1
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-28 22:21:15 -07:00
Commit Graph

353 Commits

Author SHA1 Message Date
Frank Denis
9337ecfa60 Add tests for sodium_add(), more tests for sodium_increment() and is_zero() 2015-11-16 23:22:01 +01:00
Frank Denis
7561a25d5a Add a is_zero() helper 2015-11-13 01:48:34 +01:00
Frank Denis
debed38314 Check a return value in the secretbox_easy2 test 2015-11-01 14:45:35 +01:00
Frank Denis
17bcbbbd45 Force functions whose result must be checked to be checked 2015-11-01 13:57:51 +01:00
Frank Denis
26fdfec99b Add sodium_runtime_has_ssse3() and sodium_runtime_has_sse41() 2015-10-31 23:42:44 +01:00
Frank Denis
84695c8d42 Make sodium_compare() work on little-endian numbers as expected 2015-10-31 22:36:54 +01:00
Frank Denis
a1e4d3df3f Add AES256-GCM tests for decryption of truncated ciphertext 2015-10-30 19:47:47 +01:00
Frank Denis
688e1c4742 C++ compat 2015-10-26 22:48:56 +01:00
Frank Denis
437ce023c9 Exercise ChaCha20 with different output sizes 2015-10-26 21:30:46 +01:00
Frank Denis
771e32bd18 CompCert compatibility 2015-10-26 16:59:28 +01:00
Frank Denis
4b1478cd5b Extra sanity checks for blake2b_salt_personal() 2015-10-25 01:57:07 +02:00
Frank Denis
5d0236c25e C++ compat 2015-10-21 17:42:22 +02:00
Frank Denis
143e1c1a14 Do not compile unused sections 2015-10-18 01:33:35 +02:00
Frank Denis
1cfa5ec6c1 Add Blake2b test vectors from the reference code 2015-10-18 00:55:10 +02:00
Frank Denis
f01c303631 Blake2b: refuse a NULL key with a length > 0 2015-10-18 00:27:03 +02:00
Frank Denis
eeb31af578 Let crypto_generichash_statebytes() return a size rounded to the alignment
Add similar check in the aead_aes256gcm test.
2015-10-18 00:16:05 +02:00
Frank Denis
a2c8ff5ccb Visual Studio doesn't have %zu 2015-10-17 21:32:25 +02:00
Frank Denis
d667efde68 Add sodium_compare()
A constant-time version of memcmp(), useful to compare nonces and counters
in little-endian format, that plays well with sodium_increment().

Unlike sodium_memcmp() which can compare anything for equality,
sodium_compare() is designed to compare things that are comparable, byte by
byte. Therefore, the prototype is slightly different: its arguments are
supposed to be `const unsigned char *`.

The names sodium_memcmp() and sodium_compare() are slightly confusing.
But we're not going to rename sodium_memcmp(), and I cannot think of a
better name for sodium_compare() than sodium_compare().
2015-10-17 21:25:30 +02:00
Frank Denis
2aef671fd9 Indent 2015-10-17 21:10:52 +02:00
Frank Denis
bfed7b91b6 Explicit cast 2015-10-14 15:54:27 +02:00
Frank Denis
2ee2e86f80 Explicit cast 2015-10-14 11:29:38 +02:00
Frank Denis
f169623d4e C++ compat 2015-10-12 14:44:00 +02:00
Frank Denis
84625742c6 More test vectors 2015-10-12 13:58:10 +02:00
Frank Denis
40ba7ea531 More test vectors
from http://www.ieee802.org/1/files/public/docs2011/bn-randall-test-vectors-0511-v1.pdf
2015-10-12 10:03:09 +02:00
Frank Denis
98550acafb Add tests for the aes256gcm functions returning sizes
Which spotted a typo by the way.
2015-10-11 19:19:31 +02:00
Frank Denis
7082a3c8d1 Ignore the aes256gcm test if aes256gcm hasn't been compiled in 2015-10-11 19:14:29 +02:00
Frank Denis
20e384988c Test for presence of new sodium_runtime_has_*() functions 2015-10-11 18:51:30 +02:00
Frank Denis
c8be336506 C++ compat 2015-10-11 14:35:32 +02:00
Frank Denis
aa965a580b Expose only crypto_aead_aes256gcm_*() not crypto_aead_aes256gcm_aesni_*()
libsodium typically doesn't expose specific implementations.
It shouldn't be the case for that construction either, especially since
an ARM8 implementation might be added later.
We want a single interface for both.
2015-10-11 14:29:25 +02:00
Frank Denis
dadc5d9906 Add crypto_aead_aes256gcm_aesni_is_available() 2015-10-11 13:05:32 +02:00
Frank Denis
93295855cf Add aes256gcm test vectors 2015-10-11 12:56:20 +02:00
Frank Denis
dca2131f45 C++ compat 2015-09-21 16:05:53 +02:00
Frank Denis
6be1ce3f34 scalarmult: add the exact test from the irtf-cfrg-curves draft
Use guarded memory by the way.
2015-09-21 15:45:32 +02:00
Frank Denis
7fa840e486 C++ compat 2015-09-09 17:42:38 +02:00
Frank Denis
8ee4950eb3 Use sodium_malloc() for the secretbox_*() tests 2015-09-09 10:00:18 +02:00
Frank Denis
0f1f8a6ea6 Check that secretbox works as expected when m and c are overlapping 2015-09-09 09:00:08 +02:00
Frank Denis
f51fb6a90e Add a test for crypto_secretbox() with c == m 2015-09-09 08:51:19 +02:00
Frank Denis
90d9f5debd Remove bashisms in nacl-test-wrapper.sh 2015-08-02 14:39:17 +02:00
Frank Denis
7fca230be8 Nits after pnacl merge 2015-08-02 13:53:22 +02:00
Frank Denis
f610f781f2 Merge remote-tracking branch 'arbinger/pnacl' into nacl
* arbinger/pnacl:
  removed comment
  Added .final and .nexe output files to CLEANFILES
  revert original hack
  Initial patch for Chrome NaCl implementation
  Added patch to obtain random bytes for Chrome NaCl via IRT -- allows build with NaCl SDK toolchain
2015-08-02 12:54:05 +02:00
Frank Denis
c8e8983430 Test crypto_stream_*() with an output buffer previously filled with junk
Obviously, the previous content shouldn't change the output.
2015-07-21 13:37:06 +02:00
James Robson
e119c3e502 Added .final and .nexe output files to CLEANFILES 2015-06-22 14:16:07 -05:00
James Robson
1b633bb8ca Merge branch 'master' into pnacl 2015-06-22 13:19:33 -05:00
James Robson
34a4931d9a Initial patch for Chrome NaCl implementation 2015-06-22 13:02:21 -05:00
Frank Denis
e2fca8cac5 Add sodium_increment() 2015-06-22 15:44:58 +02:00
Frank Denis
bf920dc717 Add IETF-compatible version of chacha20poly1305 2015-05-09 16:12:03 +02:00
Frank Denis
ee97d5e3f8 Add tests for custom randombytes_uniform.
Check for crypto_auth_hmacsha512256_statebytes() presence.
2015-05-09 15:54:18 +02:00
Frank Denis
1b0e51da5e Use sodium_malloc() in the pwhash test. 2015-05-01 17:35:45 +02:00
Frank Denis
eb4e9e48f9 Turn ASAN errors into warnings in sodium_utils{2,3} tests 2015-04-24 15:11:29 +02:00
Frank Denis
575ce93058 + crypto_box_seal() 2015-04-17 01:01:32 +02:00
Frank Denis
f379ab8766 Add a test for sodium_allocarray(0, x) 2015-03-23 21:47:44 +01:00
Frank Denis
3316db5c87 Use proper nonce length now that's it's a pointer in box_easy2 test. 2015-02-17 18:42:57 +01:00
Frank Denis
a1b3da7dd9 Add crypto_stream_xsalsa20_ic() 2015-02-02 21:27:19 +01:00
Frank Denis
666fd4323b Add a test for crypto_stream_salsa20_xor_ic() 2015-02-02 21:27:12 +01:00
Frank Denis
5db61c617b Add statebytes for crypto_hmac_* 2015-01-23 23:08:49 +01:00
Frank Denis
b5deb4d070 + crypto_hash_sha(256|512)_statebytes 2015-01-23 11:17:40 +01:00
Frank Denis
cdbb2dfe75 Import moved quirks.h 2015-01-23 11:02:13 +01:00
Frank Denis
9e538624f4 + crypto_generichash_statebytes() 2015-01-23 11:00:57 +01:00
Frank Denis
c9ba75a48f Add crypto_generichash_statebytes()
sizeof() is not always an option when accessing the library from
other languages.
2015-01-23 10:56:01 +01:00
Frank Denis
4921836512 Move quirks inclusion to cmptest.h, emscsripten quirks to quirks.h 2015-01-23 10:41:28 +01:00
Frank Denis
4724440492 quirks\windows\windows-quirks.h -> quirks\quirks.h 2015-01-23 10:35:20 +01:00
Frank Denis
8088e486ee strcmp() with optimization level > 1 is broken on Emscripten (!)
Trivial workaround that should eventually go to the quirks file
until this is fixed in Emscripten.
2015-01-22 19:06:21 +01:00
Frank Denis
388baa5380 Add an extra test for randombytes 2015-01-18 10:34:31 +01:00
Frank Denis
feaba594db || -> | spotted by Ahmad 2015-01-18 10:17:53 +01:00
Frank Denis
add0fcede4 randombytes_random() is 32 bits, even in JS. 2015-01-18 09:50:17 +01:00
Frank Denis
9c0613525c Do not require /dev/urandom emulation in Javascript any more. 2015-01-17 21:43:57 +01:00
Frank Denis
9a386d0a6d Test crypto_box[_open]_easy_afternm() with short and overflowing lengths 2015-01-15 14:37:26 +01:00
Frank Denis
f20ecbed94 Skip sodium_utils{2,3} tests when the target is Javascript 2015-01-15 11:12:58 +01:00
Frank Denis
820a2b70e3 Move macros up 2015-01-15 00:51:53 +01:00
Frank Denis
69d9553ec2 Test crypto_sign_open() with NULL as a pointer to the message size 2015-01-14 19:59:44 +01:00
Frank Denis
6104af1189 Add new tests for the crypto_box_*() precomputed interface 2015-01-06 21:18:36 +01:00
Frank Denis
bfcd1612c7 C++ compat 2014-12-18 00:12:50 +01:00
Frank Denis
9036d62fc9 Use guarded memory for the box_easy/box_detached tests. 2014-12-18 00:00:19 +01:00
Frank Denis
5e364632e0 Make sodium_free() callable even if protection is PROT_NONE.
Reported by @stouset, thanks!
2014-12-07 14:52:44 -08:00
Frank Denis
d556a56c3c Add extra assert() in tests allocating memory on the heap. 2014-11-25 16:19:20 -08:00
Frank Denis
6189eec330 Remove unused and shadowed global 2014-11-25 15:30:26 -08:00
Frank Denis
61620d7e42 Make 'make check' actually run the tests on Emscripten. 2014-11-25 09:51:39 -08:00
Frank Denis
5437f8974d Don't expect signals to work in Javascript 2014-11-24 17:48:51 -08:00
Frank Denis
69e3674c29 Include the test pre.js script only for tests. 2014-11-24 17:19:55 -08:00
Frank Denis
77caa2b4d5 Correct /test-data mount point 2014-11-22 14:34:10 -08:00
Frank Denis
df1a75858c Mount the current dir as /test-data (nodefs) for testing Javascript code 2014-11-22 13:46:09 -08:00
Frank Denis
cd2a7019f1 pre.js: unlink /dev/(u)random before re-registering them 2014-11-22 11:56:36 -08:00
Frank Denis
b0403efc80 Fail if JS crypto is not available.
Emscripten registers /dev/urandom and /dev/random by default, but falls back to
Math.random()*256 when crypto.getRandomValues() is not available, which is not
acceptable. So we need to re-register them no matter what.
2014-11-22 11:24:32 -08:00
Frank Denis
d42634d466 Tests: use explicit casts when shortening types 2014-11-20 13:12:08 -08:00
Frank Denis
d311731bad Revert "Fix integer narrowing warnings in tests."
This reverts commit 173ad74d3e.
2014-11-20 12:00:37 -08:00
Frank Denis
394c6a1970 Merge pull request #205 from evoskuil/master
Update VS projects and fix test warnings.
2014-11-20 12:00:06 -08:00
Frank Denis
4f70e7c171 C++ compat 2014-11-20 11:35:32 -08:00
Frank Denis
d3e716aa49 curve25519-donna-c64: don't read an extra byte when expanding a 32-byte number into polynomial form
Reported by Michael Holmwood.
2014-11-20 11:22:24 -08:00
evoskuil
173ad74d3e Fix integer narrowing warnings in tests. 2014-11-02 22:35:36 -08:00
Frank Denis
5fd91b8f0f SIGSEGV handlers are incompatible with -fsanitize=address 2014-10-16 14:08:43 -07:00
Frank Denis
cb07df046f Remove S<l check.
Plan is to add is_standard()/is_canonical() instead of changing the current behavior
of the verification function. Suggested by CodesInChaos.
2014-10-06 12:21:40 -07:00
Frank Denis
71b5184224 Add a test for chacha20poly1305 with overlapping pointers 2014-10-05 00:02:45 -07:00
Frank Denis
c3b0de7393 Test box_easy with overlapping in/out. 2014-10-04 23:53:19 -07:00
Frank Denis
d34743241e Add a test for ed25519 malleability and restore traditional behavior.
If an application really requires non-malleability, ED25519_PREVENT_MALLEABILITY
can be defined to enable the check.

This might become the default behavior depending on what other implementations
are planning to do.
2014-10-04 23:25:01 -07:00
Frank Denis
9f6d37d9c6 Support overlapping input and output regions in crypto_secretbox_detached()
crypto_stream_salsa20() doesn't support overlapping input and output regions,
except when they are aliases.
2014-10-04 22:08:09 -07:00
Frank Denis
18f4dd241e C++ compat 2014-09-23 21:30:37 -07:00
Frank Denis
727f3993a1 lcov exclusion 2014-09-23 21:22:44 -07:00
Frank Denis
5a7782eb6e Extra tests for invalid pwhash strings 2014-09-23 21:15:38 -07:00
Frank Denis
7670932918 test pwhash_str_verify() with an invalid character 2014-09-23 15:38:31 -07:00
Frank Denis
b07dfc5da3 The test for pwhash is too slow for some systems.
Stop checking alterations for every single character.
2014-09-23 15:18:06 -07:00
Frank Denis
ced2c40a1a Update pwhash.exp for the new case that has to fail (empty password) 2014-09-23 14:57:11 -07:00
Frank Denis
7a54ba58e9 Test password verification with an empty password 2014-09-23 14:54:19 -07:00
Frank Denis
d6d539a0ce Test crypto_pwhash_scryptsalsa208sha256_str_verify() with invalid input. 2014-09-23 13:58:59 -07:00
Frank Denis
d511c43ca9 Test crypto_hash() with an input longer than the block size 2014-09-23 13:40:08 -07:00
Frank Denis
46df8ea890 Test pwhash with opslimit < 32768 2014-09-23 13:19:03 -07:00
Frank Denis
34df07f0c7 Test generichash with no key, with salt or personalization 2014-09-23 12:37:21 -07:00
Frank Denis
471922cb05 crypto_sign() test: explicitly initialize sig in case the previous tests failed. 2014-09-22 17:09:16 -07:00
Frank Denis
5558885953 Add a test for crypto_sign() with overlapping buffers. 2014-09-21 22:10:25 -07:00
Frank Denis
4de4e57a8e chacha20: test more than 1 block 2014-09-18 22:13:00 -07:00
Frank Denis
9eefb2e487 More test + lcov exclusions 2014-09-18 22:02:25 -07:00
Frank Denis
b062a555da scalarmult: check that the top bit is ignored 2014-09-18 21:27:49 -07:00
Frank Denis
595e98a224 Check return code of crypto_generichash_init() 2014-09-16 21:41:33 -07:00
Frank Denis
31d842a432 Test for (secret)box_easy behavior with a huge input. 2014-09-16 21:20:05 -07:00
Frank Denis
37580f4f52 More tests 2014-09-16 20:46:43 -07:00
Frank Denis
fbfbbdd349 Ensure that nothing explodes when calling crypto_generichash_blake2b_init_salt_personal with salt/personal == NULL 2014-09-16 20:09:33 -07:00
Frank Denis
51d9b223aa Test crypto_box_(before|after)nm 2014-09-16 20:01:58 -07:00
Frank Denis
1cf170a90e Test sodium_allocarray(), and sodium_malloc() with a huge size 2014-09-16 15:35:21 -07:00
Frank Denis
4993073501 Test chacha20 with a null output length 2014-09-16 15:25:54 -07:00
Frank Denis
6837c2d2c2 Include extra 0 in the key used for the hmacsha512 test 2014-09-16 15:25:38 -07:00
Frank Denis
fe4bbdc5ca More crypto_pwhash() tests 2014-09-16 15:07:42 -07:00
Frank Denis
a721543b58 Test hmacsha512 with keys larger than the block size 2014-09-16 14:59:19 -07:00
Frank Denis
e333e55209 Increase generichash test coverage 2014-09-16 14:44:38 -07:00
Frank Denis
cee8af9b66 Test chacha20 with length == 0 2014-09-16 10:32:04 -07:00
Frank Denis
81aa4ef4a3 Check crypto_onetimeauth() streaming interface 2014-09-16 10:19:32 -07:00
Frank Denis
d7edf5c34b crypto_generichash_keybytes_min() cannot be 0, even if 0 is a valid key length 2014-09-15 10:26:29 -07:00
Frank Denis
1217d30bae More chacha20 tests 2014-09-14 13:09:15 -07:00
Frank Denis
2f7d98a73d Fix format in auth5 test 2014-09-14 12:58:50 -07:00
Frank Denis
dc49ae0491 Add tests for invalid generichash parameters 2014-09-14 12:56:32 -07:00
Frank Denis
0ec5a25c88 More tests for randombytes 2014-09-14 12:43:53 -07:00
Frank Denis
82bc039d6c Consistent syle for the tests. 2014-09-14 11:32:55 -07:00
Frank Denis
0e559b94d5 Make the tests a little bit more readable 2014-09-14 10:34:16 -07:00
Frank Denis
f41bfa9b94 More tests for constants 2014-09-13 15:17:19 -07:00
Frank Denis
fcc2513967 More tests for constants 2014-09-13 15:12:23 -07:00
Frank Denis
d65c791e58 More tests for constants 2014-09-13 15:03:04 -07:00
Frank Denis
2645422a32 Test crypto_aead with a short ciphertext 2014-09-13 14:51:21 -07:00
Frank Denis
a92731a9f4 More tests for constants 2014-09-13 14:47:29 -07:00
Frank Denis
12a3f27706 More tests for constants 2014-09-13 14:37:04 -07:00
Frank Denis
2c1b507045 More constant tests 2014-09-13 14:29:59 -07:00
Frank Denis
ab37bd3e0b Tests: no need for crypto_uint8 2014-09-13 14:15:55 -07:00
Frank Denis
b7b0436fb8 Test the presence of some extra functions 2014-09-13 14:12:40 -07:00
Frank Denis
4d276a81e7 Include header files commonly used by the tests to cmptest.h 2014-09-13 14:11:12 -07:00
Frank Denis
3b680e0a52 Use high-level APIs in tests 2014-09-13 13:56:41 -07:00
Frank Denis
6c0852f22f Remove unused macros 2014-09-04 13:24:09 -07:00
Frank Denis
0e23192159 Add crypto_sign_ed25519_sk_to_seed() and crypto_sign_ed25519_sk_to_pk() 2014-08-15 13:52:08 -07:00
Frank Denis
473e1718cc Add sodium_{malloc,allocarray,free}() and sodium_mprotect_*()
ptr = sodium_malloc(size) returns a pointer from which exactly "size" bytes
can be accessed.

ptr = sodium_allocarray(count, size) allocates enough storage space for
"count" pointers or scalars of unit size "size".

In both cases, the region is immediately followed by a guard page.
As a result, any attempt to access a memory location after ptr[size - 1] will
immediately trigger a segmentation fault.

The allocated region is mlock()ed and filled with 0xd0 bytes.

A read-only page with the size, a guard page, as well as a canary are
placed before the returned pointer.

The canary is checked by sodium_free(); as a result, altering data right
before ptr is likely to cause sodium_free() to kill the process.

sodium_free() munlock()s the region and fills it with zeros before
actually calling free().

sodium_mprotect_noaccess(), sodium_mprotect_readonly() and
sodium_mprotect_readwrite() can be used to change the protection on the set
of allocated pages.

Reverting the protection to read+write is not required before calling
sodium_free().
2014-08-14 21:41:05 -07:00
Frank Denis
9f0208050e crypto_sign_SECRETKEYBYTES already includes the public key 2014-08-05 14:26:39 -07:00
Frank Denis
eae4add8de Implement ed25519 -> curve25519 keys conversion 2014-08-05 13:32:25 -07:00
Frank Denis
7b0eeda1c6 Remove aes256estream.
AES-256 will be reintroduced, but not until we have a bitsliced implementation.
2014-08-05 00:57:10 -07:00
Frank Denis
c16502fc2c Coverity FP 2014-07-15 22:48:49 -07:00
Frank Denis
25ea5b65db Add explicit checks for crypto_box_detached() 2014-07-11 12:28:52 -07:00