From c54ac8289ba7cd9e94ab6335c52b9889d2c1d7e6 Mon Sep 17 00:00:00 2001 From: Lucas Gabriel Vuotto Date: Sat, 8 Jun 2024 00:45:45 +0000 Subject: [PATCH] Shuffle code around in Wycheproof tests Group struct, put utility functions before main, put runners after main and rename kwimpl to kwrunner. --- wycheproof_aead.c | 311 ++++++++++++++++++++++++---------------------- wycheproof_mac.c | 211 ++++++++++++++++--------------- 2 files changed, 269 insertions(+), 253 deletions(-) diff --git a/wycheproof_aead.c b/wycheproof_aead.c index fe61b0a..0d453dd 100644 --- a/wycheproof_aead.c +++ b/wycheproof_aead.c @@ -28,6 +28,36 @@ #define nelems(_a) (sizeof((_a)) / sizeof((_a)[0])) +struct testcase { + uint8_t *key; + size_t keylen; + size_t keylenarg; + uint8_t *iv; + size_t ivlen; + size_t ivlenarg; + uint8_t *tag; + size_t taglen; + size_t taglenarg; + uint8_t *aad; + size_t aadlen; + uint8_t *msg; + size_t msglen; + uint8_t *ct; + size_t ctlen; +}; + +struct kwrunner { + const char *kw; + int (*runner)(const struct testcase *, int); +}; + + +static int aead_poly1305_runner(const struct lc_aead_impl *, + const struct testcase *, const void *, int); +static int chacha20_poly1305_runner(const struct testcase *, int); +static int xchacha20_poly1305_runner(const struct testcase *, int); + + static inline uint8_t hex2num(char s) { @@ -60,170 +90,26 @@ hexparse(const char *s, uint8_t *out, size_t *outlen) return 1; } -struct testcase { - uint8_t *key; - size_t keylen; - size_t keylenarg; - uint8_t *iv; - size_t ivlen; - size_t ivlenarg; - uint8_t *tag; - size_t taglen; - size_t taglenarg; - uint8_t *aad; - size_t aadlen; - uint8_t *msg; - size_t msglen; - uint8_t *ct; - size_t ctlen; -}; - static int -aead_poly1305_runner(const struct lc_aead_impl *impl, const struct testcase *c, - const void *params, int verbose) +kwrunner_cmp(const void *k0, const void *h0) { - uint8_t *buf, *encout, *decout; - size_t aeadlen, encoutlen, decoutlen; - - if (!lc_aead_seal(impl, NULL, &encoutlen, params, c->aad, c->aadlen, - c->msg, c->msglen)) - return 0; - encout = malloc(encoutlen); - if (encout == NULL) - err(1, "out of memory"); - if (!lc_aead_seal(impl, encout, &encoutlen, params, c->aad, c->aadlen, - c->msg, c->msglen)) - return 0; - - if (c->ctlen != encoutlen - LC_POLY1305_TAGLEN || - !lc_ct_cmp(encout, c->ct, c->ctlen)) { - if (verbose) { - fprintf(stderr, "ct (%zu, %zu)\n", c->ctlen, - encoutlen - LC_POLY1305_TAGLEN); - lc_hexdump_fp(stderr, c->msg, c->msglen); - fprintf(stderr, "\n"); - lc_hexdump_fp(stderr, c->ct, c->ctlen); - fprintf(stderr, "\n"); - lc_hexdump_fp(stderr, encout, - encoutlen - LC_POLY1305_TAGLEN); - fprintf(stderr, "\n"); - } - return 0; - } - if (c->taglenarg != LC_POLY1305_TAGLEN || - !lc_ct_cmp(encout + c->ctlen, c->tag, LC_POLY1305_TAGLEN)) { - if (verbose) { - fprintf(stderr, "tag (%zu, %zu)\n", c->taglenarg, - (size_t)LC_POLY1305_TAGLEN); - lc_hexdump_fp(stderr, c->tag, c->taglen); - fprintf(stderr, "\n"); - lc_hexdump_fp(stderr, encout + c->ctlen, - LC_POLY1305_TAGLEN); - fprintf(stderr, "\n"); - } - return 0; - } - - /* Decryption. */ - - aeadlen = c->msglen + c->taglen; - buf = malloc(aeadlen); - if (buf == NULL) - err(1, "out of memory"); - memcpy(buf, c->ct, c->ctlen); - memcpy(buf + c->ctlen, c->tag, c->taglen); - - if (!lc_aead_open(impl, NULL, &decoutlen, params, c->aad, c->aadlen, - buf, aeadlen)) - return 0; - decout = malloc(decoutlen); - if (decout == NULL) - err(1, "out of memory"); - if (!lc_aead_open(impl, decout, &decoutlen, params, c->aad, c->aadlen, - buf, aeadlen)) - return 0; - - if (c->msglen != decoutlen || !lc_ct_cmp(decout, c->msg, c->msglen)) { - if (verbose) { - fprintf(stderr, "ct (%zu, %zu)\n", c->msglen, - decoutlen); - lc_hexdump_fp(stderr, c->msg, c->msglen); - fprintf(stderr, "\n"); - lc_hexdump_fp(stderr, c->ct, c->ctlen); - fprintf(stderr, "\n"); - lc_hexdump_fp(stderr, decout, decoutlen); - fprintf(stderr, "\n"); - } - return 0; - } - /* Tag isn't checked, as it's already validated by lc_aead_open. */ - - return 1; -} - -static int -chacha20_poly1305_runner(const struct testcase *c, int verbose) -{ - struct lc_chacha20_poly1305_params params; - - if (c->keylenarg != LC_CHACHA20_KEYLEN || - c->keylen != LC_CHACHA20_KEYLEN) - return 0; - memcpy(params.key, c->key, LC_CHACHA20_KEYLEN); - - if (c->ivlenarg != LC_CHACHA20_NONCELEN || - c->ivlen != LC_CHACHA20_NONCELEN) - return 0; - memcpy(params.nonce, c->iv, LC_CHACHA20_NONCELEN); - - return aead_poly1305_runner(lc_aead_impl_chacha20_poly1305(), c, - ¶ms, verbose); -} - -static int -xchacha20_poly1305_runner(const struct testcase *c, int verbose) -{ - struct lc_xchacha20_poly1305_params params; - - if (c->keylenarg != LC_XCHACHA20_KEYLEN || - c->keylen != LC_XCHACHA20_KEYLEN) - return 0; - memcpy(params.key, c->key, LC_XCHACHA20_KEYLEN); - - if (c->ivlenarg != LC_XCHACHA20_NONCELEN || - c->ivlen != LC_XCHACHA20_NONCELEN) - return 0; - memcpy(params.nonce, c->iv, LC_XCHACHA20_NONCELEN); - - return aead_poly1305_runner(lc_aead_impl_xchacha20_poly1305(), c, - ¶ms, verbose); -} - -struct kwimpl { - const char *kw; - int (*runner)(const struct testcase *, int); -}; - -static int -kwimpl_cmp(const void *k0, const void *h0) -{ - const struct kwimpl *h = h0; + const struct kwrunner *h = h0; const char *k = k0; return strcmp(k, h->kw); } static int -(*kw2impl(const char *s))(const struct testcase *, int) +(*kw2runner(const char *s))(const struct testcase *, int) { - static const struct kwimpl tbl[] = { + static const struct kwrunner tbl[] = { { "CHACHA20-POLY1305", &chacha20_poly1305_runner }, { "XCHACHA20-POLY1305", &xchacha20_poly1305_runner }, }; - struct kwimpl *match; + struct kwrunner *match; - match = bsearch(s, tbl, nelems(tbl), sizeof(struct kwimpl), - &kwimpl_cmp); + match = bsearch(s, tbl, nelems(tbl), sizeof(struct kwrunner), + &kwrunner_cmp); return match != NULL ? match->runner : NULL; } @@ -249,7 +135,7 @@ main(int argc, char *argv[]) if (argc < 2) usage(); - runner = kw2impl(argv[1]); + runner = kw2runner(argv[1]); if (runner == NULL) errx(1, "unsupported algorithm: %s", argv[1]); @@ -377,3 +263,124 @@ main(int argc, char *argv[]) return 0; } } + +static int +aead_poly1305_runner(const struct lc_aead_impl *impl, const struct testcase *c, + const void *params, int verbose) +{ + uint8_t *buf, *encout, *decout; + size_t aeadlen, encoutlen, decoutlen; + + if (!lc_aead_seal(impl, NULL, &encoutlen, params, c->aad, c->aadlen, + c->msg, c->msglen)) + return 0; + encout = malloc(encoutlen); + if (encout == NULL) + err(1, "out of memory"); + if (!lc_aead_seal(impl, encout, &encoutlen, params, c->aad, c->aadlen, + c->msg, c->msglen)) + return 0; + + if (c->ctlen != encoutlen - LC_POLY1305_TAGLEN || + !lc_ct_cmp(encout, c->ct, c->ctlen)) { + if (verbose) { + fprintf(stderr, "ct (%zu, %zu)\n", c->ctlen, + encoutlen - LC_POLY1305_TAGLEN); + lc_hexdump_fp(stderr, c->msg, c->msglen); + fprintf(stderr, "\n"); + lc_hexdump_fp(stderr, c->ct, c->ctlen); + fprintf(stderr, "\n"); + lc_hexdump_fp(stderr, encout, + encoutlen - LC_POLY1305_TAGLEN); + fprintf(stderr, "\n"); + } + return 0; + } + if (c->taglenarg != LC_POLY1305_TAGLEN || + !lc_ct_cmp(encout + c->ctlen, c->tag, LC_POLY1305_TAGLEN)) { + if (verbose) { + fprintf(stderr, "tag (%zu, %zu)\n", c->taglenarg, + (size_t)LC_POLY1305_TAGLEN); + lc_hexdump_fp(stderr, c->tag, c->taglen); + fprintf(stderr, "\n"); + lc_hexdump_fp(stderr, encout + c->ctlen, + LC_POLY1305_TAGLEN); + fprintf(stderr, "\n"); + } + return 0; + } + + /* Decryption. */ + + aeadlen = c->msglen + c->taglen; + buf = malloc(aeadlen); + if (buf == NULL) + err(1, "out of memory"); + memcpy(buf, c->ct, c->ctlen); + memcpy(buf + c->ctlen, c->tag, c->taglen); + + if (!lc_aead_open(impl, NULL, &decoutlen, params, c->aad, c->aadlen, + buf, aeadlen)) + return 0; + decout = malloc(decoutlen); + if (decout == NULL) + err(1, "out of memory"); + if (!lc_aead_open(impl, decout, &decoutlen, params, c->aad, c->aadlen, + buf, aeadlen)) + return 0; + + if (c->msglen != decoutlen || !lc_ct_cmp(decout, c->msg, c->msglen)) { + if (verbose) { + fprintf(stderr, "ct (%zu, %zu)\n", c->msglen, + decoutlen); + lc_hexdump_fp(stderr, c->msg, c->msglen); + fprintf(stderr, "\n"); + lc_hexdump_fp(stderr, c->ct, c->ctlen); + fprintf(stderr, "\n"); + lc_hexdump_fp(stderr, decout, decoutlen); + fprintf(stderr, "\n"); + } + return 0; + } + /* Tag isn't checked, as it's already validated by lc_aead_open. */ + + return 1; +} + +static int +chacha20_poly1305_runner(const struct testcase *c, int verbose) +{ + struct lc_chacha20_poly1305_params params; + + if (c->keylenarg != LC_CHACHA20_KEYLEN || + c->keylen != LC_CHACHA20_KEYLEN) + return 0; + memcpy(params.key, c->key, LC_CHACHA20_KEYLEN); + + if (c->ivlenarg != LC_CHACHA20_NONCELEN || + c->ivlen != LC_CHACHA20_NONCELEN) + return 0; + memcpy(params.nonce, c->iv, LC_CHACHA20_NONCELEN); + + return aead_poly1305_runner(lc_aead_impl_chacha20_poly1305(), c, + ¶ms, verbose); +} + +static int +xchacha20_poly1305_runner(const struct testcase *c, int verbose) +{ + struct lc_xchacha20_poly1305_params params; + + if (c->keylenarg != LC_XCHACHA20_KEYLEN || + c->keylen != LC_XCHACHA20_KEYLEN) + return 0; + memcpy(params.key, c->key, LC_XCHACHA20_KEYLEN); + + if (c->ivlenarg != LC_XCHACHA20_NONCELEN || + c->ivlen != LC_XCHACHA20_NONCELEN) + return 0; + memcpy(params.nonce, c->iv, LC_XCHACHA20_NONCELEN); + + return aead_poly1305_runner(lc_aead_impl_xchacha20_poly1305(), c, + ¶ms, verbose); +} diff --git a/wycheproof_mac.c b/wycheproof_mac.c index cb4c3ef..c60683f 100644 --- a/wycheproof_mac.c +++ b/wycheproof_mac.c @@ -28,6 +28,31 @@ #define nelems(_a) (sizeof((_a)) / sizeof((_a)[0])) +struct testcase { + uint8_t *key; + size_t keylen; + size_t keylenarg; + uint8_t *tag; + size_t taglen; + size_t taglenarg; + uint8_t *msg; + size_t msglen; +}; + +struct kwrunner { + const char *kw; + int (*runner)(const struct testcase *, int); +}; + + +static int hmac_sha2_runner(const struct lc_auth_impl *, + const struct testcase *, int); +static int hmac_sha224_runner(const struct testcase *, int); +static int hmac_sha256_runner(const struct testcase *, int); +static int hmac_sha384_runner(const struct testcase *, int); +static int hmac_sha512_runner(const struct testcase *, int); + + static inline uint8_t hex2num(char s) { @@ -60,122 +85,29 @@ hexparse(const char *s, uint8_t *out, size_t *outlen) return 1; } -struct testcase { - uint8_t *key; - size_t keylen; - size_t keylenarg; - uint8_t *tag; - size_t taglen; - size_t taglenarg; - uint8_t *msg; - size_t msglen; -}; - static int -hmac_sha2_runner(const struct lc_auth_impl *impl, const struct testcase *c, - int verbose) +kwrunner_cmp(const void *k0, const void *h0) { - struct lc_hmac_params params; - struct lc_auth_ctx *ctx; - uint8_t *buf; - size_t olen; - - if (c->keylen != c->keylenarg) - return 0; - params.key = c->key; - params.keylen = c->keylen; - - ctx = lc_auth_ctx_new(impl); - if (ctx == NULL) - errx(1, "can't allocate ctx"); - - if (!lc_auth_init(ctx, ¶ms) || - !lc_auth_update(ctx, c->msg, c->msglen) || - !lc_auth_final(ctx, NULL, &olen)) - return 0; - - buf = malloc(olen); - if (buf == NULL) - err(1, "out of memory"); - - if (!lc_auth_final(ctx, buf, &olen)) - return 0; - - /* - * Tests include truncated output. Skip checking olen as it'll always - * be the full-length hash. - */ - if (c->taglen != c->taglenarg || - !lc_ct_cmp(buf, c->tag, c->taglen)) { - if (verbose) { - fprintf(stderr, "tag (%zu, %zu, %zu)\n", c->taglen, - c->taglenarg, olen); - lc_hexdump_fp(stderr, c->tag, c->taglen); - fprintf(stderr, "\n"); - lc_hexdump_fp(stderr, buf, olen); - fprintf(stderr, "\n"); - } - return 0; - } - - free(buf); - lc_auth_ctx_free(ctx); - - return 1; -} - -static int -hmac_sha224_runner(const struct testcase *c, int verbose) -{ - return hmac_sha2_runner(lc_auth_impl_hmac_sha224(), c, verbose); -} - -static int -hmac_sha256_runner(const struct testcase *c, int verbose) -{ - return hmac_sha2_runner(lc_auth_impl_hmac_sha256(), c, verbose); -} - -static int -hmac_sha384_runner(const struct testcase *c, int verbose) -{ - return hmac_sha2_runner(lc_auth_impl_hmac_sha384(), c, verbose); -} - -static int -hmac_sha512_runner(const struct testcase *c, int verbose) -{ - return hmac_sha2_runner(lc_auth_impl_hmac_sha512(), c, verbose); -} - -struct kwimpl { - const char *kw; - int (*runner)(const struct testcase *, int); -}; - -static int -kwimpl_cmp(const void *k0, const void *h0) -{ - const struct kwimpl *h = h0; + const struct kwrunner *h = h0; const char *k = k0; return strcmp(k, h->kw); } static int -(*kw2impl(const char *s))(const struct testcase *, int) +(*kw2runner(const char *s))(const struct testcase *, int) { /* Needs to be sorted. */ - static const struct kwimpl tbl[] = { + static const struct kwrunner tbl[] = { { "HMACSHA224", &hmac_sha224_runner }, { "HMACSHA256", &hmac_sha256_runner }, { "HMACSHA384", &hmac_sha384_runner }, { "HMACSHA512", &hmac_sha512_runner }, }; - struct kwimpl *match; + struct kwrunner *match; - match = bsearch(s, tbl, nelems(tbl), sizeof(struct kwimpl), - &kwimpl_cmp); + match = bsearch(s, tbl, nelems(tbl), sizeof(struct kwrunner), + &kwrunner_cmp); return match != NULL ? match->runner : NULL; } @@ -200,7 +132,7 @@ main(int argc, char *argv[]) if (argc < 2) usage(); - runner = kw2impl(argv[1]); + runner = kw2runner(argv[1]); if (runner == NULL) errx(1, "unsupported algorithm: %s", argv[1]); @@ -286,3 +218,80 @@ main(int argc, char *argv[]) puts("valid"); return 0; } + +static int +hmac_sha2_runner(const struct lc_auth_impl *impl, const struct testcase *c, + int verbose) +{ + struct lc_hmac_params params; + struct lc_auth_ctx *ctx; + uint8_t *buf; + size_t olen; + + if (c->keylen != c->keylenarg) + return 0; + params.key = c->key; + params.keylen = c->keylen; + + ctx = lc_auth_ctx_new(impl); + if (ctx == NULL) + errx(1, "can't allocate ctx"); + + if (!lc_auth_init(ctx, ¶ms) || + !lc_auth_update(ctx, c->msg, c->msglen) || + !lc_auth_final(ctx, NULL, &olen)) + return 0; + + buf = malloc(olen); + if (buf == NULL) + err(1, "out of memory"); + + if (!lc_auth_final(ctx, buf, &olen)) + return 0; + + /* + * Tests include truncated output. Skip checking olen as it'll always + * be the full-length hash. + */ + if (c->taglen != c->taglenarg || + !lc_ct_cmp(buf, c->tag, c->taglen)) { + if (verbose) { + fprintf(stderr, "tag (%zu, %zu, %zu)\n", c->taglen, + c->taglenarg, olen); + lc_hexdump_fp(stderr, c->tag, c->taglen); + fprintf(stderr, "\n"); + lc_hexdump_fp(stderr, buf, olen); + fprintf(stderr, "\n"); + } + return 0; + } + + free(buf); + lc_auth_ctx_free(ctx); + + return 1; +} + +static int +hmac_sha224_runner(const struct testcase *c, int verbose) +{ + return hmac_sha2_runner(lc_auth_impl_hmac_sha224(), c, verbose); +} + +static int +hmac_sha256_runner(const struct testcase *c, int verbose) +{ + return hmac_sha2_runner(lc_auth_impl_hmac_sha256(), c, verbose); +} + +static int +hmac_sha384_runner(const struct testcase *c, int verbose) +{ + return hmac_sha2_runner(lc_auth_impl_hmac_sha384(), c, verbose); +} + +static int +hmac_sha512_runner(const struct testcase *c, int verbose) +{ + return hmac_sha2_runner(lc_auth_impl_hmac_sha512(), c, verbose); +}