Google Git
Sign in
boringssl / boringssl.git / refs/heads/main / . / crypto / poly1305 / poly1305_test.cc
blob: 6baa4155cf04680a7eb481101847232242ca1971 [file] [log] [blame] [edit]
// Copyright 2015 The BoringSSL Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <stdio.h>
#include <string.h>
#include <vector>
#include <gtest/gtest.h>
#include <openssl/poly1305.h>
#include "../internal.h"
#include "../test/file_test.h"
#include "../test/test_util.h"
static void TestSIMD(unsigned excess, const std::vector<uint8_t> &key,
const std::vector<uint8_t> &in,
const std::vector<uint8_t> &mac) {
poly1305_state state;
CRYPTO_poly1305_init(&state, key.data());
size_t done = 0;
// Feed 16 bytes in. Some implementations begin in non-SIMD mode and upgrade
// on-demand. Stress the upgrade path.
size_t todo = 16;
if (todo > in.size()) {
todo = in.size();
}
CRYPTO_poly1305_update(&state, in.data(), todo);
done += todo;
for (;;) {
// Feed 128 + |excess| bytes to test SIMD mode.
if (done + 128 + excess > in.size()) {
break;
}
CRYPTO_poly1305_update(&state, in.data() + done, 128 + excess);
done += 128 + excess;
// Feed |excess| bytes to ensure SIMD mode can handle short inputs.
if (done + excess > in.size()) {
break;
}
CRYPTO_poly1305_update(&state, in.data() + done, excess);
done += excess;
}
// Consume the remainder and finish.
CRYPTO_poly1305_update(&state, in.data() + done, in.size() - done);
uint8_t out[16];
CRYPTO_poly1305_finish(&state, out);
EXPECT_EQ(Bytes(out), Bytes(mac)) << "SIMD pattern " << excess << " failed.";
}
TEST(Poly1305Test, TestVectors) {
FileTestGTest("crypto/poly1305/poly1305_tests.txt", [](FileTest *t) {
std::vector<uint8_t> key, in, mac;
ASSERT_TRUE(t->GetBytes(&key, "Key"));
ASSERT_TRUE(t->GetBytes(&in, "Input"));
ASSERT_TRUE(t->GetBytes(&mac, "MAC"));
ASSERT_EQ(32u, key.size());
ASSERT_EQ(16u, mac.size());
// Test single-shot operation.
poly1305_state state;
CRYPTO_poly1305_init(&state, key.data());
CRYPTO_poly1305_update(&state, in.data(), in.size());
uint8_t out[16];
CRYPTO_poly1305_finish(&state, out);
EXPECT_EQ(Bytes(out), Bytes(mac)) << "Single-shot Poly1305 failed.";
// Test streaming byte-by-byte.
CRYPTO_poly1305_init(&state, key.data());
for (size_t i = 0; i < in.size(); i++) {
CRYPTO_poly1305_update(&state, &in[i], 1);
}
CRYPTO_poly1305_finish(&state, out);
EXPECT_EQ(Bytes(out), Bytes(mac)) << "Streaming Poly1305 failed.";
// Test |CRYPTO_poly1305_init| and |CRYPTO_poly1305_finish| work on
// unaligned values.
alignas(8) uint8_t unaligned_key[32 + 1];
OPENSSL_memcpy(unaligned_key + 1, key.data(), 32);
CRYPTO_poly1305_init(&state, unaligned_key + 1);
CRYPTO_poly1305_update(&state, in.data(), in.size());
alignas(8) uint8_t unaligned_out[16 + 1];
CRYPTO_poly1305_finish(&state, unaligned_out + 1);
EXPECT_EQ(Bytes(unaligned_out + 1, 16), Bytes(mac))
<< "Unaligned Poly1305 failed.";
// Test SIMD stress patterns. OpenSSL's AVX2 assembly needs a multiple of
// four blocks, so test up to three blocks of excess.
TestSIMD(0, key, in, mac);
TestSIMD(16, key, in, mac);
TestSIMD(32, key, in, mac);
TestSIMD(48, key, in, mac);
});
}