diff --git a/.dockerignore b/.dockerignore index f7cc144..125d309 100644 --- a/.dockerignore +++ b/.dockerignore @@ -4,3 +4,5 @@ psql.sh .dockerignore .git .cache +test/ +example/ diff --git a/sql/pgsodium--3.0.7--3.0.8.sql b/sql/pgsodium--3.0.7--3.0.8.sql index 7623cf1..c9dd19b 100644 --- a/sql/pgsodium--3.0.7--3.0.8.sql +++ b/sql/pgsodium--3.0.7--3.0.8.sql @@ -70,6 +70,96 @@ CREATE OR REPLACE VIEW pgsodium.valid_key AS WHERE status IN ('valid', 'default') AND CASE WHEN expires IS NULL THEN true ELSE expires > now() END; +ALTER FUNCTION pgsodium.crypto_aead_ietf_encrypt(bytea, bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_aead_ietf_encrypt(bytea, bytea, bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_aead_ietf_encrypt(bytea, bytea, bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION pgsodium.crypto_aead_ietf_decrypt(bytea, bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_aead_ietf_decrypt(bytea, bytea, bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_aead_ietf_decrypt(bytea, bytea, bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION pgsodium.crypto_auth(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth(bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth(bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION pgsodium.crypto_auth_verify(bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth_verify(bytea, bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth_verify(bytea, bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION pgsodium.crypto_box_seed_new_keypair(bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_box(bytea, bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_box_open(bytea, bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_box_seal(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_box_seal_open(bytea, bytea, bytea) CALLED ON NULL INPUT; + +ALTER FUNCTION pgsodium.crypto_generichash(bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_generichash(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_generichash(bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION pgsodium.crypto_shorthash(bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_shorthash(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_shorthash(bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION pgsodium.sodium_bin2base64(bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.sodium_base642bin(text) CALLED ON NULL INPUT; + +ALTER FUNCTION pgsodium.crypto_auth_hmacsha512(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth_hmacsha512(bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth_hmacsha512(bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION pgsodium.crypto_auth_hmacsha512_verify(bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth_hmacsha512_verify(bytea, bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth_hmacsha512_verify(bytea, bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION pgsodium.crypto_auth_hmacsha256(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth_hmacsha256(bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth_hmacsha256(bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION pgsodium.crypto_auth_hmacsha256_verify(bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth_hmacsha256_verify(bytea, bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION pgsodium.crypto_auth_hmacsha256_verify(bytea, bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION crypto_kdf_derive_from_key(bigint, bigint, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_pwhash(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_pwhash_str(bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_pwhash_str_verify(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION randombytes_uniform(integer) CALLED ON NULL INPUT; +ALTER FUNCTION randombytes_buf(integer) CALLED ON NULL INPUT; +ALTER FUNCTION randombytes_buf_deterministic(integer, bytea) CALLED ON NULL INPUT; + +ALTER FUNCTION crypto_secretbox(bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_secretbox(bytea, bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_secretbox(bytea, bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION crypto_secretbox_open(bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_secretbox_open(bytea, bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_secretbox_open(bytea, bytea, uuid) CALLED ON NULL INPUT; + +ALTER FUNCTION crypto_hash_sha256(bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_hash_sha512(bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_sign_seed_new_keypair(bytea) CALLED ON NULL INPUT; + +ALTER FUNCTION crypto_sign(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_sign_detached(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_sign_final_create(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_sign_final_verify(bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_sign_open(bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_sign_seed_new_keypair(bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_sign_verify_detached(bytea, bytea, bytea) CALLED ON NULL INPUT; + +ALTER FUNCTION crypto_signcrypt_sign_after(bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_signcrypt_sign_before(bytea, bytea, bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_signcrypt_verify_after(bytea, bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_signcrypt_verify_before(bytea, bytea, bytea, bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_signcrypt_verify_public(bytea, bytea, bytea, bytea, bytea, bytea) CALLED ON NULL INPUT; + +ALTER FUNCTION crypto_stream_xchacha20(bigint, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_stream_xchacha20(bigint, bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_stream_xchacha20_xor(bytea, bytea, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_stream_xchacha20_xor(bytea, bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_stream_xchacha20_xor_ic(bytea, bytea, bigint, bytea) CALLED ON NULL INPUT; +ALTER FUNCTION crypto_stream_xchacha20_xor_ic(bytea, bytea, bigint, bigint, bytea) CALLED ON NULL INPUT; + CREATE OR REPLACE FUNCTION pgsodium.create_mask_view(relid oid, subid integer, debug boolean = false) RETURNS void AS $$ diff --git a/src/aead.c b/src/aead.c index 2a6b55c..0d841d5 100644 --- a/src/aead.c +++ b/src/aead.c @@ -27,12 +27,30 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_aead_ietf_encrypt); Datum pgsodium_crypto_aead_ietf_encrypt (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *additional = PG_GETARG_BYTEA_PP (1); - bytea *nonce = PG_GETARG_BYTEA_PP (2); - bytea *key = PG_GETARG_BYTEA_PP (3); + bytea *message; + bytea *associated; + bytea *nonce; + bytea *key; unsigned long long result_size; bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + if (!PG_ARGISNULL (1)) + { + associated = PG_GETARG_BYTEA_PP (1); + } + else + { + associated = NULL; + } + + nonce = PG_GETARG_BYTEA_PP (2); + key = PG_GETARG_BYTEA_PP (3); + ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_aead_chacha20poly1305_IETF_NPUBBYTES, "%s: invalid nonce"); ERRORIF (VARSIZE_ANY_EXHDR (key) != @@ -45,8 +63,8 @@ pgsodium_crypto_aead_ietf_encrypt (PG_FUNCTION_ARGS) &result_size, PGSODIUM_UCHARDATA_ANY (message), VARSIZE_ANY_EXHDR (message), - PGSODIUM_UCHARDATA_ANY (additional), - VARSIZE_ANY_EXHDR (additional), + associated != NULL ? PGSODIUM_UCHARDATA_ANY (associated) : NULL, + associated != NULL ? VARSIZE_ANY_EXHDR (associated) : 0, NULL, PGSODIUM_UCHARDATA_ANY (nonce), PGSODIUM_UCHARDATA_ANY (key)); @@ -57,15 +75,32 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_aead_ietf_decrypt); Datum pgsodium_crypto_aead_ietf_decrypt (PG_FUNCTION_ARGS) { - bytea *ciphertext = PG_GETARG_BYTEA_PP (0); - bytea *additional = PG_GETARG_BYTEA_PP (1); - bytea *nonce = PG_GETARG_BYTEA_PP (2); - bytea *key = PG_GETARG_BYTEA_PP (3); + bytea *ciphertext; + bytea *associated; + bytea *nonce; + bytea *key; size_t ciphertext_len; unsigned long long result_size; bytea *result; int success; + ERRORIF (PG_ARGISNULL (0), "%s: ciphertext cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key cannot be NULL"); + + ciphertext = PG_GETARG_BYTEA_PP (0); + if (!PG_ARGISNULL (1)) + { + associated = PG_GETARG_BYTEA_PP (1); + } + else + { + associated = NULL; + } + + nonce = PG_GETARG_BYTEA_PP (2); + key = PG_GETARG_BYTEA_PP (3); + ERRORIF (VARSIZE_ANY_EXHDR (ciphertext) <= crypto_aead_chacha20poly1305_IETF_ABYTES, "%s: invalid message"); ERRORIF (VARSIZE_ANY_EXHDR (nonce) != @@ -84,8 +119,8 @@ pgsodium_crypto_aead_ietf_decrypt (PG_FUNCTION_ARGS) NULL, PGSODIUM_UCHARDATA_ANY (ciphertext), ciphertext_len, - PGSODIUM_UCHARDATA_ANY (additional), - VARSIZE_ANY_EXHDR (additional), + associated != NULL ? PGSODIUM_UCHARDATA_ANY (associated) : NULL, + associated != NULL ? VARSIZE_ANY_EXHDR (associated) : 0, PGSODIUM_UCHARDATA_ANY (nonce), PGSODIUM_UCHARDATA_ANY (key)); ERRORIF (success != 0, "%s: invalid ciphertext"); @@ -96,14 +131,34 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_aead_ietf_encrypt_by_id); Datum pgsodium_crypto_aead_ietf_encrypt_by_id (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_P (0); - bytea *additional = PG_GETARG_BYTEA_P (1); - bytea *nonce = PG_GETARG_BYTEA_P (2); - unsigned long long key_id = PG_GETARG_INT64 (3); - bytea *context = PG_GETARG_BYTEA_P (4); + bytea *message; + bytea *associated; + bytea *nonce; + unsigned long long key_id; + bytea *context; unsigned long long result_size; bytea *result; bytea *key; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (4), "%s: key context cannot be NULL"); + + message = PG_GETARG_BYTEA_P (0); + if (!PG_ARGISNULL (1)) + { + associated = PG_GETARG_BYTEA_PP (1); + } + else + { + associated = NULL; + } + + nonce = PG_GETARG_BYTEA_P (2); + key_id = PG_GETARG_INT64 (3); + context = PG_GETARG_BYTEA_P (4); + ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_aead_chacha20poly1305_IETF_NPUBBYTES, "%s: invalid nonce"); key = @@ -116,8 +171,8 @@ pgsodium_crypto_aead_ietf_encrypt_by_id (PG_FUNCTION_ARGS) &result_size, PGSODIUM_UCHARDATA (message), VARSIZE_ANY_EXHDR (message), - PGSODIUM_UCHARDATA (additional), - VARSIZE_ANY_EXHDR (additional), + associated != NULL ? PGSODIUM_UCHARDATA_ANY (associated) : NULL, + associated != NULL ? VARSIZE_ANY_EXHDR (associated) : 0, NULL, PGSODIUM_UCHARDATA (nonce), PGSODIUM_UCHARDATA (key)); SET_VARSIZE (result, VARHDRSZ + result_size + crypto_aead_chacha20poly1305_IETF_ABYTES); @@ -128,16 +183,36 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_aead_ietf_decrypt_by_id); Datum pgsodium_crypto_aead_ietf_decrypt_by_id (PG_FUNCTION_ARGS) { - bytea *ciphertext = PG_GETARG_BYTEA_P (0); - bytea *additional = PG_GETARG_BYTEA_P (1); - bytea *nonce = PG_GETARG_BYTEA_P (2); - unsigned long long key_id = PG_GETARG_INT64 (3); - bytea *context = PG_GETARG_BYTEA_P (4); + bytea *ciphertext; + bytea *associated; + bytea *nonce; + unsigned long long key_id; + bytea *context; size_t ciphertext_len; unsigned long long result_size; bytea *result; bytea *key; int success; + + ERRORIF (PG_ARGISNULL (0), "%s: ciphertext cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (4), "%s: key context cannot be NULL"); + + ciphertext = PG_GETARG_BYTEA_P (0); + if (!PG_ARGISNULL (1)) + { + associated = PG_GETARG_BYTEA_PP (1); + } + else + { + associated = NULL; + } + + nonce = PG_GETARG_BYTEA_P (2); + key_id = PG_GETARG_INT64 (3); + context = PG_GETARG_BYTEA_P (4); + ERRORIF (VARSIZE_ANY_EXHDR (ciphertext) <= crypto_aead_chacha20poly1305_IETF_ABYTES, "%s: invalid message"); ERRORIF (VARSIZE_ANY_EXHDR (nonce) != @@ -151,10 +226,15 @@ pgsodium_crypto_aead_ietf_decrypt_by_id (PG_FUNCTION_ARGS) result = _pgsodium_zalloc_bytea (ciphertext_len); success = - crypto_aead_chacha20poly1305_ietf_decrypt (PGSODIUM_UCHARDATA (result), - &result_size, NULL, PGSODIUM_UCHARDATA (ciphertext), ciphertext_len, - PGSODIUM_UCHARDATA (additional), VARSIZE_ANY_EXHDR (additional), - PGSODIUM_UCHARDATA (nonce), PGSODIUM_UCHARDATA (key)); + crypto_aead_chacha20poly1305_ietf_decrypt ( + PGSODIUM_UCHARDATA (result), + &result_size, + NULL, + PGSODIUM_UCHARDATA (ciphertext), ciphertext_len, + associated != NULL ? PGSODIUM_UCHARDATA_ANY (associated) : NULL, + associated != NULL ? VARSIZE_ANY_EXHDR (associated) : 0, + PGSODIUM_UCHARDATA (nonce), + PGSODIUM_UCHARDATA (key)); ERRORIF (success != 0, "%s: invalid ciphertext"); SET_VARSIZE (result, VARHDRSZ + result_size); PG_RETURN_BYTEA_P (result); @@ -184,14 +264,30 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_aead_det_encrypt); Datum pgsodium_crypto_aead_det_encrypt (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *additional = PG_GETARG_BYTEA_PP (1); - bytea *key = PG_GETARG_BYTEA_PP (2); + bytea *message; + bytea *associated; + bytea *key; bytea *nonce; size_t result_size; bytea *result; int success; + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + + if (!PG_ARGISNULL (1)) + { + associated = PG_GETARG_BYTEA_PP (1); + } + else + { + associated = NULL; + } + + key = PG_GETARG_BYTEA_PP (2); + ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_aead_det_xchacha20_KEYBYTES, "%s: invalid key"); if (!PG_ARGISNULL (3)) @@ -211,8 +307,8 @@ pgsodium_crypto_aead_det_encrypt (PG_FUNCTION_ARGS) PGSODIUM_UCHARDATA (result), PGSODIUM_UCHARDATA_ANY (message), VARSIZE_ANY_EXHDR (message), - PGSODIUM_UCHARDATA_ANY (additional), - VARSIZE_ANY_EXHDR (additional), + associated != NULL ? PGSODIUM_UCHARDATA_ANY (associated) : NULL, + associated != NULL ? VARSIZE_ANY_EXHDR (associated) : 0, nonce != NULL ? PGSODIUM_UCHARDATA_ANY (nonce) : NULL, PGSODIUM_UCHARDATA_ANY (key)); ERRORIF (success != 0, "%s: crypto_aead_det_xchacha20_encrypt failed"); @@ -223,12 +319,28 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_aead_det_decrypt); Datum pgsodium_crypto_aead_det_decrypt (PG_FUNCTION_ARGS) { - bytea *ciphertext = PG_GETARG_BYTEA_PP (0); - bytea *additional = PG_GETARG_BYTEA_PP (1); - bytea *key = PG_GETARG_BYTEA_PP (2); + bytea *ciphertext; + bytea *associated; + bytea *key; size_t result_len; bytea *result, *nonce; int success; + + ERRORIF (PG_ARGISNULL (0), "%s: ciphertext cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key cannot be NULL"); + + ciphertext = PG_GETARG_BYTEA_PP (0); + if (!PG_ARGISNULL (1)) + { + associated = PG_GETARG_BYTEA_PP (1); + } + else + { + associated = NULL; + } + + key = PG_GETARG_BYTEA_PP (2); + ERRORIF (VARSIZE_ANY_EXHDR (ciphertext) <= crypto_aead_det_xchacha20_ABYTES, "%s: invalid message"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_aead_det_xchacha20_KEYBYTES, @@ -250,8 +362,8 @@ pgsodium_crypto_aead_det_decrypt (PG_FUNCTION_ARGS) PGSODIUM_UCHARDATA (result), PGSODIUM_UCHARDATA_ANY (ciphertext), VARSIZE_ANY_EXHDR (ciphertext), - PGSODIUM_UCHARDATA_ANY (additional), - VARSIZE_ANY_EXHDR (additional), + associated != NULL ? PGSODIUM_UCHARDATA_ANY (associated) : NULL, + associated != NULL ? VARSIZE_ANY_EXHDR (associated) : 0, nonce != NULL ? PGSODIUM_UCHARDATA_ANY (nonce) : NULL, PGSODIUM_UCHARDATA_ANY (key)); ERRORIF (success != 0, "%s: invalid ciphertext"); @@ -262,15 +374,33 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_aead_det_encrypt_by_id); Datum pgsodium_crypto_aead_det_encrypt_by_id (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *additional = PG_GETARG_BYTEA_PP (1); - unsigned long long key_id = PG_GETARG_INT64 (2); - bytea *context = PG_GETARG_BYTEA_PP (3); + bytea *message; + bytea *associated; + unsigned long long key_id; + bytea *context; bytea *key, *nonce; size_t result_size; bytea *result; int success; + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key context cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + + if (!PG_ARGISNULL (1)) + { + associated = PG_GETARG_BYTEA_PP (1); + } + else + { + associated = NULL; + } + + key_id = PG_GETARG_INT64 (2); + context = PG_GETARG_BYTEA_PP (3); + if (!PG_ARGISNULL (4)) { nonce = PG_GETARG_BYTEA_PP (4); @@ -281,6 +411,7 @@ pgsodium_crypto_aead_det_encrypt_by_id (PG_FUNCTION_ARGS) { nonce = NULL; } + result_size = VARSIZE_ANY_EXHDR (message) + crypto_aead_det_xchacha20_ABYTES; result = _pgsodium_zalloc_bytea (result_size + VARHDRSZ); @@ -293,8 +424,8 @@ pgsodium_crypto_aead_det_encrypt_by_id (PG_FUNCTION_ARGS) PGSODIUM_UCHARDATA (result), PGSODIUM_UCHARDATA_ANY (message), VARSIZE_ANY_EXHDR (message), - PGSODIUM_UCHARDATA_ANY (additional), - VARSIZE_ANY_EXHDR (additional), + associated != NULL ? PGSODIUM_UCHARDATA_ANY (associated) : NULL, + associated != NULL ? VARSIZE_ANY_EXHDR (associated) : 0, nonce != NULL ? PGSODIUM_UCHARDATA_ANY (nonce) : NULL, PGSODIUM_UCHARDATA_ANY (key)); ERRORIF (success != 0, "%s: failed"); @@ -305,13 +436,33 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_aead_det_decrypt_by_id); Datum pgsodium_crypto_aead_det_decrypt_by_id (PG_FUNCTION_ARGS) { - bytea *ciphertext = PG_GETARG_BYTEA_PP (0); - bytea *additional = PG_GETARG_BYTEA_PP (1); - unsigned long long key_id = PG_GETARG_INT64 (2); - bytea *context = PG_GETARG_BYTEA_PP (3); + bytea *ciphertext; + bytea *associated; + unsigned long long key_id; + bytea *context; size_t result_len; bytea *key, *result, *nonce; int success; + + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key context cannot be NULL"); + + ciphertext = PG_GETARG_BYTEA_PP (0); + + if (!PG_ARGISNULL (1)) + { + associated = PG_GETARG_BYTEA_PP (1); + } + else + { + associated = NULL; + } + + key_id = PG_GETARG_INT64 (2); + context = PG_GETARG_BYTEA_PP (3); + if (!PG_ARGISNULL (4)) { nonce = PG_GETARG_BYTEA_PP (4); @@ -335,8 +486,8 @@ pgsodium_crypto_aead_det_decrypt_by_id (PG_FUNCTION_ARGS) PGSODIUM_UCHARDATA (result), PGSODIUM_UCHARDATA_ANY (ciphertext), VARSIZE_ANY_EXHDR (ciphertext), - PGSODIUM_UCHARDATA_ANY (additional), - VARSIZE_ANY_EXHDR (additional), + associated != NULL ? PGSODIUM_UCHARDATA_ANY (associated) : NULL, + associated != NULL ? VARSIZE_ANY_EXHDR (associated) : 0, nonce != NULL ? PGSODIUM_UCHARDATA_ANY (nonce) : NULL, PGSODIUM_UCHARDATA_ANY (key)); ERRORIF (success != 0, "%s: invalid ciphertext"); diff --git a/src/auth.c b/src/auth.c index 0311143..6410e4e 100644 --- a/src/auth.c +++ b/src/auth.c @@ -4,10 +4,17 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_auth); Datum pgsodium_crypto_auth (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *key = PG_GETARG_BYTEA_PP (1); + bytea *message; + bytea *key; int result_size; bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: key cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + key = PG_GETARG_BYTEA_PP (1); + ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_auth_KEYBYTES, "%s: invalid key"); result_size = VARHDRSZ + crypto_auth_BYTES; @@ -24,13 +31,22 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_auth_by_id); Datum pgsodium_crypto_auth_by_id (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_PP (0); - unsigned long long key_id = PG_GETARG_INT64 (1); - bytea *context = PG_GETARG_BYTEA_PP (2); - bytea *key = - pgsodium_derive_helper (key_id, crypto_auth_KEYBYTES, context); + bytea *message; + unsigned long long key_id; + bytea *context; + bytea *key; int result_size; bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key context cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + key_id = PG_GETARG_INT64 (1); + context = PG_GETARG_BYTEA_PP (2); + + key = pgsodium_derive_helper (key_id, crypto_auth_KEYBYTES, context); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_auth_KEYBYTES, "%s: invalid key"); result_size = VARHDRSZ + crypto_auth_BYTES; @@ -48,9 +64,18 @@ Datum pgsodium_crypto_auth_verify (PG_FUNCTION_ARGS) { int success; - bytea *mac = PG_GETARG_BYTEA_PP (0); - bytea *message = PG_GETARG_BYTEA_PP (1); - bytea *key = PG_GETARG_BYTEA_PP (2); + bytea *mac; + bytea *message; + bytea *key; + + ERRORIF (PG_ARGISNULL (0), "%s: signature cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key cannot be NULL"); + + mac = PG_GETARG_BYTEA_PP (0); + message = PG_GETARG_BYTEA_PP (1); + key = PG_GETARG_BYTEA_PP (2); + ERRORIF (VARSIZE_ANY_EXHDR (mac) != crypto_auth_BYTES, "%s: invalid mac"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_auth_KEYBYTES, "%s: invalid key"); @@ -68,12 +93,23 @@ Datum pgsodium_crypto_auth_verify_by_id (PG_FUNCTION_ARGS) { int success; - bytea *mac = PG_GETARG_BYTEA_PP (0); - bytea *message = PG_GETARG_BYTEA_PP (1); - unsigned long long key_id = PG_GETARG_INT64 (2); - bytea *context = PG_GETARG_BYTEA_PP (3); - bytea *key = - pgsodium_derive_helper (key_id, crypto_secretbox_KEYBYTES, context); + bytea *mac; + bytea *message; + unsigned long long key_id; + bytea *context; + bytea *key; + + ERRORIF (PG_ARGISNULL (0), "%s: signature cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key context cannot be NULL"); + + mac = PG_GETARG_BYTEA_PP (0); + message = PG_GETARG_BYTEA_PP (1); + key_id = PG_GETARG_INT64 (2); + context = PG_GETARG_BYTEA_PP (3); + + key = pgsodium_derive_helper (key_id, crypto_secretbox_KEYBYTES, context); ERRORIF (VARSIZE_ANY_EXHDR (mac) != crypto_auth_BYTES, "%s: invalid mac"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_auth_KEYBYTES, diff --git a/src/box.c b/src/box.c index 6d29065..9e57717 100644 --- a/src/box.c +++ b/src/box.c @@ -51,9 +51,13 @@ pgsodium_crypto_box_seed_keypair (PG_FUNCTION_ARGS) Datum result; bytea *publickey; bytea *secretkey; - bytea *seed = PG_GETARG_BYTEA_PP (0); + bytea *seed; size_t public_size = crypto_box_PUBLICKEYBYTES + VARHDRSZ; size_t secret_size = crypto_box_SECRETKEYBYTES + VARHDRSZ; + + ERRORIF (PG_ARGISNULL (0), "%s: seed cannot be NULL"); + + seed = PG_GETARG_BYTEA_PP (0); ERRORIF (VARSIZE_ANY_EXHDR (seed) != crypto_box_SEEDBYTES, "%s: invalid seed"); if (get_call_result_type (fcinfo, NULL, &tupdesc) != TYPEFUNC_COMPOSITE) @@ -88,13 +92,24 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_box); Datum pgsodium_crypto_box (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *nonce = PG_GETARG_BYTEA_PP (1); - bytea *publickey = PG_GETARG_BYTEA_PP (2); - bytea *secretkey = PG_GETARG_BYTEA_PP (3); + bytea *message; + bytea *nonce; + bytea *publickey; + bytea *secretkey; int success; size_t message_size; bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: publickey cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: secretkey cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + nonce = PG_GETARG_BYTEA_PP (1); + publickey = PG_GETARG_BYTEA_PP (2); + secretkey = PG_GETARG_BYTEA_PP (3); + ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_box_NONCEBYTES, "%s: invalid nonce"); ERRORIF (VARSIZE_ANY_EXHDR (publickey) != crypto_box_PUBLICKEYBYTES, @@ -120,13 +135,23 @@ Datum pgsodium_crypto_box_open (PG_FUNCTION_ARGS) { int success; - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *nonce = PG_GETARG_BYTEA_PP (1); - bytea *publickey = PG_GETARG_BYTEA_PP (2); - bytea *secretkey = PG_GETARG_BYTEA_PP (3); + bytea *message; + bytea *nonce; + bytea *publickey; + bytea *secretkey; size_t message_size; bytea *result; + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: publickey cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: secretkey cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + nonce = PG_GETARG_BYTEA_PP (1); + publickey = PG_GETARG_BYTEA_PP (2); + secretkey = PG_GETARG_BYTEA_PP (3); + ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_box_NONCEBYTES, "%s: invalid nonce"); ERRORIF (VARSIZE_ANY_EXHDR (publickey) != crypto_box_PUBLICKEYBYTES, @@ -153,10 +178,17 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_box_seal); Datum pgsodium_crypto_box_seal (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *public_key = PG_GETARG_BYTEA_PP (1); + bytea *message; + bytea *public_key; size_t result_size; bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: publickey cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + public_key = PG_GETARG_BYTEA_PP (1); + ERRORIF (VARSIZE_ANY_EXHDR (public_key) != crypto_box_PUBLICKEYBYTES, "%s: invalid public key"); result_size = crypto_box_SEALBYTES + VARSIZE_ANY(message); @@ -174,11 +206,20 @@ Datum pgsodium_crypto_box_seal_open (PG_FUNCTION_ARGS) { int success; - bytea *ciphertext = PG_GETARG_BYTEA_PP (0); - bytea *public_key = PG_GETARG_BYTEA_PP (1); - bytea *secret_key = PG_GETARG_BYTEA_PP (2); + bytea *ciphertext; + bytea *public_key; + bytea *secret_key; size_t result_size; bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: ciphertext cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: public_key cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: secret_key cannot be NULL"); + + ciphertext = PG_GETARG_BYTEA_PP (0); + public_key = PG_GETARG_BYTEA_PP (1); + secret_key = PG_GETARG_BYTEA_PP (2); + ERRORIF (VARSIZE_ANY_EXHDR (public_key) != crypto_box_PUBLICKEYBYTES, "%s: invalid public key"); ERRORIF (VARSIZE_ANY_EXHDR (secret_key) != crypto_box_SECRETKEYBYTES, diff --git a/src/derive.c b/src/derive.c index 5560101..09851c1 100644 --- a/src/derive.c +++ b/src/derive.c @@ -4,9 +4,18 @@ PG_FUNCTION_INFO_V1 (pgsodium_derive); Datum pgsodium_derive (PG_FUNCTION_ARGS) { - unsigned long long subkey_id = PG_GETARG_INT64 (0); - size_t subkey_size = PG_GETARG_UINT32 (1); - bytea *context = PG_GETARG_BYTEA_PP (2); + unsigned long long subkey_id; + size_t subkey_size; + bytea *context; + + ERRORIF (PG_ARGISNULL (0), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: key size cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key context cannot be NULL"); + + subkey_id = PG_GETARG_INT64 (0); + subkey_size = PG_GETARG_UINT32 (1); + context = PG_GETARG_BYTEA_PP (2); + PG_RETURN_BYTEA_P (pgsodium_derive_helper (subkey_id, subkey_size, context)); } diff --git a/src/hash.c b/src/hash.c index 9e447f0..4a5b5b9 100644 --- a/src/hash.c +++ b/src/hash.c @@ -20,6 +20,9 @@ pgsodium_crypto_generichash (PG_FUNCTION_ARGS) unsigned char *key = NULL; size_t keylen = 0; size_t result_size; + + ERRORIF (PG_ARGISNULL (0), "%s: data cannot be NULL"); + data = PG_GETARG_BYTEA_PP (0); if (!PG_ARGISNULL (1)) { @@ -59,8 +62,13 @@ pgsodium_crypto_shorthash (PG_FUNCTION_ARGS) bytea *result; bytea *key; int result_size = VARHDRSZ + crypto_shorthash_BYTES; + + ERRORIF (PG_ARGISNULL (0), "%s: data cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: key cannot be NULL"); + data = PG_GETARG_BYTEA_PP (0); key = PG_GETARG_BYTEA_PP (1); + ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_shorthash_KEYBYTES, "%s: invalid key"); result = _pgsodium_zalloc_bytea (result_size); @@ -83,10 +91,14 @@ pgsodium_crypto_generichash_by_id (PG_FUNCTION_ARGS) unsigned char *key = NULL; size_t keylen = 0; size_t result_size; + + ERRORIF (PG_ARGISNULL (0), "%s: data cannot be NULL"); + data = PG_GETARG_BYTEA_PP (0); if (!PG_ARGISNULL (1)) { unsigned long long key_id = PG_GETARG_INT64 (1); + ERRORIF (PG_ARGISNULL (2), "%s: key context be NULL"); context = PG_GETARG_BYTEA_PP (2); keyarg = pgsodium_derive_helper (key_id, crypto_generichash_KEYBYTES, @@ -118,6 +130,11 @@ pgsodium_crypto_shorthash_by_id (PG_FUNCTION_ARGS) bytea *context; uint64_t key_id; int result_size = VARHDRSZ + crypto_shorthash_BYTES; + + ERRORIF (PG_ARGISNULL (0), "%s: data cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key context cannot be NULL"); + data = PG_GETARG_BYTEA_PP (0); key_id = PG_GETARG_INT64 (1); context = PG_GETARG_BYTEA_PP (2); diff --git a/src/helpers.c b/src/helpers.c index 4c6ea65..ee6c571 100644 --- a/src/helpers.c +++ b/src/helpers.c @@ -27,12 +27,20 @@ PG_FUNCTION_INFO_V1 (pgsodium_sodium_bin2base64); Datum pgsodium_sodium_bin2base64 (PG_FUNCTION_ARGS) { - bytea *bin = PG_GETARG_BYTEA_PP (0); - size_t bin_size = VARSIZE_ANY_EXHDR (bin); - size_t text_size = sodium_base64_ENCODED_LEN ( + bytea *bin; + size_t bin_size; + size_t text_size; + text *base64; + + ERRORIF (PG_ARGISNULL (0), "%s: bin cannot be NULL"); + + bin = PG_GETARG_BYTEA_PP (0); + bin_size = VARSIZE_ANY_EXHDR (bin); + text_size = sodium_base64_ENCODED_LEN ( bin_size, sodium_base64_VARIANT_URLSAFE_NO_PADDING); - text *base64 = (text *) _pgsodium_zalloc_text (text_size + VARHDRSZ); + base64 = (text *) _pgsodium_zalloc_text (text_size + VARHDRSZ); + sodium_bin2base64 ( PGSODIUM_CHARDATA (base64), text_size, @@ -46,12 +54,20 @@ PG_FUNCTION_INFO_V1 (pgsodium_sodium_base642bin); Datum pgsodium_sodium_base642bin (PG_FUNCTION_ARGS) { - text *base64 = PG_GETARG_TEXT_PP (0); - size_t base64_size = VARSIZE_ANY_EXHDR (base64); - size_t max_bin_size = ((base64_size + 1) / 4) * 3; - bytea *bin = _pgsodium_zalloc_bytea (max_bin_size + VARHDRSZ); + text *base64; + size_t base64_size; + size_t max_bin_size; + bytea *bin; size_t bin_size; int success; + + ERRORIF (PG_ARGISNULL (0), "%s: base64 cannot be NULL"); + + base64 = PG_GETARG_TEXT_PP (0); + base64_size = VARSIZE_ANY_EXHDR (base64); + max_bin_size = ((base64_size + 1) / 4) * 3; + bin = _pgsodium_zalloc_bytea (max_bin_size + VARHDRSZ); + success = sodium_base642bin ( PGSODIUM_UCHARDATA (bin), max_bin_size, diff --git a/src/hmac.c b/src/hmac.c index 22375d2..0f0dcfa 100644 --- a/src/hmac.c +++ b/src/hmac.c @@ -14,10 +14,17 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_auth_hmacsha512); Datum pgsodium_crypto_auth_hmacsha512 (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *key = PG_GETARG_BYTEA_PP (1); + bytea *message; + bytea *key; size_t result_size = VARHDRSZ + crypto_auth_hmacsha512_BYTES; bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: key cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + key = PG_GETARG_BYTEA_PP (1); + ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_auth_hmacsha512_KEYBYTES, "%s: invalid key"); result = _pgsodium_zalloc_bytea (result_size); @@ -33,15 +40,22 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_auth_hmacsha512_by_id); Datum pgsodium_crypto_auth_hmacsha512_by_id (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_PP (0); - uint64_t key_id = PG_GETARG_INT64 (1); - bytea *context = PG_GETARG_BYTEA_PP (2); - bytea *key = - pgsodium_derive_helper (key_id, crypto_auth_hmacsha512_KEYBYTES, - context); + bytea *message; + uint64_t key_id; + bytea *context; + bytea *key; size_t result_size = VARHDRSZ + crypto_auth_hmacsha512_BYTES; bytea *result; + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key context cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + key_id = PG_GETARG_INT64 (1); + context = PG_GETARG_BYTEA_PP (2); + key = pgsodium_derive_helper (key_id, crypto_auth_hmacsha512_KEYBYTES, context); + ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_auth_hmacsha512_KEYBYTES, "%s: invalid key"); result = _pgsodium_zalloc_bytea (result_size); @@ -58,9 +72,18 @@ Datum pgsodium_crypto_auth_hmacsha512_verify (PG_FUNCTION_ARGS) { int success; - bytea *hash = PG_GETARG_BYTEA_PP (0); - bytea *message = PG_GETARG_BYTEA_PP (1); - bytea *key = PG_GETARG_BYTEA_PP (2); + bytea *hash; + bytea *message; + bytea *key; + + ERRORIF (PG_ARGISNULL (0), "%s: hash cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key cannot be NULL"); + + hash = PG_GETARG_BYTEA_PP (0); + message = PG_GETARG_BYTEA_PP (1); + key = PG_GETARG_BYTEA_PP (2); + ERRORIF (VARSIZE_ANY_EXHDR (hash) != crypto_auth_hmacsha512_BYTES, "%s: invalid hash"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_auth_hmacsha512_KEYBYTES, @@ -78,13 +101,22 @@ Datum pgsodium_crypto_auth_hmacsha512_verify_by_id (PG_FUNCTION_ARGS) { int success; - bytea *hash = PG_GETARG_BYTEA_PP (0); - bytea *message = PG_GETARG_BYTEA_PP (1); - uint64_t key_id = PG_GETARG_INT64 (2); - bytea *context = PG_GETARG_BYTEA_PP (3); - bytea *key = - pgsodium_derive_helper (key_id, crypto_auth_hmacsha512_KEYBYTES, - context); + bytea *hash; + bytea *message; + uint64_t key_id; + bytea *context; + bytea *key; + + ERRORIF (PG_ARGISNULL (0), "%s: hash cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key context cannot be NULL"); + + hash = PG_GETARG_BYTEA_PP (0); + message = PG_GETARG_BYTEA_PP (1); + key_id = PG_GETARG_INT64 (2); + context = PG_GETARG_BYTEA_PP (3); + key = pgsodium_derive_helper (key_id, crypto_auth_hmacsha512_KEYBYTES, context); ERRORIF (VARSIZE_ANY_EXHDR (hash) != crypto_auth_hmacsha512_BYTES, "%s: invalid hash"); @@ -112,10 +144,17 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_auth_hmacsha256); Datum pgsodium_crypto_auth_hmacsha256 (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *key = PG_GETARG_BYTEA_PP (1); - size_t result_size = VARHDRSZ + crypto_auth_hmacsha256_BYTES; + bytea *message; + bytea *key; bytea *result; + size_t result_size = VARHDRSZ + crypto_auth_hmacsha256_BYTES; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: key cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + key = PG_GETARG_BYTEA_PP (1); + ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_auth_hmacsha256_KEYBYTES, "%s: invalid key"); result = _pgsodium_zalloc_bytea (result_size); @@ -132,9 +171,18 @@ Datum pgsodium_crypto_auth_hmacsha256_verify (PG_FUNCTION_ARGS) { int success; - bytea *hash = PG_GETARG_BYTEA_PP (0); - bytea *message = PG_GETARG_BYTEA_PP (1); - bytea *key = PG_GETARG_BYTEA_PP (2); + bytea *hash; + bytea *message; + bytea *key; + + ERRORIF (PG_ARGISNULL (0), "%s: hash cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key cannot be NULL"); + + hash = PG_GETARG_BYTEA_PP (0); + message = PG_GETARG_BYTEA_PP (1); + key = PG_GETARG_BYTEA_PP (2); + ERRORIF (VARSIZE_ANY_EXHDR (hash) != crypto_auth_hmacsha256_BYTES, "%s: invalid hash"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_auth_hmacsha256_KEYBYTES, @@ -153,12 +201,19 @@ pgsodium_crypto_auth_hmacsha256_by_id (PG_FUNCTION_ARGS) { bytea *result; size_t result_size = VARHDRSZ + crypto_auth_hmacsha256_BYTES; - bytea *message = PG_GETARG_BYTEA_PP (0); - uint64_t key_id = PG_GETARG_INT64 (1); - bytea *context = PG_GETARG_BYTEA_PP (2); - bytea *key = - pgsodium_derive_helper (key_id, crypto_auth_hmacsha256_KEYBYTES, - context); + bytea *message; + uint64_t key_id; + bytea *context; + bytea *key; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key context cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + key_id = PG_GETARG_INT64 (1); + context = PG_GETARG_BYTEA_PP (2); + key = pgsodium_derive_helper (key_id, crypto_auth_hmacsha256_KEYBYTES, context); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_auth_hmacsha256_KEYBYTES, "%s: invalid key"); @@ -176,13 +231,22 @@ Datum pgsodium_crypto_auth_hmacsha256_verify_by_id (PG_FUNCTION_ARGS) { int success; - bytea *hash = PG_GETARG_BYTEA_PP (0); - bytea *message = PG_GETARG_BYTEA_PP (1); - uint64_t key_id = PG_GETARG_INT64 (2); - bytea *context = PG_GETARG_BYTEA_PP (3); - bytea *key = - pgsodium_derive_helper (key_id, crypto_auth_hmacsha256_KEYBYTES, - context); + bytea *hash; + bytea *message; + uint64_t key_id; + bytea *context; + bytea *key; + + ERRORIF (PG_ARGISNULL (0), "%s: hash cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key context cannot be NULL"); + + hash = PG_GETARG_BYTEA_PP (0); + message = PG_GETARG_BYTEA_PP (1); + key_id = PG_GETARG_INT64 (2); + context = PG_GETARG_BYTEA_PP (3); + key = pgsodium_derive_helper (key_id, crypto_auth_hmacsha256_KEYBYTES, context); ERRORIF (VARSIZE_ANY_EXHDR (hash) != crypto_auth_hmacsha256_BYTES, "%s: invalid hash"); diff --git a/src/kdf.c b/src/kdf.c index fe9b23a..7622795 100644 --- a/src/kdf.c +++ b/src/kdf.c @@ -14,12 +14,24 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_kdf_derive_from_key); Datum pgsodium_crypto_kdf_derive_from_key (PG_FUNCTION_ARGS) { - size_t subkey_size = PG_GETARG_UINT32 (0); - size_t result_size = VARHDRSZ + subkey_size; - unsigned long long subkey_id = PG_GETARG_INT64 (1); - bytea *context = PG_GETARG_BYTEA_PP (2); - bytea *primary_key = PG_GETARG_BYTEA_PP (3); + size_t subkey_size; + size_t result_size; + unsigned long long subkey_id; + bytea *context; + bytea *primary_key; bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: subkey size cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: subkey id cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: subkey context cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: primary key cannot be NULL"); + + subkey_size = PG_GETARG_UINT32 (0); + result_size = VARHDRSZ + subkey_size; + subkey_id = PG_GETARG_INT64 (1); + context = PG_GETARG_BYTEA_PP (2); + primary_key = PG_GETARG_BYTEA_PP (3); + ERRORIF (VARSIZE_ANY_EXHDR (primary_key) != crypto_kdf_KEYBYTES, "%s: invalid derivation key"); ERRORIF (subkey_size < crypto_kdf_BYTES_MIN || diff --git a/src/kx.c b/src/kx.c index e7268fe..cc75dff 100644 --- a/src/kx.c +++ b/src/kx.c @@ -56,11 +56,20 @@ pgsodium_crypto_kx_client_session_keys (PG_FUNCTION_ARGS) Datum result; bytea *rx; bytea *tx; - bytea *client_pk = PG_GETARG_BYTEA_PP (0); - bytea *client_sk = PG_GETARG_BYTEA_PP (1); - bytea *server_pk = PG_GETARG_BYTEA_PP (2); + bytea *client_pk; + bytea *client_sk; + bytea *server_pk; size_t rx_size = crypto_kx_SESSIONKEYBYTES + VARHDRSZ; size_t tx_size = crypto_kx_SESSIONKEYBYTES + VARHDRSZ; + + ERRORIF (PG_ARGISNULL (0), "%s: client publickey cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: client secretkey cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: server publickey cannot be NULL"); + + client_pk = PG_GETARG_BYTEA_PP (0); + client_sk = PG_GETARG_BYTEA_PP (1); + server_pk = PG_GETARG_BYTEA_PP (2); + if (get_call_result_type (fcinfo, NULL, &tupdesc) != TYPEFUNC_COMPOSITE) ereport (ERROR, (errcode (ERRCODE_FEATURE_NOT_SUPPORTED), @@ -100,11 +109,20 @@ pgsodium_crypto_kx_server_session_keys (PG_FUNCTION_ARGS) Datum result; bytea *rx; bytea *tx; - bytea *server_pk = PG_GETARG_BYTEA_PP (0); - bytea *server_sk = PG_GETARG_BYTEA_PP (1); - bytea *client_pk = PG_GETARG_BYTEA_PP (2); + bytea *server_pk; + bytea *server_sk; + bytea *client_pk; size_t rx_size = crypto_kx_SESSIONKEYBYTES + VARHDRSZ; size_t tx_size = crypto_kx_SESSIONKEYBYTES + VARHDRSZ; + + ERRORIF (PG_ARGISNULL (0), "%s: server publickey cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: server secretkey cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: client publickey cannot be NULL"); + + server_pk = PG_GETARG_BYTEA_PP (0); + server_sk = PG_GETARG_BYTEA_PP (1); + client_pk = PG_GETARG_BYTEA_PP (2); + if (get_call_result_type (fcinfo, NULL, &tupdesc) != TYPEFUNC_COMPOSITE) ereport (ERROR, (errcode (ERRCODE_FEATURE_NOT_SUPPORTED), diff --git a/src/pwhash.c b/src/pwhash.c index 344a55a..9405f87 100644 --- a/src/pwhash.c +++ b/src/pwhash.c @@ -19,8 +19,13 @@ pgsodium_crypto_pwhash (PG_FUNCTION_ARGS) bytea *salt; int result_size = VARHDRSZ + crypto_box_SEEDBYTES; int success; + + ERRORIF (PG_ARGISNULL (0), "%s: data cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: salt cannot be NULL"); + data = PG_GETARG_BYTEA_PP (0); salt = PG_GETARG_BYTEA_PP (1); + ERRORIF (VARSIZE_ANY_EXHDR (salt) != crypto_pwhash_SALTBYTES, "%s: invalid salt"); ERRORIF (VARSIZE_ANY_EXHDR (data) < crypto_pwhash_PASSWD_MIN @@ -44,9 +49,13 @@ Datum pgsodium_crypto_pwhash_str (PG_FUNCTION_ARGS) { int success; - bytea *password = PG_GETARG_BYTEA_PP (0); + bytea *password; bytea *result = _pgsodium_zalloc_bytea (crypto_pwhash_STRBYTES + VARHDRSZ); + + ERRORIF (PG_ARGISNULL (0), "%s: password cannot be NULL"); + + password = PG_GETARG_BYTEA_PP (0); success = crypto_pwhash_str ( VARDATA (result), @@ -63,8 +72,15 @@ Datum pgsodium_crypto_pwhash_str_verify (PG_FUNCTION_ARGS) { int success; - bytea *hashed_password = PG_GETARG_BYTEA_PP (0); - bytea *password = PG_GETARG_BYTEA_PP (1); + bytea *hashed_password; + bytea *password; + + ERRORIF (PG_ARGISNULL (0), "%s: hashed password cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: password cannot be NULL"); + + hashed_password = PG_GETARG_BYTEA_PP (0); + password = PG_GETARG_BYTEA_PP (1); + success = crypto_pwhash_str_verify ( VARDATA_ANY (hashed_password), VARDATA_ANY (password), diff --git a/src/random.c b/src/random.c index fc7bc7b..00aa47c 100644 --- a/src/random.c +++ b/src/random.c @@ -11,7 +11,9 @@ PG_FUNCTION_INFO_V1 (pgsodium_randombytes_uniform); Datum pgsodium_randombytes_uniform (PG_FUNCTION_ARGS) { - uint32_t upper_bound = PG_GETARG_UINT32 (0); + uint32_t upper_bound; + ERRORIF (PG_ARGISNULL (0), "%s: upper bound cannot be NULL"); + upper_bound = PG_GETARG_UINT32 (0); PG_RETURN_UINT32 (randombytes_uniform (upper_bound)); } @@ -19,9 +21,15 @@ PG_FUNCTION_INFO_V1 (pgsodium_randombytes_buf); Datum pgsodium_randombytes_buf (PG_FUNCTION_ARGS) { - size_t size = PG_GETARG_UINT32 (0); - size_t result_size = VARHDRSZ + size; - bytea *result = _pgsodium_zalloc_bytea (result_size); + size_t size; + size_t result_size; + bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: buffer size cannot be NULL"); + size = PG_GETARG_UINT32 (0); + result_size = VARHDRSZ + size; + result = _pgsodium_zalloc_bytea (result_size); + randombytes_buf (VARDATA (result), size); PG_RETURN_BYTEA_P (result); } @@ -40,10 +48,19 @@ PG_FUNCTION_INFO_V1 (pgsodium_randombytes_buf_deterministic); Datum pgsodium_randombytes_buf_deterministic (PG_FUNCTION_ARGS) { - size_t size = PG_GETARG_UINT32 (0); - bytea *seed = PG_GETARG_BYTEA_P (1); - size_t result_size = VARHDRSZ + size; - bytea *result = _pgsodium_zalloc_bytea (result_size); + size_t size; + bytea *seed; + size_t result_size; + bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: buffer size cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: seed cannot be NULL"); + + size = PG_GETARG_UINT32 (0); + seed = PG_GETARG_BYTEA_P (1); + result_size = VARHDRSZ + size; + result = _pgsodium_zalloc_bytea (result_size); + randombytes_buf_deterministic (VARDATA (result), size, PGSODIUM_UCHARDATA (seed)); PG_RETURN_BYTEA_P (result); diff --git a/src/secretbox.c b/src/secretbox.c index 964a202..642b45f 100644 --- a/src/secretbox.c +++ b/src/secretbox.c @@ -24,11 +24,20 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_secretbox); Datum pgsodium_crypto_secretbox (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_P (0); - bytea *nonce = PG_GETARG_BYTEA_P (1); - bytea *key = PG_GETARG_BYTEA_P (2); + bytea *message; + bytea *nonce; + bytea *key; size_t result_size; bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key cannot be NULL"); + + message = PG_GETARG_BYTEA_P (0); + nonce = PG_GETARG_BYTEA_P (1); + key = PG_GETARG_BYTEA_P (2); + ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_secretbox_NONCEBYTES, "%s: invalid nonce"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_secretbox_KEYBYTES, @@ -46,15 +55,28 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_secretbox_by_id); Datum pgsodium_crypto_secretbox_by_id (PG_FUNCTION_ARGS) { - bytea *message = PG_GETARG_BYTEA_P (0); - bytea *nonce = PG_GETARG_BYTEA_P (1); - unsigned long long key_id = PG_GETARG_INT64 (2); - bytea *context = PG_GETARG_BYTEA_P (3); - bytea *key = - pgsodium_derive_helper (key_id, crypto_secretbox_KEYBYTES, context); - size_t result_size = - crypto_secretbox_MACBYTES + VARSIZE_ANY (message); - bytea *result = _pgsodium_zalloc_bytea (result_size); + bytea *message; + bytea *nonce; + unsigned long long key_id; + bytea *context; + bytea *key; + size_t result_size; + bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key context cannot be NULL"); + + message = PG_GETARG_BYTEA_P (0); + nonce = PG_GETARG_BYTEA_P (1); + key_id = PG_GETARG_INT64 (2); + context = PG_GETARG_BYTEA_P (3); + + key = pgsodium_derive_helper (key_id, crypto_secretbox_KEYBYTES, context); + result_size = crypto_secretbox_MACBYTES + VARSIZE_ANY (message); + result = _pgsodium_zalloc_bytea (result_size); + crypto_secretbox_easy (PGSODIUM_UCHARDATA (result), PGSODIUM_UCHARDATA (message), VARSIZE_ANY_EXHDR (message), @@ -67,13 +89,21 @@ Datum pgsodium_crypto_secretbox_open (PG_FUNCTION_ARGS) { int success; - bytea *message = PG_GETARG_BYTEA_P (0); - bytea *nonce = PG_GETARG_BYTEA_P (1); - bytea *key = PG_GETARG_BYTEA_P (2); + bytea *message; + bytea *nonce; + bytea *key; size_t message_size; size_t result_size; bytea *result; + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key cannot be NULL"); + + message = PG_GETARG_BYTEA_P (0); + nonce = PG_GETARG_BYTEA_P (1); + key = PG_GETARG_BYTEA_P (2); + ERRORIF (VARSIZE_ANY_EXHDR (message) <= crypto_secretbox_MACBYTES, "%s: invalid message"); ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_secretbox_NONCEBYTES, @@ -98,16 +128,26 @@ Datum pgsodium_crypto_secretbox_open_by_id (PG_FUNCTION_ARGS) { int success; - bytea *message = PG_GETARG_BYTEA_P (0); - bytea *nonce = PG_GETARG_BYTEA_P (1); - unsigned long long key_id = PG_GETARG_INT64 (2); - bytea *context = PG_GETARG_BYTEA_P (3); - bytea *key = - pgsodium_derive_helper (key_id, crypto_secretbox_KEYBYTES, context); + bytea *message; + bytea *nonce; + unsigned long long key_id; + bytea *context; + bytea *key; size_t message_size; size_t result_size; bytea *result; + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key context cannot be NULL"); + + message = PG_GETARG_BYTEA_P (0); + nonce = PG_GETARG_BYTEA_P (1); + key_id = PG_GETARG_INT64 (2); + context = PG_GETARG_BYTEA_P (3); + key = pgsodium_derive_helper (key_id, crypto_secretbox_KEYBYTES, context); + ERRORIF (VARSIZE_ANY_EXHDR (message) <= crypto_secretbox_MACBYTES, "%s: invalid message"); ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_secretbox_NONCEBYTES, diff --git a/src/sha.c b/src/sha.c index e11d999..eb4feb1 100644 --- a/src/sha.c +++ b/src/sha.c @@ -5,8 +5,13 @@ Datum pgsodium_crypto_hash_sha256 (PG_FUNCTION_ARGS) { size_t result_size = VARHDRSZ + crypto_hash_sha256_BYTES; - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *result = _pgsodium_zalloc_bytea (result_size); + bytea *message; + bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + result = _pgsodium_zalloc_bytea (result_size); crypto_hash_sha256 ( PGSODIUM_UCHARDATA (result), PGSODIUM_UCHARDATA_ANY (message), @@ -19,8 +24,14 @@ Datum pgsodium_crypto_hash_sha512 (PG_FUNCTION_ARGS) { size_t result_size = VARHDRSZ + crypto_hash_sha512_BYTES; - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *result = _pgsodium_zalloc_bytea (result_size); + bytea *message; + bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + result = _pgsodium_zalloc_bytea (result_size); + crypto_hash_sha512 ( PGSODIUM_UCHARDATA (result), PGSODIUM_UCHARDATA_ANY (message), diff --git a/src/sign.c b/src/sign.c index a1dfe0c..6e43ae6 100644 --- a/src/sign.c +++ b/src/sign.c @@ -52,9 +52,13 @@ pgsodium_crypto_sign_seed_keypair (PG_FUNCTION_ARGS) Datum result; bytea *publickey; bytea *secretkey; - bytea *seed = PG_GETARG_BYTEA_PP (0); + bytea *seed; size_t public_size = crypto_sign_PUBLICKEYBYTES + VARHDRSZ; size_t secret_size = crypto_sign_SECRETKEYBYTES + VARHDRSZ; + + ERRORIF (PG_ARGISNULL (0), "%s: seed cannot be NULL"); + seed = PG_GETARG_BYTEA_PP (0); + ERRORIF (VARSIZE_ANY_EXHDR (seed) != crypto_sign_SEEDBYTES, "%s: invalid seed"); @@ -83,11 +87,18 @@ Datum pgsodium_crypto_sign (PG_FUNCTION_ARGS) { int success; - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *secretkey = PG_GETARG_BYTEA_PP (1); + bytea *message; + bytea *secretkey; unsigned long long signed_message_len; size_t result_size; bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: secretkey cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + secretkey = PG_GETARG_BYTEA_PP (1); + ERRORIF (VARSIZE_ANY_EXHDR (secretkey) != crypto_sign_SECRETKEYBYTES, "%s: invalid secret key"); result_size = crypto_sign_BYTES + VARSIZE_ANY (message); @@ -108,11 +119,17 @@ pgsodium_crypto_sign_open (PG_FUNCTION_ARGS) { int success; unsigned long long unsigned_message_len; - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *publickey = PG_GETARG_BYTEA_PP (1); + bytea *message; + bytea *publickey; size_t result_size; bytea *result; + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: publickey cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + publickey = PG_GETARG_BYTEA_PP (1); + ERRORIF (VARSIZE_ANY_EXHDR (publickey) != crypto_sign_PUBLICKEYBYTES, "%s: invalid public key"); ERRORIF (VARSIZE_ANY_EXHDR (message) <= crypto_sign_BYTES, @@ -135,11 +152,18 @@ Datum pgsodium_crypto_sign_detached (PG_FUNCTION_ARGS) { int success; - bytea *message = PG_GETARG_BYTEA_PP (0); - bytea *secretkey = PG_GETARG_BYTEA_PP (1); + bytea *message; + bytea *secretkey; size_t sig_size = crypto_sign_BYTES; size_t result_size = VARHDRSZ + sig_size; bytea *result = _pgsodium_zalloc_bytea (result_size); + + ERRORIF (PG_ARGISNULL (0), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: secretkey cannot be NULL"); + + message = PG_GETARG_BYTEA_PP (0); + secretkey = PG_GETARG_BYTEA_PP (1); + ERRORIF (VARSIZE_ANY_EXHDR (secretkey) != crypto_sign_SECRETKEYBYTES, "%s: invalid secret key"); success = crypto_sign_detached ( @@ -157,9 +181,18 @@ Datum pgsodium_crypto_sign_verify_detached (PG_FUNCTION_ARGS) { int success; - bytea *sig = PG_GETARG_BYTEA_PP (0); - bytea *message = PG_GETARG_BYTEA_PP (1); - bytea *publickey = PG_GETARG_BYTEA_PP (2); + bytea *sig; + bytea *message; + bytea *publickey; + + ERRORIF (PG_ARGISNULL (0), "%s: signature cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: message cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: publickey cannot be NULL"); + + sig = PG_GETARG_BYTEA_PP (0); + message = PG_GETARG_BYTEA_PP (1); + publickey = PG_GETARG_BYTEA_PP (2); + ERRORIF (VARSIZE_ANY_EXHDR (publickey) != crypto_sign_PUBLICKEYBYTES, "%s: invalid public key"); success = crypto_sign_verify_detached ( @@ -184,8 +217,14 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_sign_update); Datum pgsodium_crypto_sign_update (PG_FUNCTION_ARGS) { - bytea *state = PG_GETARG_BYTEA_P_COPY (0); // input state - bytea *msg_part = PG_GETARG_BYTEA_PP (1); + bytea *state; + bytea *msg_part; + + ERRORIF (PG_ARGISNULL (0), "%s: state cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: message part cannot be NULL"); + + state = PG_GETARG_BYTEA_P_COPY (0); // input state + msg_part = PG_GETARG_BYTEA_PP (1); crypto_sign_update ( (crypto_sign_state *) VARDATA (state), @@ -199,12 +238,18 @@ Datum pgsodium_crypto_sign_final_create (PG_FUNCTION_ARGS) { int success; - bytea *state = PG_GETARG_BYTEA_P_COPY (0); - bytea *key = PG_GETARG_BYTEA_PP (1); + bytea *state; + bytea *key; size_t sig_size = crypto_sign_BYTES; size_t result_size = VARHDRSZ + sig_size; bytea *result = _pgsodium_zalloc_bytea (result_size); + ERRORIF (PG_ARGISNULL (0), "%s: state cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: key cannot be NULL"); + + state = PG_GETARG_BYTEA_P_COPY (0); + key = PG_GETARG_BYTEA_PP (1); + success = crypto_sign_final_create ( (crypto_sign_state *) VARDATA (state), PGSODIUM_UCHARDATA_ANY (result), @@ -220,9 +265,17 @@ Datum pgsodium_crypto_sign_final_verify (PG_FUNCTION_ARGS) { int success; - bytea *state = PG_GETARG_BYTEA_P_COPY (0); - bytea *sig = PG_GETARG_BYTEA_PP (1); - bytea *key = PG_GETARG_BYTEA_PP (2); + bytea *state; + bytea *sig; + bytea *key; + + ERRORIF (PG_ARGISNULL (0), "%s: state cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: signature cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key cannot be NULL"); + + state = PG_GETARG_BYTEA_P_COPY (0); + sig = PG_GETARG_BYTEA_PP (1); + key = PG_GETARG_BYTEA_PP (2); success = crypto_sign_final_verify ( (crypto_sign_state *) VARDATA (state), diff --git a/src/signcrypt.c b/src/signcrypt.c index 389339f..5499404 100644 --- a/src/signcrypt.c +++ b/src/signcrypt.c @@ -35,12 +35,11 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_signcrypt_sign_before); Datum pgsodium_crypto_signcrypt_sign_before (PG_FUNCTION_ARGS) { - bytea *sender = PG_GETARG_BYTEA_PP (0); - bytea *recipient = PG_GETARG_BYTEA_PP (1); - bytea *sender_sk = PG_GETARG_BYTEA_PP (2); - bytea *recipient_pk = PG_GETARG_BYTEA_PP (3); - bytea *additional = PG_GETARG_BYTEA_PP (4); - + bytea *sender; + bytea *recipient; + bytea *sender_sk; + bytea *recipient_pk; + bytea *associated; TupleDesc tupdesc; Datum values[2]; bool nulls[2] = { false, false }; @@ -49,6 +48,18 @@ pgsodium_crypto_signcrypt_sign_before (PG_FUNCTION_ARGS) bytea *state, *shared_key; int success; + ERRORIF (PG_ARGISNULL (0), "%s: sender cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: recipient cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: sender secretkey cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: recipient publickey cannot be NULL"); + ERRORIF (PG_ARGISNULL (4), "%s: associated cannot be NULL"); + + sender = PG_GETARG_BYTEA_PP (0); + recipient = PG_GETARG_BYTEA_PP (1); + sender_sk = PG_GETARG_BYTEA_PP (2); + recipient_pk = PG_GETARG_BYTEA_PP (3); + associated = PG_GETARG_BYTEA_PP (4); + if (get_call_result_type (fcinfo, NULL, &tupdesc) != TYPEFUNC_COMPOSITE) ereport (ERROR, (errcode (ERRCODE_FEATURE_NOT_SUPPORTED), @@ -69,8 +80,8 @@ pgsodium_crypto_signcrypt_sign_before (PG_FUNCTION_ARGS) VARSIZE_ANY_EXHDR (sender), PGSODIUM_UCHARDATA_ANY (recipient), VARSIZE_ANY_EXHDR (recipient), - PGSODIUM_UCHARDATA_ANY (additional), - VARSIZE_ANY_EXHDR (additional), + PGSODIUM_UCHARDATA_ANY (associated), + VARSIZE_ANY_EXHDR (associated), PGSODIUM_UCHARDATA_ANY (sender_sk), PGSODIUM_UCHARDATA_ANY (recipient_pk), NULL, @@ -88,13 +99,21 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_signcrypt_sign_after); Datum pgsodium_crypto_signcrypt_sign_after (PG_FUNCTION_ARGS) { - bytea *state = PG_GETARG_BYTEA_PP (0); - bytea *sender_sk = PG_GETARG_BYTEA_PP (1); - bytea *ciphertext = PG_GETARG_BYTEA_PP (2); + bytea *state; + bytea *sender_sk; + bytea *ciphertext; bytea *signature = _pgsodium_zalloc_bytea (crypto_signcrypt_tbsbr_SIGNBYTES + VARHDRSZ); int success; + ERRORIF (PG_ARGISNULL (0), "%s: state cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: sender secretkey cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: ciphertext cannot be NULL"); + + state = PG_GETARG_BYTEA_PP (0); + sender_sk = PG_GETARG_BYTEA_PP (1); + ciphertext = PG_GETARG_BYTEA_PP (2); + success = crypto_signcrypt_tbsbr_sign_after ( PGSODIUM_UCHARDATA_ANY (state), PGSODIUM_UCHARDATA (signature), @@ -109,13 +128,12 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_signcrypt_verify_before); Datum pgsodium_crypto_signcrypt_verify_before (PG_FUNCTION_ARGS) { - bytea *signature = PG_GETARG_BYTEA_PP (0); - bytea *sender = PG_GETARG_BYTEA_PP (1); - bytea *recipient = PG_GETARG_BYTEA_PP (2); - bytea *additional = PG_GETARG_BYTEA_PP (3); - bytea *sender_pk = PG_GETARG_BYTEA_PP (4); - bytea *recipient_sk = PG_GETARG_BYTEA_PP (5); - + bytea *signature; + bytea *sender; + bytea *recipient; + bytea *associated; + bytea *sender_pk; + bytea *recipient_sk; TupleDesc tupdesc; Datum values[2]; bool nulls[2] = { false, false }; @@ -124,6 +142,20 @@ pgsodium_crypto_signcrypt_verify_before (PG_FUNCTION_ARGS) bytea *state, *shared_key; int success; + ERRORIF (PG_ARGISNULL (0), "%s: signature cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: sender cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: recipient cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: associated cannot be NULL"); + ERRORIF (PG_ARGISNULL (4), "%s: sender publickey cannot be NULL"); + ERRORIF (PG_ARGISNULL (5), "%s: recipient secretkey cannot be NULL"); + + signature = PG_GETARG_BYTEA_PP (0); + sender = PG_GETARG_BYTEA_PP (1); + recipient = PG_GETARG_BYTEA_PP (2); + associated = PG_GETARG_BYTEA_PP (3); + sender_pk = PG_GETARG_BYTEA_PP (4); + recipient_sk = PG_GETARG_BYTEA_PP (5); + if (get_call_result_type (fcinfo, NULL, &tupdesc) != TYPEFUNC_COMPOSITE) ereport (ERROR, (errcode (ERRCODE_FEATURE_NOT_SUPPORTED), @@ -145,8 +177,8 @@ pgsodium_crypto_signcrypt_verify_before (PG_FUNCTION_ARGS) VARSIZE_ANY_EXHDR (sender), PGSODIUM_UCHARDATA_ANY (recipient), VARSIZE_ANY_EXHDR (recipient), - PGSODIUM_UCHARDATA_ANY (additional), - VARSIZE_ANY_EXHDR (additional), + PGSODIUM_UCHARDATA_ANY (associated), + VARSIZE_ANY_EXHDR (associated), PGSODIUM_UCHARDATA_ANY (sender_pk), PGSODIUM_UCHARDATA_ANY (recipient_sk)); ERRORIF (success != 0, "%s: verify_before failed"); @@ -161,12 +193,22 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_signcrypt_verify_after); Datum pgsodium_crypto_signcrypt_verify_after (PG_FUNCTION_ARGS) { - bytea *state = PG_GETARG_BYTEA_PP (0); - bytea *signature = PG_GETARG_BYTEA_PP (1); - bytea *sender_pk = PG_GETARG_BYTEA_PP (2); - bytea *ciphertext = PG_GETARG_BYTEA_PP (3); + bytea *state; + bytea *signature; + bytea *sender_pk; + bytea *ciphertext; int success; + ERRORIF (PG_ARGISNULL (0), "%s: state cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: signature cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: sender publickey cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: ciphertext cannot be NULL"); + + state = PG_GETARG_BYTEA_PP (0); + signature = PG_GETARG_BYTEA_PP (1); + sender_pk = PG_GETARG_BYTEA_PP (2); + ciphertext = PG_GETARG_BYTEA_PP (3); + success = crypto_signcrypt_tbsbr_verify_after ( PGSODIUM_UCHARDATA_ANY (state), @@ -183,14 +225,28 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_signcrypt_verify_public); Datum pgsodium_crypto_signcrypt_verify_public (PG_FUNCTION_ARGS) { - bytea *signature = PG_GETARG_BYTEA_PP (0); - bytea *sender = PG_GETARG_BYTEA_PP (1); - bytea *recipient = PG_GETARG_BYTEA_PP (2); - bytea *additional = PG_GETARG_BYTEA_PP (3); - bytea *sender_pk = PG_GETARG_BYTEA_PP (4); - bytea *ciphertext = PG_GETARG_BYTEA_PP (5); + bytea *signature; + bytea *sender; + bytea *recipient; + bytea *associated; + bytea *sender_pk; + bytea *ciphertext; int success; + ERRORIF (PG_ARGISNULL (0), "%s: signature cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: sender cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: recipient cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: associated cannot be NULL"); + ERRORIF (PG_ARGISNULL (4), "%s: sender publickey cannot be NULL"); + ERRORIF (PG_ARGISNULL (5), "%s: ciphertext cannot be NULL"); + + signature = PG_GETARG_BYTEA_PP (0); + sender = PG_GETARG_BYTEA_PP (1); + recipient = PG_GETARG_BYTEA_PP (2); + associated = PG_GETARG_BYTEA_PP (3); + sender_pk = PG_GETARG_BYTEA_PP (4); + ciphertext = PG_GETARG_BYTEA_PP (5); + success = crypto_signcrypt_tbsr_verify_public ( PGSODIUM_UCHARDATA_ANY (signature), @@ -198,8 +254,8 @@ pgsodium_crypto_signcrypt_verify_public (PG_FUNCTION_ARGS) VARSIZE_ANY_EXHDR (sender), PGSODIUM_UCHARDATA_ANY (recipient), VARSIZE_ANY_EXHDR (recipient), - PGSODIUM_UCHARDATA_ANY (additional), - VARSIZE_ANY_EXHDR (additional), + PGSODIUM_UCHARDATA_ANY (associated), + VARSIZE_ANY_EXHDR (associated), PGSODIUM_UCHARDATA_ANY (sender_pk), PGSODIUM_UCHARDATA_ANY (ciphertext), VARSIZE_ANY_EXHDR (ciphertext)); diff --git a/src/stream.c b/src/stream.c index 2957a32..f547135 100644 --- a/src/stream.c +++ b/src/stream.c @@ -25,11 +25,22 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_stream_xchacha20); Datum pgsodium_crypto_stream_xchacha20 (PG_FUNCTION_ARGS) { - size_t size = PG_GETARG_INT64 (0); - bytea *nonce = PG_GETARG_BYTEA_P (1); - bytea *key = PG_GETARG_BYTEA_P (2); - uint64_t result_size = VARHDRSZ + size; - bytea *result = _pgsodium_zalloc_bytea (result_size); + size_t size; + bytea *nonce; + bytea *key; + uint64_t result_size; + bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: size cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key cannot be NULL"); + + size = PG_GETARG_INT64 (0); + nonce = PG_GETARG_BYTEA_P (1); + key = PG_GETARG_BYTEA_P (2); + result_size = VARHDRSZ + size; + result = _pgsodium_zalloc_bytea (result_size); + ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_stream_xchacha20_NONCEBYTES, "%s: invalid nonce"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_stream_xchacha20_KEYBYTES, @@ -44,11 +55,22 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_stream_xchacha20_xor); Datum pgsodium_crypto_stream_xchacha20_xor (PG_FUNCTION_ARGS) { - bytea *data = PG_GETARG_BYTEA_PP (0); - bytea *nonce = PG_GETARG_BYTEA_PP (1); - bytea *key = PG_GETARG_BYTEA_PP (2); - uint64_t result_size = VARSIZE_ANY_EXHDR (data); - bytea *result = _pgsodium_zalloc_bytea (result_size + VARHDRSZ); + bytea *data; + bytea *nonce; + bytea *key; + uint64_t result_size; + bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: data cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key cannot be NULL"); + + data = PG_GETARG_BYTEA_PP (0); + nonce = PG_GETARG_BYTEA_PP (1); + key = PG_GETARG_BYTEA_PP (2); + result_size = VARSIZE_ANY_EXHDR (data); + result = _pgsodium_zalloc_bytea (result_size + VARHDRSZ); + ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_stream_xchacha20_NONCEBYTES, "%s: invalid nonce"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_stream_xchacha20_KEYBYTES, @@ -64,12 +86,25 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_stream_xchacha20_xor_ic); Datum pgsodium_crypto_stream_xchacha20_xor_ic (PG_FUNCTION_ARGS) { - bytea *data = PG_GETARG_BYTEA_PP (0); - bytea *nonce = PG_GETARG_BYTEA_PP (1); - uint64_t ic = PG_GETARG_INT64 (2); - bytea *key = PG_GETARG_BYTEA_PP (3); - uint64_t result_size = VARSIZE_ANY_EXHDR (data); - bytea *result = _pgsodium_zalloc_bytea (result_size + VARHDRSZ); + bytea *data; + bytea *nonce; + uint64_t ic; + bytea *key; + uint64_t result_size; + bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: data cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: ic cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key cannot be NULL"); + + data = PG_GETARG_BYTEA_PP (0); + nonce = PG_GETARG_BYTEA_PP (1); + ic = PG_GETARG_INT64 (2); + key = PG_GETARG_BYTEA_PP (3); + result_size = VARSIZE_ANY_EXHDR (data); + result = _pgsodium_zalloc_bytea (result_size + VARHDRSZ); + ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_stream_xchacha20_NONCEBYTES, "%s: invalid nonce"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_stream_xchacha20_KEYBYTES, @@ -84,16 +119,27 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_stream_xchacha20_by_id); Datum pgsodium_crypto_stream_xchacha20_by_id (PG_FUNCTION_ARGS) { - size_t size = PG_GETARG_INT64 (0); - bytea *nonce = PG_GETARG_BYTEA_PP (1); - uint64_t key_id = PG_GETARG_INT64 (2); - bytea *context = PG_GETARG_BYTEA_PP (3); - bytea *key = - pgsodium_derive_helper (key_id, crypto_stream_xchacha20_KEYBYTES, - context); - - uint64_t result_size = VARHDRSZ + size; - bytea *result = _pgsodium_zalloc_bytea (result_size); + size_t size; + bytea *nonce; + uint64_t key_id; + bytea *context; + bytea *key; + uint64_t result_size; + bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: size cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key context cannot be NULL"); + + size = PG_GETARG_INT64 (0); + nonce = PG_GETARG_BYTEA_PP (1); + key_id = PG_GETARG_INT64 (2); + context = PG_GETARG_BYTEA_PP (3); + key = pgsodium_derive_helper (key_id, crypto_stream_xchacha20_KEYBYTES, context); + result_size = VARHDRSZ + size; + result = _pgsodium_zalloc_bytea (result_size); + ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_stream_xchacha20_NONCEBYTES, "%s: invalid nonce"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_stream_xchacha20_KEYBYTES, @@ -108,15 +154,27 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_stream_xchacha20_xor_by_id); Datum pgsodium_crypto_stream_xchacha20_xor_by_id (PG_FUNCTION_ARGS) { - bytea *data = PG_GETARG_BYTEA_PP (0); - bytea *nonce = PG_GETARG_BYTEA_PP (1); - uint64_t key_id = PG_GETARG_INT64 (2); - bytea *context = PG_GETARG_BYTEA_PP (3); - bytea *key = - pgsodium_derive_helper (key_id, crypto_stream_xchacha20_KEYBYTES, - context); - uint64_t result_size = VARSIZE_ANY_EXHDR (data); - bytea *result = _pgsodium_zalloc_bytea (result_size + VARHDRSZ); + bytea *data; + bytea *nonce; + uint64_t key_id; + bytea *context; + bytea *key; + uint64_t result_size; + bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: data cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: key id cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key context cannot be NULL"); + + data = PG_GETARG_BYTEA_PP (0); + nonce = PG_GETARG_BYTEA_PP (1); + key_id = PG_GETARG_INT64 (2); + context = PG_GETARG_BYTEA_PP (3); + key = pgsodium_derive_helper (key_id, crypto_stream_xchacha20_KEYBYTES, context); + result_size = VARSIZE_ANY_EXHDR (data); + result = _pgsodium_zalloc_bytea (result_size + VARHDRSZ); + ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_stream_xchacha20_NONCEBYTES, "%s: invalid nonce"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_stream_xchacha20_KEYBYTES, @@ -132,16 +190,31 @@ PG_FUNCTION_INFO_V1 (pgsodium_crypto_stream_xchacha20_xor_ic_by_id); Datum pgsodium_crypto_stream_xchacha20_xor_ic_by_id (PG_FUNCTION_ARGS) { - bytea *data = PG_GETARG_BYTEA_PP (0); - bytea *nonce = PG_GETARG_BYTEA_PP (1); - uint64_t ic = PG_GETARG_INT64 (2); - uint64_t key_id = PG_GETARG_INT64 (3); - bytea *context = PG_GETARG_BYTEA_PP (4); - bytea *key = - pgsodium_derive_helper (key_id, crypto_stream_xchacha20_KEYBYTES, - context); - uint64_t result_size = VARSIZE_ANY_EXHDR (data); - bytea *result = _pgsodium_zalloc_bytea (result_size + VARHDRSZ); + bytea *data; + bytea *nonce; + uint64_t ic; + uint64_t key_id; + bytea *context; + bytea *key; + uint64_t result_size; + bytea *result; + + ERRORIF (PG_ARGISNULL (0), "%s: data cannot be NULL"); + ERRORIF (PG_ARGISNULL (1), "%s: nonce cannot be NULL"); + ERRORIF (PG_ARGISNULL (2), "%s: ic cannot be NULL"); + ERRORIF (PG_ARGISNULL (3), "%s: key id context cannot be NULL"); + ERRORIF (PG_ARGISNULL (4), "%s: key context cannot be NULL"); + + data = PG_GETARG_BYTEA_PP (0); + nonce = PG_GETARG_BYTEA_PP (1); + ic = PG_GETARG_INT64 (2); + key_id = PG_GETARG_INT64 (3); + context = PG_GETARG_BYTEA_PP (4); + + key = pgsodium_derive_helper (key_id, crypto_stream_xchacha20_KEYBYTES, context); + result_size = VARSIZE_ANY_EXHDR (data); + result = _pgsodium_zalloc_bytea (result_size + VARHDRSZ); + ERRORIF (VARSIZE_ANY_EXHDR (nonce) != crypto_stream_xchacha20_NONCEBYTES, "%s: invalid nonce"); ERRORIF (VARSIZE_ANY_EXHDR (key) != crypto_stream_xchacha20_KEYBYTES, diff --git a/test.sh b/test.sh index 430970e..629def0 100755 --- a/test.sh +++ b/test.sh @@ -18,7 +18,10 @@ do docker build . -t $TAG --build-arg "version=$version" echo running test container - docker run --rm -v `pwd`/example:/pgsodium/example -e POSTGRES_HOST_AUTH_METHOD=trust -d --name "$DB_HOST" $TAG postgres $config + docker run --rm -e POSTGRES_HOST_AUTH_METHOD=trust -d \ + -v `pwd`/test:/home/postgres/pgsodium/test \ + -v `pwd`/example:/home/postgres/pgsodium/example \ + --name "$DB_HOST" $TAG postgres $config echo waiting for database to accept connections sleep 3; diff --git a/test/aead.sql b/test/aead.sql index 497a068..6e41015 100644 --- a/test/aead.sql +++ b/test/aead.sql @@ -1,5 +1,5 @@ BEGIN; -SELECT plan(7); +SELECT plan(14); SELECT crypto_aead_ietf_keygen() aeadkey \gset SELECT crypto_aead_ietf_noncegen() aeadnonce \gset @@ -13,6 +13,18 @@ SELECT throws_ok(format($$select crypto_aead_ietf_encrypt(%L, 'and also your fri SELECT throws_ok(format($$select crypto_aead_ietf_encrypt(%L, 'and also your friend', %L, 'bad_key'::bytea)$$, :'aead', :'aeadnonce'), '22000', 'pgsodium_crypto_aead_ietf_encrypt: invalid key', 'crypto_aead_ietf_encrypt invalid key'); +SELECT throws_ok(format($$select crypto_aead_ietf_encrypt(NULL, 'and also your friend', + %L::bytea, %L::bytea)$$, :'aeadnonce', :'aeadkey'), + '22000', 'pgsodium_crypto_aead_ietf_encrypt: message cannot be NULL', 'crypto_aead_ietf_encrypt null message'); + +SELECT throws_ok(format($$select crypto_aead_ietf_encrypt('bob is your uncle', 'and also your friend', + NULL::bytea, %L::bytea)$$, :'aeadkey'), + '22000', 'pgsodium_crypto_aead_ietf_encrypt: nonce cannot be NULL', 'crypto_aead_ietf_encrypt null nonce'); + +SELECT throws_ok(format($$select crypto_aead_ietf_encrypt('bob is your uncle', 'and also your friend', + %L::bytea, NULL::bytea)$$, :'aeadnonce'), + '22000', 'pgsodium_crypto_aead_ietf_encrypt: key cannot be NULL', 'crypto_aead_ietf_encrypt null key'); + SELECT is(crypto_aead_ietf_decrypt(:'aead', 'and also your friend', :'aeadnonce', :'aeadkey'::bytea), 'bob is your uncle', 'crypto_aead_ietf_decrypt'); @@ -25,6 +37,15 @@ SELECT throws_ok(format($$select crypto_aead_ietf_decrypt(%L, 'and also your fri SELECT throws_ok(format($$select crypto_aead_ietf_decrypt('foo', 'and also your friend', %L, %L::bytea)$$, :'aeadnonce', :'aeadkey'), '22000', 'pgsodium_crypto_aead_ietf_decrypt: invalid message', 'crypto_aead_ietf_decrypt invalid message'); +SELECT throws_ok(format($$select crypto_aead_ietf_decrypt(NULL::bytea, 'and also your friend', %L, %L::bytea)$$, :'aeadnonce', :'aeadkey'), + '22000', 'pgsodium_crypto_aead_ietf_decrypt: ciphertext cannot be NULL', 'crypto_aead_ietf_decrypt null message'); + +SELECT throws_ok(format($$select crypto_aead_ietf_decrypt(%L, 'and also your friend', NULL, 'bad_key'::bytea)$$, :'aead', :'aeadkey'), + '22000', 'pgsodium_crypto_aead_ietf_decrypt: nonce cannot be NULL', 'crypto_aead_ietf_decrypt null nonce'); + +SELECT throws_ok(format($$select crypto_aead_ietf_decrypt('foo', 'and also your friend', %L, NULL::bytea)$$, :'aeadnonce'), + '22000', 'pgsodium_crypto_aead_ietf_decrypt: key cannot be NULL', 'crypto_aead_ietf_decrypt null key'); + SELECT crypto_aead_det_keygen() detkey \gset SELECT crypto_aead_det_encrypt( @@ -33,6 +54,12 @@ SELECT crypto_aead_det_encrypt( SELECT is(crypto_aead_det_decrypt(:'detaead', 'and also your friend', :'detkey'::bytea), 'bob is your uncle', 'crypto_aead_det_decrypt'); +SELECT crypto_aead_det_encrypt( + 'bob is your uncle', NULL, :'detkey'::bytea) detaead2 \gset + +SELECT is(crypto_aead_det_decrypt(:'detaead2', NULL, :'detkey'::bytea), + 'bob is your uncle', 'crypto_aead_det_decrypt with NULL associated'); + SELECT * FROM finish(); ROLLBACK; diff --git a/test/auth.sql b/test/auth.sql index 9a6140f..565e12d 100644 --- a/test/auth.sql +++ b/test/auth.sql @@ -1,6 +1,5 @@ BEGIN; -SELECT plan(4); - +SELECT plan(9); SELECT crypto_auth_keygen() authkey \gset @@ -9,22 +8,49 @@ SELECT crypto_auth('bob is your uncle', :'authkey'::bytea) auth_mac \gset SELECT throws_ok($$select crypto_auth('bob is your uncle', 'bad_key'::bytea)$$, '22000', 'pgsodium_crypto_auth: invalid key', 'crypto_auth invalid key'); +SELECT throws_ok($$select crypto_auth(NULL, 'bad_key'::bytea)$$, + '22000', 'pgsodium_crypto_auth: message cannot be NULL', 'crypto_auth null message'); + +SELECT throws_ok($$select crypto_auth('bob is your uncle', NULL::bytea)$$, + '22000', 'pgsodium_crypto_auth: key cannot be NULL', 'crypto_auth null key'); + SELECT ok(crypto_auth_verify(:'auth_mac', 'bob is your uncle', :'authkey'::bytea), 'crypto_auth_verify'); + SELECT throws_ok(format($$select crypto_auth_verify('bad mac', 'bob is your uncle', %L::bytea)$$, :'authkey'), '22000', 'pgsodium_crypto_auth_verify: invalid mac', 'crypto_auth_verify invalid mac'); + SELECT throws_ok(format($$select crypto_auth_verify(%L, 'bob is your uncle', 'bad_key'::bytea)$$, :'auth_mac'), '22000', 'pgsodium_crypto_auth_verify: invalid key', 'crypto_auth_verify invalid key'); +SELECT throws_ok($$select crypto_auth_verify(NULL, 'bob is your uncle', 'bad_key'::bytea)$$, + '22000', 'pgsodium_crypto_auth_verify: signature cannot be NULL', 'crypto_auth_verify null signature'); + +SELECT throws_ok($$select crypto_auth_verify('sig', NULL, 'bad_key'::bytea)$$, + '22000', 'pgsodium_crypto_auth_verify: message cannot be NULL', 'crypto_auth_verify null message'); + +SELECT throws_ok($$select crypto_auth_verify('sig', 'bob is your uncle', NULL::bytea)$$, + '22000', 'pgsodium_crypto_auth_verify: key cannot be NULL', 'crypto_auth_verify null key'); + SELECT * FROM finish(); ROLLBACK; \if :serverkeys BEGIN; -SELECT plan(2); +SELECT plan(5); SELECT crypto_auth('bob is your uncle', 1) auth_mac_by_id \gset + +SELECT throws_ok($$select crypto_auth(NULL, 1::bigint)$$, + '22000', 'pgsodium_crypto_auth_by_id: message cannot be NULL', 'crypto_auth null message'); + +SELECT throws_ok($$select crypto_auth('bob is your uncle', NULL::bigint)$$, + '22000', 'pgsodium_crypto_auth_by_id: key id cannot be NULL', 'crypto_auth null key id'); + +SELECT throws_ok($$select crypto_auth('bob is your uncle', 1, NULL::bytea)$$, + '22000', 'pgsodium_crypto_auth_by_id: key context cannot be NULL', 'crypto_auth null context'); + SELECT ok(crypto_auth_verify(:'auth_mac_by_id', 'bob is your uncle', 1), 'crypto_auth_verify by id'); diff --git a/test/box.sql b/test/box.sql index 84db341..9c34ec2 100644 --- a/test/box.sql +++ b/test/box.sql @@ -1,12 +1,28 @@ BEGIN; -SELECT plan(9); +SELECT plan(18); SELECT crypto_box_noncegen() boxnonce \gset +select crypto_box_new_seed() boxseed \gset SELECT public, secret FROM crypto_box_new_keypair() \gset bob_ -SELECT public, secret FROM crypto_box_new_keypair() \gset alice_ +SELECT public, secret FROM crypto_box_seed_new_keypair(:'boxseed') \gset alice_ + +select throws_ok($$select crypto_box_seed_new_keypair(NULL)$$, '22000', + 'pgsodium_crypto_box_seed_keypair: seed cannot be NULL', 'crypto_box_seed_new_keypair null seed'); SELECT crypto_box('bob is your uncle', :'boxnonce', :'bob_public', :'alice_secret') box \gset +SELECT throws_ok($$select crypto_box(NULL, 'bad', 'bad', 'bad')$$, + '22000', 'pgsodium_crypto_box: message cannot be NULL', 'crypto_box null message'); + +SELECT throws_ok($$select crypto_box('bad', NULL, 'bad', 'bad')$$, + '22000', 'pgsodium_crypto_box: nonce cannot be NULL', 'crypto_box null nonce'); + +SELECT throws_ok($$select crypto_box('bad', 'bad', NULL, 'bad')$$, + '22000', 'pgsodium_crypto_box: publickey cannot be NULL', 'crypto_box null publickey'); + +SELECT throws_ok($$select crypto_box('bad', 'bad', 'bad', NULL)$$, + '22000', 'pgsodium_crypto_box: secretkey cannot be NULL', 'crypto_box null secretkey'); + SELECT is(crypto_box_open(:'box', :'boxnonce', :'alice_public', :'bob_secret'), 'bob is your uncle', 'crypto_box_open'); @@ -22,6 +38,18 @@ SELECT throws_ok(format($$select crypto_box_open(%L, %L, %L, 'bad_key')$$, :'box SELECT throws_ok(format($$select crypto_box_open('foo', %L, %L, %L)$$, :'boxnonce', :'alice_public', :'bob_secret'), '22000', 'pgsodium_crypto_box_open: invalid message', 'crypto_box_open invalid message'); +SELECT throws_ok($$select crypto_box_open(NULL, 'bad', 'bad', 'bad')$$, + '22000', 'pgsodium_crypto_box_open: message cannot be NULL', 'crypto_box_open null message'); + +SELECT throws_ok($$select crypto_box_open('bad', NULL, 'bad', 'bad')$$, + '22000', 'pgsodium_crypto_box_open: nonce cannot be NULL', 'crypto_box_open null nonce'); + +SELECT throws_ok($$select crypto_box_open('bad', 'bad', NULL, 'bad')$$, + '22000', 'pgsodium_crypto_box_open: publickey cannot be NULL', 'crypto_box_open null publickey'); + +SELECT throws_ok($$select crypto_box_open('bad', 'bad', 'bad', NULL)$$, + '22000', 'pgsodium_crypto_box_open: secretkey cannot be NULL', 'crypto_box_open null secretkey'); + SELECT crypto_box_seal('bob is your uncle', :'bob_public') sealed \gset SELECT is(crypto_box_seal_open(:'sealed', :'bob_public', :'bob_secret'), diff --git a/test/derive.sql b/test/derive.sql index d3549df..eb039bb 100644 --- a/test/derive.sql +++ b/test/derive.sql @@ -1,8 +1,11 @@ \if :serverkeys BEGIN; -SELECT plan(4); +SELECT plan(7); select is(derive_key(1), derive_key(1), 'derived key are equal by id'); +select throws_ok($$select derive_key(NULL)$$, '22000', 'pgsodium_derive: key id cannot be NULL', 'null key id'); +select throws_ok($$select derive_key(1, NULL)$$, '22000', 'pgsodium_derive: key size cannot be NULL', 'null key size'); +select throws_ok($$select derive_key(1, 64, NULL)$$, '22000', 'pgsodium_derive: key context cannot be NULL', 'null key context'); select isnt(derive_key(1), derive_key(2), 'disequal derived key'); select is(length(derive_key(2, 64)), 64, 'key len is 64 bytes'); select isnt(derive_key(2, 32, 'foozball'), derive_key(2, 32), 'disequal context'); diff --git a/test/helpers.sql b/test/helpers.sql index cf90cd5..562758f 100644 --- a/test/helpers.sql +++ b/test/helpers.sql @@ -1,8 +1,14 @@ BEGIN; -SELECT plan(1); +SELECT plan(3); select sodium_bin2base64('bob is your uncle') basebob \gset +select throws_ok('select sodium_bin2base64(NULL)', + '22000', 'pgsodium_sodium_bin2base64: bin cannot be NULL', 'sodium_bin2base64 null input'); + select is(sodium_base642bin(:'basebob'), 'bob is your uncle'::bytea, 'base64'); +select throws_ok('select sodium_base642bin(NULL)', + '22000', 'pgsodium_sodium_base642bin: base64 cannot be NULL', 'sodium_base642bin null input'); + SELECT * FROM finish(); ROLLBACK; diff --git a/test/hmac.sql b/test/hmac.sql index 6358f16..5e61948 100644 --- a/test/hmac.sql +++ b/test/hmac.sql @@ -1,36 +1,92 @@ BEGIN; -SELECT plan(4); +SELECT plan(14); select crypto_auth_hmacsha512_keygen() hmac512key \gset select crypto_auth_hmacsha512('food', :'hmac512key'::bytea) hmac512 \gset +select throws_ok($$select crypto_auth_hmacsha512(NULL::bytea, 'bad')$$, '22000', + 'pgsodium_crypto_auth_hmacsha512: message cannot be NULL', 'hmac512 null data'); +select throws_ok($$select crypto_auth_hmacsha512('bad', NULL::bytea)$$, '22000', + 'pgsodium_crypto_auth_hmacsha512: key cannot be NULL', 'hmac512 null key'); + select is(crypto_auth_hmacsha512_verify(:'hmac512', 'food', :'hmac512key'::bytea), true, 'hmac512 verified'); select is(crypto_auth_hmacsha512_verify(:'hmac512', 'fo0d', :'hmac512key'::bytea), false, 'hmac512 not verified'); +select throws_ok($$select crypto_auth_hmacsha512_verify(NULL::bytea, 'bad', 'bad')$$, '22000', + 'pgsodium_crypto_auth_hmacsha512_verify: hash cannot be NULL', 'hmac512_verify null hash'); +select throws_ok($$select crypto_auth_hmacsha512_verify('bad', NULL::bytea, 'bad')$$, '22000', + 'pgsodium_crypto_auth_hmacsha512_verify: message cannot be NULL', 'hmac512_verify null message'); +select throws_ok($$select crypto_auth_hmacsha512_verify('bad', 'bad', NULL::bytea)$$, '22000', + 'pgsodium_crypto_auth_hmacsha512_verify: key cannot be NULL', 'hmac512_verify null key'); + select crypto_auth_hmacsha256_keygen() hmac256key \gset select crypto_auth_hmacsha256('food', :'hmac256key'::bytea) hmac256 \gset +select throws_ok($$select crypto_auth_hmacsha256(NULL::bytea, 'bad')$$, '22000', + 'pgsodium_crypto_auth_hmacsha256: message cannot be NULL', 'hmac256 null data'); +select throws_ok($$select crypto_auth_hmacsha256('bad', NULL::bytea)$$, '22000', + 'pgsodium_crypto_auth_hmacsha256: key cannot be NULL', 'hmac256 null key'); + select is(crypto_auth_hmacsha256_verify(:'hmac256', 'food', :'hmac256key'::bytea), true, 'hmac256 verified'); select is(crypto_auth_hmacsha256_verify(:'hmac256', 'fo0d', :'hmac256key'::bytea), false, 'hmac256 not verified'); +select throws_ok($$select crypto_auth_hmacsha256_verify(NULL::bytea, 'bad', 'bad')$$, '22000', + 'pgsodium_crypto_auth_hmacsha256_verify: hash cannot be NULL', 'hmac256_verify null hash'); +select throws_ok($$select crypto_auth_hmacsha256_verify('bad', NULL::bytea, 'bad')$$, '22000', + 'pgsodium_crypto_auth_hmacsha256_verify: message cannot be NULL', 'hmac256_verify null message'); +select throws_ok($$select crypto_auth_hmacsha256_verify('bad', 'bad', NULL::bytea)$$, '22000', + 'pgsodium_crypto_auth_hmacsha256_verify: key cannot be NULL', 'hmac256_verify null key'); + SELECT * FROM finish(); ROLLBACK; \if :serverkeys BEGIN; -SELECT plan(8); +SELECT plan(22); select crypto_auth_hmacsha512('food', 42) hmac512 \gset +select throws_ok($$select crypto_auth_hmacsha512(NULL::bytea, 1)$$, '22000', + 'pgsodium_crypto_auth_hmacsha512_by_id: message cannot be NULL', 'hmac512 null data'); +select throws_ok($$select crypto_auth_hmacsha512('bad', NULL::bigint)$$, '22000', + 'pgsodium_crypto_auth_hmacsha512_by_id: key id cannot be NULL', 'hmac512 null key id'); +select throws_ok($$select crypto_auth_hmacsha512('bad', 1, NULL::bytea)$$, '22000', + 'pgsodium_crypto_auth_hmacsha512_by_id: key context cannot be NULL', 'hmac512 null key context'); + select is(crypto_auth_hmacsha512_verify(:'hmac512', 'food', 42), true, 'hmac512 verified'); select is(crypto_auth_hmacsha512_verify(:'hmac512', 'fo0d', 42), false, 'hmac512 not verified'); +select throws_ok($$select crypto_auth_hmacsha512_verify(NULL::bytea, 'bad', 1)$$, '22000', + 'pgsodium_crypto_auth_hmacsha512_verify_by_id: hash cannot be NULL', 'hmac512_verify null hash'); +select throws_ok($$select crypto_auth_hmacsha512_verify('bad', NULL::bytea, 1)$$, '22000', + 'pgsodium_crypto_auth_hmacsha512_verify_by_id: message cannot be NULL', 'hmac512_verify null message'); +select throws_ok($$select crypto_auth_hmacsha512_verify('bad', 'bad', NULL::bigint)$$, '22000', + 'pgsodium_crypto_auth_hmacsha512_verify_by_id: key id cannot be NULL', 'hmac512_verify null key'); +select throws_ok($$select crypto_auth_hmacsha512_verify('bad', 'bad', 1, NULL::bytea)$$, '22000', + 'pgsodium_crypto_auth_hmacsha512_verify_by_id: key context cannot be NULL', 'hmac512_verify null key'); + select crypto_auth_hmacsha256('food', 42) hmac256 \gset +select throws_ok($$select crypto_auth_hmacsha256(NULL::bytea, 1)$$, '22000', + 'pgsodium_crypto_auth_hmacsha256_by_id: message cannot be NULL', 'hmac256 null data'); +select throws_ok($$select crypto_auth_hmacsha256('bad', NULL::bigint)$$, '22000', + 'pgsodium_crypto_auth_hmacsha256_by_id: key id cannot be NULL', 'hmac256 null key id'); +select throws_ok($$select crypto_auth_hmacsha256('bad', 1, NULL::bytea)$$, '22000', + 'pgsodium_crypto_auth_hmacsha256_by_id: key context cannot be NULL', 'hmac256 null key context'); + select is(crypto_auth_hmacsha256_verify(:'hmac256', 'food', 42), true, 'hmac256 verified'); select is(crypto_auth_hmacsha256_verify(:'hmac256', 'fo0d', 42), false, 'hmac256 not verified'); +select throws_ok($$select crypto_auth_hmacsha256_verify(NULL::bytea, 'bad', 1)$$, '22000', + 'pgsodium_crypto_auth_hmacsha256_verify_by_id: hash cannot be NULL', 'hmac256_verify null hash'); +select throws_ok($$select crypto_auth_hmacsha256_verify('bad', NULL::bytea, 1)$$, '22000', + 'pgsodium_crypto_auth_hmacsha256_verify_by_id: message cannot be NULL', 'hmac256_verify null message'); +select throws_ok($$select crypto_auth_hmacsha256_verify('bad', 'bad', NULL::bigint)$$, '22000', + 'pgsodium_crypto_auth_hmacsha256_verify_by_id: key id cannot be NULL', 'hmac256_verify null key'); +select throws_ok($$select crypto_auth_hmacsha256_verify('bad', 'bad', 1, NULL::bytea)$$, '22000', + 'pgsodium_crypto_auth_hmacsha256_verify_by_id: key context cannot be NULL', 'hmac256_verify null key'); + select crypto_auth_hmacsha256_keygen() extkey256 \gset select * from pgsodium.create_key('hmacsha256', raw_key:=:'extkey256') \gset extkey256_ diff --git a/test/kdf.sql b/test/kdf.sql index 04ecab9..3a45c87 100644 --- a/test/kdf.sql +++ b/test/kdf.sql @@ -1,5 +1,5 @@ BEGIN; -SELECT plan(6); +SELECT plan(7); SELECT crypto_kdf_keygen() kdfkey \gset SELECT length(crypto_kdf_derive_from_key(64, 1, '__auth__', :'kdfkey'::bytea)) kdfsubkeylen \gset @@ -11,17 +11,21 @@ SELECT is(:kdfsubkeylen, 32, 'kdf 32 byte derived subkey'); SELECT is(crypto_kdf_derive_from_key(32, 2, '__auth__', :'kdfkey'::bytea), crypto_kdf_derive_from_key(32, 2, '__auth__', :'kdfkey'::bytea), 'kdf subkeys are deterministic.'); -SELECT throws_ok(format($$SELECT crypto_kdf_derive_from_key(32, 2, '__aut__', %L::bytea)$$, :'kdfkey'), - '22000', 'pgsodium_crypto_kdf_derive_from_key: context must be 8 bytes', - 'kdf context must be 8 bytes.'); +SELECT throws_ok($$SELECT crypto_kdf_derive_from_key(NULL, 2, '__aut__', 'bad'::bytea)$$, + '22000', 'pgsodium_crypto_kdf_derive_from_key: subkey size cannot be NULL', + 'kdf null key size.'); -SELECT throws_ok(format($$SELECT crypto_kdf_derive_from_key(15, 2, '__auth__', %L::bytea)$$, :'kdfkey'), - '22000', 'pgsodium_crypto_kdf_derive_from_key: invalid key size requested', - 'kdf keysize must be >= 16'); +SELECT throws_ok($$SELECT crypto_kdf_derive_from_key(32, NULL, '__aut__', 'bad'::bytea)$$, + '22000', 'pgsodium_crypto_kdf_derive_from_key: subkey id cannot be NULL', + 'kdf null key size.'); -SELECT throws_ok(format($$SELECT crypto_kdf_derive_from_key(65, 2, '__auth__', %L::bytea)$$, :'kdfkey'), - '22000', 'pgsodium_crypto_kdf_derive_from_key: invalid key size requested', - 'kdf keysize must be <= 64'); +SELECT throws_ok($$SELECT crypto_kdf_derive_from_key(32, 1, NULL, 'bad'::bytea)$$, + '22000', 'pgsodium_crypto_kdf_derive_from_key: subkey context cannot be NULL', + 'kdf null key size.'); + +SELECT throws_ok($$SELECT crypto_kdf_derive_from_key(32, 1, '__aut__', NULL::bytea)$$, + '22000', 'pgsodium_crypto_kdf_derive_from_key: primary key cannot be NULL', + 'kdf null key size.'); SELECT * FROM finish(); ROLLBACK; diff --git a/test/kx.sql b/test/kx.sql index 23c263d..d415e78 100644 --- a/test/kx.sql +++ b/test/kx.sql @@ -1,5 +1,5 @@ BEGIN; -SELECT plan(2); +SELECT plan(8); SELECT public, secret FROM crypto_kx_new_keypair() \gset bob_ SELECT public, secret FROM crypto_kx_new_keypair() \gset alice_ @@ -9,6 +9,24 @@ SELECT crypto_kx_new_seed() kxseed \gset SELECT public, secret FROM crypto_kx_seed_new_keypair(:'kxseed') \gset seed_bob_ SELECT public, secret FROM crypto_kx_seed_new_keypair(:'kxseed') \gset seed_alice_ +select throws_ok($$select crypto_kx_client_session_keys(NULL, 'bad', 'bad')$$, + '22000', 'pgsodium_crypto_kx_client_session_keys: client publickey cannot be NULL', 'kx client null client pk'); + +select throws_ok($$select crypto_kx_client_session_keys('bad', NULL, 'bad')$$, + '22000', 'pgsodium_crypto_kx_client_session_keys: client secretkey cannot be NULL', 'kx client null client sk'); + +select throws_ok($$select crypto_kx_client_session_keys('bad', 'bad', NULL)$$, + '22000', 'pgsodium_crypto_kx_client_session_keys: server publickey cannot be NULL', 'kx client null server pk'); + +select throws_ok($$select crypto_kx_server_session_keys(NULL, 'bad', 'bad')$$, + '22000', 'pgsodium_crypto_kx_server_session_keys: server publickey cannot be NULL', 'kx server null client pk'); + +select throws_ok($$select crypto_kx_server_session_keys('bad', NULL, 'bad')$$, + '22000', 'pgsodium_crypto_kx_server_session_keys: server secretkey cannot be NULL', 'kx server null client sk'); + +select throws_ok($$select crypto_kx_server_session_keys('bad', 'bad', NULL)$$, + '22000', 'pgsodium_crypto_kx_server_session_keys: client publickey cannot be NULL', 'kx server null server pk'); + SELECT tx, rx FROM crypto_kx_client_session_keys( :'seed_bob_public', :'seed_bob_secret', :'seed_alice_public') \gset session_bob_ diff --git a/test/pwhash.sql b/test/pwhash.sql index bd47deb..9f68115 100644 --- a/test/pwhash.sql +++ b/test/pwhash.sql @@ -1,5 +1,5 @@ BEGIN; -SELECT plan(3); +SELECT plan(8); SELECT lives_ok($$SELECT crypto_pwhash_saltgen()$$, 'crypto_pwhash_saltgen'); @@ -7,9 +7,24 @@ SELECT is(crypto_pwhash('Correct Horse Battery Staple', '\xccfe2b51d426f88f6f8f1 '\x77d029a9b3035c88f186ed0f69f58386ad0bd5252851b4e89f0d7057b5081342', 'crypto_pwhash'); +select throws_ok($$select crypto_pwhash(NULL, 'bad')$$, + '22000', 'pgsodium_crypto_pwhash: data cannot be NULL', 'crypto_pwhash NULL password'); + +select throws_ok($$select crypto_pwhash('bad', NULL)$$, + '22000', 'pgsodium_crypto_pwhash: salt cannot be NULL', 'crypto_pwhash NULL salt'); + SELECT ok(crypto_pwhash_str_verify(crypto_pwhash_str('Correct Horse Battery Staple'), 'Correct Horse Battery Staple'), 'crypto_pwhash_str_verify'); +select throws_ok($$select crypto_pwhash_str(NULL)$$, + '22000', 'pgsodium_crypto_pwhash_str: password cannot be NULL', 'crypto_pwhash_str NULL password'); + +select throws_ok($$select crypto_pwhash_str_verify(NULL, 'bad')$$, + '22000', 'pgsodium_crypto_pwhash_str_verify: hashed password cannot be NULL', 'crypto_pwhash_str_verify NULL hash'); + +select throws_ok($$select crypto_pwhash_str_verify('bad', NULL)$$, + '22000', 'pgsodium_crypto_pwhash_str_verify: password cannot be NULL', 'crypto_pwhash_str_verify NULL password'); + SELECT * FROM finish(); ROLLBACK; diff --git a/test/random.sql b/test/random.sql index 472fd9b..266a109 100644 --- a/test/random.sql +++ b/test/random.sql @@ -1,11 +1,26 @@ BEGIN; -SELECT plan(4); +SELECT plan(8); SELECT lives_ok($$SELECT randombytes_random()$$, 'randombytes_random'); SELECT lives_ok($$SELECT randombytes_uniform(10)$$, 'randombytes_uniform'); SELECT lives_ok($$SELECT randombytes_buf(10)$$, 'randombytes_buf'); + +SELECT throws_ok($$SELECT randombytes_uniform(NULL)$$, + '22000', 'pgsodium_randombytes_uniform: upper bound cannot be NULL', 'randombytes_uniform NULL bound'); + +SELECT throws_ok($$SELECT randombytes_buf(NULL)$$, + '22000', 'pgsodium_randombytes_buf: buffer size cannot be NULL', 'randombytes_buf NULL size'); + SELECT randombytes_new_seed() bufseed \gset + SELECT lives_ok(format($$SELECT randombytes_buf_deterministic(10, %L)$$, :'bufseed'), 'randombytes_buf_deterministic'); + +SELECT throws_ok($$SELECT randombytes_buf_deterministic(NULL, 'bad')$$, + '22000', 'pgsodium_randombytes_buf_deterministic: buffer size cannot be NULL', 'randombytes_buf_deterministic NULL size'); + +SELECT throws_ok($$SELECT randombytes_buf_deterministic(10, NULL)$$, + '22000', 'pgsodium_randombytes_buf_deterministic: seed cannot be NULL', 'randombytes_buf_deterministic NULL seed'); + SELECT * FROM finish(); ROLLBACK; diff --git a/test/secretbox.sql b/test/secretbox.sql index 5823c0f..5ad25b1 100644 --- a/test/secretbox.sql +++ b/test/secretbox.sql @@ -1,5 +1,5 @@ BEGIN; -SELECT plan(6); +SELECT plan(16); SELECT crypto_secretbox_keygen() boxkey \gset SELECT crypto_secretbox_noncegen() secretboxnonce \gset @@ -12,6 +12,21 @@ SELECT throws_ok(format($$select crypto_secretbox(%L, 'bad nonce', %L::bytea)$$, SELECT throws_ok(format($$select crypto_secretbox(%L, %L, 'bad_key'::bytea)$$, :'secretbox', :'secretboxnonce'), '22000', 'pgsodium_crypto_secretbox: invalid key', 'crypto_secretbox invalid key'); +SELECT throws_ok($$select crypto_secretbox(NULL, 'bad', 'bad'::bytea)$$, + '22000', 'pgsodium_crypto_secretbox: message cannot be NULL', 'crypto_secretbox null message'); + +SELECT throws_ok($$select crypto_secretbox('bad', NULL, 'bad'::bytea)$$, + '22000', 'pgsodium_crypto_secretbox: nonce cannot be NULL', 'crypto_secretbox null nonce'); + +SELECT throws_ok($$select crypto_secretbox('bad', 'bad', NULL::bytea)$$, + '22000', 'pgsodium_crypto_secretbox: key cannot be NULL', 'crypto_secretbox null key'); + +SELECT throws_ok($$select crypto_secretbox('bad', 'bad', NULL::bigint)$$, + '22000', 'pgsodium_crypto_secretbox_by_id: key id cannot be NULL', 'crypto_secretbox null key id'); + +SELECT throws_ok($$select crypto_secretbox('bad', 'bad', 1, NULL)$$, + '22000', 'pgsodium_crypto_secretbox_by_id: key context cannot be NULL', 'crypto_secretbox null key context'); + SELECT is(crypto_secretbox_open(:'secretbox', :'secretboxnonce', :'boxkey'::bytea), 'bob is your uncle', 'secretbox_open'); @@ -24,6 +39,21 @@ SELECT throws_ok(format($$select crypto_secretbox_open(%L, %L, 'bad_key'::bytea) SELECT throws_ok(format($$select crypto_secretbox_open('foo', %L, %L::bytea)$$, :'secretboxnonce', :'boxkey'), '22000', 'pgsodium_crypto_secretbox_open: invalid message', 'crypto_secretbox_open invalid message'); +SELECT throws_ok($$select crypto_secretbox_open(NULL, 'bad', 'bad'::bytea)$$, + '22000', 'pgsodium_crypto_secretbox_open: message cannot be NULL', 'crypto_secretbox null message'); + +SELECT throws_ok($$select crypto_secretbox_open('bad', NULL, 'bad'::bytea)$$, + '22000', 'pgsodium_crypto_secretbox_open: nonce cannot be NULL', 'crypto_secretbox null nonce'); + +SELECT throws_ok($$select crypto_secretbox_open('bad', 'bad', NULL::bytea)$$, + '22000', 'pgsodium_crypto_secretbox_open: key cannot be NULL', 'crypto_secretbox null key'); + +SELECT throws_ok($$select crypto_secretbox_open('bad', 'bad', NULL::bigint)$$, + '22000', 'pgsodium_crypto_secretbox_open_by_id: key id cannot be NULL', 'crypto_secretbox null key id'); + +SELECT throws_ok($$select crypto_secretbox_open('bad', 'bad', 1, NULL)$$, + '22000', 'pgsodium_crypto_secretbox_open_by_id: key context cannot be NULL', 'crypto_secretbox null key context'); + SELECT * FROM finish(); ROLLBACK; diff --git a/test/sha2.sql b/test/sha2.sql index a287920..83bf790 100644 --- a/test/sha2.sql +++ b/test/sha2.sql @@ -1,5 +1,5 @@ BEGIN; -SELECT plan(2); +SELECT plan(4); select is(crypto_hash_sha256('bob is your uncle'), '\x5eff82dc2ca0cfbc0d0eaa95b13b7fbec11540e217b0fe2a6f3c7d12f657630d', 'sha256'); @@ -7,5 +7,11 @@ select is(crypto_hash_sha512('bob is your uncle'), '\xd8adbd01462f1aad1b91a4557d5c865b63dab1b9181cb02f2123f50d210b74a53754a18b09d9f75e38101ce6de04879b35eca91992fade0bb6842f4ea556e952', 'sha512'); +select throws_ok($$ select crypto_hash_sha256(NULL)$$, + '22000', 'pgsodium_crypto_hash_sha256: message cannot be NULL', 'sha256 NULL data'); + +select throws_ok($$ select crypto_hash_sha512(NULL)$$, + '22000', 'pgsodium_crypto_hash_sha512: message cannot be NULL', 'sha512 NULL data'); + SELECT * FROM finish(); ROLLBACK; diff --git a/test/sign.sql b/test/sign.sql index 69920df..0757c4a 100644 --- a/test/sign.sql +++ b/test/sign.sql @@ -1,19 +1,31 @@ BEGIN; -SELECT plan(13); +SELECT plan(18); SELECT lives_ok($$select crypto_sign_seed_new_keypair(crypto_sign_new_seed())$$, 'crypto_sign_seed_new_keypair'); + SELECT throws_ok($$select crypto_sign_seed_new_keypair('bogus')$$, '22000', 'pgsodium_crypto_sign_seed_keypair: invalid seed', 'crypto_sign_seed_new_keypair invalid seed'); +SELECT throws_ok($$select crypto_sign_seed_new_keypair(NULL)$$, '22000', + 'pgsodium_crypto_sign_seed_keypair: seed cannot be NULL', + 'crypto_sign_seed_new_keypair NULL seed'); + SELECT public, secret FROM crypto_sign_new_keypair() \gset sign_ SELECT crypto_sign('bob is your uncle', :'sign_secret') signed \gset + SELECT throws_ok($$select crypto_sign('bob is your uncle', 's')$$, '22000', 'pgsodium_crypto_sign: invalid secret key', 'crypto_sign invalid key'); +SELECT throws_ok($$select crypto_sign(NULL, 'bad')$$, + '22000', 'pgsodium_crypto_sign: message cannot be NULL', 'crypto_sign null message'); + +SELECT throws_ok($$select crypto_sign('bad', NULL)$$, + '22000', 'pgsodium_crypto_sign: secretkey cannot be NULL', 'crypto_sign null key'); + SELECT is(crypto_sign_open(:'signed', :'sign_public'), 'bob is your uncle', 'crypto_sign_open'); @@ -25,6 +37,14 @@ SELECT throws_ok(format($$select crypto_sign_open('foo', %L)$$, :'sign_public'), '22000', 'pgsodium_crypto_sign_open: invalid message', 'crypto_sign_open invalid message'); +SELECT throws_ok($$select crypto_sign_open(NULL, 'bad_key')$$, + '22000', 'pgsodium_crypto_sign_open: message cannot be NULL', + 'crypto_sign_open null public key'); + +SELECT throws_ok($$select crypto_sign_open('foo', NULL)$$, + '22000', 'pgsodium_crypto_sign_open: publickey cannot be NULL', + 'crypto_sign_open null message'); + -- public key signatures -- We will sign our previously generated sealed box