int main(void)
{
void *buf;
size_t size;
unsigned int i;
if (sodium_malloc(SIZE_MAX - 1U) != NULL) {
return 1;
}
if (sodium_allocarray(SIZE_MAX / 2U + 1U, SIZE_MAX / 2U) != NULL) {
return 1;
}
sodium_free(sodium_allocarray(0U, 0U));
sodium_free(sodium_allocarray(0U, 1U));
sodium_free(sodium_allocarray(1U, 0U));
buf = sodium_allocarray(1000U, 50U);
memset(buf, 0, 50000U);
sodium_free(buf);
sodium_free(sodium_malloc(0U));
sodium_free(NULL);
for (i = 0U; i < 10000U; i++) {
size = randombytes_uniform(100000U);
buf = sodium_malloc(size);
assert(buf != NULL);
memset(buf, i, size);
sodium_mprotect_noaccess(buf);
sodium_free(buf);
}
printf("OK\n");
#ifdef SIGSEGV
signal(SIGSEGV, segv_handler);
#endif
#ifdef SIGBUS
signal(SIGBUS, segv_handler);
#endif
#ifdef SIGABRT
signal(SIGABRT, segv_handler);
#endif
size = randombytes_uniform(100000U);
buf = sodium_malloc(size);
assert(buf != NULL);
sodium_mprotect_readonly(buf);
sodium_mprotect_readwrite(buf);
#ifndef __EMSCRIPTEN__
sodium_memzero(((unsigned char *)buf) + size, 1U);
sodium_mprotect_noaccess(buf);
sodium_free(buf);
printf("Overflow not caught\n");
#endif
return 0;
}
int
main(void)
{
size_t i;
int ret;
ret = crypto_box_easy(c, m, 131, nonce, bobpk, alicesk);
assert(ret == 0);
for (i = 0; i < 131 + crypto_box_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int) c[i]);
}
printf("\n");
/* Null message */
ret = crypto_box_easy(c, c, 0, nonce, bobpk, alicesk);
assert(ret == 0);
for (i = 0; i < 1 + crypto_box_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int) c[i]);
}
printf("\n");
ret =
crypto_box_open_easy(c, c, crypto_box_MACBYTES, nonce, bobpk, alicesk);
assert(ret == 0);
for (i = 0; i < 1 + crypto_box_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int) c[i]);
}
printf("\n");
c[randombytes_uniform(crypto_box_MACBYTES)]++;
ret = crypto_box_open_easy(c, c, crypto_box_MACBYTES, nonce, bobpk, alicesk);
assert(ret == -1);
return 0;
}
int main(void)
{
void *buf;
size_t size;
#ifdef SIGSEGV
signal(SIGSEGV, segv_handler);
#endif
#ifdef SIGBUS
signal(SIGBUS, segv_handler);
#endif
#ifdef SIGABRT
signal(SIGABRT, segv_handler);
#endif
size = 1U + randombytes_uniform(100000U);
buf = sodium_malloc(size);
assert(buf != NULL);
sodium_mprotect_noaccess(buf);
sodium_mprotect_readwrite(buf);
#ifndef __EMSCRIPTEN__
sodium_memzero(((unsigned char *)buf) - 8, 8U);
sodium_mprotect_readonly(buf);
sodium_free(buf);
printf("Underflow not caught\n");
#endif
return 0;
}
static void
mm_generichash(void)
{
crypto_generichash_state st;
unsigned char *h, *h2;
unsigned char *k;
unsigned char *m;
size_t hlen;
size_t klen;
size_t mlen;
size_t l1, l2;
int i;
for (i = 0; i < MAX_ITER; i++) {
mlen = randombytes_uniform(MAXLEN);
m = (unsigned char *) sodium_malloc(mlen);
klen = randombytes_uniform(crypto_generichash_KEYBYTES_MAX -
crypto_generichash_KEYBYTES_MIN + 1U)
+ crypto_generichash_KEYBYTES_MIN;
k = (unsigned char *) sodium_malloc(klen);
hlen = randombytes_uniform(crypto_generichash_BYTES_MAX -
crypto_generichash_BYTES_MIN + 1U)
+ crypto_generichash_BYTES_MIN;
h = (unsigned char *) sodium_malloc(hlen);
h2 = (unsigned char *) sodium_malloc(hlen);
randombytes_buf(k, klen);
randombytes_buf(m, mlen);
crypto_generichash_init(&st, k, klen, hlen);
l1 = randombytes_uniform(mlen);
l2 = randombytes_uniform(mlen - l1);
crypto_generichash_update(&st, m, l1);
crypto_generichash_update(&st, m + l1, l2);
crypto_generichash_update(&st, m + l1 + l2, mlen - l1 - l2);
crypto_generichash_final(&st, h, hlen);
crypto_generichash(h2, hlen, m, mlen, k, klen);
assert(memcmp(h, h2, hlen) == 0);
sodium_free(h2);
sodium_free(h);
sodium_free(k);
sodium_free(m);
}
}
int strategy_choose_socket(vpn_ctx_t *ctx) {
// rule: just pick a random socket
if (ctx->nsock == 1) {
return ctx->socks[0];
}
uint32_t r = randombytes_uniform(ctx->nsock);
return ctx->socks[r];
}
static void
cert_reschedule_query_after_success(ProxyContext * const proxy_context)
{
if (evtimer_pending(proxy_context->cert_updater.cert_timer, NULL)) {
return;
}
cert_reschedule_query(proxy_context, (time_t)
CERT_QUERY_RETRY_DELAY_AFTER_SUCCESS_MIN_DELAY
+ (time_t) randombytes_uniform
(CERT_QUERY_RETRY_DELAY_AFTER_SUCCESS_JITTER));
}
static void
mm_hmacsha256(void)
{
crypto_auth_hmacsha256_state st;
unsigned char *h, *h2;
unsigned char *k;
unsigned char *m;
size_t mlen;
size_t l1, l2;
int i;
for (i = 0; i < MAX_ITER; i++) {
mlen = randombytes_uniform(MAXLEN);
m = (unsigned char *) sodium_malloc(mlen);
k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_KEYBYTES);
h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);
h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);
crypto_auth_hmacsha256_keygen(k);
randombytes_buf(m, mlen);
crypto_auth_hmacsha256_init(&st, k, crypto_auth_hmacsha256_KEYBYTES);
l1 = randombytes_uniform(mlen);
l2 = randombytes_uniform(mlen - l1);
crypto_auth_hmacsha256_update(&st, m, l1);
crypto_auth_hmacsha256_update(&st, m + l1, l2);
crypto_auth_hmacsha256_update(&st, m + l1 + l2, mlen - l1 - l2);
crypto_auth_hmacsha256_final(&st, h);
crypto_auth_hmacsha256(h2, m, mlen, k);
assert(memcmp(h, h2, crypto_auth_hmacsha256_BYTES) == 0);
sodium_free(h2);
sodium_free(h);
sodium_free(k);
sodium_free(m);
}
}
static int impl_tests(void)
{
#ifndef __native_client__
randombytes_implementation impl = randombytes_sysrandom_implementation;
#else
randombytes_implementation impl = randombytes_nativeclient_implementation;
#endif
uint32_t v = randombytes_random();
impl.uniform = randombytes_uniform_impl;
randombytes_close();
randombytes_set_implementation(&impl);
assert(randombytes_uniform(v) == v);
assert(randombytes_uniform(v) == v);
assert(randombytes_uniform(v) == v);
assert(randombytes_uniform(v) == v);
randombytes_close();
impl.close = NULL;
randombytes_close();
return 0;
}
int strategy_choose_remote_addr(vpn_ctx_t *ctx) {
// rules:
// 1. if there isn't any address received from within ADDR_TIMEOUT
// choose latest
// 2. if there are some addresses received from within ADDR_TIMEOUT
// choose randomly from them
//
// how we do this efficiently
// 1. scan once and find latest, total number of not timed out addresses
// 2. if number <= 1, use latest
// 3. if number > 1, generate random i in (0, number),
// scan again and pick (i)th address not timed out
int i, total_not_timed_out = 0, chosen;
time_t now;
addr_info_t *latest = NULL, *temp;
if (ctx->nknown_addr == 0) {
return 0;
}
time(&now);
for (i = 0; i < ctx->nknown_addr; i++) {
temp = &ctx->known_addrs[i];
if (latest == NULL ||
latest->last_recv_time < temp->last_recv_time) {
latest = temp;
}
if (now - temp->last_recv_time <= ADDR_TIMEOUT) {
total_not_timed_out++;
}
}
if (total_not_timed_out <= 1) {
load_addr(latest, &ctx->remote_addr, &ctx->remote_addrlen);
} else {
chosen = randombytes_uniform(total_not_timed_out);
total_not_timed_out = 0;
for (i = 0; i < ctx->nknown_addr; i++) {
temp = &ctx->known_addrs[i];
if (now - temp->last_recv_time <= ADDR_TIMEOUT) {
if (total_not_timed_out == chosen) {
load_addr(temp, &ctx->remote_addr, &ctx->remote_addrlen);
break;
}
total_not_timed_out++;
}
}
}
return 0;
}
void Pump::ClientRecv(const QByteArray &Data) {
switch (status) {
case Initiated: {
QVariantMap qvm(QJsonDocument::fromJson(Data).toVariant().toMap()),qvm2;
if ((!Version::CheckVersion(qvm["version"].toString()))||qvm["password"]!=Password) {
qvm2.insert("status","no");
emit csock->SendData(QJsonDocument::fromVariant(qvm2).toJson());
csock->disconnectFromHost();
Log::log(csock,"was refused");
break;
}
if (qvm["protocol"]=="TCP") {
ssock=new TcpSocket(this);
connect(ssock,SIGNAL(RecvData(QByteArray)),this,SLOT(ServerRecv(QByteArray)));
connect(ssock,SIGNAL(disconnected()),this,SLOT(EndSession()));
ssock->connectToHost(qvm["host"].toString(),qvm["port"].toUInt());
status=TCP;
Log::log(csock,"requested TCP connection to "+qvm["host"].toString()+':'+QString::number(qvm["port"].toUInt()));
} else if (qvm["protocol"]=="UDP") {
usock=new UdpSocket(this);
connect(usock,SIGNAL(RecvData(QHostAddress,unsigned short,QByteArray)),this,SLOT(UDPRecv(QHostAddress,unsigned short,QByteArray)));
status=UDP;
Log::log(csock,"requested UDP association");
}
qvm2.insert("status","ok");
qvm2.insert("protocol",qvm["protocol"].toString());
qvm2.insert("garbage",QString(randombytes_uniform(900),'f'));
emit csock->SendData(QJsonDocument::fromVariant(qvm2).toJson());
break;
}
case TCP:
emit ssock->SendData(Data);
break;
case UDP: {
QVariantMap qvm(QJsonDocument::fromJson(Data).toVariant().toMap());
emit usock->SendData(qvm["host"].toString(),qvm["port"].toUInt(),QByteArray::fromBase64(qvm["data"].toByteArray()));
Log::log(csock,"sent a UDP package to "+qvm["host"].toString()+':'+QString::number(qvm["port"].toUInt()));
}
}
size_t
dnscrypt_pad(uint8_t *buf, const size_t len, const size_t max_len)
{
uint8_t *buf_padding_area = buf + len;
size_t padded_len, padding_len;
if (max_len < len + DNSCRYPT_MIN_PAD_LEN) {
return len;
}
padded_len = len + DNSCRYPT_MIN_PAD_LEN + randombytes_uniform
((uint32_t) (max_len - len - DNSCRYPT_MIN_PAD_LEN + 1U));
padded_len += DNSCRYPT_BLOCK_SIZE - padded_len % DNSCRYPT_BLOCK_SIZE;
if (padded_len > max_len) {
padded_len = max_len;
}
assert(padded_len >= len);
padding_len = padded_len - len;
memset(buf_padding_area, 0, padding_len);
*buf_padding_area = 0x80;
assert(max_len >= padded_len);
return padded_len;
}
static void
tv_box_xchacha20poly1305(void)
{
char hex[65];
unsigned char *pk;
unsigned char *sk;
unsigned char *m;
unsigned char *m2;
unsigned char *mac;
unsigned char *nonce;
unsigned char *out;
unsigned char *pc;
unsigned char *seed;
size_t m_len;
int i;
pk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
sk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
nonce = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
mac = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_MACBYTES);
pc = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
for (i = 0; i < 10; i++) {
m_len = (i == 0) ? 0 : randombytes_uniform(150);
m = (unsigned char *) sodium_malloc(m_len);
m2 = (unsigned char *) sodium_malloc(m_len);
out = (unsigned char *) sodium_malloc
(crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len);
randombytes_buf(nonce, crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
randombytes_buf(m, m_len);
assert(crypto_box_curve25519xchacha20poly1305_keypair(pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, m_len, nonce,
pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_easy
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
nonce, pk, sk) == 0);
assert(memcmp(m2, m, m_len) == 0);
sodium_free(out);
out = (unsigned char *) sodium_malloc
(crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len);
assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_easy_afternm
(out, m, m_len, nonce, pc) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
nonce, pc) == 0);
assert(memcmp(m2, m, m_len) == 0);
sodium_free(out);
out = (unsigned char *) sodium_malloc(m_len);
assert(crypto_box_curve25519xchacha20poly1305_detached(out, mac, m, m_len,
nonce, pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_detached
(m2, out, mac, m_len, nonce, pk, sk) == 0);
sodium_free(out);
out = (unsigned char *) sodium_malloc(m_len);
assert(crypto_box_curve25519xchacha20poly1305_detached_afternm
(out, mac, m, m_len, nonce, pc) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_detached_afternm
(m2, out, mac, m_len, nonce, pc) == 0);
sodium_free(out);
sodium_free(m2);
sodium_free(m);
}
sodium_free(pc);
sodium_free(mac);
sodium_free(nonce);
seed = (unsigned char *) sodium_malloc
(crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
for (i = 0; i < crypto_box_curve25519xchacha20poly1305_SEEDBYTES; i++) {
seed[i] = i;
}
crypto_box_curve25519xchacha20poly1305_seed_keypair(pk, sk, seed);
sodium_bin2hex(hex, sizeof hex, pk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
assert(strcmp(hex, "4701d08488451f545a409fb58ae3e58581ca40ac3f7f114698cd71deac73ca01") == 0);
sodium_bin2hex(hex, sizeof hex, sk, crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
assert(strcmp(hex, "3d94eea49c580aef816935762be049559d6d1440dede12e6a125f1841fff8e6f") == 0);
sodium_free(seed);
sodium_free(sk);
sodium_free(pk);
assert(crypto_box_curve25519xchacha20poly1305_seedbytes() == crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
assert(crypto_box_curve25519xchacha20poly1305_publickeybytes() == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
printf("tv_box_xchacha20poly1305: ok\n");
}
static void
tv_secretbox_xchacha20poly1305(void)
{
static const XChaCha20Poly1305TV tvs[] = {
{ "065ff46a9dddb1ab047ee5914d6d575a828b8cc1f454b24e8cd0f57efdc49a34", "f83262646ce01293b9923a65a073df78c54b2e799cd6c4e5", "", "4c72340416339dcdea01b760db5adaf7" },
{ "d3c71d54e6b13506e07aa2e7b412a17a7a1f34df3d3148cd3f45b91ccaa5f4d9", "943b454a853aa514c63cf99b1e197bbb99da24b2e2d93e47", "76bd706e07741e713d90efdb34ad202067263f984942aae8bda159f30dfccc72200f8093520b85c5ad124ff7c8b2d920946e5cfff4b819abf84c7b35a6205ca72c9f8747c3044dd73fb4bebda1b476", "0384276f1cfa5c82c3e58f0f2acc1f821c6f526d2c19557cf8bd270fcde43fba1d88890663f7b2f5c6b1d7deccf5c91b4df5865dc55cc7e04d6793fc2db8f9e3b418f95cb796d67a7f3f7e097150cb607c435dacf82eac3d669866e5092ace" },
{ "9498fdb922e0596e32af7f8108def2068f5a32a5ac70bd33ade371701f3d98d0", "a0056f24be0d20106fe750e2ee3684d4457cbdcb3a74e566", "b1bc9cfedb340fb06a37eba80439189e48aa0cfd37020eec0afa09165af12864671b3fbddbbb20ac18f586f2f66d13b3ca40c9a7e21c4513a5d87a95319f8ca3c2151e2a1b8b86a35653e77f90b9e63d2a84be9b9603876a89d60fd708edcd64b41be1064b8ad1046553aaeb51dc70b8112c9915d94f2a5dad1e14e7009db6c703c843a4f64b77d44b179b9579ac497dac2d33", "4918790d46893fa3dca74d8abc57eef7fca2c6393d1beef5efa845ac20475db38d1a068debf4c5dbd8614eb072877c565dc52bd40941f0b590d2079a5028e426bf50bcbaadcbebf278bddceedc578a5e31379523dee15026ec82d34e56f2871fdf13255db199ac48f163d5ee7e4f4e09a39451356959d9242a39aea33990ab960a4c25346e3d9397fc5e7cb6266c2476411cd331f2bcb4486750c746947ec6401865d5" },
{ "fa2d915e044d0519248150e7c815b01f0f2a691c626f8d22c3ef61e7f16eea47", "c946065dc8befa9cc9f292ea2cf28f0256285565051792b7", "d5be1a24c7872115dc5c5b4234dbee35a6f89ae3a91b3e33d75249a0aecfed252341295f49296f7ee14d64de1ea6355cb8facd065052d869aeb1763cda7e418a7e33b6f7a81327181df6cd4de3a126d9df1b5e8b0b1a6b281e63f2", "6d32e3571afec58b0acabb54a287118b3ed6691f56cc8ead12d735352c9a050c2ca173c78b6092f9ad4b7c21c36fb0ce18560956395bab3099c54760a743051ac6a898a0b0034b5e953340c975cf7a873c56b27e66bca2bff1dd977addefc7935bb7550753dd13d1f1a43d" },
{ "6f149c2ec27af45176030c8dd7ab0e1e488f5803f26f75045d7a56f59a587a85", "952aff2f39bc70016f04ac7fb8b55fd22764ba16b56e255d", "8fde598c4bde5786abdc6ab83fce66d59782b6ce36afe028c447ad4086a748764afa88a520e837a9d56d0b7693b0476649f24c2aa44b94615a1efc75", "9bccf07974836fa4609d32d9527d928d184d9c6c0823af2f703e0e257a162d26d3678fa15ab1c4db76ac42084d32cefca8efaf77814c199b310999e327a3e3daa2e235b175979504ede87b58" },
{ "b964b7fdf442efbcc2cd3e4cd596035bdfb05ed7d44f7fd4dce2d5614af5c8c4", "2886fbfa4b35b68f28d31df6243a4fbc56475b69e24820a4", "", "b83fbdd112bf0f7d62eff96c9faa8850" },
{ "10c0ad4054b48d7d1de1d9ab6f782ca883d886573e9d18c1d47b6ee6b5208189", "977edf57428d0e0247a3c88c9a9ec321bbaae1a4da8353b5", "518e4a27949812424b2a381c3efea6055ee5e75eff", "0c801a037c2ed0500d6ef68e8d195eceb05a15f8edb68b35773e81ac2aca18e9be53416f9a" },
{ "7db0a81d01699c86f47a3ec76d46aa32660adad7f9ac72cf8396419f789f6bb1", "e7cb57132ce954e28f4470cca1dbda20b534cdf32fbe3658", "ee6511d403539e611ab312205f0c3b8f36a33d36f1dc44bb33d6836f0ab93b9f1747167bf0150f045fcd12a39479641d8bdde6fe01475196e8fe2c435e834e30a59f6aaa01ebcd", "ae8b1d4df4f982b2702626feca07590fedd0dfa7ae34e6a098372a1aa32f9fbf0ce2a88b5c16a571ef48f3c9fda689ce8ebb9947c9e2a28e01b1191efc81ad2ce0ed6e6fc7c164b1fc7f3d50b7f5e47a895db3c1fc46c0" },
{ "7b043dd27476cf5a2baf2907541d8241ecd8b97d38d08911737e69b0846732fb", "74706a2855f946ed600e9b453c1ac372520b6a76a3c48a76", "dbf165bb8352d6823991b99f3981ba9c8153635e5695477cba54e96a2a8c4dc5f9dbe817887d7340e3f48a", "ce57261afba90a9598de15481c43f26f7b8c8cb2806c7c977752dba898dc51b92a3f1a62ebf696747bfccf72e0edda97f2ccd6d496f55aefbb3ec2" },
{ "e588e418d658df1b2b1583122e26f74ca3506b425087bea895d81021168f8164", "4f4d0ffd699268cd841ce4f603fe0cd27b8069fcf8215fbb", "f91bcdcf4d08ba8598407ba8ef661e66c59ca9d89f3c0a3542e47246c777091e4864e63e1e3911dc01257255e551527a53a34481be", "22dc88de7cacd4d9ce73359f7d6e16e74caeaa7b0d1ef2bb10fda4e79c3d5a9aa04b8b03575fd27bc970c9ed0dc80346162469e0547030ddccb8cdc95981400907c87c9442" }
};
const XChaCha20Poly1305TV *tv;
unsigned char *m;
unsigned char *nonce;
unsigned char *key;
unsigned char *out;
unsigned char *out2;
size_t m_len;
size_t out_len;
size_t n;
int i;
key = (unsigned char *) sodium_malloc
(crypto_secretbox_xchacha20poly1305_KEYBYTES);
nonce = (unsigned char *) sodium_malloc
(crypto_secretbox_xchacha20poly1305_NONCEBYTES);
for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) {
tv = &tvs[i];
m_len = strlen(tv->m) / 2;
m = (unsigned char *) sodium_malloc(m_len);
sodium_hex2bin(key, crypto_secretbox_xchacha20poly1305_KEYBYTES,
tv->key, strlen(tv->key), NULL, NULL, NULL);
sodium_hex2bin(nonce, crypto_secretbox_xchacha20poly1305_NONCEBYTES,
tv->nonce, strlen(tv->nonce), NULL, NULL, NULL);
sodium_hex2bin(m, m_len, tv->m, strlen(tv->m), NULL, NULL, NULL);
out = (unsigned char *) sodium_malloc
(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len);
out2 = (unsigned char *) sodium_malloc
(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len);
sodium_hex2bin(out, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
tv->out, strlen(tv->out), NULL, NULL, NULL);
crypto_secretbox_xchacha20poly1305_easy(out2, m, m_len, nonce, key);
assert(memcmp(out, out2,
crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0);
n = randombytes_uniform(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len);
out2[n]++;
assert(crypto_secretbox_xchacha20poly1305_open_easy
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
nonce, key) == -1);
out2[n]--;
nonce[0]++;
assert(crypto_secretbox_xchacha20poly1305_open_easy
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
nonce, key) == -1);
nonce[0]--;
assert(crypto_secretbox_xchacha20poly1305_open_easy
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
nonce, key) == 0);
assert(memcmp(m, out2, m_len) == 0);
assert(crypto_secretbox_xchacha20poly1305_open_detached
(out2, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out,
m_len, nonce, key) == 0);
crypto_secretbox_xchacha20poly1305_detached
(out2 + crypto_secretbox_xchacha20poly1305_MACBYTES, out2, m,
m_len, nonce, key);
assert(memcmp(out, out2,
crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0);
sodium_free(out);
sodium_free(out2);
sodium_free(m);
}
sodium_free(nonce);
sodium_free(key);
assert(crypto_secretbox_xchacha20poly1305_keybytes() == crypto_secretbox_xchacha20poly1305_KEYBYTES);
assert(crypto_secretbox_xchacha20poly1305_noncebytes() == crypto_secretbox_xchacha20poly1305_NONCEBYTES);
assert(crypto_secretbox_xchacha20poly1305_macbytes() == crypto_secretbox_xchacha20poly1305_MACBYTES);
printf("tv_secretbox_xchacha20: ok\n");
}
static int randombytes_tests(void)
{
unsigned int f = 0U;
unsigned int i;
uint32_t n;
#ifdef __EMSCRIPTEN__
assert(strcmp(randombytes_implementation_name(), "sysrandom"));
#else
assert(strcmp(randombytes_implementation_name(), "js"));
#endif
randombytes(x, 1U);
do {
n = randombytes_random();
f |= ((n >> 24) > 1);
f |= ((n >> 16) > 1) << 1;
f |= ((n >> 8) > 1) << 2;
f |= ((n ) > 1) << 3;
f |= (n > 0x7fffffff) << 4;
} while (f != 0x1f);
randombytes_close();
for (i = 0; i < 256; ++i) {
freq[i] = 0;
}
for (i = 0; i < 65536; ++i) {
++freq[randombytes_uniform(256)];
}
for (i = 0; i < 256; ++i) {
if (!freq[i]) {
printf("randombytes_uniform() test failed\n");
}
}
assert(randombytes_uniform(1U) == 0U);
randombytes_close();
#ifndef __EMSCRIPTEN__
randombytes_set_implementation(&randombytes_salsa20_implementation);
assert(strcmp(randombytes_implementation_name(), "salsa20") == 0);
#endif
randombytes_stir();
for (i = 0; i < 256; ++i) {
freq[i] = 0;
}
for (i = 0; i < 65536; ++i) {
++freq[randombytes_uniform(256)];
}
for (i = 0; i < 256; ++i) {
if (!freq[i]) {
printf("randombytes_uniform() test failed\n");
}
}
memset(x, 0, sizeof x);
randombytes_buf(x, sizeof x);
for (i = 0; i < 256; ++i) {
freq[i] = 0;
}
for (i = 0; i < sizeof x; ++i) {
++freq[255 & (int)x[i]];
}
for (i = 0; i < 256; ++i) {
if (!freq[i]) {
printf("randombytes_buf() test failed\n");
}
}
assert(randombytes_uniform(1U) == 0U);
randombytes_close();
randombytes(x, 1U);
randombytes_close();
return 0;
}
int main(void)
{
unsigned char buf1[1000];
unsigned char buf2[1000];
char buf3[33];
unsigned char buf4[4];
unsigned char nonce[24];
char nonce_hex[49];
const char *hex;
const char *hex_end;
size_t bin_len;
int i;
randombytes_buf(buf1, sizeof buf1);
memcpy(buf2, buf1, sizeof buf2);
printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
sodium_memzero(buf1, 0U);
printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
sodium_memzero(buf1, sizeof buf1 / 2);
printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
printf("%d\n", sodium_memcmp(buf1, buf2, 0U));
sodium_memzero(buf2, sizeof buf2 / 2);
printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
printf("%s\n",
sodium_bin2hex(buf3, 33U, (const unsigned char *)"0123456789ABCDEF",
16U));
hex = "Cafe : 6942";
sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, &hex_end);
printf("%lu:%02x%02x%02x%02x\n", (unsigned long)bin_len, buf4[0], buf4[1],
buf4[2], buf4[3]);
printf("dt1: %ld\n", (long) (hex_end - hex));
hex = "Cafe : 6942";
sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, NULL);
printf("%lu:%02x%02x%02x%02x\n", (unsigned long)bin_len, buf4[2], buf4[3],
buf4[2], buf4[3]);
hex = "deadbeef";
if (sodium_hex2bin(buf1, 1U, hex, 8U, NULL, &bin_len, &hex_end) != -1) {
printf("sodium_hex2bin() overflow not detected\n");
}
printf("dt2: %ld\n", (long) (hex_end - hex));
hex = "de:ad:be:eff";
if (sodium_hex2bin(buf1, 4U, hex, 12U, ":", &bin_len, &hex_end) != -1) {
printf("sodium_hex2bin() with an odd input length and a short output buffer\n");
}
printf("dt3: %ld\n", (long) (hex_end - hex));
hex = "de:ad:be:eff";
if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":", &bin_len, &hex_end) != 0) {
printf("sodium_hex2bin() with an odd input length\n");
}
printf("dt4: %ld\n", (long) (hex_end - hex));
hex = "de:ad:be:eff";
if (sodium_hex2bin(buf1, sizeof buf1, hex, 13U, ":", &bin_len, &hex_end) != 0) {
printf("sodium_hex2bin() with an odd input length\n");
}
printf("dt5: %ld\n", (long) (hex_end - hex));
memset(nonce, 0, sizeof nonce);
sodium_increment(nonce, sizeof nonce);
printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex,
nonce, sizeof nonce));
memset(nonce, 255, sizeof nonce);
sodium_increment(nonce, sizeof nonce);
printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex,
nonce, sizeof nonce));
nonce[1] = 1U;
sodium_increment(nonce, sizeof nonce);
printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex,
nonce, sizeof nonce));
nonce[1] = 0U;
sodium_increment(nonce, sizeof nonce);
printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex,
nonce, sizeof nonce));
nonce[0] = 255U;
nonce[2] = 255U;
sodium_increment(nonce, sizeof nonce);
printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex,
nonce, sizeof nonce));
for (i = 0; i < 1000; i++) {
bin_len = (size_t) randombytes_uniform(sizeof buf1);
randombytes_buf(buf1, bin_len);
randombytes_buf(buf2, bin_len);
if (memcmp(buf1, buf2, bin_len) *
sodium_compare(buf1, buf2, bin_len) < 0) {
printf("sodium_compare() failure with length=%u\n",
(unsigned int) bin_len);
}
memcpy(buf1, buf2, bin_len);
if (sodium_compare(buf1, buf2, bin_len)) {
printf("sodium_compare() equality failure with length=%u\n",
(unsigned int) bin_len);
}
}
return 0;
}
int main(void)
{
unsigned char *alicepk;
unsigned char *alicesk;
unsigned char *bobpk;
unsigned char *bobsk;
unsigned char *mac;
unsigned char *nonce;
unsigned char *k1;
unsigned char *k2;
unsigned char *m;
unsigned char *m2;
unsigned char *c;
size_t mlen;
size_t i;
size_t m_size;
size_t m2_size;
size_t c_size;
int ret;
m2_size = m_size = 1U + randombytes_uniform(10000);
c_size = crypto_box_MACBYTES + m_size;
m = (unsigned char *) sodium_malloc(m_size);
m2 = (unsigned char *) sodium_malloc(m2_size);
c = (unsigned char *) sodium_malloc(c_size);
alicepk = (unsigned char *) sodium_malloc(crypto_box_PUBLICKEYBYTES);
alicesk = (unsigned char *) sodium_malloc(crypto_box_SECRETKEYBYTES);
bobpk = (unsigned char *) sodium_malloc(crypto_box_PUBLICKEYBYTES);
bobsk = (unsigned char *) sodium_malloc(crypto_box_SECRETKEYBYTES);
mac = (unsigned char *) sodium_malloc(crypto_box_MACBYTES);
nonce = (unsigned char *) sodium_malloc(crypto_box_NONCEBYTES);
k1 = (unsigned char *) sodium_malloc(crypto_box_BEFORENMBYTES);
k2 = (unsigned char *) sodium_malloc(crypto_box_BEFORENMBYTES);
crypto_box_keypair(alicepk, alicesk);
crypto_box_keypair(bobpk, bobsk);
mlen = (size_t) randombytes_uniform((uint32_t) m_size) + 1U;
randombytes_buf(m, mlen);
randombytes_buf(nonce, crypto_box_NONCEBYTES);
ret = crypto_box_easy(c, m, mlen, nonce, bobpk, alicesk);
assert(ret == 0);
if (crypto_box_open_easy(m2, c,
(unsigned long long) mlen + crypto_box_MACBYTES,
nonce, alicepk, bobsk) != 0) {
printf("open() failed");
return 1;
}
printf("%d\n", memcmp(m, m2, mlen));
for (i = 0; i < mlen + crypto_box_MACBYTES - 1; i++) {
if (crypto_box_open_easy(m2, c, (unsigned long long) i,
nonce, alicepk, bobsk) == 0) {
printf("short open() should have failed");
return 1;
}
}
memcpy(c, m, mlen);
ret = crypto_box_easy(c, c, (unsigned long long) mlen, nonce, bobpk, alicesk);
assert(ret == 0);
printf("%d\n", memcmp(m, c, mlen) == 0);
printf("%d\n", memcmp(m, c + crypto_box_MACBYTES, mlen) == 0);
if (crypto_box_open_easy(c, c,
(unsigned long long) mlen + crypto_box_MACBYTES,
nonce, alicepk, bobsk) != 0) {
printf("crypto_box_open_easy() failed\n");
}
ret = crypto_box_beforenm(k1, alicepk, bobsk);
assert(ret == 0);
ret = crypto_box_beforenm(k2, bobpk, alicesk);
assert(ret == 0);
memset(m2, 0, m2_size);
if (crypto_box_easy_afternm(c, m, SIZE_MAX - 1U, nonce, k1) == 0) {
printf("crypto_box_easy_afternm() with a short ciphertext should have failed\n");
}
crypto_box_easy_afternm(c, m, (unsigned long long) mlen, nonce, k1);
if (crypto_box_open_easy_afternm(m2, c,
(unsigned long long) mlen + crypto_box_MACBYTES,
nonce, k2) != 0) {
printf("crypto_box_open_easy_afternm() failed\n");
}
printf("%d\n", memcmp(m, m2, mlen));
if (crypto_box_open_easy_afternm(m2, c, crypto_box_MACBYTES - 1U,
nonce, k2) == 0) {
printf("crypto_box_open_easy_afternm() with a huge ciphertext should have failed\n");
}
memset(m2, 0, m2_size);
ret = crypto_box_detached(c, mac, m, (unsigned long long) mlen,
nonce, alicepk, bobsk);
assert(ret == 0);
if (crypto_box_open_detached(m2, c, mac, (unsigned long long) mlen,
nonce, bobpk, alicesk) != 0) {
printf("crypto_box_open_detached() failed\n");
}
printf("%d\n", memcmp(m, m2, mlen));
memset(m2, 0, m2_size);
crypto_box_detached_afternm(c, mac, m, (unsigned long long) mlen,
nonce, k1);
if (crypto_box_open_detached_afternm(m2, c, mac, (unsigned long long) mlen,
nonce, k2) != 0) {
printf("crypto_box_open_detached_afternm() failed\n");
}
printf("%d\n", memcmp(m, m2, mlen));
sodium_free(alicepk);
sodium_free(alicesk);
sodium_free(bobpk);
sodium_free(bobsk);
sodium_free(mac);
sodium_free(nonce);
sodium_free(k1);
sodium_free(k2);
sodium_free(m);
sodium_free(m2);
sodium_free(c);
printf("OK\n");
return 0;
}
uint32_t
atheme_random_uniform(const uint32_t bound)
{
return randombytes_uniform(bound);
}
