Home Explore Help
Sign In
RISCI_ATOM
/
cjdns
mirror of https://github.com/cjdelisle/cjdns.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: d3d748f071
Branches Tags
cjdns
/
node_build
/
dependencies
/
cnacl
/
crypto_sign
/
try.c

try.c 6.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157 
  1. /*
    2. 

  2.  * crypto_sign/try.c version 20111119
    3. 

  3.  * D. J. Bernstein
    4. 

  4.  * Public domain.
    5. 

  5.  */
    6. 

  6. 

  7. #include <stdlib.h>
    8. 

  8. #include "randombytes.h"
    9. 

  9. #include "crypto_sign.h"
    10. 

  10. 

  11. #define MAXTEST_BYTES 10000
    12. 

  12. #define TUNE_BYTES 1536
    13. 

  13. 

  14. extern unsigned char *alignedcalloc(unsigned long long);
    15. 

  15. 

  16. const char *primitiveimplementation = crypto_sign_IMPLEMENTATION;
    17. 

  17. 

  18. static unsigned char *pk; unsigned long long pklen; static unsigned char *pk2;
    19. 

  19. static unsigned char *sk; unsigned long long sklen; static unsigned char *sk2;
    20. 

  20. static unsigned char *m; unsigned long long mlen; static unsigned char *m2;
    21. 

  21. static unsigned char *sm; unsigned long long smlen; static unsigned char *sm2;
    22. 

  22. static unsigned char *t; unsigned long long tlen; static unsigned char *t2;
    23. 

  23. 

  24. void preallocate(void)
    25. 

  25. {
    26. 

  26. #ifdef RAND_R_PRNG_NOT_SEEDED
    27. 

  27.   RAND_status();
    28. 

  28. #endif
    29. 

  29. }
    30. 

  30. 

  31. void allocate(void)
    32. 

  32. {
    33. 

  33.   pk = alignedcalloc(pklen = crypto_sign_PUBLICKEYBYTES);
    34. 

  34.   sk = alignedcalloc(sklen = crypto_sign_SECRETKEYBYTES);
    35. 

  35.   m = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
    36. 

  36.   sm = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
    37. 

  37.   t = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
    38. 

  38.   pk2 = alignedcalloc(pklen);
    39. 

  39.   sk2 = alignedcalloc(sklen);
    40. 

  40.   m2 = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
    41. 

  41.   sm2 = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
    42. 

  42.   t2 = alignedcalloc(MAXTEST_BYTES + crypto_sign_BYTES);
    43. 

  43. }
    44. 

  44. 

  45. void predoit(void)
    46. 

  46. {
    47. 

  47.   crypto_sign_keypair(pk,sk);
    48. 

  48.   mlen = TUNE_BYTES;
    49. 

  49.   smlen = 0;
    50. 

  50. }
    51. 

  51. 

  52. void doit(void)
    53. 

  53. {
    54. 

  54.   randombytes(m,mlen);
    55. 

  55.   crypto_sign(sm,&smlen,m,mlen,sk);
    56. 

  56.   crypto_sign_open(t,&tlen,sm,smlen,pk);
    57. 

  57. }
    58. 

  58. 

  59. static unsigned char chain[37]; long long chainlen = 37;
    60. 

  60. char checksum[37 * 2 + 1];
    61. 

  61. 

  62. const char *checksum_compute(void)
    63. 

  63. {
    64. 

  64.   long long mlen;
    65. 

  65.   long long i;
    66. 

  66.   long long j;
    67. 

  67.   long long loops;
    68. 

  68. 

  69.   for (loops = 0;loops < 10;++loops) {
    70. 

  70.     for (j = -16;j < 0;++j) sk2[j] = sk[j] = random();
    71. 

  71.     for (j = 0;j < sklen + 16;++j) sk2[j] = sk[j] = random();
    72. 

  72.     for (j = -16;j < 0;++j) pk2[j] = pk[j] = random();
    73. 

  73.     for (j = 0;j < pklen + 16;++j) pk2[j] = pk[j] = random();
    74. 

  74.     if (crypto_sign_keypair(pk,sk) != 0) return "crypto_sign_keypair returns nonzero";
    75. 

  75.     for (j = -16;j < 0;++j) if (pk[j] != pk2[j]) return "crypto_sign_keypair writes before pk";
    76. 

  76.     for (j = pklen;j < pklen + 16;++j) if (pk[j] != pk2[j]) return "crypto_sign_keypair writes after pk";
    77. 

  77.     for (j = -16;j < 0;++j) if (sk[j] != sk2[j]) return "crypto_sign_keypair writes before sk";
    78. 

  78.     for (j = sklen;j < sklen + 16;++j) if (sk[j] != sk2[j]) return "crypto_sign_keypair writes after sk";
    79. 

  79.   
    80. 

  80.     for (mlen = 0;mlen < MAXTEST_BYTES;mlen += 1 + (mlen / 16)) {
    81. 

  81.       for (j = -16;j < 0;++j) m2[j] = m[j] = random();
    82. 

  82.       for (j = mlen;j < mlen + 16;++j) m2[j] = m[j] = random();
    83. 

  83.       randombytes(m,mlen);
    84. 

  84.       if (mlen > 0)
    85. 

  85.         for (j = 0;j < chainlen;++j) m[j % mlen] ^= chain[j];
    86. 

  86.       for (j = 0;j < mlen;++j) m2[j] = m[j];
    87. 

  87.       for (j = -16;j < 0;++j) pk2[j] = pk[j];
    88. 

  88.       for (j = 0;j < pklen + 16;++j) pk2[j] = pk[j];
    89. 

  89.       for (j = -16;j < 0;++j) sk2[j] = sk[j];
    90. 

  90.       for (j = 0;j < sklen + 16;++j) sk2[j] = sk[j];
    91. 

  91.       for (j = -16;j < 0;++j) sm2[j] = sm[j] = random();
    92. 

  92.       for (j = 0;j < mlen + crypto_sign_BYTES + 16;++j) sm2[j] = sm[j] = random();
    93. 

  93.   
    94. 

  94.       if (crypto_sign(sm,&smlen,m,mlen,sk) != 0) return "crypto_sign returns nonzero";
    95. 

  95.       if (smlen > mlen + crypto_sign_BYTES) return "crypto_sign returns more than crypto_sign_BYTES extra bytes";
    96. 

  96.       if (smlen == 0) return "crypto_sign returns empty message";
    97. 

  97.       for (j = -16;j < 0;++j) if (pk[j] != pk2[j]) return "crypto_sign overwrites pk";
    98. 

  98.       for (j = 0;j < pklen + 16;++j) if (pk[j] != pk2[j]) return "crypto_sign overwrites pk";
    99. 

  99.       for (j = -16;j < 0;++j) if (sk[j] != sk2[j]) return "crypto_sign overwrites sk";
    100. 

  100.       for (j = 0;j < sklen + 16;++j) if (sk[j] != sk2[j]) return "crypto_sign overwrites sk";
    101. 

  101.       for (j = -16;j < 0;++j) if (m[j] != m2[j]) return "crypto_sign overwrites m";
    102. 

  102.       for (j = 0;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_sign overwrites m";
    103. 

  103.       for (j = -16;j < 0;++j) if (sm[j] != sm2[j]) return "crypto_sign writes before sm";
    104. 

  104.       for (j = smlen;j < smlen + 16;++j) if (sm[j] != sm2[j]) return "crypto_sign writes after sm";
    105. 

  105. 

  106.       for (j = 0;j < smlen;++j) chain[j % chainlen] ^= sm[j];
    107. 

  107.   
    108. 

  108.       for (j = -16;j < 0;++j) sm2[j] = sm[j];
    109. 

  109.       for (j = 0;j < smlen + 16;++j) sm2[j] = sm[j];
    110. 

  110.       for (j = -16;j < 0;++j) t2[j] = t[j] = random();
    111. 

  111.       for (j = 0;j < smlen + 16;++j) t2[j] = t[j] = random();
    112. 

  112.   
    113. 

  113.       if (crypto_sign_open(t,&tlen,sm,smlen,pk) != 0) return "crypto_sign_open returns nonzero";
    114. 

  114.       if (tlen != mlen) return "crypto_sign_open does not match length";
    115. 

  115.       for (i = 0;i < tlen;++i)
    116. 

  116.         if (t[i] != m[i])
    117. 

  117.           return "crypto_sign_open does not match contents";
    118. 

  118.       for (j = -16;j < 0;++j) if (pk[j] != pk2[j]) return "crypto_sign_open overwrites pk";
    119. 

  119.       for (j = 0;j < pklen + 16;++j) if (pk[j] != pk2[j]) return "crypto_sign_open overwrites pk";
    120. 

  120.       for (j = -16;j < 0;++j) if (sk[j] != sk2[j]) return "crypto_sign_open overwrites sk";
    121. 

  121.       for (j = 0;j < sklen + 16;++j) if (sk[j] != sk2[j]) return "crypto_sign_open overwrites sk";
    122. 

  122.       for (j = -16;j < 0;++j) if (sm[j] != sm2[j]) return "crypto_sign_open overwrites sm";
    123. 

  123.       for (j = 0;j < smlen + 16;++j) if (sm[j] != sm2[j]) return "crypto_sign_open overwrites sm";
    124. 

  124.       for (j = -16;j < 0;++j) if (t[j] != t2[j]) return "crypto_sign_open writes before t";
    125. 

  125.       for (j = smlen;j < smlen + 16;++j) if (t[j] != t2[j]) return "crypto_sign_open writes after t";
    126. 

  126.   
    127. 

  127.       j = random() % smlen;
    128. 

  128.       sm[j] ^= 1;
    129. 

  129.       for (j = -16;j < 0;++j) sm2[j] = sm[j];
    130. 

  130.       for (j = 0;j < smlen + 16;++j) sm2[j] = sm[j];
    131. 

  131.       for (j = -16;j < 0;++j) t2[j] = t[j] = random();
    132. 

  132.       for (j = 0;j < smlen + 16;++j) t2[j] = t[j] = random();
    133. 

  133.       if (crypto_sign_open(t,&tlen,sm,smlen,pk) == 0) {
    134. 

  134.         if (tlen != mlen) return "crypto_sign_open allows trivial forgery of length";
    135. 

  135.         for (i = 0;i < tlen;++i)
    136. 

  136.           if (t[i] != m[i])
    137. 

  137.             return "crypto_sign_open allows trivial forgery of contents";
    138. 

  138.       }
    139. 

  139.       for (j = -16;j < 0;++j) if (pk[j] != pk2[j]) return "crypto_sign_open overwrites pk";
    140. 

  140.       for (j = 0;j < pklen + 16;++j) if (pk[j] != pk2[j]) return "crypto_sign_open overwrites pk";
    141. 

  141.       for (j = -16;j < 0;++j) if (sk[j] != sk2[j]) return "crypto_sign_open overwrites sk";
    142. 

  142.       for (j = 0;j < sklen + 16;++j) if (sk[j] != sk2[j]) return "crypto_sign_open overwrites sk";
    143. 

  143.       for (j = -16;j < 0;++j) if (sm[j] != sm2[j]) return "crypto_sign_open overwrites sm";
    144. 

  144.       for (j = 0;j < smlen + 16;++j) if (sm[j] != sm2[j]) return "crypto_sign_open overwrites sm";
    145. 

  145.       for (j = -16;j < 0;++j) if (t[j] != t2[j]) return "crypto_sign_open writes before t";
    146. 

  146.       for (j = smlen;j < smlen + 16;++j) if (t[j] != t2[j]) return "crypto_sign_open writes after t";
    147. 

  147.       sm[j] ^= 1;
    148. 

  148.     }
    149. 

  149.   }
    150. 

  150. 

  151.   for (i = 0;i < chainlen;++i) {
    152. 

  152.     checksum[2 * i] = "0123456789abcdef"[15 & (chain[i] >> 4)];
    153. 

  153.     checksum[2 * i + 1] = "0123456789abcdef"[15 & chain[i]];
    154. 

  154.   }
    155. 

  155.   checksum[2 * i] = 0;
    156. 

  156.   return 0;
    157. 

  157. }
    158.