From: Loup Vaillant Date: Mon, 28 Nov 2022 22:58:53 +0000 (+0100) Subject: Remove deprecated functions. X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=f87539a34fc2e1eac1432705bf81a02901ba0529;p=Monocypher.git Remove deprecated functions. Deprecated functions are redundant with previous major branches of Monocypher, and as such don't serve any meaningful purpose. Maintaining old branches is cheaper anyway. Note: this will also remove them from the manual, including on the website when updated. We could compensate by publishing older versions of the manual, or we could punt on it and rely on the fact that the tarball contain the associated manual. --- diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 74ba013..3a5df1d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -109,7 +109,7 @@ jobs: - name: Run tests with clang sanitizers run: | - make clean; make test; make test-legacy -j4 + make clean; make test -j4 echo "Make with O3 optimization and no blake2 loop unrolling" make clean; make test CFLAGS="-DBLAKE2_NO_UNROLLING -O3" -j4 diff --git a/doc/man/man3/deprecated/crypto_chacha20_encrypt.3monocypher b/doc/man/man3/deprecated/crypto_chacha20_encrypt.3monocypher deleted file mode 100644 index 894b323..0000000 --- a/doc/man/man3/deprecated/crypto_chacha20_encrypt.3monocypher +++ /dev/null @@ -1,152 +0,0 @@ -.\" This file is dual-licensed. Choose whichever you want. -.\" -.\" The first licence is a regular 2-clause BSD licence. The second licence -.\" is the CC-0 from Creative Commons. It is intended to release Monocypher -.\" to the public domain. The BSD licence serves as a fallback option. -.\" -.\" SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0 -.\" -.\" ---------------------------------------------------------------------------- -.\" -.\" Copyright (c) 2019, 2021 Fabio Scotoni -.\" All rights reserved. -.\" -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions are -.\" met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the -.\" distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" ---------------------------------------------------------------------------- -.\" -.\" Written in 2019 and 2021 by Fabio Scotoni -.\" -.\" To the extent possible under law, the author(s) have dedicated all copyright -.\" and related neighboring rights to this software to the public domain -.\" worldwide. This software is distributed without any warranty. -.\" -.\" You should have received a copy of the CC0 Public Domain Dedication along -.\" with this software. If not, see -.\" -.\" -.Dd June 11, 2021 -.Dt CRYPTO_CHACHA20_ENCRYPT 3MONOCYPHER -.Os -.Sh NAME -.Nm crypto_chacha20_encrypt , -.Nm crypto_chacha20_init , -.Nm crypto_chacha20_x_init , -.Nm crypto_chacha20_stream , -.Nm crypto_chacha20_set_ctr -.Nd deprecated ChaCha20 and XChaCha20 encryption functions -.Sh SYNOPSIS -.In monocypher.h -.Ft void -.Fo crypto_chacha20_init -.Fa "crypto_chacha_ctx *ctx" -.Fa "const uint8_t key[32]" -.Fa "const uint8_t nonce[8]" -.Fc -.Ft void -.Fo crypto_chacha20_x_init -.Fa "crypto_chacha_ctx *ctx" -.Fa "const uint8_t key[32]" -.Fa "const uint8_t nonce[24]" -.Fc -.Ft void -.Fo crypto_chacha20_encrypt -.Fa "crypto_chacha_ctx *ctx" -.Fa "uint8_t *cipher_text" -.Fa "const uint8_t *plain_text" -.Fa "size_t text_size" -.Fc -.Ft void -.Fo crypto_chacha20_stream -.Fa "crypto_chacha_ctx *ctx" -.Fa "uint8_t *stream" -.Fa "size_t stream_size" -.Fc -.Ft void -.Fo crypto_chacha20_set_ctr -.Fa "crypto_chacha_ctx *ctx" -.Fa "uint64_t ctr" -.Fc -.Sh DESCRIPTION -These functions provided an incremental interface for the ChaCha20 -cipher. -They were deprecated in favour of -.Xr crypto_chacha20 3monocypher , -.Xr crypto_chacha20_ctr 3monocypher , -.Xr crypto_xchacha20 3monocypher , and -.Xr crypto_xchacha20_ctr 3monocypher . -.Pp -For encryption, you can achieve an identical effect -as the deprecated functions by using -.Xr crypto_chacha20_ctr 3monocypher -or -.Xr crypto_xchacha20_ctr 3monocypher . -However, -care needs to be taken with regards to handling the counter value -when migrating old code to use the new functions. -The new functions -.Em always return the next counter value . -This means that input ciphertexts or plaintexts -whose lengths are not exactly multiples of 64 bytes -advance the counter, even though there is theoretically some space left -in a ChaCha20 block. -New applications should design their code so that either -the protocol is not reliant on the counter covering the entire text -(e.g. by cutting input into independent chunks) or -inputs are always such that their lengths are multiples of 64 bytes -(e.g. by buffering input until 64 bytes have been obtained). -.Pp -To obtain the raw ChaCha20 stream previously provided by -.Fn crypto_chacha20_stream , -pass -.Dv NULL -to -.Xr crypto_chacha20 -as plaintext. -.Sh RETURN VALUES -These functions return nothing. -.Sh SEE ALSO -.Xr crypto_chacha20 3monocypher , -.Xr crypto_chacha20_ctr 3monocypher , -.Xr crypto_xchacha20 3monocypher , -.Xr crypto_xchacha20_ctr 3monocypher , -.Xr crypto_lock 3monocypher , -.Xr crypto_wipe 3monocypher , -.Xr intro 3monocypher -.Sh HISTORY -The -.Fn crypto_chacha20_encrypt -and -.Fn crypto_chacha20_init -functions first appeared in Monocypher 0.1. -.Fn crypto_chacha20_stream -was added in Monocypher 0.2. -.Fn crypto_chacha20_x_init -and -.Fn crypto_chacha20_set_ctr -were added in Monocypher 1.0. -They were deprecated in Monocypher 3.0.0 -and will be removed in Monocypher 4.0.0. diff --git a/doc/man/man3/deprecated/crypto_chacha20_init.3monocypher b/doc/man/man3/deprecated/crypto_chacha20_init.3monocypher deleted file mode 120000 index 7edf6f3..0000000 --- a/doc/man/man3/deprecated/crypto_chacha20_init.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_chacha20_encrypt.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_chacha20_set_ctr.3monocypher b/doc/man/man3/deprecated/crypto_chacha20_set_ctr.3monocypher deleted file mode 120000 index 7edf6f3..0000000 --- a/doc/man/man3/deprecated/crypto_chacha20_set_ctr.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_chacha20_encrypt.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_chacha20_stream.3monocypher b/doc/man/man3/deprecated/crypto_chacha20_stream.3monocypher deleted file mode 120000 index 7edf6f3..0000000 --- a/doc/man/man3/deprecated/crypto_chacha20_stream.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_chacha20_encrypt.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_chacha20_x_init.3monocypher b/doc/man/man3/deprecated/crypto_chacha20_x_init.3monocypher deleted file mode 120000 index 7edf6f3..0000000 --- a/doc/man/man3/deprecated/crypto_chacha20_x_init.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_chacha20_encrypt.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_key_exchange.3monocypher b/doc/man/man3/deprecated/crypto_key_exchange.3monocypher deleted file mode 100644 index 6f23d95..0000000 --- a/doc/man/man3/deprecated/crypto_key_exchange.3monocypher +++ /dev/null @@ -1,203 +0,0 @@ -.\" This file is dual-licensed. Choose whichever you want. -.\" -.\" The first licence is a regular 2-clause BSD licence. The second licence -.\" is the CC-0 from Creative Commons. It is intended to release Monocypher -.\" to the public domain. The BSD licence serves as a fallback option. -.\" -.\" SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0 -.\" -.\" ---------------------------------------------------------------------------- -.\" -.\" Copyright (c) 2017-2021 Loup Vaillant -.\" Copyright (c) 2017-2018 Michael Savage -.\" Copyright (c) 2017, 2019-2021 Fabio Scotoni -.\" Copyright (c) 2020 Richard Walmsley -.\" Copyright (c) 2022 Samuel Lucas -.\" All rights reserved. -.\" -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions are -.\" met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the -.\" distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" ---------------------------------------------------------------------------- -.\" -.\" Written in 2017-2022 by Loup Vaillant, Michael Savage, Fabio Scotoni, -.\" Richard Walmsley and Samuel Lucas -.\" -.\" To the extent possible under law, the author(s) have dedicated all copyright -.\" and related neighboring rights to this software to the public domain -.\" worldwide. This software is distributed without any warranty. -.\" -.\" You should have received a copy of the CC0 Public Domain Dedication along -.\" with this software. If not, see -.\" -.\" -.Dd February 12, 2022 -.Dt CRYPTO_KEY_EXCHANGE 3MONOCYPHER -.Os -.Sh NAME -.Nm crypto_key_exchange , -.Nm crypto_key_exchange_public_key -.Nd Key Exchange (Public Key Cryptography) -.Sh SYNOPSIS -.In monocypher.h -.Ft void -.Fo crypto_key_exchange -.Fa "uint8_t shared_key[32]" -.Fa "const uint8_t your_secret_key[32]" -.Fa "const uint8_t their_public_key[32]" -.Fc -.Ft void -.Fo crypto_key_exchange_public_key -.Fa "uint8_t your_public_key[32]" -.Fa "const uint8_t your_secret_key[32]" -.Fc -.Sh DESCRIPTION -.Fn crypto_key_exchange -computes a shared key with your secret key and their public key. -.Pp -.Fn crypto_key_exchange_public_key -deterministically computes the public key from a random secret key. -.Pp -These functions are -.Sy deprecated -in favor of using a higher level protocol with -.Xr crypto_x25519 3monocypher . -.Pp -The arguments are: -.Bl -tag -width Ds -.It Fa shared_key -The shared secret, known only to those who know a relevant secret key -(yours or theirs). -It is cryptographically random and suitable for use with the -.Xr crypto_lock 3monocypher -family of functions. -.It Fa your_secret_key -A 32-byte random number known only to you. -See -.Xr intro 3monocypher -for advice about generating random bytes (use the operating system's -random number generator). -.It Fa their_public_key -The public key of the other party. -.It Fa your_public_key -Your public key, generated from -.Fa your_secret_key -with -.Fn crypto_key_exchange_public_key . -.El -.Pp -.Fa shared_key -and -.Fa your_secret_key -may overlap if the secret is no longer required. -.Pp -Some poorly designed protocols require a test for -.Dq contributory -behaviour, which ensures that no untrusted party forces the shared -secret to a known constant. -Protocols should instead be designed in such a way that no such check -is necessary; namely, by authenticating the other party or exchanging -keys over a trusted channel. -.Pp -Do not use the same secret key for both key exchanges and signatures. -The public keys are different and revealing both may leak information. -If there really is no room to store or derive two different secret keys, -consider generating a key pair for signatures and then converting it -with -.Xr crypto_from_eddsa_private 3monocypher -and -.Xr crypto_from_eddsa_public 3monocypher . -.Sh RETURN VALUES -.Fn crypto_key_exchange -and -.Fn crypto_key_exchange_public_key -return nothing. -.Sh EXAMPLES -The following examples assume the existence of -.Fn arc4random_buf , -which fills the given buffer with cryptographically secure random bytes. -If -.Fn arc4random_buf -does not exist on your system, see -.Xr intro 3monocypher -for advice about how to generate cryptographically secure random bytes. -.Pp -Generate a public key from a randomly generated secret key: -.Bd -literal -offset indent -uint8_t sk[32]; /* Random secret key */ -uint8_t pk[32]; /* Public key */ -arc4random_buf(sk, 32); -crypto_key_exchange_public_key(pk, sk); -/* Wipe secrets if they are no longer needed */ -crypto_wipe(sk, 32); -.Ed -.Pp -Generate a shared, symmetric key with your secret key and their public -key. -(The other party will generate the same shared key with your public -key and their secret key.) -.Bd -literal -offset indent -const uint8_t their_pk [32]; /* Their public key */ -uint8_t your_sk [32]; /* Your secret key */ -uint8_t shared_key[32]; /* Shared session key */ -crypto_key_exchange(shared_key, your_sk, their_pk); -/* Wipe secrets if they are no longer needed */ -crypto_wipe(your_sk, 32); -.Ed -.Sh SEE ALSO -.Xr crypto_lock 3monocypher , -.Xr intro 3monocypher -.Sh STANDARDS -These functions implement X25519, described in RFC 7748. -.Fn crypto_key_exchange -uses HChaCha20 as well. -.Sh HISTORY -The -.Fn crypto_key_exchange -function first appeared in Monocypher 0.2. -The -.Fn crypto_key_exchange_public_key -macro alias first appeared in Monocypher 1.1.0. -Both were deprecated in Monocypher 3.1.3 -and are planned to be removed in Monocypher 4.0.0. -.Sh SECURITY CONSIDERATIONS -If either of the long-term secret keys leaks, it may compromise -.Em all past messages . -This can be avoided by using protocols that provide forward secrecy, -such as the X3DH key agreement protocol. -.Pp -Many (private, public) key pairs produce the same shared secret. -Therefore, not including the public keys in the key derivation can -lead to subtle vulnerabilities. -This can be avoided by hashing the shared secret concatenated with -both public keys. -For example, -.D1 BLAKE2b(shared_secret || your_pk || their_pk) -using -.Xr crypto_blake2b 3monocypher . -.Sh IMPLEMENTATION DETAILS -.Fn crypto_key_exchange_public_key -is an alias to -.Xr crypto_x25519_public_key 3monocypher . diff --git a/doc/man/man3/deprecated/crypto_key_exchange_public_key.3monocypher b/doc/man/man3/deprecated/crypto_key_exchange_public_key.3monocypher deleted file mode 120000 index ff1529a..0000000 --- a/doc/man/man3/deprecated/crypto_key_exchange_public_key.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_key_exchange.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_lock_auth_ad.3monocypher b/doc/man/man3/deprecated/crypto_lock_auth_ad.3monocypher deleted file mode 120000 index c5b4453..0000000 --- a/doc/man/man3/deprecated/crypto_lock_auth_ad.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_lock_init.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_lock_auth_message.3monocypher b/doc/man/man3/deprecated/crypto_lock_auth_message.3monocypher deleted file mode 120000 index c5b4453..0000000 --- a/doc/man/man3/deprecated/crypto_lock_auth_message.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_lock_init.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_lock_final.3monocypher b/doc/man/man3/deprecated/crypto_lock_final.3monocypher deleted file mode 120000 index c5b4453..0000000 --- a/doc/man/man3/deprecated/crypto_lock_final.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_lock_init.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_lock_init.3monocypher b/doc/man/man3/deprecated/crypto_lock_init.3monocypher deleted file mode 100644 index 7014cd4..0000000 --- a/doc/man/man3/deprecated/crypto_lock_init.3monocypher +++ /dev/null @@ -1,208 +0,0 @@ -.\" This file is dual-licensed. Choose whichever you want. -.\" -.\" The first licence is a regular 2-clause BSD licence. The second licence -.\" is the CC-0 from Creative Commons. It is intended to release Monocypher -.\" to the public domain. The BSD licence serves as a fallback option. -.\" -.\" SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0 -.\" -.\" ---------------------------------------------------------------------------- -.\" -.\" Copyright (c) 2017-2019, 2022 Loup Vaillant -.\" Copyright (c) 2017 Michael Savage -.\" Copyright (c) 2017, 2019 Fabio Scotoni -.\" All rights reserved. -.\" -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions are -.\" met: -.\" -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the -.\" distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -.\" "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -.\" LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -.\" A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -.\" HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -.\" LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -.\" OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" ---------------------------------------------------------------------------- -.\" -.\" Written in 2017-2022 by Loup Vaillant, Michael Savage and Fabio Scotoni -.\" -.\" To the extent possible under law, the author(s) have dedicated all copyright -.\" and related neighboring rights to this software to the public domain -.\" worldwide. This software is distributed without any warranty. -.\" -.\" You should have received a copy of the CC0 Public Domain Dedication along -.\" with this software. If not, see -.\" -.\" -.Dd February 14, 2022 -.Dt CRYPTO_LOCK_INIT 3MONOCYPHER -.Os -.Sh NAME -.Nm crypto_lock_init , -.Nm crypto_lock_auth_ad , -.Nm crypto_lock_auth_message , -.Nm crypto_lock_update , -.Nm crypto_lock_final , -.Nm crypto_unlock_init , -.Nm crypto_unlock_auth_ad , -.Nm crypto_unlock_auth_message , -.Nm crypto_unlock_update , -.Nm crypto_unlock_final -.Nd incremental authenticated encryption with additional data -.Sh SYNOPSIS -.In monocypher.h -.Ft void -.Fo crypto_lock_init -.Fa "crypto_lock_ctx *ctx" -.Fa "const uint8_t key[32]" -.Fa "const uint8_t nonce[24]" -.Fc -.Ft void -.Fo crypto_lock_auth_ad -.Fa "crypto_lock_ctx *ctx" -.Fa "const uint8_t *ad" -.Fa "size_t ad_size" -.Fc -.Ft void -.Fo crypto_lock_auth_message -.Fa "crypto_lock_ctx *ctx" -.Fa "const uint8_t *plain_text" -.Fa "size_t text_size" -.Fc -.Ft void -.Fo crypto_lock_update -.Fa "crypto_lock_ctx *ctx" -.Fa "uint8_t *cipher_text" -.Fa "const uint8_t *plain_text" -.Fa "size_t text_size" -.Fc -.Ft void -.Fo crypto_lock_final -.Fa "crypto_lock_ctx *ctx" -.Fa "uint8_t mac[16]" -.Fc -.Ft void -.Fo crypto_unlock_init -.Fa "crypto_unlock_ctx *ctx" -.Fa "const uint8_t key[32]" -.Fa "const uint8_t nonce[24]" -.Fc -.Ft void -.Fo crypto_unlock_auth_ad -.Fa "crypto_unlock_ctx *ctx" -.Fa "const uint8_t *ad" -.Fa "size_t ad_size" -.Fc -.Ft void -.Fo crypto_unlock_auth_message -.Fa "crypto_unlock_ctx *ctx" -.Fa "const uint8_t *plain_text" -.Fa "size_t text_size" -.Fc -.Ft void -.Fo crypto_unlock_update -.Fa "crypto_unlock_ctx *ctx" -.Fa "uint8_t *plain_text" -.Fa "const uint8_t *cipher_text" -.Fa "size_t text_size" -.Fc -.Ft int -.Fo crypto_unlock_final -.Fa "crypto_unlock_ctx *ctx" -.Fa "const uint8_t mac[16]" -.Fc -.Sh DESCRIPTION -These functions were variants of -.Xr crypto_lock 3monocypher , -.Xr crypto_unlock 3monocypher , -.Xr crypto_lock_aead 3monocypher -and -.Xr crypto_unlock_aead 3monocypher . -They are deprecated in favor of -those simpler functions. -.Pp -Change your protocol so that it does not rely on the removed functions, -namely by splitting the data into chunks that you can individually use -.Xr crypto_lock 3monocypher -and -.Xr crypto_unlock 3monocypher -on. -.Pp -For files in particular, -you may alternatively (and suboptimally) -attempt to use -.Fn mmap -(on *NIX) -or -.Fn MapViewOfFile -(on Windows) -and pass the files as mapped memory into -.Xr crypto_lock 3monocypher -and -.Xr crypto_unlock 3monocypher -instead. -.El -.Sh RETURN VALUES -.Fn crypto_lock_init , -.Fn crypto_unlock_init , -.Fn crypto_lock_auth_ad , -.Fn crypto_unlock_auth_ad , -.Fn crypto_lock_auth_message , -.Fn crypto_unlock_auth_message , -.Fn crypto_lock_update , -.Fn crypto_unlock_update , -and -.Fn crypto_lock_final -return nothing. -.Pp -.Fn crypto_unlock_final -returns 0 on success or -1 if the message was corrupted. -Corruption can be caused by transmission errors, programmer error, or an -attacker's interference. -.Em Always check the return value . -.Sh SEE ALSO -.Xr crypto_lock 3monocypher , -.Xr crypto_lock_aead 3monocypher , -.Xr crypto_unlock 3monocypher , -.Xr crypto_unlock_aead 3monocypher , -.Xr intro 3monocypher -.Sh HISTORY -The -.Fn crypto_lock_init , -.Fn crypto_lock_auth_ad , -.Fn crypto_lock_auth_message , -.Fn crypto_lock_update , -.Fn crypto_lock_final , -.Fn crypto_unlock_init , -.Fn crypto_unlock_auth_ad , -.Fn crypto_unlock_auth_message , -.Fn crypto_unlock_update , -and -.Fn crypto_unlock_final -functions first appeared in Monocypher 1.1.0. -.Fn crypto_lock_aead_auth -and -.Fn crypto_unlock_aead_auth -were renamed to -.Fn crypto_lock_auth_ad -and -.Fn crypto_unlock_auth_ad -respectively in Monocypher 2.0.0. -They were deprecated in Monocypher 3.0.0 -and will be removed in Monocypher 4.0.0. diff --git a/doc/man/man3/deprecated/crypto_lock_update.3monocypher b/doc/man/man3/deprecated/crypto_lock_update.3monocypher deleted file mode 120000 index c5b4453..0000000 --- a/doc/man/man3/deprecated/crypto_lock_update.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_lock_init.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_unlock_auth_ad.3monocypher b/doc/man/man3/deprecated/crypto_unlock_auth_ad.3monocypher deleted file mode 120000 index c5b4453..0000000 --- a/doc/man/man3/deprecated/crypto_unlock_auth_ad.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_lock_init.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_unlock_auth_message.3monocypher b/doc/man/man3/deprecated/crypto_unlock_auth_message.3monocypher deleted file mode 120000 index c5b4453..0000000 --- a/doc/man/man3/deprecated/crypto_unlock_auth_message.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_lock_init.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_unlock_final.3monocypher b/doc/man/man3/deprecated/crypto_unlock_final.3monocypher deleted file mode 120000 index c5b4453..0000000 --- a/doc/man/man3/deprecated/crypto_unlock_final.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_lock_init.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_unlock_init.3monocypher b/doc/man/man3/deprecated/crypto_unlock_init.3monocypher deleted file mode 120000 index c5b4453..0000000 --- a/doc/man/man3/deprecated/crypto_unlock_init.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_lock_init.3monocypher \ No newline at end of file diff --git a/doc/man/man3/deprecated/crypto_unlock_update.3monocypher b/doc/man/man3/deprecated/crypto_unlock_update.3monocypher deleted file mode 120000 index c5b4453..0000000 --- a/doc/man/man3/deprecated/crypto_unlock_update.3monocypher +++ /dev/null @@ -1 +0,0 @@ -crypto_lock_init.3monocypher \ No newline at end of file diff --git a/doc/man2html.sh b/doc/man2html.sh index 1f5a982..bab2ba1 100755 --- a/doc/man2html.sh +++ b/doc/man2html.sh @@ -74,11 +74,9 @@ convert() { mkdir -p "$DIR/html" mkdir -p "$DIR/html/advanced" mkdir -p "$DIR/html/optional" -mkdir -p "$DIR/html/deprecated" convert "$DIR/man/man3" "." convert "$DIR/man/man3/advanced" "advanced" convert "$DIR/man/man3/optional" "optional" -convert "$DIR/man/man3/deprecated" "deprecated" substitute() { HTML=$1 @@ -144,7 +142,6 @@ substitute() { substitute "$DIR/html" substitute "$DIR/html/advanced" substitute "$DIR/html/optional" -substitute "$DIR/html/deprecated" for file in $(ls -1 "$DIR/html" | grep ".html$") do diff --git a/makefile b/makefile index cb74848..ce00b4d 100644 --- a/makefile +++ b/makefile @@ -116,14 +116,13 @@ uninstall: check: test test : test.out -test-legacy : test-legacy.out speed : speed.out speed-sodium : speed-sodium.out speed-tweetnacl: speed-tweetnacl.out speed-hydrogen : speed-hydrogen.out speed-c25519 : speed-c25519.out speed-donna : speed-donna.out -test test-legacy speed speed-sodium speed-tweetnacl speed-hydrogen speed-c25519 speed-donna: +test speed speed-sodium speed-tweetnacl speed-hydrogen speed-c25519 speed-donna: ./$< ctgrind: ctgrind.out @@ -149,15 +148,13 @@ lib/monocypher.o lib/monocypher-ed25519.o lib/chacha20.o lib/aead-incr.o: # Test & speed libraries TEST_COMMON = tests/utils.h src/monocypher.h src/optional/monocypher-ed25519.h -TEST_LEGACY = $(TEST_COMMON) src/deprecated/chacha20.h src/deprecated/aead-incr.h SPEED = tests/speed lib/utils.o :tests/utils.c lib/test.o :tests/test.c $(TEST_COMMON) tests/vectors.h -lib/test-legacy.o :tests/test-legacy.c $(TEST_LEGACY) tests/vectors.h lib/ctgrind.o :tests/ctgrind.c $(TEST_COMMON) lib/speed.o :$(SPEED)/speed.c $(TEST_COMMON) $(SPEED)/speed.h lib/speed-tweetnacl.o:$(SPEED)/speed-tweetnacl.c $(TEST_COMMON) $(SPEED)/speed.h -lib/utils.o lib/test.o lib/test-legacy.o lib/speed.o: +lib/utils.o lib/test.o lib/speed.o: @mkdir -p $(@D) $(CC) $(CFLAGS) \ -I src -I src/optional -I tests \ @@ -228,10 +225,9 @@ lib/speed-ed25519.o: tests/externals/ed25519-donna/ed25519.c \ # test & speed executables TEST_OBJ= lib/utils.o lib/monocypher.o test.out : lib/test.o $(TEST_OBJ) lib/monocypher-ed25519.o -test-legacy.out: lib/test-legacy.o $(TEST_OBJ) lib/chacha20.o lib/aead-incr.o ctgrind.out : lib/ctgrind.o $(TEST_OBJ) lib/monocypher-ed25519.o speed.out : lib/speed.o $(TEST_OBJ) lib/monocypher-ed25519.o -test.out test-legacy.out speed.out: +test.out speed.out: $(CC) $(CFLAGS) -I src -I src/optional -o $@ $^ ctgrind.out: $(CC) $(CFLAGS) -O0 -I src -I src/optional -o $@ $^ diff --git a/src/deprecated/aead-incr.c b/src/deprecated/aead-incr.c deleted file mode 100644 index a0e3ce2..0000000 --- a/src/deprecated/aead-incr.c +++ /dev/null @@ -1,237 +0,0 @@ -// Deprecated incremental API for authenticated encryption -// -// This file *temporarily* provides compatibility with Monocypher 2.x. -// Do not rely on its continued existence. -// -// Deprecated in : 3.0.0 -// Will be removed in: 4.0.0 -// -// Deprecated functions & types: -// crypto_unlock_ctx -// crypto_lock_ctx -// crypto_lock_init -// crypto_lock_auth_ad -// crypto_lock_auth_message -// crypto_lock_update -// crypto_lock_final -// crypto_unlock_init -// crypto_unlock_auth_ad -// crypto_unlock_auth_message -// crypto_unlock_update -// crypto_unlock_final -// -// For existing deployments that can no longer be updated or modified, -// use the 2.x family, which will receive security updates until 2024. -// -// upgrade strategy: -// Change your protocol in a way that it does not rely on the removed -// functions, namely by splitting the file into chunks you each use the -// crypto_lock() and crypto_unlock() functions on. -// -// For files, you may alternatively (and suboptimally) attempt to -// mmap()/MapViewOfFile() and pass the files as mapped memory into -// crypto_lock() and crypto_unlock() this way instead. -// -// --- -// -// This file is dual-licensed. Choose whichever licence you want from -// the two licences listed below. -// -// The first licence is a regular 2-clause BSD licence. The second licence -// is the CC-0 from Creative Commons. It is intended to release Monocypher -// to the public domain. The BSD licence serves as a fallback option. -// -// SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0 -// -// ------------------------------------------------------------------------ -// -// Copyright (c) 2017-2019, Loup Vaillant -// All rights reserved. -// -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// 1. Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// -// 2. Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the -// distribution. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -// -// ------------------------------------------------------------------------ -// -// Written in 2017-2019 by Loup Vaillant -// -// To the extent possible under law, the author(s) have dedicated all copyright -// and related neighboring rights to this software to the public domain -// worldwide. This software is distributed without any warranty. -// -// You should have received a copy of the CC0 Public Domain Dedication along -// with this software. If not, see -// - -#include "aead-incr.h" - -#ifdef MONOCYPHER_CPP_NAMESPACE -namespace MONOCYPHER_CPP_NAMESPACE { -#endif - -#define FOR_T(type, i, start, end) for (type i = (start); i < (end); i++) -#define FOR(i, start, end) FOR_T(size_t, i, start, end) -#define WIPE_CTX(ctx) crypto_wipe(ctx , sizeof(*(ctx))) -#define WIPE_BUFFER(buffer) crypto_wipe(buffer, sizeof(buffer)) -#define MIN(a, b) ((a) <= (b) ? (a) : (b)) -#define MAX(a, b) ((a) >= (b) ? (a) : (b)) -#define ALIGN(x, block_size) ((~(x) + 1) & ((block_size) - 1)) -typedef int8_t i8; -typedef uint8_t u8; -typedef int16_t i16; -typedef uint32_t u32; -typedef int32_t i32; -typedef int64_t i64; -typedef uint64_t u64; - -static const u8 zero[16] = {0}; - -static void store64_le(u8 out[8], u64 in) -{ - out[0] = in & 0xff; - out[1] = (in >> 8) & 0xff; - out[2] = (in >> 16) & 0xff; - out[3] = (in >> 24) & 0xff; - out[4] = (in >> 32) & 0xff; - out[5] = (in >> 40) & 0xff; - out[6] = (in >> 48) & 0xff; - out[7] = (in >> 56) & 0xff; -} - -//////////////////////////////////// -/// Incremental API for Chacha20 /// -//////////////////////////////////// -static void chacha20_x_init(crypto_lock_ctx *ctx, - const u8 key[32], const u8 nonce[24]) -{ - crypto_hchacha20(ctx->key, key, nonce); - FOR (i, 0, 8) { ctx->nonce[i] = nonce[i + 16]; } - ctx->ctr = 0; - ctx->pool_idx = 64; // The random pool starts empty -} - -static void chacha20_encrypt(crypto_lock_ctx *ctx, u8 *cipher_text, - const u8 *plain_text, size_t text_size) -{ - FOR (i, 0, text_size) { - if (ctx->pool_idx == 64) { - crypto_chacha20_ctr(ctx->pool, 0, 64, - ctx->key, ctx-> nonce, ctx->ctr); - ctx->pool_idx = 0; - ctx->ctr++; - } - u8 plain = 0; - if (plain_text != 0) { - plain = *plain_text; - plain_text++; - } - *cipher_text = ctx->pool[ctx->pool_idx] ^ plain; - ctx->pool_idx++; - cipher_text++; - } -} - -static void chacha20_stream(crypto_lock_ctx *ctx, u8 *stream, size_t size) -{ - chacha20_encrypt(ctx, stream, 0, size); -} - - -//////////////////////////////// -/// Incremental API for AEAD /// -//////////////////////////////// -static void lock_ad_padding(crypto_lock_ctx *ctx) -{ - if (ctx->ad_phase) { - ctx->ad_phase = 0; - crypto_poly1305_update(&ctx->poly, zero, ALIGN(ctx->ad_size, 16)); - } -} - -void crypto_lock_init(crypto_lock_ctx *ctx, - const u8 key[32], const u8 nonce[24]) -{ - u8 auth_key[64]; // "Wasting" the whole Chacha block is faster - ctx->ad_phase = 1; - ctx->ad_size = 0; - ctx->message_size = 0; - chacha20_x_init(ctx, key, nonce); - chacha20_stream(ctx, auth_key, 64); - crypto_poly1305_init (&ctx->poly , auth_key); - WIPE_BUFFER(auth_key); -} - -void crypto_lock_auth_ad(crypto_lock_ctx *ctx, const u8 *msg, size_t msg_size) -{ - crypto_poly1305_update(&ctx->poly, msg, msg_size); - ctx->ad_size += msg_size; -} - -void crypto_lock_auth_message(crypto_lock_ctx *ctx, - const u8 *cipher_text, size_t text_size) -{ - lock_ad_padding(ctx); - ctx->message_size += text_size; - crypto_poly1305_update(&ctx->poly, cipher_text, text_size); -} - -void crypto_lock_update(crypto_lock_ctx *ctx, u8 *cipher_text, - const u8 *plain_text, size_t text_size) -{ - chacha20_encrypt(ctx, cipher_text, plain_text, text_size); - crypto_lock_auth_message(ctx, cipher_text, text_size); -} - -void crypto_lock_final(crypto_lock_ctx *ctx, u8 mac[16]) -{ - lock_ad_padding(ctx); - u8 sizes[16]; // Not secret, not wiped - store64_le(sizes + 0, ctx->ad_size); - store64_le(sizes + 8, ctx->message_size); - crypto_poly1305_update(&ctx->poly, zero, ALIGN(ctx->message_size, 16)); - crypto_poly1305_update(&ctx->poly, sizes, 16); - crypto_poly1305_final (&ctx->poly, mac); - WIPE_CTX(ctx); -} - -void crypto_unlock_update(crypto_lock_ctx *ctx, u8 *plain_text, - const u8 *cipher_text, size_t text_size) -{ - crypto_unlock_auth_message(ctx, cipher_text, text_size); - chacha20_encrypt(ctx, plain_text, cipher_text, text_size); -} - -int crypto_unlock_final(crypto_lock_ctx *ctx, const u8 mac[16]) -{ - u8 real_mac[16]; - crypto_lock_final(ctx, real_mac); - int mismatch = crypto_verify16(real_mac, mac); - WIPE_BUFFER(real_mac); - return mismatch; -} - -#ifdef MONOCYPHER_CPP_NAMESPACE -} -#endif diff --git a/src/deprecated/aead-incr.h b/src/deprecated/aead-incr.h deleted file mode 100644 index 795babe..0000000 --- a/src/deprecated/aead-incr.h +++ /dev/null @@ -1,144 +0,0 @@ -// Deprecated incremental API for authenticated encryption -// -// This file *temporarily* provides compatibility with Monocypher 2.x. -// Do not rely on its continued existence. -// -// Deprecated in : 3.0.0 -// Will be removed in: 4.0.0 -// -// Deprecated functions & types: -// crypto_unlock_ctx -// crypto_lock_ctx -// crypto_lock_init -// crypto_lock_auth_ad -// crypto_lock_auth_message -// crypto_lock_update -// crypto_lock_final -// crypto_unlock_init -// crypto_unlock_auth_ad -// crypto_unlock_auth_message -// crypto_unlock_update -// crypto_unlock_final -// -// For existing deployments that can no longer be updated or modified, -// use the 2.x family, which will receive security updates until 2024. -// -// upgrade strategy: -// Change your protocol in a way that it does not rely on the removed -// functions, namely by splitting the file into chunks you each use the -// crypto_lock() and crypto_unlock() functions on. -// -// For files, you may alternatively (and suboptimally) attempt to -// mmap()/MapViewOfFile() and pass the files as mapped memory into -// crypto_lock() and crypto_unlock() this way instead. -// -// --- -// -// This file is dual-licensed. Choose whichever licence you want from -// the two licences listed below. -// -// The first licence is a regular 2-clause BSD licence. The second licence -// is the CC-0 from Creative Commons. It is intended to release Monocypher -// to the public domain. The BSD licence serves as a fallback option. -// -// SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0 -// -// ------------------------------------------------------------------------ -// -// Copyright (c) 2017-2019, Loup Vaillant -// All rights reserved. -// -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// 1. Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// -// 2. Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the -// distribution. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -// -// ------------------------------------------------------------------------ -// -// Written in 2017-2019 by Loup Vaillant -// -// To the extent possible under law, the author(s) have dedicated all copyright -// and related neighboring rights to this software to the public domain -// worldwide. This software is distributed without any warranty. -// -// You should have received a copy of the CC0 Public Domain Dedication along -// with this software. If not, see -// - -#ifndef AEAD_INCR_H -#define AEAD_INCR_H - -#include -#include -#include "monocypher.h" - -#ifdef MONOCYPHER_CPP_NAMESPACE -namespace MONOCYPHER_CPP_NAMESPACE { -#elif defined(__cplusplus) -extern "C" { -#endif - -typedef struct { - crypto_poly1305_ctx poly; - uint64_t ad_size; - uint64_t message_size; - int ad_phase; - // Chacha20 context - uint8_t key[32]; - uint8_t nonce[8]; - uint64_t ctr; - uint8_t pool[64]; - size_t pool_idx; -} crypto_lock_ctx; -#define crypto_unlock_ctx crypto_lock_ctx - -// Encryption -void crypto_lock_init(crypto_lock_ctx *ctx, - const uint8_t key[32], - const uint8_t nonce[24]); -void crypto_lock_auth_ad(crypto_lock_ctx *ctx, - const uint8_t *message, - size_t message_size); -void crypto_lock_auth_message(crypto_lock_ctx *ctx, - const uint8_t *cipher_text, size_t text_size); -void crypto_lock_update(crypto_lock_ctx *ctx, - uint8_t *cipher_text, - const uint8_t *plain_text, - size_t text_size); -void crypto_lock_final(crypto_lock_ctx *ctx, uint8_t mac[16]); - -// Decryption -#define crypto_unlock_init crypto_lock_init -#define crypto_unlock_auth_ad crypto_lock_auth_ad -#define crypto_unlock_auth_message crypto_lock_auth_message -void crypto_unlock_update(crypto_unlock_ctx *ctx, - uint8_t *plain_text, - const uint8_t *cipher_text, - size_t text_size); -int crypto_unlock_final(crypto_unlock_ctx *ctx, const uint8_t mac[16]); - -#ifdef __cplusplus -} -#endif - -#endif // AEAD_INCR_H diff --git a/src/deprecated/chacha20.c b/src/deprecated/chacha20.c deleted file mode 100644 index e793050..0000000 --- a/src/deprecated/chacha20.c +++ /dev/null @@ -1,156 +0,0 @@ -// Deprecated incremental API for Chacha20 -// -// This file *temporarily* provides compatibility with Monocypher 2.x. -// Do not rely on its continued existence. -// -// Deprecated in : 3.0.0 -// Will be removed in: 4.0.0 -// -// Deprecated functions & types: -// crypto_chacha_ctx -// crypto_chacha20_H -// crypto_chacha20_init -// crypto_chacha20_x_init -// crypto_chacha20_set_ctr -// crypto_chacha20_encrypt -// crypto_chacha20_stream -// -// For existing deployments that can no longer be updated or modified, -// use the 2.x family, which will receive security updates until 2024. -// -// Upgrade strategy: -// The new 3.x API can emulate incremental capabilities by setting a -// custom counter. Make sure you authenticate each chunk before you -// decrypt them, though. -// -// --- -// -// This file is dual-licensed. Choose whichever licence you want from -// the two licences listed below. -// -// The first licence is a regular 2-clause BSD licence. The second licence -// is the CC-0 from Creative Commons. It is intended to release Monocypher -// to the public domain. The BSD licence serves as a fallback option. -// -// SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0 -// -// ------------------------------------------------------------------------ -// -// Copyright (c) 2017-2019, Loup Vaillant -// All rights reserved. -// -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// 1. Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// -// 2. Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the -// distribution. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -// -// ------------------------------------------------------------------------ -// -// Written in 2017-2019 by Loup Vaillant -// -// To the extent possible under law, the author(s) have dedicated all copyright -// and related neighboring rights to this software to the public domain -// worldwide. This software is distributed without any warranty. -// -// You should have received a copy of the CC0 Public Domain Dedication along -// with this software. If not, see -// - -#include "chacha20.h" -#include "monocypher.h" - -#ifdef MONOCYPHER_CPP_NAMESPACE -namespace MONOCYPHER_CPP_NAMESPACE { -#endif - -#define FOR_T(type, i, start, end) for (type i = (start); i < (end); i++) -#define FOR(i, start, end) FOR_T(size_t, i, start, end) -#define WIPE_CTX(ctx) crypto_wipe(ctx , sizeof(*(ctx))) -#define WIPE_BUFFER(buffer) crypto_wipe(buffer, sizeof(buffer)) -#define MIN(a, b) ((a) <= (b) ? (a) : (b)) -#define MAX(a, b) ((a) >= (b) ? (a) : (b)) -#define ALIGN(x, block_size) ((~(x) + 1) & ((block_size) - 1)) -typedef int8_t i8; -typedef uint8_t u8; -typedef int16_t i16; -typedef uint32_t u32; -typedef int32_t i32; -typedef int64_t i64; -typedef uint64_t u64; - -void crypto_chacha20_H(u8 out[32], const u8 key[32], const u8 in[16]) -{ - crypto_hchacha20(out, key, in); -} - -void crypto_chacha20_init(crypto_chacha_ctx *ctx, - const u8 key[32], const u8 nonce[8]) -{ - FOR (i, 0, 32) { ctx->key [i] = key [i]; } - FOR (i, 0, 8) { ctx->nonce[i] = nonce[i]; } - crypto_chacha20_set_ctr(ctx, 0); -} - -void crypto_chacha20_x_init(crypto_chacha_ctx *ctx, - const u8 key[32], const u8 nonce[24]) -{ - crypto_hchacha20(ctx->key, key, nonce); - FOR (i, 0, 8) { ctx->nonce[i] = nonce[i + 16]; } - crypto_chacha20_set_ctr(ctx, 0); -} - -void crypto_chacha20_set_ctr(crypto_chacha_ctx *ctx, u64 ctr) -{ - ctx->ctr = ctr; - ctx->pool_idx = 64; // The random pool (re)starts empty -} - -void crypto_chacha20_encrypt(crypto_chacha_ctx *ctx, u8 *cipher_text, - const u8 *plain_text, size_t text_size) -{ - FOR (i, 0, text_size) { - if (ctx->pool_idx == 64) { - crypto_chacha20_ctr(ctx->pool, 0, 64, - ctx->key, ctx-> nonce, ctx->ctr); - ctx->pool_idx = 0; - ctx->ctr++; - } - u8 plain = 0; - if (plain_text != 0) { - plain = *plain_text; - plain_text++; - } - *cipher_text = ctx->pool[ctx->pool_idx] ^ plain; - ctx->pool_idx++; - cipher_text++; - } -} - -void crypto_chacha20_stream(crypto_chacha_ctx *ctx, u8 *stream, size_t size) -{ - crypto_chacha20_encrypt(ctx, stream, 0, size); -} - -#ifdef MONOCYPHER_CPP_NAMESPACE -} -#endif diff --git a/src/deprecated/chacha20.h b/src/deprecated/chacha20.h deleted file mode 100644 index afb8b5a..0000000 --- a/src/deprecated/chacha20.h +++ /dev/null @@ -1,130 +0,0 @@ -// Deprecated incremental API for Chacha20 -// -// This file *temporarily* provides compatibility with Monocypher 2.x. -// Do not rely on its continued existence. -// -// Deprecated in : 3.0.0 -// Will be removed in: 4.0.0 -// -// Deprecated functions & types: -// crypto_chacha_ctx -// crypto_chacha20_H -// crypto_chacha20_init -// crypto_chacha20_x_init -// crypto_chacha20_set_ctr -// crypto_chacha20_encrypt -// crypto_chacha20_stream -// -// For existing deployments that can no longer be updated or modified, -// use the 2.x family, which will receive security updates until 2024. -// -// Upgrade strategy: -// The new 3.x API can emulate incremental capabilities by setting a -// custom counter. Make sure you authenticate each chunk before you -// decrypt them, though. -// -// --- -// -// This file is dual-licensed. Choose whichever licence you want from -// the two licences listed below. -// -// The first licence is a regular 2-clause BSD licence. The second licence -// is the CC-0 from Creative Commons. It is intended to release Monocypher -// to the public domain. The BSD licence serves as a fallback option. -// -// SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0 -// -// ------------------------------------------------------------------------ -// -// Copyright (c) 2017-2019, Loup Vaillant -// All rights reserved. -// -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// 1. Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// -// 2. Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the -// distribution. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -// -// ------------------------------------------------------------------------ -// -// Written in 2017-2019 by Loup Vaillant -// -// To the extent possible under law, the author(s) have dedicated all copyright -// and related neighboring rights to this software to the public domain -// worldwide. This software is distributed without any warranty. -// -// You should have received a copy of the CC0 Public Domain Dedication along -// with this software. If not, see -// - -#ifndef CHACHA20_H -#define CHACHA20_H - -#include -#include - -#ifdef MONOCYPHER_CPP_NAMESPACE -namespace MONOCYPHER_CPP_NAMESPACE { -#elif defined(__cplusplus) -extern "C" { -#endif - -// Chacha20 -typedef struct { - uint8_t key[32]; - uint8_t nonce[8]; - uint64_t ctr; - uint8_t pool[64]; - size_t pool_idx; -} crypto_chacha_ctx; - -// Chacha20 (old API) -// ------------------ - -// Specialised hash. -void crypto_chacha20_H(uint8_t out[32], - const uint8_t key[32], - const uint8_t in [16]); - -void crypto_chacha20_init(crypto_chacha_ctx *ctx, - const uint8_t key[32], - const uint8_t nonce[8]); - -void crypto_chacha20_x_init(crypto_chacha_ctx *ctx, - const uint8_t key[32], - const uint8_t nonce[24]); - -void crypto_chacha20_set_ctr(crypto_chacha_ctx *ctx, uint64_t ctr); - -void crypto_chacha20_encrypt(crypto_chacha_ctx *ctx, - uint8_t *cipher_text, - const uint8_t *plain_text, - size_t text_size); - -void crypto_chacha20_stream(crypto_chacha_ctx *ctx, - uint8_t *stream, size_t size); - -#ifdef __cplusplus -} -#endif - -#endif // CHACHA20_H diff --git a/tests/test-legacy.c b/tests/test-legacy.c deleted file mode 100644 index af17b4b..0000000 --- a/tests/test-legacy.c +++ /dev/null @@ -1,347 +0,0 @@ -// This file is dual-licensed. Choose whichever licence you want from -// the two licences listed below. -// -// The first licence is a regular 2-clause BSD licence. The second licence -// is the CC-0 from Creative Commons. It is intended to release Monocypher -// to the public domain. The BSD licence serves as a fallback option. -// -// SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0 -// -// ------------------------------------------------------------------------ -// -// Copyright (c) 2017-2019, Loup Vaillant -// All rights reserved. -// -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// 1. Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// -// 2. Redistributions in binary form must reproduce the above copyright -// notice, this list of conditions and the following disclaimer in the -// documentation and/or other materials provided with the -// distribution. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -// -// ------------------------------------------------------------------------ -// -// Written in 2017-2019 by Loup Vaillant -// -// To the extent possible under law, the author(s) have dedicated all copyright -// and related neighboring rights to this software to the public domain -// worldwide. This software is distributed without any warranty. -// -// You should have received a copy of the CC0 Public Domain Dedication along -// with this software. If not, see -// - -#include -#include -#include -#include "monocypher.h" -#include "deprecated/chacha20.h" -#include "deprecated/aead-incr.h" -#include "utils.h" -#include "vectors.h" - -#define CHACHA_BLOCK_SIZE 64 -#define CHACHA_NB_BLOCKS 10 -#define POLY1305_BLOCK_SIZE 16 -#define BLAKE2B_BLOCK_SIZE 128 -#define SHA_512_BLOCK_SIZE 128 - -//////////////////////////// -/// Tests aginst vectors /// -//////////////////////////// -static void chacha20(vector_reader *reader) -{ - vector key = next_input(reader); - vector nonce = next_input(reader); - vector plain = next_input(reader); - u64 ctr = load64_le(next_input(reader).buf); - vector out = next_output(reader); - - crypto_chacha_ctx ctx; - crypto_chacha20_init (&ctx, key.buf, nonce.buf); - crypto_chacha20_set_ctr(&ctx, ctr); - crypto_chacha20_encrypt(&ctx, out.buf, plain.buf, plain.size); -} - -static void hchacha20(vector_reader *reader) -{ - vector key = next_input(reader); - vector nonce = next_input(reader); - vector out = next_output(reader); - crypto_chacha20_H(out.buf, key.buf, nonce.buf); -} - -static void xchacha20(vector_reader *reader) -{ - vector key = next_input(reader); - vector nonce = next_input(reader); - vector plain = next_input(reader); - u64 ctr = load64_le(next_input(reader).buf); - vector out = next_output(reader); - crypto_chacha_ctx ctx; - crypto_chacha20_x_init (&ctx, key.buf, nonce.buf); - crypto_chacha20_set_ctr(&ctx, ctr); - crypto_chacha20_encrypt(&ctx, out.buf, plain.buf, plain.size); -} - -////////////////////////////// -/// Self consistency tests /// -////////////////////////////// - -// Tests that encrypting in chunks yields the same result than -// encrypting all at once. -static int p_chacha20() -{ -#undef INPUT_SIZE -#define INPUT_SIZE (CHACHA_BLOCK_SIZE * 4) // total input size - int status = 0; - FOR (i, 0, INPUT_SIZE) { - // outputs - u8 output_chunk[INPUT_SIZE]; - u8 output_whole[INPUT_SIZE]; - // inputs - RANDOM_INPUT(input, INPUT_SIZE); - RANDOM_INPUT(key , 32); - RANDOM_INPUT(nonce, 8); - - // Encrypt in chunks - crypto_chacha_ctx ctx; - crypto_chacha20_init(&ctx, key, nonce); - crypto_chacha20_encrypt(&ctx, output_chunk , input , i); - crypto_chacha20_encrypt(&ctx, output_chunk+i, input+i, INPUT_SIZE-i); - // Encrypt all at once - crypto_chacha20_init(&ctx, key, nonce); - crypto_chacha20_encrypt(&ctx, output_whole, input, INPUT_SIZE); - // Compare - status |= memcmp(output_chunk, output_whole, INPUT_SIZE); - - // Stream in chunks - crypto_chacha20_init(&ctx, key, nonce); - crypto_chacha20_stream(&ctx, output_chunk , i); - crypto_chacha20_stream(&ctx, output_chunk + i, INPUT_SIZE - i); - // Stream all at once - crypto_chacha20_init(&ctx, key, nonce); - crypto_chacha20_stream(&ctx, output_whole, INPUT_SIZE); - // Compare - status |= memcmp(output_chunk, output_whole, INPUT_SIZE); - } - printf("%s: Chacha20 (incremental)\n", status != 0 ? "FAILED" : "OK"); - return status; -} - -// Tests that output and input can be the same pointer -static int p_chacha20_same_ptr() -{ - int status = 0; - u8 output[INPUT_SIZE]; - RANDOM_INPUT(input, INPUT_SIZE); - RANDOM_INPUT(key , 32); - RANDOM_INPUT(nonce, 8); - crypto_chacha_ctx ctx; - crypto_chacha20_init (&ctx, key, nonce); - crypto_chacha20_encrypt(&ctx, output, input, INPUT_SIZE); - crypto_chacha20_init (&ctx, key, nonce); - crypto_chacha20_encrypt(&ctx, input, input, INPUT_SIZE); - status |= memcmp(output, input, CHACHA_BLOCK_SIZE); - printf("%s: Chacha20 (output == input)\n", status != 0 ? "FAILED" : "OK"); - return status; -} - -static int p_chacha20_set_ctr() -{ -#define STREAM_SIZE (CHACHA_BLOCK_SIZE * CHACHA_NB_BLOCKS) - int status = 0; - FOR (i, 0, CHACHA_NB_BLOCKS) { - u8 output_part[STREAM_SIZE ]; - u8 output_all [STREAM_SIZE ]; - u8 output_more[STREAM_SIZE * 2]; - RANDOM_INPUT(key , 32); - RANDOM_INPUT(nonce, 8); - size_t limit = i * CHACHA_BLOCK_SIZE; - // Encrypt all at once - crypto_chacha_ctx ctx; - crypto_chacha20_init(&ctx, key, nonce); - crypto_chacha20_stream(&ctx, output_all, STREAM_SIZE); - // Encrypt second part - crypto_chacha20_set_ctr(&ctx, i); - crypto_chacha20_stream(&ctx, output_part + limit, STREAM_SIZE - limit); - // Encrypt first part - crypto_chacha20_set_ctr(&ctx, 0); - crypto_chacha20_stream(&ctx, output_part, limit); - // Compare the results (must be the same) - status |= memcmp(output_part, output_all, STREAM_SIZE); - - // Encrypt before the begining - crypto_chacha20_set_ctr(&ctx, -(u64)i); - crypto_chacha20_stream(&ctx, - output_more + STREAM_SIZE - limit, - STREAM_SIZE + limit); - // Compare the results (must be the same) - status |= memcmp(output_more + STREAM_SIZE, output_all, STREAM_SIZE); - } - printf("%s: Chacha20 (set counter)\n", status != 0 ? "FAILED" : "OK"); - return status; -} - -static int p_chacha20_H() -{ - int status = 0; - FOR (i, 0, 100) { - RANDOM_INPUT(buffer, 80); - size_t out_idx = rand64() % 48; - size_t key_idx = rand64() % 48; - size_t in_idx = rand64() % 64; - u8 key[32]; FOR (j, 0, 32) { key[j] = buffer[j + key_idx]; } - u8 in [16]; FOR (j, 0, 16) { in [j] = buffer[j + in_idx]; } - - // Run with and without overlap, then compare - u8 out[32]; - crypto_chacha20_H(out, key, in); - crypto_chacha20_H(buffer + out_idx, buffer + key_idx, buffer + in_idx); - status |= memcmp(out, buffer + out_idx, 32); - } - printf("%s: HChacha20 (overlap)\n", status != 0 ? "FAILED" : "OK"); - return status; -} - -static int p_lock_incremental() -{ - int status = 0; - FOR (i, 0, 1000) { - RANDOM_INPUT(key , 32); - RANDOM_INPUT(nonce, 24); - RANDOM_INPUT(ad , 128); - RANDOM_INPUT(plain, 256); - // total sizes - size_t ad_size = rand64() % 128; - size_t text_size = rand64() % 256; - // incremental sizes - size_t ad_size1 = ad_size == 0 ? 0 : rand64() % ad_size; - size_t text_size1 = text_size == 0 ? 0 : rand64() % text_size; - size_t ad_size2 = ad_size - ad_size1; - size_t text_size2 = text_size - text_size1; - // incremental buffers - u8 *ad1 = ad; u8 *ad2 = ad + ad_size1; - u8 *plain1 = plain; u8 *plain2 = plain + text_size1; - - u8 mac1[16], cipher1[256]; - u8 mac2[16], cipher2[256]; - crypto_lock_aead(mac1, cipher1, key, nonce, - ad, ad_size, plain, text_size); - crypto_lock_ctx ctx; - crypto_lock_init (&ctx, key, nonce); - crypto_lock_auth_ad(&ctx, ad1, ad_size1); // just to show ad also have - crypto_lock_auth_ad(&ctx, ad2, ad_size2); // an incremental interface - crypto_lock_update (&ctx, cipher2 , plain1, text_size1); - crypto_lock_update (&ctx, cipher2 + text_size1, plain2, text_size2); - crypto_lock_final (&ctx, mac2); - status |= memcmp(mac1 , mac2 , 16 ); - status |= memcmp(cipher1, cipher2, text_size); - - // Now test the round trip. - u8 re_plain1[256]; - u8 re_plain2[256]; - status |= crypto_unlock_aead(re_plain1, key, nonce, mac1, - ad, ad_size, cipher1, text_size); - crypto_unlock_init (&ctx, key, nonce); - crypto_unlock_auth_ad(&ctx, ad, ad_size); - crypto_unlock_update (&ctx, re_plain2, cipher2, text_size); - status |= crypto_unlock_final(&ctx, mac2); - status |= memcmp(mac1 , mac2 , 16 ); - status |= memcmp(plain, re_plain1, text_size); - status |= memcmp(plain, re_plain2, text_size); - - // Test authentication without decryption - crypto_unlock_init (&ctx, key, nonce); - crypto_unlock_auth_ad (&ctx, ad , ad_size ); - crypto_unlock_auth_message(&ctx, cipher2, text_size); - status |= crypto_unlock_final(&ctx, mac2); - // The same, except we're supposed to reject forgeries - if (text_size > 0) { - cipher2[0]++; // forgery attempt - crypto_unlock_init (&ctx, key, nonce); - crypto_unlock_auth_ad (&ctx, ad , ad_size ); - crypto_unlock_auth_message(&ctx, cipher2, text_size); - status |= !crypto_unlock_final(&ctx, mac2); - } - } - printf("%s: aead (incremental)\n", status != 0 ? "FAILED" : "OK"); - return status; -} - -// Only additionnal data -static int p_auth() -{ - int status = 0; - FOR (i, 0, 128) { - RANDOM_INPUT(key , 32); - RANDOM_INPUT(nonce , 24); - RANDOM_INPUT(ad , 128); - u8 mac1[16]; - u8 mac2[16]; - // roundtrip - { - crypto_lock_ctx ctx; - crypto_lock_init (&ctx, key, nonce); - crypto_lock_auth_ad(&ctx, ad, i); - crypto_lock_final (&ctx, mac1); - crypto_lock_aead(mac2, 0, key, nonce, ad, i, 0, 0); - status |= memcmp(mac1, mac2, 16); - } - { - crypto_unlock_ctx ctx; - crypto_unlock_init (&ctx, key, nonce); - crypto_unlock_auth_ad(&ctx, ad, i); - status |= crypto_unlock_final(&ctx, mac1); - status |= crypto_unlock_aead(0, key, nonce, mac1, ad, i, 0, 0); - } - } - printf("%s: aead (authentication)\n", status != 0 ? "FAILED" : "OK"); - return status; -} - -#define TEST(name) vector_test(name, #name, nb_##name##_vectors, name##_vectors) - -int main(int argc, char *argv[]) -{ - if (argc > 1) { - sscanf(argv[1], "%" PRIu64 "", &random_state); - } - printf("\nRandom seed: %" PRIu64 "\n", random_state); - - int status = 0; - printf("\nTest against vectors"); - printf("\n--------------------\n"); - status |= TEST(chacha20); - status |= TEST(hchacha20); - status |= TEST(xchacha20); - - printf("\nProperty based tests"); - printf("\n--------------------\n"); - status |= p_chacha20(); - status |= p_chacha20_same_ptr(); - status |= p_chacha20_set_ctr(); - status |= p_chacha20_H(); - status |= p_lock_incremental(); - status |= p_auth(); - printf("\n%s\n\n", status != 0 ? "SOME TESTS FAILED" : "All tests OK!"); - return status; -} diff --git a/tests/test.sh b/tests/test.sh index 088a73d..42f2a98 100755 --- a/tests/test.sh +++ b/tests/test.sh @@ -53,7 +53,6 @@ set -e -make clean; make test; make test-legacy make clean; make test CFLAGS="-DBLAKE2_NO_UNROLLING -O3" make clean; make test CC="clang -std=c99" CFLAGS="-g -fsanitize=address" make clean; make test CC="clang -std=c99" CFLAGS="-g -fsanitize=memory"