Ajout d'un test de déchiffrement ΘCB3

2 files changed, 161 insertions, 1 deletions

diff --git a/crypto_aead/lilliputaei128v1/ref/Makefile b/crypto_aead/lilliputaei128v1/ref/Makefile
index af63b4c..31167b0 100644
--- a/crypto_aead/lilliputaei128v1/ref/Makefile
+++ b/crypto_aead/lilliputaei128v1/ref/Makefile
@@ -1,4 +1,6 @@
-tests = test-tweakey test-tbc-encrypt test-tbc-decrypt test-ae-roundtrip test-ae-encrypt
+tests = test-tweakey                                    \
+test-tbc-encrypt test-tbc-decrypt                       \
+test-ae-roundtrip test-ae-encrypt test-ae-decrypt
 
 nist_flags = -std=c99 -Wall -Wextra -Wshadow -fsanitize=address,undefined -O2
 CFLAGS += -I. $(nist_flags) -Werror
@@ -26,6 +28,7 @@ test: $(tests)
 $(tests): %: results/%
 	./results/$@
 
+results/test-ae-decrypt: results/lilliput-ae-i.o results/cipher.o results/tweakey.o results/constants.o | results
 results/test-ae-encrypt: results/lilliput-ae-i.o results/cipher.o results/tweakey.o results/constants.o | results
 results/test-ae-roundtrip: results/lilliput-ae-i.o results/cipher.o results/tweakey.o results/constants.o | results
 results/test-tbc-decrypt: results/cipher.o results/tweakey.o results/constants.o | results
@@ -33,6 +36,7 @@ results/test-tbc-encrypt: results/cipher.o results/tweakey.o results/constants.o
 results/test-tweakey: results/tweakey.o results/constants.o | results
 
 results/test-*.o: test/helpers.h parameters.h
+results/test-ae-decrypt.o: lilliput-ae.h
 results/test-ae-encrypt.o: lilliput-ae.h
 results/test-ae-roundtrip.o: lilliput-ae.h
 results/test-tbc-decrypt.o: cipher.h
diff --git a/crypto_aead/lilliputaei128v1/ref/test/test-ae-decrypt.c b/crypto_aead/lilliputaei128v1/ref/test/test-ae-decrypt.c
new file mode 100644
index 0000000..c72857e
--- /dev/null
+++ b/crypto_aead/lilliputaei128v1/ref/test/test-ae-decrypt.c
@@ -0,0 +1,156 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+
+#include "lilliput-ae.h"
+
+#include "helpers.h"
+
+
+struct vector
+{
+    char *name;
+    uint8_t key[KEY_BYTES];
+    uint8_t nonce[NONCE_BYTES];
+    size_t auth_len;
+    uint8_t *auth;
+    uint8_t *ciphertext;
+    size_t ciphertext_len;
+    uint8_t tag[TAG_BYTES];
+    uint8_t *message;
+};
+
+typedef struct vector vector;
+
+
+const vector VECTORS[] = {
+    {
+        .name = "order",
+        .key = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+        },
+        .nonce = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e
+        },
+        .auth_len = 64,
+        .auth = (uint8_t[]) {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+            0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+            0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+            0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+            0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+        },
+        .ciphertext_len = 64,
+        .ciphertext = (uint8_t[]) {
+            0x92, 0xf0, 0xd5, 0x7c, 0x31, 0x0f, 0x73, 0x38,
+            0xbb, 0xc6, 0x11, 0xfb, 0xe7, 0x49, 0xd2, 0xcd,
+            0xae, 0x29, 0x67, 0xeb, 0xcd, 0xca, 0xd1, 0x07,
+            0xf0, 0x2d, 0x2a, 0x14, 0x8e, 0xec, 0x4d, 0xae,
+            0x92, 0xe3, 0x96, 0x65, 0x96, 0x84, 0xe3, 0x8d,
+            0x48, 0x36, 0x0e, 0x11, 0xec, 0xe2, 0x0a, 0x4e,
+            0xe4, 0x3c, 0xc0, 0xb5, 0xf8, 0xe7, 0xb9, 0x7a,
+            0xc1, 0xf4, 0x3b, 0xa7, 0x8b, 0xaa, 0x89, 0xe6
+        },
+        .tag = {
+            0xf3, 0x78, 0x87, 0xc3, 0xb0, 0x4a, 0xe7, 0x10,
+            0x8c, 0x14, 0x67, 0x0b, 0x38, 0x9c, 0xc0, 0x2c
+        },
+        .message = (uint8_t[]) {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+            0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+            0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+            0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+            0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+        }
+    },
+    {
+        .name = "order-padded",
+        .key = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+        },
+        .nonce = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e
+        },
+        .auth_len = 66,
+        .auth = (uint8_t[]) {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+            0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+            0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+            0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+            0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+            0x40, 0x01
+        },
+        .ciphertext_len = 66,
+        .ciphertext = (uint8_t[]) {
+            0x92, 0xf0, 0xd5, 0x7c, 0x31, 0x0f, 0x73, 0x38,
+            0xbb, 0xc6, 0x11, 0xfb, 0xe7, 0x49, 0xd2, 0xcd,
+            0xae, 0x29, 0x67, 0xeb, 0xcd, 0xca, 0xd1, 0x07,
+            0xf0, 0x2d, 0x2a, 0x14, 0x8e, 0xec, 0x4d, 0xae,
+            0x92, 0xe3, 0x96, 0x65, 0x96, 0x84, 0xe3, 0x8d,
+            0x48, 0x36, 0x0e, 0x11, 0xec, 0xe2, 0x0a, 0x4e,
+            0xe4, 0x3c, 0xc0, 0xb5, 0xf8, 0xe7, 0xb9, 0x7a,
+            0xc1, 0xf4, 0x3b, 0xa7, 0x8b, 0xaa, 0x89, 0xe6,
+            0x2d, 0x48
+        },
+        .tag = {
+            0x12, 0x99, 0x0c, 0x33, 0x41, 0x59, 0x34, 0xa7,
+            0xd9, 0xa6, 0xcc, 0xb2, 0x90, 0xfe, 0x6d, 0x3d
+        },
+        .message = (uint8_t[]) {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+            0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+            0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+            0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+            0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+            0x40, 0x01
+        }
+    }
+};
+
+
+int main()
+{
+    int diff = 0;
+
+    for (const vector *v=VECTORS; v<ARRAY_END(VECTORS); v++)
+    {
+        uint8_t message[v->ciphertext_len];
+
+        if (! lilliput_ae_decrypt(
+                v->ciphertext_len, v->ciphertext,
+                v->auth_len, v->auth,
+                v->key, v->nonce,
+                v->tag,
+                message
+            ))
+        {
+            REPORT_INVALID(v->name);
+            diff++;
+            continue;
+        }
+
+        if (memcmp(message, v->message, v->ciphertext_len) != 0)
+        {
+            REPORT_DIFFERENCE(v->name, "ciphertext");
+            diff++;
+        }
+    }
+
+    return diff;
+}