rbnacl-libsodium 0.5.0.1 → 0.6.0

data/vendor/libsodium/src/libsodium/crypto_pwhash/{scryptxsalsa208sha256/pwhash_scryptxsalsa208sha256.c → scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c}

@@ -5,7 +5,7 @@
 #include <stdint.h>
 #include <string.h>
 
-#include "crypto_pwhash_scryptxsalsa208sha256.h"
+#include "crypto_pwhash_scryptsalsa208sha256.h"
 #include "crypto_scrypt.h"
 #include "randombytes.h"
 #include "utils.h"
@@ -50,19 +50,43 @@ pickparams(unsigned long long opslimit, const size_t memlimit,
 }
 
 size_t
-crypto_pwhash_scryptxsalsa208sha256_saltbytes(void)
+crypto_pwhash_scryptsalsa208sha256_saltbytes(void)
 {
-    return crypto_pwhash_scryptxsalsa208sha256_SALTBYTES;
+    return crypto_pwhash_scryptsalsa208sha256_SALTBYTES;
 }
 
 size_t
-crypto_pwhash_scryptxsalsa208sha256_strbytes(void)
+crypto_pwhash_scryptsalsa208sha256_strbytes(void)
 {
-    return crypto_pwhash_scryptxsalsa208sha256_STRBYTES;
+    return crypto_pwhash_scryptsalsa208sha256_STRBYTES;
+}
+
+size_t
+crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE;
+}
+
+size_t
+crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE;
+}
+
+size_t
+crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE;
+}
+
+size_t
+crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void)
+{
+    return crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE;
 }
 
 int
-crypto_pwhash_scryptxsalsa208sha256(unsigned char * const out,
+crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
                                     unsigned long long outlen,
                                     const char * const passwd,
                                     unsigned long long passwdlen,
@@ -83,28 +107,29 @@ crypto_pwhash_scryptxsalsa208sha256(unsigned char * const out,
         errno = EINVAL;
         return -1;
     }
-    return crypto_scrypt_compat((const uint8_t *) passwd, (size_t) passwdlen,
-                                (const uint8_t *) salt,
-                                crypto_pwhash_scryptxsalsa208sha256_SALTBYTES,
-                                (uint64_t) (1) << N_log2, r, p,
-                                out, (size_t) outlen);
+    return crypto_pwhash_scryptsalsa208sha256_ll((const uint8_t *) passwd,
+                                                 (size_t) passwdlen,
+                                                 (const uint8_t *) salt,
+                                                 crypto_pwhash_scryptsalsa208sha256_SALTBYTES,
+                                                 (uint64_t) (1) << N_log2, r, p,
+                                                 out, (size_t) outlen);
 }
 
 int
-crypto_pwhash_scryptxsalsa208sha256_str(char out[crypto_pwhash_scryptxsalsa208sha256_STRBYTES],
+crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
                                         const char * const passwd,
                                         unsigned long long passwdlen,
                                         unsigned long long opslimit,
                                         size_t memlimit)
 {
-    uint8_t         salt[crypto_pwhash_scryptxsalsa208sha256_STRSALTBYTES];
-    char            setting[crypto_pwhash_scryptxsalsa208sha256_STRSETTINGBYTES + 1U];
+    uint8_t         salt[crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES];
+    char            setting[crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES + 1U];
     escrypt_local_t escrypt_local;
     uint32_t        N_log2;
     uint32_t        p;
     uint32_t        r;
 
-    memset(out, 0, crypto_pwhash_scryptxsalsa208sha256_STRBYTES);
+    memset(out, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES);
     if (passwdlen > SIZE_MAX) {
         errno = EFBIG;
         return -1;
@@ -124,7 +149,7 @@ crypto_pwhash_scryptxsalsa208sha256_str(char out[crypto_pwhash_scryptxsalsa208sh
     }
     if (escrypt_r(&escrypt_local, (const uint8_t *) passwd, (size_t) passwdlen,
                   (const uint8_t *) setting, (uint8_t *) out,
-                  crypto_pwhash_scryptxsalsa208sha256_STRBYTES) == NULL) {
+                  crypto_pwhash_scryptsalsa208sha256_STRBYTES) == NULL) {
         escrypt_free_local(&escrypt_local);
         errno = EINVAL;
         return -1;
@@ -132,27 +157,27 @@ crypto_pwhash_scryptxsalsa208sha256_str(char out[crypto_pwhash_scryptxsalsa208sh
     escrypt_free_local(&escrypt_local);
 
     (void) sizeof
-        (int[SETTING_SIZE(crypto_pwhash_scryptxsalsa208sha256_STRSALTBYTES)
-            == crypto_pwhash_scryptxsalsa208sha256_STRSETTINGBYTES ? 1 : -1]);
+        (int[SETTING_SIZE(crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES)
+            == crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES ? 1 : -1]);
     (void) sizeof
-        (int[crypto_pwhash_scryptxsalsa208sha256_STRSETTINGBYTES + 1U +
-             crypto_pwhash_scryptxsalsa208sha256_STRHASHBYTES_ENCODED + 1U
-             == crypto_pwhash_scryptxsalsa208sha256_STRBYTES ? 1 : -1]);
+        (int[crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES + 1U +
+             crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED + 1U
+             == crypto_pwhash_scryptsalsa208sha256_STRBYTES ? 1 : -1]);
 
     return 0;
 }
 
 int
-crypto_pwhash_scryptxsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptxsalsa208sha256_STRBYTES],
+crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
                                                const char * const passwd,
                                                unsigned long long passwdlen)
 {
-    char            wanted[crypto_pwhash_scryptxsalsa208sha256_STRBYTES];
+    char            wanted[crypto_pwhash_scryptsalsa208sha256_STRBYTES];
     escrypt_local_t escrypt_local;
     int             ret = -1;
 
-    if (memchr(str, 0, crypto_pwhash_scryptxsalsa208sha256_STRBYTES) !=
-        &str[crypto_pwhash_scryptxsalsa208sha256_STRBYTES - 1U]) {
+    if (memchr(str, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES) !=
+        &str[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U]) {
         return -1;
     }
     if (escrypt_init_local(&escrypt_local) != 0) {

data/vendor/libsodium/src/libsodium/crypto_pwhash/{scryptxsalsa208sha256 → scryptsalsa208sha256}/scrypt_platform.c

@@ -27,6 +27,10 @@
 #include "crypto_scrypt.h"
 #include "runtime.h"
 
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+# define MAP_ANON MAP_ANONYMOUS
+#endif
+
 void *
 alloc_region(escrypt_region_t * region, size_t size)
 {

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/smult_curve25519_donna_c64.c

@@ -226,7 +226,7 @@ fexpand(limb *output, const u8 *in) {
   output[1] = (U8TO64(in+6) >> 3) & 0x7ffffffffffff;
   output[2] = (U8TO64(in+12) >> 6) & 0x7ffffffffffff;
   output[3] = (U8TO64(in+19) >> 1) & 0x7ffffffffffff;
-  output[4] = (U8TO64(in+25) >> 4) & 0xfffffffffffff;
+  output[4] = (U8TO64(in+25) >> 4) & 0x7ffffffffffff;
 }
 
 /* Take a fully reduced polynomial form number and contract it into a

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/{ref → ref10}/api.h

@@ -1,8 +1,5 @@
 
 #include "crypto_scalarmult_curve25519.h"
 
-#define crypto_scalarmult_curve25519_implementation_name \
-    crypto_scalarmult_curve25519_ref_implementation_name
-
 #define crypto_scalarmult crypto_scalarmult_curve25519
 #define crypto_scalarmult_base crypto_scalarmult_curve25519_base

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/base_curve25519_ref10.c

@@ -0,0 +1,14 @@
+
+#include "api.h"
+#include "crypto_scalarmult.h"
+
+#ifndef HAVE_TI_MODE
+
+static const unsigned char basepoint[32] = {9};
+
+int crypto_scalarmult_base(unsigned char *q,const unsigned char *n)
+{
+  return crypto_scalarmult(q,n,basepoint);
+}
+
+#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe.h

@@ -0,0 +1,44 @@
+#ifndef FE_H
+#define FE_H
+
+#include "crypto_int32.h"
+
+typedef crypto_int32 fe[10];
+
+/*
+fe means field element.
+Here the field is \Z/(2^255-19).
+An element t, entries t[0]...t[9], represents the integer
+t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9].
+Bounds on each t[i] vary depending on context.
+*/
+
+#define fe_frombytes crypto_scalarmult_curve25519_ref10_fe_frombytes
+#define fe_tobytes crypto_scalarmult_curve25519_ref10_fe_tobytes
+#define fe_copy crypto_scalarmult_curve25519_ref10_fe_copy
+#define fe_0 crypto_scalarmult_curve25519_ref10_fe_0
+#define fe_1 crypto_scalarmult_curve25519_ref10_fe_1
+#define fe_cswap crypto_scalarmult_curve25519_ref10_fe_cswap
+#define fe_add crypto_scalarmult_curve25519_ref10_fe_add
+#define fe_sub crypto_scalarmult_curve25519_ref10_fe_sub
+#define fe_mul crypto_scalarmult_curve25519_ref10_fe_mul
+#define fe_sq crypto_scalarmult_curve25519_ref10_fe_sq
+#define fe_mul121666 crypto_scalarmult_curve25519_ref10_fe_mul121666
+#define fe_invert crypto_scalarmult_curve25519_ref10_fe_invert
+
+extern void fe_frombytes(fe,const unsigned char *);
+extern void fe_tobytes(unsigned char *,fe);
+
+extern void fe_copy(fe,fe);
+extern void fe_0(fe);
+extern void fe_1(fe);
+extern void fe_cswap(fe,fe,unsigned int);
+
+extern void fe_add(fe,fe,fe);
+extern void fe_sub(fe,fe,fe);
+extern void fe_mul(fe,fe,fe);
+extern void fe_sq(fe,fe);
+extern void fe_mul121666(fe,fe);
+extern void fe_invert(fe,fe);
+
+#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_0_curve25519_ref10.c

@@ -0,0 +1,23 @@
+#include "fe.h"
+
+#ifndef HAVE_TI_MODE
+
+/*
+h = 0
+*/
+
+void fe_0(fe h)
+{
+  h[0] = 0;
+  h[1] = 0;
+  h[2] = 0;
+  h[3] = 0;
+  h[4] = 0;
+  h[5] = 0;
+  h[6] = 0;
+  h[7] = 0;
+  h[8] = 0;
+  h[9] = 0;
+}
+
+#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_1_curve25519_ref10.c

@@ -0,0 +1,23 @@
+#include "fe.h"
+
+#ifndef HAVE_TI_MODE
+
+/*
+h = 1
+*/
+
+void fe_1(fe h)
+{
+  h[0] = 1;
+  h[1] = 0;
+  h[2] = 0;
+  h[3] = 0;
+  h[4] = 0;
+  h[5] = 0;
+  h[6] = 0;
+  h[7] = 0;
+  h[8] = 0;
+  h[9] = 0;
+}
+
+#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_add_curve25519_ref10.c

@@ -0,0 +1,61 @@
+#include "fe.h"
+
+#ifndef HAVE_TI_MODE
+
+/*
+h = f + g
+Can overlap h with f or g.
+
+Preconditions:
+   |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+   |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+
+Postconditions:
+   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+*/
+
+void fe_add(fe h,fe f,fe g)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 h0 = f0 + g0;
+  crypto_int32 h1 = f1 + g1;
+  crypto_int32 h2 = f2 + g2;
+  crypto_int32 h3 = f3 + g3;
+  crypto_int32 h4 = f4 + g4;
+  crypto_int32 h5 = f5 + g5;
+  crypto_int32 h6 = f6 + g6;
+  crypto_int32 h7 = f7 + g7;
+  crypto_int32 h8 = f8 + g8;
+  crypto_int32 h9 = f9 + g9;
+  h[0] = h0;
+  h[1] = h1;
+  h[2] = h2;
+  h[3] = h3;
+  h[4] = h4;
+  h[5] = h5;
+  h[6] = h6;
+  h[7] = h7;
+  h[8] = h8;
+  h[9] = h9;
+}
+
+#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_copy_curve25519_ref10.c

@@ -0,0 +1,33 @@
+#include "fe.h"
+
+#ifndef HAVE_TI_MODE
+
+/*
+h = f
+*/
+
+void fe_copy(fe h,fe f)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  h[0] = f0;
+  h[1] = f1;
+  h[2] = f2;
+  h[3] = f3;
+  h[4] = f4;
+  h[5] = f5;
+  h[6] = f6;
+  h[7] = f7;
+  h[8] = f8;
+  h[9] = f9;
+}
+
+#endif

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_cswap_curve25519_ref10.c

@@ -0,0 +1,77 @@
+#include "fe.h"
+
+#ifndef HAVE_TI_MODE
+
+/*
+Replace (f,g) with (g,f) if b == 1;
+replace (f,g) with (f,g) if b == 0.
+
+Preconditions: b in {0,1}.
+*/
+
+void fe_cswap(fe f,fe g,unsigned int b)
+{
+  crypto_int32 f0 = f[0];
+  crypto_int32 f1 = f[1];
+  crypto_int32 f2 = f[2];
+  crypto_int32 f3 = f[3];
+  crypto_int32 f4 = f[4];
+  crypto_int32 f5 = f[5];
+  crypto_int32 f6 = f[6];
+  crypto_int32 f7 = f[7];
+  crypto_int32 f8 = f[8];
+  crypto_int32 f9 = f[9];
+  crypto_int32 g0 = g[0];
+  crypto_int32 g1 = g[1];
+  crypto_int32 g2 = g[2];
+  crypto_int32 g3 = g[3];
+  crypto_int32 g4 = g[4];
+  crypto_int32 g5 = g[5];
+  crypto_int32 g6 = g[6];
+  crypto_int32 g7 = g[7];
+  crypto_int32 g8 = g[8];
+  crypto_int32 g9 = g[9];
+  crypto_int32 x0 = f0 ^ g0;
+  crypto_int32 x1 = f1 ^ g1;
+  crypto_int32 x2 = f2 ^ g2;
+  crypto_int32 x3 = f3 ^ g3;
+  crypto_int32 x4 = f4 ^ g4;
+  crypto_int32 x5 = f5 ^ g5;
+  crypto_int32 x6 = f6 ^ g6;
+  crypto_int32 x7 = f7 ^ g7;
+  crypto_int32 x8 = f8 ^ g8;
+  crypto_int32 x9 = f9 ^ g9;
+  b = -b;
+  x0 &= b;
+  x1 &= b;
+  x2 &= b;
+  x3 &= b;
+  x4 &= b;
+  x5 &= b;
+  x6 &= b;
+  x7 &= b;
+  x8 &= b;
+  x9 &= b;
+  f[0] = f0 ^ x0;
+  f[1] = f1 ^ x1;
+  f[2] = f2 ^ x2;
+  f[3] = f3 ^ x3;
+  f[4] = f4 ^ x4;
+  f[5] = f5 ^ x5;
+  f[6] = f6 ^ x6;
+  f[7] = f7 ^ x7;
+  f[8] = f8 ^ x8;
+  f[9] = f9 ^ x9;
+  g[0] = g0 ^ x0;
+  g[1] = g1 ^ x1;
+  g[2] = g2 ^ x2;
+  g[3] = g3 ^ x3;
+  g[4] = g4 ^ x4;
+  g[5] = g5 ^ x5;
+  g[6] = g6 ^ x6;
+  g[7] = g7 ^ x7;
+  g[8] = g8 ^ x8;
+  g[9] = g9 ^ x9;
+}
+
+#endif