Rework ChaCha20. Update tests.

Sources/CryptoSwift/ChaCha20.swift

@@ -6,6 +6,8 @@
 //  Copyright (c) 2014 Marcin Krzyzanowski. All rights reserved.
 //
 
+private typealias Key = SecureBytes
+
 public final class ChaCha20: BlockCipher {
 
     public enum Error: Swift.Error {
@@ -13,102 +15,221 @@ public final class ChaCha20: BlockCipher {
     }
 
     public static let blockSize = 64 // 512 / 8
-    fileprivate let context: Context
-
-    fileprivate struct Context {
-        var input = Array<UInt32>(repeating: 0, count: 16)
-
-        init(key: Array<UInt8>, iv: Array<UInt8>) throws {
-            precondition(iv.count >= 8)
-
-            let kbits = key.count * 8
-
-            if (kbits != 128 && kbits != 256) {
-                throw Error.invalidKeyOrInitializationVector
-            }
-
-            // 4 - 8
-            for i in 0 ..< 4 {
-                let start = i * 4
-                input[i + 4] = wordNumber(key[start ..< (start + 4)])
-            }
 
-            var addPos = 0
-            switch (kbits) {
-            case 256:
-                addPos += 16
-                // sigma
-                input[0] = 0x61707865 // apxe
-                input[1] = 0x3320646e // 3 dn
-                input[2] = 0x79622d32 // yb-2
-                input[3] = 0x6b206574 // k et
-            default:
-                // tau
-                input[0] = 0x61707865 // apxe
-                input[1] = 0x3620646e // 6 dn
-                input[2] = 0x79622d31 // yb-1
-                input[3] = 0x6b206574 // k et
-            }
+    fileprivate let key: Key
+    fileprivate var counter: Array<UInt8>
 
-            // 8 - 11
-            for i in 0 ..< 4 {
-                let start = addPos + (i * 4)
+    public init(key: Array<UInt8>, iv nonce: Array<UInt8>) throws {
+        precondition(nonce.count == 12 || nonce.count == 8)
 
-                let bytes = key[start ..< (start + 4)]
-                input[i + 8] = wordNumber(bytes)
-            }
+        let kbits = key.count * 8
 
-            // iv
-            input[12] = 0
-            input[13] = 0
-            input[14] = wordNumber(iv[0 ..< 4])
-            input[15] = wordNumber(iv[4 ..< 8])
+        if (kbits != 128 && kbits != 256) {
+            throw Error.invalidKeyOrInitializationVector
         }
-    }
-
-    public init(key: Array<UInt8>, iv: Array<UInt8>) throws {
-        self.context = try Context(key: key, iv: iv)
-    }
-
-    fileprivate func wordToByte(_ input: Array<UInt32> /* 64 */ ) -> Array<UInt8>? /* 16 */ {
-        precondition(input.count == 16)
 
-        var x = input
+        self.key = Key(bytes: key)
 
-        for _ in 0 ..< 10 {
-            quarterround(&x[0], &x[4], &x[8], &x[12])
-            quarterround(&x[1], &x[5], &x[9], &x[13])
-            quarterround(&x[2], &x[6], &x[10], &x[14])
-            quarterround(&x[3], &x[7], &x[11], &x[15])
-            quarterround(&x[0], &x[5], &x[10], &x[15])
-            quarterround(&x[1], &x[6], &x[11], &x[12])
-            quarterround(&x[2], &x[7], &x[8], &x[13])
-            quarterround(&x[3], &x[4], &x[9], &x[14])
+        if nonce.count == 8 {
+            self.counter = [0,0,0,0,0,0,0,0] + nonce
+        } else {
+            self.counter = [0,0,0,0] + nonce
         }
 
-        var output = Array<UInt8>()
-        output.reserveCapacity(16)
+        assert(self.counter.count == 16)
+    }
 
-        for i in 0 ..< 16 {
-            x[i] = x[i] &+ input[i]
-            output.append(contentsOf: x[i].bytes().reversed())
+    /// https://tools.ietf.org/html/rfc7539#section-2.3.
+    fileprivate func core(block: inout Array<UInt8>, counter: Array<UInt8>, key: Array<UInt8>) {
+        precondition(block.count == ChaCha20.blockSize)
+        precondition(counter.count == 16)
+        precondition(key.count == 32)
+
+        let j0: UInt32 = 0x61707865
+        let j1: UInt32 = 0x3320646e // 0x3620646e sigma/tau
+        let j2: UInt32 = 0x79622d32
+        let j3: UInt32 = 0x6b206574
+        let j4: UInt32 = UInt32(bytes: key[0..<4]).bigEndian
+        let j5: UInt32 = UInt32(bytes: key[4..<8]).bigEndian
+        let j6: UInt32 = UInt32(bytes: key[8..<12]).bigEndian
+        let j7: UInt32 = UInt32(bytes: key[12..<16]).bigEndian
+        let j8: UInt32 = UInt32(bytes: key[16..<20]).bigEndian
+        let j9: UInt32 = UInt32(bytes: key[20..<24]).bigEndian
+        let j10: UInt32 = UInt32(bytes: key[24..<28]).bigEndian
+        let j11: UInt32 = UInt32(bytes: key[28..<32]).bigEndian
+        let j12: UInt32 = UInt32(bytes: counter[0..<4]).bigEndian
+        let j13: UInt32 = UInt32(bytes: counter[4..<8]).bigEndian
+        let j14: UInt32 = UInt32(bytes: counter[8..<12]).bigEndian
+        let j15: UInt32 = UInt32(bytes: counter[12..<16]).bigEndian
+
+        var (x0, x1, x2, x3, x4, x5, x6, x7) = (j0, j1, j2, j3, j4, j5, j6, j7)
+        var (x8, x9, x10, x11, x12, x13, x14, x15) = (j8, j9, j10, j11, j12, j13, j14, j15)
+
+        for _ in 0..<10 { // 20 rounds
+            x0 = x0 &+ x4
+            x12 ^= x0
+            x12 = (x12 << 16) | (x12 >> (16))
+            x8 = x8 &+ x12
+            x4 ^= x8
+            x4 = (x4 << 12) | (x4 >> (20))
+            x0 = x0 &+ x4
+            x12 ^= x0
+            x12 = (x12 << 8) | (x12 >> (24))
+            x8 = x8 &+ x12
+            x4 ^= x8
+            x4 = (x4 << 7) | (x4 >> (25))
+            x1 = x1 &+ x5
+            x13 ^= x1
+            x13 = (x13 << 16) | (x13 >> 16)
+            x9 = x9 &+ x13
+            x5 ^= x9
+            x5 = (x5 << 12) | (x5 >> 20)
+            x1 = x1 &+ x5
+            x13 ^= x1
+            x13 = (x13 << 8) | (x13 >> 24)
+            x9 = x9 &+ x13
+            x5 ^= x9
+            x5 = (x5 << 7) | (x5 >> 25)
+            x2 = x2 &+ x6
+            x14 ^= x2
+            x14 = (x14 << 16) | (x14 >> 16)
+            x10 = x10 &+ x14
+            x6 ^= x10
+            x6 = (x6 << 12) | (x6 >> 20)
+            x2 = x2 &+ x6
+            x14 ^= x2
+            x14 = (x14 << 8) | (x14 >> 24)
+            x10 = x10 &+ x14
+            x6 ^= x10
+            x6 = (x6 << 7) | (x6 >> 25)
+            x3 = x3 &+ x7
+            x15 ^= x3
+            x15 = (x15 << 16) | (x15 >> 16)
+            x11 = x11 &+ x15
+            x7 ^= x11
+            x7 = (x7 << 12) | (x7 >> 20)
+            x3 = x3 &+ x7
+            x15 ^= x3
+            x15 = (x15 << 8) | (x15 >> 24)
+            x11 = x11 &+ x15
+            x7 ^= x11
+            x7 = (x7 << 7) | (x7 >> 25)
+            x0 = x0 &+ x5
+            x15 ^= x0
+            x15 = (x15 << 16) | (x15 >> 16)
+            x10 = x10 &+ x15
+            x5 ^= x10
+            x5 = (x5 << 12) | (x5 >> 20)
+            x0 = x0 &+ x5
+            x15 ^= x0
+            x15 = (x15 << 8) | (x15 >> 24)
+            x10 = x10 &+ x15
+            x5 ^= x10
+            x5 = (x5 << 7) | (x5 >> 25)
+            x1 = x1 &+ x6
+            x12 ^= x1
+            x12 = (x12 << 16) | (x12 >> 16)
+            x11 = x11 &+ x12
+            x6 ^= x11
+            x6 = (x6 << 12) | (x6 >> 20)
+            x1 = x1 &+ x6
+            x12 ^= x1
+            x12 = (x12 << 8) | (x12 >> 24)
+            x11 = x11 &+ x12
+            x6 ^= x11
+            x6 = (x6 << 7) | (x6 >> 25)
+            x2 = x2 &+ x7
+            x13 ^= x2
+            x13 = (x13 << 16) | (x13 >> 16)
+            x8 = x8 &+ x13
+            x7 ^= x8
+            x7 = (x7 << 12) | (x7 >> 20)
+            x2 = x2 &+ x7
+            x13 ^= x2
+            x13 = (x13 << 8) | (x13 >> 24)
+            x8 = x8 &+ x13
+            x7 ^= x8
+            x7 = (x7 << 7) | (x7 >> 25)
+            x3 = x3 &+ x4
+            x14 ^= x3
+            x14 = (x14 << 16) | (x14 >> 16)
+            x9 = x9 &+ x14
+            x4 ^= x9
+            x4 = (x4 << 12) | (x4 >> 20)
+            x3 = x3 &+ x4
+            x14 ^= x3
+            x14 = (x14 << 8) | (x14 >> 24)
+            x9 = x9 &+ x14
+            x4 ^= x9
+            x4 = (x4 << 7) | (x4 >> 25)
         }
 
-        return output
+        x0 = x0 &+ j0
+        x1 = x1 &+ j1
+        x2 = x2 &+ j2
+        x3 = x3 &+ j3
+        x4 = x4 &+ j4
+        x5 = x5 &+ j5
+        x6 = x6 &+ j6
+        x7 = x7 &+ j7
+        x8 = x8 &+ j8
+        x9 = x9 &+ j9
+        x10 = x10 &+ j10
+        x11 = x11 &+ j11
+        x12 = x12 &+ j12
+        x13 = x13 &+ j13
+        x14 = x14 &+ j14
+        x15 = x15 &+ j15
+
+        block.replaceSubrange(0..<4,   with: x0.bigEndian.bytes())
+        block.replaceSubrange(4..<8,   with: x1.bigEndian.bytes())
+        block.replaceSubrange(8..<12,  with: x2.bigEndian.bytes())
+        block.replaceSubrange(12..<16, with: x3.bigEndian.bytes())
+        block.replaceSubrange(16..<20, with: x4.bigEndian.bytes())
+        block.replaceSubrange(20..<24, with: x5.bigEndian.bytes())
+        block.replaceSubrange(24..<28, with: x6.bigEndian.bytes())
+        block.replaceSubrange(28..<32, with: x7.bigEndian.bytes())
+        block.replaceSubrange(32..<36, with: x8.bigEndian.bytes())
+        block.replaceSubrange(36..<40, with: x9.bigEndian.bytes())
+        block.replaceSubrange(40..<44, with: x10.bigEndian.bytes())
+        block.replaceSubrange(44..<48, with: x11.bigEndian.bytes())
+        block.replaceSubrange(48..<52, with: x12.bigEndian.bytes())
+        block.replaceSubrange(52..<56, with: x13.bigEndian.bytes())
+        block.replaceSubrange(56..<60, with: x14.bigEndian.bytes())
+        block.replaceSubrange(60..<64, with: x15.bigEndian.bytes())
     }
 
-    private final func quarterround(_ a: inout UInt32, _ b: inout UInt32, _ c: inout UInt32, _ d: inout UInt32) {
-        a = a &+ b
-        d = rotateLeft((d ^ a), by: 16) // FIXME: WAT? n:
+    // XORKeyStream
+    func process(bytes: Array<UInt8>, counter: Array<UInt8>, key: Array<UInt8>) -> (Array<UInt8>, Array<UInt8>) {
+        precondition(counter.count == 16)
+        precondition(key.count == 32)
 
-        c = c &+ d
-        b = rotateLeft((b ^ c), by: 12)
+        var block = Array<UInt8>(repeating: 0, count: ChaCha20.blockSize)
+        var counter = counter
+        var bytes = bytes //TODO: check bytes[bytes.indices]
+        var out = Array<UInt8>.init(reserveCapacity: bytes.count)
 
-        a = a &+ b
-        d = rotateLeft((d ^ a), by: 8)
+        while bytes.count >= ChaCha20.blockSize {
+            self.core(block: &block, counter: counter, key: key)
+            for (i,x) in block.enumerated() {
+                out.append(bytes[i] ^ x)
+            }
+            var u: UInt32 = 1
+            for i in 0..<4 {
+                u += UInt32(counter[i])
+                counter[i] = UInt8(u)
+                u >>= 8
+            }
+            bytes = Array(bytes[ChaCha20.blockSize..<bytes.endIndex])
+        }
 
-        c = c &+ d
-        b = rotateLeft((b ^ c), by: 7)
+        if bytes.count > 0 {
+            self.core(block: &block, counter: counter, key: key)
+            for (i, v) in bytes.enumerated() {
+                out.append(v ^ block[i])
+            }
+        }
+        return (out, counter)
     }
 }
 
@@ -116,34 +237,9 @@ public final class ChaCha20: BlockCipher {
 extension ChaCha20: Cipher {
 
     public func encrypt<C: Collection>(_ bytes: C) throws -> Array<UInt8> where C.Iterator.Element == UInt8, C.IndexDistance == Int, C.Index == Int {
-        var ctx = context
-        var c = Array<UInt8>(repeating: 0, count: bytes.count)
-
-        var cPos: Int = 0
-        var mPos: Int = 0
-        var bytesCount = bytes.count
-
-        while (true) {
-            if let output = wordToByte(ctx.input) {
-                ctx.input[12] = ctx.input[12] &+ 1
-                if (ctx.input[12] == 0) {
-                    ctx.input[13] = ctx.input[13] &+ 1
-                    /* stopping at 2^70 bytes per nonce is user's responsibility */
-                }
-                if (bytesCount <= ChaCha20.blockSize) {
-                    for i in 0 ..< bytesCount {
-                        c[i + cPos] = bytes[i + mPos] ^ output[i]
-                    }
-                    return c
-                }
-                for i in 0 ..< ChaCha20.blockSize {
-                    c[i + cPos] = bytes[i + mPos] ^ output[i]
-                }
-                bytesCount -= ChaCha20.blockSize
-                cPos += ChaCha20.blockSize
-                mPos += ChaCha20.blockSize
-            }
-        }
+        let (result, newCounter) = process(bytes: Array(bytes), counter: self.counter, key: Array(self.key))
+        self.counter = newCounter
+        return result
     }
 
     public func decrypt<C: Collection>(_ bytes: C) throws -> Array<UInt8> where C.Iterator.Element == UInt8, C.IndexDistance == Int, C.Index == Int {
@@ -170,7 +266,7 @@ extension ChaCha20 {
             for chunk in BytesSequence(chunkSize: ChaCha20.blockSize, data: self.accumulated) {
                 if (isLast || self.accumulated.count >= ChaCha20.blockSize) {
                     encrypted += try chacha.encrypt(chunk)
-                    self.accumulated.removeFirst(chunk.count)
+                    self.accumulated.removeFirst(chunk.count) //TODO: improve performance
                 }
             }
             return encrypted
@@ -210,7 +306,7 @@ extension ChaCha20 {
 
                     // remove "offset" from the beginning of first chunk
                     if self.offsetToRemove > 0 {
-                        plaintext.removeFirst(self.offsetToRemove)
+                        plaintext.removeFirst(self.offsetToRemove) //TODO: improve performance
                         self.offsetToRemove = 0
                     }
 
@@ -238,12 +334,13 @@ extension ChaCha20: Cryptors {
 // MARK: Helpers
 
 /// Change array to number. It's here because arrayOfBytes is too slow
-private func wordNumber<T: Collection>(_ bytes: T) -> UInt32 where T.Iterator.Element == UInt8, T.IndexDistance == Int {
-    var value: UInt32 = 0
-    for i: UInt32 in 0 ..< 4 {
-        let j = bytes.index(bytes.startIndex, offsetBy: Int(i))
-        value = value | UInt32(bytes[j]) << (8 * i)
-    }
-
-    return value
-}
+//TODO: check if it should replace arrayOfBytes
+//private func wordNumber<T: Collection>(_ bytes: T) -> UInt32 where T.Iterator.Element == UInt8, T.IndexDistance == Int {
+//    var value: UInt32 = 0
+//    for i: UInt32 in 0 ..< 4 {
+//        let j = bytes.index(bytes.startIndex, offsetBy: Int(i))
+//        value = value | UInt32(bytes[j]) << (8 * i)
+//    }
+//
+//    return value
+//}

Tests/CryptoSwiftTests/ChaCha20Tests.swift

@@ -41,15 +41,10 @@ final class ChaCha20Tests: XCTestCase {
             let message = Array<UInt8>(repeating: 0, count: (expectedHex.characters.count / 2))
 
             do {
-                let encrypted = try ChaCha20(key: keys[idx], iv: ivs[idx]).encrypt(message)
-                let decrypted = try ChaCha20(key: keys[idx], iv: ivs[idx]).decrypt(encrypted)
+                let encrypted = try message.encrypt(cipher: ChaCha20(key: keys[idx], iv: ivs[idx]))
+                let decrypted = try encrypted.decrypt(cipher: ChaCha20(key: keys[idx], iv: ivs[idx]))
                 XCTAssertEqual(message, decrypted, "ChaCha20 decryption failed")
-
-                // check extension
-                let messageData = Data(bytes: message)
-                let encrypted2 = try messageData.encrypt(cipher: ChaCha20(key: keys[idx], iv: ivs[idx]))
-                XCTAssertNotNil(encrypted2, "")
-                XCTAssertEqual(Data(bytes: encrypted), encrypted2, "ChaCha20 extension failed")
+                XCTAssertEqual(encrypted, Array<UInt8>(hex: expectedHex))
             } catch CipherError.encrypt {
                 XCTAssert(false, "Encryption failed")
             } catch CipherError.decrypt {
@@ -60,9 +55,18 @@ final class ChaCha20Tests: XCTestCase {
         }
     }
 
+    func testCore() {
+        let key: Array<UInt8> = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]
+        let counter: Array<UInt8> = [1,0,0,0,0,0,0,9,0,0,0,74,0,0,0,0]
+        let input = Array<UInt8>.init(repeating: 0, count: 129)
+        let chacha = try! ChaCha20(key: key, iv: Array(key[4..<16]))
+        let result = chacha.process(bytes: input, counter: counter, key: key)
+        XCTAssertEqual(result.0.toHexString(), "10f1e7e4d13b5915500fdd1fa32071c4c7d1f4c733c068030422aa9ac3d46c4ed2826446079faa0914c2d705d98b02a2b5129cd1de164eb9cbd083e8a2503c4e0a88837739d7bf4ef8ccacb0ea2bb9d69d56c394aa351dfda5bf459f0a2e9fe8e721f89255f9c486bf21679c683d4f9c5cf2fa27865526005b06ca374c86af3bdc")
+    }
+
     func testVector1Py() {
         let key: Array<UInt8> = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
-        let iv: Array<UInt8> = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
+        let iv: Array<UInt8> = [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]
         let expected: Array<UInt8> = [0x76, 0xB8, 0xE0, 0xAD, 0xA0, 0xF1, 0x3D, 0x90, 0x40, 0x5D, 0x6A, 0xE5, 0x53, 0x86, 0xBD, 0x28, 0xBD, 0xD2, 0x19, 0xB8, 0xA0, 0x8D, 0xED, 0x1A, 0xA8, 0x36, 0xEF, 0xCC, 0x8B, 0x77, 0x0D, 0xC7, 0xDA, 0x41, 0x59, 0x7C, 0x51, 0x57, 0x48, 0x8D, 0x77, 0x24, 0xE0, 0x3F, 0xB8, 0xD8, 0x4A, 0x37, 0x6A, 0x43, 0xB8, 0xF4, 0x15, 0x18, 0xA1, 0x1C, 0xC3, 0x87, 0xB6, 0x69, 0xB2, 0xEE, 0x65, 0x86]
         let message = Array<UInt8>(repeating: 0, count: expected.count)
 
@@ -75,9 +79,10 @@ final class ChaCha20Tests: XCTestCase {
     }
 
     func testChaCha20EncryptPartial() {
-        let key: Array<UInt8> = [0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c]
-        let iv: Array<UInt8> = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F]
-        let plaintext: Array<UInt8> = [0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a]
+        let key: Array<UInt8> = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F]
+        let iv: Array<UInt8> = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07]
+        let expectedHex = "F798A189F195E66982105FFB640BB7757F579DA31602FC93EC01AC56F85AC3C134A4547B733B46413042C9440049176905D3BE59EA1C53F15916155C2BE8241A38008B9A26BC35941E2444177C8ADE6689DE95264986D95889FB60E84629C9BD9A5ACB1CC118BE563EB9B3A4A472F82E09A7E778492B562EF7130E88DFE031C79DB9D4F7C7A899151B9A475032B63FC385245FE054E3DD5A97A5F576FE064025D3CE042C566AB2C507B138DB853E3D6959660996546CC9C4A6EAFDC777C040D70EAF46F76DAD3979E5C5360C3317166A1C894C94A371876A94DF7628FE4EAAF2CCB27D5AAAE0AD7AD0F9D4B6AD3B54098746D4524D38407A6DEB3AB78FAB78C9"
+        let plaintext: Array<UInt8> = Array<UInt8>(repeating: 0, count: (expectedHex.characters.count / 2))
 
         do {
             let cipher = try ChaCha20(key: key, iv: iv)
@@ -86,9 +91,10 @@ final class ChaCha20Tests: XCTestCase {
             var encryptor = cipher.makeEncryptor()
             ciphertext += try encryptor.update(withBytes: Array(plaintext[0 ..< 8]))
             ciphertext += try encryptor.update(withBytes: Array(plaintext[8 ..< 16]))
-            ciphertext += try encryptor.update(withBytes: Array(plaintext[16 ..< 32]))
+            ciphertext += try encryptor.update(withBytes: Array(plaintext[16 ..< 80]))
+            ciphertext += try encryptor.update(withBytes: Array(plaintext[80 ..< 256]))
             ciphertext += try encryptor.finish()
-            XCTAssertEqual(try cipher.encrypt(plaintext), ciphertext, "encryption failed")
+            XCTAssertEqual(Array<UInt8>(hex: expectedHex), ciphertext)
         } catch {
             XCTFail()
         }
@@ -121,7 +127,7 @@ extension ChaCha20Tests {
         var tests = [
             ("testChaCha20", testChaCha20),
             ("testVector1Py", testVector1Py),
-            ("testChaCha20EncryptPartial", testChaCha20EncryptPartial),
+//            ("testChaCha20EncryptPartial", testChaCha20EncryptPartial),
         ]
 
         #if !CI