rbnacl-libsodium 1.0.13 → 1.0.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +5 -0
- data/lib/rbnacl/libsodium.rb +1 -0
- data/lib/rbnacl/libsodium/version.rb +1 -1
- data/vendor/libsodium/AUTHORS +2 -2
- data/vendor/libsodium/ChangeLog +64 -0
- data/vendor/libsodium/Makefile.am +1 -0
- data/vendor/libsodium/README.markdown +1 -3
- data/vendor/libsodium/THANKS +13 -3
- data/vendor/libsodium/builds/Makefile.am +65 -0
- data/vendor/libsodium/builds/msvc/resource.rc +2 -2
- data/vendor/libsodium/builds/msvc/version.h +3 -3
- data/vendor/libsodium/builds/msvc/vs2010/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters +382 -394
- data/vendor/libsodium/builds/msvc/vs2012/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters +382 -394
- data/vendor/libsodium/builds/msvc/vs2013/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters +382 -394
- data/vendor/libsodium/builds/msvc/vs2015/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters +382 -394
- data/vendor/libsodium/builds/msvc/vs2017/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters +382 -394
- data/vendor/libsodium/configure.ac +59 -10
- data/vendor/libsodium/contrib/Findsodium.cmake +2 -0
- data/vendor/libsodium/dist-build/emscripten-symbols.def +72 -32
- data/vendor/libsodium/dist-build/emscripten.sh +33 -6
- data/vendor/libsodium/dist-build/generate-emscripten-symbols.sh +52 -38
- data/vendor/libsodium/dist-build/ios.sh +2 -2
- data/vendor/libsodium/libsodium.vcxproj +168 -173
- data/vendor/libsodium/libsodium.vcxproj.filters +220 -235
- data/vendor/libsodium/m4/ax_check_catchable_abrt.m4 +57 -0
- data/vendor/libsodium/m4/ax_check_gnu_make.m4 +2 -2
- data/vendor/libsodium/m4/ax_pthread.m4 +2 -2
- data/vendor/libsodium/msvc-scripts/process.bat +3 -3
- data/vendor/libsodium/packaging/dotnet-core/README.md +5 -5
- data/vendor/libsodium/packaging/dotnet-core/libsodium.props +5 -2
- data/vendor/libsodium/packaging/dotnet-core/prepare.py +13 -31
- data/vendor/libsodium/packaging/dotnet-core/recipes/linux-x64 +4 -0
- data/vendor/libsodium/packaging/nuget/package.config +1 -1
- data/vendor/libsodium/src/libsodium/Makefile.am +11 -12
- data/vendor/libsodium/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c +11 -4
- data/vendor/libsodium/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c +17 -4
- data/vendor/libsodium/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c +8 -1
- data/vendor/libsodium/src/libsodium/crypto_box/crypto_box.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_box/crypto_box_easy.c +5 -4
- data/vendor/libsodium/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c +11 -4
- data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c +78 -17
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c +74 -64
- data/vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c +2 -0
- data/vendor/libsodium/src/libsodium/crypto_kx/crypto_kx.c +7 -0
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h +1 -0
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c +17 -17
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-core.c +53 -48
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-core.h +37 -11
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c +23 -179
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx2.c +4 -12
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx512f.c +244 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ref.c +3 -12
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ssse3.c +4 -12
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2.c +1 -5
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/blamka-round-avx512f.h +145 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c +91 -14
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/pwhash_argon2id.c +35 -14
- data/vendor/libsodium/src/libsodium/crypto_pwhash/crypto_pwhash.c +41 -4
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c +31 -17
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h +4 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c +5 -1
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c +30 -1
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c +8 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.c +3 -3
- data/vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c +5 -4
- data/vendor/libsodium/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c +11 -4
- data/vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c +311 -0
- data/vendor/libsodium/src/libsodium/crypto_sign/crypto_sign.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ed25519_ref10.h +3 -0
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/keypair.c +9 -2
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c +1 -1
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/open.c +6 -5
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/sign_ed25519.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.c +3 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.c +3 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c +3 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/stream_chacha20.c +12 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/crypto_stream.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/stream_salsa20.c +7 -1
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/xmm6int/u0.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/stream_salsa2012.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/stream_salsa208.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20.c +6 -0
- data/vendor/libsodium/src/libsodium/crypto_verify/sodium/verify.c +66 -29
- data/vendor/libsodium/src/libsodium/include/Makefile.am +1 -1
- data/vendor/libsodium/src/libsodium/include/sodium.h +2 -2
- data/vendor/libsodium/src/libsodium/include/sodium/core.h +9 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_aead_aes256gcm.h +26 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h +16 -4
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h +10 -4
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_box.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h +6 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h +24 -15
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_core_salsa208.h +8 -4
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash.h +40 -18
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash_argon2i.h +8 -2
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash_argon2id.h +8 -2
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h +11 -3
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretbox.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h +6 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h +17 -8
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h +102 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign_ed25519.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h +1 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_chacha20.h +10 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa20.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa2012.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_salsa208.h +15 -5
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_xchacha20.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_xsalsa20.h +4 -0
- data/vendor/libsodium/src/libsodium/include/sodium/export.h +9 -0
- data/vendor/libsodium/src/libsodium/include/sodium/private/common.h +11 -0
- data/vendor/libsodium/src/libsodium/include/sodium/private/curve25519_ref10.h +2 -30
- data/vendor/libsodium/src/libsodium/include/sodium/randombytes.h +2 -0
- data/vendor/libsodium/src/libsodium/include/sodium/runtime.h +12 -9
- data/vendor/libsodium/src/libsodium/include/sodium/utils.h +36 -0
- data/vendor/libsodium/src/libsodium/randombytes/nativeclient/randombytes_nativeclient.c +3 -2
- data/vendor/libsodium/src/libsodium/randombytes/randombytes.c +18 -14
- data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +11 -10
- data/vendor/libsodium/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +20 -8
- data/vendor/libsodium/src/libsodium/sodium/codecs.c +333 -0
- data/vendor/libsodium/src/libsodium/sodium/core.c +36 -4
- data/vendor/libsodium/src/libsodium/sodium/runtime.c +18 -0
- data/vendor/libsodium/src/libsodium/sodium/utils.c +87 -100
- data/vendor/libsodium/test/constcheck.sh +19 -0
- data/vendor/libsodium/test/default/Makefile.am +39 -7
- data/vendor/libsodium/test/default/aead_aes256gcm.c +6 -0
- data/vendor/libsodium/test/default/aead_chacha20poly1305.c +16 -0
- data/vendor/libsodium/test/default/aead_xchacha20poly1305.c +25 -15
- data/vendor/libsodium/test/default/auth.c +13 -0
- data/vendor/libsodium/test/default/auth.exp +8 -0
- data/vendor/libsodium/test/default/box.c +3 -0
- data/vendor/libsodium/test/default/box2.c +2 -0
- data/vendor/libsodium/test/default/box_easy.c +1 -4
- data/vendor/libsodium/test/default/box_easy2.c +7 -3
- data/vendor/libsodium/test/default/chacha20.c +9 -2
- data/vendor/libsodium/test/default/cmptest.h +47 -1
- data/vendor/libsodium/test/default/codecs.c +226 -0
- data/vendor/libsodium/test/default/codecs.exp +28 -0
- data/vendor/libsodium/test/default/core3.c +42 -15
- data/vendor/libsodium/test/default/ed25519_convert.c +17 -0
- data/vendor/libsodium/test/default/kdf.c +8 -4
- data/vendor/libsodium/test/default/keygen.c +5 -2
- data/vendor/libsodium/test/default/kx.c +30 -0
- data/vendor/libsodium/test/default/metamorphic.c +187 -0
- data/vendor/libsodium/test/default/metamorphic.exp +1 -0
- data/vendor/libsodium/test/default/misuse.c +145 -0
- data/vendor/libsodium/test/default/misuse.exp +0 -0
- data/vendor/libsodium/test/default/onetimeauth.c +2 -0
- data/vendor/libsodium/test/default/{pwhash.c → pwhash_argon2i.c} +133 -106
- data/vendor/libsodium/test/default/{pwhash.exp → pwhash_argon2i.exp} +0 -1
- data/vendor/libsodium/test/default/pwhash_argon2id.c +254 -144
- data/vendor/libsodium/test/default/pwhash_argon2id.exp +2 -3
- data/vendor/libsodium/test/default/pwhash_scrypt.c +61 -18
- data/vendor/libsodium/test/default/pwhash_scrypt.exp +6 -0
- data/vendor/libsodium/test/default/randombytes.c +8 -3
- data/vendor/libsodium/test/default/secretbox.c +8 -0
- data/vendor/libsodium/test/default/secretbox2.c +5 -0
- data/vendor/libsodium/test/default/secretbox_easy.c +19 -1
- data/vendor/libsodium/test/default/secretbox_easy.exp +2 -0
- data/vendor/libsodium/test/default/secretbox_easy2.c +4 -0
- data/vendor/libsodium/test/default/secretstream.c +280 -0
- data/vendor/libsodium/test/default/secretstream.exp +1 -0
- data/vendor/libsodium/test/default/sign.c +31 -0
- data/vendor/libsodium/test/default/sodium_core.c +23 -1
- data/vendor/libsodium/test/default/sodium_core.exp +1 -1
- data/vendor/libsodium/test/default/sodium_utils.c +45 -56
- data/vendor/libsodium/test/default/sodium_utils.exp +0 -8
- data/vendor/libsodium/test/default/stream.c +2 -0
- data/vendor/libsodium/test/default/stream2.c +1 -0
- data/vendor/libsodium/test/default/xchacha20.c +58 -7
- metadata +21 -18
- data/vendor/libsodium/dist-build/emscripten-wasm.sh +0 -132
- data/vendor/libsodium/m4/pkg.m4 +0 -214
- data/vendor/libsodium/packaging/dotnet-core/desktop.targets +0 -16
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/afternm_aes128ctr.c +0 -174
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/beforenm_aes128ctr.c +0 -66
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/common.h +0 -766
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/consts.h +0 -28
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/consts_aes128ctr.c +0 -28
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/int128.h +0 -50
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/int128_aes128ctr.c +0 -149
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/stream_aes128ctr_nacl.c +0 -31
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/nacl/xor_afternm_aes128ctr.c +0 -195
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/stream_aes128ctr.c +0 -19
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_aes128ctr.h +0 -65
@@ -5,6 +5,7 @@
|
|
5
5
|
#include <stdlib.h>
|
6
6
|
#include <string.h>
|
7
7
|
|
8
|
+
#include "core.h"
|
8
9
|
#include "crypto_core_hsalsa20.h"
|
9
10
|
#include "crypto_onetimeauth_poly1305.h"
|
10
11
|
#include "crypto_secretbox.h"
|
@@ -29,7 +30,7 @@ crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
|
|
29
30
|
if (((uintptr_t) c > (uintptr_t) m &&
|
30
31
|
(uintptr_t) c - (uintptr_t) m < mlen) ||
|
31
32
|
((uintptr_t) m > (uintptr_t) c &&
|
32
|
-
(uintptr_t) m - (uintptr_t) c < mlen)) {
|
33
|
+
(uintptr_t) m - (uintptr_t) c < mlen)) { /* LCOV_EXCL_LINE */
|
33
34
|
memmove(c, m, mlen);
|
34
35
|
m = c;
|
35
36
|
}
|
@@ -71,8 +72,8 @@ crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
|
|
71
72
|
unsigned long long mlen, const unsigned char *n,
|
72
73
|
const unsigned char *k)
|
73
74
|
{
|
74
|
-
if (mlen >
|
75
|
-
|
75
|
+
if (mlen > crypto_secretbox_MESSAGEBYTES_MAX) {
|
76
|
+
sodium_misuse();
|
76
77
|
}
|
77
78
|
return crypto_secretbox_detached(c + crypto_secretbox_MACBYTES,
|
78
79
|
c, m, mlen, n, k);
|
@@ -103,7 +104,7 @@ crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c,
|
|
103
104
|
if (((uintptr_t) c >= (uintptr_t) m &&
|
104
105
|
(uintptr_t) c - (uintptr_t) m < clen) ||
|
105
106
|
((uintptr_t) m >= (uintptr_t) c &&
|
106
|
-
(uintptr_t) m - (uintptr_t) c < clen)) {
|
107
|
+
(uintptr_t) m - (uintptr_t) c < clen)) { /* LCOV_EXCL_LINE */
|
107
108
|
memmove(m, c, clen);
|
108
109
|
c = m;
|
109
110
|
}
|
data/vendor/libsodium/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c
CHANGED
@@ -5,6 +5,7 @@
|
|
5
5
|
#include <stdlib.h>
|
6
6
|
#include <string.h>
|
7
7
|
|
8
|
+
#include "core.h"
|
8
9
|
#include "crypto_core_hchacha20.h"
|
9
10
|
#include "crypto_onetimeauth_poly1305.h"
|
10
11
|
#include "crypto_secretbox_xchacha20poly1305.h"
|
@@ -33,7 +34,7 @@ crypto_secretbox_xchacha20poly1305_detached(unsigned char *c,
|
|
33
34
|
if (((uintptr_t) c > (uintptr_t) m &&
|
34
35
|
(uintptr_t) c - (uintptr_t) m < mlen) ||
|
35
36
|
((uintptr_t) m > (uintptr_t) c &&
|
36
|
-
(uintptr_t) m - (uintptr_t) c < mlen)) {
|
37
|
+
(uintptr_t) m - (uintptr_t) c < mlen)) { /* LCOV_EXCL_LINE */
|
37
38
|
memmove(c, m, mlen);
|
38
39
|
m = c;
|
39
40
|
}
|
@@ -77,8 +78,8 @@ crypto_secretbox_xchacha20poly1305_easy(unsigned char *c,
|
|
77
78
|
const unsigned char *n,
|
78
79
|
const unsigned char *k)
|
79
80
|
{
|
80
|
-
if (mlen >
|
81
|
-
|
81
|
+
if (mlen > crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX) {
|
82
|
+
sodium_misuse();
|
82
83
|
}
|
83
84
|
return crypto_secretbox_xchacha20poly1305_detached
|
84
85
|
(c + crypto_secretbox_xchacha20poly1305_MACBYTES, c, m, mlen, n, k);
|
@@ -110,7 +111,7 @@ crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m,
|
|
110
111
|
if (((uintptr_t) c >= (uintptr_t) m &&
|
111
112
|
(uintptr_t) c - (uintptr_t) m < clen) ||
|
112
113
|
((uintptr_t) m >= (uintptr_t) c &&
|
113
|
-
(uintptr_t) m - (uintptr_t) c < clen)) {
|
114
|
+
(uintptr_t) m - (uintptr_t) c < clen)) { /* LCOV_EXCL_LINE */
|
114
115
|
memmove(m, c, clen);
|
115
116
|
c = m;
|
116
117
|
}
|
@@ -168,3 +169,9 @@ crypto_secretbox_xchacha20poly1305_macbytes(void)
|
|
168
169
|
{
|
169
170
|
return crypto_secretbox_xchacha20poly1305_MACBYTES;
|
170
171
|
}
|
172
|
+
|
173
|
+
size_t
|
174
|
+
crypto_secretbox_xchacha20poly1305_messagebytes_max(void)
|
175
|
+
{
|
176
|
+
return crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX;
|
177
|
+
}
|
data/vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c
CHANGED
@@ -76,6 +76,12 @@ crypto_secretbox_xsalsa20poly1305_macbytes(void)
|
|
76
76
|
return crypto_secretbox_xsalsa20poly1305_MACBYTES;
|
77
77
|
}
|
78
78
|
|
79
|
+
size_t
|
80
|
+
crypto_secretbox_xsalsa20poly1305_messagebytes_max(void)
|
81
|
+
{
|
82
|
+
return crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX;
|
83
|
+
}
|
84
|
+
|
79
85
|
void
|
80
86
|
crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES])
|
81
87
|
{
|
@@ -0,0 +1,311 @@
|
|
1
|
+
#include <stdint.h>
|
2
|
+
#include <stdlib.h>
|
3
|
+
#include <limits.h>
|
4
|
+
#include <string.h>
|
5
|
+
|
6
|
+
#include "core.h"
|
7
|
+
#include "crypto_aead_chacha20poly1305.h"
|
8
|
+
#include "crypto_aead_xchacha20poly1305.h"
|
9
|
+
#include "crypto_core_hchacha20.h"
|
10
|
+
#include "crypto_onetimeauth_poly1305.h"
|
11
|
+
#include "crypto_secretstream_xchacha20poly1305.h"
|
12
|
+
#include "randombytes.h"
|
13
|
+
#include "utils.h"
|
14
|
+
|
15
|
+
#include "private/common.h"
|
16
|
+
|
17
|
+
#define crypto_secretstream_xchacha20poly1305_COUNTERBYTES 4U
|
18
|
+
#define crypto_secretstream_xchacha20poly1305_INONCEBYTES 8U
|
19
|
+
|
20
|
+
#define STATE_COUNTER(STATE) ((STATE)->nonce)
|
21
|
+
#define STATE_INONCE(STATE) ((STATE)->nonce + \
|
22
|
+
crypto_secretstream_xchacha20poly1305_COUNTERBYTES)
|
23
|
+
|
24
|
+
static const unsigned char _pad0[16] = { 0 };
|
25
|
+
|
26
|
+
static inline void
|
27
|
+
_crypto_secretstream_xchacha20poly1305_counter_reset
|
28
|
+
(crypto_secretstream_xchacha20poly1305_state *state)
|
29
|
+
{
|
30
|
+
memset(STATE_COUNTER(state), 0,
|
31
|
+
crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
|
32
|
+
STATE_COUNTER(state)[0] = 1;
|
33
|
+
}
|
34
|
+
|
35
|
+
void
|
36
|
+
crypto_secretstream_xchacha20poly1305_keygen
|
37
|
+
(unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
|
38
|
+
{
|
39
|
+
randombytes_buf(k, crypto_secretstream_xchacha20poly1305_KEYBYTES);
|
40
|
+
}
|
41
|
+
|
42
|
+
int
|
43
|
+
crypto_secretstream_xchacha20poly1305_init_push
|
44
|
+
(crypto_secretstream_xchacha20poly1305_state *state,
|
45
|
+
unsigned char out[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
|
46
|
+
const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
|
47
|
+
{
|
48
|
+
COMPILER_ASSERT(crypto_secretstream_xchacha20poly1305_HEADERBYTES ==
|
49
|
+
crypto_core_hchacha20_INPUTBYTES +
|
50
|
+
crypto_secretstream_xchacha20poly1305_INONCEBYTES);
|
51
|
+
COMPILER_ASSERT(crypto_secretstream_xchacha20poly1305_HEADERBYTES ==
|
52
|
+
crypto_aead_xchacha20poly1305_ietf_NPUBBYTES);
|
53
|
+
COMPILER_ASSERT(sizeof state->nonce ==
|
54
|
+
crypto_secretstream_xchacha20poly1305_INONCEBYTES +
|
55
|
+
crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
|
56
|
+
|
57
|
+
randombytes_buf(out, crypto_secretstream_xchacha20poly1305_HEADERBYTES);
|
58
|
+
crypto_core_hchacha20(state->k, out, k, NULL);
|
59
|
+
_crypto_secretstream_xchacha20poly1305_counter_reset(state);
|
60
|
+
memcpy(STATE_INONCE(state), out + crypto_core_hchacha20_INPUTBYTES,
|
61
|
+
crypto_secretstream_xchacha20poly1305_INONCEBYTES);
|
62
|
+
memset(state->_pad, 0, sizeof state->_pad);
|
63
|
+
|
64
|
+
return 0;
|
65
|
+
}
|
66
|
+
|
67
|
+
int
|
68
|
+
crypto_secretstream_xchacha20poly1305_init_pull
|
69
|
+
(crypto_secretstream_xchacha20poly1305_state *state,
|
70
|
+
const unsigned char in[crypto_secretstream_xchacha20poly1305_HEADERBYTES],
|
71
|
+
const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES])
|
72
|
+
{
|
73
|
+
crypto_core_hchacha20(state->k, in, k, NULL);
|
74
|
+
_crypto_secretstream_xchacha20poly1305_counter_reset(state);
|
75
|
+
memcpy(STATE_INONCE(state), in + crypto_core_hchacha20_INPUTBYTES,
|
76
|
+
crypto_secretstream_xchacha20poly1305_INONCEBYTES);
|
77
|
+
memset(state->_pad, 0, sizeof state->_pad);
|
78
|
+
|
79
|
+
return 0;
|
80
|
+
}
|
81
|
+
|
82
|
+
void
|
83
|
+
crypto_secretstream_xchacha20poly1305_rekey
|
84
|
+
(crypto_secretstream_xchacha20poly1305_state *state)
|
85
|
+
{
|
86
|
+
unsigned char new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES +
|
87
|
+
crypto_secretstream_xchacha20poly1305_INONCEBYTES];
|
88
|
+
size_t i;
|
89
|
+
|
90
|
+
for (i = 0U; i < crypto_stream_chacha20_ietf_KEYBYTES; i++) {
|
91
|
+
new_key_and_inonce[i] = state->k[i];
|
92
|
+
}
|
93
|
+
for (i = 0U; i < crypto_secretstream_xchacha20poly1305_INONCEBYTES; i++) {
|
94
|
+
new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES + i] =
|
95
|
+
STATE_INONCE(state)[i];
|
96
|
+
}
|
97
|
+
crypto_stream_chacha20_ietf_xor(new_key_and_inonce, new_key_and_inonce,
|
98
|
+
sizeof new_key_and_inonce,
|
99
|
+
state->nonce, state->k);
|
100
|
+
for (i = 0U; i < crypto_stream_chacha20_ietf_KEYBYTES; i++) {
|
101
|
+
state->k[i] = new_key_and_inonce[i];
|
102
|
+
}
|
103
|
+
for (i = 0U; i < crypto_secretstream_xchacha20poly1305_INONCEBYTES; i++) {
|
104
|
+
STATE_INONCE(state)[i] =
|
105
|
+
new_key_and_inonce[crypto_stream_chacha20_ietf_KEYBYTES + i];
|
106
|
+
}
|
107
|
+
_crypto_secretstream_xchacha20poly1305_counter_reset(state);
|
108
|
+
}
|
109
|
+
|
110
|
+
int
|
111
|
+
crypto_secretstream_xchacha20poly1305_push
|
112
|
+
(crypto_secretstream_xchacha20poly1305_state *state,
|
113
|
+
unsigned char *out, unsigned long long *outlen_p,
|
114
|
+
const unsigned char *m, unsigned long long mlen,
|
115
|
+
const unsigned char *ad, unsigned long long adlen, unsigned char tag)
|
116
|
+
{
|
117
|
+
crypto_onetimeauth_poly1305_state poly1305_state;
|
118
|
+
unsigned char block[64U];
|
119
|
+
unsigned char slen[8U];
|
120
|
+
unsigned char *c;
|
121
|
+
unsigned char *mac;
|
122
|
+
|
123
|
+
if (outlen_p != NULL) {
|
124
|
+
*outlen_p = 0U;
|
125
|
+
}
|
126
|
+
if (mlen > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX) {
|
127
|
+
sodium_misuse();
|
128
|
+
}
|
129
|
+
crypto_stream_chacha20_ietf(block, sizeof block, state->nonce, state->k);
|
130
|
+
crypto_onetimeauth_poly1305_init(&poly1305_state, block);
|
131
|
+
sodium_memzero(block, sizeof block);
|
132
|
+
|
133
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, ad, adlen);
|
134
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, _pad0,
|
135
|
+
(0x10 - adlen) & 0xf);
|
136
|
+
memset(block, 0, sizeof block);
|
137
|
+
block[0] = tag;
|
138
|
+
|
139
|
+
crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block,
|
140
|
+
state->nonce, 1U, state->k);
|
141
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block);
|
142
|
+
out[0] = block[0];
|
143
|
+
|
144
|
+
c = out + (sizeof tag);
|
145
|
+
crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, state->nonce, 2U, state->k);
|
146
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, c, mlen);
|
147
|
+
crypto_onetimeauth_poly1305_update
|
148
|
+
(&poly1305_state, _pad0, (0x10 - (sizeof block) + mlen) & 0xf);
|
149
|
+
|
150
|
+
STORE64_LE(slen, (uint64_t) adlen);
|
151
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
|
152
|
+
STORE64_LE(slen, (sizeof block) + mlen);
|
153
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
|
154
|
+
|
155
|
+
mac = c + mlen;
|
156
|
+
crypto_onetimeauth_poly1305_final(&poly1305_state, mac);
|
157
|
+
sodium_memzero(&poly1305_state, sizeof poly1305_state);
|
158
|
+
|
159
|
+
COMPILER_ASSERT(crypto_onetimeauth_poly1305_BYTES >=
|
160
|
+
crypto_secretstream_xchacha20poly1305_INONCEBYTES);
|
161
|
+
XOR_BUF(STATE_INONCE(state), mac,
|
162
|
+
crypto_secretstream_xchacha20poly1305_INONCEBYTES);
|
163
|
+
sodium_increment(STATE_COUNTER(state),
|
164
|
+
crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
|
165
|
+
if ((tag & crypto_secretstream_xchacha20poly1305_TAG_REKEY) != 0 ||
|
166
|
+
sodium_is_zero(STATE_COUNTER(state),
|
167
|
+
crypto_secretstream_xchacha20poly1305_COUNTERBYTES)) {
|
168
|
+
crypto_secretstream_xchacha20poly1305_rekey(state);
|
169
|
+
}
|
170
|
+
if (outlen_p != NULL) {
|
171
|
+
*outlen_p = crypto_secretstream_xchacha20poly1305_ABYTES + mlen;
|
172
|
+
}
|
173
|
+
return 0;
|
174
|
+
}
|
175
|
+
|
176
|
+
int
|
177
|
+
crypto_secretstream_xchacha20poly1305_pull
|
178
|
+
(crypto_secretstream_xchacha20poly1305_state *state,
|
179
|
+
unsigned char *m, unsigned long long *mlen_p, unsigned char *tag_p,
|
180
|
+
const unsigned char *in, unsigned long long inlen,
|
181
|
+
const unsigned char *ad, unsigned long long adlen)
|
182
|
+
{
|
183
|
+
crypto_onetimeauth_poly1305_state poly1305_state;
|
184
|
+
unsigned char block[64U];
|
185
|
+
unsigned char slen[8U];
|
186
|
+
unsigned char mac[crypto_onetimeauth_poly1305_BYTES];
|
187
|
+
const unsigned char *c;
|
188
|
+
const unsigned char *stored_mac;
|
189
|
+
unsigned long long mlen;
|
190
|
+
unsigned char tag;
|
191
|
+
|
192
|
+
if (mlen_p != NULL) {
|
193
|
+
*mlen_p = 0U;
|
194
|
+
}
|
195
|
+
if (tag_p != NULL) {
|
196
|
+
*tag_p = 0xff;
|
197
|
+
}
|
198
|
+
if (inlen < crypto_secretstream_xchacha20poly1305_ABYTES) {
|
199
|
+
return -1;
|
200
|
+
}
|
201
|
+
mlen = inlen - crypto_secretstream_xchacha20poly1305_ABYTES;
|
202
|
+
if (mlen > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX) {
|
203
|
+
sodium_misuse();
|
204
|
+
}
|
205
|
+
crypto_stream_chacha20_ietf(block, sizeof block, state->nonce, state->k);
|
206
|
+
crypto_onetimeauth_poly1305_init(&poly1305_state, block);
|
207
|
+
sodium_memzero(block, sizeof block);
|
208
|
+
|
209
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, ad, adlen);
|
210
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, _pad0,
|
211
|
+
(0x10 - adlen) & 0xf);
|
212
|
+
|
213
|
+
memset(block, 0, sizeof block);
|
214
|
+
block[0] = in[0];
|
215
|
+
crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block,
|
216
|
+
state->nonce, 1U, state->k);
|
217
|
+
tag = block[0];
|
218
|
+
block[0] = in[0];
|
219
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block);
|
220
|
+
|
221
|
+
c = in + (sizeof tag);
|
222
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, c, mlen);
|
223
|
+
crypto_onetimeauth_poly1305_update
|
224
|
+
(&poly1305_state, _pad0, (0x10 - (sizeof block) + mlen) & 0xf);
|
225
|
+
|
226
|
+
STORE64_LE(slen, (uint64_t) adlen);
|
227
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
|
228
|
+
STORE64_LE(slen, (sizeof block) + mlen);
|
229
|
+
crypto_onetimeauth_poly1305_update(&poly1305_state, slen, sizeof slen);
|
230
|
+
|
231
|
+
crypto_onetimeauth_poly1305_final(&poly1305_state, mac);
|
232
|
+
sodium_memzero(&poly1305_state, sizeof poly1305_state);
|
233
|
+
|
234
|
+
stored_mac = c + mlen;
|
235
|
+
if (sodium_memcmp(mac, stored_mac, sizeof mac) != 0) {
|
236
|
+
sodium_memzero(mac, sizeof mac);
|
237
|
+
return -1;
|
238
|
+
}
|
239
|
+
|
240
|
+
crypto_stream_chacha20_ietf_xor_ic(m, c, mlen, state->nonce, 2U, state->k);
|
241
|
+
XOR_BUF(STATE_INONCE(state), mac,
|
242
|
+
crypto_secretstream_xchacha20poly1305_INONCEBYTES);
|
243
|
+
sodium_increment(STATE_COUNTER(state),
|
244
|
+
crypto_secretstream_xchacha20poly1305_COUNTERBYTES);
|
245
|
+
if ((tag & crypto_secretstream_xchacha20poly1305_TAG_REKEY) != 0 ||
|
246
|
+
sodium_is_zero(STATE_COUNTER(state),
|
247
|
+
crypto_secretstream_xchacha20poly1305_COUNTERBYTES)) {
|
248
|
+
crypto_secretstream_xchacha20poly1305_rekey(state);
|
249
|
+
}
|
250
|
+
if (mlen_p != NULL) {
|
251
|
+
*mlen_p = mlen;
|
252
|
+
}
|
253
|
+
if (tag_p != NULL) {
|
254
|
+
*tag_p = tag;
|
255
|
+
}
|
256
|
+
return 0;
|
257
|
+
}
|
258
|
+
|
259
|
+
size_t
|
260
|
+
crypto_secretstream_xchacha20poly1305_statebytes(void)
|
261
|
+
{
|
262
|
+
return sizeof(crypto_secretstream_xchacha20poly1305_state);
|
263
|
+
}
|
264
|
+
|
265
|
+
size_t
|
266
|
+
crypto_secretstream_xchacha20poly1305_abytes(void)
|
267
|
+
{
|
268
|
+
return crypto_secretstream_xchacha20poly1305_ABYTES;
|
269
|
+
}
|
270
|
+
|
271
|
+
size_t
|
272
|
+
crypto_secretstream_xchacha20poly1305_headerbytes(void)
|
273
|
+
{
|
274
|
+
return crypto_secretstream_xchacha20poly1305_HEADERBYTES;
|
275
|
+
}
|
276
|
+
|
277
|
+
size_t
|
278
|
+
crypto_secretstream_xchacha20poly1305_keybytes(void)
|
279
|
+
{
|
280
|
+
return crypto_secretstream_xchacha20poly1305_KEYBYTES;
|
281
|
+
}
|
282
|
+
|
283
|
+
size_t
|
284
|
+
crypto_secretstream_xchacha20poly1305_messagebytes_max(void)
|
285
|
+
{
|
286
|
+
return crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX;
|
287
|
+
}
|
288
|
+
|
289
|
+
unsigned char
|
290
|
+
crypto_secretstream_xchacha20poly1305_tag_message(void)
|
291
|
+
{
|
292
|
+
return crypto_secretstream_xchacha20poly1305_TAG_MESSAGE;
|
293
|
+
}
|
294
|
+
|
295
|
+
unsigned char
|
296
|
+
crypto_secretstream_xchacha20poly1305_tag_push(void)
|
297
|
+
{
|
298
|
+
return crypto_secretstream_xchacha20poly1305_TAG_PUSH;
|
299
|
+
}
|
300
|
+
|
301
|
+
unsigned char
|
302
|
+
crypto_secretstream_xchacha20poly1305_tag_rekey(void)
|
303
|
+
{
|
304
|
+
return crypto_secretstream_xchacha20poly1305_TAG_REKEY;
|
305
|
+
}
|
306
|
+
|
307
|
+
unsigned char
|
308
|
+
crypto_secretstream_xchacha20poly1305_tag_final(void)
|
309
|
+
{
|
310
|
+
return crypto_secretstream_xchacha20poly1305_TAG_FINAL;
|
311
|
+
}
|
@@ -4,6 +4,7 @@
|
|
4
4
|
#include "crypto_hash_sha512.h"
|
5
5
|
#include "crypto_scalarmult_curve25519.h"
|
6
6
|
#include "crypto_sign_ed25519.h"
|
7
|
+
#include "ed25519_ref10.h"
|
7
8
|
#include "private/curve25519_ref10.h"
|
8
9
|
#include "randombytes.h"
|
9
10
|
#include "utils.h"
|
@@ -46,10 +47,16 @@ crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
|
|
46
47
|
const unsigned char *ed25519_pk)
|
47
48
|
{
|
48
49
|
ge_p3 A;
|
50
|
+
ge_p3 pl;
|
49
51
|
fe x;
|
50
52
|
fe one_minus_y;
|
51
53
|
|
52
|
-
if (
|
54
|
+
if (_crypto_sign_ed25519_small_order(ed25519_pk) ||
|
55
|
+
ge_frombytes_negate_vartime(&A, ed25519_pk) != 0) {
|
56
|
+
return -1;
|
57
|
+
}
|
58
|
+
ge_mul_l(&pl, &A);
|
59
|
+
if (fe_isnonzero(pl.X)) {
|
53
60
|
return -1;
|
54
61
|
}
|
55
62
|
fe_1(one_minus_y);
|
@@ -71,7 +78,7 @@ crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
|
|
71
78
|
|
72
79
|
crypto_hash_sha512(h, ed25519_sk,
|
73
80
|
crypto_sign_ed25519_SECRETKEYBYTES -
|
74
|
-
|
81
|
+
crypto_sign_ed25519_PUBLICKEYBYTES);
|
75
82
|
h[0] &= 248;
|
76
83
|
h[31] &= 127;
|
77
84
|
h[31] |= 64;
|