diff --git a/.gitignore b/.gitignore index bb859be4..4e0c76a5 100644 --- a/.gitignore +++ b/.gitignore @@ -81,6 +81,7 @@ test/default/*.res test/default/*.trs test/default/aead_aes256gcm test/default/aead_chacha20poly1305 +test/default/aead_xchacha20poly1305 test/default/auth test/default/auth2 test/default/auth3 diff --git a/test/default/Makefile.am b/test/default/Makefile.am index 5a6bc118..726dc9c6 100644 --- a/test/default/Makefile.am +++ b/test/default/Makefile.am @@ -5,6 +5,7 @@ EXTRA_DIST = \ pre.js.inc \ aead_aes256gcm.exp \ aead_chacha20poly1305.exp \ + aead_xchacha20poly1305.exp \ auth.exp \ auth2.exp \ auth3.exp \ @@ -68,6 +69,7 @@ EXTRA_DIST = \ DISTCLEANFILES = \ aead_aes256gcm.res \ aead_chacha20poly1305.res \ + aead_xchacha20poly1305.res \ auth.res \ auth2.res \ auth3.res \ @@ -132,6 +134,7 @@ if NATIVECLIENT CLEANFILES = \ aead_aes256gcm.final \ aead_chacha20poly1305.final \ + aead_xchacha20poly1305.final \ auth.final \ auth2.final \ auth3.final \ @@ -188,8 +191,10 @@ CLEANFILES = \ stream3.final \ stream4.final \ verify1.final \ + xchacha20.final \ aead_aes256gcm.nexe \ aead_chacha20poly1305.nexe \ + aead_xchacha20poly1305.nexe \ auth.nexe \ auth2.nexe \ auth3.nexe \ @@ -339,6 +344,9 @@ aead_aes256gcm_LDADD = $(TESTS_LDADD) aead_chacha20poly1305_SOURCE = cmptest.h aead_chacha20poly1305.c aead_chacha20poly1305_LDADD = $(TESTS_LDADD) +aead_xchacha20poly1305_SOURCE = cmptest.h aead_xchacha20poly1305.c +aead_xchacha20poly1305_LDADD = $(TESTS_LDADD) + auth_SOURCE = cmptest.h auth.c auth_LDADD = $(TESTS_LDADD) @@ -515,6 +523,7 @@ xchacha20_LDADD = $(TESTS_LDADD) if !MINIMAL TESTS_TARGETS += \ + aead_xchacha20poly1305 \ xchacha20 endif diff --git a/test/default/aead_xchacha20poly1305.c b/test/default/aead_xchacha20poly1305.c new file mode 100644 index 00000000..de2d445d --- /dev/null +++ b/test/default/aead_xchacha20poly1305.c @@ -0,0 +1,188 @@ + +#define TEST_NAME "aead_xchacha20poly1305" +#include "cmptest.h" + +static int +tv(void) +{ +#undef MLEN +#define MLEN 114U +#undef ADLEN +#define ADLEN 12U +#undef CLEN +#define CLEN (MLEN + crypto_aead_xchacha20poly1305_ietf_ABYTES) + static const unsigned char firstkey[crypto_aead_xchacha20poly1305_ietf_KEYBYTES] + = { + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f + }; +#undef MESSAGE +#define MESSAGE "Ladies and Gentlemen of the class of '99: If I could offer you " \ +"only one tip for the future, sunscreen would be it." + unsigned char *m = (unsigned char *) sodium_malloc(MLEN); + static const unsigned char nonce[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES] + = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b }; + static const unsigned char ad[ADLEN] + = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; + unsigned char *c = (unsigned char *) sodium_malloc(CLEN); + unsigned char *detached_c = (unsigned char *) sodium_malloc(MLEN); + unsigned char *mac = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_ABYTES); + unsigned char *m2 = (unsigned char *) sodium_malloc(MLEN); + unsigned long long found_clen; + unsigned long long found_maclen; + unsigned long long m2len; + size_t i; + + assert(sizeof MESSAGE - 1U == MLEN); + memcpy(m, MESSAGE, MLEN); + crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN, + ad, ADLEN, + NULL, nonce, firstkey); + if (found_clen != MLEN + crypto_aead_xchacha20poly1305_ietf_abytes()) { + printf("found_clen is not properly set\n"); + } + for (i = 0U; i < CLEN; ++i) { + printf(",0x%02x", (unsigned int) c[i]); + if (i % 8 == 7) { + printf("\n"); + } + } + printf("\n"); + crypto_aead_xchacha20poly1305_ietf_encrypt_detached(detached_c, + mac, &found_maclen, + m, MLEN, + ad, ADLEN, + NULL, nonce, firstkey); + if (found_maclen != crypto_aead_xchacha20poly1305_ietf_abytes()) { + printf("found_maclen is not properly set\n"); + } + if (memcmp(detached_c, c, MLEN) != 0) { + printf("detached ciphertext is bogus\n"); + } + + if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN, ad, + ADLEN, nonce, firstkey) != 0) { + printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed\n"); + } + if (m2len != MLEN) { + printf("m2len is not properly set\n"); + } + if (memcmp(m, m2, MLEN) != 0) { + printf("m != m2\n"); + } + memset(m2, 0, m2len); + if (crypto_aead_xchacha20poly1305_ietf_decrypt_detached(m2, NULL, + c, MLEN, mac, + ad, ADLEN, + nonce, firstkey) != 0) { + printf("crypto_aead_xchacha20poly1305_ietf_decrypt_detached() failed\n"); + } + if (memcmp(m, m2, MLEN) != 0) { + printf("detached m != m2\n"); + } + + for (i = 0U; i < CLEN; i++) { + c[i] ^= (i + 1U); + if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, NULL, NULL, c, CLEN, + ad, ADLEN, nonce, firstkey) + == 0 || memcmp(m, m2, MLEN) == 0) { + printf("message can be forged\n"); + } + c[i] ^= (i + 1U); + } + crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN, + NULL, 0U, NULL, nonce, firstkey); + if (found_clen != CLEN) { + printf("clen is not properly set (adlen=0)\n"); + } + for (i = 0U; i < CLEN; ++i) { + printf(",0x%02x", (unsigned int) c[i]); + if (i % 8 == 7) { + printf("\n"); + } + } + printf("\n"); + if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN, + NULL, 0U, nonce, firstkey) != 0) { + printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed (adlen=0)\n"); + } + if (m2len != MLEN) { + printf("m2len is not properly set (adlen=0)\n"); + } + if (memcmp(m, m2, MLEN) != 0) { + printf("m != m2 (adlen=0)\n"); + } + m2len = 1; + if (crypto_aead_xchacha20poly1305_ietf_decrypt( + m2, &m2len, NULL, NULL, + randombytes_uniform(crypto_aead_xchacha20poly1305_ietf_ABYTES), + NULL, 0U, nonce, firstkey) != -1) { + printf("crypto_aead_xchacha20poly1305_ietf_decrypt() worked with a short " + "ciphertext\n"); + } + if (m2len != 0) { + printf("Message length should have been set to zero after a failure\n"); + } + m2len = 1; + if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, 0U, NULL, 0U, + nonce, firstkey) != -1) { + printf("crypto_aead_xchacha20poly1305_ietf_decrypt() worked with an empty " + "ciphertext\n"); + } + if (m2len != 0) { + printf("Message length should have been set to zero after a failure\n"); + } + + memcpy(c, m, MLEN); + crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, c, MLEN, + NULL, 0U, NULL, nonce, firstkey); + if (found_clen != CLEN) { + printf("clen is not properly set (adlen=0)\n"); + } + for (i = 0U; i < CLEN; ++i) { + printf(",0x%02x", (unsigned int) c[i]); + if (i % 8 == 7) { + printf("\n"); + } + } + printf("\n"); + + if (crypto_aead_xchacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN, + NULL, 0U, nonce, firstkey) != 0) { + printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed (adlen=0)\n"); + } + if (m2len != MLEN) { + printf("m2len is not properly set (adlen=0)\n"); + } + if (memcmp(m, c, MLEN) != 0) { + printf("m != c (adlen=0)\n"); + } + + sodium_free(c); + sodium_free(detached_c); + sodium_free(mac); + sodium_free(m2); + sodium_free(m); + + assert(crypto_aead_xchacha20poly1305_ietf_keybytes() == crypto_aead_xchacha20poly1305_ietf_KEYBYTES); + assert(crypto_aead_xchacha20poly1305_ietf_npubbytes() == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES); + assert(crypto_aead_xchacha20poly1305_ietf_nsecbytes() == 0U); + assert(crypto_aead_xchacha20poly1305_ietf_nsecbytes() == crypto_aead_xchacha20poly1305_ietf_NSECBYTES); + assert(crypto_aead_xchacha20poly1305_IETF_KEYBYTES == crypto_aead_xchacha20poly1305_ietf_KEYBYTES); + assert(crypto_aead_xchacha20poly1305_IETF_NSECBYTES == crypto_aead_xchacha20poly1305_ietf_NSECBYTES); + assert(crypto_aead_xchacha20poly1305_IETF_NPUBBYTES == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES); + assert(crypto_aead_xchacha20poly1305_IETF_ABYTES == crypto_aead_xchacha20poly1305_ietf_ABYTES); + + return 0; +} + +int +main(void) +{ + tv(); + + return 0; +} diff --git a/test/default/aead_xchacha20poly1305.exp b/test/default/aead_xchacha20poly1305.exp new file mode 100644 index 00000000..e5d73b3b --- /dev/null +++ b/test/default/aead_xchacha20poly1305.exp @@ -0,0 +1,51 @@ +,0x45,0x3c,0x06,0x93,0xa7,0x40,0x7f,0x04 +,0xff,0x4c,0x56,0xae,0xdb,0x17,0xa3,0xc0 +,0xa1,0xaf,0xff,0x01,0x17,0x49,0x30,0xfc +,0x22,0x28,0x7c,0x33,0xdb,0xcf,0x0a,0xc8 +,0xb8,0x9a,0xd9,0x29,0x53,0x0a,0x1b,0xb3 +,0xab,0x5e,0x69,0xf2,0x4c,0x7f,0x60,0x70 +,0xc8,0xf8,0x40,0xc9,0xab,0xb4,0xf6,0x9f +,0xbf,0xc8,0xa7,0xff,0x51,0x26,0xfa,0xee +,0xbb,0xb5,0x58,0x05,0xee,0x9c,0x1c,0xf2 +,0xce,0x5a,0x57,0x26,0x32,0x87,0xae,0xc5 +,0x78,0x0f,0x04,0xec,0x32,0x4c,0x35,0x14 +,0x12,0x2c,0xfc,0x32,0x31,0xfc,0x1a,0x8b +,0x71,0x8a,0x62,0x86,0x37,0x30,0xa2,0x70 +,0x2b,0xb7,0x63,0x66,0x11,0x6b,0xed,0x09 +,0xe0,0xfd,0x5c,0x6d,0x84,0xb6,0xb0,0xc1 +,0xab,0xaf,0x24,0x9d,0x5d,0xd0,0xf7,0xf5 +,0xa7,0xea +,0x45,0x3c,0x06,0x93,0xa7,0x40,0x7f,0x04 +,0xff,0x4c,0x56,0xae,0xdb,0x17,0xa3,0xc0 +,0xa1,0xaf,0xff,0x01,0x17,0x49,0x30,0xfc +,0x22,0x28,0x7c,0x33,0xdb,0xcf,0x0a,0xc8 +,0xb8,0x9a,0xd9,0x29,0x53,0x0a,0x1b,0xb3 +,0xab,0x5e,0x69,0xf2,0x4c,0x7f,0x60,0x70 +,0xc8,0xf8,0x40,0xc9,0xab,0xb4,0xf6,0x9f +,0xbf,0xc8,0xa7,0xff,0x51,0x26,0xfa,0xee +,0xbb,0xb5,0x58,0x05,0xee,0x9c,0x1c,0xf2 +,0xce,0x5a,0x57,0x26,0x32,0x87,0xae,0xc5 +,0x78,0x0f,0x04,0xec,0x32,0x4c,0x35,0x14 +,0x12,0x2c,0xfc,0x32,0x31,0xfc,0x1a,0x8b +,0x71,0x8a,0x62,0x86,0x37,0x30,0xa2,0x70 +,0x2b,0xb7,0x63,0x66,0x11,0x6b,0xed,0x09 +,0xe0,0xfd,0xd4,0xc8,0x60,0xb7,0x07,0x4b +,0xe8,0x94,0xfa,0xc9,0x69,0x73,0x99,0xbe +,0x5c,0xc1 +,0x45,0x3c,0x06,0x93,0xa7,0x40,0x7f,0x04 +,0xff,0x4c,0x56,0xae,0xdb,0x17,0xa3,0xc0 +,0xa1,0xaf,0xff,0x01,0x17,0x49,0x30,0xfc +,0x22,0x28,0x7c,0x33,0xdb,0xcf,0x0a,0xc8 +,0xb8,0x9a,0xd9,0x29,0x53,0x0a,0x1b,0xb3 +,0xab,0x5e,0x69,0xf2,0x4c,0x7f,0x60,0x70 +,0xc8,0xf8,0x40,0xc9,0xab,0xb4,0xf6,0x9f +,0xbf,0xc8,0xa7,0xff,0x51,0x26,0xfa,0xee +,0xbb,0xb5,0x58,0x05,0xee,0x9c,0x1c,0xf2 +,0xce,0x5a,0x57,0x26,0x32,0x87,0xae,0xc5 +,0x78,0x0f,0x04,0xec,0x32,0x4c,0x35,0x14 +,0x12,0x2c,0xfc,0x32,0x31,0xfc,0x1a,0x8b +,0x71,0x8a,0x62,0x86,0x37,0x30,0xa2,0x70 +,0x2b,0xb7,0x63,0x66,0x11,0x6b,0xed,0x09 +,0xe0,0xfd,0xd4,0xc8,0x60,0xb7,0x07,0x4b +,0xe8,0x94,0xfa,0xc9,0x69,0x73,0x99,0xbe +,0x5c,0xc1