Commit graph

188 commits

Author SHA1 Message Date
Dag-Erling Smørgrav
26e434d64b Add functions that return the LSB and MSB of an MPI. 2017-04-06 19:51:47 +02:00
Dag-Erling Smørgrav
7e05fe419a Remove unused headers. 2017-04-06 19:51:47 +02:00
Dag-Erling Smørgrav
895d1eb539 Constify where possible. 2017-04-06 19:51:47 +02:00
Dag-Erling Smørgrav
9ee45d4e34 Fix sign bug in special cases in mpi_{add,sub}_abs().
We failed to clear the negative flag when handling trivial cases, so if one of the terms was 0 and the other was negative, the result would be an exact copy of the non-zero term instead of its absolute value.
2017-04-06 19:51:47 +02:00
Dag-Erling Smørgrav
cdbb565482 Silence compiler warnings about operator precedence. 2017-04-06 19:51:46 +02:00
Dag-Erling Smørgrav
c6536641c5 Major cleanup of the MD and SHA digests.
- Use the new vector byte-order conversion functions where appropriate.
- Use memset_s() instead of memset() where appropriate.
- Use consistent names and types for function arguments.
- Reindent, rename and reorganize to conform to Cryb style and idiom.

SHA224 and SHA256 were left mostly unchanged.  MD2 and MD4 were completely rewritten as the previous versions (taken from XySSL) seem to have been copied from RSAREF.

This breaks the ABI as some context structures have grown or shrunk and some function arguments have been changed from int to size_t.
2017-04-06 19:51:46 +02:00
Dag-Erling Smørgrav
ce5562d568 Remove unused struct member. 2017-04-06 19:51:46 +02:00
Dag-Erling Smørgrav
5c98dc1084 Assert that the cipher mode and key length are valid. 2017-04-06 19:51:46 +02:00
Dag-Erling Smørgrav
239ab3a471 Implement double- and triple-DES.
Single-DES is now a special case of triple-DES with all three keys being the same.  This is significantly slower than a pure single-DES implementation, but that's fine since nobody should be using it anyway.
2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
0c06ab5330 Slight cleanup of the DES code. 2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
700fa0718b Implement DES (single-key ECB only for now). 2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
c671da9b1c Implement the Salsa family of stream ciphers.
Note that we only have unit tests for Salsa20.
2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
cfd3951ee1 Implement the ChaCha family of stream ciphers. 2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
d383e7ab62 Misc cleanup after API change. 2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
c2f4fa524f Second iteration of the cryb-cipher API.
We now have separate encryption and decryption methods, and can process an arbitrary amount of plaintext or ciphertext per call, rounded down to the block size (if applicable).  For stream ciphers, we also have a keystream method which fills the provided buffer with an arbitrary amount of keystream (once again, rounded down if applicable).
2017-04-06 19:51:45 +02:00
Dag-Erling Smørgrav
52cf1f9d3c Rename t_verbose*() to t_printv*().
Not only is this a slightly more logical name, but it allows us to expose the verbose flag, previously private to cryb_t_main.c, as the equally logically named t_verbose.
2017-03-14 14:36:52 +01:00
Dag-Erling Smørgrav
fbf69f31cb Start using pkg-config / pkgconf. 2017-03-07 00:54:46 +01:00
Dag-Erling Smørgrav
cf46393d5e Remove an unused header and fix some naming nits. 2017-03-06 23:40:05 +01:00
Dag-Erling Smørgrav
d017611d76 All property names and values may be percent-encoded.
If the key length is not a multiple of 40 bits, its base32 representation may be padded, and that padding will be encoded.   We already decoded the label (which may contain spaces and other unsafe characters), but not the key.  For the sake of simplicity and robustness, we now decode the name and value of every property.

This corresponds to OpenPAM r886.
2017-03-05 17:06:30 +01:00
Dag-Erling Smørgrav
d419d7388a Remove an unnecessary pointer from struct aes_ctx.
The rk pointer in struct aes_ctx always pointed to the context's buffer and served no purpose whatsoever, but the compiler had no way of knowing that and could therefore not optimize away assignments to and from it.

Note that the removal of rk breaks the ABI, since it changes the size of struct aes_ctx, but we allow ourselves that because neither the API nor the ABI have been fixed yet.
2017-03-03 23:49:00 +01:00
Dag-Erling Smørgrav
f70dac496f Mechanically bump copyright dates to the date of the latest commit. 2017-02-19 20:07:43 +01:00
Dag-Erling Smørgrav
d4626dbd70 When freeing a mapped allocation, call UTRACE_FREE() again for the metadata. 2017-02-19 19:49:27 +01:00
Dag-Erling Smørgrav
d8f6837026 Eliminate a redundant newline. 2017-02-19 18:45:43 +01:00
Dag-Erling Smørgrav
692852a349 Report the correct size when tracing a realloc() call. 2017-02-19 18:13:07 +01:00
Dag-Erling Smørgrav
f6905c8edb Fix bugs in cryb_mpi_{add,sub}_abs() caused by assuming that the target is initally positive zero.
If its operands were identical, cryb_mpi_add_abs() would leave the target untouched.  Explicitly call mpi_zero() before returning.  While there, extend the “identical operands” shortcut to also cover equality.

Both cryb_mpi_add_abs() and cryb_mpi_sub_abs() would leave the target's negative flag untouched.  Explicitly clear it before returning.
2017-02-19 17:20:40 +01:00
Dag-Erling Smørgrav
42f68fb348 Add null pointer checks to t_compare_{ptr,mem,str,strn}(). 2017-02-19 14:38:09 +01:00
Dag-Erling Smørgrav
4cad790446 Fix typo in libcryb-rand's Makefile and ensure that it is built before libcryb-oath, which uses it. 2016-11-21 13:46:49 +01:00
Dag-Erling Smørgrav
2d507aaee4 Implement our own assert() and, more importantly, assertf(). 2016-11-14 13:00:51 +01:00
Dag-Erling Smørgrav
856571a06d Implement a soft assert for unit tests.
Unlike assert(3), which uses abort(3), this has no other side effects (before raising SIGABRT) than an fprintf() call.  The test framework will catch the SIGABRT, report that the test case failed, and proceed with the next case.
2016-11-14 13:00:16 +01:00
Dag-Erling Smørgrav
c6158a8dbf Don't confuse 2 ^ n with 1 << n in debugging output. 2016-11-14 12:59:13 +01:00
Dag-Erling Smørgrav
2ba5067496 Do not attempt to catch SIGABRT emanating from a test case.
It is reasonable to assume that a SIGABRT originates from a call to abort(3), either directly or via assert(3).  Both the C standard and POSIX give the implementation great latitude with regard to abort(3)'s behavior, and both explicitly mention that it may close all streams before raising SIGABRT.  This means that we cannot safely proceed after a call to abort(3).  One could argue that we can't safely proceed after a SIGBUS or SIGSEGV either, but in practice, the damage is usually quite limited.
2016-11-14 12:59:13 +01:00
Dag-Erling Smørgrav
f612ea1b14 Add dependencies on libcryb-core to all other libraries, as already enforced in the configure script. 2016-11-14 12:59:13 +01:00
Dag-Erling Smørgrav
c4798b486c Constify t_compare_ptr(). 2016-10-03 16:55:27 +02:00
Dag-Erling Smørgrav
94c83d5407 Remove tautological condition. 2016-10-03 16:43:05 +02:00
Dag-Erling Smørgrav
be954631db Finish and hook up half-written name-to-enum / enum-to-name conversion for OATH modes. 2016-10-03 12:26:30 +02:00
Dag-Erling Smørgrav
d8e26bc5bb Solve further asprintf() issues by sweeping them under the rug.
All further instances of asprintf() or vasprintf() in our codebase are either in libcryb-test or in individual unit tests, and in all cases, the only consequence of a failed call is that the result will say "no description" instead of either a description of the test or an explanation of how it failed.  Therefore, we can simply ignore the problem and cast the call to void to satisfy gcc.
2016-09-18 22:40:48 +02:00
Dag-Erling Smørgrav
eab216c06a Check the return value from asprintf().
This is actually redundant, because we already check the pointer, which is NULL if and only if asprintf() fails and returns < 0, but the version of gcc used by Travis CI insists.  I have not been able to reproduce the issue on any other platform available to me.
2016-09-18 22:18:02 +02:00
Dag-Erling Smørgrav
21cd8118fa Don't call string_expand() unless we know that we need to. 2016-09-17 23:42:09 +02:00
Dag-Erling Smørgrav
dc43296a47 Centralize most of .gitignore. 2016-09-17 21:38:54 +02:00
Dag-Erling Smørgrav
8396c4193b Add string_buf(), string_compare_cs(), string_equal_cs(). 2016-09-17 21:37:18 +02:00
Dag-Erling Smørgrav
cb6743bace Add wide-character versions of strlcat(), strlcmp(), strlcpy(). 2016-09-17 21:35:42 +02:00
Dag-Erling Smørgrav
66c3bf8c32 Document all the hash and checksum functions. 2016-09-17 17:30:13 +02:00
Dag-Erling Smørgrav
29f404d52c The Adler-32 checksum is described in RFC 1950, not RFC 1905. 2016-09-17 17:22:38 +02:00
Dag-Erling Smørgrav
aafc7e1ab0 Clean up the cryb_strl*(3) man pages. 2016-09-17 16:50:37 +02:00
Dag-Erling Smørgrav
09cb4bacf6 Clean up the cryb_sha1(3) man page and add man pages for the SHA-2 functions. 2016-09-17 16:50:12 +02:00
Dag-Erling Smørgrav
85f75bba42 Rename a few more files. 2016-09-04 16:34:30 +02:00
Dag-Erling Smørgrav
04d737a258 Include <unistd.h> for ssize_t, which is used by the string library. 2016-09-04 16:20:24 +02:00
Dag-Erling Smørgrav
06a757e878 Big reorganization and cleanup 2016-09-04 14:56:39 +02:00
Dag-Erling Smørgrav
401465d8ea Move main() from libcryb-test to the test program.
Instead of having libcryb-test provide main() and assume that the test program defines t_prepare() and t_cleanup(), have libcryb-test provide a t_main() function which the test program calls with pointers to its prepare and cleanup functions.
2016-03-15 14:29:44 +01:00
Dag-Erling Smørgrav
4d1703c77a Don't try to memset NULL if allocation fails.
Always emit UTRACE records, even for failed allocations.
When allocating more than was requested, fill the slop with garbage.
2016-02-19 12:23:17 +01:00
Dag-Erling Smørgrav
1d0f2a4ff3 Reserve room in the label buffer for the terminating NUL. 2016-02-19 12:20:25 +01:00
Dag-Erling Smørgrav
c044f2580b Fix buffer over-read in percent_decode().
When decoding a trigram, percent_decode() would correctly increment the input pointer by an extra two characters (three total) but would not decrement the input length by the same amount.  This would result in a buffer over-read when decoding unterminated strings.
2016-01-10 23:29:03 +01:00
Dag-Erling Smørgrav
e40f2f7d4b Improve and document percent-encoding API.
- Ensure that the output is always NUL-terminated.
- Always include the terminating NUL in the returned length.
- Allow out == NULL, allowing the caller to check how much space is required before allocating.
- Add man page.
2016-01-10 23:25:28 +01:00
Dag-Erling Smørgrav
6eaaac308f Add a t_compare_strn() function which is to t_compare_str() what strncmp() is to
strcmp().
2016-01-10 18:49:19 +01:00
Dag-Erling Smørgrav
da40b1fad8 Add man pages for a few functions. 2016-01-08 17:27:27 +01:00
Dag-Erling Smørgrav
f9c8ce7c65 Build system overhaul 2015-12-14 18:08:22 +01:00
Dag-Erling Smørgrav
278ff6d113 GC empty directory 2015-12-14 17:51:01 +01:00
Dag-Erling Smørgrav
4d7893004c Prepare for moving to Github 2015-12-14 15:55:38 +01:00
Dag-Erling Smørgrav
5584b68908 Fix t_malloc_snapshot(): stash the difference between nalloc and nfree,
not the numbers themselves.

In t_malloc_printstats(), show information about mapped allocations.

In t_malloc_leaked(), check for leaked mapped allocations.  Note that
they would show up anyway since the metadata are allocated from the
bucket allocator, but this makes them more visible.
2015-11-02 19:45:12 +00:00
Dag-Erling Smørgrav
955cbc3013 Add t_malloc_snapshot() which writes a snapshot of the allocator state to
a caller-provided buffer.  Use it to warn about leaks in each individual
test case.  Note that we can't fail a test case for leaking, because
individual test cases in a unit may modify shared state which is cleaned
up at the end of the series.
2015-11-02 19:34:03 +00:00
Dag-Erling Smørgrav
fd515ccd79 Clear up confusion between lengths and sizes.
Fix a harmless bug in string_shrink().
2015-10-13 21:42:57 +00:00
Dag-Erling Smørgrav
0a9f2c21fe When running a test, make sure it didn't leave allocation failure enabled.
Add predicates for null and non-null pointers.
Staticize some internal allocator state.
2015-10-13 21:39:47 +00:00
Dag-Erling Smørgrav
2acf532339 libtest is not just for internal use. 2015-10-12 11:41:47 +00:00
Dag-Erling Smørgrav
e6049c1d6a Add string_len() (return length of string) and string_dup_cs() (create a
string from a null-terminated string).  Add test for string_trunc().
2015-10-12 10:23:24 +00:00
Dag-Erling Smørgrav
eb61dac230 <unistd.h> required for t_compare_ssz() 2015-10-12 10:20:14 +00:00
Dag-Erling Smørgrav
b5d5f111ca Add missing Makefile 2015-10-04 07:51:08 +00:00
Dag-Erling Smørgrav
f8ebdbc14d Move the test framework into its own subdirectory 2015-10-04 07:49:48 +00:00
Dag-Erling Smørgrav
ab8f712584 Correctly register AES192 and AES256 2015-10-04 07:19:52 +00:00
Dag-Erling Smørgrav
476c9f27f7 Use our own endianness conversion macros. 2015-10-04 07:07:53 +00:00
Dag-Erling Smørgrav
03bd9ea902 Code cleanup 2015-10-03 15:33:47 +00:00
Dag-Erling Smørgrav
dd466ab29b Move some code around 2015-10-03 14:47:59 +00:00
Dag-Erling Smørgrav
023ec74be2 Implement cipher algorithm list and rename some files. 2015-10-03 14:44:59 +00:00
Dag-Erling Smørgrav
a9e733f0ca Use an enum for encrypt / decrypt + minor cleanup 2015-10-03 14:43:33 +00:00
Dag-Erling Smørgrav
dd18cd2995 Kick off libcryb-cipher with AES (from XySSL) and RC4 (my own). 2015-10-03 14:24:59 +00:00
Dag-Erling Smørgrav
94471e9923 Always clear the negative flag in mpi_zero() 2015-10-03 14:23:32 +00:00
Dag-Erling Smørgrav
bf36ff7a8c Correct context length for SHA digests 2015-10-03 13:56:07 +00:00
Dag-Erling Smørgrav
398abda6b0 Fix various bugs relating to digest algorithm registration and wrapping 2015-10-03 09:32:44 +00:00
Dag-Erling Smørgrav
8d087eeb64 Fix endian.h includes 2015-10-03 09:31:57 +00:00
Dag-Erling Smørgrav
f99073058c Whitespace cleanup to reduce diffs between SHA-512 and SHA-384. 2015-09-15 10:09:09 +00:00
Dag-Erling Smørgrav
531eeec36b Add a simple implementation of the Adler-32 checksum. 2015-08-18 13:27:06 +00:00
Dag-Erling Smørgrav
1609b4e08a Cite the Fletcher paper. 2015-08-18 10:42:41 +00:00
Dag-Erling Smørgrav
aa97da3335 Add simple implementations of Fletcher's checksum. 2015-08-17 15:21:47 +00:00
Dag-Erling Smørgrav
dc75f2edd8 Add a memset_s() implementation (cf. C11 / WG14 N1381) 2015-02-15 09:18:18 +00:00
Dag-Erling Smørgrav
342ac3fd78 Note that rand_bytes() is just a placeholder for the sake of liboath. 2015-01-08 12:24:19 +00:00
Dag-Erling Smørgrav
a33f58cad7 Fix equality predicate. 2015-01-07 19:23:38 +00:00
Dag-Erling Smørgrav
d0fb2359f1 Implement mpi_{add,sub}() in terms of mpi_{add,sub}_abs(). 2015-01-07 18:59:44 +00:00
Dag-Erling Smørgrav
7a90ca7b42 Since X may point to the same MPI as either G or L (or even both), we
can't set the carry flag based on the contents of G or L after having
modified X.  Instead, compute and stash the new carry value first.
2014-12-30 19:14:59 +00:00
Dag-Erling Smørgrav
0d483f20ab Fix msb calculation. We may have to backtrack quite a bit, for
instance when subtracting two nearly equal large numbers.
2014-12-30 16:45:18 +00:00
Dag-Erling Smørgrav
1c024928f9 Fix off-by-one bug in mpi_cmp() which could cause it to read past the
end of the buffer.
2014-12-30 16:35:13 +00:00
Dag-Erling Smørgrav
43b870dc83 WIP: implement subtraction correctly. The actual result is now correct
most of the time, but the MSB calculation is not.
2014-12-30 11:23:30 +00:00
Dag-Erling Smørgrav
7524a14386 comment nit 2014-12-30 11:15:28 +00:00
Dag-Erling Smørgrav
c5b962387c Add mpi_eq_abs() and mpi_eq() predicates. 2014-12-30 11:12:11 +00:00
Dag-Erling Smørgrav
bc8e9d67ba In both mpi_add_abs() and mpi_sub_abs(), make sure that the target is
untouched if the operation fails.  Also ensure that A = A +/- A works.
2014-12-29 23:44:34 +00:00
Dag-Erling Smørgrav
98c6349d4a In mpi_zero(), save a memset() if the target is already zero. 2014-12-29 23:22:54 +00:00
Dag-Erling Smørgrav
1412dac680 Shifting any number by zero places is a no-op, but so is shifting zero by
any number of places.
2014-12-29 23:20:26 +00:00
Dag-Erling Smørgrav
8228f19d5a In mpi_copy(), any failure should leave the target untouched. 2014-12-29 23:18:57 +00:00
Dag-Erling Smørgrav
82f5c5cf77 In mpi_load(), use be32dec() when possible.
In mpi_set(), it is impossible for the value being loaded to exceed
the minimum size of an mpi; thus, there is no need for mpi_grow().
2014-12-29 15:08:09 +00:00
Dag-Erling Smørgrav
79967f2844 Fix string_equal() for strings of unequal length. 2014-12-29 12:46:44 +00:00
Dag-Erling Smørgrav
2ad45cfccf Add a string comparison function and a string equality predicate.
Write test cases for the former.
2014-12-29 12:41:39 +00:00
Dag-Erling Smørgrav
f82bbc1400 Catch up with OpenPAM's latest OATH changes:
Add an oath_mode(3) function which translates from mode names to numbers.

 Consistently use UINT_MAX, not -1, to indicate an invalid response.

 Change the meaning of the window parameter to always indicate the number
 of codes to check *in addition* to the current code.  Note that for TOTP,
 the window goes in both directions; a window of 1 means to check the
 current code plus the previous and next.
2014-12-20 01:45:01 +00:00