xref: /netbsd-src/sys/external/isc/libsodium/dist/test/default/metamorphic.c (revision f447f37a0a0b7f2a0e879f17bef92d4992e27500) 
1*f447f37aSriastradh 
2*f447f37aSriastradh #define TEST_NAME "metamorphic"
3*f447f37aSriastradh #include "cmptest.h"
4*f447f37aSriastradh 
5*f447f37aSriastradh #define MAXLEN 512
6*f447f37aSriastradh #define MAX_ITER 1000
7*f447f37aSriastradh 
8*f447f37aSriastradh static void
mm_generichash(void)9*f447f37aSriastradh mm_generichash(void)
10*f447f37aSriastradh {
11*f447f37aSriastradh     crypto_generichash_state st;
12*f447f37aSriastradh     unsigned char *h, *h2;
13*f447f37aSriastradh     unsigned char *k;
14*f447f37aSriastradh     unsigned char *m;
15*f447f37aSriastradh     size_t         hlen;
16*f447f37aSriastradh     size_t         klen;
17*f447f37aSriastradh     size_t         mlen;
18*f447f37aSriastradh     size_t         l1, l2;
19*f447f37aSriastradh     int            i;
20*f447f37aSriastradh 
21*f447f37aSriastradh     for (i = 0; i < MAX_ITER; i++) {
22*f447f37aSriastradh         mlen = randombytes_uniform(MAXLEN);
23*f447f37aSriastradh         m = (unsigned char *) sodium_malloc(mlen);
24*f447f37aSriastradh         klen = randombytes_uniform(crypto_generichash_KEYBYTES_MAX -
25*f447f37aSriastradh                                    crypto_generichash_KEYBYTES_MIN + 1U)
26*f447f37aSriastradh             + crypto_generichash_KEYBYTES_MIN;
27*f447f37aSriastradh         k = (unsigned char *) sodium_malloc(klen);
28*f447f37aSriastradh         hlen = randombytes_uniform(crypto_generichash_BYTES_MAX -
29*f447f37aSriastradh                                    crypto_generichash_BYTES_MIN + 1U)
30*f447f37aSriastradh             + crypto_generichash_BYTES_MIN;
31*f447f37aSriastradh         h = (unsigned char *) sodium_malloc(hlen);
32*f447f37aSriastradh         h2 = (unsigned char *) sodium_malloc(hlen);
33*f447f37aSriastradh 
34*f447f37aSriastradh         randombytes_buf(k, klen);
35*f447f37aSriastradh         randombytes_buf(m, mlen);
36*f447f37aSriastradh 
37*f447f37aSriastradh         crypto_generichash_init(&st, k, klen, hlen);
38*f447f37aSriastradh         l1 = randombytes_uniform((uint32_t) mlen);
39*f447f37aSriastradh         l2 = randombytes_uniform((uint32_t) (mlen - l1));
40*f447f37aSriastradh         crypto_generichash_update(&st, m, l1);
41*f447f37aSriastradh         crypto_generichash_update(&st, m + l1, l2);
42*f447f37aSriastradh         crypto_generichash_update(&st, m + l1 + l2, mlen - l1 - l2);
43*f447f37aSriastradh         crypto_generichash_final(&st, h, hlen);
44*f447f37aSriastradh 
45*f447f37aSriastradh         crypto_generichash(h2, hlen, m, mlen, k, klen);
46*f447f37aSriastradh 
47*f447f37aSriastradh         assert(memcmp(h, h2, hlen) == 0);
48*f447f37aSriastradh 
49*f447f37aSriastradh         sodium_free(h2);
50*f447f37aSriastradh         sodium_free(h);
51*f447f37aSriastradh         sodium_free(k);
52*f447f37aSriastradh         sodium_free(m);
53*f447f37aSriastradh     }
54*f447f37aSriastradh }
55*f447f37aSriastradh 
56*f447f37aSriastradh static void
mm_onetimeauth(void)57*f447f37aSriastradh mm_onetimeauth(void)
58*f447f37aSriastradh {
59*f447f37aSriastradh     crypto_onetimeauth_state st;
60*f447f37aSriastradh     unsigned char *h, *h2;
61*f447f37aSriastradh     unsigned char *k;
62*f447f37aSriastradh     unsigned char *m;
63*f447f37aSriastradh     size_t         mlen;
64*f447f37aSriastradh     size_t         l1, l2;
65*f447f37aSriastradh     int            i;
66*f447f37aSriastradh 
67*f447f37aSriastradh     for (i = 0; i < MAX_ITER; i++) {
68*f447f37aSriastradh         mlen = randombytes_uniform(MAXLEN);
69*f447f37aSriastradh         m = (unsigned char *) sodium_malloc(mlen);
70*f447f37aSriastradh         k = (unsigned char *) sodium_malloc(crypto_onetimeauth_KEYBYTES);
71*f447f37aSriastradh         h = (unsigned char *) sodium_malloc(crypto_onetimeauth_BYTES);
72*f447f37aSriastradh         h2 = (unsigned char *) sodium_malloc(crypto_onetimeauth_BYTES);
73*f447f37aSriastradh 
74*f447f37aSriastradh         crypto_onetimeauth_keygen(k);
75*f447f37aSriastradh         randombytes_buf(m, mlen);
76*f447f37aSriastradh 
77*f447f37aSriastradh         crypto_onetimeauth_init(&st, k);
78*f447f37aSriastradh         l1 = randombytes_uniform((uint32_t) mlen);
79*f447f37aSriastradh         l2 = randombytes_uniform((uint32_t) (mlen - l1));
80*f447f37aSriastradh         crypto_onetimeauth_update(&st, m, l1);
81*f447f37aSriastradh         crypto_onetimeauth_update(&st, m + l1, l2);
82*f447f37aSriastradh         crypto_onetimeauth_update(&st, m + l1 + l2, mlen - l1 - l2);
83*f447f37aSriastradh         crypto_onetimeauth_final(&st, h);
84*f447f37aSriastradh 
85*f447f37aSriastradh         crypto_onetimeauth(h2, m, mlen, k);
86*f447f37aSriastradh 
87*f447f37aSriastradh         assert(memcmp(h, h2, crypto_onetimeauth_BYTES) == 0);
88*f447f37aSriastradh 
89*f447f37aSriastradh         sodium_free(h2);
90*f447f37aSriastradh         sodium_free(h);
91*f447f37aSriastradh         sodium_free(k);
92*f447f37aSriastradh         sodium_free(m);
93*f447f37aSriastradh     }
94*f447f37aSriastradh }
95*f447f37aSriastradh 
96*f447f37aSriastradh static void
mm_hmacsha256(void)97*f447f37aSriastradh mm_hmacsha256(void)
98*f447f37aSriastradh {
99*f447f37aSriastradh     crypto_auth_hmacsha256_state st;
100*f447f37aSriastradh     unsigned char *h, *h2;
101*f447f37aSriastradh     unsigned char *k;
102*f447f37aSriastradh     unsigned char *m;
103*f447f37aSriastradh     size_t         mlen;
104*f447f37aSriastradh     size_t         l1, l2;
105*f447f37aSriastradh     int            i;
106*f447f37aSriastradh 
107*f447f37aSriastradh     for (i = 0; i < MAX_ITER; i++) {
108*f447f37aSriastradh         mlen = randombytes_uniform(MAXLEN);
109*f447f37aSriastradh         m = (unsigned char *) sodium_malloc(mlen);
110*f447f37aSriastradh         k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_KEYBYTES);
111*f447f37aSriastradh         h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);
112*f447f37aSriastradh         h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);
113*f447f37aSriastradh 
114*f447f37aSriastradh         crypto_auth_hmacsha256_keygen(k);
115*f447f37aSriastradh         randombytes_buf(m, mlen);
116*f447f37aSriastradh 
117*f447f37aSriastradh         crypto_auth_hmacsha256_init(&st, k, crypto_auth_hmacsha256_KEYBYTES);
118*f447f37aSriastradh         l1 = randombytes_uniform((uint32_t) mlen);
119*f447f37aSriastradh         l2 = randombytes_uniform((uint32_t) (mlen - l1));
120*f447f37aSriastradh         crypto_auth_hmacsha256_update(&st, m, l1);
121*f447f37aSriastradh         crypto_auth_hmacsha256_update(&st, m + l1, l2);
122*f447f37aSriastradh         crypto_auth_hmacsha256_update(&st, m + l1 + l2, mlen - l1 - l2);
123*f447f37aSriastradh         crypto_auth_hmacsha256_final(&st, h);
124*f447f37aSriastradh 
125*f447f37aSriastradh         crypto_auth_hmacsha256(h2, m, mlen, k);
126*f447f37aSriastradh 
127*f447f37aSriastradh         assert(memcmp(h, h2, crypto_auth_hmacsha256_BYTES) == 0);
128*f447f37aSriastradh 
129*f447f37aSriastradh         sodium_free(h2);
130*f447f37aSriastradh         sodium_free(h);
131*f447f37aSriastradh         sodium_free(k);
132*f447f37aSriastradh         sodium_free(m);
133*f447f37aSriastradh     }
134*f447f37aSriastradh }
135*f447f37aSriastradh 
136*f447f37aSriastradh static void
mm_hmacsha512(void)137*f447f37aSriastradh mm_hmacsha512(void)
138*f447f37aSriastradh {
139*f447f37aSriastradh     crypto_auth_hmacsha512_state st;
140*f447f37aSriastradh     unsigned char *h, *h2;
141*f447f37aSriastradh     unsigned char *k;
142*f447f37aSriastradh     unsigned char *m;
143*f447f37aSriastradh     size_t         mlen;
144*f447f37aSriastradh     size_t         l1, l2;
145*f447f37aSriastradh     int            i;
146*f447f37aSriastradh 
147*f447f37aSriastradh     for (i = 0; i < MAX_ITER; i++) {
148*f447f37aSriastradh         mlen = randombytes_uniform(MAXLEN);
149*f447f37aSriastradh         m = (unsigned char *) sodium_malloc(mlen);
150*f447f37aSriastradh         k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_KEYBYTES);
151*f447f37aSriastradh         h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_BYTES);
152*f447f37aSriastradh         h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_BYTES);
153*f447f37aSriastradh 
154*f447f37aSriastradh         crypto_auth_hmacsha512_keygen(k);
155*f447f37aSriastradh         randombytes_buf(m, mlen);
156*f447f37aSriastradh 
157*f447f37aSriastradh         crypto_auth_hmacsha512_init(&st, k, crypto_auth_hmacsha512_KEYBYTES);
158*f447f37aSriastradh         l1 = randombytes_uniform((uint32_t) mlen);
159*f447f37aSriastradh         l2 = randombytes_uniform((uint32_t) (mlen - l1));
160*f447f37aSriastradh         crypto_auth_hmacsha512_update(&st, m, l1);
161*f447f37aSriastradh         crypto_auth_hmacsha512_update(&st, m + l1, l2);
162*f447f37aSriastradh         crypto_auth_hmacsha512_update(&st, m + l1 + l2, mlen - l1 - l2);
163*f447f37aSriastradh         crypto_auth_hmacsha512_final(&st, h);
164*f447f37aSriastradh 
165*f447f37aSriastradh         crypto_auth_hmacsha512(h2, m, mlen, k);
166*f447f37aSriastradh 
167*f447f37aSriastradh         assert(memcmp(h, h2, crypto_auth_hmacsha512_BYTES) == 0);
168*f447f37aSriastradh 
169*f447f37aSriastradh         sodium_free(h2);
170*f447f37aSriastradh         sodium_free(h);
171*f447f37aSriastradh         sodium_free(k);
172*f447f37aSriastradh         sodium_free(m);
173*f447f37aSriastradh     }
174*f447f37aSriastradh }
175*f447f37aSriastradh 
176*f447f37aSriastradh int
main(void)177*f447f37aSriastradh main(void)
178*f447f37aSriastradh {
179*f447f37aSriastradh     mm_generichash();
180*f447f37aSriastradh     mm_onetimeauth();
181*f447f37aSriastradh     mm_hmacsha256();
182*f447f37aSriastradh     mm_hmacsha512();
183*f447f37aSriastradh 
184*f447f37aSriastradh     printf("OK\n");
185*f447f37aSriastradh 
186*f447f37aSriastradh     return 0;
187*f447f37aSriastradh }
188