rbnacl-libsodium 1.0.6 → 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGES.md +4 -0
- data/lib/rbnacl/libsodium/version.rb +1 -1
- data/vendor/libsodium/AUTHORS +10 -3
- data/vendor/libsodium/ChangeLog +19 -1
- data/vendor/libsodium/Makefile.in +1 -0
- data/vendor/libsodium/README.markdown +1 -1
- data/vendor/libsodium/THANKS +1 -0
- data/vendor/libsodium/autogen.sh +24 -4
- data/vendor/libsodium/autom4te.cache/output.1 +208 -24
- data/vendor/libsodium/autom4te.cache/output.5 +208 -24
- data/vendor/libsodium/autom4te.cache/requests +869 -869
- data/vendor/libsodium/autom4te.cache/traces.1 +426 -406
- data/vendor/libsodium/autom4te.cache/traces.5 +255 -245
- data/vendor/libsodium/builds/msvc/version.h +2 -2
- data/vendor/libsodium/builds/msvc/vs2010/libsodium/libsodium.vcxproj +14 -44
- data/vendor/libsodium/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters +36 -132
- data/vendor/libsodium/builds/msvc/vs2012/libsodium/libsodium.vcxproj +14 -44
- data/vendor/libsodium/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters +36 -132
- data/vendor/libsodium/builds/msvc/vs2013/libsodium/libsodium.vcxproj +14 -44
- data/vendor/libsodium/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters +36 -132
- data/vendor/libsodium/builds/msvc/vs2015/libsodium/libsodium.vcxproj +14 -44
- data/vendor/libsodium/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters +62 -158
- data/vendor/libsodium/configure +208 -24
- data/vendor/libsodium/configure.ac +70 -15
- data/vendor/libsodium/dist-build/Makefile.in +1 -0
- data/vendor/libsodium/dist-build/emscripten.sh +52 -19
- data/vendor/libsodium/dist-build/ios.sh +8 -8
- data/vendor/libsodium/dist-build/msys2-win32.sh +2 -1
- data/vendor/libsodium/dist-build/msys2-win64.sh +2 -1
- data/vendor/libsodium/dist-build/osx.sh +2 -2
- data/vendor/libsodium/examples/box.c +3 -1
- data/vendor/libsodium/examples/box_detached.c +4 -2
- data/vendor/libsodium/examples/utils.h +3 -1
- data/vendor/libsodium/libsodium.vcxproj +13 -13
- data/vendor/libsodium/libsodium.vcxproj.filters +31 -35
- data/vendor/libsodium/msvc-scripts/Makefile.in +1 -0
- data/vendor/libsodium/msvc-scripts/process.bat +2 -2
- data/vendor/libsodium/src/Makefile.in +1 -0
- data/vendor/libsodium/src/libsodium/Makefile.am +43 -45
- data/vendor/libsodium/src/libsodium/Makefile.in +250 -249
- data/vendor/libsodium/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c +28 -22
- data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha256/cp/hmac_hmacsha256.c +3 -4
- data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha256/cp/verify_hmacsha256.c +3 -3
- data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512/cp/hmac_hmacsha512.c +3 -4
- data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512/cp/verify_hmacsha512.c +4 -4
- data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/cp/hmac_hmacsha512256.c +4 -4
- data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/cp/verify_hmacsha512256.c +6 -4
- data/vendor/libsodium/src/libsodium/crypto_box/crypto_box_easy.c +6 -2
- data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/after_curve25519xsalsa20poly1305.c +3 -3
- data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/before_curve25519xsalsa20poly1305.c +5 -3
- data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/box_curve25519xsalsa20poly1305.c +13 -9
- data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/keypair_curve25519xsalsa20poly1305.c +3 -3
- data/vendor/libsodium/src/libsodium/crypto_core/hsalsa20/ref2/core_hsalsa20.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_core/salsa20/ref/core_salsa20.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_core/salsa2012/ref/core_salsa2012.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_core/salsa208/ref/core_salsa208.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2.h +2 -2
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c +36 -26
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/generichash_blake2b.c +1 -1
- data/vendor/libsodium/src/libsodium/crypto_generichash/crypto_generichash.c +1 -2
- data/vendor/libsodium/src/libsodium/crypto_hash/sha256/cp/hash_sha256.c +2 -3
- data/vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/hash_sha512.c +2 -3
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/{auth_poly1305_donna.c → poly1305_donna.c} +18 -11
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h +1 -5
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h +10 -9
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h +17 -9
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c +10 -1
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c +708 -0
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.h +31 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h +1 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/crypto_scalarmult.c +11 -12
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/{smult_curve25519_donna_c64.c → curve25519_donna_c64.c} +32 -15
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/curve25519_donna_c64.h +9 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/curve25519_ref10.c +73 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/curve25519_ref10.h +9 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/fe_frombytes_curve25519_ref10.c +1 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts.S +25 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts_namespace.h +20 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.c +114 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/curve25519_sandy2x.h +9 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe.h +25 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51.h +33 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_invert.c +57 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S +189 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_namespace.h +16 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S +165 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S +219 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c +76 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S +1432 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.h +18 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S +1287 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.h +18 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base_namespace.h +8 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_namespace.h +8 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/sandy2x.S +17 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.c +67 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519.h +11 -0
- data/vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/box_xsalsa20poly1305.c +3 -3
- data/vendor/libsodium/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash24.c +3 -2
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge.h +2 -0
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/ge_double_scalarmult.c +42 -0
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/keypair.c +7 -7
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c +113 -0
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/open.c +10 -7
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/sign.c +10 -10
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/afternm_aes128ctr.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/beforenm_aes128ctr.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/stream_aes128ctr.c +10 -9
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/xor_afternm_aes128ctr.c +2 -3
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c +72 -68
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/{api.h → stream_chacha20_ref.h} +5 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/{stream_chacha20_api.c → stream_chacha20.c} +27 -7
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/stream_chacha20.h +22 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/vec/stream_chacha20_vec.c +329 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/vec/stream_chacha20_vec.h +27 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/amd64_xmm6/stream_salsa20_amd64_xmm6.S +1 -1
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/ref/stream_salsa20_ref.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/ref/xor_salsa20_ref.c +1 -1
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/ref/xor_salsa2012.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/ref/xor_salsa208.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/ref/stream_xsalsa20.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/ref/xor_xsalsa20.c +4 -4
- data/vendor/libsodium/src/libsodium/crypto_verify/16/ref/verify_16.c +14 -21
- data/vendor/libsodium/src/libsodium/crypto_verify/32/ref/verify_32.c +14 -37
- data/vendor/libsodium/src/libsodium/crypto_verify/64/ref/verify_64.c +14 -69
- data/vendor/libsodium/src/libsodium/include/Makefile.in +1 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_box.h +8 -4
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h +4 -2
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_generichash_blake2b.h +2 -2
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h +2 -3
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_scalarmult.h +2 -1
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h +6 -1
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_stream_chacha20.h +5 -0
- data/vendor/libsodium/src/libsodium/include/sodium/randombytes_nativeclient.h +6 -20
- data/vendor/libsodium/src/libsodium/include/sodium/randombytes_salsa20_random.h +1 -28
- data/vendor/libsodium/src/libsodium/include/sodium/randombytes_sysrandom.h +1 -27
- data/vendor/libsodium/src/libsodium/include/sodium/runtime.h +3 -0
- data/vendor/libsodium/src/libsodium/include/sodium/utils.h +6 -0
- data/vendor/libsodium/src/libsodium/randombytes/nativeclient/randombytes_nativeclient.c +3 -3
- data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +58 -51
- data/vendor/libsodium/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +23 -18
- data/vendor/libsodium/src/libsodium/sodium/core.c +4 -0
- data/vendor/libsodium/src/libsodium/sodium/runtime.c +34 -15
- data/vendor/libsodium/src/libsodium/sodium/utils.c +104 -14
- data/vendor/libsodium/test/Makefile.in +1 -0
- data/vendor/libsodium/test/default/Makefile.in +1 -0
- data/vendor/libsodium/test/default/auth.c +5 -5
- data/vendor/libsodium/test/default/auth2.c +3 -3
- data/vendor/libsodium/test/default/auth3.c +3 -3
- data/vendor/libsodium/test/default/auth5.c +4 -4
- data/vendor/libsodium/test/default/auth6.c +3 -3
- data/vendor/libsodium/test/default/auth7.c +4 -4
- data/vendor/libsodium/test/default/box.c +13 -9
- data/vendor/libsodium/test/default/box2.c +11 -8
- data/vendor/libsodium/test/default/box7.c +11 -9
- data/vendor/libsodium/test/default/box8.c +32 -19
- data/vendor/libsodium/test/default/box_easy.c +31 -10
- data/vendor/libsodium/test/default/box_easy.exp +3 -19
- data/vendor/libsodium/test/default/box_easy2.c +30 -15
- data/vendor/libsodium/test/default/box_seed.c +1 -1
- data/vendor/libsodium/test/default/cmptest.h +22 -1
- data/vendor/libsodium/test/default/core1.c +6 -5
- data/vendor/libsodium/test/default/core2.c +6 -5
- data/vendor/libsodium/test/default/core3.c +8 -7
- data/vendor/libsodium/test/default/core4.c +11 -8
- data/vendor/libsodium/test/default/core5.c +7 -5
- data/vendor/libsodium/test/default/core6.c +8 -6
- data/vendor/libsodium/test/default/generichash.c +0 -15
- data/vendor/libsodium/test/default/generichash.exp +0 -1
- data/vendor/libsodium/test/default/generichash3.c +1 -21
- data/vendor/libsodium/test/default/generichash3.exp +1 -1
- data/vendor/libsodium/test/default/hash.c +3 -3
- data/vendor/libsodium/test/default/hash3.c +2 -2
- data/vendor/libsodium/test/default/index.html.tpl +84 -0
- data/vendor/libsodium/test/default/onetimeauth.c +3 -3
- data/vendor/libsodium/test/default/onetimeauth2.c +5 -4
- data/vendor/libsodium/test/default/onetimeauth7.c +4 -4
- data/vendor/libsodium/test/default/pre.js.inc +14 -6
- data/vendor/libsodium/test/default/randombytes.c +2 -2
- data/vendor/libsodium/test/default/scalarmult.c +19 -6
- data/vendor/libsodium/test/default/scalarmult.exp +1 -0
- data/vendor/libsodium/test/default/scalarmult2.c +2 -2
- data/vendor/libsodium/test/default/scalarmult5.c +6 -4
- data/vendor/libsodium/test/default/scalarmult6.c +5 -3
- data/vendor/libsodium/test/default/scalarmult7.c +11 -7
- data/vendor/libsodium/test/default/secretbox.c +7 -6
- data/vendor/libsodium/test/default/secretbox2.c +7 -6
- data/vendor/libsodium/test/default/secretbox7.c +5 -5
- data/vendor/libsodium/test/default/secretbox8.c +5 -5
- data/vendor/libsodium/test/default/secretbox_easy.c +27 -17
- data/vendor/libsodium/test/default/secretbox_easy.exp +7 -95
- data/vendor/libsodium/test/default/secretbox_easy2.c +22 -10
- data/vendor/libsodium/test/default/sign.c +5 -0
- data/vendor/libsodium/test/default/sodium_utils.c +73 -0
- data/vendor/libsodium/test/default/sodium_utils.exp +6 -0
- data/vendor/libsodium/test/default/stream.c +7 -6
- data/vendor/libsodium/test/default/stream2.c +4 -4
- data/vendor/libsodium/test/default/stream3.c +6 -5
- data/vendor/libsodium/test/default/stream4.c +7 -6
- data/vendor/libsodium/test/default/verify1.c +61 -18
- data/vendor/libsodium/test/default/verify1.exp +2 -6
- metadata +37 -44
- data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha256/cp/api.h +0 -9
- data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512/cp/api.h +0 -9
- data/vendor/libsodium/src/libsodium/crypto_auth/hmacsha512256/cp/api.h +0 -9
- data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/api.h +0 -20
- data/vendor/libsodium/src/libsodium/crypto_core/hsalsa20/ref2/api.h +0 -10
- data/vendor/libsodium/src/libsodium/crypto_core/salsa20/ref/api.h +0 -10
- data/vendor/libsodium/src/libsodium/crypto_core/salsa2012/ref/api.h +0 -10
- data/vendor/libsodium/src/libsodium/crypto_core/salsa208/ref/api.h +0 -10
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/api.h +0 -2
- data/vendor/libsodium/src/libsodium/crypto_hash/sha256/cp/api.h +0 -10
- data/vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/api.h +0 -10
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/api.h +0 -6
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/base_curve25519_donna_c64.c +0 -13
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/api.h +0 -5
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/base_curve25519_ref10.c +0 -14
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/scalarmult_curve25519_ref10.c +0 -54
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/scalarmult_curve25519_api.c +0 -14
- data/vendor/libsodium/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/api.h +0 -11
- data/vendor/libsodium/src/libsodium/crypto_shorthash/siphash24/ref/api.h +0 -7
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/api.h +0 -15
- data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/api.h +0 -12
- data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519.h +0 -54
- data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/fe25519_edwards25519sha512batch.c +0 -348
- data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519.h +0 -34
- data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/ge25519_edwards25519sha512batch.c +0 -230
- data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519.h +0 -51
- data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sc25519_edwards25519sha512batch.c +0 -150
- data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/ref/sign_edwards25519sha512batch.c +0 -106
- data/vendor/libsodium/src/libsodium/crypto_sign/edwards25519sha512batch/sign_edwards25519sha512batch_api.c +0 -16
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/api.h +0 -13
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/amd64_xmm6/api.h +0 -1
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/ref/api.h +0 -5
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/ref/api.h +0 -10
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/ref/api.h +0 -9
- data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/ref/api.h +0 -11
- data/vendor/libsodium/src/libsodium/crypto_verify/16/ref/api.h +0 -2
- data/vendor/libsodium/src/libsodium/crypto_verify/32/ref/api.h +0 -2
- data/vendor/libsodium/src/libsodium/crypto_verify/64/ref/api.h +0 -2
|
@@ -2,12 +2,12 @@
|
|
|
2
2
|
* Date: 2009-03-19
|
|
3
3
|
* Public domain */
|
|
4
4
|
|
|
5
|
-
#include "
|
|
5
|
+
#include "crypto_stream_aes128ctr.h"
|
|
6
6
|
#include "int128.h"
|
|
7
7
|
#include "common.h"
|
|
8
8
|
#include "consts.h"
|
|
9
9
|
|
|
10
|
-
int
|
|
10
|
+
int crypto_stream_aes128ctr_afternm(unsigned char *out, unsigned long long len, const unsigned char *nonce, const unsigned char *c)
|
|
11
11
|
{
|
|
12
12
|
|
|
13
13
|
int128 xmm0;
|
|
@@ -2,12 +2,12 @@
|
|
|
2
2
|
* Date: 2009-03-19
|
|
3
3
|
* Public domain */
|
|
4
4
|
|
|
5
|
-
#include "
|
|
5
|
+
#include "crypto_stream_aes128ctr.h"
|
|
6
6
|
#include "consts.h"
|
|
7
7
|
#include "int128.h"
|
|
8
8
|
#include "common.h"
|
|
9
9
|
|
|
10
|
-
int
|
|
10
|
+
int crypto_stream_aes128ctr_beforenm(unsigned char *c, const unsigned char *k)
|
|
11
11
|
{
|
|
12
12
|
|
|
13
13
|
/*
|
|
@@ -1,19 +1,20 @@
|
|
|
1
|
-
#include "api.h"
|
|
2
1
|
|
|
3
|
-
|
|
2
|
+
#include "crypto_stream_aes128ctr.h"
|
|
3
|
+
|
|
4
|
+
int crypto_stream_aes128ctr(
|
|
4
5
|
unsigned char *out,
|
|
5
6
|
unsigned long long outlen,
|
|
6
7
|
const unsigned char *n,
|
|
7
8
|
const unsigned char *k
|
|
8
9
|
)
|
|
9
10
|
{
|
|
10
|
-
unsigned char d[
|
|
11
|
-
|
|
12
|
-
|
|
11
|
+
unsigned char d[crypto_stream_aes128ctr_BEFORENMBYTES];
|
|
12
|
+
crypto_stream_aes128ctr_beforenm(d, k);
|
|
13
|
+
crypto_stream_aes128ctr_afternm(out, outlen, n, d);
|
|
13
14
|
return 0;
|
|
14
15
|
}
|
|
15
16
|
|
|
16
|
-
int
|
|
17
|
+
int crypto_stream_aes128ctr_xor(
|
|
17
18
|
unsigned char *out,
|
|
18
19
|
const unsigned char *in,
|
|
19
20
|
unsigned long long inlen,
|
|
@@ -21,8 +22,8 @@ int crypto_stream_xor(
|
|
|
21
22
|
const unsigned char *k
|
|
22
23
|
)
|
|
23
24
|
{
|
|
24
|
-
unsigned char d[
|
|
25
|
-
|
|
26
|
-
|
|
25
|
+
unsigned char d[crypto_stream_aes128ctr_BEFORENMBYTES];
|
|
26
|
+
crypto_stream_aes128ctr_beforenm(d, k);
|
|
27
|
+
crypto_stream_aes128ctr_xor_afternm(out, in, inlen, n, d);
|
|
27
28
|
return 0;
|
|
28
29
|
}
|
data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/xor_afternm_aes128ctr.c
CHANGED
|
@@ -2,13 +2,12 @@
|
|
|
2
2
|
* Date: 2009-03-19
|
|
3
3
|
* Public domain */
|
|
4
4
|
|
|
5
|
-
#include
|
|
6
|
-
#include "api.h"
|
|
5
|
+
#include "crypto_stream_aes128ctr.h"
|
|
7
6
|
#include "int128.h"
|
|
8
7
|
#include "common.h"
|
|
9
8
|
#include "consts.h"
|
|
10
9
|
|
|
11
|
-
int
|
|
10
|
+
int crypto_stream_aes128ctr_xor_afternm(unsigned char *out, const unsigned char *in, unsigned long long len, const unsigned char *nonce, const unsigned char *c)
|
|
12
11
|
{
|
|
13
12
|
|
|
14
13
|
int128 xmm0;
|
|
@@ -1,6 +1,4 @@
|
|
|
1
1
|
|
|
2
|
-
/* $OpenBSD: chacha.c,v 1.1 2013/11/21 00:45:44 djm Exp $ */
|
|
3
|
-
|
|
4
2
|
/*
|
|
5
3
|
chacha-merged.c version 20080118
|
|
6
4
|
D. J. Bernstein
|
|
@@ -11,9 +9,10 @@
|
|
|
11
9
|
#include <stdlib.h>
|
|
12
10
|
#include <string.h>
|
|
13
11
|
|
|
14
|
-
#include "api.h"
|
|
15
|
-
#include "crypto_stream_chacha20.h"
|
|
16
12
|
#include "utils.h"
|
|
13
|
+
#include "crypto_stream_chacha20.h"
|
|
14
|
+
#include "stream_chacha20_ref.h"
|
|
15
|
+
#include "../stream_chacha20.h"
|
|
17
16
|
|
|
18
17
|
struct chacha_ctx {
|
|
19
18
|
uint32_t input[16];
|
|
@@ -63,46 +62,46 @@ static const unsigned char sigma[16] = {
|
|
|
63
62
|
};
|
|
64
63
|
|
|
65
64
|
static void
|
|
66
|
-
chacha_keysetup(chacha_ctx *
|
|
65
|
+
chacha_keysetup(chacha_ctx *ctx, const u8 *k)
|
|
67
66
|
{
|
|
68
67
|
const unsigned char *constants;
|
|
69
68
|
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
69
|
+
ctx->input[4] = U8TO32_LITTLE(k + 0);
|
|
70
|
+
ctx->input[5] = U8TO32_LITTLE(k + 4);
|
|
71
|
+
ctx->input[6] = U8TO32_LITTLE(k + 8);
|
|
72
|
+
ctx->input[7] = U8TO32_LITTLE(k + 12);
|
|
74
73
|
k += 16;
|
|
75
74
|
constants = sigma;
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
75
|
+
ctx->input[8] = U8TO32_LITTLE(k + 0);
|
|
76
|
+
ctx->input[9] = U8TO32_LITTLE(k + 4);
|
|
77
|
+
ctx->input[10] = U8TO32_LITTLE(k + 8);
|
|
78
|
+
ctx->input[11] = U8TO32_LITTLE(k + 12);
|
|
79
|
+
ctx->input[0] = U8TO32_LITTLE(constants + 0);
|
|
80
|
+
ctx->input[1] = U8TO32_LITTLE(constants + 4);
|
|
81
|
+
ctx->input[2] = U8TO32_LITTLE(constants + 8);
|
|
82
|
+
ctx->input[3] = U8TO32_LITTLE(constants + 12);
|
|
84
83
|
}
|
|
85
84
|
|
|
86
85
|
static void
|
|
87
|
-
chacha_ivsetup(chacha_ctx *
|
|
86
|
+
chacha_ivsetup(chacha_ctx *ctx, const u8 *iv, const u8 *counter)
|
|
88
87
|
{
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
88
|
+
ctx->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 0);
|
|
89
|
+
ctx->input[13] = counter == NULL ? 0 : U8TO32_LITTLE(counter + 4);
|
|
90
|
+
ctx->input[14] = U8TO32_LITTLE(iv + 0);
|
|
91
|
+
ctx->input[15] = U8TO32_LITTLE(iv + 4);
|
|
93
92
|
}
|
|
94
93
|
|
|
95
94
|
static void
|
|
96
|
-
chacha_ietf_ivsetup(chacha_ctx *
|
|
95
|
+
chacha_ietf_ivsetup(chacha_ctx *ctx, const u8 *iv, const u8 *counter)
|
|
97
96
|
{
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
97
|
+
ctx->input[12] = counter == NULL ? 0 : U8TO32_LITTLE(counter);
|
|
98
|
+
ctx->input[13] = U8TO32_LITTLE(iv + 0);
|
|
99
|
+
ctx->input[14] = U8TO32_LITTLE(iv + 4);
|
|
100
|
+
ctx->input[15] = U8TO32_LITTLE(iv + 8);
|
|
102
101
|
}
|
|
103
102
|
|
|
104
103
|
static void
|
|
105
|
-
chacha_encrypt_bytes(chacha_ctx *
|
|
104
|
+
chacha_encrypt_bytes(chacha_ctx *ctx, const u8 *m, u8 *c, unsigned long long bytes)
|
|
106
105
|
{
|
|
107
106
|
u32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15;
|
|
108
107
|
u32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15;
|
|
@@ -113,22 +112,25 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, unsigned long long bytes
|
|
|
113
112
|
if (!bytes) {
|
|
114
113
|
return; /* LCOV_EXCL_LINE */
|
|
115
114
|
}
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
124
|
-
|
|
125
|
-
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
129
|
-
|
|
130
|
-
|
|
131
|
-
|
|
115
|
+
if (bytes > 64ULL * (1ULL << 32) - 64ULL) {
|
|
116
|
+
abort();
|
|
117
|
+
}
|
|
118
|
+
j0 = ctx->input[0];
|
|
119
|
+
j1 = ctx->input[1];
|
|
120
|
+
j2 = ctx->input[2];
|
|
121
|
+
j3 = ctx->input[3];
|
|
122
|
+
j4 = ctx->input[4];
|
|
123
|
+
j5 = ctx->input[5];
|
|
124
|
+
j6 = ctx->input[6];
|
|
125
|
+
j7 = ctx->input[7];
|
|
126
|
+
j8 = ctx->input[8];
|
|
127
|
+
j9 = ctx->input[9];
|
|
128
|
+
j10 = ctx->input[10];
|
|
129
|
+
j11 = ctx->input[11];
|
|
130
|
+
j12 = ctx->input[12];
|
|
131
|
+
j13 = ctx->input[13];
|
|
132
|
+
j14 = ctx->input[14];
|
|
133
|
+
j15 = ctx->input[15];
|
|
132
134
|
|
|
133
135
|
for (;;) {
|
|
134
136
|
if (bytes < 64) {
|
|
@@ -230,8 +232,8 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, unsigned long long bytes
|
|
|
230
232
|
ctarget[i] = c[i];
|
|
231
233
|
}
|
|
232
234
|
}
|
|
233
|
-
|
|
234
|
-
|
|
235
|
+
ctx->input[12] = j12;
|
|
236
|
+
ctx->input[13] = j13;
|
|
235
237
|
return;
|
|
236
238
|
}
|
|
237
239
|
bytes -= 64;
|
|
@@ -240,9 +242,9 @@ chacha_encrypt_bytes(chacha_ctx *x, const u8 *m, u8 *c, unsigned long long bytes
|
|
|
240
242
|
}
|
|
241
243
|
}
|
|
242
244
|
|
|
243
|
-
int
|
|
244
|
-
|
|
245
|
-
|
|
245
|
+
static int
|
|
246
|
+
stream_ref(unsigned char *c, unsigned long long clen,
|
|
247
|
+
const unsigned char *n, const unsigned char *k)
|
|
246
248
|
{
|
|
247
249
|
struct chacha_ctx ctx;
|
|
248
250
|
|
|
@@ -259,18 +261,15 @@ crypto_stream_chacha20_ref(unsigned char *c, unsigned long long clen,
|
|
|
259
261
|
return 0;
|
|
260
262
|
}
|
|
261
263
|
|
|
262
|
-
int
|
|
263
|
-
|
|
264
|
-
|
|
264
|
+
static int
|
|
265
|
+
stream_ietf_ref(unsigned char *c, unsigned long long clen,
|
|
266
|
+
const unsigned char *n, const unsigned char *k)
|
|
265
267
|
{
|
|
266
268
|
struct chacha_ctx ctx;
|
|
267
269
|
|
|
268
270
|
if (!clen) {
|
|
269
271
|
return 0;
|
|
270
272
|
}
|
|
271
|
-
if (clen > 64ULL * (1ULL << 32) - 64ULL) {
|
|
272
|
-
abort();
|
|
273
|
-
}
|
|
274
273
|
(void) sizeof(int[crypto_stream_chacha20_KEYBYTES == 256 / 8 ? 1 : -1]);
|
|
275
274
|
chacha_keysetup(&ctx, k);
|
|
276
275
|
chacha_ietf_ivsetup(&ctx, n, NULL);
|
|
@@ -281,11 +280,11 @@ crypto_stream_chacha20_ietf_ref(unsigned char *c, unsigned long long clen,
|
|
|
281
280
|
return 0;
|
|
282
281
|
}
|
|
283
282
|
|
|
284
|
-
int
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
283
|
+
static int
|
|
284
|
+
stream_ref_xor_ic(unsigned char *c, const unsigned char *m,
|
|
285
|
+
unsigned long long mlen,
|
|
286
|
+
const unsigned char *n, uint64_t ic,
|
|
287
|
+
const unsigned char *k)
|
|
289
288
|
{
|
|
290
289
|
struct chacha_ctx ctx;
|
|
291
290
|
uint8_t ic_bytes[8];
|
|
@@ -302,18 +301,16 @@ crypto_stream_chacha20_ref_xor_ic(unsigned char *c, const unsigned char *m,
|
|
|
302
301
|
chacha_keysetup(&ctx, k);
|
|
303
302
|
chacha_ivsetup(&ctx, n, ic_bytes);
|
|
304
303
|
chacha_encrypt_bytes(&ctx, m, c, mlen);
|
|
305
|
-
|
|
306
304
|
sodium_memzero(&ctx, sizeof ctx);
|
|
307
|
-
sodium_memzero(ic_bytes, sizeof ic_bytes);
|
|
308
305
|
|
|
309
306
|
return 0;
|
|
310
307
|
}
|
|
311
308
|
|
|
312
|
-
int
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
309
|
+
static int
|
|
310
|
+
stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
|
|
311
|
+
unsigned long long mlen,
|
|
312
|
+
const unsigned char *n, uint32_t ic,
|
|
313
|
+
const unsigned char *k)
|
|
317
314
|
{
|
|
318
315
|
struct chacha_ctx ctx;
|
|
319
316
|
uint8_t ic_bytes[4];
|
|
@@ -326,7 +323,14 @@ crypto_stream_chacha20_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
|
|
|
326
323
|
chacha_ietf_ivsetup(&ctx, n, ic_bytes);
|
|
327
324
|
chacha_encrypt_bytes(&ctx, m, c, mlen);
|
|
328
325
|
sodium_memzero(&ctx, sizeof ctx);
|
|
329
|
-
sodium_memzero(ic_bytes, sizeof ic_bytes);
|
|
330
326
|
|
|
331
327
|
return 0;
|
|
332
328
|
}
|
|
329
|
+
|
|
330
|
+
struct crypto_stream_chacha20_implementation
|
|
331
|
+
crypto_stream_chacha20_ref_implementation = {
|
|
332
|
+
SODIUM_C99(.stream =) stream_ref,
|
|
333
|
+
SODIUM_C99(.stream_ietf =) stream_ietf_ref,
|
|
334
|
+
SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic,
|
|
335
|
+
SODIUM_C99(.stream_ietf_xor_ic =) stream_ietf_ref_xor_ic
|
|
336
|
+
};
|
data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/{api.h → stream_chacha20_ref.h}
RENAMED
|
@@ -1,6 +1,11 @@
|
|
|
1
1
|
|
|
2
|
+
#include <stdint.h>
|
|
3
|
+
|
|
2
4
|
#include "crypto_stream_chacha20.h"
|
|
3
5
|
|
|
6
|
+
extern struct crypto_stream_chacha20_implementation
|
|
7
|
+
crypto_stream_chacha20_ref_implementation;
|
|
8
|
+
|
|
4
9
|
int
|
|
5
10
|
crypto_stream_chacha20_ref(unsigned char *c, unsigned long long clen,
|
|
6
11
|
const unsigned char *n, const unsigned char *k);
|
|
@@ -1,5 +1,13 @@
|
|
|
1
1
|
#include "crypto_stream_chacha20.h"
|
|
2
|
-
#include "
|
|
2
|
+
#include "stream_chacha20.h"
|
|
3
|
+
#include "runtime.h"
|
|
4
|
+
#include "ref/stream_chacha20_ref.h"
|
|
5
|
+
#if (defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) && defined(__GNUC__))
|
|
6
|
+
# include "vec/stream_chacha20_vec.h"
|
|
7
|
+
#endif
|
|
8
|
+
|
|
9
|
+
static const crypto_stream_chacha20_implementation *implementation =
|
|
10
|
+
&crypto_stream_chacha20_ref_implementation;
|
|
3
11
|
|
|
4
12
|
size_t
|
|
5
13
|
crypto_stream_chacha20_keybytes(void) {
|
|
@@ -20,14 +28,14 @@ int
|
|
|
20
28
|
crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
|
|
21
29
|
const unsigned char *n, const unsigned char *k)
|
|
22
30
|
{
|
|
23
|
-
return
|
|
31
|
+
return implementation->stream(c, clen, n, k);
|
|
24
32
|
}
|
|
25
33
|
|
|
26
34
|
int
|
|
27
35
|
crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
|
|
28
36
|
const unsigned char *n, const unsigned char *k)
|
|
29
37
|
{
|
|
30
|
-
return
|
|
38
|
+
return implementation->stream_ietf(c, clen, n, k);
|
|
31
39
|
}
|
|
32
40
|
|
|
33
41
|
int
|
|
@@ -36,7 +44,7 @@ crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
|
|
|
36
44
|
const unsigned char *n, uint64_t ic,
|
|
37
45
|
const unsigned char *k)
|
|
38
46
|
{
|
|
39
|
-
return
|
|
47
|
+
return implementation->stream_xor_ic(c, m, mlen, n, ic, k);
|
|
40
48
|
}
|
|
41
49
|
|
|
42
50
|
int
|
|
@@ -45,7 +53,7 @@ crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m,
|
|
|
45
53
|
const unsigned char *n, uint32_t ic,
|
|
46
54
|
const unsigned char *k)
|
|
47
55
|
{
|
|
48
|
-
return
|
|
56
|
+
return implementation->stream_ietf_xor_ic(c, m, mlen, n, ic, k);
|
|
49
57
|
}
|
|
50
58
|
|
|
51
59
|
int
|
|
@@ -53,7 +61,7 @@ crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
|
|
|
53
61
|
unsigned long long mlen, const unsigned char *n,
|
|
54
62
|
const unsigned char *k)
|
|
55
63
|
{
|
|
56
|
-
return
|
|
64
|
+
return implementation->stream_xor_ic(c, m, mlen, n, 0U, k);
|
|
57
65
|
}
|
|
58
66
|
|
|
59
67
|
int
|
|
@@ -61,5 +69,17 @@ crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m,
|
|
|
61
69
|
unsigned long long mlen, const unsigned char *n,
|
|
62
70
|
const unsigned char *k)
|
|
63
71
|
{
|
|
64
|
-
return
|
|
72
|
+
return implementation->stream_ietf_xor_ic(c, m, mlen, n, 0U, k);
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
int
|
|
76
|
+
_crypto_stream_chacha20_pick_best_implementation(void)
|
|
77
|
+
{
|
|
78
|
+
implementation = &crypto_stream_chacha20_ref_implementation;
|
|
79
|
+
#if (defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) && defined(__GNUC__))
|
|
80
|
+
if (sodium_runtime_has_ssse3()) {
|
|
81
|
+
implementation = &crypto_stream_chacha20_vec_implementation;
|
|
82
|
+
}
|
|
83
|
+
#endif
|
|
84
|
+
return 0;
|
|
65
85
|
}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
|
|
2
|
+
#ifndef stream_chacha20_H
|
|
3
|
+
#define stream_chacha20_H
|
|
4
|
+
|
|
5
|
+
#include <stdint.h>
|
|
6
|
+
|
|
7
|
+
typedef struct crypto_stream_chacha20_implementation {
|
|
8
|
+
int (*stream)(unsigned char *c, unsigned long long clen,
|
|
9
|
+
const unsigned char *n, const unsigned char *k);
|
|
10
|
+
int (*stream_ietf)(unsigned char *c, unsigned long long clen,
|
|
11
|
+
const unsigned char *n, const unsigned char *k);
|
|
12
|
+
int (*stream_xor_ic)(unsigned char *c, const unsigned char *m,
|
|
13
|
+
unsigned long long mlen,
|
|
14
|
+
const unsigned char *n, uint64_t ic,
|
|
15
|
+
const unsigned char *k);
|
|
16
|
+
int (*stream_ietf_xor_ic)(unsigned char *c, const unsigned char *m,
|
|
17
|
+
unsigned long long mlen,
|
|
18
|
+
const unsigned char *n, uint32_t ic,
|
|
19
|
+
const unsigned char *k);
|
|
20
|
+
} crypto_stream_chacha20_implementation;
|
|
21
|
+
|
|
22
|
+
#endif
|
|
@@ -0,0 +1,329 @@
|
|
|
1
|
+
|
|
2
|
+
#include <stdint.h>
|
|
3
|
+
#include <stdlib.h>
|
|
4
|
+
#include <string.h>
|
|
5
|
+
|
|
6
|
+
#include "export.h"
|
|
7
|
+
#include "utils.h"
|
|
8
|
+
#include "crypto_stream_chacha20.h"
|
|
9
|
+
#include "stream_chacha20_vec.h"
|
|
10
|
+
#include "../stream_chacha20.h"
|
|
11
|
+
|
|
12
|
+
#if (defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) && defined(__GNUC__))
|
|
13
|
+
|
|
14
|
+
#pragma GCC target("sse2")
|
|
15
|
+
#pragma GCC target("ssse3")
|
|
16
|
+
|
|
17
|
+
#define CHACHA_RNDS 20
|
|
18
|
+
|
|
19
|
+
typedef unsigned int vec __attribute__((vector_size(16)));
|
|
20
|
+
|
|
21
|
+
#include <emmintrin.h>
|
|
22
|
+
#include <tmmintrin.h>
|
|
23
|
+
|
|
24
|
+
# if __clang__
|
|
25
|
+
# define VBPI 4
|
|
26
|
+
# else
|
|
27
|
+
# define VBPI 3
|
|
28
|
+
# endif
|
|
29
|
+
# define ONE (vec) _mm_set_epi32(0, 0, 0, 1)
|
|
30
|
+
# define LOAD(m) (vec) _mm_loadu_si128((const __m128i *) (const void *) (m))
|
|
31
|
+
# define LOAD_ALIGNED(m) (vec) _mm_load_si128((const __m128i *) (const void *) (m))
|
|
32
|
+
# define STORE(m, r) _mm_storeu_si128((__m128i *) (void *) (m), (__m128i) (r))
|
|
33
|
+
# define ROTV1(x) (vec) _mm_shuffle_epi32((__m128i)x, _MM_SHUFFLE(0, 3, 2, 1))
|
|
34
|
+
# define ROTV2(x) (vec) _mm_shuffle_epi32((__m128i)x, _MM_SHUFFLE(1, 0, 3, 2))
|
|
35
|
+
# define ROTV3(x) (vec) _mm_shuffle_epi32((__m128i)x, _MM_SHUFFLE(2, 1, 0, 3))
|
|
36
|
+
# define ROTW7(x) \
|
|
37
|
+
(vec)(_mm_slli_epi32((__m128i)x, 7) ^ _mm_srli_epi32((__m128i)x, 25))
|
|
38
|
+
# define ROTW12(x) \
|
|
39
|
+
(vec)(_mm_slli_epi32((__m128i)x, 12) ^ _mm_srli_epi32((__m128i)x, 20))
|
|
40
|
+
# define ROTW8(x) \
|
|
41
|
+
(vec)(_mm_slli_epi32((__m128i)x, 8) ^ _mm_srli_epi32((__m128i)x, 24))
|
|
42
|
+
#define ROTW16(x) \
|
|
43
|
+
(vec)(_mm_slli_epi32((__m128i)x, 16) ^ _mm_srli_epi32((__m128i)x, 16))
|
|
44
|
+
|
|
45
|
+
#ifndef REVV_BE
|
|
46
|
+
# define REVV_BE(x) (x)
|
|
47
|
+
#endif
|
|
48
|
+
|
|
49
|
+
#define BPI (VBPI + 0) /* Blocks computed per loop iteration */
|
|
50
|
+
|
|
51
|
+
#define DQROUND_VECTORS(a, b, c, d) \
|
|
52
|
+
a += b; \
|
|
53
|
+
d ^= a; \
|
|
54
|
+
d = ROTW16(d); \
|
|
55
|
+
c += d; \
|
|
56
|
+
b ^= c; \
|
|
57
|
+
b = ROTW12(b); \
|
|
58
|
+
a += b; \
|
|
59
|
+
d ^= a; \
|
|
60
|
+
d = ROTW8(d); \
|
|
61
|
+
c += d; \
|
|
62
|
+
b ^= c; \
|
|
63
|
+
b = ROTW7(b); \
|
|
64
|
+
b = ROTV1(b); \
|
|
65
|
+
c = ROTV2(c); \
|
|
66
|
+
d = ROTV3(d); \
|
|
67
|
+
a += b; \
|
|
68
|
+
d ^= a; \
|
|
69
|
+
d = ROTW16(d); \
|
|
70
|
+
c += d; \
|
|
71
|
+
b ^= c; \
|
|
72
|
+
b = ROTW12(b); \
|
|
73
|
+
a += b; \
|
|
74
|
+
d ^= a; \
|
|
75
|
+
d = ROTW8(d); \
|
|
76
|
+
c += d; \
|
|
77
|
+
b ^= c; \
|
|
78
|
+
b = ROTW7(b); \
|
|
79
|
+
b = ROTV3(b); \
|
|
80
|
+
c = ROTV2(c); \
|
|
81
|
+
d = ROTV1(d);
|
|
82
|
+
|
|
83
|
+
#define WRITE_XOR(in, op, d, v0, v1, v2, v3) \
|
|
84
|
+
STORE(op + d + 0, LOAD(in + d + 0) ^ REVV_BE(v0)); \
|
|
85
|
+
STORE(op + d + 4, LOAD(in + d + 4) ^ REVV_BE(v1)); \
|
|
86
|
+
STORE(op + d + 8, LOAD(in + d + 8) ^ REVV_BE(v2)); \
|
|
87
|
+
STORE(op + d + 12, LOAD(in + d + 12) ^ REVV_BE(v3));
|
|
88
|
+
|
|
89
|
+
struct chacha_ctx {
|
|
90
|
+
vec s1;
|
|
91
|
+
vec s2;
|
|
92
|
+
vec s3;
|
|
93
|
+
};
|
|
94
|
+
|
|
95
|
+
typedef struct chacha_ctx chacha_ctx;
|
|
96
|
+
|
|
97
|
+
static void
|
|
98
|
+
chacha_ivsetup(chacha_ctx *ctx, const uint8_t *iv, uint64_t ic)
|
|
99
|
+
{
|
|
100
|
+
const vec s3 = {
|
|
101
|
+
(uint32_t) ic,
|
|
102
|
+
(uint32_t) (ic >> 32),
|
|
103
|
+
((const uint32_t *) (const void *) iv)[0],
|
|
104
|
+
((const uint32_t *) (const void *) iv)[1]
|
|
105
|
+
};
|
|
106
|
+
ctx->s3 = s3;
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
static void
|
|
110
|
+
chacha_ietf_ivsetup(chacha_ctx *ctx, const uint8_t *iv, uint32_t ic)
|
|
111
|
+
{
|
|
112
|
+
const vec s3 = {
|
|
113
|
+
ic,
|
|
114
|
+
((const uint32_t *) (const void *) iv)[0],
|
|
115
|
+
((const uint32_t *) (const void *) iv)[1],
|
|
116
|
+
((const uint32_t *) (const void *) iv)[2]
|
|
117
|
+
};
|
|
118
|
+
ctx->s3 = s3;
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
static void
|
|
122
|
+
chacha_keysetup(chacha_ctx *ctx, const uint8_t *k)
|
|
123
|
+
{
|
|
124
|
+
ctx->s1 = LOAD(k);
|
|
125
|
+
ctx->s2 = LOAD(k + 16);
|
|
126
|
+
}
|
|
127
|
+
|
|
128
|
+
static void
|
|
129
|
+
chacha_encrypt_bytes(chacha_ctx *ctx, const uint8_t *in, uint8_t *out,
|
|
130
|
+
unsigned long long inlen)
|
|
131
|
+
{
|
|
132
|
+
CRYPTO_ALIGN(16) unsigned chacha_const[]
|
|
133
|
+
= { 0x61707865, 0x3320646E, 0x79622D32, 0x6B206574 };
|
|
134
|
+
uint32_t *op = (uint32_t *) (void *) out;
|
|
135
|
+
const uint32_t *ip = (const uint32_t *) (const void *) in;
|
|
136
|
+
vec s0, s1, s2, s3;
|
|
137
|
+
unsigned long long iters;
|
|
138
|
+
unsigned long long i;
|
|
139
|
+
|
|
140
|
+
if (inlen > 64ULL * (1ULL << 32) - 64ULL) {
|
|
141
|
+
abort();
|
|
142
|
+
}
|
|
143
|
+
s0 = LOAD_ALIGNED(chacha_const);
|
|
144
|
+
s1 = ctx->s1;
|
|
145
|
+
s2 = ctx->s2;
|
|
146
|
+
s3 = ctx->s3;
|
|
147
|
+
|
|
148
|
+
for (iters = 0; iters < inlen / (BPI * 64); iters++) {
|
|
149
|
+
#if VBPI > 2
|
|
150
|
+
vec v8, v9, v10, v11;
|
|
151
|
+
#endif
|
|
152
|
+
#if VBPI > 3
|
|
153
|
+
vec v12, v13, v14, v15;
|
|
154
|
+
#endif
|
|
155
|
+
vec v0, v1, v2, v3, v4, v5, v6, v7;
|
|
156
|
+
v4 = v0 = s0;
|
|
157
|
+
v5 = v1 = s1;
|
|
158
|
+
v6 = v2 = s2;
|
|
159
|
+
v3 = s3;
|
|
160
|
+
v7 = v3 + ONE;
|
|
161
|
+
#if VBPI > 2
|
|
162
|
+
v8 = v4;
|
|
163
|
+
v9 = v5;
|
|
164
|
+
v10 = v6;
|
|
165
|
+
v11 = v7 + ONE;
|
|
166
|
+
#endif
|
|
167
|
+
#if VBPI > 3
|
|
168
|
+
v12 = v8;
|
|
169
|
+
v13 = v9;
|
|
170
|
+
v14 = v10;
|
|
171
|
+
v15 = v11 + ONE;
|
|
172
|
+
#endif
|
|
173
|
+
for (i = CHACHA_RNDS / 2; i; i--) {
|
|
174
|
+
DQROUND_VECTORS(v0, v1, v2, v3)
|
|
175
|
+
DQROUND_VECTORS(v4, v5, v6, v7)
|
|
176
|
+
#if VBPI > 2
|
|
177
|
+
DQROUND_VECTORS(v8, v9, v10, v11)
|
|
178
|
+
#endif
|
|
179
|
+
#if VBPI > 3
|
|
180
|
+
DQROUND_VECTORS(v12, v13, v14, v15)
|
|
181
|
+
#endif
|
|
182
|
+
}
|
|
183
|
+
|
|
184
|
+
WRITE_XOR(ip, op, 0, v0 + s0, v1 + s1, v2 + s2, v3 + s3)
|
|
185
|
+
s3 += ONE;
|
|
186
|
+
WRITE_XOR(ip, op, 16, v4 + s0, v5 + s1, v6 + s2, v7 + s3)
|
|
187
|
+
s3 += ONE;
|
|
188
|
+
#if VBPI > 2
|
|
189
|
+
WRITE_XOR(ip, op, 32, v8 + s0, v9 + s1, v10 + s2, v11 + s3)
|
|
190
|
+
s3 += ONE;
|
|
191
|
+
#endif
|
|
192
|
+
#if VBPI > 3
|
|
193
|
+
WRITE_XOR(ip, op, 48, v12 + s0, v13 + s1, v14 + s2, v15 + s3)
|
|
194
|
+
s3 += ONE;
|
|
195
|
+
#endif
|
|
196
|
+
ip += VBPI * 16;
|
|
197
|
+
op += VBPI * 16;
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
for (iters = inlen % (BPI * 64) / 64; iters != 0; iters--) {
|
|
201
|
+
vec v0 = s0, v1 = s1, v2 = s2, v3 = s3;
|
|
202
|
+
for (i = CHACHA_RNDS / 2; i; i--) {
|
|
203
|
+
DQROUND_VECTORS(v0, v1, v2, v3);
|
|
204
|
+
}
|
|
205
|
+
WRITE_XOR(ip, op, 0, v0 + s0, v1 + s1, v2 + s2, v3 + s3)
|
|
206
|
+
s3 += ONE;
|
|
207
|
+
ip += 16;
|
|
208
|
+
op += 16;
|
|
209
|
+
}
|
|
210
|
+
|
|
211
|
+
inlen = inlen % 64;
|
|
212
|
+
if (inlen) {
|
|
213
|
+
CRYPTO_ALIGN(16) vec buf[4];
|
|
214
|
+
vec v0, v1, v2, v3;
|
|
215
|
+
v0 = s0;
|
|
216
|
+
v1 = s1;
|
|
217
|
+
v2 = s2;
|
|
218
|
+
v3 = s3;
|
|
219
|
+
for (i = CHACHA_RNDS / 2; i; i--) {
|
|
220
|
+
DQROUND_VECTORS(v0, v1, v2, v3);
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
if (inlen >= 16) {
|
|
224
|
+
STORE(op + 0, LOAD(ip + 0) ^ REVV_BE(v0 + s0));
|
|
225
|
+
if (inlen >= 32) {
|
|
226
|
+
STORE(op + 4, LOAD(ip + 4) ^ REVV_BE(v1 + s1));
|
|
227
|
+
if (inlen >= 48) {
|
|
228
|
+
STORE(op + 8, LOAD(ip + 8) ^ REVV_BE(v2 + s2));
|
|
229
|
+
buf[3] = REVV_BE(v3 + s3);
|
|
230
|
+
} else {
|
|
231
|
+
buf[2] = REVV_BE(v2 + s2);
|
|
232
|
+
}
|
|
233
|
+
} else {
|
|
234
|
+
buf[1] = REVV_BE(v1 + s1);
|
|
235
|
+
}
|
|
236
|
+
} else {
|
|
237
|
+
buf[0] = REVV_BE(v0 + s0);
|
|
238
|
+
}
|
|
239
|
+
for (i = inlen & ~15ULL; i < inlen; i++) {
|
|
240
|
+
((char *) op)[i] = ((const char *) ip)[i] ^ ((char *) buf)[i];
|
|
241
|
+
}
|
|
242
|
+
}
|
|
243
|
+
}
|
|
244
|
+
|
|
245
|
+
static int
|
|
246
|
+
stream_vec(unsigned char *c, unsigned long long clen,
|
|
247
|
+
const unsigned char *n, const unsigned char *k)
|
|
248
|
+
{
|
|
249
|
+
struct chacha_ctx ctx;
|
|
250
|
+
|
|
251
|
+
if (!clen) {
|
|
252
|
+
return 0;
|
|
253
|
+
}
|
|
254
|
+
(void) sizeof(int[crypto_stream_chacha20_KEYBYTES == 256 / 8 ? 1 : -1]);
|
|
255
|
+
chacha_keysetup(&ctx, k);
|
|
256
|
+
chacha_ivsetup(&ctx, n, 0ULL);
|
|
257
|
+
memset(c, 0, clen);
|
|
258
|
+
chacha_encrypt_bytes(&ctx, c, c, clen);
|
|
259
|
+
sodium_memzero(&ctx, sizeof ctx);
|
|
260
|
+
|
|
261
|
+
return 0;
|
|
262
|
+
}
|
|
263
|
+
|
|
264
|
+
static int
|
|
265
|
+
stream_ietf_vec(unsigned char *c, unsigned long long clen,
|
|
266
|
+
const unsigned char *n, const unsigned char *k)
|
|
267
|
+
{
|
|
268
|
+
struct chacha_ctx ctx;
|
|
269
|
+
|
|
270
|
+
if (!clen) {
|
|
271
|
+
return 0;
|
|
272
|
+
}
|
|
273
|
+
(void) sizeof(int[crypto_stream_chacha20_KEYBYTES == 256 / 8 ? 1 : -1]);
|
|
274
|
+
chacha_keysetup(&ctx, k);
|
|
275
|
+
chacha_ietf_ivsetup(&ctx, n, 0ULL);
|
|
276
|
+
memset(c, 0, clen);
|
|
277
|
+
chacha_encrypt_bytes(&ctx, c, c, clen);
|
|
278
|
+
sodium_memzero(&ctx, sizeof ctx);
|
|
279
|
+
|
|
280
|
+
return 0;
|
|
281
|
+
}
|
|
282
|
+
|
|
283
|
+
static int
|
|
284
|
+
stream_vec_xor_ic(unsigned char *c, const unsigned char *m,
|
|
285
|
+
unsigned long long mlen,
|
|
286
|
+
const unsigned char *n, uint64_t ic,
|
|
287
|
+
const unsigned char *k)
|
|
288
|
+
{
|
|
289
|
+
struct chacha_ctx ctx;
|
|
290
|
+
|
|
291
|
+
if (!mlen) {
|
|
292
|
+
return 0;
|
|
293
|
+
}
|
|
294
|
+
chacha_keysetup(&ctx, k);
|
|
295
|
+
chacha_ivsetup(&ctx, n, ic);
|
|
296
|
+
chacha_encrypt_bytes(&ctx, m, c, mlen);
|
|
297
|
+
sodium_memzero(&ctx, sizeof ctx);
|
|
298
|
+
|
|
299
|
+
return 0;
|
|
300
|
+
}
|
|
301
|
+
|
|
302
|
+
static int
|
|
303
|
+
stream_ietf_vec_xor_ic(unsigned char *c, const unsigned char *m,
|
|
304
|
+
unsigned long long mlen,
|
|
305
|
+
const unsigned char *n, uint32_t ic,
|
|
306
|
+
const unsigned char *k)
|
|
307
|
+
{
|
|
308
|
+
struct chacha_ctx ctx;
|
|
309
|
+
|
|
310
|
+
if (!mlen) {
|
|
311
|
+
return 0;
|
|
312
|
+
}
|
|
313
|
+
chacha_keysetup(&ctx, k);
|
|
314
|
+
chacha_ietf_ivsetup(&ctx, n, ic);
|
|
315
|
+
chacha_encrypt_bytes(&ctx, m, c, mlen);
|
|
316
|
+
sodium_memzero(&ctx, sizeof ctx);
|
|
317
|
+
|
|
318
|
+
return 0;
|
|
319
|
+
}
|
|
320
|
+
|
|
321
|
+
struct crypto_stream_chacha20_implementation
|
|
322
|
+
crypto_stream_chacha20_vec_implementation = {
|
|
323
|
+
SODIUM_C99(.stream =) stream_vec,
|
|
324
|
+
SODIUM_C99(.stream_ietf =) stream_ietf_vec,
|
|
325
|
+
SODIUM_C99(.stream_xor_ic =) stream_vec_xor_ic,
|
|
326
|
+
SODIUM_C99(.stream_ietf_xor_ic =) stream_ietf_vec_xor_ic
|
|
327
|
+
};
|
|
328
|
+
|
|
329
|
+
#endif
|