Adrien Gallouët
0a31dd5a31
aegis256: Support mac verification when m is NULL
...
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
2019-09-12 21:11:07 +00:00
Frank Denis
a59e1f8b54
aegis256: update MSVC solutions, .gitignore, exported emscripten symbols
...
and the global list of symbols
2019-09-12 22:10:07 +02:00
Frank Denis
88717d995b
Indent
2019-09-12 20:28:54 +02:00
Adrien Gallouët
3c14a1581c
Add tests for AEGIS-256
...
Signed-off-by: Adrien Gallouët <adrien@gallouet.fr>
2019-09-12 14:42:19 +00:00
Frank Denis
aaaaf7b8b8
Units are not required any more for Lucet
2019-07-23 22:23:50 +02:00
Frank Denis
55a81d9460
lucetc-wasi requires units with --max-heap-size
2019-07-09 20:41:34 +02:00
Frank Denis
e97760ad68
shielding requires memory protection
2019-07-09 20:29:36 +02:00
Frank Denis
61992a838d
Register new symbols
2019-06-22 17:06:18 +02:00
Frank Denis
bfeca0eb73
Implement key shielding to protect against side channels
...
We may want to fold this into `sodium_mprotect_*()` instead of
exposing these functions.
The drawback is that a transition from PROT_NONE to PROT_READ
(or the other way round) would need an intermediary state in PROT_WRITE
for shielding/unshielding.
Shielding is also not thread-safe, while the `mprotect_*()` functions
are, and adding locks would make things more complicated than they
probably should.
2019-06-22 14:56:16 +02:00
Frank Denis
60f4bc8212
getconf(1) may not be available
2019-06-11 00:17:19 +02:00
Frank Denis
2dd3b91628
Try to rename internal symbols that were visible in static libraries
...
Fixes #839
2019-06-10 23:08:21 +02:00
Frank Denis
922e91a7bf
lucetc will eventually use --opt-level fast instead of --opt-level best
2019-05-30 20:30:45 +02:00
Frank Denis
af6df5f4a5
Revert "Limit resources when running tests"
...
This reverts commit 9567bbe65f
.
2019-05-23 00:38:14 +02:00
Frank Denis
76ac6ef605
Remove an unreliable scrypt test
...
Fixes #837
2019-05-21 13:14:06 +02:00
Frank Denis
91c98bad15
lucet seems to accept sizes without a suffix
2019-05-21 11:22:49 +02:00
Frank Denis
06f331d153
Use the same memory limit everywhere
2019-05-21 11:12:07 +02:00
Frank Denis
9567bbe65f
Limit resources when running tests
...
The default memory limit matches the limit already used when running
the javascript and webassembly tests.
Original diff by @pilou-
Fixes #837
2019-05-21 10:52:01 +02:00
Frank Denis
6d9e2f0c84
More tests
2019-05-06 13:02:20 +02:00
Frank Denis
011343e88c
More tests
2019-05-06 12:48:02 +02:00
Frank Denis
12277ee6b5
More tests
2019-05-06 12:40:21 +02:00
Frank Denis
06e4a485c4
More tests
2019-05-06 11:40:57 +02:00
Frank Denis
ffdaf6d16b
aead_xchacha20poly1305_ietf_decrypt(): add a test with a NULL message
2019-05-06 11:15:11 +02:00
Frank Denis
4b7e497a92
Revert "Postpone from_hash()"
...
Use proper reduction, and don't mask the high bit, so that
H2C-Curve25519-SHA512-Elligator-Clear can be implemented if required
2019-05-02 13:51:12 +02:00
Frank Denis
56d93ffe62
Lucet now has a --reserved-size knob
2019-05-02 10:16:21 +02:00
Frank Denis
ab1e720a30
Postpone from_hash()
2019-05-02 10:12:12 +02:00
Frank Denis
24c54073a8
Add core_ed25519_from_hash() and core_{ed25519, ristretto255}_random()
2019-05-02 00:51:17 +02:00
Frank Denis
689407c36d
Rename ristretto_from_uniform() to ristretto_from_hash()
2019-05-01 19:56:08 +02:00
Frank Denis
cec56d867f
Lucet: set min-reserved-size to the same value as max-heap-size
...
If <min-reserved-size> is less than <max-heap-size>, the code will
still assume that only <min-reserved-size> bytes are accessible and
will trap even if the runtime could allocate more..
So, `max` should always be <= `min`. Naming options is hard.
2019-04-23 14:57:07 +02:00
Frank Denis
e7942ad150
Make the stream and stream2 test object code 1000x smaller
2019-04-23 09:57:36 +02:00
Frank Denis
3fde7349e1
Clarify that --min-reserved-size surprisingly sets the max memory
2019-04-23 03:14:19 +02:00
Frank Denis
05c86927f4
Remove temporary files
2019-04-23 02:02:19 +02:00
Frank Denis
fbe5d52a81
Spaces
2019-04-23 01:24:12 +02:00
Frank Denis
ff88392d8c
Make the WASI backend configurable
2019-04-23 01:23:41 +02:00
Frank Denis
2277e7f4f0
Lucet requires --min-reserved-size or tests with large allocations will fail
2019-04-23 01:13:25 +02:00
Frank Denis
e38128998b
lucet --dir=.:. works
...
Current WebAssembly runtimes status:
- wasmtime: no tests are failing.
- wasmer: 3 tests are failing:
sodium_core, sodium_utils2, sodium_utils3
- lucet: 8 tests are failing:
core3, pwhash_argon2i, pwhash_argon2id, secretstream, stream, stream2,
pwhash_scrypt, pwhash_scrypt_ll
2019-04-23 00:47:43 +02:00
Frank Denis
7993e35227
Try wasmer and lucet as alternatives to wasmtime
...
However:
- wasmer seems to have issues with signals, causing some tests to fail
- lucet's --dir option doesn't seem to work with relative paths
These are temporary limitations, that are likely to be fixed soon.
2019-04-22 23:57:00 +02:00
Frank Denis
3d6151ae62
constcheck: ignore deprecated declarations
2019-04-22 19:49:18 +02:00
Frank Denis
22c289d195
Ensure that we use non-zero random scalars for inversion
2019-04-15 10:18:15 +02:00
Frank Denis
db6f43d25e
Add crypto_core_{ed25519,ristretto255}_scalar_mul
2019-04-15 10:12:19 +02:00
Frank Denis
2d87abe21a
Use the correct constant for the buffer lengths in scalar tests
2019-04-15 09:44:32 +02:00
Frank Denis
a7ebe2856f
Turn on wasmtime optimizations
2019-04-09 15:48:23 +02:00
Frank Denis
aaa9d0d940
Include wasi-test-wrapper.sh in dist builds
2019-04-09 12:09:16 +02:00
Frank Denis
449e6d12b9
Don't forget to free() r_inv in the core_ristretto255 test
2019-04-08 23:12:55 +02:00
Frank Denis
9dbf03c115
Run the WASI checks using wasmtime
2019-04-08 21:45:08 +02:00
Frank Denis
8745c85114
First step towards WASI support
2019-04-08 20:47:33 +02:00
Frank Denis
6a83cd05ec
Be positive
2019-03-21 09:27:55 +01:00
Frank Denis
773a94d70b
Just use some test vectors around the counter overflow
2019-03-21 03:08:40 +01:00
Frank Denis
9218397375
Remove useless tests, add more meaningful ones.
2019-03-21 02:04:09 +01:00
Frank Denis
b579de9ac7
Additional salsa20 tests
2019-03-21 01:15:13 +01:00
Frank Denis
e1abc1de7e
Rename randombytes_salsa20 to randombytes_internal and switch to ChaCha20
2019-03-17 19:25:32 +01:00
Frank Denis
1e847cc60b
More tests
2019-02-18 11:10:51 +01:00
Frank Denis
db0319fb8e
Initial support for ristretto255
2019-02-18 00:56:48 +01:00
Frank Denis
e6aa7e1da4
The time has come to remove support for (p)nacl
2019-02-14 14:41:09 +01:00
Frank Denis
83a873ea1b
Fix tests, use guard page instead of NULL because of Wasm
2019-02-09 20:47:24 +01:00
Ilya Maykov
6934a8d0c8
Relax most __attribute__ ((nonnull)) to allow 0-length inputs to be NULL.
...
Justifications:
- crypto_(auth|hash|generichash|onetimeauth|shorthash)*:
it's legal to hash or HMAC a 0-length message
- crypto_box*: it's legal to encrypt a 0-length message
- crypto_sign*: it's legal to sign a 0-length message
- utils:
comparing two 0-length byte arrays is legal
memzero on a 0-length byte array is a no-op
converting an empty hex string to binary results in an empty binary string
converting an empty binary string to hex results in an empty hex string
converting an empty b64 string to binary results in an empty binary string
converting an empty binary string to b64 results in an empty b64 string
sodium_add / sodium_sub on zero-length arrays is a no-op
For the functions declared in utils.h, I moved the logic into private functions that
have the __attribute__ ((nonnull)) check, but they are only called when the
corresponding length argument is non-0. I didn't do this for the hash/box/sign
functions since it would have been a lot more work and quite a large refactor.
2019-02-09 20:26:10 +01:00
Frank Denis
0cdf963799
Add another test
2019-01-05 23:11:02 +01:00
Frank Denis
909983a9d2
Avoid memory leak and overflow in addition test
2019-01-05 23:08:03 +01:00
Frank Denis
d4eec69ef1
More tests
2019-01-05 21:17:48 +01:00
Frank Denis
0205a8035e
More tests
2019-01-05 20:56:22 +01:00
Frank Denis
7ac557498f
C++ compat
2019-01-03 09:49:33 +01:00
Frank Denis
bdfda5dc83
Nits
2019-01-02 16:14:15 +01:00
Frank Denis
d333f509a2
Add a test for sodium_sub()
2019-01-02 15:32:59 +01:00
Frank Denis
1542d473da
Add crypto_core_ed25519_scalar_complement(), _negate(), _add(), _sub()
2018-12-30 01:48:58 +01:00
Frank Denis
cff3d7f6c7
Remove unused variables
2018-12-29 16:42:09 +01:00
Frank Denis
cce84d05b2
Use unsigned indices
2018-12-26 18:39:07 +01:00
Frank Denis
d3976446a0
ED25519_NONDETERMINISTIC: derive keys from the seed the same way
...
as when ED25519_NONDETERMINISTIC is not defined
2018-12-25 13:25:57 +01:00
Frank Denis
59bd82edab
Add a crypto_core_ed25519_NONREDUCEDSCALARBYTES constant
...
and reject 0 in crypto_core_ed25519_random()
2018-12-24 17:26:38 +01:00
Frank Denis
8dd554d2c4
Leverage sodium_add()
2018-12-24 15:25:34 +01:00
Frank Denis
902f0997c0
Add a test for scalar_reduce()
2018-12-24 15:24:04 +01:00
Frank Denis
34e787030f
Use a guard page instead of NULL for opt arguments in tests
2018-12-24 15:02:59 +01:00
Frank Denis
63573bb98c
Add crypto_core_ed25519_scalar_random()
2018-12-23 12:32:07 +01:00
Frank Denis
6fa0220302
Export crypto_core_ed25519_scalar_reduce, add tests
2018-12-23 02:56:11 +01:00
Frank Denis
b6051b7ee2
Add tests for unclamped scalars
2018-12-18 23:11:15 +01:00
Frank Denis
cf217e3dfc
Call misuse() if we ask too much data from the IETF variant of ChaCha20
...
Fix #753
2018-09-08 02:12:23 +02:00
Frank Denis
69a5643477
Add chacha20-poly1305 test from Project Wycheproof
2018-09-04 15:44:42 +02:00
Frank Denis
cb22446db1
Add aes256gcm tests from project wycheproof
2018-08-30 09:51:28 +02:00
Frank Denis
cdc4822c92
Remove unneeded trailing commas
2018-08-30 09:26:16 +02:00
Frank Denis
f8377e9818
Add x25519 test vectors from project wycheproof
2018-08-29 15:08:26 +02:00
Jakob Rieck
543b5ad068
Fixes padding for blocksizes > 256
2018-08-27 11:42:49 +02:00
Frank Denis
ccb2390e9c
xchacha20 test: initialize the full nonce
...
Spotted by @FiloSottile, thanks!
Fixes #742
2018-08-03 23:23:53 +02:00
Frank Denis
415f079692
zap trailing spaces
2018-04-29 17:49:01 +02:00
Emil Bay
2ad8162218
Missing test for abytes
2018-04-12 17:24:10 +02:00
Frank Denis
6a60818982
C++ compat
2017-12-21 22:35:02 +01:00
Frank Denis
8a2833f01a
Remove the dummy FS call from the Javascript tests
2017-12-21 21:37:02 +01:00
Frank Denis
72ab8739a2
Javascript tests: don't call FS.*() if the filesystem module is not present
2017-12-21 21:36:56 +01:00
Frank Denis
bd631649c1
Emscripten: run the tests in benchmark mode
2017-12-21 18:52:59 +01:00
Frank Denis
d7f8f6bc80
Static
2017-12-21 18:47:43 +01:00
Frank Denis
0187ba70ad
Require the generichash state to be aligned
...
Alignment is already required by other functions anyway.
2017-12-21 18:21:43 +01:00
Frank Denis
1e7839a90c
Lift alignment requirements in crypto_generichash()
2017-12-21 18:14:17 +01:00
Frank Denis
dce1614eee
Use default randombytes implementation for tests on emscripten
2017-12-21 02:02:39 +01:00
Frank Denis
13201046e6
emscripten: stick to the unique randombytes implementation
2017-12-21 00:32:42 +01:00
Frank Denis
69642f0409
Undefine printf if required
2017-12-16 21:01:23 +01:00
Frank Denis
bfc8ec1248
Add a memleak checker to the benchmark code
...
Plug the leaks it surfaced in pwhash_argon2* tests
2017-12-16 14:51:11 +01:00
Frank Denis
b84e4b9ddf
Add missing sodium_free() calls in the kdf test
2017-12-16 14:31:01 +01:00
Frank Denis
99fe302562
Make things more explicit
2017-12-16 13:12:07 +01:00
Frank Denis
b6dab1029d
Sort
2017-12-16 13:08:55 +01:00
Frank Denis
31b13ada14
+ #include <limits.h>
2017-12-16 13:08:34 +01:00
Frank Denis
18d5940bc6
Use a simple memory pool for benchmarks
...
In the test suite, a significant amount of time is spent in memory
allocations. A memory pool helps achieve more relevant results with
less iterations.
2017-12-16 13:07:15 +01:00
Frank Denis
ac8dffbecb
Return -1 if the scalar is 0 in crypto_scalarmult_ed25519()
...
For consistency with _base()
2017-12-12 14:35:08 +01:00
Frank Denis
21c1a3160c
Remove tests for deprecated functions
2017-12-11 23:22:34 +01:00
Frank Denis
cf59e049e7
Check reduced-round salsa variants in non-minimal mode
2017-12-11 20:11:27 +01:00
Frank Denis
bdca518edc
Remove incorrect and useless cast
2017-12-11 19:54:10 +01:00
Frank Denis
99fa31a595
More tests
2017-12-06 14:08:00 +00:00
Frank Denis
609e42be75
One more test
2017-12-06 13:53:22 +00:00
Frank Denis
43fa5ecc49
Add some tests for reduced-rounds salsa20
2017-12-06 13:38:46 +00:00
Frank Denis
0b6370dd0a
Always undef NDEBUG in tests
2017-12-06 12:17:57 +00:00
Frank Denis
625e313e74
Avoid an expression in a assert() with side effects
2017-12-06 12:16:37 +00:00
Frank Denis
e89c43edf6
secretstream: add a test for rekeying using TAG_REKEY
2017-12-06 11:45:47 +00:00
Frank Denis
22b65dc57c
Add a call to sodium_stackzero()
2017-12-05 17:49:58 +00:00
Frank Denis
01072a2f6a
More tests
2017-12-03 21:16:46 +01:00
Frank Denis
cdd7d5f37d
Add explicit cast
2017-12-03 21:02:17 +01:00
Frank Denis
8ad6ffa9d6
More tests
2017-12-03 20:56:17 +01:00
Frank Denis
b6262d982f
Don't even try to compile non-minimal code
2017-12-03 16:55:46 +01:00
Frank Denis
139cadc76d
Skip tests 13&14 in minimal mode
2017-12-03 16:49:55 +01:00
Frank Denis
99fe9eb67f
More misuse tests
2017-12-03 16:39:05 +01:00
Frank Denis
229dac07ee
casts
2017-12-01 17:29:29 +01:00
Frank Denis
217a9330a4
More tests
2017-12-01 17:21:59 +01:00
Frank Denis
84047b703a
More tests
2017-12-01 17:04:09 +01:00
Frank Denis
e44614505b
Casts
2017-12-01 16:32:25 +01:00
Frank Denis
218dac349a
Fix format string sign
2017-12-01 15:24:48 +01:00
Frank Denis
46e2a46490
secretstream test: provide additional data to lift ambiguity on what is being tested
...
Spotted by @emilbayes - Thanks!
2017-11-26 22:02:26 +01:00
Frank Denis
ee2403deba
Check for RDRAND presence
2017-11-25 17:53:33 +01:00
Frank Denis
c190574cee
x25519-ref10: reject low order points before the multiplication
2017-11-17 10:47:00 +01:00
Frank Denis
fc10e78580
Add a test for constants
2017-11-15 16:58:31 +01:00
Frank Denis
a60d877327
Add a test for crypto_scalarmult_ed25519
2017-11-15 16:57:29 +01:00
Frank Denis
7653df070c
Keep only the second test
2017-11-15 16:15:25 +01:00
Frank Denis
222ab9857c
Check that add/sub don't enforce the canonical form
2017-11-15 15:31:01 +01:00
Frank Denis
4fe7f88063
Re-merge previous test; add the correct prime
2017-11-15 15:26:41 +01:00
Frank Denis
d8c36842eb
Remove a test that doesn't make sense
2017-11-15 01:59:43 +01:00
Frank Denis
97e6f73230
Add a pretty obvious assertion
2017-11-15 01:48:28 +01:00
Frank Denis
3d8889560e
Export constants
2017-11-15 01:47:54 +01:00
Frank Denis
1e06b32f45
Add a couple more tests for ed25519_is_valid_point()
2017-11-15 01:44:55 +01:00
Frank Denis
63f7727a74
C++ compat
2017-11-15 01:37:33 +01:00
Frank Denis
1df2285362
Add a preliminary test for core_ed25519
2017-11-15 01:34:43 +01:00
Frank Denis
7e75ad4ca9
Remove unused var
2017-10-23 23:43:19 +02:00
Frank Denis
f54c6db981
sign_keygen(): don't hash the secret scalar in non-deterministic mode
2017-10-11 21:27:48 +02:00
Frank Denis
0dd8338b83
Add a compile-time switch to create non-deterministic signatures
2017-10-06 15:35:07 +02:00
Frank Denis
2a367074fe
Add actual performance API emulation for old browsers
2017-10-05 07:52:33 +02:00
Frank Denis
e784a3fb40
Add no-ops for very old browsers without the performance API
2017-10-05 01:46:02 +02:00
Frank Denis
37d9f09f5b
Round duration
2017-10-05 00:20:55 +02:00
Frank Denis
752c1fff2d
emscripten template: make the module global
2017-10-05 00:16:37 +02:00
Frank Denis
cc8cd391c9
Fix emscripten template
2017-10-05 00:11:40 +02:00
Frank Denis
93e39760b9
Wasm: add basic benchmark
...
Not really fair yet since the script isn't preloaded
2017-10-05 00:02:37 +02:00
Frank Denis
f0daa92f50
Remove index-wasm.html.tpl
2017-10-04 23:52:39 +02:00
Frank Denis
6a0e144899
Use less memory for the pwhash tests
2017-10-04 22:52:11 +02:00
Frank Denis
d3e20869af
crypto_pwhash_ALG_DEFAULT is now Argon2id
2017-10-01 12:12:13 +02:00
Frank Denis
2f51ed3397
Rename the test/pwhash.c -> test/pwhash_argon2i.c
2017-10-01 11:09:55 +02:00
Frank Denis
d49d7e8d4f
pwhash: don't enforce the same limits for argon2i and argon2id
...
Fixes #606
Also, keep enforcing a minimum number of iterations to create argon2i
hashes, but relax that restriction for verification, as it can be
useful to migrate from hashes made using other libraries.
2017-10-01 11:02:46 +02:00
Frank Denis
2542367c2d
secretstream: set the initial counter to 1
...
Avoids using the first block for two different purposes, and will be more
consistent with the AES-based version.
This breaks backwards compatibility, but better do it now that most distro are
still shipping < 1.0.14, that no applications seem to be already using that new
API, and that there will be an update to the library major due to the aes128ctr
removal.
2017-10-01 10:08:04 +02:00
Frank Denis
3e0b4dec6e
Add sodium_base64_encoded_len()
2017-09-21 11:25:09 +02:00