search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
libsodium: updated to 1.0.10
[tomato.git] / release / src / router / libsodium / test / default / aead_chacha20poly1305.c
blob8d1b3aaeba7bbc7207a19ca7a2e539f1a96aef62
1
2 #define TEST_NAME "aead_chacha20poly1305"
3 #include "cmptest.h"
4
5 static int
6 tv(void)
7 {
8 #undef MLEN
9 #define MLEN 10U
10 #undef ADLEN
11 #define ADLEN 10U
12 #undef CLEN
13 #define CLEN (MLEN + crypto_aead_chacha20poly1305_ABYTES)
14 static const unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES]
15 = { 0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
16 0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
17 0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07 };
18 static const unsigned char m[MLEN]
19 = { 0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca };
20 static const unsigned char nonce[crypto_aead_chacha20poly1305_NPUBBYTES]
21 = { 0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a };
22 static const unsigned char ad[ADLEN]
23 = { 0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0 };
24 unsigned char *c = (unsigned char *) sodium_malloc(CLEN);
25 unsigned char *detached_c = (unsigned char *) sodium_malloc(MLEN);
26 unsigned char *mac = (unsigned char *) sodium_malloc(crypto_aead_chacha20poly1305_ABYTES);
27 unsigned char *m2 = (unsigned char *) sodium_malloc(MLEN);
28 unsigned long long found_clen;
29 unsigned long long found_maclen;
30 unsigned long long m2len;
31 size_t i;
32
33 crypto_aead_chacha20poly1305_encrypt(c, &found_clen, m, MLEN,
34 ad, ADLEN,
35 NULL, nonce, firstkey);
36 if (found_clen != CLEN) {
37 printf("found_clen is not properly set\n");
38 }
39 for (i = 0U; i < CLEN; ++i) {
40 printf(",0x%02x", (unsigned int) c[i]);
41 if (i % 8 == 7) {
42 printf("\n");
43 }
44 }
45 printf("\n");
46 crypto_aead_chacha20poly1305_encrypt_detached(detached_c,
47 mac, &found_maclen,
48 m, MLEN, ad, ADLEN,
49 NULL, nonce, firstkey);
50 if (found_maclen != crypto_aead_chacha20poly1305_abytes()) {
51 printf("found_maclen is not properly set\n");
52 }
53 if (memcmp(detached_c, c, MLEN) != 0) {
54 printf("detached ciphertext is bogus\n");
55 }
56
57 if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, CLEN,
58 ad, ADLEN,
59 nonce, firstkey) != 0) {
60 printf("crypto_aead_chacha20poly1305_decrypt() failed\n");
61 }
62 if (m2len != MLEN) {
63 printf("m2len is not properly set\n");
64 }
65 if (memcmp(m, m2, MLEN) != 0) {
66 printf("m != m2\n");
67 }
68 memset(m2, 0, m2len);
69 if (crypto_aead_chacha20poly1305_decrypt_detached(m2, NULL,
70 c, MLEN, mac,
71 ad, ADLEN,
72 nonce, firstkey) != 0) {
73 printf("crypto_aead_chacha20poly1305_decrypt_detached() failed\n");
74 }
75 if (memcmp(m, m2, MLEN) != 0) {
76 printf("detached m != m2\n");
77 }
78
79 for (i = 0U; i < CLEN; i++) {
80 c[i] ^= (i + 1U);
81 if (crypto_aead_chacha20poly1305_decrypt(m2, NULL, NULL, c, CLEN,
82 ad, ADLEN, nonce, firstkey)
83 == 0 || memcmp(m, m2, MLEN) == 0) {
84 printf("message can be forged\n");
85 }
86 c[i] ^= (i + 1U);
87 }
88
89 crypto_aead_chacha20poly1305_encrypt(c, &found_clen, m, MLEN,
90 NULL, 0U, NULL, nonce, firstkey);
91 if (found_clen != CLEN) {
92 printf("found_clen is not properly set (adlen=0)\n");
93 }
94 for (i = 0U; i < CLEN; ++i) {
95 printf(",0x%02x", (unsigned int) c[i]);
96 if (i % 8 == 7) {
97 printf("\n");
98 }
99 }
100 printf("\n");
101
102 if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, CLEN,
103 NULL, 0U, nonce, firstkey) != 0) {
104 printf("crypto_aead_chacha20poly1305_decrypt() failed (adlen=0)\n");
105 }
106 if (m2len != MLEN) {
107 printf("m2len is not properly set (adlen=0)\n");
108 }
109 if (memcmp(m, m2, MLEN) != 0) {
110 printf("m != m2 (adlen=0)\n");
111 }
112 m2len = 1;
113 if (crypto_aead_chacha20poly1305_decrypt(
114 m2, &m2len, NULL, NULL,
115 randombytes_uniform(crypto_aead_chacha20poly1305_ABYTES),
116 NULL, 0U, nonce, firstkey) != -1) {
117 printf("crypto_aead_chacha20poly1305_decrypt() worked with a short "
118 "ciphertext\n");
119 }
120 if (m2len != 0) {
121 printf("Message length should have been set to zero after a failure\n");
122 }
123 m2len = 1;
124 if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, 0U, NULL, 0U,
125 nonce, firstkey) != -1) {
126 printf("crypto_aead_chacha20poly1305_decrypt() worked with an empty "
127 "ciphertext\n");
128 }
129 if (m2len != 0) {
130 printf("Message length should have been set to zero after a failure\n");
131 }
132
133 memcpy(c, m, MLEN);
134 crypto_aead_chacha20poly1305_encrypt(c, &found_clen, c, MLEN,
135 NULL, 0U, NULL, nonce, firstkey);
136 if (found_clen != CLEN) {
137 printf("found_clen is not properly set (adlen=0)\n");
138 }
139 for (i = 0U; i < CLEN; ++i) {
140 printf(",0x%02x", (unsigned int) c[i]);
141 if (i % 8 == 7) {
142 printf("\n");
143 }
144 }
145 printf("\n");
146
147 if (crypto_aead_chacha20poly1305_decrypt(c, &m2len, NULL, c, CLEN,
148 NULL, 0U, nonce, firstkey) != 0) {
149 printf("crypto_aead_chacha20poly1305_decrypt() failed (adlen=0)\n");
150 }
151 if (m2len != MLEN) {
152 printf("m2len is not properly set (adlen=0)\n");
153 }
154 if (memcmp(m, c, MLEN) != 0) {
155 printf("m != c (adlen=0)\n");
156 }
157
158 sodium_free(c);
159 sodium_free(detached_c);
160 sodium_free(mac);
161 sodium_free(m2);
162
163 assert(crypto_aead_chacha20poly1305_keybytes() > 0U);
164 assert(crypto_aead_chacha20poly1305_npubbytes() > 0U);
165 assert(crypto_aead_chacha20poly1305_nsecbytes() == 0U);
166
167 return 0;
168 }
169
170 static int
171 tv_ietf(void)
172 {
173 #undef MLEN
174 #define MLEN 114U
175 #undef ADLEN
176 #define ADLEN 12U
177 #undef CLEN
178 #define CLEN (MLEN + crypto_aead_chacha20poly1305_ietf_ABYTES)
179 static const unsigned char firstkey[crypto_aead_chacha20poly1305_ietf_KEYBYTES]
180 = {
181 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
182 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
183 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
184 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
185 };
186 #undef MESSAGE
187 #define MESSAGE "Ladies and Gentlemen of the class of '99: If I could offer you " \
188 "only one tip for the future, sunscreen would be it."
189 unsigned char *m = (unsigned char *) sodium_malloc(MLEN);
190 static const unsigned char nonce[crypto_aead_chacha20poly1305_ietf_NPUBBYTES]
191 = { 0x07, 0x00, 0x00, 0x00,
192 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 };
193 static const unsigned char ad[ADLEN]
194 = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
195 unsigned char *c = (unsigned char *) sodium_malloc(CLEN);
196 unsigned char *detached_c = (unsigned char *) sodium_malloc(MLEN);
197 unsigned char *mac = (unsigned char *) sodium_malloc(crypto_aead_chacha20poly1305_ietf_ABYTES);
198 unsigned char *m2 = (unsigned char *) sodium_malloc(MLEN);
199 unsigned long long found_clen;
200 unsigned long long found_maclen;
201 unsigned long long m2len;
202 size_t i;
203
204 assert(sizeof MESSAGE - 1U == MLEN);
205 memcpy(m, MESSAGE, MLEN);
206 crypto_aead_chacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN,
207 ad, ADLEN,
208 NULL, nonce, firstkey);
209 if (found_clen != MLEN + crypto_aead_chacha20poly1305_ietf_abytes()) {
210 printf("found_clen is not properly set\n");
211 }
212 for (i = 0U; i < CLEN; ++i) {
213 printf(",0x%02x", (unsigned int) c[i]);
214 if (i % 8 == 7) {
215 printf("\n");
216 }
217 }
218 printf("\n");
219 crypto_aead_chacha20poly1305_ietf_encrypt_detached(detached_c,
220 mac, &found_maclen,
221 m, MLEN,
222 ad, ADLEN,
223 NULL, nonce, firstkey);
224 if (found_maclen != crypto_aead_chacha20poly1305_ietf_abytes()) {
225 printf("found_maclen is not properly set\n");
226 }
227 if (memcmp(detached_c, c, MLEN) != 0) {
228 printf("detached ciphertext is bogus\n");
229 }
230
231 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN, ad,
232 ADLEN, nonce, firstkey) != 0) {
233 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed\n");
234 }
235 if (m2len != MLEN) {
236 printf("m2len is not properly set\n");
237 }
238 if (memcmp(m, m2, MLEN) != 0) {
239 printf("m != m2\n");
240 }
241 memset(m2, 0, m2len);
242 if (crypto_aead_chacha20poly1305_ietf_decrypt_detached(m2, NULL,
243 c, MLEN, mac,
244 ad, ADLEN,
245 nonce, firstkey) != 0) {
246 printf("crypto_aead_chacha20poly1305_ietf_decrypt_detached() failed\n");
247 }
248 if (memcmp(m, m2, MLEN) != 0) {
249 printf("detached m != m2\n");
250 }
251
252 for (i = 0U; i < CLEN; i++) {
253 c[i] ^= (i + 1U);
254 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, NULL, NULL, c, CLEN,
255 ad, ADLEN, nonce, firstkey)
256 == 0 || memcmp(m, m2, MLEN) == 0) {
257 printf("message can be forged\n");
258 }
259 c[i] ^= (i + 1U);
260 }
261 crypto_aead_chacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN,
262 NULL, 0U, NULL, nonce, firstkey);
263 if (found_clen != CLEN) {
264 printf("clen is not properly set (adlen=0)\n");
265 }
266 for (i = 0U; i < CLEN; ++i) {
267 printf(",0x%02x", (unsigned int) c[i]);
268 if (i % 8 == 7) {
269 printf("\n");
270 }
271 }
272 printf("\n");
273 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN,
274 NULL, 0U, nonce, firstkey) != 0) {
275 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
276 }
277 if (m2len != MLEN) {
278 printf("m2len is not properly set (adlen=0)\n");
279 }
280 if (memcmp(m, m2, MLEN) != 0) {
281 printf("m != m2 (adlen=0)\n");
282 }
283 m2len = 1;
284 if (crypto_aead_chacha20poly1305_ietf_decrypt(
285 m2, &m2len, NULL, NULL,
286 randombytes_uniform(crypto_aead_chacha20poly1305_ietf_ABYTES),
287 NULL, 0U, nonce, firstkey) != -1) {
288 printf("crypto_aead_chacha20poly1305_ietf_decrypt() worked with a short "
289 "ciphertext\n");
290 }
291 if (m2len != 0) {
292 printf("Message length should have been set to zero after a failure\n");
293 }
294 m2len = 1;
295 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, 0U, NULL, 0U,
296 nonce, firstkey) != -1) {
297 printf("crypto_aead_chacha20poly1305_ietf_decrypt() worked with an empty "
298 "ciphertext\n");
299 }
300 if (m2len != 0) {
301 printf("Message length should have been set to zero after a failure\n");
302 }
303
304 memcpy(c, m, MLEN);
305 crypto_aead_chacha20poly1305_ietf_encrypt(c, &found_clen, c, MLEN,
306 NULL, 0U, NULL, nonce, firstkey);
307 if (found_clen != CLEN) {
308 printf("clen is not properly set (adlen=0)\n");
309 }
310 for (i = 0U; i < CLEN; ++i) {
311 printf(",0x%02x", (unsigned int) c[i]);
312 if (i % 8 == 7) {
313 printf("\n");
314 }
315 }
316 printf("\n");
317
318 if (crypto_aead_chacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN,
319 NULL, 0U, nonce, firstkey) != 0) {
320 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
321 }
322 if (m2len != MLEN) {
323 printf("m2len is not properly set (adlen=0)\n");
324 }
325 if (memcmp(m, c, MLEN) != 0) {
326 printf("m != c (adlen=0)\n");
327 }
328
329 sodium_free(c);
330 sodium_free(detached_c);
331 sodium_free(mac);
332 sodium_free(m2);
333 sodium_free(m);
334
335 assert(crypto_aead_chacha20poly1305_ietf_keybytes() > 0U);
336 assert(crypto_aead_chacha20poly1305_ietf_keybytes() == crypto_aead_chacha20poly1305_keybytes());
337 assert(crypto_aead_chacha20poly1305_ietf_npubbytes() > 0U);
338 assert(crypto_aead_chacha20poly1305_ietf_npubbytes() > crypto_aead_chacha20poly1305_npubbytes());
339 assert(crypto_aead_chacha20poly1305_ietf_nsecbytes() == 0U);
340 assert(crypto_aead_chacha20poly1305_ietf_nsecbytes() == crypto_aead_chacha20poly1305_nsecbytes());
341 assert(crypto_aead_chacha20poly1305_IETF_KEYBYTES == crypto_aead_chacha20poly1305_ietf_KEYBYTES);
342 assert(crypto_aead_chacha20poly1305_IETF_NSECBYTES == crypto_aead_chacha20poly1305_ietf_NSECBYTES);
343 assert(crypto_aead_chacha20poly1305_IETF_NPUBBYTES == crypto_aead_chacha20poly1305_ietf_NPUBBYTES);
344 assert(crypto_aead_chacha20poly1305_IETF_ABYTES == crypto_aead_chacha20poly1305_ietf_ABYTES);
345
346 return 0;
347 }
348
349 int
350 main(void)
351 {
352 tv();
353 tv_ietf();
354
355 return 0;
356 }
Tomato firmware and modifications.