try.c 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. /*
  2. * crypto_onetimeauth/try.c version 20090118
  3. * D. J. Bernstein
  4. * Public domain.
  5. */
  6. #include "crypto_hash_sha256.h"
  7. #include "crypto_onetimeauth.h"
  8. extern unsigned char *alignedcalloc(unsigned long long);
  9. const char *primitiveimplementation = crypto_onetimeauth_IMPLEMENTATION;
  10. #define MAXTEST_BYTES 10000
  11. #define CHECKSUM_BYTES 4096
  12. #define TUNE_BYTES 1536
  13. static unsigned char *h;
  14. static unsigned char *m;
  15. static unsigned char *k;
  16. static unsigned char *h2;
  17. static unsigned char *m2;
  18. static unsigned char *k2;
  19. void preallocate(void)
  20. {
  21. }
  22. void allocate(void)
  23. {
  24. h = alignedcalloc(crypto_onetimeauth_BYTES);
  25. m = alignedcalloc(MAXTEST_BYTES);
  26. k = alignedcalloc(crypto_onetimeauth_KEYBYTES);
  27. h2 = alignedcalloc(crypto_onetimeauth_BYTES);
  28. m2 = alignedcalloc(MAXTEST_BYTES + crypto_onetimeauth_BYTES);
  29. k2 = alignedcalloc(crypto_onetimeauth_KEYBYTES + crypto_onetimeauth_BYTES);
  30. }
  31. void predoit(void)
  32. {
  33. }
  34. void doit(void)
  35. {
  36. crypto_onetimeauth(h,m,TUNE_BYTES,k);
  37. crypto_onetimeauth_verify(h,m,TUNE_BYTES,k);
  38. }
  39. char checksum[crypto_onetimeauth_BYTES * 2 + 1];
  40. const char *checksum_compute(void)
  41. {
  42. long long i;
  43. long long j;
  44. for (i = 0;i < CHECKSUM_BYTES;++i) {
  45. long long mlen = i;
  46. long long klen = crypto_onetimeauth_KEYBYTES;
  47. long long hlen = crypto_onetimeauth_BYTES;
  48. for (j = -16;j < 0;++j) h[j] = random();
  49. for (j = -16;j < 0;++j) k[j] = random();
  50. for (j = -16;j < 0;++j) m[j] = random();
  51. for (j = hlen;j < hlen + 16;++j) h[j] = random();
  52. for (j = klen;j < klen + 16;++j) k[j] = random();
  53. for (j = mlen;j < mlen + 16;++j) m[j] = random();
  54. for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
  55. for (j = -16;j < klen + 16;++j) k2[j] = k[j];
  56. for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
  57. if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
  58. for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
  59. for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
  60. for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes before output";
  61. for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes after output";
  62. for (j = -16;j < 0;++j) h[j] = random();
  63. for (j = -16;j < 0;++j) k[j] = random();
  64. for (j = -16;j < 0;++j) m[j] = random();
  65. for (j = hlen;j < hlen + 16;++j) h[j] = random();
  66. for (j = klen;j < klen + 16;++j) k[j] = random();
  67. for (j = mlen;j < mlen + 16;++j) m[j] = random();
  68. for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
  69. for (j = -16;j < klen + 16;++j) k2[j] = k[j];
  70. for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
  71. if (crypto_onetimeauth(m2,m2,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
  72. for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_onetimeauth does not handle m overlap";
  73. for (j = 0;j < hlen;++j) m2[j] = m[j];
  74. if (crypto_onetimeauth(k2,m2,mlen,k2) != 0) return "crypto_onetimeauth returns nonzero";
  75. for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_onetimeauth does not handle k overlap";
  76. for (j = 0;j < hlen;++j) k2[j] = k[j];
  77. if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
  78. for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth overwrites h";
  79. for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
  80. for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
  81. crypto_hash_sha256(h2,h,hlen);
  82. for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
  83. if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
  84. if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
  85. crypto_hash_sha256(h2,h,hlen);
  86. for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
  87. m[mlen] = h2[0];
  88. }
  89. if (crypto_onetimeauth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth returns nonzero";
  90. if (crypto_onetimeauth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
  91. for (i = 0;i < crypto_onetimeauth_BYTES;++i) {
  92. checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
  93. checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
  94. }
  95. checksum[2 * i] = 0;
  96. return 0;
  97. }