1 1.1 riastrad 2 1.1 riastrad #define TEST_NAME "aead_xchacha20poly1305" 3 1.1 riastrad #include "cmptest.h" 4 1.1 riastrad 5 1.1 riastrad static int 6 1.1 riastrad tv(void) 7 1.1 riastrad { 8 1.1 riastrad #undef MLEN 9 1.1 riastrad #define MLEN 114U 10 1.1 riastrad #undef ADLEN 11 1.1 riastrad #define ADLEN 12U 12 1.1 riastrad #undef CLEN 13 1.1 riastrad #define CLEN (MLEN + crypto_aead_xchacha20poly1305_ietf_ABYTES) 14 1.1 riastrad static const unsigned char firstkey[crypto_aead_xchacha20poly1305_ietf_KEYBYTES] 15 1.1 riastrad = { 16 1.1 riastrad 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 17 1.1 riastrad 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 18 1.1 riastrad 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 19 1.1 riastrad 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f 20 1.1 riastrad }; 21 1.1 riastrad #undef MESSAGE 22 1.1 riastrad #define MESSAGE "Ladies and Gentlemen of the class of '99: If I could offer you " \ 23 1.1 riastrad "only one tip for the future, sunscreen would be it." 24 1.1 riastrad unsigned char *m = (unsigned char *) sodium_malloc(MLEN); 25 1.1 riastrad static const unsigned char nonce[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES] 26 1.1 riastrad = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 27 1.1 riastrad 0x48, 0x49, 0x4a, 0x4b }; 28 1.1 riastrad static const unsigned char ad[ADLEN] 29 1.1 riastrad = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; 30 1.1 riastrad unsigned char *c = (unsigned char *) sodium_malloc(CLEN); 31 1.1 riastrad unsigned char *detached_c = (unsigned char *) sodium_malloc(MLEN); 32 1.1 riastrad unsigned char *key2 = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_KEYBYTES); 33 1.1 riastrad unsigned char *mac = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_ABYTES); 34 1.1 riastrad unsigned char *m2 = (unsigned char *) sodium_malloc(MLEN); 35 1.1 riastrad unsigned long long found_clen; 36 1.1 riastrad unsigned long long found_maclen; 37 1.1 riastrad unsigned long long m2len; 38 1.1 riastrad size_t i; 39 1.1 riastrad 40 1.1 riastrad assert(sizeof MESSAGE - 1U == MLEN); 41 1.1 riastrad memcpy(m, MESSAGE, MLEN); 42 1.1 riastrad crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN, 43 1.1 riastrad ad, ADLEN, 44 1.1 riastrad NULL, nonce, firstkey); 45 1.1 riastrad if (found_clen != MLEN + crypto_aead_xchacha20poly1305_ietf_abytes()) { 46 1.1 riastrad printf("found_clen is not properly set\n"); 47 1.1 riastrad } 48 1.1 riastrad for (i = 0U; i < CLEN; ++i) { 49 1.1 riastrad printf(",0x%02x", (unsigned int) c[i]); 50 1.1 riastrad if (i % 8 == 7) { 51 1.1 riastrad printf("\n"); 52 1.1 riastrad } 53 1.1 riastrad } 54 1.1 riastrad printf("\n"); 55 1.1 riastrad crypto_aead_xchacha20poly1305_ietf_encrypt_detached(detached_c, 56 1.1 riastrad mac, &found_maclen, 57 1.1 riastrad m, MLEN, 58 1.1 riastrad ad, ADLEN, 59 1.1 riastrad NULL, nonce, firstkey); 60 1.1 riastrad if (found_maclen != crypto_aead_xchacha20poly1305_ietf_abytes()) { 61 1.1 riastrad printf("found_maclen is not properly set\n"); 62 1.1 riastrad } 63 1.1 riastrad if (memcmp(detached_c, c, MLEN) != 0) { 64 1.1 riastrad printf("detached ciphertext is bogus\n"); 65 1.1 riastrad } 66 1.1 riastrad 67 1.1 riastrad if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN, ad, 68 1.1 riastrad ADLEN, nonce, firstkey) != 0) { 69 1.1 riastrad printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed\n"); 70 1.1 riastrad } 71 1.1 riastrad if (m2len != MLEN) { 72 1.1 riastrad printf("m2len is not properly set\n"); 73 1.1 riastrad } 74 1.1 riastrad if (memcmp(m, m2, MLEN) != 0) { 75 1.1 riastrad printf("m != m2\n"); 76 1.1 riastrad } 77 1.1 riastrad memset(m2, 0, m2len); 78 1.1 riastrad if (crypto_aead_xchacha20poly1305_ietf_decrypt_detached(m2, NULL, 79 1.1 riastrad c, MLEN, mac, 80 1.1 riastrad ad, ADLEN, 81 1.1 riastrad nonce, firstkey) != 0) { 82 1.1 riastrad printf("crypto_aead_xchacha20poly1305_ietf_decrypt_detached() failed\n"); 83 1.1 riastrad } 84 1.1 riastrad if (memcmp(m, m2, MLEN) != 0) { 85 1.1 riastrad printf("detached m != m2\n"); 86 1.1 riastrad } 87 1.1 riastrad 88 1.1 riastrad for (i = 0U; i < CLEN; i++) { 89 1.1 riastrad c[i] ^= (i + 1U); 90 1.1 riastrad if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, NULL, NULL, c, CLEN, 91 1.1 riastrad ad, ADLEN, nonce, firstkey) 92 1.1 riastrad == 0 || memcmp(m, m2, MLEN) == 0) { 93 1.1 riastrad printf("message can be forged\n"); 94 1.1 riastrad } 95 1.1 riastrad c[i] ^= (i + 1U); 96 1.1 riastrad } 97 1.1 riastrad crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN, 98 1.1 riastrad NULL, 0U, NULL, nonce, firstkey); 99 1.1 riastrad if (found_clen != CLEN) { 100 1.1 riastrad printf("clen is not properly set (adlen=0)\n"); 101 1.1 riastrad } 102 1.1 riastrad for (i = 0U; i < CLEN; ++i) { 103 1.1 riastrad printf(",0x%02x", (unsigned int) c[i]); 104 1.1 riastrad if (i % 8 == 7) { 105 1.1 riastrad printf("\n"); 106 1.1 riastrad } 107 1.1 riastrad } 108 1.1 riastrad printf("\n"); 109 1.1 riastrad if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN, 110 1.1 riastrad NULL, 0U, nonce, firstkey) != 0) { 111 1.1 riastrad printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed (adlen=0)\n"); 112 1.1 riastrad } 113 1.1 riastrad if (m2len != MLEN) { 114 1.1 riastrad printf("m2len is not properly set (adlen=0)\n"); 115 1.1 riastrad } 116 1.1 riastrad if (memcmp(m, m2, MLEN) != 0) { 117 1.1 riastrad printf("m != m2 (adlen=0)\n"); 118 1.1 riastrad } 119 1.1 riastrad m2len = 1; 120 1.1 riastrad if (crypto_aead_xchacha20poly1305_ietf_decrypt( 121 1.1 riastrad m2, &m2len, NULL, NULL, 122 1.1 riastrad randombytes_uniform(crypto_aead_xchacha20poly1305_ietf_ABYTES), 123 1.1 riastrad NULL, 0U, nonce, firstkey) != -1) { 124 1.1 riastrad printf("crypto_aead_xchacha20poly1305_ietf_decrypt() worked with a short " 125 1.1 riastrad "ciphertext\n"); 126 1.1 riastrad } 127 1.1 riastrad if (m2len != 0) { 128 1.1 riastrad printf("Message length should have been set to zero after a failure\n"); 129 1.1 riastrad } 130 1.1 riastrad m2len = 1; 131 1.1 riastrad if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, 0U, NULL, 0U, 132 1.1 riastrad nonce, firstkey) != -1) { 133 1.1 riastrad printf("crypto_aead_xchacha20poly1305_ietf_decrypt() worked with an empty " 134 1.1 riastrad "ciphertext\n"); 135 1.1 riastrad } 136 1.1 riastrad if (m2len != 0) { 137 1.1 riastrad printf("Message length should have been set to zero after a failure\n"); 138 1.1 riastrad } 139 1.1 riastrad 140 1.1 riastrad memcpy(c, m, MLEN); 141 1.1 riastrad crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, c, MLEN, 142 1.1 riastrad NULL, 0U, NULL, nonce, firstkey); 143 1.1 riastrad if (found_clen != CLEN) { 144 1.1 riastrad printf("clen is not properly set (adlen=0)\n"); 145 1.1 riastrad } 146 1.1 riastrad for (i = 0U; i < CLEN; ++i) { 147 1.1 riastrad printf(",0x%02x", (unsigned int) c[i]); 148 1.1 riastrad if (i % 8 == 7) { 149 1.1 riastrad printf("\n"); 150 1.1 riastrad } 151 1.1 riastrad } 152 1.1 riastrad printf("\n"); 153 1.1 riastrad 154 1.1 riastrad if (crypto_aead_xchacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN, 155 1.1 riastrad NULL, 0U, nonce, firstkey) != 0) { 156 1.1 riastrad printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed (adlen=0)\n"); 157 1.1 riastrad } 158 1.1 riastrad if (m2len != MLEN) { 159 1.1 riastrad printf("m2len is not properly set (adlen=0)\n"); 160 1.1 riastrad } 161 1.1 riastrad if (memcmp(m, c, MLEN) != 0) { 162 1.1 riastrad printf("m != c (adlen=0)\n"); 163 1.1 riastrad } 164 1.1 riastrad 165 1.1 riastrad crypto_aead_xchacha20poly1305_ietf_keygen(key2); 166 1.1 riastrad if (crypto_aead_xchacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN, 167 1.1 riastrad NULL, 0U, nonce, key2) == 0) { 168 1.1 riastrad printf("crypto_aead_xchacha20poly1305_ietf_decrypt() with a wrong key should have failed\n"); 169 1.1 riastrad } 170 1.1 riastrad 171 1.1 riastrad sodium_free(c); 172 1.1 riastrad sodium_free(detached_c); 173 1.1 riastrad sodium_free(key2); 174 1.1 riastrad sodium_free(mac); 175 1.1 riastrad sodium_free(m2); 176 1.1 riastrad sodium_free(m); 177 1.1 riastrad 178 1.1 riastrad assert(crypto_aead_xchacha20poly1305_ietf_keybytes() == crypto_aead_xchacha20poly1305_ietf_KEYBYTES); 179 1.1 riastrad assert(crypto_aead_xchacha20poly1305_ietf_npubbytes() == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES); 180 1.1 riastrad assert(crypto_aead_xchacha20poly1305_ietf_nsecbytes() == 0U); 181 1.1 riastrad assert(crypto_aead_xchacha20poly1305_ietf_nsecbytes() == crypto_aead_xchacha20poly1305_ietf_NSECBYTES); 182 1.1 riastrad assert(crypto_aead_xchacha20poly1305_ietf_messagebytes_max() == crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX); 183 1.1 riastrad assert(crypto_aead_xchacha20poly1305_IETF_KEYBYTES == crypto_aead_xchacha20poly1305_ietf_KEYBYTES); 184 1.1 riastrad assert(crypto_aead_xchacha20poly1305_IETF_NSECBYTES == crypto_aead_xchacha20poly1305_ietf_NSECBYTES); 185 1.1 riastrad assert(crypto_aead_xchacha20poly1305_IETF_NPUBBYTES == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES); 186 1.1 riastrad assert(crypto_aead_xchacha20poly1305_IETF_ABYTES == crypto_aead_xchacha20poly1305_ietf_ABYTES); 187 1.1 riastrad assert(crypto_aead_xchacha20poly1305_IETF_MESSAGEBYTES_MAX == crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX); 188 1.1 riastrad 189 1.1 riastrad return 0; 190 1.1 riastrad } 191 1.1 riastrad 192 1.1 riastrad int 193 1.1 riastrad main(void) 194 1.1 riastrad { 195 1.1 riastrad tv(); 196 1.1 riastrad 197 1.1 riastrad return 0; 198 1.1 riastrad } 199
Indexes created Mon Sep 29 21:09:56 GMT 2025