diff options
Diffstat (limited to 'nacl/crypto_auth/try.c')
-rw-r--r-- | nacl/crypto_auth/try.c | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/nacl/crypto_auth/try.c b/nacl/crypto_auth/try.c new file mode 100644 index 00000000..6f855dc9 --- /dev/null +++ b/nacl/crypto_auth/try.c | |||
@@ -0,0 +1,119 @@ | |||
1 | /* | ||
2 | * crypto_auth/try.c version 20090118 | ||
3 | * D. J. Bernstein | ||
4 | * Public domain. | ||
5 | */ | ||
6 | |||
7 | #include "crypto_hash_sha256.h" | ||
8 | #include "crypto_auth.h" | ||
9 | |||
10 | extern unsigned char *alignedcalloc(unsigned long long); | ||
11 | |||
12 | const char *primitiveimplementation = crypto_auth_IMPLEMENTATION; | ||
13 | |||
14 | #define MAXTEST_BYTES 10000 | ||
15 | #define CHECKSUM_BYTES 4096 | ||
16 | #define TUNE_BYTES 1536 | ||
17 | |||
18 | static unsigned char *h; | ||
19 | static unsigned char *m; | ||
20 | static unsigned char *k; | ||
21 | static unsigned char *h2; | ||
22 | static unsigned char *m2; | ||
23 | static unsigned char *k2; | ||
24 | |||
25 | void preallocate(void) | ||
26 | { | ||
27 | } | ||
28 | |||
29 | void allocate(void) | ||
30 | { | ||
31 | h = alignedcalloc(crypto_auth_BYTES); | ||
32 | m = alignedcalloc(MAXTEST_BYTES); | ||
33 | k = alignedcalloc(crypto_auth_KEYBYTES); | ||
34 | h2 = alignedcalloc(crypto_auth_BYTES); | ||
35 | m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES); | ||
36 | k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES); | ||
37 | } | ||
38 | |||
39 | void predoit(void) | ||
40 | { | ||
41 | } | ||
42 | |||
43 | void doit(void) | ||
44 | { | ||
45 | crypto_auth(h,m,TUNE_BYTES,k); | ||
46 | crypto_auth_verify(h,m,TUNE_BYTES,k); | ||
47 | } | ||
48 | |||
49 | char checksum[crypto_auth_BYTES * 2 + 1]; | ||
50 | |||
51 | const char *checksum_compute(void) | ||
52 | { | ||
53 | long long i; | ||
54 | long long j; | ||
55 | |||
56 | for (i = 0;i < CHECKSUM_BYTES;++i) { | ||
57 | long long mlen = i; | ||
58 | long long klen = crypto_auth_KEYBYTES; | ||
59 | long long hlen = crypto_auth_BYTES; | ||
60 | |||
61 | for (j = -16;j < 0;++j) h[j] = random(); | ||
62 | for (j = -16;j < 0;++j) k[j] = random(); | ||
63 | for (j = -16;j < 0;++j) m[j] = random(); | ||
64 | for (j = hlen;j < hlen + 16;++j) h[j] = random(); | ||
65 | for (j = klen;j < klen + 16;++j) k[j] = random(); | ||
66 | for (j = mlen;j < mlen + 16;++j) m[j] = random(); | ||
67 | for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; | ||
68 | for (j = -16;j < klen + 16;++j) k2[j] = k[j]; | ||
69 | for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; | ||
70 | |||
71 | if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; | ||
72 | |||
73 | for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; | ||
74 | for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; | ||
75 | for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output"; | ||
76 | for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output"; | ||
77 | |||
78 | for (j = -16;j < 0;++j) h[j] = random(); | ||
79 | for (j = -16;j < 0;++j) k[j] = random(); | ||
80 | for (j = -16;j < 0;++j) m[j] = random(); | ||
81 | for (j = hlen;j < hlen + 16;++j) h[j] = random(); | ||
82 | for (j = klen;j < klen + 16;++j) k[j] = random(); | ||
83 | for (j = mlen;j < mlen + 16;++j) m[j] = random(); | ||
84 | for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; | ||
85 | for (j = -16;j < klen + 16;++j) k2[j] = k[j]; | ||
86 | for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; | ||
87 | |||
88 | if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero"; | ||
89 | for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap"; | ||
90 | for (j = 0;j < hlen;++j) m2[j] = m[j]; | ||
91 | if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero"; | ||
92 | for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap"; | ||
93 | for (j = 0;j < hlen;++j) k2[j] = k[j]; | ||
94 | |||
95 | if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; | ||
96 | |||
97 | for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h"; | ||
98 | for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; | ||
99 | for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; | ||
100 | |||
101 | crypto_hash_sha256(h2,h,hlen); | ||
102 | for (j = 0;j < klen;++j) k[j] ^= h2[j % 32]; | ||
103 | if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; | ||
104 | if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; | ||
105 | |||
106 | crypto_hash_sha256(h2,h,hlen); | ||
107 | for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32]; | ||
108 | m[mlen] = h2[0]; | ||
109 | } | ||
110 | if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero"; | ||
111 | if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero"; | ||
112 | |||
113 | for (i = 0;i < crypto_auth_BYTES;++i) { | ||
114 | checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)]; | ||
115 | checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]]; | ||
116 | } | ||
117 | checksum[2 * i] = 0; | ||
118 | return 0; | ||
119 | } | ||