xref: /freebsd/sys/contrib/libsodium/test/default/chacha20.c (revision 3611ec604864a7d4dcc9a3ea898c80eb35eef8a0) 
1*0ac341f1SConrad Meyer 
2*0ac341f1SConrad Meyer #define TEST_NAME "chacha20"
3*0ac341f1SConrad Meyer #include "cmptest.h"
4*0ac341f1SConrad Meyer 
5*0ac341f1SConrad Meyer static
tv(void)6*0ac341f1SConrad Meyer void tv(void)
7*0ac341f1SConrad Meyer {
8*0ac341f1SConrad Meyer     static struct {
9*0ac341f1SConrad Meyer         const char *key_hex;
10*0ac341f1SConrad Meyer         const char *nonce_hex;
11*0ac341f1SConrad Meyer     } tests[]
12*0ac341f1SConrad Meyer       = { { "0000000000000000000000000000000000000000000000000000000000000000",
13*0ac341f1SConrad Meyer             "0000000000000000" },
14*0ac341f1SConrad Meyer           { "0000000000000000000000000000000000000000000000000000000000000001",
15*0ac341f1SConrad Meyer             "0000000000000000" },
16*0ac341f1SConrad Meyer           { "0000000000000000000000000000000000000000000000000000000000000000",
17*0ac341f1SConrad Meyer             "0000000000000001" },
18*0ac341f1SConrad Meyer           { "0000000000000000000000000000000000000000000000000000000000000000",
19*0ac341f1SConrad Meyer             "0100000000000000" },
20*0ac341f1SConrad Meyer           { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
21*0ac341f1SConrad Meyer             "0001020304050607" } };
22*0ac341f1SConrad Meyer     unsigned char  key[crypto_stream_chacha20_KEYBYTES];
23*0ac341f1SConrad Meyer     unsigned char  nonce[crypto_stream_chacha20_NONCEBYTES];
24*0ac341f1SConrad Meyer     unsigned char *part;
25*0ac341f1SConrad Meyer     unsigned char  out[160];
26*0ac341f1SConrad Meyer     unsigned char  zero[160];
27*0ac341f1SConrad Meyer     char           out_hex[160 * 2 + 1];
28*0ac341f1SConrad Meyer     size_t         i = 0U;
29*0ac341f1SConrad Meyer     size_t         plen;
30*0ac341f1SConrad Meyer 
31*0ac341f1SConrad Meyer     memset(zero, 0, sizeof zero);
32*0ac341f1SConrad Meyer     do {
33*0ac341f1SConrad Meyer         sodium_hex2bin((unsigned char *)key, sizeof key, tests[i].key_hex,
34*0ac341f1SConrad Meyer                        strlen(tests[i].key_hex), NULL, NULL, NULL);
35*0ac341f1SConrad Meyer         sodium_hex2bin(nonce, sizeof nonce, tests[i].nonce_hex,
36*0ac341f1SConrad Meyer                        strlen(tests[i].nonce_hex), NULL, NULL, NULL);
37*0ac341f1SConrad Meyer         crypto_stream_chacha20(out, sizeof out, nonce, key);
38*0ac341f1SConrad Meyer         sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
39*0ac341f1SConrad Meyer         printf("[%s]\n", out_hex);
40*0ac341f1SConrad Meyer         for (plen = 1U; plen < sizeof out; plen++) {
41*0ac341f1SConrad Meyer             part = (unsigned char *) sodium_malloc(plen);
42*0ac341f1SConrad Meyer             crypto_stream_chacha20_xor(part, out, plen, nonce, key);
43*0ac341f1SConrad Meyer             if (memcmp(part, zero, plen) != 0) {
44*0ac341f1SConrad Meyer                 printf("Failed with length %lu\n", (unsigned long) plen);
45*0ac341f1SConrad Meyer             }
46*0ac341f1SConrad Meyer             sodium_free(part);
47*0ac341f1SConrad Meyer         }
48*0ac341f1SConrad Meyer     } while (++i < (sizeof tests) / (sizeof tests[0]));
49*0ac341f1SConrad Meyer     assert(66 <= sizeof out);
50*0ac341f1SConrad Meyer     for (plen = 1U; plen < 66; plen += 3) {
51*0ac341f1SConrad Meyer         memset(out, (int) (plen & 0xff), sizeof out);
52*0ac341f1SConrad Meyer         crypto_stream_chacha20(out, plen, nonce, key);
53*0ac341f1SConrad Meyer         sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
54*0ac341f1SConrad Meyer         printf("[%s]\n", out_hex);
55*0ac341f1SConrad Meyer     }
56*0ac341f1SConrad Meyer     randombytes_buf(out, sizeof out);
57*0ac341f1SConrad Meyer     crypto_stream_chacha20(out, sizeof out, nonce, key);
58*0ac341f1SConrad Meyer     sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
59*0ac341f1SConrad Meyer     printf("[%s]\n", out_hex);
60*0ac341f1SConrad Meyer 
61*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20(out, 0U, nonce, key) == 0);
62*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_xor(out, out, 0U, nonce, key) == 0);
63*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_xor(out, out, 0U, nonce, key) == 0);
64*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_xor_ic(out, out, 0U, nonce, 1U, key) == 0);
65*0ac341f1SConrad Meyer 
66*0ac341f1SConrad Meyer     memset(out, 0x42, sizeof out);
67*0ac341f1SConrad Meyer     crypto_stream_chacha20_xor(out, out, sizeof out, nonce, key);
68*0ac341f1SConrad Meyer     sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
69*0ac341f1SConrad Meyer     printf("[%s]\n", out_hex);
70*0ac341f1SConrad Meyer 
71*0ac341f1SConrad Meyer     crypto_stream_chacha20_xor_ic(out, out, sizeof out, nonce, 0U, key);
72*0ac341f1SConrad Meyer     sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
73*0ac341f1SConrad Meyer     printf("[%s]\n", out_hex);
74*0ac341f1SConrad Meyer 
75*0ac341f1SConrad Meyer     crypto_stream_chacha20_xor_ic(out, out, sizeof out, nonce, 1U, key);
76*0ac341f1SConrad Meyer     sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
77*0ac341f1SConrad Meyer     printf("[%s]\n", out_hex);
78*0ac341f1SConrad Meyer }
79*0ac341f1SConrad Meyer 
80*0ac341f1SConrad Meyer static
tv_ietf(void)81*0ac341f1SConrad Meyer void tv_ietf(void)
82*0ac341f1SConrad Meyer {
83*0ac341f1SConrad Meyer     static struct {
84*0ac341f1SConrad Meyer         const char *key_hex;
85*0ac341f1SConrad Meyer         const char *nonce_hex;
86*0ac341f1SConrad Meyer         uint32_t    ic;
87*0ac341f1SConrad Meyer     } tests[]
88*0ac341f1SConrad Meyer       = { { "0000000000000000000000000000000000000000000000000000000000000000",
89*0ac341f1SConrad Meyer             "000000000000000000000000",
90*0ac341f1SConrad Meyer             0U },
91*0ac341f1SConrad Meyer           { "0000000000000000000000000000000000000000000000000000000000000000",
92*0ac341f1SConrad Meyer             "000000000000000000000000",
93*0ac341f1SConrad Meyer             1U },
94*0ac341f1SConrad Meyer           { "0000000000000000000000000000000000000000000000000000000000000001",
95*0ac341f1SConrad Meyer             "000000000000000000000000",
96*0ac341f1SConrad Meyer             1U },
97*0ac341f1SConrad Meyer           { "00ff000000000000000000000000000000000000000000000000000000000000",
98*0ac341f1SConrad Meyer             "000000000000000000000000",
99*0ac341f1SConrad Meyer             2U },
100*0ac341f1SConrad Meyer           { "0000000000000000000000000000000000000000000000000000000000000000",
101*0ac341f1SConrad Meyer             "000000000000000000000002",
102*0ac341f1SConrad Meyer             0U },
103*0ac341f1SConrad Meyer           { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
104*0ac341f1SConrad Meyer             "000000090000004a00000000",
105*0ac341f1SConrad Meyer             1U },
106*0ac341f1SConrad Meyer           { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
107*0ac341f1SConrad Meyer             "000000090000004a00000000",
108*0ac341f1SConrad Meyer             0xffffffff }};
109*0ac341f1SConrad Meyer     unsigned char  key[crypto_stream_chacha20_KEYBYTES];
110*0ac341f1SConrad Meyer     unsigned char  nonce[crypto_stream_chacha20_IETF_NONCEBYTES];
111*0ac341f1SConrad Meyer     unsigned char *part;
112*0ac341f1SConrad Meyer     unsigned char  out[160];
113*0ac341f1SConrad Meyer     unsigned char  zero[160];
114*0ac341f1SConrad Meyer     char           out_hex[160 * 2 + 1];
115*0ac341f1SConrad Meyer     size_t         i = 0U;
116*0ac341f1SConrad Meyer     size_t         plen;
117*0ac341f1SConrad Meyer 
118*0ac341f1SConrad Meyer     memset(zero, 0, sizeof zero);
119*0ac341f1SConrad Meyer     do {
120*0ac341f1SConrad Meyer         sodium_hex2bin((unsigned char *)key, sizeof key, tests[i].key_hex,
121*0ac341f1SConrad Meyer                        strlen(tests[i].key_hex), ": ", NULL, NULL);
122*0ac341f1SConrad Meyer         sodium_hex2bin(nonce, sizeof nonce, tests[i].nonce_hex,
123*0ac341f1SConrad Meyer                        strlen(tests[i].nonce_hex), ": ", NULL, NULL);
124*0ac341f1SConrad Meyer         memset(out, 0, sizeof out);
125*0ac341f1SConrad Meyer         crypto_stream_chacha20_ietf_xor_ic(out, out, sizeof out, nonce, tests[i].ic, key);
126*0ac341f1SConrad Meyer         sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
127*0ac341f1SConrad Meyer         printf("[%s]\n", out_hex);
128*0ac341f1SConrad Meyer         for (plen = 1U; plen < sizeof out; plen++) {
129*0ac341f1SConrad Meyer             part = (unsigned char *) sodium_malloc(plen);
130*0ac341f1SConrad Meyer             crypto_stream_chacha20_ietf_xor_ic(part, out, plen, nonce, tests[i].ic, key);
131*0ac341f1SConrad Meyer             if (memcmp(part, zero, plen) != 0) {
132*0ac341f1SConrad Meyer                 printf("Failed with length %lu\n", (unsigned long) plen);
133*0ac341f1SConrad Meyer             }
134*0ac341f1SConrad Meyer             sodium_free(part);
135*0ac341f1SConrad Meyer         }
136*0ac341f1SConrad Meyer     } while (++i < (sizeof tests) / (sizeof tests[0]));
137*0ac341f1SConrad Meyer     assert(66 <= sizeof out);
138*0ac341f1SConrad Meyer     for (plen = 1U; plen < 66; plen += 3) {
139*0ac341f1SConrad Meyer         memset(out, (int) (plen & 0xff), sizeof out);
140*0ac341f1SConrad Meyer         crypto_stream_chacha20(out, plen, nonce, key);
141*0ac341f1SConrad Meyer         sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
142*0ac341f1SConrad Meyer         printf("[%s]\n", out_hex);
143*0ac341f1SConrad Meyer     }
144*0ac341f1SConrad Meyer     randombytes_buf(out, sizeof out);
145*0ac341f1SConrad Meyer     crypto_stream_chacha20_ietf(out, sizeof out, nonce, key);
146*0ac341f1SConrad Meyer     sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
147*0ac341f1SConrad Meyer     printf("[%s]\n", out_hex);
148*0ac341f1SConrad Meyer 
149*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_ietf(out, 0U, nonce, key) == 0);
150*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_ietf_xor(out, out, 0U, nonce, key) == 0);
151*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_ietf_xor(out, out, 0U, nonce, key) == 0);
152*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_ietf_xor_ic(out, out, 0U, nonce, 1U, key) == 0);
153*0ac341f1SConrad Meyer 
154*0ac341f1SConrad Meyer     memset(out, 0x42, sizeof out);
155*0ac341f1SConrad Meyer     crypto_stream_chacha20_ietf_xor(out, out, sizeof out, nonce, key);
156*0ac341f1SConrad Meyer     sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
157*0ac341f1SConrad Meyer     printf("[%s]\n", out_hex);
158*0ac341f1SConrad Meyer 
159*0ac341f1SConrad Meyer     crypto_stream_chacha20_ietf_xor_ic(out, out, sizeof out, nonce, 0U, key);
160*0ac341f1SConrad Meyer     sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
161*0ac341f1SConrad Meyer     printf("[%s]\n", out_hex);
162*0ac341f1SConrad Meyer 
163*0ac341f1SConrad Meyer     crypto_stream_chacha20_ietf_xor_ic(out, out, sizeof out, nonce, 1U, key);
164*0ac341f1SConrad Meyer     sodium_bin2hex(out_hex, sizeof out_hex, out, sizeof out);
165*0ac341f1SConrad Meyer     printf("[%s]\n", out_hex);
166*0ac341f1SConrad Meyer }
167*0ac341f1SConrad Meyer 
168*0ac341f1SConrad Meyer int
main(void)169*0ac341f1SConrad Meyer main(void)
170*0ac341f1SConrad Meyer {
171*0ac341f1SConrad Meyer     tv();
172*0ac341f1SConrad Meyer     tv_ietf();
173*0ac341f1SConrad Meyer 
174*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_keybytes() > 0U);
175*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_keybytes() == crypto_stream_chacha20_KEYBYTES);
176*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_noncebytes() > 0U);
177*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_noncebytes() == crypto_stream_chacha20_NONCEBYTES);
178*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_messagebytes_max() == crypto_stream_chacha20_MESSAGEBYTES_MAX);
179*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_ietf_keybytes() > 0U);
180*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_ietf_keybytes() == crypto_stream_chacha20_ietf_KEYBYTES);
181*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_ietf_noncebytes() > 0U);
182*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_ietf_noncebytes() == crypto_stream_chacha20_ietf_NONCEBYTES);
183*0ac341f1SConrad Meyer     assert(crypto_stream_chacha20_ietf_messagebytes_max() == crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX);
184*0ac341f1SConrad Meyer 
185*0ac341f1SConrad Meyer     return 0;
186*0ac341f1SConrad Meyer }
187