RubyGems - rbnacl-libsodium - Versions diffs - 1.0.15.1 → 1.0.16 - Mend

rbnacl-libsodium 1.0.15.1 → 1.0.16

Files changed (157) hide show

data/vendor/libsodium/src/libsodium/crypto_core/ed25519/ref10/fe_51/base2.h ADDED

@@ -0,0 +1,40 @@
+{
+  { 1288382639258501, 245678601348599, 269427782077623, 1462984067271730, 137412439391563 },
+  { 62697248952638, 204681361388450, 631292143396476, 338455783676468, 1213667448819585 },
+  { 301289933810280, 1259582250014073, 1422107436869536, 796239922652654, 1953934009299142 }
+},
+{
+  { 1601611775252272, 1720807796594148, 1132070835939856, 1260455018889551, 2147779492816911 },
+  { 316559037616741, 2177824224946892, 1459442586438991, 1461528397712656, 751590696113597 },
+  { 1850748884277385, 1200145853858453, 1068094770532492, 672251375690438, 1586055907191707 }
+},
+{
+  { 769950342298419, 132954430919746, 844085933195555, 974092374476333, 726076285546016 },
+  { 425251763115706, 608463272472562, 442562545713235, 837766094556764, 374555092627893 },
+  { 1086255230780037, 274979815921559, 1960002765731872, 929474102396301, 1190409889297339 }
+},
+{
+  { 665000864555967, 2065379846933859, 370231110385876, 350988370788628, 1233371373142985 },
+  { 2019367628972465, 676711900706637, 110710997811333, 1108646842542025, 517791959672113 },
+  { 965130719900578, 247011430587952, 526356006571389, 91986625355052, 2157223321444601 }
+},
+{
+  { 1802695059465007, 1664899123557221, 593559490740857, 2160434469266659, 927570450755031 },
+  { 1725674970513508, 1933645953859181, 1542344539275782, 1767788773573747, 1297447965928905 },
+  { 1381809363726107, 1430341051343062, 2061843536018959, 1551778050872521, 2036394857967624 }
+},
+{
+  { 1970894096313054, 528066325833207, 1619374932191227, 2207306624415883, 1169170329061080 },
+  { 2070390218572616, 1458919061857835, 624171843017421, 1055332792707765, 433987520732508 },
+  { 893653801273833, 1168026499324677, 1242553501121234, 1306366254304474, 1086752658510815 }
+},
+{
+  { 213454002618221, 939771523987438, 1159882208056014, 317388369627517, 621213314200687 },
+  { 1971678598905747, 338026507889165, 762398079972271, 655096486107477, 42299032696322 },
+  { 177130678690680, 1754759263300204, 1864311296286618, 1180675631479880, 1292726903152791 }
+},
+{
+  { 1913163449625248, 460779200291993, 2193883288642314, 1008900146920800, 1721983679009502 },
+  { 1070401523076875, 1272492007800961, 1910153608563310, 2075579521696771, 1191169788841221 },
+  { 692896803108118, 500174642072499, 2068223309439677, 1162190621851337, 1426986007309901 }
+}

data/vendor/libsodium/src/libsodium/crypto_core/ed25519/ref10/fe_51/constants.h ADDED

@@ -0,0 +1,21 @@
+/* 37095705934669439343138083508754565189542113879843219016388785533085940283555 */
+static const fe25519 d = {
+    929955233495203, 466365720129213, 1662059464998953, 2033849074728123, 1442794654840575
+};
+/* 2 * d =
+ * 16295367250680780974490674513165176452449235426866156013048779062215315747161
+ */
+static const fe25519 d2 = {
+    1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 633789495995903
+};
+/* sqrt(-1) */
+static const fe25519 sqrtm1 = {
+    1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133
+};
+/* A = 486662 */
+static const fe25519 curve25519_A = {
+    486662, 0, 0, 0, 0
+};

data/vendor/libsodium/src/libsodium/crypto_core/ed25519/ref10/fe_51/fe.h ADDED

@@ -0,0 +1,116 @@
+/*
+ Ignores top bit of h.
+ */
+void
+fe25519_frombytes(fe25519 h, const unsigned char *s)
+{
+    const uint64_t mask = 0x7ffffffffffffULL;
+    uint64_t h0, h1, h2, h3, h4;
+    h0 = (LOAD64_LE(s     )      ) & mask;
+    h1 = (LOAD64_LE(s +  6) >>  3) & mask;
+    h2 = (LOAD64_LE(s + 12) >>  6) & mask;
+    h3 = (LOAD64_LE(s + 19) >>  1) & mask;
+    h4 = (LOAD64_LE(s + 24) >> 12) & mask;
+    h[0] = h0;
+    h[1] = h1;
+    h[2] = h2;
+    h[3] = h3;
+    h[4] = h4;
+}
+static void
+fe25519_reduce(fe25519 h, const fe25519 f)
+{
+    const uint64_t mask = 0x7ffffffffffffULL;
+    uint128_t t[5];
+    t[0] = f[0];
+    t[1] = f[1];
+    t[2] = f[2];
+    t[3] = f[3];
+    t[4] = f[4];
+    t[1] += t[0] >> 51;
+    t[0] &= mask;
+    t[2] += t[1] >> 51;
+    t[1] &= mask;
+    t[3] += t[2] >> 51;
+    t[2] &= mask;
+    t[4] += t[3] >> 51;
+    t[3] &= mask;
+    t[0] += 19 * (t[4] >> 51);
+    t[4] &= mask;
+    t[1] += t[0] >> 51;
+    t[0] &= mask;
+    t[2] += t[1] >> 51;
+    t[1] &= mask;
+    t[3] += t[2] >> 51;
+    t[2] &= mask;
+    t[4] += t[3] >> 51;
+    t[3] &= mask;
+    t[0] += 19 * (t[4] >> 51);
+    t[4] &= mask;
+    /* now t is between 0 and 2^255-1, properly carried. */
+    /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */
+    t[0] += 19ULL;
+    t[1] += t[0] >> 51;
+    t[0] &= mask;
+    t[2] += t[1] >> 51;
+    t[1] &= mask;
+    t[3] += t[2] >> 51;
+    t[2] &= mask;
+    t[4] += t[3] >> 51;
+    t[3] &= mask;
+    t[0] += 19ULL * (t[4] >> 51);
+    t[4] &= mask;
+    /* now between 19 and 2^255-1 in both cases, and offset by 19. */
+    t[0] += 0x8000000000000 - 19ULL;
+    t[1] += 0x8000000000000 - 1ULL;
+    t[2] += 0x8000000000000 - 1ULL;
+    t[3] += 0x8000000000000 - 1ULL;
+    t[4] += 0x8000000000000 - 1ULL;
+    /* now between 2^255 and 2^256-20, and offset by 2^255. */
+    t[1] += t[0] >> 51;
+    t[0] &= mask;
+    t[2] += t[1] >> 51;
+    t[1] &= mask;
+    t[3] += t[2] >> 51;
+    t[2] &= mask;
+    t[4] += t[3] >> 51;
+    t[3] &= mask;
+    t[4] &= mask;
+    h[0] = t[0];
+    h[1] = t[1];
+    h[2] = t[2];
+    h[3] = t[3];
+    h[4] = t[4];
+}
+void
+fe25519_tobytes(unsigned char *s, const fe25519 h)
+{
+    fe25519  t;
+    uint64_t t0, t1, t2, t3;
+    fe25519_reduce(t, h);
+    t0 = t[0] | (t[1] << 51);
+    t1 = (t[1] >> 13) | (t[2] << 38);
+    t2 = (t[2] >> 26) | (t[3] << 25);
+    t3 = (t[3] >> 39) | (t[4] << 12);
+    STORE64_LE(s +  0, t0);
+    STORE64_LE(s +  8, t1);
+    STORE64_LE(s + 16, t2);
+    STORE64_LE(s + 24, t3);
+}

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2b/ref/blake2.h CHANGED

@@ -76,7 +76,7 @@ typedef crypto_generichash_blake2b_state blake2b_state;
 /* Streaming API */
 int blake2b_init(blake2b_state *S, const uint8_t outlen);
 int blake2b_init_salt_personal(blake2b_state *S, const uint8_t outlen,
-                               const void *personal, const void *salt);
+                               const void *salt, const void *personal);
 int blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key,
                      const uint8_t keylen);
 int blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen,

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ref.c CHANGED

@@ -83,8 +83,9 @@ blake2b_compress_ref(blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES])
     ROUND(10);
     ROUND(11);
-    for (i      = 0; i < 8; ++i)
+    for (i = 0; i < 8; ++i) {
         S->h[i] = S->h[i] ^ v[i] ^ v[i + 8];
+    }
 #undef G
 #undef ROUND

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c CHANGED

@@ -25,14 +25,6 @@
 #include "runtime.h"
 #include "utils.h"
-#ifdef HAVE_TI_MODE
-# if defined(__SIZEOF_INT128__)
-typedef unsigned __int128 uint128_t;
-# else
-typedef unsigned uint128_t __attribute__((mode(TI)));
-# endif
-#endif
 static blake2b_compress_fn blake2b_compress = blake2b_compress_ref;
 static const uint64_t blake2b_IV[8] = {
@@ -49,13 +41,6 @@ blake2b_set_lastnode(blake2b_state *S)
     return 0;
 }
 /* LCOV_EXCL_STOP */
-#if 0
-static inline int blake2b_clear_lastnode( blake2b_state *S )
-{
-  S->f[1] = 0;
-  return 0;
-}
-#endif
 static inline int
 blake2b_is_lastblock(const blake2b_state *S)
@@ -72,15 +57,7 @@ blake2b_set_lastblock(blake2b_state *S)
     S->f[0] = -1;
     return 0;
 }
-#if 0
-static inline int blake2b_clear_lastblock( blake2b_state *S )
-{
-  if( S->last_node ) blake2b_clear_lastnode( S );
-  S->f[0] = 0;
-  return 0;
-}
-#endif
 static inline int
 blake2b_increment_counter(blake2b_state *S, const uint64_t inc)
 {
@@ -97,51 +74,6 @@ blake2b_increment_counter(blake2b_state *S, const uint64_t inc)
 }
 /* Parameter-related functions */
-#if 0
-/* Redundant: digest length is directly set in blake2b_init(), blake2b_init_salt_personal(),
- * blake2b_init_key() and blake2b_init_key_salt_personal() */
-static inline int blake2b_param_set_digest_length( blake2b_param *P, const uint8_t digest_length )
-{
-  P->digest_length = digest_length;
-  return 0;
-}
-static inline int blake2b_param_set_fanout( blake2b_param *P, const uint8_t fanout )
-{
-  P->fanout = fanout;
-  return 0;
-}
-static inline int blake2b_param_set_max_depth( blake2b_param *P, const uint8_t depth )
-{
-  P->depth = depth;
-  return 0;
-}
-static inline int blake2b_param_set_leaf_length( blake2b_param *P, const uint32_t leaf_length )
-{
-  STORE32_LE( P->leaf_length, leaf_length );
-  return 0;
-}
-static inline int blake2b_param_set_node_offset( blake2b_param *P, const uint64_t node_offset )
-{
-  STORE64_LE( P->node_offset, node_offset );
-  return 0;
-}
-static inline int blake2b_param_set_node_depth( blake2b_param *P, const uint8_t node_depth )
-{
-  P->node_depth = node_depth;
-  return 0;
-}
-static inline int blake2b_param_set_inner_length( blake2b_param *P, const uint8_t inner_length )
-{
-  P->inner_length = inner_length;
-  return 0;
-}
-#endif
 static inline int
 blake2b_param_set_salt(blake2b_param *P, const uint8_t salt[BLAKE2B_SALTBYTES])
 {
@@ -271,7 +203,7 @@ blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key,
     {
         uint8_t block[BLAKE2B_BLOCKBYTES];
         memset(block, 0, BLAKE2B_BLOCKBYTES);
-        memcpy(block, key, keylen);
+        memcpy(block, key, keylen); /* keylen cannot be 0 */
         blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
         sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */
     }
@@ -317,7 +249,7 @@ blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen,
     {
         uint8_t block[BLAKE2B_BLOCKBYTES];
         memset(block, 0, BLAKE2B_BLOCKBYTES);
-        memcpy(block, key, keylen);
+        memcpy(block, key, keylen); /* keylen cannot be 0 */
         blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
         sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */
     }
@@ -357,6 +289,8 @@ blake2b_update(blake2b_state *S, const uint8_t *in, uint64_t inlen)
 int
 blake2b_final(blake2b_state *S, uint8_t *out, uint8_t outlen)
 {
+    unsigned char buffer[BLAKE2B_OUTBYTES];
     if (!outlen || outlen > BLAKE2B_OUTBYTES) {
         sodium_misuse();
     }
@@ -377,19 +311,17 @@ blake2b_final(blake2b_state *S, uint8_t *out, uint8_t outlen)
            2 * BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */
     blake2b_compress(S, S->buf);
-#ifdef NATIVE_LITTLE_ENDIAN
-    memcpy(out, &S->h[0], outlen);
-#else
-    {
-        uint8_t buffer[BLAKE2B_OUTBYTES];
-        int     i;
+    COMPILER_ASSERT(sizeof buffer == 64U);
+    STORE64_LE(buffer + 8 * 0, S->h[0]);
+    STORE64_LE(buffer + 8 * 1, S->h[1]);
+    STORE64_LE(buffer + 8 * 2, S->h[2]);
+    STORE64_LE(buffer + 8 * 3, S->h[3]);
+    STORE64_LE(buffer + 8 * 4, S->h[4]);
+    STORE64_LE(buffer + 8 * 5, S->h[5]);
+    STORE64_LE(buffer + 8 * 6, S->h[6]);
+    STORE64_LE(buffer + 8 * 7, S->h[7]);
+    memcpy(out, buffer, outlen); /* outlen <= BLAKE2B_OUTBYTES (64) */
-        for (i = 0; i < 8; i++) { /* Output full hash to temp buffer */
-            STORE64_LE(buffer + sizeof(S->h[i]) * i, S->h[i]);
-        }
-        memcpy(out, buffer, outlen);
-    }
-#endif
     sodium_memzero(S->h, sizeof S->h);
     sodium_memzero(S->buf, sizeof S->buf);

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c CHANGED

@@ -5,6 +5,7 @@
 #include "blake2.h"
 #include "crypto_generichash_blake2b.h"
+#include "private/implementations.h"
 int
 crypto_generichash_blake2b(unsigned char *out, size_t outlen,

data/vendor/libsodium/src/libsodium/crypto_hash/sha256/cp/hash_sha256_cp.c CHANGED

@@ -153,10 +153,10 @@ static const uint8_t PAD[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
 static void
 SHA256_Pad(crypto_hash_sha256_state *state, uint32_t tmp32[64 + 8])
 {
-    uint64_t r;
-    uint64_t i;
+    unsigned int r;
+    unsigned int i;
-    r = (state->count >> 3) & 0x3f;
+    r = (unsigned int) ((state->count >> 3) & 0x3f);
     if (r < 56) {
         for (i = 0; i < 56 - r; i++) {
             state->buf[r + i] = PAD[i];

data/vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c CHANGED

@@ -172,10 +172,10 @@ static const uint8_t PAD[128] = {
 static void
 SHA512_Pad(crypto_hash_sha512_state *state, uint64_t tmp64[80 + 8])
 {
-    uint64_t r;
-    uint64_t i;
+    unsigned int r;
+    unsigned int i;
-    r = (state->count[1] >> 3) & 0x7f;
+    r = (unsigned int) ((state->count[1] >> 3) & 0x7f);
     if (r < 112) {
         for (i = 0; i < 112 - r; i++) {
             state->buf[r + i] = PAD[i];

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h CHANGED

@@ -3,11 +3,7 @@
    and 128 bit addition
 */
-#if defined(__SIZEOF_INT128__)
-typedef unsigned __int128 uint128_t;
-#else
-typedef unsigned uint128_t __attribute__((mode(TI)));
-#endif
+#include "private/common.h"
 #define MUL(out, x, y) out = ((uint128_t) x * y)
 #define ADD(out, in) out += in
@@ -23,8 +19,6 @@ typedef unsigned uint128_t __attribute__((mode(TI)));
 # define POLY1305_NOINLINE
 #endif
-#include "private/common.h"
 #define poly1305_block_size 16
 /* 17 + sizeof(unsigned long long) + 8*sizeof(unsigned long long) */

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c CHANGED

@@ -2,6 +2,7 @@
 #include "onetimeauth_poly1305.h"
 #include "crypto_onetimeauth_poly1305.h"
 #include "private/common.h"
+#include "private/implementations.h"
 #include "randombytes.h"
 #include "runtime.h"

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c CHANGED

@@ -19,12 +19,6 @@
 typedef __m128i xmmi;
-# if defined(__SIZEOF_INT128__)
-typedef unsigned __int128 uint128_t;
-# else
-typedef unsigned uint128_t __attribute__((mode(TI)));
-# endif
 # if defined(_MSC_VER)
 #  define POLY1305_NOINLINE __declspec(noinline)
 # elif defined(__GNUC__)

data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-core.c CHANGED

@@ -24,6 +24,7 @@
 #include "crypto_generichash_blake2b.h"
 #include "private/common.h"
+#include "private/implementations.h"
 #include "runtime.h"
 #include "utils.h"
@@ -33,6 +34,12 @@
 #if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
 # define MAP_ANON MAP_ANONYMOUS
 #endif
+#ifndef MAP_NOCORE
+# define MAP_NOCORE 0
+#endif
+#ifndef MAP_POPULATE
+# define MAP_POPULATE 0
+#endif
 static fill_segment_fn fill_segment = fill_segment_ref;
@@ -87,11 +94,7 @@ allocate_memory(block_region **region, uint32_t m_cost)
 #if defined(MAP_ANON) && defined(HAVE_MMAP)
     if ((base = mmap(NULL, memory_size, PROT_READ | PROT_WRITE,
-#ifdef MAP_NOCORE
-                     MAP_ANON | MAP_PRIVATE | MAP_NOCORE,
-#else
-                     MAP_ANON | MAP_PRIVATE,
-#endif
+                     MAP_ANON | MAP_PRIVATE | MAP_NOCORE | MAP_POPULATE,
                      -1, 0)) == MAP_FAILED) {
         base = NULL; /* LCOV_EXCL_LINE */
     }                /* LCOV_EXCL_LINE */
@@ -214,100 +217,24 @@ finalize(const argon2_context *context, argon2_instance_t *instance)
     }
 }
-uint32_t
-index_alpha(const argon2_instance_t *instance,
-            const argon2_position_t *position, uint32_t pseudo_rand,
-            int same_lane)
-{
-    /*
-     * Pass 0:
-     *      This lane : all already finished segments plus already constructed
-     * blocks in this segment
-     *      Other lanes : all already finished segments
-     * Pass 1+:
-     *      This lane : (SYNC_POINTS - 1) last segments plus already constructed
-     * blocks in this segment
-     *      Other lanes : (SYNC_POINTS - 1) last segments
-     */
-    uint32_t reference_area_size;
-    uint64_t relative_position;
-    uint32_t start_position, absolute_position;
-    if (position->pass == 0) {
-        /* First pass */
-        if (position->slice == 0) {
-            /* First slice */
-            reference_area_size =
-                position->index - 1; /* all but the previous */
-        } else {
-            if (same_lane) {
-                /* The same lane => add current segment */
-                reference_area_size =
-                    position->slice * instance->segment_length +
-                    position->index - 1;
-            } else {
-                reference_area_size =
-                    position->slice * instance->segment_length +
-                    ((position->index == 0) ? (-1) : 0);
-            }
-        }
-    } else {
-        /* Second pass */
-        if (same_lane) {
-            reference_area_size = instance->lane_length -
-                                  instance->segment_length + position->index -
-                                  1;
-        } else {
-            reference_area_size = instance->lane_length -
-                                  instance->segment_length +
-                                  ((position->index == 0) ? (-1) : 0);
-        }
-    }
-    /* 1.2.4. Mapping pseudo_rand to 0..<reference_area_size-1> and produce
-     * relative position */
-    relative_position = pseudo_rand;
-    relative_position = relative_position * relative_position >> 32;
-    relative_position = reference_area_size - 1 -
-                        (reference_area_size * relative_position >> 32);
-    /* 1.2.5 Computing starting position */
-    start_position = 0;
-    if (position->pass != 0) {
-        start_position = (position->slice == ARGON2_SYNC_POINTS - 1)
-                             ? 0
-                             : (position->slice + 1) * instance->segment_length;
-    }
-    /* 1.2.6. Computing absolute position */
-    absolute_position = (start_position + relative_position) %
-                        instance->lane_length; /* absolute position */
-    return absolute_position;
-}
 void
-fill_memory_blocks(argon2_instance_t *instance)
+fill_memory_blocks(argon2_instance_t *instance, uint32_t pass)
 {
-    uint32_t r, s;
+    argon2_position_t position;
+    uint32_t l;
+    uint32_t s;
     if (instance == NULL || instance->lanes == 0) {
         return; /* LCOV_EXCL_LINE */
     }
-    for (r = 0; r < instance->passes; ++r) {
-        for (s = 0; s < ARGON2_SYNC_POINTS; ++s) {
-            uint32_t l;
-            for (l = 0; l < instance->lanes; ++l) {
-                argon2_position_t position;
-                position.pass  = r;
-                position.lane  = l;
-                position.slice = (uint8_t) s;
-                position.index = 0;
-                fill_segment(instance, position);
-            }
+    position.pass = pass;
+    for (s = 0; s < ARGON2_SYNC_POINTS; ++s) {
+        position.slice = (uint8_t) s;
+        for (l = 0; l < instance->lanes; ++l) {
+            position.lane  = l;
+            position.index = 0;
+            fill_segment(instance, position);
         }
     }
 }