diff options
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/Makefile | 20 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/lilliput-ae-i.c | 29 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/lilliput-ae.h | 30 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/parameters.h | 2 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/test/helpers.h | 5 | ||||
| -rw-r--r-- | crypto_aead/lilliputaei128v1/ref/test/test-ae-roundtrip.c | 128 |
6 files changed, 208 insertions, 6 deletions
diff --git a/crypto_aead/lilliputaei128v1/ref/Makefile b/crypto_aead/lilliputaei128v1/ref/Makefile index 7befdd2..183d05c 100644 --- a/crypto_aead/lilliputaei128v1/ref/Makefile +++ b/crypto_aead/lilliputaei128v1/ref/Makefile @@ -1,9 +1,11 @@ -tests = test-tweakey test-tbc-encrypt test-tbc-decrypt +tests = test-tweakey test-tbc-encrypt test-tbc-decrypt test-ae-roundtrip -.PHONY: clean test $(tests) +nist_flags = -std=c99 -Wall -Wextra -Wshadow -fsanitize=address,undefined -O2 +CFLAGS += -I. $(nist_flags) -Werror +LDFLAGS += $(nist_flags) -nist_flags = -std=c99 -Wall -Wextra -Wshadow -fsanitize=address,undefined -O2 +.PHONY: clean test $(tests) clean: @@ -14,10 +16,10 @@ results: results/%.o: %.c @mkdir -p $(dir $@) - gcc -c -I. $< $(nist_flags) -Werror -o $@ + gcc -c $< $(CFLAGS) -o $@ results/test-%: results/test/test-%.o - gcc $^ $(nist_flags) -Werror -o $@ + gcc $^ $(LDFLAGS) -o $@ test: $(tests) @@ -26,18 +28,24 @@ $(tests): %: results/% ./results/$@ results/$@-output +results/test-ae-roundtrip: results/lilliput-ae-i.o results/cipher.o results/tweakey.o results/constants.o | results results/test-tbc-decrypt: results/cipher.o results/tweakey.o results/constants.o | results results/test-tbc-encrypt: results/cipher.o results/tweakey.o results/constants.o | results results/test-tweakey: results/tweakey.o results/constants.o | results results/test-*.o: test/helpers.h parameters.h +results/test-ae-roundtrip.o: lilliput-ae.h results/test-tbc-decrypt.o: cipher.h results/test-tbc-encrypt.o: cipher.h results/test-tweakey.o: tweakey.h results/cipher.o: cipher.h tweakey.h constants.h parameters.h debug.h -results/tweakey.o: tweakey.h constants.h parameters.h debug.h results/constants.o: constants.h +results/lilliput-ae-i.o: lilliput-ae.h cipher.h constants.h +results/tweakey.o: tweakey.h constants.h parameters.h debug.h + + +results/lilliput-ae-i.o: CFLAGS += -Wno-unused # FIXME: remove once implemented # TODO: should add order-only prerequisites to remove mkdirs inside recipes # TODO: add valgrind, although it does not seem to play well with ASAN diff --git a/crypto_aead/lilliputaei128v1/ref/lilliput-ae-i.c b/crypto_aead/lilliputaei128v1/ref/lilliput-ae-i.c new file mode 100644 index 0000000..945c75c --- /dev/null +++ b/crypto_aead/lilliputaei128v1/ref/lilliput-ae-i.c @@ -0,0 +1,29 @@ +#include <stdbool.h> +#include <stdint.h> + +#include "lilliput-ae.h" + + +void lilliput_ae_encrypt( + size_t message_len, const uint8_t message[message_len], + size_t auth_data_len, const uint8_t auth_data[auth_data_len], + const uint8_t nonce[NONCE_BYTES], + + size_t *ciphertext_len, uint8_t ciphertext[message_len+BLOCK_BYTES], + uint8_t tag[TAG_BYTES] +) +{ +} + +bool lilliput_ae_decrypt( + size_t ciphertext_len, const uint8_t ciphertext[ciphertext_len], + size_t auth_data_len, const uint8_t auth_data[auth_data_len], + const uint8_t nonce[NONCE_BYTES], + const uint8_t tag[TAG_BYTES], + + size_t *message_len, uint8_t message[ciphertext_len] +) +{ + return false; +} + diff --git a/crypto_aead/lilliputaei128v1/ref/lilliput-ae.h b/crypto_aead/lilliputaei128v1/ref/lilliput-ae.h new file mode 100644 index 0000000..973533c --- /dev/null +++ b/crypto_aead/lilliputaei128v1/ref/lilliput-ae.h @@ -0,0 +1,30 @@ +#ifndef LILLIPUT_AE_H +#define LILLIPUT_AE_H + +#include <stddef.h> +#include <stdbool.h> +#include <stdint.h> + +#include "parameters.h" + + +void lilliput_ae_encrypt( + size_t message_len, const uint8_t message[message_len], + size_t auth_data_len, const uint8_t auth_data[auth_data_len], + const uint8_t nonce[NONCE_BYTES], + + size_t *ciphertext_len, uint8_t ciphertext[message_len+BLOCK_BYTES], + uint8_t tag[TAG_BYTES] +); + +bool lilliput_ae_decrypt( + size_t ciphertext_len, const uint8_t ciphertext[ciphertext_len], + size_t auth_data_len, const uint8_t auth_data[auth_data_len], + const uint8_t nonce[NONCE_BYTES], + const uint8_t tag[TAG_BYTES], + + size_t *message_len, uint8_t message[ciphertext_len] +); + + +#endif /* LILLIPUT_AE_H */ diff --git a/crypto_aead/lilliputaei128v1/ref/parameters.h b/crypto_aead/lilliputaei128v1/ref/parameters.h index 988a0c6..492a884 100644 --- a/crypto_aead/lilliputaei128v1/ref/parameters.h +++ b/crypto_aead/lilliputaei128v1/ref/parameters.h @@ -10,6 +10,7 @@ #define ROUND_TWEAKEY_LENGTH_BITS 64 #define BLOCK_LENGTH_BITS 128 #define NONCE_LENGTH_BITS 120 +#define TAG_LENGTH_BITS 128 #define TWEAK_BYTES (TWEAK_LENGTH_BITS/8) #define KEY_BYTES (KEY_LENGTH_BITS/8) @@ -17,6 +18,7 @@ #define ROUND_TWEAKEY_BYTES (ROUND_TWEAKEY_LENGTH_BITS/8) #define BLOCK_BYTES (BLOCK_LENGTH_BITS/8) #define NONCE_BYTES (NONCE_LENGTH_BITS/8) +#define TAG_BYTES (TAG_LENGTH_BITS/8) #define ROUNDS 32 diff --git a/crypto_aead/lilliputaei128v1/ref/test/helpers.h b/crypto_aead/lilliputaei128v1/ref/test/helpers.h index 2cb8e69..339ae0e 100644 --- a/crypto_aead/lilliputaei128v1/ref/test/helpers.h +++ b/crypto_aead/lilliputaei128v1/ref/test/helpers.h @@ -15,6 +15,11 @@ __FILE__, (VECTOR), (ELEMENT)); \ } while (0) +#define REPORT_INVALID(VECTOR) do { \ + fprintf(stderr, "%s: vector %s: ciphertext/tag invalid\n", \ + __FILE__, (VECTOR)); \ + } while (0) + static inline FILE* open_dump_file(const char *folder, const char* vector, const char *name) { diff --git a/crypto_aead/lilliputaei128v1/ref/test/test-ae-roundtrip.c b/crypto_aead/lilliputaei128v1/ref/test/test-ae-roundtrip.c new file mode 100644 index 0000000..d97a813 --- /dev/null +++ b/crypto_aead/lilliputaei128v1/ref/test/test-ae-roundtrip.c @@ -0,0 +1,128 @@ +#include <stdio.h> +#include <stdint.h> +#include <string.h> + +#include "lilliput-ae.h" + +#include "helpers.h" + + +struct vector +{ + char *name; + uint8_t key[KEY_BYTES]; + uint8_t nonce[NONCE_BYTES]; + size_t auth_len; + uint8_t *auth; + size_t message_len; + uint8_t *message; +}; + +typedef struct vector vector; + + +/* Keys and nonces generated with /dev/urandom. */ + +const vector VECTORS[] = { + { + .name = "short", + .key = { + 0xdc, 0xd8, 0xcb, 0x6d, 0xf9, 0xda, 0xf2, 0xc9, + 0x7c, 0xc1, 0x6a, 0xff, 0x7e, 0x1d, 0x27, 0xa3 + }, + .nonce = { + 0xcd, 0x6f, 0x24, 0xe1, 0xf8, 0xcd, 0x64, 0xde, + 0x18, 0x2f, 0x92, 0xab, 0xdb, 0xfa, 0xff + }, + .auth_len = 8, + .auth = (uint8_t*)"deadbeef", + .message_len = 4, + .message = (uint8_t[]){ + 0xde, 0xad, 0xbe, 0xef + } + }, + { + .name = "block-sized", + .key = { + 0x3f, 0x75, 0x05, 0x0a, 0xc1, 0xc6, 0xb5, 0xe0, + 0x57, 0x2e, 0x60, 0x9e, 0x32, 0xab, 0xbe, 0xd0 + }, + .nonce = { + 0xcd, 0x7d, 0xb0, 0xa0, 0x62, 0xdf, 0xda, 0x0a, + 0x23, 0x7a, 0x17, 0x32, 0x60, 0x42, 0xef + }, + .auth_len = 13, + .auth = (uint8_t*)"some metadata", + .message_len = 2*BLOCK_BYTES, + .message = (uint8_t*)"32-byte long, i.e. 2*BLOCK_BYTES" + }, + { + .name = "arbitrarily long", + .key = { + 0x13, 0x6a, 0x99, 0xfd, 0xbf, 0x88, 0xac, 0xf8, + 0x92, 0x7b, 0x27, 0xb1, 0x10, 0xa5, 0xe8, 0x73 + }, + .nonce = { + 0x59, 0x41, 0xa7, 0x53, 0x0f, 0xde, 0xf1, 0xb1, + 0xca, 0xd5, 0x80, 0xc4, 0x1c, 0x16, 0x2b + }, + .auth_len = 30, + .auth = (uint8_t*)"a bunch of associated metadata", + .message_len = 59, + .message = (uint8_t*)"here comes the placeholder: foobar ipsum dolor sit baz quux" + } +}; + + +int main() +{ + int diff = 0; + + for (const vector *v=VECTORS; v<ARRAY_END(VECTORS); v++) + { + uint8_t ciphertext[v->message_len+BLOCK_BYTES]; + size_t ciphertext_len; + uint8_t tag[TAG_BYTES]; + + lilliput_ae_encrypt( + v->message_len, v->message, + v->auth_len, v->auth, + v->nonce, + &ciphertext_len, ciphertext, + tag + ); + + uint8_t deciphered[v->message_len]; + size_t deciphered_len; + bool valid = lilliput_ae_decrypt( + ciphertext_len, ciphertext, + v->auth_len, v->auth, + v->nonce, + tag, + &deciphered_len, deciphered + ); + + if (!valid) + { + REPORT_INVALID(v->name); + diff++; + continue; + } + + if (deciphered_len != v->message_len) + { + REPORT_DIFFERENCE(v->name, "deciphered plaintext length"); + diff++; + continue; + } + + if (memcmp(deciphered, v->message, deciphered_len) != 0) + { + REPORT_DIFFERENCE(v->name, "deciphered plaintext"); + diff++; + continue; + } + } + + return diff; +} |