libsodium Validation
Port build from safelibs/port-libsodium at commit 8531470631f4 (release build-8531470631f4)
Tests
libsodium compile link smoke Original / libsodium / compile-link-smoke Passed
libsodium hash behavior Original / libsodium / generichash-smoke Passed
libsodium key exchange randombytes Original / libsodium / key-exchange-randombytes Passed
libsodium secretbox round trip Original / libsodium / secretbox-roundtrip Passed
libsodium sign verify Original / libsodium / sign-verify Passed
ZeroMQ reports CURVE capability Original / libsodium / usage-libzmq5-curve-capability Passed
ZeroMQ CURVE keypair Original / libsodium / usage-libzmq5-curve-keypair Passed
ZeroMQ zmq_curve_public derives matching public key Original / libsodium / usage-libzmq5-curve-public-derive Passed
Generates a CURVE keypair via zmq_curve_keypair, then uses zmq_curve_public to derive the public key from the secret key alone, and asserts the derived 40-character Z85 public key matches the one produced by the keypair generator. Exercises libzmq5's libsodium-backed curve25519 scalar-mult-base path.
ZeroMQ PUB/SUB ipc:// transport with topic filter Original / libsodium / usage-libzmq5-pub-sub-ipc Passed
Compiles a ZeroMQ C client that opens a single-process PUB/SUB pair over an ipc:// endpoint inside a tmpdir, subscribes to a fixed topic prefix, retries the publish on the slow-joiner window with a small ZMQ_RCVTIMEO, and asserts the SUB socket receives exactly the published topic+payload bytes. Exercises the libsodium-linked ZeroMQ runtime on the no-encryption ipc transport with the SUB-side subscription filter.
ZeroMQ PUSH/PULL ipc:// transport roundtrip Original / libsodium / usage-libzmq5-push-pull-ipc Passed
Compiles a ZeroMQ C client that opens a single-process PUSH/PULL pair over an ipc:// endpoint inside a tmpdir, sends a fixed payload from PUSH and receives it on PULL, then asserts the received bytes match the original exactly. Exercises the ZeroMQ runtime that links against libsodium (used for CURVE on other transports) on the no-encryption ipc transport.
ZeroMQ ROUTER/DEALER inproc multipart roundtrip Original / libsodium / usage-libzmq5-r10-router-dealer-roundtrip Passed
Compiles a single-process ZeroMQ test that binds a ROUTER socket and connects a DEALER socket over inproc://, sends a request frame from the DEALER, reads the routing identity plus payload on the ROUTER, replies back through the same identity, and asserts the DEALER receives the reply payload.
ZeroMQ PUB/SUB inproc subscription filter delivers only matching prefix Original / libsodium / usage-libzmq5-r11-pub-sub-prefix-filter Passed
Compiles a single-process ZeroMQ test that binds a PUB socket and subscribes a SUB socket to the prefix "hi" over inproc://, sends two messages "hi-msg" and "skip-msg" from the publisher, and asserts the subscriber receives "hi-msg" while the non-matching "skip-msg" is filtered out.
ZeroMQ REQ/REP inproc request/reply roundtrip Original / libsodium / usage-libzmq5-r14-req-rep-inproc-roundtrip Passed
Compiles a single-process C program that binds a ZMQ_REP socket and connects a ZMQ_REQ socket over inproc://, sends "ping" from the requester, asserts the replier observes the request bytes, replies "pong", and asserts the requester recovers the reply bytes — exercising libzmq's libsodium-linked runtime.
ZeroMQ zmq_curve_keypair returns 40-character Z85-encoded public and secret keys Original / libsodium / usage-libzmq5-r15-curve-keypair-z85-length Passed
Compiles a single-process C program that calls zmq_curve_keypair into 41-byte buffers, asserts the call returns 0 (success), the resulting public and secret strings are exactly 40 Z85 characters each (libsodium-derived 32-byte keys, base85-encoded), and that the public key string differs from the secret key string.
ZeroMQ zmq_curve_public derives the same public key from a CURVE secret key Original / libsodium / usage-libzmq5-r18-curve-derive-public-from-secret Passed
Compiles a tiny C program that calls zmq_curve_keypair, captures its public key, then independently re-derives the public key from the same secret key with zmq_curve_public into a fresh buffer, asserts the call returns 0, asserts both derived public-key strings are 40-character Z85 strings, and asserts they are byte-for-byte identical (libsodium scalarmult-base path).
ZeroMQ zmq_curve_keypair returns distinct (public, secret) Z85 keys across two calls Original / libsodium / usage-libzmq5-r19-curve-keypair-two-runs-distinct Passed
Compiles a C program that calls zmq_curve_keypair twice in the same process to populate two pairs of 41-byte Z85 buffers, asserts each public and secret string is exactly 40 characters, and asserts pub1!=pub2 and sec1!=sec2 byte-wise, confirming libsodium-backed randomness produces fresh CURVE material on every invocation.
ZeroMQ zmq_z85_encode and zmq_z85_decode round-trip a 32-byte binary key Original / libsodium / usage-libzmq5-r19-z85-decode-roundtrip Passed
Compiles a C program that fills 32 random bytes via zmq_curve_keypair-derived material, encodes them with zmq_z85_encode into a 41-byte string buffer, asserts the encoded string is exactly 40 characters of printable ASCII, decodes back with zmq_z85_decode into a fresh 32-byte buffer, and asserts the decoded bytes equal the original byte-for-byte (libsodium-backed Z85 codec).
ZeroMQ zmq_has("curve") reports support compiled in (libsodium-backed) Original / libsodium / usage-libzmq5-r20-has-curve-mechanism-reports-true Passed
Compiles a C program that calls zmq_has("curve") and asserts the return value is exactly 1, then calls zmq_has("noexistent-mech") and asserts the return is 0, confirming the libsodium-linked libzmq build advertises the CURVE security mechanism via its capability query.
ZeroMQ zmq_z85_encode of 8 binary bytes yields a 10-character Z85 string Original / libsodium / usage-libzmq5-r20-z85-encode-length-multiple-of-four Passed
Compiles a C program that encodes 8 input bytes with zmq_z85_encode and asserts the returned buffer string-length is exactly 10 (8/4*5), confirming libsodium-backed Z85 alphabet expansion follows the documented 4-bytes-to-5-chars ratio.
ZeroMQ zmq_curve_public re-derives the Z85 public key from a generated secret key Original / libsodium / usage-libzmq5-r21-curve-public-from-z85-secret-roundtrip Passed
Compiles a C program that calls zmq_curve_keypair to generate a Z85 pub/sec pair, then calls zmq_curve_public on the secret to re-derive the public, and asserts both Z85 buffers are length 40 and byte-identical, exercising libsodium-backed curve25519 scalar multiplication through libzmq.
ZeroMQ PAIR inproc roundtrip Original / libsodium / usage-libzmq5-r9-pair-inproc Passed
Compiles a single-process ZMQ_PAIR client over an inproc:// transport and verifies bidirectional message exchange.
ZeroMQ runtime version reports valid integers Original / libsodium / usage-libzmq5-r9-version-runtime Passed
Calls zmq_version() and verifies that the reported major version is at least 4 and the patch is non-negative on the libsodium-linked runtime.
ZeroMQ REQ/REP ipc:// transport request/reply roundtrip Original / libsodium / usage-libzmq5-req-rep-ipc Passed
Compiles a ZeroMQ C client that opens a single-process REQ/REP pair over an ipc:// endpoint inside a tmpdir, sends a request from REQ, receives it on REP, sends a reply back, receives it on REQ, and asserts both directions transmit the expected payload bytes exactly. REQ/REP enforces strict alternation, so the test also asserts that the REP-side echo matches the original request bytes after a full round trip. Exercises the libsodium-linked ZeroMQ runtime on the no-encryption ipc transport.
libzmq5 Z85 round trip Original / libsodium / usage-libzmq5-z85-roundtrip Passed
minisign detached text Original / libsodium / usage-minisign-detached-text Passed
minisign signs with custom trusted comment Original / libsodium / usage-minisign-keygen-custom-comment Passed
Generates a passwordless minisign keypair, signs a payload with -t supplying a custom trusted comment, and verifies that minisign -V reports the comment signature verified and the trusted comment line round-trips into the .minisig file.
minisign -G writes keys to explicit -p and -s paths Original / libsodium / usage-minisign-keygen-explicit-paths Passed
Runs minisign -G -W with a passwordless keypair into nested -p and -s file paths inside a tmpdir, asserts both files were created at exactly the requested locations (and not next to a default location), that the public key file is a two-line text file whose second line is base64 of plausible length, and that the secret key file's untrusted comment header begins with the documented "untrusted comment:" prefix.
minisign prehashed sign and verify Original / libsodium / usage-minisign-prehashed-sign-verify Passed
Generates a passwordless minisign keypair, signs a payload in prehashed mode (-H), and verifies the resulting signature.
minisign public key base64 payload decodes to 42 bytes Original / libsodium / usage-minisign-pubkey-base64-decode-batch12 Passed
Generates a passwordless minisign keypair, extracts the second non-comment line of the public key file and base64-decodes it, asserts the decoded blob is exactly 42 bytes long (2-byte signature_algorithm + 8-byte key_id + 32-byte Ed25519 public key) and that its first two bytes are the ASCII signature algorithm tag "Ed".
minisign public key format Original / libsodium / usage-minisign-pubkey-format Passed
Generates a passwordless minisign keypair and verifies the public key file carries the minisign public key comment marker.
minisign signs and verifies three independent files Original / libsodium / usage-minisign-r10-multifile-sign-verify Passed
Generates a passwordless minisign keypair, signs three distinct payload files in separate invocations, verifies each signature against the public key, and asserts the three .minisig files have distinct contents (different signatures even though they share a key).
minisign signs and verifies a zero-byte payload Original / libsodium / usage-minisign-r11-empty-payload-sign-verify Passed
Generates a passwordless minisign keypair, signs an empty file with the legacy non-prehashed mode, and asserts the resulting .minisig verifies cleanly under the matching public key — confirming minisign accepts zero-length input as a valid message.
minisign -t pins the trusted comment text and survives verification Original / libsodium / usage-minisign-r11-trusted-comment-stable-across-runs Passed
Generates a passwordless minisign keypair, signs a payload twice with the same explicit -t trusted comment string, asserts both .minisig files contain the trusted comment line verbatim, and verifies that minisign -V -o prints the trusted comment to stdout from a successful verification.
minisign -h help output advertises the -S sign verb Original / libsodium / usage-minisign-r12-help-flag-mentions-sign Passed
Runs minisign -h capturing combined stdout and stderr, asserts the exit status is non-failing or the help text was emitted, and verifies the output mentions the -S sign verb so the CLI surface area is intact.
minisign -G writes both public and secret key files with non-empty content Original / libsodium / usage-minisign-r12-keypair-files-exist-and-nonempty Passed
Generates a passwordless minisign keypair into explicit paths under a tmpdir and asserts both the public and secret key files exist with non-zero size and the public key file declares the standard untrusted comment header.
minisign signs with distinct trusted and untrusted comments preserved through verify Original / libsodium / usage-minisign-r13-trusted-vs-untrusted-comment Passed
Generates a keypair, signs a payload with separate -c and -t comments, asserts both labels appear in the .minisig metadata, and asserts the trusted comment surfaces in the verify output.
minisign -V verifies the original payload and rejects a modified payload Original / libsodium / usage-minisign-r13-verify-payload-modified-fails Passed
Generates a passwordless minisign keypair, signs a payload, asserts -V verify succeeds against the unmodified file, then mutates the payload and asserts -V exits non-zero against the tampered file.
minisign -V rejects a .minisig whose signature blob has been tampered Original / libsodium / usage-minisign-r14-tampered-signature-line-fails Passed
Generates a passwordless minisign keypair, signs a payload, asserts -V verify succeeds against the original .minisig, then flips the first character of the base64 signature blob inside the .minisig file and asserts -V exits non-zero against the tampered signature file (payload itself unchanged).
minisign -h help banner advertises -V verify and -S sign flags Original / libsodium / usage-minisign-r15-help-mentions-verify Passed
Runs minisign -h (help) under LC_ALL=C, captures stdout+stderr, and asserts the banner output contains the literal -V (verify) and -S (sign) flag tokens — exercising minisign's libsodium-linked CLI startup and option dispatcher banner.
minisign -G writes a public key file whose second line is a base64-only blob Original / libsodium / usage-minisign-r15-pubkey-second-line-base64 Passed
Generates a passwordless minisign keypair, asserts the resulting public-key file has exactly two non-empty lines, asserts line 1 begins with 'untrusted comment:' (minisign banner), asserts line 2 contains only base64 alphabet characters (A-Z a-z 0-9 + / =) and is between 50 and 80 characters long — exercising minisign's libsodium-backed Ed25519 keygen and pubkey serialization.
minisign -G -W writes both public and secret key files into specified paths Original / libsodium / usage-minisign-r16-keygen-creates-both-key-files Passed
Runs minisign -G -W with explicit -p and -s paths under a temporary directory, asserts both files exist, are regular files, are non-empty, that the public key file begins with the "untrusted comment" banner and the secret key file likewise begins with the banner identifying it as a minisign encrypted secret key block.
minisign signs a fresh payload with -S and verifies it with -V using a generated keypair Original / libsodium / usage-minisign-r16-sign-verify-message-roundtrip Passed
Generates a passwordless minisign keypair, writes a fixed payload, signs it with minisign -S producing a .minisig file, asserts the signature file exists and is non-empty, then verifies with minisign -V against the public key and asserts the verifier exits 0 and emits the canonical "Signature and comment signature verified" line.
minisign -V rejects a signature taken from a different payload as invalid Original / libsodium / usage-minisign-r17-bad-signature-rejected Passed
Generates a passwordless minisign keypair, signs payload A, then runs minisign -V against payload B using A's signature file copied alongside payload B, and asserts the verifier exits with non-zero status because the signature does not match the modified payload, confirming libsodium signature failure surfacing.
minisign -h emits a usage block that mentions key generation and verification Original / libsodium / usage-minisign-r17-help-emits-usage Passed
Invokes "minisign -h" capturing both stdout and stderr, asserts the combined output contains "Usage:" and mentions both "-G" (key generation) and "-V" (verify), confirming the CLI's help banner is intact and documents the libsodium-backed signature subcommands.
minisign -H prehashed sign produces a signature that verifies under the same pubkey Original / libsodium / usage-minisign-r18-prehashed-sign-verify-roundtrip Passed
Generates a passwordless keypair, signs a payload with the prehashed (-H) algorithm and writes the signature to a file, asserts the signature file is non-empty, then verifies the signature with minisign -V against the original payload and the matching public key, asserting verify returns exit zero.
minisign signature file structure has untrusted comment, sig blob, trusted comment, and global sig Original / libsodium / usage-minisign-r19-sig-file-four-lines Passed
Generates a passwordless keypair, signs a payload, and asserts the resulting .minisig file has exactly four content lines: line 1 begins with "untrusted comment:", line 2 is a non-empty base64 blob, line 3 begins with "trusted comment:", and line 4 is a non-empty base64 blob, confirming minisign's documented signature container layout.
minisign -V -q on a valid signature suppresses the trusted-comment banner on stdout Original / libsodium / usage-minisign-r19-verify-quiet-suppresses-banner Passed
Signs a payload, then runs minisign -V -q against the matching pubkey and asserts the verifier exits zero, captures stdout, and asserts stdout does NOT contain the strings "Signature and comment signature verified" or "Trusted comment:", confirming -q (quiet) silences the human-readable success banner while still returning success.
minisign signature line2 base64 blob decodes to >= 64 bytes containing the algorithm prefix Original / libsodium / usage-minisign-r20-sig-blob-algo-prefix-ed Passed
Generates a passwordless keypair and signs a payload, base64-decodes line 2 of the resulting .minisig file with python3 base64, asserts the decoded blob length is at least 64 bytes (signature algorithm tag + Ed25519 signature material), and asserts the first two bytes are the ASCII pair "ED" (prehashed Ed25519 signature algorithm tag, which is the minisign default on Ubuntu 24.04), confirming libsodium-backed minisign sig payload structure.
Two minisign -G keygens produce distinct base64 public keys Original / libsodium / usage-minisign-r20-two-keygens-produce-distinct-pubkeys Passed
Runs minisign -G -W (passwordless) twice into separate output paths, reads the second line of each pubkey file, and asserts the two base64 public-key blobs differ byte-for-byte, confirming libsodium-backed key generation produces fresh entropy on each invocation.
minisign -G generates a keypair, -S signs a payload, -V verifies via -p public-key-file Original / libsodium / usage-minisign-r21-generate-sign-verify-stdin-payload Passed
Generates a passwordless minisign keypair with -G -W, writes a payload file, signs it with -S using the secret key, and verifies it with -V -p public-key-file, asserting the verify command exits zero and emits the documented success banner over a libsodium-Ed25519-backed round-trip.
minisign -v prints a banner containing the word minisign Original / libsodium / usage-minisign-r21-version-banner-mentions-minisign Passed
Invokes minisign -v, captures stdout/stderr, and asserts the combined output contains the literal string "minisign", confirming the libsodium-backed CLI announces its identity on the version flag.
minisign signs and verifies a binary blob Original / libsodium / usage-minisign-r9-binary-input-roundtrip Passed
Generates a passwordless minisign keypair, signs a binary file containing arbitrary bytes, and verifies the signature with the corresponding public key.
minisign -h surfaces usage banner Original / libsodium / usage-minisign-r9-help-flag Passed
minisign signs and verifies Original / libsodium / usage-minisign-sign-verify Passed
minisign -V rejects signature with a stripped trusted_comment Original / libsodium / usage-minisign-stripped-trusted-comment-fails Passed
Signs a payload with minisign using -t to embed a custom trusted_comment, confirms the genuine .minisig file verifies and that the trusted comment is exposed by -Vm output, then constructs a mutated .minisig with the trusted_comment line and its global comment-signature line removed and asserts minisign -V exits non-zero on it. minisign's two-signature design covers both the message and the trusted comment, so any edit to the trusted_comment must cause verification to fail rather than produce a partial pass.
minisign trusted comment Original / libsodium / usage-minisign-trusted-comment Passed
minisign -S -c writes the untrusted comment to the .minisig Original / libsodium / usage-minisign-untrusted-comment Passed
Generates a passwordless keypair, signs a payload with -S -c "<untrusted text>", and asserts that the resulting .minisig file's first line carries the documented "untrusted comment:" header followed by the supplied text. Confirms libsodium-backed minisign honours the -c override for the unsigned (untrusted) comment field.
minisign -V on a tampered file fails Original / libsodium / usage-minisign-verify-mismatch-fails Passed
Generates a passwordless minisign keypair, signs the genuine file, and asserts that minisign -V exits non-zero when invoked against a tampered copy of the file (same .minisig, different bytes), and that the verifier's stderr output mentions a verification failure rather than a successful banner.
minisign -V quiet mode emits no banner on success Original / libsodium / usage-minisign-verify-quiet-output Passed
Generates a passwordless minisign keypair, signs a payload, and runs verify with -q (quiet) asserting the verifier exits zero and produces no banner output, while a non-quiet verify on the same artifacts emits the standard "Signature and comment signature verified" banner.
minisign -v reports a version banner Original / libsodium / usage-minisign-version-flag Passed
Invokes "minisign -v" and asserts the output begins with the documented "minisign" banner and contains a version-like dotted token, confirming the libsodium-linked minisign binary advertises its version on the help/usage path.
PHP sodium_crypto_kdf_derive_from_key produces distinct subkeys per id Original / libsodium / usage-php83-r10-crypto-kdf-derive Passed
Generates a master key with sodium_crypto_kdf_keygen, derives two 32-byte subkeys with sodium_crypto_kdf_derive_from_key under the same context but different subkey ids, and asserts the two subkeys differ while a re-derivation with the same id reproduces the same bytes.
PHP sodium_crypto_secretstream rekey continues a stream Original / libsodium / usage-php83-r10-secretstream-rekey Passed
Pushes two messages through sodium_crypto_secretstream_xchacha20poly1305_push, calls sodium_crypto_secretstream_xchacha20poly1305_rekey on both push and pull state between them, and asserts the pull side recovers both plaintexts in order with the matching tags.
PHP sodium_crypto_generichash with a key changes the digest deterministically Original / libsodium / usage-php83-r11-crypto-generichash-keyed-blake2b Passed
Computes sodium_crypto_generichash digests of the same payload with no key, an all-0x11 key, and an all-0x22 key, asserts each variant is deterministic and exactly 32 bytes, and asserts the three digests are pairwise distinct, confirming the optional key argument flows into the Blake2b state.
PHP sodium_crypto_shorthash is deterministic per key and key-sensitive Original / libsodium / usage-php83-r11-crypto-shorthash-keyed Passed
Computes sodium_crypto_shorthash on the same input with two distinct 16-byte keys, asserts the same key reproduces the identical 8-byte SipHash digest, and asserts a different key produces a different digest, exercising the keyed shorthash primitive.
PHP sodium_crypto_box round-trips with explicit keypair handles Original / libsodium / usage-php83-r12-crypto-box-keypair-roundtrip Passed
Generates two sodium_crypto_box keypairs, derives the public/secret components, encrypts a payload from sender to receiver with a deterministic 24-byte nonce, decrypts it back, and asserts the recovered plaintext matches the original.
PHP sodium_crypto_sign_detached produces verifiable Ed25519 signature Original / libsodium / usage-php83-r12-crypto-sign-detached-verify Passed
Builds a sign keypair from a fixed 32-byte seed, computes a detached Ed25519 signature over a fixed payload, asserts the signature length is SODIUM_CRYPTO_SIGN_BYTES, and verifies the signature against the corresponding public key.
PHP sodium_crypto_aead_xchacha20poly1305_ietf encrypt/decrypt round-trips with AAD Original / libsodium / usage-php83-r13-aead-xchacha20poly1305-roundtrip Passed
Encrypts a payload with sodium_crypto_aead_xchacha20poly1305_ietf_encrypt under a fixed 32-byte key, 24-byte nonce, and explicit additional-data string, decrypts it back, and asserts the recovered plaintext matches the original.
PHP sodium_crypto_secretbox_open returns false for ciphertext under the wrong key Original / libsodium / usage-php83-r13-secretbox-open-invalid-returns-false Passed
Encrypts a payload with sodium_crypto_secretbox under one 32-byte key, attempts to decrypt with a different 32-byte key, asserts the call returns boolean false, then confirms the original key recovers the plaintext.
PHP sodium_crypto_kdf_derive_from_key derives distinct subkeys per integer id Original / libsodium / usage-php83-r14-kdf-derive-distinct-subkeys Passed
Generates a master key with sodium_crypto_kdf_keygen, derives two 32-byte subkeys with subkey ids 1 and 2 under the same context string, asserts each subkey has the requested length, asserts the two subkeys differ, and asserts that re-deriving subkey id 1 reproduces the same bytes (deterministic for fixed inputs).
PHP sodium_crypto_pwhash_str_verify accepts the matching password and rejects a wrong one Original / libsodium / usage-php83-r14-pwhash-str-verify-rejects-wrong Passed
Hashes a password with sodium_crypto_pwhash_str at INTERACTIVE ops/mem limits, asserts the resulting hash is a non-empty string starting with $argon2id$, calls sodium_crypto_pwhash_str_verify which must return true for the matching password and false for a different password.
PHP sodium_crypto_generichash with explicit length 32 returns a deterministic 32-byte digest Original / libsodium / usage-php83-r15-generichash-explicit-length-32 Passed
Calls sodium_crypto_generichash on a fixed payload with an explicit length argument of 32, asserts the result is a 32-byte string, asserts a second call on the same input yields byte-identical output (deterministic), and asserts changing the input changes the digest — exercising PHP's libsodium BLAKE2b binding.
PHP sodium_crypto_secretbox with the same key but different nonces yields distinct ciphertexts Original / libsodium / usage-php83-r15-secretbox-different-nonces-distinct-ct Passed
Encrypts the same plaintext twice with sodium_crypto_secretbox under a fixed 32-byte key but two distinct 24-byte nonces, asserts both ciphertexts are exactly len(plaintext)+SODIUM_CRYPTO_SECRETBOX_MACBYTES (16) long, asserts the two ciphertexts differ, and asserts each one decrypts under its matching nonce back to the original plaintext.
PHP sodium_bin2hex and sodium_hex2bin roundtrip a 32-byte binary payload Original / libsodium / usage-php83-r16-bin2hex-hex2bin-roundtrip Passed
Generates 32 random bytes via random_bytes, encodes them with sodium_bin2hex, asserts the hex string is 64 lowercase characters, decodes via sodium_hex2bin and asserts the recovered bytes equal the original byte-for-byte.
PHP sodium_crypto_box_keypair produces a 64-byte keypair split into 32-byte halves Original / libsodium / usage-php83-r16-crypto-box-keypair-length Passed
Calls sodium_crypto_box_keypair, asserts the concatenated keypair is exactly SODIUM_CRYPTO_BOX_KEYPAIRBYTES (64) bytes, extracts the secret and public halves using sodium_crypto_box_secretkey and sodium_crypto_box_publickey, asserts each half is 32 bytes and the two halves differ.
PHP sodium_compare returns 0 for equal buffers and -1/+1 for ordered different buffers Original / libsodium / usage-php83-r17-sodium-compare-equal-vs-different Passed
Constructs three equal-length 16-byte buffers (one zero, one one-greater, one one-less), asserts sodium_compare returns 0 for equal buffers, a negative integer when the left is smaller, and a positive integer when the left is larger, exercising libsodium's sodium_compare wrapper.
PHP sodium_pad followed by sodium_unpad restores the original buffer Original / libsodium / usage-php83-r17-sodium-pad-unpad-symmetric Passed
Builds a 13-byte payload, pads to a 16-byte block boundary with sodium_pad, asserts the padded length is a positive multiple of 16 strictly greater than 13, then calls sodium_unpad with the same block size and asserts the recovered buffer equals the original payload byte-for-byte.
PHP sodium_crypto_aead_chacha20poly1305_ietf_encrypt ciphertext is plaintext+16 bytes Original / libsodium / usage-php83-r18-crypto-aead-chacha20poly1305-ietf-tag-length Passed
Encrypts a fixed payload via sodium_crypto_aead_chacha20poly1305_ietf_encrypt under a random 32-byte key, 12-byte IETF nonce, and fixed AAD, asserts the ciphertext length equals plaintext length + SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES (16) and that decryption with the same key/nonce/aad returns the original plaintext byte-for-byte.
PHP sodium_crypto_generichash with distinct keys produces distinct outputs for the same message Original / libsodium / usage-php83-r18-generichash-distinct-keys-distinct-outputs Passed
Computes sodium_crypto_generichash(msg, key) for a fixed payload under two independently generated 32-byte keys using the default 32-byte digest length, asserts both outputs are 32-byte binary strings, asserts the two outputs differ from each other, and asserts a third call with the first key reproduces the first output (keyed determinism).
PHP sodium_crypto_box_seal encrypts to a recipient pubkey and box_seal_open recovers plaintext Original / libsodium / usage-php83-r19-box-seal-open-roundtrip Passed
Generates a recipient sodium_crypto_box_keypair, encrypts a fixed payload with sodium_crypto_box_seal using only the recipient public key, asserts the sealed ciphertext length equals plaintext + SODIUM_CRYPTO_BOX_SEALBYTES (48), then calls sodium_crypto_box_seal_open with the full recipient keypair and asserts the recovered plaintext equals the original byte-for-byte.
PHP sodium_crypto_kx_keypair components are 32-byte public and 32-byte secret keys Original / libsodium / usage-php83-r19-kx-keypair-sizes-32 Passed
Calls sodium_crypto_kx_keypair() then sodium_crypto_kx_publickey() and sodium_crypto_kx_secretkey() on the result, asserts both are binary strings of exactly SODIUM_CRYPTO_KX_PUBLICKEYBYTES (32) and SODIUM_CRYPTO_KX_SECRETKEYBYTES (32) bytes respectively, and asserts the combined kx_keypair raw value has length SODIUM_CRYPTO_KX_KEYPAIRBYTES (64), exercising the libsodium kx key extraction surface.
PHP sodium_increment carries from a 0xff low byte into the next byte Original / libsodium / usage-php83-r20-increment-overflows-low-byte-to-next Passed
Builds a little-endian 4-byte buffer "\xff\x00\x00\x00", calls sodium_increment, and asserts the resulting bytes are "\x00\x01\x00\x00", confirming libsodium-backed multi-byte little-endian counter increments correctly propagate carry across byte boundaries.
PHP sodium_crypto_shorthash_keygen returns 16-byte keys and two calls produce distinct keys Original / libsodium / usage-php83-r20-shorthash-keygen-length-and-distinct Passed
Calls sodium_crypto_shorthash_keygen twice in the same PHP process, asserts each return value has strlen equal to SODIUM_CRYPTO_SHORTHASH_KEYBYTES (16), and asserts the two keys are not equal byte-for-byte, confirming libsodium-backed SipHash key generation is correctly sized and consumes fresh randomness on each invocation.
PHP sodium_crypto_aead_xchacha20poly1305_ietf_encrypt/_decrypt round-trips message with AAD Original / libsodium / usage-php83-r21-crypto-aead-xchacha20poly1305-ietf-roundtrip Passed
Generates a 32-byte key and 24-byte nonce, calls sodium_crypto_aead_xchacha20poly1305_ietf_encrypt with non-empty additional data, then decrypts with sodium_crypto_aead_xchacha20poly1305_ietf_decrypt and asserts the decrypted plaintext equals the original, exercising libsodium's IETF XChaCha20-Poly1305 AEAD path.
PHP sodium_memzero wipes a string variable so subsequent reads see an empty value Original / libsodium / usage-php83-r21-sodium-memzero-clears-buffer Passed
Allocates a 32-byte random buffer, asserts strlen 32 with some non-NUL byte, then calls sodium_memzero by reference and asserts the variable is now an empty string (strlen 0), confirming libsodium's secure-erase primitive surfaced via the PHP sodium extension destructively zeroes the buffer.
PHP sodium_crypto_secretbox tampered ciphertext rejected Original / libsodium / usage-php83-r9-secretbox-tampered-fails Passed
Encrypts a payload with sodium_crypto_secretbox, mutates the ciphertext, and verifies sodium_crypto_secretbox_open returns false on the tampered input.
PHP sodium detached sign roundtrip Original / libsodium / usage-php83-r9-sign-detached-roundtrip Passed
Generates an Ed25519 keypair via sodium_crypto_sign_keypair, signs a message with sodium_crypto_sign_detached, and verifies the signature against the public key.
PHP sodium add carry Original / libsodium / usage-php83-sodium-add-carry Passed
Adds little-endian counters with PHP sodium_add and verifies that carry propagation updates the next byte.
PHP sodium add Original / libsodium / usage-php83-sodium-add Passed
Adds two little-endian counters with PHP sodium_add and verifies the resulting counter byte value.
PHP sodium AEGIS-256 AEAD capability-gated roundtrip Original / libsodium / usage-php83-sodium-aead-aegis-256-capability Passed
Probes whether PHP's sodium extension exposes sodium_crypto_aead_aegis256_encrypt and the matching SODIUM_CRYPTO_AEAD_AEGIS256_* constants on this build of libsodium; when present, encrypts and decrypts a fixed payload under a fixed 32-byte key, 32-byte nonce, and AAD, asserts the ciphertext is exactly len(plaintext)+ABYTES and decrypts back to the original, and that altering the AAD fails decryption with a false return; when absent (older libsodium), prints a skip marker and succeeds.
PHP sodium ChaCha20-Poly1305-IETF rejects tampered ciphertext Original / libsodium / usage-php83-sodium-aead-chacha20poly1305-ietf-tampered Passed
Encrypts a payload with sodium_crypto_aead_chacha20poly1305_ietf_encrypt under a fixed key, nonce, and AAD, then flips a byte inside the ciphertext body (not the tag) and asserts sodium_crypto_aead_chacha20poly1305_ietf_decrypt returns false. Repeats the check with a corrupted Poly1305 tag byte and a wrong key, confirming AEAD authentication catches each failure mode.
PHP sodium ChaCha20-Poly1305-IETF AEAD encrypt and decrypt Original / libsodium / usage-php83-sodium-aead-chacha20poly1305-ietf Passed
Encrypts a fixed payload with sodium_crypto_aead_chacha20poly1305_ietf_encrypt under a deterministic key, nonce, and associated data, decrypts with sodium_crypto_aead_chacha20poly1305_ietf_decrypt, and asserts the recovered plaintext matches and that decryption fails when the AAD is tampered.
PHP sodium XChaCha20-Poly1305-IETF AEAD deterministic KAT Original / libsodium / usage-php83-sodium-aead-xchacha20poly1305-ietf Passed
Encrypts a fixed payload with sodium_crypto_aead_xchacha20poly1305_ietf_encrypt under a deterministic 32-byte key, 24-byte nonce, and AAD; asserts ciphertext length is plaintext + ABYTES, that the same inputs produce the same ciphertext, that decryption recovers the original plaintext, and that decryption with a flipped AAD returns false.
PHP sodium AEAD Original / libsodium / usage-php83-sodium-aead Passed
PHP sodium auth verify Original / libsodium / usage-php83-sodium-auth-verify Passed
Computes and verifies a message authentication code with PHP sodium and confirms verification succeeds.
PHP sodium base64 round trip Original / libsodium / usage-php83-sodium-base64-roundtrip Passed
PHP sodium base64 urlsafe Original / libsodium / usage-php83-sodium-base64-urlsafe Passed
PHP sodium bin2hex roundtrip Original / libsodium / usage-php83-sodium-bin2hex-roundtrip Passed
Converts binary data to hex and back with PHP sodium helpers and verifies the restored payload bytes.
PHP sodium public box Original / libsodium / usage-php83-sodium-box Passed
PHP sodium compare hex to bin Original / libsodium / usage-php83-sodium-compare-hex2bin Passed
PHP sodium crypto_box_seal with separate seal/open keys Original / libsodium / usage-php83-sodium-crypto-box-detached Passed
Drives sodium_crypto_box_seal to produce an anonymous-sender ciphertext for a recipient curve25519 keypair, asserts the ciphertext is exactly plaintext + SODIUM_CRYPTO_BOX_SEALBYTES, that sodium_crypto_box_seal_open with a sodium_crypto_box_keypair_from_secretkey_and_publickey-built keypair recovers the plaintext, and that opening with a wrong recipient secret key returns false. Uses sodium_crypto_box_publickey/secretkey accessors to split and recombine the keypair.
PHP sodium crypto_box_seal one-way anonymous encryption Original / libsodium / usage-php83-sodium-crypto-box-seal Passed
Generates a recipient curve25519 keypair, encrypts a plaintext with sodium_crypto_box_seal using only the recipient public key, asserts the sealed ciphertext is exactly plaintext + SODIUM_CRYPTO_BOX_SEALBYTES long, opens it with sodium_crypto_box_seal_open using the recipient keypair, and asserts that opening with a different unrelated keypair returns false.
PHP sodium crypto_stream_xchacha20 keystream length Original / libsodium / usage-php83-sodium-crypto-stream-keygen Passed
Generates a 32-byte XChaCha20 key with sodium_crypto_stream_xchacha20_keygen, derives a 64-byte keystream with sodium_crypto_stream_xchacha20 under a 24-byte nonce, asserts the keystream length matches the requested size and is non-zero, and confirms re-running with the same key+nonce produces the same keystream while changing the nonce yields a different keystream. Exercises PHP's stream cipher binding without authentication.
PHP sodium generichash empty-input known-answer Original / libsodium / usage-php83-sodium-generichash-empty-kat Passed
Computes sodium_crypto_generichash('') with the default 32-byte output and asserts the lowercase hex digest exactly matches the canonical libsodium / BLAKE2b-256 empty-input known-answer vector.
php83 sodium generichash length Original / libsodium / usage-php83-sodium-generichash-length Passed
Computes a generic hash through PHP sodium_crypto_generichash and verifies the digest matches the GENERICHASH_BYTES constant.
PHP sodium generichash state Original / libsodium / usage-php83-sodium-generichash-state Passed
PHP sodium generichash Original / libsodium / usage-php83-sodium-generichash Passed
PHP sodium hex round trip Original / libsodium / usage-php83-sodium-hex-roundtrip Passed
Encodes and decodes bytes through PHP sodium hexadecimal helpers and verifies the original payload returns intact.
PHP sodium_increment, sodium_compare, sodium_pad Original / libsodium / usage-php83-sodium-increment-batch12 Passed
Drives sodium_increment to roll a 16-byte little-endian counter from 0xFF over to 0x100, uses sodium_compare to order three nonces in lexical-LE form, and round-trips a payload through sodium_pad/sodium_unpad against a fixed block size to verify the padding plumbing in php-sodium.
PHP sodium increment Original / libsodium / usage-php83-sodium-increment Passed
PHP sodium KDF Original / libsodium / usage-php83-sodium-kdf Passed
PHP sodium keyed generichash Original / libsodium / usage-php83-sodium-keyed-generichash Passed
Computes keyed generic hashes with PHP sodium and verifies distinct inputs produce different outputs.
PHP sodium kx keypair secretkey/publickey accessors Original / libsodium / usage-php83-sodium-kx-keypair-accessors Passed
Generates a key-exchange keypair with sodium_crypto_kx_keypair, extracts the secret half via sodium_crypto_kx_secretkey and the public half via sodium_crypto_kx_publickey, asserts each component has the documented 32-byte length and the documented total keypair size, that the accessor outputs are stable for a given keypair, and that the secret and public halves differ.
PHP sodium key exchange Original / libsodium / usage-php83-sodium-kx Passed
PHP sodium memcmp Original / libsodium / usage-php83-sodium-memcmp Passed
PHP sodium pad and unpad Original / libsodium / usage-php83-sodium-pad-unpad Passed
Pads and unpads a payload with PHP sodium and verifies the unpadded text matches the original bytes.
PHP sodium password hash Original / libsodium / usage-php83-sodium-pwhash Passed
PHP sodium random bytes size Original / libsodium / usage-php83-sodium-randombytes-size Passed
PHP sodium scalarmult base Original / libsodium / usage-php83-sodium-scalarmult-base Passed
Derives a Curve25519 public point from a random scalar with PHP sodium and verifies the output length.
php83 sodium secretbox roundtrip Original / libsodium / usage-php83-sodium-secretbox-detached-roundtrip Passed
Encrypts a payload with sodium_crypto_secretbox in PHP and verifies the open call decrypts back to the original message.
PHP sodium secretbox round trip Original / libsodium / usage-php83-sodium-secretbox-roundtrip Passed
PHP sodium_crypto_secretbox_open returns false for wrong key Original / libsodium / usage-php83-sodium-secretbox-wrong-key-fails Passed
Encrypts a payload with sodium_crypto_secretbox under a fixed key and nonce, asserts sodium_crypto_secretbox_open recovers the plaintext exactly under the correct key, and asserts open returns boolean false (rather than throwing or silently returning corrupted bytes) when called with a different 32-byte key. Also asserts open returns false when the ciphertext is mutated by a single byte under the correct key.
PHP sodium secretbox Original / libsodium / usage-php83-sodium-secretbox Passed
PHP sodium secretstream xchacha20poly1305 push/pull Original / libsodium / usage-php83-sodium-secretstream-push-pull Passed
Drives sodium_crypto_secretstream_xchacha20poly1305_init_push and init_pull through three messages with intermediate MESSAGE tags and a final FINAL tag, asserts the header is exactly SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES, every chunk decrypts byte-for-byte, and the last observed tag equals FINAL.
PHP sodium_crypto_shorthash determinism KAT Original / libsodium / usage-php83-sodium-shorthash-deterministic-kat Passed
Computes sodium_crypto_shorthash on a fixed message with an all-zero 16-byte SipHash key, asserts the output is exactly SODIUM_CRYPTO_SHORTHASH_BYTES (8) bytes, that two calls with identical inputs produce identical bytes, and that changing one byte of the message produces a different digest.
php83 sodium shorthash length Original / libsodium / usage-php83-sodium-shorthash-length Passed
Calls PHP sodium_crypto_shorthash with a 16 byte key and verifies the SHORTHASH_BYTES output length.
PHP sodium shorthash Original / libsodium / usage-php83-sodium-shorthash Passed
PHP sodium detached sign verify Original / libsodium / usage-php83-sodium-sign-detached-verify Passed
PHP sodium detached signatures Original / libsodium / usage-php83-sodium-sign-detached Passed
php83 sodium sign keypair bytes Original / libsodium / usage-php83-sodium-sign-keypair-bytes Passed
Generates a sign keypair through PHP sodium_crypto_sign_keypair and verifies the buffer length matches the KEYPAIRBYTES constant.
PHP sodium sign open Original / libsodium / usage-php83-sodium-sign-open Passed
PHP sodium sign public key from secret key Original / libsodium / usage-php83-sodium-sign-publickey-from-secretkey Passed
Derives a signing public key from a PHP libsodium secret key and verifies it matches the public key already stored in the keypair.
PHP sodium sign seed keypair Original / libsodium / usage-php83-sodium-sign-seed-keypair Passed
PHP sodium stream xor Original / libsodium / usage-php83-sodium-stream-xor Passed
Encrypts and decrypts a short payload with PHP sodium stream-xor APIs and verifies round-trip parity.
PHP sodium stream zero xor Original / libsodium / usage-php83-sodium-stream-zero-xor Passed
Generates a PHP libsodium keystream and verifies it matches sodium_crypto_stream_xor applied to an all-zero plaintext buffer.
PHP sodium_increment modular addition wraps at 2**128 Original / libsodium / usage-php83-sodium-sub-batch12 Passed
Calls sodium_increment on three 16-byte little-endian counter shapes and asserts the documented modular arithmetic invariants: 0xff..ff + 1 wraps to all-zero, (0x00,0x01)+1 advances the low byte without carry, and (0xff,0x00)+1 propagates the carry into the second byte. (PHP 8.3 on noble does not expose sodium_sub; sodium_increment exercises the same little-endian mod 2**128 surface.)
PyNaCl crypto_aead_aes256gcm capability-gated KAT Original / libsodium / usage-python3-nacl-aead-aes256gcm-capability Passed
Probes nacl.bindings.crypto_aead_aes256gcm_is_available; when libsodium reports hardware support, encrypts and decrypts a fixed message with a fixed key, nonce, and AAD and asserts the ciphertext is exactly len(message)+16 bytes and decrypts back to the original; when unsupported, succeeds without exercising the primitive.
PyNaCl ChaCha20-Poly1305-IETF AEAD deterministic KAT Original / libsodium / usage-python3-nacl-aead-chacha20-ietf-kat Passed
Encrypts a fixed payload with nacl.bindings.crypto_aead_chacha20poly1305_ietf_encrypt under a deterministic 32-byte key, 12-byte nonce, and AAD; asserts the ciphertext length is plaintext+ABYTES, that decryption recovers the plaintext exactly, and that decryption with a flipped AAD raises a CryptoError.
PyNaCl XChaCha AEAD roundtrip Original / libsodium / usage-python3-nacl-aead-xchacha-roundtrip-batch11 Passed
PyNaCl Base32Encoder encode/decode roundtrip Original / libsodium / usage-python3-nacl-base32-encoder-roundtrip Passed
Encodes a fixed byte string with nacl.encoding.Base32Encoder and asserts the encoded form matches the canonical RFC 4648 base32 KAT, then decodes it back through the same encoder and asserts the bytes match the original.
PyNaCl base64 signature Original / libsodium / usage-python3-nacl-base64-signature Passed
PyNaCl ChaCha20-Poly1305-IETF AEAD round-trip Original / libsodium / usage-python3-nacl-bindings-aead-chacha20poly1305-ietf-roundtrip-batch12 Passed
Encrypts a fixed payload with a 32-byte key, 12-byte IETF nonce, and AAD via nacl.bindings.crypto_aead_chacha20poly1305_ietf_encrypt, asserts the ciphertext length is plaintext + ABYTES, decrypts back to the original, and confirms a wrong AAD raises a verification error.
PyNaCl binding constant sizes Original / libsodium / usage-python3-nacl-bindings-constant-sizes-batch11 Passed
PyNaCl bindings crypto_box sender/recipient roundtrip Original / libsodium / usage-python3-nacl-bindings-crypto-box-sender-recipient Passed
Generates two libsodium curve25519 keypairs through nacl.bindings.crypto_box_keypair, encrypts a payload with crypto_box(sender_sk, recipient_pk) under a 24-byte nonce, decrypts it on the recipient side with crypto_box_open(recipient_sk, sender_pk), and asserts the plaintext is recovered exactly. Then flips a ciphertext byte and confirms decryption raises through the binding-level CryptoError rather than silently returning corrupted plaintext.
PyNaCl crypto_pwhash argon2id at MIN ops/mem limits Original / libsodium / usage-python3-nacl-bindings-pwhash-argon2id Passed
Calls the low-level nacl.bindings.crypto_pwhash entry point with the argon2id algorithm constant, the documented MIN ops/mem limits, and a fixed 16-byte salt, asserts the derived key has the requested 32-byte length, that the same inputs reproduce the same key, and that swapping the password yields a different key.
PyNaCl bindings scalarmult_base derived public key Original / libsodium / usage-python3-nacl-bindings-scalarmult-base-batch12 Passed
Calls nacl.bindings.crypto_scalarmult_base on a fixed 32-byte private scalar to derive a Curve25519 public key, asserts the output is exactly crypto_scalarmult_BYTES (32) long and matches the value derived independently by nacl.public.PrivateKey(scalar).public_key.encode(), proving the low-level binding agrees with the high-level wrapper.
PyNaCl bindings crypto_secretbox round-trip Original / libsodium / usage-python3-nacl-bindings-secretbox-easy Passed
Uses the low-level nacl.bindings.crypto_secretbox and crypto_secretbox_open entry points (PyNaCl 1.5.0 does not export the *_easy aliases; the bare names already use the easy/combined API) with a fixed 32-byte key and 24-byte nonce, asserts the ciphertext is exactly len(plaintext) + crypto_secretbox_MACBYTES, decrypts back to the original plaintext, and confirms that flipping a ciphertext byte makes crypto_secretbox_open raise a CryptoError rather than return corrupted data.
PyNaCl crypto_shorthash siphash24 deterministic output Original / libsodium / usage-python3-nacl-bindings-shorthash-siphash-batch12 Passed
Invokes nacl.bindings.crypto_shorthash on a fixed message with a fixed 16-byte SipHash-2-4 key, asserts the output is exactly crypto_shorthash_BYTES (8) long, that the same inputs produce the same digest, that swapping the key changes the digest, and that swapping the message changes the digest.
PyNaCl bindings.sodium_increment little-endian carry Original / libsodium / usage-python3-nacl-bindings-sodium-increment Passed
Calls nacl.bindings.sodium_increment on a 16-byte little-endian counter starting at 0xff..ff in the low byte to assert the carry propagates and the function returns the buffer untouched in length, and runs a second increment from all-zero to confirm the result is exactly 0x01 followed by zeros.
PyNaCl keyed BLAKE2b length Original / libsodium / usage-python3-nacl-blake2b-keyed-length-batch11 Passed
python3 nacl blake2b personalised Original / libsodium / usage-python3-nacl-blake2b-personal Passed
Computes a personalised BLAKE2b digest twice through PyNaCl and verifies the personalisation argument produces a stable digest.
python3-nacl blake2b raw digest Original / libsodium / usage-python3-nacl-blake2b-raw-digest Passed
PyNaCl BLAKE2b hash Original / libsodium / usage-python3-nacl-blake2b Passed
PyNaCl public box round trip Original / libsodium / usage-python3-nacl-box-roundtrip Passed
Encrypts and decrypts a message through a PyNaCl public-key Box and verifies the plaintext round-trips.
PyNaCl crypto_kx client/server session keys symmetry Original / libsodium / usage-python3-nacl-crypto-kx-session-keys Passed
Builds two libsodium kx keypairs through nacl.bindings.crypto_kx_keypair, derives client and server session keys with crypto_kx_client_session_keys and crypto_kx_server_session_keys, and asserts the sizes match crypto_kx_SESSIONKEYBYTES and that client_rx == server_tx and client_tx == server_rx.
PyNaCl detached verify Original / libsodium / usage-python3-nacl-detached-verify Passed
Signs a message with PyNaCl, verifies the detached signature, and confirms the original plaintext is returned.
PyNaCl nacl.encoding.Base16Encoder roundtrip Original / libsodium / usage-python3-nacl-encoding-base16 Passed
Hashes a fixed input with nacl.hash.sha256 using Base16Encoder, asserts the encoded digest is the documented 64-character uppercase hex string for the FIPS 180-4 "abc" SHA-256 test vector, and round-trips the digest through Base16Encoder.decode back to the raw 32-byte digest produced with RawEncoder. Exercises PyNaCl's Base16Encoder against a libsodium-backed hash output.
PyNaCl generichash digest length at MIN and MAX boundaries Original / libsodium / usage-python3-nacl-generichash-bytes-bounds Passed
Reads nacl.bindings.crypto_generichash_BYTES_MIN, crypto_generichash_BYTES, and crypto_generichash_BYTES_MAX, asserts the libsodium documented values (16, 32, 64), and exercises crypto_generichash on the MIN, default, and MAX digest lengths against a fixed message and a fixed key, asserting each output has the requested length and that the same inputs are deterministic.
PyNaCl hex encoder roundtrip Original / libsodium / usage-python3-nacl-hex-encoder-roundtrip-batch11 Passed
PyNaCl hex public key Original / libsodium / usage-python3-nacl-hex-public-key Passed
PyNaCl Box Alice-to-Bob encrypt and Bob-side decrypt Original / libsodium / usage-python3-nacl-public-box-alice-bob Passed
Constructs two PyNaCl PrivateKeys from deterministic raw seeds, encrypts a payload with Box(alice_sk, bob_pk), decrypts on Bob's side with Box(bob_sk, alice_pk), and asserts the recovered plaintext matches exactly.
PyNaCl public Box wrong key failure Original / libsodium / usage-python3-nacl-public-box-wrong-key-fails-batch11 Passed
python3-nacl public box round trip Original / libsodium / usage-python3-nacl-public-box Passed
PyNaCl public key bytes Original / libsodium / usage-python3-nacl-public-key-bytes Passed
PyNaCl public key hex construct Original / libsodium / usage-python3-nacl-public-key-hex-construct-batch11 Passed
python3 nacl public key hex Original / libsodium / usage-python3-nacl-public-key-hex-roundtrip Passed
Encodes a PyNaCl public key with the HexEncoder and verifies the 64-character hex representation.
PyNaCl password hash string Original / libsodium / usage-python3-nacl-pwhash-str-roundtrip-batch11 Passed
PyNaCl password hash verify Original / libsodium / usage-python3-nacl-pwhash-verify Passed
PyNaCl password hash Original / libsodium / usage-python3-nacl-pwhash Passed
PyNaCl Box.shared_key is symmetric across both peers Original / libsodium / usage-python3-nacl-r10-box-shared-key-symmetric Passed
Constructs nacl.public.Box on both Alice and Bob using their PrivateKey/PublicKey pairs, calls Box.shared_key() on each side, and asserts the 32-byte raw secrets are byte-identical (Curve25519 ECDH symmetry).
PyNaCl randombytes_buf_deterministic is stable for a fixed seed Original / libsodium / usage-python3-nacl-r10-randombytes-deterministic Passed
Calls nacl.bindings.randombytes_buf_deterministic with a fixed 32-byte seed twice and asserts both 64-byte outputs are byte-identical, then asserts a different seed produces a different stream.
PyNaCl VerifyKey roundtrips through Base32Encoder Original / libsodium / usage-python3-nacl-r10-verify-key-base32-roundtrip Passed
Generates an Ed25519 SigningKey, exports its VerifyKey via nacl.encoding.Base32Encoder, reconstructs the VerifyKey from the encoded form, and asserts the reconstructed key verifies a signature produced by the original SigningKey.
PyNaCl AEAD XChaCha20-Poly1305 IETF roundtrip with associated data Original / libsodium / usage-python3-nacl-r11-aead-xchacha20poly1305-roundtrip Passed
Encrypts a payload with nacl.bindings.crypto_aead_xchacha20poly1305_ietf_encrypt under a 32-byte key, 24-byte nonce, and explicit associated data, then decrypts the ciphertext back to the original plaintext and asserts that flipping a single byte of the ciphertext produces a CryptoError on decrypt.
PyNaCl pwhash.argon2id.str then verify accepts and rejects passwords Original / libsodium / usage-python3-nacl-r11-pwhash-argon2id-verify Passed
Hashes a password with nacl.pwhash.argon2id.str at INTERACTIVE limits, asserts the resulting hash starts with the $argon2id$ prefix, verifies that the same password is accepted by nacl.pwhash.verify, and asserts a wrong password raises InvalidkeyError.
PyNaCl public Box round-trips between two keypairs Original / libsodium / usage-python3-nacl-r12-public-box-roundtrip Passed
Generates two PrivateKey instances, builds Box objects in both directions, encrypts a payload with a fixed 24-byte nonce from sender to receiver, decrypts on the receiver side back to the original plaintext, and asserts the ciphertext differs from the input.
PyNaCl SecretBox round-trips a payload under a fixed key and nonce Original / libsodium / usage-python3-nacl-r12-secretbox-roundtrip Passed
Encrypts a payload with nacl.secret.SecretBox using a deterministic 32-byte key and 24-byte nonce, asserts the ciphertext differs from plaintext, decrypts it back to the original, and verifies a flipped byte triggers nacl.exceptions.CryptoError on decrypt.
PyNaCl SigningKey produces a verifiable Ed25519 detached signature Original / libsodium / usage-python3-nacl-r12-signing-detached Passed
Creates a SigningKey from a fixed 32-byte seed, signs a payload, asserts the signature length is 64 bytes, verifies the signature with the matching VerifyKey, and confirms a tampered signature triggers BadSignatureError on verify.
PyNaCl SigningKey.sign produces a SignedMessage whose VerifyKey.verify recovers the message Original / libsodium / usage-python3-nacl-r13-ed25519-sign-attached-verify Passed
Builds a SigningKey from a fixed 32-byte seed, signs a payload to produce a SignedMessage with sig and message attributes, asserts the signature length is 64 bytes, verifies via VerifyKey.verify(SignedMessage), and confirms a flipped-byte signature raises BadSignatureError.
PyNaCl PrivateKey.encode/decode round-trips bytes through the hex encoder Original / libsodium / usage-python3-nacl-r13-private-key-hex-encode-decode Passed
Generates a PyNaCl PrivateKey, encodes it via HexEncoder, reconstructs a second PrivateKey from the hex string with the same encoder, and asserts both objects expose identical raw bytes and produce the same public key.
PyNaCl Box.encrypt with random nonces yields distinct ciphertexts that both decrypt Original / libsodium / usage-python3-nacl-r14-box-random-nonce-distinct-ct Passed
Generates two PrivateKey instances, builds Box objects in both directions, encrypts the same plaintext twice without supplying a nonce so the binding selects a fresh random nonce each time, asserts the two ciphertexts differ, and asserts both decrypt back to the identical original plaintext on the receiver side.
PyNaCl pwhash.argon2i.str hashes a password and verifies against the matching plaintext Original / libsodium / usage-python3-nacl-r14-pwhash-argon2i-str-verify Passed
Hashes a password with nacl.pwhash.argon2i.str at INTERACTIVE limits, asserts the resulting hash starts with the $argon2i$ prefix, calls nacl.pwhash.verify which must return True for the matching password, and asserts a different password raises InvalidkeyError.
PyNaCl URLSafeBase64Encoder round-trips a VerifyKey through encode and reconstruction Original / libsodium / usage-python3-nacl-r14-urlsafe-base64-verify-key-roundtrip Passed
Builds a SigningKey from a fixed seed, encodes its VerifyKey with URLSafeBase64Encoder, asserts the encoded form is bytes containing only URL-safe base64 characters, reconstructs a VerifyKey from the encoded form via the same encoder, and asserts the reconstructed key bytes match the original.
PyNaCl bindings crypto_kx_seed_keypair derives a deterministic keypair from a fixed seed Original / libsodium / usage-python3-nacl-r15-kx-seed-keypair-deterministic Passed
Calls nacl.bindings.crypto_kx_seed_keypair twice on the same fixed 32-byte seed, asserts both runs return identical (public, secret) pairs of the documented sizes (crypto_kx_PUBLIC_KEY_BYTES and crypto_kx_SECRET_KEY_BYTES), then calls again with a different seed and asserts both the public and secret keys differ — exercising libsodium's seeded X25519 keypair derivation through PyNaCl's low-level binding.
PyNaCl SigningKey round-trips through Base32Encoder back to identical bytes Original / libsodium / usage-python3-nacl-r15-signing-key-base32-roundtrip Passed
Builds a SigningKey from a fixed 32-byte seed, encodes it with Base32Encoder, asserts the encoded form is upper-case Base32 alphabet (A-Z 2-7) only with optional '=' padding, reconstructs the SigningKey from the encoded form via the same encoder, and asserts the reconstructed key signs a fixed message to a byte-identical detached signature against the original.
PyNaCl nacl.pwhash.argon2id.kdf derives a 16-byte key from a fixed password and salt Original / libsodium / usage-python3-nacl-r16-argon2id-kdf-16-byte-output Passed
Calls nacl.pwhash.argon2id.kdf with a 16-byte output size, the documented OPSLIMIT_MIN and MEMLIMIT_MIN parameters, a fixed password and a fixed 16-byte salt, asserts the returned key is exactly 16 bytes, asserts a second call with identical inputs returns an identical key, and asserts a different salt produces a different key.
PyNaCl nacl.hash.blake2b returns a deterministic 32-byte hex digest for a fixed message Original / libsodium / usage-python3-nacl-r16-blake2b-vector-32-byte-digest Passed
Computes nacl.hash.blake2b twice over the same payload with digest_size=32 and the HexEncoder, asserts the output is a 64-character hex string identical across the two calls, and asserts that a different payload yields a different digest, exercising libsodium's BLAKE2b binding.
PyNaCl nacl.bindings AEAD XChaCha20-Poly1305 round-trips a payload with AAD Original / libsodium / usage-python3-nacl-r17-aead-encrypt-decrypt-roundtrip Passed
Encrypts a fixed payload with associated data using nacl.bindings.crypto_aead_xchacha20poly1305_ietf_encrypt under a random 32-byte key and 24-byte nonce, asserts the ciphertext length equals plaintext+16 (Poly1305 tag) bytes, decrypts with the matching call and asserts the recovered plaintext equals the original byte-for-byte.
PyNaCl nacl.hash.sha512 returns a 128-character lowercase hex digest by default Original / libsodium / usage-python3-nacl-r18-hash-sha512-hex-length-128 Passed
Calls nacl.hash.sha512(b"") with the default HexEncoder and asserts the output is a 128-character ASCII bytes string containing only [0-9a-f], confirming the libsodium SHA-512 default hex-encoded output shape; also calls sha512 on a non-empty payload and asserts the result differs from the empty-input digest.
PyNaCl SecretBox encrypt and decrypt round-trip a fixed payload with explicit nonce Original / libsodium / usage-python3-nacl-r18-secretbox-easy-construct-roundtrip Passed
Constructs a nacl.secret.SecretBox from a random 32-byte key, encrypts a fixed payload with an explicit 24-byte nonce, asserts the EncryptedMessage's ciphertext length equals plaintext+16 (Poly1305 tag) and that nonce attribute equals the supplied nonce, then decrypts using the SecretBox API and asserts the recovered plaintext equals the original byte-for-byte.
PyNaCl SealedBox ciphertext is exactly plaintext + 48 bytes of overhead Original / libsodium / usage-python3-nacl-r19-sealed-box-overhead-48 Passed
Builds a nacl.public.PrivateKey, derives the public key, constructs a nacl.public.SealedBox over the public key only, encrypts a fixed payload, asserts the ciphertext length equals len(plaintext) + 48 (32-byte ephemeral pubkey + 16-byte Poly1305 tag), then constructs a SealedBox over the PrivateKey and asserts decrypt returns the original plaintext byte-for-byte.
PyNaCl SecretBox EncryptedMessage total length is plaintext + 40 bytes (24 nonce + 16 tag) Original / libsodium / usage-python3-nacl-r19-secretbox-ciphertext-overhead-40 Passed
Encrypts a fixed payload with nacl.secret.SecretBox using an auto-generated nonce, asserts len(EncryptedMessage) == len(plaintext) + 40 (24-byte nonce prefix + 16-byte Poly1305 tag), asserts the ciphertext attribute alone is len(plaintext) + 16, and decrypts via SecretBox(key).decrypt(enc) asserting the recovered plaintext equals the original byte-for-byte.
PyNaCl SigningKey.verify_key.encode returns a 32-byte Ed25519 public key Original / libsodium / usage-python3-nacl-r20-signing-key-verify-key-bytes-length-32 Passed
Generates a random SigningKey, accesses .verify_key.encode(), asserts the result has length 32 (Ed25519 public-key bytes), asserts the SigningKey.encode() seed length is also 32, and asserts re-deriving from the same SigningKey produces an identical 32-byte verify key, confirming libsodium-backed Ed25519 key sizes.
python3-nacl bindings crypto_kx_keypair returns 32-byte public and 32-byte secret keys Original / libsodium / usage-python3-nacl-r21-bindings-crypto-kx-keypair-sizes Passed
Calls nacl.bindings.crypto_kx_keypair() and asserts the returned (pk, sk) tuple has both members of length 32 and that the pair is distinct across two calls, exercising libsodium's crypto_kx key generation primitive.
python3-nacl SecretBox nonce length constant equals 24 and encrypt requires 24-byte nonce Original / libsodium / usage-python3-nacl-r21-secretbox-explicit-24-byte-nonce Passed
Asserts nacl.secret.SecretBox.NONCE_SIZE equals 24 and that encrypting with a freshly generated 24-byte nonce produces a ciphertext that decrypts back to the original plaintext via libsodium XSalsa20-Poly1305.
python3-nacl VerifyKey.verify accepts raw 64-byte signature and message bytes Original / libsodium / usage-python3-nacl-r21-signing-verify-accepts-raw-bytes Passed
Signs a message with SigningKey, calls sign(...).signature to obtain raw 64-byte signature bytes, passes those bytes plus the original message to VerifyKey.verify, and asserts the returned value equals the original message, exercising libsodium Ed25519 raw-bytes verification path.
PyNaCl SealedBox roundtrip Original / libsodium / usage-python3-nacl-r9-sealedbox-roundtrip Passed
Generates a Curve25519 PrivateKey, encrypts a payload to its public key with SealedBox, and verifies the original private key decrypts the message.
PyNaCl SecretBox rejects tampered ciphertext Original / libsodium / usage-python3-nacl-r9-secretbox-tampered-fails Passed
Encrypts with PyNaCl SecretBox, mutates a single byte of the ciphertext, and verifies decryption raises CryptoError.
PyNaCl random bytes length Original / libsodium / usage-python3-nacl-random-bytes-length Passed
PyNaCl random size Original / libsodium / usage-python3-nacl-random-size Passed
python3-nacl sealed box empty payload Original / libsodium / usage-python3-nacl-sealed-box-empty Passed
PyNaCl sealed box Original / libsodium / usage-python3-nacl-sealed-box Passed
python3-nacl secretbox base64 Original / libsodium / usage-python3-nacl-secretbox-base64 Passed
PyNaCl SecretBox empty message Original / libsodium / usage-python3-nacl-secretbox-empty-message Passed
Encrypts and decrypts an empty payload with PyNaCl SecretBox and verifies the empty plaintext round trip.
python3 nacl secretbox key size Original / libsodium / usage-python3-nacl-secretbox-key-size Passed
PyNaCl secretbox memoryview Original / libsodium / usage-python3-nacl-secretbox-memoryview Passed
PyNaCl SecretBox nonce size Original / libsodium / usage-python3-nacl-secretbox-nonce-size Passed
Encrypts data with PyNaCl SecretBox and verifies the generated nonce uses the expected libsodium size.
PyNaCl explicit nonce Original / libsodium / usage-python3-nacl-secretbox-nonce Passed
PyNaCl random secretbox Original / libsodium / usage-python3-nacl-secretbox-random Passed
PyNaCl SecretBox wrong key failure Original / libsodium / usage-python3-nacl-secretbox-wrong-key-fails-batch11 Passed
python3-nacl secretbox Original / libsodium / usage-python3-nacl-secretbox Passed
PyNaCl secretstream xchacha20poly1305 explicit rekey Original / libsodium / usage-python3-nacl-secretstream-rekey-batch12 Passed
Drives the low-level nacl.bindings secretstream xchacha20poly1305 push state through three chunks (MESSAGE, MESSAGE, FINAL) under a fixed 32-byte key with an explicit crypto_secretstream_xchacha20poly1305_rekey call between chunks, then mirrors the same rekey calls on the pull side and asserts every chunk decrypts back to the original plaintext and that the final tag equals TAG_FINAL.
PyNaCl secretstream xchacha20poly1305 roundtrip Original / libsodium / usage-python3-nacl-secretstream-roundtrip Passed
Drives a multi-message crypto_secretstream_xchacha20poly1305 push/pull pair through PyNaCl bindings and asserts every chunk decrypts and the FINAL tag is observed.
PyNaCl seeded signing deterministic Original / libsodium / usage-python3-nacl-seeded-signing-deterministic-batch11 Passed
PyNaCl SHA-256 digest Original / libsodium / usage-python3-nacl-sha256 Passed
PyNaCl SHA512 digest hex Original / libsodium / usage-python3-nacl-sha512-digest-hex Passed
PyNaCl SHA512 hash Original / libsodium / usage-python3-nacl-sha512 Passed
PyNaCl sign hex Original / libsodium / usage-python3-nacl-sign-hex Passed
PyNaCl signing key from secret bytes Original / libsodium / usage-python3-nacl-sign-publickey-from-secretkey Passed
Reconstructs a PyNaCl signing key from raw secret-key bytes and verifies the restored key can produce a signature accepted by the original verify key.
PyNaCl seeded signing key Original / libsodium / usage-python3-nacl-sign-seeded Passed
PyNaCl sign verify hex Original / libsodium / usage-python3-nacl-sign-verify-hex Passed
Signs and verifies a payload with hex encoding through PyNaCl and verifies the restored plaintext.
PyNaCl signature tamper failure Original / libsodium / usage-python3-nacl-signature-tamper-fails-batch11 Passed
PyNaCl SignedMessage attached signature roundtrip Original / libsodium / usage-python3-nacl-signed-message-roundtrip Passed
Signs a message with nacl.signing.SigningKey.sign, asserts the returned object is a nacl.signing.SignedMessage with the expected .message and 64-byte .signature attributes, that bytes(signed) is exactly signature || message (the libsodium attached-signature wire format), and that VerifyKey.verify accepts the attached form bytes(signed) and returns the original message bytes.
python3 nacl deterministic signing Original / libsodium / usage-python3-nacl-signing-deterministic Passed
Signs the same payload twice from a fixed seed through PyNaCl SigningKey and verifies the deterministic Ed25519 signatures match.
PyNaCl SigningKey from hex seed verified via hex VerifyKey Original / libsodium / usage-python3-nacl-signing-from-hex-seed Passed
Builds a PyNaCl SigningKey from a fixed hex-encoded seed, signs a known message, exports the verify key as hex, reconstructs a VerifyKey from that hex, and asserts the signature verifies for the original message and fails for a tampered one.
python3-nacl signing key bytes Original / libsodium / usage-python3-nacl-signing-key-bytes Passed
python3-nacl signing Original / libsodium / usage-python3-nacl-signing Passed
PyNaCl URLSafeBase64Encoder roundtrip with KAT Original / libsodium / usage-python3-nacl-urlsafe-base64-encoder-roundtrip Passed
Encodes a fixed byte string with nacl.encoding.URLSafeBase64Encoder, asserts the output uses the URL-safe alphabet (no '+' or '/' characters and uses '-' and '_' for the appropriate inputs), decodes it back through the same encoder and asserts byte-for-byte equality with the original, and confirms a 32-byte payload round-trips at the expected encoded length.
PyNaCl URLSafeBase64Encoder VerifyKey roundtrip Original / libsodium / usage-python3-nacl-urlsafe-base64-verify-key Passed
Builds a SigningKey from a deterministic 32-byte seed, encodes its VerifyKey with nacl.encoding.URLSafeBase64Encoder, asserts the encoded form is URL-safe (no '+' or '/' characters) and decodes back to the same 32 raw bytes via VerifyKey reconstruction, and that the reconstructed key verifies a signature produced by the original signing key.
PyNaCl nacl.utils.random produces distinct buffers across calls Original / libsodium / usage-python3-nacl-utils-random-distinct Passed
Calls nacl.utils.random(32) five times and asserts every returned buffer has the requested length and that every pair of buffers is distinct, confirming PyNaCl's libsodium-backed CSPRNG is not stuck on a constant value. The probability of an accidental collision over five 256-bit draws is vanishingly small, so a repeat indicates a real RNG fault.
python3 nacl random 64 bytes Original / libsodium / usage-python3-nacl-utils-random-large Passed
python3-nacl verify key base64 Original / libsodium / usage-python3-nacl-verify-key-base64 Passed
PyNaCl verify key bytes Original / libsodium / usage-python3-nacl-verify-key-bytes Passed
R sodium HMAC-SHA512-256 auth roundtrip Original / libsodium / usage-r-cran-sodium-auth-roundtrip Passed
Generates a 32-byte secret key, computes an HMAC-SHA512-256 tag with sodium::data_tag using a fixed key, and asserts the tag length is 32 bytes and is deterministic for the same input but changes when either the message or the key changes.
R sodium bin2hex/hex2bin roundtrip across keygen output Original / libsodium / usage-r-cran-sodium-bin2hex-roundtrip Passed
Generates a curve25519 secret key with sodium::keygen, encodes it via sodium::bin2hex, asserts the encoded form has length 64 and matches lowercase hex, and asserts hex2bin decodes back to the exact original raw bytes.
R sodium data_encrypt round-trip and tamper detection Original / libsodium / usage-r-cran-sodium-data-encrypt-aad Passed
Encrypts a payload with sodium::data_encrypt under fixed key and nonce, asserts the ciphertext length is plaintext + 16 (Poly1305 tag) and that data_decrypt recovers the plaintext exactly, then flips a ciphertext byte and confirms data_decrypt raises an authentication error rather than silently returning the corrupted plaintext.
R sodium data_encrypt round-trip Original / libsodium / usage-r-cran-sodium-data-encrypt-roundtrip Passed
Encrypts a payload with sodium::data_encrypt under a fixed key and nonce, then decrypts and asserts the recovered bytes match the original.
R sodium Curve25519 Diffie-Hellman shared secret Original / libsodium / usage-r-cran-sodium-diffie-hellman-batch12 Passed
Generates two Curve25519 keypairs with sodium::keygen + sodium::pubkey, computes the Diffie-Hellman shared secret in both directions with sodium::diffie_hellman, asserts each side derives an identical 32-byte raw shared secret, and that an unrelated third secret key produces a different shared secret with the first public key.
R sodium hashes data Original / libsodium / usage-r-cran-sodium-hash Passed
R sodium hex2bin rejects invalid hex input Original / libsodium / usage-r-cran-sodium-hex2bin-invalid-input Passed
Calls sodium::hex2bin on inputs that violate the hex grammar (odd-length string, character outside [0-9a-fA-F]) and asserts that hex2bin either raises an error or returns a value that is clearly not the round-trip of a valid encoding, while a valid 64-character hex string still decodes to exactly 32 raw bytes that bin2hex re-encodes to the same lowercase hex.
R sodium::keygen produces distinct keys across calls Original / libsodium / usage-r-cran-sodium-keygen-distinct Passed
Calls sodium::keygen() five times, asserts each result is a 32-byte raw vector, that every pair of generated keys is distinct, and that each derived public key (sodium::pubkey) is also 32 bytes and differs from its corresponding secret key. Confirms r-cran-sodium's libsodium-backed CSPRNG produces independent X25519 secret keys on repeat invocations rather than reusing a stuck value.
R sodium keygen produces 32-byte key Original / libsodium / usage-r-cran-sodium-keygen-length Passed
Calls sodium::keygen and sodium::pubkey to confirm secret/public key byte lengths match the libsodium curve25519 constants.
R sodium password_store and password_verify roundtrip Original / libsodium / usage-r-cran-sodium-password-store-verify Passed
Stores a password hash with sodium::password_store and asserts password_verify accepts the original password and rejects a different one.
R sodium scrypt KDF deterministic for fixed salt and password Original / libsodium / usage-r-cran-sodium-pwhash-deterministic Passed
Derives a fixed-size key with sodium::scrypt from a UTF-8 password and 32-byte salt, asserts the digest length matches the requested size, that re-running with identical inputs produces byte-identical output (deterministic scrypt KDF), and that altering either the password or the salt produces a different digest. Exercises the password-derived KDF path that R sodium exposes through libsodium.
r-cran-sodium sha512 matches a known-answer vector Original / libsodium / usage-r-cran-sodium-r10-sha512-kat Passed
Calls sodium::sha512 on the canonical "abc" test vector and asserts the resulting 64-byte raw digest matches the FIPS 180-4 SHA-512("abc") known-answer in hex form, then asserts the empty-input digest matches its standard known-answer.
r-cran-sodium data_encrypt and data_decrypt round-trip a payload Original / libsodium / usage-r-cran-sodium-r11-data-encrypt-roundtrip Passed
Encrypts a binary payload with sodium::data_encrypt under a 32-byte key and 24-byte nonce, decrypts the resulting ciphertext back to the original bytes, and asserts that flipping a single byte of the ciphertext makes data_decrypt error out — exercising the secretbox-style authenticated encryption wrapper.
r-cran-sodium sha256 returns a 32-byte digest for a known input Original / libsodium / usage-r-cran-sodium-r12-sha256-hash-length Passed
Hashes a fixed ASCII payload via sodium::sha256, asserts the digest is a 32-byte raw vector, hashes the same input again and asserts the two digests are byte-identical (deterministic), and asserts a different payload yields a different digest.
r-cran-sodium hash() with explicit size returns a digest of that length Original / libsodium / usage-r-cran-sodium-r13-hash-blake2b-length Passed
Hashes a fixed payload with sodium::hash(size=32) and sodium::hash(size=64), asserts each returned raw vector has the requested length, and asserts re-hashing the same input yields byte-identical output (deterministic).
r-cran-sodium password_verify accepts the original password and rejects a near-miss Original / libsodium / usage-r-cran-sodium-r13-password-verify-rejects-wrong Passed
Stores a hash with sodium::password_store, asserts password_verify returns TRUE for the original password, returns FALSE for a single-character variant, and returns FALSE for an empty string.
r-cran-sodium sig_keygen produces distinct ed25519 keys across calls Original / libsodium / usage-r-cran-sodium-r14-sig-keygen-distinct Passed
Calls sodium::sig_keygen() five times, asserts each result is a 64-byte raw vector (libsodium expanded ed25519 secret key), asserts every pair of generated keys is distinct, and asserts each derived sig_pubkey is a distinct 32-byte public key.
r-cran-sodium data_tag returns distinct 32-byte tags under distinct keys for the same message Original / libsodium / usage-r-cran-sodium-r15-data-tag-distinct-keys-distinct-tags Passed
Computes data_tag over a fixed message under three distinct 32-byte keys, asserts each tag is a 32-byte raw vector, asserts pairwise tag inequality across the three keys, and asserts re-computing data_tag with the first key yields a byte-identical tag (determinism) — exercising r-cran-sodium's libsodium-backed HMAC-SHA512-256.
r-cran-sodium data_encrypt then data_decrypt recovers a fixed payload under a 24-byte nonce Original / libsodium / usage-r-cran-sodium-r16-data-encrypt-decrypt-roundtrip-distinct-nonce Passed
Encrypts a fixed message with sodium::data_encrypt under a 32-byte key and a 24-byte nonce, asserts the ciphertext is exactly plaintext-length plus 16 bytes (Poly1305 MAC), decrypts via sodium::data_decrypt and asserts the recovered raw vector equals the original message bytes.
r-cran-sodium sha256 followed by bin2hex returns 64 lowercase hex characters Original / libsodium / usage-r-cran-sodium-r16-sha256-hex-length-64 Passed
Hashes a fixed message with sodium::sha256, asserts the resulting raw vector is 32 bytes, converts to hex via sodium::bin2hex and asserts the hex string is exactly 64 characters of [0-9a-f], and asserts re-hashing the same message yields the identical hex digest.
r-cran-sodium keygen returns a 32-byte raw vector for secret key material Original / libsodium / usage-r-cran-sodium-r17-keygen-length-32 Passed
Calls sodium::keygen() twice, asserts each result is a raw vector of length exactly 32 (libsodium-derived symmetric key length), asserts the two keys differ (RNG sanity), and asserts a third call still yields a 32-byte raw vector distinct from both prior keys.
r-cran-sodium random(48) returns 48-byte raw vector and is non-deterministic Original / libsodium / usage-r-cran-sodium-r17-random-length-48 Passed
Calls sodium::random(48) twice, asserts each result is a raw vector of length exactly 48 (libsodium randombytes_buf path), and asserts the two raw vectors differ (RNG sanity); additionally asserts random(1) returns a single-byte raw vector.
r-cran-sodium data_tag is deterministic for identical message and key inputs Original / libsodium / usage-r-cran-sodium-r18-data-tag-deterministic-same-inputs Passed
Generates a 32-byte key, computes sodium::data_tag(msg, key) twice on the same byte vector with the same key, and asserts both outputs are raw vectors of length 32 (libsodium generichash default) and identical byte-for-byte, then computes data_tag with a fresh key and asserts the result is a 32-byte raw vector that differs from the original tag.
r-cran-sodium sig_keygen + sig_sign + sig_verify accept a valid Ed25519 signature Original / libsodium / usage-r-cran-sodium-r18-sig-keygen-roundtrip-verify Passed
Calls sodium::sig_keygen() to obtain an Ed25519 secret key, derives the public key with sig_pubkey(), signs a raw byte vector via sig_sign, asserts the signature is a 64-byte raw vector, then calls sig_verify with the public key and asserts the function returns TRUE for the untampered payload.
r-cran-sodium sig_keygen produces 64-byte private key with derivable 32-byte public key Original / libsodium / usage-r-cran-sodium-r19-sig-keygen-lengths Passed
Calls sodium::sig_keygen() to produce an Ed25519 private key, asserts it is a raw vector of length 64 (libsodium concatenated seed+publickey layout), calls sodium::sig_pubkey(priv) and asserts the derived public key is a raw vector of length 32, and asserts a second sig_keygen() call yields a private key of length 64 that differs from the first.
r-cran-sodium bin2hex on an empty raw vector returns an empty character Original / libsodium / usage-r-cran-sodium-r20-bin2hex-empty-string Passed
Calls sodium::bin2hex(raw(0)) in R, asserts the return is a character of nchar 0, then calls sodium::hex2bin on an empty hex string and asserts the result is a raw of length 0, confirming libsodium-backed hex encoding correctly handles the zero-length boundary.
r-cran-sodium diffie_hellman derives identical shared secret from both sides Original / libsodium / usage-r-cran-sodium-r21-scalar-multiplication-roundtrip Passed
Generates two keygen secret keys and their corresponding pubkey() public keys, computes diffie_hellman(alice_sk, bob_pk) and diffie_hellman(bob_sk, alice_pk), and asserts both 32-byte shared-secret raw vectors are byte-for-byte identical, exercising libsodium's curve25519 scalar multiplication.
r-cran-sodium bin2hex length doubles Original / libsodium / usage-r-cran-sodium-r9-bin2hex-length Passed
Calls sodium::bin2hex on a 32-byte random buffer and verifies the resulting hex string has length 64 and matches a hex regex.
R sodium random() returns requested byte counts Original / libsodium / usage-r-cran-sodium-random-length Passed
Calls sodium::random with several sizes (16, 24, 32, 64) and asserts each result is a raw vector of the exact requested length and that two independent calls of size 32 produce different bytes (probabilistic but the collision space is 2^256).
R sodium SHA-256 known-answer Original / libsodium / usage-r-cran-sodium-sha256-kat Passed
Computes sodium::sha256 of the canonical "abc" input and asserts the hex digest matches the FIPS 180-4 known-answer vector.
R sodium ed25519 sign and sig_verify Original / libsodium / usage-r-cran-sodium-sig-verify Passed
Generates an ed25519 signing key with sodium::sig_keygen, signs a binary payload with sodium::sig, and asserts sig_verify accepts the signature with the matching public key (sig_pubkey) and rejects it for a tampered message.
RbNaCl Argon2 password hash and digest length Original / libsodium / usage-ruby-rbnacl-argon2-pwhash Passed
Derives an Argon2 hash via RbNaCl::PasswordHash.argon2 at moderate ops/mem limits, asserts the requested output digest length, and confirms the digest is deterministic for the same salt and password but changes when the password is altered.
RbNaCl Argon2 password hash deterministic and salt-sensitive Original / libsodium / usage-ruby-rbnacl-argon2-tampered-fails Passed
Produces Argon2 password-hash strings via RbNaCl::PasswordHash.argon2 at interactive limits, asserts the hash has the expected fixed digest length, that hashing the same password with the same 16-byte salt and parameters is deterministic, and that hashing the same password with a different salt yields a different digest.
RbNaCl OneTimeAuth Poly1305 authenticate and verify Original / libsodium / usage-ruby-rbnacl-auth-onetime Passed
Authenticates a fixed message with RbNaCl::OneTimeAuths::Poly1305 under a 32-byte key, asserts the produced tag is exactly 16 bytes, that verify accepts the matching tag, that a tampered tag raises BadAuthenticatorError, and that a different key also rejects the tag.
RbNaCl BLAKE2b digest of empty input Original / libsodium / usage-ruby-rbnacl-blake2b-empty-input Passed
Computes RbNaCl::Hash.blake2b on an empty string at the default 64-byte digest length and asserts the output length and that it matches the BLAKE2b-512 known answer for the empty message (786a02f742015903... as documented in RFC 7693 Appendix A and the upstream BLAKE2 reference).
RbNaCl keyed BLAKE2b digest length Original / libsodium / usage-ruby-rbnacl-blake2b-keyed-length Passed
Derives a keyed BLAKE2b digest at a non-default 48-byte length and asserts the output length and that swapping the key changes the digest.
RbNaCl Box Curve25519XSalsa20Poly1305 Alice-to-Bob roundtrip Original / libsodium / usage-ruby-rbnacl-box-alice-bob Passed
Builds Alice and Bob curve25519 keypairs from deterministic seeds via RbNaCl::PrivateKey.new, encrypts a payload with RbNaCl::Box on Alice's side, decrypts on Bob's side, and asserts the recovered plaintext matches.
RbNaCl Ed25519 SigningKey from seed is deterministic Original / libsodium / usage-ruby-rbnacl-ed25519-from-seed-deterministic Passed
Constructs two RbNaCl::Signatures::Ed25519::SigningKey instances from the same fixed 32-byte seed and a third from a different seed, asserts that signatures over the same message match for the matching seeds and differ for the distinct seed, that the verify keys round-trip via to_bytes, and that the corresponding VerifyKey accepts the signature for the original message and rejects a tampered message.
RbNaCl Ed25519 sign and verify Original / libsodium / usage-ruby-rbnacl-ed25519-sign-verify Passed
Builds a deterministic Ed25519 signing key from a fixed seed, signs a known message, and verifies the signature with the matching VerifyKey.
RbNaCl HMAC-SHA256 authenticate and verify Original / libsodium / usage-ruby-rbnacl-hmac-sha256-auth-batch12 Passed
Authenticates a fixed message with RbNaCl::HMAC::SHA256 under a 32-byte key, asserts the produced tag is exactly 32 bytes, that verify accepts the matching tag, that a tampered tag raises BadAuthenticatorError, and that a different key also rejects the tag.
RbNaCl Blake2b personal tag changes the digest Original / libsodium / usage-ruby-rbnacl-r10-blake2b-personal-tag Passed
Hashes the same payload with RbNaCl::Hash.blake2b under two different :personal tag strings (and the same key/salt/digest_size) and asserts the resulting digests differ, confirming the personalization parameter is wired through to libsodium.
RbNaCl PrivateKey derives matching PublicKey Original / libsodium / usage-ruby-rbnacl-r10-private-key-derive-public Passed
Generates a Curve25519 PrivateKey via RbNaCl::PrivateKey.generate, reads back its 32-byte public_key bytes, reconstructs a PublicKey from those bytes, and asserts a Box built from the reconstructed peer public key encrypts a message that the original keypair can decrypt.
RbNaCl SecretBox raises CryptoError when ciphertext is mutated Original / libsodium / usage-ruby-rbnacl-r11-secretbox-corruption-detected Passed
Encrypts a payload with RbNaCl::SecretBox under a 32-byte key and 24-byte nonce, decrypts the original ciphertext to recover the plaintext, then flips a single byte of the ciphertext and asserts that the decrypt call raises RbNaCl::CryptoError instead of silently returning forged plaintext.
RbNaCl SigningKey from a fixed seed produces a deterministic Ed25519 key Original / libsodium / usage-ruby-rbnacl-r11-signing-key-from-seed-deterministic Passed
Constructs two RbNaCl::SigningKey instances from the identical 32-byte seed and asserts they share the same verify_key bytes, sign the same message identically, and produce 64-byte signatures that the matching verify_key accepts.
RbNaCl SecretBox decrypt fails when nonce differs from encrypt nonce Original / libsodium / usage-ruby-rbnacl-r12-secretbox-nonce-mismatch-fails Passed
Encrypts a payload with RbNaCl::SecretBox under a 32-byte key and a specific 24-byte nonce, asserts decrypt with the original nonce returns the plaintext, then asserts decrypt with a different nonce raises RbNaCl::CryptoError.
RbNaCl SigningKey produces verifiable Ed25519 detached signature Original / libsodium / usage-ruby-rbnacl-r12-signing-key-detached-sig Passed
Creates an RbNaCl::SigningKey from a fixed seed, signs a payload, asserts the detached signature is exactly 64 bytes, verifies it via the VerifyKey, and asserts a flipped byte raises BadSignatureError.
RbNaCl Hash::Blake2b.digest is deterministic at the requested digest size Original / libsodium / usage-ruby-rbnacl-r13-blake2b-digest-deterministic Passed
Calls RbNaCl::Hash::Blake2b.digest twice on the same payload at digest_size 32, asserts both outputs are byte-identical and 32 bytes long, then asserts a different payload produces a different 32-byte digest.
RbNaCl SimpleBox round-trips a payload and produces distinct ciphertexts under random nonces Original / libsodium / usage-ruby-rbnacl-r13-simplebox-roundtrip-distinct Passed
Builds an RbNaCl::SimpleBox from a 32-byte secret key, encrypts the same payload twice, asserts both ciphertexts decrypt back to the plaintext and that the two ciphertexts differ (random nonce embedded in SimpleBox output).
RbNaCl Box round-trips a payload between two keypairs in both directions Original / libsodium / usage-ruby-rbnacl-r14-box-precompute-roundtrip Passed
Generates two PrivateKey instances, constructs RbNaCl::Box objects for sender->receiver and receiver->sender, encrypts a payload under a fixed 24-byte nonce, asserts the receiver-side Box decrypts back to the original plaintext, and asserts the same Box decrypt with a different nonce raises CryptoError.
RbNaCl HMAC::SHA512 authenticate, verify, and reject tampered tag Original / libsodium / usage-ruby-rbnacl-r14-hmac-sha512-auth-verify Passed
Constructs an RbNaCl::HMAC::SHA512 instance under a 32-byte key, authenticates a fixed message, asserts the produced tag is exactly 64 bytes, asserts verify accepts the matching tag and that flipping a tag byte raises BadAuthenticatorError, and asserts re-authenticating the same input under the same key reproduces the original tag (deterministic).
RbNaCl SecretBox encrypts and decrypts a zero-length message Original / libsodium / usage-ruby-rbnacl-r15-secretbox-empty-message Passed
Builds an RbNaCl::SecretBox from a fixed 32-byte key, encrypts an empty (zero-byte) message under a 24-byte nonce, asserts the resulting ciphertext is exactly 16 bytes (the libsodium crypto_secretbox MAC, with no plaintext bytes), decrypts back and asserts the recovered plaintext is an empty binary string. (RbNaCl 7.x does not expose SecretBox.tag_bytes; the MAC length is fixed at 16.)
RbNaCl SigningKey constructed from a fixed seed yields a deterministic 32-byte verify_key Original / libsodium / usage-ruby-rbnacl-r15-signing-key-from-seed-public-bytes Passed
Builds two RbNaCl::SigningKey instances from the same fixed 32-byte seed, asserts both verify_key values are 32 bytes, asserts they are equal byte-for-byte (deterministic seed -> public key derivation), and asserts a SigningKey from a different seed yields a different verify_key.
RbNaCl Ed25519 SigningKey/VerifyKey sign and verify a known message with a 64-byte signature Original / libsodium / usage-ruby-rbnacl-r16-ed25519-sign-verify-known-message Passed
Generates an Ed25519 SigningKey, signs a fixed message, asserts the detached signature is exactly 64 bytes, verifies the signature against the derived VerifyKey, and asserts that verifying a tampered message raises RbNaCl::BadSignatureError.
RbNaCl::SecretBox roundtrips a payload using KEYBYTES and NONCEBYTES constants Original / libsodium / usage-ruby-rbnacl-r16-secretbox-roundtrip-via-constants Passed
Builds a SecretBox from a 32-byte key sized by RbNaCl::SecretBox::KEYBYTES, encrypts a fixed payload under a nonce sized by RbNaCl::SecretBox::NONCEBYTES, asserts the ciphertext is exactly plaintext-length plus 16 (Poly1305 MAC), decrypts and asserts the recovered plaintext equals the original byte-for-byte.
RbNaCl::Random.random_bytes(64) returns exactly 64 bytes and is non-deterministic Original / libsodium / usage-ruby-rbnacl-r17-random-bytes-length-64 Passed
Calls RbNaCl::Random.random_bytes(64) twice, asserts each result is a String of bytesize exactly 64 (libsodium randombytes_buf path), asserts the two results differ (RNG sanity), and asserts random_bytes(32) returns a 32-byte string distinct from the 64-byte string's first 32 bytes.
RbNaCl::Hash::Blake2b.digest returns a 64-byte default digest and is deterministic Original / libsodium / usage-ruby-rbnacl-r18-blake2b-default-digest-length-64 Passed
Calls RbNaCl::Hash::Blake2b.digest twice on the same fixed input with no extra arguments, asserts both results are 64-byte binary strings (libsodium generichash default), asserts they are byte-for-byte equal (deterministic), then calls digest on a different input and asserts the result is a 64-byte string distinct from the original digest.
RbNaCl::Hash.sha256 returns 32 raw bytes that hex-encode to 64 lowercase hex characters Original / libsodium / usage-ruby-rbnacl-r18-sha256-hex-digest-length-64 Passed
Calls RbNaCl::Hash.sha256 on a fixed ASCII payload, asserts the result is a 32-byte binary String (libsodium SHA-256 length convention), encodes the bytes to lowercase hex via .unpack1("H*"), asserts the hex form is exactly 64 characters of [0-9a-f], and asserts a second call on the same input yields byte-identical output (deterministic).
RbNaCl::SimpleBox encrypt output length equals plaintext + 24-byte nonce + 16-byte tag Original / libsodium / usage-ruby-rbnacl-r19-simplebox-prepends-nonce Passed
Constructs RbNaCl::SimpleBox.from_secret_key with a 32-byte key, encrypts a fixed payload, asserts the returned ciphertext is plaintext.bytesize + 40 bytes long (24 nonce + 16 Poly1305 tag prepended), decrypts the same ciphertext via SimpleBox and asserts the recovered plaintext equals the original byte-for-byte, then asserts a second encrypt of the same plaintext yields a different ciphertext (random nonce).
ruby-rbnacl Blake2b digest_size parameter directly controls output bytesize Original / libsodium / usage-ruby-rbnacl-r20-blake2b-digest-size-controls-output Passed
Computes RbNaCl::Hash.blake2b on a fixed message at digest_size 16 and at digest_size 48, asserts the bytesize of each output equals the requested digest_size (16 and 48 respectively), and asserts the 16-byte digest equals the 16-byte prefix of the same construction's 16-byte run again (determinism check), confirming libsodium-backed Blake2b honours arbitrary digest_size selections.
ruby-rbnacl HMAC-SHA256 with distinct keys yields distinct tags for the same message Original / libsodium / usage-ruby-rbnacl-r20-hmac-sha256-distinct-keys-distinct-tags Passed
Generates two 32-byte HMAC SHA256 keys differing by one byte, authenticates the same message under each, and asserts the two resulting 32-byte tags are byte-wise distinct (and that verify accepts each tag under its own key), confirming libsodium-backed HMAC-SHA256 mixes the key bits into the output.
rbnacl OneTimeAuth.auth and .verify round-trip a 16-byte Poly1305 tag Original / libsodium / usage-ruby-rbnacl-r21-onetime-auth-verify-roundtrip Passed
Creates a 32-byte OneTimeAuth key, calls RbNaCl::OneTimeAuths::Poly1305.auth on a message, asserts the resulting tag is 16 bytes, then verifies it back via .verify and asserts the call returns true, exercising libsodium's crypto_onetimeauth Poly1305 path.
RbNaCl Blake2b derives stable subkey Original / libsodium / usage-ruby-rbnacl-r9-hkdf-derive Passed
Derives a 32-byte subkey twice using RbNaCl::Hash::Blake2b with the same key and salt, and verifies both invocations produce the same digest.
RbNaCl Random.random_bytes length and uniqueness Original / libsodium / usage-ruby-rbnacl-random-bytes-batch12 Passed
Calls RbNaCl::Random.random_bytes for several lengths (0, 1, 32, 1024) and asserts each return value is a binary-encoded String with the requested bytesize, then draws two independent 32-byte samples and asserts they differ (a 1-in-2**256 collision counts as a real bug).
RbNaCl SealedBox anonymous encryption round-trip Original / libsodium / usage-ruby-rbnacl-sealedbox-roundtrip-batch12 Passed
Encrypts a payload to a recipient's Curve25519 public key with RbNaCl::SealedBox.from_public_key, decrypts it back using SealedBox.from_private_key, asserts the recovered plaintext matches the original, that the ciphertext is exactly len(plaintext) + 48 bytes (32-byte ephemeral key + 16-byte Poly1305 tag), and that an unrelated recipient's secret key fails to decrypt the sealed message.
RbNaCl SecretBox key/nonce/MAC byte-length constants Original / libsodium / usage-ruby-rbnacl-secretbox-keygen-bytes Passed
Allocates a fresh RbNaCl::Random.random_bytes secret-box key, constructs an RbNaCl::SecretBox, and asserts SecretBox::KEYBYTES, key_bytes (instance accessor), nonce_bytes, and tag_bytes all match the libsodium XSalsa20-Poly1305 wire constants (32, 24, 16). Then encrypts a known payload and verifies the ciphertext is exactly plaintext_len + tag_bytes long, confirming the underlying crypto_secretbox MAC accounting.
RbNaCl SecretBox encrypts Original / libsodium / usage-ruby-rbnacl-secretbox Passed
RbNaCl SHA-256 known-answer Original / libsodium / usage-ruby-rbnacl-sha256-kat Passed
Hashes the canonical "abc" input with RbNaCl::Hash.sha256 and asserts the digest matches the FIPS 180-4 known-answer vector.
RbNaCl SHA-256 multiple FIPS 180-4 vectors Original / libsodium / usage-ruby-rbnacl-sha256-multi-vector Passed
Hashes a sequence of FIPS 180-4 SHA-256 known-answer inputs through RbNaCl::Hash.sha256 (the empty string, "abc", and the 56-character double-block message) and asserts each hex digest matches the published vector. Also asserts the same input hashed twice produces identical bytes, confirming the libsodium SHA-256 path is stateless and deterministic.
RbNaCl SHA-512 empty-string known-answer Original / libsodium / usage-ruby-rbnacl-sha512-empty-kat Passed
Hashes the empty byte string with RbNaCl::Hash.sha512 and asserts the digest exactly matches the FIPS 180-4 SHA-512("") known-answer vector and is 64 bytes long.
RbNaCl SHA-512 known-answer Original / libsodium / usage-ruby-rbnacl-sha512-kat Passed
Hashes the canonical "abc" input with RbNaCl::Hash.sha512 and asserts the digest matches the FIPS 180-4 known-answer vector.
RbNaCl::SimpleBox produces distinct ciphertexts under a fixed key Original / libsodium / usage-ruby-rbnacl-simplebox-distinct-ciphertexts Passed
Constructs an RbNaCl::SimpleBox from a fixed 32-byte secret key, encrypts the same plaintext four times, and asserts every ciphertext is distinct (because SimpleBox prepends a freshly drawn random nonce) while every ciphertext still decrypts back to the original plaintext. Confirms RbNaCl's libsodium-backed random nonce path yields ciphertext indistinguishability across repeated SimpleBox encryptions of identical inputs.
RbNaCl SimpleBox roundtrip Original / libsodium / usage-ruby-rbnacl-simplebox-roundtrip Passed
Encrypts and decrypts a payload with RbNaCl::SimpleBox via libsodium and asserts the plaintext round-trips exactly.
RbNaCl Util.verify32 constant-time comparison Original / libsodium / usage-ruby-rbnacl-util-verify32 Passed
Exercises the constant-time comparators RbNaCl::Util.verify32 and RbNaCl::Util.verify16 on equal byte strings, on strings differing in the first byte, on strings differing in the last byte, and on inputs of the wrong length, asserting the boolean return for equal/unequal and that wrong-length inputs do not return true.
RbNaCl Util.zeros and Util.bin2hex KAT Original / libsodium / usage-ruby-rbnacl-util-zero-bin2hex Passed
Builds a 32-byte zero buffer with RbNaCl::Util.zeros, asserts its length, content, and hex encoding via RbNaCl::Util.bin2hex, then encodes a known fixed byte sequence and asserts the exact lowercase hex matches the canonical expected string.
CVE-2025-69277 libsodium regression Original / libsodium / cve-2025-69277 Passed
Asserts that crypto_core_ed25519_is_valid_point rejects a low-order Edwards25519 point that is on the curve but not in the prime-order main subgroup, confirming the post-patch Y==Z check is in place.
libsodium compile link smoke Port / libsodium / compile-link-smoke Passed
libsodium hash behavior Port / libsodium / generichash-smoke Passed
libsodium key exchange randombytes Port / libsodium / key-exchange-randombytes Passed
libsodium secretbox round trip Port / libsodium / secretbox-roundtrip Passed
libsodium sign verify Port / libsodium / sign-verify Passed
ZeroMQ reports CURVE capability Port / libsodium / usage-libzmq5-curve-capability Passed
ZeroMQ CURVE keypair Port / libsodium / usage-libzmq5-curve-keypair Passed
ZeroMQ zmq_curve_public derives matching public key Port / libsodium / usage-libzmq5-curve-public-derive Passed
Generates a CURVE keypair via zmq_curve_keypair, then uses zmq_curve_public to derive the public key from the secret key alone, and asserts the derived 40-character Z85 public key matches the one produced by the keypair generator. Exercises libzmq5's libsodium-backed curve25519 scalar-mult-base path.
ZeroMQ PUB/SUB ipc:// transport with topic filter Port / libsodium / usage-libzmq5-pub-sub-ipc Passed
Compiles a ZeroMQ C client that opens a single-process PUB/SUB pair over an ipc:// endpoint inside a tmpdir, subscribes to a fixed topic prefix, retries the publish on the slow-joiner window with a small ZMQ_RCVTIMEO, and asserts the SUB socket receives exactly the published topic+payload bytes. Exercises the libsodium-linked ZeroMQ runtime on the no-encryption ipc transport with the SUB-side subscription filter.
ZeroMQ PUSH/PULL ipc:// transport roundtrip Port / libsodium / usage-libzmq5-push-pull-ipc Passed
Compiles a ZeroMQ C client that opens a single-process PUSH/PULL pair over an ipc:// endpoint inside a tmpdir, sends a fixed payload from PUSH and receives it on PULL, then asserts the received bytes match the original exactly. Exercises the ZeroMQ runtime that links against libsodium (used for CURVE on other transports) on the no-encryption ipc transport.
ZeroMQ ROUTER/DEALER inproc multipart roundtrip Port / libsodium / usage-libzmq5-r10-router-dealer-roundtrip Passed
Compiles a single-process ZeroMQ test that binds a ROUTER socket and connects a DEALER socket over inproc://, sends a request frame from the DEALER, reads the routing identity plus payload on the ROUTER, replies back through the same identity, and asserts the DEALER receives the reply payload.
ZeroMQ PUB/SUB inproc subscription filter delivers only matching prefix Port / libsodium / usage-libzmq5-r11-pub-sub-prefix-filter Passed
Compiles a single-process ZeroMQ test that binds a PUB socket and subscribes a SUB socket to the prefix "hi" over inproc://, sends two messages "hi-msg" and "skip-msg" from the publisher, and asserts the subscriber receives "hi-msg" while the non-matching "skip-msg" is filtered out.
ZeroMQ REQ/REP inproc request/reply roundtrip Port / libsodium / usage-libzmq5-r14-req-rep-inproc-roundtrip Passed
Compiles a single-process C program that binds a ZMQ_REP socket and connects a ZMQ_REQ socket over inproc://, sends "ping" from the requester, asserts the replier observes the request bytes, replies "pong", and asserts the requester recovers the reply bytes — exercising libzmq's libsodium-linked runtime.
ZeroMQ zmq_curve_keypair returns 40-character Z85-encoded public and secret keys Port / libsodium / usage-libzmq5-r15-curve-keypair-z85-length Passed
Compiles a single-process C program that calls zmq_curve_keypair into 41-byte buffers, asserts the call returns 0 (success), the resulting public and secret strings are exactly 40 Z85 characters each (libsodium-derived 32-byte keys, base85-encoded), and that the public key string differs from the secret key string.
ZeroMQ zmq_curve_public derives the same public key from a CURVE secret key Port / libsodium / usage-libzmq5-r18-curve-derive-public-from-secret Passed
Compiles a tiny C program that calls zmq_curve_keypair, captures its public key, then independently re-derives the public key from the same secret key with zmq_curve_public into a fresh buffer, asserts the call returns 0, asserts both derived public-key strings are 40-character Z85 strings, and asserts they are byte-for-byte identical (libsodium scalarmult-base path).
ZeroMQ zmq_curve_keypair returns distinct (public, secret) Z85 keys across two calls Port / libsodium / usage-libzmq5-r19-curve-keypair-two-runs-distinct Passed
Compiles a C program that calls zmq_curve_keypair twice in the same process to populate two pairs of 41-byte Z85 buffers, asserts each public and secret string is exactly 40 characters, and asserts pub1!=pub2 and sec1!=sec2 byte-wise, confirming libsodium-backed randomness produces fresh CURVE material on every invocation.
ZeroMQ zmq_z85_encode and zmq_z85_decode round-trip a 32-byte binary key Port / libsodium / usage-libzmq5-r19-z85-decode-roundtrip Passed
Compiles a C program that fills 32 random bytes via zmq_curve_keypair-derived material, encodes them with zmq_z85_encode into a 41-byte string buffer, asserts the encoded string is exactly 40 characters of printable ASCII, decodes back with zmq_z85_decode into a fresh 32-byte buffer, and asserts the decoded bytes equal the original byte-for-byte (libsodium-backed Z85 codec).
ZeroMQ zmq_has("curve") reports support compiled in (libsodium-backed) Port / libsodium / usage-libzmq5-r20-has-curve-mechanism-reports-true Passed
Compiles a C program that calls zmq_has("curve") and asserts the return value is exactly 1, then calls zmq_has("noexistent-mech") and asserts the return is 0, confirming the libsodium-linked libzmq build advertises the CURVE security mechanism via its capability query.
ZeroMQ zmq_z85_encode of 8 binary bytes yields a 10-character Z85 string Port / libsodium / usage-libzmq5-r20-z85-encode-length-multiple-of-four Passed
Compiles a C program that encodes 8 input bytes with zmq_z85_encode and asserts the returned buffer string-length is exactly 10 (8/4*5), confirming libsodium-backed Z85 alphabet expansion follows the documented 4-bytes-to-5-chars ratio.
ZeroMQ zmq_curve_public re-derives the Z85 public key from a generated secret key Port / libsodium / usage-libzmq5-r21-curve-public-from-z85-secret-roundtrip Passed
Compiles a C program that calls zmq_curve_keypair to generate a Z85 pub/sec pair, then calls zmq_curve_public on the secret to re-derive the public, and asserts both Z85 buffers are length 40 and byte-identical, exercising libsodium-backed curve25519 scalar multiplication through libzmq.
ZeroMQ PAIR inproc roundtrip Port / libsodium / usage-libzmq5-r9-pair-inproc Passed
Compiles a single-process ZMQ_PAIR client over an inproc:// transport and verifies bidirectional message exchange.
ZeroMQ runtime version reports valid integers Port / libsodium / usage-libzmq5-r9-version-runtime Passed
Calls zmq_version() and verifies that the reported major version is at least 4 and the patch is non-negative on the libsodium-linked runtime.
ZeroMQ REQ/REP ipc:// transport request/reply roundtrip Port / libsodium / usage-libzmq5-req-rep-ipc Passed
Compiles a ZeroMQ C client that opens a single-process REQ/REP pair over an ipc:// endpoint inside a tmpdir, sends a request from REQ, receives it on REP, sends a reply back, receives it on REQ, and asserts both directions transmit the expected payload bytes exactly. REQ/REP enforces strict alternation, so the test also asserts that the REP-side echo matches the original request bytes after a full round trip. Exercises the libsodium-linked ZeroMQ runtime on the no-encryption ipc transport.
libzmq5 Z85 round trip Port / libsodium / usage-libzmq5-z85-roundtrip Passed
minisign detached text Port / libsodium / usage-minisign-detached-text Passed
minisign signs with custom trusted comment Port / libsodium / usage-minisign-keygen-custom-comment Passed
Generates a passwordless minisign keypair, signs a payload with -t supplying a custom trusted comment, and verifies that minisign -V reports the comment signature verified and the trusted comment line round-trips into the .minisig file.
minisign -G writes keys to explicit -p and -s paths Port / libsodium / usage-minisign-keygen-explicit-paths Passed
Runs minisign -G -W with a passwordless keypair into nested -p and -s file paths inside a tmpdir, asserts both files were created at exactly the requested locations (and not next to a default location), that the public key file is a two-line text file whose second line is base64 of plausible length, and that the secret key file's untrusted comment header begins with the documented "untrusted comment:" prefix.
minisign prehashed sign and verify Port / libsodium / usage-minisign-prehashed-sign-verify Passed
Generates a passwordless minisign keypair, signs a payload in prehashed mode (-H), and verifies the resulting signature.
minisign public key base64 payload decodes to 42 bytes Port / libsodium / usage-minisign-pubkey-base64-decode-batch12 Passed
Generates a passwordless minisign keypair, extracts the second non-comment line of the public key file and base64-decodes it, asserts the decoded blob is exactly 42 bytes long (2-byte signature_algorithm + 8-byte key_id + 32-byte Ed25519 public key) and that its first two bytes are the ASCII signature algorithm tag "Ed".
minisign public key format Port / libsodium / usage-minisign-pubkey-format Passed
Generates a passwordless minisign keypair and verifies the public key file carries the minisign public key comment marker.
minisign signs and verifies three independent files Port / libsodium / usage-minisign-r10-multifile-sign-verify Passed
Generates a passwordless minisign keypair, signs three distinct payload files in separate invocations, verifies each signature against the public key, and asserts the three .minisig files have distinct contents (different signatures even though they share a key).
minisign signs and verifies a zero-byte payload Port / libsodium / usage-minisign-r11-empty-payload-sign-verify Passed
Generates a passwordless minisign keypair, signs an empty file with the legacy non-prehashed mode, and asserts the resulting .minisig verifies cleanly under the matching public key — confirming minisign accepts zero-length input as a valid message.
minisign -t pins the trusted comment text and survives verification Port / libsodium / usage-minisign-r11-trusted-comment-stable-across-runs Passed
Generates a passwordless minisign keypair, signs a payload twice with the same explicit -t trusted comment string, asserts both .minisig files contain the trusted comment line verbatim, and verifies that minisign -V -o prints the trusted comment to stdout from a successful verification.
minisign -h help output advertises the -S sign verb Port / libsodium / usage-minisign-r12-help-flag-mentions-sign Passed
Runs minisign -h capturing combined stdout and stderr, asserts the exit status is non-failing or the help text was emitted, and verifies the output mentions the -S sign verb so the CLI surface area is intact.
minisign -G writes both public and secret key files with non-empty content Port / libsodium / usage-minisign-r12-keypair-files-exist-and-nonempty Passed
Generates a passwordless minisign keypair into explicit paths under a tmpdir and asserts both the public and secret key files exist with non-zero size and the public key file declares the standard untrusted comment header.
minisign signs with distinct trusted and untrusted comments preserved through verify Port / libsodium / usage-minisign-r13-trusted-vs-untrusted-comment Passed
Generates a keypair, signs a payload with separate -c and -t comments, asserts both labels appear in the .minisig metadata, and asserts the trusted comment surfaces in the verify output.
minisign -V verifies the original payload and rejects a modified payload Port / libsodium / usage-minisign-r13-verify-payload-modified-fails Passed
Generates a passwordless minisign keypair, signs a payload, asserts -V verify succeeds against the unmodified file, then mutates the payload and asserts -V exits non-zero against the tampered file.
minisign -V rejects a .minisig whose signature blob has been tampered Port / libsodium / usage-minisign-r14-tampered-signature-line-fails Passed
Generates a passwordless minisign keypair, signs a payload, asserts -V verify succeeds against the original .minisig, then flips the first character of the base64 signature blob inside the .minisig file and asserts -V exits non-zero against the tampered signature file (payload itself unchanged).
minisign -h help banner advertises -V verify and -S sign flags Port / libsodium / usage-minisign-r15-help-mentions-verify Passed
Runs minisign -h (help) under LC_ALL=C, captures stdout+stderr, and asserts the banner output contains the literal -V (verify) and -S (sign) flag tokens — exercising minisign's libsodium-linked CLI startup and option dispatcher banner.
minisign -G writes a public key file whose second line is a base64-only blob Port / libsodium / usage-minisign-r15-pubkey-second-line-base64 Passed
Generates a passwordless minisign keypair, asserts the resulting public-key file has exactly two non-empty lines, asserts line 1 begins with 'untrusted comment:' (minisign banner), asserts line 2 contains only base64 alphabet characters (A-Z a-z 0-9 + / =) and is between 50 and 80 characters long — exercising minisign's libsodium-backed Ed25519 keygen and pubkey serialization.
minisign -G -W writes both public and secret key files into specified paths Port / libsodium / usage-minisign-r16-keygen-creates-both-key-files Passed
Runs minisign -G -W with explicit -p and -s paths under a temporary directory, asserts both files exist, are regular files, are non-empty, that the public key file begins with the "untrusted comment" banner and the secret key file likewise begins with the banner identifying it as a minisign encrypted secret key block.
minisign signs a fresh payload with -S and verifies it with -V using a generated keypair Port / libsodium / usage-minisign-r16-sign-verify-message-roundtrip Passed
Generates a passwordless minisign keypair, writes a fixed payload, signs it with minisign -S producing a .minisig file, asserts the signature file exists and is non-empty, then verifies with minisign -V against the public key and asserts the verifier exits 0 and emits the canonical "Signature and comment signature verified" line.
minisign -V rejects a signature taken from a different payload as invalid Port / libsodium / usage-minisign-r17-bad-signature-rejected Passed
Generates a passwordless minisign keypair, signs payload A, then runs minisign -V against payload B using A's signature file copied alongside payload B, and asserts the verifier exits with non-zero status because the signature does not match the modified payload, confirming libsodium signature failure surfacing.
minisign -h emits a usage block that mentions key generation and verification Port / libsodium / usage-minisign-r17-help-emits-usage Passed
Invokes "minisign -h" capturing both stdout and stderr, asserts the combined output contains "Usage:" and mentions both "-G" (key generation) and "-V" (verify), confirming the CLI's help banner is intact and documents the libsodium-backed signature subcommands.
minisign -H prehashed sign produces a signature that verifies under the same pubkey Port / libsodium / usage-minisign-r18-prehashed-sign-verify-roundtrip Passed
Generates a passwordless keypair, signs a payload with the prehashed (-H) algorithm and writes the signature to a file, asserts the signature file is non-empty, then verifies the signature with minisign -V against the original payload and the matching public key, asserting verify returns exit zero.
minisign signature file structure has untrusted comment, sig blob, trusted comment, and global sig Port / libsodium / usage-minisign-r19-sig-file-four-lines Passed
Generates a passwordless keypair, signs a payload, and asserts the resulting .minisig file has exactly four content lines: line 1 begins with "untrusted comment:", line 2 is a non-empty base64 blob, line 3 begins with "trusted comment:", and line 4 is a non-empty base64 blob, confirming minisign's documented signature container layout.
minisign -V -q on a valid signature suppresses the trusted-comment banner on stdout Port / libsodium / usage-minisign-r19-verify-quiet-suppresses-banner Passed
Signs a payload, then runs minisign -V -q against the matching pubkey and asserts the verifier exits zero, captures stdout, and asserts stdout does NOT contain the strings "Signature and comment signature verified" or "Trusted comment:", confirming -q (quiet) silences the human-readable success banner while still returning success.
minisign signature line2 base64 blob decodes to >= 64 bytes containing the algorithm prefix Port / libsodium / usage-minisign-r20-sig-blob-algo-prefix-ed Passed
Generates a passwordless keypair and signs a payload, base64-decodes line 2 of the resulting .minisig file with python3 base64, asserts the decoded blob length is at least 64 bytes (signature algorithm tag + Ed25519 signature material), and asserts the first two bytes are the ASCII pair "ED" (prehashed Ed25519 signature algorithm tag, which is the minisign default on Ubuntu 24.04), confirming libsodium-backed minisign sig payload structure.
Two minisign -G keygens produce distinct base64 public keys Port / libsodium / usage-minisign-r20-two-keygens-produce-distinct-pubkeys Passed
Runs minisign -G -W (passwordless) twice into separate output paths, reads the second line of each pubkey file, and asserts the two base64 public-key blobs differ byte-for-byte, confirming libsodium-backed key generation produces fresh entropy on each invocation.
minisign -G generates a keypair, -S signs a payload, -V verifies via -p public-key-file Port / libsodium / usage-minisign-r21-generate-sign-verify-stdin-payload Passed
Generates a passwordless minisign keypair with -G -W, writes a payload file, signs it with -S using the secret key, and verifies it with -V -p public-key-file, asserting the verify command exits zero and emits the documented success banner over a libsodium-Ed25519-backed round-trip.
minisign -v prints a banner containing the word minisign Port / libsodium / usage-minisign-r21-version-banner-mentions-minisign Passed
Invokes minisign -v, captures stdout/stderr, and asserts the combined output contains the literal string "minisign", confirming the libsodium-backed CLI announces its identity on the version flag.
minisign signs and verifies a binary blob Port / libsodium / usage-minisign-r9-binary-input-roundtrip Passed
Generates a passwordless minisign keypair, signs a binary file containing arbitrary bytes, and verifies the signature with the corresponding public key.
minisign -h surfaces usage banner Port / libsodium / usage-minisign-r9-help-flag Passed
minisign signs and verifies Port / libsodium / usage-minisign-sign-verify Passed
minisign -V rejects signature with a stripped trusted_comment Port / libsodium / usage-minisign-stripped-trusted-comment-fails Passed
Signs a payload with minisign using -t to embed a custom trusted_comment, confirms the genuine .minisig file verifies and that the trusted comment is exposed by -Vm output, then constructs a mutated .minisig with the trusted_comment line and its global comment-signature line removed and asserts minisign -V exits non-zero on it. minisign's two-signature design covers both the message and the trusted comment, so any edit to the trusted_comment must cause verification to fail rather than produce a partial pass.
minisign trusted comment Port / libsodium / usage-minisign-trusted-comment Passed
minisign -S -c writes the untrusted comment to the .minisig Port / libsodium / usage-minisign-untrusted-comment Passed
Generates a passwordless keypair, signs a payload with -S -c "<untrusted text>", and asserts that the resulting .minisig file's first line carries the documented "untrusted comment:" header followed by the supplied text. Confirms libsodium-backed minisign honours the -c override for the unsigned (untrusted) comment field.
minisign -V on a tampered file fails Port / libsodium / usage-minisign-verify-mismatch-fails Passed
Generates a passwordless minisign keypair, signs the genuine file, and asserts that minisign -V exits non-zero when invoked against a tampered copy of the file (same .minisig, different bytes), and that the verifier's stderr output mentions a verification failure rather than a successful banner.
minisign -V quiet mode emits no banner on success Port / libsodium / usage-minisign-verify-quiet-output Passed
Generates a passwordless minisign keypair, signs a payload, and runs verify with -q (quiet) asserting the verifier exits zero and produces no banner output, while a non-quiet verify on the same artifacts emits the standard "Signature and comment signature verified" banner.
minisign -v reports a version banner Port / libsodium / usage-minisign-version-flag Passed
Invokes "minisign -v" and asserts the output begins with the documented "minisign" banner and contains a version-like dotted token, confirming the libsodium-linked minisign binary advertises its version on the help/usage path.
PHP sodium_crypto_kdf_derive_from_key produces distinct subkeys per id Port / libsodium / usage-php83-r10-crypto-kdf-derive Passed
Generates a master key with sodium_crypto_kdf_keygen, derives two 32-byte subkeys with sodium_crypto_kdf_derive_from_key under the same context but different subkey ids, and asserts the two subkeys differ while a re-derivation with the same id reproduces the same bytes.
PHP sodium_crypto_secretstream rekey continues a stream Port / libsodium / usage-php83-r10-secretstream-rekey Passed
Pushes two messages through sodium_crypto_secretstream_xchacha20poly1305_push, calls sodium_crypto_secretstream_xchacha20poly1305_rekey on both push and pull state between them, and asserts the pull side recovers both plaintexts in order with the matching tags.
PHP sodium_crypto_generichash with a key changes the digest deterministically Port / libsodium / usage-php83-r11-crypto-generichash-keyed-blake2b Passed
Computes sodium_crypto_generichash digests of the same payload with no key, an all-0x11 key, and an all-0x22 key, asserts each variant is deterministic and exactly 32 bytes, and asserts the three digests are pairwise distinct, confirming the optional key argument flows into the Blake2b state.
PHP sodium_crypto_shorthash is deterministic per key and key-sensitive Port / libsodium / usage-php83-r11-crypto-shorthash-keyed Passed
Computes sodium_crypto_shorthash on the same input with two distinct 16-byte keys, asserts the same key reproduces the identical 8-byte SipHash digest, and asserts a different key produces a different digest, exercising the keyed shorthash primitive.
PHP sodium_crypto_box round-trips with explicit keypair handles Port / libsodium / usage-php83-r12-crypto-box-keypair-roundtrip Passed
Generates two sodium_crypto_box keypairs, derives the public/secret components, encrypts a payload from sender to receiver with a deterministic 24-byte nonce, decrypts it back, and asserts the recovered plaintext matches the original.
PHP sodium_crypto_sign_detached produces verifiable Ed25519 signature Port / libsodium / usage-php83-r12-crypto-sign-detached-verify Passed
Builds a sign keypair from a fixed 32-byte seed, computes a detached Ed25519 signature over a fixed payload, asserts the signature length is SODIUM_CRYPTO_SIGN_BYTES, and verifies the signature against the corresponding public key.
PHP sodium_crypto_aead_xchacha20poly1305_ietf encrypt/decrypt round-trips with AAD Port / libsodium / usage-php83-r13-aead-xchacha20poly1305-roundtrip Passed
Encrypts a payload with sodium_crypto_aead_xchacha20poly1305_ietf_encrypt under a fixed 32-byte key, 24-byte nonce, and explicit additional-data string, decrypts it back, and asserts the recovered plaintext matches the original.
PHP sodium_crypto_secretbox_open returns false for ciphertext under the wrong key Port / libsodium / usage-php83-r13-secretbox-open-invalid-returns-false Passed
Encrypts a payload with sodium_crypto_secretbox under one 32-byte key, attempts to decrypt with a different 32-byte key, asserts the call returns boolean false, then confirms the original key recovers the plaintext.
PHP sodium_crypto_kdf_derive_from_key derives distinct subkeys per integer id Port / libsodium / usage-php83-r14-kdf-derive-distinct-subkeys Passed
Generates a master key with sodium_crypto_kdf_keygen, derives two 32-byte subkeys with subkey ids 1 and 2 under the same context string, asserts each subkey has the requested length, asserts the two subkeys differ, and asserts that re-deriving subkey id 1 reproduces the same bytes (deterministic for fixed inputs).
PHP sodium_crypto_pwhash_str_verify accepts the matching password and rejects a wrong one Port / libsodium / usage-php83-r14-pwhash-str-verify-rejects-wrong Passed
Hashes a password with sodium_crypto_pwhash_str at INTERACTIVE ops/mem limits, asserts the resulting hash is a non-empty string starting with $argon2id$, calls sodium_crypto_pwhash_str_verify which must return true for the matching password and false for a different password.
PHP sodium_crypto_generichash with explicit length 32 returns a deterministic 32-byte digest Port / libsodium / usage-php83-r15-generichash-explicit-length-32 Passed
Calls sodium_crypto_generichash on a fixed payload with an explicit length argument of 32, asserts the result is a 32-byte string, asserts a second call on the same input yields byte-identical output (deterministic), and asserts changing the input changes the digest — exercising PHP's libsodium BLAKE2b binding.
PHP sodium_crypto_secretbox with the same key but different nonces yields distinct ciphertexts Port / libsodium / usage-php83-r15-secretbox-different-nonces-distinct-ct Passed
Encrypts the same plaintext twice with sodium_crypto_secretbox under a fixed 32-byte key but two distinct 24-byte nonces, asserts both ciphertexts are exactly len(plaintext)+SODIUM_CRYPTO_SECRETBOX_MACBYTES (16) long, asserts the two ciphertexts differ, and asserts each one decrypts under its matching nonce back to the original plaintext.
PHP sodium_bin2hex and sodium_hex2bin roundtrip a 32-byte binary payload Port / libsodium / usage-php83-r16-bin2hex-hex2bin-roundtrip Passed
Generates 32 random bytes via random_bytes, encodes them with sodium_bin2hex, asserts the hex string is 64 lowercase characters, decodes via sodium_hex2bin and asserts the recovered bytes equal the original byte-for-byte.
PHP sodium_crypto_box_keypair produces a 64-byte keypair split into 32-byte halves Port / libsodium / usage-php83-r16-crypto-box-keypair-length Passed
Calls sodium_crypto_box_keypair, asserts the concatenated keypair is exactly SODIUM_CRYPTO_BOX_KEYPAIRBYTES (64) bytes, extracts the secret and public halves using sodium_crypto_box_secretkey and sodium_crypto_box_publickey, asserts each half is 32 bytes and the two halves differ.
PHP sodium_compare returns 0 for equal buffers and -1/+1 for ordered different buffers Port / libsodium / usage-php83-r17-sodium-compare-equal-vs-different Passed
Constructs three equal-length 16-byte buffers (one zero, one one-greater, one one-less), asserts sodium_compare returns 0 for equal buffers, a negative integer when the left is smaller, and a positive integer when the left is larger, exercising libsodium's sodium_compare wrapper.
PHP sodium_pad followed by sodium_unpad restores the original buffer Port / libsodium / usage-php83-r17-sodium-pad-unpad-symmetric Passed
Builds a 13-byte payload, pads to a 16-byte block boundary with sodium_pad, asserts the padded length is a positive multiple of 16 strictly greater than 13, then calls sodium_unpad with the same block size and asserts the recovered buffer equals the original payload byte-for-byte.
PHP sodium_crypto_aead_chacha20poly1305_ietf_encrypt ciphertext is plaintext+16 bytes Port / libsodium / usage-php83-r18-crypto-aead-chacha20poly1305-ietf-tag-length Passed
Encrypts a fixed payload via sodium_crypto_aead_chacha20poly1305_ietf_encrypt under a random 32-byte key, 12-byte IETF nonce, and fixed AAD, asserts the ciphertext length equals plaintext length + SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_ABYTES (16) and that decryption with the same key/nonce/aad returns the original plaintext byte-for-byte.
PHP sodium_crypto_generichash with distinct keys produces distinct outputs for the same message Port / libsodium / usage-php83-r18-generichash-distinct-keys-distinct-outputs Passed
Computes sodium_crypto_generichash(msg, key) for a fixed payload under two independently generated 32-byte keys using the default 32-byte digest length, asserts both outputs are 32-byte binary strings, asserts the two outputs differ from each other, and asserts a third call with the first key reproduces the first output (keyed determinism).
PHP sodium_crypto_box_seal encrypts to a recipient pubkey and box_seal_open recovers plaintext Port / libsodium / usage-php83-r19-box-seal-open-roundtrip Passed
Generates a recipient sodium_crypto_box_keypair, encrypts a fixed payload with sodium_crypto_box_seal using only the recipient public key, asserts the sealed ciphertext length equals plaintext + SODIUM_CRYPTO_BOX_SEALBYTES (48), then calls sodium_crypto_box_seal_open with the full recipient keypair and asserts the recovered plaintext equals the original byte-for-byte.
PHP sodium_crypto_kx_keypair components are 32-byte public and 32-byte secret keys Port / libsodium / usage-php83-r19-kx-keypair-sizes-32 Passed
Calls sodium_crypto_kx_keypair() then sodium_crypto_kx_publickey() and sodium_crypto_kx_secretkey() on the result, asserts both are binary strings of exactly SODIUM_CRYPTO_KX_PUBLICKEYBYTES (32) and SODIUM_CRYPTO_KX_SECRETKEYBYTES (32) bytes respectively, and asserts the combined kx_keypair raw value has length SODIUM_CRYPTO_KX_KEYPAIRBYTES (64), exercising the libsodium kx key extraction surface.
PHP sodium_increment carries from a 0xff low byte into the next byte Port / libsodium / usage-php83-r20-increment-overflows-low-byte-to-next Passed
Builds a little-endian 4-byte buffer "\xff\x00\x00\x00", calls sodium_increment, and asserts the resulting bytes are "\x00\x01\x00\x00", confirming libsodium-backed multi-byte little-endian counter increments correctly propagate carry across byte boundaries.
PHP sodium_crypto_shorthash_keygen returns 16-byte keys and two calls produce distinct keys Port / libsodium / usage-php83-r20-shorthash-keygen-length-and-distinct Passed
Calls sodium_crypto_shorthash_keygen twice in the same PHP process, asserts each return value has strlen equal to SODIUM_CRYPTO_SHORTHASH_KEYBYTES (16), and asserts the two keys are not equal byte-for-byte, confirming libsodium-backed SipHash key generation is correctly sized and consumes fresh randomness on each invocation.
PHP sodium_crypto_aead_xchacha20poly1305_ietf_encrypt/_decrypt round-trips message with AAD Port / libsodium / usage-php83-r21-crypto-aead-xchacha20poly1305-ietf-roundtrip Passed
Generates a 32-byte key and 24-byte nonce, calls sodium_crypto_aead_xchacha20poly1305_ietf_encrypt with non-empty additional data, then decrypts with sodium_crypto_aead_xchacha20poly1305_ietf_decrypt and asserts the decrypted plaintext equals the original, exercising libsodium's IETF XChaCha20-Poly1305 AEAD path.
PHP sodium_memzero wipes a string variable so subsequent reads see an empty value Port / libsodium / usage-php83-r21-sodium-memzero-clears-buffer Passed
Allocates a 32-byte random buffer, asserts strlen 32 with some non-NUL byte, then calls sodium_memzero by reference and asserts the variable is now an empty string (strlen 0), confirming libsodium's secure-erase primitive surfaced via the PHP sodium extension destructively zeroes the buffer.
PHP sodium_crypto_secretbox tampered ciphertext rejected Port / libsodium / usage-php83-r9-secretbox-tampered-fails Passed
Encrypts a payload with sodium_crypto_secretbox, mutates the ciphertext, and verifies sodium_crypto_secretbox_open returns false on the tampered input.
PHP sodium detached sign roundtrip Port / libsodium / usage-php83-r9-sign-detached-roundtrip Passed
Generates an Ed25519 keypair via sodium_crypto_sign_keypair, signs a message with sodium_crypto_sign_detached, and verifies the signature against the public key.
PHP sodium add carry Port / libsodium / usage-php83-sodium-add-carry Passed
Adds little-endian counters with PHP sodium_add and verifies that carry propagation updates the next byte.
PHP sodium add Port / libsodium / usage-php83-sodium-add Passed
Adds two little-endian counters with PHP sodium_add and verifies the resulting counter byte value.
PHP sodium AEGIS-256 AEAD capability-gated roundtrip Port / libsodium / usage-php83-sodium-aead-aegis-256-capability Passed
Probes whether PHP's sodium extension exposes sodium_crypto_aead_aegis256_encrypt and the matching SODIUM_CRYPTO_AEAD_AEGIS256_* constants on this build of libsodium; when present, encrypts and decrypts a fixed payload under a fixed 32-byte key, 32-byte nonce, and AAD, asserts the ciphertext is exactly len(plaintext)+ABYTES and decrypts back to the original, and that altering the AAD fails decryption with a false return; when absent (older libsodium), prints a skip marker and succeeds.
PHP sodium ChaCha20-Poly1305-IETF rejects tampered ciphertext Port / libsodium / usage-php83-sodium-aead-chacha20poly1305-ietf-tampered Passed
Encrypts a payload with sodium_crypto_aead_chacha20poly1305_ietf_encrypt under a fixed key, nonce, and AAD, then flips a byte inside the ciphertext body (not the tag) and asserts sodium_crypto_aead_chacha20poly1305_ietf_decrypt returns false. Repeats the check with a corrupted Poly1305 tag byte and a wrong key, confirming AEAD authentication catches each failure mode.
PHP sodium ChaCha20-Poly1305-IETF AEAD encrypt and decrypt Port / libsodium / usage-php83-sodium-aead-chacha20poly1305-ietf Passed
Encrypts a fixed payload with sodium_crypto_aead_chacha20poly1305_ietf_encrypt under a deterministic key, nonce, and associated data, decrypts with sodium_crypto_aead_chacha20poly1305_ietf_decrypt, and asserts the recovered plaintext matches and that decryption fails when the AAD is tampered.
PHP sodium XChaCha20-Poly1305-IETF AEAD deterministic KAT Port / libsodium / usage-php83-sodium-aead-xchacha20poly1305-ietf Passed
Encrypts a fixed payload with sodium_crypto_aead_xchacha20poly1305_ietf_encrypt under a deterministic 32-byte key, 24-byte nonce, and AAD; asserts ciphertext length is plaintext + ABYTES, that the same inputs produce the same ciphertext, that decryption recovers the original plaintext, and that decryption with a flipped AAD returns false.
PHP sodium AEAD Port / libsodium / usage-php83-sodium-aead Passed
PHP sodium auth verify Port / libsodium / usage-php83-sodium-auth-verify Passed
Computes and verifies a message authentication code with PHP sodium and confirms verification succeeds.
PHP sodium base64 round trip Port / libsodium / usage-php83-sodium-base64-roundtrip Passed
PHP sodium base64 urlsafe Port / libsodium / usage-php83-sodium-base64-urlsafe Passed
PHP sodium bin2hex roundtrip Port / libsodium / usage-php83-sodium-bin2hex-roundtrip Passed
Converts binary data to hex and back with PHP sodium helpers and verifies the restored payload bytes.
PHP sodium public box Port / libsodium / usage-php83-sodium-box Passed
PHP sodium compare hex to bin Port / libsodium / usage-php83-sodium-compare-hex2bin Passed
PHP sodium crypto_box_seal with separate seal/open keys Port / libsodium / usage-php83-sodium-crypto-box-detached Passed
Drives sodium_crypto_box_seal to produce an anonymous-sender ciphertext for a recipient curve25519 keypair, asserts the ciphertext is exactly plaintext + SODIUM_CRYPTO_BOX_SEALBYTES, that sodium_crypto_box_seal_open with a sodium_crypto_box_keypair_from_secretkey_and_publickey-built keypair recovers the plaintext, and that opening with a wrong recipient secret key returns false. Uses sodium_crypto_box_publickey/secretkey accessors to split and recombine the keypair.
PHP sodium crypto_box_seal one-way anonymous encryption Port / libsodium / usage-php83-sodium-crypto-box-seal Passed
Generates a recipient curve25519 keypair, encrypts a plaintext with sodium_crypto_box_seal using only the recipient public key, asserts the sealed ciphertext is exactly plaintext + SODIUM_CRYPTO_BOX_SEALBYTES long, opens it with sodium_crypto_box_seal_open using the recipient keypair, and asserts that opening with a different unrelated keypair returns false.
PHP sodium crypto_stream_xchacha20 keystream length Port / libsodium / usage-php83-sodium-crypto-stream-keygen Passed
Generates a 32-byte XChaCha20 key with sodium_crypto_stream_xchacha20_keygen, derives a 64-byte keystream with sodium_crypto_stream_xchacha20 under a 24-byte nonce, asserts the keystream length matches the requested size and is non-zero, and confirms re-running with the same key+nonce produces the same keystream while changing the nonce yields a different keystream. Exercises PHP's stream cipher binding without authentication.
PHP sodium generichash empty-input known-answer Port / libsodium / usage-php83-sodium-generichash-empty-kat Passed
Computes sodium_crypto_generichash('') with the default 32-byte output and asserts the lowercase hex digest exactly matches the canonical libsodium / BLAKE2b-256 empty-input known-answer vector.
php83 sodium generichash length Port / libsodium / usage-php83-sodium-generichash-length Passed
Computes a generic hash through PHP sodium_crypto_generichash and verifies the digest matches the GENERICHASH_BYTES constant.
PHP sodium generichash state Port / libsodium / usage-php83-sodium-generichash-state Passed
PHP sodium generichash Port / libsodium / usage-php83-sodium-generichash Passed
PHP sodium hex round trip Port / libsodium / usage-php83-sodium-hex-roundtrip Passed
Encodes and decodes bytes through PHP sodium hexadecimal helpers and verifies the original payload returns intact.
PHP sodium_increment, sodium_compare, sodium_pad Port / libsodium / usage-php83-sodium-increment-batch12 Passed
Drives sodium_increment to roll a 16-byte little-endian counter from 0xFF over to 0x100, uses sodium_compare to order three nonces in lexical-LE form, and round-trips a payload through sodium_pad/sodium_unpad against a fixed block size to verify the padding plumbing in php-sodium.
PHP sodium increment Port / libsodium / usage-php83-sodium-increment Passed
PHP sodium KDF Port / libsodium / usage-php83-sodium-kdf Passed
PHP sodium keyed generichash Port / libsodium / usage-php83-sodium-keyed-generichash Passed
Computes keyed generic hashes with PHP sodium and verifies distinct inputs produce different outputs.
PHP sodium kx keypair secretkey/publickey accessors Port / libsodium / usage-php83-sodium-kx-keypair-accessors Passed
Generates a key-exchange keypair with sodium_crypto_kx_keypair, extracts the secret half via sodium_crypto_kx_secretkey and the public half via sodium_crypto_kx_publickey, asserts each component has the documented 32-byte length and the documented total keypair size, that the accessor outputs are stable for a given keypair, and that the secret and public halves differ.
PHP sodium key exchange Port / libsodium / usage-php83-sodium-kx Passed
PHP sodium memcmp Port / libsodium / usage-php83-sodium-memcmp Passed
PHP sodium pad and unpad Port / libsodium / usage-php83-sodium-pad-unpad Passed
Pads and unpads a payload with PHP sodium and verifies the unpadded text matches the original bytes.
PHP sodium password hash Port / libsodium / usage-php83-sodium-pwhash Passed
PHP sodium random bytes size Port / libsodium / usage-php83-sodium-randombytes-size Passed
PHP sodium scalarmult base Port / libsodium / usage-php83-sodium-scalarmult-base Passed
Derives a Curve25519 public point from a random scalar with PHP sodium and verifies the output length.
php83 sodium secretbox roundtrip Port / libsodium / usage-php83-sodium-secretbox-detached-roundtrip Passed
Encrypts a payload with sodium_crypto_secretbox in PHP and verifies the open call decrypts back to the original message.
PHP sodium secretbox round trip Port / libsodium / usage-php83-sodium-secretbox-roundtrip Passed
PHP sodium_crypto_secretbox_open returns false for wrong key Port / libsodium / usage-php83-sodium-secretbox-wrong-key-fails Passed
Encrypts a payload with sodium_crypto_secretbox under a fixed key and nonce, asserts sodium_crypto_secretbox_open recovers the plaintext exactly under the correct key, and asserts open returns boolean false (rather than throwing or silently returning corrupted bytes) when called with a different 32-byte key. Also asserts open returns false when the ciphertext is mutated by a single byte under the correct key.
PHP sodium secretbox Port / libsodium / usage-php83-sodium-secretbox Passed
PHP sodium secretstream xchacha20poly1305 push/pull Port / libsodium / usage-php83-sodium-secretstream-push-pull Passed
Drives sodium_crypto_secretstream_xchacha20poly1305_init_push and init_pull through three messages with intermediate MESSAGE tags and a final FINAL tag, asserts the header is exactly SODIUM_CRYPTO_SECRETSTREAM_XCHACHA20POLY1305_HEADERBYTES, every chunk decrypts byte-for-byte, and the last observed tag equals FINAL.
PHP sodium_crypto_shorthash determinism KAT Port / libsodium / usage-php83-sodium-shorthash-deterministic-kat Passed
Computes sodium_crypto_shorthash on a fixed message with an all-zero 16-byte SipHash key, asserts the output is exactly SODIUM_CRYPTO_SHORTHASH_BYTES (8) bytes, that two calls with identical inputs produce identical bytes, and that changing one byte of the message produces a different digest.
php83 sodium shorthash length Port / libsodium / usage-php83-sodium-shorthash-length Passed
Calls PHP sodium_crypto_shorthash with a 16 byte key and verifies the SHORTHASH_BYTES output length.
PHP sodium shorthash Port / libsodium / usage-php83-sodium-shorthash Passed
PHP sodium detached sign verify Port / libsodium / usage-php83-sodium-sign-detached-verify Passed
PHP sodium detached signatures Port / libsodium / usage-php83-sodium-sign-detached Passed
php83 sodium sign keypair bytes Port / libsodium / usage-php83-sodium-sign-keypair-bytes Passed
Generates a sign keypair through PHP sodium_crypto_sign_keypair and verifies the buffer length matches the KEYPAIRBYTES constant.
PHP sodium sign open Port / libsodium / usage-php83-sodium-sign-open Passed
PHP sodium sign public key from secret key Port / libsodium / usage-php83-sodium-sign-publickey-from-secretkey Passed
Derives a signing public key from a PHP libsodium secret key and verifies it matches the public key already stored in the keypair.
PHP sodium sign seed keypair Port / libsodium / usage-php83-sodium-sign-seed-keypair Passed
PHP sodium stream xor Port / libsodium / usage-php83-sodium-stream-xor Passed
Encrypts and decrypts a short payload with PHP sodium stream-xor APIs and verifies round-trip parity.
PHP sodium stream zero xor Port / libsodium / usage-php83-sodium-stream-zero-xor Passed
Generates a PHP libsodium keystream and verifies it matches sodium_crypto_stream_xor applied to an all-zero plaintext buffer.
PHP sodium_increment modular addition wraps at 2**128 Port / libsodium / usage-php83-sodium-sub-batch12 Passed
Calls sodium_increment on three 16-byte little-endian counter shapes and asserts the documented modular arithmetic invariants: 0xff..ff + 1 wraps to all-zero, (0x00,0x01)+1 advances the low byte without carry, and (0xff,0x00)+1 propagates the carry into the second byte. (PHP 8.3 on noble does not expose sodium_sub; sodium_increment exercises the same little-endian mod 2**128 surface.)
PyNaCl crypto_aead_aes256gcm capability-gated KAT Port / libsodium / usage-python3-nacl-aead-aes256gcm-capability Passed
Probes nacl.bindings.crypto_aead_aes256gcm_is_available; when libsodium reports hardware support, encrypts and decrypts a fixed message with a fixed key, nonce, and AAD and asserts the ciphertext is exactly len(message)+16 bytes and decrypts back to the original; when unsupported, succeeds without exercising the primitive.
PyNaCl ChaCha20-Poly1305-IETF AEAD deterministic KAT Port / libsodium / usage-python3-nacl-aead-chacha20-ietf-kat Passed
Encrypts a fixed payload with nacl.bindings.crypto_aead_chacha20poly1305_ietf_encrypt under a deterministic 32-byte key, 12-byte nonce, and AAD; asserts the ciphertext length is plaintext+ABYTES, that decryption recovers the plaintext exactly, and that decryption with a flipped AAD raises a CryptoError.
PyNaCl XChaCha AEAD roundtrip Port / libsodium / usage-python3-nacl-aead-xchacha-roundtrip-batch11 Passed
PyNaCl Base32Encoder encode/decode roundtrip Port / libsodium / usage-python3-nacl-base32-encoder-roundtrip Passed
Encodes a fixed byte string with nacl.encoding.Base32Encoder and asserts the encoded form matches the canonical RFC 4648 base32 KAT, then decodes it back through the same encoder and asserts the bytes match the original.
PyNaCl base64 signature Port / libsodium / usage-python3-nacl-base64-signature Passed
PyNaCl ChaCha20-Poly1305-IETF AEAD round-trip Port / libsodium / usage-python3-nacl-bindings-aead-chacha20poly1305-ietf-roundtrip-batch12 Passed
Encrypts a fixed payload with a 32-byte key, 12-byte IETF nonce, and AAD via nacl.bindings.crypto_aead_chacha20poly1305_ietf_encrypt, asserts the ciphertext length is plaintext + ABYTES, decrypts back to the original, and confirms a wrong AAD raises a verification error.
PyNaCl binding constant sizes Port / libsodium / usage-python3-nacl-bindings-constant-sizes-batch11 Passed
PyNaCl bindings crypto_box sender/recipient roundtrip Port / libsodium / usage-python3-nacl-bindings-crypto-box-sender-recipient Passed
Generates two libsodium curve25519 keypairs through nacl.bindings.crypto_box_keypair, encrypts a payload with crypto_box(sender_sk, recipient_pk) under a 24-byte nonce, decrypts it on the recipient side with crypto_box_open(recipient_sk, sender_pk), and asserts the plaintext is recovered exactly. Then flips a ciphertext byte and confirms decryption raises through the binding-level CryptoError rather than silently returning corrupted plaintext.
PyNaCl crypto_pwhash argon2id at MIN ops/mem limits Port / libsodium / usage-python3-nacl-bindings-pwhash-argon2id Passed
Calls the low-level nacl.bindings.crypto_pwhash entry point with the argon2id algorithm constant, the documented MIN ops/mem limits, and a fixed 16-byte salt, asserts the derived key has the requested 32-byte length, that the same inputs reproduce the same key, and that swapping the password yields a different key.
PyNaCl bindings scalarmult_base derived public key Port / libsodium / usage-python3-nacl-bindings-scalarmult-base-batch12 Passed
Calls nacl.bindings.crypto_scalarmult_base on a fixed 32-byte private scalar to derive a Curve25519 public key, asserts the output is exactly crypto_scalarmult_BYTES (32) long and matches the value derived independently by nacl.public.PrivateKey(scalar).public_key.encode(), proving the low-level binding agrees with the high-level wrapper.
PyNaCl bindings crypto_secretbox round-trip Port / libsodium / usage-python3-nacl-bindings-secretbox-easy Passed
Uses the low-level nacl.bindings.crypto_secretbox and crypto_secretbox_open entry points (PyNaCl 1.5.0 does not export the *_easy aliases; the bare names already use the easy/combined API) with a fixed 32-byte key and 24-byte nonce, asserts the ciphertext is exactly len(plaintext) + crypto_secretbox_MACBYTES, decrypts back to the original plaintext, and confirms that flipping a ciphertext byte makes crypto_secretbox_open raise a CryptoError rather than return corrupted data.
PyNaCl crypto_shorthash siphash24 deterministic output Port / libsodium / usage-python3-nacl-bindings-shorthash-siphash-batch12 Passed
Invokes nacl.bindings.crypto_shorthash on a fixed message with a fixed 16-byte SipHash-2-4 key, asserts the output is exactly crypto_shorthash_BYTES (8) long, that the same inputs produce the same digest, that swapping the key changes the digest, and that swapping the message changes the digest.
PyNaCl bindings.sodium_increment little-endian carry Port / libsodium / usage-python3-nacl-bindings-sodium-increment Passed
Calls nacl.bindings.sodium_increment on a 16-byte little-endian counter starting at 0xff..ff in the low byte to assert the carry propagates and the function returns the buffer untouched in length, and runs a second increment from all-zero to confirm the result is exactly 0x01 followed by zeros.
PyNaCl keyed BLAKE2b length Port / libsodium / usage-python3-nacl-blake2b-keyed-length-batch11 Passed
python3 nacl blake2b personalised Port / libsodium / usage-python3-nacl-blake2b-personal Passed
Computes a personalised BLAKE2b digest twice through PyNaCl and verifies the personalisation argument produces a stable digest.
python3-nacl blake2b raw digest Port / libsodium / usage-python3-nacl-blake2b-raw-digest Passed
PyNaCl BLAKE2b hash Port / libsodium / usage-python3-nacl-blake2b Passed
PyNaCl public box round trip Port / libsodium / usage-python3-nacl-box-roundtrip Passed
Encrypts and decrypts a message through a PyNaCl public-key Box and verifies the plaintext round-trips.
PyNaCl crypto_kx client/server session keys symmetry Port / libsodium / usage-python3-nacl-crypto-kx-session-keys Passed
Builds two libsodium kx keypairs through nacl.bindings.crypto_kx_keypair, derives client and server session keys with crypto_kx_client_session_keys and crypto_kx_server_session_keys, and asserts the sizes match crypto_kx_SESSIONKEYBYTES and that client_rx == server_tx and client_tx == server_rx.
PyNaCl detached verify Port / libsodium / usage-python3-nacl-detached-verify Passed
Signs a message with PyNaCl, verifies the detached signature, and confirms the original plaintext is returned.
PyNaCl nacl.encoding.Base16Encoder roundtrip Port / libsodium / usage-python3-nacl-encoding-base16 Passed
Hashes a fixed input with nacl.hash.sha256 using Base16Encoder, asserts the encoded digest is the documented 64-character uppercase hex string for the FIPS 180-4 "abc" SHA-256 test vector, and round-trips the digest through Base16Encoder.decode back to the raw 32-byte digest produced with RawEncoder. Exercises PyNaCl's Base16Encoder against a libsodium-backed hash output.
PyNaCl generichash digest length at MIN and MAX boundaries Port / libsodium / usage-python3-nacl-generichash-bytes-bounds Passed
Reads nacl.bindings.crypto_generichash_BYTES_MIN, crypto_generichash_BYTES, and crypto_generichash_BYTES_MAX, asserts the libsodium documented values (16, 32, 64), and exercises crypto_generichash on the MIN, default, and MAX digest lengths against a fixed message and a fixed key, asserting each output has the requested length and that the same inputs are deterministic.
PyNaCl hex encoder roundtrip Port / libsodium / usage-python3-nacl-hex-encoder-roundtrip-batch11 Passed
PyNaCl hex public key Port / libsodium / usage-python3-nacl-hex-public-key Passed
PyNaCl Box Alice-to-Bob encrypt and Bob-side decrypt Port / libsodium / usage-python3-nacl-public-box-alice-bob Passed
Constructs two PyNaCl PrivateKeys from deterministic raw seeds, encrypts a payload with Box(alice_sk, bob_pk), decrypts on Bob's side with Box(bob_sk, alice_pk), and asserts the recovered plaintext matches exactly.
PyNaCl public Box wrong key failure Port / libsodium / usage-python3-nacl-public-box-wrong-key-fails-batch11 Passed
python3-nacl public box round trip Port / libsodium / usage-python3-nacl-public-box Passed
PyNaCl public key bytes Port / libsodium / usage-python3-nacl-public-key-bytes Passed
PyNaCl public key hex construct Port / libsodium / usage-python3-nacl-public-key-hex-construct-batch11 Passed
python3 nacl public key hex Port / libsodium / usage-python3-nacl-public-key-hex-roundtrip Passed
Encodes a PyNaCl public key with the HexEncoder and verifies the 64-character hex representation.
PyNaCl password hash string Port / libsodium / usage-python3-nacl-pwhash-str-roundtrip-batch11 Passed
PyNaCl password hash verify Port / libsodium / usage-python3-nacl-pwhash-verify Passed
PyNaCl password hash Port / libsodium / usage-python3-nacl-pwhash Passed
PyNaCl Box.shared_key is symmetric across both peers Port / libsodium / usage-python3-nacl-r10-box-shared-key-symmetric Passed
Constructs nacl.public.Box on both Alice and Bob using their PrivateKey/PublicKey pairs, calls Box.shared_key() on each side, and asserts the 32-byte raw secrets are byte-identical (Curve25519 ECDH symmetry).
PyNaCl randombytes_buf_deterministic is stable for a fixed seed Port / libsodium / usage-python3-nacl-r10-randombytes-deterministic Passed
Calls nacl.bindings.randombytes_buf_deterministic with a fixed 32-byte seed twice and asserts both 64-byte outputs are byte-identical, then asserts a different seed produces a different stream.
PyNaCl VerifyKey roundtrips through Base32Encoder Port / libsodium / usage-python3-nacl-r10-verify-key-base32-roundtrip Passed
Generates an Ed25519 SigningKey, exports its VerifyKey via nacl.encoding.Base32Encoder, reconstructs the VerifyKey from the encoded form, and asserts the reconstructed key verifies a signature produced by the original SigningKey.
PyNaCl AEAD XChaCha20-Poly1305 IETF roundtrip with associated data Port / libsodium / usage-python3-nacl-r11-aead-xchacha20poly1305-roundtrip Passed
Encrypts a payload with nacl.bindings.crypto_aead_xchacha20poly1305_ietf_encrypt under a 32-byte key, 24-byte nonce, and explicit associated data, then decrypts the ciphertext back to the original plaintext and asserts that flipping a single byte of the ciphertext produces a CryptoError on decrypt.
PyNaCl pwhash.argon2id.str then verify accepts and rejects passwords Port / libsodium / usage-python3-nacl-r11-pwhash-argon2id-verify Passed
Hashes a password with nacl.pwhash.argon2id.str at INTERACTIVE limits, asserts the resulting hash starts with the $argon2id$ prefix, verifies that the same password is accepted by nacl.pwhash.verify, and asserts a wrong password raises InvalidkeyError.
PyNaCl public Box round-trips between two keypairs Port / libsodium / usage-python3-nacl-r12-public-box-roundtrip Passed
Generates two PrivateKey instances, builds Box objects in both directions, encrypts a payload with a fixed 24-byte nonce from sender to receiver, decrypts on the receiver side back to the original plaintext, and asserts the ciphertext differs from the input.
PyNaCl SecretBox round-trips a payload under a fixed key and nonce Port / libsodium / usage-python3-nacl-r12-secretbox-roundtrip Passed
Encrypts a payload with nacl.secret.SecretBox using a deterministic 32-byte key and 24-byte nonce, asserts the ciphertext differs from plaintext, decrypts it back to the original, and verifies a flipped byte triggers nacl.exceptions.CryptoError on decrypt.
PyNaCl SigningKey produces a verifiable Ed25519 detached signature Port / libsodium / usage-python3-nacl-r12-signing-detached Passed
Creates a SigningKey from a fixed 32-byte seed, signs a payload, asserts the signature length is 64 bytes, verifies the signature with the matching VerifyKey, and confirms a tampered signature triggers BadSignatureError on verify.
PyNaCl SigningKey.sign produces a SignedMessage whose VerifyKey.verify recovers the message Port / libsodium / usage-python3-nacl-r13-ed25519-sign-attached-verify Passed
Builds a SigningKey from a fixed 32-byte seed, signs a payload to produce a SignedMessage with sig and message attributes, asserts the signature length is 64 bytes, verifies via VerifyKey.verify(SignedMessage), and confirms a flipped-byte signature raises BadSignatureError.
PyNaCl PrivateKey.encode/decode round-trips bytes through the hex encoder Port / libsodium / usage-python3-nacl-r13-private-key-hex-encode-decode Passed
Generates a PyNaCl PrivateKey, encodes it via HexEncoder, reconstructs a second PrivateKey from the hex string with the same encoder, and asserts both objects expose identical raw bytes and produce the same public key.
PyNaCl Box.encrypt with random nonces yields distinct ciphertexts that both decrypt Port / libsodium / usage-python3-nacl-r14-box-random-nonce-distinct-ct Passed
Generates two PrivateKey instances, builds Box objects in both directions, encrypts the same plaintext twice without supplying a nonce so the binding selects a fresh random nonce each time, asserts the two ciphertexts differ, and asserts both decrypt back to the identical original plaintext on the receiver side.
PyNaCl pwhash.argon2i.str hashes a password and verifies against the matching plaintext Port / libsodium / usage-python3-nacl-r14-pwhash-argon2i-str-verify Passed
Hashes a password with nacl.pwhash.argon2i.str at INTERACTIVE limits, asserts the resulting hash starts with the $argon2i$ prefix, calls nacl.pwhash.verify which must return True for the matching password, and asserts a different password raises InvalidkeyError.
PyNaCl URLSafeBase64Encoder round-trips a VerifyKey through encode and reconstruction Port / libsodium / usage-python3-nacl-r14-urlsafe-base64-verify-key-roundtrip Passed
Builds a SigningKey from a fixed seed, encodes its VerifyKey with URLSafeBase64Encoder, asserts the encoded form is bytes containing only URL-safe base64 characters, reconstructs a VerifyKey from the encoded form via the same encoder, and asserts the reconstructed key bytes match the original.
PyNaCl bindings crypto_kx_seed_keypair derives a deterministic keypair from a fixed seed Port / libsodium / usage-python3-nacl-r15-kx-seed-keypair-deterministic Passed
Calls nacl.bindings.crypto_kx_seed_keypair twice on the same fixed 32-byte seed, asserts both runs return identical (public, secret) pairs of the documented sizes (crypto_kx_PUBLIC_KEY_BYTES and crypto_kx_SECRET_KEY_BYTES), then calls again with a different seed and asserts both the public and secret keys differ — exercising libsodium's seeded X25519 keypair derivation through PyNaCl's low-level binding.
PyNaCl SigningKey round-trips through Base32Encoder back to identical bytes Port / libsodium / usage-python3-nacl-r15-signing-key-base32-roundtrip Passed
Builds a SigningKey from a fixed 32-byte seed, encodes it with Base32Encoder, asserts the encoded form is upper-case Base32 alphabet (A-Z 2-7) only with optional '=' padding, reconstructs the SigningKey from the encoded form via the same encoder, and asserts the reconstructed key signs a fixed message to a byte-identical detached signature against the original.
PyNaCl nacl.pwhash.argon2id.kdf derives a 16-byte key from a fixed password and salt Port / libsodium / usage-python3-nacl-r16-argon2id-kdf-16-byte-output Passed
Calls nacl.pwhash.argon2id.kdf with a 16-byte output size, the documented OPSLIMIT_MIN and MEMLIMIT_MIN parameters, a fixed password and a fixed 16-byte salt, asserts the returned key is exactly 16 bytes, asserts a second call with identical inputs returns an identical key, and asserts a different salt produces a different key.
PyNaCl nacl.hash.blake2b returns a deterministic 32-byte hex digest for a fixed message Port / libsodium / usage-python3-nacl-r16-blake2b-vector-32-byte-digest Passed
Computes nacl.hash.blake2b twice over the same payload with digest_size=32 and the HexEncoder, asserts the output is a 64-character hex string identical across the two calls, and asserts that a different payload yields a different digest, exercising libsodium's BLAKE2b binding.
PyNaCl nacl.bindings AEAD XChaCha20-Poly1305 round-trips a payload with AAD Port / libsodium / usage-python3-nacl-r17-aead-encrypt-decrypt-roundtrip Passed
Encrypts a fixed payload with associated data using nacl.bindings.crypto_aead_xchacha20poly1305_ietf_encrypt under a random 32-byte key and 24-byte nonce, asserts the ciphertext length equals plaintext+16 (Poly1305 tag) bytes, decrypts with the matching call and asserts the recovered plaintext equals the original byte-for-byte.
PyNaCl nacl.hash.sha512 returns a 128-character lowercase hex digest by default Port / libsodium / usage-python3-nacl-r18-hash-sha512-hex-length-128 Passed
Calls nacl.hash.sha512(b"") with the default HexEncoder and asserts the output is a 128-character ASCII bytes string containing only [0-9a-f], confirming the libsodium SHA-512 default hex-encoded output shape; also calls sha512 on a non-empty payload and asserts the result differs from the empty-input digest.
PyNaCl SecretBox encrypt and decrypt round-trip a fixed payload with explicit nonce Port / libsodium / usage-python3-nacl-r18-secretbox-easy-construct-roundtrip Passed
Constructs a nacl.secret.SecretBox from a random 32-byte key, encrypts a fixed payload with an explicit 24-byte nonce, asserts the EncryptedMessage's ciphertext length equals plaintext+16 (Poly1305 tag) and that nonce attribute equals the supplied nonce, then decrypts using the SecretBox API and asserts the recovered plaintext equals the original byte-for-byte.
PyNaCl SealedBox ciphertext is exactly plaintext + 48 bytes of overhead Port / libsodium / usage-python3-nacl-r19-sealed-box-overhead-48 Passed
Builds a nacl.public.PrivateKey, derives the public key, constructs a nacl.public.SealedBox over the public key only, encrypts a fixed payload, asserts the ciphertext length equals len(plaintext) + 48 (32-byte ephemeral pubkey + 16-byte Poly1305 tag), then constructs a SealedBox over the PrivateKey and asserts decrypt returns the original plaintext byte-for-byte.
PyNaCl SecretBox EncryptedMessage total length is plaintext + 40 bytes (24 nonce + 16 tag) Port / libsodium / usage-python3-nacl-r19-secretbox-ciphertext-overhead-40 Passed
Encrypts a fixed payload with nacl.secret.SecretBox using an auto-generated nonce, asserts len(EncryptedMessage) == len(plaintext) + 40 (24-byte nonce prefix + 16-byte Poly1305 tag), asserts the ciphertext attribute alone is len(plaintext) + 16, and decrypts via SecretBox(key).decrypt(enc) asserting the recovered plaintext equals the original byte-for-byte.
PyNaCl SigningKey.verify_key.encode returns a 32-byte Ed25519 public key Port / libsodium / usage-python3-nacl-r20-signing-key-verify-key-bytes-length-32 Passed
Generates a random SigningKey, accesses .verify_key.encode(), asserts the result has length 32 (Ed25519 public-key bytes), asserts the SigningKey.encode() seed length is also 32, and asserts re-deriving from the same SigningKey produces an identical 32-byte verify key, confirming libsodium-backed Ed25519 key sizes.
python3-nacl bindings crypto_kx_keypair returns 32-byte public and 32-byte secret keys Port / libsodium / usage-python3-nacl-r21-bindings-crypto-kx-keypair-sizes Passed
Calls nacl.bindings.crypto_kx_keypair() and asserts the returned (pk, sk) tuple has both members of length 32 and that the pair is distinct across two calls, exercising libsodium's crypto_kx key generation primitive.
python3-nacl SecretBox nonce length constant equals 24 and encrypt requires 24-byte nonce Port / libsodium / usage-python3-nacl-r21-secretbox-explicit-24-byte-nonce Passed
Asserts nacl.secret.SecretBox.NONCE_SIZE equals 24 and that encrypting with a freshly generated 24-byte nonce produces a ciphertext that decrypts back to the original plaintext via libsodium XSalsa20-Poly1305.
python3-nacl VerifyKey.verify accepts raw 64-byte signature and message bytes Port / libsodium / usage-python3-nacl-r21-signing-verify-accepts-raw-bytes Passed
Signs a message with SigningKey, calls sign(...).signature to obtain raw 64-byte signature bytes, passes those bytes plus the original message to VerifyKey.verify, and asserts the returned value equals the original message, exercising libsodium Ed25519 raw-bytes verification path.
PyNaCl SealedBox roundtrip Port / libsodium / usage-python3-nacl-r9-sealedbox-roundtrip Passed
Generates a Curve25519 PrivateKey, encrypts a payload to its public key with SealedBox, and verifies the original private key decrypts the message.
PyNaCl SecretBox rejects tampered ciphertext Port / libsodium / usage-python3-nacl-r9-secretbox-tampered-fails Passed
Encrypts with PyNaCl SecretBox, mutates a single byte of the ciphertext, and verifies decryption raises CryptoError.
PyNaCl random bytes length Port / libsodium / usage-python3-nacl-random-bytes-length Passed
PyNaCl random size Port / libsodium / usage-python3-nacl-random-size Passed
python3-nacl sealed box empty payload Port / libsodium / usage-python3-nacl-sealed-box-empty Passed
PyNaCl sealed box Port / libsodium / usage-python3-nacl-sealed-box Passed
python3-nacl secretbox base64 Port / libsodium / usage-python3-nacl-secretbox-base64 Passed
PyNaCl SecretBox empty message Port / libsodium / usage-python3-nacl-secretbox-empty-message Passed
Encrypts and decrypts an empty payload with PyNaCl SecretBox and verifies the empty plaintext round trip.
python3 nacl secretbox key size Port / libsodium / usage-python3-nacl-secretbox-key-size Passed
PyNaCl secretbox memoryview Port / libsodium / usage-python3-nacl-secretbox-memoryview Passed
PyNaCl SecretBox nonce size Port / libsodium / usage-python3-nacl-secretbox-nonce-size Passed
Encrypts data with PyNaCl SecretBox and verifies the generated nonce uses the expected libsodium size.
PyNaCl explicit nonce Port / libsodium / usage-python3-nacl-secretbox-nonce Passed
PyNaCl random secretbox Port / libsodium / usage-python3-nacl-secretbox-random Passed
PyNaCl SecretBox wrong key failure Port / libsodium / usage-python3-nacl-secretbox-wrong-key-fails-batch11 Passed
python3-nacl secretbox Port / libsodium / usage-python3-nacl-secretbox Passed
PyNaCl secretstream xchacha20poly1305 explicit rekey Port / libsodium / usage-python3-nacl-secretstream-rekey-batch12 Passed
Drives the low-level nacl.bindings secretstream xchacha20poly1305 push state through three chunks (MESSAGE, MESSAGE, FINAL) under a fixed 32-byte key with an explicit crypto_secretstream_xchacha20poly1305_rekey call between chunks, then mirrors the same rekey calls on the pull side and asserts every chunk decrypts back to the original plaintext and that the final tag equals TAG_FINAL.
PyNaCl secretstream xchacha20poly1305 roundtrip Port / libsodium / usage-python3-nacl-secretstream-roundtrip Passed
Drives a multi-message crypto_secretstream_xchacha20poly1305 push/pull pair through PyNaCl bindings and asserts every chunk decrypts and the FINAL tag is observed.
PyNaCl seeded signing deterministic Port / libsodium / usage-python3-nacl-seeded-signing-deterministic-batch11 Passed
PyNaCl SHA-256 digest Port / libsodium / usage-python3-nacl-sha256 Passed
PyNaCl SHA512 digest hex Port / libsodium / usage-python3-nacl-sha512-digest-hex Passed
PyNaCl SHA512 hash Port / libsodium / usage-python3-nacl-sha512 Passed
PyNaCl sign hex Port / libsodium / usage-python3-nacl-sign-hex Passed
PyNaCl signing key from secret bytes Port / libsodium / usage-python3-nacl-sign-publickey-from-secretkey Passed
Reconstructs a PyNaCl signing key from raw secret-key bytes and verifies the restored key can produce a signature accepted by the original verify key.
PyNaCl seeded signing key Port / libsodium / usage-python3-nacl-sign-seeded Passed
PyNaCl sign verify hex Port / libsodium / usage-python3-nacl-sign-verify-hex Passed
Signs and verifies a payload with hex encoding through PyNaCl and verifies the restored plaintext.
PyNaCl signature tamper failure Port / libsodium / usage-python3-nacl-signature-tamper-fails-batch11 Passed
PyNaCl SignedMessage attached signature roundtrip Port / libsodium / usage-python3-nacl-signed-message-roundtrip Passed
Signs a message with nacl.signing.SigningKey.sign, asserts the returned object is a nacl.signing.SignedMessage with the expected .message and 64-byte .signature attributes, that bytes(signed) is exactly signature || message (the libsodium attached-signature wire format), and that VerifyKey.verify accepts the attached form bytes(signed) and returns the original message bytes.
python3 nacl deterministic signing Port / libsodium / usage-python3-nacl-signing-deterministic Passed
Signs the same payload twice from a fixed seed through PyNaCl SigningKey and verifies the deterministic Ed25519 signatures match.
PyNaCl SigningKey from hex seed verified via hex VerifyKey Port / libsodium / usage-python3-nacl-signing-from-hex-seed Passed
Builds a PyNaCl SigningKey from a fixed hex-encoded seed, signs a known message, exports the verify key as hex, reconstructs a VerifyKey from that hex, and asserts the signature verifies for the original message and fails for a tampered one.
python3-nacl signing key bytes Port / libsodium / usage-python3-nacl-signing-key-bytes Passed
python3-nacl signing Port / libsodium / usage-python3-nacl-signing Passed
PyNaCl URLSafeBase64Encoder roundtrip with KAT Port / libsodium / usage-python3-nacl-urlsafe-base64-encoder-roundtrip Passed
Encodes a fixed byte string with nacl.encoding.URLSafeBase64Encoder, asserts the output uses the URL-safe alphabet (no '+' or '/' characters and uses '-' and '_' for the appropriate inputs), decodes it back through the same encoder and asserts byte-for-byte equality with the original, and confirms a 32-byte payload round-trips at the expected encoded length.
PyNaCl URLSafeBase64Encoder VerifyKey roundtrip Port / libsodium / usage-python3-nacl-urlsafe-base64-verify-key Passed
Builds a SigningKey from a deterministic 32-byte seed, encodes its VerifyKey with nacl.encoding.URLSafeBase64Encoder, asserts the encoded form is URL-safe (no '+' or '/' characters) and decodes back to the same 32 raw bytes via VerifyKey reconstruction, and that the reconstructed key verifies a signature produced by the original signing key.
PyNaCl nacl.utils.random produces distinct buffers across calls Port / libsodium / usage-python3-nacl-utils-random-distinct Passed
Calls nacl.utils.random(32) five times and asserts every returned buffer has the requested length and that every pair of buffers is distinct, confirming PyNaCl's libsodium-backed CSPRNG is not stuck on a constant value. The probability of an accidental collision over five 256-bit draws is vanishingly small, so a repeat indicates a real RNG fault.
python3 nacl random 64 bytes Port / libsodium / usage-python3-nacl-utils-random-large Passed
python3-nacl verify key base64 Port / libsodium / usage-python3-nacl-verify-key-base64 Passed
PyNaCl verify key bytes Port / libsodium / usage-python3-nacl-verify-key-bytes Passed
R sodium HMAC-SHA512-256 auth roundtrip Port / libsodium / usage-r-cran-sodium-auth-roundtrip Passed
Generates a 32-byte secret key, computes an HMAC-SHA512-256 tag with sodium::data_tag using a fixed key, and asserts the tag length is 32 bytes and is deterministic for the same input but changes when either the message or the key changes.
R sodium bin2hex/hex2bin roundtrip across keygen output Port / libsodium / usage-r-cran-sodium-bin2hex-roundtrip Passed
Generates a curve25519 secret key with sodium::keygen, encodes it via sodium::bin2hex, asserts the encoded form has length 64 and matches lowercase hex, and asserts hex2bin decodes back to the exact original raw bytes.
R sodium data_encrypt round-trip and tamper detection Port / libsodium / usage-r-cran-sodium-data-encrypt-aad Passed
Encrypts a payload with sodium::data_encrypt under fixed key and nonce, asserts the ciphertext length is plaintext + 16 (Poly1305 tag) and that data_decrypt recovers the plaintext exactly, then flips a ciphertext byte and confirms data_decrypt raises an authentication error rather than silently returning the corrupted plaintext.
R sodium data_encrypt round-trip Port / libsodium / usage-r-cran-sodium-data-encrypt-roundtrip Passed
Encrypts a payload with sodium::data_encrypt under a fixed key and nonce, then decrypts and asserts the recovered bytes match the original.
R sodium Curve25519 Diffie-Hellman shared secret Port / libsodium / usage-r-cran-sodium-diffie-hellman-batch12 Passed
Generates two Curve25519 keypairs with sodium::keygen + sodium::pubkey, computes the Diffie-Hellman shared secret in both directions with sodium::diffie_hellman, asserts each side derives an identical 32-byte raw shared secret, and that an unrelated third secret key produces a different shared secret with the first public key.
R sodium hashes data Port / libsodium / usage-r-cran-sodium-hash Passed
R sodium hex2bin rejects invalid hex input Port / libsodium / usage-r-cran-sodium-hex2bin-invalid-input Passed
Calls sodium::hex2bin on inputs that violate the hex grammar (odd-length string, character outside [0-9a-fA-F]) and asserts that hex2bin either raises an error or returns a value that is clearly not the round-trip of a valid encoding, while a valid 64-character hex string still decodes to exactly 32 raw bytes that bin2hex re-encodes to the same lowercase hex.
R sodium::keygen produces distinct keys across calls Port / libsodium / usage-r-cran-sodium-keygen-distinct Passed
Calls sodium::keygen() five times, asserts each result is a 32-byte raw vector, that every pair of generated keys is distinct, and that each derived public key (sodium::pubkey) is also 32 bytes and differs from its corresponding secret key. Confirms r-cran-sodium's libsodium-backed CSPRNG produces independent X25519 secret keys on repeat invocations rather than reusing a stuck value.
R sodium keygen produces 32-byte key Port / libsodium / usage-r-cran-sodium-keygen-length Passed
Calls sodium::keygen and sodium::pubkey to confirm secret/public key byte lengths match the libsodium curve25519 constants.
R sodium password_store and password_verify roundtrip Port / libsodium / usage-r-cran-sodium-password-store-verify Passed
Stores a password hash with sodium::password_store and asserts password_verify accepts the original password and rejects a different one.
R sodium scrypt KDF deterministic for fixed salt and password Port / libsodium / usage-r-cran-sodium-pwhash-deterministic Passed
Derives a fixed-size key with sodium::scrypt from a UTF-8 password and 32-byte salt, asserts the digest length matches the requested size, that re-running with identical inputs produces byte-identical output (deterministic scrypt KDF), and that altering either the password or the salt produces a different digest. Exercises the password-derived KDF path that R sodium exposes through libsodium.
r-cran-sodium sha512 matches a known-answer vector Port / libsodium / usage-r-cran-sodium-r10-sha512-kat Passed
Calls sodium::sha512 on the canonical "abc" test vector and asserts the resulting 64-byte raw digest matches the FIPS 180-4 SHA-512("abc") known-answer in hex form, then asserts the empty-input digest matches its standard known-answer.
r-cran-sodium data_encrypt and data_decrypt round-trip a payload Port / libsodium / usage-r-cran-sodium-r11-data-encrypt-roundtrip Passed
Encrypts a binary payload with sodium::data_encrypt under a 32-byte key and 24-byte nonce, decrypts the resulting ciphertext back to the original bytes, and asserts that flipping a single byte of the ciphertext makes data_decrypt error out — exercising the secretbox-style authenticated encryption wrapper.
r-cran-sodium sha256 returns a 32-byte digest for a known input Port / libsodium / usage-r-cran-sodium-r12-sha256-hash-length Passed
Hashes a fixed ASCII payload via sodium::sha256, asserts the digest is a 32-byte raw vector, hashes the same input again and asserts the two digests are byte-identical (deterministic), and asserts a different payload yields a different digest.
r-cran-sodium hash() with explicit size returns a digest of that length Port / libsodium / usage-r-cran-sodium-r13-hash-blake2b-length Passed
Hashes a fixed payload with sodium::hash(size=32) and sodium::hash(size=64), asserts each returned raw vector has the requested length, and asserts re-hashing the same input yields byte-identical output (deterministic).
r-cran-sodium password_verify accepts the original password and rejects a near-miss Port / libsodium / usage-r-cran-sodium-r13-password-verify-rejects-wrong Passed
Stores a hash with sodium::password_store, asserts password_verify returns TRUE for the original password, returns FALSE for a single-character variant, and returns FALSE for an empty string.
r-cran-sodium sig_keygen produces distinct ed25519 keys across calls Port / libsodium / usage-r-cran-sodium-r14-sig-keygen-distinct Passed
Calls sodium::sig_keygen() five times, asserts each result is a 64-byte raw vector (libsodium expanded ed25519 secret key), asserts every pair of generated keys is distinct, and asserts each derived sig_pubkey is a distinct 32-byte public key.
r-cran-sodium data_tag returns distinct 32-byte tags under distinct keys for the same message Port / libsodium / usage-r-cran-sodium-r15-data-tag-distinct-keys-distinct-tags Passed
Computes data_tag over a fixed message under three distinct 32-byte keys, asserts each tag is a 32-byte raw vector, asserts pairwise tag inequality across the three keys, and asserts re-computing data_tag with the first key yields a byte-identical tag (determinism) — exercising r-cran-sodium's libsodium-backed HMAC-SHA512-256.
r-cran-sodium data_encrypt then data_decrypt recovers a fixed payload under a 24-byte nonce Port / libsodium / usage-r-cran-sodium-r16-data-encrypt-decrypt-roundtrip-distinct-nonce Passed
Encrypts a fixed message with sodium::data_encrypt under a 32-byte key and a 24-byte nonce, asserts the ciphertext is exactly plaintext-length plus 16 bytes (Poly1305 MAC), decrypts via sodium::data_decrypt and asserts the recovered raw vector equals the original message bytes.
r-cran-sodium sha256 followed by bin2hex returns 64 lowercase hex characters Port / libsodium / usage-r-cran-sodium-r16-sha256-hex-length-64 Passed
Hashes a fixed message with sodium::sha256, asserts the resulting raw vector is 32 bytes, converts to hex via sodium::bin2hex and asserts the hex string is exactly 64 characters of [0-9a-f], and asserts re-hashing the same message yields the identical hex digest.
r-cran-sodium keygen returns a 32-byte raw vector for secret key material Port / libsodium / usage-r-cran-sodium-r17-keygen-length-32 Passed
Calls sodium::keygen() twice, asserts each result is a raw vector of length exactly 32 (libsodium-derived symmetric key length), asserts the two keys differ (RNG sanity), and asserts a third call still yields a 32-byte raw vector distinct from both prior keys.
r-cran-sodium random(48) returns 48-byte raw vector and is non-deterministic Port / libsodium / usage-r-cran-sodium-r17-random-length-48 Passed
Calls sodium::random(48) twice, asserts each result is a raw vector of length exactly 48 (libsodium randombytes_buf path), and asserts the two raw vectors differ (RNG sanity); additionally asserts random(1) returns a single-byte raw vector.
r-cran-sodium data_tag is deterministic for identical message and key inputs Port / libsodium / usage-r-cran-sodium-r18-data-tag-deterministic-same-inputs Passed
Generates a 32-byte key, computes sodium::data_tag(msg, key) twice on the same byte vector with the same key, and asserts both outputs are raw vectors of length 32 (libsodium generichash default) and identical byte-for-byte, then computes data_tag with a fresh key and asserts the result is a 32-byte raw vector that differs from the original tag.
r-cran-sodium sig_keygen + sig_sign + sig_verify accept a valid Ed25519 signature Port / libsodium / usage-r-cran-sodium-r18-sig-keygen-roundtrip-verify Passed
Calls sodium::sig_keygen() to obtain an Ed25519 secret key, derives the public key with sig_pubkey(), signs a raw byte vector via sig_sign, asserts the signature is a 64-byte raw vector, then calls sig_verify with the public key and asserts the function returns TRUE for the untampered payload.
r-cran-sodium sig_keygen produces 64-byte private key with derivable 32-byte public key Port / libsodium / usage-r-cran-sodium-r19-sig-keygen-lengths Passed
Calls sodium::sig_keygen() to produce an Ed25519 private key, asserts it is a raw vector of length 64 (libsodium concatenated seed+publickey layout), calls sodium::sig_pubkey(priv) and asserts the derived public key is a raw vector of length 32, and asserts a second sig_keygen() call yields a private key of length 64 that differs from the first.
r-cran-sodium bin2hex on an empty raw vector returns an empty character Port / libsodium / usage-r-cran-sodium-r20-bin2hex-empty-string Passed
Calls sodium::bin2hex(raw(0)) in R, asserts the return is a character of nchar 0, then calls sodium::hex2bin on an empty hex string and asserts the result is a raw of length 0, confirming libsodium-backed hex encoding correctly handles the zero-length boundary.
r-cran-sodium diffie_hellman derives identical shared secret from both sides Port / libsodium / usage-r-cran-sodium-r21-scalar-multiplication-roundtrip Passed
Generates two keygen secret keys and their corresponding pubkey() public keys, computes diffie_hellman(alice_sk, bob_pk) and diffie_hellman(bob_sk, alice_pk), and asserts both 32-byte shared-secret raw vectors are byte-for-byte identical, exercising libsodium's curve25519 scalar multiplication.
r-cran-sodium bin2hex length doubles Port / libsodium / usage-r-cran-sodium-r9-bin2hex-length Passed
Calls sodium::bin2hex on a 32-byte random buffer and verifies the resulting hex string has length 64 and matches a hex regex.
R sodium random() returns requested byte counts Port / libsodium / usage-r-cran-sodium-random-length Passed
Calls sodium::random with several sizes (16, 24, 32, 64) and asserts each result is a raw vector of the exact requested length and that two independent calls of size 32 produce different bytes (probabilistic but the collision space is 2^256).
R sodium SHA-256 known-answer Port / libsodium / usage-r-cran-sodium-sha256-kat Passed
Computes sodium::sha256 of the canonical "abc" input and asserts the hex digest matches the FIPS 180-4 known-answer vector.
R sodium ed25519 sign and sig_verify Port / libsodium / usage-r-cran-sodium-sig-verify Passed
Generates an ed25519 signing key with sodium::sig_keygen, signs a binary payload with sodium::sig, and asserts sig_verify accepts the signature with the matching public key (sig_pubkey) and rejects it for a tampered message.
RbNaCl Argon2 password hash and digest length Port / libsodium / usage-ruby-rbnacl-argon2-pwhash Passed
Derives an Argon2 hash via RbNaCl::PasswordHash.argon2 at moderate ops/mem limits, asserts the requested output digest length, and confirms the digest is deterministic for the same salt and password but changes when the password is altered.
RbNaCl Argon2 password hash deterministic and salt-sensitive Port / libsodium / usage-ruby-rbnacl-argon2-tampered-fails Passed
Produces Argon2 password-hash strings via RbNaCl::PasswordHash.argon2 at interactive limits, asserts the hash has the expected fixed digest length, that hashing the same password with the same 16-byte salt and parameters is deterministic, and that hashing the same password with a different salt yields a different digest.
RbNaCl OneTimeAuth Poly1305 authenticate and verify Port / libsodium / usage-ruby-rbnacl-auth-onetime Passed
Authenticates a fixed message with RbNaCl::OneTimeAuths::Poly1305 under a 32-byte key, asserts the produced tag is exactly 16 bytes, that verify accepts the matching tag, that a tampered tag raises BadAuthenticatorError, and that a different key also rejects the tag.
RbNaCl BLAKE2b digest of empty input Port / libsodium / usage-ruby-rbnacl-blake2b-empty-input Passed
Computes RbNaCl::Hash.blake2b on an empty string at the default 64-byte digest length and asserts the output length and that it matches the BLAKE2b-512 known answer for the empty message (786a02f742015903... as documented in RFC 7693 Appendix A and the upstream BLAKE2 reference).
RbNaCl keyed BLAKE2b digest length Port / libsodium / usage-ruby-rbnacl-blake2b-keyed-length Passed
Derives a keyed BLAKE2b digest at a non-default 48-byte length and asserts the output length and that swapping the key changes the digest.
RbNaCl Box Curve25519XSalsa20Poly1305 Alice-to-Bob roundtrip Port / libsodium / usage-ruby-rbnacl-box-alice-bob Passed
Builds Alice and Bob curve25519 keypairs from deterministic seeds via RbNaCl::PrivateKey.new, encrypts a payload with RbNaCl::Box on Alice's side, decrypts on Bob's side, and asserts the recovered plaintext matches.
RbNaCl Ed25519 SigningKey from seed is deterministic Port / libsodium / usage-ruby-rbnacl-ed25519-from-seed-deterministic Passed
Constructs two RbNaCl::Signatures::Ed25519::SigningKey instances from the same fixed 32-byte seed and a third from a different seed, asserts that signatures over the same message match for the matching seeds and differ for the distinct seed, that the verify keys round-trip via to_bytes, and that the corresponding VerifyKey accepts the signature for the original message and rejects a tampered message.
RbNaCl Ed25519 sign and verify Port / libsodium / usage-ruby-rbnacl-ed25519-sign-verify Passed
Builds a deterministic Ed25519 signing key from a fixed seed, signs a known message, and verifies the signature with the matching VerifyKey.
RbNaCl HMAC-SHA256 authenticate and verify Port / libsodium / usage-ruby-rbnacl-hmac-sha256-auth-batch12 Passed
Authenticates a fixed message with RbNaCl::HMAC::SHA256 under a 32-byte key, asserts the produced tag is exactly 32 bytes, that verify accepts the matching tag, that a tampered tag raises BadAuthenticatorError, and that a different key also rejects the tag.
RbNaCl Blake2b personal tag changes the digest Port / libsodium / usage-ruby-rbnacl-r10-blake2b-personal-tag Passed
Hashes the same payload with RbNaCl::Hash.blake2b under two different :personal tag strings (and the same key/salt/digest_size) and asserts the resulting digests differ, confirming the personalization parameter is wired through to libsodium.
RbNaCl PrivateKey derives matching PublicKey Port / libsodium / usage-ruby-rbnacl-r10-private-key-derive-public Passed
Generates a Curve25519 PrivateKey via RbNaCl::PrivateKey.generate, reads back its 32-byte public_key bytes, reconstructs a PublicKey from those bytes, and asserts a Box built from the reconstructed peer public key encrypts a message that the original keypair can decrypt.
RbNaCl SecretBox raises CryptoError when ciphertext is mutated Port / libsodium / usage-ruby-rbnacl-r11-secretbox-corruption-detected Passed
Encrypts a payload with RbNaCl::SecretBox under a 32-byte key and 24-byte nonce, decrypts the original ciphertext to recover the plaintext, then flips a single byte of the ciphertext and asserts that the decrypt call raises RbNaCl::CryptoError instead of silently returning forged plaintext.
RbNaCl SigningKey from a fixed seed produces a deterministic Ed25519 key Port / libsodium / usage-ruby-rbnacl-r11-signing-key-from-seed-deterministic Passed
Constructs two RbNaCl::SigningKey instances from the identical 32-byte seed and asserts they share the same verify_key bytes, sign the same message identically, and produce 64-byte signatures that the matching verify_key accepts.
RbNaCl SecretBox decrypt fails when nonce differs from encrypt nonce Port / libsodium / usage-ruby-rbnacl-r12-secretbox-nonce-mismatch-fails Passed
Encrypts a payload with RbNaCl::SecretBox under a 32-byte key and a specific 24-byte nonce, asserts decrypt with the original nonce returns the plaintext, then asserts decrypt with a different nonce raises RbNaCl::CryptoError.
RbNaCl SigningKey produces verifiable Ed25519 detached signature Port / libsodium / usage-ruby-rbnacl-r12-signing-key-detached-sig Passed
Creates an RbNaCl::SigningKey from a fixed seed, signs a payload, asserts the detached signature is exactly 64 bytes, verifies it via the VerifyKey, and asserts a flipped byte raises BadSignatureError.
RbNaCl Hash::Blake2b.digest is deterministic at the requested digest size Port / libsodium / usage-ruby-rbnacl-r13-blake2b-digest-deterministic Passed
Calls RbNaCl::Hash::Blake2b.digest twice on the same payload at digest_size 32, asserts both outputs are byte-identical and 32 bytes long, then asserts a different payload produces a different 32-byte digest.
RbNaCl SimpleBox round-trips a payload and produces distinct ciphertexts under random nonces Port / libsodium / usage-ruby-rbnacl-r13-simplebox-roundtrip-distinct Passed
Builds an RbNaCl::SimpleBox from a 32-byte secret key, encrypts the same payload twice, asserts both ciphertexts decrypt back to the plaintext and that the two ciphertexts differ (random nonce embedded in SimpleBox output).
RbNaCl Box round-trips a payload between two keypairs in both directions Port / libsodium / usage-ruby-rbnacl-r14-box-precompute-roundtrip Passed
Generates two PrivateKey instances, constructs RbNaCl::Box objects for sender->receiver and receiver->sender, encrypts a payload under a fixed 24-byte nonce, asserts the receiver-side Box decrypts back to the original plaintext, and asserts the same Box decrypt with a different nonce raises CryptoError.
RbNaCl HMAC::SHA512 authenticate, verify, and reject tampered tag Port / libsodium / usage-ruby-rbnacl-r14-hmac-sha512-auth-verify Passed
Constructs an RbNaCl::HMAC::SHA512 instance under a 32-byte key, authenticates a fixed message, asserts the produced tag is exactly 64 bytes, asserts verify accepts the matching tag and that flipping a tag byte raises BadAuthenticatorError, and asserts re-authenticating the same input under the same key reproduces the original tag (deterministic).
RbNaCl SecretBox encrypts and decrypts a zero-length message Port / libsodium / usage-ruby-rbnacl-r15-secretbox-empty-message Passed
Builds an RbNaCl::SecretBox from a fixed 32-byte key, encrypts an empty (zero-byte) message under a 24-byte nonce, asserts the resulting ciphertext is exactly 16 bytes (the libsodium crypto_secretbox MAC, with no plaintext bytes), decrypts back and asserts the recovered plaintext is an empty binary string. (RbNaCl 7.x does not expose SecretBox.tag_bytes; the MAC length is fixed at 16.)
RbNaCl SigningKey constructed from a fixed seed yields a deterministic 32-byte verify_key Port / libsodium / usage-ruby-rbnacl-r15-signing-key-from-seed-public-bytes Passed
Builds two RbNaCl::SigningKey instances from the same fixed 32-byte seed, asserts both verify_key values are 32 bytes, asserts they are equal byte-for-byte (deterministic seed -> public key derivation), and asserts a SigningKey from a different seed yields a different verify_key.
RbNaCl Ed25519 SigningKey/VerifyKey sign and verify a known message with a 64-byte signature Port / libsodium / usage-ruby-rbnacl-r16-ed25519-sign-verify-known-message Passed
Generates an Ed25519 SigningKey, signs a fixed message, asserts the detached signature is exactly 64 bytes, verifies the signature against the derived VerifyKey, and asserts that verifying a tampered message raises RbNaCl::BadSignatureError.
RbNaCl::SecretBox roundtrips a payload using KEYBYTES and NONCEBYTES constants Port / libsodium / usage-ruby-rbnacl-r16-secretbox-roundtrip-via-constants Passed
Builds a SecretBox from a 32-byte key sized by RbNaCl::SecretBox::KEYBYTES, encrypts a fixed payload under a nonce sized by RbNaCl::SecretBox::NONCEBYTES, asserts the ciphertext is exactly plaintext-length plus 16 (Poly1305 MAC), decrypts and asserts the recovered plaintext equals the original byte-for-byte.
RbNaCl::Random.random_bytes(64) returns exactly 64 bytes and is non-deterministic Port / libsodium / usage-ruby-rbnacl-r17-random-bytes-length-64 Passed
Calls RbNaCl::Random.random_bytes(64) twice, asserts each result is a String of bytesize exactly 64 (libsodium randombytes_buf path), asserts the two results differ (RNG sanity), and asserts random_bytes(32) returns a 32-byte string distinct from the 64-byte string's first 32 bytes.
RbNaCl::Hash::Blake2b.digest returns a 64-byte default digest and is deterministic Port / libsodium / usage-ruby-rbnacl-r18-blake2b-default-digest-length-64 Passed
Calls RbNaCl::Hash::Blake2b.digest twice on the same fixed input with no extra arguments, asserts both results are 64-byte binary strings (libsodium generichash default), asserts they are byte-for-byte equal (deterministic), then calls digest on a different input and asserts the result is a 64-byte string distinct from the original digest.
RbNaCl::Hash.sha256 returns 32 raw bytes that hex-encode to 64 lowercase hex characters Port / libsodium / usage-ruby-rbnacl-r18-sha256-hex-digest-length-64 Passed
Calls RbNaCl::Hash.sha256 on a fixed ASCII payload, asserts the result is a 32-byte binary String (libsodium SHA-256 length convention), encodes the bytes to lowercase hex via .unpack1("H*"), asserts the hex form is exactly 64 characters of [0-9a-f], and asserts a second call on the same input yields byte-identical output (deterministic).
RbNaCl::SimpleBox encrypt output length equals plaintext + 24-byte nonce + 16-byte tag Port / libsodium / usage-ruby-rbnacl-r19-simplebox-prepends-nonce Passed
Constructs RbNaCl::SimpleBox.from_secret_key with a 32-byte key, encrypts a fixed payload, asserts the returned ciphertext is plaintext.bytesize + 40 bytes long (24 nonce + 16 Poly1305 tag prepended), decrypts the same ciphertext via SimpleBox and asserts the recovered plaintext equals the original byte-for-byte, then asserts a second encrypt of the same plaintext yields a different ciphertext (random nonce).
ruby-rbnacl Blake2b digest_size parameter directly controls output bytesize Port / libsodium / usage-ruby-rbnacl-r20-blake2b-digest-size-controls-output Passed
Computes RbNaCl::Hash.blake2b on a fixed message at digest_size 16 and at digest_size 48, asserts the bytesize of each output equals the requested digest_size (16 and 48 respectively), and asserts the 16-byte digest equals the 16-byte prefix of the same construction's 16-byte run again (determinism check), confirming libsodium-backed Blake2b honours arbitrary digest_size selections.
ruby-rbnacl HMAC-SHA256 with distinct keys yields distinct tags for the same message Port / libsodium / usage-ruby-rbnacl-r20-hmac-sha256-distinct-keys-distinct-tags Passed
Generates two 32-byte HMAC SHA256 keys differing by one byte, authenticates the same message under each, and asserts the two resulting 32-byte tags are byte-wise distinct (and that verify accepts each tag under its own key), confirming libsodium-backed HMAC-SHA256 mixes the key bits into the output.
rbnacl OneTimeAuth.auth and .verify round-trip a 16-byte Poly1305 tag Port / libsodium / usage-ruby-rbnacl-r21-onetime-auth-verify-roundtrip Passed
Creates a 32-byte OneTimeAuth key, calls RbNaCl::OneTimeAuths::Poly1305.auth on a message, asserts the resulting tag is 16 bytes, then verifies it back via .verify and asserts the call returns true, exercising libsodium's crypto_onetimeauth Poly1305 path.
RbNaCl Blake2b derives stable subkey Port / libsodium / usage-ruby-rbnacl-r9-hkdf-derive Passed
Derives a 32-byte subkey twice using RbNaCl::Hash::Blake2b with the same key and salt, and verifies both invocations produce the same digest.
RbNaCl Random.random_bytes length and uniqueness Port / libsodium / usage-ruby-rbnacl-random-bytes-batch12 Passed
Calls RbNaCl::Random.random_bytes for several lengths (0, 1, 32, 1024) and asserts each return value is a binary-encoded String with the requested bytesize, then draws two independent 32-byte samples and asserts they differ (a 1-in-2**256 collision counts as a real bug).
RbNaCl SealedBox anonymous encryption round-trip Port / libsodium / usage-ruby-rbnacl-sealedbox-roundtrip-batch12 Passed
Encrypts a payload to a recipient's Curve25519 public key with RbNaCl::SealedBox.from_public_key, decrypts it back using SealedBox.from_private_key, asserts the recovered plaintext matches the original, that the ciphertext is exactly len(plaintext) + 48 bytes (32-byte ephemeral key + 16-byte Poly1305 tag), and that an unrelated recipient's secret key fails to decrypt the sealed message.
RbNaCl SecretBox key/nonce/MAC byte-length constants Port / libsodium / usage-ruby-rbnacl-secretbox-keygen-bytes Passed
Allocates a fresh RbNaCl::Random.random_bytes secret-box key, constructs an RbNaCl::SecretBox, and asserts SecretBox::KEYBYTES, key_bytes (instance accessor), nonce_bytes, and tag_bytes all match the libsodium XSalsa20-Poly1305 wire constants (32, 24, 16). Then encrypts a known payload and verifies the ciphertext is exactly plaintext_len + tag_bytes long, confirming the underlying crypto_secretbox MAC accounting.
RbNaCl SecretBox encrypts Port / libsodium / usage-ruby-rbnacl-secretbox Passed
RbNaCl SHA-256 known-answer Port / libsodium / usage-ruby-rbnacl-sha256-kat Passed
Hashes the canonical "abc" input with RbNaCl::Hash.sha256 and asserts the digest matches the FIPS 180-4 known-answer vector.
RbNaCl SHA-256 multiple FIPS 180-4 vectors Port / libsodium / usage-ruby-rbnacl-sha256-multi-vector Passed
Hashes a sequence of FIPS 180-4 SHA-256 known-answer inputs through RbNaCl::Hash.sha256 (the empty string, "abc", and the 56-character double-block message) and asserts each hex digest matches the published vector. Also asserts the same input hashed twice produces identical bytes, confirming the libsodium SHA-256 path is stateless and deterministic.
RbNaCl SHA-512 empty-string known-answer Port / libsodium / usage-ruby-rbnacl-sha512-empty-kat Passed
Hashes the empty byte string with RbNaCl::Hash.sha512 and asserts the digest exactly matches the FIPS 180-4 SHA-512("") known-answer vector and is 64 bytes long.
RbNaCl SHA-512 known-answer Port / libsodium / usage-ruby-rbnacl-sha512-kat Passed
Hashes the canonical "abc" input with RbNaCl::Hash.sha512 and asserts the digest matches the FIPS 180-4 known-answer vector.
RbNaCl::SimpleBox produces distinct ciphertexts under a fixed key Port / libsodium / usage-ruby-rbnacl-simplebox-distinct-ciphertexts Passed
Constructs an RbNaCl::SimpleBox from a fixed 32-byte secret key, encrypts the same plaintext four times, and asserts every ciphertext is distinct (because SimpleBox prepends a freshly drawn random nonce) while every ciphertext still decrypts back to the original plaintext. Confirms RbNaCl's libsodium-backed random nonce path yields ciphertext indistinguishability across repeated SimpleBox encryptions of identical inputs.
RbNaCl SimpleBox roundtrip Port / libsodium / usage-ruby-rbnacl-simplebox-roundtrip Passed
Encrypts and decrypts a payload with RbNaCl::SimpleBox via libsodium and asserts the plaintext round-trips exactly.
RbNaCl Util.verify32 constant-time comparison Port / libsodium / usage-ruby-rbnacl-util-verify32 Passed
Exercises the constant-time comparators RbNaCl::Util.verify32 and RbNaCl::Util.verify16 on equal byte strings, on strings differing in the first byte, on strings differing in the last byte, and on inputs of the wrong length, asserting the boolean return for equal/unequal and that wrong-length inputs do not return true.
RbNaCl Util.zeros and Util.bin2hex KAT Port / libsodium / usage-ruby-rbnacl-util-zero-bin2hex Passed
Builds a 32-byte zero buffer with RbNaCl::Util.zeros, asserts its length, content, and hex encoding via RbNaCl::Util.bin2hex, then encodes a known fixed byte sequence and asserts the exact lowercase hex matches the canonical expected string.
CVE-2025-69277 libsodium regression Port / libsodium / cve-2025-69277 Passed
Asserts that crypto_core_ed25519_is_valid_point rejects a low-order Edwards25519 point that is on the curve but not in the prime-order main subgroup, confirming the post-patch Y==Z check is in place.