cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into stable-1.0.17

Browse Source 
* master: (190 commits)
  fileinput is not used any more
  2019
  local-dynamic is enough
  Set tls-model only if TLS is supported
  Enable -ftls-model=global-dynamic if available
  Set nonce in randombytes_salsa20_random_stir() instead of random_init()
  Bump .NET version examples
  Add another test
  Avoid memory leak and overflow in addition test
  Avoid partial array initialization
  Bump SODIUM_LIBRARY_VERSION_MINOR
  More tests
  More tests
  Improve clarity
  ALLOW_MEMORY_GROWTH is now enabled
  AVX512 detection has been improved
  Add a conditional to enable retpoline support
  must -> should
  Add comments, avoid implicit array initialization
  Add comments
  ...
This commit is contained in:
Frank Denis 2019-01-06 15:43:38 +01:00
commit 10ac185647
167 changed files with 5051 additions and 1103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -81,7 +81,9 @@ test/default/*.asm.js
test/default/*.res
test/default/*.trs
test/default/aead_aes256gcm
test/default/aead_aes256gcm2
test/default/aead_chacha20poly1305
test/default/aead_chacha20poly13052
test/default/aead_xchacha20poly1305
test/default/auth
test/default/auth2
@ -131,6 +133,7 @@ test/default/scalarmult2
test/default/scalarmult5
test/default/scalarmult6
test/default/scalarmult7
test/default/scalarmult8
test/default/secretbox
test/default/secretbox2
test/default/secretbox7

29
ChangeLog
View File

@ -1,4 +1,33 @@
* Version 1.0.17
- Bug fix: `sodium_pad()` didn't properly support block sizes >= 256 bytes.
- JS/WebAssembly: some old iOS versions can't instantiate the WebAssembly
module; fall back to Javascript on these.
- JS/WebAssembly: compatibility with newer Emscripten versions.
- Bug fix: `crypto_pwhash_scryptsalsa208sha256_str_verify()` and
`crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()` didn't return
`EINVAL` on input strings with a short length, unlike their high-level
counterpart.
- Added a workaround for Visual Studio 2010 bug causing CPU features
not to be detected.
- Portability improvements.
- Test vectors from Project Wycheproof have been added.
- New low-level APIs for arithmetic mod the order of the prime order group:
`crypto_core_ed25519_scalar_random()`, `crypto_core_ed25519_scalar_reduce()`,
`crypto_core_ed25519_scalar_invert()`, `crypto_core_ed25519_scalar_negate()`,
`crypto_core_ed25519_scalar_complement()`, `crypto_core_ed25519_scalar_add()`
and `crypto_core_ed25519_scalar_sub()`.
- New low-level APIs for scalar multiplication without clamping:
`crypto_scalarmult_ed25519_base_noclamp()`,
and `crypto_scalarmult_ed25519_noclamp()`. These new APIs are
especially useful for blinding.
- `sodium_sub()` has been implemented.
- Support for WatchOS has been added.
- getrandom(2) is now used on FreeBSD 12+.
- The `nonnull` attribute has been added to all relevant prototypes.
- More reliable AVX512 detection.
- Javascript/Webassembly builds now use dynamic memory growth
* Version 1.0.16
- Signatures computations and verifications are now way faster on
64-bit platforms with compilers supporting 128-bit arithmetic (gcc,

5
Makefile.in
View File

@ -207,9 +207,7 @@ am__DIST_COMMON = $(srcdir)/Makefile.in \
$(top_srcdir)/src/libsodium/include/sodium/version.h.in \
AUTHORS ChangeLog THANKS build-aux/compile \
build-aux/config.guess build-aux/config.sub \
build-aux/install-sh build-aux/ltmain.sh build-aux/missing \
compile config.guess config.sub depcomp install-sh ltmain.sh \
missing
build-aux/install-sh build-aux/ltmain.sh build-aux/missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@ -309,7 +307,6 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
ISODATE = @ISODATE@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@

4
README.markdown
View File

@ -21,7 +21,7 @@ as well as Javascript and Webassembly.
## Documentation
The documentation is available on Gitbook:
The documentation is available on Gitbook and built from the [libsodium-doc](https://github.com/jedisct1/libsodium-doc) repository:
* [libsodium documentation](https://download.libsodium.org/doc/) -
online, requires Javascript.
@ -31,7 +31,7 @@ in PDF, MOBI and ePUB formats.
## Integrity Checking
The integrity checking instructions (including the signing key for libsodium)
are available in the [installation](https://download.libsodium.org/doc/installation/index.html#integrity-checking)
are available in the [installation](https://download.libsodium.org/doc/installation#integrity-checking)
section of the documentation.
## Community

1
THANKS
View File

@ -15,6 +15,7 @@ libsodium bindings for their favorite programming languages:
@neheb
Adam Caudill (@adamcaudill)
Alexander Ilin (@AlexIljin)
Alexander Morris (@alexpmorris)
Amit Murthy (@amitmurthy)
Andrew Bennett (@potatosalad)

1
builds/Makefile.in
View File

@ -185,7 +185,6 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
ISODATE = @ISODATE@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@

6
builds/msvc/resource.rc
View File

@ -4,8 +4,8 @@
#include "windows.h"
//specify the version numbers for the dll's
#define LIBSODIUM_VERSION_STRING "1.0.16.0"
#define LIBSODIUM_VERSION_BIN 1,0,16,0
#define LIBSODIUM_VERSION_STRING "1.0.17.0"
#define LIBSODIUM_VERSION_BIN 1,0,17,0
//specify the product name for the dlls based on the platform we are compiling for
#if defined(x64)
@ -47,7 +47,7 @@ BEGIN
VALUE "FileDescription", "The Sodium crypto library (libsodium) "
VALUE "FileVersion", LIBSODIUM_VERSION_STRING
VALUE "InternalName", "libsodium"
VALUE "LegalCopyright", "Copyright (c) 2017 The libsodium authors."
VALUE "LegalCopyright", "Copyright (c) 2013-2019 The libsodium authors."
VALUE "OriginalFilename", "libsodium.dll"
VALUE "ProductName", LIBSODIUM_PRODUCT_NAME
VALUE "ProductVersion", LIBSODIUM_VERSION_STRING

4
builds/msvc/version.h
View File

@ -4,10 +4,10 @@
#include "export.h"
#define SODIUM_VERSION_STRING "1.0.16"
#define SODIUM_VERSION_STRING "1.0.17"
#define SODIUM_LIBRARY_VERSION_MAJOR 10
#define SODIUM_LIBRARY_VERSION_MINOR 1
#define SODIUM_LIBRARY_VERSION_MINOR 2
#ifdef __cplusplus
extern "C" {

1
builds/msvc/vs2010/libsodium/libsodium.vcxproj
View File

@ -259,6 +259,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters
View File

@ -566,6 +566,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h">
<Filter>include\sodium\private</Filter>
</ClInclude>

1
builds/msvc/vs2012/libsodium/libsodium.vcxproj
View File

@ -259,6 +259,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters
View File

@ -566,6 +566,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h">
<Filter>include\sodium\private</Filter>
</ClInclude>

1
builds/msvc/vs2013/libsodium/libsodium.vcxproj
View File

@ -259,6 +259,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters
View File

@ -566,6 +566,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h">
<Filter>include\sodium\private</Filter>
</ClInclude>

1
builds/msvc/vs2015/libsodium/libsodium.vcxproj
View File

@ -259,6 +259,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters
View File

@ -566,6 +566,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h">
<Filter>include\sodium\private</Filter>
</ClInclude>

1
builds/msvc/vs2017/libsodium/libsodium.vcxproj
View File

@ -259,6 +259,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters
View File

@ -566,6 +566,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h">
<Filter>include\sodium\private</Filter>
</ClInclude>

190
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for libsodium 1.0.16.
# Generated by GNU Autoconf 2.69 for libsodium 1.0.17.
#
# Report bugs to <https://github.com/jedisct1/libsodium/issues>.
#
@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='libsodium'
PACKAGE_TARNAME='libsodium'
PACKAGE_VERSION='1.0.16'
PACKAGE_STRING='libsodium 1.0.16'
PACKAGE_VERSION='1.0.17'
PACKAGE_STRING='libsodium 1.0.17'
PACKAGE_BUGREPORT='https://github.com/jedisct1/libsodium/issues'
PACKAGE_URL='https://github.com/jedisct1/libsodium'
@ -732,7 +732,6 @@ DLL_VERSION
SODIUM_LIBRARY_VERSION
SODIUM_LIBRARY_VERSION_MINOR
SODIUM_LIBRARY_VERSION_MAJOR
ISODATE
am__nodep
AMDEPBACKSLASH
AMDEP_FALSE
@ -828,6 +827,7 @@ enable_minimal
with_pthreads
with_safecode
with_ctgrind
enable_retpoline
enable_debug
enable_opt
enable_valgrind
@ -1400,7 +1400,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures libsodium 1.0.16 to adapt to many kinds of systems.
\`configure' configures libsodium 1.0.17 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1470,7 +1470,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of libsodium 1.0.16:";;
short | recursive ) echo "Configuration of libsodium 1.0.17:";;
esac
cat <<\_ACEOF
@ -1498,6 +1498,7 @@ Optional Features:
broken on the target platform
--enable-minimal Only compile the minimum set of functions required
for the high-level API
--enable-retpoline Use return trampolines for indirect calls
--enable-debug For maintainers only - please do not use
--enable-opt Optimize for the native CPU - The resulting library
will be faster but not portable
@ -1620,7 +1621,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
libsodium configure 1.0.16
libsodium configure 1.0.17
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2043,7 +2044,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by libsodium $as_me 1.0.16, which was
It was created by libsodium $as_me 1.0.17, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -2979,7 +2980,7 @@ fi
# Define the identity of the package.
PACKAGE='libsodium'
VERSION='1.0.16'
VERSION='1.0.17'
cat >>confdefs.h <<_ACEOF
@ -3271,13 +3272,11 @@ fi
ISODATE=`date +%Y-%m-%d`
SODIUM_LIBRARY_VERSION_MAJOR=10
SODIUM_LIBRARY_VERSION_MINOR=1
SODIUM_LIBRARY_VERSION_MINOR=2
DLL_VERSION=8
SODIUM_LIBRARY_VERSION=24:0:1
SODIUM_LIBRARY_VERSION=25:0:2
# | | |
# +------+ | +---+
# | | |
@ -5555,6 +5554,124 @@ fi
fi
# Check whether --enable-retpoline was given.
if test "${enable_retpoline+set}" = set; then :
enableval=$enable_retpoline; if test "x$enableval" = "xyes"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mindirect-branch=thunk-inline" >&5
$as_echo_n "checking whether C compiler accepts -mindirect-branch=thunk-inline... " >&6; }
if ${ax_cv_check_cflags___mindirect_branch_thunk_inline+:} false; then :
$as_echo_n "(cached) " >&6
else
ax_check_save_flags=$CFLAGS
CFLAGS="$CFLAGS -mindirect-branch=thunk-inline"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <time.h>
int
main ()
{
time_t x; int fodder = 0; if (fodder > -1000 && time(&x)) return (int) x
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ax_cv_check_cflags___mindirect_branch_thunk_inline=yes
else
ax_cv_check_cflags___mindirect_branch_thunk_inline=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
CFLAGS=$ax_check_save_flags
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_thunk_inline" >&5
$as_echo "$ax_cv_check_cflags___mindirect_branch_thunk_inline" >&6; }
if test "x$ax_cv_check_cflags___mindirect_branch_thunk_inline" = xyes; then :
CFLAGS="$CFLAGS -mindirect-branch=thunk-inline"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mretpoline" >&5
$as_echo_n "checking whether C compiler accepts -mretpoline... " >&6; }
if ${ax_cv_check_cflags___mretpoline+:} false; then :
$as_echo_n "(cached) " >&6
else
ax_check_save_flags=$CFLAGS
CFLAGS="$CFLAGS -mretpoline"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <time.h>
int
main ()
{
time_t x; int fodder = 0; if (fodder > -1000 && time(&x)) return (int) x
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ax_cv_check_cflags___mretpoline=yes
else
ax_cv_check_cflags___mretpoline=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
CFLAGS=$ax_check_save_flags
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mretpoline" >&5
$as_echo "$ax_cv_check_cflags___mretpoline" >&6; }
if test "x$ax_cv_check_cflags___mretpoline" = xyes; then :
CFLAGS="$CFLAGS -mretpoline"
else
:
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -mindirect-branch-register" >&5
$as_echo_n "checking whether C compiler accepts -mindirect-branch-register... " >&6; }
if ${ax_cv_check_cflags___mindirect_branch_register+:} false; then :
$as_echo_n "(cached) " >&6
else
ax_check_save_flags=$CFLAGS
CFLAGS="$CFLAGS -mindirect-branch-register"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <time.h>
int
main ()
{
time_t x; int fodder = 0; if (fodder > -1000 && time(&x)) return (int) x
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ax_cv_check_cflags___mindirect_branch_register=yes
else
ax_cv_check_cflags___mindirect_branch_register=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
CFLAGS=$ax_check_save_flags
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___mindirect_branch_register" >&5
$as_echo "$ax_cv_check_cflags___mindirect_branch_register" >&6; }
if test "x$ax_cv_check_cflags___mindirect_branch_register" = xyes; then :
:
else
:
fi
fi
fi
ENABLE_CWFLAGS=no
# Check whether --enable-debug was given.
if test "${enable_debug+set}" = set; then :
@ -8838,6 +8955,42 @@ _ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: thread local storage is supported" >&5
$as_echo "thread local storage is supported" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -ftls-model=local-dynamic" >&5
$as_echo_n "checking whether C compiler accepts -ftls-model=local-dynamic... " >&6; }
if ${ax_cv_check_cflags___ftls_model_local_dynamic+:} false; then :
$as_echo_n "(cached) " >&6
else
ax_check_save_flags=$CFLAGS
CFLAGS="$CFLAGS -ftls-model=local-dynamic"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <time.h>
int
main ()
{
time_t x; int fodder = 0; if (fodder > -1000 && time(&x)) return (int) x
;
return 0;
}
_ACEOF
if ac_fn_c_try_link "$LINENO"; then :
ax_cv_check_cflags___ftls_model_local_dynamic=yes
else
ax_cv_check_cflags___ftls_model_local_dynamic=no
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext conftest.$ac_ext
CFLAGS=$ax_check_save_flags
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags___ftls_model_local_dynamic" >&5
$as_echo "$ax_cv_check_cflags___ftls_model_local_dynamic" >&6; }
if test "x$ax_cv_check_cflags___ftls_model_local_dynamic" = xyes; then :
CFLAGS="$CFLAGS -ftls-model=local-dynamic"
else
:
fi
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: thread local storage is not supported" >&5
$as_echo "thread local storage is not supported" >&6; }
@ -18267,8 +18420,7 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
# error libsodium currently expects a little endian CPU for the 128-bit type
#endif
#ifdef __EMSCRIPTEN__
# error emscripten currently supports only shift operations on integers \
# larger than 64 bits
# error emscripten currently doesn't support some operations on integers larger than 64 bits
#endif
#include <stddef.h>
#include <stdint.h>
@ -18279,6 +18431,8 @@ typedef unsigned uint128_t __attribute__((mode(TI)));
#endif
void fcontract(uint128_t *t) {
*t += 0x8000000000000 - 1;
*t *= *t;
*t >>= 84;
}
int
@ -18756,7 +18910,7 @@ _ACEOF
fi
done
for ac_func in mmap mlock madvise mprotect memset_s explicit_bzero nanosleep
for ac_func in mmap mlock madvise mprotect memset_s explicit_bzero explicit_memset nanosleep
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -19776,7 +19930,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by libsodium $as_me 1.0.16, which was
This file was extended by libsodium $as_me 1.0.17, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -19834,7 +19988,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
libsodium config.status 1.0.16
libsodium config.status 1.0.17
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

30
configure.ac
View File

@ -1,5 +1,5 @@
AC_PREREQ([2.65])
AC_INIT([libsodium],[1.0.16],
AC_INIT([libsodium],[1.0.17],
[https://github.com/jedisct1/libsodium/issues],
[libsodium],
[https://github.com/jedisct1/libsodium])
@ -13,13 +13,11 @@ AM_MAINTAINER_MODE
AM_DEP_TRACK
AC_SUBST(VERSION)
ISODATE=`date +%Y-%m-%d`
AC_SUBST(ISODATE)
SODIUM_LIBRARY_VERSION_MAJOR=10
SODIUM_LIBRARY_VERSION_MINOR=1
SODIUM_LIBRARY_VERSION_MINOR=2
DLL_VERSION=8
SODIUM_LIBRARY_VERSION=24:0:1
SODIUM_LIBRARY_VERSION=25:0:2
# | | |
# +------+ | +---+
# | | |
@ -151,6 +149,17 @@ AC_ARG_WITH(ctgrind,
])
])
AC_ARG_ENABLE(retpoline,
[AS_HELP_STRING(--enable-retpoline,Use return trampolines for indirect calls)],
[AS_IF([test "x$enableval" = "xyes"], [
AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk-inline],
[CFLAGS="$CFLAGS -mindirect-branch=thunk-inline"],
[AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"])]
)
AX_CHECK_COMPILE_FLAG([-mindirect-branch-register])
])
])
ENABLE_CWFLAGS=no
AC_ARG_ENABLE(debug,
[AS_HELP_STRING(--enable-debug,For maintainers only - please do not use)],
@ -328,7 +337,9 @@ AX_CHECK_CATCHABLE_SEGV
AX_CHECK_CATCHABLE_ABRT
AS_IF([test "x$with_threads" = "xyes"], [
AX_TLS([AC_MSG_RESULT(thread local storage is supported)],
AX_TLS([AC_MSG_RESULT(thread local storage is supported)
AX_CHECK_COMPILE_FLAG([-ftls-model=local-dynamic],
[CFLAGS="$CFLAGS -ftls-model=local-dynamic"])],
[AC_MSG_RESULT(thread local storage is not supported)]) ])
LT_INIT
@ -660,8 +671,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
# error libsodium currently expects a little endian CPU for the 128-bit type
#endif
#ifdef __EMSCRIPTEN__
# error emscripten currently supports only shift operations on integers \
# larger than 64 bits
# error emscripten currently doesn't support some operations on integers larger than 64 bits
#endif
#include <stddef.h>
#include <stdint.h>
@ -672,6 +682,8 @@ typedef unsigned uint128_t __attribute__((mode(TI)));
#endif
void fcontract(uint128_t *t) {
*t += 0x8000000000000 - 1;
*t *= *t;
*t >>= 84;
}
]], [[
(void) fcontract;
@ -787,7 +799,7 @@ dnl Checks for functions and headers
AC_FUNC_ALLOCA
AS_IF([test "x$EMSCRIPTEN" = "x"],[
AC_CHECK_FUNCS([arc4random arc4random_buf])
AC_CHECK_FUNCS([mmap mlock madvise mprotect memset_s explicit_bzero nanosleep])
AC_CHECK_FUNCS([mmap mlock madvise mprotect memset_s explicit_bzero explicit_memset nanosleep])
])
AC_CHECK_FUNCS([posix_memalign getpid])

1
contrib/Makefile.in
View File

@ -185,7 +185,6 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
ISODATE = @ISODATE@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@

3
dist-build/Makefile.am
View File

@ -14,4 +14,5 @@ EXTRA_DIST = \
msys2-win64.sh \
nativeclient-pnacl.sh \
nativeclient-x86.sh \
nativeclient-x86_64.sh
nativeclient-x86_64.sh \
watchos.sh

4
dist-build/Makefile.in
View File

@ -185,7 +185,6 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
ISODATE = @ISODATE@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
@ -302,7 +301,8 @@ EXTRA_DIST = \
msys2-win64.sh \
nativeclient-pnacl.sh \
nativeclient-x86.sh \
nativeclient-x86_64.sh
nativeclient-x86_64.sh \
watchos.sh
all: all-am

66
dist-build/emscripten-symbols.def
View File

@ -27,12 +27,12 @@ _crypto_aead_chacha20poly1305_ietf_encrypt 1 1
_crypto_aead_chacha20poly1305_ietf_encrypt_detached 1 1
_crypto_aead_chacha20poly1305_ietf_keybytes 1 1
_crypto_aead_chacha20poly1305_ietf_keygen 1 1
_crypto_aead_chacha20poly1305_ietf_messagebytes_max 0 0
_crypto_aead_chacha20poly1305_ietf_messagebytes_max 1 1
_crypto_aead_chacha20poly1305_ietf_npubbytes 1 1
_crypto_aead_chacha20poly1305_ietf_nsecbytes 1 1
_crypto_aead_chacha20poly1305_keybytes 1 1
_crypto_aead_chacha20poly1305_keygen 1 1
_crypto_aead_chacha20poly1305_messagebytes_max 0 0
_crypto_aead_chacha20poly1305_messagebytes_max 1 1
_crypto_aead_chacha20poly1305_npubbytes 1 1
_crypto_aead_chacha20poly1305_nsecbytes 1 1
_crypto_aead_xchacha20poly1305_ietf_abytes 1 1
@ -42,7 +42,7 @@ _crypto_aead_xchacha20poly1305_ietf_encrypt 1 1
_crypto_aead_xchacha20poly1305_ietf_encrypt_detached 1 1
_crypto_aead_xchacha20poly1305_ietf_keybytes 1 1
_crypto_aead_xchacha20poly1305_ietf_keygen 1 1
_crypto_aead_xchacha20poly1305_ietf_messagebytes_max 0 0
_crypto_aead_xchacha20poly1305_ietf_messagebytes_max 1 1
_crypto_aead_xchacha20poly1305_ietf_npubbytes 1 1
_crypto_aead_xchacha20poly1305_ietf_nsecbytes 1 1
_crypto_auth 1 1
@ -91,7 +91,7 @@ _crypto_box_curve25519xchacha20poly1305_easy 0 1
_crypto_box_curve25519xchacha20poly1305_easy_afternm 0 1
_crypto_box_curve25519xchacha20poly1305_keypair 0 1
_crypto_box_curve25519xchacha20poly1305_macbytes 0 1
_crypto_box_curve25519xchacha20poly1305_messagebytes_max 0 0
_crypto_box_curve25519xchacha20poly1305_messagebytes_max 1 1
_crypto_box_curve25519xchacha20poly1305_noncebytes 0 1
_crypto_box_curve25519xchacha20poly1305_open_detached 0 1
_crypto_box_curve25519xchacha20poly1305_open_detached_afternm 0 1
@ -111,7 +111,7 @@ _crypto_box_curve25519xsalsa20poly1305_beforenmbytes 0 1
_crypto_box_curve25519xsalsa20poly1305_boxzerobytes 0 1
_crypto_box_curve25519xsalsa20poly1305_keypair 0 1
_crypto_box_curve25519xsalsa20poly1305_macbytes 0 1
_crypto_box_curve25519xsalsa20poly1305_messagebytes_max 0 0
_crypto_box_curve25519xsalsa20poly1305_messagebytes_max 0 1
_crypto_box_curve25519xsalsa20poly1305_noncebytes 0 1
_crypto_box_curve25519xsalsa20poly1305_open 0 1
_crypto_box_curve25519xsalsa20poly1305_open_afternm 0 1
@ -126,7 +126,7 @@ _crypto_box_easy 1 1
_crypto_box_easy_afternm 1 1
_crypto_box_keypair 1 1
_crypto_box_macbytes 1 1
_crypto_box_messagebytes_max 0 0
_crypto_box_messagebytes_max 1 1
_crypto_box_noncebytes 1 1
_crypto_box_open 0 1
_crypto_box_open_afternm 0 1
@ -147,13 +147,22 @@ _crypto_core_ed25519_add 0 1
_crypto_core_ed25519_bytes 0 1
_crypto_core_ed25519_from_uniform 0 1
_crypto_core_ed25519_is_valid_point 0 1
_crypto_core_ed25519_nonreducedscalarbytes 0 1
_crypto_core_ed25519_scalar_add 0 1
_crypto_core_ed25519_scalar_complement 0 1
_crypto_core_ed25519_scalar_invert 0 1
_crypto_core_ed25519_scalar_negate 0 1
_crypto_core_ed25519_scalar_random 0 1
_crypto_core_ed25519_scalar_reduce 0 1
_crypto_core_ed25519_scalar_sub 0 1
_crypto_core_ed25519_scalarbytes 0 1
_crypto_core_ed25519_sub 0 1
_crypto_core_ed25519_uniformbytes 0 1
_crypto_core_hchacha20 1 1
_crypto_core_hchacha20_constbytes 1 1
_crypto_core_hchacha20_inputbytes 1 1
_crypto_core_hchacha20_keybytes 1 1
_crypto_core_hchacha20_outputbytes 1 1
_crypto_core_hchacha20 0 1
_crypto_core_hchacha20_constbytes 0 1
_crypto_core_hchacha20_inputbytes 0 1
_crypto_core_hchacha20_keybytes 0 1
_crypto_core_hchacha20_outputbytes 0 1
_crypto_core_hsalsa20 0 1
_crypto_core_hsalsa20_constbytes 0 1
_crypto_core_hsalsa20_inputbytes 0 1
@ -320,7 +329,7 @@ _crypto_pwhash_opslimit_moderate 1 1
_crypto_pwhash_opslimit_sensitive 1 1
_crypto_pwhash_passwd_max 1 1
_crypto_pwhash_passwd_min 1 1
_crypto_pwhash_primitive 1 1
_crypto_pwhash_primitive 0 1
_crypto_pwhash_saltbytes 1 1
_crypto_pwhash_scryptsalsa208sha256 0 1
_crypto_pwhash_scryptsalsa208sha256_bytes_max 0 1
@ -357,7 +366,9 @@ _crypto_scalarmult_curve25519_bytes 0 1
_crypto_scalarmult_curve25519_scalarbytes 0 1
_crypto_scalarmult_ed25519 0 1
_crypto_scalarmult_ed25519_base 0 1
_crypto_scalarmult_ed25519_base_noclamp 0 1
_crypto_scalarmult_ed25519_bytes 0 1
_crypto_scalarmult_ed25519_noclamp 0 1
_crypto_scalarmult_ed25519_scalarbytes 0 1
_crypto_scalarmult_primitive 0 1
_crypto_scalarmult_scalarbytes 1 1
@ -368,7 +379,7 @@ _crypto_secretbox_easy 1 1
_crypto_secretbox_keybytes 1 1
_crypto_secretbox_keygen 1 1
_crypto_secretbox_macbytes 1 1
_crypto_secretbox_messagebytes_max 0 0
_crypto_secretbox_messagebytes_max 1 1
_crypto_secretbox_noncebytes 1 1
_crypto_secretbox_open 0 1
_crypto_secretbox_open_detached 1 1
@ -378,7 +389,7 @@ _crypto_secretbox_xchacha20poly1305_detached 0 1
_crypto_secretbox_xchacha20poly1305_easy 0 1
_crypto_secretbox_xchacha20poly1305_keybytes 0 1
_crypto_secretbox_xchacha20poly1305_macbytes 0 1
_crypto_secretbox_xchacha20poly1305_messagebytes_max 0 0
_crypto_secretbox_xchacha20poly1305_messagebytes_max 0 1
_crypto_secretbox_xchacha20poly1305_noncebytes 0 1
_crypto_secretbox_xchacha20poly1305_open_detached 0 1
_crypto_secretbox_xchacha20poly1305_open_easy 0 1
@ -387,15 +398,15 @@ _crypto_secretbox_xsalsa20poly1305_boxzerobytes 0 1
_crypto_secretbox_xsalsa20poly1305_keybytes 0 1
_crypto_secretbox_xsalsa20poly1305_keygen 0 1
_crypto_secretbox_xsalsa20poly1305_macbytes 0 1
_crypto_secretbox_xsalsa20poly1305_messagebytes_max 0 0
_crypto_secretbox_xsalsa20poly1305_messagebytes_max 0 1
_crypto_secretbox_xsalsa20poly1305_noncebytes 0 1
_crypto_secretbox_xsalsa20poly1305_open 0 1
_crypto_secretbox_xsalsa20poly1305_zerobytes 0 1
_crypto_secretbox_zerobytes 0 1
_crypto_secretstream_xchacha20poly1305_abytes 1 1
_crypto_secretstream_xchacha20poly1305_headerbytes 1 1
_crypto_secretstream_xchacha20poly1305_init_pull 1 1
_crypto_secretstream_xchacha20poly1305_init_push 1 1
_crypto_secretstream_xchacha20poly1305_headerbytes 1 1
_crypto_secretstream_xchacha20poly1305_keybytes 1 1
_crypto_secretstream_xchacha20poly1305_keygen 1 1
_crypto_secretstream_xchacha20poly1305_messagebytes_max 1 1
@ -425,7 +436,7 @@ _crypto_sign_ed25519 0 1
_crypto_sign_ed25519_bytes 0 1
_crypto_sign_ed25519_detached 0 1
_crypto_sign_ed25519_keypair 0 1
_crypto_sign_ed25519_messagebytes_max 0 0
_crypto_sign_ed25519_messagebytes_max 0 1
_crypto_sign_ed25519_open 0 1
_crypto_sign_ed25519_pk_to_curve25519 1 1
_crypto_sign_ed25519_publickeybytes 0 1
@ -448,7 +459,7 @@ _crypto_sign_final_create 1 1
_crypto_sign_final_verify 1 1
_crypto_sign_init 1 1
_crypto_sign_keypair 1 1
_crypto_sign_messagebytes_max 0 0
_crypto_sign_messagebytes_max 1 1
_crypto_sign_open 1 1
_crypto_sign_primitive 0 1
_crypto_sign_publickeybytes 1 1
@ -463,26 +474,26 @@ _crypto_stream_chacha20 0 1
_crypto_stream_chacha20_ietf 0 1
_crypto_stream_chacha20_ietf_keybytes 0 1
_crypto_stream_chacha20_ietf_keygen 0 1
_crypto_stream_chacha20_ietf_messagebytes_max 0 0
_crypto_stream_chacha20_ietf_messagebytes_max 0 1
_crypto_stream_chacha20_ietf_noncebytes 0 1
_crypto_stream_chacha20_ietf_xor 0 1
_crypto_stream_chacha20_ietf_xor_ic 0 1
_crypto_stream_chacha20_keybytes 0 1
_crypto_stream_chacha20_keygen 0 1
_crypto_stream_chacha20_messagebytes_max 0 0
_crypto_stream_chacha20_messagebytes_max 0 1
_crypto_stream_chacha20_noncebytes 0 1
_crypto_stream_chacha20_xor 0 1
_crypto_stream_chacha20_xor_ic 0 1
_crypto_stream_keybytes 0 1
_crypto_stream_keygen 1 1
_crypto_stream_messagebytes_max 0 0
_crypto_stream_keygen 0 1
_crypto_stream_messagebytes_max 0 1
_crypto_stream_noncebytes 0 1
_crypto_stream_primitive 0 1
_crypto_stream_salsa20 0 1
_crypto_stream_salsa2012 0 1
_crypto_stream_salsa2012_keybytes 0 1
_crypto_stream_salsa2012_keygen 0 1
_crypto_stream_salsa2012_messagebytes_max 0 0
_crypto_stream_salsa2012_messagebytes_max 0 1
_crypto_stream_salsa2012_noncebytes 0 1
_crypto_stream_salsa2012_xor 0 1
_crypto_stream_salsa208 0 1
@ -493,14 +504,14 @@ _crypto_stream_salsa208_noncebytes 0 1
_crypto_stream_salsa208_xor 0 1
_crypto_stream_salsa20_keybytes 0 1
_crypto_stream_salsa20_keygen 0 1
_crypto_stream_salsa20_messagebytes_max 0 0
_crypto_stream_salsa20_messagebytes_max 0 1
_crypto_stream_salsa20_noncebytes 0 1
_crypto_stream_salsa20_xor 0 1
_crypto_stream_salsa20_xor_ic 0 1
_crypto_stream_xchacha20 0 1
_crypto_stream_xchacha20_keybytes 0 1
_crypto_stream_xchacha20_keygen 0 1
_crypto_stream_xchacha20_messagebytes_max 0 0
_crypto_stream_xchacha20_messagebytes_max 0 1
_crypto_stream_xchacha20_noncebytes 0 1
_crypto_stream_xchacha20_xor 0 1
_crypto_stream_xchacha20_xor_ic 0 1
@ -508,7 +519,7 @@ _crypto_stream_xor 0 1
_crypto_stream_xsalsa20 0 1
_crypto_stream_xsalsa20_keybytes 0 1
_crypto_stream_xsalsa20_keygen 0 1
_crypto_stream_xsalsa20_messagebytes_max 0 0
_crypto_stream_xsalsa20_messagebytes_max 0 1
_crypto_stream_xsalsa20_noncebytes 0 1
_crypto_stream_xsalsa20_xor 0 1
_crypto_stream_xsalsa20_xor_ic 0 1
@ -530,8 +541,8 @@ _randombytes_stir 1 1
_randombytes_uniform 1 1
_sodium_add 0 0
_sodium_allocarray 0 0
_sodium_base64_encoded_len 1 1
_sodium_base642bin 1 1
_sodium_base64_encoded_len 1 1
_sodium_bin2base64 1 1
_sodium_bin2hex 1 1
_sodium_compare 0 0
@ -566,5 +577,6 @@ _sodium_runtime_has_sse41 0 0
_sodium_runtime_has_ssse3 0 0
_sodium_set_misuse_handler 0 0
_sodium_stackzero 0 0
_sodium_sub 0 0
_sodium_unpad 1 1
_sodium_version_string 1 1

17
dist-build/emscripten.sh
View File

File diff suppressed because one or more lines are too long

2
dist-build/generate-emscripten-symbols.sh
View File

@ -17,7 +17,7 @@ symbols() {
fi
done < emscripten-symbols.def
nm /usr/local/lib/libsodium.23.dylib | \
/usr/bin/nm /usr/local/lib/libsodium.23.dylib | \
fgrep ' T _' | \
cut -d' ' -f3 | {
while read symbol; do

10
dist-build/ios.sh
View File

@ -17,14 +17,8 @@ export SIMULATOR32_PREFIX="$PREFIX/tmp/simulator32"
export SIMULATOR64_PREFIX="$PREFIX/tmp/simulator64"
export XCODEDIR=$(xcode-select -p)
xcode_major=$(xcodebuild -version|egrep '^Xcode '|cut -d' ' -f2|cut -d. -f1)
if [ $xcode_major -ge 8 ]; then
export IOS_SIMULATOR_VERSION_MIN=${IOS_SIMULATOR_VERSION_MIN-"6.0.0"}
export IOS_VERSION_MIN=${IOS_VERSION_MIN-"6.0.0"}
else
export IOS_SIMULATOR_VERSION_MIN=${IOS_SIMULATOR_VERSION_MIN-"5.1.1"}
export IOS_VERSION_MIN=${IOS_VERSION_MIN-"5.1.1"}
fi
export IOS_SIMULATOR_VERSION_MIN=${IOS_SIMULATOR_VERSION_MIN-"6.0.0"}
export IOS_VERSION_MIN=${IOS_VERSION_MIN-"6.0.0"}
mkdir -p $SIMULATOR32_PREFIX $SIMULATOR64_PREFIX $IOS32_PREFIX $IOS32s_PREFIX $IOS64_PREFIX || exit 1

114
dist-build/watchos.sh Executable file
View File

@ -0,0 +1,114 @@
#! /bin/sh
#
# Step 1.
# Configure for base system so simulator is covered
#
# Step 2.
# Make for watchOS and watchOS simulator
#
# Step 3.
# Merge libs into final version for xcode import
export PREFIX="$(pwd)/libsodium-watchos"
export WATCHOS32_PREFIX="$PREFIX/tmp/watchos32"
export WATCHOS64_32_PREFIX="$PREFIX/tmp/watchos64_32"
export SIMULATOR32_PREFIX="$PREFIX/tmp/simulator32"
export SIMULATOR64_PREFIX="$PREFIX/tmp/simulator64"
export XCODEDIR=$(xcode-select -p)
export WATCHOS_SIMULATOR_VERSION_MIN=${WATCHOS_SIMULATOR_VERSION_MIN-"4.0.0"}
export WATCHOS_VERSION_MIN=${WATCHOS_VERSION_MIN-"4.0.0"}
mkdir -p $SIMULATOR32_PREFIX $SIMULATOR64_PREFIX $WATCHOS32_PREFIX $WATCHOS64_32_PREFIX || exit 1
# Build for the simulator
export BASEDIR="${XCODEDIR}/Platforms/WatchSimulator.platform/Developer"
export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH"
export SDK="${BASEDIR}/SDKs/WatchSimulator.sdk"
## i386 simulator
export CFLAGS="-O2 -arch i386 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}"
export LDFLAGS="-arch i386 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}"
make distclean > /dev/null
if [ -z "$LIBSODIUM_FULL_BUILD" ]; then
export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal"
else
export LIBSODIUM_ENABLE_MINIMAL_FLAG=""
fi
./configure --host=i686-apple-darwin10 \
--disable-shared \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$SIMULATOR32_PREFIX" || exit 1
NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null)
PROCESSORS=${NPROCESSORS:-3}
make -j${PROCESSORS} install || exit 1
## x86_64 simulator
export CFLAGS="-O2 -arch x86_64 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}"
export LDFLAGS="-arch x86_64 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}"
make distclean > /dev/null
./configure --host=x86_64-apple-darwin10 \
--disable-shared \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$SIMULATOR64_PREFIX"
make -j${PROCESSORS} install || exit 1
# Build for watchOS
export BASEDIR="${XCODEDIR}/Platforms/WatchOS.platform/Developer"
export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH"
export SDK="${BASEDIR}/SDKs/WatchOS.sdk"
## 32-bit watchOS
export CFLAGS="-fembed-bitcode -O2 -mthumb -arch armv7k -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}"
export LDFLAGS="-fembed-bitcode -mthumb -arch armv7k -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}"
make distclean > /dev/null
./configure --host=arm-apple-darwin10 \
--disable-shared \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$WATCHOS32_PREFIX" || exit 1
make -j${PROCESSORS} install || exit 1
## 64-bit arm64_32 watchOS
export CFLAGS="-fembed-bitcode -O2 -mthumb -arch arm64_32 -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}"
export LDFLAGS="-fembed-bitcode -mthumb -arch arm64_32 -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}"
make distclean > /dev/null
./configure --host=arm-apple-darwin10 \
--disable-shared \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$WATCHOS64_32_PREFIX" || exit 1
make -j${PROCESSORS} install || exit 1
# Create universal binary and include folder
rm -fr -- "$PREFIX/include" "$PREFIX/libsodium.a" 2> /dev/null
mkdir -p -- "$PREFIX/lib"
lipo -create \
"$SIMULATOR32_PREFIX/lib/libsodium.a" \
"$SIMULATOR64_PREFIX/lib/libsodium.a" \
"$WATCHOS32_PREFIX/lib/libsodium.a" \
"$WATCHOS64_32_PREFIX/lib/libsodium.a" \
-output "$PREFIX/lib/libsodium.a"
mv -f -- "$WATCHOS32_PREFIX/include" "$PREFIX/"
echo
echo "libsodium has been installed into $PREFIX"
echo
file -- "$PREFIX/lib/libsodium.a"
# Cleanup
rm -rf -- "$PREFIX/tmp"
make distclean > /dev/null

6
lgtm.yml Normal file
View File

@ -0,0 +1,6 @@
extraction:
cpp:
configure:
command:
- ./autogen.sh
- ./configure

1
libsodium.vcxproj
View File

@ -497,6 +497,7 @@
<ClInclude Include="src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
libsodium.vcxproj.filters
View File

@ -557,6 +557,9 @@
<ClInclude Include="src\libsodium\include\sodium\private\mutex.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\libsodium\include\sodium\private\implementations.h">
<Filter>Header Files</Filter>
</ClInclude>

1
msvc-scripts/Makefile.in
View File

@ -185,7 +185,6 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
ISODATE = @ISODATE@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@

4
msvc-scripts/process.bat
View File

@ -1,5 +1,5 @@
cscript msvc-scripts/rep.vbs //Nologo s/@VERSION@/1.0.16/ < src\libsodium\include\sodium\version.h.in > tmp
cscript msvc-scripts/rep.vbs //Nologo s/@VERSION@/1.0.17/ < src\libsodium\include\sodium\version.h.in > tmp
cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MAJOR@/10/ < tmp > tmp2
cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MINOR@/1/ < tmp2 > tmp3
cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MINOR@/2/ < tmp2 > tmp3
cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_MINIMAL_DEF@// < tmp3 > src\libsodium\include\sodium\version.h
del tmp tmp2 tmp3

10
packaging/dotnet-core/README.md
View File

@ -31,15 +31,15 @@ Version numbers for the packages for .NET Core consist of three components:
It may be necessary to release more than one package for a libsodium version,
e.g., when adding support for a new platform or if a release contains a broken
binary. In this case, a package revision number is added as a fourth part to
the libsodium version, starting at `1`. For example, `1.0.16` is the initial
release of the package for libsodium 1.0.16 and `1.0.16.5` is the fifth
the libsodium version, starting at `1`. For example, `1.0.17` is the initial
release of the package for libsodium 1.0.17 and `1.0.17.5` is the fifth
revision (sixth release) of that package.
* *pre-release label*
If a package is a pre-release, a label is appended to the version number in
`-preview-##` format where `##` is the number of the pre-release, starting at
`01`. For example, `1.0.16-preview-01` is the first pre-release of the package
for libsodium 1.0.16 and `1.0.16.5-preview-02` the second pre-release of the
fifth revision of the package for libsodium 1.0.16.
`01`. For example, `1.0.17-preview-01` is the first pre-release of the package
for libsodium 1.0.17 and `1.0.17.5-preview-02` the second pre-release of the
fifth revision of the package for libsodium 1.0.17.
**Making a release**

2
packaging/dotnet-core/libsodium.props
View File

@ -15,7 +15,7 @@
<Version><!-- set by prepare.py --></Version>
<Authors>Frank Denis</Authors>
<Description>Internal implementation package not meant for direct consumption. Please do not reference directly.</Description>
<Copyright>&#169; 2013-2017 Frank Denis</Copyright>
<Copyright>&#169; 2013-2019 Frank Denis</Copyright>
<PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
<PackageLicenseUrl>https://raw.githubusercontent.com/jedisct1/libsodium/master/LICENSE</PackageLicenseUrl>
<PackageProjectUrl>https://libsodium.org/</PackageProjectUrl>

14
packaging/dotnet-core/prepare.py
View File

@ -170,13 +170,13 @@ def main(args):
print(' python3 prepare.py <version>')
print()
print('Examples:')
print(' python3 prepare.py 1.0.16-preview-01')
print(' python3 prepare.py 1.0.16-preview-02')
print(' python3 prepare.py 1.0.16-preview-03')
print(' python3 prepare.py 1.0.16')
print(' python3 prepare.py 1.0.16.1-preview-01')
print(' python3 prepare.py 1.0.16.1')
print(' python3 prepare.py 1.0.16.2')
print(' python3 prepare.py 1.0.17-preview-01')
print(' python3 prepare.py 1.0.17-preview-02')
print(' python3 prepare.py 1.0.17-preview-03')
print(' python3 prepare.py 1.0.17')
print(' python3 prepare.py 1.0.17.1-preview-01')
print(' python3 prepare.py 1.0.17.1')
print(' python3 prepare.py 1.0.17.2')
return 1
version = Version(m.group(2), m.group(0))

2
packaging/nuget/package.config
View File

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- These values are populated into the package.gsl templates by package.bat. -->
<!-- The target attribute controls path and file name only, id controls package naming. -->
<package id="libsodium_vc120" target="libsodium" version = "1.0.16.0" pathversion="1_0_16_0" platformtoolset="v120" />
<package id="libsodium_vc120" target="libsodium" version = "1.0.17.0" pathversion="1_0_17_0" platformtoolset="v120" />

4
packaging/nuget/package.gsl
View File

@ -27,7 +27,7 @@
<description>Sodium is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API.</description>
<summary>Portable fork of NaCl, packaged for Visual Studio 2013 (v120) and CTP_Nov2013 compilers.</summary>
<releaseNotes>https://raw.github.com/jedisct1/libsodium/master/ChangeLog</releaseNotes>
<copyright>(c) 2013-2017, Frank Denis (attribution required)</copyright>
<copyright>(c) 2013-2019, Frank Denis (attribution required)</copyright>
<tags>native, NaCl, salt, sodium, libsodium, C++</tags>
<dependencies>
.for dependency
@ -257,4 +257,4 @@
<EnumValue Name="ltcg" DisplayName="Static using link time compile generation (LTCG)" />
</EnumProperty>
</Rule>
</ProjectSchemaDefinitions>
</ProjectSchemaDefinitions>

1
regen-msvc/regen-msvc.py
View File

@ -1,6 +1,5 @@
#! /usr/bin/env python3
import fileinput
import glob
import os
import uuid

1
src/Makefile.in
View File

@ -245,7 +245,6 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
ISODATE = @ISODATE@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@

1
src/libsodium/Makefile.am
View File

@ -82,6 +82,7 @@ libsodium_la_SOURCES = \
crypto_stream/salsa20/stream_salsa20.h \
crypto_stream/xsalsa20/stream_xsalsa20.c \
crypto_verify/sodium/verify.c \
include/sodium/private/chacha20_ietf_ext.h \
include/sodium/private/common.h \
include/sodium/private/ed25519_ref10.h \
include/sodium/private/implementations.h \

9
src/libsodium/Makefile.in
View File

@ -327,7 +327,9 @@ am__libsodium_la_SOURCES_DIST = \
crypto_stream/salsa20/stream_salsa20.c \
crypto_stream/salsa20/stream_salsa20.h \
crypto_stream/xsalsa20/stream_xsalsa20.c \
crypto_verify/sodium/verify.c include/sodium/private/common.h \
crypto_verify/sodium/verify.c \
include/sodium/private/chacha20_ietf_ext.h \
include/sodium/private/common.h \
include/sodium/private/ed25519_ref10.h \
include/sodium/private/implementations.h \
include/sodium/private/mutex.h \
@ -803,7 +805,6 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
ISODATE = @ISODATE@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@
@ -982,7 +983,9 @@ libsodium_la_SOURCES = \
crypto_stream/salsa20/stream_salsa20.c \
crypto_stream/salsa20/stream_salsa20.h \
crypto_stream/xsalsa20/stream_xsalsa20.c \
crypto_verify/sodium/verify.c include/sodium/private/common.h \
crypto_verify/sodium/verify.c \
include/sodium/private/chacha20_ietf_ext.h \
include/sodium/private/common.h \
include/sodium/private/ed25519_ref10.h \
include/sodium/private/implementations.h \
include/sodium/private/mutex.h \

50
src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c
View File

@ -51,10 +51,10 @@ _bswap64(const uint64_t x)
}
#endif
typedef struct context {
CRYPTO_ALIGN(16) unsigned char H[16];
__m128i rkeys[16];
} context;
typedef struct aes256gcm_state {
__m128i rkeys[16];
unsigned char H[16];
} aes256gcm_state;
static inline void
aesni_key256_expand(const unsigned char *key, __m128i * const rkeys)
@ -488,10 +488,10 @@ int
crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
const unsigned char *k)
{
context *ctx = (context *) ctx_;
__m128i *rkeys = ctx->rkeys;
__m128i zero = _mm_setzero_si128();
unsigned char *H = ctx->H;
aes256gcm_state *ctx = (aes256gcm_state *) (void *) ctx_;
unsigned char *H = ctx->H;
__m128i *rkeys = ctx->rkeys;
__m128i zero = _mm_setzero_si128();
COMPILER_ASSERT((sizeof *ctx_) >= (sizeof *ctx));
aesni_key256_expand(k, rkeys);
@ -509,13 +509,13 @@ crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
{
const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
const context *ctx = (const context *) ctx_;
const __m128i *rkeys = ctx->rkeys;
__m128i Hv, H2v, H3v, H4v, accv;
unsigned long long i, j;
unsigned long long adlen_rnd64 = adlen & ~63ULL;
unsigned long long mlen_rnd128 = mlen & ~127ULL;
const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
const aes256gcm_state *ctx = (const aes256gcm_state *) (const void *) ctx_;
const __m128i *rkeys = ctx->rkeys;
__m128i Hv, H2v, H3v, H4v, accv;
unsigned long long i, j;
unsigned long long adlen_rnd64 = adlen & ~63ULL;
unsigned long long mlen_rnd128 = mlen & ~127ULL;
CRYPTO_ALIGN(16) uint32_t n2[4];
CRYPTO_ALIGN(16) unsigned char H[16];
CRYPTO_ALIGN(16) unsigned char T[16];
@ -647,14 +647,14 @@ crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m, unsigned char *
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
{
const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
const context *ctx = (const context *) ctx_;
const __m128i *rkeys = ctx->rkeys;
__m128i Hv, H2v, H3v, H4v, accv;
unsigned long long i, j;
unsigned long long adlen_rnd64 = adlen & ~63ULL;
unsigned long long mlen;
unsigned long long mlen_rnd128;
const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
const aes256gcm_state *ctx = (const aes256gcm_state *) (const void *) ctx_;
const __m128i *rkeys = ctx->rkeys;
__m128i Hv, H2v, H3v, H4v, accv;
unsigned long long i, j;
unsigned long long adlen_rnd64 = adlen & ~63ULL;
unsigned long long mlen;
unsigned long long mlen_rnd128;
CRYPTO_ALIGN(16) uint32_t n2[4];
CRYPTO_ALIGN(16) unsigned char H[16];
CRYPTO_ALIGN(16) unsigned char T[16];
@ -862,7 +862,7 @@ crypto_aead_aes256gcm_encrypt(unsigned char *c,
ret = crypto_aead_aes256gcm_encrypt_afternm
(c, clen_p, m, mlen, ad, adlen, nsec, npub,
(const crypto_aead_aes256gcm_state *) &ctx);
sodium_memzero(ctx, sizeof ctx);
sodium_memzero(&ctx, sizeof ctx);
return ret;
}
@ -906,7 +906,7 @@ crypto_aead_aes256gcm_decrypt(unsigned char *m,
ret = crypto_aead_aes256gcm_decrypt_afternm
(m, mlen_p, nsec, c, clen, ad, adlen, npub,
(const crypto_aead_aes256gcm_state *) &ctx);
sodium_memzero(ctx, sizeof ctx);
sodium_memzero(&ctx, sizeof ctx);
return ret;
}

1
src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c
View File

@ -12,6 +12,7 @@
#include "randombytes.h"
#include "utils.h"
#include "private/chacha20_ietf_ext.h"
#include "private/common.h"
static const unsigned char _pad0[16] = { 0 };

116
src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c
View File

@ -5,14 +5,118 @@
#include <string.h>
#include "core.h"
#include "crypto_aead_xchacha20poly1305.h"
#include "crypto_aead_chacha20poly1305.h"
#include "crypto_aead_xchacha20poly1305.h"
#include "crypto_core_hchacha20.h"
#include "crypto_onetimeauth_poly1305.h"
#include "crypto_stream_chacha20.h"
#include "crypto_verify_16.h"
#include "randombytes.h"
#include "utils.h"
#include "private/chacha20_ietf_ext.h"
#include "private/common.h"
static const unsigned char _pad0[16] = { 0 };
static int
_encrypt_detached(unsigned char *c,
unsigned char *mac,
unsigned long long *maclen_p,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k)
{
crypto_onetimeauth_poly1305_state state;
unsigned char block0[64U];
unsigned char slen[8U];
(void) nsec;
crypto_stream_chacha20_ietf_ext(block0, sizeof block0, npub, k);
crypto_onetimeauth_poly1305_init(&state, block0);
sodium_memzero(block0, sizeof block0);
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf);
crypto_stream_chacha20_ietf_ext_xor_ic(c, m, mlen, npub, 1U, k);
crypto_onetimeauth_poly1305_update(&state, c, mlen);
crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf);
STORE64_LE(slen, (uint64_t) adlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
STORE64_LE(slen, (uint64_t) mlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_final(&state, mac);
sodium_memzero(&state, sizeof state);
if (maclen_p != NULL) {
*maclen_p = crypto_aead_chacha20poly1305_ietf_ABYTES;
}
return 0;
}
static int
_decrypt_detached(unsigned char *m,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *mac,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
{
crypto_onetimeauth_poly1305_state state;
unsigned char block0[64U];
unsigned char slen[8U];
unsigned char computed_mac[crypto_aead_chacha20poly1305_ietf_ABYTES];
unsigned long long mlen;
int ret;
(void) nsec;
crypto_stream_chacha20_ietf_ext(block0, sizeof block0, npub, k);
crypto_onetimeauth_poly1305_init(&state, block0);
sodium_memzero(block0, sizeof block0);
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf);
mlen = clen;
crypto_onetimeauth_poly1305_update(&state, c, mlen);
crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf);
STORE64_LE(slen, (uint64_t) adlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
STORE64_LE(slen, (uint64_t) mlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_final(&state, computed_mac);
sodium_memzero(&state, sizeof state);
COMPILER_ASSERT(sizeof computed_mac == 16U);
ret = crypto_verify_16(computed_mac, mac);
sodium_memzero(computed_mac, sizeof computed_mac);
if (m == NULL) {
return ret;
}
if (ret != 0) {
memset(m, 0, mlen);
return -1;
}
crypto_stream_chacha20_ietf_ext_xor_ic(m, c, mlen, npub, 1U, k);
return 0;
}
int
crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
unsigned char *mac,
@ -32,8 +136,8 @@ crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
crypto_core_hchacha20(k2, npub, k, NULL);
memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES,
crypto_aead_chacha20poly1305_ietf_NPUBBYTES - 4);
ret = crypto_aead_chacha20poly1305_ietf_encrypt_detached
(c, mac, maclen_p, m, mlen, ad, adlen, nsec, npub2, k2);
ret = _encrypt_detached(c, mac, maclen_p, m, mlen, ad, adlen,
nsec, npub2, k2);
sodium_memzero(k2, crypto_core_hchacha20_OUTPUTBYTES);
return ret;
@ -85,12 +189,10 @@ crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
crypto_core_hchacha20(k2, npub, k, NULL);
memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES,
crypto_aead_chacha20poly1305_ietf_NPUBBYTES - 4);
ret = crypto_aead_chacha20poly1305_ietf_decrypt_detached
(m, nsec, c, clen, mac, ad, adlen, npub2, k2);
ret = _decrypt_detached(m, nsec, c, clen, mac, ad, adlen, npub2, k2);
sodium_memzero(k2, crypto_core_hchacha20_OUTPUTBYTES);
return ret;
}
int
@ -105,7 +207,7 @@ crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
const unsigned char *k)
{
unsigned long long mlen = 0ULL;
int ret = -1;
int ret = -1;
if (clen >= crypto_aead_xchacha20poly1305_ietf_ABYTES) {
ret = crypto_aead_xchacha20poly1305_ietf_decrypt_detached

116
src/libsodium/crypto_core/ed25519/core_ed25519.c
View File

@ -1,7 +1,11 @@
#include <stdint.h>
#include "crypto_core_ed25519.h"
#include "private/common.h"
#include "private/ed25519_ref10.h"
#include "randombytes.h"
#include "utils.h"
int
crypto_core_ed25519_is_valid_point(const unsigned char *p)
@ -66,14 +70,126 @@ crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
return - ge25519_has_small_order(p);
}
void
crypto_core_ed25519_scalar_random(unsigned char *r)
{
do {
randombytes_buf(r, crypto_core_ed25519_SCALARBYTES);
r[crypto_core_ed25519_SCALARBYTES - 1] &= 0x1f;
} while (sc25519_is_canonical(r) == 0 ||
sodium_is_zero(r, crypto_core_ed25519_SCALARBYTES));
}
int
crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s)
{
sc25519_invert(recip, s);
return - sodium_is_zero(s, crypto_core_ed25519_SCALARBYTES);
}
/* 2^252+27742317777372353535851937790883648493 */
static const unsigned char L[] = {
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7,
0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
void
crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s)
{
unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
COMPILER_ASSERT(crypto_core_ed25519_NONREDUCEDSCALARBYTES >=
2 * crypto_core_ed25519_SCALARBYTES);
memset(t_, 0, sizeof t_);
memset(s_, 0, sizeof s_);
memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L,
crypto_core_ed25519_SCALARBYTES);
memcpy(s_, s, crypto_core_ed25519_SCALARBYTES);
sodium_sub(t_, s_, sizeof t_);
sc25519_reduce(t_);
memcpy(neg, t_, crypto_core_ed25519_SCALARBYTES);
}
void
crypto_core_ed25519_scalar_complement(unsigned char *comp,
const unsigned char *s)
{
unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
COMPILER_ASSERT(crypto_core_ed25519_NONREDUCEDSCALARBYTES >=
2 * crypto_core_ed25519_SCALARBYTES);
memset(t_, 0, sizeof t_);
memset(s_, 0, sizeof s_);
t_[0]++;
memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L,
crypto_core_ed25519_SCALARBYTES);
memcpy(s_, s, crypto_core_ed25519_SCALARBYTES);
sodium_sub(t_, s_, sizeof t_);
sc25519_reduce(t_);
memcpy(comp, t_, crypto_core_ed25519_SCALARBYTES);
}
void
crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x,
const unsigned char *y)
{
unsigned char x_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
unsigned char y_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
memset(x_, 0, sizeof x_);
memset(y_, 0, sizeof y_);
memcpy(x_, x, crypto_core_ed25519_SCALARBYTES);
memcpy(y_, y, crypto_core_ed25519_SCALARBYTES);
sodium_add(x_, y_, crypto_core_ed25519_SCALARBYTES);
crypto_core_ed25519_scalar_reduce(z, x_);
}
void
crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
const unsigned char *y)
{
unsigned char yn[crypto_core_ed25519_SCALARBYTES];
crypto_core_ed25519_scalar_negate(yn, y);
crypto_core_ed25519_scalar_add(z, x, yn);
}
void
crypto_core_ed25519_scalar_reduce(unsigned char *r,
const unsigned char *s)
{
unsigned char t[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
memcpy(t, s, sizeof t);
sc25519_reduce(t);
memcpy(r, t, crypto_core_ed25519_SCALARBYTES);
sodium_memzero(t, sizeof t);
}
size_t
crypto_core_ed25519_bytes(void)
{
return crypto_core_ed25519_BYTES;
}
size_t
crypto_core_ed25519_nonreducedscalarbytes(void)
{
return crypto_core_ed25519_NONREDUCEDSCALARBYTES;
}
size_t
crypto_core_ed25519_uniformbytes(void)
{
return crypto_core_ed25519_UNIFORMBYTES;
}
size_t
crypto_core_ed25519_scalarbytes(void)
{
return crypto_core_ed25519_SCALARBYTES;
}

562
src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c
View File

@ -1055,6 +1055,478 @@ ge25519_has_small_order(const unsigned char s[32])
return (int) ((k >> 8) & 1);
}
/*
Input:
a[0]+256*a[1]+...+256^31*a[31] = a
b[0]+256*b[1]+...+256^31*b[31] = b
*
Output:
s[0]+256*s[1]+...+256^31*s[31] = (ab) mod l
where l = 2^252 + 27742317777372353535851937790883648493.
*/
static void
sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32])
{
int64_t a0 = 2097151 & load_3(a);
int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
int64_t a8 = 2097151 & load_3(a + 21);
int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
int64_t a11 = (load_4(a + 28) >> 7);
int64_t b0 = 2097151 & load_3(b);
int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
int64_t b8 = 2097151 & load_3(b + 21);
int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
int64_t b11 = (load_4(b + 28) >> 7);
int64_t s0;
int64_t s1;
int64_t s2;
int64_t s3;
int64_t s4;
int64_t s5;
int64_t s6;
int64_t s7;
int64_t s8;
int64_t s9;
int64_t s10;
int64_t s11;
int64_t s12;
int64_t s13;
int64_t s14;
int64_t s15;
int64_t s16;
int64_t s17;
int64_t s18;
int64_t s19;
int64_t s20;
int64_t s21;
int64_t s22;
int64_t s23;
int64_t carry0;
int64_t carry1;
int64_t carry2;
int64_t carry3;
int64_t carry4;
int64_t carry5;
int64_t carry6;
int64_t carry7;
int64_t carry8;
int64_t carry9;
int64_t carry10;
int64_t carry11;
int64_t carry12;
int64_t carry13;
int64_t carry14;
int64_t carry15;
int64_t carry16;
int64_t carry17;
int64_t carry18;
int64_t carry19;
int64_t carry20;
int64_t carry21;
int64_t carry22;
s0 = a0 * b0;
s1 = a0 * b1 + a1 * b0;
s2 = a0 * b2 + a1 * b1 + a2 * b0;
s3 = a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0;
s4 = a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0;
s5 = a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0;
s6 = a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0;
s7 = a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 +
a6 * b1 + a7 * b0;
s8 = a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 +
a6 * b2 + a7 * b1 + a8 * b0;
s9 = a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 +
a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0;
s10 = a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 +
a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0;
s11 = a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 +
a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0;
s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 +
a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1;
s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 +
a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2;
s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 +
a9 * b5 + a10 * b4 + a11 * b3;
s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 +
a10 * b5 + a11 * b4;
s16 =
a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5;
s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6;
s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7;
s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8;
s20 = a9 * b11 + a10 * b10 + a11 * b9;
s21 = a10 * b11 + a11 * b10;
s22 = a11 * b11;
s23 = 0;
carry0 = (s0 + (int64_t) (1L << 20)) >> 21;
s1 += carry0;
s0 -= carry0 * ((uint64_t) 1L << 21);
carry2 = (s2 + (int64_t) (1L << 20)) >> 21;
s3 += carry2;
s2 -= carry2 * ((uint64_t) 1L << 21);
carry4 = (s4 + (int64_t) (1L << 20)) >> 21;
s5 += carry4;
s4 -= carry4 * ((uint64_t) 1L << 21);
carry6 = (s6 + (int64_t) (1L << 20)) >> 21;
s7 += carry6;
s6 -= carry6 * ((uint64_t) 1L << 21);
carry8 = (s8 + (int64_t) (1L << 20)) >> 21;
s9 += carry8;
s8 -= carry8 * ((uint64_t) 1L << 21);
carry10 = (s10 + (int64_t) (1L << 20)) >> 21;
s11 += carry10;
s10 -= carry10 * ((uint64_t) 1L << 21);
carry12 = (s12 + (int64_t) (1L << 20)) >> 21;
s13 += carry12;
s12 -= carry12 * ((uint64_t) 1L << 21);
carry14 = (s14 + (int64_t) (1L << 20)) >> 21;
s15 += carry14;
s14 -= carry14 * ((uint64_t) 1L << 21);
carry16 = (s16 + (int64_t) (1L << 20)) >> 21;
s17 += carry16;
s16 -= carry16 * ((uint64_t) 1L << 21);
carry18 = (s18 + (int64_t) (1L << 20)) >> 21;
s19 += carry18;
s18 -= carry18 * ((uint64_t) 1L << 21);
carry20 = (s20 + (int64_t) (1L << 20)) >> 21;
s21 += carry20;
s20 -= carry20 * ((uint64_t) 1L << 21);
carry22 = (s22 + (int64_t) (1L << 20)) >> 21;
s23 += carry22;
s22 -= carry22 * ((uint64_t) 1L << 21);
carry1 = (s1 + (int64_t) (1L << 20)) >> 21;
s2 += carry1;
s1 -= carry1 * ((uint64_t) 1L << 21);
carry3 = (s3 + (int64_t) (1L << 20)) >> 21;
s4 += carry3;
s3 -= carry3 * ((uint64_t) 1L << 21);
carry5 = (s5 + (int64_t) (1L << 20)) >> 21;
s6 += carry5;
s5 -= carry5 * ((uint64_t) 1L << 21);
carry7 = (s7 + (int64_t) (1L << 20)) >> 21;
s8 += carry7;
s7 -= carry7 * ((uint64_t) 1L << 21);
carry9 = (s9 + (int64_t) (1L << 20)) >> 21;
s10 += carry9;
s9 -= carry9 * ((uint64_t) 1L << 21);
carry11 = (s11 + (int64_t) (1L << 20)) >> 21;
s12 += carry11;
s11 -= carry11 * ((uint64_t) 1L << 21);
carry13 = (s13 + (int64_t) (1L << 20)) >> 21;
s14 += carry13;
s13 -= carry13 * ((uint64_t) 1L << 21);
carry15 = (s15 + (int64_t) (1L << 20)) >> 21;
s16 += carry15;
s15 -= carry15 * ((uint64_t) 1L << 21);
carry17 = (s17 + (int64_t) (1L << 20)) >> 21;
s18 += carry17;
s17 -= carry17 * ((uint64_t) 1L << 21);
carry19 = (s19 + (int64_t) (1L << 20)) >> 21;
s20 += carry19;
s19 -= carry19 * ((uint64_t) 1L << 21);
carry21 = (s21 + (int64_t) (1L << 20)) >> 21;
s22 += carry21;
s21 -= carry21 * ((uint64_t) 1L << 21);
s11 += s23 * 666643;
s12 += s23 * 470296;
s13 += s23 * 654183;
s14 -= s23 * 997805;
s15 += s23 * 136657;
s16 -= s23 * 683901;
s10 += s22 * 666643;
s11 += s22 * 470296;
s12 += s22 * 654183;
s13 -= s22 * 997805;
s14 += s22 * 136657;
s15 -= s22 * 683901;
s9 += s21 * 666643;
s10 += s21 * 470296;
s11 += s21 * 654183;
s12 -= s21 * 997805;
s13 += s21 * 136657;
s14 -= s21 * 683901;
s8 += s20 * 666643;
s9 += s20 * 470296;
s10 += s20 * 654183;
s11 -= s20 * 997805;
s12 += s20 * 136657;
s13 -= s20 * 683901;
s7 += s19 * 666643;
s8 += s19 * 470296;
s9 += s19 * 654183;
s10 -= s19 * 997805;
s11 += s19 * 136657;
s12 -= s19 * 683901;
s6 += s18 * 666643;
s7 += s18 * 470296;
s8 += s18 * 654183;
s9 -= s18 * 997805;
s10 += s18 * 136657;
s11 -= s18 * 683901;
carry6 = (s6 + (int64_t) (1L << 20)) >> 21;
s7 += carry6;
s6 -= carry6 * ((uint64_t) 1L << 21);
carry8 = (s8 + (int64_t) (1L << 20)) >> 21;
s9 += carry8;
s8 -= carry8 * ((uint64_t) 1L << 21);
carry10 = (s10 + (int64_t) (1L << 20)) >> 21;
s11 += carry10;
s10 -= carry10 * ((uint64_t) 1L << 21);
carry12 = (s12 + (int64_t) (1L << 20)) >> 21;
s13 += carry12;
s12 -= carry12 * ((uint64_t) 1L << 21);
carry14 = (s14 + (int64_t) (1L << 20)) >> 21;
s15 += carry14;
s14 -= carry14 * ((uint64_t) 1L << 21);
carry16 = (s16 + (int64_t) (1L << 20)) >> 21;
s17 += carry16;
s16 -= carry16 * ((uint64_t) 1L << 21);
carry7 = (s7 + (int64_t) (1L << 20)) >> 21;
s8 += carry7;
s7 -= carry7 * ((uint64_t) 1L << 21);
carry9 = (s9 + (int64_t) (1L << 20)) >> 21;
s10 += carry9;
s9 -= carry9 * ((uint64_t) 1L << 21);
carry11 = (s11 + (int64_t) (1L << 20)) >> 21;
s12 += carry11;
s11 -= carry11 * ((uint64_t) 1L << 21);
carry13 = (s13 + (int64_t) (1L << 20)) >> 21;
s14 += carry13;
s13 -= carry13 * ((uint64_t) 1L << 21);
carry15 = (s15 + (int64_t) (1L << 20)) >> 21;
s16 += carry15;
s15 -= carry15 * ((uint64_t) 1L << 21);
s5 += s17 * 666643;
s6 += s17 * 470296;
s7 += s17 * 654183;
s8 -= s17 * 997805;
s9 += s17 * 136657;
s10 -= s17 * 683901;
s4 += s16 * 666643;
s5 += s16 * 470296;
s6 += s16 * 654183;
s7 -= s16 * 997805;
s8 += s16 * 136657;
s9 -= s16 * 683901;
s3 += s15 * 666643;
s4 += s15 * 470296;
s5 += s15 * 654183;
s6 -= s15 * 997805;
s7 += s15 * 136657;
s8 -= s15 * 683901;
s2 += s14 * 666643;
s3 += s14 * 470296;
s4 += s14 * 654183;
s5 -= s14 * 997805;
s6 += s14 * 136657;
s7 -= s14 * 683901;
s1 += s13 * 666643;
s2 += s13 * 470296;
s3 += s13 * 654183;
s4 -= s13 * 997805;
s5 += s13 * 136657;
s6 -= s13 * 683901;
s0 += s12 * 666643;
s1 += s12 * 470296;
s2 += s12 * 654183;
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
s12 = 0;
carry0 = (s0 + (int64_t) (1L << 20)) >> 21;
s1 += carry0;
s0 -= carry0 * ((uint64_t) 1L << 21);
carry2 = (s2 + (int64_t) (1L << 20)) >> 21;
s3 += carry2;
s2 -= carry2 * ((uint64_t) 1L << 21);
carry4 = (s4 + (int64_t) (1L << 20)) >> 21;
s5 += carry4;
s4 -= carry4 * ((uint64_t) 1L << 21);
carry6 = (s6 + (int64_t) (1L << 20)) >> 21;
s7 += carry6;
s6 -= carry6 * ((uint64_t) 1L << 21);
carry8 = (s8 + (int64_t) (1L << 20)) >> 21;
s9 += carry8;
s8 -= carry8 * ((uint64_t) 1L << 21);
carry10 = (s10 + (int64_t) (1L << 20)) >> 21;
s11 += carry10;
s10 -= carry10 * ((uint64_t) 1L << 21);
carry1 = (s1 + (int64_t) (1L << 20)) >> 21;
s2 += carry1;
s1 -= carry1 * ((uint64_t) 1L << 21);
carry3 = (s3 + (int64_t) (1L << 20)) >> 21;
s4 += carry3;
s3 -= carry3 * ((uint64_t) 1L << 21);
carry5 = (s5 + (int64_t) (1L << 20)) >> 21;
s6 += carry5;
s5 -= carry5 * ((uint64_t) 1L << 21);
carry7 = (s7 + (int64_t) (1L << 20)) >> 21;
s8 += carry7;
s7 -= carry7 * ((uint64_t) 1L << 21);
carry9 = (s9 + (int64_t) (1L << 20)) >> 21;
s10 += carry9;
s9 -= carry9 * ((uint64_t) 1L << 21);
carry11 = (s11 + (int64_t) (1L << 20)) >> 21;
s12 += carry11;
s11 -= carry11 * ((uint64_t) 1L << 21);
s0 += s12 * 666643;
s1 += s12 * 470296;
s2 += s12 * 654183;
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
s12 = 0;
carry0 = s0 >> 21;
s1 += carry0;
s0 -= carry0 * ((uint64_t) 1L << 21);
carry1 = s1 >> 21;
s2 += carry1;
s1 -= carry1 * ((uint64_t) 1L << 21);
carry2 = s2 >> 21;
s3 += carry2;
s2 -= carry2 * ((uint64_t) 1L << 21);
carry3 = s3 >> 21;
s4 += carry3;
s3 -= carry3 * ((uint64_t) 1L << 21);
carry4 = s4 >> 21;
s5 += carry4;
s4 -= carry4 * ((uint64_t) 1L << 21);
carry5 = s5 >> 21;
s6 += carry5;
s5 -= carry5 * ((uint64_t) 1L << 21);
carry6 = s6 >> 21;
s7 += carry6;
s6 -= carry6 * ((uint64_t) 1L << 21);
carry7 = s7 >> 21;
s8 += carry7;
s7 -= carry7 * ((uint64_t) 1L << 21);
carry8 = s8 >> 21;
s9 += carry8;
s8 -= carry8 * ((uint64_t) 1L << 21);
carry9 = s9 >> 21;
s10 += carry9;
s9 -= carry9 * ((uint64_t) 1L << 21);
carry10 = s10 >> 21;
s11 += carry10;
s10 -= carry10 * ((uint64_t) 1L << 21);
carry11 = s11 >> 21;
s12 += carry11;
s11 -= carry11 * ((uint64_t) 1L << 21);
s0 += s12 * 666643;
s1 += s12 * 470296;
s2 += s12 * 654183;
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
carry0 = s0 >> 21;
s1 += carry0;
s0 -= carry0 * ((uint64_t) 1L << 21);
carry1 = s1 >> 21;
s2 += carry1;
s1 -= carry1 * ((uint64_t) 1L << 21);
carry2 = s2 >> 21;
s3 += carry2;
s2 -= carry2 * ((uint64_t) 1L << 21);
carry3 = s3 >> 21;
s4 += carry3;
s3 -= carry3 * ((uint64_t) 1L << 21);
carry4 = s4 >> 21;
s5 += carry4;
s4 -= carry4 * ((uint64_t) 1L << 21);
carry5 = s5 >> 21;
s6 += carry5;
s5 -= carry5 * ((uint64_t) 1L << 21);
carry6 = s6 >> 21;
s7 += carry6;
s6 -= carry6 * ((uint64_t) 1L << 21);
carry7 = s7 >> 21;
s8 += carry7;
s7 -= carry7 * ((uint64_t) 1L << 21);
carry8 = s8 >> 21;
s9 += carry8;
s8 -= carry8 * ((uint64_t) 1L << 21);
carry9 = s9 >> 21;
s10 += carry9;
s9 -= carry9 * ((uint64_t) 1L << 21);
carry10 = s10 >> 21;
s11 += carry10;
s10 -= carry10 * ((uint64_t) 1L << 21);
s[0] = s0 >> 0;
s[1] = s0 >> 8;
s[2] = (s0 >> 16) | (s1 * ((uint64_t) 1 << 5));
s[3] = s1 >> 3;
s[4] = s1 >> 11;
s[5] = (s1 >> 19) | (s2 * ((uint64_t) 1 << 2));
s[6] = s2 >> 6;
s[7] = (s2 >> 14) | (s3 * ((uint64_t) 1 << 7));
s[8] = s3 >> 1;
s[9] = s3 >> 9;
s[10] = (s3 >> 17) | (s4 * ((uint64_t) 1 << 4));
s[11] = s4 >> 4;
s[12] = s4 >> 12;
s[13] = (s4 >> 20) | (s5 * ((uint64_t) 1 << 1));
s[14] = s5 >> 7;
s[15] = (s5 >> 15) | (s6 * ((uint64_t) 1 << 6));
s[16] = s6 >> 2;
s[17] = s6 >> 10;
s[18] = (s6 >> 18) | (s7 * ((uint64_t) 1 << 3));
s[19] = s7 >> 5;
s[20] = s7 >> 13;
s[21] = s8 >> 0;
s[22] = s8 >> 8;
s[23] = (s8 >> 16) | (s9 * ((uint64_t) 1 << 5));
s[24] = s9 >> 3;
s[25] = s9 >> 11;
s[26] = (s9 >> 19) | (s10 * ((uint64_t) 1 << 2));
s[27] = s10 >> 6;
s[28] = (s10 >> 14) | (s11 * ((uint64_t) 1 << 7));
s[29] = s11 >> 1;
s[30] = s11 >> 9;
s[31] = s11 >> 17;
}
/*
Input:
a[0]+256*a[1]+...+256^31*a[31] = a
@ -1067,8 +1539,8 @@ ge25519_has_small_order(const unsigned char s[32])
*/
void
sc25519_muladd(unsigned char *s, const unsigned char *a,
const unsigned char *b, const unsigned char *c)
sc25519_muladd(unsigned char s[32], const unsigned char a[32],
const unsigned char b[32], const unsigned char c[32])
{
int64_t a0 = 2097151 & load_3(a);
int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
@ -1543,6 +2015,88 @@ sc25519_muladd(unsigned char *s, const unsigned char *a,
s[31] = s11 >> 17;
}
/*
Input:
a[0]+256*a[1]+...+256^31*a[31] = a
*
Output:
s[0]+256*s[1]+...+256^31*s[31] = a^2 mod l
where l = 2^252 + 27742317777372353535851937790883648493.
*/
static inline void
sc25519_sq(unsigned char *s, const unsigned char *a)
{
sc25519_mul(s, a, a);
}
/*
Input:
s[0]+256*a[1]+...+256^31*a[31] = a
n
*
Output:
s[0]+256*s[1]+...+256^31*s[31] = x * s^(s^n) mod l
where l = 2^252 + 27742317777372353535851937790883648493.
Overwrites s in place.
*/
static inline void
sc25519_sqmul(unsigned char s[32], const int n, const unsigned char a[32])
{
int i;
for (i = 0; i < n; i++) {
sc25519_sq(s, s);
}
sc25519_mul(s, s, a);
}
void
sc25519_invert(unsigned char recip[32], const unsigned char s[32])
{
unsigned char _10[32], _100[32], _11[32], _101[32], _111[32],
_1001[32], _1011[32], _1111[32];
sc25519_sq(_10, s);
sc25519_sq(_100, _10);
sc25519_mul(_11, _10, s);
sc25519_mul(_101, _10, _11);
sc25519_mul(_111, _10, _101);
sc25519_mul(_1001, _10, _111);
sc25519_mul(_1011, _10, _1001);
sc25519_mul(_1111, _100, _1011);
sc25519_mul(recip, _1111, s);
sc25519_sqmul(recip, 123 + 3, _101);
sc25519_sqmul(recip, 2 + 2, _11);
sc25519_sqmul(recip, 1 + 4, _1111);
sc25519_sqmul(recip, 1 + 4, _1111);
sc25519_sqmul(recip, 4, _1001);
sc25519_sqmul(recip, 2, _11);
sc25519_sqmul(recip, 1 + 4, _1111);
sc25519_sqmul(recip, 1 + 3, _101);
sc25519_sqmul(recip, 3 + 3, _101);
sc25519_sqmul(recip, 3, _111);
sc25519_sqmul(recip, 1 + 4, _1111);
sc25519_sqmul(recip, 2 + 3, _111);
sc25519_sqmul(recip, 2 + 2, _11);
sc25519_sqmul(recip, 1 + 4, _1011);
sc25519_sqmul(recip, 2 + 4, _1011);
sc25519_sqmul(recip, 6 + 4, _1001);
sc25519_sqmul(recip, 2 + 2, _11);
sc25519_sqmul(recip, 3 + 2, _11);
sc25519_sqmul(recip, 3 + 2, _11);
sc25519_sqmul(recip, 1 + 4, _1001);
sc25519_sqmul(recip, 1 + 3, _111);
sc25519_sqmul(recip, 2 + 4, _1111);
sc25519_sqmul(recip, 1 + 4, _1011);
sc25519_sqmul(recip, 3, _101);
sc25519_sqmul(recip, 2 + 4, _1111);
sc25519_sqmul(recip, 3, _101);
sc25519_sqmul(recip, 1 + 2, _11);
}
/*
Input:
s[0]+256*s[1]+...+256^63*s[63] = s
@ -1554,7 +2108,7 @@ sc25519_muladd(unsigned char *s, const unsigned char *a,
*/
void
sc25519_reduce(unsigned char *s)
sc25519_reduce(unsigned char s[64])
{
int64_t s0 = 2097151 & load_3(s);
int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
@ -1878,7 +2432,7 @@ sc25519_reduce(unsigned char *s)
}
int
sc25519_is_canonical(const unsigned char *s)
sc25519_is_canonical(const unsigned char s[32])
{
/* 2^252+27742317777372353535851937790883648493 */
static const unsigned char L[32] = {

9
src/libsodium/crypto_generichash/blake2b/ref/blake2.h
View File

@ -65,7 +65,14 @@ typedef struct blake2b_param_ {
uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */
} blake2b_param;
typedef crypto_generichash_blake2b_state blake2b_state;
typedef struct blake2b_state {
uint64_t h[8];
uint64_t t[2];
uint64_t f[2];
uint8_t buf[2 * 128];
size_t buflen;
uint8_t last_node;
} blake2b_state;
#if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
#pragma pack()

15
src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h
View File

@ -2,15 +2,20 @@
#ifndef blake2b_compress_avx2_H
#define blake2b_compress_avx2_H
#define LOADU128(p) _mm_loadu_si128((__m128i *) (p))
#define LOADU128(p) _mm_loadu_si128((const __m128i *) (p))
#define STOREU128(p, r) _mm_storeu_si128((__m128i *) (p), r)
#define LOAD(p) _mm256_load_si256((__m256i *) (p))
#define STORE(p, r) _mm256_store_si256((__m256i *) (p), r)
#define LOADU(p) _mm256_loadu_si256((__m256i *) (p))
#define LOADU(p) _mm256_loadu_si256((const __m256i *) (p))
#define STOREU(p, r) _mm256_storeu_si256((__m256i *) (p), r)
#if defined(__INTEL_COMPILER) || defined(_MSC_VER) || defined(__GNUC__)
# define LOAD(p) _mm256_load_si256((const __m256i *) (p))
# define STORE(p, r) _mm256_store_si256((__m256i *) (p), r)
#else
# define LOAD(p) LOADU(p)
# define STORE(p, r) STOREU(p, r)
#endif
static inline uint64_t
LOADU64(const void *p)
{

32
src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ssse3.c
View File

@ -39,22 +39,22 @@ blake2b_compress_ssse3(blake2b_state *S,
_mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9);
const __m128i r24 =
_mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10);
const uint64_t m0 = ((uint64_t *) block)[0];
const uint64_t m1 = ((uint64_t *) block)[1];
const uint64_t m2 = ((uint64_t *) block)[2];
const uint64_t m3 = ((uint64_t *) block)[3];
const uint64_t m4 = ((uint64_t *) block)[4];
const uint64_t m5 = ((uint64_t *) block)[5];
const uint64_t m6 = ((uint64_t *) block)[6];
const uint64_t m7 = ((uint64_t *) block)[7];
const uint64_t m8 = ((uint64_t *) block)[8];
const uint64_t m9 = ((uint64_t *) block)[9];
const uint64_t m10 = ((uint64_t *) block)[10];
const uint64_t m11 = ((uint64_t *) block)[11];
const uint64_t m12 = ((uint64_t *) block)[12];
const uint64_t m13 = ((uint64_t *) block)[13];
const uint64_t m14 = ((uint64_t *) block)[14];
const uint64_t m15 = ((uint64_t *) block)[15];
const uint64_t m0 = ((const uint64_t *) block)[0];
const uint64_t m1 = ((const uint64_t *) block)[1];
const uint64_t m2 = ((const uint64_t *) block)[2];
const uint64_t m3 = ((const uint64_t *) block)[3];
const uint64_t m4 = ((const uint64_t *) block)[4];
const uint64_t m5 = ((const uint64_t *) block)[5];
const uint64_t m6 = ((const uint64_t *) block)[6];
const uint64_t m7 = ((const uint64_t *) block)[7];
const uint64_t m8 = ((const uint64_t *) block)[8];
const uint64_t m9 = ((const uint64_t *) block)[9];
const uint64_t m10 = ((const uint64_t *) block)[10];
const uint64_t m11 = ((const uint64_t *) block)[11];
const uint64_t m12 = ((const uint64_t *) block)[12];
const uint64_t m13 = ((const uint64_t *) block)[13];
const uint64_t m14 = ((const uint64_t *) block)[14];
const uint64_t m15 = ((const uint64_t *) block)[15];
row1l = LOADU(&S->h[0]);
row1h = LOADU(&S->h[2]);

16
src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c
View File

@ -97,7 +97,9 @@ blake2b_init0(blake2b_state *S)
for (i = 0; i < 8; i++) {
S->h[i] = blake2b_IV[i];
}
memset(S->t, 0, offsetof(blake2b_state, last_node) + sizeof(S->last_node)
/* zero everything between .t and .last_node */
memset((void *) &S->t, 0,
offsetof(blake2b_state, last_node) + sizeof(S->last_node)
- offsetof(blake2b_state, t));
return 0;
}
@ -183,7 +185,7 @@ blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key,
sodium_misuse();
}
if (!key || !keylen || keylen > BLAKE2B_KEYBYTES) {
sodium_misuse();
sodium_misuse(); /* does not return */
}
P->digest_length = outlen;
P->key_length = keylen;
@ -203,7 +205,7 @@ blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key,
{
uint8_t block[BLAKE2B_BLOCKBYTES];
memset(block, 0, BLAKE2B_BLOCKBYTES);
memcpy(block, key, keylen); /* keylen cannot be 0 */
memcpy(block, key, keylen); /* key and keylen cannot be 0 */
blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */
}
@ -221,7 +223,7 @@ blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen,
sodium_misuse();
}
if (!key || !keylen || keylen > BLAKE2B_KEYBYTES) {
sodium_misuse();
sodium_misuse(); /* does not return */
}
P->digest_length = outlen;
P->key_length = keylen;
@ -249,7 +251,7 @@ blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen,
{
uint8_t block[BLAKE2B_BLOCKBYTES];
memset(block, 0, BLAKE2B_BLOCKBYTES);
memcpy(block, key, keylen); /* keylen cannot be 0 */
memcpy(block, key, keylen); /* key and keylen cannot be 0 */
blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */
}
@ -333,7 +335,7 @@ int
blake2b(uint8_t *out, const void *in, const void *key, const uint8_t outlen,
const uint64_t inlen, uint8_t keylen)
{
blake2b_state S[1];
CRYPTO_ALIGN(64) blake2b_state S[1];
/* Verify parameters */
if (NULL == in && inlen > 0) {
@ -371,7 +373,7 @@ blake2b_salt_personal(uint8_t *out, const void *in, const void *key,
const uint8_t outlen, const uint64_t inlen,
uint8_t keylen, const void *salt, const void *personal)
{
blake2b_state S[1];
CRYPTO_ALIGN(64) blake2b_state S[1];
/* Verify parameters */
if (NULL == in && inlen > 0) {

19
src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c
View File

@ -5,6 +5,7 @@
#include "blake2.h"
#include "crypto_generichash_blake2b.h"
#include "private/common.h"
#include "private/implementations.h"
int
@ -52,11 +53,12 @@ crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state,
}
assert(outlen <= UINT8_MAX);
assert(keylen <= UINT8_MAX);
COMPILER_ASSERT(sizeof(blake2b_state) <= sizeof *state);
if (key == NULL || keylen <= 0U) {
if (blake2b_init(state, (uint8_t) outlen) != 0) {
if (blake2b_init((blake2b_state *) (void *) state, (uint8_t) outlen) != 0) {
return -1; /* LCOV_EXCL_LINE */
}
} else if (blake2b_init_key(state, (uint8_t) outlen, key,
} else if (blake2b_init_key((blake2b_state *) (void *) state, (uint8_t) outlen, key,
(uint8_t) keylen) != 0) {
return -1; /* LCOV_EXCL_LINE */
}
@ -76,11 +78,12 @@ crypto_generichash_blake2b_init_salt_personal(
assert(outlen <= UINT8_MAX);
assert(keylen <= UINT8_MAX);
if (key == NULL || keylen <= 0U) {
if (blake2b_init_salt_personal(state, (uint8_t) outlen, salt,
personal) != 0) {
if (blake2b_init_salt_personal((blake2b_state *) (void *) state,
(uint8_t) outlen, salt, personal) != 0) {
return -1; /* LCOV_EXCL_LINE */
}
} else if (blake2b_init_key_salt_personal(state, (uint8_t) outlen, key,
} else if (blake2b_init_key_salt_personal((blake2b_state *) (void *) state,
(uint8_t) outlen, key,
(uint8_t) keylen, salt,
personal) != 0) {
return -1; /* LCOV_EXCL_LINE */
@ -93,7 +96,8 @@ crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state,
const unsigned char *in,
unsigned long long inlen)
{
return blake2b_update(state, (const uint8_t *) in, (uint64_t) inlen);
return blake2b_update((blake2b_state *) (void *) state,
(const uint8_t *) in, (uint64_t) inlen);
}
int
@ -101,7 +105,8 @@ crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state,
unsigned char *out, const size_t outlen)
{
assert(outlen <= UINT8_MAX);
return blake2b_final(state, (uint8_t *) out, (uint8_t) outlen);
return blake2b_final((blake2b_state *) (void *) state,
(uint8_t *) out, (uint8_t) outlen);
}
int

4
src/libsodium/crypto_kx/crypto_kx.c
View File

@ -63,8 +63,8 @@ crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
crypto_generichash_final(&h, keys, sizeof keys);
sodium_memzero(&h, sizeof h);
for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) {
rx[i] = keys[i];
tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES];
rx[i] = keys[i]; /* rx cannot be NULL */
tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; /* tx cannot be NULL */
}
sodium_memzero(keys, sizeof keys);

11
src/libsodium/crypto_pwhash/argon2/argon2-core.c
View File

@ -80,14 +80,11 @@ allocate_memory(block_region **region, uint32_t m_cost)
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
}
memory_size = sizeof(block) * m_cost;
if (m_cost == 0 ||
memory_size / m_cost !=
sizeof(block)) { /*1. Check for multiplication overflow*/
if (m_cost == 0 || memory_size / m_cost != sizeof(block)) {
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
}
*region = (block_region *) malloc(
sizeof(block_region)); /*2. Try to allocate region*/
if (!*region) {
*region = (block_region *) malloc(sizeof(block_region));
if (*region == NULL) {
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
}
(*region)->base = (*region)->memory = NULL;
@ -116,6 +113,8 @@ allocate_memory(block_region **region, uint32_t m_cost)
}
#endif
if (base == NULL) {
free(*region);
*region = NULL;
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
}
(*region)->base = base;

4
src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c
View File

@ -158,11 +158,11 @@ escrypt_r(escrypt_local_t *local, const uint8_t *passwd, size_t passwdlen,
prefixlen = src - setting;
salt = src;
src = (uint8_t *) strrchr((char *) salt, '$');
src = (const uint8_t *) strrchr((const char *) salt, '$');
if (src) {
saltlen = src - salt;
} else {
saltlen = strlen((char *) salt);
saltlen = strlen((const char *) salt);
}
need = prefixlen + saltlen + 1 +
crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED + 1;

11
src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c
View File

@ -181,20 +181,23 @@ blockmix_salsa8(const uint32_t *Bin, uint32_t *Bout, uint32_t *X, size_t r)
/* 1: X <-- B_{2r - 1} */
blkcpy_64((escrypt_block_t *) X,
(escrypt_block_t *) &Bin[(2 * r - 1) * 16]);
(const escrypt_block_t *) &Bin[(2 * r - 1) * 16]);
/* 2: for i = 0 to 2r - 1 do */
for (i = 0; i < 2 * r; i += 2) {
/* 3: X <-- H(X \xor B_i) */
blkxor_64((escrypt_block_t *) X, (escrypt_block_t *) &Bin[i * 16]);
blkxor_64((escrypt_block_t *) X,
(const escrypt_block_t *) &Bin[i * 16]);
salsa20_8(X);
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
blkcpy_64((escrypt_block_t *) &Bout[i * 8], (escrypt_block_t *) X);
blkcpy_64((escrypt_block_t *) &Bout[i * 8],
(const escrypt_block_t *) X);
/* 3: X <-- H(X \xor B_i) */
blkxor_64((escrypt_block_t *) X, (escrypt_block_t *) &Bin[i * 16 + 16]);
blkxor_64((escrypt_block_t *) X,
(const escrypt_block_t *) &Bin[i * 16 + 16]);
salsa20_8(X);
/* 4: Y_i <-- X */

51
src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c
View File

@ -18,29 +18,50 @@ has_small_order(const unsigned char s[32])
{
CRYPTO_ALIGN(16)
static const unsigned char blacklist[][32] = {
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 },
{ 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 },
{ 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
{ 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
{ 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
{ 0xcd, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x80 },
{ 0x4c, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0xd7 },
{ 0xd9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
{ 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
{ 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }
/* 0 (order 4) */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
/* 1 (order 1) */
{ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
/* 325606250916557431795983626356110631294008115727848805560023387167927233504
(order 8) */
{ 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3,
0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32,
0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 },
/* 39382357235489614581723060781553021112529911719440698176882885853963445705823
(order 8) */
{ 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1,
0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c,
0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 },
/* p-1 (order 2) */
{ 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
/* p (=0, order 4) */
{ 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
/* p+1 (=1, order 1) */
{ 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }
};
unsigned char c[12] = { 0 };
unsigned char c[7] = { 0 };
unsigned int k;
size_t i, j;
COMPILER_ASSERT(12 == sizeof blacklist / sizeof blacklist[0]);
for (j = 0; j < 32; j++) {
COMPILER_ASSERT(7 == sizeof blacklist / sizeof blacklist[0]);
for (j = 0; j < 31; j++) {
for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) {
c[i] |= s[j] ^ blacklist[i][j];
}
}
for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) {
c[i] |= (s[j] & 0x7f) ^ blacklist[i][j];
}
k = 0;
for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) {
k |= (c[i] - 1);

66
src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c
View File

@ -28,9 +28,9 @@ _crypto_scalarmult_ed25519_clamp(unsigned char k[32])
k[31] |= 64;
}
int
crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
const unsigned char *p)
static int
_crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
const unsigned char *p, const int clamp)
{
unsigned char *t = q;
ge25519_p3 Q;
@ -44,7 +44,9 @@ crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
for (i = 0; i < 32; ++i) {
t[i] = n[i];
}
_crypto_scalarmult_ed25519_clamp(t);
if (clamp != 0) {
_crypto_scalarmult_ed25519_clamp(t);
}
ge25519_scalarmult(&Q, t, &P);
ge25519_p3_tobytes(q, &Q);
if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) {
@ -53,24 +55,54 @@ crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
return 0;
}
int
crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
const unsigned char *p)
{
return _crypto_scalarmult_ed25519(q, n, p, 1);
}
int
crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n,
const unsigned char *p)
{
return _crypto_scalarmult_ed25519(q, n, p, 0);
}
static int
_crypto_scalarmult_ed25519_base(unsigned char *q,
const unsigned char *n, const int clamp)
{
unsigned char *t = q;
ge25519_p3 Q;
unsigned int i;
for (i = 0; i < 32; ++i) {
t[i] = n[i];
}
if (clamp != 0) {
_crypto_scalarmult_ed25519_clamp(t);
}
ge25519_scalarmult_base(&Q, t);
ge25519_p3_tobytes(q, &Q);
if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) {
return -1;
}
return 0;
}
int
crypto_scalarmult_ed25519_base(unsigned char *q,
const unsigned char *n)
{
unsigned char *t = q;
ge25519_p3 Q;
unsigned int i;
return _crypto_scalarmult_ed25519_base(q, n, 1);
}
for (i = 0; i < 32; ++i) {
t[i] = n[i];
}
_crypto_scalarmult_ed25519_clamp(t);
ge25519_scalarmult_base(&Q, t);
ge25519_p3_tobytes(q, &Q);
if (sodium_is_zero(n, 32) != 0) {
return -1;
}
return 0;
int
crypto_scalarmult_ed25519_base_noclamp(unsigned char *q,
const unsigned char *n)
{
return _crypto_scalarmult_ed25519_base(q, n, 0);
}
size_t

2
src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c
View File

@ -123,6 +123,8 @@ crypto_secretstream_xchacha20poly1305_push
if (outlen_p != NULL) {
*outlen_p = 0U;
}
COMPILER_ASSERT(crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX
<= crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX);
if (mlen > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX) {
sodium_misuse();
}

2
src/libsodium/crypto_sign/crypto_sign.c
View File

@ -108,7 +108,7 @@ crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig,
}
int
crypto_sign_final_verify(crypto_sign_state *state, unsigned char *sig,
crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig,
const unsigned char *pk)
{
return crypto_sign_ed25519ph_final_verify(state, sig, pk);

10
src/libsodium/crypto_sign/ed25519/ref10/keypair.c
View File

@ -15,11 +15,7 @@ crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
{
ge25519_p3 A;
#ifdef ED25519_NONDETERMINISTIC
memmove(sk, seed, 32);
#else
crypto_hash_sha512(sk, seed, 32);
#endif
sk[0] &= 248;
sk[31] &= 127;
sk[31] |= 64;
@ -61,9 +57,9 @@ crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
}
fe25519_1(one_minus_y);
fe25519_sub(one_minus_y, one_minus_y, A.Y);
fe25519_invert(one_minus_y, one_minus_y);
fe25519_1(x);
fe25519_add(x, x, A.Y);
fe25519_invert(one_minus_y, one_minus_y);
fe25519_mul(x, x, one_minus_y);
fe25519_tobytes(curve25519_pk, x);
@ -76,11 +72,7 @@ crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
{
unsigned char h[crypto_hash_sha512_BYTES];
#ifdef ED25519_NONDETERMINISTIC
memcpy(h, ed25519_sk, 32);
#else
crypto_hash_sha512(h, ed25519_sk, 32);
#endif
h[0] &= 248;
h[31] &= 127;
h[31] |= 64;

16
src/libsodium/crypto_sign/ed25519/ref10/open.c
View File

@ -23,21 +23,21 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
ge25519_p3 A;
ge25519_p2 R;
#ifndef ED25519_COMPAT
#ifdef ED25519_COMPAT
if (sig[63] & 224) {
return -1;
}
#else
if (sc25519_is_canonical(sig + 32) == 0 ||
ge25519_has_small_order(sig) != 0) {
return -1;
}
if (ge25519_is_canonical(pk) == 0) {
return -1;
}
#else
if (sig[63] & 224) {
if (ge25519_is_canonical(pk) == 0 ||
ge25519_has_small_order(pk) != 0) {
return -1;
}
#endif
if (ge25519_has_small_order(pk) != 0 ||
ge25519_frombytes_negate_vartime(&A, pk) != 0) {
if (ge25519_frombytes_negate_vartime(&A, pk) != 0) {
return -1;
}
_crypto_sign_ed25519_ref10_hinit(&hs, prehashed);

2
src/libsodium/crypto_sign/ed25519/sign_ed25519.c
View File

@ -86,7 +86,7 @@ crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state,
int
crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state,
unsigned char *sig,
const unsigned char *sig,
const unsigned char *pk)
{
unsigned char ph[crypto_hash_sha512_BYTES];

17
src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.c
View File

@ -77,9 +77,6 @@ chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c,
if (!bytes) {
return; /* LCOV_EXCL_LINE */
}
if (bytes > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
# include "u8.h"
# include "u4.h"
# include "u1.h"
@ -106,8 +103,8 @@ stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n,
}
static int
stream_ietf_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
stream_ietf_ext_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
struct chacha_ctx ctx;
@ -150,9 +147,9 @@ stream_ref_xor_ic(unsigned char *c, const unsigned char *m,
}
static int
stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
{
struct chacha_ctx ctx;
uint8_t ic_bytes[4];
@ -172,9 +169,9 @@ stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
struct crypto_stream_chacha20_implementation
crypto_stream_chacha20_dolbeau_avx2_implementation = {
SODIUM_C99(.stream =) stream_ref,
SODIUM_C99(.stream_ietf =) stream_ietf_ref,
SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref,
SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic,
SODIUM_C99(.stream_ietf_xor_ic =) stream_ietf_ref_xor_ic
SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic
};
#endif

17
src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.c
View File

@ -72,9 +72,6 @@ chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c,
if (!bytes) {
return; /* LCOV_EXCL_LINE */
}
if (bytes > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
# include "u4.h"
# include "u1.h"
# include "u0.h"
@ -100,8 +97,8 @@ stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n,
}
static int
stream_ietf_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
stream_ietf_ext_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
struct chacha_ctx ctx;
@ -144,9 +141,9 @@ stream_ref_xor_ic(unsigned char *c, const unsigned char *m,
}
static int
stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
{
struct chacha_ctx ctx;
uint8_t ic_bytes[4];
@ -166,9 +163,9 @@ stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
struct crypto_stream_chacha20_implementation
crypto_stream_chacha20_dolbeau_ssse3_implementation = {
SODIUM_C99(.stream =) stream_ref,
SODIUM_C99(.stream_ietf =) stream_ietf_ref,
SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref,
SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic,
SODIUM_C99(.stream_ietf_xor_ic =) stream_ietf_ref_xor_ic
SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic
};
#endif

16
src/libsodium/crypto_stream/chacha20/dolbeau/u0.h
View File

@ -9,10 +9,10 @@ if (bytes > 0) {
unsigned int i;
x_0 = _mm_loadu_si128((__m128i*) (x + 0));
x_1 = _mm_loadu_si128((__m128i*) (x + 4));
x_2 = _mm_loadu_si128((__m128i*) (x + 8));
x_3 = _mm_loadu_si128((__m128i*) (x + 12));
x_0 = _mm_loadu_si128((const __m128i*) (x + 0));
x_1 = _mm_loadu_si128((const __m128i*) (x + 4));
x_2 = _mm_loadu_si128((const __m128i*) (x + 8));
x_3 = _mm_loadu_si128((const __m128i*) (x + 12));
for (i = 0; i < ROUNDS; i += 2) {
x_0 = _mm_add_epi32(x_0, x_1);
@ -69,10 +69,10 @@ if (bytes > 0) {
t_1 = _mm_srli_epi32(t_1, 25);
x_1 = _mm_xor_si128(x_1, t_1);
}
x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((__m128i*) (x + 0)));
x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((__m128i*) (x + 4)));
x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((__m128i*) (x + 8)));
x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((__m128i*) (x + 12)));
x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((const __m128i*) (x + 0)));
x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((const __m128i*) (x + 4)));
x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((const __m128i*) (x + 8)));
x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((const __m128i*) (x + 12)));
_mm_storeu_si128((__m128i*) (partialblock + 0), x_0);
_mm_storeu_si128((__m128i*) (partialblock + 16), x_1);
_mm_storeu_si128((__m128i*) (partialblock + 32), x_2);

24
src/libsodium/crypto_stream/chacha20/dolbeau/u1.h
View File

@ -10,10 +10,10 @@ while (bytes >= 64) {
uint32_t in13;
int i;
x_0 = _mm_loadu_si128((__m128i*) (x + 0));
x_1 = _mm_loadu_si128((__m128i*) (x + 4));
x_2 = _mm_loadu_si128((__m128i*) (x + 8));
x_3 = _mm_loadu_si128((__m128i*) (x + 12));
x_0 = _mm_loadu_si128((const __m128i*) (x + 0));
x_1 = _mm_loadu_si128((const __m128i*) (x + 4));
x_2 = _mm_loadu_si128((const __m128i*) (x + 8));
x_3 = _mm_loadu_si128((const __m128i*) (x + 12));
for (i = 0; i < ROUNDS; i += 2) {
x_0 = _mm_add_epi32(x_0, x_1);
@ -70,14 +70,14 @@ while (bytes >= 64) {
t_1 = _mm_srli_epi32(t_1, 25);
x_1 = _mm_xor_si128(x_1, t_1);
}
x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((__m128i*) (x + 0)));
x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((__m128i*) (x + 4)));
x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((__m128i*) (x + 8)));
x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((__m128i*) (x + 12)));
x_0 = _mm_xor_si128(x_0, _mm_loadu_si128((__m128i*) (m + 0)));
x_1 = _mm_xor_si128(x_1, _mm_loadu_si128((__m128i*) (m + 16)));
x_2 = _mm_xor_si128(x_2, _mm_loadu_si128((__m128i*) (m + 32)));
x_3 = _mm_xor_si128(x_3, _mm_loadu_si128((__m128i*) (m + 48)));
x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((const __m128i*) (x + 0)));
x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((const __m128i*) (x + 4)));
x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((const __m128i*) (x + 8)));
x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((const __m128i*) (x + 12)));
x_0 = _mm_xor_si128(x_0, _mm_loadu_si128((const __m128i*) (m + 0)));
x_1 = _mm_xor_si128(x_1, _mm_loadu_si128((const __m128i*) (m + 16)));
x_2 = _mm_xor_si128(x_2, _mm_loadu_si128((const __m128i*) (m + 32)));
x_3 = _mm_xor_si128(x_3, _mm_loadu_si128((const __m128i*) (m + 48)));
_mm_storeu_si128((__m128i*) (c + 0), x_0);
_mm_storeu_si128((__m128i*) (c + 16), x_1);
_mm_storeu_si128((__m128i*) (c + 32), x_2);

52
src/libsodium/crypto_stream/chacha20/dolbeau/u4.h
View File

@ -120,31 +120,33 @@ if (bytes >= 256) {
VEC4_QUARTERROUND(3, 4, 9, 14);
}
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
\
x_##A = _mm_add_epi32(x_##A, orig##A); \
x_##B = _mm_add_epi32(x_##B, orig##B); \
x_##C = _mm_add_epi32(x_##C, orig##C); \
x_##D = _mm_add_epi32(x_##D, orig##D); \
t_##A = _mm_unpacklo_epi32(x_##A, x_##B); \
t_##B = _mm_unpacklo_epi32(x_##C, x_##D); \
t_##C = _mm_unpackhi_epi32(x_##A, x_##B); \
t_##D = _mm_unpackhi_epi32(x_##C, x_##D); \
x_##A = _mm_unpacklo_epi64(t_##A, t_##B); \
x_##B = _mm_unpackhi_epi64(t_##A, t_##B); \
x_##C = _mm_unpacklo_epi64(t_##C, t_##D); \
x_##D = _mm_unpackhi_epi64(t_##C, t_##D); \
\
t0 = _mm_xor_si128(x_##A, _mm_loadu_si128((__m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(x_##B, _mm_loadu_si128((__m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = _mm_xor_si128(x_##C, _mm_loadu_si128((__m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = _mm_xor_si128(x_##D, _mm_loadu_si128((__m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
\
x_##A = _mm_add_epi32(x_##A, orig##A); \
x_##B = _mm_add_epi32(x_##B, orig##B); \
x_##C = _mm_add_epi32(x_##C, orig##C); \
x_##D = _mm_add_epi32(x_##D, orig##D); \
t_##A = _mm_unpacklo_epi32(x_##A, x_##B); \
t_##B = _mm_unpacklo_epi32(x_##C, x_##D); \
t_##C = _mm_unpackhi_epi32(x_##A, x_##B); \
t_##D = _mm_unpackhi_epi32(x_##C, x_##D); \
x_##A = _mm_unpacklo_epi64(t_##A, t_##B); \
x_##B = _mm_unpackhi_epi64(t_##A, t_##B); \
x_##C = _mm_unpacklo_epi64(t_##C, t_##D); \
x_##D = _mm_unpackhi_epi64(t_##C, t_##D); \
\
t0 = _mm_xor_si128(x_##A, _mm_loadu_si128((const __m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(x_##B, _mm_loadu_si128((const __m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = \
_mm_xor_si128(x_##C, _mm_loadu_si128((const __m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = \
_mm_xor_si128(x_##D, _mm_loadu_si128((const __m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
}
#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D)

152
src/libsodium/crypto_stream/chacha20/dolbeau/u8.h
View File

@ -200,7 +200,7 @@ if (bytes >= 512) {
in12 = x[12];
in13 = x[13];
in1213 = ((uint64_t) in12) | (((uint64_t) in13) << 32);
x_12 = x_13 = _mm256_broadcastq_epi64(_mm_cvtsi64_si128(in1213));
x_12 = x_13 = _mm256_broadcastq_epi64(_mm_cvtsi64_si128(in1213));
t12 = _mm256_add_epi64(addv12, x_12);
t13 = _mm256_add_epi64(addv13, x_13);
@ -228,45 +228,45 @@ if (bytes >= 512) {
VEC8_ROUND(0, 5, 10, 15, 1, 6, 11, 12, 2, 7, 8, 13, 3, 4, 9, 14);
}
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
x_##A = _mm256_add_epi32(x_##A, orig##A); \
x_##B = _mm256_add_epi32(x_##B, orig##B); \
x_##C = _mm256_add_epi32(x_##C, orig##C); \
x_##D = _mm256_add_epi32(x_##D, orig##D); \
t_##A = _mm256_unpacklo_epi32(x_##A, x_##B); \
t_##B = _mm256_unpacklo_epi32(x_##C, x_##D); \
t_##C = _mm256_unpackhi_epi32(x_##A, x_##B); \
t_##D = _mm256_unpackhi_epi32(x_##C, x_##D); \
x_##A = _mm256_unpacklo_epi64(t_##A, t_##B); \
x_##B = _mm256_unpackhi_epi64(t_##A, t_##B); \
x_##C = _mm256_unpacklo_epi64(t_##C, t_##D); \
x_##D = _mm256_unpackhi_epi64(t_##C, t_##D); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 0), \
_mm_loadu_si128((__m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 0), \
_mm_loadu_si128((__m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 0), \
_mm_loadu_si128((__m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 0), \
_mm_loadu_si128((__m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 1), \
_mm_loadu_si128((__m128i*) (m + 256))); \
_mm_storeu_si128((__m128i*) (c + 256), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 1), \
_mm_loadu_si128((__m128i*) (m + 320))); \
_mm_storeu_si128((__m128i*) (c + 320), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 1), \
_mm_loadu_si128((__m128i*) (m + 384))); \
_mm_storeu_si128((__m128i*) (c + 384), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 1), \
_mm_loadu_si128((__m128i*) (m + 448))); \
_mm_storeu_si128((__m128i*) (c + 448), t3); \
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
x_##A = _mm256_add_epi32(x_##A, orig##A); \
x_##B = _mm256_add_epi32(x_##B, orig##B); \
x_##C = _mm256_add_epi32(x_##C, orig##C); \
x_##D = _mm256_add_epi32(x_##D, orig##D); \
t_##A = _mm256_unpacklo_epi32(x_##A, x_##B); \
t_##B = _mm256_unpacklo_epi32(x_##C, x_##D); \
t_##C = _mm256_unpackhi_epi32(x_##A, x_##B); \
t_##D = _mm256_unpackhi_epi32(x_##C, x_##D); \
x_##A = _mm256_unpacklo_epi64(t_##A, t_##B); \
x_##B = _mm256_unpackhi_epi64(t_##A, t_##B); \
x_##C = _mm256_unpacklo_epi64(t_##C, t_##D); \
x_##D = _mm256_unpackhi_epi64(t_##C, t_##D); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 0), \
_mm_loadu_si128((const __m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 0), \
_mm_loadu_si128((const __m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 0), \
_mm_loadu_si128((const __m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 0), \
_mm_loadu_si128((const __m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 1), \
_mm_loadu_si128((const __m128i*) (m + 256))); \
_mm_storeu_si128((__m128i*) (c + 256), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 1), \
_mm_loadu_si128((const __m128i*) (m + 320))); \
_mm_storeu_si128((__m128i*) (c + 320), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 1), \
_mm_loadu_si128((const __m128i*) (m + 384))); \
_mm_storeu_si128((__m128i*) (c + 384), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 1), \
_mm_loadu_si128((const __m128i*) (m + 448))); \
_mm_storeu_si128((__m128i*) (c + 448), t3); \
}
#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D)
@ -287,42 +287,42 @@ if (bytes >= 512) {
x_##D = _mm256_unpackhi_epi64(t_##C, t_##D); \
}
#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \
{ \
ONEQUAD_UNPCK(A, B, C, D); \
ONEQUAD_UNPCK(A2, B2, C2, D2); \
t_##A = _mm256_permute2x128_si256(x_##A, x_##A2, 0x20); \
t_##A2 = _mm256_permute2x128_si256(x_##A, x_##A2, 0x31); \
t_##B = _mm256_permute2x128_si256(x_##B, x_##B2, 0x20); \
t_##B2 = _mm256_permute2x128_si256(x_##B, x_##B2, 0x31); \
t_##C = _mm256_permute2x128_si256(x_##C, x_##C2, 0x20); \
t_##C2 = _mm256_permute2x128_si256(x_##C, x_##C2, 0x31); \
t_##D = _mm256_permute2x128_si256(x_##D, x_##D2, 0x20); \
t_##D2 = _mm256_permute2x128_si256(x_##D, x_##D2, 0x31); \
t_##A = \
_mm256_xor_si256(t_##A, _mm256_loadu_si256((__m256i*) (m + 0))); \
t_##B = \
_mm256_xor_si256(t_##B, _mm256_loadu_si256((__m256i*) (m + 64))); \
t_##C = \
_mm256_xor_si256(t_##C, _mm256_loadu_si256((__m256i*) (m + 128))); \
t_##D = \
_mm256_xor_si256(t_##D, _mm256_loadu_si256((__m256i*) (m + 192))); \
t_##A2 = _mm256_xor_si256(t_##A2, \
_mm256_loadu_si256((__m256i*) (m + 256))); \
t_##B2 = _mm256_xor_si256(t_##B2, \
_mm256_loadu_si256((__m256i*) (m + 320))); \
t_##C2 = _mm256_xor_si256(t_##C2, \
_mm256_loadu_si256((__m256i*) (m + 384))); \
t_##D2 = _mm256_xor_si256(t_##D2, \
_mm256_loadu_si256((__m256i*) (m + 448))); \
_mm256_storeu_si256((__m256i*) (c + 0), t_##A); \
_mm256_storeu_si256((__m256i*) (c + 64), t_##B); \
_mm256_storeu_si256((__m256i*) (c + 128), t_##C); \
_mm256_storeu_si256((__m256i*) (c + 192), t_##D); \
_mm256_storeu_si256((__m256i*) (c + 256), t_##A2); \
_mm256_storeu_si256((__m256i*) (c + 320), t_##B2); \
_mm256_storeu_si256((__m256i*) (c + 384), t_##C2); \
_mm256_storeu_si256((__m256i*) (c + 448), t_##D2); \
#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \
{ \
ONEQUAD_UNPCK(A, B, C, D); \
ONEQUAD_UNPCK(A2, B2, C2, D2); \
t_##A = _mm256_permute2x128_si256(x_##A, x_##A2, 0x20); \
t_##A2 = _mm256_permute2x128_si256(x_##A, x_##A2, 0x31); \
t_##B = _mm256_permute2x128_si256(x_##B, x_##B2, 0x20); \
t_##B2 = _mm256_permute2x128_si256(x_##B, x_##B2, 0x31); \
t_##C = _mm256_permute2x128_si256(x_##C, x_##C2, 0x20); \
t_##C2 = _mm256_permute2x128_si256(x_##C, x_##C2, 0x31); \
t_##D = _mm256_permute2x128_si256(x_##D, x_##D2, 0x20); \
t_##D2 = _mm256_permute2x128_si256(x_##D, x_##D2, 0x31); \
t_##A = _mm256_xor_si256( \
t_##A, _mm256_loadu_si256((const __m256i*) (m + 0))); \
t_##B = _mm256_xor_si256( \
t_##B, _mm256_loadu_si256((const __m256i*) (m + 64))); \
t_##C = _mm256_xor_si256( \
t_##C, _mm256_loadu_si256((const __m256i*) (m + 128))); \
t_##D = _mm256_xor_si256( \
t_##D, _mm256_loadu_si256((const __m256i*) (m + 192))); \
t_##A2 = _mm256_xor_si256( \
t_##A2, _mm256_loadu_si256((const __m256i*) (m + 256))); \
t_##B2 = _mm256_xor_si256( \
t_##B2, _mm256_loadu_si256((const __m256i*) (m + 320))); \
t_##C2 = _mm256_xor_si256( \
t_##C2, _mm256_loadu_si256((const __m256i*) (m + 384))); \
t_##D2 = _mm256_xor_si256( \
t_##D2, _mm256_loadu_si256((const __m256i*) (m + 448))); \
_mm256_storeu_si256((__m256i*) (c + 0), t_##A); \
_mm256_storeu_si256((__m256i*) (c + 64), t_##B); \
_mm256_storeu_si256((__m256i*) (c + 128), t_##C); \
_mm256_storeu_si256((__m256i*) (c + 192), t_##D); \
_mm256_storeu_si256((__m256i*) (c + 256), t_##A2); \
_mm256_storeu_si256((__m256i*) (c + 320), t_##B2); \
_mm256_storeu_si256((__m256i*) (c + 384), t_##C2); \
_mm256_storeu_si256((__m256i*) (c + 448), t_##D2); \
}
ONEOCTO(0, 1, 2, 3, 4, 5, 6, 7);

17
src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c
View File

@ -92,9 +92,6 @@ chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c,
if (!bytes) {
return; /* LCOV_EXCL_LINE */
}
if (bytes > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
j0 = ctx->input[0];
j1 = ctx->input[1];
j2 = ctx->input[2];
@ -243,8 +240,8 @@ stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n,
}
static int
stream_ietf_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
stream_ietf_ext_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
struct chacha_ctx ctx;
@ -287,9 +284,9 @@ stream_ref_xor_ic(unsigned char *c, const unsigned char *m,
}
static int
stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
{
struct chacha_ctx ctx;
uint8_t ic_bytes[4];
@ -309,7 +306,7 @@ stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
struct crypto_stream_chacha20_implementation
crypto_stream_chacha20_ref_implementation = {
SODIUM_C99(.stream =) stream_ref,
SODIUM_C99(.stream_ietf =) stream_ietf_ref,
SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref,
SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic,
SODIUM_C99(.stream_ietf_xor_ic =) stream_ietf_ref_xor_ic
SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic
};

88
src/libsodium/crypto_stream/chacha20/stream_chacha20.c
View File

@ -1,4 +1,6 @@
#include "crypto_stream_chacha20.h"
#include "core.h"
#include "private/chacha20_ietf_ext.h"
#include "private/common.h"
#include "private/implementations.h"
#include "randombytes.h"
@ -53,40 +55,89 @@ int
crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
if (clen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream(c, clen, n, k);
}
int
crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
return implementation->stream_ietf(c, clen, n, k);
}
int
crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint64_t ic,
const unsigned char *k)
{
if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream_xor_ic(c, m, mlen, n, ic, k);
}
int
crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k)
{
if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream_xor_ic(c, m, mlen, n, 0U, k);
}
int
crypto_stream_chacha20_ietf_ext(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
if (clen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream_ietf_ext(c, clen, n, k);
}
int
crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint32_t ic,
const unsigned char *k)
{
if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream_ietf_ext_xor_ic(c, m, mlen, n, ic, k);
}
static int
crypto_stream_chacha20_ietf_ext_xor(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k)
{
if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream_ietf_ext_xor_ic(c, m, mlen, n, 0U, k);
}
int
crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
if (clen > crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return crypto_stream_chacha20_ietf_ext(c, clen, n, k);
}
int
crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint32_t ic,
const unsigned char *k)
{
return implementation->stream_ietf_xor_ic(c, m, mlen, n, ic, k);
}
int
crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k)
{
return implementation->stream_xor_ic(c, m, mlen, n, 0U, k);
if ((unsigned long long) ic >
(64ULL * (1ULL << 32)) / 64ULL - (mlen + 63ULL) / 64ULL) {
sodium_misuse();
}
return crypto_stream_chacha20_ietf_ext_xor_ic(c, m, mlen, n, ic, k);
}
int
@ -94,7 +145,10 @@ crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k)
{
return implementation->stream_ietf_xor_ic(c, m, mlen, n, 0U, k);
if (mlen > crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return crypto_stream_chacha20_ietf_ext_xor(c, m, mlen, n, k);
}
void

12
src/libsodium/crypto_stream/chacha20/stream_chacha20.h
View File

@ -7,16 +7,16 @@
typedef struct crypto_stream_chacha20_implementation {
int (*stream)(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k);
int (*stream_ietf)(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k);
int (*stream_ietf_ext)(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k);
int (*stream_xor_ic)(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint64_t ic,
const unsigned char *k);
int (*stream_ietf_xor_ic)(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint32_t ic,
const unsigned char *k);
int (*stream_ietf_ext_xor_ic)(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint32_t ic,
const unsigned char *k);
} crypto_stream_chacha20_implementation;
#endif

44
src/libsodium/crypto_stream/salsa20/xmm6int/u0.h
View File

@ -1,8 +1,8 @@
if (bytes > 0) {
__m128i diag0 = _mm_loadu_si128((__m128i *) (x + 0));
__m128i diag1 = _mm_loadu_si128((__m128i *) (x + 4));
__m128i diag2 = _mm_loadu_si128((__m128i *) (x + 8));
__m128i diag3 = _mm_loadu_si128((__m128i *) (x + 12));
__m128i diag0 = _mm_loadu_si128((const __m128i *) (x + 0));
__m128i diag1 = _mm_loadu_si128((const __m128i *) (x + 4));
__m128i diag2 = _mm_loadu_si128((const __m128i *) (x + 8));
__m128i diag3 = _mm_loadu_si128((const __m128i *) (x + 12));
__m128i a0, a1, a2, a3, a4, a5, a6, a7;
__m128i b0, b1, b2, b3, b4, b5, b6, b7;
uint8_t partialblock[64];
@ -156,25 +156,25 @@ if (bytes > 0) {
diag0 = _mm_xor_si128(diag0, b7);
}
diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((__m128i *) (x + 0)));
diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((__m128i *) (x + 4)));
diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((__m128i *) (x + 8)));
diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((__m128i *) (x + 12)));
diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((const __m128i *) (x + 0)));
diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((const __m128i *) (x + 4)));
diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((const __m128i *) (x + 8)));
diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((const __m128i *) (x + 12)));
#define ONEQUAD_SHUFFLE(A, B, C, D) \
do { \
uint32_t in##A = _mm_cvtsi128_si32(diag0); \
uint32_t in##B = _mm_cvtsi128_si32(diag1); \
uint32_t in##C = _mm_cvtsi128_si32(diag2); \
uint32_t in##D = _mm_cvtsi128_si32(diag3); \
diag0 = _mm_shuffle_epi32(diag0, 0x39); \
diag1 = _mm_shuffle_epi32(diag1, 0x39); \
diag2 = _mm_shuffle_epi32(diag2, 0x39); \
diag3 = _mm_shuffle_epi32(diag3, 0x39); \
*(uint32_t *) (partialblock + (A * 4)) = in##A; \
*(uint32_t *) (partialblock + (B * 4)) = in##B; \
*(uint32_t *) (partialblock + (C * 4)) = in##C; \
*(uint32_t *) (partialblock + (D * 4)) = in##D; \
#define ONEQUAD_SHUFFLE(A, B, C, D) \
do { \
uint32_t in##A = _mm_cvtsi128_si32(diag0); \
uint32_t in##B = _mm_cvtsi128_si32(diag1); \
uint32_t in##C = _mm_cvtsi128_si32(diag2); \
uint32_t in##D = _mm_cvtsi128_si32(diag3); \
diag0 = _mm_shuffle_epi32(diag0, 0x39); \
diag1 = _mm_shuffle_epi32(diag1, 0x39); \
diag2 = _mm_shuffle_epi32(diag2, 0x39); \
diag3 = _mm_shuffle_epi32(diag3, 0x39); \
*(uint32_t *) (partialblock + (A * 4)) = in##A; \
*(uint32_t *) (partialblock + (B * 4)) = in##B; \
*(uint32_t *) (partialblock + (C * 4)) = in##C; \
*(uint32_t *) (partialblock + (D * 4)) = in##D; \
} while (0)
#define ONEQUAD(A, B, C, D) ONEQUAD_SHUFFLE(A, B, C, D)

24
src/libsodium/crypto_stream/salsa20/xmm6int/u1.h
View File

@ -1,8 +1,8 @@
while (bytes >= 64) {
__m128i diag0 = _mm_loadu_si128((__m128i *) (x + 0));
__m128i diag1 = _mm_loadu_si128((__m128i *) (x + 4));
__m128i diag2 = _mm_loadu_si128((__m128i *) (x + 8));
__m128i diag3 = _mm_loadu_si128((__m128i *) (x + 12));
__m128i diag0 = _mm_loadu_si128((const __m128i *) (x + 0));
__m128i diag1 = _mm_loadu_si128((const __m128i *) (x + 4));
__m128i diag2 = _mm_loadu_si128((const __m128i *) (x + 8));
__m128i diag3 = _mm_loadu_si128((const __m128i *) (x + 12));
__m128i a0, a1, a2, a3, a4, a5, a6, a7;
__m128i b0, b1, b2, b3, b4, b5, b6, b7;
@ -157,10 +157,10 @@ while (bytes >= 64) {
diag0 = _mm_xor_si128(diag0, b7);
}
diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((__m128i *) (x + 0)));
diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((__m128i *) (x + 4)));
diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((__m128i *) (x + 8)));
diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((__m128i *) (x + 12)));
diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((const __m128i *) (x + 0)));
diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((const __m128i *) (x + 4)));
diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((const __m128i *) (x + 8)));
diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((const __m128i *) (x + 12)));
#define ONEQUAD_SHUFFLE(A, B, C, D) \
do { \
@ -172,10 +172,10 @@ while (bytes >= 64) {
diag1 = _mm_shuffle_epi32(diag1, 0x39); \
diag2 = _mm_shuffle_epi32(diag2, 0x39); \
diag3 = _mm_shuffle_epi32(diag3, 0x39); \
in##A ^= *(uint32_t *) (m + (A * 4)); \
in##B ^= *(uint32_t *) (m + (B * 4)); \
in##C ^= *(uint32_t *) (m + (C * 4)); \
in##D ^= *(uint32_t *) (m + (D * 4)); \
in##A ^= *(const uint32_t *) (m + (A * 4)); \
in##B ^= *(const uint32_t *) (m + (B * 4)); \
in##C ^= *(const uint32_t *) (m + (C * 4)); \
in##D ^= *(const uint32_t *) (m + (D * 4)); \
*(uint32_t *) (c + (A * 4)) = in##A; \
*(uint32_t *) (c + (B * 4)) = in##B; \
*(uint32_t *) (c + (C * 4)) = in##C; \

48
src/libsodium/crypto_stream/salsa20/xmm6int/u4.h
View File

@ -12,22 +12,22 @@ if (bytes >= 256) {
/* element broadcast immediate for _mm_shuffle_epi32 are in order:
0x00, 0x55, 0xaa, 0xff */
z0 = _mm_loadu_si128((__m128i *) (x + 0));
z0 = _mm_loadu_si128((const __m128i *) (x + 0));
z5 = _mm_shuffle_epi32(z0, 0x55);
z10 = _mm_shuffle_epi32(z0, 0xaa);
z15 = _mm_shuffle_epi32(z0, 0xff);
z0 = _mm_shuffle_epi32(z0, 0x00);
z1 = _mm_loadu_si128((__m128i *) (x + 4));
z1 = _mm_loadu_si128((const __m128i *) (x + 4));
z6 = _mm_shuffle_epi32(z1, 0xaa);
z11 = _mm_shuffle_epi32(z1, 0xff);
z12 = _mm_shuffle_epi32(z1, 0x00);
z1 = _mm_shuffle_epi32(z1, 0x55);
z2 = _mm_loadu_si128((__m128i *) (x + 8));
z2 = _mm_loadu_si128((const __m128i *) (x + 8));
z7 = _mm_shuffle_epi32(z2, 0xff);
z13 = _mm_shuffle_epi32(z2, 0x55);
z2 = _mm_shuffle_epi32(z2, 0xaa);
/* no z8 -> first half of the nonce, will fill later */
z3 = _mm_loadu_si128((__m128i *) (x + 12));
z3 = _mm_loadu_si128((const __m128i *) (x + 12));
z4 = _mm_shuffle_epi32(z3, 0x00);
z14 = _mm_shuffle_epi32(z3, 0xaa);
z3 = _mm_shuffle_epi32(z3, 0xff);
@ -498,26 +498,26 @@ if (bytes >= 256) {
/* store data ; this macro first transpose data in-registers, and then store
* them in memory. much faster with icc. */
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
z##A = _mm_add_epi32(z##A, orig##A); \
z##B = _mm_add_epi32(z##B, orig##B); \
z##C = _mm_add_epi32(z##C, orig##C); \
z##D = _mm_add_epi32(z##D, orig##D); \
y##A = _mm_unpacklo_epi32(z##A, z##B); \
y##B = _mm_unpacklo_epi32(z##C, z##D); \
y##C = _mm_unpackhi_epi32(z##A, z##B); \
y##D = _mm_unpackhi_epi32(z##C, z##D); \
z##A = _mm_unpacklo_epi64(y##A, y##B); \
z##B = _mm_unpackhi_epi64(y##A, y##B); \
z##C = _mm_unpacklo_epi64(y##C, y##D); \
z##D = _mm_unpackhi_epi64(y##C, y##D); \
y##A = _mm_xor_si128(z##A, _mm_loadu_si128((__m128i *) (m + 0))); \
_mm_storeu_si128((__m128i *) (c + 0), y##A); \
y##B = _mm_xor_si128(z##B, _mm_loadu_si128((__m128i *) (m + 64))); \
_mm_storeu_si128((__m128i *) (c + 64), y##B); \
y##C = _mm_xor_si128(z##C, _mm_loadu_si128((__m128i *) (m + 128))); \
_mm_storeu_si128((__m128i *) (c + 128), y##C); \
y##D = _mm_xor_si128(z##D, _mm_loadu_si128((__m128i *) (m + 192))); \
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
z##A = _mm_add_epi32(z##A, orig##A); \
z##B = _mm_add_epi32(z##B, orig##B); \
z##C = _mm_add_epi32(z##C, orig##C); \
z##D = _mm_add_epi32(z##D, orig##D); \
y##A = _mm_unpacklo_epi32(z##A, z##B); \
y##B = _mm_unpacklo_epi32(z##C, z##D); \
y##C = _mm_unpackhi_epi32(z##A, z##B); \
y##D = _mm_unpackhi_epi32(z##C, z##D); \
z##A = _mm_unpacklo_epi64(y##A, y##B); \
z##B = _mm_unpackhi_epi64(y##A, y##B); \
z##C = _mm_unpacklo_epi64(y##C, y##D); \
z##D = _mm_unpackhi_epi64(y##C, y##D); \
y##A = _mm_xor_si128(z##A, _mm_loadu_si128((const __m128i *) (m + 0))); \
_mm_storeu_si128((__m128i *) (c + 0), y##A); \
y##B = _mm_xor_si128(z##B, _mm_loadu_si128((const __m128i *) (m + 64))); \
_mm_storeu_si128((__m128i *) (c + 64), y##B); \
y##C = _mm_xor_si128(z##C, _mm_loadu_si128((const __m128i *) (m + 128))); \
_mm_storeu_si128((__m128i *) (c + 128), y##C); \
y##D = _mm_xor_si128(z##D, _mm_loadu_si128((const __m128i *) (m + 192))); \
_mm_storeu_si128((__m128i *) (c + 192), y##D)
#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D)

149
src/libsodium/crypto_stream/salsa20/xmm6int/u8.h
View File

@ -361,45 +361,45 @@ if (bytes >= 512) {
/* store data ; this macro first transpose data in-registers, and then store
* them in memory. much faster with icc. */
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
z##A = _mm256_add_epi32(z##A, orig##A); \
z##B = _mm256_add_epi32(z##B, orig##B); \
z##C = _mm256_add_epi32(z##C, orig##C); \
z##D = _mm256_add_epi32(z##D, orig##D); \
y##A = _mm256_unpacklo_epi32(z##A, z##B); \
y##B = _mm256_unpacklo_epi32(z##C, z##D); \
y##C = _mm256_unpackhi_epi32(z##A, z##B); \
y##D = _mm256_unpackhi_epi32(z##C, z##D); \
z##A = _mm256_unpacklo_epi64(y##A, y##B); \
z##B = _mm256_unpackhi_epi64(y##A, y##B); \
z##C = _mm256_unpacklo_epi64(y##C, y##D); \
z##D = _mm256_unpackhi_epi64(y##C, y##D); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 0), \
_mm_loadu_si128((__m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 0), \
_mm_loadu_si128((__m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 0), \
_mm_loadu_si128((__m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 0), \
_mm_loadu_si128((__m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 1), \
_mm_loadu_si128((__m128i*) (m + 256))); \
_mm_storeu_si128((__m128i*) (c + 256), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 1), \
_mm_loadu_si128((__m128i*) (m + 320))); \
_mm_storeu_si128((__m128i*) (c + 320), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 1), \
_mm_loadu_si128((__m128i*) (m + 384))); \
_mm_storeu_si128((__m128i*) (c + 384), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 1), \
_mm_loadu_si128((__m128i*) (m + 448))); \
_mm_storeu_si128((__m128i*) (c + 448), t3); \
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
z##A = _mm256_add_epi32(z##A, orig##A); \
z##B = _mm256_add_epi32(z##B, orig##B); \
z##C = _mm256_add_epi32(z##C, orig##C); \
z##D = _mm256_add_epi32(z##D, orig##D); \
y##A = _mm256_unpacklo_epi32(z##A, z##B); \
y##B = _mm256_unpacklo_epi32(z##C, z##D); \
y##C = _mm256_unpackhi_epi32(z##A, z##B); \
y##D = _mm256_unpackhi_epi32(z##C, z##D); \
z##A = _mm256_unpacklo_epi64(y##A, y##B); \
z##B = _mm256_unpackhi_epi64(y##A, y##B); \
z##C = _mm256_unpacklo_epi64(y##C, y##D); \
z##D = _mm256_unpackhi_epi64(y##C, y##D); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 0), \
_mm_loadu_si128((const __m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 0), \
_mm_loadu_si128((const __m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 0), \
_mm_loadu_si128((const __m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 0), \
_mm_loadu_si128((const __m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 1), \
_mm_loadu_si128((const __m128i*) (m + 256))); \
_mm_storeu_si128((__m128i*) (c + 256), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 1), \
_mm_loadu_si128((const __m128i*) (m + 320))); \
_mm_storeu_si128((__m128i*) (c + 320), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 1), \
_mm_loadu_si128((const __m128i*) (m + 384))); \
_mm_storeu_si128((__m128i*) (c + 384), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 1), \
_mm_loadu_si128((const __m128i*) (m + 448))); \
_mm_storeu_si128((__m128i*) (c + 448), t3); \
}
#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D)
@ -420,41 +420,42 @@ if (bytes >= 512) {
z##D = _mm256_unpackhi_epi64(y##C, y##D); \
}
#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \
{ \
ONEQUAD_UNPCK(A, B, C, D); \
ONEQUAD_UNPCK(A2, B2, C2, D2); \
y##A = _mm256_permute2x128_si256(z##A, z##A2, 0x20); \
y##A2 = _mm256_permute2x128_si256(z##A, z##A2, 0x31); \
y##B = _mm256_permute2x128_si256(z##B, z##B2, 0x20); \
y##B2 = _mm256_permute2x128_si256(z##B, z##B2, 0x31); \
y##C = _mm256_permute2x128_si256(z##C, z##C2, 0x20); \
y##C2 = _mm256_permute2x128_si256(z##C, z##C2, 0x31); \
y##D = _mm256_permute2x128_si256(z##D, z##D2, 0x20); \
y##D2 = _mm256_permute2x128_si256(z##D, z##D2, 0x31); \
y##A = _mm256_xor_si256(y##A, _mm256_loadu_si256((__m256i*) (m + 0))); \
y##B = \
_mm256_xor_si256(y##B, _mm256_loadu_si256((__m256i*) (m + 64))); \
y##C = \
_mm256_xor_si256(y##C, _mm256_loadu_si256((__m256i*) (m + 128))); \
y##D = \
_mm256_xor_si256(y##D, _mm256_loadu_si256((__m256i*) (m + 192))); \
y##A2 = \
_mm256_xor_si256(y##A2, _mm256_loadu_si256((__m256i*) (m + 256))); \
y##B2 = \
_mm256_xor_si256(y##B2, _mm256_loadu_si256((__m256i*) (m + 320))); \
y##C2 = \
_mm256_xor_si256(y##C2, _mm256_loadu_si256((__m256i*) (m + 384))); \
y##D2 = \
_mm256_xor_si256(y##D2, _mm256_loadu_si256((__m256i*) (m + 448))); \
_mm256_storeu_si256((__m256i*) (c + 0), y##A); \
_mm256_storeu_si256((__m256i*) (c + 64), y##B); \
_mm256_storeu_si256((__m256i*) (c + 128), y##C); \
_mm256_storeu_si256((__m256i*) (c + 192), y##D); \
_mm256_storeu_si256((__m256i*) (c + 256), y##A2); \
_mm256_storeu_si256((__m256i*) (c + 320), y##B2); \
_mm256_storeu_si256((__m256i*) (c + 384), y##C2); \
_mm256_storeu_si256((__m256i*) (c + 448), y##D2); \
#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \
{ \
ONEQUAD_UNPCK(A, B, C, D); \
ONEQUAD_UNPCK(A2, B2, C2, D2); \
y##A = _mm256_permute2x128_si256(z##A, z##A2, 0x20); \
y##A2 = _mm256_permute2x128_si256(z##A, z##A2, 0x31); \
y##B = _mm256_permute2x128_si256(z##B, z##B2, 0x20); \
y##B2 = _mm256_permute2x128_si256(z##B, z##B2, 0x31); \
y##C = _mm256_permute2x128_si256(z##C, z##C2, 0x20); \
y##C2 = _mm256_permute2x128_si256(z##C, z##C2, 0x31); \
y##D = _mm256_permute2x128_si256(z##D, z##D2, 0x20); \
y##D2 = _mm256_permute2x128_si256(z##D, z##D2, 0x31); \
y##A = _mm256_xor_si256(y##A, \
_mm256_loadu_si256((const __m256i*) (m + 0))); \
y##B = _mm256_xor_si256( \
y##B, _mm256_loadu_si256((const __m256i*) (m + 64))); \
y##C = _mm256_xor_si256( \
y##C, _mm256_loadu_si256((const __m256i*) (m + 128))); \
y##D = _mm256_xor_si256( \
y##D, _mm256_loadu_si256((const __m256i*) (m + 192))); \
y##A2 = _mm256_xor_si256( \
y##A2, _mm256_loadu_si256((const __m256i*) (m + 256))); \
y##B2 = _mm256_xor_si256( \
y##B2, _mm256_loadu_si256((const __m256i*) (m + 320))); \
y##C2 = _mm256_xor_si256( \
y##C2, _mm256_loadu_si256((const __m256i*) (m + 384))); \
y##D2 = _mm256_xor_si256( \
y##D2, _mm256_loadu_si256((const __m256i*) (m + 448))); \
_mm256_storeu_si256((__m256i*) (c + 0), y##A); \
_mm256_storeu_si256((__m256i*) (c + 64), y##B); \
_mm256_storeu_si256((__m256i*) (c + 128), y##C); \
_mm256_storeu_si256((__m256i*) (c + 192), y##D); \
_mm256_storeu_si256((__m256i*) (c + 256), y##A2); \
_mm256_storeu_si256((__m256i*) (c + 320), y##B2); \
_mm256_storeu_si256((__m256i*) (c + 384), y##C2); \
_mm256_storeu_si256((__m256i*) (c + 448), y##D2); \
}
ONEOCTO(0, 1, 2, 3, 4, 5, 6, 7);

1
src/libsodium/include/Makefile.in
View File

@ -277,7 +277,6 @@ INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
ISODATE = @ISODATE@
LD = @LD@
LDFLAGS = @LDFLAGS@
LIBOBJS = @LIBOBJS@

30
src/libsodium/include/sodium/crypto_aead_aes256gcm.h
View File

@ -56,7 +56,9 @@ size_t crypto_aead_aes256gcm_abytes(void);
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_messagebytes_max(void);
typedef CRYPTO_ALIGN(16) unsigned char crypto_aead_aes256gcm_state[512];
typedef CRYPTO_ALIGN(16) struct crypto_aead_aes256gcm_state_ {
unsigned char opaque[512];
} crypto_aead_aes256gcm_state;
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_statebytes(void);
@ -70,7 +72,8 @@ int crypto_aead_aes256gcm_encrypt(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt(unsigned char *m,
@ -82,7 +85,7 @@ int crypto_aead_aes256gcm_decrypt(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
@ -94,7 +97,8 @@ int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
@ -106,13 +110,14 @@ int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
/* -- Precomputation interface -- */
SODIUM_EXPORT
int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
@ -123,7 +128,8 @@ int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_);
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
@ -135,7 +141,7 @@ int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
@ -147,7 +153,8 @@ int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_);
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
@ -159,10 +166,11 @@ int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
SODIUM_EXPORT
void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]);
void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

26
src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h
View File

@ -45,7 +45,8 @@ int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
@ -57,7 +58,7 @@ int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c,
@ -69,7 +70,8 @@ int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
@ -81,10 +83,11 @@ int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
SODIUM_EXPORT
void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]);
void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES])
__attribute__ ((nonnull));
/* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */
@ -118,7 +121,8 @@ int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
@ -130,7 +134,7 @@ int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c,
@ -142,7 +146,8 @@ int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
@ -154,10 +159,11 @@ int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
SODIUM_EXPORT
void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]);
void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES])
__attribute__ ((nonnull));
/* Aliases */

13
src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h
View File

@ -41,7 +41,8 @@ int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
@ -53,7 +54,7 @@ int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
@ -65,7 +66,8 @@ int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
@ -77,10 +79,11 @@ int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 9, 9)));
SODIUM_EXPORT
void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]);
void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES])
__attribute__ ((nonnull));
/* Aliases */

8
src/libsodium/include/sodium/crypto_auth.h
View File

@ -27,15 +27,17 @@ const char *crypto_auth_primitive(void);
SODIUM_EXPORT
int crypto_auth(unsigned char *out, const unsigned char *in,
unsigned long long inlen, const unsigned char *k);
unsigned long long inlen, const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
unsigned long long inlen, const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES]);
void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

14
src/libsodium/include/sodium/crypto_auth_hmacsha256.h
View File

@ -24,14 +24,14 @@ SODIUM_EXPORT
int crypto_auth_hmacsha256(unsigned char *out,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k);
const unsigned char *k) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha256_verify(const unsigned char *h,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
/* ------------------------------------------------------------------------- */
@ -46,20 +46,22 @@ size_t crypto_auth_hmacsha256_statebytes(void);
SODIUM_EXPORT
int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
const unsigned char *key,
size_t keylen);
size_t keylen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
unsigned char *out);
unsigned char *out) __attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES]);
void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

13
src/libsodium/include/sodium/crypto_auth_hmacsha512.h
View File

@ -24,14 +24,14 @@ SODIUM_EXPORT
int crypto_auth_hmacsha512(unsigned char *out,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k);
const unsigned char *k) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha512_verify(const unsigned char *h,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
/* ------------------------------------------------------------------------- */
@ -46,19 +46,20 @@ size_t crypto_auth_hmacsha512_statebytes(void);
SODIUM_EXPORT
int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state,
const unsigned char *key,
size_t keylen);
size_t keylen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state,
const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state,
unsigned char *out);
unsigned char *out) __attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES]);
void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

11
src/libsodium/include/sodium/crypto_auth_hmacsha512256.h
View File

@ -29,7 +29,7 @@ int crypto_auth_hmacsha512256_verify(const unsigned char *h,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
/* ------------------------------------------------------------------------- */
@ -41,19 +41,20 @@ size_t crypto_auth_hmacsha512256_statebytes(void);
SODIUM_EXPORT
int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state,
const unsigned char *key,
size_t keylen);
size_t keylen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state,
const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state,
unsigned char *out);
unsigned char *out) __attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]);
void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

38
src/libsodium/include/sodium/crypto_box.h
View File

@ -50,29 +50,31 @@ const char *crypto_box_primitive(void);
SODIUM_EXPORT
int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk,
const unsigned char *seed);
const unsigned char *seed)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_keypair(unsigned char *pk, unsigned char *sk);
int crypto_box_keypair(unsigned char *pk, unsigned char *sk)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_easy(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *pk, const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open_easy(unsigned char *m, const unsigned char *c,
unsigned long long clen, const unsigned char *n,
const unsigned char *pk, const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
SODIUM_EXPORT
int crypto_box_detached(unsigned char *c, unsigned char *mac,
const unsigned char *m, unsigned long long mlen,
const unsigned char *n, const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open_detached(unsigned char *m, const unsigned char *c,
@ -81,7 +83,7 @@ int crypto_box_open_detached(unsigned char *m, const unsigned char *c,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
/* -- Precomputation interface -- */
@ -92,30 +94,31 @@ size_t crypto_box_beforenmbytes(void);
SODIUM_EXPORT
int crypto_box_beforenm(unsigned char *k, const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_easy_afternm(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k);
const unsigned char *k) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c,
unsigned long long clen, const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
SODIUM_EXPORT
int crypto_box_detached_afternm(unsigned char *c, unsigned char *mac,
const unsigned char *m, unsigned long long mlen,
const unsigned char *n, const unsigned char *k);
const unsigned char *n, const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c,
const unsigned char *mac,
unsigned long long clen, const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
/* -- Ephemeral SK interface -- */
@ -125,13 +128,14 @@ size_t crypto_box_sealbytes(void);
SODIUM_EXPORT
int crypto_box_seal(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *pk);
unsigned long long mlen, const unsigned char *pk)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_seal_open(unsigned char *m, const unsigned char *c,
unsigned long long clen,
const unsigned char *pk, const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
/* -- NaCl compatibility interface ; Requires padding -- */
@ -147,24 +151,24 @@ SODIUM_EXPORT
int crypto_box(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *pk, const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open(unsigned char *m, const unsigned char *c,
unsigned long long clen, const unsigned char *n,
const unsigned char *pk, const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
SODIUM_EXPORT
int crypto_box_afternm(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k);
const unsigned char *k) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open_afternm(unsigned char *m, const unsigned char *c,
unsigned long long clen, const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
#ifdef __cplusplus
}

31
src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h
View File

@ -45,11 +45,13 @@ size_t crypto_box_curve25519xchacha20poly1305_messagebytes_max(void);
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_seed_keypair(unsigned char *pk,
unsigned char *sk,
const unsigned char *seed);
const unsigned char *seed)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_keypair(unsigned char *pk,
unsigned char *sk);
unsigned char *sk)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c,
@ -58,7 +60,7 @@ int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m,
@ -67,7 +69,7 @@ int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
@ -77,7 +79,7 @@ int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m,
@ -87,7 +89,7 @@ int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
/* -- Precomputation interface -- */
@ -95,14 +97,15 @@ SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_beforenm(unsigned char *k,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m,
@ -110,7 +113,7 @@ int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m,
unsigned long long clen,
const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c,
@ -118,7 +121,8 @@ int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *m,
@ -127,7 +131,7 @@ int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *
unsigned long long clen,
const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
/* -- Ephemeral SK interface -- */
@ -142,7 +146,8 @@ SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *pk);
const unsigned char *pk)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
@ -150,7 +155,7 @@ int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
unsigned long long clen,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
#ifdef __cplusplus
}

17
src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
View File

@ -45,17 +45,19 @@ size_t crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void);
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk,
unsigned char *sk,
const unsigned char *seed);
const unsigned char *seed)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk,
unsigned char *sk);
unsigned char *sk)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
/* -- NaCl compatibility interface ; Requires padding -- */
@ -76,7 +78,7 @@ int crypto_box_curve25519xsalsa20poly1305(unsigned char *c,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m,
@ -85,14 +87,15 @@ int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m,
@ -100,7 +103,7 @@ int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m,
unsigned long long clen,
const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
#ifdef __cplusplus
}

54
src/libsodium/include/sodium/crypto_core_ed25519.h
View File

@ -16,19 +16,65 @@ size_t crypto_core_ed25519_bytes(void);
SODIUM_EXPORT
size_t crypto_core_ed25519_uniformbytes(void);
#define crypto_core_ed25519_SCALARBYTES 32
SODIUM_EXPORT
int crypto_core_ed25519_is_valid_point(const unsigned char *p);
size_t crypto_core_ed25519_scalarbytes(void);
#define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64
SODIUM_EXPORT
size_t crypto_core_ed25519_nonreducedscalarbytes(void);
SODIUM_EXPORT
int crypto_core_ed25519_is_valid_point(const unsigned char *p)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_core_ed25519_add(unsigned char *r,
const unsigned char *p, const unsigned char *q);
const unsigned char *p, const unsigned char *q)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_core_ed25519_sub(unsigned char *r,
const unsigned char *p, const unsigned char *q);
const unsigned char *p, const unsigned char *q)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r);
int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ed25519_scalar_random(unsigned char *r)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x,
const unsigned char *y)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
const unsigned char *y)
__attribute__ ((nonnull));
/*
* The interval `s` is sampled from should be at least 317 bits to ensure almost
* uniformity of `r` over `L`.
*/
SODIUM_EXPORT
void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s)
__attribute__ ((nonnull));
#ifdef __cplusplus
}

3
src/libsodium/include/sodium/crypto_core_hchacha20.h
View File

@ -26,7 +26,8 @@ size_t crypto_core_hchacha20_constbytes(void);
SODIUM_EXPORT
int crypto_core_hchacha20(unsigned char *out, const unsigned char *in,
const unsigned char *k, const unsigned char *c);
const unsigned char *k, const unsigned char *c)
__attribute__ ((nonnull(1, 2, 3)));
#ifdef __cplusplus
}

3
src/libsodium/include/sodium/crypto_core_hsalsa20.h
View File

@ -26,7 +26,8 @@ size_t crypto_core_hsalsa20_constbytes(void);
SODIUM_EXPORT
int crypto_core_hsalsa20(unsigned char *out, const unsigned char *in,
const unsigned char *k, const unsigned char *c);
const unsigned char *k, const unsigned char *c)
__attribute__ ((nonnull(1, 2, 3)));
#ifdef __cplusplus
}

3
src/libsodium/include/sodium/crypto_core_salsa20.h
View File

@ -26,7 +26,8 @@ size_t crypto_core_salsa20_constbytes(void);
SODIUM_EXPORT
int crypto_core_salsa20(unsigned char *out, const unsigned char *in,
const unsigned char *k, const unsigned char *c);
const unsigned char *k, const unsigned char *c)
__attribute__ ((nonnull(1, 2, 3)));
#ifdef __cplusplus
}

3
src/libsodium/include/sodium/crypto_core_salsa2012.h
View File

@ -26,7 +26,8 @@ size_t crypto_core_salsa2012_constbytes(void);
SODIUM_EXPORT
int crypto_core_salsa2012(unsigned char *out, const unsigned char *in,
const unsigned char *k, const unsigned char *c);
const unsigned char *k, const unsigned char *c)
__attribute__ ((nonnull(1, 2, 3)));
#ifdef __cplusplus
}

3
src/libsodium/include/sodium/crypto_core_salsa208.h
View File

@ -30,7 +30,8 @@ size_t crypto_core_salsa208_constbytes(void)
SODIUM_EXPORT
int crypto_core_salsa208(unsigned char *out, const unsigned char *in,
const unsigned char *k, const unsigned char *c);
const unsigned char *k, const unsigned char *c)
__attribute__ ((nonnull(1, 2, 3)));
#ifdef __cplusplus
}

19
src/libsodium/include/sodium/crypto_generichash.h
View File

@ -41,6 +41,10 @@ size_t crypto_generichash_keybytes(void);
SODIUM_EXPORT
const char *crypto_generichash_primitive(void);
/*
* Important when writing bindings for other programming languages:
* the state address should be 64-bytes aligned.
*/
typedef crypto_generichash_blake2b_state crypto_generichash_state;
SODIUM_EXPORT
@ -49,24 +53,29 @@ size_t crypto_generichash_statebytes(void);
SODIUM_EXPORT
int crypto_generichash(unsigned char *out, size_t outlen,
const unsigned char *in, unsigned long long inlen,
const unsigned char *key, size_t keylen);
const unsigned char *key, size_t keylen)
__attribute__ ((nonnull(1)));
SODIUM_EXPORT
int crypto_generichash_init(crypto_generichash_state *state,
const unsigned char *key,
const size_t keylen, const size_t outlen);
const size_t keylen, const size_t outlen)
__attribute__ ((nonnull(1)));
SODIUM_EXPORT
int crypto_generichash_update(crypto_generichash_state *state,
const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_generichash_final(crypto_generichash_state *state,
unsigned char *out, const size_t outlen);
unsigned char *out, const size_t outlen)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]);
void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

27
src/libsodium/include/sodium/crypto_generichash_blake2b.h
View File

@ -21,12 +21,7 @@ extern "C" {
#endif
typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state {
uint64_t h[8];
uint64_t t[2];
uint64_t f[2];
uint8_t buf[2 * 128];
size_t buflen;
uint8_t last_node;
unsigned char opaque[384];
} crypto_generichash_blake2b_state;
#if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
@ -74,7 +69,8 @@ SODIUM_EXPORT
int crypto_generichash_blake2b(unsigned char *out, size_t outlen,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *key, size_t keylen);
const unsigned char *key, size_t keylen)
__attribute__ ((nonnull(1)));
SODIUM_EXPORT
int crypto_generichash_blake2b_salt_personal(unsigned char *out, size_t outlen,
@ -83,32 +79,37 @@ int crypto_generichash_blake2b_salt_personal(unsigned char *out, size_t outlen,
const unsigned char *key,
size_t keylen,
const unsigned char *salt,
const unsigned char *personal);
const unsigned char *personal)
__attribute__ ((nonnull(1)));
SODIUM_EXPORT
int crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state,
const unsigned char *key,
const size_t keylen, const size_t outlen);
const size_t keylen, const size_t outlen)
__attribute__ ((nonnull(1)));
SODIUM_EXPORT
int crypto_generichash_blake2b_init_salt_personal(crypto_generichash_blake2b_state *state,
const unsigned char *key,
const size_t keylen, const size_t outlen,
const unsigned char *salt,
const unsigned char *personal);
const unsigned char *personal)
__attribute__ ((nonnull(1)));
SODIUM_EXPORT
int crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state,
const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state,
unsigned char *out,
const size_t outlen);
const size_t outlen) __attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES]);
void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

2
src/libsodium/include/sodium/crypto_hash.h
View File

@ -26,7 +26,7 @@ size_t crypto_hash_bytes(void);
SODIUM_EXPORT
int crypto_hash(unsigned char *out, const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen) __attribute__ ((nonnull));
#define crypto_hash_PRIMITIVE "sha512"
SODIUM_EXPORT

11
src/libsodium/include/sodium/crypto_hash_sha256.h
View File

@ -36,19 +36,22 @@ size_t crypto_hash_sha256_bytes(void);
SODIUM_EXPORT
int crypto_hash_sha256(unsigned char *out, const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_hash_sha256_init(crypto_hash_sha256_state *state);
int crypto_hash_sha256_init(crypto_hash_sha256_state *state)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
unsigned char *out);
unsigned char *out)
__attribute__ ((nonnull));
#ifdef __cplusplus
}

11
src/libsodium/include/sodium/crypto_hash_sha512.h
View File

@ -36,19 +36,22 @@ size_t crypto_hash_sha512_bytes(void);
SODIUM_EXPORT
int crypto_hash_sha512(unsigned char *out, const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_hash_sha512_init(crypto_hash_sha512_state *state);
int crypto_hash_sha512_init(crypto_hash_sha512_state *state)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_hash_sha512_update(crypto_hash_sha512_state *state,
const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_hash_sha512_final(crypto_hash_sha512_state *state,
unsigned char *out);
unsigned char *out)
__attribute__ ((nonnull));
#ifdef __cplusplus
}

6
src/libsodium/include/sodium/crypto_kdf.h
View File

@ -39,10 +39,12 @@ SODIUM_EXPORT
int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
uint64_t subkey_id,
const char ctx[crypto_kdf_CONTEXTBYTES],
const unsigned char key[crypto_kdf_KEYBYTES]);
const unsigned char key[crypto_kdf_KEYBYTES])
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES]);
void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

4
src/libsodium/include/sodium/crypto_kdf_blake2b.h
View File

@ -34,7 +34,9 @@ SODIUM_EXPORT
int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len,
uint64_t subkey_id,
const char ctx[crypto_kdf_blake2b_CONTEXTBYTES],
const unsigned char key[crypto_kdf_blake2b_KEYBYTES]);
const unsigned char key[crypto_kdf_blake2b_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}
#endif

Some files were not shown because too many files have changed in this diff Show More