secretstream: add a test for rekeying using TAG_REKEY

2017-12-06 11:45:47 +00:00 · 2017-12-06 11:45:47 +00:00 · e89c43edf6
commit e89c43edf6
parent 18e2038fbb
1 changed files with 51 additions and 2 deletions
--- a/test/default/secretstream.c
+++ b/test/default/secretstream.c
@ -5,12 +5,12 @@
 int
 main(void)
 {
-    crypto_secretstream_xchacha20poly1305_state *state;
+    crypto_secretstream_xchacha20poly1305_state *state, *statesave;
    crypto_secretstream_xchacha20poly1305_state state_copy;
    unsigned char      *ad;
    unsigned char      *header;
    unsigned char      *k;
-    unsigned char      *c1, *c2, *c3;
+    unsigned char      *c1, *c2, *c3, *csave;
    unsigned char      *m1, *m2, *m3;
    unsigned char      *m1_, *m2_, *m3_;
    unsigned long long  res_len;
@ -21,6 +21,8 @@ main(void)

    state = (crypto_secretstream_xchacha20poly1305_state *)
        sodium_malloc(crypto_secretstream_xchacha20poly1305_statebytes());
+    statesave = (crypto_secretstream_xchacha20poly1305_state *)
+        sodium_malloc(crypto_secretstream_xchacha20poly1305_statebytes());
    header = (unsigned char *)
        sodium_malloc(crypto_secretstream_xchacha20poly1305_HEADERBYTES);

@ -35,6 +37,8 @@ main(void)
        sodium_malloc(m2_len + crypto_secretstream_xchacha20poly1305_ABYTES);
    c3 = (unsigned char *)
        sodium_malloc(m3_len + crypto_secretstream_xchacha20poly1305_ABYTES);
+    csave = (unsigned char *)
+        sodium_malloc((m1_len | m2_len | m3_len) + crypto_secretstream_xchacha20poly1305_ABYTES);

    ad  = (unsigned char *) sodium_malloc(ad_len);
    m1  = (unsigned char *) sodium_malloc(m1_len);
@ -196,6 +200,49 @@ main(void)
         c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0);
    assert(ret == 0);

+    /* with explicit rekeying using TAG_REKEY */
+
+    ret = crypto_secretstream_xchacha20poly1305_init_push(state, header, k);
+    assert(ret == 0);
+
+    memcpy(statesave, state, sizeof *state);
+
+    ret = crypto_secretstream_xchacha20poly1305_push
+        (state, c1, NULL, m1, m1_len, NULL, 0, crypto_secretstream_xchacha20poly1305_TAG_REKEY);
+    assert(ret == 0);
+
+    ret = crypto_secretstream_xchacha20poly1305_push
+        (state, c2, NULL, m2, m2_len, NULL, 0, 0);
+    assert(ret == 0);
+
+    memcpy(csave, c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES);
+
+    ret = crypto_secretstream_xchacha20poly1305_init_pull(state, header, k);
+    assert(ret == 0);
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m1, NULL, &tag,
+         c1, m1_len + crypto_secretstream_xchacha20poly1305_ABYTES, &tag, 0);
+    assert(ret == 0);
+    assert(tag == crypto_secretstream_xchacha20poly1305_TAG_REKEY);
+
+    ret = crypto_secretstream_xchacha20poly1305_pull
+        (state, m2, NULL, &tag,
+         c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES, &tag, 0);
+    assert(ret == 0);
+    assert(tag == 0);
+
+    memcpy(state, statesave, sizeof *state);
+
+    ret = crypto_secretstream_xchacha20poly1305_push
+        (state, c1, NULL, m1, m1_len, NULL, 0, 0);
+    assert(ret == 0);
+
+    ret = crypto_secretstream_xchacha20poly1305_push
+        (state, c2, NULL, m2, m2_len, NULL, 0, 0);
+    assert(ret == 0);
+
+    assert(memcmp(csave, c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES) != 0);
+
    /* New stream */

    ret = crypto_secretstream_xchacha20poly1305_init_push(state, header, k);
@ -249,11 +296,13 @@ main(void)
    sodium_free(m2);
    sodium_free(m1);
    sodium_free(ad);
+    sodium_free(csave);
    sodium_free(c3);
    sodium_free(c2);
    sodium_free(c1);
    sodium_free(k);
    sodium_free(header);
+    sodium_free(statesave);
    sodium_free(state);

    assert(crypto_secretstream_xchacha20poly1305_abytes() ==