RubyGems - ffi-hydrogen - Versions diffs - 0.1.0 - Mend

ffi-hydrogen 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (160) hide show

checksums.yaml +7 -0
data/.gitignore +13 -0
data/.rspec +3 -0
data/.rubocop.yml +30 -0
data/.travis.yml +10 -0
data/Gemfile +6 -0
data/LICENSE.txt +21 -0
data/README.md +72 -0
data/Rakefile +46 -0
data/bench/both.rb +86 -0
data/bench/encode.rb +57 -0
data/bench/encrypt.rb +80 -0
data/bench/init.rb +5 -0
data/bin/console +14 -0
data/bin/setup +8 -0
data/ffi-hydrogen.gemspec +31 -0
data/lib/ffi/hydrogen.rb +216 -0
data/vendor/.clang-format +2 -0
data/vendor/.gitignore +3 -0
data/vendor/README.md +2 -0
data/vendor/libhydrogen/.clang-format +95 -0
data/vendor/libhydrogen/.gitignore +32 -0
data/vendor/libhydrogen/.travis.yml +22 -0
data/vendor/libhydrogen/LICENSE +18 -0
data/vendor/libhydrogen/Makefile +61 -0
data/vendor/libhydrogen/Makefile.arduino +51 -0
data/vendor/libhydrogen/README.md +29 -0
data/vendor/libhydrogen/hydrogen.c +18 -0
data/vendor/libhydrogen/hydrogen.h +317 -0
data/vendor/libhydrogen/impl/common.h +316 -0
data/vendor/libhydrogen/impl/core.h +220 -0
data/vendor/libhydrogen/impl/gimli-core/portable.h +39 -0
data/vendor/libhydrogen/impl/gimli-core/sse2.h +97 -0
data/vendor/libhydrogen/impl/gimli-core.h +25 -0
data/vendor/libhydrogen/impl/hash.h +138 -0
data/vendor/libhydrogen/impl/hydrogen_p.h +83 -0
data/vendor/libhydrogen/impl/kdf.h +20 -0
data/vendor/libhydrogen/impl/kx.h +441 -0
data/vendor/libhydrogen/impl/pwhash.h +281 -0
data/vendor/libhydrogen/impl/random.h +376 -0
data/vendor/libhydrogen/impl/secretbox.h +236 -0
data/vendor/libhydrogen/impl/sign.h +207 -0
data/vendor/libhydrogen/impl/x25519.h +383 -0
data/vendor/libhydrogen/library.properties +10 -0
data/vendor/libhydrogen/logo.png +0 -0
data/vendor/libhydrogen/tests/tests.c +431 -0
data/vendor/main.c +140 -0
data/vendor/stringencoders/.gitignore +25 -0
data/vendor/stringencoders/.travis.yml +13 -0
data/vendor/stringencoders/AUTHORS +1 -0
data/vendor/stringencoders/COPYING +2 -0
data/vendor/stringencoders/ChangeLog +170 -0
data/vendor/stringencoders/Doxyfile +276 -0
data/vendor/stringencoders/INSTALL +119 -0
data/vendor/stringencoders/LICENSE +22 -0
data/vendor/stringencoders/Makefile.am +3 -0
data/vendor/stringencoders/NEWS +3 -0
data/vendor/stringencoders/README +2 -0
data/vendor/stringencoders/README.md +32 -0
data/vendor/stringencoders/bootstrap.sh +3 -0
data/vendor/stringencoders/configure-gcc-hardened.sh +16 -0
data/vendor/stringencoders/configure.ac +44 -0
data/vendor/stringencoders/doxy/footer.html +34 -0
data/vendor/stringencoders/doxy/header.html +85 -0
data/vendor/stringencoders/indent.sh +9 -0
data/vendor/stringencoders/javascript/base64-speed.html +43 -0
data/vendor/stringencoders/javascript/base64-test.html +209 -0
data/vendor/stringencoders/javascript/base64.html +18 -0
data/vendor/stringencoders/javascript/base64.js +176 -0
data/vendor/stringencoders/javascript/qunit.css +119 -0
data/vendor/stringencoders/javascript/qunit.js +1062 -0
data/vendor/stringencoders/javascript/urlparse-test.html +367 -0
data/vendor/stringencoders/javascript/urlparse.js +328 -0
data/vendor/stringencoders/make-ci.sh +13 -0
data/vendor/stringencoders/makerelease.sh +16 -0
data/vendor/stringencoders/python/b85.py +176 -0
data/vendor/stringencoders/src/Makefile.am +134 -0
data/vendor/stringencoders/src/arraytoc.c +85 -0
data/vendor/stringencoders/src/arraytoc.h +43 -0
data/vendor/stringencoders/src/extern_c_begin.h +3 -0
data/vendor/stringencoders/src/extern_c_end.h +3 -0
data/vendor/stringencoders/src/html_named_entities_generator.py +203 -0
data/vendor/stringencoders/src/modp_ascii.c +159 -0
data/vendor/stringencoders/src/modp_ascii.h +162 -0
data/vendor/stringencoders/src/modp_ascii_data.h +84 -0
data/vendor/stringencoders/src/modp_ascii_gen.c +55 -0
data/vendor/stringencoders/src/modp_b16.c +125 -0
data/vendor/stringencoders/src/modp_b16.h +148 -0
data/vendor/stringencoders/src/modp_b16_data.h +104 -0
data/vendor/stringencoders/src/modp_b16_gen.c +65 -0
data/vendor/stringencoders/src/modp_b2.c +69 -0
data/vendor/stringencoders/src/modp_b2.h +130 -0
data/vendor/stringencoders/src/modp_b2_data.h +44 -0
data/vendor/stringencoders/src/modp_b2_gen.c +36 -0
data/vendor/stringencoders/src/modp_b36.c +108 -0
data/vendor/stringencoders/src/modp_b36.h +170 -0
data/vendor/stringencoders/src/modp_b64.c +254 -0
data/vendor/stringencoders/src/modp_b64.h +236 -0
data/vendor/stringencoders/src/modp_b64_data.h +477 -0
data/vendor/stringencoders/src/modp_b64_gen.c +168 -0
data/vendor/stringencoders/src/modp_b64r.c +254 -0
data/vendor/stringencoders/src/modp_b64r.h +242 -0
data/vendor/stringencoders/src/modp_b64r_data.h +477 -0
data/vendor/stringencoders/src/modp_b64w.c +254 -0
data/vendor/stringencoders/src/modp_b64w.h +231 -0
data/vendor/stringencoders/src/modp_b64w_data.h +477 -0
data/vendor/stringencoders/src/modp_b85.c +109 -0
data/vendor/stringencoders/src/modp_b85.h +171 -0
data/vendor/stringencoders/src/modp_b85_data.h +36 -0
data/vendor/stringencoders/src/modp_b85_gen.c +65 -0
data/vendor/stringencoders/src/modp_bjavascript.c +65 -0
data/vendor/stringencoders/src/modp_bjavascript.h +105 -0
data/vendor/stringencoders/src/modp_bjavascript_data.h +84 -0
data/vendor/stringencoders/src/modp_bjavascript_gen.c +58 -0
data/vendor/stringencoders/src/modp_burl.c +228 -0
data/vendor/stringencoders/src/modp_burl.h +259 -0
data/vendor/stringencoders/src/modp_burl_data.h +136 -0
data/vendor/stringencoders/src/modp_burl_gen.c +121 -0
data/vendor/stringencoders/src/modp_html.c +128 -0
data/vendor/stringencoders/src/modp_html.h +53 -0
data/vendor/stringencoders/src/modp_html_named_entities.h +9910 -0
data/vendor/stringencoders/src/modp_json.c +315 -0
data/vendor/stringencoders/src/modp_json.h +103 -0
data/vendor/stringencoders/src/modp_json_data.h +57 -0
data/vendor/stringencoders/src/modp_json_gen.py +60 -0
data/vendor/stringencoders/src/modp_mainpage.h +120 -0
data/vendor/stringencoders/src/modp_numtoa.c +350 -0
data/vendor/stringencoders/src/modp_numtoa.h +100 -0
data/vendor/stringencoders/src/modp_qsiter.c +76 -0
data/vendor/stringencoders/src/modp_qsiter.h +71 -0
data/vendor/stringencoders/src/modp_stdint.h +43 -0
data/vendor/stringencoders/src/modp_utf8.c +88 -0
data/vendor/stringencoders/src/modp_utf8.h +38 -0
data/vendor/stringencoders/src/modp_xml.c +311 -0
data/vendor/stringencoders/src/modp_xml.h +166 -0
data/vendor/stringencoders/src/stringencoders.pc +10 -0
data/vendor/stringencoders/src/stringencoders.pc.in +10 -0
data/vendor/stringencoders/test/Makefile.am +113 -0
data/vendor/stringencoders/test/apr_base64.c +262 -0
data/vendor/stringencoders/test/apr_base64.h +120 -0
data/vendor/stringencoders/test/cxx_test.cc +482 -0
data/vendor/stringencoders/test/minunit.h +82 -0
data/vendor/stringencoders/test/modp_ascii_test.c +281 -0
data/vendor/stringencoders/test/modp_b16_test.c +288 -0
data/vendor/stringencoders/test/modp_b2_test.c +250 -0
data/vendor/stringencoders/test/modp_b64_test.c +266 -0
data/vendor/stringencoders/test/modp_b85_test.c +130 -0
data/vendor/stringencoders/test/modp_bjavascript_test.c +137 -0
data/vendor/stringencoders/test/modp_burl_test.c +423 -0
data/vendor/stringencoders/test/modp_html_test.c +296 -0
data/vendor/stringencoders/test/modp_json_test.c +336 -0
data/vendor/stringencoders/test/modp_numtoa_test.c +545 -0
data/vendor/stringencoders/test/modp_qsiter_test.c +280 -0
data/vendor/stringencoders/test/modp_utf8_test.c +188 -0
data/vendor/stringencoders/test/modp_xml_test.c +339 -0
data/vendor/stringencoders/test/speedtest.c +241 -0
data/vendor/stringencoders/test/speedtest_ascii.c +345 -0
data/vendor/stringencoders/test/speedtest_msg.c +78 -0
data/vendor/stringencoders/test/speedtest_numtoa.c +276 -0
metadata +314 -0

data/vendor/libhydrogen/impl/pwhash.h ADDED Viewed

@@ -0,0 +1,281 @@
+#define hydro_pwhash_ENC_ALGBYTES 1
+#define hydro_pwhash_HASH_ALGBYTES 1
+#define hydro_pwhash_THREADSBYTES 1
+#define hydro_pwhash_OPSLIMITBYTES 8
+#define hydro_pwhash_MEMLIMITBYTES 8
+#define hydro_pwhash_HASHBYTES 32
+#define hydro_pwhash_SALTBYTES 16
+#define hydro_pwhash_PARAMSBYTES                                                           \
+    (hydro_pwhash_HASH_ALGBYTES + hydro_pwhash_THREADSBYTES + hydro_pwhash_OPSLIMITBYTES + \
+     hydro_pwhash_MEMLIMITBYTES + hydro_pwhash_SALTBYTES + hydro_pwhash_HASHBYTES)
+#define hydro_pwhash_ENC_ALG 0x01
+#define hydro_pwhash_HASH_ALG 0x01
+#define hydro_pwhash_CONTEXT "hydro_pw"
+static int
+_hydro_pwhash_hash(uint8_t out[hydro_random_SEEDBYTES], size_t h_len,
+                   const uint8_t salt[hydro_pwhash_SALTBYTES], const char *passwd,
+                   size_t passwd_len, const char ctx[hydro_pwhash_CONTEXTBYTES],
+                   const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES], uint64_t opslimit,
+                   size_t memlimit, uint8_t threads)
+{
+    _hydro_attr_aligned_(16) uint8_t state[gimli_BLOCKBYTES];
+    hydro_hash_state                 h_st;
+    uint8_t                          tmp64_u8[8];
+    uint64_t                         i;
+    uint8_t                          tmp8;
+    COMPILER_ASSERT(hydro_pwhash_MASTERKEYBYTES >= hydro_hash_KEYBYTES);
+    hydro_hash_init(&h_st, ctx, master_key);
+    STORE64_LE(tmp64_u8, (uint64_t) passwd_len);
+    hydro_hash_update(&h_st, tmp64_u8, sizeof tmp64_u8);
+    hydro_hash_update(&h_st, passwd, passwd_len);
+    hydro_hash_update(&h_st, salt, hydro_pwhash_SALTBYTES);
+    tmp8 = hydro_pwhash_HASH_ALG;
+    hydro_hash_update(&h_st, &tmp8, 1);
+    hydro_hash_update(&h_st, &threads, 1);
+    STORE64_LE(tmp64_u8, (uint64_t) memlimit);
+    hydro_hash_update(&h_st, tmp64_u8, sizeof tmp64_u8);
+    STORE64_LE(tmp64_u8, (uint64_t) h_len);
+    hydro_hash_update(&h_st, tmp64_u8, sizeof tmp64_u8);
+    hydro_hash_final(&h_st, (uint8_t *) (void *) &state, sizeof state);
+    gimli_core_u8(state, 1);
+    COMPILER_ASSERT(gimli_RATE >= 8);
+    for (i = 0; i < opslimit; i++) {
+        mem_zero(state, gimli_RATE);
+        STORE64_LE(state, i);
+        gimli_core_u8(state, 0);
+    }
+    mem_zero(state, gimli_RATE);
+    COMPILER_ASSERT(hydro_random_SEEDBYTES == gimli_CAPACITY);
+    memcpy(out, state + gimli_RATE, hydro_random_SEEDBYTES);
+    hydro_memzero(state, sizeof state);
+    return 0;
+}
+void
+hydro_pwhash_keygen(uint8_t master_key[hydro_pwhash_MASTERKEYBYTES])
+{
+    hydro_random_buf(master_key, hydro_pwhash_MASTERKEYBYTES);
+}
+int
+hydro_pwhash_deterministic(uint8_t *h, size_t h_len, const char *passwd, size_t passwd_len,
+                           const char    ctx[hydro_pwhash_CONTEXTBYTES],
+                           const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES], uint64_t opslimit,
+                           size_t memlimit, uint8_t threads)
+{
+    uint8_t seed[hydro_random_SEEDBYTES];
+    COMPILER_ASSERT(sizeof zero >= hydro_pwhash_SALTBYTES);
+    COMPILER_ASSERT(sizeof zero >= hydro_pwhash_MASTERKEYBYTES);
+    (void) memlimit;
+    if (_hydro_pwhash_hash(seed, h_len, zero, passwd, passwd_len, ctx, master_key, opslimit,
+                           memlimit, threads) != 0) {
+        return -1;
+    }
+    hydro_random_buf_deterministic(h, h_len, seed);
+    hydro_memzero(seed, sizeof seed);
+    return 0;
+}
+int
+hydro_pwhash_create(uint8_t stored[hydro_pwhash_STOREDBYTES], const char *passwd, size_t passwd_len,
+                    const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES], uint64_t opslimit,
+                    size_t memlimit, uint8_t threads)
+{
+    uint8_t *const enc_alg     = &stored[0];
+    uint8_t *const secretbox   = &enc_alg[hydro_pwhash_ENC_ALGBYTES];
+    uint8_t *const hash_alg    = &secretbox[hydro_secretbox_HEADERBYTES];
+    uint8_t *const threads_u8  = &hash_alg[hydro_pwhash_HASH_ALGBYTES];
+    uint8_t *const opslimit_u8 = &threads_u8[hydro_pwhash_THREADSBYTES];
+    uint8_t *const memlimit_u8 = &opslimit_u8[hydro_pwhash_OPSLIMITBYTES];
+    uint8_t *const salt        = &memlimit_u8[hydro_pwhash_MEMLIMITBYTES];
+    uint8_t *const h           = &salt[hydro_pwhash_SALTBYTES];
+    COMPILER_ASSERT(hydro_pwhash_STOREDBYTES >= hydro_pwhash_ENC_ALGBYTES +
+                                                    hydro_secretbox_HEADERBYTES +
+                                                    hydro_pwhash_PARAMSBYTES);
+    (void) memlimit;
+    mem_zero(stored, hydro_pwhash_STOREDBYTES);
+    *enc_alg    = hydro_pwhash_ENC_ALG;
+    *hash_alg   = hydro_pwhash_HASH_ALG;
+    *threads_u8 = threads;
+    STORE64_LE(opslimit_u8, opslimit);
+    STORE64_LE(memlimit_u8, (uint64_t) memlimit);
+    hydro_random_buf(salt, hydro_pwhash_SALTBYTES);
+    COMPILER_ASSERT(sizeof zero >= hydro_pwhash_MASTERKEYBYTES);
+    if (_hydro_pwhash_hash(h, hydro_pwhash_HASHBYTES, salt, passwd, passwd_len,
+                           hydro_pwhash_CONTEXT, zero, opslimit, memlimit, threads) != 0) {
+        return -1;
+    }
+    COMPILER_ASSERT(hydro_pwhash_MASTERKEYBYTES == hydro_secretbox_KEYBYTES);
+    return hydro_secretbox_encrypt(secretbox, hash_alg, hydro_pwhash_PARAMSBYTES,
+                                   (uint64_t) *enc_alg, hydro_pwhash_CONTEXT, master_key);
+}
+static int
+_hydro_pwhash_verify(uint8_t       computed_h[hydro_pwhash_HASHBYTES],
+                     const uint8_t stored[hydro_pwhash_STOREDBYTES], const char *passwd,
+                     size_t passwd_len, const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES],
+                     uint64_t opslimit_max, size_t memlimit_max, uint8_t threads_max)
+{
+    const uint8_t *const enc_alg   = &stored[0];
+    const uint8_t *const secretbox = &enc_alg[hydro_pwhash_ENC_ALGBYTES];
+    uint8_t        params[hydro_pwhash_PARAMSBYTES];
+    uint8_t *const hash_alg    = &params[0];
+    uint8_t *const threads_u8  = &hash_alg[hydro_pwhash_HASH_ALGBYTES];
+    uint8_t *const opslimit_u8 = &threads_u8[hydro_pwhash_THREADSBYTES];
+    uint8_t *const memlimit_u8 = &opslimit_u8[hydro_pwhash_OPSLIMITBYTES];
+    uint8_t *const salt        = &memlimit_u8[hydro_pwhash_MEMLIMITBYTES];
+    uint8_t *const h           = &salt[hydro_pwhash_SALTBYTES];
+    uint64_t opslimit;
+    size_t   memlimit;
+    uint8_t  threads;
+    (void) memlimit;
+    if (*enc_alg != hydro_pwhash_ENC_ALG) {
+        return -1;
+    }
+    if (hydro_secretbox_decrypt(params, secretbox,
+                                hydro_secretbox_HEADERBYTES + hydro_pwhash_PARAMSBYTES,
+                                (uint64_t) *enc_alg, hydro_pwhash_CONTEXT, master_key) != 0) {
+        return -1;
+    }
+    if (*hash_alg != hydro_pwhash_HASH_ALG || (opslimit = LOAD64_LE(opslimit_u8)) > opslimit_max ||
+        (memlimit = (size_t) LOAD64_LE(memlimit_u8)) > memlimit_max ||
+        (threads = *threads_u8) > threads_max) {
+        return -1;
+    }
+    if (_hydro_pwhash_hash(computed_h, hydro_pwhash_HASHBYTES, salt, passwd, passwd_len,
+                           hydro_pwhash_CONTEXT, zero, opslimit, memlimit, threads) == 0 &&
+        hydro_equal(computed_h, h, hydro_pwhash_HASHBYTES) == 1) {
+        return 0;
+    }
+    return -1;
+}
+int
+hydro_pwhash_verify(const uint8_t stored[hydro_pwhash_STOREDBYTES], const char *passwd,
+                    size_t passwd_len, const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES],
+                    uint64_t opslimit_max, size_t memlimit_max, uint8_t threads_max)
+{
+    uint8_t computed_h[hydro_pwhash_HASHBYTES];
+    int     ret;
+    ret = _hydro_pwhash_verify(computed_h, stored, passwd, passwd_len, master_key, opslimit_max,
+                               memlimit_max, threads_max);
+    hydro_memzero(computed_h, sizeof computed_h);
+    return ret;
+}
+int
+hydro_pwhash_derive_static_key(uint8_t *static_key, size_t static_key_len,
+                               const uint8_t stored[hydro_pwhash_STOREDBYTES], const char *passwd,
+                               size_t passwd_len, const char ctx[hydro_pwhash_CONTEXTBYTES],
+                               const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES],
+                               uint64_t opslimit_max, size_t memlimit_max, uint8_t threads_max)
+{
+    uint8_t computed_h[hydro_pwhash_HASHBYTES];
+    if (_hydro_pwhash_verify(computed_h, stored, passwd, passwd_len, master_key, opslimit_max,
+                             memlimit_max, threads_max) != 0) {
+        hydro_memzero(computed_h, sizeof computed_h);
+        return -1;
+    }
+    COMPILER_ASSERT(hydro_kdf_CONTEXTBYTES <= hydro_pwhash_CONTEXTBYTES);
+    COMPILER_ASSERT(hydro_kdf_KEYBYTES <= hydro_pwhash_HASHBYTES);
+    hydro_kdf_derive_from_key(static_key, static_key_len, 0, ctx, computed_h);
+    hydro_memzero(computed_h, sizeof computed_h);
+    return 0;
+}
+int
+hydro_pwhash_reencrypt(uint8_t       stored[hydro_pwhash_STOREDBYTES],
+                       const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES],
+                       const uint8_t new_master_key[hydro_pwhash_MASTERKEYBYTES])
+{
+    uint8_t *const enc_alg   = &stored[0];
+    uint8_t *const secretbox = &enc_alg[hydro_pwhash_ENC_ALGBYTES];
+    uint8_t *const params    = &secretbox[hydro_secretbox_HEADERBYTES];
+    if (*enc_alg != hydro_pwhash_ENC_ALG) {
+        return -1;
+    }
+    if (hydro_secretbox_decrypt(secretbox, secretbox,
+                                hydro_secretbox_HEADERBYTES + hydro_pwhash_PARAMSBYTES,
+                                (uint64_t) *enc_alg, hydro_pwhash_CONTEXT, master_key) != 0) {
+        return -1;
+    }
+    memmove(params, secretbox, hydro_pwhash_PARAMSBYTES);
+    return hydro_secretbox_encrypt(secretbox, params, hydro_pwhash_PARAMSBYTES, (uint64_t) *enc_alg,
+                                   hydro_pwhash_CONTEXT, new_master_key);
+}
+int
+hydro_pwhash_upgrade(uint8_t       stored[hydro_pwhash_STOREDBYTES],
+                     const uint8_t master_key[hydro_pwhash_MASTERKEYBYTES], uint64_t opslimit,
+                     size_t memlimit, uint8_t threads)
+{
+    uint8_t *const enc_alg     = &stored[0];
+    uint8_t *const secretbox   = &enc_alg[hydro_pwhash_ENC_ALGBYTES];
+    uint8_t *const params      = &secretbox[hydro_secretbox_HEADERBYTES];
+    uint8_t *const hash_alg    = &params[0];
+    uint8_t *const threads_u8  = &hash_alg[hydro_pwhash_HASH_ALGBYTES];
+    uint8_t *const opslimit_u8 = &threads_u8[hydro_pwhash_THREADSBYTES];
+    uint8_t *const memlimit_u8 = &opslimit_u8[hydro_pwhash_OPSLIMITBYTES];
+    uint8_t *const salt        = &memlimit_u8[hydro_pwhash_MEMLIMITBYTES];
+    uint8_t *const h           = &salt[hydro_pwhash_SALTBYTES];
+    _hydro_attr_aligned_(16) uint8_t state[gimli_BLOCKBYTES];
+    uint64_t                         i;
+    uint64_t                         opslimit_prev;
+    if (*enc_alg != hydro_pwhash_ENC_ALG) {
+        return -1;
+    }
+    if (hydro_secretbox_decrypt(secretbox, secretbox,
+                                hydro_secretbox_HEADERBYTES + hydro_pwhash_PARAMSBYTES,
+                                (uint64_t) *enc_alg, hydro_pwhash_CONTEXT, master_key) != 0) {
+        return -1;
+    }
+    memmove(params, secretbox, hydro_pwhash_PARAMSBYTES);
+    opslimit_prev = LOAD64_LE(opslimit_u8);
+    if (*hash_alg != hydro_pwhash_HASH_ALG) {
+        mem_zero(stored, hydro_pwhash_STOREDBYTES);
+        return -1;
+    }
+    COMPILER_ASSERT(hydro_random_SEEDBYTES == gimli_CAPACITY);
+    memcpy(state + gimli_RATE, h, hydro_random_SEEDBYTES);
+    for (i = opslimit_prev; i < opslimit; i++) {
+        mem_zero(state, gimli_RATE);
+        STORE64_LE(state, i);
+        gimli_core_u8(state, 0);
+    }
+    mem_zero(state, gimli_RATE);
+    memcpy(h, state + gimli_RATE, hydro_random_SEEDBYTES);
+    *threads_u8 = threads;
+    STORE64_LE(opslimit_u8, opslimit);
+    STORE64_LE(memlimit_u8, (uint64_t) memlimit);
+    return hydro_secretbox_encrypt(secretbox, params, hydro_pwhash_PARAMSBYTES, (uint64_t) *enc_alg,
+                                   hydro_pwhash_CONTEXT, master_key);
+}

data/vendor/libhydrogen/impl/random.h ADDED Viewed

@@ -0,0 +1,376 @@
+static TLS struct {
+    _hydro_attr_aligned_(16) uint8_t state[gimli_BLOCKBYTES];
+    uint64_t counter;
+    uint8_t  initialized;
+    uint8_t  available;
+} hydro_random_context;
+#if defined(AVR) && !defined(__unix__)
+#include <Arduino.h>
+static bool
+hydro_random_rbit(unsigned int x)
+{
+    size_t i;
+    bool   res = 0;
+    for (i = 0; i < sizeof x; i++) {
+        res ^= ((x >> i) & 1);
+    }
+    return res;
+}
+static int
+hydro_random_init(void)
+{
+    const char       ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
+    hydro_hash_state st;
+    uint16_t         ebits = 0;
+    uint16_t         tc;
+    bool             a, b;
+    cli();
+    MCUSR = 0;
+    WDTCSR |= _BV(WDCE) | _BV(WDE);
+    WDTCSR = _BV(WDIE);
+    sei();
+    hydro_hash_init(&st, ctx, NULL);
+    while (ebits < 256) {
+        delay(1);
+        tc = TCNT1;
+        hydro_hash_update(&st, (const uint8_t *) &tc, sizeof tc);
+        a = hydro_random_rbit(tc);
+        delay(1);
+        tc = TCNT1;
+        b  = hydro_random_rbit(tc);
+        hydro_hash_update(&st, (const uint8_t *) &tc, sizeof tc);
+        if (a == b) {
+            continue;
+        }
+        hydro_hash_update(&st, (const uint8_t *) &b, sizeof b);
+        ebits++;
+    }
+    cli();
+    MCUSR = 0;
+    WDTCSR |= _BV(WDCE) | _BV(WDE);
+    WDTCSR = 0;
+    sei();
+    hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
+    hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
+    return 0;
+}
+ISR(WDT_vect) {}
+#elif (defined(ESP32) || defined(ESP8266)) && !defined(__unix__)
+// Important: RF *must* be activated on ESP board
+// https://techtutorialsx.com/2017/12/22/esp32-arduino-random-number-generation/
+#include <esp_system.h>
+static int
+hydro_random_init(void)
+{
+    const char       ctx[hydro_hash_CONTEXTBYTES] = { 'h', 'y', 'd', 'r', 'o', 'P', 'R', 'G' };
+    hydro_hash_state st;
+    uint16_t         ebits = 0;
+    uint16_t         tc;
+    bool             a, b;
+    hydro_hash_init(&st, ctx, NULL);
+    while (ebits < 256) {
+        uint32_t r = esp_random();
+        delay(10);
+        hydro_hash_update(&st, (const uint32_t *) &r, sizeof r);
+        ebits += 32;
+    }
+    hydro_hash_final(&st, hydro_random_context.state, sizeof hydro_random_context.state);
+    hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
+    return 0;
+}
+#elif defined(_WIN32)
+#include <windows.h>
+#define RtlGenRandom SystemFunction036
+#if defined(__cplusplus)
+extern "C"
+#endif
+    BOOLEAN NTAPI
+            RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength);
+#pragma comment(lib, "advapi32.lib")
+static int
+hydro_random_init(void)
+{
+    if (!RtlGenRandom((PVOID) hydro_random_context.state,
+                      (ULONG) sizeof hydro_random_context.state)) {
+        return -1;
+    }
+    hydro_random_context.counter = ~LOAD64_LE(hydro_random_context.state);
+    return 0;
+}
+#elif defined(__unix__)
+#include <errno.h>
+#include <fcntl.h>
+#ifdef __linux__
+#include <poll.h>
+#endif
+#include <sys/types.h>
+#include <unistd.h>
+#ifdef __linux__
+static int
+hydro_random_block_on_dev_random(void)
+{
+    struct pollfd pfd;
+    int           fd;
+    int           pret;
+    fd = open("/dev/random", O_RDONLY);
+    if (fd == -1) {
+        return 0;
+    }
+    pfd.fd      = fd;
+    pfd.events  = POLLIN;
+    pfd.revents = 0;
+    do {
+        pret = poll(&pfd, 1, -1);
+    } while (pret < 0 && (errno == EINTR || errno == EAGAIN));
+    if (pret != 1) {
+        (void) close(fd);
+        errno = EIO;
+        return -1;
+    }
+    return close(fd);
+}
+#endif
+static ssize_t
+hydro_random_safe_read(const int fd, void *const buf_, size_t len)
+{
+    unsigned char *buf = (unsigned char *) buf_;
+    ssize_t        readnb;
+    do {
+        while ((readnb = read(fd, buf, len)) < (ssize_t) 0 && (errno == EINTR || errno == EAGAIN))
+            ;
+        if (readnb < (ssize_t) 0) {
+            return readnb;
+        }
+        if (readnb == (ssize_t) 0) {
+            break;
+        }
+        len -= (size_t) readnb;
+        buf += readnb;
+    } while (len > (ssize_t) 0);
+    return (ssize_t)(buf - (unsigned char *) buf_);
+}
+static int
+hydro_random_init(void)
+{
+    uint8_t tmp[gimli_BLOCKBYTES + 8];
+    int     fd;
+    int     ret = -1;
+#ifdef __linux__
+    if (hydro_random_block_on_dev_random() != 0) {
+        return -1;
+    }
+#endif
+    do {
+        fd = open("/dev/urandom", O_RDONLY);
+        if (fd == -1 && errno != EINTR) {
+            return -1;
+        }
+    } while (fd == -1);
+    if (hydro_random_safe_read(fd, tmp, sizeof tmp) == (ssize_t) sizeof tmp) {
+        memcpy(hydro_random_context.state, tmp, gimli_BLOCKBYTES);
+        memcpy(&hydro_random_context.counter, tmp + gimli_BLOCKBYTES, 8);
+        hydro_memzero(tmp, sizeof tmp);
+        ret = 0;
+    }
+    ret |= close(fd);
+    return ret;
+}
+#elif defined(TARGET_LIKE_MBED)
+#include <mbedtls/ctr_drbg.h>
+#include <mbedtls/entropy.h>
+#if defined(MBEDTLS_ENTROPY_C)
+static int
+hydro_random_init(void)
+{
+    mbedtls_entropy_context entropy;
+    uint16_t                pos = 0;
+    mbedtls_entropy_init(&entropy);
+    // Pull data directly out of the entropy pool for the state, as it's small enough.
+    if (mbedtls_entropy_func(&entropy, (uint8_t *) &hydro_random_context.counter,
+                             sizeof hydro_random_context.counter) != 0) {
+        return -1;
+    }
+    // mbedtls_entropy_func can't provide more than MBEDTLS_ENTROPY_BLOCK_SIZE in one go.
+    // This constant depends of mbedTLS configuration (whether the PRNG is backed by SHA256/SHA512
+    // at this time) Therefore, if necessary, we get entropy multiple times.
+    do {
+        const uint8_t dataLeftToConsume = gimli_BLOCKBYTES - pos;
+        const uint8_t currentChunkSize  = (dataLeftToConsume > MBEDTLS_ENTROPY_BLOCK_SIZE)
+                                             ? MBEDTLS_ENTROPY_BLOCK_SIZE
+                                             : dataLeftToConsume;
+        // Forces mbedTLS to fetch fresh entropy, then get some to feed libhydrogen.
+        if (mbedtls_entropy_gather(&entropy) != 0 ||
+            mbedtls_entropy_func(&entropy, &hydro_random_context.state[pos], currentChunkSize) != 0) {
+            return -1;
+        }
+        pos += MBEDTLS_ENTROPY_BLOCK_SIZE;
+    } while (pos < gimli_BLOCKBYTES);
+    mbedtls_entropy_free(&entropy);
+    return 0;
+}
+#else
+#error Need an entropy source
+#endif
+#else
+#error Unsupported platform
+#endif
+static void
+hydro_random_check_initialized(void)
+{
+    if (hydro_random_context.initialized == 0) {
+        if (hydro_random_init() != 0) {
+            abort();
+        }
+        gimli_core_u8(hydro_random_context.state, 0);
+        hydro_random_ratchet();
+        hydro_random_context.initialized = 1;
+    }
+}
+void
+hydro_random_ratchet(void)
+{
+    mem_zero(hydro_random_context.state, gimli_RATE);
+    STORE64_LE(hydro_random_context.state, hydro_random_context.counter);
+    hydro_random_context.counter++;
+    gimli_core_u8(hydro_random_context.state, 0);
+    hydro_random_context.available = gimli_RATE;
+}
+uint32_t
+hydro_random_u32(void)
+{
+    uint32_t v;
+    hydro_random_check_initialized();
+    if (hydro_random_context.available < 4) {
+        hydro_random_ratchet();
+    }
+    memcpy(&v, &hydro_random_context.state[gimli_RATE - hydro_random_context.available], 4);
+    hydro_random_context.available -= 4;
+    return v;
+}
+uint32_t
+hydro_random_uniform(const uint32_t upper_bound)
+{
+    uint32_t min;
+    uint32_t r;
+    if (upper_bound < 2U) {
+        return 0;
+    }
+    min = (1U + ~upper_bound) % upper_bound; /* = 2**32 mod upper_bound */
+    do {
+        r = hydro_random_u32();
+    } while (r < min);
+    /* r is now clamped to a set whose size mod upper_bound == 0
+     * the worst case (2**31+1) requires 2 attempts on average */
+    return r % upper_bound;
+}
+void
+hydro_random_buf(void *out, size_t out_len)
+{
+    uint8_t *p = (uint8_t *) out;
+    size_t   i;
+    size_t   leftover;
+    for (i = 0; i < out_len / gimli_RATE; i++) {
+        gimli_core_u8(hydro_random_context.state, 0);
+        memcpy(p + i * gimli_RATE, hydro_random_context.state, gimli_RATE);
+    }
+    leftover = out_len % gimli_RATE;
+    if (leftover != 0) {
+        gimli_core_u8(hydro_random_context.state, 0);
+        mem_cpy(p + i * gimli_RATE, hydro_random_context.state, leftover);
+    }
+    hydro_random_ratchet();
+}
+void
+hydro_random_buf_deterministic(void *out, size_t out_len,
+                               const uint8_t seed[hydro_random_SEEDBYTES])
+{
+    static const uint8_t             prefix[] = { 7, 'd', 'r', 'b', 'g', '2', '5', '6' };
+    _hydro_attr_aligned_(16) uint8_t state[gimli_BLOCKBYTES];
+    uint8_t *                        p = (uint8_t *) out;
+    size_t                           i;
+    size_t                           leftover;
+    mem_zero(state, gimli_BLOCKBYTES);
+    COMPILER_ASSERT(sizeof prefix + 8 <= gimli_RATE);
+    memcpy(state, prefix, sizeof prefix);
+    STORE64_LE(state + sizeof prefix, (uint64_t) out_len);
+    gimli_core_u8(state, 1);
+    COMPILER_ASSERT(hydro_random_SEEDBYTES == gimli_RATE * 2);
+    mem_xor(state, seed, gimli_RATE);
+    gimli_core_u8(state, 2);
+    mem_xor(state, seed + gimli_RATE, gimli_RATE);
+    gimli_core_u8(state, 2);
+    for (i = 0; i < out_len / gimli_RATE; i++) {
+        gimli_core_u8(state, 0);
+        memcpy(p + i * gimli_RATE, state, gimli_RATE);
+    }
+    leftover = out_len % gimli_RATE;
+    if (leftover != 0) {
+        gimli_core_u8(state, 0);
+        mem_cpy(p + i * gimli_RATE, state, leftover);
+    }
+    hydro_random_ratchet();
+}
+void
+hydro_random_reseed(void)
+{
+    hydro_random_context.initialized = 0;
+    hydro_random_check_initialized();
+}