File: //usr/share/doc/libsodium-devel-1.0.18/metamorphic.c
#define TEST_NAME "metamorphic"
#include "cmptest.h"
#define MAXLEN 512
#define MAX_ITER 1000
static void
mm_generichash(void)
{
crypto_generichash_state st;
unsigned char *h, *h2;
unsigned char *k;
unsigned char *m;
size_t hlen;
size_t klen;
size_t mlen;
size_t l1, l2;
int i;
for (i = 0; i < MAX_ITER; i++) {
mlen = randombytes_uniform(MAXLEN);
m = (unsigned char *) sodium_malloc(mlen);
klen = randombytes_uniform(crypto_generichash_KEYBYTES_MAX -
crypto_generichash_KEYBYTES_MIN + 1U)
+ crypto_generichash_KEYBYTES_MIN;
k = (unsigned char *) sodium_malloc(klen);
hlen = randombytes_uniform(crypto_generichash_BYTES_MAX -
crypto_generichash_BYTES_MIN + 1U)
+ crypto_generichash_BYTES_MIN;
h = (unsigned char *) sodium_malloc(hlen);
h2 = (unsigned char *) sodium_malloc(hlen);
randombytes_buf(k, klen);
randombytes_buf(m, mlen);
crypto_generichash_init(&st, k, klen, hlen);
l1 = randombytes_uniform((uint32_t) mlen);
l2 = randombytes_uniform((uint32_t) (mlen - l1));
crypto_generichash_update(&st, m, l1);
crypto_generichash_update(&st, m + l1, l2);
crypto_generichash_update(&st, m + l1 + l2, mlen - l1 - l2);
crypto_generichash_final(&st, h, hlen);
crypto_generichash(h2, hlen, m, mlen, k, klen);
assert(memcmp(h, h2, hlen) == 0);
sodium_free(h2);
sodium_free(h);
sodium_free(k);
sodium_free(m);
}
}
static void
mm_onetimeauth(void)
{
crypto_onetimeauth_state st;
unsigned char *h, *h2;
unsigned char *k;
unsigned char *m;
size_t mlen;
size_t l1, l2;
int i;
for (i = 0; i < MAX_ITER; i++) {
mlen = randombytes_uniform(MAXLEN);
m = (unsigned char *) sodium_malloc(mlen);
k = (unsigned char *) sodium_malloc(crypto_onetimeauth_KEYBYTES);
h = (unsigned char *) sodium_malloc(crypto_onetimeauth_BYTES);
h2 = (unsigned char *) sodium_malloc(crypto_onetimeauth_BYTES);
crypto_onetimeauth_keygen(k);
randombytes_buf(m, mlen);
crypto_onetimeauth_init(&st, k);
l1 = randombytes_uniform((uint32_t) mlen);
l2 = randombytes_uniform((uint32_t) (mlen - l1));
crypto_onetimeauth_update(&st, m, l1);
crypto_onetimeauth_update(&st, m + l1, l2);
crypto_onetimeauth_update(&st, m + l1 + l2, mlen - l1 - l2);
crypto_onetimeauth_final(&st, h);
crypto_onetimeauth(h2, m, mlen, k);
assert(memcmp(h, h2, crypto_onetimeauth_BYTES) == 0);
sodium_free(h2);
sodium_free(h);
sodium_free(k);
sodium_free(m);
}
}
static void
mm_hmacsha256(void)
{
crypto_auth_hmacsha256_state st;
unsigned char *h, *h2;
unsigned char *k;
unsigned char *m;
size_t mlen;
size_t l1, l2;
int i;
for (i = 0; i < MAX_ITER; i++) {
mlen = randombytes_uniform(MAXLEN);
m = (unsigned char *) sodium_malloc(mlen);
k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_KEYBYTES);
h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);
h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES);
crypto_auth_hmacsha256_keygen(k);
randombytes_buf(m, mlen);
crypto_auth_hmacsha256_init(&st, k, crypto_auth_hmacsha256_KEYBYTES);
l1 = randombytes_uniform((uint32_t) mlen);
l2 = randombytes_uniform((uint32_t) (mlen - l1));
crypto_auth_hmacsha256_update(&st, m, l1);
crypto_auth_hmacsha256_update(&st, m + l1, l2);
crypto_auth_hmacsha256_update(&st, m + l1 + l2, mlen - l1 - l2);
crypto_auth_hmacsha256_final(&st, h);
crypto_auth_hmacsha256(h2, m, mlen, k);
assert(memcmp(h, h2, crypto_auth_hmacsha256_BYTES) == 0);
sodium_free(h2);
sodium_free(h);
sodium_free(k);
sodium_free(m);
}
}
static void
mm_hmacsha512(void)
{
crypto_auth_hmacsha512_state st;
unsigned char *h, *h2;
unsigned char *k;
unsigned char *m;
size_t mlen;
size_t l1, l2;
int i;
for (i = 0; i < MAX_ITER; i++) {
mlen = randombytes_uniform(MAXLEN);
m = (unsigned char *) sodium_malloc(mlen);
k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_KEYBYTES);
h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_BYTES);
h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha512_BYTES);
crypto_auth_hmacsha512_keygen(k);
randombytes_buf(m, mlen);
crypto_auth_hmacsha512_init(&st, k, crypto_auth_hmacsha512_KEYBYTES);
l1 = randombytes_uniform((uint32_t) mlen);
l2 = randombytes_uniform((uint32_t) (mlen - l1));
crypto_auth_hmacsha512_update(&st, m, l1);
crypto_auth_hmacsha512_update(&st, m + l1, l2);
crypto_auth_hmacsha512_update(&st, m + l1 + l2, mlen - l1 - l2);
crypto_auth_hmacsha512_final(&st, h);
crypto_auth_hmacsha512(h2, m, mlen, k);
assert(memcmp(h, h2, crypto_auth_hmacsha512_BYTES) == 0);
sodium_free(h2);
sodium_free(h);
sodium_free(k);
sodium_free(m);
}
}
int
main(void)
{
mm_generichash();
mm_onetimeauth();
mm_hmacsha256();
mm_hmacsha512();
printf("OK\n");
return 0;
}