RubyGems - rbnacl-libsodium - Versions diffs - 0.4.5 → 0.5.0 - Mend

rbnacl-libsodium 0.4.5 → 0.5.0

Files changed (282) hide show

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305_try.c CHANGED Viewed

@@ -1,152 +1,13 @@
 #include <stdlib.h>
 #include <string.h>
-#include "crypto_hash_sha256.h"
 #include "crypto_onetimeauth.h"
 #include "crypto_onetimeauth_poly1305.h"
 #include "crypto_onetimeauth_poly1305_donna.h"
-#include "crypto_onetimeauth_poly1305_53.h"
 #include "utils.h"
-#define MAXTEST_BYTES 10000
-#define CHECKSUM_BYTES 4096
-#define CHECKSUM "e836d5ca58cf673fca2b4910f23f3990"
-static char checksum[crypto_onetimeauth_BYTES * 2U + 1U];
-static unsigned char *h,  *h_;
-static unsigned char *m,  *m_;
-static unsigned char *k,  *k_;
-static unsigned char *h2, *h2_;
-static unsigned char *m2, *m2_;
-static unsigned char *k2, *k2_;
-static int
-allocate(void)
-{
-    h  = _sodium_alignedcalloc(&h_, crypto_onetimeauth_BYTES);
-    m  = _sodium_alignedcalloc(&m_, MAXTEST_BYTES);
-    k  = _sodium_alignedcalloc(&k_, crypto_onetimeauth_KEYBYTES);
-    h2 = _sodium_alignedcalloc(&h2_, crypto_onetimeauth_BYTES);
-    m2 = _sodium_alignedcalloc(&m2_, MAXTEST_BYTES + crypto_onetimeauth_BYTES);
-    k2 = _sodium_alignedcalloc(&k2_, crypto_onetimeauth_KEYBYTES +
-                               crypto_onetimeauth_BYTES);
-    return -!(h && m && k && h2 && m2 && k2);
-}
-static void
-deallocate(void)
-{
-    free(h_);
-    free(m_);
-    free(k_);
-    free(h2_);
-    free(m2_);
-    free(k2_);
-}
-#ifdef HAVE_ARC4RANDOM
-# undef rand
-# define rand(X) arc4random(X)
-#endif
-static const char *
-checksum_compute(void)
-{
-    long long i;
-    long long j;
-    for (i = 0;i < CHECKSUM_BYTES;++i) {
-        long long mlen = i;
-        long long klen = crypto_onetimeauth_KEYBYTES;
-        long long hlen = crypto_onetimeauth_BYTES;
-        for (j = -16;j < 0;++j) h[j] = rand();
-        for (j = -16;j < 0;++j) k[j] = rand();
-        for (j = -16;j < 0;++j) m[j] = rand();
-        for (j = hlen;j < hlen + 16;++j) h[j] = rand();
-        for (j = klen;j < klen + 16;++j) k[j] = rand();
-        for (j = mlen;j < mlen + 16;++j) m[j] = rand();
-        for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
-        for (j = -16;j < klen + 16;++j) k2[j] = k[j];
-        for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-        if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
-        for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
-        for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
-        for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes before output";
-        for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth writes after output";
-        for (j = -16;j < 0;++j) h[j] = rand();
-        for (j = -16;j < 0;++j) k[j] = rand();
-        for (j = -16;j < 0;++j) m[j] = rand();
-        for (j = hlen;j < hlen + 16;++j) h[j] = rand();
-        for (j = klen;j < klen + 16;++j) k[j] = rand();
-        for (j = mlen;j < mlen + 16;++j) m[j] = rand();
-        for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
-        for (j = -16;j < klen + 16;++j) k2[j] = k[j];
-        for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
-        if (crypto_onetimeauth(m2,m2,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
-        for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_onetimeauth does not handle m overlap";
-        for (j = 0;j < hlen;++j) m2[j] = m[j];
-        if (crypto_onetimeauth(k2,m2,mlen,k2) != 0) return "crypto_onetimeauth returns nonzero";
-        for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_onetimeauth does not handle k overlap";
-        for (j = 0;j < hlen;++j) k2[j] = k[j];
-        if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
-        for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_onetimeauth overwrites h";
-        for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_onetimeauth overwrites k";
-        for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_onetimeauth overwrites m";
-        crypto_hash_sha256(h2,h,hlen);
-        for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
-        if (crypto_onetimeauth(h,m,mlen,k) != 0) return "crypto_onetimeauth returns nonzero";
-        if (crypto_onetimeauth_verify(h,m,mlen,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
-        crypto_hash_sha256(h2,h,hlen);
-        for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
-        m[mlen] = h2[0];
-    }
-    if (crypto_onetimeauth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth returns nonzero";
-    if (crypto_onetimeauth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_onetimeauth_verify returns nonzero";
-    sodium_bin2hex(checksum, sizeof checksum, h, crypto_onetimeauth_BYTES);
-    return NULL;
-}
 crypto_onetimeauth_poly1305_implementation *
 crypto_onetimeauth_pick_best_implementation(void)
 {
-    crypto_onetimeauth_poly1305_implementation *implementations[] = {
-#ifdef HAVE_FENV_H
-        &crypto_onetimeauth_poly1305_53_implementation,
-#endif
-        &crypto_onetimeauth_poly1305_donna_implementation,
-        NULL
-    };
-    const char *err;
-    size_t      i = (size_t) 0U;
-    do {
-        if (crypto_onetimeauth_poly1305_set_implementation
-            (implementations[i]) != 0) {
-            continue;
-        }
-        if (allocate() != 0) {
-            return NULL;
-        }
-        err = checksum_compute();
-        deallocate();
-        if (err == NULL && strcmp(checksum, CHECKSUM) == 0) {
-            break;
-        }
-    } while (implementations[++i] != NULL);
-    return implementations[i];
+    return &crypto_onetimeauth_poly1305_donna_implementation;
 }

data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptxsalsa208sha256/crypto_scrypt-common.c ADDED Viewed

@@ -0,0 +1,250 @@
+/*-
+ * Copyright 2013 Alexander Peslyak
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+#include <stdint.h>
+#include <string.h>
+#include "crypto_pwhash_scryptxsalsa208sha256.h"
+#include "crypto_scrypt.h"
+#include "runtime.h"
+#include "utils.h"
+static const char * const itoa64 =
+    "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+static uint8_t *
+encode64_uint32(uint8_t * dst, size_t dstlen, uint32_t src, uint32_t srcbits)
+{
+    uint32_t bit;
+    for (bit = 0; bit < srcbits; bit += 6) {
+        if (dstlen < 1) {
+            return NULL;
+        }
+        *dst++ = itoa64[src & 0x3f];
+        dstlen--;
+        src >>= 6;
+    }
+    return dst;
+}
+static uint8_t *
+encode64(uint8_t * dst, size_t dstlen, const uint8_t * src, size_t srclen)
+{
+    size_t i;
+    for (i = 0; i < srclen; ) {
+        uint8_t * dnext;
+        uint32_t value = 0, bits = 0;
+        do {
+            value |= (uint32_t)src[i++] << bits;
+            bits += 8;
+        } while (bits < 24 && i < srclen);
+        dnext = encode64_uint32(dst, dstlen, value, bits);
+        if (!dnext) {
+            return NULL;
+        }
+        dstlen -= dnext - dst;
+        dst = dnext;
+    }
+    return dst;
+}
+static int
+decode64_one(uint32_t * dst, uint8_t src)
+{
+    const char *ptr = strchr(itoa64, src);
+    if (ptr) {
+        *dst = ptr - itoa64;
+        return 0;
+    }
+    *dst = 0;
+    return -1;
+}
+static const uint8_t *
+decode64_uint32(uint32_t * dst, uint32_t dstbits, const uint8_t * src)
+{
+    uint32_t bit;
+    uint32_t value;
+    value = 0;
+    for (bit = 0; bit < dstbits; bit += 6) {
+        uint32_t one;
+        if (decode64_one(&one, *src)) {
+            *dst = 0;
+            return NULL;
+        }
+        src++;
+        value |= one << bit;
+    }
+    *dst = value;
+    return src;
+}
+uint8_t *
+escrypt_r(escrypt_local_t * local, const uint8_t * passwd, size_t passwdlen,
+          const uint8_t * setting, uint8_t * buf, size_t buflen)
+{
+    uint8_t        hash[crypto_pwhash_scryptxsalsa208sha256_STRHASHBYTES];
+    escrypt_kdf_t  escrypt_kdf;
+    const uint8_t *src;
+    const uint8_t *salt;
+    uint8_t       *dst;
+    size_t         prefixlen;
+    size_t         saltlen;
+    size_t         need;
+    uint64_t       N;
+    uint32_t       N_log2;
+    uint32_t       r;
+    uint32_t       p;
+    if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$') {
+        return NULL;
+    }
+    src = setting + 3;
+    if (decode64_one(&N_log2, *src)) {
+        return NULL;
+    }
+    src++;
+    N = (uint64_t)1 << N_log2;
+    src = decode64_uint32(&r, 30, src);
+    if (!src) {
+        return NULL;
+    }
+    src = decode64_uint32(&p, 30, src);
+    if (!src) {
+        return NULL;
+    }
+    prefixlen = src - setting;
+    salt = src;
+    src = (uint8_t *) strrchr((char *)salt, '$');
+    if (src) {
+        saltlen = src - salt;
+    } else {
+        saltlen = strlen((char *)salt);
+    }
+    need = prefixlen + saltlen + 1 +
+        crypto_pwhash_scryptxsalsa208sha256_STRHASHBYTES_ENCODED + 1;
+    if (need > buflen || need < saltlen) {
+        return NULL;
+    }
+#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
+    escrypt_kdf =
+        sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
+#else
+    escrypt_kdf = escrypt_kdf_nosse;
+#endif
+    if (escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
+                    N, r, p, hash, sizeof(hash))) {
+        return NULL;
+    }
+    dst = buf;
+    memcpy(dst, setting, prefixlen + saltlen);
+    dst += prefixlen + saltlen;
+    *dst++ = '$';
+    dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
+    sodium_memzero(hash, sizeof hash);
+    if (!dst || dst >= buf + buflen) { /* Can't happen */
+        return NULL;
+    }
+    *dst = 0; /* NUL termination */
+    return buf;
+}
+uint8_t *
+escrypt_gensalt_r(uint32_t N_log2, uint32_t r, uint32_t p,
+                  const uint8_t * src, size_t srclen,
+                  uint8_t * buf, size_t buflen)
+{
+    uint8_t *dst;
+    size_t   prefixlen =
+        (sizeof "$7$" - 1U) + (1U /* N_log2 */) + (5U /* r */) + (5U /* p */);
+    size_t   saltlen = BYTES2CHARS(srclen);
+    size_t   need;
+    need = prefixlen + saltlen + 1;
+    if (need > buflen || need < saltlen || saltlen < srclen) {
+        return NULL;
+    }
+    if (N_log2 > 63 || ((uint64_t)r * (uint64_t)p >= (1U << 30))) {
+        return NULL;
+    }
+    dst = buf;
+    *dst++ = '$';
+    *dst++ = '7';
+    *dst++ = '$';
+    *dst++ = itoa64[N_log2];
+    dst = encode64_uint32(dst, buflen - (dst - buf), r, 30);
+    if (!dst) { /* Can't happen */
+        return NULL;
+    }
+    dst = encode64_uint32(dst, buflen - (dst - buf), p, 30);
+    if (!dst) { /* Can't happen */
+        return NULL;
+    }
+    dst = encode64(dst, buflen - (dst - buf), src, srclen);
+    if (!dst || dst >= buf + buflen) { /* Can't happen */
+        return NULL;
+    }
+    *dst = 0; /* NUL termination */
+    return buf;
+}
+int
+crypto_scrypt_compat(const uint8_t * passwd, size_t passwdlen,
+                     const uint8_t * salt, size_t saltlen,
+                     uint64_t N, uint32_t r, uint32_t p,
+                     uint8_t * buf, size_t buflen)
+{
+    escrypt_kdf_t   escrypt_kdf;
+    escrypt_local_t local;
+    int             retval;
+    if (escrypt_init_local(&local)) {
+        return -1;
+    }
+#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
+    escrypt_kdf =
+        sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
+#else
+    escrypt_kdf = escrypt_kdf_nosse;
+#endif
+    retval = escrypt_kdf(&local,
+                         passwd, passwdlen, salt, saltlen,
+                         N, r, p, buf, buflen);
+    if (escrypt_free_local(&local)) {
+        return -1;
+    }
+    return retval;
+}

data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptxsalsa208sha256/crypto_scrypt.h ADDED Viewed

@@ -0,0 +1,100 @@
+/*-
+ * Copyright 2009 Colin Percival
+ * Copyright 2013 Alexander Peslyak
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * This file was originally written by Colin Percival as part of the Tarsnap
+ * online backup system.
+ */
+#ifndef _CRYPTO_SCRYPT_H_
+#define _CRYPTO_SCRYPT_H_
+#include <stdint.h>
+#define crypto_pwhash_scryptxsalsa208sha256_STRPREFIXBYTES 14
+#define crypto_pwhash_scryptxsalsa208sha256_STRSETTINGBYTES 57
+#define crypto_pwhash_scryptxsalsa208sha256_STRSALTBYTES 32
+#define crypto_pwhash_scryptxsalsa208sha256_STRSALTBYTES_ENCODED 43
+#define crypto_pwhash_scryptxsalsa208sha256_STRHASHBYTES 32
+#define crypto_pwhash_scryptxsalsa208sha256_STRHASHBYTES_ENCODED 43
+#define BYTES2CHARS(bytes) ((((bytes) * 8) + 5) / 6)
+/**
+ * crypto_scrypt_compat(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen):
+ * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r,
+ * p, buflen) and write the result into buf.  The parameters r, p, and buflen
+ * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32.  The parameter N
+ * must be a power of 2 greater than 1.
+ *
+ * Return 0 on success; or -1 on error.
+ */
+extern int crypto_scrypt_compat(const uint8_t * __passwd, size_t __passwdlen,
+    const uint8_t * __salt, size_t __saltlen,
+    uint64_t __N, uint32_t __r, uint32_t __p,
+    uint8_t * __buf, size_t __buflen);
+typedef struct {
+	void * base, * aligned;
+	size_t size;
+} escrypt_region_t;
+typedef escrypt_region_t escrypt_local_t;
+extern int escrypt_init_local(escrypt_local_t * __local);
+extern int escrypt_free_local(escrypt_local_t * __local);
+extern void *alloc_region(escrypt_region_t * region, size_t size);
+extern int free_region(escrypt_region_t * region);
+typedef int (*escrypt_kdf_t)(escrypt_local_t * __local,
+                             const uint8_t * __passwd, size_t __passwdlen,
+                             const uint8_t * __salt, size_t __saltlen,
+                             uint64_t __N, uint32_t __r, uint32_t __p,
+                             uint8_t * __buf, size_t __buflen);
+extern int escrypt_kdf_nosse(escrypt_local_t * __local,
+    const uint8_t * __passwd, size_t __passwdlen,
+    const uint8_t * __salt, size_t __saltlen,
+    uint64_t __N, uint32_t __r, uint32_t __p,
+    uint8_t * __buf, size_t __buflen);
+extern int escrypt_kdf_sse(escrypt_local_t * __local,
+    const uint8_t * __passwd, size_t __passwdlen,
+    const uint8_t * __salt, size_t __saltlen,
+    uint64_t __N, uint32_t __r, uint32_t __p,
+    uint8_t * __buf, size_t __buflen);
+extern uint8_t * escrypt_r(escrypt_local_t * __local,
+    const uint8_t * __passwd, size_t __passwdlen,
+    const uint8_t * __setting,
+    uint8_t * __buf, size_t __buflen);
+extern uint8_t * escrypt_gensalt_r(
+    uint32_t __N_log2, uint32_t __r, uint32_t __p,
+    const uint8_t * __src, size_t __srclen,
+    uint8_t * __buf, size_t __buflen);
+#endif /* !_CRYPTO_SCRYPT_H_ */