1 files changed, 119 insertions, 0 deletions
diff --git a/nacl/crypto_onetimeauth/try.c b/nacl/crypto_onetimeauth/try.c
new file mode 100644
index 00000000..54f4396d
--- /dev/null
+++ b/nacl/crypto_onetimeauth/try.c
@@ -0,0 +1,119 @@
+/*
+ * crypto_onetimeauth/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+#include "crypto_hash_sha256.h"
+#include "crypto_onetimeauth.h"
+extern unsigned char *alignedcalloc(unsigned long long);
+const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION;
+#define MAXTEST_BYTES 10000
+#define CHECKSUM_BYTES 4096
+#define TUNE_BYTES 1536
+static unsigned char *h;
+static unsigned char *m;
+static unsigned char *k;
+static unsigned char *h2;
+static unsigned char *m2;
+static unsigned char *k2;
+void preallocate(void)
+{
+}
+void allocate(void)
+{
+  h = alignedcalloc(crypto_onetimeauth_BYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  k = alignedcalloc(crypto_onetimeauth_KEYBYTES);
+  h2 = alignedcalloc(crypto_onetimeauth_BYTES);
+  m2 = alignedcalloc(MAXTEST_BYTES + crypto_onetimeauth_BYTES);
+  k2 = alignedcalloc(crypto_onetimeauth_KEYBYTES + crypto_onetimeauth_BYTES);
+}
+void predoit(void)
+{
+}
+void doit(void)
+{
+  crypto_onetimeauth(h,m,TUNE_BYTES,k);
+  crypto_onetimeauth_verify(h,m,TUNE_BYTES,k);
+}
+char checksum[crypto_onetimeauth_BYTES * 2 + 1];
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+  for (i = 0;i < CHECKSUM_BYTES;++i) {
+    long long mlen = i;
+    long long klen = crypto_onetimeauth_KEYBYTES;
+    long long hlen = crypto_onetimeauth_BYTES;
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+    if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
+    for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes before output";
+    for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes after output";
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+    if (crypto_onetimeauth(m2,m2,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
+    for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_onetimeauth does not handle m overlap";
+    for (j = 0;j < hlen;++j) m2[j] = m[j];
+    if (crypto_onetimeauth(k2,m2,mlen,k2) != 0) return "crypto_onetimeauth returns nonzero";
+    for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_onetimeauth does not handle k overlap";
+    for (j = 0;j < hlen;++j) k2[j] = k[j];
+    if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
+    for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth overwrites h";
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
+    crypto_hash_sha256(h2,h,hlen);
+    for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
+    if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
+    if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
+    
+    crypto_hash_sha256(h2,h,hlen);
+    for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
+    m[mlen] = h2[0];
+  }
+  if (crypto_onetimeauth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth returns nonzero";
+  if (crypto_onetimeauth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
+  for (i = 0;i < crypto_onetimeauth_BYTES;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}

diff --git a/nacl/crypto_onetimeauth/try.c b/nacl/crypto_onetimeauth/try.c new file mode 100644 index 00000000..54f4396d --- /dev/null +++ b/nacl/crypto_onetimeauth/try.c
@@ -0,0 +1,119 @@
	1	/*
	2	* crypto_onetimeauth/try.c version 20090118
	3	* D. J. Bernstein
	4	* Public domain.
	5	*/
	6
	7	#include "crypto_hash_sha256.h"
	8	#include "crypto_onetimeauth.h"
	9
	10	extern unsigned char *alignedcalloc(unsigned long long);
	11
	12	const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION;
	13
	14	#define MAXTEST_BYTES 10000
	15	#define CHECKSUM_BYTES 4096
	16	#define TUNE_BYTES 1536
	17
	18	static unsigned char *h;
	19	static unsigned char *m;
	20	static unsigned char *k;
	21	static unsigned char *h2;
	22	static unsigned char *m2;
	23	static unsigned char *k2;
	24
	25	void preallocate(void)
	26	{
	27	}
	28
	29	void allocate(void)
	30	{
	31	h = alignedcalloc(crypto_onetimeauth_BYTES);
	32	m = alignedcalloc(MAXTEST_BYTES);
	33	k = alignedcalloc(crypto_onetimeauth_KEYBYTES);
	34	h2 = alignedcalloc(crypto_onetimeauth_BYTES);
	35	m2 = alignedcalloc(MAXTEST_BYTES + crypto_onetimeauth_BYTES);
	36	k2 = alignedcalloc(crypto_onetimeauth_KEYBYTES + crypto_onetimeauth_BYTES);
	37	}
	38
	39	void predoit(void)
	40	{
	41	}
	42
	43	void doit(void)
	44	{
	45	crypto_onetimeauth(h,m,TUNE_BYTES,k);
	46	crypto_onetimeauth_verify(h,m,TUNE_BYTES,k);
	47	}
	48
	49	char checksum[crypto_onetimeauth_BYTES * 2 + 1];
	50
	51	const char *checksum_compute(void)
	52	{
	53	long long i;
	54	long long j;
	55
	56	for (i = 0;i < CHECKSUM_BYTES;++i) {
	57	long long mlen = i;
	58	long long klen = crypto_onetimeauth_KEYBYTES;
	59	long long hlen = crypto_onetimeauth_BYTES;
	60
	61	for (j = -16;j < 0;++j) h[j] = random();
	62	for (j = -16;j < 0;++j) k[j] = random();
	63	for (j = -16;j < 0;++j) m[j] = random();
	64	for (j = hlen;j < hlen + 16;++j) h[j] = random();
	65	for (j = klen;j < klen + 16;++j) k[j] = random();
	66	for (j = mlen;j < mlen + 16;++j) m[j] = random();
	67	for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
	68	for (j = -16;j < klen + 16;++j) k2[j] = k[j];
	69	for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
	70
	71	if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
	72
	73	for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
	74	for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
	75	for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes before output";
	76	for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes after output";
	77
	78	for (j = -16;j < 0;++j) h[j] = random();
	79	for (j = -16;j < 0;++j) k[j] = random();
	80	for (j = -16;j < 0;++j) m[j] = random();
	81	for (j = hlen;j < hlen + 16;++j) h[j] = random();
	82	for (j = klen;j < klen + 16;++j) k[j] = random();
	83	for (j = mlen;j < mlen + 16;++j) m[j] = random();
	84	for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
	85	for (j = -16;j < klen + 16;++j) k2[j] = k[j];
	86	for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
	87
	88	if (crypto_onetimeauth(m2,m2,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
	89	for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_onetimeauth does not handle m overlap";
	90	for (j = 0;j < hlen;++j) m2[j] = m[j];
	91	if (crypto_onetimeauth(k2,m2,mlen,k2) != 0) return "crypto_onetimeauth returns nonzero";
	92	for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_onetimeauth does not handle k overlap";
	93	for (j = 0;j < hlen;++j) k2[j] = k[j];
	94
	95	if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
	96
	97	for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth overwrites h";
	98	for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
	99	for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
	100
	101	crypto_hash_sha256(h2,h,hlen);
	102	for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
	103	if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
	104	if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
	105
	106	crypto_hash_sha256(h2,h,hlen);
	107	for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
	108	m[mlen] = h2[0];
	109	}
	110	if (crypto_onetimeauth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth returns nonzero";
	111	if (crypto_onetimeauth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
	112
	113	for (i = 0;i < crypto_onetimeauth_BYTES;++i) {
	114	checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
	115	checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
	116	}
	117	checksum[2 * i] = 0;
	118	return 0;
	119	}