2017-09-19 00:45:28 +00:00
|
|
|
|
|
|
|
|
#define TEST_NAME "pwhash"
|
|
|
|
|
#include "cmptest.h"
|
|
|
|
|
|
|
|
|
|
#define OUT_LEN 128
|
|
|
|
|
#define OPSLIMIT 3
|
|
|
|
|
#define MEMLIMIT 5000000
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
tv(void)
|
|
|
|
|
{
|
|
|
|
|
static struct {
|
|
|
|
|
const char * passwd_hex;
|
|
|
|
|
size_t passwd_len;
|
|
|
|
|
const char * salt_hex;
|
|
|
|
|
size_t outlen;
|
|
|
|
|
unsigned long long opslimit;
|
|
|
|
|
size_t memlimit;
|
|
|
|
|
unsigned int lanes;
|
|
|
|
|
} tests[] = {
|
|
|
|
|
{ "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0"
|
|
|
|
|
"65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d"
|
|
|
|
|
"a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5"
|
|
|
|
|
"8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6",
|
|
|
|
|
127,
|
|
|
|
|
"5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2",
|
|
|
|
|
155, 5, 7256678, 1 },
|
|
|
|
|
{ "e125cee61c8cb7778d9e5ad0a6f5d978ce9f84de213a8556d9ffe202020ab4a6ed"
|
|
|
|
|
"9074a4eb3416f9b168f137510f3a30b70b96cbfa219ff99f6c6eaffb15c06b60e0"
|
|
|
|
|
"0cc2890277f0fd3c622115772f7048adaebed86e",
|
|
|
|
|
86,
|
|
|
|
|
"f1192dd5dc2368b9cd421338b22433455ee0a3699f9379a08b9650ea2c126f0d",
|
|
|
|
|
250, 4, 7849083, 1 },
|
|
|
|
|
{ "92263cbf6ac376499f68a4289d3bb59e5a22335eba63a32e6410249155b956b6a3"
|
|
|
|
|
"b48d4a44906b18b897127300b375b8f834f1ceffc70880a885f47c33876717e392"
|
|
|
|
|
"be57f7da3ae58da4fd1f43daa7e44bb82d3717af4319349c24cd31e46d295856b0"
|
|
|
|
|
"441b6b289992a11ced1cc3bf3011604590244a3eb737ff221129215e4e4347f491"
|
|
|
|
|
"5d41292b5173d196eb9add693be5319fdadc242906178bb6c0286c9b6ca6012746"
|
|
|
|
|
"711f58c8c392016b2fdfc09c64f0f6b6ab7b",
|
|
|
|
|
183,
|
|
|
|
|
"3b840e20e9555e9fb031c4ba1f1747ce25cc1d0ff664be676b9b4a90641ff194",
|
|
|
|
|
249, 3, 7994791, 1 },
|
|
|
|
|
{ "027b6d8e8c8c474e9b69c7d9ed4f9971e8e1ce2f6ba95048414c3970f0f09b70e3"
|
|
|
|
|
"b6c5ae05872b3d8678705b7d381829c351a5a9c88c233569b35d6b0b809df44b64"
|
|
|
|
|
"51a9c273f1150e2ef8a0b5437eb701e373474cd44b97ef0248ebce2ca0400e1b53"
|
|
|
|
|
"f3d86221eca3f18eb45b702b9172440f774a82cbf1f6f525df30a6e293c873cce6"
|
|
|
|
|
"9bb078ed1f0d31e7f9b8062409f37f19f8550aae",
|
|
|
|
|
152,
|
|
|
|
|
"eb2a3056a09ad2d7d7f975bcd707598f24cd32518cde3069f2e403b34bfee8a5", 5,
|
|
|
|
|
4, 1397645, 1 },
|
|
|
|
|
{ "4a857e2ee8aa9b6056f2424e84d24a72473378906ee04a46cb05311502d5250b82"
|
|
|
|
|
"ad86b83c8f20a23dbb74f6da60b0b6ecffd67134d45946ac8ebfb3064294bc097d"
|
|
|
|
|
"43ced68642bfb8bbbdd0f50b30118f5e",
|
|
|
|
|
82,
|
|
|
|
|
"39d82eef32010b8b79cc5ba88ed539fbaba741100f2edbeca7cc171ffeabf258",
|
|
|
|
|
190, 3, 1432947, 1 },
|
|
|
|
|
{ "c7b09aec680e7b42fedd7fc792e78b2f6c1bea8f4a884320b648f81e8cf515e8ba"
|
|
|
|
|
"9dcfb11d43c4aae114c1734aa69ca82d44998365db9c93744fa28b63fd16000e82"
|
|
|
|
|
"61cbbe083e7e2da1e5f696bde0834fe53146d7e0e35e7de9920d041f5a5621aabe"
|
|
|
|
|
"02da3e2b09b405b77937efef3197bd5772e41fdb73fb5294478e45208063b5f58e"
|
|
|
|
|
"089dbeb6d6342a909c1307b3fff5fe2cf4da56bdae50848f",
|
|
|
|
|
156,
|
|
|
|
|
"039c056d933b475032777edbaffac50f143f64c123329ed9cf59e3b65d3f43b6",
|
|
|
|
|
178, 3, 4886999, 1 },
|
|
|
|
|
{ "b540beb016a5366524d4605156493f9874514a5aa58818cd0c6dfffaa9e90205f1"
|
|
|
|
|
"7b",
|
|
|
|
|
34,
|
|
|
|
|
"44071f6d181561670bda728d43fb79b443bb805afdebaf98622b5165e01b15fb",
|
|
|
|
|
231, 1, 1631659, 1 },
|
|
|
|
|
{ "a14975c26c088755a8b715ff2528d647cd343987fcf4aa25e7194a8417fb2b4b3f"
|
|
|
|
|
"7268da9f3182b4cfb22d138b2749d673a47ecc7525dd15a0a3c66046971784bb63"
|
|
|
|
|
"d7eae24cc84f2631712075a10e10a96b0e0ee67c43e01c423cb9c44e5371017e9c"
|
|
|
|
|
"496956b632158da3fe12addecb88912e6759bc37f9af2f45af72c5cae3b179ffb6"
|
|
|
|
|
"76a697de6ebe45cd4c16d4a9d642d29ddc0186a0a48cb6cd62bfc3dd229d313b30"
|
|
|
|
|
"1560971e740e2cf1f99a9a090a5b283f35475057e96d7064e2e0fc81984591068d"
|
|
|
|
|
"55a3b4169f22cccb0745a2689407ea1901a0a766eb99",
|
|
|
|
|
220,
|
|
|
|
|
"3d968b2752b8838431165059319f3ff8910b7b8ecb54ea01d3f54769e9d98daf",
|
|
|
|
|
167, 3, 1784128, 1 },
|
|
|
|
|
};
|
|
|
|
|
char passwd[256];
|
|
|
|
|
unsigned char salt[crypto_pwhash_SALTBYTES];
|
|
|
|
|
unsigned char out[256];
|
|
|
|
|
char out_hex[256 * 2 + 1];
|
|
|
|
|
size_t i = 0U;
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
sodium_hex2bin((unsigned char *) passwd, sizeof passwd,
|
|
|
|
|
tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
|
|
|
|
|
NULL, NULL);
|
|
|
|
|
sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex,
|
|
|
|
|
strlen(tests[i].salt_hex), NULL, NULL, NULL);
|
|
|
|
|
if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd,
|
|
|
|
|
tests[i].passwd_len, (const unsigned char *) salt,
|
|
|
|
|
tests[i].opslimit, tests[i].memlimit,
|
|
|
|
|
crypto_pwhash_alg_default()) != 0) {
|
|
|
|
|
printf("[tv] pwhash failure (maybe intentional): [%u]\n",
|
|
|
|
|
(unsigned int) i);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
sodium_bin2hex(out_hex, sizeof out_hex, out, tests[i].outlen);
|
|
|
|
|
printf("%s\n", out_hex);
|
|
|
|
|
} while (++i < (sizeof tests) / (sizeof tests[0]));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
tv2(void)
|
|
|
|
|
{
|
|
|
|
|
static struct {
|
|
|
|
|
const char * passwd_hex;
|
|
|
|
|
size_t passwd_len;
|
|
|
|
|
const char * salt_hex;
|
|
|
|
|
size_t outlen;
|
|
|
|
|
unsigned long long opslimit;
|
|
|
|
|
size_t memlimit;
|
|
|
|
|
unsigned int lanes;
|
|
|
|
|
} tests[] = {
|
|
|
|
|
{ "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0"
|
|
|
|
|
"65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d"
|
|
|
|
|
"a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5"
|
|
|
|
|
"8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6",
|
|
|
|
|
127,
|
|
|
|
|
"5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2",
|
|
|
|
|
155, 4, 1397645, 1 },
|
|
|
|
|
{ "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0"
|
|
|
|
|
"65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d"
|
|
|
|
|
"a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5"
|
|
|
|
|
"8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6",
|
|
|
|
|
127,
|
|
|
|
|
"5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2",
|
|
|
|
|
155, 3, 1397645, 1 },
|
|
|
|
|
};
|
|
|
|
|
char passwd[256];
|
|
|
|
|
unsigned char salt[crypto_pwhash_SALTBYTES];
|
|
|
|
|
unsigned char out[256];
|
|
|
|
|
char out_hex[256 * 2 + 1];
|
|
|
|
|
size_t i = 0U;
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
sodium_hex2bin((unsigned char *) passwd, sizeof passwd,
|
|
|
|
|
tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL,
|
|
|
|
|
NULL, NULL);
|
|
|
|
|
sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex,
|
|
|
|
|
strlen(tests[i].salt_hex), NULL, NULL, NULL);
|
|
|
|
|
if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd,
|
|
|
|
|
tests[i].passwd_len, (const unsigned char *) salt,
|
|
|
|
|
tests[i].opslimit, tests[i].memlimit,
|
|
|
|
|
crypto_pwhash_alg_default()) != 0) {
|
|
|
|
|
printf("[tv2] pwhash failure: [%u]\n", (unsigned int) i);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
sodium_bin2hex(out_hex, sizeof out_hex, out, tests[i].outlen);
|
|
|
|
|
printf("%s\n", out_hex);
|
|
|
|
|
} while (++i < (sizeof tests) / (sizeof tests[0]));
|
|
|
|
|
|
|
|
|
|
if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3,
|
|
|
|
|
1ULL << 12, 0) != -1) {
|
|
|
|
|
printf("[tv2] pwhash should have failed (0)\n");
|
|
|
|
|
}
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
if (crypto_pwhash_argon2i(out, sizeof out, "password", strlen("password"), salt, 3,
|
|
|
|
|
1ULL << 12, 0) != -1) {
|
|
|
|
|
printf("[tv2] pwhash should have failed (0')\n");
|
|
|
|
|
}
|
2017-09-19 00:45:28 +00:00
|
|
|
if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3,
|
|
|
|
|
1, crypto_pwhash_alg_default()) != -1) {
|
|
|
|
|
printf("[tv2] pwhash should have failed (1)\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3,
|
|
|
|
|
1ULL << 12, crypto_pwhash_alg_default()) != -1) {
|
|
|
|
|
printf("[tv2] pwhash should have failed (2)\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 2,
|
|
|
|
|
1ULL << 12, crypto_pwhash_alg_default()) != -1) {
|
|
|
|
|
printf("[tv2] pwhash should have failed (3)\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash(out, 15, "password", strlen("password"), salt, 3,
|
|
|
|
|
1ULL << 12, crypto_pwhash_alg_default()) != -1) {
|
|
|
|
|
printf("[tv2] pwhash with a short output length should have failed\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash(out, sizeof out, "password", 0x100000000ULL, salt, 3,
|
|
|
|
|
1ULL << 12, crypto_pwhash_alg_default()) != -1) {
|
|
|
|
|
printf("[tv2] pwhash with a long password length should have failed\n");
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
tv3(void)
|
|
|
|
|
{
|
|
|
|
|
static struct {
|
|
|
|
|
const char *passwd;
|
|
|
|
|
const char *out;
|
|
|
|
|
} tests[] = {
|
|
|
|
|
{ "",
|
|
|
|
|
"$argon2i$v=19$m=4096,t=1,p=1$X1NhbHQAAAAAAAAAAAAAAA$bWh++"
|
|
|
|
|
"MKN1OiFHKgIWTLvIi1iHicmHH7+Fv3K88ifFfI" },
|
|
|
|
|
{ "",
|
|
|
|
|
"$argon2i$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/"
|
|
|
|
|
"Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" },
|
|
|
|
|
{ "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ",
|
|
|
|
|
"$argon2i$v=19$m=4096,t=3,p=2$X1NhbHQAAAAAAAAAAAAAAA$z/QMiU4lQxGsYNc/"
|
|
|
|
|
"+K/bizwsA1P11UG2dj/7+aILJ4I" },
|
|
|
|
|
{ "K3S=KyH#)36_?]LxeR8QNKw6X=gFbxai$C%29V*",
|
|
|
|
|
"$argon2i$v=19$m=4096,t=3,p=1$X1NhbHQAAAAAAAAAAAAAAA$fu2Wsecyt+"
|
|
|
|
|
"yPnBvSvYN16oP5ozRmkp0ixJ1YL19V3Uo" }
|
|
|
|
|
};
|
|
|
|
|
char *out;
|
|
|
|
|
char *passwd;
|
|
|
|
|
size_t i = 0U;
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
out = (char *) sodium_malloc(strlen(tests[i].out) + 1U);
|
|
|
|
|
assert(out != NULL);
|
|
|
|
|
memcpy(out, tests[i].out, strlen(tests[i].out) + 1U);
|
|
|
|
|
passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U);
|
|
|
|
|
assert(passwd != NULL);
|
|
|
|
|
memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U);
|
|
|
|
|
if (crypto_pwhash_str_verify(out, passwd, strlen(passwd)) != 0) {
|
|
|
|
|
printf("[tv3] pwhash_str failure (maybe intentional): [%u]\n",
|
|
|
|
|
(unsigned int) i);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
sodium_free(out);
|
|
|
|
|
sodium_free(passwd);
|
|
|
|
|
} while (++i < (sizeof tests) / (sizeof tests[0]));
|
|
|
|
|
}
|
|
|
|
|
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
static void
|
|
|
|
|
str_tests(void)
|
2017-09-19 00:45:28 +00:00
|
|
|
{
|
|
|
|
|
char *str_out;
|
|
|
|
|
char *str_out2;
|
|
|
|
|
char *salt;
|
|
|
|
|
const char *passwd = "Correct Horse Battery Staple";
|
|
|
|
|
|
|
|
|
|
salt = (char *) sodium_malloc(crypto_pwhash_SALTBYTES);
|
|
|
|
|
str_out = (char *) sodium_malloc(crypto_pwhash_STRBYTES);
|
|
|
|
|
str_out2 = (char *) sodium_malloc(crypto_pwhash_STRBYTES);
|
|
|
|
|
memcpy(salt, ">A 16-bytes salt", crypto_pwhash_SALTBYTES);
|
|
|
|
|
if (crypto_pwhash_str(str_out, passwd, strlen(passwd), OPSLIMIT,
|
|
|
|
|
MEMLIMIT) != 0) {
|
|
|
|
|
printf("pwhash_str failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), OPSLIMIT,
|
|
|
|
|
MEMLIMIT) != 0) {
|
|
|
|
|
printf("pwhash_str(2) failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (strcmp(str_out, str_out2) == 0) {
|
|
|
|
|
printf("pwhash_str() doesn't generate different salts\n");
|
|
|
|
|
}
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0) {
|
|
|
|
|
printf("needs_rehash() false positive\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 ||
|
|
|
|
|
crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) != 1 ||
|
|
|
|
|
crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 ||
|
|
|
|
|
crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT * 2, MEMLIMIT) != 1) {
|
|
|
|
|
printf("needs_rehash() false negative\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) {
|
|
|
|
|
printf("needs_rehash() didn't fail with an invalid hash string\n");
|
|
|
|
|
}
|
2017-09-19 00:45:28 +00:00
|
|
|
if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out),
|
|
|
|
|
crypto_pwhash_STRBYTES - strlen(str_out)) != 1 ||
|
|
|
|
|
sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2),
|
|
|
|
|
crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) {
|
|
|
|
|
printf("pwhash_str() doesn't properly pad with zeros\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) {
|
|
|
|
|
printf("pwhash_str_verify(1) failure\n");
|
|
|
|
|
}
|
|
|
|
|
str_out[14]++;
|
|
|
|
|
if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1) {
|
|
|
|
|
printf("pwhash_str_verify(2) failure\n");
|
|
|
|
|
}
|
|
|
|
|
str_out[14]--;
|
|
|
|
|
assert(str_out[crypto_pwhash_STRBYTES - 1U] == 0);
|
|
|
|
|
|
|
|
|
|
if (crypto_pwhash_str(str_out2, passwd, 0x100000000ULL, OPSLIMIT,
|
|
|
|
|
MEMLIMIT) != -1) {
|
|
|
|
|
printf("pwhash_str() with a large password should have failed\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) !=
|
|
|
|
|
-1) {
|
|
|
|
|
printf("pwhash_str() with a small opslimit should have failed\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
|
|
|
|
|
"$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
|
|
|
|
|
"password", 0x100000000ULL) != -1) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(0)) failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ"
|
|
|
|
|
"$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
|
|
|
|
|
"password", strlen("password")) != -1) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(1)) failure %d\n", errno);
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
|
|
|
|
|
"9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ",
|
|
|
|
|
"password", strlen("password")) != -1) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(2)) failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ"
|
|
|
|
|
"$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo",
|
|
|
|
|
"password", strlen("password")) != -1) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(3)) failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1c29tZXNhbHQ"
|
|
|
|
|
"$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
|
|
|
|
|
"password", strlen("password")) != -1) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(4)) failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
|
|
|
|
|
"wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA",
|
|
|
|
|
"password", strlen("password")) != -1) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(5)) failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ"
|
|
|
|
|
"$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM",
|
|
|
|
|
"password", strlen("password")) != -1) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(6)) failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify(
|
|
|
|
|
"$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
|
|
|
|
|
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
|
|
|
|
|
"password", strlen("password")) != 0) {
|
|
|
|
|
printf("pwhash_str_verify(valid(7)) failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify(
|
|
|
|
|
"$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
|
|
|
|
|
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
|
|
|
|
|
"passwore", strlen("passwore")) != -1 || errno != EINVAL) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(7)) failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify(
|
|
|
|
|
"$Argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
|
|
|
|
|
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
|
|
|
|
|
"password", strlen("password")) != -1 || errno != EINVAL) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(8)) failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify(
|
|
|
|
|
"$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
|
|
|
|
|
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
|
|
|
|
|
"password", strlen("password")) != -1 || errno != EINVAL) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(9)) failure\n");
|
|
|
|
|
}
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
if (crypto_pwhash_str_verify(
|
|
|
|
|
"$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVla~=mRpc29kaXNrdw"
|
|
|
|
|
"$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M",
|
|
|
|
|
"password", strlen("password")) != -1 || errno != EINVAL) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(10)) failure\n");
|
|
|
|
|
}
|
|
|
|
|
if (crypto_pwhash_str_verify(
|
|
|
|
|
"$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw"
|
|
|
|
|
"$TNnWIwlu1061JHrnCqIAmjs3huSxYI~=U+0jWipu7Kc9M",
|
|
|
|
|
"password", strlen("password")) != -1 || errno != EINVAL) {
|
|
|
|
|
printf("pwhash_str_verify(invalid(11)) failure\n");
|
|
|
|
|
}
|
|
|
|
|
assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT,
|
|
|
|
|
crypto_pwhash_ALG_ARGON2I13) == 0);
|
|
|
|
|
assert(crypto_pwhash_argon2i_str_verify(str_out, "test", 4) == 0);
|
|
|
|
|
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
|
|
|
|
|
OPSLIMIT, MEMLIMIT) == 0);
|
|
|
|
|
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
|
|
|
|
|
OPSLIMIT / 2, MEMLIMIT) == 1);
|
|
|
|
|
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out,
|
|
|
|
|
OPSLIMIT, MEMLIMIT / 2) == 1);
|
|
|
|
|
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == 1);
|
|
|
|
|
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == -1);
|
|
|
|
|
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out + 1,
|
|
|
|
|
OPSLIMIT, MEMLIMIT) == -1);
|
|
|
|
|
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == -1);
|
|
|
|
|
assert(crypto_pwhash_argon2id_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1);
|
|
|
|
|
assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT,
|
|
|
|
|
crypto_pwhash_ALG_ARGON2ID13) == 0);
|
|
|
|
|
assert(crypto_pwhash_argon2id_str_verify(str_out, "test", 4) == 0);
|
|
|
|
|
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
|
|
|
|
|
OPSLIMIT, MEMLIMIT) == 0);
|
|
|
|
|
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
|
|
|
|
|
OPSLIMIT / 2, MEMLIMIT) == 1);
|
|
|
|
|
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out,
|
|
|
|
|
OPSLIMIT, MEMLIMIT / 2) == 1);
|
|
|
|
|
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == 1);
|
|
|
|
|
assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == -1);
|
|
|
|
|
assert(crypto_pwhash_argon2id_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1);
|
|
|
|
|
assert(crypto_pwhash_argon2id_str_needs_rehash(str_out + 1,
|
|
|
|
|
OPSLIMIT, MEMLIMIT) == -1);
|
|
|
|
|
sodium_free(salt);
|
|
|
|
|
sodium_free(str_out);
|
|
|
|
|
sodium_free(str_out2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main(void)
|
|
|
|
|
{
|
|
|
|
|
tv();
|
|
|
|
|
tv2();
|
|
|
|
|
tv3();
|
|
|
|
|
str_tests();
|
|
|
|
|
|
2017-09-19 00:45:28 +00:00
|
|
|
assert(crypto_pwhash_bytes_min() > 0U);
|
|
|
|
|
assert(crypto_pwhash_bytes_max() > crypto_pwhash_bytes_min());
|
|
|
|
|
assert(crypto_pwhash_passwd_max() > crypto_pwhash_passwd_min());
|
|
|
|
|
assert(crypto_pwhash_saltbytes() > 0U);
|
|
|
|
|
assert(crypto_pwhash_strbytes() > 1U);
|
|
|
|
|
assert(crypto_pwhash_strbytes() > strlen(crypto_pwhash_strprefix()));
|
|
|
|
|
|
|
|
|
|
assert(crypto_pwhash_opslimit_min() > 0U);
|
|
|
|
|
assert(crypto_pwhash_opslimit_max() > 0U);
|
|
|
|
|
assert(crypto_pwhash_memlimit_min() > 0U);
|
|
|
|
|
assert(crypto_pwhash_memlimit_max() > 0U);
|
|
|
|
|
assert(crypto_pwhash_opslimit_interactive() > 0U);
|
|
|
|
|
assert(crypto_pwhash_memlimit_interactive() > 0U);
|
|
|
|
|
assert(crypto_pwhash_opslimit_moderate() > 0U);
|
|
|
|
|
assert(crypto_pwhash_memlimit_moderate() > 0U);
|
|
|
|
|
assert(crypto_pwhash_opslimit_sensitive() > 0U);
|
|
|
|
|
assert(crypto_pwhash_memlimit_sensitive() > 0U);
|
|
|
|
|
assert(strcmp(crypto_pwhash_primitive(), "argon2i") == 0);
|
|
|
|
|
|
|
|
|
|
assert(crypto_pwhash_bytes_min() == crypto_pwhash_BYTES_MIN);
|
|
|
|
|
assert(crypto_pwhash_bytes_max() == crypto_pwhash_BYTES_MAX);
|
|
|
|
|
assert(crypto_pwhash_passwd_min() == crypto_pwhash_PASSWD_MIN);
|
|
|
|
|
assert(crypto_pwhash_passwd_max() == crypto_pwhash_PASSWD_MAX);
|
|
|
|
|
assert(crypto_pwhash_saltbytes() == crypto_pwhash_SALTBYTES);
|
|
|
|
|
assert(crypto_pwhash_strbytes() == crypto_pwhash_STRBYTES);
|
|
|
|
|
|
|
|
|
|
assert(crypto_pwhash_opslimit_min() == crypto_pwhash_OPSLIMIT_MIN);
|
|
|
|
|
assert(crypto_pwhash_opslimit_max() == crypto_pwhash_OPSLIMIT_MAX);
|
|
|
|
|
assert(crypto_pwhash_memlimit_min() == crypto_pwhash_MEMLIMIT_MIN);
|
|
|
|
|
assert(crypto_pwhash_memlimit_max() == crypto_pwhash_MEMLIMIT_MAX);
|
|
|
|
|
assert(crypto_pwhash_opslimit_interactive() ==
|
|
|
|
|
crypto_pwhash_OPSLIMIT_INTERACTIVE);
|
|
|
|
|
assert(crypto_pwhash_memlimit_interactive() ==
|
|
|
|
|
crypto_pwhash_MEMLIMIT_INTERACTIVE);
|
|
|
|
|
assert(crypto_pwhash_opslimit_moderate() ==
|
|
|
|
|
crypto_pwhash_OPSLIMIT_MODERATE);
|
|
|
|
|
assert(crypto_pwhash_memlimit_moderate() ==
|
|
|
|
|
crypto_pwhash_MEMLIMIT_MODERATE);
|
|
|
|
|
assert(crypto_pwhash_opslimit_sensitive() ==
|
|
|
|
|
crypto_pwhash_OPSLIMIT_SENSITIVE);
|
|
|
|
|
assert(crypto_pwhash_memlimit_sensitive() ==
|
|
|
|
|
crypto_pwhash_MEMLIMIT_SENSITIVE);
|
|
|
|
|
|
|
|
|
|
assert(crypto_pwhash_argon2i_bytes_min() == crypto_pwhash_bytes_min());
|
|
|
|
|
assert(crypto_pwhash_argon2i_bytes_max() == crypto_pwhash_bytes_max());
|
|
|
|
|
assert(crypto_pwhash_argon2i_passwd_min() == crypto_pwhash_passwd_min());
|
|
|
|
|
assert(crypto_pwhash_argon2i_passwd_max() == crypto_pwhash_passwd_max());
|
|
|
|
|
assert(crypto_pwhash_argon2i_saltbytes() == crypto_pwhash_saltbytes());
|
|
|
|
|
assert(crypto_pwhash_argon2i_strbytes() == crypto_pwhash_strbytes());
|
|
|
|
|
assert(strcmp(crypto_pwhash_argon2i_strprefix(),
|
|
|
|
|
crypto_pwhash_strprefix()) == 0);
|
|
|
|
|
assert(crypto_pwhash_argon2i_opslimit_min() ==
|
|
|
|
|
crypto_pwhash_opslimit_min());
|
|
|
|
|
assert(crypto_pwhash_argon2i_opslimit_max() ==
|
|
|
|
|
crypto_pwhash_opslimit_max());
|
|
|
|
|
assert(crypto_pwhash_argon2i_memlimit_min() ==
|
|
|
|
|
crypto_pwhash_memlimit_min());
|
|
|
|
|
assert(crypto_pwhash_argon2i_memlimit_max() ==
|
|
|
|
|
crypto_pwhash_memlimit_max());
|
|
|
|
|
assert(crypto_pwhash_argon2i_opslimit_interactive() ==
|
|
|
|
|
crypto_pwhash_opslimit_interactive());
|
|
|
|
|
assert(crypto_pwhash_argon2i_opslimit_moderate() ==
|
|
|
|
|
crypto_pwhash_opslimit_moderate());
|
|
|
|
|
assert(crypto_pwhash_argon2i_opslimit_sensitive() ==
|
|
|
|
|
crypto_pwhash_opslimit_sensitive());
|
|
|
|
|
assert(crypto_pwhash_argon2i_memlimit_interactive() ==
|
|
|
|
|
crypto_pwhash_memlimit_interactive());
|
|
|
|
|
assert(crypto_pwhash_argon2i_memlimit_moderate() ==
|
|
|
|
|
crypto_pwhash_memlimit_moderate());
|
|
|
|
|
assert(crypto_pwhash_argon2i_memlimit_sensitive() ==
|
|
|
|
|
crypto_pwhash_memlimit_sensitive());
|
|
|
|
|
assert(crypto_pwhash_alg_argon2i13() ==
|
|
|
|
|
crypto_pwhash_argon2i_alg_argon2i13());
|
|
|
|
|
assert(crypto_pwhash_alg_argon2i13() == crypto_pwhash_ALG_ARGON2I13);
|
|
|
|
|
assert(crypto_pwhash_alg_argon2i13() == crypto_pwhash_alg_default());
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_ALG_ARGON2ID13);
|
|
|
|
|
assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_argon2i13());
|
|
|
|
|
assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_default());
|
2017-09-19 00:45:28 +00:00
|
|
|
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL,
|
|
|
|
|
crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE,
|
|
|
|
|
crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE,
|
|
|
|
|
0) == -1);
|
|
|
|
|
assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL,
|
|
|
|
|
crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE,
|
|
|
|
|
crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE,
|
|
|
|
|
crypto_pwhash_ALG_ARGON2ID13) == -1);
|
|
|
|
|
assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL,
|
|
|
|
|
crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE,
|
|
|
|
|
crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE,
|
|
|
|
|
0) == -1);
|
|
|
|
|
assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL,
|
|
|
|
|
crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE,
|
|
|
|
|
crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE,
|
|
|
|
|
crypto_pwhash_ALG_ARGON2I13) == -1);
|
2017-09-19 00:45:28 +00:00
|
|
|
|
|
|
|
|
printf("OK\n");
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|