bool_t beltBench()
{
const size_t reps = 5000;
octet belt_state[512];
octet combo_state[256];
octet buf[1024];
octet theta[32];
octet iv[16];
octet hash[32];
size_t i;
tm_ticks_t ticks;
// псевдослучайная генерация объектов
ASSERT(prngCOMBO_keep() <= sizeof(combo_state));
prngCOMBOStart(combo_state, utilNonce32());
prngCOMBOStepR(buf, sizeof(buf), combo_state);
prngCOMBOStepR(theta, sizeof(theta), combo_state);
prngCOMBOStepR(iv, sizeof(iv), combo_state);
// cкорость belt-ecb
ASSERT(beltECB_keep() <= sizeof(belt_state));
beltECBStart(belt_state, theta, 32);
for (i = 0, ticks = tmTicks(); i < reps; ++i)
beltECBStepE(buf, 1024, belt_state),
beltECBStepD(buf, 1024, belt_state);
ticks = tmTicks() - ticks;
printf("beltBench::belt-ecb: %3u cycles / byte [%5u kBytes / sec]\n",
(unsigned)(ticks / 2048 / reps),
(unsigned)tmSpeed(2 * reps, ticks));
// cкорость belt-cbc
ASSERT(beltCFB_keep() <= sizeof(belt_state));
beltCBCStart(belt_state, theta, 32, iv);
for (i = 0, ticks = tmTicks(); i < reps; ++i)
beltCBCStepE(buf, 1024, belt_state),
beltCBCStepD(buf, 1024, belt_state);
ticks = tmTicks() - ticks;
printf("beltBench::belt-cbc: %3u cycles / byte [%5u kBytes / sec]\n",
(unsigned)(ticks / 2048 / reps),
(unsigned)tmSpeed(2 * reps, ticks));
// cкорость belt-cfb
ASSERT(beltCFB_keep() <= sizeof(belt_state));
beltCFBStart(belt_state, theta, 32, iv);
for (i = 0, ticks = tmTicks(); i < reps; ++i)
beltCFBStepE(buf, 1024, belt_state),
beltCFBStepD(buf, 1024, belt_state);
ticks = tmTicks() - ticks;
printf("beltBench::belt-cfb: %3u cycles / byte [%5u kBytes / sec]\n",
(unsigned)(ticks / 2048 / reps),
(unsigned)tmSpeed(2 * reps, ticks));
// cкорость belt-ctr
ASSERT(beltCTR_keep() <= sizeof(belt_state));
beltCTRStart(belt_state, theta, 32, iv);
for (i = 0, ticks = tmTicks(); i < reps; ++i)
beltCTRStepE(buf, 1024, belt_state),
beltCTRStepD(buf, 1024, belt_state);
ticks = tmTicks() - ticks;
printf("beltBench::belt-ctr: %3u cycles / byte [%5u kBytes / sec]\n",
(unsigned)(ticks / 2048 / reps),
(unsigned)tmSpeed(2 * reps, ticks));
// cкорость belt-mac
ASSERT(beltMAC_keep() <= sizeof(belt_state));
beltMACStart(belt_state, theta, 32);
for (i = 0, ticks = tmTicks(); i < reps; ++i)
beltMACStepA(buf, 1024, belt_state);
beltMACStepG(hash, belt_state);
ticks = tmTicks() - ticks;
printf("beltBench::belt-mac: %3u cycles / byte [%5u kBytes / sec]\n",
(unsigned)(ticks / 1024 / reps),
(unsigned)tmSpeed(reps, ticks));
// cкорость belt-dwp
ASSERT(beltDWP_keep() <= sizeof(belt_state));
beltDWPStart(belt_state, theta, 32, iv);
for (i = 0, ticks = tmTicks(); i < reps; ++i)
beltDWPStepE(buf, 1024, belt_state),
beltDWPStepA(buf, 1024, belt_state);
beltDWPStepG(hash, belt_state);
ticks = tmTicks() - ticks;
printf("beltBench::belt-dwp: %3u cycles / byte [%5u kBytes / sec]\n",
(unsigned)(ticks / 1024 / reps),
(unsigned)tmSpeed(reps, ticks));
// cкорость belt-hash
ASSERT(beltHash_keep() <= sizeof(belt_state));
beltHashStart(belt_state);
for (i = 0, ticks = tmTicks(); i < reps; ++i)
beltHashStepH(buf, 1024, belt_state);
beltHashStepG(hash, belt_state);
ticks = tmTicks() - ticks;
printf("beltBench::belt-hash: %3u cycles / byte [%5u kBytes / sec]\n",
(unsigned)(ticks / 1024 / reps),
(unsigned)tmSpeed(reps, ticks));
// все нормально
return TRUE;
}
bool_t pfokTest()
{
pfok_params params[1];
octet combo_state[128];
octet ua[O_OF_B(130)];
octet xa[O_OF_B(130)];
octet vb[O_OF_B(638)];
octet yb[O_OF_B(638)];
octet key[32];
// тест PFOK.GENG.1
if (pfokStdParams(params, 0, "test") != ERR_OK ||
pfokValParams(params) != ERR_OK ||
(params->g[0] += 2) == 0 ||
pfokValParams(params) == ERR_OK)
return FALSE;
// тест PFOK.GENG.2
if (pfokStdParams(params, 0, "1.2.112.0.2.0.1176.2.3.3.2") != ERR_OK ||
pfokValParams(params) != ERR_OK ||
(params->g[0] += 3) == 0 ||
pfokValParams(params) == ERR_OK)
return FALSE;
// тест PFOK.GENG.3
if (pfokStdParams(params, 0, "1.2.112.0.2.0.1176.2.3.6.2") != ERR_OK ||
pfokValParams(params) != ERR_OK ||
(params->g[0] += 1) == 0 ||
pfokValParams(params) == ERR_OK)
return FALSE;
// тест PFOK.GENG.4
if (pfokStdParams(params, 0, "1.2.112.0.2.0.1176.2.3.10.2") != ERR_OK ||
pfokValParams(params) != ERR_OK ||
(params->g[0] += 1) == 0 ||
pfokValParams(params) == ERR_OK)
return FALSE;
// загрузить параметры "test"
if (pfokStdParams(params, 0, "test") != ERR_OK)
return FALSE;
// сгенерировать ключи
ASSERT(prngCOMBO_keep() <= sizeof(combo_state));
prngCOMBOStart(combo_state, utilNonce32());
if (pfokGenKeypair(ua, vb, params, prngCOMBOStepG, combo_state) != ERR_OK ||
pfokValPubkey(params, vb) != ERR_OK ||
pfokCalcPubkey(yb, params, ua) != ERR_OK ||
!memEq(vb, yb, O_OF_B(params->l)))
return FALSE;
// тест PFOK.ANON.1
hexToRev(ua,
"01"
"1D4665B357DB361D106E32E353CD534B");
hexToRev(vb,
"0739539C2AE25B53A05C8D16A14351D8"
"EA86A1DD1893E08EE4A266F970E0243F"
"8DF27F738F64E99E262E337792E5DD84"
"7CF2A83362C6EC3C024E47313AA49A1E"
"0A2E637AD35E31EB5F034D889B666701");
if (pfokValPubkey(params, vb) != ERR_OK ||
pfokDH(key, params, ua, vb) != ERR_OK ||
!hexEqRev(key,
"777BB35E950D3080C1E896BE4172DBD0"
"61423D3BFEF78F15E3F7A7F2FF7A242B"))
return FALSE;
// тест PFOK.ANON.2
hexToRev(ua,
"00"
"0530110167E1443819A8662A0FAB7AC0");
hexToRev(vb,
"1590312CBACB7B21FC0B173DC100AC5D"
"8692E04813CA2F87A5763E3F4940B10C"
"DF3F2B3ECDF28BE4BEA9363B07A8A8A3"
"BFDDE074DCF36D669A56931D083FC3BE"
"46D02CC8EF719EF66AE47F57BEAE8E02");
if (pfokValPubkey(params, vb) != ERR_OK ||
pfokDH(key, params, ua, vb) != ERR_OK ||
!hexEqRev(key,
"46FA834B28D5E5D4183E28646AFFE806"
"803E4C865CB99B1C423B0F1C78DE758D"))
return FALSE;
// тест PFOK.AUTH.1
hexToRev(xa,
"00"
"78E7101B4A8F421D2AF5740D6ED27680");
hexToRev(yb,
"193E5E1E0839091BC7ABBDD09E8D2298"
"8812D37EDEB39E077130A244888BE1A7"
"53337AB5743C898D1CFC947430813448"
"16AF5189A4E84D5B6EA310F72534D2E5"
"E531B579CEA862EAB0251A3C20F0EC1D");
hexToRev(ua,
"01"
"27E33C0D7595566570936FEF0AA53A24");
hexToRev(vb,
"0947264BEFA107E99616F347B6A05C62"
"D7F5F26804D848FC4A7D81915F4546DD"
"22949C07131D84F8B5A73A60ED61BC6E"
"158E9B83F38C1EE6AD97F2BF771AA4FF"
"B10A38298498D943995697FD0F65284C");
if (pfokValPubkey(params, yb) != ERR_OK ||
pfokValPubkey(params, vb) != ERR_OK ||
pfokMTI(key, params, xa, ua, yb, vb) != ERR_OK ||
!hexEqRev(key,
"EA92D5BCEC18BB44514E096748DB3E21"
"D6E7B9C97D604699BEA7D3B96C87E18B"))
return FALSE;
// тест PFOK.AUTH.2
hexToRev(xa,
"00"
"05773C812D6F2A002D4E3EAC643C2CF3");
hexToRev(yb,
"221CBFEB62F4AA3204D349B3D57E45E4"
"C9BA601483CF9DDE4DD1AE1CC2694149"
"F08765C5CCAEBD44B7B7D0F1783F9FDD"
"2929523E1CEF2A46FBD419C5E5E2E712"
"4099B405E0B90A5FB15A56F439DA47D1");
hexToRev(ua,
"01"
"3BB0377B3C0E55577A0D4A43627C6EC2");
hexToRev(vb,
"2740ECD0631257DD8124DC38CFAC3DEF"
"7162503B7F7C8DEC6478408B225D4C05"
"56E566AF50661CE2F46662FC66DC429A"
"CCF65D95E4F90BDCD08A11957C898EE2"
"C2B77231929ACE9649B2C184CC9D8104");
if (pfokValPubkey(params, yb) != ERR_OK ||
pfokValPubkey(params, vb) != ERR_OK ||
pfokMTI(key, params, xa, ua, yb, vb) != ERR_OK ||
!hexEqRev(key,
"5A4C323604206C8898BF6C234F75A537"
"DF75E9A249D87F1E55CBD7B40C4FDAFA"))
return FALSE;
// все нормально
return TRUE;
}
bool_t belsTest()
{
size_t len, num;
octet m0[32];
octet mi[32 * 5];
octet s[32];
octet si[32 * 5];
char id[] = "Alice";
octet echo_state[64];
octet combo_state[512];
// проверить состояния
ASSERT(sizeof(echo_state) >= prngEcho_keep());
ASSERT(sizeof(combo_state) >= prngCOMBO_keep());
// проверить таблицы A.1 -- A.4
for (len = 16; len <= 32; len += 8)
for (num = 0; num <= 16; ++num)
{
if (belsStdM(mi, len, num) != ERR_OK)
return FALSE;
if (belsValM(mi, len) != ERR_OK)
return FALSE;
}
// сгенерировать общие ключи
prngCOMBOStart(combo_state, utilNonce32());
if (belsGenM0(m0, 16, prngCOMBOStepG, combo_state) != ERR_OK ||
belsValM(m0, 16) != ERR_OK)
return FALSE;
if (belsGenM0(m0, 24, prngCOMBOStepG, combo_state) != ERR_OK ||
belsValM(m0, 24) != ERR_OK)
return FALSE;
if (belsGenM0(m0, 32, prngCOMBOStepG, combo_state) != ERR_OK ||
belsValM(m0, 32) != ERR_OK)
return FALSE;
// тест Б.1
belsStdM(m0, 16, 0);
if (belsGenMid(mi, 16, m0, (const octet*)id, strLen(id)) != ERR_OK ||
belsValM(mi, 16) != ERR_OK ||
!hexEq(mi,
"F9D6F31B5DB0BB61F00E17EEF2E6007F"))
return FALSE;
belsStdM(m0, 24, 0);
if (belsGenMid(mi, 24, m0, (const octet*)id, strLen(id)) != ERR_OK ||
belsValM(mi, 24) != ERR_OK ||
!hexEq(mi,
"09EA79297F94A3E43A3885FC0D1BB8FD"
"D0DF86FD313CEF46"))
return FALSE;
belsStdM(m0, 32, 0);
if (belsGenMid(mi, 32, m0, (const octet*)id, strLen(id)) != ERR_OK ||
belsValM(mi, 32) != ERR_OK ||
!hexEq(mi,
"D53CC51BE1F976F1032A00D9CD0E190E"
"62C37FFD233E8A9DF14C85F85C51A045"))
return FALSE;
// проверка belsGenMi
for (len = 16; len <= 32; len += 8)
{
belsStdM(m0, len, 0);
if (belsGenMi(mi, len, m0, prngCOMBOStepG, combo_state) != ERR_OK ||
belsValM(mi, len) != ERR_OK)
return FALSE;
}
// проверка belsShare
for (len = 16; len <= 32; len += 8)
{
// загрузить открытые ключи
belsStdM(m0, len, 0);
belsStdM(mi + 0 * len, len, 1);
belsStdM(mi + 1 * len, len, 2);
belsStdM(mi + 2 * len, len, 3);
belsStdM(mi + 3 * len, len, 4);
belsStdM(mi + 4 * len, len, 5);
// инициализировать эхо-генератор
prngEchoStart(echo_state, beltH() + 128, 128);
// разделить секрет (тесты Б.2 -- Б.4)
if (belsShare(si, 5, 3, len, beltH(), m0, mi, prngEchoStepG,
echo_state) != ERR_OK)
return FALSE;
if (len == 16 && !hexEq(si,
"E27D0CFD31C557BC37C3897DCFF2C7FC"
"50BB9EECBAEF52DDB811BCDE1495441D"
"A92473F6796683534AD115812A3F9950"
"9A8331FD945D58E6D8723E4744FB1DA9"
"51913D18C8625C5AB0812133FB643D66"))
return FALSE;
if (len == 24 && !hexEq(si,
"8D0EBB0C67A315C214B34A5D68E9712A"
"12F7B43287E3138A"
"2506EB8283D8555318479D278A752B04"
"E9B5E6CC43543403"
"E5B885E65E69ADD330D08268EC3D0A44"
"B04B8E142CDDDD5C"
"E85B368A66489AFE0E73D3D0EEB6A210"
"CF0629C275AB1E94"
"ED6CD8B56C37C03EE4FF04AE2A975AAA"
"748AA0E97AA0DE20"))
return FALSE;
if (len == 32 && !hexEq(si,
"27EC2268C7A06E7CC54F66FC3D357298"
"4D4D4EF69916EB8D1EAFDFA420217ADC"
"20E06235E355CC433E2AF2F4100C636F"
"3BFAB861A4390614E42BC17577BCBE42"
"1E14B1E795CED216AAC5BB526EFC786C"
"5BCE1F1865D3886ED4DD7D9EFEF77F39"
"62EFAD2544718293262E2CB74A396B50"
"B6D8843DF5E2F0EEFFFE6CD18722765E"
"71ADE959FC88CCBB1C521FA9A1168C184"
"619832AB66265E08A65DD48EE406418"))
return FALSE;
// восстановить секрет
if (belsRecover(s, 1, len, si, m0, mi) != ERR_OK ||
memEq(s, beltH(), len))
return FALSE;
if (belsRecover(s, 2, len, si, m0, mi) != ERR_OK ||
memEq(s, beltH(), len))
return FALSE;
if (belsRecover(s, 3, len, si, m0, mi) != ERR_OK ||
!memEq(s, beltH(), len))
return FALSE;
if (belsRecover(s, 4, len, si, m0, mi) != ERR_OK ||
!memEq(s, beltH(), len))
return FALSE;
if (belsRecover(s, 5, len, si, m0, mi) != ERR_OK ||
!memEq(s, beltH(), len))
return FALSE;
// восстановить секрет (тесты Б.5 -- Б.7, строка 1)
if (belsRecover(s, 2, len, si, m0, mi) != ERR_OK ||
len == 16 && !hexEq(s,
"6380669CA508058FA9AADF986C77C175") ||
len == 24 && !hexEq(s,
"1E9811BD520C56E12B5B0E517756FA1A"
"EE3CACC13B6313E9") ||
len == 32 && !hexEq(s,
"C39C8FA8590A7855914AED9B05940D9E"
"8A119B130D939B8799889C938D1E078D"))
return FALSE;
// восстановить секрет (тесты Б.5 -- Б.7, строка 5)
if (belsRecover(s, 2, len, si + len, m0, mi + len) != ERR_OK ||
len == 16 && !hexEq(s,
"E8BA837676967C5C939DBF5172C9AB4F") ||
len == 24 && !hexEq(s,
"AF8AB8304FEBD5CF89D643A850C77165"
"7310CA0E8EDF9C60") ||
len == 32 && !hexEq(s,
"31C06C2BF7AF38C2A6870A7F1B7BA9CC"
"1A741DD96374A4D17A1F701666C9A777"))
return FALSE;
// восстановить секрет (тесты Б.5 -- Б.7, строка 8)
if (belsRecover(s, 2, len, si + 2 * len, m0, mi + 2 * len) != ERR_OK ||
len == 16 && !hexEq(s,
"81C498D55DC506E858DE632A079C2C31") ||
len == 24 && !hexEq(s,
"21B6A467511CD2CE6AE671E1D0992538"
"BFB4EAE927F70991") ||
len == 32 && !hexEq(s,
"3ACC00A6DF80BC314A708A19D467F954"
"40B214356D4666B4075E384B87BEB86C"))
return FALSE;
// восстановить секрет (тесты Б.5 -- Б.7, строка 10)
if (belsRecover(s, 2, len, si + 3 * len, m0, mi + 3 * len) != ERR_OK ||
len == 16 && !hexEq(s,
"40F629F9A4487DBCBF53192EA4A49EAA") ||
len == 24 && !hexEq(s,
"1C0E2B99D81134E0EB9AD40279D09786"
"CA3CDA79B2E5D385") ||
len == 32 && !hexEq(s,
"3F5F33C778D77A4FADC0BB51BE9F0153"
"2627D1E83D023DA72255CC826B05213B"))
return FALSE;
// изменить порядок открытых ключей / частичных секретов: 13245
memSwap(mi + len, mi + 2 * len, len);
memSwap(si + len, si + 2 * len, len);
// восстановить секрет (тесты Б.5 -- Б.7, строка 2)
if (belsRecover(s, 2, len, si, m0, mi) != ERR_OK ||
len == 16 && !hexEq(s,
"ABD72A835739A358DD954BEF7A923AEC") ||
len == 24 && !hexEq(s,
"A2E3B51AFBD7AFD552048DD6444416E0"
"7F2D9FA92D726920") ||
len == 32 && !hexEq(s,
"70EDE256F46BDC35EEE39361921EE8A3"
"94E8E67F3F56ABFBA65329D146DA185B"))
return FALSE;
// восстановить секрет (тесты Б.5 -- Б.7, строка 6)
if (belsRecover(s, 2, len, si + 2 * len, m0, mi + 2 * len) != ERR_OK ||
len == 16 && !hexEq(s,
"6CB93B8CF600A746F8520860901E36FA") ||
len == 24 && !hexEq(s,
"6D542544073C04C1C417ABDC292755A2"
"861B4EB590B65841") ||
len == 32 && !hexEq(s,
"44FC1DE684980BE2660BB7BCE50728A1"
"25A81D3B71B8D4ACD74E03190ADA473B"))
return FALSE;
// изменить порядок открытых ключей / частичных секретов: 53241
memSwap(mi, mi + 4 * len, len);
memSwap(si, si + 4 * len, len);
// восстановить секрет (тесты Б.5 -- Б.7, строка 9)
if (belsRecover(s, 2, len, si, m0, mi) != ERR_OK ||
len == 16 && !hexEq(s,
"E685CC725DDE29E60927563912CBBEA4") ||
len == 24 && !hexEq(s,
"F2E193958DB1D3391D54C410244C151D"
"BC267D6F5182DEC4") ||
len == 32 && !hexEq(s,
"B3C2EDAD484A5A864575721D10B9D0C0"
"9AE32C972C74857BA423D04502EE0066"))
return FALSE;
// восстановить секрет (тесты Б.5 -- Б.7, строка 3)
if (belsRecover(s, 2, len, si + 3 * len, m0, mi + 3 * len) != ERR_OK ||
len == 16 && !hexEq(s,
"225E2DF0E4AE6532D5A741981410A83C") ||
len == 24 && !hexEq(s,
"2B65B8D1BEF2EA079F6C45DF5877EAA1"
"8F1188539B0AEF32") ||
len == 32 && !hexEq(s,
"7C2D5033F0F10CC69065B13BB53BE7D1"
"9D61CF864CF1578E8325F10564F995A3"))
return FALSE;
// изменить порядок открытых ключей / частичных секретов: 43251
memSwap(mi, mi + 3 * len, len);
memSwap(si, si + 3 * len, len);
// восстановить секрет (тесты Б.5 -- Б.7, строка 7)
if (belsRecover(s, 2, len, si + 2 * len, m0, mi + 2 * len) != ERR_OK ||
len == 16 && !hexEq(s,
"E4FCC7E24E448324367F400326954776") ||
len == 24 && !hexEq(s,
"EF5CE43C8AE6F4E441CE1C2D16ACC662"
"D6CC1D8BAF937320") ||
len == 32 && !hexEq(s,
"264FD3BE9298495758B2446363616A38"
"75D15EB96F95A122332597A87B2CCCBC"))
return FALSE;
// восстановить секрет (тесты Б.5 -- Б.7, строка 4)
if (belsRecover(s, 2, len, si + 3 * len, m0, mi + 3 * len) != ERR_OK ||
len == 16 && !hexEq(s,
"E0C4268AC9C5FE35C15334E4D01417BE") ||
len == 24 && !hexEq(s,
"7E880E3E89CE5FD4E8452256BD66E42D"
"18D88C0CF85FDC26") ||
len == 32 && !hexEq(s,
"00DD41CD32684FE7564F67FC51B0AD87"
"003EEBDF90E803BA37CBA4FF8D9A724F"))
return FALSE;
}
// все нормально
return TRUE;
}