rbnacl-libsodium 1.0.8 → 1.0.9

data/vendor/libsodium/test/default/aead_aes256gcm.c

@@ -2,9 +2,6 @@
 #define TEST_NAME "aead_aes256gcm"
 #include "cmptest.h"
 
-#if defined(HAVE_WMMINTRIN_H) || \
-    (defined(_MSC_VER) && (defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86)))
-
 static struct {
     const char *key_hex;
     const char *nonce_hex;
@@ -3079,26 +3076,31 @@ static struct {
     }
 };
 
-int
+static int
 tv(void)
 {
     unsigned char      *ad;
     unsigned char      *ciphertext;
     unsigned char      *decrypted;
+    unsigned char      *detached_ciphertext;
     unsigned char      *expected_ciphertext;
     unsigned char      *key;
     unsigned char      *message;
+    unsigned char      *mac;
     unsigned char      *nonce;
     char               *hex;
     unsigned long long  found_ciphertext_len;
+    unsigned long long  found_mac_len;
     unsigned long long  found_message_len;
     size_t              ad_len;
     size_t              ciphertext_len;
+    size_t              detached_ciphertext_len;
     size_t              i = 0U;
     size_t              message_len;
 
     key = (unsigned char *) sodium_malloc(crypto_aead_aes256gcm_KEYBYTES);
     nonce = (unsigned char *) sodium_malloc(crypto_aead_aes256gcm_NPUBBYTES);
+    mac = (unsigned char *) sodium_malloc(crypto_aead_aes256gcm_ABYTES);
 
     do {
         assert(strlen(tests[i].key_hex) == 2 * crypto_aead_aes256gcm_KEYBYTES);
@@ -3120,6 +3122,7 @@ tv(void)
                        tests[i].ad_hex, strlen(tests[i].ad_hex),
                        NULL, NULL, NULL);
         ciphertext_len = message_len + crypto_aead_aes256gcm_ABYTES;
+        detached_ciphertext_len = message_len;
         expected_ciphertext = (unsigned char *) sodium_malloc(ciphertext_len);
         assert(strlen(tests[i].ciphertext_hex) == 2 * message_len);
         sodium_hex2bin(expected_ciphertext, message_len,
@@ -3130,6 +3133,24 @@ tv(void)
                        tests[i].mac_hex, strlen(tests[i].mac_hex),
                        NULL, NULL, NULL);
         ciphertext = (unsigned char *) sodium_malloc(ciphertext_len);
+        detached_ciphertext = (unsigned char *) sodium_malloc(detached_ciphertext_len);
+
+        crypto_aead_aes256gcm_encrypt_detached(detached_ciphertext, mac,
+                                               &found_mac_len,
+                                               message, message_len,
+                                               ad, ad_len, NULL, nonce, key);
+        assert(found_mac_len == crypto_aead_aes256gcm_ABYTES);
+        if (memcmp(detached_ciphertext, expected_ciphertext,
+                   detached_ciphertext_len) != 0 ||
+            memcmp(mac, expected_ciphertext + message_len,
+                   crypto_aead_aes256gcm_ABYTES) != 0) {
+            printf("Detached encryption of test vector #%u failed\n", (unsigned int) i);
+            hex = (char *) sodium_malloc((size_t) found_ciphertext_len * 2 + 1);
+            sodium_bin2hex(hex, (size_t) found_ciphertext_len * 2 + 1,
+                           ciphertext, ciphertext_len);
+            printf("Computed: [%s]\n", hex);
+            sodium_free(hex);
+        }
 
         crypto_aead_aes256gcm_encrypt(ciphertext, &found_ciphertext_len,
                                       message, message_len,
@@ -3144,7 +3165,9 @@ tv(void)
             printf("Computed: [%s]\n", hex);
             sodium_free(hex);
         }
+
         decrypted = (unsigned char *) sodium_malloc(message_len);
+        found_message_len = 1;
         if (crypto_aead_aes256gcm_decrypt(decrypted, &found_message_len,
                                           NULL, ciphertext,
                                           randombytes_uniform(ciphertext_len),
@@ -3152,6 +3175,9 @@ tv(void)
             printf("Verification of test vector #%u after truncation succeeded\n",
                    (unsigned int) i);
         }
+        if (found_message_len != 0) {
+            printf("Message length should have been set to zero after a failure\n");
+        }
         if (crypto_aead_aes256gcm_decrypt(decrypted, &found_message_len,
                                           NULL, ciphertext,
                                           randombytes_uniform(crypto_aead_aes256gcm_ABYTES),
@@ -3168,14 +3194,27 @@ tv(void)
         if (memcmp(decrypted, message, message_len) != 0) {
             printf("Incorrect decryption of test vector #%u\n", (unsigned int) i);
         }
+        memset(decrypted, 0xd0, message_len);
+        if (crypto_aead_aes256gcm_decrypt_detached(decrypted,
+                                                   NULL, detached_ciphertext,
+                                                   detached_ciphertext_len,
+                                                   mac, ad, ad_len, nonce, key) != 0) {
+            printf("Detached verification of test vector #%u failed\n", (unsigned int) i);
+        }
+        if (memcmp(decrypted, message, message_len) != 0) {
+            printf("Incorrect decryption of test vector #%u\n", (unsigned int) i);
+        }
+
         sodium_free(message);
         sodium_free(ad);
         sodium_free(expected_ciphertext);
         sodium_free(ciphertext);
         sodium_free(decrypted);
+        sodium_free(detached_ciphertext);
     } while (++i < (sizeof tests) / (sizeof tests[0]));
 
     sodium_free(key);
+    sodium_free(mac);
     sodium_free(nonce);
 
     return 0;
@@ -3196,16 +3235,3 @@ main(void)
 
     return 0;
 }
-
-#else
-
-int
-main(void)
-{
-    assert(crypto_aead_aes256gcm_is_available() >= 0);
-    printf("OK\n");
-
-    return 0;
-}
-
-#endif

data/vendor/libsodium/test/default/aead_chacha20poly1305.c

@@ -5,118 +5,160 @@
 static int
 tv(void)
 {
-    static unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES]
+#undef  MLEN
+#define MLEN 10U
+#undef  ADLEN
+#define ADLEN 10U
+#undef  CLEN
+#define CLEN (MLEN + crypto_aead_chacha20poly1305_ABYTES)
+    static const unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES]
         = { 0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf,
             0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27,
             0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07 };
-    static unsigned char m[10U]
+    static const unsigned char m[MLEN]
         = { 0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca };
-    static unsigned char nonce[crypto_aead_chacha20poly1305_NPUBBYTES]
+    static const unsigned char nonce[crypto_aead_chacha20poly1305_NPUBBYTES]
         = { 0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a };
-    static unsigned char ad[10U]
+    static const unsigned char ad[ADLEN]
         = { 0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0 };
-    static unsigned char c[10U + crypto_aead_chacha20poly1305_ABYTES];
-
-    unsigned char m2[10U];
-    unsigned long long clen;
+    unsigned char *c = (unsigned char *) sodium_malloc(CLEN);
+    unsigned char *detached_c = (unsigned char *) sodium_malloc(MLEN);
+    unsigned char *mac = (unsigned char *) sodium_malloc(crypto_aead_chacha20poly1305_ABYTES);
+    unsigned char *m2 = (unsigned char *) sodium_malloc(MLEN);
+    unsigned long long found_clen;
+    unsigned long long found_maclen;
     unsigned long long m2len;
     size_t i;
 
-    crypto_aead_chacha20poly1305_encrypt(c, &clen, m, sizeof m, ad, sizeof ad,
+    crypto_aead_chacha20poly1305_encrypt(c, &found_clen, m, MLEN,
+                                         ad, ADLEN,
                                          NULL, nonce, firstkey);
-    if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
-        printf("clen is not properly set\n");
+    if (found_clen != CLEN) {
+        printf("found_clen is not properly set\n");
     }
-    for (i = 0U; i < sizeof c; ++i) {
-        printf(",0x%02x", (unsigned int)c[i]);
+    for (i = 0U; i < CLEN; ++i) {
+        printf(",0x%02x", (unsigned int) c[i]);
         if (i % 8 == 7) {
             printf("\n");
         }
     }
     printf("\n");
+    crypto_aead_chacha20poly1305_encrypt_detached(detached_c,
+                                                  mac, &found_maclen,
+                                                  m, MLEN, ad, ADLEN,
+                                                  NULL, nonce, firstkey);
+    if (found_maclen != crypto_aead_chacha20poly1305_abytes()) {
+        printf("found_maclen is not properly set\n");
+    }
+    if (memcmp(detached_c, c, MLEN) != 0) {
+        printf("detached ciphertext is bogus\n");
+    }
 
-    if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, sizeof c, ad,
-                                             sizeof ad, nonce, firstkey) != 0) {
+    if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, CLEN,
+                                             ad, ADLEN,
+                                             nonce, firstkey) != 0) {
         printf("crypto_aead_chacha20poly1305_decrypt() failed\n");
     }
-    if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
+    if (m2len != MLEN) {
         printf("m2len is not properly set\n");
     }
-    if (memcmp(m, m2, sizeof m) != 0) {
+    if (memcmp(m, m2, MLEN) != 0) {
         printf("m != m2\n");
     }
+    memset(m2, 0, m2len);
+    if (crypto_aead_chacha20poly1305_decrypt_detached(m2, NULL,
+                                                      c, MLEN, mac,
+                                                      ad, ADLEN,
+                                                      nonce, firstkey) != 0) {
+        printf("crypto_aead_chacha20poly1305_decrypt_detached() failed\n");
+    }
+    if (memcmp(m, m2, MLEN) != 0) {
+        printf("detached m != m2\n");
+    }
 
-    for (i = 0U; i < sizeof c; i++) {
+    for (i = 0U; i < CLEN; i++) {
         c[i] ^= (i + 1U);
-        if (crypto_aead_chacha20poly1305_decrypt(m2, NULL, NULL, c, sizeof c,
-                                                 ad, sizeof ad, nonce, firstkey)
-            == 0 || memcmp(m, m2, sizeof m) == 0) {
+        if (crypto_aead_chacha20poly1305_decrypt(m2, NULL, NULL, c, CLEN,
+                                                 ad, ADLEN, nonce, firstkey)
+            == 0 || memcmp(m, m2, MLEN) == 0) {
             printf("message can be forged\n");
         }
         c[i] ^= (i + 1U);
     }
 
-    crypto_aead_chacha20poly1305_encrypt(c, &clen, m, sizeof m, NULL, 0U, NULL,
-                                         nonce, firstkey);
-    if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
-        printf("clen is not properly set (adlen=0)\n");
+    crypto_aead_chacha20poly1305_encrypt(c, &found_clen, m, MLEN,
+                                         NULL, 0U, NULL, nonce, firstkey);
+    if (found_clen != CLEN) {
+        printf("found_clen is not properly set (adlen=0)\n");
     }
-    for (i = 0U; i < sizeof c; ++i) {
-        printf(",0x%02x", (unsigned int)c[i]);
+    for (i = 0U; i < CLEN; ++i) {
+        printf(",0x%02x", (unsigned int) c[i]);
         if (i % 8 == 7) {
             printf("\n");
         }
     }
     printf("\n");
 
-    if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, sizeof c,
+    if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, CLEN,
                                              NULL, 0U, nonce, firstkey) != 0) {
         printf("crypto_aead_chacha20poly1305_decrypt() failed (adlen=0)\n");
     }
-    if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
+    if (m2len != MLEN) {
         printf("m2len is not properly set (adlen=0)\n");
     }
-    if (memcmp(m, m2, sizeof m) != 0) {
+    if (memcmp(m, m2, MLEN) != 0) {
         printf("m != m2 (adlen=0)\n");
     }
-
+    m2len = 1;
     if (crypto_aead_chacha20poly1305_decrypt(
             m2, &m2len, NULL, c, crypto_aead_chacha20poly1305_ABYTES / 2, NULL,
             0U, nonce, firstkey) != -1) {
         printf("crypto_aead_chacha20poly1305_decrypt() worked with a short "
                "ciphertext\n");
     }
+    if (m2len != 0) {
+        printf("Message length should have been set to zero after a failure\n");
+    }
+    m2len = 1;
     if (crypto_aead_chacha20poly1305_decrypt(m2, &m2len, NULL, c, 0U, NULL, 0U,
                                              nonce, firstkey) != -1) {
         printf("crypto_aead_chacha20poly1305_decrypt() worked with an empty "
                "ciphertext\n");
     }
-
-    memcpy(c, m, sizeof m);
-    crypto_aead_chacha20poly1305_encrypt(c, &clen, c, sizeof m, NULL, 0U, NULL,
-                                         nonce, firstkey);
-    if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
-        printf("clen is not properly set (adlen=0)\n");
+    if (m2len != 0) {
+        printf("Message length should have been set to zero after a failure\n");
     }
-    for (i = 0U; i < sizeof c; ++i) {
-        printf(",0x%02x", (unsigned int)c[i]);
+
+    memcpy(c, m, MLEN);
+    crypto_aead_chacha20poly1305_encrypt(c, &found_clen, c, MLEN,
+                                         NULL, 0U, NULL, nonce, firstkey);
+    if (found_clen != CLEN) {
+        printf("found_clen is not properly set (adlen=0)\n");
+    }
+    for (i = 0U; i < CLEN; ++i) {
+        printf(",0x%02x", (unsigned int) c[i]);
         if (i % 8 == 7) {
             printf("\n");
         }
     }
     printf("\n");
 
-    if (crypto_aead_chacha20poly1305_decrypt(c, &m2len, NULL, c, sizeof c,
+    if (crypto_aead_chacha20poly1305_decrypt(c, &m2len, NULL, c, CLEN,
                                              NULL, 0U, nonce, firstkey) != 0) {
         printf("crypto_aead_chacha20poly1305_decrypt() failed (adlen=0)\n");
     }
-    if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
+    if (m2len != MLEN) {
         printf("m2len is not properly set (adlen=0)\n");
     }
-    if (memcmp(m, c, sizeof m) != 0) {
+    if (memcmp(m, c, MLEN) != 0) {
         printf("m != c (adlen=0)\n");
     }
 
+    sodium_free(c);
+    sodium_free(detached_c);
+    sodium_free(mac);
+    sodium_free(m2);
+
     assert(crypto_aead_chacha20poly1305_keybytes() > 0U);
     assert(crypto_aead_chacha20poly1305_npubbytes() > 0U);
     assert(crypto_aead_chacha20poly1305_nsecbytes() == 0U);
@@ -127,126 +169,177 @@ tv(void)
 static int
 tv_ietf(void)
 {
-    static unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES]
+#undef  MLEN
+#define MLEN 114U
+#undef  ADLEN
+#define ADLEN 12U
+#undef  CLEN
+#define CLEN (MLEN + crypto_aead_chacha20poly1305_ietf_ABYTES)
+    static const unsigned char firstkey[crypto_aead_chacha20poly1305_ietf_KEYBYTES]
         = {
             0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
             0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
             0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
             0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
         };
+#undef  MESSAGE
 #define MESSAGE "Ladies and Gentlemen of the class of '99: If I could offer you " \
 "only one tip for the future, sunscreen would be it."
-    static unsigned char m[114U];
-    static unsigned char nonce[crypto_aead_chacha20poly1305_IETF_NPUBBYTES]
+    unsigned char *m = (unsigned char *) sodium_malloc(MLEN);
+    static const unsigned char nonce[crypto_aead_chacha20poly1305_ietf_NPUBBYTES]
         = { 0x07, 0x00, 0x00, 0x00,
             0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 };
-    static unsigned char ad[12U]
+    static const unsigned char ad[ADLEN]
         = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
-    static unsigned char c[114U + crypto_aead_chacha20poly1305_ABYTES];
-
-    unsigned char m2[114U];
-    unsigned long long clen;
+    unsigned char *c = (unsigned char *) sodium_malloc(CLEN);
+    unsigned char *detached_c = (unsigned char *) sodium_malloc(MLEN);
+    unsigned char *mac = (unsigned char *) sodium_malloc(crypto_aead_chacha20poly1305_ietf_ABYTES);
+    unsigned char *m2 = (unsigned char *) sodium_malloc(MLEN);
+    unsigned long long found_clen;
+    unsigned long long found_maclen;
     unsigned long long m2len;
     size_t i;
 
-    assert(sizeof MESSAGE - 1U == sizeof m);
-    memcpy(m, MESSAGE, sizeof m);
-    crypto_aead_chacha20poly1305_ietf_encrypt(c, &clen, m, sizeof m, ad, sizeof ad,
+    assert(sizeof MESSAGE - 1U == MLEN);
+    memcpy(m, MESSAGE, MLEN);
+    crypto_aead_chacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN,
+                                              ad, ADLEN,
                                               NULL, nonce, firstkey);
-    if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
-        printf("clen is not properly set\n");
+    if (found_clen != MLEN + crypto_aead_chacha20poly1305_ietf_abytes()) {
+        printf("found_clen is not properly set\n");
     }
-    for (i = 0U; i < sizeof c; ++i) {
-        printf(",0x%02x", (unsigned int)c[i]);
+    for (i = 0U; i < CLEN; ++i) {
+        printf(",0x%02x", (unsigned int) c[i]);
         if (i % 8 == 7) {
             printf("\n");
         }
     }
     printf("\n");
+    crypto_aead_chacha20poly1305_ietf_encrypt_detached(detached_c,
+                                                       mac, &found_maclen,
+                                                       m, MLEN,
+                                                       ad, ADLEN,
+                                                       NULL, nonce, firstkey);
+    if (found_maclen != crypto_aead_chacha20poly1305_ietf_abytes()) {
+        printf("found_maclen is not properly set\n");
+    }
+    if (memcmp(detached_c, c, MLEN) != 0) {
+        printf("detached ciphertext is bogus\n");
+    }
 
-    if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, sizeof c, ad,
-                                                  sizeof ad, nonce, firstkey) != 0) {
+    if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN, ad,
+                                                  ADLEN, nonce, firstkey) != 0) {
         printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed\n");
     }
-    if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
+    if (m2len != MLEN) {
         printf("m2len is not properly set\n");
     }
-    if (memcmp(m, m2, sizeof m) != 0) {
+    if (memcmp(m, m2, MLEN) != 0) {
         printf("m != m2\n");
     }
+    memset(m2, 0, m2len);
+    if (crypto_aead_chacha20poly1305_ietf_decrypt_detached(m2, NULL,
+                                                           c, MLEN, mac,
+                                                           ad, ADLEN,
+                                                           nonce, firstkey) != 0) {
+        printf("crypto_aead_chacha20poly1305_ietf_decrypt_detached() failed\n");
+    }
+    if (memcmp(m, m2, MLEN) != 0) {
+        printf("detached m != m2\n");
+    }
 
-    for (i = 0U; i < sizeof c; i++) {
+    for (i = 0U; i < CLEN; i++) {
         c[i] ^= (i + 1U);
-        if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, NULL, NULL, c, sizeof c,
-                                                      ad, sizeof ad, nonce, firstkey)
-            == 0 || memcmp(m, m2, sizeof m) == 0) {
+        if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, NULL, NULL, c, CLEN,
+                                                      ad, ADLEN, nonce, firstkey)
+            == 0 || memcmp(m, m2, MLEN) == 0) {
             printf("message can be forged\n");
         }
         c[i] ^= (i + 1U);
     }
-    crypto_aead_chacha20poly1305_ietf_encrypt(c, &clen, m, sizeof m, NULL, 0U, NULL,
-                                              nonce, firstkey);
-    if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
+    crypto_aead_chacha20poly1305_ietf_encrypt(c, &found_clen, m, MLEN,
+                                              NULL, 0U, NULL, nonce, firstkey);
+    if (found_clen != CLEN) {
         printf("clen is not properly set (adlen=0)\n");
     }
-    for (i = 0U; i < sizeof c; ++i) {
-        printf(",0x%02x", (unsigned int)c[i]);
+    for (i = 0U; i < CLEN; ++i) {
+        printf(",0x%02x", (unsigned int) c[i]);
         if (i % 8 == 7) {
             printf("\n");
         }
     }
     printf("\n");
-    if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, sizeof c,
+    if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN,
                                                   NULL, 0U, nonce, firstkey) != 0) {
         printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
     }
-    if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
+    if (m2len != MLEN) {
         printf("m2len is not properly set (adlen=0)\n");
     }
-    if (memcmp(m, m2, sizeof m) != 0) {
+    if (memcmp(m, m2, MLEN) != 0) {
         printf("m != m2 (adlen=0)\n");
     }
-
+    m2len = 1;
     if (crypto_aead_chacha20poly1305_ietf_decrypt(
-            m2, &m2len, NULL, c, crypto_aead_chacha20poly1305_ABYTES / 2, NULL,
+            m2, &m2len, NULL, c, crypto_aead_chacha20poly1305_ietf_ABYTES / 2, NULL,
             0U, nonce, firstkey) != -1) {
         printf("crypto_aead_chacha20poly1305_ietf_decrypt() worked with a short "
                "ciphertext\n");
     }
+    if (m2len != 0) {
+        printf("Message length should have been set to zero after a failure\n");
+    }
+    m2len = 1;
     if (crypto_aead_chacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, 0U, NULL, 0U,
                                                   nonce, firstkey) != -1) {
         printf("crypto_aead_chacha20poly1305_ietf_decrypt() worked with an empty "
                "ciphertext\n");
     }
+    if (m2len != 0) {
+        printf("Message length should have been set to zero after a failure\n");
+    }
 
-    memcpy(c, m, sizeof m);
-    crypto_aead_chacha20poly1305_ietf_encrypt(c, &clen, c, sizeof m, NULL, 0U, NULL,
-                                              nonce, firstkey);
-    if (clen != sizeof m + crypto_aead_chacha20poly1305_abytes()) {
+    memcpy(c, m, MLEN);
+    crypto_aead_chacha20poly1305_ietf_encrypt(c, &found_clen, c, MLEN,
+                                              NULL, 0U, NULL, nonce, firstkey);
+    if (found_clen != CLEN) {
         printf("clen is not properly set (adlen=0)\n");
     }
-    for (i = 0U; i < sizeof c; ++i) {
-        printf(",0x%02x", (unsigned int)c[i]);
+    for (i = 0U; i < CLEN; ++i) {
+        printf(",0x%02x", (unsigned int) c[i]);
         if (i % 8 == 7) {
             printf("\n");
         }
     }
     printf("\n");
 
-    if (crypto_aead_chacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, sizeof c,
+    if (crypto_aead_chacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN,
                                              NULL, 0U, nonce, firstkey) != 0) {
         printf("crypto_aead_chacha20poly1305_ietf_decrypt() failed (adlen=0)\n");
     }
-    if (m2len != sizeof c - crypto_aead_chacha20poly1305_abytes()) {
+    if (m2len != MLEN) {
         printf("m2len is not properly set (adlen=0)\n");
     }
-    if (memcmp(m, c, sizeof m) != 0) {
+    if (memcmp(m, c, MLEN) != 0) {
         printf("m != c (adlen=0)\n");
     }
 
-    assert(crypto_aead_chacha20poly1305_keybytes() > 0U);
+    sodium_free(c);
+    sodium_free(detached_c);
+    sodium_free(mac);
+    sodium_free(m2);
+    sodium_free(m);
+
+    assert(crypto_aead_chacha20poly1305_ietf_keybytes() > 0U);
+    assert(crypto_aead_chacha20poly1305_ietf_keybytes() == crypto_aead_chacha20poly1305_keybytes());
     assert(crypto_aead_chacha20poly1305_ietf_npubbytes() > 0U);
-    assert(crypto_aead_chacha20poly1305_nsecbytes() == 0U);
+    assert(crypto_aead_chacha20poly1305_ietf_npubbytes() > crypto_aead_chacha20poly1305_npubbytes());
+    assert(crypto_aead_chacha20poly1305_ietf_nsecbytes() == 0U);
+    assert(crypto_aead_chacha20poly1305_ietf_nsecbytes() == crypto_aead_chacha20poly1305_nsecbytes());
+    assert(crypto_aead_chacha20poly1305_IETF_KEYBYTES  == crypto_aead_chacha20poly1305_ietf_KEYBYTES);
+    assert(crypto_aead_chacha20poly1305_IETF_NSECBYTES == crypto_aead_chacha20poly1305_ietf_NSECBYTES);
+    assert(crypto_aead_chacha20poly1305_IETF_NPUBBYTES == crypto_aead_chacha20poly1305_ietf_NPUBBYTES);
+    assert(crypto_aead_chacha20poly1305_IETF_ABYTES    == crypto_aead_chacha20poly1305_ietf_ABYTES);
 
     return 0;
 }