crypto_aead/lilliputaei128v1/ref/test/test-ae-roundtrip.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

#include <stdio.h>
#include <stdint.h>
#include <string.h>

#include "lilliput-ae.h"

#include "helpers.h"


struct vector
{
    char *name;
    uint8_t key[KEY_BYTES];
    uint8_t nonce[NONCE_BYTES];
    size_t auth_len;
    uint8_t *auth;
    size_t message_len;
    uint8_t *message;
};

typedef struct vector vector;


/* Keys and nonces generated with /dev/urandom. */

const vector VECTORS[] = {
    {
        .name = "short",
        .key = {
            0xdc, 0xd8, 0xcb, 0x6d, 0xf9, 0xda, 0xf2, 0xc9,
            0x7c, 0xc1, 0x6a, 0xff, 0x7e, 0x1d, 0x27, 0xa3
        },
        .nonce = {
            0xcd, 0x6f, 0x24, 0xe1, 0xf8, 0xcd, 0x64, 0xde,
            0x18, 0x2f, 0x92, 0xab, 0xdb, 0xfa, 0xff
        },
        .auth_len = 8,
        .auth = (uint8_t*)"deadbeef",
        .message_len = 4,
        .message = (uint8_t[]){
            0xde, 0xad, 0xbe, 0xef
        }
    },
    {
        .name = "block-sized",
        .key = {
            0x3f, 0x75, 0x05, 0x0a, 0xc1, 0xc6, 0xb5, 0xe0,
            0x57, 0x2e, 0x60, 0x9e, 0x32, 0xab, 0xbe, 0xd0
        },
        .nonce = {
            0xcd, 0x7d, 0xb0, 0xa0, 0x62, 0xdf, 0xda, 0x0a,
            0x23, 0x7a, 0x17, 0x32, 0x60, 0x42, 0xef
        },
        .auth_len = 13,
        .auth = (uint8_t*)"some metadata",
        .message_len = 2*BLOCK_BYTES,
        .message = (uint8_t*)"32-byte long, i.e. 2*BLOCK_BYTES"
    },
    {
        .name = "arbitrarily long",
        .key = {
            0x13, 0x6a, 0x99, 0xfd, 0xbf, 0x88, 0xac, 0xf8,
            0x92, 0x7b, 0x27, 0xb1, 0x10, 0xa5, 0xe8, 0x73
        },
        .nonce = {
            0x59, 0x41, 0xa7, 0x53, 0x0f, 0xde, 0xf1, 0xb1,
            0xca, 0xd5, 0x80, 0xc4, 0x1c, 0x16, 0x2b
        },
        .auth_len = 30,
        .auth = (uint8_t*)"a bunch of associated metadata",
        .message_len = 59,
        .message = (uint8_t*)"here comes the placeholder: foobar ipsum dolor sit baz quux"
    }
};


int main()
{
    int diff = 0;

    for (const vector *v=VECTORS; v<ARRAY_END(VECTORS); v++)
    {
        uint8_t ciphertext[v->message_len+BLOCK_BYTES];
        uint8_t tag[TAG_BYTES];

        lilliput_ae_encrypt(
            v->message_len, v->message,
            v->auth_len, v->auth,
            v->key, v->nonce,
            ciphertext,
            tag
        );

        uint8_t deciphered[v->message_len];
        bool valid = lilliput_ae_decrypt(
            v->message_len, ciphertext,
            v->auth_len, v->auth,
            v->key, v->nonce, tag,
            deciphered
        );

        if (!valid)
        {
            REPORT_INVALID(v->name);
            diff++;
            continue;
        }

        if (memcmp(deciphered, v->message, v->message_len) != 0)
        {
            REPORT_DIFFERENCE(v->name, "deciphered plaintext");
            diff++;
            continue;
        }
    }

    return diff;
}