freebsd-skq/sys/contrib/libsodium/test/default/metamorphic.c

#define TEST_NAME "metamorphic"
#include "cmptest.h"

#define MAXLEN 512
#define MAX_ITER 1000

static void
mm_generichash(void)
{
    crypto_generichash_state st;
    unsigned char *h, *h2;
    unsigned char *k;
    unsigned char *m;
    size_t         hlen;
    size_t         klen;
    size_t         mlen;
    size_t         l1, l2;
    int            i;

    for (i = 0; i < MAX_ITER; i++) {
        mlen = randombytes_uniform(MAXLEN);
        m = (unsigned char *) sodium_malloc(mlen);
        klen = randombytes_uniform(crypto_generichash_KEYBYTES_MAX -
                                   crypto_generichash_KEYBYTES_MIN + 1U)
            + crypto_generichash_KEYBYTES_MIN;
        k = (unsigned char *) sodium_malloc(klen);
        hlen = randombytes_uniform(crypto_generichash_BYTES_MAX -
                                   crypto_generichash_BYTES_MIN + 1U)
            + crypto_generichash_BYTES_MIN;
        h = (unsigned char *) sodium_malloc(hlen);
        h2 = (unsigned char *) sodium_malloc(hlen);

        randombytes_buf(k, klen);
        randombytes_buf(m, mlen);

        crypto_generichash_init(&st, k, klen, hlen);
        l1 = randombytes_uniform((uint32_t) mlen);
        l2 = randombytes_uniform((uint32_t) (mlen - l1));
        crypto_generichash_update(&st, m, l1);
        crypto_generichash_update(&st, m + l1, l2);
        crypto_generichash_update(&st, m + l1 + l2, mlen - l1 - l2);
        crypto_generichash_final(&st, h, hlen);

        crypto_generichash(h2, hlen, m, mlen, k, klen);

        assert(memcmp(h, h2, hlen) == 0);

        sodium_free(h2);
        sodium_free(h);
        sodium_free(k);
        sodium_free(m);
    }
}

static void
mm_onetimeauth(void)
{
    crypto_onetimeauth_state st;
    unsigned char *h, *h2;
    unsigned char *k;
    unsigned char *m;
    size_t         mlen;
    size_t         l1, l2;
    int            i;

    for (i = 0; i < MAX_ITER; i++) {
        mlen = randombytes_uniform(MAXLEN);
        m = (unsigned char *) sodium_malloc(mlen);
        k = (unsigned char *) sodium_malloc(crypto_onetimeauth_KEYBYTES);
        h = (unsigned char *) sodium_malloc(crypto_onetimeauth_BYTES);
        h2 = (unsigned char *) sodium_malloc(crypto_onetimeauth_BYTES);

        crypto_onetimeauth_keygen(k);
        randombytes_buf(m, mlen);

        crypto_onetimeauth_init(&st, k);
        l1 = randombytes_uniform((uint32_t) mlen);
        l2 = randombytes_uniform((uint32_t) (mlen - l1));
        crypto_onetimeauth_update(&st, m, l1);
        crypto_onetimeauth_update(&st, m + l1, l2);
        crypto_onetimeauth_update(&st, m + l1 + l2, mlen - l1 - l2);
        crypto_onetimeauth_final(&st, h);

        crypto_onetimeauth(h2, m, mlen, k);

        assert(memcmp(h, h2, crypto_onetimeauth_BYTES) == 0);

        sodium_free(h2);
        sodium_free(h);
        sodium_free(k);
        sodium_free(m);
    }
}

static void
mm_hmacsha256(void)
{
    crypto_auth_hmacsha256_state st;
    unsigned char *h, *h2;
    unsigned char *k;
    unsigned char *m;
    size_t         mlen;
    size_t         l1, l2;
    int            i;

    for (i = 0; i < MAX_ITER; i++) {
        mlen = randombytes_uniform(MAXLEN);
        m = (unsigned char *) sodium_malloc(mlen);
        k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_KEYBYTES);
        h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);
        h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);

        crypto_auth_hmacsha256_keygen(k);
        randombytes_buf(m, mlen);

        crypto_auth_hmacsha256_init(&st, k, crypto_auth_hmacsha256_KEYBYTES);
        l1 = randombytes_uniform((uint32_t) mlen);
        l2 = randombytes_uniform((uint32_t) (mlen - l1));
        crypto_auth_hmacsha256_update(&st, m, l1);
        crypto_auth_hmacsha256_update(&st, m + l1, l2);
        crypto_auth_hmacsha256_update(&st, m + l1 + l2, mlen - l1 - l2);
        crypto_auth_hmacsha256_final(&st, h);

        crypto_auth_hmacsha256(h2, m, mlen, k);

        assert(memcmp(h, h2, crypto_auth_hmacsha256_BYTES) == 0);

        sodium_free(h2);
        sodium_free(h);
        sodium_free(k);
        sodium_free(m);
    }
}

static void
mm_hmacsha512(void)
{
    crypto_auth_hmacsha512_state st;
    unsigned char *h, *h2;
    unsigned char *k;
    unsigned char *m;
    size_t         mlen;
    size_t         l1, l2;
    int            i;

    for (i = 0; i < MAX_ITER; i++) {
        mlen = randombytes_uniform(MAXLEN);
        m = (unsigned char *) sodium_malloc(mlen);
        k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_KEYBYTES);
        h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_BYTES);
        h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_BYTES);

        crypto_auth_hmacsha512_keygen(k);
        randombytes_buf(m, mlen);

        crypto_auth_hmacsha512_init(&st, k, crypto_auth_hmacsha512_KEYBYTES);
        l1 = randombytes_uniform((uint32_t) mlen);
        l2 = randombytes_uniform((uint32_t) (mlen - l1));
        crypto_auth_hmacsha512_update(&st, m, l1);
        crypto_auth_hmacsha512_update(&st, m + l1, l2);
        crypto_auth_hmacsha512_update(&st, m + l1 + l2, mlen - l1 - l2);
        crypto_auth_hmacsha512_final(&st, h);

        crypto_auth_hmacsha512(h2, m, mlen, k);

        assert(memcmp(h, h2, crypto_auth_hmacsha512_BYTES) == 0);

        sodium_free(h2);
        sodium_free(h);
        sodium_free(k);
        sodium_free(m);
    }
}

int
main(void)
{
    mm_generichash();
    mm_onetimeauth();
    mm_hmacsha256();
    mm_hmacsha512();

    printf("OK\n");

    return 0;
}