123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181 |
- // morus_test.go - MORUS tests
- //
- // To the extent possible under law, Yawning Angel has waived all copyright
- // and related or neighboring rights to the software, using the Creative
- // Commons "CC0" public domain dedication. See LICENSE or
- // <http://creativecommons.org/publicdomain/zero/1.0/> for full details.
- package morus
- import (
- "bytes"
- "crypto/rand"
- "fmt"
- "testing"
- "github.com/stretchr/testify/require"
- )
- var canAccelerate bool
- func mustInitHardwareAcceleration() {
- initHardwareAcceleration()
- if !IsHardwareAccelerated() {
- panic("initHardwareAcceleration() failed")
- }
- }
- func TestKAT(t *testing.T) {
- forceDisableHardwareAcceleration()
- impl := "_" + hardwareAccelImpl.name
- t.Run("MORUS-1280-256_KAT"+impl, func(t *testing.T) { doTestKAT(t) })
- if !canAccelerate {
- t.Log("Hardware acceleration not supported on this host.")
- return
- }
- mustInitHardwareAcceleration()
- impl = "_" + hardwareAccelImpl.name
- t.Run("MORUS-1280-256_KAT"+impl, func(t *testing.T) { doTestKAT(t) })
- }
- func doTestKAT(t *testing.T) {
- require := require.New(t)
- // There are no official test vectors, so the "known good" values used
- // by this test were generated by combining `genkat.c` from the NORX
- // source package and `supercop-20171218/crypto_aead/morus1280256v2/ref64`.
- var w, h [256]byte
- var k [32]byte
- var n [16]byte
- for i := range w {
- w[i] = byte(255 & (i*197 + 123))
- }
- for i := range h {
- h[i] = byte(255 & (i*193 + 123))
- }
- for i := range k {
- k[i] = byte(255 & (i*191 + 123))
- }
- for i := range n {
- n[i] = byte(255 & (i*181 + 123))
- }
- var katAcc []byte
- katOff := 0
- aead := New(k[:])
- require.Equal(NonceSize, aead.NonceSize(), "NonceSize()")
- require.Equal(TagSize, aead.Overhead(), "Overhead()")
- for i := range w {
- katAcc = aead.Seal(katAcc, n[:], w[:i], h[:i])
- c := katAcc[katOff:]
- require.Len(c, i+TagSize, "Seal(): len(c) %d", i)
- require.Equal(kat1280256[katOff:katOff+len(c)], c, "Seal(): %d", i)
- m, err := aead.Open(nil, n[:], c, h[:i])
- require.NoError(err, "Open(): %d", i)
- require.Len(m, i, "Open(): len(m) %d", i)
- if len(m) != 0 {
- require.Equal(m, w[:i], "Open(): m %d", i)
- }
- katOff += len(c)
- // Test malformed ciphertext.
- badC := append([]byte{}, c...)
- badC[i] ^= 0x23
- m, err = aead.Open(nil, n[:], badC, h[:i])
- require.Error(err, "Open(Bad c): %d", i)
- require.Nil(m, "Open(Bad c): len(m) %d", i)
- // Test malformed AD.
- if i > 0 {
- badH := append([]byte{}, h[:i]...)
- badH[i-1] ^= 0x23
- m, err = aead.Open(nil, n[:], c, badH)
- require.Error(err, "Open(Bad h): %d", i)
- require.Nil(m, "Open(Bad h): len(m) %d", i)
- }
- }
- require.Equal(kat1280256, katAcc, "Final concatenated cipher texts.")
- }
- func BenchmarkMORUS(b *testing.B) {
- forceDisableHardwareAcceleration()
- doBenchmarkMORUS(b)
- if !canAccelerate {
- b.Log("Hardware acceleration not supported on this host.")
- return
- }
- mustInitHardwareAcceleration()
- doBenchmarkMORUS(b)
- }
- func doBenchmarkMORUS(b *testing.B) {
- benchSizes := []int{8, 32, 64, 576, 1536, 4096, 1024768}
- impl := "_" + hardwareAccelImpl.name
- for _, sz := range benchSizes {
- bn := "MORUS-1280-256" + impl + "_"
- sn := fmt.Sprintf("_%d", sz)
- b.Run(bn+"Encrypt"+sn, func(b *testing.B) { doBenchmarkAEADEncrypt(b, sz) })
- b.Run(bn+"Decrypt"+sn, func(b *testing.B) { doBenchmarkAEADDecrypt(b, sz) })
- }
- }
- func doBenchmarkAEADEncrypt(b *testing.B, sz int) {
- b.StopTimer()
- b.SetBytes(int64(sz))
- nonce, key := make([]byte, NonceSize), make([]byte, KeySize)
- m, c := make([]byte, sz), make([]byte, 0, sz+TagSize)
- rand.Read(nonce)
- rand.Read(key)
- rand.Read(m)
- b.StartTimer()
- for i := 0; i < b.N; i++ {
- c = c[:0]
- c = hardwareAccelImpl.aeadEncryptFn(c, m, nil, nonce, key)
- if len(c) != sz+TagSize {
- b.Fatalf("aeadEncrypt failed")
- }
- }
- }
- func doBenchmarkAEADDecrypt(b *testing.B, sz int) {
- b.StopTimer()
- b.SetBytes(int64(sz))
- nonce, key := make([]byte, NonceSize), make([]byte, KeySize)
- m, c, d := make([]byte, sz), make([]byte, 0, sz+TagSize), make([]byte, 0, sz)
- rand.Read(nonce)
- rand.Read(key)
- rand.Read(m)
- c = hardwareAccelImpl.aeadEncryptFn(c, m, nil, nonce, key)
- b.StartTimer()
- for i := 0; i < b.N; i++ {
- d = d[:0]
- var ok bool
- d, ok = hardwareAccelImpl.aeadDecryptFn(d, c, nil, nonce, key)
- if !ok {
- b.Fatalf("aeadDecrypt failed")
- }
- }
- b.StopTimer()
- if !bytes.Equal(m, d) {
- b.Fatalf("aeadDecrypt output mismatch")
- }
- }
- func init() {
- canAccelerate = IsHardwareAccelerated()
- }
|