cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,367 Commits 1 Branch 0 Tags 32 MiB
5db61c617b
Commit Graph

634 Commits

Author SHA1 Message Date
Frank Denis
5db61c617b Add statebytes for crypto_hmac_* 2015-01-23 23:08:49 +01:00
Frank Denis
d0e9b8f69c Suggest crypto_generichash_statebytes() instead of sizeof() 2015-01-23 22:54:27 +01:00
Frank Denis
b5deb4d070 + crypto_hash_sha(256|512)_statebytes 2015-01-23 11:17:40 +01:00
Frank Denis
9e538624f4 + crypto_generichash_statebytes() 2015-01-23 11:00:57 +01:00
Frank Denis
c9ba75a48f Add crypto_generichash_statebytes() 
sizeof() is not always an option when accessing the library from
other languages.
 2015-01-23 10:56:01 +01:00
Frank Denis
e2a24e69ec Invert #if[n]def __EMSCRIPTEN__ logic, put more common case first 2015-01-18 10:20:12 +01:00
Frank Denis
feaba594db || -> | spotted by Ahmad 2015-01-18 10:17:53 +01:00
Frank Denis
5b3d8a4bf9 Mention what is optional and what is required for a randombytes implementation 2015-01-18 10:12:27 +01:00
Frank Denis
0b4fb379d4 Factorize randombytes_uniform() 
Don't require randombytes implementations to reimplement this.
NULL can be passed instead of a function pointer to use the default
implementation.
Allow NULL for randombytes_stir() and randombytes_close() as well.
 2015-01-18 10:08:36 +01:00
Frank Denis
add0fcede4 randombytes_random() is 32 bits, even in JS. 2015-01-18 09:50:17 +01:00
Frank Denis
c64baf38c6 Do not require /dev/urandom emulation in Javascript any more. 2015-01-17 23:01:20 +01:00
Frank Denis
2a562f8986 Proper overlapping check; memmove() was called when it was superfluous. 2015-01-15 00:44:28 +01:00
Frank Denis
f0b76de13e chacha20: counting the remaining bytes in a block doesn't require ULL 2015-01-13 20:43:27 +01:00
Frank Denis
f580fcfa92 Sync reduced rounds versions of salsa20 with supercop 2015-01-13 19:36:50 +01:00
Frank Denis
0fef202b37 Wipe the last salsa20 block in the reduced rounds versions 2015-01-13 19:18:50 +01:00
Frank Denis
ab4171e37f Error checking 2015-01-13 16:26:58 +01:00
Frank Denis
8ba7fbd062 Mention that sodium_alloc() can be used with sodium data structures 
And explain how to deal with crypto_generichash_state
 2015-01-13 11:04:39 +01:00
Frank Denis
2d380c97f3 Move prototypes of functions requiring padding together 2015-01-06 18:28:07 +01:00
Frank Denis
aaf5fbf2e5 + precomputed interface for crypto_box() 2015-01-06 17:52:42 +01:00
Frank Denis
fab8a0b55f Indentation 2015-01-06 17:22:12 +01:00
Frank Denis
49f87845b7 Missing #include for sodium_memzero() 2015-01-04 20:02:03 +01:00
Frank Denis
16f32cf1a5 Wipe the shared key in crypto_box() and crypto_secretbox() 
The _easy and _detached interfaces already did this.
 2015-01-04 18:29:17 +01:00
Frank Denis
26f87e266e Let sodium_malloc() and friends work on systems without protected memory. 
On these systems, they become simple aliases for malloc() and friends.

Canaries could be added, but adding too much bloat for these rare systems
is probably not worth it, and malloc debuggers are better tools to use.
 2014-12-29 23:23:33 +01:00
Frank Denis
cae09d458a Let crypto_sign_open() accept NULL for the message length pointer 
Ditto for edwards25519sha512batch for consistency
Add a _p suffix to lengths that are actually pointers for clarity
 2014-12-28 21:34:59 +01:00
Frank Denis
4cd1d03a28 Use relative paths in sodium.h 
This make it easier to use sodium when bundled with another project.
 2014-12-27 09:15:02 +01:00
Frank Denis
d5ad99fed6 Retry if open(2) is interrupted; set the CLOEXEC flag as well. 
Also retry if read(2) returns EAGAIN. This shouldn't happen in blocking mode,
but it can't hurt either.
 2014-12-25 12:30:14 +01:00
Frank Denis
e7a84c9e84 We always need to allocate aligned memory 2014-12-12 08:52:05 -08:00
Frank Denis
9b27460618 We always need a page size 2014-12-12 08:51:47 -08:00
Frank Denis
b1cac74b00 We can still directly call _mprotect_readwrite() instead of the high-level function. 2014-12-07 14:59:32 -08:00
Frank Denis
5e364632e0 Make sodium_free() callable even if protection is PROT_NONE. 
Reported by @stouset, thanks!
 2014-12-07 14:52:44 -08:00
Frank Denis
e5024c368f Remove obsolete, undocumented compatibility layer with Sodium 0.5 2014-11-30 19:57:41 -08:00
Frank Denis
da2c9952db Check if mmap(2) works, not just the presence of MAP_ANON 
In particular, mmap(2) doesn't return an aligner pointer on Emscripten.
 2014-11-24 10:22:50 -08:00
Frank Denis
60610da39d Zero the subkey in {stream,xor}_xsalsa20 
Spotted by Michael Rogers.
 2014-11-23 23:42:07 -08:00
Frank Denis
d0eab9323f Don't assume that madvise() is available even if related macros are defined. 2014-11-22 13:32:54 -08:00
Frank Denis
28a07bf0c9 Add explicit size_t conversions. 2014-11-20 13:31:13 -08:00
Frank Denis
a31a353f0e curve25519-donna-c64: use limb instead of uint64_t everywhere for consistency 2014-11-20 11:46:25 -08:00
Frank Denis
ae13df74e1 curve25519-donna-c64: replace U8TO64/U64TO8 with load_limb/store_limb 
To match the current @agl code.
 2014-11-20 11:43:53 -08:00
Frank Denis
d3e716aa49 curve25519-donna-c64: don't read an extra byte when expanding a 32-byte number into polynomial form 
Reported by Michael Holmwood.
 2014-11-20 11:22:24 -08:00
Frank Denis
63ee1abf82 Explicit int32 -> int64 conversions 2014-10-29 08:37:21 -07:00
Frank Denis
caeeefbcf4 Credit CodesInChaos 2014-10-19 19:26:15 -07:00
Andre Caron
a7a04d7af5 Changes DLL_EXPORT to SODIUM_DLL_EXPORT. 
This macro conflicts with other projects.  This results in the inability to
build one DLL that depends on libsodium if the other DLL also uses the
DLL_EXPORT macro to control visibility of library symbols.  Since the choice of
name for this macro is arbitrary, use of a library prefix is preferred.
 2014-10-13 15:18:09 -04:00
Frank Denis
9e64361e66 Make sodium_bin2hex() slightly faster 2014-10-07 21:15:46 -07:00
Frank Denis
814df1e60d Constant-time sodium_bin2hex() 
Original C# code by CodesInChaos.
 2014-10-07 20:50:26 -07:00
Frank Denis
5c3c132e47 Make include guards consistent, and avoid reserved identifiers. 2014-10-06 14:14:49 -07:00
Frank Denis
cb07df046f Remove S<l check. 
Plan is to add is_standard()/is_canonical() instead of changing the current behavior
of the verification function. Suggested by CodesInChaos.
 2014-10-06 12:21:40 -07:00
Frank Denis
15889c2e64 Remove dead variable and assignment 2014-10-05 01:28:00 -07:00
Frank Denis
e04f1b6854 Avoid a conditional jump 2014-10-04 23:36:53 -07:00
Frank Denis
d34743241e Add a test for ed25519 malleability and restore traditional behavior. 
If an application really requires non-malleability, ED25519_PREVENT_MALLEABILITY
can be defined to enable the check.

This might become the default behavior depending on what other implementations
are planning to do.
 2014-10-04 23:25:01 -07:00
Frank Denis
9f6d37d9c6 Support overlapping input and output regions in crypto_secretbox_detached() 
crypto_stream_salsa20() doesn't support overlapping input and output regions,
except when they are aliases.
 2014-10-04 22:08:09 -07:00
Frank Denis
4099618de2 ed25519_open(): check that S < l 
Not strictly required, but I don't see any downsides either.
 2014-10-04 22:07:58 -07:00