RubyGems - rbnacl-libsodium - Versions diffs - 0.5.0.1 → 0.6.0 - Mend

rbnacl-libsodium 0.5.0.1 → 0.6.0

Files changed (144) hide show

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/scalarmult_curve25519_ref10.c ADDED

@@ -0,0 +1,54 @@
+#include "api.h"
+#include "crypto_scalarmult.h"
+#include "fe.h"
+#ifndef HAVE_TI_MODE
+int crypto_scalarmult(unsigned char *q,
+  const unsigned char *n,
+  const unsigned char *p)
+{
+  unsigned char e[32];
+  unsigned int i;
+  fe x1;
+  fe x2;
+  fe z2;
+  fe x3;
+  fe z3;
+  fe tmp0;
+  fe tmp1;
+  int pos;
+  unsigned int swap;
+  unsigned int b;
+  for (i = 0;i < 32;++i) e[i] = n[i];
+  e[0] &= 248;
+  e[31] &= 127;
+  e[31] |= 64;
+  fe_frombytes(x1,p);
+  fe_1(x2);
+  fe_0(z2);
+  fe_copy(x3,x1);
+  fe_1(z3);
+  swap = 0;
+  for (pos = 254;pos >= 0;--pos) {
+    b = e[pos / 8] >> (pos & 7);
+    b &= 1;
+    swap ^= b;
+    fe_cswap(x2,x3,swap);
+    fe_cswap(z2,z3,swap);
+    swap = b;
+#include "montgomery.h"
+  }
+  fe_cswap(x2,x3,swap);
+  fe_cswap(z2,z3,swap);
+  fe_invert(z2,z2);
+  fe_mul(x2,x2,z2);
+  fe_tobytes(q,x2);
+  return 0;
+}
+#endif

data/vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c CHANGED

@@ -5,90 +5,121 @@
 #include <stdlib.h>
 #include <string.h>
+#include "crypto_core_hsalsa20.h"
+#include "crypto_onetimeauth_poly1305.h"
 #include "crypto_secretbox.h"
+#include "crypto_stream_salsa20.h"
 #include "utils.h"
+static const unsigned char sigma[16] = {
+    'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'
+};
 int
-crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
-                      unsigned long long mlen, const unsigned char *n,
-                      const unsigned char *k)
+crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
+                          const unsigned char *m,
+                          unsigned long long mlen, const unsigned char *n,
+                          const unsigned char *k)
 {
-    unsigned char *c_boxed;
-    unsigned char *m_boxed;
-    size_t         c_boxed_len;
-    size_t         m_boxed_len;
-    int            rc;
+    crypto_onetimeauth_poly1305_state state;
+    unsigned char                     block0[64U];
+    unsigned char                     subkey[crypto_stream_salsa20_KEYBYTES];
+    unsigned long long                i;
+    unsigned long long                mlen0;
-    if (mlen > SIZE_MAX - crypto_secretbox_ZEROBYTES) {
+    if (mlen > SIZE_MAX - crypto_secretbox_MACBYTES) {
         return -1;
     }
-    (void) sizeof(char[crypto_secretbox_ZEROBYTES >=
-                       crypto_secretbox_BOXZEROBYTES ? 1 : -1]);
-    m_boxed_len = (size_t) mlen + crypto_secretbox_ZEROBYTES;
-    if ((m_boxed = (unsigned char *) malloc((size_t) m_boxed_len)) == NULL) {
-        return -1;
+    crypto_core_hsalsa20(subkey, n, k, sigma);
+    memset(block0, 0U, crypto_secretbox_ZEROBYTES);
+    (void) sizeof(int[64U >= crypto_secretbox_ZEROBYTES ? 1 : -1]);
+    mlen0 = mlen;
+    if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) {
+        mlen0 = 64U - crypto_secretbox_ZEROBYTES;
     }
-    c_boxed_len = (size_t) mlen + crypto_secretbox_ZEROBYTES;
-    if ((c_boxed = (unsigned char *) malloc(c_boxed_len)) == NULL) {
-        free(m_boxed);
-        return -1;
+    for (i = 0U; i < mlen0; i++) {
+        block0[i + crypto_secretbox_ZEROBYTES] = m[i];
     }
-    memset(m_boxed, 0, crypto_secretbox_ZEROBYTES);
-    memcpy(m_boxed + crypto_secretbox_ZEROBYTES, m, mlen);
-    rc = crypto_secretbox(c_boxed, m_boxed, m_boxed_len, n, k);
-    sodium_memzero(m_boxed, m_boxed_len);
-    free(m_boxed);
-    if (rc != 0) {
-        free(c_boxed);
-        return -1;
+    crypto_stream_salsa20_xor(block0, block0,
+                              mlen0 + crypto_secretbox_ZEROBYTES,
+                              n + 16, subkey);
+    (void) sizeof(int[crypto_secretbox_ZEROBYTES >=
+                      crypto_onetimeauth_poly1305_KEYBYTES ? 1 : -1]);
+    crypto_onetimeauth_poly1305_init(&state, block0);
+    memcpy(c, block0 + crypto_secretbox_ZEROBYTES, mlen0);
+    sodium_memzero(block0, sizeof block0);
+    if (mlen > mlen0) {
+        crypto_stream_salsa20_xor_ic(c + mlen0, m + mlen0, mlen - mlen0,
+                                     n + 16, 1U, subkey);
     }
-    assert(m_boxed_len - crypto_secretbox_BOXZEROBYTES ==
-           mlen + crypto_secretbox_MACBYTES);
-    memcpy(c, c_boxed + crypto_secretbox_BOXZEROBYTES,
-           mlen + crypto_secretbox_MACBYTES);
-    free(c_boxed);
+    sodium_memzero(subkey, sizeof subkey);
+    crypto_onetimeauth_poly1305_update(&state, c, mlen);
+    crypto_onetimeauth_poly1305_final(&state, mac);
+    sodium_memzero(&state, sizeof state);
     return 0;
 }
 int
-crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c,
-                           unsigned long long clen, const unsigned char *n,
-                           const unsigned char *k)
+crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
+                      unsigned long long mlen, const unsigned char *n,
+                      const unsigned char *k)
 {
-    unsigned char *c_boxed;
-    unsigned char *m_boxed;
-    size_t         c_boxed_len;
-    size_t         m_boxed_len;
-    int            rc;
+    return crypto_secretbox_detached(c + crypto_secretbox_MACBYTES,
+                                     c, m, mlen, n, k);
+}
+int
+crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c,
+                               const unsigned char *mac,
+                               unsigned long long clen,
+                               const unsigned char *n,
+                               const unsigned char *k)
+{
+    unsigned char      block0[64U];
+    unsigned char      subkey[crypto_stream_salsa20_KEYBYTES];
+    unsigned long long i;
+    unsigned long long mlen0;
-    (void) sizeof(int[crypto_secretbox_BOXZEROBYTES + crypto_secretbox_MACBYTES
-                      == crypto_secretbox_ZEROBYTES]);
-    if (clen < crypto_secretbox_MACBYTES ||
-        clen > SIZE_MAX - crypto_secretbox_BOXZEROBYTES) {
+    crypto_core_hsalsa20(subkey, n, k, sigma);
+    crypto_stream_salsa20(block0, crypto_stream_salsa20_KEYBYTES,
+                          n + 16, subkey);
+    if (crypto_onetimeauth_poly1305_verify(mac, c, clen, block0) != 0) {
+        sodium_memzero(subkey, sizeof subkey);
         return -1;
     }
-    c_boxed_len = clen + crypto_secretbox_BOXZEROBYTES;
-    if ((c_boxed = (unsigned char *) malloc(c_boxed_len)) == NULL) {
-        return -1;
+    mlen0 = clen;
+    if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) {
+        mlen0 = 64U - crypto_secretbox_ZEROBYTES;
     }
-    memset(c_boxed, 0, crypto_secretbox_BOXZEROBYTES);
-    memcpy(c_boxed + crypto_secretbox_BOXZEROBYTES, c, clen);
-    m_boxed_len = c_boxed_len + crypto_secretbox_MACBYTES;
-    if ((m_boxed = (unsigned char *) malloc(m_boxed_len)) == NULL) {
-        free(c_boxed);
-        return -1;
+    memcpy(block0 + crypto_secretbox_ZEROBYTES, c, mlen0);
+    crypto_stream_salsa20_xor(block0, block0,
+                              crypto_secretbox_ZEROBYTES + mlen0,
+                              n + 16, subkey);
+    for (i = 0U; i < mlen0; i++) {
+        m[i] = block0[i + crypto_secretbox_ZEROBYTES];
     }
-    rc = crypto_secretbox_open(m_boxed, c_boxed,
-                               (unsigned long long) c_boxed_len, n, k);
-    free(c_boxed);
-    if (rc != 0) {
-        free(m_boxed);
-        return -1;
+    if (clen > mlen0) {
+        crypto_stream_salsa20_xor_ic(m + mlen0, c + mlen0, clen - mlen0,
+                                     n + 16, 1U, subkey);
     }
-    memcpy(m, m_boxed + crypto_secretbox_ZEROBYTES,
-           clen - crypto_secretbox_MACBYTES);
-    free(m_boxed);
+    sodium_memzero(subkey, sizeof subkey);
     return 0;
 }
+int
+crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c,
+                           unsigned long long clen, const unsigned char *n,
+                           const unsigned char *k)
+{
+    if (clen < crypto_secretbox_MACBYTES) {
+        return -1;
+    }
+    return crypto_secretbox_open_detached(m, c + crypto_secretbox_MACBYTES, c,
+                                          clen - crypto_secretbox_MACBYTES,
+                                          n, k);
+}

data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_scalarmult_base.c CHANGED

@@ -37,7 +37,7 @@ static ge_precomp base[32][8] = {
 #include "base.h"
 } ;
-static void select(ge_precomp *t,int pos,signed char b)
+static void ge_select(ge_precomp *t,int pos,signed char b)
 {
   ge_precomp minust;
   unsigned char bnegative = negative(b);
@@ -95,7 +95,7 @@ void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
   ge_p3_0(h);
   for (i = 1;i < 64;i += 2) {
-    select(&t,i / 2,e[i]);
+    ge_select(&t,i / 2,e[i]);
     ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
   }
@@ -105,7 +105,7 @@ void ge_scalarmult_base(ge_p3 *h,const unsigned char *a)
   ge_p2_dbl(&r,&s); ge_p1p1_to_p3(h,&r);
   for (i = 0;i < 64;i += 2) {
-    select(&t,i / 2,e[i]);
+    ge_select(&t,i / 2,e[i]);
     ge_madd(&r,h,&t); ge_p1p1_to_p3(h,&r);
   }
 }

data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/pow22523.h CHANGED

@@ -50,7 +50,7 @@
 /* qhasm: z2 = z1^2^1 */
 /* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
 /* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
-fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
+fe_sq(t0,z); /* for (i = 1;i < 1;++i) fe_sq(t0,t0); */
 /* qhasm: z8 = z2^2^2 */
 /* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
@@ -70,7 +70,7 @@ fe_mul(t0,t0,t1);
 /* qhasm: z22 = z11^2^1 */
 /* asm 1: fe_sq(>z22=fe#1,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#1,>z22=fe#1); */
 /* asm 2: fe_sq(>z22=t0,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t0,>z22=t0); */
-fe_sq(t0,t0); for (i = 1;i < 1;++i) fe_sq(t0,t0);
+fe_sq(t0,t0); /* for (i = 1;i < 1;++i) fe_sq(t0,t0); */
 /* qhasm: z_5_0 = z9*z22 */
 /* asm 1: fe_mul(>z_5_0=fe#1,<z9=fe#2,<z22=fe#1); */

data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/pow225521.h CHANGED

@@ -50,7 +50,7 @@
 /* qhasm: z2 = z1^2^1 */
 /* asm 1: fe_sq(>z2=fe#1,<z1=fe#11); for (i = 1;i < 1;++i) fe_sq(>z2=fe#1,>z2=fe#1); */
 /* asm 2: fe_sq(>z2=t0,<z1=z); for (i = 1;i < 1;++i) fe_sq(>z2=t0,>z2=t0); */
-fe_sq(t0,z); for (i = 1;i < 1;++i) fe_sq(t0,t0);
+fe_sq(t0,z); /* for (i = 1;i < 1;++i) fe_sq(t0,t0); */
 /* qhasm: z8 = z2^2^2 */
 /* asm 1: fe_sq(>z8=fe#2,<z2=fe#1); for (i = 1;i < 2;++i) fe_sq(>z8=fe#2,>z8=fe#2); */
@@ -70,7 +70,7 @@ fe_mul(t0,t0,t1);
 /* qhasm: z22 = z11^2^1 */
 /* asm 1: fe_sq(>z22=fe#3,<z11=fe#1); for (i = 1;i < 1;++i) fe_sq(>z22=fe#3,>z22=fe#3); */
 /* asm 2: fe_sq(>z22=t2,<z11=t0); for (i = 1;i < 1;++i) fe_sq(>z22=t2,>z22=t2); */
-fe_sq(t2,t0); for (i = 1;i < 1;++i) fe_sq(t2,t2);
+fe_sq(t2,t0); /* for (i = 1;i < 1;++i) fe_sq(t2,t2); */
 /* qhasm: z_5_0 = z9*z22 */
 /* asm 1: fe_mul(>z_5_0=fe#2,<z9=fe#2,<z22=fe#3); */

data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519_edwards25519sha512batch.c CHANGED

@@ -46,10 +46,14 @@ static void barrett_reduce(sc25519 *r, const crypto_uint32 x[64])
   q2[33] += carry;
   for(i=0;i<33;i++)r1[i] = x[i];
-  for(i=0;i<32;i++)
-    for(j=0;j<33;j++)
-      if(i+j < 33) r2[i+j] += m[i]*q3[j];
+  for(i=0;i<32;i++) {
+    for(j=0;j<33;j++) {
+      if(i+j < 33) {
+          /* coverity[overrun-local] */
+          r2[i+j] += m[i]*q3[j];
+      }
+    }
+  }
   for(i=0;i<32;i++)
   {
     carry = r2[i] >> 8;

data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/consts_aes128ctr.c CHANGED

@@ -9,6 +9,6 @@ const unsigned char M0SWAP[16] = {0x0c, 0x08, 0x04, 0x00, 0x0d, 0x09, 0x05, 0x01
 const unsigned char SR[16] = {0x01, 0x02, 0x03, 0x00, 0x06, 0x07, 0x04, 0x05, 0x0b, 0x08, 0x09, 0x0a, 0x0c, 0x0d, 0x0e, 0x0f};
 const unsigned char SRM0[16] = {0x0f, 0x0a, 0x05, 0x00, 0x0e, 0x09, 0x04, 0x03, 0x0d, 0x08, 0x07, 0x02, 0x0c, 0x0b, 0x06, 0x01};
-const int128 BS0 = {0x5555555555555555ULL, 0x5555555555555555ULL};
-const int128 BS1 = {0x3333333333333333ULL, 0x3333333333333333ULL};
-const int128 BS2 = {0x0f0f0f0f0f0f0f0fULL, 0x0f0f0f0f0f0f0f0fULL};
+const int128 BS0 = {{0x5555555555555555ULL, 0x5555555555555555ULL}};
+const int128 BS1 = {{0x3333333333333333ULL, 0x3333333333333333ULL}};
+const int128 BS2 = {{0x0f0f0f0f0f0f0f0fULL, 0x0f0f0f0f0f0f0f0fULL}};

data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/int128.h CHANGED

@@ -1,6 +1,8 @@
 #ifndef INT128_H
 #define INT128_H
+#include <stdint.h>
 #include "common.h"
 #ifdef __cplusplus
@@ -9,9 +11,10 @@
 # endif
 #endif
-typedef struct{
-  unsigned long long a;
-  unsigned long long b;
+typedef union {
+  uint64_t u64[2];
+  uint32_t u32[4];
+  uint8_t  u8[16];
 } int128;
 #define xor2 crypto_stream_aes128ctr_portable_xor2

data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/int128_aes128ctr.c CHANGED

@@ -1,39 +1,40 @@
 #include "int128.h"
 #include "common.h"
 void xor2(int128 *r, const int128 *x)
 {
-  r->a ^= x->a;
-  r->b ^= x->b;
+  r->u64[0] ^= x->u64[0];
+  r->u64[1] ^= x->u64[1];
 }
 void and2(int128 *r, const int128 *x)
 {
-  r->a &= x->a;
-  r->b &= x->b;
+  r->u64[0] &= x->u64[0];
+  r->u64[1] &= x->u64[1];
 }
 void or2(int128 *r, const int128 *x)
 {
-  r->a |= x->a;
-  r->b |= x->b;
+  r->u64[0] |= x->u64[0];
+  r->u64[1] |= x->u64[1];
 }
 void copy2(int128 *r, const int128 *x)
 {
-  r->a = x->a;
-  r->b = x->b;
+  r->u64[0] = x->u64[0];
+  r->u64[1] = x->u64[1];
 }
 void shufb(int128 *r, const unsigned char *l)
 {
-  int128 t;
-  unsigned char *cr;
-  unsigned char *ct;
+  int128   t;
+  uint8_t *ct;
+  uint8_t *cr;
-  copy2(&t,r);
-  cr = (unsigned char *)r;
-  ct = (unsigned char *)&t;
+  copy2(&t, r);
+  cr = r->u8;
+  ct = t.u8;
   cr[0] = ct[l[0]];
   cr[1] = ct[l[1]];
   cr[2] = ct[l[2]];
@@ -55,13 +56,12 @@ void shufb(int128 *r, const unsigned char *l)
 void shufd(int128 *r, const int128 *x, const unsigned int c)
 {
   int128 t;
-  uint32 *tp = (uint32 *)&t;
-  const uint32 *xp = (const uint32 *)x;
-  tp[0] = xp[c&3];
-  tp[1] = xp[(c>>2)&3];
-  tp[2] = xp[(c>>4)&3];
-  tp[3] = xp[(c>>6)&3];
-  copy2(r,&t);
+  t.u32[0] = x->u32[c >> 0 & 3];
+  t.u32[1] = x->u32[c >> 2 & 3];
+  t.u32[2] = x->u32[c >> 4 & 3];
+  t.u32[3] = x->u32[c >> 6 & 3];
+  copy2(r, &t);
 }
 void rshift32_littleendian(int128 *r, const unsigned int n)
@@ -108,8 +108,8 @@ void lshift64_littleendian(int128 *r, const unsigned int n)
 void toggle(int128 *r)
 {
-  r->a ^= 0xffffffffffffffffULL;
-  r->b ^= 0xffffffffffffffffULL;
+  r->u64[0] ^= 0xffffffffffffffffULL;
+  r->u64[1] ^= 0xffffffffffffffffULL;
 }
 void xor_rcon(int128 *r)

data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/api.h ADDED

@@ -0,0 +1,12 @@
+#include "crypto_stream_chacha20.h"
+int
+crypto_stream_chacha20_ref(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k);
+int
+crypto_stream_chacha20_ref_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k);