From 77e7d88d89a8675fba956cf56a55fb9f64aa7120 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 16 Dec 2017 13:04:59 +0100 Subject: [PATCH 001/190] We really don't need an intermediate variable here --- src/libsodium/sodium/utils.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index 85aad292..b9a85944 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -573,15 +573,11 @@ sodium_malloc(const size_t size) __attribute__((malloc)) void * sodium_allocarray(size_t count, size_t size) { - size_t total_size; - if (count > (size_t) 0U && size >= (size_t) SIZE_MAX / count) { errno = ENOMEM; return NULL; } - total_size = count * size; - - return sodium_malloc(total_size); + return sodium_malloc(count * size); } #ifndef HAVE_ALIGNED_MALLOC From 18d5940bc62b20c84e2e74c4e45a6529238d30cf Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 16 Dec 2017 13:05:49 +0100 Subject: [PATCH 002/190] Use a simple memory pool for benchmarks In the test suite, a significant amount of time is spent in memory allocations. A memory pool helps achieve more relevant results with less iterations. --- test/default/cmptest.h | 54 ++++++++++++++++++++++++++++++++++++ test/default/sodium_utils2.c | 4 +++ 2 files changed, 58 insertions(+) diff --git a/test/default/cmptest.h b/test/default/cmptest.h index c19dd53d..5f5c1660 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -42,6 +42,60 @@ int xmain(void); # define ITERATIONS 128 # endif +struct { + void *pnt; + size_t size; +} mempool[1024]; + +static size_t mempool_idx; + +static __attribute__((malloc)) void *mempool_alloc(size_t size) +{ + size_t i; + if (size >= (size_t) 0x80000000 - (size_t) 0x00000fff) { + return NULL; + } + size = (size + (size_t) 0x00000fff) & ~ (size_t) 0x00000fff; + for (i = 0U; i < mempool_idx; i++) { + if (mempool[i].size >= (size | (size_t) 0x80000000)) { + mempool[i].size &= ~ (size_t) 0x80000000; + return mempool[i].pnt; + } + } + if (mempool_idx >= sizeof mempool / sizeof mempool[0]) { + return NULL; + } + mempool[mempool_idx].size = size; + return mempool[mempool_idx++].pnt = malloc(size); +} + +static void mempool_free(void *pnt) +{ + size_t i; + for (i = 0U; i < mempool_idx; i++) { + if (mempool[i].pnt == pnt) { + if ((mempool[i].size & (size_t) 0x80000000) != (size_t) 0x0) { + break; + } + mempool[i].size |= (size_t) 0x80000000; + return; + } + } + abort(); +} + +static __attribute__((malloc)) void *mempool_allocarray(size_t count, size_t size) +{ + if (count > (size_t) 0U && size >= (size_t) SIZE_MAX / count) { + return NULL; + } + return mempool_alloc(count * size); +} + +#define sodium_malloc(X) mempool_alloc(X) +#define sodium_free(X) mempool_free(X) +#define sodium_allocarray(X, Y) mempool_allocarray((X), (Y)) + static unsigned long long now(void) { struct timeval tp; diff --git a/test/default/sodium_utils2.c b/test/default/sodium_utils2.c index da8bbf2d..844f5866 100644 --- a/test/default/sodium_utils2.c +++ b/test/default/sodium_utils2.c @@ -12,6 +12,10 @@ # warning The sodium_utils2 test is expected to fail with address sanitizer #endif +#undef sodium_malloc +#undef sodium_free +#undef sodium_allocarray + __attribute__((noreturn)) static void segv_handler(int sig) { From 31b13ada143edd651477890c4df3eb01696bb961 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 16 Dec 2017 13:08:34 +0100 Subject: [PATCH 003/190] + #include --- test/default/cmptest.h | 1 + 1 file changed, 1 insertion(+) diff --git a/test/default/cmptest.h b/test/default/cmptest.h index 5f5c1660..069f03f2 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -7,6 +7,7 @@ #endif #include +#include #include #include #include From b6dab1029d0ddd44804a11298dca4869eab3d5e3 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 16 Dec 2017 13:08:55 +0100 Subject: [PATCH 004/190] Sort --- test/default/cmptest.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/default/cmptest.h b/test/default/cmptest.h index 069f03f2..d363b906 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -7,12 +7,12 @@ #endif #include +#include #include #include #include #include #include -#include #include "sodium.h" #include "quirks.h" From 99fe302562e8932ccbb7edc3f6aadbf91931b569 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 16 Dec 2017 13:12:07 +0100 Subject: [PATCH 005/190] Make things more explicit --- test/default/cmptest.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/default/cmptest.h b/test/default/cmptest.h index d363b906..c6bd7fc9 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -67,7 +67,7 @@ static __attribute__((malloc)) void *mempool_alloc(size_t size) return NULL; } mempool[mempool_idx].size = size; - return mempool[mempool_idx++].pnt = malloc(size); + return (mempool[mempool_idx++].pnt = (void *) malloc(size)); } static void mempool_free(void *pnt) From b84e4b9ddff9a6f1efd5d1462c9dda5a9eb3b6a2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 16 Dec 2017 14:31:01 +0100 Subject: [PATCH 006/190] Add missing sodium_free() calls in the kdf test --- test/default/kdf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/default/kdf.c b/test/default/kdf.c index 8716de08..0c9c7122 100644 --- a/test/default/kdf.c +++ b/test/default/kdf.c @@ -13,8 +13,9 @@ tv_kdf(void) int ret; context = (char *) sodium_malloc(crypto_kdf_CONTEXTBYTES); - memcpy(context, "KDF test", strlen("KDF test")); master_key = (unsigned char *) sodium_malloc(crypto_kdf_KEYBYTES); + + memcpy(context, "KDF test", strlen("KDF test")); for (i = 0; i < crypto_kdf_KEYBYTES; i++) { master_key[i] = i; } @@ -41,6 +42,9 @@ tv_kdf(void) sodium_free(subkey); } + sodium_free(master_key); + sodium_free(context); + assert(strcmp(crypto_kdf_primitive(), crypto_kdf_PRIMITIVE) == 0); assert(crypto_kdf_BYTES_MAX > 0); assert(crypto_kdf_BYTES_MIN <= crypto_kdf_BYTES_MAX); From bfc8ec1248b3d6b72167f414c9f668eeef096492 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 16 Dec 2017 14:51:11 +0100 Subject: [PATCH 007/190] Add a memleak checker to the benchmark code Plug the leaks it surfaced in pwhash_argon2* tests --- test/default/cmptest.h | 22 +++++++++++++++++++++- test/default/pwhash_argon2i.c | 11 ++++++----- test/default/pwhash_argon2id.c | 12 ++++++------ 3 files changed, 33 insertions(+), 12 deletions(-) diff --git a/test/default/cmptest.h b/test/default/cmptest.h index c6bd7fc9..79de928e 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -93,6 +93,23 @@ static __attribute__((malloc)) void *mempool_allocarray(size_t count, size_t siz return mempool_alloc(count * size); } +static int mempool_free_all(void) +{ + size_t i; + int ret = 0; + + for (i = 0U; i < mempool_idx; i++) { + if ((mempool[i].size & (size_t) 0x80000000) == (size_t) 0x0) { + ret = -1; + } + free(mempool[i].pnt); + mempool[i].pnt = NULL; + } + mempool_idx = (size_t) 0U; + + return ret; +} + #define sodium_malloc(X) mempool_alloc(X) #define sodium_free(X) mempool_free(X) #define sodium_allocarray(X, Y) mempool_allocarray((X), (Y)) @@ -129,7 +146,10 @@ int main(void) } ts_end = now(); printf("%llu\n", 1000000ULL * (ts_end - ts_start) / ITERATIONS); - + if (mempool_free_all() != 0) { + fprintf(stderr, "** memory leaks detected **\n"); + return 99; + } return 0; } diff --git a/test/default/pwhash_argon2i.c b/test/default/pwhash_argon2i.c index fa811b88..3e1195e1 100644 --- a/test/default/pwhash_argon2i.c +++ b/test/default/pwhash_argon2i.c @@ -208,6 +208,7 @@ tv3(void) char *out; char *passwd; size_t i = 0U; + int ret; do { out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); @@ -216,13 +217,13 @@ tv3(void) passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); assert(passwd != NULL); memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); - if (crypto_pwhash_str_verify(out, passwd, strlen(passwd)) != 0) { - printf("[tv3] pwhash_str failure (maybe intentional): [%u]\n", - (unsigned int) i); - continue; - } + ret = crypto_pwhash_str_verify(out, passwd, strlen(passwd)); sodium_free(out); sodium_free(passwd); + if (ret != 0) { + printf("[tv3] pwhash_str failure (maybe intentional): [%u]\n", + (unsigned int) i); + } } while (++i < (sizeof tests) / (sizeof tests[0])); } diff --git a/test/default/pwhash_argon2id.c b/test/default/pwhash_argon2id.c index cbb982fa..5940c9ca 100644 --- a/test/default/pwhash_argon2id.c +++ b/test/default/pwhash_argon2id.c @@ -204,6 +204,7 @@ tv3(void) char *out; char *passwd; size_t i = 0U; + int ret; do { out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); @@ -212,13 +213,13 @@ tv3(void) passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); assert(passwd != NULL); memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); - if (crypto_pwhash_str_verify(out, passwd, strlen(passwd)) != 0) { - printf("[tv3] pwhash_argon2id_str failure (maybe intentional): [%u]\n", - (unsigned int) i); - continue; - } + ret = crypto_pwhash_str_verify(out, passwd, strlen(passwd)); sodium_free(out); sodium_free(passwd); + if (ret != 0) { + printf("[tv3] pwhash_argon2id_str failure (maybe intentional): [%u]\n", + (unsigned int) i); + } } while (++i < (sizeof tests) / (sizeof tests[0])); } @@ -230,7 +231,6 @@ str_tests(void) char *salt; const char *passwd = "Correct Horse Battery Staple"; - salt = (char *) sodium_malloc(crypto_pwhash_argon2id_SALTBYTES); str_out = (char *) sodium_malloc(crypto_pwhash_argon2id_STRBYTES); str_out2 = (char *) sodium_malloc(crypto_pwhash_argon2id_STRBYTES); From 69642f040935d9458ea3d2ba83696751c24bc13a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 16 Dec 2017 21:00:44 +0100 Subject: [PATCH 008/190] Undefine printf if required --- test/default/cmptest.h | 1 + 1 file changed, 1 insertion(+) diff --git a/test/default/cmptest.h b/test/default/cmptest.h index 79de928e..e3710af9 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -153,6 +153,7 @@ int main(void) return 0; } +#undef printf #define printf(...) do { } while(0) #elif !defined(BROWSER_TESTS) From 1dd73862be16c8093d496e16d704e0b4f931cdf2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 18 Dec 2017 14:21:31 +0100 Subject: [PATCH 009/190] Disable ssp on HaikuOS --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 82a47465..3a01e322 100644 --- a/configure.ac +++ b/configure.ac @@ -264,7 +264,7 @@ AS_CASE([$host_os], AS_IF([test "x$enable_ssp" != "xno"],[ AS_CASE([$host_os], - [cygwin*|mingw*|msys|pw32*|cegcc*], [ ], + [cygwin*|mingw*|msys|pw32*|cegcc*|haiku], [ ], [*], [ AX_CHECK_COMPILE_FLAG([-fstack-protector], [ AX_CHECK_LINK_FLAG([-fstack-protector], From a8ef83ed536976742dbcddaed8645c21d8c1002d Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 18 Dec 2017 20:26:10 +0100 Subject: [PATCH 010/190] Enable 128-bit arithmetic clang+systems with NEON --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 3a01e322..5d62d0d7 100644 --- a/configure.ac +++ b/configure.ac @@ -638,7 +638,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #if !defined(__GNUC__) && !defined(__SIZEOF_INT128__) # error mode(TI) is a gcc extension, and __int128 is not available #endif -#if defined(__clang__) && !defined(__x86_64__) +#if defined(__clang__) && !defined(__x86_64__) && !defined(__ARM_NEON) # error clang does not properly handle the 128-bit type on 32-bit systems #endif #ifndef NATIVE_LITTLE_ENDIAN From b1273b04110e19556f7670297ddf447bbd7c95ea Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 19 Dec 2017 21:44:25 +0100 Subject: [PATCH 011/190] Back to dev mode --- src/libsodium/sodium/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsodium/sodium/core.c b/src/libsodium/sodium/core.c index 1ac29d09..d667312f 100644 --- a/src/libsodium/sodium/core.c +++ b/src/libsodium/sodium/core.c @@ -21,7 +21,7 @@ #include "private/implementations.h" #include "private/mutex.h" -#if !defined(_MSC_VER) && 0 +#if !defined(_MSC_VER) && 1 # warning *** This is unstable, untested, development code. # warning It might not compile. It might not work as expected. # warning It might be totally insecure. From 1f1b0afb5c1d7c68ecf47dd5279f34bf8039daa2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 19 Dec 2017 21:41:56 +0100 Subject: [PATCH 012/190] Do not assume that __clang__ being defined implied __GNUC__ defined as well --- configure.ac | 2 +- .../crypto_onetimeauth/poly1305/donna/poly1305_donna32.h | 2 +- .../crypto_onetimeauth/poly1305/donna/poly1305_donna64.h | 2 +- src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c | 2 +- src/libsodium/include/sodium/export.h | 2 +- src/libsodium/include/sodium/private/common.h | 2 +- src/libsodium/sodium/utils.c | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 5d62d0d7..479dc64f 100644 --- a/configure.ac +++ b/configure.ac @@ -635,7 +635,7 @@ AC_SUBST(HAVE_AVX_ASM_V) AC_MSG_CHECKING(for 128-bit arithmetic) HAVE_TI_MODE_V=0 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#if !defined(__GNUC__) && !defined(__SIZEOF_INT128__) +#if !defined(__clang__) && !defined(__GNUC__) && !defined(__SIZEOF_INT128__) # error mode(TI) is a gcc extension, and __int128 is not available #endif #if defined(__clang__) && !defined(__x86_64__) && !defined(__ARM_NEON) diff --git a/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h b/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h index bcf447cd..cef64480 100644 --- a/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h +++ b/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h @@ -5,7 +5,7 @@ #if defined(_MSC_VER) # define POLY1305_NOINLINE __declspec(noinline) -#elif defined(__GNUC__) +#elif defined(__clang__) || defined(__GNUC__) # define POLY1305_NOINLINE __attribute__((noinline)) #else # define POLY1305_NOINLINE diff --git a/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h b/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h index e0ed7547..c827f898 100644 --- a/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h +++ b/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h @@ -13,7 +13,7 @@ #if defined(_MSC_VER) # define POLY1305_NOINLINE __declspec(noinline) -#elif defined(__GNUC__) +#elif defined(__clang__) || defined(__GNUC__) # define POLY1305_NOINLINE __attribute__((noinline)) #else # define POLY1305_NOINLINE diff --git a/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c b/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c index 022f1524..e80c961d 100644 --- a/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c +++ b/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c @@ -21,7 +21,7 @@ typedef __m128i xmmi; # if defined(_MSC_VER) # define POLY1305_NOINLINE __declspec(noinline) -# elif defined(__GNUC__) +# elif defined(__clang__) || defined(__GNUC__) # define POLY1305_NOINLINE __attribute__((noinline)) # else # define POLY1305_NOINLINE diff --git a/src/libsodium/include/sodium/export.h b/src/libsodium/include/sodium/export.h index 0f624ae3..b786c77b 100644 --- a/src/libsodium/include/sodium/export.h +++ b/src/libsodium/include/sodium/export.h @@ -2,7 +2,7 @@ #ifndef sodium_export_H #define sodium_export_H -#ifndef __GNUC__ +#if !defined(__clang__) && !defined(__GNUC__) # ifdef __attribute__ # undef __attribute__ # endif diff --git a/src/libsodium/include/sodium/private/common.h b/src/libsodium/include/sodium/private/common.h index 954d02cc..632fc8a7 100644 --- a/src/libsodium/include/sodium/private/common.h +++ b/src/libsodium/include/sodium/private/common.h @@ -196,7 +196,7 @@ xor_buf(unsigned char *out, const unsigned char *in, size_t n) } } -#ifndef __GNUC__ +#if !defined(__clang__) && !defined(__GNUC__) # ifdef __attribute__ # undef __attribute__ # endif diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index b9a85944..a176f87a 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -25,7 +25,7 @@ # ifdef HAVE_ALLOCA_H # include # elif !defined(alloca) -# if defined(__GNUC__) +# if defined(__clang__) || defined(__GNUC__) # define alloca __builtin_alloca # elif defined _AIX # define alloca __alloca From 65f71fe06079eb1565d06d6afbe3423fb7f901cf Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 20 Dec 2017 22:51:58 +0100 Subject: [PATCH 013/190] Prefer the system version of nodejs to the emscripten one --- dist-build/emscripten.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index cccfca64..47761b14 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -113,7 +113,7 @@ EOM fi if test "x$NODE" = x; then - for candidate in node nodejs; do + for candidate in /usr/local/bin/node /usr/local/bin/nodejs /usr/bin/node /usr/bin/nodejs node nodejs; do case $($candidate --version 2>&1) in #( v*) NODE=$candidate From f34d5ef17e6f19aa061dfdf304fa79ac6d65abad Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 20 Dec 2017 23:04:04 +0100 Subject: [PATCH 014/190] Emscripten: bump the memory up for the tests --- dist-build/emscripten.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 47761b14..af6e7c8c 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -5,6 +5,7 @@ export EXPORTED_FUNCTIONS_STANDARD='["_crypto_aead_chacha20poly1305_abytes","_cr export EXPORTED_FUNCTIONS_SUMO='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' export TOTAL_MEMORY=16777216 export TOTAL_MEMORY_SUMO=83886080 +export TOTAL_MEMORY_TESTS=167772160 export LDFLAGS="-s RESERVED_FUNCTION_POINTERS=8" export LDFLAGS="${LDFLAGS} -s SINGLE_FILE=1" export LDFLAGS="${LDFLAGS} -s NO_DYNAMIC_EXECUTION=1 -s ASSERTIONS=0" @@ -32,7 +33,7 @@ elif [ "x$1" = "x--sumo" ]; then echo "Building a sumo distribution in [${PREFIX}]" elif [ "x$1" = "x--browser-tests" ]; then export EXPORTED_FUNCTIONS="$EXPORTED_FUNCTIONS_SUMO" - export LDFLAGS="${LDFLAGS} -s TOTAL_MEMORY=${TOTAL_MEMORY_SUMO}" + export LDFLAGS="${LDFLAGS} -s TOTAL_MEMORY=${TOTAL_MEMORY_TESTS}" export PREFIX="$(pwd)/libsodium-js-tests" export DONE_FILE="$(pwd)/js-tests-browser.done" export BROWSER_TESTS='yes' @@ -41,7 +42,7 @@ elif [ "x$1" = "x--browser-tests" ]; then elif [ "x$1" = "x--tests" ]; then echo "Building for testing" export EXPORTED_FUNCTIONS="$EXPORTED_FUNCTIONS_SUMO" - export LDFLAGS="${LDFLAGS} -s TOTAL_MEMORY=${TOTAL_MEMORY_SUMO}" + export LDFLAGS="${LDFLAGS} -s TOTAL_MEMORY=${TOTAL_MEMORY_TESTS}" export PREFIX="$(pwd)/libsodium-js-tests" export DONE_FILE="$(pwd)/js-tests.done" export DIST='no' From 13201046e675d85677dac97e520955f35a79f270 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 00:32:42 +0100 Subject: [PATCH 015/190] emscripten: stick to the unique randombytes implementation --- test/default/randombytes.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/default/randombytes.c b/test/default/randombytes.c index 551afaf4..bdc5cca4 100644 --- a/test/default/randombytes.c +++ b/test/default/randombytes.c @@ -161,7 +161,9 @@ main(void) #endif printf("OK\n"); +#ifndef __EMSCRIPTEN__ randombytes_set_implementation(&randombytes_salsa20_implementation); +#endif return 0; } From dce1614eee5ccb7f28ce3c29adcad024d580e1b4 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 02:02:39 +0100 Subject: [PATCH 016/190] Use default randombytes implementation for tests on emscripten --- test/default/cmptest.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/test/default/cmptest.h b/test/default/cmptest.h index e3710af9..71fab353 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -137,7 +137,9 @@ int main(void) if (sodium_init() != 0) { return 99; } +#ifndef __EMSCRIPTEN__ randombytes_set_implementation(&randombytes_salsa20_implementation); +#endif ts_start = now(); for (i = 0; i < ITERATIONS; i++) { if (xmain() != 0) { From 107b42af3f7a25b9a17c70d2632647ba44358306 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 16:48:15 +0100 Subject: [PATCH 017/190] Remove unused LOAD128() and STORE128() macros --- .../crypto_generichash/blake2b/ref/blake2b-compress-avx2.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h index 21acb2fa..bc7e42d2 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h @@ -2,9 +2,6 @@ #ifndef blake2b_compress_avx2_H #define blake2b_compress_avx2_H -#define LOAD128(p) _mm_load_si128((__m128i *) (p)) -#define STORE128(p, r) _mm_store_si128((__m128i *) (p), r) - #define LOADU128(p) _mm_loadu_si128((__m128i *) (p)) #define STOREU128(p, r) _mm_storeu_si128((__m128i *) (p), r) From 3383fd1bdff1e39f27bc99160a83fe1ca4fa89ef Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 16:57:04 +0100 Subject: [PATCH 018/190] Extra braces --- src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c index 91435a1b..f5e07626 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c @@ -51,9 +51,9 @@ blake2b_is_lastblock(const blake2b_state *S) static inline int blake2b_set_lastblock(blake2b_state *S) { - if (S->last_node) + if (S->last_node) { blake2b_set_lastnode(S); - + } S->f[0] = -1; return 0; } From ffb8475a4a1be764422e5f61c38f100accb3c5a5 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 17:24:01 +0100 Subject: [PATCH 019/190] Brace yourself --- .../crypto_generichash/blake2b/ref/blake2b-compress-ref.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ref.c b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ref.c index 614fa34a..b0422c93 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ref.c +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ref.c @@ -34,12 +34,12 @@ blake2b_compress_ref(blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES]) uint64_t v[16]; int i; - for (i = 0; i < 16; ++i) + for (i = 0; i < 16; ++i) { m[i] = LOAD64_LE(block + i * sizeof(m[i])); - - for (i = 0; i < 8; ++i) + } + for (i = 0; i < 8; ++i) { v[i] = S->h[i]; - + } v[8] = blake2b_IV[0]; v[9] = blake2b_IV[1]; v[10] = blake2b_IV[2]; From 2604a417748b926735f1b5b09424e4cb02faa08b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 17:24:23 +0100 Subject: [PATCH 020/190] Add extra align statements --- src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c index f5e07626..1d7adb76 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c @@ -333,7 +333,7 @@ int blake2b(uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen) { - blake2b_state S[1]; + CRYPTO_ALIGN(64) blake2b_state S[1]; /* Verify parameters */ if (NULL == in && inlen > 0) { @@ -371,7 +371,7 @@ blake2b_salt_personal(uint8_t *out, const void *in, const void *key, const uint8_t outlen, const uint64_t inlen, uint8_t keylen, const void *salt, const void *personal) { - blake2b_state S[1]; + CRYPTO_ALIGN(64) blake2b_state S[1]; /* Verify parameters */ if (NULL == in && inlen > 0) { From 1e7839a90c05553ca08105e454e1e211bb282a64 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 17:53:09 +0100 Subject: [PATCH 021/190] Lift alignment requirements in crypto_generichash() --- .../sodium/crypto_generichash_blake2b.h | 2 +- test/default/generichash2.c | 71 +++++++++++++------ test/default/generichash2.exp | 1 + 3 files changed, 51 insertions(+), 23 deletions(-) diff --git a/src/libsodium/include/sodium/crypto_generichash_blake2b.h b/src/libsodium/include/sodium/crypto_generichash_blake2b.h index 9326a04a..38f9d27c 100644 --- a/src/libsodium/include/sodium/crypto_generichash_blake2b.h +++ b/src/libsodium/include/sodium/crypto_generichash_blake2b.h @@ -20,7 +20,7 @@ extern "C" { # pragma pack(push, 1) #endif -typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state { +typedef struct crypto_generichash_blake2b_state { uint64_t h[8]; uint64_t t[2]; uint64_t f[2]; diff --git a/test/default/generichash2.c b/test/default/generichash2.c index c0048828..4485e3db 100644 --- a/test/default/generichash2.c +++ b/test/default/generichash2.c @@ -6,51 +6,78 @@ int main(void) { #define MAXLEN 64 - crypto_generichash_state st; - unsigned char in[MAXLEN], out[crypto_generichash_BYTES_MAX], - k[crypto_generichash_KEYBYTES_MAX]; - size_t h, i, j; + crypto_generichash_state *st; + unsigned char in[MAXLEN]; + unsigned char out[crypto_generichash_BYTES_MAX]; + unsigned char k[crypto_generichash_KEYBYTES_MAX]; + size_t h, i, j; - assert(crypto_generichash_statebytes() >= sizeof st); - for (h = 0; h < crypto_generichash_KEYBYTES_MAX; ++h) + assert(crypto_generichash_statebytes() >= sizeof *st); + st = sodium_malloc(crypto_generichash_statebytes()); + for (h = 0; h < crypto_generichash_KEYBYTES_MAX; ++h) { k[h] = (unsigned char) h; - + } for (i = 0; i < MAXLEN; ++i) { in[i] = (unsigned char) i; - if (crypto_generichash_init(&st, k, + if (crypto_generichash_init(st, k, 1 + i % crypto_generichash_KEYBYTES_MAX, 1 + i % crypto_generichash_BYTES_MAX) != 0) { printf("crypto_generichash_init()\n"); return 1; } - crypto_generichash_update(&st, in, i); - crypto_generichash_update(&st, in, i); - crypto_generichash_update(&st, in, i); - if (crypto_generichash_final(&st, out, + crypto_generichash_update(st, in, i); + crypto_generichash_update(st, in, i); + crypto_generichash_update(st, in, i); + if (crypto_generichash_final(st, out, 1 + i % crypto_generichash_BYTES_MAX) != 0) { printf("crypto_generichash_final() should have returned 0\n"); } for (j = 0; j < 1 + i % crypto_generichash_BYTES_MAX; ++j) { - printf("%02x", (unsigned int)out[j]); + printf("%02x", (unsigned int) out[j]); } printf("\n"); - if (crypto_generichash_final(&st, out, + if (crypto_generichash_final(st, out, 1 + i % crypto_generichash_BYTES_MAX) != -1) { printf("crypto_generichash_final() should have returned -1\n"); } } + sodium_free(st); - assert(crypto_generichash_init(&st, k, sizeof k, 0U) == -1); - assert(crypto_generichash_init(&st, k, sizeof k, + /* unaligned state */ + st = sodium_malloc(crypto_generichash_statebytes() + 1U); + i = 0; + if (crypto_generichash_init(st, k, + crypto_generichash_KEYBYTES_MAX, + crypto_generichash_BYTES_MAX) != 0) { + printf("crypto_generichash_init(2)\n"); + return 1; + } + crypto_generichash_update(st, in, i); + crypto_generichash_update(st, in, i); + crypto_generichash_update(st, in, i); + if (crypto_generichash_final(st, out, + crypto_generichash_BYTES_MAX) != 0) { + printf("crypto_generichash_final(2) should have returned 0\n"); + } + for (j = 0; j < crypto_generichash_BYTES_MAX; ++j) { + printf("%02x", (unsigned int) out[j]); + } + printf("\n"); + + assert(crypto_generichash_init(st, k, sizeof k, 0U) == -1); + assert(crypto_generichash_init(st, k, sizeof k, crypto_generichash_BYTES_MAX + 1U) == -1); - assert(crypto_generichash_init(&st, k, crypto_generichash_KEYBYTES_MAX + 1U, + assert(crypto_generichash_init(st, k, crypto_generichash_KEYBYTES_MAX + 1U, sizeof out) == -1); - assert(crypto_generichash_init(&st, k, 0U, sizeof out) == 0); - assert(crypto_generichash_init(&st, k, 1U, sizeof out) == 0); - assert(crypto_generichash_init(&st, NULL, 1U, 0U) == -1); - assert(crypto_generichash_init(&st, NULL, crypto_generichash_KEYBYTES, + assert(crypto_generichash_init(st, k, 0U, sizeof out) == 0); + assert(crypto_generichash_init(st, k, 1U, sizeof out) == 0); + assert(crypto_generichash_init(st, NULL, 1U, 0U) == -1); + assert(crypto_generichash_init(st, NULL, crypto_generichash_KEYBYTES, 1U) == 0); - assert(crypto_generichash_init(&st, NULL, crypto_generichash_KEYBYTES, + assert(crypto_generichash_init(st, NULL, crypto_generichash_KEYBYTES, 0U) == -1); + + sodium_free(st); + return 0; } diff --git a/test/default/generichash2.exp b/test/default/generichash2.exp index 5ee6f605..ee66a35b 100644 --- a/test/default/generichash2.exp +++ b/test/default/generichash2.exp @@ -62,3 +62,4 @@ d09b717a0c80f581c07b8813e0ae79cec2188f77122f7477954610655a20420f13eb1b68cacde8c1 23ac1ccd5e7df51b65b284650158d662e7ef51ebae01b879f39cec484b688c792f8e854bd8ca31ffe8796d28f10e49ab402dab47878a21cb95556dc32b0a f8f5323ebcc28bf927e72d342b5b70d80ba67794afb4c28debad21b0dae24c7a9252e862eb4b83bea6d9c0bb7c108983c987f13d73f250c7f14483f0454a24 55b97ca594d68ccf69a0a93fe7fa4004c7e2947a8cac4ca4a44e17ac6876f472e3f221b341a28004cd35a79cfad7fabb9378ce5af03e4c0445ebbe9540943bbd +10ebb67700b1868efb4417987acf4690ae9d972fb7a590c2f02871799aaa4786b5e996e8f0f4eb981fc214b005f42d2ff4233499391653df7aefcbc13fc51568 From 0187ba70adc77a13f9c51e1e31587ef4f57a89a7 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 18:20:08 +0100 Subject: [PATCH 022/190] Require the generichash state to be aligned Alignment is already required by other functions anyway. --- .../include/sodium/crypto_generichash.h | 4 ++++ .../sodium/crypto_generichash_blake2b.h | 2 +- test/default/generichash2.c | 22 ------------------- test/default/generichash2.exp | 1 - 4 files changed, 5 insertions(+), 24 deletions(-) diff --git a/src/libsodium/include/sodium/crypto_generichash.h b/src/libsodium/include/sodium/crypto_generichash.h index 2398fb9d..a5e1646f 100644 --- a/src/libsodium/include/sodium/crypto_generichash.h +++ b/src/libsodium/include/sodium/crypto_generichash.h @@ -41,6 +41,10 @@ size_t crypto_generichash_keybytes(void); SODIUM_EXPORT const char *crypto_generichash_primitive(void); +/* + * Important when writing bindings for other programming languages: + * the state address *must* be 64-bytes aligned. + */ typedef crypto_generichash_blake2b_state crypto_generichash_state; SODIUM_EXPORT diff --git a/src/libsodium/include/sodium/crypto_generichash_blake2b.h b/src/libsodium/include/sodium/crypto_generichash_blake2b.h index 38f9d27c..9326a04a 100644 --- a/src/libsodium/include/sodium/crypto_generichash_blake2b.h +++ b/src/libsodium/include/sodium/crypto_generichash_blake2b.h @@ -20,7 +20,7 @@ extern "C" { # pragma pack(push, 1) #endif -typedef struct crypto_generichash_blake2b_state { +typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state { uint64_t h[8]; uint64_t t[2]; uint64_t f[2]; diff --git a/test/default/generichash2.c b/test/default/generichash2.c index 4485e3db..e3ec270c 100644 --- a/test/default/generichash2.c +++ b/test/default/generichash2.c @@ -41,28 +41,6 @@ main(void) printf("crypto_generichash_final() should have returned -1\n"); } } - sodium_free(st); - - /* unaligned state */ - st = sodium_malloc(crypto_generichash_statebytes() + 1U); - i = 0; - if (crypto_generichash_init(st, k, - crypto_generichash_KEYBYTES_MAX, - crypto_generichash_BYTES_MAX) != 0) { - printf("crypto_generichash_init(2)\n"); - return 1; - } - crypto_generichash_update(st, in, i); - crypto_generichash_update(st, in, i); - crypto_generichash_update(st, in, i); - if (crypto_generichash_final(st, out, - crypto_generichash_BYTES_MAX) != 0) { - printf("crypto_generichash_final(2) should have returned 0\n"); - } - for (j = 0; j < crypto_generichash_BYTES_MAX; ++j) { - printf("%02x", (unsigned int) out[j]); - } - printf("\n"); assert(crypto_generichash_init(st, k, sizeof k, 0U) == -1); assert(crypto_generichash_init(st, k, sizeof k, diff --git a/test/default/generichash2.exp b/test/default/generichash2.exp index ee66a35b..5ee6f605 100644 --- a/test/default/generichash2.exp +++ b/test/default/generichash2.exp @@ -62,4 +62,3 @@ d09b717a0c80f581c07b8813e0ae79cec2188f77122f7477954610655a20420f13eb1b68cacde8c1 23ac1ccd5e7df51b65b284650158d662e7ef51ebae01b879f39cec484b688c792f8e854bd8ca31ffe8796d28f10e49ab402dab47878a21cb95556dc32b0a f8f5323ebcc28bf927e72d342b5b70d80ba67794afb4c28debad21b0dae24c7a9252e862eb4b83bea6d9c0bb7c108983c987f13d73f250c7f14483f0454a24 55b97ca594d68ccf69a0a93fe7fa4004c7e2947a8cac4ca4a44e17ac6876f472e3f221b341a28004cd35a79cfad7fabb9378ce5af03e4c0445ebbe9540943bbd -10ebb67700b1868efb4417987acf4690ae9d972fb7a590c2f02871799aaa4786b5e996e8f0f4eb981fc214b005f42d2ff4233499391653df7aefcbc13fc51568 From d7f8f6bc8030a0d486bf7ae4894f3a326ab74c7a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 18:27:29 +0100 Subject: [PATCH 023/190] Static --- test/default/cmptest.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/default/cmptest.h b/test/default/cmptest.h index 71fab353..bcf1064b 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -160,7 +160,7 @@ int main(void) #elif !defined(BROWSER_TESTS) -FILE *fp_res; +static FILE *fp_res; int main(void) { From bd631649c17a651812112aeca4b0cb4eb8167932 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 18:46:29 +0100 Subject: [PATCH 024/190] Emscripten: run the tests in benchmark mode --- dist-build/emscripten.sh | 1 + test/default/cmptest.h | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index af6e7c8c..35028e45 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -42,6 +42,7 @@ elif [ "x$1" = "x--browser-tests" ]; then elif [ "x$1" = "x--tests" ]; then echo "Building for testing" export EXPORTED_FUNCTIONS="$EXPORTED_FUNCTIONS_SUMO" + export CPPFLAGS="${CPPFLAGS} -DBENCHMARKS -DITERATIONS=10" export LDFLAGS="${LDFLAGS} -s TOTAL_MEMORY=${TOTAL_MEMORY_TESTS}" export PREFIX="$(pwd)/libsodium-js-tests" export DONE_FILE="$(pwd)/js-tests.done" diff --git a/test/default/cmptest.h b/test/default/cmptest.h index bcf1064b..1a46d41b 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -137,6 +137,10 @@ int main(void) if (sodium_init() != 0) { return 99; } +#ifdef __EMSCRIPTEN__ + (void) fopen("/dev/null", "r"); +#endif + #ifndef __EMSCRIPTEN__ randombytes_set_implementation(&randombytes_salsa20_implementation); #endif From 72ab8739a295b5070f627fad14a5685c932906eb Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 21:27:50 +0100 Subject: [PATCH 025/190] Javascript tests: don't call FS.*() if the filesystem module is not present --- test/default/pre.js.inc | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/test/default/pre.js.inc b/test/default/pre.js.inc index 130c1371..8b8d589a 100755 --- a/test/default/pre.js.inc +++ b/test/default/pre.js.inc @@ -5,12 +5,14 @@ try { this['Module'] = Module = {}; } if (typeof process === 'object') { - Module['preRun'] = Module['preRun'] || []; - Module['preRun'].push(function() { - FS.init(); - FS.mkdir('/test-data'); - FS.mount(NODEFS, { root: '.' }, '/test-data'); - }); + if (typeof(FS) === 'object') { + Module['preRun'] = Module['preRun'] || []; + Module['preRun'].push(function() { + FS.init(); + FS.mkdir('/test-data'); + FS.mount(NODEFS, { root: '.' }, '/test-data'); + }); + } } else { Module['print'] = function(x) { var event = new Event('test-output'); From 8a2833f01a3f4913c13d67cb201584b6d290d1e1 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 21:36:15 +0100 Subject: [PATCH 026/190] Remove the dummy FS call from the Javascript tests --- test/default/cmptest.h | 3 --- 1 file changed, 3 deletions(-) diff --git a/test/default/cmptest.h b/test/default/cmptest.h index 1a46d41b..ced709d9 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -137,9 +137,6 @@ int main(void) if (sodium_init() != 0) { return 99; } -#ifdef __EMSCRIPTEN__ - (void) fopen("/dev/null", "r"); -#endif #ifndef __EMSCRIPTEN__ randombytes_set_implementation(&randombytes_salsa20_implementation); From 6a608189827539f58aa3d588cd8a405a2b55b8ac Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 21 Dec 2017 22:17:40 +0100 Subject: [PATCH 027/190] C++ compat --- test/default/generichash2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/default/generichash2.c b/test/default/generichash2.c index e3ec270c..b7e33e69 100644 --- a/test/default/generichash2.c +++ b/test/default/generichash2.c @@ -13,7 +13,8 @@ main(void) size_t h, i, j; assert(crypto_generichash_statebytes() >= sizeof *st); - st = sodium_malloc(crypto_generichash_statebytes()); + st = (crypto_generichash_state *) + sodium_malloc(crypto_generichash_statebytes()); for (h = 0; h < crypto_generichash_KEYBYTES_MAX; ++h) { k[h] = (unsigned char) h; } From 88fca4834c8c7a895214d650cc69c3841fd2ec82 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 25 Dec 2017 22:18:40 +0100 Subject: [PATCH 028/190] emscripten: export Pointer_stringify() for recent emscripten versions --- dist-build/emscripten.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 35028e45..a7c8e8f5 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -54,7 +54,7 @@ else echo exit 1 fi -export JS_EXPORTS_FLAGS="-s EXPORTED_FUNCTIONS=${EXPORTED_FUNCTIONS}" +export JS_EXPORTS_FLAGS="-s EXPORTED_FUNCTIONS=${EXPORTED_FUNCTIONS} -s EXTRA_EXPORTED_RUNTIME_METHODS=[\"Pointer_stringify\"]" rm -f "$DONE_FILE" From 8eba49b6a84dc255ef6597c343d2b45460b5cf53 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 25 Dec 2017 22:31:04 +0100 Subject: [PATCH 029/190] emscripten: export _malloc() and _free() --- dist-build/emscripten.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index a7c8e8f5..d4b09b9d 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -54,7 +54,7 @@ else echo exit 1 fi -export JS_EXPORTS_FLAGS="-s EXPORTED_FUNCTIONS=${EXPORTED_FUNCTIONS} -s EXTRA_EXPORTED_RUNTIME_METHODS=[\"Pointer_stringify\"]" +export JS_EXPORTS_FLAGS="-s EXPORTED_FUNCTIONS=${EXPORTED_FUNCTIONS} -s EXTRA_EXPORTED_RUNTIME_METHODS=[\"Pointer_stringify\",\"_malloc\",\"_free\"]" rm -f "$DONE_FILE" From 387e1833d7e2cb40a6a0a7561de82da968aacc07 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 25 Dec 2017 22:33:30 +0100 Subject: [PATCH 030/190] emscripten: move the set of exported runtime methods --- dist-build/emscripten.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index d4b09b9d..2e43ebe7 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -3,6 +3,7 @@ export MAKE_FLAGS='-j4' export EXPORTED_FUNCTIONS_STANDARD='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream_keygen","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' export EXPORTED_FUNCTIONS_SUMO='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' +export EXPORTED_RUNTIME_METHODS='["Pointer_stringify","_malloc","_free"]' export TOTAL_MEMORY=16777216 export TOTAL_MEMORY_SUMO=83886080 export TOTAL_MEMORY_TESTS=167772160 @@ -54,7 +55,7 @@ else echo exit 1 fi -export JS_EXPORTS_FLAGS="-s EXPORTED_FUNCTIONS=${EXPORTED_FUNCTIONS} -s EXTRA_EXPORTED_RUNTIME_METHODS=[\"Pointer_stringify\",\"_malloc\",\"_free\"]" +export JS_EXPORTS_FLAGS="-s EXPORTED_FUNCTIONS=${EXPORTED_FUNCTIONS} -s EXTRA_EXPORTED_RUNTIME_METHODS=${EXPORTED_RUNTIME_METHODS}" rm -f "$DONE_FILE" From 68d845e651159d0beeb89dd2d7b1c966c0030781 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 25 Dec 2017 22:59:41 +0100 Subject: [PATCH 031/190] Export setValue, getValue --- dist-build/emscripten.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 2e43ebe7..43dcb769 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -3,7 +3,7 @@ export MAKE_FLAGS='-j4' export EXPORTED_FUNCTIONS_STANDARD='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream_keygen","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' export EXPORTED_FUNCTIONS_SUMO='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' -export EXPORTED_RUNTIME_METHODS='["Pointer_stringify","_malloc","_free"]' +export EXPORTED_RUNTIME_METHODS='["Pointer_stringify","getValue","setValue","_malloc","_free"]' export TOTAL_MEMORY=16777216 export TOTAL_MEMORY_SUMO=83886080 export TOTAL_MEMORY_TESTS=167772160 From 5f5d36a9bbba9b027ca9018e8a24e972a676094a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 25 Dec 2017 23:32:25 +0100 Subject: [PATCH 032/190] emscripten: malloc() and free() should be exported as library symbols --- dist-build/emscripten.sh | 6 +++--- dist-build/generate-emscripten-symbols.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 43dcb769..38e2a616 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -1,9 +1,9 @@ #! /bin/sh export MAKE_FLAGS='-j4' -export EXPORTED_FUNCTIONS_STANDARD='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream_keygen","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' -export EXPORTED_FUNCTIONS_SUMO='["_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' -export EXPORTED_RUNTIME_METHODS='["Pointer_stringify","getValue","setValue","_malloc","_free"]' +export EXPORTED_FUNCTIONS_STANDARD='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream_keygen","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' +export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' +export EXPORTED_RUNTIME_METHODS='["Pointer_stringify","getValue","setValue"]' export TOTAL_MEMORY=16777216 export TOTAL_MEMORY_SUMO=83886080 export TOTAL_MEMORY_TESTS=167772160 diff --git a/dist-build/generate-emscripten-symbols.sh b/dist-build/generate-emscripten-symbols.sh index 1217e35a..78cbffd4 100755 --- a/dist-build/generate-emscripten-symbols.sh +++ b/dist-build/generate-emscripten-symbols.sh @@ -35,7 +35,7 @@ symbols() { } | \ sort | \ { - out='' + out='"_malloc","_free"' while read symbol ; do if [ ! -z "$out" ]; then out="${out}," From d73d5f8ee680a41bbd26d3944f4ae59f0239ebae Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 27 Dec 2017 00:10:18 +0100 Subject: [PATCH 033/190] Rather than checking for emscripten, perform a 128-bit mul --- configure.ac | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index 479dc64f..923adfe1 100644 --- a/configure.ac +++ b/configure.ac @@ -644,10 +644,6 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifndef NATIVE_LITTLE_ENDIAN # error libsodium currently expects a little endian CPU for the 128-bit type #endif -#ifdef __EMSCRIPTEN__ -# error emscripten currently supports only shift operations on integers \ -# larger than 64 bits -#endif #include #include #if defined(__SIZEOF_INT128__) @@ -657,6 +653,8 @@ typedef unsigned uint128_t __attribute__((mode(TI))); #endif void fcontract(uint128_t *t) { *t += 0x8000000000000 - 1; + *t *= *t; + *t >>= 84; } ]], [[ (void) fcontract; From fff87d50dd43900ce837537471d54626669384b4 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 27 Dec 2017 00:28:41 +0100 Subject: [PATCH 034/190] Restore the __EMSCRIPTEN__ check for 128-bit usage --- configure.ac | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure.ac b/configure.ac index 923adfe1..24a7ea68 100644 --- a/configure.ac +++ b/configure.ac @@ -644,6 +644,9 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifndef NATIVE_LITTLE_ENDIAN # error libsodium currently expects a little endian CPU for the 128-bit type #endif +#ifdef __EMSCRIPTEN__ +# error emscripten currently doesn't support some operations on integers larger than 64 bits +#endif #include #include #if defined(__SIZEOF_INT128__) From 4614ca754df0b958e5433aecd0600cd33444c848 Mon Sep 17 00:00:00 2001 From: Ryan Lester Date: Tue, 26 Dec 2017 22:05:08 -0500 Subject: [PATCH 035/190] updates for latest emscripten --- dist-build/emscripten.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 38e2a616..d0e1e8bf 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -9,7 +9,7 @@ export TOTAL_MEMORY_SUMO=83886080 export TOTAL_MEMORY_TESTS=167772160 export LDFLAGS="-s RESERVED_FUNCTION_POINTERS=8" export LDFLAGS="${LDFLAGS} -s SINGLE_FILE=1" -export LDFLAGS="${LDFLAGS} -s NO_DYNAMIC_EXECUTION=1 -s ASSERTIONS=0" +export LDFLAGS="${LDFLAGS} -s ASSERTIONS=0" export LDFLAGS="${LDFLAGS} -s AGGRESSIVE_VARIABLE_ELIMINATION=1 -s ALIASING_FUNCTION_POINTERS=1" export LDFLAGS="${LDFLAGS} -s FUNCTION_POINTER_ALIGNMENT=1 -s DISABLE_EXCEPTION_CATCHING=1" export LDFLAGS="${LDFLAGS} -s ELIMINATE_DUPLICATE_FUNCTIONS=1" @@ -72,11 +72,11 @@ if [ "$DIST" = yes ]; then emccLibsodium () { outFile="${1}" shift - emcc "$CFLAGS" --llvm-lto 1 $CPPFLAGS $LDFLAGS $JS_EXPORTS_FLAGS ${@} \ + emcc "$CFLAGS" --closure 1 --llvm-lto 1 $CPPFLAGS $LDFLAGS $JS_EXPORTS_FLAGS ${@} \ "${PREFIX}/lib/libsodium.a" -o "${outFile}" || exit 1 } emmake make $MAKE_FLAGS install || exit 1 - emccLibsodium "${PREFIX}/lib/libsodium.asm.tmp.js" -Oz -s RUNNING_JS_OPTS=1 -s NO_EXIT_RUNTIME=1 + emccLibsodium "${PREFIX}/lib/libsodium.asm.tmp.js" -Oz -s RUNNING_JS_OPTS=1 emccLibsodium "${PREFIX}/lib/libsodium.wasm.tmp.js" -O3 -s WASM=1 cat > "${PREFIX}/lib/libsodium.js" <<- EOM From 607d9b7943bd7f6d7dccec4273cef44b4d275860 Mon Sep 17 00:00:00 2001 From: Ryan Lester Date: Tue, 26 Dec 2017 22:39:17 -0500 Subject: [PATCH 036/190] Closure fix --- src/libsodium/randombytes/randombytes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsodium/randombytes/randombytes.c b/src/libsodium/randombytes/randombytes.c index 708616b8..4c1a536e 100644 --- a/src/libsodium/randombytes/randombytes.c +++ b/src/libsodium/randombytes/randombytes.c @@ -107,7 +107,7 @@ randombytes_stir(void) try { var crypto = require('crypto'); var randomValueNodeJS = function() { - var buf = crypto.randomBytes(4); + var buf = crypto['randomBytes'](4); return (buf[0] << 24 | buf[1] << 16 | buf[2] << 8 | buf[3]) >>> 0; }; randomValueNodeJS(); From 7dee41abeeda166d3570210b90866312e6f4fdd1 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 31 Dec 2017 00:56:51 +0100 Subject: [PATCH 037/190] Disable LTO in ios/osx build scripts --- dist-build/ios.sh | 20 ++++++++++---------- dist-build/osx.sh | 4 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/dist-build/ios.sh b/dist-build/ios.sh index c08b85ff..cd042d0c 100755 --- a/dist-build/ios.sh +++ b/dist-build/ios.sh @@ -34,8 +34,8 @@ export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH" export SDK="${BASEDIR}/SDKs/iPhoneSimulator.sdk" ## i386 simulator -export CFLAGS="-O2 -arch i386 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN} -flto" -export LDFLAGS="-arch i386 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN} -flto" +export CFLAGS="-O2 -arch i386 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN}" +export LDFLAGS="-arch i386 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN}" make distclean > /dev/null @@ -47,8 +47,8 @@ make distclean > /dev/null make -j3 install || exit 1 ## x86_64 simulator -export CFLAGS="-O2 -arch x86_64 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN} -flto" -export LDFLAGS="-arch x86_64 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN} -flto" +export CFLAGS="-O2 -arch x86_64 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN}" +export LDFLAGS="-arch x86_64 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN}" make distclean > /dev/null @@ -65,8 +65,8 @@ export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH" export SDK="${BASEDIR}/SDKs/iPhoneOS.sdk" ## 32-bit iOS -export CFLAGS="-O2 -mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto" -export LDFLAGS="-mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto" +export CFLAGS="-O2 -mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" +export LDFLAGS="-mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" make distclean > /dev/null @@ -78,8 +78,8 @@ make distclean > /dev/null make -j3 install || exit 1 ## 32-bit armv7s iOS -export CFLAGS="-O2 -mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto" -export LDFLAGS="-mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto" +export CFLAGS="-O2 -mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" +export LDFLAGS="-mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" make distclean > /dev/null @@ -91,8 +91,8 @@ make distclean > /dev/null make -j3 install || exit 1 ## 64-bit iOS -export CFLAGS="-O2 -arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto -fembed-bitcode" -export LDFLAGS="-arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto -fembed-bitcode" +export CFLAGS="-O2 -arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -fembed-bitcode" +export LDFLAGS="-arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -fembed-bitcode" make distclean > /dev/null diff --git a/dist-build/osx.sh b/dist-build/osx.sh index f087da6c..3e126d93 100755 --- a/dist-build/osx.sh +++ b/dist-build/osx.sh @@ -6,8 +6,8 @@ export OSX_CPU_ARCH=${OSX_CPU_ARCH-"core2"} mkdir -p $PREFIX || exit 1 -export CFLAGS="-arch x86_64 -mmacosx-version-min=${OSX_VERSION_MIN} -march=${OSX_CPU_ARCH} -O2 -g -flto" -export LDFLAGS="-arch x86_64 -mmacosx-version-min=${OSX_VERSION_MIN} -march=${OSX_CPU_ARCH} -flto" +export CFLAGS="-arch x86_64 -mmacosx-version-min=${OSX_VERSION_MIN} -march=${OSX_CPU_ARCH} -O2 -g" +export LDFLAGS="-arch x86_64 -mmacosx-version-min=${OSX_VERSION_MIN} -march=${OSX_CPU_ARCH}" make distclean > /dev/null From a18e21b49db261710d1da4ea98c16fc5cd08adaa Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 31 Dec 2017 01:10:48 +0100 Subject: [PATCH 038/190] Use (""::"r"(pnt):"memory") instead of (""::"p"(pnt)) for the barrier --- src/libsodium/sodium/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index a176f87a..2e3fcea8 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -114,7 +114,7 @@ sodium_memzero(void *const pnt, const size_t len) memset(pnt, 0, len); _sodium_dummy_symbol_to_prevent_memzero_lto(pnt, len); # ifdef HAVE_AMD64_ASM - __asm__ __volatile__ ("" : : "p"(pnt)); + __asm__ __volatile__ ("" : : "r"(pnt) : "memory"); # endif #else volatile unsigned char *volatile pnt_ = From 764656443fa6d6d7f609945e1d7579536e45508b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 31 Dec 2017 01:23:58 +0100 Subject: [PATCH 039/190] Check if we can use inline asm code, not only on x86_64 --- configure.ac | 12 ++++++++++++ src/libsodium/sodium/utils.c | 2 +- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 24a7ea68..7478f1c7 100644 --- a/configure.ac +++ b/configure.ac @@ -580,6 +580,18 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ CPPFLAGS="$CPPFLAGS -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS" ]) +AC_MSG_CHECKING(whether we can use inline asm code) +AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +]], [[ +int a = 42; +int *pnt = &a; +__asm__ __volatile__ ("" : : "r"(pnt) : "memory"); +]])], + [AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_INLINE_ASM], [1], [inline asm code can be used])] + [AC_MSG_RESULT(no)] +) + HAVE_AMD64_ASM_V=0 AS_IF([test "$enable_asm" != "no"],[ AC_MSG_CHECKING(whether we can use x86_64 asm code) diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index 2e3fcea8..3a5f835b 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -113,7 +113,7 @@ sodium_memzero(void *const pnt, const size_t len) #elif HAVE_WEAK_SYMBOLS memset(pnt, 0, len); _sodium_dummy_symbol_to_prevent_memzero_lto(pnt, len); -# ifdef HAVE_AMD64_ASM +# ifdef HAVE_INLINE_ASM __asm__ __volatile__ ("" : : "r"(pnt) : "memory"); # endif #else From b01a622c75dd7e1b85ca59c1a54ce5c2df980eb2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 31 Dec 2017 19:17:47 +0100 Subject: [PATCH 040/190] 2018 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 2489a681..1553d6bb 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ /* * ISC License * - * Copyright (c) 2013-2017 + * Copyright (c) 2013-2018 * Frank Denis * * Permission to use, copy, modify, and/or distribute this software for any From 93887f179d28c4494429d8ab784a7bb5b4347900 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 4 Jan 2018 18:04:39 +0100 Subject: [PATCH 041/190] Check for -mretpoline / -zretpolineplt support --- configure.ac | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configure.ac b/configure.ac index 7478f1c7..62f8b2f4 100644 --- a/configure.ac +++ b/configure.ac @@ -202,6 +202,9 @@ AC_CHECK_DEFINE([_FORTIFY_SOURCE], [], [ AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [CFLAGS="$CFLAGS -fvisibility=hidden"]) +AX_CHECK_COMPILE_FLAG([-mretpoline], + [CFLAGS="$CFLAGS -mretpoline"]) + AS_CASE([$host_os], [cygwin*|mingw*|msys|pw32*|cegcc*], [ ], [ AX_CHECK_COMPILE_FLAG([-fPIC], [CFLAGS="$CFLAGS -fPIC"]) ]) @@ -323,6 +326,7 @@ AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wwrite-strings], [CWFLAGS="$CWFLAGS -Wwrite-str AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"]) AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"]) AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [LDFLAGS="$LDFLAGS -Wl,-z,noexecstack"]) +AX_CHECK_LINK_FLAG([-Wl,-z,retpolineplt], [LDFLAGS="$LDFLAGS -Wl,-z,retpolineplt"]) AC_MSG_CHECKING(for a broken clang + AVX512 combination) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[ From 9ebe443bc7f3ae154efc391233ad27c49bf1cb5b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 7 Jan 2018 13:13:56 +0100 Subject: [PATCH 042/190] Who's still using XCode < 8 ? --- dist-build/ios.sh | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/dist-build/ios.sh b/dist-build/ios.sh index cd042d0c..c0b4b04f 100755 --- a/dist-build/ios.sh +++ b/dist-build/ios.sh @@ -17,14 +17,8 @@ export SIMULATOR32_PREFIX="$PREFIX/tmp/simulator32" export SIMULATOR64_PREFIX="$PREFIX/tmp/simulator64" export XCODEDIR=$(xcode-select -p) -xcode_major=$(xcodebuild -version|egrep '^Xcode '|cut -d' ' -f2|cut -d. -f1) -if [ $xcode_major -ge 8 ]; then - export IOS_SIMULATOR_VERSION_MIN=${IOS_SIMULATOR_VERSION_MIN-"6.0.0"} - export IOS_VERSION_MIN=${IOS_VERSION_MIN-"6.0.0"} -else - export IOS_SIMULATOR_VERSION_MIN=${IOS_SIMULATOR_VERSION_MIN-"5.1.1"} - export IOS_VERSION_MIN=${IOS_VERSION_MIN-"5.1.1"} -fi +export IOS_SIMULATOR_VERSION_MIN=${IOS_SIMULATOR_VERSION_MIN-"6.0.0"} +export IOS_VERSION_MIN=${IOS_VERSION_MIN-"6.0.0"} mkdir -p $SIMULATOR32_PREFIX $SIMULATOR64_PREFIX $IOS32_PREFIX $IOS32s_PREFIX $IOS64_PREFIX || exit 1 From 794ec886e71d143d916f0c12020f82ab72b7690f Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 7 Jan 2018 15:40:27 +0100 Subject: [PATCH 043/190] Check for __aarch64__ instead of __ARM_NEON for 128-bit arithmetic --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 62f8b2f4..8671220d 100644 --- a/configure.ac +++ b/configure.ac @@ -654,7 +654,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #if !defined(__clang__) && !defined(__GNUC__) && !defined(__SIZEOF_INT128__) # error mode(TI) is a gcc extension, and __int128 is not available #endif -#if defined(__clang__) && !defined(__x86_64__) && !defined(__ARM_NEON) +#if defined(__clang__) && !defined(__x86_64__) && !defined(__aarch64__) # error clang does not properly handle the 128-bit type on 32-bit systems #endif #ifndef NATIVE_LITTLE_ENDIAN From 74a4496cc5931cd5a72486768a84a40a19491cc4 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 14 Jan 2018 23:09:46 +0100 Subject: [PATCH 044/190] Solaris Studio apparently supports __attribute__() Fixes #660 --- src/libsodium/include/sodium/export.h | 2 +- src/libsodium/include/sodium/private/common.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsodium/include/sodium/export.h b/src/libsodium/include/sodium/export.h index b786c77b..f6aa242d 100644 --- a/src/libsodium/include/sodium/export.h +++ b/src/libsodium/include/sodium/export.h @@ -2,7 +2,7 @@ #ifndef sodium_export_H #define sodium_export_H -#if !defined(__clang__) && !defined(__GNUC__) +#if !defined(__clang__) && !defined(__GNUC__) && !defined(__SUNPRO_C) # ifdef __attribute__ # undef __attribute__ # endif diff --git a/src/libsodium/include/sodium/private/common.h b/src/libsodium/include/sodium/private/common.h index 632fc8a7..4863cc65 100644 --- a/src/libsodium/include/sodium/private/common.h +++ b/src/libsodium/include/sodium/private/common.h @@ -196,7 +196,7 @@ xor_buf(unsigned char *out, const unsigned char *in, size_t n) } } -#if !defined(__clang__) && !defined(__GNUC__) +#if !defined(__clang__) && !defined(__GNUC__) && !defined(__SUNPRO_C) # ifdef __attribute__ # undef __attribute__ # endif From bc6541a70a738fc91934bf8f11c2a3c1b6057289 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 15 Jan 2018 13:33:33 +0100 Subject: [PATCH 045/190] emscripten: do not use closure --- dist-build/emscripten.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index d0e1e8bf..ebffe281 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -72,7 +72,7 @@ if [ "$DIST" = yes ]; then emccLibsodium () { outFile="${1}" shift - emcc "$CFLAGS" --closure 1 --llvm-lto 1 $CPPFLAGS $LDFLAGS $JS_EXPORTS_FLAGS ${@} \ + emcc "$CFLAGS" --llvm-lto 1 $CPPFLAGS $LDFLAGS $JS_EXPORTS_FLAGS ${@} \ "${PREFIX}/lib/libsodium.a" -o "${outFile}" || exit 1 } emmake make $MAKE_FLAGS install || exit 1 From 0468e778d229054a966d0fdc629ec8b677bc37c6 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 15 Jan 2018 13:34:31 +0100 Subject: [PATCH 046/190] Revert "Solaris Studio apparently supports __attribute__()" This reverts commit 74a4496cc5931cd5a72486768a84a40a19491cc4. --- src/libsodium/include/sodium/export.h | 2 +- src/libsodium/include/sodium/private/common.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsodium/include/sodium/export.h b/src/libsodium/include/sodium/export.h index f6aa242d..b786c77b 100644 --- a/src/libsodium/include/sodium/export.h +++ b/src/libsodium/include/sodium/export.h @@ -2,7 +2,7 @@ #ifndef sodium_export_H #define sodium_export_H -#if !defined(__clang__) && !defined(__GNUC__) && !defined(__SUNPRO_C) +#if !defined(__clang__) && !defined(__GNUC__) # ifdef __attribute__ # undef __attribute__ # endif diff --git a/src/libsodium/include/sodium/private/common.h b/src/libsodium/include/sodium/private/common.h index 4863cc65..632fc8a7 100644 --- a/src/libsodium/include/sodium/private/common.h +++ b/src/libsodium/include/sodium/private/common.h @@ -196,7 +196,7 @@ xor_buf(unsigned char *out, const unsigned char *in, size_t n) } } -#if !defined(__clang__) && !defined(__GNUC__) && !defined(__SUNPRO_C) +#if !defined(__clang__) && !defined(__GNUC__) # ifdef __attribute__ # undef __attribute__ # endif From 958060e2ec2fa8a9d242e2b6fc24a6f3777ee4e0 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 16 Jan 2018 01:01:40 +0100 Subject: [PATCH 047/190] Signatures: do not reject weak public keys if ED25519_COMPAT is defined --- src/libsodium/crypto_sign/ed25519/ref10/open.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/libsodium/crypto_sign/ed25519/ref10/open.c b/src/libsodium/crypto_sign/ed25519/ref10/open.c index c9e8843c..c9ac6a33 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/open.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/open.c @@ -28,7 +28,8 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig, ge25519_has_small_order(sig) != 0) { return -1; } - if (ge25519_is_canonical(pk) == 0) { + if (ge25519_is_canonical(pk) == 0 || + ge25519_has_small_order(pk) != 0) { return -1; } #else @@ -36,8 +37,7 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig, return -1; } #endif - if (ge25519_has_small_order(pk) != 0 || - ge25519_frombytes_negate_vartime(&A, pk) != 0) { + if (ge25519_frombytes_negate_vartime(&A, pk) != 0) { return -1; } _crypto_sign_ed25519_ref10_hinit(&hs, prehashed); From e2581d91056fb1a7224c34aaa2e575099bbad163 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 16 Jan 2018 01:06:03 +0100 Subject: [PATCH 048/190] Swap #ifdef branches for clarity --- src/libsodium/crypto_sign/ed25519/ref10/open.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/libsodium/crypto_sign/ed25519/ref10/open.c b/src/libsodium/crypto_sign/ed25519/ref10/open.c index c9ac6a33..aafecf64 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/open.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/open.c @@ -23,7 +23,11 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig, ge25519_p3 A; ge25519_p2 R; -#ifndef ED25519_COMPAT +#ifdef ED25519_COMPAT + if (sig[63] & 224) { + return -1; + } +#else if (sc25519_is_canonical(sig + 32) == 0 || ge25519_has_small_order(sig) != 0) { return -1; @@ -32,10 +36,6 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig, ge25519_has_small_order(pk) != 0) { return -1; } -#else - if (sig[63] & 224) { - return -1; - } #endif if (ge25519_frombytes_negate_vartime(&A, pk) != 0) { return -1; From 673b2b2b1e6f7da7c6c45c976b1640c0c0fac5fd Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 17 Jan 2018 01:28:35 +0100 Subject: [PATCH 049/190] Revert "Check for -mretpoline / -zretpolineplt support" This reverts commit 93887f179d28c4494429d8ab784a7bb5b4347900. --- configure.ac | 4 ---- 1 file changed, 4 deletions(-) diff --git a/configure.ac b/configure.ac index 8671220d..fb579f4f 100644 --- a/configure.ac +++ b/configure.ac @@ -202,9 +202,6 @@ AC_CHECK_DEFINE([_FORTIFY_SOURCE], [], [ AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [CFLAGS="$CFLAGS -fvisibility=hidden"]) -AX_CHECK_COMPILE_FLAG([-mretpoline], - [CFLAGS="$CFLAGS -mretpoline"]) - AS_CASE([$host_os], [cygwin*|mingw*|msys|pw32*|cegcc*], [ ], [ AX_CHECK_COMPILE_FLAG([-fPIC], [CFLAGS="$CFLAGS -fPIC"]) ]) @@ -326,7 +323,6 @@ AX_CHECK_COMPILE_FLAG([$CWFLAGS -Wwrite-strings], [CWFLAGS="$CWFLAGS -Wwrite-str AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"]) AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"]) AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [LDFLAGS="$LDFLAGS -Wl,-z,noexecstack"]) -AX_CHECK_LINK_FLAG([-Wl,-z,retpolineplt], [LDFLAGS="$LDFLAGS -Wl,-z,retpolineplt"]) AC_MSG_CHECKING(for a broken clang + AVX512 combination) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[ From 13513e886b55edad8c2c6dcb9f4187633ba436aa Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 17 Jan 2018 15:11:18 +0100 Subject: [PATCH 050/190] Keep things simple; directly initialize the example RNG from the system one --- .../salsa20/randombytes_salsa20_random.c | 20 +++++++------------ 1 file changed, 7 insertions(+), 13 deletions(-) diff --git a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c index 79916eab..477fda1c 100644 --- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +++ b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c @@ -329,9 +329,6 @@ randombytes_salsa20_random_init(void) static void randombytes_salsa20_random_stir(void) { - unsigned char m0[crypto_stream_salsa20_KEYBYTES + - crypto_stream_salsa20_NONCEBYTES]; - memset(stream.rnd32, 0, sizeof stream.rnd32); stream.rnd32_outleft = (size_t) 0U; if (global.initialized == 0) { @@ -345,34 +342,31 @@ randombytes_salsa20_random_stir(void) #ifndef _WIN32 # ifdef HAVE_SAFE_ARC4RANDOM - arc4random_buf(m0, sizeof m0); + arc4random_buf(stream.key, sizeof stream.key); # elif defined(SYS_getrandom) && defined(__NR_getrandom) if (global.getrandom_available != 0) { - if (randombytes_linux_getrandom(m0, sizeof m0) != 0) { + if (randombytes_linux_getrandom(stream.key, sizeof stream.key) != 0) { sodium_misuse(); /* LCOV_EXCL_LINE */ } } else if (global.random_data_source_fd == -1 || - safe_read(global.random_data_source_fd, m0, - sizeof m0) != (ssize_t) sizeof m0) { + safe_read(global.random_data_source_fd, stream.key, + sizeof stream.key) != (ssize_t) sizeof stream.key) { sodium_misuse(); /* LCOV_EXCL_LINE */ } # else if (global.random_data_source_fd == -1 || - safe_read(global.random_data_source_fd, m0, - sizeof m0) != (ssize_t) sizeof m0) { + safe_read(global.random_data_source_fd, stream.key, + sizeof stream.key) != (ssize_t) sizeof stream.key) { sodium_misuse(); /* LCOV_EXCL_LINE */ } # endif #else /* _WIN32 */ - if (! RtlGenRandom((PVOID) m0, (ULONG) sizeof m0)) { + if (! RtlGenRandom((PVOID) stream.key, (ULONG) sizeof stream.key)) { sodium_misuse(); /* LCOV_EXCL_LINE */ } #endif - crypto_stream_salsa20(stream.key, sizeof stream.key, - m0 + crypto_stream_salsa20_KEYBYTES, m0); - sodium_memzero(m0, sizeof m0); stream.initialized = 1; } From 57ca449c7e7073d328773e3e2d52d526c209df2c Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 19 Jan 2018 15:25:01 +0100 Subject: [PATCH 051/190] Include for SIZE_MAX, and as a dependency --- src/libsodium/include/sodium/export.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/libsodium/include/sodium/export.h b/src/libsodium/include/sodium/export.h index b786c77b..93d0af4f 100644 --- a/src/libsodium/include/sodium/export.h +++ b/src/libsodium/include/sodium/export.h @@ -2,6 +2,9 @@ #ifndef sodium_export_H #define sodium_export_H +#include +#include + #if !defined(__clang__) && !defined(__GNUC__) # ifdef __attribute__ # undef __attribute__ From 19f5c4f620204e5f549559518cf38505ea1a8bcd Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 19 Jan 2018 16:46:46 +0100 Subject: [PATCH 052/190] Include limits.h for ancient Android NDKs. Sigh. --- src/libsodium/include/sodium/export.h | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libsodium/include/sodium/export.h b/src/libsodium/include/sodium/export.h index 93d0af4f..a0074fc9 100644 --- a/src/libsodium/include/sodium/export.h +++ b/src/libsodium/include/sodium/export.h @@ -4,6 +4,7 @@ #include #include +#include #if !defined(__clang__) && !defined(__GNUC__) # ifdef __attribute__ From 1d777b671d98d29891d80ccfb8597e929fa152c9 Mon Sep 17 00:00:00 2001 From: enkore Date: Wed, 7 Feb 2018 17:47:03 +0100 Subject: [PATCH 053/190] README: link to libsodium-doc repository --- README.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.markdown b/README.markdown index 815240ab..60059520 100644 --- a/README.markdown +++ b/README.markdown @@ -21,7 +21,7 @@ as well as Javascript and Webassembly. ## Documentation -The documentation is available on Gitbook: +The documentation is available on Gitbook and built from the [libsodium-doc](https://github.com/jedisct1/libsodium-doc) repository: * [libsodium documentation](https://download.libsodium.org/doc/) - online, requires Javascript. From 1203d721ce137abe78d9d412652a7670a62afc6f Mon Sep 17 00:00:00 2001 From: Loganaden Velvindron Date: Sun, 18 Feb 2018 18:58:24 +0400 Subject: [PATCH 054/190] Add spectre v2 migitations for GCC --- configure.ac | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure.ac b/configure.ac index fb579f4f..dc7afb28 100644 --- a/configure.ac +++ b/configure.ac @@ -202,6 +202,9 @@ AC_CHECK_DEFINE([_FORTIFY_SOURCE], [], [ AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [CFLAGS="$CFLAGS -fvisibility=hidden"]) +AX_CHECK_COMPILE_FLAG([-mfunction-return=thunk -mindirect-branch=thunk], + [CFLAGS="$CFLAGS -mfunction-return=thunk -mindirect-branch=thunk"]) + AS_CASE([$host_os], [cygwin*|mingw*|msys|pw32*|cegcc*], [ ], [ AX_CHECK_COMPILE_FLAG([-fPIC], [CFLAGS="$CFLAGS -fPIC"]) ]) From 1655dede9fe159f04eae1f6a73360960569bd5a6 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 21 Feb 2018 01:48:14 +0100 Subject: [PATCH 055/190] Add retpoline support for clang Assembly implementations don't seem to be using any indirect calls --- configure.ac | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index dc7afb28..f5bc0336 100644 --- a/configure.ac +++ b/configure.ac @@ -203,7 +203,10 @@ AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [CFLAGS="$CFLAGS -fvisibility=hidden"]) AX_CHECK_COMPILE_FLAG([-mfunction-return=thunk -mindirect-branch=thunk], - [CFLAGS="$CFLAGS -mfunction-return=thunk -mindirect-branch=thunk"]) + [CFLAGS="$CFLAGS -mfunction-return=thunk -mindirect-branch=thunk"], + [ + AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"]) + ]) AS_CASE([$host_os], [cygwin*|mingw*|msys|pw32*|cegcc*], [ ], [ AX_CHECK_COMPILE_FLAG([-fPIC], [CFLAGS="$CFLAGS -fPIC"]) From 28e62a6c86429e9cc19194ebd74e3d98123a1fc4 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 21 Feb 2018 01:59:15 +0100 Subject: [PATCH 056/190] Use only -mindirect-branch=thunk / -mretpoline for now Move the application of these flags up --- configure.ac | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index f5bc0336..e03fb57e 100644 --- a/configure.ac +++ b/configure.ac @@ -199,15 +199,15 @@ AC_CHECK_DEFINE([_FORTIFY_SOURCE], [], [ [CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"]) ]) -AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], - [CFLAGS="$CFLAGS -fvisibility=hidden"]) - -AX_CHECK_COMPILE_FLAG([-mfunction-return=thunk -mindirect-branch=thunk], - [CFLAGS="$CFLAGS -mfunction-return=thunk -mindirect-branch=thunk"], +AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk], + [CFLAGS="$CFLAGS -mindirect-branch=thunk"], [ AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"]) ]) +AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], + [CFLAGS="$CFLAGS -fvisibility=hidden"]) + AS_CASE([$host_os], [cygwin*|mingw*|msys|pw32*|cegcc*], [ ], [ AX_CHECK_COMPILE_FLAG([-fPIC], [CFLAGS="$CFLAGS -fPIC"]) ]) From 94e04fe530d97d8f64cb9fc345cdb7e6f66a7ad4 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 24 Feb 2018 01:47:51 +0100 Subject: [PATCH 057/190] Embed bitcode in iOS builds --- dist-build/ios.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dist-build/ios.sh b/dist-build/ios.sh index c0b4b04f..c6d2d629 100755 --- a/dist-build/ios.sh +++ b/dist-build/ios.sh @@ -59,8 +59,8 @@ export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH" export SDK="${BASEDIR}/SDKs/iPhoneOS.sdk" ## 32-bit iOS -export CFLAGS="-O2 -mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" -export LDFLAGS="-mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" +export CFLAGS="-fembed-bitcode -O2 -mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" +export LDFLAGS="-fembed-bitcode -mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" make distclean > /dev/null @@ -72,8 +72,8 @@ make distclean > /dev/null make -j3 install || exit 1 ## 32-bit armv7s iOS -export CFLAGS="-O2 -mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" -export LDFLAGS="-mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" +export CFLAGS="-fembed-bitcode -O2 -mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" +export LDFLAGS="-fembed-bitcode -mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" make distclean > /dev/null @@ -85,8 +85,8 @@ make distclean > /dev/null make -j3 install || exit 1 ## 64-bit iOS -export CFLAGS="-O2 -arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -fembed-bitcode" -export LDFLAGS="-arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -fembed-bitcode" +export CFLAGS="-fembed-bitcode -O2 -arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -fembed-bitcode" +export LDFLAGS="-fembed-bitcode -arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -fembed-bitcode" make distclean > /dev/null From 029652e19c0f973da1581685830e9cab30136a04 Mon Sep 17 00:00:00 2001 From: Simon Warta Date: Fri, 2 Mar 2018 11:18:38 +0100 Subject: [PATCH 058/190] Remove obsolete setting FUNCTION_POINTER_ALIGNMENT FUNCTION_POINTER_ALIGNMENT was removes from emscripten in January 2018: https://github.com/kripken/emscripten/pull/6091 --- dist-build/emscripten.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index ebffe281..82c29485 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -11,7 +11,7 @@ export LDFLAGS="-s RESERVED_FUNCTION_POINTERS=8" export LDFLAGS="${LDFLAGS} -s SINGLE_FILE=1" export LDFLAGS="${LDFLAGS} -s ASSERTIONS=0" export LDFLAGS="${LDFLAGS} -s AGGRESSIVE_VARIABLE_ELIMINATION=1 -s ALIASING_FUNCTION_POINTERS=1" -export LDFLAGS="${LDFLAGS} -s FUNCTION_POINTER_ALIGNMENT=1 -s DISABLE_EXCEPTION_CATCHING=1" +export LDFLAGS="${LDFLAGS} -s DISABLE_EXCEPTION_CATCHING=1" export LDFLAGS="${LDFLAGS} -s ELIMINATE_DUPLICATE_FUNCTIONS=1" export LDFLAGS_DIST="-s NO_FILESYSTEM=1" export CFLAGS="-Os" From 19828dd329ed90cce14d5979e358ce57bbe32088 Mon Sep 17 00:00:00 2001 From: Ryan Lester Date: Tue, 6 Mar 2018 01:48:25 -0500 Subject: [PATCH 059/190] run-time wasm test before resolving ready --- dist-build/emscripten.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 82c29485..06f2dd47 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -99,7 +99,15 @@ if [ "$DIST" = yes ]; then Module.ready = new Promise(function (resolve, reject) { var Module = _Module; Module.onAbort = reject; - Module.onRuntimeInitialized = resolve; + Module.onRuntimeInitialized = function () { + try { + /* Test arbitrary wasm function */ + Module._crypto_stream_chacha20_keybytes(); + resolve(); + } catch (err) { + reject(err); + } + }; $(cat "${PREFIX}/lib/libsodium.wasm.tmp.js") }).catch(function () { var Module = _Module; From 6382b91060a48c4654c8751b2078763ebc08e42d Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 6 Mar 2018 10:56:05 +0100 Subject: [PATCH 060/190] wasm bug check: use a function more likely to be present in minimal builds --- dist-build/emscripten.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 06f2dd47..9e79bb19 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -102,7 +102,7 @@ if [ "$DIST" = yes ]; then Module.onRuntimeInitialized = function () { try { /* Test arbitrary wasm function */ - Module._crypto_stream_chacha20_keybytes(); + Module._crypto_secretbox_keybytes(); resolve(); } catch (err) { reject(err); From a0cbef0a4a361506cb1bc44d25a0e2172229bdb4 Mon Sep 17 00:00:00 2001 From: Daniel Persson Date: Tue, 6 Mar 2018 20:27:47 +0100 Subject: [PATCH 061/190] Added configuration option to change the configuration flags. --- dist-build/android-build.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/dist-build/android-build.sh b/dist-build/android-build.sh index 76eda717..bb903687 100755 --- a/dist-build/android-build.sh +++ b/dist-build/android-build.sh @@ -45,9 +45,12 @@ env - PATH="$PATH" \ "$MAKE_TOOLCHAIN" --force --api="$NDK_API_VERSION_COMPAT" \ --arch="$ARCH" --install-dir="$TOOLCHAIN_DIR" || exit 1 +if [ -z "$LIBSODIUM_ANDROID_CONFIGURE_FLAGS" ]; then + export LIBSODIUM_ANDROID_CONFIGURE_FLAGS="--disable-soname-versions --enable-minimal" +fi + ./configure \ - --disable-soname-versions \ - --enable-minimal \ + ${LIBSODIUM_ANDROID_CONFIGURE_FLAGS} \ --host="${HOST_COMPILER}" \ --prefix="${PREFIX}" \ --with-sysroot="${TOOLCHAIN_DIR}/sysroot" || exit 1 @@ -62,8 +65,7 @@ if [ "$NDK_PLATFORM" != "$NDK_PLATFORM_COMPAT" ]; then --arch="$ARCH" --install-dir="$TOOLCHAIN_DIR" || exit 1 ./configure \ - --disable-soname-versions \ - --enable-minimal \ + ${LIBSODIUM_ANDROID_CONFIGURE_FLAGS} \ --host="${HOST_COMPILER}" \ --prefix="${PREFIX}" \ --with-sysroot="${TOOLCHAIN_DIR}/sysroot" || exit 1 From 2f4d911300f6aec5cad2ab6a0b26df7123288f08 Mon Sep 17 00:00:00 2001 From: Daniel Persson Date: Tue, 6 Mar 2018 20:36:39 +0100 Subject: [PATCH 062/190] Change so all builds will allow full builds. --- dist-build/android-build.sh | 10 ++++++---- dist-build/ios.sh | 14 +++++++++----- dist-build/nativeclient-pnacl.sh | 6 +++++- dist-build/nativeclient-x86.sh | 6 +++++- dist-build/nativeclient-x86_64.sh | 6 +++++- dist-build/osx.sh | 6 +++++- 6 files changed, 35 insertions(+), 13 deletions(-) diff --git a/dist-build/android-build.sh b/dist-build/android-build.sh index bb903687..4453d434 100755 --- a/dist-build/android-build.sh +++ b/dist-build/android-build.sh @@ -45,12 +45,13 @@ env - PATH="$PATH" \ "$MAKE_TOOLCHAIN" --force --api="$NDK_API_VERSION_COMPAT" \ --arch="$ARCH" --install-dir="$TOOLCHAIN_DIR" || exit 1 -if [ -z "$LIBSODIUM_ANDROID_CONFIGURE_FLAGS" ]; then - export LIBSODIUM_ANDROID_CONFIGURE_FLAGS="--disable-soname-versions --enable-minimal" +if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" fi ./configure \ - ${LIBSODIUM_ANDROID_CONFIGURE_FLAGS} \ + --disable-soname-versions \ + ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --host="${HOST_COMPILER}" \ --prefix="${PREFIX}" \ --with-sysroot="${TOOLCHAIN_DIR}/sysroot" || exit 1 @@ -65,7 +66,8 @@ if [ "$NDK_PLATFORM" != "$NDK_PLATFORM_COMPAT" ]; then --arch="$ARCH" --install-dir="$TOOLCHAIN_DIR" || exit 1 ./configure \ - ${LIBSODIUM_ANDROID_CONFIGURE_FLAGS} \ + --disable-soname-versions \ + ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --host="${HOST_COMPILER}" \ --prefix="${PREFIX}" \ --with-sysroot="${TOOLCHAIN_DIR}/sysroot" || exit 1 diff --git a/dist-build/ios.sh b/dist-build/ios.sh index c6d2d629..9b81e3bc 100755 --- a/dist-build/ios.sh +++ b/dist-build/ios.sh @@ -33,9 +33,13 @@ export LDFLAGS="-arch i386 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SI make distclean > /dev/null +if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +fi + ./configure --host=i686-apple-darwin10 \ --disable-shared \ - --enable-minimal \ + ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$SIMULATOR32_PREFIX" || exit 1 make -j3 install || exit 1 @@ -48,7 +52,7 @@ make distclean > /dev/null ./configure --host=x86_64-apple-darwin10 \ --disable-shared \ - --enable-minimal \ + ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$SIMULATOR64_PREFIX" make -j3 install || exit 1 @@ -66,7 +70,7 @@ make distclean > /dev/null ./configure --host=arm-apple-darwin10 \ --disable-shared \ - --enable-minimal \ + ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$IOS32_PREFIX" || exit 1 make -j3 install || exit 1 @@ -79,7 +83,7 @@ make distclean > /dev/null ./configure --host=arm-apple-darwin10 \ --disable-shared \ - --enable-minimal \ + ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$IOS32s_PREFIX" || exit 1 make -j3 install || exit 1 @@ -92,7 +96,7 @@ make distclean > /dev/null ./configure --host=arm-apple-darwin10 \ --disable-shared \ - --enable-minimal \ + ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$IOS64_PREFIX" || exit 1 make -j3 install || exit 1 diff --git a/dist-build/nativeclient-pnacl.sh b/dist-build/nativeclient-pnacl.sh index 17e8159e..80fbbbe9 100755 --- a/dist-build/nativeclient-pnacl.sh +++ b/dist-build/nativeclient-pnacl.sh @@ -19,7 +19,11 @@ mkdir -p $PREFIX || exit 1 make distclean > /dev/null -./configure --enable-minimal \ +if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +fi + +./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --host=nacl \ --disable-ssp --without-pthreads \ --prefix="$PREFIX" || exit 1 diff --git a/dist-build/nativeclient-x86.sh b/dist-build/nativeclient-x86.sh index 2db1836d..637a2062 100755 --- a/dist-build/nativeclient-x86.sh +++ b/dist-build/nativeclient-x86.sh @@ -11,7 +11,11 @@ mkdir -p $PREFIX || exit 1 make distclean > /dev/null -./configure --enable-minimal \ +if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +fi + +./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --host=i686-nacl \ --disable-ssp --without-pthreads \ --prefix="$PREFIX" || exit 1 diff --git a/dist-build/nativeclient-x86_64.sh b/dist-build/nativeclient-x86_64.sh index 40fe6e54..dbe4956e 100755 --- a/dist-build/nativeclient-x86_64.sh +++ b/dist-build/nativeclient-x86_64.sh @@ -11,7 +11,11 @@ mkdir -p $PREFIX || exit 1 make distclean > /dev/null -./configure --enable-minimal \ +if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +fi + +./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --host=x86_64-nacl \ --disable-ssp --without-pthreads \ --prefix="$PREFIX" || exit 1 diff --git a/dist-build/osx.sh b/dist-build/osx.sh index 3e126d93..501d1d2d 100755 --- a/dist-build/osx.sh +++ b/dist-build/osx.sh @@ -11,7 +11,11 @@ export LDFLAGS="-arch x86_64 -mmacosx-version-min=${OSX_VERSION_MIN} -march=${OS make distclean > /dev/null -./configure --enable-minimal \ +if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +fi + +./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$PREFIX" || exit 1 make -j3 check && make -j3 install || exit 1 From 9d582340c40912b952fd4e80d5735d53a208fa4d Mon Sep 17 00:00:00 2001 From: Daniel Persson Date: Tue, 6 Mar 2018 21:10:05 +0100 Subject: [PATCH 063/190] Change so we set depending on a full build flag. --- dist-build/android-build.sh | 4 +++- dist-build/ios.sh | 4 +++- dist-build/nativeclient-pnacl.sh | 5 ++++- dist-build/nativeclient-x86.sh | 4 +++- dist-build/nativeclient-x86_64.sh | 4 +++- dist-build/osx.sh | 4 +++- 6 files changed, 19 insertions(+), 6 deletions(-) diff --git a/dist-build/android-build.sh b/dist-build/android-build.sh index 4453d434..502dc819 100755 --- a/dist-build/android-build.sh +++ b/dist-build/android-build.sh @@ -45,7 +45,9 @@ env - PATH="$PATH" \ "$MAKE_TOOLCHAIN" --force --api="$NDK_API_VERSION_COMPAT" \ --arch="$ARCH" --install-dir="$TOOLCHAIN_DIR" || exit 1 -if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then +if [ -z "$LIBSODIUM_FULL_BUILD" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" +else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" fi diff --git a/dist-build/ios.sh b/dist-build/ios.sh index 9b81e3bc..ec4b0315 100755 --- a/dist-build/ios.sh +++ b/dist-build/ios.sh @@ -33,7 +33,9 @@ export LDFLAGS="-arch i386 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SI make distclean > /dev/null -if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then +if [ -z "$LIBSODIUM_FULL_BUILD" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" +else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" fi diff --git a/dist-build/nativeclient-pnacl.sh b/dist-build/nativeclient-pnacl.sh index 80fbbbe9..6620cfec 100755 --- a/dist-build/nativeclient-pnacl.sh +++ b/dist-build/nativeclient-pnacl.sh @@ -19,10 +19,13 @@ mkdir -p $PREFIX || exit 1 make distclean > /dev/null -if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then +if [ -z "$LIBSODIUM_FULL_BUILD" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" +else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" fi + ./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --host=nacl \ --disable-ssp --without-pthreads \ diff --git a/dist-build/nativeclient-x86.sh b/dist-build/nativeclient-x86.sh index 637a2062..3c5fefc5 100755 --- a/dist-build/nativeclient-x86.sh +++ b/dist-build/nativeclient-x86.sh @@ -11,7 +11,9 @@ mkdir -p $PREFIX || exit 1 make distclean > /dev/null -if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then +if [ -z "$LIBSODIUM_FULL_BUILD" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" +else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" fi diff --git a/dist-build/nativeclient-x86_64.sh b/dist-build/nativeclient-x86_64.sh index dbe4956e..b3974310 100755 --- a/dist-build/nativeclient-x86_64.sh +++ b/dist-build/nativeclient-x86_64.sh @@ -11,7 +11,9 @@ mkdir -p $PREFIX || exit 1 make distclean > /dev/null -if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then +if [ -z "$LIBSODIUM_FULL_BUILD" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" +else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" fi diff --git a/dist-build/osx.sh b/dist-build/osx.sh index 501d1d2d..4e976aaa 100755 --- a/dist-build/osx.sh +++ b/dist-build/osx.sh @@ -11,7 +11,9 @@ export LDFLAGS="-arch x86_64 -mmacosx-version-min=${OSX_VERSION_MIN} -march=${OS make distclean > /dev/null -if [ -z "$LIBSODIUM_ENABLE_MINIMAL_FLAG" ]; then +if [ -z "$LIBSODIUM_FULL_BUILD" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" +else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" fi From c7f0f0520977635a1c0ed89bb5ec16bd060831ca Mon Sep 17 00:00:00 2001 From: Daniel Persson Date: Tue, 6 Mar 2018 21:20:17 +0100 Subject: [PATCH 064/190] I turned it around. --- dist-build/android-build.sh | 4 ++-- dist-build/ios.sh | 4 ++-- dist-build/nativeclient-pnacl.sh | 5 ++--- dist-build/nativeclient-x86.sh | 5 +++-- dist-build/nativeclient-x86_64.sh | 4 ++-- dist-build/osx.sh | 4 ++-- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/dist-build/android-build.sh b/dist-build/android-build.sh index 502dc819..d701c631 100755 --- a/dist-build/android-build.sh +++ b/dist-build/android-build.sh @@ -46,9 +46,9 @@ env - PATH="$PATH" \ --arch="$ARCH" --install-dir="$TOOLCHAIN_DIR" || exit 1 if [ -z "$LIBSODIUM_FULL_BUILD" ]; then - export LIBSODIUM_ENABLE_MINIMAL_FLAG="" -else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +else + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" fi ./configure \ diff --git a/dist-build/ios.sh b/dist-build/ios.sh index ec4b0315..bf1b7f3d 100755 --- a/dist-build/ios.sh +++ b/dist-build/ios.sh @@ -34,9 +34,9 @@ export LDFLAGS="-arch i386 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SI make distclean > /dev/null if [ -z "$LIBSODIUM_FULL_BUILD" ]; then - export LIBSODIUM_ENABLE_MINIMAL_FLAG="" -else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +else + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" fi ./configure --host=i686-apple-darwin10 \ diff --git a/dist-build/nativeclient-pnacl.sh b/dist-build/nativeclient-pnacl.sh index 6620cfec..07e3cce5 100755 --- a/dist-build/nativeclient-pnacl.sh +++ b/dist-build/nativeclient-pnacl.sh @@ -20,12 +20,11 @@ mkdir -p $PREFIX || exit 1 make distclean > /dev/null if [ -z "$LIBSODIUM_FULL_BUILD" ]; then - export LIBSODIUM_ENABLE_MINIMAL_FLAG="" -else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +else + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" fi - ./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --host=nacl \ --disable-ssp --without-pthreads \ diff --git a/dist-build/nativeclient-x86.sh b/dist-build/nativeclient-x86.sh index 3c5fefc5..5516d311 100755 --- a/dist-build/nativeclient-x86.sh +++ b/dist-build/nativeclient-x86.sh @@ -12,11 +12,12 @@ mkdir -p $PREFIX || exit 1 make distclean > /dev/null if [ -z "$LIBSODIUM_FULL_BUILD" ]; then - export LIBSODIUM_ENABLE_MINIMAL_FLAG="" -else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +else + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" fi + ./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --host=i686-nacl \ --disable-ssp --without-pthreads \ diff --git a/dist-build/nativeclient-x86_64.sh b/dist-build/nativeclient-x86_64.sh index b3974310..8a90c099 100755 --- a/dist-build/nativeclient-x86_64.sh +++ b/dist-build/nativeclient-x86_64.sh @@ -12,9 +12,9 @@ mkdir -p $PREFIX || exit 1 make distclean > /dev/null if [ -z "$LIBSODIUM_FULL_BUILD" ]; then - export LIBSODIUM_ENABLE_MINIMAL_FLAG="" -else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +else + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" fi ./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ diff --git a/dist-build/osx.sh b/dist-build/osx.sh index 4e976aaa..a39857b4 100755 --- a/dist-build/osx.sh +++ b/dist-build/osx.sh @@ -12,9 +12,9 @@ export LDFLAGS="-arch x86_64 -mmacosx-version-min=${OSX_VERSION_MIN} -march=${OS make distclean > /dev/null if [ -z "$LIBSODIUM_FULL_BUILD" ]; then - export LIBSODIUM_ENABLE_MINIMAL_FLAG="" -else export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +else + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" fi ./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ From 212187f87cc5ac8dc9219aeef2465722d42c9191 Mon Sep 17 00:00:00 2001 From: joshjdevl Date: Wed, 7 Mar 2018 07:15:01 +0000 Subject: [PATCH 065/190] using POSIX getconf for number of available processors http://pubs.opengroup.org/onlinepubs/9699919799/utilities/getconf.html --- dist-build/android-build.sh | 6 +++++- dist-build/ios.sh | 14 +++++++++----- dist-build/nativeclient-pnacl.sh | 6 +++++- dist-build/nativeclient-x86.sh | 5 ++++- dist-build/nativeclient-x86_64.sh | 6 +++++- dist-build/osx.sh | 6 +++++- 6 files changed, 33 insertions(+), 10 deletions(-) diff --git a/dist-build/android-build.sh b/dist-build/android-build.sh index d701c631..193fec61 100755 --- a/dist-build/android-build.sh +++ b/dist-build/android-build.sh @@ -83,6 +83,10 @@ if [ "$NDK_PLATFORM" != "$NDK_PLATFORM_COMPAT" ]; then rm -f config-def.log config-def-compat.log fi + +NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +PROCESSORS=${NPROCESSORS:-3} + make clean && \ -make -j3 install && \ +make -j${PROCESSORS} install && \ echo "libsodium has been installed into ${PREFIX}" diff --git a/dist-build/ios.sh b/dist-build/ios.sh index bf1b7f3d..77c7a229 100755 --- a/dist-build/ios.sh +++ b/dist-build/ios.sh @@ -44,7 +44,11 @@ fi ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$SIMULATOR32_PREFIX" || exit 1 -make -j3 install || exit 1 + +NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +PROCESSORS=${NPROCESSORS:-3} + +make -j${PROCESSORS} install || exit 1 ## x86_64 simulator export CFLAGS="-O2 -arch x86_64 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN}" @@ -57,7 +61,7 @@ make distclean > /dev/null ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$SIMULATOR64_PREFIX" -make -j3 install || exit 1 +make -j${PROCESSORS} install || exit 1 # Build for iOS export BASEDIR="${XCODEDIR}/Platforms/iPhoneOS.platform/Developer" @@ -75,7 +79,7 @@ make distclean > /dev/null ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$IOS32_PREFIX" || exit 1 -make -j3 install || exit 1 +make -j${PROCESSORS} install || exit 1 ## 32-bit armv7s iOS export CFLAGS="-fembed-bitcode -O2 -mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}" @@ -88,7 +92,7 @@ make distclean > /dev/null ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$IOS32s_PREFIX" || exit 1 -make -j3 install || exit 1 +make -j${PROCESSORS} install || exit 1 ## 64-bit iOS export CFLAGS="-fembed-bitcode -O2 -arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -fembed-bitcode" @@ -101,7 +105,7 @@ make distclean > /dev/null ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$IOS64_PREFIX" || exit 1 -make -j3 install || exit 1 +make -j${PROCESSORS} install || exit 1 # Create universal binary and include folder rm -fr -- "$PREFIX/include" "$PREFIX/libsodium.a" 2> /dev/null diff --git a/dist-build/nativeclient-pnacl.sh b/dist-build/nativeclient-pnacl.sh index 07e3cce5..c249d1ef 100755 --- a/dist-build/nativeclient-pnacl.sh +++ b/dist-build/nativeclient-pnacl.sh @@ -30,4 +30,8 @@ fi --disable-ssp --without-pthreads \ --prefix="$PREFIX" || exit 1 -make -j3 check && make -j3 install || exit 1 + +NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +PROCESSORS=${NPROCESSORS:-3} + +make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/nativeclient-x86.sh b/dist-build/nativeclient-x86.sh index 5516d311..343e7728 100755 --- a/dist-build/nativeclient-x86.sh +++ b/dist-build/nativeclient-x86.sh @@ -23,4 +23,7 @@ fi --disable-ssp --without-pthreads \ --prefix="$PREFIX" || exit 1 -make -j3 check && make -j3 install || exit 1 +NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +PROCESSORS=${NPROCESSORS:-3} + +make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/nativeclient-x86_64.sh b/dist-build/nativeclient-x86_64.sh index 8a90c099..b81b8e89 100755 --- a/dist-build/nativeclient-x86_64.sh +++ b/dist-build/nativeclient-x86_64.sh @@ -22,4 +22,8 @@ fi --disable-ssp --without-pthreads \ --prefix="$PREFIX" || exit 1 -make -j3 check && make -j3 install || exit 1 + +NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +PROCESSORS=${NPROCESSORS:-3} + +make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/osx.sh b/dist-build/osx.sh index a39857b4..0632bacf 100755 --- a/dist-build/osx.sh +++ b/dist-build/osx.sh @@ -20,7 +20,11 @@ fi ./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ --prefix="$PREFIX" || exit 1 -make -j3 check && make -j3 install || exit 1 + +NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +PROCESSORS=${NPROCESSORS:-3} + +make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 # Cleanup make distclean > /dev/null From 816cef5de4d95e44da950391e5fc6398957f2307 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 7 Mar 2018 10:09:56 +0100 Subject: [PATCH 066/190] Hide getconf errors --- dist-build/android-build.sh | 2 +- dist-build/ios.sh | 2 +- dist-build/nativeclient-pnacl.sh | 2 +- dist-build/nativeclient-x86.sh | 2 +- dist-build/nativeclient-x86_64.sh | 2 +- dist-build/osx.sh | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dist-build/android-build.sh b/dist-build/android-build.sh index 193fec61..dedf9cd4 100755 --- a/dist-build/android-build.sh +++ b/dist-build/android-build.sh @@ -84,7 +84,7 @@ if [ "$NDK_PLATFORM" != "$NDK_PLATFORM_COMPAT" ]; then fi -NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make clean && \ diff --git a/dist-build/ios.sh b/dist-build/ios.sh index 77c7a229..bff6c5f3 100755 --- a/dist-build/ios.sh +++ b/dist-build/ios.sh @@ -45,7 +45,7 @@ fi --prefix="$SIMULATOR32_PREFIX" || exit 1 -NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/nativeclient-pnacl.sh b/dist-build/nativeclient-pnacl.sh index c249d1ef..15db7716 100755 --- a/dist-build/nativeclient-pnacl.sh +++ b/dist-build/nativeclient-pnacl.sh @@ -31,7 +31,7 @@ fi --prefix="$PREFIX" || exit 1 -NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/nativeclient-x86.sh b/dist-build/nativeclient-x86.sh index 343e7728..4325815f 100755 --- a/dist-build/nativeclient-x86.sh +++ b/dist-build/nativeclient-x86.sh @@ -23,7 +23,7 @@ fi --disable-ssp --without-pthreads \ --prefix="$PREFIX" || exit 1 -NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/nativeclient-x86_64.sh b/dist-build/nativeclient-x86_64.sh index b81b8e89..23e34f27 100755 --- a/dist-build/nativeclient-x86_64.sh +++ b/dist-build/nativeclient-x86_64.sh @@ -23,7 +23,7 @@ fi --prefix="$PREFIX" || exit 1 -NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/osx.sh b/dist-build/osx.sh index 0632bacf..e29f9ff5 100755 --- a/dist-build/osx.sh +++ b/dist-build/osx.sh @@ -21,7 +21,7 @@ fi --prefix="$PREFIX" || exit 1 -NPROCESSORS=$(getconf _NPROCESSORS_ONLN) +NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 From 7d4976a304c777c2925f67a7df1a390ca8742f30 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 7 Mar 2018 10:14:01 +0100 Subject: [PATCH 067/190] Check NPROCESSORS_ONLN in addition to _NPROCESSORS_ONLN --- dist-build/android-build.sh | 2 +- dist-build/ios.sh | 2 +- dist-build/nativeclient-pnacl.sh | 2 +- dist-build/nativeclient-x86.sh | 2 +- dist-build/nativeclient-x86_64.sh | 2 +- dist-build/osx.sh | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/dist-build/android-build.sh b/dist-build/android-build.sh index dedf9cd4..d98ddead 100755 --- a/dist-build/android-build.sh +++ b/dist-build/android-build.sh @@ -84,7 +84,7 @@ if [ "$NDK_PLATFORM" != "$NDK_PLATFORM_COMPAT" ]; then fi -NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) +NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make clean && \ diff --git a/dist-build/ios.sh b/dist-build/ios.sh index bff6c5f3..0575b090 100755 --- a/dist-build/ios.sh +++ b/dist-build/ios.sh @@ -45,7 +45,7 @@ fi --prefix="$SIMULATOR32_PREFIX" || exit 1 -NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) +NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/nativeclient-pnacl.sh b/dist-build/nativeclient-pnacl.sh index 15db7716..020bb52c 100755 --- a/dist-build/nativeclient-pnacl.sh +++ b/dist-build/nativeclient-pnacl.sh @@ -31,7 +31,7 @@ fi --prefix="$PREFIX" || exit 1 -NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) +NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/nativeclient-x86.sh b/dist-build/nativeclient-x86.sh index 4325815f..975add58 100755 --- a/dist-build/nativeclient-x86.sh +++ b/dist-build/nativeclient-x86.sh @@ -23,7 +23,7 @@ fi --disable-ssp --without-pthreads \ --prefix="$PREFIX" || exit 1 -NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) +NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/nativeclient-x86_64.sh b/dist-build/nativeclient-x86_64.sh index 23e34f27..43a44c8e 100755 --- a/dist-build/nativeclient-x86_64.sh +++ b/dist-build/nativeclient-x86_64.sh @@ -23,7 +23,7 @@ fi --prefix="$PREFIX" || exit 1 -NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) +NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/osx.sh b/dist-build/osx.sh index e29f9ff5..d47a0018 100755 --- a/dist-build/osx.sh +++ b/dist-build/osx.sh @@ -21,7 +21,7 @@ fi --prefix="$PREFIX" || exit 1 -NPROCESSORS=$(getconf _NPROCESSORS_ONLN 2>/dev/null) +NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null) PROCESSORS=${NPROCESSORS:-3} make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 From b3ffad36483939fd627f4c5363f8f55d313dd387 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 27 Mar 2018 14:43:23 +0200 Subject: [PATCH 068/190] + lgtm.yml --- lgtm.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 lgtm.yml diff --git a/lgtm.yml b/lgtm.yml new file mode 100644 index 00000000..f012f94d --- /dev/null +++ b/lgtm.yml @@ -0,0 +1,6 @@ +extraction: + cpp: + configure: + command: + - ./autogen.sh + - ./configure \ No newline at end of file From 38b19412e87a679a566a08d5b042b9a8fe56ecc5 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 31 Mar 2018 16:32:21 +0200 Subject: [PATCH 069/190] Introduce pwhash_ntlm() for low-sodium, salt-free password hashing . #passthesalt --- src/libsodium/Makefile.am | 1 + .../crypto_pwhash/ntlm/pwhash-ntlm.c | 226 ++++++++++++++++++ src/libsodium/include/Makefile.am | 1 + src/libsodium/include/sodium.h | 1 + .../include/sodium/crypto_pwhash_ntlm.h | 54 +++++ 5 files changed, 283 insertions(+) create mode 100644 src/libsodium/crypto_pwhash/ntlm/pwhash-ntlm.c create mode 100644 src/libsodium/include/sodium/crypto_pwhash_ntlm.h diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am index cbac4d19..55843af2 100644 --- a/src/libsodium/Makefile.am +++ b/src/libsodium/Makefile.am @@ -53,6 +53,7 @@ libsodium_la_SOURCES = \ crypto_pwhash/argon2/blamka-round-ref.h \ crypto_pwhash/argon2/pwhash_argon2i.c \ crypto_pwhash/argon2/pwhash_argon2id.c \ + crypto_pwhash/ntlm/pwhash-ntlm.c \ crypto_pwhash/crypto_pwhash.c \ crypto_scalarmult/crypto_scalarmult.c \ crypto_scalarmult/curve25519/ref10/x25519_ref10.c \ diff --git a/src/libsodium/crypto_pwhash/ntlm/pwhash-ntlm.c b/src/libsodium/crypto_pwhash/ntlm/pwhash-ntlm.c new file mode 100644 index 00000000..dd5598e3 --- /dev/null +++ b/src/libsodium/crypto_pwhash/ntlm/pwhash-ntlm.c @@ -0,0 +1,226 @@ + +#include +#include +#include +#include + +#include "crypto_pwhash_ntlm.h" +#include "private/common.h" +#include "utils.h" + +static void +_md4_compress(uint32_t out[4], const uint32_t state[16]) +{ + const uint32_t sqrt_2 = 0x5a827999; + const uint32_t sqrt_3 = 0x6ed9eba1; + + uint32_t a = 0x67452301; + uint32_t b = 0xefcdab89; + uint32_t c = 0x98badcfe; + uint32_t d = 0x10325476; + + out[0] = a; + out[1] = b; + out[2] = c; + out[3] = d; + + /* Round 1 */ + a += (d ^ (b & (c ^ d))) + state[0]; + a = (a << 3) | (a >> 29); + d += (c ^ (a & (b ^ c))) + state[1]; + d = (d << 7) | (d >> 25); + c += (b ^ (d & (a ^ b))) + state[2]; + c = (c << 11) | (c >> 21); + b += (a ^ (c & (d ^ a))) + state[3]; + b = (b << 19) | (b >> 13); + a += (d ^ (b & (c ^ d))) + state[4]; + a = (a << 3) | (a >> 29); + d += (c ^ (a & (b ^ c))) + state[5]; + d = (d << 7) | (d >> 25); + c += (b ^ (d & (a ^ b))) + state[6]; + c = (c << 11) | (c >> 21); + b += (a ^ (c & (d ^ a))) + state[7]; + b = (b << 19) | (b >> 13); + a += (d ^ (b & (c ^ d))) + state[8]; + a = (a << 3) | (a >> 29); + d += (c ^ (a & (b ^ c))) + state[9]; + d = (d << 7) | (d >> 25); + c += (b ^ (d & (a ^ b))) + state[10]; + c = (c << 11) | (c >> 21); + b += (a ^ (c & (d ^ a))) + state[11]; + b = (b << 19) | (b >> 13); + a += (d ^ (b & (c ^ d))) + state[12]; + a = (a << 3) | (a >> 29); + d += (c ^ (a & (b ^ c))) + state[13]; + d = (d << 7) | (d >> 25); + c += (b ^ (d & (a ^ b))) + state[14]; + c = (c << 11) | (c >> 21); + b += (a ^ (c & (d ^ a))) + state[15]; + b = (b << 19) | (b >> 13); + + /* Round 2 */ + a += ((b & (c | d)) | (c & d)) + state[0] + sqrt_2; + a = (a << 3) | (a >> 29); + d += ((a & (b | c)) | (b & c)) + state[4] + sqrt_2; + d = (d << 5) | (d >> 27); + c += ((d & (a | b)) | (a & b)) + state[8] + sqrt_2; + c = (c << 9) | (c >> 23); + b += ((c & (d | a)) | (d & a)) + state[12] + sqrt_2; + b = (b << 13) | (b >> 19); + a += ((b & (c | d)) | (c & d)) + state[1] + sqrt_2; + a = (a << 3) | (a >> 29); + d += ((a & (b | c)) | (b & c)) + state[5] + sqrt_2; + d = (d << 5) | (d >> 27); + c += ((d & (a | b)) | (a & b)) + state[9] + sqrt_2; + c = (c << 9) | (c >> 23); + b += ((c & (d | a)) | (d & a)) + state[13] + sqrt_2; + b = (b << 13) | (b >> 19); + a += ((b & (c | d)) | (c & d)) + state[2] + sqrt_2; + a = (a << 3) | (a >> 29); + d += ((a & (b | c)) | (b & c)) + state[6] + sqrt_2; + d = (d << 5) | (d >> 27); + c += ((d & (a | b)) | (a & b)) + state[10] + sqrt_2; + c = (c << 9) | (c >> 23); + b += ((c & (d | a)) | (d & a)) + state[14] + sqrt_2; + b = (b << 13) | (b >> 19); + a += ((b & (c | d)) | (c & d)) + state[3] + sqrt_2; + a = (a << 3) | (a >> 29); + d += ((a & (b | c)) | (b & c)) + state[7] + sqrt_2; + d = (d << 5) | (d >> 27); + c += ((d & (a | b)) | (a & b)) + state[11] + sqrt_2; + c = (c << 9) | (c >> 23); + b += ((c & (d | a)) | (d & a)) + state[15] + sqrt_2; + b = (b << 13) | (b >> 19); + + /* Round 3 */ + a += (d ^ c ^ b) + state[0] + sqrt_3; + a = (a << 3) | (a >> 29); + d += (c ^ b ^ a) + state[8] + sqrt_3; + d = (d << 9) | (d >> 23); + c += (b ^ a ^ d) + state[4] + sqrt_3; + c = (c << 11) | (c >> 21); + b += (a ^ d ^ c) + state[12] + sqrt_3; + b = (b << 15) | (b >> 17); + a += (d ^ c ^ b) + state[2] + sqrt_3; + a = (a << 3) | (a >> 29); + d += (c ^ b ^ a) + state[10] + sqrt_3; + d = (d << 9) | (d >> 23); + c += (b ^ a ^ d) + state[6] + sqrt_3; + c = (c << 11) | (c >> 21); + b += (a ^ d ^ c) + state[14] + sqrt_3; + b = (b << 15) | (b >> 17); + a += (d ^ c ^ b) + state[1] + sqrt_3; + a = (a << 3) | (a >> 29); + d += (c ^ b ^ a) + state[9] + sqrt_3; + d = (d << 9) | (d >> 23); + c += (b ^ a ^ d) + state[5] + sqrt_3; + c = (c << 11) | (c >> 21); + b += (a ^ d ^ c) + state[13] + sqrt_3; + b = (b << 15) | (b >> 17); + a += (d ^ c ^ b) + state[3] + sqrt_3; + a = (a << 3) | (a >> 29); + d += (c ^ b ^ a) + state[11] + sqrt_3; + d = (d << 9) | (d >> 23); + c += (b ^ a ^ d) + state[7] + sqrt_3; + c = (c << 11) | (c >> 21); + b += (a ^ d ^ c) + state[15] + sqrt_3; + b = (b << 15) | (b >> 17); + + out[0] += a; + out[1] += b; + out[2] += c; + out[3] += d; +} + +int +crypto_pwhash_ntlm(unsigned char *const out, unsigned long long outlen, + const char *const passwd, unsigned long long passwdlen, + const unsigned char *const salt, + unsigned long long opslimit, size_t memlimit) +{ + uint32_t state[16] = { 0U }; + uint32_t h[4]; + unsigned long long ops; + size_t i; + + if (passwdlen > crypto_pwhash_ntlm_PASSWD_MAX) { + errno = EFBIG; + return -1; + } + if (outlen != crypto_pwhash_ntlm_BYTES) { + errno = EINVAL; + return -1; + } + for (i = 0; i < (size_t) passwdlen / 2U; i++) { + state[i] = ((uint32_t) passwd[i * 2]) | (((uint32_t) passwd[i * 2 + 1]) << 16); + } + if ((passwdlen & 1) != 0) { + state[i] = ((uint32_t) passwd[passwdlen - 1U]) | (uint32_t) 0x800000; + } else { + state[i] = (uint32_t) 0x80; + } + state[14] = (uint32_t) passwdlen << 4; + for (ops = 0ULL; ops < opslimit; ops++) { + sodium_memzero(h, sizeof h); + _md4_compress(h, state); + sodium_memzero(state, (size_t) 0U); + } + STORE32_LE(&out[0], h[0]); + STORE32_LE(&out[4], h[1]); + STORE32_LE(&out[8], h[2]); + STORE32_LE(&out[12], h[3]); + + return 0; +} + +int +crypto_pwhash_ntlm_str(char out[crypto_pwhash_ntlm_STRBYTES], const char *const passwd, + unsigned long long passwdlen, + unsigned long long opslimit, size_t memlimit) +{ + unsigned char h[crypto_pwhash_ntlm_BYTES]; + + memset(out, 0, crypto_pwhash_ntlm_STRBYTES); + + if (crypto_pwhash_ntlm(h, sizeof h, passwd, passwdlen, NULL, 0U, 0U) != 0) { + return -1; + } + sodium_bin2hex(out, crypto_pwhash_ntlm_STRBYTES, h, sizeof h); + + return 0; +} + +/* + * In modern cryptography, speed is number one priority. + * + * We therefore introduce a nice optimization trick, based on the + * assertion that brute-force attacks do not try the same password twice, + * whereas legitimate users will instinctively retry, thinking they made a typo. + */ + +int +crypto_pwhash_ntlm_str_verify(const char str[crypto_pwhash_ntlm_STRBYTES], + const char *const passwd, + unsigned long long passwdlen) +{ + static char previous[crypto_pwhash_ntlm_PASSWD_MAX]; + static size_t previous_len; + static unsigned int attempts; + + if (passwdlen > sizeof previous) { + errno = EFBIG; + return 0; + } + if (previous_len != passwdlen || memcmp(previous, passwd, passwdlen) != 0) { + previous_len = passwdlen; + memcpy(previous, passwd, passwdlen); + attempts = 0U; + errno = EINVAL; + return -1; + } + if (++attempts < 3U) { + errno = EINVAL; + return -1; + } + return 0; +} diff --git a/src/libsodium/include/Makefile.am b/src/libsodium/include/Makefile.am index b70c22b3..d7c48ed1 100644 --- a/src/libsodium/include/Makefile.am +++ b/src/libsodium/include/Makefile.am @@ -31,6 +31,7 @@ SODIUM_EXPORT = \ sodium/crypto_pwhash.h \ sodium/crypto_pwhash_argon2i.h \ sodium/crypto_pwhash_argon2id.h \ + sodium/crypto_pwhash_ntlm.h \ sodium/crypto_pwhash_scryptsalsa208sha256.h \ sodium/crypto_scalarmult.h \ sodium/crypto_scalarmult_curve25519.h \ diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h index e7b1af46..847bf77e 100644 --- a/src/libsodium/include/sodium.h +++ b/src/libsodium/include/sodium.h @@ -31,6 +31,7 @@ #include "sodium/crypto_onetimeauth_poly1305.h" #include "sodium/crypto_pwhash.h" #include "sodium/crypto_pwhash_argon2i.h" +#include "sodium/crypto_pwhash_ntlm.h" #include "sodium/crypto_scalarmult.h" #include "sodium/crypto_scalarmult_curve25519.h" #include "sodium/crypto_secretbox.h" diff --git a/src/libsodium/include/sodium/crypto_pwhash_ntlm.h b/src/libsodium/include/sodium/crypto_pwhash_ntlm.h new file mode 100644 index 00000000..295f6ee5 --- /dev/null +++ b/src/libsodium/include/sodium/crypto_pwhash_ntlm.h @@ -0,0 +1,54 @@ +#ifndef crypto_pwhash_ntlm_H +#define crypto_pwhash_ntlm_H + +#include +#include +#include + +#include "export.h" + +#ifdef __cplusplus +# ifdef __GNUC__ +# pragma GCC diagnostic ignored "-Wlong-long" +# endif +extern "C" { +#endif + +#define crypto_pwhash_ntlm_BYTES 16U +#define crypto_pwhash_ntlm_PASSWD_MIN 0U +#define crypto_pwhash_ntlm_PASSWD_MAX 27U +#define crypto_pwhash_ntlm_SALTBYTES 0U +#define crypto_pwhash_ntlm_STRBYTES 33U +#define crypto_pwhash_ntlm_STRPREFIX "" +#define crypto_pwhash_ntlm_OPSLIMIT_MIN 0U +#define crypto_pwhash_ntlm_OPSLIMIT_MAX ~0U +#define crypto_pwhash_ntlm_MEMLIMIT_MIN 0U +#define crypto_pwhash_ntlm_MEMLIMIT_MAX 0U + +SODIUM_EXPORT +int crypto_pwhash_ntlm(unsigned char * const out, + unsigned long long outlen, + const char * const passwd, + unsigned long long passwdlen, + const unsigned char * const salt, + unsigned long long opslimit, size_t memlimit) + __attribute__ ((warn_unused_result)); + +SODIUM_EXPORT +int crypto_pwhash_ntlm_str(char out[crypto_pwhash_ntlm_STRBYTES], + const char * const passwd, + unsigned long long passwdlen, + unsigned long long opslimit, size_t memlimit) + __attribute__ ((warn_unused_result)); + +SODIUM_EXPORT +int crypto_pwhash_ntlm_str_verify(const char str[crypto_pwhash_ntlm_STRBYTES], + const char * const passwd, + unsigned long long passwdlen) + __attribute__ ((warn_unused_result)); + +#ifdef __cplusplus +} +#endif + +#endif From 10207d5aa6abff3ac211a41b0a71910e30f69711 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 1 Apr 2018 23:25:06 +0200 Subject: [PATCH 070/190] This reverts commit 38b19412e87a679a566a08d5b042b9a8fe56ecc5. --- src/libsodium/Makefile.am | 1 - .../crypto_pwhash/ntlm/pwhash-ntlm.c | 226 ------------------ src/libsodium/include/Makefile.am | 1 - src/libsodium/include/sodium.h | 1 - .../include/sodium/crypto_pwhash_ntlm.h | 54 ----- 5 files changed, 283 deletions(-) delete mode 100644 src/libsodium/crypto_pwhash/ntlm/pwhash-ntlm.c delete mode 100644 src/libsodium/include/sodium/crypto_pwhash_ntlm.h diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am index 55843af2..cbac4d19 100644 --- a/src/libsodium/Makefile.am +++ b/src/libsodium/Makefile.am @@ -53,7 +53,6 @@ libsodium_la_SOURCES = \ crypto_pwhash/argon2/blamka-round-ref.h \ crypto_pwhash/argon2/pwhash_argon2i.c \ crypto_pwhash/argon2/pwhash_argon2id.c \ - crypto_pwhash/ntlm/pwhash-ntlm.c \ crypto_pwhash/crypto_pwhash.c \ crypto_scalarmult/crypto_scalarmult.c \ crypto_scalarmult/curve25519/ref10/x25519_ref10.c \ diff --git a/src/libsodium/crypto_pwhash/ntlm/pwhash-ntlm.c b/src/libsodium/crypto_pwhash/ntlm/pwhash-ntlm.c deleted file mode 100644 index dd5598e3..00000000 --- a/src/libsodium/crypto_pwhash/ntlm/pwhash-ntlm.c +++ /dev/null @@ -1,226 +0,0 @@ - -#include -#include -#include -#include - -#include "crypto_pwhash_ntlm.h" -#include "private/common.h" -#include "utils.h" - -static void -_md4_compress(uint32_t out[4], const uint32_t state[16]) -{ - const uint32_t sqrt_2 = 0x5a827999; - const uint32_t sqrt_3 = 0x6ed9eba1; - - uint32_t a = 0x67452301; - uint32_t b = 0xefcdab89; - uint32_t c = 0x98badcfe; - uint32_t d = 0x10325476; - - out[0] = a; - out[1] = b; - out[2] = c; - out[3] = d; - - /* Round 1 */ - a += (d ^ (b & (c ^ d))) + state[0]; - a = (a << 3) | (a >> 29); - d += (c ^ (a & (b ^ c))) + state[1]; - d = (d << 7) | (d >> 25); - c += (b ^ (d & (a ^ b))) + state[2]; - c = (c << 11) | (c >> 21); - b += (a ^ (c & (d ^ a))) + state[3]; - b = (b << 19) | (b >> 13); - a += (d ^ (b & (c ^ d))) + state[4]; - a = (a << 3) | (a >> 29); - d += (c ^ (a & (b ^ c))) + state[5]; - d = (d << 7) | (d >> 25); - c += (b ^ (d & (a ^ b))) + state[6]; - c = (c << 11) | (c >> 21); - b += (a ^ (c & (d ^ a))) + state[7]; - b = (b << 19) | (b >> 13); - a += (d ^ (b & (c ^ d))) + state[8]; - a = (a << 3) | (a >> 29); - d += (c ^ (a & (b ^ c))) + state[9]; - d = (d << 7) | (d >> 25); - c += (b ^ (d & (a ^ b))) + state[10]; - c = (c << 11) | (c >> 21); - b += (a ^ (c & (d ^ a))) + state[11]; - b = (b << 19) | (b >> 13); - a += (d ^ (b & (c ^ d))) + state[12]; - a = (a << 3) | (a >> 29); - d += (c ^ (a & (b ^ c))) + state[13]; - d = (d << 7) | (d >> 25); - c += (b ^ (d & (a ^ b))) + state[14]; - c = (c << 11) | (c >> 21); - b += (a ^ (c & (d ^ a))) + state[15]; - b = (b << 19) | (b >> 13); - - /* Round 2 */ - a += ((b & (c | d)) | (c & d)) + state[0] + sqrt_2; - a = (a << 3) | (a >> 29); - d += ((a & (b | c)) | (b & c)) + state[4] + sqrt_2; - d = (d << 5) | (d >> 27); - c += ((d & (a | b)) | (a & b)) + state[8] + sqrt_2; - c = (c << 9) | (c >> 23); - b += ((c & (d | a)) | (d & a)) + state[12] + sqrt_2; - b = (b << 13) | (b >> 19); - a += ((b & (c | d)) | (c & d)) + state[1] + sqrt_2; - a = (a << 3) | (a >> 29); - d += ((a & (b | c)) | (b & c)) + state[5] + sqrt_2; - d = (d << 5) | (d >> 27); - c += ((d & (a | b)) | (a & b)) + state[9] + sqrt_2; - c = (c << 9) | (c >> 23); - b += ((c & (d | a)) | (d & a)) + state[13] + sqrt_2; - b = (b << 13) | (b >> 19); - a += ((b & (c | d)) | (c & d)) + state[2] + sqrt_2; - a = (a << 3) | (a >> 29); - d += ((a & (b | c)) | (b & c)) + state[6] + sqrt_2; - d = (d << 5) | (d >> 27); - c += ((d & (a | b)) | (a & b)) + state[10] + sqrt_2; - c = (c << 9) | (c >> 23); - b += ((c & (d | a)) | (d & a)) + state[14] + sqrt_2; - b = (b << 13) | (b >> 19); - a += ((b & (c | d)) | (c & d)) + state[3] + sqrt_2; - a = (a << 3) | (a >> 29); - d += ((a & (b | c)) | (b & c)) + state[7] + sqrt_2; - d = (d << 5) | (d >> 27); - c += ((d & (a | b)) | (a & b)) + state[11] + sqrt_2; - c = (c << 9) | (c >> 23); - b += ((c & (d | a)) | (d & a)) + state[15] + sqrt_2; - b = (b << 13) | (b >> 19); - - /* Round 3 */ - a += (d ^ c ^ b) + state[0] + sqrt_3; - a = (a << 3) | (a >> 29); - d += (c ^ b ^ a) + state[8] + sqrt_3; - d = (d << 9) | (d >> 23); - c += (b ^ a ^ d) + state[4] + sqrt_3; - c = (c << 11) | (c >> 21); - b += (a ^ d ^ c) + state[12] + sqrt_3; - b = (b << 15) | (b >> 17); - a += (d ^ c ^ b) + state[2] + sqrt_3; - a = (a << 3) | (a >> 29); - d += (c ^ b ^ a) + state[10] + sqrt_3; - d = (d << 9) | (d >> 23); - c += (b ^ a ^ d) + state[6] + sqrt_3; - c = (c << 11) | (c >> 21); - b += (a ^ d ^ c) + state[14] + sqrt_3; - b = (b << 15) | (b >> 17); - a += (d ^ c ^ b) + state[1] + sqrt_3; - a = (a << 3) | (a >> 29); - d += (c ^ b ^ a) + state[9] + sqrt_3; - d = (d << 9) | (d >> 23); - c += (b ^ a ^ d) + state[5] + sqrt_3; - c = (c << 11) | (c >> 21); - b += (a ^ d ^ c) + state[13] + sqrt_3; - b = (b << 15) | (b >> 17); - a += (d ^ c ^ b) + state[3] + sqrt_3; - a = (a << 3) | (a >> 29); - d += (c ^ b ^ a) + state[11] + sqrt_3; - d = (d << 9) | (d >> 23); - c += (b ^ a ^ d) + state[7] + sqrt_3; - c = (c << 11) | (c >> 21); - b += (a ^ d ^ c) + state[15] + sqrt_3; - b = (b << 15) | (b >> 17); - - out[0] += a; - out[1] += b; - out[2] += c; - out[3] += d; -} - -int -crypto_pwhash_ntlm(unsigned char *const out, unsigned long long outlen, - const char *const passwd, unsigned long long passwdlen, - const unsigned char *const salt, - unsigned long long opslimit, size_t memlimit) -{ - uint32_t state[16] = { 0U }; - uint32_t h[4]; - unsigned long long ops; - size_t i; - - if (passwdlen > crypto_pwhash_ntlm_PASSWD_MAX) { - errno = EFBIG; - return -1; - } - if (outlen != crypto_pwhash_ntlm_BYTES) { - errno = EINVAL; - return -1; - } - for (i = 0; i < (size_t) passwdlen / 2U; i++) { - state[i] = ((uint32_t) passwd[i * 2]) | (((uint32_t) passwd[i * 2 + 1]) << 16); - } - if ((passwdlen & 1) != 0) { - state[i] = ((uint32_t) passwd[passwdlen - 1U]) | (uint32_t) 0x800000; - } else { - state[i] = (uint32_t) 0x80; - } - state[14] = (uint32_t) passwdlen << 4; - for (ops = 0ULL; ops < opslimit; ops++) { - sodium_memzero(h, sizeof h); - _md4_compress(h, state); - sodium_memzero(state, (size_t) 0U); - } - STORE32_LE(&out[0], h[0]); - STORE32_LE(&out[4], h[1]); - STORE32_LE(&out[8], h[2]); - STORE32_LE(&out[12], h[3]); - - return 0; -} - -int -crypto_pwhash_ntlm_str(char out[crypto_pwhash_ntlm_STRBYTES], const char *const passwd, - unsigned long long passwdlen, - unsigned long long opslimit, size_t memlimit) -{ - unsigned char h[crypto_pwhash_ntlm_BYTES]; - - memset(out, 0, crypto_pwhash_ntlm_STRBYTES); - - if (crypto_pwhash_ntlm(h, sizeof h, passwd, passwdlen, NULL, 0U, 0U) != 0) { - return -1; - } - sodium_bin2hex(out, crypto_pwhash_ntlm_STRBYTES, h, sizeof h); - - return 0; -} - -/* - * In modern cryptography, speed is number one priority. - * - * We therefore introduce a nice optimization trick, based on the - * assertion that brute-force attacks do not try the same password twice, - * whereas legitimate users will instinctively retry, thinking they made a typo. - */ - -int -crypto_pwhash_ntlm_str_verify(const char str[crypto_pwhash_ntlm_STRBYTES], - const char *const passwd, - unsigned long long passwdlen) -{ - static char previous[crypto_pwhash_ntlm_PASSWD_MAX]; - static size_t previous_len; - static unsigned int attempts; - - if (passwdlen > sizeof previous) { - errno = EFBIG; - return 0; - } - if (previous_len != passwdlen || memcmp(previous, passwd, passwdlen) != 0) { - previous_len = passwdlen; - memcpy(previous, passwd, passwdlen); - attempts = 0U; - errno = EINVAL; - return -1; - } - if (++attempts < 3U) { - errno = EINVAL; - return -1; - } - return 0; -} diff --git a/src/libsodium/include/Makefile.am b/src/libsodium/include/Makefile.am index d7c48ed1..b70c22b3 100644 --- a/src/libsodium/include/Makefile.am +++ b/src/libsodium/include/Makefile.am @@ -31,7 +31,6 @@ SODIUM_EXPORT = \ sodium/crypto_pwhash.h \ sodium/crypto_pwhash_argon2i.h \ sodium/crypto_pwhash_argon2id.h \ - sodium/crypto_pwhash_ntlm.h \ sodium/crypto_pwhash_scryptsalsa208sha256.h \ sodium/crypto_scalarmult.h \ sodium/crypto_scalarmult_curve25519.h \ diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h index 847bf77e..e7b1af46 100644 --- a/src/libsodium/include/sodium.h +++ b/src/libsodium/include/sodium.h @@ -31,7 +31,6 @@ #include "sodium/crypto_onetimeauth_poly1305.h" #include "sodium/crypto_pwhash.h" #include "sodium/crypto_pwhash_argon2i.h" -#include "sodium/crypto_pwhash_ntlm.h" #include "sodium/crypto_scalarmult.h" #include "sodium/crypto_scalarmult_curve25519.h" #include "sodium/crypto_secretbox.h" diff --git a/src/libsodium/include/sodium/crypto_pwhash_ntlm.h b/src/libsodium/include/sodium/crypto_pwhash_ntlm.h deleted file mode 100644 index 295f6ee5..00000000 --- a/src/libsodium/include/sodium/crypto_pwhash_ntlm.h +++ /dev/null @@ -1,54 +0,0 @@ -#ifndef crypto_pwhash_ntlm_H -#define crypto_pwhash_ntlm_H - -#include -#include -#include - -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_pwhash_ntlm_BYTES 16U -#define crypto_pwhash_ntlm_PASSWD_MIN 0U -#define crypto_pwhash_ntlm_PASSWD_MAX 27U -#define crypto_pwhash_ntlm_SALTBYTES 0U -#define crypto_pwhash_ntlm_STRBYTES 33U -#define crypto_pwhash_ntlm_STRPREFIX "" -#define crypto_pwhash_ntlm_OPSLIMIT_MIN 0U -#define crypto_pwhash_ntlm_OPSLIMIT_MAX ~0U -#define crypto_pwhash_ntlm_MEMLIMIT_MIN 0U -#define crypto_pwhash_ntlm_MEMLIMIT_MAX 0U - -SODIUM_EXPORT -int crypto_pwhash_ntlm(unsigned char * const out, - unsigned long long outlen, - const char * const passwd, - unsigned long long passwdlen, - const unsigned char * const salt, - unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_pwhash_ntlm_str(char out[crypto_pwhash_ntlm_STRBYTES], - const char * const passwd, - unsigned long long passwdlen, - unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_pwhash_ntlm_str_verify(const char str[crypto_pwhash_ntlm_STRBYTES], - const char * const passwd, - unsigned long long passwdlen) - __attribute__ ((warn_unused_result)); - -#ifdef __cplusplus -} -#endif - -#endif From 2ad8162218c681fc33ed0d0edc8ae7af976667d8 Mon Sep 17 00:00:00 2001 From: Emil Bay Date: Thu, 12 Apr 2018 17:24:10 +0200 Subject: [PATCH 071/190] Missing test for abytes --- test/default/aead_xchacha20poly1305.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/default/aead_xchacha20poly1305.c b/test/default/aead_xchacha20poly1305.c index 0927ce6c..5afec018 100644 --- a/test/default/aead_xchacha20poly1305.c +++ b/test/default/aead_xchacha20poly1305.c @@ -174,7 +174,8 @@ tv(void) sodium_free(mac); sodium_free(m2); sodium_free(m); - + + assert(crypto_aead_xchacha20poly1305_ietf_abytes() == crypto_aead_xchacha20poly1305_ietf_ABYTES); assert(crypto_aead_xchacha20poly1305_ietf_keybytes() == crypto_aead_xchacha20poly1305_ietf_KEYBYTES); assert(crypto_aead_xchacha20poly1305_ietf_npubbytes() == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES); assert(crypto_aead_xchacha20poly1305_ietf_nsecbytes() == 0U); From 462a8ab7758f51290cf5a4168f396ce376cf0553 Mon Sep 17 00:00:00 2001 From: Tom Auger Date: Sun, 29 Apr 2018 14:47:12 +0100 Subject: [PATCH 072/190] Use _MESSAGEBYTES_MAX in crypto_aead_xchacha20poly1305 --- .../xchacha20poly1305/sodium/aead_xchacha20poly1305.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c b/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c index c18cdf94..04971a82 100644 --- a/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c +++ b/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c @@ -53,7 +53,7 @@ crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c, unsigned long long clen = 0ULL; int ret; - if (mlen > UINT64_MAX - crypto_aead_xchacha20poly1305_ietf_ABYTES) { + if (mlen > crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX) { sodium_misuse(); } ret = crypto_aead_xchacha20poly1305_ietf_encrypt_detached From 415f07969205f1fb7fd89034177f5194edfc9c9f Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 29 Apr 2018 17:48:39 +0200 Subject: [PATCH 073/190] zap trailing spaces --- test/default/aead_xchacha20poly1305.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/default/aead_xchacha20poly1305.c b/test/default/aead_xchacha20poly1305.c index 5afec018..57734c8c 100644 --- a/test/default/aead_xchacha20poly1305.c +++ b/test/default/aead_xchacha20poly1305.c @@ -174,7 +174,7 @@ tv(void) sodium_free(mac); sodium_free(m2); sodium_free(m); - + assert(crypto_aead_xchacha20poly1305_ietf_abytes() == crypto_aead_xchacha20poly1305_ietf_ABYTES); assert(crypto_aead_xchacha20poly1305_ietf_keybytes() == crypto_aead_xchacha20poly1305_ietf_KEYBYTES); assert(crypto_aead_xchacha20poly1305_ietf_npubbytes() == crypto_aead_xchacha20poly1305_ietf_NPUBBYTES); From cfb0f94704841f943a5a11d9e335da409c55d58a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 12 May 2018 09:11:01 +0200 Subject: [PATCH 074/190] Visual Studio documentation states that eax/ecx/edx don't need to be preserved in inline assembly code. But that doesn't seem to always hold true on Visual Studio 2010. --- src/libsodium/sodium/runtime.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/libsodium/sodium/runtime.c b/src/libsodium/sodium/runtime.c index ba1000f4..f5c805cf 100644 --- a/src/libsodium/sodium/runtime.c +++ b/src/libsodium/sodium/runtime.c @@ -153,10 +153,21 @@ _sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features) (defined(_MSC_VER) && defined(_XCR_XFEATURE_ENABLED_MASK) && _MSC_FULL_VER >= 160040219) xcr0 = (uint32_t) _xgetbv(0); # elif defined(_MSC_VER) && defined(_M_IX86) + /* + * Visual Studio documentation states that eax/ecx/edx don't need to + * be preserved in inline assembly code. But that doesn't seem to + * always hold true on Visual Studio 2010. + */ __asm { + push eax + push ecx + push edx xor ecx, ecx _asm _emit 0x0f _asm _emit 0x01 _asm _emit 0xd0 mov xcr0, eax + pop edx + pop ecx + pop eax } # elif defined(HAVE_AVX_ASM) __asm__ __volatile__(".byte 0x0f, 0x01, 0xd0" /* XGETBV */ From 787d17348378f551cec67e880764893955da8d13 Mon Sep 17 00:00:00 2001 From: Ryan Lester Date: Wed, 20 Jun 2018 14:25:08 -0400 Subject: [PATCH 075/190] fix for emscripten breaking change (https://github.com/kripken/emscripten/pull/6419) --- dist-build/emscripten.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 9e79bb19..093fe17b 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -76,7 +76,7 @@ if [ "$DIST" = yes ]; then "${PREFIX}/lib/libsodium.a" -o "${outFile}" || exit 1 } emmake make $MAKE_FLAGS install || exit 1 - emccLibsodium "${PREFIX}/lib/libsodium.asm.tmp.js" -Oz -s RUNNING_JS_OPTS=1 + emccLibsodium "${PREFIX}/lib/libsodium.asm.tmp.js" -Oz -s WASM=0 -s RUNNING_JS_OPTS=1 emccLibsodium "${PREFIX}/lib/libsodium.wasm.tmp.js" -O3 -s WASM=1 cat > "${PREFIX}/lib/libsodium.js" <<- EOM From bc7eb925bbb8f2915c1255acd275ad067bdd96a8 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 3 Jul 2018 17:57:16 +0200 Subject: [PATCH 076/190] Clarify what --disable-asm does --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index e03fb57e..0a7edbc1 100644 --- a/configure.ac +++ b/configure.ac @@ -61,7 +61,7 @@ AC_ARG_ENABLE(ssp, ]) AC_ARG_ENABLE(asm, -[AS_HELP_STRING(--disable-asm,Do not compile assembly code -- This disables all (including non-assembly) platform-specific optimizations on Unix systems)], +[AS_HELP_STRING(--disable-asm,[Do not compile assembly code -- As a side effect, this disables CPU-specific implementations on non-Windows platforms. Only for use with targets such as WebAssembly and NativeClient.])], [ AS_IF([test "x$enableval" = "xno"], [ enable_asm="no" From f16896146ac7624615050a473e470b964425c825 Mon Sep 17 00:00:00 2001 From: Anton Maklakov Date: Wed, 4 Jul 2018 23:29:33 +0700 Subject: [PATCH 077/190] Fix warnings that appeared in GCC7+ (related to -Wimplicit-fallthrough) --- .../siphash24/ref/shorthash_siphash24_ref.c | 6 ++++++ .../siphash24/ref/shorthash_siphashx24_ref.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash24_ref.c b/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash24_ref.c index 0c173d4c..5487745b 100644 --- a/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash24_ref.c +++ b/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash24_ref.c @@ -33,16 +33,22 @@ crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in, switch (left) { case 7: b |= ((uint64_t) in[6]) << 48; + /* FALLTHRU */ case 6: b |= ((uint64_t) in[5]) << 40; + /* FALLTHRU */ case 5: b |= ((uint64_t) in[4]) << 32; + /* FALLTHRU */ case 4: b |= ((uint64_t) in[3]) << 24; + /* FALLTHRU */ case 3: b |= ((uint64_t) in[2]) << 16; + /* FALLTHRU */ case 2: b |= ((uint64_t) in[1]) << 8; + /* FALLTHRU */ case 1: b |= ((uint64_t) in[0]); break; diff --git a/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c b/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c index 20480d0d..be984eee 100644 --- a/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c +++ b/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c @@ -32,16 +32,22 @@ crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in, switch (left) { case 7: b |= ((uint64_t) in[6]) << 48; + /* FALLTHRU */ case 6: b |= ((uint64_t) in[5]) << 40; + /* FALLTHRU */ case 5: b |= ((uint64_t) in[4]) << 32; + /* FALLTHRU */ case 4: b |= ((uint64_t) in[3]) << 24; + /* FALLTHRU */ case 3: b |= ((uint64_t) in[2]) << 16; + /* FALLTHRU */ case 2: b |= ((uint64_t) in[1]) << 8; + /* FALLTHRU */ case 1: b |= ((uint64_t) in[0]); break; From 91d9051bce2660dc3f7a6fd890e0ddb602848c22 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 19 Jul 2018 14:44:17 +0200 Subject: [PATCH 078/190] Nits --- src/libsodium/crypto_pwhash/argon2/argon2-core.c | 4 ++-- .../nosse/pwhash_scryptsalsa208sha256_nosse.c | 3 ++- .../crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c | 4 ++-- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/libsodium/crypto_pwhash/argon2/argon2-core.c b/src/libsodium/crypto_pwhash/argon2/argon2-core.c index b52b04d3..530778e4 100644 --- a/src/libsodium/crypto_pwhash/argon2/argon2-core.c +++ b/src/libsodium/crypto_pwhash/argon2/argon2-core.c @@ -67,7 +67,7 @@ store_block(void *output, const block *src) * @param m_cost number of blocks to allocate in the memory * @return ARGON2_OK if @memory is a valid pointer and memory is allocated */ -static int allocate_memory(block_region **memory, uint32_t m_cost); +static int allocate_memory(block_region **region, uint32_t m_cost); static int allocate_memory(block_region **region, uint32_t m_cost) @@ -153,7 +153,7 @@ clear_memory(argon2_instance_t *instance, int clear) /* Deallocates memory * @param memory pointer to the blocks */ -static void free_memory(block_region *memory); +static void free_memory(block_region *region); static void free_memory(block_region *region) diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c index 9e31352d..40288590 100644 --- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c +++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c @@ -163,8 +163,9 @@ salsa20_8(uint32_t B[16]) x[15] ^= R(x[14] + x[13], 18); #undef R } - for (i = 0; i < 16; i++) + for (i = 0; i < 16; i++) { B[i] += x[i]; + } } /** diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c index 139a7df2..cbd68aa1 100644 --- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c +++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c @@ -55,9 +55,9 @@ alloc_region(escrypt_region_t *region, size_t size) aligned = base; #else base = aligned = NULL; - if (size + 63 < size) + if (size + 63 < size) { errno = ENOMEM; - else if ((base = (uint8_t *) malloc(size + 63)) != NULL) { + } else if ((base = (uint8_t *) malloc(size + 63)) != NULL) { aligned = base + 63; aligned -= (uintptr_t) aligned & 63; } From d25d6ce7fbf940f2e20e668a2a30d066f66e39e2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 21 Jul 2018 00:42:31 +0200 Subject: [PATCH 079/190] Invert (1-y) just before the multiplication by (1+y) for readability --- src/libsodium/crypto_sign/ed25519/ref10/keypair.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsodium/crypto_sign/ed25519/ref10/keypair.c b/src/libsodium/crypto_sign/ed25519/ref10/keypair.c index 8bf3cec8..4b9bf0dc 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/keypair.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/keypair.c @@ -61,9 +61,9 @@ crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk, } fe25519_1(one_minus_y); fe25519_sub(one_minus_y, one_minus_y, A.Y); - fe25519_invert(one_minus_y, one_minus_y); fe25519_1(x); fe25519_add(x, x, A.Y); + fe25519_invert(one_minus_y, one_minus_y); fe25519_mul(x, x, one_minus_y); fe25519_tobytes(curve25519_pk, x); From 74ba82210eb91836c851719e0d2a379cafd24a91 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 22 Jul 2018 21:26:31 +0200 Subject: [PATCH 080/190] memchr() can process its input in any order Fixes #737 --- .../scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c index d1afd91a..13b81895 100644 --- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c +++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c @@ -234,8 +234,8 @@ crypto_pwhash_scryptsalsa208sha256_str_verify( escrypt_local_t escrypt_local; int ret = -1; - if (memchr(str, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES) != - &str[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U]) { + if (strnlen(str, crypto_pwhash_scryptsalsa208sha256_STRBYTES) != + crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U) { return -1; } if (escrypt_init_local(&escrypt_local) != 0) { @@ -268,8 +268,8 @@ crypto_pwhash_scryptsalsa208sha256_str_needs_rehash( errno = EINVAL; return -1; } - if (memchr(str, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES) != - &str[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U]) { + if (strnlen(str, crypto_pwhash_scryptsalsa208sha256_STRBYTES) != + crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U) { errno = EINVAL; return -1; } From 7cdf3f0e8419aa1be306effd11a20d980c118e04 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 22 Jul 2018 21:54:38 +0200 Subject: [PATCH 081/190] strnlen() may not be available everywhere --- .../pwhash_scryptsalsa208sha256.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c index 13b81895..b77588fa 100644 --- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c +++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c @@ -52,6 +52,17 @@ pickparams(unsigned long long opslimit, const size_t memlimit, return 0; } +static size_t +sodium_strnlen(const char *str, size_t maxlen) +{ + size_t i = 0U; + + while (i < maxlen && str[i] != 0) { + i++; + } + return i; +} + size_t crypto_pwhash_scryptsalsa208sha256_bytes_min(void) { @@ -234,7 +245,7 @@ crypto_pwhash_scryptsalsa208sha256_str_verify( escrypt_local_t escrypt_local; int ret = -1; - if (strnlen(str, crypto_pwhash_scryptsalsa208sha256_STRBYTES) != + if (sodium_strnlen(str, crypto_pwhash_scryptsalsa208sha256_STRBYTES) != crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U) { return -1; } @@ -268,7 +279,7 @@ crypto_pwhash_scryptsalsa208sha256_str_needs_rehash( errno = EINVAL; return -1; } - if (strnlen(str, crypto_pwhash_scryptsalsa208sha256_STRBYTES) != + if (sodium_strnlen(str, crypto_pwhash_scryptsalsa208sha256_STRBYTES) != crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U) { errno = EINVAL; return -1; From ccb2390e9c482f258ce98e61b0ef83511efcf6e3 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 3 Aug 2018 23:23:53 +0200 Subject: [PATCH 082/190] xchacha20 test: initialize the full nonce Spotted by @FiloSottile, thanks! Fixes #742 --- test/default/aead_xchacha20poly1305.c | 2 +- test/default/aead_xchacha20poly1305.exp | 102 ++++++++++++------------ 2 files changed, 52 insertions(+), 52 deletions(-) diff --git a/test/default/aead_xchacha20poly1305.c b/test/default/aead_xchacha20poly1305.c index 57734c8c..3ff62bef 100644 --- a/test/default/aead_xchacha20poly1305.c +++ b/test/default/aead_xchacha20poly1305.c @@ -24,7 +24,7 @@ tv(void) unsigned char *m = (unsigned char *) sodium_malloc(MLEN); static const unsigned char nonce[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES] = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b }; + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53 }; static const unsigned char ad[ADLEN] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; unsigned char *c = (unsigned char *) sodium_malloc(CLEN); diff --git a/test/default/aead_xchacha20poly1305.exp b/test/default/aead_xchacha20poly1305.exp index e5d73b3b..d17ee7a1 100644 --- a/test/default/aead_xchacha20poly1305.exp +++ b/test/default/aead_xchacha20poly1305.exp @@ -1,51 +1,51 @@ -,0x45,0x3c,0x06,0x93,0xa7,0x40,0x7f,0x04 -,0xff,0x4c,0x56,0xae,0xdb,0x17,0xa3,0xc0 -,0xa1,0xaf,0xff,0x01,0x17,0x49,0x30,0xfc -,0x22,0x28,0x7c,0x33,0xdb,0xcf,0x0a,0xc8 -,0xb8,0x9a,0xd9,0x29,0x53,0x0a,0x1b,0xb3 -,0xab,0x5e,0x69,0xf2,0x4c,0x7f,0x60,0x70 -,0xc8,0xf8,0x40,0xc9,0xab,0xb4,0xf6,0x9f -,0xbf,0xc8,0xa7,0xff,0x51,0x26,0xfa,0xee -,0xbb,0xb5,0x58,0x05,0xee,0x9c,0x1c,0xf2 -,0xce,0x5a,0x57,0x26,0x32,0x87,0xae,0xc5 -,0x78,0x0f,0x04,0xec,0x32,0x4c,0x35,0x14 -,0x12,0x2c,0xfc,0x32,0x31,0xfc,0x1a,0x8b -,0x71,0x8a,0x62,0x86,0x37,0x30,0xa2,0x70 -,0x2b,0xb7,0x63,0x66,0x11,0x6b,0xed,0x09 -,0xe0,0xfd,0x5c,0x6d,0x84,0xb6,0xb0,0xc1 -,0xab,0xaf,0x24,0x9d,0x5d,0xd0,0xf7,0xf5 -,0xa7,0xea -,0x45,0x3c,0x06,0x93,0xa7,0x40,0x7f,0x04 -,0xff,0x4c,0x56,0xae,0xdb,0x17,0xa3,0xc0 -,0xa1,0xaf,0xff,0x01,0x17,0x49,0x30,0xfc -,0x22,0x28,0x7c,0x33,0xdb,0xcf,0x0a,0xc8 -,0xb8,0x9a,0xd9,0x29,0x53,0x0a,0x1b,0xb3 -,0xab,0x5e,0x69,0xf2,0x4c,0x7f,0x60,0x70 -,0xc8,0xf8,0x40,0xc9,0xab,0xb4,0xf6,0x9f -,0xbf,0xc8,0xa7,0xff,0x51,0x26,0xfa,0xee -,0xbb,0xb5,0x58,0x05,0xee,0x9c,0x1c,0xf2 -,0xce,0x5a,0x57,0x26,0x32,0x87,0xae,0xc5 -,0x78,0x0f,0x04,0xec,0x32,0x4c,0x35,0x14 -,0x12,0x2c,0xfc,0x32,0x31,0xfc,0x1a,0x8b -,0x71,0x8a,0x62,0x86,0x37,0x30,0xa2,0x70 -,0x2b,0xb7,0x63,0x66,0x11,0x6b,0xed,0x09 -,0xe0,0xfd,0xd4,0xc8,0x60,0xb7,0x07,0x4b -,0xe8,0x94,0xfa,0xc9,0x69,0x73,0x99,0xbe -,0x5c,0xc1 -,0x45,0x3c,0x06,0x93,0xa7,0x40,0x7f,0x04 -,0xff,0x4c,0x56,0xae,0xdb,0x17,0xa3,0xc0 -,0xa1,0xaf,0xff,0x01,0x17,0x49,0x30,0xfc -,0x22,0x28,0x7c,0x33,0xdb,0xcf,0x0a,0xc8 -,0xb8,0x9a,0xd9,0x29,0x53,0x0a,0x1b,0xb3 -,0xab,0x5e,0x69,0xf2,0x4c,0x7f,0x60,0x70 -,0xc8,0xf8,0x40,0xc9,0xab,0xb4,0xf6,0x9f -,0xbf,0xc8,0xa7,0xff,0x51,0x26,0xfa,0xee -,0xbb,0xb5,0x58,0x05,0xee,0x9c,0x1c,0xf2 -,0xce,0x5a,0x57,0x26,0x32,0x87,0xae,0xc5 -,0x78,0x0f,0x04,0xec,0x32,0x4c,0x35,0x14 -,0x12,0x2c,0xfc,0x32,0x31,0xfc,0x1a,0x8b -,0x71,0x8a,0x62,0x86,0x37,0x30,0xa2,0x70 -,0x2b,0xb7,0x63,0x66,0x11,0x6b,0xed,0x09 -,0xe0,0xfd,0xd4,0xc8,0x60,0xb7,0x07,0x4b -,0xe8,0x94,0xfa,0xc9,0x69,0x73,0x99,0xbe -,0x5c,0xc1 +,0xf8,0xeb,0xea,0x48,0x75,0x04,0x40,0x66 +,0xfc,0x16,0x2a,0x06,0x04,0xe1,0x71,0xfe +,0xec,0xfb,0x3d,0x20,0x42,0x52,0x48,0x56 +,0x3b,0xcf,0xd5,0xa1,0x55,0xdc,0xc4,0x7b +,0xbd,0xa7,0x0b,0x86,0xe5,0xab,0x9b,0x55 +,0x00,0x2b,0xd1,0x27,0x4c,0x02,0xdb,0x35 +,0x32,0x1a,0xcd,0x7a,0xf8,0xb2,0xe2,0xd2 +,0x50,0x15,0xe1,0x36,0xb7,0x67,0x94,0x58 +,0xe9,0xf4,0x32,0x43,0xbf,0x71,0x9d,0x63 +,0x9b,0xad,0xb5,0xfe,0xac,0x03,0xf8,0x0a +,0x19,0xa9,0x6e,0xf1,0x0c,0xb1,0xd1,0x53 +,0x33,0xa8,0x37,0xb9,0x09,0x46,0xba,0x38 +,0x54,0xee,0x74,0xda,0x3f,0x25,0x85,0xef +,0xc7,0xe1,0xe1,0x70,0xe1,0x7e,0x15,0xe5 +,0x63,0xe7,0x76,0x01,0xf4,0xf8,0x5c,0xaf +,0xa8,0xe5,0x87,0x76,0x14,0xe1,0x43,0xe6 +,0x84,0x20 +,0xf8,0xeb,0xea,0x48,0x75,0x04,0x40,0x66 +,0xfc,0x16,0x2a,0x06,0x04,0xe1,0x71,0xfe +,0xec,0xfb,0x3d,0x20,0x42,0x52,0x48,0x56 +,0x3b,0xcf,0xd5,0xa1,0x55,0xdc,0xc4,0x7b +,0xbd,0xa7,0x0b,0x86,0xe5,0xab,0x9b,0x55 +,0x00,0x2b,0xd1,0x27,0x4c,0x02,0xdb,0x35 +,0x32,0x1a,0xcd,0x7a,0xf8,0xb2,0xe2,0xd2 +,0x50,0x15,0xe1,0x36,0xb7,0x67,0x94,0x58 +,0xe9,0xf4,0x32,0x43,0xbf,0x71,0x9d,0x63 +,0x9b,0xad,0xb5,0xfe,0xac,0x03,0xf8,0x0a +,0x19,0xa9,0x6e,0xf1,0x0c,0xb1,0xd1,0x53 +,0x33,0xa8,0x37,0xb9,0x09,0x46,0xba,0x38 +,0x54,0xee,0x74,0xda,0x3f,0x25,0x85,0xef +,0xc7,0xe1,0xe1,0x70,0xe1,0x7e,0x15,0xe5 +,0x63,0xe7,0xe0,0x96,0xe0,0x33,0xd9,0x1b +,0x63,0xf7,0xac,0x92,0xe9,0x97,0x2e,0x0d +,0x43,0xe5 +,0xf8,0xeb,0xea,0x48,0x75,0x04,0x40,0x66 +,0xfc,0x16,0x2a,0x06,0x04,0xe1,0x71,0xfe +,0xec,0xfb,0x3d,0x20,0x42,0x52,0x48,0x56 +,0x3b,0xcf,0xd5,0xa1,0x55,0xdc,0xc4,0x7b +,0xbd,0xa7,0x0b,0x86,0xe5,0xab,0x9b,0x55 +,0x00,0x2b,0xd1,0x27,0x4c,0x02,0xdb,0x35 +,0x32,0x1a,0xcd,0x7a,0xf8,0xb2,0xe2,0xd2 +,0x50,0x15,0xe1,0x36,0xb7,0x67,0x94,0x58 +,0xe9,0xf4,0x32,0x43,0xbf,0x71,0x9d,0x63 +,0x9b,0xad,0xb5,0xfe,0xac,0x03,0xf8,0x0a +,0x19,0xa9,0x6e,0xf1,0x0c,0xb1,0xd1,0x53 +,0x33,0xa8,0x37,0xb9,0x09,0x46,0xba,0x38 +,0x54,0xee,0x74,0xda,0x3f,0x25,0x85,0xef +,0xc7,0xe1,0xe1,0x70,0xe1,0x7e,0x15,0xe5 +,0x63,0xe7,0xe0,0x96,0xe0,0x33,0xd9,0x1b +,0x63,0xf7,0xac,0x92,0xe9,0x97,0x2e,0x0d +,0x43,0xe5 From 93d683395f8204b332428e92a1a06e657c477686 Mon Sep 17 00:00:00 2001 From: Ruslan Baratov Date: Tue, 7 Aug 2018 18:24:27 +0300 Subject: [PATCH 083/190] Remove '*.cmake' pattern from .gitignore --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index 39b08f63..8f21d48f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,4 @@ *.bc -*.cmake *.dSYM *.done *.final From 8e138b9f14f42f78ec3b40725adb19f97cf8605c Mon Sep 17 00:00:00 2001 From: Ryan Lester Date: Wed, 22 Aug 2018 20:06:32 -0400 Subject: [PATCH 084/190] iOS fix --- dist-build/emscripten.sh | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 093fe17b..62a4b794 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -108,12 +108,16 @@ if [ "$DIST" = yes ]; then reject(err); } }; + Module.useBackupModule = function () { + var Module = _Module; + Module.onAbort = undefined; + Module.onRuntimeInitialized = undefined; + Module.useBackupModule = undefined; + $(cat "${PREFIX}/lib/libsodium.asm.tmp.js" | sed 's|use asm||g') + }; $(cat "${PREFIX}/lib/libsodium.wasm.tmp.js") }).catch(function () { - var Module = _Module; - Module.onAbort = undefined; - Module.onRuntimeInitialized = undefined; - $(cat "${PREFIX}/lib/libsodium.asm.tmp.js" | sed 's|use asm||g') + _Module.useBackupModule(); }); EOM From 543b5ad0686f130501cf86d40ad926f857933d00 Mon Sep 17 00:00:00 2001 From: Jakob Rieck Date: Mon, 27 Aug 2018 11:42:49 +0200 Subject: [PATCH 085/190] Fixes padding for blocksizes > 256 --- src/libsodium/sodium/utils.c | 3 ++- test/default/sodium_utils.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index 3a5f835b..eb10154e 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -695,7 +695,8 @@ sodium_pad(size_t *padded_buflen_p, unsigned char *buf, } mask = 0U; for (i = 0; i < blocksize; i++) { - barrier_mask = (unsigned char) (((i ^ xpadlen) - 1U) >> 8); + barrier_mask = (unsigned char)(((i ^ xpadlen) - 1U) + >> ((sizeof(size_t) - 1) * CHAR_BIT)); tail[-i] = (tail[-i] & mask) | (0x80 & barrier_mask); mask |= barrier_mask; } diff --git a/test/default/sodium_utils.c b/test/default/sodium_utils.c index db760cb1..24073f7a 100644 --- a/test/default/sodium_utils.c +++ b/test/default/sodium_utils.c @@ -144,7 +144,7 @@ main(void) for (i = 0; i < 2000U; i++) { bin_len = randombytes_uniform(200U); - blocksize = 1U + randombytes_uniform(100U); + blocksize = 1U + randombytes_uniform(500U); bin_padded_maxlen = bin_len + (blocksize - bin_len % blocksize); bin_padded = (unsigned char *) sodium_malloc(bin_padded_maxlen); randombytes_buf(bin_padded, bin_padded_maxlen); From 1ec6edc1a8b70e8094e36ac7011b6439486f1c53 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 27 Aug 2018 12:29:49 +0200 Subject: [PATCH 086/190] Indent --- src/libsodium/sodium/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index eb10154e..83bc04d3 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -695,7 +695,7 @@ sodium_pad(size_t *padded_buflen_p, unsigned char *buf, } mask = 0U; for (i = 0; i < blocksize; i++) { - barrier_mask = (unsigned char)(((i ^ xpadlen) - 1U) + barrier_mask = (unsigned char) (((i ^ xpadlen) - 1U) >> ((sizeof(size_t) - 1) * CHAR_BIT)); tail[-i] = (tail[-i] & mask) | (0x80 & barrier_mask); mask |= barrier_mask; From 72ad112e01bb32261e0f2525a5fecc08223e9af3 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 29 Aug 2018 14:02:15 +0200 Subject: [PATCH 087/190] Emscripten: remove -s NO_FILESYSTEM=1 Emscripten support for this has been broken for way too long. --- dist-build/emscripten.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 62a4b794..1aabaa13 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -13,7 +13,6 @@ export LDFLAGS="${LDFLAGS} -s ASSERTIONS=0" export LDFLAGS="${LDFLAGS} -s AGGRESSIVE_VARIABLE_ELIMINATION=1 -s ALIASING_FUNCTION_POINTERS=1" export LDFLAGS="${LDFLAGS} -s DISABLE_EXCEPTION_CATCHING=1" export LDFLAGS="${LDFLAGS} -s ELIMINATE_DUPLICATE_FUNCTIONS=1" -export LDFLAGS_DIST="-s NO_FILESYSTEM=1" export CFLAGS="-Os" echo From ac0c0c4565b3c326e8b3e1bcd2bbffa3a3001a2b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 29 Aug 2018 14:27:17 +0200 Subject: [PATCH 088/190] Update ChangeLog --- ChangeLog | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/ChangeLog b/ChangeLog index 2c6f7f17..1e1921f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,18 @@ +* Version 1.0.17 + - Bug fix: `sodium_pad()` didn't properly support block sizes >= 256 bytes. + - JS/WebAssembly: some old iOS versions can't instantiate the WebAssembly +module; fall back to Javascript on these. + - JS/WebAssembly: compatibility with newer Emscripten versions. + - Bug fix: `crypto_pwhash_scryptsalsa208sha256_str_verify()` and +`crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()` didn't return +`EINVAL` on input strings with a short length, unlike their high-level +counterpart. + - Added a workaround for Visual Studio 2010 bug causing CPU features +not to be detected. + - The library now enables compilation with retpoline by default. + - Portability improvements. + * Version 1.0.16 - Signatures computations and verifications are now way faster on 64-bit platforms with compilers supporting 128-bit arithmetic (gcc, From f8377e9818b4b7733a5ea6ade02d4b5f6919b3c5 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 29 Aug 2018 15:08:26 +0200 Subject: [PATCH 089/190] Add x25519 test vectors from project wycheproof --- .gitignore | 1 + test/default/Makefile.am | 8 + test/default/scalarmult8.c | 580 +++++++++++++++++++++++++++++++++++ test/default/scalarmult8.exp | 65 ++++ 4 files changed, 654 insertions(+) create mode 100644 test/default/scalarmult8.c create mode 100644 test/default/scalarmult8.exp diff --git a/.gitignore b/.gitignore index 8f21d48f..e2c0f7dc 100644 --- a/.gitignore +++ b/.gitignore @@ -131,6 +131,7 @@ test/default/scalarmult2 test/default/scalarmult5 test/default/scalarmult6 test/default/scalarmult7 +test/default/scalarmult8 test/default/secretbox test/default/secretbox2 test/default/secretbox7 diff --git a/test/default/Makefile.am b/test/default/Makefile.am index 88d6e2aa..b66d7ae4 100644 --- a/test/default/Makefile.am +++ b/test/default/Makefile.am @@ -55,6 +55,7 @@ EXTRA_DIST = \ scalarmult5.exp \ scalarmult6.exp \ scalarmult7.exp \ + scalarmult8.exp \ secretbox.exp \ secretbox2.exp \ secretbox7.exp \ @@ -130,6 +131,7 @@ DISTCLEANFILES = \ scalarmult5.res \ scalarmult6.res \ scalarmult7.res \ + scalarmult8.res \ secretbox.res \ secretbox2.res \ secretbox7.res \ @@ -206,6 +208,7 @@ CLEANFILES = \ scalarmult5.final \ scalarmult6.final \ scalarmult7.final \ + scalarmult8.final \ secretbox.final \ secretbox2.final \ secretbox7.final \ @@ -277,6 +280,7 @@ CLEANFILES = \ scalarmult5.nexe \ scalarmult6.nexe \ scalarmult7.nexe \ + scalarmult8.nexe \ secretbox.nexe \ secretbox2.nexe \ secretbox7.nexe \ @@ -356,6 +360,7 @@ TESTS_TARGETS = \ scalarmult5 \ scalarmult6 \ scalarmult7 \ + scalarmult8 \ secretbox \ secretbox2 \ secretbox7 \ @@ -542,6 +547,9 @@ scalarmult6_LDADD = $(TESTS_LDADD) scalarmult7_SOURCE = cmptest.h scalarmult7.c scalarmult7_LDADD = $(TESTS_LDADD) +scalarmult8_SOURCE = cmptest.h scalarmult8.c +scalarmult8_LDADD = $(TESTS_LDADD) + secretbox_SOURCE = cmptest.h secretbox.c secretbox_LDADD = $(TESTS_LDADD) diff --git a/test/default/scalarmult8.c b/test/default/scalarmult8.c new file mode 100644 index 00000000..37a48143 --- /dev/null +++ b/test/default/scalarmult8.c @@ -0,0 +1,580 @@ + +#define TEST_NAME "scalarmult8" +#include "cmptest.h" + +typedef struct TestData_ { + const char pk[crypto_scalarmult_BYTES * 2 + 1]; + const char sk[crypto_scalarmult_SCALARBYTES * 2 + 1]; + const char shared[crypto_scalarmult_BYTES * 2 + 1]; + const char *outcome; +} TestData; + +static TestData test_data[] = { + { + "9c647d9ae589b9f58fdc3ca4947efbc915c4b2e08e744a0edf469dac59c8f85a", + "4852834d9d6b77dadeabaaf2e11dca66d19fe74993a7bec36c6e16a0983feaba", + "87b7f212b627f7a54ca5e0bcdaddd5389d9de6156cdbcf8ebe14ffbcfb436551", + "valid", + }, + { + "9c647d9ae589b9f58fdc3ca4947efbc915c4b2e08e744a0edf469dac59c8f85a", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "4b82bd8650ea9b81a42181840926a4ffa16434d1bf298de1db87efb5b0a9e34e", + "valid", + }, + { + "63aa40c6e38346c5caf23a6df0a5e6c80889a08647e551b3563449befcfc9733", + "588c061a50804ac488ad774ac716c3f5ba714b2712e048491379a500211998a8", + "b1a707519495ffffb298ff941716b06dfab87cf8d91123fe2be9a233dda22212", + "acceptable", + }, + { + "0f83c36fded9d32fadf4efa3ae93a90bb5cfa66893bc412c43fa7287dbb99779", + "b05bfd32e55325d9fd648cb302848039000b390e44d521e58aab3b29a6960ba8", + "67dd4a6e165533534c0e3f172e4ab8576bca923a5f07b2c069b4c310ff2e935b", + "acceptable", + }, + { + "0b8211a2b6049097f6871c6c052d3c5fc1ba17da9e32ae458403b05bb283092a", + "70e34bcbe1f47fbc0fddfd7c1e1aa53d57bfe0f66d243067b424bb6210bed19c", + "4a0638cfaa9ef1933b47f8939296a6b25be541ef7f70e844c0bcc00b134de64a", + "acceptable", + }, + { + "343ac20a3b9c6a27b1008176509ad30735856ec1c8d8fcae13912d08d152f46c", + "68c1f3a653a4cdb1d37bba94738f8b957a57beb24d646e994dc29a276aad458d", + "399491fce8dfab73b4f9f611de8ea0b27b28f85994250b0f475d585d042ac207", + "acceptable", + }, + { + "fa695fc7be8d1be5bf704898f388c452bafdd3b8eae805f8681a8d15c2d4e142", + "d877b26d06dff9d9f7fd4c5b3769f8cdd5b30516a5ab806be324ff3eb69ea0b2", + "2c4fe11d490a53861776b13b4354abd4cf5a97699db6e6c68c1626d07662f758", + "acceptable", + }, + { + "0000000000000000000000000000000000000000000000000000000000000000", + "207494038f2bb811d47805bcdf04a2ac585ada7f2f23389bfd4658f9ddd4debc", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "0100000000000000000000000000000000000000000000000000000000000000", + "202e8972b61c7e61930eb9450b5070eae1c670475685541f0476217e4818cfab", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "0200000000000000000000000000000000000000000000000000000000000000", + "38dde9f3e7b799045f9ac3793d4a9277dadeadc41bec0290f81f744f73775f84", + "9a2cfe84ff9c4a9739625cae4a3b82a906877a441946f8d7b3d795fe8f5d1639", + "acceptable", + }, + { + "0300000000000000000000000000000000000000000000000000000000000000", + "9857a914e3c29036fd9a442ba526b5cdcdf28216153e636c10677acab6bd6aa5", + "4da4e0aa072c232ee2f0fa4e519ae50b52c1edd08a534d4ef346c2e106d21d60", + "acceptable", + }, + { + "ffffff030000f8ffff1f0000c0ffffff000000feffff070000f0ffff3f000000", + "48e2130d723305ed05e6e5894d398a5e33367a8c6aac8fcdf0a88e4b42820db7", + "9ed10c53747f647f82f45125d3de15a1e6b824496ab40410ffcc3cfe95760f3b", + "acceptable", + }, + { + "000000fcffff070000e0ffff3f000000ffffff010000f8ffff0f0000c0ffff7f", + "28f41011691851b3a62b641553b30d0dfddcb8fffcf53700a7be2f6a872e9fb0", + "cf72b4aa6aa1c9f894f4165b86109aa468517648e1f0cc70e1ab08460176506b", + "acceptable", + }, + { + "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffff7f", + "18a93b6499b9f6b3225ca02fef410e0adec23532321d2d8ef1a6d602a8c65b83", + "5d50b62836bb69579410386cf7bb811c14bf85b1c7b17e5924c7ffea91ef9e12", + "acceptable", + }, + { + "eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "c01d1305a1338a1fcac2ba7e2e032b427e0b04903165aca957d8d0553d8717b0", + "19230eb148d5d67c3c22ab1daeff80a57eae4265ce2872657b2c8099fc698e50", + "acceptable", + }, + { + "0400000000000000000000000000000000000000000000000000000000000000", + "386f7f16c50731d64f82e6a170b142a4e34f31fd7768fcb8902925e7d1e21abe", + "0fcab5d842a078d7a71fc59b57bfb4ca0be6873b49dcdb9f44e14ae8fbdfa542", + "valid", + }, + { + "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000", + "e023a289bd5e90fa2804ddc019a05ef3e79d434bb6ea2f522ecb643a75296e95", + "54ce8f2275c077e3b1306a3939c5e03eef6bbb88060544758d9fef59b0bc3e4f", + "valid", + }, + { + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03", + "68f010d62ee8d926053a361c3a75c6ea4ebdc8606ab285003a6f8f4076b01e83", + "f136775c5beb0af8110af10b20372332043cab752419678775a223df57c9d30d", + "valid", + }, + { + "fffffffbfffffbffffdfffffdffffffffefffffefffff7fffff7ffffbfffff3f", + "58ebcb35b0f8845caf1ec630f96576b62c4b7b6c36b29deb2cb0084651755c96", + "bf9affd06b844085586460962ef2146ff3d4533d9444aab006eb88cc3054407d", + "valid", + }, + { + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", + "188c4bc5b9c44b38bb658b9b2ae82d5b01015e093184b17cb7863503a783e1bb", + "d480de04f699cb3be0684a9cc2e31281ea0bc5a9dcc157d3d20158d46ca5246d", + "valid", + }, + { + "fffffffffeffff7ffffffffffeffff7ffffffffffeffff7ffffffffffeffff7f", + "e06c11bb2e13ce3dc7673f67f5482242909423a9ae95ee986a988d98faee23a2", + "4c4401cce6b51e4cb18f2790246c9bf914db667750a1cb89069092af07292276", + "valid", + }, + { + "ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "c0658c46dde18129293877535b1162b6f9f5414a23cf4d2cbc140a4d99da2b8f", + "578ba8cc2dbdc575afcf9df2b3ee6189f5337d6854c79b4ce165ea12293b3a0f", + "valid", + }, + { + "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800", + "10255c9230a97a30a458ca284a629669293a31890cda9d147febc7d1e22d6bb1", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157", + "78f1e8edf14481b389448dac8f59c70b038e7cf92ef2c7eff57a72466e115296", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "a0a05a3e8f9f44204d5f8059a94ac7dfc39a49ac016dd743dbfa43c5d671fd88", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "d0dbb3ed1906663f15420af31f4eaf6509d9a9949723500605ad7c1c6e7450a9", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "c0b1d0eb22b244fe3291140072cdd9d989b5f0ecd96c100feb5bca241c1d9f8f", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "0000000000000000000000000000000000000000000000000000000000000080", + "480bf45f594942a8bc0f3353c6e8b8853d77f351f1c2ca6c2d1abf8a00b4229c", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "0100000000000000000000000000000000000000000000000000000000000080", + "30f993fcf8514fc89bd8db14cd43ba0d4b2530e73c4276a05e1b145d420cedb4", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880", + "c04974b758380e2a5b5df6eb09bb2f6b3434f982722a8e676d3da251d1b3de83", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7", + "502a31373db32446842fe5add3e024022ea54f274182afc3d9f1bb3d39534eb5", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "90fa6417b0e37030fd6e43eff2abaef14c6793117a039cf621318ba90f4e98be", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "78ad3f26027f1c9fdd975a1613b947779bad2cf2b741ade01840885a30bb979c", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "98e23de7b1e0926ed9c87e7b14baf55f497a1d7096f93977680e44dc1c7b7b8b", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "0000000000000000000000000000000000000000000000000000000000000000", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "0100000000000000000000000000000000000000000000000000000000000000", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "0000000000000000000000000000000000000000000000000000000000000080", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "0100000000000000000000000000000000000000000000000000000000000080", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", + "0000000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "efffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "f01e48dafac9d7bcf589cbc382c878d18bda3550589ffb5d50b523bebe329dae", + "bd36a0790eb883098c988b21786773de0b3a4df162282cf110de18dd484ce74b", + "acceptable", + }, + { + "f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "288796bc5aff4b81a37501757bc0753a3c21964790d38699308debc17a6eaf8d", + "b4e0dd76da7b071728b61f856771aa356e57eda78a5b1655cc3820fb5f854c5c", + "acceptable", + }, + { + "f1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "98df845f6651bf1138221f119041f72b6dbc3c4ace7143d99fd55ad867480da8", + "6fdf6c37611dbd5304dc0f2eb7c9517eb3c50e12fd050ac6dec27071d4bfc034", + "acceptable", + }, + { + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "f09498e46f02f878829e78b803d316a2ed695d0498a08abdf8276930e24edcb0", + "4c8fc4b1c6ab88fb21f18f6d4c810240d4e94651ba44f7a2c863cec7dc56602d", + "acceptable", + }, + { + "0200000000000000000000000000000000000000000000000000000000000080", + "1813c10a5c7f21f96e17f288c0cc37607c04c5f5aea2db134f9e2ffc66bd9db8", + "1cd0b28267dc541c642d6d7dca44a8b38a63736eef5c4e6501ffbbb1780c033c", + "acceptable", + }, + { + "0300000000000000000000000000000000000000000000000000000000000080", + "7857fb808653645a0beb138a64f5f4d733a45ea84c3cda11a9c06f7e7139149e", + "8755be01c60a7e825cff3e0e78cb3aa4333861516aa59b1c51a8b2a543dfa822", + "acceptable", + }, + { + "0400000000000000000000000000000000000000000000000000000000000080", + "e03aa842e2abc56e81e87b8b9f417b2a1e5913c723eed28d752f8d47a59f498f", + "54c9a1ed95e546d27822a360931dda60a1df049da6f904253c0612bbdc087476", + "acceptable", + }, + { + "daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "f8f707b7999b18cb0d6b96124f2045972ca274bfc154ad0c87038c24c6d0d4b2", + "cc1f40d743cdc2230e1043daba8b75e810f1fbab7f255269bd9ebb29e6bf494f", + "acceptable", + }, + { + "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "a034f684fa631e1a348118c1ce4c98231f2d9eec9ba5365b4a05d69a785b0796", + "54998ee43a5b007bf499f078e736524400a8b5c7e9b9b43771748c7cdf880412", + "acceptable", + }, + { + "dcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "30b6c6a0f2ffa680768f992ba89e152d5bc9893d38c9119be4f767bfab6e0ca5", + "ead9b38efdd723637934e55ab717a7ae09eb86a21dc36a3feeb88b759e391e09", + "acceptable", + }, + { + "eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "901b9dcf881e01e027575035d40b43bdc1c5242e030847495b0c7286469b6591", + "602ff40789b54b41805915fe2a6221f07a50ffc2c3fc94cf61f13d7904e88e0e", + "acceptable", + }, + { + "ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "8046677c28fd82c9a1bdb71a1a1a34faba1225e2507fe3f54d10bd5b0d865f8e", + "e00ae8b143471247ba24f12c885536c3cb981b58e1e56b2baf35c12ae1f79c26", + "acceptable", + }, + { + "efffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "602f7e2f68a846b82cc269b1d48e939886ae54fd636c1fe074d710127d472491", + "98cb9b50dd3fc2b0d4f2d2bf7c5cfdd10c8fcd31fc40af1ad44f47c131376362", + "acceptable", + }, + { + "f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "60887b3dc72443026ebedbbbb70665f42b87add1440e7768fbd7e8e2ce5f639d", + "38d6304c4a7e6d9f7959334fb5245bd2c754525d4c91db950206926234c1f633", + "acceptable", + }, + { + "f1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "78d31dfa854497d72d8def8a1b7fb006cec2d8c4924647c93814ae56faeda495", + "786cd54996f014a5a031ec14db812ed08355061fdb5de680a800ac521f318e23", + "acceptable", + }, + { + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "c04c5baefa8302ddded6a4bb957761b4eb97aefa4fc3b8043085f96a5659b3a5", + "29ae8bc73e9b10a08b4f681c43c3e0ac1a171d31b38f1a48efba29ae639ea134", + "acceptable", + }, + { + "e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c", + "a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44", + "c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552", + "valid", + }, + { + "e5210f12786811d3f4b7959d0538ae2c31dbe7106fc03c3efc4cd549c715a413", + "4866e9d4d1b4673c5ad22691957d6af5c11b6421e0ea01d42ca4169e7918ba4d", + "95cbde9476e8907d7aade45cb4b873f88b595a68799fa152e6f8f7647aac7957", + "valid", + }, + { + "0ab4e76380d84dde4f6833c58f2a9fb8f83bb0169b172be4b6e0592887741a36", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "0200000000000000000000000000000000000000000000000000000000000000", + "acceptable", + }, + { + "89e10d5701b4337d2d032181538b1064bd4084401ceca1fd12663a1959388000", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "0900000000000000000000000000000000000000000000000000000000000000", + "valid", + }, + { + "2b55d3aa4a8f80c8c0b2ae5f933e85af49beac36c2fa7394bab76c8933f8f81d", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "1000000000000000000000000000000000000000000000000000000000000000", + "valid", + }, + { + "63e5b1fe9601fe84385d8866b0421262f78fbfa5aff9585e626679b18547d959", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", + "acceptable", + }, + { + "e428f3dac17809f827a522ce32355058d07369364aa78902ee10139b9f9dd653", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "fcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", + "valid", + }, + { + "b3b50e3ed3a407b95de942ef74575b5ab8a10c09ee103544d60bdfed8138ab2b", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "f9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", + "acceptable", + }, + { + "213fffe93d5ea8cd242e462844029922c43c77c9e3e42f562f485d24c501a20b", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "f3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", + "valid", + }, + { + "91b232a178b3cd530932441e6139418f72172292f1da4c1834fc5ebfefb51e3f", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03", + "valid", + }, + { + "045c6e11c5d332556c7822fe94ebf89b56a3878dc27ca079103058849fabcb4f", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "e5ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "acceptable", + }, + { + "1ca2190b71163539063c35773bda0c9c928e9136f0620aeb093f099197b7f74e", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "e3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "acceptable", + }, + { + "f76e9010ac33c5043b2d3b76a842171000c4916222e9e85897a0aec7f6350b3c", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "ddffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "valid", + }, + { + "bb72688d8f8aa7a39cd6060cd5c8093cdec6fe341937c3886a99346cd07faa55", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "acceptable", + }, + { + "88fddea193391c6a5933ef9b71901549447205aae9da928a6b91a352ba10f41f", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "0000000000000000000000000000000000000000000000000000000000000002", + "acceptable", + }, + { + "303b392f153116cad9cc682a00ccc44c95ff0d3bbe568beb6c4e739bafdc2c68", + "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", + "0000000000000000000000000000000000000000000000000000000000008000", + "acceptable", + }, + { + "fd300aeb40e1fa582518412b49b208a7842b1e1f056a040178ea4141534f652d", + "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", + "b734105dc257585d73b566ccb76f062795ccbec89128e52b02f3e59639f13c46", + "valid", + }, + { + "c8ef79b514d7682677bc7931e06ee5c27c9b392b4ae9484473f554e6678ecc2e", + "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", + "647a46b6fc3f40d62141ee3cee706b4d7a9271593a7b143e8e2e2279883e4550", + "valid", + }, + { + "64aeac2504144861532b7bbcb6c87d67dd4c1f07ebc2e06effb95aecc6170b2c", + "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", + "4ff03d5fb43cd8657a3cf37c138cadcecce509e4eba089d0ef40b4e4fb946155", + "valid", + }, + { + "bf68e35e9bdb7eee1b50570221860f5dcdad8acbab031b14974cc49013c49831", + "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", + "21cee52efdbc812e1d021a4af1e1d8bc4db3c400e4d2a2c56a3926db4d99c65b", + "valid", + }, + { + "5347c491331a64b43ddc683034e677f53dc32b52a52a577c15a83bf298e99f19", + "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", + "18cb89e4e20c0c2bd324305245266c9327690bbe79acb88f5b8fb3f74eca3e52", + "valid", + }, + { + "258e04523b8d253ee65719fc6906c657192d80717edc828fa0af21686e2faa75", + "a023cdd083ef5bb82f10d62e59e15a6800000000000000000000000000000050", + "258e04523b8d253ee65719fc6906c657192d80717edc828fa0af21686e2faa75", + "valid", + }, + { + "2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035", + "58083dd261ad91eff952322ec824c682ffffffffffffffffffffffffffffff5f", + "2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035", + "acceptable", + } +}; + +int +main(void) +{ + unsigned char sk[crypto_scalarmult_SCALARBYTES]; + unsigned char pk[crypto_scalarmult_BYTES]; + unsigned char shared[crypto_scalarmult_BYTES]; + unsigned char shared2[crypto_scalarmult_BYTES]; + unsigned int i; + int res; + + for (i = 0U; i < (sizeof test_data) / (sizeof test_data[0]); i++) { + sodium_hex2bin(sk, crypto_scalarmult_SCALARBYTES, test_data[i].sk, + crypto_scalarmult_SCALARBYTES * 2, NULL, NULL, NULL); + sodium_hex2bin(pk, crypto_scalarmult_BYTES, test_data[i].pk, + crypto_scalarmult_BYTES * 2, NULL, NULL, NULL); + sodium_hex2bin(shared, crypto_scalarmult_BYTES, test_data[i].shared, + crypto_scalarmult_BYTES * 2, NULL, NULL, NULL); + randombytes_buf(shared2, crypto_scalarmult_BYTES); + res = crypto_scalarmult(shared2, sk, pk); + if (res == 0) { + if (strcmp(test_data[i].outcome, "acceptable") == 0) { + printf("test case %u succeeded (%s)\n", i, + test_data[i].outcome); + } else if (strcmp(test_data[i].outcome, "valid") != 0) { + printf("*** test case %u succeeded, was supposed to be %s\n", i, + test_data[i].outcome); + } + if (memcmp(shared, shared2, crypto_scalarmult_BYTES) != 0) { + printf("*** test case %u succeeded, but shared key is not %s\n", + i, test_data[i].shared); + } + } else { + if (strcmp(test_data[i].outcome, "acceptable") == 0) { + printf("test case %u failed (%s)\n", i, test_data[i].outcome); + } else if (strcmp(test_data[i].outcome, "valid") == 0) { + printf("*** test case %u failed, was supposed to be %s\n", i, + test_data[i].outcome); + } + } + } + printf("OK\n"); + + return 0; +} diff --git a/test/default/scalarmult8.exp b/test/default/scalarmult8.exp new file mode 100644 index 00000000..320ff64f --- /dev/null +++ b/test/default/scalarmult8.exp @@ -0,0 +1,65 @@ +test case 2 succeeded (acceptable) +test case 3 succeeded (acceptable) +test case 4 succeeded (acceptable) +test case 5 succeeded (acceptable) +test case 6 succeeded (acceptable) +test case 7 failed (acceptable) +test case 8 failed (acceptable) +test case 9 succeeded (acceptable) +test case 10 succeeded (acceptable) +test case 11 succeeded (acceptable) +test case 12 succeeded (acceptable) +test case 13 succeeded (acceptable) +test case 14 succeeded (acceptable) +test case 22 failed (acceptable) +test case 23 failed (acceptable) +test case 24 failed (acceptable) +test case 25 failed (acceptable) +test case 26 failed (acceptable) +test case 27 failed (acceptable) +test case 28 failed (acceptable) +test case 29 failed (acceptable) +test case 30 failed (acceptable) +test case 31 failed (acceptable) +test case 32 failed (acceptable) +test case 33 failed (acceptable) +test case 34 failed (acceptable) +test case 35 failed (acceptable) +test case 36 failed (acceptable) +test case 37 failed (acceptable) +test case 38 failed (acceptable) +test case 39 failed (acceptable) +test case 40 failed (acceptable) +test case 41 failed (acceptable) +test case 42 failed (acceptable) +test case 43 failed (acceptable) +test case 44 failed (acceptable) +test case 45 failed (acceptable) +test case 46 failed (acceptable) +test case 47 failed (acceptable) +test case 48 succeeded (acceptable) +test case 49 succeeded (acceptable) +test case 50 succeeded (acceptable) +test case 51 succeeded (acceptable) +test case 52 succeeded (acceptable) +test case 53 succeeded (acceptable) +test case 54 succeeded (acceptable) +test case 55 succeeded (acceptable) +test case 56 succeeded (acceptable) +test case 57 succeeded (acceptable) +test case 58 succeeded (acceptable) +test case 59 succeeded (acceptable) +test case 60 succeeded (acceptable) +test case 61 succeeded (acceptable) +test case 62 succeeded (acceptable) +test case 63 succeeded (acceptable) +test case 66 succeeded (acceptable) +test case 69 succeeded (acceptable) +test case 71 succeeded (acceptable) +test case 74 succeeded (acceptable) +test case 75 succeeded (acceptable) +test case 77 succeeded (acceptable) +test case 78 succeeded (acceptable) +test case 79 succeeded (acceptable) +test case 86 succeeded (acceptable) +OK From ab4ab23d5744a8e060864a7cec1a7f9b059f9ddd Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 29 Aug 2018 16:04:40 +0200 Subject: [PATCH 090/190] x25519_ref: ignore the high bit in the small order PK check --- .../curve25519/ref10/x25519_ref10.c | 51 +++++++++++++------ 1 file changed, 36 insertions(+), 15 deletions(-) diff --git a/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c b/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c index 7b93a724..4272ae24 100644 --- a/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c +++ b/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c @@ -18,29 +18,50 @@ has_small_order(const unsigned char s[32]) { CRYPTO_ALIGN(16) static const unsigned char blacklist[][32] = { - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 }, - { 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 }, - { 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, - { 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, - { 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, - { 0xcd, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x80 }, - { 0x4c, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0xd7 }, - { 0xd9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, - { 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, - { 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } + /* 0 (order 4) */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + /* 1 (order 1) */ + { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + /* 325606250916557431795983626356110631294008115727848805560023387167927233504 + (order 8) */ + { 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, + 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, + 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 }, + /* 39382357235489614581723060781553021112529911719440698176882885853963445705823 + (order 8) */ + { 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, + 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, + 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 }, + /* p-1 (order 2) */ + { 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, + /* p (=0, order 4) */ + { 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, + /* p+1 (=1, order 1) */ + { 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f } }; - unsigned char c[12] = { 0 }; + unsigned char c[7] = { 0 }; unsigned int k; size_t i, j; - COMPILER_ASSERT(12 == sizeof blacklist / sizeof blacklist[0]); - for (j = 0; j < 32; j++) { + COMPILER_ASSERT(7 == sizeof blacklist / sizeof blacklist[0]); + for (j = 0; j < 31; j++) { for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) { c[i] |= s[j] ^ blacklist[i][j]; } } + for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) { + c[i] |= (s[j] & 0x7f) ^ blacklist[i][j]; + } k = 0; for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) { k |= (c[i] - 1); From cdc4822c92d0d7a8a72a5ed9b90b56545d483aac Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 30 Aug 2018 09:26:16 +0200 Subject: [PATCH 091/190] Remove unneeded trailing commas --- test/default/scalarmult8.c | 174 ++++++++++++++++++------------------- 1 file changed, 87 insertions(+), 87 deletions(-) diff --git a/test/default/scalarmult8.c b/test/default/scalarmult8.c index 37a48143..24885f3b 100644 --- a/test/default/scalarmult8.c +++ b/test/default/scalarmult8.c @@ -14,523 +14,523 @@ static TestData test_data[] = { "9c647d9ae589b9f58fdc3ca4947efbc915c4b2e08e744a0edf469dac59c8f85a", "4852834d9d6b77dadeabaaf2e11dca66d19fe74993a7bec36c6e16a0983feaba", "87b7f212b627f7a54ca5e0bcdaddd5389d9de6156cdbcf8ebe14ffbcfb436551", - "valid", + "valid" }, { "9c647d9ae589b9f58fdc3ca4947efbc915c4b2e08e744a0edf469dac59c8f85a", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "4b82bd8650ea9b81a42181840926a4ffa16434d1bf298de1db87efb5b0a9e34e", - "valid", + "valid" }, { "63aa40c6e38346c5caf23a6df0a5e6c80889a08647e551b3563449befcfc9733", "588c061a50804ac488ad774ac716c3f5ba714b2712e048491379a500211998a8", "b1a707519495ffffb298ff941716b06dfab87cf8d91123fe2be9a233dda22212", - "acceptable", + "acceptable" }, { "0f83c36fded9d32fadf4efa3ae93a90bb5cfa66893bc412c43fa7287dbb99779", "b05bfd32e55325d9fd648cb302848039000b390e44d521e58aab3b29a6960ba8", "67dd4a6e165533534c0e3f172e4ab8576bca923a5f07b2c069b4c310ff2e935b", - "acceptable", + "acceptable" }, { "0b8211a2b6049097f6871c6c052d3c5fc1ba17da9e32ae458403b05bb283092a", "70e34bcbe1f47fbc0fddfd7c1e1aa53d57bfe0f66d243067b424bb6210bed19c", "4a0638cfaa9ef1933b47f8939296a6b25be541ef7f70e844c0bcc00b134de64a", - "acceptable", + "acceptable" }, { "343ac20a3b9c6a27b1008176509ad30735856ec1c8d8fcae13912d08d152f46c", "68c1f3a653a4cdb1d37bba94738f8b957a57beb24d646e994dc29a276aad458d", "399491fce8dfab73b4f9f611de8ea0b27b28f85994250b0f475d585d042ac207", - "acceptable", + "acceptable" }, { "fa695fc7be8d1be5bf704898f388c452bafdd3b8eae805f8681a8d15c2d4e142", "d877b26d06dff9d9f7fd4c5b3769f8cdd5b30516a5ab806be324ff3eb69ea0b2", "2c4fe11d490a53861776b13b4354abd4cf5a97699db6e6c68c1626d07662f758", - "acceptable", + "acceptable" }, { "0000000000000000000000000000000000000000000000000000000000000000", "207494038f2bb811d47805bcdf04a2ac585ada7f2f23389bfd4658f9ddd4debc", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "0100000000000000000000000000000000000000000000000000000000000000", "202e8972b61c7e61930eb9450b5070eae1c670475685541f0476217e4818cfab", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "0200000000000000000000000000000000000000000000000000000000000000", "38dde9f3e7b799045f9ac3793d4a9277dadeadc41bec0290f81f744f73775f84", "9a2cfe84ff9c4a9739625cae4a3b82a906877a441946f8d7b3d795fe8f5d1639", - "acceptable", + "acceptable" }, { "0300000000000000000000000000000000000000000000000000000000000000", "9857a914e3c29036fd9a442ba526b5cdcdf28216153e636c10677acab6bd6aa5", "4da4e0aa072c232ee2f0fa4e519ae50b52c1edd08a534d4ef346c2e106d21d60", - "acceptable", + "acceptable" }, { "ffffff030000f8ffff1f0000c0ffffff000000feffff070000f0ffff3f000000", "48e2130d723305ed05e6e5894d398a5e33367a8c6aac8fcdf0a88e4b42820db7", "9ed10c53747f647f82f45125d3de15a1e6b824496ab40410ffcc3cfe95760f3b", - "acceptable", + "acceptable" }, { "000000fcffff070000e0ffff3f000000ffffff010000f8ffff0f0000c0ffff7f", "28f41011691851b3a62b641553b30d0dfddcb8fffcf53700a7be2f6a872e9fb0", "cf72b4aa6aa1c9f894f4165b86109aa468517648e1f0cc70e1ab08460176506b", - "acceptable", + "acceptable" }, { "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffff7f", "18a93b6499b9f6b3225ca02fef410e0adec23532321d2d8ef1a6d602a8c65b83", "5d50b62836bb69579410386cf7bb811c14bf85b1c7b17e5924c7ffea91ef9e12", - "acceptable", + "acceptable" }, { "eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "c01d1305a1338a1fcac2ba7e2e032b427e0b04903165aca957d8d0553d8717b0", "19230eb148d5d67c3c22ab1daeff80a57eae4265ce2872657b2c8099fc698e50", - "acceptable", + "acceptable" }, { "0400000000000000000000000000000000000000000000000000000000000000", "386f7f16c50731d64f82e6a170b142a4e34f31fd7768fcb8902925e7d1e21abe", "0fcab5d842a078d7a71fc59b57bfb4ca0be6873b49dcdb9f44e14ae8fbdfa542", - "valid", + "valid" }, { "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000", "e023a289bd5e90fa2804ddc019a05ef3e79d434bb6ea2f522ecb643a75296e95", "54ce8f2275c077e3b1306a3939c5e03eef6bbb88060544758d9fef59b0bc3e4f", - "valid", + "valid" }, { "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03", "68f010d62ee8d926053a361c3a75c6ea4ebdc8606ab285003a6f8f4076b01e83", "f136775c5beb0af8110af10b20372332043cab752419678775a223df57c9d30d", - "valid", + "valid" }, { "fffffffbfffffbffffdfffffdffffffffefffffefffff7fffff7ffffbfffff3f", "58ebcb35b0f8845caf1ec630f96576b62c4b7b6c36b29deb2cb0084651755c96", "bf9affd06b844085586460962ef2146ff3d4533d9444aab006eb88cc3054407d", - "valid", + "valid" }, { "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", "188c4bc5b9c44b38bb658b9b2ae82d5b01015e093184b17cb7863503a783e1bb", "d480de04f699cb3be0684a9cc2e31281ea0bc5a9dcc157d3d20158d46ca5246d", - "valid", + "valid" }, { "fffffffffeffff7ffffffffffeffff7ffffffffffeffff7ffffffffffeffff7f", "e06c11bb2e13ce3dc7673f67f5482242909423a9ae95ee986a988d98faee23a2", "4c4401cce6b51e4cb18f2790246c9bf914db667750a1cb89069092af07292276", - "valid", + "valid" }, { "ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "c0658c46dde18129293877535b1162b6f9f5414a23cf4d2cbc140a4d99da2b8f", "578ba8cc2dbdc575afcf9df2b3ee6189f5337d6854c79b4ce165ea12293b3a0f", - "valid", + "valid" }, { "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800", "10255c9230a97a30a458ca284a629669293a31890cda9d147febc7d1e22d6bb1", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157", "78f1e8edf14481b389448dac8f59c70b038e7cf92ef2c7eff57a72466e115296", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "a0a05a3e8f9f44204d5f8059a94ac7dfc39a49ac016dd743dbfa43c5d671fd88", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "d0dbb3ed1906663f15420af31f4eaf6509d9a9949723500605ad7c1c6e7450a9", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "c0b1d0eb22b244fe3291140072cdd9d989b5f0ecd96c100feb5bca241c1d9f8f", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "0000000000000000000000000000000000000000000000000000000000000080", "480bf45f594942a8bc0f3353c6e8b8853d77f351f1c2ca6c2d1abf8a00b4229c", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "0100000000000000000000000000000000000000000000000000000000000080", "30f993fcf8514fc89bd8db14cd43ba0d4b2530e73c4276a05e1b145d420cedb4", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880", "c04974b758380e2a5b5df6eb09bb2f6b3434f982722a8e676d3da251d1b3de83", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7", "502a31373db32446842fe5add3e024022ea54f274182afc3d9f1bb3d39534eb5", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "90fa6417b0e37030fd6e43eff2abaef14c6793117a039cf621318ba90f4e98be", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "78ad3f26027f1c9fdd975a1613b947779bad2cf2b741ade01840885a30bb979c", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "98e23de7b1e0926ed9c87e7b14baf55f497a1d7096f93977680e44dc1c7b7b8b", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "0000000000000000000000000000000000000000000000000000000000000000", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "0100000000000000000000000000000000000000000000000000000000000000", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f1157", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b800", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "0000000000000000000000000000000000000000000000000000000000000080", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "0100000000000000000000000000000000000000000000000000000000000080", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "5f9c95bca3508c24b1d0b1559c83ef5b04445cc4581c8e86d8224eddd09f11d7", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "e0eb7a7c3b41b8ae1656e3faf19fc46ada098deb9c32b1fd866205165f49b880", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "eeffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "1064a67da639a8f6df4fbea2d63358b65bca80a770712e14ea8a72df5a3313ae", "0000000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "efffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "f01e48dafac9d7bcf589cbc382c878d18bda3550589ffb5d50b523bebe329dae", "bd36a0790eb883098c988b21786773de0b3a4df162282cf110de18dd484ce74b", - "acceptable", + "acceptable" }, { "f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "288796bc5aff4b81a37501757bc0753a3c21964790d38699308debc17a6eaf8d", "b4e0dd76da7b071728b61f856771aa356e57eda78a5b1655cc3820fb5f854c5c", - "acceptable", + "acceptable" }, { "f1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "98df845f6651bf1138221f119041f72b6dbc3c4ace7143d99fd55ad867480da8", "6fdf6c37611dbd5304dc0f2eb7c9517eb3c50e12fd050ac6dec27071d4bfc034", - "acceptable", + "acceptable" }, { "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", "f09498e46f02f878829e78b803d316a2ed695d0498a08abdf8276930e24edcb0", "4c8fc4b1c6ab88fb21f18f6d4c810240d4e94651ba44f7a2c863cec7dc56602d", - "acceptable", + "acceptable" }, { "0200000000000000000000000000000000000000000000000000000000000080", "1813c10a5c7f21f96e17f288c0cc37607c04c5f5aea2db134f9e2ffc66bd9db8", "1cd0b28267dc541c642d6d7dca44a8b38a63736eef5c4e6501ffbbb1780c033c", - "acceptable", + "acceptable" }, { "0300000000000000000000000000000000000000000000000000000000000080", "7857fb808653645a0beb138a64f5f4d733a45ea84c3cda11a9c06f7e7139149e", "8755be01c60a7e825cff3e0e78cb3aa4333861516aa59b1c51a8b2a543dfa822", - "acceptable", + "acceptable" }, { "0400000000000000000000000000000000000000000000000000000000000080", "e03aa842e2abc56e81e87b8b9f417b2a1e5913c723eed28d752f8d47a59f498f", "54c9a1ed95e546d27822a360931dda60a1df049da6f904253c0612bbdc087476", - "acceptable", + "acceptable" }, { "daffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "f8f707b7999b18cb0d6b96124f2045972ca274bfc154ad0c87038c24c6d0d4b2", "cc1f40d743cdc2230e1043daba8b75e810f1fbab7f255269bd9ebb29e6bf494f", - "acceptable", + "acceptable" }, { "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "a034f684fa631e1a348118c1ce4c98231f2d9eec9ba5365b4a05d69a785b0796", "54998ee43a5b007bf499f078e736524400a8b5c7e9b9b43771748c7cdf880412", - "acceptable", + "acceptable" }, { "dcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "30b6c6a0f2ffa680768f992ba89e152d5bc9893d38c9119be4f767bfab6e0ca5", "ead9b38efdd723637934e55ab717a7ae09eb86a21dc36a3feeb88b759e391e09", - "acceptable", + "acceptable" }, { "eaffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "901b9dcf881e01e027575035d40b43bdc1c5242e030847495b0c7286469b6591", "602ff40789b54b41805915fe2a6221f07a50ffc2c3fc94cf61f13d7904e88e0e", - "acceptable", + "acceptable" }, { "ebffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "8046677c28fd82c9a1bdb71a1a1a34faba1225e2507fe3f54d10bd5b0d865f8e", "e00ae8b143471247ba24f12c885536c3cb981b58e1e56b2baf35c12ae1f79c26", - "acceptable", + "acceptable" }, { "efffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "602f7e2f68a846b82cc269b1d48e939886ae54fd636c1fe074d710127d472491", "98cb9b50dd3fc2b0d4f2d2bf7c5cfdd10c8fcd31fc40af1ad44f47c131376362", - "acceptable", + "acceptable" }, { "f0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "60887b3dc72443026ebedbbbb70665f42b87add1440e7768fbd7e8e2ce5f639d", "38d6304c4a7e6d9f7959334fb5245bd2c754525d4c91db950206926234c1f633", - "acceptable", + "acceptable" }, { "f1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "78d31dfa854497d72d8def8a1b7fb006cec2d8c4924647c93814ae56faeda495", "786cd54996f014a5a031ec14db812ed08355061fdb5de680a800ac521f318e23", - "acceptable", + "acceptable" }, { "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", "c04c5baefa8302ddded6a4bb957761b4eb97aefa4fc3b8043085f96a5659b3a5", "29ae8bc73e9b10a08b4f681c43c3e0ac1a171d31b38f1a48efba29ae639ea134", - "acceptable", + "acceptable" }, { "e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c", "a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44", "c3da55379de9c6908e94ea4df28d084f32eccf03491c71f754b4075577a28552", - "valid", + "valid" }, { "e5210f12786811d3f4b7959d0538ae2c31dbe7106fc03c3efc4cd549c715a413", "4866e9d4d1b4673c5ad22691957d6af5c11b6421e0ea01d42ca4169e7918ba4d", "95cbde9476e8907d7aade45cb4b873f88b595a68799fa152e6f8f7647aac7957", - "valid", + "valid" }, { "0ab4e76380d84dde4f6833c58f2a9fb8f83bb0169b172be4b6e0592887741a36", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "0200000000000000000000000000000000000000000000000000000000000000", - "acceptable", + "acceptable" }, { "89e10d5701b4337d2d032181538b1064bd4084401ceca1fd12663a1959388000", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "0900000000000000000000000000000000000000000000000000000000000000", - "valid", + "valid" }, { "2b55d3aa4a8f80c8c0b2ae5f933e85af49beac36c2fa7394bab76c8933f8f81d", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "1000000000000000000000000000000000000000000000000000000000000000", - "valid", + "valid" }, { "63e5b1fe9601fe84385d8866b0421262f78fbfa5aff9585e626679b18547d959", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", - "acceptable", + "acceptable" }, { "e428f3dac17809f827a522ce32355058d07369364aa78902ee10139b9f9dd653", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "fcffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", - "valid", + "valid" }, { "b3b50e3ed3a407b95de942ef74575b5ab8a10c09ee103544d60bdfed8138ab2b", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "f9ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", - "acceptable", + "acceptable" }, { "213fffe93d5ea8cd242e462844029922c43c77c9e3e42f562f485d24c501a20b", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "f3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff3f", - "valid", + "valid" }, { "91b232a178b3cd530932441e6139418f72172292f1da4c1834fc5ebfefb51e3f", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff03", - "valid", + "valid" }, { "045c6e11c5d332556c7822fe94ebf89b56a3878dc27ca079103058849fabcb4f", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "e5ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", - "acceptable", + "acceptable" }, { "1ca2190b71163539063c35773bda0c9c928e9136f0620aeb093f099197b7f74e", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "e3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", - "acceptable", + "acceptable" }, { "f76e9010ac33c5043b2d3b76a842171000c4916222e9e85897a0aec7f6350b3c", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "ddffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", - "valid", + "valid" }, { "bb72688d8f8aa7a39cd6060cd5c8093cdec6fe341937c3886a99346cd07faa55", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", - "acceptable", + "acceptable" }, { "88fddea193391c6a5933ef9b71901549447205aae9da928a6b91a352ba10f41f", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "0000000000000000000000000000000000000000000000000000000000000002", - "acceptable", + "acceptable" }, { "303b392f153116cad9cc682a00ccc44c95ff0d3bbe568beb6c4e739bafdc2c68", "a0a4f130b98a5be4b1cedb7cb85584a3520e142d474dc9ccb909a073a976bf63", "0000000000000000000000000000000000000000000000000000000000008000", - "acceptable", + "acceptable" }, { "fd300aeb40e1fa582518412b49b208a7842b1e1f056a040178ea4141534f652d", "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", "b734105dc257585d73b566ccb76f062795ccbec89128e52b02f3e59639f13c46", - "valid", + "valid" }, { "c8ef79b514d7682677bc7931e06ee5c27c9b392b4ae9484473f554e6678ecc2e", "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", "647a46b6fc3f40d62141ee3cee706b4d7a9271593a7b143e8e2e2279883e4550", - "valid", + "valid" }, { "64aeac2504144861532b7bbcb6c87d67dd4c1f07ebc2e06effb95aecc6170b2c", "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", "4ff03d5fb43cd8657a3cf37c138cadcecce509e4eba089d0ef40b4e4fb946155", - "valid", + "valid" }, { "bf68e35e9bdb7eee1b50570221860f5dcdad8acbab031b14974cc49013c49831", "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", "21cee52efdbc812e1d021a4af1e1d8bc4db3c400e4d2a2c56a3926db4d99c65b", - "valid", + "valid" }, { "5347c491331a64b43ddc683034e677f53dc32b52a52a577c15a83bf298e99f19", "c81724704000b26d31703cc97e3a378d56fad8219361c88cca8bd7c5719b12b2", "18cb89e4e20c0c2bd324305245266c9327690bbe79acb88f5b8fb3f74eca3e52", - "valid", + "valid" }, { "258e04523b8d253ee65719fc6906c657192d80717edc828fa0af21686e2faa75", "a023cdd083ef5bb82f10d62e59e15a6800000000000000000000000000000050", "258e04523b8d253ee65719fc6906c657192d80717edc828fa0af21686e2faa75", - "valid", + "valid" }, { "2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035", "58083dd261ad91eff952322ec824c682ffffffffffffffffffffffffffffff5f", "2eae5ec3dd494e9f2d37d258f873a8e6e9d0dbd1e383ef64d98bb91b3e0be035", - "acceptable", + "acceptable" } }; From cb22446db12813555e998c2eb5730cc828edfd9b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 30 Aug 2018 09:51:28 +0200 Subject: [PATCH 092/190] Add aes256gcm tests from project wycheproof --- .gitignore | 1 + test/default/Makefile.am | 8 + test/default/aead_aes256gcm2.c | 278 +++++++++++++++++++++++++++++++ test/default/aead_aes256gcm2.exp | 1 + test/default/scalarmult8.c | 14 +- 5 files changed, 295 insertions(+), 7 deletions(-) create mode 100644 test/default/aead_aes256gcm2.c create mode 100644 test/default/aead_aes256gcm2.exp diff --git a/.gitignore b/.gitignore index e2c0f7dc..fdca10f3 100644 --- a/.gitignore +++ b/.gitignore @@ -81,6 +81,7 @@ test/default/*.asm.js test/default/*.res test/default/*.trs test/default/aead_aes256gcm +test/default/aead_aes256gcm2 test/default/aead_chacha20poly1305 test/default/aead_xchacha20poly1305 test/default/auth diff --git a/test/default/Makefile.am b/test/default/Makefile.am index b66d7ae4..1780fc52 100644 --- a/test/default/Makefile.am +++ b/test/default/Makefile.am @@ -4,6 +4,7 @@ EXTRA_DIST = \ wintest.bat \ pre.js.inc \ aead_aes256gcm.exp \ + aead_aes256gcm2.exp \ aead_chacha20poly1305.exp \ aead_xchacha20poly1305.exp \ auth.exp \ @@ -80,6 +81,7 @@ EXTRA_DIST = \ DISTCLEANFILES = \ aead_aes256gcm.res \ + aead_aes256gcm2.res \ aead_chacha20poly1305.res \ aead_xchacha20poly1305.res \ auth.res \ @@ -157,6 +159,7 @@ DISTCLEANFILES = \ if NATIVECLIENT CLEANFILES = \ aead_aes256gcm.final \ + aead_aes256gcm2.final \ aead_chacha20poly1305.final \ aead_xchacha20poly1305.final \ auth.final \ @@ -229,6 +232,7 @@ CLEANFILES = \ verify1.final \ xchacha20.final \ aead_aes256gcm.nexe \ + aead_aes256gcm2.nexe \ aead_chacha20poly1305.nexe \ aead_xchacha20poly1305.nexe \ auth.nexe \ @@ -314,6 +318,7 @@ AM_LDFLAGS = @TEST_LDFLAGS@ TESTS_TARGETS = \ aead_aes256gcm \ + aead_aes256gcm2 \ aead_chacha20poly1305 \ aead_xchacha20poly1305 \ auth \ @@ -397,6 +402,9 @@ TESTS_LDADD = \ aead_aes256gcm_SOURCE = cmptest.h aead_aes256gcm.c aead_aes256gcm_LDADD = $(TESTS_LDADD) +aead_aes256gcm2_SOURCE = cmptest.h aead_aes256gcm2.c +aead_aes256gcm2_LDADD = $(TESTS_LDADD) + aead_chacha20poly1305_SOURCE = cmptest.h aead_chacha20poly1305.c aead_chacha20poly1305_LDADD = $(TESTS_LDADD) diff --git a/test/default/aead_aes256gcm2.c b/test/default/aead_aes256gcm2.c new file mode 100644 index 00000000..5f293320 --- /dev/null +++ b/test/default/aead_aes256gcm2.c @@ -0,0 +1,278 @@ + +#define TEST_NAME "aead_aes256gcm2" +#include "cmptest.h" + +static struct { + const char *key_hex; + const char nonce_hex[crypto_aead_aes256gcm_NPUBBYTES * 2 + 1]; + const char *ad_hex; + const char *message_hex; + const char *detached_ciphertext_hex; + const char mac_hex[crypto_aead_aes256gcm_ABYTES * 2 + 1]; + const char *outcome; +} tests[] = { + { "92ace3e348cd821092cd921aa3546374299ab46209691bc28b8752d17f123c20", + "00112233445566778899aabb", "00000000ffffffff", "00010203040506070809", + "e27abdd2d2a53d2f136b", "9a4a2579529301bcfb71c78d4060f52c", "valid" }, + { "29d3a44f8723dc640239100c365423a312934ac80239212ac3df3421a2098123", + "00112233445566778899aabb", "aabbccddeeff", "", "", + "2a7d77fa526b8250cb296078926b5020", "valid" }, + { "cc56b680552eb75008f5484b4cb803fa5063ebd6eab91f6ab6aef4916a766273", + "99e23ec48985bccdeeab60f1", "", "2a", "06", + "633c1e9703ef744ffffb40edf9d14355", "valid" }, + { "51e4bf2bad92b7aff1a4bc05550ba81df4b96fabf41c12c7b00e60e48db7e152", + "4f07afedfdc3b6c2361823d3", "", "be3308f72a2c6aed", "cf332a12fdee800b", + "602e8d7c4799d62c140c9bb834876b09", "valid" }, + { "67119627bd988eda906219e08c0d0d779a07d208ce8a4fe0709af755eeec6dcb", + "68ab7fdbf61901dad461d23c", "", "51f8c1f731ea14acdb210a6d973e07", + "43fc101bff4b32bfadd3daf57a590e", "ec04aacb7148a8b8be44cb7eaf4efa69", + "valid" }, + { "59d4eafb4de0cfc7d3db99a8f54b15d7b39f0acc8da69763b019c1699f87674a", + "2fcb1b38a99e71b84740ad9b", "", "549b365af913f3b081131ccb6b825588", + "f58c16690122d75356907fd96b570fca", "28752c20153092818faba2a334640d6e", + "valid" }, + { "3b2458d8176e1621c0cc24c0c0e24c1e80d72f7ee9149a4b166176629616d011", + "45aaa3e5d16d2d42dc03445d", "", "3ff1514b1c503915918f0c0c31094a6e1f", + "73a6b6f45f6ccc5131e07f2caa1f2e2f56", "2d7379ec1db5952d4e95d30c340b1b1d", + "valid" }, + { "0212a8de5007ed87b33f1a7090b6114f9e08cefd9607f2c276bdcfdbc5ce9cd7", + "e6b1adf2fd58a8762c65f31b", "", + "10f1ecf9c60584665d9ae5efe279e7f7377eea6916d2b111", + "0843fff52d934fc7a071ea62c0bd351ce85678cde3ea2c9e", + "7355fde599006715053813ce696237a8", "valid" }, + { "b279f57e19c8f53f2f963f5f2519fdb7c1779be2ca2b3ae8e1128b7d6c627fc4", + "98bc2c7438d5cd7665d76f6e", "c0", + "fcc515b294408c8645c9183e3f4ecee5127846d1", + "eb5500e3825952866d911253f8de860c00831c81", + "ecb660e1fb0541ec41e8d68a64141b3a", "valid" }, + { "cdccfe3f46d782ef47df4e72f0c02d9c7f774def970d23486f11a57f54247f17", + "376187894605a8d45e30de51", "956846a209e087ed", + "e28e0e9f9d22463ac0e42639b530f42102fded75", + "feca44952447015b5df1f456df8ca4bb4eee2ce2", + "082e91924deeb77880e1b1c84f9b8d30", "valid" }, + { "f32364b1d339d82e4f132d8f4a0ec1ff7e746517fa07ef1a7f422f4e25a48194", + "5a86a50a0e8a179c734b996d", "ab2ac7c44c60bdf8228c7884adb20184", + "43891bccb522b1e72a6b53cf31c074e9d6c2df8e", + "43dda832e942e286da314daa99bef5071d9d2c78", + "c3922583476ced575404ddb85dd8cd44", "valid" }, + { "ff0089ee870a4a39f645b0a5da774f7a5911e9696fc9cad646452c2aa8595a12", + "bc2a7757d0ce2d8b1f14ccd9", + "972ab4e06390caae8f99dd6e2187be6c7ff2c08a24be16ef", + "748b28031621d95ee61812b4b4f47d04c6fc2ff3", + "a929ee7e67c7a2f91bbcec6389a3caf43ab49305", + "ebec6774b955e789591c822dab739e12", "valid" }, + { "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "000000000000000000000000", "", "561008fa07a68f5c61285cd013464eaf", + "23293e9b07ca7d1b0cae7cc489a973b3", "ffffffffffffffffffffffffffffffff", + "valid" }, + { "00112233445566778899aabbccddeeff102132435465768798a9bacbdcedfe0f", + "ffffffffffffffffffffffff", "", "c6152244cea1978d3e0bc274cf8c0b3b", + "7cb6fc7c6abc009efe9551a99f36a421", "00000000000000000000000000000000", + "valid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9de8fef6d8ab1bf1bf887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ee8fef6d8ab1bf1bf887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "1ce8fef6d8ab1bf1bf887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce9fef6d8ab1bf1bf887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fe76d8ab1bf1bf887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d9ab1bf1bf887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6daab1bf1bf887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1b71bf887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1bf1be887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1bf13f887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1bf1bfa87232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1bf1bf887332eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1bf1bf887232ebb590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1bf1bf887232e8b590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1bf1bf8872326ab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1bf1bf887232eab590dc", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1bf1bf887232eab590df", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1bf1bf887232eab5909d", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1bf1bf887232eab5905d", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9de8fef6d8ab1bf1be887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fe76d8ab1b71bf887232eab590dd", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9ce8fef6d8ab1b71bf887232eab5905d", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "631701092754e40e40778dcd154a6f22", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "00000000000000000000000000000000", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "ffffffffffffffffffffffffffffffff", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "1c687e76582b9b713f08f2b26a35105d", + "invalid" }, + { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", + "505152535455565758595a5b", "", "202122232425262728292a2b2c2d2e2f", + "b2061457c0759fc1749f174ee1ccadfa", "9de9fff7d9aa1af0be897333ebb491dc", + "invalid" } +}; + +static int +tv(void) +{ + unsigned char *ad; + unsigned char *decrypted; + unsigned char *detached_ciphertext; + unsigned char *key; + unsigned char *message; + unsigned char *mac; + unsigned char *nonce; + char * hex; + size_t ad_len; + size_t ciphertext_len; + size_t detached_ciphertext_len; + size_t message_len; + unsigned int i; + + key = (unsigned char *) sodium_malloc(crypto_aead_aes256gcm_KEYBYTES); + nonce = (unsigned char *) sodium_malloc(crypto_aead_aes256gcm_NPUBBYTES); + mac = (unsigned char *) sodium_malloc(crypto_aead_aes256gcm_ABYTES); + + for (i = 0U; i < (sizeof tests) / (sizeof tests[0]); i++) { + assert(strlen(tests[i].key_hex) == 2 * crypto_aead_aes256gcm_KEYBYTES); + sodium_hex2bin(key, crypto_aead_aes256gcm_KEYBYTES, tests[i].key_hex, + strlen(tests[i].key_hex), NULL, NULL, NULL); + + assert(strlen(tests[i].nonce_hex) == + 2 * crypto_aead_aes256gcm_NPUBBYTES); + sodium_hex2bin(nonce, crypto_aead_aes256gcm_NPUBBYTES, + tests[i].nonce_hex, strlen(tests[i].nonce_hex), NULL, + NULL, NULL); + + message_len = strlen(tests[i].message_hex) / 2; + message = (unsigned char *) sodium_malloc(message_len); + sodium_hex2bin(message, message_len, tests[i].message_hex, + strlen(tests[i].message_hex), NULL, NULL, NULL); + + ad_len = strlen(tests[i].ad_hex) / 2; + ad = (unsigned char *) sodium_malloc(ad_len); + sodium_hex2bin(ad, ad_len, tests[i].ad_hex, strlen(tests[i].ad_hex), + NULL, NULL, NULL); + + detached_ciphertext_len = message_len; + assert(strlen(tests[i].detached_ciphertext_hex) == 2 * message_len); + assert(strlen(tests[i].mac_hex) == 2 * crypto_aead_aes256gcm_ABYTES); + sodium_hex2bin(mac, crypto_aead_aes256gcm_ABYTES, tests[i].mac_hex, + strlen(tests[i].mac_hex), NULL, NULL, NULL); + + detached_ciphertext = + (unsigned char *) sodium_malloc(detached_ciphertext_len); + sodium_hex2bin(detached_ciphertext, detached_ciphertext_len, + tests[i].detached_ciphertext_hex, + strlen(tests[i].detached_ciphertext_hex), NULL, NULL, + NULL); + + decrypted = (unsigned char *) sodium_malloc(message_len); + if (crypto_aead_aes256gcm_decrypt_detached( + decrypted, NULL, detached_ciphertext, detached_ciphertext_len, + mac, ad, ad_len, nonce, key) == 0) { + if (strcmp(tests[i].outcome, "valid") != 0) { + printf("*** test case %u succeeded, was supposed to be %s\n", i, + tests[i].outcome); + } + if (memcmp(decrypted, message, message_len) != 0) { + printf("Incorrect decryption of test vector #%u\n", + (unsigned int) i); + } + } else { + if (strcmp(tests[i].outcome, "invalid") != 0) { + printf("*** test case %u failed, was supposed to be %s\n", i, + tests[i].outcome); + } + } + + sodium_free(message); + sodium_free(ad); + sodium_free(decrypted); + sodium_free(detached_ciphertext); + } + + sodium_free(key); + sodium_free(mac); + sodium_free(nonce); + + return 0; +} + +int +main(void) +{ + if (crypto_aead_aes256gcm_is_available()) { + tv(); + } + printf("OK\n"); + + return 0; +} diff --git a/test/default/aead_aes256gcm2.exp b/test/default/aead_aes256gcm2.exp new file mode 100644 index 00000000..d86bac9d --- /dev/null +++ b/test/default/aead_aes256gcm2.exp @@ -0,0 +1 @@ +OK diff --git a/test/default/scalarmult8.c b/test/default/scalarmult8.c index 24885f3b..25a541dd 100644 --- a/test/default/scalarmult8.c +++ b/test/default/scalarmult8.c @@ -3,9 +3,9 @@ #include "cmptest.h" typedef struct TestData_ { - const char pk[crypto_scalarmult_BYTES * 2 + 1]; - const char sk[crypto_scalarmult_SCALARBYTES * 2 + 1]; - const char shared[crypto_scalarmult_BYTES * 2 + 1]; + const char pk_hex[crypto_scalarmult_BYTES * 2 + 1]; + const char sk_hex[crypto_scalarmult_SCALARBYTES * 2 + 1]; + const char shared_hex[crypto_scalarmult_BYTES * 2 + 1]; const char *outcome; } TestData; @@ -545,11 +545,11 @@ main(void) int res; for (i = 0U; i < (sizeof test_data) / (sizeof test_data[0]); i++) { - sodium_hex2bin(sk, crypto_scalarmult_SCALARBYTES, test_data[i].sk, + sodium_hex2bin(sk, crypto_scalarmult_SCALARBYTES, test_data[i].sk_hex, crypto_scalarmult_SCALARBYTES * 2, NULL, NULL, NULL); - sodium_hex2bin(pk, crypto_scalarmult_BYTES, test_data[i].pk, + sodium_hex2bin(pk, crypto_scalarmult_BYTES, test_data[i].pk_hex, crypto_scalarmult_BYTES * 2, NULL, NULL, NULL); - sodium_hex2bin(shared, crypto_scalarmult_BYTES, test_data[i].shared, + sodium_hex2bin(shared, crypto_scalarmult_BYTES, test_data[i].shared_hex, crypto_scalarmult_BYTES * 2, NULL, NULL, NULL); randombytes_buf(shared2, crypto_scalarmult_BYTES); res = crypto_scalarmult(shared2, sk, pk); @@ -563,7 +563,7 @@ main(void) } if (memcmp(shared, shared2, crypto_scalarmult_BYTES) != 0) { printf("*** test case %u succeeded, but shared key is not %s\n", - i, test_data[i].shared); + i, test_data[i].outcome); } } else { if (strcmp(test_data[i].outcome, "acceptable") == 0) { From 73687a0044c3e851f8bce2c1c732fe5a2175c9ff Mon Sep 17 00:00:00 2001 From: Ryan Lester Date: Thu, 30 Aug 2018 16:54:15 -0400 Subject: [PATCH 093/190] style consistency fix --- dist-build/emscripten.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 1aabaa13..739048bd 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -95,10 +95,10 @@ if [ "$DIST" = yes ]; then Module['TOTAL_MEMORY'] = root['sodium']['totalMemory']; } var _Module = Module; - Module.ready = new Promise(function (resolve, reject) { + Module.ready = new Promise(function(resolve, reject) { var Module = _Module; Module.onAbort = reject; - Module.onRuntimeInitialized = function () { + Module.onRuntimeInitialized = function() { try { /* Test arbitrary wasm function */ Module._crypto_secretbox_keybytes(); @@ -107,7 +107,7 @@ if [ "$DIST" = yes ]; then reject(err); } }; - Module.useBackupModule = function () { + Module.useBackupModule = function() { var Module = _Module; Module.onAbort = undefined; Module.onRuntimeInitialized = undefined; @@ -115,7 +115,7 @@ if [ "$DIST" = yes ]; then $(cat "${PREFIX}/lib/libsodium.asm.tmp.js" | sed 's|use asm||g') }; $(cat "${PREFIX}/lib/libsodium.wasm.tmp.js") - }).catch(function () { + }).catch(function() { _Module.useBackupModule(); }); EOM From f642149364c2fb96fba3558f26e42bd2716ac9a7 Mon Sep 17 00:00:00 2001 From: Ryan Lester Date: Thu, 30 Aug 2018 16:54:29 -0400 Subject: [PATCH 094/190] asm.js fallback fix --- dist-build/emscripten.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 739048bd..8a7c950f 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -109,9 +109,9 @@ if [ "$DIST" = yes ]; then }; Module.useBackupModule = function() { var Module = _Module; - Module.onAbort = undefined; - Module.onRuntimeInitialized = undefined; - Module.useBackupModule = undefined; + Object.keys(Module).forEach(function(k) { + delete Module[k]; + }); $(cat "${PREFIX}/lib/libsodium.asm.tmp.js" | sed 's|use asm||g') }; $(cat "${PREFIX}/lib/libsodium.wasm.tmp.js") From 69a564347724169fe2def4eea228b75fb47e45bf Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 4 Sep 2018 15:44:42 +0200 Subject: [PATCH 095/190] Add chacha20-poly1305 test from Project Wycheproof --- .gitignore | 1 + test/default/Makefile.am | 8 + test/default/aead_chacha20poly13052.c | 1048 +++++++++++++++++++++++ test/default/aead_chacha20poly13052.exp | 1 + 4 files changed, 1058 insertions(+) create mode 100644 test/default/aead_chacha20poly13052.c create mode 100644 test/default/aead_chacha20poly13052.exp diff --git a/.gitignore b/.gitignore index fdca10f3..ab2bf5ab 100644 --- a/.gitignore +++ b/.gitignore @@ -83,6 +83,7 @@ test/default/*.trs test/default/aead_aes256gcm test/default/aead_aes256gcm2 test/default/aead_chacha20poly1305 +test/default/aead_chacha20poly13052 test/default/aead_xchacha20poly1305 test/default/auth test/default/auth2 diff --git a/test/default/Makefile.am b/test/default/Makefile.am index 1780fc52..12869590 100644 --- a/test/default/Makefile.am +++ b/test/default/Makefile.am @@ -6,6 +6,7 @@ EXTRA_DIST = \ aead_aes256gcm.exp \ aead_aes256gcm2.exp \ aead_chacha20poly1305.exp \ + aead_chacha20poly13052.exp \ aead_xchacha20poly1305.exp \ auth.exp \ auth2.exp \ @@ -83,6 +84,7 @@ DISTCLEANFILES = \ aead_aes256gcm.res \ aead_aes256gcm2.res \ aead_chacha20poly1305.res \ + aead_chacha20poly13052.res \ aead_xchacha20poly1305.res \ auth.res \ auth2.res \ @@ -161,6 +163,7 @@ CLEANFILES = \ aead_aes256gcm.final \ aead_aes256gcm2.final \ aead_chacha20poly1305.final \ + aead_chacha20poly13052.final \ aead_xchacha20poly1305.final \ auth.final \ auth2.final \ @@ -234,6 +237,7 @@ CLEANFILES = \ aead_aes256gcm.nexe \ aead_aes256gcm2.nexe \ aead_chacha20poly1305.nexe \ + aead_chacha20poly13052.nexe \ aead_xchacha20poly1305.nexe \ auth.nexe \ auth2.nexe \ @@ -320,6 +324,7 @@ TESTS_TARGETS = \ aead_aes256gcm \ aead_aes256gcm2 \ aead_chacha20poly1305 \ + aead_chacha20poly13052 \ aead_xchacha20poly1305 \ auth \ auth2 \ @@ -408,6 +413,9 @@ aead_aes256gcm2_LDADD = $(TESTS_LDADD) aead_chacha20poly1305_SOURCE = cmptest.h aead_chacha20poly1305.c aead_chacha20poly1305_LDADD = $(TESTS_LDADD) +aead_chacha20poly13052_SOURCE = cmptest.h aead_chacha20poly13052.c +aead_chacha20poly13052_LDADD = $(TESTS_LDADD) + aead_xchacha20poly1305_SOURCE = cmptest.h aead_xchacha20poly1305.c aead_xchacha20poly1305_LDADD = $(TESTS_LDADD) diff --git a/test/default/aead_chacha20poly13052.c b/test/default/aead_chacha20poly13052.c new file mode 100644 index 00000000..8fdabe2e --- /dev/null +++ b/test/default/aead_chacha20poly13052.c @@ -0,0 +1,1048 @@ + +#define TEST_NAME "aead_chacha20poly13052" +#include "cmptest.h" + +static struct { + const char *key_hex; + const char nonce_hex[crypto_aead_chacha20poly1305_ietf_NPUBBYTES * 2 + 1]; + const char *ad_hex; + const char *message_hex; + const char *detached_ciphertext_hex; + const char mac_hex[crypto_aead_chacha20poly1305_ietf_ABYTES * 2 + 1]; + const char *outcome; +} tests[] = { + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "070000004041424344454647", "50515253c0c1c2c3c4c5c6c7", + "4c616469657320616e642047656e746c656d656e206f662074686520636c617373206f66" + "202739393a204966204920636f756c64206f6666657220796f75206f6e6c79206f6e6520" + "74697020666f7220746865206675747572652c2073756e73637265656e20776f756c6420" + "62652069742e", + "d31a8d34648e60db7b86afbc53ef7ec2a4aded51296e08fea9e2b5a736ee62d63dbea45e" + "8ca9671282fafb69da92728b1a71de0a9e060b2905d6a5b67ecd3b3692ddbd7f2d778b8c" + "9803aee328091b58fab324e4fad675945585808b4831d7bc3ff4def08e4b7a9de576d265" + "86cec64b6116", + "1ae10b594f09e26a7e902ecbd0600691", "valid" }, + { "80ba3192c803ce965ea371d5ff073cf0f43b6a2ab576b208426e11409c09b9b0", + "4da5bf8dfd5852c1ea12379d", "", "", "", + "76acb342cf3166a5b63c0c0ea1383c8d", "valid" }, + { "7a4cd759172e02eb204db2c3f5c746227df584fc1345196391dbb9577a250742", + "a92ef0ac991dd516a3c6f689", "bd506764f2d2c410", "", "", + "906fa6284b52f87b7359cbaa7563c709", "valid" }, + { "cc56b680552eb75008f5484b4cb803fa5063ebd6eab91f6ab6aef4916a766273", + "99e23ec48985bccdeeab60f1", "", "2a", "3a", + "cac27dec0968801e9f6eded69d807522", "valid" }, + { "46f0254965f769d52bdb4a70b443199f8ef207520d1220c55e4b70f0fda620ee", + "ab0dca716ee051d2782f4403", "91ca6c592cbcca53", "51", "c4", + "168310ca45b1f7c66cad4e99e43f72b9", "valid" }, + { "2f7f7e4f592bb389194989743507bf3ee9cbde1786b6695fe6c025fd9ba4c100", + "461af122e9f2e0347e03f2db", "", "5c60", "4d13", + "91e8b61efb39c122195453077b22e5e2", "valid" }, + { "c8833dce5ea9f248aa2030eacfe72bffe69a620caf793344e5718fe0d7ab1a58", + "61546ba5f1720590b6040ac6", "88364fc8060518bf", "ddf2", "b60d", + "ead0fd4697ec2e5558237719d02437a2", "valid" }, + { "55568158d3a6483f1f7021eab69b703f614251cadc1af5d34a374fdbfc5adac7", + "3c4e654d663fa4596dc55bb7", "", "ab85e9c1571731", "5dfe3440dbb3c3", + "ed7a434e2602d394281e0afa9fb7aa42", "valid" }, + { "e3c09e7fab1aefb516da6a33022a1dd4eb272c80d540c5da52a730f34d840d7f", + "58389375c69ee398de948396", "84e46be8c0919053", "4ee5cda20d4290", + "4bd47212941ce3", "185f1408ee7fbf18f5abad6e2253a1ba", "valid" }, + { "51e4bf2bad92b7aff1a4bc05550ba81df4b96fabf41c12c7b00e60e48db7e152", + "4f07afedfdc3b6c2361823d3", "", "be3308f72a2c6aed", "8e9439a56eeec817", + "fbe8a6ed8fabb1937539dd6c00e90021", "valid" }, + { "1131c1418577a054de7a4ac551950f1a053f9ae46e5b75fe4abd5608d7cddadd", + "b4ea666ee119563366484a78", "66c0ae70076cb14d", "a4c9c2801b71f7df", + "b9b910433af052b0", "4530f51aeee024e0a445a6328fa67a18", "valid" }, + { "99b62bd5afbe3fb015bde93f0abf483957a1c3eb3ca59cb50b39f7f8a9cc51be", + "9a59fce26df0005e07538656", "", "42baae5978feaf5c368d14e0", + "ff7dc203b26c467a6b50db33", "578c0f2758c2e14e36d4fc106dcb29b4", "valid" }, + { "85f35b6282cff440bc1020c8136ff27031110fa63ec16f1e825118b006b91257", + "58dbd4ad2c4ad35dd906e9ce", "a506e1a5c69093f9", + "fdc85b94a4b2a6b759b1a0da", "9f8816de0994e938d9e53f95", + "d086fc6c9d8fa915fd8423a7cf05072f", "valid" }, + { "67119627bd988eda906219e08c0d0d779a07d208ce8a4fe0709af755eeec6dcb", + "68ab7fdbf61901dad461d23c", "", "51f8c1f731ea14acdb210a6d973e07", + "0b29638e1fbdd6df53970be2210042", "2a9134087d67a46e79178d0a93f5e1d2", + "valid" }, + { "e6f1118d41e4b43fb58221b7ed79673834e0d8ac5c4fa60bbc8bc4893a58894d", + "d95b3243afaef714c5035b6a", "6453a53384632212", + "97469da667d6110f9cbda1d1a20673", "32db66c4a3819d81557455e5980fed", + "feae30dec94e6ad3a9eea06a0d703917", "valid" }, + { "59d4eafb4de0cfc7d3db99a8f54b15d7b39f0acc8da69763b019c1699f87674a", + "2fcb1b38a99e71b84740ad9b", "", "549b365af913f3b081131ccb6b825588", + "e9110e9f56ab3ca483500ceabab67a13", "836ccabf15a6a22a51c1071cfa68fa0c", + "valid" }, + { "b907a45075513fe8a8019edee3f2591487b2a030b03c6e1d771c862571d2ea1e", + "118a6964c2d3e380071f5266", "034585621af8d7ff", + "55a465644f5b650928cbee7c063214d6", "e4b113cb775945f3d3a8ae9ec141c00c", + "7c43f16ce096d0dc27c95849dc383b7d", "valid" }, + { "3b2458d8176e1621c0cc24c0c0e24c1e80d72f7ee9149a4b166176629616d011", + "45aaa3e5d16d2d42dc03445d", "", "3ff1514b1c503915918f0c0c31094a6e1f", + "02cc3acb5ee1fcdd12a03bb857976474d3", "d83b7463a2c3800fe958c28eaa290813", + "valid" }, + { "f60c6a1b625725f76c7037b48fe3577fa7f7b87b1bd5a982176d182306ffb870", + "f0384fb876121410633d993d", "9aaf299eeea78f79", + "63858ca3e2ce69887b578a3c167b421c9c", + "35766488d2bc7c2b8d17cbbb9abfad9e6d", "1f391e657b2738dda08448cba2811ceb", + "valid" }, + { "0212a8de5007ed87b33f1a7090b6114f9e08cefd9607f2c276bdcfdbc5ce9cd7", + "e6b1adf2fd58a8762c65f31b", "", + "10f1ecf9c60584665d9ae5efe279e7f7377eea6916d2b111", + "42f26c56cb4be21d9d8d0c80fc99dde00d75f38074bfe764", + "54aa7e13d48fff7d7557039457040a3a", "valid" }, + { "c5bc09565646e7edda954f1f739223dada20b95c44ab033d0fae4b0283d18be3", + "6b282ebecc541bcd7834ed55", "3e8bc5ade182ff08", + "9222f9018e54fd6de1200806a9ee8e4cc904d29f25cba193", + "123032437b4bfd6920e8f7e7e0087ae4889ebe7a0ad0e900", + "3cf68f179550da63d3b96c2d55411865", "valid" }, + { "2eb51c469aa8eb9e6c54a8349bae50a20f0e382711bba1152c424f03b6671d71", + "04a9be03508a5f31371a6fd2", "", + "b053999286a2824f42cc8c203ab24e2c97a685adcc2ad32662558e55a5c729", + "45c7d6b53acad4abb68876a6e96a48fb59524d2c92c9d8a189c9fd2db91746", + "566d3ca10e311b695f3eae1551652493", "valid" }, + { "7f5b74c07ed1b40fd14358fe2ff2a740c116c7706510e6a437f19ea49911cec4", + "470a339ecb3219b8b81a1f8b", "374618a06ea98a48", + "f45206abc25552b2abc9ab7fa243035fedaaddc3b2293956f1ea6e7156e7eb", + "46a80c4187024720084627580080dde5a3f4a11093a7076ed6f3d326bc7b70", + "534d4aa2835a52e72d14df0e4f47f25f", "valid" }, + { "e1731d5854e1b70cb3ffe8b786a2b3ebf0994370954757b9dc8c7bc5354634a3", + "72cfd90ef3026ca22b7e6e6a", "", + "b9c554cbc36ac18ae897df7beecac1dbeb4eafa156bb60ce2e5d48f05715e678", + "ea29afa49d36e8760f5fe19723b9811ed5d519934a440f5081ac430b953b0e21", + "222541af46b86533c6b68d2ff108a7ea", "valid" }, + { "27d860631b0485a410702fea61bc873f3442260caded4abde25b786a2d97f145", + "262880d475f3dac5340dd1b8", "2333e5ce0f93b059", + "6b2604996cd30c14a13a5257ed6cffd3bc5e29d6b97eb1799eb335e281ea451e", + "6dad637897544d8bf6be9507ed4d1bb2e954bc427e5de729daf50762846ff2f4", + "7b997d93c982189d7095dc794c746232", "valid" }, + { "cf0d40a4644e5f51815165d5301b22631f4544c49a1878e3a0a5e8e1aae0f264", + "e74a515e7e2102b90bef55d2", "", + "973d0c753826bae466cf9abb3493152e9de7819e2bd0c71171346b4d2cebf8041aa3cedc" + "0dfd7b467e26228bc86c9a", + "fba78ae4f9d808a62e3da40be2cb7700c3613d9eb2c529c652e76a432c658d27095f0eb8" + "f940c324981ea935e507f9", + "8f046956db3a512908bd7afc8f2ab0a9", "valid" }, + { "6cbfd71c645d184cf5d23c402bdb0d25ec54898c8a0273d42eb5be109fdcb2ac", + "d4d807341683825b31cd4d95", "b3e4064683b02d84", + "a98995504df16f748bfb7785ff91eeb3b660ea9ed3450c3d5e7b0e79ef653659a9978d75" + "542ef91c456762215640b9", + "a1ffed80761829ecce242e0e88b138049016bca018da2b6e19986b3e318cae8d806198fb" + "4c527cc39350ebddeac573", + "c4cbf0befda0b70242c640d7cd02d7a3", "valid" }, + { "5b1d1035c0b17ee0b0444767f80a25b8c1b741f4b50a4d3052226baa1c6fb701", + "d61040a313ed492823cc065b", "", + "d096803181beef9e008ff85d5ddc38ddacf0f09ee5f7e07f1e4079cb64d0dc8f5e6711cd" + "4921a7887de76e2678fdc67618f1185586bfea9d4c685d50e4bb9a82", + "9a4ef22b181677b5755c08f747c0f8d8e8d4c18a9cc2405c12bb51bb1872c8e8b877678b" + "ec442cfcbb0ff464a64b74332cf072898c7e0eddf6232ea6e27efe50", + "9ff3427a0f32fa566d9ca0a78aefc013", "valid" }, + { "97d635c4f47574d9998a90875da1d3a284b755b2d39297a5725235190e10a97e", + "d31c21aba175b70de4ebb19c", "7193f623663321a2", + "94ee166d6d6ecf8832437136b4ae805d428864359586d9193a25016293edba443c58e07e" + "7b7195ec5bd84582a9d56c8d4a108c7d7ce34e6c6f8ea1bec0567317", + "5fbbdecc34be201614f636031eeb42f1cace3c79a12cffd871ee8e73820c829749f1abb4" + "294367849fb6c2aa56bda8a3078f723d7c1c852024b017b58973fb1e", + "09263da7b4cb921452f97dca40f580ec", "valid" }, + { "fe6e55bdaed1f7284ca5fc0f8c5f2b8df56dc0f49e8ca66a41995e783351f901", + "17c86a8abbb7e003acde2799", "", + "b429eb80fb8fe8baeda0c85b9c333458e7c2992e558475069d12d45c2221756412158803" + "2297eff56783742a5fc22d7410ffb29d66098661d76f126c3c27689e43b37267cac5a3a6" + "d3ab49e391da29cd3054a5692e2807e4c3ea46c8761d50f592", + "d0102f6c258bf49742cec34cf2d0fedf23d105fb4c84cf98515e1bc9a64f8ad5be8f0721" + "bde50645d00083c3a263a31053b760245f52ae2866a5ec83b19f61be1d30d5c5d9fecc4c" + "bbe08fd385813a2aa39a00ff9c10f7f23702add1e4b2ffa31c", + "41865fc71de12b19612127ce49993bb0", "valid" }, + { "aabc063474e65c4c3e9bdc480dea97b45110c8618846ff6b15bdd2a4a5682c4e", + "46362f45d6379e63e5229460", "a11c40b603767330", + "ceb534ce50dc23ff638ace3ef63ab2cc2973eeada80785fc165d06c2f5100ff5e8ab2882" + "c475afcd05ccd49f2e7d8f55ef3a72e3dc51d6852b8e6b9e7aece57be6556b0b6d9413e3" + "3fc5fc24a9a205ad59574bb39d944a92dc47970d84a6ad3176", + "7545391b51de01d5c53dfaca777909063e58edee4bb1227e7110ac4d2620c2aec2f848f5" + "6deeb037a8dced75afa8a6c890e2dee42f950bb33d9e2424d08a505d899563973ed38870" + "f3de6ee2adc7fe072c366c14e2cf7ca62fb3d36bee11685461", + "b70d44ef8c66c5c7bbf10dcadd7facf6", "valid" }, + { "7d00b48095adfa3272050607b264185002ba99957c498be022770f2ce2f3143c", + "87345f1055fd9e2102d50656", "02", "e5ccaa441bc814688f8f6e8f28b500b2", + "7e72f5a185af16a611921b438f749f0b", "1242c670732334029adfe1c5001651e4", + "valid" }, + { "6432717f1db85e41ac7836bce25185a080d5762b9e2b18444b6ec72c3bd8e4dc", + "87a3163ec0598ad95b3aa713", "b648", "02cde168fba3f544bbd0332f7adeada8", + "85f29a719557cdd14d1f8fffab6d9e60", "732ca32becd515a1ed353f542e999858", + "valid" }, + { "8e34cf73d245a1082a920b86364eb896c4946467bcb3d58929fcb36690e6394f", + "6f573aa86baa492ba46596df", "bd4cd02fc7502bbdbdf6c9a3cbe8f0", + "16ddd23ff53f3d23c06334487040eb47", "c1b295936d56fadac03e5f742bff73a1", + "39c457dbab66382babb3b55800cda5b8", "valid" }, + { "cb5575f5c7c45c91cf320b139fb594237560d0a3e6f865a67d4f633f2c08f016", + "1a6518f02ede1da6809266d9", "89cce9fb47441d07e0245a66fe8b778b", + "623b7850c321e2cf0c6fbcc8dfd1aff2", "c84c9bb7c61c1bcb17772a1c500c5095", + "dbadf7a5138ca03459a2cd65831e092f", "valid" }, + { "a5569e729a69b24ba6e0ff15c4627897436824c941e9d00b2e93fddc4ba77657", + "564dee49ab00d240fc1068c3", "d19f2d989095f7ab03a5fde84416e00c0e", + "87b3a4d7b26d8d3203a0de1d64ef82e3", "94bc80621ed1e71b1fd2b5c3a15e3568", + "333511861796978401598b963722f5b3", "valid" }, + { "56207465b4e48e6d04630f4a42f35cfc163ab289c22a2b4784f6f9290330bee0", + "df8713e87ec3dbcfad14d53e", + "5e6470facd99c1d81e37cd44015fe19480a2a4d3352a4ff560c0640fdbda", + "e601b38557797da2f8a4106a089d1da6", "299b5d3f3d03c087209a16e285143111", + "4b454ed198de117e83ec49fa8d8508d6", "valid" }, + { "3937986af86dafc1ba0c4672d8abc46c207062682d9c264ab06d6c5807205130", + "8df4b15a888c33286a7b7651", + "ba446f6f9a0ced22450feb10737d9007fd69abc19b1d4d9049a5551e86ec2b37", + "dc9e9eaf11e314182df6a4eba17aec9c", "605bbf90aeb974f6602bc778056f0dca", + "38ea23d99054b46b42ffe004129d2204", "valid" }, + { "36372abcdb78e0279646ac3d176b9674e9154eecf0d5469c651ec7e16b4c1199", + "be40e5f1a11817a0a8fa8949", + "d41a828d5e71829247021905402ea257dccbc3b80fcd5675056b68bb59e62e8873", + "81ce84ede9b35859cc8c49a8f6be7dc6", "7b7ce0d824809a70de32562ccf2c2bbd", + "15d44a00ce0d19b4231f921e22bc0a43", "valid" }, + { "9f1479ed097d7fe529c11f2f5add9aaff4a1ca0b68997a2cb7f79749bd90aaf4", + "84c87dae4eee27730ec35d12", + "3f2dd49bbf09d69a78a3d80ea2566614fc379474196c1aae84583da73d7ff85c6f42ca42" + "056a9792cc1b9fb3c7d261", + "a66747c89e857af3a18e2c79500087ed", "ca82bff3e2f310ccc976672c4415e69b", + "57638c62a5d85ded774f913c813ea032", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "00000000000000000000000000000000", + "256d40888094178355d304846443fee8df99470303fb3b7b80e030beebd329be", + "0000000000000000000000000000000000000000000000000000000000000000", + "e6d3d7324a1cbba777bbb0ecdda37807", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "00000000000000000000000000000000", + "256d40888094178355d304846443fee8df99470303fb3b7b80e030beebd329bee3bcdb5b" + "1edefcfe8bcda1b6a15c8c2b0869ffd2ec5e26e553b7b227fe87fdbd", + "000000000000000000000000000000000000000000000000000000000000000000000000" + "00000000000000000000000000000000000000000000000000000000", + "062de6795f274fd2a305d76980bc9cce", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "00000000000000000000000000000000", + "256d40888094178355d304846443fee8df99470303fb3b7b80e030beebd329bee3bcdb5b" + "1edefcfe8bcda1b6a15c8c2b0869ffd2ec5e26e553b7b227fe87fdbd7ada44424269bffa" + "5527f270acf68502b74c5ae2e60c0580981a4938459392c49bb2f284b646efc7f3f0b136" + "1dc348ed77d30bc57692ed38fbac0188380488c7", + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000", + "d8b47902baaeafb34203051529af282e", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "ffffffffffffffffffffffffffffffff", + "da92bf777f6be87caa2cfb7b9bbc01172066b8fcfc04c4847f1fcf41142cd641", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "b3891c849cb52c27747edfcf31213bb6", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "ffffffffffffffffffffffffffffffff", + "da92bf777f6be87caa2cfb7b9bbc01172066b8fcfc04c4847f1fcf41142cd6411c4324a4" + "e121030174325e495ea373d4f796002d13a1d91aac484dd801780242", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "f0c12d26ef03029b62c008da27c5dc68", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "ffffffffffffffffffffffffffffffff", + "da92bf777f6be87caa2cfb7b9bbc01172066b8fcfc04c4847f1fcf41142cd6411c4324a4" + "e121030174325e495ea373d4f796002d13a1d91aac484dd8017802428525bbbdbd964005" + "aad80d8f53097afd48b3a51d19f3fa7f67e5b6c7ba6c6d3b644d0d7b49b910380c0f4ec9" + "e23cb712882cf43a896d12c70453fe77c7fb7738", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "ee65783001c25691fa28d0f5f1c1d762", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "00000080000000800000008000000080", + "256d40088094170355d304046443fe68df99478303fb3bfb80e0303eebd3293e", + "0000008000000080000000800000008000000080000000800000008000000080", + "79ba7a29f5a7bb75797af87a610129a4", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "00000080000000800000008000000080", + "256d40088094170355d304046443fe68df99478303fb3bfb80e0303eebd3293ee3bcdbdb" + "1edefc7e8bcda136a15c8cab0869ff52ec5e266553b7b2a7fe87fd3d", + "000000800000008000000080000000800000008000000080000000800000008000000080" + "00000080000000800000008000000080000000800000008000000080", + "36b1743819e1b9ba1551e8ed922a959a", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "00000080000000800000008000000080", + "256d40088094170355d304046443fe68df99478303fb3bfb80e0303eebd3293ee3bcdbdb" + "1edefc7e8bcda136a15c8cab0869ff52ec5e266553b7b2a7fe87fd3d7ada44c24269bf7a" + "5527f2f0acf68582b74c5a62e60c0500981a49b8459392449bb2f204b646ef47f3f0b1b6" + "1dc3486d77d30b457692edb8fbac010838048847", + "000000800000008000000080000000800000008000000080000000800000008000000080" + "000000800000008000000080000000800000008000000080000000800000008000000080" + "000000800000008000000080000000800000008000000080000000800000008000000080" + "0000008000000080000000800000008000000080", + "feac4955554e806f3a1902e24432c08a", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "ffffff7fffffff7fffffff7fffffff7f", + "da92bff77f6be8fcaa2cfbfb9bbc01972066b87cfc04c4047f1fcfc1142cd6c1", + "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f", + "20a3798df1292c5972bf9741aec38a19", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "ffffff7fffffff7fffffff7fffffff7f", + "da92bff77f6be8fcaa2cfbfb9bbc01972066b87cfc04c4047f1fcfc1142cd6c11c432424" + "e121038174325ec95ea37354f79600ad13a1d99aac484d58017802c2", + "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f" + "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f", + "c03d9f67354a97b2f074f7551557e49c", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "ffffff7fffffff7fffffff7fffffff7f", + "da92bff77f6be8fcaa2cfbfb9bbc01972066b87cfc04c4047f1fcfc1142cd6c11c432424" + "e121038174325ec95ea37354f79600ad13a1d99aac484d58017802c28525bb3dbd964085" + "aad80d0f53097a7d48b3a59d19f3faff67e5b647ba6c6dbb644d0dfb49b910b80c0f4e49" + "e23cb792882cf4ba896d12470453fef7c7fb77b8", + "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f" + "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f" + "ffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7f" + "ffffff7fffffff7fffffff7fffffff7fffffff7f", + "c86da8dd652286d50213d328d63e4006", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "7fffffff7fffffff7fffffff7fffffff", + "5a92bf77ff6be87c2a2cfb7b1bbc0117a066b8fc7c04c484ff1fcf41942cd641", + "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff", + "bede9083ceb36ddfe5fa811f95471c67", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "7fffffff7fffffff7fffffff7fffffff", + "5a92bf77ff6be87c2a2cfb7b1bbc0117a066b8fc7c04c484ff1fcf41942cd6419c4324a4" + "61210301f4325e49dea373d47796002d93a1d91a2c484dd881780242", + "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff" + "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff", + "300874bb0692b689dead9ae15b067390", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "7fffffff7fffffff7fffffff7fffffff", + "5a92bf77ff6be87c2a2cfb7b1bbc0117a066b8fc7c04c484ff1fcf41942cd6419c4324a4" + "61210301f4325e49dea373d47796002d93a1d91a2c484dd8817802420525bbbd3d964005" + "2ad80d8fd3097afdc8b3a51d99f3fa7fe7e5b6c73a6c6d3be44d0d7bc9b910388c0f4ec9" + "623cb712082cf43a096d12c78453fe7747fb7738", + "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff" + "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff" + "7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff7fffffff" + "7fffffff7fffffff7fffffff7fffffff7fffffff", + "99cad85f45ca40942d0d4d5e950ade22", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "00000000ffffffff00000000ffffffff", + "256d40887f6be87c55d304849bbc0117df994703fc04c48480e030be142cd641", + "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff", + "8bbe145272e7c2d9a1891a3ab0983d9d", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "00000000ffffffff00000000ffffffff", + "256d40887f6be87c55d304849bbc0117df994703fc04c48480e030be142cd641e3bcdb5b" + "e12103018bcda1b65ea373d40869ffd213a1d91a53b7b22701780242", + "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000" + "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff", + "3b41861913a8f6de7f61e225631bc382", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "00000000ffffffff00000000ffffffff", + "256d40887f6be87c55d304849bbc0117df994703fc04c48480e030be142cd641e3bcdb5b" + "e12103018bcda1b65ea373d40869ffd213a1d91a53b7b227017802427ada4442bd964005" + "5527f27053097afdb74c5ae219f3fa7f981a4938ba6c6d3b9bb2f28449b91038f3f0b136" + "e23cb71277d30bc5896d12c7fbac0188c7fb7738", + "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000" + "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff" + "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000" + "ffffffff00000000ffffffff00000000ffffffff", + "8428bcf023ec6bf31fd9efb203ff0871", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "ffffffff00000000ffffffff00000000", + "da92bf7780941783aa2cfb7b6443fee82066b8fc03fb3b7b7f1fcf41ebd329be", + "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000", + "139fdf6474ea24f549b075825f2c7620", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "ffffffff00000000ffffffff00000000", + "da92bf7780941783aa2cfb7b6443fee82066b8fc03fb3b7b7f1fcf41ebd329be1c4324a4" + "1edefcfe74325e49a15c8c2bf796002dec5e26e5ac484dd8fe87fdbd", + "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff" + "00000000ffffffff00000000ffffffff00000000ffffffff00000000", + "bbad8d863b835a8e8664fd1d4566b6b4", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000000000000000001ee3200", "ffffffff00000000ffffffff00000000", + "da92bf7780941783aa2cfb7b6443fee82066b8fc03fb3b7b7f1fcf41ebd329be1c4324a4" + "1edefcfe74325e49a15c8c2bf796002dec5e26e5ac484dd8fe87fdbd8525bbbd4269bffa" + "aad80d8facf6850248b3a51de60c058067e5b6c7459392c4644d0d7bb646efc70c0f4ec9" + "1dc348ed882cf43a7692ed380453fe77380488c7", + "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff" + "00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000" + "ffffffff00000000ffffffff00000000ffffffff00000000ffffffff00000000ffffffff" + "00000000ffffffff00000000ffffffff00000000", + "42f2354297849a511d53e5571772f71f", "valid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a2e3fdf9fba6861b5ad2607f40b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a1e3fdf9fba6861b5ad2607f40b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "23e3fdf9fba6861b5ad2607f40b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e2fdf9fba6861b5ad2607f40b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fd79fba6861b5ad2607f40b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9faa6861b5ad2607f40b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9f9a6861b5ad2607f40b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9fba6869b5ad2607f40b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9fba6861b5bd2607f40b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9fba6861b5af2607f40b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9fba6861b5ad2617f40b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9fba6861b5ad2607f41b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9fba6861b5ad2607f42b7f447", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9fba6861b5ad2607f40b7f446", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9fba6861b5ad2607f40b7f445", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9fba6861b5ad2607f40b7f407", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9fba6861b5ad2607f40b7f4c7", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "a3e3fdf9fba6869b5ad2607f40b7f4c7", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "00000000000000000000000000000000", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "", "", + "ffffffffffffffffffffffffffffffff", "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "26da374f17b7f1b23844a5490bfc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "25da374f17b7f1b23844a5490bfc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "a7da374f17b7f1b23844a5490bfc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27db374f17b7f1b23844a5490bfc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da37cf17b7f1b23844a5490bfc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f16b7f1b23844a5490bfc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f15b7f1b23844a5490bfc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f17b7f1323844a5490bfc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f17b7f1b23944a5490bfc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f17b7f1b23864a5490bfc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f17b7f1b23844a4490bfc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f17b7f1b23844a5490afc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f17b7f1b23844a54909fc4001", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f17b7f1b23844a5490bfc4000", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f17b7f1b23844a5490bfc4003", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f17b7f1b23844a5490bfc4041", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f17b7f1b23844a5490bfc4081", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "27da374f17b7f1323844a5490bfc4081", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "00000000000000000000000000000000", + "invalid" }, + { "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff", + "000102030405060708090a0b", "616164", "00000000000000000000000000000000", + "2cf8ae525fc86025268a4e1d88bead19", "ffffffffffffffffffffffffffffffff", + "invalid" }, + { "3030303030303030303030303030303030303030303030303030303030303030", + "30303030303030300002506e", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "d4500bf009493551c380adf52c573a69df7e8b762463330facc16a5726be7190c63c5a1c" + "926584a096756828dcdc64acdf963d931bf1dae238f3f157224ac4b542d785b0dd84db6b" + "e3bc5a3663e84149ffbed09e54f78f16a8223b24cb019f58b21b0e551e7aa07327629551" + "376ccbc3937671a0629bd95c9915c78555771e7a", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "0b300d8da56c2185755279553c4c82ca", "valid" }, + { "3030303030303030303030303030303030303030303030303030303030303030", + "3030303030303030000318a5", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "7de87f6729945275d0655da4c7fde4569e16f111b5eb26c22d859e3ff822eced3a6dd9a6" + "0f22957f7b7c857e8822eb9fe0b8d7022141f2d0b48f4b5612d322a88dd0fe0b4d917932" + "4f7c6c9e990efbd80e5ed6775826498b1efe0f71a0f3ec5b29cb28c2540a7dcd51b7daae" + "e0ff4a7f3ac1ee54c29ee4c170de408f66692194", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "c578e2aa44d309b7b6a5193bdc6118f5", "valid" }, + { "3030303030303030303030303030303030303030303030303030303030303030", + "00000000000000000007b4f0", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "1b996f9a3ccc6785de22ff5b8add9502ce03a0faf5992a09522cdd1206d220b8f8bd07d1" + "f1f5a1bd9a71d11c7f579b855818c08d4de036393183b7f590b335aed8de5b57b13c5fed" + "e2441c3e184aa9d46e61598506b3e11c43c62cbcaceced33190875b012218b1930fb7c38" + "ec45ac11c353d0cf938dccb9efad8fedbe46daa5", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "4b0bda8ad043830d8319ab82c50c7663", "valid" }, + { "3030303030303030303030303030303030303030303030303030303030303030", + "00000000000000000020fb66", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "86cbacae4d3f74ae01213e0551cc15160ea1be8408e3d5d74f01464995a69e6176cb9e02" + "b2247ed299892f9182a45caf4c69405611766edfafdc285519ea30480c44f05e781eacf8" + "fcecc7090abb28fa5fd585ac8cda7e8772e594e4ce6c883281932e0f89f877a1f04d9c32" + "b06cf90b0e762b430c4d517c97107068f498ef7f", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "4bc98f72c494c2a43c2b15a1043f1cfa", "valid" }, + { "3030303030303030303030303030303030303030303030303030303030303030", + "00000000000000000038bb90", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "fab1cddf4fe198ef63add881d6ead6c57637bbe92018ca7c0b96fba0871e932db1fbf907" + "61be25df8dfaf931ce5757e617b3d7a9f0bf0ffe5d591a33c143b8f53fd0b5a19609fd62" + "e5c251a4281a200cfdc34f281710406f4e37625446ff6ef224913deb0d89af337128e3d1" + "55d16d3ec3246041432143e9ab3a6d2ccc2f4d62", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "f7e9e151b02533c74658bfc7737c680d", "valid" }, + { "3030303030303030303030303030303030303030303030303030303030303030", + "00000000000000000070484a", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "227202be7f3515e9d1c02eea2f1950b6481b048a4c91506cb40d504e6c949f82d197c25a" + "d17dc721651125782ac7a71247feaef32f1f250ce4bb8f79acaa179d45a7b0545f092432" + "5efa87d5e441d28478c61f2223ee67c3b41f4394535e2a24369a2e16613c459490c14fb1" + "d755fe53fbe1ee45b1b21f7162e2fcaa742abefd", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "795bcff647c553c2e4eb6e0eafd9e04e", "valid" }, + { "3030303030303030303030303030303030303030303030303030303030303030", + "000000000000000000932f40", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "fae58345c16cb0f5cc537f2b1b3469c969463b3ea71bcf6b98d669a8e60e04fc08d5fd06" + "9c362638e3400ef4cb242e27e2245e68cb9ec583da5340b12edf423b7326ad20feeb57da" + "ca2e0467a32899b42df8e56d84e006bc8a7acc731e7c1f6becb5719f7077f0d4f4c61ab1" + "1ebac1001801ce33c4e4a77d831d3ce34e8410e1", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "1946d653960f947a74d3e8093cf48502", "valid" }, + { "3030303030303030303030303030303030303030303030303030303030303030", + "000000000000000000e29335", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "ebb216ddd7ca709215f503df9ce63c5cd2194e7d9099e8a90b2afaad5eba35069925a603" + "fdbc341aaed41505b10941fa3856a7e247b1040709746cfc2096caa631b2fff41c250506" + "d889c1c90671ade853ee6394c19192a5cf3710d1073099e5bc946582fc0fab9f543c716a" + "e2486a8683fdca39d2e14f23d00a582664f4ecb1", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "36c3002985dd21baf895d633573f12c0", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000000ef7d5", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "408ae6ef1c7ef0fb2c2d610816fc7849efa58f78273f5f166ea65f81b575747d035b3040" + "fede1eb9459788669788408e00413b3e376d152d204aa2b7a83558fcd48a0ef7a26b1cd6" + "d35d23b3f5dfe0ca77a4ce32b94abf83da2aefcaf068380879e89fb0a3829595cf44c385" + "2ae2cc662b689f9355d9c183801f6acc313f8907", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "6514518e0a264142e0b7351f967fc2ae", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000003dfce4", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "0a0a24499bcade58cf1576c312aca984718cb4cc7e0153f5a9015810859644dfc021174e" + "0b060a397448de8b484a8603be680a6934c0906f30dd17eae2d4c5faa777f8ca53370e08" + "331b88c342bac959787bbb33930e3b56be86da7f2a6eb1f94089d1d181074d4302f8e055" + "2d0de1fab306a21b42d4c3ba6e6f0cbcc81e877a", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "4c194da6a99fd65b40e9cad798f44b19", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000018486a8", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "4a0aaff8494729188691701340f3ce2b8a78eed3a0f065994b72484e7991d25c29aa075e" + "b1fc16de93fe069058112ab284a3ed18780326d1258a47222fa633d8b29f3bd9150b239b" + "1546c2bb9b9f410febead396000ee477701532c3d0f5fbf895d280196d2f737c5e9fec50" + "d92bb0df5d7e513be5b8ea971310d5bf16ba7aee", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "c8ae7788cd2874abc138541e11fd0587", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "ff9428d079351f665cd001354319875c783d35f613e6d9093d38e975c38fe3b89f7aed35" + "cb5a2fcaa0346efb936554649cf6378171eae4396ea15dc240d1abf4472d9096524fa1b2" + "b023b8b288222773d4d206616f9293f65b45dbbc74e7c2edfbcbbf1cfb679bb739a5862d" + "e2bcb937f74d5bf8671c5a8a5092f61d54c9aa5b", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffff", + "933a5163c7f62368327b3fbc1036c943", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000102030405060708090a0b", + "85ffffffffffffffffffffffffffffffa6902fcbc883bbc180b256ae34ad7f00", + "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd01" + "76704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "000102030405060708090a0b0c0d0e0f", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000102030405060708090a0b", + "ffffffffffffffffffffffffffffffff247e50642a1c0a2f8f77219609dba958", + "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd01" + "76704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "00000000000000000000000000000000", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000102030405060708090a0b", + "7cffffffffffffffffffffffffffffffd9e72c064ac8961f3fa585e0e2abd600", + "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd01" + "76704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "ffffffffffffffffffffffffffffffff", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000102030405060708090a0b", + "65ffffffffffffffffffffffffffffff95af0f4d0b686eaeccca4307d596f502", + "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd01" + "76704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "00000080000000800000008000000080", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000102030405060708090a0b", + "ffffffffffffffffffffffffffffffff8540b464357707be3a39d55c34f8bcb3", + "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd01" + "76704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "ffffff7fffffff7fffffff7fffffff7f", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000102030405060708090a0b", + "4fffffffffffffffffffffffffffffff6623d990b898d830d212af2383330701", + "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd01" + "76704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "01000000010000000100000001000000", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "000102030405060708090a0b", + "83ffffffffffffffffffffffffffffff5f16d09f17787211b7d484e024f89701", + "9a49c40f8b48d7c66d1db4e53f20f2dd4aaa241ddab26b5bc0e218b72c3390f2df3ebd01" + "76704419972bcdbc6bbcb3e4e74a71528ef51263ce24e0d575e0e44d", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "ffffffff000000000000000000000000", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "005235d2a919f28d3db7664a34ae6b444d3d35f613e6d9093d38e975c38fe3b85b8b9450" + "9e2b74a36d346e33d572659ba9f6378171eae4396ea15dc240d1abf483dce9f3073efadb" + "7d23b87ace35168c", + "0039e2fd2fd312149e989880884813e7caffffffffffffffffffffffffffffff3b0e869a" + "aa8ea49632ffff37b9e8ce00caffffffffffffffffffffffffffffff3b0e869aaa8ea496" + "32ffff37b9e8ce00", + "a519ac1a35b4a57787510af78d8d200a", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "d39428d079351f665cd001354319875ce5da78766fa19290c031f75208506745ae7aed35" + "cb5a2fcaa0346efb93655464496ddeb05509c6efffab75eb2df4ab09762d9096524fa1b2" + "b023b8b2882227730149ef504b71b120ca4ff39519c2c210", + "d3ffffffffffffffffffffffffffffff6218b27f83b8b46602f6e1d834207b02ceffffff" + "ffffffffffffffffffffffff2a6416cedb1cdd296ef5d7d692daff02ceffffffffffffff" + "ffffffffffffffff2a6416cedb1cdd296ef5d7d692daff02", + "302fe82ab0a09af64400d015ae83d9cc", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "e99428d079351f665cd001354319875c6df1394edc539b5b3a0957be0fb85946807aed35" + "cb5a2fcaa0346efb93655464d1769fe806bbfeb6f590950f2eac9e0a582d9096524fa1b2" + "b023b8b2882227739952ae0818c38979c07413711a9af713", + "e9ffffffffffffffffffffffffffffffea33f347304abdadf8ce413433c84501e0ffffff" + "ffffffffffffffffffffffffb27f579688aee57064ce37329182ca01e0ffffffffffffff" + "ffffffffffffffffb27f579688aee57064ce37329182ca01", + "98a7e836e0ee4d023500d0557ec2cbe0", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "ff9428d079351f665cd001354319875c64f90f5b2692b860d4596ff4b3402c5c00b9bb53" + "707aa667d356fe50c7199694033561e7caca6d941dc3cd6914ad6904", + "ffffffffffffffffffffffffffffffffe33bc552ca8b9e96169e797e8f30301b603ca999" + "44df76528c9d6f54ab833d0f603ca99944df76528c9d6f54ab833d0f", + "6ab8dce2c59da4737130b0252f68a8d8", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "689428d079351f665cd001354319875cb08f25675b9bcbf6e38407de2ec75a479f7aed35" + "cb5a2fcaa0346efb936554642d2af7cd6b080501d31ba54fb2eb7596472d9096524fa1b2" + "b023b8b288222773650ec62d757072cee6ff233186dd1c8f", + "68ffffffffffffffffffffffffffffff374def6eb782ed002143115412b74600ffffffff" + "ffffffffffffffffffffffff4e233fb3e51d1ec7424507720dc5219dffffffffffffffff" + "ffffffffffffffff4e233fb3e51d1ec7424507720dc5219d", + "044dea608880412bfdffcf35579e9b26", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "6d9428d079351f665cd001354319875ca161b5ab040900629efeff78d7d86b459f7aed35" + "cb5a2fcaa0346efb93655464c6f8078cc8ef12a0ff657d6d08db10b8472d9096524fa1b2" + "b023b8b2882227738edc366cd697656fca81fb133ced79a1", + "6dffffffffffffffffffffffffffffff26a37fa2e81026945c39e9f2eba87702ffffffff" + "ffffffffffffffffffffffffa5f1cff246fa09666e3bdf50b7f544b3ffffffffffffffff" + "ffffffffffffffffa5f1cff246fa09666e3bdf50b7f544b3", + "1e6bea6314542e2ef9ffcf450b2e982b", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "ff9428d079351f665cd001354319875cfc01b891e5f0f9128d7d1c579192b69863414415" + "b69968959a7291b7a5af134860cd9ea10c29a36654e7a28e761becd8", + "ffffffffffffffffffffffffffffffff7bc3729809e9dfe44fba0addade2aadf03c456df" + "823cb8a0c5b900b3c935b8d303c456df823cb8a0c5b900b3c935b8d3", + "ed2017c8dba4775629049d786e3bceb1", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "ff9428d079351f665cd001354319875c6b6dc9d21a819e70b577f44137d3d6bd1335f5eb" + "44494077b26449a54b6c7c7510b92f5ffef98b847cf17a9c98d883e5", + "ffffffffffffffffffffffffffffffffecaf03dbf698b88677b0e2cb0ba3cafa73b0e721" + "70ec9042edafd8a127f6d7ee73b0e72170ec9042edafd8a127f6d7ee", + "073f17cb6778645925049d8822cbcab6", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "ffcb2b1106f8234c5e99d4db4c7048de323d35f613e6d9093d38e975c38fe3b816e9884a" + "114f0e9266cea3885fe36b9fd6f6378171eae4396ea15dc240d1abf4cebef5e9885a80ea" + "76d975c144a41888", + "ffa0fc3e8032c3d5fdb62a11f096307db5ffffffffffffffffffffffffffffff766c9a80" + "25eadea73905328c3379c004b5ffffffffffffffffffffffffffffff766c9a8025eadea7" + "3905328c3379c004", + "8b9bb4b4861289658c696a8340150405", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "6f9e70ed3b8baca026e46a5a0943158d213d35f613e6d9093d38e975c38fe3b80c612c5e" + "8d89a873dbcaad5b7346429bc5f6378171eae4396ea15dc240d1abf4d43651fd149c260b" + "cbdd7b126801318c", + "6ff5a7c2bd414c3985cb9490b5a56d2ea6ffffffffffffffffffffffffffffff6ce43e94" + "b92c784684013c5f1fdce900a6ffffffffffffffffffffffffffffff6ce43e94b92c7846" + "84013c5f1fdce900", + "8b3bbd51644459568d81ca1fa72ce404", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "412b080a3e19c10d44a1af1eabdeb4ce353d35f613e6d9093d38e975c38fe3b86b839433" + "0921486ca11d291c3e97ee9ad1f6378171eae4396ea15dc240d1abf4b3d4e9909034c614" + "b10aff5525d09d8d", + "4140df25b8d32194e78e51d41738cc6db2ffffffffffffffffffffffffffffff0b0686f9" + "3d849859fed6b818520d4501b2ffffffffffffffffffffffffffffff0b0686f93d849859" + "fed6b818520d4501", + "86fbab2b4a94f47aa56f0aea65d11008", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "b247a74723491aacacaad709c91e932b313d35f613e6d9093d38e975c38fe3b89ade04e7" + "5bb701d9660601b34765de98d5f6378171eae4396ea15dc240d1abf442897944c2a28fa1" + "7611d7fa5c22ad8f", + "b22c7068a583fa350f8529c375f8eb88b6fffffffffffffffffffffffffffffffa5b162d" + "6f12d1ec39cd90b72bff7503b6fffffffffffffffffffffffffffffffa5b162d6f12d1ec" + "39cd90b72bff7503", + "a019ac2ed667e17da16f0afa19610d0d", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "740f9e49f610efa585b659ca6ed8b4992d3d35f613e6d9093d38e975c38fe3b8412d96af" + "be80ec3e79d451b00a2db29ac9f6378171eae4396ea15dc240d1abf4997aeb0c27956246" + "69c387f9116ac18d", + "7464496670da0f3c2699a700d23ecc3aaaffffffffffffffffffffffffffffff21a88465" + "8a253c0b261fc0b466b71901aaffffffffffffffffffffffffffffff21a884658a253c0b" + "261fc0b466b71901", + "736e18181696a5889c3159faabab20fd", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "adba5d105bc8aa062c2336cb889ddbd5373d35f613e6d9093d38e975c38fe3b8177c5ffe" + "2875f468f6c2965748f3599ad3f6378171eae4396ea15dc240d1abf4cf2b225db1607a10" + "e6d5401e53b42a8d", + "add18a3fdd024a9f8f0cc801347ba376b0ffffffffffffffffffffffffffffff77f94d34" + "1cd0245da90907532469f201b0ffffffffffffffffffffffffffffff77f94d341cd0245d" + "a90907532469f201", + "bad58f10a91e6a889aba32fd17d8331a", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "fe9428d079351f665cd001354319875cc001edc5da442e719bce9abe273af144b47aed35" + "cb5a2fcaa0346efb9365546448025f41fa4e336c786957a2a7c4930a6c2d9096524fa1b2" + "b023b8b28822277300266ea1e43644a34d8dd1dc93f2fa13", + "feffffffffffffffffffffffffffffff47c327cc365d088759098c341b4aed03d4ffffff" + "ffffffffffffffffffffffff2b0b973f745b28aae937f59f18eac701d4ffffffffffffff" + "ffffffffffffffff2b0b973f745b28aae937f59f18eac701", + "d68ce174079add028dd05cf814630488", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "b513b06ab9ac14435acb8aa3a37afdb6543d35f613e6d9093d38e975c38fe3b861950193" + "b1bf0311ff117989aed9a999b0f6378171eae4396ea15dc240d1abf4b9c27c3028aa8d69" + "ef06afc0b59eda8e", + "b57867453f66f4daf9e474691f9c8515d3ffffffffffffffffffffffffffffff01101359" + "851ad324a0dae88dc2430202d3ffffffffffffffffffffffffffffff01101359851ad324" + "a0dae88dc2430202", + "aa48a3887d4b059699c2fdf9c6787e0a", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "ff9428d079351f665cd001354319875cd4f109e814cea85a08c011d850dd1dcbcf7aed35" + "cb5a2fcaa0346efb936554645340b85a9aa08296b77a5fc3961f660f172d9096524fa1b2" + "b023b8b2882227731b6489ba84d8f559829ed9bda2290f16", + "ffffffffffffffffffffffffffffffff5333c3e1f8d78eacca0707526cad018cafffffff" + "ffffffffffffffffffffffff3049702414b599502624fdfe29313204afffffffffffffff" + "ffffffffffffffff3049702414b599502624fdfe29313204", + "b936a817f2211af129e2cf160fd42bcb", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "ff9428d079351f665cd001354319875cdf4c62032d4119b588477e99925a56d9d67aed35" + "cb5a2fcaa0346efb93655464fa84f0645536421b2bb9246ec219ed0b0e2d9096524fa1b2" + "b023b8b288222773b2a0c1844b4e35d41e5da210f62f8412", + "ffffffffffffffffffffffffffffffff588ea80ac1583f434a806813ae2a4a9eb6ffffff" + "ffffffffffffffffffffffff998d381adb2359ddbae786537d37b900b6ffffffffffffff" + "ffffffffffffffff998d381adb2359ddbae786537d37b900", + "9f7ac4351f6b91e63097a713115d05be", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "ff9428d079351f665cd001354319875c13f80a006dc1bbdad639a92fc7eca655f77aed35" + "cb5a2fcaa0346efb936554646348b8fd29bf96d563a517e27d7bfc0f2f2d9096524fa1b2" + "b023b8b2882227732b6c891d37c7e11a5641919c494d9516", + "ffffffffffffffffffffffffffffffff943ac00981d89d2c14febfa5fb9cba1297ffffff" + "ffffffffffffffffffffffff00417083a7aa8d13f2fbb5dfc255a80497ffffffffffffff" + "ffffffffffffffff00417083a7aa8d13f2fbb5dfc255a804", + "9a18a828070269f44700d009e7171cc9", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "ff9428d079351f665cd001354319875c82e59b4582915038f933811e652dc66afc7aed35" + "cb5a2fcaa0346efb93655464b671c8cac270c265a0ac2f535799880a242d9096524fa1b2" + "b023b8b288222773fe55f92adc08b5aa9548a92d63afe113", + "ffffffffffffffffffffffffffffffff0527514c6e8876ce3bf49794595dda2d9cffffff" + "ffffffffffffffffffffffffd57800b44c65d9a331f28d6ee8b7dc019cffffffffffffff" + "ffffffffffffffffd57800b44c65d9a331f28d6ee8b7dc01", + "b436a82b93d555f74300d0199ba718ce", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "ff9428d079351f665cd001354319875cf1d12887b7216986a12d79098b6de60fc07aed35" + "cb5a2fcaa0346efb93655464a7c75899f3e60af1fcb6c7307d87590f182d9096524fa1b2" + "b023b8b288222773efe36979ed9e7d3ec952414e49b13016", + "ffffffffffffffffffffffffffffffff7613e28e5b384f7063ea6f83b71dfa48a0ffffff" + "ffffffffffffffffffffffffc4ce90e77df311376de8650dc2a90d04a0ffffffffffffff" + "ffffffffffffffffc4ce90e77df311376de8650dc2a90d04", + "ce54a82e1fa942fa3f00d0294f3715d3", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "cbf1da9e0ba9377374e69e1c0e600cfc343d35f613e6d9093d38e975c38fe3b8be3fa66b" + "6ce7808aa3e45949f944649fd0f6378171eae4396ea15dc240d1abf46668dbc8f5f20ef2" + "b3f38f00e2031788", + "cb9a0db18d63d7ead7c960d6b286745fb3ffffffffffffffffffffffffffffffdebab4a1" + "584250bffc2fc84d95decf04b3ffffffffffffffffffffffffffffffdebab4a1584250bf" + "fc2fc84d95decf04", + "2383ab0b799205699b510aa709bf31f1", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "8f278694c4e9daebd58d3e5b966e8b68423d35f613e6d9093d38e975c38fe3b80653e7a3" + "31718833acc3b9adff1c3198a6f6378171eae4396ea15dc240d1abf4de049a00a864064b" + "bcd46fe4e45b428f", + "8f4c51bb42233a7276a2c0912a88f3cbc5ffffffffffffffffffffffffffffff66d6f569" + "05d45806f30828a993869a03c5ffffffffffffffffffffffffffffff66d6f56905d45806" + "f30828a993869a03", + "8bfbab17a9e0b8748b510ae7d9fd2305", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "d59428d079351f665cd001354319875c9a22d70a48e24fddcdd4419de64c8f44fc7aed35" + "cb5a2fcaa0346efb9365546477b5c907d9c9e1ea51851a204aad9f0a242d9096524fa1b2" + "b023b8b2882227733f91f8e7c7b1962564619c5e7e9bf613", + "d5ffffffffffffffffffffffffffffff1de01d03a4fb692b0f135717da3c93039cffffff" + "ffffffffffffffffffffffff14bc017957dcfa2cc0dbb81df583cb019cffffffffffffff" + "ffffffffffffffff14bc017957dcfa2cc0dbb81df583cb01", + "49bc6e9fc51c4d503036644d842773d2", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "db9428d079351f665cd001354319875c75d5643aa5af934d8cce392cc3eedb47c07aed35" + "cb5a2fcaa0346efb93655464601b5ad2067f28066a8f3281715ba808182d9096524fa1b2" + "b023b8b288222773283f6b3218075fc95f6bb4ff456dc111", + "dbfffffffffffffffffffffffffffffff217ae3349b6b5bb4e092fa6ff9ec700a0ffffff" + "ffffffffffffffffffffffff031292ac886a33c0fbd190bcce75fc03a0ffffffffffffff" + "ffffffffffffffff031292ac886a33c0fbd190bcce75fc03", + "63da6ea251f039532c36645d38b76fd7", "valid" }, + { "808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f", + "0000000000000000064c2d52", "ffffffff", + "939428d079351f665cd001354319875c624839604216e403ebcc6af559ec8b43977aed35" + "cb5a2fcaa0346efb93655464d8c8c3fa1a9e474abe52d02c8187e90f4f2d9096524fa1b2" + "b023b8b28822277390ecf21a04e630858bb65652b5b18016", + "93ffffffffffffffffffffffffffffffe58af369ae0fc2f5290b7c7f659c9704f7ffffff" + "ffffffffffffffffffffffffbbc10b84948b5c8c2f0c72113ea9bd04f7ffffffffffffff" + "ffffffffffffffffbbc10b84948b5c8c2f0c72113ea9bd04", + "73eb2724b5c405f04d00d0f15840a1c1", "valid" } +}; + +static int +tv(void) +{ + unsigned char *ad; + unsigned char *decrypted; + unsigned char *detached_ciphertext; + unsigned char *key; + unsigned char *message; + unsigned char *mac; + unsigned char *nonce; + char * hex; + size_t ad_len; + size_t ciphertext_len; + size_t detached_ciphertext_len; + size_t message_len; + unsigned int i; + + key = (unsigned char *) sodium_malloc( + crypto_aead_chacha20poly1305_ietf_KEYBYTES); + nonce = (unsigned char *) sodium_malloc( + crypto_aead_chacha20poly1305_ietf_NPUBBYTES); + mac = (unsigned char *) sodium_malloc( + crypto_aead_chacha20poly1305_ietf_ABYTES); + + for (i = 0U; i < (sizeof tests) / (sizeof tests[0]); i++) { + assert(strlen(tests[i].key_hex) == + 2 * crypto_aead_chacha20poly1305_ietf_KEYBYTES); + sodium_hex2bin(key, crypto_aead_chacha20poly1305_ietf_KEYBYTES, + tests[i].key_hex, strlen(tests[i].key_hex), NULL, NULL, + NULL); + + assert(strlen(tests[i].nonce_hex) == + 2 * crypto_aead_chacha20poly1305_ietf_NPUBBYTES); + sodium_hex2bin(nonce, crypto_aead_chacha20poly1305_ietf_NPUBBYTES, + tests[i].nonce_hex, strlen(tests[i].nonce_hex), NULL, + NULL, NULL); + + message_len = strlen(tests[i].message_hex) / 2; + message = (unsigned char *) sodium_malloc(message_len); + sodium_hex2bin(message, message_len, tests[i].message_hex, + strlen(tests[i].message_hex), NULL, NULL, NULL); + + ad_len = strlen(tests[i].ad_hex) / 2; + ad = (unsigned char *) sodium_malloc(ad_len); + sodium_hex2bin(ad, ad_len, tests[i].ad_hex, strlen(tests[i].ad_hex), + NULL, NULL, NULL); + + detached_ciphertext_len = message_len; + assert(strlen(tests[i].detached_ciphertext_hex) == 2 * message_len); + assert(strlen(tests[i].mac_hex) == + 2 * crypto_aead_chacha20poly1305_ietf_ABYTES); + sodium_hex2bin(mac, crypto_aead_chacha20poly1305_ietf_ABYTES, + tests[i].mac_hex, strlen(tests[i].mac_hex), NULL, NULL, + NULL); + + detached_ciphertext = + (unsigned char *) sodium_malloc(detached_ciphertext_len); + sodium_hex2bin(detached_ciphertext, detached_ciphertext_len, + tests[i].detached_ciphertext_hex, + strlen(tests[i].detached_ciphertext_hex), NULL, NULL, + NULL); + + decrypted = (unsigned char *) sodium_malloc(message_len); + if (crypto_aead_chacha20poly1305_ietf_decrypt_detached( + decrypted, NULL, detached_ciphertext, detached_ciphertext_len, + mac, ad, ad_len, nonce, key) == 0) { + if (strcmp(tests[i].outcome, "valid") != 0) { + printf("*** test case %u succeeded, was supposed to be %s\n", i, + tests[i].outcome); + } + if (memcmp(decrypted, message, message_len) != 0) { + printf("Incorrect decryption of test vector #%u\n", + (unsigned int) i); + } + } else { + if (strcmp(tests[i].outcome, "invalid") != 0) { + printf("*** test case %u failed, was supposed to be %s\n", i, + tests[i].outcome); + } + } + + sodium_free(message); + sodium_free(ad); + sodium_free(decrypted); + sodium_free(detached_ciphertext); + } + + sodium_free(key); + sodium_free(mac); + sodium_free(nonce); + + return 0; +} + +int +main(void) +{ + tv(); + printf("OK\n"); + + return 0; +} diff --git a/test/default/aead_chacha20poly13052.exp b/test/default/aead_chacha20poly13052.exp new file mode 100644 index 00000000..d86bac9d --- /dev/null +++ b/test/default/aead_chacha20poly13052.exp @@ -0,0 +1 @@ +OK From 9c86285ee25ba85ebd7b2be01b1f41e790af50ca Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 6 Sep 2018 21:00:32 +0200 Subject: [PATCH 096/190] Update ChangeLog --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 1e1921f3..2504a9b6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,7 @@ counterpart. not to be detected. - The library now enables compilation with retpoline by default. - Portability improvements. + - Test vectors from Project Wycheproof have been added. * Version 1.0.16 - Signatures computations and verifications are now way faster on From cf217e3dfcad0ca6320af9d596333bf139035f2e Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 8 Sep 2018 00:39:54 +0200 Subject: [PATCH 097/190] Call misuse() if we ask too much data from the IETF variant of ChaCha20 Fix #753 --- .../msvc/vs2010/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 + .../msvc/vs2012/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 + .../msvc/vs2013/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 + .../msvc/vs2015/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 + .../msvc/vs2017/libsodium/libsodium.vcxproj | 1 + .../libsodium/libsodium.vcxproj.filters | 3 + libsodium.vcxproj | 1 + libsodium.vcxproj.filters | 3 + src/libsodium/Makefile.am | 1 + .../sodium/aead_chacha20poly1305.c | 1 + .../sodium/aead_xchacha20poly1305.c | 116 ++++++++++++++++-- .../secretstream_xchacha20poly1305.c | 13 +- .../crypto_stream/chacha20/stream_chacha20.c | 14 +++ .../sodium/private/chacha20_ietf_ext.h | 13 ++ test/default/chacha20.c | 2 +- test/default/chacha20.exp | 2 +- 20 files changed, 171 insertions(+), 15 deletions(-) create mode 100644 src/libsodium/include/sodium/private/chacha20_ietf_ext.h diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj b/builds/msvc/vs2010/libsodium/libsodium.vcxproj index c5848161..ec340a17 100644 --- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj @@ -259,6 +259,7 @@ + diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters index 80701640..079094b9 100644 --- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters @@ -566,6 +566,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj b/builds/msvc/vs2012/libsodium/libsodium.vcxproj index 72040cbf..f140d161 100644 --- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj @@ -259,6 +259,7 @@ + diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters index 80701640..079094b9 100644 --- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters @@ -566,6 +566,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj b/builds/msvc/vs2013/libsodium/libsodium.vcxproj index b60bc018..cddd4ad6 100644 --- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj @@ -259,6 +259,7 @@ + diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters index 80701640..079094b9 100644 --- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters @@ -566,6 +566,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj b/builds/msvc/vs2015/libsodium/libsodium.vcxproj index 00d5bfb3..230086a9 100644 --- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj @@ -259,6 +259,7 @@ + diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters index 80701640..079094b9 100644 --- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters @@ -566,6 +566,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj b/builds/msvc/vs2017/libsodium/libsodium.vcxproj index ed26b978..8a175e0b 100644 --- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj @@ -259,6 +259,7 @@ + diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters index 80701640..079094b9 100644 --- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters @@ -566,6 +566,9 @@ include\sodium\private + + include\sodium\private + include\sodium\private diff --git a/libsodium.vcxproj b/libsodium.vcxproj index eec2a525..63d5f956 100644 --- a/libsodium.vcxproj +++ b/libsodium.vcxproj @@ -497,6 +497,7 @@ + diff --git a/libsodium.vcxproj.filters b/libsodium.vcxproj.filters index 8325e43c..b4a4ea96 100644 --- a/libsodium.vcxproj.filters +++ b/libsodium.vcxproj.filters @@ -557,6 +557,9 @@ Header Files + + Header Files + Header Files diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am index cbac4d19..2c3d210f 100644 --- a/src/libsodium/Makefile.am +++ b/src/libsodium/Makefile.am @@ -82,6 +82,7 @@ libsodium_la_SOURCES = \ crypto_stream/salsa20/stream_salsa20.h \ crypto_stream/xsalsa20/stream_xsalsa20.c \ crypto_verify/sodium/verify.c \ + include/sodium/private/chacha20_ietf_ext.h \ include/sodium/private/common.h \ include/sodium/private/ed25519_ref10.h \ include/sodium/private/implementations.h \ diff --git a/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c b/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c index c79407a1..c3540879 100644 --- a/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c +++ b/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c @@ -12,6 +12,7 @@ #include "randombytes.h" #include "utils.h" +#include "private/chacha20_ietf_ext.h" #include "private/common.h" static const unsigned char _pad0[16] = { 0 }; diff --git a/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c b/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c index 04971a82..7e48c0d7 100644 --- a/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c +++ b/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c @@ -5,14 +5,118 @@ #include #include "core.h" -#include "crypto_aead_xchacha20poly1305.h" #include "crypto_aead_chacha20poly1305.h" +#include "crypto_aead_xchacha20poly1305.h" #include "crypto_core_hchacha20.h" +#include "crypto_onetimeauth_poly1305.h" +#include "crypto_stream_chacha20.h" +#include "crypto_verify_16.h" #include "randombytes.h" #include "utils.h" +#include "private/chacha20_ietf_ext.h" #include "private/common.h" +static const unsigned char _pad0[16] = { 0 }; + +static int +_encrypt_detached(unsigned char *c, + unsigned char *mac, + unsigned long long *maclen_p, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *nsec, + const unsigned char *npub, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char slen[8U]; + + (void) nsec; + crypto_stream_chacha20_ietf(block0, sizeof block0, npub, k); + crypto_onetimeauth_poly1305_init(&state, block0); + sodium_memzero(block0, sizeof block0); + + crypto_onetimeauth_poly1305_update(&state, ad, adlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf); + + crypto_stream_chacha20_ietf_ext_xor_ic(c, m, mlen, npub, 1U, k); + + crypto_onetimeauth_poly1305_update(&state, c, mlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf); + + STORE64_LE(slen, (uint64_t) adlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + STORE64_LE(slen, (uint64_t) mlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_final(&state, mac); + sodium_memzero(&state, sizeof state); + + if (maclen_p != NULL) { + *maclen_p = crypto_aead_chacha20poly1305_ietf_ABYTES; + } + return 0; +} + +static int +_decrypt_detached(unsigned char *m, + unsigned char *nsec, + const unsigned char *c, + unsigned long long clen, + const unsigned char *mac, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *npub, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char slen[8U]; + unsigned char computed_mac[crypto_aead_chacha20poly1305_ietf_ABYTES]; + unsigned long long mlen; + int ret; + + (void) nsec; + crypto_stream_chacha20_ietf(block0, sizeof block0, npub, k); + crypto_onetimeauth_poly1305_init(&state, block0); + sodium_memzero(block0, sizeof block0); + + crypto_onetimeauth_poly1305_update(&state, ad, adlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf); + + mlen = clen; + crypto_onetimeauth_poly1305_update(&state, c, mlen); + crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf); + + STORE64_LE(slen, (uint64_t) adlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + STORE64_LE(slen, (uint64_t) mlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_final(&state, computed_mac); + sodium_memzero(&state, sizeof state); + + COMPILER_ASSERT(sizeof computed_mac == 16U); + ret = crypto_verify_16(computed_mac, mac); + sodium_memzero(computed_mac, sizeof computed_mac); + if (m == NULL) { + return ret; + } + if (ret != 0) { + memset(m, 0, mlen); + return -1; + } + crypto_stream_chacha20_ietf_ext_xor_ic(m, c, mlen, npub, 1U, k); + + return 0; +} + int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c, unsigned char *mac, @@ -32,8 +136,8 @@ crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c, crypto_core_hchacha20(k2, npub, k, NULL); memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES, crypto_aead_chacha20poly1305_ietf_NPUBBYTES - 4); - ret = crypto_aead_chacha20poly1305_ietf_encrypt_detached - (c, mac, maclen_p, m, mlen, ad, adlen, nsec, npub2, k2); + ret = _encrypt_detached(c, mac, maclen_p, m, mlen, ad, adlen, + nsec, npub2, k2); sodium_memzero(k2, crypto_core_hchacha20_OUTPUTBYTES); return ret; @@ -85,12 +189,10 @@ crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m, crypto_core_hchacha20(k2, npub, k, NULL); memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES, crypto_aead_chacha20poly1305_ietf_NPUBBYTES - 4); - ret = crypto_aead_chacha20poly1305_ietf_decrypt_detached - (m, nsec, c, clen, mac, ad, adlen, npub2, k2); + ret = _decrypt_detached(m, nsec, c, clen, mac, ad, adlen, npub2, k2); sodium_memzero(k2, crypto_core_hchacha20_OUTPUTBYTES); return ret; - } int @@ -105,7 +207,7 @@ crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m, const unsigned char *k) { unsigned long long mlen = 0ULL; - int ret = -1; + int ret = -1; if (clen >= crypto_aead_xchacha20poly1305_ietf_ABYTES) { ret = crypto_aead_xchacha20poly1305_ietf_decrypt_detached diff --git a/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c b/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c index ef000d16..6d677e0e 100644 --- a/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c +++ b/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c @@ -12,6 +12,7 @@ #include "randombytes.h" #include "utils.h" +#include "private/chacha20_ietf_ext.h" #include "private/common.h" #define crypto_secretstream_xchacha20poly1305_COUNTERBYTES 4U @@ -136,13 +137,13 @@ crypto_secretstream_xchacha20poly1305_push memset(block, 0, sizeof block); block[0] = tag; - crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block, - state->nonce, 1U, state->k); + crypto_stream_chacha20_ietf_ext_xor_ic(block, block, sizeof block, + state->nonce, 1U, state->k); crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block); out[0] = block[0]; c = out + (sizeof tag); - crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, state->nonce, 2U, state->k); + crypto_stream_chacha20_ietf_ext_xor_ic(c, m, mlen, state->nonce, 2U, state->k); crypto_onetimeauth_poly1305_update(&poly1305_state, c, mlen); crypto_onetimeauth_poly1305_update (&poly1305_state, _pad0, (0x10 - (sizeof block) + mlen) & 0xf); @@ -212,8 +213,8 @@ crypto_secretstream_xchacha20poly1305_pull memset(block, 0, sizeof block); block[0] = in[0]; - crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block, - state->nonce, 1U, state->k); + crypto_stream_chacha20_ietf_ext_xor_ic(block, block, sizeof block, + state->nonce, 1U, state->k); tag = block[0]; block[0] = in[0]; crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block); @@ -237,7 +238,7 @@ crypto_secretstream_xchacha20poly1305_pull return -1; } - crypto_stream_chacha20_ietf_xor_ic(m, c, mlen, state->nonce, 2U, state->k); + crypto_stream_chacha20_ietf_ext_xor_ic(m, c, mlen, state->nonce, 2U, state->k); XOR_BUF(STATE_INONCE(state), mac, crypto_secretstream_xchacha20poly1305_INONCEBYTES); sodium_increment(STATE_COUNTER(state), diff --git a/src/libsodium/crypto_stream/chacha20/stream_chacha20.c b/src/libsodium/crypto_stream/chacha20/stream_chacha20.c index 3b089511..8294c99b 100644 --- a/src/libsodium/crypto_stream/chacha20/stream_chacha20.c +++ b/src/libsodium/crypto_stream/chacha20/stream_chacha20.c @@ -1,4 +1,5 @@ #include "crypto_stream_chacha20.h" +#include "core.h" #include "private/common.h" #include "private/implementations.h" #include "randombytes.h" @@ -77,6 +78,19 @@ crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint32_t ic, const unsigned char *k) +{ + if ((unsigned long long) ic > + crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX / 64ULL - (mlen + 63ULL) / 64ULL) { + sodium_misuse(); + } + return implementation->stream_ietf_xor_ic(c, m, mlen, n, ic, k); +} + +int +crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint32_t ic, + const unsigned char *k) { return implementation->stream_ietf_xor_ic(c, m, mlen, n, ic, k); } diff --git a/src/libsodium/include/sodium/private/chacha20_ietf_ext.h b/src/libsodium/include/sodium/private/chacha20_ietf_ext.h new file mode 100644 index 00000000..2f3c048f --- /dev/null +++ b/src/libsodium/include/sodium/private/chacha20_ietf_ext.h @@ -0,0 +1,13 @@ +#ifndef chacha20_ietf_ext_H +#define chacha20_ietf_ext_H + +#include + +/* The ietf_ext variant allows the internal counter to overflow into the IV */ +int +crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint32_t ic, + const unsigned char *k); +#endif + diff --git a/test/default/chacha20.c b/test/default/chacha20.c index 0abe8d34..d92b11e8 100644 --- a/test/default/chacha20.c +++ b/test/default/chacha20.c @@ -105,7 +105,7 @@ void tv_ietf(void) 1U }, { "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", "000000090000004a00000000", - 0xffffffff }}; + 0xfeffffff }}; unsigned char key[crypto_stream_chacha20_KEYBYTES]; unsigned char nonce[crypto_stream_chacha20_IETF_NONCEBYTES]; unsigned char *part; diff --git a/test/default/chacha20.exp b/test/default/chacha20.exp index 17e1e5c1..1b2017c7 100644 --- a/test/default/chacha20.exp +++ b/test/default/chacha20.exp @@ -35,7 +35,7 @@ [72d54dfbf12ec44b362692df94137f328fea8da73990265ec1bbbea1ae9af0ca13b25aa26cb4a648cb9b9d1be65b2c0924a66c54d545ec1b7374f4872e99f096bf74dbd52cc4fc95ceb6097fe5e65358c9dbc0a5ecbf7894a132a9a54ae3e951f2e9f209aa9c3d9a877ac9dab62433d2961a17d103e455dfb7337c90f6857aad233065955a212b5c7a8eab4dc8a629e5b6b8ba914afd06de7177054b33d21c96] [c2c64d378cd536374ae204b9ef933fcd1a8b2288b3dfa49672ab765b54ee27c78a970e0e955c14f3a88e741b97c286f75f8fc299e8148362fa198a39531bed6d1a91288c874ec254f322c2a197340c55bb3e9b3998f7de2309486a0bb494abd20c9c5ef99c1370d61e77f408ac5514f49202bcc6828d45409d2d1416f8ae106b06ebd2541256264fa415bd54cb12e1d4449ed85299a1b7a249b75ff6c89b2e3f] [10f1e7e4d13b5915500fdd1fa32071c4c7d1f4c733c068030422aa9ac3d46c4ed2826446079faa0914c2d705d98b02a2b5129cd1de164eb9cbd083e8a2503c4e0a88837739d7bf4ef8ccacb0ea2bb9d69d56c394aa351dfda5bf459f0a2e9fe8e721f89255f9c486bf21679c683d4f9c5cf2fa27865526005b06ca374c86af3bdcbfbdcb83be65862ed5c20eae5a43241d6a92da6dca9a156be25297f51c2718] -[ff2941b8d740f6cbb50936bf997ebd5218cb108dc53f41c64841d0218167430ca03b770ca74ccb642a28194d1dedd2ed13151e25ec5d7faeb6d060bfb7e6b146880b67b55162bca26abe045fad14b0f492a3f369dcd52f98bc1513eaf238a3f434c7527121b4b756613e270395358d831d4950b6c7812fb724dc7c9be5e5c62ec8796d6690205061108b113f695582e4cf5d8b51112a51d157ef15e2cb95e4d5] +[75924bad7831b25662dbac54b46827990b6168ae990e7bd7e1fd2ad282bf23ef052c7d1a0a6c1ef862070943a0d4da24705fbc006dfb85e2af18c0a264d772a44c70fbedac9d6a6867ff6be0a32826507f2c784101583211c9e2453d4cc8b283d5e86682bd4bf511271b91dbd351415f5a009d1f78b64085a9a4341be7d42e2679d57e2747097f0129950e2c9e9ca1356022d45da252af71ac37f351a2e77911] [61010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101] [6146f256040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404040404] [6146f2564fe1bd070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707070707] From 3e9d341d065dde2becdb69a2a27ea75c10d17745 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 8 Sep 2018 14:54:12 +0200 Subject: [PATCH 098/190] Add crypto_stream_chacha20_ietf_ext, use _ext suffix everywhere for consistency --- .../sodium/aead_xchacha20poly1305.c | 4 +- .../secretstream_xchacha20poly1305.c | 15 +-- .../chacha20/dolbeau/chacha20_dolbeau-avx2.c | 17 ++-- .../chacha20/dolbeau/chacha20_dolbeau-ssse3.c | 17 ++-- .../crypto_stream/chacha20/ref/chacha20_ref.c | 17 ++-- .../crypto_stream/chacha20/stream_chacha20.c | 93 +++++++++++++------ .../crypto_stream/chacha20/stream_chacha20.h | 12 +-- .../sodium/private/chacha20_ietf_ext.h | 13 ++- 8 files changed, 112 insertions(+), 76 deletions(-) diff --git a/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c b/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c index 7e48c0d7..07e36557 100644 --- a/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c +++ b/src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c @@ -36,7 +36,7 @@ _encrypt_detached(unsigned char *c, unsigned char slen[8U]; (void) nsec; - crypto_stream_chacha20_ietf(block0, sizeof block0, npub, k); + crypto_stream_chacha20_ietf_ext(block0, sizeof block0, npub, k); crypto_onetimeauth_poly1305_init(&state, block0); sodium_memzero(block0, sizeof block0); @@ -82,7 +82,7 @@ _decrypt_detached(unsigned char *m, int ret; (void) nsec; - crypto_stream_chacha20_ietf(block0, sizeof block0, npub, k); + crypto_stream_chacha20_ietf_ext(block0, sizeof block0, npub, k); crypto_onetimeauth_poly1305_init(&state, block0); sodium_memzero(block0, sizeof block0); diff --git a/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c b/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c index 6d677e0e..2754a91c 100644 --- a/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c +++ b/src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c @@ -12,7 +12,6 @@ #include "randombytes.h" #include "utils.h" -#include "private/chacha20_ietf_ext.h" #include "private/common.h" #define crypto_secretstream_xchacha20poly1305_COUNTERBYTES 4U @@ -124,6 +123,8 @@ crypto_secretstream_xchacha20poly1305_push if (outlen_p != NULL) { *outlen_p = 0U; } + COMPILER_ASSERT(crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX + <= crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX); if (mlen > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX) { sodium_misuse(); } @@ -137,13 +138,13 @@ crypto_secretstream_xchacha20poly1305_push memset(block, 0, sizeof block); block[0] = tag; - crypto_stream_chacha20_ietf_ext_xor_ic(block, block, sizeof block, - state->nonce, 1U, state->k); + crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block, + state->nonce, 1U, state->k); crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block); out[0] = block[0]; c = out + (sizeof tag); - crypto_stream_chacha20_ietf_ext_xor_ic(c, m, mlen, state->nonce, 2U, state->k); + crypto_stream_chacha20_ietf_xor_ic(c, m, mlen, state->nonce, 2U, state->k); crypto_onetimeauth_poly1305_update(&poly1305_state, c, mlen); crypto_onetimeauth_poly1305_update (&poly1305_state, _pad0, (0x10 - (sizeof block) + mlen) & 0xf); @@ -213,8 +214,8 @@ crypto_secretstream_xchacha20poly1305_pull memset(block, 0, sizeof block); block[0] = in[0]; - crypto_stream_chacha20_ietf_ext_xor_ic(block, block, sizeof block, - state->nonce, 1U, state->k); + crypto_stream_chacha20_ietf_xor_ic(block, block, sizeof block, + state->nonce, 1U, state->k); tag = block[0]; block[0] = in[0]; crypto_onetimeauth_poly1305_update(&poly1305_state, block, sizeof block); @@ -238,7 +239,7 @@ crypto_secretstream_xchacha20poly1305_pull return -1; } - crypto_stream_chacha20_ietf_ext_xor_ic(m, c, mlen, state->nonce, 2U, state->k); + crypto_stream_chacha20_ietf_xor_ic(m, c, mlen, state->nonce, 2U, state->k); XOR_BUF(STATE_INONCE(state), mac, crypto_secretstream_xchacha20poly1305_INONCEBYTES); sodium_increment(STATE_COUNTER(state), diff --git a/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.c b/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.c index 6149af39..f63e0552 100644 --- a/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.c +++ b/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.c @@ -77,9 +77,6 @@ chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c, if (!bytes) { return; /* LCOV_EXCL_LINE */ } - if (bytes > crypto_stream_chacha20_MESSAGEBYTES_MAX) { - sodium_misuse(); - } # include "u8.h" # include "u4.h" # include "u1.h" @@ -106,8 +103,8 @@ stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n, } static int -stream_ietf_ref(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k) +stream_ietf_ext_ref(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) { struct chacha_ctx ctx; @@ -150,9 +147,9 @@ stream_ref_xor_ic(unsigned char *c, const unsigned char *m, } static int -stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m, - unsigned long long mlen, const unsigned char *n, - uint32_t ic, const unsigned char *k) +stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + uint32_t ic, const unsigned char *k) { struct chacha_ctx ctx; uint8_t ic_bytes[4]; @@ -172,9 +169,9 @@ stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m, struct crypto_stream_chacha20_implementation crypto_stream_chacha20_dolbeau_avx2_implementation = { SODIUM_C99(.stream =) stream_ref, - SODIUM_C99(.stream_ietf =) stream_ietf_ref, + SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref, SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic, - SODIUM_C99(.stream_ietf_xor_ic =) stream_ietf_ref_xor_ic + SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic }; #endif diff --git a/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.c b/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.c index b7b9aa4a..6f5d3851 100644 --- a/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.c +++ b/src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.c @@ -72,9 +72,6 @@ chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c, if (!bytes) { return; /* LCOV_EXCL_LINE */ } - if (bytes > crypto_stream_chacha20_MESSAGEBYTES_MAX) { - sodium_misuse(); - } # include "u4.h" # include "u1.h" # include "u0.h" @@ -100,8 +97,8 @@ stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n, } static int -stream_ietf_ref(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k) +stream_ietf_ext_ref(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) { struct chacha_ctx ctx; @@ -144,9 +141,9 @@ stream_ref_xor_ic(unsigned char *c, const unsigned char *m, } static int -stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m, - unsigned long long mlen, const unsigned char *n, - uint32_t ic, const unsigned char *k) +stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + uint32_t ic, const unsigned char *k) { struct chacha_ctx ctx; uint8_t ic_bytes[4]; @@ -166,9 +163,9 @@ stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m, struct crypto_stream_chacha20_implementation crypto_stream_chacha20_dolbeau_ssse3_implementation = { SODIUM_C99(.stream =) stream_ref, - SODIUM_C99(.stream_ietf =) stream_ietf_ref, + SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref, SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic, - SODIUM_C99(.stream_ietf_xor_ic =) stream_ietf_ref_xor_ic + SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic }; #endif diff --git a/src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c b/src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c index f88a99db..40cccbf8 100644 --- a/src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c +++ b/src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c @@ -92,9 +92,6 @@ chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c, if (!bytes) { return; /* LCOV_EXCL_LINE */ } - if (bytes > crypto_stream_chacha20_MESSAGEBYTES_MAX) { - sodium_misuse(); - } j0 = ctx->input[0]; j1 = ctx->input[1]; j2 = ctx->input[2]; @@ -243,8 +240,8 @@ stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n, } static int -stream_ietf_ref(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k) +stream_ietf_ext_ref(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) { struct chacha_ctx ctx; @@ -287,9 +284,9 @@ stream_ref_xor_ic(unsigned char *c, const unsigned char *m, } static int -stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m, - unsigned long long mlen, const unsigned char *n, - uint32_t ic, const unsigned char *k) +stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + uint32_t ic, const unsigned char *k) { struct chacha_ctx ctx; uint8_t ic_bytes[4]; @@ -309,7 +306,7 @@ stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m, struct crypto_stream_chacha20_implementation crypto_stream_chacha20_ref_implementation = { SODIUM_C99(.stream =) stream_ref, - SODIUM_C99(.stream_ietf =) stream_ietf_ref, + SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref, SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic, - SODIUM_C99(.stream_ietf_xor_ic =) stream_ietf_ref_xor_ic + SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic }; diff --git a/src/libsodium/crypto_stream/chacha20/stream_chacha20.c b/src/libsodium/crypto_stream/chacha20/stream_chacha20.c index 8294c99b..0a5a7fa5 100644 --- a/src/libsodium/crypto_stream/chacha20/stream_chacha20.c +++ b/src/libsodium/crypto_stream/chacha20/stream_chacha20.c @@ -54,25 +54,79 @@ int crypto_stream_chacha20(unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) { + if (clen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } return implementation->stream(c, clen, n, k); } -int -crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k) -{ - return implementation->stream_ietf(c, clen, n, k); -} - int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, const unsigned char *k) { + if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } return implementation->stream_xor_ic(c, m, mlen, n, ic, k); } +int +crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return implementation->stream_xor_ic(c, m, mlen, n, 0U, k); +} + +int +crypto_stream_chacha20_ietf_ext(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + if (clen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return implementation->stream_ietf_ext(c, clen, n, k); +} + +int +crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint32_t ic, + const unsigned char *k) +{ + if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return implementation->stream_ietf_ext_xor_ic(c, m, mlen, n, ic, k); +} + +static int +crypto_stream_chacha20_ietf_ext_xor(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) { + sodium_misuse(); + } + return implementation->stream_ietf_ext_xor_ic(c, m, mlen, n, 0U, k); +} + +int +crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k) +{ + if (clen > + crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX / 64ULL - (clen + 63ULL) / 64ULL) { + sodium_misuse(); + } + return crypto_stream_chacha20_ietf_ext(c, clen, n, k); +} + int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, @@ -83,24 +137,7 @@ crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m, crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX / 64ULL - (mlen + 63ULL) / 64ULL) { sodium_misuse(); } - return implementation->stream_ietf_xor_ic(c, m, mlen, n, ic, k); -} - -int -crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m, - unsigned long long mlen, - const unsigned char *n, uint32_t ic, - const unsigned char *k) -{ - return implementation->stream_ietf_xor_ic(c, m, mlen, n, ic, k); -} - -int -crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m, - unsigned long long mlen, const unsigned char *n, - const unsigned char *k) -{ - return implementation->stream_xor_ic(c, m, mlen, n, 0U, k); + return crypto_stream_chacha20_ietf_ext_xor_ic(c, m, mlen, n, ic, k); } int @@ -108,7 +145,11 @@ crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, const unsigned char *k) { - return implementation->stream_ietf_xor_ic(c, m, mlen, n, 0U, k); + if (mlen > + crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX / 64ULL - (mlen + 63ULL) / 64ULL) { + sodium_misuse(); + } + return crypto_stream_chacha20_ietf_ext_xor(c, m, mlen, n, k); } void diff --git a/src/libsodium/crypto_stream/chacha20/stream_chacha20.h b/src/libsodium/crypto_stream/chacha20/stream_chacha20.h index d6b71c5e..40f782f4 100644 --- a/src/libsodium/crypto_stream/chacha20/stream_chacha20.h +++ b/src/libsodium/crypto_stream/chacha20/stream_chacha20.h @@ -7,16 +7,16 @@ typedef struct crypto_stream_chacha20_implementation { int (*stream)(unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k); - int (*stream_ietf)(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + int (*stream_ietf_ext)(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k); int (*stream_xor_ic)(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, const unsigned char *k); - int (*stream_ietf_xor_ic)(unsigned char *c, const unsigned char *m, - unsigned long long mlen, - const unsigned char *n, uint32_t ic, - const unsigned char *k); + int (*stream_ietf_ext_xor_ic)(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint32_t ic, + const unsigned char *k); } crypto_stream_chacha20_implementation; #endif diff --git a/src/libsodium/include/sodium/private/chacha20_ietf_ext.h b/src/libsodium/include/sodium/private/chacha20_ietf_ext.h index 2f3c048f..2c80b96a 100644 --- a/src/libsodium/include/sodium/private/chacha20_ietf_ext.h +++ b/src/libsodium/include/sodium/private/chacha20_ietf_ext.h @@ -4,10 +4,13 @@ #include /* The ietf_ext variant allows the internal counter to overflow into the IV */ -int -crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m, - unsigned long long mlen, - const unsigned char *n, uint32_t ic, - const unsigned char *k); + +int crypto_stream_chacha20_ietf_ext(unsigned char *c, unsigned long long clen, + const unsigned char *n, const unsigned char *k); + +int crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m, + unsigned long long mlen, + const unsigned char *n, uint32_t ic, + const unsigned char *k); #endif From 04a7ab95f2f0e4f6fb48aa1d2953cfbdf5a8a36a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 10 Sep 2018 19:57:06 +0200 Subject: [PATCH 099/190] Don't mix lengths and block sizes --- src/libsodium/crypto_stream/chacha20/stream_chacha20.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/libsodium/crypto_stream/chacha20/stream_chacha20.c b/src/libsodium/crypto_stream/chacha20/stream_chacha20.c index 0a5a7fa5..be1577f3 100644 --- a/src/libsodium/crypto_stream/chacha20/stream_chacha20.c +++ b/src/libsodium/crypto_stream/chacha20/stream_chacha20.c @@ -120,8 +120,7 @@ int crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) { - if (clen > - crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX / 64ULL - (clen + 63ULL) / 64ULL) { + if (clen > crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX) { sodium_misuse(); } return crypto_stream_chacha20_ietf_ext(c, clen, n, k); @@ -145,8 +144,7 @@ crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, const unsigned char *k) { - if (mlen > - crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX / 64ULL - (mlen + 63ULL) / 64ULL) { + if (mlen > crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX) { sodium_misuse(); } return crypto_stream_chacha20_ietf_ext_xor(c, m, mlen, n, k); From bea8839c6b7bb86c3cd0c73c16e1fa6e07f4c175 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 12 Sep 2018 08:18:42 +0200 Subject: [PATCH 100/190] Do not count the overhead in xchacha20poly1305_MESSAGEBYTES_MAX --- .../include/sodium/crypto_secretstream_xchacha20poly1305.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h b/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h index 7d3fa2a9..74a0c9b2 100644 --- a/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h +++ b/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h @@ -30,7 +30,8 @@ SODIUM_EXPORT size_t crypto_secretstream_xchacha20poly1305_keybytes(void); #define crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX \ - SODIUM_MIN(SODIUM_SIZE_MAX, ((1ULL << 32) - 2ULL) * 64ULL) + SODIUM_MIN(SODIUM_SIZE_MAX - crypto_secretstream_xchacha20poly1305_ABYTES, \ + (64ULL * (1ULL << 32) - 2ULL)) SODIUM_EXPORT size_t crypto_secretstream_xchacha20poly1305_messagebytes_max(void); From 43909c1ffb9685636cefaccf469e0b5a1906201a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 12 Sep 2018 08:40:22 +0200 Subject: [PATCH 101/190] Allow ic + mlen to overflow a size_t in chacha20_ietf_xor_ic() --- src/libsodium/crypto_stream/chacha20/stream_chacha20.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsodium/crypto_stream/chacha20/stream_chacha20.c b/src/libsodium/crypto_stream/chacha20/stream_chacha20.c index be1577f3..c98d6090 100644 --- a/src/libsodium/crypto_stream/chacha20/stream_chacha20.c +++ b/src/libsodium/crypto_stream/chacha20/stream_chacha20.c @@ -133,7 +133,7 @@ crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m, const unsigned char *k) { if ((unsigned long long) ic > - crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX / 64ULL - (mlen + 63ULL) / 64ULL) { + (64ULL * (1ULL << 32)) / 64ULL - (mlen + 63ULL) / 64ULL) { sodium_misuse(); } return crypto_stream_chacha20_ietf_ext_xor_ic(c, m, mlen, n, ic, k); From 5a7290ce6a075740061aa14e110df5483eb3508c Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 12 Sep 2018 14:51:03 +0200 Subject: [PATCH 102/190] Make this warning more difficult to ignore --- src/libsodium/include/sodium/private/common.h | 15 +++++++++++++++ src/libsodium/sodium/core.c | 15 --------------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/libsodium/include/sodium/private/common.h b/src/libsodium/include/sodium/private/common.h index 632fc8a7..ea29881c 100644 --- a/src/libsodium/include/sodium/private/common.h +++ b/src/libsodium/include/sodium/private/common.h @@ -1,6 +1,21 @@ #ifndef common_H #define common_H 1 +#if !defined(_MSC_VER) && 1 +# warning *** This is unstable, untested, development code. +# warning It might not compile. It might not work as expected. +# warning It might be totally insecure. +# warning Do not use this in production. +# warning Use releases available at https://download.libsodium.org/libsodium/releases/ instead. +# warning Alternatively, use the "stable" branch in the git repository. +#endif + +#if !defined(_MSC_VER) && (!defined(CONFIGURED) || CONFIGURED != 1) +# warning *** The library is being compiled using an undocumented method. +# warning This is not supported. It has not been tested, it might not +# warning work as expected, and performance is likely to be suboptimal. +#endif + #include #include #include diff --git a/src/libsodium/sodium/core.c b/src/libsodium/sodium/core.c index d667312f..2241a2ea 100644 --- a/src/libsodium/sodium/core.c +++ b/src/libsodium/sodium/core.c @@ -21,21 +21,6 @@ #include "private/implementations.h" #include "private/mutex.h" -#if !defined(_MSC_VER) && 1 -# warning *** This is unstable, untested, development code. -# warning It might not compile. It might not work as expected. -# warning It might be totally insecure. -# warning Do not use this in production. -# warning Use releases available at https://download.libsodium.org/libsodium/releases/ instead. -# warning Alternatively, use the "stable" branch in the git repository. -#endif - -#if !defined(_MSC_VER) && (!defined(CONFIGURED) || CONFIGURED != 1) -# warning *** The library is being compiled using an undocumented method. -# warning This is not supported. It has not been tested, it might not -# warning work as expected, and performance is likely to be suboptimal. -#endif - static volatile int initialized; static volatile int locked; From 3574ab879ecbd03ad3d4bd12f06c9b026e34a9ab Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 12 Sep 2018 14:53:16 +0200 Subject: [PATCH 103/190] Do not even use untested code in non-production environments --- src/libsodium/include/sodium/private/common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsodium/include/sodium/private/common.h b/src/libsodium/include/sodium/private/common.h index ea29881c..f87d682e 100644 --- a/src/libsodium/include/sodium/private/common.h +++ b/src/libsodium/include/sodium/private/common.h @@ -5,7 +5,7 @@ # warning *** This is unstable, untested, development code. # warning It might not compile. It might not work as expected. # warning It might be totally insecure. -# warning Do not use this in production. +# warning Do not use this except if you are planning to contribute code. # warning Use releases available at https://download.libsodium.org/libsodium/releases/ instead. # warning Alternatively, use the "stable" branch in the git repository. #endif From f0e5c3940d723c6ba3e43c3d62bae5543239ef94 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 12 Sep 2018 15:19:56 +0200 Subject: [PATCH 104/190] Substract the number of blocks, and make similar code more uniform --- src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h | 2 +- .../include/sodium/crypto_secretstream_xchacha20poly1305.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h b/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h index a575ec71..b6e04851 100644 --- a/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h +++ b/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h @@ -32,7 +32,7 @@ size_t crypto_aead_chacha20poly1305_ietf_abytes(void); #define crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX \ SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ietf_ABYTES, \ - (64ULL * (1ULL << 32) - 64ULL) - crypto_aead_chacha20poly1305_ietf_ABYTES) + (64ULL * ((1ULL << 32) - 1ULL)) - crypto_aead_chacha20poly1305_ietf_ABYTES) SODIUM_EXPORT size_t crypto_aead_chacha20poly1305_ietf_messagebytes_max(void); diff --git a/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h b/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h index 74a0c9b2..dac273b5 100644 --- a/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h +++ b/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h @@ -31,7 +31,7 @@ size_t crypto_secretstream_xchacha20poly1305_keybytes(void); #define crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX \ SODIUM_MIN(SODIUM_SIZE_MAX - crypto_secretstream_xchacha20poly1305_ABYTES, \ - (64ULL * (1ULL << 32) - 2ULL)) + (64ULL * ((1ULL << 32) - 2ULL))) SODIUM_EXPORT size_t crypto_secretstream_xchacha20poly1305_messagebytes_max(void); From b7abc4542e9839992f386f8a4bc427c853dbc625 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 12 Sep 2018 15:22:30 +0200 Subject: [PATCH 105/190] No need to provison for the tag if we are below SIZE_MAX --- src/libsodium/include/sodium/crypto_aead_aes256gcm.h | 2 +- src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsodium/include/sodium/crypto_aead_aes256gcm.h b/src/libsodium/include/sodium/crypto_aead_aes256gcm.h index 46a3800f..5e67aa99 100644 --- a/src/libsodium/include/sodium/crypto_aead_aes256gcm.h +++ b/src/libsodium/include/sodium/crypto_aead_aes256gcm.h @@ -52,7 +52,7 @@ size_t crypto_aead_aes256gcm_abytes(void); #define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \ SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \ - (16ULL * ((1ULL << 32) - 2ULL)) - crypto_aead_aes256gcm_ABYTES) + (16ULL * ((1ULL << 32) - 2ULL))) SODIUM_EXPORT size_t crypto_aead_aes256gcm_messagebytes_max(void); diff --git a/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h b/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h index b6e04851..8ab31243 100644 --- a/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h +++ b/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h @@ -32,7 +32,7 @@ size_t crypto_aead_chacha20poly1305_ietf_abytes(void); #define crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX \ SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ietf_ABYTES, \ - (64ULL * ((1ULL << 32) - 1ULL)) - crypto_aead_chacha20poly1305_ietf_ABYTES) + (64ULL * ((1ULL << 32) - 1ULL))) SODIUM_EXPORT size_t crypto_aead_chacha20poly1305_ietf_messagebytes_max(void); From 595ef9155771adb022eeff248dbc790335cb1b41 Mon Sep 17 00:00:00 2001 From: SlavSlavov <26271135+SlavSlavov@users.noreply.github.com> Date: Wed, 26 Sep 2018 20:59:59 +0100 Subject: [PATCH 106/190] Update Findsodium.cmake When libsodium is build and installed from source, the line: list(REMOVE_DUPLICATES sodium_PKG_STATIC_LIBRARIES) generates an error because sodium_PKG_STATIC_LIBRARIES is empty The proposed change fixes this issue --- contrib/Findsodium.cmake | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/contrib/Findsodium.cmake b/contrib/Findsodium.cmake index 30e6f5c1..a846303c 100644 --- a/contrib/Findsodium.cmake +++ b/contrib/Findsodium.cmake @@ -55,16 +55,16 @@ if (UNIX) endif() if(sodium_USE_STATIC_LIBS) - foreach(_libname ${sodium_PKG_STATIC_LIBRARIES}) - if (NOT _libname MATCHES "^lib.*\\.a$") # ignore strings already ending with .a - list(INSERT sodium_PKG_STATIC_LIBRARIES 0 "lib${_libname}.a") - endif() - endforeach() - list(REMOVE_DUPLICATES sodium_PKG_STATIC_LIBRARIES) - - # if pkgconfig for libsodium doesn't provide - # static lib info, then override PKG_STATIC here.. - if (sodium_PKG_STATIC_LIBRARIES STREQUAL "") + if (sodium_PKG_STATIC_LIBRARIES STREQUAL) + foreach(_libname ${sodium_PKG_STATIC_LIBRARIES}) + if (NOT _libname MATCHES "^lib.*\\.a$") # ignore strings already ending with .a + list(INSERT sodium_PKG_STATIC_LIBRARIES 0 "lib${_libname}.a") + endif() + endforeach() + list(REMOVE_DUPLICATES sodium_PKG_STATIC_LIBRARIES) + else() + # if pkgconfig for libsodium doesn't provide + # static lib info, then override PKG_STATIC here.. set(sodium_PKG_STATIC_LIBRARIES libsodium.a) endif() From 4f8e068b67480c5c43f875cc14c22601d5c8a297 Mon Sep 17 00:00:00 2001 From: SlavSlavov <26271135+SlavSlavov@users.noreply.github.com> Date: Thu, 27 Sep 2018 22:31:40 +0100 Subject: [PATCH 107/190] Update Findsodium.cmake A STREQUAL was left during the previous fix. Removed now. --- contrib/Findsodium.cmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/Findsodium.cmake b/contrib/Findsodium.cmake index a846303c..0667920c 100644 --- a/contrib/Findsodium.cmake +++ b/contrib/Findsodium.cmake @@ -55,7 +55,7 @@ if (UNIX) endif() if(sodium_USE_STATIC_LIBS) - if (sodium_PKG_STATIC_LIBRARIES STREQUAL) + if (sodium_PKG_STATIC_LIBRARIES) foreach(_libname ${sodium_PKG_STATIC_LIBRARIES}) if (NOT _libname MATCHES "^lib.*\\.a$") # ignore strings already ending with .a list(INSERT sodium_PKG_STATIC_LIBRARIES 0 "lib${_libname}.a") From b3ba348d0816628c9a098e83cafc85fbe237635c Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 29 Sep 2018 19:19:23 +0100 Subject: [PATCH 108/190] Provides explicit_memset supports/NetBSD. Similar to explicit_bzero function is to defeat compiler optimisation. --- configure.ac | 2 +- src/libsodium/sodium/utils.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0a7edbc1..35c42746 100644 --- a/configure.ac +++ b/configure.ac @@ -791,7 +791,7 @@ dnl Checks for functions and headers AC_FUNC_ALLOCA AS_IF([test "x$EMSCRIPTEN" = "x"],[ AC_CHECK_FUNCS([arc4random arc4random_buf]) - AC_CHECK_FUNCS([mmap mlock madvise mprotect memset_s explicit_bzero nanosleep]) + AC_CHECK_FUNCS([mmap mlock madvise mprotect memset_s explicit_bzero explicit_memset nanosleep]) ]) AC_CHECK_FUNCS([posix_memalign getpid]) diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index 83bc04d3..007f284a 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -110,6 +110,8 @@ sodium_memzero(void *const pnt, const size_t len) } #elif defined(HAVE_EXPLICIT_BZERO) explicit_bzero(pnt, len); +#elif defined(HAVE_EXPLICIT_MEMSET) + explicit_memset(pnt, 0, len); #elif HAVE_WEAK_SYMBOLS memset(pnt, 0, len); _sodium_dummy_symbol_to_prevent_memzero_lto(pnt, len); From 52fdd7ab3903f14c1160e789cd1070f08cb60c2a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 29 Sep 2018 22:37:39 +0200 Subject: [PATCH 109/190] Add getrandom(2) support for FreeBSD 12 Fixes #762 --- .../salsa20/randombytes_salsa20_random.c | 25 ++++++++++++------- .../sysrandom/randombytes_sysrandom.c | 23 +++++++++++------ 2 files changed, 31 insertions(+), 17 deletions(-) diff --git a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c index 477fda1c..e9518f2c 100644 --- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +++ b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c @@ -19,9 +19,20 @@ #ifdef __linux__ # ifdef __dietlibc__ # define _LINUX_SOURCE +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM # else # include +# if defined(SYS_getrandom) && defined(__NR_getrandom) +# define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# endif # endif +#elif defined(__FreeBSD_version) && __FreeBSD_version >= 1200000 +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +#endif +#ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM # include #endif #ifdef HAVE_RDRAND @@ -246,7 +257,7 @@ randombytes_salsa20_random_random_dev_open(void) } # endif -# if defined(__dietlibc__) || (defined(SYS_getrandom) && defined(__NR_getrandom)) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM static int _randombytes_linux_getrandom(void * const buf, const size_t size) { @@ -254,11 +265,7 @@ _randombytes_linux_getrandom(void * const buf, const size_t size) assert(size <= 256U); do { -# ifdef __dietlibc__ readnb = getrandom(buf, size, 0); -# else - readnb = syscall(SYS_getrandom, buf, (int) size, 0); -# endif } while (readnb < 0 && (errno == EINTR || errno == EAGAIN)); return (readnb == (int) size) - 1; @@ -299,7 +306,7 @@ randombytes_salsa20_random_init(void) errno = errno_save; # else -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM { unsigned char fodder[16]; @@ -310,7 +317,7 @@ randombytes_salsa20_random_init(void) } global.getrandom_available = 0; } -# endif /* SYS_getrandom */ +# endif /* HAVE_LINUX_COMPATIBLE_GETRANDOM */ if ((global.random_data_source_fd = randombytes_salsa20_random_random_dev_open()) == -1) { @@ -343,7 +350,7 @@ randombytes_salsa20_random_stir(void) # ifdef HAVE_SAFE_ARC4RANDOM arc4random_buf(stream.key, sizeof stream.key); -# elif defined(SYS_getrandom) && defined(__NR_getrandom) +# elif defined(HAVE_LINUX_COMPATIBLE_GETRANDOM) if (global.getrandom_available != 0) { if (randombytes_linux_getrandom(stream.key, sizeof stream.key) != 0) { sodium_misuse(); /* LCOV_EXCL_LINE */ @@ -428,7 +435,7 @@ randombytes_salsa20_random_close(void) ret = 0; # endif -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM if (global.getrandom_available != 0) { ret = 0; } diff --git a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c index f4dec08f..be1fd98b 100644 --- a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +++ b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c @@ -18,9 +18,20 @@ #ifdef __linux__ # ifdef __dietlibc__ # define _LINUX_SOURCE +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM # else # include +# if defined(SYS_getrandom) && defined(__NR_getrandom) +# define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# endif # endif +#elif defined(__FreeBSD_version) && __FreeBSD_version >= 1200000 +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +#endif +#ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM # include #endif @@ -204,7 +215,7 @@ randombytes_sysrandom_random_dev_open(void) /* LCOV_EXCL_STOP */ } -# if defined(__dietlibc__) || (defined(SYS_getrandom) && defined(__NR_getrandom)) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM static int _randombytes_linux_getrandom(void * const buf, const size_t size) { @@ -212,11 +223,7 @@ _randombytes_linux_getrandom(void * const buf, const size_t size) assert(size <= 256U); do { -# ifdef __dietlibc__ readnb = getrandom(buf, size, 0); -# else - readnb = syscall(SYS_getrandom, buf, (int) size, 0); -# endif } while (readnb < 0 && (errno == EINTR || errno == EAGAIN)); return (readnb == (int) size) - 1; @@ -249,7 +256,7 @@ randombytes_sysrandom_init(void) { const int errno_save = errno; -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM { unsigned char fodder[16]; @@ -306,7 +313,7 @@ randombytes_sysrandom_close(void) stream.initialized = 0; ret = 0; } -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM if (stream.getrandom_available != 0) { ret = 0; } @@ -331,7 +338,7 @@ randombytes_sysrandom_buf(void * const buf, const size_t size) # endif #endif #ifndef _WIN32 -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM if (stream.getrandom_available != 0) { if (randombytes_linux_getrandom(buf, size) != 0) { sodium_misuse(); /* LCOV_EXCL_LINE */ From 44dccfe6d42ab916a9bde5199ef29e382a623c9e Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 29 Sep 2018 22:48:53 +0200 Subject: [PATCH 110/190] TinyC now crashes on Travis when compiling sysrandom --- src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c | 2 +- src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c index e9518f2c..2c3351d4 100644 --- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +++ b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c @@ -23,7 +23,7 @@ # define HAVE_LINUX_COMPATIBLE_GETRANDOM # else # include -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# if defined(SYS_getrandom) && defined(__NR_getrandom) && !defined(__TINYC__) # define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) # define HAVE_LINUX_COMPATIBLE_GETRANDOM # endif diff --git a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c index be1fd98b..cfec312f 100644 --- a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +++ b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c @@ -22,7 +22,7 @@ # define HAVE_LINUX_COMPATIBLE_GETRANDOM # else # include -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# if defined(SYS_getrandom) && defined(__NR_getrandom) && !defined(__TINYC__) # define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) # define HAVE_LINUX_COMPATIBLE_GETRANDOM # endif From 9d5fcef52eb7edbe31b4ef275860ef270efbd141 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 29 Sep 2018 22:52:56 +0200 Subject: [PATCH 111/190] Revert "TinyC now crashes on Travis when compiling sysrandom" This reverts commit 44dccfe6d42ab916a9bde5199ef29e382a623c9e. --- src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c | 2 +- src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c index 2c3351d4..e9518f2c 100644 --- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +++ b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c @@ -23,7 +23,7 @@ # define HAVE_LINUX_COMPATIBLE_GETRANDOM # else # include -# if defined(SYS_getrandom) && defined(__NR_getrandom) && !defined(__TINYC__) +# if defined(SYS_getrandom) && defined(__NR_getrandom) # define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) # define HAVE_LINUX_COMPATIBLE_GETRANDOM # endif diff --git a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c index cfec312f..be1fd98b 100644 --- a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +++ b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c @@ -22,7 +22,7 @@ # define HAVE_LINUX_COMPATIBLE_GETRANDOM # else # include -# if defined(SYS_getrandom) && defined(__NR_getrandom) && !defined(__TINYC__) +# if defined(SYS_getrandom) && defined(__NR_getrandom) # define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) # define HAVE_LINUX_COMPATIBLE_GETRANDOM # endif From 97717953519c8d2fd852d56da6983c9ce65778e9 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 29 Sep 2018 22:53:05 +0200 Subject: [PATCH 112/190] Revert "Add getrandom(2) support for FreeBSD 12" This reverts commit 52fdd7ab3903f14c1160e789cd1070f08cb60c2a. Due to TinyC crashing. --- .../salsa20/randombytes_salsa20_random.c | 25 +++++++------------ .../sysrandom/randombytes_sysrandom.c | 23 ++++++----------- 2 files changed, 17 insertions(+), 31 deletions(-) diff --git a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c index e9518f2c..477fda1c 100644 --- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +++ b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c @@ -19,20 +19,9 @@ #ifdef __linux__ # ifdef __dietlibc__ # define _LINUX_SOURCE -# include -# define HAVE_LINUX_COMPATIBLE_GETRANDOM # else # include -# if defined(SYS_getrandom) && defined(__NR_getrandom) -# define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) -# define HAVE_LINUX_COMPATIBLE_GETRANDOM -# endif # endif -#elif defined(__FreeBSD_version) && __FreeBSD_version >= 1200000 -# include -# define HAVE_LINUX_COMPATIBLE_GETRANDOM -#endif -#ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM # include #endif #ifdef HAVE_RDRAND @@ -257,7 +246,7 @@ randombytes_salsa20_random_random_dev_open(void) } # endif -# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM +# if defined(__dietlibc__) || (defined(SYS_getrandom) && defined(__NR_getrandom)) static int _randombytes_linux_getrandom(void * const buf, const size_t size) { @@ -265,7 +254,11 @@ _randombytes_linux_getrandom(void * const buf, const size_t size) assert(size <= 256U); do { +# ifdef __dietlibc__ readnb = getrandom(buf, size, 0); +# else + readnb = syscall(SYS_getrandom, buf, (int) size, 0); +# endif } while (readnb < 0 && (errno == EINTR || errno == EAGAIN)); return (readnb == (int) size) - 1; @@ -306,7 +299,7 @@ randombytes_salsa20_random_init(void) errno = errno_save; # else -# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM +# if defined(SYS_getrandom) && defined(__NR_getrandom) { unsigned char fodder[16]; @@ -317,7 +310,7 @@ randombytes_salsa20_random_init(void) } global.getrandom_available = 0; } -# endif /* HAVE_LINUX_COMPATIBLE_GETRANDOM */ +# endif /* SYS_getrandom */ if ((global.random_data_source_fd = randombytes_salsa20_random_random_dev_open()) == -1) { @@ -350,7 +343,7 @@ randombytes_salsa20_random_stir(void) # ifdef HAVE_SAFE_ARC4RANDOM arc4random_buf(stream.key, sizeof stream.key); -# elif defined(HAVE_LINUX_COMPATIBLE_GETRANDOM) +# elif defined(SYS_getrandom) && defined(__NR_getrandom) if (global.getrandom_available != 0) { if (randombytes_linux_getrandom(stream.key, sizeof stream.key) != 0) { sodium_misuse(); /* LCOV_EXCL_LINE */ @@ -435,7 +428,7 @@ randombytes_salsa20_random_close(void) ret = 0; # endif -# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM +# if defined(SYS_getrandom) && defined(__NR_getrandom) if (global.getrandom_available != 0) { ret = 0; } diff --git a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c index be1fd98b..f4dec08f 100644 --- a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +++ b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c @@ -18,20 +18,9 @@ #ifdef __linux__ # ifdef __dietlibc__ # define _LINUX_SOURCE -# include -# define HAVE_LINUX_COMPATIBLE_GETRANDOM # else # include -# if defined(SYS_getrandom) && defined(__NR_getrandom) -# define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) -# define HAVE_LINUX_COMPATIBLE_GETRANDOM -# endif # endif -#elif defined(__FreeBSD_version) && __FreeBSD_version >= 1200000 -# include -# define HAVE_LINUX_COMPATIBLE_GETRANDOM -#endif -#ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM # include #endif @@ -215,7 +204,7 @@ randombytes_sysrandom_random_dev_open(void) /* LCOV_EXCL_STOP */ } -# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM +# if defined(__dietlibc__) || (defined(SYS_getrandom) && defined(__NR_getrandom)) static int _randombytes_linux_getrandom(void * const buf, const size_t size) { @@ -223,7 +212,11 @@ _randombytes_linux_getrandom(void * const buf, const size_t size) assert(size <= 256U); do { +# ifdef __dietlibc__ readnb = getrandom(buf, size, 0); +# else + readnb = syscall(SYS_getrandom, buf, (int) size, 0); +# endif } while (readnb < 0 && (errno == EINTR || errno == EAGAIN)); return (readnb == (int) size) - 1; @@ -256,7 +249,7 @@ randombytes_sysrandom_init(void) { const int errno_save = errno; -# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM +# if defined(SYS_getrandom) && defined(__NR_getrandom) { unsigned char fodder[16]; @@ -313,7 +306,7 @@ randombytes_sysrandom_close(void) stream.initialized = 0; ret = 0; } -# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM +# if defined(SYS_getrandom) && defined(__NR_getrandom) if (stream.getrandom_available != 0) { ret = 0; } @@ -338,7 +331,7 @@ randombytes_sysrandom_buf(void * const buf, const size_t size) # endif #endif #ifndef _WIN32 -# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM +# if defined(SYS_getrandom) && defined(__NR_getrandom) if (stream.getrandom_available != 0) { if (randombytes_linux_getrandom(buf, size) != 0) { sodium_misuse(); /* LCOV_EXCL_LINE */ From 34cbaa8dcdc09c46bf2db2ff407f4e9a29f57adf Mon Sep 17 00:00:00 2001 From: Ryan Lester Date: Sat, 29 Sep 2018 18:22:42 -0400 Subject: [PATCH 113/190] useBackupModule getRandomValue fix --- dist-build/emscripten.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 8a7c950f..8139ba07 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -110,7 +110,9 @@ if [ "$DIST" = yes ]; then Module.useBackupModule = function() { var Module = _Module; Object.keys(Module).forEach(function(k) { - delete Module[k]; + if (k !== 'getRandomValue') { + delete Module[k]; + } }); $(cat "${PREFIX}/lib/libsodium.asm.tmp.js" | sed 's|use asm||g') }; From 82b1739b985102c2500c42152cf641e843e40cfa Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 30 Sep 2018 21:46:28 +0200 Subject: [PATCH 114/190] Add getrandom(2) support for FreeBSD 12 --- .../salsa20/randombytes_salsa20_random.c | 39 +++++--- .../sysrandom/randombytes_sysrandom.c | 89 +++++++++++-------- 2 files changed, 76 insertions(+), 52 deletions(-) diff --git a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c index 477fda1c..e3ec30ff 100644 --- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +++ b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c @@ -19,9 +19,26 @@ #ifdef __linux__ # ifdef __dietlibc__ # define _LINUX_SOURCE -# else +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# else /* __dietlibc__ */ # include +# if defined(SYS_getrandom) && defined(__NR_getrandom) +# define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# endif +# endif /* __dietlibc__ */ +#elif defined(__FreeBSD__) +# include +# if defined(__FreeBSD_version) && __FreeBSD_version >= 1200000 +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM # endif +#endif +#if !defined(NO_BLOCKING_RANDOM_POLL) && defined(__linux__) +# define BLOCK_ON_DEV_RANDOM +#endif +#ifdef BLOCK_ON_DEV_RANDOM # include #endif #ifdef HAVE_RDRAND @@ -177,7 +194,7 @@ safe_read(const int fd, void * const buf_, size_t size) return (ssize_t) (buf - (unsigned char *) buf_); } -# if defined(__linux__) && !defined(USE_BLOCKING_RANDOM) && !defined(NO_BLOCKING_RANDOM_POLL) +# ifdef BLOCK_ON_DEV_RANDOM static int randombytes_block_on_dev_random(void) { @@ -219,11 +236,11 @@ randombytes_salsa20_random_random_dev_open(void) const char **device = devices; int fd; -# if defined(__linux__) && !defined(USE_BLOCKING_RANDOM) && !defined(NO_BLOCKING_RANDOM_POLL) +# ifdef BLOCK_ON_DEV_RANDOM if (randombytes_block_on_dev_random() != 0) { return -1; } -# endif +# endif do { fd = open(*device, O_RDONLY); if (fd != -1) { @@ -246,7 +263,7 @@ randombytes_salsa20_random_random_dev_open(void) } # endif -# if defined(__dietlibc__) || (defined(SYS_getrandom) && defined(__NR_getrandom)) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM static int _randombytes_linux_getrandom(void * const buf, const size_t size) { @@ -254,11 +271,7 @@ _randombytes_linux_getrandom(void * const buf, const size_t size) assert(size <= 256U); do { -# ifdef __dietlibc__ readnb = getrandom(buf, size, 0); -# else - readnb = syscall(SYS_getrandom, buf, (int) size, 0); -# endif } while (readnb < 0 && (errno == EINTR || errno == EAGAIN)); return (readnb == (int) size) - 1; @@ -299,7 +312,7 @@ randombytes_salsa20_random_init(void) errno = errno_save; # else -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM { unsigned char fodder[16]; @@ -310,7 +323,7 @@ randombytes_salsa20_random_init(void) } global.getrandom_available = 0; } -# endif /* SYS_getrandom */ +# endif /* HAVE_LINUX_COMPATIBLE_GETRANDOM */ if ((global.random_data_source_fd = randombytes_salsa20_random_random_dev_open()) == -1) { @@ -343,7 +356,7 @@ randombytes_salsa20_random_stir(void) # ifdef HAVE_SAFE_ARC4RANDOM arc4random_buf(stream.key, sizeof stream.key); -# elif defined(SYS_getrandom) && defined(__NR_getrandom) +# elif defined(HAVE_LINUX_COMPATIBLE_GETRANDOM) if (global.getrandom_available != 0) { if (randombytes_linux_getrandom(stream.key, sizeof stream.key) != 0) { sodium_misuse(); /* LCOV_EXCL_LINE */ @@ -428,7 +441,7 @@ randombytes_salsa20_random_close(void) ret = 0; # endif -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM if (global.getrandom_available != 0) { ret = 0; } diff --git a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c index f4dec08f..c24122f9 100644 --- a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +++ b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c @@ -18,9 +18,26 @@ #ifdef __linux__ # ifdef __dietlibc__ # define _LINUX_SOURCE -# else +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# else /* __dietlibc__ */ # include +# if defined(SYS_getrandom) && defined(__NR_getrandom) +# define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) +# define HAVE_LINUX_COMPATIBLE_GETRANDOM +# endif +# endif /* __dietlibc */ +#elif defined(__FreeBSD__) +# include +# if defined(__FreeBSD_version) && __FreeBSD_version >= 1200000 +# include +# define HAVE_LINUX_COMPATIBLE_GETRANDOM # endif +#endif +#if !defined(NO_BLOCKING_RANDOM_POLL) && defined(__linux__) +# define BLOCK_ON_DEV_RANDOM +#endif +#ifdef BLOCK_ON_DEV_RANDOM # include #endif @@ -102,7 +119,7 @@ static SysRandom stream = { SODIUM_C99(.getrandom_available =) 0 }; -#ifndef _WIN32 +# ifndef _WIN32 static ssize_t safe_read(const int fd, void * const buf_, size_t size) { @@ -126,10 +143,8 @@ safe_read(const int fd, void * const buf_, size_t size) return (ssize_t) (buf - (unsigned char *) buf_); } -#endif -#ifndef _WIN32 -# if defined(__linux__) && !defined(USE_BLOCKING_RANDOM) && !defined(NO_BLOCKING_RANDOM_POLL) +# ifdef BLOCK_ON_DEV_RANDOM static int randombytes_block_on_dev_random(void) { @@ -154,7 +169,7 @@ randombytes_block_on_dev_random(void) } return close(fd); } -# endif +# endif /* BLOCK_ON_DEV_RANDOM */ static int randombytes_sysrandom_random_dev_open(void) @@ -162,34 +177,34 @@ randombytes_sysrandom_random_dev_open(void) /* LCOV_EXCL_START */ struct stat st; static const char *devices[] = { -# ifndef USE_BLOCKING_RANDOM +# ifndef USE_BLOCKING_RANDOM "/dev/urandom", -# endif +# endif "/dev/random", NULL }; const char **device = devices; int fd; -# if defined(__linux__) && !defined(USE_BLOCKING_RANDOM) && !defined(NO_BLOCKING_RANDOM_POLL) +# ifdef BLOCK_ON_DEV_RANDOM if (randombytes_block_on_dev_random() != 0) { return -1; } -# endif +# endif do { fd = open(*device, O_RDONLY); if (fd != -1) { if (fstat(fd, &st) == 0 && -# ifdef __COMPCERT__ +# ifdef __COMPCERT__ 1 -# elif defined(S_ISNAM) +# elif defined(S_ISNAM) (S_ISNAM(st.st_mode) || S_ISCHR(st.st_mode)) -# else +# else S_ISCHR(st.st_mode) -# endif +# endif ) { -# if defined(F_SETFD) && defined(FD_CLOEXEC) +# if defined(F_SETFD) && defined(FD_CLOEXEC) (void) fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); -# endif +# endif return fd; } (void) close(fd); @@ -204,7 +219,7 @@ randombytes_sysrandom_random_dev_open(void) /* LCOV_EXCL_STOP */ } -# if defined(__dietlibc__) || (defined(SYS_getrandom) && defined(__NR_getrandom)) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM static int _randombytes_linux_getrandom(void * const buf, const size_t size) { @@ -212,11 +227,7 @@ _randombytes_linux_getrandom(void * const buf, const size_t size) assert(size <= 256U); do { -# ifdef __dietlibc__ readnb = getrandom(buf, size, 0); -# else - readnb = syscall(SYS_getrandom, buf, (int) size, 0); -# endif } while (readnb < 0 && (errno == EINTR || errno == EAGAIN)); return (readnb == (int) size) - 1; @@ -242,14 +253,14 @@ randombytes_linux_getrandom(void * const buf_, size_t size) return 0; } -# endif +# endif /* HAVE_LINUX_COMPATIBLE_GETRANDOM */ static void randombytes_sysrandom_init(void) { const int errno_save = errno; -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM { unsigned char fodder[16]; @@ -260,7 +271,7 @@ randombytes_sysrandom_init(void) } stream.getrandom_available = 0; } -# endif +# endif if ((stream.random_data_source_fd = randombytes_sysrandom_random_dev_open()) == -1) { @@ -269,13 +280,13 @@ randombytes_sysrandom_init(void) errno = errno_save; } -#else /* _WIN32 */ +# else /* _WIN32 */ static void randombytes_sysrandom_init(void) { } -#endif +# endif /* _WIN32 */ static void randombytes_sysrandom_stir(void) @@ -299,24 +310,24 @@ randombytes_sysrandom_close(void) { int ret = -1; -#ifndef _WIN32 +# ifndef _WIN32 if (stream.random_data_source_fd != -1 && close(stream.random_data_source_fd) == 0) { stream.random_data_source_fd = -1; stream.initialized = 0; ret = 0; } -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM if (stream.getrandom_available != 0) { ret = 0; } -# endif -#else /* _WIN32 */ +# endif +# else /* _WIN32 */ if (stream.initialized != 0) { stream.initialized = 0; ret = 0; } -#endif +# endif /* _WIN32 */ return ret; } @@ -324,26 +335,26 @@ static void randombytes_sysrandom_buf(void * const buf, const size_t size) { randombytes_sysrandom_stir_if_needed(); -#if defined(ULONG_LONG_MAX) && defined(SIZE_MAX) -# if SIZE_MAX > ULONG_LONG_MAX +# if defined(ULONG_LONG_MAX) && defined(SIZE_MAX) +# if SIZE_MAX > ULONG_LONG_MAX /* coverity[result_independent_of_operands] */ assert(size <= ULONG_LONG_MAX); +# endif # endif -#endif -#ifndef _WIN32 -# if defined(SYS_getrandom) && defined(__NR_getrandom) +# ifndef _WIN32 +# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM if (stream.getrandom_available != 0) { if (randombytes_linux_getrandom(buf, size) != 0) { sodium_misuse(); /* LCOV_EXCL_LINE */ } return; } -# endif +# endif if (stream.random_data_source_fd == -1 || safe_read(stream.random_data_source_fd, buf, size) != (ssize_t) size) { sodium_misuse(); /* LCOV_EXCL_LINE */ } -#else +# else /* _WIN32 */ COMPILER_ASSERT(randombytes_BYTES_MAX <= 0xffffffffUL); if (size > (size_t) 0xffffffffUL) { sodium_misuse(); /* LCOV_EXCL_LINE */ @@ -351,7 +362,7 @@ randombytes_sysrandom_buf(void * const buf, const size_t size) if (! RtlGenRandom((PVOID) buf, (ULONG) size)) { sodium_misuse(); /* LCOV_EXCL_LINE */ } -#endif +# endif /* _WIN32 */ } static uint32_t From c4f03ededb71073281529e47c78e91abffb323a3 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 30 Sep 2018 23:49:34 +0200 Subject: [PATCH 115/190] Add a dummy return value --- src/libsodium/crypto_pwhash/crypto_pwhash.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libsodium/crypto_pwhash/crypto_pwhash.c b/src/libsodium/crypto_pwhash/crypto_pwhash.c index 8168f962..a229b9f7 100644 --- a/src/libsodium/crypto_pwhash/crypto_pwhash.c +++ b/src/libsodium/crypto_pwhash/crypto_pwhash.c @@ -168,6 +168,7 @@ crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES], } sodium_misuse(); /* NOTREACHED */ + return -1; } int From 67b0b476d89b650ee66375591281b6e0dc07b30e Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 18 Oct 2018 13:22:37 +0200 Subject: [PATCH 116/190] Add incomplete nonnull attributes --- .../include/sodium/crypto_aead_aes256gcm.h | 26 ++++++++----- .../sodium/crypto_aead_chacha20poly1305.h | 26 ++++++++----- .../sodium/crypto_aead_xchacha20poly1305.h | 13 ++++--- src/libsodium/include/sodium/crypto_auth.h | 8 ++-- .../include/sodium/crypto_auth_hmacsha256.h | 14 ++++--- .../include/sodium/crypto_auth_hmacsha512.h | 13 ++++--- .../sodium/crypto_auth_hmacsha512256.h | 11 +++--- src/libsodium/include/sodium/crypto_box.h | 38 ++++++++++--------- .../crypto_box_curve25519xchacha20poly1305.h | 31 ++++++++------- .../crypto_box_curve25519xsalsa20poly1305.h | 17 +++++---- .../include/sodium/crypto_core_ed25519.h | 12 ++++-- .../include/sodium/crypto_core_hchacha20.h | 3 +- .../include/sodium/crypto_core_hsalsa20.h | 3 +- .../include/sodium/crypto_core_salsa20.h | 3 +- .../include/sodium/crypto_core_salsa2012.h | 3 +- .../include/sodium/crypto_core_salsa208.h | 3 +- .../include/sodium/crypto_generichash.h | 15 +++++--- .../sodium/crypto_generichash_blake2b.h | 20 ++++++---- src/libsodium/include/sodium/crypto_hash.h | 2 +- .../include/sodium/crypto_hash_sha256.h | 11 ++++-- .../include/sodium/crypto_hash_sha512.h | 11 ++++-- src/libsodium/include/sodium/crypto_kdf.h | 6 ++- .../include/sodium/crypto_kdf_blake2b.h | 4 +- src/libsodium/include/sodium/crypto_kx.h | 10 +++-- .../include/sodium/crypto_onetimeauth.h | 15 +++++--- .../sodium/crypto_onetimeauth_poly1305.h | 17 ++++++--- src/libsodium/include/sodium/crypto_pwhash.h | 10 ++--- .../include/sodium/crypto_pwhash_argon2i.h | 8 ++-- .../include/sodium/crypto_pwhash_argon2id.h | 8 ++-- .../crypto_pwhash_scryptsalsa208sha256.h | 10 ++--- .../include/sodium/crypto_scalarmult.h | 5 ++- .../sodium/crypto_scalarmult_curve25519.h | 6 ++- .../sodium/crypto_scalarmult_ed25519.h | 5 ++- .../include/sodium/crypto_secretbox.h | 16 ++++---- .../crypto_secretbox_xchacha20poly1305.h | 10 +++-- .../crypto_secretbox_xsalsa20poly1305.h | 8 ++-- .../crypto_secretstream_xchacha20poly1305.h | 15 +++++--- .../include/sodium/crypto_shorthash.h | 6 ++- .../sodium/crypto_shorthash_siphash24.h | 6 ++- src/libsodium/include/sodium/crypto_sign.h | 22 ++++++----- .../include/sodium/crypto_sign_ed25519.h | 36 +++++++++++------- .../crypto_sign_edwards25519sha512batch.h | 6 +-- src/libsodium/include/sodium/crypto_stream.h | 9 +++-- .../include/sodium/crypto_stream_chacha20.h | 24 ++++++++---- .../include/sodium/crypto_stream_salsa20.h | 12 ++++-- .../include/sodium/crypto_stream_salsa2012.h | 9 +++-- .../include/sodium/crypto_stream_salsa208.h | 6 +-- .../include/sodium/crypto_stream_xchacha20.h | 12 ++++-- .../include/sodium/crypto_stream_xsalsa20.h | 12 ++++-- .../include/sodium/crypto_verify_16.h | 2 +- .../include/sodium/crypto_verify_32.h | 2 +- .../include/sodium/crypto_verify_64.h | 2 +- src/libsodium/include/sodium/randombytes.h | 12 ++++-- src/libsodium/include/sodium/utils.h | 38 +++++++++++-------- 54 files changed, 398 insertions(+), 254 deletions(-) diff --git a/src/libsodium/include/sodium/crypto_aead_aes256gcm.h b/src/libsodium/include/sodium/crypto_aead_aes256gcm.h index 5e67aa99..752586cc 100644 --- a/src/libsodium/include/sodium/crypto_aead_aes256gcm.h +++ b/src/libsodium/include/sodium/crypto_aead_aes256gcm.h @@ -70,7 +70,8 @@ int crypto_aead_aes256gcm_encrypt(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 8, 9))); SODIUM_EXPORT int crypto_aead_aes256gcm_decrypt(unsigned char *m, @@ -82,7 +83,7 @@ int crypto_aead_aes256gcm_decrypt(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); SODIUM_EXPORT int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c, @@ -94,7 +95,8 @@ int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 2, 9, 10))); SODIUM_EXPORT int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m, @@ -106,13 +108,14 @@ int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); /* -- Precomputation interface -- */ SODIUM_EXPORT int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c, @@ -123,7 +126,8 @@ int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const crypto_aead_aes256gcm_state *ctx_); + const crypto_aead_aes256gcm_state *ctx_) + __attribute__ ((nonnull(1, 8, 9))); SODIUM_EXPORT int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, @@ -135,7 +139,7 @@ int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const crypto_aead_aes256gcm_state *ctx_) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); SODIUM_EXPORT int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c, @@ -147,7 +151,8 @@ int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const crypto_aead_aes256gcm_state *ctx_); + const crypto_aead_aes256gcm_state *ctx_) + __attribute__ ((nonnull(1, 2, 9, 10))); SODIUM_EXPORT int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m, @@ -159,10 +164,11 @@ int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const crypto_aead_aes256gcm_state *ctx_) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); SODIUM_EXPORT -void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]); +void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h b/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h index 8ab31243..5d671df1 100644 --- a/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h +++ b/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h @@ -45,7 +45,8 @@ int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 8, 9))); SODIUM_EXPORT int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m, @@ -57,7 +58,7 @@ int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); SODIUM_EXPORT int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c, @@ -69,7 +70,8 @@ int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 2, 9, 10))); SODIUM_EXPORT int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m, @@ -81,10 +83,11 @@ int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); SODIUM_EXPORT -void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]); +void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]) + __attribute__ ((nonnull)); /* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */ @@ -118,7 +121,8 @@ int crypto_aead_chacha20poly1305_encrypt(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 8, 9))); SODIUM_EXPORT int crypto_aead_chacha20poly1305_decrypt(unsigned char *m, @@ -130,7 +134,7 @@ int crypto_aead_chacha20poly1305_decrypt(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); SODIUM_EXPORT int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c, @@ -142,7 +146,8 @@ int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 2, 9, 10))); SODIUM_EXPORT int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m, @@ -154,10 +159,11 @@ int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9))); SODIUM_EXPORT -void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]); +void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]) + __attribute__ ((nonnull)); /* Aliases */ diff --git a/src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h b/src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h index 99692aae..a13b2247 100644 --- a/src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h +++ b/src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h @@ -41,7 +41,8 @@ int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 8, 9))); SODIUM_EXPORT int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m, @@ -53,7 +54,7 @@ int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9))); SODIUM_EXPORT int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c, @@ -65,7 +66,8 @@ int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c, unsigned long long adlen, const unsigned char *nsec, const unsigned char *npub, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull(1, 2, 9, 10))); SODIUM_EXPORT int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m, @@ -77,10 +79,11 @@ int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m, unsigned long long adlen, const unsigned char *npub, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 9, 9))); SODIUM_EXPORT -void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]); +void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]) + __attribute__ ((nonnull)); /* Aliases */ diff --git a/src/libsodium/include/sodium/crypto_auth.h b/src/libsodium/include/sodium/crypto_auth.h index 7174e7bc..d0fc8ee2 100644 --- a/src/libsodium/include/sodium/crypto_auth.h +++ b/src/libsodium/include/sodium/crypto_auth.h @@ -27,15 +27,17 @@ const char *crypto_auth_primitive(void); SODIUM_EXPORT int crypto_auth(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *k); + unsigned long long inlen, const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_auth_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES]); +void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_auth_hmacsha256.h b/src/libsodium/include/sodium/crypto_auth_hmacsha256.h index deec5266..aa4ecfd8 100644 --- a/src/libsodium/include/sodium/crypto_auth_hmacsha256.h +++ b/src/libsodium/include/sodium/crypto_auth_hmacsha256.h @@ -24,14 +24,14 @@ SODIUM_EXPORT int crypto_auth_hmacsha256(unsigned char *out, const unsigned char *in, unsigned long long inlen, - const unsigned char *k); + const unsigned char *k) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_auth_hmacsha256_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); /* ------------------------------------------------------------------------- */ @@ -46,20 +46,22 @@ size_t crypto_auth_hmacsha256_statebytes(void); SODIUM_EXPORT int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state, const unsigned char *key, - size_t keylen); + size_t keylen) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state, - unsigned char *out); + unsigned char *out) __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES]); +void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_auth_hmacsha512.h b/src/libsodium/include/sodium/crypto_auth_hmacsha512.h index 77a55fbc..c5012583 100644 --- a/src/libsodium/include/sodium/crypto_auth_hmacsha512.h +++ b/src/libsodium/include/sodium/crypto_auth_hmacsha512.h @@ -24,14 +24,14 @@ SODIUM_EXPORT int crypto_auth_hmacsha512(unsigned char *out, const unsigned char *in, unsigned long long inlen, - const unsigned char *k); + const unsigned char *k) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_auth_hmacsha512_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); /* ------------------------------------------------------------------------- */ @@ -46,19 +46,20 @@ size_t crypto_auth_hmacsha512_statebytes(void); SODIUM_EXPORT int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state, const unsigned char *key, - size_t keylen); + size_t keylen) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state, - unsigned char *out); + unsigned char *out) __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES]); +void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h b/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h index 4842f3de..0f266104 100644 --- a/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h +++ b/src/libsodium/include/sodium/crypto_auth_hmacsha512256.h @@ -29,7 +29,7 @@ int crypto_auth_hmacsha512256_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); /* ------------------------------------------------------------------------- */ @@ -41,19 +41,20 @@ size_t crypto_auth_hmacsha512256_statebytes(void); SODIUM_EXPORT int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state, const unsigned char *key, - size_t keylen); + size_t keylen) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state, - unsigned char *out); + unsigned char *out) __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]); +void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_box.h b/src/libsodium/include/sodium/crypto_box.h index 99ee19a8..f6fe3ccb 100644 --- a/src/libsodium/include/sodium/crypto_box.h +++ b/src/libsodium/include/sodium/crypto_box.h @@ -50,29 +50,31 @@ const char *crypto_box_primitive(void); SODIUM_EXPORT int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk, - const unsigned char *seed); + const unsigned char *seed) + __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_box_keypair(unsigned char *pk, unsigned char *sk); +int crypto_box_keypair(unsigned char *pk, unsigned char *sk) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_easy(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_open_easy(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6))); SODIUM_EXPORT int crypto_box_detached(unsigned char *c, unsigned char *mac, const unsigned char *m, unsigned long long mlen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_open_detached(unsigned char *m, const unsigned char *c, @@ -81,7 +83,7 @@ int crypto_box_open_detached(unsigned char *m, const unsigned char *c, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7))); /* -- Precomputation interface -- */ @@ -92,30 +94,31 @@ size_t crypto_box_beforenmbytes(void); SODIUM_EXPORT int crypto_box_beforenm(unsigned char *k, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_easy_afternm(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); SODIUM_EXPORT int crypto_box_detached_afternm(unsigned char *c, unsigned char *mac, const unsigned char *m, unsigned long long mlen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c, const unsigned char *mac, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6))); /* -- Ephemeral SK interface -- */ @@ -125,13 +128,14 @@ size_t crypto_box_sealbytes(void); SODIUM_EXPORT int crypto_box_seal(unsigned char *c, const unsigned char *m, - unsigned long long mlen, const unsigned char *pk); + unsigned long long mlen, const unsigned char *pk) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_seal_open(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); /* -- NaCl compatibility interface ; Requires padding -- */ @@ -147,24 +151,24 @@ SODIUM_EXPORT int crypto_box(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_open(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6))); SODIUM_EXPORT int crypto_box_afternm(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_open_afternm(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h b/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h index c1cf7566..0d3937a7 100644 --- a/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h +++ b/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h @@ -45,11 +45,13 @@ size_t crypto_box_curve25519xchacha20poly1305_messagebytes_max(void); SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_seed_keypair(unsigned char *pk, unsigned char *sk, - const unsigned char *seed); + const unsigned char *seed) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_keypair(unsigned char *pk, - unsigned char *sk); + unsigned char *sk) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c, @@ -58,7 +60,7 @@ int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m, @@ -67,7 +69,7 @@ int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6))); SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c, @@ -77,7 +79,7 @@ int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m, @@ -87,7 +89,7 @@ int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7))); /* -- Precomputation interface -- */ @@ -95,14 +97,15 @@ SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_beforenm(unsigned char *k, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m, @@ -110,7 +113,7 @@ int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c, @@ -118,7 +121,8 @@ int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *m, @@ -127,7 +131,7 @@ int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char * unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6))); /* -- Ephemeral SK interface -- */ @@ -142,7 +146,8 @@ SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c, const unsigned char *m, unsigned long long mlen, - const unsigned char *pk); + const unsigned char *pk) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m, @@ -150,7 +155,7 @@ int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m, unsigned long long clen, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h b/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h index c5b15f42..f889430c 100644 --- a/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h +++ b/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h @@ -45,17 +45,19 @@ size_t crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void); SODIUM_EXPORT int crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk, unsigned char *sk, - const unsigned char *seed); + const unsigned char *seed) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk, - unsigned char *sk); + unsigned char *sk) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); /* -- NaCl compatibility interface ; Requires padding -- */ @@ -76,7 +78,7 @@ int crypto_box_curve25519xsalsa20poly1305(unsigned char *c, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m, @@ -85,14 +87,15 @@ int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m, const unsigned char *n, const unsigned char *pk, const unsigned char *sk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6))); SODIUM_EXPORT int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m, @@ -100,7 +103,7 @@ int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_core_ed25519.h b/src/libsodium/include/sodium/crypto_core_ed25519.h index 1536294b..ed25f66b 100644 --- a/src/libsodium/include/sodium/crypto_core_ed25519.h +++ b/src/libsodium/include/sodium/crypto_core_ed25519.h @@ -17,18 +17,22 @@ SODIUM_EXPORT size_t crypto_core_ed25519_uniformbytes(void); SODIUM_EXPORT -int crypto_core_ed25519_is_valid_point(const unsigned char *p); +int crypto_core_ed25519_is_valid_point(const unsigned char *p) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_core_ed25519_add(unsigned char *r, - const unsigned char *p, const unsigned char *q); + const unsigned char *p, const unsigned char *q) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_core_ed25519_sub(unsigned char *r, - const unsigned char *p, const unsigned char *q); + const unsigned char *p, const unsigned char *q) + __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r); +int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_core_hchacha20.h b/src/libsodium/include/sodium/crypto_core_hchacha20.h index 05e5670c..ece141b0 100644 --- a/src/libsodium/include/sodium/crypto_core_hchacha20.h +++ b/src/libsodium/include/sodium/crypto_core_hchacha20.h @@ -26,7 +26,8 @@ size_t crypto_core_hchacha20_constbytes(void); SODIUM_EXPORT int crypto_core_hchacha20(unsigned char *out, const unsigned char *in, - const unsigned char *k, const unsigned char *c); + const unsigned char *k, const unsigned char *c) + __attribute__ ((nonnull(1, 2, 3))); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_core_hsalsa20.h b/src/libsodium/include/sodium/crypto_core_hsalsa20.h index 82e475b8..4bf7a487 100644 --- a/src/libsodium/include/sodium/crypto_core_hsalsa20.h +++ b/src/libsodium/include/sodium/crypto_core_hsalsa20.h @@ -26,7 +26,8 @@ size_t crypto_core_hsalsa20_constbytes(void); SODIUM_EXPORT int crypto_core_hsalsa20(unsigned char *out, const unsigned char *in, - const unsigned char *k, const unsigned char *c); + const unsigned char *k, const unsigned char *c) + __attribute__ ((nonnull(1, 2, 3))); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_core_salsa20.h b/src/libsodium/include/sodium/crypto_core_salsa20.h index 160cc56d..bd79fd9f 100644 --- a/src/libsodium/include/sodium/crypto_core_salsa20.h +++ b/src/libsodium/include/sodium/crypto_core_salsa20.h @@ -26,7 +26,8 @@ size_t crypto_core_salsa20_constbytes(void); SODIUM_EXPORT int crypto_core_salsa20(unsigned char *out, const unsigned char *in, - const unsigned char *k, const unsigned char *c); + const unsigned char *k, const unsigned char *c) + __attribute__ ((nonnull(1, 2, 3))); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_core_salsa2012.h b/src/libsodium/include/sodium/crypto_core_salsa2012.h index bdd5f9fd..05957591 100644 --- a/src/libsodium/include/sodium/crypto_core_salsa2012.h +++ b/src/libsodium/include/sodium/crypto_core_salsa2012.h @@ -26,7 +26,8 @@ size_t crypto_core_salsa2012_constbytes(void); SODIUM_EXPORT int crypto_core_salsa2012(unsigned char *out, const unsigned char *in, - const unsigned char *k, const unsigned char *c); + const unsigned char *k, const unsigned char *c) + __attribute__ ((nonnull(1, 2, 3))); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_core_salsa208.h b/src/libsodium/include/sodium/crypto_core_salsa208.h index 876bda89..d2f216af 100644 --- a/src/libsodium/include/sodium/crypto_core_salsa208.h +++ b/src/libsodium/include/sodium/crypto_core_salsa208.h @@ -30,7 +30,8 @@ size_t crypto_core_salsa208_constbytes(void) SODIUM_EXPORT int crypto_core_salsa208(unsigned char *out, const unsigned char *in, - const unsigned char *k, const unsigned char *c); + const unsigned char *k, const unsigned char *c) + __attribute__ ((nonnull(1, 2, 3))); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_generichash.h b/src/libsodium/include/sodium/crypto_generichash.h index a5e1646f..c255dc71 100644 --- a/src/libsodium/include/sodium/crypto_generichash.h +++ b/src/libsodium/include/sodium/crypto_generichash.h @@ -53,24 +53,29 @@ size_t crypto_generichash_statebytes(void); SODIUM_EXPORT int crypto_generichash(unsigned char *out, size_t outlen, const unsigned char *in, unsigned long long inlen, - const unsigned char *key, size_t keylen); + const unsigned char *key, size_t keylen) + __attribute__ ((nonnull(1))); SODIUM_EXPORT int crypto_generichash_init(crypto_generichash_state *state, const unsigned char *key, - const size_t keylen, const size_t outlen); + const size_t keylen, const size_t outlen) + __attribute__ ((nonnull(1))); SODIUM_EXPORT int crypto_generichash_update(crypto_generichash_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_generichash_final(crypto_generichash_state *state, - unsigned char *out, const size_t outlen); + unsigned char *out, const size_t outlen) + __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]); +void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_generichash_blake2b.h b/src/libsodium/include/sodium/crypto_generichash_blake2b.h index 9326a04a..f1110a4d 100644 --- a/src/libsodium/include/sodium/crypto_generichash_blake2b.h +++ b/src/libsodium/include/sodium/crypto_generichash_blake2b.h @@ -74,7 +74,8 @@ SODIUM_EXPORT int crypto_generichash_blake2b(unsigned char *out, size_t outlen, const unsigned char *in, unsigned long long inlen, - const unsigned char *key, size_t keylen); + const unsigned char *key, size_t keylen) + __attribute__ ((nonnull(1))); SODIUM_EXPORT int crypto_generichash_blake2b_salt_personal(unsigned char *out, size_t outlen, @@ -83,32 +84,37 @@ int crypto_generichash_blake2b_salt_personal(unsigned char *out, size_t outlen, const unsigned char *key, size_t keylen, const unsigned char *salt, - const unsigned char *personal); + const unsigned char *personal) + __attribute__ ((nonnull(1))); SODIUM_EXPORT int crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state, const unsigned char *key, - const size_t keylen, const size_t outlen); + const size_t keylen, const size_t outlen) + __attribute__ ((nonnull(1))); SODIUM_EXPORT int crypto_generichash_blake2b_init_salt_personal(crypto_generichash_blake2b_state *state, const unsigned char *key, const size_t keylen, const size_t outlen, const unsigned char *salt, - const unsigned char *personal); + const unsigned char *personal) + __attribute__ ((nonnull(1))); SODIUM_EXPORT int crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state, unsigned char *out, - const size_t outlen); + const size_t outlen) __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES]); +void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_hash.h b/src/libsodium/include/sodium/crypto_hash.h index 302ed5c5..4b16c477 100644 --- a/src/libsodium/include/sodium/crypto_hash.h +++ b/src/libsodium/include/sodium/crypto_hash.h @@ -26,7 +26,7 @@ size_t crypto_hash_bytes(void); SODIUM_EXPORT int crypto_hash(unsigned char *out, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) __attribute__ ((nonnull)); #define crypto_hash_PRIMITIVE "sha512" SODIUM_EXPORT diff --git a/src/libsodium/include/sodium/crypto_hash_sha256.h b/src/libsodium/include/sodium/crypto_hash_sha256.h index f64d16e0..306f1e93 100644 --- a/src/libsodium/include/sodium/crypto_hash_sha256.h +++ b/src/libsodium/include/sodium/crypto_hash_sha256.h @@ -36,19 +36,22 @@ size_t crypto_hash_sha256_bytes(void); SODIUM_EXPORT int crypto_hash_sha256(unsigned char *out, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_hash_sha256_init(crypto_hash_sha256_state *state); +int crypto_hash_sha256_init(crypto_hash_sha256_state *state) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_hash_sha256_update(crypto_hash_sha256_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_hash_sha256_final(crypto_hash_sha256_state *state, - unsigned char *out); + unsigned char *out) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_hash_sha512.h b/src/libsodium/include/sodium/crypto_hash_sha512.h index 6b0330f1..7fb830c6 100644 --- a/src/libsodium/include/sodium/crypto_hash_sha512.h +++ b/src/libsodium/include/sodium/crypto_hash_sha512.h @@ -36,19 +36,22 @@ size_t crypto_hash_sha512_bytes(void); SODIUM_EXPORT int crypto_hash_sha512(unsigned char *out, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_hash_sha512_init(crypto_hash_sha512_state *state); +int crypto_hash_sha512_init(crypto_hash_sha512_state *state) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_hash_sha512_update(crypto_hash_sha512_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_hash_sha512_final(crypto_hash_sha512_state *state, - unsigned char *out); + unsigned char *out) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_kdf.h b/src/libsodium/include/sodium/crypto_kdf.h index 52e496a7..ac2fc618 100644 --- a/src/libsodium/include/sodium/crypto_kdf.h +++ b/src/libsodium/include/sodium/crypto_kdf.h @@ -39,10 +39,12 @@ SODIUM_EXPORT int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len, uint64_t subkey_id, const char ctx[crypto_kdf_CONTEXTBYTES], - const unsigned char key[crypto_kdf_KEYBYTES]); + const unsigned char key[crypto_kdf_KEYBYTES]) + __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES]); +void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_kdf_blake2b.h b/src/libsodium/include/sodium/crypto_kdf_blake2b.h index 5480ebe8..3ae47dd3 100644 --- a/src/libsodium/include/sodium/crypto_kdf_blake2b.h +++ b/src/libsodium/include/sodium/crypto_kdf_blake2b.h @@ -34,7 +34,9 @@ SODIUM_EXPORT int crypto_kdf_blake2b_derive_from_key(unsigned char *subkey, size_t subkey_len, uint64_t subkey_id, const char ctx[crypto_kdf_blake2b_CONTEXTBYTES], - const unsigned char key[crypto_kdf_blake2b_KEYBYTES]); + const unsigned char key[crypto_kdf_blake2b_KEYBYTES]) + __attribute__ ((nonnull)); + #ifdef __cplusplus } #endif diff --git a/src/libsodium/include/sodium/crypto_kx.h b/src/libsodium/include/sodium/crypto_kx.h index d1fce90d..347132c3 100644 --- a/src/libsodium/include/sodium/crypto_kx.h +++ b/src/libsodium/include/sodium/crypto_kx.h @@ -35,11 +35,13 @@ const char *crypto_kx_primitive(void); SODIUM_EXPORT int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], unsigned char sk[crypto_kx_SECRETKEYBYTES], - const unsigned char seed[crypto_kx_SEEDBYTES]); + const unsigned char seed[crypto_kx_SEEDBYTES]) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], - unsigned char sk[crypto_kx_SECRETKEYBYTES]); + unsigned char sk[crypto_kx_SECRETKEYBYTES]) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], @@ -47,7 +49,7 @@ int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES], const unsigned char client_sk[crypto_kx_SECRETKEYBYTES], const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES]) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); SODIUM_EXPORT int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], @@ -55,7 +57,7 @@ int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES], const unsigned char server_sk[crypto_kx_SECRETKEYBYTES], const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES]) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_onetimeauth.h b/src/libsodium/include/sodium/crypto_onetimeauth.h index 5951c5b8..803dbac8 100644 --- a/src/libsodium/include/sodium/crypto_onetimeauth.h +++ b/src/libsodium/include/sodium/crypto_onetimeauth.h @@ -32,28 +32,31 @@ const char *crypto_onetimeauth_primitive(void); SODIUM_EXPORT int crypto_onetimeauth(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *k); + unsigned long long inlen, const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_onetimeauth_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_onetimeauth_init(crypto_onetimeauth_state *state, - const unsigned char *key); + const unsigned char *key) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_onetimeauth_update(crypto_onetimeauth_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_onetimeauth_final(crypto_onetimeauth_state *state, - unsigned char *out); + unsigned char *out) __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES]); +void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h b/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h index 4b89c4f0..516f7db3 100644 --- a/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h +++ b/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h @@ -35,30 +35,35 @@ SODIUM_EXPORT int crypto_onetimeauth_poly1305(unsigned char *out, const unsigned char *in, unsigned long long inlen, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_onetimeauth_poly1305_verify(const unsigned char *h, const unsigned char *in, unsigned long long inlen, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state, - const unsigned char *key); + const unsigned char *key) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state, const unsigned char *in, - unsigned long long inlen); + unsigned long long inlen) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state, - unsigned char *out); + unsigned char *out) + __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES]); +void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_pwhash.h b/src/libsodium/include/sodium/crypto_pwhash.h index 2c76461f..585a993e 100644 --- a/src/libsodium/include/sodium/crypto_pwhash.h +++ b/src/libsodium/include/sodium/crypto_pwhash.h @@ -105,7 +105,7 @@ int crypto_pwhash(unsigned char * const out, unsigned long long outlen, const char * const passwd, unsigned long long passwdlen, const unsigned char * const salt, unsigned long long opslimit, size_t memlimit, int alg) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); /* * The output string already includes all the required parameters, including @@ -116,24 +116,24 @@ SODIUM_EXPORT int crypto_pwhash_str(char out[crypto_pwhash_STRBYTES], const char * const passwd, unsigned long long passwdlen, unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES], const char * const passwd, unsigned long long passwdlen, unsigned long long opslimit, size_t memlimit, int alg) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_str_verify(const char str[crypto_pwhash_STRBYTES], const char * const passwd, unsigned long long passwdlen) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_str_needs_rehash(const char str[crypto_pwhash_STRBYTES], unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #define crypto_pwhash_PRIMITIVE "argon2i" SODIUM_EXPORT diff --git a/src/libsodium/include/sodium/crypto_pwhash_argon2i.h b/src/libsodium/include/sodium/crypto_pwhash_argon2i.h index 8e4c1c35..88ff6221 100644 --- a/src/libsodium/include/sodium/crypto_pwhash_argon2i.h +++ b/src/libsodium/include/sodium/crypto_pwhash_argon2i.h @@ -95,25 +95,25 @@ int crypto_pwhash_argon2i(unsigned char * const out, const unsigned char * const salt, unsigned long long opslimit, size_t memlimit, int alg) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES], const char * const passwd, unsigned long long passwdlen, unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES], const char * const passwd, unsigned long long passwdlen) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_argon2i_str_needs_rehash(const char str[crypto_pwhash_argon2i_STRBYTES], unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_pwhash_argon2id.h b/src/libsodium/include/sodium/crypto_pwhash_argon2id.h index 51b17aa8..7183abd1 100644 --- a/src/libsodium/include/sodium/crypto_pwhash_argon2id.h +++ b/src/libsodium/include/sodium/crypto_pwhash_argon2id.h @@ -95,25 +95,25 @@ int crypto_pwhash_argon2id(unsigned char * const out, const unsigned char * const salt, unsigned long long opslimit, size_t memlimit, int alg) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES], const char * const passwd, unsigned long long passwdlen, unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_argon2id_str_verify(const char str[crypto_pwhash_argon2id_STRBYTES], const char * const passwd, unsigned long long passwdlen) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_argon2id_str_needs_rehash(const char str[crypto_pwhash_argon2id_STRBYTES], unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h b/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h index 951b87b9..5c0bf7d3 100644 --- a/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h +++ b/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h @@ -84,7 +84,7 @@ int crypto_pwhash_scryptsalsa208sha256(unsigned char * const out, const unsigned char * const salt, unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES], @@ -92,26 +92,26 @@ int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208 unsigned long long passwdlen, unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES], const char * const passwd, unsigned long long passwdlen) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, size_t saltlen, uint64_t N, uint32_t r, uint32_t p, uint8_t * buf, size_t buflen) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_pwhash_scryptsalsa208sha256_str_needs_rehash(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES], unsigned long long opslimit, size_t memlimit) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_scalarmult.h b/src/libsodium/include/sodium/crypto_scalarmult.h index f7fa6f8f..01a8e3ea 100644 --- a/src/libsodium/include/sodium/crypto_scalarmult.h +++ b/src/libsodium/include/sodium/crypto_scalarmult.h @@ -23,7 +23,8 @@ SODIUM_EXPORT const char *crypto_scalarmult_primitive(void); SODIUM_EXPORT -int crypto_scalarmult_base(unsigned char *q, const unsigned char *n); +int crypto_scalarmult_base(unsigned char *q, const unsigned char *n) + __attribute__ ((nonnull)); /* * NOTE: Do not use the result of this function directly. @@ -36,7 +37,7 @@ int crypto_scalarmult_base(unsigned char *q, const unsigned char *n); SODIUM_EXPORT int crypto_scalarmult(unsigned char *q, const unsigned char *n, const unsigned char *p) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h b/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h index ae85eadc..e5605cb2 100644 --- a/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h +++ b/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h @@ -28,10 +28,12 @@ size_t crypto_scalarmult_curve25519_scalarbytes(void); SODIUM_EXPORT int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n, const unsigned char *p) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_scalarmult_curve25519_base(unsigned char *q, const unsigned char *n); +int crypto_scalarmult_curve25519_base(unsigned char *q, + const unsigned char *n) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h b/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h index 3d512351..39e0d92c 100644 --- a/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h +++ b/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h @@ -29,10 +29,11 @@ size_t crypto_scalarmult_ed25519_scalarbytes(void); SODIUM_EXPORT int crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, const unsigned char *p) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n); +int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_secretbox.h b/src/libsodium/include/sodium/crypto_secretbox.h index 55e94a02..eae44877 100644 --- a/src/libsodium/include/sodium/crypto_secretbox.h +++ b/src/libsodium/include/sodium/crypto_secretbox.h @@ -36,20 +36,21 @@ size_t crypto_secretbox_messagebytes_max(void); SODIUM_EXPORT int crypto_secretbox_easy(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); SODIUM_EXPORT int crypto_secretbox_detached(unsigned char *c, unsigned char *mac, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_secretbox_open_detached(unsigned char *m, @@ -58,10 +59,11 @@ int crypto_secretbox_open_detached(unsigned char *m, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6))); SODIUM_EXPORT -void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES]); +void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES]) + __attribute__ ((nonnull)); /* -- NaCl compatibility interface ; Requires padding -- */ @@ -76,13 +78,13 @@ size_t crypto_secretbox_boxzerobytes(void); SODIUM_EXPORT int crypto_secretbox(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_secretbox_open(unsigned char *m, const unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h b/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h index 2919da16..e7948f2c 100644 --- a/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h +++ b/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h @@ -34,7 +34,8 @@ int crypto_secretbox_xchacha20poly1305_easy(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_secretbox_xchacha20poly1305_open_easy(unsigned char *m, @@ -42,7 +43,7 @@ int crypto_secretbox_xchacha20poly1305_open_easy(unsigned char *m, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); SODIUM_EXPORT int crypto_secretbox_xchacha20poly1305_detached(unsigned char *c, @@ -50,7 +51,8 @@ int crypto_secretbox_xchacha20poly1305_detached(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m, @@ -59,7 +61,7 @@ int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6))); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h b/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h index 4b8c7c8e..1c72d6c0 100644 --- a/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h +++ b/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h @@ -35,7 +35,8 @@ int crypto_secretbox_xsalsa20poly1305(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_secretbox_xsalsa20poly1305_open(unsigned char *m, @@ -43,10 +44,11 @@ int crypto_secretbox_xsalsa20poly1305_open(unsigned char *m, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); SODIUM_EXPORT -void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES]); +void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES]) + __attribute__ ((nonnull)); /* -- NaCl compatibility interface ; Requires padding -- */ diff --git a/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h b/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h index dac273b5..b22e4e93 100644 --- a/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h +++ b/src/libsodium/include/sodium/crypto_secretstream_xchacha20poly1305.h @@ -64,33 +64,38 @@ size_t crypto_secretstream_xchacha20poly1305_statebytes(void); SODIUM_EXPORT void crypto_secretstream_xchacha20poly1305_keygen - (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]); + (unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_secretstream_xchacha20poly1305_init_push (crypto_secretstream_xchacha20poly1305_state *state, unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES], - const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]); + const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_secretstream_xchacha20poly1305_push (crypto_secretstream_xchacha20poly1305_state *state, unsigned char *c, unsigned long long *clen_p, const unsigned char *m, unsigned long long mlen, - const unsigned char *ad, unsigned long long adlen, unsigned char tag); + const unsigned char *ad, unsigned long long adlen, unsigned char tag) + __attribute__ ((nonnull(1))); SODIUM_EXPORT int crypto_secretstream_xchacha20poly1305_init_pull (crypto_secretstream_xchacha20poly1305_state *state, const unsigned char header[crypto_secretstream_xchacha20poly1305_HEADERBYTES], - const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]); + const unsigned char k[crypto_secretstream_xchacha20poly1305_KEYBYTES]) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_secretstream_xchacha20poly1305_pull (crypto_secretstream_xchacha20poly1305_state *state, unsigned char *m, unsigned long long *mlen_p, unsigned char *tag_p, const unsigned char *c, unsigned long long clen, - const unsigned char *ad, unsigned long long adlen); + const unsigned char *ad, unsigned long long adlen) + __attribute__ ((nonnull(1))); SODIUM_EXPORT void crypto_secretstream_xchacha20poly1305_rekey diff --git a/src/libsodium/include/sodium/crypto_shorthash.h b/src/libsodium/include/sodium/crypto_shorthash.h index a4988082..dc8b2480 100644 --- a/src/libsodium/include/sodium/crypto_shorthash.h +++ b/src/libsodium/include/sodium/crypto_shorthash.h @@ -27,10 +27,12 @@ const char *crypto_shorthash_primitive(void); SODIUM_EXPORT int crypto_shorthash(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *k); + unsigned long long inlen, const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES]); +void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_shorthash_siphash24.h b/src/libsodium/include/sodium/crypto_shorthash_siphash24.h index 745ed48f..912e9d8c 100644 --- a/src/libsodium/include/sodium/crypto_shorthash_siphash24.h +++ b/src/libsodium/include/sodium/crypto_shorthash_siphash24.h @@ -23,7 +23,8 @@ size_t crypto_shorthash_siphash24_keybytes(void); SODIUM_EXPORT int crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *k); + unsigned long long inlen, const unsigned char *k) + __attribute__ ((nonnull)); #ifndef SODIUM_LIBRARY_MINIMAL /* -- 128-bit output -- */ @@ -38,7 +39,8 @@ size_t crypto_shorthash_siphashx24_keybytes(void); SODIUM_EXPORT int crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *k); + unsigned long long inlen, const unsigned char *k) + __attribute__ ((nonnull)); #endif #ifdef __cplusplus diff --git a/src/libsodium/include/sodium/crypto_sign.h b/src/libsodium/include/sodium/crypto_sign.h index 85aff0c9..9d4b17e4 100644 --- a/src/libsodium/include/sodium/crypto_sign.h +++ b/src/libsodium/include/sodium/crypto_sign.h @@ -51,50 +51,54 @@ const char *crypto_sign_primitive(void); SODIUM_EXPORT int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk, - const unsigned char *seed); + const unsigned char *seed) + __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_sign_keypair(unsigned char *pk, unsigned char *sk); +int crypto_sign_keypair(unsigned char *pk, unsigned char *sk) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_sign(unsigned char *sm, unsigned long long *smlen_p, const unsigned char *m, unsigned long long mlen, - const unsigned char *sk); + const unsigned char *sk) __attribute__ ((nonnull(1, 3, 5))); SODIUM_EXPORT int crypto_sign_open(unsigned char *m, unsigned long long *mlen_p, const unsigned char *sm, unsigned long long smlen, const unsigned char *pk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5))); SODIUM_EXPORT int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen_p, const unsigned char *m, unsigned long long mlen, - const unsigned char *sk); + const unsigned char *sk) __attribute__ ((nonnull(1, 3, 5))); SODIUM_EXPORT int crypto_sign_verify_detached(const unsigned char *sig, const unsigned char *m, unsigned long long mlen, const unsigned char *pk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_sign_init(crypto_sign_state *state); SODIUM_EXPORT int crypto_sign_update(crypto_sign_state *state, - const unsigned char *m, unsigned long long mlen); + const unsigned char *m, unsigned long long mlen) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig, unsigned long long *siglen_p, - const unsigned char *sk); + const unsigned char *sk) + __attribute__ ((nonnull(1, 2, 4))); SODIUM_EXPORT int crypto_sign_final_verify(crypto_sign_state *state, unsigned char *sig, const unsigned char *pk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_sign_ed25519.h b/src/libsodium/include/sodium/crypto_sign_ed25519.h index 38d2b9dd..ddbe8586 100644 --- a/src/libsodium/include/sodium/crypto_sign_ed25519.h +++ b/src/libsodium/include/sodium/crypto_sign_ed25519.h @@ -42,20 +42,22 @@ size_t crypto_sign_ed25519_messagebytes_max(void); SODIUM_EXPORT int crypto_sign_ed25519(unsigned char *sm, unsigned long long *smlen_p, const unsigned char *m, unsigned long long mlen, - const unsigned char *sk); + const unsigned char *sk) + __attribute__ ((nonnull(1, 3, 5))); SODIUM_EXPORT int crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p, const unsigned char *sm, unsigned long long smlen, const unsigned char *pk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5))); SODIUM_EXPORT int crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p, const unsigned char *m, unsigned long long mlen, - const unsigned char *sk); + const unsigned char *sk) + __attribute__ ((nonnull(1, 3))); SODIUM_EXPORT int crypto_sign_ed25519_verify_detached(const unsigned char *sig, @@ -65,47 +67,55 @@ int crypto_sign_ed25519_verify_detached(const unsigned char *sig, __attribute__ ((warn_unused_result)); SODIUM_EXPORT -int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk); +int crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk, - const unsigned char *seed); + const unsigned char *seed) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk, const unsigned char *ed25519_pk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk, - const unsigned char *ed25519_sk); + const unsigned char *ed25519_sk) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_sign_ed25519_sk_to_seed(unsigned char *seed, - const unsigned char *sk); + const unsigned char *sk) + __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk); +int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk) + __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state); +int crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_sign_ed25519ph_update(crypto_sign_ed25519ph_state *state, const unsigned char *m, - unsigned long long mlen); + unsigned long long mlen) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state, unsigned char *sig, unsigned long long *siglen_p, - const unsigned char *sk); + const unsigned char *sk) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state, unsigned char *sig, const unsigned char *pk) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h b/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h index 4bb91924..e69339a4 100644 --- a/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h +++ b/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h @@ -33,7 +33,7 @@ int crypto_sign_edwards25519sha512batch(unsigned char *sm, const unsigned char *m, unsigned long long mlen, const unsigned char *sk) - __attribute__ ((deprecated)); + __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 3, 5))); SODIUM_EXPORT int crypto_sign_edwards25519sha512batch_open(unsigned char *m, @@ -41,12 +41,12 @@ int crypto_sign_edwards25519sha512batch_open(unsigned char *m, const unsigned char *sm, unsigned long long smlen, const unsigned char *pk) - __attribute__ ((deprecated)); + __attribute__ ((deprecated)) __attribute__ ((nonnull(3, 5))); SODIUM_EXPORT int crypto_sign_edwards25519sha512batch_keypair(unsigned char *pk, unsigned char *sk) - __attribute__ ((deprecated)); + __attribute__ ((deprecated)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_stream.h b/src/libsodium/include/sodium/crypto_stream.h index d288f0b6..88dab5f6 100644 --- a/src/libsodium/include/sodium/crypto_stream.h +++ b/src/libsodium/include/sodium/crypto_stream.h @@ -39,15 +39,18 @@ const char *crypto_stream_primitive(void); SODIUM_EXPORT int crypto_stream(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES]); +void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_stream_chacha20.h b/src/libsodium/include/sodium/crypto_stream_chacha20.h index d3e2b234..40889755 100644 --- a/src/libsodium/include/sodium/crypto_stream_chacha20.h +++ b/src/libsodium/include/sodium/crypto_stream_chacha20.h @@ -36,21 +36,25 @@ size_t crypto_stream_chacha20_messagebytes_max(void); SODIUM_EXPORT int crypto_stream_chacha20(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES]); +void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES]) + __attribute__ ((nonnull)); /* ChaCha20 with a 96-bit nonce and a 32-bit counter (IETF) */ @@ -69,21 +73,25 @@ size_t crypto_stream_chacha20_ietf_messagebytes_max(void); SODIUM_EXPORT int crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint32_t ic, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]); +void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]) + __attribute__ ((nonnull)); /* Aliases */ diff --git a/src/libsodium/include/sodium/crypto_stream_salsa20.h b/src/libsodium/include/sodium/crypto_stream_salsa20.h index 0c7688c7..45b3b3e3 100644 --- a/src/libsodium/include/sodium/crypto_stream_salsa20.h +++ b/src/libsodium/include/sodium/crypto_stream_salsa20.h @@ -34,21 +34,25 @@ size_t crypto_stream_salsa20_messagebytes_max(void); SODIUM_EXPORT int crypto_stream_salsa20(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES]); +void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_stream_salsa2012.h b/src/libsodium/include/sodium/crypto_stream_salsa2012.h index c93d1c81..6c5d303c 100644 --- a/src/libsodium/include/sodium/crypto_stream_salsa2012.h +++ b/src/libsodium/include/sodium/crypto_stream_salsa2012.h @@ -33,15 +33,18 @@ size_t crypto_stream_salsa2012_messagebytes_max(void); SODIUM_EXPORT int crypto_stream_salsa2012(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_salsa2012_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES]); +void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_stream_salsa208.h b/src/libsodium/include/sodium/crypto_stream_salsa208.h index 653f6504..d574f304 100644 --- a/src/libsodium/include/sodium/crypto_stream_salsa208.h +++ b/src/libsodium/include/sodium/crypto_stream_salsa208.h @@ -37,17 +37,17 @@ size_t crypto_stream_salsa208_messagebytes_max(void) SODIUM_EXPORT int crypto_stream_salsa208(unsigned char *c, unsigned long long clen, const unsigned char *n, const unsigned char *k) - __attribute__ ((deprecated)); + __attribute__ ((deprecated)) __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_salsa208_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, const unsigned char *k) - __attribute__ ((deprecated)); + __attribute__ ((deprecated)) __attribute__ ((nonnull)); SODIUM_EXPORT void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES]) - __attribute__ ((deprecated)); + __attribute__ ((deprecated)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_stream_xchacha20.h b/src/libsodium/include/sodium/crypto_stream_xchacha20.h index cf0407ff..c4002db0 100644 --- a/src/libsodium/include/sodium/crypto_stream_xchacha20.h +++ b/src/libsodium/include/sodium/crypto_stream_xchacha20.h @@ -34,21 +34,25 @@ size_t crypto_stream_xchacha20_messagebytes_max(void); SODIUM_EXPORT int crypto_stream_xchacha20(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES]); +void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_stream_xsalsa20.h b/src/libsodium/include/sodium/crypto_stream_xsalsa20.h index cb4c44a8..20034e34 100644 --- a/src/libsodium/include/sodium/crypto_stream_xsalsa20.h +++ b/src/libsodium/include/sodium/crypto_stream_xsalsa20.h @@ -34,21 +34,25 @@ size_t crypto_stream_xsalsa20_messagebytes_max(void); SODIUM_EXPORT int crypto_stream_xsalsa20(unsigned char *c, unsigned long long clen, - const unsigned char *n, const unsigned char *k); + const unsigned char *n, const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT int crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m, unsigned long long mlen, const unsigned char *n, uint64_t ic, - const unsigned char *k); + const unsigned char *k) + __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES]); +void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES]) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_verify_16.h b/src/libsodium/include/sodium/crypto_verify_16.h index 5e9eeabe..7b9c8077 100644 --- a/src/libsodium/include/sodium/crypto_verify_16.h +++ b/src/libsodium/include/sodium/crypto_verify_16.h @@ -14,7 +14,7 @@ size_t crypto_verify_16_bytes(void); SODIUM_EXPORT int crypto_verify_16(const unsigned char *x, const unsigned char *y) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_verify_32.h b/src/libsodium/include/sodium/crypto_verify_32.h index 281b5a1b..9b0f4529 100644 --- a/src/libsodium/include/sodium/crypto_verify_32.h +++ b/src/libsodium/include/sodium/crypto_verify_32.h @@ -14,7 +14,7 @@ size_t crypto_verify_32_bytes(void); SODIUM_EXPORT int crypto_verify_32(const unsigned char *x, const unsigned char *y) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/crypto_verify_64.h b/src/libsodium/include/sodium/crypto_verify_64.h index 0dc7c304..c83b7302 100644 --- a/src/libsodium/include/sodium/crypto_verify_64.h +++ b/src/libsodium/include/sodium/crypto_verify_64.h @@ -14,7 +14,7 @@ size_t crypto_verify_64_bytes(void); SODIUM_EXPORT int crypto_verify_64(const unsigned char *x, const unsigned char *y) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/randombytes.h b/src/libsodium/include/sodium/randombytes.h index d19f684e..a03cc657 100644 --- a/src/libsodium/include/sodium/randombytes.h +++ b/src/libsodium/include/sodium/randombytes.h @@ -32,11 +32,13 @@ SODIUM_EXPORT size_t randombytes_seedbytes(void); SODIUM_EXPORT -void randombytes_buf(void * const buf, const size_t size); +void randombytes_buf(void * const buf, const size_t size) + __attribute__ ((nonnull)); SODIUM_EXPORT void randombytes_buf_deterministic(void * const buf, const size_t size, - const unsigned char seed[randombytes_SEEDBYTES]); + const unsigned char seed[randombytes_SEEDBYTES]) + __attribute__ ((nonnull)); SODIUM_EXPORT uint32_t randombytes_random(void); @@ -51,7 +53,8 @@ SODIUM_EXPORT int randombytes_close(void); SODIUM_EXPORT -int randombytes_set_implementation(randombytes_implementation *impl); +int randombytes_set_implementation(randombytes_implementation *impl) + __attribute__ ((nonnull)); SODIUM_EXPORT const char *randombytes_implementation_name(void); @@ -59,7 +62,8 @@ const char *randombytes_implementation_name(void); /* -- NaCl compatibility interface -- */ SODIUM_EXPORT -void randombytes(unsigned char * const buf, const unsigned long long buf_len); +void randombytes(unsigned char * const buf, const unsigned long long buf_len) + __attribute__ ((nonnull)); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/utils.h b/src/libsodium/include/sodium/utils.h index 46eb331c..92ac2e69 100644 --- a/src/libsodium/include/sodium/utils.h +++ b/src/libsodium/include/sodium/utils.h @@ -19,7 +19,7 @@ extern "C" { #endif SODIUM_EXPORT -void sodium_memzero(void * const pnt, const size_t len); +void sodium_memzero(void * const pnt, const size_t len) __attribute__ ((nonnull)); SODIUM_EXPORT void sodium_stackzero(const size_t len); @@ -32,7 +32,7 @@ void sodium_stackzero(const size_t len); */ SODIUM_EXPORT int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); /* * sodium_compare() returns -1 if b1_ < b2_, 1 if b1_ > b2_ and 0 if b1_ == b2_ @@ -43,7 +43,7 @@ int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len) SODIUM_EXPORT int sodium_compare(const unsigned char *b1_, const unsigned char *b2_, size_t len) - __attribute__ ((warn_unused_result)); + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); SODIUM_EXPORT int sodium_is_zero(const unsigned char *n, const size_t nlen); @@ -52,17 +52,20 @@ SODIUM_EXPORT void sodium_increment(unsigned char *n, const size_t nlen); SODIUM_EXPORT -void sodium_add(unsigned char *a, const unsigned char *b, const size_t len); +void sodium_add(unsigned char *a, const unsigned char *b, const size_t len) + __attribute__ ((nonnull)); SODIUM_EXPORT char *sodium_bin2hex(char * const hex, const size_t hex_maxlen, - const unsigned char * const bin, const size_t bin_len); + const unsigned char * const bin, const size_t bin_len) + __attribute__ ((nonnull)); SODIUM_EXPORT int sodium_hex2bin(unsigned char * const bin, const size_t bin_maxlen, const char * const hex, const size_t hex_len, const char * const ignore, size_t * const bin_len, - const char ** const hex_end); + const char ** const hex_end) + __attribute__ ((nonnull(1, 3))); #define sodium_base64_VARIANT_ORIGINAL 1 #define sodium_base64_VARIANT_ORIGINAL_NO_PADDING 3 @@ -84,19 +87,22 @@ size_t sodium_base64_encoded_len(const size_t bin_len, const int variant); SODIUM_EXPORT char *sodium_bin2base64(char * const b64, const size_t b64_maxlen, const unsigned char * const bin, const size_t bin_len, - const int variant); + const int variant) __attribute__ ((nonnull)); SODIUM_EXPORT int sodium_base642bin(unsigned char * const bin, const size_t bin_maxlen, const char * const b64, const size_t b64_len, const char * const ignore, size_t * const bin_len, - const char ** const b64_end, const int variant); + const char ** const b64_end, const int variant) + __attribute__ ((nonnull(1, 3))); SODIUM_EXPORT -int sodium_mlock(void * const addr, const size_t len); +int sodium_mlock(void * const addr, const size_t len) + __attribute__ ((nonnull)); SODIUM_EXPORT -int sodium_munlock(void * const addr, const size_t len); +int sodium_munlock(void * const addr, const size_t len) + __attribute__ ((nonnull)); /* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose * allocation functions. @@ -143,21 +149,23 @@ SODIUM_EXPORT void sodium_free(void *ptr); SODIUM_EXPORT -int sodium_mprotect_noaccess(void *ptr); +int sodium_mprotect_noaccess(void *ptr) __attribute__ ((nonnull)); SODIUM_EXPORT -int sodium_mprotect_readonly(void *ptr); +int sodium_mprotect_readonly(void *ptr) __attribute__ ((nonnull)); SODIUM_EXPORT -int sodium_mprotect_readwrite(void *ptr); +int sodium_mprotect_readwrite(void *ptr) __attribute__ ((nonnull)); SODIUM_EXPORT int sodium_pad(size_t *padded_buflen_p, unsigned char *buf, - size_t unpadded_buflen, size_t blocksize, size_t max_buflen); + size_t unpadded_buflen, size_t blocksize, size_t max_buflen) + __attribute__ ((nonnull(2))); SODIUM_EXPORT int sodium_unpad(size_t *unpadded_buflen_p, const unsigned char *buf, - size_t padded_buflen, size_t blocksize); + size_t padded_buflen, size_t blocksize) + __attribute__ ((nonnull(2))); /* -------- */ From 52f814e50ce3c80ae3fca407ec3a2bec0e1510b0 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 18 Oct 2018 13:34:29 +0200 Subject: [PATCH 117/190] Avoid memset(NULL, _, 0) --- src/libsodium/crypto_sign/ed25519/ref10/open.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/libsodium/crypto_sign/ed25519/ref10/open.c b/src/libsodium/crypto_sign/ed25519/ref10/open.c index aafecf64..26476b32 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/open.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/open.c @@ -75,14 +75,17 @@ crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p, } mlen = smlen - 64; if (crypto_sign_ed25519_verify_detached(sm, sm + 64, mlen, pk) != 0) { - memset(m, 0, mlen); + if (m != NULL) { + memset(m, 0, mlen); + } goto badsig; } if (mlen_p != NULL) { *mlen_p = mlen; } - memmove(m, sm + 64, mlen); - + if (m != NULL) { + memmove(m, sm + 64, mlen); + } return 0; badsig: From 8f5a748335d80f0f554204559b6b5822d5704011 Mon Sep 17 00:00:00 2001 From: Joseph Ross Date: Tue, 2 Oct 2018 20:51:01 -0700 Subject: [PATCH 118/190] Add `dist-build` script to build libsodium for WatchOS. --- dist-build/watchOS.sh | 114 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100755 dist-build/watchOS.sh diff --git a/dist-build/watchOS.sh b/dist-build/watchOS.sh new file mode 100755 index 00000000..f688992a --- /dev/null +++ b/dist-build/watchOS.sh @@ -0,0 +1,114 @@ +#! /bin/sh +# +# Step 1. +# Configure for base system so simulator is covered +# +# Step 2. +# Make for iOS and iOS simulator +# +# Step 3. +# Merge libs into final version for xcode import + +export PREFIX="$(pwd)/libsodium-watchOS" +export WATCHOS32_PREFIX="$PREFIX/tmp/watchOS32" +export WATCHOS64_PREFIX="$PREFIX/tmp/watchOS64" +export SIMULATOR32_PREFIX="$PREFIX/tmp/simulator32" +export SIMULATOR64_PREFIX="$PREFIX/tmp/simulator64" +export XCODEDIR=$(xcode-select -p) + +export WATCHOS_SIMULATOR_VERSION_MIN=${WATCHOS_SIMULATOR_VERSION_MIN-"4.0.0"} +export WATCHOS_VERSION_MIN=${WATCHOS_VERSION_MIN-"4.0.0"} + +mkdir -p $SIMULATOR32_PREFIX $SIMULATOR64_PREFIX $WATCHOS32_PREFIX $WATCHOS64_PREFIX || exit 1 + +# Build for the simulator +export BASEDIR="${XCODEDIR}/Platforms/WatchSimulator.platform/Developer" +export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH" +export SDK="${BASEDIR}/SDKs/WatchSimulator.sdk" + +## i386 simulator +export CFLAGS="-O2 -arch i386 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}" +export LDFLAGS="-arch i386 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}" + +make distclean > /dev/null + +if [ -z "$LIBSODIUM_FULL_BUILD" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +else + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" +fi + +./configure --host=i686-apple-darwin10 \ + --disable-shared \ + ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ + --prefix="$SIMULATOR32_PREFIX" || exit 1 + + +NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null) +PROCESSORS=${NPROCESSORS:-3} + +make -j${PROCESSORS} install || exit 1 + +## x86_64 simulator +export CFLAGS="-O2 -arch x86_64 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}" +export LDFLAGS="-arch x86_64 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}" + +make distclean > /dev/null + +./configure --host=x86_64-apple-darwin10 \ + --disable-shared \ + ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ + --prefix="$SIMULATOR64_PREFIX" + +make -j${PROCESSORS} install || exit 1 + +# Build for iOS +export BASEDIR="${XCODEDIR}/Platforms/WatchOS.platform/Developer" +export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH" +export SDK="${BASEDIR}/SDKs/WatchOS.sdk" + +## 32-bit iOS +export CFLAGS="-fembed-bitcode -O2 -mthumb -arch armv7k -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}" +export LDFLAGS="-fembed-bitcode -mthumb -arch armv7k -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}" + +make distclean > /dev/null + +./configure --host=arm-apple-darwin10 \ + --disable-shared \ + ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ + --prefix="$WATCHOS32_PREFIX" || exit 1 + +make -j${PROCESSORS} install || exit 1 + +## 64-bit arm64_32 watchOS +export CFLAGS="-fembed-bitcode -O2 -mthumb -arch arm64_32 -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}" +export LDFLAGS="-fembed-bitcode -mthumb -arch arm64_32 -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}" + +make distclean > /dev/null + +./configure --host=arm-apple-darwin10 \ + --disable-shared \ + ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ + --prefix="$WATCHOS64_PREFIX" || exit 1 + +make -j${PROCESSORS} install || exit 1 + +# Create universal binary and include folder +rm -fr -- "$PREFIX/include" "$PREFIX/libsodium.a" 2> /dev/null +mkdir -p -- "$PREFIX/lib" +lipo -create \ + "$SIMULATOR32_PREFIX/lib/libsodium.a" \ + "$SIMULATOR64_PREFIX/lib/libsodium.a" \ + "$WATCHOS32_PREFIX/lib/libsodium.a" \ + "$WATCHOS64_PREFIX/lib/libsodium.a" \ + -output "$PREFIX/lib/libsodium.a" +mv -f -- "$WATCHOS32_PREFIX/include" "$PREFIX/" + +echo +echo "libsodium has been installed into $PREFIX" +echo +file -- "$PREFIX/lib/libsodium.a" + +# Cleanup +# rm -rf -- "$PREFIX/tmp" +# make distclean > /dev/null From 0d3640609e8197e553a8b2556867377109b915b9 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 22 Oct 2018 19:11:18 +0200 Subject: [PATCH 119/190] Make watchos.sh looks like other scripts --- dist-build/Makefile.am | 3 ++- dist-build/{watchOS.sh => watchos.sh} | 12 ++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) rename dist-build/{watchOS.sh => watchos.sh} (94%) diff --git a/dist-build/Makefile.am b/dist-build/Makefile.am index 3d0a0e63..63a8298f 100644 --- a/dist-build/Makefile.am +++ b/dist-build/Makefile.am @@ -14,4 +14,5 @@ EXTRA_DIST = \ msys2-win64.sh \ nativeclient-pnacl.sh \ nativeclient-x86.sh \ - nativeclient-x86_64.sh + nativeclient-x86_64.sh \ + watchos.sh diff --git a/dist-build/watchOS.sh b/dist-build/watchos.sh similarity index 94% rename from dist-build/watchOS.sh rename to dist-build/watchos.sh index f688992a..9f8c9bd4 100755 --- a/dist-build/watchOS.sh +++ b/dist-build/watchos.sh @@ -2,16 +2,16 @@ # # Step 1. # Configure for base system so simulator is covered -# +# # Step 2. # Make for iOS and iOS simulator # # Step 3. # Merge libs into final version for xcode import -export PREFIX="$(pwd)/libsodium-watchOS" -export WATCHOS32_PREFIX="$PREFIX/tmp/watchOS32" -export WATCHOS64_PREFIX="$PREFIX/tmp/watchOS64" +export PREFIX="$(pwd)/libsodium-watchos" +export WATCHOS32_PREFIX="$PREFIX/tmp/watchos32" +export WATCHOS64_PREFIX="$PREFIX/tmp/watchos64" export SIMULATOR32_PREFIX="$PREFIX/tmp/simulator32" export SIMULATOR64_PREFIX="$PREFIX/tmp/simulator64" export XCODEDIR=$(xcode-select -p) @@ -110,5 +110,5 @@ echo file -- "$PREFIX/lib/libsodium.a" # Cleanup -# rm -rf -- "$PREFIX/tmp" -# make distclean > /dev/null +rm -rf -- "$PREFIX/tmp" +make distclean > /dev/null From a8abbec660b3f3eb4ff66b9dc4a94ea73bc3d94f Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 22 Oct 2018 19:22:46 +0200 Subject: [PATCH 120/190] watchOS arm64 is actually arm64_32 --- dist-build/watchos.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/dist-build/watchos.sh b/dist-build/watchos.sh index 9f8c9bd4..60ab4b4e 100755 --- a/dist-build/watchos.sh +++ b/dist-build/watchos.sh @@ -4,14 +4,14 @@ # Configure for base system so simulator is covered # # Step 2. -# Make for iOS and iOS simulator +# Make for watchOS and watchOS simulator # # Step 3. # Merge libs into final version for xcode import export PREFIX="$(pwd)/libsodium-watchos" export WATCHOS32_PREFIX="$PREFIX/tmp/watchos32" -export WATCHOS64_PREFIX="$PREFIX/tmp/watchos64" +export WATCHOS64_32_PREFIX="$PREFIX/tmp/watchos64_32" export SIMULATOR32_PREFIX="$PREFIX/tmp/simulator32" export SIMULATOR64_PREFIX="$PREFIX/tmp/simulator64" export XCODEDIR=$(xcode-select -p) @@ -19,7 +19,7 @@ export XCODEDIR=$(xcode-select -p) export WATCHOS_SIMULATOR_VERSION_MIN=${WATCHOS_SIMULATOR_VERSION_MIN-"4.0.0"} export WATCHOS_VERSION_MIN=${WATCHOS_VERSION_MIN-"4.0.0"} -mkdir -p $SIMULATOR32_PREFIX $SIMULATOR64_PREFIX $WATCHOS32_PREFIX $WATCHOS64_PREFIX || exit 1 +mkdir -p $SIMULATOR32_PREFIX $SIMULATOR64_PREFIX $WATCHOS32_PREFIX $WATCHOS64_32_PREFIX || exit 1 # Build for the simulator export BASEDIR="${XCODEDIR}/Platforms/WatchSimulator.platform/Developer" @@ -62,12 +62,12 @@ make distclean > /dev/null make -j${PROCESSORS} install || exit 1 -# Build for iOS +# Build for watchOS export BASEDIR="${XCODEDIR}/Platforms/WatchOS.platform/Developer" export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH" export SDK="${BASEDIR}/SDKs/WatchOS.sdk" -## 32-bit iOS +## 32-bit watchOS export CFLAGS="-fembed-bitcode -O2 -mthumb -arch armv7k -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}" export LDFLAGS="-fembed-bitcode -mthumb -arch armv7k -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}" @@ -89,7 +89,7 @@ make distclean > /dev/null ./configure --host=arm-apple-darwin10 \ --disable-shared \ ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ - --prefix="$WATCHOS64_PREFIX" || exit 1 + --prefix="$WATCHOS64_32_PREFIX" || exit 1 make -j${PROCESSORS} install || exit 1 @@ -100,7 +100,7 @@ lipo -create \ "$SIMULATOR32_PREFIX/lib/libsodium.a" \ "$SIMULATOR64_PREFIX/lib/libsodium.a" \ "$WATCHOS32_PREFIX/lib/libsodium.a" \ - "$WATCHOS64_PREFIX/lib/libsodium.a" \ + "$WATCHOS64_32_PREFIX/lib/libsodium.a" \ -output "$PREFIX/lib/libsodium.a" mv -f -- "$WATCHOS32_PREFIX/include" "$PREFIX/" From e60bb52a33828385fda6d5a5b4d44dc02557fb63 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 31 Oct 2018 10:38:09 +0100 Subject: [PATCH 121/190] Disable AVX512 when using ancient versions of GCC --- configure.ac | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 35c42746..cb5443b3 100644 --- a/configure.ac +++ b/configure.ac @@ -330,10 +330,12 @@ AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"]) AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"]) AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [LDFLAGS="$LDFLAGS -Wl,-z,noexecstack"]) -AC_MSG_CHECKING(for a broken clang + AVX512 combination) +AC_MSG_CHECKING(for obsolete compiler with possibly broken AVX512 support) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[ -#if !(defined(__AVX512F__) && defined(__clang__) && __clang_major__ < 4) -#error Not a broken clang + AVX512 combination +#if !(defined(__AVX512F__) && \ + ((defined(__clang__) && __clang_major__ < 4) || \ + (defined(__GNUC__) && __GNUC__ < 6))) +#error Compiler should properly support AVX512 opcodes #endif ]])], [AC_MSG_RESULT(yes - disabling AVX512 optimizations) From a3b81c323a4171dbe54337be4f71745d22bff328 Mon Sep 17 00:00:00 2001 From: Marco Date: Tue, 6 Nov 2018 17:40:11 +0100 Subject: [PATCH 122/190] Fix broken link to documentation in README --- README.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.markdown b/README.markdown index 60059520..b986ca1c 100644 --- a/README.markdown +++ b/README.markdown @@ -31,7 +31,7 @@ in PDF, MOBI and ePUB formats. ## Integrity Checking The integrity checking instructions (including the signing key for libsodium) -are available in the [installation](https://download.libsodium.org/doc/installation/index.html#integrity-checking) +are available in the [installation](https://download.libsodium.org/doc/installation#integrity-checking) section of the documentation. ## Community From a1dff418918de3446313eaea1636699ee1af1e6d Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 11 Nov 2018 00:00:13 +0100 Subject: [PATCH 123/190] LONG_LONG_* -> LLONG_* --- .../randombytes/salsa20/randombytes_salsa20_random.c | 6 +++--- src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c index e3ec30ff..8858713c 100644 --- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +++ b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c @@ -501,10 +501,10 @@ randombytes_salsa20_random_buf(void * const buf, const size_t size) randombytes_salsa20_random_stir_if_needed(); COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_salsa20_NONCEBYTES); -#if defined(ULONG_LONG_MAX) && defined(SIZE_MAX) -# if SIZE_MAX > ULONG_LONG_MAX +#if defined(ULLONG_MAX) && defined(SIZE_MAX) +# if SIZE_MAX > ULLONG_MAX /* coverity[result_independent_of_operands] */ - assert(size <= ULONG_LONG_MAX); + assert(size <= ULLONG_MAX); # endif #endif ret = crypto_stream_salsa20((unsigned char *) buf, (unsigned long long) size, diff --git a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c index c24122f9..99018f35 100644 --- a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +++ b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c @@ -335,10 +335,10 @@ static void randombytes_sysrandom_buf(void * const buf, const size_t size) { randombytes_sysrandom_stir_if_needed(); -# if defined(ULONG_LONG_MAX) && defined(SIZE_MAX) -# if SIZE_MAX > ULONG_LONG_MAX +# if defined(ULLONG_MAX) && defined(SIZE_MAX) +# if SIZE_MAX > ULLONG_MAX /* coverity[result_independent_of_operands] */ - assert(size <= ULONG_LONG_MAX); + assert(size <= ULLONG_MAX); # endif # endif # ifndef _WIN32 From 762e5136ed9a4a96d549de6383920908a7448e7a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 30 Nov 2018 15:18:52 +0100 Subject: [PATCH 124/190] Merge old compiler detection with AVX512f support detection Maybe fixes #786 --- configure.ac | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/configure.ac b/configure.ac index cb5443b3..d41cf9a5 100644 --- a/configure.ac +++ b/configure.ac @@ -330,21 +330,6 @@ AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"]) AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"]) AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [LDFLAGS="$LDFLAGS -Wl,-z,noexecstack"]) -AC_MSG_CHECKING(for obsolete compiler with possibly broken AVX512 support) -AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[ -#if !(defined(__AVX512F__) && \ - ((defined(__clang__) && __clang_major__ < 4) || \ - (defined(__GNUC__) && __GNUC__ < 6))) -#error Compiler should properly support AVX512 opcodes -#endif -]])], - [AC_MSG_RESULT(yes - disabling AVX512 optimizations) - AX_CHECK_COMPILE_FLAG([$CFLAGS -mno-avx512f], - [CFLAGS="$CFLAGS -mno-avx512f"]) - ], - [AC_MSG_RESULT(no) -]) - AX_CHECK_CATCHABLE_SEGV AX_CHECK_CATCHABLE_ABRT @@ -491,13 +476,29 @@ return _mm256_movemask_ps(_mm256_cmp_ps(x, y, _CMP_NEQ_OQ)); #pragma GCC target("avx512f") #include ]], [[ + +#ifndef __AVX512F__ +# error No AVX512 support +#elif defined(__clang__) +# if __clang_major__ < 4 +# error Compiler AVX512 support may be broken +# endif +#elif defined(__GNUC__) +# if __GNUC__ < 6 +# error Compiler AVX512 support may be broken +# endif +#endif + __m512i x = _mm512_setzero_epi32(); __m512i y = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), x); ]])], [AC_MSG_RESULT(yes) AC_DEFINE([HAVE_AVX512FINTRIN_H], [1], [AVX512F is available]) AX_CHECK_COMPILE_FLAG([-mavx512f], [CFLAGS_AVX512F="-mavx512f"])], - [AC_MSG_RESULT(no)]) + [AC_MSG_RESULT(no) + AX_CHECK_COMPILE_FLAG([$CFLAGS -mno-avx512f], + [CFLAGS="$CFLAGS -mno-avx512f"]) + ]) CFLAGS="$oldcflags" oldcflags="$CFLAGS" From c60df7b9ff099e397a716edb59595e7afca42fa1 Mon Sep 17 00:00:00 2001 From: Ilya Maykov Date: Mon, 3 Dec 2018 09:17:05 -0800 Subject: [PATCH 125/190] Made sig parameter of crypto_sign_final_verify() const --- src/libsodium/crypto_sign/crypto_sign.c | 2 +- src/libsodium/crypto_sign/ed25519/sign_ed25519.c | 2 +- src/libsodium/include/sodium/crypto_sign.h | 2 +- src/libsodium/include/sodium/crypto_sign_ed25519.h | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libsodium/crypto_sign/crypto_sign.c b/src/libsodium/crypto_sign/crypto_sign.c index 127072f7..d723ff8c 100644 --- a/src/libsodium/crypto_sign/crypto_sign.c +++ b/src/libsodium/crypto_sign/crypto_sign.c @@ -108,7 +108,7 @@ crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig, } int -crypto_sign_final_verify(crypto_sign_state *state, unsigned char *sig, +crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig, const unsigned char *pk) { return crypto_sign_ed25519ph_final_verify(state, sig, pk); diff --git a/src/libsodium/crypto_sign/ed25519/sign_ed25519.c b/src/libsodium/crypto_sign/ed25519/sign_ed25519.c index 8a69513e..9b902497 100644 --- a/src/libsodium/crypto_sign/ed25519/sign_ed25519.c +++ b/src/libsodium/crypto_sign/ed25519/sign_ed25519.c @@ -86,7 +86,7 @@ crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state, int crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state, - unsigned char *sig, + const unsigned char *sig, const unsigned char *pk) { unsigned char ph[crypto_hash_sha512_BYTES]; diff --git a/src/libsodium/include/sodium/crypto_sign.h b/src/libsodium/include/sodium/crypto_sign.h index 9d4b17e4..3d31ab24 100644 --- a/src/libsodium/include/sodium/crypto_sign.h +++ b/src/libsodium/include/sodium/crypto_sign.h @@ -96,7 +96,7 @@ int crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig, __attribute__ ((nonnull(1, 2, 4))); SODIUM_EXPORT -int crypto_sign_final_verify(crypto_sign_state *state, unsigned char *sig, +int crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig, const unsigned char *pk) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); diff --git a/src/libsodium/include/sodium/crypto_sign_ed25519.h b/src/libsodium/include/sodium/crypto_sign_ed25519.h index ddbe8586..db978ea2 100644 --- a/src/libsodium/include/sodium/crypto_sign_ed25519.h +++ b/src/libsodium/include/sodium/crypto_sign_ed25519.h @@ -113,7 +113,7 @@ int crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state, SODIUM_EXPORT int crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state, - unsigned char *sig, + const unsigned char *sig, const unsigned char *pk) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); From 055e0ae82c8a478ab3eb8f5608c34dc718304275 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 10 Dec 2018 21:03:52 +0100 Subject: [PATCH 126/190] Even in non-deterministic EdDSA, the actual secret key is H(sk). --- src/libsodium/crypto_sign/ed25519/ref10/sign.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/libsodium/crypto_sign/ed25519/ref10/sign.c b/src/libsodium/crypto_sign/ed25519/ref10/sign.c index 4df90bdd..3e34e170 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/sign.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/sign.c @@ -74,11 +74,10 @@ _crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p, _crypto_sign_ed25519_ref10_hinit(&hs, prehashed); + crypto_hash_sha512(az, sk, 32); #ifdef ED25519_NONDETERMINISTIC - memcpy(az, sk, 32); _crypto_sign_ed25519_synthetic_r_hv(&hs, nonce, az); #else - crypto_hash_sha512(az, sk, 32); crypto_hash_sha512_update(&hs, az + 32, 32); #endif From b42082d6d265d17fd6116b7fc7b1f1363bbab32f Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 18 Dec 2018 22:46:56 +0100 Subject: [PATCH 127/190] Add unclamped versions of scalarmult_ed25519*() --- .../ed25519/ref10/scalarmult_ed25519_ref10.c | 66 ++++++++++++++----- .../sodium/crypto_scalarmult_ed25519.h | 9 +++ 2 files changed, 58 insertions(+), 17 deletions(-) diff --git a/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c b/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c index 0e317cf7..800ff00e 100644 --- a/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c +++ b/src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c @@ -28,9 +28,9 @@ _crypto_scalarmult_ed25519_clamp(unsigned char k[32]) k[31] |= 64; } -int -crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, - const unsigned char *p) +static int +_crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, + const unsigned char *p, const int clamp) { unsigned char *t = q; ge25519_p3 Q; @@ -44,7 +44,9 @@ crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, for (i = 0; i < 32; ++i) { t[i] = n[i]; } - _crypto_scalarmult_ed25519_clamp(t); + if (clamp != 0) { + _crypto_scalarmult_ed25519_clamp(t); + } ge25519_scalarmult(&Q, t, &P); ge25519_p3_tobytes(q, &Q); if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) { @@ -53,24 +55,54 @@ crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, return 0; } +int +crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, + const unsigned char *p) +{ + return _crypto_scalarmult_ed25519(q, n, p, 1); +} + +int +crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n, + const unsigned char *p) +{ + return _crypto_scalarmult_ed25519(q, n, p, 0); +} + +static int +_crypto_scalarmult_ed25519_base(unsigned char *q, + const unsigned char *n, const int clamp) +{ + unsigned char *t = q; + ge25519_p3 Q; + unsigned int i; + + for (i = 0; i < 32; ++i) { + t[i] = n[i]; + } + if (clamp != 0) { + _crypto_scalarmult_ed25519_clamp(t); + } + ge25519_scalarmult_base(&Q, t); + ge25519_p3_tobytes(q, &Q); + if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) { + return -1; + } + return 0; +} + int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n) { - unsigned char *t = q; - ge25519_p3 Q; - unsigned int i; + return _crypto_scalarmult_ed25519_base(q, n, 1); +} - for (i = 0; i < 32; ++i) { - t[i] = n[i]; - } - _crypto_scalarmult_ed25519_clamp(t); - ge25519_scalarmult_base(&Q, t); - ge25519_p3_tobytes(q, &Q); - if (sodium_is_zero(n, 32) != 0) { - return -1; - } - return 0; +int +crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, + const unsigned char *n) +{ + return _crypto_scalarmult_ed25519_base(q, n, 0); } size_t diff --git a/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h b/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h index 39e0d92c..1958643c 100644 --- a/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h +++ b/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h @@ -31,10 +31,19 @@ int crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, const unsigned char *p) __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); +SODIUM_EXPORT +int crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n, + const unsigned char *p) + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); + SODIUM_EXPORT int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n) __attribute__ ((nonnull)); +SODIUM_EXPORT +int crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, const unsigned char *n) + __attribute__ ((nonnull)); + #ifdef __cplusplus } #endif From b6051b7ee2fd8984629ab17741f09d1d11358194 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 18 Dec 2018 23:11:15 +0100 Subject: [PATCH 128/190] Add tests for unclamped scalars --- test/default/scalarmult_ed25519.c | 36 +++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) diff --git a/test/default/scalarmult_ed25519.c b/test/default/scalarmult_ed25519.c index 3ad4bd09..26d431ae 100644 --- a/test/default/scalarmult_ed25519.c +++ b/test/default/scalarmult_ed25519.c @@ -43,18 +43,24 @@ main(void) memset(n, 0, crypto_scalarmult_ed25519_SCALARBYTES); if (crypto_scalarmult_ed25519_base(q, n) != -1) { - printf("crypto_scalarmult_ed25519_base(0) failed\n"); + printf("crypto_scalarmult_ed25519_base(0) passed\n"); } if (crypto_scalarmult_ed25519(q2, n, p) != -1) { printf("crypto_scalarmult_ed25519(0) passed\n"); } + if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != -1) { + printf("crypto_scalarmult_ed25519_noclamp(0) passed\n"); + } n[0] = 1; if (crypto_scalarmult_ed25519_base(q, n) != 0) { printf("crypto_scalarmult_ed25519_base() failed\n"); } if (crypto_scalarmult_ed25519(q2, n, p) != 0) { - printf("crypto_scalarmult_ed25519() passed\n"); + printf("crypto_scalarmult_ed25519() failed\n"); + } + if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) { + printf("crypto_scalarmult_ed25519_noclamp() failed\n"); } if (crypto_scalarmult_ed25519(q, n, non_canonical_p) != -1) { @@ -67,14 +73,40 @@ main(void) printf("crypto_scalarmult_ed25519() failed\n"); } + n[0] = 9; + if (crypto_scalarmult_ed25519(q, n, p) != 0) { + printf("crypto_scalarmult_ed25519() failed\n"); + } + if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) { + printf("crypto_scalarmult_ed25519_noclamp() failed\n"); + } + if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) == 0) { + printf("clamping not applied\n"); + } + n[0] = 8; + n[31] = 64; + if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) { + printf("crypto_scalarmult_ed25519_noclamp() failed\n"); + } + if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) != 0) { + printf("inconsistent clamping\n"); + } + memset(p, 0, crypto_scalarmult_ed25519_BYTES); if (crypto_scalarmult_ed25519(q, n, p) != -1) { printf("crypto_scalarmult_ed25519() didn't fail\n"); } + if (crypto_scalarmult_ed25519_noclamp(q, n, p) != -1) { + printf("crypto_scalarmult_ed25519_noclamp() didn't fail\n"); + } + n[0] = 8; if (crypto_scalarmult_ed25519(q, n, p) != -1) { printf("crypto_scalarmult_ed25519() didn't fail\n"); } + if (crypto_scalarmult_ed25519_noclamp(q, n, p) != -1) { + printf("crypto_scalarmult_ed25519_noclamp() didn't fail\n"); + } sodium_free(q2); sodium_free(q); From 36f2d99faccd8914e75eb3e9987b609cbc331797 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 20 Dec 2018 20:05:34 +0100 Subject: [PATCH 129/190] Add crypto_core_ed25519_{scalar_invert, ed25519_scalar_reduce)() These new low-level APIs are especially useful for blinding. --- .../crypto_core/ed25519/core_ed25519.c | 15 + .../crypto_core/ed25519/ref10/ed25519_ref10.c | 562 +++++++++++++++++- .../include/sodium/crypto_core_ed25519.h | 12 + .../include/sodium/private/ed25519_ref10.h | 10 +- 4 files changed, 591 insertions(+), 8 deletions(-) diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index 1bcf5022..3b625538 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -2,6 +2,7 @@ #include "crypto_core_ed25519.h" #include "private/common.h" #include "private/ed25519_ref10.h" +#include "utils.h" int crypto_core_ed25519_is_valid_point(const unsigned char *p) @@ -66,6 +67,14 @@ crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) return - ge25519_has_small_order(p); } +int +crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) +{ + sc25519_invert(recip, s); + + return - sodium_is_zero(s, crypto_core_ed25519_SCALARBYTES); +} + size_t crypto_core_ed25519_bytes(void) { @@ -77,3 +86,9 @@ crypto_core_ed25519_uniformbytes(void) { return crypto_core_ed25519_UNIFORMBYTES; } + +size_t +crypto_core_ed25519_scalarbytes(void) +{ + return crypto_core_ed25519_SCALARBYTES; +} diff --git a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c index f7b82806..22f20db6 100644 --- a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c +++ b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c @@ -1055,6 +1055,478 @@ ge25519_has_small_order(const unsigned char s[32]) return (int) ((k >> 8) & 1); } +/* + Input: + a[0]+256*a[1]+...+256^31*a[31] = a + b[0]+256*b[1]+...+256^31*b[31] = b + * + Output: + s[0]+256*s[1]+...+256^31*s[31] = (ab) mod l + where l = 2^252 + 27742317777372353535851937790883648493. + */ + +static void +sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32]) +{ + int64_t a0 = 2097151 & load_3(a); + int64_t a1 = 2097151 & (load_4(a + 2) >> 5); + int64_t a2 = 2097151 & (load_3(a + 5) >> 2); + int64_t a3 = 2097151 & (load_4(a + 7) >> 7); + int64_t a4 = 2097151 & (load_4(a + 10) >> 4); + int64_t a5 = 2097151 & (load_3(a + 13) >> 1); + int64_t a6 = 2097151 & (load_4(a + 15) >> 6); + int64_t a7 = 2097151 & (load_3(a + 18) >> 3); + int64_t a8 = 2097151 & load_3(a + 21); + int64_t a9 = 2097151 & (load_4(a + 23) >> 5); + int64_t a10 = 2097151 & (load_3(a + 26) >> 2); + int64_t a11 = (load_4(a + 28) >> 7); + + int64_t b0 = 2097151 & load_3(b); + int64_t b1 = 2097151 & (load_4(b + 2) >> 5); + int64_t b2 = 2097151 & (load_3(b + 5) >> 2); + int64_t b3 = 2097151 & (load_4(b + 7) >> 7); + int64_t b4 = 2097151 & (load_4(b + 10) >> 4); + int64_t b5 = 2097151 & (load_3(b + 13) >> 1); + int64_t b6 = 2097151 & (load_4(b + 15) >> 6); + int64_t b7 = 2097151 & (load_3(b + 18) >> 3); + int64_t b8 = 2097151 & load_3(b + 21); + int64_t b9 = 2097151 & (load_4(b + 23) >> 5); + int64_t b10 = 2097151 & (load_3(b + 26) >> 2); + int64_t b11 = (load_4(b + 28) >> 7); + + int64_t s0; + int64_t s1; + int64_t s2; + int64_t s3; + int64_t s4; + int64_t s5; + int64_t s6; + int64_t s7; + int64_t s8; + int64_t s9; + int64_t s10; + int64_t s11; + int64_t s12; + int64_t s13; + int64_t s14; + int64_t s15; + int64_t s16; + int64_t s17; + int64_t s18; + int64_t s19; + int64_t s20; + int64_t s21; + int64_t s22; + int64_t s23; + + int64_t carry0; + int64_t carry1; + int64_t carry2; + int64_t carry3; + int64_t carry4; + int64_t carry5; + int64_t carry6; + int64_t carry7; + int64_t carry8; + int64_t carry9; + int64_t carry10; + int64_t carry11; + int64_t carry12; + int64_t carry13; + int64_t carry14; + int64_t carry15; + int64_t carry16; + int64_t carry17; + int64_t carry18; + int64_t carry19; + int64_t carry20; + int64_t carry21; + int64_t carry22; + + s0 = a0 * b0; + s1 = a0 * b1 + a1 * b0; + s2 = a0 * b2 + a1 * b1 + a2 * b0; + s3 = a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0; + s4 = a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0; + s5 = a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0; + s6 = a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0; + s7 = a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 + + a6 * b1 + a7 * b0; + s8 = a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 + + a6 * b2 + a7 * b1 + a8 * b0; + s9 = a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 + + a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0; + s10 = a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 + + a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0; + s11 = a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 + + a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0; + s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 + + a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1; + s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 + + a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2; + s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 + + a9 * b5 + a10 * b4 + a11 * b3; + s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 + + a10 * b5 + a11 * b4; + s16 = + a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5; + s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6; + s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7; + s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8; + s20 = a9 * b11 + a10 * b10 + a11 * b9; + s21 = a10 * b11 + a11 * b10; + s22 = a11 * b11; + s23 = 0; + + carry0 = (s0 + (int64_t) (1L << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry2 = (s2 + (int64_t) (1L << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry4 = (s4 + (int64_t) (1L << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry6 = (s6 + (int64_t) (1L << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry8 = (s8 + (int64_t) (1L << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry10 = (s10 + (int64_t) (1L << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + carry12 = (s12 + (int64_t) (1L << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * ((uint64_t) 1L << 21); + carry14 = (s14 + (int64_t) (1L << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * ((uint64_t) 1L << 21); + carry16 = (s16 + (int64_t) (1L << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * ((uint64_t) 1L << 21); + carry18 = (s18 + (int64_t) (1L << 20)) >> 21; + s19 += carry18; + s18 -= carry18 * ((uint64_t) 1L << 21); + carry20 = (s20 + (int64_t) (1L << 20)) >> 21; + s21 += carry20; + s20 -= carry20 * ((uint64_t) 1L << 21); + carry22 = (s22 + (int64_t) (1L << 20)) >> 21; + s23 += carry22; + s22 -= carry22 * ((uint64_t) 1L << 21); + + carry1 = (s1 + (int64_t) (1L << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry3 = (s3 + (int64_t) (1L << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry5 = (s5 + (int64_t) (1L << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry7 = (s7 + (int64_t) (1L << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry9 = (s9 + (int64_t) (1L << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry11 = (s11 + (int64_t) (1L << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + carry13 = (s13 + (int64_t) (1L << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * ((uint64_t) 1L << 21); + carry15 = (s15 + (int64_t) (1L << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * ((uint64_t) 1L << 21); + carry17 = (s17 + (int64_t) (1L << 20)) >> 21; + s18 += carry17; + s17 -= carry17 * ((uint64_t) 1L << 21); + carry19 = (s19 + (int64_t) (1L << 20)) >> 21; + s20 += carry19; + s19 -= carry19 * ((uint64_t) 1L << 21); + carry21 = (s21 + (int64_t) (1L << 20)) >> 21; + s22 += carry21; + s21 -= carry21 * ((uint64_t) 1L << 21); + + s11 += s23 * 666643; + s12 += s23 * 470296; + s13 += s23 * 654183; + s14 -= s23 * 997805; + s15 += s23 * 136657; + s16 -= s23 * 683901; + + s10 += s22 * 666643; + s11 += s22 * 470296; + s12 += s22 * 654183; + s13 -= s22 * 997805; + s14 += s22 * 136657; + s15 -= s22 * 683901; + + s9 += s21 * 666643; + s10 += s21 * 470296; + s11 += s21 * 654183; + s12 -= s21 * 997805; + s13 += s21 * 136657; + s14 -= s21 * 683901; + + s8 += s20 * 666643; + s9 += s20 * 470296; + s10 += s20 * 654183; + s11 -= s20 * 997805; + s12 += s20 * 136657; + s13 -= s20 * 683901; + + s7 += s19 * 666643; + s8 += s19 * 470296; + s9 += s19 * 654183; + s10 -= s19 * 997805; + s11 += s19 * 136657; + s12 -= s19 * 683901; + + s6 += s18 * 666643; + s7 += s18 * 470296; + s8 += s18 * 654183; + s9 -= s18 * 997805; + s10 += s18 * 136657; + s11 -= s18 * 683901; + + carry6 = (s6 + (int64_t) (1L << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry8 = (s8 + (int64_t) (1L << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry10 = (s10 + (int64_t) (1L << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + carry12 = (s12 + (int64_t) (1L << 20)) >> 21; + s13 += carry12; + s12 -= carry12 * ((uint64_t) 1L << 21); + carry14 = (s14 + (int64_t) (1L << 20)) >> 21; + s15 += carry14; + s14 -= carry14 * ((uint64_t) 1L << 21); + carry16 = (s16 + (int64_t) (1L << 20)) >> 21; + s17 += carry16; + s16 -= carry16 * ((uint64_t) 1L << 21); + + carry7 = (s7 + (int64_t) (1L << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry9 = (s9 + (int64_t) (1L << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry11 = (s11 + (int64_t) (1L << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + carry13 = (s13 + (int64_t) (1L << 20)) >> 21; + s14 += carry13; + s13 -= carry13 * ((uint64_t) 1L << 21); + carry15 = (s15 + (int64_t) (1L << 20)) >> 21; + s16 += carry15; + s15 -= carry15 * ((uint64_t) 1L << 21); + + s5 += s17 * 666643; + s6 += s17 * 470296; + s7 += s17 * 654183; + s8 -= s17 * 997805; + s9 += s17 * 136657; + s10 -= s17 * 683901; + + s4 += s16 * 666643; + s5 += s16 * 470296; + s6 += s16 * 654183; + s7 -= s16 * 997805; + s8 += s16 * 136657; + s9 -= s16 * 683901; + + s3 += s15 * 666643; + s4 += s15 * 470296; + s5 += s15 * 654183; + s6 -= s15 * 997805; + s7 += s15 * 136657; + s8 -= s15 * 683901; + + s2 += s14 * 666643; + s3 += s14 * 470296; + s4 += s14 * 654183; + s5 -= s14 * 997805; + s6 += s14 * 136657; + s7 -= s14 * 683901; + + s1 += s13 * 666643; + s2 += s13 * 470296; + s3 += s13 * 654183; + s4 -= s13 * 997805; + s5 += s13 * 136657; + s6 -= s13 * 683901; + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = (s0 + (int64_t) (1L << 20)) >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry2 = (s2 + (int64_t) (1L << 20)) >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry4 = (s4 + (int64_t) (1L << 20)) >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry6 = (s6 + (int64_t) (1L << 20)) >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry8 = (s8 + (int64_t) (1L << 20)) >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry10 = (s10 + (int64_t) (1L << 20)) >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + + carry1 = (s1 + (int64_t) (1L << 20)) >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry3 = (s3 + (int64_t) (1L << 20)) >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry5 = (s5 + (int64_t) (1L << 20)) >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry7 = (s7 + (int64_t) (1L << 20)) >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry9 = (s9 + (int64_t) (1L << 20)) >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry11 = (s11 + (int64_t) (1L << 20)) >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + s12 = 0; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + carry11 = s11 >> 21; + s12 += carry11; + s11 -= carry11 * ((uint64_t) 1L << 21); + + s0 += s12 * 666643; + s1 += s12 * 470296; + s2 += s12 * 654183; + s3 -= s12 * 997805; + s4 += s12 * 136657; + s5 -= s12 * 683901; + + carry0 = s0 >> 21; + s1 += carry0; + s0 -= carry0 * ((uint64_t) 1L << 21); + carry1 = s1 >> 21; + s2 += carry1; + s1 -= carry1 * ((uint64_t) 1L << 21); + carry2 = s2 >> 21; + s3 += carry2; + s2 -= carry2 * ((uint64_t) 1L << 21); + carry3 = s3 >> 21; + s4 += carry3; + s3 -= carry3 * ((uint64_t) 1L << 21); + carry4 = s4 >> 21; + s5 += carry4; + s4 -= carry4 * ((uint64_t) 1L << 21); + carry5 = s5 >> 21; + s6 += carry5; + s5 -= carry5 * ((uint64_t) 1L << 21); + carry6 = s6 >> 21; + s7 += carry6; + s6 -= carry6 * ((uint64_t) 1L << 21); + carry7 = s7 >> 21; + s8 += carry7; + s7 -= carry7 * ((uint64_t) 1L << 21); + carry8 = s8 >> 21; + s9 += carry8; + s8 -= carry8 * ((uint64_t) 1L << 21); + carry9 = s9 >> 21; + s10 += carry9; + s9 -= carry9 * ((uint64_t) 1L << 21); + carry10 = s10 >> 21; + s11 += carry10; + s10 -= carry10 * ((uint64_t) 1L << 21); + + s[0] = s0 >> 0; + s[1] = s0 >> 8; + s[2] = (s0 >> 16) | (s1 * ((uint64_t) 1 << 5)); + s[3] = s1 >> 3; + s[4] = s1 >> 11; + s[5] = (s1 >> 19) | (s2 * ((uint64_t) 1 << 2)); + s[6] = s2 >> 6; + s[7] = (s2 >> 14) | (s3 * ((uint64_t) 1 << 7)); + s[8] = s3 >> 1; + s[9] = s3 >> 9; + s[10] = (s3 >> 17) | (s4 * ((uint64_t) 1 << 4)); + s[11] = s4 >> 4; + s[12] = s4 >> 12; + s[13] = (s4 >> 20) | (s5 * ((uint64_t) 1 << 1)); + s[14] = s5 >> 7; + s[15] = (s5 >> 15) | (s6 * ((uint64_t) 1 << 6)); + s[16] = s6 >> 2; + s[17] = s6 >> 10; + s[18] = (s6 >> 18) | (s7 * ((uint64_t) 1 << 3)); + s[19] = s7 >> 5; + s[20] = s7 >> 13; + s[21] = s8 >> 0; + s[22] = s8 >> 8; + s[23] = (s8 >> 16) | (s9 * ((uint64_t) 1 << 5)); + s[24] = s9 >> 3; + s[25] = s9 >> 11; + s[26] = (s9 >> 19) | (s10 * ((uint64_t) 1 << 2)); + s[27] = s10 >> 6; + s[28] = (s10 >> 14) | (s11 * ((uint64_t) 1 << 7)); + s[29] = s11 >> 1; + s[30] = s11 >> 9; + s[31] = s11 >> 17; +} + /* Input: a[0]+256*a[1]+...+256^31*a[31] = a @@ -1067,8 +1539,8 @@ ge25519_has_small_order(const unsigned char s[32]) */ void -sc25519_muladd(unsigned char *s, const unsigned char *a, - const unsigned char *b, const unsigned char *c) +sc25519_muladd(unsigned char s[32], const unsigned char a[32], + const unsigned char b[32], const unsigned char c[32]) { int64_t a0 = 2097151 & load_3(a); int64_t a1 = 2097151 & (load_4(a + 2) >> 5); @@ -1543,6 +2015,88 @@ sc25519_muladd(unsigned char *s, const unsigned char *a, s[31] = s11 >> 17; } +/* + Input: + a[0]+256*a[1]+...+256^31*a[31] = a + * + Output: + s[0]+256*s[1]+...+256^31*s[31] = a^2 mod l + where l = 2^252 + 27742317777372353535851937790883648493. + */ + +static inline void +sc25519_sq(unsigned char *s, const unsigned char *a) +{ + sc25519_mul(s, a, a); +} + +/* + Input: + s[0]+256*a[1]+...+256^31*a[31] = a + n + * + Output: + s[0]+256*s[1]+...+256^31*s[31] = x * s^(s^n) mod l + where l = 2^252 + 27742317777372353535851937790883648493. + Overwrites s in place. + */ + +static inline void +sc25519_sqmul(unsigned char s[32], const int n, const unsigned char a[32]) +{ + int i; + + for (i = 0; i < n; i++) { + sc25519_sq(s, s); + } + sc25519_mul(s, s, a); +} + +void +sc25519_invert(unsigned char recip[32], const unsigned char s[32]) +{ + unsigned char _10[32], _100[32], _11[32], _101[32], _111[32], + _1001[32], _1011[32], _1111[32]; + + sc25519_sq(_10, s); + sc25519_sq(_100, _10); + sc25519_mul(_11, _10, s); + sc25519_mul(_101, _10, _11); + sc25519_mul(_111, _10, _101); + sc25519_mul(_1001, _10, _111); + sc25519_mul(_1011, _10, _1001); + sc25519_mul(_1111, _100, _1011); + sc25519_mul(recip, _1111, s); + + sc25519_sqmul(recip, 123 + 3, _101); + sc25519_sqmul(recip, 2 + 2, _11); + sc25519_sqmul(recip, 1 + 4, _1111); + sc25519_sqmul(recip, 1 + 4, _1111); + sc25519_sqmul(recip, 4, _1001); + sc25519_sqmul(recip, 2, _11); + sc25519_sqmul(recip, 1 + 4, _1111); + sc25519_sqmul(recip, 1 + 3, _101); + sc25519_sqmul(recip, 3 + 3, _101); + sc25519_sqmul(recip, 3, _111); + sc25519_sqmul(recip, 1 + 4, _1111); + sc25519_sqmul(recip, 2 + 3, _111); + sc25519_sqmul(recip, 2 + 2, _11); + sc25519_sqmul(recip, 1 + 4, _1011); + sc25519_sqmul(recip, 2 + 4, _1011); + sc25519_sqmul(recip, 6 + 4, _1001); + sc25519_sqmul(recip, 2 + 2, _11); + sc25519_sqmul(recip, 3 + 2, _11); + sc25519_sqmul(recip, 3 + 2, _11); + sc25519_sqmul(recip, 1 + 4, _1001); + sc25519_sqmul(recip, 1 + 3, _111); + sc25519_sqmul(recip, 2 + 4, _1111); + sc25519_sqmul(recip, 1 + 4, _1011); + sc25519_sqmul(recip, 3, _101); + sc25519_sqmul(recip, 2 + 4, _1111); + sc25519_sqmul(recip, 3, _101); + sc25519_sqmul(recip, 1 + 2, _11); +} + /* Input: s[0]+256*s[1]+...+256^63*s[63] = s @@ -1554,7 +2108,7 @@ sc25519_muladd(unsigned char *s, const unsigned char *a, */ void -sc25519_reduce(unsigned char *s) +sc25519_reduce(unsigned char s[32]) { int64_t s0 = 2097151 & load_3(s); int64_t s1 = 2097151 & (load_4(s + 2) >> 5); @@ -1878,7 +2432,7 @@ sc25519_reduce(unsigned char *s) } int -sc25519_is_canonical(const unsigned char *s) +sc25519_is_canonical(const unsigned char s[32]) { /* 2^252+27742317777372353535851937790883648493 */ static const unsigned char L[32] = { diff --git a/src/libsodium/include/sodium/crypto_core_ed25519.h b/src/libsodium/include/sodium/crypto_core_ed25519.h index ed25f66b..9eeb2f25 100644 --- a/src/libsodium/include/sodium/crypto_core_ed25519.h +++ b/src/libsodium/include/sodium/crypto_core_ed25519.h @@ -16,6 +16,10 @@ size_t crypto_core_ed25519_bytes(void); SODIUM_EXPORT size_t crypto_core_ed25519_uniformbytes(void); +#define crypto_core_ed25519_SCALARBYTES 32 +SODIUM_EXPORT +size_t crypto_core_ed25519_scalarbytes(void); + SODIUM_EXPORT int crypto_core_ed25519_is_valid_point(const unsigned char *p) __attribute__ ((nonnull)); @@ -34,6 +38,14 @@ SODIUM_EXPORT int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) __attribute__ ((nonnull)); +SODIUM_EXPORT +int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s) + __attribute__ ((nonnull)); + #ifdef __cplusplus } #endif diff --git a/src/libsodium/include/sodium/private/ed25519_ref10.h b/src/libsodium/include/sodium/private/ed25519_ref10.h index 42fcd981..3fd6cfbc 100644 --- a/src/libsodium/include/sodium/private/ed25519_ref10.h +++ b/src/libsodium/include/sodium/private/ed25519_ref10.h @@ -115,11 +115,13 @@ void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]); where l = 2^252 + 27742317777372353535851937790883648493. */ -void sc25519_reduce(unsigned char *s); +void sc25519_invert(unsigned char recip[32], const unsigned char s[32]); -void sc25519_muladd(unsigned char *s, const unsigned char *a, - const unsigned char *b, const unsigned char *c); +void sc25519_reduce(unsigned char s[32]); -int sc25519_is_canonical(const unsigned char *s); +void sc25519_muladd(unsigned char s[32], const unsigned char a[32], + const unsigned char b[32], const unsigned char c[32]); + +int sc25519_is_canonical(const unsigned char s[32]); #endif From fdeb11d81c6024960e12bc1bb0975e78bd30e7b1 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 20 Dec 2018 20:09:57 +0100 Subject: [PATCH 130/190] Regen emscripten symbols --- dist-build/emscripten-symbols.def | 4 ++++ dist-build/emscripten.sh | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/dist-build/emscripten-symbols.def b/dist-build/emscripten-symbols.def index 9e6abed1..19e8007c 100644 --- a/dist-build/emscripten-symbols.def +++ b/dist-build/emscripten-symbols.def @@ -149,6 +149,8 @@ _crypto_core_ed25519_from_uniform 0 1 _crypto_core_ed25519_is_valid_point 0 1 _crypto_core_ed25519_sub 0 1 _crypto_core_ed25519_uniformbytes 0 1 +_crypto_core_ed25519_scalar_invert 0 1 +_crypto_core_ed25519_scalarbytes 0 1 _crypto_core_hchacha20 1 1 _crypto_core_hchacha20_constbytes 1 1 _crypto_core_hchacha20_inputbytes 1 1 @@ -356,7 +358,9 @@ _crypto_scalarmult_curve25519_base 0 1 _crypto_scalarmult_curve25519_bytes 0 1 _crypto_scalarmult_curve25519_scalarbytes 0 1 _crypto_scalarmult_ed25519 0 1 +_crypto_scalarmult_ed25519_noclamp 0 1 _crypto_scalarmult_ed25519_base 0 1 +_crypto_scalarmult_ed25519_base_noclamp 0 1 _crypto_scalarmult_ed25519_bytes 0 1 _crypto_scalarmult_ed25519_scalarbytes 0 1 _crypto_scalarmult_primitive 0 1 diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 8139ba07..477688c5 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -2,7 +2,7 @@ export MAKE_FLAGS='-j4' export EXPORTED_FUNCTIONS_STANDARD='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream_keygen","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' -export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' +export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_scalar_invert","_crypto_core_ed25519_scalarbytes","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_base_noclamp","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_noclamp","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' export EXPORTED_RUNTIME_METHODS='["Pointer_stringify","getValue","setValue"]' export TOTAL_MEMORY=16777216 export TOTAL_MEMORY_SUMO=83886080 From 6fa022030294b4e74c4564a1589f690c22e74d42 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 23 Dec 2018 02:56:11 +0100 Subject: [PATCH 131/190] Export crypto_core_ed25519_scalar_reduce, add tests --- .../crypto_core/ed25519/core_ed25519.c | 12 +++++++++++ test/default/core_ed25519.c | 21 ++++++++++++++++++- 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index 3b625538..1ec395e3 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -75,6 +75,18 @@ crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) return - sodium_is_zero(s, crypto_core_ed25519_SCALARBYTES); } + +void +crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s) +{ + unsigned char t[crypto_core_ed25519_SCALARBYTES]; + + memcpy(t, s, sizeof t); + sc25519_reduce(t); + memcpy(r, t, sizeof t); + sodium_memzero(t, sizeof t); +} + size_t crypto_core_ed25519_bytes(void) { diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c index e8a0f00d..970a03cd 100644 --- a/test/default/core_ed25519.c +++ b/test/default/core_ed25519.c @@ -39,7 +39,7 @@ main(void) { unsigned char *h; unsigned char *p, *p2, *p3; - unsigned char *sc; + unsigned char *sc, *sc2; int i, j; h = (unsigned char *) sodium_malloc(crypto_core_ed25519_UNIFORMBYTES); @@ -135,6 +135,24 @@ main(void) assert(crypto_core_ed25519_sub(p3, non_canonical_p, p3) == 0); assert(crypto_core_ed25519_sub(p3, non_canonical_invalid_p, p3) == -1); + for (i = 0; i < 1000; i++) { + randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES); + crypto_core_ed25519_from_uniform(p, h); + randombytes_buf(sc, crypto_core_ed25519_SCALARBYTES); + crypto_core_ed25519_scalar_reduce(sc, sc); + if (crypto_scalarmult_ed25519_noclamp(p2, sc, p) != 0) { + printf("crypto_scalarmult_ed25519_noclamp() failed\n"); + } + assert(crypto_core_ed25519_is_valid_point(p2)); + if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) { + printf("crypto_core_ed25519_scalar_invert() failed\n"); + } + if (crypto_scalarmult_ed25519_noclamp(p3, sc, p2) != 0) { + printf("crypto_scalarmult_ed25519_noclamp() failed\n"); + } + assert(memcmp(p3, p, crypto_core_ed25519_BYTES) == 0); + } + sodium_free(sc); sodium_free(p3); sodium_free(p2); @@ -142,6 +160,7 @@ main(void) sodium_free(h); assert(crypto_core_ed25519_BYTES == crypto_core_ed25519_bytes()); + assert(crypto_core_ed25519_SCALARBYTES == crypto_core_ed25519_scalarbytes()); assert(crypto_core_ed25519_UNIFORMBYTES == crypto_core_ed25519_uniformbytes()); assert(crypto_core_ed25519_UNIFORMBYTES >= crypto_core_ed25519_BYTES); From 63573bb98c686c148480c2384d9ab4a100b5d5be Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 23 Dec 2018 12:32:07 +0100 Subject: [PATCH 132/190] Add crypto_core_ed25519_scalar_random() --- src/libsodium/crypto_core/ed25519/core_ed25519.c | 11 ++++++++++- src/libsodium/include/sodium/crypto_core_ed25519.h | 4 ++++ test/default/core_ed25519.c | 5 ++--- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index 1ec395e3..f05364a8 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -2,6 +2,7 @@ #include "crypto_core_ed25519.h" #include "private/common.h" #include "private/ed25519_ref10.h" +#include "randombytes.h" #include "utils.h" int @@ -67,6 +68,15 @@ crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) return - ge25519_has_small_order(p); } +int +crypto_core_ed25519_scalar_random(unsigned char *r) +{ + do { + randombytes_buf(r, crypto_core_ed25519_SCALARBYTES); + r[crypto_core_ed25519_SCALARBYTES - 1] &= 0x1f; + } while (sc25519_is_canonical(r) == 0); +} + int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) { @@ -75,7 +85,6 @@ crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) return - sodium_is_zero(s, crypto_core_ed25519_SCALARBYTES); } - void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s) { diff --git a/src/libsodium/include/sodium/crypto_core_ed25519.h b/src/libsodium/include/sodium/crypto_core_ed25519.h index 9eeb2f25..ac7ebe61 100644 --- a/src/libsodium/include/sodium/crypto_core_ed25519.h +++ b/src/libsodium/include/sodium/crypto_core_ed25519.h @@ -38,6 +38,10 @@ SODIUM_EXPORT int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) __attribute__ ((nonnull)); +SODIUM_EXPORT +int crypto_core_ed25519_scalar_random(unsigned char *r) + __attribute__ ((nonnull)); + SODIUM_EXPORT int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) __attribute__ ((nonnull)); diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c index 970a03cd..13aef00e 100644 --- a/test/default/core_ed25519.c +++ b/test/default/core_ed25519.c @@ -39,7 +39,7 @@ main(void) { unsigned char *h; unsigned char *p, *p2, *p3; - unsigned char *sc, *sc2; + unsigned char *sc; int i, j; h = (unsigned char *) sodium_malloc(crypto_core_ed25519_UNIFORMBYTES); @@ -138,8 +138,7 @@ main(void) for (i = 0; i < 1000; i++) { randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES); crypto_core_ed25519_from_uniform(p, h); - randombytes_buf(sc, crypto_core_ed25519_SCALARBYTES); - crypto_core_ed25519_scalar_reduce(sc, sc); + crypto_core_ed25519_scalar_random(sc); if (crypto_scalarmult_ed25519_noclamp(p2, sc, p) != 0) { printf("crypto_scalarmult_ed25519_noclamp() failed\n"); } From b4617940f391fc470d12b06ab8cb2649ad66630f Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 23 Dec 2018 18:45:28 +0100 Subject: [PATCH 133/190] Correct sc25519_reduce() prototype --- src/libsodium/crypto_core/ed25519/core_ed25519.c | 8 ++++---- src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c | 2 +- src/libsodium/include/sodium/crypto_core_ed25519.h | 6 +++--- src/libsodium/include/sodium/private/ed25519_ref10.h | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index f05364a8..e9fce5bb 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -68,7 +68,7 @@ crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) return - ge25519_has_small_order(p); } -int +void crypto_core_ed25519_scalar_random(unsigned char *r) { do { @@ -86,13 +86,13 @@ crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) } void -crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s) +crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char s[64]) { - unsigned char t[crypto_core_ed25519_SCALARBYTES]; + unsigned char t[64]; memcpy(t, s, sizeof t); sc25519_reduce(t); - memcpy(r, t, sizeof t); + memcpy(r, t, crypto_core_ed25519_SCALARBYTES); sodium_memzero(t, sizeof t); } diff --git a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c index 22f20db6..fb0d15fd 100644 --- a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c +++ b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c @@ -2108,7 +2108,7 @@ sc25519_invert(unsigned char recip[32], const unsigned char s[32]) */ void -sc25519_reduce(unsigned char s[32]) +sc25519_reduce(unsigned char s[64]) { int64_t s0 = 2097151 & load_3(s); int64_t s1 = 2097151 & (load_4(s + 2) >> 5); diff --git a/src/libsodium/include/sodium/crypto_core_ed25519.h b/src/libsodium/include/sodium/crypto_core_ed25519.h index ac7ebe61..6ab043ce 100644 --- a/src/libsodium/include/sodium/crypto_core_ed25519.h +++ b/src/libsodium/include/sodium/crypto_core_ed25519.h @@ -39,15 +39,15 @@ int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_core_ed25519_scalar_random(unsigned char *r) +void crypto_core_ed25519_scalar_random(unsigned char *r) __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) +int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char s[64]) __attribute__ ((nonnull)); SODIUM_EXPORT -void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s) +void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char s[64]) __attribute__ ((nonnull)); #ifdef __cplusplus diff --git a/src/libsodium/include/sodium/private/ed25519_ref10.h b/src/libsodium/include/sodium/private/ed25519_ref10.h index 3fd6cfbc..5af41591 100644 --- a/src/libsodium/include/sodium/private/ed25519_ref10.h +++ b/src/libsodium/include/sodium/private/ed25519_ref10.h @@ -117,7 +117,7 @@ void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]); void sc25519_invert(unsigned char recip[32], const unsigned char s[32]); -void sc25519_reduce(unsigned char s[32]); +void sc25519_reduce(unsigned char s[64]); void sc25519_muladd(unsigned char s[32], const unsigned char a[32], const unsigned char b[32], const unsigned char c[32]); From 291623006123dd28d31f3a5d4d03e279c57a7790 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 23 Dec 2018 18:49:56 +0100 Subject: [PATCH 134/190] Add a guideline --- src/libsodium/include/sodium/crypto_core_ed25519.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/libsodium/include/sodium/crypto_core_ed25519.h b/src/libsodium/include/sodium/crypto_core_ed25519.h index 6ab043ce..7e731b74 100644 --- a/src/libsodium/include/sodium/crypto_core_ed25519.h +++ b/src/libsodium/include/sodium/crypto_core_ed25519.h @@ -46,6 +46,10 @@ SODIUM_EXPORT int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char s[64]) __attribute__ ((nonnull)); +/* + * The interval `s` is sampled from should be at least 317 bits to ensure almost + * uniformity of `r` over `L`. + */ SODIUM_EXPORT void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char s[64]) __attribute__ ((nonnull)); From 34e787030fb2ef5e41f7c534bb0728d3b0b76328 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 24 Dec 2018 15:02:59 +0100 Subject: [PATCH 135/190] Use a guard page instead of NULL for opt arguments in tests --- test/default/aead_aes256gcm.c | 2 +- test/default/aead_chacha20poly1305.c | 4 +-- test/default/aead_xchacha20poly1305.c | 2 +- test/default/auth.c | 2 +- test/default/cmptest.h | 9 ++++++ test/default/codecs.c | 20 ++++++------ test/default/generichash.c | 6 ++-- test/default/generichash3.c | 6 ++-- test/default/misuse.c | 44 +++++++++++++-------------- test/default/pwhash_argon2id.c | 8 ++--- 10 files changed, 56 insertions(+), 47 deletions(-) diff --git a/test/default/aead_aes256gcm.c b/test/default/aead_aes256gcm.c index 8f4fcb3e..1f83fdc0 100644 --- a/test/default/aead_aes256gcm.c +++ b/test/default/aead_aes256gcm.c @@ -3179,7 +3179,7 @@ tv(void) printf("Message length should have been set to zero after a failure\n"); } if (crypto_aead_aes256gcm_decrypt(decrypted, &found_message_len, - NULL, NULL, + NULL, guard_page, randombytes_uniform(crypto_aead_aes256gcm_ABYTES), ad, ad_len, nonce, key) != -1) { printf("Verification of test vector #%u with a truncated tag failed\n", diff --git a/test/default/aead_chacha20poly1305.c b/test/default/aead_chacha20poly1305.c index 30b9e66a..0a01afe1 100644 --- a/test/default/aead_chacha20poly1305.c +++ b/test/default/aead_chacha20poly1305.c @@ -115,7 +115,7 @@ tv(void) } m2len = 1; if (crypto_aead_chacha20poly1305_decrypt( - m2, &m2len, NULL, NULL, + m2, &m2len, NULL, guard_page, randombytes_uniform(crypto_aead_chacha20poly1305_ABYTES), NULL, 0U, nonce, firstkey) != -1) { printf("crypto_aead_chacha20poly1305_decrypt() worked with a short " @@ -296,7 +296,7 @@ tv_ietf(void) } m2len = 1; if (crypto_aead_chacha20poly1305_ietf_decrypt( - m2, &m2len, NULL, NULL, + m2, &m2len, NULL, guard_page, randombytes_uniform(crypto_aead_chacha20poly1305_ietf_ABYTES), NULL, 0U, nonce, firstkey) != -1) { printf("crypto_aead_chacha20poly1305_ietf_decrypt() worked with a short " diff --git a/test/default/aead_xchacha20poly1305.c b/test/default/aead_xchacha20poly1305.c index 3ff62bef..9c51623a 100644 --- a/test/default/aead_xchacha20poly1305.c +++ b/test/default/aead_xchacha20poly1305.c @@ -118,7 +118,7 @@ tv(void) } m2len = 1; if (crypto_aead_xchacha20poly1305_ietf_decrypt( - m2, &m2len, NULL, NULL, + m2, &m2len, NULL, guard_page, randombytes_uniform(crypto_aead_xchacha20poly1305_ietf_ABYTES), NULL, 0U, nonce, firstkey) != -1) { printf("crypto_aead_xchacha20poly1305_ietf_decrypt() worked with a short " diff --git a/test/default/auth.c b/test/default/auth.c index 60d26587..19af20d7 100644 --- a/test/default/auth.c +++ b/test/default/auth.c @@ -55,7 +55,7 @@ main(void) memset(a2, 0, sizeof a2); crypto_auth_hmacsha256_init(&st256, key2, sizeof key2); - crypto_auth_hmacsha256_update(&st256, NULL, 0U); + crypto_auth_hmacsha256_update(&st256, guard_page, 0U); crypto_auth_hmacsha256_update(&st256, c, 1U); crypto_auth_hmacsha256_update(&st256, c, sizeof c - 2U); crypto_auth_hmacsha256_final(&st256, a2); diff --git a/test/default/cmptest.h b/test/default/cmptest.h index ced709d9..6f5bebe4 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -35,6 +35,8 @@ int xmain(void); +static void *guard_page; + #ifdef BENCHMARKS # include @@ -166,6 +168,7 @@ static FILE *fp_res; int main(void) { FILE *fp_out; + void *_guard_page; int c; if ((fp_res = fopen(TEST_NAME_RES, "w+")) == NULL) { @@ -175,6 +178,11 @@ int main(void) if (sodium_init() != 0) { return 99; } + if ((_guard_page = sodium_malloc(0)) == NULL) { + perror("sodium_malloc()"); + return 99; + } + guard_page = (void *) (((unsigned char *) _guard_page) + 1); if (xmain() != 0) { return 99; } @@ -188,6 +196,7 @@ int main(void) return 99; } } while (c != EOF); + sodium_free(_guard_page); return 0; } diff --git a/test/default/codecs.c b/test/default/codecs.c index a2bf55d7..9d6bc837 100644 --- a/test/default/codecs.c +++ b/test/default/codecs.c @@ -93,7 +93,7 @@ main(void) sodium_bin2base64(buf3, 33U, (const unsigned char *) "\xfb\xf0\xf1" "0123456789ABCDEFabc", 22U, sodium_base64_VARIANT_URLSAFE_NO_PADDING)); printf("%s\n", - sodium_bin2base64(buf3, 1U, NULL, + sodium_bin2base64(buf3, 1U, guard_page, 0U, sodium_base64_VARIANT_ORIGINAL)); printf("%s\n", sodium_bin2base64(buf3, 5U, (const unsigned char *) "a", @@ -105,7 +105,7 @@ main(void) sodium_bin2base64(buf3, 5U, (const unsigned char *) "abc", 3U, sodium_base64_VARIANT_ORIGINAL)); printf("%s\n", - sodium_bin2base64(buf3, 1U, NULL, + sodium_bin2base64(buf3, 1U, guard_page, 0U, sodium_base64_VARIANT_ORIGINAL_NO_PADDING)); printf("%s\n", sodium_bin2base64(buf3, 3U, (const unsigned char *) "a", @@ -161,21 +161,21 @@ main(void) assert(sodium_base642bin(buf1, sizeof buf1, b64, strlen(b64), " \r\n", NULL, NULL, sodium_base64_VARIANT_URLSAFE_NO_PADDING) == -1); - assert(sodium_base642bin(NULL, (size_t) 10U, "a=", (size_t) 2U, NULL, NULL, NULL, + assert(sodium_base642bin(guard_page, (size_t) 10U, "a=", (size_t) 2U, NULL, NULL, NULL, sodium_base64_VARIANT_URLSAFE) == -1); - assert(sodium_base642bin(NULL, (size_t) 10U, "a*", (size_t) 2U, NULL, NULL, NULL, + assert(sodium_base642bin(guard_page, (size_t) 10U, "a*", (size_t) 2U, NULL, NULL, NULL, sodium_base64_VARIANT_URLSAFE) == -1); - assert(sodium_base642bin(NULL, (size_t) 10U, "a*", (size_t) 2U, "~", NULL, NULL, + assert(sodium_base642bin(guard_page, (size_t) 10U, "a*", (size_t) 2U, "~", NULL, NULL, sodium_base64_VARIANT_URLSAFE) == -1); - assert(sodium_base642bin(NULL, (size_t) 10U, "a*", (size_t) 2U, "*", NULL, NULL, + assert(sodium_base642bin(guard_page, (size_t) 10U, "a*", (size_t) 2U, "*", NULL, NULL, sodium_base64_VARIANT_URLSAFE) == -1); - assert(sodium_base642bin(NULL, (size_t) 10U, "a==", (size_t) 3U, NULL, NULL, NULL, + assert(sodium_base642bin(guard_page, (size_t) 10U, "a==", (size_t) 3U, NULL, NULL, NULL, sodium_base64_VARIANT_URLSAFE) == -1); - assert(sodium_base642bin(NULL, (size_t) 10U, "a=*", (size_t) 3U, NULL, NULL, NULL, + assert(sodium_base642bin(guard_page, (size_t) 10U, "a=*", (size_t) 3U, NULL, NULL, NULL, sodium_base64_VARIANT_URLSAFE) == -1); - assert(sodium_base642bin(NULL, (size_t) 10U, "a=*", (size_t) 3U, "~", NULL, NULL, + assert(sodium_base642bin(guard_page, (size_t) 10U, "a=*", (size_t) 3U, "~", NULL, NULL, sodium_base64_VARIANT_URLSAFE) == -1); - assert(sodium_base642bin(NULL, (size_t) 10U, "a=*", (size_t) 3U, "*", NULL, NULL, + assert(sodium_base642bin(guard_page, (size_t) 10U, "a=*", (size_t) 3U, "*", NULL, NULL, sodium_base64_VARIANT_URLSAFE) == -1); assert(sodium_base642bin(buf1, sizeof buf1, "O1R", (size_t) 3U, NULL, NULL, NULL, diff --git a/test/default/generichash.c b/test/default/generichash.c index 507d4e0c..2da877d2 100644 --- a/test/default/generichash.c +++ b/test/default/generichash.c @@ -1367,13 +1367,13 @@ main(void) } printf("\n"); - assert(crypto_generichash(NULL, 0, + assert(crypto_generichash(guard_page, 0, in, (unsigned long long) sizeof in, k, sizeof k) == -1); - assert(crypto_generichash(NULL, crypto_generichash_BYTES_MAX + 1, + assert(crypto_generichash(guard_page, crypto_generichash_BYTES_MAX + 1, in, (unsigned long long) sizeof in, k, sizeof k) == -1); - assert(crypto_generichash(NULL, (unsigned long long) sizeof in, + assert(crypto_generichash(guard_page, (unsigned long long) sizeof in, in, (unsigned long long) sizeof in, k, crypto_generichash_KEYBYTES_MAX + 1) == -1); diff --git a/test/default/generichash3.c b/test/default/generichash3.c index d9646343..ec86b35f 100644 --- a/test/default/generichash3.c +++ b/test/default/generichash3.c @@ -131,15 +131,15 @@ main(void) printf("\n"); assert(crypto_generichash_blake2b_salt_personal - (NULL, 0, + (guard_page, 0, in, (unsigned long long) sizeof in, k, sizeof k, NULL, NULL) == -1); assert(crypto_generichash_blake2b_salt_personal - (NULL, crypto_generichash_BYTES_MAX + 1, + (guard_page, crypto_generichash_BYTES_MAX + 1, in, (unsigned long long) sizeof in, k, sizeof k, NULL, NULL) == -1); assert(crypto_generichash_blake2b_salt_personal - (NULL, (unsigned long long) sizeof in, + (guard_page, (unsigned long long) sizeof in, in, (unsigned long long) sizeof in, k, crypto_generichash_KEYBYTES_MAX + 1, NULL, NULL) == -1); diff --git a/test/default/misuse.c b/test/default/misuse.c index f2798bc6..97ccbf2c 100644 --- a/test/default/misuse.c +++ b/test/default/misuse.c @@ -19,8 +19,8 @@ sigabrt_handler_14(int sig) (void) sig; signal(SIGABRT, sigabrt_handler_15); assert(crypto_box_curve25519xchacha20poly1305_easy - (NULL, NULL, crypto_stream_xchacha20_MESSAGEBYTES_MAX - 1, - NULL, NULL, NULL) == -1); + (guard_page, guard_page, crypto_stream_xchacha20_MESSAGEBYTES_MAX - 1, + guard_page, guard_page, guard_page) == -1); exit(1); } @@ -30,8 +30,8 @@ sigabrt_handler_13(int sig) (void) sig; signal(SIGABRT, sigabrt_handler_14); assert(crypto_box_curve25519xchacha20poly1305_easy_afternm - (NULL, NULL, crypto_stream_xchacha20_MESSAGEBYTES_MAX - 1, - NULL, NULL) == -1); + (guard_page, guard_page, crypto_stream_xchacha20_MESSAGEBYTES_MAX - 1, + guard_page, guard_page) == -1); exit(1); } # endif @@ -45,7 +45,7 @@ sigabrt_handler_12(int sig) # else signal(SIGABRT, sigabrt_handler_13); # endif - assert(crypto_pwhash_str_alg(NULL, "", 0U, 1U, 1U, -1) == -1); + assert(crypto_pwhash_str_alg(guard_page, "", 0U, 1U, 1U, -1) == -1); exit(1); } @@ -54,8 +54,8 @@ sigabrt_handler_11(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_12); - assert(crypto_box_easy(NULL, NULL, crypto_stream_xsalsa20_MESSAGEBYTES_MAX, - NULL, NULL, NULL) == -1); + assert(crypto_box_easy(guard_page, guard_page, crypto_stream_xsalsa20_MESSAGEBYTES_MAX, + guard_page, guard_page, guard_page) == -1); exit(1); } @@ -64,8 +64,8 @@ sigabrt_handler_10(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_11); - assert(crypto_box_easy_afternm(NULL, NULL, crypto_stream_xsalsa20_MESSAGEBYTES_MAX, - NULL, NULL) == -1); + assert(crypto_box_easy_afternm(guard_page, guard_page, crypto_stream_xsalsa20_MESSAGEBYTES_MAX, + guard_page, guard_page) == -1); exit(1); } @@ -74,7 +74,7 @@ sigabrt_handler_9(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_10); - assert(sodium_base642bin(NULL, 1, NULL, 1, NULL, NULL, NULL, -1) == -1); + assert(sodium_base642bin(guard_page, 1, guard_page, 1, NULL, NULL, NULL, -1) == -1); exit(1); } @@ -83,7 +83,7 @@ sigabrt_handler_8(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_9); - assert(sodium_bin2base64(NULL, 1, NULL, 1, sodium_base64_VARIANT_ORIGINAL) == NULL); + assert(sodium_bin2base64(guard_page, 1, guard_page, 1, sodium_base64_VARIANT_ORIGINAL) == NULL); exit(1); } @@ -92,7 +92,7 @@ sigabrt_handler_7(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_8); - assert(sodium_bin2base64(NULL, 1, NULL, 1, -1) == NULL); + assert(sodium_bin2base64(guard_page, 1, guard_page, 1, -1) == NULL); exit(1); } @@ -101,7 +101,7 @@ sigabrt_handler_6(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_7); - assert(sodium_pad(NULL, NULL, SIZE_MAX, 16, 1) == -1); + assert(sodium_pad(NULL, guard_page, SIZE_MAX, 16, 1) == -1); exit(1); } @@ -110,8 +110,8 @@ sigabrt_handler_5(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_6); - assert(crypto_aead_xchacha20poly1305_ietf_encrypt(NULL, NULL, NULL, UINT64_MAX, - NULL, 0, NULL, NULL, NULL) == -1); + assert(crypto_aead_xchacha20poly1305_ietf_encrypt(guard_page, NULL, NULL, UINT64_MAX, + NULL, 0, NULL, guard_page, NULL) == -1); exit(1); } @@ -120,8 +120,8 @@ sigabrt_handler_4(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_5); - assert(crypto_aead_chacha20poly1305_ietf_encrypt(NULL, NULL, NULL, UINT64_MAX, - NULL, 0, NULL, NULL, NULL) == -1); + assert(crypto_aead_chacha20poly1305_ietf_encrypt(guard_page, NULL, NULL, UINT64_MAX, + NULL, 0, NULL, guard_page, NULL) == -1); exit(1); } @@ -130,8 +130,8 @@ sigabrt_handler_3(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_4); - assert(crypto_aead_chacha20poly1305_encrypt(NULL, NULL, NULL, UINT64_MAX, - NULL, 0, NULL, NULL, NULL) == -1); + assert(crypto_aead_chacha20poly1305_encrypt(guard_page, NULL, NULL, UINT64_MAX, + NULL, 0, NULL, guard_page, NULL) == -1); exit(1); } @@ -141,7 +141,7 @@ sigabrt_handler_2(int sig) (void) sig; signal(SIGABRT, sigabrt_handler_3); #if SIZE_MAX > 0x4000000000ULL - randombytes_buf_deterministic(NULL, 0x4000000001ULL, NULL); + randombytes_buf_deterministic(guard_page, 0x4000000001ULL, guard_page); #else abort(); #endif @@ -153,7 +153,7 @@ sigabrt_handler_1(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_2); - assert(crypto_kx_server_session_keys(NULL, NULL, NULL, NULL, NULL) == -1); + assert(crypto_kx_server_session_keys(NULL, NULL, guard_page, guard_page, guard_page) == -1); exit(1); } @@ -161,7 +161,7 @@ int main(void) { signal(SIGABRT, sigabrt_handler_1); - assert(crypto_kx_client_session_keys(NULL, NULL, NULL, NULL, NULL) == -1); + assert(crypto_kx_client_session_keys(NULL, NULL, guard_page, guard_page, guard_page) == -1); return 1; } #else diff --git a/test/default/pwhash_argon2id.c b/test/default/pwhash_argon2id.c index 5940c9ca..f4e7450f 100644 --- a/test/default/pwhash_argon2id.c +++ b/test/default/pwhash_argon2id.c @@ -480,19 +480,19 @@ main(void) assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_argon2i13()); assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_alg_default()); - assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL, + assert(crypto_pwhash_argon2id(guard_page, 0, guard_page, 0, guard_page, crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, 0) == -1); - assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL, + assert(crypto_pwhash_argon2id(guard_page, 0, guard_page, 0, guard_page, crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, crypto_pwhash_ALG_ARGON2I13) == -1); - assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL, + assert(crypto_pwhash_argon2i(guard_page, 0, guard_page, 0, guard_page, crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, 0) == -1); - assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL, + assert(crypto_pwhash_argon2i(guard_page, 0, guard_page, 0, guard_page, crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, crypto_pwhash_ALG_ARGON2ID13) == -1); From 902f0997c0f07f7cce748c3229ef4c5aeaaac1f3 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 24 Dec 2018 15:22:49 +0100 Subject: [PATCH 136/190] Add a test for scalar_reduce() --- test/default/core_ed25519.c | 38 +++++++++++++++++++++++++++++-------- test/default/misuse.c | 27 +++++++++++++++++--------- 2 files changed, 48 insertions(+), 17 deletions(-) diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c index 13aef00e..f031e364 100644 --- a/test/default/core_ed25519.c +++ b/test/default/core_ed25519.c @@ -23,15 +23,22 @@ add_P(unsigned char * const S) 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }; - unsigned char c = 0U; - unsigned int i; - unsigned int s; - for (i = 0U; i < 32U; i++) { - s = S[i] + P[i] + c; - S[i] = (unsigned char) s; - c = (s >> 8) & 1; - } + sodium_add(S, P, sizeof P); +} + +static void +add_l64(unsigned char * const S) +{ + static const unsigned char l[64] = + { 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + + sodium_add(S, l, sizeof l); } int @@ -40,6 +47,7 @@ main(void) unsigned char *h; unsigned char *p, *p2, *p3; unsigned char *sc; + unsigned char *sc64; int i, j; h = (unsigned char *) sodium_malloc(crypto_core_ed25519_UNIFORMBYTES); @@ -152,6 +160,20 @@ main(void) assert(memcmp(p3, p, crypto_core_ed25519_BYTES) == 0); } + sc64 = (unsigned char *) sodium_malloc(64); + crypto_core_ed25519_scalar_random(sc); + memcpy(sc64, sc, crypto_core_ed25519_BYTES); + memset(sc64 + crypto_core_ed25519_BYTES, 0, + 64 - crypto_core_ed25519_BYTES); + i = randombytes_uniform(100); + do { + add_l64(sc64); + } while (i-- > 0U); + crypto_core_ed25519_scalar_reduce(sc64, sc64); + if (memcmp(sc64, sc, crypto_core_ed25519_BYTES) != 0) { + printf("crypto_core_ed25519_scalar_reduce() failed\n"); + } + sodium_free(sc); sodium_free(p3); sodium_free(p2); diff --git a/test/default/misuse.c b/test/default/misuse.c index 97ccbf2c..8767c5e9 100644 --- a/test/default/misuse.c +++ b/test/default/misuse.c @@ -54,7 +54,8 @@ sigabrt_handler_11(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_12); - assert(crypto_box_easy(guard_page, guard_page, crypto_stream_xsalsa20_MESSAGEBYTES_MAX, + assert(crypto_box_easy(guard_page, guard_page, + crypto_stream_xsalsa20_MESSAGEBYTES_MAX, guard_page, guard_page, guard_page) == -1); exit(1); } @@ -64,7 +65,8 @@ sigabrt_handler_10(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_11); - assert(crypto_box_easy_afternm(guard_page, guard_page, crypto_stream_xsalsa20_MESSAGEBYTES_MAX, + assert(crypto_box_easy_afternm(guard_page, guard_page, + crypto_stream_xsalsa20_MESSAGEBYTES_MAX, guard_page, guard_page) == -1); exit(1); } @@ -74,7 +76,8 @@ sigabrt_handler_9(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_10); - assert(sodium_base642bin(guard_page, 1, guard_page, 1, NULL, NULL, NULL, -1) == -1); + assert(sodium_base642bin(guard_page, 1, guard_page, 1, + NULL, NULL, NULL, -1) == -1); exit(1); } @@ -83,7 +86,8 @@ sigabrt_handler_8(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_9); - assert(sodium_bin2base64(guard_page, 1, guard_page, 1, sodium_base64_VARIANT_ORIGINAL) == NULL); + assert(sodium_bin2base64(guard_page, 1, guard_page, 1, + sodium_base64_VARIANT_ORIGINAL) == NULL); exit(1); } @@ -111,7 +115,8 @@ sigabrt_handler_5(int sig) (void) sig; signal(SIGABRT, sigabrt_handler_6); assert(crypto_aead_xchacha20poly1305_ietf_encrypt(guard_page, NULL, NULL, UINT64_MAX, - NULL, 0, NULL, guard_page, NULL) == -1); + NULL, 0, NULL, + guard_page, guard_page) == -1); exit(1); } @@ -121,7 +126,8 @@ sigabrt_handler_4(int sig) (void) sig; signal(SIGABRT, sigabrt_handler_5); assert(crypto_aead_chacha20poly1305_ietf_encrypt(guard_page, NULL, NULL, UINT64_MAX, - NULL, 0, NULL, guard_page, NULL) == -1); + NULL, 0, NULL, + guard_page, guard_page) == -1); exit(1); } @@ -131,7 +137,8 @@ sigabrt_handler_3(int sig) (void) sig; signal(SIGABRT, sigabrt_handler_4); assert(crypto_aead_chacha20poly1305_encrypt(guard_page, NULL, NULL, UINT64_MAX, - NULL, 0, NULL, guard_page, NULL) == -1); + NULL, 0, NULL, + guard_page, guard_page) == -1); exit(1); } @@ -153,7 +160,8 @@ sigabrt_handler_1(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_2); - assert(crypto_kx_server_session_keys(NULL, NULL, guard_page, guard_page, guard_page) == -1); + assert(crypto_kx_server_session_keys(NULL, NULL, guard_page, guard_page, + guard_page) == -1); exit(1); } @@ -161,7 +169,8 @@ int main(void) { signal(SIGABRT, sigabrt_handler_1); - assert(crypto_kx_client_session_keys(NULL, NULL, guard_page, guard_page, guard_page) == -1); + assert(crypto_kx_client_session_keys(NULL, NULL, guard_page, guard_page, + guard_page) == -1); return 1; } #else From 8dd554d2c429016f15a10da5220dc91d953aec7c Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 24 Dec 2018 15:25:34 +0100 Subject: [PATCH 137/190] Leverage sodium_add() --- test/default/sign.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/test/default/sign.c b/test/default/sign.c index cb41e203..7f25f531 100644 --- a/test/default/sign.c +++ b/test/default/sign.c @@ -1053,15 +1053,8 @@ static void add_l(unsigned char * const S) 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 }; - unsigned char c = 0U; - unsigned int i; - unsigned int s; - for (i = 0U; i < 32U; i++) { - s = S[i] + l[i] + c; - S[i] = (unsigned char) s; - c = (s >> 8) & 1; - } + sodium_add(S, l, sizeof l); } int main(void) From c0652ef7cab5abee2613e51f826e95f839f26313 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 24 Dec 2018 16:56:24 +0100 Subject: [PATCH 138/190] Update ChangeLog --- ChangeLog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index 2504a9b6..2209386a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,15 @@ not to be detected. - The library now enables compilation with retpoline by default. - Portability improvements. - Test vectors from Project Wycheproof have been added. + - New low-level APIs for arithmetic mod the order of the prime order group: +`crypto_core_ed25519_scalar_random()`, `crypto_core_ed25519_scalar_reduce()`, +and `crypto_core_ed25519_scalar_invert()`. + - New low-level APIs for scalar multiplication without clamping: +`crypto_scalarmult_ed25519_base_noclamp()`, +and `crypto_scalarmult_ed25519_noclamp()`. These new APIs are +especially useful for blinding. + - Support for WatchOS has been added. + - getrandom(2) is now used on FreeBSD 12+. * Version 1.0.16 - Signatures computations and verifications are now way faster on From 59bd82edab3b118caf871ec59ac7a5c6ff5dcdb4 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 24 Dec 2018 17:26:38 +0100 Subject: [PATCH 139/190] Add a crypto_core_ed25519_NONREDUCEDSCALARBYTES constant and reject 0 in crypto_core_ed25519_random() --- src/libsodium/crypto_core/ed25519/core_ed25519.c | 14 +++++++++++--- src/libsodium/include/sodium/crypto_core_ed25519.h | 4 ++++ test/default/core_ed25519.c | 4 +++- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index e9fce5bb..666f0fc0 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -74,7 +74,8 @@ crypto_core_ed25519_scalar_random(unsigned char *r) do { randombytes_buf(r, crypto_core_ed25519_SCALARBYTES); r[crypto_core_ed25519_SCALARBYTES - 1] &= 0x1f; - } while (sc25519_is_canonical(r) == 0); + } while (sc25519_is_canonical(r) == 0 || + sodium_is_zero(r, crypto_core_ed25519_SCALARBYTES)); } int @@ -86,9 +87,10 @@ crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) } void -crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char s[64]) +crypto_core_ed25519_scalar_reduce(unsigned char *r, + const unsigned char s[crypto_core_ed25519_NONREDUCEDSCALARBYTES]) { - unsigned char t[64]; + unsigned char t[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; memcpy(t, s, sizeof t); sc25519_reduce(t); @@ -102,6 +104,12 @@ crypto_core_ed25519_bytes(void) return crypto_core_ed25519_BYTES; } +size_t +crypto_core_ed25519_nonreducedscalarbytes(void) +{ + return crypto_core_ed25519_NONREDUCEDSCALARBYTES; +} + size_t crypto_core_ed25519_uniformbytes(void) { diff --git a/src/libsodium/include/sodium/crypto_core_ed25519.h b/src/libsodium/include/sodium/crypto_core_ed25519.h index 7e731b74..9513f58b 100644 --- a/src/libsodium/include/sodium/crypto_core_ed25519.h +++ b/src/libsodium/include/sodium/crypto_core_ed25519.h @@ -20,6 +20,10 @@ size_t crypto_core_ed25519_uniformbytes(void); SODIUM_EXPORT size_t crypto_core_ed25519_scalarbytes(void); +#define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64 +SODIUM_EXPORT +size_t crypto_core_ed25519_nonreducedscalarbytes(void); + SODIUM_EXPORT int crypto_core_ed25519_is_valid_point(const unsigned char *p) __attribute__ ((nonnull)); diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c index f031e364..cbebeadb 100644 --- a/test/default/core_ed25519.c +++ b/test/default/core_ed25519.c @@ -30,7 +30,7 @@ add_P(unsigned char * const S) static void add_l64(unsigned char * const S) { - static const unsigned char l[64] = + static const unsigned char l[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -182,6 +182,8 @@ main(void) assert(crypto_core_ed25519_BYTES == crypto_core_ed25519_bytes()); assert(crypto_core_ed25519_SCALARBYTES == crypto_core_ed25519_scalarbytes()); + assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES == crypto_core_ed25519_nonreducedscalarbytes()); + assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= crypto_core_ed25519_SCALARBYTES); assert(crypto_core_ed25519_UNIFORMBYTES == crypto_core_ed25519_uniformbytes()); assert(crypto_core_ed25519_UNIFORMBYTES >= crypto_core_ed25519_BYTES); From 4cba5ff49b85fb0a79dd23ad961df8d9123f7172 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 24 Dec 2018 17:38:22 +0100 Subject: [PATCH 140/190] In prototypes, use pointers, not arrays for consistency --- src/libsodium/crypto_core/ed25519/core_ed25519.c | 2 +- src/libsodium/include/sodium/crypto_core_ed25519.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index 666f0fc0..f17cda13 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -88,7 +88,7 @@ crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) void crypto_core_ed25519_scalar_reduce(unsigned char *r, - const unsigned char s[crypto_core_ed25519_NONREDUCEDSCALARBYTES]) + const unsigned char *s) { unsigned char t[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; diff --git a/src/libsodium/include/sodium/crypto_core_ed25519.h b/src/libsodium/include/sodium/crypto_core_ed25519.h index 9513f58b..b3958c7e 100644 --- a/src/libsodium/include/sodium/crypto_core_ed25519.h +++ b/src/libsodium/include/sodium/crypto_core_ed25519.h @@ -47,7 +47,7 @@ void crypto_core_ed25519_scalar_random(unsigned char *r) __attribute__ ((nonnull)); SODIUM_EXPORT -int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char s[64]) +int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) __attribute__ ((nonnull)); /* @@ -55,7 +55,7 @@ int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char * uniformity of `r` over `L`. */ SODIUM_EXPORT -void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char s[64]) +void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s) __attribute__ ((nonnull)); #ifdef __cplusplus From 3a28b57828514d11a2db9f1fd50a146be8a03a0b Mon Sep 17 00:00:00 2001 From: Alexander Iljin Date: Tue, 25 Dec 2018 02:27:42 +0100 Subject: [PATCH 141/190] + Alexander Ilin for Factor bindings --- THANKS | 1 + 1 file changed, 1 insertion(+) diff --git a/THANKS b/THANKS index 0d0da788..a4b6e70f 100644 --- a/THANKS +++ b/THANKS @@ -15,6 +15,7 @@ libsodium bindings for their favorite programming languages: @neheb Adam Caudill (@adamcaudill) +Alexander Ilin (@AlexIljin) Alexander Morris (@alexpmorris) Amit Murthy (@amitmurthy) Andrew Bennett (@potatosalad) From 7e31bbf1e5f04e9b3a595b1f03836764fb65f025 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 25 Dec 2018 11:10:01 +0100 Subject: [PATCH 142/190] Update emscripten symbols --- dist-build/emscripten-symbols.def | 59 ++++++++++++++++++------------- 1 file changed, 34 insertions(+), 25 deletions(-) diff --git a/dist-build/emscripten-symbols.def b/dist-build/emscripten-symbols.def index 19e8007c..e47e6d26 100644 --- a/dist-build/emscripten-symbols.def +++ b/dist-build/emscripten-symbols.def @@ -27,12 +27,12 @@ _crypto_aead_chacha20poly1305_ietf_encrypt 1 1 _crypto_aead_chacha20poly1305_ietf_encrypt_detached 1 1 _crypto_aead_chacha20poly1305_ietf_keybytes 1 1 _crypto_aead_chacha20poly1305_ietf_keygen 1 1 -_crypto_aead_chacha20poly1305_ietf_messagebytes_max 0 0 +_crypto_aead_chacha20poly1305_ietf_messagebytes_max 1 1 _crypto_aead_chacha20poly1305_ietf_npubbytes 1 1 _crypto_aead_chacha20poly1305_ietf_nsecbytes 1 1 _crypto_aead_chacha20poly1305_keybytes 1 1 _crypto_aead_chacha20poly1305_keygen 1 1 -_crypto_aead_chacha20poly1305_messagebytes_max 0 0 +_crypto_aead_chacha20poly1305_messagebytes_max 1 1 _crypto_aead_chacha20poly1305_npubbytes 1 1 _crypto_aead_chacha20poly1305_nsecbytes 1 1 _crypto_aead_xchacha20poly1305_ietf_abytes 1 1 @@ -42,7 +42,7 @@ _crypto_aead_xchacha20poly1305_ietf_encrypt 1 1 _crypto_aead_xchacha20poly1305_ietf_encrypt_detached 1 1 _crypto_aead_xchacha20poly1305_ietf_keybytes 1 1 _crypto_aead_xchacha20poly1305_ietf_keygen 1 1 -_crypto_aead_xchacha20poly1305_ietf_messagebytes_max 0 0 +_crypto_aead_xchacha20poly1305_ietf_messagebytes_max 1 1 _crypto_aead_xchacha20poly1305_ietf_npubbytes 1 1 _crypto_aead_xchacha20poly1305_ietf_nsecbytes 1 1 _crypto_auth 1 1 @@ -91,7 +91,7 @@ _crypto_box_curve25519xchacha20poly1305_easy 0 1 _crypto_box_curve25519xchacha20poly1305_easy_afternm 0 1 _crypto_box_curve25519xchacha20poly1305_keypair 0 1 _crypto_box_curve25519xchacha20poly1305_macbytes 0 1 -_crypto_box_curve25519xchacha20poly1305_messagebytes_max 0 0 +_crypto_box_curve25519xchacha20poly1305_messagebytes_max 1 1 _crypto_box_curve25519xchacha20poly1305_noncebytes 0 1 _crypto_box_curve25519xchacha20poly1305_open_detached 0 1 _crypto_box_curve25519xchacha20poly1305_open_detached_afternm 0 1 @@ -111,7 +111,7 @@ _crypto_box_curve25519xsalsa20poly1305_beforenmbytes 0 1 _crypto_box_curve25519xsalsa20poly1305_boxzerobytes 0 1 _crypto_box_curve25519xsalsa20poly1305_keypair 0 1 _crypto_box_curve25519xsalsa20poly1305_macbytes 0 1 -_crypto_box_curve25519xsalsa20poly1305_messagebytes_max 0 0 +_crypto_box_curve25519xsalsa20poly1305_messagebytes_max 0 1 _crypto_box_curve25519xsalsa20poly1305_noncebytes 0 1 _crypto_box_curve25519xsalsa20poly1305_open 0 1 _crypto_box_curve25519xsalsa20poly1305_open_afternm 0 1 @@ -126,7 +126,7 @@ _crypto_box_easy 1 1 _crypto_box_easy_afternm 1 1 _crypto_box_keypair 1 1 _crypto_box_macbytes 1 1 -_crypto_box_messagebytes_max 0 0 +_crypto_box_messagebytes_max 1 1 _crypto_box_noncebytes 1 1 _crypto_box_open 0 1 _crypto_box_open_afternm 0 1 @@ -151,11 +151,11 @@ _crypto_core_ed25519_sub 0 1 _crypto_core_ed25519_uniformbytes 0 1 _crypto_core_ed25519_scalar_invert 0 1 _crypto_core_ed25519_scalarbytes 0 1 -_crypto_core_hchacha20 1 1 -_crypto_core_hchacha20_constbytes 1 1 -_crypto_core_hchacha20_inputbytes 1 1 -_crypto_core_hchacha20_keybytes 1 1 -_crypto_core_hchacha20_outputbytes 1 1 +_crypto_core_hchacha20 0 1 +_crypto_core_hchacha20_constbytes 0 1 +_crypto_core_hchacha20_inputbytes 0 1 +_crypto_core_hchacha20_keybytes 0 1 +_crypto_core_hchacha20_outputbytes 0 1 _crypto_core_hsalsa20 0 1 _crypto_core_hsalsa20_constbytes 0 1 _crypto_core_hsalsa20_inputbytes 0 1 @@ -241,6 +241,15 @@ _crypto_kx_seed_keypair 1 1 _crypto_kx_seedbytes 1 1 _crypto_kx_server_session_keys 1 1 _crypto_kx_sessionkeybytes 1 1 +_crypto_kx_curve25519_client_session_keys 0 1 +_crypto_kx_curve25519_keypair 0 1 +_crypto_kx_curve25519_primitive 0 1 +_crypto_kx_curve25519_publickeybytes 0 1 +_crypto_kx_curve25519_secretkeybytes 0 1 +_crypto_kx_curve25519_seed_keypair 0 1 +_crypto_kx_curve25519_seedbytes 0 1 +_crypto_kx_curve25519_server_session_keys 0 1 +_crypto_kx_curve25519_sessionkeybytes 0 1 _crypto_onetimeauth 0 1 _crypto_onetimeauth_bytes 0 1 _crypto_onetimeauth_final 0 1 @@ -322,7 +331,7 @@ _crypto_pwhash_opslimit_moderate 1 1 _crypto_pwhash_opslimit_sensitive 1 1 _crypto_pwhash_passwd_max 1 1 _crypto_pwhash_passwd_min 1 1 -_crypto_pwhash_primitive 1 1 +_crypto_pwhash_primitive 0 1 _crypto_pwhash_saltbytes 1 1 _crypto_pwhash_scryptsalsa208sha256 0 1 _crypto_pwhash_scryptsalsa208sha256_bytes_max 0 1 @@ -372,7 +381,7 @@ _crypto_secretbox_easy 1 1 _crypto_secretbox_keybytes 1 1 _crypto_secretbox_keygen 1 1 _crypto_secretbox_macbytes 1 1 -_crypto_secretbox_messagebytes_max 0 0 +_crypto_secretbox_messagebytes_max 1 1 _crypto_secretbox_noncebytes 1 1 _crypto_secretbox_open 0 1 _crypto_secretbox_open_detached 1 1 @@ -382,7 +391,7 @@ _crypto_secretbox_xchacha20poly1305_detached 0 1 _crypto_secretbox_xchacha20poly1305_easy 0 1 _crypto_secretbox_xchacha20poly1305_keybytes 0 1 _crypto_secretbox_xchacha20poly1305_macbytes 0 1 -_crypto_secretbox_xchacha20poly1305_messagebytes_max 0 0 +_crypto_secretbox_xchacha20poly1305_messagebytes_max 0 1 _crypto_secretbox_xchacha20poly1305_noncebytes 0 1 _crypto_secretbox_xchacha20poly1305_open_detached 0 1 _crypto_secretbox_xchacha20poly1305_open_easy 0 1 @@ -391,7 +400,7 @@ _crypto_secretbox_xsalsa20poly1305_boxzerobytes 0 1 _crypto_secretbox_xsalsa20poly1305_keybytes 0 1 _crypto_secretbox_xsalsa20poly1305_keygen 0 1 _crypto_secretbox_xsalsa20poly1305_macbytes 0 1 -_crypto_secretbox_xsalsa20poly1305_messagebytes_max 0 0 +_crypto_secretbox_xsalsa20poly1305_messagebytes_max 0 1 _crypto_secretbox_xsalsa20poly1305_noncebytes 0 1 _crypto_secretbox_xsalsa20poly1305_open 0 1 _crypto_secretbox_xsalsa20poly1305_zerobytes 0 1 @@ -429,7 +438,7 @@ _crypto_sign_ed25519 0 1 _crypto_sign_ed25519_bytes 0 1 _crypto_sign_ed25519_detached 0 1 _crypto_sign_ed25519_keypair 0 1 -_crypto_sign_ed25519_messagebytes_max 0 0 +_crypto_sign_ed25519_messagebytes_max 0 1 _crypto_sign_ed25519_open 0 1 _crypto_sign_ed25519_pk_to_curve25519 1 1 _crypto_sign_ed25519_publickeybytes 0 1 @@ -452,7 +461,7 @@ _crypto_sign_final_create 1 1 _crypto_sign_final_verify 1 1 _crypto_sign_init 1 1 _crypto_sign_keypair 1 1 -_crypto_sign_messagebytes_max 0 0 +_crypto_sign_messagebytes_max 1 1 _crypto_sign_open 1 1 _crypto_sign_primitive 0 1 _crypto_sign_publickeybytes 1 1 @@ -467,26 +476,26 @@ _crypto_stream_chacha20 0 1 _crypto_stream_chacha20_ietf 0 1 _crypto_stream_chacha20_ietf_keybytes 0 1 _crypto_stream_chacha20_ietf_keygen 0 1 -_crypto_stream_chacha20_ietf_messagebytes_max 0 0 +_crypto_stream_chacha20_ietf_messagebytes_max 0 1 _crypto_stream_chacha20_ietf_noncebytes 0 1 _crypto_stream_chacha20_ietf_xor 0 1 _crypto_stream_chacha20_ietf_xor_ic 0 1 _crypto_stream_chacha20_keybytes 0 1 _crypto_stream_chacha20_keygen 0 1 -_crypto_stream_chacha20_messagebytes_max 0 0 +_crypto_stream_chacha20_messagebytes_max 0 1 _crypto_stream_chacha20_noncebytes 0 1 _crypto_stream_chacha20_xor 0 1 _crypto_stream_chacha20_xor_ic 0 1 _crypto_stream_keybytes 0 1 -_crypto_stream_keygen 1 1 -_crypto_stream_messagebytes_max 0 0 +_crypto_stream_keygen 0 1 +_crypto_stream_messagebytes_max 0 1 _crypto_stream_noncebytes 0 1 _crypto_stream_primitive 0 1 _crypto_stream_salsa20 0 1 _crypto_stream_salsa2012 0 1 _crypto_stream_salsa2012_keybytes 0 1 _crypto_stream_salsa2012_keygen 0 1 -_crypto_stream_salsa2012_messagebytes_max 0 0 +_crypto_stream_salsa2012_messagebytes_max 0 1 _crypto_stream_salsa2012_noncebytes 0 1 _crypto_stream_salsa2012_xor 0 1 _crypto_stream_salsa208 0 1 @@ -497,14 +506,14 @@ _crypto_stream_salsa208_noncebytes 0 1 _crypto_stream_salsa208_xor 0 1 _crypto_stream_salsa20_keybytes 0 1 _crypto_stream_salsa20_keygen 0 1 -_crypto_stream_salsa20_messagebytes_max 0 0 +_crypto_stream_salsa20_messagebytes_max 0 1 _crypto_stream_salsa20_noncebytes 0 1 _crypto_stream_salsa20_xor 0 1 _crypto_stream_salsa20_xor_ic 0 1 _crypto_stream_xchacha20 0 1 _crypto_stream_xchacha20_keybytes 0 1 _crypto_stream_xchacha20_keygen 0 1 -_crypto_stream_xchacha20_messagebytes_max 0 0 +_crypto_stream_xchacha20_messagebytes_max 0 1 _crypto_stream_xchacha20_noncebytes 0 1 _crypto_stream_xchacha20_xor 0 1 _crypto_stream_xchacha20_xor_ic 0 1 @@ -512,7 +521,7 @@ _crypto_stream_xor 0 1 _crypto_stream_xsalsa20 0 1 _crypto_stream_xsalsa20_keybytes 0 1 _crypto_stream_xsalsa20_keygen 0 1 -_crypto_stream_xsalsa20_messagebytes_max 0 0 +_crypto_stream_xsalsa20_messagebytes_max 0 1 _crypto_stream_xsalsa20_noncebytes 0 1 _crypto_stream_xsalsa20_xor 0 1 _crypto_stream_xsalsa20_xor_ic 0 1 From 7f3bc5cd0840b23d81f2b112d1f31603deaaf18d Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 25 Dec 2018 11:10:33 +0100 Subject: [PATCH 143/190] Add low-level kx_curve25519 functions --- src/libsodium/Makefile.am | 2 + src/libsodium/crypto_kx/crypto_kx.c | 96 ++---------- .../crypto_kx/curve25519/kx_curve25519.c | 143 ++++++++++++++++++ src/libsodium/include/sodium.h | 1 + src/libsodium/include/sodium/crypto_kx.h | 11 +- .../include/sodium/crypto_kx_curve25519.h | 66 ++++++++ 6 files changed, 230 insertions(+), 89 deletions(-) create mode 100644 src/libsodium/crypto_kx/curve25519/kx_curve25519.c create mode 100644 src/libsodium/include/sodium/crypto_kx_curve25519.h diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am index 2c3d210f..706d006e 100644 --- a/src/libsodium/Makefile.am +++ b/src/libsodium/Makefile.am @@ -1,3 +1,4 @@ + lib_LTLIBRARIES = \ libsodium.la @@ -34,6 +35,7 @@ libsodium_la_SOURCES = \ crypto_kdf/blake2b/kdf_blake2b.c \ crypto_kdf/crypto_kdf.c \ crypto_kx/crypto_kx.c \ + crypto_kx/curve25519/kx_curve25519.c \ crypto_onetimeauth/crypto_onetimeauth.c \ crypto_onetimeauth/poly1305/onetimeauth_poly1305.c \ crypto_onetimeauth/poly1305/onetimeauth_poly1305.h \ diff --git a/src/libsodium/crypto_kx/crypto_kx.c b/src/libsodium/crypto_kx/crypto_kx.c index 877ab7ff..729d464f 100644 --- a/src/libsodium/crypto_kx/crypto_kx.c +++ b/src/libsodium/crypto_kx/crypto_kx.c @@ -1,33 +1,21 @@ -#include - -#include "core.h" -#include "crypto_generichash.h" #include "crypto_kx.h" -#include "crypto_scalarmult.h" +#include "crypto_kx_curve25519.h" #include "private/common.h" -#include "randombytes.h" -#include "utils.h" int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], unsigned char sk[crypto_kx_SECRETKEYBYTES], const unsigned char seed[crypto_kx_SEEDBYTES]) { - crypto_generichash(sk, crypto_kx_SECRETKEYBYTES, - seed, crypto_kx_SEEDBYTES, NULL, 0); - return crypto_scalarmult_base(pk, sk); + return crypto_kx_curve25519_seed_keypair(pk, sk, seed); } int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], unsigned char sk[crypto_kx_SECRETKEYBYTES]) { - COMPILER_ASSERT(crypto_kx_SECRETKEYBYTES == crypto_scalarmult_SCALARBYTES); - COMPILER_ASSERT(crypto_kx_PUBLICKEYBYTES == crypto_scalarmult_BYTES); - - randombytes_buf(sk, crypto_kx_SECRETKEYBYTES); - return crypto_scalarmult_base(pk, sk); + return crypto_kx_curve25519_keypair(pk, sk); } int @@ -37,38 +25,8 @@ crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], const unsigned char client_sk[crypto_kx_SECRETKEYBYTES], const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES]) { - crypto_generichash_state h; - unsigned char q[crypto_scalarmult_BYTES]; - unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES]; - int i; - - if (rx == NULL) { - rx = tx; - } - if (tx == NULL) { - tx = rx; - } - if (rx == NULL) { - sodium_misuse(); /* LCOV_EXCL_LINE */ - } - if (crypto_scalarmult(q, client_sk, server_pk) != 0) { - return -1; - } - COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); - crypto_generichash_init(&h, NULL, 0U, sizeof keys); - crypto_generichash_update(&h, q, crypto_scalarmult_BYTES); - sodium_memzero(q, sizeof q); - crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES); - crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES); - crypto_generichash_final(&h, keys, sizeof keys); - sodium_memzero(&h, sizeof h); - for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) { - rx[i] = keys[i]; - tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; - } - sodium_memzero(keys, sizeof keys); - - return 0; + return crypto_kx_curve25519_client_session_keys(rx, tx, client_pk, + client_sk, server_pk); } int @@ -78,66 +36,36 @@ crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], const unsigned char server_sk[crypto_kx_SECRETKEYBYTES], const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES]) { - crypto_generichash_state h; - unsigned char q[crypto_scalarmult_BYTES]; - unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES]; - int i; - - if (rx == NULL) { - rx = tx; - } - if (tx == NULL) { - tx = rx; - } - if (rx == NULL) { - sodium_misuse(); /* LCOV_EXCL_LINE */ - } - if (crypto_scalarmult(q, server_sk, client_pk) != 0) { - return -1; - } - COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); - crypto_generichash_init(&h, NULL, 0U, sizeof keys); - crypto_generichash_update(&h, q, crypto_scalarmult_BYTES); - sodium_memzero(q, sizeof q); - crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES); - crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES); - crypto_generichash_final(&h, keys, sizeof keys); - sodium_memzero(&h, sizeof h); - for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) { - tx[i] = keys[i]; - rx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; - } - sodium_memzero(keys, sizeof keys); - - return 0; + return crypto_kx_curve25519_server_session_keys(rx, tx, server_pk, + server_sk, client_pk); } size_t crypto_kx_publickeybytes(void) { - return crypto_kx_PUBLICKEYBYTES; + return crypto_kx_curve25519_PUBLICKEYBYTES; } size_t crypto_kx_secretkeybytes(void) { - return crypto_kx_SECRETKEYBYTES; + return crypto_kx_curve25519_SECRETKEYBYTES; } size_t crypto_kx_seedbytes(void) { - return crypto_kx_SEEDBYTES; + return crypto_kx_curve25519_SEEDBYTES; } size_t crypto_kx_sessionkeybytes(void) { - return crypto_kx_SESSIONKEYBYTES; + return crypto_kx_curve25519_SESSIONKEYBYTES; } const char * crypto_kx_primitive(void) { - return crypto_kx_PRIMITIVE; + return crypto_kx_curve25519_PRIMITIVE; } diff --git a/src/libsodium/crypto_kx/curve25519/kx_curve25519.c b/src/libsodium/crypto_kx/curve25519/kx_curve25519.c new file mode 100644 index 00000000..4709a7de --- /dev/null +++ b/src/libsodium/crypto_kx/curve25519/kx_curve25519.c @@ -0,0 +1,143 @@ + +#include + +#include "core.h" +#include "crypto_generichash.h" +#include "crypto_kx_curve25519.h" +#include "crypto_scalarmult_curve25519.h" +#include "private/common.h" +#include "randombytes.h" +#include "utils.h" + +int +crypto_kx_curve25519_seed_keypair(unsigned char pk[crypto_kx_curve25519_PUBLICKEYBYTES], + unsigned char sk[crypto_kx_curve25519_SECRETKEYBYTES], + const unsigned char seed[crypto_kx_curve25519_SEEDBYTES]) +{ + crypto_generichash(sk, crypto_kx_curve25519_SECRETKEYBYTES, + seed, crypto_kx_curve25519_SEEDBYTES, NULL, 0); + return crypto_scalarmult_curve25519_base(pk, sk); +} + +int +crypto_kx_curve25519_keypair(unsigned char pk[crypto_kx_curve25519_PUBLICKEYBYTES], + unsigned char sk[crypto_kx_curve25519_SECRETKEYBYTES]) +{ + COMPILER_ASSERT(crypto_kx_curve25519_SECRETKEYBYTES == crypto_scalarmult_curve25519_SCALARBYTES); + COMPILER_ASSERT(crypto_kx_curve25519_PUBLICKEYBYTES == crypto_scalarmult_curve25519_BYTES); + + randombytes_buf(sk, crypto_kx_curve25519_SECRETKEYBYTES); + return crypto_scalarmult_curve25519_base(pk, sk); +} + +int +crypto_kx_curve25519_client_session_keys(unsigned char rx[crypto_kx_curve25519_SESSIONKEYBYTES], + unsigned char tx[crypto_kx_curve25519_SESSIONKEYBYTES], + const unsigned char client_pk[crypto_kx_curve25519_PUBLICKEYBYTES], + const unsigned char client_sk[crypto_kx_curve25519_SECRETKEYBYTES], + const unsigned char server_pk[crypto_kx_curve25519_PUBLICKEYBYTES]) +{ + crypto_generichash_state h; + unsigned char q[crypto_scalarmult_curve25519_BYTES]; + unsigned char keys[2 * crypto_kx_curve25519_SESSIONKEYBYTES]; + int i; + + if (rx == NULL) { + rx = tx; + } + if (tx == NULL) { + tx = rx; + } + if (rx == NULL) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + if (crypto_scalarmult_curve25519(q, client_sk, server_pk) != 0) { + return -1; + } + COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); + crypto_generichash_init(&h, NULL, 0U, sizeof keys); + crypto_generichash_update(&h, q, crypto_scalarmult_curve25519_BYTES); + sodium_memzero(q, sizeof q); + crypto_generichash_update(&h, client_pk, crypto_kx_curve25519_PUBLICKEYBYTES); + crypto_generichash_update(&h, server_pk, crypto_kx_curve25519_PUBLICKEYBYTES); + crypto_generichash_final(&h, keys, sizeof keys); + sodium_memzero(&h, sizeof h); + for (i = 0; i < crypto_kx_curve25519_SESSIONKEYBYTES; i++) { + rx[i] = keys[i]; + tx[i] = keys[i + crypto_kx_curve25519_SESSIONKEYBYTES]; + } + sodium_memzero(keys, sizeof keys); + + return 0; +} + +int +crypto_kx_curve25519_server_session_keys(unsigned char rx[crypto_kx_curve25519_SESSIONKEYBYTES], + unsigned char tx[crypto_kx_curve25519_SESSIONKEYBYTES], + const unsigned char server_pk[crypto_kx_curve25519_PUBLICKEYBYTES], + const unsigned char server_sk[crypto_kx_curve25519_SECRETKEYBYTES], + const unsigned char client_pk[crypto_kx_curve25519_PUBLICKEYBYTES]) +{ + crypto_generichash_state h; + unsigned char q[crypto_scalarmult_curve25519_BYTES]; + unsigned char keys[2 * crypto_kx_curve25519_SESSIONKEYBYTES]; + int i; + + if (rx == NULL) { + rx = tx; + } + if (tx == NULL) { + tx = rx; + } + if (rx == NULL) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + if (crypto_scalarmult_curve25519(q, server_sk, client_pk) != 0) { + return -1; + } + COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); + crypto_generichash_init(&h, NULL, 0U, sizeof keys); + crypto_generichash_update(&h, q, crypto_scalarmult_curve25519_BYTES); + sodium_memzero(q, sizeof q); + crypto_generichash_update(&h, client_pk, crypto_kx_curve25519_PUBLICKEYBYTES); + crypto_generichash_update(&h, server_pk, crypto_kx_curve25519_PUBLICKEYBYTES); + crypto_generichash_final(&h, keys, sizeof keys); + sodium_memzero(&h, sizeof h); + for (i = 0; i < crypto_kx_curve25519_SESSIONKEYBYTES; i++) { + tx[i] = keys[i]; + rx[i] = keys[i + crypto_kx_curve25519_SESSIONKEYBYTES]; + } + sodium_memzero(keys, sizeof keys); + + return 0; +} + +size_t +crypto_kx_curve25519_publickeybytes(void) +{ + return crypto_kx_curve25519_PUBLICKEYBYTES; +} + +size_t +crypto_kx_curve25519_secretkeybytes(void) +{ + return crypto_kx_curve25519_SECRETKEYBYTES; +} + +size_t +crypto_kx_curve25519_seedbytes(void) +{ + return crypto_kx_curve25519_SEEDBYTES; +} + +size_t +crypto_kx_curve25519_sessionkeybytes(void) +{ + return crypto_kx_curve25519_SESSIONKEYBYTES; +} + +const char * +crypto_kx_curve25519_primitive(void) +{ + return crypto_kx_curve25519_PRIMITIVE; +} diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h index e7b1af46..f3049b2f 100644 --- a/src/libsodium/include/sodium.h +++ b/src/libsodium/include/sodium.h @@ -27,6 +27,7 @@ #include "sodium/crypto_kdf.h" #include "sodium/crypto_kdf_blake2b.h" #include "sodium/crypto_kx.h" +#include "sodium/crypto_kx_curve25519.h" #include "sodium/crypto_onetimeauth.h" #include "sodium/crypto_onetimeauth_poly1305.h" #include "sodium/crypto_pwhash.h" diff --git a/src/libsodium/include/sodium/crypto_kx.h b/src/libsodium/include/sodium/crypto_kx.h index 347132c3..6cd8b255 100644 --- a/src/libsodium/include/sodium/crypto_kx.h +++ b/src/libsodium/include/sodium/crypto_kx.h @@ -3,6 +3,7 @@ #include +#include "crypto_kx_curve25519.h" #include "export.h" #ifdef __cplusplus @@ -12,23 +13,23 @@ extern "C" { #endif -#define crypto_kx_PUBLICKEYBYTES 32 +#define crypto_kx_PUBLICKEYBYTES crypto_kx_curve25519_PUBLICKEYBYTES SODIUM_EXPORT size_t crypto_kx_publickeybytes(void); -#define crypto_kx_SECRETKEYBYTES 32 +#define crypto_kx_SECRETKEYBYTES crypto_kx_curve25519_SECRETKEYBYTES SODIUM_EXPORT size_t crypto_kx_secretkeybytes(void); -#define crypto_kx_SEEDBYTES 32 +#define crypto_kx_SEEDBYTES crypto_kx_curve25519_SEEDBYTES SODIUM_EXPORT size_t crypto_kx_seedbytes(void); -#define crypto_kx_SESSIONKEYBYTES 32 +#define crypto_kx_SESSIONKEYBYTES crypto_kx_curve25519_SESSIONKEYBYTES SODIUM_EXPORT size_t crypto_kx_sessionkeybytes(void); -#define crypto_kx_PRIMITIVE "x25519blake2b" +#define crypto_kx_PRIMITIVE crypto_kx_curve25519_PRIMITIVE SODIUM_EXPORT const char *crypto_kx_primitive(void); diff --git a/src/libsodium/include/sodium/crypto_kx_curve25519.h b/src/libsodium/include/sodium/crypto_kx_curve25519.h new file mode 100644 index 00000000..1b6beabe --- /dev/null +++ b/src/libsodium/include/sodium/crypto_kx_curve25519.h @@ -0,0 +1,66 @@ +#ifndef crypto_kx_curve25519_H +#define crypto_kx_curve25519_H + +#include + +#include "export.h" + +#ifdef __cplusplus +# ifdef __GNUC__ +# pragma GCC diagnostic ignored "-Wlong-long" +# endif +extern "C" { +#endif + +#define crypto_kx_curve25519_PUBLICKEYBYTES 32 +SODIUM_EXPORT +size_t crypto_kx_curve25519_publickeybytes(void); + +#define crypto_kx_curve25519_SECRETKEYBYTES 32 +SODIUM_EXPORT +size_t crypto_kx_curve25519_secretkeybytes(void); + +#define crypto_kx_curve25519_SEEDBYTES 32 +SODIUM_EXPORT +size_t crypto_kx_curve25519_seedbytes(void); + +#define crypto_kx_curve25519_SESSIONKEYBYTES 32 +SODIUM_EXPORT +size_t crypto_kx_curve25519_sessionkeybytes(void); + +#define crypto_kx_curve25519_PRIMITIVE "x25519blake2b" +SODIUM_EXPORT +const char *crypto_kx_curve25519_primitive(void); + +SODIUM_EXPORT +int crypto_kx_curve25519_seed_keypair(unsigned char pk[crypto_kx_curve25519_PUBLICKEYBYTES], + unsigned char sk[crypto_kx_curve25519_SECRETKEYBYTES], + const unsigned char seed[crypto_kx_curve25519_SEEDBYTES]) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +int crypto_kx_curve25519_keypair(unsigned char pk[crypto_kx_curve25519_PUBLICKEYBYTES], + unsigned char sk[crypto_kx_curve25519_SECRETKEYBYTES]) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +int crypto_kx_curve25519_client_session_keys(unsigned char rx[crypto_kx_curve25519_SESSIONKEYBYTES], + unsigned char tx[crypto_kx_curve25519_SESSIONKEYBYTES], + const unsigned char client_pk[crypto_kx_curve25519_PUBLICKEYBYTES], + const unsigned char client_sk[crypto_kx_curve25519_SECRETKEYBYTES], + const unsigned char server_pk[crypto_kx_curve25519_PUBLICKEYBYTES]) + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); + +SODIUM_EXPORT +int crypto_kx_curve25519_server_session_keys(unsigned char rx[crypto_kx_curve25519_SESSIONKEYBYTES], + unsigned char tx[crypto_kx_curve25519_SESSIONKEYBYTES], + const unsigned char server_pk[crypto_kx_curve25519_PUBLICKEYBYTES], + const unsigned char server_sk[crypto_kx_curve25519_SECRETKEYBYTES], + const unsigned char client_pk[crypto_kx_curve25519_PUBLICKEYBYTES]) + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); + +#ifdef __cplusplus +} +#endif + +#endif From 2d736dc2bce4a738d291e49dcfa1322935b97e49 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 25 Dec 2018 12:46:21 +0100 Subject: [PATCH 144/190] Add crypto_kx_ed25519 --- .../msvc/vs2010/libsodium/libsodium.vcxproj | 5 + .../libsodium/libsodium.vcxproj.filters | 21 +++ .../msvc/vs2012/libsodium/libsodium.vcxproj | 5 + .../libsodium/libsodium.vcxproj.filters | 21 +++ .../msvc/vs2013/libsodium/libsodium.vcxproj | 5 + .../libsodium/libsodium.vcxproj.filters | 21 +++ .../msvc/vs2015/libsodium/libsodium.vcxproj | 5 + .../libsodium/libsodium.vcxproj.filters | 21 +++ .../msvc/vs2017/libsodium/libsodium.vcxproj | 5 + .../libsodium/libsodium.vcxproj.filters | 21 +++ dist-build/emscripten-symbols.def | 9 ++ libsodium.vcxproj | 5 + libsodium.vcxproj.filters | 15 ++ src/libsodium/Makefile.am | 1 + src/libsodium/crypto_kx/ed25519/kx_ed25519.c | 143 ++++++++++++++++++ src/libsodium/include/Makefile.am | 2 + src/libsodium/include/sodium.h | 1 + .../include/sodium/crypto_kx_ed25519.h | 66 ++++++++ 18 files changed, 372 insertions(+) create mode 100644 src/libsodium/crypto_kx/ed25519/kx_ed25519.c create mode 100644 src/libsodium/include/sodium/crypto_kx_ed25519.h diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj b/builds/msvc/vs2010/libsodium/libsodium.vcxproj index ec340a17..292219f2 100644 --- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj @@ -86,6 +86,8 @@ + + @@ -199,6 +201,7 @@ + @@ -209,6 +212,7 @@ + @@ -240,6 +244,7 @@ + diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters index 079094b9..e6e7c823 100644 --- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters @@ -51,6 +51,12 @@ crypto_kx + + crypto_kx\ed25519 + + + crypto_kx\curve25519 + crypto_sign @@ -386,6 +392,9 @@ include\sodium + + include\sodium + include\sodium @@ -416,6 +425,9 @@ include\sodium + + include\sodium + include\sodium @@ -509,6 +521,9 @@ include\sodium + + include\sodium + include\sodium @@ -835,6 +850,12 @@ {898b6bd5-1360-3a34-adcd-0fade7561685} + + {a87725bb-5474-365f-be59-ada5ae3f9e73} + + + {57637f5e-c7cb-31ae-8f7b-1a68c22ef39f} + {323c0a15-3c1d-39b2-9ec1-299deb299497} diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj b/builds/msvc/vs2012/libsodium/libsodium.vcxproj index f140d161..15032ef3 100644 --- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj @@ -86,6 +86,8 @@ + + @@ -199,6 +201,7 @@ + @@ -209,6 +212,7 @@ + @@ -240,6 +244,7 @@ + diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters index 079094b9..e6e7c823 100644 --- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters @@ -51,6 +51,12 @@ crypto_kx + + crypto_kx\ed25519 + + + crypto_kx\curve25519 + crypto_sign @@ -386,6 +392,9 @@ include\sodium + + include\sodium + include\sodium @@ -416,6 +425,9 @@ include\sodium + + include\sodium + include\sodium @@ -509,6 +521,9 @@ include\sodium + + include\sodium + include\sodium @@ -835,6 +850,12 @@ {898b6bd5-1360-3a34-adcd-0fade7561685} + + {a87725bb-5474-365f-be59-ada5ae3f9e73} + + + {57637f5e-c7cb-31ae-8f7b-1a68c22ef39f} + {323c0a15-3c1d-39b2-9ec1-299deb299497} diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj b/builds/msvc/vs2013/libsodium/libsodium.vcxproj index cddd4ad6..f3a077e6 100644 --- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj @@ -86,6 +86,8 @@ + + @@ -199,6 +201,7 @@ + @@ -209,6 +212,7 @@ + @@ -240,6 +244,7 @@ + diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters index 079094b9..e6e7c823 100644 --- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters @@ -51,6 +51,12 @@ crypto_kx + + crypto_kx\ed25519 + + + crypto_kx\curve25519 + crypto_sign @@ -386,6 +392,9 @@ include\sodium + + include\sodium + include\sodium @@ -416,6 +425,9 @@ include\sodium + + include\sodium + include\sodium @@ -509,6 +521,9 @@ include\sodium + + include\sodium + include\sodium @@ -835,6 +850,12 @@ {898b6bd5-1360-3a34-adcd-0fade7561685} + + {a87725bb-5474-365f-be59-ada5ae3f9e73} + + + {57637f5e-c7cb-31ae-8f7b-1a68c22ef39f} + {323c0a15-3c1d-39b2-9ec1-299deb299497} diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj b/builds/msvc/vs2015/libsodium/libsodium.vcxproj index 230086a9..11349940 100644 --- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj @@ -86,6 +86,8 @@ + + @@ -199,6 +201,7 @@ + @@ -209,6 +212,7 @@ + @@ -240,6 +244,7 @@ + diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters index 079094b9..e6e7c823 100644 --- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters @@ -51,6 +51,12 @@ crypto_kx + + crypto_kx\ed25519 + + + crypto_kx\curve25519 + crypto_sign @@ -386,6 +392,9 @@ include\sodium + + include\sodium + include\sodium @@ -416,6 +425,9 @@ include\sodium + + include\sodium + include\sodium @@ -509,6 +521,9 @@ include\sodium + + include\sodium + include\sodium @@ -835,6 +850,12 @@ {898b6bd5-1360-3a34-adcd-0fade7561685} + + {a87725bb-5474-365f-be59-ada5ae3f9e73} + + + {57637f5e-c7cb-31ae-8f7b-1a68c22ef39f} + {323c0a15-3c1d-39b2-9ec1-299deb299497} diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj b/builds/msvc/vs2017/libsodium/libsodium.vcxproj index 8a175e0b..2ba0f13e 100644 --- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj @@ -86,6 +86,8 @@ + + @@ -199,6 +201,7 @@ + @@ -209,6 +212,7 @@ + @@ -240,6 +244,7 @@ + diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters index 079094b9..e6e7c823 100644 --- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters @@ -51,6 +51,12 @@ crypto_kx + + crypto_kx\ed25519 + + + crypto_kx\curve25519 + crypto_sign @@ -386,6 +392,9 @@ include\sodium + + include\sodium + include\sodium @@ -416,6 +425,9 @@ include\sodium + + include\sodium + include\sodium @@ -509,6 +521,9 @@ include\sodium + + include\sodium + include\sodium @@ -835,6 +850,12 @@ {898b6bd5-1360-3a34-adcd-0fade7561685} + + {a87725bb-5474-365f-be59-ada5ae3f9e73} + + + {57637f5e-c7cb-31ae-8f7b-1a68c22ef39f} + {323c0a15-3c1d-39b2-9ec1-299deb299497} diff --git a/dist-build/emscripten-symbols.def b/dist-build/emscripten-symbols.def index e47e6d26..84e9f5db 100644 --- a/dist-build/emscripten-symbols.def +++ b/dist-build/emscripten-symbols.def @@ -250,6 +250,15 @@ _crypto_kx_curve25519_seed_keypair 0 1 _crypto_kx_curve25519_seedbytes 0 1 _crypto_kx_curve25519_server_session_keys 0 1 _crypto_kx_curve25519_sessionkeybytes 0 1 +_crypto_kx_ed25519_client_session_keys 0 1 +_crypto_kx_ed25519_keypair 0 1 +_crypto_kx_ed25519_primitive 0 1 +_crypto_kx_ed25519_publickeybytes 0 1 +_crypto_kx_ed25519_secretkeybytes 0 1 +_crypto_kx_ed25519_seed_keypair 0 1 +_crypto_kx_ed25519_seedbytes 0 1 +_crypto_kx_ed25519_server_session_keys 0 1 +_crypto_kx_ed25519_sessionkeybytes 0 1 _crypto_onetimeauth 0 1 _crypto_onetimeauth_bytes 0 1 _crypto_onetimeauth_final 0 1 diff --git a/libsodium.vcxproj b/libsodium.vcxproj index 63d5f956..eb414baf 100644 --- a/libsodium.vcxproj +++ b/libsodium.vcxproj @@ -324,6 +324,8 @@ + + @@ -437,6 +439,7 @@ + @@ -447,6 +450,7 @@ + @@ -478,6 +482,7 @@ + diff --git a/libsodium.vcxproj.filters b/libsodium.vcxproj.filters index b4a4ea96..7f46d94e 100644 --- a/libsodium.vcxproj.filters +++ b/libsodium.vcxproj.filters @@ -42,6 +42,12 @@ Source Files + + Source Files + + + Source Files + Source Files @@ -377,6 +383,9 @@ Header Files + + Header Files + Header Files @@ -407,6 +416,9 @@ Header Files + + Header Files + Header Files @@ -500,6 +512,9 @@ Header Files + + Header Files + Header Files diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am index 706d006e..a3c8758b 100644 --- a/src/libsodium/Makefile.am +++ b/src/libsodium/Makefile.am @@ -154,6 +154,7 @@ libsodium_la_SOURCES += \ crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c \ crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c \ crypto_core/ed25519/core_ed25519.c \ + crypto_kx/ed25519/kx_ed25519.c \ crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c \ crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h \ crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c \ diff --git a/src/libsodium/crypto_kx/ed25519/kx_ed25519.c b/src/libsodium/crypto_kx/ed25519/kx_ed25519.c new file mode 100644 index 00000000..783e9003 --- /dev/null +++ b/src/libsodium/crypto_kx/ed25519/kx_ed25519.c @@ -0,0 +1,143 @@ + +#include + +#include "core.h" +#include "crypto_generichash.h" +#include "crypto_kx_ed25519.h" +#include "crypto_scalarmult_ed25519.h" +#include "private/common.h" +#include "randombytes.h" +#include "utils.h" + +int +crypto_kx_ed25519_seed_keypair(unsigned char pk[crypto_kx_ed25519_PUBLICKEYBYTES], + unsigned char sk[crypto_kx_ed25519_SECRETKEYBYTES], + const unsigned char seed[crypto_kx_ed25519_SEEDBYTES]) +{ + crypto_generichash(sk, crypto_kx_ed25519_SECRETKEYBYTES, + seed, crypto_kx_ed25519_SEEDBYTES, NULL, 0); + return crypto_scalarmult_ed25519_base(pk, sk); +} + +int +crypto_kx_ed25519_keypair(unsigned char pk[crypto_kx_ed25519_PUBLICKEYBYTES], + unsigned char sk[crypto_kx_ed25519_SECRETKEYBYTES]) +{ + COMPILER_ASSERT(crypto_kx_ed25519_SECRETKEYBYTES == crypto_scalarmult_ed25519_SCALARBYTES); + COMPILER_ASSERT(crypto_kx_ed25519_PUBLICKEYBYTES == crypto_scalarmult_ed25519_BYTES); + + randombytes_buf(sk, crypto_kx_ed25519_SECRETKEYBYTES); + return crypto_scalarmult_ed25519_base(pk, sk); +} + +int +crypto_kx_ed25519_client_session_keys(unsigned char rx[crypto_kx_ed25519_SESSIONKEYBYTES], + unsigned char tx[crypto_kx_ed25519_SESSIONKEYBYTES], + const unsigned char client_pk[crypto_kx_ed25519_PUBLICKEYBYTES], + const unsigned char client_sk[crypto_kx_ed25519_SECRETKEYBYTES], + const unsigned char server_pk[crypto_kx_ed25519_PUBLICKEYBYTES]) +{ + crypto_generichash_state h; + unsigned char q[crypto_scalarmult_ed25519_BYTES]; + unsigned char keys[2 * crypto_kx_ed25519_SESSIONKEYBYTES]; + int i; + + if (rx == NULL) { + rx = tx; + } + if (tx == NULL) { + tx = rx; + } + if (rx == NULL) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + if (crypto_scalarmult_ed25519(q, client_sk, server_pk) != 0) { + return -1; + } + COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); + crypto_generichash_init(&h, NULL, 0U, sizeof keys); + crypto_generichash_update(&h, q, crypto_scalarmult_ed25519_BYTES); + sodium_memzero(q, sizeof q); + crypto_generichash_update(&h, client_pk, crypto_kx_ed25519_PUBLICKEYBYTES); + crypto_generichash_update(&h, server_pk, crypto_kx_ed25519_PUBLICKEYBYTES); + crypto_generichash_final(&h, keys, sizeof keys); + sodium_memzero(&h, sizeof h); + for (i = 0; i < crypto_kx_ed25519_SESSIONKEYBYTES; i++) { + rx[i] = keys[i]; + tx[i] = keys[i + crypto_kx_ed25519_SESSIONKEYBYTES]; + } + sodium_memzero(keys, sizeof keys); + + return 0; +} + +int +crypto_kx_ed25519_server_session_keys(unsigned char rx[crypto_kx_ed25519_SESSIONKEYBYTES], + unsigned char tx[crypto_kx_ed25519_SESSIONKEYBYTES], + const unsigned char server_pk[crypto_kx_ed25519_PUBLICKEYBYTES], + const unsigned char server_sk[crypto_kx_ed25519_SECRETKEYBYTES], + const unsigned char client_pk[crypto_kx_ed25519_PUBLICKEYBYTES]) +{ + crypto_generichash_state h; + unsigned char q[crypto_scalarmult_ed25519_BYTES]; + unsigned char keys[2 * crypto_kx_ed25519_SESSIONKEYBYTES]; + int i; + + if (rx == NULL) { + rx = tx; + } + if (tx == NULL) { + tx = rx; + } + if (rx == NULL) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + if (crypto_scalarmult_ed25519(q, server_sk, client_pk) != 0) { + return -1; + } + COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); + crypto_generichash_init(&h, NULL, 0U, sizeof keys); + crypto_generichash_update(&h, q, crypto_scalarmult_ed25519_BYTES); + sodium_memzero(q, sizeof q); + crypto_generichash_update(&h, client_pk, crypto_kx_ed25519_PUBLICKEYBYTES); + crypto_generichash_update(&h, server_pk, crypto_kx_ed25519_PUBLICKEYBYTES); + crypto_generichash_final(&h, keys, sizeof keys); + sodium_memzero(&h, sizeof h); + for (i = 0; i < crypto_kx_ed25519_SESSIONKEYBYTES; i++) { + tx[i] = keys[i]; + rx[i] = keys[i + crypto_kx_ed25519_SESSIONKEYBYTES]; + } + sodium_memzero(keys, sizeof keys); + + return 0; +} + +size_t +crypto_kx_ed25519_publickeybytes(void) +{ + return crypto_kx_ed25519_PUBLICKEYBYTES; +} + +size_t +crypto_kx_ed25519_secretkeybytes(void) +{ + return crypto_kx_ed25519_SECRETKEYBYTES; +} + +size_t +crypto_kx_ed25519_seedbytes(void) +{ + return crypto_kx_ed25519_SEEDBYTES; +} + +size_t +crypto_kx_ed25519_sessionkeybytes(void) +{ + return crypto_kx_ed25519_SESSIONKEYBYTES; +} + +const char * +crypto_kx_ed25519_primitive(void) +{ + return crypto_kx_ed25519_PRIMITIVE; +} diff --git a/src/libsodium/include/Makefile.am b/src/libsodium/include/Makefile.am index b70c22b3..4bf69e78 100644 --- a/src/libsodium/include/Makefile.am +++ b/src/libsodium/include/Makefile.am @@ -26,6 +26,8 @@ SODIUM_EXPORT = \ sodium/crypto_kdf.h \ sodium/crypto_kdf_blake2b.h \ sodium/crypto_kx.h \ + sodium/crypto_kx_curve25519.h \ + sodium/crypto_kx_ed25519.h \ sodium/crypto_onetimeauth.h \ sodium/crypto_onetimeauth_poly1305.h \ sodium/crypto_pwhash.h \ diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h index f3049b2f..54e37632 100644 --- a/src/libsodium/include/sodium.h +++ b/src/libsodium/include/sodium.h @@ -28,6 +28,7 @@ #include "sodium/crypto_kdf_blake2b.h" #include "sodium/crypto_kx.h" #include "sodium/crypto_kx_curve25519.h" +#include "sodium/crypto_kx_ed25519.h" #include "sodium/crypto_onetimeauth.h" #include "sodium/crypto_onetimeauth_poly1305.h" #include "sodium/crypto_pwhash.h" diff --git a/src/libsodium/include/sodium/crypto_kx_ed25519.h b/src/libsodium/include/sodium/crypto_kx_ed25519.h new file mode 100644 index 00000000..daa9598a --- /dev/null +++ b/src/libsodium/include/sodium/crypto_kx_ed25519.h @@ -0,0 +1,66 @@ +#ifndef crypto_kx_ed25519_H +#define crypto_kx_ed25519_H + +#include + +#include "export.h" + +#ifdef __cplusplus +# ifdef __GNUC__ +# pragma GCC diagnostic ignored "-Wlong-long" +# endif +extern "C" { +#endif + +#define crypto_kx_ed25519_PUBLICKEYBYTES 32 +SODIUM_EXPORT +size_t crypto_kx_ed25519_publickeybytes(void); + +#define crypto_kx_ed25519_SECRETKEYBYTES 32 +SODIUM_EXPORT +size_t crypto_kx_ed25519_secretkeybytes(void); + +#define crypto_kx_ed25519_SEEDBYTES 32 +SODIUM_EXPORT +size_t crypto_kx_ed25519_seedbytes(void); + +#define crypto_kx_ed25519_SESSIONKEYBYTES 32 +SODIUM_EXPORT +size_t crypto_kx_ed25519_sessionkeybytes(void); + +#define crypto_kx_ed25519_PRIMITIVE "ed25519blake2b" +SODIUM_EXPORT +const char *crypto_kx_ed25519_primitive(void); + +SODIUM_EXPORT +int crypto_kx_ed25519_seed_keypair(unsigned char pk[crypto_kx_ed25519_PUBLICKEYBYTES], + unsigned char sk[crypto_kx_ed25519_SECRETKEYBYTES], + const unsigned char seed[crypto_kx_ed25519_SEEDBYTES]) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +int crypto_kx_ed25519_keypair(unsigned char pk[crypto_kx_ed25519_PUBLICKEYBYTES], + unsigned char sk[crypto_kx_ed25519_SECRETKEYBYTES]) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +int crypto_kx_ed25519_client_session_keys(unsigned char rx[crypto_kx_ed25519_SESSIONKEYBYTES], + unsigned char tx[crypto_kx_ed25519_SESSIONKEYBYTES], + const unsigned char client_pk[crypto_kx_ed25519_PUBLICKEYBYTES], + const unsigned char client_sk[crypto_kx_ed25519_SECRETKEYBYTES], + const unsigned char server_pk[crypto_kx_ed25519_PUBLICKEYBYTES]) + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); + +SODIUM_EXPORT +int crypto_kx_ed25519_server_session_keys(unsigned char rx[crypto_kx_ed25519_SESSIONKEYBYTES], + unsigned char tx[crypto_kx_ed25519_SESSIONKEYBYTES], + const unsigned char server_pk[crypto_kx_ed25519_PUBLICKEYBYTES], + const unsigned char server_sk[crypto_kx_ed25519_SECRETKEYBYTES], + const unsigned char client_pk[crypto_kx_ed25519_PUBLICKEYBYTES]) + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); + +#ifdef __cplusplus +} +#endif + +#endif From 7e8c2d34e599de2c205dba56350f1b69f9f34b80 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 25 Dec 2018 12:50:13 +0100 Subject: [PATCH 145/190] Regen emscripten symbols --- dist-build/emscripten-symbols.def | 29 +++++++++++++---------- dist-build/emscripten.sh | 4 ++-- dist-build/generate-emscripten-symbols.sh | 2 +- 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/dist-build/emscripten-symbols.def b/dist-build/emscripten-symbols.def index 84e9f5db..692bb858 100644 --- a/dist-build/emscripten-symbols.def +++ b/dist-build/emscripten-symbols.def @@ -147,10 +147,13 @@ _crypto_core_ed25519_add 0 1 _crypto_core_ed25519_bytes 0 1 _crypto_core_ed25519_from_uniform 0 1 _crypto_core_ed25519_is_valid_point 0 1 +_crypto_core_ed25519_nonreducedscalarbytes 0 1 +_crypto_core_ed25519_scalar_invert 0 1 +_crypto_core_ed25519_scalar_random 0 1 +_crypto_core_ed25519_scalar_reduce 0 1 +_crypto_core_ed25519_scalarbytes 0 1 _crypto_core_ed25519_sub 0 1 _crypto_core_ed25519_uniformbytes 0 1 -_crypto_core_ed25519_scalar_invert 0 1 -_crypto_core_ed25519_scalarbytes 0 1 _crypto_core_hchacha20 0 1 _crypto_core_hchacha20_constbytes 0 1 _crypto_core_hchacha20_inputbytes 0 1 @@ -233,14 +236,6 @@ _crypto_kdf_keybytes 1 1 _crypto_kdf_keygen 1 1 _crypto_kdf_primitive 0 1 _crypto_kx_client_session_keys 1 1 -_crypto_kx_keypair 1 1 -_crypto_kx_primitive 0 1 -_crypto_kx_publickeybytes 1 1 -_crypto_kx_secretkeybytes 1 1 -_crypto_kx_seed_keypair 1 1 -_crypto_kx_seedbytes 1 1 -_crypto_kx_server_session_keys 1 1 -_crypto_kx_sessionkeybytes 1 1 _crypto_kx_curve25519_client_session_keys 0 1 _crypto_kx_curve25519_keypair 0 1 _crypto_kx_curve25519_primitive 0 1 @@ -259,6 +254,14 @@ _crypto_kx_ed25519_seed_keypair 0 1 _crypto_kx_ed25519_seedbytes 0 1 _crypto_kx_ed25519_server_session_keys 0 1 _crypto_kx_ed25519_sessionkeybytes 0 1 +_crypto_kx_keypair 1 1 +_crypto_kx_primitive 0 1 +_crypto_kx_publickeybytes 1 1 +_crypto_kx_secretkeybytes 1 1 +_crypto_kx_seed_keypair 1 1 +_crypto_kx_seedbytes 1 1 +_crypto_kx_server_session_keys 1 1 +_crypto_kx_sessionkeybytes 1 1 _crypto_onetimeauth 0 1 _crypto_onetimeauth_bytes 0 1 _crypto_onetimeauth_final 0 1 @@ -376,10 +379,10 @@ _crypto_scalarmult_curve25519_base 0 1 _crypto_scalarmult_curve25519_bytes 0 1 _crypto_scalarmult_curve25519_scalarbytes 0 1 _crypto_scalarmult_ed25519 0 1 -_crypto_scalarmult_ed25519_noclamp 0 1 _crypto_scalarmult_ed25519_base 0 1 _crypto_scalarmult_ed25519_base_noclamp 0 1 _crypto_scalarmult_ed25519_bytes 0 1 +_crypto_scalarmult_ed25519_noclamp 0 1 _crypto_scalarmult_ed25519_scalarbytes 0 1 _crypto_scalarmult_primitive 0 1 _crypto_scalarmult_scalarbytes 1 1 @@ -415,9 +418,9 @@ _crypto_secretbox_xsalsa20poly1305_open 0 1 _crypto_secretbox_xsalsa20poly1305_zerobytes 0 1 _crypto_secretbox_zerobytes 0 1 _crypto_secretstream_xchacha20poly1305_abytes 1 1 +_crypto_secretstream_xchacha20poly1305_headerbytes 1 1 _crypto_secretstream_xchacha20poly1305_init_pull 1 1 _crypto_secretstream_xchacha20poly1305_init_push 1 1 -_crypto_secretstream_xchacha20poly1305_headerbytes 1 1 _crypto_secretstream_xchacha20poly1305_keybytes 1 1 _crypto_secretstream_xchacha20poly1305_keygen 1 1 _crypto_secretstream_xchacha20poly1305_messagebytes_max 1 1 @@ -552,8 +555,8 @@ _randombytes_stir 1 1 _randombytes_uniform 1 1 _sodium_add 0 0 _sodium_allocarray 0 0 -_sodium_base64_encoded_len 1 1 _sodium_base642bin 1 1 +_sodium_base64_encoded_len 1 1 _sodium_bin2base64 1 1 _sodium_bin2hex 1 1 _sodium_compare 0 0 diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 477688c5..e545ab0d 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -1,8 +1,8 @@ #! /bin/sh export MAKE_FLAGS='-j4' -export EXPORTED_FUNCTIONS_STANDARD='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream_keygen","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' -export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_scalar_invert","_crypto_core_ed25519_scalarbytes","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_base_noclamp","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_noclamp","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' +export EXPORTED_FUNCTIONS_STANDARD='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_messagebytes_max","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_saltbytes","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' +export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_messagebytes_max","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_messagebytes_max","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_nonreducedscalarbytes","_crypto_core_ed25519_scalar_invert","_crypto_core_ed25519_scalar_random","_crypto_core_ed25519_scalar_reduce","_crypto_core_ed25519_scalarbytes","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_curve25519_client_session_keys","_crypto_kx_curve25519_keypair","_crypto_kx_curve25519_primitive","_crypto_kx_curve25519_publickeybytes","_crypto_kx_curve25519_secretkeybytes","_crypto_kx_curve25519_seed_keypair","_crypto_kx_curve25519_seedbytes","_crypto_kx_curve25519_server_session_keys","_crypto_kx_curve25519_sessionkeybytes","_crypto_kx_ed25519_client_session_keys","_crypto_kx_ed25519_keypair","_crypto_kx_ed25519_primitive","_crypto_kx_ed25519_publickeybytes","_crypto_kx_ed25519_secretkeybytes","_crypto_kx_ed25519_seed_keypair","_crypto_kx_ed25519_seedbytes","_crypto_kx_ed25519_server_session_keys","_crypto_kx_ed25519_sessionkeybytes","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_base_noclamp","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_noclamp","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_messagebytes_max","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_messagebytes_max","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_messagebytes_max","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_messagebytes_max","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_messagebytes_max","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_messagebytes_max","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_messagebytes_max","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_messagebytes_max","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_messagebytes_max","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_messagebytes_max","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' export EXPORTED_RUNTIME_METHODS='["Pointer_stringify","getValue","setValue"]' export TOTAL_MEMORY=16777216 export TOTAL_MEMORY_SUMO=83886080 diff --git a/dist-build/generate-emscripten-symbols.sh b/dist-build/generate-emscripten-symbols.sh index 78cbffd4..873307d2 100755 --- a/dist-build/generate-emscripten-symbols.sh +++ b/dist-build/generate-emscripten-symbols.sh @@ -17,7 +17,7 @@ symbols() { fi done < emscripten-symbols.def - nm /usr/local/lib/libsodium.23.dylib | \ + /usr/bin/nm /usr/local/lib/libsodium.23.dylib | \ fgrep ' T _' | \ cut -d' ' -f3 | { while read symbol; do From d3976446a0c19aa9fe6f66523741126869a4990e Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 25 Dec 2018 13:25:57 +0100 Subject: [PATCH 146/190] ED25519_NONDETERMINISTIC: derive keys from the seed the same way as when ED25519_NONDETERMINISTIC is not defined --- src/libsodium/crypto_sign/ed25519/ref10/keypair.c | 8 -------- test/default/ed25519_convert.c | 8 +------- 2 files changed, 1 insertion(+), 15 deletions(-) diff --git a/src/libsodium/crypto_sign/ed25519/ref10/keypair.c b/src/libsodium/crypto_sign/ed25519/ref10/keypair.c index 4b9bf0dc..e8e40150 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/keypair.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/keypair.c @@ -15,11 +15,7 @@ crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk, { ge25519_p3 A; -#ifdef ED25519_NONDETERMINISTIC - memmove(sk, seed, 32); -#else crypto_hash_sha512(sk, seed, 32); -#endif sk[0] &= 248; sk[31] &= 127; sk[31] |= 64; @@ -76,11 +72,7 @@ crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk, { unsigned char h[crypto_hash_sha512_BYTES]; -#ifdef ED25519_NONDETERMINISTIC - memcpy(h, ed25519_sk, 32); -#else crypto_hash_sha512(h, ed25519_sk, 32); -#endif h[0] &= 248; h[31] &= 127; h[31] |= 64; diff --git a/test/default/ed25519_convert.c b/test/default/ed25519_convert.c index a384c31e..d067547e 100644 --- a/test/default/ed25519_convert.c +++ b/test/default/ed25519_convert.c @@ -18,16 +18,10 @@ main(void) unsigned char curve25519_sk[crypto_scalarmult_curve25519_BYTES]; char curve25519_pk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1]; char curve25519_sk_hex[crypto_scalarmult_curve25519_BYTES * 2 + 1]; - unsigned char hseed[crypto_hash_sha512_BYTES]; unsigned int i; assert(crypto_sign_ed25519_SEEDBYTES <= crypto_hash_sha512_BYTES); -#ifdef ED25519_NONDETERMINISTIC - crypto_hash_sha512(hseed, keypair_seed, crypto_sign_ed25519_SEEDBYTES); -#else - memcpy(hseed, keypair_seed, crypto_sign_ed25519_SEEDBYTES); -#endif - crypto_sign_ed25519_seed_keypair(ed25519_pk, ed25519_skpk, hseed); + crypto_sign_ed25519_seed_keypair(ed25519_pk, ed25519_skpk, keypair_seed); if (crypto_sign_ed25519_pk_to_curve25519(curve25519_pk, ed25519_pk) != 0) { printf("conversion failed\n"); From e60049aad12e852691f477ef4aeeadce475add28 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 25 Dec 2018 19:13:47 +0100 Subject: [PATCH 147/190] Revert "Add crypto_kx_ed25519" and "Add low-level kx_curve25519 functions" This reverts commit 2d736dc2bce4a738d291e49dcfa1322935b97e49. This reverts commit 7f3bc5cd0840b23d81f2b112d1f31603deaaf18d. --- .../msvc/vs2010/libsodium/libsodium.vcxproj | 5 - .../libsodium/libsodium.vcxproj.filters | 21 --- .../msvc/vs2012/libsodium/libsodium.vcxproj | 5 - .../libsodium/libsodium.vcxproj.filters | 21 --- .../msvc/vs2013/libsodium/libsodium.vcxproj | 5 - .../libsodium/libsodium.vcxproj.filters | 21 --- .../msvc/vs2015/libsodium/libsodium.vcxproj | 5 - .../libsodium/libsodium.vcxproj.filters | 21 --- .../msvc/vs2017/libsodium/libsodium.vcxproj | 5 - .../libsodium/libsodium.vcxproj.filters | 21 --- dist-build/emscripten-symbols.def | 18 --- dist-build/emscripten.sh | 2 +- libsodium.vcxproj | 5 - libsodium.vcxproj.filters | 15 -- src/libsodium/Makefile.am | 3 - src/libsodium/crypto_kx/crypto_kx.c | 96 ++++++++++-- .../crypto_kx/curve25519/kx_curve25519.c | 143 ------------------ src/libsodium/crypto_kx/ed25519/kx_ed25519.c | 143 ------------------ src/libsodium/include/Makefile.am | 2 - src/libsodium/include/sodium.h | 2 - src/libsodium/include/sodium/crypto_kx.h | 11 +- .../include/sodium/crypto_kx_curve25519.h | 66 -------- .../include/sodium/crypto_kx_ed25519.h | 66 -------- 23 files changed, 90 insertions(+), 612 deletions(-) delete mode 100644 src/libsodium/crypto_kx/curve25519/kx_curve25519.c delete mode 100644 src/libsodium/crypto_kx/ed25519/kx_ed25519.c delete mode 100644 src/libsodium/include/sodium/crypto_kx_curve25519.h delete mode 100644 src/libsodium/include/sodium/crypto_kx_ed25519.h diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj b/builds/msvc/vs2010/libsodium/libsodium.vcxproj index 292219f2..ec340a17 100644 --- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj @@ -86,8 +86,6 @@ - - @@ -201,7 +199,6 @@ - @@ -212,7 +209,6 @@ - @@ -244,7 +240,6 @@ - diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters index e6e7c823..079094b9 100644 --- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters @@ -51,12 +51,6 @@ crypto_kx - - crypto_kx\ed25519 - - - crypto_kx\curve25519 - crypto_sign @@ -392,9 +386,6 @@ include\sodium - - include\sodium - include\sodium @@ -425,9 +416,6 @@ include\sodium - - include\sodium - include\sodium @@ -521,9 +509,6 @@ include\sodium - - include\sodium - include\sodium @@ -850,12 +835,6 @@ {898b6bd5-1360-3a34-adcd-0fade7561685} - - {a87725bb-5474-365f-be59-ada5ae3f9e73} - - - {57637f5e-c7cb-31ae-8f7b-1a68c22ef39f} - {323c0a15-3c1d-39b2-9ec1-299deb299497} diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj b/builds/msvc/vs2012/libsodium/libsodium.vcxproj index 15032ef3..f140d161 100644 --- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj @@ -86,8 +86,6 @@ - - @@ -201,7 +199,6 @@ - @@ -212,7 +209,6 @@ - @@ -244,7 +240,6 @@ - diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters index e6e7c823..079094b9 100644 --- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters @@ -51,12 +51,6 @@ crypto_kx - - crypto_kx\ed25519 - - - crypto_kx\curve25519 - crypto_sign @@ -392,9 +386,6 @@ include\sodium - - include\sodium - include\sodium @@ -425,9 +416,6 @@ include\sodium - - include\sodium - include\sodium @@ -521,9 +509,6 @@ include\sodium - - include\sodium - include\sodium @@ -850,12 +835,6 @@ {898b6bd5-1360-3a34-adcd-0fade7561685} - - {a87725bb-5474-365f-be59-ada5ae3f9e73} - - - {57637f5e-c7cb-31ae-8f7b-1a68c22ef39f} - {323c0a15-3c1d-39b2-9ec1-299deb299497} diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj b/builds/msvc/vs2013/libsodium/libsodium.vcxproj index f3a077e6..cddd4ad6 100644 --- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj @@ -86,8 +86,6 @@ - - @@ -201,7 +199,6 @@ - @@ -212,7 +209,6 @@ - @@ -244,7 +240,6 @@ - diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters index e6e7c823..079094b9 100644 --- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters @@ -51,12 +51,6 @@ crypto_kx - - crypto_kx\ed25519 - - - crypto_kx\curve25519 - crypto_sign @@ -392,9 +386,6 @@ include\sodium - - include\sodium - include\sodium @@ -425,9 +416,6 @@ include\sodium - - include\sodium - include\sodium @@ -521,9 +509,6 @@ include\sodium - - include\sodium - include\sodium @@ -850,12 +835,6 @@ {898b6bd5-1360-3a34-adcd-0fade7561685} - - {a87725bb-5474-365f-be59-ada5ae3f9e73} - - - {57637f5e-c7cb-31ae-8f7b-1a68c22ef39f} - {323c0a15-3c1d-39b2-9ec1-299deb299497} diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj b/builds/msvc/vs2015/libsodium/libsodium.vcxproj index 11349940..230086a9 100644 --- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj @@ -86,8 +86,6 @@ - - @@ -201,7 +199,6 @@ - @@ -212,7 +209,6 @@ - @@ -244,7 +240,6 @@ - diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters index e6e7c823..079094b9 100644 --- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters @@ -51,12 +51,6 @@ crypto_kx - - crypto_kx\ed25519 - - - crypto_kx\curve25519 - crypto_sign @@ -392,9 +386,6 @@ include\sodium - - include\sodium - include\sodium @@ -425,9 +416,6 @@ include\sodium - - include\sodium - include\sodium @@ -521,9 +509,6 @@ include\sodium - - include\sodium - include\sodium @@ -850,12 +835,6 @@ {898b6bd5-1360-3a34-adcd-0fade7561685} - - {a87725bb-5474-365f-be59-ada5ae3f9e73} - - - {57637f5e-c7cb-31ae-8f7b-1a68c22ef39f} - {323c0a15-3c1d-39b2-9ec1-299deb299497} diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj b/builds/msvc/vs2017/libsodium/libsodium.vcxproj index 2ba0f13e..8a175e0b 100644 --- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj @@ -86,8 +86,6 @@ - - @@ -201,7 +199,6 @@ - @@ -212,7 +209,6 @@ - @@ -244,7 +240,6 @@ - diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters index e6e7c823..079094b9 100644 --- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters @@ -51,12 +51,6 @@ crypto_kx - - crypto_kx\ed25519 - - - crypto_kx\curve25519 - crypto_sign @@ -392,9 +386,6 @@ include\sodium - - include\sodium - include\sodium @@ -425,9 +416,6 @@ include\sodium - - include\sodium - include\sodium @@ -521,9 +509,6 @@ include\sodium - - include\sodium - include\sodium @@ -850,12 +835,6 @@ {898b6bd5-1360-3a34-adcd-0fade7561685} - - {a87725bb-5474-365f-be59-ada5ae3f9e73} - - - {57637f5e-c7cb-31ae-8f7b-1a68c22ef39f} - {323c0a15-3c1d-39b2-9ec1-299deb299497} diff --git a/dist-build/emscripten-symbols.def b/dist-build/emscripten-symbols.def index 692bb858..86f401a7 100644 --- a/dist-build/emscripten-symbols.def +++ b/dist-build/emscripten-symbols.def @@ -236,24 +236,6 @@ _crypto_kdf_keybytes 1 1 _crypto_kdf_keygen 1 1 _crypto_kdf_primitive 0 1 _crypto_kx_client_session_keys 1 1 -_crypto_kx_curve25519_client_session_keys 0 1 -_crypto_kx_curve25519_keypair 0 1 -_crypto_kx_curve25519_primitive 0 1 -_crypto_kx_curve25519_publickeybytes 0 1 -_crypto_kx_curve25519_secretkeybytes 0 1 -_crypto_kx_curve25519_seed_keypair 0 1 -_crypto_kx_curve25519_seedbytes 0 1 -_crypto_kx_curve25519_server_session_keys 0 1 -_crypto_kx_curve25519_sessionkeybytes 0 1 -_crypto_kx_ed25519_client_session_keys 0 1 -_crypto_kx_ed25519_keypair 0 1 -_crypto_kx_ed25519_primitive 0 1 -_crypto_kx_ed25519_publickeybytes 0 1 -_crypto_kx_ed25519_secretkeybytes 0 1 -_crypto_kx_ed25519_seed_keypair 0 1 -_crypto_kx_ed25519_seedbytes 0 1 -_crypto_kx_ed25519_server_session_keys 0 1 -_crypto_kx_ed25519_sessionkeybytes 0 1 _crypto_kx_keypair 1 1 _crypto_kx_primitive 0 1 _crypto_kx_publickeybytes 1 1 diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index e545ab0d..9b5688bb 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -2,7 +2,7 @@ export MAKE_FLAGS='-j4' export EXPORTED_FUNCTIONS_STANDARD='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_messagebytes_max","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_saltbytes","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' -export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_messagebytes_max","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_messagebytes_max","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_nonreducedscalarbytes","_crypto_core_ed25519_scalar_invert","_crypto_core_ed25519_scalar_random","_crypto_core_ed25519_scalar_reduce","_crypto_core_ed25519_scalarbytes","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_curve25519_client_session_keys","_crypto_kx_curve25519_keypair","_crypto_kx_curve25519_primitive","_crypto_kx_curve25519_publickeybytes","_crypto_kx_curve25519_secretkeybytes","_crypto_kx_curve25519_seed_keypair","_crypto_kx_curve25519_seedbytes","_crypto_kx_curve25519_server_session_keys","_crypto_kx_curve25519_sessionkeybytes","_crypto_kx_ed25519_client_session_keys","_crypto_kx_ed25519_keypair","_crypto_kx_ed25519_primitive","_crypto_kx_ed25519_publickeybytes","_crypto_kx_ed25519_secretkeybytes","_crypto_kx_ed25519_seed_keypair","_crypto_kx_ed25519_seedbytes","_crypto_kx_ed25519_server_session_keys","_crypto_kx_ed25519_sessionkeybytes","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_base_noclamp","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_noclamp","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_messagebytes_max","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_messagebytes_max","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_messagebytes_max","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_messagebytes_max","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_messagebytes_max","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_messagebytes_max","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_messagebytes_max","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_messagebytes_max","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_messagebytes_max","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_messagebytes_max","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' +export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_messagebytes_max","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_messagebytes_max","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_nonreducedscalarbytes","_crypto_core_ed25519_scalar_invert","_crypto_core_ed25519_scalar_random","_crypto_core_ed25519_scalar_reduce","_crypto_core_ed25519_scalarbytes","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_base_noclamp","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_noclamp","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_messagebytes_max","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_messagebytes_max","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_messagebytes_max","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_messagebytes_max","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_messagebytes_max","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_messagebytes_max","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_messagebytes_max","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_messagebytes_max","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_messagebytes_max","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_messagebytes_max","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' export EXPORTED_RUNTIME_METHODS='["Pointer_stringify","getValue","setValue"]' export TOTAL_MEMORY=16777216 export TOTAL_MEMORY_SUMO=83886080 diff --git a/libsodium.vcxproj b/libsodium.vcxproj index eb414baf..63d5f956 100644 --- a/libsodium.vcxproj +++ b/libsodium.vcxproj @@ -324,8 +324,6 @@ - - @@ -439,7 +437,6 @@ - @@ -450,7 +447,6 @@ - @@ -482,7 +478,6 @@ - diff --git a/libsodium.vcxproj.filters b/libsodium.vcxproj.filters index 7f46d94e..b4a4ea96 100644 --- a/libsodium.vcxproj.filters +++ b/libsodium.vcxproj.filters @@ -42,12 +42,6 @@ Source Files - - Source Files - - - Source Files - Source Files @@ -383,9 +377,6 @@ Header Files - - Header Files - Header Files @@ -416,9 +407,6 @@ Header Files - - Header Files - Header Files @@ -512,9 +500,6 @@ Header Files - - Header Files - Header Files diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am index a3c8758b..2c3d210f 100644 --- a/src/libsodium/Makefile.am +++ b/src/libsodium/Makefile.am @@ -1,4 +1,3 @@ - lib_LTLIBRARIES = \ libsodium.la @@ -35,7 +34,6 @@ libsodium_la_SOURCES = \ crypto_kdf/blake2b/kdf_blake2b.c \ crypto_kdf/crypto_kdf.c \ crypto_kx/crypto_kx.c \ - crypto_kx/curve25519/kx_curve25519.c \ crypto_onetimeauth/crypto_onetimeauth.c \ crypto_onetimeauth/poly1305/onetimeauth_poly1305.c \ crypto_onetimeauth/poly1305/onetimeauth_poly1305.h \ @@ -154,7 +152,6 @@ libsodium_la_SOURCES += \ crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c \ crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c \ crypto_core/ed25519/core_ed25519.c \ - crypto_kx/ed25519/kx_ed25519.c \ crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c \ crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h \ crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c \ diff --git a/src/libsodium/crypto_kx/crypto_kx.c b/src/libsodium/crypto_kx/crypto_kx.c index 729d464f..877ab7ff 100644 --- a/src/libsodium/crypto_kx/crypto_kx.c +++ b/src/libsodium/crypto_kx/crypto_kx.c @@ -1,21 +1,33 @@ +#include + +#include "core.h" +#include "crypto_generichash.h" #include "crypto_kx.h" -#include "crypto_kx_curve25519.h" +#include "crypto_scalarmult.h" #include "private/common.h" +#include "randombytes.h" +#include "utils.h" int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], unsigned char sk[crypto_kx_SECRETKEYBYTES], const unsigned char seed[crypto_kx_SEEDBYTES]) { - return crypto_kx_curve25519_seed_keypair(pk, sk, seed); + crypto_generichash(sk, crypto_kx_SECRETKEYBYTES, + seed, crypto_kx_SEEDBYTES, NULL, 0); + return crypto_scalarmult_base(pk, sk); } int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], unsigned char sk[crypto_kx_SECRETKEYBYTES]) { - return crypto_kx_curve25519_keypair(pk, sk); + COMPILER_ASSERT(crypto_kx_SECRETKEYBYTES == crypto_scalarmult_SCALARBYTES); + COMPILER_ASSERT(crypto_kx_PUBLICKEYBYTES == crypto_scalarmult_BYTES); + + randombytes_buf(sk, crypto_kx_SECRETKEYBYTES); + return crypto_scalarmult_base(pk, sk); } int @@ -25,8 +37,38 @@ crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], const unsigned char client_sk[crypto_kx_SECRETKEYBYTES], const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES]) { - return crypto_kx_curve25519_client_session_keys(rx, tx, client_pk, - client_sk, server_pk); + crypto_generichash_state h; + unsigned char q[crypto_scalarmult_BYTES]; + unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES]; + int i; + + if (rx == NULL) { + rx = tx; + } + if (tx == NULL) { + tx = rx; + } + if (rx == NULL) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + if (crypto_scalarmult(q, client_sk, server_pk) != 0) { + return -1; + } + COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); + crypto_generichash_init(&h, NULL, 0U, sizeof keys); + crypto_generichash_update(&h, q, crypto_scalarmult_BYTES); + sodium_memzero(q, sizeof q); + crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES); + crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES); + crypto_generichash_final(&h, keys, sizeof keys); + sodium_memzero(&h, sizeof h); + for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) { + rx[i] = keys[i]; + tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; + } + sodium_memzero(keys, sizeof keys); + + return 0; } int @@ -36,36 +78,66 @@ crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], const unsigned char server_sk[crypto_kx_SECRETKEYBYTES], const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES]) { - return crypto_kx_curve25519_server_session_keys(rx, tx, server_pk, - server_sk, client_pk); + crypto_generichash_state h; + unsigned char q[crypto_scalarmult_BYTES]; + unsigned char keys[2 * crypto_kx_SESSIONKEYBYTES]; + int i; + + if (rx == NULL) { + rx = tx; + } + if (tx == NULL) { + tx = rx; + } + if (rx == NULL) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + if (crypto_scalarmult(q, server_sk, client_pk) != 0) { + return -1; + } + COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); + crypto_generichash_init(&h, NULL, 0U, sizeof keys); + crypto_generichash_update(&h, q, crypto_scalarmult_BYTES); + sodium_memzero(q, sizeof q); + crypto_generichash_update(&h, client_pk, crypto_kx_PUBLICKEYBYTES); + crypto_generichash_update(&h, server_pk, crypto_kx_PUBLICKEYBYTES); + crypto_generichash_final(&h, keys, sizeof keys); + sodium_memzero(&h, sizeof h); + for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) { + tx[i] = keys[i]; + rx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; + } + sodium_memzero(keys, sizeof keys); + + return 0; } size_t crypto_kx_publickeybytes(void) { - return crypto_kx_curve25519_PUBLICKEYBYTES; + return crypto_kx_PUBLICKEYBYTES; } size_t crypto_kx_secretkeybytes(void) { - return crypto_kx_curve25519_SECRETKEYBYTES; + return crypto_kx_SECRETKEYBYTES; } size_t crypto_kx_seedbytes(void) { - return crypto_kx_curve25519_SEEDBYTES; + return crypto_kx_SEEDBYTES; } size_t crypto_kx_sessionkeybytes(void) { - return crypto_kx_curve25519_SESSIONKEYBYTES; + return crypto_kx_SESSIONKEYBYTES; } const char * crypto_kx_primitive(void) { - return crypto_kx_curve25519_PRIMITIVE; + return crypto_kx_PRIMITIVE; } diff --git a/src/libsodium/crypto_kx/curve25519/kx_curve25519.c b/src/libsodium/crypto_kx/curve25519/kx_curve25519.c deleted file mode 100644 index 4709a7de..00000000 --- a/src/libsodium/crypto_kx/curve25519/kx_curve25519.c +++ /dev/null @@ -1,143 +0,0 @@ - -#include - -#include "core.h" -#include "crypto_generichash.h" -#include "crypto_kx_curve25519.h" -#include "crypto_scalarmult_curve25519.h" -#include "private/common.h" -#include "randombytes.h" -#include "utils.h" - -int -crypto_kx_curve25519_seed_keypair(unsigned char pk[crypto_kx_curve25519_PUBLICKEYBYTES], - unsigned char sk[crypto_kx_curve25519_SECRETKEYBYTES], - const unsigned char seed[crypto_kx_curve25519_SEEDBYTES]) -{ - crypto_generichash(sk, crypto_kx_curve25519_SECRETKEYBYTES, - seed, crypto_kx_curve25519_SEEDBYTES, NULL, 0); - return crypto_scalarmult_curve25519_base(pk, sk); -} - -int -crypto_kx_curve25519_keypair(unsigned char pk[crypto_kx_curve25519_PUBLICKEYBYTES], - unsigned char sk[crypto_kx_curve25519_SECRETKEYBYTES]) -{ - COMPILER_ASSERT(crypto_kx_curve25519_SECRETKEYBYTES == crypto_scalarmult_curve25519_SCALARBYTES); - COMPILER_ASSERT(crypto_kx_curve25519_PUBLICKEYBYTES == crypto_scalarmult_curve25519_BYTES); - - randombytes_buf(sk, crypto_kx_curve25519_SECRETKEYBYTES); - return crypto_scalarmult_curve25519_base(pk, sk); -} - -int -crypto_kx_curve25519_client_session_keys(unsigned char rx[crypto_kx_curve25519_SESSIONKEYBYTES], - unsigned char tx[crypto_kx_curve25519_SESSIONKEYBYTES], - const unsigned char client_pk[crypto_kx_curve25519_PUBLICKEYBYTES], - const unsigned char client_sk[crypto_kx_curve25519_SECRETKEYBYTES], - const unsigned char server_pk[crypto_kx_curve25519_PUBLICKEYBYTES]) -{ - crypto_generichash_state h; - unsigned char q[crypto_scalarmult_curve25519_BYTES]; - unsigned char keys[2 * crypto_kx_curve25519_SESSIONKEYBYTES]; - int i; - - if (rx == NULL) { - rx = tx; - } - if (tx == NULL) { - tx = rx; - } - if (rx == NULL) { - sodium_misuse(); /* LCOV_EXCL_LINE */ - } - if (crypto_scalarmult_curve25519(q, client_sk, server_pk) != 0) { - return -1; - } - COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); - crypto_generichash_init(&h, NULL, 0U, sizeof keys); - crypto_generichash_update(&h, q, crypto_scalarmult_curve25519_BYTES); - sodium_memzero(q, sizeof q); - crypto_generichash_update(&h, client_pk, crypto_kx_curve25519_PUBLICKEYBYTES); - crypto_generichash_update(&h, server_pk, crypto_kx_curve25519_PUBLICKEYBYTES); - crypto_generichash_final(&h, keys, sizeof keys); - sodium_memzero(&h, sizeof h); - for (i = 0; i < crypto_kx_curve25519_SESSIONKEYBYTES; i++) { - rx[i] = keys[i]; - tx[i] = keys[i + crypto_kx_curve25519_SESSIONKEYBYTES]; - } - sodium_memzero(keys, sizeof keys); - - return 0; -} - -int -crypto_kx_curve25519_server_session_keys(unsigned char rx[crypto_kx_curve25519_SESSIONKEYBYTES], - unsigned char tx[crypto_kx_curve25519_SESSIONKEYBYTES], - const unsigned char server_pk[crypto_kx_curve25519_PUBLICKEYBYTES], - const unsigned char server_sk[crypto_kx_curve25519_SECRETKEYBYTES], - const unsigned char client_pk[crypto_kx_curve25519_PUBLICKEYBYTES]) -{ - crypto_generichash_state h; - unsigned char q[crypto_scalarmult_curve25519_BYTES]; - unsigned char keys[2 * crypto_kx_curve25519_SESSIONKEYBYTES]; - int i; - - if (rx == NULL) { - rx = tx; - } - if (tx == NULL) { - tx = rx; - } - if (rx == NULL) { - sodium_misuse(); /* LCOV_EXCL_LINE */ - } - if (crypto_scalarmult_curve25519(q, server_sk, client_pk) != 0) { - return -1; - } - COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); - crypto_generichash_init(&h, NULL, 0U, sizeof keys); - crypto_generichash_update(&h, q, crypto_scalarmult_curve25519_BYTES); - sodium_memzero(q, sizeof q); - crypto_generichash_update(&h, client_pk, crypto_kx_curve25519_PUBLICKEYBYTES); - crypto_generichash_update(&h, server_pk, crypto_kx_curve25519_PUBLICKEYBYTES); - crypto_generichash_final(&h, keys, sizeof keys); - sodium_memzero(&h, sizeof h); - for (i = 0; i < crypto_kx_curve25519_SESSIONKEYBYTES; i++) { - tx[i] = keys[i]; - rx[i] = keys[i + crypto_kx_curve25519_SESSIONKEYBYTES]; - } - sodium_memzero(keys, sizeof keys); - - return 0; -} - -size_t -crypto_kx_curve25519_publickeybytes(void) -{ - return crypto_kx_curve25519_PUBLICKEYBYTES; -} - -size_t -crypto_kx_curve25519_secretkeybytes(void) -{ - return crypto_kx_curve25519_SECRETKEYBYTES; -} - -size_t -crypto_kx_curve25519_seedbytes(void) -{ - return crypto_kx_curve25519_SEEDBYTES; -} - -size_t -crypto_kx_curve25519_sessionkeybytes(void) -{ - return crypto_kx_curve25519_SESSIONKEYBYTES; -} - -const char * -crypto_kx_curve25519_primitive(void) -{ - return crypto_kx_curve25519_PRIMITIVE; -} diff --git a/src/libsodium/crypto_kx/ed25519/kx_ed25519.c b/src/libsodium/crypto_kx/ed25519/kx_ed25519.c deleted file mode 100644 index 783e9003..00000000 --- a/src/libsodium/crypto_kx/ed25519/kx_ed25519.c +++ /dev/null @@ -1,143 +0,0 @@ - -#include - -#include "core.h" -#include "crypto_generichash.h" -#include "crypto_kx_ed25519.h" -#include "crypto_scalarmult_ed25519.h" -#include "private/common.h" -#include "randombytes.h" -#include "utils.h" - -int -crypto_kx_ed25519_seed_keypair(unsigned char pk[crypto_kx_ed25519_PUBLICKEYBYTES], - unsigned char sk[crypto_kx_ed25519_SECRETKEYBYTES], - const unsigned char seed[crypto_kx_ed25519_SEEDBYTES]) -{ - crypto_generichash(sk, crypto_kx_ed25519_SECRETKEYBYTES, - seed, crypto_kx_ed25519_SEEDBYTES, NULL, 0); - return crypto_scalarmult_ed25519_base(pk, sk); -} - -int -crypto_kx_ed25519_keypair(unsigned char pk[crypto_kx_ed25519_PUBLICKEYBYTES], - unsigned char sk[crypto_kx_ed25519_SECRETKEYBYTES]) -{ - COMPILER_ASSERT(crypto_kx_ed25519_SECRETKEYBYTES == crypto_scalarmult_ed25519_SCALARBYTES); - COMPILER_ASSERT(crypto_kx_ed25519_PUBLICKEYBYTES == crypto_scalarmult_ed25519_BYTES); - - randombytes_buf(sk, crypto_kx_ed25519_SECRETKEYBYTES); - return crypto_scalarmult_ed25519_base(pk, sk); -} - -int -crypto_kx_ed25519_client_session_keys(unsigned char rx[crypto_kx_ed25519_SESSIONKEYBYTES], - unsigned char tx[crypto_kx_ed25519_SESSIONKEYBYTES], - const unsigned char client_pk[crypto_kx_ed25519_PUBLICKEYBYTES], - const unsigned char client_sk[crypto_kx_ed25519_SECRETKEYBYTES], - const unsigned char server_pk[crypto_kx_ed25519_PUBLICKEYBYTES]) -{ - crypto_generichash_state h; - unsigned char q[crypto_scalarmult_ed25519_BYTES]; - unsigned char keys[2 * crypto_kx_ed25519_SESSIONKEYBYTES]; - int i; - - if (rx == NULL) { - rx = tx; - } - if (tx == NULL) { - tx = rx; - } - if (rx == NULL) { - sodium_misuse(); /* LCOV_EXCL_LINE */ - } - if (crypto_scalarmult_ed25519(q, client_sk, server_pk) != 0) { - return -1; - } - COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); - crypto_generichash_init(&h, NULL, 0U, sizeof keys); - crypto_generichash_update(&h, q, crypto_scalarmult_ed25519_BYTES); - sodium_memzero(q, sizeof q); - crypto_generichash_update(&h, client_pk, crypto_kx_ed25519_PUBLICKEYBYTES); - crypto_generichash_update(&h, server_pk, crypto_kx_ed25519_PUBLICKEYBYTES); - crypto_generichash_final(&h, keys, sizeof keys); - sodium_memzero(&h, sizeof h); - for (i = 0; i < crypto_kx_ed25519_SESSIONKEYBYTES; i++) { - rx[i] = keys[i]; - tx[i] = keys[i + crypto_kx_ed25519_SESSIONKEYBYTES]; - } - sodium_memzero(keys, sizeof keys); - - return 0; -} - -int -crypto_kx_ed25519_server_session_keys(unsigned char rx[crypto_kx_ed25519_SESSIONKEYBYTES], - unsigned char tx[crypto_kx_ed25519_SESSIONKEYBYTES], - const unsigned char server_pk[crypto_kx_ed25519_PUBLICKEYBYTES], - const unsigned char server_sk[crypto_kx_ed25519_SECRETKEYBYTES], - const unsigned char client_pk[crypto_kx_ed25519_PUBLICKEYBYTES]) -{ - crypto_generichash_state h; - unsigned char q[crypto_scalarmult_ed25519_BYTES]; - unsigned char keys[2 * crypto_kx_ed25519_SESSIONKEYBYTES]; - int i; - - if (rx == NULL) { - rx = tx; - } - if (tx == NULL) { - tx = rx; - } - if (rx == NULL) { - sodium_misuse(); /* LCOV_EXCL_LINE */ - } - if (crypto_scalarmult_ed25519(q, server_sk, client_pk) != 0) { - return -1; - } - COMPILER_ASSERT(sizeof keys <= crypto_generichash_BYTES_MAX); - crypto_generichash_init(&h, NULL, 0U, sizeof keys); - crypto_generichash_update(&h, q, crypto_scalarmult_ed25519_BYTES); - sodium_memzero(q, sizeof q); - crypto_generichash_update(&h, client_pk, crypto_kx_ed25519_PUBLICKEYBYTES); - crypto_generichash_update(&h, server_pk, crypto_kx_ed25519_PUBLICKEYBYTES); - crypto_generichash_final(&h, keys, sizeof keys); - sodium_memzero(&h, sizeof h); - for (i = 0; i < crypto_kx_ed25519_SESSIONKEYBYTES; i++) { - tx[i] = keys[i]; - rx[i] = keys[i + crypto_kx_ed25519_SESSIONKEYBYTES]; - } - sodium_memzero(keys, sizeof keys); - - return 0; -} - -size_t -crypto_kx_ed25519_publickeybytes(void) -{ - return crypto_kx_ed25519_PUBLICKEYBYTES; -} - -size_t -crypto_kx_ed25519_secretkeybytes(void) -{ - return crypto_kx_ed25519_SECRETKEYBYTES; -} - -size_t -crypto_kx_ed25519_seedbytes(void) -{ - return crypto_kx_ed25519_SEEDBYTES; -} - -size_t -crypto_kx_ed25519_sessionkeybytes(void) -{ - return crypto_kx_ed25519_SESSIONKEYBYTES; -} - -const char * -crypto_kx_ed25519_primitive(void) -{ - return crypto_kx_ed25519_PRIMITIVE; -} diff --git a/src/libsodium/include/Makefile.am b/src/libsodium/include/Makefile.am index 4bf69e78..b70c22b3 100644 --- a/src/libsodium/include/Makefile.am +++ b/src/libsodium/include/Makefile.am @@ -26,8 +26,6 @@ SODIUM_EXPORT = \ sodium/crypto_kdf.h \ sodium/crypto_kdf_blake2b.h \ sodium/crypto_kx.h \ - sodium/crypto_kx_curve25519.h \ - sodium/crypto_kx_ed25519.h \ sodium/crypto_onetimeauth.h \ sodium/crypto_onetimeauth_poly1305.h \ sodium/crypto_pwhash.h \ diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h index 54e37632..e7b1af46 100644 --- a/src/libsodium/include/sodium.h +++ b/src/libsodium/include/sodium.h @@ -27,8 +27,6 @@ #include "sodium/crypto_kdf.h" #include "sodium/crypto_kdf_blake2b.h" #include "sodium/crypto_kx.h" -#include "sodium/crypto_kx_curve25519.h" -#include "sodium/crypto_kx_ed25519.h" #include "sodium/crypto_onetimeauth.h" #include "sodium/crypto_onetimeauth_poly1305.h" #include "sodium/crypto_pwhash.h" diff --git a/src/libsodium/include/sodium/crypto_kx.h b/src/libsodium/include/sodium/crypto_kx.h index 6cd8b255..347132c3 100644 --- a/src/libsodium/include/sodium/crypto_kx.h +++ b/src/libsodium/include/sodium/crypto_kx.h @@ -3,7 +3,6 @@ #include -#include "crypto_kx_curve25519.h" #include "export.h" #ifdef __cplusplus @@ -13,23 +12,23 @@ extern "C" { #endif -#define crypto_kx_PUBLICKEYBYTES crypto_kx_curve25519_PUBLICKEYBYTES +#define crypto_kx_PUBLICKEYBYTES 32 SODIUM_EXPORT size_t crypto_kx_publickeybytes(void); -#define crypto_kx_SECRETKEYBYTES crypto_kx_curve25519_SECRETKEYBYTES +#define crypto_kx_SECRETKEYBYTES 32 SODIUM_EXPORT size_t crypto_kx_secretkeybytes(void); -#define crypto_kx_SEEDBYTES crypto_kx_curve25519_SEEDBYTES +#define crypto_kx_SEEDBYTES 32 SODIUM_EXPORT size_t crypto_kx_seedbytes(void); -#define crypto_kx_SESSIONKEYBYTES crypto_kx_curve25519_SESSIONKEYBYTES +#define crypto_kx_SESSIONKEYBYTES 32 SODIUM_EXPORT size_t crypto_kx_sessionkeybytes(void); -#define crypto_kx_PRIMITIVE crypto_kx_curve25519_PRIMITIVE +#define crypto_kx_PRIMITIVE "x25519blake2b" SODIUM_EXPORT const char *crypto_kx_primitive(void); diff --git a/src/libsodium/include/sodium/crypto_kx_curve25519.h b/src/libsodium/include/sodium/crypto_kx_curve25519.h deleted file mode 100644 index 1b6beabe..00000000 --- a/src/libsodium/include/sodium/crypto_kx_curve25519.h +++ /dev/null @@ -1,66 +0,0 @@ -#ifndef crypto_kx_curve25519_H -#define crypto_kx_curve25519_H - -#include - -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_kx_curve25519_PUBLICKEYBYTES 32 -SODIUM_EXPORT -size_t crypto_kx_curve25519_publickeybytes(void); - -#define crypto_kx_curve25519_SECRETKEYBYTES 32 -SODIUM_EXPORT -size_t crypto_kx_curve25519_secretkeybytes(void); - -#define crypto_kx_curve25519_SEEDBYTES 32 -SODIUM_EXPORT -size_t crypto_kx_curve25519_seedbytes(void); - -#define crypto_kx_curve25519_SESSIONKEYBYTES 32 -SODIUM_EXPORT -size_t crypto_kx_curve25519_sessionkeybytes(void); - -#define crypto_kx_curve25519_PRIMITIVE "x25519blake2b" -SODIUM_EXPORT -const char *crypto_kx_curve25519_primitive(void); - -SODIUM_EXPORT -int crypto_kx_curve25519_seed_keypair(unsigned char pk[crypto_kx_curve25519_PUBLICKEYBYTES], - unsigned char sk[crypto_kx_curve25519_SECRETKEYBYTES], - const unsigned char seed[crypto_kx_curve25519_SEEDBYTES]) - __attribute__ ((nonnull)); - -SODIUM_EXPORT -int crypto_kx_curve25519_keypair(unsigned char pk[crypto_kx_curve25519_PUBLICKEYBYTES], - unsigned char sk[crypto_kx_curve25519_SECRETKEYBYTES]) - __attribute__ ((nonnull)); - -SODIUM_EXPORT -int crypto_kx_curve25519_client_session_keys(unsigned char rx[crypto_kx_curve25519_SESSIONKEYBYTES], - unsigned char tx[crypto_kx_curve25519_SESSIONKEYBYTES], - const unsigned char client_pk[crypto_kx_curve25519_PUBLICKEYBYTES], - const unsigned char client_sk[crypto_kx_curve25519_SECRETKEYBYTES], - const unsigned char server_pk[crypto_kx_curve25519_PUBLICKEYBYTES]) - __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); - -SODIUM_EXPORT -int crypto_kx_curve25519_server_session_keys(unsigned char rx[crypto_kx_curve25519_SESSIONKEYBYTES], - unsigned char tx[crypto_kx_curve25519_SESSIONKEYBYTES], - const unsigned char server_pk[crypto_kx_curve25519_PUBLICKEYBYTES], - const unsigned char server_sk[crypto_kx_curve25519_SECRETKEYBYTES], - const unsigned char client_pk[crypto_kx_curve25519_PUBLICKEYBYTES]) - __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/src/libsodium/include/sodium/crypto_kx_ed25519.h b/src/libsodium/include/sodium/crypto_kx_ed25519.h deleted file mode 100644 index daa9598a..00000000 --- a/src/libsodium/include/sodium/crypto_kx_ed25519.h +++ /dev/null @@ -1,66 +0,0 @@ -#ifndef crypto_kx_ed25519_H -#define crypto_kx_ed25519_H - -#include - -#include "export.h" - -#ifdef __cplusplus -# ifdef __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_kx_ed25519_PUBLICKEYBYTES 32 -SODIUM_EXPORT -size_t crypto_kx_ed25519_publickeybytes(void); - -#define crypto_kx_ed25519_SECRETKEYBYTES 32 -SODIUM_EXPORT -size_t crypto_kx_ed25519_secretkeybytes(void); - -#define crypto_kx_ed25519_SEEDBYTES 32 -SODIUM_EXPORT -size_t crypto_kx_ed25519_seedbytes(void); - -#define crypto_kx_ed25519_SESSIONKEYBYTES 32 -SODIUM_EXPORT -size_t crypto_kx_ed25519_sessionkeybytes(void); - -#define crypto_kx_ed25519_PRIMITIVE "ed25519blake2b" -SODIUM_EXPORT -const char *crypto_kx_ed25519_primitive(void); - -SODIUM_EXPORT -int crypto_kx_ed25519_seed_keypair(unsigned char pk[crypto_kx_ed25519_PUBLICKEYBYTES], - unsigned char sk[crypto_kx_ed25519_SECRETKEYBYTES], - const unsigned char seed[crypto_kx_ed25519_SEEDBYTES]) - __attribute__ ((nonnull)); - -SODIUM_EXPORT -int crypto_kx_ed25519_keypair(unsigned char pk[crypto_kx_ed25519_PUBLICKEYBYTES], - unsigned char sk[crypto_kx_ed25519_SECRETKEYBYTES]) - __attribute__ ((nonnull)); - -SODIUM_EXPORT -int crypto_kx_ed25519_client_session_keys(unsigned char rx[crypto_kx_ed25519_SESSIONKEYBYTES], - unsigned char tx[crypto_kx_ed25519_SESSIONKEYBYTES], - const unsigned char client_pk[crypto_kx_ed25519_PUBLICKEYBYTES], - const unsigned char client_sk[crypto_kx_ed25519_SECRETKEYBYTES], - const unsigned char server_pk[crypto_kx_ed25519_PUBLICKEYBYTES]) - __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); - -SODIUM_EXPORT -int crypto_kx_ed25519_server_session_keys(unsigned char rx[crypto_kx_ed25519_SESSIONKEYBYTES], - unsigned char tx[crypto_kx_ed25519_SESSIONKEYBYTES], - const unsigned char server_pk[crypto_kx_ed25519_PUBLICKEYBYTES], - const unsigned char server_sk[crypto_kx_ed25519_SECRETKEYBYTES], - const unsigned char client_pk[crypto_kx_ed25519_PUBLICKEYBYTES]) - __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); - -#ifdef __cplusplus -} -#endif - -#endif From c9842d9af99e32eb3a165d42da49efc5a625cd9a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 26 Dec 2018 17:57:06 +0100 Subject: [PATCH 148/190] Make allocate_memory() error path less confusing --- src/libsodium/crypto_pwhash/argon2/argon2-core.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/src/libsodium/crypto_pwhash/argon2/argon2-core.c b/src/libsodium/crypto_pwhash/argon2/argon2-core.c index 530778e4..bfe3fbbf 100644 --- a/src/libsodium/crypto_pwhash/argon2/argon2-core.c +++ b/src/libsodium/crypto_pwhash/argon2/argon2-core.c @@ -80,14 +80,11 @@ allocate_memory(block_region **region, uint32_t m_cost) return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */ } memory_size = sizeof(block) * m_cost; - if (m_cost == 0 || - memory_size / m_cost != - sizeof(block)) { /*1. Check for multiplication overflow*/ + if (m_cost == 0 || memory_size / m_cost != sizeof(block)) { return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */ } - *region = (block_region *) malloc( - sizeof(block_region)); /*2. Try to allocate region*/ - if (!*region) { + *region = (block_region *) malloc(sizeof(block_region)); + if (*region == NULL) { return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */ } (*region)->base = (*region)->memory = NULL; @@ -116,6 +113,8 @@ allocate_memory(block_region **region, uint32_t m_cost) } #endif if (base == NULL) { + free(*region); + *region = NULL; return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */ } (*region)->base = base; From 7bc5a3da6685a3ba8fc9ae39a94f0dc2649b0802 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 26 Dec 2018 18:19:37 +0100 Subject: [PATCH 149/190] Constify --- .../blake2b/ref/blake2b-compress-ssse3.c | 32 ++-- .../crypto_scrypt-common.c | 4 +- .../nosse/pwhash_scryptsalsa208sha256_nosse.c | 11 +- .../crypto_stream/chacha20/dolbeau/u0.h | 8 +- .../crypto_stream/chacha20/dolbeau/u1.h | 24 +-- .../crypto_stream/chacha20/dolbeau/u4.h | 52 +++--- .../crypto_stream/chacha20/dolbeau/u8.h | 152 +++++++++--------- src/libsodium/crypto_verify/sodium/verify.c | 8 +- 8 files changed, 148 insertions(+), 143 deletions(-) diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ssse3.c b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ssse3.c index a207a64d..5684bc88 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ssse3.c +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ssse3.c @@ -39,22 +39,22 @@ blake2b_compress_ssse3(blake2b_state *S, _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); const __m128i r24 = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); - const uint64_t m0 = ((uint64_t *) block)[0]; - const uint64_t m1 = ((uint64_t *) block)[1]; - const uint64_t m2 = ((uint64_t *) block)[2]; - const uint64_t m3 = ((uint64_t *) block)[3]; - const uint64_t m4 = ((uint64_t *) block)[4]; - const uint64_t m5 = ((uint64_t *) block)[5]; - const uint64_t m6 = ((uint64_t *) block)[6]; - const uint64_t m7 = ((uint64_t *) block)[7]; - const uint64_t m8 = ((uint64_t *) block)[8]; - const uint64_t m9 = ((uint64_t *) block)[9]; - const uint64_t m10 = ((uint64_t *) block)[10]; - const uint64_t m11 = ((uint64_t *) block)[11]; - const uint64_t m12 = ((uint64_t *) block)[12]; - const uint64_t m13 = ((uint64_t *) block)[13]; - const uint64_t m14 = ((uint64_t *) block)[14]; - const uint64_t m15 = ((uint64_t *) block)[15]; + const uint64_t m0 = ((const uint64_t *) block)[0]; + const uint64_t m1 = ((const uint64_t *) block)[1]; + const uint64_t m2 = ((const uint64_t *) block)[2]; + const uint64_t m3 = ((const uint64_t *) block)[3]; + const uint64_t m4 = ((const uint64_t *) block)[4]; + const uint64_t m5 = ((const uint64_t *) block)[5]; + const uint64_t m6 = ((const uint64_t *) block)[6]; + const uint64_t m7 = ((const uint64_t *) block)[7]; + const uint64_t m8 = ((const uint64_t *) block)[8]; + const uint64_t m9 = ((const uint64_t *) block)[9]; + const uint64_t m10 = ((const uint64_t *) block)[10]; + const uint64_t m11 = ((const uint64_t *) block)[11]; + const uint64_t m12 = ((const uint64_t *) block)[12]; + const uint64_t m13 = ((const uint64_t *) block)[13]; + const uint64_t m14 = ((const uint64_t *) block)[14]; + const uint64_t m15 = ((const uint64_t *) block)[15]; row1l = LOADU(&S->h[0]); row1h = LOADU(&S->h[2]); diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c index e15e12b2..8434aa34 100644 --- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c +++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c @@ -158,11 +158,11 @@ escrypt_r(escrypt_local_t *local, const uint8_t *passwd, size_t passwdlen, prefixlen = src - setting; salt = src; - src = (uint8_t *) strrchr((char *) salt, '$'); + src = (const uint8_t *) strrchr((char *) salt, '$'); if (src) { saltlen = src - salt; } else { - saltlen = strlen((char *) salt); + saltlen = strlen((const char *) salt); } need = prefixlen + saltlen + 1 + crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED + 1; diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c index 40288590..b1c1bd84 100644 --- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c +++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c @@ -181,20 +181,23 @@ blockmix_salsa8(const uint32_t *Bin, uint32_t *Bout, uint32_t *X, size_t r) /* 1: X <-- B_{2r - 1} */ blkcpy_64((escrypt_block_t *) X, - (escrypt_block_t *) &Bin[(2 * r - 1) * 16]); + (const escrypt_block_t *) &Bin[(2 * r - 1) * 16]); /* 2: for i = 0 to 2r - 1 do */ for (i = 0; i < 2 * r; i += 2) { /* 3: X <-- H(X \xor B_i) */ - blkxor_64((escrypt_block_t *) X, (escrypt_block_t *) &Bin[i * 16]); + blkxor_64((escrypt_block_t *) X, + (const escrypt_block_t *) &Bin[i * 16]); salsa20_8(X); /* 4: Y_i <-- X */ /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ - blkcpy_64((escrypt_block_t *) &Bout[i * 8], (escrypt_block_t *) X); + blkcpy_64((escrypt_block_t *) &Bout[i * 8], + (const escrypt_block_t *) X); /* 3: X <-- H(X \xor B_i) */ - blkxor_64((escrypt_block_t *) X, (escrypt_block_t *) &Bin[i * 16 + 16]); + blkxor_64((escrypt_block_t *) X, + (const escrypt_block_t *) &Bin[i * 16 + 16]); salsa20_8(X); /* 4: Y_i <-- X */ diff --git a/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h b/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h index 17c3ff8e..fc288186 100644 --- a/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h +++ b/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h @@ -9,10 +9,10 @@ if (bytes > 0) { unsigned int i; - x_0 = _mm_loadu_si128((__m128i*) (x + 0)); - x_1 = _mm_loadu_si128((__m128i*) (x + 4)); - x_2 = _mm_loadu_si128((__m128i*) (x + 8)); - x_3 = _mm_loadu_si128((__m128i*) (x + 12)); + x_0 = _mm_loadu_si128((const __m128i*) (x + 0)); + x_1 = _mm_loadu_si128((const __m128i*) (x + 4)); + x_2 = _mm_loadu_si128((const __m128i*) (x + 8)); + x_3 = _mm_loadu_si128((const __m128i*) (x + 12)); for (i = 0; i < ROUNDS; i += 2) { x_0 = _mm_add_epi32(x_0, x_1); diff --git a/src/libsodium/crypto_stream/chacha20/dolbeau/u1.h b/src/libsodium/crypto_stream/chacha20/dolbeau/u1.h index 867b44bc..f93fffea 100644 --- a/src/libsodium/crypto_stream/chacha20/dolbeau/u1.h +++ b/src/libsodium/crypto_stream/chacha20/dolbeau/u1.h @@ -10,10 +10,10 @@ while (bytes >= 64) { uint32_t in13; int i; - x_0 = _mm_loadu_si128((__m128i*) (x + 0)); - x_1 = _mm_loadu_si128((__m128i*) (x + 4)); - x_2 = _mm_loadu_si128((__m128i*) (x + 8)); - x_3 = _mm_loadu_si128((__m128i*) (x + 12)); + x_0 = _mm_loadu_si128((const __m128i*) (x + 0)); + x_1 = _mm_loadu_si128((const __m128i*) (x + 4)); + x_2 = _mm_loadu_si128((const __m128i*) (x + 8)); + x_3 = _mm_loadu_si128((const __m128i*) (x + 12)); for (i = 0; i < ROUNDS; i += 2) { x_0 = _mm_add_epi32(x_0, x_1); @@ -70,14 +70,14 @@ while (bytes >= 64) { t_1 = _mm_srli_epi32(t_1, 25); x_1 = _mm_xor_si128(x_1, t_1); } - x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((__m128i*) (x + 0))); - x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((__m128i*) (x + 4))); - x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((__m128i*) (x + 8))); - x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((__m128i*) (x + 12))); - x_0 = _mm_xor_si128(x_0, _mm_loadu_si128((__m128i*) (m + 0))); - x_1 = _mm_xor_si128(x_1, _mm_loadu_si128((__m128i*) (m + 16))); - x_2 = _mm_xor_si128(x_2, _mm_loadu_si128((__m128i*) (m + 32))); - x_3 = _mm_xor_si128(x_3, _mm_loadu_si128((__m128i*) (m + 48))); + x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((const __m128i*) (x + 0))); + x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((const __m128i*) (x + 4))); + x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((const __m128i*) (x + 8))); + x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((const __m128i*) (x + 12))); + x_0 = _mm_xor_si128(x_0, _mm_loadu_si128((const __m128i*) (m + 0))); + x_1 = _mm_xor_si128(x_1, _mm_loadu_si128((const __m128i*) (m + 16))); + x_2 = _mm_xor_si128(x_2, _mm_loadu_si128((const __m128i*) (m + 32))); + x_3 = _mm_xor_si128(x_3, _mm_loadu_si128((const __m128i*) (m + 48))); _mm_storeu_si128((__m128i*) (c + 0), x_0); _mm_storeu_si128((__m128i*) (c + 16), x_1); _mm_storeu_si128((__m128i*) (c + 32), x_2); diff --git a/src/libsodium/crypto_stream/chacha20/dolbeau/u4.h b/src/libsodium/crypto_stream/chacha20/dolbeau/u4.h index 3ff83426..4ab295d7 100644 --- a/src/libsodium/crypto_stream/chacha20/dolbeau/u4.h +++ b/src/libsodium/crypto_stream/chacha20/dolbeau/u4.h @@ -120,31 +120,33 @@ if (bytes >= 256) { VEC4_QUARTERROUND(3, 4, 9, 14); } -#define ONEQUAD_TRANSPOSE(A, B, C, D) \ - { \ - __m128i t0, t1, t2, t3; \ - \ - x_##A = _mm_add_epi32(x_##A, orig##A); \ - x_##B = _mm_add_epi32(x_##B, orig##B); \ - x_##C = _mm_add_epi32(x_##C, orig##C); \ - x_##D = _mm_add_epi32(x_##D, orig##D); \ - t_##A = _mm_unpacklo_epi32(x_##A, x_##B); \ - t_##B = _mm_unpacklo_epi32(x_##C, x_##D); \ - t_##C = _mm_unpackhi_epi32(x_##A, x_##B); \ - t_##D = _mm_unpackhi_epi32(x_##C, x_##D); \ - x_##A = _mm_unpacklo_epi64(t_##A, t_##B); \ - x_##B = _mm_unpackhi_epi64(t_##A, t_##B); \ - x_##C = _mm_unpacklo_epi64(t_##C, t_##D); \ - x_##D = _mm_unpackhi_epi64(t_##C, t_##D); \ - \ - t0 = _mm_xor_si128(x_##A, _mm_loadu_si128((__m128i*) (m + 0))); \ - _mm_storeu_si128((__m128i*) (c + 0), t0); \ - t1 = _mm_xor_si128(x_##B, _mm_loadu_si128((__m128i*) (m + 64))); \ - _mm_storeu_si128((__m128i*) (c + 64), t1); \ - t2 = _mm_xor_si128(x_##C, _mm_loadu_si128((__m128i*) (m + 128))); \ - _mm_storeu_si128((__m128i*) (c + 128), t2); \ - t3 = _mm_xor_si128(x_##D, _mm_loadu_si128((__m128i*) (m + 192))); \ - _mm_storeu_si128((__m128i*) (c + 192), t3); \ +#define ONEQUAD_TRANSPOSE(A, B, C, D) \ + { \ + __m128i t0, t1, t2, t3; \ + \ + x_##A = _mm_add_epi32(x_##A, orig##A); \ + x_##B = _mm_add_epi32(x_##B, orig##B); \ + x_##C = _mm_add_epi32(x_##C, orig##C); \ + x_##D = _mm_add_epi32(x_##D, orig##D); \ + t_##A = _mm_unpacklo_epi32(x_##A, x_##B); \ + t_##B = _mm_unpacklo_epi32(x_##C, x_##D); \ + t_##C = _mm_unpackhi_epi32(x_##A, x_##B); \ + t_##D = _mm_unpackhi_epi32(x_##C, x_##D); \ + x_##A = _mm_unpacklo_epi64(t_##A, t_##B); \ + x_##B = _mm_unpackhi_epi64(t_##A, t_##B); \ + x_##C = _mm_unpacklo_epi64(t_##C, t_##D); \ + x_##D = _mm_unpackhi_epi64(t_##C, t_##D); \ + \ + t0 = _mm_xor_si128(x_##A, _mm_loadu_si128((const __m128i*) (m + 0))); \ + _mm_storeu_si128((__m128i*) (c + 0), t0); \ + t1 = _mm_xor_si128(x_##B, _mm_loadu_si128((const __m128i*) (m + 64))); \ + _mm_storeu_si128((__m128i*) (c + 64), t1); \ + t2 = \ + _mm_xor_si128(x_##C, _mm_loadu_si128((const __m128i*) (m + 128))); \ + _mm_storeu_si128((__m128i*) (c + 128), t2); \ + t3 = \ + _mm_xor_si128(x_##D, _mm_loadu_si128((const __m128i*) (m + 192))); \ + _mm_storeu_si128((__m128i*) (c + 192), t3); \ } #define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D) diff --git a/src/libsodium/crypto_stream/chacha20/dolbeau/u8.h b/src/libsodium/crypto_stream/chacha20/dolbeau/u8.h index 22bf9fcf..2f6c5f1e 100644 --- a/src/libsodium/crypto_stream/chacha20/dolbeau/u8.h +++ b/src/libsodium/crypto_stream/chacha20/dolbeau/u8.h @@ -200,7 +200,7 @@ if (bytes >= 512) { in12 = x[12]; in13 = x[13]; in1213 = ((uint64_t) in12) | (((uint64_t) in13) << 32); - x_12 = x_13 = _mm256_broadcastq_epi64(_mm_cvtsi64_si128(in1213)); + x_12 = x_13 = _mm256_broadcastq_epi64(_mm_cvtsi64_si128(in1213)); t12 = _mm256_add_epi64(addv12, x_12); t13 = _mm256_add_epi64(addv13, x_13); @@ -228,45 +228,45 @@ if (bytes >= 512) { VEC8_ROUND(0, 5, 10, 15, 1, 6, 11, 12, 2, 7, 8, 13, 3, 4, 9, 14); } -#define ONEQUAD_TRANSPOSE(A, B, C, D) \ - { \ - __m128i t0, t1, t2, t3; \ - x_##A = _mm256_add_epi32(x_##A, orig##A); \ - x_##B = _mm256_add_epi32(x_##B, orig##B); \ - x_##C = _mm256_add_epi32(x_##C, orig##C); \ - x_##D = _mm256_add_epi32(x_##D, orig##D); \ - t_##A = _mm256_unpacklo_epi32(x_##A, x_##B); \ - t_##B = _mm256_unpacklo_epi32(x_##C, x_##D); \ - t_##C = _mm256_unpackhi_epi32(x_##A, x_##B); \ - t_##D = _mm256_unpackhi_epi32(x_##C, x_##D); \ - x_##A = _mm256_unpacklo_epi64(t_##A, t_##B); \ - x_##B = _mm256_unpackhi_epi64(t_##A, t_##B); \ - x_##C = _mm256_unpacklo_epi64(t_##C, t_##D); \ - x_##D = _mm256_unpackhi_epi64(t_##C, t_##D); \ - t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 0), \ - _mm_loadu_si128((__m128i*) (m + 0))); \ - _mm_storeu_si128((__m128i*) (c + 0), t0); \ - t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 0), \ - _mm_loadu_si128((__m128i*) (m + 64))); \ - _mm_storeu_si128((__m128i*) (c + 64), t1); \ - t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 0), \ - _mm_loadu_si128((__m128i*) (m + 128))); \ - _mm_storeu_si128((__m128i*) (c + 128), t2); \ - t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 0), \ - _mm_loadu_si128((__m128i*) (m + 192))); \ - _mm_storeu_si128((__m128i*) (c + 192), t3); \ - t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 1), \ - _mm_loadu_si128((__m128i*) (m + 256))); \ - _mm_storeu_si128((__m128i*) (c + 256), t0); \ - t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 1), \ - _mm_loadu_si128((__m128i*) (m + 320))); \ - _mm_storeu_si128((__m128i*) (c + 320), t1); \ - t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 1), \ - _mm_loadu_si128((__m128i*) (m + 384))); \ - _mm_storeu_si128((__m128i*) (c + 384), t2); \ - t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 1), \ - _mm_loadu_si128((__m128i*) (m + 448))); \ - _mm_storeu_si128((__m128i*) (c + 448), t3); \ +#define ONEQUAD_TRANSPOSE(A, B, C, D) \ + { \ + __m128i t0, t1, t2, t3; \ + x_##A = _mm256_add_epi32(x_##A, orig##A); \ + x_##B = _mm256_add_epi32(x_##B, orig##B); \ + x_##C = _mm256_add_epi32(x_##C, orig##C); \ + x_##D = _mm256_add_epi32(x_##D, orig##D); \ + t_##A = _mm256_unpacklo_epi32(x_##A, x_##B); \ + t_##B = _mm256_unpacklo_epi32(x_##C, x_##D); \ + t_##C = _mm256_unpackhi_epi32(x_##A, x_##B); \ + t_##D = _mm256_unpackhi_epi32(x_##C, x_##D); \ + x_##A = _mm256_unpacklo_epi64(t_##A, t_##B); \ + x_##B = _mm256_unpackhi_epi64(t_##A, t_##B); \ + x_##C = _mm256_unpacklo_epi64(t_##C, t_##D); \ + x_##D = _mm256_unpackhi_epi64(t_##C, t_##D); \ + t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 0), \ + _mm_loadu_si128((const __m128i*) (m + 0))); \ + _mm_storeu_si128((__m128i*) (c + 0), t0); \ + t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 0), \ + _mm_loadu_si128((const __m128i*) (m + 64))); \ + _mm_storeu_si128((__m128i*) (c + 64), t1); \ + t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 0), \ + _mm_loadu_si128((const __m128i*) (m + 128))); \ + _mm_storeu_si128((__m128i*) (c + 128), t2); \ + t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 0), \ + _mm_loadu_si128((const __m128i*) (m + 192))); \ + _mm_storeu_si128((__m128i*) (c + 192), t3); \ + t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 1), \ + _mm_loadu_si128((const __m128i*) (m + 256))); \ + _mm_storeu_si128((__m128i*) (c + 256), t0); \ + t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 1), \ + _mm_loadu_si128((const __m128i*) (m + 320))); \ + _mm_storeu_si128((__m128i*) (c + 320), t1); \ + t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 1), \ + _mm_loadu_si128((const __m128i*) (m + 384))); \ + _mm_storeu_si128((__m128i*) (c + 384), t2); \ + t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 1), \ + _mm_loadu_si128((const __m128i*) (m + 448))); \ + _mm_storeu_si128((__m128i*) (c + 448), t3); \ } #define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D) @@ -287,42 +287,42 @@ if (bytes >= 512) { x_##D = _mm256_unpackhi_epi64(t_##C, t_##D); \ } -#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \ - { \ - ONEQUAD_UNPCK(A, B, C, D); \ - ONEQUAD_UNPCK(A2, B2, C2, D2); \ - t_##A = _mm256_permute2x128_si256(x_##A, x_##A2, 0x20); \ - t_##A2 = _mm256_permute2x128_si256(x_##A, x_##A2, 0x31); \ - t_##B = _mm256_permute2x128_si256(x_##B, x_##B2, 0x20); \ - t_##B2 = _mm256_permute2x128_si256(x_##B, x_##B2, 0x31); \ - t_##C = _mm256_permute2x128_si256(x_##C, x_##C2, 0x20); \ - t_##C2 = _mm256_permute2x128_si256(x_##C, x_##C2, 0x31); \ - t_##D = _mm256_permute2x128_si256(x_##D, x_##D2, 0x20); \ - t_##D2 = _mm256_permute2x128_si256(x_##D, x_##D2, 0x31); \ - t_##A = \ - _mm256_xor_si256(t_##A, _mm256_loadu_si256((__m256i*) (m + 0))); \ - t_##B = \ - _mm256_xor_si256(t_##B, _mm256_loadu_si256((__m256i*) (m + 64))); \ - t_##C = \ - _mm256_xor_si256(t_##C, _mm256_loadu_si256((__m256i*) (m + 128))); \ - t_##D = \ - _mm256_xor_si256(t_##D, _mm256_loadu_si256((__m256i*) (m + 192))); \ - t_##A2 = _mm256_xor_si256(t_##A2, \ - _mm256_loadu_si256((__m256i*) (m + 256))); \ - t_##B2 = _mm256_xor_si256(t_##B2, \ - _mm256_loadu_si256((__m256i*) (m + 320))); \ - t_##C2 = _mm256_xor_si256(t_##C2, \ - _mm256_loadu_si256((__m256i*) (m + 384))); \ - t_##D2 = _mm256_xor_si256(t_##D2, \ - _mm256_loadu_si256((__m256i*) (m + 448))); \ - _mm256_storeu_si256((__m256i*) (c + 0), t_##A); \ - _mm256_storeu_si256((__m256i*) (c + 64), t_##B); \ - _mm256_storeu_si256((__m256i*) (c + 128), t_##C); \ - _mm256_storeu_si256((__m256i*) (c + 192), t_##D); \ - _mm256_storeu_si256((__m256i*) (c + 256), t_##A2); \ - _mm256_storeu_si256((__m256i*) (c + 320), t_##B2); \ - _mm256_storeu_si256((__m256i*) (c + 384), t_##C2); \ - _mm256_storeu_si256((__m256i*) (c + 448), t_##D2); \ +#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \ + { \ + ONEQUAD_UNPCK(A, B, C, D); \ + ONEQUAD_UNPCK(A2, B2, C2, D2); \ + t_##A = _mm256_permute2x128_si256(x_##A, x_##A2, 0x20); \ + t_##A2 = _mm256_permute2x128_si256(x_##A, x_##A2, 0x31); \ + t_##B = _mm256_permute2x128_si256(x_##B, x_##B2, 0x20); \ + t_##B2 = _mm256_permute2x128_si256(x_##B, x_##B2, 0x31); \ + t_##C = _mm256_permute2x128_si256(x_##C, x_##C2, 0x20); \ + t_##C2 = _mm256_permute2x128_si256(x_##C, x_##C2, 0x31); \ + t_##D = _mm256_permute2x128_si256(x_##D, x_##D2, 0x20); \ + t_##D2 = _mm256_permute2x128_si256(x_##D, x_##D2, 0x31); \ + t_##A = _mm256_xor_si256( \ + t_##A, _mm256_loadu_si256((const __m256i*) (m + 0))); \ + t_##B = _mm256_xor_si256( \ + t_##B, _mm256_loadu_si256((const __m256i*) (m + 64))); \ + t_##C = _mm256_xor_si256( \ + t_##C, _mm256_loadu_si256((const __m256i*) (m + 128))); \ + t_##D = _mm256_xor_si256( \ + t_##D, _mm256_loadu_si256((const __m256i*) (m + 192))); \ + t_##A2 = _mm256_xor_si256( \ + t_##A2, _mm256_loadu_si256((const __m256i*) (m + 256))); \ + t_##B2 = _mm256_xor_si256( \ + t_##B2, _mm256_loadu_si256((const __m256i*) (m + 320))); \ + t_##C2 = _mm256_xor_si256( \ + t_##C2, _mm256_loadu_si256((const __m256i*) (m + 384))); \ + t_##D2 = _mm256_xor_si256( \ + t_##D2, _mm256_loadu_si256((const __m256i*) (m + 448))); \ + _mm256_storeu_si256((__m256i*) (c + 0), t_##A); \ + _mm256_storeu_si256((__m256i*) (c + 64), t_##B); \ + _mm256_storeu_si256((__m256i*) (c + 128), t_##C); \ + _mm256_storeu_si256((__m256i*) (c + 192), t_##D); \ + _mm256_storeu_si256((__m256i*) (c + 256), t_##A2); \ + _mm256_storeu_si256((__m256i*) (c + 320), t_##B2); \ + _mm256_storeu_si256((__m256i*) (c + 384), t_##C2); \ + _mm256_storeu_si256((__m256i*) (c + 448), t_##D2); \ } ONEOCTO(0, 1, 2, 3, 4, 5, 6, 7); diff --git a/src/libsodium/crypto_verify/sodium/verify.c b/src/libsodium/crypto_verify/sodium/verify.c index ffebf220..6c7d1cca 100644 --- a/src/libsodium/crypto_verify/sodium/verify.c +++ b/src/libsodium/crypto_verify/sodium/verify.c @@ -44,12 +44,12 @@ crypto_verify_n(const unsigned char *x_, const unsigned char *y_, (const volatile __m128i *volatile) (const void *) x_; const volatile __m128i *volatile y = (const volatile __m128i *volatile) (const void *) y_; - v1 = _mm_loadu_si128((const __m128i *) &x[0]); - v2 = _mm_loadu_si128((const __m128i *) &y[0]); + v1 = _mm_loadu_si128((const volatile __m128i *) &x[0]); + v2 = _mm_loadu_si128((const volatile __m128i *) &y[0]); z = _mm_xor_si128(v1, v2); for (i = 1; i < n / 16; i++) { - v1 = _mm_loadu_si128((const __m128i *) &x[i]); - v2 = _mm_loadu_si128((const __m128i *) &y[i]); + v1 = _mm_loadu_si128((const volatile __m128i *) &x[i]); + v2 = _mm_loadu_si128((const volatile __m128i *) &y[i]); z = _mm_or_si128(z, _mm_xor_si128(v1, v2)); } m = _mm_movemask_epi8(_mm_cmpeq_epi32(z, zero)); From 0a6e10f75f798b412f14cfed5329416ed06417b6 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 26 Dec 2018 18:25:16 +0100 Subject: [PATCH 150/190] Constify --- .../blake2b/ref/blake2b-compress-avx2.h | 6 +- .../crypto_stream/chacha20/dolbeau/u0.h | 8 +- .../crypto_stream/salsa20/xmm6int/u0.h | 44 ++++---- .../crypto_stream/salsa20/xmm6int/u1.h | 16 +-- .../crypto_stream/salsa20/xmm6int/u4.h | 48 ++++---- .../crypto_stream/salsa20/xmm6int/u8.h | 106 +++++++++--------- src/libsodium/crypto_verify/sodium/verify.c | 8 +- 7 files changed, 118 insertions(+), 118 deletions(-) diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h index bc7e42d2..e3219777 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h @@ -2,13 +2,13 @@ #ifndef blake2b_compress_avx2_H #define blake2b_compress_avx2_H -#define LOADU128(p) _mm_loadu_si128((__m128i *) (p)) +#define LOADU128(p) _mm_loadu_si128((const __m128i *) (p)) #define STOREU128(p, r) _mm_storeu_si128((__m128i *) (p), r) -#define LOAD(p) _mm256_load_si256((__m256i *) (p)) +#define LOAD(p) _mm256_load_si256((const __m256i *) (p)) #define STORE(p, r) _mm256_store_si256((__m256i *) (p), r) -#define LOADU(p) _mm256_loadu_si256((__m256i *) (p)) +#define LOADU(p) _mm256_loadu_si256((const __m256i *) (p)) #define STOREU(p, r) _mm256_storeu_si256((__m256i *) (p), r) static inline uint64_t diff --git a/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h b/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h index fc288186..c05dfd72 100644 --- a/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h +++ b/src/libsodium/crypto_stream/chacha20/dolbeau/u0.h @@ -69,10 +69,10 @@ if (bytes > 0) { t_1 = _mm_srli_epi32(t_1, 25); x_1 = _mm_xor_si128(x_1, t_1); } - x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((__m128i*) (x + 0))); - x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((__m128i*) (x + 4))); - x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((__m128i*) (x + 8))); - x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((__m128i*) (x + 12))); + x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((const __m128i*) (x + 0))); + x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((const __m128i*) (x + 4))); + x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((const __m128i*) (x + 8))); + x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((const __m128i*) (x + 12))); _mm_storeu_si128((__m128i*) (partialblock + 0), x_0); _mm_storeu_si128((__m128i*) (partialblock + 16), x_1); _mm_storeu_si128((__m128i*) (partialblock + 32), x_2); diff --git a/src/libsodium/crypto_stream/salsa20/xmm6int/u0.h b/src/libsodium/crypto_stream/salsa20/xmm6int/u0.h index b2d41680..830f70e8 100644 --- a/src/libsodium/crypto_stream/salsa20/xmm6int/u0.h +++ b/src/libsodium/crypto_stream/salsa20/xmm6int/u0.h @@ -1,8 +1,8 @@ if (bytes > 0) { - __m128i diag0 = _mm_loadu_si128((__m128i *) (x + 0)); - __m128i diag1 = _mm_loadu_si128((__m128i *) (x + 4)); - __m128i diag2 = _mm_loadu_si128((__m128i *) (x + 8)); - __m128i diag3 = _mm_loadu_si128((__m128i *) (x + 12)); + __m128i diag0 = _mm_loadu_si128((const __m128i *) (x + 0)); + __m128i diag1 = _mm_loadu_si128((const __m128i *) (x + 4)); + __m128i diag2 = _mm_loadu_si128((const __m128i *) (x + 8)); + __m128i diag3 = _mm_loadu_si128((const __m128i *) (x + 12)); __m128i a0, a1, a2, a3, a4, a5, a6, a7; __m128i b0, b1, b2, b3, b4, b5, b6, b7; uint8_t partialblock[64]; @@ -156,25 +156,25 @@ if (bytes > 0) { diag0 = _mm_xor_si128(diag0, b7); } - diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((__m128i *) (x + 0))); - diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((__m128i *) (x + 4))); - diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((__m128i *) (x + 8))); - diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((__m128i *) (x + 12))); + diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((const __m128i *) (x + 0))); + diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((const __m128i *) (x + 4))); + diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((const __m128i *) (x + 8))); + diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((const __m128i *) (x + 12))); -#define ONEQUAD_SHUFFLE(A, B, C, D) \ - do { \ - uint32_t in##A = _mm_cvtsi128_si32(diag0); \ - uint32_t in##B = _mm_cvtsi128_si32(diag1); \ - uint32_t in##C = _mm_cvtsi128_si32(diag2); \ - uint32_t in##D = _mm_cvtsi128_si32(diag3); \ - diag0 = _mm_shuffle_epi32(diag0, 0x39); \ - diag1 = _mm_shuffle_epi32(diag1, 0x39); \ - diag2 = _mm_shuffle_epi32(diag2, 0x39); \ - diag3 = _mm_shuffle_epi32(diag3, 0x39); \ - *(uint32_t *) (partialblock + (A * 4)) = in##A; \ - *(uint32_t *) (partialblock + (B * 4)) = in##B; \ - *(uint32_t *) (partialblock + (C * 4)) = in##C; \ - *(uint32_t *) (partialblock + (D * 4)) = in##D; \ +#define ONEQUAD_SHUFFLE(A, B, C, D) \ + do { \ + uint32_t in##A = _mm_cvtsi128_si32(diag0); \ + uint32_t in##B = _mm_cvtsi128_si32(diag1); \ + uint32_t in##C = _mm_cvtsi128_si32(diag2); \ + uint32_t in##D = _mm_cvtsi128_si32(diag3); \ + diag0 = _mm_shuffle_epi32(diag0, 0x39); \ + diag1 = _mm_shuffle_epi32(diag1, 0x39); \ + diag2 = _mm_shuffle_epi32(diag2, 0x39); \ + diag3 = _mm_shuffle_epi32(diag3, 0x39); \ + *(uint32_t *) (partialblock + (A * 4)) = in##A; \ + *(uint32_t *) (partialblock + (B * 4)) = in##B; \ + *(uint32_t *) (partialblock + (C * 4)) = in##C; \ + *(uint32_t *) (partialblock + (D * 4)) = in##D; \ } while (0) #define ONEQUAD(A, B, C, D) ONEQUAD_SHUFFLE(A, B, C, D) diff --git a/src/libsodium/crypto_stream/salsa20/xmm6int/u1.h b/src/libsodium/crypto_stream/salsa20/xmm6int/u1.h index c245d956..1a13e5c3 100644 --- a/src/libsodium/crypto_stream/salsa20/xmm6int/u1.h +++ b/src/libsodium/crypto_stream/salsa20/xmm6int/u1.h @@ -1,8 +1,8 @@ while (bytes >= 64) { - __m128i diag0 = _mm_loadu_si128((__m128i *) (x + 0)); - __m128i diag1 = _mm_loadu_si128((__m128i *) (x + 4)); - __m128i diag2 = _mm_loadu_si128((__m128i *) (x + 8)); - __m128i diag3 = _mm_loadu_si128((__m128i *) (x + 12)); + __m128i diag0 = _mm_loadu_si128((const __m128i *) (x + 0)); + __m128i diag1 = _mm_loadu_si128((const __m128i *) (x + 4)); + __m128i diag2 = _mm_loadu_si128((const __m128i *) (x + 8)); + __m128i diag3 = _mm_loadu_si128((const __m128i *) (x + 12)); __m128i a0, a1, a2, a3, a4, a5, a6, a7; __m128i b0, b1, b2, b3, b4, b5, b6, b7; @@ -157,10 +157,10 @@ while (bytes >= 64) { diag0 = _mm_xor_si128(diag0, b7); } - diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((__m128i *) (x + 0))); - diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((__m128i *) (x + 4))); - diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((__m128i *) (x + 8))); - diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((__m128i *) (x + 12))); + diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((const __m128i *) (x + 0))); + diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((const __m128i *) (x + 4))); + diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((const __m128i *) (x + 8))); + diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((const __m128i *) (x + 12))); #define ONEQUAD_SHUFFLE(A, B, C, D) \ do { \ diff --git a/src/libsodium/crypto_stream/salsa20/xmm6int/u4.h b/src/libsodium/crypto_stream/salsa20/xmm6int/u4.h index 61d935fc..474f4860 100644 --- a/src/libsodium/crypto_stream/salsa20/xmm6int/u4.h +++ b/src/libsodium/crypto_stream/salsa20/xmm6int/u4.h @@ -12,22 +12,22 @@ if (bytes >= 256) { /* element broadcast immediate for _mm_shuffle_epi32 are in order: 0x00, 0x55, 0xaa, 0xff */ - z0 = _mm_loadu_si128((__m128i *) (x + 0)); + z0 = _mm_loadu_si128((const __m128i *) (x + 0)); z5 = _mm_shuffle_epi32(z0, 0x55); z10 = _mm_shuffle_epi32(z0, 0xaa); z15 = _mm_shuffle_epi32(z0, 0xff); z0 = _mm_shuffle_epi32(z0, 0x00); - z1 = _mm_loadu_si128((__m128i *) (x + 4)); + z1 = _mm_loadu_si128((const __m128i *) (x + 4)); z6 = _mm_shuffle_epi32(z1, 0xaa); z11 = _mm_shuffle_epi32(z1, 0xff); z12 = _mm_shuffle_epi32(z1, 0x00); z1 = _mm_shuffle_epi32(z1, 0x55); - z2 = _mm_loadu_si128((__m128i *) (x + 8)); + z2 = _mm_loadu_si128((const __m128i *) (x + 8)); z7 = _mm_shuffle_epi32(z2, 0xff); z13 = _mm_shuffle_epi32(z2, 0x55); z2 = _mm_shuffle_epi32(z2, 0xaa); /* no z8 -> first half of the nonce, will fill later */ - z3 = _mm_loadu_si128((__m128i *) (x + 12)); + z3 = _mm_loadu_si128((const __m128i *) (x + 12)); z4 = _mm_shuffle_epi32(z3, 0x00); z14 = _mm_shuffle_epi32(z3, 0xaa); z3 = _mm_shuffle_epi32(z3, 0xff); @@ -498,26 +498,26 @@ if (bytes >= 256) { /* store data ; this macro first transpose data in-registers, and then store * them in memory. much faster with icc. */ -#define ONEQUAD_TRANSPOSE(A, B, C, D) \ - z##A = _mm_add_epi32(z##A, orig##A); \ - z##B = _mm_add_epi32(z##B, orig##B); \ - z##C = _mm_add_epi32(z##C, orig##C); \ - z##D = _mm_add_epi32(z##D, orig##D); \ - y##A = _mm_unpacklo_epi32(z##A, z##B); \ - y##B = _mm_unpacklo_epi32(z##C, z##D); \ - y##C = _mm_unpackhi_epi32(z##A, z##B); \ - y##D = _mm_unpackhi_epi32(z##C, z##D); \ - z##A = _mm_unpacklo_epi64(y##A, y##B); \ - z##B = _mm_unpackhi_epi64(y##A, y##B); \ - z##C = _mm_unpacklo_epi64(y##C, y##D); \ - z##D = _mm_unpackhi_epi64(y##C, y##D); \ - y##A = _mm_xor_si128(z##A, _mm_loadu_si128((__m128i *) (m + 0))); \ - _mm_storeu_si128((__m128i *) (c + 0), y##A); \ - y##B = _mm_xor_si128(z##B, _mm_loadu_si128((__m128i *) (m + 64))); \ - _mm_storeu_si128((__m128i *) (c + 64), y##B); \ - y##C = _mm_xor_si128(z##C, _mm_loadu_si128((__m128i *) (m + 128))); \ - _mm_storeu_si128((__m128i *) (c + 128), y##C); \ - y##D = _mm_xor_si128(z##D, _mm_loadu_si128((__m128i *) (m + 192))); \ +#define ONEQUAD_TRANSPOSE(A, B, C, D) \ + z##A = _mm_add_epi32(z##A, orig##A); \ + z##B = _mm_add_epi32(z##B, orig##B); \ + z##C = _mm_add_epi32(z##C, orig##C); \ + z##D = _mm_add_epi32(z##D, orig##D); \ + y##A = _mm_unpacklo_epi32(z##A, z##B); \ + y##B = _mm_unpacklo_epi32(z##C, z##D); \ + y##C = _mm_unpackhi_epi32(z##A, z##B); \ + y##D = _mm_unpackhi_epi32(z##C, z##D); \ + z##A = _mm_unpacklo_epi64(y##A, y##B); \ + z##B = _mm_unpackhi_epi64(y##A, y##B); \ + z##C = _mm_unpacklo_epi64(y##C, y##D); \ + z##D = _mm_unpackhi_epi64(y##C, y##D); \ + y##A = _mm_xor_si128(z##A, _mm_loadu_si128((const __m128i *) (m + 0))); \ + _mm_storeu_si128((__m128i *) (c + 0), y##A); \ + y##B = _mm_xor_si128(z##B, _mm_loadu_si128((const __m128i *) (m + 64))); \ + _mm_storeu_si128((__m128i *) (c + 64), y##B); \ + y##C = _mm_xor_si128(z##C, _mm_loadu_si128((const __m128i *) (m + 128))); \ + _mm_storeu_si128((__m128i *) (c + 128), y##C); \ + y##D = _mm_xor_si128(z##D, _mm_loadu_si128((const __m128i *) (m + 192))); \ _mm_storeu_si128((__m128i *) (c + 192), y##D) #define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D) diff --git a/src/libsodium/crypto_stream/salsa20/xmm6int/u8.h b/src/libsodium/crypto_stream/salsa20/xmm6int/u8.h index 467a9612..60f095c7 100644 --- a/src/libsodium/crypto_stream/salsa20/xmm6int/u8.h +++ b/src/libsodium/crypto_stream/salsa20/xmm6int/u8.h @@ -361,45 +361,45 @@ if (bytes >= 512) { /* store data ; this macro first transpose data in-registers, and then store * them in memory. much faster with icc. */ -#define ONEQUAD_TRANSPOSE(A, B, C, D) \ - { \ - __m128i t0, t1, t2, t3; \ - z##A = _mm256_add_epi32(z##A, orig##A); \ - z##B = _mm256_add_epi32(z##B, orig##B); \ - z##C = _mm256_add_epi32(z##C, orig##C); \ - z##D = _mm256_add_epi32(z##D, orig##D); \ - y##A = _mm256_unpacklo_epi32(z##A, z##B); \ - y##B = _mm256_unpacklo_epi32(z##C, z##D); \ - y##C = _mm256_unpackhi_epi32(z##A, z##B); \ - y##D = _mm256_unpackhi_epi32(z##C, z##D); \ - z##A = _mm256_unpacklo_epi64(y##A, y##B); \ - z##B = _mm256_unpackhi_epi64(y##A, y##B); \ - z##C = _mm256_unpacklo_epi64(y##C, y##D); \ - z##D = _mm256_unpackhi_epi64(y##C, y##D); \ - t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 0), \ - _mm_loadu_si128((__m128i*) (m + 0))); \ - _mm_storeu_si128((__m128i*) (c + 0), t0); \ - t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 0), \ - _mm_loadu_si128((__m128i*) (m + 64))); \ - _mm_storeu_si128((__m128i*) (c + 64), t1); \ - t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 0), \ - _mm_loadu_si128((__m128i*) (m + 128))); \ - _mm_storeu_si128((__m128i*) (c + 128), t2); \ - t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 0), \ - _mm_loadu_si128((__m128i*) (m + 192))); \ - _mm_storeu_si128((__m128i*) (c + 192), t3); \ - t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 1), \ - _mm_loadu_si128((__m128i*) (m + 256))); \ - _mm_storeu_si128((__m128i*) (c + 256), t0); \ - t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 1), \ - _mm_loadu_si128((__m128i*) (m + 320))); \ - _mm_storeu_si128((__m128i*) (c + 320), t1); \ - t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 1), \ - _mm_loadu_si128((__m128i*) (m + 384))); \ - _mm_storeu_si128((__m128i*) (c + 384), t2); \ - t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 1), \ - _mm_loadu_si128((__m128i*) (m + 448))); \ - _mm_storeu_si128((__m128i*) (c + 448), t3); \ +#define ONEQUAD_TRANSPOSE(A, B, C, D) \ + { \ + __m128i t0, t1, t2, t3; \ + z##A = _mm256_add_epi32(z##A, orig##A); \ + z##B = _mm256_add_epi32(z##B, orig##B); \ + z##C = _mm256_add_epi32(z##C, orig##C); \ + z##D = _mm256_add_epi32(z##D, orig##D); \ + y##A = _mm256_unpacklo_epi32(z##A, z##B); \ + y##B = _mm256_unpacklo_epi32(z##C, z##D); \ + y##C = _mm256_unpackhi_epi32(z##A, z##B); \ + y##D = _mm256_unpackhi_epi32(z##C, z##D); \ + z##A = _mm256_unpacklo_epi64(y##A, y##B); \ + z##B = _mm256_unpackhi_epi64(y##A, y##B); \ + z##C = _mm256_unpacklo_epi64(y##C, y##D); \ + z##D = _mm256_unpackhi_epi64(y##C, y##D); \ + t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 0), \ + _mm_loadu_si128((const __m128i*) (m + 0))); \ + _mm_storeu_si128((__m128i*) (c + 0), t0); \ + t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 0), \ + _mm_loadu_si128((const __m128i*) (m + 64))); \ + _mm_storeu_si128((__m128i*) (c + 64), t1); \ + t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 0), \ + _mm_loadu_si128((const __m128i*) (m + 128))); \ + _mm_storeu_si128((__m128i*) (c + 128), t2); \ + t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 0), \ + _mm_loadu_si128((const __m128i*) (m + 192))); \ + _mm_storeu_si128((__m128i*) (c + 192), t3); \ + t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 1), \ + _mm_loadu_si128((const __m128i*) (m + 256))); \ + _mm_storeu_si128((__m128i*) (c + 256), t0); \ + t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 1), \ + _mm_loadu_si128((const __m128i*) (m + 320))); \ + _mm_storeu_si128((__m128i*) (c + 320), t1); \ + t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 1), \ + _mm_loadu_si128((const __m128i*) (m + 384))); \ + _mm_storeu_si128((__m128i*) (c + 384), t2); \ + t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 1), \ + _mm_loadu_si128((const __m128i*) (m + 448))); \ + _mm_storeu_si128((__m128i*) (c + 448), t3); \ } #define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D) @@ -433,20 +433,20 @@ if (bytes >= 512) { y##D = _mm256_permute2x128_si256(z##D, z##D2, 0x20); \ y##D2 = _mm256_permute2x128_si256(z##D, z##D2, 0x31); \ y##A = _mm256_xor_si256(y##A, _mm256_loadu_si256((__m256i*) (m + 0))); \ - y##B = \ - _mm256_xor_si256(y##B, _mm256_loadu_si256((__m256i*) (m + 64))); \ - y##C = \ - _mm256_xor_si256(y##C, _mm256_loadu_si256((__m256i*) (m + 128))); \ - y##D = \ - _mm256_xor_si256(y##D, _mm256_loadu_si256((__m256i*) (m + 192))); \ - y##A2 = \ - _mm256_xor_si256(y##A2, _mm256_loadu_si256((__m256i*) (m + 256))); \ - y##B2 = \ - _mm256_xor_si256(y##B2, _mm256_loadu_si256((__m256i*) (m + 320))); \ - y##C2 = \ - _mm256_xor_si256(y##C2, _mm256_loadu_si256((__m256i*) (m + 384))); \ - y##D2 = \ - _mm256_xor_si256(y##D2, _mm256_loadu_si256((__m256i*) (m + 448))); \ + y##B = _mm256_xor_si256( \ + y##B, _mm256_loadu_si256((const __m256i*) (m + 64))); \ + y##C = _mm256_xor_si256( \ + y##C, _mm256_loadu_si256((const __m256i*) (m + 128))); \ + y##D = _mm256_xor_si256( \ + y##D, _mm256_loadu_si256((const __m256i*) (m + 192))); \ + y##A2 = _mm256_xor_si256( \ + y##A2, _mm256_loadu_si256((const __m256i*) (m + 256))); \ + y##B2 = _mm256_xor_si256( \ + y##B2, _mm256_loadu_si256((const __m256i*) (m + 320))); \ + y##C2 = _mm256_xor_si256( \ + y##C2, _mm256_loadu_si256((const __m256i*) (m + 384))); \ + y##D2 = _mm256_xor_si256( \ + y##D2, _mm256_loadu_si256((const __m256i*) (m + 448))); \ _mm256_storeu_si256((__m256i*) (c + 0), y##A); \ _mm256_storeu_si256((__m256i*) (c + 64), y##B); \ _mm256_storeu_si256((__m256i*) (c + 128), y##C); \ diff --git a/src/libsodium/crypto_verify/sodium/verify.c b/src/libsodium/crypto_verify/sodium/verify.c index 6c7d1cca..ffebf220 100644 --- a/src/libsodium/crypto_verify/sodium/verify.c +++ b/src/libsodium/crypto_verify/sodium/verify.c @@ -44,12 +44,12 @@ crypto_verify_n(const unsigned char *x_, const unsigned char *y_, (const volatile __m128i *volatile) (const void *) x_; const volatile __m128i *volatile y = (const volatile __m128i *volatile) (const void *) y_; - v1 = _mm_loadu_si128((const volatile __m128i *) &x[0]); - v2 = _mm_loadu_si128((const volatile __m128i *) &y[0]); + v1 = _mm_loadu_si128((const __m128i *) &x[0]); + v2 = _mm_loadu_si128((const __m128i *) &y[0]); z = _mm_xor_si128(v1, v2); for (i = 1; i < n / 16; i++) { - v1 = _mm_loadu_si128((const volatile __m128i *) &x[i]); - v2 = _mm_loadu_si128((const volatile __m128i *) &y[i]); + v1 = _mm_loadu_si128((const __m128i *) &x[i]); + v2 = _mm_loadu_si128((const __m128i *) &y[i]); z = _mm_or_si128(z, _mm_xor_si128(v1, v2)); } m = _mm_movemask_epi8(_mm_cmpeq_epi32(z, zero)); From 52ff9c89805b049f3585033e092390777bb2a223 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 26 Dec 2018 18:32:39 +0100 Subject: [PATCH 151/190] Constify, add missing private include --- .../crypto_scrypt-common.c | 2 +- .../crypto_stream/chacha20/stream_chacha20.c | 1 + .../crypto_stream/salsa20/xmm6int/u1.h | 8 +-- .../crypto_stream/salsa20/xmm6int/u8.h | 69 ++++++++++--------- 4 files changed, 41 insertions(+), 39 deletions(-) diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c index 8434aa34..c4dd46a2 100644 --- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c +++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c @@ -158,7 +158,7 @@ escrypt_r(escrypt_local_t *local, const uint8_t *passwd, size_t passwdlen, prefixlen = src - setting; salt = src; - src = (const uint8_t *) strrchr((char *) salt, '$'); + src = (const uint8_t *) strrchr((const char *) salt, '$'); if (src) { saltlen = src - salt; } else { diff --git a/src/libsodium/crypto_stream/chacha20/stream_chacha20.c b/src/libsodium/crypto_stream/chacha20/stream_chacha20.c index c98d6090..427c3fb0 100644 --- a/src/libsodium/crypto_stream/chacha20/stream_chacha20.c +++ b/src/libsodium/crypto_stream/chacha20/stream_chacha20.c @@ -1,5 +1,6 @@ #include "crypto_stream_chacha20.h" #include "core.h" +#include "private/chacha20_ietf_ext.h" #include "private/common.h" #include "private/implementations.h" #include "randombytes.h" diff --git a/src/libsodium/crypto_stream/salsa20/xmm6int/u1.h b/src/libsodium/crypto_stream/salsa20/xmm6int/u1.h index 1a13e5c3..e82521cd 100644 --- a/src/libsodium/crypto_stream/salsa20/xmm6int/u1.h +++ b/src/libsodium/crypto_stream/salsa20/xmm6int/u1.h @@ -172,10 +172,10 @@ while (bytes >= 64) { diag1 = _mm_shuffle_epi32(diag1, 0x39); \ diag2 = _mm_shuffle_epi32(diag2, 0x39); \ diag3 = _mm_shuffle_epi32(diag3, 0x39); \ - in##A ^= *(uint32_t *) (m + (A * 4)); \ - in##B ^= *(uint32_t *) (m + (B * 4)); \ - in##C ^= *(uint32_t *) (m + (C * 4)); \ - in##D ^= *(uint32_t *) (m + (D * 4)); \ + in##A ^= *(const uint32_t *) (m + (A * 4)); \ + in##B ^= *(const uint32_t *) (m + (B * 4)); \ + in##C ^= *(const uint32_t *) (m + (C * 4)); \ + in##D ^= *(const uint32_t *) (m + (D * 4)); \ *(uint32_t *) (c + (A * 4)) = in##A; \ *(uint32_t *) (c + (B * 4)) = in##B; \ *(uint32_t *) (c + (C * 4)) = in##C; \ diff --git a/src/libsodium/crypto_stream/salsa20/xmm6int/u8.h b/src/libsodium/crypto_stream/salsa20/xmm6int/u8.h index 60f095c7..581b22c2 100644 --- a/src/libsodium/crypto_stream/salsa20/xmm6int/u8.h +++ b/src/libsodium/crypto_stream/salsa20/xmm6int/u8.h @@ -420,41 +420,42 @@ if (bytes >= 512) { z##D = _mm256_unpackhi_epi64(y##C, y##D); \ } -#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \ - { \ - ONEQUAD_UNPCK(A, B, C, D); \ - ONEQUAD_UNPCK(A2, B2, C2, D2); \ - y##A = _mm256_permute2x128_si256(z##A, z##A2, 0x20); \ - y##A2 = _mm256_permute2x128_si256(z##A, z##A2, 0x31); \ - y##B = _mm256_permute2x128_si256(z##B, z##B2, 0x20); \ - y##B2 = _mm256_permute2x128_si256(z##B, z##B2, 0x31); \ - y##C = _mm256_permute2x128_si256(z##C, z##C2, 0x20); \ - y##C2 = _mm256_permute2x128_si256(z##C, z##C2, 0x31); \ - y##D = _mm256_permute2x128_si256(z##D, z##D2, 0x20); \ - y##D2 = _mm256_permute2x128_si256(z##D, z##D2, 0x31); \ - y##A = _mm256_xor_si256(y##A, _mm256_loadu_si256((__m256i*) (m + 0))); \ - y##B = _mm256_xor_si256( \ +#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \ + { \ + ONEQUAD_UNPCK(A, B, C, D); \ + ONEQUAD_UNPCK(A2, B2, C2, D2); \ + y##A = _mm256_permute2x128_si256(z##A, z##A2, 0x20); \ + y##A2 = _mm256_permute2x128_si256(z##A, z##A2, 0x31); \ + y##B = _mm256_permute2x128_si256(z##B, z##B2, 0x20); \ + y##B2 = _mm256_permute2x128_si256(z##B, z##B2, 0x31); \ + y##C = _mm256_permute2x128_si256(z##C, z##C2, 0x20); \ + y##C2 = _mm256_permute2x128_si256(z##C, z##C2, 0x31); \ + y##D = _mm256_permute2x128_si256(z##D, z##D2, 0x20); \ + y##D2 = _mm256_permute2x128_si256(z##D, z##D2, 0x31); \ + y##A = _mm256_xor_si256(y##A, \ + _mm256_loadu_si256((const __m256i*) (m + 0))); \ + y##B = _mm256_xor_si256( \ y##B, _mm256_loadu_si256((const __m256i*) (m + 64))); \ - y##C = _mm256_xor_si256( \ - y##C, _mm256_loadu_si256((const __m256i*) (m + 128))); \ - y##D = _mm256_xor_si256( \ - y##D, _mm256_loadu_si256((const __m256i*) (m + 192))); \ - y##A2 = _mm256_xor_si256( \ - y##A2, _mm256_loadu_si256((const __m256i*) (m + 256))); \ - y##B2 = _mm256_xor_si256( \ - y##B2, _mm256_loadu_si256((const __m256i*) (m + 320))); \ - y##C2 = _mm256_xor_si256( \ - y##C2, _mm256_loadu_si256((const __m256i*) (m + 384))); \ - y##D2 = _mm256_xor_si256( \ - y##D2, _mm256_loadu_si256((const __m256i*) (m + 448))); \ - _mm256_storeu_si256((__m256i*) (c + 0), y##A); \ - _mm256_storeu_si256((__m256i*) (c + 64), y##B); \ - _mm256_storeu_si256((__m256i*) (c + 128), y##C); \ - _mm256_storeu_si256((__m256i*) (c + 192), y##D); \ - _mm256_storeu_si256((__m256i*) (c + 256), y##A2); \ - _mm256_storeu_si256((__m256i*) (c + 320), y##B2); \ - _mm256_storeu_si256((__m256i*) (c + 384), y##C2); \ - _mm256_storeu_si256((__m256i*) (c + 448), y##D2); \ + y##C = _mm256_xor_si256( \ + y##C, _mm256_loadu_si256((const __m256i*) (m + 128))); \ + y##D = _mm256_xor_si256( \ + y##D, _mm256_loadu_si256((const __m256i*) (m + 192))); \ + y##A2 = _mm256_xor_si256( \ + y##A2, _mm256_loadu_si256((const __m256i*) (m + 256))); \ + y##B2 = _mm256_xor_si256( \ + y##B2, _mm256_loadu_si256((const __m256i*) (m + 320))); \ + y##C2 = _mm256_xor_si256( \ + y##C2, _mm256_loadu_si256((const __m256i*) (m + 384))); \ + y##D2 = _mm256_xor_si256( \ + y##D2, _mm256_loadu_si256((const __m256i*) (m + 448))); \ + _mm256_storeu_si256((__m256i*) (c + 0), y##A); \ + _mm256_storeu_si256((__m256i*) (c + 64), y##B); \ + _mm256_storeu_si256((__m256i*) (c + 128), y##C); \ + _mm256_storeu_si256((__m256i*) (c + 192), y##D); \ + _mm256_storeu_si256((__m256i*) (c + 256), y##A2); \ + _mm256_storeu_si256((__m256i*) (c + 320), y##B2); \ + _mm256_storeu_si256((__m256i*) (c + 384), y##C2); \ + _mm256_storeu_si256((__m256i*) (c + 448), y##D2); \ } ONEOCTO(0, 1, 2, 3, 4, 5, 6, 7); From cce84d05b26412345cfd32b1493ec82c74eaa424 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 26 Dec 2018 18:39:07 +0100 Subject: [PATCH 152/190] Use unsigned indices --- test/default/core_ed25519.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c index cbebeadb..368e9735 100644 --- a/test/default/core_ed25519.c +++ b/test/default/core_ed25519.c @@ -48,7 +48,7 @@ main(void) unsigned char *p, *p2, *p3; unsigned char *sc; unsigned char *sc64; - int i, j; + unsigned int i, j; h = (unsigned char *) sodium_malloc(crypto_core_ed25519_UNIFORMBYTES); p = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES); @@ -67,7 +67,7 @@ main(void) randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES); crypto_core_ed25519_from_uniform(p2, h); - j = 1 + (int) randombytes_uniform(100); + j = 1 + (unsigned int) randombytes_uniform(100); memcpy(p3, p, crypto_core_ed25519_BYTES); for (i = 0; i < j; i++) { crypto_core_ed25519_add(p, p, p2); @@ -165,10 +165,10 @@ main(void) memcpy(sc64, sc, crypto_core_ed25519_BYTES); memset(sc64 + crypto_core_ed25519_BYTES, 0, 64 - crypto_core_ed25519_BYTES); - i = randombytes_uniform(100); + i = (unsigned int) randombytes_uniform(100); do { add_l64(sc64); - } while (i-- > 0U); + } while (i-- > 0); crypto_core_ed25519_scalar_reduce(sc64, sc64); if (memcmp(sc64, sc, crypto_core_ed25519_BYTES) != 0) { printf("crypto_core_ed25519_scalar_reduce() failed\n"); From b1b031106c65d5afa7ca1bd6fa77b2045fb7c63a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 26 Dec 2018 23:10:56 +0100 Subject: [PATCH 153/190] ISODATE is not used --- configure.ac | 2 -- 1 file changed, 2 deletions(-) diff --git a/configure.ac b/configure.ac index d41cf9a5..4c4e6d49 100644 --- a/configure.ac +++ b/configure.ac @@ -13,8 +13,6 @@ AM_MAINTAINER_MODE AM_DEP_TRACK AC_SUBST(VERSION) -ISODATE=`date +%Y-%m-%d` -AC_SUBST(ISODATE) SODIUM_LIBRARY_VERSION_MAJOR=10 SODIUM_LIBRARY_VERSION_MINOR=1 From cff3d7f6c7ebe78204bfb145f1d42e58e9fb9f2b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 29 Dec 2018 16:42:09 +0100 Subject: [PATCH 154/190] Remove unused variables --- src/libsodium/sodium/core.c | 2 -- test/default/aead_aes256gcm2.c | 2 -- test/default/aead_chacha20poly13052.c | 2 -- test/default/codecs.c | 3 +-- 4 files changed, 1 insertion(+), 8 deletions(-) diff --git a/src/libsodium/sodium/core.c b/src/libsodium/sodium/core.c index 2241a2ea..f2456fe1 100644 --- a/src/libsodium/sodium/core.c +++ b/src/libsodium/sodium/core.c @@ -125,8 +125,6 @@ sodium_crit_enter(void) int sodium_crit_leave(void) { - int ret; - if (locked == 0) { # ifdef EPERM errno = EPERM; diff --git a/test/default/aead_aes256gcm2.c b/test/default/aead_aes256gcm2.c index 5f293320..43170b5d 100644 --- a/test/default/aead_aes256gcm2.c +++ b/test/default/aead_aes256gcm2.c @@ -189,9 +189,7 @@ tv(void) unsigned char *message; unsigned char *mac; unsigned char *nonce; - char * hex; size_t ad_len; - size_t ciphertext_len; size_t detached_ciphertext_len; size_t message_len; unsigned int i; diff --git a/test/default/aead_chacha20poly13052.c b/test/default/aead_chacha20poly13052.c index 8fdabe2e..8c59ecaf 100644 --- a/test/default/aead_chacha20poly13052.c +++ b/test/default/aead_chacha20poly13052.c @@ -954,9 +954,7 @@ tv(void) unsigned char *message; unsigned char *mac; unsigned char *nonce; - char * hex; size_t ad_len; - size_t ciphertext_len; size_t detached_ciphertext_len; size_t message_len; unsigned int i; diff --git a/test/default/codecs.c b/test/default/codecs.c index 9d6bc837..711b4217 100644 --- a/test/default/codecs.c +++ b/test/default/codecs.c @@ -11,11 +11,10 @@ main(void) char *b64_; const char *b64_end; unsigned char *bin; - unsigned char *bin_padded; const char *hex; const char *hex_end; size_t b64_len; - size_t bin_len, bin_len2; + size_t bin_len; unsigned int i; printf("%s\n", From 1542d473da95002031e015eecd7e570c75ea27d1 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 29 Dec 2018 20:20:07 +0100 Subject: [PATCH 155/190] Add crypto_core_ed25519_scalar_complement(), _negate(), _add(), _sub() --- ChangeLog | 4 +- .../crypto_core/ed25519/core_ed25519.c | 84 +++++++++++++++++++ .../include/sodium/crypto_core_ed25519.h | 18 ++++ test/default/core_ed25519.c | 37 ++++++++ 4 files changed, 142 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 2209386a..8fa78d46 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,7 +15,9 @@ not to be detected. - Test vectors from Project Wycheproof have been added. - New low-level APIs for arithmetic mod the order of the prime order group: `crypto_core_ed25519_scalar_random()`, `crypto_core_ed25519_scalar_reduce()`, -and `crypto_core_ed25519_scalar_invert()`. +`crypto_core_ed25519_scalar_invert()`, `crypto_core_ed25519_scalar_negate()`, +`crypto_core_ed25519_scalar_complement()`, `crypto_core_ed25519_scalar_add()` +and `crypto_core_ed25519_scalar_sub()`. - New low-level APIs for scalar multiplication without clamping: `crypto_scalarmult_ed25519_base_noclamp()`, and `crypto_scalarmult_ed25519_noclamp()`. These new APIs are diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index f17cda13..c412891a 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -1,4 +1,6 @@ +#include + #include "crypto_core_ed25519.h" #include "private/common.h" #include "private/ed25519_ref10.h" @@ -86,6 +88,88 @@ crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) return - sodium_is_zero(s, crypto_core_ed25519_SCALARBYTES); } +void +crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s) +{ + /* 2^252+27742317777372353535851937790883648493 */ + static const unsigned char L[32] = { + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, + 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 + }; + uint_fast16_t c = 0U; + unsigned char r = 0U; + size_t i; + + for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { + r |= s[i]; + c = (uint_fast16_t) L[i] - (uint_fast16_t) s[i] - c; + neg[i] = (unsigned char) c; + c = (c >> 8) & 1U; + } + r = ~(r - 1U) >> 8; + for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { + neg[i] &= r; + } +} + +void +crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s) +{ + /* 2^252+27742317777372353535851937790883648493 + 1 */ + static const unsigned char L1[32] = { + 0xee, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, + 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 + }; + uint_fast16_t c = 0U; + unsigned char q = 0U; + unsigned char r = 0U; + size_t i; + + q |= s[0] ^ 1U; + r |= s[0]; + c = (uint_fast16_t) L1[0] - (uint_fast16_t) s[0] - c; + comp[0] = (unsigned char) c; + c = (c >> 8) & 1U; + for (i = 1U; i < crypto_core_ed25519_SCALARBYTES; i++) { + q |= s[i]; + r |= s[i]; + c = (uint_fast16_t) L1[i] - (uint_fast16_t) s[i] - c; + comp[i] = (unsigned char) c; + c = (c >> 8) & 1U; + } + q = ~(q - 1U) >> 8; + r = ~(r - 1U) >> 8; + for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { + comp[i] &= q & r; + } + comp[0] |= (~r) & 1U; +} + +void +crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x, + const unsigned char *y) +{ + unsigned char x_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 0U }; + unsigned char y_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 0U }; + + memcpy(x_, x, crypto_core_ed25519_SCALARBYTES); + memcpy(y_, y, crypto_core_ed25519_SCALARBYTES); + sodium_add(x_, y_, crypto_core_ed25519_SCALARBYTES); + crypto_core_ed25519_scalar_reduce(z, x_); +} + +void +crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x, + const unsigned char *y) +{ + unsigned char yn[crypto_core_ed25519_SCALARBYTES]; + + crypto_core_ed25519_scalar_negate(yn, y); + crypto_core_ed25519_scalar_add(z, x, yn); +} + void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s) diff --git a/src/libsodium/include/sodium/crypto_core_ed25519.h b/src/libsodium/include/sodium/crypto_core_ed25519.h index b3958c7e..eb736ffb 100644 --- a/src/libsodium/include/sodium/crypto_core_ed25519.h +++ b/src/libsodium/include/sodium/crypto_core_ed25519.h @@ -50,6 +50,24 @@ SODIUM_EXPORT int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) __attribute__ ((nonnull)); +SODIUM_EXPORT +void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x, + const unsigned char *y) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x, + const unsigned char *y) + __attribute__ ((nonnull)); + /* * The interval `s` is sampled from should be at least 317 bits to ensure almost * uniformity of `r` over `L`. diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c index 368e9735..e884d2ff 100644 --- a/test/default/core_ed25519.c +++ b/test/default/core_ed25519.c @@ -174,6 +174,43 @@ main(void) printf("crypto_core_ed25519_scalar_reduce() failed\n"); } + randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES); + crypto_core_ed25519_from_uniform(p, h); + memcpy(p2, p, crypto_core_ed25519_BYTES); + crypto_core_ed25519_scalar_random(sc); + if (crypto_scalarmult_ed25519_noclamp(p, sc, p) != 0) { + printf("crypto_scalarmult_ed25519_noclamp() failed (1)\n"); + } + crypto_core_ed25519_scalar_complement(sc, sc); + if (crypto_scalarmult_ed25519_noclamp(p2, sc, p2) != 0) { + printf("crypto_scalarmult_ed25519_noclamp() failed (2)\n"); + } + crypto_core_ed25519_add(p3, p, p2); + crypto_core_ed25519_from_uniform(p, h); + crypto_core_ed25519_sub(p, p, p3); + assert(p[0] == 0x01); + for (i = 1; i < crypto_core_ed25519_BYTES; i++) { + assert(p[i] == 0); + } + + randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES); + crypto_core_ed25519_from_uniform(p, h); + memcpy(p2, p, crypto_core_ed25519_BYTES); + crypto_core_ed25519_scalar_random(sc); + if (crypto_scalarmult_ed25519_noclamp(p, sc, p) != 0) { + printf("crypto_scalarmult_ed25519_noclamp() failed (3)\n"); + } + crypto_core_ed25519_scalar_negate(sc, sc); + if (crypto_scalarmult_ed25519_noclamp(p2, sc, p2) != 0) { + printf("crypto_scalarmult_ed25519_noclamp() failed (4)\n"); + } + crypto_core_ed25519_add(p, p, p2); + assert(p[0] == 0x01); + for (i = 1; i < crypto_core_ed25519_BYTES; i++) { + assert(p[i] == 0); + } + + sodium_free(sc64); sodium_free(sc); sodium_free(p3); sodium_free(p2); From f2942b9c880ef398ecf68693a27e504927bc62c4 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 30 Dec 2018 10:26:44 +0100 Subject: [PATCH 156/190] Add sodium_sub(), simplify scalar_complement() and scalar_negate() --- ChangeLog | 1 + .../crypto_core/ed25519/core_ed25519.c | 77 +++++++------------ src/libsodium/include/sodium/utils.h | 4 + src/libsodium/sodium/utils.c | 43 +++++++++++ 4 files changed, 77 insertions(+), 48 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8fa78d46..5e76e255 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,7 @@ and `crypto_core_ed25519_scalar_sub()`. `crypto_scalarmult_ed25519_base_noclamp()`, and `crypto_scalarmult_ed25519_noclamp()`. These new APIs are especially useful for blinding. + - `sodium_sub()` has been implemented. - Support for WatchOS has been added. - getrandom(2) is now used on FreeBSD 12+. diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index c412891a..e9027e5d 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -88,63 +88,44 @@ crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) return - sodium_is_zero(s, crypto_core_ed25519_SCALARBYTES); } +/* 2^252+27742317777372353535851937790883648493 */ +static const unsigned char L[] = { + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, + 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 +}; + void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s) { - /* 2^252+27742317777372353535851937790883648493 */ - static const unsigned char L[32] = { - 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, - 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 - }; - uint_fast16_t c = 0U; - unsigned char r = 0U; - size_t i; + unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 0U }; + unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 0U }; - for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { - r |= s[i]; - c = (uint_fast16_t) L[i] - (uint_fast16_t) s[i] - c; - neg[i] = (unsigned char) c; - c = (c >> 8) & 1U; - } - r = ~(r - 1U) >> 8; - for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { - neg[i] &= r; - } + COMPILER_ASSERT(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= + 2 * crypto_core_ed25519_SCALARBYTES); + memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L, + crypto_core_ed25519_SCALARBYTES); + memcpy(s_, s, crypto_core_ed25519_SCALARBYTES); + sodium_sub(t_, s_, sizeof t_); + sc25519_reduce(t_); + memcpy(neg, t_, crypto_core_ed25519_SCALARBYTES); } void -crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s) +crypto_core_ed25519_scalar_complement(unsigned char *comp, + const unsigned char *s) { - /* 2^252+27742317777372353535851937790883648493 + 1 */ - static const unsigned char L1[32] = { - 0xee, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, - 0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 - }; - uint_fast16_t c = 0U; - unsigned char q = 0U; - unsigned char r = 0U; - size_t i; + unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 1U }; + unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 0U }; - q |= s[0] ^ 1U; - r |= s[0]; - c = (uint_fast16_t) L1[0] - (uint_fast16_t) s[0] - c; - comp[0] = (unsigned char) c; - c = (c >> 8) & 1U; - for (i = 1U; i < crypto_core_ed25519_SCALARBYTES; i++) { - q |= s[i]; - r |= s[i]; - c = (uint_fast16_t) L1[i] - (uint_fast16_t) s[i] - c; - comp[i] = (unsigned char) c; - c = (c >> 8) & 1U; - } - q = ~(q - 1U) >> 8; - r = ~(r - 1U) >> 8; - for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { - comp[i] &= q & r; - } - comp[0] |= (~r) & 1U; + COMPILER_ASSERT(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= + 2 * crypto_core_ed25519_SCALARBYTES); + memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L, + crypto_core_ed25519_SCALARBYTES); + memcpy(s_, s, crypto_core_ed25519_SCALARBYTES); + sodium_sub(t_, s_, sizeof t_); + sc25519_reduce(t_); + memcpy(comp, t_, crypto_core_ed25519_SCALARBYTES); } void diff --git a/src/libsodium/include/sodium/utils.h b/src/libsodium/include/sodium/utils.h index 92ac2e69..84feeea6 100644 --- a/src/libsodium/include/sodium/utils.h +++ b/src/libsodium/include/sodium/utils.h @@ -55,6 +55,10 @@ SODIUM_EXPORT void sodium_add(unsigned char *a, const unsigned char *b, const size_t len) __attribute__ ((nonnull)); +SODIUM_EXPORT +void sodium_sub(unsigned char *a, const unsigned char *b, const size_t len) + __attribute__ ((nonnull)); + SODIUM_EXPORT char *sodium_bin2hex(char * const hex, const size_t hex_maxlen, const unsigned char * const bin, const size_t bin_len) diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index 007f284a..d018824a 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -335,6 +335,49 @@ sodium_add(unsigned char *a, const unsigned char *b, const size_t len) } } +void +sodium_sub(unsigned char *a, const unsigned char *b, const size_t len) +{ + uint_fast16_t c = 0U; + size_t i; + +#ifdef HAVE_AMD64_ASM + uint64_t t64_1, t64_2, t64_3, t64_4; + uint64_t t64_5, t64_6, t64_7, t64_8; + uint32_t t32; + + if (len == 64U) { + __asm__ __volatile__( + "movq (%[in]), %[t64_1] \n" + "movq 8(%[in]), %[t64_2] \n" + "movq 16(%[in]), %[t64_3] \n" + "movq 24(%[in]), %[t64_4] \n" + "movq 32(%[in]), %[t64_5] \n" + "movq 40(%[in]), %[t64_6] \n" + "movq 48(%[in]), %[t64_7] \n" + "movq 56(%[in]), %[t64_8] \n" + "subq %[t64_1], (%[out]) \n" + "sbbq %[t64_2], 8(%[out]) \n" + "sbbq %[t64_3], 16(%[out]) \n" + "sbbq %[t64_4], 24(%[out]) \n" + "sbbq %[t64_5], 32(%[out]) \n" + "sbbq %[t64_6], 40(%[out]) \n" + "sbbq %[t64_7], 48(%[out]) \n" + "sbbq %[t64_8], 56(%[out]) \n" + : [t64_1] "=&r"(t64_1), [t64_2] "=&r"(t64_2), [t64_3] "=&r"(t64_3), [t64_4] "=&r"(t64_4), + [t64_5] "=&r"(t64_5), [t64_6] "=&r"(t64_6), [t64_7] "=&r"(t64_7), [t64_8] "=&r"(t64_8) + : [in] "S"(b), [out] "D"(a) + : "memory", "flags", "cc"); + return; + } +#endif + for (i = 0; i < len; i++) { + c = (uint_fast16_t) a[i] - (uint_fast16_t) b[i] - c; + a[i] = (unsigned char) c; + c = (c >> 8) & 1U; + } +} + int _sodium_alloc_init(void) { From b3dc89368e68319eb809640d8ffea43915e26082 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 30 Dec 2018 10:37:02 +0100 Subject: [PATCH 157/190] Regen emscripten symbols --- dist-build/emscripten-symbols.def | 5 +++++ dist-build/emscripten.sh | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/dist-build/emscripten-symbols.def b/dist-build/emscripten-symbols.def index 86f401a7..a9e54229 100644 --- a/dist-build/emscripten-symbols.def +++ b/dist-build/emscripten-symbols.def @@ -148,9 +148,13 @@ _crypto_core_ed25519_bytes 0 1 _crypto_core_ed25519_from_uniform 0 1 _crypto_core_ed25519_is_valid_point 0 1 _crypto_core_ed25519_nonreducedscalarbytes 0 1 +_crypto_core_ed25519_scalar_add 0 1 +_crypto_core_ed25519_scalar_complement 0 1 _crypto_core_ed25519_scalar_invert 0 1 +_crypto_core_ed25519_scalar_negate 0 1 _crypto_core_ed25519_scalar_random 0 1 _crypto_core_ed25519_scalar_reduce 0 1 +_crypto_core_ed25519_scalar_sub 0 1 _crypto_core_ed25519_scalarbytes 0 1 _crypto_core_ed25519_sub 0 1 _crypto_core_ed25519_uniformbytes 0 1 @@ -573,5 +577,6 @@ _sodium_runtime_has_sse41 0 0 _sodium_runtime_has_ssse3 0 0 _sodium_set_misuse_handler 0 0 _sodium_stackzero 0 0 +_sodium_sub 0 0 _sodium_unpad 1 1 _sodium_version_string 1 1 diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 9b5688bb..b8efb868 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -2,7 +2,7 @@ export MAKE_FLAGS='-j4' export EXPORTED_FUNCTIONS_STANDARD='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_messagebytes_max","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_saltbytes","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' -export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_messagebytes_max","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_messagebytes_max","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_nonreducedscalarbytes","_crypto_core_ed25519_scalar_invert","_crypto_core_ed25519_scalar_random","_crypto_core_ed25519_scalar_reduce","_crypto_core_ed25519_scalarbytes","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_base_noclamp","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_noclamp","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_messagebytes_max","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_messagebytes_max","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_messagebytes_max","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_messagebytes_max","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_messagebytes_max","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_messagebytes_max","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_messagebytes_max","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_messagebytes_max","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_messagebytes_max","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_messagebytes_max","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' +export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_messagebytes_max","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_messagebytes_max","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_nonreducedscalarbytes","_crypto_core_ed25519_scalar_add","_crypto_core_ed25519_scalar_complement","_crypto_core_ed25519_scalar_invert","_crypto_core_ed25519_scalar_negate","_crypto_core_ed25519_scalar_random","_crypto_core_ed25519_scalar_reduce","_crypto_core_ed25519_scalar_sub","_crypto_core_ed25519_scalarbytes","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_base_noclamp","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_noclamp","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_messagebytes_max","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_messagebytes_max","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_messagebytes_max","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_messagebytes_max","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_messagebytes_max","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_messagebytes_max","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_messagebytes_max","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_messagebytes_max","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_messagebytes_max","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_messagebytes_max","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' export EXPORTED_RUNTIME_METHODS='["Pointer_stringify","getValue","setValue"]' export TOTAL_MEMORY=16777216 export TOTAL_MEMORY_SUMO=83886080 From f3ce049a9865e52816859ef8352a8b928d61bef0 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 30 Dec 2018 12:04:52 +0100 Subject: [PATCH 158/190] Bump to 1.0.17 Not released yet. This is just to encourage people to test the current code. --- ChangeLog | 1 + builds/msvc/resource.rc | 6 +++--- builds/msvc/version.h | 4 ++-- configure.ac | 4 ++-- msvc-scripts/process.bat | 4 ++-- src/libsodium/include/sodium/private/common.h | 2 +- 6 files changed, 11 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5e76e255..d50df121 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,7 @@ especially useful for blinding. - `sodium_sub()` has been implemented. - Support for WatchOS has been added. - getrandom(2) is now used on FreeBSD 12+. + - The `nonnull` attribute has been added to all relevant prototypes. * Version 1.0.16 - Signatures computations and verifications are now way faster on diff --git a/builds/msvc/resource.rc b/builds/msvc/resource.rc index cb30e7b1..db9c5226 100644 --- a/builds/msvc/resource.rc +++ b/builds/msvc/resource.rc @@ -4,8 +4,8 @@ #include "windows.h" //specify the version numbers for the dll's -#define LIBSODIUM_VERSION_STRING "1.0.16.0" -#define LIBSODIUM_VERSION_BIN 1,0,16,0 +#define LIBSODIUM_VERSION_STRING "1.0.17.0" +#define LIBSODIUM_VERSION_BIN 1,0,17,0 //specify the product name for the dlls based on the platform we are compiling for #if defined(x64) @@ -47,7 +47,7 @@ BEGIN VALUE "FileDescription", "The Sodium crypto library (libsodium) " VALUE "FileVersion", LIBSODIUM_VERSION_STRING VALUE "InternalName", "libsodium" - VALUE "LegalCopyright", "Copyright (c) 2017 The libsodium authors." + VALUE "LegalCopyright", "Copyright (c) 2013-2019 The libsodium authors." VALUE "OriginalFilename", "libsodium.dll" VALUE "ProductName", LIBSODIUM_PRODUCT_NAME VALUE "ProductVersion", LIBSODIUM_VERSION_STRING diff --git a/builds/msvc/version.h b/builds/msvc/version.h index 56ec2b95..031d298f 100644 --- a/builds/msvc/version.h +++ b/builds/msvc/version.h @@ -4,10 +4,10 @@ #include "export.h" -#define SODIUM_VERSION_STRING "1.0.16" +#define SODIUM_VERSION_STRING "1.0.17" #define SODIUM_LIBRARY_VERSION_MAJOR 10 -#define SODIUM_LIBRARY_VERSION_MINOR 1 +#define SODIUM_LIBRARY_VERSION_MINOR 2 #ifdef __cplusplus extern "C" { diff --git a/configure.ac b/configure.ac index 4c4e6d49..93d2b5f4 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.65]) -AC_INIT([libsodium],[1.0.16], +AC_INIT([libsodium],[1.0.17], [https://github.com/jedisct1/libsodium/issues], [libsodium], [https://github.com/jedisct1/libsodium]) @@ -17,7 +17,7 @@ AC_SUBST(VERSION) SODIUM_LIBRARY_VERSION_MAJOR=10 SODIUM_LIBRARY_VERSION_MINOR=1 DLL_VERSION=8 -SODIUM_LIBRARY_VERSION=24:0:1 +SODIUM_LIBRARY_VERSION=25:0:2 # | | | # +------+ | +---+ # | | | diff --git a/msvc-scripts/process.bat b/msvc-scripts/process.bat index 84c44786..fdaeaecf 100755 --- a/msvc-scripts/process.bat +++ b/msvc-scripts/process.bat @@ -1,5 +1,5 @@ -cscript msvc-scripts/rep.vbs //Nologo s/@VERSION@/1.0.16/ < src\libsodium\include\sodium\version.h.in > tmp +cscript msvc-scripts/rep.vbs //Nologo s/@VERSION@/1.0.17/ < src\libsodium\include\sodium\version.h.in > tmp cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MAJOR@/10/ < tmp > tmp2 -cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MINOR@/1/ < tmp2 > tmp3 +cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MINOR@/2/ < tmp2 > tmp3 cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_MINIMAL_DEF@// < tmp3 > src\libsodium\include\sodium\version.h del tmp tmp2 tmp3 diff --git a/src/libsodium/include/sodium/private/common.h b/src/libsodium/include/sodium/private/common.h index f87d682e..9a2f7fab 100644 --- a/src/libsodium/include/sodium/private/common.h +++ b/src/libsodium/include/sodium/private/common.h @@ -1,7 +1,7 @@ #ifndef common_H #define common_H 1 -#if !defined(_MSC_VER) && 1 +#if !defined(_MSC_VER) && 0 # warning *** This is unstable, untested, development code. # warning It might not compile. It might not work as expected. # warning It might be totally insecure. From ef3e5aadc75d5cbc1ed05c6de0ef8a3f26a45e97 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 30 Dec 2018 13:45:09 +0100 Subject: [PATCH 159/190] Don't try to enable retpolines on Emscripten & pnacl --- configure.ac | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 93d2b5f4..d4078d71 100644 --- a/configure.ac +++ b/configure.ac @@ -197,11 +197,12 @@ AC_CHECK_DEFINE([_FORTIFY_SOURCE], [], [ [CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"]) ]) -AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk], - [CFLAGS="$CFLAGS -mindirect-branch=thunk"], - [ - AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"]) - ]) +AS_IF([test "x$EMSCRIPTEN" = "x" -a "$host_os" != "pnacl"], [ + AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk], + [CFLAGS="$CFLAGS -mindirect-branch=thunk"], + [AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"])] + ) +]) AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [CFLAGS="$CFLAGS -fvisibility=hidden"]) From 0e0dbde088b0bfb71618f7c885678bc41fbfe681 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 30 Dec 2018 14:57:06 +0100 Subject: [PATCH 160/190] Emscripten: enable ALLOW_MEMORY_GROWTH --- dist-build/emscripten.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index b8efb868..b5fba8db 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -5,9 +5,10 @@ export EXPORTED_FUNCTIONS_STANDARD='["_malloc","_free","_crypto_aead_chacha20pol export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_messagebytes_max","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_messagebytes_max","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_nonreducedscalarbytes","_crypto_core_ed25519_scalar_add","_crypto_core_ed25519_scalar_complement","_crypto_core_ed25519_scalar_invert","_crypto_core_ed25519_scalar_negate","_crypto_core_ed25519_scalar_random","_crypto_core_ed25519_scalar_reduce","_crypto_core_ed25519_scalar_sub","_crypto_core_ed25519_scalarbytes","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_base_noclamp","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_noclamp","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_messagebytes_max","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_messagebytes_max","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_messagebytes_max","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_messagebytes_max","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_messagebytes_max","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_messagebytes_max","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_messagebytes_max","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_messagebytes_max","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_messagebytes_max","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_messagebytes_max","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' export EXPORTED_RUNTIME_METHODS='["Pointer_stringify","getValue","setValue"]' export TOTAL_MEMORY=16777216 -export TOTAL_MEMORY_SUMO=83886080 -export TOTAL_MEMORY_TESTS=167772160 +export TOTAL_MEMORY_SUMO=16777216 +export TOTAL_MEMORY_TESTS=16777216 export LDFLAGS="-s RESERVED_FUNCTION_POINTERS=8" +export LDFLAGS="${LDFLAGS} -s ALLOW_MEMORY_GROWTH=1" export LDFLAGS="${LDFLAGS} -s SINGLE_FILE=1" export LDFLAGS="${LDFLAGS} -s ASSERTIONS=0" export LDFLAGS="${LDFLAGS} -s AGGRESSIVE_VARIABLE_ELIMINATION=1 -s ALIASING_FUNCTION_POINTERS=1" From 8160d2b4654e72f95a328c9bd95cd6d770d5999a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 31 Dec 2018 08:51:40 +0100 Subject: [PATCH 161/190] 2019 --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index 1553d6bb..62510f35 100644 --- a/LICENSE +++ b/LICENSE @@ -1,7 +1,7 @@ /* * ISC License * - * Copyright (c) 2013-2018 + * Copyright (c) 2013-2019 * Frank Denis * * Permission to use, copy, modify, and/or distribute this software for any From 6bbcab33ed1b3cb5954e3c9f9a76dbf184ae9133 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Tue, 1 Jan 2019 22:59:23 +0100 Subject: [PATCH 162/190] Consistent initialization --- src/libsodium/sodium/utils.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index d018824a..6bbee4ad 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -289,7 +289,7 @@ sodium_increment(unsigned char *n, const size_t nlen) void sodium_add(unsigned char *a, const unsigned char *b, const size_t len) { - size_t i = 0U; + size_t i; uint_fast16_t c = 0U; #ifdef HAVE_AMD64_ASM @@ -328,7 +328,7 @@ sodium_add(unsigned char *a, const unsigned char *b, const size_t len) return; } #endif - for (; i < len; i++) { + for (i = 0U; i < len; i++) { c += (uint_fast16_t) a[i] + (uint_fast16_t) b[i]; a[i] = (unsigned char) c; c >>= 8; @@ -371,7 +371,7 @@ sodium_sub(unsigned char *a, const unsigned char *b, const size_t len) return; } #endif - for (i = 0; i < len; i++) { + for (i = 0U; i < len; i++) { c = (uint_fast16_t) a[i] - (uint_fast16_t) b[i] - c; a[i] = (unsigned char) c; c = (c >> 8) & 1U; From d333f509a28a130961cf989775350f7b91ccb6ef Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 2 Jan 2019 15:32:59 +0100 Subject: [PATCH 163/190] Add a test for sodium_sub() --- test/default/sodium_utils.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/test/default/sodium_utils.c b/test/default/sodium_utils.c index 24073f7a..7ad22d5d 100644 --- a/test/default/sodium_utils.c +++ b/test/default/sodium_utils.c @@ -60,8 +60,7 @@ main(void) buf2_rev[bin_len - 1 - j] = buf2[j]; } if (memcmp(buf1_rev, buf2_rev, bin_len) * - sodium_compare(buf1, buf2, bin_len) < - 0) { + sodium_compare(buf1, buf2, bin_len) < 0) { printf("sodium_compare() failure with length=%u\n", (unsigned int) bin_len); } @@ -106,7 +105,21 @@ main(void) if (sodium_compare(buf1, buf2, bin_len) != 0) { printf("sodium_add() failed\n"); } - + for (i = 0U; i < 1000U; i++) { + randombytes_buf(buf1, bin_len); + randombytes_buf(buf2, bin_len); + sodium_add(buf1, buf2, bin_len); + sodium_sub(buf1, buf2, bin_len); + sodium_sub(buf1, buf2, 0U); + if (sodium_is_zero(buf1, bin_len) && + !sodium_is_zero(buf1, bin_len)) { + printf("sodium_sub() failed\n"); + } + sodium_sub(buf1, buf1, bin_len); + if (!sodium_is_zero(buf1, bin_len)) { + printf("sodium_sub() failed\n"); + } + } assert(sizeof nonce >= 24U); memset(nonce, 0xfe, 24U); memset(nonce, 0xff, 6U); From bdfda5dc83629e6cc80f32ff9735f2e49e0293f0 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 2 Jan 2019 16:14:15 +0100 Subject: [PATCH 164/190] Nits --- test/default/kdf.c | 2 +- test/default/sign.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/default/kdf.c b/test/default/kdf.c index 0c9c7122..f10f034e 100644 --- a/test/default/kdf.c +++ b/test/default/kdf.c @@ -15,7 +15,7 @@ tv_kdf(void) context = (char *) sodium_malloc(crypto_kdf_CONTEXTBYTES); master_key = (unsigned char *) sodium_malloc(crypto_kdf_KEYBYTES); - memcpy(context, "KDF test", strlen("KDF test")); + memcpy(context, "KDF test", sizeof "KDF test" -1U); for (i = 0; i < crypto_kdf_KEYBYTES; i++) { master_key[i] = i; } diff --git a/test/default/sign.c b/test/default/sign.c index 7f25f531..30a2882b 100644 --- a/test/default/sign.c +++ b/test/default/sign.c @@ -1259,7 +1259,7 @@ int main(void) } sodium_hex2bin(sk, crypto_sign_SECRETKEYBYTES, "833fe62409237b9d62ec77587520911e9a759cec1d19755b7da901b96dca3d42", - 2 * crypto_sign_SECRETKEYBYTES , NULL, NULL, NULL); + 2 * crypto_sign_SECRETKEYBYTES / 2, NULL, NULL, NULL); sodium_hex2bin(pk, crypto_sign_PUBLICKEYBYTES, "ec172b93ad5e563bf4932c70e1245034c35467ef2efd4d64ebf819683467e2bf", 2 * crypto_sign_PUBLICKEYBYTES, NULL, NULL, NULL); From e614671fc87e67cdb97e900cbc1df51ab9b45caa Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Wed, 2 Jan 2019 17:33:57 +0100 Subject: [PATCH 165/190] More paranoid AVX512 detection --- src/libsodium/sodium/runtime.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/libsodium/sodium/runtime.c b/src/libsodium/sodium/runtime.c index f5c805cf..a5a89bca 100644 --- a/src/libsodium/sodium/runtime.c +++ b/src/libsodium/sodium/runtime.c @@ -39,8 +39,11 @@ static CPUFeatures _cpu_features; #define CPUID_EDX_SSE2 0x04000000 -#define XCR0_SSE 0x00000002 -#define XCR0_AVX 0x00000004 +#define XCR0_SSE 0x00000002 +#define XCR0_AVX 0x00000004 +#define XCR0_OPMASK 0x00000020 +#define XCR0_ZMM_HI256 0x00000040 +#define XCR0_HI16_ZMM 0x00000080 static int _sodium_runtime_arm_cpu_features(CPUFeatures * const cpu_features) @@ -114,6 +117,7 @@ _sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features) { unsigned int cpu_info[4]; unsigned int id; + uint32_t xcr0 = 0U; _cpuid(cpu_info, 0x0); if ((id = cpu_info[0]) == 0U) { @@ -145,10 +149,12 @@ _sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features) #endif cpu_features->has_avx = 0; + + (void) xcr0; #ifdef HAVE_AVXINTRIN_H if ((cpu_info[2] & (CPUID_ECX_AVX | CPUID_ECX_XSAVE | CPUID_ECX_OSXSAVE)) == (CPUID_ECX_AVX | CPUID_ECX_XSAVE | CPUID_ECX_OSXSAVE)) { - uint32_t xcr0 = 0U; + xcr0 = 0U; # if defined(HAVE__XGETBV) || \ (defined(_MSC_VER) && defined(_XCR_XFEATURE_ENABLED_MASK) && _MSC_FULL_VER >= 160040219) xcr0 = (uint32_t) _xgetbv(0); @@ -197,7 +203,11 @@ _sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features) unsigned int cpu_info7[4]; _cpuid(cpu_info7, 0x00000007); - cpu_features->has_avx512f = ((cpu_info7[1] & CPUID_EBX_AVX512F) != 0x0); + if ((cpu_info7[1] & CPUID_EBX_AVX512F) == CPUID_EBX_AVX512F && + (xcr0 & (XCR0_OPMASK | XCR0_ZMM_HI256 | XCR0_HI16_ZMM)) + == (XCR0_OPMASK | XCR0_ZMM_HI256 | XCR0_HI16_ZMM)) { + cpu_features->has_avx512f = 1; + } } #endif From 7ac557498fd9fb18c6165ca1245387cf55b8d2e9 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 3 Jan 2019 09:49:33 +0100 Subject: [PATCH 166/190] C++ compat --- test/default/cmptest.h | 12 ++++++------ test/default/misuse.c | 10 ++++++---- test/default/pwhash_argon2id.c | 8 ++++---- 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/test/default/cmptest.h b/test/default/cmptest.h index 6f5bebe4..4625d551 100644 --- a/test/default/cmptest.h +++ b/test/default/cmptest.h @@ -35,7 +35,7 @@ int xmain(void); -static void *guard_page; +static unsigned char *guard_page; #ifdef BENCHMARKS @@ -167,9 +167,9 @@ static FILE *fp_res; int main(void) { - FILE *fp_out; - void *_guard_page; - int c; + FILE *fp_out; + unsigned char *_guard_page; + int c; if ((fp_res = fopen(TEST_NAME_RES, "w+")) == NULL) { perror("fopen(" TEST_NAME_RES ")"); @@ -178,11 +178,11 @@ int main(void) if (sodium_init() != 0) { return 99; } - if ((_guard_page = sodium_malloc(0)) == NULL) { + if ((_guard_page = (unsigned char *) sodium_malloc(0)) == NULL) { perror("sodium_malloc()"); return 99; } - guard_page = (void *) (((unsigned char *) _guard_page) + 1); + guard_page = _guard_page + 1; if (xmain() != 0) { return 99; } diff --git a/test/default/misuse.c b/test/default/misuse.c index 8767c5e9..407d526f 100644 --- a/test/default/misuse.c +++ b/test/default/misuse.c @@ -45,7 +45,8 @@ sigabrt_handler_12(int sig) # else signal(SIGABRT, sigabrt_handler_13); # endif - assert(crypto_pwhash_str_alg(guard_page, "", 0U, 1U, 1U, -1) == -1); + assert(crypto_pwhash_str_alg((char *) guard_page, + "", 0U, 1U, 1U, -1) == -1); exit(1); } @@ -76,7 +77,7 @@ sigabrt_handler_9(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_10); - assert(sodium_base642bin(guard_page, 1, guard_page, 1, + assert(sodium_base642bin(guard_page, 1, (const char *) guard_page, 1, NULL, NULL, NULL, -1) == -1); exit(1); } @@ -86,7 +87,7 @@ sigabrt_handler_8(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_9); - assert(sodium_bin2base64(guard_page, 1, guard_page, 1, + assert(sodium_bin2base64((char *) guard_page, 1, guard_page, 1, sodium_base64_VARIANT_ORIGINAL) == NULL); exit(1); } @@ -96,7 +97,8 @@ sigabrt_handler_7(int sig) { (void) sig; signal(SIGABRT, sigabrt_handler_8); - assert(sodium_bin2base64(guard_page, 1, guard_page, 1, -1) == NULL); + assert(sodium_bin2base64((char *) guard_page, 1, + guard_page, 1, -1) == NULL); exit(1); } diff --git a/test/default/pwhash_argon2id.c b/test/default/pwhash_argon2id.c index f4e7450f..95463492 100644 --- a/test/default/pwhash_argon2id.c +++ b/test/default/pwhash_argon2id.c @@ -480,19 +480,19 @@ main(void) assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_argon2i13()); assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_alg_default()); - assert(crypto_pwhash_argon2id(guard_page, 0, guard_page, 0, guard_page, + assert(crypto_pwhash_argon2id(guard_page, 0, (const char *) guard_page, 0, guard_page, crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, 0) == -1); - assert(crypto_pwhash_argon2id(guard_page, 0, guard_page, 0, guard_page, + assert(crypto_pwhash_argon2id(guard_page, 0, (const char *) guard_page, 0, guard_page, crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, crypto_pwhash_ALG_ARGON2I13) == -1); - assert(crypto_pwhash_argon2i(guard_page, 0, guard_page, 0, guard_page, + assert(crypto_pwhash_argon2i(guard_page, 0, (const char *) guard_page, 0, guard_page, crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, 0) == -1); - assert(crypto_pwhash_argon2i(guard_page, 0, guard_page, 0, guard_page, + assert(crypto_pwhash_argon2i(guard_page, 0, (const char *) guard_page, 0, guard_page, crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, crypto_pwhash_ALG_ARGON2ID13) == -1); From 3c59cebe9112f6055a0fa0cf6efa332557a16745 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 3 Jan 2019 18:18:20 +0100 Subject: [PATCH 167/190] Make the blake2b and poly1305 state opaque --- .../aes256gcm/aesni/aead_aes256gcm_aesni.c | 50 +++++++++---------- .../crypto_generichash/blake2b/ref/blake2.h | 9 +++- .../blake2b/ref/generichash_blake2b.c | 17 ++++--- .../include/sodium/crypto_aead_aes256gcm.h | 4 +- .../sodium/crypto_generichash_blake2b.h | 7 +-- 5 files changed, 47 insertions(+), 40 deletions(-) diff --git a/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c b/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c index dc54bca7..69707a68 100644 --- a/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c +++ b/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c @@ -51,10 +51,10 @@ _bswap64(const uint64_t x) } #endif -typedef struct context { - CRYPTO_ALIGN(16) unsigned char H[16]; - __m128i rkeys[16]; -} context; +typedef struct aes256gcm_state { + __m128i rkeys[16]; + unsigned char H[16]; +} aes256gcm_state; static inline void aesni_key256_expand(const unsigned char *key, __m128i * const rkeys) @@ -488,10 +488,10 @@ int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_, const unsigned char *k) { - context *ctx = (context *) ctx_; - __m128i *rkeys = ctx->rkeys; - __m128i zero = _mm_setzero_si128(); - unsigned char *H = ctx->H; + aes256gcm_state *ctx = (aes256gcm_state *) (void *) ctx_; + unsigned char *H = ctx->H; + __m128i *rkeys = ctx->rkeys; + __m128i zero = _mm_setzero_si128(); COMPILER_ASSERT((sizeof *ctx_) >= (sizeof *ctx)); aesni_key256_expand(k, rkeys); @@ -509,13 +509,13 @@ crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c, const unsigned char *npub, const crypto_aead_aes256gcm_state *ctx_) { - const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); - const context *ctx = (const context *) ctx_; - const __m128i *rkeys = ctx->rkeys; - __m128i Hv, H2v, H3v, H4v, accv; - unsigned long long i, j; - unsigned long long adlen_rnd64 = adlen & ~63ULL; - unsigned long long mlen_rnd128 = mlen & ~127ULL; + const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + const aes256gcm_state *ctx = (const aes256gcm_state *) (const void *) ctx_; + const __m128i *rkeys = ctx->rkeys; + __m128i Hv, H2v, H3v, H4v, accv; + unsigned long long i, j; + unsigned long long adlen_rnd64 = adlen & ~63ULL; + unsigned long long mlen_rnd128 = mlen & ~127ULL; CRYPTO_ALIGN(16) uint32_t n2[4]; CRYPTO_ALIGN(16) unsigned char H[16]; CRYPTO_ALIGN(16) unsigned char T[16]; @@ -647,14 +647,14 @@ crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m, unsigned char * const unsigned char *npub, const crypto_aead_aes256gcm_state *ctx_) { - const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); - const context *ctx = (const context *) ctx_; - const __m128i *rkeys = ctx->rkeys; - __m128i Hv, H2v, H3v, H4v, accv; - unsigned long long i, j; - unsigned long long adlen_rnd64 = adlen & ~63ULL; - unsigned long long mlen; - unsigned long long mlen_rnd128; + const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15); + const aes256gcm_state *ctx = (const aes256gcm_state *) (const void *) ctx_; + const __m128i *rkeys = ctx->rkeys; + __m128i Hv, H2v, H3v, H4v, accv; + unsigned long long i, j; + unsigned long long adlen_rnd64 = adlen & ~63ULL; + unsigned long long mlen; + unsigned long long mlen_rnd128; CRYPTO_ALIGN(16) uint32_t n2[4]; CRYPTO_ALIGN(16) unsigned char H[16]; CRYPTO_ALIGN(16) unsigned char T[16]; @@ -862,7 +862,7 @@ crypto_aead_aes256gcm_encrypt(unsigned char *c, ret = crypto_aead_aes256gcm_encrypt_afternm (c, clen_p, m, mlen, ad, adlen, nsec, npub, (const crypto_aead_aes256gcm_state *) &ctx); - sodium_memzero(ctx, sizeof ctx); + sodium_memzero(&ctx, sizeof ctx); return ret; } @@ -906,7 +906,7 @@ crypto_aead_aes256gcm_decrypt(unsigned char *m, ret = crypto_aead_aes256gcm_decrypt_afternm (m, mlen_p, nsec, c, clen, ad, adlen, npub, (const crypto_aead_aes256gcm_state *) &ctx); - sodium_memzero(ctx, sizeof ctx); + sodium_memzero(&ctx, sizeof ctx); return ret; } diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2.h b/src/libsodium/crypto_generichash/blake2b/ref/blake2.h index c6c4fccb..6ea2832e 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2.h +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2.h @@ -65,7 +65,14 @@ typedef struct blake2b_param_ { uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ } blake2b_param; -typedef crypto_generichash_blake2b_state blake2b_state; +typedef struct blake2b_state { + uint64_t h[8]; + uint64_t t[2]; + uint64_t f[2]; + uint8_t buf[2 * 128]; + size_t buflen; + uint8_t last_node; +} blake2b_state; #if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) #pragma pack() diff --git a/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c b/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c index 4bd08550..99aa9324 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c +++ b/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c @@ -53,10 +53,10 @@ crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state, assert(outlen <= UINT8_MAX); assert(keylen <= UINT8_MAX); if (key == NULL || keylen <= 0U) { - if (blake2b_init(state, (uint8_t) outlen) != 0) { + if (blake2b_init((blake2b_state *) (void *) state, (uint8_t) outlen) != 0) { return -1; /* LCOV_EXCL_LINE */ } - } else if (blake2b_init_key(state, (uint8_t) outlen, key, + } else if (blake2b_init_key((blake2b_state *) (void *) state, (uint8_t) outlen, key, (uint8_t) keylen) != 0) { return -1; /* LCOV_EXCL_LINE */ } @@ -76,11 +76,12 @@ crypto_generichash_blake2b_init_salt_personal( assert(outlen <= UINT8_MAX); assert(keylen <= UINT8_MAX); if (key == NULL || keylen <= 0U) { - if (blake2b_init_salt_personal(state, (uint8_t) outlen, salt, - personal) != 0) { + if (blake2b_init_salt_personal((blake2b_state *) (void *) state, + (uint8_t) outlen, salt, personal) != 0) { return -1; /* LCOV_EXCL_LINE */ } - } else if (blake2b_init_key_salt_personal(state, (uint8_t) outlen, key, + } else if (blake2b_init_key_salt_personal((blake2b_state *) (void *) state, + (uint8_t) outlen, key, (uint8_t) keylen, salt, personal) != 0) { return -1; /* LCOV_EXCL_LINE */ @@ -93,7 +94,8 @@ crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state, const unsigned char *in, unsigned long long inlen) { - return blake2b_update(state, (const uint8_t *) in, (uint64_t) inlen); + return blake2b_update((blake2b_state *) (void *) state, + (const uint8_t *) in, (uint64_t) inlen); } int @@ -101,7 +103,8 @@ crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state, unsigned char *out, const size_t outlen) { assert(outlen <= UINT8_MAX); - return blake2b_final(state, (uint8_t *) out, (uint8_t) outlen); + return blake2b_final((blake2b_state *) (void *) state, + (uint8_t *) out, (uint8_t) outlen); } int diff --git a/src/libsodium/include/sodium/crypto_aead_aes256gcm.h b/src/libsodium/include/sodium/crypto_aead_aes256gcm.h index 752586cc..2d31a975 100644 --- a/src/libsodium/include/sodium/crypto_aead_aes256gcm.h +++ b/src/libsodium/include/sodium/crypto_aead_aes256gcm.h @@ -56,7 +56,9 @@ size_t crypto_aead_aes256gcm_abytes(void); SODIUM_EXPORT size_t crypto_aead_aes256gcm_messagebytes_max(void); -typedef CRYPTO_ALIGN(16) unsigned char crypto_aead_aes256gcm_state[512]; +typedef CRYPTO_ALIGN(16) struct crypto_aead_aes256gcm_state_ { + unsigned char opaque[512]; +} crypto_aead_aes256gcm_state; SODIUM_EXPORT size_t crypto_aead_aes256gcm_statebytes(void); diff --git a/src/libsodium/include/sodium/crypto_generichash_blake2b.h b/src/libsodium/include/sodium/crypto_generichash_blake2b.h index f1110a4d..ecda3625 100644 --- a/src/libsodium/include/sodium/crypto_generichash_blake2b.h +++ b/src/libsodium/include/sodium/crypto_generichash_blake2b.h @@ -21,12 +21,7 @@ extern "C" { #endif typedef struct CRYPTO_ALIGN(64) crypto_generichash_blake2b_state { - uint64_t h[8]; - uint64_t t[2]; - uint64_t f[2]; - uint8_t buf[2 * 128]; - size_t buflen; - uint8_t last_node; + unsigned char opaque[384]; } crypto_generichash_blake2b_state; #if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) From 74ccac9e832d128a07340280e19b33efc88c1650 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 3 Jan 2019 18:34:24 +0100 Subject: [PATCH 168/190] Do not assume that CRYPTO_ALIGN works --- .../blake2b/ref/blake2b-compress-avx2.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h index e3219777..d08603a8 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h @@ -5,12 +5,17 @@ #define LOADU128(p) _mm_loadu_si128((const __m128i *) (p)) #define STOREU128(p, r) _mm_storeu_si128((__m128i *) (p), r) -#define LOAD(p) _mm256_load_si256((const __m256i *) (p)) -#define STORE(p, r) _mm256_store_si256((__m256i *) (p), r) - #define LOADU(p) _mm256_loadu_si256((const __m256i *) (p)) #define STOREU(p, r) _mm256_storeu_si256((__m256i *) (p), r) +#if defined(__INTEL_COMPILER) || defined(_MSC_VER) || defined(__GNUC__) +# define LOAD(p) _mm256_load_si256((const __m256i *) (p)) +# define STORE(p, r) _mm256_store_si256((__m256i *) (p), r) +#else +# define LOAD(p) LOADU(p) +# define STORE(p, r) STOREU(p, r) +#endif + static inline uint64_t LOADU64(const void *p) { From 1cd6641cdefb51c9070284b50da8b4c01287ca9a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 3 Jan 2019 18:52:43 +0100 Subject: [PATCH 169/190] Add an extra compile-time assertion --- .../crypto_generichash/blake2b/ref/generichash_blake2b.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c b/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c index 99aa9324..7a8598c7 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c +++ b/src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c @@ -5,6 +5,7 @@ #include "blake2.h" #include "crypto_generichash_blake2b.h" +#include "private/common.h" #include "private/implementations.h" int @@ -52,6 +53,7 @@ crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state, } assert(outlen <= UINT8_MAX); assert(keylen <= UINT8_MAX); + COMPILER_ASSERT(sizeof(blake2b_state) <= sizeof *state); if (key == NULL || keylen <= 0U) { if (blake2b_init((blake2b_state *) (void *) state, (uint8_t) outlen) != 0) { return -1; /* LCOV_EXCL_LINE */ From 32385c6b9a00cb2a83c64cba80e8b5962841cd88 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 3 Jan 2019 22:28:42 +0100 Subject: [PATCH 170/190] Avoid negative indices, especially with unsigned types --- src/libsodium/sodium/utils.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libsodium/sodium/utils.c b/src/libsodium/sodium/utils.c index 6bbee4ad..d865eb90 100644 --- a/src/libsodium/sodium/utils.c +++ b/src/libsodium/sodium/utils.c @@ -742,7 +742,7 @@ sodium_pad(size_t *padded_buflen_p, unsigned char *buf, for (i = 0; i < blocksize; i++) { barrier_mask = (unsigned char) (((i ^ xpadlen) - 1U) >> ((sizeof(size_t) - 1) * CHAR_BIT)); - tail[-i] = (tail[-i] & mask) | (0x80 & barrier_mask); + *(tail - i) = ((*(tail - i)) & mask) | (0x80 & barrier_mask); mask |= barrier_mask; } return 0; @@ -766,7 +766,7 @@ sodium_unpad(size_t *unpadded_buflen_p, const unsigned char *buf, tail = &buf[padded_buflen - 1U]; for (i = 0U; i < blocksize; i++) { - c = tail[-i]; + c = *(tail - i); is_barrier = (( (acc - 1U) & (pad_len - 1U) & ((c ^ 0x80) - 1U) ) >> 8) & 1U; acc |= c; From 1647f0d53ae0e370378a9195477e3df0a792408f Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 3 Jan 2019 22:28:59 +0100 Subject: [PATCH 171/190] Add comments --- src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c | 5 +++-- src/libsodium/crypto_kx/crypto_kx.c | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c index 1d7adb76..152770e8 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c @@ -97,6 +97,7 @@ blake2b_init0(blake2b_state *S) for (i = 0; i < 8; i++) { S->h[i] = blake2b_IV[i]; } + /* zero everything between .t and .last_node */ memset(S->t, 0, offsetof(blake2b_state, last_node) + sizeof(S->last_node) - offsetof(blake2b_state, t)); return 0; @@ -203,7 +204,7 @@ blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key, { uint8_t block[BLAKE2B_BLOCKBYTES]; memset(block, 0, BLAKE2B_BLOCKBYTES); - memcpy(block, key, keylen); /* keylen cannot be 0 */ + memcpy(block, key, keylen); /* key and keylen cannot be 0 */ blake2b_update(S, block, BLAKE2B_BLOCKBYTES); sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */ } @@ -249,7 +250,7 @@ blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen, { uint8_t block[BLAKE2B_BLOCKBYTES]; memset(block, 0, BLAKE2B_BLOCKBYTES); - memcpy(block, key, keylen); /* keylen cannot be 0 */ + memcpy(block, key, keylen); /* key and keylen cannot be 0 */ blake2b_update(S, block, BLAKE2B_BLOCKBYTES); sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */ } diff --git a/src/libsodium/crypto_kx/crypto_kx.c b/src/libsodium/crypto_kx/crypto_kx.c index 877ab7ff..9f0c3aef 100644 --- a/src/libsodium/crypto_kx/crypto_kx.c +++ b/src/libsodium/crypto_kx/crypto_kx.c @@ -63,8 +63,8 @@ crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], crypto_generichash_final(&h, keys, sizeof keys); sodium_memzero(&h, sizeof h); for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) { - rx[i] = keys[i]; - tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; + rx[i] = keys[i]; /* rx cannot be NULL */ + tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; /* tx cannot be NULL */ } sodium_memzero(keys, sizeof keys); From e45fadffb1abf50ce8d9b79246ba0cd7298df8c9 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 3 Jan 2019 22:44:58 +0100 Subject: [PATCH 172/190] Add comments, avoid implicit array initialization --- src/libsodium/crypto_core/ed25519/core_ed25519.c | 13 +++++++++---- .../crypto_generichash/blake2b/ref/blake2b-ref.c | 4 ++-- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index e9027e5d..3169ff35 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -98,11 +98,13 @@ static const unsigned char L[] = { void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s) { - unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 0U }; - unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 0U }; + unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; + unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; COMPILER_ASSERT(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= 2 * crypto_core_ed25519_SCALARBYTES); + memset(t_, 0, sizeof t_); + memset(s_, 0, sizeof s_); memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L, crypto_core_ed25519_SCALARBYTES); memcpy(s_, s, crypto_core_ed25519_SCALARBYTES); @@ -115,11 +117,14 @@ void crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s) { - unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 1U }; - unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 0U }; + unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; + unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; COMPILER_ASSERT(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= 2 * crypto_core_ed25519_SCALARBYTES); + memset(t_, 0, sizeof t_); + memset(s_, 0, sizeof s_); + t_[0]++; memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L, crypto_core_ed25519_SCALARBYTES); memcpy(s_, s, crypto_core_ed25519_SCALARBYTES); diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c index 152770e8..4f56b793 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c @@ -184,7 +184,7 @@ blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key, sodium_misuse(); } if (!key || !keylen || keylen > BLAKE2B_KEYBYTES) { - sodium_misuse(); + sodium_misuse(); /* does not return */ } P->digest_length = outlen; P->key_length = keylen; @@ -222,7 +222,7 @@ blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen, sodium_misuse(); } if (!key || !keylen || keylen > BLAKE2B_KEYBYTES) { - sodium_misuse(); + sodium_misuse(); /* does not return */ } P->digest_length = outlen; P->key_length = keylen; From 3ab71f873f93d6df65d78ceeda9a51f148bfae1a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 4 Jan 2019 11:55:17 +0100 Subject: [PATCH 173/190] must -> should --- src/libsodium/include/sodium/crypto_generichash.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libsodium/include/sodium/crypto_generichash.h b/src/libsodium/include/sodium/crypto_generichash.h index c255dc71..a5f313d7 100644 --- a/src/libsodium/include/sodium/crypto_generichash.h +++ b/src/libsodium/include/sodium/crypto_generichash.h @@ -43,7 +43,7 @@ const char *crypto_generichash_primitive(void); /* * Important when writing bindings for other programming languages: - * the state address *must* be 64-bytes aligned. + * the state address should be 64-bytes aligned. */ typedef crypto_generichash_blake2b_state crypto_generichash_state; From a01c5f8fd80208608b091bc8e854e38309f5159e Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 4 Jan 2019 12:43:47 +0100 Subject: [PATCH 174/190] Add a conditional to enable retpoline support Using retpoline in userland code that doesn't run arbitrary code is questionable to start with. Linux is also getting SPECTRE v2 userspace-to-userspace protection. In addition, some platforms have a gcc version that advertises support for retpolines, but the resulting binaries simply don't work or cannot be linked. So, do not enable this by default. Let builders choose if they really want to enable this in their builds. --- ChangeLog | 1 - configure.ac | 18 +++++++++++------- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index d50df121..663e711c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,7 +10,6 @@ module; fall back to Javascript on these. counterpart. - Added a workaround for Visual Studio 2010 bug causing CPU features not to be detected. - - The library now enables compilation with retpoline by default. - Portability improvements. - Test vectors from Project Wycheproof have been added. - New low-level APIs for arithmetic mod the order of the prime order group: diff --git a/configure.ac b/configure.ac index d4078d71..addf47bf 100644 --- a/configure.ac +++ b/configure.ac @@ -149,6 +149,17 @@ AC_ARG_WITH(ctgrind, ]) ]) +AC_ARG_ENABLE(retpoline, +[AS_HELP_STRING(--enable-retpoline,Use return trampolines for indirect calls)], +[AS_IF([test "x$enableval" = "xyes"], [ + AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk-inline], + [CFLAGS="$CFLAGS -mindirect-branch=thunk-inline"], + [AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"])] + ) + AX_CHECK_COMPILE_FLAG([-mindirect-branch-register]) + ]) +]) + ENABLE_CWFLAGS=no AC_ARG_ENABLE(debug, [AS_HELP_STRING(--enable-debug,For maintainers only - please do not use)], @@ -197,13 +208,6 @@ AC_CHECK_DEFINE([_FORTIFY_SOURCE], [], [ [CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2"]) ]) -AS_IF([test "x$EMSCRIPTEN" = "x" -a "$host_os" != "pnacl"], [ - AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk], - [CFLAGS="$CFLAGS -mindirect-branch=thunk"], - [AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"])] - ) -]) - AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [CFLAGS="$CFLAGS -fvisibility=hidden"]) From a04f09298d52c6603823cc493a1ccec2b38a1508 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 4 Jan 2019 12:52:59 +0100 Subject: [PATCH 175/190] AVX512 detection has been improved --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 663e711c..24447c4b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,7 @@ especially useful for blinding. - Support for WatchOS has been added. - getrandom(2) is now used on FreeBSD 12+. - The `nonnull` attribute has been added to all relevant prototypes. + - More reliable AVX512 detection. * Version 1.0.16 - Signatures computations and verifications are now way faster on From f5c14a46d05d1a1fbe876c4817b3ccf3fd456551 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Fri, 4 Jan 2019 18:36:15 +0100 Subject: [PATCH 176/190] ALLOW_MEMORY_GROWTH is now enabled --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 24447c4b..ece44d44 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,6 +26,7 @@ especially useful for blinding. - getrandom(2) is now used on FreeBSD 12+. - The `nonnull` attribute has been added to all relevant prototypes. - More reliable AVX512 detection. + - Javascript/Webassembly builds now use dynamic memory growth * Version 1.0.16 - Signatures computations and verifications are now way faster on From 48852da7cdcf8c45abf16a3966d9cc0ec8da24dc Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 5 Jan 2019 14:31:44 +0100 Subject: [PATCH 177/190] Improve clarity --- src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c index 4f56b793..a1beacf3 100644 --- a/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c +++ b/src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c @@ -98,7 +98,8 @@ blake2b_init0(blake2b_state *S) S->h[i] = blake2b_IV[i]; } /* zero everything between .t and .last_node */ - memset(S->t, 0, offsetof(blake2b_state, last_node) + sizeof(S->last_node) + memset((void *) &S->t, 0, + offsetof(blake2b_state, last_node) + sizeof(S->last_node) - offsetof(blake2b_state, t)); return 0; } From 0205a8035e871bed6fd11ec47da50edfc659b30a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 5 Jan 2019 20:56:22 +0100 Subject: [PATCH 178/190] More tests --- test/default/core_ed25519.c | 111 +++++++++++++++++++++++++++++++++- test/default/core_ed25519.exp | 14 +++++ 2 files changed, 124 insertions(+), 1 deletion(-) diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c index e884d2ff..93edc675 100644 --- a/test/default/core_ed25519.c +++ b/test/default/core_ed25519.c @@ -46,8 +46,9 @@ main(void) { unsigned char *h; unsigned char *p, *p2, *p3; - unsigned char *sc; + unsigned char *sc, *sc2, *sc3; unsigned char *sc64; + char *hex; unsigned int i, j; h = (unsigned char *) sodium_malloc(crypto_core_ed25519_UNIFORMBYTES); @@ -210,7 +211,115 @@ main(void) assert(p[i] == 0); } + hex = sodium_malloc(crypto_core_ed25519_SCALARBYTES * 2 + 1); + + for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { + sc[i] = 255 - i; + } + if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) { + printf("crypto_core_ed25519_scalar_invert() failed\n"); + } + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("inv1: %s\n", hex); + if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) { + printf("crypto_core_ed25519_scalar_invert() failed\n"); + } + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("inv2: %s\n", hex); + for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { + sc[i] = 32 - i; + } + if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) { + printf("crypto_core_ed25519_scalar_invert() failed\n"); + } + hex = sodium_malloc(crypto_core_ed25519_SCALARBYTES * 2 + 1); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("inv3: %s\n", hex); + if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) { + printf("crypto_core_ed25519_scalar_invert() failed\n"); + } + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("inv4: %s\n", hex); + + for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { + sc[i] = 255 - i; + } + crypto_core_ed25519_scalar_negate(sc, sc); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("neg1: %s\n", hex); + crypto_core_ed25519_scalar_negate(sc, sc); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("neg2: %s\n", hex); + for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { + sc[i] = 32 - i; + } + crypto_core_ed25519_scalar_negate(sc, sc); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("neg3: %s\n", hex); + crypto_core_ed25519_scalar_negate(sc, sc); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("neg4: %s\n", hex); + + for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { + sc[i] = 255 - i; + } + crypto_core_ed25519_scalar_complement(sc, sc); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("comp1: %s\n", hex); + crypto_core_ed25519_scalar_complement(sc, sc); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("comp2: %s\n", hex); + for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { + sc[i] = 32 - i; + } + crypto_core_ed25519_scalar_complement(sc, sc); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("comp3: %s\n", hex); + crypto_core_ed25519_scalar_complement(sc, sc); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("comp4: %s\n", hex); + + sc2 = sodium_malloc(crypto_core_ed25519_SCALARBYTES); + sc3 = sodium_malloc(crypto_core_ed25519_SCALARBYTES); + randombytes_buf(sc, crypto_core_ed25519_SCALARBYTES); + randombytes_buf(sc2, crypto_core_ed25519_SCALARBYTES); + crypto_core_ed25519_scalar_add(sc3, sc, sc2); + assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES)); + crypto_core_ed25519_scalar_sub(sc3, sc3, sc2); + assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES)); + crypto_core_ed25519_scalar_sub(sc3, sc3, sc); + assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES)); + + memset(sc, 0x69, crypto_core_ed25519_UNIFORMBYTES); + memset(sc2, 0x42, crypto_core_ed25519_UNIFORMBYTES); + crypto_core_ed25519_scalar_add(sc, sc, sc2); + crypto_core_ed25519_scalar_add(sc, sc2, sc); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("add: %s\n", hex); + + crypto_core_ed25519_scalar_sub(sc, sc2, sc); + crypto_core_ed25519_scalar_sub(sc, sc, sc2); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("sub: %s\n", hex); + + sodium_free(hex); sodium_free(sc64); + sodium_free(sc3); + sodium_free(sc2); sodium_free(sc); sodium_free(p3); sodium_free(p2); diff --git a/test/default/core_ed25519.exp b/test/default/core_ed25519.exp index d86bac9d..6b8c1686 100644 --- a/test/default/core_ed25519.exp +++ b/test/default/core_ed25519.exp @@ -1 +1,15 @@ +inv1: 5858cdec40a044b1548b3bb08f8ce0d71103d1f887df84ebc502643dac4df40b +inv2: 09688ce78a8ff8273f636b0bc748c0cceeeeedecebeae9e8e7e6e5e4e3e2e100 +inv3: f70b4f272b47bd6a1015a511fb3c9fc1b9c21ca4ca2e17d5a225b4c410b9b60d +inv4: 201f1e1d1c1b1a191817161514131211100f0e0d0c0b0a090807060504030201 +neg1: e46b69758fd3193097398c9717b11e48111112131415161718191a1b1c1d1e0f +neg2: 09688ce78a8ff8273f636b0bc748c0cceeeeedecebeae9e8e7e6e5e4e3e2e100 +neg3: cdb4d73ffe47f83ebe85e18dcae6cc03f0f0f1f2f3f4f5f6f7f8f9fafbfcfd0e +neg4: 201f1e1d1c1b1a191817161514131211100f0e0d0c0b0a090807060504030201 +comp1: e56b69758fd3193097398c9717b11e48111112131415161718191a1b1c1d1e0f +comp2: 09688ce78a8ff8273f636b0bc748c0cceeeeedecebeae9e8e7e6e5e4e3e2e100 +comp3: ceb4d73ffe47f83ebe85e18dcae6cc03f0f0f1f2f3f4f5f6f7f8f9fafbfcfd0e +comp4: 201f1e1d1c1b1a191817161514131211100f0e0d0c0b0a090807060504030201 +add: f7567cd87c82ec1c355a6304c143bcc9ecedededededededededededededed0d +sub: f67c79849de0253ba142949e1db6224b13121212121212121212121212121202 OK From d4eec69ef1d58a50126ff84b89d52f0fbd16962e Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 5 Jan 2019 21:17:48 +0100 Subject: [PATCH 179/190] More tests --- test/default/sodium_utils.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/test/default/sodium_utils.c b/test/default/sodium_utils.c index 7ad22d5d..379518fc 100644 --- a/test/default/sodium_utils.c +++ b/test/default/sodium_utils.c @@ -155,6 +155,18 @@ main(void) printf("%s\n", sodium_bin2hex(nonce_hex, sizeof nonce_hex, nonce, sizeof nonce)); + randombytes_buf(buf1, 64U); + randombytes_buf(buf2, 64U); + memset(buf_add, 0, 64U); + sodium_add(buf_add, buf1, 64U); + assert(!sodium_is_zero(buf_add, 64U)); + sodium_add(buf_add, buf2, 64U); + assert(!sodium_is_zero(buf_add, 64U)); + sodium_sub(buf_add, buf1, 64U); + assert(!sodium_is_zero(buf_add, 64U)); + sodium_sub(buf_add, buf2, 64U); + assert(sodium_is_zero(buf_add, 64U)); + for (i = 0; i < 2000U; i++) { bin_len = randombytes_uniform(200U); blocksize = 1U + randombytes_uniform(500U); From b7cb241eb90fa33f154582245f73b2704260304b Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 5 Jan 2019 22:09:32 +0100 Subject: [PATCH 180/190] Bump SODIUM_LIBRARY_VERSION_MINOR --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index addf47bf..3cb79e66 100644 --- a/configure.ac +++ b/configure.ac @@ -15,7 +15,7 @@ AM_DEP_TRACK AC_SUBST(VERSION) SODIUM_LIBRARY_VERSION_MAJOR=10 -SODIUM_LIBRARY_VERSION_MINOR=1 +SODIUM_LIBRARY_VERSION_MINOR=2 DLL_VERSION=8 SODIUM_LIBRARY_VERSION=25:0:2 # | | | From 531b545578fae2f779efde1116586fbff1e9b9bd Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 5 Jan 2019 22:58:07 +0100 Subject: [PATCH 181/190] Avoid partial array initialization --- src/libsodium/crypto_core/ed25519/core_ed25519.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index 3169ff35..15c004b9 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -137,9 +137,11 @@ void crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x, const unsigned char *y) { - unsigned char x_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 0U }; - unsigned char y_[crypto_core_ed25519_NONREDUCEDSCALARBYTES] = { 0U }; + unsigned char x_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; + unsigned char y_[crypto_core_ed25519_NONREDUCEDSCALARBYTES]; + memset(x_, 0, sizeof x_); + memset(y_, 0, sizeof y_); memcpy(x_, x, crypto_core_ed25519_SCALARBYTES); memcpy(y_, y, crypto_core_ed25519_SCALARBYTES); sodium_add(x_, y_, crypto_core_ed25519_SCALARBYTES); From 909983a9d2d4fa9ee34fcfb349e0d853e557d9b2 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 5 Jan 2019 23:08:03 +0100 Subject: [PATCH 182/190] Avoid memory leak and overflow in addition test --- test/default/core_ed25519.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c index 93edc675..782291b3 100644 --- a/test/default/core_ed25519.c +++ b/test/default/core_ed25519.c @@ -211,7 +211,7 @@ main(void) assert(p[i] == 0); } - hex = sodium_malloc(crypto_core_ed25519_SCALARBYTES * 2 + 1); + hex = (char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES * 2 + 1); for (i = 0; i < crypto_core_ed25519_SCALARBYTES; i++) { sc[i] = 255 - i; @@ -234,7 +234,7 @@ main(void) if (crypto_core_ed25519_scalar_invert(sc, sc) != 0) { printf("crypto_core_ed25519_scalar_invert() failed\n"); } - hex = sodium_malloc(crypto_core_ed25519_SCALARBYTES * 2 + 1); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, sc, crypto_core_ed25519_SCALARBYTES); printf("inv3: %s\n", hex); @@ -291,16 +291,20 @@ main(void) sc, crypto_core_ed25519_SCALARBYTES); printf("comp4: %s\n", hex); - sc2 = sodium_malloc(crypto_core_ed25519_SCALARBYTES); - sc3 = sodium_malloc(crypto_core_ed25519_SCALARBYTES); - randombytes_buf(sc, crypto_core_ed25519_SCALARBYTES); - randombytes_buf(sc2, crypto_core_ed25519_SCALARBYTES); - crypto_core_ed25519_scalar_add(sc3, sc, sc2); - assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES)); - crypto_core_ed25519_scalar_sub(sc3, sc3, sc2); - assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES)); - crypto_core_ed25519_scalar_sub(sc3, sc3, sc); - assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES)); + sc2 = (unsigned char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES); + sc3 = (unsigned char *) sodium_malloc(crypto_core_ed25519_SCALARBYTES); + for (i = 0; i < 1000; i++) { + randombytes_buf(sc, crypto_core_ed25519_SCALARBYTES); + randombytes_buf(sc2, crypto_core_ed25519_SCALARBYTES); + sc[crypto_core_ed25519_SCALARBYTES - 1] &= 0x7f; + sc2[crypto_core_ed25519_SCALARBYTES - 1] &= 0x7f; + crypto_core_ed25519_scalar_add(sc3, sc, sc2); + assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES)); + crypto_core_ed25519_scalar_sub(sc3, sc3, sc2); + assert(!sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES)); + crypto_core_ed25519_scalar_sub(sc3, sc3, sc); + assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES)); + } memset(sc, 0x69, crypto_core_ed25519_UNIFORMBYTES); memset(sc2, 0x42, crypto_core_ed25519_UNIFORMBYTES); From 0cdf963799ef7b95f3c5973d30b9694125deb66d Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 5 Jan 2019 23:11:02 +0100 Subject: [PATCH 183/190] Add another test --- test/default/core_ed25519.c | 18 ++++++++++++++++-- test/default/core_ed25519.exp | 6 ++++-- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c index 782291b3..b6bdfab9 100644 --- a/test/default/core_ed25519.c +++ b/test/default/core_ed25519.c @@ -312,13 +312,27 @@ main(void) crypto_core_ed25519_scalar_add(sc, sc2, sc); sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, sc, crypto_core_ed25519_SCALARBYTES); - printf("add: %s\n", hex); + printf("add1: %s\n", hex); crypto_core_ed25519_scalar_sub(sc, sc2, sc); crypto_core_ed25519_scalar_sub(sc, sc, sc2); sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, sc, crypto_core_ed25519_SCALARBYTES); - printf("sub: %s\n", hex); + printf("sub1: %s\n", hex); + + memset(sc, 0xcd, crypto_core_ed25519_UNIFORMBYTES); + memset(sc2, 0x42, crypto_core_ed25519_UNIFORMBYTES); + crypto_core_ed25519_scalar_add(sc, sc, sc2); + crypto_core_ed25519_scalar_add(sc, sc2, sc); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("add2: %s\n", hex); + + crypto_core_ed25519_scalar_sub(sc, sc2, sc); + crypto_core_ed25519_scalar_sub(sc, sc, sc2); + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc, crypto_core_ed25519_SCALARBYTES); + printf("sub2: %s\n", hex); sodium_free(hex); sodium_free(sc64); diff --git a/test/default/core_ed25519.exp b/test/default/core_ed25519.exp index 6b8c1686..89fbaa33 100644 --- a/test/default/core_ed25519.exp +++ b/test/default/core_ed25519.exp @@ -10,6 +10,8 @@ comp1: e56b69758fd3193097398c9717b11e48111112131415161718191a1b1c1d1e0f comp2: 09688ce78a8ff8273f636b0bc748c0cceeeeedecebeae9e8e7e6e5e4e3e2e100 comp3: ceb4d73ffe47f83ebe85e18dcae6cc03f0f0f1f2f3f4f5f6f7f8f9fafbfcfd0e comp4: 201f1e1d1c1b1a191817161514131211100f0e0d0c0b0a090807060504030201 -add: f7567cd87c82ec1c355a6304c143bcc9ecedededededededededededededed0d -sub: f67c79849de0253ba142949e1db6224b13121212121212121212121212121202 +add1: f7567cd87c82ec1c355a6304c143bcc9ecedededededededededededededed0d +sub1: f67c79849de0253ba142949e1db6224b13121212121212121212121212121202 +add2: b02e8581ce62f69922427c23f970f7e951525252525252525252525252525202 +sub2: 3da570db4b001cbeb35a7b7fe588e72aaeadadadadadadadadadadadadadad0d OK From ab0932bf80006efca262f80c82ed7478fffebf1c Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 6 Jan 2019 03:50:18 +0100 Subject: [PATCH 184/190] Bump .NET version examples --- packaging/dotnet-core/README.md | 10 +++++----- packaging/dotnet-core/prepare.py | 14 +++++++------- packaging/nuget/package.config | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/packaging/dotnet-core/README.md b/packaging/dotnet-core/README.md index 0521ce3c..462ec29f 100644 --- a/packaging/dotnet-core/README.md +++ b/packaging/dotnet-core/README.md @@ -31,15 +31,15 @@ Version numbers for the packages for .NET Core consist of three components: It may be necessary to release more than one package for a libsodium version, e.g., when adding support for a new platform or if a release contains a broken binary. In this case, a package revision number is added as a fourth part to - the libsodium version, starting at `1`. For example, `1.0.16` is the initial - release of the package for libsodium 1.0.16 and `1.0.16.5` is the fifth + the libsodium version, starting at `1`. For example, `1.0.17` is the initial + release of the package for libsodium 1.0.17 and `1.0.17.5` is the fifth revision (sixth release) of that package. * *pre-release label* If a package is a pre-release, a label is appended to the version number in `-preview-##` format where `##` is the number of the pre-release, starting at - `01`. For example, `1.0.16-preview-01` is the first pre-release of the package - for libsodium 1.0.16 and `1.0.16.5-preview-02` the second pre-release of the - fifth revision of the package for libsodium 1.0.16. + `01`. For example, `1.0.17-preview-01` is the first pre-release of the package + for libsodium 1.0.17 and `1.0.17.5-preview-02` the second pre-release of the + fifth revision of the package for libsodium 1.0.17. **Making a release** diff --git a/packaging/dotnet-core/prepare.py b/packaging/dotnet-core/prepare.py index 50e6e7fa..29710d75 100755 --- a/packaging/dotnet-core/prepare.py +++ b/packaging/dotnet-core/prepare.py @@ -170,13 +170,13 @@ def main(args): print(' python3 prepare.py ') print() print('Examples:') - print(' python3 prepare.py 1.0.16-preview-01') - print(' python3 prepare.py 1.0.16-preview-02') - print(' python3 prepare.py 1.0.16-preview-03') - print(' python3 prepare.py 1.0.16') - print(' python3 prepare.py 1.0.16.1-preview-01') - print(' python3 prepare.py 1.0.16.1') - print(' python3 prepare.py 1.0.16.2') + print(' python3 prepare.py 1.0.17-preview-01') + print(' python3 prepare.py 1.0.17-preview-02') + print(' python3 prepare.py 1.0.17-preview-03') + print(' python3 prepare.py 1.0.17') + print(' python3 prepare.py 1.0.17.1-preview-01') + print(' python3 prepare.py 1.0.17.1') + print(' python3 prepare.py 1.0.17.2') return 1 version = Version(m.group(2), m.group(0)) diff --git a/packaging/nuget/package.config b/packaging/nuget/package.config index ffac6538..3e678873 100644 --- a/packaging/nuget/package.config +++ b/packaging/nuget/package.config @@ -1,4 +1,4 @@ - + From 358767f238970ffb4ab4e397e46eca2a812bdef0 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 6 Jan 2019 04:31:44 +0100 Subject: [PATCH 185/190] Set nonce in randombytes_salsa20_random_stir() instead of random_init() --- .../randombytes/salsa20/randombytes_salsa20_random.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c index 8858713c..64c4cec5 100644 --- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +++ b/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c @@ -163,8 +163,6 @@ sodium_hrtime(void) static void randombytes_salsa20_random_init(void) { - stream.nonce = sodium_hrtime(); - assert(stream.nonce != (uint64_t) 0U); global.rdrand_available = sodium_runtime_has_rdrand(); } @@ -304,9 +302,7 @@ randombytes_salsa20_random_init(void) { const int errno_save = errno; - stream.nonce = sodium_hrtime(); global.rdrand_available = sodium_runtime_has_rdrand(); - assert(stream.nonce != (uint64_t) 0U); # ifdef HAVE_SAFE_ARC4RANDOM errno = errno_save; @@ -342,6 +338,8 @@ randombytes_salsa20_random_init(void) static void randombytes_salsa20_random_stir(void) { + stream.nonce = sodium_hrtime(); + assert(stream.nonce != (uint64_t) 0U); memset(stream.rnd32, 0, sizeof stream.rnd32); stream.rnd32_outleft = (size_t) 0U; if (global.initialized == 0) { From 0157a378ca9ff9093bcb04e24a1ef7d20849b2cb Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 6 Jan 2019 04:45:50 +0100 Subject: [PATCH 186/190] Enable -ftls-model=global-dynamic if available --- configure.ac | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure.ac b/configure.ac index 3cb79e66..ee2e6b50 100644 --- a/configure.ac +++ b/configure.ac @@ -211,6 +211,9 @@ AC_CHECK_DEFINE([_FORTIFY_SOURCE], [], [ AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [CFLAGS="$CFLAGS -fvisibility=hidden"]) +AX_CHECK_COMPILE_FLAG([-ftls-model=global-dynamic], + [CFLAGS="$CFLAGS -ftls-model=global-dynamic"]) + AS_CASE([$host_os], [cygwin*|mingw*|msys|pw32*|cegcc*], [ ], [ AX_CHECK_COMPILE_FLAG([-fPIC], [CFLAGS="$CFLAGS -fPIC"]) ]) From 79d6a211b2ca3e382bc3b53d682d4a3595189c86 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 6 Jan 2019 04:52:41 +0100 Subject: [PATCH 187/190] Set tls-model only if TLS is supported --- configure.ac | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index ee2e6b50..9f0f4b67 100644 --- a/configure.ac +++ b/configure.ac @@ -211,9 +211,6 @@ AC_CHECK_DEFINE([_FORTIFY_SOURCE], [], [ AX_CHECK_COMPILE_FLAG([-fvisibility=hidden], [CFLAGS="$CFLAGS -fvisibility=hidden"]) -AX_CHECK_COMPILE_FLAG([-ftls-model=global-dynamic], - [CFLAGS="$CFLAGS -ftls-model=global-dynamic"]) - AS_CASE([$host_os], [cygwin*|mingw*|msys|pw32*|cegcc*], [ ], [ AX_CHECK_COMPILE_FLAG([-fPIC], [CFLAGS="$CFLAGS -fPIC"]) ]) @@ -340,7 +337,9 @@ AX_CHECK_CATCHABLE_SEGV AX_CHECK_CATCHABLE_ABRT AS_IF([test "x$with_threads" = "xyes"], [ - AX_TLS([AC_MSG_RESULT(thread local storage is supported)], + AX_TLS([AC_MSG_RESULT(thread local storage is supported) + AX_CHECK_COMPILE_FLAG([-ftls-model=global-dynamic], + [CFLAGS="$CFLAGS -ftls-model=global-dynamic"])], [AC_MSG_RESULT(thread local storage is not supported)]) ]) LT_INIT From 462e9a648be4e25961b586e79df0b9a8d24a7e9a Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 6 Jan 2019 05:04:34 +0100 Subject: [PATCH 188/190] local-dynamic is enough --- configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.ac b/configure.ac index 9f0f4b67..6d7c6ea4 100644 --- a/configure.ac +++ b/configure.ac @@ -338,8 +338,8 @@ AX_CHECK_CATCHABLE_ABRT AS_IF([test "x$with_threads" = "xyes"], [ AX_TLS([AC_MSG_RESULT(thread local storage is supported) - AX_CHECK_COMPILE_FLAG([-ftls-model=global-dynamic], - [CFLAGS="$CFLAGS -ftls-model=global-dynamic"])], + AX_CHECK_COMPILE_FLAG([-ftls-model=local-dynamic], + [CFLAGS="$CFLAGS -ftls-model=local-dynamic"])], [AC_MSG_RESULT(thread local storage is not supported)]) ]) LT_INIT From 0cf74a31045566f1c9737ebdc6a791d6fefd7791 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 6 Jan 2019 14:42:47 +0100 Subject: [PATCH 189/190] 2019 --- packaging/dotnet-core/libsodium.props | 2 +- packaging/nuget/package.gsl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/packaging/dotnet-core/libsodium.props b/packaging/dotnet-core/libsodium.props index b72266ef..32a1c0f5 100644 --- a/packaging/dotnet-core/libsodium.props +++ b/packaging/dotnet-core/libsodium.props @@ -15,7 +15,7 @@ Frank Denis Internal implementation package not meant for direct consumption. Please do not reference directly. - © 2013-2017 Frank Denis + © 2013-2019 Frank Denis true https://raw.githubusercontent.com/jedisct1/libsodium/master/LICENSE https://libsodium.org/ diff --git a/packaging/nuget/package.gsl b/packaging/nuget/package.gsl index b1b0aa24..5b255e5e 100644 --- a/packaging/nuget/package.gsl +++ b/packaging/nuget/package.gsl @@ -27,7 +27,7 @@ Sodium is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API. Portable fork of NaCl, packaged for Visual Studio 2013 (v120) and CTP_Nov2013 compilers. https://raw.github.com/jedisct1/libsodium/master/ChangeLog - (c) 2013-2017, Frank Denis (attribution required) + (c) 2013-2019, Frank Denis (attribution required) native, NaCl, salt, sodium, libsodium, C++ .for dependency @@ -257,4 +257,4 @@ - \ No newline at end of file + From a75c1370208735a5c3840fe46e2e7cf36d448c90 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 6 Jan 2019 15:38:24 +0100 Subject: [PATCH 190/190] fileinput is not used any more --- regen-msvc/regen-msvc.py | 1 - 1 file changed, 1 deletion(-) diff --git a/regen-msvc/regen-msvc.py b/regen-msvc/regen-msvc.py index 726eed70..d32fbe04 100755 --- a/regen-msvc/regen-msvc.py +++ b/regen-msvc/regen-msvc.py @@ -1,6 +1,5 @@ #! /usr/bin/env python3 -import fileinput import glob import os import uuid