rbnacl-libsodium 1.0.5 → 1.0.6

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-round.h

@@ -0,0 +1,123 @@
+/*
+   BLAKE2 reference source code package - optimized C implementations
+
+   Written in 2012 by Samuel Neves <sneves@dei.uc.pt>
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along with
+   this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+*/
+
+#ifndef blake2b_round_H
+#define blake2b_round_H
+
+#ifndef BLAKE2_USE_SSSE3
+# error BLAKE2_USE_SSSE3 must be defined in order to use this file
+#endif
+
+#define LOADU(p)  _mm_loadu_si128( (const __m128i *)(const void *)(p) )
+#define STOREU(p,r) _mm_storeu_si128((__m128i *)(void *)(p), r)
+
+#define TOF(reg) _mm_castsi128_ps((reg))
+#define TOI(reg) _mm_castps_si128((reg))
+
+
+/* Microarchitecture-specific macros */
+#define _mm_roti_epi64(x, c) \
+    (-(c) == 32) ? _mm_shuffle_epi32((x), _MM_SHUFFLE(2,3,0,1))  \
+    : (-(c) == 24) ? _mm_shuffle_epi8((x), r24) \
+    : (-(c) == 16) ? _mm_shuffle_epi8((x), r16) \
+    : (-(c) == 63) ? _mm_xor_si128(_mm_srli_epi64((x), -(c)), _mm_add_epi64((x), (x)))  \
+    : _mm_xor_si128(_mm_srli_epi64((x), -(c)), _mm_slli_epi64((x), 64-(-(c))))
+
+
+#define G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1) \
+  row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); \
+  row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); \
+  \
+  row4l = _mm_xor_si128(row4l, row1l); \
+  row4h = _mm_xor_si128(row4h, row1h); \
+  \
+  row4l = _mm_roti_epi64(row4l, -32); \
+  row4h = _mm_roti_epi64(row4h, -32); \
+  \
+  row3l = _mm_add_epi64(row3l, row4l); \
+  row3h = _mm_add_epi64(row3h, row4h); \
+  \
+  row2l = _mm_xor_si128(row2l, row3l); \
+  row2h = _mm_xor_si128(row2h, row3h); \
+  \
+  row2l = _mm_roti_epi64(row2l, -24); \
+  row2h = _mm_roti_epi64(row2h, -24); \
+
+#define G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1) \
+  row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); \
+  row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); \
+  \
+  row4l = _mm_xor_si128(row4l, row1l); \
+  row4h = _mm_xor_si128(row4h, row1h); \
+  \
+  row4l = _mm_roti_epi64(row4l, -16); \
+  row4h = _mm_roti_epi64(row4h, -16); \
+  \
+  row3l = _mm_add_epi64(row3l, row4l); \
+  row3h = _mm_add_epi64(row3h, row4h); \
+  \
+  row2l = _mm_xor_si128(row2l, row3l); \
+  row2h = _mm_xor_si128(row2h, row3h); \
+  \
+  row2l = _mm_roti_epi64(row2l, -63); \
+  row2h = _mm_roti_epi64(row2h, -63); \
+
+#define DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \
+  t0 = _mm_alignr_epi8(row2h, row2l, 8); \
+  t1 = _mm_alignr_epi8(row2l, row2h, 8); \
+  row2l = t0; \
+  row2h = t1; \
+  \
+  t0 = row3l; \
+  row3l = row3h; \
+  row3h = t0;    \
+  \
+  t0 = _mm_alignr_epi8(row4h, row4l, 8); \
+  t1 = _mm_alignr_epi8(row4l, row4h, 8); \
+  row4l = t1; \
+  row4h = t0;
+
+#define UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \
+  t0 = _mm_alignr_epi8(row2l, row2h, 8); \
+  t1 = _mm_alignr_epi8(row2h, row2l, 8); \
+  row2l = t0; \
+  row2h = t1; \
+  \
+  t0 = row3l; \
+  row3l = row3h; \
+  row3h = t0; \
+  \
+  t0 = _mm_alignr_epi8(row4l, row4h, 8); \
+  t1 = _mm_alignr_epi8(row4h, row4l, 8); \
+  row4l = t1; \
+  row4h = t0;
+
+#if defined(BLAKE2_USE_SSE41)
+#include "blake2b-load-sse41.h"
+#else
+#include "blake2b-load-sse2.h"
+#endif
+
+#define ROUND(r) \
+  LOAD_MSG_ ##r ##_1(b0, b1); \
+  G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \
+  LOAD_MSG_ ##r ##_2(b0, b1); \
+  G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \
+  DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \
+  LOAD_MSG_ ##r ##_3(b0, b1); \
+  G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \
+  LOAD_MSG_ ##r ##_4(b0, b1); \
+  G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \
+  UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h);
+
+#endif

data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/generichash_blake2b.c

@@ -106,3 +106,9 @@ crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state,
     assert(outlen <= UINT8_MAX);
     return blake2b_final(state, (uint8_t *) out, (uint8_t) outlen);
 }
+
+int
+_crypto_generichash_blake2b_pick_best_implementation(void)
+{
+    return blake2b_pick_best_implementation();
+}

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/auth_poly1305_donna.c

@@ -1,4 +1,5 @@
 
+#include "crypto_verify_16.h"
 #include "utils.h"
 #include "poly1305_donna.h"
 #ifdef HAVE_TI_MODE
@@ -6,6 +7,7 @@
 #else
 # include "poly1305_donna32.h"
 #endif
+#include "../onetimeauth_poly1305.h"
 
 static void
 poly1305_update(poly1305_context *ctx, const unsigned char *m,
@@ -45,7 +47,7 @@ poly1305_update(poly1305_context *ctx, const unsigned char *m,
     }
 }
 
-int
+static int
 crypto_onetimeauth_poly1305_donna(unsigned char *out, const unsigned char *m,
                                   unsigned long long inlen,
                                   const unsigned char *key)
@@ -58,7 +60,7 @@ crypto_onetimeauth_poly1305_donna(unsigned char *out, const unsigned char *m,
     return 0;
 }
 
-int
+static int
 crypto_onetimeauth_poly1305_donna_init(crypto_onetimeauth_poly1305_state *state,
                                        const unsigned char *key)
 {
@@ -67,7 +69,7 @@ crypto_onetimeauth_poly1305_donna_init(crypto_onetimeauth_poly1305_state *state,
     return 0;
 }
 
-int
+static int
 crypto_onetimeauth_poly1305_donna_update(crypto_onetimeauth_poly1305_state *state,
                                          const unsigned char *in,
                                          unsigned long long inlen)
@@ -77,7 +79,7 @@ crypto_onetimeauth_poly1305_donna_update(crypto_onetimeauth_poly1305_state *stat
     return 0;
 }
 
-int
+static int
 crypto_onetimeauth_poly1305_donna_final(crypto_onetimeauth_poly1305_state *state,
                                         unsigned char *out)
 {
@@ -86,17 +88,20 @@ crypto_onetimeauth_poly1305_donna_final(crypto_onetimeauth_poly1305_state *state
     return 0;
 }
 
-/* LCOV_EXCL_START */
-const char *
-crypto_onetimeauth_poly1305_donna_implementation_name(void)
+static int
+crypto_onetimeauth_poly1305_donna_verify(const unsigned char *h,
+                                         const unsigned char *in,
+                                         unsigned long long inlen,
+                                         const unsigned char *k)
 {
-    return POLY1305_IMPLEMENTATION_NAME;
+    unsigned char correct[16];
+
+    crypto_onetimeauth_poly1305_donna(correct,in,inlen,k);
+    return crypto_verify_16(h,correct);
 }
-/* LCOV_EXCL_STOP */
 
 struct crypto_onetimeauth_poly1305_implementation
 crypto_onetimeauth_poly1305_donna_implementation = {
-    SODIUM_C99(.implementation_name =) crypto_onetimeauth_poly1305_donna_implementation_name,
     SODIUM_C99(.onetimeauth =) crypto_onetimeauth_poly1305_donna,
     SODIUM_C99(.onetimeauth_verify =) crypto_onetimeauth_poly1305_donna_verify,
     SODIUM_C99(.onetimeauth_init =) crypto_onetimeauth_poly1305_donna_init,

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h

@@ -10,26 +10,26 @@ typedef crypto_onetimeauth_poly1305_state poly1305_context;
 extern struct crypto_onetimeauth_poly1305_implementation
     crypto_onetimeauth_poly1305_donna_implementation;
 
-const char *crypto_onetimeauth_poly1305_donna_implementation_name(void);
+static const char *crypto_onetimeauth_poly1305_donna_implementation_name(void);
 
-int crypto_onetimeauth_poly1305_donna(unsigned char *out,
-                                      const unsigned char *in,
-                                      unsigned long long inlen,
-                                      const unsigned char *k);
-
-int crypto_onetimeauth_poly1305_donna_verify(const unsigned char *h,
+static int crypto_onetimeauth_poly1305_donna(unsigned char *out,
                                              const unsigned char *in,
                                              unsigned long long inlen,
                                              const unsigned char *k);
 
-int crypto_onetimeauth_poly1305_donna_init(crypto_onetimeauth_poly1305_state *state,
-                                           const unsigned char *key);
+static int crypto_onetimeauth_poly1305_donna_verify(const unsigned char *h,
+                                                    const unsigned char *in,
+                                                    unsigned long long inlen,
+                                                    const unsigned char *k);
 
-int crypto_onetimeauth_poly1305_donna_update(crypto_onetimeauth_poly1305_state *state,
-                                             const unsigned char *in,
-                                             unsigned long long inlen);
+static int crypto_onetimeauth_poly1305_donna_init(crypto_onetimeauth_poly1305_state *state,
+                                                  const unsigned char *key);
+
+static int crypto_onetimeauth_poly1305_donna_update(crypto_onetimeauth_poly1305_state *state,
+                                                    const unsigned char *in,
+                                                    unsigned long long inlen);
 
-int crypto_onetimeauth_poly1305_donna_final(crypto_onetimeauth_poly1305_state *state,
-                                            unsigned char *out);
+static int crypto_onetimeauth_poly1305_donna_final(crypto_onetimeauth_poly1305_state *state,
+                                                   unsigned char *out);
 
 #endif /* __POLY1305_DONNA_H__ */

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h

@@ -2,8 +2,6 @@
         poly1305 implementation using 32 bit * 32 bit = 64 bit multiplication and 64 bit addition
 */
 
-#define POLY1305_IMPLEMENTATION_NAME "donna32"
-
 #if defined(_MSC_VER)
 # define POLY1305_NOINLINE __declspec(noinline)
 #elif defined(__GNUC__)

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h

@@ -2,8 +2,6 @@
         poly1305 implementation using 64 bit * 64 bit = 128 bit multiplication and 128 bit addition
 */
 
-#define POLY1305_IMPLEMENTATION_NAME "donna64"
-
 #if defined(__SIZEOF_INT128__)
 typedef unsigned __int128 uint128_t;
 #else

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c

@@ -1,26 +1,11 @@
 
 #include "crypto_onetimeauth_poly1305.h"
 #include "donna/poly1305_donna.h"
+#include "onetimeauth_poly1305.h"
 
-/* LCOV_EXCL_START */
 static const crypto_onetimeauth_poly1305_implementation *implementation =
     &crypto_onetimeauth_poly1305_donna_implementation;
 
-int
-crypto_onetimeauth_poly1305_set_implementation(crypto_onetimeauth_poly1305_implementation *impl)
-{
-    implementation = impl;
-
-    return 0;
-}
-
-const char *
-crypto_onetimeauth_poly1305_implementation_name(void)
-{
-    return implementation->implementation_name();
-}
-/* LCOV_EXCL_STOP */
-
 int
 crypto_onetimeauth_poly1305(unsigned char *out, const unsigned char *in,
                             unsigned long long inlen, const unsigned char *k)
@@ -58,3 +43,20 @@ crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state,
 {
     return implementation->onetimeauth_final(state, out);
 }
+
+size_t
+crypto_onetimeauth_poly1305_bytes(void) {
+    return crypto_onetimeauth_poly1305_BYTES;
+}
+
+size_t
+crypto_onetimeauth_poly1305_keybytes(void) {
+    return crypto_onetimeauth_poly1305_KEYBYTES;
+}
+
+int
+_crypto_onetimeauth_poly1305_pick_best_implementation(void)
+{
+    implementation = &crypto_onetimeauth_poly1305_donna_implementation;
+    return 0;
+}

data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.h

@@ -0,0 +1,23 @@
+
+#ifndef onetimeauth_poly1305_H
+#define onetimeauth_poly1305_H
+
+typedef struct crypto_onetimeauth_poly1305_implementation {
+    int (*onetimeauth)(unsigned char *out,
+                       const unsigned char *in,
+                       unsigned long long inlen,
+                       const unsigned char *k);
+    int (*onetimeauth_verify)(const unsigned char *h,
+                              const unsigned char *in,
+                              unsigned long long inlen,
+                              const unsigned char *k);
+    int (*onetimeauth_init)(crypto_onetimeauth_poly1305_state *state,
+                            const unsigned char *key);
+    int (*onetimeauth_update)(crypto_onetimeauth_poly1305_state *state,
+                              const unsigned char *in,
+                              unsigned long long inlen);
+    int (*onetimeauth_final)(crypto_onetimeauth_poly1305_state *state,
+                             unsigned char *out);
+} crypto_onetimeauth_poly1305_implementation;
+
+#endif

data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c

@@ -24,10 +24,10 @@
  * SUCH DAMAGE.
  */
 
+#include <stdlib.h>
 #include <sys/types.h>
 
 #include <stdint.h>
-#include <stdlib.h>
 #include <string.h>
 
 #include "crypto_auth_hmacsha256.h"
@@ -53,7 +53,7 @@ PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
     int             k;
     size_t          clen;
 
-    if (dkLen > 0x1fffffffe0UL) {
+    if (dkLen > 0x1fffffffe0ULL) {
         abort();
     }
     crypto_auth_hmacsha256_init(&PShctx, passwd, passwdlen);

data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/api.h

@@ -1,9 +1,6 @@
 
 #include "crypto_scalarmult_curve25519.h"
 
-#define crypto_scalarmult_curve25519_implementation_name \
-    crypto_scalarmult_curve25519_donna_c64_implementation_name
-
 #define crypto_scalarmult crypto_scalarmult_curve25519
 #define crypto_scalarmult_base crypto_scalarmult_curve25519_base
 

data/vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c

@@ -52,7 +52,9 @@ crypto_secretbox_detached(unsigned char *c, unsigned char *mac,
                       crypto_onetimeauth_poly1305_KEYBYTES ? 1 : -1]);
     crypto_onetimeauth_poly1305_init(&state, block0);
 
-    memcpy(c, block0 + crypto_secretbox_ZEROBYTES, mlen0);
+    for (i = 0U; i < mlen0; i++) {
+        c[i] = block0[crypto_secretbox_ZEROBYTES + i];
+    }
     sodium_memzero(block0, sizeof block0);
     if (mlen > mlen0) {
         crypto_stream_salsa20_xor_ic(c + mlen0, m + mlen0, mlen - mlen0,
@@ -109,7 +111,9 @@ crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c,
     if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) {
         mlen0 = 64U - crypto_secretbox_ZEROBYTES;
     }
-    memcpy(block0 + crypto_secretbox_ZEROBYTES, c, mlen0);
+    for (i = 0U; i < mlen0; i++) {
+        block0[crypto_secretbox_ZEROBYTES + i] = c[i];
+    }
     crypto_stream_salsa20_xor(block0, block0,
                               crypto_secretbox_ZEROBYTES + mlen0,
                               n + 16, subkey);

data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c

@@ -8,6 +8,7 @@
  */
 
 #include <stdint.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include "api.h"
@@ -131,6 +132,7 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, unsigned long long bytes
 
     for (;;) {
         if (bytes < 64) {
+            memset(tmp, 0, 64);
             for (i = 0; i < bytes; ++i) {
                 tmp[i] = m[i];
             }
@@ -266,6 +268,9 @@ crypto_stream_chacha20_ietf_ref(unsigned char *c, unsigned long long clen,
     if (!clen) {
         return 0;
     }
+    if (clen > 64ULL * (1ULL << 32) - 64ULL) {
+        abort();
+    }
     (void) sizeof(int[crypto_stream_chacha20_KEYBYTES == 256 / 8 ? 1 : -1]);
     chacha_keysetup(&ctx, k);
     chacha_ietf_ivsetup(&ctx, n, NULL);

data/vendor/libsodium/src/libsodium/include/Makefile.in

@@ -231,7 +231,7 @@ CFLAGS_MMX = @CFLAGS_MMX@
 CFLAGS_PCLMUL = @CFLAGS_PCLMUL@
 CFLAGS_SSE2 = @CFLAGS_SSE2@
 CFLAGS_SSE3 = @CFLAGS_SSE3@
-CFLAGS_SSE4_1 = @CFLAGS_SSE4_1@
+CFLAGS_SSE41 = @CFLAGS_SSE41@
 CFLAGS_SSSE3 = @CFLAGS_SSSE3@
 CPP = @CPP@
 CPPFLAGS = @CPPFLAGS@

data/vendor/libsodium/src/libsodium/include/sodium/core.h

@@ -9,7 +9,8 @@ extern "C" {
 #endif
 
 SODIUM_EXPORT
-int sodium_init(void);
+int sodium_init(void)
+            __attribute__ ((warn_unused_result));
 
 #ifdef __cplusplus
 }