Frank Denis
c3b0de7393
Test box_easy with overlapping in/out.
2014-10-04 23:53:19 -07:00
Frank Denis
d34743241e
Add a test for ed25519 malleability and restore traditional behavior.
...
If an application really requires non-malleability, ED25519_PREVENT_MALLEABILITY
can be defined to enable the check.
This might become the default behavior depending on what other implementations
are planning to do.
2014-10-04 23:25:01 -07:00
Frank Denis
9f6d37d9c6
Support overlapping input and output regions in crypto_secretbox_detached()
...
crypto_stream_salsa20() doesn't support overlapping input and output regions,
except when they are aliases.
2014-10-04 22:08:09 -07:00
Frank Denis
18f4dd241e
C++ compat
2014-09-23 21:30:37 -07:00
Frank Denis
727f3993a1
lcov exclusion
2014-09-23 21:22:44 -07:00
Frank Denis
5a7782eb6e
Extra tests for invalid pwhash strings
2014-09-23 21:15:38 -07:00
Frank Denis
7670932918
test pwhash_str_verify() with an invalid character
2014-09-23 15:38:31 -07:00
Frank Denis
b07dfc5da3
The test for pwhash is too slow for some systems.
...
Stop checking alterations for every single character.
2014-09-23 15:18:06 -07:00
Frank Denis
ced2c40a1a
Update pwhash.exp for the new case that has to fail (empty password)
2014-09-23 14:57:11 -07:00
Frank Denis
7a54ba58e9
Test password verification with an empty password
2014-09-23 14:54:19 -07:00
Frank Denis
d6d539a0ce
Test crypto_pwhash_scryptsalsa208sha256_str_verify() with invalid input.
2014-09-23 13:58:59 -07:00
Frank Denis
d511c43ca9
Test crypto_hash() with an input longer than the block size
2014-09-23 13:40:08 -07:00
Frank Denis
46df8ea890
Test pwhash with opslimit < 32768
2014-09-23 13:19:03 -07:00
Frank Denis
34df07f0c7
Test generichash with no key, with salt or personalization
2014-09-23 12:37:21 -07:00
Frank Denis
471922cb05
crypto_sign() test: explicitly initialize sig in case the previous tests failed.
2014-09-22 17:09:16 -07:00
Frank Denis
5558885953
Add a test for crypto_sign() with overlapping buffers.
2014-09-21 22:10:25 -07:00
Frank Denis
4de4e57a8e
chacha20: test more than 1 block
2014-09-18 22:13:00 -07:00
Frank Denis
9eefb2e487
More test + lcov exclusions
2014-09-18 22:02:25 -07:00
Frank Denis
b062a555da
scalarmult: check that the top bit is ignored
2014-09-18 21:27:49 -07:00
Frank Denis
595e98a224
Check return code of crypto_generichash_init()
2014-09-16 21:41:33 -07:00
Frank Denis
31d842a432
Test for (secret)box_easy behavior with a huge input.
2014-09-16 21:20:05 -07:00
Frank Denis
37580f4f52
More tests
2014-09-16 20:46:43 -07:00
Frank Denis
fbfbbdd349
Ensure that nothing explodes when calling crypto_generichash_blake2b_init_salt_personal with salt/personal == NULL
2014-09-16 20:09:33 -07:00
Frank Denis
51d9b223aa
Test crypto_box_(before|after)nm
2014-09-16 20:01:58 -07:00
Frank Denis
1cf170a90e
Test sodium_allocarray(), and sodium_malloc() with a huge size
2014-09-16 15:35:21 -07:00
Frank Denis
4993073501
Test chacha20 with a null output length
2014-09-16 15:25:54 -07:00
Frank Denis
6837c2d2c2
Include extra 0 in the key used for the hmacsha512 test
2014-09-16 15:25:38 -07:00
Frank Denis
fe4bbdc5ca
More crypto_pwhash() tests
2014-09-16 15:07:42 -07:00
Frank Denis
a721543b58
Test hmacsha512 with keys larger than the block size
2014-09-16 14:59:19 -07:00
Frank Denis
e333e55209
Increase generichash test coverage
2014-09-16 14:44:38 -07:00
Frank Denis
cee8af9b66
Test chacha20 with length == 0
2014-09-16 10:32:04 -07:00
Frank Denis
81aa4ef4a3
Check crypto_onetimeauth() streaming interface
2014-09-16 10:19:32 -07:00
Frank Denis
d7edf5c34b
crypto_generichash_keybytes_min() cannot be 0, even if 0 is a valid key length
2014-09-15 10:26:29 -07:00
Frank Denis
1217d30bae
More chacha20 tests
2014-09-14 13:09:15 -07:00
Frank Denis
2f7d98a73d
Fix format in auth5 test
2014-09-14 12:58:50 -07:00
Frank Denis
dc49ae0491
Add tests for invalid generichash parameters
2014-09-14 12:56:32 -07:00
Frank Denis
0ec5a25c88
More tests for randombytes
2014-09-14 12:43:53 -07:00
Frank Denis
82bc039d6c
Consistent syle for the tests.
2014-09-14 11:32:55 -07:00
Frank Denis
0e559b94d5
Make the tests a little bit more readable
2014-09-14 10:34:16 -07:00
Frank Denis
f41bfa9b94
More tests for constants
2014-09-13 15:17:19 -07:00
Frank Denis
fcc2513967
More tests for constants
2014-09-13 15:12:23 -07:00
Frank Denis
d65c791e58
More tests for constants
2014-09-13 15:03:04 -07:00
Frank Denis
2645422a32
Test crypto_aead with a short ciphertext
2014-09-13 14:51:21 -07:00
Frank Denis
a92731a9f4
More tests for constants
2014-09-13 14:47:29 -07:00
Frank Denis
12a3f27706
More tests for constants
2014-09-13 14:37:04 -07:00
Frank Denis
2c1b507045
More constant tests
2014-09-13 14:29:59 -07:00
Frank Denis
ab37bd3e0b
Tests: no need for crypto_uint8
2014-09-13 14:15:55 -07:00
Frank Denis
b7b0436fb8
Test the presence of some extra functions
2014-09-13 14:12:40 -07:00
Frank Denis
4d276a81e7
Include header files commonly used by the tests to cmptest.h
2014-09-13 14:11:12 -07:00
Frank Denis
3b680e0a52
Use high-level APIs in tests
2014-09-13 13:56:41 -07:00
Frank Denis
6c0852f22f
Remove unused macros
2014-09-04 13:24:09 -07:00
Frank Denis
0e23192159
Add crypto_sign_ed25519_sk_to_seed() and crypto_sign_ed25519_sk_to_pk()
2014-08-15 13:52:08 -07:00
Frank Denis
473e1718cc
Add sodium_{malloc,allocarray,free}() and sodium_mprotect_*()
...
ptr = sodium_malloc(size) returns a pointer from which exactly "size" bytes
can be accessed.
ptr = sodium_allocarray(count, size) allocates enough storage space for
"count" pointers or scalars of unit size "size".
In both cases, the region is immediately followed by a guard page.
As a result, any attempt to access a memory location after ptr[size - 1] will
immediately trigger a segmentation fault.
The allocated region is mlock()ed and filled with 0xd0 bytes.
A read-only page with the size, a guard page, as well as a canary are
placed before the returned pointer.
The canary is checked by sodium_free(); as a result, altering data right
before ptr is likely to cause sodium_free() to kill the process.
sodium_free() munlock()s the region and fills it with zeros before
actually calling free().
sodium_mprotect_noaccess(), sodium_mprotect_readonly() and
sodium_mprotect_readwrite() can be used to change the protection on the set
of allocated pages.
Reverting the protection to read+write is not required before calling
sodium_free().
2014-08-14 21:41:05 -07:00
Frank Denis
9f0208050e
crypto_sign_SECRETKEYBYTES already includes the public key
2014-08-05 14:26:39 -07:00
Frank Denis
eae4add8de
Implement ed25519 -> curve25519 keys conversion
2014-08-05 13:32:25 -07:00
Frank Denis
7b0eeda1c6
Remove aes256estream.
...
AES-256 will be reintroduced, but not until we have a bitsliced implementation.
2014-08-05 00:57:10 -07:00
Frank Denis
c16502fc2c
Coverity FP
2014-07-15 22:48:49 -07:00
Frank Denis
25ea5b65db
Add explicit checks for crypto_box_detached()
2014-07-11 12:28:52 -07:00
Frank Denis
ad7b1c58a8
Add tests for short messages with (secret)box_easy
2014-07-11 12:23:52 -07:00
Frank Denis
2bb8ae26d5
Test detached signatures
2014-07-10 23:21:23 -07:00
Frank Denis
16fa9960e0
Test crypto_sign_detached()
2014-07-10 23:21:22 -07:00
Frank Denis
96b840cfcf
Add a test for short (non-detached) signed messages
2014-07-10 22:39:11 -07:00
Frank Denis
f6519378b4
+ --enable-minimal to build a smaller library without less-used functions.
2014-07-09 20:24:04 -07:00
Frank Denis
0e4f4d6205
Use unsigned types for sizes in tests.
2014-07-01 19:33:59 +00:00
Frank Denis
9154d7416e
Add a test for crypto_aead without any additional data
2014-06-30 16:23:34 -07:00
Frank Denis
768b78b711
crypto_(secret)box_easy_detached() -> crypto_(secret)box_detached()
2014-06-27 18:29:03 -07:00
Frank Denis
44f7a9f3cb
Allow the authentication tag to be stored separately from the message.
...
Encrypting in-place and storing the tag separately is a very common need.
Instead of forcing people to do their own cuisine, let's provide simple
variants of the _easy interfaces to do that.
2014-06-26 15:18:39 -07:00
Frank Denis
eec0f78af6
Move the tag to the end for crypto_aead_chacha20poly1305
2014-06-26 09:15:20 -07:00
Frank Denis
efe53d118b
chachapoly1305 test: check output length
2014-06-26 08:56:17 -07:00
Frank Denis
a7410966ea
Rename secretbox_chacha20poly1305() -> aead_chacha20poly1305()
...
The tag is still at the end. This will be changed right after.
2014-06-26 08:48:13 -07:00
Frank Denis
5e89fc9303
Import secretbox_chacha20poly1305.exp
2014-06-19 23:07:20 -07:00
Frank Denis
bd1490a6cd
Add AEAD_CHACHA20_POLY1305
...
With a twist: in order to be consistent with the crypto_stream
interface, the tag has to come before the ciphertext.
2014-06-19 22:49:33 -07:00
Frank Denis
1fcb676aed
test/default/sign.c: make the test vectors static
2014-06-09 19:27:54 -07:00
Frank Denis
06e089ef6a
Make crypto_sign() test code more explicit.
...
crypto_sign() doesn't just need the secret key. The public key has to follow.
Which is why the test vectors are laid out in this order.
But this can confuse static analysis, as well as people looking at the test
in order to better understand how crypto_sign() works.
So, just copy the sk and the pk into a dedicated buffer, for clarity.
2014-06-09 19:27:49 -07:00
Frank Denis
8560366cd8
Disable the pwhash_scrypt_ll test that requires 1 Gb RAM.
...
This is way too much for many devices and for VPS users.
2014-06-07 10:16:03 -07:00
Frank Denis
2058eaea99
Revert bd8cbd3175
...
Go back to masking the high bit in curve25519 instead of processing the
key as a 256-bit value.
2014-06-06 08:22:11 -07:00
Frank Denis
e737c94271
More test/default/pwhash_scrypt_ll.c fixes
2014-06-03 23:48:25 -07:00
Frank Denis
f341a4c9a3
Make arguments match the format string in test/default/pwhash_scrypt_ll.c ...
2014-06-03 23:22:38 -07:00
Anders Johansson
1d4849465b
Change spaces to tab in Makefile.am after pwhash_scrypt_ll addition
2014-06-03 13:04:26 +02:00
Anders Johansson
e7e4ab514c
To comply with C89:
...
- Moved variable declarations to top of function
- Constant output buffer inside the function
Moved strlen calls from main to inside function to make code easier to read.
Also switched from fancy quotes to single quotes in expected output
2014-06-03 12:15:39 +02:00
Anders Johansson
e477e51323
Fix Travis g++ errors
2014-06-01 21:31:44 +02:00
Anders Johansson
d47d5d8623
Add test for Tarsnap testvectors to low-level scrypt interface
2014-06-01 20:58:20 +02:00
Jan Varho
9f52b0f0e9
Change crypto_box_seed_keypair to use SHA-512 of the seed
...
This makes it compatible with what js-nacl and racl do.
2014-05-25 19:13:04 -07:00
Jan Varho
f438116b6b
Test crypto_box_seed_keypair
2014-05-23 10:33:58 +03:00
Frank Denis
a517bf9f0f
One more chacha20 test
2014-05-15 15:26:44 -07:00
Frank Denis
0d9f25999a
+chacha20.exp
2014-05-15 13:35:56 -07:00
Frank Denis
7381983f8b
Preliminary chacha20 support
2014-05-15 13:27:15 -07:00
Frank Denis
bd05b7d292
Rename scryptxsalsa208sha256 to scryptsalsa208sha256
2014-05-15 00:01:16 -07:00
Frank Denis
62e37fbfe4
crypto_pwhash_scryptxsalsa208sha256_str() test vectors
2014-05-14 23:46:15 -07:00
Frank Denis
eca5267df9
crypto_pwhash_scryptxsalsa208sha256 test vectors
2014-05-14 23:22:11 -07:00
Frank Denis
84cceed1f6
Do not require crypto_sign_BYTES extra bytes for the message in crypto_sign_open()
...
This is a common source of confusion.
2014-05-12 22:54:05 -07:00
Frank Denis
0c63926ef1
Fix sign.c test, classic crypto_sign_open() confusion.
2014-05-12 21:43:33 -07:00
Frank Denis
30c1e13f2a
Switch opslimit and memlimit in pwhash, to be closer to PHC's proposed API.
2014-05-12 12:34:41 -07:00
Frank Denis
37d73684b8
More crypto_pwhash tests
2014-05-12 11:26:39 -07:00
Frank Denis
9383d59e21
It's totally fine for sodium_library_version_minor() to be 0.
2014-05-08 21:32:36 -07:00
Frank Denis
42d87bf926
The pwhash test requires a 32 bytes salt.
2014-05-08 20:39:14 -07:00
Frank Denis
e48b1e6b75
Remove extra puts() in pwhash test.
2014-05-08 19:09:43 -07:00
Frank Denis
299ff0ceb3
Add a minimal test for crypto_pwhash
2014-05-07 23:54:55 -07:00
Frank Denis
9d29f94ac2
Add overdue crypto_sign test
2014-05-07 23:23:13 -07:00
Frank Denis
01059444ee
Wait, what, printf(3) on Windows doesn't even support %zu? o_O
2014-04-17 22:15:09 -07:00