2 #define TEST_NAME "aead_chacha20poly1305"
8 static unsigned char firstkey
[crypto_aead_chacha20poly1305_KEYBYTES
]
9 = { 0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
10 0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
11 0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07 };
12 static unsigned char m
[10U]
13 = { 0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca };
14 static unsigned char nonce
[crypto_aead_chacha20poly1305_NPUBBYTES
]
15 = { 0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a };
16 static unsigned char ad
[10U]
17 = { 0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0 };
18 static unsigned char c
[10U + crypto_aead_chacha20poly1305_ABYTES
];
20 unsigned char m2
[10U];
21 unsigned long long clen
;
22 unsigned long long m2len
;
25 crypto_aead_chacha20poly1305_encrypt(c
, &clen
, m
, sizeof m
, ad
, sizeof ad
,
26 NULL
, nonce
, firstkey
);
27 if (clen
!= sizeof m
+ crypto_aead_chacha20poly1305_abytes()) {
28 printf("clen is not properly set\n");
30 for (i
= 0U; i
< sizeof c
; ++i
) {
31 printf(",0x%02x", (unsigned int)c
[i
]);
38 if (crypto_aead_chacha20poly1305_decrypt(m2
, &m2len
, NULL
, c
, sizeof c
, ad
,
39 sizeof ad
, nonce
, firstkey
) != 0) {
40 printf("crypto_aead_chacha20poly1305_decrypt() failed\n");
42 if (m2len
!= sizeof c
- crypto_aead_chacha20poly1305_abytes()) {
43 printf("m2len is not properly set\n");
45 if (memcmp(m
, m2
, sizeof m
) != 0) {
49 for (i
= 0U; i
< sizeof c
; i
++) {
51 if (crypto_aead_chacha20poly1305_decrypt(m2
, NULL
, NULL
, c
, sizeof c
,
52 ad
, sizeof ad
, nonce
, firstkey
)
53 == 0 || memcmp(m
, m2
, sizeof m
) == 0) {
54 printf("message can be forged\n");
59 crypto_aead_chacha20poly1305_encrypt(c
, &clen
, m
, sizeof m
, NULL
, 0U, NULL
,
61 if (clen
!= sizeof m
+ crypto_aead_chacha20poly1305_abytes()) {
62 printf("clen is not properly set (adlen=0)\n");
64 for (i
= 0U; i
< sizeof c
; ++i
) {
65 printf(",0x%02x", (unsigned int)c
[i
]);
72 if (crypto_aead_chacha20poly1305_decrypt(m2
, &m2len
, NULL
, c
, sizeof c
,
73 NULL
, 0U, nonce
, firstkey
) != 0) {
74 printf("crypto_aead_chacha20poly1305_decrypt() failed (adlen=0)\n");
76 if (m2len
!= sizeof c
- crypto_aead_chacha20poly1305_abytes()) {
77 printf("m2len is not properly set (adlen=0)\n");
79 if (memcmp(m
, m2
, sizeof m
) != 0) {
80 printf("m != m2 (adlen=0)\n");
83 if (crypto_aead_chacha20poly1305_decrypt(
84 m2
, &m2len
, NULL
, c
, crypto_aead_chacha20poly1305_ABYTES
/ 2, NULL
,
85 0U, nonce
, firstkey
) != -1) {
86 printf("crypto_aead_chacha20poly1305_decrypt() worked with a short "
89 if (crypto_aead_chacha20poly1305_decrypt(m2
, &m2len
, NULL
, c
, 0U, NULL
, 0U,
90 nonce
, firstkey
) != -1) {
91 printf("crypto_aead_chacha20poly1305_decrypt() worked with an empty "
95 memcpy(c
, m
, sizeof m
);
96 crypto_aead_chacha20poly1305_encrypt(c
, &clen
, c
, sizeof m
, NULL
, 0U, NULL
,
98 if (clen
!= sizeof m
+ crypto_aead_chacha20poly1305_abytes()) {
99 printf("clen is not properly set (adlen=0)\n");
101 for (i
= 0U; i
< sizeof c
; ++i
) {
102 printf(",0x%02x", (unsigned int)c
[i
]);
109 if (crypto_aead_chacha20poly1305_decrypt(c
, &m2len
, NULL
, c
, sizeof c
,
110 NULL
, 0U, nonce
, firstkey
) != 0) {
111 printf("crypto_aead_chacha20poly1305_decrypt() failed (adlen=0)\n");
113 if (m2len
!= sizeof c
- crypto_aead_chacha20poly1305_abytes()) {
114 printf("m2len is not properly set (adlen=0)\n");
116 if (memcmp(m
, c
, sizeof m
) != 0) {
117 printf("m != c (adlen=0)\n");
120 assert(crypto_aead_chacha20poly1305_keybytes() > 0U);
121 assert(crypto_aead_chacha20poly1305_npubbytes() > 0U);
122 assert(crypto_aead_chacha20poly1305_nsecbytes() == 0U);
130 static unsigned char firstkey
[crypto_aead_chacha20poly1305_KEYBYTES
]
132 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
133 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
134 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
135 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
137 #define MESSAGE "Ladies and Gentlemen of the class of '99: If I could offer you " \
138 "only one tip for the future, sunscreen would be it."
139 static unsigned char m
[114U];
140 static unsigned char nonce
[crypto_aead_chacha20poly1305_IETF_NPUBBYTES
]
141 = { 0x07, 0x00, 0x00, 0x00,
142 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 };
143 static unsigned char ad
[12U]
144 = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
145 static unsigned char c
[114U + crypto_aead_chacha20poly1305_ABYTES
];
147 unsigned char m2
[114U];
148 unsigned long long clen
;
149 unsigned long long m2len
;
152 assert(sizeof MESSAGE
- 1U == sizeof m
);
153 memcpy(m
, MESSAGE
, sizeof m
);
154 crypto_aead_chacha20poly1305_ietf_encrypt(c
, &clen
, m
, sizeof m
, ad
, sizeof ad
,
155 NULL
, nonce
, firstkey
);
156 if (clen
!= sizeof m
+ crypto_aead_chacha20poly1305_abytes()) {
157 printf("clen is not properly set\n");
159 for (i
= 0U; i
< sizeof c
; ++i
) {
160 printf(",0x%02x", (unsigned int)c
[i
]);
167 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2
, &m2len
, NULL
, c
, sizeof c
, ad
,
168 sizeof ad
, nonce
, firstkey
) != 0) {
169 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed\n");
171 if (m2len
!= sizeof c
- crypto_aead_chacha20poly1305_abytes()) {
172 printf("m2len is not properly set\n");
174 if (memcmp(m
, m2
, sizeof m
) != 0) {
178 for (i
= 0U; i
< sizeof c
; i
++) {
180 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2
, NULL
, NULL
, c
, sizeof c
,
181 ad
, sizeof ad
, nonce
, firstkey
)
182 == 0 || memcmp(m
, m2
, sizeof m
) == 0) {
183 printf("message can be forged\n");
187 crypto_aead_chacha20poly1305_ietf_encrypt(c
, &clen
, m
, sizeof m
, NULL
, 0U, NULL
,
189 if (clen
!= sizeof m
+ crypto_aead_chacha20poly1305_abytes()) {
190 printf("clen is not properly set (adlen=0)\n");
192 for (i
= 0U; i
< sizeof c
; ++i
) {
193 printf(",0x%02x", (unsigned int)c
[i
]);
199 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2
, &m2len
, NULL
, c
, sizeof c
,
200 NULL
, 0U, nonce
, firstkey
) != 0) {
201 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
203 if (m2len
!= sizeof c
- crypto_aead_chacha20poly1305_abytes()) {
204 printf("m2len is not properly set (adlen=0)\n");
206 if (memcmp(m
, m2
, sizeof m
) != 0) {
207 printf("m != m2 (adlen=0)\n");
210 if (crypto_aead_chacha20poly1305_ietf_decrypt(
211 m2
, &m2len
, NULL
, c
, crypto_aead_chacha20poly1305_ABYTES
/ 2, NULL
,
212 0U, nonce
, firstkey
) != -1) {
213 printf("crypto_aead_chacha20poly1305_ietf_decrypt() worked with a short "
216 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2
, &m2len
, NULL
, c
, 0U, NULL
, 0U,
217 nonce
, firstkey
) != -1) {
218 printf("crypto_aead_chacha20poly1305_ietf_decrypt() worked with an empty "
222 memcpy(c
, m
, sizeof m
);
223 crypto_aead_chacha20poly1305_ietf_encrypt(c
, &clen
, c
, sizeof m
, NULL
, 0U, NULL
,
225 if (clen
!= sizeof m
+ crypto_aead_chacha20poly1305_abytes()) {
226 printf("clen is not properly set (adlen=0)\n");
228 for (i
= 0U; i
< sizeof c
; ++i
) {
229 printf(",0x%02x", (unsigned int)c
[i
]);
236 if (crypto_aead_chacha20poly1305_ietf_decrypt(c
, &m2len
, NULL
, c
, sizeof c
,
237 NULL
, 0U, nonce
, firstkey
) != 0) {
238 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
240 if (m2len
!= sizeof c
- crypto_aead_chacha20poly1305_abytes()) {
241 printf("m2len is not properly set (adlen=0)\n");
243 if (memcmp(m
, c
, sizeof m
) != 0) {
244 printf("m != c (adlen=0)\n");
247 assert(crypto_aead_chacha20poly1305_keybytes() > 0U);
248 assert(crypto_aead_chacha20poly1305_ietf_npubbytes() > 0U);
249 assert(crypto_aead_chacha20poly1305_nsecbytes() == 0U);