Fri Aug 11 06:18:12 PM EDT 2023

diff --git a/src/chacha20.c b/src/chacha20.c
index 45ffbcd34803720c015746b79634686706ff3834..5694c708d868de871c7f87ab554c1ae47a0d1472 100644 (file)
--- a/src/chacha20.c
+++ b/src/chacha20.c
@@ -112,16 +112,11 @@ uint8_t* foleo_chacha20(uint8_t key[32], uint8_t nonce[12], uint32_t block, size
 //Calculates poly1305 for ciphertext encrypted with chacha20
 uint8_t* foleo_chacha20_poly1305(uint8_t key[32], uint8_t nonce[12], uint8_t* cipherText, size_t lengthInBytes)
 {
-       uint8_t* keydata = foleo_chacha20(key, nonce, 0, 32);
-       uint8_t r[16];
-       uint8_t s[16];
-       for (uint8_t i = 0; i < 16; i++)
-       {
-               r[i] = keydata[i];
-               s[i] = keydata[i + 16];
-       }
-       free(keydata);
-       return foleo_poly1305(r, s, cipherText, lengthInBytes);
+       uint8_t* keymaterial = foleo_chacha20(key, nonce, 0, 32);
+       uint8_t pkey[32];
+       for (uint8_t i = 0; i < 32; i++) pkey[i] = keymaterial[i];
+       free(keymaterial);
+       return foleo_poly1305(pkey, cipherText, lengthInBytes);
 }
 
 #endif
\ No newline at end of file

diff --git a/src/headers.h b/src/headers.h
index 0aba4e24c298d7500ae833a57be4c80e4c0c7de2..f45039d7821c7f1a8cb6bc35be2e7b6e70088871 100644 (file)
--- a/src/headers.h
+++ b/src/headers.h
@@ -6,7 +6,7 @@ uint8_t* foleo_chacha20_poly1305(uint8_t[32], uint8_t[12], uint8_t*, size_t);
 uint8_t* foleo_dhke(uint8_t*, uint8_t*);
 uint16_t foleo_dhke_modsize();
 
-uint8_t* foleo_poly1305(uint8_t*, uint8_t*, uint8_t*, size_t);
+uint8_t* foleo_poly1305(uint8_t[32], uint8_t*, size_t);
 #define FOLEO_RSA_PADDING_NONE 99
 #define FOLEO_RSA_PADDING_ENCRYPTION 1
 #define FOLEO_RSA_PADDING_SIGNATURE 2

diff --git a/src/poly1305.c b/src/poly1305.c
index d46c7aa054266cc9d2a92dcd5f767d84005c8158..2c1edce914cca112132de7db0c4bae0e40068991 100644 (file)
--- a/src/poly1305.c
+++ b/src/poly1305.c
@@ -35,8 +35,11 @@ static void foleo_poly1305_dump(char *p, mpz_t n)
 
 //bS and bR are read little-endian and 16-bytes
 //return value must be freed
-uint8_t* foleo_poly1305(uint8_t* bR, uint8_t* bS, uint8_t* bM, size_t bMs)
+uint8_t* foleo_poly1305(uint8_t key[32], uint8_t* bM, size_t bMs)
 {
+       uint8_t* bR = key;
+       uint8_t* bS = key + 16;
+       
        uint8_t bP[] =
        {
                0xfb, 0xff, 0xff, 0xff,

diff --git a/tests/cases.c b/tests/cases.c
index 3a405854d842641acb755ede5ae5f482274d8541..9f586694c8874fb18ae530b27e58fba158a790c8 100644 (file)
--- a/tests/cases.c
+++ b/tests/cases.c
@@ -1,3 +1,31 @@
+uint8_t NIST_SHA256_message1[] =
+{
+    'a', 'b', 'c'
+};
+uint8_t NIST_SHA256_result1[] =
+{
+    0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
+    0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
+    0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
+    0xB4, 0x10, 0xFF, 0x61, 0xF2, 0x00, 0x15, 0xAD
+};
+uint8_t NIST_SHA256_message2[] =
+{
+    'a', 'b', 'c', 'd', 'b', 'c', 'd', 'e', 'c', 'd',
+    'e', 'f', 'd', 'e', 'f', 'g', 'e', 'f', 'g', 'h',
+    'f', 'g', 'h', 'i', 'g', 'h', 'i', 'j', 'h', 'i',
+    'j', 'k', 'i', 'j', 'k', 'l', 'j', 'k', 'l', 'm',
+    'k', 'l', 'm', 'n', 'l', 'm', 'n', 'o', 'm', 'n',
+    'o', 'p', 'n', 'o', 'p', 'q'
+};
+uint8_t NIST_SHA256_result2[] =
+{
+    0x24, 0x8D, 0x6A, 0x61, 0xD2, 0x06, 0x38, 0xB8,
+    0xE5, 0xC0, 0x26, 0x93, 0x0C, 0x3E, 0x60, 0x39,
+    0xA3, 0x3C, 0xE4, 0x59, 0x64, 0xFF, 0x21, 0x67,
+    0xF6, 0xEC, 0xED, 0xD4, 0x19, 0xDB, 0x06, 0xC1
+};
+
 uint8_t NIST_HMAC_key1[] =
 {
     0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
@@ -416,3 +444,109 @@ uint8_t RFC5869_HKDF_result3[] =
     0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
     0x96, 0xc8
 };
+
+uint8_t RFC7539_ChaCha20_key1[] =
+{
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+uint8_t RFC7539_ChaCha20_nonce1[] =
+{
+    0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x4a,
+    0x00, 0x00, 0x00, 0x00
+};
+uint32_t RFC7539_ChaCha20_block1 = 1;
+uint8_t RFC7539_ChaCha20_message1[] =
+{
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+uint8_t RFC7539_ChaCha20_result1[] =
+{
+    0x10, 0xf1, 0xe7, 0xe4, 0xd1, 0x3b, 0x59, 0x15,
+    0x50, 0x0f, 0xdd, 0x1f, 0xa3, 0x20, 0x71, 0xc4,
+    0xc7, 0xd1, 0xf4, 0xc7, 0x33, 0xc0, 0x68, 0x03,
+    0x04, 0x22, 0xaa, 0x9a, 0xc3, 0xd4, 0x6c, 0x4e,
+    0xd2, 0x82, 0x64, 0x46, 0x07, 0x9f, 0xaa, 0x09,
+    0x14, 0xc2, 0xd7, 0x05, 0xd9, 0x8b, 0x02, 0xa2,
+    0xb5, 0x12, 0x9c, 0xd1, 0xde, 0x16, 0x4e, 0xb9,
+    0xcb, 0xd0, 0x83, 0xe8, 0xa2, 0x50, 0x3c, 0x4e
+};
+uint8_t RFC7539_ChaCha20_key2[] =
+{
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+};
+uint8_t RFC7539_ChaCha20_nonce2[] =
+{
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x4a,
+    0x00, 0x00, 0x00, 0x00
+};
+uint32_t RFC7539_ChaCha20_block2 = 1;
+uint8_t RFC7539_ChaCha20_message2[] =
+{
+    0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
+    0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
+    0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
+    0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
+    0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
+    0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
+    0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
+    0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
+    0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
+    0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
+    0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
+    0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
+    0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
+    0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
+    0x74, 0x2e
+};
+uint8_t RFC7539_ChaCha20_result2[] =
+{
+    0x6e, 0x2e, 0x35, 0x9a, 0x25, 0x68, 0xf9, 0x80,
+    0x41, 0xba, 0x07, 0x28, 0xdd, 0x0d, 0x69, 0x81,
+    0xe9, 0x7e, 0x7a, 0xec, 0x1d, 0x43, 0x60, 0xc2,
+    0x0a, 0x27, 0xaf, 0xcc, 0xfd, 0x9f, 0xae, 0x0b,
+    0xf9, 0x1b, 0x65, 0xc5, 0x52, 0x47, 0x33, 0xab,
+    0x8f, 0x59, 0x3d, 0xab, 0xcd, 0x62, 0xb3, 0x57,
+    0x16, 0x39, 0xd6, 0x24, 0xe6, 0x51, 0x52, 0xab,
+    0x8f, 0x53, 0x0c, 0x35, 0x9f, 0x08, 0x61, 0xd8,
+    0x07, 0xca, 0x0d, 0xbf, 0x50, 0x0d, 0x6a, 0x61,
+    0x56, 0xa3, 0x8e, 0x08, 0x8a, 0x22, 0xb6, 0x5e,
+    0x52, 0xbc, 0x51, 0x4d, 0x16, 0xcc, 0xf8, 0x06,
+    0x81, 0x8c, 0xe9, 0x1a, 0xb7, 0x79, 0x37, 0x36,
+    0x5a, 0xf9, 0x0b, 0xbf, 0x74, 0xa3, 0x5b, 0xe6,
+    0xb4, 0x0b, 0x8e, 0xed, 0xf2, 0x78, 0x5e, 0x42,
+    0x87, 0x4d 
+};
+
+uint8_t RFC7539_Poly1305_key1[] =
+{
+    0x85, 0xd6, 0xbe, 0x78, 0x57, 0x55, 0x6d, 0x33,
+    0x7f, 0x44, 0x52, 0xfe, 0x42, 0xd5, 0x06, 0xa8,
+    0x01, 0x03, 0x80, 0x8a, 0xfb, 0x0d, 0xb2, 0xfd,
+    0x4a, 0xbf, 0xf6, 0xaf, 0x41, 0x49, 0xf5, 0x1b
+};
+uint8_t RFC7539_Poly1305_message1[] =
+{
+    0x43, 0x72, 0x79, 0x70, 0x74, 0x6f, 0x67, 0x72,
+    0x61, 0x70, 0x68, 0x69, 0x63, 0x20, 0x46, 0x6f,
+    0x72, 0x75, 0x6d, 0x20, 0x52, 0x65, 0x73, 0x65,
+    0x61, 0x72, 0x63, 0x68, 0x20, 0x47, 0x72, 0x6f,
+    0x75, 0x70 
+};
+uint8_t RFC7539_Poly1305_result1[] =
+{
+    0xa8, 0x06, 0x1d, 0xc1, 0x30, 0x51, 0x36, 0xc6,
+    0xc2, 0x2b, 0x8b, 0xaf, 0x0c, 0x01, 0x27, 0xa9
+};

diff --git a/tests/test.c b/tests/test.c
index 27536e059ced45acdac2070b5241cd5bb0e65966..c03326660916bfdc21a6fb99f0238590d117cd32 100644 (file)
--- a/tests/test.c
+++ b/tests/test.c
@@ -12,6 +12,23 @@ void test_pbuf(char* p, uint8_t* b, uint32_t s)
     printf("}\n");
 }
 
+void test_sha256(uint16_t id, uint8_t* message, uint32_t messageS, uint8_t* result, uint32_t resultS)
+{
+    uint8_t* out = foleo_sha256(message, messageS);
+    for (uint16_t i = 0; i < resultS; i++)
+    {
+        if (out[i] != result[i])
+        {
+            printf("NIST     SHA-256     #%i: FAILED\n", id);
+            test_pbuf("result", out, resultS);
+            free(out);
+            return;
+        }
+    }
+    free(out);
+    printf("NIST     SHA-256     #%i: PASS\n", id);
+}
+
 void test_hmac(uint8_t grp, uint16_t id, uint8_t key[], uint16_t keyS, uint8_t data[], uint16_t dataS, uint8_t result[], uint16_t resultS)
 {
     uint8_t lbl1[] = "NIST    ";
@@ -63,8 +80,46 @@ void test_hkdf(uint16_t id, uint8_t* ikm, uint32_t ikmS, uint8_t* salt, uint32_t
     printf("RFC#5869 HKDF-SHA256 #%i: PASS\n", id);
 }
 
+void test_chacha20(uint16_t id, uint8_t key[32], uint8_t nonce[12], uint32_t block, uint8_t* message, uint8_t* result, uint32_t resultS)
+{
+    uint8_t* out = foleo_chacha20(key, nonce, block, resultS);
+    for (uint32_t i = 0; i < resultS; i++) out[i] ^= message[i];
+    for (uint16_t i = 0; i < resultS; i++)
+    {
+        if (out[i] != result[i])
+        {
+            printf("RFC#7539 ChaCha20    #%i: FAILED\n", id);
+            test_pbuf("result", out, resultS);
+            free(out);
+            return;
+        }
+    }
+    free(out);
+    printf("RFC#7539 ChaCha20    #%i: PASS\n", id);
+}
+
+void test_poly1305(uint16_t id, uint8_t key[32], uint8_t* message, uint32_t messageS, uint8_t* result, uint32_t resultS)
+{
+    uint8_t* out = foleo_poly1305(key, message, messageS);
+    for (uint16_t i = 0; i < resultS; i++)
+    {
+        if (out[i] != result[i])
+        {
+            printf("RFC#7539 Poly1305    #%i: FAILED\n", id);
+            test_pbuf("result", out, resultS);
+            free(out);
+            return;
+        }
+    }
+    free(out);
+    printf("RFC#7539 Poly1305    #%i: PASS\n", id);
+}
+
 void main()
 {
+    test_sha256(1, NIST_SHA256_message1, sizeof(NIST_SHA256_message1), NIST_SHA256_result1, sizeof(NIST_SHA256_result1));
+    test_sha256(2, NIST_SHA256_message2, sizeof(NIST_SHA256_message2), NIST_SHA256_result2, sizeof(NIST_SHA256_result2));
+    
     test_hmac(1, 1, NIST_HMAC_key1, sizeof(NIST_HMAC_key1), NIST_HMAC_data1, sizeof(NIST_HMAC_data1), NIST_HMAC_result1, sizeof(NIST_HMAC_result1));
     test_hmac(1, 2, NIST_HMAC_key2, sizeof(NIST_HMAC_key2), NIST_HMAC_data2, sizeof(NIST_HMAC_data2), NIST_HMAC_result2, sizeof(NIST_HMAC_result2));
     test_hmac(1, 3, NIST_HMAC_key3, sizeof(NIST_HMAC_key3), NIST_HMAC_data3, sizeof(NIST_HMAC_data3), NIST_HMAC_result3, sizeof(NIST_HMAC_result3));
@@ -82,4 +137,10 @@ void main()
     test_hkdf(1, RFC5869_HKDF_ikm1, sizeof(RFC5869_HKDF_ikm1), RFC5869_HKDF_salt1, sizeof(RFC5869_HKDF_salt1), RFC5869_HKDF_info1, sizeof(RFC5869_HKDF_info1), RFC5869_HKDF_result1, sizeof(RFC5869_HKDF_result1));
     test_hkdf(2, RFC5869_HKDF_ikm2, sizeof(RFC5869_HKDF_ikm2), RFC5869_HKDF_salt2, sizeof(RFC5869_HKDF_salt2), RFC5869_HKDF_info2, sizeof(RFC5869_HKDF_info2), RFC5869_HKDF_result2, sizeof(RFC5869_HKDF_result2));
     test_hkdf(3, RFC5869_HKDF_ikm3, sizeof(RFC5869_HKDF_ikm3), RFC5869_HKDF_salt3, sizeof(RFC5869_HKDF_salt3), RFC5869_HKDF_info3, sizeof(RFC5869_HKDF_info3), RFC5869_HKDF_result3, sizeof(RFC5869_HKDF_result3));
+
+    test_chacha20(1, RFC7539_ChaCha20_key1, RFC7539_ChaCha20_nonce1, RFC7539_ChaCha20_block1, RFC7539_ChaCha20_message1, RFC7539_ChaCha20_result1, sizeof(RFC7539_ChaCha20_result1));
+    test_chacha20(2, RFC7539_ChaCha20_key2, RFC7539_ChaCha20_nonce2, RFC7539_ChaCha20_block2, RFC7539_ChaCha20_message2, RFC7539_ChaCha20_result2, sizeof(RFC7539_ChaCha20_result2));
+    test_poly1305(3, RFC7539_Poly1305_key1, RFC7539_Poly1305_message1, sizeof(RFC7539_Poly1305_message1), RFC7539_Poly1305_result1, sizeof(RFC7539_Poly1305_result1));
+
 }
+