morus_test.go 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
  1. // morus_test.go - MORUS tests
  2. //
  3. // To the extent possible under law, Yawning Angel has waived all copyright
  4. // and related or neighboring rights to the software, using the Creative
  5. // Commons "CC0" public domain dedication. See LICENSE or
  6. // <http://creativecommons.org/publicdomain/zero/1.0/> for full details.
  7. package morus
  8. import (
  9. "bytes"
  10. "crypto/rand"
  11. "fmt"
  12. "testing"
  13. "github.com/stretchr/testify/require"
  14. )
  15. var canAccelerate bool
  16. func mustInitHardwareAcceleration() {
  17. initHardwareAcceleration()
  18. if !IsHardwareAccelerated() {
  19. panic("initHardwareAcceleration() failed")
  20. }
  21. }
  22. func TestKAT(t *testing.T) {
  23. forceDisableHardwareAcceleration()
  24. impl := "_" + hardwareAccelImpl.name
  25. t.Run("MORUS-1280-256_KAT"+impl, func(t *testing.T) { doTestKAT(t) })
  26. if !canAccelerate {
  27. t.Log("Hardware acceleration not supported on this host.")
  28. return
  29. }
  30. mustInitHardwareAcceleration()
  31. impl = "_" + hardwareAccelImpl.name
  32. t.Run("MORUS-1280-256_KAT"+impl, func(t *testing.T) { doTestKAT(t) })
  33. }
  34. func doTestKAT(t *testing.T) {
  35. require := require.New(t)
  36. // There are no official test vectors, so the "known good" values used
  37. // by this test were generated by combining `genkat.c` from the NORX
  38. // source package and `supercop-20171218/crypto_aead/morus1280256v2/ref64`.
  39. var w, h [256]byte
  40. var k [32]byte
  41. var n [16]byte
  42. for i := range w {
  43. w[i] = byte(255 & (i*197 + 123))
  44. }
  45. for i := range h {
  46. h[i] = byte(255 & (i*193 + 123))
  47. }
  48. for i := range k {
  49. k[i] = byte(255 & (i*191 + 123))
  50. }
  51. for i := range n {
  52. n[i] = byte(255 & (i*181 + 123))
  53. }
  54. var katAcc []byte
  55. katOff := 0
  56. aead := New(k[:])
  57. require.Equal(NonceSize, aead.NonceSize(), "NonceSize()")
  58. require.Equal(TagSize, aead.Overhead(), "Overhead()")
  59. for i := range w {
  60. katAcc = aead.Seal(katAcc, n[:], w[:i], h[:i])
  61. c := katAcc[katOff:]
  62. require.Len(c, i+TagSize, "Seal(): len(c) %d", i)
  63. require.Equal(kat1280256[katOff:katOff+len(c)], c, "Seal(): %d", i)
  64. m, err := aead.Open(nil, n[:], c, h[:i])
  65. require.NoError(err, "Open(): %d", i)
  66. require.Len(m, i, "Open(): len(m) %d", i)
  67. if len(m) != 0 {
  68. require.Equal(m, w[:i], "Open(): m %d", i)
  69. }
  70. katOff += len(c)
  71. // Test malformed ciphertext.
  72. badC := append([]byte{}, c...)
  73. badC[i] ^= 0x23
  74. m, err = aead.Open(nil, n[:], badC, h[:i])
  75. require.Error(err, "Open(Bad c): %d", i)
  76. require.Nil(m, "Open(Bad c): len(m) %d", i)
  77. // Test malformed AD.
  78. if i > 0 {
  79. badH := append([]byte{}, h[:i]...)
  80. badH[i-1] ^= 0x23
  81. m, err = aead.Open(nil, n[:], c, badH)
  82. require.Error(err, "Open(Bad h): %d", i)
  83. require.Nil(m, "Open(Bad h): len(m) %d", i)
  84. }
  85. }
  86. require.Equal(kat1280256, katAcc, "Final concatenated cipher texts.")
  87. }
  88. func BenchmarkMORUS(b *testing.B) {
  89. forceDisableHardwareAcceleration()
  90. doBenchmarkMORUS(b)
  91. if !canAccelerate {
  92. b.Log("Hardware acceleration not supported on this host.")
  93. return
  94. }
  95. mustInitHardwareAcceleration()
  96. doBenchmarkMORUS(b)
  97. }
  98. func doBenchmarkMORUS(b *testing.B) {
  99. benchSizes := []int{8, 32, 64, 576, 1536, 4096, 1024768}
  100. impl := "_" + hardwareAccelImpl.name
  101. for _, sz := range benchSizes {
  102. bn := "MORUS-1280-256" + impl + "_"
  103. sn := fmt.Sprintf("_%d", sz)
  104. b.Run(bn+"Encrypt"+sn, func(b *testing.B) { doBenchmarkAEADEncrypt(b, sz) })
  105. b.Run(bn+"Decrypt"+sn, func(b *testing.B) { doBenchmarkAEADDecrypt(b, sz) })
  106. }
  107. }
  108. func doBenchmarkAEADEncrypt(b *testing.B, sz int) {
  109. b.StopTimer()
  110. b.SetBytes(int64(sz))
  111. nonce, key := make([]byte, NonceSize), make([]byte, KeySize)
  112. m, c := make([]byte, sz), make([]byte, 0, sz+TagSize)
  113. rand.Read(nonce)
  114. rand.Read(key)
  115. rand.Read(m)
  116. b.StartTimer()
  117. for i := 0; i < b.N; i++ {
  118. c = c[:0]
  119. c = hardwareAccelImpl.aeadEncryptFn(c, m, nil, nonce, key)
  120. if len(c) != sz+TagSize {
  121. b.Fatalf("aeadEncrypt failed")
  122. }
  123. }
  124. }
  125. func doBenchmarkAEADDecrypt(b *testing.B, sz int) {
  126. b.StopTimer()
  127. b.SetBytes(int64(sz))
  128. nonce, key := make([]byte, NonceSize), make([]byte, KeySize)
  129. m, c, d := make([]byte, sz), make([]byte, 0, sz+TagSize), make([]byte, 0, sz)
  130. rand.Read(nonce)
  131. rand.Read(key)
  132. rand.Read(m)
  133. c = hardwareAccelImpl.aeadEncryptFn(c, m, nil, nonce, key)
  134. b.StartTimer()
  135. for i := 0; i < b.N; i++ {
  136. d = d[:0]
  137. var ok bool
  138. d, ok = hardwareAccelImpl.aeadDecryptFn(d, c, nil, nonce, key)
  139. if !ok {
  140. b.Fatalf("aeadDecrypt failed")
  141. }
  142. }
  143. b.StopTimer()
  144. if !bytes.Equal(m, d) {
  145. b.Fatalf("aeadDecrypt output mismatch")
  146. }
  147. }
  148. func init() {
  149. canAccelerate = IsHardwareAccelerated()
  150. }