Make unrestricted ChaCha20 cipher not waste keystream bytes

Co-authored-by: dhruv <856960+dhruv@users.noreply.github.com>
author: Pieter Wuille <pieter@wuille.net> 2022-09-21 16:42:19 -0400
committer: Pieter Wuille <pieter@wuille.net> 2023-01-30 18:12:21 -0500
commit: 12ff72476ac0dbf8add736ad3fb5fad2eeab156c (patch)
tree: d86e67e53e160db5819786b46bf903edd15f2402 /src/test/crypto_tests.cpp
parent: 6babf402130a8f3ef3058594750aeaa50b8f5044 (diff)
download: bitcoin-12ff72476ac0dbf8add736ad3fb5fad2eeab156c.tar.xz
1 files changed, 18 insertions, 0 deletions
diff --git a/src/test/crypto_tests.cpp b/src/test/crypto_tests.cpp
index 48a46258b0..ae2aa46d50 100644
--- a/src/test/crypto_tests.cpp
+++ b/src/test/crypto_tests.cpp
@@ -500,6 +500,24 @@ BOOST_AUTO_TEST_CASE(chacha20_testvector)
                  "fab78c9");
 }
 
+BOOST_AUTO_TEST_CASE(chacha20_midblock)
+{
+    auto key = ParseHex("0000000000000000000000000000000000000000000000000000000000000000");
+    ChaCha20 c20{key.data(), 32};
+    // get one block of keystream
+    unsigned char block[64];
+    c20.Keystream(block, CHACHA20_ROUND_OUTPUT);
+    unsigned char b1[5], b2[7], b3[52];
+    c20 = ChaCha20{key.data(), 32};
+    c20.Keystream(b1, 5);
+    c20.Keystream(b2, 7);
+    c20.Keystream(b3, 52);
+
+    BOOST_CHECK_EQUAL(0, memcmp(b1, block, 5));
+    BOOST_CHECK_EQUAL(0, memcmp(b2, block + 5, 7));
+    BOOST_CHECK_EQUAL(0, memcmp(b3, block + 12, 52));
+}
+
 BOOST_AUTO_TEST_CASE(poly1305_testvector)
 {
     // RFC 7539, section 2.5.2.
author	Pieter Wuille <pieter@wuille.net>	2022-09-21 16:42:19 -0400
committer	Pieter Wuille <pieter@wuille.net>	2023-01-30 18:12:21 -0500
commit	12ff72476ac0dbf8add736ad3fb5fad2eeab156c (patch)
tree	d86e67e53e160db5819786b46bf903edd15f2402 /src/test/crypto_tests.cpp
parent	6babf402130a8f3ef3058594750aeaa50b8f5044 (diff)
download	bitcoin-12ff72476ac0dbf8add736ad3fb5fad2eeab156c.tar.xz