kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-19 18:15:18 -07:00
Code Releases Wiki Activity
4,148 Commits 7 Branches 36 Tags 16 MiB
95b72ea3c5
Commit Graph

729 Commits

Author SHA1 Message Date
Frank Denis
c2efce113d Add crypto_core_{ed25519,ristretto255}_scalar_is_canonical() 2020-05-13 22:59:08 +02:00
Frank Denis
f23c932d74 H2C: change sign computation for Ell2 to match BHKL13 
https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/pull/250
 2020-05-12 16:33:13 +02:00
Frank Denis
67a9e79655 Remove memory shielding 
That was a great idea to protect against information leak through
speculative loads.

Realistically, nobody is going to use this.
 2020-05-10 21:05:24 +02:00
Frank Denis
26a7c82033 Simplify scalarmult{2,5} tests 2020-04-26 20:06:51 +02:00
Frank Denis
7e2755166a Add a scalarmult test to show that the high bit is ignored 2020-04-26 20:00:49 +02:00
Frank Denis
fe4571516f One more test vector cannot hurt 2020-04-25 12:26:06 +02:00
Frank Denis
29f098d237 Revert "Add the BlaBla2000 stream cipher - will eventually become the default" 
This reverts commit a31fe2a966.
 2020-04-21 13:35:29 +02:00
Emil Bay
f7137448dc
fix crypto_stream_chacha20_ietf tests (#946) 2020-04-17 11:00:44 +02:00
Frank Denis
d01c49df02 H2C: convert DST encoding to suffix free 
https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/pull/241
 2020-04-10 09:48:26 +02:00
Frank Denis
a31fe2a966 Add the BlaBla2000 stream cipher - will eventually become the default 
2000 rounds variant of the BlaBla20 cipher
for Very Post Quantum (VPQ) security.
 2020-03-31 21:42:54 +02:00
Frank Denis
0cabff7a0a Move HKDF test to its own file 2020-03-31 17:42:42 +02:00
Frank Denis
35206861b5 Skip HKDF test on minimal builds 2020-03-31 17:26:17 +02:00
Frank Denis
d9844396e3 Fix and add HKDF tests 2020-03-31 17:14:04 +02:00
Frank Denis
192d4b2a5e C++ compat 2020-03-31 15:23:11 +02:00
Frank Denis
5f39c3ce09 Don't force include the suite ID in tags 2020-03-31 14:33:40 +02:00
Frank Denis
89eb497efa Handle oversized contexts 2020-03-31 14:16:16 +02:00
Frank Denis
c8d604e1f1 Add test vectors for the string to curve operation 2020-03-31 13:40:42 +02:00
Frank Denis
728b26c2c1 Remove edwards25519sha512batch 
Tagged as deprecated for years, never imported by `<sodium.h>`, and
intentionally never documented.

`edwards25519sha512batch` was just around for ABI compatibility
with NaCl, but no projects seem to be using it.
 2020-03-31 12:11:32 +02:00
Frank Denis
ac48996492 Remove crypto_core_ed25519_from_hash() 
Undocumented, was deprecated for a while in stable versions,
obsoleted by `_from_string()` and `from_string_ro()`.
 2020-03-31 12:04:47 +02:00
Frank Denis
5fdd12fa97 Add crypto_core_ed25519_from_string() and crypto_core_ed25519_from_string_ro() 2020-03-30 17:19:36 +02:00
Frank Denis
f2015a7aad Add a test 2020-03-30 12:25:25 +02:00
Frank Denis
eab70f79c0 Add HKDF/SHA-512 and HKDF/SHA-256 2020-03-28 21:35:54 +01:00
Frank Denis
6a7fbccfd8 Remove sandy2x fixed base scalar multiplication 
Thanks to precomputation, the generic implementation is faster.
 2020-02-06 00:34:08 +01:00
Frank Denis
d227affc63 Add wasm3 to the set of supported WebAssembly runtimes 2020-02-04 19:52:25 +01:00
Frank Denis
89f3a09737 Temporarily remove support for Lucet 
Lucet doesn't work on MacOS any more, so testing it has become difficult.
 2020-02-04 19:27:09 +01:00
Frank Denis
65621a1059 Add support for node via wasmer-js 
V8 doesn't seem to be currently willing to load the metamorphic test.
 2019-11-05 02:08:15 +01:00
Frank Denis
c8b6906c60 has_armcrypto_aes -> has_armcrypto 2019-10-23 19:07:33 +02:00
Frank Denis
acaed459ce Add ARM NEON and AES runtime checks 2019-10-22 22:51:58 +02:00
Frank Denis
c9e95c59bd Run wasm-opt -O4 2019-10-22 17:16:54 +02:00
Frank Denis
b40674e29a Add support for WAVM as a WebAssembly runtime 2019-10-22 08:59:24 +02:00
Frank Denis
c638d25583 Try Lucet as a last option, after wasmer, due to its unstable interface 2019-10-11 17:31:57 +02:00
Frank Denis
da75f6824b Lucet removed the "fast" optimization level 
We may drop Lucet support entirely until the interface gets more stable
 2019-10-11 16:33:36 +02:00
Adrien Gallouët
019db2bc84 Make room for several secretstream 
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
 2019-09-16 15:38:38 +00:00
Frank Denis
eb96e7ecda WASI can't read its own writes without an explicit fflush() 2019-09-13 11:16:58 +02:00
Adrien Gallouët
0a31dd5a31 aegis256: Support mac verification when m is NULL 
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
 2019-09-12 21:11:07 +00:00
Frank Denis
a59e1f8b54 aegis256: update MSVC solutions, .gitignore, exported emscripten symbols 
and the global list of symbols
 2019-09-12 22:10:07 +02:00
Frank Denis
88717d995b Indent 2019-09-12 20:28:54 +02:00
Adrien Gallouët
3c14a1581c Add tests for AEGIS-256 
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
 2019-09-12 14:42:19 +00:00
Frank Denis
aaaaf7b8b8 Units are not required any more for Lucet 2019-07-23 22:23:50 +02:00
Frank Denis
55a81d9460 lucetc-wasi requires units with --max-heap-size 2019-07-09 20:41:34 +02:00
Frank Denis
e97760ad68 shielding requires memory protection 2019-07-09 20:29:36 +02:00
Frank Denis
61992a838d Register new symbols 2019-06-22 17:06:18 +02:00
Frank Denis
bfeca0eb73 Implement key shielding to protect against side channels 
We may want to fold this into `sodium_mprotect_*()` instead of
exposing these functions.

The drawback is that a transition from PROT_NONE to PROT_READ
(or the other way round) would need an intermediary state in PROT_WRITE
for shielding/unshielding.

Shielding is also not thread-safe, while the `mprotect_*()` functions
are, and adding locks would make things more complicated than they
probably should.
 2019-06-22 14:56:16 +02:00
Frank Denis
60f4bc8212 getconf(1) may not be available 2019-06-11 00:17:19 +02:00
Frank Denis
2dd3b91628 Try to rename internal symbols that were visible in static libraries 
Fixes #839
 2019-06-10 23:08:21 +02:00
Frank Denis
922e91a7bf lucetc will eventually use --opt-level fast instead of --opt-level best 2019-05-30 20:30:45 +02:00
Frank Denis
af6df5f4a5 Revert "Limit resources when running tests" 
This reverts commit 9567bbe65f.
 2019-05-23 00:38:14 +02:00
Frank Denis
76ac6ef605 Remove an unreliable scrypt test 
Fixes #837
 2019-05-21 13:14:06 +02:00
Frank Denis
91c98bad15 lucet seems to accept sizes without a suffix 2019-05-21 11:22:49 +02:00
Frank Denis
06f331d153 Use the same memory limit everywhere 2019-05-21 11:12:07 +02:00
Frank Denis
9567bbe65f Limit resources when running tests 
The default memory limit matches the limit already used when running
the javascript and webassembly tests.

Original diff by @pilou-

Fixes #837
 2019-05-21 10:52:01 +02:00
Frank Denis
6d9e2f0c84 More tests 2019-05-06 13:02:20 +02:00
Frank Denis
011343e88c More tests 2019-05-06 12:48:02 +02:00
Frank Denis
12277ee6b5 More tests 2019-05-06 12:40:21 +02:00
Frank Denis
06e4a485c4 More tests 2019-05-06 11:40:57 +02:00
Frank Denis
ffdaf6d16b aead_xchacha20poly1305_ietf_decrypt(): add a test with a NULL message 2019-05-06 11:15:11 +02:00
Frank Denis
4b7e497a92 Revert "Postpone from_hash()" 
Use proper reduction, and don't mask the high bit, so that
H2C-Curve25519-SHA512-Elligator-Clear can be implemented if required
 2019-05-02 13:51:12 +02:00
Frank Denis
56d93ffe62 Lucet now has a --reserved-size knob 2019-05-02 10:16:21 +02:00
Frank Denis
ab1e720a30 Postpone from_hash() 2019-05-02 10:12:12 +02:00
Frank Denis
24c54073a8 Add core_ed25519_from_hash() and core_{ed25519, ristretto255}_random() 2019-05-02 00:51:17 +02:00
Frank Denis
689407c36d Rename ristretto_from_uniform() to ristretto_from_hash() 2019-05-01 19:56:08 +02:00
Frank Denis
cec56d867f Lucet: set min-reserved-size to the same value as max-heap-size 
If <min-reserved-size> is less than <max-heap-size>, the code will
still assume that only <min-reserved-size> bytes are accessible and
will trap even if the runtime could allocate more..

So, `max` should always be <= `min`. Naming options is hard.
 2019-04-23 14:57:07 +02:00
Frank Denis
e7942ad150 Make the stream and stream2 test object code 1000x smaller 2019-04-23 09:57:36 +02:00
Frank Denis
3fde7349e1 Clarify that --min-reserved-size surprisingly sets the max memory 2019-04-23 03:14:19 +02:00
Frank Denis
05c86927f4 Remove temporary files 2019-04-23 02:02:19 +02:00
Frank Denis
fbe5d52a81 Spaces 2019-04-23 01:24:12 +02:00
Frank Denis
ff88392d8c Make the WASI backend configurable 2019-04-23 01:23:41 +02:00
Frank Denis
2277e7f4f0 Lucet requires --min-reserved-size or tests with large allocations will fail 2019-04-23 01:13:25 +02:00
Frank Denis
e38128998b lucet --dir=.:. works 
Current WebAssembly runtimes status:

- wasmtime: no tests are failing.
- wasmer: 3 tests are failing:
  sodium_core, sodium_utils2, sodium_utils3
- lucet: 8 tests are failing:
  core3, pwhash_argon2i, pwhash_argon2id, secretstream, stream, stream2,
  pwhash_scrypt, pwhash_scrypt_ll
 2019-04-23 00:47:43 +02:00
Frank Denis
7993e35227 Try wasmer and lucet as alternatives to wasmtime 
However:
- wasmer seems to have issues with signals, causing some tests to fail
- lucet's --dir option doesn't seem to work with relative paths

These are temporary limitations, that are likely to be fixed soon.
 2019-04-22 23:57:00 +02:00
Frank Denis
3d6151ae62 constcheck: ignore deprecated declarations 2019-04-22 19:49:18 +02:00
Frank Denis
22c289d195 Ensure that we use non-zero random scalars for inversion 2019-04-15 10:18:15 +02:00
Frank Denis
db6f43d25e Add crypto_core_{ed25519,ristretto255}_scalar_mul 2019-04-15 10:12:19 +02:00
Frank Denis
2d87abe21a Use the correct constant for the buffer lengths in scalar tests 2019-04-15 09:44:32 +02:00
Frank Denis
a7ebe2856f Turn on wasmtime optimizations 2019-04-09 15:48:23 +02:00
Frank Denis
aaa9d0d940 Include wasi-test-wrapper.sh in dist builds 2019-04-09 12:09:16 +02:00
Frank Denis
449e6d12b9 Don't forget to free() r_inv in the core_ristretto255 test 2019-04-08 23:12:55 +02:00
Frank Denis
9dbf03c115 Run the WASI checks using wasmtime 2019-04-08 21:45:08 +02:00
Frank Denis
8745c85114 First step towards WASI support 2019-04-08 20:47:33 +02:00
Frank Denis
6a83cd05ec Be positive 2019-03-21 09:27:55 +01:00
Frank Denis
773a94d70b Just use some test vectors around the counter overflow 2019-03-21 03:08:40 +01:00
Frank Denis
9218397375 Remove useless tests, add more meaningful ones. 2019-03-21 02:04:09 +01:00
Frank Denis
b579de9ac7 Additional salsa20 tests 2019-03-21 01:15:13 +01:00
Frank Denis
e1abc1de7e Rename randombytes_salsa20 to randombytes_internal and switch to ChaCha20 2019-03-17 19:25:32 +01:00
Frank Denis
1e847cc60b More tests 2019-02-18 11:10:51 +01:00
Frank Denis
db0319fb8e Initial support for ristretto255 2019-02-18 00:56:48 +01:00
Frank Denis
e6aa7e1da4 The time has come to remove support for (p)nacl 2019-02-14 14:41:09 +01:00
Frank Denis
83a873ea1b Fix tests, use guard page instead of NULL because of Wasm 2019-02-09 20:47:24 +01:00
Ilya Maykov
6934a8d0c8 Relax most __attribute__ ((nonnull)) to allow 0-length inputs to be NULL. 
Justifications:
- crypto_(auth|hash|generichash|onetimeauth|shorthash)*:
  it's legal to hash or HMAC a 0-length message
- crypto_box*: it's legal to encrypt a 0-length message
- crypto_sign*: it's legal to sign a 0-length message
- utils:
  comparing two 0-length byte arrays is legal
  memzero on a 0-length byte array is a no-op
  converting an empty hex string to binary results in an empty binary string
  converting an empty binary string to hex results in an empty hex string
  converting an empty b64 string to binary results in an empty binary string
  converting an empty binary string to b64 results in an empty b64 string
  sodium_add / sodium_sub on zero-length arrays is a no-op

For the functions declared in utils.h, I moved the logic into private functions that
have the __attribute__ ((nonnull)) check, but they are only called when the
corresponding length argument is non-0. I didn't do this for the hash/box/sign
functions since it would have been a lot more work and quite a large refactor.
 2019-02-09 20:26:10 +01:00
Frank Denis
0cdf963799 Add another test 2019-01-05 23:11:02 +01:00
Frank Denis
909983a9d2 Avoid memory leak and overflow in addition test 2019-01-05 23:08:03 +01:00
Frank Denis
d4eec69ef1 More tests 2019-01-05 21:17:48 +01:00
Frank Denis
0205a8035e More tests 2019-01-05 20:56:22 +01:00
Frank Denis
7ac557498f C++ compat 2019-01-03 09:49:33 +01:00
Frank Denis
bdfda5dc83 Nits 2019-01-02 16:14:15 +01:00
Frank Denis
d333f509a2 Add a test for sodium_sub() 2019-01-02 15:32:59 +01:00
Frank Denis
1542d473da Add crypto_core_ed25519_scalar_complement(), _negate(), _add(), _sub() 2018-12-30 01:48:58 +01:00
Frank Denis
cff3d7f6c7 Remove unused variables 2018-12-29 16:42:09 +01:00
Frank Denis
cce84d05b2 Use unsigned indices 2018-12-26 18:39:07 +01:00
Frank Denis
d3976446a0 ED25519_NONDETERMINISTIC: derive keys from the seed the same way 
as when ED25519_NONDETERMINISTIC is not defined
 2018-12-25 13:25:57 +01:00