Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/master'
Browse files Browse the repository at this point in the history
  • Loading branch information
@paragonie-security
paragonie-security committed Apr 30, 2023
2 parents 0b91b39 + 3acf268 commit 580810e
Show file tree
Hide file tree
Showing 8 changed files with 11,324 additions and 1,477 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ jobs:
strategy:
fail-fast: false
matrix:
operating-system: ['ubuntu-18.04']
operating-system: ['ubuntu-latest']
php-versions: ['5.3', '5.4', '5.5', '5.6', '7.0']
steps:
- name: Checkout
Expand Down
2 changes: 2 additions & 0 deletions lib/php72compat.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1360,6 +1360,8 @@ function sodium_memcmp($string1, $string2)
* @return void
* @throws SodiumException
* @throws TypeError
*
* @psalm-suppress ReferenceConstraintViolation
*/
function sodium_memzero(&$string)
{
Expand Down
50 changes: 25 additions & 25 deletions src/Core/Poly1305/State.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -210,43 +210,43 @@ public function blocks($message, $bytes)

/* h *= r */
$d0 = (
self::mul($h0, $r0, 25) +
self::mul($s4, $h1, 26) +
self::mul($s3, $h2, 26) +
self::mul($s2, $h3, 26) +
self::mul($s1, $h4, 26)
self::mul($h0, $r0, 27) +
self::mul($s4, $h1, 27) +
self::mul($s3, $h2, 27) +
self::mul($s2, $h3, 27) +
self::mul($s1, $h4, 27)
);

$d1 = (
self::mul($h0, $r1, 25) +
self::mul($h1, $r0, 25) +
self::mul($s4, $h2, 26) +
self::mul($s3, $h3, 26) +
self::mul($s2, $h4, 26)
self::mul($h0, $r1, 27) +
self::mul($h1, $r0, 27) +
self::mul($s4, $h2, 27) +
self::mul($s3, $h3, 27) +
self::mul($s2, $h4, 27)
);

$d2 = (
self::mul($h0, $r2, 25) +
self::mul($h1, $r1, 25) +
self::mul($h2, $r0, 25) +
self::mul($s4, $h3, 26) +
self::mul($s3, $h4, 26)
self::mul($h0, $r2, 27) +
self::mul($h1, $r1, 27) +
self::mul($h2, $r0, 27) +
self::mul($s4, $h3, 27) +
self::mul($s3, $h4, 27)
);

$d3 = (
self::mul($h0, $r3, 25) +
self::mul($h1, $r2, 25) +
self::mul($h2, $r1, 25) +
self::mul($h3, $r0, 25) +
self::mul($s4, $h4, 26)
self::mul($h0, $r3, 27) +
self::mul($h1, $r2, 27) +
self::mul($h2, $r1, 27) +
self::mul($h3, $r0, 27) +
self::mul($s4, $h4, 27)
);

$d4 = (
self::mul($h0, $r4, 25) +
self::mul($h1, $r3, 25) +
self::mul($h2, $r2, 25) +
self::mul($h3, $r1, 25) +
self::mul($h4, $r0, 25)
self::mul($h0, $r4, 27) +
self::mul($h1, $r3, 27) +
self::mul($h2, $r2, 27) +
self::mul($h3, $r1, 27) +
self::mul($h4, $r0, 27)
);

/* (partial) h %= p */
Expand Down
50 changes: 25 additions & 25 deletions src/Core32/Poly1305/State.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,39 +255,39 @@ public function blocks($message, $bytes)

/* h *= r */
$d0 = $zero
->addInt64($h0->mulInt64($r0, 25))
->addInt64($s4->mulInt64($h1, 26))
->addInt64($s3->mulInt64($h2, 26))
->addInt64($s2->mulInt64($h3, 26))
->addInt64($s1->mulInt64($h4, 26));
->addInt64($h0->mulInt64($r0, 27))
->addInt64($s4->mulInt64($h1, 27))
->addInt64($s3->mulInt64($h2, 27))
->addInt64($s2->mulInt64($h3, 27))
->addInt64($s1->mulInt64($h4, 27));

$d1 = $zero
->addInt64($h0->mulInt64($r1, 25))
->addInt64($h1->mulInt64($r0, 25))
->addInt64($s4->mulInt64($h2, 26))
->addInt64($s3->mulInt64($h3, 26))
->addInt64($s2->mulInt64($h4, 26));
->addInt64($h0->mulInt64($r1, 27))
->addInt64($h1->mulInt64($r0, 27))
->addInt64($s4->mulInt64($h2, 27))
->addInt64($s3->mulInt64($h3, 27))
->addInt64($s2->mulInt64($h4, 27));

$d2 = $zero
->addInt64($h0->mulInt64($r2, 25))
->addInt64($h1->mulInt64($r1, 25))
->addInt64($h2->mulInt64($r0, 25))
->addInt64($s4->mulInt64($h3, 26))
->addInt64($s3->mulInt64($h4, 26));
->addInt64($h0->mulInt64($r2, 27))
->addInt64($h1->mulInt64($r1, 27))
->addInt64($h2->mulInt64($r0, 27))
->addInt64($s4->mulInt64($h3, 27))
->addInt64($s3->mulInt64($h4, 27));

$d3 = $zero
->addInt64($h0->mulInt64($r3, 25))
->addInt64($h1->mulInt64($r2, 25))
->addInt64($h2->mulInt64($r1, 25))
->addInt64($h3->mulInt64($r0, 25))
->addInt64($s4->mulInt64($h4, 26));
->addInt64($h0->mulInt64($r3, 27))
->addInt64($h1->mulInt64($r2, 27))
->addInt64($h2->mulInt64($r1, 27))
->addInt64($h3->mulInt64($r0, 27))
->addInt64($s4->mulInt64($h4, 27));

$d4 = $zero
->addInt64($h0->mulInt64($r4, 25))
->addInt64($h1->mulInt64($r3, 25))
->addInt64($h2->mulInt64($r2, 25))
->addInt64($h3->mulInt64($r1, 25))
->addInt64($h4->mulInt64($r0, 25));
->addInt64($h0->mulInt64($r4, 27))
->addInt64($h1->mulInt64($r3, 27))
->addInt64($h2->mulInt64($r2, 27))
->addInt64($h3->mulInt64($r1, 27))
->addInt64($h4->mulInt64($r0, 27));

/* (partial) h %= p */
$c = $d0->shiftRight(26);
Expand Down
97 changes: 83 additions & 14 deletions tests/unit/WycheproofTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,6 @@ class WycheproofTest extends PHPUnit_Framework_TestCase
*/
public function before()
{
if (!defined('DO_PEDANTIC_TEST')) {
$this->markTestSkipped('Skipping Wycheproof Tests. Use DO_PEDANTIC_TEST to enable.');
}
ParagonIE_Sodium_Compat::$disableFallbackForUnitTests = true;
$this->dir = dirname(__FILE__) . '/wycheproof/';
}
Expand All @@ -21,10 +18,21 @@ public function before()
*/
public function testChaCha20Poly1305()
{
if (!defined('DO_PEDANTIC_TEST')) {
$this->markTestSkipped('Skipping Wycheproof Tests. Use DO_PEDANTIC_TEST to enable.');
if (empty($this->dir)) {
$this->before();
}
$this->mainTestingLoop('chacha20_poly1305_test.json', 'doChaCha20Poly1305Test', false);
}

/**
* @throws Exception
*/
public function testXChaCha20Poly1305()
{
if (empty($this->dir)) {
$this->before();
}
$this->mainTestingLoop('chacha20_poly1305_test.json', 'doChaCha20Poly1305Test');
$this->mainTestingLoop('xchacha20_poly1305_test.json', 'doXChaCha20Poly1305Test', false);
}

/**
Expand All @@ -35,7 +43,10 @@ public function testX25519()
if (!defined('DO_PEDANTIC_TEST')) {
$this->markTestSkipped('Skipping Wycheproof Tests. Use DO_PEDANTIC_TEST to enable.');
}
$this->mainTestingLoop('x25519_test.json', 'doX25519Test');
if (empty($this->dir)) {
$this->before();
}
$this->mainTestingLoop('x25519_test.json', 'doX25519Test', false);
}

/**
Expand All @@ -44,21 +55,43 @@ public function testX25519()
*
* @throws Exception
*/
public function mainTestingLoop($filename, $method)
public function mainTestingLoop($filename, $method, $progress = false)
{
$total = 0;
$document = $this->getJson($this->dir . $filename);
if ($progress) {
$groupCount = count($document['testGroups']);
$groupId = 1;
}
foreach ($document['testGroups'] as $testGroup) {
if ($progress) {
$testCount = count($testGroup['tests']);
$testId = 1;
}
foreach ($testGroup['tests'] as $test) {
++$total;
if ($progress) {
echo "[Group {$groupId} : Test {$testId}]", PHP_EOL;
}
$message = "{$document['algorithm']} :: #{$test['tcId']} - {$test['comment']}";
try {
$result = call_user_func_array(array($this, $method), array($test));
$expected = ($test['result'] === 'valid');
if ($result !== $expected) {
call_user_func_array(array($this, $method), array($test, true));
}
$this->assertSame($result, $expected, $message);
} catch (Exception $ex) {
if ($test['result'] === 'valid') {
$this->fail("{$message} (" . $ex->getMessage() . ")");
}
}
if ($progress) {
++$groupId;
}
}
if ($progress) {
++$groupId;
}
}
}
Expand All @@ -67,7 +100,7 @@ public function mainTestingLoop($filename, $method)
* @param array $test
* @return bool
*/
public function doChaCha20Poly1305Test(array $test)
public function doChaCha20Poly1305Test(array $test, $verbose = false)
{
$key = ParagonIE_Sodium_Compat::hex2bin($test['key']);
$iv = ParagonIE_Sodium_Compat::hex2bin($test['iv']);
Expand All @@ -82,22 +115,58 @@ public function doChaCha20Poly1305Test(array $test)
$iv,
$key
);
if ($verbose && !ParagonIE_Sodium_Core_Util::hashEquals($ct . $tag, $encrypted)) {
echo 'Difference in Wycheproof test vectors:', PHP_EOL;
echo '- ', ParagonIE_Sodium_Core_Util::bin2hex($ct . $tag), PHP_EOL;
echo '+ ', ParagonIE_Sodium_Core_Util::bin2hex($encrypted), PHP_EOL;
}
return ParagonIE_Sodium_Core_Util::hashEquals($ct . $tag, $encrypted);
}

/**
* @param array $test
* @return bool
*/
public function doXChaCha20Poly1305Test(array $test, $verbose = false)
{
$key = ParagonIE_Sodium_Compat::hex2bin($test['key']);
$iv = ParagonIE_Sodium_Compat::hex2bin($test['iv']);
$aad = ParagonIE_Sodium_Compat::hex2bin($test['aad']);
$msg = ParagonIE_Sodium_Compat::hex2bin($test['msg']);
$ct = ParagonIE_Sodium_Compat::hex2bin($test['ct']);
$tag = ParagonIE_Sodium_Compat::hex2bin($test['tag']);

$encrypted = ParagonIE_Sodium_Compat::crypto_aead_xchacha20poly1305_ietf_encrypt(
$msg,
$aad,
$iv,
$key
);
if ($verbose && !ParagonIE_Sodium_Core_Util::hashEquals($ct . $tag, $encrypted)) {
echo 'Difference in Wycheproof test vectors:', PHP_EOL;
echo '- ', ParagonIE_Sodium_Core_Util::bin2hex($ct . $tag), PHP_EOL;
echo '+ ', ParagonIE_Sodium_Core_Util::bin2hex($encrypted), PHP_EOL;
}
return ParagonIE_Sodium_Core_Util::hashEquals($ct . $tag, $encrypted);
}

/**
* @param array $test
* @return bool
*/
public function doX25519Test(array $test)
public function doX25519Test(array $test, $verbose = false)
{
$private = ParagonIE_Sodium_Compat::hex2bin($test['private']);
$public = ParagonIE_Sodium_Compat::hex2bin($test['public']);
$shared = ParagonIE_Sodium_Compat::hex2bin($test['shared']);

return ParagonIE_Sodium_Core_Util::hashEquals(
$shared,
ParagonIE_Sodium_Compat::crypto_scalarmult($private, $public)
);
$scalarmult = ParagonIE_Sodium_Compat::crypto_scalarmult($private, $public);
if ($verbose &&!ParagonIE_Sodium_Core_Util::hashEquals($shared, $scalarmult)) {
echo 'Difference in Wycheproof test vectors:', PHP_EOL;
echo '- ', ParagonIE_Sodium_Core_Util::bin2hex($shared), PHP_EOL;
echo '+ ', ParagonIE_Sodium_Core_Util::bin2hex($scalarmult), PHP_EOL;
}
return ParagonIE_Sodium_Core_Util::hashEquals($shared, $scalarmult);
}

/**
Expand Down
Loading

0 comments on commit 580810e

Please sign in to comment.