Test SIV multi-AD function

3 files changed, 104 insertions, 2 deletions

diff --git a/src/lib/modes/aead/siv/siv.h b/src/lib/modes/aead/siv/siv.h
index 098aa1f38..4d9a30222 100644
--- a/src/lib/modes/aead/siv/siv.h
+++ b/src/lib/modes/aead/siv/siv.h
@@ -52,11 +52,11 @@ class BOTAN_PUBLIC_API(2,0) SIV_Mode : public AEAD_Mode
 
       size_t tag_size() const override { return 16; }
 
+      ~SIV_Mode();
+
    protected:
       explicit SIV_Mode(BlockCipher* cipher);
 
-      ~SIV_Mode();
-
       size_t block_size() const { return m_bs; }
 
       StreamCipher& ctr() { return *m_ctr; }
diff --git a/src/tests/data/siv_ad.vec b/src/tests/data/siv_ad.vec
new file mode 100644
index 000000000..63a2cfbdc
--- /dev/null
+++ b/src/tests/data/siv_ad.vec
@@ -0,0 +1,37 @@
+[AES-128]
+
+# From https://github.com/cryptomator/siv-mode
+
+Key = c1d0319d678f7f7eaa8315d2eec5a3dcfbb097abe01675910791f2412618dc21
+In =
+ADs = 61108c1d09d7eeaca42f33e011d977f93e39257afedb4e0c5ac7f265a33f141cdcd5b2f874a7a48f913a7db931accdb792cd85db069b3c156ca74e8f1da3a5a331e2dae5d5d9afa811decfb7d3000695359bad5712ccc431ed01fc29d998d006fcffe28b8530a0cbb43197,4bf3f928f65e5ce009f9e2511d200ce5ad6c18098697275218834ccb02a81e41f5cb5b9082f31e44a4568d3e1019e3df3d2278446cc5b3fc02ba9767001fb90d8fb7b9d8cf0b963f08e7bceb7f05e7c5b38d587567697ba72a25
+Out = ff4a7764e15d1e7dc8e4de9067f02064
+
+Key = 3634798b4dbc029f6245ed4e44d4203fabb97afe2c1d0bba6a58012d82a01900
+In =
+ADs = 70f550b8d0263863e72c5c41b465c086a48340da28b58ee3952941cb6a58fdc88e040000344a1d836fec8e3d6e5ae81260e7fcf7258f7e6499068a6c903408c5d7291f5bfb0d8d652dc7a7ca1f6d791f1f01cddf,044d36980cc749aff20bc4293bdaebcea7710140034ca7fc287f78a78a3580b8a24c73b6ca829a410d33c96edd2c205b87d8ccef3eb6c05d4e99269b4b1e1d7d41f3ee1d096cf4b72f08af35b6,9cd557f2,1b16711dc5241ee32efb4ac4bbe1a4676783fffe98dffd8fe203bd6d048c4e8c62131b2e4841f288ff672a880f34bb0b6dae8d466241cdcf71d83db853a3ec2e5dbcc4eb4eeaab405861b8a1f179a5c07d2dfc8ae6876f2525daf5f5950fa30f7b9ebe9de424970cb44273ebd798d45f7409f1cb6433,d8d437195cf7e0f7dec14d579c6683fd525899038ecd047255abf0645308fa6e72388d4782aec0e76a190c282ec65eaeaa6d6b5fd66da7519b797a67af3dcffbd727a3244f1f167c6e26da9458249ddc73d1ef45e46f677afd08555e90b74b809ad06481389721b9ea839fe3fb465d82c98b873f1f68ae53a5e03393550937,c837457d024506bba42498e7653d7f19572707970474aadf587bb67211a084ce143509c958b4d31f841673daf4ce48a3a62a285f2fe724f921,5feaccde56c7ec9f48b431725dc4dc9a75021be0d24fac93ab7ed76afd54cc6fafe48b52fb918a8c1fc1f3fe51a55c00c0a8448b0f0c0e9adf5f2779a5b22f30f8c2787b5b94465a8769208d8509cb068c9d3bca813212abb196bea7502c8e3d53edcd2a87,477fff14e328761786f4f60c1f5562820f92c9a2a66b02da2ef5711e6408ab13c7266569dc41e5e94814a95e95587f13dc2e4c56e7a3a9b8e7146dfd5ca82e454b6a08ffcb5bfdb209c3614210eb72fea14d242be82e9eb2f38b37f9c3bf60cf65a66325c7e6e703
+Out = 116640ca249a9e84bdfe4d64ec26450d
+
+# Test with no AD or nonce
+Key = 7f036a043b45f9cda8b8067186d70ee1fcf11053cac8141ee6cbf6a4fa451e98
+ADs =
+In = 
+Out = 8ab2a4ee4260a72a31159d3ba49dead1
+
+[AES-192]
+
+# NIST test vector
+
+Key = 7F7E7D7C7B7A797877767574737271706F6E6D6C6B6A6968404142434445464748494A4B4C4D4E4F5051525354555657
+ADs = 00112233445566778899AABBCCDDEEFFDEADDADADEADDADAFFEEDDCCBBAA99887766554433221100,102030405060708090A0,09F911029D74E35BD84156C5635688C0
+In = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
+Out = DE40AA1E7180D519CB14308EA7F77586DA09877C510F29651F42311AB728E95609E7DE2994BDF80BB99BFAACE31C4EC0D15BA6509F53F36AD725DCABC9E2A7
+
+[AES-256]
+
+# NIST
+
+Key = 7F7E7D7C7B7A797877767574737271706F6E6D6C6B6A69686766656463626160404142434445464748494A4B4C4D4E4F505152535455565758595A5B5B5D5E5F
+ADs = 00112233445566778899AABBCCDDEEFFDEADDADADEADDADAFFEEDDCCBBAA99887766554433221100,102030405060708090A0,09F911029D74E35BD84156C5635688C0
+In = 7468697320697320736f6d6520706c61696e7465787420746f20656e6372797074207573696e67205349562d414553
+Out = 85B8167310038DB7DC4692C0281CA35868181B2762F3C24F2EFA5FB80CB143516CE6C434B898A6FD8EB98A418842F51F66FC67DE43AC185A66DD72475BBB08
diff --git a/src/tests/test_siv.cpp b/src/tests/test_siv.cpp
new file mode 100644
index 000000000..99fb35f9b
--- /dev/null
+++ b/src/tests/test_siv.cpp
@@ -0,0 +1,65 @@
+/*
+* (C) 2017 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+
+#include "tests.h"
+
+#if defined(BOTAN_HAS_AEAD_SIV)
+   #include <botan/siv.h>
+   #include <botan/block_cipher.h>
+   #include <botan/parsing.h>
+#endif
+
+namespace Botan_Tests {
+
+namespace {
+
+#if defined(BOTAN_HAS_AEAD_SIV)
+
+class SIV_Tests final : public Text_Based_Test
+   {
+   public:
+      SIV_Tests() : Text_Based_Test("siv_ad.vec", "Key,Nonce,ADs,In,Out") {}
+
+      Test::Result run_one_test(const std::string& algo, const VarMap& vars) override
+         {
+         const std::vector<uint8_t> key      = get_req_bin(vars, "Key");
+         const std::vector<uint8_t> nonce    = get_opt_bin(vars, "Nonce");
+         const std::vector<uint8_t> input    = get_req_bin(vars, "In");
+         const std::vector<uint8_t> expected = get_req_bin(vars, "Out");
+         const std::vector<std::string> ad_list =
+            Botan::split_on(get_req_str(vars, "ADs"), ',');
+
+         Test::Result result(algo + "/SIV");
+
+         std::unique_ptr<Botan::SIV_Mode> siv(
+            new Botan::SIV_Encryption(Botan::BlockCipher::create(algo).release()));
+
+         siv->set_key(key);
+
+         for(size_t i = 0; i != ad_list.size(); ++i)
+            {
+            std::vector<uint8_t> ad = Botan::hex_decode(ad_list[i]);
+            siv->set_associated_data_n(i, ad.data(), ad.size());
+            }
+
+         Botan::secure_vector<uint8_t> buf(input.begin(), input.end());
+         siv->start(nonce);
+         siv->finish(buf, 0);
+
+         result.test_eq("SIV ciphertext", buf, expected);
+
+         return result;
+         }
+
+   };
+
+BOTAN_REGISTER_TEST("siv_ad", SIV_Tests);
+
+#endif
+
+}
+
+}