Added a test vector for Argon2i

Libsodium's API doesn't let the user specify the `key` and `ad`
arguments.  An implementation that flips them by mistake would still
pass the test vectors.

So I added a test vector from the reference implementation (hard coded,
to avoid dragging the whole reference implementation with us).  With
that, we're sure `key` and `ad` are processed in the right order.

It wouldn't have affected security, but due diligence can't hurt.

diff --git a/tests/gen/argon2i.c b/tests/gen/argon2i.c
index aee87b71a65f38b45ac4b4eeaf1b8dab965551bd..b5b36d8bed6e3c0a2f674b54ab5dfe841b9e9edc 100644 (file)
--- a/tests/gen/argon2i.c
+++ b/tests/gen/argon2i.c
@@ -22,6 +22,7 @@ void test(size_t nb_blocks, size_t hash_size, size_t nb_iterations)
     print_number(nb_iterations                    );
     print_vector(password, 16                     );
     print_vector(salt    , crypto_pwhash_SALTBYTES);
+    printf(":\n:\n"); // no key, no additionnal data
     print_vector(hash    , hash_size              );
     printf("\n");
 }

diff --git a/tests/gen/makefile b/tests/gen/makefile
index b59a94132b1bb22aadaed8b9adeb609816d5dadd..3a102b849877c69b9876104ab224bef7abaa9099 100644 (file)
--- a/tests/gen/makefile
+++ b/tests/gen/makefile
@@ -58,7 +58,7 @@ xchacha20.all.vec   : xchacha20.vec
 aead_ietf.all.vec   : aead_ietf.vec
 blake2b.all.vec     : blake2b.vec
 sha512.all.vec      : sha512.vec
-argon2i.all.vec     : argon2i.vec
+argon2i.all.vec     : argon2i.vec   ../vectors/argon2i
 edDSA.all.vec       : edDSA.vec
 key_exchange.all.vec:               ../vectors/key_exchange
 $(VEC2):

diff --git a/tests/test.c b/tests/test.c
index d7c8a7769eb268e307b4a525e1ed086a9fa03cf5..a97e0def04ae7cbe1af2582bfc939ec514063b2d 100644 (file)
--- a/tests/test.c
+++ b/tests/test.c
@@ -147,12 +147,16 @@ static void argon2i(const vector in[], vector *out)
     u64 nb_iterations = load64_le(in[1].buf);
     const vector *password = in + 2;
     const vector *salt     = in + 3;
+    const vector *key      = in + 4;
+    const vector *ad       = in + 5;
 
     void *work_area = alloc(nb_blocks * 1024);
-    crypto_argon2i(out->buf, out->size,
-                   work_area, nb_blocks, nb_iterations,
-                   password->buf, password->size,
-                   salt    ->buf, salt    ->size);
+    crypto_argon2i_general(out->buf, out->size,
+                           work_area, nb_blocks, nb_iterations,
+                           password->buf, password->size,
+                           salt    ->buf, salt    ->size,
+                           key     ->buf, key     ->size,
+                           ad      ->buf, ad      ->size);
     free(work_area);
 }
 
@@ -768,7 +772,7 @@ int main(void)
     status |= TEST(aead_ietf   , 4);
     status |= TEST(blake2b     , 2);
     status |= TEST(sha512      , 1);
-    status |= TEST(argon2i     , 4);
+    status |= TEST(argon2i     , 6);
     status |= TEST(x25519      , 2);
     status |= TEST(key_exchange, 2);
     status |= TEST(edDSA       , 3);

diff --git a/tests/vectors/argon2i b/tests/vectors/argon2i
new file mode 100644 (file)
index 0000000..7b4c51e
--- /dev/null
+++ b/tests/vectors/argon2i
@@ -0,0 +1,7 @@
+0800000000000000:
+0300000000000000:
+0101010101010101010101010101010101010101010101010101010101010101:
+02020202020202020202020202020202:
+0303030303030303:
+040404040404040404040404:
+afe519be3ab0e92375df221dfb17347080c7000b1be85f9ee39978bf11e7cc3a: