php-win-ext/libsodium
1
0
Fork 0
mirror of https://github.com/php-win-ext/libsodium.git synced 2026-03-24 00:52:15 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update to libsodium 1.0.17

Browse Source
This commit is contained in:
Christoph M. Becker
2019-05-24 18:54:34 +02:00
parent c15ee323ac
commit 32be39a01b
181 changed files with 5342 additions and 1177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -1,5 +1,4 @@
*.bc
*.cmake
*.dSYM
*.done
*.final
@@ -82,7 +81,9 @@ test/default/*.asm.js
test/default/*.res
test/default/*.trs
test/default/aead_aes256gcm
test/default/aead_aes256gcm2
test/default/aead_chacha20poly1305
test/default/aead_chacha20poly13052
test/default/aead_xchacha20poly1305
test/default/auth
test/default/auth2
@@ -132,6 +133,7 @@ test/default/scalarmult2
test/default/scalarmult5
test/default/scalarmult6
test/default/scalarmult7
test/default/scalarmult8
test/default/secretbox
test/default/secretbox2
test/default/secretbox7

29
ChangeLog
View File

@@ -1,4 +1,33 @@
* Version 1.0.17
- Bug fix: `sodium_pad()` didn't properly support block sizes >= 256 bytes.
- JS/WebAssembly: some old iOS versions can't instantiate the WebAssembly
module; fall back to Javascript on these.
- JS/WebAssembly: compatibility with newer Emscripten versions.
- Bug fix: `crypto_pwhash_scryptsalsa208sha256_str_verify()` and
`crypto_pwhash_scryptsalsa208sha256_str_needs_rehash()` didn't return
`EINVAL` on input strings with a short length, unlike their high-level
counterpart.
- Added a workaround for Visual Studio 2010 bug causing CPU features
not to be detected.
- Portability improvements.
- Test vectors from Project Wycheproof have been added.
- New low-level APIs for arithmetic mod the order of the prime order group:
`crypto_core_ed25519_scalar_random()`, `crypto_core_ed25519_scalar_reduce()`,
`crypto_core_ed25519_scalar_invert()`, `crypto_core_ed25519_scalar_negate()`,
`crypto_core_ed25519_scalar_complement()`, `crypto_core_ed25519_scalar_add()`
and `crypto_core_ed25519_scalar_sub()`.
- New low-level APIs for scalar multiplication without clamping:
`crypto_scalarmult_ed25519_base_noclamp()` and
`crypto_scalarmult_ed25519_noclamp()`. These new APIs are especially useful
for blinding.
- `sodium_sub()` has been implemented.
- Support for WatchOS has been added.
- getrandom(2) is now used on FreeBSD 12+.
- The `nonnull` attribute has been added to all relevant prototypes.
- More reliable AVX512 detection.
- Javascript/Webassembly builds now use dynamic memory growth.
* Version 1.0.16
- Signatures computations and verifications are now way faster on
64-bit platforms with compilers supporting 128-bit arithmetic (gcc,

2
LICENSE
View File

@@ -1,7 +1,7 @@
/*
* ISC License
*
* Copyright (c) 2013-2017
* Copyright (c) 2013-2019
* Frank Denis <j at pureftpd dot org>
*
* Permission to use, copy, modify, and/or distribute this software for any

6
README.markdown
View File

@@ -21,17 +21,17 @@ as well as Javascript and Webassembly.
## Documentation
The documentation is available on Gitbook:
The documentation is available on Gitbook and built from the [libsodium-doc](https://github.com/jedisct1/libsodium-doc) repository:
* [libsodium documentation](https://download.libsodium.org/doc/) -
online, requires Javascript.
* [offline documentation](https://www.gitbook.com/book/jedisct1/libsodium/details)
in PDF, MOBI and ePUB formats.
in PDF format.
## Integrity Checking
The integrity checking instructions (including the signing key for libsodium)
are available in the [installation](https://download.libsodium.org/doc/installation/index.html#integrity-checking)
are available in the [installation](https://download.libsodium.org/doc/installation#integrity-checking)
section of the documentation.
## Community

1
THANKS
View File

@@ -15,6 +15,7 @@ libsodium bindings for their favorite programming languages:
@neheb
Adam Caudill (@adamcaudill)
Alexander Ilin (@AlexIljin)
Alexander Morris (@alexpmorris)
Amit Murthy (@amitmurthy)
Andrew Bennett (@potatosalad)

6
builds/msvc/resource.rc
View File

@@ -4,8 +4,8 @@
#include "windows.h"
//specify the version numbers for the dll's
#define LIBSODIUM_VERSION_STRING "1.0.16.0"
#define LIBSODIUM_VERSION_BIN 1,0,16,0
#define LIBSODIUM_VERSION_STRING "1.0.17.0"
#define LIBSODIUM_VERSION_BIN 1,0,17,0
//specify the product name for the dlls based on the platform we are compiling for
#if defined(x64)
@@ -47,7 +47,7 @@ BEGIN
VALUE "FileDescription", "The Sodium crypto library (libsodium) "
VALUE "FileVersion", LIBSODIUM_VERSION_STRING
VALUE "InternalName", "libsodium"
VALUE "LegalCopyright", "Copyright (c) 2017 The libsodium authors."
VALUE "LegalCopyright", "Copyright (c) 2013-2019 The libsodium authors."
VALUE "OriginalFilename", "libsodium.dll"
VALUE "ProductName", LIBSODIUM_PRODUCT_NAME
VALUE "ProductVersion", LIBSODIUM_VERSION_STRING

4
builds/msvc/version.h
View File

@@ -4,10 +4,10 @@
#include "export.h"
#define SODIUM_VERSION_STRING "1.0.16"
#define SODIUM_VERSION_STRING "1.0.17"
#define SODIUM_LIBRARY_VERSION_MAJOR 10
#define SODIUM_LIBRARY_VERSION_MINOR 1
#define SODIUM_LIBRARY_VERSION_MINOR 2
#ifdef __cplusplus
extern "C" {

1
builds/msvc/vs2010/libsodium/libsodium.vcxproj
View File

@@ -259,6 +259,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters
View File

@@ -566,6 +566,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h">
<Filter>include\sodium\private</Filter>
</ClInclude>

1
builds/msvc/vs2012/libsodium/libsodium.vcxproj
View File

@@ -259,6 +259,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters
View File

@@ -566,6 +566,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h">
<Filter>include\sodium\private</Filter>
</ClInclude>

1
builds/msvc/vs2013/libsodium/libsodium.vcxproj
View File

@@ -259,6 +259,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters
View File

@@ -566,6 +566,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h">
<Filter>include\sodium\private</Filter>
</ClInclude>

1
builds/msvc/vs2015/libsodium/libsodium.vcxproj
View File

@@ -259,6 +259,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters
View File

@@ -566,6 +566,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h">
<Filter>include\sodium\private</Filter>
</ClInclude>

1
builds/msvc/vs2017/libsodium/libsodium.vcxproj
View File

@@ -259,6 +259,7 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="..\..\..\..\src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
builds/msvc/vs2017/libsodium/libsodium.vcxproj.filters
View File

@@ -566,6 +566,9 @@
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\mutex.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>include\sodium\private</Filter>
</ClInclude>
<ClInclude Include="..\..\..\..\src\libsodium\include\sodium\private\implementations.h">
<Filter>include\sodium\private</Filter>
</ClInclude>

83
configure.ac
View File

@@ -1,5 +1,5 @@
AC_PREREQ([2.65])
AC_INIT([libsodium],[1.0.16],
AC_INIT([libsodium],[1.0.17],
[https://github.com/jedisct1/libsodium/issues],
[libsodium],
[https://github.com/jedisct1/libsodium])
@@ -13,13 +13,11 @@ AM_MAINTAINER_MODE
AM_DEP_TRACK
AC_SUBST(VERSION)
ISODATE=`date +%Y-%m-%d`
AC_SUBST(ISODATE)
SODIUM_LIBRARY_VERSION_MAJOR=10
SODIUM_LIBRARY_VERSION_MINOR=1
DLL_VERSION=8
SODIUM_LIBRARY_VERSION=24:0:1
SODIUM_LIBRARY_VERSION_MINOR=2
DLL_VERSION=23
SODIUM_LIBRARY_VERSION=25:0:2
# | | |
# +------+ | +---+
# | | |
@@ -61,7 +59,7 @@ AC_ARG_ENABLE(ssp,
])
AC_ARG_ENABLE(asm,
[AS_HELP_STRING(--disable-asm,Do not compile assembly code -- This disables all (including non-assembly) platform-specific optimizations on Unix systems)],
[AS_HELP_STRING(--disable-asm,[Do not compile assembly code -- As a side effect, this disables CPU-specific implementations on non-Windows platforms. Only for use with targets such as WebAssembly and NativeClient.])],
[
AS_IF([test "x$enableval" = "xno"], [
enable_asm="no"
@@ -151,6 +149,17 @@ AC_ARG_WITH(ctgrind,
])
])
AC_ARG_ENABLE(retpoline,
[AS_HELP_STRING(--enable-retpoline,Use return trampolines for indirect calls)],
[AS_IF([test "x$enableval" = "xyes"], [
AX_CHECK_COMPILE_FLAG([-mindirect-branch=thunk-inline],
[CFLAGS="$CFLAGS -mindirect-branch=thunk-inline"],
[AX_CHECK_COMPILE_FLAG([-mretpoline], [CFLAGS="$CFLAGS -mretpoline"])]
)
AX_CHECK_COMPILE_FLAG([-mindirect-branch-register])
])
])
ENABLE_CWFLAGS=no
AC_ARG_ENABLE(debug,
[AS_HELP_STRING(--enable-debug,For maintainers only - please do not use)],
@@ -264,7 +273,7 @@ AS_CASE([$host_os],
AS_IF([test "x$enable_ssp" != "xno"],[
AS_CASE([$host_os],
[cygwin*|mingw*|msys|pw32*|cegcc*], [ ],
[cygwin*|mingw*|msys|pw32*|cegcc*|haiku], [ ],
[*], [
AX_CHECK_COMPILE_FLAG([-fstack-protector], [
AX_CHECK_LINK_FLAG([-fstack-protector],
@@ -324,24 +333,13 @@ AX_CHECK_LINK_FLAG([-Wl,-z,relro], [LDFLAGS="$LDFLAGS -Wl,-z,relro"])
AX_CHECK_LINK_FLAG([-Wl,-z,now], [LDFLAGS="$LDFLAGS -Wl,-z,now"])
AX_CHECK_LINK_FLAG([-Wl,-z,noexecstack], [LDFLAGS="$LDFLAGS -Wl,-z,noexecstack"])
AC_MSG_CHECKING(for a broken clang + AVX512 combination)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[
#if !(defined(__AVX512F__) && defined(__clang__) && __clang_major__ < 4)
#error Not a broken clang + AVX512 combination
#endif
]])],
[AC_MSG_RESULT(yes - disabling AVX512 optimizations)
AX_CHECK_COMPILE_FLAG([$CFLAGS -mno-avx512f],
[CFLAGS="$CFLAGS -mno-avx512f"])
],
[AC_MSG_RESULT(no)
])
AX_CHECK_CATCHABLE_SEGV
AX_CHECK_CATCHABLE_ABRT
AS_IF([test "x$with_threads" = "xyes"], [
AX_TLS([AC_MSG_RESULT(thread local storage is supported)],
AX_TLS([AC_MSG_RESULT(thread local storage is supported)
AX_CHECK_COMPILE_FLAG([-ftls-model=local-dynamic],
[CFLAGS="$CFLAGS -ftls-model=local-dynamic"])],
[AC_MSG_RESULT(thread local storage is not supported)]) ])
LT_INIT
@@ -483,13 +481,29 @@ return _mm256_movemask_ps(_mm256_cmp_ps(x, y, _CMP_NEQ_OQ));
#pragma GCC target("avx512f")
#include <immintrin.h>
]], [[
#ifndef __AVX512F__
# error No AVX512 support
#elif defined(__clang__)
# if __clang_major__ < 4
# error Compiler AVX512 support may be broken
# endif
#elif defined(__GNUC__)
# if __GNUC__ < 6
# error Compiler AVX512 support may be broken
# endif
#endif
__m512i x = _mm512_setzero_epi32();
__m512i y = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), x);
]])],
[AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_AVX512FINTRIN_H], [1], [AVX512F is available])
AX_CHECK_COMPILE_FLAG([-mavx512f], [CFLAGS_AVX512F="-mavx512f"])],
[AC_MSG_RESULT(no)])
[AC_MSG_RESULT(no)
AX_CHECK_COMPILE_FLAG([$CFLAGS -mno-avx512f],
[CFLAGS="$CFLAGS -mno-avx512f"])
])
CFLAGS="$oldcflags"
oldcflags="$CFLAGS"
@@ -580,6 +594,18 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
CPPFLAGS="$CPPFLAGS -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS"
])
AC_MSG_CHECKING(whether we can use inline asm code)
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
]], [[
int a = 42;
int *pnt = &a;
__asm__ __volatile__ ("" : : "r"(pnt) : "memory");
]])],
[AC_MSG_RESULT(yes)
AC_DEFINE([HAVE_INLINE_ASM], [1], [inline asm code can be used])]
[AC_MSG_RESULT(no)]
)
HAVE_AMD64_ASM_V=0
AS_IF([test "$enable_asm" != "no"],[
AC_MSG_CHECKING(whether we can use x86_64 asm code)
@@ -635,18 +661,17 @@ AC_SUBST(HAVE_AVX_ASM_V)
AC_MSG_CHECKING(for 128-bit arithmetic)
HAVE_TI_MODE_V=0
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#if !defined(__GNUC__) && !defined(__SIZEOF_INT128__)
#if !defined(__clang__) && !defined(__GNUC__) && !defined(__SIZEOF_INT128__)
# error mode(TI) is a gcc extension, and __int128 is not available
#endif
#if defined(__clang__) && !defined(__x86_64__)
#if defined(__clang__) && !defined(__x86_64__) && !defined(__aarch64__)
# error clang does not properly handle the 128-bit type on 32-bit systems
#endif
#ifndef NATIVE_LITTLE_ENDIAN
# error libsodium currently expects a little endian CPU for the 128-bit type
#endif
#ifdef __EMSCRIPTEN__
# error emscripten currently supports only shift operations on integers \
# larger than 64 bits
# error emscripten currently doesn't support some operations on integers larger than 64 bits
#endif
#include <stddef.h>
#include <stdint.h>
@@ -657,6 +682,8 @@ typedef unsigned uint128_t __attribute__((mode(TI)));
#endif
void fcontract(uint128_t *t) {
*t += 0x8000000000000 - 1;
*t *= *t;
*t >>= 84;
}
]], [[
(void) fcontract;
@@ -772,7 +799,7 @@ dnl Checks for functions and headers
AC_FUNC_ALLOCA
AS_IF([test "x$EMSCRIPTEN" = "x"],[
AC_CHECK_FUNCS([arc4random arc4random_buf])
AC_CHECK_FUNCS([mmap mlock madvise mprotect memset_s explicit_bzero nanosleep])
AC_CHECK_FUNCS([mmap mlock madvise mprotect memset_s explicit_bzero explicit_memset nanosleep])
])
AC_CHECK_FUNCS([posix_memalign getpid])

288
contrib/Findsodium.cmake Normal file
View File

@@ -0,0 +1,288 @@
# Written in 2016 by Henrik Steffen Gaßmann <henrik@gassmann.onl>
#
# To the extent possible under law, the author(s) have dedicated all
# copyright and related and neighboring rights to this software to the
# public domain worldwide. This software is distributed without any warranty.
#
# You should have received a copy of the CC0 Public Domain Dedication
# along with this software. If not, see
#
# http://creativecommons.org/publicdomain/zero/1.0/
#
########################################################################
# Tries to find the local libsodium installation.
#
# On Windows the sodium_DIR environment variable is used as a default
# hint which can be overridden by setting the corresponding cmake variable.
#
# Once done the following variables will be defined:
#
# sodium_FOUND
# sodium_INCLUDE_DIR
# sodium_LIBRARY_DEBUG
# sodium_LIBRARY_RELEASE
#
#
# Furthermore an imported "sodium" target is created.
#
if (CMAKE_C_COMPILER_ID STREQUAL "GNU"
OR CMAKE_C_COMPILER_ID STREQUAL "Clang")
set(_GCC_COMPATIBLE 1)
endif()
# static library option
if (NOT DEFINED sodium_USE_STATIC_LIBS)
option(sodium_USE_STATIC_LIBS "enable to statically link against sodium" OFF)
endif()
if(NOT (sodium_USE_STATIC_LIBS EQUAL sodium_USE_STATIC_LIBS_LAST))
unset(sodium_LIBRARY CACHE)
unset(sodium_LIBRARY_DEBUG CACHE)
unset(sodium_LIBRARY_RELEASE CACHE)
unset(sodium_DLL_DEBUG CACHE)
unset(sodium_DLL_RELEASE CACHE)
set(sodium_USE_STATIC_LIBS_LAST ${sodium_USE_STATIC_LIBS} CACHE INTERNAL "internal change tracking variable")
endif()
########################################################################
# UNIX
if (UNIX)
# import pkg-config
find_package(PkgConfig QUIET)
if (PKG_CONFIG_FOUND)
pkg_check_modules(sodium_PKG QUIET libsodium)
endif()
if(sodium_USE_STATIC_LIBS)
if (sodium_PKG_STATIC_LIBRARIES)
foreach(_libname ${sodium_PKG_STATIC_LIBRARIES})
if (NOT _libname MATCHES "^lib.*\\.a$") # ignore strings already ending with .a
list(INSERT sodium_PKG_STATIC_LIBRARIES 0 "lib${_libname}.a")
endif()
endforeach()
list(REMOVE_DUPLICATES sodium_PKG_STATIC_LIBRARIES)
else()
# if pkgconfig for libsodium doesn't provide
# static lib info, then override PKG_STATIC here..
set(sodium_PKG_STATIC_LIBRARIES libsodium.a)
endif()
set(XPREFIX sodium_PKG_STATIC)
else()
if (sodium_PKG_LIBRARIES STREQUAL "")
set(sodium_PKG_LIBRARIES sodium)
endif()
set(XPREFIX sodium_PKG)
endif()
find_path(sodium_INCLUDE_DIR sodium.h
HINTS ${${XPREFIX}_INCLUDE_DIRS}
)
find_library(sodium_LIBRARY_DEBUG NAMES ${${XPREFIX}_LIBRARIES}
HINTS ${${XPREFIX}_LIBRARY_DIRS}
)
find_library(sodium_LIBRARY_RELEASE NAMES ${${XPREFIX}_LIBRARIES}
HINTS ${${XPREFIX}_LIBRARY_DIRS}
)
########################################################################
# Windows
elseif (WIN32)
set(sodium_DIR "$ENV{sodium_DIR}" CACHE FILEPATH "sodium install directory")
mark_as_advanced(sodium_DIR)
find_path(sodium_INCLUDE_DIR sodium.h
HINTS ${sodium_DIR}
PATH_SUFFIXES include
)
if (MSVC)
# detect target architecture
file(WRITE "${CMAKE_CURRENT_BINARY_DIR}/arch.c" [=[
#if defined _M_IX86
#error ARCH_VALUE x86_32
#elif defined _M_X64
#error ARCH_VALUE x86_64
#endif
#error ARCH_VALUE unknown
]=])
try_compile(_UNUSED_VAR "${CMAKE_CURRENT_BINARY_DIR}" "${CMAKE_CURRENT_BINARY_DIR}/arch.c"
OUTPUT_VARIABLE _COMPILATION_LOG
)
string(REGEX REPLACE ".*ARCH_VALUE ([a-zA-Z0-9_]+).*" "\\1" _TARGET_ARCH "${_COMPILATION_LOG}")
# construct library path
if (_TARGET_ARCH STREQUAL "x86_32")
string(APPEND _PLATFORM_PATH "Win32")
elseif(_TARGET_ARCH STREQUAL "x86_64")
string(APPEND _PLATFORM_PATH "x64")
else()
message(FATAL_ERROR "the ${_TARGET_ARCH} architecture is not supported by Findsodium.cmake.")
endif()
string(APPEND _PLATFORM_PATH "/$$CONFIG$$")
if (MSVC_VERSION LESS 1900)
math(EXPR _VS_VERSION "${MSVC_VERSION} / 10 - 60")
else()
math(EXPR _VS_VERSION "${MSVC_VERSION} / 10 - 50")
endif()
string(APPEND _PLATFORM_PATH "/v${_VS_VERSION}")
if (sodium_USE_STATIC_LIBS)
string(APPEND _PLATFORM_PATH "/static")
else()
string(APPEND _PLATFORM_PATH "/dynamic")
endif()
string(REPLACE "$$CONFIG$$" "Debug" _DEBUG_PATH_SUFFIX "${_PLATFORM_PATH}")
string(REPLACE "$$CONFIG$$" "Release" _RELEASE_PATH_SUFFIX "${_PLATFORM_PATH}")
find_library(sodium_LIBRARY_DEBUG libsodium.lib
HINTS ${sodium_DIR}
PATH_SUFFIXES ${_DEBUG_PATH_SUFFIX}
)
find_library(sodium_LIBRARY_RELEASE libsodium.lib
HINTS ${sodium_DIR}
PATH_SUFFIXES ${_RELEASE_PATH_SUFFIX}
)
if (NOT sodium_USE_STATIC_LIBS)
set(CMAKE_FIND_LIBRARY_SUFFIXES_BCK ${CMAKE_FIND_LIBRARY_SUFFIXES})
set(CMAKE_FIND_LIBRARY_SUFFIXES ".dll")
find_library(sodium_DLL_DEBUG libsodium
HINTS ${sodium_DIR}
PATH_SUFFIXES ${_DEBUG_PATH_SUFFIX}
)
find_library(sodium_DLL_RELEASE libsodium
HINTS ${sodium_DIR}
PATH_SUFFIXES ${_RELEASE_PATH_SUFFIX}
)
set(CMAKE_FIND_LIBRARY_SUFFIXES ${CMAKE_FIND_LIBRARY_SUFFIXES_BCK})
endif()
elseif(_GCC_COMPATIBLE)
if (sodium_USE_STATIC_LIBS)
find_library(sodium_LIBRARY_DEBUG libsodium.a
HINTS ${sodium_DIR}
PATH_SUFFIXES lib
)
find_library(sodium_LIBRARY_RELEASE libsodium.a
HINTS ${sodium_DIR}
PATH_SUFFIXES lib
)
else()
find_library(sodium_LIBRARY_DEBUG libsodium.dll.a
HINTS ${sodium_DIR}
PATH_SUFFIXES lib
)
find_library(sodium_LIBRARY_RELEASE libsodium.dll.a
HINTS ${sodium_DIR}
PATH_SUFFIXES lib
)
file(GLOB _DLL
LIST_DIRECTORIES false
RELATIVE "${sodium_DIR}/bin"
"${sodium_DIR}/bin/libsodium*.dll"
)
find_library(sodium_DLL_DEBUG ${_DLL} libsodium
HINTS ${sodium_DIR}
PATH_SUFFIXES bin
)
find_library(sodium_DLL_RELEASE ${_DLL} libsodium
HINTS ${sodium_DIR}
PATH_SUFFIXES bin
)
endif()
else()
message(FATAL_ERROR "this platform is not supported by FindSodium.cmake")
endif()
########################################################################
# unsupported
else()
message(FATAL_ERROR "this platform is not supported by FindSodium.cmake")
endif()
########################################################################
# common stuff
# extract sodium version
if (sodium_INCLUDE_DIR)
set(_VERSION_HEADER "${_INCLUDE_DIR}/sodium/version.h")
if (EXISTS _VERSION_HEADER)
file(READ "${_VERSION_HEADER}" _VERSION_HEADER_CONTENT)
string(REGEX REPLACE ".*#[ \t]*define[ \t]*SODIUM_VERSION_STRING[ \t]*\"([^\n]*)\".*" "\\1"
sodium_VERSION "${_VERSION_HEADER_CONTENT}")
set(sodium_VERSION "${sodium_VERSION}" PARENT_SCOPE)
endif()
endif()
# communicate results
include(FindPackageHandleStandardArgs)
find_package_handle_standard_args(sodium
REQUIRED_VARS
sodium_LIBRARY_RELEASE
sodium_LIBRARY_DEBUG
sodium_INCLUDE_DIR
VERSION_VAR
sodium_VERSION
)
# mark file paths as advanced
mark_as_advanced(sodium_INCLUDE_DIR)
mark_as_advanced(sodium_LIBRARY_DEBUG)
mark_as_advanced(sodium_LIBRARY_RELEASE)
if (WIN32)
mark_as_advanced(sodium_DLL_DEBUG)
mark_as_advanced(sodium_DLL_RELEASE)
endif()
# create imported target
if(sodium_USE_STATIC_LIBS)
set(_LIB_TYPE STATIC)
else()
set(_LIB_TYPE SHARED)
endif()
add_library(sodium ${_LIB_TYPE} IMPORTED)
set_target_properties(sodium PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${sodium_INCLUDE_DIR}"
IMPORTED_LINK_INTERFACE_LANGUAGES "C"
)
if (sodium_USE_STATIC_LIBS)
set_target_properties(sodium PROPERTIES
INTERFACE_COMPILE_DEFINITIONS "SODIUM_STATIC"
IMPORTED_LOCATION "${sodium_LIBRARY_RELEASE}"
IMPORTED_LOCATION_DEBUG "${sodium_LIBRARY_DEBUG}"
)
else()
if (UNIX)
set_target_properties(sodium PROPERTIES
IMPORTED_LOCATION "${sodium_LIBRARY_RELEASE}"
IMPORTED_LOCATION_DEBUG "${sodium_LIBRARY_DEBUG}"
)
elseif (WIN32)
set_target_properties(sodium PROPERTIES
IMPORTED_IMPLIB "${sodium_LIBRARY_RELEASE}"
IMPORTED_IMPLIB_DEBUG "${sodium_LIBRARY_DEBUG}"
)
if (NOT (sodium_DLL_DEBUG MATCHES ".*-NOTFOUND"))
set_target_properties(sodium PROPERTIES
IMPORTED_LOCATION_DEBUG "${sodium_DLL_DEBUG}"
)
endif()
if (NOT (sodium_DLL_RELEASE MATCHES ".*-NOTFOUND"))
set_target_properties(sodium PROPERTIES
IMPORTED_LOCATION_RELWITHDEBINFO "${sodium_DLL_RELEASE}"
IMPORTED_LOCATION_MINSIZEREL "${sodium_DLL_RELEASE}"
IMPORTED_LOCATION_RELEASE "${sodium_DLL_RELEASE}"
)
endif()
endif()
endif()

3
dist-build/Makefile.am
View File

@@ -14,4 +14,5 @@ EXTRA_DIST = \
msys2-win64.sh \
nativeclient-pnacl.sh \
nativeclient-x86.sh \
nativeclient-x86_64.sh
nativeclient-x86_64.sh \
watchos.sh

16
dist-build/android-build.sh
View File

@@ -45,9 +45,15 @@ env - PATH="$PATH" \
"$MAKE_TOOLCHAIN" --force --api="$NDK_API_VERSION_COMPAT" \
--arch="$ARCH" --install-dir="$TOOLCHAIN_DIR" || exit 1
if [ -z "$LIBSODIUM_FULL_BUILD" ]; then
export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal"
else
export LIBSODIUM_ENABLE_MINIMAL_FLAG=""
fi
./configure \
--disable-soname-versions \
--enable-minimal \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--host="${HOST_COMPILER}" \
--prefix="${PREFIX}" \
--with-sysroot="${TOOLCHAIN_DIR}/sysroot" || exit 1
@@ -63,7 +69,7 @@ if [ "$NDK_PLATFORM" != "$NDK_PLATFORM_COMPAT" ]; then
./configure \
--disable-soname-versions \
--enable-minimal \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--host="${HOST_COMPILER}" \
--prefix="${PREFIX}" \
--with-sysroot="${TOOLCHAIN_DIR}/sysroot" || exit 1
@@ -77,6 +83,10 @@ if [ "$NDK_PLATFORM" != "$NDK_PLATFORM_COMPAT" ]; then
rm -f config-def.log config-def-compat.log
fi
NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null)
PROCESSORS=${NPROCESSORS:-3}
make clean && \
make -j3 install && \
make -j${PROCESSORS} install && \
echo "libsodium has been installed into ${PREFIX}"

66
dist-build/emscripten-symbols.def
View File

@@ -27,12 +27,12 @@ _crypto_aead_chacha20poly1305_ietf_encrypt 1 1
_crypto_aead_chacha20poly1305_ietf_encrypt_detached 1 1
_crypto_aead_chacha20poly1305_ietf_keybytes 1 1
_crypto_aead_chacha20poly1305_ietf_keygen 1 1
_crypto_aead_chacha20poly1305_ietf_messagebytes_max 0 0
_crypto_aead_chacha20poly1305_ietf_messagebytes_max 1 1
_crypto_aead_chacha20poly1305_ietf_npubbytes 1 1
_crypto_aead_chacha20poly1305_ietf_nsecbytes 1 1
_crypto_aead_chacha20poly1305_keybytes 1 1
_crypto_aead_chacha20poly1305_keygen 1 1
_crypto_aead_chacha20poly1305_messagebytes_max 0 0
_crypto_aead_chacha20poly1305_messagebytes_max 1 1
_crypto_aead_chacha20poly1305_npubbytes 1 1
_crypto_aead_chacha20poly1305_nsecbytes 1 1
_crypto_aead_xchacha20poly1305_ietf_abytes 1 1
@@ -42,7 +42,7 @@ _crypto_aead_xchacha20poly1305_ietf_encrypt 1 1
_crypto_aead_xchacha20poly1305_ietf_encrypt_detached 1 1
_crypto_aead_xchacha20poly1305_ietf_keybytes 1 1
_crypto_aead_xchacha20poly1305_ietf_keygen 1 1
_crypto_aead_xchacha20poly1305_ietf_messagebytes_max 0 0
_crypto_aead_xchacha20poly1305_ietf_messagebytes_max 1 1
_crypto_aead_xchacha20poly1305_ietf_npubbytes 1 1
_crypto_aead_xchacha20poly1305_ietf_nsecbytes 1 1
_crypto_auth 1 1
@@ -91,7 +91,7 @@ _crypto_box_curve25519xchacha20poly1305_easy 0 1
_crypto_box_curve25519xchacha20poly1305_easy_afternm 0 1
_crypto_box_curve25519xchacha20poly1305_keypair 0 1
_crypto_box_curve25519xchacha20poly1305_macbytes 0 1
_crypto_box_curve25519xchacha20poly1305_messagebytes_max 0 0
_crypto_box_curve25519xchacha20poly1305_messagebytes_max 0 1
_crypto_box_curve25519xchacha20poly1305_noncebytes 0 1
_crypto_box_curve25519xchacha20poly1305_open_detached 0 1
_crypto_box_curve25519xchacha20poly1305_open_detached_afternm 0 1
@@ -111,7 +111,7 @@ _crypto_box_curve25519xsalsa20poly1305_beforenmbytes 0 1
_crypto_box_curve25519xsalsa20poly1305_boxzerobytes 0 1
_crypto_box_curve25519xsalsa20poly1305_keypair 0 1
_crypto_box_curve25519xsalsa20poly1305_macbytes 0 1
_crypto_box_curve25519xsalsa20poly1305_messagebytes_max 0 0
_crypto_box_curve25519xsalsa20poly1305_messagebytes_max 0 1
_crypto_box_curve25519xsalsa20poly1305_noncebytes 0 1
_crypto_box_curve25519xsalsa20poly1305_open 0 1
_crypto_box_curve25519xsalsa20poly1305_open_afternm 0 1
@@ -126,7 +126,7 @@ _crypto_box_easy 1 1
_crypto_box_easy_afternm 1 1
_crypto_box_keypair 1 1
_crypto_box_macbytes 1 1
_crypto_box_messagebytes_max 0 0
_crypto_box_messagebytes_max 1 1
_crypto_box_noncebytes 1 1
_crypto_box_open 0 1
_crypto_box_open_afternm 0 1
@@ -147,13 +147,22 @@ _crypto_core_ed25519_add 0 1
_crypto_core_ed25519_bytes 0 1
_crypto_core_ed25519_from_uniform 0 1
_crypto_core_ed25519_is_valid_point 0 1
_crypto_core_ed25519_nonreducedscalarbytes 0 1
_crypto_core_ed25519_scalar_add 0 1
_crypto_core_ed25519_scalar_complement 0 1
_crypto_core_ed25519_scalar_invert 0 1
_crypto_core_ed25519_scalar_negate 0 1
_crypto_core_ed25519_scalar_random 0 1
_crypto_core_ed25519_scalar_reduce 0 1
_crypto_core_ed25519_scalar_sub 0 1
_crypto_core_ed25519_scalarbytes 0 1
_crypto_core_ed25519_sub 0 1
_crypto_core_ed25519_uniformbytes 0 1
_crypto_core_hchacha20 1 1
_crypto_core_hchacha20_constbytes 1 1
_crypto_core_hchacha20_inputbytes 1 1
_crypto_core_hchacha20_keybytes 1 1
_crypto_core_hchacha20_outputbytes 1 1
_crypto_core_hchacha20 0 1
_crypto_core_hchacha20_constbytes 0 1
_crypto_core_hchacha20_inputbytes 0 1
_crypto_core_hchacha20_keybytes 0 1
_crypto_core_hchacha20_outputbytes 0 1
_crypto_core_hsalsa20 0 1
_crypto_core_hsalsa20_constbytes 0 1
_crypto_core_hsalsa20_inputbytes 0 1
@@ -320,7 +329,7 @@ _crypto_pwhash_opslimit_moderate 1 1
_crypto_pwhash_opslimit_sensitive 1 1
_crypto_pwhash_passwd_max 1 1
_crypto_pwhash_passwd_min 1 1
_crypto_pwhash_primitive 1 1
_crypto_pwhash_primitive 0 1
_crypto_pwhash_saltbytes 1 1
_crypto_pwhash_scryptsalsa208sha256 0 1
_crypto_pwhash_scryptsalsa208sha256_bytes_max 0 1
@@ -357,7 +366,9 @@ _crypto_scalarmult_curve25519_bytes 0 1
_crypto_scalarmult_curve25519_scalarbytes 0 1
_crypto_scalarmult_ed25519 0 1
_crypto_scalarmult_ed25519_base 0 1
_crypto_scalarmult_ed25519_base_noclamp 0 1
_crypto_scalarmult_ed25519_bytes 0 1
_crypto_scalarmult_ed25519_noclamp 0 1
_crypto_scalarmult_ed25519_scalarbytes 0 1
_crypto_scalarmult_primitive 0 1
_crypto_scalarmult_scalarbytes 1 1
@@ -368,7 +379,7 @@ _crypto_secretbox_easy 1 1
_crypto_secretbox_keybytes 1 1
_crypto_secretbox_keygen 1 1
_crypto_secretbox_macbytes 1 1
_crypto_secretbox_messagebytes_max 0 0
_crypto_secretbox_messagebytes_max 1 1
_crypto_secretbox_noncebytes 1 1
_crypto_secretbox_open 0 1
_crypto_secretbox_open_detached 1 1
@@ -378,7 +389,7 @@ _crypto_secretbox_xchacha20poly1305_detached 0 1
_crypto_secretbox_xchacha20poly1305_easy 0 1
_crypto_secretbox_xchacha20poly1305_keybytes 0 1
_crypto_secretbox_xchacha20poly1305_macbytes 0 1
_crypto_secretbox_xchacha20poly1305_messagebytes_max 0 0
_crypto_secretbox_xchacha20poly1305_messagebytes_max 0 1
_crypto_secretbox_xchacha20poly1305_noncebytes 0 1
_crypto_secretbox_xchacha20poly1305_open_detached 0 1
_crypto_secretbox_xchacha20poly1305_open_easy 0 1
@@ -387,15 +398,15 @@ _crypto_secretbox_xsalsa20poly1305_boxzerobytes 0 1
_crypto_secretbox_xsalsa20poly1305_keybytes 0 1
_crypto_secretbox_xsalsa20poly1305_keygen 0 1
_crypto_secretbox_xsalsa20poly1305_macbytes 0 1
_crypto_secretbox_xsalsa20poly1305_messagebytes_max 0 0
_crypto_secretbox_xsalsa20poly1305_messagebytes_max 0 1
_crypto_secretbox_xsalsa20poly1305_noncebytes 0 1
_crypto_secretbox_xsalsa20poly1305_open 0 1
_crypto_secretbox_xsalsa20poly1305_zerobytes 0 1
_crypto_secretbox_zerobytes 0 1
_crypto_secretstream_xchacha20poly1305_abytes 1 1
_crypto_secretstream_xchacha20poly1305_headerbytes 1 1
_crypto_secretstream_xchacha20poly1305_init_pull 1 1
_crypto_secretstream_xchacha20poly1305_init_push 1 1
_crypto_secretstream_xchacha20poly1305_headerbytes 1 1
_crypto_secretstream_xchacha20poly1305_keybytes 1 1
_crypto_secretstream_xchacha20poly1305_keygen 1 1
_crypto_secretstream_xchacha20poly1305_messagebytes_max 1 1
@@ -425,7 +436,7 @@ _crypto_sign_ed25519 0 1
_crypto_sign_ed25519_bytes 0 1
_crypto_sign_ed25519_detached 0 1
_crypto_sign_ed25519_keypair 0 1
_crypto_sign_ed25519_messagebytes_max 0 0
_crypto_sign_ed25519_messagebytes_max 0 1
_crypto_sign_ed25519_open 0 1
_crypto_sign_ed25519_pk_to_curve25519 1 1
_crypto_sign_ed25519_publickeybytes 0 1
@@ -448,7 +459,7 @@ _crypto_sign_final_create 1 1
_crypto_sign_final_verify 1 1
_crypto_sign_init 1 1
_crypto_sign_keypair 1 1
_crypto_sign_messagebytes_max 0 0
_crypto_sign_messagebytes_max 1 1
_crypto_sign_open 1 1
_crypto_sign_primitive 0 1
_crypto_sign_publickeybytes 1 1
@@ -463,26 +474,26 @@ _crypto_stream_chacha20 0 1
_crypto_stream_chacha20_ietf 0 1
_crypto_stream_chacha20_ietf_keybytes 0 1
_crypto_stream_chacha20_ietf_keygen 0 1
_crypto_stream_chacha20_ietf_messagebytes_max 0 0
_crypto_stream_chacha20_ietf_messagebytes_max 0 1
_crypto_stream_chacha20_ietf_noncebytes 0 1
_crypto_stream_chacha20_ietf_xor 0 1
_crypto_stream_chacha20_ietf_xor_ic 0 1
_crypto_stream_chacha20_keybytes 0 1
_crypto_stream_chacha20_keygen 0 1
_crypto_stream_chacha20_messagebytes_max 0 0
_crypto_stream_chacha20_messagebytes_max 0 1
_crypto_stream_chacha20_noncebytes 0 1
_crypto_stream_chacha20_xor 0 1
_crypto_stream_chacha20_xor_ic 0 1
_crypto_stream_keybytes 0 1
_crypto_stream_keygen 1 1
_crypto_stream_messagebytes_max 0 0
_crypto_stream_keygen 0 1
_crypto_stream_messagebytes_max 0 1
_crypto_stream_noncebytes 0 1
_crypto_stream_primitive 0 1
_crypto_stream_salsa20 0 1
_crypto_stream_salsa2012 0 1
_crypto_stream_salsa2012_keybytes 0 1
_crypto_stream_salsa2012_keygen 0 1
_crypto_stream_salsa2012_messagebytes_max 0 0
_crypto_stream_salsa2012_messagebytes_max 0 1
_crypto_stream_salsa2012_noncebytes 0 1
_crypto_stream_salsa2012_xor 0 1
_crypto_stream_salsa208 0 1
@@ -493,14 +504,14 @@ _crypto_stream_salsa208_noncebytes 0 1
_crypto_stream_salsa208_xor 0 1
_crypto_stream_salsa20_keybytes 0 1
_crypto_stream_salsa20_keygen 0 1
_crypto_stream_salsa20_messagebytes_max 0 0
_crypto_stream_salsa20_messagebytes_max 0 1
_crypto_stream_salsa20_noncebytes 0 1
_crypto_stream_salsa20_xor 0 1
_crypto_stream_salsa20_xor_ic 0 1
_crypto_stream_xchacha20 0 1
_crypto_stream_xchacha20_keybytes 0 1
_crypto_stream_xchacha20_keygen 0 1
_crypto_stream_xchacha20_messagebytes_max 0 0
_crypto_stream_xchacha20_messagebytes_max 0 1
_crypto_stream_xchacha20_noncebytes 0 1
_crypto_stream_xchacha20_xor 0 1
_crypto_stream_xchacha20_xor_ic 0 1
@@ -508,7 +519,7 @@ _crypto_stream_xor 0 1
_crypto_stream_xsalsa20 0 1
_crypto_stream_xsalsa20_keybytes 0 1
_crypto_stream_xsalsa20_keygen 0 1
_crypto_stream_xsalsa20_messagebytes_max 0 0
_crypto_stream_xsalsa20_messagebytes_max 0 1
_crypto_stream_xsalsa20_noncebytes 0 1
_crypto_stream_xsalsa20_xor 0 1
_crypto_stream_xsalsa20_xor_ic 0 1
@@ -530,8 +541,8 @@ _randombytes_stir 1 1
_randombytes_uniform 1 1
_sodium_add 0 0
_sodium_allocarray 0 0
_sodium_base64_encoded_len 1 1
_sodium_base642bin 1 1
_sodium_base64_encoded_len 1 1
_sodium_bin2base64 1 1
_sodium_bin2hex 1 1
_sodium_compare 0 0
@@ -566,5 +577,6 @@ _sodium_runtime_has_sse41 0 0
_sodium_runtime_has_ssse3 0 0
_sodium_set_misuse_handler 0 0
_sodium_stackzero 0 0
_sodium_sub 0 0
_sodium_unpad 1 1
_sodium_version_string 1 1

53
dist-build/emscripten.sh
View File

File diff suppressed because one or more lines are too long

4
dist-build/generate-emscripten-symbols.sh
View File

@@ -17,7 +17,7 @@ symbols() {
fi
done < emscripten-symbols.def
nm /usr/local/lib/libsodium.23.dylib | \
/usr/bin/nm /usr/local/lib/libsodium.23.dylib | \
fgrep ' T _' | \
cut -d' ' -f3 | {
while read symbol; do
@@ -35,7 +35,7 @@ symbols() {
} | \
sort | \
{
out=''
out='"_malloc","_free"'
while read symbol ; do
if [ ! -z "$out" ]; then
out="${out},"

60
dist-build/ios.sh
View File

@@ -17,14 +17,8 @@ export SIMULATOR32_PREFIX="$PREFIX/tmp/simulator32"
export SIMULATOR64_PREFIX="$PREFIX/tmp/simulator64"
export XCODEDIR=$(xcode-select -p)
xcode_major=$(xcodebuild -version|egrep '^Xcode '|cut -d' ' -f2|cut -d. -f1)
if [ $xcode_major -ge 8 ]; then
export IOS_SIMULATOR_VERSION_MIN=${IOS_SIMULATOR_VERSION_MIN-"6.0.0"}
export IOS_VERSION_MIN=${IOS_VERSION_MIN-"6.0.0"}
else
export IOS_SIMULATOR_VERSION_MIN=${IOS_SIMULATOR_VERSION_MIN-"5.1.1"}
export IOS_VERSION_MIN=${IOS_VERSION_MIN-"5.1.1"}
fi
export IOS_SIMULATOR_VERSION_MIN=${IOS_SIMULATOR_VERSION_MIN-"6.0.0"}
export IOS_VERSION_MIN=${IOS_VERSION_MIN-"6.0.0"}
mkdir -p $SIMULATOR32_PREFIX $SIMULATOR64_PREFIX $IOS32_PREFIX $IOS32s_PREFIX $IOS64_PREFIX || exit 1
@@ -34,30 +28,40 @@ export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH"
export SDK="${BASEDIR}/SDKs/iPhoneSimulator.sdk"
## i386 simulator
export CFLAGS="-O2 -arch i386 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN} -flto"
export LDFLAGS="-arch i386 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN} -flto"
export CFLAGS="-O2 -arch i386 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN}"
export LDFLAGS="-arch i386 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN}"
make distclean > /dev/null
if [ -z "$LIBSODIUM_FULL_BUILD" ]; then
export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal"
else
export LIBSODIUM_ENABLE_MINIMAL_FLAG=""
fi
./configure --host=i686-apple-darwin10 \
--disable-shared \
--enable-minimal \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$SIMULATOR32_PREFIX" || exit 1
make -j3 install || exit 1
NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null)
PROCESSORS=${NPROCESSORS:-3}
make -j${PROCESSORS} install || exit 1
## x86_64 simulator
export CFLAGS="-O2 -arch x86_64 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN} -flto"
export LDFLAGS="-arch x86_64 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN} -flto"
export CFLAGS="-O2 -arch x86_64 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN}"
export LDFLAGS="-arch x86_64 -isysroot ${SDK} -mios-simulator-version-min=${IOS_SIMULATOR_VERSION_MIN}"
make distclean > /dev/null
./configure --host=x86_64-apple-darwin10 \
--disable-shared \
--enable-minimal \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$SIMULATOR64_PREFIX"
make -j3 install || exit 1
make -j${PROCESSORS} install || exit 1
# Build for iOS
export BASEDIR="${XCODEDIR}/Platforms/iPhoneOS.platform/Developer"
@@ -65,43 +69,43 @@ export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH"
export SDK="${BASEDIR}/SDKs/iPhoneOS.sdk"
## 32-bit iOS
export CFLAGS="-O2 -mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto"
export LDFLAGS="-mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto"
export CFLAGS="-fembed-bitcode -O2 -mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}"
export LDFLAGS="-fembed-bitcode -mthumb -arch armv7 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}"
make distclean > /dev/null
./configure --host=arm-apple-darwin10 \
--disable-shared \
--enable-minimal \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$IOS32_PREFIX" || exit 1
make -j3 install || exit 1
make -j${PROCESSORS} install || exit 1
## 32-bit armv7s iOS
export CFLAGS="-O2 -mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto"
export LDFLAGS="-mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto"
export CFLAGS="-fembed-bitcode -O2 -mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}"
export LDFLAGS="-fembed-bitcode -mthumb -arch armv7s -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN}"
make distclean > /dev/null
./configure --host=arm-apple-darwin10 \
--disable-shared \
--enable-minimal \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$IOS32s_PREFIX" || exit 1
make -j3 install || exit 1
make -j${PROCESSORS} install || exit 1
## 64-bit iOS
export CFLAGS="-O2 -arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto -fembed-bitcode"
export LDFLAGS="-arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -flto -fembed-bitcode"
export CFLAGS="-fembed-bitcode -O2 -arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -fembed-bitcode"
export LDFLAGS="-fembed-bitcode -arch arm64 -isysroot ${SDK} -mios-version-min=${IOS_VERSION_MIN} -fembed-bitcode"
make distclean > /dev/null
./configure --host=arm-apple-darwin10 \
--disable-shared \
--enable-minimal \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$IOS64_PREFIX" || exit 1
make -j3 install || exit 1
make -j${PROCESSORS} install || exit 1
# Create universal binary and include folder
rm -fr -- "$PREFIX/include" "$PREFIX/libsodium.a" 2> /dev/null

14
dist-build/nativeclient-pnacl.sh
View File

@@ -19,9 +19,19 @@ mkdir -p $PREFIX || exit 1
make distclean > /dev/null
./configure --enable-minimal \
if [ -z "$LIBSODIUM_FULL_BUILD" ]; then
export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal"
else
export LIBSODIUM_ENABLE_MINIMAL_FLAG=""
fi
./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--host=nacl \
--disable-ssp --without-pthreads \
--prefix="$PREFIX" || exit 1
make -j3 check && make -j3 install || exit 1
NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null)
PROCESSORS=${NPROCESSORS:-3}
make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1

14
dist-build/nativeclient-x86.sh
View File

@@ -11,9 +11,19 @@ mkdir -p $PREFIX || exit 1
make distclean > /dev/null
./configure --enable-minimal \
if [ -z "$LIBSODIUM_FULL_BUILD" ]; then
export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal"
else
export LIBSODIUM_ENABLE_MINIMAL_FLAG=""
fi
./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--host=i686-nacl \
--disable-ssp --without-pthreads \
--prefix="$PREFIX" || exit 1
make -j3 check && make -j3 install || exit 1
NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null)
PROCESSORS=${NPROCESSORS:-3}
make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1

14
dist-build/nativeclient-x86_64.sh
View File

@@ -11,9 +11,19 @@ mkdir -p $PREFIX || exit 1
make distclean > /dev/null
./configure --enable-minimal \
if [ -z "$LIBSODIUM_FULL_BUILD" ]; then
export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal"
else
export LIBSODIUM_ENABLE_MINIMAL_FLAG=""
fi
./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--host=x86_64-nacl \
--disable-ssp --without-pthreads \
--prefix="$PREFIX" || exit 1
make -j3 check && make -j3 install || exit 1
NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null)
PROCESSORS=${NPROCESSORS:-3}
make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1

18
dist-build/osx.sh
View File

@@ -6,15 +6,25 @@ export OSX_CPU_ARCH=${OSX_CPU_ARCH-"core2"}
mkdir -p $PREFIX || exit 1
export CFLAGS="-arch x86_64 -mmacosx-version-min=${OSX_VERSION_MIN} -march=${OSX_CPU_ARCH} -O2 -g -flto"
export LDFLAGS="-arch x86_64 -mmacosx-version-min=${OSX_VERSION_MIN} -march=${OSX_CPU_ARCH} -flto"
export CFLAGS="-arch x86_64 -mmacosx-version-min=${OSX_VERSION_MIN} -march=${OSX_CPU_ARCH} -O2 -g"
export LDFLAGS="-arch x86_64 -mmacosx-version-min=${OSX_VERSION_MIN} -march=${OSX_CPU_ARCH}"
make distclean > /dev/null
./configure --enable-minimal \
if [ -z "$LIBSODIUM_FULL_BUILD" ]; then
export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal"
else
export LIBSODIUM_ENABLE_MINIMAL_FLAG=""
fi
./configure ${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$PREFIX" || exit 1
make -j3 check && make -j3 install || exit 1
NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null)
PROCESSORS=${NPROCESSORS:-3}
make -j${PROCESSORS} check && make -j${PROCESSORS} install || exit 1
# Cleanup
make distclean > /dev/null

114
dist-build/watchos.sh Normal file
View File

@@ -0,0 +1,114 @@
#! /bin/sh
#
# Step 1.
# Configure for base system so simulator is covered
#
# Step 2.
# Make for watchOS and watchOS simulator
#
# Step 3.
# Merge libs into final version for xcode import
export PREFIX="$(pwd)/libsodium-watchos"
export WATCHOS32_PREFIX="$PREFIX/tmp/watchos32"
export WATCHOS64_32_PREFIX="$PREFIX/tmp/watchos64_32"
export SIMULATOR32_PREFIX="$PREFIX/tmp/simulator32"
export SIMULATOR64_PREFIX="$PREFIX/tmp/simulator64"
export XCODEDIR=$(xcode-select -p)
export WATCHOS_SIMULATOR_VERSION_MIN=${WATCHOS_SIMULATOR_VERSION_MIN-"4.0.0"}
export WATCHOS_VERSION_MIN=${WATCHOS_VERSION_MIN-"4.0.0"}
mkdir -p $SIMULATOR32_PREFIX $SIMULATOR64_PREFIX $WATCHOS32_PREFIX $WATCHOS64_32_PREFIX || exit 1
# Build for the simulator
export BASEDIR="${XCODEDIR}/Platforms/WatchSimulator.platform/Developer"
export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH"
export SDK="${BASEDIR}/SDKs/WatchSimulator.sdk"
## i386 simulator
export CFLAGS="-O2 -arch i386 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}"
export LDFLAGS="-arch i386 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}"
make distclean > /dev/null
if [ -z "$LIBSODIUM_FULL_BUILD" ]; then
export LIBSODIUM_ENABLE_MINIMAL_FLAG="--enable-minimal"
else
export LIBSODIUM_ENABLE_MINIMAL_FLAG=""
fi
./configure --host=i686-apple-darwin10 \
--disable-shared \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$SIMULATOR32_PREFIX" || exit 1
NPROCESSORS=$(getconf NPROCESSORS_ONLN 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null)
PROCESSORS=${NPROCESSORS:-3}
make -j${PROCESSORS} install || exit 1
## x86_64 simulator
export CFLAGS="-O2 -arch x86_64 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}"
export LDFLAGS="-arch x86_64 -isysroot ${SDK} -mwatchos-simulator-version-min=${WATCHOS_SIMULATOR_VERSION_MIN}"
make distclean > /dev/null
./configure --host=x86_64-apple-darwin10 \
--disable-shared \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$SIMULATOR64_PREFIX"
make -j${PROCESSORS} install || exit 1
# Build for watchOS
export BASEDIR="${XCODEDIR}/Platforms/WatchOS.platform/Developer"
export PATH="${BASEDIR}/usr/bin:$BASEDIR/usr/sbin:$PATH"
export SDK="${BASEDIR}/SDKs/WatchOS.sdk"
## 32-bit watchOS
export CFLAGS="-fembed-bitcode -O2 -mthumb -arch armv7k -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}"
export LDFLAGS="-fembed-bitcode -mthumb -arch armv7k -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}"
make distclean > /dev/null
./configure --host=arm-apple-darwin10 \
--disable-shared \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$WATCHOS32_PREFIX" || exit 1
make -j${PROCESSORS} install || exit 1
## 64-bit arm64_32 watchOS
export CFLAGS="-fembed-bitcode -O2 -mthumb -arch arm64_32 -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}"
export LDFLAGS="-fembed-bitcode -mthumb -arch arm64_32 -isysroot ${SDK} -mwatchos-version-min=${WATCHOS_VERSION_MIN}"
make distclean > /dev/null
./configure --host=arm-apple-darwin10 \
--disable-shared \
${LIBSODIUM_ENABLE_MINIMAL_FLAG} \
--prefix="$WATCHOS64_32_PREFIX" || exit 1
make -j${PROCESSORS} install || exit 1
# Create universal binary and include folder
rm -fr -- "$PREFIX/include" "$PREFIX/libsodium.a" 2> /dev/null
mkdir -p -- "$PREFIX/lib"
lipo -create \
"$SIMULATOR32_PREFIX/lib/libsodium.a" \
"$SIMULATOR64_PREFIX/lib/libsodium.a" \
"$WATCHOS32_PREFIX/lib/libsodium.a" \
"$WATCHOS64_32_PREFIX/lib/libsodium.a" \
-output "$PREFIX/lib/libsodium.a"
mv -f -- "$WATCHOS32_PREFIX/include" "$PREFIX/"
echo
echo "libsodium has been installed into $PREFIX"
echo
file -- "$PREFIX/lib/libsodium.a"
# Cleanup
rm -rf -- "$PREFIX/tmp"
make distclean > /dev/null

6
lgtm.yml Normal file
View File

@@ -0,0 +1,6 @@
extraction:
cpp:
configure:
command:
- ./autogen.sh
- ./configure

1
libsodium.vcxproj
View File

@@ -497,6 +497,7 @@
<ClInclude Include="src\libsodium\include\sodium\private\sse2_64_32.h" />
<ClInclude Include="src\libsodium\include\sodium\private\common.h" />
<ClInclude Include="src\libsodium\include\sodium\private\mutex.h" />
<ClInclude Include="src\libsodium\include\sodium\private\chacha20_ietf_ext.h" />
<ClInclude Include="src\libsodium\include\sodium\private\implementations.h" />
<ClInclude Include="src\libsodium\crypto_pwhash\argon2\blamka-round-ref.h" />
<ClInclude Include="src\libsodium\crypto_pwhash\argon2\blamka-round-avx2.h" />

3
libsodium.vcxproj.filters
View File

@@ -557,6 +557,9 @@
<ClInclude Include="src\libsodium\include\sodium\private\mutex.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\libsodium\include\sodium\private\chacha20_ietf_ext.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="src\libsodium\include\sodium\private\implementations.h">
<Filter>Header Files</Filter>
</ClInclude>

4
msvc-scripts/process.bat
View File

@@ -1,5 +1,5 @@
cscript msvc-scripts/rep.vbs //Nologo s/@VERSION@/1.0.16/ < src\libsodium\include\sodium\version.h.in > tmp
cscript msvc-scripts/rep.vbs //Nologo s/@VERSION@/1.0.17/ < src\libsodium\include\sodium\version.h.in > tmp
cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MAJOR@/10/ < tmp > tmp2
cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MINOR@/1/ < tmp2 > tmp3
cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_VERSION_MINOR@/2/ < tmp2 > tmp3
cscript msvc-scripts/rep.vbs //Nologo s/@SODIUM_LIBRARY_MINIMAL_DEF@// < tmp3 > src\libsodium\include\sodium\version.h
del tmp tmp2 tmp3

10
packaging/dotnet-core/README.md
View File

@@ -31,15 +31,15 @@ Version numbers for the packages for .NET Core consist of three components:
It may be necessary to release more than one package for a libsodium version,
e.g., when adding support for a new platform or if a release contains a broken
binary. In this case, a package revision number is added as a fourth part to
the libsodium version, starting at `1`. For example, `1.0.16` is the initial
release of the package for libsodium 1.0.16 and `1.0.16.5` is the fifth
the libsodium version, starting at `1`. For example, `1.0.17` is the initial
release of the package for libsodium 1.0.17 and `1.0.17.5` is the fifth
revision (sixth release) of that package.
* *pre-release label*
If a package is a pre-release, a label is appended to the version number in
`-preview-##` format where `##` is the number of the pre-release, starting at
`01`. For example, `1.0.16-preview-01` is the first pre-release of the package
for libsodium 1.0.16 and `1.0.16.5-preview-02` the second pre-release of the
fifth revision of the package for libsodium 1.0.16.
`01`. For example, `1.0.17-preview-01` is the first pre-release of the package
for libsodium 1.0.17 and `1.0.17.5-preview-02` the second pre-release of the
fifth revision of the package for libsodium 1.0.17.
**Making a release**

2
packaging/dotnet-core/libsodium.props
View File

@@ -15,7 +15,7 @@
<Version><!-- set by prepare.py --></Version>
<Authors>Frank Denis</Authors>
<Description>Internal implementation package not meant for direct consumption. Please do not reference directly.</Description>
<Copyright>&#169; 2013-2017 Frank Denis</Copyright>
<Copyright>&#169; 2013-2019 Frank Denis</Copyright>
<PackageRequireLicenseAcceptance>true</PackageRequireLicenseAcceptance>
<PackageLicenseUrl>https://raw.githubusercontent.com/jedisct1/libsodium/master/LICENSE</PackageLicenseUrl>
<PackageProjectUrl>https://libsodium.org/</PackageProjectUrl>

14
packaging/dotnet-core/prepare.py
View File

@@ -170,13 +170,13 @@ def main(args):
print(' python3 prepare.py <version>')
print()
print('Examples:')
print(' python3 prepare.py 1.0.16-preview-01')
print(' python3 prepare.py 1.0.16-preview-02')
print(' python3 prepare.py 1.0.16-preview-03')
print(' python3 prepare.py 1.0.16')
print(' python3 prepare.py 1.0.16.1-preview-01')
print(' python3 prepare.py 1.0.16.1')
print(' python3 prepare.py 1.0.16.2')
print(' python3 prepare.py 1.0.17-preview-01')
print(' python3 prepare.py 1.0.17-preview-02')
print(' python3 prepare.py 1.0.17-preview-03')
print(' python3 prepare.py 1.0.17')
print(' python3 prepare.py 1.0.17.1-preview-01')
print(' python3 prepare.py 1.0.17.1')
print(' python3 prepare.py 1.0.17.2')
return 1
version = Version(m.group(2), m.group(0))

2
packaging/nuget/package.config
View File

@@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- These values are populated into the package.gsl templates by package.bat. -->
<!-- The target attribute controls path and file name only, id controls package naming. -->
<package id="libsodium_vc120" target="libsodium" version = "1.0.16.0" pathversion="1_0_16_0" platformtoolset="v120" />
<package id="libsodium_vc120" target="libsodium" version = "1.0.17.0" pathversion="1_0_17_0" platformtoolset="v120" />

4
packaging/nuget/package.gsl
View File

@@ -27,7 +27,7 @@
<description>Sodium is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API.</description>
<summary>Portable fork of NaCl, packaged for Visual Studio 2013 (v120) and CTP_Nov2013 compilers.</summary>
<releaseNotes>https://raw.github.com/jedisct1/libsodium/master/ChangeLog</releaseNotes>
<copyright>(c) 2013-2017, Frank Denis (attribution required)</copyright>
<copyright>(c) 2013-2019, Frank Denis (attribution required)</copyright>
<tags>native, NaCl, salt, sodium, libsodium, C++</tags>
<dependencies>
.for dependency
@@ -257,4 +257,4 @@
<EnumValue Name="ltcg" DisplayName="Static using link time compile generation (LTCG)" />
</EnumProperty>
</Rule>
</ProjectSchemaDefinitions>
</ProjectSchemaDefinitions>

1
regen-msvc/regen-msvc.py
View File

@@ -1,6 +1,5 @@
#! /usr/bin/env python3
import fileinput
import glob
import os
import uuid

1
src/libsodium/Makefile.am
View File

@@ -82,6 +82,7 @@ libsodium_la_SOURCES = \
crypto_stream/salsa20/stream_salsa20.h \
crypto_stream/xsalsa20/stream_xsalsa20.c \
crypto_verify/sodium/verify.c \
include/sodium/private/chacha20_ietf_ext.h \
include/sodium/private/common.h \
include/sodium/private/ed25519_ref10.h \
include/sodium/private/implementations.h \

50
src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c
View File

@@ -51,10 +51,10 @@ _bswap64(const uint64_t x)
}
#endif
typedef struct context {
CRYPTO_ALIGN(16) unsigned char H[16];
__m128i rkeys[16];
} context;
typedef struct aes256gcm_state {
__m128i rkeys[16];
unsigned char H[16];
} aes256gcm_state;
static inline void
aesni_key256_expand(const unsigned char *key, __m128i * const rkeys)
@@ -488,10 +488,10 @@ int
crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
const unsigned char *k)
{
context *ctx = (context *) ctx_;
__m128i *rkeys = ctx->rkeys;
__m128i zero = _mm_setzero_si128();
unsigned char *H = ctx->H;
aes256gcm_state *ctx = (aes256gcm_state *) (void *) ctx_;
unsigned char *H = ctx->H;
__m128i *rkeys = ctx->rkeys;
__m128i zero = _mm_setzero_si128();
COMPILER_ASSERT((sizeof *ctx_) >= (sizeof *ctx));
aesni_key256_expand(k, rkeys);
@@ -509,13 +509,13 @@ crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
{
const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
const context *ctx = (const context *) ctx_;
const __m128i *rkeys = ctx->rkeys;
__m128i Hv, H2v, H3v, H4v, accv;
unsigned long long i, j;
unsigned long long adlen_rnd64 = adlen & ~63ULL;
unsigned long long mlen_rnd128 = mlen & ~127ULL;
const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
const aes256gcm_state *ctx = (const aes256gcm_state *) (const void *) ctx_;
const __m128i *rkeys = ctx->rkeys;
__m128i Hv, H2v, H3v, H4v, accv;
unsigned long long i, j;
unsigned long long adlen_rnd64 = adlen & ~63ULL;
unsigned long long mlen_rnd128 = mlen & ~127ULL;
CRYPTO_ALIGN(16) uint32_t n2[4];
CRYPTO_ALIGN(16) unsigned char H[16];
CRYPTO_ALIGN(16) unsigned char T[16];
@@ -647,14 +647,14 @@ crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m, unsigned char *
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
{
const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
const context *ctx = (const context *) ctx_;
const __m128i *rkeys = ctx->rkeys;
__m128i Hv, H2v, H3v, H4v, accv;
unsigned long long i, j;
unsigned long long adlen_rnd64 = adlen & ~63ULL;
unsigned long long mlen;
unsigned long long mlen_rnd128;
const __m128i rev = _mm_set_epi8(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15);
const aes256gcm_state *ctx = (const aes256gcm_state *) (const void *) ctx_;
const __m128i *rkeys = ctx->rkeys;
__m128i Hv, H2v, H3v, H4v, accv;
unsigned long long i, j;
unsigned long long adlen_rnd64 = adlen & ~63ULL;
unsigned long long mlen;
unsigned long long mlen_rnd128;
CRYPTO_ALIGN(16) uint32_t n2[4];
CRYPTO_ALIGN(16) unsigned char H[16];
CRYPTO_ALIGN(16) unsigned char T[16];
@@ -862,7 +862,7 @@ crypto_aead_aes256gcm_encrypt(unsigned char *c,
ret = crypto_aead_aes256gcm_encrypt_afternm
(c, clen_p, m, mlen, ad, adlen, nsec, npub,
(const crypto_aead_aes256gcm_state *) &ctx);
sodium_memzero(ctx, sizeof ctx);
sodium_memzero(&ctx, sizeof ctx);
return ret;
}
@@ -906,7 +906,7 @@ crypto_aead_aes256gcm_decrypt(unsigned char *m,
ret = crypto_aead_aes256gcm_decrypt_afternm
(m, mlen_p, nsec, c, clen, ad, adlen, npub,
(const crypto_aead_aes256gcm_state *) &ctx);
sodium_memzero(ctx, sizeof ctx);
sodium_memzero(&ctx, sizeof ctx);
return ret;
}

1
src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c
View File

@@ -12,6 +12,7 @@
#include "randombytes.h"
#include "utils.h"
#include "private/chacha20_ietf_ext.h"
#include "private/common.h"
static const unsigned char _pad0[16] = { 0 };

118
src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c
View File

@@ -5,14 +5,118 @@
#include <string.h>
#include "core.h"
#include "crypto_aead_xchacha20poly1305.h"
#include "crypto_aead_chacha20poly1305.h"
#include "crypto_aead_xchacha20poly1305.h"
#include "crypto_core_hchacha20.h"
#include "crypto_onetimeauth_poly1305.h"
#include "crypto_stream_chacha20.h"
#include "crypto_verify_16.h"
#include "randombytes.h"
#include "utils.h"
#include "private/chacha20_ietf_ext.h"
#include "private/common.h"
static const unsigned char _pad0[16] = { 0 };
static int
_encrypt_detached(unsigned char *c,
unsigned char *mac,
unsigned long long *maclen_p,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k)
{
crypto_onetimeauth_poly1305_state state;
unsigned char block0[64U];
unsigned char slen[8U];
(void) nsec;
crypto_stream_chacha20_ietf_ext(block0, sizeof block0, npub, k);
crypto_onetimeauth_poly1305_init(&state, block0);
sodium_memzero(block0, sizeof block0);
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf);
crypto_stream_chacha20_ietf_ext_xor_ic(c, m, mlen, npub, 1U, k);
crypto_onetimeauth_poly1305_update(&state, c, mlen);
crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf);
STORE64_LE(slen, (uint64_t) adlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
STORE64_LE(slen, (uint64_t) mlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_final(&state, mac);
sodium_memzero(&state, sizeof state);
if (maclen_p != NULL) {
*maclen_p = crypto_aead_chacha20poly1305_ietf_ABYTES;
}
return 0;
}
static int
_decrypt_detached(unsigned char *m,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *mac,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
{
crypto_onetimeauth_poly1305_state state;
unsigned char block0[64U];
unsigned char slen[8U];
unsigned char computed_mac[crypto_aead_chacha20poly1305_ietf_ABYTES];
unsigned long long mlen;
int ret;
(void) nsec;
crypto_stream_chacha20_ietf_ext(block0, sizeof block0, npub, k);
crypto_onetimeauth_poly1305_init(&state, block0);
sodium_memzero(block0, sizeof block0);
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - adlen) & 0xf);
mlen = clen;
crypto_onetimeauth_poly1305_update(&state, c, mlen);
crypto_onetimeauth_poly1305_update(&state, _pad0, (0x10 - mlen) & 0xf);
STORE64_LE(slen, (uint64_t) adlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
STORE64_LE(slen, (uint64_t) mlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_final(&state, computed_mac);
sodium_memzero(&state, sizeof state);
COMPILER_ASSERT(sizeof computed_mac == 16U);
ret = crypto_verify_16(computed_mac, mac);
sodium_memzero(computed_mac, sizeof computed_mac);
if (m == NULL) {
return ret;
}
if (ret != 0) {
memset(m, 0, mlen);
return -1;
}
crypto_stream_chacha20_ietf_ext_xor_ic(m, c, mlen, npub, 1U, k);
return 0;
}
int
crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
unsigned char *mac,
@@ -32,8 +136,8 @@ crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
crypto_core_hchacha20(k2, npub, k, NULL);
memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES,
crypto_aead_chacha20poly1305_ietf_NPUBBYTES - 4);
ret = crypto_aead_chacha20poly1305_ietf_encrypt_detached
(c, mac, maclen_p, m, mlen, ad, adlen, nsec, npub2, k2);
ret = _encrypt_detached(c, mac, maclen_p, m, mlen, ad, adlen,
nsec, npub2, k2);
sodium_memzero(k2, crypto_core_hchacha20_OUTPUTBYTES);
return ret;
@@ -53,7 +157,7 @@ crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c,
unsigned long long clen = 0ULL;
int ret;
if (mlen > UINT64_MAX - crypto_aead_xchacha20poly1305_ietf_ABYTES) {
if (mlen > crypto_aead_xchacha20poly1305_ietf_MESSAGEBYTES_MAX) {
sodium_misuse();
}
ret = crypto_aead_xchacha20poly1305_ietf_encrypt_detached
@@ -85,12 +189,10 @@ crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
crypto_core_hchacha20(k2, npub, k, NULL);
memcpy(npub2 + 4, npub + crypto_core_hchacha20_INPUTBYTES,
crypto_aead_chacha20poly1305_ietf_NPUBBYTES - 4);
ret = crypto_aead_chacha20poly1305_ietf_decrypt_detached
(m, nsec, c, clen, mac, ad, adlen, npub2, k2);
ret = _decrypt_detached(m, nsec, c, clen, mac, ad, adlen, npub2, k2);
sodium_memzero(k2, crypto_core_hchacha20_OUTPUTBYTES);
return ret;
}
int
@@ -105,7 +207,7 @@ crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
const unsigned char *k)
{
unsigned long long mlen = 0ULL;
int ret = -1;
int ret = -1;
if (clen >= crypto_aead_xchacha20poly1305_ietf_ABYTES) {
ret = crypto_aead_xchacha20poly1305_ietf_decrypt_detached

116
src/libsodium/crypto_core/ed25519/core_ed25519.c
View File

@@ -1,7 +1,11 @@
#include <stdint.h>
#include "crypto_core_ed25519.h"
#include "private/common.h"
#include "private/ed25519_ref10.h"
#include "randombytes.h"
#include "utils.h"
int
crypto_core_ed25519_is_valid_point(const unsigned char *p)
@@ -66,14 +70,126 @@ crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
return - ge25519_has_small_order(p);
}
void
crypto_core_ed25519_scalar_random(unsigned char *r)
{
do {
randombytes_buf(r, crypto_core_ed25519_SCALARBYTES);
r[crypto_core_ed25519_SCALARBYTES - 1] &= 0x1f;
} while (sc25519_is_canonical(r) == 0 ||
sodium_is_zero(r, crypto_core_ed25519_SCALARBYTES));
}
int
crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s)
{
sc25519_invert(recip, s);
return - sodium_is_zero(s, crypto_core_ed25519_SCALARBYTES);
}
/* 2^252+27742317777372353535851937790883648493 */
static const unsigned char L[] = {
0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7,
0xa2, 0xde, 0xf9, 0xde, 0x14, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
};
void
crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s)
{
unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
COMPILER_ASSERT(crypto_core_ed25519_NONREDUCEDSCALARBYTES >=
2 * crypto_core_ed25519_SCALARBYTES);
memset(t_, 0, sizeof t_);
memset(s_, 0, sizeof s_);
memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L,
crypto_core_ed25519_SCALARBYTES);
memcpy(s_, s, crypto_core_ed25519_SCALARBYTES);
sodium_sub(t_, s_, sizeof t_);
sc25519_reduce(t_);
memcpy(neg, t_, crypto_core_ed25519_SCALARBYTES);
}
void
crypto_core_ed25519_scalar_complement(unsigned char *comp,
const unsigned char *s)
{
unsigned char t_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
unsigned char s_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
COMPILER_ASSERT(crypto_core_ed25519_NONREDUCEDSCALARBYTES >=
2 * crypto_core_ed25519_SCALARBYTES);
memset(t_, 0, sizeof t_);
memset(s_, 0, sizeof s_);
t_[0]++;
memcpy(t_ + crypto_core_ed25519_SCALARBYTES, L,
crypto_core_ed25519_SCALARBYTES);
memcpy(s_, s, crypto_core_ed25519_SCALARBYTES);
sodium_sub(t_, s_, sizeof t_);
sc25519_reduce(t_);
memcpy(comp, t_, crypto_core_ed25519_SCALARBYTES);
}
void
crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x,
const unsigned char *y)
{
unsigned char x_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
unsigned char y_[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
memset(x_, 0, sizeof x_);
memset(y_, 0, sizeof y_);
memcpy(x_, x, crypto_core_ed25519_SCALARBYTES);
memcpy(y_, y, crypto_core_ed25519_SCALARBYTES);
sodium_add(x_, y_, crypto_core_ed25519_SCALARBYTES);
crypto_core_ed25519_scalar_reduce(z, x_);
}
void
crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
const unsigned char *y)
{
unsigned char yn[crypto_core_ed25519_SCALARBYTES];
crypto_core_ed25519_scalar_negate(yn, y);
crypto_core_ed25519_scalar_add(z, x, yn);
}
void
crypto_core_ed25519_scalar_reduce(unsigned char *r,
const unsigned char *s)
{
unsigned char t[crypto_core_ed25519_NONREDUCEDSCALARBYTES];
memcpy(t, s, sizeof t);
sc25519_reduce(t);
memcpy(r, t, crypto_core_ed25519_SCALARBYTES);
sodium_memzero(t, sizeof t);
}
size_t
crypto_core_ed25519_bytes(void)
{
return crypto_core_ed25519_BYTES;
}
size_t
crypto_core_ed25519_nonreducedscalarbytes(void)
{
return crypto_core_ed25519_NONREDUCEDSCALARBYTES;
}
size_t
crypto_core_ed25519_uniformbytes(void)
{
return crypto_core_ed25519_UNIFORMBYTES;
}
size_t
crypto_core_ed25519_scalarbytes(void)
{
return crypto_core_ed25519_SCALARBYTES;
}

562
src/libsodium/crypto_core/ed25519/ref10/ed25519_ref10.c
View File

@@ -1055,6 +1055,478 @@ ge25519_has_small_order(const unsigned char s[32])
return (int) ((k >> 8) & 1);
}
/*
Input:
a[0]+256*a[1]+...+256^31*a[31] = a
b[0]+256*b[1]+...+256^31*b[31] = b
*
Output:
s[0]+256*s[1]+...+256^31*s[31] = (ab) mod l
where l = 2^252 + 27742317777372353535851937790883648493.
*/
static void
sc25519_mul(unsigned char s[32], const unsigned char a[32], const unsigned char b[32])
{
int64_t a0 = 2097151 & load_3(a);
int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
int64_t a2 = 2097151 & (load_3(a + 5) >> 2);
int64_t a3 = 2097151 & (load_4(a + 7) >> 7);
int64_t a4 = 2097151 & (load_4(a + 10) >> 4);
int64_t a5 = 2097151 & (load_3(a + 13) >> 1);
int64_t a6 = 2097151 & (load_4(a + 15) >> 6);
int64_t a7 = 2097151 & (load_3(a + 18) >> 3);
int64_t a8 = 2097151 & load_3(a + 21);
int64_t a9 = 2097151 & (load_4(a + 23) >> 5);
int64_t a10 = 2097151 & (load_3(a + 26) >> 2);
int64_t a11 = (load_4(a + 28) >> 7);
int64_t b0 = 2097151 & load_3(b);
int64_t b1 = 2097151 & (load_4(b + 2) >> 5);
int64_t b2 = 2097151 & (load_3(b + 5) >> 2);
int64_t b3 = 2097151 & (load_4(b + 7) >> 7);
int64_t b4 = 2097151 & (load_4(b + 10) >> 4);
int64_t b5 = 2097151 & (load_3(b + 13) >> 1);
int64_t b6 = 2097151 & (load_4(b + 15) >> 6);
int64_t b7 = 2097151 & (load_3(b + 18) >> 3);
int64_t b8 = 2097151 & load_3(b + 21);
int64_t b9 = 2097151 & (load_4(b + 23) >> 5);
int64_t b10 = 2097151 & (load_3(b + 26) >> 2);
int64_t b11 = (load_4(b + 28) >> 7);
int64_t s0;
int64_t s1;
int64_t s2;
int64_t s3;
int64_t s4;
int64_t s5;
int64_t s6;
int64_t s7;
int64_t s8;
int64_t s9;
int64_t s10;
int64_t s11;
int64_t s12;
int64_t s13;
int64_t s14;
int64_t s15;
int64_t s16;
int64_t s17;
int64_t s18;
int64_t s19;
int64_t s20;
int64_t s21;
int64_t s22;
int64_t s23;
int64_t carry0;
int64_t carry1;
int64_t carry2;
int64_t carry3;
int64_t carry4;
int64_t carry5;
int64_t carry6;
int64_t carry7;
int64_t carry8;
int64_t carry9;
int64_t carry10;
int64_t carry11;
int64_t carry12;
int64_t carry13;
int64_t carry14;
int64_t carry15;
int64_t carry16;
int64_t carry17;
int64_t carry18;
int64_t carry19;
int64_t carry20;
int64_t carry21;
int64_t carry22;
s0 = a0 * b0;
s1 = a0 * b1 + a1 * b0;
s2 = a0 * b2 + a1 * b1 + a2 * b0;
s3 = a0 * b3 + a1 * b2 + a2 * b1 + a3 * b0;
s4 = a0 * b4 + a1 * b3 + a2 * b2 + a3 * b1 + a4 * b0;
s5 = a0 * b5 + a1 * b4 + a2 * b3 + a3 * b2 + a4 * b1 + a5 * b0;
s6 = a0 * b6 + a1 * b5 + a2 * b4 + a3 * b3 + a4 * b2 + a5 * b1 + a6 * b0;
s7 = a0 * b7 + a1 * b6 + a2 * b5 + a3 * b4 + a4 * b3 + a5 * b2 +
a6 * b1 + a7 * b0;
s8 = a0 * b8 + a1 * b7 + a2 * b6 + a3 * b5 + a4 * b4 + a5 * b3 +
a6 * b2 + a7 * b1 + a8 * b0;
s9 = a0 * b9 + a1 * b8 + a2 * b7 + a3 * b6 + a4 * b5 + a5 * b4 +
a6 * b3 + a7 * b2 + a8 * b1 + a9 * b0;
s10 = a0 * b10 + a1 * b9 + a2 * b8 + a3 * b7 + a4 * b6 + a5 * b5 +
a6 * b4 + a7 * b3 + a8 * b2 + a9 * b1 + a10 * b0;
s11 = a0 * b11 + a1 * b10 + a2 * b9 + a3 * b8 + a4 * b7 + a5 * b6 +
a6 * b5 + a7 * b4 + a8 * b3 + a9 * b2 + a10 * b1 + a11 * b0;
s12 = a1 * b11 + a2 * b10 + a3 * b9 + a4 * b8 + a5 * b7 + a6 * b6 +
a7 * b5 + a8 * b4 + a9 * b3 + a10 * b2 + a11 * b1;
s13 = a2 * b11 + a3 * b10 + a4 * b9 + a5 * b8 + a6 * b7 + a7 * b6 +
a8 * b5 + a9 * b4 + a10 * b3 + a11 * b2;
s14 = a3 * b11 + a4 * b10 + a5 * b9 + a6 * b8 + a7 * b7 + a8 * b6 +
a9 * b5 + a10 * b4 + a11 * b3;
s15 = a4 * b11 + a5 * b10 + a6 * b9 + a7 * b8 + a8 * b7 + a9 * b6 +
a10 * b5 + a11 * b4;
s16 =
a5 * b11 + a6 * b10 + a7 * b9 + a8 * b8 + a9 * b7 + a10 * b6 + a11 * b5;
s17 = a6 * b11 + a7 * b10 + a8 * b9 + a9 * b8 + a10 * b7 + a11 * b6;
s18 = a7 * b11 + a8 * b10 + a9 * b9 + a10 * b8 + a11 * b7;
s19 = a8 * b11 + a9 * b10 + a10 * b9 + a11 * b8;
s20 = a9 * b11 + a10 * b10 + a11 * b9;
s21 = a10 * b11 + a11 * b10;
s22 = a11 * b11;
s23 = 0;
carry0 = (s0 + (int64_t) (1L << 20)) >> 21;
s1 += carry0;
s0 -= carry0 * ((uint64_t) 1L << 21);
carry2 = (s2 + (int64_t) (1L << 20)) >> 21;
s3 += carry2;
s2 -= carry2 * ((uint64_t) 1L << 21);
carry4 = (s4 + (int64_t) (1L << 20)) >> 21;
s5 += carry4;
s4 -= carry4 * ((uint64_t) 1L << 21);
carry6 = (s6 + (int64_t) (1L << 20)) >> 21;
s7 += carry6;
s6 -= carry6 * ((uint64_t) 1L << 21);
carry8 = (s8 + (int64_t) (1L << 20)) >> 21;
s9 += carry8;
s8 -= carry8 * ((uint64_t) 1L << 21);
carry10 = (s10 + (int64_t) (1L << 20)) >> 21;
s11 += carry10;
s10 -= carry10 * ((uint64_t) 1L << 21);
carry12 = (s12 + (int64_t) (1L << 20)) >> 21;
s13 += carry12;
s12 -= carry12 * ((uint64_t) 1L << 21);
carry14 = (s14 + (int64_t) (1L << 20)) >> 21;
s15 += carry14;
s14 -= carry14 * ((uint64_t) 1L << 21);
carry16 = (s16 + (int64_t) (1L << 20)) >> 21;
s17 += carry16;
s16 -= carry16 * ((uint64_t) 1L << 21);
carry18 = (s18 + (int64_t) (1L << 20)) >> 21;
s19 += carry18;
s18 -= carry18 * ((uint64_t) 1L << 21);
carry20 = (s20 + (int64_t) (1L << 20)) >> 21;
s21 += carry20;
s20 -= carry20 * ((uint64_t) 1L << 21);
carry22 = (s22 + (int64_t) (1L << 20)) >> 21;
s23 += carry22;
s22 -= carry22 * ((uint64_t) 1L << 21);
carry1 = (s1 + (int64_t) (1L << 20)) >> 21;
s2 += carry1;
s1 -= carry1 * ((uint64_t) 1L << 21);
carry3 = (s3 + (int64_t) (1L << 20)) >> 21;
s4 += carry3;
s3 -= carry3 * ((uint64_t) 1L << 21);
carry5 = (s5 + (int64_t) (1L << 20)) >> 21;
s6 += carry5;
s5 -= carry5 * ((uint64_t) 1L << 21);
carry7 = (s7 + (int64_t) (1L << 20)) >> 21;
s8 += carry7;
s7 -= carry7 * ((uint64_t) 1L << 21);
carry9 = (s9 + (int64_t) (1L << 20)) >> 21;
s10 += carry9;
s9 -= carry9 * ((uint64_t) 1L << 21);
carry11 = (s11 + (int64_t) (1L << 20)) >> 21;
s12 += carry11;
s11 -= carry11 * ((uint64_t) 1L << 21);
carry13 = (s13 + (int64_t) (1L << 20)) >> 21;
s14 += carry13;
s13 -= carry13 * ((uint64_t) 1L << 21);
carry15 = (s15 + (int64_t) (1L << 20)) >> 21;
s16 += carry15;
s15 -= carry15 * ((uint64_t) 1L << 21);
carry17 = (s17 + (int64_t) (1L << 20)) >> 21;
s18 += carry17;
s17 -= carry17 * ((uint64_t) 1L << 21);
carry19 = (s19 + (int64_t) (1L << 20)) >> 21;
s20 += carry19;
s19 -= carry19 * ((uint64_t) 1L << 21);
carry21 = (s21 + (int64_t) (1L << 20)) >> 21;
s22 += carry21;
s21 -= carry21 * ((uint64_t) 1L << 21);
s11 += s23 * 666643;
s12 += s23 * 470296;
s13 += s23 * 654183;
s14 -= s23 * 997805;
s15 += s23 * 136657;
s16 -= s23 * 683901;
s10 += s22 * 666643;
s11 += s22 * 470296;
s12 += s22 * 654183;
s13 -= s22 * 997805;
s14 += s22 * 136657;
s15 -= s22 * 683901;
s9 += s21 * 666643;
s10 += s21 * 470296;
s11 += s21 * 654183;
s12 -= s21 * 997805;
s13 += s21 * 136657;
s14 -= s21 * 683901;
s8 += s20 * 666643;
s9 += s20 * 470296;
s10 += s20 * 654183;
s11 -= s20 * 997805;
s12 += s20 * 136657;
s13 -= s20 * 683901;
s7 += s19 * 666643;
s8 += s19 * 470296;
s9 += s19 * 654183;
s10 -= s19 * 997805;
s11 += s19 * 136657;
s12 -= s19 * 683901;
s6 += s18 * 666643;
s7 += s18 * 470296;
s8 += s18 * 654183;
s9 -= s18 * 997805;
s10 += s18 * 136657;
s11 -= s18 * 683901;
carry6 = (s6 + (int64_t) (1L << 20)) >> 21;
s7 += carry6;
s6 -= carry6 * ((uint64_t) 1L << 21);
carry8 = (s8 + (int64_t) (1L << 20)) >> 21;
s9 += carry8;
s8 -= carry8 * ((uint64_t) 1L << 21);
carry10 = (s10 + (int64_t) (1L << 20)) >> 21;
s11 += carry10;
s10 -= carry10 * ((uint64_t) 1L << 21);
carry12 = (s12 + (int64_t) (1L << 20)) >> 21;
s13 += carry12;
s12 -= carry12 * ((uint64_t) 1L << 21);
carry14 = (s14 + (int64_t) (1L << 20)) >> 21;
s15 += carry14;
s14 -= carry14 * ((uint64_t) 1L << 21);
carry16 = (s16 + (int64_t) (1L << 20)) >> 21;
s17 += carry16;
s16 -= carry16 * ((uint64_t) 1L << 21);
carry7 = (s7 + (int64_t) (1L << 20)) >> 21;
s8 += carry7;
s7 -= carry7 * ((uint64_t) 1L << 21);
carry9 = (s9 + (int64_t) (1L << 20)) >> 21;
s10 += carry9;
s9 -= carry9 * ((uint64_t) 1L << 21);
carry11 = (s11 + (int64_t) (1L << 20)) >> 21;
s12 += carry11;
s11 -= carry11 * ((uint64_t) 1L << 21);
carry13 = (s13 + (int64_t) (1L << 20)) >> 21;
s14 += carry13;
s13 -= carry13 * ((uint64_t) 1L << 21);
carry15 = (s15 + (int64_t) (1L << 20)) >> 21;
s16 += carry15;
s15 -= carry15 * ((uint64_t) 1L << 21);
s5 += s17 * 666643;
s6 += s17 * 470296;
s7 += s17 * 654183;
s8 -= s17 * 997805;
s9 += s17 * 136657;
s10 -= s17 * 683901;
s4 += s16 * 666643;
s5 += s16 * 470296;
s6 += s16 * 654183;
s7 -= s16 * 997805;
s8 += s16 * 136657;
s9 -= s16 * 683901;
s3 += s15 * 666643;
s4 += s15 * 470296;
s5 += s15 * 654183;
s6 -= s15 * 997805;
s7 += s15 * 136657;
s8 -= s15 * 683901;
s2 += s14 * 666643;
s3 += s14 * 470296;
s4 += s14 * 654183;
s5 -= s14 * 997805;
s6 += s14 * 136657;
s7 -= s14 * 683901;
s1 += s13 * 666643;
s2 += s13 * 470296;
s3 += s13 * 654183;
s4 -= s13 * 997805;
s5 += s13 * 136657;
s6 -= s13 * 683901;
s0 += s12 * 666643;
s1 += s12 * 470296;
s2 += s12 * 654183;
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
s12 = 0;
carry0 = (s0 + (int64_t) (1L << 20)) >> 21;
s1 += carry0;
s0 -= carry0 * ((uint64_t) 1L << 21);
carry2 = (s2 + (int64_t) (1L << 20)) >> 21;
s3 += carry2;
s2 -= carry2 * ((uint64_t) 1L << 21);
carry4 = (s4 + (int64_t) (1L << 20)) >> 21;
s5 += carry4;
s4 -= carry4 * ((uint64_t) 1L << 21);
carry6 = (s6 + (int64_t) (1L << 20)) >> 21;
s7 += carry6;
s6 -= carry6 * ((uint64_t) 1L << 21);
carry8 = (s8 + (int64_t) (1L << 20)) >> 21;
s9 += carry8;
s8 -= carry8 * ((uint64_t) 1L << 21);
carry10 = (s10 + (int64_t) (1L << 20)) >> 21;
s11 += carry10;
s10 -= carry10 * ((uint64_t) 1L << 21);
carry1 = (s1 + (int64_t) (1L << 20)) >> 21;
s2 += carry1;
s1 -= carry1 * ((uint64_t) 1L << 21);
carry3 = (s3 + (int64_t) (1L << 20)) >> 21;
s4 += carry3;
s3 -= carry3 * ((uint64_t) 1L << 21);
carry5 = (s5 + (int64_t) (1L << 20)) >> 21;
s6 += carry5;
s5 -= carry5 * ((uint64_t) 1L << 21);
carry7 = (s7 + (int64_t) (1L << 20)) >> 21;
s8 += carry7;
s7 -= carry7 * ((uint64_t) 1L << 21);
carry9 = (s9 + (int64_t) (1L << 20)) >> 21;
s10 += carry9;
s9 -= carry9 * ((uint64_t) 1L << 21);
carry11 = (s11 + (int64_t) (1L << 20)) >> 21;
s12 += carry11;
s11 -= carry11 * ((uint64_t) 1L << 21);
s0 += s12 * 666643;
s1 += s12 * 470296;
s2 += s12 * 654183;
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
s12 = 0;
carry0 = s0 >> 21;
s1 += carry0;
s0 -= carry0 * ((uint64_t) 1L << 21);
carry1 = s1 >> 21;
s2 += carry1;
s1 -= carry1 * ((uint64_t) 1L << 21);
carry2 = s2 >> 21;
s3 += carry2;
s2 -= carry2 * ((uint64_t) 1L << 21);
carry3 = s3 >> 21;
s4 += carry3;
s3 -= carry3 * ((uint64_t) 1L << 21);
carry4 = s4 >> 21;
s5 += carry4;
s4 -= carry4 * ((uint64_t) 1L << 21);
carry5 = s5 >> 21;
s6 += carry5;
s5 -= carry5 * ((uint64_t) 1L << 21);
carry6 = s6 >> 21;
s7 += carry6;
s6 -= carry6 * ((uint64_t) 1L << 21);
carry7 = s7 >> 21;
s8 += carry7;
s7 -= carry7 * ((uint64_t) 1L << 21);
carry8 = s8 >> 21;
s9 += carry8;
s8 -= carry8 * ((uint64_t) 1L << 21);
carry9 = s9 >> 21;
s10 += carry9;
s9 -= carry9 * ((uint64_t) 1L << 21);
carry10 = s10 >> 21;
s11 += carry10;
s10 -= carry10 * ((uint64_t) 1L << 21);
carry11 = s11 >> 21;
s12 += carry11;
s11 -= carry11 * ((uint64_t) 1L << 21);
s0 += s12 * 666643;
s1 += s12 * 470296;
s2 += s12 * 654183;
s3 -= s12 * 997805;
s4 += s12 * 136657;
s5 -= s12 * 683901;
carry0 = s0 >> 21;
s1 += carry0;
s0 -= carry0 * ((uint64_t) 1L << 21);
carry1 = s1 >> 21;
s2 += carry1;
s1 -= carry1 * ((uint64_t) 1L << 21);
carry2 = s2 >> 21;
s3 += carry2;
s2 -= carry2 * ((uint64_t) 1L << 21);
carry3 = s3 >> 21;
s4 += carry3;
s3 -= carry3 * ((uint64_t) 1L << 21);
carry4 = s4 >> 21;
s5 += carry4;
s4 -= carry4 * ((uint64_t) 1L << 21);
carry5 = s5 >> 21;
s6 += carry5;
s5 -= carry5 * ((uint64_t) 1L << 21);
carry6 = s6 >> 21;
s7 += carry6;
s6 -= carry6 * ((uint64_t) 1L << 21);
carry7 = s7 >> 21;
s8 += carry7;
s7 -= carry7 * ((uint64_t) 1L << 21);
carry8 = s8 >> 21;
s9 += carry8;
s8 -= carry8 * ((uint64_t) 1L << 21);
carry9 = s9 >> 21;
s10 += carry9;
s9 -= carry9 * ((uint64_t) 1L << 21);
carry10 = s10 >> 21;
s11 += carry10;
s10 -= carry10 * ((uint64_t) 1L << 21);
s[0] = s0 >> 0;
s[1] = s0 >> 8;
s[2] = (s0 >> 16) | (s1 * ((uint64_t) 1 << 5));
s[3] = s1 >> 3;
s[4] = s1 >> 11;
s[5] = (s1 >> 19) | (s2 * ((uint64_t) 1 << 2));
s[6] = s2 >> 6;
s[7] = (s2 >> 14) | (s3 * ((uint64_t) 1 << 7));
s[8] = s3 >> 1;
s[9] = s3 >> 9;
s[10] = (s3 >> 17) | (s4 * ((uint64_t) 1 << 4));
s[11] = s4 >> 4;
s[12] = s4 >> 12;
s[13] = (s4 >> 20) | (s5 * ((uint64_t) 1 << 1));
s[14] = s5 >> 7;
s[15] = (s5 >> 15) | (s6 * ((uint64_t) 1 << 6));
s[16] = s6 >> 2;
s[17] = s6 >> 10;
s[18] = (s6 >> 18) | (s7 * ((uint64_t) 1 << 3));
s[19] = s7 >> 5;
s[20] = s7 >> 13;
s[21] = s8 >> 0;
s[22] = s8 >> 8;
s[23] = (s8 >> 16) | (s9 * ((uint64_t) 1 << 5));
s[24] = s9 >> 3;
s[25] = s9 >> 11;
s[26] = (s9 >> 19) | (s10 * ((uint64_t) 1 << 2));
s[27] = s10 >> 6;
s[28] = (s10 >> 14) | (s11 * ((uint64_t) 1 << 7));
s[29] = s11 >> 1;
s[30] = s11 >> 9;
s[31] = s11 >> 17;
}
/*
Input:
a[0]+256*a[1]+...+256^31*a[31] = a
@@ -1067,8 +1539,8 @@ ge25519_has_small_order(const unsigned char s[32])
*/
void
sc25519_muladd(unsigned char *s, const unsigned char *a,
const unsigned char *b, const unsigned char *c)
sc25519_muladd(unsigned char s[32], const unsigned char a[32],
const unsigned char b[32], const unsigned char c[32])
{
int64_t a0 = 2097151 & load_3(a);
int64_t a1 = 2097151 & (load_4(a + 2) >> 5);
@@ -1543,6 +2015,88 @@ sc25519_muladd(unsigned char *s, const unsigned char *a,
s[31] = s11 >> 17;
}
/*
Input:
a[0]+256*a[1]+...+256^31*a[31] = a
*
Output:
s[0]+256*s[1]+...+256^31*s[31] = a^2 mod l
where l = 2^252 + 27742317777372353535851937790883648493.
*/
static inline void
sc25519_sq(unsigned char *s, const unsigned char *a)
{
sc25519_mul(s, a, a);
}
/*
Input:
s[0]+256*a[1]+...+256^31*a[31] = a
n
*
Output:
s[0]+256*s[1]+...+256^31*s[31] = x * s^(s^n) mod l
where l = 2^252 + 27742317777372353535851937790883648493.
Overwrites s in place.
*/
static inline void
sc25519_sqmul(unsigned char s[32], const int n, const unsigned char a[32])
{
int i;
for (i = 0; i < n; i++) {
sc25519_sq(s, s);
}
sc25519_mul(s, s, a);
}
void
sc25519_invert(unsigned char recip[32], const unsigned char s[32])
{
unsigned char _10[32], _100[32], _11[32], _101[32], _111[32],
_1001[32], _1011[32], _1111[32];
sc25519_sq(_10, s);
sc25519_sq(_100, _10);
sc25519_mul(_11, _10, s);
sc25519_mul(_101, _10, _11);
sc25519_mul(_111, _10, _101);
sc25519_mul(_1001, _10, _111);
sc25519_mul(_1011, _10, _1001);
sc25519_mul(_1111, _100, _1011);
sc25519_mul(recip, _1111, s);
sc25519_sqmul(recip, 123 + 3, _101);
sc25519_sqmul(recip, 2 + 2, _11);
sc25519_sqmul(recip, 1 + 4, _1111);
sc25519_sqmul(recip, 1 + 4, _1111);
sc25519_sqmul(recip, 4, _1001);
sc25519_sqmul(recip, 2, _11);
sc25519_sqmul(recip, 1 + 4, _1111);
sc25519_sqmul(recip, 1 + 3, _101);
sc25519_sqmul(recip, 3 + 3, _101);
sc25519_sqmul(recip, 3, _111);
sc25519_sqmul(recip, 1 + 4, _1111);
sc25519_sqmul(recip, 2 + 3, _111);
sc25519_sqmul(recip, 2 + 2, _11);
sc25519_sqmul(recip, 1 + 4, _1011);
sc25519_sqmul(recip, 2 + 4, _1011);
sc25519_sqmul(recip, 6 + 4, _1001);
sc25519_sqmul(recip, 2 + 2, _11);
sc25519_sqmul(recip, 3 + 2, _11);
sc25519_sqmul(recip, 3 + 2, _11);
sc25519_sqmul(recip, 1 + 4, _1001);
sc25519_sqmul(recip, 1 + 3, _111);
sc25519_sqmul(recip, 2 + 4, _1111);
sc25519_sqmul(recip, 1 + 4, _1011);
sc25519_sqmul(recip, 3, _101);
sc25519_sqmul(recip, 2 + 4, _1111);
sc25519_sqmul(recip, 3, _101);
sc25519_sqmul(recip, 1 + 2, _11);
}
/*
Input:
s[0]+256*s[1]+...+256^63*s[63] = s
@@ -1554,7 +2108,7 @@ sc25519_muladd(unsigned char *s, const unsigned char *a,
*/
void
sc25519_reduce(unsigned char *s)
sc25519_reduce(unsigned char s[64])
{
int64_t s0 = 2097151 & load_3(s);
int64_t s1 = 2097151 & (load_4(s + 2) >> 5);
@@ -1878,7 +2432,7 @@ sc25519_reduce(unsigned char *s)
}
int
sc25519_is_canonical(const unsigned char *s)
sc25519_is_canonical(const unsigned char s[32])
{
/* 2^252+27742317777372353535851937790883648493 */
static const unsigned char L[32] = {

9
src/libsodium/crypto_generichash/blake2b/ref/blake2.h
View File

@@ -65,7 +65,14 @@ typedef struct blake2b_param_ {
uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */
} blake2b_param;
typedef crypto_generichash_blake2b_state blake2b_state;
typedef struct blake2b_state {
uint64_t h[8];
uint64_t t[2];
uint64_t f[2];
uint8_t buf[2 * 128];
size_t buflen;
uint8_t last_node;
} blake2b_state;
#if defined(__IBMC__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC)
#pragma pack()

18
src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-avx2.h
View File

@@ -2,18 +2,20 @@
#ifndef blake2b_compress_avx2_H
#define blake2b_compress_avx2_H
#define LOAD128(p) _mm_load_si128((__m128i *) (p))
#define STORE128(p, r) _mm_store_si128((__m128i *) (p), r)
#define LOADU128(p) _mm_loadu_si128((__m128i *) (p))
#define LOADU128(p) _mm_loadu_si128((const __m128i *) (p))
#define STOREU128(p, r) _mm_storeu_si128((__m128i *) (p), r)
#define LOAD(p) _mm256_load_si256((__m256i *) (p))
#define STORE(p, r) _mm256_store_si256((__m256i *) (p), r)
#define LOADU(p) _mm256_loadu_si256((__m256i *) (p))
#define LOADU(p) _mm256_loadu_si256((const __m256i *) (p))
#define STOREU(p, r) _mm256_storeu_si256((__m256i *) (p), r)
#if defined(__INTEL_COMPILER) || defined(_MSC_VER) || defined(__GNUC__)
# define LOAD(p) _mm256_load_si256((const __m256i *) (p))
# define STORE(p, r) _mm256_store_si256((__m256i *) (p), r)
#else
# define LOAD(p) LOADU(p)
# define STORE(p, r) STOREU(p, r)
#endif
static inline uint64_t
LOADU64(const void *p)
{

8
src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ref.c
View File

@@ -34,12 +34,12 @@ blake2b_compress_ref(blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES])
uint64_t v[16];
int i;
for (i = 0; i < 16; ++i)
for (i = 0; i < 16; ++i) {
m[i] = LOAD64_LE(block + i * sizeof(m[i]));
for (i = 0; i < 8; ++i)
}
for (i = 0; i < 8; ++i) {
v[i] = S->h[i];
}
v[8] = blake2b_IV[0];
v[9] = blake2b_IV[1];
v[10] = blake2b_IV[2];

32
src/libsodium/crypto_generichash/blake2b/ref/blake2b-compress-ssse3.c
View File

@@ -39,22 +39,22 @@ blake2b_compress_ssse3(blake2b_state *S,
_mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9);
const __m128i r24 =
_mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10);
const uint64_t m0 = ((uint64_t *) block)[0];
const uint64_t m1 = ((uint64_t *) block)[1];
const uint64_t m2 = ((uint64_t *) block)[2];
const uint64_t m3 = ((uint64_t *) block)[3];
const uint64_t m4 = ((uint64_t *) block)[4];
const uint64_t m5 = ((uint64_t *) block)[5];
const uint64_t m6 = ((uint64_t *) block)[6];
const uint64_t m7 = ((uint64_t *) block)[7];
const uint64_t m8 = ((uint64_t *) block)[8];
const uint64_t m9 = ((uint64_t *) block)[9];
const uint64_t m10 = ((uint64_t *) block)[10];
const uint64_t m11 = ((uint64_t *) block)[11];
const uint64_t m12 = ((uint64_t *) block)[12];
const uint64_t m13 = ((uint64_t *) block)[13];
const uint64_t m14 = ((uint64_t *) block)[14];
const uint64_t m15 = ((uint64_t *) block)[15];
const uint64_t m0 = ((const uint64_t *) block)[0];
const uint64_t m1 = ((const uint64_t *) block)[1];
const uint64_t m2 = ((const uint64_t *) block)[2];
const uint64_t m3 = ((const uint64_t *) block)[3];
const uint64_t m4 = ((const uint64_t *) block)[4];
const uint64_t m5 = ((const uint64_t *) block)[5];
const uint64_t m6 = ((const uint64_t *) block)[6];
const uint64_t m7 = ((const uint64_t *) block)[7];
const uint64_t m8 = ((const uint64_t *) block)[8];
const uint64_t m9 = ((const uint64_t *) block)[9];
const uint64_t m10 = ((const uint64_t *) block)[10];
const uint64_t m11 = ((const uint64_t *) block)[11];
const uint64_t m12 = ((const uint64_t *) block)[12];
const uint64_t m13 = ((const uint64_t *) block)[13];
const uint64_t m14 = ((const uint64_t *) block)[14];
const uint64_t m15 = ((const uint64_t *) block)[15];
row1l = LOADU(&S->h[0]);
row1h = LOADU(&S->h[2]);

20
src/libsodium/crypto_generichash/blake2b/ref/blake2b-ref.c
View File

@@ -51,9 +51,9 @@ blake2b_is_lastblock(const blake2b_state *S)
static inline int
blake2b_set_lastblock(blake2b_state *S)
{
if (S->last_node)
if (S->last_node) {
blake2b_set_lastnode(S);
}
S->f[0] = -1;
return 0;
}
@@ -97,7 +97,9 @@ blake2b_init0(blake2b_state *S)
for (i = 0; i < 8; i++) {
S->h[i] = blake2b_IV[i];
}
memset(S->t, 0, offsetof(blake2b_state, last_node) + sizeof(S->last_node)
/* zero everything between .t and .last_node */
memset((void *) &S->t, 0,
offsetof(blake2b_state, last_node) + sizeof(S->last_node)
- offsetof(blake2b_state, t));
return 0;
}
@@ -183,7 +185,7 @@ blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key,
sodium_misuse();
}
if (!key || !keylen || keylen > BLAKE2B_KEYBYTES) {
sodium_misuse();
sodium_misuse(); /* does not return */
}
P->digest_length = outlen;
P->key_length = keylen;
@@ -203,7 +205,7 @@ blake2b_init_key(blake2b_state *S, const uint8_t outlen, const void *key,
{
uint8_t block[BLAKE2B_BLOCKBYTES];
memset(block, 0, BLAKE2B_BLOCKBYTES);
memcpy(block, key, keylen); /* keylen cannot be 0 */
memcpy(block, key, keylen); /* key and keylen cannot be 0 */
blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */
}
@@ -221,7 +223,7 @@ blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen,
sodium_misuse();
}
if (!key || !keylen || keylen > BLAKE2B_KEYBYTES) {
sodium_misuse();
sodium_misuse(); /* does not return */
}
P->digest_length = outlen;
P->key_length = keylen;
@@ -249,7 +251,7 @@ blake2b_init_key_salt_personal(blake2b_state *S, const uint8_t outlen,
{
uint8_t block[BLAKE2B_BLOCKBYTES];
memset(block, 0, BLAKE2B_BLOCKBYTES);
memcpy(block, key, keylen); /* keylen cannot be 0 */
memcpy(block, key, keylen); /* key and keylen cannot be 0 */
blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
sodium_memzero(block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */
}
@@ -333,7 +335,7 @@ int
blake2b(uint8_t *out, const void *in, const void *key, const uint8_t outlen,
const uint64_t inlen, uint8_t keylen)
{
blake2b_state S[1];
CRYPTO_ALIGN(64) blake2b_state S[1];
/* Verify parameters */
if (NULL == in && inlen > 0) {
@@ -371,7 +373,7 @@ blake2b_salt_personal(uint8_t *out, const void *in, const void *key,
const uint8_t outlen, const uint64_t inlen,
uint8_t keylen, const void *salt, const void *personal)
{
blake2b_state S[1];
CRYPTO_ALIGN(64) blake2b_state S[1];
/* Verify parameters */
if (NULL == in && inlen > 0) {

19
src/libsodium/crypto_generichash/blake2b/ref/generichash_blake2b.c
View File

@@ -5,6 +5,7 @@
#include "blake2.h"
#include "crypto_generichash_blake2b.h"
#include "private/common.h"
#include "private/implementations.h"
int
@@ -52,11 +53,12 @@ crypto_generichash_blake2b_init(crypto_generichash_blake2b_state *state,
}
assert(outlen <= UINT8_MAX);
assert(keylen <= UINT8_MAX);
COMPILER_ASSERT(sizeof(blake2b_state) <= sizeof *state);
if (key == NULL || keylen <= 0U) {
if (blake2b_init(state, (uint8_t) outlen) != 0) {
if (blake2b_init((blake2b_state *) (void *) state, (uint8_t) outlen) != 0) {
return -1; /* LCOV_EXCL_LINE */
}
} else if (blake2b_init_key(state, (uint8_t) outlen, key,
} else if (blake2b_init_key((blake2b_state *) (void *) state, (uint8_t) outlen, key,
(uint8_t) keylen) != 0) {
return -1; /* LCOV_EXCL_LINE */
}
@@ -76,11 +78,12 @@ crypto_generichash_blake2b_init_salt_personal(
assert(outlen <= UINT8_MAX);
assert(keylen <= UINT8_MAX);
if (key == NULL || keylen <= 0U) {
if (blake2b_init_salt_personal(state, (uint8_t) outlen, salt,
personal) != 0) {
if (blake2b_init_salt_personal((blake2b_state *) (void *) state,
(uint8_t) outlen, salt, personal) != 0) {
return -1; /* LCOV_EXCL_LINE */
}
} else if (blake2b_init_key_salt_personal(state, (uint8_t) outlen, key,
} else if (blake2b_init_key_salt_personal((blake2b_state *) (void *) state,
(uint8_t) outlen, key,
(uint8_t) keylen, salt,
personal) != 0) {
return -1; /* LCOV_EXCL_LINE */
@@ -93,7 +96,8 @@ crypto_generichash_blake2b_update(crypto_generichash_blake2b_state *state,
const unsigned char *in,
unsigned long long inlen)
{
return blake2b_update(state, (const uint8_t *) in, (uint64_t) inlen);
return blake2b_update((blake2b_state *) (void *) state,
(const uint8_t *) in, (uint64_t) inlen);
}
int
@@ -101,7 +105,8 @@ crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state,
unsigned char *out, const size_t outlen)
{
assert(outlen <= UINT8_MAX);
return blake2b_final(state, (uint8_t *) out, (uint8_t) outlen);
return blake2b_final((blake2b_state *) (void *) state,
(uint8_t *) out, (uint8_t) outlen);
}
int

4
src/libsodium/crypto_kx/crypto_kx.c
View File

@@ -63,8 +63,8 @@ crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
crypto_generichash_final(&h, keys, sizeof keys);
sodium_memzero(&h, sizeof h);
for (i = 0; i < crypto_kx_SESSIONKEYBYTES; i++) {
rx[i] = keys[i];
tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES];
rx[i] = keys[i]; /* rx cannot be NULL */
tx[i] = keys[i + crypto_kx_SESSIONKEYBYTES]; /* tx cannot be NULL */
}
sodium_memzero(keys, sizeof keys);

2
src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h
View File

@@ -5,7 +5,7 @@
#if defined(_MSC_VER)
# define POLY1305_NOINLINE __declspec(noinline)
#elif defined(__GNUC__)
#elif defined(__clang__) || defined(__GNUC__)
# define POLY1305_NOINLINE __attribute__((noinline))
#else
# define POLY1305_NOINLINE

2
src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h
View File

@@ -13,7 +13,7 @@
#if defined(_MSC_VER)
# define POLY1305_NOINLINE __declspec(noinline)
#elif defined(__GNUC__)
#elif defined(__clang__) || defined(__GNUC__)
# define POLY1305_NOINLINE __attribute__((noinline))
#else
# define POLY1305_NOINLINE

2
src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c
View File

@@ -21,7 +21,7 @@ typedef __m128i xmmi;
# if defined(_MSC_VER)
# define POLY1305_NOINLINE __declspec(noinline)
# elif defined(__GNUC__)
# elif defined(__clang__) || defined(__GNUC__)
# define POLY1305_NOINLINE __attribute__((noinline))
# else
# define POLY1305_NOINLINE

15
src/libsodium/crypto_pwhash/argon2/argon2-core.c
View File

@@ -67,7 +67,7 @@ store_block(void *output, const block *src)
* @param m_cost number of blocks to allocate in the memory
* @return ARGON2_OK if @memory is a valid pointer and memory is allocated
*/
static int allocate_memory(block_region **memory, uint32_t m_cost);
static int allocate_memory(block_region **region, uint32_t m_cost);
static int
allocate_memory(block_region **region, uint32_t m_cost)
@@ -80,14 +80,11 @@ allocate_memory(block_region **region, uint32_t m_cost)
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
}
memory_size = sizeof(block) * m_cost;
if (m_cost == 0 ||
memory_size / m_cost !=
sizeof(block)) { /*1. Check for multiplication overflow*/
if (m_cost == 0 || memory_size / m_cost != sizeof(block)) {
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
}
*region = (block_region *) malloc(
sizeof(block_region)); /*2. Try to allocate region*/
if (!*region) {
*region = (block_region *) malloc(sizeof(block_region));
if (*region == NULL) {
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
}
(*region)->base = (*region)->memory = NULL;
@@ -116,6 +113,8 @@ allocate_memory(block_region **region, uint32_t m_cost)
}
#endif
if (base == NULL) {
free(*region);
*region = NULL;
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
}
(*region)->base = base;
@@ -153,7 +152,7 @@ clear_memory(argon2_instance_t *instance, int clear)
/* Deallocates memory
* @param memory pointer to the blocks
*/
static void free_memory(block_region *memory);
static void free_memory(block_region *region);
static void
free_memory(block_region *region)

1
src/libsodium/crypto_pwhash/crypto_pwhash.c
View File

@@ -168,6 +168,7 @@ crypto_pwhash_str_alg(char out[crypto_pwhash_STRBYTES],
}
sodium_misuse();
/* NOTREACHED */
return -1;
}
int

4
src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c
View File

@@ -158,11 +158,11 @@ escrypt_r(escrypt_local_t *local, const uint8_t *passwd, size_t passwdlen,
prefixlen = src - setting;
salt = src;
src = (uint8_t *) strrchr((char *) salt, '$');
src = (const uint8_t *) strrchr((const char *) salt, '$');
if (src) {
saltlen = src - salt;
} else {
saltlen = strlen((char *) salt);
saltlen = strlen((const char *) salt);
}
need = prefixlen + saltlen + 1 +
crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED + 1;

14
src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c
View File

@@ -163,8 +163,9 @@ salsa20_8(uint32_t B[16])
x[15] ^= R(x[14] + x[13], 18);
#undef R
}
for (i = 0; i < 16; i++)
for (i = 0; i < 16; i++) {
B[i] += x[i];
}
}
/**
@@ -180,20 +181,23 @@ blockmix_salsa8(const uint32_t *Bin, uint32_t *Bout, uint32_t *X, size_t r)
/* 1: X <-- B_{2r - 1} */
blkcpy_64((escrypt_block_t *) X,
(escrypt_block_t *) &Bin[(2 * r - 1) * 16]);
(const escrypt_block_t *) &Bin[(2 * r - 1) * 16]);
/* 2: for i = 0 to 2r - 1 do */
for (i = 0; i < 2 * r; i += 2) {
/* 3: X <-- H(X \xor B_i) */
blkxor_64((escrypt_block_t *) X, (escrypt_block_t *) &Bin[i * 16]);
blkxor_64((escrypt_block_t *) X,
(const escrypt_block_t *) &Bin[i * 16]);
salsa20_8(X);
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
blkcpy_64((escrypt_block_t *) &Bout[i * 8], (escrypt_block_t *) X);
blkcpy_64((escrypt_block_t *) &Bout[i * 8],
(const escrypt_block_t *) X);
/* 3: X <-- H(X \xor B_i) */
blkxor_64((escrypt_block_t *) X, (escrypt_block_t *) &Bin[i * 16 + 16]);
blkxor_64((escrypt_block_t *) X,
(const escrypt_block_t *) &Bin[i * 16 + 16]);
salsa20_8(X);
/* 4: Y_i <-- X */

19
src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c
View File

@@ -52,6 +52,17 @@ pickparams(unsigned long long opslimit, const size_t memlimit,
return 0;
}
static size_t
sodium_strnlen(const char *str, size_t maxlen)
{
size_t i = 0U;
while (i < maxlen && str[i] != 0) {
i++;
}
return i;
}
size_t
crypto_pwhash_scryptsalsa208sha256_bytes_min(void)
{
@@ -234,8 +245,8 @@ crypto_pwhash_scryptsalsa208sha256_str_verify(
escrypt_local_t escrypt_local;
int ret = -1;
if (memchr(str, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES) !=
&str[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U]) {
if (sodium_strnlen(str, crypto_pwhash_scryptsalsa208sha256_STRBYTES) !=
crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U) {
return -1;
}
if (escrypt_init_local(&escrypt_local) != 0) {
@@ -268,8 +279,8 @@ crypto_pwhash_scryptsalsa208sha256_str_needs_rehash(
errno = EINVAL;
return -1;
}
if (memchr(str, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES) !=
&str[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U]) {
if (sodium_strnlen(str, crypto_pwhash_scryptsalsa208sha256_STRBYTES) !=
crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U) {
errno = EINVAL;
return -1;
}

4
src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c
View File

@@ -55,9 +55,9 @@ alloc_region(escrypt_region_t *region, size_t size)
aligned = base;
#else
base = aligned = NULL;
if (size + 63 < size)
if (size + 63 < size) {
errno = ENOMEM;
else if ((base = (uint8_t *) malloc(size + 63)) != NULL) {
} else if ((base = (uint8_t *) malloc(size + 63)) != NULL) {
aligned = base + 63;
aligned -= (uintptr_t) aligned & 63;
}

51
src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c
View File

@@ -18,29 +18,50 @@ has_small_order(const unsigned char s[32])
{
CRYPTO_ALIGN(16)
static const unsigned char blacklist[][32] = {
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 },
{ 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 },
{ 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
{ 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
{ 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
{ 0xcd, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x80 },
{ 0x4c, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0xd7 },
{ 0xd9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
{ 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
{ 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }
/* 0 (order 4) */
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
/* 1 (order 1) */
{ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
/* 325606250916557431795983626356110631294008115727848805560023387167927233504
(order 8) */
{ 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3,
0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32,
0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 },
/* 39382357235489614581723060781553021112529911719440698176882885853963445705823
(order 8) */
{ 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1,
0x55, 0x9c, 0x83, 0xef, 0x5b, 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c,
0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 },
/* p-1 (order 2) */
{ 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
/* p (=0, order 4) */
{ 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
/* p+1 (=1, order 1) */
{ 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }
};
unsigned char c[12] = { 0 };
unsigned char c[7] = { 0 };
unsigned int k;
size_t i, j;
COMPILER_ASSERT(12 == sizeof blacklist / sizeof blacklist[0]);
for (j = 0; j < 32; j++) {
COMPILER_ASSERT(7 == sizeof blacklist / sizeof blacklist[0]);
for (j = 0; j < 31; j++) {
for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) {
c[i] |= s[j] ^ blacklist[i][j];
}
}
for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) {
c[i] |= (s[j] & 0x7f) ^ blacklist[i][j];
}
k = 0;
for (i = 0; i < sizeof blacklist / sizeof blacklist[0]; i++) {
k |= (c[i] - 1);

66
src/libsodium/crypto_scalarmult/ed25519/ref10/scalarmult_ed25519_ref10.c
View File

@@ -28,9 +28,9 @@ _crypto_scalarmult_ed25519_clamp(unsigned char k[32])
k[31] |= 64;
}
int
crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
const unsigned char *p)
static int
_crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
const unsigned char *p, const int clamp)
{
unsigned char *t = q;
ge25519_p3 Q;
@@ -44,7 +44,9 @@ crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
for (i = 0; i < 32; ++i) {
t[i] = n[i];
}
_crypto_scalarmult_ed25519_clamp(t);
if (clamp != 0) {
_crypto_scalarmult_ed25519_clamp(t);
}
ge25519_scalarmult(&Q, t, &P);
ge25519_p3_tobytes(q, &Q);
if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) {
@@ -53,24 +55,54 @@ crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
return 0;
}
int
crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n,
const unsigned char *p)
{
return _crypto_scalarmult_ed25519(q, n, p, 1);
}
int
crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n,
const unsigned char *p)
{
return _crypto_scalarmult_ed25519(q, n, p, 0);
}
static int
_crypto_scalarmult_ed25519_base(unsigned char *q,
const unsigned char *n, const int clamp)
{
unsigned char *t = q;
ge25519_p3 Q;
unsigned int i;
for (i = 0; i < 32; ++i) {
t[i] = n[i];
}
if (clamp != 0) {
_crypto_scalarmult_ed25519_clamp(t);
}
ge25519_scalarmult_base(&Q, t);
ge25519_p3_tobytes(q, &Q);
if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) {
return -1;
}
return 0;
}
int
crypto_scalarmult_ed25519_base(unsigned char *q,
const unsigned char *n)
{
unsigned char *t = q;
ge25519_p3 Q;
unsigned int i;
return _crypto_scalarmult_ed25519_base(q, n, 1);
}
for (i = 0; i < 32; ++i) {
t[i] = n[i];
}
_crypto_scalarmult_ed25519_clamp(t);
ge25519_scalarmult_base(&Q, t);
ge25519_p3_tobytes(q, &Q);
if (sodium_is_zero(n, 32) != 0) {
return -1;
}
return 0;
int
crypto_scalarmult_ed25519_base_noclamp(unsigned char *q,
const unsigned char *n)
{
return _crypto_scalarmult_ed25519_base(q, n, 0);
}
size_t

2
src/libsodium/crypto_secretstream/xchacha20poly1305/secretstream_xchacha20poly1305.c
View File

@@ -123,6 +123,8 @@ crypto_secretstream_xchacha20poly1305_push
if (outlen_p != NULL) {
*outlen_p = 0U;
}
COMPILER_ASSERT(crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX
<= crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX);
if (mlen > crypto_secretstream_xchacha20poly1305_MESSAGEBYTES_MAX) {
sodium_misuse();
}

6
src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash24_ref.c
View File

@@ -33,16 +33,22 @@ crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in,
switch (left) {
case 7:
b |= ((uint64_t) in[6]) << 48;
/* FALLTHRU */
case 6:
b |= ((uint64_t) in[5]) << 40;
/* FALLTHRU */
case 5:
b |= ((uint64_t) in[4]) << 32;
/* FALLTHRU */
case 4:
b |= ((uint64_t) in[3]) << 24;
/* FALLTHRU */
case 3:
b |= ((uint64_t) in[2]) << 16;
/* FALLTHRU */
case 2:
b |= ((uint64_t) in[1]) << 8;
/* FALLTHRU */
case 1:
b |= ((uint64_t) in[0]);
break;

6
src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c
View File

@@ -32,16 +32,22 @@ crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in,
switch (left) {
case 7:
b |= ((uint64_t) in[6]) << 48;
/* FALLTHRU */
case 6:
b |= ((uint64_t) in[5]) << 40;
/* FALLTHRU */
case 5:
b |= ((uint64_t) in[4]) << 32;
/* FALLTHRU */
case 4:
b |= ((uint64_t) in[3]) << 24;
/* FALLTHRU */
case 3:
b |= ((uint64_t) in[2]) << 16;
/* FALLTHRU */
case 2:
b |= ((uint64_t) in[1]) << 8;
/* FALLTHRU */
case 1:
b |= ((uint64_t) in[0]);
break;

2
src/libsodium/crypto_sign/crypto_sign.c
View File

@@ -108,7 +108,7 @@ crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig,
}
int
crypto_sign_final_verify(crypto_sign_state *state, unsigned char *sig,
crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig,
const unsigned char *pk)
{
return crypto_sign_ed25519ph_final_verify(state, sig, pk);

10
src/libsodium/crypto_sign/ed25519/ref10/keypair.c
View File

@@ -15,11 +15,7 @@ crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
{
ge25519_p3 A;
#ifdef ED25519_NONDETERMINISTIC
memmove(sk, seed, 32);
#else
crypto_hash_sha512(sk, seed, 32);
#endif
sk[0] &= 248;
sk[31] &= 127;
sk[31] |= 64;
@@ -61,9 +57,9 @@ crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk,
}
fe25519_1(one_minus_y);
fe25519_sub(one_minus_y, one_minus_y, A.Y);
fe25519_invert(one_minus_y, one_minus_y);
fe25519_1(x);
fe25519_add(x, x, A.Y);
fe25519_invert(one_minus_y, one_minus_y);
fe25519_mul(x, x, one_minus_y);
fe25519_tobytes(curve25519_pk, x);
@@ -76,11 +72,7 @@ crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk,
{
unsigned char h[crypto_hash_sha512_BYTES];
#ifdef ED25519_NONDETERMINISTIC
memcpy(h, ed25519_sk, 32);
#else
crypto_hash_sha512(h, ed25519_sk, 32);
#endif
h[0] &= 248;
h[31] &= 127;
h[31] |= 64;

25
src/libsodium/crypto_sign/ed25519/ref10/open.c
View File

@@ -23,21 +23,21 @@ _crypto_sign_ed25519_verify_detached(const unsigned char *sig,
ge25519_p3 A;
ge25519_p2 R;
#ifndef ED25519_COMPAT
#ifdef ED25519_COMPAT
if (sig[63] & 224) {
return -1;
}
#else
if (sc25519_is_canonical(sig + 32) == 0 ||
ge25519_has_small_order(sig) != 0) {
return -1;
}
if (ge25519_is_canonical(pk) == 0) {
return -1;
}
#else
if (sig[63] & 224) {
if (ge25519_is_canonical(pk) == 0 ||
ge25519_has_small_order(pk) != 0) {
return -1;
}
#endif
if (ge25519_has_small_order(pk) != 0 ||
ge25519_frombytes_negate_vartime(&A, pk) != 0) {
if (ge25519_frombytes_negate_vartime(&A, pk) != 0) {
return -1;
}
_crypto_sign_ed25519_ref10_hinit(&hs, prehashed);
@@ -75,14 +75,17 @@ crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p,
}
mlen = smlen - 64;
if (crypto_sign_ed25519_verify_detached(sm, sm + 64, mlen, pk) != 0) {
memset(m, 0, mlen);
if (m != NULL) {
memset(m, 0, mlen);
}
goto badsig;
}
if (mlen_p != NULL) {
*mlen_p = mlen;
}
memmove(m, sm + 64, mlen);
if (m != NULL) {
memmove(m, sm + 64, mlen);
}
return 0;
badsig:

3
src/libsodium/crypto_sign/ed25519/ref10/sign.c
View File

@@ -74,11 +74,10 @@ _crypto_sign_ed25519_detached(unsigned char *sig, unsigned long long *siglen_p,
_crypto_sign_ed25519_ref10_hinit(&hs, prehashed);
crypto_hash_sha512(az, sk, 32);
#ifdef ED25519_NONDETERMINISTIC
memcpy(az, sk, 32);
_crypto_sign_ed25519_synthetic_r_hv(&hs, nonce, az);
#else
crypto_hash_sha512(az, sk, 32);
crypto_hash_sha512_update(&hs, az + 32, 32);
#endif

2
src/libsodium/crypto_sign/ed25519/sign_ed25519.c
View File

@@ -86,7 +86,7 @@ crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state,
int
crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state,
unsigned char *sig,
const unsigned char *sig,
const unsigned char *pk)
{
unsigned char ph[crypto_hash_sha512_BYTES];

17
src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-avx2.c
View File

@@ -77,9 +77,6 @@ chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c,
if (!bytes) {
return; /* LCOV_EXCL_LINE */
}
if (bytes > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
# include "u8.h"
# include "u4.h"
# include "u1.h"
@@ -106,8 +103,8 @@ stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n,
}
static int
stream_ietf_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
stream_ietf_ext_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
struct chacha_ctx ctx;
@@ -150,9 +147,9 @@ stream_ref_xor_ic(unsigned char *c, const unsigned char *m,
}
static int
stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
{
struct chacha_ctx ctx;
uint8_t ic_bytes[4];
@@ -172,9 +169,9 @@ stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
struct crypto_stream_chacha20_implementation
crypto_stream_chacha20_dolbeau_avx2_implementation = {
SODIUM_C99(.stream =) stream_ref,
SODIUM_C99(.stream_ietf =) stream_ietf_ref,
SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref,
SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic,
SODIUM_C99(.stream_ietf_xor_ic =) stream_ietf_ref_xor_ic
SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic
};
#endif

17
src/libsodium/crypto_stream/chacha20/dolbeau/chacha20_dolbeau-ssse3.c
View File

@@ -72,9 +72,6 @@ chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c,
if (!bytes) {
return; /* LCOV_EXCL_LINE */
}
if (bytes > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
# include "u4.h"
# include "u1.h"
# include "u0.h"
@@ -100,8 +97,8 @@ stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n,
}
static int
stream_ietf_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
stream_ietf_ext_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
struct chacha_ctx ctx;
@@ -144,9 +141,9 @@ stream_ref_xor_ic(unsigned char *c, const unsigned char *m,
}
static int
stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
{
struct chacha_ctx ctx;
uint8_t ic_bytes[4];
@@ -166,9 +163,9 @@ stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
struct crypto_stream_chacha20_implementation
crypto_stream_chacha20_dolbeau_ssse3_implementation = {
SODIUM_C99(.stream =) stream_ref,
SODIUM_C99(.stream_ietf =) stream_ietf_ref,
SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref,
SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic,
SODIUM_C99(.stream_ietf_xor_ic =) stream_ietf_ref_xor_ic
SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic
};
#endif

16
src/libsodium/crypto_stream/chacha20/dolbeau/u0.h
View File

@@ -9,10 +9,10 @@ if (bytes > 0) {
unsigned int i;
x_0 = _mm_loadu_si128((__m128i*) (x + 0));
x_1 = _mm_loadu_si128((__m128i*) (x + 4));
x_2 = _mm_loadu_si128((__m128i*) (x + 8));
x_3 = _mm_loadu_si128((__m128i*) (x + 12));
x_0 = _mm_loadu_si128((const __m128i*) (x + 0));
x_1 = _mm_loadu_si128((const __m128i*) (x + 4));
x_2 = _mm_loadu_si128((const __m128i*) (x + 8));
x_3 = _mm_loadu_si128((const __m128i*) (x + 12));
for (i = 0; i < ROUNDS; i += 2) {
x_0 = _mm_add_epi32(x_0, x_1);
@@ -69,10 +69,10 @@ if (bytes > 0) {
t_1 = _mm_srli_epi32(t_1, 25);
x_1 = _mm_xor_si128(x_1, t_1);
}
x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((__m128i*) (x + 0)));
x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((__m128i*) (x + 4)));
x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((__m128i*) (x + 8)));
x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((__m128i*) (x + 12)));
x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((const __m128i*) (x + 0)));
x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((const __m128i*) (x + 4)));
x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((const __m128i*) (x + 8)));
x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((const __m128i*) (x + 12)));
_mm_storeu_si128((__m128i*) (partialblock + 0), x_0);
_mm_storeu_si128((__m128i*) (partialblock + 16), x_1);
_mm_storeu_si128((__m128i*) (partialblock + 32), x_2);

24
src/libsodium/crypto_stream/chacha20/dolbeau/u1.h
View File

@@ -10,10 +10,10 @@ while (bytes >= 64) {
uint32_t in13;
int i;
x_0 = _mm_loadu_si128((__m128i*) (x + 0));
x_1 = _mm_loadu_si128((__m128i*) (x + 4));
x_2 = _mm_loadu_si128((__m128i*) (x + 8));
x_3 = _mm_loadu_si128((__m128i*) (x + 12));
x_0 = _mm_loadu_si128((const __m128i*) (x + 0));
x_1 = _mm_loadu_si128((const __m128i*) (x + 4));
x_2 = _mm_loadu_si128((const __m128i*) (x + 8));
x_3 = _mm_loadu_si128((const __m128i*) (x + 12));
for (i = 0; i < ROUNDS; i += 2) {
x_0 = _mm_add_epi32(x_0, x_1);
@@ -70,14 +70,14 @@ while (bytes >= 64) {
t_1 = _mm_srli_epi32(t_1, 25);
x_1 = _mm_xor_si128(x_1, t_1);
}
x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((__m128i*) (x + 0)));
x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((__m128i*) (x + 4)));
x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((__m128i*) (x + 8)));
x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((__m128i*) (x + 12)));
x_0 = _mm_xor_si128(x_0, _mm_loadu_si128((__m128i*) (m + 0)));
x_1 = _mm_xor_si128(x_1, _mm_loadu_si128((__m128i*) (m + 16)));
x_2 = _mm_xor_si128(x_2, _mm_loadu_si128((__m128i*) (m + 32)));
x_3 = _mm_xor_si128(x_3, _mm_loadu_si128((__m128i*) (m + 48)));
x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((const __m128i*) (x + 0)));
x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((const __m128i*) (x + 4)));
x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((const __m128i*) (x + 8)));
x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((const __m128i*) (x + 12)));
x_0 = _mm_xor_si128(x_0, _mm_loadu_si128((const __m128i*) (m + 0)));
x_1 = _mm_xor_si128(x_1, _mm_loadu_si128((const __m128i*) (m + 16)));
x_2 = _mm_xor_si128(x_2, _mm_loadu_si128((const __m128i*) (m + 32)));
x_3 = _mm_xor_si128(x_3, _mm_loadu_si128((const __m128i*) (m + 48)));
_mm_storeu_si128((__m128i*) (c + 0), x_0);
_mm_storeu_si128((__m128i*) (c + 16), x_1);
_mm_storeu_si128((__m128i*) (c + 32), x_2);

52
src/libsodium/crypto_stream/chacha20/dolbeau/u4.h
View File

@@ -120,31 +120,33 @@ if (bytes >= 256) {
VEC4_QUARTERROUND(3, 4, 9, 14);
}
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
\
x_##A = _mm_add_epi32(x_##A, orig##A); \
x_##B = _mm_add_epi32(x_##B, orig##B); \
x_##C = _mm_add_epi32(x_##C, orig##C); \
x_##D = _mm_add_epi32(x_##D, orig##D); \
t_##A = _mm_unpacklo_epi32(x_##A, x_##B); \
t_##B = _mm_unpacklo_epi32(x_##C, x_##D); \
t_##C = _mm_unpackhi_epi32(x_##A, x_##B); \
t_##D = _mm_unpackhi_epi32(x_##C, x_##D); \
x_##A = _mm_unpacklo_epi64(t_##A, t_##B); \
x_##B = _mm_unpackhi_epi64(t_##A, t_##B); \
x_##C = _mm_unpacklo_epi64(t_##C, t_##D); \
x_##D = _mm_unpackhi_epi64(t_##C, t_##D); \
\
t0 = _mm_xor_si128(x_##A, _mm_loadu_si128((__m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(x_##B, _mm_loadu_si128((__m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = _mm_xor_si128(x_##C, _mm_loadu_si128((__m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = _mm_xor_si128(x_##D, _mm_loadu_si128((__m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
\
x_##A = _mm_add_epi32(x_##A, orig##A); \
x_##B = _mm_add_epi32(x_##B, orig##B); \
x_##C = _mm_add_epi32(x_##C, orig##C); \
x_##D = _mm_add_epi32(x_##D, orig##D); \
t_##A = _mm_unpacklo_epi32(x_##A, x_##B); \
t_##B = _mm_unpacklo_epi32(x_##C, x_##D); \
t_##C = _mm_unpackhi_epi32(x_##A, x_##B); \
t_##D = _mm_unpackhi_epi32(x_##C, x_##D); \
x_##A = _mm_unpacklo_epi64(t_##A, t_##B); \
x_##B = _mm_unpackhi_epi64(t_##A, t_##B); \
x_##C = _mm_unpacklo_epi64(t_##C, t_##D); \
x_##D = _mm_unpackhi_epi64(t_##C, t_##D); \
\
t0 = _mm_xor_si128(x_##A, _mm_loadu_si128((const __m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(x_##B, _mm_loadu_si128((const __m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = \
_mm_xor_si128(x_##C, _mm_loadu_si128((const __m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = \
_mm_xor_si128(x_##D, _mm_loadu_si128((const __m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
}
#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D)

152
src/libsodium/crypto_stream/chacha20/dolbeau/u8.h
View File

@@ -200,7 +200,7 @@ if (bytes >= 512) {
in12 = x[12];
in13 = x[13];
in1213 = ((uint64_t) in12) | (((uint64_t) in13) << 32);
x_12 = x_13 = _mm256_broadcastq_epi64(_mm_cvtsi64_si128(in1213));
x_12 = x_13 = _mm256_broadcastq_epi64(_mm_cvtsi64_si128(in1213));
t12 = _mm256_add_epi64(addv12, x_12);
t13 = _mm256_add_epi64(addv13, x_13);
@@ -228,45 +228,45 @@ if (bytes >= 512) {
VEC8_ROUND(0, 5, 10, 15, 1, 6, 11, 12, 2, 7, 8, 13, 3, 4, 9, 14);
}
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
x_##A = _mm256_add_epi32(x_##A, orig##A); \
x_##B = _mm256_add_epi32(x_##B, orig##B); \
x_##C = _mm256_add_epi32(x_##C, orig##C); \
x_##D = _mm256_add_epi32(x_##D, orig##D); \
t_##A = _mm256_unpacklo_epi32(x_##A, x_##B); \
t_##B = _mm256_unpacklo_epi32(x_##C, x_##D); \
t_##C = _mm256_unpackhi_epi32(x_##A, x_##B); \
t_##D = _mm256_unpackhi_epi32(x_##C, x_##D); \
x_##A = _mm256_unpacklo_epi64(t_##A, t_##B); \
x_##B = _mm256_unpackhi_epi64(t_##A, t_##B); \
x_##C = _mm256_unpacklo_epi64(t_##C, t_##D); \
x_##D = _mm256_unpackhi_epi64(t_##C, t_##D); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 0), \
_mm_loadu_si128((__m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 0), \
_mm_loadu_si128((__m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 0), \
_mm_loadu_si128((__m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 0), \
_mm_loadu_si128((__m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 1), \
_mm_loadu_si128((__m128i*) (m + 256))); \
_mm_storeu_si128((__m128i*) (c + 256), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 1), \
_mm_loadu_si128((__m128i*) (m + 320))); \
_mm_storeu_si128((__m128i*) (c + 320), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 1), \
_mm_loadu_si128((__m128i*) (m + 384))); \
_mm_storeu_si128((__m128i*) (c + 384), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 1), \
_mm_loadu_si128((__m128i*) (m + 448))); \
_mm_storeu_si128((__m128i*) (c + 448), t3); \
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
x_##A = _mm256_add_epi32(x_##A, orig##A); \
x_##B = _mm256_add_epi32(x_##B, orig##B); \
x_##C = _mm256_add_epi32(x_##C, orig##C); \
x_##D = _mm256_add_epi32(x_##D, orig##D); \
t_##A = _mm256_unpacklo_epi32(x_##A, x_##B); \
t_##B = _mm256_unpacklo_epi32(x_##C, x_##D); \
t_##C = _mm256_unpackhi_epi32(x_##A, x_##B); \
t_##D = _mm256_unpackhi_epi32(x_##C, x_##D); \
x_##A = _mm256_unpacklo_epi64(t_##A, t_##B); \
x_##B = _mm256_unpackhi_epi64(t_##A, t_##B); \
x_##C = _mm256_unpacklo_epi64(t_##C, t_##D); \
x_##D = _mm256_unpackhi_epi64(t_##C, t_##D); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 0), \
_mm_loadu_si128((const __m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 0), \
_mm_loadu_si128((const __m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 0), \
_mm_loadu_si128((const __m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 0), \
_mm_loadu_si128((const __m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(x_##A, 1), \
_mm_loadu_si128((const __m128i*) (m + 256))); \
_mm_storeu_si128((__m128i*) (c + 256), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(x_##B, 1), \
_mm_loadu_si128((const __m128i*) (m + 320))); \
_mm_storeu_si128((__m128i*) (c + 320), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(x_##C, 1), \
_mm_loadu_si128((const __m128i*) (m + 384))); \
_mm_storeu_si128((__m128i*) (c + 384), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(x_##D, 1), \
_mm_loadu_si128((const __m128i*) (m + 448))); \
_mm_storeu_si128((__m128i*) (c + 448), t3); \
}
#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D)
@@ -287,42 +287,42 @@ if (bytes >= 512) {
x_##D = _mm256_unpackhi_epi64(t_##C, t_##D); \
}
#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \
{ \
ONEQUAD_UNPCK(A, B, C, D); \
ONEQUAD_UNPCK(A2, B2, C2, D2); \
t_##A = _mm256_permute2x128_si256(x_##A, x_##A2, 0x20); \
t_##A2 = _mm256_permute2x128_si256(x_##A, x_##A2, 0x31); \
t_##B = _mm256_permute2x128_si256(x_##B, x_##B2, 0x20); \
t_##B2 = _mm256_permute2x128_si256(x_##B, x_##B2, 0x31); \
t_##C = _mm256_permute2x128_si256(x_##C, x_##C2, 0x20); \
t_##C2 = _mm256_permute2x128_si256(x_##C, x_##C2, 0x31); \
t_##D = _mm256_permute2x128_si256(x_##D, x_##D2, 0x20); \
t_##D2 = _mm256_permute2x128_si256(x_##D, x_##D2, 0x31); \
t_##A = \
_mm256_xor_si256(t_##A, _mm256_loadu_si256((__m256i*) (m + 0))); \
t_##B = \
_mm256_xor_si256(t_##B, _mm256_loadu_si256((__m256i*) (m + 64))); \
t_##C = \
_mm256_xor_si256(t_##C, _mm256_loadu_si256((__m256i*) (m + 128))); \
t_##D = \
_mm256_xor_si256(t_##D, _mm256_loadu_si256((__m256i*) (m + 192))); \
t_##A2 = _mm256_xor_si256(t_##A2, \
_mm256_loadu_si256((__m256i*) (m + 256))); \
t_##B2 = _mm256_xor_si256(t_##B2, \
_mm256_loadu_si256((__m256i*) (m + 320))); \
t_##C2 = _mm256_xor_si256(t_##C2, \
_mm256_loadu_si256((__m256i*) (m + 384))); \
t_##D2 = _mm256_xor_si256(t_##D2, \
_mm256_loadu_si256((__m256i*) (m + 448))); \
_mm256_storeu_si256((__m256i*) (c + 0), t_##A); \
_mm256_storeu_si256((__m256i*) (c + 64), t_##B); \
_mm256_storeu_si256((__m256i*) (c + 128), t_##C); \
_mm256_storeu_si256((__m256i*) (c + 192), t_##D); \
_mm256_storeu_si256((__m256i*) (c + 256), t_##A2); \
_mm256_storeu_si256((__m256i*) (c + 320), t_##B2); \
_mm256_storeu_si256((__m256i*) (c + 384), t_##C2); \
_mm256_storeu_si256((__m256i*) (c + 448), t_##D2); \
#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \
{ \
ONEQUAD_UNPCK(A, B, C, D); \
ONEQUAD_UNPCK(A2, B2, C2, D2); \
t_##A = _mm256_permute2x128_si256(x_##A, x_##A2, 0x20); \
t_##A2 = _mm256_permute2x128_si256(x_##A, x_##A2, 0x31); \
t_##B = _mm256_permute2x128_si256(x_##B, x_##B2, 0x20); \
t_##B2 = _mm256_permute2x128_si256(x_##B, x_##B2, 0x31); \
t_##C = _mm256_permute2x128_si256(x_##C, x_##C2, 0x20); \
t_##C2 = _mm256_permute2x128_si256(x_##C, x_##C2, 0x31); \
t_##D = _mm256_permute2x128_si256(x_##D, x_##D2, 0x20); \
t_##D2 = _mm256_permute2x128_si256(x_##D, x_##D2, 0x31); \
t_##A = _mm256_xor_si256( \
t_##A, _mm256_loadu_si256((const __m256i*) (m + 0))); \
t_##B = _mm256_xor_si256( \
t_##B, _mm256_loadu_si256((const __m256i*) (m + 64))); \
t_##C = _mm256_xor_si256( \
t_##C, _mm256_loadu_si256((const __m256i*) (m + 128))); \
t_##D = _mm256_xor_si256( \
t_##D, _mm256_loadu_si256((const __m256i*) (m + 192))); \
t_##A2 = _mm256_xor_si256( \
t_##A2, _mm256_loadu_si256((const __m256i*) (m + 256))); \
t_##B2 = _mm256_xor_si256( \
t_##B2, _mm256_loadu_si256((const __m256i*) (m + 320))); \
t_##C2 = _mm256_xor_si256( \
t_##C2, _mm256_loadu_si256((const __m256i*) (m + 384))); \
t_##D2 = _mm256_xor_si256( \
t_##D2, _mm256_loadu_si256((const __m256i*) (m + 448))); \
_mm256_storeu_si256((__m256i*) (c + 0), t_##A); \
_mm256_storeu_si256((__m256i*) (c + 64), t_##B); \
_mm256_storeu_si256((__m256i*) (c + 128), t_##C); \
_mm256_storeu_si256((__m256i*) (c + 192), t_##D); \
_mm256_storeu_si256((__m256i*) (c + 256), t_##A2); \
_mm256_storeu_si256((__m256i*) (c + 320), t_##B2); \
_mm256_storeu_si256((__m256i*) (c + 384), t_##C2); \
_mm256_storeu_si256((__m256i*) (c + 448), t_##D2); \
}
ONEOCTO(0, 1, 2, 3, 4, 5, 6, 7);

17
src/libsodium/crypto_stream/chacha20/ref/chacha20_ref.c
View File

@@ -92,9 +92,6 @@ chacha20_encrypt_bytes(chacha_ctx *ctx, const uint8_t *m, uint8_t *c,
if (!bytes) {
return; /* LCOV_EXCL_LINE */
}
if (bytes > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
j0 = ctx->input[0];
j1 = ctx->input[1];
j2 = ctx->input[2];
@@ -243,8 +240,8 @@ stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n,
}
static int
stream_ietf_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
stream_ietf_ext_ref(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
struct chacha_ctx ctx;
@@ -287,9 +284,9 @@ stream_ref_xor_ic(unsigned char *c, const unsigned char *m,
}
static int
stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
stream_ietf_ext_ref_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
uint32_t ic, const unsigned char *k)
{
struct chacha_ctx ctx;
uint8_t ic_bytes[4];
@@ -309,7 +306,7 @@ stream_ietf_ref_xor_ic(unsigned char *c, const unsigned char *m,
struct crypto_stream_chacha20_implementation
crypto_stream_chacha20_ref_implementation = {
SODIUM_C99(.stream =) stream_ref,
SODIUM_C99(.stream_ietf =) stream_ietf_ref,
SODIUM_C99(.stream_ietf_ext =) stream_ietf_ext_ref,
SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic,
SODIUM_C99(.stream_ietf_xor_ic =) stream_ietf_ref_xor_ic
SODIUM_C99(.stream_ietf_ext_xor_ic =) stream_ietf_ext_ref_xor_ic
};

88
src/libsodium/crypto_stream/chacha20/stream_chacha20.c
View File

@@ -1,4 +1,6 @@
#include "crypto_stream_chacha20.h"
#include "core.h"
#include "private/chacha20_ietf_ext.h"
#include "private/common.h"
#include "private/implementations.h"
#include "randombytes.h"
@@ -53,40 +55,89 @@ int
crypto_stream_chacha20(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
if (clen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream(c, clen, n, k);
}
int
crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
return implementation->stream_ietf(c, clen, n, k);
}
int
crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint64_t ic,
const unsigned char *k)
{
if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream_xor_ic(c, m, mlen, n, ic, k);
}
int
crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k)
{
if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream_xor_ic(c, m, mlen, n, 0U, k);
}
int
crypto_stream_chacha20_ietf_ext(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
if (clen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream_ietf_ext(c, clen, n, k);
}
int
crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint32_t ic,
const unsigned char *k)
{
if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream_ietf_ext_xor_ic(c, m, mlen, n, ic, k);
}
static int
crypto_stream_chacha20_ietf_ext_xor(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k)
{
if (mlen > crypto_stream_chacha20_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return implementation->stream_ietf_ext_xor_ic(c, m, mlen, n, 0U, k);
}
int
crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k)
{
if (clen > crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return crypto_stream_chacha20_ietf_ext(c, clen, n, k);
}
int
crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint32_t ic,
const unsigned char *k)
{
return implementation->stream_ietf_xor_ic(c, m, mlen, n, ic, k);
}
int
crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k)
{
return implementation->stream_xor_ic(c, m, mlen, n, 0U, k);
if ((unsigned long long) ic >
(64ULL * (1ULL << 32)) / 64ULL - (mlen + 63ULL) / 64ULL) {
sodium_misuse();
}
return crypto_stream_chacha20_ietf_ext_xor_ic(c, m, mlen, n, ic, k);
}
int
@@ -94,7 +145,10 @@ crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k)
{
return implementation->stream_ietf_xor_ic(c, m, mlen, n, 0U, k);
if (mlen > crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX) {
sodium_misuse();
}
return crypto_stream_chacha20_ietf_ext_xor(c, m, mlen, n, k);
}
void

12
src/libsodium/crypto_stream/chacha20/stream_chacha20.h
View File

@@ -7,16 +7,16 @@
typedef struct crypto_stream_chacha20_implementation {
int (*stream)(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k);
int (*stream_ietf)(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k);
int (*stream_ietf_ext)(unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *k);
int (*stream_xor_ic)(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint64_t ic,
const unsigned char *k);
int (*stream_ietf_xor_ic)(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint32_t ic,
const unsigned char *k);
int (*stream_ietf_ext_xor_ic)(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n, uint32_t ic,
const unsigned char *k);
} crypto_stream_chacha20_implementation;
#endif

44
src/libsodium/crypto_stream/salsa20/xmm6int/u0.h
View File

@@ -1,8 +1,8 @@
if (bytes > 0) {
__m128i diag0 = _mm_loadu_si128((__m128i *) (x + 0));
__m128i diag1 = _mm_loadu_si128((__m128i *) (x + 4));
__m128i diag2 = _mm_loadu_si128((__m128i *) (x + 8));
__m128i diag3 = _mm_loadu_si128((__m128i *) (x + 12));
__m128i diag0 = _mm_loadu_si128((const __m128i *) (x + 0));
__m128i diag1 = _mm_loadu_si128((const __m128i *) (x + 4));
__m128i diag2 = _mm_loadu_si128((const __m128i *) (x + 8));
__m128i diag3 = _mm_loadu_si128((const __m128i *) (x + 12));
__m128i a0, a1, a2, a3, a4, a5, a6, a7;
__m128i b0, b1, b2, b3, b4, b5, b6, b7;
uint8_t partialblock[64];
@@ -156,25 +156,25 @@ if (bytes > 0) {
diag0 = _mm_xor_si128(diag0, b7);
}
diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((__m128i *) (x + 0)));
diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((__m128i *) (x + 4)));
diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((__m128i *) (x + 8)));
diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((__m128i *) (x + 12)));
diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((const __m128i *) (x + 0)));
diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((const __m128i *) (x + 4)));
diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((const __m128i *) (x + 8)));
diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((const __m128i *) (x + 12)));
#define ONEQUAD_SHUFFLE(A, B, C, D) \
do { \
uint32_t in##A = _mm_cvtsi128_si32(diag0); \
uint32_t in##B = _mm_cvtsi128_si32(diag1); \
uint32_t in##C = _mm_cvtsi128_si32(diag2); \
uint32_t in##D = _mm_cvtsi128_si32(diag3); \
diag0 = _mm_shuffle_epi32(diag0, 0x39); \
diag1 = _mm_shuffle_epi32(diag1, 0x39); \
diag2 = _mm_shuffle_epi32(diag2, 0x39); \
diag3 = _mm_shuffle_epi32(diag3, 0x39); \
*(uint32_t *) (partialblock + (A * 4)) = in##A; \
*(uint32_t *) (partialblock + (B * 4)) = in##B; \
*(uint32_t *) (partialblock + (C * 4)) = in##C; \
*(uint32_t *) (partialblock + (D * 4)) = in##D; \
#define ONEQUAD_SHUFFLE(A, B, C, D) \
do { \
uint32_t in##A = _mm_cvtsi128_si32(diag0); \
uint32_t in##B = _mm_cvtsi128_si32(diag1); \
uint32_t in##C = _mm_cvtsi128_si32(diag2); \
uint32_t in##D = _mm_cvtsi128_si32(diag3); \
diag0 = _mm_shuffle_epi32(diag0, 0x39); \
diag1 = _mm_shuffle_epi32(diag1, 0x39); \
diag2 = _mm_shuffle_epi32(diag2, 0x39); \
diag3 = _mm_shuffle_epi32(diag3, 0x39); \
*(uint32_t *) (partialblock + (A * 4)) = in##A; \
*(uint32_t *) (partialblock + (B * 4)) = in##B; \
*(uint32_t *) (partialblock + (C * 4)) = in##C; \
*(uint32_t *) (partialblock + (D * 4)) = in##D; \
} while (0)
#define ONEQUAD(A, B, C, D) ONEQUAD_SHUFFLE(A, B, C, D)

24
src/libsodium/crypto_stream/salsa20/xmm6int/u1.h
View File

@@ -1,8 +1,8 @@
while (bytes >= 64) {
__m128i diag0 = _mm_loadu_si128((__m128i *) (x + 0));
__m128i diag1 = _mm_loadu_si128((__m128i *) (x + 4));
__m128i diag2 = _mm_loadu_si128((__m128i *) (x + 8));
__m128i diag3 = _mm_loadu_si128((__m128i *) (x + 12));
__m128i diag0 = _mm_loadu_si128((const __m128i *) (x + 0));
__m128i diag1 = _mm_loadu_si128((const __m128i *) (x + 4));
__m128i diag2 = _mm_loadu_si128((const __m128i *) (x + 8));
__m128i diag3 = _mm_loadu_si128((const __m128i *) (x + 12));
__m128i a0, a1, a2, a3, a4, a5, a6, a7;
__m128i b0, b1, b2, b3, b4, b5, b6, b7;
@@ -157,10 +157,10 @@ while (bytes >= 64) {
diag0 = _mm_xor_si128(diag0, b7);
}
diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((__m128i *) (x + 0)));
diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((__m128i *) (x + 4)));
diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((__m128i *) (x + 8)));
diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((__m128i *) (x + 12)));
diag0 = _mm_add_epi32(diag0, _mm_loadu_si128((const __m128i *) (x + 0)));
diag1 = _mm_add_epi32(diag1, _mm_loadu_si128((const __m128i *) (x + 4)));
diag2 = _mm_add_epi32(diag2, _mm_loadu_si128((const __m128i *) (x + 8)));
diag3 = _mm_add_epi32(diag3, _mm_loadu_si128((const __m128i *) (x + 12)));
#define ONEQUAD_SHUFFLE(A, B, C, D) \
do { \
@@ -172,10 +172,10 @@ while (bytes >= 64) {
diag1 = _mm_shuffle_epi32(diag1, 0x39); \
diag2 = _mm_shuffle_epi32(diag2, 0x39); \
diag3 = _mm_shuffle_epi32(diag3, 0x39); \
in##A ^= *(uint32_t *) (m + (A * 4)); \
in##B ^= *(uint32_t *) (m + (B * 4)); \
in##C ^= *(uint32_t *) (m + (C * 4)); \
in##D ^= *(uint32_t *) (m + (D * 4)); \
in##A ^= *(const uint32_t *) (m + (A * 4)); \
in##B ^= *(const uint32_t *) (m + (B * 4)); \
in##C ^= *(const uint32_t *) (m + (C * 4)); \
in##D ^= *(const uint32_t *) (m + (D * 4)); \
*(uint32_t *) (c + (A * 4)) = in##A; \
*(uint32_t *) (c + (B * 4)) = in##B; \
*(uint32_t *) (c + (C * 4)) = in##C; \

48
src/libsodium/crypto_stream/salsa20/xmm6int/u4.h
View File

@@ -12,22 +12,22 @@ if (bytes >= 256) {
/* element broadcast immediate for _mm_shuffle_epi32 are in order:
0x00, 0x55, 0xaa, 0xff */
z0 = _mm_loadu_si128((__m128i *) (x + 0));
z0 = _mm_loadu_si128((const __m128i *) (x + 0));
z5 = _mm_shuffle_epi32(z0, 0x55);
z10 = _mm_shuffle_epi32(z0, 0xaa);
z15 = _mm_shuffle_epi32(z0, 0xff);
z0 = _mm_shuffle_epi32(z0, 0x00);
z1 = _mm_loadu_si128((__m128i *) (x + 4));
z1 = _mm_loadu_si128((const __m128i *) (x + 4));
z6 = _mm_shuffle_epi32(z1, 0xaa);
z11 = _mm_shuffle_epi32(z1, 0xff);
z12 = _mm_shuffle_epi32(z1, 0x00);
z1 = _mm_shuffle_epi32(z1, 0x55);
z2 = _mm_loadu_si128((__m128i *) (x + 8));
z2 = _mm_loadu_si128((const __m128i *) (x + 8));
z7 = _mm_shuffle_epi32(z2, 0xff);
z13 = _mm_shuffle_epi32(z2, 0x55);
z2 = _mm_shuffle_epi32(z2, 0xaa);
/* no z8 -> first half of the nonce, will fill later */
z3 = _mm_loadu_si128((__m128i *) (x + 12));
z3 = _mm_loadu_si128((const __m128i *) (x + 12));
z4 = _mm_shuffle_epi32(z3, 0x00);
z14 = _mm_shuffle_epi32(z3, 0xaa);
z3 = _mm_shuffle_epi32(z3, 0xff);
@@ -498,26 +498,26 @@ if (bytes >= 256) {
/* store data ; this macro first transpose data in-registers, and then store
* them in memory. much faster with icc. */
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
z##A = _mm_add_epi32(z##A, orig##A); \
z##B = _mm_add_epi32(z##B, orig##B); \
z##C = _mm_add_epi32(z##C, orig##C); \
z##D = _mm_add_epi32(z##D, orig##D); \
y##A = _mm_unpacklo_epi32(z##A, z##B); \
y##B = _mm_unpacklo_epi32(z##C, z##D); \
y##C = _mm_unpackhi_epi32(z##A, z##B); \
y##D = _mm_unpackhi_epi32(z##C, z##D); \
z##A = _mm_unpacklo_epi64(y##A, y##B); \
z##B = _mm_unpackhi_epi64(y##A, y##B); \
z##C = _mm_unpacklo_epi64(y##C, y##D); \
z##D = _mm_unpackhi_epi64(y##C, y##D); \
y##A = _mm_xor_si128(z##A, _mm_loadu_si128((__m128i *) (m + 0))); \
_mm_storeu_si128((__m128i *) (c + 0), y##A); \
y##B = _mm_xor_si128(z##B, _mm_loadu_si128((__m128i *) (m + 64))); \
_mm_storeu_si128((__m128i *) (c + 64), y##B); \
y##C = _mm_xor_si128(z##C, _mm_loadu_si128((__m128i *) (m + 128))); \
_mm_storeu_si128((__m128i *) (c + 128), y##C); \
y##D = _mm_xor_si128(z##D, _mm_loadu_si128((__m128i *) (m + 192))); \
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
z##A = _mm_add_epi32(z##A, orig##A); \
z##B = _mm_add_epi32(z##B, orig##B); \
z##C = _mm_add_epi32(z##C, orig##C); \
z##D = _mm_add_epi32(z##D, orig##D); \
y##A = _mm_unpacklo_epi32(z##A, z##B); \
y##B = _mm_unpacklo_epi32(z##C, z##D); \
y##C = _mm_unpackhi_epi32(z##A, z##B); \
y##D = _mm_unpackhi_epi32(z##C, z##D); \
z##A = _mm_unpacklo_epi64(y##A, y##B); \
z##B = _mm_unpackhi_epi64(y##A, y##B); \
z##C = _mm_unpacklo_epi64(y##C, y##D); \
z##D = _mm_unpackhi_epi64(y##C, y##D); \
y##A = _mm_xor_si128(z##A, _mm_loadu_si128((const __m128i *) (m + 0))); \
_mm_storeu_si128((__m128i *) (c + 0), y##A); \
y##B = _mm_xor_si128(z##B, _mm_loadu_si128((const __m128i *) (m + 64))); \
_mm_storeu_si128((__m128i *) (c + 64), y##B); \
y##C = _mm_xor_si128(z##C, _mm_loadu_si128((const __m128i *) (m + 128))); \
_mm_storeu_si128((__m128i *) (c + 128), y##C); \
y##D = _mm_xor_si128(z##D, _mm_loadu_si128((const __m128i *) (m + 192))); \
_mm_storeu_si128((__m128i *) (c + 192), y##D)
#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D)

149
src/libsodium/crypto_stream/salsa20/xmm6int/u8.h
View File

@@ -361,45 +361,45 @@ if (bytes >= 512) {
/* store data ; this macro first transpose data in-registers, and then store
* them in memory. much faster with icc. */
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
z##A = _mm256_add_epi32(z##A, orig##A); \
z##B = _mm256_add_epi32(z##B, orig##B); \
z##C = _mm256_add_epi32(z##C, orig##C); \
z##D = _mm256_add_epi32(z##D, orig##D); \
y##A = _mm256_unpacklo_epi32(z##A, z##B); \
y##B = _mm256_unpacklo_epi32(z##C, z##D); \
y##C = _mm256_unpackhi_epi32(z##A, z##B); \
y##D = _mm256_unpackhi_epi32(z##C, z##D); \
z##A = _mm256_unpacklo_epi64(y##A, y##B); \
z##B = _mm256_unpackhi_epi64(y##A, y##B); \
z##C = _mm256_unpacklo_epi64(y##C, y##D); \
z##D = _mm256_unpackhi_epi64(y##C, y##D); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 0), \
_mm_loadu_si128((__m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 0), \
_mm_loadu_si128((__m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 0), \
_mm_loadu_si128((__m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 0), \
_mm_loadu_si128((__m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 1), \
_mm_loadu_si128((__m128i*) (m + 256))); \
_mm_storeu_si128((__m128i*) (c + 256), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 1), \
_mm_loadu_si128((__m128i*) (m + 320))); \
_mm_storeu_si128((__m128i*) (c + 320), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 1), \
_mm_loadu_si128((__m128i*) (m + 384))); \
_mm_storeu_si128((__m128i*) (c + 384), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 1), \
_mm_loadu_si128((__m128i*) (m + 448))); \
_mm_storeu_si128((__m128i*) (c + 448), t3); \
#define ONEQUAD_TRANSPOSE(A, B, C, D) \
{ \
__m128i t0, t1, t2, t3; \
z##A = _mm256_add_epi32(z##A, orig##A); \
z##B = _mm256_add_epi32(z##B, orig##B); \
z##C = _mm256_add_epi32(z##C, orig##C); \
z##D = _mm256_add_epi32(z##D, orig##D); \
y##A = _mm256_unpacklo_epi32(z##A, z##B); \
y##B = _mm256_unpacklo_epi32(z##C, z##D); \
y##C = _mm256_unpackhi_epi32(z##A, z##B); \
y##D = _mm256_unpackhi_epi32(z##C, z##D); \
z##A = _mm256_unpacklo_epi64(y##A, y##B); \
z##B = _mm256_unpackhi_epi64(y##A, y##B); \
z##C = _mm256_unpacklo_epi64(y##C, y##D); \
z##D = _mm256_unpackhi_epi64(y##C, y##D); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 0), \
_mm_loadu_si128((const __m128i*) (m + 0))); \
_mm_storeu_si128((__m128i*) (c + 0), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 0), \
_mm_loadu_si128((const __m128i*) (m + 64))); \
_mm_storeu_si128((__m128i*) (c + 64), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 0), \
_mm_loadu_si128((const __m128i*) (m + 128))); \
_mm_storeu_si128((__m128i*) (c + 128), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 0), \
_mm_loadu_si128((const __m128i*) (m + 192))); \
_mm_storeu_si128((__m128i*) (c + 192), t3); \
t0 = _mm_xor_si128(_mm256_extracti128_si256(z##A, 1), \
_mm_loadu_si128((const __m128i*) (m + 256))); \
_mm_storeu_si128((__m128i*) (c + 256), t0); \
t1 = _mm_xor_si128(_mm256_extracti128_si256(z##B, 1), \
_mm_loadu_si128((const __m128i*) (m + 320))); \
_mm_storeu_si128((__m128i*) (c + 320), t1); \
t2 = _mm_xor_si128(_mm256_extracti128_si256(z##C, 1), \
_mm_loadu_si128((const __m128i*) (m + 384))); \
_mm_storeu_si128((__m128i*) (c + 384), t2); \
t3 = _mm_xor_si128(_mm256_extracti128_si256(z##D, 1), \
_mm_loadu_si128((const __m128i*) (m + 448))); \
_mm_storeu_si128((__m128i*) (c + 448), t3); \
}
#define ONEQUAD(A, B, C, D) ONEQUAD_TRANSPOSE(A, B, C, D)
@@ -420,41 +420,42 @@ if (bytes >= 512) {
z##D = _mm256_unpackhi_epi64(y##C, y##D); \
}
#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \
{ \
ONEQUAD_UNPCK(A, B, C, D); \
ONEQUAD_UNPCK(A2, B2, C2, D2); \
y##A = _mm256_permute2x128_si256(z##A, z##A2, 0x20); \
y##A2 = _mm256_permute2x128_si256(z##A, z##A2, 0x31); \
y##B = _mm256_permute2x128_si256(z##B, z##B2, 0x20); \
y##B2 = _mm256_permute2x128_si256(z##B, z##B2, 0x31); \
y##C = _mm256_permute2x128_si256(z##C, z##C2, 0x20); \
y##C2 = _mm256_permute2x128_si256(z##C, z##C2, 0x31); \
y##D = _mm256_permute2x128_si256(z##D, z##D2, 0x20); \
y##D2 = _mm256_permute2x128_si256(z##D, z##D2, 0x31); \
y##A = _mm256_xor_si256(y##A, _mm256_loadu_si256((__m256i*) (m + 0))); \
y##B = \
_mm256_xor_si256(y##B, _mm256_loadu_si256((__m256i*) (m + 64))); \
y##C = \
_mm256_xor_si256(y##C, _mm256_loadu_si256((__m256i*) (m + 128))); \
y##D = \
_mm256_xor_si256(y##D, _mm256_loadu_si256((__m256i*) (m + 192))); \
y##A2 = \
_mm256_xor_si256(y##A2, _mm256_loadu_si256((__m256i*) (m + 256))); \
y##B2 = \
_mm256_xor_si256(y##B2, _mm256_loadu_si256((__m256i*) (m + 320))); \
y##C2 = \
_mm256_xor_si256(y##C2, _mm256_loadu_si256((__m256i*) (m + 384))); \
y##D2 = \
_mm256_xor_si256(y##D2, _mm256_loadu_si256((__m256i*) (m + 448))); \
_mm256_storeu_si256((__m256i*) (c + 0), y##A); \
_mm256_storeu_si256((__m256i*) (c + 64), y##B); \
_mm256_storeu_si256((__m256i*) (c + 128), y##C); \
_mm256_storeu_si256((__m256i*) (c + 192), y##D); \
_mm256_storeu_si256((__m256i*) (c + 256), y##A2); \
_mm256_storeu_si256((__m256i*) (c + 320), y##B2); \
_mm256_storeu_si256((__m256i*) (c + 384), y##C2); \
_mm256_storeu_si256((__m256i*) (c + 448), y##D2); \
#define ONEOCTO(A, B, C, D, A2, B2, C2, D2) \
{ \
ONEQUAD_UNPCK(A, B, C, D); \
ONEQUAD_UNPCK(A2, B2, C2, D2); \
y##A = _mm256_permute2x128_si256(z##A, z##A2, 0x20); \
y##A2 = _mm256_permute2x128_si256(z##A, z##A2, 0x31); \
y##B = _mm256_permute2x128_si256(z##B, z##B2, 0x20); \
y##B2 = _mm256_permute2x128_si256(z##B, z##B2, 0x31); \
y##C = _mm256_permute2x128_si256(z##C, z##C2, 0x20); \
y##C2 = _mm256_permute2x128_si256(z##C, z##C2, 0x31); \
y##D = _mm256_permute2x128_si256(z##D, z##D2, 0x20); \
y##D2 = _mm256_permute2x128_si256(z##D, z##D2, 0x31); \
y##A = _mm256_xor_si256(y##A, \
_mm256_loadu_si256((const __m256i*) (m + 0))); \
y##B = _mm256_xor_si256( \
y##B, _mm256_loadu_si256((const __m256i*) (m + 64))); \
y##C = _mm256_xor_si256( \
y##C, _mm256_loadu_si256((const __m256i*) (m + 128))); \
y##D = _mm256_xor_si256( \
y##D, _mm256_loadu_si256((const __m256i*) (m + 192))); \
y##A2 = _mm256_xor_si256( \
y##A2, _mm256_loadu_si256((const __m256i*) (m + 256))); \
y##B2 = _mm256_xor_si256( \
y##B2, _mm256_loadu_si256((const __m256i*) (m + 320))); \
y##C2 = _mm256_xor_si256( \
y##C2, _mm256_loadu_si256((const __m256i*) (m + 384))); \
y##D2 = _mm256_xor_si256( \
y##D2, _mm256_loadu_si256((const __m256i*) (m + 448))); \
_mm256_storeu_si256((__m256i*) (c + 0), y##A); \
_mm256_storeu_si256((__m256i*) (c + 64), y##B); \
_mm256_storeu_si256((__m256i*) (c + 128), y##C); \
_mm256_storeu_si256((__m256i*) (c + 192), y##D); \
_mm256_storeu_si256((__m256i*) (c + 256), y##A2); \
_mm256_storeu_si256((__m256i*) (c + 320), y##B2); \
_mm256_storeu_si256((__m256i*) (c + 384), y##C2); \
_mm256_storeu_si256((__m256i*) (c + 448), y##D2); \
}
ONEOCTO(0, 1, 2, 3, 4, 5, 6, 7);

32
src/libsodium/include/sodium/crypto_aead_aes256gcm.h
View File

@@ -52,11 +52,13 @@ size_t crypto_aead_aes256gcm_abytes(void);
#define crypto_aead_aes256gcm_MESSAGEBYTES_MAX \
SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_aes256gcm_ABYTES, \
(16ULL * ((1ULL << 32) - 2ULL)) - crypto_aead_aes256gcm_ABYTES)
(16ULL * ((1ULL << 32) - 2ULL)))
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_messagebytes_max(void);
typedef CRYPTO_ALIGN(16) unsigned char crypto_aead_aes256gcm_state[512];
typedef CRYPTO_ALIGN(16) struct crypto_aead_aes256gcm_state_ {
unsigned char opaque[512];
} crypto_aead_aes256gcm_state;
SODIUM_EXPORT
size_t crypto_aead_aes256gcm_statebytes(void);
@@ -70,7 +72,8 @@ int crypto_aead_aes256gcm_encrypt(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt(unsigned char *m,
@@ -82,7 +85,7 @@ int crypto_aead_aes256gcm_decrypt(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
@@ -94,7 +97,8 @@ int crypto_aead_aes256gcm_encrypt_detached(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
@@ -106,13 +110,14 @@ int crypto_aead_aes256gcm_decrypt_detached(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
/* -- Precomputation interface -- */
SODIUM_EXPORT
int crypto_aead_aes256gcm_beforenm(crypto_aead_aes256gcm_state *ctx_,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
@@ -123,7 +128,8 @@ int crypto_aead_aes256gcm_encrypt_afternm(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_);
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
@@ -135,7 +141,7 @@ int crypto_aead_aes256gcm_decrypt_afternm(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
@@ -147,7 +153,8 @@ int crypto_aead_aes256gcm_encrypt_detached_afternm(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_);
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
@@ -159,10 +166,11 @@ int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const crypto_aead_aes256gcm_state *ctx_)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
SODIUM_EXPORT
void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]);
void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

28
src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h
View File

@@ -32,7 +32,7 @@ size_t crypto_aead_chacha20poly1305_ietf_abytes(void);
#define crypto_aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX \
SODIUM_MIN(SODIUM_SIZE_MAX - crypto_aead_chacha20poly1305_ietf_ABYTES, \
(64ULL * (1ULL << 32) - 64ULL) - crypto_aead_chacha20poly1305_ietf_ABYTES)
(64ULL * ((1ULL << 32) - 1ULL)))
SODIUM_EXPORT
size_t crypto_aead_chacha20poly1305_ietf_messagebytes_max(void);
@@ -45,7 +45,8 @@ int crypto_aead_chacha20poly1305_ietf_encrypt(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
@@ -57,7 +58,7 @@ int crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c,
@@ -69,7 +70,8 @@ int crypto_aead_chacha20poly1305_ietf_encrypt_detached(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
@@ -81,10 +83,11 @@ int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
SODIUM_EXPORT
void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]);
void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES])
__attribute__ ((nonnull));
/* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */
@@ -118,7 +121,8 @@ int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
@@ -130,7 +134,7 @@ int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c,
@@ -142,7 +146,8 @@ int crypto_aead_chacha20poly1305_encrypt_detached(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
@@ -154,10 +159,11 @@ int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 8, 9)));
SODIUM_EXPORT
void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]);
void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES])
__attribute__ ((nonnull));
/* Aliases */

13
src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h
View File

@@ -41,7 +41,8 @@ int crypto_aead_xchacha20poly1305_ietf_encrypt(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 8, 9)));
SODIUM_EXPORT
int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
@@ -53,7 +54,7 @@ int crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(4, 8, 9)));
SODIUM_EXPORT
int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
@@ -65,7 +66,8 @@ int crypto_aead_xchacha20poly1305_ietf_encrypt_detached(unsigned char *c,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull(1, 2, 9, 10)));
SODIUM_EXPORT
int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
@@ -77,10 +79,11 @@ int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5, 9, 9)));
SODIUM_EXPORT
void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]);
void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES])
__attribute__ ((nonnull));
/* Aliases */

8
src/libsodium/include/sodium/crypto_auth.h
View File

@@ -27,15 +27,17 @@ const char *crypto_auth_primitive(void);
SODIUM_EXPORT
int crypto_auth(unsigned char *out, const unsigned char *in,
unsigned long long inlen, const unsigned char *k);
unsigned long long inlen, const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
unsigned long long inlen, const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES]);
void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

14
src/libsodium/include/sodium/crypto_auth_hmacsha256.h
View File

@@ -24,14 +24,14 @@ SODIUM_EXPORT
int crypto_auth_hmacsha256(unsigned char *out,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k);
const unsigned char *k) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha256_verify(const unsigned char *h,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
/* ------------------------------------------------------------------------- */
@@ -46,20 +46,22 @@ size_t crypto_auth_hmacsha256_statebytes(void);
SODIUM_EXPORT
int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
const unsigned char *key,
size_t keylen);
size_t keylen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
unsigned char *out);
unsigned char *out) __attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES]);
void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

13
src/libsodium/include/sodium/crypto_auth_hmacsha512.h
View File

@@ -24,14 +24,14 @@ SODIUM_EXPORT
int crypto_auth_hmacsha512(unsigned char *out,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k);
const unsigned char *k) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha512_verify(const unsigned char *h,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
/* ------------------------------------------------------------------------- */
@@ -46,19 +46,20 @@ size_t crypto_auth_hmacsha512_statebytes(void);
SODIUM_EXPORT
int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state,
const unsigned char *key,
size_t keylen);
size_t keylen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state,
const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state,
unsigned char *out);
unsigned char *out) __attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES]);
void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

11
src/libsodium/include/sodium/crypto_auth_hmacsha512256.h
View File

@@ -29,7 +29,7 @@ int crypto_auth_hmacsha512256_verify(const unsigned char *h,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
/* ------------------------------------------------------------------------- */
@@ -41,19 +41,20 @@ size_t crypto_auth_hmacsha512256_statebytes(void);
SODIUM_EXPORT
int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state,
const unsigned char *key,
size_t keylen);
size_t keylen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state,
const unsigned char *in,
unsigned long long inlen);
unsigned long long inlen) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state,
unsigned char *out);
unsigned char *out) __attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]);
void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES])
__attribute__ ((nonnull));
#ifdef __cplusplus
}

38
src/libsodium/include/sodium/crypto_box.h
View File

@@ -50,29 +50,31 @@ const char *crypto_box_primitive(void);
SODIUM_EXPORT
int crypto_box_seed_keypair(unsigned char *pk, unsigned char *sk,
const unsigned char *seed);
const unsigned char *seed)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_keypair(unsigned char *pk, unsigned char *sk);
int crypto_box_keypair(unsigned char *pk, unsigned char *sk)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_easy(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *pk, const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open_easy(unsigned char *m, const unsigned char *c,
unsigned long long clen, const unsigned char *n,
const unsigned char *pk, const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
SODIUM_EXPORT
int crypto_box_detached(unsigned char *c, unsigned char *mac,
const unsigned char *m, unsigned long long mlen,
const unsigned char *n, const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open_detached(unsigned char *m, const unsigned char *c,
@@ -81,7 +83,7 @@ int crypto_box_open_detached(unsigned char *m, const unsigned char *c,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
/* -- Precomputation interface -- */
@@ -92,30 +94,31 @@ size_t crypto_box_beforenmbytes(void);
SODIUM_EXPORT
int crypto_box_beforenm(unsigned char *k, const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_easy_afternm(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k);
const unsigned char *k) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open_easy_afternm(unsigned char *m, const unsigned char *c,
unsigned long long clen, const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
SODIUM_EXPORT
int crypto_box_detached_afternm(unsigned char *c, unsigned char *mac,
const unsigned char *m, unsigned long long mlen,
const unsigned char *n, const unsigned char *k);
const unsigned char *n, const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open_detached_afternm(unsigned char *m, const unsigned char *c,
const unsigned char *mac,
unsigned long long clen, const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
/* -- Ephemeral SK interface -- */
@@ -125,13 +128,14 @@ size_t crypto_box_sealbytes(void);
SODIUM_EXPORT
int crypto_box_seal(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *pk);
unsigned long long mlen, const unsigned char *pk)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_seal_open(unsigned char *m, const unsigned char *c,
unsigned long long clen,
const unsigned char *pk, const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
/* -- NaCl compatibility interface ; Requires padding -- */
@@ -147,24 +151,24 @@ SODIUM_EXPORT
int crypto_box(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *pk, const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open(unsigned char *m, const unsigned char *c,
unsigned long long clen, const unsigned char *n,
const unsigned char *pk, const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
SODIUM_EXPORT
int crypto_box_afternm(unsigned char *c, const unsigned char *m,
unsigned long long mlen, const unsigned char *n,
const unsigned char *k);
const unsigned char *k) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_open_afternm(unsigned char *m, const unsigned char *c,
unsigned long long clen, const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
#ifdef __cplusplus
}

31
src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h
View File

@@ -45,11 +45,13 @@ size_t crypto_box_curve25519xchacha20poly1305_messagebytes_max(void);
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_seed_keypair(unsigned char *pk,
unsigned char *sk,
const unsigned char *seed);
const unsigned char *seed)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_keypair(unsigned char *pk,
unsigned char *sk);
unsigned char *sk)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c,
@@ -58,7 +60,7 @@ int crypto_box_curve25519xchacha20poly1305_easy(unsigned char *c,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m,
@@ -67,7 +69,7 @@ int crypto_box_curve25519xchacha20poly1305_open_easy(unsigned char *m,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
@@ -77,7 +79,7 @@ int crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m,
@@ -87,7 +89,7 @@ int crypto_box_curve25519xchacha20poly1305_open_detached(unsigned char *m,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6, 7)));
/* -- Precomputation interface -- */
@@ -95,14 +97,15 @@ SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_beforenm(unsigned char *k,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m,
@@ -110,7 +113,7 @@ int crypto_box_curve25519xchacha20poly1305_open_easy_afternm(unsigned char *m,
unsigned long long clen,
const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c,
@@ -118,7 +121,8 @@ int crypto_box_curve25519xchacha20poly1305_detached_afternm(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *m,
@@ -127,7 +131,7 @@ int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *
unsigned long long clen,
const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6)));
/* -- Ephemeral SK interface -- */
@@ -142,7 +146,8 @@ SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *pk);
const unsigned char *pk)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
@@ -150,7 +155,7 @@ int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
unsigned long long clen,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
#ifdef __cplusplus
}

17
src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h
View File

@@ -45,17 +45,19 @@ size_t crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void);
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk,
unsigned char *sk,
const unsigned char *seed);
const unsigned char *seed)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk,
unsigned char *sk);
unsigned char *sk)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
/* -- NaCl compatibility interface ; Requires padding -- */
@@ -76,7 +78,7 @@ int crypto_box_curve25519xsalsa20poly1305(unsigned char *c,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m,
@@ -85,14 +87,15 @@ int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *m,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5, 6)));
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k);
const unsigned char *k)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m,
@@ -100,7 +103,7 @@ int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m,
unsigned long long clen,
const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
__attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5)));
#ifdef __cplusplus
}

54
src/libsodium/include/sodium/crypto_core_ed25519.h
View File

@@ -16,19 +16,65 @@ size_t crypto_core_ed25519_bytes(void);
SODIUM_EXPORT
size_t crypto_core_ed25519_uniformbytes(void);
#define crypto_core_ed25519_SCALARBYTES 32
SODIUM_EXPORT
int crypto_core_ed25519_is_valid_point(const unsigned char *p);
size_t crypto_core_ed25519_scalarbytes(void);
#define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64
SODIUM_EXPORT
size_t crypto_core_ed25519_nonreducedscalarbytes(void);
SODIUM_EXPORT
int crypto_core_ed25519_is_valid_point(const unsigned char *p)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_core_ed25519_add(unsigned char *r,
const unsigned char *p, const unsigned char *q);
const unsigned char *p, const unsigned char *q)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_core_ed25519_sub(unsigned char *r,
const unsigned char *p, const unsigned char *q);
const unsigned char *p, const unsigned char *q)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r);
int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ed25519_scalar_random(unsigned char *r)
__attribute__ ((nonnull));
SODIUM_EXPORT
int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x,
const unsigned char *y)
__attribute__ ((nonnull));
SODIUM_EXPORT
void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x,
const unsigned char *y)
__attribute__ ((nonnull));
/*
* The interval `s` is sampled from should be at least 317 bits to ensure almost
* uniformity of `r` over `L`.
*/
SODIUM_EXPORT
void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s)
__attribute__ ((nonnull));
#ifdef __cplusplus
}

3
src/libsodium/include/sodium/crypto_core_hchacha20.h
View File

@@ -26,7 +26,8 @@ size_t crypto_core_hchacha20_constbytes(void);
SODIUM_EXPORT
int crypto_core_hchacha20(unsigned char *out, const unsigned char *in,
const unsigned char *k, const unsigned char *c);
const unsigned char *k, const unsigned char *c)
__attribute__ ((nonnull(1, 2, 3)));
#ifdef __cplusplus
}

3
src/libsodium/include/sodium/crypto_core_hsalsa20.h
View File

@@ -26,7 +26,8 @@ size_t crypto_core_hsalsa20_constbytes(void);
SODIUM_EXPORT
int crypto_core_hsalsa20(unsigned char *out, const unsigned char *in,
const unsigned char *k, const unsigned char *c);
const unsigned char *k, const unsigned char *c)
__attribute__ ((nonnull(1, 2, 3)));
#ifdef __cplusplus
}

3
src/libsodium/include/sodium/crypto_core_salsa20.h
View File

@@ -26,7 +26,8 @@ size_t crypto_core_salsa20_constbytes(void);
SODIUM_EXPORT
int crypto_core_salsa20(unsigned char *out, const unsigned char *in,
const unsigned char *k, const unsigned char *c);
const unsigned char *k, const unsigned char *c)
__attribute__ ((nonnull(1, 2, 3)));
#ifdef __cplusplus
}

3
src/libsodium/include/sodium/crypto_core_salsa2012.h
View File

@@ -26,7 +26,8 @@ size_t crypto_core_salsa2012_constbytes(void);
SODIUM_EXPORT
int crypto_core_salsa2012(unsigned char *out, const unsigned char *in,
const unsigned char *k, const unsigned char *c);
const unsigned char *k, const unsigned char *c)
__attribute__ ((nonnull(1, 2, 3)));
#ifdef __cplusplus
}

Some files were not shown because too many files have changed in this diff Show More