Frank Denis
af6366efc3
Braces
2021-02-13 12:10:38 +01:00
Frank Denis
4020f76a5f
Put <meta> tag outside <style>
...
Fixes https://github.com/jedisct1/libsodium.js/pull/267
2021-02-07 13:58:23 +01:00
Frank Denis
e4206f1337
Change crypto_core_ed25519_from_string() to accept a hash function
2021-01-24 19:21:07 +01:00
Frank Denis
e945207b77
Remove unused variable in tests
...
Fixes #998
2020-09-29 11:05:31 +02:00
Frank Denis
d8f512bfaa
box_seal test: don't check empty messages
...
Fixes #974
2020-07-01 23:34:34 +02:00
Frank Denis
a8fa837aac
Don't even include signal.h on WASI
...
Since version 11, wasi-sysroot doesn't ignore it but spits out
an error instead.
2020-06-04 10:54:53 +02:00
Frank Denis
039da3af81
Typo
2020-06-02 16:57:08 +02:00
Frank Denis
1fae7383ce
Update H2C test vectors
2020-06-02 16:45:51 +02:00
Frank Denis
1127c43278
Add extra box_seal() tests
2020-05-21 18:38:55 +02:00
Frank Denis
6a1fae4b25
Add some field arithmetic tests for edge cases
2020-05-14 12:33:49 +02:00
Frank Denis
f23c932d74
H2C: change sign computation for Ell2 to match BHKL13
...
https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/pull/250
2020-05-12 16:33:13 +02:00
Frank Denis
67a9e79655
Remove memory shielding
...
That was a great idea to protect against information leak through
speculative loads.
Realistically, nobody is going to use this.
2020-05-10 21:05:24 +02:00
Frank Denis
26a7c82033
Simplify scalarmult{2,5} tests
2020-04-26 20:06:51 +02:00
Frank Denis
7e2755166a
Add a scalarmult test to show that the high bit is ignored
2020-04-26 20:00:49 +02:00
Frank Denis
fe4571516f
One more test vector cannot hurt
2020-04-25 12:26:06 +02:00
Frank Denis
29f098d237
Revert "Add the BlaBla2000 stream cipher - will eventually become the default"
...
This reverts commit a31fe2a966
.
2020-04-21 13:35:29 +02:00
Emil Bay
f7137448dc
fix crypto_stream_chacha20_ietf tests ( #946 )
2020-04-17 11:00:44 +02:00
Frank Denis
d01c49df02
H2C: convert DST encoding to suffix free
...
https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/pull/241
2020-04-10 09:48:26 +02:00
Frank Denis
a31fe2a966
Add the BlaBla2000 stream cipher - will eventually become the default
...
2000 rounds variant of the BlaBla20 cipher
for Very Post Quantum (VPQ) security.
2020-03-31 21:42:54 +02:00
Frank Denis
0cabff7a0a
Move HKDF test to its own file
2020-03-31 17:42:42 +02:00
Frank Denis
35206861b5
Skip HKDF test on minimal builds
2020-03-31 17:26:17 +02:00
Frank Denis
d9844396e3
Fix and add HKDF tests
2020-03-31 17:14:04 +02:00
Frank Denis
192d4b2a5e
C++ compat
2020-03-31 15:23:11 +02:00
Frank Denis
5f39c3ce09
Don't force include the suite ID in tags
2020-03-31 14:33:40 +02:00
Frank Denis
89eb497efa
Handle oversized contexts
2020-03-31 14:16:16 +02:00
Frank Denis
c8d604e1f1
Add test vectors for the string to curve operation
2020-03-31 13:40:42 +02:00
Frank Denis
f2015a7aad
Add a test
2020-03-30 12:25:25 +02:00
Frank Denis
d227affc63
Add wasm3 to the set of supported WebAssembly runtimes
2020-02-04 19:52:25 +01:00
Frank Denis
89f3a09737
Temporarily remove support for Lucet
...
Lucet doesn't work on MacOS any more, so testing it has become difficult.
2020-02-04 19:27:09 +01:00
Frank Denis
65621a1059
Add support for node via wasmer-js
...
V8 doesn't seem to be currently willing to load the metamorphic test.
2019-11-05 02:08:15 +01:00
Frank Denis
c8b6906c60
has_armcrypto_aes -> has_armcrypto
2019-10-23 19:07:33 +02:00
Frank Denis
acaed459ce
Add ARM NEON and AES runtime checks
2019-10-22 22:51:58 +02:00
Frank Denis
c9e95c59bd
Run wasm-opt -O4
2019-10-22 17:16:54 +02:00
Frank Denis
b40674e29a
Add support for WAVM as a WebAssembly runtime
2019-10-22 08:59:24 +02:00
Frank Denis
c638d25583
Try Lucet as a last option, after wasmer, due to its unstable interface
2019-10-11 17:31:57 +02:00
Frank Denis
da75f6824b
Lucet removed the "fast" optimization level
...
We may drop Lucet support entirely until the interface gets more stable
2019-10-11 16:33:36 +02:00
Adrien Gallouët
019db2bc84
Make room for several secretstream
...
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
2019-09-16 15:38:38 +00:00
Frank Denis
eb96e7ecda
WASI can't read its own writes without an explicit fflush()
2019-09-13 11:16:58 +02:00
Adrien Gallouët
0a31dd5a31
aegis256: Support mac verification when m is NULL
...
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
2019-09-12 21:11:07 +00:00
Frank Denis
88717d995b
Indent
2019-09-12 20:28:54 +02:00
Adrien Gallouët
3c14a1581c
Add tests for AEGIS-256
...
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
2019-09-12 14:42:19 +00:00
Frank Denis
aaaaf7b8b8
Units are not required any more for Lucet
2019-07-23 22:23:50 +02:00
Frank Denis
55a81d9460
lucetc-wasi requires units with --max-heap-size
2019-07-09 20:41:34 +02:00
Frank Denis
e97760ad68
shielding requires memory protection
2019-07-09 20:29:36 +02:00
Frank Denis
bfeca0eb73
Implement key shielding to protect against side channels
...
We may want to fold this into `sodium_mprotect_*()` instead of
exposing these functions.
The drawback is that a transition from PROT_NONE to PROT_READ
(or the other way round) would need an intermediary state in PROT_WRITE
for shielding/unshielding.
Shielding is also not thread-safe, while the `mprotect_*()` functions
are, and adding locks would make things more complicated than they
probably should.
2019-06-22 14:56:16 +02:00
Frank Denis
922e91a7bf
lucetc will eventually use --opt-level fast instead of --opt-level best
2019-05-30 20:30:45 +02:00
Frank Denis
af6df5f4a5
Revert "Limit resources when running tests"
...
This reverts commit 9567bbe65f
.
2019-05-23 00:38:14 +02:00
Frank Denis
76ac6ef605
Remove an unreliable scrypt test
...
Fixes #837
2019-05-21 13:14:06 +02:00
Frank Denis
91c98bad15
lucet seems to accept sizes without a suffix
2019-05-21 11:22:49 +02:00
Frank Denis
06f331d153
Use the same memory limit everywhere
2019-05-21 11:12:07 +02:00
Frank Denis
9567bbe65f
Limit resources when running tests
...
The default memory limit matches the limit already used when running
the javascript and webassembly tests.
Original diff by @pilou-
Fixes #837
2019-05-21 10:52:01 +02:00
Frank Denis
6d9e2f0c84
More tests
2019-05-06 13:02:20 +02:00
Frank Denis
011343e88c
More tests
2019-05-06 12:48:02 +02:00
Frank Denis
12277ee6b5
More tests
2019-05-06 12:40:21 +02:00
Frank Denis
06e4a485c4
More tests
2019-05-06 11:40:57 +02:00
Frank Denis
ffdaf6d16b
aead_xchacha20poly1305_ietf_decrypt(): add a test with a NULL message
2019-05-06 11:15:11 +02:00
Frank Denis
4b7e497a92
Revert "Postpone from_hash()"
...
Use proper reduction, and don't mask the high bit, so that
H2C-Curve25519-SHA512-Elligator-Clear can be implemented if required
2019-05-02 13:51:12 +02:00
Frank Denis
56d93ffe62
Lucet now has a --reserved-size knob
2019-05-02 10:16:21 +02:00
Frank Denis
ab1e720a30
Postpone from_hash()
2019-05-02 10:12:12 +02:00
Frank Denis
24c54073a8
Add core_ed25519_from_hash() and core_{ed25519, ristretto255}_random()
2019-05-02 00:51:17 +02:00
Frank Denis
689407c36d
Rename ristretto_from_uniform() to ristretto_from_hash()
2019-05-01 19:56:08 +02:00
Frank Denis
cec56d867f
Lucet: set min-reserved-size to the same value as max-heap-size
...
If <min-reserved-size> is less than <max-heap-size>, the code will
still assume that only <min-reserved-size> bytes are accessible and
will trap even if the runtime could allocate more..
So, `max` should always be <= `min`. Naming options is hard.
2019-04-23 14:57:07 +02:00
Frank Denis
e7942ad150
Make the stream and stream2 test object code 1000x smaller
2019-04-23 09:57:36 +02:00
Frank Denis
3fde7349e1
Clarify that --min-reserved-size surprisingly sets the max memory
2019-04-23 03:14:19 +02:00
Frank Denis
05c86927f4
Remove temporary files
2019-04-23 02:02:19 +02:00
Frank Denis
fbe5d52a81
Spaces
2019-04-23 01:24:12 +02:00
Frank Denis
ff88392d8c
Make the WASI backend configurable
2019-04-23 01:23:41 +02:00
Frank Denis
2277e7f4f0
Lucet requires --min-reserved-size or tests with large allocations will fail
2019-04-23 01:13:25 +02:00
Frank Denis
e38128998b
lucet --dir=.:. works
...
Current WebAssembly runtimes status:
- wasmtime: no tests are failing.
- wasmer: 3 tests are failing:
sodium_core, sodium_utils2, sodium_utils3
- lucet: 8 tests are failing:
core3, pwhash_argon2i, pwhash_argon2id, secretstream, stream, stream2,
pwhash_scrypt, pwhash_scrypt_ll
2019-04-23 00:47:43 +02:00
Frank Denis
7993e35227
Try wasmer and lucet as alternatives to wasmtime
...
However:
- wasmer seems to have issues with signals, causing some tests to fail
- lucet's --dir option doesn't seem to work with relative paths
These are temporary limitations, that are likely to be fixed soon.
2019-04-22 23:57:00 +02:00
Frank Denis
22c289d195
Ensure that we use non-zero random scalars for inversion
2019-04-15 10:18:15 +02:00
Frank Denis
db6f43d25e
Add crypto_core_{ed25519,ristretto255}_scalar_mul
2019-04-15 10:12:19 +02:00
Frank Denis
2d87abe21a
Use the correct constant for the buffer lengths in scalar tests
2019-04-15 09:44:32 +02:00
Frank Denis
a7ebe2856f
Turn on wasmtime optimizations
2019-04-09 15:48:23 +02:00
Frank Denis
aaa9d0d940
Include wasi-test-wrapper.sh in dist builds
2019-04-09 12:09:16 +02:00
Frank Denis
449e6d12b9
Don't forget to free() r_inv in the core_ristretto255 test
2019-04-08 23:12:55 +02:00
Frank Denis
9dbf03c115
Run the WASI checks using wasmtime
2019-04-08 21:45:08 +02:00
Frank Denis
8745c85114
First step towards WASI support
2019-04-08 20:47:33 +02:00
Frank Denis
6a83cd05ec
Be positive
2019-03-21 09:27:55 +01:00
Frank Denis
773a94d70b
Just use some test vectors around the counter overflow
2019-03-21 03:08:40 +01:00
Frank Denis
9218397375
Remove useless tests, add more meaningful ones.
2019-03-21 02:04:09 +01:00
Frank Denis
b579de9ac7
Additional salsa20 tests
2019-03-21 01:15:13 +01:00
Frank Denis
e1abc1de7e
Rename randombytes_salsa20 to randombytes_internal and switch to ChaCha20
2019-03-17 19:25:32 +01:00
Frank Denis
1e847cc60b
More tests
2019-02-18 11:10:51 +01:00
Frank Denis
db0319fb8e
Initial support for ristretto255
2019-02-18 00:56:48 +01:00
Frank Denis
e6aa7e1da4
The time has come to remove support for (p)nacl
2019-02-14 14:41:09 +01:00
Frank Denis
83a873ea1b
Fix tests, use guard page instead of NULL because of Wasm
2019-02-09 20:47:24 +01:00
Ilya Maykov
6934a8d0c8
Relax most __attribute__ ((nonnull)) to allow 0-length inputs to be NULL.
...
Justifications:
- crypto_(auth|hash|generichash|onetimeauth|shorthash)*:
it's legal to hash or HMAC a 0-length message
- crypto_box*: it's legal to encrypt a 0-length message
- crypto_sign*: it's legal to sign a 0-length message
- utils:
comparing two 0-length byte arrays is legal
memzero on a 0-length byte array is a no-op
converting an empty hex string to binary results in an empty binary string
converting an empty binary string to hex results in an empty hex string
converting an empty b64 string to binary results in an empty binary string
converting an empty binary string to b64 results in an empty b64 string
sodium_add / sodium_sub on zero-length arrays is a no-op
For the functions declared in utils.h, I moved the logic into private functions that
have the __attribute__ ((nonnull)) check, but they are only called when the
corresponding length argument is non-0. I didn't do this for the hash/box/sign
functions since it would have been a lot more work and quite a large refactor.
2019-02-09 20:26:10 +01:00
Frank Denis
0cdf963799
Add another test
2019-01-05 23:11:02 +01:00
Frank Denis
909983a9d2
Avoid memory leak and overflow in addition test
2019-01-05 23:08:03 +01:00
Frank Denis
d4eec69ef1
More tests
2019-01-05 21:17:48 +01:00
Frank Denis
0205a8035e
More tests
2019-01-05 20:56:22 +01:00
Frank Denis
7ac557498f
C++ compat
2019-01-03 09:49:33 +01:00
Frank Denis
bdfda5dc83
Nits
2019-01-02 16:14:15 +01:00
Frank Denis
d333f509a2
Add a test for sodium_sub()
2019-01-02 15:32:59 +01:00
Frank Denis
1542d473da
Add crypto_core_ed25519_scalar_complement(), _negate(), _add(), _sub()
2018-12-30 01:48:58 +01:00
Frank Denis
cff3d7f6c7
Remove unused variables
2018-12-29 16:42:09 +01:00
Frank Denis
cce84d05b2
Use unsigned indices
2018-12-26 18:39:07 +01:00
Frank Denis
d3976446a0
ED25519_NONDETERMINISTIC: derive keys from the seed the same way
...
as when ED25519_NONDETERMINISTIC is not defined
2018-12-25 13:25:57 +01:00
Frank Denis
59bd82edab
Add a crypto_core_ed25519_NONREDUCEDSCALARBYTES constant
...
and reject 0 in crypto_core_ed25519_random()
2018-12-24 17:26:38 +01:00