RubyGems - rbnacl-libsodium - Versions diffs - 0.5.0.1 → 0.6.0 - Mend

rbnacl-libsodium 0.5.0.1 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (144) hide show

data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c ADDED

@@ -0,0 +1,275 @@
+/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */
+/*
+ chacha-merged.c version 20080118
+ D. J. Bernstein
+ Public domain.
+ */
+#include <stdint.h>
+#include <string.h>
+#include "api.h"
+#include "crypto_stream_chacha20.h"
+#include "utils.h"
+struct chacha_ctx {
+    uint32_t input[16];
+};
+typedef uint8_t  u8;
+typedef uint32_t u32;
+typedef struct chacha_ctx chacha_ctx;
+#define U8C(v) (v##U)
+#define U32C(v) (v##U)
+#define U8V(v) ((u8)(v) & U8C(0xFF))
+#define U32V(v) ((u32)(v) & U32C(0xFFFFFFFF))
+#define ROTL32(v, n) \
+  (U32V((v) << (n)) | ((v) >> (32 - (n))))
+#define U8TO32_LITTLE(p) \
+  (((u32)((p)[0])      ) | \
+   ((u32)((p)[1]) <<  8) | \
+   ((u32)((p)[2]) << 16) | \
+   ((u32)((p)[3]) << 24))
+#define U32TO8_LITTLE(p, v) \
+  do { \
+    (p)[0] = U8V((v)      ); \
+    (p)[1] = U8V((v) >>  8); \
+    (p)[2] = U8V((v) >> 16); \
+    (p)[3] = U8V((v) >> 24); \
+  } while (0)
+#define ROTATE(v,c) (ROTL32(v,c))
+#define XOR(v,w) ((v) ^ (w))
+#define PLUS(v,w) (U32V((v) + (w)))
+#define PLUSONE(v) (PLUS((v),1))
+#define QUARTERROUND(a,b,c,d) \
+  a = PLUS(a,b); d = ROTATE(XOR(d,a),16); \
+  c = PLUS(c,d); b = ROTATE(XOR(b,c),12); \
+  a = PLUS(a,b); d = ROTATE(XOR(d,a), 8); \
+  c = PLUS(c,d); b = ROTATE(XOR(b,c), 7);
+static const unsigned char sigma[16] = {
+    'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'
+};
+static void
+chacha_keysetup(chacha_ctx *x, const u8 *k)
+{
+    const unsigned char *constants;
+    x->input[4] = U8TO32_LITTLE(k + 0);
+    x->input[5] = U8TO32_LITTLE(k + 4);
+    x->input[6] = U8TO32_LITTLE(k + 8);
+    x->input[7] = U8TO32_LITTLE(k + 12);
+    k += 16;
+    constants = sigma;
+    x->input[8] = U8TO32_LITTLE(k + 0);
+    x->input[9] = U8TO32_LITTLE(k + 4);
+    x->input[10] = U8TO32_LITTLE(k + 8);
+    x->input[11] = U8TO32_LITTLE(k + 12);
+    x->input[0] = U8TO32_LITTLE(constants + 0);
+    x->input[1] = U8TO32_LITTLE(constants + 4);
+    x->input[2] = U8TO32_LITTLE(constants + 8);
+    x->input[3] = U8TO32_LITTLE(constants + 12);
+}
+static void
+chacha_ivsetup(chacha_ctx *x, const u8 *iv, const u8 *counter)
+{
+    x->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
+    x->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
+    x->input[14] = U8TO32_LITTLE(iv + 0);
+    x->input[15] = U8TO32_LITTLE(iv + 4);
+}
+static void
+chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, unsigned long long bytes)
+{
+    u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
+    u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
+    u8 *ctarget = NULL;
+    u8 tmp[64];
+    unsigned long long i;
+    if (!bytes) {
+        return;
+    }
+    j0 = x->input[0];
+    j1 = x->input[1];
+    j2 = x->input[2];
+    j3 = x->input[3];
+    j4 = x->input[4];
+    j5 = x->input[5];
+    j6 = x->input[6];
+    j7 = x->input[7];
+    j8 = x->input[8];
+    j9 = x->input[9];
+    j10 = x->input[10];
+    j11 = x->input[11];
+    j12 = x->input[12];
+    j13 = x->input[13];
+    j14 = x->input[14];
+    j15 = x->input[15];
+    for (;;) {
+        if (bytes < 64) {
+            for (i = 0; i < bytes; ++i) {
+                tmp[i] = m[i];
+            }
+            m = tmp;
+            ctarget = c;
+            c = tmp;
+        }
+        x0 = j0;
+        x1 = j1;
+        x2 = j2;
+        x3 = j3;
+        x4 = j4;
+        x5 = j5;
+        x6 = j6;
+        x7 = j7;
+        x8 = j8;
+        x9 = j9;
+        x10 = j10;
+        x11 = j11;
+        x12 = j12;
+        x13 = j13;
+        x14 = j14;
+        x15 = j15;
+        for (i = 20; i > 0; i -= 2) {
+            QUARTERROUND(x0, x4, x8, x12)
+            QUARTERROUND(x1, x5, x9, x13)
+            QUARTERROUND(x2, x6, x10, x14)
+            QUARTERROUND(x3, x7, x11, x15)
+            QUARTERROUND(x0, x5, x10, x15)
+            QUARTERROUND(x1, x6, x11, x12)
+            QUARTERROUND(x2, x7, x8, x13)
+            QUARTERROUND(x3, x4, x9, x14)
+        }
+        x0 = PLUS(x0, j0);
+        x1 = PLUS(x1, j1);
+        x2 = PLUS(x2, j2);
+        x3 = PLUS(x3, j3);
+        x4 = PLUS(x4, j4);
+        x5 = PLUS(x5, j5);
+        x6 = PLUS(x6, j6);
+        x7 = PLUS(x7, j7);
+        x8 = PLUS(x8, j8);
+        x9 = PLUS(x9, j9);
+        x10 = PLUS(x10, j10);
+        x11 = PLUS(x11, j11);
+        x12 = PLUS(x12, j12);
+        x13 = PLUS(x13, j13);
+        x14 = PLUS(x14, j14);
+        x15 = PLUS(x15, j15);
+        x0 = XOR(x0, U8TO32_LITTLE(m + 0));
+        x1 = XOR(x1, U8TO32_LITTLE(m + 4));
+        x2 = XOR(x2, U8TO32_LITTLE(m + 8));
+        x3 = XOR(x3, U8TO32_LITTLE(m + 12));
+        x4 = XOR(x4, U8TO32_LITTLE(m + 16));
+        x5 = XOR(x5, U8TO32_LITTLE(m + 20));
+        x6 = XOR(x6, U8TO32_LITTLE(m + 24));
+        x7 = XOR(x7, U8TO32_LITTLE(m + 28));
+        x8 = XOR(x8, U8TO32_LITTLE(m + 32));
+        x9 = XOR(x9, U8TO32_LITTLE(m + 36));
+        x10 = XOR(x10, U8TO32_LITTLE(m + 40));
+        x11 = XOR(x11, U8TO32_LITTLE(m + 44));
+        x12 = XOR(x12, U8TO32_LITTLE(m + 48));
+        x13 = XOR(x13, U8TO32_LITTLE(m + 52));
+        x14 = XOR(x14, U8TO32_LITTLE(m + 56));
+        x15 = XOR(x15, U8TO32_LITTLE(m + 60));
+        j12 = PLUSONE(j12);
+        if (!j12) {
+            j13 = PLUSONE(j13);
+            /* stopping at 2^70 bytes per nonce is user's responsibility */
+        }
+        U32TO8_LITTLE(c + 0, x0);
+        U32TO8_LITTLE(c + 4, x1);
+        U32TO8_LITTLE(c + 8, x2);
+        U32TO8_LITTLE(c + 12, x3);
+        U32TO8_LITTLE(c + 16, x4);
+        U32TO8_LITTLE(c + 20, x5);
+        U32TO8_LITTLE(c + 24, x6);
+        U32TO8_LITTLE(c + 28, x7);
+        U32TO8_LITTLE(c + 32, x8);
+        U32TO8_LITTLE(c + 36, x9);
+        U32TO8_LITTLE(c + 40, x10);
+        U32TO8_LITTLE(c + 44, x11);
+        U32TO8_LITTLE(c + 48, x12);
+        U32TO8_LITTLE(c + 52, x13);
+        U32TO8_LITTLE(c + 56, x14);
+        U32TO8_LITTLE(c + 60, x15);
+        if (bytes <= 64) {
+            if (bytes < 64) {
+                for (i = 0; i < bytes; ++i) {
+                    ctarget[i] = c[i];
+                }
+            }
+            x->input[12] = j12;
+            x->input[13] = j13;
+            return;
+        }
+        bytes -= 64;
+        c += 64;
+        m += 64;
+    }
+}
+int
+crypto_stream_chacha20_ref(unsigned char *c, unsigned long long clen,
+                           const unsigned char *n, const unsigned char *k)
+{
+    struct chacha_ctx ctx;
+    if (!clen) {
+        return 0;
+    }
+    (void) sizeof(int[crypto_stream_chacha20_KEYBYTES == 256 / 8 ? 1 : -1]);
+    chacha_keysetup(&ctx, k);
+    chacha_ivsetup(&ctx, n, NULL);
+    memset(c, 0, clen);
+    chacha_encrypt_bytes(&ctx, c, c, clen);
+    sodium_memzero(&ctx, sizeof ctx);
+    return 0;
+}
+int
+crypto_stream_chacha20_ref_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k)
+{
+    struct chacha_ctx ctx;
+    uint8_t           ic_bytes[8];
+    uint32_t          ic_high;
+    uint32_t          ic_low;
+    if (!mlen) {
+        return 0;
+    }
+    ic_high = U32V(ic >> 32);
+    ic_low = U32V(ic);
+    U32TO8_LITTLE(&ic_bytes[0], ic_low);
+    U32TO8_LITTLE(&ic_bytes[4], ic_high);
+    chacha_keysetup(&ctx, k);
+    chacha_ivsetup(&ctx, n, ic_bytes);
+    chacha_encrypt_bytes(&ctx, m, c, mlen);
+    sodium_memzero(&ctx, sizeof ctx);
+    sodium_memzero(ic_bytes, sizeof ic_bytes);
+    return 0;
+}

data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/stream_chacha20_api.c ADDED

@@ -0,0 +1,36 @@
+#include "crypto_stream_chacha20.h"
+#include "ref/api.h"
+size_t
+crypto_stream_chacha20_keybytes(void) {
+    return crypto_stream_chacha20_KEYBYTES;
+}
+size_t
+crypto_stream_chacha20_noncebytes(void) {
+    return crypto_stream_chacha20_NONCEBYTES;
+}
+int
+crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
+                       const unsigned char *n, const unsigned char *k)
+{
+    return crypto_stream_chacha20_ref(c, clen, n, k);
+}
+int
+crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
+                              unsigned long long mlen,
+                              const unsigned char *n, uint64_t ic,
+                              const unsigned char *k)
+{
+    return crypto_stream_chacha20_ref_xor_ic(c, m, mlen, n, ic, k);
+}
+int
+crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
+                           unsigned long long mlen, const unsigned char *n,
+                           const unsigned char *k)
+{
+    return crypto_stream_chacha20_ref_xor_ic(c, m, mlen, n, 0U, k);
+}

data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/amd64_xmm6/stream_salsa20_amd64_xmm6.S CHANGED

@@ -33,19 +33,20 @@ mov  $0,%rax
 mov  %r9,%rcx
 rep stosb
 sub  %r9,%rdi
+movq $0,472(%rsp)
 jmp ._start
 .text
 .p2align 5
-.globl  crypto_stream_salsa20_xor
-.globl _crypto_stream_salsa20_xor
+.globl  crypto_stream_salsa20_xor_ic
+.globl _crypto_stream_salsa20_xor_ic
 #ifdef __ELF__
-.type  crypto_stream_salsa20_xor, @function
-.type _crypto_stream_salsa20_xor, @function
+.type  crypto_stream_salsa20_xor_ic, @function
+.type _crypto_stream_salsa20_xor_ic, @function
 #endif
-crypto_stream_salsa20_xor:
-_crypto_stream_salsa20_xor:
+crypto_stream_salsa20_xor_ic:
+_crypto_stream_salsa20_xor_ic:
 mov %rsp,%r11
 and $31,%r11
@@ -60,9 +61,10 @@ movq %rbx,456(%rsp)
 movq %rbp,464(%rsp)
 mov  %rdi,%rdi
 mov  %rsi,%rsi
+mov  %r9,%r10
+movq %r8,472(%rsp)
 mov  %rdx,%r9
 mov  %rcx,%rdx
-mov  %r8,%r10
 cmp  $0,%r9
 jbe ._done
@@ -75,17 +77,16 @@ movl %ecx,64(%rsp)
 movl %r8d,4+64(%rsp)
 movl %eax,8+64(%rsp)
 movl %r11d,12+64(%rsp)
-mov  $0,%rcx
 movl   24(%r10),%r8d
 movl   4(%r10),%eax
 movl   4(%rdx),%edx
-movq %rcx,472(%rsp)
+movq 472(%rsp),%rcx
 movl %ecx,80(%rsp)
 movl %r8d,4+80(%rsp)
 movl %eax,8+80(%rsp)
 movl %edx,12+80(%rsp)
 movl   12(%r10),%edx
-mov  $0,%rcx
+shr  $32,%rcx
 movl   28(%r10),%r8d
 movl   8(%r10),%eax
 movl %edx,96(%rsp)

data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/ref/xor_salsa20_ref.c CHANGED

@@ -4,6 +4,8 @@ D. J. Bernstein
 Public domain.
 */
+#include <stdint.h>
 #include "api.h"
 #include "crypto_core_salsa20.h"
 #include "utils.h"
@@ -16,10 +18,10 @@ static const unsigned char sigma[16] = {
     'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k'
 };
-int crypto_stream_xor(
+int crypto_stream_salsa20_xor_ic(
         unsigned char *c,
   const unsigned char *m,unsigned long long mlen,
-  const unsigned char *n,
+  const unsigned char *n, uint64_t ic,
   const unsigned char *k
 )
 {
@@ -33,7 +35,10 @@ int crypto_stream_xor(
   for (i = 0;i < 32;++i) kcopy[i] = k[i];
   for (i = 0;i < 8;++i) in[i] = n[i];
-  for (i = 8;i < 16;++i) in[i] = 0;
+  for (i = 8;i < 16;++i) {
+      in[i] = (unsigned char) (ic & 0xff);
+      ic >>= 8;
+  }
   while (mlen >= 64) {
     crypto_core_salsa20(block,in,kcopy,sigma);

data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/stream_salsa20_api.c CHANGED

@@ -9,3 +9,11 @@ size_t
 crypto_stream_salsa20_noncebytes(void) {
     return crypto_stream_salsa20_NONCEBYTES;
 }
+int
+crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m,
+                          unsigned long long mlen, const unsigned char *n,
+                          const unsigned char *k)
+{
+    return crypto_stream_salsa20_xor_ic(c, m, mlen, n, 0U, k);
+}

data/vendor/libsodium/src/libsodium/include/Makefile.am CHANGED

@@ -2,6 +2,7 @@
 SODIUM_EXPORT = \
 	sodium.h \
 	sodium/core.h \
+	sodium/crypto_aead_chacha20poly1305.h \
 	sodium/crypto_auth.h \
 	sodium/crypto_auth_hmacsha256.h \
 	sodium/crypto_auth_hmacsha512.h \
@@ -19,8 +20,7 @@ SODIUM_EXPORT = \
 	sodium/crypto_hash_sha512.h \
 	sodium/crypto_onetimeauth.h \
 	sodium/crypto_onetimeauth_poly1305.h \
-	sodium/crypto_onetimeauth_poly1305_donna.h \
-	sodium/crypto_pwhash_scryptxsalsa208sha256.h \
+	sodium/crypto_pwhash_scryptsalsa208sha256.h \
 	sodium/crypto_scalarmult.h \
 	sodium/crypto_scalarmult_curve25519.h \
 	sodium/crypto_secretbox.h \
@@ -33,6 +33,7 @@ SODIUM_EXPORT = \
 	sodium/crypto_stream.h \
 	sodium/crypto_stream_aes128ctr.h \
 	sodium/crypto_stream_aes256estream.h \
+	sodium/crypto_stream_chacha20.h \
 	sodium/crypto_stream_salsa20.h \
 	sodium/crypto_stream_salsa2012.h \
 	sodium/crypto_stream_salsa208.h \

data/vendor/libsodium/src/libsodium/include/Makefile.in CHANGED

@@ -299,6 +299,7 @@ top_srcdir = @top_srcdir@
 SODIUM_EXPORT = \
 	sodium.h \
 	sodium/core.h \
+	sodium/crypto_aead_chacha20poly1305.h \
 	sodium/crypto_auth.h \
 	sodium/crypto_auth_hmacsha256.h \
 	sodium/crypto_auth_hmacsha512.h \
@@ -316,8 +317,7 @@ SODIUM_EXPORT = \
 	sodium/crypto_hash_sha512.h \
 	sodium/crypto_onetimeauth.h \
 	sodium/crypto_onetimeauth_poly1305.h \
-	sodium/crypto_onetimeauth_poly1305_donna.h \
-	sodium/crypto_pwhash_scryptxsalsa208sha256.h \
+	sodium/crypto_pwhash_scryptsalsa208sha256.h \
 	sodium/crypto_scalarmult.h \
 	sodium/crypto_scalarmult_curve25519.h \
 	sodium/crypto_secretbox.h \
@@ -330,6 +330,7 @@ SODIUM_EXPORT = \
 	sodium/crypto_stream.h \
 	sodium/crypto_stream_aes128ctr.h \
 	sodium/crypto_stream_aes256estream.h \
+	sodium/crypto_stream_chacha20.h \
 	sodium/crypto_stream_salsa20.h \
 	sodium/crypto_stream_salsa2012.h \
 	sodium/crypto_stream_salsa208.h \