2017-09-19 00:45:28 +00:00
|
|
|
|
|
|
|
#define TEST_NAME "secretbox_easy"
|
|
|
|
#include "cmptest.h"
|
|
|
|
|
|
|
|
static unsigned char firstkey[32] = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85,
|
|
|
|
0xd4, 0x62, 0xcd, 0x51, 0x19, 0x7a, 0x9a,
|
|
|
|
0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac,
|
|
|
|
0x64, 0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08,
|
|
|
|
0x44, 0xf6, 0x83, 0x89 };
|
|
|
|
|
|
|
|
static unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6,
|
|
|
|
0x2b, 0x73, 0xcd, 0x62, 0xbd, 0xa8,
|
|
|
|
0x75, 0xfc, 0x73, 0xd6, 0x82, 0x19,
|
|
|
|
0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
|
|
|
|
|
|
|
|
static unsigned char m[131] = {
|
|
|
|
0xbe, 0x07, 0x5f, 0xc5, 0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16,
|
|
|
|
0xeb, 0xeb, 0x0c, 0x7b, 0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4,
|
|
|
|
0x4b, 0x66, 0x84, 0x9b, 0x64, 0x24, 0x4f, 0xfc, 0xe5, 0xec, 0xba, 0xaf,
|
|
|
|
0x33, 0xbd, 0x75, 0x1a, 0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29,
|
|
|
|
0x6c, 0xdc, 0x3c, 0x01, 0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce,
|
|
|
|
0x31, 0x4a, 0xdb, 0x31, 0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d,
|
|
|
|
0xce, 0xea, 0x3a, 0x7f, 0xa1, 0x34, 0x80, 0x57, 0xe2, 0xf6, 0x55, 0x6a,
|
|
|
|
0xd6, 0xb1, 0x31, 0x8a, 0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde,
|
|
|
|
0x04, 0x89, 0x77, 0xeb, 0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c,
|
|
|
|
0x60, 0x90, 0x2e, 0x52, 0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40,
|
|
|
|
0xe0, 0x82, 0xf9, 0x37, 0x76, 0x38, 0x48, 0x64, 0x5e, 0x07, 0x05
|
|
|
|
};
|
|
|
|
|
|
|
|
int
|
|
|
|
main(void)
|
|
|
|
{
|
|
|
|
unsigned char *c;
|
|
|
|
unsigned char *mac;
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
c = (unsigned char *) sodium_malloc(131 + crypto_secretbox_MACBYTES + 1);
|
|
|
|
mac = (unsigned char *) sodium_malloc(crypto_secretbox_MACBYTES);
|
|
|
|
assert(c != NULL && mac != NULL);
|
|
|
|
|
|
|
|
crypto_secretbox_easy(c, m, 131, nonce, firstkey);
|
|
|
|
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
|
|
|
|
printf(",0x%02x", (unsigned int) c[i]);
|
|
|
|
}
|
|
|
|
printf("\n");
|
|
|
|
|
|
|
|
crypto_secretbox_detached(c, mac, m, 131, nonce, firstkey);
|
|
|
|
for (i = 0; i < crypto_secretbox_MACBYTES; ++i) {
|
|
|
|
printf(",0x%02x", (unsigned int) mac[i]);
|
|
|
|
}
|
|
|
|
for (i = 0; i < 131; ++i) {
|
|
|
|
printf(",0x%02x", (unsigned int) c[i]);
|
|
|
|
}
|
|
|
|
printf("\n");
|
|
|
|
|
|
|
|
/* Same test, with c and m overlapping */
|
|
|
|
|
|
|
|
memcpy(c + 1, m, 131);
|
|
|
|
crypto_secretbox_easy(c, c + 1, 131, nonce, firstkey);
|
|
|
|
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
|
|
|
|
printf(",0x%02x", (unsigned int) c[i]);
|
|
|
|
}
|
|
|
|
printf("\n");
|
|
|
|
|
|
|
|
memcpy(c, m, 131);
|
|
|
|
crypto_secretbox_easy(c + 1, c, 131, nonce, firstkey);
|
|
|
|
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
|
|
|
|
printf(",0x%02x", (unsigned int) c[i + 1]);
|
|
|
|
}
|
|
|
|
printf("\n");
|
|
|
|
|
|
|
|
memcpy(c, m, 131);
|
|
|
|
crypto_secretbox_easy(c, c, 131, nonce, firstkey);
|
|
|
|
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
|
|
|
|
printf(",0x%02x", (unsigned int) c[i]);
|
|
|
|
}
|
|
|
|
printf("\n");
|
|
|
|
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_secretbox_easy(c, m, 0, nonce, firstkey) == 0);
|
2017-09-19 00:45:28 +00:00
|
|
|
|
|
|
|
/* Null message */
|
|
|
|
|
|
|
|
crypto_secretbox_easy(c, c, 0, nonce, firstkey);
|
|
|
|
for (i = 0; i < crypto_secretbox_MACBYTES + 1; ++i) {
|
|
|
|
printf(",0x%02x", (unsigned int) c[i]);
|
|
|
|
}
|
|
|
|
printf("\n");
|
|
|
|
if (crypto_secretbox_open_easy(c, c, crypto_secretbox_MACBYTES, nonce,
|
|
|
|
firstkey) != 0) {
|
|
|
|
printf("Null crypto_secretbox_open_easy() failed\n");
|
|
|
|
}
|
|
|
|
for (i = 0; i < crypto_secretbox_MACBYTES + 1; ++i) {
|
|
|
|
printf(",0x%02x", (unsigned int) c[i]);
|
|
|
|
}
|
|
|
|
printf("\n");
|
|
|
|
c[randombytes_uniform(crypto_secretbox_MACBYTES)]++;
|
|
|
|
if (crypto_secretbox_open_easy(c, c, crypto_secretbox_MACBYTES, nonce,
|
|
|
|
firstkey) != -1) {
|
|
|
|
printf("Null tampered crypto_secretbox_open_easy() failed\n");
|
|
|
|
}
|
|
|
|
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
/* No overlap, but buffers are next to each other */
|
|
|
|
|
|
|
|
memset(c, 0, 131 + crypto_secretbox_MACBYTES + 1);
|
|
|
|
memcpy(c, m, 20);
|
|
|
|
crypto_secretbox_easy(c, c + 10, 10, nonce, firstkey);
|
|
|
|
for (i = 0; i < 10 + crypto_secretbox_MACBYTES; ++i) {
|
|
|
|
printf(",0x%02x", (unsigned int) c[i]);
|
|
|
|
}
|
|
|
|
printf("\n");
|
|
|
|
|
|
|
|
memset(c, 0, 131 + crypto_secretbox_MACBYTES + 1);
|
|
|
|
memcpy(c, m, 20);
|
|
|
|
crypto_secretbox_easy(c + 10, c, 10, nonce, firstkey);
|
|
|
|
for (i = 0; i < 10 + crypto_secretbox_MACBYTES; ++i) {
|
|
|
|
printf(",0x%02x", (unsigned int) c[i]);
|
|
|
|
}
|
|
|
|
printf("\n");
|
|
|
|
|
2017-09-19 00:45:28 +00:00
|
|
|
sodium_free(mac);
|
|
|
|
sodium_free(c);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|