RubyGems - rbnacl-libsodium - Versions diffs - 1.0.15.1 → 1.0.16 - Mend

rbnacl-libsodium 1.0.15.1 → 1.0.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (157) hide show

data/vendor/libsodium/test/default/aead_aes256gcm.c CHANGED

@@ -3170,7 +3170,7 @@ tv(void)
         found_message_len = 1;
         if (crypto_aead_aes256gcm_decrypt(decrypted, &found_message_len,
                                           NULL, ciphertext,
-                                          randombytes_uniform(ciphertext_len),
+                                          randombytes_uniform((uint32_t) ciphertext_len),
                                           ad, ad_len, nonce, key) != -1) {
             printf("Verification of test vector #%u after truncation succeeded\n",
                    (unsigned int) i);

data/vendor/libsodium/test/default/cmptest.h CHANGED

@@ -2,6 +2,10 @@
 #ifndef __CMPTEST_H__
 #define __CMPTEST_H__
+#ifdef NDEBUG
+#/**/undef/**/ NDEBUG
+#endif
 #include <assert.h>
 #include <stdio.h>
 #include <stdint.h>

data/vendor/libsodium/test/default/core3.c CHANGED

@@ -27,6 +27,7 @@ main(void)
     size_t         pos = 0;
     int            i;
+    pos = 0;
     secondkey = (unsigned char *) sodium_malloc(32);
     memcpy(secondkey, SECONDKEY, 32);
     noncesuffix = (unsigned char *) sodium_malloc(8);
@@ -59,6 +60,45 @@ main(void)
     }
     printf("\n");
+#ifndef SODIUM_LIBRARY_MINIMAL
+    pos = 0;
+    do {
+        do {
+            crypto_core_salsa2012(output + pos, in, secondkey, c);
+            pos += 64;
+            in[8]++;
+        } while (in[8] != 0);
+        in[9]++;
+    } while (in[9] != 0);
+    crypto_hash_sha256(h, output, output_len);
+    for (i = 0; i < 32; ++i) {
+        printf("%02x", h[i]);
+    }
+    printf("\n");
+    pos = 0;
+    do {
+        do {
+            crypto_core_salsa208(output + pos, in, secondkey, c);
+            pos += 64;
+            in[8]++;
+        } while (in[8] != 0);
+        in[9]++;
+    } while (in[9] != 0);
+    crypto_hash_sha256(h, output, output_len);
+    for (i = 0; i < 32; ++i) {
+        printf("%02x", h[i]);
+    }
+    printf("\n");
+#else
+    printf("a4e3147dddd2ba7775939b50208a22eb3277d4e4bad8a1cfbc999c6bd392b638\n"
+           "017421baa9959cbe894bd003ec87938254f47c1e757eb66cf89c353d0c2b68de\n");
+#endif
     sodium_free(h);
     sodium_free(output);
     sodium_free(in);
@@ -66,10 +106,10 @@ main(void)
     sodium_free(noncesuffix);
     sodium_free(secondkey);
-    assert(crypto_core_salsa20_outputbytes() > 0U);
-    assert(crypto_core_salsa20_inputbytes() > 0U);
-    assert(crypto_core_salsa20_keybytes() > 0U);
-    assert(crypto_core_salsa20_constbytes() > 0U);
+    assert(crypto_core_salsa20_outputbytes() == crypto_core_salsa20_OUTPUTBYTES);
+    assert(crypto_core_salsa20_inputbytes() == crypto_core_salsa20_INPUTBYTES);
+    assert(crypto_core_salsa20_keybytes() == crypto_core_salsa20_KEYBYTES);
+    assert(crypto_core_salsa20_constbytes() == crypto_core_salsa20_CONSTBYTES);
     return 0;
 }

data/vendor/libsodium/test/default/core3.exp CHANGED

@@ -1 +1,3 @@
 662b9d0e3463029156069b12f918691a98f7dfb2ca0393c96bbfc6b1fbd630a2
+a4e3147dddd2ba7775939b50208a22eb3277d4e4bad8a1cfbc999c6bd392b638
+017421baa9959cbe894bd003ec87938254f47c1e757eb66cf89c353d0c2b68de

data/vendor/libsodium/test/default/core4.c CHANGED

@@ -27,7 +27,7 @@ main(void)
         } else {
             printf(" ");
         }
-        printf("%3d", (unsigned int) out[i]);
+        printf("%3u", (unsigned int) out[i]);
         if (i % 8 == 7) {
             printf("\n");
         }

data/vendor/libsodium/test/default/core_ed25519.c ADDED

@@ -0,0 +1,151 @@
+#define TEST_NAME "core_ed25519"
+#include "cmptest.h"
+static const unsigned char non_canonical_p[32] = {
+    0xf6, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
+};
+static const unsigned char non_canonical_invalid_p[32] = {
+    0xf5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
+};
+static const unsigned char max_canonical_p[32] = {
+    0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
+};
+static void
+add_P(unsigned char * const S)
+{
+    static const unsigned char P[32] = {
+        0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
+    };
+    unsigned char c = 0U;
+    unsigned int  i;
+    unsigned int  s;
+    for (i = 0U; i < 32U; i++) {
+        s = S[i] + P[i] + c;
+        S[i] = (unsigned char) s;
+        c = (s >> 8) & 1;
+    }
+}
+int
+main(void)
+{
+    unsigned char *h;
+    unsigned char *p, *p2, *p3;
+    unsigned char *sc;
+    int            i, j;
+    h = (unsigned char *) sodium_malloc(crypto_core_ed25519_UNIFORMBYTES);
+    p = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
+    for (i = 0; i < 1000; i++) {
+        randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES);
+        if (crypto_core_ed25519_from_uniform(p, h) != 0) {
+            printf("crypto_core_ed25519_from_uniform() failed\n");
+        }
+        if (crypto_core_ed25519_is_valid_point(p) == 0) {
+            printf("crypto_core_ed25519_from_uniform() returned an invalid point\n");
+        }
+    }
+    p2 = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
+    p3 = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES);
+    randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES);
+    crypto_core_ed25519_from_uniform(p2, h);
+    j = 1 + (int) randombytes_uniform(100);
+    memcpy(p3, p, crypto_core_ed25519_BYTES);
+    for (i = 0; i < j; i++) {
+        crypto_core_ed25519_add(p, p, p2);
+        if (crypto_core_ed25519_is_valid_point(p) != 1) {
+            printf("crypto_core_add() returned an invalid point\n");
+        }
+    }
+    if (memcmp(p, p3, crypto_core_ed25519_BYTES) == 0) {
+        printf("crypto_core_add() failed\n");
+    }
+    for (i = 0; i < j; i++) {
+        crypto_core_ed25519_sub(p, p, p2);
+    }
+    if (memcmp(p, p3, crypto_core_ed25519_BYTES) != 0) {
+        printf("crypto_core_add() or crypto_core_sub() failed\n");
+    }
+    sc = (unsigned char *) sodium_malloc(crypto_scalarmult_ed25519_SCALARBYTES);
+    memset(sc, 0, crypto_scalarmult_ed25519_SCALARBYTES);
+    sc[0] = 8;
+    memcpy(p2, p, crypto_core_ed25519_BYTES);
+    memcpy(p3, p, crypto_core_ed25519_BYTES);
+    for (i = 0; i < 254; i++) {
+        crypto_core_ed25519_add(p2, p2, p2);
+    }
+    for (i = 0; i < 8; i++) {
+        crypto_core_ed25519_add(p2, p2, p);
+    }
+    if (crypto_scalarmult_ed25519(p3, sc, p) != 0) {
+        printf("crypto_scalarmult_ed25519() failed\n");
+    }
+    if (memcmp(p2, p3, crypto_core_ed25519_BYTES) != 0) {
+        printf("crypto_scalarmult_ed25519() is inconsistent with crypto_core_ed25519_add()\n");
+    }
+    assert(crypto_core_ed25519_is_valid_point(p) == 1);
+    memset(p, 0, crypto_core_ed25519_BYTES);
+    assert(crypto_core_ed25519_is_valid_point(p) == 0);
+    p[0] = 1;
+    assert(crypto_core_ed25519_is_valid_point(p) == 0);
+    p[0] = 2;
+    assert(crypto_core_ed25519_is_valid_point(p) == 0);
+    p[0] = 9;
+    assert(crypto_core_ed25519_is_valid_point(p) == 1);
+    assert(crypto_core_ed25519_is_valid_point(max_canonical_p) == 1);
+    assert(crypto_core_ed25519_is_valid_point(non_canonical_invalid_p) == 0);
+    assert(crypto_core_ed25519_is_valid_point(non_canonical_p) == 0);
+    memcpy(p2, p, crypto_core_ed25519_BYTES);
+    add_P(p2);
+    crypto_core_ed25519_add(p3, p2, p2);
+    crypto_core_ed25519_sub(p3, p3, p2);
+    assert(memcmp(p2, p, crypto_core_ed25519_BYTES) != 0);
+    assert(memcmp(p3, p, crypto_core_ed25519_BYTES) == 0);
+    p[0] = 2;
+    assert(crypto_core_ed25519_add(p3, p2, p) == -1);
+    assert(crypto_core_ed25519_add(p3, p2, non_canonical_p) == 0);
+    assert(crypto_core_ed25519_add(p3, p2, non_canonical_invalid_p) == -1);
+    assert(crypto_core_ed25519_add(p3, p, p3) == -1);
+    assert(crypto_core_ed25519_add(p3, non_canonical_p, p3) == 0);
+    assert(crypto_core_ed25519_add(p3, non_canonical_invalid_p, p3) == -1);
+    assert(crypto_core_ed25519_sub(p3, p2, p) == -1);
+    assert(crypto_core_ed25519_sub(p3, p2, non_canonical_p) == 0);
+    assert(crypto_core_ed25519_sub(p3, p2, non_canonical_invalid_p) == -1);
+    assert(crypto_core_ed25519_sub(p3, p, p3) == -1);
+    assert(crypto_core_ed25519_sub(p3, non_canonical_p, p3) == 0);
+    assert(crypto_core_ed25519_sub(p3, non_canonical_invalid_p, p3) == -1);
+    sodium_free(sc);
+    sodium_free(p3);
+    sodium_free(p2);
+    sodium_free(p);
+    sodium_free(h);
+    assert(crypto_core_ed25519_BYTES == crypto_core_ed25519_bytes());
+    assert(crypto_core_ed25519_UNIFORMBYTES == crypto_core_ed25519_uniformbytes());
+    assert(crypto_core_ed25519_UNIFORMBYTES >= crypto_core_ed25519_BYTES);
+    printf("OK\n");
+    return 0;
+}

data/vendor/libsodium/test/default/core_ed25519.exp ADDED

	@@ -0,0 +1 @@
1	+ OK

data/vendor/libsodium/test/default/ed25519_convert.c CHANGED

@@ -18,9 +18,17 @@ main(void)
     unsigned char curve25519_sk[crypto_scalarmult_curve25519_BYTES];
     char          curve25519_pk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1];
     char          curve25519_sk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1];
+    unsigned char hseed[crypto_hash_sha512_BYTES];
     unsigned int  i;
-    crypto_sign_ed25519_seed_keypair(ed25519_pk, ed25519_skpk, keypair_seed);
+    assert(crypto_sign_ed25519_SEEDBYTES <= crypto_hash_sha512_BYTES);
+#ifdef ED25519_NONDETERMINISTIC
+    crypto_hash_sha512(hseed, keypair_seed, crypto_sign_ed25519_SEEDBYTES);
+#else
+    memcpy(hseed, keypair_seed, crypto_sign_ed25519_SEEDBYTES);
+#endif
+    crypto_sign_ed25519_seed_keypair(ed25519_pk, ed25519_skpk, hseed);
     if (crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) != 0) {
         printf("conversion failed\n");
     }

data/vendor/libsodium/test/default/index.html.tpl CHANGED

@@ -28,9 +28,20 @@ body {
 <h1></h1>
 <section class="test" id="test-res"></section>
 <script>
+var performance;
+if (typeof performance !== 'object') {
+  performance = {
+    mark: function(s) { this[s] = new Date() },
+    measure: function(_t, s1, s2) { this.t = this[s2] - this[s1] },
+    getEntriesByName: function() { return [ { duration: this.t } ] }
+  };
+}
+var Module = { preRun: function() { performance.mark('bench_start') } };
 function runTest(tname) {
     var xhr, expected, hn, idx = 0, passed = true;
     function outputReceived(e) {
         var found = e.data;
         var p = document.createElement('p');
@@ -42,8 +53,11 @@ function runTest(tname) {
         document.getElementById('test-res').appendChild(p);
         if (idx >= expected.length) {
             if (passed) {
-                hn.appendChild(document.createTextNode(' - PASSED'));
-                hn.className = 'passed';
+                performance.mark('bench_end')
+                performance.measure('bench', 'bench_start', 'bench_end');
+                var duration = Math.round(performance.getEntriesByName('bench')[0].duration);
+                hn.appendChild(document.createTextNode(' - PASSED (time: ' + duration + ' ms)'));
+                hn.className = 'passed';
             } else {
                 hn.appendChild(document.createTextNode(' - FAILED'));
                 hn.className = 'err';

data/vendor/libsodium/test/default/kdf.c CHANGED

@@ -10,6 +10,7 @@ tv_kdf(void)
     char          *context;
     char           hex[crypto_kdf_BYTES_MAX * 2 + 1];
     uint64_t       i;
+    int            ret;
     context = (char *) sodium_malloc(crypto_kdf_CONTEXTBYTES);
     memcpy(context, "KDF test", strlen("KDF test"));
@@ -19,8 +20,9 @@ tv_kdf(void)
     }
     subkey = (unsigned char *) sodium_malloc(crypto_kdf_BYTES_MAX);
     for (i = 0; i < 10; i++) {
-        assert(crypto_kdf_derive_from_key(subkey, crypto_kdf_BYTES_MAX,
-                                          i, context, master_key) == 0);
+        ret = crypto_kdf_derive_from_key(subkey, crypto_kdf_BYTES_MAX,
+                                         i, context, master_key);
+        assert(ret == 0);
         sodium_bin2hex(hex, sizeof hex, subkey, crypto_kdf_BYTES_MAX);
         printf("%s\n", hex);
     }

data/vendor/libsodium/test/default/metamorphic.c CHANGED

@@ -35,8 +35,8 @@ mm_generichash(void)
         randombytes_buf(m, mlen);
         crypto_generichash_init(&st, k, klen, hlen);
-        l1 = randombytes_uniform(mlen);
-        l2 = randombytes_uniform(mlen - l1);
+        l1 = randombytes_uniform((uint32_t) mlen);
+        l2 = randombytes_uniform((uint32_t) (mlen - l1));
         crypto_generichash_update(&st, m, l1);
         crypto_generichash_update(&st, m + l1, l2);
         crypto_generichash_update(&st, m + l1 + l2, mlen - l1 - l2);
@@ -75,8 +75,8 @@ mm_onetimeauth(void)
         randombytes_buf(m, mlen);
         crypto_onetimeauth_init(&st, k);
-        l1 = randombytes_uniform(mlen);
-        l2 = randombytes_uniform(mlen - l1);
+        l1 = randombytes_uniform((uint32_t) mlen);
+        l2 = randombytes_uniform((uint32_t) (mlen - l1));
         crypto_onetimeauth_update(&st, m, l1);
         crypto_onetimeauth_update(&st, m + l1, l2);
         crypto_onetimeauth_update(&st, m + l1 + l2, mlen - l1 - l2);
@@ -115,8 +115,8 @@ mm_hmacsha256(void)
         randombytes_buf(m, mlen);
         crypto_auth_hmacsha256_init(&st, k, crypto_auth_hmacsha256_KEYBYTES);
-        l1 = randombytes_uniform(mlen);
-        l2 = randombytes_uniform(mlen - l1);
+        l1 = randombytes_uniform((uint32_t) mlen);
+        l2 = randombytes_uniform((uint32_t) (mlen - l1));
         crypto_auth_hmacsha256_update(&st, m, l1);
         crypto_auth_hmacsha256_update(&st, m + l1, l2);
         crypto_auth_hmacsha256_update(&st, m + l1 + l2, mlen - l1 - l2);
@@ -155,8 +155,8 @@ mm_hmacsha512(void)
         randombytes_buf(m, mlen);
         crypto_auth_hmacsha512_init(&st, k, crypto_auth_hmacsha512_KEYBYTES);
-        l1 = randombytes_uniform(mlen);
-        l2 = randombytes_uniform(mlen - l1);
+        l1 = randombytes_uniform((uint32_t) mlen);
+        l2 = randombytes_uniform((uint32_t) (mlen - l1));
         crypto_auth_hmacsha512_update(&st, m, l1);
         crypto_auth_hmacsha512_update(&st, m + l1, l2);
         crypto_auth_hmacsha512_update(&st, m + l1 + l2, mlen - l1 - l2);

data/vendor/libsodium/test/default/misuse.c CHANGED

@@ -6,17 +6,45 @@
 # include <signal.h>
 static void
-sigabrt_handler_13(int sig)
+sigabrt_handler_15(int sig)
 {
     (void) sig;
     exit(0);
 }
+# ifndef SODIUM_LIBRARY_MINIMAL
+static void
+sigabrt_handler_14(int sig)
+{
+    (void) sig;
+    signal(SIGABRT, sigabrt_handler_15);
+    assert(crypto_box_curve25519xchacha20poly1305_easy
+           (NULL, NULL, crypto_stream_xchacha20_MESSAGEBYTES_MAX - 1,
+            NULL, NULL, NULL) == -1);
+    exit(1);
+}
+static void
+sigabrt_handler_13(int sig)
+{
+    (void) sig;
+    signal(SIGABRT, sigabrt_handler_14);
+    assert(crypto_box_curve25519xchacha20poly1305_easy_afternm
+           (NULL, NULL, crypto_stream_xchacha20_MESSAGEBYTES_MAX - 1,
+            NULL, NULL) == -1);
+    exit(1);
+}
+# endif
 static void
 sigabrt_handler_12(int sig)
 {
     (void) sig;
+# ifdef SODIUM_LIBRARY_MINIMAL
+    signal(SIGABRT, sigabrt_handler_15);
+# else
     signal(SIGABRT, sigabrt_handler_13);
+# endif
     assert(crypto_pwhash_str_alg(NULL, "", 0U, 1U, 1U, -1) == -1);
     exit(1);
 }

data/vendor/libsodium/test/default/pwhash_argon2i.c CHANGED

@@ -121,14 +121,14 @@ tv2(void)
           "8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6",
           127,
           "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2",
-          155, 4, 1397645, 1 },
+          155, 4, 397645, 1 },
         { "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0"
           "65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d"
           "a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5"
           "8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6",
           127,
           "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2",
-          155, 3, 1397645, 1 },
+          155, 3, 397645, 1 },
     };
     char          passwd[256];
     unsigned char salt[crypto_pwhash_SALTBYTES];
@@ -181,6 +181,8 @@ tv2(void)
                       1ULL << 12, crypto_pwhash_alg_argon2i13()) != -1) {
         printf("[tv2] pwhash with a long password length should have failed\n");
     }
+    assert(crypto_pwhash_argon2i(out, sizeof out, "password", strlen("password"), salt,
+                                 OPSLIMIT, MEMLIMIT, crypto_pwhash_alg_argon2id13()) == -1);
 }
 static void
@@ -256,7 +258,11 @@ str_tests(void)
         crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT * 2, MEMLIMIT) != 1) {
         printf("needs_rehash() false negative\n");
     }
-    if (crypto_pwhash_argon2i_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) {
+    if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1) {
+        printf("pwhash_str_needs_rehash() didn't handle argon2i\n");
+    }
+    if (crypto_pwhash_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1 ||
+        crypto_pwhash_argon2i_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) {
         printf("needs_rehash() didn't fail with an invalid hash string\n");
     }
     if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out),