cheng/libsodium
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,385 Commits 1 Branch 0 Tags 32 MiB
f03f28a18a
Commit Graph

2385 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Frank Denis
f03f28a18a Try running autoreconf --version 
This checks that autoreconf is actually the one we expect and not
some unrelated script.
 2016-12-31 23:04:05 +01:00
Frank Denis
0b10be1092 Update some m4 scripts 2016-12-29 08:16:17 +01:00
Frank Denis
f31a4b759d Tweak AX_CHECK_COMPILE_FLAG to also try to link the test program 2016-12-29 07:51:50 +01:00
Frank Denis
4e8832ed57 Merge branch 'master' of https://github.com/jedisct1/libsodium 
* 'master' of https://github.com/jedisct1/libsodium:
  Indent
  xchacha20poly1305: optimize and be compatible with ietf chacha20poly1305 (#461)
 2016-12-27 21:03:12 +01:00
Frank DENIS
24fd77ded3 Indent 2016-12-24 02:24:24 +01:00
Jason A. Donenfeld
6abad20323 xchacha20poly1305: optimize and be compatible with ietf chacha20poly1305 (#461) 
Due to SSL, the IETF version of chacha20poly1305 is going to be the one
that's in libraries places. While the 12-byte nonce thing is a little
weird, it has other benefits, like adding padding to the auth tag, which
might help fend off certain attacks.

But more importantly, since chacha20poly1305 in the IETF construction is
lots of places, it would be useful to be able to build xchacha20poly1305
out of it. Fortunately it's very easy to make hchacha20 (either
stand-alone, or out of the normal chacha20 block function), and then
that can be composed with an existing library's chacha20poly1305. It
looks a bit like this:

    xchacha20poly1305(input, key, nonce) {
        new_key = hchacha20(key, nonce)
        return chacha20poly1305(input, new_key, nonce + 16)
    }

This is also an efficient way to do it, since it means hchacha20 must
only be computed once.

Unfortuantely, non-IETF xchacha20poly1305 means that you deprive
virtually all other libraries that only support the more common
IETF construction the ability the ability to interoperate with
libsodium, through the simple construction. Rather, it forces
everyone to reimplement the AEAD part.

So, this commit adds a xchacha20poly1305 that uses the IETF construction
with the padding.

While we're at it, we redefine xchacha20poly1305 in terms of
chacha20poly1305, which gives the same output, but computes one less
hchacha20 and is generally a lot cleaner and simpler to understand.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
 2016-12-24 02:17:33 +01:00
Frank Denis
c5735ef215 Merge branch 'master' of https://github.com/jedisct1/libsodium 
* 'master' of https://github.com/jedisct1/libsodium:
  Check if atomic operations are supported
  Remove a whitespace following trailing backslash in a Makefile
 2016-12-17 19:00:59 +01:00
Frank Denis
d54b0b8d69 Do not include xchacha20poly1305 in minimal mode 2016-12-17 18:59:17 +01:00
Frank Denis
5aaff1ce2a Remove unexpected tabs 2016-12-17 18:52:52 +01:00
Frank Denis
db97a35502 Check if atomic operations are supported 2016-12-16 16:37:12 +01:00
Frank Denis
4c6f704084 Remove a whitespace following trailing backslash in a Makefile 2016-12-16 16:20:30 +01:00
Frank Denis
9d2ac5f747 Correct an assertion and prefer compile-time assertions 2016-12-11 20:28:03 +01:00
Frank Denis
9979762bbe Indent 2016-12-11 00:01:40 +01:00
Winston Durand
9cae7b6b7c fixed GCC2 bug seeing empty statement (#449) 2016-11-30 06:52:18 +01:00
Frank Denis
157c4a80c1 + crypto_aead_xchacha20poly1305 2016-11-26 21:29:26 +01:00
Frank Denis
8b7f03ddf7 Indent 2016-11-26 21:16:42 +01:00
Frank Denis
184110ccc5 + crypto_box_curve25519xchacha20poly1305_* 2016-11-26 21:06:23 +01:00
Frank Denis
54a1357ce3 Indent 2016-11-26 20:24:58 +01:00
Frank Denis
2ace041fd9 Add secretbox_xchacha20poly1305_easy 2016-11-26 19:45:24 +01:00
Frank Denis
d4f384e388 Make crypto_secretbox_xsalsa20poly1305_open() as __warn_unused_result__ 2016-11-26 19:44:51 +01:00
Frank Denis
669ed597d0 Rename box_x*poly1305.c -> secretbox_x*poly1305.c for consistency 2016-11-26 14:12:47 +01:00
Frank Denis
2848984edf + secretbox_xchacha20poly1305 2016-11-26 14:04:23 +01:00
Frank Denis
a86ac590d6 Reformat to make the style more consistent 2016-11-26 13:40:34 +01:00
Frank Denis
11eef91e49 Update Coverity Scan token 2016-11-09 17:58:45 +01:00
Frank Denis
7afd929e70 js: measuring make check time is not useful, especially not in a web browser 2016-10-30 01:25:32 +02:00
Frank Denis
5eed910c11 Cast the scalar instead of the coefficient 2016-10-30 01:13:22 +02:00
Frank Denis
71f0693ee7 Argon2i: fix encoding issues 
For compatibility with hashes might have been encoded using other libraries.
 2016-10-26 22:50:38 +02:00
Frank Denis
aff4aaeabf Change the garbage value to 0xdb 
If that garbage value becomes the LSB of a pointer, the pointer is more
likely to be unaligned, an trigger more bugs.
 2016-10-15 18:54:56 +02:00
Frank Denis
49741c59e8 Allows RANDOMBYTES_DEFAULT_IMPLEMENTATION to be overriden 2016-10-13 22:57:01 +02:00
Frank Denis
1ede5cc0bc $MAKE_TOOLCHAIN --force 2016-10-10 14:43:57 +02:00
Frank Denis
e4b716cd20 SUBDIRS << "contrib" 2016-10-05 15:46:02 +02:00
Frank Denis
3203811ee2 Trim spaces 2016-10-05 15:42:02 +02:00
Frank Denis
b1f56de00b Import contrib/FindSodium.cmake 2016-10-05 15:37:03 +02:00
Frank Denis
583c16707c + crypto_stream_xchacha20 2016-09-30 22:57:56 +02:00
Frank Denis
42dc78b38b Indent 2016-09-30 08:40:15 +02:00
Frank Denis
b20d227f37 Avoid collision with a possibly existing int128 type definition 2016-09-30 08:36:50 +02:00
Frank Denis
53ee1fe758 Remove commented out code and avoid inconsistent indentation 2016-09-30 08:30:22 +02:00
Frank Denis
f257413772 uint32 -> uint32_t 2016-09-30 08:26:24 +02:00
Frank Denis
f6e0256d9b On OSX, libtool is not installed any more on Travis 2016-09-20 21:13:40 +02:00
Robert Spychala
94ea419247 add preprocessor flag to skip blocking /dev/random during libsodium init (#429) 2016-09-20 21:13:07 +02:00
Frank Denis
6e2b119d86 Use xcodebuild to retrieve the XCode version 2016-09-18 10:46:59 +02:00
Frank Denis
26e8b0253f Argon2: check that m_cost/t_cost/lanes decode to uint32 2016-09-18 09:33:35 +02:00
Frank Denis
ed19556c2f XCode 8 may not be able to compile for iOS 5 and more 2016-09-18 09:21:53 +02:00
Frank Denis
b8ea6287e1 Merge branch 'master' of https://github.com/jedisct1/libsodium 
* 'master' of https://github.com/jedisct1/libsodium:
  Bump Coverity label, even though it's not used yet
 2016-09-18 09:04:50 +02:00
Frank Denis
1766e13a0e Pass --host to compile for the iOS simulator 2016-09-18 09:04:19 +02:00
Frank Denis
782c5fec5a Bump Coverity label, even though it's not used yet 2016-09-16 16:30:48 +02:00
Frank Denis
68564326e1 A compiler *can* still optimize this out 2016-08-04 20:59:43 +02:00
Ilya Maykov
a3b68738db Better AVX2 detection, try 2 (only using intrinsic functions) (#420) 
* Better AVX2 detection, try 2 (only using intrinsic functions)

* Slight change to AVX2 detection per jedisct1's feedback
 2016-08-04 20:58:48 +02:00
Frank Denis
6035c0779b Back to dev mode 2016-08-04 02:28:21 +02:00
Frank Denis
e08feb04d9 Pasto: CFLAGS_AVX -> CFLAGS_AVX2 
Spotted by @ivmaykov
 2016-08-04 02:26:24 +02:00