summaryrefslogtreecommitdiff
path: root/lib/crypto
diff options
context:
space:
mode:
authorOri Bernstein <ori@eigenstate.org>2016-11-24 16:30:24 -0800
committerOri Bernstein <ori@eigenstate.org>2016-11-24 16:44:44 -0800
commit204b05d910ebcaec8af1fe62e8bbd19f3f41932a (patch)
tree12a85ac811c80d29808a32a20659af26bc7cc859 /lib/crypto
parent6c434100fac87e19234389aba2329165827d0711 (diff)
downloadmc-204b05d910ebcaec8af1fe62e8bbd19f3f41932a.tar.gz
Add chacha20.myr
We now have a cipher in libcrypto.
Diffstat (limited to 'lib/crypto')
-rw-r--r--lib/crypto/chacha20.myr239
-rw-r--r--lib/crypto/test/chacha20.myr861
2 files changed, 1100 insertions, 0 deletions
diff --git a/lib/crypto/chacha20.myr b/lib/crypto/chacha20.myr
new file mode 100644
index 0000000..371e39b
--- /dev/null
+++ b/lib/crypto/chacha20.myr
@@ -0,0 +1,239 @@
+use std
+
+pkg crypto =
+ type chacha20ctx = struct
+ input : uint32[16]
+ ;;
+
+ const chacha20keysetup : (x : chacha20ctx#, k : byte[:] -> void)
+ const chacha20ivsetup : (x : chacha20ctx#, iv : byte[:] -> void)
+ const chacha20encrypt : (x : chacha20ctx#, m : byte[:], c : byte[:] -> void)
+;;
+
+const sigma = "expand 32-byte k"
+const tau = "expand 16-byte k"
+
+const chacha20keysetup = {x, k
+ var constants
+
+ x.input[4] = std.getle32(k[0:4])
+ x.input[5] = std.getle32(k[4:8])
+ x.input[6] = std.getle32(k[8:12])
+ x.input[7] = std.getle32(k[12:16])
+ if k.len * 8 == 256
+ k = k[16:]
+ constants = sigma
+ elif k.len * 8 == 128
+ constants = tau
+ else
+ std.die("invalid key length")
+ ;;
+ x.input[8] = std.getle32(k[0:4])
+ x.input[9] = std.getle32(k[4:8])
+ x.input[10] = std.getle32(k[8:12])
+ x.input[11] = std.getle32(k[12:16])
+ x.input[0] = std.getle32(constants[0:4])
+ x.input[1] = std.getle32(constants[4:8])
+ x.input[2] = std.getle32(constants[8:12])
+ x.input[3] = std.getle32(constants[12:16])
+}
+
+const chacha20ivsetup = {x, iv
+ x.input[12] = 0
+ x.input[13] = 0
+ x.input[14] = std.getle32(iv[0:4])
+ x.input[15] = std.getle32(iv[4:8])
+}
+
+
+const chacha20encrypt = {x, m, c
+ var x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15 : uint32;
+ var j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15 : uint32;
+ var ctarget = [][:]
+ var tmp : byte[64];
+
+ std.assert(m.len == c.len, "mismatch between message and ciphertext lengths\n")
+ j0 = x.input[0]
+ j1 = x.input[1]
+ j2 = x.input[2]
+ j3 = x.input[3]
+ j4 = x.input[4]
+ j5 = x.input[5]
+ j6 = x.input[6]
+ j7 = x.input[7]
+ j8 = x.input[8]
+ j9 = x.input[9]
+ j10 = x.input[10]
+ j11 = x.input[11]
+ j12 = x.input[12]
+ j13 = x.input[13]
+ j14 = x.input[14]
+ j15 = x.input[15]
+
+ while true
+ if m.len < 64
+ std.slcp(tmp[:m.len], m)
+ m = tmp[:]
+ ctarget = c
+ c = tmp[:]
+ ;;
+ x0 = j0
+ x1 = j1
+ x2 = j2
+ x3 = j3
+ x4 = j4
+ x5 = j5
+ x6 = j6
+ x7 = j7
+ x8 = j8
+ x9 = j9
+ x10 = j10
+ x11 = j11
+ x12 = j12
+ x13 = j13
+ x14 = j14
+ x15 = j15
+ /* do the rounds */
+ for var i = 20; i > 0; i -= 2
+ x0 = (x0 + x4)
+ x12 = (((x12 ^ x0 : uint32) << 16) | ((x12 ^ x0) >> (32 - 16)))
+ x8 = (x8 + x12)
+ x4 = (((x4 ^ x8 : uint32) << 12) | ((x4 ^ x8) >> (32 - 12)))
+ x0 = (x0 + x4)
+ x12 = (((x12 ^ x0 : uint32) << 8) | ((x12 ^ x0) >> (32 - 8)))
+ x8 = (x8 + x12)
+ x4 = (((x4 ^ x8 : uint32) << 7) | ((x4 ^ x8) >> (32 - 7)))
+
+ x1 = (x1 + x5)
+ x13 = ((((x13 ^ x1) : uint32) << 16) | ((x13 ^ x1) >> (32 - 16)))
+ x9 = (x9 + x13)
+ x5 = ((((x5 ^ x9) : uint32) << 12) | ((x5 ^ x9) >> (32 - 12)))
+ x1 = (x1 + x5)
+ x13 = ((((x13 ^ x1) : uint32) << 8) | ((x13 ^ x1) >> (32 - 8)))
+ x9 = (x9 + x13)
+ x5 = ((((x5 ^ x9) : uint32) << 7) | ((x5 ^ x9) >> (32 - 7)))
+
+ x2 = (x2 + x6)
+ x14 = ((((x14 ^ x2) : uint32) << 16) | ((x14 ^ x2) >> (32 - 16)))
+ x10 = (x10 + x14)
+ x6 = ((((x6 ^ x10) : uint32) << 12) | ((x6 ^ x10) >> (32 - 12)))
+ x2 = (x2 + x6)
+ x14 = ((((x14 ^ x2) : uint32) << 8) | ((x14 ^ x2) >> (32 - 8)))
+ x10 = (x10 + x14)
+ x6 = ((((x6 ^ x10) : uint32) << 7) | ((x6 ^ x10) >> (32 - 7)))
+
+ x3 = (x3 + x7)
+ x15 = ((((x15 ^ x3) : uint32) << 16) | ((x15 ^ x3) >> (32 - 16)))
+ x11 = (x11 + x15)
+ x7 = ((((x7 ^ x11) : uint32) << 12) | ((x7 ^ x11) >> (32 - 12)))
+ x3 = (x3 + x7)
+ x15 = ((((x15 ^ x3) : uint32) << 8) | ((x15 ^ x3) >> (32 - 8)))
+ x11 = (x11 + x15)
+ x7 = ((((x7 ^ x11) : uint32) << 7) | ((x7 ^ x11) >> (32 - 7)))
+
+ x0 = (x0 + x5)
+ x15 = ((((x15 ^ x0) : uint32) << 16) | ((x15 ^ x0) >> (32 - 16)))
+ x10 = (x10 + x15)
+ x5 = ((((x5 ^ x10) : uint32) << 12) | ((x5 ^ x10) >> (32 - 12)))
+ x0 = (x0 + x5)
+ x15 = ((((x15 ^ x0) : uint32) << 8) | ((x15 ^ x0) >> (32 - 8)))
+ x10 = (x10 + x15)
+ x5 = ((((x5 ^ x10) : uint32) << 7) | ((x5 ^ x10) >> (32 - 7)))
+
+ x1 = (x1 + x6)
+ x12 = ((((x12 ^ x1) : uint32) << 16) | ((x12 ^ x1) >> (32 - 16)))
+ x11 = (x11 + x12)
+ x6 = ((((x6 ^ x11) : uint32) << 12) | ((x6 ^ x11) >> (32 - 12)))
+ x1 = (x1 + x6)
+ x12 = ((((x12 ^ x1) : uint32) << 8) | ((x12 ^ x1) >> (32 - 8)))
+ x11 = (x11 + x12)
+ x6 = ((((x6 ^ x11) : uint32) << 7) | ((x6 ^ x11) >> (32 - 7)))
+
+ x2 = (x2 + x7)
+ x13 = ((((x13 ^ x2) : uint32) << 16) | ((x13 ^ x2) >> (32 - 16)))
+ x8 = (x8 + x13)
+ x7 = ((((x7 ^ x8) : uint32) << 12) | ((x7 ^ x8) >> (32 - 12)))
+ x2 = (x2 + x7)
+ x13 = ((((x13 ^ x2) : uint32) << 8) | ((x13 ^ x2) >> (32 - 8)))
+ x8 = (x8 + x13)
+ x7 = ((((x7 ^ x8) : uint32) << 7) | ((x7 ^ x8) >> (32 - 7)))
+
+ x3 = (x3 + x4)
+ x14 = ((((x14 ^ x3) : uint32) << 16) | ((x14 ^ x3) >> (32 - 16)))
+ x9 = (x9 + x14)
+ x4 = ((((x4 ^ x9) : uint32) << 12) | ((x4 ^ x9) >> (32 - 12)))
+ x3 = (x3 + x4)
+ x14 = ((((x14 ^ x3) : uint32) << 8) | ((x14 ^ x3) >> (32 - 8)))
+ x9 = (x9 + x14)
+ x4 = ((((x4 ^ x9) : uint32) << 7) | ((x4 ^ x9) >> (32 - 7)))
+ ;;
+ x0 = x0 + j0
+ x1 = x1 + j1
+ x2 = x2 + j2
+ x3 = x3 + j3
+ x4 = x4 + j4
+ x5 = x5 + j5
+ x6 = x6 + j6
+ x7 = x7 + j7
+ x8 = x8 + j8
+ x9 = x9 + j9
+ x10 = x10 + j10
+ x11 = x11 + j11
+ x12 = x12 + j12
+ x13 = x13 + j13
+ x14 = x14 + j14
+ x15 = x15 + j15
+
+ x0 = x0 ^ std.getle32(m[0:4]);
+ x1 = x1 ^ std.getle32(m[4:8]);
+ x2 = x2 ^ std.getle32(m[8:12]);
+ x3 = x3 ^ std.getle32(m[12:16]);
+ x4 = x4 ^ std.getle32(m[16:20]);
+ x5 = x5 ^ std.getle32(m[20:24]);
+ x6 = x6 ^ std.getle32(m[24:28]);
+ x7 = x7 ^ std.getle32(m[28:32]);
+ x8 = x8 ^ std.getle32(m[32:36]);
+ x9 = x9 ^ std.getle32(m[36:40]);
+ x10 = x10 ^ std.getle32(m[40:44]);
+ x11 = x11 ^ std.getle32(m[44:48]);
+ x12 = x12 ^ std.getle32(m[48:52]);
+ x13 = x13 ^ std.getle32(m[52:56]);
+ x14 = x14 ^ std.getle32(m[56:60]);
+ x15 = x15 ^ std.getle32(m[60:64]);
+
+ j12++
+ if j12 == 0
+ j13++
+ ;;
+
+ std.putle32(c[0:4], x0);
+ std.putle32(c[4:8], x1);
+ std.putle32(c[8:12], x2);
+ std.putle32(c[12:16], x3);
+ std.putle32(c[16:20], x4);
+ std.putle32(c[20:24], x5);
+ std.putle32(c[24:28], x6);
+ std.putle32(c[28:32], x7);
+ std.putle32(c[32:36], x8);
+ std.putle32(c[36:40], x9);
+ std.putle32(c[40:44], x10);
+ std.putle32(c[44:48], x11);
+ std.putle32(c[48:52], x12);
+ std.putle32(c[52:56], x13);
+ std.putle32(c[56:60], x14);
+ std.putle32(c[60:64], x15);
+
+ if m.len <= 64
+ if m.len < 64
+ std.slcp(ctarget[:m.len], c)
+ ;;
+ x.input[12] = j12;
+ x.input[13] = j13;
+ -> void
+ ;;
+ c = c[64:]
+ m = m[64:]
+ ;;
+
+}
+
diff --git a/lib/crypto/test/chacha20.myr b/lib/crypto/test/chacha20.myr
new file mode 100644
index 0000000..e9c09f4
--- /dev/null
+++ b/lib/crypto/test/chacha20.myr
@@ -0,0 +1,861 @@
+use std
+use testr
+use crypto
+
+type check = struct
+ key : byte[:]
+ iv : byte[:]
+ stream0 : byte[:]
+ stream1 : byte[:]
+ state : uint32[:]
+;;
+
+const main = {
+ testr.run([
+ [.name="chacha20-128-zero-key-zero-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3120646e,
+ /* 2 */ 0x79622d36,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0x00000000,
+ /* 5 */ 0x00000000,
+ /* 6 */ 0x00000000,
+ /* 7 */ 0x00000000,
+ /* 8 */ 0x00000000,
+ /* 9 */ 0x00000000,
+ /* 10 */ 0x00000000,
+ /* 11 */ 0x00000000,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0x00000000,
+ /* 15 */ 0x00000000,
+ ][:],
+ .stream0=\
+ "\x89\x67\x09\x52\x60\x83\x64\xfd" \
+ "\x00\xb2\xf9\x09\x36\xf0\x31\xc8" \
+ "\xe7\x56\xe1\x5d\xba\x04\xb8\x49" \
+ "\x3d\x00\x42\x92\x59\xb2\x0f\x46" \
+ "\xcc\x04\xf1\x11\x24\x6b\x6c\x2c" \
+ "\xe0\x66\xbe\x3b\xfb\x32\xd9\xaa" \
+ "\x0f\xdd\xfb\xc1\x21\x23\xd4\xb9" \
+ "\xe4\x4f\x34\xdc\xa0\x5a\x10\x3f",
+
+ .stream1=\
+ "\x6c\xd1\x35\xc2\x87\x8c\x83\x2b" \
+ "\x58\x96\xb1\x34\xf6\x14\x2a\x9d" \
+ "\x4d\x8d\x0d\x8f\x10\x26\xd2\x0a" \
+ "\x0a\x81\x51\x2c\xbc\xe6\xe9\x75" \
+ "\x8a\x71\x43\xd0\x21\x97\x80\x22" \
+ "\xa3\x84\x14\x1a\x80\xce\xa3\x06" \
+ "\x2f\x41\xf6\x7a\x75\x2e\x66\xad" \
+ "\x34\x11\x98\x4c\x78\x7e\x30\xad",
+
+
+ ]
+ check(&ck)
+ }],
+ [.name="chacha20-256-zero-key-zero-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3320646e,
+ /* 2 */ 0x79622d32,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0x00000000,
+ /* 5 */ 0x00000000,
+ /* 6 */ 0x00000000,
+ /* 7 */ 0x00000000,
+ /* 8 */ 0x00000000,
+ /* 9 */ 0x00000000,
+ /* 10 */ 0x00000000,
+ /* 11 */ 0x00000000,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0x00000000,
+ /* 15 */ 0x00000000,
+ ][:],
+ .stream0=\
+ "\x76\xb8\xe0\xad\xa0\xf1\x3d\x90" \
+ "\x40\x5d\x6a\xe5\x53\x86\xbd\x28" \
+ "\xbd\xd2\x19\xb8\xa0\x8d\xed\x1a" \
+ "\xa8\x36\xef\xcc\x8b\x77\x0d\xc7" \
+ "\xda\x41\x59\x7c\x51\x57\x48\x8d" \
+ "\x77\x24\xe0\x3f\xb8\xd8\x4a\x37" \
+ "\x6a\x43\xb8\xf4\x15\x18\xa1\x1c" \
+ "\xc3\x87\xb6\x69\xb2\xee\x65\x86",
+
+ .stream1=\
+ "\x9f\x07\xe7\xbe\x55\x51\x38\x7a" \
+ "\x98\xba\x97\x7c\x73\x2d\x08\x0d" \
+ "\xcb\x0f\x29\xa0\x48\xe3\x65\x69" \
+ "\x12\xc6\x53\x3e\x32\xee\x7a\xed" \
+ "\x29\xb7\x21\x76\x9c\xe6\x4e\x43" \
+ "\xd5\x71\x33\xb0\x74\xd8\x39\xd5" \
+ "\x31\xed\x1f\x28\x51\x0a\xfb\x45" \
+ "\xac\xe1\x0a\x1f\x4b\x79\x4d\x6f",
+
+
+ ]
+ check(&ck)
+ }],
+
+ [.name="chacha20-128-onebit-key-zero-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\x01\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3120646e,
+ /* 2 */ 0x79622d36,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0x00000001,
+ /* 5 */ 0x00000000,
+ /* 6 */ 0x00000000,
+ /* 7 */ 0x00000000,
+ /* 8 */ 0x00000001,
+ /* 9 */ 0x00000000,
+ /* 10 */ 0x00000000,
+ /* 11 */ 0x00000000,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0x00000000,
+ /* 15 */ 0x00000000,
+ ][:],
+ .stream0=\
+ "\xae\x56\x06\x0d\x04\xf5\xb5\x97" \
+ "\x89\x7f\xf2\xaf\x13\x88\xdb\xce" \
+ "\xff\x5a\x2a\x49\x20\x33\x5d\xc1" \
+ "\x7a\x3c\xb1\xb1\xb1\x0f\xbe\x70" \
+ "\xec\xe8\xf4\x86\x4d\x8c\x7c\xdf" \
+ "\x00\x76\x45\x3a\x82\x91\xc7\xdb" \
+ "\xeb\x3a\xa9\xc9\xd1\x0e\x8c\xa3" \
+ "\x6b\xe4\x44\x93\x76\xed\x7c\x42",
+
+ .stream1=\
+ "\xfc\x3d\x47\x1c\x34\xa3\x6f\xbb" \
+ "\xf6\x16\xbc\x0a\x0e\x7c\x52\x30" \
+ "\x30\xd9\x44\xf4\x3e\xc3\xe7\x8d" \
+ "\xd6\xa1\x24\x66\x54\x7c\xb4\xf7" \
+ "\xb3\xce\xbd\x0a\x50\x05\xe7\x62" \
+ "\xe5\x62\xd1\x37\x5b\x7a\xc4\x45" \
+ "\x93\xa9\x91\xb8\x5d\x1a\x60\xfb" \
+ "\xa2\x03\x5d\xfa\xa2\xa6\x42\xd5",
+
+
+ ]
+ check(&ck)
+ }],
+ [.name="chacha20-256-onebit-key-zero-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\x01\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+,
+ .iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3320646e,
+ /* 2 */ 0x79622d32,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0x00000001,
+ /* 5 */ 0x00000000,
+ /* 6 */ 0x00000000,
+ /* 7 */ 0x00000000,
+ /* 8 */ 0x00000000,
+ /* 9 */ 0x00000000,
+ /* 10 */ 0x00000000,
+ /* 11 */ 0x00000000,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0x00000000,
+ /* 15 */ 0x00000000,
+ ][:],
+ .stream0=\
+ "\xc5\xd3\x0a\x7c\xe1\xec\x11\x93" \
+ "\x78\xc8\x4f\x48\x7d\x77\x5a\x85" \
+ "\x42\xf1\x3e\xce\x23\x8a\x94\x55" \
+ "\xe8\x22\x9e\x88\x8d\xe8\x5b\xbd" \
+ "\x29\xeb\x63\xd0\xa1\x7a\x5b\x99" \
+ "\x9b\x52\xda\x22\xbe\x40\x23\xeb" \
+ "\x07\x62\x0a\x54\xf6\xfa\x6a\xd8" \
+ "\x73\x7b\x71\xeb\x04\x64\xda\xc0",
+
+ .stream1=\
+ "\x10\xf6\x56\xe6\xd1\xfd\x55\x05" \
+ "\x3e\x50\xc4\x87\x5c\x99\x30\xa3" \
+ "\x3f\x6d\x02\x63\xbd\x14\xdf\xd6" \
+ "\xab\x8c\x70\x52\x1c\x19\x33\x8b" \
+ "\x23\x08\xb9\x5c\xf8\xd0\xbb\x7d" \
+ "\x20\x2d\x21\x02\x78\x0e\xa3\x52" \
+ "\x8f\x1c\xb4\x85\x60\xf7\x6b\x20" \
+ "\xf3\x82\xb9\x42\x50\x0f\xce\xac",
+
+
+ ]
+ check(&ck)
+ }],
+
+ [.name="chacha20-128-zero-key-onebit-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+,
+ .iv = "\x01\x00\x00\x00\x00\x00\x00\x00",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3120646e,
+ /* 2 */ 0x79622d36,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0x00000000,
+ /* 5 */ 0x00000000,
+ /* 6 */ 0x00000000,
+ /* 7 */ 0x00000000,
+ /* 8 */ 0x00000000,
+ /* 9 */ 0x00000000,
+ /* 10 */ 0x00000000,
+ /* 11 */ 0x00000000,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0x00000001,
+ /* 15 */ 0x00000000,
+ ][:],
+ .stream0=\
+ "\x16\x63\x87\x9e\xb3\xf2\xc9\x94" \
+ "\x9e\x23\x88\xca\xa3\x43\xd3\x61" \
+ "\xbb\x13\x27\x71\x24\x5a\xe6\xd0" \
+ "\x27\xca\x9c\xb0\x10\xdc\x1f\xa7" \
+ "\x17\x8d\xc4\x1f\x82\x78\xbc\x1f" \
+ "\x64\xb3\xf1\x27\x69\xa2\x40\x97" \
+ "\xf4\x0d\x63\xa8\x63\x66\xbd\xb3" \
+ "\x6a\xc0\x8a\xbe\x60\xc0\x7f\xe8",
+
+ .stream1=\
+ "\xb0\x57\x37\x5c\x89\x14\x44\x08" \
+ "\xcc\x74\x46\x24\xf6\x9f\x7f\x4c" \
+ "\xcb\xd9\x33\x66\xc9\x2f\xc4\xdf" \
+ "\xca\xda\x65\xf1\xb9\x59\xd8\xc6" \
+ "\x4d\xfc\x50\xde\x71\x1f\xb4\x64" \
+ "\x16\xc2\x55\x3c\xc6\x0f\x21\xbb" \
+ "\xfd\x00\x64\x91\xcb\x17\x88\x8b" \
+ "\x4f\xb3\x52\x1c\x4f\xdd\x87\x45",
+
+
+ ]
+ check(&ck)
+ }],
+ [.name="chacha20-256-zero-key-onebit-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00" \
+ "\x00\x00\x00\x00\x00\x00\x00\x00"
+,
+ .iv = "\x01\x00\x00\x00\x00\x00\x00\x00",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3320646e,
+ /* 2 */ 0x79622d32,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0x00000000,
+ /* 5 */ 0x00000000,
+ /* 6 */ 0x00000000,
+ /* 7 */ 0x00000000,
+ /* 8 */ 0x00000000,
+ /* 9 */ 0x00000000,
+ /* 10 */ 0x00000000,
+ /* 11 */ 0x00000000,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0x00000001,
+ /* 15 */ 0x00000000,
+ ][:],
+ .stream0=\
+ "\xef\x3f\xdf\xd6\xc6\x15\x78\xfb" \
+ "\xf5\xcf\x35\xbd\x3d\xd3\x3b\x80" \
+ "\x09\x63\x16\x34\xd2\x1e\x42\xac" \
+ "\x33\x96\x0b\xd1\x38\xe5\x0d\x32" \
+ "\x11\x1e\x4c\xaf\x23\x7e\xe5\x3c" \
+ "\xa8\xad\x64\x26\x19\x4a\x88\x54" \
+ "\x5d\xdc\x49\x7a\x0b\x46\x6e\x7d" \
+ "\x6b\xbd\xb0\x04\x1b\x2f\x58\x6b",
+
+ .stream1=\
+ "\x53\x05\xe5\xe4\x4a\xff\x19\xb2" \
+ "\x35\x93\x61\x44\x67\x5e\xfb\xe4" \
+ "\x40\x9e\xb7\xe8\xe5\xf1\x43\x0f" \
+ "\x5f\x58\x36\xae\xb4\x9b\xb5\x32" \
+ "\x8b\x01\x7c\x4b\x9d\xc1\x1f\x8a" \
+ "\x03\x86\x3f\xa8\x03\xdc\x71\xd5" \
+ "\x72\x6b\x2b\x6b\x31\xaa\x32\x70" \
+ "\x8a\xfe\x5a\xf1\xd6\xb6\x90\x58",
+
+
+ ]
+ check(&ck)
+ }],
+
+ [.name="chacha20-128-allbit-key-allbit-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\xff\xff\xff\xff\xff\xff\xff\xff" \
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+,
+ .iv = "\xff\xff\xff\xff\xff\xff\xff\xff",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3120646e,
+ /* 2 */ 0x79622d36,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0xffffffff,
+ /* 5 */ 0xffffffff,
+ /* 6 */ 0xffffffff,
+ /* 7 */ 0xffffffff,
+ /* 8 */ 0xffffffff,
+ /* 9 */ 0xffffffff,
+ /* 10 */ 0xffffffff,
+ /* 11 */ 0xffffffff,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0xffffffff,
+ /* 15 */ 0xffffffff,
+ ][:],
+ .stream0=\
+ "\x99\x29\x47\xc3\x96\x61\x26\xa0" \
+ "\xe6\x60\xa3\xe9\x5d\xb0\x48\xde" \
+ "\x09\x1f\xb9\xe0\x18\x5b\x1e\x41" \
+ "\xe4\x10\x15\xbb\x7e\xe5\x01\x50" \
+ "\x39\x9e\x47\x60\xb2\x62\xf9\xd5" \
+ "\x3f\x26\xd8\xdd\x19\xe5\x6f\x5c" \
+ "\x50\x6a\xe0\xc3\x61\x9f\xa6\x7f" \
+ "\xb0\xc4\x08\x10\x6d\x02\x03\xee",
+
+ .stream1=\
+ "\x40\xea\x3c\xfa\x61\xfa\x32\xa2" \
+ "\xfd\xa8\xd1\x23\x8a\x21\x35\xd9" \
+ "\xd4\x17\x87\x75\x24\x0f\x99\x00" \
+ "\x70\x64\xa6\xa7\xf0\xc7\x31\xb6" \
+ "\x7c\x22\x7c\x52\xef\x79\x6b\x6b" \
+ "\xed\x9f\x90\x59\xba\x06\x14\xbc" \
+ "\xf6\xdd\x6e\x38\x91\x7f\x3b\x15" \
+ "\x0e\x57\x63\x75\xbe\x50\xed\x67",
+
+
+ ]
+ check(&ck)
+ }],
+ [.name="chacha20-256-allbit-key-allbit-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\xff\xff\xff\xff\xff\xff\xff\xff" \
+ "\xff\xff\xff\xff\xff\xff\xff\xff" \
+ "\xff\xff\xff\xff\xff\xff\xff\xff" \
+ "\xff\xff\xff\xff\xff\xff\xff\xff"
+,
+ .iv = "\xff\xff\xff\xff\xff\xff\xff\xff",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3320646e,
+ /* 2 */ 0x79622d32,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0xffffffff,
+ /* 5 */ 0xffffffff,
+ /* 6 */ 0xffffffff,
+ /* 7 */ 0xffffffff,
+ /* 8 */ 0xffffffff,
+ /* 9 */ 0xffffffff,
+ /* 10 */ 0xffffffff,
+ /* 11 */ 0xffffffff,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0xffffffff,
+ /* 15 */ 0xffffffff,
+ ][:],
+ .stream0=\
+ "\xd9\xbf\x3f\x6b\xce\x6e\xd0\xb5" \
+ "\x42\x54\x55\x77\x67\xfb\x57\x44" \
+ "\x3d\xd4\x77\x89\x11\xb6\x06\x05" \
+ "\x5c\x39\xcc\x25\xe6\x74\xb8\x36" \
+ "\x3f\xea\xbc\x57\xfd\xe5\x4f\x79" \
+ "\x0c\x52\xc8\xae\x43\x24\x0b\x79" \
+ "\xd4\x90\x42\xb7\x77\xbf\xd6\xcb" \
+ "\x80\xe9\x31\x27\x0b\x7f\x50\xeb",
+
+ .stream1=\
+ "\x5b\xac\x2a\xcd\x86\xa8\x36\xc5" \
+ "\xdc\x98\xc1\x16\xc1\x21\x7e\xc3" \
+ "\x1d\x3a\x63\xa9\x45\x13\x19\xf0" \
+ "\x97\xf3\xb4\xd6\xda\xb0\x77\x87" \
+ "\x19\x47\x7d\x24\xd2\x4b\x40\x3a" \
+ "\x12\x24\x1d\x7c\xca\x06\x4f\x79" \
+ "\x0f\x1d\x51\xcc\xaf\xf6\xb1\x66" \
+ "\x7d\x4b\xbc\xa1\x95\x8c\x43\x06",
+
+
+ ]
+ check(&ck)
+ }],
+
+ [.name="chacha20-128-evenbit-key-evenbit-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\x55\x55\x55\x55\x55\x55\x55\x55" \
+ "\x55\x55\x55\x55\x55\x55\x55\x55"
+,
+ .iv = "\x55\x55\x55\x55\x55\x55\x55\x55",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3120646e,
+ /* 2 */ 0x79622d36,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0x55555555,
+ /* 5 */ 0x55555555,
+ /* 6 */ 0x55555555,
+ /* 7 */ 0x55555555,
+ /* 8 */ 0x55555555,
+ /* 9 */ 0x55555555,
+ /* 10 */ 0x55555555,
+ /* 11 */ 0x55555555,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0x55555555,
+ /* 15 */ 0x55555555,
+ ][:],
+ .stream0=\
+ "\x35\x7d\x7d\x94\xf9\x66\x77\x8f" \
+ "\x58\x15\xa2\x05\x1d\xcb\x04\x13" \
+ "\x3b\x26\xb0\xea\xd9\xf5\x7d\xd0" \
+ "\x99\x27\x83\x7b\xc3\x06\x7e\x4b" \
+ "\x6b\xf2\x99\xad\x81\xf7\xf5\x0c" \
+ "\x8d\xa8\x3c\x78\x10\xbf\xc1\x7b" \
+ "\xb6\xf4\x81\x3a\xb6\xc3\x26\x95" \
+ "\x70\x45\xfd\x3f\xd5\xe1\x99\x15",
+
+ .stream1=\
+ "\xec\x74\x4a\x6b\x9b\xf8\xcb\xdc" \
+ "\xb3\x6d\x8b\x6a\x54\x99\xc6\x8a" \
+ "\x08\xef\x7b\xe6\xcc\x1e\x93\xf2" \
+ "\xf5\xbc\xd2\xca\xd4\xe4\x7c\x18" \
+ "\xa3\xe5\xd9\x4b\x56\x66\x38\x2c" \
+ "\x6d\x13\x0d\x82\x2d\xd5\x6a\xac" \
+ "\xb0\xf8\x19\x52\x78\xe7\xb2\x92" \
+ "\x49\x5f\x09\x86\x8d\xdf\x12\xcc",
+
+
+ ]
+ check(&ck)
+ }],
+ [.name="chacha20-256-evenbit-key-evenbit-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\x55\x55\x55\x55\x55\x55\x55\x55" \
+ "\x55\x55\x55\x55\x55\x55\x55\x55" \
+ "\x55\x55\x55\x55\x55\x55\x55\x55" \
+ "\x55\x55\x55\x55\x55\x55\x55\x55"
+,
+ .iv = "\x55\x55\x55\x55\x55\x55\x55\x55",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3320646e,
+ /* 2 */ 0x79622d32,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0x55555555,
+ /* 5 */ 0x55555555,
+ /* 6 */ 0x55555555,
+ /* 7 */ 0x55555555,
+ /* 8 */ 0x55555555,
+ /* 9 */ 0x55555555,
+ /* 10 */ 0x55555555,
+ /* 11 */ 0x55555555,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0x55555555,
+ /* 15 */ 0x55555555,
+ ][:],
+ .stream0=\
+ "\xbe\xa9\x41\x1a\xa4\x53\xc5\x43" \
+ "\x4a\x5a\xe8\xc9\x28\x62\xf5\x64" \
+ "\x39\x68\x55\xa9\xea\x6e\x22\xd6" \
+ "\xd3\xb5\x0a\xe1\xb3\x66\x33\x11" \
+ "\xa4\xa3\x60\x6c\x67\x1d\x60\x5c" \
+ "\xe1\x6c\x3a\xec\xe8\xe6\x1e\xa1" \
+ "\x45\xc5\x97\x75\x01\x7b\xee\x2f" \
+ "\xa6\xf8\x8a\xfc\x75\x80\x69\xf7",
+
+ .stream1=\
+ "\xe0\xb8\xf6\x76\xe6\x44\x21\x6f" \
+ "\x4d\x2a\x34\x22\xd7\xfa\x36\xc6" \
+ "\xc4\x93\x1a\xca\x95\x0e\x9d\xa4" \
+ "\x27\x88\xe6\xd0\xb6\xd1\xcd\x83" \
+ "\x8e\xf6\x52\xe9\x7b\x14\x5b\x14" \
+ "\x87\x1e\xae\x6c\x68\x04\xc7\x00" \
+ "\x4d\xb5\xac\x2f\xce\x4c\x68\xc7" \
+ "\x26\xd0\x04\xb1\x0f\xca\xba\x86",
+
+
+ ]
+ check(&ck)
+ }],
+
+ [.name="chacha20-128-oddbit-key-oddbit-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" \
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+,
+ .iv = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3120646e,
+ /* 2 */ 0x79622d36,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0xaaaaaaaa,
+ /* 5 */ 0xaaaaaaaa,
+ /* 6 */ 0xaaaaaaaa,
+ /* 7 */ 0xaaaaaaaa,
+ /* 8 */ 0xaaaaaaaa,
+ /* 9 */ 0xaaaaaaaa,
+ /* 10 */ 0xaaaaaaaa,
+ /* 11 */ 0xaaaaaaaa,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0xaaaaaaaa,
+ /* 15 */ 0xaaaaaaaa,
+ ][:],
+ .stream0=\
+ "\xfc\x79\xac\xbd\x58\x52\x61\x03" \
+ "\x86\x27\x76\xaa\xb2\x0f\x3b\x7d" \
+ "\x8d\x31\x49\xb2\xfa\xb6\x57\x66" \
+ "\x29\x93\x16\xb6\xe5\xb1\x66\x84" \
+ "\xde\x5d\xe5\x48\xc1\xb7\xd0\x83" \
+ "\xef\xd9\xe3\x05\x23\x19\xe0\xc6" \
+ "\x25\x41\x41\xda\x04\xa6\x58\x6d" \
+ "\xf8\x00\xf6\x4d\x46\xb0\x1c\x87",
+
+ .stream1=\
+ "\x1f\x05\xbc\x67\xe0\x76\x28\xeb" \
+ "\xe6\xf6\x86\x5a\x21\x77\xe0\xb6" \
+ "\x6a\x55\x8a\xa7\xcc\x1e\x8f\xf1" \
+ "\xa9\x8d\x27\xf7\x07\x1f\x83\x35" \
+ "\xef\xce\x45\x37\xbb\x0e\xf7\xb5" \
+ "\x73\xb3\x2f\x32\x76\x5f\x29\x00" \
+ "\x7d\xa5\x3b\xba\x62\xe7\xa4\x4d" \
+ "\x00\x6f\x41\xeb\x28\xfe\x15\xd6",
+
+
+ ]
+ check(&ck)
+ }],
+ [.name="chacha20-256-oddbit-key-oddbit-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" \
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" \
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" \
+ "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
+,
+ .iv = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3320646e,
+ /* 2 */ 0x79622d32,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0xaaaaaaaa,
+ /* 5 */ 0xaaaaaaaa,
+ /* 6 */ 0xaaaaaaaa,
+ /* 7 */ 0xaaaaaaaa,
+ /* 8 */ 0xaaaaaaaa,
+ /* 9 */ 0xaaaaaaaa,
+ /* 10 */ 0xaaaaaaaa,
+ /* 11 */ 0xaaaaaaaa,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0xaaaaaaaa,
+ /* 15 */ 0xaaaaaaaa,
+ ][:],
+ .stream0=\
+ "\x9a\xa2\xa9\xf6\x56\xef\xde\x5a" \
+ "\xa7\x59\x1c\x5f\xed\x4b\x35\xae" \
+ "\xa2\x89\x5d\xec\x7c\xb4\x54\x3b" \
+ "\x9e\x9f\x21\xf5\xe7\xbc\xbc\xf3" \
+ "\xc4\x3c\x74\x8a\x97\x08\x88\xf8" \
+ "\x24\x83\x93\xa0\x9d\x43\xe0\xb7" \
+ "\xe1\x64\xbc\x4d\x0b\x0f\xb2\x40" \
+ "\xa2\xd7\x21\x15\xc4\x80\x89\x06",
+
+ .stream1=\
+ "\x72\x18\x44\x89\x44\x05\x45\xd0" \
+ "\x21\xd9\x7e\xf6\xb6\x93\xdf\xe5" \
+ "\xb2\xc1\x32\xd4\x7e\x6f\x04\x1c" \
+ "\x90\x63\x65\x1f\x96\xb6\x23\xe6" \
+ "\x2a\x11\x99\x9a\x23\xb6\xf7\xc4" \
+ "\x61\xb2\x15\x30\x26\xad\x5e\x86" \
+ "\x6a\x2e\x59\x7e\xd0\x7b\x84\x01" \
+ "\xde\xc6\x3a\x09\x34\xc6\xb2\xa9",
+
+
+ ]
+ check(&ck)
+ }],
+
+ [.name="chacha20-128-seqpat-key-seqpat-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\x00\x11\x22\x33\x44\x55\x66\x77" \
+ "\x88\x99\xaa\xbb\xcc\xdd\xee\xff"
+,
+ .iv = "\x0f\x1e\x2d\x3c\x4b\x5a\x69\x78",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3120646e,
+ /* 2 */ 0x79622d36,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0x33221100,
+ /* 5 */ 0x77665544,
+ /* 6 */ 0xbbaa9988,
+ /* 7 */ 0xffeeddcc,
+ /* 8 */ 0x33221100,
+ /* 9 */ 0x77665544,
+ /* 10 */ 0xbbaa9988,
+ /* 11 */ 0xffeeddcc,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0x3c2d1e0f,
+ /* 15 */ 0x78695a4b,
+ ][:],
+ .stream0=\
+ "\xd1\xab\xf6\x30\x46\x7e\xb4\xf6" \
+ "\x7f\x1c\xfb\x47\xcd\x62\x6a\xae" \
+ "\x8a\xfe\xdb\xbe\x4f\xf8\xfc\x5f" \
+ "\xe9\xcf\xae\x30\x7e\x74\xed\x45" \
+ "\x1f\x14\x04\x42\x5a\xd2\xb5\x45" \
+ "\x69\xd5\xf1\x81\x48\x93\x99\x71" \
+ "\xab\xb8\xfa\xfc\x88\xce\x4a\xc7" \
+ "\xfe\x1c\x3d\x1f\x7a\x1e\xb7\xca",
+
+ .stream1=\
+ "\xe7\x6c\xa8\x7b\x61\xa9\x71\x35" \
+ "\x41\x49\x77\x60\xdd\x9a\xe0\x59" \
+ "\x35\x0c\xad\x0d\xce\xdf\xaa\x80" \
+ "\xa8\x83\x11\x9a\x1a\x6f\x98\x7f" \
+ "\xd1\xce\x91\xfd\x8e\xe0\x82\x80" \
+ "\x34\xb4\x11\x20\x0a\x97\x45\xa2" \
+ "\x85\x55\x44\x75\xd1\x2a\xfc\x04" \
+ "\x88\x7f\xef\x35\x16\xd1\x2a\x2c",
+
+
+ ]
+ check(&ck)
+ }],
+ [.name="chacha20-256-seqpat-key-seqpat-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\x00\x11\x22\x33\x44\x55\x66\x77" \
+ "\x88\x99\xaa\xbb\xcc\xdd\xee\xff" \
+ "\xff\xee\xdd\xcc\xbb\xaa\x99\x88" \
+ "\x77\x66\x55\x44\x33\x22\x11\x00"
+,
+ .iv = "\x0f\x1e\x2d\x3c\x4b\x5a\x69\x78",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3320646e,
+ /* 2 */ 0x79622d32,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0x33221100,
+ /* 5 */ 0x77665544,
+ /* 6 */ 0xbbaa9988,
+ /* 7 */ 0xffeeddcc,
+ /* 8 */ 0xccddeeff,
+ /* 9 */ 0x8899aabb,
+ /* 10 */ 0x44556677,
+ /* 11 */ 0x00112233,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0x3c2d1e0f,
+ /* 15 */ 0x78695a4b,
+ ][:],
+ .stream0=\
+ "\x9f\xad\xf4\x09\xc0\x08\x11\xd0" \
+ "\x04\x31\xd6\x7e\xfb\xd8\x8f\xba" \
+ "\x59\x21\x8d\x5d\x67\x08\xb1\xd6" \
+ "\x85\x86\x3f\xab\xbb\x0e\x96\x1e" \
+ "\xea\x48\x0f\xd6\xfb\x53\x2b\xfd" \
+ "\x49\x4b\x21\x51\x01\x50\x57\x42" \
+ "\x3a\xb6\x0a\x63\xfe\x4f\x55\xf7" \
+ "\xa2\x12\xe2\x16\x7c\xca\xb9\x31",
+
+ .stream1=\
+ "\xfb\xfd\x29\xcf\x7b\xc1\xd2\x79" \
+ "\xed\xdf\x25\xdd\x31\x6b\xb8\x84" \
+ "\x3d\x6e\xde\xe0\xbd\x1e\xf1\x21" \
+ "\xd1\x2f\xa1\x7c\xbc\x2c\x57\x4c" \
+ "\xcc\xab\x5e\x27\x51\x67\xb0\x8b" \
+ "\xd6\x86\xf8\xa0\x9d\xf8\x7e\xc3" \
+ "\xff\xb3\x53\x61\xb9\x4e\xbf\xa1" \
+ "\x3f\xec\x0e\x48\x89\xd1\x8d\xa5",
+
+
+ ]
+ check(&ck)
+ }],
+
+ [.name="chacha20-128-randbit-key-randbit-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\xc4\x6e\xc1\xb1\x8c\xe8\xa8\x78" \
+ "\x72\x5a\x37\xe7\x80\xdf\xb7\x35"
+,
+ .iv = "\x1a\xda\x31\xd5\xcf\x68\x82\x21",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3120646e,
+ /* 2 */ 0x79622d36,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0xb1c16ec4,
+ /* 5 */ 0x78a8e88c,
+ /* 6 */ 0xe7375a72,
+ /* 7 */ 0x35b7df80,
+ /* 8 */ 0xb1c16ec4,
+ /* 9 */ 0x78a8e88c,
+ /* 10 */ 0xe7375a72,
+ /* 11 */ 0x35b7df80,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0xd531da1a,
+ /* 15 */ 0x218268cf,
+ ][:],
+ .stream0=\
+ "\x82\x6a\xbd\xd8\x44\x60\xe2\xe9" \
+ "\x34\x9f\x0e\xf4\xaf\x5b\x17\x9b" \
+ "\x42\x6e\x4b\x2d\x10\x9a\x9c\x5b" \
+ "\xb4\x40\x00\xae\x51\xbe\xa9\x0a" \
+ "\x49\x6b\xee\xef\x62\xa7\x68\x50" \
+ "\xff\x3f\x04\x02\xc4\xdd\xc9\x9f" \
+ "\x6d\xb0\x7f\x15\x1c\x1c\x0d\xfa" \
+ "\xc2\xe5\x65\x65\xd6\x28\x96\x25",
+
+ .stream1=\
+ "\x5b\x23\x13\x2e\x7b\x46\x9c\x7b" \
+ "\xfb\x88\xfa\x95\xd4\x4c\xa5\xae" \
+ "\x3e\x45\xe8\x48\xa4\x10\x8e\x98" \
+ "\xba\xd7\xa9\xeb\x15\x51\x27\x84" \
+ "\xa6\xa9\xe6\xe5\x91\xdc\xe6\x74" \
+ "\x12\x0a\xca\xf9\x04\x0f\xf5\x0f" \
+ "\xf3\xac\x30\xcc\xfb\x5e\x14\x20" \
+ "\x4f\x5e\x42\x68\xb9\x0a\x88\x04",
+
+
+ ]
+ check(&ck)
+ }],
+ [.name="chacha20-256-randbit-key-randbit-iv", .fn={ctx
+ var ck : check = [
+ .key = \
+ "\xc4\x6e\xc1\xb1\x8c\xe8\xa8\x78" \
+ "\x72\x5a\x37\xe7\x80\xdf\xb7\x35" \
+ "\x1f\x68\xed\x2e\x19\x4c\x79\xfb" \
+ "\xc6\xae\xbe\xe1\xa6\x67\x97\x5d"
+,
+ .iv = "\x1a\xda\x31\xd5\xcf\x68\x82\x21",
+ .state=[
+ /* 0 */ 0x61707865,
+ /* 1 */ 0x3320646e,
+ /* 2 */ 0x79622d32,
+ /* 3 */ 0x6b206574,
+ /* 4 */ 0xb1c16ec4,
+ /* 5 */ 0x78a8e88c,
+ /* 6 */ 0xe7375a72,
+ /* 7 */ 0x35b7df80,
+ /* 8 */ 0x2eed681f,
+ /* 9 */ 0xfb794c19,
+ /* 10 */ 0xe1beaec6,
+ /* 11 */ 0x5d9767a6,
+ /* 12 */ 0x00000000,
+ /* 13 */ 0x00000000,
+ /* 14 */ 0xd531da1a,
+ /* 15 */ 0x218268cf,
+ ][:],
+ .stream0=\
+ "\xf6\x3a\x89\xb7\x5c\x22\x71\xf9" \
+ "\x36\x88\x16\x54\x2b\xa5\x2f\x06" \
+ "\xed\x49\x24\x17\x92\x30\x2b\x00" \
+ "\xb5\xe8\xf8\x0a\xe9\xa4\x73\xaf" \
+ "\xc2\x5b\x21\x8f\x51\x9a\xf0\xfd" \
+ "\xd4\x06\x36\x2e\x8d\x69\xde\x7f" \
+ "\x54\xc6\x04\xa6\xe0\x0f\x35\x3f" \
+ "\x11\x0f\x77\x1b\xdc\xa8\xab\x92",
+
+ .stream1=\
+ "\xe5\xfb\xc3\x4e\x60\xa1\xd9\xa9" \
+ "\xdb\x17\x34\x5b\x0a\x40\x27\x36" \
+ "\x85\x3b\xf9\x10\xb0\x60\xbd\xf1" \
+ "\xf8\x97\xb6\x29\x0f\x01\xd1\x38" \
+ "\xae\x2c\x4c\x90\x22\x5b\xa9\xea" \
+ "\x14\xd5\x18\xf5\x59\x29\xde\xa0" \
+ "\x98\xca\x7a\x6c\xcf\xe6\x12\x27" \
+ "\x05\x3c\x84\xe4\x9a\x4a\x33\x32",
+
+
+ ]
+ check(&ck)
+ }],
+ ][:])
+}
+
+const check = {chk
+ var st
+ var data : byte[64] = [
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ ]
+ var result : byte[64] = [
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ 0, 0, 0, 0, 0, 0, 0, 0,
+ ]
+
+ crypto.chacha20keysetup(&st, chk.key)
+ crypto.chacha20ivsetup(&st, chk.iv)
+
+ for (i, s) in std.byenum(chk.state)
+ std.assert(st.input[i] == s, "mismatched state\n")
+ ;;
+
+ crypto.chacha20encrypt(&st, data[:], result[:])
+ std.assert(std.sleq(result[:], chk.stream0), "mismatched stream0")
+
+ crypto.chacha20encrypt(&st, data[:], result[:])
+ std.assert(std.sleq(result[:], chk.stream1), "mismatched stream1")
+}
+