From 48e36ffc7cf22126163a9a82db1e062e54344bf8 Mon Sep 17 00:00:00 2001
From: Loup Vaillant <loup@loup-vaillant.fr>
Date: Mon, 9 Dec 2019 11:49:34 +0100
Subject: [PATCH] Added tests for IETF Chacha20

---
 tests/gen/ietf_chacha20.c | 26 ++++++++++++++++++++++++++
 tests/gen/makefile        |  9 +++++----
 tests/test.c              | 17 ++++++++++++++++-
 tests/utils.c             | 13 +++++++------
 tests/utils.h             |  1 +
 5 files changed, 55 insertions(+), 11 deletions(-)
 create mode 100644 tests/gen/ietf_chacha20.c

diff --git a/tests/gen/ietf_chacha20.c b/tests/gen/ietf_chacha20.c
new file mode 100644
index 0000000..7256020
--- /dev/null
+++ b/tests/gen/ietf_chacha20.c
@@ -0,0 +1,26 @@
+#include <sodium.h>
+#include "utils.h"
+
+static void test(size_t size, u32 ctr)
+{
+    RANDOM_INPUT(key  ,  32);
+    RANDOM_INPUT(nonce,  12);
+    RANDOM_INPUT(in   , 128); // size <= 128
+    u8 out[128];              // size <= 128
+
+    crypto_stream_chacha20_ietf_xor_ic(out, in, size, nonce, ctr, key);
+
+    print_vector(key  ,   32);
+    print_vector(nonce,   12);
+    print_vector(in   , size);
+    print_number(ctr        );
+    print_vector(out  , size);
+    printf("\n");
+}
+
+int main(void)
+{
+    SODIUM_INIT;
+    FOR (size, 0, 128) { test(size, (u32)rand64()); }
+    return 0;
+}
diff --git a/tests/gen/makefile b/tests/gen/makefile
index d567cf3..d1f127d 100644
--- a/tests/gen/makefile
+++ b/tests/gen/makefile
@@ -3,10 +3,10 @@ CFLAGS = -pedantic -Wall -Wextra
 
 .PHONY: all clean
 
-VEC     = chacha20    hchacha20  xchacha20     aead_ietf poly1305 \
-          blake2b     sha512     hmac_sha512   argon2i            \
-          edDSA       edDSA_pk   ed_25519      ed_25519_check     \
-          x25519      x25519_pk  key_exchange
+VEC     = chacha20  hchacha20  xchacha20    ietf_chacha20 aead_ietf  \
+          poly1305  blake2b    sha512       hmac_sha512   argon2i    \
+          edDSA     edDSA_pk   ed_25519     ed_25519_check           \
+          x25519    x25519_pk  key_exchange
 #          monokex_xk1 monokex_x
 VEC2    = $(patsubst %, %.all.vec, $(VEC))
 HEADERS = $(patsubst %, %.h.vec  , $(VEC))
@@ -56,6 +56,7 @@ x25519.all.vec        : x25519.vec      vectors/x25519
 x25519_pk.all.vec     : x25519_pk.vec
 hchacha20.all.vec     : hchacha20.vec
 xchacha20.all.vec     : xchacha20.vec
+ietf_chacha20.all.vec : ietf_chacha20.vec
 aead_ietf.all.vec     : aead_ietf.vec
 blake2b.all.vec       : blake2b.vec
 sha512.all.vec        : sha512.vec
diff --git a/tests/test.c b/tests/test.c
index 3f28c23..fd53b29 100644
--- a/tests/test.c
+++ b/tests/test.c
@@ -29,6 +29,20 @@ static void chacha20(const vector in[], vector *out)
     }
 }
 
+static void ietf_chacha20(const vector in[], vector *out)
+{
+    const vector *key   = in;
+    const vector *nonce = in + 1;
+    const vector *plain = in + 2;
+    u32 ctr       = load32_le(in[3].buf);
+    u32 new_ctr   = crypto_ietf_chacha20_ctr(out->buf, plain->buf, plain->size,
+                                             key->buf, nonce->buf, ctr);
+    u32 nb_blocks = plain->size / 64 + (plain->size % 64 != 0);
+    if (new_ctr - ctr != nb_blocks) {
+        printf("FAILURE: IETF Chacha20 returned counter not correct: ");
+    }
+}
+
 static void hchacha20(const vector in[], vector *out)
 {
     const vector *key   = in;
@@ -46,7 +60,7 @@ static void xchacha20(const vector in[], vector *out)
                                          key->buf, nonce->buf, ctr);
     u64 nb_blocks = plain->size / 64 + (plain->size % 64 != 0);
     if (new_ctr - ctr != nb_blocks) {
-        printf("FAILURE: Chacha20 returned counter not correct: ");
+        printf("FAILURE: XChacha20 returned counter not correct: ");
     }
 }
 
@@ -712,6 +726,7 @@ int main(int argc, char *argv[])
     printf("\nTest against vectors");
     printf("\n--------------------\n");
     status |= TEST(chacha20      , 4);
+    status |= TEST(ietf_chacha20 , 4);
     status |= TEST(hchacha20     , 2);
     status |= TEST(xchacha20     , 4);
     status |= TEST(poly1305      , 2);
diff --git a/tests/utils.c b/tests/utils.c
index fc71ade..ddc4d7b 100644
--- a/tests/utils.c
+++ b/tests/utils.c
@@ -16,16 +16,17 @@ void store64_le(u8 out[8], u64 in)
     out[7] = (in >> 56) & 0xff;
 }
 
-u64 load64_le(const u8 s[8])
+u32 load32_le(const u8 s[4])
 {
     return (u64)s[0]
         | ((u64)s[1] <<  8)
         | ((u64)s[2] << 16)
-        | ((u64)s[3] << 24)
-        | ((u64)s[4] << 32)
-        | ((u64)s[5] << 40)
-        | ((u64)s[6] << 48)
-        | ((u64)s[7] << 56);
+        | ((u64)s[3] << 24);
+}
+
+u64 load64_le(const u8 s[8])
+{
+    return load32_le(s) | ((u64)load32_le(s+4) << 32);
 }
 
 // Must be seeded with a nonzero value.
diff --git a/tests/utils.h b/tests/utils.h
index c315151..380519b 100644
--- a/tests/utils.h
+++ b/tests/utils.h
@@ -30,6 +30,7 @@ typedef struct {
 
 void store64_le(u8 out[8], u64 in);
 u64  load64_le(const u8 s[8]);
+u32  load32_le(const u8 s[8]);
 u64 rand64(); // Pseudo-random 64 bit number, based on xorshift*
 void p_random(u8 *stream, size_t size);
 void print_vector(const u8 *buf, size_t size);
-- 
2.47.3