Commit Graph

339 Commits

Author SHA1 Message Date
Frank Denis
7e5d64834c untab 2017-02-19 21:17:42 +01:00
Frank Denis
7f7e7235c5 Add a keygen function to all the primitives 2017-02-19 21:15:54 +01:00
Frank Denis
93d02019da Trigger randombytes_seedbytes() 2017-02-19 19:10:08 +01:00
Frank Denis
cafb0a695b Add randombytes_buf_deterministic() 2017-02-19 18:40:29 +01:00
Frank Denis
70c2796ae5 + crypto_kdf high-level API
This is a common need, and people end up reimplementing HKDF.

So, add a crypto_kdf() API similiar to libhydrogen's. The later has a
higher limit for the output length using BLAKE2X if required.

We can implement the same strategy later in libsodium if needed.
2017-02-19 18:13:10 +01:00
Frank Denis
e0150faf56 Always zero the argon2 output buffer prior to doing anything
This is consistent with what we are doing with scrypt.
On error/misuse, the buffer is zeroed; this may prevent bugs with
reused/invalid buffers.
2017-02-19 12:40:28 +01:00
Frank Denis
2c6fb87708 Set crypto_pwhash_scryptsalsa208sha256_BYTES_MIN to 128 bits 2017-02-19 12:31:05 +01:00
Frank Denis
2e4e1c66a0 Complete 08c0e03f83 2017-02-19 12:23:37 +01:00
Emil Bay
08c0e03f83 WIP: crypto_pwhash constants (#464)
* Test exposed constraint constants on crypto_pwhash

This includes the following constants for crypto_pwhash, crypto_pwhash_argon2i,
and crypto_pwhash_scryptsalsa208sha256:

- crypto_pwhash_BYTES_MIN
- crypto_pwhash_BYTES_MAX
- crypto_pwhash_PASSWD_MIN
- crypto_pwhash_PASSWD_MAX
- crypto_pwhash_OPSLIMIT_MIN
- crypto_pwhash_OPSLIMIT_MAX
- crypto_pwhash_MEMLIMIT_MIN
- crypto_pwhash_MEMLIMIT_MAX

* Expose constraint constants for crypto_pwhash

* Expose constant methods for crypto_pwhash
2017-02-19 11:19:01 +01:00
Frank Denis
532ea6bd95 + test for aead_xchacha20poly1305 2017-02-18 22:10:30 +01:00
Frank Denis
a329340d90 Remove the NaCl-like APIs from *xchacha20 additions
These APIs were useful with the salsa20 constructions for compatibility
with NaCl, but they are tricky to use and don't provide any benefits over
the _easy APIs.

Having them around was good for consistency with the salsa20-based ones,
but this is code that is unlikely to be used in actual projects.

So, don't include them, unless people actually ask for them.
2017-02-18 21:22:39 +01:00
Frank Denis
eb5c17d3ec Add tests for box_xchacha20poly1305 2017-02-18 20:31:39 +01:00
Frank Denis
99e6c94739 C++ compat 2017-02-16 09:57:01 +01:00
Frank Denis
b146082d68 More tests for *xchacha20* 2017-02-14 15:41:59 +01:00
Frank Denis
071a1afde3 C++ compat 2017-02-12 22:34:15 +01:00
Frank Denis
b209a7c0af Add a test for HChaCha20 2017-02-12 22:28:35 +01:00
Frank Denis
3499cbfbe5 Add dist-build/nativeclient-x86-64.sh 2016-04-29 21:55:06 +02:00
Frank Denis
858b8e8c5e Put then and if on the same line.
Having `then` aligned with `if` was pretty confusing, and I kept
reading `else` instead of `then`.
2016-04-29 20:49:35 +02:00
Frank Denis
492d4b1dd6 Repair NativeClient support 2016-04-18 21:40:18 +02:00
Frank Denis
e2f75d6168 Make assertions more readable 2016-04-12 01:23:14 +02:00
Frank Denis
1818267d64 Return -1 if crypto_generichash_final() is called twice 2016-04-06 01:00:49 +02:00
Frank Denis
b09e1970bc Test that ciphertexts shorter than the MAC size aren't even read 2016-04-04 10:47:54 +02:00
Frank Denis
d73124a025 Make the test of truncated chacha20poly1305 ciphers less deterministic 2016-04-04 10:40:23 +02:00
Frank Denis
d7f5877df5 Add crypto_pwhash_argon2i_ALG_ARGON2I13 2016-04-01 20:48:34 +02:00
Frank Denis
384e08b7f4 Require an algorithm identifier in crypto_pwhash() 2016-04-01 20:29:28 +02:00
Frank Denis
5d8c878ffb Remove mlen_p from the AEAD detached interface 2016-03-30 21:20:34 +02:00
Frank Denis
7afe93f9a2 Mark test functions as static and __attribute__ ((noreturn)) 2016-03-27 00:32:25 +01:00
Frank Denis
2aa703fcc7 Restore the previous sodium_malloc(0) behavior
If aligned memory cannot be obtained, allocate 1 byte
to always return a non-NULL pointer.
2016-03-25 16:26:37 +01:00
Frank Denis
1f1d3f70b9 More Argon2 tests 2016-03-25 15:45:50 +01:00
Frank Denis
fb865c9a5c More tests / lcov exclusions 2016-03-25 15:36:57 +01:00
Frank Denis
a25569320c The version in Argon2i strings is separated from other parameters 2016-03-25 12:27:04 +01:00
Frank Denis
d91adb2cff Avoid implicit sodium_malloc(0) in tests 2016-03-25 10:50:52 +01:00
Frank Denis
eb13ec0cff Make sodium_malloc(0) well-defined. It always returns NULL. 2016-03-25 09:44:41 +01:00
Frank Denis
346f8c131e More tests 2016-03-24 22:16:52 +01:00
Frank Denis
71a548ac10 Additional tests for BLAKE2b 2016-03-24 21:57:33 +01:00
Frank Denis
caae5e85f3 C++ compat 2016-03-23 17:22:35 +01:00
Frank Denis
b483845eb5 Tests must use sodium_malloc() as much as possible 2016-03-23 16:23:40 +01:00
Frank Denis
cb150c2d3d sizeof() -> constants 2016-03-23 15:55:45 +01:00
Frank Denis
2b79c12f93 Nits 2016-03-23 15:41:55 +01:00
Frank Denis
f137857e18 Add tests for the detached chacha20poly1305 API 2016-03-23 15:20:23 +01:00
Frank Denis
3fb2ee07cb Add crypto_pwhash_primitive() 2016-03-21 20:59:43 +01:00
Frank Denis
79935dc918 test/pwhash_argon2i -> test/pwhash 2016-03-21 09:48:01 +01:00
Frank Denis
359553f07d Add support for optional parameters to future-proof crypto_pwhash() 2016-03-21 09:38:43 +01:00
Frank Denis
0a18d18daf Consistent comment style 2016-03-18 09:56:21 +01:00
Frank Denis
cf4f0c48dc Add tests for the detached aes256gcm API 2016-03-15 11:21:23 +01:00
Frank Denis
7597b7cc13 Check what the implications of versioned Argon2 strings will be 2016-03-10 12:26:17 +01:00
Frank Denis
62911edb7f Ed25519: verify 0<=s<2^252+27742317777372353535851937790883648493
This reintroduces removed code to match the irtf-cfrg-eddsa draft

ED25519_COMPAT can be defined to keep the old behavior
2016-03-08 20:35:21 +01:00
Frank Denis
845e3e7cff Update test for short output 2016-03-08 13:57:16 +01:00
Frank Denis
ae6ecda055 Explicit downcast 2016-03-07 15:45:59 +01:00
Frank Denis
a5ca5b1b25 Unused param 2016-03-06 14:00:18 +01:00