static void
test_salsa20(unsigned key_length,
const uint8_t *key,
const uint8_t *iv,
unsigned length,
const uint8_t *cleartext,
const uint8_t *ciphertext)
{
struct salsa20_ctx ctx;
uint8_t *data = xalloc(length + 1);
salsa20_set_key(&ctx, key_length, key);
salsa20_set_iv(&ctx, iv);
data[length] = 17;
salsa20_crypt(&ctx, length, data, cleartext);
if (data[length] != 17)
{
fprintf(stderr, "Encrypt of %u bytes wrote too much!\nInput:", length);
print_hex(length, cleartext);
fprintf(stderr, "\n");
FAIL();
}
if (!MEMEQ(length, data, ciphertext))
{
fprintf(stderr, "Encrypt failed:\nInput:");
print_hex(length, cleartext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
print_hex(length, ciphertext);
fprintf(stderr, "\n");
FAIL();
}
salsa20_set_key(&ctx, key_length, key);
salsa20_set_iv(&ctx, iv);
salsa20_crypt(&ctx, length, data, data);
if (!MEMEQ(length, data, cleartext))
{
fprintf(stderr, "Decrypt failed:\nInput:");
print_hex(length, ciphertext);
fprintf(stderr, "\nOutput: ");
print_hex(length, data);
fprintf(stderr, "\nExpected:");
print_hex(length, cleartext);
fprintf(stderr, "\n");
FAIL();
}
free(data);
}
wasp_string wasp_crypt_salsa20( wasp_salsa20_key key, wasp_string src ){
int len = wasp_string_length( src );
wasp_string dst = wasp_make_string( len );
salsa20_crypt(
& key->context,
wasp_sf_string( src ),
wasp_sf_string( dst ),
len
);
wasp_string_wrote( dst, len );
return dst;
}
static void
test_salsa20_stream(const struct tstring *key,
const struct tstring *iv,
const struct tstring *ciphertext,
const struct tstring *xor_ref)
{
struct salsa20_ctx ctx;
uint8_t data[STREAM_LENGTH + 1];
uint8_t stream[STREAM_LENGTH + 1];
uint8_t xor[SALSA20_BLOCK_SIZE];
unsigned j;
ASSERT (iv->length == SALSA20_IV_SIZE);
ASSERT (ciphertext->length == 4*SALSA20_BLOCK_SIZE);
ASSERT (xor_ref->length == SALSA20_BLOCK_SIZE);
salsa20_set_key(&ctx, key->length, key->data);
salsa20_set_iv(&ctx, iv->data);
memset(stream, 0, STREAM_LENGTH + 1);
salsa20_crypt(&ctx, STREAM_LENGTH, stream, stream);
if (stream[STREAM_LENGTH])
{
fprintf(stderr, "Stream of %d bytes wrote too much!\n", STREAM_LENGTH);
FAIL();
}
if (!MEMEQ (64, stream, ciphertext->data))
{
fprintf(stderr, "Error failed, offset 0:\n");
fprintf(stderr, "\nOutput: ");
print_hex(64, stream);
fprintf(stderr, "\nExpected:");
print_hex(64, ciphertext->data);
fprintf(stderr, "\n");
FAIL();
}
if (!MEMEQ (128, stream + 192, ciphertext->data + 64))
{
fprintf(stderr, "Error failed, offset 192:\n");
fprintf(stderr, "\nOutput: ");
print_hex(128, stream + 192);
fprintf(stderr, "\nExpected:");
print_hex(64, ciphertext->data + 64);
fprintf(stderr, "\n");
FAIL();
}
if (!MEMEQ (64, stream + 448, ciphertext->data + 192))
{
fprintf(stderr, "Error failed, offset 448:\n");
fprintf(stderr, "\nOutput: ");
print_hex(64, stream + 448);
fprintf(stderr, "\nExpected:");
print_hex(64, ciphertext->data + 192);
fprintf(stderr, "\n");
FAIL();
}
memxor3 (xor, stream, stream + SALSA20_BLOCK_SIZE, SALSA20_BLOCK_SIZE);
for (j = 2*SALSA20_BLOCK_SIZE; j < STREAM_LENGTH; j += SALSA20_BLOCK_SIZE)
memxor (xor, stream + j, SALSA20_BLOCK_SIZE);
if (!MEMEQ (SALSA20_BLOCK_SIZE, xor, xor_ref->data))
{
fprintf(stderr, "Error failed, bad xor 448:\n");
fprintf(stderr, "\nOutput: ");
print_hex(SALSA20_BLOCK_SIZE, xor);
fprintf(stderr, "\nExpected:");
print_hex(SALSA20_BLOCK_SIZE, xor_ref->data);
fprintf(stderr, "\n");
FAIL();
}
for (j = 1; j <= STREAM_LENGTH; j++)
{
memset(data, 0, STREAM_LENGTH + 1);
salsa20_set_iv(&ctx, iv->data);
salsa20_crypt(&ctx, j, data, data);
if (!MEMEQ(j, data, stream))
{
fprintf(stderr, "Encrypt failed for length %u:\n", j);
fprintf(stderr, "\nOutput: ");
print_hex(j, data);
fprintf(stderr, "\nExpected:");
print_hex(j, stream);
fprintf(stderr, "\n");
FAIL();
}
if (!memzero_p (data + j, STREAM_LENGTH + 1 - j))
{
fprintf(stderr, "Encrypt failed for length %u, wrote too much:\n", j);
fprintf(stderr, "\nOutput: ");
print_hex(STREAM_LENGTH + 1 - j, data + j);
fprintf(stderr, "\n");
FAIL();
}
}
}
int xsalsa20_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
/***************************************************************************
* verify a round trip:
*/
{
const unsigned char key[] = {0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89};
const unsigned char nonce[] = {0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37};
const void *msg = "Kilroy was here!";
unsigned char msglen = 17; /* includes trailing NULL */
int rounds = 20;
unsigned char ciphertext[17];
unsigned char msg2[17];
salsa20_state st;
int err;
if ((err = xsalsa20_setup(&st, key, 32, nonce, 24, rounds)) != CRYPT_OK) return err;
if ((err = salsa20_crypt(&st, msg, msglen, ciphertext)) != CRYPT_OK) return err;
if ((err = salsa20_done(&st)) != CRYPT_OK) return err;
if ((err = xsalsa20_setup(&st, key, 32, nonce, 24, rounds)) != CRYPT_OK) return err;
if ((err = salsa20_crypt(&st, ciphertext, msglen, msg2)) != CRYPT_OK) return err;
if ((err = salsa20_done(&st)) != CRYPT_OK) return err;
if (compare_testvector(msg, msglen, msg2, msglen, "XSALSA20-TV1", 1)) return CRYPT_FAIL_TESTVECTOR;
/* round trip with two single function calls */
if ((err = xsalsa20_memory(key, sizeof(key), 20, nonce, sizeof(nonce), msg, msglen, ciphertext)) != CRYPT_OK) return err;
if ((err = xsalsa20_memory(key, sizeof(key), 20, nonce, sizeof(nonce), ciphertext, msglen, msg2)) != CRYPT_OK) return err;
if (compare_testvector(msg, msglen, msg2, msglen, "XSALSA20-TV2", 1)) return CRYPT_FAIL_TESTVECTOR;
}
#ifdef LTC_SHA256
/***************************************************************************
* verify correct generation of a keystream
*/
{
const unsigned char key[] = {0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89};
const unsigned char nonce[] = {0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37};
const unsigned char expecthash[] = {0x6a,0x60,0x57,0x65,0x27,0xe0,0x00,0x51,0x6d,0xb0,0xda,0x60,0x46,0x20,0xf6,0xd0,0x95,0x65,0x45,0x39,0xf4,0x86,0x83,0x43,0x64,0xdf,0xd9,0x5a,0x6f,0x3f,0xbe,0xb7};
int rounds = 20;
unsigned char keystream[91101];
unsigned long keystreamlen = 91101;
unsigned char hash[32];
salsa20_state st;
int err;
if ((err = xsalsa20_setup(&st, key, 32, nonce, 24, rounds)) != CRYPT_OK) return err;
if ((err = salsa20_keystream(&st, keystream, keystreamlen)) != CRYPT_OK) return err;
if ((err = salsa20_done(&st)) != CRYPT_OK) return err;
if ((err = _sha256(hash, keystream, keystreamlen)) != CRYPT_OK) return err;
if (compare_testvector(hash, sizeof(hash), expecthash, sizeof(expecthash), "XSALSA20-TV3", 1)) return CRYPT_FAIL_TESTVECTOR;
}
#endif
return CRYPT_OK;
#endif
}
