xchacha20.c revision 1.1
1 1.1 riastrad 2 1.1 riastrad #define TEST_NAME "xchacha20" 3 1.1 riastrad #include "cmptest.h" 4 1.1 riastrad 5 1.1 riastrad typedef struct HChaCha20TV_ { 6 1.1 riastrad const char key[crypto_core_hchacha20_KEYBYTES * 2 + 1]; 7 1.1 riastrad const char in[crypto_core_hchacha20_INPUTBYTES * 2 + 1]; 8 1.1 riastrad const char out[crypto_core_hchacha20_OUTPUTBYTES * 2 + 1]; 9 1.1 riastrad } HChaCha20TV; 10 1.1 riastrad 11 1.1 riastrad static const unsigned char small_order_p[crypto_scalarmult_BYTES] = { 12 1.1 riastrad 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 13 1.1 riastrad 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 14 1.1 riastrad 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 15 1.1 riastrad }; 16 1.1 riastrad 17 1.1 riastrad static void 18 1.1 riastrad tv_hchacha20(void) 19 1.1 riastrad { 20 1.1 riastrad static const HChaCha20TV tvs[] = { 21 1.1 riastrad { "24f11cce8a1b3d61e441561a696c1c1b7e173d084fd4812425435a8896a013dc", "d9660c5900ae19ddad28d6e06e45fe5e", "5966b3eec3bff1189f831f06afe4d4e3be97fa9235ec8c20d08acfbbb4e851e3" }, 22 1.1 riastrad { "80a5f6272031e18bb9bcd84f3385da65e7731b7039f13f5e3d475364cd4d42f7", "c0eccc384b44c88e92c57eb2d5ca4dfa", "6ed11741f724009a640a44fce7320954c46e18e0d7ae063bdbc8d7cf372709df" }, 23 1.1 riastrad { "cb1fc686c0eec11a89438b6f4013bf110e7171dace3297f3a657a309b3199629", "fcd49b93e5f8f299227e64d40dc864a3", "84b7e96937a1a0a406bb7162eeaad34308d49de60fd2f7ec9dc6a79cbab2ca34" }, 24 1.1 riastrad { "6640f4d80af5496ca1bc2cfff1fefbe99638dbceaabd7d0ade118999d45f053d", "31f59ceeeafdbfe8cae7914caeba90d6", "9af4697d2f5574a44834a2c2ae1a0505af9f5d869dbe381a994a18eb374c36a0" }, 25 1.1 riastrad { "0693ff36d971225a44ac92c092c60b399e672e4cc5aafd5e31426f123787ac27", "3a6293da061da405db45be1731d5fc4d", "f87b38609142c01095bfc425573bb3c698f9ae866b7e4216840b9c4caf3b0865" }, 26 1.1 riastrad { "809539bd2639a23bf83578700f055f313561c7785a4a19fc9114086915eee551", "780c65d6a3318e479c02141d3f0b3918", "902ea8ce4680c09395ce71874d242f84274243a156938aaa2dd37ac5be382b42" }, 27 1.1 riastrad { "1a170ddf25a4fd69b648926e6d794e73408805835c64b2c70efddd8cd1c56ce0", "05dbee10de87eb0c5acb2b66ebbe67d3", "a4e20b634c77d7db908d387b48ec2b370059db916e8ea7716dc07238532d5981" }, 28 1.1 riastrad { "3b354e4bb69b5b4a1126f509e84cad49f18c9f5f29f0be0c821316a6986e15a6", "d8a89af02f4b8b2901d8321796388b6c", "9816cb1a5b61993735a4b161b51ed2265b696e7ded5309c229a5a99f53534fbc" }, 29 1.1 riastrad { "4b9a818892e15a530db50dd2832e95ee192e5ed6afffb408bd624a0c4e12a081", "a9079c551de70501be0286d1bc78b045", "ebc5224cf41ea97473683b6c2f38a084bf6e1feaaeff62676db59d5b719d999b" }, 30 1.1 riastrad { "c49758f00003714c38f1d4972bde57ee8271f543b91e07ebce56b554eb7fa6a7", "31f0204e10cf4f2035f9e62bb5ba7303", "0dd8cc400f702d2c06ed920be52048a287076b86480ae273c6d568a2e9e7518c" } 31 1.1 riastrad }; 32 1.1 riastrad const HChaCha20TV *tv; 33 1.1 riastrad unsigned char *constant; 34 1.1 riastrad unsigned char *key; 35 1.1 riastrad unsigned char *in; 36 1.1 riastrad unsigned char *out; 37 1.1 riastrad unsigned char *out2; 38 1.1 riastrad size_t i; 39 1.1 riastrad 40 1.1 riastrad constant = (unsigned char *) sodium_malloc(crypto_core_hchacha20_CONSTBYTES); 41 1.1 riastrad key = (unsigned char *) sodium_malloc(crypto_core_hchacha20_KEYBYTES); 42 1.1 riastrad in = (unsigned char *) sodium_malloc(crypto_core_hchacha20_INPUTBYTES); 43 1.1 riastrad out = (unsigned char *) sodium_malloc(crypto_core_hchacha20_OUTPUTBYTES); 44 1.1 riastrad out2 = (unsigned char *) sodium_malloc(crypto_core_hchacha20_OUTPUTBYTES); 45 1.1 riastrad for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) { 46 1.1 riastrad tv = &tvs[i]; 47 1.1 riastrad sodium_hex2bin(key, crypto_core_hchacha20_KEYBYTES, 48 1.1 riastrad tv->key, strlen(tv->key), NULL, NULL, NULL); 49 1.1 riastrad sodium_hex2bin(in, crypto_core_hchacha20_INPUTBYTES, 50 1.1 riastrad tv->in, strlen(tv->in), NULL, NULL, NULL); 51 1.1 riastrad sodium_hex2bin(out, crypto_core_hchacha20_OUTPUTBYTES, 52 1.1 riastrad tv->out, strlen(tv->out), NULL, NULL, NULL); 53 1.1 riastrad crypto_core_hchacha20(out2, in, key, NULL); 54 1.1 riastrad assert(memcmp(out, out2, crypto_core_hchacha20_OUTPUTBYTES) == 0); 55 1.1 riastrad } 56 1.1 riastrad 57 1.1 riastrad sodium_hex2bin(constant, crypto_core_hchacha20_CONSTBYTES, 58 1.1 riastrad "0d29b795c1ca70c1652e823364d32417", 59 1.1 riastrad crypto_core_hchacha20_CONSTBYTES * 2 + 1, NULL, NULL, NULL); 60 1.1 riastrad sodium_hex2bin(out, crypto_core_hchacha20_OUTPUTBYTES, 61 1.1 riastrad "934d941d78eb9bfc2f0376f7ccd4a11ecf0c6a44104618a9749ef47fe97037a2", 62 1.1 riastrad crypto_core_hchacha20_OUTPUTBYTES * 2 + 1, NULL, NULL, NULL); 63 1.1 riastrad 64 1.1 riastrad crypto_core_hchacha20(out2, in, key, constant); 65 1.1 riastrad assert(memcmp(out, out2, crypto_core_hchacha20_OUTPUTBYTES) == 0); 66 1.1 riastrad 67 1.1 riastrad sodium_free(out2); 68 1.1 riastrad sodium_free(out); 69 1.1 riastrad sodium_free(in); 70 1.1 riastrad sodium_free(key); 71 1.1 riastrad sodium_free(constant); 72 1.1 riastrad 73 1.1 riastrad assert(crypto_core_hchacha20_outputbytes() == crypto_core_hchacha20_OUTPUTBYTES); 74 1.1 riastrad assert(crypto_core_hchacha20_inputbytes() == crypto_core_hchacha20_INPUTBYTES); 75 1.1 riastrad assert(crypto_core_hchacha20_keybytes() == crypto_core_hchacha20_KEYBYTES); 76 1.1 riastrad assert(crypto_core_hchacha20_constbytes() == crypto_core_hchacha20_CONSTBYTES); 77 1.1 riastrad 78 1.1 riastrad printf("tv_hchacha20: ok\n"); 79 1.1 riastrad } 80 1.1 riastrad 81 1.1 riastrad #define XCHACHA20_OUT_MAX 100 82 1.1 riastrad 83 1.1 riastrad typedef struct XChaCha20TV_ { 84 1.1 riastrad const char key[crypto_stream_xchacha20_KEYBYTES * 2 + 1]; 85 1.1 riastrad const char nonce[crypto_stream_xchacha20_NONCEBYTES * 2 + 1]; 86 1.1 riastrad const char out[XCHACHA20_OUT_MAX * 2 + 1]; 87 1.1 riastrad } XChaCha20TV; 88 1.1 riastrad 89 1.1 riastrad static void 90 1.1 riastrad tv_stream_xchacha20(void) 91 1.1 riastrad { 92 1.1 riastrad static const XChaCha20TV tvs[] = { 93 1.1 riastrad { "79c99798ac67300bbb2704c95c341e3245f3dcb21761b98e52ff45b24f304fc4", "b33ffd3096479bcfbc9aee49417688a0a2554f8d95389419", "c6e9758160083ac604ef90e712ce6e75d7797590744e0cf060f013739c" }, 94 1.1 riastrad { "ddf7784fee099612c40700862189d0397fcc4cc4b3cc02b5456b3a97d1186173", "a9a04491e7bf00c3ca91ac7c2d38a777d88993a7047dfcc4", "2f289d371f6f0abc3cb60d11d9b7b29adf6bc5ad843e8493e928448d" }, 95 1.1 riastrad { "3d12800e7b014e88d68a73f0a95b04b435719936feba60473f02a9e61ae60682", "56bed2599eac99fb27ebf4ffcb770a64772dec4d5849ea2d", "a2c3c1406f33c054a92760a8e0666b84f84fa3a618f0" }, 96 1.1 riastrad { "5f5763ff9a30c95da5c9f2a8dfd7cc6efd9dfb431812c075aa3e4f32e04f53e4", "a5fa890efa3b9a034d377926ce0e08ee6d7faccaee41b771", "8a1a5ba898bdbcff602b1036e469a18a5e45789d0e8d9837d81a2388a52b0b6a0f51891528f424c4a7f492a8dd7bce8bac19fbdbe1fb379ac0" }, 97 1.1 riastrad { "eadc0e27f77113b5241f8ca9d6f9a5e7f09eee68d8a5cf30700563bf01060b4e", "a171a4ef3fde7c4794c5b86170dc5a099b478f1b852f7b64", "23839f61795c3cdbcee2c749a92543baeeea3cbb721402aa42e6cae140447575f2916c5d71108e3b13357eaf86f060cb" }, 98 1.1 riastrad { "91319c9545c7c804ba6b712e22294c386fe31c4ff3d278827637b959d3dbaab2", "410e854b2a911f174aaf1a56540fc3855851f41c65967a4e", "cbe7d24177119b7fdfa8b06ee04dade4256ba7d35ffda6b89f014e479faef6" }, 99 1.1 riastrad { "6a6d3f412fc86c4450fc31f89f64ed46baa3256ffcf8616e8c23a06c422842b6", "6b7773fce3c2546a5db4829f53a9165f41b08faae2fb72d5", "8b23e35b3cdd5f3f75525fc37960ec2b68918e8c046d8a832b9838f1546be662e54feb1203e2" }, 100 1.1 riastrad { "d45e56368ebc7ba9be7c55cfd2da0feb633c1d86cab67cd5627514fd20c2b391", "fd37da2db31e0c738754463edadc7dafb0833bd45da497fc", "47950efa8217e3dec437454bd6b6a80a287e2570f0a48b3fa1ea3eb868be3d486f6516606d85e5643becc473b370871ab9ef8e2a728f73b92bd98e6e26ea7c8ff96ec5a9e8de95e1eee9300c" }, 101 1.1 riastrad { "aface41a64a9a40cbc604d42bd363523bd762eb717f3e08fe2e0b4611eb4dcf3", "6906e0383b895ab9f1cf3803f42f27c79ad47b681c552c63", "a5fa7c0190792ee17675d52ad7570f1fb0892239c76d6e802c26b5b3544d13151e67513b8aaa1ac5af2d7fd0d5e4216964324838" }, 102 1.1 riastrad { "9d23bd4149cb979ccf3c5c94dd217e9808cb0e50cd0f67812235eaaf601d6232", "c047548266b7c370d33566a2425cbf30d82d1eaf5294109e", "a21209096594de8c5667b1d13ad93f744106d054df210e4782cd396fec692d3515a20bf351eec011a92c367888bc464c32f0807acd6c203a247e0db854148468e9f96bee4cf718d68d5f637cbd5a376457788e6fae90fc31097cfc" }, 103 1.1 riastrad }; 104 1.1 riastrad const XChaCha20TV *tv; 105 1.1 riastrad char *hex; 106 1.1 riastrad unsigned char *key; 107 1.1 riastrad unsigned char *nonce; 108 1.1 riastrad unsigned char *out; 109 1.1 riastrad unsigned char *out2; 110 1.1 riastrad size_t out_len; 111 1.1 riastrad size_t i; 112 1.1 riastrad 113 1.1 riastrad key = (unsigned char *) sodium_malloc(crypto_stream_xchacha20_KEYBYTES); 114 1.1 riastrad nonce = (unsigned char *) sodium_malloc(crypto_stream_xchacha20_NONCEBYTES); 115 1.1 riastrad out = (unsigned char *) sodium_malloc(XCHACHA20_OUT_MAX); 116 1.1 riastrad for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) { 117 1.1 riastrad tv = &tvs[i]; 118 1.1 riastrad 119 1.1 riastrad sodium_hex2bin(key, crypto_stream_xchacha20_KEYBYTES, 120 1.1 riastrad tv->key, strlen(tv->key), NULL, NULL, NULL); 121 1.1 riastrad sodium_hex2bin(nonce, crypto_stream_xchacha20_NONCEBYTES, 122 1.1 riastrad tv->nonce, strlen(tv->nonce), NULL, NULL, NULL); 123 1.1 riastrad sodium_hex2bin(out, XCHACHA20_OUT_MAX, 124 1.1 riastrad tv->out, strlen(tv->out), NULL, &out_len, NULL); 125 1.1 riastrad out2 = (unsigned char *) sodium_malloc(out_len); 126 1.1 riastrad crypto_stream_xchacha20(out2, out_len, nonce, key); 127 1.1 riastrad assert(memcmp(out, out2, out_len) == 0); 128 1.1 riastrad crypto_stream_xchacha20_xor(out2, out, out_len, nonce, key); 129 1.1 riastrad assert(sodium_is_zero(out2, out_len)); 130 1.1 riastrad crypto_stream_xchacha20_xor_ic(out2, out, out_len, nonce, 0, key); 131 1.1 riastrad assert(sodium_is_zero(out2, out_len)); 132 1.1 riastrad crypto_stream_xchacha20_xor_ic(out2, out, out_len, nonce, 1, key); 133 1.1 riastrad assert(!sodium_is_zero(out2, out_len)); 134 1.1 riastrad crypto_stream_xchacha20_xor(out, out, out_len, nonce, key); 135 1.1 riastrad assert(sodium_is_zero(out, out_len)); 136 1.1 riastrad sodium_free(out2); 137 1.1 riastrad } 138 1.1 riastrad 139 1.1 riastrad out2 = (unsigned char *) sodium_malloc(0); 140 1.1 riastrad crypto_stream_xchacha20(out2, 0, nonce, key); 141 1.1 riastrad crypto_stream_xchacha20_xor(out2, out2, 0, nonce, key); 142 1.1 riastrad crypto_stream_xchacha20_xor_ic(out2, out2, 0, nonce, 1, key); 143 1.1 riastrad sodium_free(out2); 144 1.1 riastrad sodium_free(out); 145 1.1 riastrad 146 1.1 riastrad out = (unsigned char *) sodium_malloc(64); 147 1.1 riastrad out2 = (unsigned char *) sodium_malloc(128); 148 1.1 riastrad randombytes_buf(out, 64); 149 1.1 riastrad randombytes_buf(out2, 64); 150 1.1 riastrad memcpy(out2 + 64, out, 64); 151 1.1 riastrad crypto_stream_xchacha20_xor_ic(out, out, 64, nonce, 1, key); 152 1.1 riastrad crypto_stream_xchacha20_xor(out2, out2, 128, nonce, key); 153 1.1 riastrad assert(memcmp(out, out2 + 64, 64) == 0); 154 1.1 riastrad sodium_free(out); 155 1.1 riastrad sodium_free(out2); 156 1.1 riastrad 157 1.1 riastrad out = (unsigned char *) sodium_malloc(192); 158 1.1 riastrad out2 = (unsigned char *) sodium_malloc(192); 159 1.1 riastrad memset(out, 0, 192); 160 1.1 riastrad memset(out2, 0, 192); 161 1.1 riastrad crypto_stream_xchacha20_xor_ic(out2, out2, 192, nonce, 162 1.1 riastrad (1ULL << 32) - 1ULL, key); 163 1.1 riastrad crypto_stream_xchacha20_xor_ic(out, out, 64, nonce, 164 1.1 riastrad (1ULL << 32) - 1ULL, key); 165 1.1 riastrad crypto_stream_xchacha20_xor_ic(out + 64, out + 64, 64, nonce, 166 1.1 riastrad (1ULL << 32), key); 167 1.1 riastrad crypto_stream_xchacha20_xor_ic(out + 128, out + 128, 64, nonce, 168 1.1 riastrad (1ULL << 32) + 1, key); 169 1.1 riastrad assert(memcmp(out, out2, 192) == 0); 170 1.1 riastrad hex = (char *) sodium_malloc(192 * 2 + 1); 171 1.1 riastrad sodium_bin2hex(hex, 192 * 2 + 1, out, 192); 172 1.1 riastrad printf("%s\n", hex); 173 1.1 riastrad 174 1.1 riastrad memset(key, 0, crypto_stream_xchacha20_KEYBYTES); 175 1.1 riastrad crypto_stream_xchacha20_keygen(key); 176 1.1 riastrad assert(sodium_is_zero(key, crypto_stream_xchacha20_KEYBYTES) == 0); 177 1.1 riastrad 178 1.1 riastrad sodium_free(hex); 179 1.1 riastrad sodium_free(out); 180 1.1 riastrad sodium_free(out2); 181 1.1 riastrad 182 1.1 riastrad sodium_free(nonce); 183 1.1 riastrad sodium_free(key); 184 1.1 riastrad 185 1.1 riastrad assert(crypto_stream_xchacha20_keybytes() == crypto_stream_xchacha20_KEYBYTES); 186 1.1 riastrad assert(crypto_stream_xchacha20_noncebytes() == crypto_stream_xchacha20_NONCEBYTES); 187 1.1 riastrad assert(crypto_stream_xchacha20_messagebytes_max() == crypto_stream_xchacha20_MESSAGEBYTES_MAX); 188 1.1 riastrad 189 1.1 riastrad printf("tv_stream_xchacha20: ok\n"); 190 1.1 riastrad } 191 1.1 riastrad 192 1.1 riastrad typedef struct XChaCha20Poly1305TV_ { 193 1.1 riastrad const char key[crypto_secretbox_xchacha20poly1305_KEYBYTES * 2 + 1]; 194 1.1 riastrad const char nonce[crypto_secretbox_xchacha20poly1305_NONCEBYTES * 2 + 1]; 195 1.1 riastrad const char *m; 196 1.1 riastrad const char *out; 197 1.1 riastrad } XChaCha20Poly1305TV; 198 1.1 riastrad 199 1.1 riastrad static void 200 1.1 riastrad tv_secretbox_xchacha20poly1305(void) 201 1.1 riastrad { 202 1.1 riastrad static const XChaCha20Poly1305TV tvs[] = { 203 1.1 riastrad { "065ff46a9dddb1ab047ee5914d6d575a828b8cc1f454b24e8cd0f57efdc49a34", "f83262646ce01293b9923a65a073df78c54b2e799cd6c4e5", "", "4c72340416339dcdea01b760db5adaf7" }, 204 1.1 riastrad { "d3c71d54e6b13506e07aa2e7b412a17a7a1f34df3d3148cd3f45b91ccaa5f4d9", "943b454a853aa514c63cf99b1e197bbb99da24b2e2d93e47", "76bd706e07741e713d90efdb34ad202067263f984942aae8bda159f30dfccc72200f8093520b85c5ad124ff7c8b2d920946e5cfff4b819abf84c7b35a6205ca72c9f8747c3044dd73fb4bebda1b476", "0384276f1cfa5c82c3e58f0f2acc1f821c6f526d2c19557cf8bd270fcde43fba1d88890663f7b2f5c6b1d7deccf5c91b4df5865dc55cc7e04d6793fc2db8f9e3b418f95cb796d67a7f3f7e097150cb607c435dacf82eac3d669866e5092ace" }, 205 1.1 riastrad { "9498fdb922e0596e32af7f8108def2068f5a32a5ac70bd33ade371701f3d98d0", "a0056f24be0d20106fe750e2ee3684d4457cbdcb3a74e566", "b1bc9cfedb340fb06a37eba80439189e48aa0cfd37020eec0afa09165af12864671b3fbddbbb20ac18f586f2f66d13b3ca40c9a7e21c4513a5d87a95319f8ca3c2151e2a1b8b86a35653e77f90b9e63d2a84be9b9603876a89d60fd708edcd64b41be1064b8ad1046553aaeb51dc70b8112c9915d94f2a5dad1e14e7009db6c703c843a4f64b77d44b179b9579ac497dac2d33", "4918790d46893fa3dca74d8abc57eef7fca2c6393d1beef5efa845ac20475db38d1a068debf4c5dbd8614eb072877c565dc52bd40941f0b590d2079a5028e426bf50bcbaadcbebf278bddceedc578a5e31379523dee15026ec82d34e56f2871fdf13255db199ac48f163d5ee7e4f4e09a39451356959d9242a39aea33990ab960a4c25346e3d9397fc5e7cb6266c2476411cd331f2bcb4486750c746947ec6401865d5" }, 206 1.1 riastrad { "fa2d915e044d0519248150e7c815b01f0f2a691c626f8d22c3ef61e7f16eea47", "c946065dc8befa9cc9f292ea2cf28f0256285565051792b7", "d5be1a24c7872115dc5c5b4234dbee35a6f89ae3a91b3e33d75249a0aecfed252341295f49296f7ee14d64de1ea6355cb8facd065052d869aeb1763cda7e418a7e33b6f7a81327181df6cd4de3a126d9df1b5e8b0b1a6b281e63f2", "6d32e3571afec58b0acabb54a287118b3ed6691f56cc8ead12d735352c9a050c2ca173c78b6092f9ad4b7c21c36fb0ce18560956395bab3099c54760a743051ac6a898a0b0034b5e953340c975cf7a873c56b27e66bca2bff1dd977addefc7935bb7550753dd13d1f1a43d" }, 207 1.1 riastrad { "6f149c2ec27af45176030c8dd7ab0e1e488f5803f26f75045d7a56f59a587a85", "952aff2f39bc70016f04ac7fb8b55fd22764ba16b56e255d", "8fde598c4bde5786abdc6ab83fce66d59782b6ce36afe028c447ad4086a748764afa88a520e837a9d56d0b7693b0476649f24c2aa44b94615a1efc75", "9bccf07974836fa4609d32d9527d928d184d9c6c0823af2f703e0e257a162d26d3678fa15ab1c4db76ac42084d32cefca8efaf77814c199b310999e327a3e3daa2e235b175979504ede87b58" }, 208 1.1 riastrad { "b964b7fdf442efbcc2cd3e4cd596035bdfb05ed7d44f7fd4dce2d5614af5c8c4", "2886fbfa4b35b68f28d31df6243a4fbc56475b69e24820a4", "", "b83fbdd112bf0f7d62eff96c9faa8850" }, 209 1.1 riastrad { "10c0ad4054b48d7d1de1d9ab6f782ca883d886573e9d18c1d47b6ee6b5208189", "977edf57428d0e0247a3c88c9a9ec321bbaae1a4da8353b5", "518e4a27949812424b2a381c3efea6055ee5e75eff", "0c801a037c2ed0500d6ef68e8d195eceb05a15f8edb68b35773e81ac2aca18e9be53416f9a" }, 210 1.1 riastrad { "7db0a81d01699c86f47a3ec76d46aa32660adad7f9ac72cf8396419f789f6bb1", "e7cb57132ce954e28f4470cca1dbda20b534cdf32fbe3658", "ee6511d403539e611ab312205f0c3b8f36a33d36f1dc44bb33d6836f0ab93b9f1747167bf0150f045fcd12a39479641d8bdde6fe01475196e8fe2c435e834e30a59f6aaa01ebcd", "ae8b1d4df4f982b2702626feca07590fedd0dfa7ae34e6a098372a1aa32f9fbf0ce2a88b5c16a571ef48f3c9fda689ce8ebb9947c9e2a28e01b1191efc81ad2ce0ed6e6fc7c164b1fc7f3d50b7f5e47a895db3c1fc46c0" }, 211 1.1 riastrad { "7b043dd27476cf5a2baf2907541d8241ecd8b97d38d08911737e69b0846732fb", "74706a2855f946ed600e9b453c1ac372520b6a76a3c48a76", "dbf165bb8352d6823991b99f3981ba9c8153635e5695477cba54e96a2a8c4dc5f9dbe817887d7340e3f48a", "ce57261afba90a9598de15481c43f26f7b8c8cb2806c7c977752dba898dc51b92a3f1a62ebf696747bfccf72e0edda97f2ccd6d496f55aefbb3ec2" }, 212 1.1 riastrad { "e588e418d658df1b2b1583122e26f74ca3506b425087bea895d81021168f8164", "4f4d0ffd699268cd841ce4f603fe0cd27b8069fcf8215fbb", "f91bcdcf4d08ba8598407ba8ef661e66c59ca9d89f3c0a3542e47246c777091e4864e63e1e3911dc01257255e551527a53a34481be", "22dc88de7cacd4d9ce73359f7d6e16e74caeaa7b0d1ef2bb10fda4e79c3d5a9aa04b8b03575fd27bc970c9ed0dc80346162469e0547030ddccb8cdc95981400907c87c9442" } 213 1.1 riastrad }; 214 1.1 riastrad const XChaCha20Poly1305TV *tv; 215 1.1 riastrad unsigned char *m; 216 1.1 riastrad unsigned char *nonce; 217 1.1 riastrad unsigned char *key; 218 1.1 riastrad unsigned char *out; 219 1.1 riastrad unsigned char *out2; 220 1.1 riastrad size_t m_len; 221 1.1 riastrad size_t n; 222 1.1 riastrad size_t i; 223 1.1 riastrad 224 1.1 riastrad key = (unsigned char *) sodium_malloc 225 1.1 riastrad (crypto_secretbox_xchacha20poly1305_KEYBYTES); 226 1.1 riastrad nonce = (unsigned char *) sodium_malloc 227 1.1 riastrad (crypto_secretbox_xchacha20poly1305_NONCEBYTES); 228 1.1 riastrad for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) { 229 1.1 riastrad tv = &tvs[i]; 230 1.1 riastrad m_len = strlen(tv->m) / 2; 231 1.1 riastrad m = (unsigned char *) sodium_malloc(m_len); 232 1.1 riastrad sodium_hex2bin(key, crypto_secretbox_xchacha20poly1305_KEYBYTES, 233 1.1 riastrad tv->key, strlen(tv->key), NULL, NULL, NULL); 234 1.1 riastrad sodium_hex2bin(nonce, crypto_secretbox_xchacha20poly1305_NONCEBYTES, 235 1.1 riastrad tv->nonce, strlen(tv->nonce), NULL, NULL, NULL); 236 1.1 riastrad sodium_hex2bin(m, m_len, tv->m, strlen(tv->m), NULL, NULL, NULL); 237 1.1 riastrad out = (unsigned char *) sodium_malloc 238 1.1 riastrad (crypto_secretbox_xchacha20poly1305_MACBYTES + m_len); 239 1.1 riastrad out2 = (unsigned char *) sodium_malloc 240 1.1 riastrad (crypto_secretbox_xchacha20poly1305_MACBYTES + m_len); 241 1.1 riastrad sodium_hex2bin(out, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, 242 1.1 riastrad tv->out, strlen(tv->out), NULL, NULL, NULL); 243 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_easy(out2, m, 0, nonce, key) == 0); 244 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_easy(out2, m, m_len, nonce, key) == 0); 245 1.1 riastrad assert(memcmp(out, out2, 246 1.1 riastrad crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0); 247 1.1 riastrad n = randombytes_uniform(crypto_secretbox_xchacha20poly1305_MACBYTES + (uint32_t) m_len); 248 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_open_easy 249 1.1 riastrad (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES - 1, 250 1.1 riastrad nonce, key) == -1); 251 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_open_easy 252 1.1 riastrad (out2, out2, 0, 253 1.1 riastrad nonce, key) == -1); 254 1.1 riastrad out2[n]++; 255 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_open_easy 256 1.1 riastrad (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, 257 1.1 riastrad nonce, key) == -1); 258 1.1 riastrad out2[n]--; 259 1.1 riastrad nonce[0]++; 260 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_open_easy 261 1.1 riastrad (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, 262 1.1 riastrad nonce, key) == -1); 263 1.1 riastrad nonce[0]--; 264 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_open_easy 265 1.1 riastrad (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, 266 1.1 riastrad nonce, key) == 0); 267 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_open_easy 268 1.1 riastrad (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES - 1, 269 1.1 riastrad nonce, key) == -1); 270 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_open_easy 271 1.1 riastrad (out2, out2, 0, nonce, key) == -1); 272 1.1 riastrad assert(memcmp(m, out2, m_len) == 0); 273 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_open_detached 274 1.1 riastrad (out2, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out, 275 1.1 riastrad m_len, nonce, key) == 0); 276 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_open_detached 277 1.1 riastrad (NULL, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out, 278 1.1 riastrad m_len, nonce, key) == 0); 279 1.1 riastrad crypto_secretbox_xchacha20poly1305_detached 280 1.1 riastrad (out2 + crypto_secretbox_xchacha20poly1305_MACBYTES, out2, m, 281 1.1 riastrad m_len, nonce, key); 282 1.1 riastrad assert(memcmp(out, out2, 283 1.1 riastrad crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0); 284 1.1 riastrad sodium_free(out); 285 1.1 riastrad sodium_free(out2); 286 1.1 riastrad sodium_free(m); 287 1.1 riastrad } 288 1.1 riastrad sodium_free(nonce); 289 1.1 riastrad sodium_free(key); 290 1.1 riastrad 291 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_keybytes() == crypto_secretbox_xchacha20poly1305_KEYBYTES); 292 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_noncebytes() == crypto_secretbox_xchacha20poly1305_NONCEBYTES); 293 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_macbytes() == crypto_secretbox_xchacha20poly1305_MACBYTES); 294 1.1 riastrad assert(crypto_secretbox_xchacha20poly1305_messagebytes_max() == crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX); 295 1.1 riastrad 296 1.1 riastrad printf("tv_secretbox_xchacha20: ok\n"); 297 1.1 riastrad } 298 1.1 riastrad 299 1.1 riastrad static void 300 1.1 riastrad tv_box_xchacha20poly1305(void) 301 1.1 riastrad { 302 1.1 riastrad char hex[65]; 303 1.1 riastrad unsigned char *pk; 304 1.1 riastrad unsigned char *sk; 305 1.1 riastrad unsigned char *m; 306 1.1 riastrad unsigned char *m2; 307 1.1 riastrad unsigned char *mac; 308 1.1 riastrad unsigned char *nonce; 309 1.1 riastrad unsigned char *out; 310 1.1 riastrad unsigned char *pc; 311 1.1 riastrad unsigned char *seed; 312 1.1 riastrad size_t m_len; 313 1.1 riastrad int i; 314 1.1 riastrad 315 1.1 riastrad pk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); 316 1.1 riastrad sk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES); 317 1.1 riastrad nonce = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_NONCEBYTES); 318 1.1 riastrad mac = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_MACBYTES); 319 1.1 riastrad pc = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES); 320 1.1 riastrad for (i = 0; i < 10; i++) { 321 1.1 riastrad m_len = (i == 0) ? 0 : randombytes_uniform(150); 322 1.1 riastrad m = (unsigned char *) sodium_malloc(m_len); 323 1.1 riastrad m2 = (unsigned char *) sodium_malloc(m_len); 324 1.1 riastrad 325 1.1 riastrad out = (unsigned char *) sodium_malloc 326 1.1 riastrad (crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len); 327 1.1 riastrad randombytes_buf(nonce, crypto_box_curve25519xchacha20poly1305_NONCEBYTES); 328 1.1 riastrad randombytes_buf(m, m_len); 329 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_keypair(pk, sk) == 0); 330 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, 0, nonce, 331 1.1 riastrad pk, sk) == 0); 332 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, m_len, nonce, 333 1.1 riastrad pk, sk) == 0); 334 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_open_easy 335 1.1 riastrad (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len, 336 1.1 riastrad nonce, small_order_p, sk) == -1); 337 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_open_easy 338 1.1 riastrad (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES - 1, 339 1.1 riastrad nonce, pk, sk) == -1); 340 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_open_easy 341 1.1 riastrad (m2, out, 0, nonce, pk, sk) == -1); 342 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_open_easy 343 1.1 riastrad (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len, 344 1.1 riastrad nonce, pk, sk) == 0); 345 1.1 riastrad assert(memcmp(m2, m, m_len) == 0); 346 1.1 riastrad sodium_free(out); 347 1.1 riastrad 348 1.1 riastrad out = (unsigned char *) sodium_malloc 349 1.1 riastrad (crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len); 350 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, small_order_p, sk) == -1); 351 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, pk, sk) == 0); 352 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_easy_afternm 353 1.1 riastrad (out, m, 0, nonce, pc) == 0); 354 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_easy_afternm 355 1.1 riastrad (out, m, m_len, nonce, pc) == 0); 356 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm 357 1.1 riastrad (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES - 1, 358 1.1 riastrad nonce, pc) == -1); 359 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm 360 1.1 riastrad (m2, out, 0, 361 1.1 riastrad nonce, pc) == -1); 362 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm 363 1.1 riastrad (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len, 364 1.1 riastrad nonce, pc) == 0); 365 1.1 riastrad assert(memcmp(m2, m, m_len) == 0); 366 1.1 riastrad sodium_free(out); 367 1.1 riastrad 368 1.1 riastrad out = (unsigned char *) sodium_malloc(m_len); 369 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_detached(out, mac, m, m_len, 370 1.1 riastrad nonce, small_order_p, sk) == -1); 371 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_detached(out, mac, m, m_len, 372 1.1 riastrad nonce, pk, sk) == 0); 373 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_open_detached 374 1.1 riastrad (m2, out, mac, m_len, nonce, small_order_p, sk) == -1); 375 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_open_detached 376 1.1 riastrad (m2, out, mac, m_len, nonce, pk, sk) == 0); 377 1.1 riastrad sodium_free(out); 378 1.1 riastrad 379 1.1 riastrad out = (unsigned char *) sodium_malloc(m_len); 380 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_detached_afternm 381 1.1 riastrad (out, mac, m, m_len, nonce, pc) == 0); 382 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_open_detached_afternm 383 1.1 riastrad (m2, out, mac, m_len, nonce, pc) == 0); 384 1.1 riastrad sodium_free(out); 385 1.1 riastrad 386 1.1 riastrad sodium_free(m2); 387 1.1 riastrad sodium_free(m); 388 1.1 riastrad } 389 1.1 riastrad sodium_free(pc); 390 1.1 riastrad sodium_free(mac); 391 1.1 riastrad sodium_free(nonce); 392 1.1 riastrad 393 1.1 riastrad seed = (unsigned char *) sodium_malloc 394 1.1 riastrad (crypto_box_curve25519xchacha20poly1305_SEEDBYTES); 395 1.1 riastrad for (i = 0; i <(int) crypto_box_curve25519xchacha20poly1305_SEEDBYTES; i++) { 396 1.1 riastrad seed[i] = (unsigned char) i; 397 1.1 riastrad } 398 1.1 riastrad crypto_box_curve25519xchacha20poly1305_seed_keypair(pk, sk, seed); 399 1.1 riastrad sodium_bin2hex(hex, sizeof hex, pk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); 400 1.1 riastrad assert(strcmp(hex, "4701d08488451f545a409fb58ae3e58581ca40ac3f7f114698cd71deac73ca01") == 0); 401 1.1 riastrad sodium_bin2hex(hex, sizeof hex, sk, crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES); 402 1.1 riastrad assert(strcmp(hex, "3d94eea49c580aef816935762be049559d6d1440dede12e6a125f1841fff8e6f") == 0); 403 1.1 riastrad sodium_free(seed); 404 1.1 riastrad 405 1.1 riastrad sodium_free(sk); 406 1.1 riastrad sodium_free(pk); 407 1.1 riastrad 408 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_seedbytes() == crypto_box_curve25519xchacha20poly1305_SEEDBYTES); 409 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_publickeybytes() == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); 410 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES); 411 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES); 412 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES); 413 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_macbytes() == crypto_box_curve25519xchacha20poly1305_MACBYTES); 414 1.1 riastrad assert(crypto_box_curve25519xchacha20poly1305_messagebytes_max() == crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX); 415 1.1 riastrad 416 1.1 riastrad printf("tv_box_xchacha20poly1305: ok\n"); 417 1.1 riastrad } 418 1.1 riastrad 419 1.1 riastrad int 420 1.1 riastrad main(void) 421 1.1 riastrad { 422 1.1 riastrad tv_hchacha20(); 423 1.1 riastrad tv_stream_xchacha20(); 424 1.1 riastrad tv_secretbox_xchacha20poly1305(); 425 1.1 riastrad tv_box_xchacha20poly1305(); 426 1.1 riastrad 427 1.1 riastrad return 0; 428 1.1 riastrad } 429
Indexes created Mon Sep 29 21:09:56 GMT 2025