int main(void)
{
unsigned char *k;
unsigned char *bobsk;
unsigned char *alicepk;
int i;
k = (unsigned char *) sodium_malloc(crypto_scalarmult_BYTES);
bobsk = (unsigned char *) sodium_malloc(crypto_scalarmult_SCALARBYTES);
alicepk = (unsigned char *) sodium_malloc(crypto_scalarmult_SCALARBYTES);
assert(k != NULL && bobsk != NULL && alicepk != NULL);
memcpy(bobsk, bobsk_, crypto_scalarmult_SCALARBYTES);
memcpy(alicepk, alicepk_, crypto_scalarmult_SCALARBYTES);
crypto_scalarmult(k, bobsk, alicepk);
sodium_free(alicepk);
sodium_free(bobsk);
for (i = 0; i < 32; ++i) {
if (i > 0) {
printf(",");
} else {
printf(" ");
}
printf("0x%02x", (unsigned int)k[i]);
if (i % 8 == 7) {
printf("\n");
}
}
sodium_free(k);
return 0;
}
int main(void)
{
char *str_out;
char *str_out2;
char *salt;
const char *passwd = "Correct Horse Battery Staple";
tv();
tv2();
salt = (char *) sodium_malloc(crypto_pwhash_SALTBYTES);
str_out = (char *) sodium_malloc(crypto_pwhash_STRBYTES);
str_out2 = (char *) sodium_malloc(crypto_pwhash_STRBYTES);
memcpy(salt, ">A 16-bytes salt", crypto_pwhash_SALTBYTES);
if (crypto_pwhash_str(str_out, passwd, strlen(passwd),
OPSLIMIT, MEMLIMIT) != 0) {
printf("pwhash_str failure\n");
}
if (crypto_pwhash_str(str_out2, passwd, strlen(passwd),
OPSLIMIT, MEMLIMIT) != 0) {
printf("pwhash_str(2) failure\n");
}
if (strcmp(str_out, str_out2) == 0) {
printf("pwhash_str doesn't generate different salts\n");
}
if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) {
printf("pwhash_str_verify failure\n");
}
if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) {
printf("pwhash_str_verify failure\n");
}
str_out[14]++;
if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) == 0) {
printf("pwhash_str_verify(2) failure\n");
}
str_out[14]--;
assert(str_out[crypto_pwhash_STRBYTES - 1U] == 0);
assert(crypto_pwhash_saltbytes() > 0U);
assert(crypto_pwhash_strbytes() > 1U);
assert(crypto_pwhash_strbytes() > strlen(crypto_pwhash_strprefix()));
assert(crypto_pwhash_opslimit_interactive() > 0U);
assert(crypto_pwhash_memlimit_interactive() > 0U);
assert(crypto_pwhash_opslimit_moderate() > 0U);
assert(crypto_pwhash_memlimit_moderate() > 0U);
assert(crypto_pwhash_opslimit_sensitive() > 0U);
assert(crypto_pwhash_memlimit_sensitive() > 0U);
sodium_free(salt);
sodium_free(str_out);
sodium_free(str_out2);
printf("OK\n");
return 0;
}
int
main(void)
{
unsigned char *alicepk =
(unsigned char *) sodium_malloc(crypto_scalarmult_BYTES);
unsigned char *bobpk =
(unsigned char *) sodium_malloc(crypto_scalarmult_BYTES);
unsigned char *k = (unsigned char *) sodium_malloc(crypto_scalarmult_BYTES);
int ret;
assert(alicepk != NULL && bobpk != NULL && k != NULL);
crypto_scalarmult_base(alicepk, alicesk);
sodium_bin2hex(hex, sizeof hex, alicepk, crypto_scalarmult_BYTES);
printf("%s\n", hex);
crypto_scalarmult_base(bobpk, bobsk);
sodium_bin2hex(hex, sizeof hex, bobpk, crypto_scalarmult_BYTES);
printf("%s\n", hex);
ret = crypto_scalarmult(k, alicesk, bobpk);
assert(ret == 0);
sodium_bin2hex(hex, sizeof hex, k, crypto_scalarmult_BYTES);
printf("%s\n", hex);
ret = crypto_scalarmult(k, bobsk, alicepk);
assert(ret == 0);
sodium_bin2hex(hex, sizeof hex, k, crypto_scalarmult_BYTES);
printf("%s\n", hex);
ret = crypto_scalarmult(k, bobsk, small_order_p);
assert(ret == -1);
sodium_bin2hex(hex, sizeof hex, k, crypto_scalarmult_BYTES);
printf("%s\n", hex);
sodium_free(bobpk);
sodium_free(alicepk);
sodium_free(k);
assert(crypto_scalarmult_bytes() > 0U);
assert(crypto_scalarmult_scalarbytes() > 0U);
assert(strcmp(crypto_scalarmult_primitive(), "curve25519") == 0);
assert(crypto_scalarmult_bytes() == crypto_scalarmult_curve25519_bytes());
assert(crypto_scalarmult_scalarbytes() ==
crypto_scalarmult_curve25519_scalarbytes());
assert(crypto_scalarmult_bytes() == crypto_scalarmult_scalarbytes());
return 0;
}
kp_error_t
kp_fini(struct kp_ctx *ctx)
{
sodium_free(ctx->password);
return KP_SUCCESS;
}
int main(void)
{
void *buf;
size_t size;
#ifdef SIGSEGV
signal(SIGSEGV, segv_handler);
#endif
#ifdef SIGBUS
signal(SIGBUS, segv_handler);
#endif
#ifdef SIGABRT
signal(SIGABRT, segv_handler);
#endif
size = 1U + randombytes_uniform(100000U);
buf = sodium_malloc(size);
assert(buf != NULL);
sodium_mprotect_noaccess(buf);
sodium_mprotect_readwrite(buf);
#ifndef __EMSCRIPTEN__
sodium_memzero(((unsigned char *)buf) - 8, 8U);
sodium_mprotect_readonly(buf);
sodium_free(buf);
printf("Underflow not caught\n");
#endif
return 0;
}
/*
* End the ratchet chain and free the memory.
*/
void ratchet_destroy(ratchet_state *state) {
//delete keys
//root key
sodium_memzero(state->root_key, sizeof(state->root_key));
sodium_memzero(state->purported_root_key, sizeof(state->purported_root_key));
//our private ephemeral
sodium_memzero(state->our_private_ephemeral, sizeof(state->our_private_ephemeral));
//header keys
sodium_memzero(state->send_header_key, sizeof(state->send_header_key));
sodium_memzero(state->receive_header_key, sizeof(state->receive_header_key));
sodium_memzero(state->next_send_header_key, sizeof(state->next_send_header_key));
sodium_memzero(state->next_receive_header_key, sizeof(state->next_receive_header_key));
sodium_memzero(state->purported_receive_header_key, sizeof(state->purported_receive_header_key));
sodium_memzero(state->purported_next_receive_header_key, sizeof(state->purported_next_receive_header_key));
//chain keys
sodium_memzero(state->send_chain_key, sizeof(state->send_chain_key));
sodium_memzero(state->receive_chain_key, sizeof(state->send_chain_key));
sodium_memzero(state->purported_receive_chain_key, sizeof(state->purported_receive_chain_key));
//empty message keystores
header_and_message_keystore_clear(&(state->skipped_header_and_message_keys));
header_and_message_keystore_clear(&(state->purported_header_and_message_keys));
sodium_free(state);
}
static void
mm_generichash(void)
{
crypto_generichash_state st;
unsigned char *h, *h2;
unsigned char *k;
unsigned char *m;
size_t hlen;
size_t klen;
size_t mlen;
size_t l1, l2;
int i;
for (i = 0; i < MAX_ITER; i++) {
mlen = randombytes_uniform(MAXLEN);
m = (unsigned char *) sodium_malloc(mlen);
klen = randombytes_uniform(crypto_generichash_KEYBYTES_MAX -
crypto_generichash_KEYBYTES_MIN + 1U)
+ crypto_generichash_KEYBYTES_MIN;
k = (unsigned char *) sodium_malloc(klen);
hlen = randombytes_uniform(crypto_generichash_BYTES_MAX -
crypto_generichash_BYTES_MIN + 1U)
+ crypto_generichash_BYTES_MIN;
h = (unsigned char *) sodium_malloc(hlen);
h2 = (unsigned char *) sodium_malloc(hlen);
randombytes_buf(k, klen);
randombytes_buf(m, mlen);
crypto_generichash_init(&st, k, klen, hlen);
l1 = randombytes_uniform(mlen);
l2 = randombytes_uniform(mlen - l1);
crypto_generichash_update(&st, m, l1);
crypto_generichash_update(&st, m + l1, l2);
crypto_generichash_update(&st, m + l1 + l2, mlen - l1 - l2);
crypto_generichash_final(&st, h, hlen);
crypto_generichash(h2, hlen, m, mlen, k, klen);
assert(memcmp(h, h2, hlen) == 0);
sodium_free(h2);
sodium_free(h);
sodium_free(k);
sodium_free(m);
}
}
int main(void)
{
void *buf;
size_t size;
unsigned int i;
if (sodium_malloc(SIZE_MAX - 1U) != NULL) {
return 1;
}
if (sodium_allocarray(SIZE_MAX / 2U + 1U, SIZE_MAX / 2U) != NULL) {
return 1;
}
sodium_free(sodium_allocarray(0U, 0U));
sodium_free(sodium_allocarray(0U, 1U));
sodium_free(sodium_allocarray(1U, 0U));
buf = sodium_allocarray(1000U, 50U);
memset(buf, 0, 50000U);
sodium_free(buf);
sodium_free(sodium_malloc(0U));
sodium_free(NULL);
for (i = 0U; i < 10000U; i++) {
size = randombytes_uniform(100000U);
buf = sodium_malloc(size);
assert(buf != NULL);
memset(buf, i, size);
sodium_mprotect_noaccess(buf);
sodium_free(buf);
}
printf("OK\n");
#ifdef SIGSEGV
signal(SIGSEGV, segv_handler);
#endif
#ifdef SIGBUS
signal(SIGBUS, segv_handler);
#endif
#ifdef SIGABRT
signal(SIGABRT, segv_handler);
#endif
size = randombytes_uniform(100000U);
buf = sodium_malloc(size);
assert(buf != NULL);
sodium_mprotect_readonly(buf);
sodium_mprotect_readwrite(buf);
#ifndef __EMSCRIPTEN__
sodium_memzero(((unsigned char *)buf) + size, 1U);
sodium_mprotect_noaccess(buf);
sodium_free(buf);
printf("Overflow not caught\n");
#endif
return 0;
}
static void
tv3(void)
{
static struct {
const char *passwd;
const char *out;
} tests[] = {
{ "",
"$argon2id$v=19$m=4096,t=0,p=1$X1NhbHQAAAAAAAAAAAAAAA$bWh++MKN1OiFHKgIWTLvIi1iHicmHH7+Fv3K88ifFfI" },
{ "",
"$argon2id$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" },
{ "",
"$argon2id$v=19$m=4882,t=2,p=1$bA81arsiXysd3WbTRzmEOw$Nm8QBM+7RH1DXo9rvp5cwKEOOOfD2g6JuxlXihoNcpE" },
{ "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ",
"$argon2id$v=19$m=4096,t=0,p=1$PkEgMTYtYnl0ZXMgc2FsdA$ltB/ue1kPtBMBGfsysMpPigE6hiNEKZ9vs8vLNVDQGA" },
{ "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ",
"$argon2id$v=19$m=4096,t=19,p=1$PkEgMTYtYnl0ZXMgc2FsdA$ltB/ue1kPtBMBGfsysMpPigE6hiNEKZ9vs8vLNVDQGA" },
{ "K3S=KyH#)36_?]LxeR8QNKw6X=gFbxai$C%29V*",
"$argon2id$v=19$m=4096,t=1,p=3$PkEgcHJldHR5IGxvbmcgc2FsdA$HUqx5Z1b/ZypnUrvvJ5UC2Q+T6Q1WwASK/Kr9dRbGA0" }
};
char *out;
char *passwd;
size_t i = 0U;
int ret;
do {
out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
assert(out != NULL);
memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
assert(passwd != NULL);
memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
ret = crypto_pwhash_str_verify(out, passwd, strlen(passwd));
sodium_free(out);
sodium_free(passwd);
if (ret != 0) {
printf("[tv3] pwhash_argon2id_str failure (maybe intentional): [%u]\n",
(unsigned int) i);
}
} while (++i < (sizeof tests) / (sizeof tests[0]));
}
static int
file_encrypt(int fd, off_t total_len)
{
unsigned char *in;
unsigned char *k;
blobcrypt_encrypt_state *state;
ssize_t readnb;
int ret = -1;
if (isatty(1)) {
fprintf(stderr, "I'm not going to write to a terminal\n");
return -1;
}
k = sodium_malloc(blobcrypt_KEYBYTES);
if (get_key_from_password(k, blobcrypt_KEYBYTES, 1) != 0) {
sodium_free(k);
return -1;
}
in = sodium_malloc(IN_BUFFER_SIZE);
state = sodium_malloc(sizeof *state);
blobcrypt_encrypt_init(state, write_cb, close_success_cb, close_error_cb,
NULL, total_len, k);
do {
if ((readnb = safe_read(fd, in, IN_BUFFER_SIZE)) <= 0) {
if (readnb == -1) {
perror("read");
}
break;
}
} while (blobcrypt_encrypt_update(state, in, (size_t) readnb) == 0);
if (blobcrypt_encrypt_final(state) == 0) {
fprintf(stderr, "Success!\n");
ret = 0;
}
sodium_free(in);
sodium_free(k);
sodium_free(state);
return ret;
}
static void
tv3(void)
{
static struct {
const char *passwd;
const char *out;
} tests[] = {
{ "",
"$argon2i$v=19$m=4096,t=1,p=1$X1NhbHQAAAAAAAAAAAAAAA$bWh++"
"MKN1OiFHKgIWTLvIi1iHicmHH7+Fv3K88ifFfI" },
{ "",
"$argon2i$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/"
"Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" },
{ "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ",
"$argon2i$v=19$m=4096,t=3,p=2$X1NhbHQAAAAAAAAAAAAAAA$z/QMiU4lQxGsYNc/"
"+K/bizwsA1P11UG2dj/7+aILJ4I" },
{ "K3S=KyH#)36_?]LxeR8QNKw6X=gFbxai$C%29V*",
"$argon2i$v=19$m=4096,t=3,p=1$X1NhbHQAAAAAAAAAAAAAAA$fu2Wsecyt+"
"yPnBvSvYN16oP5ozRmkp0ixJ1YL19V3Uo" }
};
char *out;
char *passwd;
size_t i = 0U;
do {
out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
assert(out != NULL);
memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
assert(passwd != NULL);
memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
if (crypto_pwhash_str_verify(out, passwd, strlen(passwd)) != 0) {
printf("[tv3] pwhash_str failure (maybe intentional): [%u]\n",
(unsigned int) i);
continue;
}
sodium_free(out);
sodium_free(passwd);
} while (++i < (sizeof tests) / (sizeof tests[0]));
}
kp_error_t
create(struct kp_ctx *ctx, int argc, char **argv)
{
kp_error_t ret;
struct kp_safe safe;
char *password = NULL;
if ((ret = parse_opt(ctx, argc, argv)) != KP_SUCCESS) {
return ret;
}
if (argc - optind != 1) {
ret = KP_EINPUT;
kp_warn(ret, "missing safe name");
return ret;
}
if ((ret = kp_safe_create(ctx, &safe, argv[optind])) != KP_SUCCESS) {
if (ret == KP_ERRNO && errno == EEXIST) {
kp_warn(ret, "use 'edit' command to edit an existing safe");
}
goto out;
}
if (generate) {
kp_password_generate(safe.password, password_len);
} else {
if ((ret = kp_prompt_password("safe", true, safe.password)) != KP_SUCCESS) {
goto out;
}
}
snprintf((char *)safe.metadata, KP_METADATA_MAX_LEN, KP_METADATA_TEMPLATE);
if ((ret = kp_edit(ctx, &safe)) != KP_SUCCESS) {
goto out;
}
if ((ret = kp_safe_save(ctx, &safe)) != KP_SUCCESS) {
goto out;
}
if ((ret = kp_safe_close(ctx, &safe)) != KP_SUCCESS) {
goto out;
}
ret = KP_SUCCESS;
out:
sodium_free(password);
return ret;
}
static void
mm_hmacsha256(void)
{
crypto_auth_hmacsha256_state st;
unsigned char *h, *h2;
unsigned char *k;
unsigned char *m;
size_t mlen;
size_t l1, l2;
int i;
for (i = 0; i < MAX_ITER; i++) {
mlen = randombytes_uniform(MAXLEN);
m = (unsigned char *) sodium_malloc(mlen);
k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_KEYBYTES);
h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);
h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);
crypto_auth_hmacsha256_keygen(k);
randombytes_buf(m, mlen);
crypto_auth_hmacsha256_init(&st, k, crypto_auth_hmacsha256_KEYBYTES);
l1 = randombytes_uniform(mlen);
l2 = randombytes_uniform(mlen - l1);
crypto_auth_hmacsha256_update(&st, m, l1);
crypto_auth_hmacsha256_update(&st, m + l1, l2);
crypto_auth_hmacsha256_update(&st, m + l1 + l2, mlen - l1 - l2);
crypto_auth_hmacsha256_final(&st, h);
crypto_auth_hmacsha256(h2, m, mlen, k);
assert(memcmp(h, h2, crypto_auth_hmacsha256_BYTES) == 0);
sodium_free(h2);
sodium_free(h);
sodium_free(k);
sodium_free(m);
}
}
static int
options_use_client_key_file(ProxyContext * const proxy_context)
{
unsigned char *key;
char *key_s;
const size_t header_len = (sizeof OPTIONS_CLIENT_KEY_HEADER) - 1U;
size_t key_s_len;
if ((key_s = options_read_file(proxy_context->client_key_file)) == NULL) {
logger_error(proxy_context, "Unable to read the client key file");
return -1;
}
if ((key = sodium_malloc(header_len + crypto_box_SECRETKEYBYTES)) == NULL) {
logger_noformat(proxy_context, LOG_EMERG, "Out of memory");
free(key_s);
return -1;
}
if (sodium_hex2bin(key, header_len + crypto_box_SECRETKEYBYTES,
key_s, strlen(key_s), ": -", &key_s_len, NULL) != 0 ||
key_s_len < (header_len + crypto_box_SECRETKEYBYTES) ||
memcmp(key, OPTIONS_CLIENT_KEY_HEADER, header_len) != 0) {
logger_noformat(proxy_context, LOG_ERR,
"The client key file doesn't seem to contain a supported key format");
sodium_free(key);
free(key_s);
return -1;
}
sodium_memzero(key_s, strlen(key_s));
free(key_s);
assert(sizeof proxy_context->dnscrypt_client.secretkey <=
key_s_len - header_len);
memcpy(proxy_context->dnscrypt_client.secretkey, key + header_len,
sizeof proxy_context->dnscrypt_client.secretkey);
sodium_free(key);
return 0;
}
static void
str_tests(void)
{
char *str_out;
char *str_out2;
char *salt;
const char *passwd = "Correct Horse Battery Staple";
salt = (char *) sodium_malloc(crypto_pwhash_SALTBYTES);
str_out = (char *) sodium_malloc(crypto_pwhash_STRBYTES);
str_out2 = (char *) sodium_malloc(crypto_pwhash_STRBYTES);
memcpy(salt, ">A 16-bytes salt", crypto_pwhash_SALTBYTES);
if (crypto_pwhash_argon2i_str(str_out, passwd, strlen(passwd), OPSLIMIT,
MEMLIMIT) != 0) {
printf("pwhash_argon2i_str failure\n");
}
if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), OPSLIMIT,
MEMLIMIT) != 0) {
printf("pwhash_argon2i_str(2) failure\n");
}
if (strcmp(str_out, str_out2) == 0) {
printf("pwhash_argon2i_str() doesn't generate different salts\n");
}
if (crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0) {
printf("needs_rehash() false positive\n");
}
if (crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 ||
crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) != 1 ||
crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 ||
crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT * 2, MEMLIMIT) != 1) {
printf("needs_rehash() false negative\n");
}
if (crypto_pwhash_argon2i_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) {
printf("needs_rehash() didn't fail with an invalid hash string\n");
}
if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out),
crypto_pwhash_STRBYTES - strlen(str_out)) != 1 ||
sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2),
crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) {
printf("pwhash_str() doesn't properly pad with zeros\n");
}
if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != 0) {
printf("pwhash_str_verify(1) failure\n");
}
str_out[14]++;
if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != -1) {
printf("pwhash_str_verify(2) failure\n");
}
str_out[14]--;
assert(str_out[crypto_pwhash_STRBYTES - 1U] == 0);
if (crypto_pwhash_argon2i_str(str_out2, passwd, 0x100000000ULL, OPSLIMIT,
MEMLIMIT) != -1) {
printf("pwhash_str() with a large password should have failed\n");
}
if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) !=
-1) {
printf("pwhash_str() with a small opslimit should have failed\n");
}
if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
"$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
"password", 0x100000000ULL) != -1) {
printf("pwhash_str_verify(invalid(0)) failure\n");
}
if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
"$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
"password", strlen("password")) != -1) {
printf("pwhash_str_verify(invalid(1)) failure %d\n", errno);
}
if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
"9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
"password", strlen("password")) != -1) {
printf("pwhash_str_verify(invalid(2)) failure\n");
}
if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
"$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo",
"password", strlen("password")) != -1) {
printf("pwhash_str_verify(invalid(3)) failure\n");
}
if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1c29tZXNhbHQ"
"$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
"password", strlen("password")) != -1) {
printf("pwhash_str_verify(invalid(4)) failure\n");
}
if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
"wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
"password", strlen("password")) != -1) {
printf("pwhash_str_verify(invalid(5)) failure\n");
}
if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
"$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM",
"password", strlen("password")) != -1) {
printf("pwhash_str_verify(invalid(6)) failure\n");
}
if (crypto_pwhash_str_verify(
"$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
"password", strlen("password")) != 0) {
printf("pwhash_str_verify(valid(7)) failure\n");
}
if (crypto_pwhash_str_verify(
"$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
"passwore", strlen("passwore")) != -1 || errno != EINVAL) {
printf("pwhash_str_verify(invalid(7)) failure\n");
}
if (crypto_pwhash_str_verify(
"$Argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
"password", strlen("password")) != -1 || errno != EINVAL) {
printf("pwhash_str_verify(invalid(8)) failure\n");
}
if (crypto_pwhash_str_verify(
"$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
"password", strlen("password")) != -1 || errno != EINVAL) {
printf("pwhash_str_verify(invalid(9)) failure\n");
}
if (crypto_pwhash_str_verify(
"$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVla~=mRpc29kaXNrdw"
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
"password", strlen("password")) != -1 || errno != EINVAL) {
printf("pwhash_str_verify(invalid(10)) failure\n");
}
if (crypto_pwhash_str_verify(
"$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
"$TNnWIwlu1061JHrnCqIAmjs3huSxYI~=U+0jWipu7Kc9M",
"password", strlen("password")) != -1 || errno != EINVAL) {
printf("pwhash_str_verify(invalid(11)) failure\n");
}
assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT,
crypto_pwhash_ALG_ARGON2I13) == 0);
assert(crypto_pwhash_argon2i_str_verify(str_out, "test", 4) == 0);
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
OPSLIMIT, MEMLIMIT) == 0);
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
OPSLIMIT / 2, MEMLIMIT) == 1);
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
OPSLIMIT, MEMLIMIT / 2) == 1);
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == 1);
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == -1);
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out + 1,
OPSLIMIT, MEMLIMIT) == -1);
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == -1);
assert(crypto_pwhash_argon2id_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1);
assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT,
crypto_pwhash_ALG_ARGON2ID13) == 0);
assert(crypto_pwhash_argon2id_str_verify(str_out, "test", 4) == 0);
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
OPSLIMIT, MEMLIMIT) == 0);
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
OPSLIMIT / 2, MEMLIMIT) == 1);
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
OPSLIMIT, MEMLIMIT / 2) == 1);
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == 1);
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == -1);
assert(crypto_pwhash_argon2id_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1);
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out + 1,
OPSLIMIT, MEMLIMIT) == -1);
sodium_free(salt);
sodium_free(str_out);
sodium_free(str_out2);
}
int main(void)
{
unsigned char *alicepk;
unsigned char *alicesk;
unsigned char *bobpk;
unsigned char *bobsk;
unsigned char *mac;
unsigned char *nonce;
unsigned char *k1;
unsigned char *k2;
unsigned char *m;
unsigned char *m2;
unsigned char *c;
size_t mlen;
size_t i;
size_t m_size;
size_t m2_size;
size_t c_size;
int ret;
m2_size = m_size = 1U + randombytes_uniform(10000);
c_size = crypto_box_MACBYTES + m_size;
m = (unsigned char *) sodium_malloc(m_size);
m2 = (unsigned char *) sodium_malloc(m2_size);
c = (unsigned char *) sodium_malloc(c_size);
alicepk = (unsigned char *) sodium_malloc(crypto_box_PUBLICKEYBYTES);
alicesk = (unsigned char *) sodium_malloc(crypto_box_SECRETKEYBYTES);
bobpk = (unsigned char *) sodium_malloc(crypto_box_PUBLICKEYBYTES);
bobsk = (unsigned char *) sodium_malloc(crypto_box_SECRETKEYBYTES);
mac = (unsigned char *) sodium_malloc(crypto_box_MACBYTES);
nonce = (unsigned char *) sodium_malloc(crypto_box_NONCEBYTES);
k1 = (unsigned char *) sodium_malloc(crypto_box_BEFORENMBYTES);
k2 = (unsigned char *) sodium_malloc(crypto_box_BEFORENMBYTES);
crypto_box_keypair(alicepk, alicesk);
crypto_box_keypair(bobpk, bobsk);
mlen = (size_t) randombytes_uniform((uint32_t) m_size) + 1U;
randombytes_buf(m, mlen);
randombytes_buf(nonce, crypto_box_NONCEBYTES);
ret = crypto_box_easy(c, m, mlen, nonce, bobpk, alicesk);
assert(ret == 0);
if (crypto_box_open_easy(m2, c,
(unsigned long long) mlen + crypto_box_MACBYTES,
nonce, alicepk, bobsk) != 0) {
printf("open() failed");
return 1;
}
printf("%d\n", memcmp(m, m2, mlen));
for (i = 0; i < mlen + crypto_box_MACBYTES - 1; i++) {
if (crypto_box_open_easy(m2, c, (unsigned long long) i,
nonce, alicepk, bobsk) == 0) {
printf("short open() should have failed");
return 1;
}
}
memcpy(c, m, mlen);
ret = crypto_box_easy(c, c, (unsigned long long) mlen, nonce, bobpk, alicesk);
assert(ret == 0);
printf("%d\n", memcmp(m, c, mlen) == 0);
printf("%d\n", memcmp(m, c + crypto_box_MACBYTES, mlen) == 0);
if (crypto_box_open_easy(c, c,
(unsigned long long) mlen + crypto_box_MACBYTES,
nonce, alicepk, bobsk) != 0) {
printf("crypto_box_open_easy() failed\n");
}
ret = crypto_box_beforenm(k1, alicepk, bobsk);
assert(ret == 0);
ret = crypto_box_beforenm(k2, bobpk, alicesk);
assert(ret == 0);
memset(m2, 0, m2_size);
if (crypto_box_easy_afternm(c, m, SIZE_MAX - 1U, nonce, k1) == 0) {
printf("crypto_box_easy_afternm() with a short ciphertext should have failed\n");
}
crypto_box_easy_afternm(c, m, (unsigned long long) mlen, nonce, k1);
if (crypto_box_open_easy_afternm(m2, c,
(unsigned long long) mlen + crypto_box_MACBYTES,
nonce, k2) != 0) {
printf("crypto_box_open_easy_afternm() failed\n");
}
printf("%d\n", memcmp(m, m2, mlen));
if (crypto_box_open_easy_afternm(m2, c, crypto_box_MACBYTES - 1U,
nonce, k2) == 0) {
printf("crypto_box_open_easy_afternm() with a huge ciphertext should have failed\n");
}
memset(m2, 0, m2_size);
ret = crypto_box_detached(c, mac, m, (unsigned long long) mlen,
nonce, alicepk, bobsk);
assert(ret == 0);
if (crypto_box_open_detached(m2, c, mac, (unsigned long long) mlen,
nonce, bobpk, alicesk) != 0) {
printf("crypto_box_open_detached() failed\n");
}
printf("%d\n", memcmp(m, m2, mlen));
memset(m2, 0, m2_size);
crypto_box_detached_afternm(c, mac, m, (unsigned long long) mlen,
nonce, k1);
if (crypto_box_open_detached_afternm(m2, c, mac, (unsigned long long) mlen,
nonce, k2) != 0) {
printf("crypto_box_open_detached_afternm() failed\n");
}
printf("%d\n", memcmp(m, m2, mlen));
sodium_free(alicepk);
sodium_free(alicesk);
sodium_free(bobpk);
sodium_free(bobsk);
sodium_free(mac);
sodium_free(nonce);
sodium_free(k1);
sodium_free(k2);
sodium_free(m);
sodium_free(m2);
sodium_free(c);
printf("OK\n");
return 0;
}
/*
* Start a new ratchet chain. This derives an initial root key and returns a new ratchet state.
*
* All the keys will be copied so you can free the buffers afterwards. (private identity get's
* immediately deleted after deriving the initial root key though!)
*
* The return value is a valid ratchet state or NULL if an error occured.
*/
ratchet_state* ratchet_create(
const unsigned char * const our_private_identity,
const unsigned char * const our_public_identity,
const unsigned char * const their_public_identity,
const unsigned char * const our_private_ephemeral,
const unsigned char * const our_public_ephemeral,
const unsigned char * const their_public_ephemeral,
bool am_i_alice) {
ratchet_state *state = sodium_malloc(sizeof(ratchet_state));
if (state == NULL) { //failed to allocate memory
return NULL;
}
//derive initial chain, root and header keys
int status = derive_initial_root_chain_and_header_keys(
state->root_key,
state->send_chain_key,
state->receive_chain_key,
state->send_header_key,
state->receive_header_key,
state->next_send_header_key,
state->next_receive_header_key,
our_private_identity,
our_public_identity,
their_public_identity,
our_private_ephemeral,
our_public_ephemeral,
their_public_ephemeral,
am_i_alice);
if (status != 0) {
sodium_memzero(state->root_key, sizeof(state->root_key));
sodium_memzero(state->send_chain_key, sizeof(state->send_chain_key));
sodium_memzero(state->receive_chain_key, sizeof(state->receive_chain_key));
sodium_memzero(state->send_header_key, sizeof(state->send_header_key));
sodium_memzero(state->receive_header_key, sizeof(state->receive_header_key));
sodium_memzero(state->next_send_header_key, sizeof(state->next_send_header_key));
sodium_memzero(state->next_receive_header_key, sizeof(state->receive_header_key));
sodium_free(state);
return NULL;
}
//copy keys into state
//our public identity
memcpy(state->our_public_identity, our_public_identity, sizeof(state->our_public_identity));
//their_public_identity
memcpy(state->their_public_identity, their_public_identity, sizeof(state->their_public_identity));
//our_private_ephemeral
memcpy(state->our_private_ephemeral, our_private_ephemeral, sizeof(state->our_private_ephemeral));
//our_public_ephemeral
memcpy(state->our_public_ephemeral, our_public_ephemeral, sizeof(state->our_public_ephemeral));
//their_public_ephemeral
memcpy(state->their_public_ephemeral, their_public_ephemeral, sizeof(state->their_public_ephemeral));
//initialise message keystore for skipped messages
state->skipped_header_and_message_keys = header_and_message_keystore_init();
state->purported_header_and_message_keys = header_and_message_keystore_init();
//set other state
state->am_i_alice = am_i_alice;
state->ratchet_flag = am_i_alice;
state->received_valid = true; //allowing the receival of new messages
state->header_decryptable = NOT_TRIED;
state->send_message_number = 0;
state->receive_message_number = 0;
state->previous_message_number = 0;
return state;
}
static int
generate(const char *pk_file, const char *sk_file, const char *comment)
{
char *pwd = xsodium_malloc(PASSWORDMAXBYTES);
char *pwd2 = xsodium_malloc(PASSWORDMAXBYTES);
SeckeyStruct *seckey_struct = xsodium_malloc(sizeof(SeckeyStruct));
PubkeyStruct *pubkey_struct = xsodium_malloc(sizeof(PubkeyStruct));
unsigned char *stream ;
FILE *fp;
randombytes_buf(seckey_struct->keynum_sk.keynum,
sizeof seckey_struct->keynum_sk.keynum);
crypto_sign_keypair(pubkey_struct->keynum_pk.pk,
seckey_struct->keynum_sk.sk);
memcpy(seckey_struct->sig_alg, SIGALG, sizeof seckey_struct->sig_alg);
memcpy(seckey_struct->kdf_alg, KDFALG, sizeof seckey_struct->kdf_alg);
memcpy(seckey_struct->chk_alg, CHKALG, sizeof seckey_struct->chk_alg);
randombytes_buf(seckey_struct->kdf_salt, sizeof seckey_struct->kdf_salt);
le64_store(seckey_struct->kdf_opslimit_le,
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE);
le64_store(seckey_struct->kdf_memlimit_le,
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE);
seckey_chk(seckey_struct->keynum_sk.chk, seckey_struct);
memcpy(pubkey_struct->keynum_pk.keynum, seckey_struct->keynum_sk.keynum,
sizeof pubkey_struct->keynum_pk.keynum);
memcpy(pubkey_struct->sig_alg, SIGALG, sizeof pubkey_struct->sig_alg);
puts("Please enter a password to protect the secret key.\n");
if (get_password(pwd, PASSWORDMAXBYTES, "Password: "******"Password (one more time): ") != 0) {
exit_msg("get_password()");
}
if (strcmp(pwd, pwd2) != 0) {
exit_msg("Passwords don't match");
}
printf("Deriving a key from the password in order to encrypt the secret key... ");
fflush(stdout);
stream = xsodium_malloc(sizeof seckey_struct->keynum_sk);
if (crypto_pwhash_scryptsalsa208sha256
(stream, sizeof seckey_struct->keynum_sk, pwd, strlen(pwd),
seckey_struct->kdf_salt,
le64_load(seckey_struct->kdf_opslimit_le),
le64_load(seckey_struct->kdf_memlimit_le)) != 0) {
abort();
}
sodium_free(pwd);
sodium_free(pwd2);
xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream,
sizeof seckey_struct->keynum_sk);
sodium_free(stream);
puts("done\n");
if ((fp = fopen_create_useronly(sk_file)) == NULL) {
exit_err(sk_file);
}
xfprintf(fp, "%s%s\n", COMMENT_PREFIX, comment);
xfput_b64(fp, (unsigned char *) (void *) seckey_struct,
sizeof *seckey_struct);
xfclose(fp);
sodium_free(seckey_struct);
if ((fp = fopen(pk_file, "w")) == NULL) {
exit_err(pk_file);
}
xfprintf(fp, COMMENT_PREFIX "minisign public key %" PRIX64 "\n",
le64_load(pubkey_struct->keynum_pk.keynum));
xfput_b64(fp, (unsigned char *) (void *) pubkey_struct,
sizeof *pubkey_struct);
xfclose(fp);
printf("The secret key was saved as %s - Keep it secret!\n", sk_file);
printf("The public key was saved as %s - That one can be public.\n\n", pk_file);
puts("Files signed using this key pair can be verified with the following command:\n");
printf("minisign -Vm <file> -P ");
xfput_b64(stdout, (unsigned char *) (void *) pubkey_struct,
sizeof *pubkey_struct);
puts("");
sodium_free(pubkey_struct);
return 0;
}
int main(void)
{
unsigned char *c;
unsigned char *mac;
size_t i;
c = (unsigned char *) sodium_malloc(131 + crypto_secretbox_MACBYTES + 1);
mac = (unsigned char *) sodium_malloc(crypto_secretbox_MACBYTES);
assert(c != NULL && mac != NULL);
crypto_secretbox_easy(c, m, 131, nonce, firstkey);
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)c[i]);
if (i % 8 == 7)
printf("\n");
}
printf("\n");
crypto_secretbox_detached(c, mac, m, 131, nonce, firstkey);
for (i = 0; i < crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)mac[i]);
if (i % 8 == 7)
printf("\n");
}
for (i = 0; i < 131; ++i) {
printf(",0x%02x", (unsigned int)c[i]);
if (i % 8 == 7)
printf("\n");
}
printf("\n");
/* Same test, with c and m overlapping */
memcpy(c + 1, m, 131);
crypto_secretbox_easy(c, c + 1, 131, nonce, firstkey);
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)c[i]);
if (i % 8 == 7)
printf("\n");
}
printf("\n");
memcpy(c, m, 131);
crypto_secretbox_easy(c + 1, c, 131, nonce, firstkey);
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)c[i + 1]);
if (i % 8 == 7)
printf("\n");
}
printf("\n");
memcpy(c, m, 131);
crypto_secretbox_easy(c, c, 131, nonce, firstkey);
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)c[i]);
if (i % 8 == 7)
printf("\n");
}
printf("\n");
assert(crypto_secretbox_easy(c, m, SIZE_MAX - 1U, nonce, firstkey) == -1);
sodium_free(mac);
sodium_free(c);
return 0;
}
static SeckeyStruct *
seckey_load(const char *sk_file)
{
char sk_comment[COMMENTMAXBYTES];
unsigned char chk[crypto_generichash_BYTES];
SeckeyStruct *seckey_struct;
FILE *fp;
char *pwd = xsodium_malloc(PASSWORDMAXBYTES);
char *seckey_s;
unsigned char *stream;
size_t seckey_s_size;
size_t seckey_struct_len;
if ((fp = fopen(sk_file, "r")) == NULL) {
exit_err(sk_file);
}
if (fgets(sk_comment, (int) sizeof sk_comment, fp) == NULL) {
exit_err(sk_file);
}
sodium_memzero(sk_comment, sizeof sk_comment);
seckey_s_size = B64_MAX_LEN_FROM_BIN_LEN(sizeof *seckey_struct) + 2U;
seckey_s = xsodium_malloc(seckey_s_size);
seckey_struct = xsodium_malloc(sizeof *seckey_struct);
if (fgets(seckey_s, (int) seckey_s_size, fp) == NULL) {
exit_err(sk_file);
}
trim(seckey_s);
xfclose(fp);
if (b64_to_bin((unsigned char *) (void *) seckey_struct, seckey_s,
sizeof *seckey_struct, strlen(seckey_s),
&seckey_struct_len) == NULL ||
seckey_struct_len != sizeof *seckey_struct) {
exit_msg("base64 conversion failed");
}
sodium_free(seckey_s);
if (memcmp(seckey_struct->sig_alg, SIGALG,
sizeof seckey_struct->sig_alg) != 0) {
exit_msg("Unsupported signature algorithm");
}
if (memcmp(seckey_struct->kdf_alg, KDFALG,
sizeof seckey_struct->kdf_alg) != 0) {
exit_msg("Unsupported key derivation function");
}
if (memcmp(seckey_struct->chk_alg, CHKALG,
sizeof seckey_struct->chk_alg) != 0) {
exit_msg("Unsupported checksum function");
}
if (get_password(pwd, PASSWORDMAXBYTES, "Password: "******"get_password()");
}
printf("Deriving a key from the password and decrypting the secret key... ");
fflush(stdout);
stream = xsodium_malloc(sizeof seckey_struct->keynum_sk);
if (crypto_pwhash_scryptsalsa208sha256
(stream, sizeof seckey_struct->keynum_sk, pwd, strlen(pwd),
seckey_struct->kdf_salt,
le64_load(seckey_struct->kdf_opslimit_le),
le64_load(seckey_struct->kdf_memlimit_le)) != 0) {
abort();
}
sodium_free(pwd);
xor_buf((unsigned char *) (void *) &seckey_struct->keynum_sk, stream,
sizeof seckey_struct->keynum_sk);
sodium_free(stream);
puts("done\n");
seckey_chk(chk, seckey_struct);
if (memcmp(chk, seckey_struct->keynum_sk.chk, sizeof chk) != 0) {
exit_msg("Wrong password for that key");
}
sodium_memzero(chk, sizeof chk);
return seckey_struct;
}
static int
sign(const char *sk_file, const char *message_file, const char *sig_file,
const char *comment, const char *trusted_comment, int hashed)
{
unsigned char global_sig[crypto_sign_BYTES];
SigStruct sig_struct;
FILE *fp;
SeckeyStruct *seckey_struct;
unsigned char *message;
unsigned char *sig_and_trusted_comment;
size_t comment_len;
size_t trusted_comment_len;
size_t message_len;
seckey_struct = seckey_load(sk_file);
message = message_load(&message_len, message_file, hashed);
if (hashed != 0) {
memcpy(sig_struct.sig_alg, SIGALG_HASHED, sizeof sig_struct.sig_alg);
} else {
memcpy(sig_struct.sig_alg, SIGALG, sizeof sig_struct.sig_alg);
}
memcpy(sig_struct.keynum, seckey_struct->keynum_sk.keynum,
sizeof sig_struct.keynum);
crypto_sign_detached(sig_struct.sig, NULL, message, message_len,
seckey_struct->keynum_sk.sk);
free(message);
if ((fp = fopen(sig_file, "w")) == NULL) {
exit_err(sig_file);
}
comment_len = strlen(comment);
assert(strrchr(comment, '\r') == NULL && strrchr(comment, '\n') == NULL);
assert(COMMENTMAXBYTES > sizeof COMMENT_PREFIX);
if (comment_len >= COMMENTMAXBYTES - sizeof COMMENT_PREFIX) {
fprintf(stderr, "Warning: comment too long. "
"This breaks compatibility with signify.\n");
}
xfprintf(fp, "%s%s\n", COMMENT_PREFIX, comment);
xfput_b64(fp, (unsigned char *) (void *) &sig_struct, sizeof sig_struct);
xfprintf(fp, "%s%s\n", TRUSTED_COMMENT_PREFIX, trusted_comment);
trusted_comment_len = strlen(trusted_comment);
assert(strrchr(trusted_comment, '\r') == NULL &&
strrchr(trusted_comment, '\n') == NULL);
if (trusted_comment_len >=
TRUSTEDCOMMENTMAXBYTES - sizeof TRUSTED_COMMENT_PREFIX) {
exit_msg("Trusted comment too long");
}
sig_and_trusted_comment = xmalloc((sizeof sig_struct.sig) +
trusted_comment_len);
memcpy(sig_and_trusted_comment, sig_struct.sig, sizeof sig_struct.sig);
memcpy(sig_and_trusted_comment + sizeof sig_struct.sig, trusted_comment,
trusted_comment_len);
crypto_sign_detached(global_sig, NULL, sig_and_trusted_comment,
(sizeof sig_struct.sig) + trusted_comment_len,
seckey_struct->keynum_sk.sk);
sodium_free(seckey_struct);
xfput_b64(fp, (unsigned char *) (void *) &global_sig, sizeof global_sig);
free(sig_and_trusted_comment);
xfclose(fp);
return 0;
}
static void tv3(void)
{
static struct {
const char *passwd;
const char *out;
} tests[] = {
{ "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg "
"nrDFal+Jxl3,2`#^tFSu%v_+7iYse8-cCkNf!tD=KrW)",
"$7$B6....1....75gBMAGwfFWZqBdyF3WdTQnWdUsuTiWjG1fF9c1jiSD$tc8RoB3."
"Em3/zNgMLWo2u00oGIoTyJv4fl3Fl8Tix72" },
{ "bl72h6#y<':MFRZ>B IA1=NRkCKS%W8`1I.2uQxJN0g)N N aTt^4K!Iw5r "
"H6;crDsv^a55j9tsk'/GqweZn;cdk6+F_St6:#*=?ZCD_lw>.",
"$7$A6....3....Iahc6qM0.UQJHVgE4h9oa1/"
"4OWlWLm9CCtfguvz6bQD$QnXCo3M7nIqtry2WKsUZ5gQ.mY0wAlJu."
"WUhtE8vF66" },
{ "Py "
">e.5b+tLo@rL`dC2k@eJ&4eVl!W=JJ4+k&mAt@gt',FS1JjqKW3aq21:]^kna`"
"mde7kVkN5NrpKUptu)@4*b&?BE_sJMG1=&@`3GBCV]Wg7xwgo7x3El",
"$7$96..../....f6bEusKt79kK4wdYN0ki2nw4bJQ7P3rN6k3BSigsK/"
"D$Dsvuw7vXj5xijmrb/NOhdgoyK/OiSIYv88cEtl9Cik7" },
{ "2vj;Um]FKOL27oam(:Uo8+UmSTvb1FD*h?jk_,S=;RDgF-$Fjk?]9yvfxe@fN^!NN("
"Cuml?+2Raa",
"$7$86....I....7XwIxLtCx4VphmFeUa6OGuGJrFaIaYzDiLNu/"
"tyUPhD$U3q5GCEqCWxMwh.YQHDJrlg7FIZgViv9pcXE3h1vg61" },
{ "CT=[9uUoGav,J`kU+348tA50ue#sL:ABZ3QgF+r[#vh:tTOiL>s8tv%,Jeo]jH/"
"_4^i(*jD-_ku[9Ko[=86 06V",
"$7$A6....2....R3.bjH6YS9wz9z8Jsj.3weGQ3J80ZZElGw2oVux1TP6$"
"i5u6lFzXDHaIgYEICinLD6WNaovbiXP8SnLrDRdKgA9" },
{ "J#wNn`hDgOpTHNI.w^1a70%f,.9V_m038H_JIJQln`vdWnn/"
"rmILR?9H5g(+`;@H(2VosN9Fgk[WEjaBr'yB9Q19-imNa04[Mk5kvGcSn-TV",
"$7$B6....1....Dj1y.4mF1J9XmT/6IDskYdCLaPFJTq9xcCwXQ1DpT92$92/"
"hYfZLRq1nTLyIz.uc/dC6wLqwnsoqpkadrCXusm6" },
{ "j4BS38Asa;p)[K+9TY!3YDj<LK-`nLVXQw9%*QfM",
"$7$B6....1....5Ods8mojVwXJq4AywF/uI9BdMSiJ/zT8hQP/"
"4cB68VC$nk4ExHNXJ802froj51/1wJTrSZvTIyyK7PecOxRRaz0" },
{ "M.R>Qw+!qJb]>pP :_.9`dxM9k [eR7Y!yL-3)sNs[R,j_/^ "
"TH=5ny'15>6UXWcQW^6D%XCsO[vN[%ReA-`tV1vW(Nt*0KVK#]45P_A",
"$7$B6....1....D/"
"eyk8N5y6Z8YVQEsw521cTx.9zzLuK7YDs1KMMh.o4$alfW8ZbsUWnXc."
"vqon2zoljVk24Tt1.IsCuo2KurvS2" },
{ "K3S=KyH#)36_?]LxeR8QNKw6X=gFb'ai$C%29V* "
"tyh^Wo$TN-#Q4qkmtTCf0LLb.^E$0uykkP",
"$7$B6....1....CuBuU97xgAage8whp/"
"JNKobo0TFbsORGVbfcQIefyP8$aqalP."
"XofGViB8EPLONqHma8vs1xc9uTIMYh9CgE.S8" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
/* Invalid pwhash strings */
{ "Y0!?iQa9M%5ekffW(`",
"$7$A6....1....$TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$.6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$A.....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$A6.........TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i44269$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AH" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx54269" },
{ "Y0!?iQa9M%5ekffW(`",
"$7^A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$!6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$A!....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$A6....!....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "",
"$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "Y0!?iQa9M%5ekffW(`",
"$7fA6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4#"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$AX....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$A6....1!...TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$A6....1" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$" },
{ "Y0!?iQa9M%5ekffW(`",
"" },
{ "Y0!?iQa9M%5ekffW(`",
"$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$"
"" },
};
char *out;
char *passwd;
size_t i = 0U;
do {
out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
if (crypto_pwhash_scryptsalsa208sha256_str_verify(
out, passwd, strlen(passwd)) != 0) {
printf("pwhash_str failure: [%u]\n", (unsigned int)i);
}
sodium_free(out);
sodium_free(passwd);
} while (++i < (sizeof tests) / (sizeof tests[0]));
}
static void
tv_kx(void)
{
unsigned char *seed;
unsigned char *client_pk, *client_sk;
unsigned char *client_rx, *client_tx;
unsigned char *server_pk, *server_sk;
unsigned char *server_rx, *server_tx;
char hex[65];
int i;
seed = (unsigned char *) sodium_malloc(crypto_kx_SEEDBYTES);
for (i = 0; i < crypto_kx_SEEDBYTES; i++) {
seed[i] = (unsigned char) i;
}
client_pk = (unsigned char *) sodium_malloc(crypto_kx_PUBLICKEYBYTES);
client_sk = (unsigned char *) sodium_malloc(crypto_kx_SECRETKEYBYTES);
crypto_kx_seed_keypair(client_pk, client_sk, seed);
sodium_bin2hex(hex, sizeof hex, client_pk, crypto_kx_PUBLICKEYBYTES);
printf("client_pk: [%s]\n", hex);
sodium_bin2hex(hex, sizeof hex, client_sk, crypto_kx_SECRETKEYBYTES);
printf("client_sk: [%s]\n", hex);
server_pk = (unsigned char *) sodium_malloc(crypto_kx_PUBLICKEYBYTES);
server_sk = (unsigned char *) sodium_malloc(crypto_kx_SECRETKEYBYTES);
crypto_kx_keypair(server_pk, server_sk);
client_rx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
client_tx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
assert(crypto_kx_client_session_keys(client_rx, client_tx,
client_pk, client_sk,
small_order_p) == -1);
if (crypto_kx_client_session_keys(client_rx, client_tx,
client_pk, client_sk, server_pk) != 0) {
printf("crypto_kx_client_session_keys() failed\n");
}
server_rx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
server_tx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
assert(crypto_kx_server_session_keys(server_rx, server_tx,
server_pk, server_sk,
small_order_p) == -1);
if (crypto_kx_server_session_keys(server_rx, server_tx,
server_pk, server_sk, client_pk) != 0) {
printf("crypto_kx_server_session_keys() failed\n");
}
if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) != 0 ||
memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) != 0) {
printf("client session keys != server session keys\n");
}
sodium_increment(client_pk, crypto_kx_PUBLICKEYBYTES);
if (crypto_kx_server_session_keys(server_rx, server_tx,
server_pk, server_sk, client_pk) != 0) {
printf("crypto_kx_server_session_keys() failed\n");
}
if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0 &&
memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) == 0) {
printf("peer's public key is ignored\n");
}
crypto_kx_keypair(client_pk, client_sk);
if (crypto_kx_server_session_keys(server_rx, server_tx,
server_pk, server_sk, client_pk) != 0) {
printf("crypto_kx_server_session_keys() failed\n");
}
if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0 ||
memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) == 0) {
printf("session keys are constant\n");
}
crypto_kx_seed_keypair(client_pk, client_sk, seed);
sodium_increment(seed, crypto_kx_SEEDBYTES);
crypto_kx_seed_keypair(server_pk, server_sk, seed);
if (crypto_kx_server_session_keys(server_rx, server_tx,
server_pk, server_sk, client_pk) != 0) {
printf("crypto_kx_server_session_keys() failed\n");
}
sodium_bin2hex(hex, sizeof hex, server_rx, crypto_kx_SESSIONKEYBYTES);
printf("server_rx: [%s]\n", hex);
sodium_bin2hex(hex, sizeof hex, server_tx, crypto_kx_SESSIONKEYBYTES);
printf("server_tx: [%s]\n", hex);
if (crypto_kx_client_session_keys(client_rx, client_tx,
client_pk, client_sk, server_pk) != 0) {
printf("crypto_kx_client_session_keys() failed\n");
}
sodium_bin2hex(hex, sizeof hex, client_rx, crypto_kx_SESSIONKEYBYTES);
printf("client_rx: [%s]\n", hex);
sodium_bin2hex(hex, sizeof hex, client_tx, crypto_kx_SESSIONKEYBYTES);
printf("client_tx: [%s]\n", hex);
randombytes_buf(client_rx, crypto_kx_SESSIONKEYBYTES);
randombytes_buf(client_tx, crypto_kx_SESSIONKEYBYTES);
randombytes_buf(server_rx, crypto_kx_SESSIONKEYBYTES);
randombytes_buf(server_tx, crypto_kx_SESSIONKEYBYTES);
if (crypto_kx_client_session_keys(client_rx, NULL,
client_pk, client_sk, server_pk) != 0 ||
crypto_kx_client_session_keys(NULL, client_tx,
client_pk, client_sk, server_pk) != 0 ||
crypto_kx_server_session_keys(server_rx, NULL,
server_pk, server_sk, client_pk) != 0 ||
crypto_kx_server_session_keys(NULL, server_tx,
server_pk, server_sk, client_pk) != 0) {
printf("failure when one of the pointers happens to be NULL");
}
assert(memcmp(client_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0);
assert(memcmp(client_tx, server_rx, crypto_kx_SESSIONKEYBYTES) == 0);
assert(memcmp(server_rx, server_tx, crypto_kx_SESSIONKEYBYTES) == 0);
sodium_free(client_rx);
sodium_free(client_tx);
sodium_free(server_rx);
sodium_free(server_tx);
sodium_free(server_sk);
sodium_free(server_pk);
sodium_free(client_sk);
sodium_free(client_pk);
sodium_free(seed);
assert(strcmp(crypto_kx_primitive(), crypto_kx_PRIMITIVE) == 0);
assert(crypto_kx_publickeybytes() == crypto_kx_PUBLICKEYBYTES);
assert(crypto_kx_secretkeybytes() == crypto_kx_SECRETKEYBYTES);
assert(crypto_kx_seedbytes() == crypto_kx_SEEDBYTES);
assert(crypto_kx_sessionkeybytes() == crypto_kx_SESSIONKEYBYTES);
printf("tv_kx: ok\n");
}
static void
tv_hchacha20(void)
{
static const HChaCha20TV tvs[] = {
{ "24f11cce8a1b3d61e441561a696c1c1b7e173d084fd4812425435a8896a013dc", "d9660c5900ae19ddad28d6e06e45fe5e", "5966b3eec3bff1189f831f06afe4d4e3be97fa9235ec8c20d08acfbbb4e851e3" },
{ "80a5f6272031e18bb9bcd84f3385da65e7731b7039f13f5e3d475364cd4d42f7", "c0eccc384b44c88e92c57eb2d5ca4dfa", "6ed11741f724009a640a44fce7320954c46e18e0d7ae063bdbc8d7cf372709df" },
{ "cb1fc686c0eec11a89438b6f4013bf110e7171dace3297f3a657a309b3199629", "fcd49b93e5f8f299227e64d40dc864a3", "84b7e96937a1a0a406bb7162eeaad34308d49de60fd2f7ec9dc6a79cbab2ca34" },
{ "6640f4d80af5496ca1bc2cfff1fefbe99638dbceaabd7d0ade118999d45f053d", "31f59ceeeafdbfe8cae7914caeba90d6", "9af4697d2f5574a44834a2c2ae1a0505af9f5d869dbe381a994a18eb374c36a0" },
{ "0693ff36d971225a44ac92c092c60b399e672e4cc5aafd5e31426f123787ac27", "3a6293da061da405db45be1731d5fc4d", "f87b38609142c01095bfc425573bb3c698f9ae866b7e4216840b9c4caf3b0865" },
{ "809539bd2639a23bf83578700f055f313561c7785a4a19fc9114086915eee551", "780c65d6a3318e479c02141d3f0b3918", "902ea8ce4680c09395ce71874d242f84274243a156938aaa2dd37ac5be382b42" },
{ "1a170ddf25a4fd69b648926e6d794e73408805835c64b2c70efddd8cd1c56ce0", "05dbee10de87eb0c5acb2b66ebbe67d3", "a4e20b634c77d7db908d387b48ec2b370059db916e8ea7716dc07238532d5981" },
{ "3b354e4bb69b5b4a1126f509e84cad49f18c9f5f29f0be0c821316a6986e15a6", "d8a89af02f4b8b2901d8321796388b6c", "9816cb1a5b61993735a4b161b51ed2265b696e7ded5309c229a5a99f53534fbc" },
{ "4b9a818892e15a530db50dd2832e95ee192e5ed6afffb408bd624a0c4e12a081", "a9079c551de70501be0286d1bc78b045", "ebc5224cf41ea97473683b6c2f38a084bf6e1feaaeff62676db59d5b719d999b" },
{ "c49758f00003714c38f1d4972bde57ee8271f543b91e07ebce56b554eb7fa6a7", "31f0204e10cf4f2035f9e62bb5ba7303", "0dd8cc400f702d2c06ed920be52048a287076b86480ae273c6d568a2e9e7518c" }
};
const HChaCha20TV *tv;
unsigned char *constant;
unsigned char *key;
unsigned char *in;
unsigned char *out;
unsigned char *out2;
int i;
constant = (unsigned char *) sodium_malloc(crypto_core_hchacha20_CONSTBYTES);
key = (unsigned char *) sodium_malloc(crypto_core_hchacha20_KEYBYTES);
in = (unsigned char *) sodium_malloc(crypto_core_hchacha20_INPUTBYTES);
out = (unsigned char *) sodium_malloc(crypto_core_hchacha20_OUTPUTBYTES);
out2 = (unsigned char *) sodium_malloc(crypto_core_hchacha20_OUTPUTBYTES);
for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) {
tv = &tvs[i];
sodium_hex2bin(key, crypto_core_hchacha20_KEYBYTES,
tv->key, strlen(tv->key), NULL, NULL, NULL);
sodium_hex2bin(in, crypto_core_hchacha20_INPUTBYTES,
tv->in, strlen(tv->in), NULL, NULL, NULL);
sodium_hex2bin(out, crypto_core_hchacha20_OUTPUTBYTES,
tv->out, strlen(tv->out), NULL, NULL, NULL);
crypto_core_hchacha20(out2, in, key, NULL);
assert(memcmp(out, out2, crypto_core_hchacha20_OUTPUTBYTES) == 0);
}
sodium_hex2bin(constant, crypto_core_hchacha20_CONSTBYTES,
"0d29b795c1ca70c1652e823364d32417",
crypto_core_hchacha20_CONSTBYTES * 2 + 1, NULL, NULL, NULL);
sodium_hex2bin(out, crypto_core_hchacha20_OUTPUTBYTES,
"934d941d78eb9bfc2f0376f7ccd4a11ecf0c6a44104618a9749ef47fe97037a2",
crypto_core_hchacha20_OUTPUTBYTES * 2 + 1, NULL, NULL, NULL);
crypto_core_hchacha20(out2, in, key, constant);
assert(memcmp(out, out2, crypto_core_hchacha20_OUTPUTBYTES) == 0);
sodium_free(out2);
sodium_free(out);
sodium_free(in);
sodium_free(key);
sodium_free(constant);
assert(crypto_core_hchacha20_outputbytes() == crypto_core_hchacha20_OUTPUTBYTES);
assert(crypto_core_hchacha20_inputbytes() == crypto_core_hchacha20_INPUTBYTES);
assert(crypto_core_hchacha20_keybytes() == crypto_core_hchacha20_KEYBYTES);
assert(crypto_core_hchacha20_constbytes() == crypto_core_hchacha20_CONSTBYTES);
printf("tv_hchacha20: ok\n");
}
int
main(void)
{
unsigned char *n, *p, *q, *q2;
n = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES);
p = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
q = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
q2 = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES);
randombytes_buf(n, crypto_scalarmult_ed25519_SCALARBYTES);
if (crypto_scalarmult_ed25519_base(q, n) != 0) {
printf("crypto_scalarmult_ed25519_base() failed\n");
}
memcpy(p, B, crypto_scalarmult_ed25519_BYTES);
if (crypto_scalarmult_ed25519(q2, n, p) != 0) {
printf("crypto_scalarmult_ed25519() failed\n");
}
if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) {
printf("crypto_scalarmult_ed25519_base(n) != crypto_scalarmult_ed25519(n, 9)\n");
}
memset(n, 0, crypto_scalarmult_ed25519_SCALARBYTES);
if (crypto_scalarmult_ed25519_base(q, n) != -1) {
printf("crypto_scalarmult_ed25519_base(0) passed\n");
}
if (crypto_scalarmult_ed25519(q2, n, p) != -1) {
printf("crypto_scalarmult_ed25519(0) passed\n");
}
if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != -1) {
printf("crypto_scalarmult_ed25519_noclamp(0) passed\n");
}
n[0] = 1;
if (crypto_scalarmult_ed25519_base(q, n) != 0) {
printf("crypto_scalarmult_ed25519_base() failed\n");
}
if (crypto_scalarmult_ed25519(q2, n, p) != 0) {
printf("crypto_scalarmult_ed25519() failed\n");
}
if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed\n");
}
if (crypto_scalarmult_ed25519(q, n, non_canonical_p) != -1) {
printf("crypto_scalarmult_ed25519() didn't fail\n");
}
if (crypto_scalarmult_ed25519(q, n, non_canonical_invalid_p) != -1) {
printf("crypto_scalarmult_ed25519() didn't fail\n");
}
if (crypto_scalarmult_ed25519(q, n, max_canonical_p) != 0) {
printf("crypto_scalarmult_ed25519() failed\n");
}
n[0] = 9;
if (crypto_scalarmult_ed25519(q, n, p) != 0) {
printf("crypto_scalarmult_ed25519() failed\n");
}
if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed\n");
}
if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) == 0) {
printf("clamping not applied\n");
}
n[0] = 8;
n[31] = 64;
if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) {
printf("crypto_scalarmult_ed25519_noclamp() failed\n");
}
if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) {
printf("inconsistent clamping\n");
}
memset(p, 0, crypto_scalarmult_ed25519_BYTES);
if (crypto_scalarmult_ed25519(q, n, p) != -1) {
printf("crypto_scalarmult_ed25519() didn't fail\n");
}
if (crypto_scalarmult_ed25519_noclamp(q, n, p) != -1) {
printf("crypto_scalarmult_ed25519_noclamp() didn't fail\n");
}
n[0] = 8;
if (crypto_scalarmult_ed25519(q, n, p) != -1) {
printf("crypto_scalarmult_ed25519() didn't fail\n");
}
if (crypto_scalarmult_ed25519_noclamp(q, n, p) != -1) {
printf("crypto_scalarmult_ed25519_noclamp() didn't fail\n");
}
sodium_free(q2);
sodium_free(q);
sodium_free(p);
sodium_free(n);
assert(crypto_scalarmult_ed25519_BYTES == crypto_scalarmult_ed25519_bytes());
assert(crypto_scalarmult_ed25519_SCALARBYTES == crypto_scalarmult_ed25519_scalarbytes());
printf("OK\n");
return 0;
}
static void
tv_box_xchacha20poly1305(void)
{
char hex[65];
unsigned char *pk;
unsigned char *sk;
unsigned char *m;
unsigned char *m2;
unsigned char *mac;
unsigned char *nonce;
unsigned char *out;
unsigned char *pc;
unsigned char *seed;
size_t m_len;
int i;
pk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
sk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
nonce = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
mac = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_MACBYTES);
pc = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
for (i = 0; i < 10; i++) {
m_len = (i == 0) ? 0 : randombytes_uniform(150);
m = (unsigned char *) sodium_malloc(m_len);
m2 = (unsigned char *) sodium_malloc(m_len);
out = (unsigned char *) sodium_malloc
(crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len);
randombytes_buf(nonce, crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
randombytes_buf(m, m_len);
assert(crypto_box_curve25519xchacha20poly1305_keypair(pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, m_len, nonce,
pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_easy
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
nonce, pk, sk) == 0);
assert(memcmp(m2, m, m_len) == 0);
sodium_free(out);
out = (unsigned char *) sodium_malloc
(crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len);
assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_easy_afternm
(out, m, m_len, nonce, pc) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
nonce, pc) == 0);
assert(memcmp(m2, m, m_len) == 0);
sodium_free(out);
out = (unsigned char *) sodium_malloc(m_len);
assert(crypto_box_curve25519xchacha20poly1305_detached(out, mac, m, m_len,
nonce, pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_detached
(m2, out, mac, m_len, nonce, pk, sk) == 0);
sodium_free(out);
out = (unsigned char *) sodium_malloc(m_len);
assert(crypto_box_curve25519xchacha20poly1305_detached_afternm
(out, mac, m, m_len, nonce, pc) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_detached_afternm
(m2, out, mac, m_len, nonce, pc) == 0);
sodium_free(out);
sodium_free(m2);
sodium_free(m);
}
sodium_free(pc);
sodium_free(mac);
sodium_free(nonce);
seed = (unsigned char *) sodium_malloc
(crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
for (i = 0; i < crypto_box_curve25519xchacha20poly1305_SEEDBYTES; i++) {
seed[i] = i;
}
crypto_box_curve25519xchacha20poly1305_seed_keypair(pk, sk, seed);
sodium_bin2hex(hex, sizeof hex, pk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
assert(strcmp(hex, "4701d08488451f545a409fb58ae3e58581ca40ac3f7f114698cd71deac73ca01") == 0);
sodium_bin2hex(hex, sizeof hex, sk, crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
assert(strcmp(hex, "3d94eea49c580aef816935762be049559d6d1440dede12e6a125f1841fff8e6f") == 0);
sodium_free(seed);
sodium_free(sk);
sodium_free(pk);
assert(crypto_box_curve25519xchacha20poly1305_seedbytes() == crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
assert(crypto_box_curve25519xchacha20poly1305_publickeybytes() == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
printf("tv_box_xchacha20poly1305: ok\n");
}
static void
tv_secretbox_xchacha20poly1305(void)
{
static const XChaCha20Poly1305TV tvs[] = {
{ "065ff46a9dddb1ab047ee5914d6d575a828b8cc1f454b24e8cd0f57efdc49a34", "f83262646ce01293b9923a65a073df78c54b2e799cd6c4e5", "", "4c72340416339dcdea01b760db5adaf7" },
{ "d3c71d54e6b13506e07aa2e7b412a17a7a1f34df3d3148cd3f45b91ccaa5f4d9", "943b454a853aa514c63cf99b1e197bbb99da24b2e2d93e47", "76bd706e07741e713d90efdb34ad202067263f984942aae8bda159f30dfccc72200f8093520b85c5ad124ff7c8b2d920946e5cfff4b819abf84c7b35a6205ca72c9f8747c3044dd73fb4bebda1b476", "0384276f1cfa5c82c3e58f0f2acc1f821c6f526d2c19557cf8bd270fcde43fba1d88890663f7b2f5c6b1d7deccf5c91b4df5865dc55cc7e04d6793fc2db8f9e3b418f95cb796d67a7f3f7e097150cb607c435dacf82eac3d669866e5092ace" },
{ "9498fdb922e0596e32af7f8108def2068f5a32a5ac70bd33ade371701f3d98d0", "a0056f24be0d20106fe750e2ee3684d4457cbdcb3a74e566", "b1bc9cfedb340fb06a37eba80439189e48aa0cfd37020eec0afa09165af12864671b3fbddbbb20ac18f586f2f66d13b3ca40c9a7e21c4513a5d87a95319f8ca3c2151e2a1b8b86a35653e77f90b9e63d2a84be9b9603876a89d60fd708edcd64b41be1064b8ad1046553aaeb51dc70b8112c9915d94f2a5dad1e14e7009db6c703c843a4f64b77d44b179b9579ac497dac2d33", "4918790d46893fa3dca74d8abc57eef7fca2c6393d1beef5efa845ac20475db38d1a068debf4c5dbd8614eb072877c565dc52bd40941f0b590d2079a5028e426bf50bcbaadcbebf278bddceedc578a5e31379523dee15026ec82d34e56f2871fdf13255db199ac48f163d5ee7e4f4e09a39451356959d9242a39aea33990ab960a4c25346e3d9397fc5e7cb6266c2476411cd331f2bcb4486750c746947ec6401865d5" },
{ "fa2d915e044d0519248150e7c815b01f0f2a691c626f8d22c3ef61e7f16eea47", "c946065dc8befa9cc9f292ea2cf28f0256285565051792b7", "d5be1a24c7872115dc5c5b4234dbee35a6f89ae3a91b3e33d75249a0aecfed252341295f49296f7ee14d64de1ea6355cb8facd065052d869aeb1763cda7e418a7e33b6f7a81327181df6cd4de3a126d9df1b5e8b0b1a6b281e63f2", "6d32e3571afec58b0acabb54a287118b3ed6691f56cc8ead12d735352c9a050c2ca173c78b6092f9ad4b7c21c36fb0ce18560956395bab3099c54760a743051ac6a898a0b0034b5e953340c975cf7a873c56b27e66bca2bff1dd977addefc7935bb7550753dd13d1f1a43d" },
{ "6f149c2ec27af45176030c8dd7ab0e1e488f5803f26f75045d7a56f59a587a85", "952aff2f39bc70016f04ac7fb8b55fd22764ba16b56e255d", "8fde598c4bde5786abdc6ab83fce66d59782b6ce36afe028c447ad4086a748764afa88a520e837a9d56d0b7693b0476649f24c2aa44b94615a1efc75", "9bccf07974836fa4609d32d9527d928d184d9c6c0823af2f703e0e257a162d26d3678fa15ab1c4db76ac42084d32cefca8efaf77814c199b310999e327a3e3daa2e235b175979504ede87b58" },
{ "b964b7fdf442efbcc2cd3e4cd596035bdfb05ed7d44f7fd4dce2d5614af5c8c4", "2886fbfa4b35b68f28d31df6243a4fbc56475b69e24820a4", "", "b83fbdd112bf0f7d62eff96c9faa8850" },
{ "10c0ad4054b48d7d1de1d9ab6f782ca883d886573e9d18c1d47b6ee6b5208189", "977edf57428d0e0247a3c88c9a9ec321bbaae1a4da8353b5", "518e4a27949812424b2a381c3efea6055ee5e75eff", "0c801a037c2ed0500d6ef68e8d195eceb05a15f8edb68b35773e81ac2aca18e9be53416f9a" },
{ "7db0a81d01699c86f47a3ec76d46aa32660adad7f9ac72cf8396419f789f6bb1", "e7cb57132ce954e28f4470cca1dbda20b534cdf32fbe3658", "ee6511d403539e611ab312205f0c3b8f36a33d36f1dc44bb33d6836f0ab93b9f1747167bf0150f045fcd12a39479641d8bdde6fe01475196e8fe2c435e834e30a59f6aaa01ebcd", "ae8b1d4df4f982b2702626feca07590fedd0dfa7ae34e6a098372a1aa32f9fbf0ce2a88b5c16a571ef48f3c9fda689ce8ebb9947c9e2a28e01b1191efc81ad2ce0ed6e6fc7c164b1fc7f3d50b7f5e47a895db3c1fc46c0" },
{ "7b043dd27476cf5a2baf2907541d8241ecd8b97d38d08911737e69b0846732fb", "74706a2855f946ed600e9b453c1ac372520b6a76a3c48a76", "dbf165bb8352d6823991b99f3981ba9c8153635e5695477cba54e96a2a8c4dc5f9dbe817887d7340e3f48a", "ce57261afba90a9598de15481c43f26f7b8c8cb2806c7c977752dba898dc51b92a3f1a62ebf696747bfccf72e0edda97f2ccd6d496f55aefbb3ec2" },
{ "e588e418d658df1b2b1583122e26f74ca3506b425087bea895d81021168f8164", "4f4d0ffd699268cd841ce4f603fe0cd27b8069fcf8215fbb", "f91bcdcf4d08ba8598407ba8ef661e66c59ca9d89f3c0a3542e47246c777091e4864e63e1e3911dc01257255e551527a53a34481be", "22dc88de7cacd4d9ce73359f7d6e16e74caeaa7b0d1ef2bb10fda4e79c3d5a9aa04b8b03575fd27bc970c9ed0dc80346162469e0547030ddccb8cdc95981400907c87c9442" }
};
const XChaCha20Poly1305TV *tv;
unsigned char *m;
unsigned char *nonce;
unsigned char *key;
unsigned char *out;
unsigned char *out2;
size_t m_len;
size_t out_len;
size_t n;
int i;
key = (unsigned char *) sodium_malloc
(crypto_secretbox_xchacha20poly1305_KEYBYTES);
nonce = (unsigned char *) sodium_malloc
(crypto_secretbox_xchacha20poly1305_NONCEBYTES);
for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) {
tv = &tvs[i];
m_len = strlen(tv->m) / 2;
m = (unsigned char *) sodium_malloc(m_len);
sodium_hex2bin(key, crypto_secretbox_xchacha20poly1305_KEYBYTES,
tv->key, strlen(tv->key), NULL, NULL, NULL);
sodium_hex2bin(nonce, crypto_secretbox_xchacha20poly1305_NONCEBYTES,
tv->nonce, strlen(tv->nonce), NULL, NULL, NULL);
sodium_hex2bin(m, m_len, tv->m, strlen(tv->m), NULL, NULL, NULL);
out = (unsigned char *) sodium_malloc
(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len);
out2 = (unsigned char *) sodium_malloc
(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len);
sodium_hex2bin(out, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
tv->out, strlen(tv->out), NULL, NULL, NULL);
crypto_secretbox_xchacha20poly1305_easy(out2, m, m_len, nonce, key);
assert(memcmp(out, out2,
crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0);
n = randombytes_uniform(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len);
out2[n]++;
assert(crypto_secretbox_xchacha20poly1305_open_easy
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
nonce, key) == -1);
out2[n]--;
nonce[0]++;
assert(crypto_secretbox_xchacha20poly1305_open_easy
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
nonce, key) == -1);
nonce[0]--;
assert(crypto_secretbox_xchacha20poly1305_open_easy
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
nonce, key) == 0);
assert(memcmp(m, out2, m_len) == 0);
assert(crypto_secretbox_xchacha20poly1305_open_detached
(out2, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out,
m_len, nonce, key) == 0);
crypto_secretbox_xchacha20poly1305_detached
(out2 + crypto_secretbox_xchacha20poly1305_MACBYTES, out2, m,
m_len, nonce, key);
assert(memcmp(out, out2,
crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0);
sodium_free(out);
sodium_free(out2);
sodium_free(m);
}
sodium_free(nonce);
sodium_free(key);
assert(crypto_secretbox_xchacha20poly1305_keybytes() == crypto_secretbox_xchacha20poly1305_KEYBYTES);
assert(crypto_secretbox_xchacha20poly1305_noncebytes() == crypto_secretbox_xchacha20poly1305_NONCEBYTES);
assert(crypto_secretbox_xchacha20poly1305_macbytes() == crypto_secretbox_xchacha20poly1305_MACBYTES);
printf("tv_secretbox_xchacha20: ok\n");
}
int main(void)
{
unsigned char *v16, *v16x;
unsigned char *v32, *v32x;
unsigned char *v64, *v64x;
uint32_t r;
uint8_t o;
int i;
v16 = (unsigned char *) sodium_malloc(16);
v16x = (unsigned char *) sodium_malloc(16);
v32 = (unsigned char *) sodium_malloc(32);
v32x = (unsigned char *) sodium_malloc(32);
v64 = (unsigned char *) sodium_malloc(64);
v64x = (unsigned char *) sodium_malloc(64);
for (i = 0; i < 10000; i++) {
randombytes_buf(v16, 16);
randombytes_buf(v32, 32);
randombytes_buf(v64, 64);
memcpy(v16x, v16, 16);
memcpy(v32x, v32, 32);
memcpy(v64x, v64, 64);
if (crypto_verify_16(v16, v16x) != 0 ||
crypto_verify_32(v32, v32x) != 0 ||
crypto_verify_64(v64, v64x) != 0 ||
sodium_memcmp(v16, v16x, 16) != 0 ||
sodium_memcmp(v32, v32x, 32) != 0 ||
sodium_memcmp(v64, v64x, 64) != 0) {
printf("Failed\n");
}
}
printf("OK\n");
for (i = 0; i < 100000; i++) {
r = randombytes_random();
o = (uint8_t) randombytes_random();
if (o == 0) {
continue;
}
v16x[r & 15U] ^= o;
v32x[r & 31U] ^= o;
v64x[r & 63U] ^= o;
if (crypto_verify_16(v16, v16x) != -1 ||
crypto_verify_32(v32, v32x) != -1 ||
crypto_verify_64(v64, v64x) != -1 ||
sodium_memcmp(v16, v16x, 16) != -1 ||
sodium_memcmp(v32, v32x, 32) != -1 ||
sodium_memcmp(v64, v64x, 64) != -1) {
printf("Failed\n");
}
v16x[r & 15U] ^= o;
v32x[r & 31U] ^= o;
v64x[r & 63U] ^= o;
}
printf("OK\n");
assert(crypto_verify_16_bytes() == 16U);
assert(crypto_verify_32_bytes() == 32U);
assert(crypto_verify_64_bytes() == 64U);
sodium_free(v16);
sodium_free(v16x);
sodium_free(v32);
sodium_free(v32x);
sodium_free(v64);
sodium_free(v64x);
return 0;
}
static void
tv_stream_xchacha20(void)
{
static const XChaCha20TV tvs[] = {
{ "79c99798ac67300bbb2704c95c341e3245f3dcb21761b98e52ff45b24f304fc4", "b33ffd3096479bcfbc9aee49417688a0a2554f8d95389419", "c6e9758160083ac604ef90e712ce6e75d7797590744e0cf060f013739c" },
{ "ddf7784fee099612c40700862189d0397fcc4cc4b3cc02b5456b3a97d1186173", "a9a04491e7bf00c3ca91ac7c2d38a777d88993a7047dfcc4", "2f289d371f6f0abc3cb60d11d9b7b29adf6bc5ad843e8493e928448d" },
{ "3d12800e7b014e88d68a73f0a95b04b435719936feba60473f02a9e61ae60682", "56bed2599eac99fb27ebf4ffcb770a64772dec4d5849ea2d", "a2c3c1406f33c054a92760a8e0666b84f84fa3a618f0" },
{ "5f5763ff9a30c95da5c9f2a8dfd7cc6efd9dfb431812c075aa3e4f32e04f53e4", "a5fa890efa3b9a034d377926ce0e08ee6d7faccaee41b771", "8a1a5ba898bdbcff602b1036e469a18a5e45789d0e8d9837d81a2388a52b0b6a0f51891528f424c4a7f492a8dd7bce8bac19fbdbe1fb379ac0" },
{ "eadc0e27f77113b5241f8ca9d6f9a5e7f09eee68d8a5cf30700563bf01060b4e", "a171a4ef3fde7c4794c5b86170dc5a099b478f1b852f7b64", "23839f61795c3cdbcee2c749a92543baeeea3cbb721402aa42e6cae140447575f2916c5d71108e3b13357eaf86f060cb" },
{ "91319c9545c7c804ba6b712e22294c386fe31c4ff3d278827637b959d3dbaab2", "410e854b2a911f174aaf1a56540fc3855851f41c65967a4e", "cbe7d24177119b7fdfa8b06ee04dade4256ba7d35ffda6b89f014e479faef6" },
{ "6a6d3f412fc86c4450fc31f89f64ed46baa3256ffcf8616e8c23a06c422842b6", "6b7773fce3c2546a5db4829f53a9165f41b08faae2fb72d5", "8b23e35b3cdd5f3f75525fc37960ec2b68918e8c046d8a832b9838f1546be662e54feb1203e2" },
{ "d45e56368ebc7ba9be7c55cfd2da0feb633c1d86cab67cd5627514fd20c2b391", "fd37da2db31e0c738754463edadc7dafb0833bd45da497fc", "47950efa8217e3dec437454bd6b6a80a287e2570f0a48b3fa1ea3eb868be3d486f6516606d85e5643becc473b370871ab9ef8e2a728f73b92bd98e6e26ea7c8ff96ec5a9e8de95e1eee9300c" },
{ "aface41a64a9a40cbc604d42bd363523bd762eb717f3e08fe2e0b4611eb4dcf3", "6906e0383b895ab9f1cf3803f42f27c79ad47b681c552c63", "a5fa7c0190792ee17675d52ad7570f1fb0892239c76d6e802c26b5b3544d13151e67513b8aaa1ac5af2d7fd0d5e4216964324838" },
{ "9d23bd4149cb979ccf3c5c94dd217e9808cb0e50cd0f67812235eaaf601d6232", "c047548266b7c370d33566a2425cbf30d82d1eaf5294109e", "a21209096594de8c5667b1d13ad93f744106d054df210e4782cd396fec692d3515a20bf351eec011a92c367888bc464c32f0807acd6c203a247e0db854148468e9f96bee4cf718d68d5f637cbd5a376457788e6fae90fc31097cfc" },
};
const XChaCha20TV *tv;
char *hex;
unsigned char *key;
unsigned char *nonce;
unsigned char *out;
unsigned char *out2;
size_t out_len;
int i;
key = (unsigned char *) sodium_malloc(crypto_stream_xchacha20_KEYBYTES);
nonce = (unsigned char *) sodium_malloc(crypto_stream_xchacha20_NONCEBYTES);
out = (unsigned char *) sodium_malloc(XCHACHA20_OUT_MAX);
for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) {
tv = &tvs[i];
sodium_hex2bin(key, crypto_stream_xchacha20_KEYBYTES,
tv->key, strlen(tv->key), NULL, NULL, NULL);
sodium_hex2bin(nonce, crypto_stream_xchacha20_NONCEBYTES,
tv->nonce, strlen(tv->nonce), NULL, NULL, NULL);
sodium_hex2bin(out, XCHACHA20_OUT_MAX,
tv->out, strlen(tv->out), NULL, &out_len, NULL);
out2 = (unsigned char *) sodium_malloc(out_len);
crypto_stream_xchacha20(out2, out_len, nonce, key);
assert(memcmp(out, out2, out_len) == 0);
crypto_stream_xchacha20_xor(out2, out, out_len, nonce, key);
assert(sodium_is_zero(out2, out_len));
crypto_stream_xchacha20_xor_ic(out2, out, out_len, nonce, 0, key);
assert(sodium_is_zero(out2, out_len));
crypto_stream_xchacha20_xor_ic(out2, out, out_len, nonce, 1, key);
assert(!sodium_is_zero(out2, out_len));
crypto_stream_xchacha20_xor(out, out, out_len, nonce, key);
assert(sodium_is_zero(out, out_len));
sodium_free(out2);
}
out2 = (unsigned char *) sodium_malloc(0);
crypto_stream_xchacha20(out2, 0, nonce, key);
crypto_stream_xchacha20_xor(out2, out2, 0, nonce, key);
crypto_stream_xchacha20_xor_ic(out2, out2, 0, nonce, 1, key);
sodium_free(out2);
sodium_free(out);
out = (unsigned char *) sodium_malloc(64);
out2 = (unsigned char *) sodium_malloc(128);
randombytes_buf(out, 64);
randombytes_buf(out2, 64);
memcpy(out2 + 64, out, 64);
crypto_stream_xchacha20_xor_ic(out, out, 64, nonce, 1, key);
crypto_stream_xchacha20_xor(out2, out2, 128, nonce, key);
assert(memcmp(out, out2 + 64, 64) == 0);
sodium_free(out);
sodium_free(out2);
out = (unsigned char *) sodium_malloc(192);
out2 = (unsigned char *) sodium_malloc(192);
memset(out, 0, 192);
memset(out2, 0, 192);
crypto_stream_xchacha20_xor_ic(out2, out2, 192, nonce,
(1ULL << 32) - 1ULL, key);
crypto_stream_xchacha20_xor_ic(out, out, 64, nonce,
(1ULL << 32) - 1ULL, key);
crypto_stream_xchacha20_xor_ic(out + 64, out + 64, 64, nonce,
(1ULL << 32), key);
crypto_stream_xchacha20_xor_ic(out + 128, out + 128, 64, nonce,
(1ULL << 32) + 1, key);
assert(memcmp(out, out2, 192) == 0);
hex = (char *) sodium_malloc(192 * 2 + 1);
sodium_bin2hex(hex, 192 * 2 + 1, out, 192);
printf("%s\n", hex);
sodium_free(hex);
sodium_free(out);
sodium_free(out2);
sodium_free(nonce);
sodium_free(key);
assert(crypto_stream_xchacha20_keybytes() == crypto_stream_xchacha20_KEYBYTES);
assert(crypto_stream_xchacha20_noncebytes() == crypto_stream_xchacha20_NONCEBYTES);
printf("tv_stream_xchacha20: ok\n");
}
static
void tv_ietf(void)
{
static struct {
const char *key_hex;
const char *nonce_hex;
uint32_t ic;
} tests[]
= { { "0000000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000",
0U },
{ "0000000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000",
1U },
{ "0000000000000000000000000000000000000000000000000000000000000001",
"000000000000000000000000",
1U },
{ "00ff000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000000",
2U },
{ "0000000000000000000000000000000000000000000000000000000000000000",
"000000000000000000000002",
0U },
{ "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
"000000090000004a00000000",
1U }};
unsigned char key[crypto_stream_chacha20_KEYBYTES];
unsigned char nonce[crypto_stream_chacha20_IETF_NONCEBYTES];
unsigned char *part;
unsigned char out[160];
unsigned char zero[160];
char out_hex[160 * 2 + 1];
size_t i = 0U;
size_t plen;
memset(zero, 0, sizeof zero);
do {
sodium_hex2bin((unsigned char *)key, sizeof key, tests[i].key_hex,
strlen(tests[i].key_hex), ": ", NULL, NULL);
sodium_hex2bin(nonce, sizeof nonce, tests[i].nonce_hex,
strlen(tests[i].nonce_hex), ": ", NULL, NULL);
memset(out, 0, sizeof out);
crypto_stream_chacha20_ietf_xor_ic(out, out, sizeof out, nonce, tests[i].ic, key);
sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
printf("[%s]\n", out_hex);
for (plen = 1U; plen < sizeof out; plen++) {
part = (unsigned char *) sodium_malloc(plen);
crypto_stream_chacha20_ietf_xor_ic(part, out, plen, nonce, tests[i].ic, key);
if (memcmp(part, zero, plen) != 0) {
printf("Failed with length %lu\n", (unsigned long) plen);
}
sodium_free(part);
}
} while (++i < (sizeof tests) / (sizeof tests[0]));
randombytes_buf(out, sizeof out);
crypto_stream_chacha20_ietf(out, sizeof out, nonce, key);
sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
printf("[%s]\n", out_hex);
assert(crypto_stream_chacha20_ietf(out, 0U, nonce, key) == 0);
assert(crypto_stream_chacha20_ietf_xor(out, out, 0U, nonce, key) == 0);
assert(crypto_stream_chacha20_ietf_xor(out, out, 0U, nonce, key) == 0);
assert(crypto_stream_chacha20_ietf_xor_ic(out, out, 0U, nonce, 1U, key) == 0);
memset(out, 0x42, sizeof out);
crypto_stream_chacha20_ietf_xor(out, out, sizeof out, nonce, key);
sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
printf("[%s]\n", out_hex);
crypto_stream_chacha20_ietf_xor_ic(out, out, sizeof out, nonce, 0U, key);
sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
printf("[%s]\n", out_hex);
crypto_stream_chacha20_ietf_xor_ic(out, out, sizeof out, nonce, 1U, key);
sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
printf("[%s]\n", out_hex);
};