diff --git a/.gitignore b/.gitignore index ef9853af..e0281ae9 100644 --- a/.gitignore +++ b/.gitignore @@ -114,6 +114,7 @@ test/default/hash3 test/default/kdf test/default/keygen test/default/kx +test/default/misuse test/default/onetimeauth test/default/onetimeauth2 test/default/onetimeauth7 diff --git a/src/libsodium/crypto_stream/salsa20/stream_salsa20.c b/src/libsodium/crypto_stream/salsa20/stream_salsa20.c index 91e99df7..1a126dad 100644 --- a/src/libsodium/crypto_stream/salsa20/stream_salsa20.c +++ b/src/libsodium/crypto_stream/salsa20/stream_salsa20.c @@ -89,5 +89,5 @@ _crypto_stream_salsa20_pick_best_implementation(void) return 0; } #endif - return 0; + return 0; /* LCOV_EXCL_LINE */ } diff --git a/src/libsodium/sodium/core.c b/src/libsodium/sodium/core.c index 5a06f69e..d550e079 100644 --- a/src/libsodium/sodium/core.c +++ b/src/libsodium/sodium/core.c @@ -41,11 +41,11 @@ int sodium_init(void) { if (sodium_crit_enter() != 0) { - return -1; + return -1; /* LCOV_EXCL_LINE */ } if (initialized != 0) { if (sodium_crit_leave() != 0) { - return -1; + return -1; /* LCOV_EXCL_LINE */ } return 1; } @@ -60,7 +60,7 @@ sodium_init(void) _crypto_stream_salsa20_pick_best_implementation(); initialized = 1; if (sodium_crit_leave() != 0) { - return -1; + return -1; /* LCOV_EXCL_LINE */ } return 0; } @@ -95,7 +95,7 @@ int sodium_crit_enter(void) { if (_sodium_crit_init() != 0) { - return -1; + return -1; /* LCOV_EXCL_LINE */ } EnterCriticalSection(&_sodium_lock); @@ -191,10 +191,10 @@ int sodium_set_misuse_handler(void (*handler)(const char *err)) { if (sodium_crit_enter() != 0) { - return -1; + return -1; /* LCOV_EXCL_LINE */ } _misuse_handler = handler; if (sodium_crit_leave() != 0) { - return -1; + return -1; /* LCOV_EXCL_LINE */ } } diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index 0cb651ab..121e6a3e 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -68,8 +68,8 @@ __attribute__((weak)) void _sodium_dummy_symbol_to_prevent_memzero_lto(void *const pnt, const size_t len) { - (void) pnt; - (void) len; + (void) pnt; /* LCOV_EXCL_LINE */ + (void) len; /* LCOV_EXCL_LINE */ } #endif diff --git a/test/default/Makefile.am b/test/default/Makefile.am index db117202..2cda92e4 100644 --- a/test/default/Makefile.am +++ b/test/default/Makefile.am @@ -37,6 +37,7 @@ EXTRA_DIST = \ kdf.exp \ keygen.exp \ kx.exp \ + misuse.exp \ onetimeauth.exp \ onetimeauth2.exp \ onetimeauth7.exp \ @@ -106,6 +107,7 @@ DISTCLEANFILES = \ kdf.res \ keygen.res \ kx.res \ + misuse.res \ onetimeauth.res \ onetimeauth2.res \ onetimeauth7.res \ @@ -176,6 +178,7 @@ CLEANFILES = \ kdf.final \ keygen.final \ kx.final \ + misuse.final \ onetimeauth.final \ onetimeauth2.final \ onetimeauth7.final \ @@ -241,6 +244,7 @@ CLEANFILES = \ kdf.nexe \ keygen.nexe \ kx.nexe \ + misuse.nexe \ onetimeauth.nexe \ onetimeauth2.nexe \ onetimeauth7.nexe \ @@ -318,6 +322,7 @@ TESTS_TARGETS = \ kdf \ keygen \ kx \ + misuse \ onetimeauth \ onetimeauth2 \ onetimeauth7 \ @@ -460,6 +465,9 @@ keygen_LDADD = $(TESTS_LDADD) kx_SOURCE = cmptest.h kx.c kx_LDADD = $(TESTS_LDADD) +misuse_SOURCE = cmptest.h misuse.c +misuse_LDADD = $(TESTS_LDADD) + onetimeauth_SOURCE = cmptest.h onetimeauth.c onetimeauth_LDADD = $(TESTS_LDADD) diff --git a/test/default/aead_xchacha20poly1305.c b/test/default/aead_xchacha20poly1305.c index de2d445d..e20a8d70 100644 --- a/test/default/aead_xchacha20poly1305.c +++ b/test/default/aead_xchacha20poly1305.c @@ -29,6 +29,7 @@ tv(void) = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; unsigned char *c = (unsigned char *) sodium_malloc(CLEN); unsigned char *detached_c = (unsigned char *) sodium_malloc(MLEN); + unsigned char *key2 = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_KEYBYTES); unsigned char *mac = (unsigned char *) sodium_malloc(crypto_aead_xchacha20poly1305_ietf_ABYTES); unsigned char *m2 = (unsigned char *) sodium_malloc(MLEN); unsigned long long found_clen; @@ -161,8 +162,15 @@ tv(void) printf("m != c (adlen=0)\n"); } + crypto_aead_xchacha20poly1305_ietf_keygen(key2); + if (crypto_aead_xchacha20poly1305_ietf_decrypt(c, &m2len, NULL, c, CLEN, + NULL, 0U, nonce, key2) == 0) { + printf("crypto_aead_xchacha20poly1305_ietf_decrypt() with a wrong key should have failed\n"); + } + sodium_free(c); sodium_free(detached_c); + sodium_free(key2); sodium_free(mac); sodium_free(m2); sodium_free(m); diff --git a/test/default/chacha20.c b/test/default/chacha20.c index 3cba6c31..facd6e60 100644 --- a/test/default/chacha20.c +++ b/test/default/chacha20.c @@ -172,8 +172,13 @@ main(void) tv_ietf(); assert(crypto_stream_chacha20_keybytes() > 0U); + assert(crypto_stream_chacha20_keybytes() == crypto_stream_chacha20_KEYBYTES); assert(crypto_stream_chacha20_noncebytes() > 0U); + assert(crypto_stream_chacha20_noncebytes() == crypto_stream_chacha20_NONCEBYTES); + assert(crypto_stream_chacha20_ietf_keybytes() > 0U); + assert(crypto_stream_chacha20_ietf_keybytes() == crypto_stream_chacha20_ietf_KEYBYTES); assert(crypto_stream_chacha20_ietf_noncebytes() > 0U); + assert(crypto_stream_chacha20_ietf_noncebytes() == crypto_stream_chacha20_ietf_NONCEBYTES); return 0; } diff --git a/test/default/kdf.c b/test/default/kdf.c index 211cc4af..48225c5a 100644 --- a/test/default/kdf.c +++ b/test/default/kdf.c @@ -19,8 +19,8 @@ tv_kdf(void) } subkey = (unsigned char *) sodium_malloc(crypto_kdf_BYTES_MAX); for (i = 0; i < 10; i++) { - assert(crypto_kdf_blake2b_derive_from_key(subkey, crypto_kdf_BYTES_MAX, - i, context, master_key) == 0); + assert(crypto_kdf_derive_from_key(subkey, crypto_kdf_BYTES_MAX, + i, context, master_key) == 0); sodium_bin2hex(hex, sizeof hex, subkey, crypto_kdf_BYTES_MAX); printf("%s\n", hex); } @@ -28,8 +28,8 @@ tv_kdf(void) for (i = 0; i < crypto_kdf_BYTES_MAX + 2; i++) { subkey = (unsigned char *) sodium_malloc(crypto_kdf_BYTES_MAX); - if (crypto_kdf_blake2b_derive_from_key(subkey, (size_t) i, - i, context, master_key) == 0) { + if (crypto_kdf_derive_from_key(subkey, (size_t) i, + i, context, master_key) == 0) { sodium_bin2hex(hex, sizeof hex, subkey, (size_t) i); printf("%s\n", hex); } else { @@ -48,6 +48,10 @@ tv_kdf(void) assert(crypto_kdf_contextbytes() == crypto_kdf_CONTEXTBYTES); assert(crypto_kdf_KEYBYTES >= 16); assert(crypto_kdf_keybytes() == crypto_kdf_KEYBYTES); + assert(crypto_kdf_bytes_min() == crypto_kdf_blake2b_bytes_min()); + assert(crypto_kdf_bytes_max() == crypto_kdf_blake2b_bytes_max()); + assert(crypto_kdf_contextbytes() == crypto_kdf_blake2b_contextbytes()); + assert(crypto_kdf_keybytes() == crypto_kdf_blake2b_keybytes()); printf("tv_kdf: ok\n"); } diff --git a/test/default/misuse.c b/test/default/misuse.c new file mode 100644 index 00000000..ff49e418 --- /dev/null +++ b/test/default/misuse.c @@ -0,0 +1,50 @@ + +#define TEST_NAME "misuse" +#include "cmptest.h" + +#include + +static void +sigabrt_handler_3(int sig) +{ + (void) sig; + exit(0); +} + +static void +sigabrt_handler_2(int sig) +{ + (void) sig; + signal(SIGABRT, sigabrt_handler_3); +#if SIZE_MAX > 0x4000000000ULL + randombytes_buf_deterministic(NULL, 0x4000000001ULL, NULL); +#else + abort(); +#endif + exit(1); +} + +static void +sigabrt_handler_1(int sig) +{ + (void) sig; + signal(SIGABRT, sigabrt_handler_2); + assert(crypto_kx_server_session_keys(NULL, NULL, NULL, NULL, NULL) == -1); + exit(1); +} + +#if defined(SIGABRT) && !defined(__EMSCRIPTEN__) && !defined(__native_client__) +int +main(void) +{ + signal(SIGABRT, sigabrt_handler_1); + assert(crypto_kx_client_session_keys(NULL, NULL, NULL, NULL, NULL) == -1); + return 1; +} +#else +int +main(void) +{ + exit(0); +} +#endif diff --git a/test/default/misuse.exp b/test/default/misuse.exp new file mode 100644 index 00000000..e69de29b diff --git a/test/default/onetimeauth.c b/test/default/onetimeauth.c index 0bd60669..7a4931b4 100644 --- a/test/default/onetimeauth.c +++ b/test/default/onetimeauth.c @@ -56,6 +56,8 @@ main(void) assert(crypto_onetimeauth_poly1305_bytes() == crypto_onetimeauth_bytes()); assert(crypto_onetimeauth_poly1305_keybytes() == crypto_onetimeauth_keybytes()); + assert(crypto_onetimeauth_statebytes() > 0); + assert(crypto_onetimeauth_statebytes() == crypto_onetimeauth_poly1305_statebytes()); return 0; } diff --git a/test/default/pwhash.c b/test/default/pwhash.c index 00f3a157..8531cbf4 100644 --- a/test/default/pwhash.c +++ b/test/default/pwhash.c @@ -157,6 +157,10 @@ tv2(void) 1ULL << 12, 0) != -1) { printf("[tv2] pwhash should have failed (0)\n"); } + if (crypto_pwhash_argon2i(out, sizeof out, "password", strlen("password"), salt, 3, + 1ULL << 12, 0) != -1) { + printf("[tv2] pwhash should have failed (0')\n"); + } if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3, 1, crypto_pwhash_alg_default()) != -1) { printf("[tv2] pwhash should have failed (1)\n"); @@ -408,6 +412,9 @@ main(void) crypto_pwhash_argon2i_alg_argon2i13()); assert(crypto_pwhash_alg_argon2i13() == crypto_pwhash_ALG_ARGON2I13); assert(crypto_pwhash_alg_argon2i13() == crypto_pwhash_alg_default()); + assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_ALG_ARGON2ID13); + assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_argon2i13()); + assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_default()); sodium_free(salt); sodium_free(str_out); diff --git a/test/default/pwhash_argon2id.c b/test/default/pwhash_argon2id.c index 9fa57f86..2e7a94cc 100644 --- a/test/default/pwhash_argon2id.c +++ b/test/default/pwhash_argon2id.c @@ -257,6 +257,9 @@ main(void) if (crypto_pwhash_argon2id_str_verify(str_out, passwd, strlen(passwd)) != 0) { printf("pwhash_argon2id_str_verify(1) failure\n"); } + if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) { + printf("pwhash_argon2id_str_verify(1') failure\n"); + } str_out[14]++; if (crypto_pwhash_argon2id_str_verify(str_out, passwd, strlen(passwd)) != -1) { printf("pwhash_argon2id_str_verify(2) failure\n"); @@ -309,26 +312,22 @@ main(void) "password", strlen("password")) != -1) { printf("pwhash_argon2id_str_verify(invalid(6)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify( - "$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc" - "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", - "password", strlen("password")) != 0) { + if (crypto_pwhash_str_verify("$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc" + "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", + "password", strlen("password")) != 0) { printf("pwhash_argon2id_str_verify(valid(7)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify( - "$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc" + if (crypto_pwhash_argon2id_str_verify("$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc" "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", "passwore", strlen("passwore")) != -1 || errno != EINVAL) { printf("pwhash_argon2id_str_verify(invalid(7)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify( - "$Argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc" + if (crypto_pwhash_argon2id_str_verify("$Argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc" "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", "password", strlen("password")) != -1 || errno != EINVAL) { printf("pwhash_argon2id_str_verify(invalid(8)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify( - "$argon2id$v=19$m=256,t=3,p=2$MDEyMzQ1Njc" + if (crypto_pwhash_argon2id_str_verify("$argon2id$v=19$m=256,t=3,p=2$MDEyMzQ1Njc" "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", "password", strlen("password")) != -1 || errno != EINVAL) { printf("pwhash_argon2id_str_verify(invalid(9)) failure\n"); diff --git a/test/default/secretbox.c b/test/default/secretbox.c index 45a3fbdf..cf5823e2 100644 --- a/test/default/secretbox.c +++ b/test/default/secretbox.c @@ -55,6 +55,11 @@ main(void) } printf("\n"); + assert(crypto_secretbox(c, c, 31, nonce, firstkey) == -1); + assert(crypto_secretbox(c, c, 12, nonce, firstkey) == -1); + assert(crypto_secretbox(c, c, 1, nonce, firstkey) == -1); + assert(crypto_secretbox(c, c, 0, nonce, firstkey) == -1); + assert(crypto_secretbox_keybytes() > 0U); assert(crypto_secretbox_noncebytes() > 0U); assert(crypto_secretbox_zerobytes() > 0U); diff --git a/test/default/secretbox2.c b/test/default/secretbox2.c index 3e5247b3..e6320b77 100644 --- a/test/default/secretbox2.c +++ b/test/default/secretbox2.c @@ -46,5 +46,10 @@ main(void) } printf("\n"); } + assert(crypto_secretbox_open(m, c, 31, nonce, firstkey) == -1); + assert(crypto_secretbox_open(m, c, 16, nonce, firstkey) == -1); + assert(crypto_secretbox_open(m, c, 1, nonce, firstkey) == -1); + assert(crypto_secretbox_open(m, c, 0, nonce, firstkey) == -1); + return 0; } diff --git a/test/default/xchacha20.c b/test/default/xchacha20.c index b3936b9c..0074e827 100644 --- a/test/default/xchacha20.c +++ b/test/default/xchacha20.c @@ -229,7 +229,8 @@ tv_secretbox_xchacha20poly1305(void) (crypto_secretbox_xchacha20poly1305_MACBYTES + m_len); sodium_hex2bin(out, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, tv->out, strlen(tv->out), NULL, NULL, NULL); - crypto_secretbox_xchacha20poly1305_easy(out2, m, m_len, nonce, key); + assert(crypto_secretbox_xchacha20poly1305_easy(out2, m, m_len, nonce, key) == 0); + assert(crypto_secretbox_xchacha20poly1305_easy(out2, m, SIZE_MAX, nonce, key) == -1); assert(memcmp(out, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0); n = randombytes_uniform(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len); @@ -246,10 +247,18 @@ tv_secretbox_xchacha20poly1305(void) assert(crypto_secretbox_xchacha20poly1305_open_easy (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len, nonce, key) == 0); + assert(crypto_secretbox_xchacha20poly1305_open_easy + (out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES - 1, + nonce, key) == -1); + assert(crypto_secretbox_xchacha20poly1305_open_easy + (out2, out2, 0, nonce, key) == -1); assert(memcmp(m, out2, m_len) == 0); assert(crypto_secretbox_xchacha20poly1305_open_detached (out2, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out, m_len, nonce, key) == 0); + assert(crypto_secretbox_xchacha20poly1305_open_detached + (NULL, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out, + m_len, nonce, key) == 0); crypto_secretbox_xchacha20poly1305_detached (out2 + crypto_secretbox_xchacha20poly1305_MACBYTES, out2, m, m_len, nonce, key); @@ -302,6 +311,8 @@ tv_box_xchacha20poly1305(void) assert(crypto_box_curve25519xchacha20poly1305_keypair(pk, sk) == 0); assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, m_len, nonce, pk, sk) == 0); + assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, SIZE_MAX, nonce, + pk, sk) == -1); assert(crypto_box_curve25519xchacha20poly1305_open_easy (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len, nonce, pk, sk) == 0); @@ -311,6 +322,8 @@ tv_box_xchacha20poly1305(void) out = (unsigned char *) sodium_malloc (crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len); assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, pk, sk) == 0); + assert(crypto_box_curve25519xchacha20poly1305_easy_afternm + (out, m, SIZE_MAX, nonce, pc) == -1); assert(crypto_box_curve25519xchacha20poly1305_easy_afternm (out, m, m_len, nonce, pc) == 0); assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm @@ -360,6 +373,7 @@ tv_box_xchacha20poly1305(void) assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES); assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES); assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES); + assert(crypto_box_curve25519xchacha20poly1305_macbytes() == crypto_box_curve25519xchacha20poly1305_MACBYTES); printf("tv_box_xchacha20poly1305: ok\n"); }