-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaead_test.go
160 lines (140 loc) · 4.59 KB
/
aead_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
// aead_test.go - AEAD_CHACHA20_POLY1305 implementation tests.
//
// To the extent possible under law, Yawning Angel waived all copyright
// and related or neighboring rights to chacha20poly1305, using the Creative
// Commons "CC0" public domain dedication. See LICENSE or
// <http://creativecommons.org/publicdomain/zero/1.0/> for full details.
package chacha20poly1305
import (
"bytes"
"testing"
)
func TestChaCha20Poly1305(t *testing.T) {
// Test vector taken from RFC 7539.
key := []byte{
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
}
nonce := []byte{
// "32-bit fixed common part"
0x07, 0x00, 0x00, 0x00,
// "IV"
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
}
aad := []byte{
0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
0xc4, 0xc5, 0xc6, 0xc7,
}
vecPlaintext := []byte{
0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
0x74, 0x2e,
}
vecCiphertext := []byte{
0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
0x61, 0x16,
}
vecTag := []byte{
0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91,
}
a, err := New(key)
if err != nil {
t.Fatalf("Failed to instantiate AEAD instance: %v", err)
}
ciphertext := a.Seal(nil, nonce, vecPlaintext, aad)
if !bytes.Equal(ciphertext[len(vecCiphertext):], vecTag) {
t.Fatalf("Seal: Tag mismatch")
}
if !bytes.Equal(ciphertext[:len(vecCiphertext)], vecCiphertext) {
t.Fatalf("Seal: Ciphertext mismatch")
}
plaintext, err := a.Open(nil, nonce, ciphertext, aad)
if err != nil {
t.Fatalf("Open: Failed")
}
if !bytes.Equal(plaintext, vecPlaintext) {
t.Fatalf("Open: Plaintext mismatch")
}
}
func benchmarkChaCha20Poly1305Seal(b *testing.B, n int) {
var key [KeySize]byte
var nonce [NonceSize]byte
a, err := New(key[:])
if err != nil {
b.Fatalf("Failed to instantiate AEAD instance: %v", err)
}
var ad [13]byte // The crypto/cipher benchmarks use this size.
plaintext := make([]byte, n)
b.SetBytes(int64(n))
b.ResetTimer()
for i := 0; i < b.N; i++ {
_ = a.Seal(nil, nonce[:], plaintext, ad[:])
}
}
func benchmarkChaCha20Poly1305Open(b *testing.B, n int) {
var key [KeySize]byte
var nonce [NonceSize]byte
a, err := New(key[:])
if err != nil {
b.Fatalf("Failed to instantiate AEAD instance: %v", err)
}
plaintext := make([]byte, n)
var ad [13]byte // The crypto/cipher benchmarks use this size.
ciphertext := a.Seal(nil, nonce[:], plaintext, ad[:])
b.SetBytes(int64(n))
b.ResetTimer()
b.SetBytes(int64(n))
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := a.Open(plaintext[:0], nonce[:], ciphertext, ad[:])
if err != nil {
b.Fatalf("Failed to open ciphertext: %v", err)
}
}
}
func BenchmarkChaCha20Poly1305Seal1K(b *testing.B) {
benchmarkChaCha20Poly1305Seal(b, 1024)
}
func BenchmarkChaCha20Poly1305Open1K(b *testing.B) {
benchmarkChaCha20Poly1305Open(b, 1024)
}
func BenchmarkChaCha20Poly1305Seal4K(b *testing.B) {
benchmarkChaCha20Poly1305Seal(b, 4096)
}
func BenchmarkChaCha20Poly1305Open4K(b *testing.B) {
benchmarkChaCha20Poly1305Open(b, 4096)
}
func BenchmarkChaCha20Poly1305Seal8K(b *testing.B) {
benchmarkChaCha20Poly1305Seal(b, 8192)
}
func BenchmarkChaCha20Poly1305Open8K(b *testing.B) {
benchmarkChaCha20Poly1305Open(b, 8192)
}