#include <err.h>
#include <inttypes.h>
#include <stdint.h>
#include <stdio.h>

typedef uint32_t uint32;

#include "crypto_core.h"

#include "crypto_test.h"

static const uint32 zero32[8];

/*
 * From
 * <http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors-00>.
 */

static const unsigned char out[64] = {
	0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90,
	0x40,0x5d,0x6a,0xe5,0x53,0x86,0xbd,0x28,
	0xbd,0xd2,0x19,0xb8,0xa0,0x8d,0xed,0x1a,
	0xa8,0x36,0xef,0xcc,0x8b,0x77,0x0d,0xc7,
	0xda,0x41,0x59,0x7c,0x51,0x57,0x48,0x8d,
	0x77,0x24,0xe0,0x3f,0xb8,0xd8,0x4a,0x37,
	0x6a,0x43,0xb8,0xf4,0x15,0x18,0xa1,0x1c,
	0xc3,0x87,0xb6,0x69,0xb2,0xee,0x65,0x86,
};

static const unsigned char sigma[16] = "expand 32-byte k";

static uint32 load_littleendian(const unsigned char *x)
{
  return
      (uint32) (x[0]) \
  | (((uint32) (x[1])) << 8) \
  | (((uint32) (x[2])) << 16) \
  | (((uint32) (x[3])) << 24)
  ;
}

void
crypto_test(void)
{
	uint32 s[4];
	uint32 r[16];
	unsigned int i;
	uint32 d = 0;

	if (crypto_core_ROUNDS != 20)
		return;

	s[0] = load_littleendian(sigma + 0);
	s[1] = load_littleendian(sigma + 4);
	s[2] = load_littleendian(sigma + 8);
	s[3] = load_littleendian(sigma + 12);

	crypto_core(r, zero32, zero32, s);
	for (i = 0; i < 8; i++)
		d |= r[i] ^ load_littleendian(&out[i*4]);
	if (d) {
		for (i = 0; i < 64; i++)
			printf("%08"PRIx32, r[i]);
		printf("\n");
		for (i = 0; i < 64; i++)
			printf("%08"PRIx32, load_littleendian(&out[i*4]));
		printf("\n");
		errx(1, "zero");
	}
}