Add a couple tests for crypto_secretstream_*()

.gitignore

@@ -134,6 +134,7 @@ test/default/secretbox7
 test/default/secretbox8
 test/default/secretbox_easy
 test/default/secretbox_easy2
+test/default/secretstream
 test/default/shorthash
 test/default/sign
 test/default/siphashx24

src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c

@@ -33,8 +33,10 @@ crypto_secretstream_xchacha20poly1305_init_push
     unsigned char out[crypto_secretstream_xchacha20poly1305_INITBYTES],
     const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
 {
-    randombytes_buf(out, crypto_core_hchacha20_INPUTBYTES +
+    COMPILER_ASSERT(crypto_secretstream_xchacha20poly1305_INITBYTES ==
-                    crypto_secretstream_xchacha20poly1305_INONCEBYTES);
+                    crypto_core_hchacha20_INPUTBYTES + crypto_secretstream_xchacha20poly1305_INONCEBYTES);
+
+    randombytes_buf(out, crypto_secretstream_xchacha20poly1305_INITBYTES);
     crypto_core_hchacha20(state->k, out, k, NULL);
     memcpy(state->nonce, out + crypto_core_hchacha20_INPUTBYTES,
            crypto_secretstream_xchacha20poly1305_INONCEBYTES);

test/default/Makefile.am

@@ -57,6 +57,7 @@ EXTRA_DIST = \
 	secretbox8.exp \
 	secretbox_easy.exp \
 	secretbox_easy2.exp \
+	secretstream.exp \
 	shorthash.exp \
 	sign.exp \
 	siphashx24.exp \
@@ -127,6 +128,7 @@ DISTCLEANFILES = \
 	secretbox8.res \
 	secretbox_easy.res \
 	secretbox_easy2.res \
+	secretstream.res \
 	shorthash.res \
 	sign.res \
 	siphashx24.res \
@@ -198,6 +200,7 @@ CLEANFILES = \
 	secretbox8.final \
 	secretbox_easy.final \
 	secretbox_easy2.final \
+	secretstream.final \
 	shorthash.final \
 	sign.final \
 	siphashx24.final \
@@ -264,6 +267,7 @@ CLEANFILES = \
 	secretbox8.nexe \
 	secretbox_easy.nexe \
 	secretbox_easy2.nexe \
+	secretstream.nexe \
 	shorthash.nexe \
 	sign.nexe \
 	siphashx24.nexe \
@@ -340,6 +344,7 @@ TESTS_TARGETS = \
 	secretbox8 \
 	secretbox_easy \
 	secretbox_easy2 \
+	secretstream \
 	shorthash \
 	sign \
 	sodium_core \
@@ -525,6 +530,9 @@ secretbox_easy_LDADD      = $(TESTS_LDADD)
 secretbox_easy2_SOURCE    = cmptest.h secretbox_easy2.c
 secretbox_easy2_LDADD     = $(TESTS_LDADD)
 
+secretstream_SOURCE       = cmptest.h secretstream.c
+secretstream_LDADD        = $(TESTS_LDADD)
+
 shorthash_SOURCE          = cmptest.h shorthash.c
 shorthash_LDADD           = $(TESTS_LDADD)
 

test/default/secretstream.c

@@ -0,0 +1,181 @@
+
+#define TEST_NAME "secretstream"
+#include "cmptest.h"
+
+int
+main(void)
+{
+    crypto_secretstream_xchacha20poly1305_state *state;
+    unsigned char *header;
+    unsigned char *k;
+    unsigned char *c1, *c2, *c3;
+    unsigned char *m1, *m2, *m3;
+    unsigned char *m1_, *m2_, *m3_;
+    size_t         m1_len, m2_len, m3_len;
+    int            ret;
+    unsigned char  tag;
+
+    state = (crypto_secretstream_xchacha20poly1305_state *)
+        sodium_malloc(crypto_secretstream_xchacha20poly1305_statebytes());
+    header = (unsigned char *)
+        sodium_malloc(crypto_secretstream_xchacha20poly1305_INITBYTES);
+
+    m1_len = randombytes_uniform(1000);
+    m2_len = randombytes_uniform(1000);
+    m3_len = randombytes_uniform(1000);
+
+    c1 = (unsigned char *)
+        sodium_malloc(m1_len + crypto_secretstream_xchacha20poly1305_ABYTES);
+    c2 = (unsigned char *)
+        sodium_malloc(m2_len + crypto_secretstream_xchacha20poly1305_ABYTES);
+    c3 = (unsigned char *)
+        sodium_malloc(m3_len + crypto_secretstream_xchacha20poly1305_ABYTES);
+
+    m1  = (unsigned char *) sodium_malloc(m1_len);
+    m2  = (unsigned char *) sodium_malloc(m2_len);
+    m3  = (unsigned char *) sodium_malloc(m3_len);
+    m1_ = (unsigned char *) sodium_malloc(m1_len);
+    m2_ = (unsigned char *) sodium_malloc(m2_len);
+    m3_ = (unsigned char *) sodium_malloc(m3_len);
+
+    randombytes_buf(m1, m1_len);
+    memcpy(m1_, m1, m1_len);
+    randombytes_buf(m2, m2_len);
+    memcpy(m2_, m2, m2_len);
+    randombytes_buf(m3, m3_len);
+    memcpy(m3_, m3, m3_len);
+
+    k = (unsigned char *)
+        sodium_malloc(crypto_secretstream_xchacha20poly1305_KEYBYTES);
+    crypto_secretstream_xchacha20poly1305_keygen(k);
+
+    /* push */
+
+    ret = crypto_secretstream_xchacha20poly1305_init_push(state, header, k);
+    assert(ret == 0);
+
+    ret = crypto_secretstream_xchacha20poly1305_push
+        (state, c1, NULL, m1, m1_len, NULL, 0, 0);
+    assert(ret == 0);
+
+    ret = crypto_secretstream_xchacha20poly1305_push
+        (state, c2, NULL, m2, m2_len, NULL, 0, 0);
+    assert(ret == 0);
+
+    ret = crypto_secretstream_xchacha20poly1305_push
+        (state, c3, NULL, m3, m3_len, NULL, 0,
+         crypto_secretstream_xchacha20poly1305_TAG_FINAL);
+    assert(ret == 0);
+
+    /* pull */
+
+    ret = crypto_secretstream_xchacha20poly1305_init_pull(state, header, k);
+    assert(ret == 0);
+
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m1, NULL, &tag,
+         c1, m1_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0);
+    assert(ret == 0);
+    assert(tag == 0);
+    assert(memcmp(m1, m1_, m1_len) == 0);
+
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m2, NULL, &tag,
+         c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0);
+    assert(ret == 0);
+    assert(tag == 0);
+    assert(memcmp(m2, m2_, m2_len) == 0);
+
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m3, NULL, &tag,
+         c3, m3_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0);
+    assert(ret == 0);
+    assert(tag == crypto_secretstream_xchacha20poly1305_TAG_FINAL);
+    assert(memcmp(m3, m3_, m3_len) == 0);
+
+    /* previous with FINAL tag */
+
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m3, NULL, &tag,
+         c3, m3_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0);
+    assert(ret == -1);
+
+    /* previous without a tag */
+
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m2, NULL, &tag,
+         c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0);
+    assert(ret == -1);
+
+    /* without explicit rekeying */
+
+    ret = crypto_secretstream_xchacha20poly1305_init_push(state, header, k);
+    assert(ret == 0);
+    ret = crypto_secretstream_xchacha20poly1305_push
+        (state, c1, NULL, m1, m1_len, NULL, 0, 0);
+    assert(ret == 0);
+    ret = crypto_secretstream_xchacha20poly1305_push
+        (state, c2, NULL, m2, m2_len, NULL, 0, 0);
+    assert(ret == 0);
+
+    ret = crypto_secretstream_xchacha20poly1305_init_pull(state, header, k);
+    assert(ret == 0);
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m1, NULL, &tag,
+         c1, m1_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0);
+    assert(ret == 0);
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m2, NULL, &tag,
+         c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0);
+    assert(ret == 0);
+
+    /* with explicit rekeying */
+
+    ret = crypto_secretstream_xchacha20poly1305_init_push(state, header, k);
+    assert(ret == 0);
+    ret = crypto_secretstream_xchacha20poly1305_push
+        (state, c1, NULL, m1, m1_len, NULL, 0, 0);
+    assert(ret == 0);
+
+    crypto_secretstream_xchacha20poly1305_rekey(state);
+
+    ret = crypto_secretstream_xchacha20poly1305_push
+        (state, c2, NULL, m2, m2_len, NULL, 0, 0);
+    assert(ret == 0);
+
+    ret = crypto_secretstream_xchacha20poly1305_init_pull(state, header, k);
+    assert(ret == 0);
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m1, NULL, &tag,
+         c1, m1_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0);
+    assert(ret == 0);
+
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m2, NULL, &tag,
+         c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0);
+    assert(ret == -1);
+
+    crypto_secretstream_xchacha20poly1305_rekey(state);
+
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m2, NULL, &tag,
+         c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0);
+    assert(ret == 0);
+
+    sodium_free(m3_);
+    sodium_free(m2_);
+    sodium_free(m1_);
+    sodium_free(m3);
+    sodium_free(m2);
+    sodium_free(m1);
+    sodium_free(c3);
+    sodium_free(c2);
+    sodium_free(c1);
+    sodium_free(k);
+    sodium_free(header);
+    sodium_free(state);
+    
+    printf("OK\n");
+
+    return 0;
+}

test/default/secretstream.exp

@@ -0,0 +1 @@
+OK