RubyGems - rbnacl-libsodium - Versions diffs - 1.0.15.1 → 1.0.16 - Mend

rbnacl-libsodium 1.0.15.1 → 1.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

data/vendor/libsodium/src/libsodium/crypto_core/ed25519/ref10/fe_51/base2.h ADDED

@@ -0,0 +1,40 @@
+{
+  { 1288382639258501, 245678601348599, 269427782077623, 1462984067271730, 137412439391563 },
+  { 62697248952638, 204681361388450, 631292143396476, 338455783676468, 1213667448819585 },
+  { 301289933810280, 1259582250014073, 1422107436869536, 796239922652654, 1953934009299142 }
+},
+{
+  { 1601611775252272, 1720807796594148, 1132070835939856, 1260455018889551, 2147779492816911 },
+  { 316559037616741, 2177824224946892, 1459442586438991, 1461528397712656, 751590696113597 },
+  { 1850748884277385, 1200145853858453, 1068094770532492, 672251375690438, 1586055907191707 }
+},
+{
+  { 769950342298419, 132954430919746, 844085933195555, 974092374476333, 726076285546016 },
+  { 425251763115706, 608463272472562, 442562545713235, 837766094556764, 374555092627893 },
+  { 1086255230780037, 274979815921559, 1960002765731872, 929474102396301, 1190409889297339 }
+},
+{
+  { 665000864555967, 2065379846933859, 370231110385876, 350988370788628, 1233371373142985 },
+  { 2019367628972465, 676711900706637, 110710997811333, 1108646842542025, 517791959672113 },
+  { 965130719900578, 247011430587952, 526356006571389, 91986625355052, 2157223321444601 }
+},
+{
+  { 1802695059465007, 1664899123557221, 593559490740857, 2160434469266659, 927570450755031 },
+  { 1725674970513508, 1933645953859181, 1542344539275782, 1767788773573747, 1297447965928905 },
+  { 1381809363726107, 1430341051343062, 2061843536018959, 1551778050872521, 2036394857967624 }
+},
+{
+  { 1970894096313054, 528066325833207, 1619374932191227, 2207306624415883, 1169170329061080 },
+  { 2070390218572616, 1458919061857835, 624171843017421, 1055332792707765, 433987520732508 },
+  { 893653801273833, 1168026499324677, 1242553501121234, 1306366254304474, 1086752658510815 }
+},
+{
+  { 213454002618221, 939771523987438, 1159882208056014, 317388369627517, 621213314200687 },
+  { 1971678598905747, 338026507889165, 762398079972271, 655096486107477, 42299032696322 },
+  { 177130678690680, 1754759263300204, 1864311296286618, 1180675631479880, 1292726903152791 }
+},
+{
+  { 1913163449625248, 460779200291993, 2193883288642314, 1008900146920800, 1721983679009502 },
+  { 1070401523076875, 1272492007800961, 1910153608563310, 2075579521696771, 1191169788841221 },
+  { 692896803108118, 500174642072499, 2068223309439677, 1162190621851337, 1426986007309901 }
+}

data/vendor/libsodium/src/libsodium/crypto_core/ed25519/ref10/fe_51/constants.h ADDED

@@ -0,0 +1,21 @@
+/* 37095705934669439343138083508754565189542113879843219016388785533085940283555 */
+static const fe25519 d = {
+    929955233495203, 466365720129213, 1662059464998953, 2033849074728123, 1442794654840575
+};
+/* 2 * d =
+ * 16295367250680780974490674513165176452449235426866156013048779062215315747161
+ */
+static const fe25519 d2 = {
+    1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 633789495995903
+};
+/* sqrt(-1) */
+static const fe25519 sqrtm1 = {
+    1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133
+};
+/* A = 486662 */
+static const fe25519 curve25519_A = {
+    486662, 0, 0, 0, 0
+};

data/vendor/libsodium/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h ADDED

@@ -0,0 +1,116 @@
+/*
+ Ignores top bit of h.
+ */
+void
+fe25519_frombytes(fe25519 h, const unsigned char *s)
+{
+    const uint64_t mask = 0x7ffffffffffffULL;
+    uint64_t h0, h1, h2, h3, h4;
+    h0 = (LOAD64_LE(s     )      ) & mask;
+    h1 = (LOAD64_LE(s +  6) >>  3) & mask;
+    h2 = (LOAD64_LE(s + 12) >>  6) & mask;
+    h3 = (LOAD64_LE(s + 19) >>  1) & mask;
+    h4 = (LOAD64_LE(s + 24) >> 12) & mask;
+    h[0] = h0;
+    h[1] = h1;
+    h[2] = h2;
+    h[3] = h3;
+    h[4] = h4;
+}
+static void
+fe25519_reduce(fe25519 h, const fe25519 f)
+{
+    const uint64_t mask = 0x7ffffffffffffULL;
+    uint128_t t[5];
+    t[0] = f[0];
+    t[1] = f[1];
+    t[2] = f[2];
+    t[3] = f[3];
+    t[4] = f[4];
+    t[1] += t[0] >> 51;
+    t[0] &= mask;
+    t[2] += t[1] >> 51;
+    t[1] &= mask;
+    t[3] += t[2] >> 51;
+    t[2] &= mask;
+    t[4] += t[3] >> 51;
+    t[3] &= mask;
+    t[0] += 19 * (t[4] >> 51);
+    t[4] &= mask;
+    t[1] += t[0] >> 51;
+    t[0] &= mask;
+    t[2] += t[1] >> 51;
+    t[1] &= mask;
+    t[3] += t[2] >> 51;
+    t[2] &= mask;
+    t[4] += t[3] >> 51;
+    t[3] &= mask;
+    t[0] += 19 * (t[4] >> 51);
+    t[4] &= mask;
+    /* now t is between 0 and 2^255-1, properly carried. */
+    /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */
+    t[0] += 19ULL;
+    t[1] += t[0] >> 51;
+    t[0] &= mask;
+    t[2] += t[1] >> 51;
+    t[1] &= mask;
+    t[3] += t[2] >> 51;
+    t[2] &= mask;
+    t[4] += t[3] >> 51;
+    t[3] &= mask;
+    t[0] += 19ULL * (t[4] >> 51);
+    t[4] &= mask;
+    /* now between 19 and 2^255-1 in both cases, and offset by 19. */
+    t[0] += 0x8000000000000 - 19ULL;
+    t[1] += 0x8000000000000 - 1ULL;
+    t[2] += 0x8000000000000 - 1ULL;
+    t[3] += 0x8000000000000 - 1ULL;
+    t[4] += 0x8000000000000 - 1ULL;
+    /* now between 2^255 and 2^256-20, and offset by 2^255. */
+    t[1] += t[0] >> 51;
+    t[0] &= mask;
+    t[2] += t[1] >> 51;
+    t[1] &= mask;
+    t[3] += t[2] >> 51;
+    t[2] &= mask;
+    t[4] += t[3] >> 51;
+    t[3] &= mask;
+    t[4] &= mask;
+    h[0] = t[0];
+    h[1] = t[1];
+    h[2] = t[2];
+    h[3] = t[3];
+    h[4] = t[4];
+}
+void
+fe25519_tobytes(unsigned char *s, const fe25519 h)
+{
+    fe25519  t;
+    uint64_t t0, t1, t2, t3;
+    fe25519_reduce(t, h);
+    t0 = t[0] | (t[1] << 51);
+    t1 = (t[1] >> 13) | (t[2] << 38);
+    t2 = (t[2] >> 26) | (t[3] << 25);
+    t3 = (t[3] >> 39) | (t[4] << 12);
+    STORE64_LE(s +  0, t0);
+    STORE64_LE(s +  8, t1);
+    STORE64_LE(s + 16, t2);
+    STORE64_LE(s + 24, t3);
+}

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2b/ref/blake2.h CHANGED

@@ -76,7 +76,7 @@ typedef crypto_generichash_blake2b_state blake2b_state;
 /* Streaming API */
 int blake2b_init(blake2b_state *S, const uint8_t outlen);
 int blake2b_init_salt_personal(blake2b_state *S, const uint8_t outlen,
-                               const void *personal, const void *salt);
+                               const void *salt, const void *personal);
 int blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key,
                      const uint8_t keylen);
 int blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen,

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ref.c CHANGED

@@ -83,8 +83,9 @@ blake2b_compress_ref(blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES])
     ROUND(10);
     ROUND(11);
-    for (i      = 0; i < 8; ++i)
+    for (i = 0; i < 8; ++i) {
         S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
+    }
 #undef G
 #undef ROUND

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c CHANGED

@@ -25,14 +25,6 @@
 #include "runtime.h"
 #include "utils.h"
-#ifdef HAVE_TI_MODE
-# if defined(__SIZEOF_INT128__)
-typedef unsigned __int128 uint128_t;
-# else
-typedef unsigned uint128_t __attribute__((mode(TI)));
-# endif
-#endif
 static blake2b_compress_fn blake2b_compress = blake2b_compress_ref;
 static const uint64_t blake2b_IV[8] = {
@@ -49,13 +41,6 @@ blake2b_set_lastnode(blake2b_state *S)
     return 0;
 }
 /* LCOV_EXCL_STOP */
-#if 0
-static inline int blake2b_clear_lastnode( blake2b_state *S )
-{
-  S->f[1] = 0;
-  return 0;
-}
-#endif
 static inline int
 blake2b_is_lastblock(const blake2b_state *S)
@@ -72,15 +57,7 @@ blake2b_set_lastblock(blake2b_state *S)
     S->f[0] = -1;
     return 0;
 }
-#if 0
-static inline int blake2b_clear_lastblock( blake2b_state *S )
-{
-  if( S->last_node ) blake2b_clear_lastnode( S );
-  S->f[0] = 0;
-  return 0;
-}
-#endif
 static inline int
 blake2b_increment_counter(blake2b_state *S, const uint64_t inc)
 {
@@ -97,51 +74,6 @@ blake2b_increment_counter(blake2b_state *S, const uint64_t inc)
 }
 /* Parameter-related functions */
-#if 0
-/* Redundant: digest length is directly set in blake2b_init(), blake2b_init_salt_personal(),
- * blake2b_init_key() and blake2b_init_key_salt_personal() */
-static inline int blake2b_param_set_digest_length( blake2b_param *P, const uint8_t digest_length )
-{
-  P->digest_length = digest_length;
-  return 0;
-}
-static inline int blake2b_param_set_fanout( blake2b_param *P, const uint8_t fanout )
-{
-  P->fanout = fanout;
-  return 0;
-}
-static inline int blake2b_param_set_max_depth( blake2b_param *P, const uint8_t depth )
-{
-  P->depth = depth;
-  return 0;
-}
-static inline int blake2b_param_set_leaf_length( blake2b_param *P, const uint32_t leaf_length )
-{
-  STORE32_LE( P->leaf_length, leaf_length );
-  return 0;
-}
-static inline int blake2b_param_set_node_offset( blake2b_param *P, const uint64_t node_offset )
-{
-  STORE64_LE( P->node_offset, node_offset );
-  return 0;
-}
-static inline int blake2b_param_set_node_depth( blake2b_param *P, const uint8_t node_depth )
-{
-  P->node_depth = node_depth;
-  return 0;
-}
-static inline int blake2b_param_set_inner_length( blake2b_param *P, const uint8_t inner_length )
-{
-  P->inner_length = inner_length;
-  return 0;
-}
-#endif
 static inline int
 blake2b_param_set_salt(blake2b_param *P, const uint8_t salt[BLAKE2B_SALTBYTES])
 {
@@ -271,7 +203,7 @@ blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key,
     {
         uint8_t block[BLAKE2B_BLOCKBYTES];
         memset(block, 0, BLAKE2B_BLOCKBYTES);
-        memcpy(block, key, keylen);
+        memcpy(block, key, keylen); /* keylen cannot be 0 */
         blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
         sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */
     }
@@ -317,7 +249,7 @@ blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen,
     {
         uint8_t block[BLAKE2B_BLOCKBYTES];
         memset(block, 0, BLAKE2B_BLOCKBYTES);
-        memcpy(block, key, keylen);
+        memcpy(block, key, keylen); /* keylen cannot be 0 */
         blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
         sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */
     }
@@ -357,6 +289,8 @@ blake2b_update(blake2b_state *S, const uint8_t *in, uint64_t inlen)
 int
 blake2b_final(blake2b_state *S, uint8_t *out, uint8_t outlen)
 {
+    unsigned char buffer[BLAKE2B_OUTBYTES];
     if (!outlen || outlen > BLAKE2B_OUTBYTES) {
         sodium_misuse();
     }
@@ -377,19 +311,17 @@ blake2b_final(blake2b_state *S, uint8_t *out, uint8_t outlen)
            2 * BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */
     blake2b_compress(S, S->buf);
-#ifdef NATIVE_LITTLE_ENDIAN
-    memcpy(out, &S->h[0], outlen);
-#else
-    {
-        uint8_t buffer[BLAKE2B_OUTBYTES];
-        int     i;
+    COMPILER_ASSERT(sizeof buffer == 64U);
+    STORE64_LE(buffer + 8 * 0, S->h[0]);
+    STORE64_LE(buffer + 8 * 1, S->h[1]);
+    STORE64_LE(buffer + 8 * 2, S->h[2]);
+    STORE64_LE(buffer + 8 * 3, S->h[3]);
+    STORE64_LE(buffer + 8 * 4, S->h[4]);
+    STORE64_LE(buffer + 8 * 5, S->h[5]);
+    STORE64_LE(buffer + 8 * 6, S->h[6]);
+    STORE64_LE(buffer + 8 * 7, S->h[7]);
+    memcpy(out, buffer, outlen); /* outlen <= BLAKE2B_OUTBYTES (64) */
-        for (i = 0; i < 8; i++) { /* Output full hash to temp buffer */
-            STORE64_LE(buffer + sizeof(S->h[i]) * i, S->h[i]);
-        }
-        memcpy(out, buffer, outlen);
-    }
-#endif
     sodium_memzero(S->h, sizeof S->h);
     sodium_memzero(S->buf, sizeof S->buf);

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c CHANGED

@@ -5,6 +5,7 @@
 #include "blake2.h"
 #include "crypto_generichash_blake2b.h"
+#include "private/implementations.h"
 int
 crypto_generichash_blake2b(unsigned char *out, size_t outlen,

data/vendor/libsodium/src/libsodium/crypto_hash/sha256/cp/hash_sha256_cp.c CHANGED

@@ -153,10 +153,10 @@ static const uint8_t PAD[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 static void
 SHA256_Pad(crypto_hash_sha256_state *state, uint32_t tmp32[64 + 8])
 {
-    uint64_t r;
-    uint64_t i;
+    unsigned int r;
+    unsigned int i;
-    r = (state->count >> 3) & 0x3f;
+    r = (unsigned int) ((state->count >> 3) & 0x3f);
     if (r < 56) {
         for (i = 0; i < 56 - r; i++) {
             state->buf[r + i] = PAD[i];

data/vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c CHANGED

@@ -172,10 +172,10 @@ static const uint8_t PAD[128] = {
 static void
 SHA512_Pad(crypto_hash_sha512_state *state, uint64_t tmp64[80 + 8])
 {
-    uint64_t r;
-    uint64_t i;
+    unsigned int r;
+    unsigned int i;
-    r = (state->count[1] >> 3) & 0x7f;
+    r = (unsigned int) ((state->count[1] >> 3) & 0x7f);
     if (r < 112) {
         for (i = 0; i < 112 - r; i++) {
             state->buf[r + i] = PAD[i];

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h CHANGED

@@ -3,11 +3,7 @@
    and 128 bit addition
 */
-#if defined(__SIZEOF_INT128__)
-typedef unsigned __int128 uint128_t;
-#else
-typedef unsigned uint128_t __attribute__((mode(TI)));
-#endif
+#include "private/common.h"
 #define MUL(out, x, y) out = ((uint128_t) x * y)
 #define ADD(out, in) out += in
@@ -23,8 +19,6 @@ typedef unsigned uint128_t __attribute__((mode(TI)));
 # define POLY1305_NOINLINE
 #endif
-#include "private/common.h"
 #define poly1305_block_size 16
 /* 17 + sizeof(unsigned long long) + 8*sizeof(unsigned long long) */

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c CHANGED

@@ -2,6 +2,7 @@
 #include "onetimeauth_poly1305.h"
 #include "crypto_onetimeauth_poly1305.h"
 #include "private/common.h"
+#include "private/implementations.h"
 #include "randombytes.h"
 #include "runtime.h"

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c CHANGED

@@ -19,12 +19,6 @@
 typedef __m128i xmmi;
-# if defined(__SIZEOF_INT128__)
-typedef unsigned __int128 uint128_t;
-# else
-typedef unsigned uint128_t __attribute__((mode(TI)));
-# endif
 # if defined(_MSC_VER)
 #  define POLY1305_NOINLINE __declspec(noinline)
 # elif defined(__GNUC__)

data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-core.c CHANGED

@@ -24,6 +24,7 @@
 #include "crypto_generichash_blake2b.h"
 #include "private/common.h"
+#include "private/implementations.h"
 #include "runtime.h"
 #include "utils.h"
@@ -33,6 +34,12 @@
 #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
 # define MAP_ANON MAP_ANONYMOUS
 #endif
+#ifndef MAP_NOCORE
+# define MAP_NOCORE 0
+#endif
+#ifndef MAP_POPULATE
+# define MAP_POPULATE 0
+#endif
 static fill_segment_fn fill_segment = fill_segment_ref;
@@ -87,11 +94,7 @@ allocate_memory(block_region **region, uint32_t m_cost)
 #if defined(MAP_ANON) && defined(HAVE_MMAP)
     if ((base = mmap(NULL, memory_size, PROT_READ | PROT_WRITE,
-#ifdef MAP_NOCORE
-                     MAP_ANON | MAP_PRIVATE | MAP_NOCORE,
-#else
-                     MAP_ANON | MAP_PRIVATE,
-#endif
+                     MAP_ANON | MAP_PRIVATE | MAP_NOCORE | MAP_POPULATE,
                      -1, 0)) == MAP_FAILED) {
         base = NULL; /* LCOV_EXCL_LINE */
     }                /* LCOV_EXCL_LINE */
@@ -214,100 +217,24 @@ finalize(const argon2_context *context, argon2_instance_t *instance)
     }
 }
-uint32_t
-index_alpha(const argon2_instance_t *instance,
-            const argon2_position_t *position, uint32_t pseudo_rand,
-            int same_lane)
-{
-    /*
-     * Pass 0:
-     *      This lane : all already finished segments plus already constructed
-     * blocks in this segment
-     *      Other lanes : all already finished segments
-     * Pass 1+:
-     *      This lane : (SYNC_POINTS - 1) last segments plus already constructed
-     * blocks in this segment
-     *      Other lanes : (SYNC_POINTS - 1) last segments
-     */
-    uint32_t reference_area_size;
-    uint64_t relative_position;
-    uint32_t start_position, absolute_position;
-    if (position->pass == 0) {
-        /* First pass */
-        if (position->slice == 0) {
-            /* First slice */
-            reference_area_size =
-                position->index - 1; /* all but the previous */
-        } else {
-            if (same_lane) {
-                /* The same lane => add current segment */
-                reference_area_size =
-                    position->slice * instance->segment_length +
-                    position->index - 1;
-            } else {
-                reference_area_size =
-                    position->slice * instance->segment_length +
-                    ((position->index == 0) ? (-1) : 0);
-            }
-        }
-    } else {
-        /* Second pass */
-        if (same_lane) {
-            reference_area_size = instance->lane_length -
-                                  instance->segment_length + position->index -
-                                  1;
-        } else {
-            reference_area_size = instance->lane_length -
-                                  instance->segment_length +
-                                  ((position->index == 0) ? (-1) : 0);
-        }
-    }
-    /* 1.2.4. Mapping pseudo_rand to 0..<reference_area_size-1> and produce
-     * relative position */
-    relative_position = pseudo_rand;
-    relative_position = relative_position * relative_position >> 32;
-    relative_position = reference_area_size - 1 -
-                        (reference_area_size * relative_position >> 32);
-    /* 1.2.5 Computing starting position */
-    start_position = 0;
-    if (position->pass != 0) {
-        start_position = (position->slice == ARGON2_SYNC_POINTS - 1)
-                             ? 0
-                             : (position->slice + 1) * instance->segment_length;
-    }
-    /* 1.2.6. Computing absolute position */
-    absolute_position = (start_position + relative_position) %
-                        instance->lane_length; /* absolute position */
-    return absolute_position;
-}
 void
-fill_memory_blocks(argon2_instance_t *instance)
+fill_memory_blocks(argon2_instance_t *instance, uint32_t pass)
 {
-    uint32_t r, s;
+    argon2_position_t position;
+    uint32_t l;
+    uint32_t s;
     if (instance == NULL || instance->lanes == 0) {
         return; /* LCOV_EXCL_LINE */
     }
-    for (r = 0; r < instance->passes; ++r) {
-        for (s = 0; s < ARGON2_SYNC_POINTS; ++s) {
-            uint32_t l;
-            for (l = 0; l < instance->lanes; ++l) {
-                argon2_position_t position;
-                position.pass  = r;
-                position.lane  = l;
-                position.slice = (uint8_t) s;
-                position.index = 0;
-                fill_segment(instance, position);
-            }
+    position.pass = pass;
+    for (s = 0; s < ARGON2_SYNC_POINTS; ++s) {
+        position.slice = (uint8_t) s;
+        for (l = 0; l < instance->lanes; ++l) {
+            position.lane  = l;
+            position.index = 0;
+            fill_segment(instance, position);
         }
     }
 }