diff options
Diffstat (limited to 'src/libsodium/crypto_auth')
4 files changed, 9 insertions, 122 deletions
diff --git a/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c b/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c index b6cf489..be9d34f 100644 --- a/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c +++ b/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c @@ -1,9 +1,11 @@ #include "api.h" #include "crypto_verify_32.h" +#include "utils.h" int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) { unsigned char correct[32]; crypto_auth(correct,in,inlen,k); - return crypto_verify_32(h,correct); + return crypto_verify_32(h,correct) | (-(h - correct == 0)) | + sodium_memcmp(correct,h,32); } diff --git a/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c b/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c index fccdc1a..28e0dfb 100644 --- a/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c +++ b/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c @@ -1,10 +1,12 @@ #include "api.h" #include "crypto_verify_64.h" +#include "utils.h" int crypto_auth_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) { unsigned char correct[64]; crypto_auth(correct,in,inlen,k); - return crypto_verify_64(h,correct); + return crypto_verify_64(h,correct) | (-(h - correct == 0)) | + sodium_memcmp(correct,h,64); } diff --git a/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c b/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c index 1e6e18d..6c263f3 100644 --- a/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c +++ b/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c @@ -1,10 +1,12 @@ #include "api.h" #include "crypto_verify_32.h" +#include "utils.h" int crypto_auth_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) { unsigned char correct[32]; crypto_auth(correct,in,inlen,k); - return crypto_verify_32(h,correct); + return crypto_verify_32(h,correct) | (-(h - correct == 0)) | + sodium_memcmp(correct,h,32); } diff --git a/src/libsodium/crypto_auth/try.c b/src/libsodium/crypto_auth/try.c deleted file mode 100644 index c2f2c80..0000000 --- a/src/libsodium/crypto_auth/try.c +++ /dev/null @@ -1,119 +0,0 @@ -/* - * crypto_auth/try.c version 20090118 - * D. J. Bernstein - * Public domain. - */ - -#include <stdlib.h> -#include "crypto_hash_sha256.h" -#include "crypto_auth.h" -#include "utils.h" -#include "windows/windows-quirks.h" - -extern unsigned char *alignedcalloc(unsigned long long); - -const char *primitiveimplementation = crypto_auth_IMPLEMENTATION; - -#define MAXTEST_BYTES 10000 -#define CHECKSUM_BYTES 4096 -#define TUNE_BYTES 1536 - -static unsigned char *h; -static unsigned char *m; -static unsigned char *k; -static unsigned char *h2; -static unsigned char *m2; -static unsigned char *k2; - -void preallocate(void) -{ -} - -void allocate(void) -{ - h = alignedcalloc(crypto_auth_BYTES); - m = alignedcalloc(MAXTEST_BYTES); - k = alignedcalloc(crypto_auth_KEYBYTES); - h2 = alignedcalloc(crypto_auth_BYTES); - m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES); - k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES); -} - -void predoit(void) -{ -} - -void doit(void) -{ - crypto_auth(h,m,TUNE_BYTES,k); - crypto_auth_verify(h,m,TUNE_BYTES,k); -} - -char checksum[crypto_auth_BYTES * 2 + 1]; - -const char *checksum_compute(void) -{ - long long i; - long long j; - - for (i = 0;i < CHECKSUM_BYTES;++i) { - long long mlen = i; - long long klen = crypto_auth_KEYBYTES; - long long hlen = crypto_auth_BYTES; - - for (j = -16;j < 0;++j) h[j] = rand(); - for (j = -16;j < 0;++j) k[j] = rand(); - for (j = -16;j < 0;++j) m[j] = rand(); - for (j = hlen;j < hlen + 16;++j) h[j] = rand(); - for (j = klen;j < klen + 16;++j) k[j] = rand(); - for (j = mlen;j < mlen + 16;++j) m[j] = rand(); - for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; - for (j = -16;j < klen + 16;++j) k2[j] = k[j]; - for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; - - if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; - - for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; - for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; - for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output"; - for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output"; - - for (j = -16;j < 0;++j) h[j] = rand(); - for (j = -16;j < 0;++j) k[j] = rand(); - for (j = -16;j < 0;++j) m[j] = rand(); - for (j = hlen;j < hlen + 16;++j) h[j] = rand(); - for (j = klen;j < klen + 16;++j) k[j] = rand(); - for (j = mlen;j < mlen + 16;++j) m[j] = rand(); - for (j = -16;j < hlen + 16;++j) h2[j] = h[j]; - for (j = -16;j < klen + 16;++j) k2[j] = k[j]; - for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; - - if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero"; - for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap"; - for (j = 0;j < hlen;++j) m2[j] = m[j]; - if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero"; - for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap"; - for (j = 0;j < hlen;++j) k2[j] = k[j]; - - if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; - - for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h"; - for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k"; - for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m"; - - crypto_hash_sha256(h2,h,hlen); - for (j = 0;j < klen;++j) k[j] ^= h2[j % 32]; - if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero"; - if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero"; - - crypto_hash_sha256(h2,h,hlen); - for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32]; - m[mlen] = h2[0]; - } - if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero"; - if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero"; - - sodium_bin2hex(checksum, sizeof checksum, h, crypto_auth_BYTES); - - return 0; -} |