From db4436a27611248669b675c06869a73240bfd4f9 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Tue, 18 Sep 2018 15:58:36 +0200 Subject: chacha20: add independent self test This was already tested from the chacha20poly1305 test, but it's useful to be able to test this in isolation too. Signed-off-by: Jason A. Donenfeld --- src/crypto/zinc/chacha20/chacha20.c | 6 + src/crypto/zinc/selftest/chacha20.h | 1182 +++++++++++++++++++++++++++++++++++ 2 files changed, 1188 insertions(+) create mode 100644 src/crypto/zinc/selftest/chacha20.h diff --git a/src/crypto/zinc/chacha20/chacha20.c b/src/crypto/zinc/chacha20/chacha20.c index ef2404f..a7c7adc 100644 --- a/src/crypto/zinc/chacha20/chacha20.c +++ b/src/crypto/zinc/chacha20/chacha20.c @@ -172,6 +172,8 @@ void hchacha20(u8 derived_key[CHACHA20_KEY_SIZE], } EXPORT_SYMBOL(hchacha20); +#include "../selftest/chacha20.h" + static bool nosimd __initdata = false; #ifndef COMPAT_ZINC_IS_A_MODULE @@ -182,6 +184,10 @@ static int __init mod_init(void) { if (!nosimd) chacha20_fpu_init(); +#ifdef DEBUG + if (!chacha20_selftest()) + return -ENOTRECOVERABLE; +#endif return 0; } diff --git a/src/crypto/zinc/selftest/chacha20.h b/src/crypto/zinc/selftest/chacha20.h new file mode 100644 index 0000000..f591460 --- /dev/null +++ b/src/crypto/zinc/selftest/chacha20.h @@ -0,0 +1,1182 @@ +/* SPDX-License-Identifier: MIT + * + * Copyright (C) 2015-2018 Jason A. Donenfeld . All Rights Reserved. + */ + +#ifdef DEBUG + +enum { MAXIMUM_TEST_BUFFER_LEN = 800 }; + +struct chacha20_testvec { + u8 key[CHACHA20_KEY_SIZE]; + u64 nonce; + u8 input[MAXIMUM_TEST_BUFFER_LEN]; + u8 result[MAXIMUM_TEST_BUFFER_LEN]; + size_t ilen; +}; + +/* + * #!/usr/bin/env python3 + * + * import chacha20 + * import os + * import struct + * + * def encode_blob(blob): + * a = "" + * x = 0 + * for i in blob: + * a += ('0x%02x' % i) + "," + * x += 1 + * if x % 8 == 0: + * a += "\n\t\t " + * else: + * a += " " + * if x % 8 == 0: + * return a[:len(a) - 8] + * return a[:len(a) - 2] + * + * enc = [ ] + * dec = [ ] + * + * def make_vector(plen): + * key = os.urandom(32) + * nonce = os.urandom(8) + * p = os.urandom(plen) + * c = chacha20.chacha20_encrypt(p, key, nonce) + * + * out = "{\n" + * out += "\t.key\t= { " + encode_blob(key) + " },\n" + * out += "\t.nonce\t= " + hex(struct.unpack("