RubyGems - rbnacl-libsodium - Versions diffs - 0.5.0.1 → 0.6.0 - Mend

rbnacl-libsodium 0.5.0.1 → 0.6.0

Files changed (144) hide show

data/vendor/libsodium/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c ADDED

@@ -0,0 +1,146 @@
+#include <limits.h>
+#include <string.h>
+#include "crypto_aead_chacha20poly1305.h"
+#include "crypto_onetimeauth_poly1305.h"
+#include "crypto_stream_chacha20.h"
+#include "crypto_verify_16.h"
+#include "utils.h"
+static inline void
+_u64_le_from_ull(unsigned char out[8U], unsigned long long x)
+{
+    out[0] = (unsigned char) (x & 0xff); x >>= 8;
+    out[1] = (unsigned char) (x & 0xff); x >>= 8;
+    out[2] = (unsigned char) (x & 0xff); x >>= 8;
+    out[3] = (unsigned char) (x & 0xff); x >>= 8;
+    out[4] = (unsigned char) (x & 0xff); x >>= 8;
+    out[5] = (unsigned char) (x & 0xff); x >>= 8;
+    out[6] = (unsigned char) (x & 0xff); x >>= 8;
+    out[7] = (unsigned char) (x & 0xff);
+}
+int
+crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
+                                     unsigned long long *clen,
+                                     const unsigned char *m,
+                                     unsigned long long mlen,
+                                     const unsigned char *ad,
+                                     unsigned long long adlen,
+                                     const unsigned char *nsec,
+                                     const unsigned char *npub,
+                                     const unsigned char *k)
+{
+    crypto_onetimeauth_poly1305_state state;
+    unsigned char                     block0[64U];
+    unsigned char                     slen[8U];
+    (void) nsec;
+#ifdef ULONG_LONG_MAX
+    if (mlen > ULONG_LONG_MAX - crypto_aead_chacha20poly1305_ABYTES) {
+        if (clen != NULL) {
+            *clen = 0ULL;
+        }
+        return -1;
+    }
+#endif
+    crypto_stream_chacha20(block0, sizeof block0, npub, k);
+    crypto_onetimeauth_poly1305_init(&state, block0);
+    sodium_memzero(block0, sizeof block0);
+    crypto_onetimeauth_poly1305_update(&state, ad, adlen);
+    _u64_le_from_ull(slen, adlen);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+    crypto_stream_chacha20_xor_ic(c, m, mlen, npub, 1U, k);
+    crypto_onetimeauth_poly1305_update(&state, c, mlen);
+    _u64_le_from_ull(slen, mlen);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+    crypto_onetimeauth_poly1305_final(&state, c + mlen);
+    sodium_memzero(&state, sizeof state);
+    if (clen != NULL) {
+        *clen = mlen + crypto_aead_chacha20poly1305_ABYTES;
+    }
+    return 0;
+}
+int
+crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
+                                     unsigned long long *mlen,
+                                     unsigned char *nsec,
+                                     const unsigned char *c,
+                                     unsigned long long clen,
+                                     const unsigned char *ad,
+                                     unsigned long long adlen,
+                                     const unsigned char *npub,
+                                     const unsigned char *k)
+{
+    crypto_onetimeauth_poly1305_state state;
+    unsigned char                     block0[64U];
+    unsigned char                     slen[8U];
+    unsigned char                     mac[crypto_aead_chacha20poly1305_ABYTES];
+    int                               ret;
+    (void) nsec;
+    if (mlen != NULL) {
+        *mlen = 0ULL;
+    }
+    if (clen < crypto_aead_chacha20poly1305_ABYTES) {
+        return -1;
+    }
+    crypto_stream_chacha20(block0, sizeof block0, npub, k);
+    crypto_onetimeauth_poly1305_init(&state, block0);
+    sodium_memzero(block0, sizeof block0);
+    crypto_onetimeauth_poly1305_update(&state, ad, adlen);
+    _u64_le_from_ull(slen, adlen);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+    crypto_onetimeauth_poly1305_update
+        (&state, c, clen - crypto_aead_chacha20poly1305_ABYTES);
+    _u64_le_from_ull(slen, clen - crypto_aead_chacha20poly1305_ABYTES);
+    crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
+    crypto_onetimeauth_poly1305_final(&state, mac);
+    sodium_memzero(&state, sizeof state);
+    (void) sizeof(int[sizeof mac == 16U ? 1 : -1]);
+    ret = crypto_verify_16(mac,
+                           c + clen - crypto_aead_chacha20poly1305_ABYTES);
+    sodium_memzero(mac, sizeof mac);
+    if (ret != 0) {
+        memset(m, 0, clen - crypto_aead_chacha20poly1305_ABYTES);
+        return -1;
+    }
+    crypto_stream_chacha20_xor_ic
+        (m, c,  clen - crypto_aead_chacha20poly1305_ABYTES, npub, 1U, k);
+    if (mlen != NULL) {
+        *mlen = clen - crypto_aead_chacha20poly1305_ABYTES;
+    }
+    return 0;
+}
+size_t
+crypto_aead_chacha20poly1305_keybytes(void) {
+    return crypto_aead_chacha20poly1305_KEYBYTES;
+}
+size_t
+crypto_aead_chacha20poly1305_npubbytes(void) {
+    return crypto_aead_chacha20poly1305_NPUBBYTES;
+}
+size_t
+crypto_aead_chacha20poly1305_nsecbytes(void) {
+    return crypto_aead_chacha20poly1305_NSECBYTES;
+}
+size_t
+crypto_aead_chacha20poly1305_abytes(void) {
+    return crypto_aead_chacha20poly1305_ABYTES;
+}

data/vendor/libsodium/src/libsodium/crypto_box/crypto_box.c CHANGED

@@ -1,6 +1,12 @@
 #include "crypto_box.h"
+size_t
+crypto_box_seedbytes(void)
+{
+    return crypto_box_SEEDBYTES;
+}
 size_t
 crypto_box_publickeybytes(void)
 {
@@ -49,6 +55,13 @@ crypto_box_primitive(void)
     return crypto_box_PRIMITIVE;
 }
+int
+crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk,
+                        const unsigned char *seed)
+{
+    return crypto_box_curve25519xsalsa20poly1305_seed_keypair(pk, sk, seed);
+}
 int
 crypto_box_keypair(unsigned char *pk, unsigned char *sk)
 {

data/vendor/libsodium/src/libsodium/crypto_box/crypto_box_easy.c CHANGED

@@ -1,54 +1,49 @@
-#include <assert.h>
-#include <limits.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
 #include "crypto_box.h"
+#include "crypto_secretbox.h"
 #include "utils.h"
+int
+crypto_box_detached(unsigned char *c, unsigned char *mac,
+                    const unsigned char *m, unsigned long long mlen,
+                    const unsigned char *n, const unsigned char *pk,
+                    const unsigned char *sk)
+{
+    unsigned char k[crypto_box_BEFORENMBYTES];
+    int           ret;
+    (void) sizeof(int[crypto_box_BEFORENMBYTES >=
+                      crypto_secretbox_KEYBYTES ? 1 : -1]);
+    crypto_box_beforenm(k, pk, sk);
+    ret = crypto_secretbox_detached(c, mac, m, mlen, n, k);
+    sodium_memzero(k, sizeof k);
+    return ret;
+}
 int
 crypto_box_easy(unsigned char *c, const unsigned char *m,
                 unsigned long long mlen, const unsigned char *n,
                 const unsigned char *pk, const unsigned char *sk)
 {
-    unsigned char *c_boxed;
-    unsigned char *m_boxed;
-    size_t         c_boxed_len;
-    size_t         m_boxed_len;
-    int            rc;
+    return crypto_box_detached(c + crypto_box_MACBYTES, c, m, mlen, n,
+                               pk, sk);
+}
-    if (mlen > SIZE_MAX - crypto_box_ZEROBYTES) {
-        return -1;
-    }
-    (void) sizeof(char[crypto_box_ZEROBYTES >=
-                       crypto_box_BOXZEROBYTES ? 1 : -1]);
-    m_boxed_len = (size_t) mlen + crypto_box_ZEROBYTES;
-    if ((m_boxed = (unsigned char *) malloc((size_t) m_boxed_len)) == NULL) {
-        return -1;
-    }
-    c_boxed_len = (size_t) mlen + crypto_box_ZEROBYTES;
-    if ((c_boxed = (unsigned char *) malloc(c_boxed_len)) == NULL) {
-        free(m_boxed);
-        return -1;
-    }
-    memset(m_boxed, 0, crypto_box_ZEROBYTES);
-    sodium_mlock(m_boxed, m_boxed_len);
-    memcpy(m_boxed + crypto_box_ZEROBYTES, m, mlen);
-    rc = crypto_box(c_boxed, m_boxed, m_boxed_len, n, pk, sk);
-    sodium_munlock(m_boxed, m_boxed_len);
-    free(m_boxed);
-    if (rc != 0) {
-        free(c_boxed);
-        return -1;
-    }
-    assert(m_boxed_len - crypto_box_BOXZEROBYTES ==
-           mlen + crypto_box_MACBYTES);
-    memcpy(c, c_boxed + crypto_box_BOXZEROBYTES, mlen + crypto_box_MACBYTES);
-    free(c_boxed);
+int
+crypto_box_open_detached(unsigned char *m, const unsigned char *c,
+                         const unsigned char *mac,
+                              unsigned long long clen, const unsigned char *n,
+                              const unsigned char *pk, const unsigned char *sk)
+{
+    unsigned char k[crypto_box_BEFORENMBYTES];
+    int           ret;
-    return 0;
+    crypto_box_beforenm(k, pk, sk);
+    ret = crypto_secretbox_open_detached(m, c, mac, clen, n, k);
+    sodium_memzero(k, sizeof k);
+    return ret;
 }
 int
@@ -56,39 +51,10 @@ crypto_box_open_easy(unsigned char *m, const unsigned char *c,
                      unsigned long long clen, const unsigned char *n,
                      const unsigned char *pk, const unsigned char *sk)
 {
-    unsigned char *c_boxed;
-    unsigned char *m_boxed;
-    size_t         c_boxed_len;
-    size_t         m_boxed_len;
-    int            rc;
-    if (clen < crypto_box_MACBYTES ||
-        clen > SIZE_MAX - crypto_box_BOXZEROBYTES) {
+    if (clen < crypto_box_MACBYTES) {
         return -1;
     }
-    c_boxed_len = clen + crypto_box_BOXZEROBYTES;
-    if ((c_boxed = (unsigned char *) malloc(c_boxed_len)) == NULL) {
-        return -1;
-    }
-    memset(c_boxed, 0, crypto_box_BOXZEROBYTES);
-    memcpy(c_boxed + crypto_box_BOXZEROBYTES, c, clen);
-    m_boxed_len = c_boxed_len + crypto_box_MACBYTES;
-    if ((m_boxed = (unsigned char *) malloc(m_boxed_len)) == NULL) {
-        free(c_boxed);
-        return -1;
-    }
-    sodium_mlock(m_boxed, m_boxed_len);
-    rc = crypto_box_open(m_boxed, c_boxed,
-                         (unsigned long long) c_boxed_len, n, pk, sk);
-    free(c_boxed);
-    if (rc != 0) {
-        sodium_munlock(m_boxed, m_boxed_len);
-        free(m_boxed);
-        return -1;
-    }
-    memcpy(m, m_boxed + crypto_box_ZEROBYTES, clen - crypto_box_MACBYTES);
-    sodium_munlock(m_boxed, m_boxed_len);
-    free(m_boxed);
-    return 0;
+    return crypto_box_open_detached(m, c + crypto_box_MACBYTES, c,
+                                    clen - crypto_box_MACBYTES,
+                                    n, pk, sk);
 }

data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305_api.c CHANGED

@@ -1,5 +1,10 @@
 #include "crypto_box_curve25519xsalsa20poly1305.h"
+size_t
+crypto_box_curve25519xsalsa20poly1305_seedbytes(void) {
+    return crypto_box_curve25519xsalsa20poly1305_SEEDBYTES;
+}
 size_t
 crypto_box_curve25519xsalsa20poly1305_publickeybytes(void) {
     return crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES;

data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/api.h CHANGED

@@ -3,10 +3,12 @@
 #define crypto_box crypto_box_curve25519xsalsa20poly1305
 #define crypto_box_open crypto_box_curve25519xsalsa20poly1305_open
+#define crypto_box_seed_keypair crypto_box_curve25519xsalsa20poly1305_seed_keypair
 #define crypto_box_keypair crypto_box_curve25519xsalsa20poly1305_keypair
 #define crypto_box_beforenm crypto_box_curve25519xsalsa20poly1305_beforenm
 #define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm
 #define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm
+#define crypto_box_SEEDBYTES crypto_box_curve25519xsalsa20poly1305_SEEDBYTES
 #define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES
 #define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES
 #define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES

data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/keypair_curve25519xsalsa20poly1305.c CHANGED

@@ -1,7 +1,22 @@
+#include <string.h>
+#include "crypto_hash_sha512.h"
 #include "crypto_scalarmult_curve25519.h"
 #include "api.h"
 #include "randombytes.h"
+int crypto_box_seed_keypair(
+  unsigned char *pk,
+  unsigned char *sk,
+  const unsigned char *seed
+)
+{
+  unsigned char hash[64];
+  crypto_hash_sha512(hash,seed,32);
+  memmove(sk,hash,32);
+  return crypto_scalarmult_curve25519_base(pk,sk);
+}
 int crypto_box_keypair(
   unsigned char *pk,
   unsigned char *sk

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c CHANGED

@@ -48,13 +48,13 @@ static inline int blake2b_set_lastnode( blake2b_state *S )
   S->f[1] = ~0ULL;
   return 0;
 }
+#if 0
 static inline int blake2b_clear_lastnode( blake2b_state *S )
 {
   S->f[1] = 0ULL;
   return 0;
 }
+#endif
 /* Some helper functions, not necessarily useful */
 static inline int blake2b_set_lastblock( blake2b_state *S )
 {
@@ -63,7 +63,7 @@ static inline int blake2b_set_lastblock( blake2b_state *S )
   S->f[0] = ~0ULL;
   return 0;
 }
+#if 0
 static inline int blake2b_clear_lastblock( blake2b_state *S )
 {
   if( S->last_node ) blake2b_clear_lastnode( S );
@@ -71,7 +71,7 @@ static inline int blake2b_clear_lastblock( blake2b_state *S )
   S->f[0] = 0ULL;
   return 0;
 }
+#endif
 static inline int blake2b_increment_counter( blake2b_state *S, const uint64_t inc )
 {
   S->t[0] += inc;
@@ -82,6 +82,7 @@ static inline int blake2b_increment_counter( blake2b_state *S, const uint64_t in
 // Parameter-related functions
+#if 0
 static inline int blake2b_param_set_digest_length( blake2b_param *P, const uint8_t digest_length )
 {
   P->digest_length = digest_length;
@@ -123,7 +124,7 @@ static inline int blake2b_param_set_inner_length( blake2b_param *P, const uint8_
   P->inner_length = inner_length;
   return 0;
 }
+#endif
 static inline int blake2b_param_set_salt( blake2b_param *P, const uint8_t salt[BLAKE2B_SALTBYTES] )
 {
   memcpy( P->salt, salt, BLAKE2B_SALTBYTES );

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2s-ref.c CHANGED

@@ -44,13 +44,13 @@ static inline int blake2s_set_lastnode( blake2s_state *S )
   S->f[1] = ~0U;
   return 0;
 }
+#if 0
 static inline int blake2s_clear_lastnode( blake2s_state *S )
 {
   S->f[1] = 0U;
   return 0;
 }
+#endif
 /* Some helper functions, not necessarily useful */
 static inline int blake2s_set_lastblock( blake2s_state *S )
 {
@@ -59,7 +59,7 @@ static inline int blake2s_set_lastblock( blake2s_state *S )
   S->f[0] = ~0U;
   return 0;
 }
+#if 0
 static inline int blake2s_clear_lastblock( blake2s_state *S )
 {
   if( S->last_node ) blake2s_clear_lastnode( S );
@@ -67,7 +67,7 @@ static inline int blake2s_clear_lastblock( blake2s_state *S )
   S->f[0] = 0U;
   return 0;
 }
+#endif
 static inline int blake2s_increment_counter( blake2s_state *S, const uint32_t inc )
 {
   S->t[0] += inc;
@@ -76,6 +76,7 @@ static inline int blake2s_increment_counter( blake2s_state *S, const uint32_t in
 }
 // Parameter-related functions
+#if 0
 static inline int blake2s_param_set_digest_length( blake2s_param *P, const uint8_t digest_length )
 {
   P->digest_length = digest_length;
@@ -117,7 +118,7 @@ static inline int blake2s_param_set_inner_length( blake2s_param *P, const uint8_
   P->inner_length = inner_length;
   return 0;
 }
+#endif
 static inline int blake2s_param_set_salt( blake2s_param *P, const uint8_t salt[BLAKE2S_SALTBYTES] )
 {
   memcpy( P->salt, salt, BLAKE2S_SALTBYTES );