Merge branch 'master' of github.com:jedisct1/libsodium

* 'master' of github.com:jedisct1/libsodium:
  Fix `crypto_pwhash_argon2i_str_verify()` and its tests after `errno` changes
  Add crypto_pwhash_MISMATCH errno (#541)
This commit is contained in:
Frank Denis 2017-05-16 12:41:30 +02:00
commit 00212b2604
4 changed files with 31 additions and 16 deletions

View File

@ -186,6 +186,8 @@ crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
const char *const passwd, const char *const passwd,
unsigned long long passwdlen) unsigned long long passwdlen)
{ {
int verify_ret;
if (passwdlen > ARGON2_MAX_PWD_LENGTH) { if (passwdlen > ARGON2_MAX_PWD_LENGTH) {
errno = EFBIG; errno = EFBIG;
return -1; return -1;
@ -196,10 +198,15 @@ crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
return -1; return -1;
} }
/* LCOV_EXCL_STOP */ /* LCOV_EXCL_STOP */
if (argon2i_verify(str, passwd, (size_t) passwdlen) != ARGON2_OK) {
return -1; verify_ret = argon2i_verify(str, passwd, (size_t) passwdlen);
if (verify_ret == ARGON2_OK) {
return 0;
} }
return 0; if (verify_ret == ARGON2_VERIFY_MISMATCH) {
errno = EINVAL;
}
return -1;
} }
int int

View File

@ -118,4 +118,3 @@ const char *crypto_pwhash_primitive(void)
#endif #endif
#endif #endif

View File

@ -7,6 +7,7 @@
#include <stdint.h> #include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <errno.h>
#include "sodium.h" #include "sodium.h"
#include "quirks.h" #include "quirks.h"

View File

@ -258,7 +258,8 @@ main(void)
printf("pwhash_str_verify(1) failure\n"); printf("pwhash_str_verify(1) failure\n");
} }
str_out[14]++; str_out[14]++;
if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1) { if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1 ||
errno != EFBIG) {
printf("pwhash_str_verify(2) failure\n"); printf("pwhash_str_verify(2) failure\n");
} }
str_out[14]--; str_out[14]--;
@ -276,37 +277,44 @@ main(void)
} }
if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
"$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
"password", 0x100000000ULL) != -1) { "password", 0x100000000ULL) != -1 ||
errno != EFBIG) {
printf("pwhash_str_verify(invalid(0)) failure\n"); printf("pwhash_str_verify(invalid(0)) failure\n");
} }
if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
"$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
"password", strlen("password")) != -1) { "password", strlen("password")) != -1 ||
printf("pwhash_str_verify(invalid(1)) failure\n"); errno != EFBIG) {
printf("pwhash_str_verify(invalid(1)) failure %d\n", errno);
} }
if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
"9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
"password", strlen("password")) != -1) { "password", strlen("password")) != -1 ||
errno != EFBIG) {
printf("pwhash_str_verify(invalid(2)) failure\n"); printf("pwhash_str_verify(invalid(2)) failure\n");
} }
if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
"$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo", "$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo",
"password", strlen("password")) != -1) { "password", strlen("password")) != -1 ||
errno != EFBIG) {
printf("pwhash_str_verify(invalid(3)) failure\n"); printf("pwhash_str_verify(invalid(3)) failure\n");
} }
if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1c29tZXNhbHQ" if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1c29tZXNhbHQ"
"$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", "$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
"password", strlen("password")) != -1) { "password", strlen("password")) != -1 ||
errno != EFBIG) {
printf("pwhash_str_verify(invalid(4)) failure\n"); printf("pwhash_str_verify(invalid(4)) failure\n");
} }
if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
"wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", "wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
"password", strlen("password")) != -1) { "password", strlen("password")) != -1 ||
errno != EFBIG) {
printf("pwhash_str_verify(invalid(5)) failure\n"); printf("pwhash_str_verify(invalid(5)) failure\n");
} }
if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
"$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM", "$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM",
"password", strlen("password")) != -1) { "password", strlen("password")) != -1 ||
errno != EFBIG) {
printf("pwhash_str_verify(invalid(6)) failure\n"); printf("pwhash_str_verify(invalid(6)) failure\n");
} }
if (crypto_pwhash_str_verify( if (crypto_pwhash_str_verify(
@ -318,19 +326,19 @@ main(void)
if (crypto_pwhash_str_verify( if (crypto_pwhash_str_verify(
"$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" "$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
"passwore", strlen("passwore")) != -1) { "passwore", strlen("passwore")) != -1 || errno != EINVAL) {
printf("pwhash_str_verify(invalid(7)) failure\n"); printf("pwhash_str_verify(invalid(7)) failure\n");
} }
if (crypto_pwhash_str_verify( if (crypto_pwhash_str_verify(
"$Argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" "$Argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
"password", strlen("password")) != -1) { "password", strlen("password")) != -1 || errno != EINVAL) {
printf("pwhash_str_verify(invalid(8)) failure\n"); printf("pwhash_str_verify(invalid(8)) failure\n");
} }
if (crypto_pwhash_str_verify( if (crypto_pwhash_str_verify(
"$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" "$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
"password", strlen("password")) != -1) { "password", strlen("password")) != -1 || errno != EINVAL) {
printf("pwhash_str_verify(invalid(9)) failure\n"); printf("pwhash_str_verify(invalid(9)) failure\n");
} }
assert(crypto_pwhash_bytes_min() > 0U); assert(crypto_pwhash_bytes_min() > 0U);