diff --git a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c index d039a3bb..7acdab03 100644 --- a/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c +++ b/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c @@ -234,7 +234,7 @@ _needs_rehash(const char *str, unsigned long long opslimit, size_t memlimit, } memset(&ctx, 0, sizeof ctx); if ((fodder = (unsigned char *) calloc(fodder_len, 1U)) == NULL) { - return -1; + return -1; /* LCOV_EXCL_LINE */ } ctx.out = ctx.pwd = ctx.salt = fodder; ctx.outlen = ctx.pwdlen = ctx.saltlen = (uint32_t) fodder_len; diff --git a/test/default/aead_chacha20poly1305.c b/test/default/aead_chacha20poly1305.c index 85653e69..30b9e66a 100644 --- a/test/default/aead_chacha20poly1305.c +++ b/test/default/aead_chacha20poly1305.c @@ -167,6 +167,12 @@ tv(void) assert(crypto_aead_chacha20poly1305_keybytes() > 0U); assert(crypto_aead_chacha20poly1305_npubbytes() > 0U); assert(crypto_aead_chacha20poly1305_nsecbytes() == 0U); + assert(crypto_aead_chacha20poly1305_messagebytes_max() > 0U); + assert(crypto_aead_chacha20poly1305_messagebytes_max() == crypto_aead_chacha20poly1305_MESSAGEBYTES_MAX); + assert(crypto_aead_chacha20poly1305_keybytes() == crypto_aead_chacha20poly1305_KEYBYTES); + assert(crypto_aead_chacha20poly1305_nsecbytes() == crypto_aead_chacha20poly1305_NSECBYTES); + assert(crypto_aead_chacha20poly1305_npubbytes() == crypto_aead_chacha20poly1305_NPUBBYTES); + assert(crypto_aead_chacha20poly1305_abytes() == crypto_aead_chacha20poly1305_ABYTES); return 0; } diff --git a/test/default/pwhash.c b/test/default/pwhash.c index 97723bf8..60ef3a01 100644 --- a/test/default/pwhash.c +++ b/test/default/pwhash.c @@ -475,6 +475,23 @@ main(void) assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_argon2i13()); assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_default()); + assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL, + crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE, + crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE, + 0) == -1); + assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL, + crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE, + crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE, + crypto_pwhash_ALG_ARGON2ID13) == -1); + assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL, + crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE, + crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE, + 0) == -1); + assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL, + crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE, + crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE, + crypto_pwhash_ALG_ARGON2I13) == -1); + printf("OK\n"); return 0; diff --git a/test/default/pwhash_argon2id.c b/test/default/pwhash_argon2id.c index 2e7a94cc..b54daaa2 100644 --- a/test/default/pwhash_argon2id.c +++ b/test/default/pwhash_argon2id.c @@ -248,6 +248,26 @@ main(void) if (strcmp(str_out, str_out2) == 0) { printf("pwhash_argon2id_str() doesn't generate different salts\n"); } + if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0 || + crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0) { + printf("needs_rehash() false positive\n"); + } + if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 || + crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) != 1 || + crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 || + crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT * 2, MEMLIMIT) != 1) { + printf("needs_rehash() false negative\n"); + } + if (crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 || + crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) != 1 || + crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 || + crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT * 2, MEMLIMIT) != 1) { + printf("needs_rehash() false negative\n"); + } + if (crypto_pwhash_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1 || + crypto_pwhash_argon2id_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) { + printf("needs_rehash() didn't fail with an invalid hash string\n"); + } if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out), crypto_pwhash_argon2id_STRBYTES - strlen(str_out)) != 1 || sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2), diff --git a/test/default/secretstream.c b/test/default/secretstream.c index ac4e4963..7ff907e3 100644 --- a/test/default/secretstream.c +++ b/test/default/secretstream.c @@ -6,14 +6,15 @@ int main(void) { crypto_secretstream_xchacha20poly1305_state *state; - unsigned char *header; - unsigned char *k; - unsigned char *c1, *c2, *c3; - unsigned char *m1, *m2, *m3; - unsigned char *m1_, *m2_, *m3_; - size_t m1_len, m2_len, m3_len; - int ret; - unsigned char tag; + unsigned char *header; + unsigned char *k; + unsigned char *c1, *c2, *c3; + unsigned char *m1, *m2, *m3; + unsigned char *m1_, *m2_, *m3_; + unsigned long long res_len; + size_t m1_len, m2_len, m3_len; + int ret; + unsigned char tag; state = (crypto_secretstream_xchacha20poly1305_state *) sodium_malloc(crypto_secretstream_xchacha20poly1305_statebytes()); @@ -55,8 +56,9 @@ main(void) assert(ret == 0); ret = crypto_secretstream_xchacha20poly1305_push - (state, c1, NULL, m1, m1_len, NULL, 0, 0); + (state, c1, &res_len, m1, m1_len, NULL, 0, 0); assert(ret == 0); + assert(res_len == m1_len + crypto_secretstream_xchacha20poly1305_ABYTES); ret = crypto_secretstream_xchacha20poly1305_push (state, c2, NULL, m2, m2_len, NULL, 0, 0); @@ -73,11 +75,12 @@ main(void) assert(ret == 0); ret = crypto_secretstream_xchacha20poly1305_pull - (state, m1, NULL, &tag, + (state, m1, &res_len, &tag, c1, m1_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0); assert(ret == 0); assert(tag == 0); assert(memcmp(m1, m1_, m1_len) == 0); + assert(res_len == m1_len); ret = crypto_secretstream_xchacha20poly1305_pull (state, m2, NULL, &tag, @@ -107,6 +110,24 @@ main(void) c2, m2_len + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0); assert(ret == -1); + /* short ciphertext */ + + ret = crypto_secretstream_xchacha20poly1305_pull + (state, m2, NULL, &tag, c2, + randombytes_uniform(crypto_secretstream_xchacha20poly1305_ABYTES), + NULL, 0); + assert(ret == -1); + ret = crypto_secretstream_xchacha20poly1305_pull + (state, m2, NULL, &tag, c2, 0, NULL, 0); + assert(ret == -1); + + /* empty ciphertext */ + + ret = crypto_secretstream_xchacha20poly1305_pull + (state, m2, NULL, &tag, c2, + crypto_secretstream_xchacha20poly1305_ABYTES, NULL, 0); + assert(ret == -1); + /* without explicit rekeying */ ret = crypto_secretstream_xchacha20poly1305_init_push(state, header, k);