RubyGems - ffi-hydrogen - Versions diffs - 0.1.0 - Mend

ffi-hydrogen 0.1.0

Files changed (160) hide show

checksums.yaml +7 -0
data/.gitignore +13 -0
data/.rspec +3 -0
data/.rubocop.yml +30 -0
data/.travis.yml +10 -0
data/Gemfile +6 -0
data/LICENSE.txt +21 -0
data/README.md +72 -0
data/Rakefile +46 -0
data/bench/both.rb +86 -0
data/bench/encode.rb +57 -0
data/bench/encrypt.rb +80 -0
data/bench/init.rb +5 -0
data/bin/console +14 -0
data/bin/setup +8 -0
data/ffi-hydrogen.gemspec +31 -0
data/lib/ffi/hydrogen.rb +216 -0
data/vendor/.clang-format +2 -0
data/vendor/.gitignore +3 -0
data/vendor/README.md +2 -0
data/vendor/libhydrogen/.clang-format +95 -0
data/vendor/libhydrogen/.gitignore +32 -0
data/vendor/libhydrogen/.travis.yml +22 -0
data/vendor/libhydrogen/LICENSE +18 -0
data/vendor/libhydrogen/Makefile +61 -0
data/vendor/libhydrogen/Makefile.arduino +51 -0
data/vendor/libhydrogen/README.md +29 -0
data/vendor/libhydrogen/hydrogen.c +18 -0
data/vendor/libhydrogen/hydrogen.h +317 -0
data/vendor/libhydrogen/impl/common.h +316 -0
data/vendor/libhydrogen/impl/core.h +220 -0
data/vendor/libhydrogen/impl/gimli-core/portable.h +39 -0
data/vendor/libhydrogen/impl/gimli-core/sse2.h +97 -0
data/vendor/libhydrogen/impl/gimli-core.h +25 -0
data/vendor/libhydrogen/impl/hash.h +138 -0
data/vendor/libhydrogen/impl/hydrogen_p.h +83 -0
data/vendor/libhydrogen/impl/kdf.h +20 -0
data/vendor/libhydrogen/impl/kx.h +441 -0
data/vendor/libhydrogen/impl/pwhash.h +281 -0
data/vendor/libhydrogen/impl/random.h +376 -0
data/vendor/libhydrogen/impl/secretbox.h +236 -0
data/vendor/libhydrogen/impl/sign.h +207 -0
data/vendor/libhydrogen/impl/x25519.h +383 -0
data/vendor/libhydrogen/library.properties +10 -0
data/vendor/libhydrogen/logo.png +0 -0
data/vendor/libhydrogen/tests/tests.c +431 -0
data/vendor/main.c +140 -0
data/vendor/stringencoders/.gitignore +25 -0
data/vendor/stringencoders/.travis.yml +13 -0
data/vendor/stringencoders/AUTHORS +1 -0
data/vendor/stringencoders/COPYING +2 -0
data/vendor/stringencoders/ChangeLog +170 -0
data/vendor/stringencoders/Doxyfile +276 -0
data/vendor/stringencoders/INSTALL +119 -0
data/vendor/stringencoders/LICENSE +22 -0
data/vendor/stringencoders/Makefile.am +3 -0
data/vendor/stringencoders/NEWS +3 -0
data/vendor/stringencoders/README +2 -0
data/vendor/stringencoders/README.md +32 -0
data/vendor/stringencoders/bootstrap.sh +3 -0
data/vendor/stringencoders/configure-gcc-hardened.sh +16 -0
data/vendor/stringencoders/configure.ac +44 -0
data/vendor/stringencoders/doxy/footer.html +34 -0
data/vendor/stringencoders/doxy/header.html +85 -0
data/vendor/stringencoders/indent.sh +9 -0
data/vendor/stringencoders/javascript/base64-speed.html +43 -0
data/vendor/stringencoders/javascript/base64-test.html +209 -0
data/vendor/stringencoders/javascript/base64.html +18 -0
data/vendor/stringencoders/javascript/base64.js +176 -0
data/vendor/stringencoders/javascript/qunit.css +119 -0
data/vendor/stringencoders/javascript/qunit.js +1062 -0
data/vendor/stringencoders/javascript/urlparse-test.html +367 -0
data/vendor/stringencoders/javascript/urlparse.js +328 -0
data/vendor/stringencoders/make-ci.sh +13 -0
data/vendor/stringencoders/makerelease.sh +16 -0
data/vendor/stringencoders/python/b85.py +176 -0
data/vendor/stringencoders/src/Makefile.am +134 -0
data/vendor/stringencoders/src/arraytoc.c +85 -0
data/vendor/stringencoders/src/arraytoc.h +43 -0
data/vendor/stringencoders/src/extern_c_begin.h +3 -0
data/vendor/stringencoders/src/extern_c_end.h +3 -0
data/vendor/stringencoders/src/html_named_entities_generator.py +203 -0
data/vendor/stringencoders/src/modp_ascii.c +159 -0
data/vendor/stringencoders/src/modp_ascii.h +162 -0
data/vendor/stringencoders/src/modp_ascii_data.h +84 -0
data/vendor/stringencoders/src/modp_ascii_gen.c +55 -0
data/vendor/stringencoders/src/modp_b16.c +125 -0
data/vendor/stringencoders/src/modp_b16.h +148 -0
data/vendor/stringencoders/src/modp_b16_data.h +104 -0
data/vendor/stringencoders/src/modp_b16_gen.c +65 -0
data/vendor/stringencoders/src/modp_b2.c +69 -0
data/vendor/stringencoders/src/modp_b2.h +130 -0
data/vendor/stringencoders/src/modp_b2_data.h +44 -0
data/vendor/stringencoders/src/modp_b2_gen.c +36 -0
data/vendor/stringencoders/src/modp_b36.c +108 -0
data/vendor/stringencoders/src/modp_b36.h +170 -0
data/vendor/stringencoders/src/modp_b64.c +254 -0
data/vendor/stringencoders/src/modp_b64.h +236 -0
data/vendor/stringencoders/src/modp_b64_data.h +477 -0
data/vendor/stringencoders/src/modp_b64_gen.c +168 -0
data/vendor/stringencoders/src/modp_b64r.c +254 -0
data/vendor/stringencoders/src/modp_b64r.h +242 -0
data/vendor/stringencoders/src/modp_b64r_data.h +477 -0
data/vendor/stringencoders/src/modp_b64w.c +254 -0
data/vendor/stringencoders/src/modp_b64w.h +231 -0
data/vendor/stringencoders/src/modp_b64w_data.h +477 -0
data/vendor/stringencoders/src/modp_b85.c +109 -0
data/vendor/stringencoders/src/modp_b85.h +171 -0
data/vendor/stringencoders/src/modp_b85_data.h +36 -0
data/vendor/stringencoders/src/modp_b85_gen.c +65 -0
data/vendor/stringencoders/src/modp_bjavascript.c +65 -0
data/vendor/stringencoders/src/modp_bjavascript.h +105 -0
data/vendor/stringencoders/src/modp_bjavascript_data.h +84 -0
data/vendor/stringencoders/src/modp_bjavascript_gen.c +58 -0
data/vendor/stringencoders/src/modp_burl.c +228 -0
data/vendor/stringencoders/src/modp_burl.h +259 -0
data/vendor/stringencoders/src/modp_burl_data.h +136 -0
data/vendor/stringencoders/src/modp_burl_gen.c +121 -0
data/vendor/stringencoders/src/modp_html.c +128 -0
data/vendor/stringencoders/src/modp_html.h +53 -0
data/vendor/stringencoders/src/modp_html_named_entities.h +9910 -0
data/vendor/stringencoders/src/modp_json.c +315 -0
data/vendor/stringencoders/src/modp_json.h +103 -0
data/vendor/stringencoders/src/modp_json_data.h +57 -0
data/vendor/stringencoders/src/modp_json_gen.py +60 -0
data/vendor/stringencoders/src/modp_mainpage.h +120 -0
data/vendor/stringencoders/src/modp_numtoa.c +350 -0
data/vendor/stringencoders/src/modp_numtoa.h +100 -0
data/vendor/stringencoders/src/modp_qsiter.c +76 -0
data/vendor/stringencoders/src/modp_qsiter.h +71 -0
data/vendor/stringencoders/src/modp_stdint.h +43 -0
data/vendor/stringencoders/src/modp_utf8.c +88 -0
data/vendor/stringencoders/src/modp_utf8.h +38 -0
data/vendor/stringencoders/src/modp_xml.c +311 -0
data/vendor/stringencoders/src/modp_xml.h +166 -0
data/vendor/stringencoders/src/stringencoders.pc +10 -0
data/vendor/stringencoders/src/stringencoders.pc.in +10 -0
data/vendor/stringencoders/test/Makefile.am +113 -0
data/vendor/stringencoders/test/apr_base64.c +262 -0
data/vendor/stringencoders/test/apr_base64.h +120 -0
data/vendor/stringencoders/test/cxx_test.cc +482 -0
data/vendor/stringencoders/test/minunit.h +82 -0
data/vendor/stringencoders/test/modp_ascii_test.c +281 -0
data/vendor/stringencoders/test/modp_b16_test.c +288 -0
data/vendor/stringencoders/test/modp_b2_test.c +250 -0
data/vendor/stringencoders/test/modp_b64_test.c +266 -0
data/vendor/stringencoders/test/modp_b85_test.c +130 -0
data/vendor/stringencoders/test/modp_bjavascript_test.c +137 -0
data/vendor/stringencoders/test/modp_burl_test.c +423 -0
data/vendor/stringencoders/test/modp_html_test.c +296 -0
data/vendor/stringencoders/test/modp_json_test.c +336 -0
data/vendor/stringencoders/test/modp_numtoa_test.c +545 -0
data/vendor/stringencoders/test/modp_qsiter_test.c +280 -0
data/vendor/stringencoders/test/modp_utf8_test.c +188 -0
data/vendor/stringencoders/test/modp_xml_test.c +339 -0
data/vendor/stringencoders/test/speedtest.c +241 -0
data/vendor/stringencoders/test/speedtest_ascii.c +345 -0
data/vendor/stringencoders/test/speedtest_msg.c +78 -0
data/vendor/stringencoders/test/speedtest_numtoa.c +276 -0
metadata +314 -0

data/vendor/libhydrogen/impl/pwhash.h ADDED Viewed

@@ -0,0 +1,281 @@
+#define hydro_pwhash_ENC_ALGBYTES 1
+#define hydro_pwhash_HASH_ALGBYTES 1
+#define hydro_pwhash_THREADSBYTES 1
+#define hydro_pwhash_OPSLIMITBYTES 8
+#define hydro_pwhash_MEMLIMITBYTES 8
+#define hydro_pwhash_HASHBYTES 32
+#define hydro_pwhash_SALTBYTES 16
+#define hydro_pwhash_PARAMSBYTES                                                           \
+    (hydro_pwhash_HASH_ALGBYTES + hydro_pwhash_THREADSBYTES + hydro_pwhash_OPSLIMITBYTES + \
+     hydro_pwhash_MEMLIMITBYTES + hydro_pwhash_SALTBYTES + hydro_pwhash_HASHBYTES)
+#define hydro_pwhash_ENC_ALG 0x01
+#define hydro_pwhash_HASH_ALG 0x01
+#define hydro_pwhash_CONTEXT "hydro_pw"
+static int
+_hydro_pwhash_hash(uint8_t out[hydro_random_SEEDBYTES], size_t h_len,
+                   const uint8_t salt[hydro_pwhash_SALTBYTES], const char *passwd,
+                   size_t passwd_len, const char ctx[hydro_pwhash_CONTEXTBYTES],
+                   const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES], uint64_t opslimit,
+                   size_t memlimit, uint8_t threads)
+{
+    _hydro_attr_aligned_(16) uint8_t state[gimli_BLOCKBYTES];
+    hydro_hash_state                 h_st;
+    uint8_t                          tmp64_u8[8];
+    uint64_t                         i;
+    uint8_t                          tmp8;
+    COMPILER_ASSERT(hydro_pwhash_MASTERKEYBYTES >= hydro_hash_KEYBYTES);
+    hydro_hash_init(&h_st, ctx, master_key);
+    STORE64_LE(tmp64_u8, (uint64_t) passwd_len);
+    hydro_hash_update(&h_st, tmp64_u8, sizeof tmp64_u8);
+    hydro_hash_update(&h_st, passwd, passwd_len);
+    hydro_hash_update(&h_st, salt, hydro_pwhash_SALTBYTES);
+    tmp8 = hydro_pwhash_HASH_ALG;
+    hydro_hash_update(&h_st, &tmp8, 1);
+    hydro_hash_update(&h_st, &threads, 1);
+    STORE64_LE(tmp64_u8, (uint64_t) memlimit);
+    hydro_hash_update(&h_st, tmp64_u8, sizeof tmp64_u8);
+    STORE64_LE(tmp64_u8, (uint64_t) h_len);
+    hydro_hash_update(&h_st, tmp64_u8, sizeof tmp64_u8);
+    hydro_hash_final(&h_st, (uint8_t *) (void *) &state, sizeof state);
+    gimli_core_u8(state, 1);
+    COMPILER_ASSERT(gimli_RATE >= 8);
+    for (i = 0; i < opslimit; i++) {
+        mem_zero(state, gimli_RATE);
+        STORE64_LE(state, i);
+        gimli_core_u8(state, 0);
+    }
+    mem_zero(state, gimli_RATE);
+    COMPILER_ASSERT(hydro_random_SEEDBYTES == gimli_CAPACITY);
+    memcpy(out, state + gimli_RATE, hydro_random_SEEDBYTES);
+    hydro_memzero(state, sizeof state);
+    return 0;
+}
+void
+hydro_pwhash_keygen(uint8_t master_key[hydro_pwhash_MASTERKEYBYTES])
+{
+    hydro_random_buf(master_key, hydro_pwhash_MASTERKEYBYTES);
+}
+int
+hydro_pwhash_deterministic(uint8_t *h, size_t h_len, const char *passwd, size_t passwd_len,
+                           const char    ctx[hydro_pwhash_CONTEXTBYTES],
+                           const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES], uint64_t opslimit,
+                           size_t memlimit, uint8_t threads)
+{
+    uint8_t seed[hydro_random_SEEDBYTES];
+    COMPILER_ASSERT(sizeof zero >= hydro_pwhash_SALTBYTES);
+    COMPILER_ASSERT(sizeof zero >= hydro_pwhash_MASTERKEYBYTES);
+    (void) memlimit;
+    if (_hydro_pwhash_hash(seed, h_len, zero, passwd, passwd_len, ctx, master_key, opslimit,
+                           memlimit, threads) != 0) {
+        return -1;
+    }
+    hydro_random_buf_deterministic(h, h_len, seed);
+    hydro_memzero(seed, sizeof seed);
+    return 0;
+}
+int
+hydro_pwhash_create(uint8_t stored[hydro_pwhash_STOREDBYTES], const char *passwd, size_t passwd_len,
+                    const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES], uint64_t opslimit,
+                    size_t memlimit, uint8_t threads)
+{
+    uint8_t *const enc_alg     = &stored[0];
+    uint8_t *const secretbox   = &enc_alg[hydro_pwhash_ENC_ALGBYTES];
+    uint8_t *const hash_alg    = &secretbox[hydro_secretbox_HEADERBYTES];
+    uint8_t *const threads_u8  = &hash_alg[hydro_pwhash_HASH_ALGBYTES];
+    uint8_t *const opslimit_u8 = &threads_u8[hydro_pwhash_THREADSBYTES];
+    uint8_t *const memlimit_u8 = &opslimit_u8[hydro_pwhash_OPSLIMITBYTES];
+    uint8_t *const salt        = &memlimit_u8[hydro_pwhash_MEMLIMITBYTES];
+    uint8_t *const h           = &salt[hydro_pwhash_SALTBYTES];
+    COMPILER_ASSERT(hydro_pwhash_STOREDBYTES >= hydro_pwhash_ENC_ALGBYTES +
+                                                    hydro_secretbox_HEADERBYTES +
+                                                    hydro_pwhash_PARAMSBYTES);
+    (void) memlimit;
+    mem_zero(stored, hydro_pwhash_STOREDBYTES);
+    *enc_alg    = hydro_pwhash_ENC_ALG;
+    *hash_alg   = hydro_pwhash_HASH_ALG;
+    *threads_u8 = threads;
+    STORE64_LE(opslimit_u8, opslimit);
+    STORE64_LE(memlimit_u8, (uint64_t) memlimit);
+    hydro_random_buf(salt, hydro_pwhash_SALTBYTES);
+    COMPILER_ASSERT(sizeof zero >= hydro_pwhash_MASTERKEYBYTES);
+    if (_hydro_pwhash_hash(h, hydro_pwhash_HASHBYTES, salt, passwd, passwd_len,
+                           hydro_pwhash_CONTEXT, zero, opslimit, memlimit, threads) != 0) {
+        return -1;
+    }
+    COMPILER_ASSERT(hydro_pwhash_MASTERKEYBYTES == hydro_secretbox_KEYBYTES);
+    return hydro_secretbox_encrypt(secretbox, hash_alg, hydro_pwhash_PARAMSBYTES,
+                                   (uint64_t) *enc_alg, hydro_pwhash_CONTEXT, master_key);
+}
+static int
+_hydro_pwhash_verify(uint8_t       computed_h[hydro_pwhash_HASHBYTES],
+                     const uint8_t stored[hydro_pwhash_STOREDBYTES], const char *passwd,
+                     size_t passwd_len, const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES],
+                     uint64_t opslimit_max, size_t memlimit_max, uint8_t threads_max)
+{
+    const uint8_t *const enc_alg   = &stored[0];
+    const uint8_t *const secretbox = &enc_alg[hydro_pwhash_ENC_ALGBYTES];
+    uint8_t        params[hydro_pwhash_PARAMSBYTES];
+    uint8_t *const hash_alg    = &params[0];
+    uint8_t *const threads_u8  = &hash_alg[hydro_pwhash_HASH_ALGBYTES];
+    uint8_t *const opslimit_u8 = &threads_u8[hydro_pwhash_THREADSBYTES];
+    uint8_t *const memlimit_u8 = &opslimit_u8[hydro_pwhash_OPSLIMITBYTES];
+    uint8_t *const salt        = &memlimit_u8[hydro_pwhash_MEMLIMITBYTES];
+    uint8_t *const h           = &salt[hydro_pwhash_SALTBYTES];
+    uint64_t opslimit;
+    size_t   memlimit;
+    uint8_t  threads;
+    (void) memlimit;
+    if (*enc_alg != hydro_pwhash_ENC_ALG) {
+        return -1;
+    }
+    if (hydro_secretbox_decrypt(params, secretbox,
+                                hydro_secretbox_HEADERBYTES + hydro_pwhash_PARAMSBYTES,
+                                (uint64_t) *enc_alg, hydro_pwhash_CONTEXT, master_key) != 0) {
+        return -1;
+    }
+    if (*hash_alg != hydro_pwhash_HASH_ALG || (opslimit = LOAD64_LE(opslimit_u8)) > opslimit_max ||
+        (memlimit = (size_t) LOAD64_LE(memlimit_u8)) > memlimit_max ||
+        (threads = *threads_u8) > threads_max) {
+        return -1;
+    }
+    if (_hydro_pwhash_hash(computed_h, hydro_pwhash_HASHBYTES, salt, passwd, passwd_len,
+                           hydro_pwhash_CONTEXT, zero, opslimit, memlimit, threads) == 0 &&
+        hydro_equal(computed_h, h, hydro_pwhash_HASHBYTES) == 1) {
+        return 0;
+    }
+    return -1;
+}
+int
+hydro_pwhash_verify(const uint8_t stored[hydro_pwhash_STOREDBYTES], const char *passwd,
+                    size_t passwd_len, const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES],
+                    uint64_t opslimit_max, size_t memlimit_max, uint8_t threads_max)
+{
+    uint8_t computed_h[hydro_pwhash_HASHBYTES];
+    int     ret;
+    ret = _hydro_pwhash_verify(computed_h, stored, passwd, passwd_len, master_key, opslimit_max,
+                               memlimit_max, threads_max);
+    hydro_memzero(computed_h, sizeof computed_h);
+    return ret;
+}
+int
+hydro_pwhash_derive_static_key(uint8_t *static_key, size_t static_key_len,
+                               const uint8_t stored[hydro_pwhash_STOREDBYTES], const char *passwd,
+                               size_t passwd_len, const char ctx[hydro_pwhash_CONTEXTBYTES],
+                               const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES],
+                               uint64_t opslimit_max, size_t memlimit_max, uint8_t threads_max)
+{
+    uint8_t computed_h[hydro_pwhash_HASHBYTES];
+    if (_hydro_pwhash_verify(computed_h, stored, passwd, passwd_len, master_key, opslimit_max,
+                             memlimit_max, threads_max) != 0) {
+        hydro_memzero(computed_h, sizeof computed_h);
+        return -1;
+    }
+    COMPILER_ASSERT(hydro_kdf_CONTEXTBYTES <= hydro_pwhash_CONTEXTBYTES);
+    COMPILER_ASSERT(hydro_kdf_KEYBYTES <= hydro_pwhash_HASHBYTES);
+    hydro_kdf_derive_from_key(static_key, static_key_len, 0, ctx, computed_h);
+    hydro_memzero(computed_h, sizeof computed_h);
+    return 0;
+}
+int
+hydro_pwhash_reencrypt(uint8_t       stored[hydro_pwhash_STOREDBYTES],
+                       const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES],
+                       const uint8_t new_master_key[hydro_pwhash_MASTERKEYBYTES])
+{
+    uint8_t *const enc_alg   = &stored[0];
+    uint8_t *const secretbox = &enc_alg[hydro_pwhash_ENC_ALGBYTES];
+    uint8_t *const params    = &secretbox[hydro_secretbox_HEADERBYTES];
+    if (*enc_alg != hydro_pwhash_ENC_ALG) {
+        return -1;
+    }
+    if (hydro_secretbox_decrypt(secretbox, secretbox,
+                                hydro_secretbox_HEADERBYTES + hydro_pwhash_PARAMSBYTES,
+                                (uint64_t) *enc_alg, hydro_pwhash_CONTEXT, master_key) != 0) {
+        return -1;
+    }
+    memmove(params, secretbox, hydro_pwhash_PARAMSBYTES);
+    return hydro_secretbox_encrypt(secretbox, params, hydro_pwhash_PARAMSBYTES, (uint64_t) *enc_alg,
+                                   hydro_pwhash_CONTEXT, new_master_key);
+}
+int
+hydro_pwhash_upgrade(uint8_t       stored[hydro_pwhash_STOREDBYTES],
+                     const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES], uint64_t opslimit,
+                     size_t memlimit, uint8_t threads)
+{
+    uint8_t *const enc_alg     = &stored[0];
+    uint8_t *const secretbox   = &enc_alg[hydro_pwhash_ENC_ALGBYTES];
+    uint8_t *const params      = &secretbox[hydro_secretbox_HEADERBYTES];
+    uint8_t *const hash_alg    = &params[0];
+    uint8_t *const threads_u8  = &hash_alg[hydro_pwhash_HASH_ALGBYTES];
+    uint8_t *const opslimit_u8 = &threads_u8[hydro_pwhash_THREADSBYTES];
+    uint8_t *const memlimit_u8 = &opslimit_u8[hydro_pwhash_OPSLIMITBYTES];
+    uint8_t *const salt        = &memlimit_u8[hydro_pwhash_MEMLIMITBYTES];
+    uint8_t *const h           = &salt[hydro_pwhash_SALTBYTES];
+    _hydro_attr_aligned_(16) uint8_t state[gimli_BLOCKBYTES];
+    uint64_t                         i;
+    uint64_t                         opslimit_prev;
+    if (*enc_alg != hydro_pwhash_ENC_ALG) {
+        return -1;
+    }
+    if (hydro_secretbox_decrypt(secretbox, secretbox,
+                                hydro_secretbox_HEADERBYTES + hydro_pwhash_PARAMSBYTES,
+                                (uint64_t) *enc_alg, hydro_pwhash_CONTEXT, master_key) != 0) {
+        return -1;
+    }
+    memmove(params, secretbox, hydro_pwhash_PARAMSBYTES);
+    opslimit_prev = LOAD64_LE(opslimit_u8);
+    if (*hash_alg != hydro_pwhash_HASH_ALG) {
+        mem_zero(stored, hydro_pwhash_STOREDBYTES);
+        return -1;
+    }
+    COMPILER_ASSERT(hydro_random_SEEDBYTES == gimli_CAPACITY);
+    memcpy(state + gimli_RATE, h, hydro_random_SEEDBYTES);
+    for (i = opslimit_prev; i < opslimit; i++) {
+        mem_zero(state, gimli_RATE);
+        STORE64_LE(state, i);
+        gimli_core_u8(state, 0);
+    }
+    mem_zero(state, gimli_RATE);
+    memcpy(h, state + gimli_RATE, hydro_random_SEEDBYTES);
+    *threads_u8 = threads;
+    STORE64_LE(opslimit_u8, opslimit);
+    STORE64_LE(memlimit_u8, (uint64_t) memlimit);
+    return hydro_secretbox_encrypt(secretbox, params, hydro_pwhash_PARAMSBYTES, (uint64_t) *enc_alg,
+                                   hydro_pwhash_CONTEXT, master_key);
+}

data/vendor/libhydrogen/impl/random.h ADDED Viewed

@@ -0,0 +1,376 @@
+static TLS struct {
+    _hydro_attr_aligned_(16) uint8_t state[gimli_BLOCKBYTES];
+    uint64_t counter;
+    uint8_t  initialized;
+    uint8_t  available;
+} hydro_random_context;
+#if defined(AVR) && !defined(__unix__)
+#include <Arduino.h>
+static bool
+hydro_random_rbit(unsigned int x)
+{
+    size_t i;
+    bool   res = 0;
+    for (i = 0; i < sizeof x; i++) {
+        res ^= ((x >> i) & 1);
+    }
+    return res;
+}
+static int
+hydro_random_init(void)
+{
+    const char       ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
+    hydro_hash_state st;
+    uint16_t         ebits = 0;
+    uint16_t         tc;
+    bool             a, b;
+    cli();
+    MCUSR = 0;
+    WDTCSR |= _BV(WDCE) | _BV(WDE);
+    WDTCSR = _BV(WDIE);
+    sei();
+    hydro_hash_init(&st, ctx, NULL);
+    while (ebits < 256) {
+        delay(1);
+        tc = TCNT1;
+        hydro_hash_update(&st, (const uint8_t *) &tc, sizeof tc);
+        a = hydro_random_rbit(tc);
+        delay(1);
+        tc = TCNT1;
+        b  = hydro_random_rbit(tc);
+        hydro_hash_update(&st, (const uint8_t *) &tc, sizeof tc);
+        if (a == b) {
+            continue;
+        }
+        hydro_hash_update(&st, (const uint8_t *) &b, sizeof b);
+        ebits++;
+    }
+    cli();
+    MCUSR = 0;
+    WDTCSR |= _BV(WDCE) | _BV(WDE);
+    WDTCSR = 0;
+    sei();
+    hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
+    hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
+    return 0;
+}
+ISR(WDT_vect) {}
+#elif (defined(ESP32) || defined(ESP8266)) && !defined(__unix__)
+// Important: RF *must* be activated on ESP board
+// https://techtutorialsx.com/2017/12/22/esp32-arduino-random-number-generation/
+#include <esp_system.h>
+static int
+hydro_random_init(void)
+{
+    const char       ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
+    hydro_hash_state st;
+    uint16_t         ebits = 0;
+    uint16_t         tc;
+    bool             a, b;
+    hydro_hash_init(&st, ctx, NULL);
+    while (ebits < 256) {
+        uint32_t r = esp_random();
+        delay(10);
+        hydro_hash_update(&st, (const uint32_t *) &r, sizeof r);
+        ebits += 32;
+    }
+    hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
+    hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
+    return 0;
+}
+#elif defined(_WIN32)
+#include <windows.h>
+#define RtlGenRandom SystemFunction036
+#if defined(__cplusplus)
+extern "C"
+#endif
+    BOOLEAN NTAPI
+            RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
+#pragma comment(lib, "advapi32.lib")
+static int
+hydro_random_init(void)
+{
+    if (!RtlGenRandom((PVOID) hydro_random_context.state,
+                      (ULONG) sizeof hydro_random_context.state)) {
+        return -1;
+    }
+    hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
+    return 0;
+}
+#elif defined(__unix__)
+#include <errno.h>
+#include <fcntl.h>
+#ifdef __linux__
+#include <poll.h>
+#endif
+#include <sys/types.h>
+#include <unistd.h>
+#ifdef __linux__
+static int
+hydro_random_block_on_dev_random(void)
+{
+    struct pollfd pfd;
+    int           fd;
+    int           pret;
+    fd = open("/dev/random", O_RDONLY);
+    if (fd == -1) {
+        return 0;
+    }
+    pfd.fd      = fd;
+    pfd.events  = POLLIN;
+    pfd.revents = 0;
+    do {
+        pret = poll(&pfd, 1, -1);
+    } while (pret < 0 && (errno == EINTR || errno == EAGAIN));
+    if (pret != 1) {
+        (void) close(fd);
+        errno = EIO;
+        return -1;
+    }
+    return close(fd);
+}
+#endif
+static ssize_t
+hydro_random_safe_read(const int fd, void *const buf_, size_t len)
+{
+    unsigned char *buf = (unsigned char *) buf_;
+    ssize_t        readnb;
+    do {
+        while ((readnb = read(fd, buf, len)) < (ssize_t) 0 && (errno == EINTR || errno == EAGAIN))
+            ;
+        if (readnb < (ssize_t) 0) {
+            return readnb;
+        }
+        if (readnb == (ssize_t) 0) {
+            break;
+        }
+        len -= (size_t) readnb;
+        buf += readnb;
+    } while (len > (ssize_t) 0);
+    return (ssize_t)(buf - (unsigned char *) buf_);
+}
+static int
+hydro_random_init(void)
+{
+    uint8_t tmp[gimli_BLOCKBYTES + 8];
+    int     fd;
+    int     ret = -1;
+#ifdef __linux__
+    if (hydro_random_block_on_dev_random() != 0) {
+        return -1;
+    }
+#endif
+    do {
+        fd = open("/dev/urandom", O_RDONLY);
+        if (fd == -1 && errno != EINTR) {
+            return -1;
+        }
+    } while (fd == -1);
+    if (hydro_random_safe_read(fd, tmp, sizeof tmp) == (ssize_t) sizeof tmp) {
+        memcpy(hydro_random_context.state, tmp, gimli_BLOCKBYTES);
+        memcpy(&hydro_random_context.counter, tmp + gimli_BLOCKBYTES, 8);
+        hydro_memzero(tmp, sizeof tmp);
+        ret = 0;
+    }
+    ret |= close(fd);
+    return ret;
+}
+#elif defined(TARGET_LIKE_MBED)
+#include <mbedtls/ctr_drbg.h>
+#include <mbedtls/entropy.h>
+#if defined(MBEDTLS_ENTROPY_C)
+static int
+hydro_random_init(void)
+{
+    mbedtls_entropy_context entropy;
+    uint16_t                pos = 0;
+    mbedtls_entropy_init(&entropy);
+    // Pull data directly out of the entropy pool for the state, as it's small enough.
+    if (mbedtls_entropy_func(&entropy, (uint8_t *) &hydro_random_context.counter,
+                             sizeof hydro_random_context.counter) != 0) {
+        return -1;
+    }
+    // mbedtls_entropy_func can't provide more than MBEDTLS_ENTROPY_BLOCK_SIZE in one go.
+    // This constant depends of mbedTLS configuration (whether the PRNG is backed by SHA256/SHA512
+    // at this time) Therefore, if necessary, we get entropy multiple times.
+    do {
+        const uint8_t dataLeftToConsume = gimli_BLOCKBYTES - pos;
+        const uint8_t currentChunkSize  = (dataLeftToConsume > MBEDTLS_ENTROPY_BLOCK_SIZE)
+                                             ? MBEDTLS_ENTROPY_BLOCK_SIZE
+                                             : dataLeftToConsume;
+        // Forces mbedTLS to fetch fresh entropy, then get some to feed libhydrogen.
+        if (mbedtls_entropy_gather(&entropy) != 0 ||
+            mbedtls_entropy_func(&entropy, &hydro_random_context.state[pos], currentChunkSize) != 0) {
+            return -1;
+        }
+        pos += MBEDTLS_ENTROPY_BLOCK_SIZE;
+    } while (pos < gimli_BLOCKBYTES);
+    mbedtls_entropy_free(&entropy);
+    return 0;
+}
+#else
+#error Need an entropy source
+#endif
+#else
+#error Unsupported platform
+#endif
+static void
+hydro_random_check_initialized(void)
+{
+    if (hydro_random_context.initialized == 0) {
+        if (hydro_random_init() != 0) {
+            abort();
+        }
+        gimli_core_u8(hydro_random_context.state, 0);
+        hydro_random_ratchet();
+        hydro_random_context.initialized = 1;
+    }
+}
+void
+hydro_random_ratchet(void)
+{
+    mem_zero(hydro_random_context.state, gimli_RATE);
+    STORE64_LE(hydro_random_context.state, hydro_random_context.counter);
+    hydro_random_context.counter++;
+    gimli_core_u8(hydro_random_context.state, 0);
+    hydro_random_context.available = gimli_RATE;
+}
+uint32_t
+hydro_random_u32(void)
+{
+    uint32_t v;
+    hydro_random_check_initialized();
+    if (hydro_random_context.available < 4) {
+        hydro_random_ratchet();
+    }
+    memcpy(&v, &hydro_random_context.state[gimli_RATE - hydro_random_context.available], 4);
+    hydro_random_context.available -= 4;
+    return v;
+}
+uint32_t
+hydro_random_uniform(const uint32_t upper_bound)
+{
+    uint32_t min;
+    uint32_t r;
+    if (upper_bound < 2U) {
+        return 0;
+    }
+    min = (1U + ~upper_bound) % upper_bound; /* = 2**32 mod upper_bound */
+    do {
+        r = hydro_random_u32();
+    } while (r < min);
+    /* r is now clamped to a set whose size mod upper_bound == 0
+     * the worst case (2**31+1) requires 2 attempts on average */
+    return r % upper_bound;
+}
+void
+hydro_random_buf(void *out, size_t out_len)
+{
+    uint8_t *p = (uint8_t *) out;
+    size_t   i;
+    size_t   leftover;
+    for (i = 0; i < out_len / gimli_RATE; i++) {
+        gimli_core_u8(hydro_random_context.state, 0);
+        memcpy(p + i * gimli_RATE, hydro_random_context.state, gimli_RATE);
+    }
+    leftover = out_len % gimli_RATE;
+    if (leftover != 0) {
+        gimli_core_u8(hydro_random_context.state, 0);
+        mem_cpy(p + i * gimli_RATE, hydro_random_context.state, leftover);
+    }
+    hydro_random_ratchet();
+}
+void
+hydro_random_buf_deterministic(void *out, size_t out_len,
+                               const uint8_t seed[hydro_random_SEEDBYTES])
+{
+    static const uint8_t             prefix[] = { 7, 'd', 'r', 'b', 'g', '2', '5', '6' };
+    _hydro_attr_aligned_(16) uint8_t state[gimli_BLOCKBYTES];
+    uint8_t *                        p = (uint8_t *) out;
+    size_t                           i;
+    size_t                           leftover;
+    mem_zero(state, gimli_BLOCKBYTES);
+    COMPILER_ASSERT(sizeof prefix + 8 <= gimli_RATE);
+    memcpy(state, prefix, sizeof prefix);
+    STORE64_LE(state + sizeof prefix, (uint64_t) out_len);
+    gimli_core_u8(state, 1);
+    COMPILER_ASSERT(hydro_random_SEEDBYTES == gimli_RATE * 2);
+    mem_xor(state, seed, gimli_RATE);
+    gimli_core_u8(state, 2);
+    mem_xor(state, seed + gimli_RATE, gimli_RATE);
+    gimli_core_u8(state, 2);
+    for (i = 0; i < out_len / gimli_RATE; i++) {
+        gimli_core_u8(state, 0);
+        memcpy(p + i * gimli_RATE, state, gimli_RATE);
+    }
+    leftover = out_len % gimli_RATE;
+    if (leftover != 0) {
+        gimli_core_u8(state, 0);
+        mem_cpy(p + i * gimli_RATE, state, leftover);
+    }
+    hydro_random_ratchet();
+}
+void
+hydro_random_reseed(void)
+{
+    hydro_random_context.initialized = 0;
+    hydro_random_check_initialized();
+}