xref: /freebsd/sys/contrib/libsodium/test/default/aead_xchacha20poly1305.c (revision a03411e84728e9b267056fd31c7d1d9d1dc1b01e)
1 
2 #define TEST_NAME "aead_xchacha20poly1305"
3 #include "cmptest.h"
4 
5 static int
6 tv(void)
7 {
8 #undef  MLEN
9 #define MLEN 114U
10 #undef  ADLEN
11 #define ADLEN 12U
12 #undef  CLEN
13 #define CLEN (MLEN + crypto_aead_xchacha20poly1305_ietf_ABYTES)
14     static const unsigned char firstkey[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]
15         = {
16             0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
17             0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
18             0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
19             0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
20         };
21 #undef  MESSAGE
22 #define MESSAGE "Ladies and Gentlemen of the class of '99: If I could offer you " \
23 "only one tip for the future, sunscreen would be it."
24     unsigned char *m = (unsigned char *) sodium_malloc(MLEN);
25     static const unsigned char nonce[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES]
26         = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
27             0x48, 0x49, 0x4a, 0x4b };
28     static const unsigned char ad[ADLEN]
29         = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
30     unsigned char *c = (unsigned char *) sodium_malloc(CLEN);
31     unsigned char *detached_c = (unsigned char *) sodium_malloc(MLEN);
32     unsigned char *key2 = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_KEYBYTES);
33     unsigned char *mac = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_ABYTES);
34     unsigned char *m2 = (unsigned char *) sodium_malloc(MLEN);
35     unsigned long long found_clen;
36     unsigned long long found_maclen;
37     unsigned long long m2len;
38     size_t i;
39 
40     assert(sizeof MESSAGE - 1U == MLEN);
41     memcpy(m, MESSAGE, MLEN);
42     crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN,
43                                                ad, ADLEN,
44                                                NULL, nonce, firstkey);
45     if (found_clen != MLEN + crypto_aead_xchacha20poly1305_ietf_abytes()) {
46         printf("found_clen is not properly set\n");
47     }
48     for (i = 0U; i < CLEN; ++i) {
49         printf(",0x%02x", (unsigned int) c[i]);
50         if (i % 8 == 7) {
51             printf("\n");
52         }
53     }
54     printf("\n");
55     crypto_aead_xchacha20poly1305_ietf_encrypt_detached(detached_c,
56                                                         mac, &found_maclen,
57                                                         m, MLEN,
58                                                         ad, ADLEN,
59                                                         NULL, nonce, firstkey);
60     if (found_maclen != crypto_aead_xchacha20poly1305_ietf_abytes()) {
61         printf("found_maclen is not properly set\n");
62     }
63     if (memcmp(detached_c, c, MLEN) != 0) {
64         printf("detached ciphertext is bogus\n");
65     }
66 
67     if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN, ad,
68                                                    ADLEN, nonce, firstkey) != 0) {
69         printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed\n");
70     }
71     if (m2len != MLEN) {
72         printf("m2len is not properly set\n");
73     }
74     if (memcmp(m, m2, MLEN) != 0) {
75         printf("m != m2\n");
76     }
77     memset(m2, 0, m2len);
78     if (crypto_aead_xchacha20poly1305_ietf_decrypt_detached(m2, NULL,
79                                                             c, MLEN, mac,
80                                                             ad, ADLEN,
81                                                             nonce, firstkey) != 0) {
82         printf("crypto_aead_xchacha20poly1305_ietf_decrypt_detached() failed\n");
83     }
84     if (memcmp(m, m2, MLEN) != 0) {
85         printf("detached m != m2\n");
86     }
87 
88     for (i = 0U; i < CLEN; i++) {
89         c[i] ^= (i + 1U);
90         if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, NULL, NULL, c, CLEN,
91                                                        ad, ADLEN, nonce, firstkey)
92             == 0 || memcmp(m, m2, MLEN) == 0) {
93             printf("message can be forged\n");
94         }
95         c[i] ^= (i + 1U);
96     }
97     crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN,
98                                                NULL, 0U, NULL, nonce, firstkey);
99     if (found_clen != CLEN) {
100         printf("clen is not properly set (adlen=0)\n");
101     }
102     for (i = 0U; i < CLEN; ++i) {
103         printf(",0x%02x", (unsigned int) c[i]);
104         if (i % 8 == 7) {
105             printf("\n");
106         }
107     }
108     printf("\n");
109     if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN,
110                                                    NULL, 0U, nonce, firstkey) != 0) {
111         printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
112     }
113     if (m2len != MLEN) {
114         printf("m2len is not properly set (adlen=0)\n");
115     }
116     if (memcmp(m, m2, MLEN) != 0) {
117         printf("m != m2 (adlen=0)\n");
118     }
119     m2len = 1;
120     if (crypto_aead_xchacha20poly1305_ietf_decrypt(
121             m2, &m2len, NULL, NULL,
122             randombytes_uniform(crypto_aead_xchacha20poly1305_ietf_ABYTES),
123             NULL, 0U, nonce, firstkey) != -1) {
124         printf("crypto_aead_xchacha20poly1305_ietf_decrypt() worked with a short "
125                "ciphertext\n");
126     }
127     if (m2len != 0) {
128         printf("Message length should have been set to zero after a failure\n");
129     }
130     m2len = 1;
131     if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, 0U, NULL, 0U,
132                                                   nonce, firstkey) != -1) {
133         printf("crypto_aead_xchacha20poly1305_ietf_decrypt() worked with an empty "
134                "ciphertext\n");
135     }
136     if (m2len != 0) {
137         printf("Message length should have been set to zero after a failure\n");
138     }
139 
140     memcpy(c, m, MLEN);
141     crypto_aead_xchacha20poly1305_ietf_encrypt(c, &found_clen, c, MLEN,
142                                                NULL, 0U, NULL, nonce, firstkey);
143     if (found_clen != CLEN) {
144         printf("clen is not properly set (adlen=0)\n");
145     }
146     for (i = 0U; i < CLEN; ++i) {
147         printf(",0x%02x", (unsigned int) c[i]);
148         if (i % 8 == 7) {
149             printf("\n");
150         }
151     }
152     printf("\n");
153 
154     if (crypto_aead_xchacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN,
155                                                    NULL, 0U, nonce, firstkey) != 0) {
156         printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
157     }
158     if (m2len != MLEN) {
159         printf("m2len is not properly set (adlen=0)\n");
160     }
161     if (memcmp(m, c, MLEN) != 0) {
162         printf("m != c (adlen=0)\n");
163     }
164 
165     crypto_aead_xchacha20poly1305_ietf_keygen(key2);
166     if (crypto_aead_xchacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN,
167                                                    NULL, 0U, nonce, key2) == 0) {
168         printf("crypto_aead_xchacha20poly1305_ietf_decrypt() with a wrong key should have failed\n");
169     }
170 
171     sodium_free(c);
172     sodium_free(detached_c);
173     sodium_free(key2);
174     sodium_free(mac);
175     sodium_free(m2);
176     sodium_free(m);
177 
178     assert(crypto_aead_xchacha20poly1305_ietf_abytes() == crypto_aead_xchacha20poly1305_ietf_ABYTES);
179     assert(crypto_aead_xchacha20poly1305_ietf_keybytes() == crypto_aead_xchacha20poly1305_ietf_KEYBYTES);
180     assert(crypto_aead_xchacha20poly1305_ietf_npubbytes() == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
181     assert(crypto_aead_xchacha20poly1305_ietf_nsecbytes() == 0U);
182     assert(crypto_aead_xchacha20poly1305_ietf_nsecbytes() == crypto_aead_xchacha20poly1305_ietf_NSECBYTES);
183     assert(crypto_aead_xchacha20poly1305_ietf_messagebytes_max() == crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX);
184     assert(crypto_aead_xchacha20poly1305_IETF_KEYBYTES  == crypto_aead_xchacha20poly1305_ietf_KEYBYTES);
185     assert(crypto_aead_xchacha20poly1305_IETF_NSECBYTES == crypto_aead_xchacha20poly1305_ietf_NSECBYTES);
186     assert(crypto_aead_xchacha20poly1305_IETF_NPUBBYTES == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
187     assert(crypto_aead_xchacha20poly1305_IETF_ABYTES    == crypto_aead_xchacha20poly1305_ietf_ABYTES);
188     assert(crypto_aead_xchacha20poly1305_IETF_MESSAGEBYTES_MAX == crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX);
189 
190     return 0;
191 }
192 
193 int
194 main(void)
195 {
196     tv();
197 
198     return 0;
199 }
200