fflush(fd);
}
#endif
#define B ECRYPT_BLOCKLENGTH
memset(ciphertext, 0, sizeof(ciphertext));
KEYSETUP(&ctx[0], key[0], keysize, ivsize, macsize);
IVSETUP(&ctx[0], iv[0]);
ENCRYPT_BYTES(&ctx[0], plaintext + B, ciphertext[0] + B, msglen);
FINALIZE(&ctx[0], mac[0]);
KEYSETUP(&ctx[1], key[1], keysize, ivsize, macsize);
IVSETUP(&ctx[1], iv[1]);
ENCRYPT_BLOCKS(&ctx[1], plaintext, ciphertext[1], 1);
ENCRYPT_BYTES(&ctx[1], plaintext + B, ciphertext[1] + B, msglen);
FINALIZE(&ctx[1], mac[1]);
IVSETUP(&ctx[0], iv[0]);
IVSETUP(&ctx[1], iv[1]);
ENCRYPT_BLOCKS(&ctx[1], plaintext, ciphertext[2], 1);
ENCRYPT_BYTES(&ctx[0], plaintext + B, ciphertext[2] + B, msglen);
FINALIZE(&ctx[0], mac[2]);
if (compare_blocks(ciphertext[0] + B, ciphertext[2] + B, msglen * 8) != 0)
{
++errors;
fprintf(fd,
"*** ERROR: Code does not conform to ECRYPT API:\n"
"*** code produces inconsistent results when calls with different\n"
"*** contexts are interleaved:\n");
if (compare_blocks(ciphertext[1], ciphertext[2], (msglen + B) * 8) == 0)
fprintf(fd,
"*** (this is probably due to the use of static state variables)\n");
print_data(fd, "K1", key[0], (keysize + 7) / 8);
print_data(fd, "K2", key[1], (keysize + 7) / 8);
print_data(fd, "IV1", iv[0], (ivsize + 7) / 8);
print_data(fd, "IV2", iv[1], (ivsize + 7) / 8);
print_data(fd, "(last part of) P", plaintext + B, msglen);
print_data(fd, "C by K1", ciphertext[0] + B, msglen);
print_data(fd, "last part of C by K2", ciphertext[1] + B, msglen);
print_data(fd, "C by K1 after calls K2", ciphertext[2] + B, msglen);
fprintf(fd, "\n");
fflush(fd);
}
#ifdef ECRYPT_AE
else if (compare_blocks(mac[0], mac[2], macsize) != 0)
{
++errors;
fprintf(fd,
"*** ERROR: Code does not conform to ECRYPT API:\n"
"*** code produces inconsistent results when calls with different\n"
"*** contexts are interleaved:\n");
if (compare_blocks(mac[1], mac[2], macsize) == 0)
fprintf(fd,
"*** (this is probably due to the use of static state variables)\n");
print_data(fd, "K1", key[0], (keysize + 7) / 8);
print_data(fd, "K2", key[1], (keysize + 7) / 8);
print_data(fd, "IV1", iv[0], (ivsize + 7) / 8);
print_data(fd, "IV2", iv[1], (ivsize + 7) / 8);
print_data(fd, "(last part of) P", plaintext, msglen);
print_data(fd, "MAC by K1", mac[0], (macsize + 7) / 8);
print_data(fd, "MAC by K2", mac[1], (macsize + 7) / 8);
print_data(fd, "MAC by K1 after K2 calls", mac[2], (macsize + 7) / 8);
fprintf(fd, "\n");
fflush(fd);
}
#endif
}
/* ------------------------------------------------------------------------- */
int main()
{
const int keysize = ECRYPT_KEYSIZE(0);
const int ivsize = ECRYPT_IVSIZE(0);
#ifdef ECRYPT_AE
const int macsize = ECRYPT_MACSIZE(0);
#else
const int macsize = 0;
#endif
ECRYPT_init();
test_if_conform_to_api(stderr, keysize, ivsize, macsize);
test_vectors(stdout, keysize, ivsize, macsize);
fprintf(stderr, "There were %d errors.\n", errors);
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -