+ test for aead_xchacha20poly1305

2017-02-18 22:10:02 +01:00 · 2017-02-18 22:10:02 +01:00 · 532ea6bd95
commit 532ea6bd95
parent 20d1d048fd
4 changed files with 249 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -81,6 +81,7 @@ test/default/*.res
 test/default/*.trs
 test/default/aead_aes256gcm
 test/default/aead_chacha20poly1305
+test/default/aead_xchacha20poly1305
 test/default/auth
 test/default/auth2
 test/default/auth3
--- a/test/default/Makefile.am
+++ b/test/default/Makefile.am
@ -5,6 +5,7 @@ EXTRA_DIST = \
 	pre.js.inc \
 	aead_aes256gcm.exp \
 	aead_chacha20poly1305.exp \
+	aead_xchacha20poly1305.exp \
 	auth.exp \
 	auth2.exp \
 	auth3.exp \
@ -68,6 +69,7 @@ EXTRA_DIST = \
 DISTCLEANFILES = \
 	aead_aes256gcm.res \
 	aead_chacha20poly1305.res \
+	aead_xchacha20poly1305.res \
 	auth.res \
 	auth2.res \
 	auth3.res \
@ -132,6 +134,7 @@ if NATIVECLIENT
 CLEANFILES = \
 	aead_aes256gcm.final \
 	aead_chacha20poly1305.final \
+	aead_xchacha20poly1305.final \
 	auth.final \
 	auth2.final \
 	auth3.final \
@ -188,8 +191,10 @@ CLEANFILES = \
 	stream3.final \
 	stream4.final \
 	verify1.final \
+	xchacha20.final \
 	aead_aes256gcm.nexe \
 	aead_chacha20poly1305.nexe \
+	aead_xchacha20poly1305.nexe \
 	auth.nexe \
 	auth2.nexe \
 	auth3.nexe \
@ -339,6 +344,9 @@ aead_aes256gcm_LDADD                  = $(TESTS_LDADD)
 aead_chacha20poly1305_SOURCE          = cmptest.h aead_chacha20poly1305.c
 aead_chacha20poly1305_LDADD           = $(TESTS_LDADD)

+aead_xchacha20poly1305_SOURCE         = cmptest.h aead_xchacha20poly1305.c
+aead_xchacha20poly1305_LDADD          = $(TESTS_LDADD)
+
 auth_SOURCE               = cmptest.h auth.c
 auth_LDADD                = $(TESTS_LDADD)

@ -515,6 +523,7 @@ xchacha20_LDADD           = $(TESTS_LDADD)

 if !MINIMAL
 TESTS_TARGETS += \
+	aead_xchacha20poly1305 \
 	xchacha20
 endif

--- a/test/default/aead_xchacha20poly1305.c
+++ b/test/default/aead_xchacha20poly1305.c
@ -0,0 +1,188 @@
+
+#define TEST_NAME "aead_xchacha20poly1305"
+#include "cmptest.h"
+
+static int
+tv(void)
+{
+#undef  MLEN
+#define MLEN 114U
+#undef  ADLEN
+#define ADLEN 12U
+#undef  CLEN
+#define CLEN (MLEN + crypto_aead_xchacha20poly1305_ietf_ABYTES)
+    static const unsigned char firstkey[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]
+        = {
+            0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+            0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+            0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+            0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
+        };
+#undef  MESSAGE
+#define MESSAGE "Ladies and Gentlemen of the class of '99: If I could offer you " \
+"only one tip for the future, sunscreen would be it."
+    unsigned char *m = (unsigned char *) sodium_malloc(MLEN);
+    static const unsigned char nonce[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES]
+        = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+            0x48, 0x49, 0x4a, 0x4b };
+    static const unsigned char ad[ADLEN]
+        = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
+    unsigned char *c = (unsigned char *) sodium_malloc(CLEN);
+    unsigned char *detached_c = (unsigned char *) sodium_malloc(MLEN);
+    unsigned char *mac = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_ABYTES);
+    unsigned char *m2 = (unsigned char *) sodium_malloc(MLEN);
+    unsigned long long found_clen;
+    unsigned long long found_maclen;
+    unsigned long long m2len;
+    size_t i;
+
+    assert(sizeof MESSAGE - 1U == MLEN);
+    memcpy(m, MESSAGE, MLEN);
+    crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN,
+                                              ad, ADLEN,
+                                              NULL, nonce, firstkey);
+    if (found_clen != MLEN + crypto_aead_xchacha20poly1305_ietf_abytes()) {
+        printf("found_clen is not properly set\n");
+    }
+    for (i = 0U; i < CLEN; ++i) {
+        printf(",0x%02x", (unsigned int) c[i]);
+        if (i % 8 == 7) {
+            printf("\n");
+        }
+    }
+    printf("\n");
+    crypto_aead_xchacha20poly1305_ietf_encrypt_detached(detached_c,
+                                                       mac, &found_maclen,
+                                                       m, MLEN,
+                                                       ad, ADLEN,
+                                                       NULL, nonce, firstkey);
+    if (found_maclen != crypto_aead_xchacha20poly1305_ietf_abytes()) {
+        printf("found_maclen is not properly set\n");
+    }
+    if (memcmp(detached_c, c, MLEN) != 0) {
+        printf("detached ciphertext is bogus\n");
+    }
+
+    if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN, ad,
+                                                  ADLEN, nonce, firstkey) != 0) {
+        printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed\n");
+    }
+    if (m2len != MLEN) {
+        printf("m2len is not properly set\n");
+    }
+    if (memcmp(m, m2, MLEN) != 0) {
+        printf("m != m2\n");
+    }
+    memset(m2, 0, m2len);
+    if (crypto_aead_xchacha20poly1305_ietf_decrypt_detached(m2, NULL,
+                                                           c, MLEN, mac,
+                                                           ad, ADLEN,
+                                                           nonce, firstkey) != 0) {
+        printf("crypto_aead_xchacha20poly1305_ietf_decrypt_detached() failed\n");
+    }
+    if (memcmp(m, m2, MLEN) != 0) {
+        printf("detached m != m2\n");
+    }
+
+    for (i = 0U; i < CLEN; i++) {
+        c[i] ^= (i + 1U);
+        if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, NULL, NULL, c, CLEN,
+                                                      ad, ADLEN, nonce, firstkey)
+            == 0 || memcmp(m, m2, MLEN) == 0) {
+            printf("message can be forged\n");
+        }
+        c[i] ^= (i + 1U);
+    }
+    crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN,
+                                              NULL, 0U, NULL, nonce, firstkey);
+    if (found_clen != CLEN) {
+        printf("clen is not properly set (adlen=0)\n");
+    }
+    for (i = 0U; i < CLEN; ++i) {
+        printf(",0x%02x", (unsigned int) c[i]);
+        if (i % 8 == 7) {
+            printf("\n");
+        }
+    }
+    printf("\n");
+    if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN,
+                                                  NULL, 0U, nonce, firstkey) != 0) {
+        printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
+    }
+    if (m2len != MLEN) {
+        printf("m2len is not properly set (adlen=0)\n");
+    }
+    if (memcmp(m, m2, MLEN) != 0) {
+        printf("m != m2 (adlen=0)\n");
+    }
+    m2len = 1;
+    if (crypto_aead_xchacha20poly1305_ietf_decrypt(
+            m2, &m2len, NULL, NULL,
+            randombytes_uniform(crypto_aead_xchacha20poly1305_ietf_ABYTES),
+            NULL, 0U, nonce, firstkey) != -1) {
+        printf("crypto_aead_xchacha20poly1305_ietf_decrypt() worked with a short "
+               "ciphertext\n");
+    }
+    if (m2len != 0) {
+        printf("Message length should have been set to zero after a failure\n");
+    }
+    m2len = 1;
+    if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, 0U, NULL, 0U,
+                                                  nonce, firstkey) != -1) {
+        printf("crypto_aead_xchacha20poly1305_ietf_decrypt() worked with an empty "
+               "ciphertext\n");
+    }
+    if (m2len != 0) {
+        printf("Message length should have been set to zero after a failure\n");
+    }
+
+    memcpy(c, m, MLEN);
+    crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, c, MLEN,
+                                              NULL, 0U, NULL, nonce, firstkey);
+    if (found_clen != CLEN) {
+        printf("clen is not properly set (adlen=0)\n");
+    }
+    for (i = 0U; i < CLEN; ++i) {
+        printf(",0x%02x", (unsigned int) c[i]);
+        if (i % 8 == 7) {
+            printf("\n");
+        }
+    }
+    printf("\n");
+
+    if (crypto_aead_xchacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN,
+                                                  NULL, 0U, nonce, firstkey) != 0) {
+        printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
+    }
+    if (m2len != MLEN) {
+        printf("m2len is not properly set (adlen=0)\n");
+    }
+    if (memcmp(m, c, MLEN) != 0) {
+        printf("m != c (adlen=0)\n");
+    }
+
+    sodium_free(c);
+    sodium_free(detached_c);
+    sodium_free(mac);
+    sodium_free(m2);
+    sodium_free(m);
+
+    assert(crypto_aead_xchacha20poly1305_ietf_keybytes() == crypto_aead_xchacha20poly1305_ietf_KEYBYTES);
+    assert(crypto_aead_xchacha20poly1305_ietf_npubbytes() == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
+    assert(crypto_aead_xchacha20poly1305_ietf_nsecbytes() == 0U);
+    assert(crypto_aead_xchacha20poly1305_ietf_nsecbytes() == crypto_aead_xchacha20poly1305_ietf_NSECBYTES);
+    assert(crypto_aead_xchacha20poly1305_IETF_KEYBYTES  == crypto_aead_xchacha20poly1305_ietf_KEYBYTES);
+    assert(crypto_aead_xchacha20poly1305_IETF_NSECBYTES == crypto_aead_xchacha20poly1305_ietf_NSECBYTES);
+    assert(crypto_aead_xchacha20poly1305_IETF_NPUBBYTES == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
+    assert(crypto_aead_xchacha20poly1305_IETF_ABYTES    == crypto_aead_xchacha20poly1305_ietf_ABYTES);
+
+    return 0;
+}
+
+int
+main(void)
+{
+    tv();
+
+    return 0;
+}
--- a/test/default/aead_xchacha20poly1305.exp
+++ b/test/default/aead_xchacha20poly1305.exp
@ -0,0 +1,51 @@
+,0x45,0x3c,0x06,0x93,0xa7,0x40,0x7f,0x04
+,0xff,0x4c,0x56,0xae,0xdb,0x17,0xa3,0xc0
+,0xa1,0xaf,0xff,0x01,0x17,0x49,0x30,0xfc
+,0x22,0x28,0x7c,0x33,0xdb,0xcf,0x0a,0xc8
+,0xb8,0x9a,0xd9,0x29,0x53,0x0a,0x1b,0xb3
+,0xab,0x5e,0x69,0xf2,0x4c,0x7f,0x60,0x70
+,0xc8,0xf8,0x40,0xc9,0xab,0xb4,0xf6,0x9f
+,0xbf,0xc8,0xa7,0xff,0x51,0x26,0xfa,0xee
+,0xbb,0xb5,0x58,0x05,0xee,0x9c,0x1c,0xf2
+,0xce,0x5a,0x57,0x26,0x32,0x87,0xae,0xc5
+,0x78,0x0f,0x04,0xec,0x32,0x4c,0x35,0x14
+,0x12,0x2c,0xfc,0x32,0x31,0xfc,0x1a,0x8b
+,0x71,0x8a,0x62,0x86,0x37,0x30,0xa2,0x70
+,0x2b,0xb7,0x63,0x66,0x11,0x6b,0xed,0x09
+,0xe0,0xfd,0x5c,0x6d,0x84,0xb6,0xb0,0xc1
+,0xab,0xaf,0x24,0x9d,0x5d,0xd0,0xf7,0xf5
+,0xa7,0xea
+,0x45,0x3c,0x06,0x93,0xa7,0x40,0x7f,0x04
+,0xff,0x4c,0x56,0xae,0xdb,0x17,0xa3,0xc0
+,0xa1,0xaf,0xff,0x01,0x17,0x49,0x30,0xfc
+,0x22,0x28,0x7c,0x33,0xdb,0xcf,0x0a,0xc8
+,0xb8,0x9a,0xd9,0x29,0x53,0x0a,0x1b,0xb3
+,0xab,0x5e,0x69,0xf2,0x4c,0x7f,0x60,0x70
+,0xc8,0xf8,0x40,0xc9,0xab,0xb4,0xf6,0x9f
+,0xbf,0xc8,0xa7,0xff,0x51,0x26,0xfa,0xee
+,0xbb,0xb5,0x58,0x05,0xee,0x9c,0x1c,0xf2
+,0xce,0x5a,0x57,0x26,0x32,0x87,0xae,0xc5
+,0x78,0x0f,0x04,0xec,0x32,0x4c,0x35,0x14
+,0x12,0x2c,0xfc,0x32,0x31,0xfc,0x1a,0x8b
+,0x71,0x8a,0x62,0x86,0x37,0x30,0xa2,0x70
+,0x2b,0xb7,0x63,0x66,0x11,0x6b,0xed,0x09
+,0xe0,0xfd,0xd4,0xc8,0x60,0xb7,0x07,0x4b
+,0xe8,0x94,0xfa,0xc9,0x69,0x73,0x99,0xbe
+,0x5c,0xc1
+,0x45,0x3c,0x06,0x93,0xa7,0x40,0x7f,0x04
+,0xff,0x4c,0x56,0xae,0xdb,0x17,0xa3,0xc0
+,0xa1,0xaf,0xff,0x01,0x17,0x49,0x30,0xfc
+,0x22,0x28,0x7c,0x33,0xdb,0xcf,0x0a,0xc8
+,0xb8,0x9a,0xd9,0x29,0x53,0x0a,0x1b,0xb3
+,0xab,0x5e,0x69,0xf2,0x4c,0x7f,0x60,0x70
+,0xc8,0xf8,0x40,0xc9,0xab,0xb4,0xf6,0x9f
+,0xbf,0xc8,0xa7,0xff,0x51,0x26,0xfa,0xee
+,0xbb,0xb5,0x58,0x05,0xee,0x9c,0x1c,0xf2
+,0xce,0x5a,0x57,0x26,0x32,0x87,0xae,0xc5
+,0x78,0x0f,0x04,0xec,0x32,0x4c,0x35,0x14
+,0x12,0x2c,0xfc,0x32,0x31,0xfc,0x1a,0x8b
+,0x71,0x8a,0x62,0x86,0x37,0x30,0xa2,0x70
+,0x2b,0xb7,0x63,0x66,0x11,0x6b,0xed,0x09
+,0xe0,0xfd,0xd4,0xc8,0x60,0xb7,0x07,0x4b
+,0xe8,0x94,0xfa,0xc9,0x69,0x73,0x99,0xbe
+,0x5c,0xc1