Commit Graph

448 Commits

Author SHA1 Message Date
Frank Denis
e747cec677 Indent 2017-02-23 11:22:36 +01:00
Frank Denis
3cce789304 Indent 2017-02-23 11:22:00 +01:00
Frank Denis
db7c0e1956 Indent 2017-02-23 11:21:30 +01:00
Frank Denis
c8f6121429 Indent 2017-02-23 11:20:37 +01:00
Frank Denis
20b12aa9d4 Indent 2017-02-23 11:19:53 +01:00
Frank Denis
5351efb122 Indentx 2017-02-23 11:15:29 +01:00
Frank Denis
0877b14c68 Correct array size check in xchacha20 test 2017-02-20 11:35:13 +01:00
Frank Denis
5957e2c735 C++ compat 2017-02-19 21:23:34 +01:00
Frank Denis
8af252bf87 use crypto_*_keygen() in tests 2017-02-19 21:20:45 +01:00
Frank Denis
7e5d64834c untab 2017-02-19 21:17:42 +01:00
Frank Denis
7f7e7235c5 Add a keygen function to all the primitives 2017-02-19 21:15:54 +01:00
Frank Denis
93d02019da Trigger randombytes_seedbytes() 2017-02-19 19:10:08 +01:00
Frank Denis
cafb0a695b Add randombytes_buf_deterministic() 2017-02-19 18:40:29 +01:00
Frank Denis
70c2796ae5 + crypto_kdf high-level API
This is a common need, and people end up reimplementing HKDF.

So, add a crypto_kdf() API similiar to libhydrogen's. The later has a
higher limit for the output length using BLAKE2X if required.

We can implement the same strategy later in libsodium if needed.
2017-02-19 18:13:10 +01:00
Frank Denis
e0150faf56 Always zero the argon2 output buffer prior to doing anything
This is consistent with what we are doing with scrypt.
On error/misuse, the buffer is zeroed; this may prevent bugs with
reused/invalid buffers.
2017-02-19 12:40:28 +01:00
Frank Denis
2c6fb87708 Set crypto_pwhash_scryptsalsa208sha256_BYTES_MIN to 128 bits 2017-02-19 12:31:05 +01:00
Frank Denis
2e4e1c66a0 Complete 08c0e03f83 2017-02-19 12:23:37 +01:00
Emil Bay
08c0e03f83 WIP: crypto_pwhash constants (#464)
* Test exposed constraint constants on crypto_pwhash

This includes the following constants for crypto_pwhash, crypto_pwhash_argon2i,
and crypto_pwhash_scryptsalsa208sha256:

- crypto_pwhash_BYTES_MIN
- crypto_pwhash_BYTES_MAX
- crypto_pwhash_PASSWD_MIN
- crypto_pwhash_PASSWD_MAX
- crypto_pwhash_OPSLIMIT_MIN
- crypto_pwhash_OPSLIMIT_MAX
- crypto_pwhash_MEMLIMIT_MIN
- crypto_pwhash_MEMLIMIT_MAX

* Expose constraint constants for crypto_pwhash

* Expose constant methods for crypto_pwhash
2017-02-19 11:19:01 +01:00
Frank Denis
532ea6bd95 + test for aead_xchacha20poly1305 2017-02-18 22:10:30 +01:00
Frank Denis
a329340d90 Remove the NaCl-like APIs from *xchacha20 additions
These APIs were useful with the salsa20 constructions for compatibility
with NaCl, but they are tricky to use and don't provide any benefits over
the _easy APIs.

Having them around was good for consistency with the salsa20-based ones,
but this is code that is unlikely to be used in actual projects.

So, don't include them, unless people actually ask for them.
2017-02-18 21:22:39 +01:00
Frank Denis
eb5c17d3ec Add tests for box_xchacha20poly1305 2017-02-18 20:31:39 +01:00
Frank Denis
99e6c94739 C++ compat 2017-02-16 09:57:01 +01:00
Frank Denis
b146082d68 More tests for *xchacha20* 2017-02-14 15:41:59 +01:00
Frank Denis
071a1afde3 C++ compat 2017-02-12 22:34:15 +01:00
Frank Denis
b209a7c0af Add a test for HChaCha20 2017-02-12 22:28:35 +01:00
Frank Denis
3499cbfbe5 Add dist-build/nativeclient-x86-64.sh 2016-04-29 21:55:06 +02:00
Frank Denis
858b8e8c5e Put then and if on the same line.
Having `then` aligned with `if` was pretty confusing, and I kept
reading `else` instead of `then`.
2016-04-29 20:49:35 +02:00
Frank Denis
492d4b1dd6 Repair NativeClient support 2016-04-18 21:40:18 +02:00
Frank Denis
e2f75d6168 Make assertions more readable 2016-04-12 01:23:14 +02:00
Frank Denis
1818267d64 Return -1 if crypto_generichash_final() is called twice 2016-04-06 01:00:49 +02:00
Frank Denis
b09e1970bc Test that ciphertexts shorter than the MAC size aren't even read 2016-04-04 10:47:54 +02:00
Frank Denis
d73124a025 Make the test of truncated chacha20poly1305 ciphers less deterministic 2016-04-04 10:40:23 +02:00
Frank Denis
d7f5877df5 Add crypto_pwhash_argon2i_ALG_ARGON2I13 2016-04-01 20:48:34 +02:00
Frank Denis
384e08b7f4 Require an algorithm identifier in crypto_pwhash() 2016-04-01 20:29:28 +02:00
Frank Denis
5d8c878ffb Remove mlen_p from the AEAD detached interface 2016-03-30 21:20:34 +02:00
Frank Denis
7afe93f9a2 Mark test functions as static and __attribute__ ((noreturn)) 2016-03-27 00:32:25 +01:00
Frank Denis
2aa703fcc7 Restore the previous sodium_malloc(0) behavior
If aligned memory cannot be obtained, allocate 1 byte
to always return a non-NULL pointer.
2016-03-25 16:26:37 +01:00
Frank Denis
1f1d3f70b9 More Argon2 tests 2016-03-25 15:45:50 +01:00
Frank Denis
fb865c9a5c More tests / lcov exclusions 2016-03-25 15:36:57 +01:00
Frank Denis
a25569320c The version in Argon2i strings is separated from other parameters 2016-03-25 12:27:04 +01:00
Frank Denis
d91adb2cff Avoid implicit sodium_malloc(0) in tests 2016-03-25 10:50:52 +01:00
Frank Denis
eb13ec0cff Make sodium_malloc(0) well-defined. It always returns NULL. 2016-03-25 09:44:41 +01:00
Frank Denis
346f8c131e More tests 2016-03-24 22:16:52 +01:00
Frank Denis
71a548ac10 Additional tests for BLAKE2b 2016-03-24 21:57:33 +01:00
Frank Denis
caae5e85f3 C++ compat 2016-03-23 17:22:35 +01:00
Frank Denis
b483845eb5 Tests must use sodium_malloc() as much as possible 2016-03-23 16:23:40 +01:00
Frank Denis
cb150c2d3d sizeof() -> constants 2016-03-23 15:55:45 +01:00
Frank Denis
2b79c12f93 Nits 2016-03-23 15:41:55 +01:00
Frank Denis
f137857e18 Add tests for the detached chacha20poly1305 API 2016-03-23 15:20:23 +01:00
Frank Denis
3fb2ee07cb Add crypto_pwhash_primitive() 2016-03-21 20:59:43 +01:00
Frank Denis
79935dc918 test/pwhash_argon2i -> test/pwhash 2016-03-21 09:48:01 +01:00
Frank Denis
359553f07d Add support for optional parameters to future-proof crypto_pwhash() 2016-03-21 09:38:43 +01:00
Frank Denis
0a18d18daf Consistent comment style 2016-03-18 09:56:21 +01:00
Frank Denis
cf4f0c48dc Add tests for the detached aes256gcm API 2016-03-15 11:21:23 +01:00
Frank Denis
7597b7cc13 Check what the implications of versioned Argon2 strings will be 2016-03-10 12:26:17 +01:00
Frank Denis
62911edb7f Ed25519: verify 0<=s<2^252+27742317777372353535851937790883648493
This reintroduces removed code to match the irtf-cfrg-eddsa draft

ED25519_COMPAT can be defined to keep the old behavior
2016-03-08 20:35:21 +01:00
Frank Denis
845e3e7cff Update test for short output 2016-03-08 13:57:16 +01:00
Frank Denis
ae6ecda055 Explicit downcast 2016-03-07 15:45:59 +01:00
Frank Denis
a5ca5b1b25 Unused param 2016-03-06 14:00:18 +01:00
Frank Denis
5353569d9a Remove obsolete and redundant globals 2016-03-06 13:59:26 +01:00
Frank Denis
212841b28d int vs size_t 2016-03-06 13:58:10 +01:00
Frank Denis
aafff07689 Add support for running the test suite with Valgrind 2016-03-06 01:35:06 +01:00
Frank Denis
b55febaafa Bump ARGON2_MIN_TIME to 3, adjust tests accordingly 2016-03-01 14:08:31 +01:00
Frank Denis
bb596e8eb7 Trim/untab/indent 2016-02-27 13:26:42 +01:00
Frank Denis
11caf90c1f Update Argon2 tests 2016-02-17 16:39:20 +01:00
Frank Denis
17248540e3 Add aes256gcm stubs for platforms where it is not available 2016-01-22 10:21:24 +01:00
Frank Denis
53419d7b06 Merge pull request #348 from betafive/pbarker/blake2
Add crypt_generichash_blake2b_statebytes function
2016-01-16 20:15:00 +01:00
Paul Barker
e20291d78e Add crypt_generichash_blake2b_statebytes function
The function crypto_generichash_statebytes exists to dynamically determine the
size of a crypto_generichash_state struct. This is useful when using libsodium
from a language which can't use sizeof on C types. However, no equivalent
existed for the crypto_generichash_blake2b_state struct for users who want to
explicitly use the blake2b algorithm.

The function crypt_generichash_blake2b_statebytes is added to fill this gap.
2016-01-16 17:25:14 +00:00
Frank Denis
8c0b916729 Add new macros for chacha20poly1305_ietf constants, for clarity 2016-01-16 12:36:30 +01:00
Frank Denis
1cce9b1e00 argon2i strings are variable length; check that they are zero-padded 2016-01-08 16:55:08 +01:00
Frank Denis
cfd597298f Bring back tests vectors for argon2 strings 2016-01-06 15:36:36 +01:00
Frank Denis
29fb06cd23 Check for crypto_pwhash_*limit_moderate() presence 2015-12-30 11:59:15 +01:00
Frank Denis
77a61b8ad7 Test the high-level crypto_pwhash() functions 2015-12-29 21:53:56 +01:00
Frank Denis
654a2b3f95 Shorten a few test argon2i test vectors for V8
This is enough to reproduce an bug with Chrome
2015-12-29 21:06:23 +01:00
Frank Denis
61c5b4a35c argon2i test: remove tv3 for now; it's too much for web browsers
Proper test vectors will be reintroduced later
2015-12-29 19:16:31 +01:00
Frank Denis
c48eaad3cd Don't require too much memory for the pwhash_argon2i() test
so that the Javascript version can run in web browsers
2015-12-29 17:54:21 +01:00
Frank Denis
7a95e921ac Add tests for pwhash_argon2i 2015-12-29 17:12:23 +01:00
Frank Denis
14bf02af88 Rename the pwhash test as as pwhash_scrypt 2015-12-29 16:14:19 +01:00
Frank Denis
d839d74c89 lcov exclusion 2015-12-25 02:09:12 +01:00
Frank Denis
9784038ad0 Check crypto_box_detached() with a small order pk 2015-12-25 02:01:51 +01:00
Frank Denis
2f1cec7352 Test crypto_box_beforenm() with a small order pk 2015-12-25 02:00:01 +01:00
Frank Denis
b80d037b4d Check that crypto_box[_beforenm] fails with a small order pk 2015-12-24 19:35:05 +01:00
Frank Denis
60d05339fd Constify 2015-12-24 19:00:42 +01:00
Frank Denis
386ce83df1 Test crypto_onetimeauth_update() with a null size 2015-12-22 14:32:14 +01:00
Brian Silverman
63b82c28e9 Use the right type for sizeof's result 2015-12-16 22:54:06 -05:00
Frank Denis
b977a53d1d printf("%llu") is not expected work on mingw32/Windows XP. 2015-12-10 16:38:26 +01:00
Frank Denis
054579d3bb Remove dead globals, bump the number of rounds in the box{7,8} tests 2015-12-09 01:43:57 +01:00
Frank Denis
d9e38003dc Reduce the number of rounds in the box7 test, use guarded memory 2015-12-09 01:41:30 +01:00
Frank Denis
fb09514949 Shorten the verify1 test 2015-12-09 01:37:58 +01:00
Frank Denis
ea43d1b18b Shorten auth7 2015-12-07 17:41:20 +01:00
Frank Denis
4bf74c7574 C++ compat 2015-12-07 10:46:03 +01:00
Frank Denis
48b9c4e75c Ignore test/default/browser, import HTML template 2015-12-07 09:57:49 +01:00
Frank Denis
43c25a343b Reduce box8 even more 2015-12-07 09:43:34 +01:00
Frank Denis
8e54dd6d5f Use guarded memory for the box8 test 2015-12-07 09:32:53 +01:00
Frank Denis
3e2bef97dc Reduce a few expensive tests 2015-12-07 09:09:04 +01:00
Frank Denis
7ada62b1ff Reduce some test cases, generate html test files 2015-12-07 08:58:35 +01:00
Frank Denis
e262425a4a Reduce even more, for Chrome 2015-12-07 02:16:22 +01:00
Frank Denis
1600ccfdda On a web browser, reduce the number of vectors for the sign test 2015-12-07 02:12:44 +01:00
Frank Denis
0eaa2294a4 Revert "Output signatures prefix in the signature test"
This reverts commit c73cbc42d9.
2015-12-07 02:04:22 +01:00
Frank Denis
c73cbc42d9 Output signatures prefix in the signature test 2015-12-07 01:57:53 +01:00
Frank Denis
3d1e11fe81 Support a BROWSER_TESTS env variable to build tests for browsers 2015-12-07 01:44:33 +01:00
Frank Denis
ec6b86611f More checks for sodium_add() (overlaps) and sodium_increment() 2015-12-06 19:06:27 +01:00
Frank Denis
27ce39ebbe Add a test with a null message in box_easy() 2015-11-27 14:18:43 +01:00
Frank Denis
b482401b46 Add tests with null message in secretbox_easy.c 2015-11-27 14:13:21 +01:00
Frank Denis
ba6833cc16 Use sodium_malloc() for the secretbox_easy2 test 2015-11-27 12:30:13 +01:00
Frank Denis
2e5c94a34f Use guarded memory for the box_easy2() test
+ non-deterministic buffer sizes
2015-11-27 12:13:58 +01:00
Frank Denis
4ec7fb481d Remove generichash tests with invalid parameters
They must be reintroduced at some point, probably by overriding
the `abort` symbol.
2015-11-27 11:00:29 +01:00
Frank Denis
1c8e34577f Less deterministic crypto_verify_*() tests 2015-11-25 14:10:36 +01:00
Frank Denis
d8b9b395a3 Mark everything as static in tests 2015-11-23 16:07:13 +01:00
Frank Denis
5e17a7adf8 Check that scalarmult() returns -1 with a point of small order
325606250916557431795983626356110631294008115727848805560023387167927233504
is a point of order 8
2015-11-17 11:07:37 +01:00
Frank Denis
2bc5874874 Check that the output of X25519 is not the all-zero value
Return -1 if this happens, and mark crypto_scalarmult() as warn_unused_result
Mark dependent functions with warn_unused_result as well
2015-11-17 11:07:33 +01:00
Frank Denis
9337ecfa60 Add tests for sodium_add(), more tests for sodium_increment() and is_zero() 2015-11-16 23:22:01 +01:00
Frank Denis
7561a25d5a Add a is_zero() helper 2015-11-13 01:48:34 +01:00
Frank Denis
debed38314 Check a return value in the secretbox_easy2 test 2015-11-01 14:45:35 +01:00
Frank Denis
17bcbbbd45 Force functions whose result must be checked to be checked 2015-11-01 13:57:51 +01:00
Frank Denis
26fdfec99b Add sodium_runtime_has_ssse3() and sodium_runtime_has_sse41() 2015-10-31 23:42:44 +01:00
Frank Denis
84695c8d42 Make sodium_compare() work on little-endian numbers as expected 2015-10-31 22:36:54 +01:00
Frank Denis
a1e4d3df3f Add AES256-GCM tests for decryption of truncated ciphertext 2015-10-30 19:47:47 +01:00
Frank Denis
688e1c4742 C++ compat 2015-10-26 22:48:56 +01:00
Frank Denis
437ce023c9 Exercise ChaCha20 with different output sizes 2015-10-26 21:30:46 +01:00
Frank Denis
771e32bd18 CompCert compatibility 2015-10-26 16:59:28 +01:00
Frank Denis
4b1478cd5b Extra sanity checks for blake2b_salt_personal() 2015-10-25 01:57:07 +02:00
Frank Denis
5d0236c25e C++ compat 2015-10-21 17:42:22 +02:00
Frank Denis
143e1c1a14 Do not compile unused sections 2015-10-18 01:33:35 +02:00
Frank Denis
1cfa5ec6c1 Add Blake2b test vectors from the reference code 2015-10-18 00:55:10 +02:00
Frank Denis
f01c303631 Blake2b: refuse a NULL key with a length > 0 2015-10-18 00:27:03 +02:00
Frank Denis
eeb31af578 Let crypto_generichash_statebytes() return a size rounded to the alignment
Add similar check in the aead_aes256gcm test.
2015-10-18 00:16:05 +02:00
Frank Denis
a2c8ff5ccb Visual Studio doesn't have %zu 2015-10-17 21:32:25 +02:00
Frank Denis
d667efde68 Add sodium_compare()
A constant-time version of memcmp(), useful to compare nonces and counters
in little-endian format, that plays well with sodium_increment().

Unlike sodium_memcmp() which can compare anything for equality,
sodium_compare() is designed to compare things that are comparable, byte by
byte. Therefore, the prototype is slightly different: its arguments are
supposed to be `const unsigned char *`.

The names sodium_memcmp() and sodium_compare() are slightly confusing.
But we're not going to rename sodium_memcmp(), and I cannot think of a
better name for sodium_compare() than sodium_compare().
2015-10-17 21:25:30 +02:00
Frank Denis
2aef671fd9 Indent 2015-10-17 21:10:52 +02:00
Frank Denis
bfed7b91b6 Explicit cast 2015-10-14 15:54:27 +02:00
Frank Denis
2ee2e86f80 Explicit cast 2015-10-14 11:29:38 +02:00
Frank Denis
f169623d4e C++ compat 2015-10-12 14:44:00 +02:00
Frank Denis
84625742c6 More test vectors 2015-10-12 13:58:10 +02:00
Frank Denis
40ba7ea531 More test vectors
from http://www.ieee802.org/1/files/public/docs2011/bn-randall-test-vectors-0511-v1.pdf
2015-10-12 10:03:09 +02:00
Frank Denis
98550acafb Add tests for the aes256gcm functions returning sizes
Which spotted a typo by the way.
2015-10-11 19:19:31 +02:00
Frank Denis
7082a3c8d1 Ignore the aes256gcm test if aes256gcm hasn't been compiled in 2015-10-11 19:14:29 +02:00
Frank Denis
20e384988c Test for presence of new sodium_runtime_has_*() functions 2015-10-11 18:51:30 +02:00
Frank Denis
c8be336506 C++ compat 2015-10-11 14:35:32 +02:00
Frank Denis
aa965a580b Expose only crypto_aead_aes256gcm_*() not crypto_aead_aes256gcm_aesni_*()
libsodium typically doesn't expose specific implementations.
It shouldn't be the case for that construction either, especially since
an ARM8 implementation might be added later.
We want a single interface for both.
2015-10-11 14:29:25 +02:00
Frank Denis
dadc5d9906 Add crypto_aead_aes256gcm_aesni_is_available() 2015-10-11 13:05:32 +02:00
Frank Denis
93295855cf Add aes256gcm test vectors 2015-10-11 12:56:20 +02:00
Frank Denis
dca2131f45 C++ compat 2015-09-21 16:05:53 +02:00
Frank Denis
6be1ce3f34 scalarmult: add the exact test from the irtf-cfrg-curves draft
Use guarded memory by the way.
2015-09-21 15:45:32 +02:00
Frank Denis
7fa840e486 C++ compat 2015-09-09 17:42:38 +02:00
Frank Denis
8ee4950eb3 Use sodium_malloc() for the secretbox_*() tests 2015-09-09 10:00:18 +02:00
Frank Denis
0f1f8a6ea6 Check that secretbox works as expected when m and c are overlapping 2015-09-09 09:00:08 +02:00
Frank Denis
f51fb6a90e Add a test for crypto_secretbox() with c == m 2015-09-09 08:51:19 +02:00
Frank Denis
90d9f5debd Remove bashisms in nacl-test-wrapper.sh 2015-08-02 14:39:17 +02:00
Frank Denis
7fca230be8 Nits after pnacl merge 2015-08-02 13:53:22 +02:00