1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-23 20:15:19 -07:00

More tests, and start testing misuse cases

This commit is contained in:
Frank Denis 2017-07-17 23:09:44 +02:00
parent 0238cbcf68
commit 5d56821d3d
16 changed files with 132 additions and 24 deletions

1
.gitignore vendored
View File

@ -114,6 +114,7 @@ test/default/hash3
test/default/kdf
test/default/keygen
test/default/kx
test/default/misuse
test/default/onetimeauth
test/default/onetimeauth2
test/default/onetimeauth7

View File

@ -89,5 +89,5 @@ _crypto_stream_salsa20_pick_best_implementation(void)
return 0;
}
#endif
return 0;
return 0; /* LCOV_EXCL_LINE */
}

View File

@ -41,11 +41,11 @@ int
sodium_init(void)
{
if (sodium_crit_enter() != 0) {
return -1;
return -1; /* LCOV_EXCL_LINE */
}
if (initialized != 0) {
if (sodium_crit_leave() != 0) {
return -1;
return -1; /* LCOV_EXCL_LINE */
}
return 1;
}
@ -60,7 +60,7 @@ sodium_init(void)
_crypto_stream_salsa20_pick_best_implementation();
initialized = 1;
if (sodium_crit_leave() != 0) {
return -1;
return -1; /* LCOV_EXCL_LINE */
}
return 0;
}
@ -95,7 +95,7 @@ int
sodium_crit_enter(void)
{
if (_sodium_crit_init() != 0) {
return -1;
return -1; /* LCOV_EXCL_LINE */
}
EnterCriticalSection(&_sodium_lock);
@ -191,10 +191,10 @@ int
sodium_set_misuse_handler(void (*handler)(const char *err))
{
if (sodium_crit_enter() != 0) {
return -1;
return -1; /* LCOV_EXCL_LINE */
}
_misuse_handler = handler;
if (sodium_crit_leave() != 0) {
return -1;
return -1; /* LCOV_EXCL_LINE */
}
}

View File

@ -68,8 +68,8 @@ __attribute__((weak)) void
_sodium_dummy_symbol_to_prevent_memzero_lto(void *const pnt,
const size_t len)
{
(void) pnt;
(void) len;
(void) pnt; /* LCOV_EXCL_LINE */
(void) len; /* LCOV_EXCL_LINE */
}
#endif

View File

@ -37,6 +37,7 @@ EXTRA_DIST = \
kdf.exp \
keygen.exp \
kx.exp \
misuse.exp \
onetimeauth.exp \
onetimeauth2.exp \
onetimeauth7.exp \
@ -106,6 +107,7 @@ DISTCLEANFILES = \
kdf.res \
keygen.res \
kx.res \
misuse.res \
onetimeauth.res \
onetimeauth2.res \
onetimeauth7.res \
@ -176,6 +178,7 @@ CLEANFILES = \
kdf.final \
keygen.final \
kx.final \
misuse.final \
onetimeauth.final \
onetimeauth2.final \
onetimeauth7.final \
@ -241,6 +244,7 @@ CLEANFILES = \
kdf.nexe \
keygen.nexe \
kx.nexe \
misuse.nexe \
onetimeauth.nexe \
onetimeauth2.nexe \
onetimeauth7.nexe \
@ -318,6 +322,7 @@ TESTS_TARGETS = \
kdf \
keygen \
kx \
misuse \
onetimeauth \
onetimeauth2 \
onetimeauth7 \
@ -460,6 +465,9 @@ keygen_LDADD = $(TESTS_LDADD)
kx_SOURCE = cmptest.h kx.c
kx_LDADD = $(TESTS_LDADD)
misuse_SOURCE = cmptest.h misuse.c
misuse_LDADD = $(TESTS_LDADD)
onetimeauth_SOURCE = cmptest.h onetimeauth.c
onetimeauth_LDADD = $(TESTS_LDADD)

View File

@ -29,6 +29,7 @@ tv(void)
= { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 };
unsigned char *c = (unsigned char *) sodium_malloc(CLEN);
unsigned char *detached_c = (unsigned char *) sodium_malloc(MLEN);
unsigned char *key2 = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_KEYBYTES);
unsigned char *mac = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_ABYTES);
unsigned char *m2 = (unsigned char *) sodium_malloc(MLEN);
unsigned long long found_clen;
@ -161,8 +162,15 @@ tv(void)
printf("m != c (adlen=0)\n");
}
crypto_aead_xchacha20poly1305_ietf_keygen(key2);
if (crypto_aead_xchacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN,
NULL, 0U, nonce, key2) == 0) {
printf("crypto_aead_xchacha20poly1305_ietf_decrypt() with a wrong key should have failed\n");
}
sodium_free(c);
sodium_free(detached_c);
sodium_free(key2);
sodium_free(mac);
sodium_free(m2);
sodium_free(m);

View File

@ -172,8 +172,13 @@ main(void)
tv_ietf();
assert(crypto_stream_chacha20_keybytes() > 0U);
assert(crypto_stream_chacha20_keybytes() == crypto_stream_chacha20_KEYBYTES);
assert(crypto_stream_chacha20_noncebytes() > 0U);
assert(crypto_stream_chacha20_noncebytes() == crypto_stream_chacha20_NONCEBYTES);
assert(crypto_stream_chacha20_ietf_keybytes() > 0U);
assert(crypto_stream_chacha20_ietf_keybytes() == crypto_stream_chacha20_ietf_KEYBYTES);
assert(crypto_stream_chacha20_ietf_noncebytes() > 0U);
assert(crypto_stream_chacha20_ietf_noncebytes() == crypto_stream_chacha20_ietf_NONCEBYTES);
return 0;
}

View File

@ -19,8 +19,8 @@ tv_kdf(void)
}
subkey = (unsigned char *) sodium_malloc(crypto_kdf_BYTES_MAX);
for (i = 0; i < 10; i++) {
assert(crypto_kdf_blake2b_derive_from_key(subkey, crypto_kdf_BYTES_MAX,
i, context, master_key) == 0);
assert(crypto_kdf_derive_from_key(subkey, crypto_kdf_BYTES_MAX,
i, context, master_key) == 0);
sodium_bin2hex(hex, sizeof hex, subkey, crypto_kdf_BYTES_MAX);
printf("%s\n", hex);
}
@ -28,8 +28,8 @@ tv_kdf(void)
for (i = 0; i < crypto_kdf_BYTES_MAX + 2; i++) {
subkey = (unsigned char *) sodium_malloc(crypto_kdf_BYTES_MAX);
if (crypto_kdf_blake2b_derive_from_key(subkey, (size_t) i,
i, context, master_key) == 0) {
if (crypto_kdf_derive_from_key(subkey, (size_t) i,
i, context, master_key) == 0) {
sodium_bin2hex(hex, sizeof hex, subkey, (size_t) i);
printf("%s\n", hex);
} else {
@ -48,6 +48,10 @@ tv_kdf(void)
assert(crypto_kdf_contextbytes() == crypto_kdf_CONTEXTBYTES);
assert(crypto_kdf_KEYBYTES >= 16);
assert(crypto_kdf_keybytes() == crypto_kdf_KEYBYTES);
assert(crypto_kdf_bytes_min() == crypto_kdf_blake2b_bytes_min());
assert(crypto_kdf_bytes_max() == crypto_kdf_blake2b_bytes_max());
assert(crypto_kdf_contextbytes() == crypto_kdf_blake2b_contextbytes());
assert(crypto_kdf_keybytes() == crypto_kdf_blake2b_keybytes());
printf("tv_kdf: ok\n");
}

50
test/default/misuse.c Normal file
View File

@ -0,0 +1,50 @@
#define TEST_NAME "misuse"
#include "cmptest.h"
#include <signal.h>
static void
sigabrt_handler_3(int sig)
{
(void) sig;
exit(0);
}
static void
sigabrt_handler_2(int sig)
{
(void) sig;
signal(SIGABRT, sigabrt_handler_3);
#if SIZE_MAX > 0x4000000000ULL
randombytes_buf_deterministic(NULL, 0x4000000001ULL, NULL);
#else
abort();
#endif
exit(1);
}
static void
sigabrt_handler_1(int sig)
{
(void) sig;
signal(SIGABRT, sigabrt_handler_2);
assert(crypto_kx_server_session_keys(NULL, NULL, NULL, NULL, NULL) == -1);
exit(1);
}
#if defined(SIGABRT) && !defined(__EMSCRIPTEN__) && !defined(__native_client__)
int
main(void)
{
signal(SIGABRT, sigabrt_handler_1);
assert(crypto_kx_client_session_keys(NULL, NULL, NULL, NULL, NULL) == -1);
return 1;
}
#else
int
main(void)
{
exit(0);
}
#endif

0
test/default/misuse.exp Normal file
View File

View File

@ -56,6 +56,8 @@ main(void)
assert(crypto_onetimeauth_poly1305_bytes() == crypto_onetimeauth_bytes());
assert(crypto_onetimeauth_poly1305_keybytes() ==
crypto_onetimeauth_keybytes());
assert(crypto_onetimeauth_statebytes() > 0);
assert(crypto_onetimeauth_statebytes() == crypto_onetimeauth_poly1305_statebytes());
return 0;
}

View File

@ -157,6 +157,10 @@ tv2(void)
1ULL << 12, 0) != -1) {
printf("[tv2] pwhash should have failed (0)\n");
}
if (crypto_pwhash_argon2i(out, sizeof out, "password", strlen("password"), salt, 3,
1ULL << 12, 0) != -1) {
printf("[tv2] pwhash should have failed (0')\n");
}
if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3,
1, crypto_pwhash_alg_default()) != -1) {
printf("[tv2] pwhash should have failed (1)\n");
@ -408,6 +412,9 @@ main(void)
crypto_pwhash_argon2i_alg_argon2i13());
assert(crypto_pwhash_alg_argon2i13() == crypto_pwhash_ALG_ARGON2I13);
assert(crypto_pwhash_alg_argon2i13() == crypto_pwhash_alg_default());
assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_ALG_ARGON2ID13);
assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_argon2i13());
assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_default());
sodium_free(salt);
sodium_free(str_out);

View File

@ -257,6 +257,9 @@ main(void)
if (crypto_pwhash_argon2id_str_verify(str_out, passwd, strlen(passwd)) != 0) {
printf("pwhash_argon2id_str_verify(1) failure\n");
}
if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) {
printf("pwhash_argon2id_str_verify(1') failure\n");
}
str_out[14]++;
if (crypto_pwhash_argon2id_str_verify(str_out, passwd, strlen(passwd)) != -1) {
printf("pwhash_argon2id_str_verify(2) failure\n");
@ -309,26 +312,22 @@ main(void)
"password", strlen("password")) != -1) {
printf("pwhash_argon2id_str_verify(invalid(6)) failure\n");
}
if (crypto_pwhash_argon2id_str_verify(
"$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
"$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
"password", strlen("password")) != 0) {
if (crypto_pwhash_str_verify("$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
"$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
"password", strlen("password")) != 0) {
printf("pwhash_argon2id_str_verify(valid(7)) failure\n");
}
if (crypto_pwhash_argon2id_str_verify(
"$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
if (crypto_pwhash_argon2id_str_verify("$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
"$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
"passwore", strlen("passwore")) != -1 || errno != EINVAL) {
printf("pwhash_argon2id_str_verify(invalid(7)) failure\n");
}
if (crypto_pwhash_argon2id_str_verify(
"$Argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
if (crypto_pwhash_argon2id_str_verify("$Argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc"
"$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
"password", strlen("password")) != -1 || errno != EINVAL) {
printf("pwhash_argon2id_str_verify(invalid(8)) failure\n");
}
if (crypto_pwhash_argon2id_str_verify(
"$argon2id$v=19$m=256,t=3,p=2$MDEyMzQ1Njc"
if (crypto_pwhash_argon2id_str_verify("$argon2id$v=19$m=256,t=3,p=2$MDEyMzQ1Njc"
"$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE",
"password", strlen("password")) != -1 || errno != EINVAL) {
printf("pwhash_argon2id_str_verify(invalid(9)) failure\n");

View File

@ -55,6 +55,11 @@ main(void)
}
printf("\n");
assert(crypto_secretbox(c, c, 31, nonce, firstkey) == -1);
assert(crypto_secretbox(c, c, 12, nonce, firstkey) == -1);
assert(crypto_secretbox(c, c, 1, nonce, firstkey) == -1);
assert(crypto_secretbox(c, c, 0, nonce, firstkey) == -1);
assert(crypto_secretbox_keybytes() > 0U);
assert(crypto_secretbox_noncebytes() > 0U);
assert(crypto_secretbox_zerobytes() > 0U);

View File

@ -46,5 +46,10 @@ main(void)
}
printf("\n");
}
assert(crypto_secretbox_open(m, c, 31, nonce, firstkey) == -1);
assert(crypto_secretbox_open(m, c, 16, nonce, firstkey) == -1);
assert(crypto_secretbox_open(m, c, 1, nonce, firstkey) == -1);
assert(crypto_secretbox_open(m, c, 0, nonce, firstkey) == -1);
return 0;
}

View File

@ -229,7 +229,8 @@ tv_secretbox_xchacha20poly1305(void)
(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len);
sodium_hex2bin(out, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
tv->out, strlen(tv->out), NULL, NULL, NULL);
crypto_secretbox_xchacha20poly1305_easy(out2, m, m_len, nonce, key);
assert(crypto_secretbox_xchacha20poly1305_easy(out2, m, m_len, nonce, key) == 0);
assert(crypto_secretbox_xchacha20poly1305_easy(out2, m, SIZE_MAX, nonce, key) == -1);
assert(memcmp(out, out2,
crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0);
n = randombytes_uniform(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len);
@ -246,10 +247,18 @@ tv_secretbox_xchacha20poly1305(void)
assert(crypto_secretbox_xchacha20poly1305_open_easy
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
nonce, key) == 0);
assert(crypto_secretbox_xchacha20poly1305_open_easy
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES - 1,
nonce, key) == -1);
assert(crypto_secretbox_xchacha20poly1305_open_easy
(out2, out2, 0, nonce, key) == -1);
assert(memcmp(m, out2, m_len) == 0);
assert(crypto_secretbox_xchacha20poly1305_open_detached
(out2, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out,
m_len, nonce, key) == 0);
assert(crypto_secretbox_xchacha20poly1305_open_detached
(NULL, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out,
m_len, nonce, key) == 0);
crypto_secretbox_xchacha20poly1305_detached
(out2 + crypto_secretbox_xchacha20poly1305_MACBYTES, out2, m,
m_len, nonce, key);
@ -302,6 +311,8 @@ tv_box_xchacha20poly1305(void)
assert(crypto_box_curve25519xchacha20poly1305_keypair(pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, m_len, nonce,
pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, SIZE_MAX, nonce,
pk, sk) == -1);
assert(crypto_box_curve25519xchacha20poly1305_open_easy
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
nonce, pk, sk) == 0);
@ -311,6 +322,8 @@ tv_box_xchacha20poly1305(void)
out = (unsigned char *) sodium_malloc
(crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len);
assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, pk, sk) == 0);
assert(crypto_box_curve25519xchacha20poly1305_easy_afternm
(out, m, SIZE_MAX, nonce, pc) == -1);
assert(crypto_box_curve25519xchacha20poly1305_easy_afternm
(out, m, m_len, nonce, pc) == 0);
assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm
@ -360,6 +373,7 @@ tv_box_xchacha20poly1305(void)
assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
assert(crypto_box_curve25519xchacha20poly1305_macbytes() == crypto_box_curve25519xchacha20poly1305_MACBYTES);
printf("tv_box_xchacha20poly1305: ok\n");
}