kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-19 18:15:18 -07:00
Code Releases Wiki Activity
4,135 Commits 7 Branches 36 Tags 16 MiB
badf9cb4be
Commit Graph

724 Commits

Author SHA1 Message Date
Frank Denis
ffdaf6d16b aead_xchacha20poly1305_ietf_decrypt(): add a test with a NULL message 2019-05-06 11:15:11 +02:00
Frank Denis
4b7e497a92 Revert "Postpone from_hash()" 
Use proper reduction, and don't mask the high bit, so that
H2C-Curve25519-SHA512-Elligator-Clear can be implemented if required
 2019-05-02 13:51:12 +02:00
Frank Denis
56d93ffe62 Lucet now has a --reserved-size knob 2019-05-02 10:16:21 +02:00
Frank Denis
ab1e720a30 Postpone from_hash() 2019-05-02 10:12:12 +02:00
Frank Denis
24c54073a8 Add core_ed25519_from_hash() and core_{ed25519, ristretto255}_random() 2019-05-02 00:51:17 +02:00
Frank Denis
689407c36d Rename ristretto_from_uniform() to ristretto_from_hash() 2019-05-01 19:56:08 +02:00
Frank Denis
cec56d867f Lucet: set min-reserved-size to the same value as max-heap-size 
If <min-reserved-size> is less than <max-heap-size>, the code will
still assume that only <min-reserved-size> bytes are accessible and
will trap even if the runtime could allocate more..

So, `max` should always be <= `min`. Naming options is hard.
 2019-04-23 14:57:07 +02:00
Frank Denis
e7942ad150 Make the stream and stream2 test object code 1000x smaller 2019-04-23 09:57:36 +02:00
Frank Denis
3fde7349e1 Clarify that --min-reserved-size surprisingly sets the max memory 2019-04-23 03:14:19 +02:00
Frank Denis
05c86927f4 Remove temporary files 2019-04-23 02:02:19 +02:00
Frank Denis
fbe5d52a81 Spaces 2019-04-23 01:24:12 +02:00
Frank Denis
ff88392d8c Make the WASI backend configurable 2019-04-23 01:23:41 +02:00
Frank Denis
2277e7f4f0 Lucet requires --min-reserved-size or tests with large allocations will fail 2019-04-23 01:13:25 +02:00
Frank Denis
e38128998b lucet --dir=.:. works 
Current WebAssembly runtimes status:

- wasmtime: no tests are failing.
- wasmer: 3 tests are failing:
  sodium_core, sodium_utils2, sodium_utils3
- lucet: 8 tests are failing:
  core3, pwhash_argon2i, pwhash_argon2id, secretstream, stream, stream2,
  pwhash_scrypt, pwhash_scrypt_ll
 2019-04-23 00:47:43 +02:00
Frank Denis
7993e35227 Try wasmer and lucet as alternatives to wasmtime 
However:
- wasmer seems to have issues with signals, causing some tests to fail
- lucet's --dir option doesn't seem to work with relative paths

These are temporary limitations, that are likely to be fixed soon.
 2019-04-22 23:57:00 +02:00
Frank Denis
3d6151ae62 constcheck: ignore deprecated declarations 2019-04-22 19:49:18 +02:00
Frank Denis
22c289d195 Ensure that we use non-zero random scalars for inversion 2019-04-15 10:18:15 +02:00
Frank Denis
db6f43d25e Add crypto_core_{ed25519,ristretto255}_scalar_mul 2019-04-15 10:12:19 +02:00
Frank Denis
2d87abe21a Use the correct constant for the buffer lengths in scalar tests 2019-04-15 09:44:32 +02:00
Frank Denis
a7ebe2856f Turn on wasmtime optimizations 2019-04-09 15:48:23 +02:00
Frank Denis
aaa9d0d940 Include wasi-test-wrapper.sh in dist builds 2019-04-09 12:09:16 +02:00
Frank Denis
449e6d12b9 Don't forget to free() r_inv in the core_ristretto255 test 2019-04-08 23:12:55 +02:00
Frank Denis
9dbf03c115 Run the WASI checks using wasmtime 2019-04-08 21:45:08 +02:00
Frank Denis
8745c85114 First step towards WASI support 2019-04-08 20:47:33 +02:00
Frank Denis
6a83cd05ec Be positive 2019-03-21 09:27:55 +01:00
Frank Denis
773a94d70b Just use some test vectors around the counter overflow 2019-03-21 03:08:40 +01:00
Frank Denis
9218397375 Remove useless tests, add more meaningful ones. 2019-03-21 02:04:09 +01:00
Frank Denis
b579de9ac7 Additional salsa20 tests 2019-03-21 01:15:13 +01:00
Frank Denis
e1abc1de7e Rename randombytes_salsa20 to randombytes_internal and switch to ChaCha20 2019-03-17 19:25:32 +01:00
Frank Denis
1e847cc60b More tests 2019-02-18 11:10:51 +01:00
Frank Denis
db0319fb8e Initial support for ristretto255 2019-02-18 00:56:48 +01:00
Frank Denis
e6aa7e1da4 The time has come to remove support for (p)nacl 2019-02-14 14:41:09 +01:00
Frank Denis
83a873ea1b Fix tests, use guard page instead of NULL because of Wasm 2019-02-09 20:47:24 +01:00
Ilya Maykov
6934a8d0c8 Relax most __attribute__ ((nonnull)) to allow 0-length inputs to be NULL. 
Justifications:
- crypto_(auth|hash|generichash|onetimeauth|shorthash)*:
  it's legal to hash or HMAC a 0-length message
- crypto_box*: it's legal to encrypt a 0-length message
- crypto_sign*: it's legal to sign a 0-length message
- utils:
  comparing two 0-length byte arrays is legal
  memzero on a 0-length byte array is a no-op
  converting an empty hex string to binary results in an empty binary string
  converting an empty binary string to hex results in an empty hex string
  converting an empty b64 string to binary results in an empty binary string
  converting an empty binary string to b64 results in an empty b64 string
  sodium_add / sodium_sub on zero-length arrays is a no-op

For the functions declared in utils.h, I moved the logic into private functions that
have the __attribute__ ((nonnull)) check, but they are only called when the
corresponding length argument is non-0. I didn't do this for the hash/box/sign
functions since it would have been a lot more work and quite a large refactor.
 2019-02-09 20:26:10 +01:00
Frank Denis
0cdf963799 Add another test 2019-01-05 23:11:02 +01:00
Frank Denis
909983a9d2 Avoid memory leak and overflow in addition test 2019-01-05 23:08:03 +01:00
Frank Denis
d4eec69ef1 More tests 2019-01-05 21:17:48 +01:00
Frank Denis
0205a8035e More tests 2019-01-05 20:56:22 +01:00
Frank Denis
7ac557498f C++ compat 2019-01-03 09:49:33 +01:00
Frank Denis
bdfda5dc83 Nits 2019-01-02 16:14:15 +01:00
Frank Denis
d333f509a2 Add a test for sodium_sub() 2019-01-02 15:32:59 +01:00
Frank Denis
1542d473da Add crypto_core_ed25519_scalar_complement(), _negate(), _add(), _sub() 2018-12-30 01:48:58 +01:00
Frank Denis
cff3d7f6c7 Remove unused variables 2018-12-29 16:42:09 +01:00
Frank Denis
cce84d05b2 Use unsigned indices 2018-12-26 18:39:07 +01:00
Frank Denis
d3976446a0 ED25519_NONDETERMINISTIC: derive keys from the seed the same way 
as when ED25519_NONDETERMINISTIC is not defined
 2018-12-25 13:25:57 +01:00
Frank Denis
59bd82edab Add a crypto_core_ed25519_NONREDUCEDSCALARBYTES constant 
and reject 0 in crypto_core_ed25519_random()
 2018-12-24 17:26:38 +01:00
Frank Denis
8dd554d2c4 Leverage sodium_add() 2018-12-24 15:25:34 +01:00
Frank Denis
902f0997c0 Add a test for scalar_reduce() 2018-12-24 15:24:04 +01:00
Frank Denis
34e787030f Use a guard page instead of NULL for opt arguments in tests 2018-12-24 15:02:59 +01:00
Frank Denis
63573bb98c Add crypto_core_ed25519_scalar_random() 2018-12-23 12:32:07 +01:00
Frank Denis
6fa0220302 Export crypto_core_ed25519_scalar_reduce, add tests 2018-12-23 02:56:11 +01:00
Frank Denis
b6051b7ee2 Add tests for unclamped scalars 2018-12-18 23:11:15 +01:00
Frank Denis
cf217e3dfc Call misuse() if we ask too much data from the IETF variant of ChaCha20 
Fix #753
 2018-09-08 02:12:23 +02:00
Frank Denis
69a5643477 Add chacha20-poly1305 test from Project Wycheproof 2018-09-04 15:44:42 +02:00
Frank Denis
cb22446db1 Add aes256gcm tests from project wycheproof 2018-08-30 09:51:28 +02:00
Frank Denis
cdc4822c92 Remove unneeded trailing commas 2018-08-30 09:26:16 +02:00
Frank Denis
f8377e9818 Add x25519 test vectors from project wycheproof 2018-08-29 15:08:26 +02:00
Jakob Rieck
543b5ad068 Fixes padding for blocksizes > 256 2018-08-27 11:42:49 +02:00
Frank Denis
ccb2390e9c xchacha20 test: initialize the full nonce 
Spotted by @FiloSottile, thanks!

Fixes #742
 2018-08-03 23:23:53 +02:00
Frank Denis
415f079692 zap trailing spaces 2018-04-29 17:49:01 +02:00
Emil Bay
2ad8162218
Missing test for abytes 2018-04-12 17:24:10 +02:00
Frank Denis
6a60818982 C++ compat 2017-12-21 22:35:02 +01:00
Frank Denis
8a2833f01a Remove the dummy FS call from the Javascript tests 2017-12-21 21:37:02 +01:00
Frank Denis
72ab8739a2 Javascript tests: don't call FS.*() if the filesystem module is not present 2017-12-21 21:36:56 +01:00
Frank Denis
bd631649c1 Emscripten: run the tests in benchmark mode 2017-12-21 18:52:59 +01:00
Frank Denis
d7f8f6bc80 Static 2017-12-21 18:47:43 +01:00
Frank Denis
0187ba70ad Require the generichash state to be aligned 
Alignment is already required by other functions anyway.
 2017-12-21 18:21:43 +01:00
Frank Denis
1e7839a90c Lift alignment requirements in crypto_generichash() 2017-12-21 18:14:17 +01:00
Frank Denis
dce1614eee Use default randombytes implementation for tests on emscripten 2017-12-21 02:02:39 +01:00
Frank Denis
13201046e6 emscripten: stick to the unique randombytes implementation 2017-12-21 00:32:42 +01:00
Frank Denis
69642f0409 Undefine printf if required 2017-12-16 21:01:23 +01:00
Frank Denis
bfc8ec1248 Add a memleak checker to the benchmark code 
Plug the leaks it surfaced in pwhash_argon2* tests
 2017-12-16 14:51:11 +01:00
Frank Denis
b84e4b9ddf Add missing sodium_free() calls in the kdf test 2017-12-16 14:31:01 +01:00
Frank Denis
99fe302562 Make things more explicit 2017-12-16 13:12:07 +01:00
Frank Denis
b6dab1029d Sort 2017-12-16 13:08:55 +01:00
Frank Denis
31b13ada14 + #include <limits.h> 2017-12-16 13:08:34 +01:00
Frank Denis
18d5940bc6 Use a simple memory pool for benchmarks 
In the test suite, a significant amount of time is spent in memory
allocations. A memory pool helps achieve more relevant results with
less iterations.
 2017-12-16 13:07:15 +01:00
Frank Denis
ac8dffbecb Return -1 if the scalar is 0 in crypto_scalarmult_ed25519() 
For consistency with _base()
 2017-12-12 14:35:08 +01:00
Frank Denis
21c1a3160c Remove tests for deprecated functions 2017-12-11 23:22:34 +01:00
Frank Denis
cf59e049e7 Check reduced-round salsa variants in non-minimal mode 2017-12-11 20:11:27 +01:00
Frank Denis
bdca518edc Remove incorrect and useless cast 2017-12-11 19:54:10 +01:00
Frank Denis
99fa31a595 More tests 2017-12-06 14:08:00 +00:00
Frank Denis
609e42be75 One more test 2017-12-06 13:53:22 +00:00
Frank Denis
43fa5ecc49 Add some tests for reduced-rounds salsa20 2017-12-06 13:38:46 +00:00
Frank Denis
0b6370dd0a Always undef NDEBUG in tests 2017-12-06 12:17:57 +00:00
Frank Denis
625e313e74 Avoid an expression in a assert() with side effects 2017-12-06 12:16:37 +00:00
Frank Denis
e89c43edf6 secretstream: add a test for rekeying using TAG_REKEY 2017-12-06 11:45:47 +00:00
Frank Denis
22b65dc57c Add a call to sodium_stackzero() 2017-12-05 17:49:58 +00:00
Frank Denis
01072a2f6a More tests 2017-12-03 21:16:46 +01:00
Frank Denis
cdd7d5f37d Add explicit cast 2017-12-03 21:02:17 +01:00
Frank Denis
8ad6ffa9d6 More tests 2017-12-03 20:56:17 +01:00
Frank Denis
b6262d982f Don't even try to compile non-minimal code 2017-12-03 16:55:46 +01:00
Frank Denis
139cadc76d Skip tests 13&14 in minimal mode 2017-12-03 16:49:55 +01:00
Frank Denis
99fe9eb67f More misuse tests 2017-12-03 16:39:05 +01:00
Frank Denis
229dac07ee casts 2017-12-01 17:29:29 +01:00
Frank Denis
217a9330a4 More tests 2017-12-01 17:21:59 +01:00
Frank Denis
84047b703a More tests 2017-12-01 17:04:09 +01:00
Frank Denis
e44614505b Casts 2017-12-01 16:32:25 +01:00
Frank Denis
218dac349a Fix format string sign 2017-12-01 15:24:48 +01:00
Frank Denis
46e2a46490 secretstream test: provide additional data to lift ambiguity on what is being tested 
Spotted by @emilbayes - Thanks!
 2017-11-26 22:02:26 +01:00
Frank Denis
ee2403deba Check for RDRAND presence 2017-11-25 17:53:33 +01:00
Frank Denis
c190574cee x25519-ref10: reject low order points before the multiplication 2017-11-17 10:47:00 +01:00
Frank Denis
fc10e78580 Add a test for constants 2017-11-15 16:58:31 +01:00
Frank Denis
a60d877327 Add a test for crypto_scalarmult_ed25519 2017-11-15 16:57:29 +01:00
Frank Denis
7653df070c Keep only the second test 2017-11-15 16:15:25 +01:00
Frank Denis
222ab9857c Check that add/sub don't enforce the canonical form 2017-11-15 15:31:01 +01:00
Frank Denis
4fe7f88063 Re-merge previous test; add the correct prime 2017-11-15 15:26:41 +01:00
Frank Denis
d8c36842eb Remove a test that doesn't make sense 2017-11-15 01:59:43 +01:00
Frank Denis
97e6f73230 Add a pretty obvious assertion 2017-11-15 01:48:28 +01:00
Frank Denis
3d8889560e Export constants 2017-11-15 01:47:54 +01:00
Frank Denis
1e06b32f45 Add a couple more tests for ed25519_is_valid_point() 2017-11-15 01:44:55 +01:00
Frank Denis
63f7727a74 C++ compat 2017-11-15 01:37:33 +01:00
Frank Denis
1df2285362 Add a preliminary test for core_ed25519 2017-11-15 01:34:43 +01:00
Frank Denis
7e75ad4ca9 Remove unused var 2017-10-23 23:43:19 +02:00
Frank Denis
f54c6db981 sign_keygen(): don't hash the secret scalar in non-deterministic mode 2017-10-11 21:27:48 +02:00
Frank Denis
0dd8338b83 Add a compile-time switch to create non-deterministic signatures 2017-10-06 15:35:07 +02:00
Frank Denis
2a367074fe Add actual performance API emulation for old browsers 2017-10-05 07:52:33 +02:00
Frank Denis
e784a3fb40 Add no-ops for very old browsers without the performance API 2017-10-05 01:46:02 +02:00
Frank Denis
37d9f09f5b Round duration 2017-10-05 00:20:55 +02:00
Frank Denis
752c1fff2d emscripten template: make the module global 2017-10-05 00:16:37 +02:00
Frank Denis
cc8cd391c9 Fix emscripten template 2017-10-05 00:11:40 +02:00
Frank Denis
93e39760b9 Wasm: add basic benchmark 
Not really fair yet since the script isn't preloaded
 2017-10-05 00:02:37 +02:00
Frank Denis
f0daa92f50 Remove index-wasm.html.tpl 2017-10-04 23:52:39 +02:00
Frank Denis
6a0e144899 Use less memory for the pwhash tests 2017-10-04 22:52:11 +02:00
Frank Denis
d3e20869af crypto_pwhash_ALG_DEFAULT is now Argon2id 2017-10-01 12:12:13 +02:00
Frank Denis
2f51ed3397 Rename the test/pwhash.c -> test/pwhash_argon2i.c 2017-10-01 11:09:55 +02:00
Frank Denis
d49d7e8d4f pwhash: don't enforce the same limits for argon2i and argon2id 
Fixes #606

Also, keep enforcing a minimum number of iterations to create argon2i
hashes, but relax that restriction for verification, as it can be
useful to migrate from hashes made using other libraries.
 2017-10-01 11:02:46 +02:00
Frank Denis
2542367c2d secretstream: set the initial counter to 1 
Avoids using the first block for two different purposes, and will be more
consistent with the AES-based version.

This breaks backwards compatibility, but better do it now that most distro are
still shipping < 1.0.14, that no applications seem to be already using that new
API, and that there will be an update to the library major due to the aes128ctr
removal.
 2017-10-01 10:08:04 +02:00
Frank Denis
3e0b4dec6e Add sodium_base64_encoded_len() 2017-09-21 11:25:09 +02:00
Frank Denis
18f0fff89e More tests: verify that they key gets updated after the counter wraps 2017-09-20 17:10:10 +02:00
Frank Denis
ee1d5c96d8 Move the codecs tests to their own test file 2017-09-19 22:51:05 +02:00
Frank Denis
558355e566 Check if SIGABRT can be trapped multiple times in a row 2017-09-19 22:33:09 +02:00
Frank Denis
8ee67b1dd7 More tests 2017-09-19 22:19:50 +02:00
Frank Denis
1f72dec89d More tests 2017-09-19 22:17:10 +02:00
Frank Denis
41dc933226 More tests 2017-09-19 22:08:31 +02:00
Frank Denis
aec433cecc Additional check 2017-09-19 20:04:57 +02:00
Frank Denis
7423408cd3 Make the behavior of hex2bin() consistent with base642bin() 
Return -1 on incomplete sequences and on complete sequences
with trailing, non-ignored characters if no pointers to store the
last parsed byte has been provided
 2017-09-19 18:45:23 +02:00
Frank Denis
00660d79b9 secretstream test: don't pull twice if we don't test with AD 2017-09-19 17:32:15 +02:00
Frank Denis
3c8a7f17f0 Add tests for short, invalid unpadded base64 strings 2017-09-19 16:59:18 +02:00
Frank Denis
9209e89d96 More tests 2017-09-19 00:34:26 +02:00
Frank Denis
31e9a5541d More tests 2017-09-18 23:57:29 +02:00
Frank Denis
525c21ed10 Tests 2017-09-18 23:29:58 +02:00
Frank Denis
1875980d33 More tests 2017-09-18 23:18:46 +02:00
Frank Denis
5b9680ead6 More tests 2017-09-18 23:13:50 +02:00
Frank Denis
e878bc141b More keygen tests 2017-09-17 23:13:38 +02:00
Frank Denis
f244f658d6 int -> size_t 2017-09-17 23:13:27 +02:00
Frank Denis
9c53da4a6d metamorphic tests for HMAC 2017-09-17 21:55:29 +02:00
Frank Denis
bd69a3083a metamorphic tests for onetimeauth 2017-09-17 21:48:16 +02:00
Frank Denis
a7b75a2d7d + simple metamorphic tests for crypto_generichash() 
This needs to be extended to other APIs with a streaming interface
 2017-09-17 21:41:32 +02:00
Frank Denis
bfab44aa40 initbytes -> headerbytes for clarity 2017-09-16 23:21:28 +02:00