From c73b6c9ba513fea3e18b696e659049df69931171 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Tue, 11 Nov 2014 11:18:18 -0500 Subject: update to 1.0.0-1 version of the package --- src/libsodium/include/Makefile.am | 1 - src/libsodium/include/sodium.h | 1 - .../include/sodium/crypto_onetimeauth_poly1305.h | 3 +- .../sodium/crypto_pwhash_scryptsalsa208sha256.h | 5 ++ src/libsodium/include/sodium/crypto_sign_ed25519.h | 15 +++++ .../include/sodium/crypto_stream_aes256estream.h | 67 ---------------------- src/libsodium/include/sodium/randombytes.h | 18 +++--- src/libsodium/include/sodium/utils.h | 57 +++++++++++++++++- 8 files changed, 85 insertions(+), 82 deletions(-) delete mode 100644 src/libsodium/include/sodium/crypto_stream_aes256estream.h (limited to 'src/libsodium/include') diff --git a/src/libsodium/include/Makefile.am b/src/libsodium/include/Makefile.am index 45a82d7..894c371 100644 --- a/src/libsodium/include/Makefile.am +++ b/src/libsodium/include/Makefile.am @@ -32,7 +32,6 @@ SODIUM_EXPORT = \ sodium/crypto_sign_edwards25519sha512batch.h \ sodium/crypto_stream.h \ sodium/crypto_stream_aes128ctr.h \ - sodium/crypto_stream_aes256estream.h \ sodium/crypto_stream_chacha20.h \ sodium/crypto_stream_salsa20.h \ sodium/crypto_stream_salsa2012.h \ diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h index dcb6b45..4a57108 100644 --- a/src/libsodium/include/sodium.h +++ b/src/libsodium/include/sodium.h @@ -32,7 +32,6 @@ #include #include #include -#include #include #include #include diff --git a/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h b/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h index 54f4a73..fb6eb49 100644 --- a/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h +++ b/src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h @@ -54,9 +54,8 @@ const char *crypto_onetimeauth_poly1305_implementation_name(void); SODIUM_EXPORT int crypto_onetimeauth_poly1305_set_implementation(crypto_onetimeauth_poly1305_implementation *impl); -SODIUM_EXPORT crypto_onetimeauth_poly1305_implementation * - crypto_onetimeauth_pick_best_implementation(void); +crypto_onetimeauth_pick_best_implementation(void); SODIUM_EXPORT int crypto_onetimeauth_poly1305(unsigned char *out, diff --git a/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h b/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h index 7de8395..a83233b 100644 --- a/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h +++ b/src/libsodium/include/sodium/crypto_pwhash_scryptsalsa208sha256.h @@ -2,6 +2,7 @@ #define crypto_pwhash_scryptsalsa208sha256_H #include +#include #include "export.h" @@ -20,6 +21,10 @@ size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void); SODIUM_EXPORT size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void); +#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$" +SODIUM_EXPORT +const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void); + #define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288ULL SODIUM_EXPORT size_t crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void); diff --git a/src/libsodium/include/sodium/crypto_sign_ed25519.h b/src/libsodium/include/sodium/crypto_sign_ed25519.h index 101b6c9..0194c39 100644 --- a/src/libsodium/include/sodium/crypto_sign_ed25519.h +++ b/src/libsodium/include/sodium/crypto_sign_ed25519.h @@ -57,6 +57,21 @@ SODIUM_EXPORT int crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk, const unsigned char *seed); +SODIUM_EXPORT +int crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk, + const unsigned char *ed25519_pk); + +SODIUM_EXPORT +int crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk, + const unsigned char *ed25519_sk); + +SODIUM_EXPORT +int crypto_sign_ed25519_sk_to_seed(unsigned char *seed, + const unsigned char *sk); + +SODIUM_EXPORT +int crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk); + #ifdef __cplusplus } #endif diff --git a/src/libsodium/include/sodium/crypto_stream_aes256estream.h b/src/libsodium/include/sodium/crypto_stream_aes256estream.h deleted file mode 100644 index d497834..0000000 --- a/src/libsodium/include/sodium/crypto_stream_aes256estream.h +++ /dev/null @@ -1,67 +0,0 @@ -#ifndef crypto_stream_aes256estream_H -#define crypto_stream_aes256estream_H - -/* - * WARNING: This is just a stream cipher. It is NOT authenticated encryption. - * While it provides some protection against eavesdropping, it does NOT - * provide any security against active attacks. - * Furthermore, this implementation was not part of NaCl. - * - * If you are looking for a stream cipher, you might consider - * crypto_stream_aes128ctr, crypto_stream_chacha20 or crypto_stream_(x)salsa20 - * which are timing-attack resistant. - * - * But unless you know what you're doing, what you are looking for is probably - * the crypto_box or crypto_secretbox functions. - */ - -#include -#include "export.h" - -#ifdef __cplusplus -# if __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_stream_aes256estream_KEYBYTES 32U -SODIUM_EXPORT -size_t crypto_stream_aes256estream_keybytes(void); - -#define crypto_stream_aes256estream_NONCEBYTES 16U -SODIUM_EXPORT -size_t crypto_stream_aes256estream_noncebytes(void); - -#define crypto_stream_aes256estream_BEFORENMBYTES 276U -SODIUM_EXPORT -size_t crypto_stream_aes256estream_beforenmbytes(void); - -SODIUM_EXPORT -int crypto_stream_aes256estream(unsigned char *out, unsigned long long len, - const unsigned char *nonce, const unsigned char *c); - -SODIUM_EXPORT -int crypto_stream_aes256estream_xor(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *n, - const unsigned char *k); - -SODIUM_EXPORT -int crypto_stream_aes256estream_beforenm(unsigned char *c, const unsigned char *k); - -SODIUM_EXPORT -int crypto_stream_aes256estream_afternm(unsigned char *out, unsigned long long len, - const unsigned char *nonce, - const unsigned char *c); - -SODIUM_EXPORT -int crypto_stream_aes256estream_xor_afternm(unsigned char *out, const unsigned char *in, - unsigned long long len, - const unsigned char *nonce, - const unsigned char *c); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/src/libsodium/include/sodium/randombytes.h b/src/libsodium/include/sodium/randombytes.h index c5175b2..4d07cd5 100644 --- a/src/libsodium/include/sodium/randombytes.h +++ b/src/libsodium/include/sodium/randombytes.h @@ -26,28 +26,30 @@ typedef struct randombytes_implementation { } randombytes_implementation; SODIUM_EXPORT -int randombytes_set_implementation(randombytes_implementation *impl); +void randombytes_buf(void * const buf, const size_t size); SODIUM_EXPORT -void randombytes(unsigned char * const buf, const unsigned long long buf_len); +uint32_t randombytes_random(void); SODIUM_EXPORT -const char *randombytes_implementation_name(void); +uint32_t randombytes_uniform(const uint32_t upper_bound); SODIUM_EXPORT -uint32_t randombytes_random(void); +void randombytes_stir(void); SODIUM_EXPORT -void randombytes_stir(void); +int randombytes_close(void); SODIUM_EXPORT -uint32_t randombytes_uniform(const uint32_t upper_bound); +int randombytes_set_implementation(randombytes_implementation *impl); SODIUM_EXPORT -void randombytes_buf(void * const buf, const size_t size); +const char *randombytes_implementation_name(void); + +/* -- Compatibility layer with NaCl -- */ SODIUM_EXPORT -int randombytes_close(void); +void randombytes(unsigned char * const buf, const unsigned long long buf_len); #ifdef __cplusplus } diff --git a/src/libsodium/include/sodium/utils.h b/src/libsodium/include/sodium/utils.h index 817919b..1ac78eb 100644 --- a/src/libsodium/include/sodium/utils.h +++ b/src/libsodium/include/sodium/utils.h @@ -16,12 +16,14 @@ extern "C" { # define _SODIUM_C99(X) X #endif -unsigned char *_sodium_alignedcalloc(unsigned char ** const unaligned_p, - const size_t len); - SODIUM_EXPORT void sodium_memzero(void * const pnt, const size_t len); +/* WARNING: sodium_memcmp() must be used to verify if two secret keys + * are equal, in constant time. + * It returns 0 if the keys are equal, and -1 if they differ. + * This function is not designed for lexicographical comparisons. + */ SODIUM_EXPORT int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len); @@ -41,6 +43,55 @@ int sodium_mlock(void * const addr, const size_t len); SODIUM_EXPORT int sodium_munlock(void * const addr, const size_t len); +/* WARNING: sodium_malloc() and sodium_allocarray() are not general-purpose + * allocation functions. + * + * They return a pointer to a region filled with 0xd0 bytes, immediately + * followed by a guard page. + * As a result, accessing a single byte after the requested allocation size + * will intentionally trigger a segmentation fault. + * + * A canary and an additional guard page placed before the beginning of the + * region may also kill the process if a buffer underflow is detected. + * + * The memory layout is: + * [unprotected region size (read only)][guard page (no access)][unprotected pages (read/write)][guard page (no access)] + * With the layout of the unprotected pages being: + * [optional padding][16-bytes canary][user region] + * + * However: + * - These functions are significantly slower than standard functions + * - Each allocation requires 3 or 4 additional pages + * - The returned address will not be aligned if the allocation size is not + * a multiple of the required alignment. For this reason, these functions + * are designed to store data, such as secret keys and messages. + * They should not be used to store pointers mixed with other types + * in portable code unless extreme care is taken to ensure correct + * pointers alignment. + */ + +SODIUM_EXPORT +void *sodium_malloc(const size_t size); + +SODIUM_EXPORT +void *sodium_allocarray(size_t count, size_t size); + +SODIUM_EXPORT +void sodium_free(void *ptr); + +SODIUM_EXPORT +int sodium_mprotect_noaccess(void *ptr); + +SODIUM_EXPORT +int sodium_mprotect_readonly(void *ptr); + +SODIUM_EXPORT +int sodium_mprotect_readwrite(void *ptr); + +/* -------- */ + +int _sodium_alloc_init(void); + #ifdef __cplusplus } #endif -- cgit v1.2.3