int main(void) { unsigned char *k; unsigned char *bobsk; unsigned char *alicepk; int i; k = (unsigned char *) sodium_malloc(crypto_scalarmult_BYTES); bobsk = (unsigned char *) sodium_malloc(crypto_scalarmult_SCALARBYTES); alicepk = (unsigned char *) sodium_malloc(crypto_scalarmult_SCALARBYTES); assert(k != NULL && bobsk != NULL && alicepk != NULL); memcpy(bobsk, bobsk_, crypto_scalarmult_SCALARBYTES); memcpy(alicepk, alicepk_, crypto_scalarmult_SCALARBYTES); crypto_scalarmult(k, bobsk, alicepk); sodium_free(alicepk); sodium_free(bobsk); for (i = 0; i < 32; ++i) { if (i > 0) { printf(","); } else { printf(" "); } printf("0x%02x", (unsigned int)k[i]); if (i % 8 == 7) { printf("\n"); } } sodium_free(k); return 0; }
int main(void) { char *str_out; char *str_out2; char *salt; const char *passwd = "Correct Horse Battery Staple"; tv(); tv2(); salt = (char *) sodium_malloc(crypto_pwhash_SALTBYTES); str_out = (char *) sodium_malloc(crypto_pwhash_STRBYTES); str_out2 = (char *) sodium_malloc(crypto_pwhash_STRBYTES); memcpy(salt, ">A 16-bytes salt", crypto_pwhash_SALTBYTES); if (crypto_pwhash_str(str_out, passwd, strlen(passwd), OPSLIMIT, MEMLIMIT) != 0) { printf("pwhash_str failure\n"); } if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), OPSLIMIT, MEMLIMIT) != 0) { printf("pwhash_str(2) failure\n"); } if (strcmp(str_out, str_out2) == 0) { printf("pwhash_str doesn't generate different salts\n"); } if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) { printf("pwhash_str_verify failure\n"); } if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) { printf("pwhash_str_verify failure\n"); } str_out[14]++; if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) == 0) { printf("pwhash_str_verify(2) failure\n"); } str_out[14]--; assert(str_out[crypto_pwhash_STRBYTES - 1U] == 0); assert(crypto_pwhash_saltbytes() > 0U); assert(crypto_pwhash_strbytes() > 1U); assert(crypto_pwhash_strbytes() > strlen(crypto_pwhash_strprefix())); assert(crypto_pwhash_opslimit_interactive() > 0U); assert(crypto_pwhash_memlimit_interactive() > 0U); assert(crypto_pwhash_opslimit_moderate() > 0U); assert(crypto_pwhash_memlimit_moderate() > 0U); assert(crypto_pwhash_opslimit_sensitive() > 0U); assert(crypto_pwhash_memlimit_sensitive() > 0U); sodium_free(salt); sodium_free(str_out); sodium_free(str_out2); printf("OK\n"); return 0; }
int main(void) { void *buf; size_t size; unsigned int i; if (sodium_malloc(SIZE_MAX - 1U) != NULL) { return 1; } if (sodium_allocarray(SIZE_MAX / 2U + 1U, SIZE_MAX / 2U) != NULL) { return 1; } sodium_free(sodium_allocarray(0U, 0U)); sodium_free(sodium_allocarray(0U, 1U)); sodium_free(sodium_allocarray(1U, 0U)); buf = sodium_allocarray(1000U, 50U); memset(buf, 0, 50000U); sodium_free(buf); sodium_free(sodium_malloc(0U)); sodium_free(NULL); for (i = 0U; i < 10000U; i++) { size = randombytes_uniform(100000U); buf = sodium_malloc(size); assert(buf != NULL); memset(buf, i, size); sodium_mprotect_noaccess(buf); sodium_free(buf); } printf("OK\n"); #ifdef SIGSEGV signal(SIGSEGV, segv_handler); #endif #ifdef SIGBUS signal(SIGBUS, segv_handler); #endif #ifdef SIGABRT signal(SIGABRT, segv_handler); #endif size = randombytes_uniform(100000U); buf = sodium_malloc(size); assert(buf != NULL); sodium_mprotect_readonly(buf); sodium_mprotect_readwrite(buf); #ifndef __EMSCRIPTEN__ sodium_memzero(((unsigned char *)buf) + size, 1U); sodium_mprotect_noaccess(buf); sodium_free(buf); printf("Overflow not caught\n"); #endif return 0; }
int main(void) { unsigned char *alicepk = (unsigned char *) sodium_malloc(crypto_scalarmult_BYTES); unsigned char *bobpk = (unsigned char *) sodium_malloc(crypto_scalarmult_BYTES); unsigned char *k = (unsigned char *) sodium_malloc(crypto_scalarmult_BYTES); int ret; assert(alicepk != NULL && bobpk != NULL && k != NULL); crypto_scalarmult_base(alicepk, alicesk); sodium_bin2hex(hex, sizeof hex, alicepk, crypto_scalarmult_BYTES); printf("%s\n", hex); crypto_scalarmult_base(bobpk, bobsk); sodium_bin2hex(hex, sizeof hex, bobpk, crypto_scalarmult_BYTES); printf("%s\n", hex); ret = crypto_scalarmult(k, alicesk, bobpk); assert(ret == 0); sodium_bin2hex(hex, sizeof hex, k, crypto_scalarmult_BYTES); printf("%s\n", hex); ret = crypto_scalarmult(k, bobsk, alicepk); assert(ret == 0); sodium_bin2hex(hex, sizeof hex, k, crypto_scalarmult_BYTES); printf("%s\n", hex); ret = crypto_scalarmult(k, bobsk, small_order_p); assert(ret == -1); sodium_bin2hex(hex, sizeof hex, k, crypto_scalarmult_BYTES); printf("%s\n", hex); sodium_free(bobpk); sodium_free(alicepk); sodium_free(k); assert(crypto_scalarmult_bytes() > 0U); assert(crypto_scalarmult_scalarbytes() > 0U); assert(strcmp(crypto_scalarmult_primitive(), "curve25519") == 0); assert(crypto_scalarmult_bytes() == crypto_scalarmult_curve25519_bytes()); assert(crypto_scalarmult_scalarbytes() == crypto_scalarmult_curve25519_scalarbytes()); assert(crypto_scalarmult_bytes() == crypto_scalarmult_scalarbytes()); return 0; }
int main(void) { void *buf; size_t size; #ifdef SIGSEGV signal(SIGSEGV, segv_handler); #endif #ifdef SIGBUS signal(SIGBUS, segv_handler); #endif #ifdef SIGABRT signal(SIGABRT, segv_handler); #endif size = 1U + randombytes_uniform(100000U); buf = sodium_malloc(size); assert(buf != NULL); sodium_mprotect_noaccess(buf); sodium_mprotect_readwrite(buf); #ifndef __EMSCRIPTEN__ sodium_memzero(((unsigned char *)buf) - 8, 8U); sodium_mprotect_readonly(buf); sodium_free(buf); printf("Underflow not caught\n"); #endif return 0; }
/* * create an empty user_store_node and set up all the pointers. */ return_status create_user_store_node(user_store_node ** const node) { return_status status = return_status_init(); if (node == NULL) { throw(INVALID_INPUT, "Pointer to put new user store node into is NULL."); } *node = sodium_malloc(sizeof(user_store_node)); throw_on_failed_alloc(*node); //initialise pointers (*node)->previous = NULL; (*node)->next = NULL; (*node)->prekeys = NULL; (*node)->master_keys = NULL; //initialise the public_signing key buffer buffer_init_with_pointer((*node)->public_signing_key, (*node)->public_signing_key_storage, PUBLIC_MASTER_KEY_SIZE, PUBLIC_MASTER_KEY_SIZE); conversation_store_init((*node)->conversations); cleanup: on_error { if (node != NULL) { *node = NULL; } } return status; }
//create a new user_store return_status user_store_create(user_store ** const store) { return_status status = return_status_init(); //check input if (store == NULL) { throw(INVALID_INPUT, "Pointer to put new user store into is NULL."); } *store = sodium_malloc(sizeof(user_store)); throw_on_failed_alloc(*store); //initialise (*store)->length = 0; (*store)->head = NULL; (*store)->tail = NULL; cleanup: on_error { if (store != NULL) { *store = NULL; } } return status; }
static void mm_generichash(void) { crypto_generichash_state st; unsigned char *h, *h2; unsigned char *k; unsigned char *m; size_t hlen; size_t klen; size_t mlen; size_t l1, l2; int i; for (i = 0; i < MAX_ITER; i++) { mlen = randombytes_uniform(MAXLEN); m = (unsigned char *) sodium_malloc(mlen); klen = randombytes_uniform(crypto_generichash_KEYBYTES_MAX - crypto_generichash_KEYBYTES_MIN + 1U) + crypto_generichash_KEYBYTES_MIN; k = (unsigned char *) sodium_malloc(klen); hlen = randombytes_uniform(crypto_generichash_BYTES_MAX - crypto_generichash_BYTES_MIN + 1U) + crypto_generichash_BYTES_MIN; h = (unsigned char *) sodium_malloc(hlen); h2 = (unsigned char *) sodium_malloc(hlen); randombytes_buf(k, klen); randombytes_buf(m, mlen); crypto_generichash_init(&st, k, klen, hlen); l1 = randombytes_uniform(mlen); l2 = randombytes_uniform(mlen - l1); crypto_generichash_update(&st, m, l1); crypto_generichash_update(&st, m + l1, l2); crypto_generichash_update(&st, m + l1 + l2, mlen - l1 - l2); crypto_generichash_final(&st, h, hlen); crypto_generichash(h2, hlen, m, mlen, k, klen); assert(memcmp(h, h2, hlen) == 0); sodium_free(h2); sodium_free(h); sodium_free(k); sodium_free(m); } }
static int file_encrypt(int fd, off_t total_len) { unsigned char *in; unsigned char *k; blobcrypt_encrypt_state *state; ssize_t readnb; int ret = -1; if (isatty(1)) { fprintf(stderr, "I'm not going to write to a terminal\n"); return -1; } k = sodium_malloc(blobcrypt_KEYBYTES); if (get_key_from_password(k, blobcrypt_KEYBYTES, 1) != 0) { sodium_free(k); return -1; } in = sodium_malloc(IN_BUFFER_SIZE); state = sodium_malloc(sizeof *state); blobcrypt_encrypt_init(state, write_cb, close_success_cb, close_error_cb, NULL, total_len, k); do { if ((readnb = safe_read(fd, in, IN_BUFFER_SIZE)) <= 0) { if (readnb == -1) { perror("read"); } break; } } while (blobcrypt_encrypt_update(state, in, (size_t) readnb) == 0); if (blobcrypt_encrypt_final(state) == 0) { fprintf(stderr, "Success!\n"); ret = 0; } sodium_free(in); sodium_free(k); sodium_free(state); return ret; }
static void tv3(void) { static struct { const char *passwd; const char *out; } tests[] = { { "", "$argon2id$v=19$m=4096,t=0,p=1$X1NhbHQAAAAAAAAAAAAAAA$bWh++MKN1OiFHKgIWTLvIi1iHicmHH7+Fv3K88ifFfI" }, { "", "$argon2id$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" }, { "", "$argon2id$v=19$m=4882,t=2,p=1$bA81arsiXysd3WbTRzmEOw$Nm8QBM+7RH1DXo9rvp5cwKEOOOfD2g6JuxlXihoNcpE" }, { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ", "$argon2id$v=19$m=4096,t=0,p=1$PkEgMTYtYnl0ZXMgc2FsdA$ltB/ue1kPtBMBGfsysMpPigE6hiNEKZ9vs8vLNVDQGA" }, { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ", "$argon2id$v=19$m=4096,t=19,p=1$PkEgMTYtYnl0ZXMgc2FsdA$ltB/ue1kPtBMBGfsysMpPigE6hiNEKZ9vs8vLNVDQGA" }, { "K3S=KyH#)36_?]LxeR8QNKw6X=gFbxai$C%29V*", "$argon2id$v=19$m=4096,t=1,p=3$PkEgcHJldHR5IGxvbmcgc2FsdA$HUqx5Z1b/ZypnUrvvJ5UC2Q+T6Q1WwASK/Kr9dRbGA0" } }; char *out; char *passwd; size_t i = 0U; int ret; do { out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); assert(out != NULL); memcpy(out, tests[i].out, strlen(tests[i].out) + 1U); passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); assert(passwd != NULL); memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); ret = crypto_pwhash_str_verify(out, passwd, strlen(passwd)); sodium_free(out); sodium_free(passwd); if (ret != 0) { printf("[tv3] pwhash_argon2id_str failure (maybe intentional): [%u]\n", (unsigned int) i); } } while (++i < (sizeof tests) / (sizeof tests[0])); }
static void tv3(void) { static struct { const char *passwd; const char *out; } tests[] = { { "", "$argon2i$v=19$m=4096,t=1,p=1$X1NhbHQAAAAAAAAAAAAAAA$bWh++" "MKN1OiFHKgIWTLvIi1iHicmHH7+Fv3K88ifFfI" }, { "", "$argon2i$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/" "Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" }, { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ", "$argon2i$v=19$m=4096,t=3,p=2$X1NhbHQAAAAAAAAAAAAAAA$z/QMiU4lQxGsYNc/" "+K/bizwsA1P11UG2dj/7+aILJ4I" }, { "K3S=KyH#)36_?]LxeR8QNKw6X=gFbxai$C%29V*", "$argon2i$v=19$m=4096,t=3,p=1$X1NhbHQAAAAAAAAAAAAAAA$fu2Wsecyt+" "yPnBvSvYN16oP5ozRmkp0ixJ1YL19V3Uo" } }; char *out; char *passwd; size_t i = 0U; do { out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); assert(out != NULL); memcpy(out, tests[i].out, strlen(tests[i].out) + 1U); passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); assert(passwd != NULL); memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); if (crypto_pwhash_str_verify(out, passwd, strlen(passwd)) != 0) { printf("[tv3] pwhash_str failure (maybe intentional): [%u]\n", (unsigned int) i); continue; } sodium_free(out); sodium_free(passwd); } while (++i < (sizeof tests) / (sizeof tests[0])); }
static void mm_hmacsha256(void) { crypto_auth_hmacsha256_state st; unsigned char *h, *h2; unsigned char *k; unsigned char *m; size_t mlen; size_t l1, l2; int i; for (i = 0; i < MAX_ITER; i++) { mlen = randombytes_uniform(MAXLEN); m = (unsigned char *) sodium_malloc(mlen); k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_KEYBYTES); h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES); h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES); crypto_auth_hmacsha256_keygen(k); randombytes_buf(m, mlen); crypto_auth_hmacsha256_init(&st, k, crypto_auth_hmacsha256_KEYBYTES); l1 = randombytes_uniform(mlen); l2 = randombytes_uniform(mlen - l1); crypto_auth_hmacsha256_update(&st, m, l1); crypto_auth_hmacsha256_update(&st, m + l1, l2); crypto_auth_hmacsha256_update(&st, m + l1 + l2, mlen - l1 - l2); crypto_auth_hmacsha256_final(&st, h); crypto_auth_hmacsha256(h2, m, mlen, k); assert(memcmp(h, h2, crypto_auth_hmacsha256_BYTES) == 0); sodium_free(h2); sodium_free(h); sodium_free(k); sodium_free(m); } }
return_status master_keys_import( master_keys ** const keys, const Key * const public_signing_key, const Key * const private_signing_key, const Key * const public_identity_key, const Key * const private_identity_key) { return_status status = return_status_init(); //check inputs if ((keys == NULL) || (public_signing_key == NULL) || (private_signing_key == NULL) || (public_identity_key == NULL) || (private_identity_key == NULL)) { throw(INVALID_INPUT, "Invalid input to master_keys_import."); } *keys = sodium_malloc(sizeof(master_keys)); throw_on_failed_alloc(*keys); //initialize the buffers buffer_init_with_pointer((*keys)->public_signing_key, (*keys)->public_signing_key_storage, PUBLIC_MASTER_KEY_SIZE, 0); buffer_init_with_pointer((*keys)->private_signing_key, (*keys)->private_signing_key_storage, PRIVATE_MASTER_KEY_SIZE, 0); buffer_init_with_pointer((*keys)->public_identity_key, (*keys)->public_identity_key_storage, PUBLIC_KEY_SIZE, 0); buffer_init_with_pointer((*keys)->private_identity_key, (*keys)->private_identity_key_storage, PRIVATE_KEY_SIZE, 0); //copy the keys if (buffer_clone_from_raw((*keys)->public_signing_key, public_signing_key->key.data, public_signing_key->key.len) != 0) { throw(BUFFER_ERROR, "Failed to copy public signing key."); } if (buffer_clone_from_raw((*keys)->private_signing_key, private_signing_key->key.data, private_signing_key->key.len) != 0) { throw(BUFFER_ERROR, "Failed to copy private signing key."); } if (buffer_clone_from_raw((*keys)->public_identity_key, public_identity_key->key.data, public_identity_key->key.len) != 0) { throw(BUFFER_ERROR, "Failed to copy public identity key."); } if (buffer_clone_from_raw((*keys)->private_identity_key, private_identity_key->key.data, private_identity_key->key.len) != 0) { throw(BUFFER_ERROR, "Failed to copy private identity key."); } sodium_mprotect_noaccess(*keys); cleanup: on_error { if (keys != NULL) { sodium_free_and_null_if_valid(*keys); } } return status; }
// Generates a new Ed25519 private key seed. The key seed is stored in the object. int EdDSA::genKeySeed(unsigned char* privKey) { // Make space for a new key seed (if not present). if (!this->keySeed) { this->keySeed = (unsigned char*)sodium_malloc(crypto_sign_SEEDBYTES); if (this->keySeed == NULL) { // Something went wrong allocating the memory. return(0); } } // Now make the new key seed. randombytes_buf(this->keySeed, crypto_sign_SEEDBYTES); // Copy it to privKey before returning. if (privKey) { memcpy(privKey, this->keySeed, crypto_sign_SEEDBYTES); } return(1); }
/* * Init kickpass with a working directory and its corresponding master password. */ kp_error_t kp_init(struct kp_ctx *ctx) { const char *home; char **password; password = (char **)&ctx->password; home = getenv("HOME"); if (!home) { return KP_NO_HOME; } if (strlcpy(ctx->ws_path, home, PATH_MAX) >= PATH_MAX) { errno = ENOMEM; return KP_ERRNO; } if (strlcat(ctx->ws_path, "/" KP_PATH, PATH_MAX) >= PATH_MAX) { errno = ENOMEM; return KP_ERRNO; } if (sodium_init() != 0) { return KP_EINTERNAL; } *password = sodium_malloc(KP_PASSWORD_MAX_LEN); if (!ctx->password) { errno = ENOMEM; return KP_ERRNO; } ctx->cfg.memlimit = crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE/5; ctx->cfg.opslimit = crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE/5; return KP_SUCCESS; }
static int options_use_client_key_file(ProxyContext * const proxy_context) { unsigned char *key; char *key_s; const size_t header_len = (sizeof OPTIONS_CLIENT_KEY_HEADER) - 1U; size_t key_s_len; if ((key_s = options_read_file(proxy_context->client_key_file)) == NULL) { logger_error(proxy_context, "Unable to read the client key file"); return -1; } if ((key = sodium_malloc(header_len + crypto_box_SECRETKEYBYTES)) == NULL) { logger_noformat(proxy_context, LOG_EMERG, "Out of memory"); free(key_s); return -1; } if (sodium_hex2bin(key, header_len + crypto_box_SECRETKEYBYTES, key_s, strlen(key_s), ": -", &key_s_len, NULL) != 0 || key_s_len < (header_len + crypto_box_SECRETKEYBYTES) || memcmp(key, OPTIONS_CLIENT_KEY_HEADER, header_len) != 0) { logger_noformat(proxy_context, LOG_ERR, "The client key file doesn't seem to contain a supported key format"); sodium_free(key); free(key_s); return -1; } sodium_memzero(key_s, strlen(key_s)); free(key_s); assert(sizeof proxy_context->dnscrypt_client.secretkey <= key_s_len - header_len); memcpy(proxy_context->dnscrypt_client.secretkey, key + header_len, sizeof proxy_context->dnscrypt_client.secretkey); sodium_free(key); return 0; }
static void tv_secretbox_xchacha20poly1305(void) { static const XChaCha20Poly1305TV tvs[] = { { "065ff46a9dddb1ab047ee5914d6d575a828b8cc1f454b24e8cd0f57efdc49a34", "f83262646ce01293b9923a65a073df78c54b2e799cd6c4e5", "", "4c72340416339dcdea01b760db5adaf7" }, { "d3c71d54e6b13506e07aa2e7b412a17a7a1f34df3d3148cd3f45b91ccaa5f4d9", "943b454a853aa514c63cf99b1e197bbb99da24b2e2d93e47", "76bd706e07741e713d90efdb34ad202067263f984942aae8bda159f30dfccc72200f8093520b85c5ad124ff7c8b2d920946e5cfff4b819abf84c7b35a6205ca72c9f8747c3044dd73fb4bebda1b476", "0384276f1cfa5c82c3e58f0f2acc1f821c6f526d2c19557cf8bd270fcde43fba1d88890663f7b2f5c6b1d7deccf5c91b4df5865dc55cc7e04d6793fc2db8f9e3b418f95cb796d67a7f3f7e097150cb607c435dacf82eac3d669866e5092ace" }, { "9498fdb922e0596e32af7f8108def2068f5a32a5ac70bd33ade371701f3d98d0", "a0056f24be0d20106fe750e2ee3684d4457cbdcb3a74e566", "b1bc9cfedb340fb06a37eba80439189e48aa0cfd37020eec0afa09165af12864671b3fbddbbb20ac18f586f2f66d13b3ca40c9a7e21c4513a5d87a95319f8ca3c2151e2a1b8b86a35653e77f90b9e63d2a84be9b9603876a89d60fd708edcd64b41be1064b8ad1046553aaeb51dc70b8112c9915d94f2a5dad1e14e7009db6c703c843a4f64b77d44b179b9579ac497dac2d33", "4918790d46893fa3dca74d8abc57eef7fca2c6393d1beef5efa845ac20475db38d1a068debf4c5dbd8614eb072877c565dc52bd40941f0b590d2079a5028e426bf50bcbaadcbebf278bddceedc578a5e31379523dee15026ec82d34e56f2871fdf13255db199ac48f163d5ee7e4f4e09a39451356959d9242a39aea33990ab960a4c25346e3d9397fc5e7cb6266c2476411cd331f2bcb4486750c746947ec6401865d5" }, { "fa2d915e044d0519248150e7c815b01f0f2a691c626f8d22c3ef61e7f16eea47", "c946065dc8befa9cc9f292ea2cf28f0256285565051792b7", "d5be1a24c7872115dc5c5b4234dbee35a6f89ae3a91b3e33d75249a0aecfed252341295f49296f7ee14d64de1ea6355cb8facd065052d869aeb1763cda7e418a7e33b6f7a81327181df6cd4de3a126d9df1b5e8b0b1a6b281e63f2", "6d32e3571afec58b0acabb54a287118b3ed6691f56cc8ead12d735352c9a050c2ca173c78b6092f9ad4b7c21c36fb0ce18560956395bab3099c54760a743051ac6a898a0b0034b5e953340c975cf7a873c56b27e66bca2bff1dd977addefc7935bb7550753dd13d1f1a43d" }, { "6f149c2ec27af45176030c8dd7ab0e1e488f5803f26f75045d7a56f59a587a85", "952aff2f39bc70016f04ac7fb8b55fd22764ba16b56e255d", "8fde598c4bde5786abdc6ab83fce66d59782b6ce36afe028c447ad4086a748764afa88a520e837a9d56d0b7693b0476649f24c2aa44b94615a1efc75", "9bccf07974836fa4609d32d9527d928d184d9c6c0823af2f703e0e257a162d26d3678fa15ab1c4db76ac42084d32cefca8efaf77814c199b310999e327a3e3daa2e235b175979504ede87b58" }, { "b964b7fdf442efbcc2cd3e4cd596035bdfb05ed7d44f7fd4dce2d5614af5c8c4", "2886fbfa4b35b68f28d31df6243a4fbc56475b69e24820a4", "", "b83fbdd112bf0f7d62eff96c9faa8850" }, { "10c0ad4054b48d7d1de1d9ab6f782ca883d886573e9d18c1d47b6ee6b5208189", "977edf57428d0e0247a3c88c9a9ec321bbaae1a4da8353b5", "518e4a27949812424b2a381c3efea6055ee5e75eff", "0c801a037c2ed0500d6ef68e8d195eceb05a15f8edb68b35773e81ac2aca18e9be53416f9a" }, { "7db0a81d01699c86f47a3ec76d46aa32660adad7f9ac72cf8396419f789f6bb1", "e7cb57132ce954e28f4470cca1dbda20b534cdf32fbe3658", "ee6511d403539e611ab312205f0c3b8f36a33d36f1dc44bb33d6836f0ab93b9f1747167bf0150f045fcd12a39479641d8bdde6fe01475196e8fe2c435e834e30a59f6aaa01ebcd", "ae8b1d4df4f982b2702626feca07590fedd0dfa7ae34e6a098372a1aa32f9fbf0ce2a88b5c16a571ef48f3c9fda689ce8ebb9947c9e2a28e01b1191efc81ad2ce0ed6e6fc7c164b1fc7f3d50b7f5e47a895db3c1fc46c0" }, { "7b043dd27476cf5a2baf2907541d8241ecd8b97d38d08911737e69b0846732fb", "74706a2855f946ed600e9b453c1ac372520b6a76a3c48a76", "dbf165bb8352d6823991b99f3981ba9c8153635e5695477cba54e96a2a8c4dc5f9dbe817887d7340e3f48a", "ce57261afba90a9598de15481c43f26f7b8c8cb2806c7c977752dba898dc51b92a3f1a62ebf696747bfccf72e0edda97f2ccd6d496f55aefbb3ec2" }, { "e588e418d658df1b2b1583122e26f74ca3506b425087bea895d81021168f8164", "4f4d0ffd699268cd841ce4f603fe0cd27b8069fcf8215fbb", "f91bcdcf4d08ba8598407ba8ef661e66c59ca9d89f3c0a3542e47246c777091e4864e63e1e3911dc01257255e551527a53a34481be", "22dc88de7cacd4d9ce73359f7d6e16e74caeaa7b0d1ef2bb10fda4e79c3d5a9aa04b8b03575fd27bc970c9ed0dc80346162469e0547030ddccb8cdc95981400907c87c9442" } }; const XChaCha20Poly1305TV *tv; unsigned char *m; unsigned char *nonce; unsigned char *key; unsigned char *out; unsigned char *out2; size_t m_len; size_t out_len; size_t n; int i; key = (unsigned char *) sodium_malloc (crypto_secretbox_xchacha20poly1305_KEYBYTES); nonce = (unsigned char *) sodium_malloc (crypto_secretbox_xchacha20poly1305_NONCEBYTES); for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) { tv = &tvs[i]; m_len = strlen(tv->m) / 2; m = (unsigned char *) sodium_malloc(m_len); sodium_hex2bin(key, crypto_secretbox_xchacha20poly1305_KEYBYTES, tv->key, strlen(tv->key), NULL, NULL, NULL); sodium_hex2bin(nonce, crypto_secretbox_xchacha20poly1305_NONCEBYTES, tv->nonce, strlen(tv->nonce), NULL, NULL, NULL); sodium_hex2bin(m, m_len, tv->m, strlen(tv->m), NULL, NULL, NULL); out = (unsigned char *) sodium_malloc (crypto_secretbox_xchacha20poly1305_MACBYTES + m_len); out2 = (unsigned char *) sodium_malloc (crypto_secretbox_xchacha20poly1305_MACBYTES + m_len); sodium_hex2bin(out, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, tv->out, strlen(tv->out), NULL, NULL, NULL); crypto_secretbox_xchacha20poly1305_easy(out2, m, m_len, nonce, key); assert(memcmp(out, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0); n = randombytes_uniform(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len); out2[n]++; assert(crypto_secretbox_xchacha20poly1305_open_easy (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, nonce, key) == -1); out2[n]--; nonce[0]++; assert(crypto_secretbox_xchacha20poly1305_open_easy (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, nonce, key) == -1); nonce[0]--; assert(crypto_secretbox_xchacha20poly1305_open_easy (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, nonce, key) == 0); assert(memcmp(m, out2, m_len) == 0); assert(crypto_secretbox_xchacha20poly1305_open_detached (out2, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out, m_len, nonce, key) == 0); crypto_secretbox_xchacha20poly1305_detached (out2 + crypto_secretbox_xchacha20poly1305_MACBYTES, out2, m, m_len, nonce, key); assert(memcmp(out, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0); sodium_free(out); sodium_free(out2); sodium_free(m); } sodium_free(nonce); sodium_free(key); assert(crypto_secretbox_xchacha20poly1305_keybytes() == crypto_secretbox_xchacha20poly1305_KEYBYTES); assert(crypto_secretbox_xchacha20poly1305_noncebytes() == crypto_secretbox_xchacha20poly1305_NONCEBYTES); assert(crypto_secretbox_xchacha20poly1305_macbytes() == crypto_secretbox_xchacha20poly1305_MACBYTES); printf("tv_secretbox_xchacha20: ok\n"); }
static void tv_hchacha20(void) { static const HChaCha20TV tvs[] = { { "24f11cce8a1b3d61e441561a696c1c1b7e173d084fd4812425435a8896a013dc", "d9660c5900ae19ddad28d6e06e45fe5e", "5966b3eec3bff1189f831f06afe4d4e3be97fa9235ec8c20d08acfbbb4e851e3" }, { "80a5f6272031e18bb9bcd84f3385da65e7731b7039f13f5e3d475364cd4d42f7", "c0eccc384b44c88e92c57eb2d5ca4dfa", "6ed11741f724009a640a44fce7320954c46e18e0d7ae063bdbc8d7cf372709df" }, { "cb1fc686c0eec11a89438b6f4013bf110e7171dace3297f3a657a309b3199629", "fcd49b93e5f8f299227e64d40dc864a3", "84b7e96937a1a0a406bb7162eeaad34308d49de60fd2f7ec9dc6a79cbab2ca34" }, { "6640f4d80af5496ca1bc2cfff1fefbe99638dbceaabd7d0ade118999d45f053d", "31f59ceeeafdbfe8cae7914caeba90d6", "9af4697d2f5574a44834a2c2ae1a0505af9f5d869dbe381a994a18eb374c36a0" }, { "0693ff36d971225a44ac92c092c60b399e672e4cc5aafd5e31426f123787ac27", "3a6293da061da405db45be1731d5fc4d", "f87b38609142c01095bfc425573bb3c698f9ae866b7e4216840b9c4caf3b0865" }, { "809539bd2639a23bf83578700f055f313561c7785a4a19fc9114086915eee551", "780c65d6a3318e479c02141d3f0b3918", "902ea8ce4680c09395ce71874d242f84274243a156938aaa2dd37ac5be382b42" }, { "1a170ddf25a4fd69b648926e6d794e73408805835c64b2c70efddd8cd1c56ce0", "05dbee10de87eb0c5acb2b66ebbe67d3", "a4e20b634c77d7db908d387b48ec2b370059db916e8ea7716dc07238532d5981" }, { "3b354e4bb69b5b4a1126f509e84cad49f18c9f5f29f0be0c821316a6986e15a6", "d8a89af02f4b8b2901d8321796388b6c", "9816cb1a5b61993735a4b161b51ed2265b696e7ded5309c229a5a99f53534fbc" }, { "4b9a818892e15a530db50dd2832e95ee192e5ed6afffb408bd624a0c4e12a081", "a9079c551de70501be0286d1bc78b045", "ebc5224cf41ea97473683b6c2f38a084bf6e1feaaeff62676db59d5b719d999b" }, { "c49758f00003714c38f1d4972bde57ee8271f543b91e07ebce56b554eb7fa6a7", "31f0204e10cf4f2035f9e62bb5ba7303", "0dd8cc400f702d2c06ed920be52048a287076b86480ae273c6d568a2e9e7518c" } }; const HChaCha20TV *tv; unsigned char *constant; unsigned char *key; unsigned char *in; unsigned char *out; unsigned char *out2; int i; constant = (unsigned char *) sodium_malloc(crypto_core_hchacha20_CONSTBYTES); key = (unsigned char *) sodium_malloc(crypto_core_hchacha20_KEYBYTES); in = (unsigned char *) sodium_malloc(crypto_core_hchacha20_INPUTBYTES); out = (unsigned char *) sodium_malloc(crypto_core_hchacha20_OUTPUTBYTES); out2 = (unsigned char *) sodium_malloc(crypto_core_hchacha20_OUTPUTBYTES); for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) { tv = &tvs[i]; sodium_hex2bin(key, crypto_core_hchacha20_KEYBYTES, tv->key, strlen(tv->key), NULL, NULL, NULL); sodium_hex2bin(in, crypto_core_hchacha20_INPUTBYTES, tv->in, strlen(tv->in), NULL, NULL, NULL); sodium_hex2bin(out, crypto_core_hchacha20_OUTPUTBYTES, tv->out, strlen(tv->out), NULL, NULL, NULL); crypto_core_hchacha20(out2, in, key, NULL); assert(memcmp(out, out2, crypto_core_hchacha20_OUTPUTBYTES) == 0); } sodium_hex2bin(constant, crypto_core_hchacha20_CONSTBYTES, "0d29b795c1ca70c1652e823364d32417", crypto_core_hchacha20_CONSTBYTES * 2 + 1, NULL, NULL, NULL); sodium_hex2bin(out, crypto_core_hchacha20_OUTPUTBYTES, "934d941d78eb9bfc2f0376f7ccd4a11ecf0c6a44104618a9749ef47fe97037a2", crypto_core_hchacha20_OUTPUTBYTES * 2 + 1, NULL, NULL, NULL); crypto_core_hchacha20(out2, in, key, constant); assert(memcmp(out, out2, crypto_core_hchacha20_OUTPUTBYTES) == 0); sodium_free(out2); sodium_free(out); sodium_free(in); sodium_free(key); sodium_free(constant); assert(crypto_core_hchacha20_outputbytes() == crypto_core_hchacha20_OUTPUTBYTES); assert(crypto_core_hchacha20_inputbytes() == crypto_core_hchacha20_INPUTBYTES); assert(crypto_core_hchacha20_keybytes() == crypto_core_hchacha20_KEYBYTES); assert(crypto_core_hchacha20_constbytes() == crypto_core_hchacha20_CONSTBYTES); printf("tv_hchacha20: ok\n"); }
/* * Start a new ratchet chain. This derives an initial root key and returns a new ratchet state. * * All the keys will be copied so you can free the buffers afterwards. (private identity get's * immediately deleted after deriving the initial root key though!) * * The return value is a valid ratchet state or NULL if an error occured. */ ratchet_state* ratchet_create( const unsigned char * const our_private_identity, const unsigned char * const our_public_identity, const unsigned char * const their_public_identity, const unsigned char * const our_private_ephemeral, const unsigned char * const our_public_ephemeral, const unsigned char * const their_public_ephemeral, bool am_i_alice) { ratchet_state *state = sodium_malloc(sizeof(ratchet_state)); if (state == NULL) { //failed to allocate memory return NULL; } //derive initial chain, root and header keys int status = derive_initial_root_chain_and_header_keys( state->root_key, state->send_chain_key, state->receive_chain_key, state->send_header_key, state->receive_header_key, state->next_send_header_key, state->next_receive_header_key, our_private_identity, our_public_identity, their_public_identity, our_private_ephemeral, our_public_ephemeral, their_public_ephemeral, am_i_alice); if (status != 0) { sodium_memzero(state->root_key, sizeof(state->root_key)); sodium_memzero(state->send_chain_key, sizeof(state->send_chain_key)); sodium_memzero(state->receive_chain_key, sizeof(state->receive_chain_key)); sodium_memzero(state->send_header_key, sizeof(state->send_header_key)); sodium_memzero(state->receive_header_key, sizeof(state->receive_header_key)); sodium_memzero(state->next_send_header_key, sizeof(state->next_send_header_key)); sodium_memzero(state->next_receive_header_key, sizeof(state->receive_header_key)); sodium_free(state); return NULL; } //copy keys into state //our public identity memcpy(state->our_public_identity, our_public_identity, sizeof(state->our_public_identity)); //their_public_identity memcpy(state->their_public_identity, their_public_identity, sizeof(state->their_public_identity)); //our_private_ephemeral memcpy(state->our_private_ephemeral, our_private_ephemeral, sizeof(state->our_private_ephemeral)); //our_public_ephemeral memcpy(state->our_public_ephemeral, our_public_ephemeral, sizeof(state->our_public_ephemeral)); //their_public_ephemeral memcpy(state->their_public_ephemeral, their_public_ephemeral, sizeof(state->their_public_ephemeral)); //initialise message keystore for skipped messages state->skipped_header_and_message_keys = header_and_message_keystore_init(); state->purported_header_and_message_keys = header_and_message_keystore_init(); //set other state state->am_i_alice = am_i_alice; state->ratchet_flag = am_i_alice; state->received_valid = true; //allowing the receival of new messages state->header_decryptable = NOT_TRIED; state->send_message_number = 0; state->receive_message_number = 0; state->previous_message_number = 0; return state; }
int main(void) { unsigned char *alicepk; unsigned char *alicesk; unsigned char *bobpk; unsigned char *bobsk; unsigned char *mac; unsigned char *nonce; unsigned char *k1; unsigned char *k2; unsigned char *m; unsigned char *m2; unsigned char *c; size_t mlen; size_t i; size_t m_size; size_t m2_size; size_t c_size; int ret; m2_size = m_size = 1U + randombytes_uniform(10000); c_size = crypto_box_MACBYTES + m_size; m = (unsigned char *) sodium_malloc(m_size); m2 = (unsigned char *) sodium_malloc(m2_size); c = (unsigned char *) sodium_malloc(c_size); alicepk = (unsigned char *) sodium_malloc(crypto_box_PUBLICKEYBYTES); alicesk = (unsigned char *) sodium_malloc(crypto_box_SECRETKEYBYTES); bobpk = (unsigned char *) sodium_malloc(crypto_box_PUBLICKEYBYTES); bobsk = (unsigned char *) sodium_malloc(crypto_box_SECRETKEYBYTES); mac = (unsigned char *) sodium_malloc(crypto_box_MACBYTES); nonce = (unsigned char *) sodium_malloc(crypto_box_NONCEBYTES); k1 = (unsigned char *) sodium_malloc(crypto_box_BEFORENMBYTES); k2 = (unsigned char *) sodium_malloc(crypto_box_BEFORENMBYTES); crypto_box_keypair(alicepk, alicesk); crypto_box_keypair(bobpk, bobsk); mlen = (size_t) randombytes_uniform((uint32_t) m_size) + 1U; randombytes_buf(m, mlen); randombytes_buf(nonce, crypto_box_NONCEBYTES); ret = crypto_box_easy(c, m, mlen, nonce, bobpk, alicesk); assert(ret == 0); if (crypto_box_open_easy(m2, c, (unsigned long long) mlen + crypto_box_MACBYTES, nonce, alicepk, bobsk) != 0) { printf("open() failed"); return 1; } printf("%d\n", memcmp(m, m2, mlen)); for (i = 0; i < mlen + crypto_box_MACBYTES - 1; i++) { if (crypto_box_open_easy(m2, c, (unsigned long long) i, nonce, alicepk, bobsk) == 0) { printf("short open() should have failed"); return 1; } } memcpy(c, m, mlen); ret = crypto_box_easy(c, c, (unsigned long long) mlen, nonce, bobpk, alicesk); assert(ret == 0); printf("%d\n", memcmp(m, c, mlen) == 0); printf("%d\n", memcmp(m, c + crypto_box_MACBYTES, mlen) == 0); if (crypto_box_open_easy(c, c, (unsigned long long) mlen + crypto_box_MACBYTES, nonce, alicepk, bobsk) != 0) { printf("crypto_box_open_easy() failed\n"); } ret = crypto_box_beforenm(k1, alicepk, bobsk); assert(ret == 0); ret = crypto_box_beforenm(k2, bobpk, alicesk); assert(ret == 0); memset(m2, 0, m2_size); if (crypto_box_easy_afternm(c, m, SIZE_MAX - 1U, nonce, k1) == 0) { printf("crypto_box_easy_afternm() with a short ciphertext should have failed\n"); } crypto_box_easy_afternm(c, m, (unsigned long long) mlen, nonce, k1); if (crypto_box_open_easy_afternm(m2, c, (unsigned long long) mlen + crypto_box_MACBYTES, nonce, k2) != 0) { printf("crypto_box_open_easy_afternm() failed\n"); } printf("%d\n", memcmp(m, m2, mlen)); if (crypto_box_open_easy_afternm(m2, c, crypto_box_MACBYTES - 1U, nonce, k2) == 0) { printf("crypto_box_open_easy_afternm() with a huge ciphertext should have failed\n"); } memset(m2, 0, m2_size); ret = crypto_box_detached(c, mac, m, (unsigned long long) mlen, nonce, alicepk, bobsk); assert(ret == 0); if (crypto_box_open_detached(m2, c, mac, (unsigned long long) mlen, nonce, bobpk, alicesk) != 0) { printf("crypto_box_open_detached() failed\n"); } printf("%d\n", memcmp(m, m2, mlen)); memset(m2, 0, m2_size); crypto_box_detached_afternm(c, mac, m, (unsigned long long) mlen, nonce, k1); if (crypto_box_open_detached_afternm(m2, c, mac, (unsigned long long) mlen, nonce, k2) != 0) { printf("crypto_box_open_detached_afternm() failed\n"); } printf("%d\n", memcmp(m, m2, mlen)); sodium_free(alicepk); sodium_free(alicesk); sodium_free(bobpk); sodium_free(bobsk); sodium_free(mac); sodium_free(nonce); sodium_free(k1); sodium_free(k2); sodium_free(m); sodium_free(m2); sodium_free(c); printf("OK\n"); return 0; }
int main(void) { unsigned char *c; unsigned char *mac; size_t i; c = (unsigned char *) sodium_malloc(131 + crypto_secretbox_MACBYTES + 1); mac = (unsigned char *) sodium_malloc(crypto_secretbox_MACBYTES); assert(c != NULL && mac != NULL); crypto_secretbox_easy(c, m, 131, nonce, firstkey); for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) { printf(",0x%02x", (unsigned int)c[i]); if (i % 8 == 7) printf("\n"); } printf("\n"); crypto_secretbox_detached(c, mac, m, 131, nonce, firstkey); for (i = 0; i < crypto_secretbox_MACBYTES; ++i) { printf(",0x%02x", (unsigned int)mac[i]); if (i % 8 == 7) printf("\n"); } for (i = 0; i < 131; ++i) { printf(",0x%02x", (unsigned int)c[i]); if (i % 8 == 7) printf("\n"); } printf("\n"); /* Same test, with c and m overlapping */ memcpy(c + 1, m, 131); crypto_secretbox_easy(c, c + 1, 131, nonce, firstkey); for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) { printf(",0x%02x", (unsigned int)c[i]); if (i % 8 == 7) printf("\n"); } printf("\n"); memcpy(c, m, 131); crypto_secretbox_easy(c + 1, c, 131, nonce, firstkey); for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) { printf(",0x%02x", (unsigned int)c[i + 1]); if (i % 8 == 7) printf("\n"); } printf("\n"); memcpy(c, m, 131); crypto_secretbox_easy(c, c, 131, nonce, firstkey); for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) { printf(",0x%02x", (unsigned int)c[i]); if (i % 8 == 7) printf("\n"); } printf("\n"); assert(crypto_secretbox_easy(c, m, SIZE_MAX - 1U, nonce, firstkey) == -1); sodium_free(mac); sodium_free(c); return 0; }
static void tv3(void) { static struct { const char *passwd; const char *out; } tests[] = { { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg " "nrDFal+Jxl3,2`#^tFSu%v_+7iYse8-cCkNf!tD=KrW)", "$7$B6....1....75gBMAGwfFWZqBdyF3WdTQnWdUsuTiWjG1fF9c1jiSD$tc8RoB3." "Em3/zNgMLWo2u00oGIoTyJv4fl3Fl8Tix72" }, { "bl72h6#y<':MFRZ>B IA1=NRkCKS%W8`1I.2uQxJN0g)N N aTt^4K!Iw5r " "H6;crDsv^a55j9tsk'/GqweZn;cdk6+F_St6:#*=?ZCD_lw>.", "$7$A6....3....Iahc6qM0.UQJHVgE4h9oa1/" "4OWlWLm9CCtfguvz6bQD$QnXCo3M7nIqtry2WKsUZ5gQ.mY0wAlJu." "WUhtE8vF66" }, { "Py " ">e.5b+tLo@rL`dC2k@eJ&4eVl!W=JJ4+k&mAt@gt',FS1JjqKW3aq21:]^kna`" "mde7kVkN5NrpKUptu)@4*b&?BE_sJMG1=&@`3GBCV]Wg7xwgo7x3El", "$7$96..../....f6bEusKt79kK4wdYN0ki2nw4bJQ7P3rN6k3BSigsK/" "D$Dsvuw7vXj5xijmrb/NOhdgoyK/OiSIYv88cEtl9Cik7" }, { "2vj;Um]FKOL27oam(:Uo8+UmSTvb1FD*h?jk_,S=;RDgF-$Fjk?]9yvfxe@fN^!NN(" "Cuml?+2Raa", "$7$86....I....7XwIxLtCx4VphmFeUa6OGuGJrFaIaYzDiLNu/" "tyUPhD$U3q5GCEqCWxMwh.YQHDJrlg7FIZgViv9pcXE3h1vg61" }, { "CT=[9uUoGav,J`kU+348tA50ue#sL:ABZ3QgF+r[#vh:tTOiL>s8tv%,Jeo]jH/" "_4^i(*jD-_ku[9Ko[=86 06V", "$7$A6....2....R3.bjH6YS9wz9z8Jsj.3weGQ3J80ZZElGw2oVux1TP6$" "i5u6lFzXDHaIgYEICinLD6WNaovbiXP8SnLrDRdKgA9" }, { "J#wNn`hDgOpTHNI.w^1a70%f,.9V_m038H_JIJQln`vdWnn/" "rmILR?9H5g(+`;@H(2VosN9Fgk[WEjaBr'yB9Q19-imNa04[Mk5kvGcSn-TV", "$7$B6....1....Dj1y.4mF1J9XmT/6IDskYdCLaPFJTq9xcCwXQ1DpT92$92/" "hYfZLRq1nTLyIz.uc/dC6wLqwnsoqpkadrCXusm6" }, { "j4BS38Asa;p)[K+9TY!3YDj<LK-`nLVXQw9%*QfM", "$7$B6....1....5Ods8mojVwXJq4AywF/uI9BdMSiJ/zT8hQP/" "4cB68VC$nk4ExHNXJ802froj51/1wJTrSZvTIyyK7PecOxRRaz0" }, { "M.R>Qw+!qJb]>pP :_.9`dxM9k [eR7Y!yL-3)sNs[R,j_/^ " "TH=5ny'15>6UXWcQW^6D%XCsO[vN[%ReA-`tV1vW(Nt*0KVK#]45P_A", "$7$B6....1....D/" "eyk8N5y6Z8YVQEsw521cTx.9zzLuK7YDs1KMMh.o4$alfW8ZbsUWnXc." "vqon2zoljVk24Tt1.IsCuo2KurvS2" }, { "K3S=KyH#)36_?]LxeR8QNKw6X=gFb'ai$C%29V* " "tyh^Wo$TN-#Q4qkmtTCf0LLb.^E$0uykkP", "$7$B6....1....CuBuU97xgAage8whp/" "JNKobo0TFbsORGVbfcQIefyP8$aqalP." "XofGViB8EPLONqHma8vs1xc9uTIMYh9CgE.S8" }, { "Y0!?iQa9M%5ekffW(`", "$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, /* Invalid pwhash strings */ { "Y0!?iQa9M%5ekffW(`", "$7$A6....1....$TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "Y0!?iQa9M%5ekffW(`", "$7$.6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "Y0!?iQa9M%5ekffW(`", "$7$A.....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "Y0!?iQa9M%5ekffW(`", "$7$A6.........TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "Y0!?iQa9M%5ekffW(`", "$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i44269$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AH" }, { "Y0!?iQa9M%5ekffW(`", "$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx54269" }, { "Y0!?iQa9M%5ekffW(`", "$7^A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "Y0!?iQa9M%5ekffW(`", "$7$!6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "Y0!?iQa9M%5ekffW(`", "$7$A!....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "Y0!?iQa9M%5ekffW(`", "$7$A6....!....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "", "$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "Y0!?iQa9M%5ekffW(`", "$7fA6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4#" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "Y0!?iQa9M%5ekffW(`", "$7$AX....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "Y0!?iQa9M%5ekffW(`", "$7$A6....1!...TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "a4ik5hGDN7foMuHOW.cp.CtX01UyCeO0.JAG.AHPpx5" }, { "Y0!?iQa9M%5ekffW(`", "$7$A6....1" }, { "Y0!?iQa9M%5ekffW(`", "$7$" }, { "Y0!?iQa9M%5ekffW(`", "" }, { "Y0!?iQa9M%5ekffW(`", "$7$A6....1....TrXs5Zk6s8sWHpQgWDIXTR8kUU3s6Jc3s.DtdS8M2i4$" "" }, }; char *out; char *passwd; size_t i = 0U; do { out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); memcpy(out, tests[i].out, strlen(tests[i].out) + 1U); passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); if (crypto_pwhash_scryptsalsa208sha256_str_verify( out, passwd, strlen(passwd)) != 0) { printf("pwhash_str failure: [%u]\n", (unsigned int)i); } sodium_free(out); sodium_free(passwd); } while (++i < (sizeof tests) / (sizeof tests[0])); }
/* * Create a new set of master keys. * * Seed is optional, can be NULL. It can be of any length and doesn't * require to have high entropy. It will be used as entropy source * in addition to the OSs CPRNG. * * WARNING: Don't use Entropy from the OSs CPRNG as seed! */ return_status master_keys_create( master_keys ** const keys, //output const buffer_t * const seed, buffer_t * const public_signing_key, //output, optional, can be NULL buffer_t * const public_identity_key //output, optional, can be NULL ) { return_status status = return_status_init(); //seeds buffer_t *crypto_seeds = NULL; if (keys == NULL) { throw(INVALID_INPUT, "Invalid input for master_keys_create."); } *keys = sodium_malloc(sizeof(master_keys)); throw_on_failed_alloc(*keys); //initialize the buffers buffer_init_with_pointer((*keys)->public_signing_key, (*keys)->public_signing_key_storage, PUBLIC_MASTER_KEY_SIZE, PUBLIC_MASTER_KEY_SIZE); buffer_init_with_pointer((*keys)->private_signing_key, (*keys)->private_signing_key_storage, PRIVATE_MASTER_KEY_SIZE, PRIVATE_MASTER_KEY_SIZE); buffer_init_with_pointer((*keys)->public_identity_key, (*keys)->public_identity_key_storage, PUBLIC_KEY_SIZE, PUBLIC_KEY_SIZE); buffer_init_with_pointer((*keys)->private_identity_key, (*keys)->private_identity_key_storage, PRIVATE_KEY_SIZE, PRIVATE_KEY_SIZE); if (seed != NULL) { //use external seed //create the seed buffer crypto_seeds = buffer_create_with_custom_allocator( crypto_sign_SEEDBYTES + crypto_box_SEEDBYTES, crypto_sign_SEEDBYTES + crypto_box_SEEDBYTES, sodium_malloc, sodium_free); throw_on_failed_alloc(crypto_seeds); status = spiced_random(crypto_seeds, seed, crypto_seeds->buffer_length); throw_on_error(GENERIC_ERROR, "Failed to create spiced random data."); //generate the signing keypair int status_int = 0; status_int = crypto_sign_seed_keypair( (*keys)->public_signing_key->content, (*keys)->private_signing_key_storage, crypto_seeds->content); if (status_int != 0) { throw(KEYGENERATION_FAILED, "Failed to generate signing keypair."); } //generate the identity keypair status_int = crypto_box_seed_keypair( (*keys)->public_identity_key->content, (*keys)->private_identity_key->content, crypto_seeds->content + crypto_sign_SEEDBYTES); if (status_int != 0) { throw(KEYGENERATION_FAILED, "Failed to generate encryption keypair."); } } else { //don't use external seed //generate the signing keypair int status_int = 0; status_int = crypto_sign_keypair( (*keys)->public_signing_key->content, (*keys)->private_signing_key->content); if (status_int != 0) { throw(KEYGENERATION_FAILED, "Failed to generate signing keypair."); } //generate the identity keypair status_int = crypto_box_keypair( (*keys)->public_identity_key->content, (*keys)->private_identity_key->content); if (status_int != 0) { throw(KEYGENERATION_FAILED, "Failed to generate encryption keypair."); } } //copy the public keys if requested if (public_signing_key != NULL) { if (public_signing_key->buffer_length < PUBLIC_MASTER_KEY_SIZE) { public_signing_key->content_length = 0; throw(INCORRECT_BUFFER_SIZE, "Public master key buffer is too short."); } if (buffer_clone(public_signing_key, (*keys)->public_signing_key) != 0) { throw(BUFFER_ERROR, "Failed to copy public signing key."); } } if (public_identity_key != NULL) { if (public_identity_key->buffer_length < PUBLIC_KEY_SIZE) { public_identity_key->content_length = 0; throw(INCORRECT_BUFFER_SIZE, "Public encryption key buffer is too short."); } if (buffer_clone(public_identity_key, (*keys)->public_identity_key) != 0) { throw(BUFFER_ERROR, "Failed to copy public encryption key."); } } cleanup: buffer_destroy_with_custom_deallocator_and_null_if_valid(crypto_seeds, sodium_free); on_error { if (keys != NULL) { sodium_free_and_null_if_valid(*keys); } return status; } if ((keys != NULL) && (*keys != NULL)) { sodium_mprotect_noaccess(*keys); } return status; }
static void tv_ietf(void) { static struct { const char *key_hex; const char *nonce_hex; uint32_t ic; } tests[] = { { "0000000000000000000000000000000000000000000000000000000000000000", "000000000000000000000000", 0U }, { "0000000000000000000000000000000000000000000000000000000000000000", "000000000000000000000000", 1U }, { "0000000000000000000000000000000000000000000000000000000000000001", "000000000000000000000000", 1U }, { "00ff000000000000000000000000000000000000000000000000000000000000", "000000000000000000000000", 2U }, { "0000000000000000000000000000000000000000000000000000000000000000", "000000000000000000000002", 0U }, { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "000000090000004a00000000", 1U }}; unsigned char key[crypto_stream_chacha20_KEYBYTES]; unsigned char nonce[crypto_stream_chacha20_IETF_NONCEBYTES]; unsigned char *part; unsigned char out[160]; unsigned char zero[160]; char out_hex[160 * 2 + 1]; size_t i = 0U; size_t plen; memset(zero, 0, sizeof zero); do { sodium_hex2bin((unsigned char *)key, sizeof key, tests[i].key_hex, strlen(tests[i].key_hex), ": ", NULL, NULL); sodium_hex2bin(nonce, sizeof nonce, tests[i].nonce_hex, strlen(tests[i].nonce_hex), ": ", NULL, NULL); memset(out, 0, sizeof out); crypto_stream_chacha20_ietf_xor_ic(out, out, sizeof out, nonce, tests[i].ic, key); sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out); printf("[%s]\n", out_hex); for (plen = 1U; plen < sizeof out; plen++) { part = (unsigned char *) sodium_malloc(plen); crypto_stream_chacha20_ietf_xor_ic(part, out, plen, nonce, tests[i].ic, key); if (memcmp(part, zero, plen) != 0) { printf("Failed with length %lu\n", (unsigned long) plen); } sodium_free(part); } } while (++i < (sizeof tests) / (sizeof tests[0])); randombytes_buf(out, sizeof out); crypto_stream_chacha20_ietf(out, sizeof out, nonce, key); sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out); printf("[%s]\n", out_hex); assert(crypto_stream_chacha20_ietf(out, 0U, nonce, key) == 0); assert(crypto_stream_chacha20_ietf_xor(out, out, 0U, nonce, key) == 0); assert(crypto_stream_chacha20_ietf_xor(out, out, 0U, nonce, key) == 0); assert(crypto_stream_chacha20_ietf_xor_ic(out, out, 0U, nonce, 1U, key) == 0); memset(out, 0x42, sizeof out); crypto_stream_chacha20_ietf_xor(out, out, sizeof out, nonce, key); sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out); printf("[%s]\n", out_hex); crypto_stream_chacha20_ietf_xor_ic(out, out, sizeof out, nonce, 0U, key); sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out); printf("[%s]\n", out_hex); crypto_stream_chacha20_ietf_xor_ic(out, out, sizeof out, nonce, 1U, key); sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out); printf("[%s]\n", out_hex); };
int main(void) { unsigned char *v16, *v16x; unsigned char *v32, *v32x; unsigned char *v64, *v64x; uint32_t r; uint8_t o; int i; v16 = (unsigned char *) sodium_malloc(16); v16x = (unsigned char *) sodium_malloc(16); v32 = (unsigned char *) sodium_malloc(32); v32x = (unsigned char *) sodium_malloc(32); v64 = (unsigned char *) sodium_malloc(64); v64x = (unsigned char *) sodium_malloc(64); for (i = 0; i < 10000; i++) { randombytes_buf(v16, 16); randombytes_buf(v32, 32); randombytes_buf(v64, 64); memcpy(v16x, v16, 16); memcpy(v32x, v32, 32); memcpy(v64x, v64, 64); if (crypto_verify_16(v16, v16x) != 0 || crypto_verify_32(v32, v32x) != 0 || crypto_verify_64(v64, v64x) != 0 || sodium_memcmp(v16, v16x, 16) != 0 || sodium_memcmp(v32, v32x, 32) != 0 || sodium_memcmp(v64, v64x, 64) != 0) { printf("Failed\n"); } } printf("OK\n"); for (i = 0; i < 100000; i++) { r = randombytes_random(); o = (uint8_t) randombytes_random(); if (o == 0) { continue; } v16x[r & 15U] ^= o; v32x[r & 31U] ^= o; v64x[r & 63U] ^= o; if (crypto_verify_16(v16, v16x) != -1 || crypto_verify_32(v32, v32x) != -1 || crypto_verify_64(v64, v64x) != -1 || sodium_memcmp(v16, v16x, 16) != -1 || sodium_memcmp(v32, v32x, 32) != -1 || sodium_memcmp(v64, v64x, 64) != -1) { printf("Failed\n"); } v16x[r & 15U] ^= o; v32x[r & 31U] ^= o; v64x[r & 63U] ^= o; } printf("OK\n"); assert(crypto_verify_16_bytes() == 16U); assert(crypto_verify_32_bytes() == 32U); assert(crypto_verify_64_bytes() == 64U); sodium_free(v16); sodium_free(v16x); sodium_free(v32); sodium_free(v32x); sodium_free(v64); sodium_free(v64x); return 0; }
int main(void) { unsigned char *n, *p, *q, *q2; n = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES); p = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES); q = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES); q2 = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_BYTES); randombytes_buf(n, crypto_scalarmult_ed25519_SCALARBYTES); if (crypto_scalarmult_ed25519_base(q, n) != 0) { printf("crypto_scalarmult_ed25519_base() failed\n"); } memcpy(p, B, crypto_scalarmult_ed25519_BYTES); if (crypto_scalarmult_ed25519(q2, n, p) != 0) { printf("crypto_scalarmult_ed25519() failed\n"); } if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) { printf("crypto_scalarmult_ed25519_base(n) != crypto_scalarmult_ed25519(n, 9)\n"); } memset(n, 0, crypto_scalarmult_ed25519_SCALARBYTES); if (crypto_scalarmult_ed25519_base(q, n) != -1) { printf("crypto_scalarmult_ed25519_base(0) passed\n"); } if (crypto_scalarmult_ed25519(q2, n, p) != -1) { printf("crypto_scalarmult_ed25519(0) passed\n"); } if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != -1) { printf("crypto_scalarmult_ed25519_noclamp(0) passed\n"); } n[0] = 1; if (crypto_scalarmult_ed25519_base(q, n) != 0) { printf("crypto_scalarmult_ed25519_base() failed\n"); } if (crypto_scalarmult_ed25519(q2, n, p) != 0) { printf("crypto_scalarmult_ed25519() failed\n"); } if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) { printf("crypto_scalarmult_ed25519_noclamp() failed\n"); } if (crypto_scalarmult_ed25519(q, n, non_canonical_p) != -1) { printf("crypto_scalarmult_ed25519() didn't fail\n"); } if (crypto_scalarmult_ed25519(q, n, non_canonical_invalid_p) != -1) { printf("crypto_scalarmult_ed25519() didn't fail\n"); } if (crypto_scalarmult_ed25519(q, n, max_canonical_p) != 0) { printf("crypto_scalarmult_ed25519() failed\n"); } n[0] = 9; if (crypto_scalarmult_ed25519(q, n, p) != 0) { printf("crypto_scalarmult_ed25519() failed\n"); } if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) { printf("crypto_scalarmult_ed25519_noclamp() failed\n"); } if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) == 0) { printf("clamping not applied\n"); } n[0] = 8; n[31] = 64; if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) { printf("crypto_scalarmult_ed25519_noclamp() failed\n"); } if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) { printf("inconsistent clamping\n"); } memset(p, 0, crypto_scalarmult_ed25519_BYTES); if (crypto_scalarmult_ed25519(q, n, p) != -1) { printf("crypto_scalarmult_ed25519() didn't fail\n"); } if (crypto_scalarmult_ed25519_noclamp(q, n, p) != -1) { printf("crypto_scalarmult_ed25519_noclamp() didn't fail\n"); } n[0] = 8; if (crypto_scalarmult_ed25519(q, n, p) != -1) { printf("crypto_scalarmult_ed25519() didn't fail\n"); } if (crypto_scalarmult_ed25519_noclamp(q, n, p) != -1) { printf("crypto_scalarmult_ed25519_noclamp() didn't fail\n"); } sodium_free(q2); sodium_free(q); sodium_free(p); sodium_free(n); assert(crypto_scalarmult_ed25519_BYTES == crypto_scalarmult_ed25519_bytes()); assert(crypto_scalarmult_ed25519_SCALARBYTES == crypto_scalarmult_ed25519_scalarbytes()); printf("OK\n"); return 0; }
static void tv_box_xchacha20poly1305(void) { char hex[65]; unsigned char *pk; unsigned char *sk; unsigned char *m; unsigned char *m2; unsigned char *mac; unsigned char *nonce; unsigned char *out; unsigned char *pc; unsigned char *seed; size_t m_len; int i; pk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); sk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES); nonce = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_NONCEBYTES); mac = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_MACBYTES); pc = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES); for (i = 0; i < 10; i++) { m_len = (i == 0) ? 0 : randombytes_uniform(150); m = (unsigned char *) sodium_malloc(m_len); m2 = (unsigned char *) sodium_malloc(m_len); out = (unsigned char *) sodium_malloc (crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len); randombytes_buf(nonce, crypto_box_curve25519xchacha20poly1305_NONCEBYTES); randombytes_buf(m, m_len); assert(crypto_box_curve25519xchacha20poly1305_keypair(pk, sk) == 0); assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, m_len, nonce, pk, sk) == 0); assert(crypto_box_curve25519xchacha20poly1305_open_easy (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len, nonce, pk, sk) == 0); assert(memcmp(m2, m, m_len) == 0); sodium_free(out); out = (unsigned char *) sodium_malloc (crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len); assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, pk, sk) == 0); assert(crypto_box_curve25519xchacha20poly1305_easy_afternm (out, m, m_len, nonce, pc) == 0); assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len, nonce, pc) == 0); assert(memcmp(m2, m, m_len) == 0); sodium_free(out); out = (unsigned char *) sodium_malloc(m_len); assert(crypto_box_curve25519xchacha20poly1305_detached(out, mac, m, m_len, nonce, pk, sk) == 0); assert(crypto_box_curve25519xchacha20poly1305_open_detached (m2, out, mac, m_len, nonce, pk, sk) == 0); sodium_free(out); out = (unsigned char *) sodium_malloc(m_len); assert(crypto_box_curve25519xchacha20poly1305_detached_afternm (out, mac, m, m_len, nonce, pc) == 0); assert(crypto_box_curve25519xchacha20poly1305_open_detached_afternm (m2, out, mac, m_len, nonce, pc) == 0); sodium_free(out); sodium_free(m2); sodium_free(m); } sodium_free(pc); sodium_free(mac); sodium_free(nonce); seed = (unsigned char *) sodium_malloc (crypto_box_curve25519xchacha20poly1305_SEEDBYTES); for (i = 0; i < crypto_box_curve25519xchacha20poly1305_SEEDBYTES; i++) { seed[i] = i; } crypto_box_curve25519xchacha20poly1305_seed_keypair(pk, sk, seed); sodium_bin2hex(hex, sizeof hex, pk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); assert(strcmp(hex, "4701d08488451f545a409fb58ae3e58581ca40ac3f7f114698cd71deac73ca01") == 0); sodium_bin2hex(hex, sizeof hex, sk, crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES); assert(strcmp(hex, "3d94eea49c580aef816935762be049559d6d1440dede12e6a125f1841fff8e6f") == 0); sodium_free(seed); sodium_free(sk); sodium_free(pk); assert(crypto_box_curve25519xchacha20poly1305_seedbytes() == crypto_box_curve25519xchacha20poly1305_SEEDBYTES); assert(crypto_box_curve25519xchacha20poly1305_publickeybytes() == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES); assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES); assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES); printf("tv_box_xchacha20poly1305: ok\n"); }
static void tv_kx(void) { unsigned char *seed; unsigned char *client_pk, *client_sk; unsigned char *client_rx, *client_tx; unsigned char *server_pk, *server_sk; unsigned char *server_rx, *server_tx; char hex[65]; int i; seed = (unsigned char *) sodium_malloc(crypto_kx_SEEDBYTES); for (i = 0; i < crypto_kx_SEEDBYTES; i++) { seed[i] = (unsigned char) i; } client_pk = (unsigned char *) sodium_malloc(crypto_kx_PUBLICKEYBYTES); client_sk = (unsigned char *) sodium_malloc(crypto_kx_SECRETKEYBYTES); crypto_kx_seed_keypair(client_pk, client_sk, seed); sodium_bin2hex(hex, sizeof hex, client_pk, crypto_kx_PUBLICKEYBYTES); printf("client_pk: [%s]\n", hex); sodium_bin2hex(hex, sizeof hex, client_sk, crypto_kx_SECRETKEYBYTES); printf("client_sk: [%s]\n", hex); server_pk = (unsigned char *) sodium_malloc(crypto_kx_PUBLICKEYBYTES); server_sk = (unsigned char *) sodium_malloc(crypto_kx_SECRETKEYBYTES); crypto_kx_keypair(server_pk, server_sk); client_rx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES); client_tx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES); assert(crypto_kx_client_session_keys(client_rx, client_tx, client_pk, client_sk, small_order_p) == -1); if (crypto_kx_client_session_keys(client_rx, client_tx, client_pk, client_sk, server_pk) != 0) { printf("crypto_kx_client_session_keys() failed\n"); } server_rx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES); server_tx = (unsigned char *) sodium_malloc(crypto_kx_SESSIONKEYBYTES); assert(crypto_kx_server_session_keys(server_rx, server_tx, server_pk, server_sk, small_order_p) == -1); if (crypto_kx_server_session_keys(server_rx, server_tx, server_pk, server_sk, client_pk) != 0) { printf("crypto_kx_server_session_keys() failed\n"); } if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) != 0 || memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) != 0) { printf("client session keys != server session keys\n"); } sodium_increment(client_pk, crypto_kx_PUBLICKEYBYTES); if (crypto_kx_server_session_keys(server_rx, server_tx, server_pk, server_sk, client_pk) != 0) { printf("crypto_kx_server_session_keys() failed\n"); } if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0 && memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) == 0) { printf("peer's public key is ignored\n"); } crypto_kx_keypair(client_pk, client_sk); if (crypto_kx_server_session_keys(server_rx, server_tx, server_pk, server_sk, client_pk) != 0) { printf("crypto_kx_server_session_keys() failed\n"); } if (memcmp(server_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0 || memcmp(server_tx, client_rx, crypto_kx_SESSIONKEYBYTES) == 0) { printf("session keys are constant\n"); } crypto_kx_seed_keypair(client_pk, client_sk, seed); sodium_increment(seed, crypto_kx_SEEDBYTES); crypto_kx_seed_keypair(server_pk, server_sk, seed); if (crypto_kx_server_session_keys(server_rx, server_tx, server_pk, server_sk, client_pk) != 0) { printf("crypto_kx_server_session_keys() failed\n"); } sodium_bin2hex(hex, sizeof hex, server_rx, crypto_kx_SESSIONKEYBYTES); printf("server_rx: [%s]\n", hex); sodium_bin2hex(hex, sizeof hex, server_tx, crypto_kx_SESSIONKEYBYTES); printf("server_tx: [%s]\n", hex); if (crypto_kx_client_session_keys(client_rx, client_tx, client_pk, client_sk, server_pk) != 0) { printf("crypto_kx_client_session_keys() failed\n"); } sodium_bin2hex(hex, sizeof hex, client_rx, crypto_kx_SESSIONKEYBYTES); printf("client_rx: [%s]\n", hex); sodium_bin2hex(hex, sizeof hex, client_tx, crypto_kx_SESSIONKEYBYTES); printf("client_tx: [%s]\n", hex); randombytes_buf(client_rx, crypto_kx_SESSIONKEYBYTES); randombytes_buf(client_tx, crypto_kx_SESSIONKEYBYTES); randombytes_buf(server_rx, crypto_kx_SESSIONKEYBYTES); randombytes_buf(server_tx, crypto_kx_SESSIONKEYBYTES); if (crypto_kx_client_session_keys(client_rx, NULL, client_pk, client_sk, server_pk) != 0 || crypto_kx_client_session_keys(NULL, client_tx, client_pk, client_sk, server_pk) != 0 || crypto_kx_server_session_keys(server_rx, NULL, server_pk, server_sk, client_pk) != 0 || crypto_kx_server_session_keys(NULL, server_tx, server_pk, server_sk, client_pk) != 0) { printf("failure when one of the pointers happens to be NULL"); } assert(memcmp(client_rx, client_tx, crypto_kx_SESSIONKEYBYTES) == 0); assert(memcmp(client_tx, server_rx, crypto_kx_SESSIONKEYBYTES) == 0); assert(memcmp(server_rx, server_tx, crypto_kx_SESSIONKEYBYTES) == 0); sodium_free(client_rx); sodium_free(client_tx); sodium_free(server_rx); sodium_free(server_tx); sodium_free(server_sk); sodium_free(server_pk); sodium_free(client_sk); sodium_free(client_pk); sodium_free(seed); assert(strcmp(crypto_kx_primitive(), crypto_kx_PRIMITIVE) == 0); assert(crypto_kx_publickeybytes() == crypto_kx_PUBLICKEYBYTES); assert(crypto_kx_secretkeybytes() == crypto_kx_SECRETKEYBYTES); assert(crypto_kx_seedbytes() == crypto_kx_SEEDBYTES); assert(crypto_kx_sessionkeybytes() == crypto_kx_SESSIONKEYBYTES); printf("tv_kx: ok\n"); }
static void tv_stream_xchacha20(void) { static const XChaCha20TV tvs[] = { { "79c99798ac67300bbb2704c95c341e3245f3dcb21761b98e52ff45b24f304fc4", "b33ffd3096479bcfbc9aee49417688a0a2554f8d95389419", "c6e9758160083ac604ef90e712ce6e75d7797590744e0cf060f013739c" }, { "ddf7784fee099612c40700862189d0397fcc4cc4b3cc02b5456b3a97d1186173", "a9a04491e7bf00c3ca91ac7c2d38a777d88993a7047dfcc4", "2f289d371f6f0abc3cb60d11d9b7b29adf6bc5ad843e8493e928448d" }, { "3d12800e7b014e88d68a73f0a95b04b435719936feba60473f02a9e61ae60682", "56bed2599eac99fb27ebf4ffcb770a64772dec4d5849ea2d", "a2c3c1406f33c054a92760a8e0666b84f84fa3a618f0" }, { "5f5763ff9a30c95da5c9f2a8dfd7cc6efd9dfb431812c075aa3e4f32e04f53e4", "a5fa890efa3b9a034d377926ce0e08ee6d7faccaee41b771", "8a1a5ba898bdbcff602b1036e469a18a5e45789d0e8d9837d81a2388a52b0b6a0f51891528f424c4a7f492a8dd7bce8bac19fbdbe1fb379ac0" }, { "eadc0e27f77113b5241f8ca9d6f9a5e7f09eee68d8a5cf30700563bf01060b4e", "a171a4ef3fde7c4794c5b86170dc5a099b478f1b852f7b64", "23839f61795c3cdbcee2c749a92543baeeea3cbb721402aa42e6cae140447575f2916c5d71108e3b13357eaf86f060cb" }, { "91319c9545c7c804ba6b712e22294c386fe31c4ff3d278827637b959d3dbaab2", "410e854b2a911f174aaf1a56540fc3855851f41c65967a4e", "cbe7d24177119b7fdfa8b06ee04dade4256ba7d35ffda6b89f014e479faef6" }, { "6a6d3f412fc86c4450fc31f89f64ed46baa3256ffcf8616e8c23a06c422842b6", "6b7773fce3c2546a5db4829f53a9165f41b08faae2fb72d5", "8b23e35b3cdd5f3f75525fc37960ec2b68918e8c046d8a832b9838f1546be662e54feb1203e2" }, { "d45e56368ebc7ba9be7c55cfd2da0feb633c1d86cab67cd5627514fd20c2b391", "fd37da2db31e0c738754463edadc7dafb0833bd45da497fc", "47950efa8217e3dec437454bd6b6a80a287e2570f0a48b3fa1ea3eb868be3d486f6516606d85e5643becc473b370871ab9ef8e2a728f73b92bd98e6e26ea7c8ff96ec5a9e8de95e1eee9300c" }, { "aface41a64a9a40cbc604d42bd363523bd762eb717f3e08fe2e0b4611eb4dcf3", "6906e0383b895ab9f1cf3803f42f27c79ad47b681c552c63", "a5fa7c0190792ee17675d52ad7570f1fb0892239c76d6e802c26b5b3544d13151e67513b8aaa1ac5af2d7fd0d5e4216964324838" }, { "9d23bd4149cb979ccf3c5c94dd217e9808cb0e50cd0f67812235eaaf601d6232", "c047548266b7c370d33566a2425cbf30d82d1eaf5294109e", "a21209096594de8c5667b1d13ad93f744106d054df210e4782cd396fec692d3515a20bf351eec011a92c367888bc464c32f0807acd6c203a247e0db854148468e9f96bee4cf718d68d5f637cbd5a376457788e6fae90fc31097cfc" }, }; const XChaCha20TV *tv; char *hex; unsigned char *key; unsigned char *nonce; unsigned char *out; unsigned char *out2; size_t out_len; int i; key = (unsigned char *) sodium_malloc(crypto_stream_xchacha20_KEYBYTES); nonce = (unsigned char *) sodium_malloc(crypto_stream_xchacha20_NONCEBYTES); out = (unsigned char *) sodium_malloc(XCHACHA20_OUT_MAX); for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) { tv = &tvs[i]; sodium_hex2bin(key, crypto_stream_xchacha20_KEYBYTES, tv->key, strlen(tv->key), NULL, NULL, NULL); sodium_hex2bin(nonce, crypto_stream_xchacha20_NONCEBYTES, tv->nonce, strlen(tv->nonce), NULL, NULL, NULL); sodium_hex2bin(out, XCHACHA20_OUT_MAX, tv->out, strlen(tv->out), NULL, &out_len, NULL); out2 = (unsigned char *) sodium_malloc(out_len); crypto_stream_xchacha20(out2, out_len, nonce, key); assert(memcmp(out, out2, out_len) == 0); crypto_stream_xchacha20_xor(out2, out, out_len, nonce, key); assert(sodium_is_zero(out2, out_len)); crypto_stream_xchacha20_xor_ic(out2, out, out_len, nonce, 0, key); assert(sodium_is_zero(out2, out_len)); crypto_stream_xchacha20_xor_ic(out2, out, out_len, nonce, 1, key); assert(!sodium_is_zero(out2, out_len)); crypto_stream_xchacha20_xor(out, out, out_len, nonce, key); assert(sodium_is_zero(out, out_len)); sodium_free(out2); } out2 = (unsigned char *) sodium_malloc(0); crypto_stream_xchacha20(out2, 0, nonce, key); crypto_stream_xchacha20_xor(out2, out2, 0, nonce, key); crypto_stream_xchacha20_xor_ic(out2, out2, 0, nonce, 1, key); sodium_free(out2); sodium_free(out); out = (unsigned char *) sodium_malloc(64); out2 = (unsigned char *) sodium_malloc(128); randombytes_buf(out, 64); randombytes_buf(out2, 64); memcpy(out2 + 64, out, 64); crypto_stream_xchacha20_xor_ic(out, out, 64, nonce, 1, key); crypto_stream_xchacha20_xor(out2, out2, 128, nonce, key); assert(memcmp(out, out2 + 64, 64) == 0); sodium_free(out); sodium_free(out2); out = (unsigned char *) sodium_malloc(192); out2 = (unsigned char *) sodium_malloc(192); memset(out, 0, 192); memset(out2, 0, 192); crypto_stream_xchacha20_xor_ic(out2, out2, 192, nonce, (1ULL << 32) - 1ULL, key); crypto_stream_xchacha20_xor_ic(out, out, 64, nonce, (1ULL << 32) - 1ULL, key); crypto_stream_xchacha20_xor_ic(out + 64, out + 64, 64, nonce, (1ULL << 32), key); crypto_stream_xchacha20_xor_ic(out + 128, out + 128, 64, nonce, (1ULL << 32) + 1, key); assert(memcmp(out, out2, 192) == 0); hex = (char *) sodium_malloc(192 * 2 + 1); sodium_bin2hex(hex, 192 * 2 + 1, out, 192); printf("%s\n", hex); sodium_free(hex); sodium_free(out); sodium_free(out2); sodium_free(nonce); sodium_free(key); assert(crypto_stream_xchacha20_keybytes() == crypto_stream_xchacha20_KEYBYTES); assert(crypto_stream_xchacha20_noncebytes() == crypto_stream_xchacha20_NONCEBYTES); printf("tv_stream_xchacha20: ok\n"); }
static void str_tests(void) { char *str_out; char *str_out2; char *salt; const char *passwd = "Correct Horse Battery Staple"; salt = (char *) sodium_malloc(crypto_pwhash_SALTBYTES); str_out = (char *) sodium_malloc(crypto_pwhash_STRBYTES); str_out2 = (char *) sodium_malloc(crypto_pwhash_STRBYTES); memcpy(salt, ">A 16-bytes salt", crypto_pwhash_SALTBYTES); if (crypto_pwhash_argon2i_str(str_out, passwd, strlen(passwd), OPSLIMIT, MEMLIMIT) != 0) { printf("pwhash_argon2i_str failure\n"); } if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), OPSLIMIT, MEMLIMIT) != 0) { printf("pwhash_argon2i_str(2) failure\n"); } if (strcmp(str_out, str_out2) == 0) { printf("pwhash_argon2i_str() doesn't generate different salts\n"); } if (crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0) { printf("needs_rehash() false positive\n"); } if (crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 || crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) != 1 || crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 || crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT * 2, MEMLIMIT) != 1) { printf("needs_rehash() false negative\n"); } if (crypto_pwhash_argon2i_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) { printf("needs_rehash() didn't fail with an invalid hash string\n"); } if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out), crypto_pwhash_STRBYTES - strlen(str_out)) != 1 || sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2), crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) { printf("pwhash_str() doesn't properly pad with zeros\n"); } if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != 0) { printf("pwhash_str_verify(1) failure\n"); } str_out[14]++; if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != -1) { printf("pwhash_str_verify(2) failure\n"); } str_out[14]--; assert(str_out[crypto_pwhash_STRBYTES - 1U] == 0); if (crypto_pwhash_argon2i_str(str_out2, passwd, 0x100000000ULL, OPSLIMIT, MEMLIMIT) != -1) { printf("pwhash_str() with a large password should have failed\n"); } if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) != -1) { printf("pwhash_str() with a small opslimit should have failed\n"); } if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", "password", 0x100000000ULL) != -1) { printf("pwhash_str_verify(invalid(0)) failure\n"); } if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", "password", strlen("password")) != -1) { printf("pwhash_str_verify(invalid(1)) failure %d\n", errno); } if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", "password", strlen("password")) != -1) { printf("pwhash_str_verify(invalid(2)) failure\n"); } if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" "$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo", "password", strlen("password")) != -1) { printf("pwhash_str_verify(invalid(3)) failure\n"); } if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1c29tZXNhbHQ" "$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", "password", strlen("password")) != -1) { printf("pwhash_str_verify(invalid(4)) failure\n"); } if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" "wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", "password", strlen("password")) != -1) { printf("pwhash_str_verify(invalid(5)) failure\n"); } if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" "$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM", "password", strlen("password")) != -1) { printf("pwhash_str_verify(invalid(6)) failure\n"); } if (crypto_pwhash_str_verify( "$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", "password", strlen("password")) != 0) { printf("pwhash_str_verify(valid(7)) failure\n"); } if (crypto_pwhash_str_verify( "$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", "passwore", strlen("passwore")) != -1 || errno != EINVAL) { printf("pwhash_str_verify(invalid(7)) failure\n"); } if (crypto_pwhash_str_verify( "$Argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", "password", strlen("password")) != -1 || errno != EINVAL) { printf("pwhash_str_verify(invalid(8)) failure\n"); } if (crypto_pwhash_str_verify( "$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", "password", strlen("password")) != -1 || errno != EINVAL) { printf("pwhash_str_verify(invalid(9)) failure\n"); } if (crypto_pwhash_str_verify( "$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVla~=mRpc29kaXNrdw" "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", "password", strlen("password")) != -1 || errno != EINVAL) { printf("pwhash_str_verify(invalid(10)) failure\n"); } if (crypto_pwhash_str_verify( "$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" "$TNnWIwlu1061JHrnCqIAmjs3huSxYI~=U+0jWipu7Kc9M", "password", strlen("password")) != -1 || errno != EINVAL) { printf("pwhash_str_verify(invalid(11)) failure\n"); } assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT, crypto_pwhash_ALG_ARGON2I13) == 0); assert(crypto_pwhash_argon2i_str_verify(str_out, "test", 4) == 0); assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) == 0); assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) == 1); assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) == 1); assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == 1); assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == -1); assert(crypto_pwhash_argon2i_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) == -1); assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == -1); assert(crypto_pwhash_argon2id_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1); assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT, crypto_pwhash_ALG_ARGON2ID13) == 0); assert(crypto_pwhash_argon2id_str_verify(str_out, "test", 4) == 0); assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) == 0); assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) == 1); assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) == 1); assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == 1); assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == -1); assert(crypto_pwhash_argon2id_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1); assert(crypto_pwhash_argon2id_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) == -1); sodium_free(salt); sodium_free(str_out); sodium_free(str_out2); }