internal/poly1305/poly1305_test.go - crypto - Git at Google

 // Copyright 2012 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 package poly1305

 import (
 	"crypto/rand"
 	"encoding/binary"
 	"encoding/hex"
 	"flag"
 	"testing"
 	"unsafe"
 )

 var stressFlag = flag.Bool("stress", false, "run slow stress tests")

 type test struct {
 	in    string
 	key   string
 	tag   string
 	state string
 }

 func (t *test) Input() []byte {
 	in, err := hex.DecodeString(t.in)
 	if err != nil {
 		panic(err)
 	}
 	return in
 }

 func (t *test) Key() [32]byte {
 	buf, err := hex.DecodeString(t.key)
 	if err != nil {
 		panic(err)
 	}
 	var key [32]byte
 	copy(key[:], buf[:32])
 	return key
 }

 func (t *test) Tag() [16]byte {
 	buf, err := hex.DecodeString(t.tag)
 	if err != nil {
 		panic(err)
 	}
 	var tag [16]byte
 	copy(tag[:], buf[:16])
 	return tag
 }

 func (t *test) InitialState() [3]uint64 {
 	// state is hex encoded in big-endian byte order
 	if t.state == "" {
 		return [3]uint64{0, 0, 0}
 	}
 	buf, err := hex.DecodeString(t.state)
 	if err != nil {
 		panic(err)
 	}
 	if len(buf) != 3*8 {
 		panic("incorrect state length")
 	}
 	return [3]uint64{
 		binary.BigEndian.Uint64(buf[16:24]),
 		binary.BigEndian.Uint64(buf[8:16]),
 		binary.BigEndian.Uint64(buf[0:8]),
 	}
 }

 func testSum(t *testing.T, unaligned bool, sumImpl func(tag *[TagSize]byte, msg []byte, key *[32]byte)) {
 	var tag [16]byte
 	for i, v := range testData {
 		// cannot set initial state before calling sum, so skip those tests
 		if v.InitialState() != [3]uint64{0, 0, 0} {
 			continue
 		}

 		in := v.Input()
 		if unaligned {
 			in = unalignBytes(in)
 		}
 		key := v.Key()
 		sumImpl(&tag, in, &key)
 		if tag != v.Tag() {
 			t.Errorf("%d: expected %x, got %x", i, v.Tag(), tag[:])
 		}
 		if !Verify(&tag, in, &key) {
 			t.Errorf("%d: tag didn't verify", i)
 		}
 		// If the key is zero, the tag will always be zero, independent of the input.
 		if len(in) > 0 && key != [32]byte{} {
 			in[0] ^= 0xff
 			if Verify(&tag, in, &key) {
 				t.Errorf("%d: tag verified after altering the input", i)
 			}
 			in[0] ^= 0xff
 		}
 		// If the input is empty, the tag only depends on the second half of the key.
 		if len(in) > 0 {
 			key[0] ^= 0xff
 			if Verify(&tag, in, &key) {
 				t.Errorf("%d: tag verified after altering the key", i)
 			}
 			key[0] ^= 0xff
 		}
 		tag[0] ^= 0xff
 		if Verify(&tag, in, &key) {
 			t.Errorf("%d: tag verified after altering the tag", i)
 		}
 		tag[0] ^= 0xff
 	}
 }

 func TestBurnin(t *testing.T) {
 	// This test can be used to sanity-check significant changes. It can
 	// take about many minutes to run, even on fast machines. It's disabled
 	// by default.
 	if !*stressFlag {
 		t.Skip("skipping without -stress")
 	}

 	var key [32]byte
 	var input [25]byte
 	var output [16]byte

 	for i := range key {
 		key[i] = 1
 	}
 	for i := range input {
 		input[i] = 2
 	}

 	for i := uint64(0); i < 1e10; i++ {
 		Sum(&output, input[:], &key)
 		copy(key[0:], output[:])
 		copy(key[16:], output[:])
 		copy(input[:], output[:])
 		copy(input[16:], output[:])
 	}

 	const expected = "5e3b866aea0b636d240c83c428f84bfa"
 	if got := hex.EncodeToString(output[:]); got != expected {
 		t.Errorf("expected %s, got %s", expected, got)
 	}
 }

 func TestSum(t *testing.T)                 { testSum(t, false, Sum) }
 func TestSumUnaligned(t *testing.T)        { testSum(t, true, Sum) }
 func TestSumGeneric(t *testing.T)          { testSum(t, false, sumGeneric) }
 func TestSumGenericUnaligned(t *testing.T) { testSum(t, true, sumGeneric) }

 func TestWriteGeneric(t *testing.T)          { testWriteGeneric(t, false) }
 func TestWriteGenericUnaligned(t *testing.T) { testWriteGeneric(t, true) }
 func TestWrite(t *testing.T)                 { testWrite(t, false) }
 func TestWriteUnaligned(t *testing.T)        { testWrite(t, true) }

 func testWriteGeneric(t *testing.T, unaligned bool) {
 	for i, v := range testData {
 		key := v.Key()
 		input := v.Input()
 		var out [16]byte

 		if unaligned {
 			input = unalignBytes(input)
 		}
 		h := newMACGeneric(&key)
 		if s := v.InitialState(); s != [3]uint64{0, 0, 0} {
 			h.macState.h = s
 		}
 		n, err := h.Write(input[:len(input)/3])
 		if err != nil || n != len(input[:len(input)/3]) {
 			t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
 		}
 		n, err = h.Write(input[len(input)/3:])
 		if err != nil || n != len(input[len(input)/3:]) {
 			t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
 		}
 		h.Sum(&out)
 		if tag := v.Tag(); out != tag {
 			t.Errorf("%d: expected %x, got %x", i, tag[:], out[:])
 		}
 	}
 }

 func testWrite(t *testing.T, unaligned bool) {
 	for i, v := range testData {
 		key := v.Key()
 		input := v.Input()
 		var out [16]byte

 		if unaligned {
 			input = unalignBytes(input)
 		}
 		h := New(&key)
 		if s := v.InitialState(); s != [3]uint64{0, 0, 0} {
 			h.macState.h = s
 		}
 		n, err := h.Write(input[:len(input)/3])
 		if err != nil || n != len(input[:len(input)/3]) {
 			t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
 		}
 		n, err = h.Write(input[len(input)/3:])
 		if err != nil || n != len(input[len(input)/3:]) {
 			t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
 		}
 		h.Sum(out[:0])
 		tag := v.Tag()
 		if out != tag {
 			t.Errorf("%d: expected %x, got %x", i, tag[:], out[:])
 		}
 		if !h.Verify(tag[:]) {
 			t.Errorf("%d: Verify failed", i)
 		}
 		tag[0] ^= 0xff
 		if h.Verify(tag[:]) {
 			t.Errorf("%d: Verify succeeded after modifying the tag", i)
 		}
 	}
 }

 func benchmarkSum(b *testing.B, size int, unaligned bool) {
 	var out [16]byte
 	var key [32]byte
 	in := make([]byte, size)
 	if unaligned {
 		in = unalignBytes(in)
 	}
 	rand.Read(in)
 	b.SetBytes(int64(len(in)))
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		Sum(&out, in, &key)
 	}
 }

 func benchmarkWrite(b *testing.B, size int, unaligned bool) {
 	var key [32]byte
 	h := New(&key)
 	in := make([]byte, size)
 	if unaligned {
 		in = unalignBytes(in)
 	}
 	rand.Read(in)
 	b.SetBytes(int64(len(in)))
 	b.ResetTimer()
 	for i := 0; i < b.N; i++ {
 		h.Write(in)
 	}
 }

 func Benchmark64(b *testing.B)          { benchmarkSum(b, 64, false) }
 func Benchmark1K(b *testing.B)          { benchmarkSum(b, 1024, false) }
 func Benchmark2M(b *testing.B)          { benchmarkSum(b, 2*1024*1024, false) }
 func Benchmark64Unaligned(b *testing.B) { benchmarkSum(b, 64, true) }
 func Benchmark1KUnaligned(b *testing.B) { benchmarkSum(b, 1024, true) }
 func Benchmark2MUnaligned(b *testing.B) { benchmarkSum(b, 2*1024*1024, true) }

 func BenchmarkWrite64(b *testing.B)          { benchmarkWrite(b, 64, false) }
 func BenchmarkWrite1K(b *testing.B)          { benchmarkWrite(b, 1024, false) }
 func BenchmarkWrite2M(b *testing.B)          { benchmarkWrite(b, 2*1024*1024, false) }
 func BenchmarkWrite64Unaligned(b *testing.B) { benchmarkWrite(b, 64, true) }
 func BenchmarkWrite1KUnaligned(b *testing.B) { benchmarkWrite(b, 1024, true) }
 func BenchmarkWrite2MUnaligned(b *testing.B) { benchmarkWrite(b, 2*1024*1024, true) }

 func unalignBytes(in []byte) []byte {
 	out := make([]byte, len(in)+1)
 	if uintptr(unsafe.Pointer(&out[0]))&(unsafe.Alignof(uint32(0))-1) == 0 {
 		out = out[1:]
 	} else {
 		out = out[:len(in)]
 	}
 	copy(out, in)
 	return out
 }
	// Copyright 2012 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	package poly1305

	import (
	"crypto/rand"
	"encoding/binary"
	"encoding/hex"
	"flag"
	"testing"
	"unsafe"
	)

	var stressFlag = flag.Bool("stress", false, "run slow stress tests")

	type test struct {
	in string
	key string
	tag string
	state string
	}

	func (t *test) Input() []byte {
	in, err := hex.DecodeString(t.in)
	if err != nil {
	panic(err)
	}
	return in
	}

	func (t *test) Key() [32]byte {
	buf, err := hex.DecodeString(t.key)
	if err != nil {
	panic(err)
	}
	var key [32]byte
	copy(key[:], buf[:32])
	return key
	}

	func (t *test) Tag() [16]byte {
	buf, err := hex.DecodeString(t.tag)
	if err != nil {
	panic(err)
	}
	var tag [16]byte
	copy(tag[:], buf[:16])
	return tag
	}

	func (t *test) InitialState() [3]uint64 {
	// state is hex encoded in big-endian byte order
	if t.state == "" {
	return [3]uint64{0, 0, 0}
	}
	buf, err := hex.DecodeString(t.state)
	if err != nil {
	panic(err)
	}
	if len(buf) != 3*8 {
	panic("incorrect state length")
	}
	return [3]uint64{
	binary.BigEndian.Uint64(buf[16:24]),
	binary.BigEndian.Uint64(buf[8:16]),
	binary.BigEndian.Uint64(buf[0:8]),
	}
	}

	func testSum(t testing.T, unaligned bool, sumImpl func(tag [TagSize]byte, msg []byte, key *[32]byte)) {
	var tag [16]byte
	for i, v := range testData {
	// cannot set initial state before calling sum, so skip those tests
	if v.InitialState() != [3]uint64{0, 0, 0} {
	continue
	}

	in := v.Input()
	if unaligned {
	in = unalignBytes(in)
	}
	key := v.Key()
	sumImpl(&tag, in, &key)
	if tag != v.Tag() {
	t.Errorf("%d: expected %x, got %x", i, v.Tag(), tag[:])
	}
	if !Verify(&tag, in, &key) {
	t.Errorf("%d: tag didn't verify", i)
	}
	// If the key is zero, the tag will always be zero, independent of the input.
	if len(in) > 0 && key != [32]byte{} {
	in[0] ^= 0xff
	if Verify(&tag, in, &key) {
	t.Errorf("%d: tag verified after altering the input", i)
	}
	in[0] ^= 0xff
	}
	// If the input is empty, the tag only depends on the second half of the key.
	if len(in) > 0 {
	key[0] ^= 0xff
	if Verify(&tag, in, &key) {
	t.Errorf("%d: tag verified after altering the key", i)
	}
	key[0] ^= 0xff
	}
	tag[0] ^= 0xff
	if Verify(&tag, in, &key) {
	t.Errorf("%d: tag verified after altering the tag", i)
	}
	tag[0] ^= 0xff
	}
	}

	func TestBurnin(t *testing.T) {
	// This test can be used to sanity-check significant changes. It can
	// take about many minutes to run, even on fast machines. It's disabled
	// by default.
	if !*stressFlag {
	t.Skip("skipping without -stress")
	}

	var key [32]byte
	var input [25]byte
	var output [16]byte

	for i := range key {
	key[i] = 1
	}
	for i := range input {
	input[i] = 2
	}

	for i := uint64(0); i < 1e10; i++ {
	Sum(&output, input[:], &key)
	copy(key[0:], output[:])
	copy(key[16:], output[:])
	copy(input[:], output[:])
	copy(input[16:], output[:])
	}

	const expected = "5e3b866aea0b636d240c83c428f84bfa"
	if got := hex.EncodeToString(output[:]); got != expected {
	t.Errorf("expected %s, got %s", expected, got)
	}
	}

	func TestSum(t *testing.T) { testSum(t, false, Sum) }
	func TestSumUnaligned(t *testing.T) { testSum(t, true, Sum) }
	func TestSumGeneric(t *testing.T) { testSum(t, false, sumGeneric) }
	func TestSumGenericUnaligned(t *testing.T) { testSum(t, true, sumGeneric) }

	func TestWriteGeneric(t *testing.T) { testWriteGeneric(t, false) }
	func TestWriteGenericUnaligned(t *testing.T) { testWriteGeneric(t, true) }
	func TestWrite(t *testing.T) { testWrite(t, false) }
	func TestWriteUnaligned(t *testing.T) { testWrite(t, true) }

	func testWriteGeneric(t *testing.T, unaligned bool) {
	for i, v := range testData {
	key := v.Key()
	input := v.Input()
	var out [16]byte

	if unaligned {
	input = unalignBytes(input)
	}
	h := newMACGeneric(&key)
	if s := v.InitialState(); s != [3]uint64{0, 0, 0} {
	h.macState.h = s
	}
	n, err := h.Write(input[:len(input)/3])
	if err != nil \|\| n != len(input[:len(input)/3]) {
	t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
	}
	n, err = h.Write(input[len(input)/3:])
	if err != nil \|\| n != len(input[len(input)/3:]) {
	t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
	}
	h.Sum(&out)
	if tag := v.Tag(); out != tag {
	t.Errorf("%d: expected %x, got %x", i, tag[:], out[:])
	}
	}
	}

	func testWrite(t *testing.T, unaligned bool) {
	for i, v := range testData {
	key := v.Key()
	input := v.Input()
	var out [16]byte

	if unaligned {
	input = unalignBytes(input)
	}
	h := New(&key)
	if s := v.InitialState(); s != [3]uint64{0, 0, 0} {
	h.macState.h = s
	}
	n, err := h.Write(input[:len(input)/3])
	if err != nil \|\| n != len(input[:len(input)/3]) {
	t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
	}
	n, err = h.Write(input[len(input)/3:])
	if err != nil \|\| n != len(input[len(input)/3:]) {
	t.Errorf("#%d: unexpected Write results: n = %d, err = %v", i, n, err)
	}
	h.Sum(out[:0])
	tag := v.Tag()
	if out != tag {
	t.Errorf("%d: expected %x, got %x", i, tag[:], out[:])
	}
	if !h.Verify(tag[:]) {
	t.Errorf("%d: Verify failed", i)
	}
	tag[0] ^= 0xff
	if h.Verify(tag[:]) {
	t.Errorf("%d: Verify succeeded after modifying the tag", i)
	}
	}
	}

	func benchmarkSum(b *testing.B, size int, unaligned bool) {
	var out [16]byte
	var key [32]byte
	in := make([]byte, size)
	if unaligned {
	in = unalignBytes(in)
	}
	rand.Read(in)
	b.SetBytes(int64(len(in)))
	b.ResetTimer()
	for i := 0; i < b.N; i++ {
	Sum(&out, in, &key)
	}
	}

	func benchmarkWrite(b *testing.B, size int, unaligned bool) {
	var key [32]byte
	h := New(&key)
	in := make([]byte, size)
	if unaligned {
	in = unalignBytes(in)
	}
	rand.Read(in)
	b.SetBytes(int64(len(in)))
	b.ResetTimer()
	for i := 0; i < b.N; i++ {
	h.Write(in)
	}
	}

	func Benchmark64(b *testing.B) { benchmarkSum(b, 64, false) }
	func Benchmark1K(b *testing.B) { benchmarkSum(b, 1024, false) }
	func Benchmark2M(b testing.B) { benchmarkSum(b, 21024*1024, false) }
	func Benchmark64Unaligned(b *testing.B) { benchmarkSum(b, 64, true) }
	func Benchmark1KUnaligned(b *testing.B) { benchmarkSum(b, 1024, true) }
	func Benchmark2MUnaligned(b testing.B) { benchmarkSum(b, 21024*1024, true) }

	func BenchmarkWrite64(b *testing.B) { benchmarkWrite(b, 64, false) }
	func BenchmarkWrite1K(b *testing.B) { benchmarkWrite(b, 1024, false) }
	func BenchmarkWrite2M(b testing.B) { benchmarkWrite(b, 21024*1024, false) }
	func BenchmarkWrite64Unaligned(b *testing.B) { benchmarkWrite(b, 64, true) }
	func BenchmarkWrite1KUnaligned(b *testing.B) { benchmarkWrite(b, 1024, true) }
	func BenchmarkWrite2MUnaligned(b testing.B) { benchmarkWrite(b, 21024*1024, true) }

	func unalignBytes(in []byte) []byte {
	out := make([]byte, len(in)+1)
	if uintptr(unsafe.Pointer(&out[0]))&(unsafe.Alignof(uint32(0))-1) == 0 {
	out = out[1:]
	} else {
	out = out[:len(in)]
	}
	copy(out, in)
	return out
	}