yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
mbedtls/tests
History
Gilles Peskine fc47641e36 Add RFC 7539 test vector for ChaCha20 
The PSA Crypto API uses 0 as the initial counter value, but the test vector
in RFC 7539 uses 1. So the unit tests here include an extra leading block.
The expected data for this leading block was calculated with Cryptodome.

    #!/usr/bin/env python3
    import re
    from Cryptodome.Cipher import ChaCha20

    key = bytes.fromhex('000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f')
    nonce = bytes.fromhex('000000000000004a00000000')
    encrypt = lambda pt: ChaCha20.new(key=key, nonce=nonce).encrypt(pt)
    # Cryptodome uses counter=0, like PSA Crypto. Prepend a 64-byte input block #0
    # so that the plaintext from RFC 7539 starts exactly at block #1.
    header = b'The RFC 7539 test vector uses counter=1, but PSA uses counter=0.'
    assert(len(header) == 64)
    sunscreen = b"Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it."
    plaintext = header + sunscreen
    zeros = b'\x00' * len(plaintext)
    keystream = encrypt(zeros)
    ciphertext = encrypt(plaintext)

    print('RFC 7539 §2.4.2')
    print('Keystream:')
    print(re.sub(r'(..)', r'\1:', keystream[64:].hex()))
    print('Ciphertext Subscreen:')
    print(re.sub(r'(..)', r'\1 ', ciphertext[64:].hex()))
    print('')

    print(f"""\
    PSA symmetric decrypt: ChaCha20, RFC7539 keystream
    depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
    # Keystream from RFC 7539 §2.4.2, with an extra 64-byte output block prepended
    # because the test vector starts at counter=1 but our API starts at counter=0.
    cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"{key.hex()}":"{nonce.hex()}":"{zeros.hex()}":"{keystream.hex()}"

    PSA symmetric decrypt: ChaCha20, RFC7539 sunscreen
    depends_on:PSA_WANT_ALG_STREAM_CIPHER:PSA_WANT_KEY_TYPE_CHACHA20
    # Test vector from RFC 7539 §2.4.2, with an extra 64-byte block prepended
    # because the test vector starts at counter=1 but our API starts at counter=0.
    cipher_decrypt:PSA_ALG_STREAM_CIPHER:PSA_KEY_TYPE_CHACHA20:"{key.hex()}":"{nonce.hex()}":"{ciphertext.hex()}":"{plaintext.hex()}"
    """)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-10 18:57:09 +01:00
..
.jenkins
configs remove ifndef guard 2022-02-21 09:06:00 +08:00
data_files tests: data_files: Avoid symbolic links 2021-12-10 15:09:57 +01:00
docker/bionic Jinja2 prerequisite set up on the docker 2021-12-18 13:29:10 +05:30
git-scripts Update scripts to use check-names.py 2021-08-06 21:04:32 +01:00
include Merge pull request #5282 from AndrzejKurek/import-opaque-driver-wrappers 2022-02-07 11:14:43 +01:00
opt-testcases Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled 2022-02-11 16:10:44 +01:00
scripts Merge pull request #4408 from gilles-peskine-arm/storage-format-check-mononicity 2022-03-07 17:02:34 +01:00
src Merge pull request #5282 from AndrzejKurek/import-opaque-driver-wrappers 2022-02-07 11:14:43 +01:00
suites Add RFC 7539 test vector for ChaCha20 2022-03-10 18:57:09 +01:00
.gitignore tests: Add build of a PSA test driver library 2021-12-06 07:50:27 +01:00
CMakeLists.txt Enable -Wunused-function in cmake builds for tests 2022-02-26 19:54:41 +01:00
compat-in-docker.sh Upgrade gnutls-next to 3.7.2 2021-09-02 17:31:10 +08:00
compat.sh Fix (d)tls1_2 into (d)tls12 in version options 2021-12-02 13:22:18 +00:00
context-info.sh Modifies tests in context-info.sh 2021-06-16 16:19:53 +01:00
Descriptions.txt
make-in-docker.sh
Makefile tests: Add build of a PSA test driver library 2021-12-06 07:50:27 +01:00
ssl-opt-in-docker.sh Upgrade gnutls-next to 3.7.2 2021-09-02 17:31:10 +08:00
ssl-opt.sh Remove rsa_pss_rsae_sha256 support. 2022-02-23 10:38:25 +08:00