third_party/openssl: add ChaCha20+Poly1305 support.

openssl/crypto/chacha/chachatest.c

Index: openssl/crypto/chacha/chachatest.c
diff --git a/openssl/crypto/chacha/chachatest.c b/openssl/crypto/chacha/chachatest.c
new file mode 100644
index 0000000000000000000000000000000000000000..b2a9389860510f70654387cf26548d1627a23cd7
--- /dev/null
+++ b/openssl/crypto/chacha/chachatest.c
@@ -0,0 +1,211 @@
+/*
+ *  Chacha stream algorithm.
+ *
+ *  Created on: Jun, 2013
+ *  Author: Elie Bursztein (elieb@google.com)
+ *
+ *  Adapted from the estream code by D. Bernstein.
+ */
+/* ====================================================================
+ * Copyright (c) 2011-2013 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+
+#include <openssl/chacha.h>
+
+struct chacha_test {
+	const char *keyhex;
+	const char *noncehex;
+	const char *outhex;
+};
+
+static const struct chacha_test chacha_tests[] = {
+	{
+		"0000000000000000000000000000000000000000000000000000000000000000",
+		"0000000000000000",
+		"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586",
+	},
+	{
+		"0000000000000000000000000000000000000000000000000000000000000001",
+		"0000000000000000",
+		"4540f05a9f1fb296d7736e7b208e3c96eb4fe1834688d2604f450952ed432d41bbe2a0b6ea7566d2a5d1e7e20d42af2c53d792b1c43fea817e9ad275ae546963",
+	},
+	{
+		"0000000000000000000000000000000000000000000000000000000000000000",
+		"0000000000000001",
+		"de9cba7bf3d69ef5e786dc63973f653a0b49e015adbff7134fcb7df137821031e85a050278a7084527214f73efc7fa5b5277062eb7a0433e445f41e31afab757",
+	},
+	{
+		"0000000000000000000000000000000000000000000000000000000000000000",
+		"0100000000000000",
+		"ef3fdfd6c61578fbf5cf35bd3dd33b8009631634d21e42ac33960bd138e50d32111e4caf237ee53ca8ad6426194a88545ddc497a0b466e7d6bbdb0041b2f586b",
+	},
+	{
+		"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
+		"0001020304050607",
+		"f798a189f195e66982105ffb640bb7757f579da31602fc93ec01ac56f85ac3c134a4547b733b46413042c9440049176905d3be59ea1c53f15916155c2be8241a38008b9a26bc35941e2444177c8ade6689de95264986d95889fb60e84629c9bd9a5acb1cc118be563eb9b3a4a472f82e09a7e778492b562ef7130e88dfe031c79db9d4f7c7a899151b9a475032b63fc385245fe054e3dd5a97a5f576fe064025d3ce042c566ab2c507b138db853e3d6959660996546cc9c4a6eafdc777c040d70eaf46f76dad3979e5c5360c3317166a1c894c94a371876a94df7628fe4eaaf2ccb27d5aaae0ad7ad0f9d4b6ad3b54098746d4524d38407a6deb",
+	},
+};
+
+static unsigned char hex_digit(char h)
+	{
+	if (h >= '0' && h <= '9')
+		return h - '0';
+	else if (h >= 'a' && h <= 'f')
+		return h - 'a' + 10;
+	else if (h >= 'A' && h <= 'F')
+		return h - 'A' + 10;
+	else
+		abort();
+	}
+
+static void hex_decode(unsigned char *out, const char* hex)
+	{
+	size_t j = 0;
+
+	while (*hex != 0)
+		{
+		unsigned char v = hex_digit(*hex++);
+		v <<= 4;
+		v |= hex_digit(*hex++);
+		out[j++] = v;
+		}
+	}
+
+static void hexdump(unsigned char *a, size_t len)
+	{
+	size_t i;
+
+	for (i = 0; i < len; i++)
+		printf("%02x", a[i]);
+	}
+
+/* misalign returns a pointer that points 0 to 15 bytes into |in| such that the
+ * returned pointer has alignment 1 mod 16. */
+static void* misalign(void* in)
+	{
+	intptr_t x = (intptr_t) in;
+	x += (17 - (x % 16)) % 16;
+	return (void*) x;
+	}
+
+int main()
+	{
+	static const unsigned num_tests =
+		sizeof(chacha_tests) / sizeof(struct chacha_test);
+	unsigned i;
+	unsigned char key_bytes[32 + 16];
+	unsigned char nonce_bytes[8 + 16] = {0};
+
+	unsigned char *key = misalign(key_bytes);
+	unsigned char *nonce = misalign(nonce_bytes);
+
+	for (i = 0; i < num_tests; i++)
+		{
+		const struct chacha_test *test = &chacha_tests[i];
+		unsigned char *expected, *out_bytes, *zero_bytes, *out, *zeros;
+		size_t len = strlen(test->outhex);
+
+		if (strlen(test->keyhex) != 32*2 ||
+		    strlen(test->noncehex) != 8*2 ||
+		    (len & 1) == 1)
+			return 1;
+
+		len /= 2;
+
+		hex_decode(key, test->keyhex);
+		hex_decode(nonce, test->noncehex);
+
+		expected = malloc(len);
+		out_bytes = malloc(len+16);
+		zero_bytes = malloc(len+16);
+		/* Attempt to test unaligned inputs. */
+		out = misalign(out_bytes);
+		zeros = misalign(zero_bytes);
+		memset(zeros, 0, len);
+
+		hex_decode(expected, test->outhex);
+		CRYPTO_chacha_20(out, zeros, len, key, nonce, 0);
+
+		if (memcmp(out, expected, len) != 0)
+			{
+			printf("ChaCha20 test #%d failed.\n", i);
+			printf("got:      ");
+			hexdump(out, len);
+			printf("\nexpected: ");
+			hexdump(expected, len);
+			printf("\n");
+			return 1;
+			}
+
+		/* The last test has a large output. We test whether the
+		 * counter works as expected by skipping the first 64 bytes of
+		 * it. */
+		if (i == num_tests - 1)
+			{
+			CRYPTO_chacha_20(out, zeros, len - 64, key, nonce, 1);
+			if (memcmp(out, expected + 64, len - 64) != 0)
+				{
+				printf("ChaCha20 skip test failed.\n");
+				return 1;
+				}
+			}
+
+		free(expected);
+		free(zero_bytes);
+		free(out_bytes);
+		}
+
+
+	printf("PASS\n");
+	return 0;
+	}