cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,318 Commits 1 Branch 0 Tags 32 MiB
29492143ab
Commit Graph

1128 Commits

Author SHA1 Message Date
unknown
2085693c32 Introduce C++Builder compatibility 
Add new preprocessor directives to allow libsodium to be easily
built in C++Builder.
 2016-03-18 14:46:00 -04:00
Frank Denis
0c06979260 Verify at compile time that blake2b_param is packed as expected 2016-03-18 10:20:56 +01:00
Frank Denis
76e3e91576 Remove unnecessary extern "C" and unused prototypes 2016-03-18 10:17:02 +01:00
Frank Denis
6c94f968e4 Remove BLAKE2s-related declarations 2016-03-18 09:59:32 +01:00
Frank Denis
0a18d18daf Consistent comment style 2016-03-18 09:56:21 +01:00
Frank Denis
a54e9402c5 Avoid BLAKE2 AVX2 implementation on Win32 2016-03-17 17:31:57 +01:00
Frank Denis
4b6667a9d3 Update Makefiles and MSVC solutions 2016-03-17 17:07:43 +01:00
Frank Denis
64fe1b2353 Indent 2016-03-17 16:53:30 +01:00
Frank Denis
7583cb26b5 Merge branch 'blakeavx2' 
* blakeavx2:
  BLAKE2b AVX2 implementation By the marvellous Samuel Neves - https://github.com/sneves/blake2-avx2
 2016-03-17 16:29:12 +01:00
Frank Denis
0131a72082 BLAKE2b AVX2 implementation 
By the marvellous Samuel Neves - https://github.com/sneves/blake2-avx2
 2016-03-17 16:24:04 +01:00
Frank Denis
8a24608fd2 Luminous beings are we, not this crude matter 2016-03-17 12:21:10 +01:00
Frank Denis
81f87df6a2 The Yoda style avoiding we can. 
In a similar test above, that style we didn't use.
 2016-03-17 12:21:09 +01:00
Frank Denis
6f2be3633f Argon2: avoid initial zeroing by calling fill_block() on the first pass 2016-03-17 12:21:06 +01:00
Frank Denis
7611ea6018 Add AVX2 detection 2016-03-17 11:15:18 +01:00
Frank Denis
42d906d3e9 Cacheline alignment 2016-03-17 09:27:39 +01:00
Frank Denis
a4327a90f4 Spacing 2016-03-17 09:22:09 +01:00
Frank Denis
e8dfc764d3 Add a detached API for aes256gcm 2016-03-15 11:02:25 +01:00
Frank Denis
d8845c04dd Update blake2b licensing 2016-03-13 09:12:34 +01:00
Frank Denis
630ac0913b We only support data independent addressing for Argon2 
Let the compiler automatically remove unused code
 2016-03-11 16:41:06 +01:00
Frank Denis
5a00dff84d p -> R for clarity 2016-03-11 13:45:39 +01:00
Frank Denis
676950d206 Remove superflous constant type qualifiers 2016-03-10 16:43:42 +01:00
Frank Denis
ab2f22137e ed25519_verify: check for small-order R 2016-03-10 16:39:54 +01:00
Frank Denis
7597b7cc13 Check what the implications of versioned Argon2 strings will be 2016-03-10 12:26:17 +01:00
Frank Denis
805fd3589d The version number in Argon2 strings will require 5 extra bytes 
Round `crypto_pwhash_argon2i_STRBYTES` up to 128
 2016-03-10 12:22:13 +01:00
Frank Denis
7c5d30a6a3 Consistent indentation 2016-03-09 15:37:47 +01:00
Frank Denis
62911edb7f Ed25519: verify 0<=s<2^252+27742317777372353535851937790883648493 
This reintroduces removed code to match the irtf-cfrg-eddsa draft

ED25519_COMPAT can be defined to keep the old behavior
 2016-03-08 20:35:21 +01:00
Frank Denis
7d4cfbf7af pwhash_argon2i_str(): zero the output buffer even on error path 2016-03-08 13:55:04 +01:00
Frank Denis
3853d5a824 Require a least 128 bits for an Argon2i digest 2016-03-08 13:51:23 +01:00
Frank Denis
7e4f83a54d Revisit Argon2i predefined parameters 2016-03-08 11:55:03 +01:00
Frank Denis
0158b2b1fd Argon2: use negative error codes 2016-03-08 09:32:37 +01:00
Frank Denis
f4397f12d0 Remove unneeded prototypes 2016-03-06 13:55:04 +01:00
Frank Denis
ddc1bbad73 Remove unused variables 2016-03-06 13:51:42 +01:00
Frank Denis
2fb69179cd scrypt: zeroize the temporary output buffer 2016-03-06 00:08:35 +01:00
Frank Denis
edcd258417 inttypes.h -> stdint.h 2016-03-05 18:23:53 +01:00
Frank Denis
8b139cdc31 Compile optimized Argon2i impl on 32-bit MSVC 2016-03-05 18:21:59 +01:00
Frank Denis
db139ced5f MSVC analyzer FP 2016-03-05 17:56:40 +01:00
Frank Denis
b55febaafa Bump ARGON2_MIN_TIME to 3, adjust tests accordingly 2016-03-01 14:08:31 +01:00
Frank Denis
0868222732 Let core_salsa20* accept a default constant 2016-02-29 12:04:34 +01:00
Frank Denis
9fbb822281 Use stdint types a bit more 2016-02-27 16:33:22 +01:00
Frank Denis
4e9b0b67ce Let crypto_core_hsalsa20() accept NULL for the default constants 2016-02-27 16:19:38 +01:00
Frank Denis
bb596e8eb7 Trim/untab/indent 2016-02-27 13:26:42 +01:00
Frank Denis
6dc466ee8b Use a single way to do unaligned memory access/endianness conversion 2016-02-27 12:46:07 +01:00
Frank Denis
d9493834b2 Hide store32()/load32() in the header 2016-02-26 13:22:33 +01:00
Frank Denis
49c57dfe0a Faster HChaCha20 2016-02-26 13:15:36 +01:00
Frank Denis
1e2a9eb062 Faster with clang 2016-02-26 12:59:14 +01:00
Frank Denis
4d5c3976db Add HChaCha20 2016-02-26 12:50:17 +01:00
Frank Denis
ecdcfba07e Argon2: issue different error codes for VERIFY_MISMATCH and DECODING_FAIL 
Only used internally, not exposed in the Sodium API
 2016-02-23 15:24:37 +01:00
Frank Denis
80d24c00cc Use calloc() instead of malloc()+memset() 2016-02-19 07:40:09 +01:00
Frank Denis
4b6a909d8a Argon2: fill_block() now XORs blocks instead of overwriting them 2016-02-17 16:26:37 +01:00
Frank Denis
e153debd0d Remove ...edwards25519sha512batch_*() wrappers for the constants 
The ...edwards25519sha512batch_*() functions are only here for ABI
compatibility with NaCl, where constants were only defined as macros.

Plus, these functions were only present as prototypes since 1.0.6;
the actual symbols were no defined any more.
 2016-02-13 08:15:00 +01:00
Frank Denis
54915743f4 Define ZEROBYTES as BOXZEROBYTES + MACBYTES 
ZEROBYTES and BOXZEROBYTES are rarely used compared to MACBYTES,
so it makes more sense to define MACBYTES and define the compat macros
based on it that the other way round.
 2016-02-11 15:19:58 +01:00
Frank Denis
36e60b2d28 Wipe secret keys before public keys and nonces 2016-02-03 01:19:24 +01:00
Frank Denis
1b63773986 Comments cleanup 2016-02-01 16:08:29 +01:00
Frank Denis
7035bbb8b8 Indent 2016-01-28 14:44:41 +01:00
Frank Denis
aa2ae5642b aes256gcm_encrypt_afternm() - abort() if mlen > 2^39-256 bits 2016-01-27 14:42:32 +01:00
Frank Denis
113091b2a0 On non-ELF platforms, mark pointers as volatile, not just what they point to. 
See http://sk.tl/Wj3pmI vs http://sk.tl/VNsyd9
 2016-01-27 08:24:19 +01:00
Frank Denis
bd15b68569 Argon2: explicitly initialize ctx.secret to NULL 2016-01-26 11:14:40 +01:00
Frank Denis
367afac0bf Sync argon2 implementation with upstream 2016-01-24 20:35:00 +01:00
Frank Denis
31a153c937 argon2_core() -> argon2_ctx() 2016-01-23 22:52:11 +01:00
Frank Denis
8bd6c9e289 Caps 2016-01-22 16:16:15 +01:00
Frank Denis
dc4a9791a7 Add comments to argon2-encoding.c 
Upstream `decode_string()` can return `ARGON2_INCORRECT_TYPE`.
This change is not merged. Either have a function return an ARGON2 constant,
have it return 0/1, or have it return 0/-1, but mixing different systems
is confusing. (encode|decode)_string() should probably all return an ARGON2
code.
 2016-01-22 16:12:24 +01:00
Frank Denis
921507cc59 Add extra sodium_memzero() in Argon2 2016-01-22 16:03:09 +01:00
Frank Denis
a814810a43 Relax max sizes in argon2 decoding 2016-01-22 15:59:54 +01:00
Frank Denis
17248540e3 Add aes256gcm stubs for platforms where it is not available 2016-01-22 10:21:24 +01:00
Frank Denis
d1b028abe3 Initialize ctx->pwdlen in argon2 string decoder 2016-01-21 08:42:23 +01:00
Frank Denis
82c7c45924 zero the context, in case we forget to initialize some members 2016-01-21 08:39:47 +01:00
Frank Denis
ba415e1f4d Argon2: use existing constants more consistently 
By @technion via the reference implementation
 2016-01-21 08:35:53 +01:00
Frank Denis
53419d7b06 Merge pull request #348 from betafive/pbarker/blake2 
Add crypt_generichash_blake2b_statebytes function
 2016-01-16 20:15:00 +01:00
Paul Barker
e20291d78e Add crypt_generichash_blake2b_statebytes function 
The function crypto_generichash_statebytes exists to dynamically determine the
size of a crypto_generichash_state struct. This is useful when using libsodium
from a language which can't use sizeof on C types. However, no equivalent
existed for the crypto_generichash_blake2b_state struct for users who want to
explicitly use the blake2b algorithm.

The function crypt_generichash_blake2b_statebytes is added to fill this gap.
 2016-01-16 17:25:14 +00:00
Frank Denis
8c0b916729 Add new macros for chacha20poly1305_ietf constants, for clarity 2016-01-16 12:36:30 +01:00
Frank Denis
18cc1b5682 The occasional absence of braces is disturbing. 2016-01-15 21:12:34 +01:00
Frank Denis
08d3b8a19c Reuse validate_inputs() to validate parameters in argon2-encoding.c 2016-01-15 20:58:50 +01:00
Frank Denis
936667e3f1 Untab 2016-01-12 09:26:46 +01:00
Frank Denis
20ccc09018 Argon2: Let fill_{memory_blocks,segment} return an error code 2016-01-12 09:24:50 +01:00
Frank Denis
751f3b3753 Visual Studio's preprocessor doesn't support #warning 2016-01-11 11:11:43 +01:00
Frank Denis
f1ab1fd377 Add extra CRYPTO_ALIGN() required for Minix 2016-01-07 15:33:17 +01:00
Frank Denis
82ed2169b0 Make argon2i blocks allocation functions static 2015-12-30 17:30:59 +01:00
Frank Denis
ff32e8f34b argon2: memory usage is m_cost KiB, not 2^m_cost KiB 2015-12-30 00:10:57 +01:00
Frank Denis
dfa0ee2753 We don't need no external memory allocators 2015-12-30 00:09:16 +01:00
Frank Denis
1635f98638 Add sodium/crypto_pwhash.h to the distribution 2015-12-29 22:42:33 +01:00
Frank Denis
69cfab0522 We don't need the ability to use a custom allocator 2015-12-29 22:33:36 +01:00
Frank Denis
28ca446f73 argon2: don't dereference a pointer before testing it for NULL 2015-12-29 22:22:54 +01:00
Frank Denis
b5ed4cc34b Add high-level crypto_pwhash() API 2015-12-29 21:49:55 +01:00
Frank Denis
c7b9178d5a Consistent #include guards 2015-12-29 21:35:45 +01:00
Frank Denis
2bd822b1c9 Pasto 2015-12-29 19:13:48 +01:00
Frank Denis
6d9f2cae79 argon2: ensure that memory is cacheline aligned; use mmap(2) if possible 2015-12-29 19:00:52 +01:00
Frank Denis
9788147270 Require less indentation 2015-12-29 18:41:38 +01:00
Frank Denis
9ef45f8456 argon2: make blocks allocation indirect, keep the base address 2015-12-29 18:38:33 +01:00
Frank Denis
0ec2f464c8 Comment doesn't seem to be relevant any more 2015-12-29 17:53:13 +01:00
Frank Denis
96c37fc9a4 Indent 2015-12-29 17:51:00 +01:00
Frank Denis
bd44342a1e Remove unneeded extern "C" 2015-12-29 17:24:31 +01:00
Frank Denis
71056e2f75 Add missing header 2015-12-29 17:22:45 +01:00
Frank Denis
dfdf65c4f0 Add crypto_pwhash_argon2i_(memlimit|opslimit)_moderate() 
Import missing crypto_pwhash_argon2i.h by the way
 2015-12-29 16:07:47 +01:00
Frank Denis
387dd75e88 Require at least SSSE3 for optimized implementations 2015-12-29 15:34:16 +01:00
Frank Denis
a916ec93c1 crypto_pwhash_argon2i_*() 2015-12-29 13:29:24 +01:00
Frank Denis
da927a985f Argon2 bits - Not exposed in the API yet 2015-12-29 11:24:11 +01:00
Frank Denis
9abc0fdbd0 Back go to dev mode 2015-12-28 18:51:25 +01:00
Frank Denis
35b0264cdd Get ready for the xmas release 2015-12-25 11:58:08 +01:00
Frank Denis
61fbc8eb63 lcov exclusion 2015-12-25 02:12:09 +01:00
Frank Denis
d839d74c89 lcov exclusion 2015-12-25 02:09:12 +01:00
Frank Denis
2f4603ff7e lcov exclusion 2015-12-25 02:03:27 +01:00
Frank Denis
cdd45e413a lcov exclusion 2015-12-25 01:54:49 +01:00
Frank Denis
8ca2c79a19 Annotations 2015-12-23 20:40:32 +01:00
Frank Denis
82831cb7a6 Document constants 2015-12-22 12:19:32 +01:00
Frank Denis
7e1ea85f47 Remove dead code 2015-12-22 09:50:05 +01:00
Frank Denis
6996c383d3 Add warning 2015-12-20 17:29:33 +01:00
Frank Denis
764ceb7b7e Fix empty __attribute__ definition for !__GNUC__ 2015-12-20 17:20:30 +01:00
Frank Denis
c233490f06 Use memset() for fe_(0|1)() 
This produces faster code with gcc.
constify precomputations by the way.
 2015-12-19 01:51:20 +01:00
Frank Denis
00914500e0 Use stdint types instead of crypto_* 2015-12-18 00:13:24 +01:00
Frank Denis
2b21e18224 Finish replacing shifts on integers with multiplications 2015-12-18 00:03:47 +01:00
Frank Denis
09128b88c7 Remove redundant blank lines 2015-12-17 17:02:01 +01:00
Frank Denis
194ad15904 Explicitly call abort() if gettimeofday() doesn't succeed. 2015-12-17 09:45:02 +01:00
Frank Denis
c82925f2e6 Merge pull request #334 from bsilver8192/master 
Various small cleanups
 2015-12-17 09:38:31 +01:00
Frank Denis
c84ba1d17a Aliasing 2015-12-17 08:37:57 +01:00
Brian Silverman
18187ffab2 Don't rely on assert evaluating its argument 2015-12-16 22:54:04 -05:00
Frank Denis
03973542c7 Faster scalarmult_base() when using the ref10 implementation. 
Use the Ed25519 scalar multiplication function followed by a conversion to
Montgomery coordinates to generate X25519 public keys.

Suggested a while ago by @CodesInChaos
 2015-12-17 00:49:59 +01:00
Frank Denis
f430f3a936 Reorder to improve inlining 2015-12-16 16:01:00 +01:00
Frank Denis
6872237df9 Reorder functions to help with inlining 2015-12-16 15:53:13 +01:00
Frank Denis
b81f9cd436 Let the x25519 ref10 implementation use the core/curve25519/ref code 
cswap can be a convenient operation to have in core later, but it is
not required yet.
 2015-12-16 15:46:09 +01:00
Frank Denis
f9d982480b Move most of sign/ed25519/ref10 to core/curve25519/ref10 2015-12-16 15:25:14 +01:00
Frank Denis
5f4763ce74 Simplify AVX availabity detection, add support for Visual Studio 2015-12-15 10:41:43 +01:00
Frank Denis
2ee3db59e7 Use HAVE_AVX_ASM instead of HAVE_AMD64_ASM 2015-12-14 16:52:55 +01:00
Frank Denis
ab4bade488 Check the extended control register to see if AVX is actually usable 2015-12-14 16:45:44 +01:00
Frank Denis
53570303d0 Reduce diff between curve25519/ref10 and ed25519/ref10, add missing includes 2015-12-14 12:43:41 +01:00
Frank Denis
76daa01963 ref10: inline, constify 2015-12-11 06:42:59 +01:00
Frank Denis
04c7c3637e Don't refine SODIUM_C99 if it has already been defined 2015-12-11 00:57:47 +01:00
Frank Denis
2d589f78be Reorder struct members to keep values of the same type together 2015-12-11 00:26:32 +01:00
Frank Denis
bc371880d8 salsa20random stream struct members must match initializers 
for compatibility with old non-C99 compilers.
Spotted and reported by @sneves
 2015-12-11 00:10:19 +01:00
Frank Denis
e36400aa30 __attribute__((...)) -> __attribute__ ((...)) 2015-12-10 11:26:14 +01:00
Frank Denis
47d8513bde Fix offset in obsolete crypto_sign_edwards25519sha512batch_open 2015-12-10 09:41:17 +01:00
Frank Denis
731f2e1c12 Force alignment for _mm_loadl_epi64() in DEBUG mode 
Required to work around gcc sanitizer
 2015-12-07 22:44:24 +01:00
Frank Denis
a65484a7e5 Don't define unused variables 2015-12-06 18:47:07 +01:00
Frank Denis
b816a44b13 Assembly optimized _increment() and _add() for common nonce types 2015-12-06 18:11:37 +01:00
Frank Denis
d11819eaf5 Let blake2b abort on invalid parameters instead of returning -1 2015-11-27 11:02:27 +01:00
Frank Denis
0ec04baf95 Nit 2015-11-27 01:53:47 +01:00
Frank Denis
e0b027f112 Constify & add a note on _mm_loadl_epi64() 2015-11-27 01:34:14 +01:00
Frank Denis
38fd43d7d3 Use memcpy() instead of a cast 2015-11-27 01:18:07 +01:00
Frank Denis
b40663a10c Don't assume that substracting unrelated pointers is acceptable. 
Having to increment two pointers instead of one is the price to
pay for portability, but it's not that big of a deal here.
 2015-11-27 01:06:54 +01:00
Frank Denis
ef3a073d13 Avoid unnecessary casts for the nonce/counter 2015-11-27 00:09:57 +01:00
Frank Denis
d341893ec6 format 2015-11-26 22:34:40 +01:00
Frank Denis
c160dbc9cd Use uint128_t consistently 2015-11-26 22:34:21 +01:00
Frank Denis
85dbcd6c52 Replace some casts with memcpy() 2015-11-26 22:32:29 +01:00
Frank Denis
457ff09ee7 Revert 2015-11-26 19:07:37 +01:00
Frank Denis
23b4e21680 Directly use the internal state type when possible 2015-11-26 18:28:08 +01:00
Frank Denis
9a2a278715 Use memset() instead of a cast 2015-11-26 18:21:31 +01:00
Frank Denis
04a59d0bb0 Fix aliasing violations, even though we always disable strict aliasing 2015-11-26 18:19:24 +01:00
Frank Denis
a2540cb103 Avoid pointer casting when using Emscripten 2015-11-26 17:07:57 +01:00
Frank Denis
a5b4926a19 Keep it simple to avoid issues with the different heaps in Emscripten 2015-11-26 17:06:18 +01:00
Frank Denis
2cbb5de483 Move size checks to the main chacha20 encryption function 2015-11-26 12:34:49 +01:00
Frank Denis
1cd715eb5d Remove unused code 2015-11-26 12:27:31 +01:00