summaryrefslogtreecommitdiff
path: root/src/libsodium/crypto_auth
diff options
context:
space:
mode:
Diffstat (limited to 'src/libsodium/crypto_auth')
-rw-r--r--src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c4
-rw-r--r--src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c4
-rw-r--r--src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c4
-rw-r--r--src/libsodium/crypto_auth/try.c119
4 files changed, 9 insertions, 122 deletions
diff --git a/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c b/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c
index b6cf489..be9d34f 100644
--- a/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c
+++ b/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c
@@ -1,9 +1,11 @@
#include "api.h"
#include "crypto_verify_32.h"
+#include "utils.h"
int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
{
unsigned char correct[32];
crypto_auth(correct,in,inlen,k);
- return crypto_verify_32(h,correct);
+ return crypto_verify_32(h,correct) | (-(h - correct == 0)) |
+ sodium_memcmp(correct,h,32);
}
diff --git a/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c b/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c
index fccdc1a..28e0dfb 100644
--- a/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c
+++ b/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c
@@ -1,10 +1,12 @@
#include "api.h"
#include "crypto_verify_64.h"
+#include "utils.h"
int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
unsigned long long inlen, const unsigned char *k)
{
unsigned char correct[64];
crypto_auth(correct,in,inlen,k);
- return crypto_verify_64(h,correct);
+ return crypto_verify_64(h,correct) | (-(h - correct == 0)) |
+ sodium_memcmp(correct,h,64);
}
diff --git a/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c b/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c
index 1e6e18d..6c263f3 100644
--- a/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c
+++ b/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c
@@ -1,10 +1,12 @@
#include "api.h"
#include "crypto_verify_32.h"
+#include "utils.h"
int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
unsigned long long inlen, const unsigned char *k)
{
unsigned char correct[32];
crypto_auth(correct,in,inlen,k);
- return crypto_verify_32(h,correct);
+ return crypto_verify_32(h,correct) | (-(h - correct == 0)) |
+ sodium_memcmp(correct,h,32);
}
diff --git a/src/libsodium/crypto_auth/try.c b/src/libsodium/crypto_auth/try.c
deleted file mode 100644
index c2f2c80..0000000
--- a/src/libsodium/crypto_auth/try.c
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * crypto_auth/try.c version 20090118
- * D. J. Bernstein
- * Public domain.
- */
-
-#include <stdlib.h>
-#include "crypto_hash_sha256.h"
-#include "crypto_auth.h"
-#include "utils.h"
-#include "windows/windows-quirks.h"
-
-extern unsigned char *alignedcalloc(unsigned long long);
-
-const char *primitiveimplementation = crypto_auth_IMPLEMENTATION;
-
-#define MAXTEST_BYTES 10000
-#define CHECKSUM_BYTES 4096
-#define TUNE_BYTES 1536
-
-static unsigned char *h;
-static unsigned char *m;
-static unsigned char *k;
-static unsigned char *h2;
-static unsigned char *m2;
-static unsigned char *k2;
-
-void preallocate(void)
-{
-}
-
-void allocate(void)
-{
- h = alignedcalloc(crypto_auth_BYTES);
- m = alignedcalloc(MAXTEST_BYTES);
- k = alignedcalloc(crypto_auth_KEYBYTES);
- h2 = alignedcalloc(crypto_auth_BYTES);
- m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES);
- k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES);
-}
-
-void predoit(void)
-{
-}
-
-void doit(void)
-{
- crypto_auth(h,m,TUNE_BYTES,k);
- crypto_auth_verify(h,m,TUNE_BYTES,k);
-}
-
-char checksum[crypto_auth_BYTES * 2 + 1];
-
-const char *checksum_compute(void)
-{
- long long i;
- long long j;
-
- for (i = 0;i < CHECKSUM_BYTES;++i) {
- long long mlen = i;
- long long klen = crypto_auth_KEYBYTES;
- long long hlen = crypto_auth_BYTES;
-
- for (j = -16;j < 0;++j) h[j] = rand();
- for (j = -16;j < 0;++j) k[j] = rand();
- for (j = -16;j < 0;++j) m[j] = rand();
- for (j = hlen;j < hlen + 16;++j) h[j] = rand();
- for (j = klen;j < klen + 16;++j) k[j] = rand();
- for (j = mlen;j < mlen + 16;++j) m[j] = rand();
- for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
- for (j = -16;j < klen + 16;++j) k2[j] = k[j];
- for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-
- if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
-
- for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
- for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
- for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output";
- for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output";
-
- for (j = -16;j < 0;++j) h[j] = rand();
- for (j = -16;j < 0;++j) k[j] = rand();
- for (j = -16;j < 0;++j) m[j] = rand();
- for (j = hlen;j < hlen + 16;++j) h[j] = rand();
- for (j = klen;j < klen + 16;++j) k[j] = rand();
- for (j = mlen;j < mlen + 16;++j) m[j] = rand();
- for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
- for (j = -16;j < klen + 16;++j) k2[j] = k[j];
- for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-
- if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero";
- for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap";
- for (j = 0;j < hlen;++j) m2[j] = m[j];
- if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero";
- for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap";
- for (j = 0;j < hlen;++j) k2[j] = k[j];
-
- if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
-
- for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h";
- for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
- for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
-
- crypto_hash_sha256(h2,h,hlen);
- for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
- if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
- if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
-
- crypto_hash_sha256(h2,h,hlen);
- for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
- m[mlen] = h2[0];
- }
- if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero";
- if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero";
-
- sodium_bin2hex(checksum, sizeof checksum, h, crypto_auth_BYTES);
-
- return 0;
-}