RubyGems - rbnacl-libsodium - Versions diffs - 1.0.2 → 1.0.3 - Mend

rbnacl-libsodium 1.0.2 → 1.0.3

Files changed (141) hide show

data/vendor/libsodium/src/libsodium/include/sodium/crypto_auth_hmacsha256.h CHANGED Viewed

@@ -12,11 +12,6 @@
 extern "C" {
 #endif
-typedef struct crypto_auth_hmacsha256_state {
-    crypto_hash_sha256_state ictx;
-    crypto_hash_sha256_state octx;
-} crypto_auth_hmacsha256_state;
 #define crypto_auth_hmacsha256_BYTES 32U
 SODIUM_EXPORT
 size_t crypto_auth_hmacsha256_bytes(void);
@@ -37,6 +32,15 @@ int crypto_auth_hmacsha256_verify(const unsigned char *h,
                                   unsigned long long inlen,
                                   const unsigned char *k);
+/* ------------------------------------------------------------------------- */
+typedef struct crypto_auth_hmacsha256_state {
+    crypto_hash_sha256_state ictx;
+    crypto_hash_sha256_state octx;
+} crypto_auth_hmacsha256_state;
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha256_statebytes(void);
 SODIUM_EXPORT
 int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
                                 const unsigned char *key,

data/vendor/libsodium/src/libsodium/include/sodium/crypto_auth_hmacsha512.h CHANGED Viewed

@@ -12,11 +12,6 @@
 extern "C" {
 #endif
-typedef struct crypto_auth_hmacsha512_state {
-    crypto_hash_sha512_state ictx;
-    crypto_hash_sha512_state octx;
-} crypto_auth_hmacsha512_state;
 #define crypto_auth_hmacsha512_BYTES 64U
 SODIUM_EXPORT
 size_t crypto_auth_hmacsha512_bytes(void);
@@ -37,6 +32,15 @@ int crypto_auth_hmacsha512_verify(const unsigned char *h,
                                   unsigned long long inlen,
                                   const unsigned char *k);
+/* ------------------------------------------------------------------------- */
+typedef struct crypto_auth_hmacsha512_state {
+    crypto_hash_sha512_state ictx;
+    crypto_hash_sha512_state octx;
+} crypto_auth_hmacsha512_state;
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512_statebytes(void);
 SODIUM_EXPORT
 int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state,
                                 const unsigned char *key,

data/vendor/libsodium/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h CHANGED Viewed

@@ -12,8 +12,6 @@
 extern "C" {
 #endif
-typedef struct crypto_auth_hmacsha512_state crypto_auth_hmacsha512256_state;
 #define crypto_auth_hmacsha512256_BYTES 32U
 SODIUM_EXPORT
 size_t crypto_auth_hmacsha512256_bytes(void);
@@ -32,6 +30,12 @@ int crypto_auth_hmacsha512256_verify(const unsigned char *h,
                                      unsigned long long inlen,
                                      const unsigned char *k);
+/* ------------------------------------------------------------------------- */
+typedef crypto_auth_hmacsha512_state crypto_auth_hmacsha512256_state;
+SODIUM_EXPORT
+size_t crypto_auth_hmacsha512256_statebytes(void);
 SODIUM_EXPORT
 int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state,
                                    const unsigned char *key,

data/vendor/libsodium/src/libsodium/include/sodium/crypto_box.h CHANGED Viewed

@@ -106,6 +106,21 @@ int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c,
                                      unsigned long long clen, const unsigned char *n,
                                      const unsigned char *k);
+/* -- Ephemeral SK interface -- */
+#define crypto_box_SEALBYTES (crypto_box_PUBLICKEYBYTES + crypto_box_MACBYTES)
+SODIUM_EXPORT
+size_t crypto_box_sealbytes(void);
+SODIUM_EXPORT
+int crypto_box_seal(unsigned char *c, const unsigned char *m,
+                    unsigned long long mlen, const unsigned char *pk);
+SODIUM_EXPORT
+int crypto_box_seal_open(unsigned char *m, const unsigned char *c,
+                         unsigned long long clen,
+                         const unsigned char *pk, const unsigned char *sk);
 /* -- NaCl compatibility interface ; Requires padding -- */
 #define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES

data/vendor/libsodium/src/libsodium/include/sodium/crypto_generichash.h CHANGED Viewed

@@ -42,6 +42,8 @@ SODIUM_EXPORT
 const char *crypto_generichash_primitive(void);
 typedef crypto_generichash_blake2b_state crypto_generichash_state;
+SODIUM_EXPORT
+size_t  crypto_generichash_statebytes(void);
 SODIUM_EXPORT
 int crypto_generichash(unsigned char *out, size_t outlen,

data/vendor/libsodium/src/libsodium/include/sodium/crypto_generichash_blake2b.h CHANGED Viewed

@@ -21,7 +21,7 @@ extern "C" {
 #endif
 #pragma pack(push, 1)
-CRYPTO_ALIGN(64) typedef struct crypto_generichash_blake2b_state {
+typedef CRYPTO_ALIGN(64) struct crypto_generichash_blake2b_state {
     uint64_t h[8];
     uint64_t t[2];
     uint64_t f[2];

data/vendor/libsodium/src/libsodium/include/sodium/crypto_hash_sha256.h CHANGED Viewed

@@ -26,6 +26,8 @@ typedef struct crypto_hash_sha256_state {
     uint32_t      count[2];
     unsigned char buf[64];
 } crypto_hash_sha256_state;
+SODIUM_EXPORT
+size_t crypto_hash_sha256_statebytes(void);
 #define crypto_hash_sha256_BYTES 32U
 SODIUM_EXPORT

data/vendor/libsodium/src/libsodium/include/sodium/crypto_hash_sha512.h CHANGED Viewed

@@ -26,6 +26,8 @@ typedef struct crypto_hash_sha512_state {
     uint64_t      count[2];
     unsigned char buf[128];
 } crypto_hash_sha512_state;
+SODIUM_EXPORT
+size_t crypto_hash_sha512_statebytes(void);
 #define crypto_hash_sha512_BYTES 64U
 SODIUM_EXPORT

data/vendor/libsodium/src/libsodium/include/sodium/crypto_onetimeauth.h CHANGED Viewed

@@ -14,6 +14,8 @@ extern "C" {
 #endif
 typedef crypto_onetimeauth_poly1305_state crypto_onetimeauth_state;
+SODIUM_EXPORT
+size_t  crypto_onetimeauth_statebytes(void);
 #define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES
 SODIUM_EXPORT

data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_xsalsa20.h CHANGED Viewed

@@ -10,6 +10,7 @@
  */
 #include <stddef.h>
+#include <stdint.h>
 #include "export.h"
 #ifdef __cplusplus
@@ -36,6 +37,11 @@ int crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m,
                                unsigned long long mlen, const unsigned char *n,
                                const unsigned char *k);
+SODIUM_EXPORT
+int crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m,
+                                  unsigned long long mlen,
+                                  const unsigned char *n, uint64_t ic,
+                                  const unsigned char *k);
 #ifdef __cplusplus
 }
 #endif

data/vendor/libsodium/src/libsodium/include/sodium/randombytes.h CHANGED Viewed

@@ -17,12 +17,12 @@ extern "C" {
 #endif
 typedef struct randombytes_implementation {
-    const char *(*implementation_name)(void);
-    uint32_t    (*random)(void);
-    void        (*stir)(void);
-    uint32_t    (*uniform)(const uint32_t upper_bound);
-    void        (*buf)(void * const buf, const size_t size);
-    int         (*close)(void);
+    const char *(*implementation_name)(void); /* required */
+    uint32_t    (*random)(void);              /* required */
+    void        (*stir)(void);                /* optional */
+    uint32_t    (*uniform)(const uint32_t upper_bound); /* optional, a default implementation will be used if NULL */
+    void        (*buf)(void * const buf, const size_t size); /* required */
+    int         (*close)(void);               /* optional */
 } randombytes_implementation;
 SODIUM_EXPORT

data/vendor/libsodium/src/libsodium/include/sodium/utils.h CHANGED Viewed

@@ -73,8 +73,8 @@ int sodium_munlock(void * const addr, const size_t len);
  * either 357 or 361 bytes. For this reason, when using sodium_malloc() to
  * allocate a crypto_generichash_state structure, padding must be added in
  * order to ensure proper alignment:
- * state = sodium_malloc((sizeof(crypto_generichash_state)
- *                            + (size_t) 63U) & ~(size_t) 63U);
+ * state = sodium_malloc((crypto_generichash_statebytes() + (size_t) 63U)
+ *                       & ~(size_t) 63U);
  */
 SODIUM_EXPORT

data/vendor/libsodium/src/libsodium/randombytes/randombytes.c CHANGED Viewed

@@ -5,11 +5,19 @@
 #include <limits.h>
 #include <stdint.h>
+#ifdef __EMSCRIPTEN__
+# include <emscripten.h>
+#endif
 #include "randombytes.h"
 #include "randombytes_sysrandom.h"
+#ifndef __EMSCRIPTEN__
 static const randombytes_implementation *implementation =
     &randombytes_sysrandom_implementation;
+#else
+static const randombytes_implementation *implementation = NULL;
+#endif
 int
 randombytes_set_implementation(randombytes_implementation *impl)
@@ -22,39 +30,110 @@ randombytes_set_implementation(randombytes_implementation *impl)
 const char *
 randombytes_implementation_name(void)
 {
+#ifndef __EMSCRIPTEN__
     return implementation->implementation_name();
+#else
+    return "js";
+#endif
 }
 uint32_t
 randombytes_random(void)
 {
+#ifndef __EMSCRIPTEN__
     return implementation->random();
+#else
+    return EM_ASM_INT_V({
+        return Module.getRandomValue();
+    });
+#endif
 }
 void
 randombytes_stir(void)
 {
-    implementation->stir();
+#ifndef __EMSCRIPTEN__
+    if (implementation != NULL && implementation->stir != NULL) {
+        implementation->stir();
+    }
+#else
+    EM_ASM({
+        if (Module.getRandomValue === undefined) {
+            try {
+                var crypto_ = ("object" === typeof window ? window : self).crypto,
+                    randomValuesStandard = function() {
+                        var buf = new Uint32Array(1);
+                        crypto_.getRandomValues(buf);
+                        return buf[0] >>> 0;
+                    };
+                randomValuesStandard();
+                Module.getRandomValue = randomValuesStandard;
+            } catch (e) {
+                try {
+                    var crypto = require('crypto'),
+                        randomValueIOJS = function() {
+                            var buf = crypto.randomBytes(4);
+                            return (buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3]) >>> 0;
+                        };
+                    randomValueIOJS();
+                    Module.getRandomValue = randomValueIOJS;
+                } catch (e) {
+                    throw 'No secure random number generator found';
+                }
+            }
+        }
+    });
+#endif
 }
+/*
+ * randombytes_uniform() derives from OpenBSD's arc4random_uniform()
+ * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
+ */
 uint32_t
 randombytes_uniform(const uint32_t upper_bound)
 {
-    return implementation->uniform(upper_bound);
+    uint32_t min;
+    uint32_t r;
+    if (implementation != NULL && implementation->uniform != NULL) {
+        return implementation->uniform(upper_bound);
+    }
+    if (upper_bound < 2) {
+        return 0;
+    }
+    min = (uint32_t) (-upper_bound % upper_bound);
+    do {
+        r = randombytes_random();
+    } while (r < min);
+    return r % upper_bound;
 }
 void
 randombytes_buf(void * const buf, const size_t size)
 {
+#ifndef __EMSCRIPTEN__
     if (size > (size_t) 0U) {
         implementation->buf(buf, size);
     }
+#else
+    unsigned char *p = buf;
+    size_t         i;
+    for (i = (size_t) 0U; i < size; i++) {
+        p[i] = (unsigned char) randombytes_random();
+    }
+#endif
 }
 int
 randombytes_close(void)
 {
-    return implementation->close();
+    if (implementation != NULL && implementation->close != NULL) {
+        return implementation->close();
+    }
+    return 0;
 }
 void

data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c CHANGED Viewed

@@ -4,6 +4,9 @@
 # include <sys/stat.h>
 # include <sys/time.h>
 #endif
+#ifdef __linux__
+# include <sys/syscall.h>
+#endif
 #include <assert.h>
 #include <errno.h>
@@ -49,12 +52,14 @@ typedef struct Salsa20Random_ {
 #endif
     int           random_data_source_fd;
     int           initialized;
+    int           getrandom_available;
 } Salsa20Random;
 static Salsa20Random stream = {
     SODIUM_C99(.random_data_source_fd =) -1,
     SODIUM_C99(.rnd32_outleft =) (size_t) 0U,
-    SODIUM_C99(.initialized =) 0
+    SODIUM_C99(.initialized =) 0,
+    SODIUM_C99(.getrandom_available =) 0
 };
 static uint64_t
@@ -86,14 +91,14 @@ sodium_hrtime(void)
 #ifndef _WIN32
 static ssize_t
-safe_read(const int fd, void * const buf_, size_t count)
+safe_read(const int fd, void * const buf_, size_t size)
 {
     unsigned char *buf = (unsigned char *) buf_;
     ssize_t        readnb;
-    assert(count > (size_t) 0U);
+    assert(size > (size_t) 0U);
     do {
-        while ((readnb = read(fd, buf, count)) < (ssize_t) 0 &&
+        while ((readnb = read(fd, buf, size)) < (ssize_t) 0 &&
                (errno == EINTR || errno == EAGAIN));  /* LCOV_EXCL_LINE */
         if (readnb < (ssize_t) 0) {
             return readnb; /* LCOV_EXCL_LINE */
@@ -101,9 +106,9 @@ safe_read(const int fd, void * const buf_, size_t count)
         if (readnb == (ssize_t) 0) {
             break; /* LCOV_EXCL_LINE */
         }
-        count -= (size_t) readnb;
+        size -= (size_t) readnb;
         buf += readnb;
-    } while (count > (ssize_t) 0);
+    } while (size > (ssize_t) 0);
     return (ssize_t) (buf - (unsigned char *) buf_);
 }
@@ -145,6 +150,42 @@ randombytes_salsa20_random_random_dev_open(void)
 /* LCOV_EXCL_STOP */
 }
+#ifdef SYS_getrandom
+static int
+_randombytes_linux_getrandom(void * const buf, const size_t size)
+{
+    int readnb;
+    assert(size <= 256U);
+    do {
+        readnb = syscall(SYS_getrandom, buf, (int) size, 0);
+    } while (readnb < 0 && (errno == EINTR || errno == EAGAIN));
+    return (readnb == (int) size) - 1;
+}
+static int
+randombytes_linux_getrandom(void * const buf_, size_t size)
+{
+    unsigned char *buf = (unsigned char *) buf_;
+    size_t         chunk_size = 256U;
+    do {
+        if (size < chunk_size) {
+            chunk_size = size;
+            assert(chunk_size > (size_t) 0U);
+        }
+        if (_randombytes_linux_getrandom(buf, chunk_size) != 0) {
+            return -1;
+        }
+        size -= chunk_size;
+        buf += chunk_size;
+    } while (size > (size_t) 0U);
+    return 0;
+}
+#endif
 static void
 randombytes_salsa20_random_init(void)
 {
@@ -153,6 +194,19 @@ randombytes_salsa20_random_init(void)
     stream.nonce = sodium_hrtime();
     assert(stream.nonce != (uint64_t) 0U);
+# ifdef SYS_getrandom
+    {
+        unsigned char fodder[16];
+        if (randombytes_linux_getrandom(fodder, sizeof fodder) == 0) {
+            stream.getrandom_available = 1;
+            errno = errno_save;
+            return;
+        }
+        stream.getrandom_available = 0;
+    }
+# endif
     if ((stream.random_data_source_fd =
          randombytes_salsa20_random_random_dev_open()) == -1) {
         abort(); /* LCOV_EXCL_LINE */
@@ -191,10 +245,23 @@ randombytes_salsa20_random_stir(void)
         stream.initialized = 1;
     }
 #ifndef _WIN32
-    if (safe_read(stream.random_data_source_fd, m0,
+# ifdef SYS_getrandom
+    if (stream.getrandom_available != 0) {
+        if (randombytes_linux_getrandom(m0, sizeof m0) != 0) {
+            abort(); /* LCOV_EXCL_LINE */
+        }
+    } else if (stream.random_data_source_fd == -1 ||
+               safe_read(stream.random_data_source_fd, m0,
+                         sizeof m0) != (ssize_t) sizeof m0) {
+        abort(); /* LCOV_EXCL_LINE */
+    }
+# else
+    if (stream.random_data_source_fd == -1 ||
+        safe_read(stream.random_data_source_fd, m0,
                   sizeof m0) != (ssize_t) sizeof m0) {
         abort(); /* LCOV_EXCL_LINE */
     }
+# endif
 #else /* _WIN32 */
     if (! RtlGenRandom((PVOID) m0, (ULONG) sizeof m0)) {
         abort(); /* LCOV_EXCL_LINE */
@@ -277,6 +344,11 @@ randombytes_salsa20_random_close(void)
         stream.initialized = 0;
         ret = 0;
     }
+# ifdef SYS_getrandom
+    if (stream.getrandom_available != 0) {
+        ret = 0;
+    }
+# endif
 #else /* _WIN32 */
     if (stream.initialized != 0) {
         stream.initialized = 0;
@@ -295,7 +367,8 @@ randombytes_salsa20_random(void)
 void
 randombytes_salsa20_random_buf(void * const buf, const size_t size)
 {
-    int ret;
+    size_t i;
+    int    ret;
     randombytes_salsa20_random_stir_if_needed();
     COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_salsa20_NONCEBYTES);
@@ -306,35 +379,14 @@ randombytes_salsa20_random_buf(void * const buf, const size_t size)
     ret = crypto_stream_salsa20((unsigned char *) buf, (unsigned long long) size,
                                 (unsigned char *) &stream.nonce, stream.key);
     assert(ret == 0);
+    for (i = 0U; i < sizeof size; i++) {
+        stream.key[i] ^= ((const unsigned char *) (const void *) &size)[i];
+    }
     stream.nonce++;
     crypto_stream_salsa20_xor(stream.key, stream.key, sizeof stream.key,
                               (unsigned char *) &stream.nonce, stream.key);
 }
-/*
- * randombytes_salsa20_random_uniform() derives from OpenBSD's arc4random_uniform()
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- */
-uint32_t
-randombytes_salsa20_random_uniform(const uint32_t upper_bound)
-{
-    uint32_t min;
-    uint32_t r;
-    if (upper_bound < 2) {
-        return 0;
-    }
-    min = (uint32_t) (-upper_bound % upper_bound);
-    for (;;) {
-        r = randombytes_salsa20_random();
-        if (r >= min) {
-            break;
-        }
-    } /* LCOV_EXCL_LINE */
-    return r % upper_bound;
-}
 const char *
 randombytes_salsa20_implementation_name(void)
 {
@@ -345,7 +397,7 @@ struct randombytes_implementation randombytes_salsa20_implementation = {
     SODIUM_C99(.implementation_name =) randombytes_salsa20_implementation_name,
     SODIUM_C99(.random =) randombytes_salsa20_random,
     SODIUM_C99(.stir =) randombytes_salsa20_random_stir,
-    SODIUM_C99(.uniform =) randombytes_salsa20_random_uniform,
+    SODIUM_C99(.uniform =) NULL,
     SODIUM_C99(.buf =) randombytes_salsa20_random_buf,
     SODIUM_C99(.close =) randombytes_salsa20_random_close
 };