int main(void) { void *buf; size_t size; unsigned int i; if (sodium_malloc(SIZE_MAX - 1U) != NULL) { return 1; } if (sodium_allocarray(SIZE_MAX / 2U + 1U, SIZE_MAX / 2U) != NULL) { return 1; } sodium_free(sodium_allocarray(0U, 0U)); sodium_free(sodium_allocarray(0U, 1U)); sodium_free(sodium_allocarray(1U, 0U)); buf = sodium_allocarray(1000U, 50U); memset(buf, 0, 50000U); sodium_free(buf); sodium_free(sodium_malloc(0U)); sodium_free(NULL); for (i = 0U; i < 10000U; i++) { size = randombytes_uniform(100000U); buf = sodium_malloc(size); assert(buf != NULL); memset(buf, i, size); sodium_mprotect_noaccess(buf); sodium_free(buf); } printf("OK\n"); #ifdef SIGSEGV signal(SIGSEGV, segv_handler); #endif #ifdef SIGBUS signal(SIGBUS, segv_handler); #endif #ifdef SIGABRT signal(SIGABRT, segv_handler); #endif size = randombytes_uniform(100000U); buf = sodium_malloc(size); assert(buf != NULL); sodium_mprotect_readonly(buf); sodium_mprotect_readwrite(buf); #ifndef __EMSCRIPTEN__ sodium_memzero(((unsigned char *)buf) + size, 1U); sodium_mprotect_noaccess(buf); sodium_free(buf); printf("Overflow not caught\n"); #endif return 0; }
int main(void) { size_t i; int ret; ret = crypto_box_easy(c, m, 131, nonce, bobpk, alicesk); assert(ret == 0); for (i = 0; i < 131 + crypto_box_MACBYTES; ++i) { printf(",0x%02x", (unsigned int) c[i]); } printf("\n"); /* Null message */ ret = crypto_box_easy(c, c, 0, nonce, bobpk, alicesk); assert(ret == 0); for (i = 0; i < 1 + crypto_box_MACBYTES; ++i) { printf(",0x%02x", (unsigned int) c[i]); } printf("\n"); ret = crypto_box_open_easy(c, c, crypto_box_MACBYTES, nonce, bobpk, alicesk); assert(ret == 0); for (i = 0; i < 1 + crypto_box_MACBYTES; ++i) { printf(",0x%02x", (unsigned int) c[i]); } printf("\n"); c[randombytes_uniform(crypto_box_MACBYTES)]++; ret = crypto_box_open_easy(c, c, crypto_box_MACBYTES, nonce, bobpk, alicesk); assert(ret == -1); return 0; }
int main(void) { void *buf; size_t size; #ifdef SIGSEGV signal(SIGSEGV, segv_handler); #endif #ifdef SIGBUS signal(SIGBUS, segv_handler); #endif #ifdef SIGABRT signal(SIGABRT, segv_handler); #endif size = 1U + randombytes_uniform(100000U); buf = sodium_malloc(size); assert(buf != NULL); sodium_mprotect_noaccess(buf); sodium_mprotect_readwrite(buf); #ifndef __EMSCRIPTEN__ sodium_memzero(((unsigned char *)buf) - 8, 8U); sodium_mprotect_readonly(buf); sodium_free(buf); printf("Underflow not caught\n"); #endif return 0; }
static void mm_generichash(void) { crypto_generichash_state st; unsigned char *h, *h2; unsigned char *k; unsigned char *m; size_t hlen; size_t klen; size_t mlen; size_t l1, l2; int i; for (i = 0; i < MAX_ITER; i++) { mlen = randombytes_uniform(MAXLEN); m = (unsigned char *) sodium_malloc(mlen); klen = randombytes_uniform(crypto_generichash_KEYBYTES_MAX - crypto_generichash_KEYBYTES_MIN + 1U) + crypto_generichash_KEYBYTES_MIN; k = (unsigned char *) sodium_malloc(klen); hlen = randombytes_uniform(crypto_generichash_BYTES_MAX - crypto_generichash_BYTES_MIN + 1U) + crypto_generichash_BYTES_MIN; h = (unsigned char *) sodium_malloc(hlen); h2 = (unsigned char *) sodium_malloc(hlen); randombytes_buf(k, klen); randombytes_buf(m, mlen); crypto_generichash_init(&st, k, klen, hlen); l1 = randombytes_uniform(mlen); l2 = randombytes_uniform(mlen - l1); crypto_generichash_update(&st, m, l1); crypto_generichash_update(&st, m + l1, l2); crypto_generichash_update(&st, m + l1 + l2, mlen - l1 - l2); crypto_generichash_final(&st, h, hlen); crypto_generichash(h2, hlen, m, mlen, k, klen); assert(memcmp(h, h2, hlen) == 0); sodium_free(h2); sodium_free(h); sodium_free(k); sodium_free(m); } }
int strategy_choose_socket(vpn_ctx_t *ctx) { // rule: just pick a random socket if (ctx->nsock == 1) { return ctx->socks[0]; } uint32_t r = randombytes_uniform(ctx->nsock); return ctx->socks[r]; }
static void cert_reschedule_query_after_success(ProxyContext * const proxy_context) { if (evtimer_pending(proxy_context->cert_updater.cert_timer, NULL)) { return; } cert_reschedule_query(proxy_context, (time_t) CERT_QUERY_RETRY_DELAY_AFTER_SUCCESS_MIN_DELAY + (time_t) randombytes_uniform (CERT_QUERY_RETRY_DELAY_AFTER_SUCCESS_JITTER)); }
static void mm_hmacsha256(void) { crypto_auth_hmacsha256_state st; unsigned char *h, *h2; unsigned char *k; unsigned char *m; size_t mlen; size_t l1, l2; int i; for (i = 0; i < MAX_ITER; i++) { mlen = randombytes_uniform(MAXLEN); m = (unsigned char *) sodium_malloc(mlen); k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_KEYBYTES); h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES); h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES); crypto_auth_hmacsha256_keygen(k); randombytes_buf(m, mlen); crypto_auth_hmacsha256_init(&st, k, crypto_auth_hmacsha256_KEYBYTES); l1 = randombytes_uniform(mlen); l2 = randombytes_uniform(mlen - l1); crypto_auth_hmacsha256_update(&st, m, l1); crypto_auth_hmacsha256_update(&st, m + l1, l2); crypto_auth_hmacsha256_update(&st, m + l1 + l2, mlen - l1 - l2); crypto_auth_hmacsha256_final(&st, h); crypto_auth_hmacsha256(h2, m, mlen, k); assert(memcmp(h, h2, crypto_auth_hmacsha256_BYTES) == 0); sodium_free(h2); sodium_free(h); sodium_free(k); sodium_free(m); } }
static int impl_tests(void) { #ifndef __native_client__ randombytes_implementation impl = randombytes_sysrandom_implementation; #else randombytes_implementation impl = randombytes_nativeclient_implementation; #endif uint32_t v = randombytes_random(); impl.uniform = randombytes_uniform_impl; randombytes_close(); randombytes_set_implementation(&impl); assert(randombytes_uniform(v) == v); assert(randombytes_uniform(v) == v); assert(randombytes_uniform(v) == v); assert(randombytes_uniform(v) == v); randombytes_close(); impl.close = NULL; randombytes_close(); return 0; }
int strategy_choose_remote_addr(vpn_ctx_t *ctx) { // rules: // 1. if there isn't any address received from within ADDR_TIMEOUT // choose latest // 2. if there are some addresses received from within ADDR_TIMEOUT // choose randomly from them // // how we do this efficiently // 1. scan once and find latest, total number of not timed out addresses // 2. if number <= 1, use latest // 3. if number > 1, generate random i in (0, number), // scan again and pick (i)th address not timed out int i, total_not_timed_out = 0, chosen; time_t now; addr_info_t *latest = NULL, *temp; if (ctx->nknown_addr == 0) { return 0; } time(&now); for (i = 0; i < ctx->nknown_addr; i++) { temp = &ctx->known_addrs[i]; if (latest == NULL || latest->last_recv_time < temp->last_recv_time) { latest = temp; } if (now - temp->last_recv_time <= ADDR_TIMEOUT) { total_not_timed_out++; } } if (total_not_timed_out <= 1) { load_addr(latest, &ctx->remote_addr, &ctx->remote_addrlen); } else { chosen = randombytes_uniform(total_not_timed_out); total_not_timed_out = 0; for (i = 0; i < ctx->nknown_addr; i++) { temp = &ctx->known_addrs[i]; if (now - temp->last_recv_time <= ADDR_TIMEOUT) { if (total_not_timed_out == chosen) { load_addr(temp, &ctx->remote_addr, &ctx->remote_addrlen); break; } total_not_timed_out++; } } } return 0; }
void Pump::ClientRecv(const QByteArray &Data) { switch (status) { case Initiated: { QVariantMap qvm(QJsonDocument::fromJson(Data).toVariant().toMap()),qvm2; if ((!Version::CheckVersion(qvm["version"].toString()))||qvm["password"]!=Password) { qvm2.insert("status","no"); emit csock->SendData(QJsonDocument::fromVariant(qvm2).toJson()); csock->disconnectFromHost(); Log::log(csock,"was refused"); break; } if (qvm["protocol"]=="TCP") { ssock=new TcpSocket(this); connect(ssock,SIGNAL(RecvData(QByteArray)),this,SLOT(ServerRecv(QByteArray))); connect(ssock,SIGNAL(disconnected()),this,SLOT(EndSession())); ssock->connectToHost(qvm["host"].toString(),qvm["port"].toUInt()); status=TCP; Log::log(csock,"requested TCP connection to "+qvm["host"].toString()+':'+QString::number(qvm["port"].toUInt())); } else if (qvm["protocol"]=="UDP") { usock=new UdpSocket(this); connect(usock,SIGNAL(RecvData(QHostAddress,unsigned short,QByteArray)),this,SLOT(UDPRecv(QHostAddress,unsigned short,QByteArray))); status=UDP; Log::log(csock,"requested UDP association"); } qvm2.insert("status","ok"); qvm2.insert("protocol",qvm["protocol"].toString()); qvm2.insert("garbage",QString(randombytes_uniform(900),'f')); emit csock->SendData(QJsonDocument::fromVariant(qvm2).toJson()); break; } case TCP: emit ssock->SendData(Data); break; case UDP: { QVariantMap qvm(QJsonDocument::fromJson(Data).toVariant().toMap()); emit usock->SendData(qvm["host"].toString(),qvm["port"].toUInt(),QByteArray::fromBase64(qvm["data"].toByteArray())); Log::log(csock,"sent a UDP package to "+qvm["host"].toString()+':'+QString::number(qvm["port"].toUInt())); } }
size_t dnscrypt_pad(uint8_t *buf, const size_t len, const size_t max_len) { uint8_t *buf_padding_area = buf + len; size_t padded_len, padding_len; if (max_len < len + DNSCRYPT_MIN_PAD_LEN) { return len; } padded_len = len + DNSCRYPT_MIN_PAD_LEN + randombytes_uniform ((uint32_t) (max_len - len - DNSCRYPT_MIN_PAD_LEN + 1U)); padded_len += DNSCRYPT_BLOCK_SIZE - padded_len % DNSCRYPT_BLOCK_SIZE; if (padded_len > max_len) { padded_len = max_len; } assert(padded_len >= len); padding_len = padded_len - len; memset(buf_padding_area, 0, padding_len); *buf_padding_area = 0x80; assert(max_len >= padded_len); return padded_len; }
static void tv_box_xchacha20poly1305(void) { char hex[65]; unsigned char *pk; unsigned char *sk; unsigned char *m; unsigned char *m2; unsigned char *mac; unsigned char *nonce; unsigned char *out; unsigned char *pc; unsigned char *seed; size_t m_len; int i; pk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); sk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES); nonce = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_NONCEBYTES); mac = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_MACBYTES); pc = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES); for (i = 0; i < 10; i++) { m_len = (i == 0) ? 0 : randombytes_uniform(150); m = (unsigned char *) sodium_malloc(m_len); m2 = (unsigned char *) sodium_malloc(m_len); out = (unsigned char *) sodium_malloc (crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len); randombytes_buf(nonce, crypto_box_curve25519xchacha20poly1305_NONCEBYTES); randombytes_buf(m, m_len); assert(crypto_box_curve25519xchacha20poly1305_keypair(pk, sk) == 0); assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, m_len, nonce, pk, sk) == 0); assert(crypto_box_curve25519xchacha20poly1305_open_easy (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len, nonce, pk, sk) == 0); assert(memcmp(m2, m, m_len) == 0); sodium_free(out); out = (unsigned char *) sodium_malloc (crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len); assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, pk, sk) == 0); assert(crypto_box_curve25519xchacha20poly1305_easy_afternm (out, m, m_len, nonce, pc) == 0); assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len, nonce, pc) == 0); assert(memcmp(m2, m, m_len) == 0); sodium_free(out); out = (unsigned char *) sodium_malloc(m_len); assert(crypto_box_curve25519xchacha20poly1305_detached(out, mac, m, m_len, nonce, pk, sk) == 0); assert(crypto_box_curve25519xchacha20poly1305_open_detached (m2, out, mac, m_len, nonce, pk, sk) == 0); sodium_free(out); out = (unsigned char *) sodium_malloc(m_len); assert(crypto_box_curve25519xchacha20poly1305_detached_afternm (out, mac, m, m_len, nonce, pc) == 0); assert(crypto_box_curve25519xchacha20poly1305_open_detached_afternm (m2, out, mac, m_len, nonce, pc) == 0); sodium_free(out); sodium_free(m2); sodium_free(m); } sodium_free(pc); sodium_free(mac); sodium_free(nonce); seed = (unsigned char *) sodium_malloc (crypto_box_curve25519xchacha20poly1305_SEEDBYTES); for (i = 0; i < crypto_box_curve25519xchacha20poly1305_SEEDBYTES; i++) { seed[i] = i; } crypto_box_curve25519xchacha20poly1305_seed_keypair(pk, sk, seed); sodium_bin2hex(hex, sizeof hex, pk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); assert(strcmp(hex, "4701d08488451f545a409fb58ae3e58581ca40ac3f7f114698cd71deac73ca01") == 0); sodium_bin2hex(hex, sizeof hex, sk, crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES); assert(strcmp(hex, "3d94eea49c580aef816935762be049559d6d1440dede12e6a125f1841fff8e6f") == 0); sodium_free(seed); sodium_free(sk); sodium_free(pk); assert(crypto_box_curve25519xchacha20poly1305_seedbytes() == crypto_box_curve25519xchacha20poly1305_SEEDBYTES); assert(crypto_box_curve25519xchacha20poly1305_publickeybytes() == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES); assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES); assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES); printf("tv_box_xchacha20poly1305: ok\n"); }
static void tv_secretbox_xchacha20poly1305(void) { static const XChaCha20Poly1305TV tvs[] = { { "065ff46a9dddb1ab047ee5914d6d575a828b8cc1f454b24e8cd0f57efdc49a34", "f83262646ce01293b9923a65a073df78c54b2e799cd6c4e5", "", "4c72340416339dcdea01b760db5adaf7" }, { "d3c71d54e6b13506e07aa2e7b412a17a7a1f34df3d3148cd3f45b91ccaa5f4d9", "943b454a853aa514c63cf99b1e197bbb99da24b2e2d93e47", "76bd706e07741e713d90efdb34ad202067263f984942aae8bda159f30dfccc72200f8093520b85c5ad124ff7c8b2d920946e5cfff4b819abf84c7b35a6205ca72c9f8747c3044dd73fb4bebda1b476", "0384276f1cfa5c82c3e58f0f2acc1f821c6f526d2c19557cf8bd270fcde43fba1d88890663f7b2f5c6b1d7deccf5c91b4df5865dc55cc7e04d6793fc2db8f9e3b418f95cb796d67a7f3f7e097150cb607c435dacf82eac3d669866e5092ace" }, { "9498fdb922e0596e32af7f8108def2068f5a32a5ac70bd33ade371701f3d98d0", "a0056f24be0d20106fe750e2ee3684d4457cbdcb3a74e566", "b1bc9cfedb340fb06a37eba80439189e48aa0cfd37020eec0afa09165af12864671b3fbddbbb20ac18f586f2f66d13b3ca40c9a7e21c4513a5d87a95319f8ca3c2151e2a1b8b86a35653e77f90b9e63d2a84be9b9603876a89d60fd708edcd64b41be1064b8ad1046553aaeb51dc70b8112c9915d94f2a5dad1e14e7009db6c703c843a4f64b77d44b179b9579ac497dac2d33", "4918790d46893fa3dca74d8abc57eef7fca2c6393d1beef5efa845ac20475db38d1a068debf4c5dbd8614eb072877c565dc52bd40941f0b590d2079a5028e426bf50bcbaadcbebf278bddceedc578a5e31379523dee15026ec82d34e56f2871fdf13255db199ac48f163d5ee7e4f4e09a39451356959d9242a39aea33990ab960a4c25346e3d9397fc5e7cb6266c2476411cd331f2bcb4486750c746947ec6401865d5" }, { "fa2d915e044d0519248150e7c815b01f0f2a691c626f8d22c3ef61e7f16eea47", "c946065dc8befa9cc9f292ea2cf28f0256285565051792b7", "d5be1a24c7872115dc5c5b4234dbee35a6f89ae3a91b3e33d75249a0aecfed252341295f49296f7ee14d64de1ea6355cb8facd065052d869aeb1763cda7e418a7e33b6f7a81327181df6cd4de3a126d9df1b5e8b0b1a6b281e63f2", "6d32e3571afec58b0acabb54a287118b3ed6691f56cc8ead12d735352c9a050c2ca173c78b6092f9ad4b7c21c36fb0ce18560956395bab3099c54760a743051ac6a898a0b0034b5e953340c975cf7a873c56b27e66bca2bff1dd977addefc7935bb7550753dd13d1f1a43d" }, { "6f149c2ec27af45176030c8dd7ab0e1e488f5803f26f75045d7a56f59a587a85", "952aff2f39bc70016f04ac7fb8b55fd22764ba16b56e255d", "8fde598c4bde5786abdc6ab83fce66d59782b6ce36afe028c447ad4086a748764afa88a520e837a9d56d0b7693b0476649f24c2aa44b94615a1efc75", "9bccf07974836fa4609d32d9527d928d184d9c6c0823af2f703e0e257a162d26d3678fa15ab1c4db76ac42084d32cefca8efaf77814c199b310999e327a3e3daa2e235b175979504ede87b58" }, { "b964b7fdf442efbcc2cd3e4cd596035bdfb05ed7d44f7fd4dce2d5614af5c8c4", "2886fbfa4b35b68f28d31df6243a4fbc56475b69e24820a4", "", "b83fbdd112bf0f7d62eff96c9faa8850" }, { "10c0ad4054b48d7d1de1d9ab6f782ca883d886573e9d18c1d47b6ee6b5208189", "977edf57428d0e0247a3c88c9a9ec321bbaae1a4da8353b5", "518e4a27949812424b2a381c3efea6055ee5e75eff", "0c801a037c2ed0500d6ef68e8d195eceb05a15f8edb68b35773e81ac2aca18e9be53416f9a" }, { "7db0a81d01699c86f47a3ec76d46aa32660adad7f9ac72cf8396419f789f6bb1", "e7cb57132ce954e28f4470cca1dbda20b534cdf32fbe3658", "ee6511d403539e611ab312205f0c3b8f36a33d36f1dc44bb33d6836f0ab93b9f1747167bf0150f045fcd12a39479641d8bdde6fe01475196e8fe2c435e834e30a59f6aaa01ebcd", "ae8b1d4df4f982b2702626feca07590fedd0dfa7ae34e6a098372a1aa32f9fbf0ce2a88b5c16a571ef48f3c9fda689ce8ebb9947c9e2a28e01b1191efc81ad2ce0ed6e6fc7c164b1fc7f3d50b7f5e47a895db3c1fc46c0" }, { "7b043dd27476cf5a2baf2907541d8241ecd8b97d38d08911737e69b0846732fb", "74706a2855f946ed600e9b453c1ac372520b6a76a3c48a76", "dbf165bb8352d6823991b99f3981ba9c8153635e5695477cba54e96a2a8c4dc5f9dbe817887d7340e3f48a", "ce57261afba90a9598de15481c43f26f7b8c8cb2806c7c977752dba898dc51b92a3f1a62ebf696747bfccf72e0edda97f2ccd6d496f55aefbb3ec2" }, { "e588e418d658df1b2b1583122e26f74ca3506b425087bea895d81021168f8164", "4f4d0ffd699268cd841ce4f603fe0cd27b8069fcf8215fbb", "f91bcdcf4d08ba8598407ba8ef661e66c59ca9d89f3c0a3542e47246c777091e4864e63e1e3911dc01257255e551527a53a34481be", "22dc88de7cacd4d9ce73359f7d6e16e74caeaa7b0d1ef2bb10fda4e79c3d5a9aa04b8b03575fd27bc970c9ed0dc80346162469e0547030ddccb8cdc95981400907c87c9442" } }; const XChaCha20Poly1305TV *tv; unsigned char *m; unsigned char *nonce; unsigned char *key; unsigned char *out; unsigned char *out2; size_t m_len; size_t out_len; size_t n; int i; key = (unsigned char *) sodium_malloc (crypto_secretbox_xchacha20poly1305_KEYBYTES); nonce = (unsigned char *) sodium_malloc (crypto_secretbox_xchacha20poly1305_NONCEBYTES); for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) { tv = &tvs[i]; m_len = strlen(tv->m) / 2; m = (unsigned char *) sodium_malloc(m_len); sodium_hex2bin(key, crypto_secretbox_xchacha20poly1305_KEYBYTES, tv->key, strlen(tv->key), NULL, NULL, NULL); sodium_hex2bin(nonce, crypto_secretbox_xchacha20poly1305_NONCEBYTES, tv->nonce, strlen(tv->nonce), NULL, NULL, NULL); sodium_hex2bin(m, m_len, tv->m, strlen(tv->m), NULL, NULL, NULL); out = (unsigned char *) sodium_malloc (crypto_secretbox_xchacha20poly1305_MACBYTES + m_len); out2 = (unsigned char *) sodium_malloc (crypto_secretbox_xchacha20poly1305_MACBYTES + m_len); sodium_hex2bin(out, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, tv->out, strlen(tv->out), NULL, NULL, NULL); crypto_secretbox_xchacha20poly1305_easy(out2, m, m_len, nonce, key); assert(memcmp(out, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0); n = randombytes_uniform(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len); out2[n]++; assert(crypto_secretbox_xchacha20poly1305_open_easy (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, nonce, key) == -1); out2[n]--; nonce[0]++; assert(crypto_secretbox_xchacha20poly1305_open_easy (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, nonce, key) == -1); nonce[0]--; assert(crypto_secretbox_xchacha20poly1305_open_easy (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, nonce, key) == 0); assert(memcmp(m, out2, m_len) == 0); assert(crypto_secretbox_xchacha20poly1305_open_detached (out2, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out, m_len, nonce, key) == 0); crypto_secretbox_xchacha20poly1305_detached (out2 + crypto_secretbox_xchacha20poly1305_MACBYTES, out2, m, m_len, nonce, key); assert(memcmp(out, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0); sodium_free(out); sodium_free(out2); sodium_free(m); } sodium_free(nonce); sodium_free(key); assert(crypto_secretbox_xchacha20poly1305_keybytes() == crypto_secretbox_xchacha20poly1305_KEYBYTES); assert(crypto_secretbox_xchacha20poly1305_noncebytes() == crypto_secretbox_xchacha20poly1305_NONCEBYTES); assert(crypto_secretbox_xchacha20poly1305_macbytes() == crypto_secretbox_xchacha20poly1305_MACBYTES); printf("tv_secretbox_xchacha20: ok\n"); }
static int randombytes_tests(void) { unsigned int f = 0U; unsigned int i; uint32_t n; #ifdef __EMSCRIPTEN__ assert(strcmp(randombytes_implementation_name(), "sysrandom")); #else assert(strcmp(randombytes_implementation_name(), "js")); #endif randombytes(x, 1U); do { n = randombytes_random(); f |= ((n >> 24) > 1); f |= ((n >> 16) > 1) << 1; f |= ((n >> 8) > 1) << 2; f |= ((n ) > 1) << 3; f |= (n > 0x7fffffff) << 4; } while (f != 0x1f); randombytes_close(); for (i = 0; i < 256; ++i) { freq[i] = 0; } for (i = 0; i < 65536; ++i) { ++freq[randombytes_uniform(256)]; } for (i = 0; i < 256; ++i) { if (!freq[i]) { printf("randombytes_uniform() test failed\n"); } } assert(randombytes_uniform(1U) == 0U); randombytes_close(); #ifndef __EMSCRIPTEN__ randombytes_set_implementation(&randombytes_salsa20_implementation); assert(strcmp(randombytes_implementation_name(), "salsa20") == 0); #endif randombytes_stir(); for (i = 0; i < 256; ++i) { freq[i] = 0; } for (i = 0; i < 65536; ++i) { ++freq[randombytes_uniform(256)]; } for (i = 0; i < 256; ++i) { if (!freq[i]) { printf("randombytes_uniform() test failed\n"); } } memset(x, 0, sizeof x); randombytes_buf(x, sizeof x); for (i = 0; i < 256; ++i) { freq[i] = 0; } for (i = 0; i < sizeof x; ++i) { ++freq[255 & (int)x[i]]; } for (i = 0; i < 256; ++i) { if (!freq[i]) { printf("randombytes_buf() test failed\n"); } } assert(randombytes_uniform(1U) == 0U); randombytes_close(); randombytes(x, 1U); randombytes_close(); return 0; }
int main(void) { unsigned char buf1[1000]; unsigned char buf2[1000]; char buf3[33]; unsigned char buf4[4]; unsigned char nonce[24]; char nonce_hex[49]; const char *hex; const char *hex_end; size_t bin_len; int i; randombytes_buf(buf1, sizeof buf1); memcpy(buf2, buf1, sizeof buf2); printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1)); sodium_memzero(buf1, 0U); printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1)); sodium_memzero(buf1, sizeof buf1 / 2); printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1)); printf("%d\n", sodium_memcmp(buf1, buf2, 0U)); sodium_memzero(buf2, sizeof buf2 / 2); printf("%d\n", sodium_memcmp(buf1, buf2, sizeof buf1)); printf("%s\n", sodium_bin2hex(buf3, 33U, (const unsigned char *)"0123456789ABCDEF", 16U)); hex = "Cafe : 6942"; sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, &hex_end); printf("%lu:%02x%02x%02x%02x\n", (unsigned long)bin_len, buf4[0], buf4[1], buf4[2], buf4[3]); printf("dt1: %ld\n", (long) (hex_end - hex)); hex = "Cafe : 6942"; sodium_hex2bin(buf4, sizeof buf4, hex, strlen(hex), ": ", &bin_len, NULL); printf("%lu:%02x%02x%02x%02x\n", (unsigned long)bin_len, buf4[2], buf4[3], buf4[2], buf4[3]); hex = "deadbeef"; if (sodium_hex2bin(buf1, 1U, hex, 8U, NULL, &bin_len, &hex_end) != -1) { printf("sodium_hex2bin() overflow not detected\n"); } printf("dt2: %ld\n", (long) (hex_end - hex)); hex = "de:ad:be:eff"; if (sodium_hex2bin(buf1, 4U, hex, 12U, ":", &bin_len, &hex_end) != -1) { printf("sodium_hex2bin() with an odd input length and a short output buffer\n"); } printf("dt3: %ld\n", (long) (hex_end - hex)); hex = "de:ad:be:eff"; if (sodium_hex2bin(buf1, sizeof buf1, hex, 12U, ":", &bin_len, &hex_end) != 0) { printf("sodium_hex2bin() with an odd input length\n"); } printf("dt4: %ld\n", (long) (hex_end - hex)); hex = "de:ad:be:eff"; if (sodium_hex2bin(buf1, sizeof buf1, hex, 13U, ":", &bin_len, &hex_end) != 0) { printf("sodium_hex2bin() with an odd input length\n"); } printf("dt5: %ld\n", (long) (hex_end - hex)); memset(nonce, 0, sizeof nonce); sodium_increment(nonce, sizeof nonce); printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex, nonce, sizeof nonce)); memset(nonce, 255, sizeof nonce); sodium_increment(nonce, sizeof nonce); printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex, nonce, sizeof nonce)); nonce[1] = 1U; sodium_increment(nonce, sizeof nonce); printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex, nonce, sizeof nonce)); nonce[1] = 0U; sodium_increment(nonce, sizeof nonce); printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex, nonce, sizeof nonce)); nonce[0] = 255U; nonce[2] = 255U; sodium_increment(nonce, sizeof nonce); printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex, nonce, sizeof nonce)); for (i = 0; i < 1000; i++) { bin_len = (size_t) randombytes_uniform(sizeof buf1); randombytes_buf(buf1, bin_len); randombytes_buf(buf2, bin_len); if (memcmp(buf1, buf2, bin_len) * sodium_compare(buf1, buf2, bin_len) < 0) { printf("sodium_compare() failure with length=%u\n", (unsigned int) bin_len); } memcpy(buf1, buf2, bin_len); if (sodium_compare(buf1, buf2, bin_len)) { printf("sodium_compare() equality failure with length=%u\n", (unsigned int) bin_len); } } return 0; }
int main(void) { unsigned char *alicepk; unsigned char *alicesk; unsigned char *bobpk; unsigned char *bobsk; unsigned char *mac; unsigned char *nonce; unsigned char *k1; unsigned char *k2; unsigned char *m; unsigned char *m2; unsigned char *c; size_t mlen; size_t i; size_t m_size; size_t m2_size; size_t c_size; int ret; m2_size = m_size = 1U + randombytes_uniform(10000); c_size = crypto_box_MACBYTES + m_size; m = (unsigned char *) sodium_malloc(m_size); m2 = (unsigned char *) sodium_malloc(m2_size); c = (unsigned char *) sodium_malloc(c_size); alicepk = (unsigned char *) sodium_malloc(crypto_box_PUBLICKEYBYTES); alicesk = (unsigned char *) sodium_malloc(crypto_box_SECRETKEYBYTES); bobpk = (unsigned char *) sodium_malloc(crypto_box_PUBLICKEYBYTES); bobsk = (unsigned char *) sodium_malloc(crypto_box_SECRETKEYBYTES); mac = (unsigned char *) sodium_malloc(crypto_box_MACBYTES); nonce = (unsigned char *) sodium_malloc(crypto_box_NONCEBYTES); k1 = (unsigned char *) sodium_malloc(crypto_box_BEFORENMBYTES); k2 = (unsigned char *) sodium_malloc(crypto_box_BEFORENMBYTES); crypto_box_keypair(alicepk, alicesk); crypto_box_keypair(bobpk, bobsk); mlen = (size_t) randombytes_uniform((uint32_t) m_size) + 1U; randombytes_buf(m, mlen); randombytes_buf(nonce, crypto_box_NONCEBYTES); ret = crypto_box_easy(c, m, mlen, nonce, bobpk, alicesk); assert(ret == 0); if (crypto_box_open_easy(m2, c, (unsigned long long) mlen + crypto_box_MACBYTES, nonce, alicepk, bobsk) != 0) { printf("open() failed"); return 1; } printf("%d\n", memcmp(m, m2, mlen)); for (i = 0; i < mlen + crypto_box_MACBYTES - 1; i++) { if (crypto_box_open_easy(m2, c, (unsigned long long) i, nonce, alicepk, bobsk) == 0) { printf("short open() should have failed"); return 1; } } memcpy(c, m, mlen); ret = crypto_box_easy(c, c, (unsigned long long) mlen, nonce, bobpk, alicesk); assert(ret == 0); printf("%d\n", memcmp(m, c, mlen) == 0); printf("%d\n", memcmp(m, c + crypto_box_MACBYTES, mlen) == 0); if (crypto_box_open_easy(c, c, (unsigned long long) mlen + crypto_box_MACBYTES, nonce, alicepk, bobsk) != 0) { printf("crypto_box_open_easy() failed\n"); } ret = crypto_box_beforenm(k1, alicepk, bobsk); assert(ret == 0); ret = crypto_box_beforenm(k2, bobpk, alicesk); assert(ret == 0); memset(m2, 0, m2_size); if (crypto_box_easy_afternm(c, m, SIZE_MAX - 1U, nonce, k1) == 0) { printf("crypto_box_easy_afternm() with a short ciphertext should have failed\n"); } crypto_box_easy_afternm(c, m, (unsigned long long) mlen, nonce, k1); if (crypto_box_open_easy_afternm(m2, c, (unsigned long long) mlen + crypto_box_MACBYTES, nonce, k2) != 0) { printf("crypto_box_open_easy_afternm() failed\n"); } printf("%d\n", memcmp(m, m2, mlen)); if (crypto_box_open_easy_afternm(m2, c, crypto_box_MACBYTES - 1U, nonce, k2) == 0) { printf("crypto_box_open_easy_afternm() with a huge ciphertext should have failed\n"); } memset(m2, 0, m2_size); ret = crypto_box_detached(c, mac, m, (unsigned long long) mlen, nonce, alicepk, bobsk); assert(ret == 0); if (crypto_box_open_detached(m2, c, mac, (unsigned long long) mlen, nonce, bobpk, alicesk) != 0) { printf("crypto_box_open_detached() failed\n"); } printf("%d\n", memcmp(m, m2, mlen)); memset(m2, 0, m2_size); crypto_box_detached_afternm(c, mac, m, (unsigned long long) mlen, nonce, k1); if (crypto_box_open_detached_afternm(m2, c, mac, (unsigned long long) mlen, nonce, k2) != 0) { printf("crypto_box_open_detached_afternm() failed\n"); } printf("%d\n", memcmp(m, m2, mlen)); sodium_free(alicepk); sodium_free(alicesk); sodium_free(bobpk); sodium_free(bobsk); sodium_free(mac); sodium_free(nonce); sodium_free(k1); sodium_free(k2); sodium_free(m); sodium_free(m2); sodium_free(c); printf("OK\n"); return 0; }
uint32_t atheme_random_uniform(const uint32_t bound) { return randombytes_uniform(bound); }