mgm/mode_test.go

   1 // GoGOST -- Pure Go GOST cryptographic functions library
   2 // Copyright (C) 2015-2021 Sergey Matveev <stargrave@stargrave.org>
   3 //
   4 // This program is free software: you can redistribute it and/or modify
   5 // it under the terms of the GNU General Public License as published by
   6 // the Free Software Foundation, version 3 of the License.
   7 //
   8 // This program is distributed in the hope that it will be useful,
   9 // but WITHOUT ANY WARRANTY; without even the implied warranty of
  10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11 // GNU General Public License for more details.
  12 //
  13 // You should have received a copy of the GNU General Public License
  14 // along with this program.  If not, see <http://www.gnu.org/licenses/>.
  15
  16 package mgm
  17
  18 import (
  19         "bytes"
  20         "crypto/cipher"
  21         "crypto/rand"
  22         "io"
  23         "testing"
  24         "testing/quick"
  25
  26         "go.cypherpunks.ru/gogost/v5/gost3412128"
  27         "go.cypherpunks.ru/gogost/v5/gost341264"
  28 )
  29
  30 func TestVector(t *testing.T) {
  31         key := []byte{
  32                 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
  33                 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  34                 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10,
  35                 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
  36         }
  37         additionalData := []byte{
  38                 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
  39                 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
  40                 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
  41                 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03,
  42                 0xEA, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05, 0x05,
  43                 0x05,
  44         }
  45         plaintext := []byte{
  46                 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x00,
  47                 0xFF, 0xEE, 0xDD, 0xCC, 0xBB, 0xAA, 0x99, 0x88,
  48                 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  49                 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A,
  50                 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
  51                 0x99, 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00,
  52                 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99,
  53                 0xAA, 0xBB, 0xCC, 0xEE, 0xFF, 0x0A, 0x00, 0x11,
  54                 0xAA, 0xBB, 0xCC,
  55         }
  56         c := gost3412128.NewCipher(key)
  57         nonce := plaintext[:16]
  58         aead, _ := NewMGM(c, 16)
  59         sealed := aead.Seal(nil, nonce, plaintext, additionalData)
  60         if bytes.Compare(sealed[:len(plaintext)], []byte{
  61                 0xA9, 0x75, 0x7B, 0x81, 0x47, 0x95, 0x6E, 0x90,
  62                 0x55, 0xB8, 0xA3, 0x3D, 0xE8, 0x9F, 0x42, 0xFC,
  63                 0x80, 0x75, 0xD2, 0x21, 0x2B, 0xF9, 0xFD, 0x5B,
  64                 0xD3, 0xF7, 0x06, 0x9A, 0xAD, 0xC1, 0x6B, 0x39,
  65                 0x49, 0x7A, 0xB1, 0x59, 0x15, 0xA6, 0xBA, 0x85,
  66                 0x93, 0x6B, 0x5D, 0x0E, 0xA9, 0xF6, 0x85, 0x1C,
  67                 0xC6, 0x0C, 0x14, 0xD4, 0xD3, 0xF8, 0x83, 0xD0,
  68                 0xAB, 0x94, 0x42, 0x06, 0x95, 0xC7, 0x6D, 0xEB,
  69                 0x2C, 0x75, 0x52,
  70         }) != 0 {
  71                 t.FailNow()
  72         }
  73         if bytes.Compare(sealed[len(plaintext):], []byte{
  74                 0xCF, 0x5D, 0x65, 0x6F, 0x40, 0xC3, 0x4F, 0x5C,
  75                 0x46, 0xE8, 0xBB, 0x0E, 0x29, 0xFC, 0xDB, 0x4C,
  76         }) != 0 {
  77                 t.FailNow()
  78         }
  79         _, err := aead.Open(sealed[:0], nonce, sealed, additionalData)
  80         if err != nil {
  81                 t.FailNow()
  82         }
  83         if bytes.Compare(sealed[:len(plaintext)], plaintext) != 0 {
  84                 t.FailNow()
  85         }
  86 }
  87
  88 func TestSymmetric(t *testing.T) {
  89         sym := func(keySize, blockSize int, c cipher.Block, nonce []byte) {
  90                 f := func(
  91                         plaintext, additionalData []byte,
  92                         initials [][]byte,
  93                         tagSize uint8,
  94                 ) bool {
  95                         if len(plaintext) == 0 && len(additionalData) == 0 {
  96                                 return true
  97                         }
  98                         tagSize = 4 + tagSize%uint8(blockSize-4)
  99                         aead, err := NewMGM(c, int(tagSize))
 100                         if err != nil {
 101                                 return false
 102                         }
 103                         for _, initial := range initials {
 104                                 sealed := aead.Seal(initial, nonce, plaintext, additionalData)
 105                                 if bytes.Compare(sealed[:len(initial)], initial) != 0 {
 106                                         return false
 107                                 }
 108                                 pt, err := aead.Open(
 109                                         sealed[:0],
 110                                         nonce,
 111                                         sealed[len(initial):],
 112                                         additionalData,
 113                                 )
 114                                 if err != nil || bytes.Compare(pt, plaintext) != 0 {
 115                                         return false
 116                                 }
 117                         }
 118                         return true
 119                 }
 120                 if err := quick.Check(f, nil); err != nil {
 121                         t.Error(err)
 122                 }
 123         }
 124
 125         key128 := new([gost3412128.KeySize]byte)
 126         if _, err := rand.Read(key128[:]); err != nil {
 127                 panic(err)
 128         }
 129         nonce := make([]byte, gost3412128.BlockSize)
 130         if _, err := rand.Read(key128[1:]); err != nil {
 131                 panic(err)
 132         }
 133         sym(
 134                 gost3412128.KeySize,
 135                 gost3412128.BlockSize,
 136                 gost3412128.NewCipher(key128[:]),
 137                 nonce[:gost3412128.BlockSize],
 138         )
 139
 140         key64 := new([gost341264.KeySize]byte)
 141         copy(key64[:], key128[:])
 142         sym(
 143                 gost341264.KeySize,
 144                 gost341264.BlockSize,
 145                 gost341264.NewCipher(key64[:]),
 146                 nonce[:gost341264.BlockSize],
 147         )
 148 }
 149
 150 func BenchmarkMGM64(b *testing.B) {
 151         key := make([]byte, gost341264.KeySize)
 152         if _, err := io.ReadFull(rand.Reader, key); err != nil {
 153                 panic(err)
 154         }
 155         nonce := make([]byte, gost341264.BlockSize)
 156         if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
 157                 panic(err)
 158         }
 159         nonce[0] &= 0x7F
 160         pt := make([]byte, 1280+3)
 161         if _, err := io.ReadFull(rand.Reader, pt); err != nil {
 162                 panic(err)
 163         }
 164         c := gost341264.NewCipher(key)
 165         aead, err := NewMGM(c, gost341264.BlockSize)
 166         if err != nil {
 167                 panic(err)
 168         }
 169         ct := make([]byte, len(pt)+aead.Overhead())
 170         b.ResetTimer()
 171         for i := 0; i < b.N; i++ {
 172                 aead.Seal(ct[:0], nonce, pt, nil)
 173         }
 174 }
 175
 176 func BenchmarkMGM128(b *testing.B) {
 177         key := make([]byte, gost3412128.KeySize)
 178         if _, err := io.ReadFull(rand.Reader, key); err != nil {
 179                 panic(err)
 180         }
 181         nonce := make([]byte, gost3412128.BlockSize)
 182         if _, err := io.ReadFull(rand.Reader, nonce); err != nil {
 183                 panic(err)
 184         }
 185         nonce[0] &= 0x7F
 186         pt := make([]byte, 1280+3)
 187         if _, err := io.ReadFull(rand.Reader, pt); err != nil {
 188                 panic(err)
 189         }
 190         c := gost3412128.NewCipher(key)
 191         aead, err := NewMGM(c, gost3412128.BlockSize)
 192         if err != nil {
 193                 panic(err)
 194         }
 195         ct := make([]byte, len(pt)+aead.Overhead())
 196         b.ResetTimer()
 197         for i := 0; i < b.N; i++ {
 198                 aead.Seal(ct[:0], nonce, pt, nil)
 199         }
 200 }