def test_bytearray(self):
data = b"\x00\x01\x02"
h0 = Poly1305.new(key=self.key, data=data, cipher=AES)
d_ref = h0.digest()
# Data and key can be a bytearray (during initialization)
key_ba = bytearray(self.key)
data_ba = bytearray(data)
h1 = Poly1305.new(key=self.key, data=data, cipher=AES, nonce=h0.nonce)
h2 = Poly1305.new(key=key_ba, data=data_ba, cipher=AES, nonce=h0.nonce)
key_ba[:1] = b'\xFF'
data_ba[:1] = b'\xEE'
self.assertEqual(h1.digest(), d_ref)
self.assertEqual(h2.digest(), d_ref)
# Data can be a bytearray (during operation)
data_ba = bytearray(data)
h1 = Poly1305.new(key=self.key, cipher=AES)
h2 = Poly1305.new(key=self.key, cipher=AES, nonce=h1.nonce)
h1.update(data)
h2.update(data_ba)
data_ba[:1] = b'\xFF'
self.assertEqual(h1.digest(), h2.digest())
def test_new_positive(self):
data = b'r' * 100
h1 = Poly1305.new(key=self.key, cipher=ChaCha20)
self.assertEqual(h1.digest_size, 16)
self.assertEqual(len(h1.nonce), 12)
h2 = Poly1305.new(key=self.key, cipher=ChaCha20, nonce = b'8' * 8)
self.assertEqual(len(h2.nonce), 8)
self.assertEqual(h2.nonce, b'8' * 8)
def test_update(self):
pieces = [b"\x0A" * 200, b"\x14" * 300]
h1 = Poly1305.new(key=self.key, cipher=AES)
h1.update(pieces[0]).update(pieces[1])
d1 = h1.digest()
h2 = Poly1305.new(key=self.key, cipher=AES, nonce=h1.nonce)
h2.update(pieces[0] + pieces[1])
d2 = h2.digest()
self.assertEqual(d1, d2)
def test_new_positive(self):
data = b'r' * 100
h1 = Poly1305.new(key=self.key, cipher=AES)
self.assertEqual(h1.digest_size, 16)
self.assertEqual(len(h1.nonce), 16)
d1 = h1.update(data).digest()
self.assertEqual(len(d1), 16)
h2 = Poly1305.new(key=self.key, nonce=h1.nonce, data=data, cipher=AES)
d2 = h2.digest()
self.assertEqual(h1.nonce, h2.nonce)
self.assertEqual(d1, d2)
def test_update_after_digest(self):
msg=b"rrrrttt"
# Normally, update() cannot be done after digest()
h = Poly1305.new(key=self.key, data=msg[:4], cipher=AES)
h.digest()
self.assertRaises(TypeError, h.update, msg[4:])
def generate_poly1305(key, nonce_or_iv):
mac = Poly1305.new(key=key, cipher=AES)
def do_computation(msg: bytes):
mac.update(msg)
# mac.nonce.hex()
# mac.hexdigest()
return do_computation
def test_digest(self):
h = Poly1305.new(key=self.key, cipher=AES)
digest = h.digest()
# hexdigest does not change the state
self.assertEqual(h.digest(), digest)
# digest returns a byte string
self.failUnless(isinstance(digest, type(b"digest")))
def test_hex_digest(self):
mac = Poly1305.new(key=self.key, cipher=AES)
digest = mac.digest()
hexdigest = mac.hexdigest()
# hexdigest is equivalent to digest
self.assertEqual(hexlify(digest), tobytes(hexdigest))
# hexdigest does not change the state
self.assertEqual(mac.hexdigest(), hexdigest)
# hexdigest returns a string
self.failUnless(isinstance(hexdigest, type("digest")))
def test_memoryview(self):
data = b"\x00\x01\x02"
def get_mv_ro(data):
return memoryview(data)
def get_mv_rw(data):
return memoryview(bytearray(data))
for get_mv in (get_mv_ro, get_mv_rw):
# Data and key can be a memoryview (during initialization)
key_mv = get_mv(self.key)
data_mv = get_mv(data)
h1 = Poly1305.new(key=self.key, data=data, cipher=AES)
h2 = Poly1305.new(key=key_mv,
data=data_mv,
cipher=AES,
nonce=h1.nonce)
if not data_mv.readonly:
data_mv[:1] = b'\xFF'
key_mv[:1] = b'\xFF'
self.assertEqual(h1.digest(), h2.digest())
# Data can be a memoryview (during operation)
data_mv = get_mv(data)
h1 = Poly1305.new(key=self.key, cipher=AES)
h2 = Poly1305.new(key=self.key, cipher=AES, nonce=h1.nonce)
h1.update(data)
h2.update(data_mv)
if not data_mv.readonly:
data_mv[:1] = b'\xFF'
self.assertEqual(h1.digest(), h2.digest())
def runTest(self):
tag = unhexlify(b"fb447350c4e868c52ac3275cf9d4327e")
msg = b''
for msg_len in range(5000 + 1):
key = tag + strxor_c(tag, 0xFF)
nonce = tag[::-1]
if msg_len > 0:
msg = msg + tobytes(tag[0])
auth = Poly1305.new(key=key, nonce=nonce, cipher=AES, data=msg)
tag = auth.digest()
# Compare against output of original DJB's poly1305aes-20050218
self.assertEqual("CDFA436DDD629C7DC20E1128530BAED2", auth.hexdigest().upper())
def test_memoryview(self):
data = b"\x00\x01\x02"
def get_mv_ro(data):
return memoryview(data)
def get_mv_rw(data):
return memoryview(bytearray(data))
for get_mv in (get_mv_ro, get_mv_rw):
# Data and key can be a memoryview (during initialization)
key_mv = get_mv(self.key)
data_mv = get_mv(data)
h1 = Poly1305.new(key=self.key, data=data, cipher=AES)
h2 = Poly1305.new(key=key_mv, data=data_mv, cipher=AES,
nonce=h1.nonce)
if not data_mv.readonly:
data_mv[:1] = b'\xFF'
key_mv[:1] = b'\xFF'
self.assertEqual(h1.digest(), h2.digest())
# Data can be a memoryview (during operation)
data_mv = get_mv(data)
h1 = Poly1305.new(key=self.key, cipher=AES)
h2 = Poly1305.new(key=self.key, cipher=AES, nonce=h1.nonce)
h1.update(data)
h2.update(data_mv)
if not data_mv.readonly:
data_mv[:1] = b'\xFF'
self.assertEqual(h1.digest(), h2.digest())
def __init__(self, key, nonce):
"""Initialize a ChaCha20-Poly1305 AEAD cipher object
See also `new()` at the module level."""
self.nonce = _copy_bytes(None, None, nonce)
self._next = (self.update, self.encrypt, self.decrypt, self.digest,
self.verify)
self._authenticator = Poly1305.new(key=key, nonce=nonce, cipher=ChaCha20)
self._cipher = ChaCha20.new(key=key, nonce=nonce)
self._cipher.seek(64) # Block counter starts at 1
self._len_aad = 0
self._len_ct = 0
self._mac_tag = None
self._status = _CipherStatus.PROCESSING_AUTH_DATA
def __init__(self, key, nonce):
"""Initialize a ChaCha20-Poly1305 AEAD cipher object
See also `new()` at the module level."""
self.nonce = _copy_bytes(None, None, nonce)
self._next = (self.update, self.encrypt, self.decrypt, self.digest,
self.verify)
self._authenticator = Poly1305.new(key=key, nonce=nonce, cipher=ChaCha20)
self._cipher = ChaCha20.new(key=key, nonce=nonce)
self._cipher.seek(64) # Block counter starts at 1
self._len_aad = 0
self._len_ct = 0
self._mac_tag = None
self._status = _CipherStatus.PROCESSING_AUTH_DATA
def test_verify(self):
h = Poly1305.new(key=self.key, cipher=AES)
mac = h.digest()
h.verify(mac)
wrong_mac = strxor_c(mac, 255)
self.assertRaises(ValueError, h.verify, wrong_mac)
def new(key, *data, **kwds):
_kwds = dict(kwds)
if len(data) == 1:
_kwds['data'] = data[0]
_kwds['key'] = key
return Poly1305.new(**_kwds)
def test_update_negative(self):
h = Poly1305.new(key=self.key, cipher=AES)
self.assertRaises(TypeError, h.update, u"string")
def test_hexverify(self):
h = Poly1305.new(key=self.key, cipher=AES)
mac = h.hexdigest()
h.hexverify(mac)
self.assertRaises(ValueError, h.hexverify, "4556")