kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-20 02:25:14 -07:00
Code Releases Wiki Activity
4,222 Commits 7 Branches 36 Tags 16 MiB
baa75cd1b8
Commit Graph

744 Commits

Author SHA1 Message Date
Frank Denis
4020f76a5f Put <meta> tag outside <style> 
Fixes https://github.com/jedisct1/libsodium.js/pull/267
 2021-02-07 13:58:23 +01:00
Frank Denis
e4206f1337 Change crypto_core_ed25519_from_string() to accept a hash function 2021-01-24 19:21:07 +01:00
Frank Denis
e0629769d3 Move the H2C string->hash functions to their own files 2021-01-24 18:45:14 +01:00
Frank Denis
a424d6026d Update global symbols 2021-01-23 22:32:09 +01:00
Frank Denis
611e1a0bc1 Typo (risretto -> ristretto) 
Fixes #1014
 2020-12-10 22:17:06 +01:00
Frank Denis
b02dbf2519 Register _crypto_core_ristretto255_from_string_ro 2020-10-13 16:36:14 +02:00
Frank Denis
e945207b77 Remove unused variable in tests 
Fixes #998
 2020-09-29 11:05:31 +02:00
Frank Denis
d8f512bfaa box_seal test: don't check empty messages 
Fixes #974
 2020-07-01 23:34:34 +02:00
Frank Denis
a8fa837aac Don't even include signal.h on WASI 
Since version 11, wasi-sysroot doesn't ignore it but spits out
an error instead.
 2020-06-04 10:54:53 +02:00
Frank Denis
039da3af81 Typo 2020-06-02 16:57:08 +02:00
Frank Denis
1fae7383ce Update H2C test vectors 2020-06-02 16:45:51 +02:00
Frank Denis
214076fc09 Replace the multiplication by the group order with an addition chain. 
Rename ge25519_{add,sub,madd,msub} for clarity.
 2020-05-25 23:54:43 +02:00
Frank Denis
1127c43278 Add extra box_seal() tests 2020-05-21 18:38:55 +02:00
Frank Denis
c3ca08913c Add AEGIS-128L for no good reasons 2020-05-19 15:36:22 +02:00
Frank Denis
6a1fae4b25 Add some field arithmetic tests for edge cases 2020-05-14 12:33:49 +02:00
Frank Denis
c2efce113d Add crypto_core_{ed25519,ristretto255}_scalar_is_canonical() 2020-05-13 22:59:08 +02:00
Frank Denis
f23c932d74 H2C: change sign computation for Ell2 to match BHKL13 
https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/pull/250
 2020-05-12 16:33:13 +02:00
Frank Denis
67a9e79655 Remove memory shielding 
That was a great idea to protect against information leak through
speculative loads.

Realistically, nobody is going to use this.
 2020-05-10 21:05:24 +02:00
Frank Denis
26a7c82033 Simplify scalarmult{2,5} tests 2020-04-26 20:06:51 +02:00
Frank Denis
7e2755166a Add a scalarmult test to show that the high bit is ignored 2020-04-26 20:00:49 +02:00
Frank Denis
fe4571516f One more test vector cannot hurt 2020-04-25 12:26:06 +02:00
Frank Denis
29f098d237 Revert "Add the BlaBla2000 stream cipher - will eventually become the default" 
This reverts commit a31fe2a966.
 2020-04-21 13:35:29 +02:00
Emil Bay
f7137448dc
fix crypto_stream_chacha20_ietf tests (#946) 2020-04-17 11:00:44 +02:00
Frank Denis
d01c49df02 H2C: convert DST encoding to suffix free 
https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/pull/241
 2020-04-10 09:48:26 +02:00
Frank Denis
a31fe2a966 Add the BlaBla2000 stream cipher - will eventually become the default 
2000 rounds variant of the BlaBla20 cipher
for Very Post Quantum (VPQ) security.
 2020-03-31 21:42:54 +02:00
Frank Denis
0cabff7a0a Move HKDF test to its own file 2020-03-31 17:42:42 +02:00
Frank Denis
35206861b5 Skip HKDF test on minimal builds 2020-03-31 17:26:17 +02:00
Frank Denis
d9844396e3 Fix and add HKDF tests 2020-03-31 17:14:04 +02:00
Frank Denis
192d4b2a5e C++ compat 2020-03-31 15:23:11 +02:00
Frank Denis
5f39c3ce09 Don't force include the suite ID in tags 2020-03-31 14:33:40 +02:00
Frank Denis
89eb497efa Handle oversized contexts 2020-03-31 14:16:16 +02:00
Frank Denis
c8d604e1f1 Add test vectors for the string to curve operation 2020-03-31 13:40:42 +02:00
Frank Denis
728b26c2c1 Remove edwards25519sha512batch 
Tagged as deprecated for years, never imported by `<sodium.h>`, and
intentionally never documented.

`edwards25519sha512batch` was just around for ABI compatibility
with NaCl, but no projects seem to be using it.
 2020-03-31 12:11:32 +02:00
Frank Denis
ac48996492 Remove crypto_core_ed25519_from_hash() 
Undocumented, was deprecated for a while in stable versions,
obsoleted by `_from_string()` and `from_string_ro()`.
 2020-03-31 12:04:47 +02:00
Frank Denis
5fdd12fa97 Add crypto_core_ed25519_from_string() and crypto_core_ed25519_from_string_ro() 2020-03-30 17:19:36 +02:00
Frank Denis
f2015a7aad Add a test 2020-03-30 12:25:25 +02:00
Frank Denis
eab70f79c0 Add HKDF/SHA-512 and HKDF/SHA-256 2020-03-28 21:35:54 +01:00
Frank Denis
6a7fbccfd8 Remove sandy2x fixed base scalar multiplication 
Thanks to precomputation, the generic implementation is faster.
 2020-02-06 00:34:08 +01:00
Frank Denis
d227affc63 Add wasm3 to the set of supported WebAssembly runtimes 2020-02-04 19:52:25 +01:00
Frank Denis
89f3a09737 Temporarily remove support for Lucet 
Lucet doesn't work on MacOS any more, so testing it has become difficult.
 2020-02-04 19:27:09 +01:00
Frank Denis
65621a1059 Add support for node via wasmer-js 
V8 doesn't seem to be currently willing to load the metamorphic test.
 2019-11-05 02:08:15 +01:00
Frank Denis
c8b6906c60 has_armcrypto_aes -> has_armcrypto 2019-10-23 19:07:33 +02:00
Frank Denis
acaed459ce Add ARM NEON and AES runtime checks 2019-10-22 22:51:58 +02:00
Frank Denis
c9e95c59bd Run wasm-opt -O4 2019-10-22 17:16:54 +02:00
Frank Denis
b40674e29a Add support for WAVM as a WebAssembly runtime 2019-10-22 08:59:24 +02:00
Frank Denis
c638d25583 Try Lucet as a last option, after wasmer, due to its unstable interface 2019-10-11 17:31:57 +02:00
Frank Denis
da75f6824b Lucet removed the "fast" optimization level 
We may drop Lucet support entirely until the interface gets more stable
 2019-10-11 16:33:36 +02:00
Adrien Gallouët
019db2bc84 Make room for several secretstream 
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
 2019-09-16 15:38:38 +00:00
Frank Denis
eb96e7ecda WASI can't read its own writes without an explicit fflush() 2019-09-13 11:16:58 +02:00
Adrien Gallouët
0a31dd5a31 aegis256: Support mac verification when m is NULL 
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
 2019-09-12 21:11:07 +00:00
Frank Denis
a59e1f8b54 aegis256: update MSVC solutions, .gitignore, exported emscripten symbols 
and the global list of symbols
 2019-09-12 22:10:07 +02:00
Frank Denis
88717d995b Indent 2019-09-12 20:28:54 +02:00
Adrien Gallouët
3c14a1581c Add tests for AEGIS-256 
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
 2019-09-12 14:42:19 +00:00
Frank Denis
aaaaf7b8b8 Units are not required any more for Lucet 2019-07-23 22:23:50 +02:00
Frank Denis
55a81d9460 lucetc-wasi requires units with --max-heap-size 2019-07-09 20:41:34 +02:00
Frank Denis
e97760ad68 shielding requires memory protection 2019-07-09 20:29:36 +02:00
Frank Denis
61992a838d Register new symbols 2019-06-22 17:06:18 +02:00
Frank Denis
bfeca0eb73 Implement key shielding to protect against side channels 
We may want to fold this into `sodium_mprotect_*()` instead of
exposing these functions.

The drawback is that a transition from PROT_NONE to PROT_READ
(or the other way round) would need an intermediary state in PROT_WRITE
for shielding/unshielding.

Shielding is also not thread-safe, while the `mprotect_*()` functions
are, and adding locks would make things more complicated than they
probably should.
 2019-06-22 14:56:16 +02:00
Frank Denis
60f4bc8212 getconf(1) may not be available 2019-06-11 00:17:19 +02:00
Frank Denis
2dd3b91628 Try to rename internal symbols that were visible in static libraries 
Fixes #839
 2019-06-10 23:08:21 +02:00
Frank Denis
922e91a7bf lucetc will eventually use --opt-level fast instead of --opt-level best 2019-05-30 20:30:45 +02:00
Frank Denis
af6df5f4a5 Revert "Limit resources when running tests" 
This reverts commit 9567bbe65f.
 2019-05-23 00:38:14 +02:00
Frank Denis
76ac6ef605 Remove an unreliable scrypt test 
Fixes #837
 2019-05-21 13:14:06 +02:00
Frank Denis
91c98bad15 lucet seems to accept sizes without a suffix 2019-05-21 11:22:49 +02:00
Frank Denis
06f331d153 Use the same memory limit everywhere 2019-05-21 11:12:07 +02:00
Frank Denis
9567bbe65f Limit resources when running tests 
The default memory limit matches the limit already used when running
the javascript and webassembly tests.

Original diff by @pilou-

Fixes #837
 2019-05-21 10:52:01 +02:00
Frank Denis
6d9e2f0c84 More tests 2019-05-06 13:02:20 +02:00
Frank Denis
011343e88c More tests 2019-05-06 12:48:02 +02:00
Frank Denis
12277ee6b5 More tests 2019-05-06 12:40:21 +02:00
Frank Denis
06e4a485c4 More tests 2019-05-06 11:40:57 +02:00
Frank Denis
ffdaf6d16b aead_xchacha20poly1305_ietf_decrypt(): add a test with a NULL message 2019-05-06 11:15:11 +02:00
Frank Denis
4b7e497a92 Revert "Postpone from_hash()" 
Use proper reduction, and don't mask the high bit, so that
H2C-Curve25519-SHA512-Elligator-Clear can be implemented if required
 2019-05-02 13:51:12 +02:00
Frank Denis
56d93ffe62 Lucet now has a --reserved-size knob 2019-05-02 10:16:21 +02:00
Frank Denis
ab1e720a30 Postpone from_hash() 2019-05-02 10:12:12 +02:00
Frank Denis
24c54073a8 Add core_ed25519_from_hash() and core_{ed25519, ristretto255}_random() 2019-05-02 00:51:17 +02:00
Frank Denis
689407c36d Rename ristretto_from_uniform() to ristretto_from_hash() 2019-05-01 19:56:08 +02:00
Frank Denis
cec56d867f Lucet: set min-reserved-size to the same value as max-heap-size 
If <min-reserved-size> is less than <max-heap-size>, the code will
still assume that only <min-reserved-size> bytes are accessible and
will trap even if the runtime could allocate more..

So, `max` should always be <= `min`. Naming options is hard.
 2019-04-23 14:57:07 +02:00
Frank Denis
e7942ad150 Make the stream and stream2 test object code 1000x smaller 2019-04-23 09:57:36 +02:00
Frank Denis
3fde7349e1 Clarify that --min-reserved-size surprisingly sets the max memory 2019-04-23 03:14:19 +02:00
Frank Denis
05c86927f4 Remove temporary files 2019-04-23 02:02:19 +02:00
Frank Denis
fbe5d52a81 Spaces 2019-04-23 01:24:12 +02:00
Frank Denis
ff88392d8c Make the WASI backend configurable 2019-04-23 01:23:41 +02:00
Frank Denis
2277e7f4f0 Lucet requires --min-reserved-size or tests with large allocations will fail 2019-04-23 01:13:25 +02:00
Frank Denis
e38128998b lucet --dir=.:. works 
Current WebAssembly runtimes status:

- wasmtime: no tests are failing.
- wasmer: 3 tests are failing:
  sodium_core, sodium_utils2, sodium_utils3
- lucet: 8 tests are failing:
  core3, pwhash_argon2i, pwhash_argon2id, secretstream, stream, stream2,
  pwhash_scrypt, pwhash_scrypt_ll
 2019-04-23 00:47:43 +02:00
Frank Denis
7993e35227 Try wasmer and lucet as alternatives to wasmtime 
However:
- wasmer seems to have issues with signals, causing some tests to fail
- lucet's --dir option doesn't seem to work with relative paths

These are temporary limitations, that are likely to be fixed soon.
 2019-04-22 23:57:00 +02:00
Frank Denis
3d6151ae62 constcheck: ignore deprecated declarations 2019-04-22 19:49:18 +02:00
Frank Denis
22c289d195 Ensure that we use non-zero random scalars for inversion 2019-04-15 10:18:15 +02:00
Frank Denis
db6f43d25e Add crypto_core_{ed25519,ristretto255}_scalar_mul 2019-04-15 10:12:19 +02:00
Frank Denis
2d87abe21a Use the correct constant for the buffer lengths in scalar tests 2019-04-15 09:44:32 +02:00
Frank Denis
a7ebe2856f Turn on wasmtime optimizations 2019-04-09 15:48:23 +02:00
Frank Denis
aaa9d0d940 Include wasi-test-wrapper.sh in dist builds 2019-04-09 12:09:16 +02:00
Frank Denis
449e6d12b9 Don't forget to free() r_inv in the core_ristretto255 test 2019-04-08 23:12:55 +02:00
Frank Denis
9dbf03c115 Run the WASI checks using wasmtime 2019-04-08 21:45:08 +02:00
Frank Denis
8745c85114 First step towards WASI support 2019-04-08 20:47:33 +02:00
Frank Denis
6a83cd05ec Be positive 2019-03-21 09:27:55 +01:00
Frank Denis
773a94d70b Just use some test vectors around the counter overflow 2019-03-21 03:08:40 +01:00
Frank Denis
9218397375 Remove useless tests, add more meaningful ones. 2019-03-21 02:04:09 +01:00
Frank Denis
b579de9ac7 Additional salsa20 tests 2019-03-21 01:15:13 +01:00
Frank Denis
e1abc1de7e Rename randombytes_salsa20 to randombytes_internal and switch to ChaCha20 2019-03-17 19:25:32 +01:00
Frank Denis
1e847cc60b More tests 2019-02-18 11:10:51 +01:00