2017-09-19 00:45:28 +00:00
|
|
|
|
|
|
|
|
#define TEST_NAME "xchacha20"
|
|
|
|
|
#include "cmptest.h"
|
|
|
|
|
|
|
|
|
|
typedef struct HChaCha20TV_ {
|
|
|
|
|
const char key[crypto_core_hchacha20_KEYBYTES * 2 + 1];
|
|
|
|
|
const char in[crypto_core_hchacha20_INPUTBYTES * 2 + 1];
|
|
|
|
|
const char out[crypto_core_hchacha20_OUTPUTBYTES * 2 + 1];
|
|
|
|
|
} HChaCha20TV;
|
|
|
|
|
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
static const unsigned char small_order_p[crypto_scalarmult_BYTES] = {
|
|
|
|
|
0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3,
|
|
|
|
|
0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32,
|
|
|
|
|
0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00
|
|
|
|
|
};
|
|
|
|
|
|
2017-09-19 00:45:28 +00:00
|
|
|
static void
|
|
|
|
|
tv_hchacha20(void)
|
|
|
|
|
{
|
|
|
|
|
static const HChaCha20TV tvs[] = {
|
|
|
|
|
{ "24f11cce8a1b3d61e441561a696c1c1b7e173d084fd4812425435a8896a013dc", "d9660c5900ae19ddad28d6e06e45fe5e", "5966b3eec3bff1189f831f06afe4d4e3be97fa9235ec8c20d08acfbbb4e851e3" },
|
|
|
|
|
{ "80a5f6272031e18bb9bcd84f3385da65e7731b7039f13f5e3d475364cd4d42f7", "c0eccc384b44c88e92c57eb2d5ca4dfa", "6ed11741f724009a640a44fce7320954c46e18e0d7ae063bdbc8d7cf372709df" },
|
|
|
|
|
{ "cb1fc686c0eec11a89438b6f4013bf110e7171dace3297f3a657a309b3199629", "fcd49b93e5f8f299227e64d40dc864a3", "84b7e96937a1a0a406bb7162eeaad34308d49de60fd2f7ec9dc6a79cbab2ca34" },
|
|
|
|
|
{ "6640f4d80af5496ca1bc2cfff1fefbe99638dbceaabd7d0ade118999d45f053d", "31f59ceeeafdbfe8cae7914caeba90d6", "9af4697d2f5574a44834a2c2ae1a0505af9f5d869dbe381a994a18eb374c36a0" },
|
|
|
|
|
{ "0693ff36d971225a44ac92c092c60b399e672e4cc5aafd5e31426f123787ac27", "3a6293da061da405db45be1731d5fc4d", "f87b38609142c01095bfc425573bb3c698f9ae866b7e4216840b9c4caf3b0865" },
|
|
|
|
|
{ "809539bd2639a23bf83578700f055f313561c7785a4a19fc9114086915eee551", "780c65d6a3318e479c02141d3f0b3918", "902ea8ce4680c09395ce71874d242f84274243a156938aaa2dd37ac5be382b42" },
|
|
|
|
|
{ "1a170ddf25a4fd69b648926e6d794e73408805835c64b2c70efddd8cd1c56ce0", "05dbee10de87eb0c5acb2b66ebbe67d3", "a4e20b634c77d7db908d387b48ec2b370059db916e8ea7716dc07238532d5981" },
|
|
|
|
|
{ "3b354e4bb69b5b4a1126f509e84cad49f18c9f5f29f0be0c821316a6986e15a6", "d8a89af02f4b8b2901d8321796388b6c", "9816cb1a5b61993735a4b161b51ed2265b696e7ded5309c229a5a99f53534fbc" },
|
|
|
|
|
{ "4b9a818892e15a530db50dd2832e95ee192e5ed6afffb408bd624a0c4e12a081", "a9079c551de70501be0286d1bc78b045", "ebc5224cf41ea97473683b6c2f38a084bf6e1feaaeff62676db59d5b719d999b" },
|
|
|
|
|
{ "c49758f00003714c38f1d4972bde57ee8271f543b91e07ebce56b554eb7fa6a7", "31f0204e10cf4f2035f9e62bb5ba7303", "0dd8cc400f702d2c06ed920be52048a287076b86480ae273c6d568a2e9e7518c" }
|
|
|
|
|
};
|
|
|
|
|
const HChaCha20TV *tv;
|
|
|
|
|
unsigned char *constant;
|
|
|
|
|
unsigned char *key;
|
|
|
|
|
unsigned char *in;
|
|
|
|
|
unsigned char *out;
|
|
|
|
|
unsigned char *out2;
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
size_t i;
|
2017-09-19 00:45:28 +00:00
|
|
|
|
|
|
|
|
constant = (unsigned char *) sodium_malloc(crypto_core_hchacha20_CONSTBYTES);
|
|
|
|
|
key = (unsigned char *) sodium_malloc(crypto_core_hchacha20_KEYBYTES);
|
|
|
|
|
in = (unsigned char *) sodium_malloc(crypto_core_hchacha20_INPUTBYTES);
|
|
|
|
|
out = (unsigned char *) sodium_malloc(crypto_core_hchacha20_OUTPUTBYTES);
|
|
|
|
|
out2 = (unsigned char *) sodium_malloc(crypto_core_hchacha20_OUTPUTBYTES);
|
|
|
|
|
for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) {
|
|
|
|
|
tv = &tvs[i];
|
|
|
|
|
sodium_hex2bin(key, crypto_core_hchacha20_KEYBYTES,
|
|
|
|
|
tv->key, strlen(tv->key), NULL, NULL, NULL);
|
|
|
|
|
sodium_hex2bin(in, crypto_core_hchacha20_INPUTBYTES,
|
|
|
|
|
tv->in, strlen(tv->in), NULL, NULL, NULL);
|
|
|
|
|
sodium_hex2bin(out, crypto_core_hchacha20_OUTPUTBYTES,
|
|
|
|
|
tv->out, strlen(tv->out), NULL, NULL, NULL);
|
|
|
|
|
crypto_core_hchacha20(out2, in, key, NULL);
|
|
|
|
|
assert(memcmp(out, out2, crypto_core_hchacha20_OUTPUTBYTES) == 0);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sodium_hex2bin(constant, crypto_core_hchacha20_CONSTBYTES,
|
|
|
|
|
"0d29b795c1ca70c1652e823364d32417",
|
|
|
|
|
crypto_core_hchacha20_CONSTBYTES * 2 + 1, NULL, NULL, NULL);
|
|
|
|
|
sodium_hex2bin(out, crypto_core_hchacha20_OUTPUTBYTES,
|
|
|
|
|
"934d941d78eb9bfc2f0376f7ccd4a11ecf0c6a44104618a9749ef47fe97037a2",
|
|
|
|
|
crypto_core_hchacha20_OUTPUTBYTES * 2 + 1, NULL, NULL, NULL);
|
|
|
|
|
|
|
|
|
|
crypto_core_hchacha20(out2, in, key, constant);
|
|
|
|
|
assert(memcmp(out, out2, crypto_core_hchacha20_OUTPUTBYTES) == 0);
|
|
|
|
|
|
|
|
|
|
sodium_free(out2);
|
|
|
|
|
sodium_free(out);
|
|
|
|
|
sodium_free(in);
|
|
|
|
|
sodium_free(key);
|
|
|
|
|
sodium_free(constant);
|
|
|
|
|
|
|
|
|
|
assert(crypto_core_hchacha20_outputbytes() == crypto_core_hchacha20_OUTPUTBYTES);
|
|
|
|
|
assert(crypto_core_hchacha20_inputbytes() == crypto_core_hchacha20_INPUTBYTES);
|
|
|
|
|
assert(crypto_core_hchacha20_keybytes() == crypto_core_hchacha20_KEYBYTES);
|
|
|
|
|
assert(crypto_core_hchacha20_constbytes() == crypto_core_hchacha20_CONSTBYTES);
|
|
|
|
|
|
|
|
|
|
printf("tv_hchacha20: ok\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#define XCHACHA20_OUT_MAX 100
|
|
|
|
|
|
|
|
|
|
typedef struct XChaCha20TV_ {
|
|
|
|
|
const char key[crypto_stream_xchacha20_KEYBYTES * 2 + 1];
|
|
|
|
|
const char nonce[crypto_stream_xchacha20_NONCEBYTES * 2 + 1];
|
|
|
|
|
const char out[XCHACHA20_OUT_MAX * 2 + 1];
|
|
|
|
|
} XChaCha20TV;
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
tv_stream_xchacha20(void)
|
|
|
|
|
{
|
|
|
|
|
static const XChaCha20TV tvs[] = {
|
|
|
|
|
{ "79c99798ac67300bbb2704c95c341e3245f3dcb21761b98e52ff45b24f304fc4", "b33ffd3096479bcfbc9aee49417688a0a2554f8d95389419", "c6e9758160083ac604ef90e712ce6e75d7797590744e0cf060f013739c" },
|
|
|
|
|
{ "ddf7784fee099612c40700862189d0397fcc4cc4b3cc02b5456b3a97d1186173", "a9a04491e7bf00c3ca91ac7c2d38a777d88993a7047dfcc4", "2f289d371f6f0abc3cb60d11d9b7b29adf6bc5ad843e8493e928448d" },
|
|
|
|
|
{ "3d12800e7b014e88d68a73f0a95b04b435719936feba60473f02a9e61ae60682", "56bed2599eac99fb27ebf4ffcb770a64772dec4d5849ea2d", "a2c3c1406f33c054a92760a8e0666b84f84fa3a618f0" },
|
|
|
|
|
{ "5f5763ff9a30c95da5c9f2a8dfd7cc6efd9dfb431812c075aa3e4f32e04f53e4", "a5fa890efa3b9a034d377926ce0e08ee6d7faccaee41b771", "8a1a5ba898bdbcff602b1036e469a18a5e45789d0e8d9837d81a2388a52b0b6a0f51891528f424c4a7f492a8dd7bce8bac19fbdbe1fb379ac0" },
|
|
|
|
|
{ "eadc0e27f77113b5241f8ca9d6f9a5e7f09eee68d8a5cf30700563bf01060b4e", "a171a4ef3fde7c4794c5b86170dc5a099b478f1b852f7b64", "23839f61795c3cdbcee2c749a92543baeeea3cbb721402aa42e6cae140447575f2916c5d71108e3b13357eaf86f060cb" },
|
|
|
|
|
{ "91319c9545c7c804ba6b712e22294c386fe31c4ff3d278827637b959d3dbaab2", "410e854b2a911f174aaf1a56540fc3855851f41c65967a4e", "cbe7d24177119b7fdfa8b06ee04dade4256ba7d35ffda6b89f014e479faef6" },
|
|
|
|
|
{ "6a6d3f412fc86c4450fc31f89f64ed46baa3256ffcf8616e8c23a06c422842b6", "6b7773fce3c2546a5db4829f53a9165f41b08faae2fb72d5", "8b23e35b3cdd5f3f75525fc37960ec2b68918e8c046d8a832b9838f1546be662e54feb1203e2" },
|
|
|
|
|
{ "d45e56368ebc7ba9be7c55cfd2da0feb633c1d86cab67cd5627514fd20c2b391", "fd37da2db31e0c738754463edadc7dafb0833bd45da497fc", "47950efa8217e3dec437454bd6b6a80a287e2570f0a48b3fa1ea3eb868be3d486f6516606d85e5643becc473b370871ab9ef8e2a728f73b92bd98e6e26ea7c8ff96ec5a9e8de95e1eee9300c" },
|
|
|
|
|
{ "aface41a64a9a40cbc604d42bd363523bd762eb717f3e08fe2e0b4611eb4dcf3", "6906e0383b895ab9f1cf3803f42f27c79ad47b681c552c63", "a5fa7c0190792ee17675d52ad7570f1fb0892239c76d6e802c26b5b3544d13151e67513b8aaa1ac5af2d7fd0d5e4216964324838" },
|
|
|
|
|
{ "9d23bd4149cb979ccf3c5c94dd217e9808cb0e50cd0f67812235eaaf601d6232", "c047548266b7c370d33566a2425cbf30d82d1eaf5294109e", "a21209096594de8c5667b1d13ad93f744106d054df210e4782cd396fec692d3515a20bf351eec011a92c367888bc464c32f0807acd6c203a247e0db854148468e9f96bee4cf718d68d5f637cbd5a376457788e6fae90fc31097cfc" },
|
|
|
|
|
};
|
|
|
|
|
const XChaCha20TV *tv;
|
|
|
|
|
char *hex;
|
|
|
|
|
unsigned char *key;
|
|
|
|
|
unsigned char *nonce;
|
|
|
|
|
unsigned char *out;
|
|
|
|
|
unsigned char *out2;
|
|
|
|
|
size_t out_len;
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
size_t i;
|
2017-09-19 00:45:28 +00:00
|
|
|
|
|
|
|
|
key = (unsigned char *) sodium_malloc(crypto_stream_xchacha20_KEYBYTES);
|
|
|
|
|
nonce = (unsigned char *) sodium_malloc(crypto_stream_xchacha20_NONCEBYTES);
|
|
|
|
|
out = (unsigned char *) sodium_malloc(XCHACHA20_OUT_MAX);
|
|
|
|
|
for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) {
|
|
|
|
|
tv = &tvs[i];
|
|
|
|
|
|
|
|
|
|
sodium_hex2bin(key, crypto_stream_xchacha20_KEYBYTES,
|
|
|
|
|
tv->key, strlen(tv->key), NULL, NULL, NULL);
|
|
|
|
|
sodium_hex2bin(nonce, crypto_stream_xchacha20_NONCEBYTES,
|
|
|
|
|
tv->nonce, strlen(tv->nonce), NULL, NULL, NULL);
|
|
|
|
|
sodium_hex2bin(out, XCHACHA20_OUT_MAX,
|
|
|
|
|
tv->out, strlen(tv->out), NULL, &out_len, NULL);
|
|
|
|
|
out2 = (unsigned char *) sodium_malloc(out_len);
|
|
|
|
|
crypto_stream_xchacha20(out2, out_len, nonce, key);
|
|
|
|
|
assert(memcmp(out, out2, out_len) == 0);
|
|
|
|
|
crypto_stream_xchacha20_xor(out2, out, out_len, nonce, key);
|
|
|
|
|
assert(sodium_is_zero(out2, out_len));
|
|
|
|
|
crypto_stream_xchacha20_xor_ic(out2, out, out_len, nonce, 0, key);
|
|
|
|
|
assert(sodium_is_zero(out2, out_len));
|
|
|
|
|
crypto_stream_xchacha20_xor_ic(out2, out, out_len, nonce, 1, key);
|
|
|
|
|
assert(!sodium_is_zero(out2, out_len));
|
|
|
|
|
crypto_stream_xchacha20_xor(out, out, out_len, nonce, key);
|
|
|
|
|
assert(sodium_is_zero(out, out_len));
|
|
|
|
|
sodium_free(out2);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
out2 = (unsigned char *) sodium_malloc(0);
|
|
|
|
|
crypto_stream_xchacha20(out2, 0, nonce, key);
|
|
|
|
|
crypto_stream_xchacha20_xor(out2, out2, 0, nonce, key);
|
|
|
|
|
crypto_stream_xchacha20_xor_ic(out2, out2, 0, nonce, 1, key);
|
|
|
|
|
sodium_free(out2);
|
|
|
|
|
sodium_free(out);
|
|
|
|
|
|
|
|
|
|
out = (unsigned char *) sodium_malloc(64);
|
|
|
|
|
out2 = (unsigned char *) sodium_malloc(128);
|
|
|
|
|
randombytes_buf(out, 64);
|
|
|
|
|
randombytes_buf(out2, 64);
|
|
|
|
|
memcpy(out2 + 64, out, 64);
|
|
|
|
|
crypto_stream_xchacha20_xor_ic(out, out, 64, nonce, 1, key);
|
|
|
|
|
crypto_stream_xchacha20_xor(out2, out2, 128, nonce, key);
|
|
|
|
|
assert(memcmp(out, out2 + 64, 64) == 0);
|
|
|
|
|
sodium_free(out);
|
|
|
|
|
sodium_free(out2);
|
|
|
|
|
|
|
|
|
|
out = (unsigned char *) sodium_malloc(192);
|
|
|
|
|
out2 = (unsigned char *) sodium_malloc(192);
|
|
|
|
|
memset(out, 0, 192);
|
|
|
|
|
memset(out2, 0, 192);
|
|
|
|
|
crypto_stream_xchacha20_xor_ic(out2, out2, 192, nonce,
|
|
|
|
|
(1ULL << 32) - 1ULL, key);
|
|
|
|
|
crypto_stream_xchacha20_xor_ic(out, out, 64, nonce,
|
|
|
|
|
(1ULL << 32) - 1ULL, key);
|
|
|
|
|
crypto_stream_xchacha20_xor_ic(out + 64, out + 64, 64, nonce,
|
|
|
|
|
(1ULL << 32), key);
|
|
|
|
|
crypto_stream_xchacha20_xor_ic(out + 128, out + 128, 64, nonce,
|
|
|
|
|
(1ULL << 32) + 1, key);
|
|
|
|
|
assert(memcmp(out, out2, 192) == 0);
|
|
|
|
|
hex = (char *) sodium_malloc(192 * 2 + 1);
|
|
|
|
|
sodium_bin2hex(hex, 192 * 2 + 1, out, 192);
|
|
|
|
|
printf("%s\n", hex);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
|
|
|
|
|
memset(key, 0, crypto_stream_xchacha20_KEYBYTES);
|
|
|
|
|
crypto_stream_xchacha20_keygen(key);
|
|
|
|
|
assert(sodium_is_zero(key, crypto_stream_xchacha20_KEYBYTES) == 0);
|
|
|
|
|
|
2017-09-19 00:45:28 +00:00
|
|
|
sodium_free(hex);
|
|
|
|
|
sodium_free(out);
|
|
|
|
|
sodium_free(out2);
|
|
|
|
|
|
|
|
|
|
sodium_free(nonce);
|
|
|
|
|
sodium_free(key);
|
|
|
|
|
|
|
|
|
|
assert(crypto_stream_xchacha20_keybytes() == crypto_stream_xchacha20_KEYBYTES);
|
|
|
|
|
assert(crypto_stream_xchacha20_noncebytes() == crypto_stream_xchacha20_NONCEBYTES);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_stream_xchacha20_messagebytes_max() == crypto_stream_xchacha20_MESSAGEBYTES_MAX);
|
2017-09-19 00:45:28 +00:00
|
|
|
|
|
|
|
|
printf("tv_stream_xchacha20: ok\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
typedef struct XChaCha20Poly1305TV_ {
|
|
|
|
|
const char key[crypto_secretbox_xchacha20poly1305_KEYBYTES * 2 + 1];
|
|
|
|
|
const char nonce[crypto_secretbox_xchacha20poly1305_NONCEBYTES * 2 + 1];
|
|
|
|
|
const char *m;
|
|
|
|
|
const char *out;
|
|
|
|
|
} XChaCha20Poly1305TV;
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
tv_secretbox_xchacha20poly1305(void)
|
|
|
|
|
{
|
|
|
|
|
static const XChaCha20Poly1305TV tvs[] = {
|
|
|
|
|
{ "065ff46a9dddb1ab047ee5914d6d575a828b8cc1f454b24e8cd0f57efdc49a34", "f83262646ce01293b9923a65a073df78c54b2e799cd6c4e5", "", "4c72340416339dcdea01b760db5adaf7" },
|
|
|
|
|
{ "d3c71d54e6b13506e07aa2e7b412a17a7a1f34df3d3148cd3f45b91ccaa5f4d9", "943b454a853aa514c63cf99b1e197bbb99da24b2e2d93e47", "76bd706e07741e713d90efdb34ad202067263f984942aae8bda159f30dfccc72200f8093520b85c5ad124ff7c8b2d920946e5cfff4b819abf84c7b35a6205ca72c9f8747c3044dd73fb4bebda1b476", "0384276f1cfa5c82c3e58f0f2acc1f821c6f526d2c19557cf8bd270fcde43fba1d88890663f7b2f5c6b1d7deccf5c91b4df5865dc55cc7e04d6793fc2db8f9e3b418f95cb796d67a7f3f7e097150cb607c435dacf82eac3d669866e5092ace" },
|
|
|
|
|
{ "9498fdb922e0596e32af7f8108def2068f5a32a5ac70bd33ade371701f3d98d0", "a0056f24be0d20106fe750e2ee3684d4457cbdcb3a74e566", "b1bc9cfedb340fb06a37eba80439189e48aa0cfd37020eec0afa09165af12864671b3fbddbbb20ac18f586f2f66d13b3ca40c9a7e21c4513a5d87a95319f8ca3c2151e2a1b8b86a35653e77f90b9e63d2a84be9b9603876a89d60fd708edcd64b41be1064b8ad1046553aaeb51dc70b8112c9915d94f2a5dad1e14e7009db6c703c843a4f64b77d44b179b9579ac497dac2d33", "4918790d46893fa3dca74d8abc57eef7fca2c6393d1beef5efa845ac20475db38d1a068debf4c5dbd8614eb072877c565dc52bd40941f0b590d2079a5028e426bf50bcbaadcbebf278bddceedc578a5e31379523dee15026ec82d34e56f2871fdf13255db199ac48f163d5ee7e4f4e09a39451356959d9242a39aea33990ab960a4c25346e3d9397fc5e7cb6266c2476411cd331f2bcb4486750c746947ec6401865d5" },
|
|
|
|
|
{ "fa2d915e044d0519248150e7c815b01f0f2a691c626f8d22c3ef61e7f16eea47", "c946065dc8befa9cc9f292ea2cf28f0256285565051792b7", "d5be1a24c7872115dc5c5b4234dbee35a6f89ae3a91b3e33d75249a0aecfed252341295f49296f7ee14d64de1ea6355cb8facd065052d869aeb1763cda7e418a7e33b6f7a81327181df6cd4de3a126d9df1b5e8b0b1a6b281e63f2", "6d32e3571afec58b0acabb54a287118b3ed6691f56cc8ead12d735352c9a050c2ca173c78b6092f9ad4b7c21c36fb0ce18560956395bab3099c54760a743051ac6a898a0b0034b5e953340c975cf7a873c56b27e66bca2bff1dd977addefc7935bb7550753dd13d1f1a43d" },
|
|
|
|
|
{ "6f149c2ec27af45176030c8dd7ab0e1e488f5803f26f75045d7a56f59a587a85", "952aff2f39bc70016f04ac7fb8b55fd22764ba16b56e255d", "8fde598c4bde5786abdc6ab83fce66d59782b6ce36afe028c447ad4086a748764afa88a520e837a9d56d0b7693b0476649f24c2aa44b94615a1efc75", "9bccf07974836fa4609d32d9527d928d184d9c6c0823af2f703e0e257a162d26d3678fa15ab1c4db76ac42084d32cefca8efaf77814c199b310999e327a3e3daa2e235b175979504ede87b58" },
|
|
|
|
|
{ "b964b7fdf442efbcc2cd3e4cd596035bdfb05ed7d44f7fd4dce2d5614af5c8c4", "2886fbfa4b35b68f28d31df6243a4fbc56475b69e24820a4", "", "b83fbdd112bf0f7d62eff96c9faa8850" },
|
|
|
|
|
{ "10c0ad4054b48d7d1de1d9ab6f782ca883d886573e9d18c1d47b6ee6b5208189", "977edf57428d0e0247a3c88c9a9ec321bbaae1a4da8353b5", "518e4a27949812424b2a381c3efea6055ee5e75eff", "0c801a037c2ed0500d6ef68e8d195eceb05a15f8edb68b35773e81ac2aca18e9be53416f9a" },
|
|
|
|
|
{ "7db0a81d01699c86f47a3ec76d46aa32660adad7f9ac72cf8396419f789f6bb1", "e7cb57132ce954e28f4470cca1dbda20b534cdf32fbe3658", "ee6511d403539e611ab312205f0c3b8f36a33d36f1dc44bb33d6836f0ab93b9f1747167bf0150f045fcd12a39479641d8bdde6fe01475196e8fe2c435e834e30a59f6aaa01ebcd", "ae8b1d4df4f982b2702626feca07590fedd0dfa7ae34e6a098372a1aa32f9fbf0ce2a88b5c16a571ef48f3c9fda689ce8ebb9947c9e2a28e01b1191efc81ad2ce0ed6e6fc7c164b1fc7f3d50b7f5e47a895db3c1fc46c0" },
|
|
|
|
|
{ "7b043dd27476cf5a2baf2907541d8241ecd8b97d38d08911737e69b0846732fb", "74706a2855f946ed600e9b453c1ac372520b6a76a3c48a76", "dbf165bb8352d6823991b99f3981ba9c8153635e5695477cba54e96a2a8c4dc5f9dbe817887d7340e3f48a", "ce57261afba90a9598de15481c43f26f7b8c8cb2806c7c977752dba898dc51b92a3f1a62ebf696747bfccf72e0edda97f2ccd6d496f55aefbb3ec2" },
|
|
|
|
|
{ "e588e418d658df1b2b1583122e26f74ca3506b425087bea895d81021168f8164", "4f4d0ffd699268cd841ce4f603fe0cd27b8069fcf8215fbb", "f91bcdcf4d08ba8598407ba8ef661e66c59ca9d89f3c0a3542e47246c777091e4864e63e1e3911dc01257255e551527a53a34481be", "22dc88de7cacd4d9ce73359f7d6e16e74caeaa7b0d1ef2bb10fda4e79c3d5a9aa04b8b03575fd27bc970c9ed0dc80346162469e0547030ddccb8cdc95981400907c87c9442" }
|
|
|
|
|
};
|
|
|
|
|
const XChaCha20Poly1305TV *tv;
|
|
|
|
|
unsigned char *m;
|
|
|
|
|
unsigned char *nonce;
|
|
|
|
|
unsigned char *key;
|
|
|
|
|
unsigned char *out;
|
|
|
|
|
unsigned char *out2;
|
|
|
|
|
size_t m_len;
|
|
|
|
|
size_t n;
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
size_t i;
|
2017-09-19 00:45:28 +00:00
|
|
|
|
|
|
|
|
key = (unsigned char *) sodium_malloc
|
|
|
|
|
(crypto_secretbox_xchacha20poly1305_KEYBYTES);
|
|
|
|
|
nonce = (unsigned char *) sodium_malloc
|
|
|
|
|
(crypto_secretbox_xchacha20poly1305_NONCEBYTES);
|
|
|
|
|
for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) {
|
|
|
|
|
tv = &tvs[i];
|
|
|
|
|
m_len = strlen(tv->m) / 2;
|
|
|
|
|
m = (unsigned char *) sodium_malloc(m_len);
|
|
|
|
|
sodium_hex2bin(key, crypto_secretbox_xchacha20poly1305_KEYBYTES,
|
|
|
|
|
tv->key, strlen(tv->key), NULL, NULL, NULL);
|
|
|
|
|
sodium_hex2bin(nonce, crypto_secretbox_xchacha20poly1305_NONCEBYTES,
|
|
|
|
|
tv->nonce, strlen(tv->nonce), NULL, NULL, NULL);
|
|
|
|
|
sodium_hex2bin(m, m_len, tv->m, strlen(tv->m), NULL, NULL, NULL);
|
|
|
|
|
out = (unsigned char *) sodium_malloc
|
|
|
|
|
(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len);
|
|
|
|
|
out2 = (unsigned char *) sodium_malloc
|
|
|
|
|
(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len);
|
|
|
|
|
sodium_hex2bin(out, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
|
|
|
|
|
tv->out, strlen(tv->out), NULL, NULL, NULL);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_secretbox_xchacha20poly1305_easy(out2, m, 0, nonce, key) == 0);
|
|
|
|
|
assert(crypto_secretbox_xchacha20poly1305_easy(out2, m, m_len, nonce, key) == 0);
|
2017-09-19 00:45:28 +00:00
|
|
|
assert(memcmp(out, out2,
|
|
|
|
|
crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0);
|
|
|
|
|
n = randombytes_uniform(crypto_secretbox_xchacha20poly1305_MACBYTES + m_len);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_secretbox_xchacha20poly1305_open_easy
|
|
|
|
|
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES - 1,
|
|
|
|
|
nonce, key) == -1);
|
|
|
|
|
assert(crypto_secretbox_xchacha20poly1305_open_easy
|
|
|
|
|
(out2, out2, 0,
|
|
|
|
|
nonce, key) == -1);
|
2017-09-19 00:45:28 +00:00
|
|
|
out2[n]++;
|
|
|
|
|
assert(crypto_secretbox_xchacha20poly1305_open_easy
|
|
|
|
|
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
|
|
|
|
|
nonce, key) == -1);
|
|
|
|
|
out2[n]--;
|
|
|
|
|
nonce[0]++;
|
|
|
|
|
assert(crypto_secretbox_xchacha20poly1305_open_easy
|
|
|
|
|
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
|
|
|
|
|
nonce, key) == -1);
|
|
|
|
|
nonce[0]--;
|
|
|
|
|
assert(crypto_secretbox_xchacha20poly1305_open_easy
|
|
|
|
|
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES + m_len,
|
|
|
|
|
nonce, key) == 0);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_secretbox_xchacha20poly1305_open_easy
|
|
|
|
|
(out2, out2, crypto_secretbox_xchacha20poly1305_MACBYTES - 1,
|
|
|
|
|
nonce, key) == -1);
|
|
|
|
|
assert(crypto_secretbox_xchacha20poly1305_open_easy
|
|
|
|
|
(out2, out2, 0, nonce, key) == -1);
|
2017-09-19 00:45:28 +00:00
|
|
|
assert(memcmp(m, out2, m_len) == 0);
|
|
|
|
|
assert(crypto_secretbox_xchacha20poly1305_open_detached
|
|
|
|
|
(out2, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out,
|
|
|
|
|
m_len, nonce, key) == 0);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_secretbox_xchacha20poly1305_open_detached
|
|
|
|
|
(NULL, out + crypto_secretbox_xchacha20poly1305_MACBYTES, out,
|
|
|
|
|
m_len, nonce, key) == 0);
|
2017-09-19 00:45:28 +00:00
|
|
|
crypto_secretbox_xchacha20poly1305_detached
|
|
|
|
|
(out2 + crypto_secretbox_xchacha20poly1305_MACBYTES, out2, m,
|
|
|
|
|
m_len, nonce, key);
|
|
|
|
|
assert(memcmp(out, out2,
|
|
|
|
|
crypto_secretbox_xchacha20poly1305_MACBYTES + m_len) == 0);
|
|
|
|
|
sodium_free(out);
|
|
|
|
|
sodium_free(out2);
|
|
|
|
|
sodium_free(m);
|
|
|
|
|
}
|
|
|
|
|
sodium_free(nonce);
|
|
|
|
|
sodium_free(key);
|
|
|
|
|
|
|
|
|
|
assert(crypto_secretbox_xchacha20poly1305_keybytes() == crypto_secretbox_xchacha20poly1305_KEYBYTES);
|
|
|
|
|
assert(crypto_secretbox_xchacha20poly1305_noncebytes() == crypto_secretbox_xchacha20poly1305_NONCEBYTES);
|
|
|
|
|
assert(crypto_secretbox_xchacha20poly1305_macbytes() == crypto_secretbox_xchacha20poly1305_MACBYTES);
|
|
|
|
|
|
|
|
|
|
printf("tv_secretbox_xchacha20: ok\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
tv_box_xchacha20poly1305(void)
|
|
|
|
|
{
|
|
|
|
|
char hex[65];
|
|
|
|
|
unsigned char *pk;
|
|
|
|
|
unsigned char *sk;
|
|
|
|
|
unsigned char *m;
|
|
|
|
|
unsigned char *m2;
|
|
|
|
|
unsigned char *mac;
|
|
|
|
|
unsigned char *nonce;
|
|
|
|
|
unsigned char *out;
|
|
|
|
|
unsigned char *pc;
|
|
|
|
|
unsigned char *seed;
|
|
|
|
|
size_t m_len;
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
pk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
|
|
|
|
|
sk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
|
|
|
|
|
nonce = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
|
|
|
|
|
mac = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_MACBYTES);
|
|
|
|
|
pc = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
|
|
|
|
|
for (i = 0; i < 10; i++) {
|
|
|
|
|
m_len = (i == 0) ? 0 : randombytes_uniform(150);
|
|
|
|
|
m = (unsigned char *) sodium_malloc(m_len);
|
|
|
|
|
m2 = (unsigned char *) sodium_malloc(m_len);
|
|
|
|
|
|
|
|
|
|
out = (unsigned char *) sodium_malloc
|
|
|
|
|
(crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len);
|
|
|
|
|
randombytes_buf(nonce, crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
|
|
|
|
|
randombytes_buf(m, m_len);
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_keypair(pk, sk) == 0);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, 0, nonce,
|
|
|
|
|
pk, sk) == 0);
|
2017-09-19 00:45:28 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, m_len, nonce,
|
|
|
|
|
pk, sk) == 0);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_open_easy
|
|
|
|
|
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
|
|
|
|
|
nonce, small_order_p, sk) == -1);
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_open_easy
|
|
|
|
|
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES - 1,
|
|
|
|
|
nonce, pk, sk) == -1);
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_open_easy
|
|
|
|
|
(m2, out, 0, nonce, pk, sk) == -1);
|
2017-09-19 00:45:28 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_open_easy
|
|
|
|
|
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
|
|
|
|
|
nonce, pk, sk) == 0);
|
|
|
|
|
assert(memcmp(m2, m, m_len) == 0);
|
|
|
|
|
sodium_free(out);
|
|
|
|
|
|
|
|
|
|
out = (unsigned char *) sodium_malloc
|
|
|
|
|
(crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, small_order_p, sk) == -1);
|
2017-09-19 00:45:28 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, pk, sk) == 0);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_easy_afternm
|
|
|
|
|
(out, m, 0, nonce, pc) == 0);
|
2017-09-19 00:45:28 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_easy_afternm
|
|
|
|
|
(out, m, m_len, nonce, pc) == 0);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm
|
|
|
|
|
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES - 1,
|
|
|
|
|
nonce, pc) == -1);
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm
|
|
|
|
|
(m2, out, 0,
|
|
|
|
|
nonce, pc) == -1);
|
2017-09-19 00:45:28 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm
|
|
|
|
|
(m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
|
|
|
|
|
nonce, pc) == 0);
|
|
|
|
|
assert(memcmp(m2, m, m_len) == 0);
|
|
|
|
|
sodium_free(out);
|
|
|
|
|
|
|
|
|
|
out = (unsigned char *) sodium_malloc(m_len);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_detached(out, mac, m, m_len,
|
|
|
|
|
nonce, small_order_p, sk) == -1);
|
2017-09-19 00:45:28 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_detached(out, mac, m, m_len,
|
|
|
|
|
nonce, pk, sk) == 0);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_open_detached
|
|
|
|
|
(m2, out, mac, m_len, nonce, small_order_p, sk) == -1);
|
2017-09-19 00:45:28 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_open_detached
|
|
|
|
|
(m2, out, mac, m_len, nonce, pk, sk) == 0);
|
|
|
|
|
sodium_free(out);
|
|
|
|
|
|
|
|
|
|
out = (unsigned char *) sodium_malloc(m_len);
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_detached_afternm
|
|
|
|
|
(out, mac, m, m_len, nonce, pc) == 0);
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_open_detached_afternm
|
|
|
|
|
(m2, out, mac, m_len, nonce, pc) == 0);
|
|
|
|
|
sodium_free(out);
|
|
|
|
|
|
|
|
|
|
sodium_free(m2);
|
|
|
|
|
sodium_free(m);
|
|
|
|
|
}
|
|
|
|
|
sodium_free(pc);
|
|
|
|
|
sodium_free(mac);
|
|
|
|
|
sodium_free(nonce);
|
|
|
|
|
|
|
|
|
|
seed = (unsigned char *) sodium_malloc
|
|
|
|
|
(crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
for (i = 0; i <(int) crypto_box_curve25519xchacha20poly1305_SEEDBYTES; i++) {
|
|
|
|
|
seed[i] = (unsigned char) i;
|
2017-09-19 00:45:28 +00:00
|
|
|
}
|
|
|
|
|
crypto_box_curve25519xchacha20poly1305_seed_keypair(pk, sk, seed);
|
|
|
|
|
sodium_bin2hex(hex, sizeof hex, pk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
|
|
|
|
|
assert(strcmp(hex, "4701d08488451f545a409fb58ae3e58581ca40ac3f7f114698cd71deac73ca01") == 0);
|
|
|
|
|
sodium_bin2hex(hex, sizeof hex, sk, crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
|
|
|
|
|
assert(strcmp(hex, "3d94eea49c580aef816935762be049559d6d1440dede12e6a125f1841fff8e6f") == 0);
|
|
|
|
|
sodium_free(seed);
|
|
|
|
|
|
|
|
|
|
sodium_free(sk);
|
|
|
|
|
sodium_free(pk);
|
|
|
|
|
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_seedbytes() == crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_publickeybytes() == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
|
Squashed 'libsodium/' changes from 7d5d9204e..18609cffa
4c37368f9 Nits
94550cefd Remove dev #warning
3e0b4dec6 Add sodium_base64_encoded_len()
4ce2856a5 Avoid negations on unsigned values
7e06a6a99 Annotate
18f0fff89 More tests: verify that they key gets updated after the counter wraps
e061abc2b The documentation is not a work in progress any more
91233a014 Tag salsa208 as deprecated
ee1d5c96d Move the codecs tests to their own test file
558355e56 Check if SIGABRT can be trapped multiple times in a row
8ee67b1dd More tests
1f72dec89 More tests
3db75fc64 No need for ge_scalarmult_vartime() in minimal mode
41dc93322 More tests
aec433cec Additional check
87af832ae Do not trigger Travis+Coverity in the master branch
7423408cd Make the behavior of hex2bin() consistent with base642bin()
00660d79b secretstream test: don't pull twice if we don't test with AD
3c8a7f17f Add tests for short, invalid unpadded base64 strings
c7fe84cfb Skip trailing ignored characters in base64 decoding
70e5ff5e1 Add a helper macro to compute the length of a base64 string
9209e89d9 More tests
31e9a5541 More tests
61214ba6b Remove redundant test
525c21ed1 Tests
77f3b7135 Indent
1875980d3 More tests
5b9680ead More tests
4828c5923 ~ 80 columns please
66c621f41 Faster; doesn't require to wipe the output stream
5da8f4fbc Add a global xor_buf() private helper function
7d756fab9 xor the key and the nonce on rekey for better separation
bb1b27fa3 Improve readability
10bb28b27 One more COMPILER_ASSERT()
2ce41de29 Define macros instead of repeated offsets
e878bc141 More keygen tests
f244f658d int -> size_t
9c53da4a6 metamorphic tests for HMAC
bd69a3083 metamorphic tests for onetimeauth
a7b75a2d7 + simple metamorphic tests for crypto_generichash()
a029b352a Don't generate SSE2 code if that instruction set hasn't been enabled
09fd953fc Revert "__SSE2__ may need to be explicitly enabled"
35d8aa5d3 __SSE2__ may need to be explicitly enabled
a161dd9fa On 32-bit systems, the limit is SIZE_MAX
251751e69 Update ChangeLog
d8a8201bb Avoid "in" and "out". Use "c" to represent the ciphertext.
1181a47cb Proper xchacha20poly1305_MESSAGEBYTES_MAX definition
bfab44aa4 initbytes -> headerbytes for clarity
e8f1c0be6 secretstream: use "header" instead of "in" and "out" for clarity
9e0ff55eb Add the ability to use only strong symbols, even on ELF targets
b0420b32d Define SODIUM_EXPORT_WEAK instead of adding __attribute__((weak)) tags
ae515a16a Bring back -fno-asynchronous-unwind-tables on MingW
3df3fabb8 No default clause needed
1f8056ab1 Use #error in autoconf tests
147d8b620 Disable AVX512 on MingW even harder
ffce4334e Disable AVX512 on MingW for now
07de00bc9 Revert -fno-asynchronous-unwind-tables addition
9aa116531 up
eb8c283dd Add -fno-asynchronous-unwind-tables to optimized builds
186b398a2 -fno-asynchronous-unwind-tables is now required on MingW
7de597f05 Update m4 deps ; remove pkg.m4
383705ffc The AVX512 optimized BLAKE2B implementation hasn't been imported yet
f86f021ac Travis CI : Move the tcc check to the install step
19496bcc0 Don't try to access /usr/local on Travis CI
ca43a1268 Old tcc versions miscompile `while (++in[x])`
10edd16b4 Modernize the core3 test
dcde773e5 Travis CI: don't run multiple jobs in parallel due to memory requirements
150c6930e Travis CI: avoid duplicate addons section
cdfb0aaa3 tcc + travis...
9f4011197 tcc doesn't seem to work on Travis CI
7e8cdd827 Travis: start with a quick compilation using tcc
c6aa04108 Move #ifdef up
b31a3f247 Disable AVX512 optimizations on clang < 4
4aba976d5 Explicit casts
15ee95c64 Remove unused var
dcd60ba66 Force inline
5cc334b33 Add AVX512F optimized Argon2 implementation
70f66c9a6 Check for avx/avx2/avx512f linkage
6866b3d55 Use macros instead of magic numbers
1c0677b09 Check for AVX512F support
80095105b Missing pieces of a version bump
390f865e3 Add tests for scrypt rehash
2a2b85eee Add tests for crypto_pwhash_str_needs_rehash()
979b21d67 Remove extra semicolumns
62c41c703 Avoid untagged unions
5cf1de94a Remove trailing coma
3aa1c71de Don't return void
d0a418a86 + _crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()
6dcba550c Confirm that emcc is actually being used if EMSCRIPTEN is defined
0ae678b0f Avoid multiple declarations in an EN_ASM({}) block
b26de68a6 Use single quotes inside EM_ASM
1aae564da Avoid duplicate initializations; reorder for consistency w/ decl
81cf1ff6d Use unsigned for loop counters
e2efa6d7e Remove unused variable
e06c70afe Use the dedicated type for the argon2 type id
378304f81 Export crypto_pwhash_str_needs_rehash() to Javascript/WebAssembly
e8828eef7 Don't bother verifying hashes whose length is >= crypto_pwhash_STRBYTES
7cc482523 Add crypto_pwhash_str_needs_rehash()
c65189a0c Explicit casts
7b687bb45 + Jonathan Stowe for Natrium (Perl 6 bindings)
c72ef48f0 Static-ify what we currently don't need in crypto_core/curve25519_ref10
5c8b8ea01 Simplify
0af31aeb2 Fill the max output buffer size in sodium_bin2base64()
6b43c1ddb Javascript: don't define crypto_pwhash constants in non-sumo builds
e236df63e Trim empty lines
75cfcf208 Merge branch 'master' of github.com:jedisct1/libsodium
e40e0f6dd Adjust secretstream_..._rekey() after e84336ac
514150d8b Merge branch 'master' of github.com:jedisct1/libsodium
394e21884 Do not clear the padding (for alignment) section of a blake2b state
a0fea6965 Remove RUNNING_JS_OPTS for WebAssembly
d863c9665 chmod +x *.sh
957c251f8 chmod +x *.sh
ce2ecc596 One more compiler assertion
e84336ac4 secretstream: assume the internal nonce is little endian
fd4478288 Test sodium_pad() with a NULL pointer
f61a121b8 Regen emscripten symbols
f8e535a44 messagesbytes -> messagebytes
cd721cfc1 Have generate-emscripten-symbols.sh automatically update the js/wasm build script
aa20d2e86 Add secretstream constants
49f1d87cf salsa208: messagebyte -> messagebytes
a0b9bc46e constcheck: grab a few more constants
0ccdfd0c8 Update emscripten symbols list
242045cb4 Update emscripten symbols list
30a25dbb2 Bump
be58b2e66 Accept a NULL pointer for the padded length in sodium_pad()
b503d75e4 Add crypto_secretstream_*() to MSVC solutions
a55e13246 Update packaging for .NET Core (#583)
4c93d0391 C++ compat
0850e5580 Check that a zero blocksize returns -1
a27c18d0e No need for two buffers in the padding test
d5574a69f Complete sodium_pad/unpad() and add a couple tests
b9ed93fcb Change the sodium_pad() API to accept a maximum buffer length
4fd66e3ad Name similar things the same way in sodium_pad() and sodium_unpad()
fb4dc083e Update ChangeLog
50c7632cc + sodium_pad() / sodium_unpad()
55a578d62 Merge branch 'master' of github.com:jedisct1/libsodium
b27714898 Reorder crypto_secretstream_*() prototypes in a more intuitive sequence
c3b315ec7 + Firefox
80296be94 Some notes about RtlGenRandom
914ff8757 Format paragraphs
c65426147 Explain that sodium_misuse() still aborts by default
901c49203 + crypto_secretstream_*()
a335fc2da Merge branch 'master' of github.com:jedisct1/libsodium
5f1f6f747 THANKS += PIA
6e8e0a93f Add a couple tests for crypto_secretstream_*()
88c0b6538 Trigger sodium_misuse() if mlen > secretstream_MESSAGESBYTES_MAX
72d5d506d Sort
df7ad2632 Introduce a new crypto_secretstream_*() API
45f2759d8 Update packaging scripts to .NET Core 2.0 (#582)
c39ecb245 Update packaging for .NET Core (#581)
100a055a5 Indent
e6e3f7dd8 ChangeLog
76995c52f Argon2: use sodium_{bin2base64,base642bin} instead of a private implementation
265bdcfe0 bin2hex & bin2base64: return a null size on error
a6480aec4 b64 test: intentionally overestimate sizes
74fd8fd1c C++ compat
ad5a5232a Make that a size_t
f42390a55 Update Visual Studio solutions
cdbb43f44 base64 tests
eb84b00b7 glibc requires <stdint.h> for SIZE_MAX
3f272cbbf Add a base64 codec, due to popular request
308684790 Move the codecs from sodium/utils.c to a dedicated file
b49054ff8 Merge branch 'master' of github.com:jedisct1/libsodium
ef7c9f44c Sort
c87e6f5e1 Add -Wold-style-declaration
dd9416fd5 Doc
1c573d4cb Update
5b141eb9e Add some blank lines for readability
7e91aa3f8 s/the//
4baea3575 Merge branch 'master' of github.com:jedisct1/libsodium
9b7db7c3f Document crypto_aead_aes256gcm_*() limitations
8f0953b31 Merge branch 'master' of github.com:jedisct1/libsodium
9e0e77a3f Update ChangeLog
a894ec93f Add crypto_pwhash_str_alg()
cde31281d Bench: don't tie the printed result to the number of iterations
6d59a5897 Make the number of iterations configurable; reduce the default
28a1e6886 Add an interesting test case for a custom randombytes_uniform implementation
5b4db091d Add a benchmark mode
8813c36ff randombytes test: restore the salsa20-based rng at the end, for benchmarks
a8cc1634f Indent
9d03fbb38 Merge branch 'master' of github.com:jedisct1/libsodium
196e03299 Preliminary ChangeLog
19f76d7cb Simplify
544ce6400 Just a simple script to match constants with functions
f711c6d04 + emscripten-wasm.sh
1a3b474f7 Update the exported list of JS symbols
e1fa9cc90 Add *_messagebytes_max() wrappers
53280aa28 Revert "wasm tests: skip over *.asm.js files"
ac8111c31 wasm tests: skip over *.asm.js files
29914ec82 [Findsodium.cmake] DON'T OVERWRITE LIBRARY SUFFIXES (#576)
f02770b2a Revert "+ sodium_alloc_overhead()"
c5b61d812 + sodium_alloc_overhead()
23c36615c Remove TOTAL_MEMORY from wasm builds
c56fa3ccf Include private/common.h for COMPILER_ASSERT
56eb70f8b Sort
3c3214fbd Node need for --expose-wasm any more with recent nodejs versions
b5b67d074 Add -fembed-bitcode to the iOS 64 target, for WatchOS and TVOS
580bf7a19 emscripten-wasm.sh: generate HTML files even if we don't use them
ae8cd7208 emscript-wasm: don't use --enable-minimal on sumo builds
f2a7b6123 Update symbols
774ec67e2 Repair sodium_core test
8a14f5c16 Don't call sodium_misuse() in the sodium_core test for Javascript/wasm targets
0ce03b6ce misuse test: just return from main() on unsupported platforms
6ac18dae4 The MESSAGEBYTES_MAX constants are to be used with the libsodium API
180a89cb2 More tests for signatures
90bd94e4e Coverage exclusion
b34b89ab3 secrebox: add a test with in/out buffers next to each other
3dd56fa91 Coverage exclusions
ff8bb6705 More tests for scrypt
a3f90d602 Indent
63d8a896f Test KX with a weak PK
7ad9a46cb More tests
a9a21a7df Test Ed->X conversion with x not being a square root
982cde1a7 Test crypto_box_open_detached() with a weak PK
52bfc0325 Initialize the base&aligned addresses in argon2's allocate_memory
fc9088792 Add missing include "core.h"
c15173de1 Turn a few calls with an insane message length into a sodium_misuse()
f28fe0ae2 Cap argon2*_BYTES_MAX to SODIUM_SIZE_MAX
bac61ebf5 BYTES_MAX -> MESSAGEBYTES_MAX
16179b87f Introduce *_BYTES_MAX constants
568adb570 Trim crypto_pwhash_scryptsalsa208sha256_BYTES_MAX down to ~127 GB
3525f032d Inline
3ee2151f1 memzero(): with weak symbols, just call memset()
105f7108d Argon2: wipe all blocks if the ARGON2_FLAG_CLEAR_MEMORY flag is set
dc2c68067 C++ compat
fb739acd7 fill_memory_blocks() cannot possibly fail
c3908f87d Argon2: deallocate memory if fill_memory_blocks() ever fails
8d91a3275 Add more tests for crypto_sign_ed25519_pk_to_curve25519()
214fe473f Add an invalid key to the signature tests
e1b044820 Test crypto_secretbox_open_detached() with a NULL message pointer
c90ddae75 Use the right state type for the auth256 test
51a0b96f1 Test crypto_hmac_sha256_update() with empty chunks
2a2ed3df3 Volatilify the accumulator, at least for consistency with sodium_is_zero()
cd51ff29e Coverage exclusions
33d6908f9 Test crypto_auth_hmacsha256_*()
f92c82537 More tests
67a7df73b Add all the Visual Studio files in the tarball
56efb47ab .13 -> .14
334738cf2 Add resource.rc to the Visual Studio filters files
47796a5b8 Indent
d7ecf04d6 Comment randombytes_uniform()
eaab51278 Add specialized ge_mul_l() to multiply by the order of the main subgroup
6de26b59d ed25519_pk_to_curve25519: check that the input is in the right subgroup
571915ea2 ed25519: un-static the check for low-order points
b57f9668f More tests
cc5191607 Tag sodium_runtime_has_*() symbols as weak
8b9b6a54b Remove error string from sodium_misuse()
9361070f9 Merge branch 'master' of github.com:jedisct1/libsodium * 'master' of github.com:jedisct1/libsodium: Tweak emscripten-wasm.sh Clear the BLAKE2B state only once, on finalization memzero() the state if we call generichash_final() twice
63cbad750 Visual Studio doesn't like abort() chains
21fd252ac Tweak emscripten-wasm.sh
97486f7d4 Clear the BLAKE2B state only once, on finalization
1090fcfd4 memzero() the state if we call generichash_final() twice
6768d82ea Add missing return value in set_misuse_handler()
9df008a78 Add some invalid base64 strings to pwhash_str_verify() tests
5d56821d3 More tests, and start testing misuse cases
0238cbcf6 Bump NuGet package
0e8d7c926 Implement sodium_set_misuse_handler()
9def4d9a8 Add tests for crypto_kx_*() when a single key is required
8a70f258f No more abort() calls!
c3b24c1d2 Explain why some abort() calls are still around
74703c63a More abort() -> sodium_misuse()
a0e997b8a More abort() -> sodium_misuse()
ea9281cb0 More abort() -> sodium_misuse()
c7459c125 Remove the useless donations button
a61dddd49 Back to dev mode. If you want a stable version, use the stable branch.
bcf98b554 Start replacing abort() with an internal sodium_misuse() function
c86080e7b Fix funky indentation
608e103e4 Finish the Argon2id tests
8b99f44ff Abort on misuse in crypto_kx_server_session_keys() too
765ba55cd crypto_kx(): abort if the function is called without any non-NULL pointer
90658321d Only include sodium/crypto_pwhash_scryptsalsa208sha256.h on !minimal
1f826df2d is_zero(): volatilize the accumulator
3d400363b sodium_compare: x1, x2 don't have to be volatile
99f8c19a1 memzero(): call the weak function after zeroing
30e8a2b23 The time has come to use memset_s() if available
f0c15da02 We don't need these extra loads
bcdb042ad Revert "Explicitly include <limits.h>"
7dbbd266b Simple SSE2 implementation of crypto_verify*()
94a8b3327 Simplify crypto_verify_*()
37e99aa4f Make it more difficult for the compiler to optimize crypto_verify_*()
c746eb277 Revert "Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX"
0fd9aae17 Explicitly include <limits.h>
c2ef7d088 Bail out if SIZE_MAX < crypto_pwhash_MEMLIMIT_MAX
git-subtree-dir: libsodium
git-subtree-split: 18609cffafed6ccfcac77088d402074e1d74f02c
2017-09-27 05:22:05 +00:00
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_macbytes() == crypto_box_curve25519xchacha20poly1305_MACBYTES);
|
|
|
|
|
assert(crypto_box_curve25519xchacha20poly1305_messagebytes_max() == crypto_box_curve25519xchacha20poly1305_MESSAGEBYTES_MAX);
|
2017-09-19 00:45:28 +00:00
|
|
|
|
|
|
|
|
printf("tv_box_xchacha20poly1305: ok\n");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
main(void)
|
|
|
|
|
{
|
|
|
|
|
tv_hchacha20();
|
|
|
|
|
tv_stream_xchacha20();
|
|
|
|
|
tv_secretbox_xchacha20poly1305();
|
|
|
|
|
tv_box_xchacha20poly1305();
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|