1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-19 18:15:18 -07:00

Import missing onetimeauth_poly1305_try.c

This commit is contained in:
Frank Denis 2013-04-19 13:22:03 +02:00
parent 3b57f77262
commit 03b82780fd

View File

@ -0,0 +1,155 @@
#include <stdlib.h>
#include <string.h>
#include "crypto_hash_sha256.h"
#include "crypto_onetimeauth.h"
#include "crypto_onetimeauth_poly1305.h"
#include "crypto_onetimeauth_poly1305_ref.h"
#include "crypto_onetimeauth_poly1305_53.h"
#include "utils.h"
#define MAXTEST_BYTES 10000
#define CHECKSUM_BYTES 4096
#define TUNE_BYTES 1536
#define CHECKSUM "e836d5ca58cf673fca2b4910f23f3990"
static char checksum[crypto_onetimeauth_BYTES * 2U + 1U];
static unsigned char *h, *h_;
static unsigned char *m, *m_;
static unsigned char *k, *k_;
static unsigned char *h2, *h2_;
static unsigned char *m2, *m2_;
static unsigned char *k2, *k2_;
static int
allocate(void)
{
h = _sodium_alignedcalloc(&h_, crypto_onetimeauth_BYTES);
m = _sodium_alignedcalloc(&m_, MAXTEST_BYTES);
k = _sodium_alignedcalloc(&k_, crypto_onetimeauth_KEYBYTES);
h2 = _sodium_alignedcalloc(&h2_, crypto_onetimeauth_BYTES);
m2 = _sodium_alignedcalloc(&m2_, MAXTEST_BYTES + crypto_onetimeauth_BYTES);
k2 = _sodium_alignedcalloc(&k2_, crypto_onetimeauth_KEYBYTES +
crypto_onetimeauth_BYTES);
return !(h && m && k && h2 && m2 && k2);
}
static void
deallocate(void)
{
free(h_);
free(m_);
free(k_);
free(h2_);
free(m2_);
free(k2_);
}
static void
doit(void)
{
crypto_onetimeauth(h,m,TUNE_BYTES,k);
crypto_onetimeauth_verify(h,m,TUNE_BYTES,k);
}
static const char *
checksum_compute(void)
{
long long i;
long long j;
for (i = 0;i < CHECKSUM_BYTES;++i) {
long long mlen = i;
long long klen = crypto_onetimeauth_KEYBYTES;
long long hlen = crypto_onetimeauth_BYTES;
for (j = -16;j < 0;++j) h[j] = random();
for (j = -16;j < 0;++j) k[j] = random();
for (j = -16;j < 0;++j) m[j] = random();
for (j = hlen;j < hlen + 16;++j) h[j] = random();
for (j = klen;j < klen + 16;++j) k[j] = random();
for (j = mlen;j < mlen + 16;++j) m[j] = random();
for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
for (j = -16;j < klen + 16;++j) k2[j] = k[j];
for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes before output";
for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes after output";
for (j = -16;j < 0;++j) h[j] = random();
for (j = -16;j < 0;++j) k[j] = random();
for (j = -16;j < 0;++j) m[j] = random();
for (j = hlen;j < hlen + 16;++j) h[j] = random();
for (j = klen;j < klen + 16;++j) k[j] = random();
for (j = mlen;j < mlen + 16;++j) m[j] = random();
for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
for (j = -16;j < klen + 16;++j) k2[j] = k[j];
for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
if (crypto_onetimeauth(m2,m2,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_onetimeauth does not handle m overlap";
for (j = 0;j < hlen;++j) m2[j] = m[j];
if (crypto_onetimeauth(k2,m2,mlen,k2) != 0) return "crypto_onetimeauth returns nonzero";
for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_onetimeauth does not handle k overlap";
for (j = 0;j < hlen;++j) k2[j] = k[j];
if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth overwrites h";
for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
crypto_hash_sha256(h2,h,hlen);
for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
crypto_hash_sha256(h2,h,hlen);
for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
m[mlen] = h2[0];
}
if (crypto_onetimeauth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth returns nonzero";
if (crypto_onetimeauth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
for (i = 0;i < crypto_onetimeauth_BYTES;++i) {
checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
}
checksum[2 * i] = 0;
return NULL;
}
crypto_onetimeauth_poly1305_implementation *
crypto_onetimeauth_pick_best_implementation(void)
{
crypto_onetimeauth_poly1305_implementation *implementations[] = {
&crypto_onetimeauth_poly1305_53_implementation,
&crypto_onetimeauth_poly1305_ref_implementation,
NULL
};
const char *err;
size_t i = (size_t) 0U;
do {
if (crypto_onetimeauth_poly1305_set_implementation
(implementations[i]) != 0) {
continue;
}
allocate();
err = checksum_compute();
deallocate();
if (err == NULL && strcmp(checksum, CHECKSUM) == 0) {
break;
}
} while (implementations[++i] != NULL);
return implementations[i];
}