From 2e59f9740a29439df7c7a56cf0ae83dec3081d31 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 11 Aug 2014 13:49:21 -0400 Subject: initial import of debian version from mentors --- src/libsodium/crypto_auth/crypto_auth.c | 34 ++++++ .../crypto_auth/hmacsha256/auth_hmacsha256_api.c | 11 ++ src/libsodium/crypto_auth/hmacsha256/checksum | 1 + src/libsodium/crypto_auth/hmacsha256/cp/api.h | 9 ++ .../crypto_auth/hmacsha256/cp/hmac_hmacsha256.c | 110 +++++++++++++++++++ .../crypto_auth/hmacsha256/cp/verify_hmacsha256.c | 9 ++ .../crypto_auth/hmacsha512/auth_hmacsha512_api.c | 11 ++ src/libsodium/crypto_auth/hmacsha512/cp/api.h | 9 ++ .../crypto_auth/hmacsha512/cp/hmac_hmacsha512.c | 110 +++++++++++++++++++ .../crypto_auth/hmacsha512/cp/verify_hmacsha512.c | 10 ++ .../hmacsha512256/auth_hmacsha512256_api.c | 11 ++ src/libsodium/crypto_auth/hmacsha512256/checksum | 1 + src/libsodium/crypto_auth/hmacsha512256/cp/api.h | 9 ++ .../hmacsha512256/cp/hmac_hmacsha512256.c | 54 ++++++++++ .../hmacsha512256/cp/verify_hmacsha512256.c | 10 ++ src/libsodium/crypto_auth/try.c | 119 +++++++++++++++++++++ 16 files changed, 518 insertions(+) create mode 100644 src/libsodium/crypto_auth/crypto_auth.c create mode 100644 src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256_api.c create mode 100644 src/libsodium/crypto_auth/hmacsha256/checksum create mode 100644 src/libsodium/crypto_auth/hmacsha256/cp/api.h create mode 100644 src/libsodium/crypto_auth/hmacsha256/cp/hmac_hmacsha256.c create mode 100644 src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c create mode 100644 src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512_api.c create mode 100644 src/libsodium/crypto_auth/hmacsha512/cp/api.h create mode 100644 src/libsodium/crypto_auth/hmacsha512/cp/hmac_hmacsha512.c create mode 100644 src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c create mode 100644 src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256_api.c create mode 100644 src/libsodium/crypto_auth/hmacsha512256/checksum create mode 100644 src/libsodium/crypto_auth/hmacsha512256/cp/api.h create mode 100644 src/libsodium/crypto_auth/hmacsha512256/cp/hmac_hmacsha512256.c create mode 100644 src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c create mode 100644 src/libsodium/crypto_auth/try.c (limited to 'src/libsodium/crypto_auth') diff --git a/src/libsodium/crypto_auth/crypto_auth.c b/src/libsodium/crypto_auth/crypto_auth.c new file mode 100644 index 0000000..e76b149 --- /dev/null +++ b/src/libsodium/crypto_auth/crypto_auth.c @@ -0,0 +1,34 @@ + +#include "crypto_auth.h" + +size_t +crypto_auth_bytes(void) +{ + return crypto_auth_BYTES; +} + +size_t +crypto_auth_keybytes(void) +{ + return crypto_auth_KEYBYTES; +} + +const char * +crypto_auth_primitive(void) +{ + return crypto_auth_PRIMITIVE; +} + +int +crypto_auth(unsigned char *out, const unsigned char *in, + unsigned long long inlen, const unsigned char *k) +{ + return crypto_auth_hmacsha512256(out, in, inlen, k); +} + +int +crypto_auth_verify(const unsigned char *h, const unsigned char *in, + unsigned long long inlen,const unsigned char *k) +{ + return crypto_auth_hmacsha512256_verify(h, in, inlen, k); +} diff --git a/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256_api.c b/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256_api.c new file mode 100644 index 0000000..5af3388 --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256_api.c @@ -0,0 +1,11 @@ +#include "crypto_auth_hmacsha256.h" + +size_t +crypto_auth_hmacsha256_bytes(void) { + return crypto_auth_hmacsha256_BYTES; +} + +size_t +crypto_auth_hmacsha256_keybytes(void) { + return crypto_auth_hmacsha256_KEYBYTES; +} diff --git a/src/libsodium/crypto_auth/hmacsha256/checksum b/src/libsodium/crypto_auth/hmacsha256/checksum new file mode 100644 index 0000000..2fa9604 --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha256/checksum @@ -0,0 +1 @@ +3bd7abd4f4dce04396f2ac7cb1cff70607f692411c49a1563b037d31e1662632 diff --git a/src/libsodium/crypto_auth/hmacsha256/cp/api.h b/src/libsodium/crypto_auth/hmacsha256/cp/api.h new file mode 100644 index 0000000..cd4d38e --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha256/cp/api.h @@ -0,0 +1,9 @@ + +#include "crypto_auth_hmacsha256.h" + +#define crypto_auth crypto_auth_hmacsha256 +#define crypto_auth_verify crypto_auth_hmacsha256_verify +#define crypto_auth_BYTES crypto_auth_hmacsha256_BYTES +#define crypto_auth_KEYBYTES crypto_auth_hmacsha256_KEYBYTES +#define crypto_auth_IMPLEMENTATION crypto_auth_hmacsha256_IMPLEMENTATION +#define crypto_auth_VERSION crypto_auth_hmacsha256_VERSION diff --git a/src/libsodium/crypto_auth/hmacsha256/cp/hmac_hmacsha256.c b/src/libsodium/crypto_auth/hmacsha256/cp/hmac_hmacsha256.c new file mode 100644 index 0000000..9cd69ac --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha256/cp/hmac_hmacsha256.c @@ -0,0 +1,110 @@ + +/*- + * Copyright 2005,2007,2009 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#include "api.h" +#include "crypto_auth_hmacsha256.h" +#include "crypto_hash_sha256.h" +#include "utils.h" + +#include + +#include +#include + +int +crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state, + const unsigned char *key, + size_t keylen) +{ + unsigned char pad[64]; + unsigned char khash[32]; + size_t i; + + if (keylen > 64) { + crypto_hash_sha256_init(&state->ictx); + crypto_hash_sha256_update(&state->ictx, key, keylen); + crypto_hash_sha256_final(&state->ictx, khash); + key = khash; + keylen = 32; + } + crypto_hash_sha256_init(&state->ictx); + memset(pad, 0x36, 64); + for (i = 0; i < keylen; i++) { + pad[i] ^= key[i]; + } + crypto_hash_sha256_update(&state->ictx, pad, 64); + + crypto_hash_sha256_init(&state->octx); + memset(pad, 0x5c, 64); + for (i = 0; i < keylen; i++) { + pad[i] ^= key[i]; + } + crypto_hash_sha256_update(&state->octx, pad, 64); + + sodium_memzero((void *) khash, sizeof khash); + + return 0; +} + +int +crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state, + const unsigned char *in, + unsigned long long inlen) +{ + crypto_hash_sha256_update(&state->ictx, in, inlen); + + return 0; +} + +int +crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state, + unsigned char *out) +{ + unsigned char ihash[32]; + + crypto_hash_sha256_final(&state->ictx, ihash); + crypto_hash_sha256_update(&state->octx, ihash, 32); + crypto_hash_sha256_final(&state->octx, out); + + sodium_memzero((void *) ihash, sizeof ihash); + + return 0; +} + +int +crypto_auth(unsigned char *out, const unsigned char *in, + unsigned long long inlen, const unsigned char *k) +{ + crypto_auth_hmacsha256_state state; + + crypto_auth_hmacsha256_init(&state, k, crypto_auth_KEYBYTES); + crypto_auth_hmacsha256_update(&state, in, inlen); + crypto_auth_hmacsha256_final(&state, out); + + return 0; +} diff --git a/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c b/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c new file mode 100644 index 0000000..b6cf489 --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c @@ -0,0 +1,9 @@ +#include "api.h" +#include "crypto_verify_32.h" + +int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) +{ + unsigned char correct[32]; + crypto_auth(correct,in,inlen,k); + return crypto_verify_32(h,correct); +} diff --git a/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512_api.c b/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512_api.c new file mode 100644 index 0000000..54584e1 --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512_api.c @@ -0,0 +1,11 @@ +#include "crypto_auth_hmacsha512.h" + +size_t +crypto_auth_hmacsha512_bytes(void) { + return crypto_auth_hmacsha512_BYTES; +} + +size_t +crypto_auth_hmacsha512_keybytes(void) { + return crypto_auth_hmacsha512_KEYBYTES; +} diff --git a/src/libsodium/crypto_auth/hmacsha512/cp/api.h b/src/libsodium/crypto_auth/hmacsha512/cp/api.h new file mode 100644 index 0000000..0ce4043 --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha512/cp/api.h @@ -0,0 +1,9 @@ + +#include "crypto_auth_hmacsha512.h" + +#define crypto_auth crypto_auth_hmacsha512 +#define crypto_auth_verify crypto_auth_hmacsha512_verify +#define crypto_auth_BYTES crypto_auth_hmacsha512_BYTES +#define crypto_auth_KEYBYTES crypto_auth_hmacsha512_KEYBYTES +#define crypto_auth_IMPLEMENTATION crypto_auth_hmacsha512_IMPLEMENTATION +#define crypto_auth_VERSION crypto_auth_hmacsha512_VERSION diff --git a/src/libsodium/crypto_auth/hmacsha512/cp/hmac_hmacsha512.c b/src/libsodium/crypto_auth/hmacsha512/cp/hmac_hmacsha512.c new file mode 100644 index 0000000..4ffd264 --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha512/cp/hmac_hmacsha512.c @@ -0,0 +1,110 @@ + +/*- + * Copyright 2005,2007,2009 Colin Percival + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + */ + +#include "api.h" +#include "crypto_auth_hmacsha512.h" +#include "crypto_hash_sha512.h" +#include "utils.h" + +#include + +#include +#include + +int +crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state, + const unsigned char *key, + size_t keylen) +{ + unsigned char pad[128]; + unsigned char khash[64]; + size_t i; + + if (keylen > 128) { + crypto_hash_sha512_init(&state->ictx); + crypto_hash_sha512_update(&state->ictx, key, keylen); + crypto_hash_sha512_final(&state->ictx, khash); + key = khash; + keylen = 64; + } + crypto_hash_sha512_init(&state->ictx); + memset(pad, 0x36, 128); + for (i = 0; i < keylen; i++) { + pad[i] ^= key[i]; + } + crypto_hash_sha512_update(&state->ictx, pad, 128); + + crypto_hash_sha512_init(&state->octx); + memset(pad, 0x5c, 128); + for (i = 0; i < keylen; i++) { + pad[i] ^= key[i]; + } + crypto_hash_sha512_update(&state->octx, pad, 128); + + sodium_memzero((void *) khash, sizeof khash); + + return 0; +} + +int +crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state, + const unsigned char *in, + unsigned long long inlen) +{ + crypto_hash_sha512_update(&state->ictx, in, inlen); + + return 0; +} + +int +crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state, + unsigned char *out) +{ + unsigned char ihash[64]; + + crypto_hash_sha512_final(&state->ictx, ihash); + crypto_hash_sha512_update(&state->octx, ihash, 64); + crypto_hash_sha512_final(&state->octx, out); + + sodium_memzero((void *) ihash, sizeof ihash); + + return 0; +} + +int +crypto_auth(unsigned char *out, const unsigned char *in, + unsigned long long inlen, const unsigned char *k) +{ + crypto_auth_hmacsha512_state state; + + crypto_auth_hmacsha512_init(&state, k, crypto_auth_KEYBYTES); + crypto_auth_hmacsha512_update(&state, in, inlen); + crypto_auth_hmacsha512_final(&state, out); + + return 0; +} diff --git a/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c b/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c new file mode 100644 index 0000000..fccdc1a --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c @@ -0,0 +1,10 @@ +#include "api.h" +#include "crypto_verify_64.h" + +int crypto_auth_verify(const unsigned char *h, const unsigned char *in, + unsigned long long inlen, const unsigned char *k) +{ + unsigned char correct[64]; + crypto_auth(correct,in,inlen,k); + return crypto_verify_64(h,correct); +} diff --git a/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256_api.c b/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256_api.c new file mode 100644 index 0000000..fd0fe9c --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256_api.c @@ -0,0 +1,11 @@ +#include "crypto_auth_hmacsha512256.h" + +size_t +crypto_auth_hmacsha512256_bytes(void) { + return crypto_auth_hmacsha512256_BYTES; +} + +size_t +crypto_auth_hmacsha512256_keybytes(void) { + return crypto_auth_hmacsha512256_KEYBYTES; +} diff --git a/src/libsodium/crypto_auth/hmacsha512256/checksum b/src/libsodium/crypto_auth/hmacsha512256/checksum new file mode 100644 index 0000000..1c037f2 --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha512256/checksum @@ -0,0 +1 @@ +2f5e8a6a0cac012d8d001351d7d583e69f91390df46305c3608e0c2893491886 diff --git a/src/libsodium/crypto_auth/hmacsha512256/cp/api.h b/src/libsodium/crypto_auth/hmacsha512256/cp/api.h new file mode 100644 index 0000000..645b278 --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha512256/cp/api.h @@ -0,0 +1,9 @@ + +#include "crypto_auth_hmacsha512256.h" + +#define crypto_auth crypto_auth_hmacsha512256 +#define crypto_auth_verify crypto_auth_hmacsha512256_verify +#define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES +#define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES +#define crypto_auth_IMPLEMENTATION crypto_auth_hmacsha512256_IMPLEMENTATION +#define crypto_auth_VERSION crypto_auth_hmacsha512256_VERSION diff --git a/src/libsodium/crypto_auth/hmacsha512256/cp/hmac_hmacsha512256.c b/src/libsodium/crypto_auth/hmacsha512256/cp/hmac_hmacsha512256.c new file mode 100644 index 0000000..4b476c3 --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha512256/cp/hmac_hmacsha512256.c @@ -0,0 +1,54 @@ + +#include "api.h" +#include "crypto_auth_hmacsha512256.h" +#include "crypto_auth_hmacsha512.h" +#include "crypto_hash_sha512.h" +#include "utils.h" + +#include + +#include +#include + +int +crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state, + const unsigned char *key, + size_t keylen) +{ + return crypto_auth_hmacsha512_init((crypto_auth_hmacsha512_state *) state, + key, keylen); +} + +int +crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state, + const unsigned char *in, + unsigned long long inlen) +{ + return crypto_auth_hmacsha512_update((crypto_auth_hmacsha512_state *) state, + in, inlen); +} + +int +crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state, + unsigned char *out) +{ + unsigned char out0[64]; + + crypto_auth_hmacsha512_final((crypto_auth_hmacsha512_state *) state, out0); + memcpy(out, out0, 32); + + return 0; +} + +int +crypto_auth(unsigned char *out, const unsigned char *in, + unsigned long long inlen, const unsigned char *k) +{ + crypto_auth_hmacsha512256_state state; + + crypto_auth_hmacsha512256_init(&state, k, crypto_auth_KEYBYTES); + crypto_auth_hmacsha512256_update(&state, in, inlen); + crypto_auth_hmacsha512256_final(&state, out); + + return 0; +} diff --git a/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c b/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c new file mode 100644 index 0000000..1e6e18d --- /dev/null +++ b/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c @@ -0,0 +1,10 @@ +#include "api.h" +#include "crypto_verify_32.h" + +int crypto_auth_verify(const unsigned char *h, const unsigned char *in, + unsigned long long inlen, const unsigned char *k) +{ + unsigned char correct[32]; + crypto_auth(correct,in,inlen,k); + return crypto_verify_32(h,correct); +} diff --git a/src/libsodium/crypto_auth/try.c b/src/libsodium/crypto_auth/try.c new file mode 100644 index 0000000..c2f2c80 --- /dev/null +++ b/src/libsodium/crypto_auth/try.c @@ -0,0 +1,119 @@ +/* + * crypto_auth/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include +#include "crypto_hash_sha256.h" +#include "crypto_auth.h" +#include "utils.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_auth_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *h; +static unsigned char *m; +static unsigned char *k; +static unsigned char *h2; +static unsigned char *m2; +static unsigned char *k2; + +void preallocate(void) +{ +} + +void allocate(void) +{ + h = alignedcalloc(crypto_auth_BYTES); + m = alignedcalloc(MAXTEST_BYTES); + k = alignedcalloc(crypto_auth_KEYBYTES); + h2 = alignedcalloc(crypto_auth_BYTES); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES); + k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_auth(h,m,TUNE_BYTES,k); + crypto_auth_verify(h,m,TUNE_BYTES,k); +} + +char checksum[crypto_auth_BYTES * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i; + long long klen = crypto_auth_KEYBYTES; + long long hlen = crypto_auth_BYTES; + + for (j = -16;j < 0;++j) h[j] = rand(); + for (j = -16;j < 0;++j) k[j] = rand(); + for (j = -16;j < 0;++j) m[j] = rand(); + for (j = hlen;j < hlen + 16;++j) h[j] = rand(); + for (j = klen;j < klen + 16;++j) k[j] = rand(); + for (j = mlen;j < mlen + 16;++j) m[j] = rand(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; + + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; + for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output"; + for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output"; + + for (j = -16;j < 0;++j) h[j] = rand(); + for (j = -16;j < 0;++j) k[j] = rand(); + for (j = -16;j < 0;++j) m[j] = rand(); + for (j = hlen;j < hlen + 16;++j) h[j] = rand(); + for (j = klen;j < klen + 16;++j) k[j] = rand(); + for (j = mlen;j < mlen + 16;++j) m[j] = rand(); + for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + + if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero"; + for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap"; + for (j = 0;j < hlen;++j) m2[j] = m[j]; + if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero"; + for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap"; + for (j = 0;j < hlen;++j) k2[j] = k[j]; + + if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; + + for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h"; + for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; + for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < klen;++j) k[j] ^= h2[j % 32]; + if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; + if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; + + crypto_hash_sha256(h2,h,hlen); + for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32]; + m[mlen] = h2[0]; + } + if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero"; + if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero"; + + sodium_bin2hex(checksum, sizeof checksum, h, crypto_auth_BYTES); + + return 0; +} -- cgit v1.2.3