search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libsodium 1.0.8
[tomato.git] / release / src / router / libsodium / test / default / aead_chacha20poly1305.c
blobd82319b269b8720be89f5fd6bab5ab18ad3dd324
1
2 #define TEST_NAME "aead_chacha20poly1305"
3 #include "cmptest.h"
4
5 static int
6 tv(void)
7 {
8 static unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES]
9 = { 0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
10 0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
11 0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07 };
12 static unsigned char m[10U]
13 = { 0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca };
14 static unsigned char nonce[crypto_aead_chacha20poly1305_NPUBBYTES]
15 = { 0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a };
16 static unsigned char ad[10U]
17 = { 0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0 };
18 static unsigned char c[10U + crypto_aead_chacha20poly1305_ABYTES];
19
20 unsigned char m2[10U];
21 unsigned long long clen;
22 unsigned long long m2len;
23 size_t i;
24
25 crypto_aead_chacha20poly1305_encrypt(c, &clen, m, sizeof m, ad, sizeof ad,
26 NULL, nonce, firstkey);
27 if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
28 printf("clen is not properly set\n");
29 }
30 for (i = 0U; i < sizeof c; ++i) {
31 printf(",0x%02x", (unsigned int)c[i]);
32 if (i % 8 == 7) {
33 printf("\n");
34 }
35 }
36 printf("\n");
37
38 if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, sizeof c, ad,
39 sizeof ad, nonce, firstkey) != 0) {
40 printf("crypto_aead_chacha20poly1305_decrypt() failed\n");
41 }
42 if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
43 printf("m2len is not properly set\n");
44 }
45 if (memcmp(m, m2, sizeof m) != 0) {
46 printf("m != m2\n");
47 }
48
49 for (i = 0U; i < sizeof c; i++) {
50 c[i] ^= (i + 1U);
51 if (crypto_aead_chacha20poly1305_decrypt(m2, NULL, NULL, c, sizeof c,
52 ad, sizeof ad, nonce, firstkey)
53 == 0 || memcmp(m, m2, sizeof m) == 0) {
54 printf("message can be forged\n");
55 }
56 c[i] ^= (i + 1U);
57 }
58
59 crypto_aead_chacha20poly1305_encrypt(c, &clen, m, sizeof m, NULL, 0U, NULL,
60 nonce, firstkey);
61 if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
62 printf("clen is not properly set (adlen=0)\n");
63 }
64 for (i = 0U; i < sizeof c; ++i) {
65 printf(",0x%02x", (unsigned int)c[i]);
66 if (i % 8 == 7) {
67 printf("\n");
68 }
69 }
70 printf("\n");
71
72 if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, sizeof c,
73 NULL, 0U, nonce, firstkey) != 0) {
74 printf("crypto_aead_chacha20poly1305_decrypt() failed (adlen=0)\n");
75 }
76 if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
77 printf("m2len is not properly set (adlen=0)\n");
78 }
79 if (memcmp(m, m2, sizeof m) != 0) {
80 printf("m != m2 (adlen=0)\n");
81 }
82
83 if (crypto_aead_chacha20poly1305_decrypt(
84 m2, &m2len, NULL, c, crypto_aead_chacha20poly1305_ABYTES / 2, NULL,
85 0U, nonce, firstkey) != -1) {
86 printf("crypto_aead_chacha20poly1305_decrypt() worked with a short "
87 "ciphertext\n");
88 }
89 if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, 0U, NULL, 0U,
90 nonce, firstkey) != -1) {
91 printf("crypto_aead_chacha20poly1305_decrypt() worked with an empty "
92 "ciphertext\n");
93 }
94
95 memcpy(c, m, sizeof m);
96 crypto_aead_chacha20poly1305_encrypt(c, &clen, c, sizeof m, NULL, 0U, NULL,
97 nonce, firstkey);
98 if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
99 printf("clen is not properly set (adlen=0)\n");
100 }
101 for (i = 0U; i < sizeof c; ++i) {
102 printf(",0x%02x", (unsigned int)c[i]);
103 if (i % 8 == 7) {
104 printf("\n");
105 }
106 }
107 printf("\n");
108
109 if (crypto_aead_chacha20poly1305_decrypt(c, &m2len, NULL, c, sizeof c,
110 NULL, 0U, nonce, firstkey) != 0) {
111 printf("crypto_aead_chacha20poly1305_decrypt() failed (adlen=0)\n");
112 }
113 if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
114 printf("m2len is not properly set (adlen=0)\n");
115 }
116 if (memcmp(m, c, sizeof m) != 0) {
117 printf("m != c (adlen=0)\n");
118 }
119
120 assert(crypto_aead_chacha20poly1305_keybytes() > 0U);
121 assert(crypto_aead_chacha20poly1305_npubbytes() > 0U);
122 assert(crypto_aead_chacha20poly1305_nsecbytes() == 0U);
123
124 return 0;
125 }
126
127 static int
128 tv_ietf(void)
129 {
130 static unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES]
131 = {
132 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
133 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
134 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
135 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
136 };
137 #define MESSAGE "Ladies and Gentlemen of the class of '99: If I could offer you " \
138 "only one tip for the future, sunscreen would be it."
139 static unsigned char m[114U];
140 static unsigned char nonce[crypto_aead_chacha20poly1305_IETF_NPUBBYTES]
141 = { 0x07, 0x00, 0x00, 0x00,
142 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 };
143 static unsigned char ad[12U]
144 = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
145 static unsigned char c[114U + crypto_aead_chacha20poly1305_ABYTES];
146
147 unsigned char m2[114U];
148 unsigned long long clen;
149 unsigned long long m2len;
150 size_t i;
151
152 assert(sizeof MESSAGE - 1U == sizeof m);
153 memcpy(m, MESSAGE, sizeof m);
154 crypto_aead_chacha20poly1305_ietf_encrypt(c, &clen, m, sizeof m, ad, sizeof ad,
155 NULL, nonce, firstkey);
156 if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
157 printf("clen is not properly set\n");
158 }
159 for (i = 0U; i < sizeof c; ++i) {
160 printf(",0x%02x", (unsigned int)c[i]);
161 if (i % 8 == 7) {
162 printf("\n");
163 }
164 }
165 printf("\n");
166
167 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, sizeof c, ad,
168 sizeof ad, nonce, firstkey) != 0) {
169 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed\n");
170 }
171 if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
172 printf("m2len is not properly set\n");
173 }
174 if (memcmp(m, m2, sizeof m) != 0) {
175 printf("m != m2\n");
176 }
177
178 for (i = 0U; i < sizeof c; i++) {
179 c[i] ^= (i + 1U);
180 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, NULL, NULL, c, sizeof c,
181 ad, sizeof ad, nonce, firstkey)
182 == 0 || memcmp(m, m2, sizeof m) == 0) {
183 printf("message can be forged\n");
184 }
185 c[i] ^= (i + 1U);
186 }
187 crypto_aead_chacha20poly1305_ietf_encrypt(c, &clen, m, sizeof m, NULL, 0U, NULL,
188 nonce, firstkey);
189 if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
190 printf("clen is not properly set (adlen=0)\n");
191 }
192 for (i = 0U; i < sizeof c; ++i) {
193 printf(",0x%02x", (unsigned int)c[i]);
194 if (i % 8 == 7) {
195 printf("\n");
196 }
197 }
198 printf("\n");
199 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, sizeof c,
200 NULL, 0U, nonce, firstkey) != 0) {
201 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
202 }
203 if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
204 printf("m2len is not properly set (adlen=0)\n");
205 }
206 if (memcmp(m, m2, sizeof m) != 0) {
207 printf("m != m2 (adlen=0)\n");
208 }
209
210 if (crypto_aead_chacha20poly1305_ietf_decrypt(
211 m2, &m2len, NULL, c, crypto_aead_chacha20poly1305_ABYTES / 2, NULL,
212 0U, nonce, firstkey) != -1) {
213 printf("crypto_aead_chacha20poly1305_ietf_decrypt() worked with a short "
214 "ciphertext\n");
215 }
216 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, 0U, NULL, 0U,
217 nonce, firstkey) != -1) {
218 printf("crypto_aead_chacha20poly1305_ietf_decrypt() worked with an empty "
219 "ciphertext\n");
220 }
221
222 memcpy(c, m, sizeof m);
223 crypto_aead_chacha20poly1305_ietf_encrypt(c, &clen, c, sizeof m, NULL, 0U, NULL,
224 nonce, firstkey);
225 if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
226 printf("clen is not properly set (adlen=0)\n");
227 }
228 for (i = 0U; i < sizeof c; ++i) {
229 printf(",0x%02x", (unsigned int)c[i]);
230 if (i % 8 == 7) {
231 printf("\n");
232 }
233 }
234 printf("\n");
235
236 if (crypto_aead_chacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, sizeof c,
237 NULL, 0U, nonce, firstkey) != 0) {
238 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
239 }
240 if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
241 printf("m2len is not properly set (adlen=0)\n");
242 }
243 if (memcmp(m, c, sizeof m) != 0) {
244 printf("m != c (adlen=0)\n");
245 }
246
247 assert(crypto_aead_chacha20poly1305_keybytes() > 0U);
248 assert(crypto_aead_chacha20poly1305_ietf_npubbytes() > 0U);
249 assert(crypto_aead_chacha20poly1305_nsecbytes() == 0U);
250
251 return 0;
252 }
253
254 int
255 main(void)
256 {
257 tv();
258 tv_ietf();
259
260 return 0;
261 }
Tomato firmware and modifications.