angd-dev/data-lite-c
1
0
Fork 0
Code Pull Requests Releases Activity

Replaced system SQLite with SQLCipher to support encrypted database

Browse Source
This commit is contained in:
Oleksii Zghurskyi
2025-06-07 18:11:17 +03:00
parent f4198d62a7
commit 177d74700f
534 changed files with 362771 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
Sources/DataLiteC/libtomcrypt/encauth/chachapoly/chacha20poly1305_add_aad.c Normal file
View File

@@ -0,0 +1,28 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Add AAD to the ChaCha20Poly1305 state
@param st The ChaCha20Poly1305 state
@param in The additional authentication data to add to the ChaCha20Poly1305 state
@param inlen The length of the ChaCha20Poly1305 data.
@return CRYPT_OK on success
*/
int chacha20poly1305_add_aad(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen)
{
int err;
if (inlen == 0) return CRYPT_OK; /* nothing to do */
LTC_ARGCHK(st != NULL);
if (st->aadflg == 0) return CRYPT_ERROR;
if ((err = poly1305_process(&st->poly, in, inlen)) != CRYPT_OK) return err;
st->aadlen += (ulong64)inlen;
return CRYPT_OK;
}
#endif

38
Sources/DataLiteC/libtomcrypt/encauth/chachapoly/chacha20poly1305_decrypt.c Normal file
View File

@@ -0,0 +1,38 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Decrypt bytes of ciphertext with ChaCha20Poly1305
@param st The ChaCha20Poly1305 state
@param in The ciphertext
@param inlen The length of the input (octets)
@param out [out] The plaintext (length inlen)
@return CRYPT_OK if successful
*/
int chacha20poly1305_decrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out)
{
unsigned char padzero[16] = { 0 };
unsigned long padlen;
int err;
LTC_ARGCHK(st != NULL);
if (st->aadflg) {
padlen = 16 - (unsigned long)(st->aadlen % 16);
if (padlen < 16) {
if ((err = poly1305_process(&st->poly, padzero, padlen)) != CRYPT_OK) return err;
}
st->aadflg = 0; /* no more AAD */
}
if (st->aadflg) st->aadflg = 0; /* no more AAD */
if ((err = poly1305_process(&st->poly, in, inlen)) != CRYPT_OK) return err;
if ((err = chacha_crypt(&st->chacha, in, inlen, out)) != CRYPT_OK) return err;
st->ctlen += (ulong64)inlen;
return CRYPT_OK;
}
#endif

38
Sources/DataLiteC/libtomcrypt/encauth/chachapoly/chacha20poly1305_done.c Normal file
View File

@@ -0,0 +1,38 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Terminate a ChaCha20Poly1305 stream
@param st The ChaCha20Poly1305 state
@param tag [out] The destination for the MAC tag
@param taglen [in/out] The length of the MAC tag
@return CRYPT_OK on success
*/
int chacha20poly1305_done(chacha20poly1305_state *st, unsigned char *tag, unsigned long *taglen)
{
unsigned char padzero[16] = { 0 };
unsigned long padlen;
unsigned char buf[16];
int err;
LTC_ARGCHK(st != NULL);
if (!st->openssh_compat) {
padlen = 16 - (unsigned long)(st->ctlen % 16);
if (padlen < 16) {
if ((err = poly1305_process(&st->poly, padzero, padlen)) != CRYPT_OK) return err;
}
STORE64L(st->aadlen, buf);
STORE64L(st->ctlen, buf + 8);
if ((err = poly1305_process(&st->poly, buf, 16)) != CRYPT_OK) return err;
}
if ((err = poly1305_done(&st->poly, tag, taglen)) != CRYPT_OK) return err;
if ((err = chacha_done(&st->chacha)) != CRYPT_OK) return err;
return CRYPT_OK;
}
#endif

37
Sources/DataLiteC/libtomcrypt/encauth/chachapoly/chacha20poly1305_encrypt.c Normal file
View File

@@ -0,0 +1,37 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Encrypt bytes of ciphertext with ChaCha20Poly1305
@param st The ChaCha20Poly1305 state
@param in The plaintext
@param inlen The length of the input (octets)
@param out [out] The ciphertext (length inlen)
@return CRYPT_OK if successful
*/
int chacha20poly1305_encrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out)
{
unsigned char padzero[16] = { 0 };
unsigned long padlen;
int err;
LTC_ARGCHK(st != NULL);
if ((err = chacha_crypt(&st->chacha, in, inlen, out)) != CRYPT_OK) return err;
if (st->aadflg) {
padlen = 16 - (unsigned long)(st->aadlen % 16);
if (padlen < 16) {
if ((err = poly1305_process(&st->poly, padzero, padlen)) != CRYPT_OK) return err;
}
st->aadflg = 0; /* no more AAD */
}
if ((err = poly1305_process(&st->poly, out, inlen)) != CRYPT_OK) return err;
st->ctlen += (ulong64)inlen;
return CRYPT_OK;
}
#endif

21
Sources/DataLiteC/libtomcrypt/encauth/chachapoly/chacha20poly1305_init.c Normal file
View File

@@ -0,0 +1,21 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Initialize an ChaCha20Poly1305 context (only the key)
@param st [out] The destination of the ChaCha20Poly1305 state
@param key The secret key
@param keylen The length of the secret key (octets)
@return CRYPT_OK if successful
*/
int chacha20poly1305_init(chacha20poly1305_state *st, const unsigned char *key, unsigned long keylen)
{
XMEMSET(st, 0, sizeof(*st));
return chacha_setup(&st->chacha, key, keylen, 20);
}
#endif

76
Sources/DataLiteC/libtomcrypt/encauth/chachapoly/chacha20poly1305_memory.c Normal file
View File

@@ -0,0 +1,76 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Process an entire ChaCha20Poly1305 packet in one call.
@param key The secret key
@param keylen The length of the secret key
@param iv The initialization vector
@param ivlen The length of the initialization vector
@param aad The additional authentication data (header)
@param aadlen The length of the aad
@param in The plaintext
@param inlen The length of the plaintext (ciphertext length is the same)
@param out The ciphertext
@param tag [out] The MAC tag
@param taglen [in/out] The MAC tag length
@param direction Encrypt or Decrypt mode (CHACHA20POLY1305_ENCRYPT or CHACHA20POLY1305_DECRYPT)
@return CRYPT_OK on success
*/
int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen,
const unsigned char *iv, unsigned long ivlen,
const unsigned char *aad, unsigned long aadlen,
const unsigned char *in, unsigned long inlen,
unsigned char *out,
unsigned char *tag, unsigned long *taglen,
int direction)
{
chacha20poly1305_state st;
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(iv != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
if ((err = chacha20poly1305_init(&st, key, keylen)) != CRYPT_OK) { goto LBL_ERR; }
st.openssh_compat = (direction & CHACHA20POLY1305_OPENSSH_COMPAT) ? 1 : 0;
direction &= ~(CHACHA20POLY1305_OPENSSH_COMPAT);
if ((err = chacha20poly1305_setiv(&st, iv, ivlen)) != CRYPT_OK) { goto LBL_ERR; }
if (aad && aadlen > 0) {
if ((err = chacha20poly1305_add_aad(&st, aad, aadlen)) != CRYPT_OK) { goto LBL_ERR; }
}
if (direction == CHACHA20POLY1305_ENCRYPT) {
if ((err = chacha20poly1305_encrypt(&st, in, inlen, out)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = chacha20poly1305_done(&st, tag, taglen)) != CRYPT_OK) { goto LBL_ERR; }
}
else if (direction == CHACHA20POLY1305_DECRYPT) {
unsigned char buf[MAXBLOCKSIZE];
unsigned long buflen = sizeof(buf);
if ((err = chacha20poly1305_decrypt(&st, in, inlen, out)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = chacha20poly1305_done(&st, buf, &buflen)) != CRYPT_OK) { goto LBL_ERR; }
if (buflen != *taglen || XMEM_NEQ(buf, tag, buflen) != 0) {
err = CRYPT_ERROR;
goto LBL_ERR;
}
}
else {
err = CRYPT_INVALID_ARG;
goto LBL_ERR;
}
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(&st, sizeof(chacha20poly1305_state));
#endif
return err;
}
#endif

58
Sources/DataLiteC/libtomcrypt/encauth/chachapoly/chacha20poly1305_setiv.c Normal file
View File

@@ -0,0 +1,58 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Set IV + counter data to the ChaCha20Poly1305 state and reset the context
@param st The ChaCha20Poly1305 state
@param iv The IV data to add
@param ivlen The length of the IV (must be 12 or 8)
@return CRYPT_OK on success
*/
int chacha20poly1305_setiv(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen)
{
chacha_state tmp_st;
int i, err;
unsigned char polykey[32];
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(iv != NULL);
LTC_ARGCHK(ivlen == 12 || ivlen == 8);
/* set IV for chacha20 */
if (ivlen == 12) {
/* IV 96bit */
if ((err = chacha_ivctr32(&st->chacha, iv, ivlen, 1)) != CRYPT_OK) return err;
}
else {
/* IV 64bit */
if ((err = chacha_ivctr64(&st->chacha, iv, ivlen, 1)) != CRYPT_OK) return err;
}
/* copy chacha20 key to temporary state */
for(i = 0; i < 12; i++) tmp_st.input[i] = st->chacha.input[i];
tmp_st.rounds = 20;
/* set IV */
if (ivlen == 12) {
/* IV 32bit */
if ((err = chacha_ivctr32(&tmp_st, iv, ivlen, 0)) != CRYPT_OK) return err;
}
else {
/* IV 64bit */
if ((err = chacha_ivctr64(&tmp_st, iv, ivlen, 0)) != CRYPT_OK) return err;
}
/* (re)generate new poly1305 key */
if ((err = chacha_keystream(&tmp_st, polykey, 32)) != CRYPT_OK) return err;
/* (re)initialise poly1305 */
if ((err = poly1305_init(&st->poly, polykey, 32)) != CRYPT_OK) return err;
st->ctlen = 0;
st->aadlen = 0;
st->aadflg = 1;
return CRYPT_OK;
}
#endif

30
Sources/DataLiteC/libtomcrypt/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.c Normal file
View File

@@ -0,0 +1,30 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
#ifdef LTC_CHACHA20POLY1305_MODE
/**
Set IV + counter data (with RFC7905-magic) to the ChaCha20Poly1305 state and reset the context
@param st The ChaCha20Poly1305 state
@param iv The IV data to add
@param ivlen The length of the IV (must be 12 or 8)
@param sequence_number 64bit sequence number which is incorporated into IV as described in RFC7905
@return CRYPT_OK on success
*/
int chacha20poly1305_setiv_rfc7905(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 sequence_number)
{
int i;
unsigned char combined_iv[12] = { 0 };
LTC_ARGCHK(st != NULL);
LTC_ARGCHK(iv != NULL);
LTC_ARGCHK(ivlen == 12);
STORE64L(sequence_number, combined_iv + 4);
for (i = 0; i < 12; i++) combined_iv[i] = iv[i] ^ combined_iv[i];
return chacha20poly1305_setiv(st, combined_iv, 12);
}
#endif

159
Sources/DataLiteC/libtomcrypt/encauth/chachapoly/chacha20poly1305_test.c Normal file
View File

@@ -0,0 +1,159 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
#ifdef LTC_CHACHA20POLY1305_MODE
int chacha20poly1305_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
chacha20poly1305_state st1, st2;
unsigned char k[] = { 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f };
unsigned char i12[] = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 };
unsigned char i8[] = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43 };
unsigned char aad[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
unsigned char enc[] = { 0xD3, 0x1A, 0x8D, 0x34, 0x64, 0x8E, 0x60, 0xDB, 0x7B, 0x86, 0xAF, 0xBC, 0x53, 0xEF, 0x7E, 0xC2,
0xA4, 0xAD, 0xED, 0x51, 0x29, 0x6E, 0x08, 0xFE, 0xA9, 0xE2, 0xB5, 0xA7, 0x36, 0xEE, 0x62, 0xD6,
0x3D, 0xBE, 0xA4, 0x5E, 0x8C, 0xA9, 0x67, 0x12, 0x82, 0xFA, 0xFB, 0x69, 0xDA, 0x92, 0x72, 0x8B,
0x1A, 0x71, 0xDE, 0x0A, 0x9E, 0x06, 0x0B, 0x29, 0x05, 0xD6, 0xA5, 0xB6, 0x7E, 0xCD, 0x3B, 0x36,
0x92, 0xDD, 0xBD, 0x7F, 0x2D, 0x77, 0x8B, 0x8C, 0x98, 0x03, 0xAE, 0xE3, 0x28, 0x09, 0x1B, 0x58,
0xFA, 0xB3, 0x24, 0xE4, 0xFA, 0xD6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8B, 0x48, 0x31, 0xD7, 0xBC,
0x3F, 0xF4, 0xDE, 0xF0, 0x8E, 0x4B, 0x7A, 0x9D, 0xE5, 0x76, 0xD2, 0x65, 0x86, 0xCE, 0xC6, 0x4B,
0x61, 0x16 };
unsigned char tag[] = { 0x1A, 0xE1, 0x0B, 0x59, 0x4F, 0x09, 0xE2, 0x6A, 0x7E, 0x90, 0x2E, 0xCB, 0xD0, 0x60, 0x06, 0x91 };
char m[] = "Ladies and Gentlemen of the class of '99: If I could offer you only one tip for the future, sunscreen would be it.";
unsigned long mlen = XSTRLEN(m);
unsigned long len;
unsigned char rfc7905_pt[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
unsigned char rfc7905_enc[] = { 0xE4, 0x62, 0x85, 0xB4, 0x29, 0x95, 0x34, 0x96, 0xAB, 0xFB, 0x67, 0xCD, 0xAE, 0xAC, 0x94, 0x1E };
unsigned char rfc7905_tag[] = { 0x16, 0x2C, 0x92, 0x48, 0x2A, 0xDB, 0xD3, 0x5D, 0x48, 0xBE, 0xC6, 0xFF, 0x10, 0x9C, 0xBA, 0xE4 };
unsigned char ct[1000], pt[1000], emac[16], dmac[16];
int err;
/* encrypt IV 96bit */
if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_setiv(&st1, i12, sizeof(i12))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
/* encrypt piece by piece */
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m, 25, ct)) != CRYPT_OK) return err;
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 25, 10, ct + 25)) != CRYPT_OK) return err;
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 35, 35, ct + 35)) != CRYPT_OK) return err;
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 70, 5, ct + 70)) != CRYPT_OK) return err;
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 75, 5, ct + 75)) != CRYPT_OK) return err;
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m + 80, mlen - 80, ct + 80)) != CRYPT_OK) return err;
len = sizeof(emac);
if ((err = chacha20poly1305_done(&st1, emac, &len)) != CRYPT_OK) return err;
if (compare_testvector(ct, mlen, enc, sizeof(enc), "ENC-CT", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
if (compare_testvector(emac, len, tag, sizeof(tag), "ENC-TAG", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
/* decrypt IV 96bit */
if ((err = chacha20poly1305_init(&st2, k, sizeof(k))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_setiv(&st2, i12, sizeof(i12))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_add_aad(&st2, aad, sizeof(aad))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_decrypt(&st2, ct, 21, pt)) != CRYPT_OK) return err;
if ((err = chacha20poly1305_decrypt(&st2, ct + 21, mlen - 21, pt + 21)) != CRYPT_OK) return err;
len = sizeof(dmac);
if ((err = chacha20poly1305_done(&st2, dmac, &len)) != CRYPT_OK) return err;
if (compare_testvector(pt, mlen, m, mlen, "DEC-PT", 3) != 0) return CRYPT_FAIL_TESTVECTOR;
if (compare_testvector(dmac, len, tag, sizeof(tag), "DEC-TAG", 4) != 0) return CRYPT_FAIL_TESTVECTOR;
/* chacha20poly1305_memory - encrypt */
len = sizeof(emac);
if ((err = chacha20poly1305_memory(k, sizeof(k), i12, sizeof(i12), aad, sizeof(aad), (unsigned char *)m,
mlen, ct, emac, &len, CHACHA20POLY1305_ENCRYPT)) != CRYPT_OK) return err;
if (compare_testvector(ct, mlen, enc, sizeof(enc), "ENC-CT2", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
if (compare_testvector(emac, len, tag, sizeof(tag), "ENC-TAG2", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
/* chacha20poly1305_memory - decrypt */
len = sizeof(dmac);
XMEMCPY(dmac, tag, sizeof(tag));
if ((err = chacha20poly1305_memory(k, sizeof(k), i12, sizeof(i12), aad, sizeof(aad),
ct, mlen, pt, dmac, &len, CHACHA20POLY1305_DECRYPT)) != CRYPT_OK) return err;
if (compare_testvector(pt, mlen, m, mlen, "DEC-PT2", 3) != 0) return CRYPT_FAIL_TESTVECTOR;
/* encrypt - rfc7905 */
if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_setiv_rfc7905(&st1, i12, sizeof(i12), CONST64(0x1122334455667788))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_encrypt(&st1, rfc7905_pt, 16, ct)) != CRYPT_OK) return err;
len = sizeof(emac);
if ((err = chacha20poly1305_done(&st1, emac, &len)) != CRYPT_OK) return err;
if (compare_testvector(ct, 16, rfc7905_enc, 16, "ENC-CT3", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
if (compare_testvector(emac, len, rfc7905_tag, 16, "ENC-TAG3", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
/* decrypt - rfc7905 */
if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_setiv_rfc7905(&st1, i12, sizeof(i12), CONST64(0x1122334455667788))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_decrypt(&st1, ct, 16, pt)) != CRYPT_OK) return err;
len = sizeof(dmac);
if ((err = chacha20poly1305_done(&st1, dmac, &len)) != CRYPT_OK) return err;
if (compare_testvector(pt, 16, rfc7905_pt, 16, "DEC-CT3", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
if (compare_testvector(dmac, len, rfc7905_tag, 16, "DEC-TAG3", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
/* encrypt IV 64bit */
if ((err = chacha20poly1305_init(&st1, k, sizeof(k))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_setiv(&st1, i8, sizeof(i8))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_add_aad(&st1, aad, sizeof(aad))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_encrypt(&st1, (unsigned char *)m, mlen, ct)) != CRYPT_OK) return err;
len = sizeof(emac);
if ((err = chacha20poly1305_done(&st1, emac, &len)) != CRYPT_OK) return err;
/* decrypt IV 64bit */
if ((err = chacha20poly1305_init(&st2, k, sizeof(k))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_setiv(&st2, i8, sizeof(i8))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_add_aad(&st2, aad, sizeof(aad))) != CRYPT_OK) return err;
if ((err = chacha20poly1305_decrypt(&st2, ct, mlen, pt)) != CRYPT_OK) return err;
len = sizeof(dmac);
if ((err = chacha20poly1305_done(&st2, dmac, &len)) != CRYPT_OK) return err;
if (compare_testvector(pt, mlen, m, mlen, "DEC-PT4", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
if (compare_testvector(dmac, len, emac, len, "DEC-TAG4", 2) != 0) return CRYPT_FAIL_TESTVECTOR;
/* wycheproof failing test - https://github.com/libtom/libtomcrypt/pull/451 */
{
unsigned char key[] = { 0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff,
0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff };
unsigned char iv[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b };
unsigned char valid_tag[] = { 0xa3,0xe3,0xfd,0xf9,0xfb,0xa6,0x86,0x1b,0x5a,0xd2,0x60,0x7f,0x40,0xb7,0xf4,0x47 };
unsigned char invalid_tag[] = { 0xa2,0xe3,0xfd,0xf9,0xfb,0xa6,0x86,0x1b,0x5a,0xd2,0x60,0x7f,0x40,0xb7,0xf4,0x47 };
unsigned char waad[] = { 0x61,0x61,0x64 };
unsigned char wct[] = { 0x00 };
unsigned char wpt[20] = { 0 };
unsigned char wtag[20] = { 0 };
unsigned long taglen;
/* encrypt */
taglen = sizeof(wtag);
err = chacha20poly1305_memory(key, sizeof(key), iv, sizeof(iv), waad, sizeof(waad),
wpt, 0, wct, wtag, &taglen, CHACHA20POLY1305_ENCRYPT);
if (err != CRYPT_OK) return CRYPT_FAIL_TESTVECTOR;
if (compare_testvector(wtag, taglen, valid_tag, sizeof(valid_tag), "WYCH", 1) != 0) return CRYPT_FAIL_TESTVECTOR;
/* VALID tag */
taglen = sizeof(valid_tag);
err = chacha20poly1305_memory(key, sizeof(key), iv, sizeof(iv), waad, sizeof(waad),
wpt, 0, wct, valid_tag, &taglen, CHACHA20POLY1305_DECRYPT);
if (err != CRYPT_OK) return CRYPT_FAIL_TESTVECTOR;
/* INVALID tag */
taglen = sizeof(invalid_tag);
err = chacha20poly1305_memory(key, sizeof(key), iv, sizeof(iv), waad, sizeof(waad),
wpt, 0, wct, invalid_tag, &taglen, CHACHA20POLY1305_DECRYPT);
if (err == CRYPT_OK) {
return CRYPT_FAIL_TESTVECTOR; /* should fail */
}
}
return CRYPT_OK;
#endif
}
#endif