From: Taylor R Campbell Date: Fri, 26 Oct 2018 16:20:09 +0000 (+0000) Subject: New primitives for ChaCha stream cipher core. X-Git-Tag: mit-scheme-pucked-10.1.2~16^2~155 X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=cf30bbd6c86578ec9b219baa5752a70f4a786be0;p=mit-scheme.git New primitives for ChaCha stream cipher core. Should maybe provide a version that produces many blocks of output, and perhaps xor's them into an existing message, but this will do for my needs now. Plan to use this for a PRNG. --- diff --git a/src/microcode/chacha.h b/src/microcode/chacha.h new file mode 100644 index 000000000..f1fa94e18 --- /dev/null +++ b/src/microcode/chacha.h @@ -0,0 +1,57 @@ +/*- + * Copyright (c) 2014 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Taylor R. Campbell. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef CHACHA_H +#define CHACHA_H + +#include + +#define chacha_core_OUTPUTBYTES 64 +#define chacha_core_INPUTBYTES 16 +#define chacha_core_KEYBYTES 32 +#define chacha_core_CONSTBYTES 16 + +void chacha8_core(uint8_t[chacha_core_OUTPUTBYTES], + const uint8_t[chacha_core_INPUTBYTES], + const uint8_t[chacha_core_KEYBYTES], + const uint8_t[chacha_core_CONSTBYTES]); +void chacha12_core(uint8_t[chacha_core_OUTPUTBYTES], + const uint8_t[chacha_core_INPUTBYTES], + const uint8_t[chacha_core_KEYBYTES], + const uint8_t[chacha_core_CONSTBYTES]); +void chacha20_core(uint8_t[chacha_core_OUTPUTBYTES], + const uint8_t[chacha_core_INPUTBYTES], + const uint8_t[chacha_core_KEYBYTES], + const uint8_t[chacha_core_CONSTBYTES]); + +int chacha8_core_selftest(void); +int chacha12_core_selftest(void); +int chacha20_core_selftest(void); + +#endif /* CHACHA_H */ diff --git a/src/microcode/chacha.i b/src/microcode/chacha.i new file mode 100644 index 000000000..765fc6e47 --- /dev/null +++ b/src/microcode/chacha.i @@ -0,0 +1,146 @@ +/*- + * Copyright (c) 2014 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Taylor R. Campbell. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#define _POSIX_C_SOURCE 200809L + +#include "chacha.h" + +#include + +static inline uint32_t +chacha_le32dec(const void *buf) +{ + const uint8_t *p = buf; + uint32_t v = 0; + + v |= (uint32_t)*p++ << 0; + v |= (uint32_t)*p++ << 8; + v |= (uint32_t)*p++ << 16; + v |= (uint32_t)*p++ << 24; + + return v; +} + +static inline void +chacha_le32enc(void *buf, uint32_t v) +{ + uint8_t *p = buf; + + *p++ = v & 0xff; v >>= 8; + *p++ = v & 0xff; v >>= 8; + *p++ = v & 0xff; v >>= 8; + *p++ = v & 0xff; v >>= 8; +} + +static uint32_t +rol32(uint32_t u, unsigned c) +{ + + return (u << c) | (u >> (32 - c)); +} + +#define QUARTERROUND(a, b, c, d) do { \ + (a) += (b); (d) ^= (a); (d) = rol32((d), 16); \ + (c) += (d); (b) ^= (c); (b) = rol32((b), 12); \ + (a) += (b); (d) ^= (a); (d) = rol32((d), 8); \ + (c) += (d); (b) ^= (c); (b) = rol32((b), 7); \ +} while (/*CONSTCOND*/0) + +static const uint8_t chacha_core_constant32[16] = "expand 32-byte k"; + +void +chacha_core(uint8_t *out, const uint8_t *in, const uint8_t *k, + const uint8_t *c) +{ + uint32_t x0,x1,x2,x3,x4,x5,x6,x7,x8,x9,x10,x11,x12,x13,x14,x15; + uint32_t j0,j1,j2,j3,j4,j5,j6,j7,j8,j9,j10,j11,j12,j13,j14,j15; + int i; + + j0 = x0 = chacha_le32dec(c + 0); + j1 = x1 = chacha_le32dec(c + 4); + j2 = x2 = chacha_le32dec(c + 8); + j3 = x3 = chacha_le32dec(c + 12); + j4 = x4 = chacha_le32dec(k + 0); + j5 = x5 = chacha_le32dec(k + 4); + j6 = x6 = chacha_le32dec(k + 8); + j7 = x7 = chacha_le32dec(k + 12); + j8 = x8 = chacha_le32dec(k + 16); + j9 = x9 = chacha_le32dec(k + 20); + j10 = x10 = chacha_le32dec(k + 24); + j11 = x11 = chacha_le32dec(k + 28); + j12 = x12 = chacha_le32dec(in + 0); + j13 = x13 = chacha_le32dec(in + 4); + j14 = x14 = chacha_le32dec(in + 8); + j15 = x15 = chacha_le32dec(in + 12); + + for (i = chacha_core_ROUNDS; i > 0; i -= 2) { + QUARTERROUND( x0, x4, x8,x12); + QUARTERROUND( x1, x5, x9,x13); + QUARTERROUND( x2, x6,x10,x14); + QUARTERROUND( x3, x7,x11,x15); + QUARTERROUND( x0, x5,x10,x15); + QUARTERROUND( x1, x6,x11,x12); + QUARTERROUND( x2, x7, x8,x13); + QUARTERROUND( x3, x4, x9,x14); + } + + chacha_le32enc(out + 0, x0 + j0); + chacha_le32enc(out + 4, x1 + j1); + chacha_le32enc(out + 8, x2 + j2); + chacha_le32enc(out + 12, x3 + j3); + chacha_le32enc(out + 16, x4 + j4); + chacha_le32enc(out + 20, x5 + j5); + chacha_le32enc(out + 24, x6 + j6); + chacha_le32enc(out + 28, x7 + j7); + chacha_le32enc(out + 32, x8 + j8); + chacha_le32enc(out + 36, x9 + j9); + chacha_le32enc(out + 40, x10 + j10); + chacha_le32enc(out + 44, x11 + j11); + chacha_le32enc(out + 48, x12 + j12); + chacha_le32enc(out + 52, x13 + j13); + chacha_le32enc(out + 56, x14 + j14); + chacha_le32enc(out + 60, x15 + j15); +} + +int +chacha_core_selftest(void) +{ + const uint8_t nonce[chacha_core_INPUTBYTES] = {0}; + const uint8_t key[chacha_core_KEYBYTES] = {0}; + uint8_t block[64]; + unsigned i; + + chacha_core(block, nonce, key, chacha_core_constant32); + for (i = 0; i < 64; i++) { + if (block[i] != chacha_core_selftest_vector[i]) + return -1; + } + + return 0; +} diff --git a/src/microcode/chacha12.c b/src/microcode/chacha12.c new file mode 100644 index 000000000..727a74ecc --- /dev/null +++ b/src/microcode/chacha12.c @@ -0,0 +1,49 @@ +/*- + * Copyright (c) 2014 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Taylor R. Campbell. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +static const uint8_t chacha12_core_selftest_vector[64] = { + 0x9b,0xf4,0x9a,0x6a,0x07,0x55,0xf9,0x53, + 0x81,0x1f,0xce,0x12,0x5f,0x26,0x83,0xd5, + 0x04,0x29,0xc3,0xbb,0x49,0xe0,0x74,0x14, + 0x7e,0x00,0x89,0xa5,0x2e,0xae,0x15,0x5f, + 0x05,0x64,0xf8,0x79,0xd2,0x7a,0xe3,0xc0, + 0x2c,0xe8,0x28,0x34,0xac,0xfa,0x8c,0x79, + 0x3a,0x62,0x9f,0x2c,0xa0,0xde,0x69,0x19, + 0x61,0x0b,0xe8,0x2f,0x41,0x13,0x26,0xbe, +}; + +#define chacha_core_ROUNDS 12 + +#define chacha_core chacha12_core +#define chacha_core_selftest chacha12_core_selftest +#define chacha_core_selftest_vector chacha12_core_selftest_vector + +#include "chacha.i" diff --git a/src/microcode/chacha20.c b/src/microcode/chacha20.c new file mode 100644 index 000000000..d6e5cef54 --- /dev/null +++ b/src/microcode/chacha20.c @@ -0,0 +1,49 @@ +/*- + * Copyright (c) 2014 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Taylor R. Campbell. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +static const uint8_t chacha20_core_selftest_vector[64] = { + 0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90, + 0x40,0x5d,0x6a,0xe5,0x53,0x86,0xbd,0x28, + 0xbd,0xd2,0x19,0xb8,0xa0,0x8d,0xed,0x1a, + 0xa8,0x36,0xef,0xcc,0x8b,0x77,0x0d,0xc7, + 0xda,0x41,0x59,0x7c,0x51,0x57,0x48,0x8d, + 0x77,0x24,0xe0,0x3f,0xb8,0xd8,0x4a,0x37, + 0x6a,0x43,0xb8,0xf4,0x15,0x18,0xa1,0x1c, + 0xc3,0x87,0xb6,0x69,0xb2,0xee,0x65,0x86, +}; + +#define chacha_core_ROUNDS 20 + +#define chacha_core chacha20_core +#define chacha_core_selftest chacha20_core_selftest +#define chacha_core_selftest_vector chacha20_core_selftest_vector + +#include "chacha.i" diff --git a/src/microcode/chacha8.c b/src/microcode/chacha8.c new file mode 100644 index 000000000..b41e88b85 --- /dev/null +++ b/src/microcode/chacha8.c @@ -0,0 +1,49 @@ +/*- + * Copyright (c) 2014 The NetBSD Foundation, Inc. + * All rights reserved. + * + * This code is derived from software contributed to The NetBSD Foundation + * by Taylor R. Campbell. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#include + +static const uint8_t chacha8_core_selftest_vector[64] = { + 0x3e,0x00,0xef,0x2f,0x89,0x5f,0x40,0xd6, + 0x7f,0x5b,0xb8,0xe8,0x1f,0x09,0xa5,0xa1, + 0x2c,0x84,0x0e,0xc3,0xce,0x9a,0x7f,0x3b, + 0x18,0x1b,0xe1,0x88,0xef,0x71,0x1a,0x1e, + 0x98,0x4c,0xe1,0x72,0xb9,0x21,0x6f,0x41, + 0x9f,0x44,0x53,0x67,0x45,0x6d,0x56,0x19, + 0x31,0x4a,0x42,0xa3,0xda,0x86,0xb0,0x01, + 0x38,0x7b,0xfd,0xb8,0x0e,0x0c,0xfe,0x42, +}; + +#define chacha_core_ROUNDS 8 + +#define chacha_core chacha8_core +#define chacha_core_selftest chacha8_core_selftest +#define chacha_core_selftest_vector chacha8_core_selftest_vector + +#include "chacha.i" diff --git a/src/microcode/makegen/files-core.scm b/src/microcode/makegen/files-core.scm index 6fa27cc0f..d359de20d 100644 --- a/src/microcode/makegen/files-core.scm +++ b/src/microcode/makegen/files-core.scm @@ -34,6 +34,9 @@ USA. "bitstr" "boot" "bytevector" +"chacha12" +"chacha20" +"chacha8" "char" "daemon" "debug" @@ -65,6 +68,7 @@ USA. "osscheme" "ostty" "outf" +"prchacha" "prim" "primutl" "prkeccak" diff --git a/src/microcode/prchacha.c b/src/microcode/prchacha.c new file mode 100644 index 000000000..6149e9f55 --- /dev/null +++ b/src/microcode/prchacha.c @@ -0,0 +1,90 @@ +/* -*-C-*- + +Copyright (C) 1986, 1987, 1988, 1989, 1990, 1991, 1992, 1993, 1994, + 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, + 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, + 2017, 2018 Massachusetts Institute of Technology + +This file is part of MIT/GNU Scheme. + +MIT/GNU Scheme is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +MIT/GNU Scheme is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with MIT/GNU Scheme; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, +USA. + +*/ + +#include "chacha.h" +#include "prims.h" + +static void +do_chacha_core(void (*core)(uint8_t *, const uint8_t *, const uint8_t *, + const uint8_t *)) +{ + uint8_t * output; + unsigned long offset; + const uint8_t * input; + const uint8_t * key; + const uint8_t * constant; + unsigned long noutput, ninput, nkey, nconstant; + + output = (arg_bytevector (1, (&noutput))); + if (noutput < 64) + error_bad_range_arg (1); + + offset = (arg_ulong_index_integer (2, noutput - 63)); + + input = (arg_bytevector (3, (&ninput))); + if (ninput != 16) + error_bad_range_arg (3); + + key = (arg_bytevector (4, (&nkey))); + if (nkey != 32) + error_bad_range_arg (4); + + constant = (arg_bytevector (5, (&nconstant))); + if (nconstant != 16) + error_bad_range_arg (5); + + (*core)(output, input, key, constant); +} + +DEFINE_PRIMITIVE ("CHACHA8-CORE", Prim_chacha8_core, 5, 5, + "(OUTPUT OFFSET INPUT KEY CONSTANT)\n\ +Compute the ChaCha8 core hash function:\n\ +OUTPUT[OFFSET, OFFSET+1, ..., OFFSET+63] := ChaCha8(INPUT, KEY, CONST).") +{ + PRIMITIVE_HEADER (1); + do_chacha_core(&chacha8_core); + PRIMITIVE_RETURN (UNSPECIFIC); +} + +DEFINE_PRIMITIVE ("CHACHA12-CORE", Prim_chacha12_core, 5, 5, + "(OUTPUT OFFSET INPUT KEY CONSTANT)\n\ +Compute the ChaCha12 core hash function:\n\ +OUTPUT[OFFSET, OFFSET+1, ..., OFFSET+63] := ChaCha12(INPUT, KEY, CONST).") +{ + PRIMITIVE_HEADER (1); + do_chacha_core(&chacha12_core); + PRIMITIVE_RETURN (UNSPECIFIC); +} + +DEFINE_PRIMITIVE ("CHACHA20-CORE", Prim_chacha20_core, 5, 5, + "(OUTPUT OFFSET INPUT KEY CONSTANT)\n\ +Compute the ChaCha20 core hash function:\n\ +OUTPUT[OFFSET, OFFSET+1, ..., OFFSET+63] := ChaCha20(INPUT, KEY, CONST).") +{ + PRIMITIVE_HEADER (1); + do_chacha_core(&chacha20_core); + PRIMITIVE_RETURN (UNSPECIFIC); +} diff --git a/tests/check.scm b/tests/check.scm index 4bc61a656..11e6c1084 100644 --- a/tests/check.scm +++ b/tests/check.scm @@ -40,6 +40,7 @@ USA. (define known-tests '( + "microcode/test-chacha" ;++ Kludge to run the flonum cast tests interpreted and compiled -- ;++ the compiler has a bug with negative zero. "microcode/test-flonum-casts" diff --git a/tests/microcode/test-chacha.scm b/tests/microcode/test-chacha.scm new file mode 100644 index 000000000..8323fa266 --- /dev/null +++ b/tests/microcode/test-chacha.scm @@ -0,0 +1,70 @@ +#| -*-Scheme-*- + +Copyright (C) 1986, 1987, 1988, 1989, 1990, 1991, 1992, 1993, 1994, + 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, + 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, + 2017, 2018 Massachusetts Institute of Technology + +This file is part of MIT/GNU Scheme. + +MIT/GNU Scheme is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2 of the License, or (at +your option) any later version. + +MIT/GNU Scheme is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with MIT/GNU Scheme; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, +USA. + +|# + +;;;; Tests of ChaCha + +(define (define-chacha-core-test name primitive expected) + (define-test name + (lambda () + (let ((output (make-bytevector 64)) + (input (make-bytevector 16 0)) + (key (make-bytevector 32 0)) + (constant (string->utf8 "expand 32-byte k"))) + (primitive output 0 input key constant) + (assert-equal output expected))))) + +(define-chacha-core-test 'chacha8-core + (make-primitive-procedure 'chacha8-core 5) + '#u8(#x3e #x00 #xef #x2f #x89 #x5f #x40 #xd6 + #x7f #x5b #xb8 #xe8 #x1f #x09 #xa5 #xa1 + #x2c #x84 #x0e #xc3 #xce #x9a #x7f #x3b + #x18 #x1b #xe1 #x88 #xef #x71 #x1a #x1e + #x98 #x4c #xe1 #x72 #xb9 #x21 #x6f #x41 + #x9f #x44 #x53 #x67 #x45 #x6d #x56 #x19 + #x31 #x4a #x42 #xa3 #xda #x86 #xb0 #x01 + #x38 #x7b #xfd #xb8 #x0e #x0c #xfe #x42)) + +(define-chacha-core-test 'chacha12-core + (make-primitive-procedure 'chacha12-core 5) + '#u8(#x9b #xf4 #x9a #x6a #x07 #x55 #xf9 #x53 + #x81 #x1f #xce #x12 #x5f #x26 #x83 #xd5 + #x04 #x29 #xc3 #xbb #x49 #xe0 #x74 #x14 + #x7e #x00 #x89 #xa5 #x2e #xae #x15 #x5f + #x05 #x64 #xf8 #x79 #xd2 #x7a #xe3 #xc0 + #x2c #xe8 #x28 #x34 #xac #xfa #x8c #x79 + #x3a #x62 #x9f #x2c #xa0 #xde #x69 #x19 + #x61 #x0b #xe8 #x2f #x41 #x13 #x26 #xbe)) + +(define-chacha-core-test 'chacha20-core + (make-primitive-procedure 'chacha20-core 5) + '#u8(#x76 #xb8 #xe0 #xad #xa0 #xf1 #x3d #x90 + #x40 #x5d #x6a #xe5 #x53 #x86 #xbd #x28 + #xbd #xd2 #x19 #xb8 #xa0 #x8d #xed #x1a + #xa8 #x36 #xef #xcc #x8b #x77 #x0d #xc7 + #xda #x41 #x59 #x7c #x51 #x57 #x48 #x8d + #x77 #x24 #xe0 #x3f #xb8 #xd8 #x4a #x37 + #x6a #x43 #xb8 #xf4 #x15 #x18 #xa1 #x1c + #xc3 #x87 #xb6 #x69 #xb2 #xee #x65 #x86)) \ No newline at end of file