rbnacl-libsodium 0.4.5 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f551de05e6efe503569c83656aa9719b4b7dfa7a
-  data.tar.gz: ef32678a8b9fd0ae52810e7fd2b76c26d271b75a
+  metadata.gz: e8ed461ce769d0dba8b99e811c9400d20911e5ff
+  data.tar.gz: a9f739368935abb90deb0c22e672af7e1c9ff374
 SHA512:
-  metadata.gz: de14b48da67cb629973490f0065e439b060f8f033017f7d2890f255cdd9dab31a174b4d804964c2a0d95d6dc9717f127da345880e72639605162dfae72877d82
-  data.tar.gz: db20811ed7a3f74c01df8ff30f371b7890f53837cb7a0847bb9a685434718b4a674ae0f711f841bb5ad5b729099ad2d1c4cf557e4bf4eda24f46a4bdfd2e963b
+  metadata.gz: 0db842969dbfcda987cd1f842dbc61a62605b1b5bfab947f76b5b2c3964daa29389eed259a843114c9f9b821ee284587383f468d400d4788b6f61351e51597d9
+  data.tar.gz: 2c3c1d7df0e5f0cb72b7efe8d6c315237231ac0303e01225fc0fb8d11d0363fc3876c06bf88095f81e1ae7ccc920c979ebd473c2114a2dacba526f2458fc9a57

data/lib/rbnacl/libsodium/version.rb

@@ -1,5 +1,5 @@
 module RbNaCl
   module Libsodium
-    VERSION = "0.4.5"
+    VERSION = "0.5.0"
   end
 end

data/vendor/libsodium/AUTHORS

@@ -30,19 +30,19 @@ Daniel J. Bernstein
 
 crypto_hash/sha256
 ------------------
-Daniel J. Bernstein (wrapper around crypto_hashblocks/sha256)
+Colin Percival
 
 crypto_hash/sha512
 ------------------
-Daniel J. Bernstein (wrapper around crypto_hashblocks/sha512)
+Colin Percival
 
-crypto_hashblocks/sha256
-------------------------
-Daniel J. Bernstein
+crypto_auth/hmacsha256
+------------------
+Colin Percival
 
-crypto_hashblocks/sha512
-------------------------
-Daniel J. Bernstein
+crypto_auth/hmacsha512
+------------------
+Colin Percival
 
 crypto_scalarmult/curve25519/ref
 --------------------------------
@@ -98,4 +98,9 @@ Christian Winnerlein
 
 crypto_onetimeauth/poly1305/donna
 ---------------------------------
-Andrew "floodyberry" M.
+Andrew "floodyberry" Moon.
+
+crypto_pwhash/scryptxsalsa208sha256
+--------------------------------
+Colin Percival
+Alexander Peslyak

data/vendor/libsodium/ChangeLog

@@ -1,4 +1,30 @@
 
+* Version 0.5.0
+ - sodium_mlock()/sodium_munlock() have been introduced to lock pages
+in memory before storing sensitive data, and to zero them before
+unlocking them.
+ - High-level wrappers for crypto_box and crypto_secretbox
+(crypto_box_easy and crypto_secretbox_easy) can be used to avoid
+dealing with the specific memory layout regular functions depend on.
+ - crypto_pwhash_scryptxsalsa208sha256* functions have been added
+to derive a key from a password, and for password storage.
+ - Salsa20 and ed25519 implementations now support overlapping
+inputs/keys/outputs (changes imported from supercop-20140505).
+ - New build scripts for Visual Studio, Emscripten, different Android
+architectures and msys2 are available.
+ - The poly1305-53 implementation has been replaced with Floodyberry's
+poly1305-donna32 and poly1305-donna64 implementations.
+ - sodium_hex2bin() has been added to complement sodium_bin2hex().
+ - On OpenBSD and Bitrig, arc4random() is used instead of reading
+/dev/urandom.
+ - crypto_auth_hmac_sha512() has been implemented.
+ - sha256 and sha512 now have a streaming interface.
+ - hmacsha256, hmacsha512 and hmacsha512256 now support keys of
+arbitrary length, and have a streaming interface.
+ - crypto_verify_64() has been implemented.
+ - first-class Visual Studio build system, thanks to @evoskuil
+ - CPU features are now detected at runtime.
+
 * Version 0.4.5
  - Restore compatibility with OSX <= 10.6
 

data/vendor/libsodium/LICENSE

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013
+ * Copyright (c) 2013-2014
  * Frank Denis <j at pureftpd dot org>
  *
  * Permission to use, copy, modify, and distribute this software for any

data/vendor/libsodium/Makefile.am

@@ -10,6 +10,7 @@ EXTRA_DIST = \
 	THANKS
 
 SUBDIRS = \
+	dist-build \
 	msvc-scripts \
 	src \
 	test

data/vendor/libsodium/README.markdown

@@ -11,30 +11,15 @@ NaCl's goal is to provide all of the core operations needed to build
 higher-level cryptographic tools.
 
 Sodium is a portable, cross-compilable, installable, packageable
-fork of NaCl, with a compatible API.
-
-## Is it full of NSA backdoors?
-
-![No NIST](http://i.imgur.com/HSxeAmp.png)
-
-The design of Sodium's primitives is completely free from NIST (and by
-association, NSA) influence, with the following minor exceptions:
-- The Poly1305 MAC, used for authenticating integrity of ciphertexts,
-uses AES as a replaceable component,
-- The Ed25519 digital signature algorithm uses SHA-512 for both key
-derivation and computing message digests,
-- APIs are provided to SHA-512 and SHA-512/256, but are replaceable by
-the Blake2 hash function, which the Sodium library also provides.
+fork of NaCl (based on the latest released upstream version [nacl-20110221](http://hyperelliptic.org/nacl/nacl-20110221.tar.bz2)), with a compatible API.
 
 The design choices, particularly in regard to the Curve25519
 Diffie-Hellman function, emphasize security (whereas NIST curves
 emphasize "performance" at the cost of security), and "magic
-constants" in NaCl/Sodium are picked by theorems designed to maximize
-security.
+constants" in NaCl/Sodium have clear rationales.
 
 The same cannot be said of NIST curves, where the specific origins of
-certain constants are not described by the standards and may be
-subject to malicious influence by the NSA.
+certain constants are not described by the standards.
 
 And despite the emphasis on higher security, primitives are faster
 across-the-board than most implementations of the NIST standards.
@@ -75,6 +60,39 @@ Integrity of source tarballs can currently be checked using PGP or
 verified DNS queries (`dig +dnssec +short txt <file>.download.libsodium.org`
 returns the SHA256 of any file available for download).
 
+## Pre-built binaries
+
+Pre-built libraries for Visual studio 2010, 2012 and 2013, both for
+x86 and x64, are available for download at
+https://download.libsodium.org/libsodium/releases/ , courtesy of
+Samuel Neves (@sneves).
+
+## Bindings for other languages
+
+* C++: [sodiumpp](https://github.com/rubendv/sodiumpp)
+* Erlang: [Erlang-NaCl](https://github.com/tonyg/erlang-nacl)
+* Erlang: [Salt](https://github.com/freza/salt)
+* Haskell: [Saltine](https://github.com/tel/saltine)
+* Idris: [Idris-Sodium](https://github.com/edwinb/sodium-idris)
+* Java: [Kalium](https://github.com/abstractj/kalium)
+* Java JNI: [Kalium-JNI](https://github.com/joshjdevl/kalium-jni)
+* Julia: [Sodium.jl](https://github.com/amitmurthy/Sodium.jl)
+* LUA: [lua-sodium](https://github.com/morfoh/lua-sodium)
+* .NET: [libsodium-net](https://github.com/adamcaudill/libsodium-net)
+* NodeJS: [node-sodium](https://github.com/paixaop/node-sodium)
+* Objective C: [NAChloride](https://github.com/gabriel/NAChloride)
+* OCaml: [ocaml-sodium](https://github.com/dsheets/ocaml-sodium)
+* Perl: [Crypto-Sodium](https://github.com/mgregoro/Crypt-Sodium)
+* Pharo/Squeak: [Crypto-NaCl](http://www.eighty-twenty.org/index.cgi/tech/smalltalk/nacl-for-squeak-and-pharo-20130601.html)
+* PHP: [PHP-Sodium](https://github.com/alethia7/php-sodium)
+* PHP: [libsodium-php](https://github.com/jedisct1/libsodium-php)
+* Python: [PyNaCl](https://github.com/dstufft/pynacl)
+* Python: [PySodium](https://github.com/stef/pysodium)
+* Racket: part of [CRESTaceans](https://github.com/mgorlick/CRESTaceans/tree/master/bindings/libsodium)
+* Ruby: [RbNaCl](https://github.com/cryptosphere/rbnacl)
+* Ruby: [Sodium](https://github.com/stouset/sodium)
+* Rust: [Sodium Oxide](https://github.com/dnaq/sodiumoxide)
+
 ## Comparison with vanilla NaCl
 
 Sodium does not ship C++ bindings. These might be part of a distinct
@@ -105,20 +123,19 @@ A convenience header includes everything you need to use the library:
 
     #include <sodium.h>
 
-This is not required, however, before any other libsodium function, you can
-call:
+This is not required, however, before any other libsodium functions, it
+is recommended to call:
 
     sodium_init();
 
 This will pick optimized implementations of some primitives, if they
 appear to work as expected after running some tests, and these will be
-used for subsequent operations. It only need to be called once.
-
-This function is not thread-safe. No other Sodium functions should be
-called until it successfully returns. In a multithreading environment,
-if, for some reason, you really need to call `sodium_init()` while some
-other Sodium functions may be running in different threads, add locks
-accordingly (both around `sodium_init()` and around other functions).
+used for subsequent operations.
+It will also initialize the pseudorandom number generator.
+This function should only be called once, and before performing any other
+operations.
+Doing so is required to ensure thread safety of all the functions provided by
+the library.
 
 Sodium also provides helper functions to generate random numbers,
 leveraging `/dev/urandom` or `/dev/random` on *nix and the cryptographic
@@ -156,7 +173,7 @@ In addition, Sodium provides a function to securely wipe a memory
 region:
 
     void     sodium_memzero(void * const pnt, const size_t size);
-    
+
 Warning: if a region has been allocated on the heap, you still have
 to make sure that it can't get swapped to disk, possibly using
 `mlock(2)`.
@@ -166,12 +183,90 @@ In order to compare memory zones in constant time, Sodium provides:
     int      sodium_memcmp(const void * const b1_, const void * const b2_,
                            size_t size);
 
+`sodium_memcmp()` returns `0` if `size` bytes at `b1_` and `b2_` are
+equal, another value if they are not. Unlike `memcmp()`,
+`sodium_memcmp()` cannot be used to put `b1_` and `b2_` into a defined
+order.
+
 And a convenience function for converting a binary buffer to a
 hexadecimal string:
 
     char *   sodium_bin2hex(char * const hex, const size_t hexlen,
                             const unsigned char *bin, const size_t binlen);
 
+Sensitive data should not be swapped out to disk, especially if swap
+partitions are not encrypted. Libsodium provides the `sodium_mlock()`
+function to lock pages in memory before writing sensitive content to
+them:
+
+    int      sodium_mlock(void *addr, size_t len);
+
+Once done with these pages, they can be unlocked with
+`sodium_munlock()`. This function will zero the data before unlocking
+the pages.
+
+    int      sodium_munlock(void * addr, size_t len);
+
+## Easy interfaces to `crypto_box` and `crypto_secretbox`
+
+`crypto_box` and `crypto_secretbox` require prepending
+`crypto_box_ZEROBYTES` or `crypto_secretbox_ZEROBYTE` extra bytes to the
+message, and making sure that these are all zeros.
+A similar padding is required to decrypt the ciphertext. And this
+padding is actually larger than the MAC size,
+`crypto_box_MACBYTES`/`crypto_secretbox_MACBYTES`.
+
+This API, as defined by NaCl, can be confusing. And while using a
+larger buffer and two pointers is not an issue for native C
+applications, this might not be an option when another runtime is
+controlling the allocations.
+
+Libsodium provides an easy, higher-level interface to these operations.
+
+    int crypto_box_easy(unsigned char *c, const unsigned char *m,
+                        unsigned long long mlen, const unsigned char *n,
+                        const unsigned char *pk, const unsigned char *sk);
+
+This function encrypts and authenticates a message `m` using the
+sender's secret key `sk`, the receiver's public key `pk` and a nonce
+`n`, which should be `crypto_box_NONCEBYTES` bytes long.
+The ciphertext, including the MAC, will be copied to `c`, whose length
+should be `len(m) + crypto_box_MACBYTES`, and that doesn't require to be
+initialized.
+
+    int crypto_box_open_easy(unsigned char *m, const unsigned char *c,
+                             unsigned long long clen, const unsigned char *n,
+                             const unsigned char *pk, const unsigned char *sk);
+
+This function verifies and decrypts a ciphertext `c` as returned by
+`crypto_box_easy()`, whose length is `clen`, using the nonce `n`, the
+receiver's secret key `sk`, and the sender's public key `pk`. The
+message is stored to `m`, whose length should be at least `len(c) -
+crypto_box_MACBYTES` and that doesn't require to be initialized.
+
+Similarily, secret-key authenticated encryption provide "easy" wrappers:
+
+    int crypto_secretbox_easy(unsigned char *c, const unsigned char *m,
+                              unsigned long long mlen, const unsigned char *n,
+                              const unsigned char *k);
+
+    int crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c,
+                                   unsigned long long clen,
+                                   const unsigned char *n,
+                                   const unsigned char *k);
+
+The length of the ciphertext, which will include the MAC, is
+`len(m) + crypto_secretbox_MACBYTES`, and the length of the buffer for
+the decrypted message doesn't have to be more than `len(c) -
+crypto_secretbox_MACBYTES`.
+
+The "easy" interface currently requires allocations and copying, which
+makes it slower than using the traditional NaCl interface. This
+shouldn't make any sensible difference in most use cases, and future
+versions of the library may not require extra copy operations any
+more. Unless speed is absolutely critical, you are welcome to use the
+"easy" interface, especially if you are new to NaCl/Sodium.
+
 ## New operations
 
 ### crypto_shorthash
@@ -200,29 +295,74 @@ This hash function provides:
 `crypto_generichash` is currently being implemented using
 [Blake2](https://blake2.net/).
 
+### crypto_pwhash (scrypt)
+
+High-level functions for password hashing are not defined yet: they will
+eventually be wrappers for the winning function of the ongoing
+[Password Hashing Competition](https://password-hashing.net/).
+
+Meanwhile, the [scrypt](http://www.tarsnap.com/scrypt.html) function is
+available through explicitly-named functions, and will remain available
+in the library even after the PHC.
+
+    int crypto_pwhash_scryptxsalsa208sha256(unsigned char *out,
+                                            unsigned long long outlen,
+                                            const char *passwd,
+                                            unsigned long long passwdlen,
+                                            const unsigned char *salt,
+                                            unsigned long long opslimit,
+                                            size_t memlimit);
+
+This function derives `outlen` bytes from a password `passwd` and a
+salt `salt` that has to be `crypto_pwhash_scryptxsalsa208sha256_SALTBYTES`
+bytes long.
+
+The function will use at most `memlimit` bytes of memory and `opslimit`
+is the maximum number of iterations to perform. Making the function
+memory-hard and CPU intensive by increasing these parameters might increase
+security.
+
+Although password storage was not the primary goal of the scrypt
+function, it can still be used for this purpose:
+
+    int crypto_pwhash_scryptxsalsa208sha256_str
+        (char out[crypto_pwhash_scryptxsalsa208sha256_STRBYTES],
+         const char *passwd,
+         unsigned long long passwdlen,
+         unsigned long long opslimit,
+         size_t memlimit);
+
+This function returns a `crypto_pwhash_scryptxsalsa208sha256_STRBYTES`
+bytes C string (the length includes the final `\0`) suitable for storage.
+The string is guaranteed to only include ASCII characters.
+
+The function will use at most `memlimit` bytes of memory and `opslimit`
+is the maximum number of iterations to perform. These parameters are
+included in the output string, and do not need to be stored separately.
+
+The function automatically generates a random salt, which is also
+included in the output string.
+
+    int crypto_pwhash_scryptxsalsa208sha256_str_verify
+        (const char str[crypto_pwhash_scryptxsalsa208sha256_STRBYTES],
+         const char *passwd,
+         unsigned long long passwdlen);
+
+This function verifies that hashing the plaintext password `passwd`
+results in the stored hash value included in `str` when using the same
+parameters.
+
+`0` is returned if the passwords are matching, `-1` is they are not.
+The plaintext password should be locked in memory using
+`sodium_mlock()` and immediately zeroed out and unlocked after this
+function returns, using `sodium_munlock()`.
+
 ## Constants available as functions
 
 In addition to constants for key sizes, output sizes and block sizes,
 Sodium provides these values through function calls, so that using
 them from different languages is easier.
 
-## Bindings for other languages
-
-* Erlang: [Erlang-NaCl](https://github.com/tonyg/erlang-nacl)
-* Haskell: [Saltine](https://github.com/tel/saltine)
-* Java: [Kalium](https://github.com/abstractj/kalium)
-* Java JNI: [Kalium-JNI](https://github.com/joshjdevl/kalium-jni)
-* Julia: [Sodium.jl](https://github.com/amitmurthy/Sodium.jl)
-* .NET: [libsodium-net](https://github.com/adamcaudill/libsodium-net)
-* Ocaml: [ocaml-sodium](https://github.com/dsheets/ocaml-sodium)
-* Pharo/Squeak: [Crypto-NaCl](http://www.eighty-twenty.org/index.cgi/tech/smalltalk/nacl-for-squeak-and-pharo-20130601.html)
-* PHP: [PHP-Sodium](https://github.com/alethia7/php-sodium)
-* Python: [PyNaCl](https://github.com/dstufft/pynacl)
-* Python: [PySodium](https://github.com/stef/pysodium)
-* Racket: part of [CRESTaceans](https://github.com/mgorlick/CRESTaceans/tree/master/bindings/libsodium)
-* Ruby: [RbNaCl](https://github.com/cryptosphere/rbnacl)
-* Ruby: [Sodium](https://github.com/stouset/sodium)
-
 ## CurveCP
 
 CurveCP tools are part of a different project,
@@ -243,4 +383,3 @@ In order to join, just send a random mail to `sodium-subscribe` {at}
 
 See the `COPYING` file for details, `AUTHORS` for designers and
 implementors, and `THANKS` for contributors.
-

data/vendor/libsodium/THANKS

@@ -1,17 +1,27 @@
 @alethia7
+@dnaq
 @joshjdevl
 @neheb
 Amit Murthy (@amitmurthy)
 Bruno Oliveira (@abstractj)
+Christian Wiese (@morfoh)
 Chris Rebert (@cvrebert)
 Donald Stufft (@dstufft)
 Douglas Campos (@qmx)
+Eric Voskuil (@evoskuil)
+Gabriel Handford (@gabriel)
+Jachym Holecek (@freza)
+Jan de Muijnck-Hughes (@jfdm)
 Jeroen Habraken (@VeXocide)
 Joseph Abrahamson (@tel)
 Kenneth Ballenegger (@kballenegger)
 Michael Gorlick (@mgorlick)
+Michael Gregorowicz (@mgregoro)
+Pedro Paixao (@paixaop)
+Ruben De Visscher (@rubendv)
 Samuel Neves (@sneves)
 Stefan Marsiske
 Stephan Touset (@stouset)
+Steve Gibson (@sggrc)
 Tony Arcieri (@bascule)
 Tony Garnock-Jones (@tonyg)

data/vendor/libsodium/builds/msvc/properties/Common.props

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  
+  <PropertyGroup>
+    <_PropertySheetDisplayName>Common Settings</_PropertySheetDisplayName>
+    <CharacterSet>Unicode</CharacterSet>
+  </PropertyGroup>
+
+  <ImportGroup Label="PropertySheets">
+    <Import Project="$(Platform).props" />
+  </ImportGroup>  
+
+  <ItemDefinitionGroup>
+    <ClCompile>
+      <MultiProcessorCompilation>true</MultiProcessorCompilation>
+      <PreprocessorDefinitions>UNICODE;_UNICODE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <WarningLevel>Level3</WarningLevel>
+    </ClCompile>
+  </ItemDefinitionGroup>
+
+</Project>