2 #define TEST_NAME "aead_chacha20poly1305"
13 #define CLEN (MLEN + crypto_aead_chacha20poly1305_ABYTES)
14 static const unsigned char firstkey
[crypto_aead_chacha20poly1305_KEYBYTES
]
15 = { 0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
16 0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
17 0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07 };
18 static const unsigned char m
[MLEN
]
19 = { 0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca };
20 static const unsigned char nonce
[crypto_aead_chacha20poly1305_NPUBBYTES
]
21 = { 0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a };
22 static const unsigned char ad
[ADLEN
]
23 = { 0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0 };
24 unsigned char *c
= (unsigned char *) sodium_malloc(CLEN
);
25 unsigned char *detached_c
= (unsigned char *) sodium_malloc(MLEN
);
26 unsigned char *mac
= (unsigned char *) sodium_malloc(crypto_aead_chacha20poly1305_ABYTES
);
27 unsigned char *m2
= (unsigned char *) sodium_malloc(MLEN
);
28 unsigned long long found_clen
;
29 unsigned long long found_maclen
;
30 unsigned long long m2len
;
33 crypto_aead_chacha20poly1305_encrypt(c
, &found_clen
, m
, MLEN
,
35 NULL
, nonce
, firstkey
);
36 if (found_clen
!= CLEN
) {
37 printf("found_clen is not properly set\n");
39 for (i
= 0U; i
< CLEN
; ++i
) {
40 printf(",0x%02x", (unsigned int) c
[i
]);
46 crypto_aead_chacha20poly1305_encrypt_detached(detached_c
,
49 NULL
, nonce
, firstkey
);
50 if (found_maclen
!= crypto_aead_chacha20poly1305_abytes()) {
51 printf("found_maclen is not properly set\n");
53 if (memcmp(detached_c
, c
, MLEN
) != 0) {
54 printf("detached ciphertext is bogus\n");
57 if (crypto_aead_chacha20poly1305_decrypt(m2
, &m2len
, NULL
, c
, CLEN
,
59 nonce
, firstkey
) != 0) {
60 printf("crypto_aead_chacha20poly1305_decrypt() failed\n");
63 printf("m2len is not properly set\n");
65 if (memcmp(m
, m2
, MLEN
) != 0) {
69 if (crypto_aead_chacha20poly1305_decrypt_detached(m2
, NULL
,
72 nonce
, firstkey
) != 0) {
73 printf("crypto_aead_chacha20poly1305_decrypt_detached() failed\n");
75 if (memcmp(m
, m2
, MLEN
) != 0) {
76 printf("detached m != m2\n");
79 for (i
= 0U; i
< CLEN
; i
++) {
81 if (crypto_aead_chacha20poly1305_decrypt(m2
, NULL
, NULL
, c
, CLEN
,
82 ad
, ADLEN
, nonce
, firstkey
)
83 == 0 || memcmp(m
, m2
, MLEN
) == 0) {
84 printf("message can be forged\n");
89 crypto_aead_chacha20poly1305_encrypt(c
, &found_clen
, m
, MLEN
,
90 NULL
, 0U, NULL
, nonce
, firstkey
);
91 if (found_clen
!= CLEN
) {
92 printf("found_clen is not properly set (adlen=0)\n");
94 for (i
= 0U; i
< CLEN
; ++i
) {
95 printf(",0x%02x", (unsigned int) c
[i
]);
102 if (crypto_aead_chacha20poly1305_decrypt(m2
, &m2len
, NULL
, c
, CLEN
,
103 NULL
, 0U, nonce
, firstkey
) != 0) {
104 printf("crypto_aead_chacha20poly1305_decrypt() failed (adlen=0)\n");
107 printf("m2len is not properly set (adlen=0)\n");
109 if (memcmp(m
, m2
, MLEN
) != 0) {
110 printf("m != m2 (adlen=0)\n");
113 if (crypto_aead_chacha20poly1305_decrypt(
114 m2
, &m2len
, NULL
, NULL
,
115 randombytes_uniform(crypto_aead_chacha20poly1305_ABYTES
),
116 NULL
, 0U, nonce
, firstkey
) != -1) {
117 printf("crypto_aead_chacha20poly1305_decrypt() worked with a short "
121 printf("Message length should have been set to zero after a failure\n");
124 if (crypto_aead_chacha20poly1305_decrypt(m2
, &m2len
, NULL
, c
, 0U, NULL
, 0U,
125 nonce
, firstkey
) != -1) {
126 printf("crypto_aead_chacha20poly1305_decrypt() worked with an empty "
130 printf("Message length should have been set to zero after a failure\n");
134 crypto_aead_chacha20poly1305_encrypt(c
, &found_clen
, c
, MLEN
,
135 NULL
, 0U, NULL
, nonce
, firstkey
);
136 if (found_clen
!= CLEN
) {
137 printf("found_clen is not properly set (adlen=0)\n");
139 for (i
= 0U; i
< CLEN
; ++i
) {
140 printf(",0x%02x", (unsigned int) c
[i
]);
147 if (crypto_aead_chacha20poly1305_decrypt(c
, &m2len
, NULL
, c
, CLEN
,
148 NULL
, 0U, nonce
, firstkey
) != 0) {
149 printf("crypto_aead_chacha20poly1305_decrypt() failed (adlen=0)\n");
152 printf("m2len is not properly set (adlen=0)\n");
154 if (memcmp(m
, c
, MLEN
) != 0) {
155 printf("m != c (adlen=0)\n");
159 sodium_free(detached_c
);
163 assert(crypto_aead_chacha20poly1305_keybytes() > 0U);
164 assert(crypto_aead_chacha20poly1305_npubbytes() > 0U);
165 assert(crypto_aead_chacha20poly1305_nsecbytes() == 0U);
178 #define CLEN (MLEN + crypto_aead_chacha20poly1305_ietf_ABYTES)
179 static const unsigned char firstkey
[crypto_aead_chacha20poly1305_ietf_KEYBYTES
]
181 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
182 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
183 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
184 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
187 #define MESSAGE "Ladies and Gentlemen of the class of '99: If I could offer you " \
188 "only one tip for the future, sunscreen would be it."
189 unsigned char *m
= (unsigned char *) sodium_malloc(MLEN
);
190 static const unsigned char nonce
[crypto_aead_chacha20poly1305_ietf_NPUBBYTES
]
191 = { 0x07, 0x00, 0x00, 0x00,
192 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 };
193 static const unsigned char ad
[ADLEN
]
194 = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
195 unsigned char *c
= (unsigned char *) sodium_malloc(CLEN
);
196 unsigned char *detached_c
= (unsigned char *) sodium_malloc(MLEN
);
197 unsigned char *mac
= (unsigned char *) sodium_malloc(crypto_aead_chacha20poly1305_ietf_ABYTES
);
198 unsigned char *m2
= (unsigned char *) sodium_malloc(MLEN
);
199 unsigned long long found_clen
;
200 unsigned long long found_maclen
;
201 unsigned long long m2len
;
204 assert(sizeof MESSAGE
- 1U == MLEN
);
205 memcpy(m
, MESSAGE
, MLEN
);
206 crypto_aead_chacha20poly1305_ietf_encrypt(c
, &found_clen
, m
, MLEN
,
208 NULL
, nonce
, firstkey
);
209 if (found_clen
!= MLEN
+ crypto_aead_chacha20poly1305_ietf_abytes()) {
210 printf("found_clen is not properly set\n");
212 for (i
= 0U; i
< CLEN
; ++i
) {
213 printf(",0x%02x", (unsigned int) c
[i
]);
219 crypto_aead_chacha20poly1305_ietf_encrypt_detached(detached_c
,
223 NULL
, nonce
, firstkey
);
224 if (found_maclen
!= crypto_aead_chacha20poly1305_ietf_abytes()) {
225 printf("found_maclen is not properly set\n");
227 if (memcmp(detached_c
, c
, MLEN
) != 0) {
228 printf("detached ciphertext is bogus\n");
231 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2
, &m2len
, NULL
, c
, CLEN
, ad
,
232 ADLEN
, nonce
, firstkey
) != 0) {
233 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed\n");
236 printf("m2len is not properly set\n");
238 if (memcmp(m
, m2
, MLEN
) != 0) {
241 memset(m2
, 0, m2len
);
242 if (crypto_aead_chacha20poly1305_ietf_decrypt_detached(m2
, NULL
,
245 nonce
, firstkey
) != 0) {
246 printf("crypto_aead_chacha20poly1305_ietf_decrypt_detached() failed\n");
248 if (memcmp(m
, m2
, MLEN
) != 0) {
249 printf("detached m != m2\n");
252 for (i
= 0U; i
< CLEN
; i
++) {
254 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2
, NULL
, NULL
, c
, CLEN
,
255 ad
, ADLEN
, nonce
, firstkey
)
256 == 0 || memcmp(m
, m2
, MLEN
) == 0) {
257 printf("message can be forged\n");
261 crypto_aead_chacha20poly1305_ietf_encrypt(c
, &found_clen
, m
, MLEN
,
262 NULL
, 0U, NULL
, nonce
, firstkey
);
263 if (found_clen
!= CLEN
) {
264 printf("clen is not properly set (adlen=0)\n");
266 for (i
= 0U; i
< CLEN
; ++i
) {
267 printf(",0x%02x", (unsigned int) c
[i
]);
273 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2
, &m2len
, NULL
, c
, CLEN
,
274 NULL
, 0U, nonce
, firstkey
) != 0) {
275 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
278 printf("m2len is not properly set (adlen=0)\n");
280 if (memcmp(m
, m2
, MLEN
) != 0) {
281 printf("m != m2 (adlen=0)\n");
284 if (crypto_aead_chacha20poly1305_ietf_decrypt(
285 m2
, &m2len
, NULL
, NULL
,
286 randombytes_uniform(crypto_aead_chacha20poly1305_ietf_ABYTES
),
287 NULL
, 0U, nonce
, firstkey
) != -1) {
288 printf("crypto_aead_chacha20poly1305_ietf_decrypt() worked with a short "
292 printf("Message length should have been set to zero after a failure\n");
295 if (crypto_aead_chacha20poly1305_ietf_decrypt(m2
, &m2len
, NULL
, c
, 0U, NULL
, 0U,
296 nonce
, firstkey
) != -1) {
297 printf("crypto_aead_chacha20poly1305_ietf_decrypt() worked with an empty "
301 printf("Message length should have been set to zero after a failure\n");
305 crypto_aead_chacha20poly1305_ietf_encrypt(c
, &found_clen
, c
, MLEN
,
306 NULL
, 0U, NULL
, nonce
, firstkey
);
307 if (found_clen
!= CLEN
) {
308 printf("clen is not properly set (adlen=0)\n");
310 for (i
= 0U; i
< CLEN
; ++i
) {
311 printf(",0x%02x", (unsigned int) c
[i
]);
318 if (crypto_aead_chacha20poly1305_ietf_decrypt(c
, &m2len
, NULL
, c
, CLEN
,
319 NULL
, 0U, nonce
, firstkey
) != 0) {
320 printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
323 printf("m2len is not properly set (adlen=0)\n");
325 if (memcmp(m
, c
, MLEN
) != 0) {
326 printf("m != c (adlen=0)\n");
330 sodium_free(detached_c
);
335 assert(crypto_aead_chacha20poly1305_ietf_keybytes() > 0U);
336 assert(crypto_aead_chacha20poly1305_ietf_keybytes() == crypto_aead_chacha20poly1305_keybytes());
337 assert(crypto_aead_chacha20poly1305_ietf_npubbytes() > 0U);
338 assert(crypto_aead_chacha20poly1305_ietf_npubbytes() > crypto_aead_chacha20poly1305_npubbytes());
339 assert(crypto_aead_chacha20poly1305_ietf_nsecbytes() == 0U);
340 assert(crypto_aead_chacha20poly1305_ietf_nsecbytes() == crypto_aead_chacha20poly1305_nsecbytes());
341 assert(crypto_aead_chacha20poly1305_IETF_KEYBYTES
== crypto_aead_chacha20poly1305_ietf_KEYBYTES
);
342 assert(crypto_aead_chacha20poly1305_IETF_NSECBYTES
== crypto_aead_chacha20poly1305_ietf_NSECBYTES
);
343 assert(crypto_aead_chacha20poly1305_IETF_NPUBBYTES
== crypto_aead_chacha20poly1305_ietf_NPUBBYTES
);
344 assert(crypto_aead_chacha20poly1305_IETF_ABYTES
== crypto_aead_chacha20poly1305_ietf_ABYTES
);