Document & test overlapping of key_exchange.

diff --git a/doc/man/man3/crypto_key_exchange.3monocypher b/doc/man/man3/crypto_key_exchange.3monocypher
index 9bfd3fd29887a53f4f614108a14814c235cdee33..c626b833804be113d546a0e756dc9fca4cd0facd 100644 (file)
--- a/doc/man/man3/crypto_key_exchange.3monocypher
+++ b/doc/man/man3/crypto_key_exchange.3monocypher
@@ -101,6 +101,11 @@ Your public key, generated from
 with
 .Fn crypto_key_exchange_public_key .
 .El
+.Pp
+.Fa shared_key
+and
+.Fa your_secret_key
+may overlap if the secret is no longer required.
 .Sh RETURN VALUES
 .Fn crypto_key_exchange
 and

diff --git a/tests/test.c b/tests/test.c
index 969e657cf810acd3638dd7166a671bfa0719a46e..b1f026cbb6071b585c47c5e3529b4ed27a748f9d 100644 (file)
--- a/tests/test.c
+++ b/tests/test.c
@@ -660,6 +660,22 @@ static int p_argon2i_overlap()
     return status;
 }
 
+// Tests that the shared key and secret key buffers of crypto_key_exchange can overlap.
+static int p_key_exchange_overlap()
+{
+    int status = 0;
+    FOR (i, 0, 5) {
+        u8 buf[32];
+        RANDOM_INPUT(sk, 32);
+        RANDOM_INPUT(pk, 32);
+        crypto_key_exchange(buf, sk, pk);
+        crypto_key_exchange(sk, sk, pk);
+        status |= memcmp(buf, sk, 32);
+    }
+    printf("%s: key_exchange (overlaping i/o)\n", status != 0 ? "FAILED" : "OK");
+    return status;
+}
+
 static int p_eddsa_roundtrip()
 {
 #define MESSAGE_SIZE 30
@@ -853,6 +869,7 @@ int main(int argc, char *argv[])
     status |= p_hmac_sha512_overlap();
     status |= p_argon2i_easy();
     status |= p_argon2i_overlap();
+    status |= p_key_exchange_overlap();
     status |= p_eddsa_roundtrip();
     status |= p_eddsa_random();
     status |= p_eddsa_overlap();