diff --git a/.gitignore b/.gitignore index 841c82bb..c842285d 100644 --- a/.gitignore +++ b/.gitignore @@ -58,6 +58,7 @@ libsodium-nativeclient libsodium-nativeclient-* libsodium-osx libsodium-uninstalled.pc +libsodium-wasm32-wasi libsodium-win32 libsodium-win64 libsodium.pc @@ -108,6 +109,7 @@ test/default/core4 test/default/core5 test/default/core6 test/default/core_ed25519 +test/default/core_ristretto255 test/default/ed25519_convert test/default/generichash test/default/generichash2 @@ -134,6 +136,7 @@ test/default/scalarmult6 test/default/scalarmult7 test/default/scalarmult8 test/default/scalarmult_ed25519 +test/default/scalarmult_ristretto255 test/default/secretbox test/default/secretbox2 test/default/secretbox7 diff --git a/.travis.yml b/.travis.yml index c0e7c022..291271c7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,25 +12,25 @@ compiler: install: - ./autogen.sh - - env CC=tcc CFLAGS='-w' ./configure --prefix=/tmp --disable-dependency-tracking --disable-shared || cat config.log + - env CC=tcc CFLAGS='-w' CPPFLAGS="-DDEV_MODE=1" ./configure --prefix=/tmp --disable-dependency-tracking --disable-shared || cat config.log - make -j $(nproc) && make check && make install - env CC=tcc CPPFLAGS='-I/tmp/include' LDFLAGS='-L/tmp/lib' LD_LIBRARY_PATH='/tmp/lib' ./test/constcheck.sh - make uninstall - make distclean script: - - ./configure --disable-dependency-tracking + - env CPPFLAGS="-DDEV_MODE=1" ./configure --disable-dependency-tracking - if [ "$TRAVIS_OS_NAME" = 'linux' -a "$CC" = 'gcc' ]; then make -j $(nproc) CFLAGS='-g0' > /dev/null && cp src/libsodium/.libs/libsodium.so lib.so && make clean > /dev/null && make CFLAGS='-g0' CPPFLAGS='-DSODIUM_C99\(X\)=' > /dev/null && cp src/libsodium/.libs/libsodium.so lib-oldc.so && cmp lib.so lib-oldc.so && echo No binary changes && make clean > /dev/null ; fi - make distcheck - make distclean > /dev/null - - ./configure --disable-dependency-tracking --enable-minimal + - CPPFLAGS="-DDEV_MODE=1" ./configure --disable-dependency-tracking --enable-minimal - make -j $(nproc) - make check - ( echo '#include ' ; echo 'int main(void) { return sodium_init(); }' ) > /tmp/main.c && gcc -Isrc/libsodium/include -Isrc/libsodium/include/sodium $(find src -name '*.c' -o -name '*.S') /tmp/main.c - make distclean > /dev/null after_success: - - ./configure --disable-dependency-tracking --host=powerpc-linux-gnu + - CPPFLAGS="-DDEV_MODE=1" ./configure --disable-dependency-tracking --host=powerpc-linux-gnu - make -j $(nproc) - env QEMU_LD_PREFIX=/usr/powerpc-linux-gnu make check - make clean > /dev/null diff --git a/AUTHORS b/AUTHORS index 39e55f62..f4a4b9d8 100644 --- a/AUTHORS +++ b/AUTHORS @@ -28,6 +28,13 @@ ed25519 Daniel J. Bernstein poly1305 Daniel J. Bernstein +ristretto Mike Hamburg + Henry de Valence + Jack Grigg + George Tankersley + Filippo Valsorda + Isis Lovecruft + salsa20 Daniel J. Bernstein scrypt Colin Percival @@ -56,6 +63,7 @@ crypto_box/curve25519xchacha20poly1305 Frank Denis crypto_core/ed25519 Daniel J. Bernstein Adam Langley + Frank Denis crypto_core/hchacha20 Frank Denis @@ -93,6 +101,8 @@ crypto_scalarmult/curve25519/sandy2x Tung Chou crypto_scalarmult/ed25519 Frank Denis +crypto_scalarmult/ristretto255 Frank Denis + crypto_secretbox/xsalsa20poly1305 Daniel J. Bernstein crypto_secretbox/xchacha20poly1305 Frank Denis diff --git a/ChangeLog b/ChangeLog index 22702276..e6969338 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,33 @@ +* Version 1.0.18 + - The Enterprise versions of Visual Studio are now supported. + - Visual Studio 2019 is now supported. + - 32-bit binaries for Visual Studio 2010 are now provided. + - A test that didn't work properly on Linux systems with overcommit +memory turned on has been removed. This fixes Ansible builds. + - Emscripten: `print` and `printErr` functions are overridden to send +errors to the console, if there is one. + - Emscripten: `UTF8ToString()` is now exported since `Pointer_stringify()` +has been deprecated. + - Libsodium version detection has been fixed in the CMake recipe. + - Generic hashing got a 10% speedup on AVX2. + - New target: WebAssembly/WASI (compile with `dist-builds/wasm32-wasi.sh`). + - New functions to map a hash to an edwards25519 point or get a random point: +`core_ed25519_from_hash()` and `core_ed25519_random()`. + - `crypto_core_ed25519_scalar_mul()` has been implemented for `scalar*scalar` +`(mod L)` multiplication. + - Support for the Ristretto group has been implemented, for compatibility +with wasm-crypto. + - Improvements have been made to the test suite. + - Portability improvements has been made. + - `getentropy()` is now used on systems providing this system call. + - `randombytes_salsa20 has been renamed to `randombytes_internal`. + - Support for (p)nacl has been removed. + - Most `((nonnull))` attributes have been relaxed to allow 0-length inputs +to be `NULL`. + - The `-ftree-vectorize` and `-ftree-slp-vectorize` compiler switches are +now used, if available, for optimized builds. + * Version 1.0.17 - Bug fix: `sodium_pad()` didn't properly support block sizes >= 256 bytes. - JS/WebAssembly: some old iOS versions can't instantiate the WebAssembly diff --git a/appveyor.yml b/appveyor.yml index 85f1b2e4..5fdcdc8a 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -1,4 +1,4 @@ -version: 1.0.17.{build} +version: 1.0.18.{build} os: Visual Studio 2017 diff --git a/azure-pipelines.yml b/azure-pipelines.yml index 754f1140..b688459b 100644 --- a/azure-pipelines.yml +++ b/azure-pipelines.yml @@ -5,6 +5,33 @@ trigger: pr: none jobs: + - job: "wasi" + pool: + vmImage: "ubuntu-16.04" + steps: + - script: | + sudo apt-get install build-essential curl cmake + displayName: Install system packages + - script: | + curl https://sh.rustup.rs -sSf | sh -s -- -y + source ${HOME}/.cargo/env + git clone --recursive https://github.com/wasmerio/wasmer.git + (cd wasmer && cargo install --path .) + displayName: Install wasmer + - script: | + curl -sL -o wasi-sdk.deb https://github.com/CraneStation/wasi-sdk/releases/download/wasi-sdk-5/wasi-sdk_5.0_amd64.deb + sudo dpkg -i wasi-sdk.deb && rm -f wasi-sdk.deb + sudo ln -s /opt/wasi-sdk/share/*sysroot* /opt/wasi-sysroot + displayName: Install the WASI SDK + - script: | + env PATH=/opt/wasi-sdk/bin:${HOME}/.cargo/bin:$PATH dist-build/wasm32-wasi.sh + displayName: Compile libsodium + - task: PublishBuildArtifacts@1 + condition: not(canceled()) + inputs: + pathToPublish: libsodium-wasm32-wasi + artifactName: libsodium-wasm32-wasi + - job: "windows" pool: vmImage: "windows-2019" diff --git a/builds/msvc/resource.rc b/builds/msvc/resource.rc index db9c5226..feb27d5a 100644 --- a/builds/msvc/resource.rc +++ b/builds/msvc/resource.rc @@ -4,8 +4,8 @@ #include "windows.h" //specify the version numbers for the dll's -#define LIBSODIUM_VERSION_STRING "1.0.17.0" -#define LIBSODIUM_VERSION_BIN 1,0,17,0 +#define LIBSODIUM_VERSION_STRING "1.0.18.0" +#define LIBSODIUM_VERSION_BIN 1,0,18,0 //specify the product name for the dlls based on the platform we are compiling for #if defined(x64) diff --git a/builds/msvc/version.h b/builds/msvc/version.h index 031d298f..174d9921 100644 --- a/builds/msvc/version.h +++ b/builds/msvc/version.h @@ -4,10 +4,10 @@ #include "export.h" -#define SODIUM_VERSION_STRING "1.0.17" +#define SODIUM_VERSION_STRING "1.0.18" #define SODIUM_LIBRARY_VERSION_MAJOR 10 -#define SODIUM_LIBRARY_VERSION_MINOR 2 +#define SODIUM_LIBRARY_VERSION_MINOR 3 #ifdef __cplusplus extern "C" { diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj b/builds/msvc/vs2010/libsodium/libsodium.vcxproj index ec340a17..ad3cb086 100644 --- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj @@ -126,6 +126,7 @@ + @@ -138,8 +139,7 @@ - - + @@ -181,6 +181,7 @@ + @@ -200,7 +201,6 @@ - @@ -210,6 +210,7 @@ + @@ -217,6 +218,7 @@ + @@ -227,7 +229,6 @@ - @@ -246,6 +247,7 @@ + diff --git a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters index 079094b9..055b7476 100644 --- a/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters @@ -171,6 +171,9 @@ crypto_scalarmult + + crypto_scalarmult\ristretto255\ref10 + crypto_scalarmult\ed25519\ref10 @@ -207,11 +210,8 @@ randombytes\sysrandom - - randombytes\salsa20 - - - randombytes\nativeclient + + randombytes\internal crypto_box @@ -336,6 +336,9 @@ crypto_core\ed25519 + + crypto_core\ed25519 + crypto_core\ed25519\ref10 @@ -389,9 +392,6 @@ include\sodium - - include\sodium - include\sodium @@ -419,6 +419,9 @@ include\sodium + + include\sodium + include\sodium @@ -440,6 +443,9 @@ include\sodium + + include\sodium + include\sodium @@ -470,9 +476,6 @@ include\sodium - - include\sodium - include\sodium @@ -527,6 +530,9 @@ include\sodium + + include\sodium + include\sodium @@ -880,6 +886,12 @@ {834d4827-81e4-3de3-baa1-a216763f11d6} + + {52bf28eb-7ffd-399a-be35-0df3e8e99c15} + + + {39cc576f-4b54-3d71-b14c-27445bc4b138} + {b9b02bee-5c1f-36d2-b97d-983f865a4cc6} @@ -973,11 +985,8 @@ {ef090484-4db4-3dc2-aca7-c59bab1db23b} - - {fd98b90f-ba7b-3aa0-a505-935c82ca8023} - - - {7450ec6e-c197-3798-9434-1b46c8c4d9af} + + {14c126fd-bb91-37ea-b807-b60c386be601} {ac56c38f-7e17-3b79-bf47-58e9476b3b89} diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj b/builds/msvc/vs2012/libsodium/libsodium.vcxproj index f140d161..0954d10b 100644 --- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj @@ -126,6 +126,7 @@ + @@ -138,8 +139,7 @@ - - + @@ -181,6 +181,7 @@ + @@ -200,7 +201,6 @@ - @@ -210,6 +210,7 @@ + @@ -217,6 +218,7 @@ + @@ -227,7 +229,6 @@ - @@ -246,6 +247,7 @@ + diff --git a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters index 079094b9..055b7476 100644 --- a/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters @@ -171,6 +171,9 @@ crypto_scalarmult + + crypto_scalarmult\ristretto255\ref10 + crypto_scalarmult\ed25519\ref10 @@ -207,11 +210,8 @@ randombytes\sysrandom - - randombytes\salsa20 - - - randombytes\nativeclient + + randombytes\internal crypto_box @@ -336,6 +336,9 @@ crypto_core\ed25519 + + crypto_core\ed25519 + crypto_core\ed25519\ref10 @@ -389,9 +392,6 @@ include\sodium - - include\sodium - include\sodium @@ -419,6 +419,9 @@ include\sodium + + include\sodium + include\sodium @@ -440,6 +443,9 @@ include\sodium + + include\sodium + include\sodium @@ -470,9 +476,6 @@ include\sodium - - include\sodium - include\sodium @@ -527,6 +530,9 @@ include\sodium + + include\sodium + include\sodium @@ -880,6 +886,12 @@ {834d4827-81e4-3de3-baa1-a216763f11d6} + + {52bf28eb-7ffd-399a-be35-0df3e8e99c15} + + + {39cc576f-4b54-3d71-b14c-27445bc4b138} + {b9b02bee-5c1f-36d2-b97d-983f865a4cc6} @@ -973,11 +985,8 @@ {ef090484-4db4-3dc2-aca7-c59bab1db23b} - - {fd98b90f-ba7b-3aa0-a505-935c82ca8023} - - - {7450ec6e-c197-3798-9434-1b46c8c4d9af} + + {14c126fd-bb91-37ea-b807-b60c386be601} {ac56c38f-7e17-3b79-bf47-58e9476b3b89} diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj b/builds/msvc/vs2013/libsodium/libsodium.vcxproj index cddd4ad6..91d7a7c7 100644 --- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj @@ -126,6 +126,7 @@ + @@ -138,8 +139,7 @@ - - + @@ -181,6 +181,7 @@ + @@ -200,7 +201,6 @@ - @@ -210,6 +210,7 @@ + @@ -217,6 +218,7 @@ + @@ -227,7 +229,6 @@ - @@ -246,6 +247,7 @@ + diff --git a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters index 079094b9..055b7476 100644 --- a/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters @@ -171,6 +171,9 @@ crypto_scalarmult + + crypto_scalarmult\ristretto255\ref10 + crypto_scalarmult\ed25519\ref10 @@ -207,11 +210,8 @@ randombytes\sysrandom - - randombytes\salsa20 - - - randombytes\nativeclient + + randombytes\internal crypto_box @@ -336,6 +336,9 @@ crypto_core\ed25519 + + crypto_core\ed25519 + crypto_core\ed25519\ref10 @@ -389,9 +392,6 @@ include\sodium - - include\sodium - include\sodium @@ -419,6 +419,9 @@ include\sodium + + include\sodium + include\sodium @@ -440,6 +443,9 @@ include\sodium + + include\sodium + include\sodium @@ -470,9 +476,6 @@ include\sodium - - include\sodium - include\sodium @@ -527,6 +530,9 @@ include\sodium + + include\sodium + include\sodium @@ -880,6 +886,12 @@ {834d4827-81e4-3de3-baa1-a216763f11d6} + + {52bf28eb-7ffd-399a-be35-0df3e8e99c15} + + + {39cc576f-4b54-3d71-b14c-27445bc4b138} + {b9b02bee-5c1f-36d2-b97d-983f865a4cc6} @@ -973,11 +985,8 @@ {ef090484-4db4-3dc2-aca7-c59bab1db23b} - - {fd98b90f-ba7b-3aa0-a505-935c82ca8023} - - - {7450ec6e-c197-3798-9434-1b46c8c4d9af} + + {14c126fd-bb91-37ea-b807-b60c386be601} {ac56c38f-7e17-3b79-bf47-58e9476b3b89} diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj b/builds/msvc/vs2015/libsodium/libsodium.vcxproj index 230086a9..f97869dd 100644 --- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj @@ -126,6 +126,7 @@ + @@ -138,8 +139,7 @@ - - + @@ -181,6 +181,7 @@ + @@ -200,7 +201,6 @@ - @@ -210,6 +210,7 @@ + @@ -217,6 +218,7 @@ + @@ -227,7 +229,6 @@ - @@ -246,6 +247,7 @@ + diff --git a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters index 079094b9..055b7476 100644 --- a/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters @@ -171,6 +171,9 @@ crypto_scalarmult + + crypto_scalarmult\ristretto255\ref10 + crypto_scalarmult\ed25519\ref10 @@ -207,11 +210,8 @@ randombytes\sysrandom - - randombytes\salsa20 - - - randombytes\nativeclient + + randombytes\internal crypto_box @@ -336,6 +336,9 @@ crypto_core\ed25519 + + crypto_core\ed25519 + crypto_core\ed25519\ref10 @@ -389,9 +392,6 @@ include\sodium - - include\sodium - include\sodium @@ -419,6 +419,9 @@ include\sodium + + include\sodium + include\sodium @@ -440,6 +443,9 @@ include\sodium + + include\sodium + include\sodium @@ -470,9 +476,6 @@ include\sodium - - include\sodium - include\sodium @@ -527,6 +530,9 @@ include\sodium + + include\sodium + include\sodium @@ -880,6 +886,12 @@ {834d4827-81e4-3de3-baa1-a216763f11d6} + + {52bf28eb-7ffd-399a-be35-0df3e8e99c15} + + + {39cc576f-4b54-3d71-b14c-27445bc4b138} + {b9b02bee-5c1f-36d2-b97d-983f865a4cc6} @@ -973,11 +985,8 @@ {ef090484-4db4-3dc2-aca7-c59bab1db23b} - - {fd98b90f-ba7b-3aa0-a505-935c82ca8023} - - - {7450ec6e-c197-3798-9434-1b46c8c4d9af} + + {14c126fd-bb91-37ea-b807-b60c386be601} {ac56c38f-7e17-3b79-bf47-58e9476b3b89} diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj b/builds/msvc/vs2017/libsodium/libsodium.vcxproj index 8a175e0b..b216959d 100644 --- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj @@ -126,6 +126,7 @@ + @@ -138,8 +139,7 @@ - - + @@ -181,6 +181,7 @@ + @@ -200,7 +201,6 @@ - @@ -210,6 +210,7 @@ + @@ -217,6 +218,7 @@ + @@ -227,7 +229,6 @@ - @@ -246,6 +247,7 @@ + diff --git a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters index 079094b9..055b7476 100644 --- a/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters @@ -171,6 +171,9 @@ crypto_scalarmult + + crypto_scalarmult\ristretto255\ref10 + crypto_scalarmult\ed25519\ref10 @@ -207,11 +210,8 @@ randombytes\sysrandom - - randombytes\salsa20 - - - randombytes\nativeclient + + randombytes\internal crypto_box @@ -336,6 +336,9 @@ crypto_core\ed25519 + + crypto_core\ed25519 + crypto_core\ed25519\ref10 @@ -389,9 +392,6 @@ include\sodium - - include\sodium - include\sodium @@ -419,6 +419,9 @@ include\sodium + + include\sodium + include\sodium @@ -440,6 +443,9 @@ include\sodium + + include\sodium + include\sodium @@ -470,9 +476,6 @@ include\sodium - - include\sodium - include\sodium @@ -527,6 +530,9 @@ include\sodium + + include\sodium + include\sodium @@ -880,6 +886,12 @@ {834d4827-81e4-3de3-baa1-a216763f11d6} + + {52bf28eb-7ffd-399a-be35-0df3e8e99c15} + + + {39cc576f-4b54-3d71-b14c-27445bc4b138} + {b9b02bee-5c1f-36d2-b97d-983f865a4cc6} @@ -973,11 +985,8 @@ {ef090484-4db4-3dc2-aca7-c59bab1db23b} - - {fd98b90f-ba7b-3aa0-a505-935c82ca8023} - - - {7450ec6e-c197-3798-9434-1b46c8c4d9af} + + {14c126fd-bb91-37ea-b807-b60c386be601} {ac56c38f-7e17-3b79-bf47-58e9476b3b89} diff --git a/builds/msvc/vs2019/libsodium/libsodium.vcxproj b/builds/msvc/vs2019/libsodium/libsodium.vcxproj index 62ffdb1d..ce824a9c 100644 --- a/builds/msvc/vs2019/libsodium/libsodium.vcxproj +++ b/builds/msvc/vs2019/libsodium/libsodium.vcxproj @@ -126,6 +126,7 @@ + @@ -138,8 +139,7 @@ - - + @@ -181,6 +181,7 @@ + @@ -200,7 +201,6 @@ - @@ -210,6 +210,7 @@ + @@ -217,6 +218,7 @@ + @@ -227,7 +229,6 @@ - @@ -246,6 +247,7 @@ + diff --git a/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters b/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters index 079094b9..055b7476 100644 --- a/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters +++ b/builds/msvc/vs2019/libsodium/libsodium.vcxproj.filters @@ -171,6 +171,9 @@ crypto_scalarmult + + crypto_scalarmult\ristretto255\ref10 + crypto_scalarmult\ed25519\ref10 @@ -207,11 +210,8 @@ randombytes\sysrandom - - randombytes\salsa20 - - - randombytes\nativeclient + + randombytes\internal crypto_box @@ -336,6 +336,9 @@ crypto_core\ed25519 + + crypto_core\ed25519 + crypto_core\ed25519\ref10 @@ -389,9 +392,6 @@ include\sodium - - include\sodium - include\sodium @@ -419,6 +419,9 @@ include\sodium + + include\sodium + include\sodium @@ -440,6 +443,9 @@ include\sodium + + include\sodium + include\sodium @@ -470,9 +476,6 @@ include\sodium - - include\sodium - include\sodium @@ -527,6 +530,9 @@ include\sodium + + include\sodium + include\sodium @@ -880,6 +886,12 @@ {834d4827-81e4-3de3-baa1-a216763f11d6} + + {52bf28eb-7ffd-399a-be35-0df3e8e99c15} + + + {39cc576f-4b54-3d71-b14c-27445bc4b138} + {b9b02bee-5c1f-36d2-b97d-983f865a4cc6} @@ -973,11 +985,8 @@ {ef090484-4db4-3dc2-aca7-c59bab1db23b} - - {fd98b90f-ba7b-3aa0-a505-935c82ca8023} - - - {7450ec6e-c197-3798-9434-1b46c8c4d9af} + + {14c126fd-bb91-37ea-b807-b60c386be601} {ac56c38f-7e17-3b79-bf47-58e9476b3b89} diff --git a/configure b/configure index 111ad840..6063204a 100755 --- a/configure +++ b/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libsodium 1.0.17. +# Generated by GNU Autoconf 2.69 for libsodium 1.0.18. # # Report bugs to . # @@ -590,8 +590,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libsodium' PACKAGE_TARNAME='libsodium' -PACKAGE_VERSION='1.0.17' -PACKAGE_STRING='libsodium 1.0.17' +PACKAGE_VERSION='1.0.18' +PACKAGE_STRING='libsodium 1.0.18' PACKAGE_BUGREPORT='https://github.com/jedisct1/libsodium/issues' PACKAGE_URL='https://github.com/jedisct1/libsodium' @@ -639,8 +639,8 @@ LIBOBJS HAVE_LD_OUTPUT_DEF_FALSE HAVE_LD_OUTPUT_DEF_TRUE AS -NATIVECLIENT_FALSE -NATIVECLIENT_TRUE +WASI_FALSE +WASI_TRUE EMSCRIPTEN_FALSE EMSCRIPTEN_TRUE TEST_LDFLAGS @@ -1401,7 +1401,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libsodium 1.0.17 to adapt to many kinds of systems. +\`configure' configures libsodium 1.0.18 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1471,7 +1471,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libsodium 1.0.17:";; + short | recursive ) echo "Configuration of libsodium 1.0.18:";; esac cat <<\_ACEOF @@ -1492,7 +1492,7 @@ Optional Features: --disable-asm Do not compile assembly code -- As a side effect, this disables CPU-specific implementations on non-Windows platforms. Only for use with targets - such as WebAssembly and NativeClient. + such as WebAssembly. --disable-pie Do not produce position independent executables --enable-blocking-random Enable this switch only if /dev/urandom is totally @@ -1622,7 +1622,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libsodium configure 1.0.17 +libsodium configure 1.0.18 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2045,7 +2045,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libsodium $as_me 1.0.17, which was +It was created by libsodium $as_me 1.0.18, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2981,7 +2981,7 @@ fi # Define the identity of the package. PACKAGE='libsodium' - VERSION='1.0.17' + VERSION='1.0.18' cat >>confdefs.h <<_ACEOF @@ -3275,9 +3275,9 @@ fi SODIUM_LIBRARY_VERSION_MAJOR=10 -SODIUM_LIBRARY_VERSION_MINOR=2 -DLL_VERSION=23 -SODIUM_LIBRARY_VERSION=25:0:2 +SODIUM_LIBRARY_VERSION_MINOR=3 +DLL_VERSION=24 +SODIUM_LIBRARY_VERSION=26:0:3 # | | | # +------+ | +---+ # | | | @@ -4414,13 +4414,6 @@ $as_echo "$as_me: WARNING: EMSCRIPTEN environment variable defined, but emcc doe fi -fi -if test "$host_os" = "nacl" -o "$host_os" = "pnacl"; then : - - enable_asm="no" - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: compiling to Native Client - asm implementations disabled" >&5 -$as_echo "$as_me: WARNING: compiling to Native Client - asm implementations disabled" >&2;} - fi # Check whether --enable-pie was given. @@ -6875,9 +6868,9 @@ $as_echo "#define HAVE_C_VARARRAYS 1" >>confdefs.h -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __native_client__ defined" >&5 -$as_echo_n "checking for __native_client__ defined... " >&6; } -if ${ac_cv_defined___native_client__+:} false; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for __wasi__ defined" >&5 +$as_echo_n "checking for __wasi__ defined... " >&6; } +if ${ac_cv_defined___wasi__+:} false; then : $as_echo_n "(cached) " >&6 else cat confdefs.h - <<_ACEOF >conftest.$ac_ext @@ -6887,7 +6880,7 @@ int main () { - #ifdef __native_client__ + #ifdef __wasi__ int ok; #else choke me @@ -6898,16 +6891,16 @@ main () } _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - ac_cv_defined___native_client__=yes + ac_cv_defined___wasi__=yes else - ac_cv_defined___native_client__=no + ac_cv_defined___wasi__=no fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_defined___native_client__" >&5 -$as_echo "$ac_cv_defined___native_client__" >&6; } -if test $ac_cv_defined___native_client__ != "no"; then : - NATIVECLIENT="yes" +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_defined___wasi__" >&5 +$as_echo "$ac_cv_defined___wasi__" >&6; } +if test $ac_cv_defined___wasi__ != "no"; then : + WASI="yes" fi @@ -16799,7 +16792,7 @@ fi -if test "x$EMSCRIPTEN" = "x" -a "$host_os" != "pnacl"; then : +if test "x$EMSCRIPTEN" = "x"; then : oldcflags="$CFLAGS" @@ -17359,9 +17352,6 @@ $as_echo_n "checking for AVX instructions set... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __native_client__ -# error NativeClient detected - Avoiding AVX opcodes -#endif #pragma GCC target("avx") #include @@ -17464,9 +17454,6 @@ $as_echo_n "checking for AVX2 instructions set... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __native_client__ -# error NativeClient detected - Avoiding AVX2 opcodes -#endif #pragma GCC target("avx2") #include @@ -17529,9 +17516,6 @@ $as_echo_n "checking if _mm256_broadcastsi128_si256 is correctly defined... " >& cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __native_client__ -# error NativeClient detected - Avoiding AVX2 opcodes -#endif #pragma GCC target("avx2") #include @@ -17604,9 +17588,6 @@ $as_echo_n "checking for AVX512F instructions set... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __native_client__ -# error NativeClient detected - Avoiding AVX512F opcodes -#endif #pragma GCC target("avx512f") #include @@ -17800,9 +17781,6 @@ $as_echo_n "checking for AESNI instructions set and PCLMULQDQ... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __native_client__ -# error NativeClient detected - Avoiding AESNI opcodes -#endif #pragma GCC target("aes") #pragma GCC target("pclmul") #include @@ -17944,9 +17922,6 @@ $as_echo_n "checking for RDRAND... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#ifdef __native_client__ -# error NativeClient detected - Avoiding RDRAND opcodes -#endif #pragma GCC target("rdrnd") #include @@ -18023,7 +17998,7 @@ fi -for ac_header in sys/mman.h intrin.h +for ac_header in sys/mman.h sys/random.h intrin.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" @@ -18572,7 +18547,7 @@ fi HAVE_CPUID_V=0 -if test "$enable_asm" != "no" -o "$host_alias" = "x86_64-nacl"; then : +if test "$enable_asm" != "no"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cpuid instruction" >&5 $as_echo_n "checking for cpuid instruction... " >&6; } @@ -18610,7 +18585,7 @@ fi asm_hide_symbol="unsupported" -if test "$enable_asm" != "no" -o "$host_os" = "nacl"; then : +if test "$enable_asm" != "no"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the .private_extern asm directive is supported" >&5 $as_echo_n "checking if the .private_extern asm directive is supported... " >&6; } @@ -19014,7 +18989,7 @@ _ACEOF fi done - for ac_func in mmap mlock madvise mprotect memset_s explicit_bzero explicit_memset nanosleep + for ac_func in mmap mlock madvise mprotect do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -19027,8 +19002,116 @@ fi done + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getrandom with a standard API" >&5 +$as_echo_n "checking for getrandom with a standard API... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef HAVE_UNISTD_H +# include +#endif +#ifdef HAVE_SYS_RANDOM_H +# include +#endif + +int +main () +{ + +unsigned char buf; +(void) getrandom((void *) &buf, 1U, 0U); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + for ac_func in getrandom +do : + ac_fn_c_check_func "$LINENO" "getrandom" "ac_cv_func_getrandom" +if test "x$ac_cv_func_getrandom" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETRANDOM 1 +_ACEOF + fi -for ac_func in posix_memalign getpid +done + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getentropy with a standard API" >&5 +$as_echo_n "checking for getentropy with a standard API... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef HAVE_UNISTD_H +# include +#endif +#ifdef HAVE_SYS_RANDOM_H +# include +#endif + +int +main () +{ + +#ifdef __APPLE__ +# error getentropy() is currently disabled on Apple operating systems +#endif + +unsigned char buf; +(void) getentropy((void *) &buf, 1U); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + for ac_func in getentropy +do : + ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy" +if test "x$ac_cv_func_getentropy" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETENTROPY 1 +_ACEOF + +fi +done + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +for ac_func in posix_memalign getpid nanosleep +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +for ac_func in memset_s explicit_bzero explicit_memset do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -19059,13 +19142,12 @@ else EMSCRIPTEN_FALSE= fi - - if test "x$NATIVECLIENT" != "x"; then - NATIVECLIENT_TRUE= - NATIVECLIENT_FALSE='#' + if test "x$WASI" != "x"; then + WASI_TRUE= + WASI_FALSE='#' else - NATIVECLIENT_TRUE='#' - NATIVECLIENT_FALSE= + WASI_TRUE='#' + WASI_FALSE= fi @@ -19629,8 +19711,8 @@ if test -z "${EMSCRIPTEN_TRUE}" && test -z "${EMSCRIPTEN_FALSE}"; then as_fn_error $? "conditional \"EMSCRIPTEN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${NATIVECLIENT_TRUE}" && test -z "${NATIVECLIENT_FALSE}"; then - as_fn_error $? "conditional \"NATIVECLIENT\" was never defined. +if test -z "${WASI_TRUE}" && test -z "${WASI_FALSE}"; then + as_fn_error $? "conditional \"WASI\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${HAVE_LD_OUTPUT_DEF_TRUE}" && test -z "${HAVE_LD_OUTPUT_DEF_FALSE}"; then @@ -20034,7 +20116,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libsodium $as_me 1.0.17, which was +This file was extended by libsodium $as_me 1.0.18, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -20092,7 +20174,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libsodium config.status 1.0.17 +libsodium config.status 1.0.18 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git a/configure.ac b/configure.ac index 8873a7d5..9e2de27c 100644 --- a/configure.ac +++ b/configure.ac @@ -1,5 +1,5 @@ AC_PREREQ([2.65]) -AC_INIT([libsodium],[1.0.17], +AC_INIT([libsodium],[1.0.18], [https://github.com/jedisct1/libsodium/issues], [libsodium], [https://github.com/jedisct1/libsodium]) @@ -15,9 +15,9 @@ AM_DEP_TRACK AC_SUBST(VERSION) SODIUM_LIBRARY_VERSION_MAJOR=10 -SODIUM_LIBRARY_VERSION_MINOR=2 -DLL_VERSION=23 -SODIUM_LIBRARY_VERSION=25:0:2 +SODIUM_LIBRARY_VERSION_MINOR=3 +DLL_VERSION=24 +SODIUM_LIBRARY_VERSION=26:0:3 # | | | # +------+ | +---+ # | | | @@ -60,7 +60,7 @@ AC_ARG_ENABLE(ssp, ]) AC_ARG_ENABLE(asm, -[AS_HELP_STRING(--disable-asm,[Do not compile assembly code -- As a side effect, this disables CPU-specific implementations on non-Windows platforms. Only for use with targets such as WebAssembly and NativeClient.])], +[AS_HELP_STRING(--disable-asm,[Do not compile assembly code -- As a side effect, this disables CPU-specific implementations on non-Windows platforms. Only for use with targets such as WebAssembly.])], [ AS_IF([test "x$enableval" = "xno"], [ enable_asm="no" @@ -82,10 +82,6 @@ AS_IF([test "x$EMSCRIPTEN" != "x"], [ unset EMSCRIPTEN ]) ]) -AS_IF([test "$host_os" = "nacl" -o "$host_os" = "pnacl"], [ - enable_asm="no" - AC_MSG_WARN([compiling to Native Client - asm implementations disabled]) -]) AC_ARG_ENABLE(pie, [AS_HELP_STRING(--disable-pie,Do not produce position independent executables)], @@ -219,7 +215,7 @@ AM_PROG_AS AC_USE_SYSTEM_EXTENSIONS AC_C_VARARRAYS -AC_CHECK_DEFINE([__native_client__], [NATIVECLIENT="yes"], []) +AC_CHECK_DEFINE([__wasi__], [WASI="yes"], []) AC_CHECK_DEFINE([_FORTIFY_SOURCE], [], [ AX_CHECK_COMPILE_FLAG([-D_FORTIFY_SOURCE=2], @@ -368,7 +364,7 @@ AC_CHECK_TOOL([AR], [ar], [ar]) dnl Checks for headers -AS_IF([test "x$EMSCRIPTEN" = "x" -a "$host_os" != "pnacl"], [ +AS_IF([test "x$EMSCRIPTEN" = "x"], [ oldcflags="$CFLAGS" AX_CHECK_COMPILE_FLAG([-mmmx], [CFLAGS="$CFLAGS -mmmx"]) @@ -444,9 +440,6 @@ AS_IF([test "x$EMSCRIPTEN" = "x" -a "$host_os" != "pnacl"], [ AX_CHECK_COMPILE_FLAG([-mavx], [CFLAGS="$CFLAGS -mavx"]) AC_MSG_CHECKING(for AVX instructions set) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#ifdef __native_client__ -# error NativeClient detected - Avoiding AVX opcodes -#endif #pragma GCC target("avx") #include ]], [[ _mm256_zeroall(); ]])], @@ -460,9 +453,6 @@ AS_IF([test "x$EMSCRIPTEN" = "x" -a "$host_os" != "pnacl"], [ AX_CHECK_COMPILE_FLAG([-mavx2], [CFLAGS="$CFLAGS -mavx2"]) AC_MSG_CHECKING(for AVX2 instructions set) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#ifdef __native_client__ -# error NativeClient detected - Avoiding AVX2 opcodes -#endif #pragma GCC target("avx2") #include ]], [[ @@ -475,9 +465,6 @@ return _mm256_movemask_ps(_mm256_cmp_ps(x, y, _CMP_NEQ_OQ)); AX_CHECK_COMPILE_FLAG([-mavx2], [CFLAGS_AVX2="-mavx2"]) AC_MSG_CHECKING(if _mm256_broadcastsi128_si256 is correctly defined) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#ifdef __native_client__ -# error NativeClient detected - Avoiding AVX2 opcodes -#endif #pragma GCC target("avx2") #include ]], [[ __m256i y = _mm256_broadcastsi128_si256(_mm_setzero_si128()); ]])], @@ -493,9 +480,6 @@ return _mm256_movemask_ps(_mm256_cmp_ps(x, y, _CMP_NEQ_OQ)); AX_CHECK_COMPILE_FLAG([-mavx512f], [CFLAGS="$CFLAGS -mavx512f"]) AC_MSG_CHECKING(for AVX512F instructions set) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#ifdef __native_client__ -# error NativeClient detected - Avoiding AVX512F opcodes -#endif #pragma GCC target("avx512f") #include ]], [[ @@ -529,9 +513,6 @@ __m512i y = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), AX_CHECK_COMPILE_FLAG([-mpclmul], [CFLAGS="$CFLAGS -mpclmul"]) AC_MSG_CHECKING(for AESNI instructions set and PCLMULQDQ) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#ifdef __native_client__ -# error NativeClient detected - Avoiding AESNI opcodes -#endif #pragma GCC target("aes") #pragma GCC target("pclmul") #include @@ -549,9 +530,6 @@ __m512i y = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), AX_CHECK_COMPILE_FLAG([-mrdrnd], [CFLAGS="$CFLAGS -mrdrnd"]) AC_MSG_CHECKING(for RDRAND) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ -#ifdef __native_client__ -# error NativeClient detected - Avoiding RDRAND opcodes -#endif #pragma GCC target("rdrnd") #include ]], [[ unsigned long long x; _rdrand64_step(&x); ]])], @@ -576,7 +554,7 @@ AC_SUBST(CFLAGS_AESNI) AC_SUBST(CFLAGS_PCLMUL) AC_SUBST(CFLAGS_RDRAND) -AC_CHECK_HEADERS([sys/mman.h intrin.h]) +AC_CHECK_HEADERS([sys/mman.h sys/random.h intrin.h]) AC_MSG_CHECKING([if _xgetbv() is available]) AC_LINK_IFELSE( @@ -714,7 +692,7 @@ AM_CONDITIONAL([HAVE_TI_MODE], [test $HAVE_TI_MODE_V = 1]) AC_SUBST(HAVE_TI_MODE_V) HAVE_CPUID_V=0 -AS_IF([test "$enable_asm" != "no" -o "$host_alias" = "x86_64-nacl"],[ +AS_IF([test "$enable_asm" != "no"],[ AC_MSG_CHECKING(for cpuid instruction) AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ ]], [[ unsigned int cpu_info[4]; @@ -731,7 +709,7 @@ __asm__ __volatile__ ("xchgl %%ebx, %k1; cpuid; xchgl %%ebx, %k1" : AC_SUBST(HAVE_CPUID_V) asm_hide_symbol="unsupported" -AS_IF([test "$enable_asm" != "no" -o "$host_os" = "nacl"],[ +AS_IF([test "$enable_asm" != "no"],[ AC_MSG_CHECKING(if the .private_extern asm directive is supported) AC_LINK_IFELSE([AC_LANG_PROGRAM([[ ]], [[ __asm__ __volatile__ (".private_extern dummy_symbol \n" @@ -817,9 +795,50 @@ dnl Checks for functions and headers AC_FUNC_ALLOCA AS_IF([test "x$EMSCRIPTEN" = "x"],[ AC_CHECK_FUNCS([arc4random arc4random_buf]) - AC_CHECK_FUNCS([mmap mlock madvise mprotect memset_s explicit_bzero explicit_memset nanosleep]) + AC_CHECK_FUNCS([mmap mlock madvise mprotect]) + + AC_MSG_CHECKING(for getrandom with a standard API) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include +#ifdef HAVE_UNISTD_H +# include +#endif +#ifdef HAVE_SYS_RANDOM_H +# include +#endif +]], [[ +unsigned char buf; +(void) getrandom((void *) &buf, 1U, 0U); + ]])], + [AC_MSG_RESULT(yes) + AC_CHECK_FUNCS([getrandom])], + [AC_MSG_RESULT(no) + ]) + + AC_MSG_CHECKING(for getentropy with a standard API) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[ +#include +#ifdef HAVE_UNISTD_H +# include +#endif +#ifdef HAVE_SYS_RANDOM_H +# include +#endif +]], [[ +#ifdef __APPLE__ +# error getentropy() is currently disabled on Apple operating systems +#endif + +unsigned char buf; +(void) getentropy((void *) &buf, 1U); + ]])], + [AC_MSG_RESULT(yes) + AC_CHECK_FUNCS([getentropy])], + [AC_MSG_RESULT(no) + ]) ]) -AC_CHECK_FUNCS([posix_memalign getpid]) +AC_CHECK_FUNCS([posix_memalign getpid nanosleep]) +AC_CHECK_FUNCS([memset_s explicit_bzero explicit_memset]) AC_SUBST([LIBTOOL_EXTRA_FLAGS]) @@ -830,8 +849,7 @@ AS_IF([test "x$EMSCRIPTEN" != "x"],[ ]) AC_SUBST(TEST_LDFLAGS) AM_CONDITIONAL([EMSCRIPTEN], [test "x$EMSCRIPTEN" != "x"]) - -AM_CONDITIONAL([NATIVECLIENT], [test "x$NATIVECLIENT" != "x"]) +AM_CONDITIONAL([WASI], [test "x$WASI" != "x"]) AC_DEFINE([CONFIGURED], [1], [the build system was properly configured]) diff --git a/dist-build/Makefile.am b/dist-build/Makefile.am index 63a8298f..79949e74 100644 --- a/dist-build/Makefile.am +++ b/dist-build/Makefile.am @@ -12,7 +12,5 @@ EXTRA_DIST = \ ios.sh \ msys2-win32.sh \ msys2-win64.sh \ - nativeclient-pnacl.sh \ - nativeclient-x86.sh \ - nativeclient-x86_64.sh \ - watchos.sh + watchos.sh \ + wasm32-wasi.sh diff --git a/dist-build/Makefile.in b/dist-build/Makefile.in index 052987b6..b1ee185f 100644 --- a/dist-build/Makefile.in +++ b/dist-build/Makefile.in @@ -300,10 +300,8 @@ EXTRA_DIST = \ ios.sh \ msys2-win32.sh \ msys2-win64.sh \ - nativeclient-pnacl.sh \ - nativeclient-x86.sh \ - nativeclient-x86_64.sh \ - watchos.sh + watchos.sh \ + wasm32-wasi.sh all: all-am diff --git a/dist-build/android-build.sh b/dist-build/android-build.sh index d98ddead..76917504 100755 --- a/dist-build/android-build.sh +++ b/dist-build/android-build.sh @@ -33,6 +33,12 @@ export CC=${CC:-"${HOST_COMPILER}-clang"} rm -rf "${TOOLCHAIN_DIR}" "${PREFIX}" +echo +echo "Warnings related to headers being present but not usable are due to functions" +echo "that didn't exist in the specified minimum API version level." +echo "They can be safely ignored." +echo + echo if [ "$NDK_PLATFORM" != "$NDK_PLATFORM_COMPAT" ]; then echo "Building for platform [${NDK_PLATFORM}], retaining compatibility with platform [${NDK_PLATFORM_COMPAT}]" diff --git a/dist-build/emscripten-symbols.def b/dist-build/emscripten-symbols.def index d4a6ff04..b1761c5d 100644 --- a/dist-build/emscripten-symbols.def +++ b/dist-build/emscripten-symbols.def @@ -145,12 +145,16 @@ _crypto_box_seedbytes 1 1 _crypto_box_zerobytes 0 1 _crypto_core_ed25519_add 0 1 _crypto_core_ed25519_bytes 0 1 +_crypto_core_ed25519_from_hash 0 1 _crypto_core_ed25519_from_uniform 0 1 +_crypto_core_ed25519_hashbytes 0 1 _crypto_core_ed25519_is_valid_point 0 1 _crypto_core_ed25519_nonreducedscalarbytes 0 1 +_crypto_core_ed25519_random 0 1 _crypto_core_ed25519_scalar_add 0 1 _crypto_core_ed25519_scalar_complement 0 1 _crypto_core_ed25519_scalar_invert 0 1 +_crypto_core_ed25519_scalar_mul 0 1 _crypto_core_ed25519_scalar_negate 0 1 _crypto_core_ed25519_scalar_random 0 1 _crypto_core_ed25519_scalar_reduce 0 1 @@ -168,6 +172,24 @@ _crypto_core_hsalsa20_constbytes 0 1 _crypto_core_hsalsa20_inputbytes 0 1 _crypto_core_hsalsa20_keybytes 0 1 _crypto_core_hsalsa20_outputbytes 0 1 +_crypto_core_ristretto255_add 0 1 +_crypto_core_ristretto255_bytes 0 1 +_crypto_core_ristretto255_from_hash 0 1 +_crypto_core_ristretto255_hashbytes 0 1 +_crypto_core_ristretto255_is_valid_point 0 1 +_crypto_core_ristretto255_nonreducedscalarbytes 0 1 +_crypto_core_ristretto255_random 0 1 +_crypto_core_ristretto255_scalar_add 0 1 +_crypto_core_ristretto255_scalar_complement 0 1 +_crypto_core_ristretto255_scalar_invert 0 1 +_crypto_core_ristretto255_scalar_mul 0 1 +_crypto_core_ristretto255_scalar_negate 0 1 +_crypto_core_ristretto255_scalar_random 0 1 +_crypto_core_ristretto255_scalar_reduce 0 1 +_crypto_core_ristretto255_scalar_sub 0 1 +_crypto_core_ristretto255_scalarbytes 0 1 +_crypto_core_ristretto255_sub 0 1 +_crypto_core_ristretto255_uniformbytes 0 1 _crypto_core_salsa20 0 1 _crypto_core_salsa2012 0 1 _crypto_core_salsa2012_constbytes 0 1 @@ -371,6 +393,10 @@ _crypto_scalarmult_ed25519_bytes 0 1 _crypto_scalarmult_ed25519_noclamp 0 1 _crypto_scalarmult_ed25519_scalarbytes 0 1 _crypto_scalarmult_primitive 0 1 +_crypto_scalarmult_ristretto255 0 1 +_crypto_scalarmult_ristretto255_base 0 1 +_crypto_scalarmult_ristretto255_bytes 0 1 +_crypto_scalarmult_ristretto255_scalarbytes 0 1 _crypto_scalarmult_scalarbytes 1 1 _crypto_secretbox 0 1 _crypto_secretbox_boxzerobytes 0 1 diff --git a/dist-build/emscripten.sh b/dist-build/emscripten.sh index 7ab818e6..63bb9979 100755 --- a/dist-build/emscripten.sh +++ b/dist-build/emscripten.sh @@ -2,11 +2,11 @@ export MAKE_FLAGS='-j4' export EXPORTED_FUNCTIONS_STANDARD='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_verify","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_generichash","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_saltbytes","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' -export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_messagebytes_max","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_messagebytes_max","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_nonreducedscalarbytes","_crypto_core_ed25519_scalar_add","_crypto_core_ed25519_scalar_complement","_crypto_core_ed25519_scalar_invert","_crypto_core_ed25519_scalar_negate","_crypto_core_ed25519_scalar_random","_crypto_core_ed25519_scalar_reduce","_crypto_core_ed25519_scalar_sub","_crypto_core_ed25519_scalarbytes","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_base_noclamp","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_noclamp","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_messagebytes_max","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_messagebytes_max","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_messagebytes_max","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_messagebytes_max","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_messagebytes_max","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_messagebytes_max","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_messagebytes_max","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_messagebytes_max","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_messagebytes_max","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_messagebytes_max","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' -export EXPORTED_RUNTIME_METHODS='["UTF8ToString","Pointer_stringify","getValue","setValue"]' -export TOTAL_MEMORY=16777216 -export TOTAL_MEMORY_SUMO=16777216 -export TOTAL_MEMORY_TESTS=16777216 +export EXPORTED_FUNCTIONS_SUMO='["_malloc","_free","_crypto_aead_chacha20poly1305_abytes","_crypto_aead_chacha20poly1305_decrypt","_crypto_aead_chacha20poly1305_decrypt_detached","_crypto_aead_chacha20poly1305_encrypt","_crypto_aead_chacha20poly1305_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_abytes","_crypto_aead_chacha20poly1305_ietf_decrypt","_crypto_aead_chacha20poly1305_ietf_decrypt_detached","_crypto_aead_chacha20poly1305_ietf_encrypt","_crypto_aead_chacha20poly1305_ietf_encrypt_detached","_crypto_aead_chacha20poly1305_ietf_keybytes","_crypto_aead_chacha20poly1305_ietf_keygen","_crypto_aead_chacha20poly1305_ietf_messagebytes_max","_crypto_aead_chacha20poly1305_ietf_npubbytes","_crypto_aead_chacha20poly1305_ietf_nsecbytes","_crypto_aead_chacha20poly1305_keybytes","_crypto_aead_chacha20poly1305_keygen","_crypto_aead_chacha20poly1305_messagebytes_max","_crypto_aead_chacha20poly1305_npubbytes","_crypto_aead_chacha20poly1305_nsecbytes","_crypto_aead_xchacha20poly1305_ietf_abytes","_crypto_aead_xchacha20poly1305_ietf_decrypt","_crypto_aead_xchacha20poly1305_ietf_decrypt_detached","_crypto_aead_xchacha20poly1305_ietf_encrypt","_crypto_aead_xchacha20poly1305_ietf_encrypt_detached","_crypto_aead_xchacha20poly1305_ietf_keybytes","_crypto_aead_xchacha20poly1305_ietf_keygen","_crypto_aead_xchacha20poly1305_ietf_messagebytes_max","_crypto_aead_xchacha20poly1305_ietf_npubbytes","_crypto_aead_xchacha20poly1305_ietf_nsecbytes","_crypto_auth","_crypto_auth_bytes","_crypto_auth_hmacsha256","_crypto_auth_hmacsha256_bytes","_crypto_auth_hmacsha256_final","_crypto_auth_hmacsha256_init","_crypto_auth_hmacsha256_keybytes","_crypto_auth_hmacsha256_keygen","_crypto_auth_hmacsha256_statebytes","_crypto_auth_hmacsha256_update","_crypto_auth_hmacsha256_verify","_crypto_auth_hmacsha512","_crypto_auth_hmacsha512256","_crypto_auth_hmacsha512256_bytes","_crypto_auth_hmacsha512256_final","_crypto_auth_hmacsha512256_init","_crypto_auth_hmacsha512256_keybytes","_crypto_auth_hmacsha512256_keygen","_crypto_auth_hmacsha512256_statebytes","_crypto_auth_hmacsha512256_update","_crypto_auth_hmacsha512256_verify","_crypto_auth_hmacsha512_bytes","_crypto_auth_hmacsha512_final","_crypto_auth_hmacsha512_init","_crypto_auth_hmacsha512_keybytes","_crypto_auth_hmacsha512_keygen","_crypto_auth_hmacsha512_statebytes","_crypto_auth_hmacsha512_update","_crypto_auth_hmacsha512_verify","_crypto_auth_keybytes","_crypto_auth_keygen","_crypto_auth_primitive","_crypto_auth_verify","_crypto_box","_crypto_box_afternm","_crypto_box_beforenm","_crypto_box_beforenmbytes","_crypto_box_boxzerobytes","_crypto_box_curve25519xchacha20poly1305_beforenm","_crypto_box_curve25519xchacha20poly1305_beforenmbytes","_crypto_box_curve25519xchacha20poly1305_detached","_crypto_box_curve25519xchacha20poly1305_detached_afternm","_crypto_box_curve25519xchacha20poly1305_easy","_crypto_box_curve25519xchacha20poly1305_easy_afternm","_crypto_box_curve25519xchacha20poly1305_keypair","_crypto_box_curve25519xchacha20poly1305_macbytes","_crypto_box_curve25519xchacha20poly1305_messagebytes_max","_crypto_box_curve25519xchacha20poly1305_noncebytes","_crypto_box_curve25519xchacha20poly1305_open_detached","_crypto_box_curve25519xchacha20poly1305_open_detached_afternm","_crypto_box_curve25519xchacha20poly1305_open_easy","_crypto_box_curve25519xchacha20poly1305_open_easy_afternm","_crypto_box_curve25519xchacha20poly1305_publickeybytes","_crypto_box_curve25519xchacha20poly1305_seal","_crypto_box_curve25519xchacha20poly1305_seal_open","_crypto_box_curve25519xchacha20poly1305_sealbytes","_crypto_box_curve25519xchacha20poly1305_secretkeybytes","_crypto_box_curve25519xchacha20poly1305_seed_keypair","_crypto_box_curve25519xchacha20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305","_crypto_box_curve25519xsalsa20poly1305_afternm","_crypto_box_curve25519xsalsa20poly1305_beforenm","_crypto_box_curve25519xsalsa20poly1305_beforenmbytes","_crypto_box_curve25519xsalsa20poly1305_boxzerobytes","_crypto_box_curve25519xsalsa20poly1305_keypair","_crypto_box_curve25519xsalsa20poly1305_macbytes","_crypto_box_curve25519xsalsa20poly1305_messagebytes_max","_crypto_box_curve25519xsalsa20poly1305_noncebytes","_crypto_box_curve25519xsalsa20poly1305_open","_crypto_box_curve25519xsalsa20poly1305_open_afternm","_crypto_box_curve25519xsalsa20poly1305_publickeybytes","_crypto_box_curve25519xsalsa20poly1305_secretkeybytes","_crypto_box_curve25519xsalsa20poly1305_seed_keypair","_crypto_box_curve25519xsalsa20poly1305_seedbytes","_crypto_box_curve25519xsalsa20poly1305_zerobytes","_crypto_box_detached","_crypto_box_detached_afternm","_crypto_box_easy","_crypto_box_easy_afternm","_crypto_box_keypair","_crypto_box_macbytes","_crypto_box_messagebytes_max","_crypto_box_noncebytes","_crypto_box_open","_crypto_box_open_afternm","_crypto_box_open_detached","_crypto_box_open_detached_afternm","_crypto_box_open_easy","_crypto_box_open_easy_afternm","_crypto_box_primitive","_crypto_box_publickeybytes","_crypto_box_seal","_crypto_box_seal_open","_crypto_box_sealbytes","_crypto_box_secretkeybytes","_crypto_box_seed_keypair","_crypto_box_seedbytes","_crypto_box_zerobytes","_crypto_core_ed25519_add","_crypto_core_ed25519_bytes","_crypto_core_ed25519_from_hash","_crypto_core_ed25519_from_uniform","_crypto_core_ed25519_hashbytes","_crypto_core_ed25519_is_valid_point","_crypto_core_ed25519_nonreducedscalarbytes","_crypto_core_ed25519_random","_crypto_core_ed25519_scalar_add","_crypto_core_ed25519_scalar_complement","_crypto_core_ed25519_scalar_invert","_crypto_core_ed25519_scalar_mul","_crypto_core_ed25519_scalar_negate","_crypto_core_ed25519_scalar_random","_crypto_core_ed25519_scalar_reduce","_crypto_core_ed25519_scalar_sub","_crypto_core_ed25519_scalarbytes","_crypto_core_ed25519_sub","_crypto_core_ed25519_uniformbytes","_crypto_core_hchacha20","_crypto_core_hchacha20_constbytes","_crypto_core_hchacha20_inputbytes","_crypto_core_hchacha20_keybytes","_crypto_core_hchacha20_outputbytes","_crypto_core_hsalsa20","_crypto_core_hsalsa20_constbytes","_crypto_core_hsalsa20_inputbytes","_crypto_core_hsalsa20_keybytes","_crypto_core_hsalsa20_outputbytes","_crypto_core_ristretto255_add","_crypto_core_ristretto255_bytes","_crypto_core_ristretto255_from_hash","_crypto_core_ristretto255_hashbytes","_crypto_core_ristretto255_is_valid_point","_crypto_core_ristretto255_nonreducedscalarbytes","_crypto_core_ristretto255_random","_crypto_core_ristretto255_scalar_add","_crypto_core_ristretto255_scalar_complement","_crypto_core_ristretto255_scalar_invert","_crypto_core_ristretto255_scalar_mul","_crypto_core_ristretto255_scalar_negate","_crypto_core_ristretto255_scalar_random","_crypto_core_ristretto255_scalar_reduce","_crypto_core_ristretto255_scalar_sub","_crypto_core_ristretto255_scalarbytes","_crypto_core_ristretto255_sub","_crypto_core_salsa20","_crypto_core_salsa2012","_crypto_core_salsa2012_constbytes","_crypto_core_salsa2012_inputbytes","_crypto_core_salsa2012_keybytes","_crypto_core_salsa2012_outputbytes","_crypto_core_salsa208","_crypto_core_salsa208_constbytes","_crypto_core_salsa208_inputbytes","_crypto_core_salsa208_keybytes","_crypto_core_salsa208_outputbytes","_crypto_core_salsa20_constbytes","_crypto_core_salsa20_inputbytes","_crypto_core_salsa20_keybytes","_crypto_core_salsa20_outputbytes","_crypto_generichash","_crypto_generichash_blake2b","_crypto_generichash_blake2b_bytes","_crypto_generichash_blake2b_bytes_max","_crypto_generichash_blake2b_bytes_min","_crypto_generichash_blake2b_final","_crypto_generichash_blake2b_init","_crypto_generichash_blake2b_init_salt_personal","_crypto_generichash_blake2b_keybytes","_crypto_generichash_blake2b_keybytes_max","_crypto_generichash_blake2b_keybytes_min","_crypto_generichash_blake2b_keygen","_crypto_generichash_blake2b_personalbytes","_crypto_generichash_blake2b_salt_personal","_crypto_generichash_blake2b_saltbytes","_crypto_generichash_blake2b_statebytes","_crypto_generichash_blake2b_update","_crypto_generichash_bytes","_crypto_generichash_bytes_max","_crypto_generichash_bytes_min","_crypto_generichash_final","_crypto_generichash_init","_crypto_generichash_keybytes","_crypto_generichash_keybytes_max","_crypto_generichash_keybytes_min","_crypto_generichash_keygen","_crypto_generichash_primitive","_crypto_generichash_statebytes","_crypto_generichash_update","_crypto_hash","_crypto_hash_bytes","_crypto_hash_primitive","_crypto_hash_sha256","_crypto_hash_sha256_bytes","_crypto_hash_sha256_final","_crypto_hash_sha256_init","_crypto_hash_sha256_statebytes","_crypto_hash_sha256_update","_crypto_hash_sha512","_crypto_hash_sha512_bytes","_crypto_hash_sha512_final","_crypto_hash_sha512_init","_crypto_hash_sha512_statebytes","_crypto_hash_sha512_update","_crypto_kdf_blake2b_bytes_max","_crypto_kdf_blake2b_bytes_min","_crypto_kdf_blake2b_contextbytes","_crypto_kdf_blake2b_derive_from_key","_crypto_kdf_blake2b_keybytes","_crypto_kdf_bytes_max","_crypto_kdf_bytes_min","_crypto_kdf_contextbytes","_crypto_kdf_derive_from_key","_crypto_kdf_keybytes","_crypto_kdf_keygen","_crypto_kdf_primitive","_crypto_kx_client_session_keys","_crypto_kx_keypair","_crypto_kx_primitive","_crypto_kx_publickeybytes","_crypto_kx_secretkeybytes","_crypto_kx_seed_keypair","_crypto_kx_seedbytes","_crypto_kx_server_session_keys","_crypto_kx_sessionkeybytes","_crypto_onetimeauth","_crypto_onetimeauth_bytes","_crypto_onetimeauth_final","_crypto_onetimeauth_init","_crypto_onetimeauth_keybytes","_crypto_onetimeauth_keygen","_crypto_onetimeauth_poly1305","_crypto_onetimeauth_poly1305_bytes","_crypto_onetimeauth_poly1305_final","_crypto_onetimeauth_poly1305_init","_crypto_onetimeauth_poly1305_keybytes","_crypto_onetimeauth_poly1305_keygen","_crypto_onetimeauth_poly1305_statebytes","_crypto_onetimeauth_poly1305_update","_crypto_onetimeauth_poly1305_verify","_crypto_onetimeauth_primitive","_crypto_onetimeauth_statebytes","_crypto_onetimeauth_update","_crypto_onetimeauth_verify","_crypto_pwhash","_crypto_pwhash_alg_argon2i13","_crypto_pwhash_alg_argon2id13","_crypto_pwhash_alg_default","_crypto_pwhash_argon2i","_crypto_pwhash_argon2i_alg_argon2i13","_crypto_pwhash_argon2i_bytes_max","_crypto_pwhash_argon2i_bytes_min","_crypto_pwhash_argon2i_memlimit_interactive","_crypto_pwhash_argon2i_memlimit_max","_crypto_pwhash_argon2i_memlimit_min","_crypto_pwhash_argon2i_memlimit_moderate","_crypto_pwhash_argon2i_memlimit_sensitive","_crypto_pwhash_argon2i_opslimit_interactive","_crypto_pwhash_argon2i_opslimit_max","_crypto_pwhash_argon2i_opslimit_min","_crypto_pwhash_argon2i_opslimit_moderate","_crypto_pwhash_argon2i_opslimit_sensitive","_crypto_pwhash_argon2i_passwd_max","_crypto_pwhash_argon2i_passwd_min","_crypto_pwhash_argon2i_saltbytes","_crypto_pwhash_argon2i_str","_crypto_pwhash_argon2i_str_needs_rehash","_crypto_pwhash_argon2i_str_verify","_crypto_pwhash_argon2i_strbytes","_crypto_pwhash_argon2i_strprefix","_crypto_pwhash_argon2id","_crypto_pwhash_argon2id_alg_argon2id13","_crypto_pwhash_argon2id_bytes_max","_crypto_pwhash_argon2id_bytes_min","_crypto_pwhash_argon2id_memlimit_interactive","_crypto_pwhash_argon2id_memlimit_max","_crypto_pwhash_argon2id_memlimit_min","_crypto_pwhash_argon2id_memlimit_moderate","_crypto_pwhash_argon2id_memlimit_sensitive","_crypto_pwhash_argon2id_opslimit_interactive","_crypto_pwhash_argon2id_opslimit_max","_crypto_pwhash_argon2id_opslimit_min","_crypto_pwhash_argon2id_opslimit_moderate","_crypto_pwhash_argon2id_opslimit_sensitive","_crypto_pwhash_argon2id_passwd_max","_crypto_pwhash_argon2id_passwd_min","_crypto_pwhash_argon2id_saltbytes","_crypto_pwhash_argon2id_str","_crypto_pwhash_argon2id_str_needs_rehash","_crypto_pwhash_argon2id_str_verify","_crypto_pwhash_argon2id_strbytes","_crypto_pwhash_argon2id_strprefix","_crypto_pwhash_bytes_max","_crypto_pwhash_bytes_min","_crypto_pwhash_memlimit_interactive","_crypto_pwhash_memlimit_max","_crypto_pwhash_memlimit_min","_crypto_pwhash_memlimit_moderate","_crypto_pwhash_memlimit_sensitive","_crypto_pwhash_opslimit_interactive","_crypto_pwhash_opslimit_max","_crypto_pwhash_opslimit_min","_crypto_pwhash_opslimit_moderate","_crypto_pwhash_opslimit_sensitive","_crypto_pwhash_passwd_max","_crypto_pwhash_passwd_min","_crypto_pwhash_primitive","_crypto_pwhash_saltbytes","_crypto_pwhash_scryptsalsa208sha256","_crypto_pwhash_scryptsalsa208sha256_bytes_max","_crypto_pwhash_scryptsalsa208sha256_bytes_min","_crypto_pwhash_scryptsalsa208sha256_ll","_crypto_pwhash_scryptsalsa208sha256_memlimit_interactive","_crypto_pwhash_scryptsalsa208sha256_memlimit_max","_crypto_pwhash_scryptsalsa208sha256_memlimit_min","_crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_opslimit_interactive","_crypto_pwhash_scryptsalsa208sha256_opslimit_max","_crypto_pwhash_scryptsalsa208sha256_opslimit_min","_crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive","_crypto_pwhash_scryptsalsa208sha256_passwd_max","_crypto_pwhash_scryptsalsa208sha256_passwd_min","_crypto_pwhash_scryptsalsa208sha256_saltbytes","_crypto_pwhash_scryptsalsa208sha256_str","_crypto_pwhash_scryptsalsa208sha256_str_needs_rehash","_crypto_pwhash_scryptsalsa208sha256_str_verify","_crypto_pwhash_scryptsalsa208sha256_strbytes","_crypto_pwhash_scryptsalsa208sha256_strprefix","_crypto_pwhash_str","_crypto_pwhash_str_alg","_crypto_pwhash_str_needs_rehash","_crypto_pwhash_str_verify","_crypto_pwhash_strbytes","_crypto_pwhash_strprefix","_crypto_scalarmult","_crypto_scalarmult_base","_crypto_scalarmult_bytes","_crypto_scalarmult_curve25519","_crypto_scalarmult_curve25519_base","_crypto_scalarmult_curve25519_bytes","_crypto_scalarmult_curve25519_scalarbytes","_crypto_scalarmult_ed25519","_crypto_scalarmult_ed25519_base","_crypto_scalarmult_ed25519_base_noclamp","_crypto_scalarmult_ed25519_bytes","_crypto_scalarmult_ed25519_noclamp","_crypto_scalarmult_ed25519_scalarbytes","_crypto_scalarmult_primitive","_crypto_scalarmult_ristretto255","_crypto_scalarmult_ristretto255_base","_crypto_scalarmult_ristretto255_bytes","_crypto_scalarmult_ristretto255_scalarbytes","_crypto_scalarmult_scalarbytes","_crypto_secretbox","_crypto_secretbox_boxzerobytes","_crypto_secretbox_detached","_crypto_secretbox_easy","_crypto_secretbox_keybytes","_crypto_secretbox_keygen","_crypto_secretbox_macbytes","_crypto_secretbox_messagebytes_max","_crypto_secretbox_noncebytes","_crypto_secretbox_open","_crypto_secretbox_open_detached","_crypto_secretbox_open_easy","_crypto_secretbox_primitive","_crypto_secretbox_xchacha20poly1305_detached","_crypto_secretbox_xchacha20poly1305_easy","_crypto_secretbox_xchacha20poly1305_keybytes","_crypto_secretbox_xchacha20poly1305_macbytes","_crypto_secretbox_xchacha20poly1305_messagebytes_max","_crypto_secretbox_xchacha20poly1305_noncebytes","_crypto_secretbox_xchacha20poly1305_open_detached","_crypto_secretbox_xchacha20poly1305_open_easy","_crypto_secretbox_xsalsa20poly1305","_crypto_secretbox_xsalsa20poly1305_boxzerobytes","_crypto_secretbox_xsalsa20poly1305_keybytes","_crypto_secretbox_xsalsa20poly1305_keygen","_crypto_secretbox_xsalsa20poly1305_macbytes","_crypto_secretbox_xsalsa20poly1305_messagebytes_max","_crypto_secretbox_xsalsa20poly1305_noncebytes","_crypto_secretbox_xsalsa20poly1305_open","_crypto_secretbox_xsalsa20poly1305_zerobytes","_crypto_secretbox_zerobytes","_crypto_secretstream_xchacha20poly1305_abytes","_crypto_secretstream_xchacha20poly1305_headerbytes","_crypto_secretstream_xchacha20poly1305_init_pull","_crypto_secretstream_xchacha20poly1305_init_push","_crypto_secretstream_xchacha20poly1305_keybytes","_crypto_secretstream_xchacha20poly1305_keygen","_crypto_secretstream_xchacha20poly1305_messagebytes_max","_crypto_secretstream_xchacha20poly1305_pull","_crypto_secretstream_xchacha20poly1305_push","_crypto_secretstream_xchacha20poly1305_rekey","_crypto_secretstream_xchacha20poly1305_statebytes","_crypto_secretstream_xchacha20poly1305_tag_final","_crypto_secretstream_xchacha20poly1305_tag_message","_crypto_secretstream_xchacha20poly1305_tag_push","_crypto_secretstream_xchacha20poly1305_tag_rekey","_crypto_shorthash","_crypto_shorthash_bytes","_crypto_shorthash_keybytes","_crypto_shorthash_keygen","_crypto_shorthash_primitive","_crypto_shorthash_siphash24","_crypto_shorthash_siphash24_bytes","_crypto_shorthash_siphash24_keybytes","_crypto_shorthash_siphashx24","_crypto_shorthash_siphashx24_bytes","_crypto_shorthash_siphashx24_keybytes","_crypto_sign","_crypto_sign_bytes","_crypto_sign_detached","_crypto_sign_ed25519","_crypto_sign_ed25519_bytes","_crypto_sign_ed25519_detached","_crypto_sign_ed25519_keypair","_crypto_sign_ed25519_messagebytes_max","_crypto_sign_ed25519_open","_crypto_sign_ed25519_pk_to_curve25519","_crypto_sign_ed25519_publickeybytes","_crypto_sign_ed25519_secretkeybytes","_crypto_sign_ed25519_seed_keypair","_crypto_sign_ed25519_seedbytes","_crypto_sign_ed25519_sk_to_curve25519","_crypto_sign_ed25519_sk_to_pk","_crypto_sign_ed25519_sk_to_seed","_crypto_sign_ed25519_verify_detached","_crypto_sign_ed25519ph_final_create","_crypto_sign_ed25519ph_final_verify","_crypto_sign_ed25519ph_init","_crypto_sign_ed25519ph_statebytes","_crypto_sign_ed25519ph_update","_crypto_sign_final_create","_crypto_sign_final_verify","_crypto_sign_init","_crypto_sign_keypair","_crypto_sign_messagebytes_max","_crypto_sign_open","_crypto_sign_primitive","_crypto_sign_publickeybytes","_crypto_sign_secretkeybytes","_crypto_sign_seed_keypair","_crypto_sign_seedbytes","_crypto_sign_statebytes","_crypto_sign_update","_crypto_sign_verify_detached","_crypto_stream","_crypto_stream_chacha20","_crypto_stream_chacha20_ietf","_crypto_stream_chacha20_ietf_keybytes","_crypto_stream_chacha20_ietf_keygen","_crypto_stream_chacha20_ietf_messagebytes_max","_crypto_stream_chacha20_ietf_noncebytes","_crypto_stream_chacha20_ietf_xor","_crypto_stream_chacha20_ietf_xor_ic","_crypto_stream_chacha20_keybytes","_crypto_stream_chacha20_keygen","_crypto_stream_chacha20_messagebytes_max","_crypto_stream_chacha20_noncebytes","_crypto_stream_chacha20_xor","_crypto_stream_chacha20_xor_ic","_crypto_stream_keybytes","_crypto_stream_keygen","_crypto_stream_messagebytes_max","_crypto_stream_noncebytes","_crypto_stream_primitive","_crypto_stream_salsa20","_crypto_stream_salsa2012","_crypto_stream_salsa2012_keybytes","_crypto_stream_salsa2012_keygen","_crypto_stream_salsa2012_messagebytes_max","_crypto_stream_salsa2012_noncebytes","_crypto_stream_salsa2012_xor","_crypto_stream_salsa208","_crypto_stream_salsa208_keybytes","_crypto_stream_salsa208_keygen","_crypto_stream_salsa208_messagebytes_max","_crypto_stream_salsa208_noncebytes","_crypto_stream_salsa208_xor","_crypto_stream_salsa20_keybytes","_crypto_stream_salsa20_keygen","_crypto_stream_salsa20_messagebytes_max","_crypto_stream_salsa20_noncebytes","_crypto_stream_salsa20_xor","_crypto_stream_salsa20_xor_ic","_crypto_stream_xchacha20","_crypto_stream_xchacha20_keybytes","_crypto_stream_xchacha20_keygen","_crypto_stream_xchacha20_messagebytes_max","_crypto_stream_xchacha20_noncebytes","_crypto_stream_xchacha20_xor","_crypto_stream_xchacha20_xor_ic","_crypto_stream_xor","_crypto_stream_xsalsa20","_crypto_stream_xsalsa20_keybytes","_crypto_stream_xsalsa20_keygen","_crypto_stream_xsalsa20_messagebytes_max","_crypto_stream_xsalsa20_noncebytes","_crypto_stream_xsalsa20_xor","_crypto_stream_xsalsa20_xor_ic","_crypto_verify_16","_crypto_verify_16_bytes","_crypto_verify_32","_crypto_verify_32_bytes","_crypto_verify_64","_crypto_verify_64_bytes","_randombytes","_randombytes_buf","_randombytes_buf_deterministic","_randombytes_close","_randombytes_implementation_name","_randombytes_random","_randombytes_seedbytes","_randombytes_stir","_randombytes_uniform","_sodium_base642bin","_sodium_base64_encoded_len","_sodium_bin2base64","_sodium_bin2hex","_sodium_hex2bin","_sodium_init","_sodium_library_minimal","_sodium_library_version_major","_sodium_library_version_minor","_sodium_pad","_sodium_unpad","_sodium_version_string"]' +export EXPORTED_RUNTIME_METHODS='["UTF8ToString","getValue","setValue"]' +export MAX_MEMORY=16777216 +export MAX_MEMORY_SUMO=16777216 +export MAX_MEMORY_TESTS=16777216 export LDFLAGS="-s RESERVED_FUNCTION_POINTERS=8" export LDFLAGS="${LDFLAGS} -s ALLOW_MEMORY_GROWTH=1" export LDFLAGS="${LDFLAGS} -s SINGLE_FILE=1" @@ -19,7 +19,7 @@ export CFLAGS="-Os" echo if [ "x$1" = "x--standard" ]; then export EXPORTED_FUNCTIONS="$EXPORTED_FUNCTIONS_STANDARD" - export LDFLAGS="${LDFLAGS} ${LDFLAGS_DIST} -s TOTAL_MEMORY=${TOTAL_MEMORY}" + export LDFLAGS="${LDFLAGS} ${LDFLAGS_DIST} -s TOTAL_MEMORY=${MAX_MEMORY}" export PREFIX="$(pwd)/libsodium-js" export DONE_FILE="$(pwd)/js.done" export CONFIG_EXTRA="--enable-minimal" @@ -27,14 +27,14 @@ if [ "x$1" = "x--standard" ]; then echo "Building a standard distribution in [${PREFIX}]" elif [ "x$1" = "x--sumo" ]; then export EXPORTED_FUNCTIONS="$EXPORTED_FUNCTIONS_SUMO" - export LDFLAGS="${LDFLAGS} ${LDFLAGS_DIST} -s TOTAL_MEMORY=${TOTAL_MEMORY_SUMO}" + export LDFLAGS="${LDFLAGS} ${LDFLAGS_DIST} -s TOTAL_MEMORY=${MAX_MEMORY_SUMO}" export PREFIX="$(pwd)/libsodium-js-sumo" export DONE_FILE="$(pwd)/js-sumo.done" export DIST='yes' echo "Building a sumo distribution in [${PREFIX}]" elif [ "x$1" = "x--browser-tests" ]; then export EXPORTED_FUNCTIONS="$EXPORTED_FUNCTIONS_SUMO" - export LDFLAGS="${LDFLAGS} -s TOTAL_MEMORY=${TOTAL_MEMORY_TESTS}" + export LDFLAGS="${LDFLAGS} -s TOTAL_MEMORY=${MAX_MEMORY_TESTS}" export PREFIX="$(pwd)/libsodium-js-tests" export DONE_FILE="$(pwd)/js-tests-browser.done" export BROWSER_TESTS='yes' @@ -44,7 +44,7 @@ elif [ "x$1" = "x--tests" ]; then echo "Building for testing" export EXPORTED_FUNCTIONS="$EXPORTED_FUNCTIONS_SUMO" export CPPFLAGS="${CPPFLAGS} -DBENCHMARKS -DITERATIONS=10" - export LDFLAGS="${LDFLAGS} -s TOTAL_MEMORY=${TOTAL_MEMORY_TESTS}" + export LDFLAGS="${LDFLAGS} -s TOTAL_MEMORY=${MAX_MEMORY_TESTS}" export PREFIX="$(pwd)/libsodium-js-tests" export DONE_FILE="$(pwd)/js-tests.done" export DIST='no' diff --git a/dist-build/ios.sh b/dist-build/ios.sh index 0575b090..2a2122ab 100755 --- a/dist-build/ios.sh +++ b/dist-build/ios.sh @@ -20,6 +20,12 @@ export XCODEDIR=$(xcode-select -p) export IOS_SIMULATOR_VERSION_MIN=${IOS_SIMULATOR_VERSION_MIN-"6.0.0"} export IOS_VERSION_MIN=${IOS_VERSION_MIN-"6.0.0"} +echo +echo "Warnings related to headers being present but not usable are due to functions" +echo "that didn't exist in the specified minimum iOS version level." +echo "They can be safely ignored." +echo + mkdir -p $SIMULATOR32_PREFIX $SIMULATOR64_PREFIX $IOS32_PREFIX $IOS32s_PREFIX $IOS64_PREFIX || exit 1 # Build for the simulator diff --git a/dist-build/nativeclient-pnacl.sh b/dist-build/nativeclient-pnacl.sh deleted file mode 100755 index 020bb52c..00000000 --- a/dist-build/nativeclient-pnacl.sh +++ /dev/null @@ -1,37 +0,0 @@ -#! /bin/sh - -export NACL_SDK_ROOT=${NACL_SDK_ROOT-"/opt/nacl_sdk/pepper_49"} -export NACL_TOOLCHAIN=${NACL_TOOLCHAIN-"${NACL_SDK_ROOT}/toolchain/mac_pnacl"} -export NACL_BIN=${NACL_BIN-"${NACL_TOOLCHAIN}/bin"} -export PREFIX="$(pwd)/libsodium-nativeclient" -export PATH="${NACL_BIN}:$PATH" -export AR=${AR-"pnacl-ar"} -export AS=${AS-"pnacl-as"} -export CC=${CC-"pnacl-clang"} -export LD=${LD-"pnacl-ld"} -export NM=${NM-"pnacl-nm"} -export RANLIB=${RANLIB-"pnacl-ranlib"} -export PNACL_FINALIZE=${PNACL_FINALIZE-"pnacl-finalize"} -export PNACL_TRANSLATE=${PNACL_TRANSLATE-"pnacl-translate"} -export CFLAGS="-O3 -fomit-frame-pointer -fforce-addr" - -mkdir -p $PREFIX || exit 1 - -make distclean > /dev/null - -if [ -z "$LIBSODIUM_FULL_BUILD" ]; then - export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" -else - export LIBSODIUM_ENABLE_MINIMAL_FLAG="" -fi - -./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ - --host=nacl \ - --disable-ssp --without-pthreads \ - --prefix="$PREFIX" || exit 1 - - -NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null) -PROCESSORS=${NPROCESSORS:-3} - -make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/nativeclient-x86.sh b/dist-build/nativeclient-x86.sh deleted file mode 100755 index 975add58..00000000 --- a/dist-build/nativeclient-x86.sh +++ /dev/null @@ -1,29 +0,0 @@ -#! /bin/sh - -export NACL_SDK_ROOT=${NACL_SDK_ROOT-"/opt/nacl_sdk/pepper_49"} -export NACL_TOOLCHAIN=${NACL_TOOLCHAIN-"${NACL_SDK_ROOT}/toolchain/mac_x86_glibc"} -export NACL_BIN=${NACL_BIN-"${NACL_TOOLCHAIN}/bin"} -export PREFIX="$(pwd)/libsodium-nativeclient-x86" -export PATH="${NACL_BIN}:$PATH" -export CFLAGS="-O3 -fomit-frame-pointer -fforce-addr" - -mkdir -p $PREFIX || exit 1 - -make distclean > /dev/null - -if [ -z "$LIBSODIUM_FULL_BUILD" ]; then - export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" -else - export LIBSODIUM_ENABLE_MINIMAL_FLAG="" -fi - - -./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ - --host=i686-nacl \ - --disable-ssp --without-pthreads \ - --prefix="$PREFIX" || exit 1 - -NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null) -PROCESSORS=${NPROCESSORS:-3} - -make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/nativeclient-x86_64.sh b/dist-build/nativeclient-x86_64.sh deleted file mode 100755 index 43a44c8e..00000000 --- a/dist-build/nativeclient-x86_64.sh +++ /dev/null @@ -1,29 +0,0 @@ -#! /bin/sh - -export NACL_SDK_ROOT=${NACL_SDK_ROOT-"/opt/nacl_sdk/pepper_49"} -export NACL_TOOLCHAIN=${NACL_TOOLCHAIN-"${NACL_SDK_ROOT}/toolchain/mac_x86_glibc"} -export NACL_BIN=${NACL_BIN-"${NACL_TOOLCHAIN}/bin"} -export PREFIX="$(pwd)/libsodium-nativeclient-x86_64" -export PATH="${NACL_BIN}:$PATH" -export CFLAGS="-O3 -fomit-frame-pointer -fforce-addr" - -mkdir -p $PREFIX || exit 1 - -make distclean > /dev/null - -if [ -z "$LIBSODIUM_FULL_BUILD" ]; then - export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" -else - export LIBSODIUM_ENABLE_MINIMAL_FLAG="" -fi - -./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ - --host=x86_64-nacl \ - --disable-ssp --without-pthreads \ - --prefix="$PREFIX" || exit 1 - - -NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null) -PROCESSORS=${NPROCESSORS:-3} - -make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1 diff --git a/dist-build/wasm32-wasi.sh b/dist-build/wasm32-wasi.sh new file mode 100755 index 00000000..0b28dff7 --- /dev/null +++ b/dist-build/wasm32-wasi.sh @@ -0,0 +1,49 @@ +#! /bin/sh + +if [ -z "$WASI_SYSROOT" ]; then + export WASI_SYSROOT="/opt/wasi-sysroot" +fi + +export PATH="/usr/local/opt/llvm/bin:$PATH" + +export PREFIX="$(pwd)/libsodium-wasm32-wasi" + +mkdir -p $PREFIX || exit 1 + +export CC="clang" +export CFLAGS="-DED25519_NONDETERMINISTIC=1 --target=wasm32-wasi --sysroot=${WASI_SYSROOT} -O2" +export LDFLAGS="-s -Wl,--no-threads" +export NM="llvm-nm" +export AR="llvm-ar" +export RANLIB="llvm-ranlib" +export STRIP="llvm-strip" + +make distclean > /dev/null + +grep -q -F -- 'wasi' build-aux/config.sub || \ + sed -i -e 's/-nacl\*)/-nacl*|-wasi)/' build-aux/config.sub + +if [ "x$1" = "x--bench" ]; then + export BENCHMARKS=1 + export CPPFLAGS="-DBENCHMARKS -DITERATIONS=100" +fi + +if [ -n "$LIBSODIUM_MINIMAL_BUILD" ]; then + export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal" +else + export LIBSODIUM_ENABLE_MINIMAL_FLAG="" +fi + +./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \ + --prefix="$PREFIX" --with-sysroot="$WASI_SYSROOT" \ + --host=wasm32-wasi \ + --disable-ssp --disable-shared || exit 1 + +NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null) +PROCESSORS=${NPROCESSORS:-3} + +if [ -z "$BENCHMARKS" ]; then + make -j${PROCESSORS} check && make install && make distclean > /dev/null +else + make -j${PROCESSORS} && make check +fi diff --git a/libsodium.vcxproj b/libsodium.vcxproj index 63d5f956..e3b20729 100644 --- a/libsodium.vcxproj +++ b/libsodium.vcxproj @@ -364,6 +364,7 @@ + @@ -376,8 +377,7 @@ - - + @@ -419,6 +419,7 @@ + @@ -438,7 +439,6 @@ - @@ -448,6 +448,7 @@ + @@ -455,6 +456,7 @@ + @@ -465,7 +467,6 @@ - @@ -484,6 +485,7 @@ + diff --git a/libsodium.vcxproj.filters b/libsodium.vcxproj.filters index b4a4ea96..c8866164 100644 --- a/libsodium.vcxproj.filters +++ b/libsodium.vcxproj.filters @@ -162,6 +162,9 @@ Source Files + + Source Files + Source Files @@ -198,10 +201,7 @@ Source Files - - Source Files - - + Source Files @@ -327,6 +327,9 @@ Source Files + + Source Files + Source Files @@ -380,9 +383,6 @@ Header Files - - Header Files - Header Files @@ -410,6 +410,9 @@ Header Files + + Header Files + Header Files @@ -431,6 +434,9 @@ Header Files + + Header Files + Header Files @@ -461,9 +467,6 @@ Header Files - - Header Files - Header Files @@ -518,6 +521,9 @@ Header Files + + Header Files + Header Files diff --git a/msvc-scripts/process.bat b/msvc-scripts/process.bat index fdaeaecf..291679e4 100755 --- a/msvc-scripts/process.bat +++ b/msvc-scripts/process.bat @@ -1,5 +1,5 @@ -cscript msvc-scripts/rep.vbs //Nologo s/@VERSION@/1.0.17/ < src\libsodium\include\sodium\version.h.in > tmp +cscript msvc-scripts/rep.vbs //Nologo s/@VERSION@/1.0.18/ < src\libsodium\include\sodium\version.h.in > tmp cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MAJOR@/10/ < tmp > tmp2 -cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MINOR@/2/ < tmp2 > tmp3 +cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MINOR@/3/ < tmp2 > tmp3 cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_MINIMAL_DEF@// < tmp3 > src\libsodium\include\sodium\version.h del tmp tmp2 tmp3 diff --git a/packaging/dotnet-core/README.md b/packaging/dotnet-core/README.md index 462ec29f..a9016b6b 100644 --- a/packaging/dotnet-core/README.md +++ b/packaging/dotnet-core/README.md @@ -31,15 +31,15 @@ Version numbers for the packages for .NET Core consist of three components: It may be necessary to release more than one package for a libsodium version, e.g., when adding support for a new platform or if a release contains a broken binary. In this case, a package revision number is added as a fourth part to - the libsodium version, starting at `1`. For example, `1.0.17` is the initial - release of the package for libsodium 1.0.17 and `1.0.17.5` is the fifth + the libsodium version, starting at `1`. For example, `1.0.18` is the initial + release of the package for libsodium 1.0.18 and `1.0.18.5` is the fifth revision (sixth release) of that package. * *pre-release label* If a package is a pre-release, a label is appended to the version number in `-preview-##` format where `##` is the number of the pre-release, starting at - `01`. For example, `1.0.17-preview-01` is the first pre-release of the package - for libsodium 1.0.17 and `1.0.17.5-preview-02` the second pre-release of the - fifth revision of the package for libsodium 1.0.17. + `01`. For example, `1.0.18-preview-01` is the first pre-release of the package + for libsodium 1.0.18 and `1.0.18.5-preview-02` the second pre-release of the + fifth revision of the package for libsodium 1.0.18. **Making a release** diff --git a/packaging/dotnet-core/prepare.py b/packaging/dotnet-core/prepare.py index b1abde14..7a4883f5 100755 --- a/packaging/dotnet-core/prepare.py +++ b/packaging/dotnet-core/prepare.py @@ -203,13 +203,13 @@ def main(args): print(" python3 prepare.py ") print() print("Examples:") - print(" python3 prepare.py 1.0.17-preview-01") - print(" python3 prepare.py 1.0.17-preview-02") - print(" python3 prepare.py 1.0.17-preview-03") - print(" python3 prepare.py 1.0.17") - print(" python3 prepare.py 1.0.17.1-preview-01") - print(" python3 prepare.py 1.0.17.1") - print(" python3 prepare.py 1.0.17.2") + print(" python3 prepare.py 1.0.18-preview-01") + print(" python3 prepare.py 1.0.18-preview-02") + print(" python3 prepare.py 1.0.18-preview-03") + print(" python3 prepare.py 1.0.18") + print(" python3 prepare.py 1.0.18.1-preview-01") + print(" python3 prepare.py 1.0.18.1") + print(" python3 prepare.py 1.0.18.2") return 1 version = Version(m.group(2), m.group(0)) diff --git a/packaging/nuget/package.config b/packaging/nuget/package.config index 3e678873..33eda2dd 100644 --- a/packaging/nuget/package.config +++ b/packaging/nuget/package.config @@ -1,4 +1,4 @@ - + diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am index 2c3d210f..cf4cfc93 100644 --- a/src/libsodium/Makefile.am +++ b/src/libsodium/Makefile.am @@ -152,6 +152,7 @@ libsodium_la_SOURCES += \ crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c \ crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c \ crypto_core/ed25519/core_ed25519.c \ + crypto_core/ed25519/core_ristretto255.c \ crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c \ crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h \ crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c \ @@ -160,6 +161,7 @@ libsodium_la_SOURCES += \ crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c \ crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c \ crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c \ + crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c \ crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c \ crypto_shorthash/siphash24/shorthash_siphashx24.c \ crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c \ @@ -171,7 +173,7 @@ libsodium_la_SOURCES += \ crypto_stream/xchacha20/stream_xchacha20.c endif -randombytes_salsa20_randombytes_salsa20_random_CFLAGS = @CFLAGS_RDRAND@ +randombytes_internal_randombytes_internal_random_CFLAGS = @CFLAGS_RDRAND@ libsodium_la_LDFLAGS = \ $(AM_LDFLAGS) \ @@ -202,22 +204,16 @@ librdrand_la_LDFLAGS = $(libsodium_la_LDFLAGS) librdrand_la_CPPFLAGS = $(libsodium_la_CPPFLAGS) \ @CFLAGS_RDRAND@ librdrand_la_SOURCES = \ - randombytes/salsa20/randombytes_salsa20_random.c + randombytes/internal/randombytes_internal_random.c if !EMSCRIPTEN libsodium_la_LIBADD += librdrand.la noinst_LTLIBRARIES += librdrand.la -if NATIVECLIENT -libsodium_la_SOURCES += \ - randombytes/nativeclient/randombytes_nativeclient.c -else libsodium_la_SOURCES += \ randombytes/sysrandom/randombytes_sysrandom.c endif -endif - libaesni_la_LDFLAGS = $(libsodium_la_LDFLAGS) libaesni_la_CPPFLAGS = $(libsodium_la_CPPFLAGS) \ @CFLAGS_SSE2@ @CFLAGS_SSSE3@ @CFLAGS_AESNI@ @CFLAGS_PCLMUL@ diff --git a/src/libsodium/Makefile.in b/src/libsodium/Makefile.in index d19d385b..0958ad3c 100644 --- a/src/libsodium/Makefile.in +++ b/src/libsodium/Makefile.in @@ -132,6 +132,7 @@ host_triplet = @host@ @MINIMAL_FALSE@ crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c \ @MINIMAL_FALSE@ crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c \ @MINIMAL_FALSE@ crypto_core/ed25519/core_ed25519.c \ +@MINIMAL_FALSE@ crypto_core/ed25519/core_ristretto255.c \ @MINIMAL_FALSE@ crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c \ @MINIMAL_FALSE@ crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h \ @MINIMAL_FALSE@ crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c \ @@ -140,6 +141,7 @@ host_triplet = @host@ @MINIMAL_FALSE@ crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c \ @MINIMAL_FALSE@ crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c \ @MINIMAL_FALSE@ crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c \ +@MINIMAL_FALSE@ crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c \ @MINIMAL_FALSE@ crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c \ @MINIMAL_FALSE@ crypto_shorthash/siphash24/shorthash_siphashx24.c \ @MINIMAL_FALSE@ crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c \ @@ -153,16 +155,13 @@ host_triplet = @host@ @HAVE_LD_OUTPUT_DEF_TRUE@am__append_7 = -Wl,--output-def,libsodium-$(DLL_VERSION).def @EMSCRIPTEN_FALSE@am__append_8 = librdrand.la @EMSCRIPTEN_FALSE@am__append_9 = librdrand.la -@EMSCRIPTEN_FALSE@@NATIVECLIENT_TRUE@am__append_10 = \ -@EMSCRIPTEN_FALSE@@NATIVECLIENT_TRUE@ randombytes/nativeclient/randombytes_nativeclient.c +@EMSCRIPTEN_FALSE@am__append_10 = \ +@EMSCRIPTEN_FALSE@ randombytes/sysrandom/randombytes_sysrandom.c -@EMSCRIPTEN_FALSE@@NATIVECLIENT_FALSE@am__append_11 = \ -@EMSCRIPTEN_FALSE@@NATIVECLIENT_FALSE@ randombytes/sysrandom/randombytes_sysrandom.c - -@MINIMAL_FALSE@am__append_12 = \ +@MINIMAL_FALSE@am__append_11 = \ @MINIMAL_FALSE@ crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c -@HAVE_AMD64_ASM_FALSE@am__append_13 = \ +@HAVE_AMD64_ASM_FALSE@am__append_12 = \ @HAVE_AMD64_ASM_FALSE@ crypto_stream/salsa20/xmm6int/salsa20_xmm6int-sse2.c \ @HAVE_AMD64_ASM_FALSE@ crypto_stream/salsa20/xmm6int/salsa20_xmm6int-sse2.h \ @HAVE_AMD64_ASM_FALSE@ crypto_stream/salsa20/xmm6int/u0.h \ @@ -245,7 +244,7 @@ libavx512f_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(libavx512f_la_LDFLAGS) $(LDFLAGS) -o $@ librdrand_la_LIBADD = -am_librdrand_la_OBJECTS = randombytes/salsa20/librdrand_la-randombytes_salsa20_random.lo +am_librdrand_la_OBJECTS = randombytes/internal/librdrand_la-randombytes_internal_random.lo librdrand_la_OBJECTS = $(am_librdrand_la_OBJECTS) librdrand_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -366,6 +365,7 @@ am__libsodium_la_SOURCES_DIST = \ crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c \ crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c \ crypto_core/ed25519/core_ed25519.c \ + crypto_core/ed25519/core_ristretto255.c \ crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c \ crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h \ crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c \ @@ -374,6 +374,7 @@ am__libsodium_la_SOURCES_DIST = \ crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c \ crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c \ crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c \ + crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c \ crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c \ crypto_shorthash/siphash24/shorthash_siphashx24.c \ crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c \ @@ -383,7 +384,6 @@ am__libsodium_la_SOURCES_DIST = \ crypto_stream/salsa208/ref/stream_salsa208_ref.c \ crypto_stream/salsa208/stream_salsa208.c \ crypto_stream/xchacha20/stream_xchacha20.c \ - randombytes/nativeclient/randombytes_nativeclient.c \ randombytes/sysrandom/randombytes_sysrandom.c am__objects_1 = @HAVE_AMD64_ASM_TRUE@am__objects_2 = crypto_stream/salsa20/xmm6/libsodium_la-salsa20_xmm6-asm.lo \ @@ -396,12 +396,14 @@ am__objects_1 = @MINIMAL_FALSE@am__objects_5 = crypto_box/curve25519xchacha20poly1305/libsodium_la-box_curve25519xchacha20poly1305.lo \ @MINIMAL_FALSE@ crypto_box/curve25519xchacha20poly1305/libsodium_la-box_seal_curve25519xchacha20poly1305.lo \ @MINIMAL_FALSE@ crypto_core/ed25519/libsodium_la-core_ed25519.lo \ +@MINIMAL_FALSE@ crypto_core/ed25519/libsodium_la-core_ristretto255.lo \ @MINIMAL_FALSE@ crypto_pwhash/scryptsalsa208sha256/libsodium_la-crypto_scrypt-common.lo \ @MINIMAL_FALSE@ crypto_pwhash/scryptsalsa208sha256/libsodium_la-scrypt_platform.lo \ @MINIMAL_FALSE@ crypto_pwhash/scryptsalsa208sha256/libsodium_la-pbkdf2-sha256.lo \ @MINIMAL_FALSE@ crypto_pwhash/scryptsalsa208sha256/libsodium_la-pwhash_scryptsalsa208sha256.lo \ @MINIMAL_FALSE@ crypto_pwhash/scryptsalsa208sha256/nosse/libsodium_la-pwhash_scryptsalsa208sha256_nosse.lo \ @MINIMAL_FALSE@ crypto_scalarmult/ed25519/ref10/libsodium_la-scalarmult_ed25519_ref10.lo \ +@MINIMAL_FALSE@ crypto_scalarmult/ristretto255/ref10/libsodium_la-scalarmult_ristretto255_ref10.lo \ @MINIMAL_FALSE@ crypto_secretbox/xchacha20poly1305/libsodium_la-secretbox_xchacha20poly1305.lo \ @MINIMAL_FALSE@ crypto_shorthash/siphash24/libsodium_la-shorthash_siphashx24.lo \ @MINIMAL_FALSE@ crypto_shorthash/siphash24/ref/libsodium_la-shorthash_siphashx24_ref.lo \ @@ -411,8 +413,7 @@ am__objects_1 = @MINIMAL_FALSE@ crypto_stream/salsa208/ref/libsodium_la-stream_salsa208_ref.lo \ @MINIMAL_FALSE@ crypto_stream/salsa208/libsodium_la-stream_salsa208.lo \ @MINIMAL_FALSE@ crypto_stream/xchacha20/libsodium_la-stream_xchacha20.lo -@EMSCRIPTEN_FALSE@@NATIVECLIENT_TRUE@am__objects_6 = randombytes/nativeclient/libsodium_la-randombytes_nativeclient.lo -@EMSCRIPTEN_FALSE@@NATIVECLIENT_FALSE@am__objects_7 = randombytes/sysrandom/libsodium_la-randombytes_sysrandom.lo +@EMSCRIPTEN_FALSE@am__objects_6 = randombytes/sysrandom/libsodium_la-randombytes_sysrandom.lo am_libsodium_la_OBJECTS = crypto_aead/chacha20poly1305/sodium/libsodium_la-aead_chacha20poly1305.lo \ crypto_aead/xchacha20poly1305/sodium/libsodium_la-aead_xchacha20poly1305.lo \ crypto_auth/libsodium_la-crypto_auth.lo \ @@ -478,8 +479,7 @@ am_libsodium_la_OBJECTS = crypto_aead/chacha20poly1305/sodium/libsodium_la-aead_ sodium/libsodium_la-runtime.lo sodium/libsodium_la-utils.lo \ sodium/libsodium_la-version.lo $(am__objects_1) \ $(am__objects_1) $(am__objects_2) $(am__objects_3) \ - $(am__objects_4) $(am__objects_5) $(am__objects_6) \ - $(am__objects_7) + $(am__objects_4) $(am__objects_5) $(am__objects_6) libsodium_la_OBJECTS = $(am_libsodium_la_OBJECTS) libsodium_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -494,11 +494,11 @@ am__libsse2_la_SOURCES_DIST = \ crypto_stream/salsa20/xmm6int/u0.h \ crypto_stream/salsa20/xmm6int/u1.h \ crypto_stream/salsa20/xmm6int/u4.h -@MINIMAL_FALSE@am__objects_8 = crypto_pwhash/scryptsalsa208sha256/sse/libsse2_la-pwhash_scryptsalsa208sha256_sse.lo -@HAVE_AMD64_ASM_FALSE@am__objects_9 = crypto_stream/salsa20/xmm6int/libsse2_la-salsa20_xmm6int-sse2.lo +@MINIMAL_FALSE@am__objects_7 = crypto_pwhash/scryptsalsa208sha256/sse/libsse2_la-pwhash_scryptsalsa208sha256_sse.lo +@HAVE_AMD64_ASM_FALSE@am__objects_8 = crypto_stream/salsa20/xmm6int/libsse2_la-salsa20_xmm6int-sse2.lo am_libsse2_la_OBJECTS = \ crypto_onetimeauth/poly1305/sse2/libsse2_la-poly1305_sse2.lo \ - $(am__objects_8) $(am__objects_9) + $(am__objects_7) $(am__objects_8) libsse2_la_OBJECTS = $(am_libsse2_la_OBJECTS) libsse2_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ @@ -546,6 +546,7 @@ am__depfiles_remade = crypto_aead/aes256gcm/aesni/$(DEPDIR)/libaesni_la-aead_aes crypto_box/curve25519xchacha20poly1305/$(DEPDIR)/libsodium_la-box_seal_curve25519xchacha20poly1305.Plo \ crypto_box/curve25519xsalsa20poly1305/$(DEPDIR)/libsodium_la-box_curve25519xsalsa20poly1305.Plo \ crypto_core/ed25519/$(DEPDIR)/libsodium_la-core_ed25519.Plo \ + crypto_core/ed25519/$(DEPDIR)/libsodium_la-core_ristretto255.Plo \ crypto_core/ed25519/ref10/$(DEPDIR)/libsodium_la-ed25519_ref10.Plo \ crypto_core/hchacha20/$(DEPDIR)/libsodium_la-core_hchacha20.Plo \ crypto_core/hsalsa20/$(DEPDIR)/libsodium_la-core_hsalsa20.Plo \ @@ -596,6 +597,7 @@ am__depfiles_remade = crypto_aead/aes256gcm/aesni/$(DEPDIR)/libaesni_la-aead_aes crypto_scalarmult/curve25519/sandy2x/$(DEPDIR)/libsodium_la-fe_frombytes_sandy2x.Plo \ crypto_scalarmult/curve25519/sandy2x/$(DEPDIR)/libsodium_la-sandy2x.Plo \ crypto_scalarmult/ed25519/ref10/$(DEPDIR)/libsodium_la-scalarmult_ed25519_ref10.Plo \ + crypto_scalarmult/ristretto255/ref10/$(DEPDIR)/libsodium_la-scalarmult_ristretto255_ref10.Plo \ crypto_secretbox/$(DEPDIR)/libsodium_la-crypto_secretbox.Plo \ crypto_secretbox/$(DEPDIR)/libsodium_la-crypto_secretbox_easy.Plo \ crypto_secretbox/xchacha20poly1305/$(DEPDIR)/libsodium_la-secretbox_xchacha20poly1305.Plo \ @@ -631,8 +633,7 @@ am__depfiles_remade = crypto_aead/aes256gcm/aesni/$(DEPDIR)/libaesni_la-aead_aes crypto_stream/xsalsa20/$(DEPDIR)/libsodium_la-stream_xsalsa20.Plo \ crypto_verify/sodium/$(DEPDIR)/libsodium_la-verify.Plo \ randombytes/$(DEPDIR)/libsodium_la-randombytes.Plo \ - randombytes/nativeclient/$(DEPDIR)/libsodium_la-randombytes_nativeclient.Plo \ - randombytes/salsa20/$(DEPDIR)/librdrand_la-randombytes_salsa20_random.Plo \ + randombytes/internal/$(DEPDIR)/librdrand_la-randombytes_internal_random.Plo \ randombytes/sysrandom/$(DEPDIR)/libsodium_la-randombytes_sysrandom.Plo \ sodium/$(DEPDIR)/libsodium_la-codecs.Plo \ sodium/$(DEPDIR)/libsodium_la-core.Plo \ @@ -994,7 +995,7 @@ libsodium_la_SOURCES = \ sodium/codecs.c sodium/core.c sodium/runtime.c sodium/utils.c \ sodium/version.c $(am__append_1) $(am__append_2) \ $(am__append_3) $(am__append_4) $(am__append_5) \ - $(am__append_6) $(am__append_10) $(am__append_11) + $(am__append_6) $(am__append_10) noinst_HEADERS = \ crypto_scalarmult/curve25519/sandy2x/consts.S \ crypto_scalarmult/curve25519/sandy2x/fe51_mul.S \ @@ -1003,7 +1004,7 @@ noinst_HEADERS = \ crypto_scalarmult/curve25519/sandy2x/ladder.S \ crypto_scalarmult/curve25519/sandy2x/ladder_base.S -randombytes_salsa20_randombytes_salsa20_random_CFLAGS = @CFLAGS_RDRAND@ +randombytes_internal_randombytes_internal_random_CFLAGS = @CFLAGS_RDRAND@ libsodium_la_LDFLAGS = $(AM_LDFLAGS) -export-dynamic -no-undefined \ $(LIBTOOL_EXTRA_FLAGS) $(am__append_7) libsodium_la_CPPFLAGS = \ @@ -1026,7 +1027,7 @@ librdrand_la_CPPFLAGS = $(libsodium_la_CPPFLAGS) \ @CFLAGS_RDRAND@ librdrand_la_SOURCES = \ - randombytes/salsa20/randombytes_salsa20_random.c + randombytes/internal/randombytes_internal_random.c libaesni_la_LDFLAGS = $(libsodium_la_LDFLAGS) libaesni_la_CPPFLAGS = $(libsodium_la_CPPFLAGS) \ @@ -1041,7 +1042,7 @@ libsse2_la_CPPFLAGS = $(libsodium_la_CPPFLAGS) \ libsse2_la_SOURCES = crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c \ crypto_onetimeauth/poly1305/sse2/poly1305_sse2.h \ - $(am__append_12) $(am__append_13) + $(am__append_11) $(am__append_12) libssse3_la_LDFLAGS = $(libsodium_la_LDFLAGS) libssse3_la_CPPFLAGS = $(libsodium_la_CPPFLAGS) \ @CFLAGS_SSE2@ @CFLAGS_SSSE3@ @@ -1228,15 +1229,15 @@ crypto_pwhash/argon2/libavx512f_la-argon2-fill-block-avx512f.lo: \ libavx512f.la: $(libavx512f_la_OBJECTS) $(libavx512f_la_DEPENDENCIES) $(EXTRA_libavx512f_la_DEPENDENCIES) $(AM_V_CCLD)$(libavx512f_la_LINK) $(libavx512f_la_OBJECTS) $(libavx512f_la_LIBADD) $(LIBS) -randombytes/salsa20/$(am__dirstamp): - @$(MKDIR_P) randombytes/salsa20 - @: > randombytes/salsa20/$(am__dirstamp) -randombytes/salsa20/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) randombytes/salsa20/$(DEPDIR) - @: > randombytes/salsa20/$(DEPDIR)/$(am__dirstamp) -randombytes/salsa20/librdrand_la-randombytes_salsa20_random.lo: \ - randombytes/salsa20/$(am__dirstamp) \ - randombytes/salsa20/$(DEPDIR)/$(am__dirstamp) +randombytes/internal/$(am__dirstamp): + @$(MKDIR_P) randombytes/internal + @: > randombytes/internal/$(am__dirstamp) +randombytes/internal/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) randombytes/internal/$(DEPDIR) + @: > randombytes/internal/$(DEPDIR)/$(am__dirstamp) +randombytes/internal/librdrand_la-randombytes_internal_random.lo: \ + randombytes/internal/$(am__dirstamp) \ + randombytes/internal/$(DEPDIR)/$(am__dirstamp) librdrand.la: $(librdrand_la_OBJECTS) $(librdrand_la_DEPENDENCIES) $(EXTRA_librdrand_la_DEPENDENCIES) $(AM_V_CCLD)$(librdrand_la_LINK) $(am_librdrand_la_rpath) $(librdrand_la_OBJECTS) $(librdrand_la_LIBADD) $(LIBS) @@ -1768,6 +1769,9 @@ crypto_core/ed25519/$(DEPDIR)/$(am__dirstamp): crypto_core/ed25519/libsodium_la-core_ed25519.lo: \ crypto_core/ed25519/$(am__dirstamp) \ crypto_core/ed25519/$(DEPDIR)/$(am__dirstamp) +crypto_core/ed25519/libsodium_la-core_ristretto255.lo: \ + crypto_core/ed25519/$(am__dirstamp) \ + crypto_core/ed25519/$(DEPDIR)/$(am__dirstamp) crypto_pwhash/scryptsalsa208sha256/$(am__dirstamp): @$(MKDIR_P) crypto_pwhash/scryptsalsa208sha256 @: > crypto_pwhash/scryptsalsa208sha256/$(am__dirstamp) @@ -1804,6 +1808,15 @@ crypto_scalarmult/ed25519/ref10/$(DEPDIR)/$(am__dirstamp): crypto_scalarmult/ed25519/ref10/libsodium_la-scalarmult_ed25519_ref10.lo: \ crypto_scalarmult/ed25519/ref10/$(am__dirstamp) \ crypto_scalarmult/ed25519/ref10/$(DEPDIR)/$(am__dirstamp) +crypto_scalarmult/ristretto255/ref10/$(am__dirstamp): + @$(MKDIR_P) crypto_scalarmult/ristretto255/ref10 + @: > crypto_scalarmult/ristretto255/ref10/$(am__dirstamp) +crypto_scalarmult/ristretto255/ref10/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) crypto_scalarmult/ristretto255/ref10/$(DEPDIR) + @: > crypto_scalarmult/ristretto255/ref10/$(DEPDIR)/$(am__dirstamp) +crypto_scalarmult/ristretto255/ref10/libsodium_la-scalarmult_ristretto255_ref10.lo: \ + crypto_scalarmult/ristretto255/ref10/$(am__dirstamp) \ + crypto_scalarmult/ristretto255/ref10/$(DEPDIR)/$(am__dirstamp) crypto_secretbox/xchacha20poly1305/$(am__dirstamp): @$(MKDIR_P) crypto_secretbox/xchacha20poly1305 @: > crypto_secretbox/xchacha20poly1305/$(am__dirstamp) @@ -1867,15 +1880,6 @@ crypto_stream/xchacha20/$(DEPDIR)/$(am__dirstamp): crypto_stream/xchacha20/libsodium_la-stream_xchacha20.lo: \ crypto_stream/xchacha20/$(am__dirstamp) \ crypto_stream/xchacha20/$(DEPDIR)/$(am__dirstamp) -randombytes/nativeclient/$(am__dirstamp): - @$(MKDIR_P) randombytes/nativeclient - @: > randombytes/nativeclient/$(am__dirstamp) -randombytes/nativeclient/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) randombytes/nativeclient/$(DEPDIR) - @: > randombytes/nativeclient/$(DEPDIR)/$(am__dirstamp) -randombytes/nativeclient/libsodium_la-randombytes_nativeclient.lo: \ - randombytes/nativeclient/$(am__dirstamp) \ - randombytes/nativeclient/$(DEPDIR)/$(am__dirstamp) randombytes/sysrandom/$(am__dirstamp): @$(MKDIR_P) randombytes/sysrandom @: > randombytes/sysrandom/$(am__dirstamp) @@ -2015,6 +2019,8 @@ mostlyclean-compile: -rm -f crypto_scalarmult/curve25519/sandy2x/*.lo -rm -f crypto_scalarmult/ed25519/ref10/*.$(OBJEXT) -rm -f crypto_scalarmult/ed25519/ref10/*.lo + -rm -f crypto_scalarmult/ristretto255/ref10/*.$(OBJEXT) + -rm -f crypto_scalarmult/ristretto255/ref10/*.lo -rm -f crypto_secretbox/*.$(OBJEXT) -rm -f crypto_secretbox/*.lo -rm -f crypto_secretbox/xchacha20poly1305/*.$(OBJEXT) @@ -2067,10 +2073,8 @@ mostlyclean-compile: -rm -f crypto_verify/sodium/*.lo -rm -f randombytes/*.$(OBJEXT) -rm -f randombytes/*.lo - -rm -f randombytes/nativeclient/*.$(OBJEXT) - -rm -f randombytes/nativeclient/*.lo - -rm -f randombytes/salsa20/*.$(OBJEXT) - -rm -f randombytes/salsa20/*.lo + -rm -f randombytes/internal/*.$(OBJEXT) + -rm -f randombytes/internal/*.lo -rm -f randombytes/sysrandom/*.$(OBJEXT) -rm -f randombytes/sysrandom/*.lo -rm -f sodium/*.$(OBJEXT) @@ -2093,6 +2097,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@crypto_box/curve25519xchacha20poly1305/$(DEPDIR)/libsodium_la-box_seal_curve25519xchacha20poly1305.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@crypto_box/curve25519xsalsa20poly1305/$(DEPDIR)/libsodium_la-box_curve25519xsalsa20poly1305.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@crypto_core/ed25519/$(DEPDIR)/libsodium_la-core_ed25519.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@crypto_core/ed25519/$(DEPDIR)/libsodium_la-core_ristretto255.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@crypto_core/ed25519/ref10/$(DEPDIR)/libsodium_la-ed25519_ref10.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@crypto_core/hchacha20/$(DEPDIR)/libsodium_la-core_hchacha20.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@crypto_core/hsalsa20/$(DEPDIR)/libsodium_la-core_hsalsa20.Plo@am__quote@ # am--include-marker @@ -2143,6 +2148,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@crypto_scalarmult/curve25519/sandy2x/$(DEPDIR)/libsodium_la-fe_frombytes_sandy2x.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@crypto_scalarmult/curve25519/sandy2x/$(DEPDIR)/libsodium_la-sandy2x.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@crypto_scalarmult/ed25519/ref10/$(DEPDIR)/libsodium_la-scalarmult_ed25519_ref10.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@crypto_scalarmult/ristretto255/ref10/$(DEPDIR)/libsodium_la-scalarmult_ristretto255_ref10.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@crypto_secretbox/$(DEPDIR)/libsodium_la-crypto_secretbox.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@crypto_secretbox/$(DEPDIR)/libsodium_la-crypto_secretbox_easy.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@crypto_secretbox/xchacha20poly1305/$(DEPDIR)/libsodium_la-secretbox_xchacha20poly1305.Plo@am__quote@ # am--include-marker @@ -2178,8 +2184,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@crypto_stream/xsalsa20/$(DEPDIR)/libsodium_la-stream_xsalsa20.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@crypto_verify/sodium/$(DEPDIR)/libsodium_la-verify.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@randombytes/$(DEPDIR)/libsodium_la-randombytes.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@randombytes/nativeclient/$(DEPDIR)/libsodium_la-randombytes_nativeclient.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@randombytes/salsa20/$(DEPDIR)/librdrand_la-randombytes_salsa20_random.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@randombytes/internal/$(DEPDIR)/librdrand_la-randombytes_internal_random.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@randombytes/sysrandom/$(DEPDIR)/libsodium_la-randombytes_sysrandom.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@sodium/$(DEPDIR)/libsodium_la-codecs.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@sodium/$(DEPDIR)/libsodium_la-core.Plo@am__quote@ # am--include-marker @@ -2297,12 +2302,12 @@ crypto_pwhash/argon2/libavx512f_la-argon2-fill-block-avx512f.lo: crypto_pwhash/a @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libavx512f_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_pwhash/argon2/libavx512f_la-argon2-fill-block-avx512f.lo `test -f 'crypto_pwhash/argon2/argon2-fill-block-avx512f.c' || echo '$(srcdir)/'`crypto_pwhash/argon2/argon2-fill-block-avx512f.c -randombytes/salsa20/librdrand_la-randombytes_salsa20_random.lo: randombytes/salsa20/randombytes_salsa20_random.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librdrand_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT randombytes/salsa20/librdrand_la-randombytes_salsa20_random.lo -MD -MP -MF randombytes/salsa20/$(DEPDIR)/librdrand_la-randombytes_salsa20_random.Tpo -c -o randombytes/salsa20/librdrand_la-randombytes_salsa20_random.lo `test -f 'randombytes/salsa20/randombytes_salsa20_random.c' || echo '$(srcdir)/'`randombytes/salsa20/randombytes_salsa20_random.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) randombytes/salsa20/$(DEPDIR)/librdrand_la-randombytes_salsa20_random.Tpo randombytes/salsa20/$(DEPDIR)/librdrand_la-randombytes_salsa20_random.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='randombytes/salsa20/randombytes_salsa20_random.c' object='randombytes/salsa20/librdrand_la-randombytes_salsa20_random.lo' libtool=yes @AMDEPBACKSLASH@ +randombytes/internal/librdrand_la-randombytes_internal_random.lo: randombytes/internal/randombytes_internal_random.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librdrand_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT randombytes/internal/librdrand_la-randombytes_internal_random.lo -MD -MP -MF randombytes/internal/$(DEPDIR)/librdrand_la-randombytes_internal_random.Tpo -c -o randombytes/internal/librdrand_la-randombytes_internal_random.lo `test -f 'randombytes/internal/randombytes_internal_random.c' || echo '$(srcdir)/'`randombytes/internal/randombytes_internal_random.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) randombytes/internal/$(DEPDIR)/librdrand_la-randombytes_internal_random.Tpo randombytes/internal/$(DEPDIR)/librdrand_la-randombytes_internal_random.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='randombytes/internal/randombytes_internal_random.c' object='randombytes/internal/librdrand_la-randombytes_internal_random.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librdrand_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o randombytes/salsa20/librdrand_la-randombytes_salsa20_random.lo `test -f 'randombytes/salsa20/randombytes_salsa20_random.c' || echo '$(srcdir)/'`randombytes/salsa20/randombytes_salsa20_random.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(librdrand_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o randombytes/internal/librdrand_la-randombytes_internal_random.lo `test -f 'randombytes/internal/randombytes_internal_random.c' || echo '$(srcdir)/'`randombytes/internal/randombytes_internal_random.c crypto_aead/chacha20poly1305/sodium/libsodium_la-aead_chacha20poly1305.lo: crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_aead/chacha20poly1305/sodium/libsodium_la-aead_chacha20poly1305.lo -MD -MP -MF crypto_aead/chacha20poly1305/sodium/$(DEPDIR)/libsodium_la-aead_chacha20poly1305.Tpo -c -o crypto_aead/chacha20poly1305/sodium/libsodium_la-aead_chacha20poly1305.lo `test -f 'crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c' || echo '$(srcdir)/'`crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c @@ -2822,6 +2827,13 @@ crypto_core/ed25519/libsodium_la-core_ed25519.lo: crypto_core/ed25519/core_ed255 @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_core/ed25519/libsodium_la-core_ed25519.lo `test -f 'crypto_core/ed25519/core_ed25519.c' || echo '$(srcdir)/'`crypto_core/ed25519/core_ed25519.c +crypto_core/ed25519/libsodium_la-core_ristretto255.lo: crypto_core/ed25519/core_ristretto255.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_core/ed25519/libsodium_la-core_ristretto255.lo -MD -MP -MF crypto_core/ed25519/$(DEPDIR)/libsodium_la-core_ristretto255.Tpo -c -o crypto_core/ed25519/libsodium_la-core_ristretto255.lo `test -f 'crypto_core/ed25519/core_ristretto255.c' || echo '$(srcdir)/'`crypto_core/ed25519/core_ristretto255.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) crypto_core/ed25519/$(DEPDIR)/libsodium_la-core_ristretto255.Tpo crypto_core/ed25519/$(DEPDIR)/libsodium_la-core_ristretto255.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto_core/ed25519/core_ristretto255.c' object='crypto_core/ed25519/libsodium_la-core_ristretto255.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_core/ed25519/libsodium_la-core_ristretto255.lo `test -f 'crypto_core/ed25519/core_ristretto255.c' || echo '$(srcdir)/'`crypto_core/ed25519/core_ristretto255.c + crypto_pwhash/scryptsalsa208sha256/libsodium_la-crypto_scrypt-common.lo: crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_pwhash/scryptsalsa208sha256/libsodium_la-crypto_scrypt-common.lo -MD -MP -MF crypto_pwhash/scryptsalsa208sha256/$(DEPDIR)/libsodium_la-crypto_scrypt-common.Tpo -c -o crypto_pwhash/scryptsalsa208sha256/libsodium_la-crypto_scrypt-common.lo `test -f 'crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c' || echo '$(srcdir)/'`crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) crypto_pwhash/scryptsalsa208sha256/$(DEPDIR)/libsodium_la-crypto_scrypt-common.Tpo crypto_pwhash/scryptsalsa208sha256/$(DEPDIR)/libsodium_la-crypto_scrypt-common.Plo @@ -2864,6 +2876,13 @@ crypto_scalarmult/ed25519/ref10/libsodium_la-scalarmult_ed25519_ref10.lo: crypto @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_scalarmult/ed25519/ref10/libsodium_la-scalarmult_ed25519_ref10.lo `test -f 'crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c' || echo '$(srcdir)/'`crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c +crypto_scalarmult/ristretto255/ref10/libsodium_la-scalarmult_ristretto255_ref10.lo: crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_scalarmult/ristretto255/ref10/libsodium_la-scalarmult_ristretto255_ref10.lo -MD -MP -MF crypto_scalarmult/ristretto255/ref10/$(DEPDIR)/libsodium_la-scalarmult_ristretto255_ref10.Tpo -c -o crypto_scalarmult/ristretto255/ref10/libsodium_la-scalarmult_ristretto255_ref10.lo `test -f 'crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c' || echo '$(srcdir)/'`crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) crypto_scalarmult/ristretto255/ref10/$(DEPDIR)/libsodium_la-scalarmult_ristretto255_ref10.Tpo crypto_scalarmult/ristretto255/ref10/$(DEPDIR)/libsodium_la-scalarmult_ristretto255_ref10.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c' object='crypto_scalarmult/ristretto255/ref10/libsodium_la-scalarmult_ristretto255_ref10.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_scalarmult/ristretto255/ref10/libsodium_la-scalarmult_ristretto255_ref10.lo `test -f 'crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c' || echo '$(srcdir)/'`crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c + crypto_secretbox/xchacha20poly1305/libsodium_la-secretbox_xchacha20poly1305.lo: crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypto_secretbox/xchacha20poly1305/libsodium_la-secretbox_xchacha20poly1305.lo -MD -MP -MF crypto_secretbox/xchacha20poly1305/$(DEPDIR)/libsodium_la-secretbox_xchacha20poly1305.Tpo -c -o crypto_secretbox/xchacha20poly1305/libsodium_la-secretbox_xchacha20poly1305.lo `test -f 'crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c' || echo '$(srcdir)/'`crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) crypto_secretbox/xchacha20poly1305/$(DEPDIR)/libsodium_la-secretbox_xchacha20poly1305.Tpo crypto_secretbox/xchacha20poly1305/$(DEPDIR)/libsodium_la-secretbox_xchacha20poly1305.Plo @@ -2927,13 +2946,6 @@ crypto_stream/xchacha20/libsodium_la-stream_xchacha20.lo: crypto_stream/xchacha2 @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypto_stream/xchacha20/libsodium_la-stream_xchacha20.lo `test -f 'crypto_stream/xchacha20/stream_xchacha20.c' || echo '$(srcdir)/'`crypto_stream/xchacha20/stream_xchacha20.c -randombytes/nativeclient/libsodium_la-randombytes_nativeclient.lo: randombytes/nativeclient/randombytes_nativeclient.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT randombytes/nativeclient/libsodium_la-randombytes_nativeclient.lo -MD -MP -MF randombytes/nativeclient/$(DEPDIR)/libsodium_la-randombytes_nativeclient.Tpo -c -o randombytes/nativeclient/libsodium_la-randombytes_nativeclient.lo `test -f 'randombytes/nativeclient/randombytes_nativeclient.c' || echo '$(srcdir)/'`randombytes/nativeclient/randombytes_nativeclient.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) randombytes/nativeclient/$(DEPDIR)/libsodium_la-randombytes_nativeclient.Tpo randombytes/nativeclient/$(DEPDIR)/libsodium_la-randombytes_nativeclient.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='randombytes/nativeclient/randombytes_nativeclient.c' object='randombytes/nativeclient/libsodium_la-randombytes_nativeclient.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o randombytes/nativeclient/libsodium_la-randombytes_nativeclient.lo `test -f 'randombytes/nativeclient/randombytes_nativeclient.c' || echo '$(srcdir)/'`randombytes/nativeclient/randombytes_nativeclient.c - randombytes/sysrandom/libsodium_la-randombytes_sysrandom.lo: randombytes/sysrandom/randombytes_sysrandom.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libsodium_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT randombytes/sysrandom/libsodium_la-randombytes_sysrandom.lo -MD -MP -MF randombytes/sysrandom/$(DEPDIR)/libsodium_la-randombytes_sysrandom.Tpo -c -o randombytes/sysrandom/libsodium_la-randombytes_sysrandom.lo `test -f 'randombytes/sysrandom/randombytes_sysrandom.c' || echo '$(srcdir)/'`randombytes/sysrandom/randombytes_sysrandom.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) randombytes/sysrandom/$(DEPDIR)/libsodium_la-randombytes_sysrandom.Tpo randombytes/sysrandom/$(DEPDIR)/libsodium_la-randombytes_sysrandom.Plo @@ -3036,6 +3048,7 @@ clean-libtool: -rm -rf crypto_scalarmult/curve25519/ref10/.libs crypto_scalarmult/curve25519/ref10/_libs -rm -rf crypto_scalarmult/curve25519/sandy2x/.libs crypto_scalarmult/curve25519/sandy2x/_libs -rm -rf crypto_scalarmult/ed25519/ref10/.libs crypto_scalarmult/ed25519/ref10/_libs + -rm -rf crypto_scalarmult/ristretto255/ref10/.libs crypto_scalarmult/ristretto255/ref10/_libs -rm -rf crypto_secretbox/.libs crypto_secretbox/_libs -rm -rf crypto_secretbox/xchacha20poly1305/.libs crypto_secretbox/xchacha20poly1305/_libs -rm -rf crypto_secretbox/xsalsa20poly1305/.libs crypto_secretbox/xsalsa20poly1305/_libs @@ -3062,8 +3075,7 @@ clean-libtool: -rm -rf crypto_stream/xsalsa20/.libs crypto_stream/xsalsa20/_libs -rm -rf crypto_verify/sodium/.libs crypto_verify/sodium/_libs -rm -rf randombytes/.libs randombytes/_libs - -rm -rf randombytes/nativeclient/.libs randombytes/nativeclient/_libs - -rm -rf randombytes/salsa20/.libs randombytes/salsa20/_libs + -rm -rf randombytes/internal/.libs randombytes/internal/_libs -rm -rf randombytes/sysrandom/.libs randombytes/sysrandom/_libs -rm -rf sodium/.libs sodium/_libs install-defexecDATA: $(defexec_DATA) @@ -3362,6 +3374,8 @@ distclean-generic: -rm -f crypto_scalarmult/curve25519/sandy2x/$(am__dirstamp) -rm -f crypto_scalarmult/ed25519/ref10/$(DEPDIR)/$(am__dirstamp) -rm -f crypto_scalarmult/ed25519/ref10/$(am__dirstamp) + -rm -f crypto_scalarmult/ristretto255/ref10/$(DEPDIR)/$(am__dirstamp) + -rm -f crypto_scalarmult/ristretto255/ref10/$(am__dirstamp) -rm -f crypto_secretbox/$(DEPDIR)/$(am__dirstamp) -rm -f crypto_secretbox/$(am__dirstamp) -rm -f crypto_secretbox/xchacha20poly1305/$(DEPDIR)/$(am__dirstamp) @@ -3414,10 +3428,8 @@ distclean-generic: -rm -f crypto_verify/sodium/$(am__dirstamp) -rm -f randombytes/$(DEPDIR)/$(am__dirstamp) -rm -f randombytes/$(am__dirstamp) - -rm -f randombytes/nativeclient/$(DEPDIR)/$(am__dirstamp) - -rm -f randombytes/nativeclient/$(am__dirstamp) - -rm -f randombytes/salsa20/$(DEPDIR)/$(am__dirstamp) - -rm -f randombytes/salsa20/$(am__dirstamp) + -rm -f randombytes/internal/$(DEPDIR)/$(am__dirstamp) + -rm -f randombytes/internal/$(am__dirstamp) -rm -f randombytes/sysrandom/$(DEPDIR)/$(am__dirstamp) -rm -f randombytes/sysrandom/$(am__dirstamp) -rm -f sodium/$(DEPDIR)/$(am__dirstamp) @@ -3446,6 +3458,7 @@ distclean: distclean-recursive -rm -f crypto_box/curve25519xchacha20poly1305/$(DEPDIR)/libsodium_la-box_seal_curve25519xchacha20poly1305.Plo -rm -f crypto_box/curve25519xsalsa20poly1305/$(DEPDIR)/libsodium_la-box_curve25519xsalsa20poly1305.Plo -rm -f crypto_core/ed25519/$(DEPDIR)/libsodium_la-core_ed25519.Plo + -rm -f crypto_core/ed25519/$(DEPDIR)/libsodium_la-core_ristretto255.Plo -rm -f crypto_core/ed25519/ref10/$(DEPDIR)/libsodium_la-ed25519_ref10.Plo -rm -f crypto_core/hchacha20/$(DEPDIR)/libsodium_la-core_hchacha20.Plo -rm -f crypto_core/hsalsa20/$(DEPDIR)/libsodium_la-core_hsalsa20.Plo @@ -3496,6 +3509,7 @@ distclean: distclean-recursive -rm -f crypto_scalarmult/curve25519/sandy2x/$(DEPDIR)/libsodium_la-fe_frombytes_sandy2x.Plo -rm -f crypto_scalarmult/curve25519/sandy2x/$(DEPDIR)/libsodium_la-sandy2x.Plo -rm -f crypto_scalarmult/ed25519/ref10/$(DEPDIR)/libsodium_la-scalarmult_ed25519_ref10.Plo + -rm -f crypto_scalarmult/ristretto255/ref10/$(DEPDIR)/libsodium_la-scalarmult_ristretto255_ref10.Plo -rm -f crypto_secretbox/$(DEPDIR)/libsodium_la-crypto_secretbox.Plo -rm -f crypto_secretbox/$(DEPDIR)/libsodium_la-crypto_secretbox_easy.Plo -rm -f crypto_secretbox/xchacha20poly1305/$(DEPDIR)/libsodium_la-secretbox_xchacha20poly1305.Plo @@ -3531,8 +3545,7 @@ distclean: distclean-recursive -rm -f crypto_stream/xsalsa20/$(DEPDIR)/libsodium_la-stream_xsalsa20.Plo -rm -f crypto_verify/sodium/$(DEPDIR)/libsodium_la-verify.Plo -rm -f randombytes/$(DEPDIR)/libsodium_la-randombytes.Plo - -rm -f randombytes/nativeclient/$(DEPDIR)/libsodium_la-randombytes_nativeclient.Plo - -rm -f randombytes/salsa20/$(DEPDIR)/librdrand_la-randombytes_salsa20_random.Plo + -rm -f randombytes/internal/$(DEPDIR)/librdrand_la-randombytes_internal_random.Plo -rm -f randombytes/sysrandom/$(DEPDIR)/libsodium_la-randombytes_sysrandom.Plo -rm -f sodium/$(DEPDIR)/libsodium_la-codecs.Plo -rm -f sodium/$(DEPDIR)/libsodium_la-core.Plo @@ -3598,6 +3611,7 @@ maintainer-clean: maintainer-clean-recursive -rm -f crypto_box/curve25519xchacha20poly1305/$(DEPDIR)/libsodium_la-box_seal_curve25519xchacha20poly1305.Plo -rm -f crypto_box/curve25519xsalsa20poly1305/$(DEPDIR)/libsodium_la-box_curve25519xsalsa20poly1305.Plo -rm -f crypto_core/ed25519/$(DEPDIR)/libsodium_la-core_ed25519.Plo + -rm -f crypto_core/ed25519/$(DEPDIR)/libsodium_la-core_ristretto255.Plo -rm -f crypto_core/ed25519/ref10/$(DEPDIR)/libsodium_la-ed25519_ref10.Plo -rm -f crypto_core/hchacha20/$(DEPDIR)/libsodium_la-core_hchacha20.Plo -rm -f crypto_core/hsalsa20/$(DEPDIR)/libsodium_la-core_hsalsa20.Plo @@ -3648,6 +3662,7 @@ maintainer-clean: maintainer-clean-recursive -rm -f crypto_scalarmult/curve25519/sandy2x/$(DEPDIR)/libsodium_la-fe_frombytes_sandy2x.Plo -rm -f crypto_scalarmult/curve25519/sandy2x/$(DEPDIR)/libsodium_la-sandy2x.Plo -rm -f crypto_scalarmult/ed25519/ref10/$(DEPDIR)/libsodium_la-scalarmult_ed25519_ref10.Plo + -rm -f crypto_scalarmult/ristretto255/ref10/$(DEPDIR)/libsodium_la-scalarmult_ristretto255_ref10.Plo -rm -f crypto_secretbox/$(DEPDIR)/libsodium_la-crypto_secretbox.Plo -rm -f crypto_secretbox/$(DEPDIR)/libsodium_la-crypto_secretbox_easy.Plo -rm -f crypto_secretbox/xchacha20poly1305/$(DEPDIR)/libsodium_la-secretbox_xchacha20poly1305.Plo @@ -3683,8 +3698,7 @@ maintainer-clean: maintainer-clean-recursive -rm -f crypto_stream/xsalsa20/$(DEPDIR)/libsodium_la-stream_xsalsa20.Plo -rm -f crypto_verify/sodium/$(DEPDIR)/libsodium_la-verify.Plo -rm -f randombytes/$(DEPDIR)/libsodium_la-randombytes.Plo - -rm -f randombytes/nativeclient/$(DEPDIR)/libsodium_la-randombytes_nativeclient.Plo - -rm -f randombytes/salsa20/$(DEPDIR)/librdrand_la-randombytes_salsa20_random.Plo + -rm -f randombytes/internal/$(DEPDIR)/librdrand_la-randombytes_internal_random.Plo -rm -f randombytes/sysrandom/$(DEPDIR)/libsodium_la-randombytes_sysrandom.Plo -rm -f sodium/$(DEPDIR)/libsodium_la-codecs.Plo -rm -f sodium/$(DEPDIR)/libsodium_la-core.Plo diff --git a/src/libsodium/crypto_core/ed25519/core_ed25519.c b/src/libsodium/crypto_core/ed25519/core_ed25519.c index 15c004b9..0029a093 100644 --- a/src/libsodium/crypto_core/ed25519/core_ed25519.c +++ b/src/libsodium/crypto_core/ed25519/core_ed25519.c @@ -67,7 +67,24 @@ crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) { ge25519_from_uniform(p, r); - return - ge25519_has_small_order(p); + return 0; +} + +int +crypto_core_ed25519_from_hash(unsigned char *p, const unsigned char *h) +{ + ge25519_from_hash(p, h); + + return 0; +} + +void +crypto_core_ed25519_random(unsigned char *p) +{ + unsigned char h[crypto_core_ed25519_HASHBYTES]; + + randombytes_buf(h, sizeof h); + (void) crypto_core_ed25519_from_hash(p, h); } void @@ -158,6 +175,13 @@ crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x, crypto_core_ed25519_scalar_add(z, x, yn); } +void +crypto_core_ed25519_scalar_mul(unsigned char *z, const unsigned char *x, + const unsigned char *y) +{ + sc25519_mul(z, x, y); +} + void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s) @@ -188,6 +212,12 @@ crypto_core_ed25519_uniformbytes(void) return crypto_core_ed25519_UNIFORMBYTES; } +size_t +crypto_core_ed25519_hashbytes(void) +{ + return crypto_core_ed25519_HASHBYTES; +} + size_t crypto_core_ed25519_scalarbytes(void) { diff --git a/src/libsodium/crypto_core/ed25519/core_ristretto255.c b/src/libsodium/crypto_core/ed25519/core_ristretto255.c new file mode 100644 index 00000000..cad3c802 --- /dev/null +++ b/src/libsodium/crypto_core/ed25519/core_ristretto255.c @@ -0,0 +1,156 @@ + +#include + +#include "crypto_core_ed25519.h" +#include "crypto_core_ristretto255.h" +#include "private/common.h" +#include "private/ed25519_ref10.h" +#include "randombytes.h" +#include "utils.h" + +int +crypto_core_ristretto255_is_valid_point(const unsigned char *p) +{ + ge25519_p3 p_p3; + + if (ristretto255_frombytes(&p_p3, p) != 0) { + return 0; + } + return 1; +} + +int +crypto_core_ristretto255_add(unsigned char *r, + const unsigned char *p, const unsigned char *q) +{ + ge25519_p3 p_p3, q_p3, r_p3; + ge25519_p1p1 r_p1p1; + ge25519_cached q_cached; + + if (ristretto255_frombytes(&p_p3, p) != 0 || + ristretto255_frombytes(&q_p3, q) != 0) { + return -1; + } + ge25519_p3_to_cached(&q_cached, &q_p3); + ge25519_add(&r_p1p1, &p_p3, &q_cached); + ge25519_p1p1_to_p3(&r_p3, &r_p1p1); + ristretto255_p3_tobytes(r, &r_p3); + + return 0; +} + +int +crypto_core_ristretto255_sub(unsigned char *r, + const unsigned char *p, const unsigned char *q) +{ + ge25519_p3 p_p3, q_p3, r_p3; + ge25519_p1p1 r_p1p1; + ge25519_cached q_cached; + + if (ristretto255_frombytes(&p_p3, p) != 0 || + ristretto255_frombytes(&q_p3, q) != 0) { + return -1; + } + ge25519_p3_to_cached(&q_cached, &q_p3); + ge25519_sub(&r_p1p1, &p_p3, &q_cached); + ge25519_p1p1_to_p3(&r_p3, &r_p1p1); + ristretto255_p3_tobytes(r, &r_p3); + + return 0; +} + +int +crypto_core_ristretto255_from_hash(unsigned char *p, const unsigned char *r) +{ + ristretto255_from_hash(p, r); + + return 0; +} + +void +crypto_core_ristretto255_random(unsigned char *p) +{ + unsigned char h[crypto_core_ristretto255_HASHBYTES]; + + randombytes_buf(h, sizeof h); + (void) crypto_core_ristretto255_from_hash(p, h); +} + +void +crypto_core_ristretto255_scalar_random(unsigned char *r) +{ + crypto_core_ed25519_scalar_random(r); +} + +int +crypto_core_ristretto255_scalar_invert(unsigned char *recip, + const unsigned char *s) +{ + return crypto_core_ed25519_scalar_invert(recip, s); +} + +void +crypto_core_ristretto255_scalar_negate(unsigned char *neg, + const unsigned char *s) +{ + crypto_core_ed25519_scalar_negate(neg, s); +} + +void +crypto_core_ristretto255_scalar_complement(unsigned char *comp, + const unsigned char *s) +{ + crypto_core_ed25519_scalar_complement(comp, s); +} + +void +crypto_core_ristretto255_scalar_add(unsigned char *z, const unsigned char *x, + const unsigned char *y) +{ + crypto_core_ed25519_scalar_add(z, x, y); +} + +void +crypto_core_ristretto255_scalar_sub(unsigned char *z, const unsigned char *x, + const unsigned char *y) +{ + crypto_core_ed25519_scalar_sub(z, x, y); +} + +void +crypto_core_ristretto255_scalar_mul(unsigned char *z, const unsigned char *x, + const unsigned char *y) +{ + sc25519_mul(z, x, y); +} + +void +crypto_core_ristretto255_scalar_reduce(unsigned char *r, + const unsigned char *s) +{ + crypto_core_ed25519_scalar_reduce(r, s); +} + +size_t +crypto_core_ristretto255_bytes(void) +{ + return crypto_core_ristretto255_BYTES; +} + +size_t +crypto_core_ristretto255_nonreducedscalarbytes(void) +{ + return crypto_core_ristretto255_NONREDUCEDSCALARBYTES; +} + +size_t +crypto_core_ristretto255_hashbytes(void) +{ + return crypto_core_ristretto255_HASHBYTES; +} + +size_t +crypto_core_ristretto255_scalarbytes(void) +{ + return crypto_core_ristretto255_SCALARBYTES; +} diff --git a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c index fb0d15fd..dda67360 100644 --- a/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c +++ b/src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c @@ -163,6 +163,22 @@ fe25519_pow22523(fe25519 out, const fe25519 z) fe25519_mul(out, t0, z); } +static inline void +fe25519_cneg(fe25519 h, const fe25519 f, unsigned int b) +{ + fe25519 negf; + + fe25519_neg(negf, f); + fe25519_copy(h, f); + fe25519_cmov(h, negf, b); +} + +static inline void +fe25519_abs(fe25519 h, const fe25519 f) +{ + fe25519_cneg(h, f, fe25519_isnegative(f)); +} + /* r = p + q */ @@ -513,7 +529,7 @@ equal(signed char b, signed char c) unsigned char ub = b; unsigned char uc = c; unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ - uint32_t y = x; /* 0: yes; 1..255: no */ + uint32_t y = (uint32_t) x; /* 0: yes; 1..255: no */ y -= 1; /* 4294967295: yes; 0..254: no */ y >>= 31; /* 1: yes; 0: no */ @@ -550,7 +566,7 @@ ge25519_cmov_cached(ge25519_cached *t, const ge25519_cached *u, unsigned char b) } static void -ge25519_select(ge25519_precomp *t, const ge25519_precomp precomp[8], const signed char b) +ge25519_cmov8(ge25519_precomp *t, const ge25519_precomp precomp[8], const signed char b) { ge25519_precomp minust; const unsigned char bnegative = negative(b); @@ -572,7 +588,7 @@ ge25519_select(ge25519_precomp *t, const ge25519_precomp precomp[8], const signe } static void -ge25519_select_base(ge25519_precomp *t, const int pos, const signed char b) +ge25519_cmov8_base(ge25519_precomp *t, const int pos, const signed char b) { static const ge25519_precomp base[32][8] = { /* base[i][j] = (j+1)*256^i*B */ #ifdef HAVE_TI_MODE @@ -581,11 +597,11 @@ ge25519_select_base(ge25519_precomp *t, const int pos, const signed char b) # include "fe_25_5/base.h" #endif }; - ge25519_select(t, base[pos], b); + ge25519_cmov8(t, base[pos], b); } static void -ge25519_select_cached(ge25519_cached *t, const ge25519_cached cached[8], const signed char b) +ge25519_cmov8_cached(ge25519_cached *t, const ge25519_cached cached[8], const signed char b) { ge25519_cached minust; const unsigned char bnegative = negative(b); @@ -811,7 +827,7 @@ ge25519_scalarmult(ge25519_p3 *h, const unsigned char *a, const ge25519_p3 *p) ge25519_p3_0(h); for (i = 63; i != 0; i--) { - ge25519_select_cached(&t, pi, e[i]); + ge25519_cmov8_cached(&t, pi, e[i]); ge25519_add(&r, h, &t); ge25519_p1p1_to_p2(&s, &r); @@ -825,7 +841,7 @@ ge25519_scalarmult(ge25519_p3 *h, const unsigned char *a, const ge25519_p3 *p) ge25519_p1p1_to_p3(h, &r); /* *16 */ } - ge25519_select_cached(&t, pi, e[i]); + ge25519_cmov8_cached(&t, pi, e[i]); ge25519_add(&r, h, &t); ge25519_p1p1_to_p3(h, &r); @@ -871,7 +887,7 @@ ge25519_scalarmult_base(ge25519_p3 *h, const unsigned char *a) ge25519_p3_0(h); for (i = 1; i < 64; i += 2) { - ge25519_select_base(&t, i / 2, e[i]); + ge25519_cmov8_base(&t, i / 2, e[i]); ge25519_madd(&r, h, &t); ge25519_p1p1_to_p3(h, &r); } @@ -886,7 +902,7 @@ ge25519_scalarmult_base(ge25519_p3 *h, const unsigned char *a) ge25519_p1p1_to_p3(h, &r); for (i = 0; i < 64; i += 2) { - ge25519_select_base(&t, i / 2, e[i]); + ge25519_cmov8_base(&t, i / 2, e[i]); ge25519_madd(&r, h, &t); ge25519_p1p1_to_p3(h, &r); } @@ -1065,7 +1081,7 @@ ge25519_has_small_order(const unsigned char s[32]) where l = 2^252 + 27742317777372353535851937790883648493. */ -static void +void sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32]) { int64_t a0 = 2097151 & load_3(a); @@ -2509,27 +2525,19 @@ chi25519(fe25519 out, const fe25519 z) fe25519_mul(out, t1, t0); } -void -ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]) +static void +ge25519_elligator2(unsigned char s[32], const fe25519 r, const unsigned char x_sign) { - fe25519 e; - fe25519 negx; - fe25519 rr2; - fe25519 x, x2, x3; - ge25519_p3 p3; - ge25519_p1p1 p1; - ge25519_p2 p2; - unsigned int e_is_minus_1; - unsigned char x_sign; + fe25519 e; + fe25519 negx; + fe25519 rr2; + fe25519 x, x2, x3; + ge25519_p3 p3; + ge25519_p1p1 p1; + ge25519_p2 p2; + unsigned int e_is_minus_1; - memcpy(s, r, 32); - x_sign = s[31] & 0x80; - s[31] &= 0x7f; - - fe25519_frombytes(rr2, s); - - /* elligator */ - fe25519_sq2(rr2, rr2); + fe25519_sq2(rr2, r); rr2[0]++; fe25519_invert(rr2, rr2); fe25519_mul(x, curve25519_A, rr2); @@ -2583,3 +2591,276 @@ ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]) ge25519_p3_tobytes(s, &p3); } + +void +ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]) +{ + fe25519 r_fe; + unsigned char x_sign; + + memcpy(s, r, 32); + x_sign = s[31] & 0x80; + s[31] &= 0x7f; + fe25519_frombytes(r_fe, s); + ge25519_elligator2(s, r_fe, x_sign); +} + +void +ge25519_from_hash(unsigned char s[32], const unsigned char h[64]) +{ + unsigned char fl[32]; + unsigned char gl[32]; + fe25519 fe_f; + fe25519 fe_g; + size_t i; + unsigned char x_sign; + + x_sign = h[0] & 0x80; + for (i = 0; i < 32; i++) { + fl[i] = h[63 - i]; + gl[i] = h[31 - i]; + } + fl[31] &= 0x7f; + gl[31] &= 0x7f; + fe25519_frombytes(fe_f, fl); + fe25519_frombytes(fe_g, gl); + fe_f[0] += (h[32] >> 7) * 19; + for (i = 0; i < sizeof (fe25519) / sizeof fe_f[0]; i++) { + fe_f[i] += 38 * fe_g[i]; + } + fe25519_reduce(fe_f, fe_f); + ge25519_elligator2(s, fe_f, x_sign); +} + +/* Ristretto group */ + +static int +ristretto255_sqrt_ratio_m1(fe25519 x, const fe25519 u, const fe25519 v) +{ + fe25519 v3; + fe25519 vxx; + fe25519 m_root_check, p_root_check, f_root_check; + fe25519 x_sqrtm1; + int has_m_root, has_p_root, has_f_root; + + fe25519_sq(v3, v); + fe25519_mul(v3, v3, v); /* v3 = v^3 */ + fe25519_sq(x, v3); + fe25519_mul(x, x, v); + fe25519_mul(x, x, u); /* x = uv^7 */ + + fe25519_pow22523(x, x); /* x = (uv^7)^((q-5)/8) */ + fe25519_mul(x, x, v3); + fe25519_mul(x, x, u); /* x = uv^3(uv^7)^((q-5)/8) */ + + fe25519_sq(vxx, x); + fe25519_mul(vxx, vxx, v); /* vx^2 */ + fe25519_sub(m_root_check, vxx, u); /* vx^2-u */ + fe25519_add(p_root_check, vxx, u); /* vx^2+u */ + fe25519_mul(f_root_check, u, sqrtm1); /* u*sqrt(-1) */ + fe25519_add(f_root_check, vxx, f_root_check); /* vx^2+u*sqrt(-1) */ + has_m_root = fe25519_iszero(m_root_check); + has_p_root = fe25519_iszero(p_root_check); + has_f_root = fe25519_iszero(f_root_check); + fe25519_mul(x_sqrtm1, x, sqrtm1); /* x*sqrt(-1) */ + + fe25519_cmov(x, x_sqrtm1, has_p_root | has_f_root); + fe25519_abs(x, x); + + return has_m_root | has_p_root; +} + +static int +ristretto255_is_canonical(const unsigned char *s) +{ + unsigned char c; + unsigned char d; + unsigned int i; + + c = (s[31] & 0x7f) ^ 0x7f; + for (i = 30; i > 0; i--) { + c |= s[i] ^ 0xff; + } + c = (((unsigned int) c) - 1U) >> 8; + d = (0xed - 1U - (unsigned int) s[0]) >> 8; + + return 1 - (((c & d) | s[0]) & 1); +} + +int +ristretto255_frombytes(ge25519_p3 *h, const unsigned char *s) +{ + fe25519 inv_sqrt; + fe25519 one; + fe25519 s_; + fe25519 ss; + fe25519 u1, u2; + fe25519 u1u1, u2u2; + fe25519 v; + fe25519 v_u2u2; + int was_square; + + if (ristretto255_is_canonical(s) == 0) { + return -1; + } + fe25519_frombytes(s_, s); + fe25519_sq(ss, s_); /* ss = s^2 */ + + fe25519_1(u1); + fe25519_sub(u1, u1, ss); /* u1 = 1-ss */ + fe25519_sq(u1u1, u1); /* u1u1 = u1^2 */ + + fe25519_1(u2); + fe25519_add(u2, u2, ss); /* u2 = 1+ss */ + fe25519_sq(u2u2, u2); /* u2u2 = u2^2 */ + + fe25519_mul(v, d, u1u1); /* v = d*u1^2 */ + fe25519_neg(v, v); /* v = -d*u1^2 */ + fe25519_sub(v, v, u2u2); /* v = -(d*u1^2)-u2^2 */ + + fe25519_mul(v_u2u2, v, u2u2); /* v_u2u2 = v*u2^2 */ + + fe25519_1(one); + was_square = ristretto255_sqrt_ratio_m1(inv_sqrt, one, v_u2u2); + fe25519_mul(h->X, inv_sqrt, u2); + fe25519_mul(h->Y, inv_sqrt, h->X); + fe25519_mul(h->Y, h->Y, v); + + fe25519_mul(h->X, h->X, s_); + fe25519_add(h->X, h->X, h->X); + fe25519_abs(h->X, h->X); + fe25519_mul(h->Y, u1, h->Y); + fe25519_1(h->Z); + fe25519_mul(h->T, h->X, h->Y); + + return - ((1 - was_square) | + fe25519_isnegative(h->T) | fe25519_iszero(h->Y)); +} + +void +ristretto255_p3_tobytes(unsigned char *s, const ge25519_p3 *h) +{ + fe25519 den1, den2; + fe25519 den_inv; + fe25519 eden; + fe25519 inv_sqrt; + fe25519 ix, iy; + fe25519 one; + fe25519 s_; + fe25519 t_z_inv; + fe25519 u1, u2; + fe25519 u1_u2u2; + fe25519 x_, y_; + fe25519 x_z_inv; + fe25519 z_inv; + fe25519 zmy; + int rotate; + + fe25519_add(u1, h->Z, h->Y); /* u1 = Z+Y */ + fe25519_sub(zmy, h->Z, h->Y); /* zmy = Z-Y */ + fe25519_mul(u1, u1, zmy); /* u1 = (Z+Y)*(Z-Y) */ + fe25519_mul(u2, h->X, h->Y); /* u2 = X*Y */ + + fe25519_sq(u1_u2u2, u2); /* u1_u2u2 = u2^2 */ + fe25519_mul(u1_u2u2, u1, u1_u2u2); /* u1_u2u2 = u1*u2^2 */ + + fe25519_1(one); + (void) ristretto255_sqrt_ratio_m1(inv_sqrt, one, u1_u2u2); + fe25519_mul(den1, inv_sqrt, u1); /* den1 = inv_sqrt*u1 */ + fe25519_mul(den2, inv_sqrt, u2); /* den2 = inv_sqrt*u2 */ + fe25519_mul(z_inv, den1, den2); /* z_inv = den1*den2 */ + fe25519_mul(z_inv, z_inv, h->T); /* z_inv = den1*den2*T */ + + fe25519_mul(ix, h->X, sqrtm1); /* ix = X*sqrt(-1) */ + fe25519_mul(iy, h->Y, sqrtm1); /* iy = Y*sqrt(-1) */ + fe25519_mul(eden, den1, invsqrtamd); /* eden = den1*sqrt(a-d) */ + + fe25519_mul(t_z_inv, h->T, z_inv); /* t_z_inv = T*z_inv */ + rotate = fe25519_isnegative(t_z_inv); + + fe25519_copy(x_, h->X); + fe25519_copy(y_, h->Y); + fe25519_copy(den_inv, den2); + + fe25519_cmov(x_, iy, rotate); + fe25519_cmov(y_, ix, rotate); + fe25519_cmov(den_inv, eden, rotate); + + fe25519_mul(x_z_inv, x_, z_inv); + fe25519_cneg(y_, y_, fe25519_isnegative(x_z_inv)); + + fe25519_sub(s_, h->Z, y_); + fe25519_mul(s_, den_inv, s_); + fe25519_abs(s_, s_); + fe25519_tobytes(s, s_); +} + +static void +ristretto255_elligator(ge25519_p3 *p, const fe25519 t) +{ + fe25519 c; + fe25519 n; + fe25519 one; + fe25519 r; + fe25519 rpd; + fe25519 s, s_prime; + fe25519 ss; + fe25519 u, v; + fe25519 w0, w1, w2, w3; + int wasnt_square; + + fe25519_1(one); + fe25519_sq(r, t); /* r = t^2 */ + fe25519_mul(r, sqrtm1, r); /* r = sqrt(-1)*t^2 */ + fe25519_add(u, r, one); /* u = r+1 */ + fe25519_mul(u, u, onemsqd); /* u = (r+1)*(1-d^2) */ + fe25519_1(c); + fe25519_neg(c, c); /* c = -1 */ + fe25519_add(rpd, r, d); /* rpd = r*d */ + fe25519_mul(v, r, d); /* v = r*d */ + fe25519_sub(v, c, v); /* v = c-r*d */ + fe25519_mul(v, v, rpd); /* v = (c-r*d)*(r+d) */ + + wasnt_square = 1 - ristretto255_sqrt_ratio_m1(s, u, v); + fe25519_mul(s_prime, s, t); + fe25519_abs(s_prime, s_prime); + fe25519_neg(s_prime, s_prime); /* s_prime = -|s*t| */ + fe25519_cmov(s, s_prime, wasnt_square); + fe25519_cmov(c, r, wasnt_square); + + fe25519_sub(n, r, one); /* n = r-1 */ + fe25519_mul(n, n, c); /* n = c*(r-1) */ + fe25519_mul(n, n, sqdmone); /* n = c*(r-1)*(d-1)^2 */ + fe25519_sub(n, n, v); /* n = c*(r-1)*(d-1)^2-v */ + + fe25519_add(w0, s, s); /* w0 = 2s */ + fe25519_mul(w0, w0, v); /* w0 = 2s*v */ + fe25519_mul(w1, n, sqrtadm1); /* w1 = n*sqrt(ad-1) */ + fe25519_sq(ss, s); /* ss = s^2 */ + fe25519_sub(w2, one, ss); /* w2 = 1-s^2 */ + fe25519_add(w3, one, ss); /* w3 = 1+s^2 */ + + fe25519_mul(p->X, w0, w3); + fe25519_mul(p->Y, w2, w1); + fe25519_mul(p->Z, w1, w3); + fe25519_mul(p->T, w0, w2); +} + +void +ristretto255_from_hash(unsigned char s[32], const unsigned char h[64]) +{ + fe25519 r0, r1; + ge25519_cached p1_cached; + ge25519_p1p1 p_p1p1; + ge25519_p3 p0, p1; + ge25519_p3 p; + + fe25519_frombytes(r0, h); + fe25519_frombytes(r1, h + 32); + ristretto255_elligator(&p0, r0); + ristretto255_elligator(&p1, r1); + ge25519_p3_to_cached(&p1_cached, &p1); + ge25519_add(&p_p1p1, &p0, &p1_cached); + ge25519_p1p1_to_p3(&p, &p_p1p1); + ristretto255_p3_tobytes(s, &p); +} diff --git a/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/constants.h b/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/constants.h index 3dc9156a..dd6da1b8 100644 --- a/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/constants.h +++ b/src/libsodium/crypto_core/ed25519/ref10/fe_25_5/constants.h @@ -18,3 +18,23 @@ static const fe25519 sqrtm1 = { static const fe25519 curve25519_A = { 486662, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; + +/* sqrt(ad - 1) with a = -1 (mod p) */ +static const fe25519 sqrtadm1 = { + 24849947, -153582, -23613485, 6347715, -21072328, -667138, -25271143, -15367704, -870347, 14525639 +}; + +/* 1 / sqrt(a - d) */ +static const fe25519 invsqrtamd = { + 6111485, 4156064, -27798727, 12243468, -25904040, 120897, 20826367, -7060776, 6093568, -1986012 +}; + +/* 1 - d ^ 2 */ +static const fe25519 onemsqd = { + 6275446, -16617371, -22938544, -3773710, 11667077, 7397348, -27922721, 1766195, -24433858, 672203 +}; + +/* (d - 1) ^ 2 */ +static const fe25519 sqdmone = { + 15551795, -11097455, -13425098, -10125071, -11896535, 10178284, -26634327, 4729244, -5282110, -10116402 +}; diff --git a/src/libsodium/crypto_core/ed25519/ref10/fe_51/constants.h b/src/libsodium/crypto_core/ed25519/ref10/fe_51/constants.h index 53b75c6b..24e5cb5e 100644 --- a/src/libsodium/crypto_core/ed25519/ref10/fe_51/constants.h +++ b/src/libsodium/crypto_core/ed25519/ref10/fe_51/constants.h @@ -19,3 +19,23 @@ static const fe25519 sqrtm1 = { static const fe25519 curve25519_A = { 486662, 0, 0, 0, 0 }; + +/* sqrt(ad - 1) with a = -1 (mod p) */ +static const fe25519 sqrtadm1 = { + 2241493124984347, 425987919032274, 2207028919301688, 1220490630685848, 974799131293748 +}; + +/* 1 / sqrt(a - d) */ +static const fe25519 invsqrtamd = { + 278908739862762, 821645201101625, 8113234426968, 1777959178193151, 2118520810568447 +}; + +/* 1 - d ^ 2 */ +static const fe25519 onemsqd = { + 1136626929484150, 1998550399581263, 496427632559748, 118527312129759, 45110755273534 +}; + +/* (d - 1) ^ 2 */ +static const fe25519 sqdmone = { + 1507062230895904, 1572317787530805, 683053064812840, 317374165784489, 1572899562415810 +}; diff --git a/src/libsodium/crypto_core/salsa/ref/core_salsa_ref.c b/src/libsodium/crypto_core/salsa/ref/core_salsa_ref.c index a077d7f4..c023378c 100644 --- a/src/libsodium/crypto_core/salsa/ref/core_salsa_ref.c +++ b/src/libsodium/crypto_core/salsa/ref/core_salsa_ref.c @@ -127,7 +127,7 @@ crypto_core_salsa20_constbytes(void) } #ifndef MINIMAL - +/* LCOV_EXCL_START */ int crypto_core_salsa2012(unsigned char *out, const unsigned char *in, const unsigned char *k, const unsigned char *c) @@ -191,5 +191,5 @@ crypto_core_salsa208_constbytes(void) { return crypto_core_salsa208_CONSTBYTES; } - +/* LCOV_EXCL_END */ #endif diff --git a/src/libsodium/crypto_pwhash/argon2/argon2-core.c b/src/libsodium/crypto_pwhash/argon2/argon2-core.c index bfe3fbbf..c4e4d842 100644 --- a/src/libsodium/crypto_pwhash/argon2/argon2-core.c +++ b/src/libsodium/crypto_pwhash/argon2/argon2-core.c @@ -113,9 +113,11 @@ allocate_memory(block_region **region, uint32_t m_cost) } #endif if (base == NULL) { + /* LCOV_EXCL_START */ free(*region); *region = NULL; - return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */ + return ARGON2_MEMORY_ALLOCATION_ERROR; + /* LCOV_EXCL_STOP */ } (*region)->base = base; (*region)->memory = memory; diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c index b1c1bd84..5bf0d704 100644 --- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c +++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c @@ -305,6 +305,10 @@ escrypt_kdf_nosse(escrypt_local_t *local, const uint8_t *passwd, uint32_t i; /* Sanity-check parameters. */ + if (r == 0 || p == 0) { + errno = EINVAL; + return -1; + } #if SIZE_MAX > UINT32_MAX if (buflen > (((uint64_t)(1) << 32) - 1) * 32) { errno = EFBIG; diff --git a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c index 754a19fd..688f2d30 100644 --- a/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c +++ b/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c @@ -317,6 +317,10 @@ escrypt_kdf_sse(escrypt_local_t *local, const uint8_t *passwd, size_t passwdlen, uint32_t i; /* Sanity-check parameters. */ + if (r == 0 || p == 0) { + errno = EINVAL; + return -1; + } # if SIZE_MAX > UINT32_MAX /* LCOV_EXCL_START */ if (buflen > (((uint64_t)(1) << 32) - 1) * 32) { diff --git a/src/libsodium/crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c b/src/libsodium/crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c new file mode 100644 index 00000000..433a9a26 --- /dev/null +++ b/src/libsodium/crypto_scalarmult/ristretto255/ref10/scalarmult_ristretto255_ref10.c @@ -0,0 +1,63 @@ + +#include + +#include "crypto_scalarmult_ed25519.h" +#include "crypto_scalarmult_ristretto255.h" +#include "private/ed25519_ref10.h" +#include "utils.h" + +int +crypto_scalarmult_ristretto255(unsigned char *q, const unsigned char *n, + const unsigned char *p) +{ + unsigned char *t = q; + ge25519_p3 Q; + ge25519_p3 P; + unsigned int i; + + if (ristretto255_frombytes(&P, p) != 0) { + return -1; + } + for (i = 0; i < 32; ++i) { + t[i] = n[i]; + } + t[31] &= 127; + ge25519_scalarmult(&Q, t, &P); + ristretto255_p3_tobytes(q, &Q); + if (sodium_is_zero(q, 32)) { + return -1; + } + return 0; +} + +int +crypto_scalarmult_ristretto255_base(unsigned char *q, + const unsigned char *n) +{ + unsigned char *t = q; + ge25519_p3 Q; + unsigned int i; + + for (i = 0; i < 32; ++i) { + t[i] = n[i]; + } + t[31] &= 127; + ge25519_scalarmult_base(&Q, t); + ristretto255_p3_tobytes(q, &Q); + if (sodium_is_zero(q, 32)) { + return -1; + } + return 0; +} + +size_t +crypto_scalarmult_ristretto255_bytes(void) +{ + return crypto_scalarmult_ristretto255_BYTES; +} + +size_t +crypto_scalarmult_ristretto255_scalarbytes(void) +{ + return crypto_scalarmult_ristretto255_SCALARBYTES; +} diff --git a/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c b/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c index 03440cfa..64ded79e 100644 --- a/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c +++ b/src/libsodium/crypto_sign/ed25519/ref10/obsolete.c @@ -10,6 +10,7 @@ #include "randombytes.h" #include "utils.h" +/* LCOV_EXCL_START */ int crypto_sign_edwards25519sha512batch_keypair(unsigned char *pk, unsigned char *sk) @@ -114,3 +115,4 @@ crypto_sign_edwards25519sha512batch_open(unsigned char *m, return 0; } +/* LCOV_EXCL_END */ diff --git a/src/libsodium/include/Makefile.am b/src/libsodium/include/Makefile.am index b70c22b3..7476bd97 100644 --- a/src/libsodium/include/Makefile.am +++ b/src/libsodium/include/Makefile.am @@ -13,6 +13,7 @@ SODIUM_EXPORT = \ sodium/crypto_box_curve25519xchacha20poly1305.h \ sodium/crypto_box_curve25519xsalsa20poly1305.h \ sodium/crypto_core_ed25519.h \ + sodium/crypto_core_ristretto255.h \ sodium/crypto_core_hchacha20.h \ sodium/crypto_core_hsalsa20.h \ sodium/crypto_core_salsa20.h \ @@ -35,6 +36,7 @@ SODIUM_EXPORT = \ sodium/crypto_scalarmult.h \ sodium/crypto_scalarmult_curve25519.h \ sodium/crypto_scalarmult_ed25519.h \ + sodium/crypto_scalarmult_ristretto255.h \ sodium/crypto_secretbox.h \ sodium/crypto_secretbox_xchacha20poly1305.h \ sodium/crypto_secretbox_xsalsa20poly1305.h \ @@ -56,16 +58,11 @@ SODIUM_EXPORT = \ sodium/crypto_verify_64.h \ sodium/export.h \ sodium/randombytes.h \ - sodium/randombytes_salsa20_random.h \ + sodium/randombytes_internal_random.h \ sodium/randombytes_sysrandom.h \ sodium/runtime.h \ sodium/utils.h -if NATIVECLIENT -SODIUM_EXPORT += \ - sodium/randombytes_nativeclient.h -endif - EXTRA_SRC = $(SODIUM_EXPORT) \ sodium/version.h.in diff --git a/src/libsodium/include/Makefile.in b/src/libsodium/include/Makefile.in index f6e421b6..f74c4557 100644 --- a/src/libsodium/include/Makefile.in +++ b/src/libsodium/include/Makefile.in @@ -88,9 +88,6 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -@NATIVECLIENT_TRUE@am__append_1 = \ -@NATIVECLIENT_TRUE@ sodium/randombytes_nativeclient.h - subdir = src/libsodium/include ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_catchable_abrt.m4 \ @@ -106,7 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/ax_check_catchable_abrt.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__nobase_include_HEADERS_DIST) \ +DIST_COMMON = $(srcdir)/Makefile.am $(nobase_include_HEADERS) \ $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = @@ -130,46 +127,6 @@ am__can_run_installinfo = \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac -am__nobase_include_HEADERS_DIST = sodium.h sodium/core.h \ - sodium/crypto_aead_aes256gcm.h \ - sodium/crypto_aead_chacha20poly1305.h \ - sodium/crypto_aead_xchacha20poly1305.h sodium/crypto_auth.h \ - sodium/crypto_auth_hmacsha256.h \ - sodium/crypto_auth_hmacsha512.h \ - sodium/crypto_auth_hmacsha512256.h sodium/crypto_box.h \ - sodium/crypto_box_curve25519xchacha20poly1305.h \ - sodium/crypto_box_curve25519xsalsa20poly1305.h \ - sodium/crypto_core_ed25519.h sodium/crypto_core_hchacha20.h \ - sodium/crypto_core_hsalsa20.h sodium/crypto_core_salsa20.h \ - sodium/crypto_core_salsa2012.h sodium/crypto_core_salsa208.h \ - sodium/crypto_generichash.h \ - sodium/crypto_generichash_blake2b.h sodium/crypto_hash.h \ - sodium/crypto_hash_sha256.h sodium/crypto_hash_sha512.h \ - sodium/crypto_kdf.h sodium/crypto_kdf_blake2b.h \ - sodium/crypto_kx.h sodium/crypto_onetimeauth.h \ - sodium/crypto_onetimeauth_poly1305.h sodium/crypto_pwhash.h \ - sodium/crypto_pwhash_argon2i.h sodium/crypto_pwhash_argon2id.h \ - sodium/crypto_pwhash_scryptsalsa208sha256.h \ - sodium/crypto_scalarmult.h \ - sodium/crypto_scalarmult_curve25519.h \ - sodium/crypto_scalarmult_ed25519.h sodium/crypto_secretbox.h \ - sodium/crypto_secretbox_xchacha20poly1305.h \ - sodium/crypto_secretbox_xsalsa20poly1305.h \ - sodium/crypto_secretstream_xchacha20poly1305.h \ - sodium/crypto_shorthash.h sodium/crypto_shorthash_siphash24.h \ - sodium/crypto_sign.h sodium/crypto_sign_ed25519.h \ - sodium/crypto_sign_edwards25519sha512batch.h \ - sodium/crypto_stream.h sodium/crypto_stream_chacha20.h \ - sodium/crypto_stream_salsa20.h \ - sodium/crypto_stream_salsa2012.h \ - sodium/crypto_stream_salsa208.h \ - sodium/crypto_stream_xchacha20.h \ - sodium/crypto_stream_xsalsa20.h sodium/crypto_verify_16.h \ - sodium/crypto_verify_32.h sodium/crypto_verify_64.h \ - sodium/export.h sodium/randombytes.h \ - sodium/randombytes_salsa20_random.h \ - sodium/randombytes_sysrandom.h sodium/runtime.h sodium/utils.h \ - sodium/randombytes_nativeclient.h am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ @@ -379,45 +336,70 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ valgrind_enabled_tools = @valgrind_enabled_tools@ valgrind_tools = @valgrind_tools@ -SODIUM_EXPORT = sodium.h sodium/core.h sodium/crypto_aead_aes256gcm.h \ +SODIUM_EXPORT = \ + sodium.h \ + sodium/core.h \ + sodium/crypto_aead_aes256gcm.h \ sodium/crypto_aead_chacha20poly1305.h \ - sodium/crypto_aead_xchacha20poly1305.h sodium/crypto_auth.h \ + sodium/crypto_aead_xchacha20poly1305.h \ + sodium/crypto_auth.h \ sodium/crypto_auth_hmacsha256.h \ sodium/crypto_auth_hmacsha512.h \ - sodium/crypto_auth_hmacsha512256.h sodium/crypto_box.h \ + sodium/crypto_auth_hmacsha512256.h \ + sodium/crypto_box.h \ sodium/crypto_box_curve25519xchacha20poly1305.h \ sodium/crypto_box_curve25519xsalsa20poly1305.h \ - sodium/crypto_core_ed25519.h sodium/crypto_core_hchacha20.h \ - sodium/crypto_core_hsalsa20.h sodium/crypto_core_salsa20.h \ - sodium/crypto_core_salsa2012.h sodium/crypto_core_salsa208.h \ + sodium/crypto_core_ed25519.h \ + sodium/crypto_core_ristretto255.h \ + sodium/crypto_core_hchacha20.h \ + sodium/crypto_core_hsalsa20.h \ + sodium/crypto_core_salsa20.h \ + sodium/crypto_core_salsa2012.h \ + sodium/crypto_core_salsa208.h \ sodium/crypto_generichash.h \ - sodium/crypto_generichash_blake2b.h sodium/crypto_hash.h \ - sodium/crypto_hash_sha256.h sodium/crypto_hash_sha512.h \ - sodium/crypto_kdf.h sodium/crypto_kdf_blake2b.h \ - sodium/crypto_kx.h sodium/crypto_onetimeauth.h \ - sodium/crypto_onetimeauth_poly1305.h sodium/crypto_pwhash.h \ - sodium/crypto_pwhash_argon2i.h sodium/crypto_pwhash_argon2id.h \ + sodium/crypto_generichash_blake2b.h \ + sodium/crypto_hash.h \ + sodium/crypto_hash_sha256.h \ + sodium/crypto_hash_sha512.h \ + sodium/crypto_kdf.h \ + sodium/crypto_kdf_blake2b.h \ + sodium/crypto_kx.h \ + sodium/crypto_onetimeauth.h \ + sodium/crypto_onetimeauth_poly1305.h \ + sodium/crypto_pwhash.h \ + sodium/crypto_pwhash_argon2i.h \ + sodium/crypto_pwhash_argon2id.h \ sodium/crypto_pwhash_scryptsalsa208sha256.h \ sodium/crypto_scalarmult.h \ sodium/crypto_scalarmult_curve25519.h \ - sodium/crypto_scalarmult_ed25519.h sodium/crypto_secretbox.h \ + sodium/crypto_scalarmult_ed25519.h \ + sodium/crypto_scalarmult_ristretto255.h \ + sodium/crypto_secretbox.h \ sodium/crypto_secretbox_xchacha20poly1305.h \ sodium/crypto_secretbox_xsalsa20poly1305.h \ sodium/crypto_secretstream_xchacha20poly1305.h \ - sodium/crypto_shorthash.h sodium/crypto_shorthash_siphash24.h \ - sodium/crypto_sign.h sodium/crypto_sign_ed25519.h \ + sodium/crypto_shorthash.h \ + sodium/crypto_shorthash_siphash24.h \ + sodium/crypto_sign.h \ + sodium/crypto_sign_ed25519.h \ sodium/crypto_sign_edwards25519sha512batch.h \ - sodium/crypto_stream.h sodium/crypto_stream_chacha20.h \ + sodium/crypto_stream.h \ + sodium/crypto_stream_chacha20.h \ sodium/crypto_stream_salsa20.h \ sodium/crypto_stream_salsa2012.h \ sodium/crypto_stream_salsa208.h \ sodium/crypto_stream_xchacha20.h \ - sodium/crypto_stream_xsalsa20.h sodium/crypto_verify_16.h \ - sodium/crypto_verify_32.h sodium/crypto_verify_64.h \ - sodium/export.h sodium/randombytes.h \ - sodium/randombytes_salsa20_random.h \ - sodium/randombytes_sysrandom.h sodium/runtime.h sodium/utils.h \ - $(am__append_1) + sodium/crypto_stream_xsalsa20.h \ + sodium/crypto_verify_16.h \ + sodium/crypto_verify_32.h \ + sodium/crypto_verify_64.h \ + sodium/export.h \ + sodium/randombytes.h \ + sodium/randombytes_internal_random.h \ + sodium/randombytes_sysrandom.h \ + sodium/runtime.h \ + sodium/utils.h + EXTRA_SRC = $(SODIUM_EXPORT) \ sodium/version.h.in diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h index e7b1af46..295f911c 100644 --- a/src/libsodium/include/sodium.h +++ b/src/libsodium/include/sodium.h @@ -48,10 +48,7 @@ #include "sodium/crypto_verify_32.h" #include "sodium/crypto_verify_64.h" #include "sodium/randombytes.h" -#ifdef __native_client__ -# include "sodium/randombytes_nativeclient.h" -#endif -#include "sodium/randombytes_salsa20_random.h" +#include "sodium/randombytes_internal_random.h" #include "sodium/randombytes_sysrandom.h" #include "sodium/runtime.h" #include "sodium/utils.h" @@ -59,7 +56,9 @@ #ifndef SODIUM_LIBRARY_MINIMAL # include "sodium/crypto_box_curve25519xchacha20poly1305.h" # include "sodium/crypto_core_ed25519.h" +# include "sodium/crypto_core_ristretto255.h" # include "sodium/crypto_scalarmult_ed25519.h" +# include "sodium/crypto_scalarmult_ristretto255.h" # include "sodium/crypto_secretbox_xchacha20poly1305.h" # include "sodium/crypto_pwhash_scryptsalsa208sha256.h" # include "sodium/crypto_stream_salsa2012.h" diff --git a/src/libsodium/include/sodium/crypto_aead_aes256gcm.h b/src/libsodium/include/sodium/crypto_aead_aes256gcm.h index 2d31a975..9baeb3f1 100644 --- a/src/libsodium/include/sodium/crypto_aead_aes256gcm.h +++ b/src/libsodium/include/sodium/crypto_aead_aes256gcm.h @@ -56,7 +56,7 @@ size_t crypto_aead_aes256gcm_abytes(void); SODIUM_EXPORT size_t crypto_aead_aes256gcm_messagebytes_max(void); -typedef CRYPTO_ALIGN(16) struct crypto_aead_aes256gcm_state_ { +typedef struct CRYPTO_ALIGN(16) crypto_aead_aes256gcm_state_ { unsigned char opaque[512]; } crypto_aead_aes256gcm_state; diff --git a/src/libsodium/include/sodium/crypto_core_ed25519.h b/src/libsodium/include/sodium/crypto_core_ed25519.h index eb736ffb..3eae00c4 100644 --- a/src/libsodium/include/sodium/crypto_core_ed25519.h +++ b/src/libsodium/include/sodium/crypto_core_ed25519.h @@ -16,6 +16,10 @@ size_t crypto_core_ed25519_bytes(void); SODIUM_EXPORT size_t crypto_core_ed25519_uniformbytes(void); +#define crypto_core_ed25519_HASHBYTES 64 +SODIUM_EXPORT +size_t crypto_core_ed25519_hashbytes(void); + #define crypto_core_ed25519_SCALARBYTES 32 SODIUM_EXPORT size_t crypto_core_ed25519_scalarbytes(void); @@ -42,6 +46,14 @@ SODIUM_EXPORT int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) __attribute__ ((nonnull)); +SODIUM_EXPORT +int crypto_core_ed25519_from_hash(unsigned char *p, const unsigned char *h) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ed25519_random(unsigned char *p) + __attribute__ ((nonnull)); + SODIUM_EXPORT void crypto_core_ed25519_scalar_random(unsigned char *r) __attribute__ ((nonnull)); @@ -68,6 +80,11 @@ void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x, const unsigned char *y) __attribute__ ((nonnull)); +SODIUM_EXPORT +void crypto_core_ed25519_scalar_mul(unsigned char *z, const unsigned char *x, + const unsigned char *y) + __attribute__ ((nonnull)); + /* * The interval `s` is sampled from should be at least 317 bits to ensure almost * uniformity of `r` over `L`. diff --git a/src/libsodium/include/sodium/crypto_core_ristretto255.h b/src/libsodium/include/sodium/crypto_core_ristretto255.h new file mode 100644 index 00000000..f2820e55 --- /dev/null +++ b/src/libsodium/include/sodium/crypto_core_ristretto255.h @@ -0,0 +1,100 @@ +#ifndef crypto_core_ristretto255_H +#define crypto_core_ristretto255_H + +#include +#include "export.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define crypto_core_ristretto255_BYTES 32 +SODIUM_EXPORT +size_t crypto_core_ristretto255_bytes(void); + +#define crypto_core_ristretto255_HASHBYTES 64 +SODIUM_EXPORT +size_t crypto_core_ristretto255_hashbytes(void); + +#define crypto_core_ristretto255_SCALARBYTES 32 +SODIUM_EXPORT +size_t crypto_core_ristretto255_scalarbytes(void); + +#define crypto_core_ristretto255_NONREDUCEDSCALARBYTES 64 +SODIUM_EXPORT +size_t crypto_core_ristretto255_nonreducedscalarbytes(void); + +SODIUM_EXPORT +int crypto_core_ristretto255_is_valid_point(const unsigned char *p) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +int crypto_core_ristretto255_add(unsigned char *r, + const unsigned char *p, const unsigned char *q) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +int crypto_core_ristretto255_sub(unsigned char *r, + const unsigned char *p, const unsigned char *q) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +int crypto_core_ristretto255_from_hash(unsigned char *p, + const unsigned char *r) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ristretto255_random(unsigned char *p) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ristretto255_scalar_random(unsigned char *r) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +int crypto_core_ristretto255_scalar_invert(unsigned char *recip, + const unsigned char *s) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ristretto255_scalar_negate(unsigned char *neg, + const unsigned char *s) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ristretto255_scalar_complement(unsigned char *comp, + const unsigned char *s) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ristretto255_scalar_add(unsigned char *z, + const unsigned char *x, + const unsigned char *y) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ristretto255_scalar_sub(unsigned char *z, + const unsigned char *x, + const unsigned char *y) + __attribute__ ((nonnull)); + +SODIUM_EXPORT +void crypto_core_ristretto255_scalar_mul(unsigned char *z, + const unsigned char *x, + const unsigned char *y) + __attribute__ ((nonnull)); + +/* + * The interval `s` is sampled from should be at least 317 bits to ensure almost + * uniformity of `r` over `L`. + */ +SODIUM_EXPORT +void crypto_core_ristretto255_scalar_reduce(unsigned char *r, + const unsigned char *s) + __attribute__ ((nonnull)); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/libsodium/include/sodium/crypto_scalarmult.h b/src/libsodium/include/sodium/crypto_scalarmult.h index 01a8e3ea..1c685853 100644 --- a/src/libsodium/include/sodium/crypto_scalarmult.h +++ b/src/libsodium/include/sodium/crypto_scalarmult.h @@ -27,7 +27,7 @@ int crypto_scalarmult_base(unsigned char *q, const unsigned char *n) __attribute__ ((nonnull)); /* - * NOTE: Do not use the result of this function directly. + * NOTE: Do not use the result of this function directly for key exchange. * * Hash the result with the public keys in order to compute a shared * secret key: H(q || client_pk || server_pk) diff --git a/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h b/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h index e5605cb2..60e9d0c5 100644 --- a/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h +++ b/src/libsodium/include/sodium/crypto_scalarmult_curve25519.h @@ -18,7 +18,7 @@ SODIUM_EXPORT size_t crypto_scalarmult_curve25519_scalarbytes(void); /* - * NOTE: Do not use the result of this function directly. + * NOTE: Do not use the result of this function directly for key exchange. * * Hash the result with the public keys in order to compute a shared * secret key: H(q || client_pk || server_pk) diff --git a/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h b/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h index 1958643c..2dfa4d70 100644 --- a/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h +++ b/src/libsodium/include/sodium/crypto_scalarmult_ed25519.h @@ -19,7 +19,7 @@ SODIUM_EXPORT size_t crypto_scalarmult_ed25519_scalarbytes(void); /* - * NOTE: Do not use the result of this function directly. + * NOTE: Do not use the result of this function directly for key exchange. * * Hash the result with the public keys in order to compute a shared * secret key: H(q || client_pk || server_pk) diff --git a/src/libsodium/include/sodium/crypto_scalarmult_ristretto255.h b/src/libsodium/include/sodium/crypto_scalarmult_ristretto255.h new file mode 100644 index 00000000..40a45cce --- /dev/null +++ b/src/libsodium/include/sodium/crypto_scalarmult_ristretto255.h @@ -0,0 +1,43 @@ + +#ifndef crypto_scalarmult_ristretto255_H +#define crypto_scalarmult_ristretto255_H + +#include + +#include "export.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define crypto_scalarmult_ristretto255_BYTES 32U +SODIUM_EXPORT +size_t crypto_scalarmult_ristretto255_bytes(void); + +#define crypto_scalarmult_ristretto255_SCALARBYTES 32U +SODIUM_EXPORT +size_t crypto_scalarmult_ristretto255_scalarbytes(void); + +/* + * NOTE: Do not use the result of this function directly for key exchange. + * + * Hash the result with the public keys in order to compute a shared + * secret key: H(q || client_pk || server_pk) + * + * Or unless this is not an option, use the crypto_kx() API instead. + */ +SODIUM_EXPORT +int crypto_scalarmult_ristretto255(unsigned char *q, const unsigned char *n, + const unsigned char *p) + __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); + +SODIUM_EXPORT +int crypto_scalarmult_ristretto255_base(unsigned char *q, + const unsigned char *n) + __attribute__ ((nonnull)); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/libsodium/include/sodium/private/common.h b/src/libsodium/include/sodium/private/common.h index 9a2f7fab..339e725b 100644 --- a/src/libsodium/include/sodium/private/common.h +++ b/src/libsodium/include/sodium/private/common.h @@ -1,7 +1,7 @@ #ifndef common_H #define common_H 1 -#if !defined(_MSC_VER) && 0 +#if !defined(_MSC_VER) && !defined(DEV_MODE) && 0 # warning *** This is unstable, untested, development code. # warning It might not compile. It might not work as expected. # warning It might be totally insecure. diff --git a/src/libsodium/include/sodium/private/ed25519_ref10.h b/src/libsodium/include/sodium/private/ed25519_ref10.h index 5af41591..3f4c45ca 100644 --- a/src/libsodium/include/sodium/private/ed25519_ref10.h +++ b/src/libsodium/include/sodium/private/ed25519_ref10.h @@ -110,6 +110,18 @@ int ge25519_has_small_order(const unsigned char s[32]); void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]); +void ge25519_from_hash(unsigned char s[32], const unsigned char h[64]); + +/* + Ristretto group + */ + +int ristretto255_frombytes(ge25519_p3 *h, const unsigned char *s); + +void ristretto255_p3_tobytes(unsigned char *s, const ge25519_p3 *h); + +void ristretto255_from_hash(unsigned char s[32], const unsigned char h[64]); + /* The set of scalars is \Z/l where l = 2^252 + 27742317777372353535851937790883648493. @@ -119,6 +131,9 @@ void sc25519_invert(unsigned char recip[32], const unsigned char s[32]); void sc25519_reduce(unsigned char s[64]); +void sc25519_mul(unsigned char s[32], const unsigned char a[32], + const unsigned char b[32]); + void sc25519_muladd(unsigned char s[32], const unsigned char a[32], const unsigned char b[32], const unsigned char c[32]); diff --git a/src/libsodium/include/sodium/randombytes_internal_random.h b/src/libsodium/include/sodium/randombytes_internal_random.h new file mode 100644 index 00000000..2b2b7d6e --- /dev/null +++ b/src/libsodium/include/sodium/randombytes_internal_random.h @@ -0,0 +1,22 @@ + +#ifndef randombytes_internal_random_H +#define randombytes_internal_random_H + +#include "export.h" +#include "randombytes.h" + +#ifdef __cplusplus +extern "C" { +#endif + +SODIUM_EXPORT +extern struct randombytes_implementation randombytes_internal_implementation; + +/* Backwards compatibility with libsodium < 1.0.18 */ +#define randombytes_salsa20_implementation randombytes_internal_implementation + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/libsodium/include/sodium/randombytes_nativeclient.h b/src/libsodium/include/sodium/randombytes_nativeclient.h deleted file mode 100644 index 5158d8c3..00000000 --- a/src/libsodium/include/sodium/randombytes_nativeclient.h +++ /dev/null @@ -1,23 +0,0 @@ - -#ifndef randombytes_nativeclient_H -#define randombytes_nativeclient_H - -#ifdef __native_client__ - -# include "export.h" -# include "randombytes.h" - -# ifdef __cplusplus -extern "C" { -# endif - -SODIUM_EXPORT -extern struct randombytes_implementation randombytes_nativeclient_implementation; - -# ifdef __cplusplus -} -# endif - -#endif - -#endif diff --git a/src/libsodium/include/sodium/randombytes_salsa20_random.h b/src/libsodium/include/sodium/randombytes_salsa20_random.h deleted file mode 100644 index 4deae15b..00000000 --- a/src/libsodium/include/sodium/randombytes_salsa20_random.h +++ /dev/null @@ -1,19 +0,0 @@ - -#ifndef randombytes_salsa20_random_H -#define randombytes_salsa20_random_H - -#include "export.h" -#include "randombytes.h" - -#ifdef __cplusplus -extern "C" { -#endif - -SODIUM_EXPORT -extern struct randombytes_implementation randombytes_salsa20_implementation; - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c b/src/libsodium/randombytes/internal/randombytes_internal_random.c similarity index 66% rename from src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c rename to src/libsodium/randombytes/internal/randombytes_internal_random.c index 8646fd30..f0794f80 100644 --- a/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +++ b/src/libsodium/randombytes/internal/randombytes_internal_random.c @@ -17,21 +17,24 @@ # include #endif #ifdef __linux__ -# ifdef __dietlibc__ -# define _LINUX_SOURCE -# include +# define _LINUX_SOURCE +#endif +#ifdef HAVE_SYS_RANDOM_H +# include +#endif +#ifdef __linux__ +# ifdef HAVE_GETRANDOM # define HAVE_LINUX_COMPATIBLE_GETRANDOM -# else /* __dietlibc__ */ +# else # include # if defined(SYS_getrandom) && defined(__NR_getrandom) # define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) # define HAVE_LINUX_COMPATIBLE_GETRANDOM # endif -# endif /* __dietlibc__ */ +# endif #elif defined(__FreeBSD__) # include # if defined(__FreeBSD_version) && __FreeBSD_version >= 1200000 -# include # define HAVE_LINUX_COMPATIBLE_GETRANDOM # endif #endif @@ -47,11 +50,11 @@ #endif #include "core.h" -#include "crypto_core_salsa20.h" -#include "crypto_stream_salsa20.h" +#include "crypto_core_hchacha20.h" +#include "crypto_stream_chacha20.h" #include "private/common.h" #include "randombytes.h" -#include "randombytes_salsa20_random.h" +#include "randombytes_internal_random.h" #include "runtime.h" #include "utils.h" @@ -70,11 +73,14 @@ BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength); # endif #endif -#define SALSA20_RANDOM_BLOCK_SIZE crypto_core_salsa20_OUTPUTBYTES +#define INTERNAL_RANDOM_BLOCK_SIZE crypto_core_hchacha20_OUTPUTBYTES #if defined(__OpenBSD__) || defined(__CloudABI__) || defined(__wasi__) # define HAVE_SAFE_ARC4RANDOM 1 #endif +#if defined(__CloudABI__) || defined(__wasm__) +# define NONEXISTENT_DEV_RANDOM 1 +#endif #ifndef SSIZE_MAX # define SSIZE_MAX (SIZE_MAX / 2 - 1) @@ -95,30 +101,31 @@ BOOLEAN NTAPI RtlGenRandom(PVOID RandomBuffer, ULONG RandomBufferLength); # endif #endif -typedef struct Salsa20RandomGlobal_ { +typedef struct InternalRandomGlobal_ { int initialized; int random_data_source_fd; + int getentropy_available; int getrandom_available; int rdrand_available; #ifdef HAVE_GETPID pid_t pid; #endif -} Salsa20RandomGlobal; +} InternalRandomGlobal; -typedef struct Salsa20Random_ { +typedef struct InternalRandom_ { int initialized; size_t rnd32_outleft; - unsigned char key[crypto_stream_salsa20_KEYBYTES]; - unsigned char rnd32[16U * SALSA20_RANDOM_BLOCK_SIZE]; + unsigned char key[crypto_stream_chacha20_KEYBYTES]; + unsigned char rnd32[16U * INTERNAL_RANDOM_BLOCK_SIZE]; uint64_t nonce; -} Salsa20Random; +} InternalRandom; -static Salsa20RandomGlobal global = { +static InternalRandomGlobal global = { SODIUM_C99(.initialized =) 0, SODIUM_C99(.random_data_source_fd =) -1 }; -static TLS Salsa20Random stream = { +static TLS InternalRandom stream = { SODIUM_C99(.initialized =) 0, SODIUM_C99(.rnd32_outleft =) (size_t) 0U }; @@ -145,14 +152,14 @@ sodium_hrtime(void) static uint64_t sodium_hrtime(void) { - struct timeval tv; + struct timeval tv; if (gettimeofday(&tv, NULL) != 0) { sodium_misuse(); /* LCOV_EXCL_LINE */ } return ((uint64_t) tv.tv_sec) * 1000000U + (uint64_t) tv.tv_usec; } -#endif +#endif /* _WIN32 */ /* * Initialize the entropy source @@ -161,107 +168,47 @@ sodium_hrtime(void) #ifdef _WIN32 static void -randombytes_salsa20_random_init(void) +randombytes_internal_random_init(void) { global.rdrand_available = sodium_runtime_has_rdrand(); } #else /* _WIN32 */ -static ssize_t -safe_read(const int fd, void * const buf_, size_t size) +# ifdef HAVE_GETENTROPY +static int +_randombytes_getentropy(void * const buf, const size_t size) +{ + assert(size <= 256U); + if (getentropy(buf, size) != 0) { + return -1; /* LCOV_EXCL_LINE */ + } + return 0; +} + +static int +randombytes_getentropy(void * const buf_, size_t size) { unsigned char *buf = (unsigned char *) buf_; - ssize_t readnb; + size_t chunk_size = 256U; - assert(size > (size_t) 0U); - assert(size <= SSIZE_MAX); do { - while ((readnb = read(fd, buf, size)) < (ssize_t) 0 && - (errno == EINTR || errno == EAGAIN)); /* LCOV_EXCL_LINE */ - if (readnb < (ssize_t) 0) { - return readnb; /* LCOV_EXCL_LINE */ + if (size < chunk_size) { + chunk_size = size; + assert(chunk_size > (size_t) 0U); } - if (readnb == (ssize_t) 0) { - break; /* LCOV_EXCL_LINE */ + if (_randombytes_getentropy(buf, chunk_size) != 0) { + return -1; /* LCOV_EXCL_LINE */ } - size -= (size_t) readnb; - buf += readnb; - } while (size > (ssize_t) 0); + size -= chunk_size; + buf += chunk_size; + } while (size > (size_t) 0U); - return (ssize_t) (buf - (unsigned char *) buf_); + return 0; } -# ifdef BLOCK_ON_DEV_RANDOM -static int -randombytes_block_on_dev_random(void) -{ - struct pollfd pfd; - int fd; - int pret; +# elif defined(HAVE_LINUX_COMPATIBLE_GETRANDOM) - fd = open("/dev/random", O_RDONLY); - if (fd == -1) { - return 0; - } - pfd.fd = fd; - pfd.events = POLLIN; - pfd.revents = 0; - do { - pret = poll(&pfd, 1, -1); - } while (pret < 0 && (errno == EINTR || errno == EAGAIN)); - if (pret != 1) { - (void) close(fd); - errno = EIO; - return -1; - } - return close(fd); -} -# endif - -# ifndef HAVE_SAFE_ARC4RANDOM -static int -randombytes_salsa20_random_random_dev_open(void) -{ -/* LCOV_EXCL_START */ - struct stat st; - static const char *devices[] = { -# ifndef USE_BLOCKING_RANDOM - "/dev/urandom", -# endif - "/dev/random", NULL - }; - const char **device = devices; - int fd; - -# ifdef BLOCK_ON_DEV_RANDOM - if (randombytes_block_on_dev_random() != 0) { - return -1; - } -# endif - do { - fd = open(*device, O_RDONLY); - if (fd != -1) { - if (fstat(fd, &st) == 0 && (S_ISNAM(st.st_mode) || S_ISCHR(st.st_mode))) { -# if defined(F_SETFD) && defined(FD_CLOEXEC) - (void) fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); -# endif - return fd; - } - (void) close(fd); - } else if (errno == EINTR) { - continue; - } - device++; - } while (*device != NULL); - - errno = EIO; - return -1; -/* LCOV_EXCL_STOP */ -} -# endif - -# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM static int _randombytes_linux_getrandom(void * const buf, const size_t size) { @@ -297,18 +244,121 @@ randombytes_linux_getrandom(void * const buf_, size_t size) } # endif +# ifndef NONEXISTENT_DEV_RANDOM + +# ifdef BLOCK_ON_DEV_RANDOM +static int +randombytes_block_on_dev_random(void) +{ + struct pollfd pfd; + int fd; + int pret; + + fd = open("/dev/random", O_RDONLY); + if (fd == -1) { + return 0; + } + pfd.fd = fd; + pfd.events = POLLIN; + pfd.revents = 0; + do { + pret = poll(&pfd, 1, -1); + } while (pret < 0 && (errno == EINTR || errno == EAGAIN)); + if (pret != 1) { + (void) close(fd); + errno = EIO; + return -1; + } + return close(fd); +} +# endif + +/* LCOV_EXCL_START */ +static int +randombytes_internal_random_random_dev_open(void) +{ + struct stat st; + static const char *devices[] = { +# ifndef USE_BLOCKING_RANDOM + "/dev/urandom", +# endif + "/dev/random", NULL + }; + const char **device = devices; + int fd; + +# ifdef BLOCK_ON_DEV_RANDOM + if (randombytes_block_on_dev_random() != 0) { + return -1; + } +# endif + do { + fd = open(*device, O_RDONLY); + if (fd != -1) { + if (fstat(fd, &st) == 0 && (S_ISNAM(st.st_mode) || S_ISCHR(st.st_mode))) { +# if defined(F_SETFD) && defined(FD_CLOEXEC) + (void) fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC); +# endif + return fd; + } + (void) close(fd); + } else if (errno == EINTR) { + continue; + } + device++; + } while (*device != NULL); + + errno = EIO; + return -1; +} +/* LCOV_EXCL_STOP */ + +static ssize_t +safe_read(const int fd, void * const buf_, size_t size) +{ + unsigned char *buf = (unsigned char *) buf_; + ssize_t readnb; + + assert(size > (size_t) 0U); + assert(size <= SSIZE_MAX); + do { + while ((readnb = read(fd, buf, size)) < (ssize_t) 0 && + (errno == EINTR || errno == EAGAIN)); /* LCOV_EXCL_LINE */ + if (readnb < (ssize_t) 0) { + return readnb; /* LCOV_EXCL_LINE */ + } + if (readnb == (ssize_t) 0) { + break; /* LCOV_EXCL_LINE */ + } + size -= (size_t) readnb; + buf += readnb; + } while (size > (ssize_t) 0); + + return (ssize_t) (buf - (unsigned char *) buf_); +} + +# endif /* !NONEXISTENT_DEV_RANDOM */ + static void -randombytes_salsa20_random_init(void) +randombytes_internal_random_init(void) { const int errno_save = errno; global.rdrand_available = sodium_runtime_has_rdrand(); + global.getentropy_available = 0; + global.getrandom_available = 0; -# ifdef HAVE_SAFE_ARC4RANDOM - errno = errno_save; -# else +# ifdef HAVE_GETENTROPY + { + unsigned char fodder[16]; -# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM + if (randombytes_getentropy(fodder, sizeof fodder) == 0) { + global.getentropy_available = 1; + errno = errno_save; + return; + } + } +# elif defined(HAVE_LINUX_COMPATIBLE_GETRANDOM) { unsigned char fodder[16]; @@ -317,16 +367,22 @@ randombytes_salsa20_random_init(void) errno = errno_save; return; } - global.getrandom_available = 0; } -# endif /* HAVE_LINUX_COMPATIBLE_GETRANDOM */ - +# endif +/* LCOV_EXCL_START */ +# if !defined(NONEXISTENT_DEV_RANDOM) + assert((global.getentropy_available | global.getrandom_available) == 0); if ((global.random_data_source_fd = - randombytes_salsa20_random_random_dev_open()) == -1) { + randombytes_internal_random_random_dev_open()) == -1) { sodium_misuse(); /* LCOV_EXCL_LINE */ } errno = errno_save; -# endif /* HAVE_SAFE_ARC4RANDOM */ + return; +# endif +/* LCOV_EXCL_STOP */ +# ifndef HAVE_SAFE_ARC4RANDOM + sodium_misuse(); +# endif } #endif /* _WIN32 */ @@ -336,14 +392,14 @@ randombytes_salsa20_random_init(void) */ static void -randombytes_salsa20_random_stir(void) +randombytes_internal_random_stir(void) { stream.nonce = sodium_hrtime(); assert(stream.nonce != (uint64_t) 0U); memset(stream.rnd32, 0, sizeof stream.rnd32); stream.rnd32_outleft = (size_t) 0U; if (global.initialized == 0) { - randombytes_salsa20_random_init(); + randombytes_internal_random_init(); global.initialized = 1; } #ifdef HAVE_GETPID @@ -352,24 +408,28 @@ randombytes_salsa20_random_stir(void) #ifndef _WIN32 -# ifdef HAVE_SAFE_ARC4RANDOM - arc4random_buf(stream.key, sizeof stream.key); +# ifdef HAVE_GETENTROPY + if (global.getentropy_available != 0) { + if (randombytes_getentropy(stream.key, sizeof stream.key) != 0) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + } # elif defined(HAVE_LINUX_COMPATIBLE_GETRANDOM) - if (global.getrandom_available != 0) { - if (randombytes_linux_getrandom(stream.key, sizeof stream.key) != 0) { - sodium_misuse(); /* LCOV_EXCL_LINE */ - } - } else if (global.random_data_source_fd == -1 || - safe_read(global.random_data_source_fd, stream.key, - sizeof stream.key) != (ssize_t) sizeof stream.key) { - sodium_misuse(); /* LCOV_EXCL_LINE */ - } -# else + if (global.getrandom_available != 0) { + if (randombytes_linux_getrandom(stream.key, sizeof stream.key) != 0) { + sodium_misuse(); /* LCOV_EXCL_LINE */ + } + } +# elif defined(NONEXISTENT_DEV_RANDOM) && defined(HAVE_SAFE_ARC4RANDOM) + arc4random_buf(stream.key, sizeof stream.key); +# elif !defined(NONEXISTENT_DEV_RANDOM) if (global.random_data_source_fd == -1 || safe_read(global.random_data_source_fd, stream.key, sizeof stream.key) != (ssize_t) sizeof stream.key) { sodium_misuse(); /* LCOV_EXCL_LINE */ } +# else + sodium_misuse(); # endif #else /* _WIN32 */ @@ -386,17 +446,17 @@ randombytes_salsa20_random_stir(void) */ static void -randombytes_salsa20_random_stir_if_needed(void) +randombytes_internal_random_stir_if_needed(void) { #ifdef HAVE_GETPID if (stream.initialized == 0) { - randombytes_salsa20_random_stir(); + randombytes_internal_random_stir(); } else if (global.pid != getpid()) { sodium_misuse(); /* LCOV_EXCL_LINE */ } #else if (stream.initialized == 0) { - randombytes_salsa20_random_stir(); + randombytes_internal_random_stir(); } #endif } @@ -407,7 +467,7 @@ randombytes_salsa20_random_stir_if_needed(void) #ifdef _WIN32 static int -randombytes_salsa20_random_close(void) +randombytes_internal_random_close(void) { int ret = -1; @@ -421,10 +481,21 @@ randombytes_salsa20_random_close(void) } #else static int -randombytes_salsa20_random_close(void) +randombytes_internal_random_close(void) { int ret = -1; +# ifdef HAVE_GETENTROPY + if (global.getentropy_available != 0) { + ret = 0; + } +# elif defined(HAVE_LINUX_COMPATIBLE_GETRANDOM) + if (global.getrandom_available != 0) { + ret = 0; + } +# elif !defined(NONEXISTENT_DEV_RANDOM) && defined(HAVE_SAFE_ARC4RANDOM) + ret = 0; +# else if (global.random_data_source_fd != -1 && close(global.random_data_source_fd) == 0) { global.random_data_source_fd = -1; @@ -434,15 +505,6 @@ randombytes_salsa20_random_close(void) # endif ret = 0; } - -# ifdef HAVE_SAFE_ARC4RANDOM - ret = 0; -# endif - -# ifdef HAVE_LINUX_COMPATIBLE_GETRANDOM - if (global.getrandom_available != 0) { - ret = 0; - } # endif sodium_memzero(&stream, sizeof stream); @@ -456,7 +518,7 @@ randombytes_salsa20_random_close(void) */ static void -randombytes_salsa20_random_xorhwrand(void) +randombytes_internal_random_xorhwrand(void) { /* LCOV_EXCL_START */ #ifdef HAVE_RDRAND @@ -467,7 +529,7 @@ randombytes_salsa20_random_xorhwrand(void) } (void) _rdrand32_step(&r); * (uint32_t *) (void *) - &stream.key[crypto_stream_salsa20_KEYBYTES - 4] ^= (uint32_t) r; + &stream.key[crypto_stream_chacha20_KEYBYTES - 4] ^= (uint32_t) r; #endif /* LCOV_EXCL_STOP */ } @@ -477,7 +539,7 @@ randombytes_salsa20_random_xorhwrand(void) */ static inline void -randombytes_salsa20_random_xorkey(const unsigned char * const mix) +randombytes_internal_random_xorkey(const unsigned char * const mix) { unsigned char *key = stream.key; size_t i; @@ -492,29 +554,29 @@ randombytes_salsa20_random_xorkey(const unsigned char * const mix) */ static void -randombytes_salsa20_random_buf(void * const buf, const size_t size) +randombytes_internal_random_buf(void * const buf, const size_t size) { size_t i; int ret; - randombytes_salsa20_random_stir_if_needed(); - COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_salsa20_NONCEBYTES); + randombytes_internal_random_stir_if_needed(); + COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_chacha20_NONCEBYTES); #if defined(ULLONG_MAX) && defined(SIZE_MAX) # if SIZE_MAX > ULLONG_MAX /* coverity[result_independent_of_operands] */ assert(size <= ULLONG_MAX); # endif #endif - ret = crypto_stream_salsa20((unsigned char *) buf, (unsigned long long) size, - (unsigned char *) &stream.nonce, stream.key); + ret = crypto_stream_chacha20((unsigned char *) buf, (unsigned long long) size, + (unsigned char *) &stream.nonce, stream.key); assert(ret == 0); for (i = 0U; i < sizeof size; i++) { stream.key[i] ^= ((const unsigned char *) (const void *) &size)[i]; } - randombytes_salsa20_random_xorhwrand(); + randombytes_internal_random_xorhwrand(); stream.nonce++; - crypto_stream_salsa20_xor(stream.key, stream.key, sizeof stream.key, - (unsigned char *) &stream.nonce, stream.key); + crypto_stream_chacha20_xor(stream.key, stream.key, sizeof stream.key, + (unsigned char *) &stream.nonce, stream.key); } /* @@ -524,7 +586,7 @@ randombytes_salsa20_random_buf(void * const buf, const size_t size) */ static uint32_t -randombytes_salsa20_random(void) +randombytes_internal_random(void) { uint32_t val; int ret; @@ -533,16 +595,16 @@ randombytes_salsa20_random(void) COMPILER_ASSERT(((sizeof stream.rnd32) - (sizeof stream.key)) % sizeof val == (size_t) 0U); if (stream.rnd32_outleft <= (size_t) 0U) { - randombytes_salsa20_random_stir_if_needed(); - COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_salsa20_NONCEBYTES); - ret = crypto_stream_salsa20((unsigned char *) stream.rnd32, - (unsigned long long) sizeof stream.rnd32, - (unsigned char *) &stream.nonce, - stream.key); + randombytes_internal_random_stir_if_needed(); + COMPILER_ASSERT(sizeof stream.nonce == crypto_stream_chacha20_NONCEBYTES); + ret = crypto_stream_chacha20((unsigned char *) stream.rnd32, + (unsigned long long) sizeof stream.rnd32, + (unsigned char *) &stream.nonce, + stream.key); assert(ret == 0); stream.rnd32_outleft = (sizeof stream.rnd32) - (sizeof stream.key); - randombytes_salsa20_random_xorhwrand(); - randombytes_salsa20_random_xorkey(&stream.rnd32[stream.rnd32_outleft]); + randombytes_internal_random_xorhwrand(); + randombytes_internal_random_xorkey(&stream.rnd32[stream.rnd32_outleft]); memset(&stream.rnd32[stream.rnd32_outleft], 0, sizeof stream.key); stream.nonce++; } @@ -554,16 +616,16 @@ randombytes_salsa20_random(void) } static const char * -randombytes_salsa20_implementation_name(void) +randombytes_internal_implementation_name(void) { - return "salsa20"; + return "internal"; } -struct randombytes_implementation randombytes_salsa20_implementation = { - SODIUM_C99(.implementation_name =) randombytes_salsa20_implementation_name, - SODIUM_C99(.random =) randombytes_salsa20_random, - SODIUM_C99(.stir =) randombytes_salsa20_random_stir, +struct randombytes_implementation randombytes_internal_implementation = { + SODIUM_C99(.implementation_name =) randombytes_internal_implementation_name, + SODIUM_C99(.random =) randombytes_internal_random, + SODIUM_C99(.stir =) randombytes_internal_random_stir, SODIUM_C99(.uniform =) NULL, - SODIUM_C99(.buf =) randombytes_salsa20_random_buf, - SODIUM_C99(.close =) randombytes_salsa20_random_close + SODIUM_C99(.buf =) randombytes_internal_random_buf, + SODIUM_C99(.close =) randombytes_internal_random_close }; diff --git a/src/libsodium/randombytes/nativeclient/randombytes_nativeclient.c b/src/libsodium/randombytes/nativeclient/randombytes_nativeclient.c deleted file mode 100644 index 85ffa9b2..00000000 --- a/src/libsodium/randombytes/nativeclient/randombytes_nativeclient.c +++ /dev/null @@ -1,61 +0,0 @@ - -#include -#include -#include - -#ifdef __native_client__ -# include - -# include "core.h" -# include "utils.h" -# include "randombytes.h" -# include "randombytes_nativeclient.h" - -static void -randombytes_nativeclient_buf(void * const buf, const size_t size) -{ - unsigned char *buf_ = (unsigned char *) buf; - struct nacl_irt_random rand_intf; - size_t readnb = (size_t) 0U; - size_t toread = size; - - if (nacl_interface_query(NACL_IRT_RANDOM_v0_1, &rand_intf, - sizeof rand_intf) != sizeof rand_intf) { - sodium_misuse(); - } - while (toread > (size_t) 0U) { - if (rand_intf.get_random_bytes(buf_, size, &readnb) != 0 || - readnb > size) { - sodium_misuse(); - } - toread -= readnb; - buf_ += readnb; - } -} - -static uint32_t -randombytes_nativeclient_random(void) -{ - uint32_t r; - - randombytes_nativeclient_buf(&r, sizeof r); - - return r; -} - -static const char * -randombytes_nativeclient_implementation_name(void) -{ - return "nativeclient"; -} - -struct randombytes_implementation randombytes_nativeclient_implementation = { - SODIUM_C99(.implementation_name =) randombytes_nativeclient_implementation_name, - SODIUM_C99(.random =) randombytes_nativeclient_random, - SODIUM_C99(.stir =) NULL, - SODIUM_C99(.uniform =) NULL, - SODIUM_C99(.buf =) randombytes_nativeclient_buf, - SODIUM_C99(.close =) NULL -}; - -#endif diff --git a/src/libsodium/randombytes/randombytes.c b/src/libsodium/randombytes/randombytes.c index 4c1a536e..8ac085fc 100644 --- a/src/libsodium/randombytes/randombytes.c +++ b/src/libsodium/randombytes/randombytes.c @@ -13,14 +13,11 @@ #include "core.h" #include "crypto_stream_chacha20.h" #include "randombytes.h" -#ifdef RANDOMBYTES_DEFAULT_IMPLEMENTATION -# include "randombytes_default.h" -#else -# ifdef __native_client__ -# include "randombytes_nativeclient.h" -# else -# include "randombytes_sysrandom.h" +#ifndef RANDOMBYTES_CUSTOM_IMPLEMENTATION +# ifdef RANDOMBYTES_DEFAULT_IMPLEMENTATION +# include "randombytes_internal.h" # endif +# include "randombytes_sysrandom.h" #endif #include "private/common.h" @@ -33,11 +30,7 @@ static const randombytes_implementation *implementation; # ifdef __EMSCRIPTEN__ # define RANDOMBYTES_DEFAULT_IMPLEMENTATION NULL # else -# ifdef __native_client__ -# define RANDOMBYTES_DEFAULT_IMPLEMENTATION &randombytes_nativeclient_implementation; -# else -# define RANDOMBYTES_DEFAULT_IMPLEMENTATION &randombytes_sysrandom_implementation; -# endif +# define RANDOMBYTES_DEFAULT_IMPLEMENTATION &randombytes_sysrandom_implementation; # endif #endif diff --git a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c index 3b07e58c..6657e8e6 100644 --- a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c +++ b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c @@ -8,29 +8,32 @@ #ifndef _WIN32 # include #endif - #include + #include #ifndef _WIN32 # include # include #endif #ifdef __linux__ -# ifdef __dietlibc__ -# define _LINUX_SOURCE -# include +# define _LINUX_SOURCE +#endif +#ifdef HAVE_SYS_RANDOM_H +# include +#endif +#ifdef __linux__ +# ifdef HAVE_GETRANDOM # define HAVE_LINUX_COMPATIBLE_GETRANDOM -# else /* __dietlibc__ */ +# else # include # if defined(SYS_getrandom) && defined(__NR_getrandom) # define getrandom(B, S, F) syscall(SYS_getrandom, (B), (int) (S), (F)) # define HAVE_LINUX_COMPATIBLE_GETRANDOM # endif -# endif /* __dietlibc */ +# endif #elif defined(__FreeBSD__) # include # if defined(__FreeBSD_version) && __FreeBSD_version >= 1200000 -# include # define HAVE_LINUX_COMPATIBLE_GETRANDOM # endif #endif @@ -105,7 +108,7 @@ randombytes_sysrandom_close(void) return 0; } -#else /* __OpenBSD__ */ +#else /* HAVE_SAFE_ARC4RANDOM */ typedef struct SysRandom_ { int random_data_source_fd; @@ -375,7 +378,7 @@ randombytes_sysrandom(void) return r; } -#endif /* __OpenBSD__ */ +#endif /* HAVE_SAFE_ARC4RANDOM */ static const char * randombytes_sysrandom_implementation_name(void) diff --git a/src/libsodium/sodium/core.c b/src/libsodium/sodium/core.c index f2456fe1..7a6943d1 100644 --- a/src/libsodium/sodium/core.c +++ b/src/libsodium/sodium/core.c @@ -136,7 +136,7 @@ sodium_crit_leave(void) return pthread_mutex_unlock(&_sodium_lock); } -#elif defined(HAVE_ATOMIC_OPS) && !defined(__EMSCRIPTEN__) && !defined(__native_client__) +#elif defined(HAVE_ATOMIC_OPS) && !defined(__EMSCRIPTEN__) static volatile int _sodium_lock; diff --git a/src/libsodium/sodium/runtime.c b/src/libsodium/sodium/runtime.c index a5a89bca..9dfe54f8 100644 --- a/src/libsodium/sodium/runtime.c +++ b/src/libsodium/sodium/runtime.c @@ -203,11 +203,13 @@ _sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features) unsigned int cpu_info7[4]; _cpuid(cpu_info7, 0x00000007); + /* LCOV_EXCL_START */ if ((cpu_info7[1] & CPUID_EBX_AVX512F) == CPUID_EBX_AVX512F && (xcr0 & (XCR0_OPMASK | XCR0_ZMM_HI256 | XCR0_HI16_ZMM)) == (XCR0_OPMASK | XCR0_ZMM_HI256 | XCR0_HI16_ZMM)) { cpu_features->has_avx512f = 1; } + /* LCOV_EXCL_STOP */ } #endif diff --git a/test/default/Makefile.am b/test/default/Makefile.am index 12869590..59f8595c 100644 --- a/test/default/Makefile.am +++ b/test/default/Makefile.am @@ -1,6 +1,7 @@ EXTRA_DIST = \ cmptest.h \ + wasi-test-wrapper.sh \ wintest.bat \ pre.js.inc \ aead_aes256gcm.exp \ @@ -25,6 +26,7 @@ EXTRA_DIST = \ chacha20.exp \ codecs.exp \ core_ed25519.exp \ + core_ristretto255.exp \ core1.exp \ core2.exp \ core3.exp \ @@ -53,6 +55,7 @@ EXTRA_DIST = \ randombytes.exp \ scalarmult.exp \ scalarmult_ed25519.exp \ + scalarmult_ristretto255.exp \ scalarmult2.exp \ scalarmult5.exp \ scalarmult6.exp \ @@ -103,6 +106,7 @@ DISTCLEANFILES = \ chacha20.res \ codecs.res \ core_ed25519.res \ + core_ristretto255.res \ core1.res \ core2.res \ core3.res \ @@ -131,6 +135,7 @@ DISTCLEANFILES = \ randombytes.res \ scalarmult.res \ scalarmult_ed25519.res \ + scalarmult_ristretto255.res \ scalarmult2.res \ scalarmult5.res \ scalarmult6.res \ @@ -158,158 +163,6 @@ DISTCLEANFILES = \ verify1.res \ xchacha20.res -if NATIVECLIENT -CLEANFILES = \ - aead_aes256gcm.final \ - aead_aes256gcm2.final \ - aead_chacha20poly1305.final \ - aead_chacha20poly13052.final \ - aead_xchacha20poly1305.final \ - auth.final \ - auth2.final \ - auth3.final \ - auth5.final \ - auth6.final \ - auth7.final \ - box.final \ - box2.final \ - box7.final \ - box8.final \ - box_easy.final \ - box_easy2.final \ - box_seal.final \ - box_seed.final \ - chacha20.final \ - codecs.final \ - core_ed25519.final \ - core1.final \ - core2.final \ - core3.final \ - core4.final \ - core5.final \ - core6.final \ - ed25519_convert.final \ - generichash.final \ - generichash2.final \ - generichash3.final \ - hash.final \ - hash2.final \ - hash3.final \ - kdf.final \ - keygen.final \ - kx.final \ - metamorphic.final \ - misuse.final \ - onetimeauth.final \ - onetimeauth2.final \ - onetimeauth7.final \ - pwhash_argon2i.final \ - pwhash_argon2id.final \ - pwhash_scrypt.final \ - pwhash_scrypt_ll.final \ - randombytes.final \ - scalarmult.final \ - scalarmult_ed25519.final \ - scalarmult2.final \ - scalarmult5.final \ - scalarmult6.final \ - scalarmult7.final \ - scalarmult8.final \ - secretbox.final \ - secretbox2.final \ - secretbox7.final \ - secretbox8.final \ - secretbox_easy.final \ - secretbox_easy2.final \ - secretstream.final \ - shorthash.final \ - sign.final \ - siphashx24.final \ - sodium_core.final \ - sodium_utils.final \ - sodium_version.final \ - stream.final \ - stream2.final \ - stream3.final \ - stream4.final \ - verify1.final \ - xchacha20.final \ - aead_aes256gcm.nexe \ - aead_aes256gcm2.nexe \ - aead_chacha20poly1305.nexe \ - aead_chacha20poly13052.nexe \ - aead_xchacha20poly1305.nexe \ - auth.nexe \ - auth2.nexe \ - auth3.nexe \ - auth5.nexe \ - auth6.nexe \ - auth7.nexe \ - box.nexe \ - box2.nexe \ - box7.nexe \ - box8.nexe \ - box_easy.nexe \ - box_easy2.nexe \ - box_seal.nexe \ - box_seed.nexe \ - chacha20.nexe \ - codecs.nexe \ - core_ed25519.nexe \ - core1.nexe \ - core2.nexe \ - core3.nexe \ - core4.nexe \ - core5.nexe \ - core6.nexe \ - ed25519_convert.nexe \ - generichash.nexe \ - generichash2.nexe \ - generichash3.nexe \ - hash.nexe \ - hash2.nexe \ - hash3.nexe \ - kdf.nexe \ - keygen.nexe \ - kx.nexe \ - metamorphic.nexe \ - misuse.nexe \ - onetimeauth.nexe \ - onetimeauth2.nexe \ - onetimeauth7.nexe \ - pwhash_argon2i.nexe \ - pwhash_argon2id.nexe \ - pwhash_scrypt.nexe \ - pwhash_scrypt_ll.nexe \ - randombytes.nexe \ - scalarmult.nexe \ - scalarmult_ed25519.nexe \ - scalarmult2.nexe \ - scalarmult5.nexe \ - scalarmult6.nexe \ - scalarmult7.nexe \ - scalarmult8.nexe \ - secretbox.nexe \ - secretbox2.nexe \ - secretbox7.nexe \ - secretbox8.nexe \ - secretbox_easy.nexe \ - secretbox_easy2.nexe \ - secretstream.nexe \ - shorthash.nexe \ - sign.nexe \ - siphashx24.nexe \ - sodium_core.nexe \ - sodium_utils.nexe \ - sodium_version.nexe \ - stream.nexe \ - stream2.nexe \ - stream3.nexe \ - stream4.nexe \ - verify1.nexe \ - xchacha20.nexe -endif - AM_CPPFLAGS = \ -DTEST_SRCDIR=\"@srcdir@\" \ -I$(top_srcdir)/src/libsodium/include \ @@ -390,12 +243,10 @@ TESTS_TARGETS = \ verify1 if !EMSCRIPTEN -if !NATIVECLIENT TESTS_TARGETS += \ sodium_utils2 \ sodium_utils3 endif -endif check_PROGRAMS = $(TESTS_TARGETS) @@ -470,6 +321,9 @@ codecs_LDADD = $(TESTS_LDADD) core_ed25519_SOURCE = cmptest.h core_ed25519.c core_ed25519_LDADD = $(TESTS_LDADD) +core_ristretto255_SOURCE = cmptest.h core_ristretto255.c +core_ristretto255_LDADD = $(TESTS_LDADD) + core1_SOURCE = cmptest.h core1.c core1_LDADD = $(TESTS_LDADD) @@ -551,6 +405,9 @@ scalarmult_LDADD = $(TESTS_LDADD) scalarmult_ed25519_SOURCE = cmptest.h scalarmult_ed25519.c scalarmult_ed25519_LDADD = $(TESTS_LDADD) +scalarmult_ristretto255_SOURCE = cmptest.h scalarmult_ristretto255.c +scalarmult_ristretto255_LDADD = $(TESTS_LDADD) + scalarmult2_SOURCE = cmptest.h scalarmult2.c scalarmult2_LDADD = $(TESTS_LDADD) @@ -632,15 +489,17 @@ xchacha20_LDADD = $(TESTS_LDADD) if !MINIMAL TESTS_TARGETS += \ core_ed25519 \ + core_ristretto255 \ pwhash_scrypt \ pwhash_scrypt_ll \ scalarmult_ed25519 \ + scalarmult_ristretto255 \ siphashx24 \ xchacha20 endif -if NATIVECLIENT -LOG_COMPILER = ./nacl-test-wrapper.sh +if WASI +LOG_COMPILER = ./wasi-test-wrapper.sh endif verify: check diff --git a/test/default/Makefile.in b/test/default/Makefile.in index 4c5027e7..c508d3ae 100644 --- a/test/default/Makefile.in +++ b/test/default/Makefile.in @@ -87,17 +87,19 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -@EMSCRIPTEN_FALSE@@NATIVECLIENT_FALSE@am__append_1 = \ -@EMSCRIPTEN_FALSE@@NATIVECLIENT_FALSE@ sodium_utils2 \ -@EMSCRIPTEN_FALSE@@NATIVECLIENT_FALSE@ sodium_utils3 +@EMSCRIPTEN_FALSE@am__append_1 = \ +@EMSCRIPTEN_FALSE@ sodium_utils2 \ +@EMSCRIPTEN_FALSE@ sodium_utils3 check_PROGRAMS = $(am__EXEEXT_3) TESTS = $(am__EXEEXT_3) @MINIMAL_FALSE@am__append_2 = \ @MINIMAL_FALSE@ core_ed25519 \ +@MINIMAL_FALSE@ core_ristretto255 \ @MINIMAL_FALSE@ pwhash_scrypt \ @MINIMAL_FALSE@ pwhash_scrypt_ll \ @MINIMAL_FALSE@ scalarmult_ed25519 \ +@MINIMAL_FALSE@ scalarmult_ristretto255 \ @MINIMAL_FALSE@ siphashx24 \ @MINIMAL_FALSE@ xchacha20 @@ -120,14 +122,15 @@ DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -@EMSCRIPTEN_FALSE@@NATIVECLIENT_FALSE@am__EXEEXT_1 = \ -@EMSCRIPTEN_FALSE@@NATIVECLIENT_FALSE@ sodium_utils2$(EXEEXT) \ -@EMSCRIPTEN_FALSE@@NATIVECLIENT_FALSE@ sodium_utils3$(EXEEXT) +@EMSCRIPTEN_FALSE@am__EXEEXT_1 = sodium_utils2$(EXEEXT) \ +@EMSCRIPTEN_FALSE@ sodium_utils3$(EXEEXT) @MINIMAL_FALSE@am__EXEEXT_2 = core_ed25519$(EXEEXT) \ +@MINIMAL_FALSE@ core_ristretto255$(EXEEXT) \ @MINIMAL_FALSE@ pwhash_scrypt$(EXEEXT) \ @MINIMAL_FALSE@ pwhash_scrypt_ll$(EXEEXT) \ -@MINIMAL_FALSE@ scalarmult_ed25519$(EXEEXT) siphashx24$(EXEEXT) \ -@MINIMAL_FALSE@ xchacha20$(EXEEXT) +@MINIMAL_FALSE@ scalarmult_ed25519$(EXEEXT) \ +@MINIMAL_FALSE@ scalarmult_ristretto255$(EXEEXT) \ +@MINIMAL_FALSE@ siphashx24$(EXEEXT) xchacha20$(EXEEXT) am__EXEEXT_3 = aead_aes256gcm$(EXEEXT) aead_aes256gcm2$(EXEEXT) \ aead_chacha20poly1305$(EXEEXT) aead_chacha20poly13052$(EXEEXT) \ aead_xchacha20poly1305$(EXEEXT) auth$(EXEEXT) auth2$(EXEEXT) \ @@ -240,6 +243,9 @@ core6_DEPENDENCIES = $(TESTS_LDADD) core_ed25519_SOURCES = core_ed25519.c core_ed25519_OBJECTS = core_ed25519.$(OBJEXT) core_ed25519_DEPENDENCIES = $(TESTS_LDADD) +core_ristretto255_SOURCES = core_ristretto255.c +core_ristretto255_OBJECTS = core_ristretto255.$(OBJEXT) +core_ristretto255_DEPENDENCIES = $(TESTS_LDADD) ed25519_convert_SOURCES = ed25519_convert.c ed25519_convert_OBJECTS = ed25519_convert.$(OBJEXT) ed25519_convert_DEPENDENCIES = $(TESTS_LDADD) @@ -318,6 +324,9 @@ scalarmult8_DEPENDENCIES = $(TESTS_LDADD) scalarmult_ed25519_SOURCES = scalarmult_ed25519.c scalarmult_ed25519_OBJECTS = scalarmult_ed25519.$(OBJEXT) scalarmult_ed25519_DEPENDENCIES = $(TESTS_LDADD) +scalarmult_ristretto255_SOURCES = scalarmult_ristretto255.c +scalarmult_ristretto255_OBJECTS = scalarmult_ristretto255.$(OBJEXT) +scalarmult_ristretto255_DEPENDENCIES = $(TESTS_LDADD) secretbox_SOURCES = secretbox.c secretbox_OBJECTS = secretbox.$(OBJEXT) secretbox_DEPENDENCIES = $(TESTS_LDADD) @@ -409,19 +418,21 @@ am__depfiles_remade = ./$(DEPDIR)/aead_aes256gcm.Po \ ./$(DEPDIR)/chacha20.Po ./$(DEPDIR)/codecs.Po \ ./$(DEPDIR)/core1.Po ./$(DEPDIR)/core2.Po ./$(DEPDIR)/core3.Po \ ./$(DEPDIR)/core4.Po ./$(DEPDIR)/core5.Po ./$(DEPDIR)/core6.Po \ - ./$(DEPDIR)/core_ed25519.Po ./$(DEPDIR)/ed25519_convert.Po \ - ./$(DEPDIR)/generichash.Po ./$(DEPDIR)/generichash2.Po \ - ./$(DEPDIR)/generichash3.Po ./$(DEPDIR)/hash.Po \ - ./$(DEPDIR)/hash3.Po ./$(DEPDIR)/kdf.Po ./$(DEPDIR)/keygen.Po \ - ./$(DEPDIR)/kx.Po ./$(DEPDIR)/metamorphic.Po \ - ./$(DEPDIR)/misuse.Po ./$(DEPDIR)/onetimeauth.Po \ - ./$(DEPDIR)/onetimeauth2.Po ./$(DEPDIR)/onetimeauth7.Po \ - ./$(DEPDIR)/pwhash_argon2i.Po ./$(DEPDIR)/pwhash_argon2id.Po \ - ./$(DEPDIR)/pwhash_scrypt.Po ./$(DEPDIR)/pwhash_scrypt_ll.Po \ - ./$(DEPDIR)/randombytes.Po ./$(DEPDIR)/scalarmult.Po \ - ./$(DEPDIR)/scalarmult2.Po ./$(DEPDIR)/scalarmult5.Po \ - ./$(DEPDIR)/scalarmult6.Po ./$(DEPDIR)/scalarmult7.Po \ - ./$(DEPDIR)/scalarmult8.Po ./$(DEPDIR)/scalarmult_ed25519.Po \ + ./$(DEPDIR)/core_ed25519.Po ./$(DEPDIR)/core_ristretto255.Po \ + ./$(DEPDIR)/ed25519_convert.Po ./$(DEPDIR)/generichash.Po \ + ./$(DEPDIR)/generichash2.Po ./$(DEPDIR)/generichash3.Po \ + ./$(DEPDIR)/hash.Po ./$(DEPDIR)/hash3.Po ./$(DEPDIR)/kdf.Po \ + ./$(DEPDIR)/keygen.Po ./$(DEPDIR)/kx.Po \ + ./$(DEPDIR)/metamorphic.Po ./$(DEPDIR)/misuse.Po \ + ./$(DEPDIR)/onetimeauth.Po ./$(DEPDIR)/onetimeauth2.Po \ + ./$(DEPDIR)/onetimeauth7.Po ./$(DEPDIR)/pwhash_argon2i.Po \ + ./$(DEPDIR)/pwhash_argon2id.Po ./$(DEPDIR)/pwhash_scrypt.Po \ + ./$(DEPDIR)/pwhash_scrypt_ll.Po ./$(DEPDIR)/randombytes.Po \ + ./$(DEPDIR)/scalarmult.Po ./$(DEPDIR)/scalarmult2.Po \ + ./$(DEPDIR)/scalarmult5.Po ./$(DEPDIR)/scalarmult6.Po \ + ./$(DEPDIR)/scalarmult7.Po ./$(DEPDIR)/scalarmult8.Po \ + ./$(DEPDIR)/scalarmult_ed25519.Po \ + ./$(DEPDIR)/scalarmult_ristretto255.Po \ ./$(DEPDIR)/secretbox.Po ./$(DEPDIR)/secretbox2.Po \ ./$(DEPDIR)/secretbox7.Po ./$(DEPDIR)/secretbox8.Po \ ./$(DEPDIR)/secretbox_easy.Po ./$(DEPDIR)/secretbox_easy2.Po \ @@ -457,13 +468,14 @@ SOURCES = aead_aes256gcm.c aead_aes256gcm2.c aead_chacha20poly1305.c \ auth2.c auth3.c auth5.c auth6.c auth7.c box.c box2.c box7.c \ box8.c box_easy.c box_easy2.c box_seal.c box_seed.c chacha20.c \ codecs.c core1.c core2.c core3.c core4.c core5.c core6.c \ - core_ed25519.c ed25519_convert.c generichash.c generichash2.c \ - generichash3.c hash.c hash3.c kdf.c keygen.c kx.c \ - metamorphic.c misuse.c onetimeauth.c onetimeauth2.c \ - onetimeauth7.c pwhash_argon2i.c pwhash_argon2id.c \ - pwhash_scrypt.c pwhash_scrypt_ll.c randombytes.c scalarmult.c \ - scalarmult2.c scalarmult5.c scalarmult6.c scalarmult7.c \ - scalarmult8.c scalarmult_ed25519.c secretbox.c secretbox2.c \ + core_ed25519.c core_ristretto255.c ed25519_convert.c \ + generichash.c generichash2.c generichash3.c hash.c hash3.c \ + kdf.c keygen.c kx.c metamorphic.c misuse.c onetimeauth.c \ + onetimeauth2.c onetimeauth7.c pwhash_argon2i.c \ + pwhash_argon2id.c pwhash_scrypt.c pwhash_scrypt_ll.c \ + randombytes.c scalarmult.c scalarmult2.c scalarmult5.c \ + scalarmult6.c scalarmult7.c scalarmult8.c scalarmult_ed25519.c \ + scalarmult_ristretto255.c secretbox.c secretbox2.c \ secretbox7.c secretbox8.c secretbox_easy.c secretbox_easy2.c \ secretstream.c shorthash.c sign.c siphashx24.c sodium_core.c \ sodium_utils.c sodium_utils2.c sodium_utils3.c \ @@ -475,12 +487,13 @@ DIST_SOURCES = aead_aes256gcm.c aead_aes256gcm2.c \ auth6.c auth7.c box.c box2.c box7.c box8.c box_easy.c \ box_easy2.c box_seal.c box_seed.c chacha20.c codecs.c core1.c \ core2.c core3.c core4.c core5.c core6.c core_ed25519.c \ - ed25519_convert.c generichash.c generichash2.c generichash3.c \ - hash.c hash3.c kdf.c keygen.c kx.c metamorphic.c misuse.c \ - onetimeauth.c onetimeauth2.c onetimeauth7.c pwhash_argon2i.c \ - pwhash_argon2id.c pwhash_scrypt.c pwhash_scrypt_ll.c \ - randombytes.c scalarmult.c scalarmult2.c scalarmult5.c \ - scalarmult6.c scalarmult7.c scalarmult8.c scalarmult_ed25519.c \ + core_ristretto255.c ed25519_convert.c generichash.c \ + generichash2.c generichash3.c hash.c hash3.c kdf.c keygen.c \ + kx.c metamorphic.c misuse.c onetimeauth.c onetimeauth2.c \ + onetimeauth7.c pwhash_argon2i.c pwhash_argon2id.c \ + pwhash_scrypt.c pwhash_scrypt_ll.c randombytes.c scalarmult.c \ + scalarmult2.c scalarmult5.c scalarmult6.c scalarmult7.c \ + scalarmult8.c scalarmult_ed25519.c scalarmult_ristretto255.c \ secretbox.c secretbox2.c secretbox7.c secretbox8.c \ secretbox_easy.c secretbox_easy2.c secretstream.c shorthash.c \ sign.c siphashx24.c sodium_core.c sodium_utils.c \ @@ -879,6 +892,7 @@ valgrind_enabled_tools = @valgrind_enabled_tools@ valgrind_tools = @valgrind_tools@ EXTRA_DIST = \ cmptest.h \ + wasi-test-wrapper.sh \ wintest.bat \ pre.js.inc \ aead_aes256gcm.exp \ @@ -903,6 +917,7 @@ EXTRA_DIST = \ chacha20.exp \ codecs.exp \ core_ed25519.exp \ + core_ristretto255.exp \ core1.exp \ core2.exp \ core3.exp \ @@ -931,6 +946,7 @@ EXTRA_DIST = \ randombytes.exp \ scalarmult.exp \ scalarmult_ed25519.exp \ + scalarmult_ristretto255.exp \ scalarmult2.exp \ scalarmult5.exp \ scalarmult6.exp \ @@ -981,6 +997,7 @@ DISTCLEANFILES = \ chacha20.res \ codecs.res \ core_ed25519.res \ + core_ristretto255.res \ core1.res \ core2.res \ core3.res \ @@ -1009,6 +1026,7 @@ DISTCLEANFILES = \ randombytes.res \ scalarmult.res \ scalarmult_ed25519.res \ + scalarmult_ristretto255.res \ scalarmult2.res \ scalarmult5.res \ scalarmult6.res \ @@ -1036,156 +1054,6 @@ DISTCLEANFILES = \ verify1.res \ xchacha20.res -@NATIVECLIENT_TRUE@CLEANFILES = \ -@NATIVECLIENT_TRUE@ aead_aes256gcm.final \ -@NATIVECLIENT_TRUE@ aead_aes256gcm2.final \ -@NATIVECLIENT_TRUE@ aead_chacha20poly1305.final \ -@NATIVECLIENT_TRUE@ aead_chacha20poly13052.final \ -@NATIVECLIENT_TRUE@ aead_xchacha20poly1305.final \ -@NATIVECLIENT_TRUE@ auth.final \ -@NATIVECLIENT_TRUE@ auth2.final \ -@NATIVECLIENT_TRUE@ auth3.final \ -@NATIVECLIENT_TRUE@ auth5.final \ -@NATIVECLIENT_TRUE@ auth6.final \ -@NATIVECLIENT_TRUE@ auth7.final \ -@NATIVECLIENT_TRUE@ box.final \ -@NATIVECLIENT_TRUE@ box2.final \ -@NATIVECLIENT_TRUE@ box7.final \ -@NATIVECLIENT_TRUE@ box8.final \ -@NATIVECLIENT_TRUE@ box_easy.final \ -@NATIVECLIENT_TRUE@ box_easy2.final \ -@NATIVECLIENT_TRUE@ box_seal.final \ -@NATIVECLIENT_TRUE@ box_seed.final \ -@NATIVECLIENT_TRUE@ chacha20.final \ -@NATIVECLIENT_TRUE@ codecs.final \ -@NATIVECLIENT_TRUE@ core_ed25519.final \ -@NATIVECLIENT_TRUE@ core1.final \ -@NATIVECLIENT_TRUE@ core2.final \ -@NATIVECLIENT_TRUE@ core3.final \ -@NATIVECLIENT_TRUE@ core4.final \ -@NATIVECLIENT_TRUE@ core5.final \ -@NATIVECLIENT_TRUE@ core6.final \ -@NATIVECLIENT_TRUE@ ed25519_convert.final \ -@NATIVECLIENT_TRUE@ generichash.final \ -@NATIVECLIENT_TRUE@ generichash2.final \ -@NATIVECLIENT_TRUE@ generichash3.final \ -@NATIVECLIENT_TRUE@ hash.final \ -@NATIVECLIENT_TRUE@ hash2.final \ -@NATIVECLIENT_TRUE@ hash3.final \ -@NATIVECLIENT_TRUE@ kdf.final \ -@NATIVECLIENT_TRUE@ keygen.final \ -@NATIVECLIENT_TRUE@ kx.final \ -@NATIVECLIENT_TRUE@ metamorphic.final \ -@NATIVECLIENT_TRUE@ misuse.final \ -@NATIVECLIENT_TRUE@ onetimeauth.final \ -@NATIVECLIENT_TRUE@ onetimeauth2.final \ -@NATIVECLIENT_TRUE@ onetimeauth7.final \ -@NATIVECLIENT_TRUE@ pwhash_argon2i.final \ -@NATIVECLIENT_TRUE@ pwhash_argon2id.final \ -@NATIVECLIENT_TRUE@ pwhash_scrypt.final \ -@NATIVECLIENT_TRUE@ pwhash_scrypt_ll.final \ -@NATIVECLIENT_TRUE@ randombytes.final \ -@NATIVECLIENT_TRUE@ scalarmult.final \ -@NATIVECLIENT_TRUE@ scalarmult_ed25519.final \ -@NATIVECLIENT_TRUE@ scalarmult2.final \ -@NATIVECLIENT_TRUE@ scalarmult5.final \ -@NATIVECLIENT_TRUE@ scalarmult6.final \ -@NATIVECLIENT_TRUE@ scalarmult7.final \ -@NATIVECLIENT_TRUE@ scalarmult8.final \ -@NATIVECLIENT_TRUE@ secretbox.final \ -@NATIVECLIENT_TRUE@ secretbox2.final \ -@NATIVECLIENT_TRUE@ secretbox7.final \ -@NATIVECLIENT_TRUE@ secretbox8.final \ -@NATIVECLIENT_TRUE@ secretbox_easy.final \ -@NATIVECLIENT_TRUE@ secretbox_easy2.final \ -@NATIVECLIENT_TRUE@ secretstream.final \ -@NATIVECLIENT_TRUE@ shorthash.final \ -@NATIVECLIENT_TRUE@ sign.final \ -@NATIVECLIENT_TRUE@ siphashx24.final \ -@NATIVECLIENT_TRUE@ sodium_core.final \ -@NATIVECLIENT_TRUE@ sodium_utils.final \ -@NATIVECLIENT_TRUE@ sodium_version.final \ -@NATIVECLIENT_TRUE@ stream.final \ -@NATIVECLIENT_TRUE@ stream2.final \ -@NATIVECLIENT_TRUE@ stream3.final \ -@NATIVECLIENT_TRUE@ stream4.final \ -@NATIVECLIENT_TRUE@ verify1.final \ -@NATIVECLIENT_TRUE@ xchacha20.final \ -@NATIVECLIENT_TRUE@ aead_aes256gcm.nexe \ -@NATIVECLIENT_TRUE@ aead_aes256gcm2.nexe \ -@NATIVECLIENT_TRUE@ aead_chacha20poly1305.nexe \ -@NATIVECLIENT_TRUE@ aead_chacha20poly13052.nexe \ -@NATIVECLIENT_TRUE@ aead_xchacha20poly1305.nexe \ -@NATIVECLIENT_TRUE@ auth.nexe \ -@NATIVECLIENT_TRUE@ auth2.nexe \ -@NATIVECLIENT_TRUE@ auth3.nexe \ -@NATIVECLIENT_TRUE@ auth5.nexe \ -@NATIVECLIENT_TRUE@ auth6.nexe \ -@NATIVECLIENT_TRUE@ auth7.nexe \ -@NATIVECLIENT_TRUE@ box.nexe \ -@NATIVECLIENT_TRUE@ box2.nexe \ -@NATIVECLIENT_TRUE@ box7.nexe \ -@NATIVECLIENT_TRUE@ box8.nexe \ -@NATIVECLIENT_TRUE@ box_easy.nexe \ -@NATIVECLIENT_TRUE@ box_easy2.nexe \ -@NATIVECLIENT_TRUE@ box_seal.nexe \ -@NATIVECLIENT_TRUE@ box_seed.nexe \ -@NATIVECLIENT_TRUE@ chacha20.nexe \ -@NATIVECLIENT_TRUE@ codecs.nexe \ -@NATIVECLIENT_TRUE@ core_ed25519.nexe \ -@NATIVECLIENT_TRUE@ core1.nexe \ -@NATIVECLIENT_TRUE@ core2.nexe \ -@NATIVECLIENT_TRUE@ core3.nexe \ -@NATIVECLIENT_TRUE@ core4.nexe \ -@NATIVECLIENT_TRUE@ core5.nexe \ -@NATIVECLIENT_TRUE@ core6.nexe \ -@NATIVECLIENT_TRUE@ ed25519_convert.nexe \ -@NATIVECLIENT_TRUE@ generichash.nexe \ -@NATIVECLIENT_TRUE@ generichash2.nexe \ -@NATIVECLIENT_TRUE@ generichash3.nexe \ -@NATIVECLIENT_TRUE@ hash.nexe \ -@NATIVECLIENT_TRUE@ hash2.nexe \ -@NATIVECLIENT_TRUE@ hash3.nexe \ -@NATIVECLIENT_TRUE@ kdf.nexe \ -@NATIVECLIENT_TRUE@ keygen.nexe \ -@NATIVECLIENT_TRUE@ kx.nexe \ -@NATIVECLIENT_TRUE@ metamorphic.nexe \ -@NATIVECLIENT_TRUE@ misuse.nexe \ -@NATIVECLIENT_TRUE@ onetimeauth.nexe \ -@NATIVECLIENT_TRUE@ onetimeauth2.nexe \ -@NATIVECLIENT_TRUE@ onetimeauth7.nexe \ -@NATIVECLIENT_TRUE@ pwhash_argon2i.nexe \ -@NATIVECLIENT_TRUE@ pwhash_argon2id.nexe \ -@NATIVECLIENT_TRUE@ pwhash_scrypt.nexe \ -@NATIVECLIENT_TRUE@ pwhash_scrypt_ll.nexe \ -@NATIVECLIENT_TRUE@ randombytes.nexe \ -@NATIVECLIENT_TRUE@ scalarmult.nexe \ -@NATIVECLIENT_TRUE@ scalarmult_ed25519.nexe \ -@NATIVECLIENT_TRUE@ scalarmult2.nexe \ -@NATIVECLIENT_TRUE@ scalarmult5.nexe \ -@NATIVECLIENT_TRUE@ scalarmult6.nexe \ -@NATIVECLIENT_TRUE@ scalarmult7.nexe \ -@NATIVECLIENT_TRUE@ scalarmult8.nexe \ -@NATIVECLIENT_TRUE@ secretbox.nexe \ -@NATIVECLIENT_TRUE@ secretbox2.nexe \ -@NATIVECLIENT_TRUE@ secretbox7.nexe \ -@NATIVECLIENT_TRUE@ secretbox8.nexe \ -@NATIVECLIENT_TRUE@ secretbox_easy.nexe \ -@NATIVECLIENT_TRUE@ secretbox_easy2.nexe \ -@NATIVECLIENT_TRUE@ secretstream.nexe \ -@NATIVECLIENT_TRUE@ shorthash.nexe \ -@NATIVECLIENT_TRUE@ sign.nexe \ -@NATIVECLIENT_TRUE@ siphashx24.nexe \ -@NATIVECLIENT_TRUE@ sodium_core.nexe \ -@NATIVECLIENT_TRUE@ sodium_utils.nexe \ -@NATIVECLIENT_TRUE@ sodium_version.nexe \ -@NATIVECLIENT_TRUE@ stream.nexe \ -@NATIVECLIENT_TRUE@ stream2.nexe \ -@NATIVECLIENT_TRUE@ stream3.nexe \ -@NATIVECLIENT_TRUE@ stream4.nexe \ -@NATIVECLIENT_TRUE@ verify1.nexe \ -@NATIVECLIENT_TRUE@ xchacha20.nexe - AM_CPPFLAGS = \ -DTEST_SRCDIR=\"@srcdir@\" \ -I$(top_srcdir)/src/libsodium/include \ @@ -1255,6 +1123,8 @@ codecs_SOURCE = cmptest.h codecs.c codecs_LDADD = $(TESTS_LDADD) core_ed25519_SOURCE = cmptest.h core_ed25519.c core_ed25519_LDADD = $(TESTS_LDADD) +core_ristretto255_SOURCE = cmptest.h core_ristretto255.c +core_ristretto255_LDADD = $(TESTS_LDADD) core1_SOURCE = cmptest.h core1.c core1_LDADD = $(TESTS_LDADD) core2_SOURCE = cmptest.h core2.c @@ -1309,6 +1179,8 @@ scalarmult_SOURCE = cmptest.h scalarmult.c scalarmult_LDADD = $(TESTS_LDADD) scalarmult_ed25519_SOURCE = cmptest.h scalarmult_ed25519.c scalarmult_ed25519_LDADD = $(TESTS_LDADD) +scalarmult_ristretto255_SOURCE = cmptest.h scalarmult_ristretto255.c +scalarmult_ristretto255_LDADD = $(TESTS_LDADD) scalarmult2_SOURCE = cmptest.h scalarmult2.c scalarmult2_LDADD = $(TESTS_LDADD) scalarmult5_SOURCE = cmptest.h scalarmult5.c @@ -1361,7 +1233,7 @@ verify1_SOURCE = cmptest.h verify1.c verify1_LDADD = $(TESTS_LDADD) xchacha20_SOURCE = cmptest.h xchacha20.c xchacha20_LDADD = $(TESTS_LDADD) -@NATIVECLIENT_TRUE@LOG_COMPILER = ./nacl-test-wrapper.sh +@WASI_TRUE@LOG_COMPILER = ./wasi-test-wrapper.sh all: all-am .SUFFIXES: @@ -1517,6 +1389,10 @@ core_ed25519$(EXEEXT): $(core_ed25519_OBJECTS) $(core_ed25519_DEPENDENCIES) $(EX @rm -f core_ed25519$(EXEEXT) $(AM_V_CCLD)$(LINK) $(core_ed25519_OBJECTS) $(core_ed25519_LDADD) $(LIBS) +core_ristretto255$(EXEEXT): $(core_ristretto255_OBJECTS) $(core_ristretto255_DEPENDENCIES) $(EXTRA_core_ristretto255_DEPENDENCIES) + @rm -f core_ristretto255$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(core_ristretto255_OBJECTS) $(core_ristretto255_LDADD) $(LIBS) + ed25519_convert$(EXEEXT): $(ed25519_convert_OBJECTS) $(ed25519_convert_DEPENDENCIES) $(EXTRA_ed25519_convert_DEPENDENCIES) @rm -f ed25519_convert$(EXEEXT) $(AM_V_CCLD)$(LINK) $(ed25519_convert_OBJECTS) $(ed25519_convert_LDADD) $(LIBS) @@ -1621,6 +1497,10 @@ scalarmult_ed25519$(EXEEXT): $(scalarmult_ed25519_OBJECTS) $(scalarmult_ed25519_ @rm -f scalarmult_ed25519$(EXEEXT) $(AM_V_CCLD)$(LINK) $(scalarmult_ed25519_OBJECTS) $(scalarmult_ed25519_LDADD) $(LIBS) +scalarmult_ristretto255$(EXEEXT): $(scalarmult_ristretto255_OBJECTS) $(scalarmult_ristretto255_DEPENDENCIES) $(EXTRA_scalarmult_ristretto255_DEPENDENCIES) + @rm -f scalarmult_ristretto255$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(scalarmult_ristretto255_OBJECTS) $(scalarmult_ristretto255_LDADD) $(LIBS) + secretbox$(EXEEXT): $(secretbox_OBJECTS) $(secretbox_DEPENDENCIES) $(EXTRA_secretbox_DEPENDENCIES) @rm -f secretbox$(EXEEXT) $(AM_V_CCLD)$(LINK) $(secretbox_OBJECTS) $(secretbox_LDADD) $(LIBS) @@ -1739,6 +1619,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/core5.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/core6.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/core_ed25519.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/core_ristretto255.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ed25519_convert.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generichash.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/generichash2.Po@am__quote@ # am--include-marker @@ -1765,6 +1646,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scalarmult7.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scalarmult8.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scalarmult_ed25519.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scalarmult_ristretto255.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secretbox.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secretbox2.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/secretbox7.Po@am__quote@ # am--include-marker @@ -2506,6 +2388,13 @@ core_ed25519.log: core_ed25519$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +core_ristretto255.log: core_ristretto255$(EXEEXT) + @p='core_ristretto255$(EXEEXT)'; \ + b='core_ristretto255'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) pwhash_scrypt.log: pwhash_scrypt$(EXEEXT) @p='pwhash_scrypt$(EXEEXT)'; \ b='pwhash_scrypt'; \ @@ -2527,6 +2416,13 @@ scalarmult_ed25519.log: scalarmult_ed25519$(EXEEXT) --log-file $$b.log --trs-file $$b.trs \ $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ "$$tst" $(AM_TESTS_FD_REDIRECT) +scalarmult_ristretto255.log: scalarmult_ristretto255$(EXEEXT) + @p='scalarmult_ristretto255$(EXEEXT)'; \ + b='scalarmult_ristretto255'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) siphashx24.log: siphashx24$(EXEEXT) @p='siphashx24$(EXEEXT)'; \ b='siphashx24'; \ @@ -2620,7 +2516,6 @@ mostlyclean-generic: -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) clean-generic: - -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) @@ -2664,6 +2559,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/core5.Po -rm -f ./$(DEPDIR)/core6.Po -rm -f ./$(DEPDIR)/core_ed25519.Po + -rm -f ./$(DEPDIR)/core_ristretto255.Po -rm -f ./$(DEPDIR)/ed25519_convert.Po -rm -f ./$(DEPDIR)/generichash.Po -rm -f ./$(DEPDIR)/generichash2.Po @@ -2690,6 +2586,7 @@ distclean: distclean-am -rm -f ./$(DEPDIR)/scalarmult7.Po -rm -f ./$(DEPDIR)/scalarmult8.Po -rm -f ./$(DEPDIR)/scalarmult_ed25519.Po + -rm -f ./$(DEPDIR)/scalarmult_ristretto255.Po -rm -f ./$(DEPDIR)/secretbox.Po -rm -f ./$(DEPDIR)/secretbox2.Po -rm -f ./$(DEPDIR)/secretbox7.Po @@ -2784,6 +2681,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/core5.Po -rm -f ./$(DEPDIR)/core6.Po -rm -f ./$(DEPDIR)/core_ed25519.Po + -rm -f ./$(DEPDIR)/core_ristretto255.Po -rm -f ./$(DEPDIR)/ed25519_convert.Po -rm -f ./$(DEPDIR)/generichash.Po -rm -f ./$(DEPDIR)/generichash2.Po @@ -2810,6 +2708,7 @@ maintainer-clean: maintainer-clean-am -rm -f ./$(DEPDIR)/scalarmult7.Po -rm -f ./$(DEPDIR)/scalarmult8.Po -rm -f ./$(DEPDIR)/scalarmult_ed25519.Po + -rm -f ./$(DEPDIR)/scalarmult_ristretto255.Po -rm -f ./$(DEPDIR)/secretbox.Po -rm -f ./$(DEPDIR)/secretbox2.Po -rm -f ./$(DEPDIR)/secretbox7.Po diff --git a/test/default/aead_xchacha20poly1305.c b/test/default/aead_xchacha20poly1305.c index 9c51623a..12059b6e 100644 --- a/test/default/aead_xchacha20poly1305.c +++ b/test/default/aead_xchacha20poly1305.c @@ -20,7 +20,7 @@ tv(void) }; #undef MESSAGE #define MESSAGE "Ladies and Gentlemen of the class of '99: If I could offer you " \ -"only one tip for the future, sunscreen would be it." + "only one tip for the future, sunscreen would be it." unsigned char *m = (unsigned char *) sodium_malloc(MLEN); static const unsigned char nonce[crypto_aead_xchacha20poly1305_ietf_NPUBBYTES] = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, @@ -64,6 +64,10 @@ tv(void) printf("detached ciphertext is bogus\n"); } + if (crypto_aead_xchacha20poly1305_ietf_decrypt(NULL, 0, NULL, c, CLEN, ad, + ADLEN, nonce, firstkey) != 0) { + printf("crypto_aead_xchacha20poly1305_ietf_decrypt() tag-only verification failed\n"); + } if (crypto_aead_xchacha20poly1305_ietf_decrypt(m2, &m2len, NULL, c, CLEN, ad, ADLEN, nonce, firstkey) != 0) { printf("crypto_aead_xchacha20poly1305_ietf_decrypt() failed\n"); diff --git a/test/default/box_seal.c b/test/default/box_seal.c index f9c970bc..01765ca8 100644 --- a/test/default/box_seal.c +++ b/test/default/box_seal.c @@ -2,8 +2,8 @@ #define TEST_NAME "box_seal" #include "cmptest.h" -int -main(void) +static +void tv1(void) { unsigned char pk[crypto_box_PUBLICKEYBYTES]; unsigned char sk[crypto_box_SECRETKEYBYTES]; @@ -22,11 +22,11 @@ main(void) randombytes_buf(m, m_len); if (crypto_box_seal(c, m, m_len, pk) != 0) { printf("crypto_box_seal() failure\n"); - return 1; + return; } if (crypto_box_seal_open(m2, c, c_len, pk, sk) != 0) { printf("crypto_box_seal_open() failure\n"); - return 1; + return; } printf("%d\n", memcmp(m, m2, m_len)); @@ -39,6 +39,63 @@ main(void) sodium_free(m2); assert(crypto_box_sealbytes() == crypto_box_SEALBYTES); +} + +#ifndef SODIUM_LIBRARY_MINIMAL +static +void tv2(void) +{ + unsigned char pk[crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES]; + unsigned char sk[crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES]; + unsigned char *c; + unsigned char *m; + unsigned char *m2; + size_t m_len; + size_t c_len; + + crypto_box_curve25519xchacha20poly1305_keypair(pk, sk); + m_len = (size_t) randombytes_uniform(1000); + c_len = crypto_box_curve25519xchacha20poly1305_SEALBYTES + m_len; + m = (unsigned char *) sodium_malloc(m_len); + m2 = (unsigned char *) sodium_malloc(m_len); + c = (unsigned char *) sodium_malloc(c_len); + randombytes_buf(m, m_len); + if (crypto_box_curve25519xchacha20poly1305_seal(c, m, m_len, pk) != 0) { + printf("crypto_box_curve25519xchacha20poly1305_seal() failure\n"); + return; + } + if (crypto_box_curve25519xchacha20poly1305_seal_open(m2, c, c_len, pk, sk) != 0) { + printf("crypto_box_curve25519xchacha20poly1305_seal_open() failure\n"); + return; + } + printf("%d\n", memcmp(m, m2, m_len)); + + printf("%d\n", crypto_box_curve25519xchacha20poly1305_seal_open(m, c, 0U, pk, sk)); + printf("%d\n", crypto_box_curve25519xchacha20poly1305_seal_open(m, c, c_len - 1U, pk, sk)); + printf("%d\n", crypto_box_curve25519xchacha20poly1305_seal_open(m, c, c_len, sk, pk)); + + sodium_free(c); + sodium_free(m); + sodium_free(m2); + + assert(crypto_box_curve25519xchacha20poly1305_sealbytes() == + crypto_box_curve25519xchacha20poly1305_SEALBYTES); +} + +#else + +static +void tv2(void) +{ + printf("0\n-1\n-1\n-1\n"); +} +#endif + +int +main(void) +{ + tv1(); + tv2(); return 0; } diff --git a/test/default/box_seal.exp b/test/default/box_seal.exp index 78ea705a..ded7a43c 100644 --- a/test/default/box_seal.exp +++ b/test/default/box_seal.exp @@ -2,3 +2,7 @@ -1 -1 -1 +0 +-1 +-1 +-1 diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c index b6bdfab9..e3f39c38 100644 --- a/test/default/core_ed25519.c +++ b/test/default/core_ed25519.c @@ -44,29 +44,43 @@ add_l64(unsigned char * const S) int main(void) { - unsigned char *h; + unsigned char *h, *r; unsigned char *p, *p2, *p3; unsigned char *sc, *sc2, *sc3; unsigned char *sc64; char *hex; unsigned int i, j; - h = (unsigned char *) sodium_malloc(crypto_core_ed25519_UNIFORMBYTES); + h = (unsigned char *) sodium_malloc(crypto_core_ed25519_HASHBYTES); + r = (unsigned char *) sodium_malloc(crypto_core_ed25519_UNIFORMBYTES); p = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES); - for (i = 0; i < 1000; i++) { - randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES); - if (crypto_core_ed25519_from_uniform(p, h) != 0) { + for (i = 0; i < 500; i++) { + randombytes_buf(r, crypto_core_ed25519_UNIFORMBYTES); + if (crypto_core_ed25519_from_uniform(p, r) != 0) { printf("crypto_core_ed25519_from_uniform() failed\n"); } if (crypto_core_ed25519_is_valid_point(p) == 0) { printf("crypto_core_ed25519_from_uniform() returned an invalid point\n"); } + + randombytes_buf(h, crypto_core_ed25519_HASHBYTES); + if (crypto_core_ed25519_from_hash(p, h) != 0) { + printf("crypto_core_ed25519_from_hash() failed\n"); + } + if (crypto_core_ed25519_is_valid_point(p) == 0) { + printf("crypto_core_ed25519_from_hash() returned an invalid point\n"); + } + + crypto_core_ed25519_random(p); + if (crypto_core_ed25519_is_valid_point(p) == 0) { + printf("crypto_core_ed25519_random() returned an invalid point\n"); + } } p2 = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES); p3 = (unsigned char *) sodium_malloc(crypto_core_ed25519_BYTES); - randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES); - crypto_core_ed25519_from_uniform(p2, h); + + crypto_core_ed25519_random(p2); j = 1 + (unsigned int) randombytes_uniform(100); memcpy(p3, p, crypto_core_ed25519_BYTES); @@ -145,9 +159,10 @@ main(void) assert(crypto_core_ed25519_sub(p3, non_canonical_invalid_p, p3) == -1); for (i = 0; i < 1000; i++) { - randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES); - crypto_core_ed25519_from_uniform(p, h); - crypto_core_ed25519_scalar_random(sc); + crypto_core_ed25519_random(p); + do { + crypto_core_ed25519_scalar_random(sc); + } while (sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES)); if (crypto_scalarmult_ed25519_noclamp(p2, sc, p) != 0) { printf("crypto_scalarmult_ed25519_noclamp() failed\n"); } @@ -175,8 +190,8 @@ main(void) printf("crypto_core_ed25519_scalar_reduce() failed\n"); } - randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES); - crypto_core_ed25519_from_uniform(p, h); + randombytes_buf(r, crypto_core_ed25519_UNIFORMBYTES); + crypto_core_ed25519_from_uniform(p, r); memcpy(p2, p, crypto_core_ed25519_BYTES); crypto_core_ed25519_scalar_random(sc); if (crypto_scalarmult_ed25519_noclamp(p, sc, p) != 0) { @@ -187,15 +202,14 @@ main(void) printf("crypto_scalarmult_ed25519_noclamp() failed (2)\n"); } crypto_core_ed25519_add(p3, p, p2); - crypto_core_ed25519_from_uniform(p, h); + crypto_core_ed25519_from_uniform(p, r); crypto_core_ed25519_sub(p, p, p3); assert(p[0] == 0x01); for (i = 1; i < crypto_core_ed25519_BYTES; i++) { assert(p[i] == 0); } - randombytes_buf(h, crypto_core_ed25519_UNIFORMBYTES); - crypto_core_ed25519_from_uniform(p, h); + crypto_core_ed25519_random(p); memcpy(p2, p, crypto_core_ed25519_BYTES); crypto_core_ed25519_scalar_random(sc); if (crypto_scalarmult_ed25519_noclamp(p, sc, p) != 0) { @@ -306,8 +320,8 @@ main(void) assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES)); } - memset(sc, 0x69, crypto_core_ed25519_UNIFORMBYTES); - memset(sc2, 0x42, crypto_core_ed25519_UNIFORMBYTES); + memset(sc, 0x69, crypto_core_ed25519_SCALARBYTES); + memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES); crypto_core_ed25519_scalar_add(sc, sc, sc2); crypto_core_ed25519_scalar_add(sc, sc2, sc); sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, @@ -320,8 +334,8 @@ main(void) sc, crypto_core_ed25519_SCALARBYTES); printf("sub1: %s\n", hex); - memset(sc, 0xcd, crypto_core_ed25519_UNIFORMBYTES); - memset(sc2, 0x42, crypto_core_ed25519_UNIFORMBYTES); + memset(sc, 0xcd, crypto_core_ed25519_SCALARBYTES); + memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES); crypto_core_ed25519_scalar_add(sc, sc, sc2); crypto_core_ed25519_scalar_add(sc, sc2, sc); sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, @@ -334,6 +348,45 @@ main(void) sc, crypto_core_ed25519_SCALARBYTES); printf("sub2: %s\n", hex); + memset(sc, 0x69, crypto_core_ed25519_SCALARBYTES); + memset(sc2, 0x42, crypto_core_ed25519_SCALARBYTES); + for (i = 0; i < 100; i++) { + crypto_core_ed25519_scalar_mul(sc, sc, sc2); + crypto_core_ed25519_scalar_mul(sc2, sc, sc2); + } + sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1, + sc2, crypto_core_ed25519_SCALARBYTES); + printf("mul: %s\n", hex); + for (i = 0; i < 1000; i++) { + crypto_core_ed25519_scalar_random(sc); + memset(sc2, 0, crypto_core_ed25519_SCALARBYTES); + crypto_core_ed25519_scalar_mul(sc3, sc, sc2); + assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES)); + + sc2[0]++; + crypto_core_ed25519_scalar_mul(sc3, sc, sc2); + assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0); + + sc2[0]++; + crypto_core_ed25519_scalar_mul(sc3, sc, sc2); + crypto_core_ed25519_scalar_sub(sc3, sc3, sc); + crypto_core_ed25519_scalar_sub(sc3, sc3, sc); + assert(sodium_is_zero(sc3, crypto_core_ed25519_SCALARBYTES)); + + do { + crypto_core_ed25519_scalar_random(sc2); + } while (sodium_is_zero(sc2, crypto_core_ed25519_SCALARBYTES)); + crypto_core_ed25519_scalar_mul(sc3, sc, sc2); + crypto_core_ed25519_scalar_invert(sc2, sc2); + crypto_core_ed25519_scalar_mul(sc3, sc3, sc2); + assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) == 0); + + sc[31] |= 0x11; + memset(sc2, 0, crypto_core_ed25519_SCALARBYTES); + sc2[0] = 1; + crypto_core_ed25519_scalar_mul(sc3, sc, sc2); + assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) != 0); + } sodium_free(hex); sodium_free(sc64); sodium_free(sc3); @@ -342,6 +395,7 @@ main(void) sodium_free(p3); sodium_free(p2); sodium_free(p); + sodium_free(r); sodium_free(h); assert(crypto_core_ed25519_BYTES == crypto_core_ed25519_bytes()); @@ -350,6 +404,8 @@ main(void) assert(crypto_core_ed25519_NONREDUCEDSCALARBYTES >= crypto_core_ed25519_SCALARBYTES); assert(crypto_core_ed25519_UNIFORMBYTES == crypto_core_ed25519_uniformbytes()); assert(crypto_core_ed25519_UNIFORMBYTES >= crypto_core_ed25519_BYTES); + assert(crypto_core_ed25519_HASHBYTES == crypto_core_ed25519_hashbytes()); + assert(crypto_core_ed25519_HASHBYTES >= 2 * crypto_core_ed25519_BYTES); printf("OK\n"); diff --git a/test/default/core_ed25519.exp b/test/default/core_ed25519.exp index 89fbaa33..65295bfa 100644 --- a/test/default/core_ed25519.exp +++ b/test/default/core_ed25519.exp @@ -14,4 +14,5 @@ add1: f7567cd87c82ec1c355a6304c143bcc9ecedededededededededededededed0d sub1: f67c79849de0253ba142949e1db6224b13121212121212121212121212121202 add2: b02e8581ce62f69922427c23f970f7e951525252525252525252525252525202 sub2: 3da570db4b001cbeb35a7b7fe588e72aaeadadadadadadadadadadadadadad0d +mul: 4453ef38408c06677c1b810e4bf8b1991f01c88716fbfa2f075a518b77da400b OK diff --git a/test/default/core_ristretto255.c b/test/default/core_ristretto255.c new file mode 100644 index 00000000..bd67f71d --- /dev/null +++ b/test/default/core_ristretto255.c @@ -0,0 +1,270 @@ +#define TEST_NAME "core_ristretto255" +#include "cmptest.h" + +static void +tv1(void) +{ + static const char *bad_encodings_hex[] = { + /* Non-canonical field encodings */ + "00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "f3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "edffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + + /* Negative field elements */ + "0100000000000000000000000000000000000000000000000000000000000000", + "01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f", + "ed57ffd8c914fb201471d1c3d245ce3c746fcbe63a3679d51b6a516ebebe0e20", + "c34c4e1826e5d403b78e246e88aa051c36ccf0aafebffe137d148a2bf9104562", + "c940e5a4404157cfb1628b108db051a8d439e1a421394ec4ebccb9ec92a8ac78", + "47cfc5497c53dc8e61c91d17fd626ffb1c49e2bca94eed052281b510b1117a24", + "f1c6165d33367351b0da8f6e4511010c68174a03b6581212c71c0e1d026c3c72", + "87260f7a2f12495118360f02c26a470f450dadf34a413d21042b43b9d93e1309", + + /* Non-square x^2 */ + "26948d35ca62e643e26a83177332e6b6afeb9d08e4268b650f1f5bbd8d81d371", + "4eac077a713c57b4f4397629a4145982c661f48044dd3f96427d40b147d9742f", + "de6a7b00deadc788eb6b6c8d20c0ae96c2f2019078fa604fee5b87d6e989ad7b", + "bcab477be20861e01e4a0e295284146a510150d9817763caf1a6f4b422d67042", + "2a292df7e32cababbd9de088d1d1abec9fc0440f637ed2fba145094dc14bea08", + "f4a9e534fc0d216c44b218fa0c42d99635a0127ee2e53c712f70609649fdff22", + "8268436f8c4126196cf64b3c7ddbda90746a378625f9813dd9b8457077256731", + "2810e5cbc2cc4d4eece54f61c6f69758e289aa7ab440b3cbeaa21995c2f4232b", + + /* Negative xy value */ + "3eb858e78f5a7254d8c9731174a94f76755fd3941c0ac93735c07ba14579630e", + "a45fdc55c76448c049a1ab33f17023edfb2be3581e9c7aade8a6125215e04220", + "d483fe813c6ba647ebbfd3ec41adca1c6130c2beeee9d9bf065c8d151c5f396e", + "8a2e1d30050198c65a54483123960ccc38aef6848e1ec8f5f780e8523769ba32", + "32888462f8b486c68ad7dd9610be5192bbeaf3b443951ac1a8118419d9fa097b", + "227142501b9d4355ccba290404bde41575b037693cef1f438c47f8fbf35d1165", + "5c37cc491da847cfeb9281d407efc41e15144c876e0170b499a96a22ed31e01e", + "445425117cb8c90edcbc7c1cc0e74f747f2c1efa5630a967c64f287792a48a4b", + + /* s = -1, which causes y = 0 */ + "ecffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f" + }; + unsigned char *s; + size_t i; + + s = (unsigned char *) sodium_malloc(crypto_core_ristretto255_BYTES); + for (i = 0; i < sizeof bad_encodings_hex / sizeof bad_encodings_hex[0]; i++) { + sodium_hex2bin(s, crypto_core_ristretto255_BYTES, bad_encodings_hex[i], + crypto_core_ristretto255_BYTES * 2 + 1, + NULL, NULL, NULL); + if (crypto_core_ristretto255_is_valid_point(s)) { + printf("[%s] was not rejected\n", bad_encodings_hex[i]); + } + } + sodium_free(s); +}; + +static void +tv2(void) +{ + static const char *hash_hex[] = { + "5d1be09e3d0c82fc538112490e35701979d99e06ca3e2b5b54bffe8b4dc772c1" + "4d98b696a1bbfb5ca32c436cc61c16563790306c79eaca7705668b47dffe5bb6", + + "f116b34b8f17ceb56e8732a60d913dd10cce47a6d53bee9204be8b44f6678b27" + "0102a56902e2488c46120e9276cfe54638286b9e4b3cdb470b542d46c2068d38", + + "8422e1bbdaab52938b81fd602effb6f89110e1e57208ad12d9ad767e2e25510c" + "27140775f9337088b982d83d7fcf0b2fa1edffe51952cbe7365e95c86eaf325c", + + "ac22415129b61427bf464e17baee8db65940c233b98afce8d17c57beeb7876c2" + "150d15af1cb1fb824bbd14955f2b57d08d388aab431a391cfc33d5bafb5dbbaf", + + "165d697a1ef3d5cf3c38565beefcf88c0f282b8e7dbd28544c483432f1cec767" + "5debea8ebb4e5fe7d6f6e5db15f15587ac4d4d4a1de7191e0c1ca6664abcc413", + + "a836e6c9a9ca9f1e8d486273ad56a78c70cf18f0ce10abb1c7172ddd605d7fd2" + "979854f47ae1ccf204a33102095b4200e5befc0465accc263175485f0e17ea5c", + + "2cdc11eaeb95daf01189417cdddbf95952993aa9cb9c640eb5058d09702c7462" + "2c9965a697a3b345ec24ee56335b556e677b30e6f90ac77d781064f866a3c982" + }; + unsigned char *s; + unsigned char *u; + char *hex; + size_t i; + + s = (unsigned char *) sodium_malloc(crypto_core_ristretto255_BYTES); + u = (unsigned char *) sodium_malloc(crypto_core_ristretto255_HASHBYTES); + hex = (char *) sodium_malloc(crypto_core_ristretto255_BYTES * 2 + 1); + for (i = 0; i < sizeof hash_hex / sizeof hash_hex[0]; i++) { + sodium_hex2bin(u, crypto_core_ristretto255_HASHBYTES, hash_hex[i], + crypto_core_ristretto255_HASHBYTES * 2 + 1, + NULL, NULL, NULL); + crypto_core_ristretto255_from_hash(s, u); + sodium_bin2hex(hex, crypto_core_ristretto255_BYTES * 2 + 1, + s, crypto_core_ristretto255_BYTES); + printf("%s\n", hex); + } + sodium_free(hex); + sodium_free(u); + sodium_free(s); +} + +static void +tv3(void) +{ + static const unsigned char l[crypto_core_ed25519_BYTES] = + { 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 }; + + unsigned char *r = + (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES); + unsigned char *r_inv = + (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES); + unsigned char *ru = + (unsigned char *) sodium_malloc(crypto_core_ristretto255_HASHBYTES); + unsigned char *s = + (unsigned char *) sodium_malloc(crypto_core_ristretto255_BYTES); + unsigned char *s_ = + (unsigned char *) sodium_malloc(crypto_core_ristretto255_BYTES); + unsigned char *s2 = + (unsigned char *) sodium_malloc(crypto_core_ristretto255_BYTES); + int i; + + for (i = 0; i < 1000; i++) { + crypto_core_ristretto255_scalar_random(r); + if (crypto_scalarmult_ristretto255_base(s, r) != 0 || + crypto_core_ristretto255_is_valid_point(s) != 1) { + printf("crypto_scalarmult_ristretto255_base() failed\n"); + } + crypto_core_ristretto255_random(s); + if (crypto_core_ristretto255_is_valid_point(s) != 1) { + printf("crypto_core_ristretto255_random() failed\n"); + } + if (crypto_scalarmult_ristretto255(s, l, s) == 0) { + printf("s*l != inf (1)\n"); + } + randombytes_buf(ru, crypto_core_ristretto255_HASHBYTES); + if (crypto_core_ristretto255_from_hash(s, ru) != 0 || + crypto_core_ristretto255_is_valid_point(s) != 1) { + printf("crypto_core_ristretto255_from_hash() failed\n"); + } + if (crypto_scalarmult_ristretto255(s2, l, s) == 0) { + printf("s*l != inf (2)\n"); + } + if (crypto_scalarmult_ristretto255(s2, r, s) != 0 || + crypto_core_ristretto255_is_valid_point(s2) != 1) { + printf("crypto_scalarmult_ristretto255() failed\n"); + } + if (crypto_core_ristretto255_scalar_invert(r_inv, r) != 0) { + printf("crypto_core_ristretto255_scalar_invert() failed\n"); + } + if (crypto_scalarmult_ristretto255(s_, r_inv, s2) != 0 || + crypto_core_ristretto255_is_valid_point(s_) != 1) { + printf("crypto_scalarmult_ristretto255() failed\n"); + } + if (memcmp(s, s_, crypto_core_ristretto255_BYTES) != 0) { + printf("inversion failed\n"); + } + if (crypto_scalarmult_ristretto255(s2, l, s2) == 0) { + printf("s*l != inf (3)\n"); + } + if (crypto_core_ristretto255_add(s2, s, s_) != 0) { + printf("addition failed"); + } + if (crypto_core_ristretto255_sub(s2, s2, s_) != 0) { + printf("substraction failed"); + } + if (crypto_core_ristretto255_is_valid_point(s2) == 0) { + printf("invalid point"); + } + if (memcmp(s, s2, crypto_core_ristretto255_BYTES) != 0) { + printf("s2 + s - s_ != s\n"); + } + if (crypto_core_ristretto255_sub(s2, s2, s) != 0) { + printf("substraction failed"); + } + if (crypto_core_ristretto255_is_valid_point(s2) == -1) { + printf("s + s' - s - s' != 0"); + } + } + + crypto_core_ristretto255_random(s); + memset(s_, 0xfe, crypto_core_ristretto255_BYTES); + assert(crypto_core_ristretto255_add(s2, s_, s) == -1); + assert(crypto_core_ristretto255_add(s2, s, s_) == -1); + assert(crypto_core_ristretto255_add(s2, s_, s_) == -1); + assert(crypto_core_ristretto255_add(s2, s, s) == 0); + assert(crypto_core_ristretto255_sub(s2, s_, s) == -1); + assert(crypto_core_ristretto255_sub(s2, s, s_) == -1); + assert(crypto_core_ristretto255_sub(s2, s_, s_) == -1); + assert(crypto_core_ristretto255_sub(s2, s, s) == 0); + + sodium_free(s2); + sodium_free(s_); + sodium_free(s); + sodium_free(ru); + sodium_free(r_inv); + sodium_free(r); +} + +static void +tv4(void) +{ + unsigned char *r; + unsigned char *s1; + unsigned char *s2; + unsigned char *s3; + unsigned char *s4; + + r = (unsigned char *) sodium_malloc(crypto_core_ristretto255_NONREDUCEDSCALARBYTES); + s1 = (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES); + s2 = (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES); + s3 = (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES); + s4 = (unsigned char *) sodium_malloc(crypto_core_ristretto255_SCALARBYTES); + + crypto_core_ristretto255_scalar_random(s1); + randombytes_buf(r, crypto_core_ristretto255_NONREDUCEDSCALARBYTES); + crypto_core_ristretto255_scalar_reduce(s2, r); + memcpy(s4, s1, crypto_core_ristretto255_SCALARBYTES); + crypto_core_ristretto255_scalar_add(s3, s1, s2); + crypto_core_ristretto255_scalar_sub(s4, s1, s2); + crypto_core_ristretto255_scalar_add(s2, s3, s4); + crypto_core_ristretto255_scalar_sub(s2, s2, s1); + crypto_core_ristretto255_scalar_mul(s2, s3, s2); + crypto_core_ristretto255_scalar_invert(s4, s3); + crypto_core_ristretto255_scalar_mul(s2, s2, s4); + crypto_core_ristretto255_scalar_negate(s1, s1); + crypto_core_ristretto255_scalar_add(s2, s2, s1); + crypto_core_ristretto255_scalar_complement(s1, s2); + s1[0]--; + assert(sodium_is_zero(s1, crypto_core_ristretto255_SCALARBYTES)); + + sodium_free(s1); + sodium_free(s2); + sodium_free(s3); + sodium_free(s4); + sodium_free(r); +} + +int +main(void) +{ + tv1(); + tv2(); + tv3(); + tv4(); + + assert(crypto_core_ristretto255_BYTES == crypto_core_ristretto255_bytes()); + assert(crypto_core_ristretto255_SCALARBYTES == crypto_core_ristretto255_scalarbytes()); + assert(crypto_core_ristretto255_NONREDUCEDSCALARBYTES == crypto_core_ristretto255_nonreducedscalarbytes()); + assert(crypto_core_ristretto255_NONREDUCEDSCALARBYTES >= crypto_core_ristretto255_SCALARBYTES); + assert(crypto_core_ristretto255_HASHBYTES == crypto_core_ristretto255_hashbytes()); + assert(crypto_core_ristretto255_HASHBYTES >= crypto_core_ristretto255_BYTES); + assert(crypto_core_ristretto255_BYTES == crypto_core_ed25519_BYTES); + assert(crypto_core_ristretto255_SCALARBYTES == crypto_core_ed25519_SCALARBYTES); + assert(crypto_core_ristretto255_NONREDUCEDSCALARBYTES == crypto_core_ed25519_NONREDUCEDSCALARBYTES); + assert(crypto_core_ristretto255_HASHBYTES >= 2 * crypto_core_ed25519_UNIFORMBYTES); + + printf("OK\n"); + + return 0; +} diff --git a/test/default/core_ristretto255.exp b/test/default/core_ristretto255.exp new file mode 100644 index 00000000..8618d892 --- /dev/null +++ b/test/default/core_ristretto255.exp @@ -0,0 +1,8 @@ +3066f82a1a747d45120d1740f14358531a8f04bbffe6a819f86dfe50f44a0a46 +f26e5b6f7d362d2d2a94c5d0e7602cb4773c95a2e5c31a64f133189fa76ed61b +006ccd2a9e6867e6a2c5cea83d3302cc9de128dd2a9a57dd8ee7b9d7ffe02826 +f8f0c87cf237953c5890aec3998169005dae3eca1fbb04548c635953c817f92a +ae81e7dedf20a497e10c304a765c1767a42d6e06029758d2d7e8ef7cc4c41179 +e2705652ff9f5e44d3e841bf1c251cf7dddb77d140870d1ab2ed64f1a9ce8628 +80bd07262511cdde4863f8a7434cef696750681cb9510eea557088f76d9e5065 +OK diff --git a/test/default/nacl-test-wrapper.sh b/test/default/nacl-test-wrapper.sh deleted file mode 100755 index 0e4cffa9..00000000 --- a/test/default/nacl-test-wrapper.sh +++ /dev/null @@ -1,35 +0,0 @@ -#! /bin/sh - -if [ -z "$NACL_SDK_ROOT" ]; then - echo "The following variable needs to be set: - \$NACL_SDK_ROOT=$NACL_SDK_ROOT" >&2 - exit 1 -fi - -if [ -z "$PNACL_FINALIZE" -o -z "$PNACL_TRANSLATE" ]; then - exe="$1" -else - exe="$1.nexe" - if [ ! -f "$exe" ]; then - $PNACL_FINALIZE "$1" -o "$1.final" - $PNACL_TRANSLATE -arch $(uname -m) "$1.final" -o "$exe" - fi -fi - -command -v command >/dev/null 2>&1 || { - echo "command is required, but wasn't found on this system" >&2 - exit 1 -} - -command -v python >/dev/null 2>&1 || { - echo "Python not found. Aborting." >&2 - exit 1 -} - -SEL_LDR=$(find "$NACL_SDK_ROOT" -name sel_ldr.py | head -n 1) -if [ -z "$SEL_LDR" ]; then - echo "Couldn't find sel_ldr.py under $NACL_SDK_ROOT" >&2 - exit 1 -fi - -exec python "$SEL_LDR" "$exe" diff --git a/test/default/randombytes.c b/test/default/randombytes.c index bdc5cca4..d08066e8 100644 --- a/test/default/randombytes.c +++ b/test/default/randombytes.c @@ -42,8 +42,6 @@ randombytes_tests(void) #ifndef BENCHMARKS # ifdef __EMSCRIPTEN__ assert(strcmp(randombytes_implementation_name(), "js") == 0); -# elif defined(__native_client__) - assert(strcmp(randombytes_implementation_name(), "nativeclient") == 0); # else assert(strcmp(randombytes_implementation_name(), "sysrandom") == 0); # endif @@ -73,8 +71,9 @@ randombytes_tests(void) assert(randombytes_uniform(1U) == 0U); randombytes_close(); #ifndef __EMSCRIPTEN__ - randombytes_set_implementation(&randombytes_salsa20_implementation); - assert(strcmp(randombytes_implementation_name(), "salsa20") == 0); + assert(&randombytes_internal_implementation == &randombytes_salsa20_implementation); + randombytes_set_implementation(&randombytes_internal_implementation); + assert(strcmp(randombytes_implementation_name(), "internal") == 0); #endif randombytes_stir(); for (i = 0; i < 256; ++i) { @@ -129,11 +128,7 @@ randombytes_uniform_impl(const uint32_t upper_bound) static int impl_tests(void) { -#ifndef __native_client__ randombytes_implementation impl = randombytes_sysrandom_implementation; -#else - randombytes_implementation impl = randombytes_nativeclient_implementation; -#endif uint32_t v = randombytes_random(); impl.uniform = randombytes_uniform_impl; diff --git a/test/default/scalarmult_ed25519.c b/test/default/scalarmult_ed25519.c index 26d431ae..795647b5 100644 --- a/test/default/scalarmult_ed25519.c +++ b/test/default/scalarmult_ed25519.c @@ -83,6 +83,18 @@ main(void) if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) == 0) { printf("clamping not applied\n"); } + + n[0] = 9; + if (crypto_scalarmult_ed25519_base(q, n) != 0) { + printf("crypto_scalarmult_ed25519_base() failed\n"); + } + if (crypto_scalarmult_ed25519_base_noclamp(q2, n) != 0) { + printf("crypto_scalarmult_ed25519_base_noclamp() failed\n"); + } + if (memcmp(q, q2, crypto_scalarmult_ed25519_BYTES) == 0) { + printf("clamping not applied\n"); + } + n[0] = 8; n[31] = 64; if (crypto_scalarmult_ed25519_noclamp(q2, n, p) != 0) { diff --git a/test/default/scalarmult_ristretto255.c b/test/default/scalarmult_ristretto255.c new file mode 100644 index 00000000..1acd1216 --- /dev/null +++ b/test/default/scalarmult_ristretto255.c @@ -0,0 +1,51 @@ +#define TEST_NAME "scalarmult_ristretto255" +#include "cmptest.h" + +#define B_HEX "e2f2ae0a6abc4e71a884a961c500515f58e30b6aa582dd8db6a65945e08d2d76" + +int +main(void) +{ + unsigned char *b = + (unsigned char *) sodium_malloc(crypto_scalarmult_ristretto255_BYTES); + unsigned char *n = + (unsigned char *) sodium_malloc(crypto_scalarmult_ristretto255_SCALARBYTES); + unsigned char *p = + (unsigned char *) sodium_malloc(crypto_scalarmult_ristretto255_BYTES); + unsigned char *p2 = + (unsigned char *) sodium_malloc(crypto_scalarmult_ristretto255_BYTES); + char *hex = + (char *) sodium_malloc(2 * crypto_scalarmult_ristretto255_BYTES + 1); + int i; + + sodium_hex2bin(b, crypto_scalarmult_ristretto255_BYTES, + B_HEX, sizeof B_HEX - (size_t) 1U, NULL, NULL, NULL); + memset(n, 0, crypto_scalarmult_ristretto255_SCALARBYTES); + for (i = 0; i < 16; i++) { + crypto_scalarmult_ristretto255_base(p, n); + if (crypto_scalarmult_ristretto255(p2, n, b) != 0) { + printf("crypto_scalarmult_ristretto255(%d) != 0\n", i); + } + sodium_bin2hex(hex, 2 * crypto_scalarmult_ristretto255_BYTES + 1, + p, crypto_scalarmult_ristretto255_BYTES); + printf("%s\n", hex); + assert(memcmp(p, p2, crypto_scalarmult_ristretto255_BYTES) == 0); + sodium_increment(n, crypto_scalarmult_ristretto255_SCALARBYTES); + } + + memset(p, 0xfe, crypto_scalarmult_ristretto255_BYTES); + assert(crypto_scalarmult_ristretto255(guard_page, n, p) == -1); + + sodium_free(hex); + sodium_free(p2); + sodium_free(p); + sodium_free(n); + sodium_free(b); + + assert(crypto_scalarmult_ristretto255_BYTES == crypto_scalarmult_ristretto255_bytes()); + assert(crypto_scalarmult_ristretto255_SCALARBYTES == crypto_scalarmult_ristretto255_scalarbytes()); + + printf("OK\n"); + + return 0; +} diff --git a/test/default/scalarmult_ristretto255.exp b/test/default/scalarmult_ristretto255.exp new file mode 100644 index 00000000..919a7621 --- /dev/null +++ b/test/default/scalarmult_ristretto255.exp @@ -0,0 +1,18 @@ +crypto_scalarmult_ristretto255(0) != 0 +0000000000000000000000000000000000000000000000000000000000000000 +e2f2ae0a6abc4e71a884a961c500515f58e30b6aa582dd8db6a65945e08d2d76 +6a493210f7499cd17fecb510ae0cea23a110e8d5b901f8acadd3095c73a3b919 +94741f5d5d52755ece4f23f044ee27d5d1ea1e2bd196b462166b16152a9d0259 +da80862773358b466ffadfe0b3293ab3d9fd53c5ea6c955358f568322daf6a57 +e882b131016b52c1d3337080187cf768423efccbb517bb495ab812c4160ff44e +f64746d3c92b13050ed8d80236a7f0007c3b3f962f5ba793d19a601ebb1df403 +44f53520926ec81fbd5a387845beb7df85a96a24ece18738bdcfa6a7822a176d +903293d8f2287ebe10e2374dc1a53e0bc887e592699f02d077d5263cdd55601c +02622ace8f7303a31cafc63f8fc48fdc16e1c8c8d234b2f0d6685282a9076031 +20706fd788b2720a1ed2a5dad4952b01f413bcf0e7564de8cdc816689e2db95f +bce83f8ba5dd2fa572864c24ba1810f9522bc6004afe95877ac73241cafdab42 +e4549ee16b9aa03099ca208c67adafcafa4c3f3e4e5303de6026e3ca8ff84460 +aa52e000df2e16f55fb1032fc33bc42742dad6bd5a8fc0be0167436c5948501f +46376b80f409b29dc2b5f6f0c52591990896e5716f41477cd30085ab7f10301e +e0c418f7c8d9c4cdd7395b93ea124f3ad99021bb681dfc3302a9d99a2e53e64e +OK diff --git a/test/default/sodium_utils2.c b/test/default/sodium_utils2.c index 844f5866..a1801b1a 100644 --- a/test/default/sodium_utils2.c +++ b/test/default/sodium_utils2.c @@ -23,14 +23,16 @@ segv_handler(int sig) printf("Intentional segfault / bus error caught\n"); printf("OK\n"); -#ifdef SIGSEGV +#ifdef SIG_DFL +# ifdef SIGSEGV signal(SIGSEGV, SIG_DFL); -#endif -#ifdef SIGBUS +# endif +# ifdef SIGBUS signal(SIGBUS, SIG_DFL); -#endif -#ifdef SIGABRT +# endif +# ifdef SIGABRT signal(SIGABRT, SIG_DFL); +# endif #endif exit(0); } @@ -70,15 +72,16 @@ main(void) sodium_free(buf); } printf("OK\n"); - -#ifdef SIGSEGV +#ifdef SIG_DFL +# ifdef SIGSEGV signal(SIGSEGV, segv_handler); -#endif -#ifdef SIGBUS +# endif +# ifdef SIGBUS signal(SIGBUS, segv_handler); -#endif -#ifdef SIGABRT +# endif +# ifdef SIGABRT signal(SIGABRT, segv_handler); +# endif #endif size = 1U + randombytes_uniform(100000U); buf = sodium_malloc(size); diff --git a/test/default/sodium_utils3.c b/test/default/sodium_utils3.c index 3f2b600e..a39f0ee4 100644 --- a/test/default/sodium_utils3.c +++ b/test/default/sodium_utils3.c @@ -19,14 +19,16 @@ segv_handler(int sig) printf("Intentional segfault / bus error caught\n"); printf("OK\n"); -#ifdef SIGSEGV +#ifdef SIG_DFL +# ifdef SIGSEGV signal(SIGSEGV, SIG_DFL); -#endif -#ifdef SIGBUS +# endif +# ifdef SIGBUS signal(SIGBUS, SIG_DFL); -#endif -#ifdef SIGABRT +# endif +# ifdef SIGABRT signal(SIGABRT, SIG_DFL); +# endif #endif exit(0); } @@ -37,14 +39,16 @@ main(void) void * buf; size_t size; -#ifdef SIGSEGV +#ifdef SIG_DFL +# ifdef SIGSEGV signal(SIGSEGV, segv_handler); -#endif -#ifdef SIGBUS +# endif +# ifdef SIGBUS signal(SIGBUS, segv_handler); -#endif -#ifdef SIGABRT +# endif +# ifdef SIGABRT signal(SIGABRT, segv_handler); +# endif #endif size = 1U + randombytes_uniform(100000U); buf = sodium_malloc(size); diff --git a/test/default/wasi-test-wrapper.sh b/test/default/wasi-test-wrapper.sh new file mode 100755 index 00000000..af64884c --- /dev/null +++ b/test/default/wasi-test-wrapper.sh @@ -0,0 +1,28 @@ +#! /bin/sh + +MAX_MEMORY_TESTS="67108864" + +if [ -z "$WASI_RUNTIME" ] || [ "$WASI_RUNTIME" = "wasmtime" ]; then + if command -v wasmtime >/dev/null; then + wasmtime -o --dir=. "$1" && exit 0 + fi +fi + +if [ -z "$WASI_RUNTIME" ] || [ "$WASI_RUNTIME" = "lucet" ]; then + if command -v lucetc-wasi >/dev/null && command -v lucet-wasi >/dev/null; then + lucetc-wasi \ + --reserved-size "${MAX_MEMORY_TESTS}" \ + -o "${1}.so" --opt-level fast "$1" && + lucet-wasi --dir=.:. --max-heap-size "${MAX_MEMORY_TESTS}" "${1}.so" && + rm -f "${1}.so" && exit 0 + fi +fi + +if [ -z "$WASI_RUNTIME" ] || [ "$WASI_RUNTIME" = "wasmer" ]; then + if command -v wasmer >/dev/null; then + wasmer run "$1" --backend "${WASMER_BACKEND:-cranelift}" --dir=. && exit 0 + fi +fi + +echo "WebAssembly runtime failed" >&2 +exit 1 diff --git a/test/quirks/quirks.h b/test/quirks/quirks.h index 65935a47..69fe3693 100644 --- a/test/quirks/quirks.h +++ b/test/quirks/quirks.h @@ -4,23 +4,6 @@ /* C++Builder defines a "random" macro */ #undef random -#ifdef __native_client__ -# define memset(dst, c, n) xmemset(dst, c, n) - -static void * -xmemset(void *dst, int c, size_t n) -{ - unsigned char * dst_ = (unsigned char *) dst; - const unsigned char c_ = (unsigned char) c; - size_t i; - - for (i = 0; i < n; i++) { - dst_[i] = c_; - } - return dst; -} -#endif - #ifdef __EMSCRIPTEN__ # define strcmp(s1, s2) xstrcmp(s1, s2)