rbnacl-libsodium 0.7.0 → 1.0.0

data/vendor/libsodium/test/default/stream2.c

@@ -1,18 +1,14 @@
-#include <stdio.h>
 
 #define TEST_NAME "stream2"
 #include "cmptest.h"
 
-unsigned char secondkey[32] = {
- 0xdc,0x90,0x8d,0xda,0x0b,0x93,0x44,0xa9
-,0x53,0x62,0x9b,0x73,0x38,0x20,0x77,0x88
-,0x80,0xf3,0xce,0xb4,0x21,0xbb,0x61,0xb9
-,0x1c,0xbd,0x4c,0x3e,0x66,0x25,0x6c,0xe4
-} ;
+unsigned char secondkey[32]
+    = { 0xdc, 0x90, 0x8d, 0xda, 0x0b, 0x93, 0x44, 0xa9, 0x53, 0x62, 0x9b,
+        0x73, 0x38, 0x20, 0x77, 0x88, 0x80, 0xf3, 0xce, 0xb4, 0x21, 0xbb,
+        0x61, 0xb9, 0x1c, 0xbd, 0x4c, 0x3e, 0x66, 0x25, 0x6c, 0xe4 };
 
-unsigned char noncesuffix[8] = {
- 0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
+unsigned char noncesuffix[8]
+    = { 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
 
 unsigned char output[4194304];
 
@@ -20,9 +16,15 @@ unsigned char h[32];
 
 int main(void)
 {
-  int i;
-  crypto_stream_salsa20(output,4194304,noncesuffix,secondkey);
-  crypto_hash_sha256(h,output,sizeof output);
-  for (i = 0;i < 32;++i) printf("%02x",h[i]); printf("\n");
-  return 0;
+    int i;
+    crypto_stream_salsa20(output, 4194304, noncesuffix, secondkey);
+    crypto_hash_sha256(h, output, sizeof output);
+    for (i = 0; i < 32; ++i)
+        printf("%02x", h[i]);
+    printf("\n");
+
+    assert(crypto_stream_salsa20_keybytes() > 0U);
+    assert(crypto_stream_salsa20_noncebytes() > 0U);
+
+    return 0;
 }

data/vendor/libsodium/test/default/stream3.c

@@ -1,30 +1,28 @@
-#include <stdio.h>
 
 #define TEST_NAME "stream3"
 #include "cmptest.h"
 
-unsigned char firstkey[32] = {
- 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
-,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
-,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
-,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
-} ;
+unsigned char firstkey[32]
+    = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51,
+        0x19, 0x7a, 0x9a, 0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64,
+        0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89 };
 
-unsigned char nonce[24] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
+unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+                            0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
+                            0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
 
 unsigned char rs[32];
 
 int main(void)
 {
-  int i;
-  crypto_stream_xsalsa20(rs,32,nonce,firstkey);
-  for (i = 0;i < 32;++i) {
-    printf(",0x%02x",(unsigned int) rs[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  return 0;
+    int i;
+
+    crypto_stream(rs, 32, nonce, firstkey);
+
+    for (i = 0; i < 32; ++i) {
+        printf(",0x%02x", (unsigned int)rs[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    return 0;
 }

data/vendor/libsodium/test/default/stream4.c

@@ -1,55 +1,46 @@
-#include <stdio.h>
 
 #define TEST_NAME "stream4"
 #include "cmptest.h"
 
-unsigned char firstkey[32] = {
- 0x1b,0x27,0x55,0x64,0x73,0xe9,0x85,0xd4
-,0x62,0xcd,0x51,0x19,0x7a,0x9a,0x46,0xc7
-,0x60,0x09,0x54,0x9e,0xac,0x64,0x74,0xf2
-,0x06,0xc4,0xee,0x08,0x44,0xf6,0x83,0x89
-} ;
-
-unsigned char nonce[24] = {
- 0x69,0x69,0x6e,0xe9,0x55,0xb6,0x2b,0x73
-,0xcd,0x62,0xbd,0xa8,0x75,0xfc,0x73,0xd6
-,0x82,0x19,0xe0,0x03,0x6b,0x7a,0x0b,0x37
-} ;
-
-unsigned char m[163] = {
-    0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,   0,   0,   0,   0,   0,   0,   0,   0
-,0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5
-,0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b
-,0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4
-,0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc
-,0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a
-,0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29
-,0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4
-,0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31
-,0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d
-,0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57
-,0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a
-,0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde
-,0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd
-,0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52
-,0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40
-,0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64
-,0x5e,0x07,0x05
-} ;
+unsigned char firstkey[32]
+    = { 0x1b, 0x27, 0x55, 0x64, 0x73, 0xe9, 0x85, 0xd4, 0x62, 0xcd, 0x51,
+        0x19, 0x7a, 0x9a, 0x46, 0xc7, 0x60, 0x09, 0x54, 0x9e, 0xac, 0x64,
+        0x74, 0xf2, 0x06, 0xc4, 0xee, 0x08, 0x44, 0xf6, 0x83, 0x89 };
+
+unsigned char nonce[24] = { 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73,
+                            0xcd, 0x62, 0xbd, 0xa8, 0x75, 0xfc, 0x73, 0xd6,
+                            0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 };
+
+unsigned char m[163]
+    = { 0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,    0,
+        0,    0,    0,    0,    0,    0,    0,    0,    0xbe, 0x07, 0x5f, 0xc5,
+        0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16, 0xeb, 0xeb, 0x0c, 0x7b,
+        0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4, 0x4b, 0x66, 0x84, 0x9b,
+        0x64, 0x24, 0x4f, 0xfc, 0xe5, 0xec, 0xba, 0xaf, 0x33, 0xbd, 0x75, 0x1a,
+        0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29, 0x6c, 0xdc, 0x3c, 0x01,
+        0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce, 0x31, 0x4a, 0xdb, 0x31,
+        0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d, 0xce, 0xea, 0x3a, 0x7f,
+        0xa1, 0x34, 0x80, 0x57, 0xe2, 0xf6, 0x55, 0x6a, 0xd6, 0xb1, 0x31, 0x8a,
+        0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde, 0x04, 0x89, 0x77, 0xeb,
+        0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c, 0x60, 0x90, 0x2e, 0x52,
+        0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40, 0xe0, 0x82, 0xf9, 0x37,
+        0x76, 0x38, 0x48, 0x64, 0x5e, 0x07, 0x05 };
 
 unsigned char c[163];
 
 int main(void)
 {
-  int i;
-  crypto_stream_xsalsa20_xor(c,m,163,nonce,firstkey);
-  for (i = 32;i < 163;++i) {
-    printf(",0x%02x",(unsigned int) c[i]);
-    if (i % 8 == 7) printf("\n");
-  }
-  printf("\n");
-  return 0;
+    int i;
+
+    crypto_stream_xor(c, m, 163, nonce, firstkey);
+
+    for (i = 32; i < 163; ++i) {
+        printf(",0x%02x", (unsigned int)c[i]);
+        if (i % 8 == 7)
+            printf("\n");
+    }
+    printf("\n");
+
+    return 0;
 }

data/vendor/libsodium/test/default/verify1.c

@@ -1,5 +1,3 @@
-#include <stdio.h>
-#include <string.h>
 
 #define TEST_NAME "verify1"
 #include "cmptest.h"
@@ -10,25 +8,29 @@ unsigned char v64[64], v64x[64];
 
 int main(void)
 {
-  randombytes_buf(v16, sizeof v16);
-  randombytes_buf(v32, sizeof v32);
-  randombytes_buf(v64, sizeof v64);
+    randombytes_buf(v16, sizeof v16);
+    randombytes_buf(v32, sizeof v32);
+    randombytes_buf(v64, sizeof v64);
 
-  memcpy(v16x, v16, sizeof v16);
-  memcpy(v32x, v32, sizeof v32);
-  memcpy(v64x, v64, sizeof v64);
+    memcpy(v16x, v16, sizeof v16);
+    memcpy(v32x, v32, sizeof v32);
+    memcpy(v64x, v64, sizeof v64);
 
-  printf("%d\n", crypto_verify_16(v16, v16x));
-  printf("%d\n", crypto_verify_32(v32, v32x));
-  printf("%d\n", crypto_verify_64(v64, v64x));
+    printf("%d\n", crypto_verify_16(v16, v16x));
+    printf("%d\n", crypto_verify_32(v32, v32x));
+    printf("%d\n", crypto_verify_64(v64, v64x));
 
-  v16x[randombytes_random() & 15U]++;
-  v32x[randombytes_random() & 31U]++;
-  v64x[randombytes_random() & 63U]++;
+    v16x[randombytes_random() & 15U]++;
+    v32x[randombytes_random() & 31U]++;
+    v64x[randombytes_random() & 63U]++;
 
-  printf("%d\n", crypto_verify_16(v16, v16x));
-  printf("%d\n", crypto_verify_32(v32, v32x));
-  printf("%d\n", crypto_verify_64(v64, v64x));
+    printf("%d\n", crypto_verify_16(v16, v16x));
+    printf("%d\n", crypto_verify_32(v32, v32x));
+    printf("%d\n", crypto_verify_64(v64, v64x));
 
-  return 0;
+    assert(crypto_verify_16_bytes() == 16U);
+    assert(crypto_verify_32_bytes() == 32U);
+    assert(crypto_verify_64_bytes() == 64U);
+
+    return 0;
 }

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rbnacl-libsodium
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Artiom Di
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-24 00:00:00.000000000 Z
+date: 2014-09-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rbnacl
@@ -254,7 +254,6 @@ files:
 - vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h
 - vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2.h
 - vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c
-- vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2s-ref.c
 - vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/generichash_blake2b.c
 - vendor/libsodium/src/libsodium/crypto_generichash/crypto_generichash.c
 - vendor/libsodium/src/libsodium/crypto_hash/crypto_hash.c
@@ -571,6 +570,7 @@ files:
 - vendor/libsodium/test/default/pwhash_scrypt_ll.c
 - vendor/libsodium/test/default/pwhash_scrypt_ll.exp
 - vendor/libsodium/test/default/randombytes.c
+- vendor/libsodium/test/default/randombytes.exp
 - vendor/libsodium/test/default/scalarmult.c
 - vendor/libsodium/test/default/scalarmult.exp
 - vendor/libsodium/test/default/scalarmult2.c
@@ -579,6 +579,8 @@ files:
 - vendor/libsodium/test/default/scalarmult5.exp
 - vendor/libsodium/test/default/scalarmult6.c
 - vendor/libsodium/test/default/scalarmult6.exp
+- vendor/libsodium/test/default/scalarmult7.c
+- vendor/libsodium/test/default/scalarmult7.exp
 - vendor/libsodium/test/default/secretbox.c
 - vendor/libsodium/test/default/secretbox.exp
 - vendor/libsodium/test/default/secretbox2.c

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2s-ref.c

@@ -1,356 +0,0 @@
-/*
-   BLAKE2 reference source code package - reference C implementations
-
-   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
-
-   To the extent possible under law, the author(s) have dedicated all copyright
-   and related and neighboring rights to this software to the public domain
-   worldwide. This software is distributed without any warranty.
-
-   You should have received a copy of the CC0 Public Domain Dedication along with
-   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
-*/
-
-#include <stdint.h>
-#include <string.h>
-#include <stdio.h>
-
-#include "crypto_generichash_blake2b.h"
-#include "blake2.h"
-#include "blake2-impl.h"
-
-static const uint32_t blake2s_IV[8] =
-{
-  0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL,
-  0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL
-};
-
-static const uint8_t blake2s_sigma[10][16] =
-{
-  {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
-  { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
-  { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
-  {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
-  {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
-  {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
-  { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
-  { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
-  {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
-  { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
-};
-
-static inline int blake2s_set_lastnode( blake2s_state *S )
-{
-  S->f[1] = ~0U;
-  return 0;
-}
-#if 0
-static inline int blake2s_clear_lastnode( blake2s_state *S )
-{
-  S->f[1] = 0U;
-  return 0;
-}
-#endif
-/* Some helper functions, not necessarily useful */
-static inline int blake2s_set_lastblock( blake2s_state *S )
-{
-  if( S->last_node ) blake2s_set_lastnode( S );
-
-  S->f[0] = ~0U;
-  return 0;
-}
-#if 0
-static inline int blake2s_clear_lastblock( blake2s_state *S )
-{
-  if( S->last_node ) blake2s_clear_lastnode( S );
-
-  S->f[0] = 0U;
-  return 0;
-}
-#endif
-static inline int blake2s_increment_counter( blake2s_state *S, const uint32_t inc )
-{
-  S->t[0] += inc;
-  S->t[1] += ( S->t[0] < inc );
-  return 0;
-}
-
-// Parameter-related functions
-#if 0
-static inline int blake2s_param_set_digest_length( blake2s_param *P, const uint8_t digest_length )
-{
-  P->digest_length = digest_length;
-  return 0;
-}
-
-static inline int blake2s_param_set_fanout( blake2s_param *P, const uint8_t fanout )
-{
-  P->fanout = fanout;
-  return 0;
-}
-
-static inline int blake2s_param_set_max_depth( blake2s_param *P, const uint8_t depth )
-{
-  P->depth = depth;
-  return 0;
-}
-
-static inline int blake2s_param_set_leaf_length( blake2s_param *P, const uint32_t leaf_length )
-{
-  store32( &P->leaf_length, leaf_length );
-  return 0;
-}
-
-static inline int blake2s_param_set_node_offset( blake2s_param *P, const uint64_t node_offset )
-{
-  store48( P->node_offset, node_offset );
-  return 0;
-}
-
-static inline int blake2s_param_set_node_depth( blake2s_param *P, const uint8_t node_depth )
-{
-  P->node_depth = node_depth;
-  return 0;
-}
-
-static inline int blake2s_param_set_inner_length( blake2s_param *P, const uint8_t inner_length )
-{
-  P->inner_length = inner_length;
-  return 0;
-}
-#endif
-static inline int blake2s_param_set_salt( blake2s_param *P, const uint8_t salt[BLAKE2S_SALTBYTES] )
-{
-  memcpy( P->salt, salt, BLAKE2S_SALTBYTES );
-  return 0;
-}
-
-static inline int blake2s_param_set_personal( blake2s_param *P, const uint8_t personal[BLAKE2S_PERSONALBYTES] )
-{
-  memcpy( P->personal, personal, BLAKE2S_PERSONALBYTES );
-  return 0;
-}
-
-static inline int blake2s_init0( blake2s_state *S )
-{
-  int i;
-
-  memset( S, 0, sizeof( blake2s_state ) );
-
-  for( i = 0; i < 8; ++i ) S->h[i] = blake2s_IV[i];
-
-  return 0;
-}
-
-/* init2 xors IV with input parameter block */
-int blake2s_init_param( blake2s_state *S, const blake2s_param *P )
-{
-  size_t i;
-  uint32_t *p;
-
-  blake2s_init0( S );
-  p = ( uint32_t * )( P );
-
-  /* IV XOR ParamBlock */
-  for( i = 0; i < 8; ++i )
-    S->h[i] ^= load32( &p[i] );
-
-  return 0;
-}
-
-
-// Sequential blake2s initialization
-int blake2s_init( blake2s_state *S, const uint8_t outlen )
-{
-  blake2s_param P[1];
-
-  /* Move interval verification here? */
-  if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
-
-  P->digest_length = outlen;
-  P->key_length    = 0;
-  P->fanout        = 1;
-  P->depth         = 1;
-  store32( &P->leaf_length, 0 );
-  store48( &P->node_offset, 0 );
-  P->node_depth    = 0;
-  P->inner_length  = 0;
-  // memset(P->reserved, 0, sizeof(P->reserved) );
-  memset( P->salt,     0, sizeof( P->salt ) );
-  memset( P->personal, 0, sizeof( P->personal ) );
-  return blake2s_init_param( S, P );
-}
-
-int blake2s_init_key( blake2s_state *S, const uint8_t outlen, const void *key, const uint8_t keylen )
-{
-  blake2s_param P[1];
-
-  if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return -1;
-
-  if ( !key || !keylen || keylen > BLAKE2S_KEYBYTES ) return -1;
-
-  P->digest_length = outlen;
-  P->key_length    = keylen;
-  P->fanout        = 1;
-  P->depth         = 1;
-  store32( &P->leaf_length, 0 );
-  store48( &P->node_offset, 0 );
-  P->node_depth    = 0;
-  P->inner_length  = 0;
-  // memset(P->reserved, 0, sizeof(P->reserved) );
-  memset( P->salt,     0, sizeof( P->salt ) );
-  memset( P->personal, 0, sizeof( P->personal ) );
-
-  if( blake2s_init_param( S, P ) < 0 ) return -1;
-
-  {
-    uint8_t block[BLAKE2S_BLOCKBYTES];
-    memset( block, 0, BLAKE2S_BLOCKBYTES );
-    memcpy( block, key, keylen );
-    blake2s_update( S, block, BLAKE2S_BLOCKBYTES );
-    secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
-  }
-  return 0;
-}
-
-static int blake2s_compress( blake2s_state *S, const uint8_t block[BLAKE2S_BLOCKBYTES] )
-{
-  uint32_t m[16];
-  uint32_t v[16];
-  size_t   i;
-
-  for( i = 0; i < 16; ++i )
-    m[i] = load32( block + i * sizeof( m[i] ) );
-
-  for( i = 0; i < 8; ++i )
-    v[i] = S->h[i];
-
-  v[ 8] = blake2s_IV[0];
-  v[ 9] = blake2s_IV[1];
-  v[10] = blake2s_IV[2];
-  v[11] = blake2s_IV[3];
-  v[12] = S->t[0] ^ blake2s_IV[4];
-  v[13] = S->t[1] ^ blake2s_IV[5];
-  v[14] = S->f[0] ^ blake2s_IV[6];
-  v[15] = S->f[1] ^ blake2s_IV[7];
-#define G(r,i,a,b,c,d) \
-  do { \
-    a = a + b + m[blake2s_sigma[r][2*i+0]]; \
-    d = rotr32(d ^ a, 16); \
-    c = c + d; \
-    b = rotr32(b ^ c, 12); \
-    a = a + b + m[blake2s_sigma[r][2*i+1]]; \
-    d = rotr32(d ^ a, 8); \
-    c = c + d; \
-    b = rotr32(b ^ c, 7); \
-  } while(0)
-#define ROUND(r)  \
-  do { \
-    G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
-    G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
-    G(r,2,v[ 2],v[ 6],v[10],v[14]); \
-    G(r,3,v[ 3],v[ 7],v[11],v[15]); \
-    G(r,4,v[ 0],v[ 5],v[10],v[15]); \
-    G(r,5,v[ 1],v[ 6],v[11],v[12]); \
-    G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
-    G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
-  } while(0)
-  ROUND( 0 );
-  ROUND( 1 );
-  ROUND( 2 );
-  ROUND( 3 );
-  ROUND( 4 );
-  ROUND( 5 );
-  ROUND( 6 );
-  ROUND( 7 );
-  ROUND( 8 );
-  ROUND( 9 );
-
-  for( i = 0; i < 8; ++i )
-    S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
-
-#undef G
-#undef ROUND
-  return 0;
-}
-
-
-int blake2s_update( blake2s_state *S, const uint8_t *in, uint64_t inlen )
-{
-  while( inlen > 0 )
-  {
-    size_t left = S->buflen;
-    size_t fill = 2 * BLAKE2S_BLOCKBYTES - left;
-
-    if( inlen > fill )
-    {
-      memcpy( S->buf + left, in, fill ); // Fill buffer
-      S->buflen += fill;
-      blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES );
-      blake2s_compress( S, S->buf ); // Compress
-      memcpy( S->buf, S->buf + BLAKE2S_BLOCKBYTES, BLAKE2S_BLOCKBYTES ); // Shift buffer left
-      S->buflen -= BLAKE2S_BLOCKBYTES;
-      in += fill;
-      inlen -= fill;
-    }
-    else // inlen <= fill
-    {
-      memcpy( S->buf + left, in, inlen );
-      S->buflen += inlen; // Be lazy, do not compress
-      in += inlen;
-      inlen -= inlen;
-    }
-  }
-
-  return 0;
-}
-
-int blake2s_final( blake2s_state *S, uint8_t *out, uint8_t outlen )
-{
-  uint8_t buffer[BLAKE2S_OUTBYTES];
-  int     i;
-
-  if( S->buflen > BLAKE2S_BLOCKBYTES )
-  {
-    blake2s_increment_counter( S, BLAKE2S_BLOCKBYTES );
-    blake2s_compress( S, S->buf );
-    S->buflen -= BLAKE2S_BLOCKBYTES;
-    memcpy( S->buf, S->buf + BLAKE2S_BLOCKBYTES, S->buflen );
-  }
-
-  blake2s_increment_counter( S, ( uint32_t )S->buflen );
-  blake2s_set_lastblock( S );
-  memset( S->buf + S->buflen, 0, 2 * BLAKE2S_BLOCKBYTES - S->buflen ); /* Padding */
-  blake2s_compress( S, S->buf );
-
-  for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */
-    store32( buffer + sizeof( S->h[i] ) * i, S->h[i] );
-
-  memcpy( out, buffer, outlen );
-  return 0;
-}
-
-int blake2s( uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen )
-{
-  blake2s_state S[1];
-
-  /* Verify parameters */
-  if ( NULL == in ) return -1;
-
-  if ( NULL == out ) return -1;
-
-  if ( NULL == key ) keylen = 0; /* Fail here instead if keylen != 0 and key == NULL? */
-
-  if( keylen > 0 )
-  {
-    if( blake2s_init_key( S, outlen, key, keylen ) < 0 ) return -1;
-  }
-  else
-  {
-    if( blake2s_init( S, outlen ) < 0 ) return -1;
-  }
-
-  blake2s_update( S, ( uint8_t * )in, inlen );
-  blake2s_final( S, out, outlen );
-  return 0;
-}