yawning
/
morus


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182
							// morus_test.go - MORUS tests
//
// To the extent possible under law, Yawning Angel has waived all copyright
// and related or neighboring rights to the software, using the Creative
// Commons "CC0" public domain dedication. See LICENSE or
// <http://creativecommons.org/publicdomain/zero/1.0/> for full details.

package morus

import (
	"bytes"
	"crypto/rand"
	"fmt"
	"testing"

	"github.com/stretchr/testify/require"
)

var canAccelerate bool

func mustInitHardwareAcceleration() {
	initHardwareAcceleration()
	if !IsHardwareAccelerated() {
		panic("initHardwareAcceleration() failed")
	}
}

func TestKAT(t *testing.T) {
	forceDisableHardwareAcceleration()
	impl := "_" + hardwareAccelImpl.name
	t.Run("MORUS-1280-256_KAT"+impl, func(t *testing.T) { doTestKAT(t) })

	if !canAccelerate {
		t.Log("Hardware acceleration not supported on this host.")
		return
	}
	mustInitHardwareAcceleration()
	impl = "_" + hardwareAccelImpl.name
	t.Run("MORUS-1280-256_KAT"+impl, func(t *testing.T) { doTestKAT(t) })
}

func doTestKAT(t *testing.T) {
	require := require.New(t)

	// There are no official test vectors, so the "known good" values used
	// by this test were generated by combining `genkat.c` from the NORX
	// source package and `supercop-20171218/crypto_aead/morus1280256v2/ref64`.

	var w, h [256]byte
	var k [32]byte
	var n [16]byte

	for i := range w {
		w[i] = byte(255 & (i*197 + 123))
	}
	for i := range h {
		h[i] = byte(255 & (i*193 + 123))
	}
	for i := range k {
		k[i] = byte(255 & (i*191 + 123))
	}
	for i := range n {
		n[i] = byte(255 & (i*181 + 123))
	}

	var katAcc []byte
	katOff := 0

	aead := New(k[:])
	require.Equal(NonceSize, aead.NonceSize(), "NonceSize()")
	require.Equal(TagSize, aead.Overhead(), "Overhead()")

	for i := range w {
		katAcc = aead.Seal(katAcc, n[:], w[:i], h[:i])
		c := katAcc[katOff:]
		require.Len(c, i+TagSize, "Seal(): len(c) %d", i)
		require.Equal(kat1280256[katOff:katOff+len(c)], c, "Seal(): %d", i)

		m, err := aead.Open(nil, n[:], c, h[:i])
		require.NoError(err, "Open(): %d", i)
		require.Len(m, i, "Open(): len(m) %d", i)
		if len(m) != 0 {
			require.Equal(m, w[:i], "Open(): m %d", i)
		}
		katOff += len(c)

		// Test malformed ciphertext.
		badC := append([]byte{}, c...)
		badC[i] ^= 0x23
		m, err = aead.Open(nil, n[:], badC, h[:i])
		require.Error(err, "Open(Bad c): %d", i)
		require.Nil(m, "Open(Bad c): len(m) %d", i)

		// Test malformed AD.
		if i > 0 {
			badH := append([]byte{}, h[:i]...)
			badH[i-1] ^= 0x23
			m, err = aead.Open(nil, n[:], c, badH)
			require.Error(err, "Open(Bad h): %d", i)
			require.Nil(m, "Open(Bad h): len(m) %d", i)
		}
	}
	require.Equal(kat1280256, katAcc, "Final concatenated cipher texts.")
}

func BenchmarkMORUS(b *testing.B) {
	forceDisableHardwareAcceleration()
	doBenchmarkMORUS(b)

	if !canAccelerate {
		b.Log("Hardware acceleration not supported on this host.")
		return
	}
	mustInitHardwareAcceleration()
	doBenchmarkMORUS(b)
}

func doBenchmarkMORUS(b *testing.B) {
	benchSizes := []int{8, 32, 64, 576, 1536, 4096, 1024768}
	impl := "_" + hardwareAccelImpl.name

	for _, sz := range benchSizes {
		bn := "MORUS-1280-256" + impl + "_"
		sn := fmt.Sprintf("_%d", sz)
		b.Run(bn+"Encrypt"+sn, func(b *testing.B) { doBenchmarkAEADEncrypt(b, sz) })
		b.Run(bn+"Decrypt"+sn, func(b *testing.B) { doBenchmarkAEADDecrypt(b, sz) })
	}
}

func doBenchmarkAEADEncrypt(b *testing.B, sz int) {
	b.StopTimer()
	b.SetBytes(int64(sz))

	nonce, key := make([]byte, NonceSize), make([]byte, KeySize)
	m, c := make([]byte, sz), make([]byte, 0, sz+TagSize)
	rand.Read(nonce)
	rand.Read(key)
	rand.Read(m)

	b.StartTimer()
	for i := 0; i < b.N; i++ {
		c = c[:0]

		c = hardwareAccelImpl.aeadEncryptFn(c, m, nil, nonce, key)
		if len(c) != sz+TagSize {
			b.Fatalf("aeadEncrypt failed")
		}
	}
}

func doBenchmarkAEADDecrypt(b *testing.B, sz int) {
	b.StopTimer()
	b.SetBytes(int64(sz))

	nonce, key := make([]byte, NonceSize), make([]byte, KeySize)
	m, c, d := make([]byte, sz), make([]byte, 0, sz+TagSize), make([]byte, 0, sz)
	rand.Read(nonce)
	rand.Read(key)
	rand.Read(m)

	c = hardwareAccelImpl.aeadEncryptFn(c, m, nil, nonce, key)
	b.StartTimer()
	for i := 0; i < b.N; i++ {
		d = d[:0]

		var ok bool
		d, ok = hardwareAccelImpl.aeadDecryptFn(d, c, nil, nonce, key)
		if !ok {
			b.Fatalf("aeadDecrypt failed")
		}
	}
	b.StopTimer()

	if !bytes.Equal(m, d) {
		b.Fatalf("aeadDecrypt output mismatch")
	}
}

func init() {
	canAccelerate = IsHardwareAccelerated()
}