static int
aead_chunk_decrypt(cipher_ctx_t *ctx, uint8_t *p, uint8_t *c, uint8_t *n,
size_t *plen, size_t *clen)
{
int err;
size_t mlen;
size_t nlen = ctx->cipher->nonce_len;
size_t tlen = ctx->cipher->tag_len;
if (*clen <= 2 * tlen + CHUNK_SIZE_LEN)
return CRYPTO_NEED_MORE;
uint8_t len_buf[2];
err = aead_cipher_decrypt(ctx, len_buf, plen, c, CHUNK_SIZE_LEN + tlen,
NULL, 0, n, ctx->skey);
if (err)
return CRYPTO_ERROR;
assert(*plen == CHUNK_SIZE_LEN);
mlen = ntohs(*(uint16_t *)len_buf);
mlen = mlen & CHUNK_SIZE_MASK;
if (mlen == 0)
return CRYPTO_ERROR;
size_t chunk_len = 2 * tlen + CHUNK_SIZE_LEN + mlen;
if (*clen < chunk_len)
return CRYPTO_NEED_MORE;
sodium_increment(n, nlen);
err = aead_cipher_decrypt(ctx, p, plen, c + CHUNK_SIZE_LEN + tlen, mlen + tlen,
NULL, 0, n, ctx->skey);
if (err)
return CRYPTO_ERROR;
assert(*plen == mlen);
sodium_increment(n, nlen);
if (*clen > chunk_len)
memmove(c, c + chunk_len, *clen - chunk_len);
*clen = *clen - chunk_len;
return CRYPTO_OK;
}
static int
aead_chunk_encrypt(cipher_ctx_t *ctx, uint8_t *p, uint8_t *c,
uint8_t *n, uint16_t plen)
{
size_t nlen = ctx->cipher->nonce_len;
size_t tlen = ctx->cipher->tag_len;
assert(plen <= CHUNK_SIZE_MASK);
int err;
size_t clen;
uint8_t len_buf[CHUNK_SIZE_LEN];
uint16_t t = htons(plen & CHUNK_SIZE_MASK);
memcpy(len_buf, &t, CHUNK_SIZE_LEN);
clen = CHUNK_SIZE_LEN + tlen;
err = aead_cipher_encrypt(ctx, c, &clen, len_buf, CHUNK_SIZE_LEN,
NULL, 0, n, ctx->skey);
if (err)
return CRYPTO_ERROR;
assert(clen == CHUNK_SIZE_LEN + tlen);
sodium_increment(n, nlen);
clen = plen + tlen;
err = aead_cipher_encrypt(ctx, c + CHUNK_SIZE_LEN + tlen, &clen, p, plen,
NULL, 0, n, ctx->skey);
if (err)
return CRYPTO_ERROR;
assert(clen == plen + tlen);
sodium_increment(n, nlen);
return CRYPTO_OK;
}
int main(void)
{
unsigned char buf1[1000];
unsigned char buf2[1000];
char buf3[33];
unsigned char buf4[4];
unsigned char nonce[24];
char nonce_hex[49];
const char *hex;
const char *hex_end;
size_t bin_len;
int i;
randombytes_buf(buf1, sizeof buf1);
memcpy(buf2, buf1, sizeof buf2);
printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
sodium_memzero(buf1, 0U);
printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
sodium_memzero(buf1, sizeof buf1 / 2);
printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
printf("%d\n", sodium_memcmp(buf1, buf2, 0U));
sodium_memzero(buf2, sizeof buf2 / 2);
printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1));
printf("%s\n",
sodium_bin2hex(buf3, 33U, (const unsigned char *)"0123456789ABCDEF",
16U));
hex = "Cafe : 6942";
sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, &hex_end);
printf("%lu:%02x%02x%02x%02x\n", (unsigned long)bin_len, buf4[0], buf4[1],
buf4[2], buf4[3]);
printf("dt1: %ld\n", (long) (hex_end - hex));
hex = "Cafe : 6942";
sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, NULL);
printf("%lu:%02x%02x%02x%02x\n", (unsigned long)bin_len, buf4[2], buf4[3],
buf4[2], buf4[3]);
hex = "deadbeef";
if (sodium_hex2bin(buf1, 1U, hex, 8U, NULL, &bin_len, &hex_end) != -1) {
printf("sodium_hex2bin() overflow not detected\n");
}
printf("dt2: %ld\n", (long) (hex_end - hex));
hex = "de:ad:be:eff";
if (sodium_hex2bin(buf1, 4U, hex, 12U, ":", &bin_len, &hex_end) != -1) {
printf("sodium_hex2bin() with an odd input length and a short output buffer\n");
}
printf("dt3: %ld\n", (long) (hex_end - hex));
hex = "de:ad:be:eff";
if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":", &bin_len, &hex_end) != 0) {
printf("sodium_hex2bin() with an odd input length\n");
}
printf("dt4: %ld\n", (long) (hex_end - hex));
hex = "de:ad:be:eff";
if (sodium_hex2bin(buf1, sizeof buf1, hex, 13U, ":", &bin_len, &hex_end) != 0) {
printf("sodium_hex2bin() with an odd input length\n");
}
printf("dt5: %ld\n", (long) (hex_end - hex));
memset(nonce, 0, sizeof nonce);
sodium_increment(nonce, sizeof nonce);
printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex,
nonce, sizeof nonce));
memset(nonce, 255, sizeof nonce);
sodium_increment(nonce, sizeof nonce);
printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex,
nonce, sizeof nonce));
nonce[1] = 1U;
sodium_increment(nonce, sizeof nonce);
printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex,
nonce, sizeof nonce));
nonce[1] = 0U;
sodium_increment(nonce, sizeof nonce);
printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex,
nonce, sizeof nonce));
nonce[0] = 255U;
nonce[2] = 255U;
sodium_increment(nonce, sizeof nonce);
printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex,
nonce, sizeof nonce));
for (i = 0; i < 1000; i++) {
bin_len = (size_t) randombytes_uniform(sizeof buf1);
randombytes_buf(buf1, bin_len);
randombytes_buf(buf2, bin_len);
if (memcmp(buf1, buf2, bin_len) *
sodium_compare(buf1, buf2, bin_len) < 0) {
printf("sodium_compare() failure with length=%u\n",
(unsigned int) bin_len);
}
memcpy(buf1, buf2, bin_len);
if (sodium_compare(buf1, buf2, bin_len)) {
printf("sodium_compare() equality failure with length=%u\n",
(unsigned int) bin_len);
}
}
return 0;
}
static void
tv_kx(void)
{
unsigned char *seed;
unsigned char *client_pk, *client_sk;
unsigned char *client_rx, *client_tx;
unsigned char *server_pk, *server_sk;
unsigned char *server_rx, *server_tx;
char hex[65];
int i;
seed = (unsigned char *) sodium_malloc(crypto_kx_SEEDBYTES);
for (i = 0; i < crypto_kx_SEEDBYTES; i++) {
seed[i] = (unsigned char) i;
}
client_pk = (unsigned char *) sodium_malloc(crypto_kx_PUBLICKEYBYTES);
client_sk = (unsigned char *) sodium_malloc(crypto_kx_SECRETKEYBYTES);
crypto_kx_seed_keypair(client_pk, client_sk, seed);
sodium_bin2hex(hex, sizeof hex, client_pk, crypto_kx_PUBLICKEYBYTES);
printf("client_pk: [%s]\n", hex);
sodium_bin2hex(hex, sizeof hex, client_sk, crypto_kx_SECRETKEYBYTES);
printf("client_sk: [%s]\n", hex);
server_pk = (unsigned char *) sodium_malloc(crypto_kx_PUBLICKEYBYTES);
server_sk = (unsigned char *) sodium_malloc(crypto_kx_SECRETKEYBYTES);
crypto_kx_keypair(server_pk, server_sk);
client_rx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
client_tx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
assert(crypto_kx_client_session_keys(client_rx, client_tx,
client_pk, client_sk,
small_order_p) == -1);
if (crypto_kx_client_session_keys(client_rx, client_tx,
client_pk, client_sk, server_pk) != 0) {
printf("crypto_kx_client_session_keys() failed\n");
}
server_rx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
server_tx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES);
assert(crypto_kx_server_session_keys(server_rx, server_tx,
server_pk, server_sk,
small_order_p) == -1);
if (crypto_kx_server_session_keys(server_rx, server_tx,
server_pk, server_sk, client_pk) != 0) {
printf("crypto_kx_server_session_keys() failed\n");
}
if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) != 0 ||
memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) != 0) {
printf("client session keys != server session keys\n");
}
sodium_increment(client_pk, crypto_kx_PUBLICKEYBYTES);
if (crypto_kx_server_session_keys(server_rx, server_tx,
server_pk, server_sk, client_pk) != 0) {
printf("crypto_kx_server_session_keys() failed\n");
}
if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0 &&
memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) == 0) {
printf("peer's public key is ignored\n");
}
crypto_kx_keypair(client_pk, client_sk);
if (crypto_kx_server_session_keys(server_rx, server_tx,
server_pk, server_sk, client_pk) != 0) {
printf("crypto_kx_server_session_keys() failed\n");
}
if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0 ||
memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) == 0) {
printf("session keys are constant\n");
}
crypto_kx_seed_keypair(client_pk, client_sk, seed);
sodium_increment(seed, crypto_kx_SEEDBYTES);
crypto_kx_seed_keypair(server_pk, server_sk, seed);
if (crypto_kx_server_session_keys(server_rx, server_tx,
server_pk, server_sk, client_pk) != 0) {
printf("crypto_kx_server_session_keys() failed\n");
}
sodium_bin2hex(hex, sizeof hex, server_rx, crypto_kx_SESSIONKEYBYTES);
printf("server_rx: [%s]\n", hex);
sodium_bin2hex(hex, sizeof hex, server_tx, crypto_kx_SESSIONKEYBYTES);
printf("server_tx: [%s]\n", hex);
if (crypto_kx_client_session_keys(client_rx, client_tx,
client_pk, client_sk, server_pk) != 0) {
printf("crypto_kx_client_session_keys() failed\n");
}
sodium_bin2hex(hex, sizeof hex, client_rx, crypto_kx_SESSIONKEYBYTES);
printf("client_rx: [%s]\n", hex);
sodium_bin2hex(hex, sizeof hex, client_tx, crypto_kx_SESSIONKEYBYTES);
printf("client_tx: [%s]\n", hex);
randombytes_buf(client_rx, crypto_kx_SESSIONKEYBYTES);
randombytes_buf(client_tx, crypto_kx_SESSIONKEYBYTES);
randombytes_buf(server_rx, crypto_kx_SESSIONKEYBYTES);
randombytes_buf(server_tx, crypto_kx_SESSIONKEYBYTES);
if (crypto_kx_client_session_keys(client_rx, NULL,
client_pk, client_sk, server_pk) != 0 ||
crypto_kx_client_session_keys(NULL, client_tx,
client_pk, client_sk, server_pk) != 0 ||
crypto_kx_server_session_keys(server_rx, NULL,
server_pk, server_sk, client_pk) != 0 ||
crypto_kx_server_session_keys(NULL, server_tx,
server_pk, server_sk, client_pk) != 0) {
printf("failure when one of the pointers happens to be NULL");
}
assert(memcmp(client_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0);
assert(memcmp(client_tx, server_rx, crypto_kx_SESSIONKEYBYTES) == 0);
assert(memcmp(server_rx, server_tx, crypto_kx_SESSIONKEYBYTES) == 0);
sodium_free(client_rx);
sodium_free(client_tx);
sodium_free(server_rx);
sodium_free(server_tx);
sodium_free(server_sk);
sodium_free(server_pk);
sodium_free(client_sk);
sodium_free(client_pk);
sodium_free(seed);
assert(strcmp(crypto_kx_primitive(), crypto_kx_PRIMITIVE) == 0);
assert(crypto_kx_publickeybytes() == crypto_kx_PUBLICKEYBYTES);
assert(crypto_kx_secretkeybytes() == crypto_kx_SECRETKEYBYTES);
assert(crypto_kx_seedbytes() == crypto_kx_SEEDBYTES);
assert(crypto_kx_sessionkeybytes() == crypto_kx_SESSIONKEYBYTES);
printf("tv_kx: ok\n");
}