rbnacl-libsodium 0.5.0.1 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (144) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGES.md +4 -0
  3. data/lib/rbnacl/libsodium/version.rb +1 -1
  4. data/vendor/libsodium/AUTHORS +62 -81
  5. data/vendor/libsodium/ChangeLog +31 -1
  6. data/vendor/libsodium/README.markdown +15 -364
  7. data/vendor/libsodium/THANKS +6 -0
  8. data/vendor/libsodium/autom4te.cache/output.0 +67 -36
  9. data/vendor/libsodium/autom4te.cache/output.1 +67 -36
  10. data/vendor/libsodium/autom4te.cache/output.2 +67 -36
  11. data/vendor/libsodium/autom4te.cache/traces.0 +52 -51
  12. data/vendor/libsodium/autom4te.cache/traces.1 +137 -133
  13. data/vendor/libsodium/autom4te.cache/traces.2 +52 -51
  14. data/vendor/libsodium/builds/msvc/version.h +2 -2
  15. data/vendor/libsodium/builds/msvc/vs2010/libsodium/libsodium.vcxproj +365 -345
  16. data/vendor/libsodium/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters +1114 -1037
  17. data/vendor/libsodium/builds/msvc/vs2010/test/test.props +8 -2
  18. data/vendor/libsodium/builds/msvc/vs2012/libsodium/libsodium.vcxproj +364 -344
  19. data/vendor/libsodium/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters +1113 -1036
  20. data/vendor/libsodium/builds/msvc/vs2012/test/test.props +8 -2
  21. data/vendor/libsodium/builds/msvc/vs2013/libsodium/libsodium.vcxproj +365 -345
  22. data/vendor/libsodium/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters +1114 -1037
  23. data/vendor/libsodium/builds/msvc/vs2013/test/test.props +8 -2
  24. data/vendor/libsodium/configure +66 -35
  25. data/vendor/libsodium/configure.ac +25 -14
  26. data/vendor/libsodium/dist-build/ios.sh +1 -1
  27. data/vendor/libsodium/dist-build/msys2-win64.sh +1 -1
  28. data/vendor/libsodium/libsodium.vcxproj +29 -14
  29. data/vendor/libsodium/libsodium.vcxproj.filters +77 -28
  30. data/vendor/libsodium/msvc-scripts/process.bat +3 -3
  31. data/vendor/libsodium/packaging/nuget/package.config +1 -1
  32. data/vendor/libsodium/packaging/nuget/package.gsl +6 -1
  33. data/vendor/libsodium/packaging/nuget/package.nuspec +1 -1
  34. data/vendor/libsodium/src/libsodium/Makefile.am +31 -13
  35. data/vendor/libsodium/src/libsodium/Makefile.in +406 -155
  36. data/vendor/libsodium/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c +146 -0
  37. data/vendor/libsodium/src/libsodium/crypto_box/crypto_box.c +13 -0
  38. data/vendor/libsodium/src/libsodium/crypto_box/crypto_box_easy.c +39 -73
  39. data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305_api.c +5 -0
  40. data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/api.h +2 -0
  41. data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/keypair_curve25519xsalsa20poly1305.c +15 -0
  42. data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c +6 -5
  43. data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2s-ref.c +6 -5
  44. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/crypto_onetimeauth.c +25 -0
  45. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c +76 -47
  46. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h +30 -7
  47. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h +3 -16
  48. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h +3 -10
  49. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/verify_poly1305_donna.c +11 -6
  50. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c +23 -1
  51. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305_try.c +1 -1
  52. data/vendor/libsodium/src/libsodium/crypto_pwhash/{scryptxsalsa208sha256 → scryptsalsa208sha256}/crypto_scrypt-common.c +7 -7
  53. data/vendor/libsodium/src/libsodium/crypto_pwhash/{scryptxsalsa208sha256 → scryptsalsa208sha256}/crypto_scrypt.h +6 -20
  54. data/vendor/libsodium/src/libsodium/crypto_pwhash/{scryptxsalsa208sha256/nosse/pwhash_scryptxsalsa208sha256_nosse.c → scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c} +0 -0
  55. data/vendor/libsodium/src/libsodium/crypto_pwhash/{scryptxsalsa208sha256 → scryptsalsa208sha256}/pbkdf2-sha256.c +1 -11
  56. data/vendor/libsodium/src/libsodium/crypto_pwhash/{scryptxsalsa208sha256 → scryptsalsa208sha256}/pbkdf2-sha256.h +0 -0
  57. data/vendor/libsodium/src/libsodium/crypto_pwhash/{scryptxsalsa208sha256/pwhash_scryptxsalsa208sha256.c → scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c} +50 -25
  58. data/vendor/libsodium/src/libsodium/crypto_pwhash/{scryptxsalsa208sha256 → scryptsalsa208sha256}/scrypt_platform.c +4 -0
  59. data/vendor/libsodium/src/libsodium/crypto_pwhash/{scryptxsalsa208sha256/sse/pwhash_scryptxsalsa208sha256_sse.c → scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c} +0 -0
  60. data/vendor/libsodium/src/libsodium/crypto_pwhash/{scryptxsalsa208sha256 → scryptsalsa208sha256}/sysendian.h +0 -0
  61. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c +1 -1
  62. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/{ref → ref10}/api.h +0 -3
  63. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/base_curve25519_ref10.c +14 -0
  64. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe.h +44 -0
  65. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_0_curve25519_ref10.c +23 -0
  66. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_1_curve25519_ref10.c +23 -0
  67. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_add_curve25519_ref10.c +61 -0
  68. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_copy_curve25519_ref10.c +33 -0
  69. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_cswap_curve25519_ref10.c +77 -0
  70. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_frombytes_curve25519_ref10.c +73 -0
  71. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_invert_curve25519_ref10.c +18 -0
  72. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_mul121666_curve25519_ref10.c +74 -0
  73. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_mul_curve25519_ref10.c +257 -0
  74. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_sq_curve25519_ref10.c +153 -0
  75. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_sub_curve25519_ref10.c +61 -0
  76. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_tobytes_curve25519_ref10.c +123 -0
  77. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/montgomery.h +140 -0
  78. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/pow225521.h +160 -0
  79. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/scalarmult_curve25519_ref10.c +54 -0
  80. data/vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c +92 -61
  81. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_scalarmult_base.c +3 -3
  82. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/pow22523.h +2 -2
  83. data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/pow225521.h +2 -2
  84. data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519_edwards25519sha512batch.c +8 -4
  85. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/consts_aes128ctr.c +3 -3
  86. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/int128.h +6 -3
  87. data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/int128_aes128ctr.c +23 -23
  88. data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/api.h +12 -0
  89. data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c +275 -0
  90. data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/stream_chacha20_api.c +36 -0
  91. data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/amd64_xmm6/stream_salsa20_amd64_xmm6.S +11 -10
  92. data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/ref/xor_salsa20_ref.c +8 -3
  93. data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/stream_salsa20_api.c +8 -0
  94. data/vendor/libsodium/src/libsodium/include/Makefile.am +3 -2
  95. data/vendor/libsodium/src/libsodium/include/Makefile.in +3 -2
  96. data/vendor/libsodium/src/libsodium/include/sodium.h +3 -1
  97. data/vendor/libsodium/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h +55 -0
  98. data/vendor/libsodium/src/libsodium/include/sodium/crypto_box.h +21 -0
  99. data/vendor/libsodium/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h +11 -1
  100. data/vendor/libsodium/src/libsodium/include/sodium/crypto_hash.h +7 -0
  101. data/vendor/libsodium/src/libsodium/include/sodium/crypto_hash_sha256.h +7 -0
  102. data/vendor/libsodium/src/libsodium/include/sodium/crypto_hash_sha512.h +7 -0
  103. data/vendor/libsodium/src/libsodium/include/sodium/crypto_onetimeauth.h +15 -0
  104. data/vendor/libsodium/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h +25 -0
  105. data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h +80 -0
  106. data/vendor/libsodium/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h +2 -2
  107. data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretbox.h +14 -0
  108. data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h +11 -0
  109. data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_aes256estream.h +11 -6
  110. data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_chacha20.h +49 -0
  111. data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa20.h +6 -0
  112. data/vendor/libsodium/src/libsodium/include/sodium/randombytes.h +7 -7
  113. data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +10 -14
  114. data/vendor/libsodium/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +10 -13
  115. data/vendor/libsodium/src/libsodium/sodium/compat.c +55 -4
  116. data/vendor/libsodium/src/libsodium/sodium/utils.c +18 -0
  117. data/vendor/libsodium/test/default/Makefile.am +24 -12
  118. data/vendor/libsodium/test/default/Makefile.in +116 -73
  119. data/vendor/libsodium/test/default/aead_chacha20poly1305.c +97 -0
  120. data/vendor/libsodium/test/default/aead_chacha20poly1305.exp +8 -0
  121. data/vendor/libsodium/test/default/box_easy.c +1 -1
  122. data/vendor/libsodium/test/default/box_seed.c +28 -0
  123. data/vendor/libsodium/test/default/box_seed.exp +8 -0
  124. data/vendor/libsodium/test/default/chacha20.c +45 -0
  125. data/vendor/libsodium/test/default/chacha20.exp +5 -0
  126. data/vendor/libsodium/test/default/pwhash.c +83 -15
  127. data/vendor/libsodium/test/default/pwhash.exp +10 -1
  128. data/vendor/libsodium/test/default/pwhash_scrypt_ll.c +67 -0
  129. data/vendor/libsodium/test/default/pwhash_scrypt_ll.exp +15 -0
  130. data/vendor/libsodium/test/default/secretbox_easy.c +13 -1
  131. data/vendor/libsodium/test/default/secretbox_easy.exp +19 -0
  132. data/vendor/libsodium/test/default/secretbox_easy2.c +5 -0
  133. data/vendor/libsodium/test/default/secretbox_easy2.exp +1 -0
  134. data/vendor/libsodium/test/default/sign.c +7 -3
  135. metadata +44 -21
  136. data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/api.h +0 -8
  137. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref/base_curve25519_ref.c +0 -20
  138. data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref/smult_curve25519_ref.c +0 -268
  139. data/vendor/libsodium/src/libsodium/include/sodium/crypto_onetimeauth_poly1305_donna.h +0 -37
  140. data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash_scryptxsalsa208sha256.h +0 -48
  141. data/vendor/libsodium/test/default/scalarmult7.c +0 -32
  142. data/vendor/libsodium/test/default/scalarmult7.exp +0 -1
  143. data/vendor/libsodium/test/default/scalarmult8.c +0 -32
  144. data/vendor/libsodium/test/default/scalarmult8.exp +0 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 18aa33c3ae3d51540860a1757743a1a71e5cca09
4
- data.tar.gz: 2e4d0444cc19ed521f6bb2fa6cb7a66b79ff171f
3
+ metadata.gz: 5cb069040837f0e3b04341b168a355dd6e969bae
4
+ data.tar.gz: 31e229a06aacbda9d0a507a1ea92bd58371239e2
5
5
  SHA512:
6
- metadata.gz: 5bb91bbbc4bc6b5502043cc8bda55eae9b84b1d3e9b50139e174600acd21d11eae903bdbf2b6ad1c8630506f22ad149b13632189249f4b0b932edc85e4617bdf
7
- data.tar.gz: 905786cd8b537a445fbcd5a60789faa092f8ac0d9afd7d13070ee8b4fae90e642f0c4ca3ce0332b586a7149662f3b6626f3b25d21ab9f4f6455498c0eb32ab7e
6
+ metadata.gz: ff6905fa1b20ed8541561347d2fd1cc7a8969e08c121dfc0d63bc3f3bee84413c423dd1a0e4fdf4ebc9dfd6c207bddf02684ba69a1a595e2a7fe278c96e53724
7
+ data.tar.gz: 89d77a27b2a5c140867221ec4836f77c96d52bf01ddce6095e2e22cd16f4fa79dc31342d0f28fdae62e57521aaae2a70b3a51bffe689e2bffb3fa919d3869469
data/CHANGES.md CHANGED
@@ -1,3 +1,7 @@
1
+ 0.6.0 (2014-07-03)
2
+ ------------------
3
+ * Update to libsodium 0.6.0
4
+
1
5
  0.5.0.1 (2014-06-14)
2
6
  --------------------
3
7
  * Run autogen.sh in advance so systems without autotools still work
@@ -1,5 +1,5 @@
1
1
  module RbNaCl
2
2
  module Libsodium
3
- VERSION = "0.5.0.1"
3
+ VERSION = "0.6.0"
4
4
  end
5
5
  end
@@ -1,106 +1,87 @@
1
+
1
2
  Designers
2
3
  =========
3
4
 
4
- crypto_sign/ed25519
5
- -------------------
6
- Daniel J. Bernstein
7
- Niels Duif
8
- Tanja Lange
9
- Peter Schwabe
10
- Bo-Yin Yang
5
+ blake2 Jean-Philippe Aumasson
6
+ Christian Winnerlein
7
+ Samuel Neves
8
+ Zooko Wilcox-O'Hearn
9
+
10
+ chacha20 Daniel J. Bernstein
11
+ salsa20
12
+
13
+ chacha20poly1305 Adam Langley
14
+
15
+ curve25519 Daniel J. Bernstein
16
+
17
+ curve25519xsalsa20poly1305 Daniel J. Bernstein
18
+
19
+ ed25519 Daniel J. Bernstein
20
+ Bo-Yin Yang
21
+ Niels Duif
22
+ Peter Schwabe
23
+ Tanja Lange
24
+
25
+ poly1305 Daniel J. Bernstein
26
+
27
+ siphash Jean-Philippe Aumasson
28
+ Daniel J. Bernstein
29
+
30
+ scrypt Colin Percival
11
31
 
12
32
  Implementors
13
33
  ============
14
34
 
15
- crypto_core/hsalsa20
16
- --------------------
17
- Daniel J. Bernstein
35
+ crypto_aead/chacha20poly1305 Frank Denis
18
36
 
19
- crypto_core/salsa20
20
- --------------------
21
- Daniel J. Bernstein
37
+ crypto_box/curve25519xsalsa20poly1305 Daniel J. Bernstein
22
38
 
39
+ crypto_core/hsalsa20 Daniel J. Bernstein
40
+ crypto_core/salsa20
23
41
  crypto_core/salsa2012
24
- -------------------
25
- Daniel J. Bernstein
26
-
27
42
  crypto_core/salsa208
28
- ---------------------
29
- Daniel J. Bernstein
30
-
31
- crypto_hash/sha256
32
- ------------------
33
- Colin Percival
34
43
 
44
+ crypto_hash/sha256 Colin Percival
35
45
  crypto_hash/sha512
36
- ------------------
37
- Colin Percival
38
-
39
- crypto_auth/hmacsha256
40
- ------------------
41
- Colin Percival
46
+ crypto_hash/sha512256
42
47
 
48
+ crypto_auth/hmacsha256 Colin Percival
43
49
  crypto_auth/hmacsha512
44
- ------------------
45
- Colin Percival
50
+ crypto_auth/hmacsha512256
46
51
 
47
- crypto_scalarmult/curve25519/ref
48
- --------------------------------
49
- Matthew Dempsky (Mochi Media)
52
+ crypto_scalarmult/curve25519/ref10 Daniel J. Bernstein
50
53
 
51
- crypto_scalarmult/curve25519/donna_c64
52
- --------------------------------------
53
- Adam Langley (Google)
54
+ crypto_scalarmult/curve25519/donna_c64 Adam Langley
54
55
 
55
- crypto_sign/ed25519
56
- -------------------
57
- Daniel J. Bernstein
58
- Niels Duif
59
- Tanja Lange
60
- lead: Peter Schwabe
61
- Bo-Yin Yang
56
+ crypto_secretbox/xsalsa20poly1305 Daniel J. Bernstein
62
57
 
63
- crypto_stream/aes128ctr
64
- -----------------------
65
- Daniel J. Bernstein
58
+ crypto_sign/ed25519 Peter Schwabe
59
+ Daniel J. Bernstein
60
+ Niels Duif
61
+ Tanja Lange
62
+ Bo-Yin Yang
66
63
 
67
- crypto_stream/aes256estream
68
- ---------------------------
69
- Hongjun Wu
64
+ crypto_stream/aes128ctr Peter Schwabe
70
65
 
71
- crypto_stream/salsa20
72
- ---------------------
73
- Daniel J. Bernstein
66
+ crypto_stream/aes256estream Hongjun Wu
67
+ Frank Denis
74
68
 
75
- crypto_stream/salsa2012
76
- -----------------------
77
- Daniel J. Bernstein
69
+ crypto_stream/chacha20 Daniel J. Bernstein
78
70
 
71
+ crypto_stream/salsa20 Daniel J. Bernstein
72
+ crypto_stream/salsa2012
79
73
  crypto_stream/salsa208
80
- ----------------------
81
- Daniel J. Bernstein
82
-
83
74
  crypto_stream/xsalsa20
84
- ----------------------
85
- Daniel J. Bernstein
86
-
87
- crypto_shorthash/siphash24
88
- --------------------------
89
- Jean-Philippe Aumasson
90
- Daniel J. Bernstein
91
-
92
- crypto_generichash/blake2b
93
- --------------------------
94
- Jean-Philippe Aumasson
95
- Samuel Neves
96
- Zooko Wilcox-O'Hearn
97
- Christian Winnerlein
98
-
99
- crypto_onetimeauth/poly1305/donna
100
- ---------------------------------
101
- Andrew "floodyberry" Moon.
102
-
103
- crypto_pwhash/scryptxsalsa208sha256
104
- --------------------------------
105
- Colin Percival
106
- Alexander Peslyak
75
+
76
+ crypto_shorthash/siphash24 Jean-Philippe Aumasson
77
+ Daniel J. Bernstein
78
+
79
+ crypto_generichash/blake2b Jean-Philippe Aumasson
80
+ Christian Winnerlein
81
+ Samuel Neves
82
+ Zooko Wilcox-O'Hearn
83
+
84
+ crypto_onetimeauth/poly1305/donna Andrew "floodyberry" Moon.
85
+
86
+ crypto_pwhash/scryptsalsa208sha256 Colin Percival
87
+ Alexander Peslyak
@@ -1,4 +1,34 @@
1
1
 
2
+ * Version 0.6.0
3
+ - The ChaCha20 stream cipher has been added, as crypto_stream_chacha20_*
4
+ - The ChaCha20Poly1305 AEAD construction has been implemented, as
5
+ crypto_aead_chacha20poly1305_*
6
+ - The _easy API does not require any heap allocations any more and
7
+ does not have any overhead over the NaCl API. With the password
8
+ hashing function being an obvious exception, the library doesn't
9
+ allocate and will not allocate heap memory ever.
10
+ - crypto_box and crypto_secretbox have a new _detached API to store
11
+ the authentication tag and the encrypted message separately.
12
+ - crypto_pwhash_scryptxsalsa208sha256*() functions have been renamed
13
+ crypto_pwhash_scryptsalsa208sha256*().
14
+ - The low-level crypto_pwhash_scryptsalsa208sha256_ll() function
15
+ allows setting individual parameters of the scrypt function.
16
+ - New macros and functions for recommended crypto_pwhash_* parameters
17
+ have been added.
18
+ - Similarly to crypto_sign_seed_keypair(), crypto_box_seed_keypair()
19
+ has been introduced to deterministically generate a key pair from a seed.
20
+ - crypto_onetimeauth() now provides a streaming interface.
21
+ - crypto_stream_chacha20_xor_ic() and crypto_stream_salsa20_xor_ic()
22
+ have been added to use a non-zero initial block counter.
23
+ - On Windows, CryptGenRandom() was replaced by RtlGenRandom(), which
24
+ doesn't require the Crypt API.
25
+ - The high bit in curve25519 is masked instead of processing the key as
26
+ a 256-bit value.
27
+ - The curve25519 ref implementation was replaced by the latest ref10
28
+ implementation from Supercop.
29
+ - sodium_mlock() now prevents memory from being included in coredumps
30
+ on Linux 3.4+
31
+
2
32
  * Version 0.5.0
3
33
  - sodium_mlock()/sodium_munlock() have been introduced to lock pages
4
34
  in memory before storing sensitive data, and to zero them before
@@ -6,7 +36,7 @@ unlocking them.
6
36
  - High-level wrappers for crypto_box and crypto_secretbox
7
37
  (crypto_box_easy and crypto_secretbox_easy) can be used to avoid
8
38
  dealing with the specific memory layout regular functions depend on.
9
- - crypto_pwhash_scryptxsalsa208sha256* functions have been added
39
+ - crypto_pwhash_scryptsalsa208sha256* functions have been added
10
40
  to derive a key from a password, and for password storage.
11
41
  - Salsa20 and ed25519 implementations now support overlapping
12
42
  inputs/keys/outputs (changes imported from supercop-20140505).
@@ -1,385 +1,36 @@
1
1
  [![Build Status](https://travis-ci.org/jedisct1/libsodium.png?branch=master)](https://travis-ci.org/jedisct1/libsodium?branch=master)
2
+ [![Coverity Scan Build Status](https://scan.coverity.com/projects/2397/badge.svg)](https://scan.coverity.com/projects/2397)
2
3
 
3
4
  ![libsodium](https://raw.github.com/jedisct1/libsodium/master/logo.png)
4
5
  ============
5
6
 
6
- [NaCl](http://nacl.cr.yp.to/) (pronounced "salt") is a new easy-to-use
7
- high-speed software library for network communication, encryption,
8
- decryption, signatures, etc.
7
+ Sodium is a new, easy-to-use software library for encryption,
8
+ decryption, signatures, password hashing and more.
9
9
 
10
- NaCl's goal is to provide all of the core operations needed to build
11
- higher-level cryptographic tools.
12
-
13
- Sodium is a portable, cross-compilable, installable, packageable
14
- fork of NaCl (based on the latest released upstream version [nacl-20110221](http://hyperelliptic.org/nacl/nacl-20110221.tar.bz2)), with a compatible API.
15
-
16
- The design choices, particularly in regard to the Curve25519
17
- Diffie-Hellman function, emphasize security (whereas NIST curves
18
- emphasize "performance" at the cost of security), and "magic
19
- constants" in NaCl/Sodium have clear rationales.
20
-
21
- The same cannot be said of NIST curves, where the specific origins of
22
- certain constants are not described by the standards.
23
-
24
- And despite the emphasis on higher security, primitives are faster
25
- across-the-board than most implementations of the NIST standards.
26
-
27
- ## Portability
10
+ It is a portable, cross-compilable, installable, packageable
11
+ fork of [NaCl](http://nacl.cr.yp.to/), with a compatible API, and an
12
+ extended API to improve usability even further.
28
13
 
29
- In order to pick the fastest working implementation of each primitive,
30
- NaCl performs tests and benchmarks at compile-time. Unfortunately, the
31
- resulting library is not guaranteed to work on different hardware.
32
-
33
- Sodium performs tests at run-time, so that the same binary package can
34
- still run everywhere.
14
+ Its goal is to provide all of the core operations needed to build
15
+ higher-level cryptographic tools.
35
16
 
36
- Sodium is tested on a variety of compilers and operating systems,
17
+ Sodium supports a variety of compilers and operating systems,
37
18
  including Windows (with MingW or Visual Studio, x86 and x64), iOS and Android.
38
19
 
39
- ## Installation
40
-
41
- Sodium is a shared library with a machine-independent set of
42
- headers, so that it can easily be used by 3rd party projects.
43
-
44
- The library is built using autotools, making it easy to package.
45
-
46
- Installation is trivial, and both compilation and testing can take
47
- advantage of multiple CPU cores.
48
-
49
- Download a
50
- [tarball of libsodium](https://download.libsodium.org/libsodium/releases/),
51
- then follow the ritual:
52
-
53
- ./configure
54
- make && make check && make install
55
-
56
- Pre-compiled Win32 packages are available for download at the same
57
- location.
58
-
59
- Integrity of source tarballs can currently be checked using PGP or
60
- verified DNS queries (`dig +dnssec +short txt <file>.download.libsodium.org`
61
- returns the SHA256 of any file available for download).
62
-
63
- ## Pre-built binaries
64
-
65
- Pre-built libraries for Visual studio 2010, 2012 and 2013, both for
66
- x86 and x64, are available for download at
67
- https://download.libsodium.org/libsodium/releases/ , courtesy of
68
- Samuel Neves (@sneves).
69
-
70
- ## Bindings for other languages
71
-
72
- * C++: [sodiumpp](https://github.com/rubendv/sodiumpp)
73
- * Erlang: [Erlang-NaCl](https://github.com/tonyg/erlang-nacl)
74
- * Erlang: [Salt](https://github.com/freza/salt)
75
- * Haskell: [Saltine](https://github.com/tel/saltine)
76
- * Idris: [Idris-Sodium](https://github.com/edwinb/sodium-idris)
77
- * Java: [Kalium](https://github.com/abstractj/kalium)
78
- * Java JNI: [Kalium-JNI](https://github.com/joshjdevl/kalium-jni)
79
- * Julia: [Sodium.jl](https://github.com/amitmurthy/Sodium.jl)
80
- * LUA: [lua-sodium](https://github.com/morfoh/lua-sodium)
81
- * .NET: [libsodium-net](https://github.com/adamcaudill/libsodium-net)
82
- * NodeJS: [node-sodium](https://github.com/paixaop/node-sodium)
83
- * Objective C: [NAChloride](https://github.com/gabriel/NAChloride)
84
- * OCaml: [ocaml-sodium](https://github.com/dsheets/ocaml-sodium)
85
- * Perl: [Crypto-Sodium](https://github.com/mgregoro/Crypt-Sodium)
86
- * Pharo/Squeak: [Crypto-NaCl](http://www.eighty-twenty.org/index.cgi/tech/smalltalk/nacl-for-squeak-and-pharo-20130601.html)
87
- * PHP: [PHP-Sodium](https://github.com/alethia7/php-sodium)
88
- * PHP: [libsodium-php](https://github.com/jedisct1/libsodium-php)
89
- * Python: [PyNaCl](https://github.com/dstufft/pynacl)
90
- * Python: [PySodium](https://github.com/stef/pysodium)
91
- * Racket: part of [CRESTaceans](https://github.com/mgorlick/CRESTaceans/tree/master/bindings/libsodium)
92
- * Ruby: [RbNaCl](https://github.com/cryptosphere/rbnacl)
93
- * Ruby: [Sodium](https://github.com/stouset/sodium)
94
- * Rust: [Sodium Oxide](https://github.com/dnaq/sodiumoxide)
95
-
96
- ## Comparison with vanilla NaCl
97
-
98
- Sodium does not ship C++ bindings. These might be part of a distinct
99
- package.
100
-
101
- The default public-key signature system in NaCl was a prototype that
102
- shouldn't be used any more.
103
-
104
- Sodium ships with the SUPERCOP reference implementation of
105
- [Ed25519](http://ed25519.cr.yp.to/), and uses this system by default
106
- for `crypto_sign*` operations.
107
-
108
- For backward compatibility, the previous system is still compiled in,
109
- as `crypto_sign_edwards25519sha512batch*`.
110
-
111
- ## Additional features
112
-
113
- The Sodium library provides some convenience functions in order to retrieve
114
- the current version of the package and of the shared library:
115
-
116
- const char *sodium_version_string(void);
117
- const int sodium_library_version_major(void);
118
- const int sodium_library_version_minor(void);
119
-
120
- Headers are installed in `${prefix}/include/sodium`.
121
-
122
- A convenience header includes everything you need to use the library:
123
-
124
- #include <sodium.h>
125
-
126
- This is not required, however, before any other libsodium functions, it
127
- is recommended to call:
128
-
129
- sodium_init();
130
-
131
- This will pick optimized implementations of some primitives, if they
132
- appear to work as expected after running some tests, and these will be
133
- used for subsequent operations.
134
- It will also initialize the pseudorandom number generator.
135
- This function should only be called once, and before performing any other
136
- operations.
137
- Doing so is required to ensure thread safety of all the functions provided by
138
- the library.
139
-
140
- Sodium also provides helper functions to generate random numbers,
141
- leveraging `/dev/urandom` or `/dev/random` on *nix and the cryptographic
142
- service provider on Windows. The interface is similar to
143
- `arc4random(3)`. It is `fork(2)`-safe but not thread-safe. This holds
144
- true for `crypto_sign_keypair()` and `crypto_box_keypair()` as well.
145
-
146
- uint32_t randombytes_random(void);
147
-
148
- Return a random 32-bit unsigned value.
149
-
150
- void randombytes_stir(void);
151
-
152
- Generate a new key for the pseudorandom number generator. The file
153
- descriptor for the entropy source is kept open, so that the generator
154
- can be reseeded even in a chroot() jail.
155
-
156
- uint32_t randombytes_uniform(const uint32_t upper_bound);
157
-
158
- Return a value between 0 and upper_bound using a uniform distribution.
159
-
160
- void randombytes_buf(void * const buf, const size_t size);
161
-
162
- Fill the buffer `buf` with `size` random bytes.
163
-
164
- int randombytes_close(void);
165
-
166
- Close the file descriptor or the handle for the cryptographic service
167
- provider.
168
-
169
- A custom implementation of these functions can be registered with
170
- `randombytes_set_implementation()`.
171
-
172
- In addition, Sodium provides a function to securely wipe a memory
173
- region:
174
-
175
- void sodium_memzero(void * const pnt, const size_t size);
176
-
177
- Warning: if a region has been allocated on the heap, you still have
178
- to make sure that it can't get swapped to disk, possibly using
179
- `mlock(2)`.
20
+ ## Documentation
180
21
 
181
- In order to compare memory zones in constant time, Sodium provides:
22
+ The documentation is a work-in-progress, and is being written using
23
+ Gitbook:
182
24
 
183
- int sodium_memcmp(const void * const b1_, const void * const b2_,
184
- size_t size);
25
+ [libsodium documentation](http://doc.libsodium.org)
185
26
 
186
- `sodium_memcmp()` returns `0` if `size` bytes at `b1_` and `b2_` are
187
- equal, another value if they are not. Unlike `memcmp()`,
188
- `sodium_memcmp()` cannot be used to put `b1_` and `b2_` into a defined
189
- order.
190
-
191
- And a convenience function for converting a binary buffer to a
192
- hexadecimal string:
193
-
194
- char * sodium_bin2hex(char * const hex, const size_t hexlen,
195
- const unsigned char *bin, const size_t binlen);
196
-
197
- Sensitive data should not be swapped out to disk, especially if swap
198
- partitions are not encrypted. Libsodium provides the `sodium_mlock()`
199
- function to lock pages in memory before writing sensitive content to
200
- them:
201
-
202
- int sodium_mlock(void *addr, size_t len);
203
-
204
- Once done with these pages, they can be unlocked with
205
- `sodium_munlock()`. This function will zero the data before unlocking
206
- the pages.
207
-
208
- int sodium_munlock(void * addr, size_t len);
209
-
210
- ## Easy interfaces to `crypto_box` and `crypto_secretbox`
211
-
212
- `crypto_box` and `crypto_secretbox` require prepending
213
- `crypto_box_ZEROBYTES` or `crypto_secretbox_ZEROBYTE` extra bytes to the
214
- message, and making sure that these are all zeros.
215
- A similar padding is required to decrypt the ciphertext. And this
216
- padding is actually larger than the MAC size,
217
- `crypto_box_MACBYTES`/`crypto_secretbox_MACBYTES`.
218
-
219
- This API, as defined by NaCl, can be confusing. And while using a
220
- larger buffer and two pointers is not an issue for native C
221
- applications, this might not be an option when another runtime is
222
- controlling the allocations.
223
-
224
- Libsodium provides an easy, higher-level interface to these operations.
225
-
226
- int crypto_box_easy(unsigned char *c, const unsigned char *m,
227
- unsigned long long mlen, const unsigned char *n,
228
- const unsigned char *pk, const unsigned char *sk);
229
-
230
- This function encrypts and authenticates a message `m` using the
231
- sender's secret key `sk`, the receiver's public key `pk` and a nonce
232
- `n`, which should be `crypto_box_NONCEBYTES` bytes long.
233
- The ciphertext, including the MAC, will be copied to `c`, whose length
234
- should be `len(m) + crypto_box_MACBYTES`, and that doesn't require to be
235
- initialized.
236
-
237
- int crypto_box_open_easy(unsigned char *m, const unsigned char *c,
238
- unsigned long long clen, const unsigned char *n,
239
- const unsigned char *pk, const unsigned char *sk);
240
-
241
- This function verifies and decrypts a ciphertext `c` as returned by
242
- `crypto_box_easy()`, whose length is `clen`, using the nonce `n`, the
243
- receiver's secret key `sk`, and the sender's public key `pk`. The
244
- message is stored to `m`, whose length should be at least `len(c) -
245
- crypto_box_MACBYTES` and that doesn't require to be initialized.
246
-
247
- Similarily, secret-key authenticated encryption provide "easy" wrappers:
248
-
249
- int crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
250
- unsigned long long mlen, const unsigned char *n,
251
- const unsigned char *k);
252
-
253
- int crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c,
254
- unsigned long long clen,
255
- const unsigned char *n,
256
- const unsigned char *k);
257
-
258
- The length of the ciphertext, which will include the MAC, is
259
- `len(m) + crypto_secretbox_MACBYTES`, and the length of the buffer for
260
- the decrypted message doesn't have to be more than `len(c) -
261
- crypto_secretbox_MACBYTES`.
262
-
263
- The "easy" interface currently requires allocations and copying, which
264
- makes it slower than using the traditional NaCl interface. This
265
- shouldn't make any sensible difference in most use cases, and future
266
- versions of the library may not require extra copy operations any
267
- more. Unless speed is absolutely critical, you are welcome to use the
268
- "easy" interface, especially if you are new to NaCl/Sodium.
269
-
270
- ## New operations
271
-
272
- ### crypto_shorthash
273
-
274
- A lot of applications and programming language implementations have
275
- been recently found to be vulnerable to denial-of-service attacks when
276
- a hash function with weak security guarantees, like Murmurhash 3, was
277
- used to construct a hash table.
278
-
279
- In order to address this, Sodium provides the “shorthash” function,
280
- currently implemented using SipHash-2-4. This very fast hash function
281
- outputs short, but unpredictable (without knowing the secret key)
282
- values suitable for picking a list in a hash table for a given key.
283
-
284
- See `crypto_shorthash.h` for details.
285
-
286
- ### crypto_generichash
287
-
288
- This hash function provides:
289
-
290
- * A variable output length (up to `crypto_generichash_BYTES_MAX` bytes)
291
- * A variable key length (from no key at all to
292
- `crypto_generichash_KEYBYTES_MAX` bytes)
293
- * A simple interface as well as a streaming interface.
294
-
295
- `crypto_generichash` is currently being implemented using
296
- [Blake2](https://blake2.net/).
297
-
298
- ### crypto_pwhash (scrypt)
299
-
300
- High-level functions for password hashing are not defined yet: they will
301
- eventually be wrappers for the winning function of the ongoing
302
- [Password Hashing Competition](https://password-hashing.net/).
303
-
304
- Meanwhile, the [scrypt](http://www.tarsnap.com/scrypt.html) function is
305
- available through explicitly-named functions, and will remain available
306
- in the library even after the PHC.
307
-
308
- int crypto_pwhash_scryptxsalsa208sha256(unsigned char *out,
309
- unsigned long long outlen,
310
- const char *passwd,
311
- unsigned long long passwdlen,
312
- const unsigned char *salt,
313
- unsigned long long opslimit,
314
- size_t memlimit);
315
-
316
- This function derives `outlen` bytes from a password `passwd` and a
317
- salt `salt` that has to be `crypto_pwhash_scryptxsalsa208sha256_SALTBYTES`
318
- bytes long.
319
-
320
- The function will use at most `memlimit` bytes of memory and `opslimit`
321
- is the maximum number of iterations to perform. Making the function
322
- memory-hard and CPU intensive by increasing these parameters might increase
323
- security.
324
-
325
- Although password storage was not the primary goal of the scrypt
326
- function, it can still be used for this purpose:
327
-
328
- int crypto_pwhash_scryptxsalsa208sha256_str
329
- (char out[crypto_pwhash_scryptxsalsa208sha256_STRBYTES],
330
- const char *passwd,
331
- unsigned long long passwdlen,
332
- unsigned long long opslimit,
333
- size_t memlimit);
334
-
335
- This function returns a `crypto_pwhash_scryptxsalsa208sha256_STRBYTES`
336
- bytes C string (the length includes the final `\0`) suitable for storage.
337
- The string is guaranteed to only include ASCII characters.
338
-
339
- The function will use at most `memlimit` bytes of memory and `opslimit`
340
- is the maximum number of iterations to perform. These parameters are
341
- included in the output string, and do not need to be stored separately.
342
-
343
- The function automatically generates a random salt, which is also
344
- included in the output string.
345
-
346
- int crypto_pwhash_scryptxsalsa208sha256_str_verify
347
- (const char str[crypto_pwhash_scryptxsalsa208sha256_STRBYTES],
348
- const char *passwd,
349
- unsigned long long passwdlen);
350
-
351
- This function verifies that hashing the plaintext password `passwd`
352
- results in the stored hash value included in `str` when using the same
353
- parameters.
354
-
355
- `0` is returned if the passwords are matching, `-1` is they are not.
356
- The plaintext password should be locked in memory using
357
- `sodium_mlock()` and immediately zeroed out and unlocked after this
358
- function returns, using `sodium_munlock()`.
359
-
360
- ## Constants available as functions
361
-
362
- In addition to constants for key sizes, output sizes and block sizes,
363
- Sodium provides these values through function calls, so that using
364
- them from different languages is easier.
365
-
366
- ## CurveCP
367
-
368
- CurveCP tools are part of a different project,
369
- [libchloride](https://github.com/jedisct1/libchloride).
370
- If you are interested in an embeddable CurveCP implementation, take a
371
- look at [libcurvecpr](https://github.com/impl/libcurvecpr).
372
-
373
- ## Mailing list
27
+ ## Community
374
28
 
375
29
  A mailing-list is available to discuss libsodium.
376
30
 
377
31
  In order to join, just send a random mail to `sodium-subscribe` {at}
378
- `pureftpd`{dot}`org`.
32
+ `pureftpd` {dot} `org`.
379
33
 
380
34
  ## License
381
35
 
382
36
  [ISC license](http://en.wikipedia.org/wiki/ISC_license).
383
-
384
- See the `COPYING` file for details, `AUTHORS` for designers and
385
- implementors, and `THANKS` for contributors.