1*0ac341f1SConrad Meyer 2*0ac341f1SConrad Meyer #define TEST_NAME "metamorphic" 3*0ac341f1SConrad Meyer #include "cmptest.h" 4*0ac341f1SConrad Meyer 5*0ac341f1SConrad Meyer #define MAXLEN 512 6*0ac341f1SConrad Meyer #define MAX_ITER 1000 7*0ac341f1SConrad Meyer 8*0ac341f1SConrad Meyer static void 9*0ac341f1SConrad Meyer mm_generichash(void) 10*0ac341f1SConrad Meyer { 11*0ac341f1SConrad Meyer crypto_generichash_state st; 12*0ac341f1SConrad Meyer unsigned char *h, *h2; 13*0ac341f1SConrad Meyer unsigned char *k; 14*0ac341f1SConrad Meyer unsigned char *m; 15*0ac341f1SConrad Meyer size_t hlen; 16*0ac341f1SConrad Meyer size_t klen; 17*0ac341f1SConrad Meyer size_t mlen; 18*0ac341f1SConrad Meyer size_t l1, l2; 19*0ac341f1SConrad Meyer int i; 20*0ac341f1SConrad Meyer 21*0ac341f1SConrad Meyer for (i = 0; i < MAX_ITER; i++) { 22*0ac341f1SConrad Meyer mlen = randombytes_uniform(MAXLEN); 23*0ac341f1SConrad Meyer m = (unsigned char *) sodium_malloc(mlen); 24*0ac341f1SConrad Meyer klen = randombytes_uniform(crypto_generichash_KEYBYTES_MAX - 25*0ac341f1SConrad Meyer crypto_generichash_KEYBYTES_MIN + 1U) 26*0ac341f1SConrad Meyer + crypto_generichash_KEYBYTES_MIN; 27*0ac341f1SConrad Meyer k = (unsigned char *) sodium_malloc(klen); 28*0ac341f1SConrad Meyer hlen = randombytes_uniform(crypto_generichash_BYTES_MAX - 29*0ac341f1SConrad Meyer crypto_generichash_BYTES_MIN + 1U) 30*0ac341f1SConrad Meyer + crypto_generichash_BYTES_MIN; 31*0ac341f1SConrad Meyer h = (unsigned char *) sodium_malloc(hlen); 32*0ac341f1SConrad Meyer h2 = (unsigned char *) sodium_malloc(hlen); 33*0ac341f1SConrad Meyer 34*0ac341f1SConrad Meyer randombytes_buf(k, klen); 35*0ac341f1SConrad Meyer randombytes_buf(m, mlen); 36*0ac341f1SConrad Meyer 37*0ac341f1SConrad Meyer crypto_generichash_init(&st, k, klen, hlen); 38*0ac341f1SConrad Meyer l1 = randombytes_uniform((uint32_t) mlen); 39*0ac341f1SConrad Meyer l2 = randombytes_uniform((uint32_t) (mlen - l1)); 40*0ac341f1SConrad Meyer crypto_generichash_update(&st, m, l1); 41*0ac341f1SConrad Meyer crypto_generichash_update(&st, m + l1, l2); 42*0ac341f1SConrad Meyer crypto_generichash_update(&st, m + l1 + l2, mlen - l1 - l2); 43*0ac341f1SConrad Meyer crypto_generichash_final(&st, h, hlen); 44*0ac341f1SConrad Meyer 45*0ac341f1SConrad Meyer crypto_generichash(h2, hlen, m, mlen, k, klen); 46*0ac341f1SConrad Meyer 47*0ac341f1SConrad Meyer assert(memcmp(h, h2, hlen) == 0); 48*0ac341f1SConrad Meyer 49*0ac341f1SConrad Meyer sodium_free(h2); 50*0ac341f1SConrad Meyer sodium_free(h); 51*0ac341f1SConrad Meyer sodium_free(k); 52*0ac341f1SConrad Meyer sodium_free(m); 53*0ac341f1SConrad Meyer } 54*0ac341f1SConrad Meyer } 55*0ac341f1SConrad Meyer 56*0ac341f1SConrad Meyer static void 57*0ac341f1SConrad Meyer mm_onetimeauth(void) 58*0ac341f1SConrad Meyer { 59*0ac341f1SConrad Meyer crypto_onetimeauth_state st; 60*0ac341f1SConrad Meyer unsigned char *h, *h2; 61*0ac341f1SConrad Meyer unsigned char *k; 62*0ac341f1SConrad Meyer unsigned char *m; 63*0ac341f1SConrad Meyer size_t mlen; 64*0ac341f1SConrad Meyer size_t l1, l2; 65*0ac341f1SConrad Meyer int i; 66*0ac341f1SConrad Meyer 67*0ac341f1SConrad Meyer for (i = 0; i < MAX_ITER; i++) { 68*0ac341f1SConrad Meyer mlen = randombytes_uniform(MAXLEN); 69*0ac341f1SConrad Meyer m = (unsigned char *) sodium_malloc(mlen); 70*0ac341f1SConrad Meyer k = (unsigned char *) sodium_malloc(crypto_onetimeauth_KEYBYTES); 71*0ac341f1SConrad Meyer h = (unsigned char *) sodium_malloc(crypto_onetimeauth_BYTES); 72*0ac341f1SConrad Meyer h2 = (unsigned char *) sodium_malloc(crypto_onetimeauth_BYTES); 73*0ac341f1SConrad Meyer 74*0ac341f1SConrad Meyer crypto_onetimeauth_keygen(k); 75*0ac341f1SConrad Meyer randombytes_buf(m, mlen); 76*0ac341f1SConrad Meyer 77*0ac341f1SConrad Meyer crypto_onetimeauth_init(&st, k); 78*0ac341f1SConrad Meyer l1 = randombytes_uniform((uint32_t) mlen); 79*0ac341f1SConrad Meyer l2 = randombytes_uniform((uint32_t) (mlen - l1)); 80*0ac341f1SConrad Meyer crypto_onetimeauth_update(&st, m, l1); 81*0ac341f1SConrad Meyer crypto_onetimeauth_update(&st, m + l1, l2); 82*0ac341f1SConrad Meyer crypto_onetimeauth_update(&st, m + l1 + l2, mlen - l1 - l2); 83*0ac341f1SConrad Meyer crypto_onetimeauth_final(&st, h); 84*0ac341f1SConrad Meyer 85*0ac341f1SConrad Meyer crypto_onetimeauth(h2, m, mlen, k); 86*0ac341f1SConrad Meyer 87*0ac341f1SConrad Meyer assert(memcmp(h, h2, crypto_onetimeauth_BYTES) == 0); 88*0ac341f1SConrad Meyer 89*0ac341f1SConrad Meyer sodium_free(h2); 90*0ac341f1SConrad Meyer sodium_free(h); 91*0ac341f1SConrad Meyer sodium_free(k); 92*0ac341f1SConrad Meyer sodium_free(m); 93*0ac341f1SConrad Meyer } 94*0ac341f1SConrad Meyer } 95*0ac341f1SConrad Meyer 96*0ac341f1SConrad Meyer static void 97*0ac341f1SConrad Meyer mm_hmacsha256(void) 98*0ac341f1SConrad Meyer { 99*0ac341f1SConrad Meyer crypto_auth_hmacsha256_state st; 100*0ac341f1SConrad Meyer unsigned char *h, *h2; 101*0ac341f1SConrad Meyer unsigned char *k; 102*0ac341f1SConrad Meyer unsigned char *m; 103*0ac341f1SConrad Meyer size_t mlen; 104*0ac341f1SConrad Meyer size_t l1, l2; 105*0ac341f1SConrad Meyer int i; 106*0ac341f1SConrad Meyer 107*0ac341f1SConrad Meyer for (i = 0; i < MAX_ITER; i++) { 108*0ac341f1SConrad Meyer mlen = randombytes_uniform(MAXLEN); 109*0ac341f1SConrad Meyer m = (unsigned char *) sodium_malloc(mlen); 110*0ac341f1SConrad Meyer k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_KEYBYTES); 111*0ac341f1SConrad Meyer h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES); 112*0ac341f1SConrad Meyer h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES); 113*0ac341f1SConrad Meyer 114*0ac341f1SConrad Meyer crypto_auth_hmacsha256_keygen(k); 115*0ac341f1SConrad Meyer randombytes_buf(m, mlen); 116*0ac341f1SConrad Meyer 117*0ac341f1SConrad Meyer crypto_auth_hmacsha256_init(&st, k, crypto_auth_hmacsha256_KEYBYTES); 118*0ac341f1SConrad Meyer l1 = randombytes_uniform((uint32_t) mlen); 119*0ac341f1SConrad Meyer l2 = randombytes_uniform((uint32_t) (mlen - l1)); 120*0ac341f1SConrad Meyer crypto_auth_hmacsha256_update(&st, m, l1); 121*0ac341f1SConrad Meyer crypto_auth_hmacsha256_update(&st, m + l1, l2); 122*0ac341f1SConrad Meyer crypto_auth_hmacsha256_update(&st, m + l1 + l2, mlen - l1 - l2); 123*0ac341f1SConrad Meyer crypto_auth_hmacsha256_final(&st, h); 124*0ac341f1SConrad Meyer 125*0ac341f1SConrad Meyer crypto_auth_hmacsha256(h2, m, mlen, k); 126*0ac341f1SConrad Meyer 127*0ac341f1SConrad Meyer assert(memcmp(h, h2, crypto_auth_hmacsha256_BYTES) == 0); 128*0ac341f1SConrad Meyer 129*0ac341f1SConrad Meyer sodium_free(h2); 130*0ac341f1SConrad Meyer sodium_free(h); 131*0ac341f1SConrad Meyer sodium_free(k); 132*0ac341f1SConrad Meyer sodium_free(m); 133*0ac341f1SConrad Meyer } 134*0ac341f1SConrad Meyer } 135*0ac341f1SConrad Meyer 136*0ac341f1SConrad Meyer static void 137*0ac341f1SConrad Meyer mm_hmacsha512(void) 138*0ac341f1SConrad Meyer { 139*0ac341f1SConrad Meyer crypto_auth_hmacsha512_state st; 140*0ac341f1SConrad Meyer unsigned char *h, *h2; 141*0ac341f1SConrad Meyer unsigned char *k; 142*0ac341f1SConrad Meyer unsigned char *m; 143*0ac341f1SConrad Meyer size_t mlen; 144*0ac341f1SConrad Meyer size_t l1, l2; 145*0ac341f1SConrad Meyer int i; 146*0ac341f1SConrad Meyer 147*0ac341f1SConrad Meyer for (i = 0; i < MAX_ITER; i++) { 148*0ac341f1SConrad Meyer mlen = randombytes_uniform(MAXLEN); 149*0ac341f1SConrad Meyer m = (unsigned char *) sodium_malloc(mlen); 150*0ac341f1SConrad Meyer k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_KEYBYTES); 151*0ac341f1SConrad Meyer h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_BYTES); 152*0ac341f1SConrad Meyer h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_BYTES); 153*0ac341f1SConrad Meyer 154*0ac341f1SConrad Meyer crypto_auth_hmacsha512_keygen(k); 155*0ac341f1SConrad Meyer randombytes_buf(m, mlen); 156*0ac341f1SConrad Meyer 157*0ac341f1SConrad Meyer crypto_auth_hmacsha512_init(&st, k, crypto_auth_hmacsha512_KEYBYTES); 158*0ac341f1SConrad Meyer l1 = randombytes_uniform((uint32_t) mlen); 159*0ac341f1SConrad Meyer l2 = randombytes_uniform((uint32_t) (mlen - l1)); 160*0ac341f1SConrad Meyer crypto_auth_hmacsha512_update(&st, m, l1); 161*0ac341f1SConrad Meyer crypto_auth_hmacsha512_update(&st, m + l1, l2); 162*0ac341f1SConrad Meyer crypto_auth_hmacsha512_update(&st, m + l1 + l2, mlen - l1 - l2); 163*0ac341f1SConrad Meyer crypto_auth_hmacsha512_final(&st, h); 164*0ac341f1SConrad Meyer 165*0ac341f1SConrad Meyer crypto_auth_hmacsha512(h2, m, mlen, k); 166*0ac341f1SConrad Meyer 167*0ac341f1SConrad Meyer assert(memcmp(h, h2, crypto_auth_hmacsha512_BYTES) == 0); 168*0ac341f1SConrad Meyer 169*0ac341f1SConrad Meyer sodium_free(h2); 170*0ac341f1SConrad Meyer sodium_free(h); 171*0ac341f1SConrad Meyer sodium_free(k); 172*0ac341f1SConrad Meyer sodium_free(m); 173*0ac341f1SConrad Meyer } 174*0ac341f1SConrad Meyer } 175*0ac341f1SConrad Meyer 176*0ac341f1SConrad Meyer int 177*0ac341f1SConrad Meyer main(void) 178*0ac341f1SConrad Meyer { 179*0ac341f1SConrad Meyer mm_generichash(); 180*0ac341f1SConrad Meyer mm_onetimeauth(); 181*0ac341f1SConrad Meyer mm_hmacsha256(); 182*0ac341f1SConrad Meyer mm_hmacsha512(); 183*0ac341f1SConrad Meyer 184*0ac341f1SConrad Meyer printf("OK\n"); 185*0ac341f1SConrad Meyer 186*0ac341f1SConrad Meyer return 0; 187*0ac341f1SConrad Meyer } 188