OLD | NEW |
(Empty) | |
| 1 /* |
| 2 * Chacha stream algorithm. |
| 3 * |
| 4 * Created on: Jun, 2013 |
| 5 * Author: Elie Bursztein (elieb@google.com) |
| 6 * |
| 7 * Adapted from the estream code by D. Bernstein. |
| 8 */ |
| 9 /* ==================================================================== |
| 10 * Copyright (c) 2011-2013 The OpenSSL Project. All rights reserved. |
| 11 * |
| 12 * Redistribution and use in source and binary forms, with or without |
| 13 * modification, are permitted provided that the following conditions |
| 14 * are met: |
| 15 * |
| 16 * 1. Redistributions of source code must retain the above copyright |
| 17 * notice, this list of conditions and the following disclaimer. |
| 18 * |
| 19 * 2. Redistributions in binary form must reproduce the above copyright |
| 20 * notice, this list of conditions and the following disclaimer in |
| 21 * the documentation and/or other materials provided with the |
| 22 * distribution. |
| 23 * |
| 24 * 3. All advertising materials mentioning features or use of this |
| 25 * software must display the following acknowledgment: |
| 26 * "This product includes software developed by the OpenSSL Project |
| 27 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 28 * |
| 29 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 30 * endorse or promote products derived from this software without |
| 31 * prior written permission. For written permission, please contact |
| 32 * licensing@OpenSSL.org. |
| 33 * |
| 34 * 5. Products derived from this software may not be called "OpenSSL" |
| 35 * nor may "OpenSSL" appear in their names without prior written |
| 36 * permission of the OpenSSL Project. |
| 37 * |
| 38 * 6. Redistributions of any form whatsoever must retain the following |
| 39 * acknowledgment: |
| 40 * "This product includes software developed by the OpenSSL Project |
| 41 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 42 * |
| 43 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 44 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 45 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 46 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 47 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 48 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 49 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| 50 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 51 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 52 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 53 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 54 * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 55 * ==================================================================== |
| 56 */ |
| 57 |
| 58 #include <stdio.h> |
| 59 #include <stdlib.h> |
| 60 #include <string.h> |
| 61 #include <stdint.h> |
| 62 |
| 63 #include <openssl/chacha.h> |
| 64 |
| 65 struct chacha_test { |
| 66 const char *keyhex; |
| 67 const char *noncehex; |
| 68 const char *outhex; |
| 69 }; |
| 70 |
| 71 static const struct chacha_test chacha_tests[] = { |
| 72 { |
| 73 "000000000000000000000000000000000000000000000000000000000000000
0", |
| 74 "0000000000000000", |
| 75 "76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc
7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586", |
| 76 }, |
| 77 { |
| 78 "000000000000000000000000000000000000000000000000000000000000000
1", |
| 79 "0000000000000000", |
| 80 "4540f05a9f1fb296d7736e7b208e3c96eb4fe1834688d2604f450952ed432d4
1bbe2a0b6ea7566d2a5d1e7e20d42af2c53d792b1c43fea817e9ad275ae546963", |
| 81 }, |
| 82 { |
| 83 "000000000000000000000000000000000000000000000000000000000000000
0", |
| 84 "0000000000000001", |
| 85 "de9cba7bf3d69ef5e786dc63973f653a0b49e015adbff7134fcb7df13782103
1e85a050278a7084527214f73efc7fa5b5277062eb7a0433e445f41e31afab757", |
| 86 }, |
| 87 { |
| 88 "000000000000000000000000000000000000000000000000000000000000000
0", |
| 89 "0100000000000000", |
| 90 "ef3fdfd6c61578fbf5cf35bd3dd33b8009631634d21e42ac33960bd138e50d3
2111e4caf237ee53ca8ad6426194a88545ddc497a0b466e7d6bbdb0041b2f586b", |
| 91 }, |
| 92 { |
| 93 "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1
f", |
| 94 "0001020304050607", |
| 95 "f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c
134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc359
41e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82
e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5
a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d
70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7
ad0f9d4b6ad3b54098746d4524d38407a6deb", |
| 96 }, |
| 97 }; |
| 98 |
| 99 static unsigned char hex_digit(char h) |
| 100 { |
| 101 if (h >= '0' && h <= '9') |
| 102 return h - '0'; |
| 103 else if (h >= 'a' && h <= 'f') |
| 104 return h - 'a' + 10; |
| 105 else if (h >= 'A' && h <= 'F') |
| 106 return h - 'A' + 10; |
| 107 else |
| 108 abort(); |
| 109 } |
| 110 |
| 111 static void hex_decode(unsigned char *out, const char* hex) |
| 112 { |
| 113 size_t j = 0; |
| 114 |
| 115 while (*hex != 0) |
| 116 { |
| 117 unsigned char v = hex_digit(*hex++); |
| 118 v <<= 4; |
| 119 v |= hex_digit(*hex++); |
| 120 out[j++] = v; |
| 121 } |
| 122 } |
| 123 |
| 124 static void hexdump(unsigned char *a, size_t len) |
| 125 { |
| 126 size_t i; |
| 127 |
| 128 for (i = 0; i < len; i++) |
| 129 printf("%02x", a[i]); |
| 130 } |
| 131 |
| 132 /* misalign returns a pointer that points 0 to 15 bytes into |in| such that the |
| 133 * returned pointer has alignment 1 mod 16. */ |
| 134 static void* misalign(void* in) |
| 135 { |
| 136 intptr_t x = (intptr_t) in; |
| 137 x += (17 - (x % 16)) % 16; |
| 138 return (void*) x; |
| 139 } |
| 140 |
| 141 int main() |
| 142 { |
| 143 static const unsigned num_tests = |
| 144 sizeof(chacha_tests) / sizeof(struct chacha_test); |
| 145 unsigned i; |
| 146 unsigned char key_bytes[32 + 16]; |
| 147 unsigned char nonce_bytes[8 + 16] = {0}; |
| 148 |
| 149 unsigned char *key = misalign(key_bytes); |
| 150 unsigned char *nonce = misalign(nonce_bytes); |
| 151 |
| 152 for (i = 0; i < num_tests; i++) |
| 153 { |
| 154 const struct chacha_test *test = &chacha_tests[i]; |
| 155 unsigned char *expected, *out_bytes, *zero_bytes, *out, *zeros; |
| 156 size_t len = strlen(test->outhex); |
| 157 |
| 158 if (strlen(test->keyhex) != 32*2 || |
| 159 strlen(test->noncehex) != 8*2 || |
| 160 (len & 1) == 1) |
| 161 return 1; |
| 162 |
| 163 len /= 2; |
| 164 |
| 165 hex_decode(key, test->keyhex); |
| 166 hex_decode(nonce, test->noncehex); |
| 167 |
| 168 expected = malloc(len); |
| 169 out_bytes = malloc(len+16); |
| 170 zero_bytes = malloc(len+16); |
| 171 /* Attempt to test unaligned inputs. */ |
| 172 out = misalign(out_bytes); |
| 173 zeros = misalign(zero_bytes); |
| 174 memset(zeros, 0, len); |
| 175 |
| 176 hex_decode(expected, test->outhex); |
| 177 CRYPTO_chacha_20(out, zeros, len, key, nonce, 0); |
| 178 |
| 179 if (memcmp(out, expected, len) != 0) |
| 180 { |
| 181 printf("ChaCha20 test #%d failed.\n", i); |
| 182 printf("got: "); |
| 183 hexdump(out, len); |
| 184 printf("\nexpected: "); |
| 185 hexdump(expected, len); |
| 186 printf("\n"); |
| 187 return 1; |
| 188 } |
| 189 |
| 190 /* The last test has a large output. We test whether the |
| 191 * counter works as expected by skipping the first 64 bytes of |
| 192 * it. */ |
| 193 if (i == num_tests - 1) |
| 194 { |
| 195 CRYPTO_chacha_20(out, zeros, len - 64, key, nonce, 1); |
| 196 if (memcmp(out, expected + 64, len - 64) != 0) |
| 197 { |
| 198 printf("ChaCha20 skip test failed.\n"); |
| 199 return 1; |
| 200 } |
| 201 } |
| 202 |
| 203 free(expected); |
| 204 free(zero_bytes); |
| 205 free(out_bytes); |
| 206 } |
| 207 |
| 208 |
| 209 printf("PASS\n"); |
| 210 return 0; |
| 211 } |
OLD | NEW |