int
crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k)
{
if (mlen > SIZE_MAX - crypto_box_curve25519xchacha20poly1305_MACBYTES) {
return -1;
}
return crypto_box_curve25519xchacha20poly1305_detached_afternm(
c + crypto_box_curve25519xchacha20poly1305_MACBYTES, c, m, mlen, n, k);
}
int
crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
unsigned char *mac,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
{
unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES];
int ret;
(void) sizeof(int[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES
>= crypto_secretbox_xchacha20poly1305_KEYBYTES ?
1 : -1]);
if (crypto_box_curve25519xchacha20poly1305_beforenm(k, pk, sk) != 0) {
return -1;
}
ret = crypto_box_curve25519xchacha20poly1305_detached_afternm(c, mac, m,
mlen, n, k);
sodium_memzero(k, sizeof k);
return ret;
}
static void
tv_box_xchacha20poly1305(void)
{
char hex[65];
unsigned char *pk;
unsigned char *sk;
unsigned char *m;
unsigned char *m2;
unsigned char *mac;
unsigned char *nonce;
unsigned char *out;
unsigned char *pc;
unsigned char *seed;
size_t m_len;
int i;
pk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
sk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
nonce = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
mac = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_MACBYTES);
pc = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
for (i = 0; i < 10; i++) {
m_len = (i == 0) ? 0 : randombytes_uniform(150);
m = (unsigned char *) sodium_malloc(m_len);
m2 = (unsigned char *) sodium_malloc(m_len);
out = (unsigned char *) sodium_malloc
(crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len);
randombytes_buf(nonce, crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
randombytes_buf(m, m_len);
assert(crypto_box_curve25519xchacha20poly1305_keypair(pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, m_len, nonce,
pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_easy
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
nonce, pk, sk) == 0);
assert(memcmp(m2, m, m_len) == 0);
sodium_free(out);
out = (unsigned char *) sodium_malloc
(crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len);
assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_easy_afternm
(out, m, m_len, nonce, pc) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
nonce, pc) == 0);
assert(memcmp(m2, m, m_len) == 0);
sodium_free(out);
out = (unsigned char *) sodium_malloc(m_len);
assert(crypto_box_curve25519xchacha20poly1305_detached(out, mac, m, m_len,
nonce, pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_detached
(m2, out, mac, m_len, nonce, pk, sk) == 0);
sodium_free(out);
out = (unsigned char *) sodium_malloc(m_len);
assert(crypto_box_curve25519xchacha20poly1305_detached_afternm
(out, mac, m, m_len, nonce, pc) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_detached_afternm
(m2, out, mac, m_len, nonce, pc) == 0);
sodium_free(out);
sodium_free(m2);
sodium_free(m);
}
sodium_free(pc);
sodium_free(mac);
sodium_free(nonce);
seed = (unsigned char *) sodium_malloc
(crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
for (i = 0; i < crypto_box_curve25519xchacha20poly1305_SEEDBYTES; i++) {
seed[i] = i;
}
crypto_box_curve25519xchacha20poly1305_seed_keypair(pk, sk, seed);
sodium_bin2hex(hex, sizeof hex, pk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
assert(strcmp(hex, "4701d08488451f545a409fb58ae3e58581ca40ac3f7f114698cd71deac73ca01") == 0);
sodium_bin2hex(hex, sizeof hex, sk, crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
assert(strcmp(hex, "3d94eea49c580aef816935762be049559d6d1440dede12e6a125f1841fff8e6f") == 0);
sodium_free(seed);
sodium_free(sk);
sodium_free(pk);
assert(crypto_box_curve25519xchacha20poly1305_seedbytes() == crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
assert(crypto_box_curve25519xchacha20poly1305_publickeybytes() == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
printf("tv_box_xchacha20poly1305: ok\n");
}