1 /*
2 * crypto_onetimeauth/try.c version 20090118
3 * D. J. Bernstein
4 * Public domain.
5 */
6
7 #include "crypto_hash_sha256.h"
8 #include "crypto_onetimeauth.h"
9
10 extern unsigned char *alignedcalloc(unsigned long long);
11
12 const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION;
13
14 #define MAXTEST_BYTES 10000
15 #define CHECKSUM_BYTES 4096
16 #define TUNE_BYTES 1536
17
18 static unsigned char *h;
19 static unsigned char *m;
20 static unsigned char *k;
21 static unsigned char *h2;
22 static unsigned char *m2;
23 static unsigned char *k2;
24
preallocate(void)25 void preallocate(void)
26 {
27 }
28
allocate(void)29 void allocate(void)
30 {
31 h = alignedcalloc(crypto_onetimeauth_BYTES);
32 m = alignedcalloc(MAXTEST_BYTES);
33 k = alignedcalloc(crypto_onetimeauth_KEYBYTES);
34 h2 = alignedcalloc(crypto_onetimeauth_BYTES);
35 m2 = alignedcalloc(MAXTEST_BYTES + crypto_onetimeauth_BYTES);
36 k2 = alignedcalloc(crypto_onetimeauth_KEYBYTES + crypto_onetimeauth_BYTES);
37 }
38
predoit(void)39 void predoit(void)
40 {
41 }
42
doit(void)43 void doit(void)
44 {
45 crypto_onetimeauth(h,m,TUNE_BYTES,k);
46 crypto_onetimeauth_verify(h,m,TUNE_BYTES,k);
47 }
48
49 char checksum[crypto_onetimeauth_BYTES * 2 + 1];
50
checksum_compute(void)51 const char *checksum_compute(void)
52 {
53 long long i;
54 long long j;
55
56 for (i = 0;i < CHECKSUM_BYTES;++i) {
57 long long mlen = i;
58 long long klen = crypto_onetimeauth_KEYBYTES;
59 long long hlen = crypto_onetimeauth_BYTES;
60
61 for (j = -16;j < 0;++j) h[j] = random();
62 for (j = -16;j < 0;++j) k[j] = random();
63 for (j = -16;j < 0;++j) m[j] = random();
64 for (j = hlen;j < hlen + 16;++j) h[j] = random();
65 for (j = klen;j < klen + 16;++j) k[j] = random();
66 for (j = mlen;j < mlen + 16;++j) m[j] = random();
67 for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
68 for (j = -16;j < klen + 16;++j) k2[j] = k[j];
69 for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
70
71 if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
72
73 for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
74 for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
75 for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes before output";
76 for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes after output";
77
78 for (j = -16;j < 0;++j) h[j] = random();
79 for (j = -16;j < 0;++j) k[j] = random();
80 for (j = -16;j < 0;++j) m[j] = random();
81 for (j = hlen;j < hlen + 16;++j) h[j] = random();
82 for (j = klen;j < klen + 16;++j) k[j] = random();
83 for (j = mlen;j < mlen + 16;++j) m[j] = random();
84 for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
85 for (j = -16;j < klen + 16;++j) k2[j] = k[j];
86 for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
87
88 if (crypto_onetimeauth(m2,m2,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
89 for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_onetimeauth does not handle m overlap";
90 for (j = 0;j < hlen;++j) m2[j] = m[j];
91 if (crypto_onetimeauth(k2,m2,mlen,k2) != 0) return "crypto_onetimeauth returns nonzero";
92 for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_onetimeauth does not handle k overlap";
93 for (j = 0;j < hlen;++j) k2[j] = k[j];
94
95 if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
96
97 for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth overwrites h";
98 for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
99 for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
100
101 crypto_hash_sha256(h2,h,hlen);
102 for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
103 if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
104 if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
105
106 crypto_hash_sha256(h2,h,hlen);
107 for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
108 m[mlen] = h2[0];
109 }
110 if (crypto_onetimeauth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth returns nonzero";
111 if (crypto_onetimeauth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
112
113 for (i = 0;i < crypto_onetimeauth_BYTES;++i) {
114 checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
115 checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
116 }
117 checksum[2 * i] = 0;
118 return 0;
119 }
120