kevin/libsodium
1
Fork 0
mirror of https://github.com/jedisct1/libsodium.git synced 2024-12-19 10:05:05 -07:00
Code Releases Wiki Activity
4,397 Commits 7 Branches 36 Tags 16 MiB
master
Commit Graph

2059 Commits

Author SHA1 Message Date
Frank Denis
479c370bc1 Require zig cc or clang for the amazing __builtin_shufflevector() 2022-11-13 23:53:28 +01:00
Frank Denis
b677924b2e Use enum instead of integers for C++ compat 2022-11-13 22:36:54 +01:00
Frank Denis
495a16cbe0 MSVC cannot compile AES-GCM for now 2022-11-13 21:26:04 +01:00
Frank Denis
379cd8303b Avoid C99isms 2022-11-13 21:23:19 +01:00
Frank Denis
ae8f462ad3 Avoid gcc extensions in aead_aes256gcm_aesni 2022-11-13 21:18:03 +01:00
Frank Denis
36d0196a4a Don't try ARM Crypto implementations on big-endian yet 2022-11-13 20:56:21 +01:00
Frank Denis
f3cf71edd7 Add AES256-GCM support for ARM crypto 2022-11-13 20:23:15 +01:00
Frank Denis
45a0cef2fc AES-NI can be available on i386 2022-11-13 19:40:39 +01:00
Frank Denis
73d039d8ca Remove unused macro 2022-11-13 18:46:22 +01:00
Frank Denis
9b623852bd Rewrite the AES256-GCM implementation 
Faster, way more readable, easier to port to other architectures.
 2022-11-13 18:42:38 +01:00
Frank Denis
a972fe6498 Indent 2022-10-21 17:54:39 +02:00
Frank Denis
992168c50f Win32: SecureZeroMemory may not be available 2022-10-20 14:42:55 +02:00
Frank Denis
b4c5d37fb5 scalarmult(): don't use the output as a temporary buffer 
So that application can use the same pointer for the public key
and the shared secret.
 2022-10-11 14:02:29 +02:00
Steve Thomas
0a6178f203
Clear decrypted block from stack (#1190) 2022-06-18 20:32:35 +02:00
Frank Denis
4bffcc63b1 sodium_compare(): cast operands to unsigned int 
This matches the Zig implementation and
fixes #1184
 2022-06-05 14:28:54 +02:00
Frank Denis
0124c4cddb Indent 2022-05-11 18:13:08 +02:00
Frank Denis
f425d4d96f Simplify blkxor() 2022-05-11 18:02:10 +02:00
Frank Denis
75bde19055 Revert "Add the shifumi128 ZKP system" 
This reverts commit 6efe9ee2b5.
 2022-04-02 09:32:22 +02:00
Frank Denis
6efe9ee2b5 Add the shifumi128 ZKP system 2022-03-31 20:04:51 +02:00
Frank Denis
69d15f1123 Support gcc-like and C11-like memory fences 2022-03-07 16:47:43 +01:00
Frank Denis
d4ee08ab8a Add memory fences where supported 2022-03-07 16:38:37 +01:00
Frank Denis
fbe2c92f0d AEGIS: rename constants to match the draft 2022-01-04 16:06:44 +01:00
Frank Denis
447cd270d9 edwards25519: faster recovery of the X coordinate 2021-12-27 15:16:56 +01:00
Frank Denis
089f850608 Remove expected length from the pwhash_str_verify()/needs_rehash() 2021-11-11 14:15:24 +01:00
Frank Denis
b65f8fdf4f Remove unused variables 2021-11-08 22:00:33 +01:00
Frank Denis
7052e4733f H2C: Y should be negative is gx1 is a square 
Fixes #1119
 2021-11-08 14:31:14 +01:00
Jørgen P. Tjernø
64129657a5
Portability improvements (#1105) 
* Move `raise` code to be behind an autoconf check

This moves the call to `raise` behind a `HAVE_RAISE` autoconf check,
in addition to `__wasm__`. This is intended to help porting to
other platforms that don't support `raise` (e.g. modern game consoles).

* Add autoconf check for `sysconf`

Only try to invoke `sysconf` if the target platform supports it, and
don't warn about unknown page size if `PAGE_SIZE` was defined. Add an
include for `sys/param.h` to increase likelihood of finding `PAGE_SIZE`.
This is intended to help porting to other platforms that don't support
`sysconf` (e.g. modern game consoles) that have a fixed hardware page
size.

* Don't try to use raise & sysconf in a WASI environment

Co-authored-by: Frank Denis <124872+jedisct1@users.noreply.github.com>
 2021-09-16 20:01:24 +02:00
Frank Denis
038e4114e9 fe25519_reduce64: handle the top bit 
This is only for code clarity and for people copy/pasting that
private code to use it in a different context.

The top 128 bits are always zero.
 2021-07-22 00:41:50 +02:00
Frank Denis
07c2f6c053 Handle the Sun and the IBM compilers separately 2021-07-09 15:47:40 +02:00
infinitydev
b9b66faddb
Fix build on z/OS using XLC (#1089) 
* Fix incorrect XLC #pragma in public header

* Fix incorrect XLC #pragma in internal blake2 header
 2021-07-09 15:38:07 +02:00
niooss-ledger
6cd2677d44
Remove unused variable from _sodium_runtime_intel_cpu_features (#1085) 
The function `_sodium_runtime_intel_cpu_features` assigns some value to
its local variable `id` but never reads it. Remove this variable, which
also simplifies the `if` statement that contains the assignment.
 2021-07-01 10:05:30 +02:00
Frank Denis
558886fd0e Use assignement + case instead of memcpy() 2021-06-17 20:57:21 +02:00
Frank Denis
a2ee77b90a Include private/sse2_64_32.h only where SSE2 is required 
Fixes #1074
 2021-06-13 21:40:54 +02:00
Alcaro
9faa6bb62b
core.c: Make _sodium_crit_init static (#1073) 2021-06-13 18:22:32 +02:00
Jordan Frank
7d1aad1797
define randombytes_set_implementation argument to be const (#1068) 2021-05-25 19:25:56 +02:00
Frank Denis
0e870c5406 Don't define DllMain in static builds 2021-05-22 10:29:00 +02:00
Christoph M. Becker
8b66d2b969
Delete critical section on DLL_PROCESS_DETACH (#1058) 
To explicitly release all allocated resources on shutdown on Windows, we delete the critical section on `DLL_PROCESS_DETACH`.

We do not employ any locking to avoid any potential deadlock.  In case of normal
DLL unloading there is no need to, and in case of forced unloading all bets are likely off anyway.
 2021-05-22 10:26:13 +02:00
P.I.E. Security Team
710b2d3963
Fix comment in ristretto255_elligator (#1052) 2021-04-21 11:21:58 +02:00
harl
144e6e3161
Fix MAC computation in AEGIS128L on aarch64 2021-03-15 10:24:48 +01:00
martingd
3de0b3cdad
Error from argon2_hash() during verify propagated. (#1039) 2021-03-12 18:01:08 +01:00
Frank Denis
f01675fcf2 Fix alignment after #1032 2021-02-12 17:15:00 +01:00
Tobias Nießen
219e74cc98
src: improve a few comments (#1032) 2021-02-12 17:13:22 +01:00
Frank Denis
e4206f1337 Change crypto_core_ed25519_from_string() to accept a hash function 2021-01-24 19:21:07 +01:00
Frank Denis
e0629769d3 Move the H2C string->hash functions to their own files 2021-01-24 18:45:14 +01:00
Frank Denis
5ff2b1a0e7 Allow arbitrary long string-to-H2C-hash operations 
Make the ristretto and edwards25519 string to hash code lookalike.
 2021-01-23 21:41:20 +01:00
Frank Denis
41e6cb3368 Use SHA-256 for the hash-to-ristretto255 operation 
We may eventually revert to SHA-512
 2021-01-23 19:00:05 +01:00
Frank Denis
89916bbe11 Explicit 2021-01-07 19:54:07 +01:00
Frank Denis
611e1a0bc1 Typo (risretto -> ristretto) 
Fixes #1014
 2020-12-10 22:17:06 +01:00
Frank Denis
45bca21a95 Detect ARM features with elf_aux_info on FreeBSD >= 12.0 
by @devnexen, thanks!

Fixes #1012
 2020-12-04 15:34:27 +01:00
Frank Denis
761c1b34cd Reorganize ARM features detection 2020-12-04 15:27:32 +01:00
Frank Denis
4aa74923d2 pwhash never supported "in-place" operation - return EINVAL 2020-11-24 22:50:15 +01:00
David CARLIER
d250858c74
DragonFlyBSD supports getrandom too since 5.7 2020-11-08 15:58:29 +01:00
Frank Denis
b302c8e8e1 secretbox_xchacha: don't do useless rounds for the first block 2020-10-29 18:39:40 +01:00
Frank Denis
31436eb1df secretbox_open: no need to encrypt the first block twice 2020-10-29 18:30:14 +01:00
Frank Denis
82652f0a0b Merge branch 'master' of github.com:jedisct1/libsodium into master 
* 'master' of github.com:jedisct1/libsodium:
  docs: fix simple typo, interoperatibility -> interoperability (#1002)
  Repair AEGIS on aarch64
 2020-10-12 11:51:13 +02:00
Tim Gates
b3fafe1291
docs: fix simple typo, interoperatibility -> interoperability (#1002) 
There is a small typo in src/libsodium/include/sodium/crypto_hash.h, src/libsodium/include/sodium/crypto_hash_sha256.h, src/libsodium/include/sodium/crypto_hash_sha512.h.

Should read `interoperability` rather than `interoperatibility`.
 2020-10-12 11:37:24 +02:00
Frank Denis
0263be7a15 Unbreak unchecked_sqrt if pointers are distinct 2020-10-06 13:27:09 +02:00
Frank Denis
29041d8ba1 Comment 2020-10-06 12:58:31 +02:00
Frank Denis
ae4add8681 Repair AEGIS on aarch64 
fixes #999
 2020-10-04 15:24:03 +02:00
Frank Denis
3993b1a682 aegis mac: flip parameters to match their representation order 2020-09-27 23:38:02 +02:00
Frank Denis
3c83aeb4fa Shorten 2020-09-27 22:42:57 +02:00
Frank Denis
0454ae61c8 aegis: use more self-explanatory names for keys and nonces 2020-09-27 22:40:57 +02:00
Frank Denis
dfcc95cb64 Merge branch 'master' of github.com:jedisct1/libsodium into master 
* 'master' of github.com:jedisct1/libsodium:
  Add hash_to_ristretto255
  Move 2^511 -> 2^255-19 reduction to its own function
  Constify
 2020-09-20 15:13:03 +02:00
Frank Denis
33b935921c Add hash_to_ristretto255 
Identifier should be ristretto255_XMD:SHA-512_R255MAP_RO_
 2020-08-23 18:28:58 +02:00
Frank Denis
ee962b33ae Move 2^511 -> 2^255-19 reduction to its own function 2020-08-23 18:28:17 +02:00
Frank Denis
3b8891540b Constify 2020-08-23 18:27:36 +02:00
Frank Denis
3d27ee0898 Nits 2020-08-21 07:07:17 +02:00
Frank Denis
ae330742cb Indent 2020-08-16 13:59:23 +02:00
Frank Denis
ee6f457225 argon2 - copy raw hash after possible encoding, not before 
(irrelevant in libsodium)
 2020-08-16 11:35:08 +02:00
Frank Denis
bc3b6a4694 Validate argon2 lanes before memory cost 2020-08-16 11:31:20 +02:00
Frank Denis
e919f86257 Comments 2020-08-15 13:51:04 +02:00
Frank Denis
b2d94a6da1 Cleaner ladder 2020-08-15 13:50:49 +02:00
Frank Denis
679f448d38 Indent 2020-08-14 08:37:39 +02:00
Frank Denis
c02379fe8e Shorten 2020-08-05 16:34:30 +02:00
Frank Denis
1f5f71b015 Simplify 128<->64 bit casts 2020-08-02 19:59:22 +02:00
Frank Denis
290197ba3e Add comments on wrong alignment 2020-07-01 23:32:43 +02:00
P.I.E. Security Team
4744636721
Language Improvements (#972) 
* Language Improvements

https://github.com/paragonie/sodium_compat/pull/121

* Update ed25519_ref10.c
 2020-06-18 19:40:04 +02:00
Frank Denis
6497abb4bc Faster Jacobi symbol computation 
From 261sq/11m down to 253sq/11m.

Also rename confusing was_square.
 2020-06-15 09:25:22 +02:00
Frank Denis
6499766fb6 Merge branch 'master' of github.com:jedisct1/libsodium 
* 'master' of github.com:jedisct1/libsodium:
  Don't even include signal.h on WASI
  Use unsigned long long for opslimit
 2020-06-04 16:00:29 +02:00
Frank Denis
4e9e110031 No need to save %rdi 2020-06-04 16:00:16 +02:00
Frank Denis
a8fa837aac Don't even include signal.h on WASI 
Since version 11, wasi-sysroot doesn't ignore it but spits out
an error instead.
 2020-06-04 10:54:53 +02:00
Frank Denis
0cb4db084f Use unsigned long long for opslimit 
Fixes #966
 2020-06-03 17:36:07 +02:00
Frank Denis
3c49e89c19 Add memory clobber 
Fixes #965
 2020-05-30 23:21:17 +02:00
Frank Denis
d854d39b51 Shorten 2020-05-26 14:03:49 +02:00
Frank Denis
f9ef57db0b Faster sc25519 inversion, with one less squaring 2020-05-26 13:15:19 +02:00
Frank Denis
b0369e7391 Update prototypes 2020-05-26 00:15:42 +02:00
Frank Denis
214076fc09 Replace the multiplication by the group order with an addition chain. 
Rename ge25519_{add,sub,madd,msub} for clarity.
 2020-05-25 23:54:43 +02:00
Frank Denis
1127c43278 Add extra box_seal() tests 2020-05-21 18:38:55 +02:00
Frank Denis
23bba4a2b2 crypto_box_seal(): copy the key after encryption to support in-place encryption 
Fixes #961
 2020-05-21 18:22:37 +02:00
Frank Denis
da3fc4dd91 Add explicit casts and make things a bit more consistent 2020-05-19 17:40:18 +02:00
Frank Denis
c3ca08913c Add AEGIS-128L for no good reasons 2020-05-19 15:36:22 +02:00
Frank Denis
8706f2e8d7 Indent 2020-05-19 15:00:51 +02:00
Frank Denis
4cc7d9027c Constify 2020-05-18 20:46:09 +02:00
Frank Denis
a85afdc5ba Remove unused code 2020-05-14 18:45:56 +02:00
Frank Denis
62c6dbcf36 Comment 2020-05-14 12:21:09 +02:00
Frank Denis
056a1aeef5 Avoid & and && mix without brackets 2020-05-13 23:08:19 +02:00
Frank Denis
c2efce113d Add crypto_core_{ed25519,ristretto255}_scalar_is_canonical() 2020-05-13 22:59:08 +02:00
Frank Denis
d39dd88301 Remove unreferenced variables, fix Windows build 2020-05-13 22:38:59 +02:00
Frank Denis
cc2bcbc217 aes256gcm: handle 8 blocks at a time instead of 4 
Keep using 4 blocks at time for AD, as AD is usually short.

Decrypt-and-verify instead of verify-then-decrypt.
 2020-05-13 17:36:01 +02:00
Frank Denis
c4b08fb208 Merge branch 'master' of github.com:jedisct1/libsodium 
* 'master' of github.com:jedisct1/libsodium: (55 commits)
  H2C: change sign computation for Ell2 to match BHKL13
  Deprecate non-easy secretbox
  Remove memory shielding
  Deprecate low-level non-easy crypto boxes as well
  Deprecate the non-easy crypto_box API
  Nits
  Remove unneeded casts
  Indent
  Use inline asm if supported
  Nits
  Inline
  space
  Simplify scalarmult{2,5} tests
  Add a scalarmult test to show that the high bit is ignored
  Fix wasi-sdk path
  One more test vector cannot hurt
  ristretto255_is_canonical(): sync with wasm-crypto
  Rename a few things
  Merge mont->ed conversion
  Revert "Add the BlaBla2000 stream cipher - will eventually become the default"
  ...
 2020-05-13 14:10:14 +02:00
Frank Denis
06e219e165 Format 2020-05-13 14:10:04 +02:00
Frank Denis
f23c932d74 H2C: change sign computation for Ell2 to match BHKL13 
https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/pull/250
 2020-05-12 16:33:13 +02:00
Frank Denis
3f1586623c Deprecate non-easy secretbox 2020-05-10 22:29:25 +02:00
Frank Denis
67a9e79655 Remove memory shielding 
That was a great idea to protect against information leak through
speculative loads.

Realistically, nobody is going to use this.
 2020-05-10 21:05:24 +02:00
Frank Denis
bf2238bbc4 Deprecate low-level non-easy crypto boxes as well 2020-05-10 20:32:42 +02:00
Frank Denis
5bb0cdc616 Merge branch 'master' of github.com:jedisct1/libsodium 
* 'master' of github.com:jedisct1/libsodium:
  Nits
  Remove unneeded casts
  Indent
 2020-05-10 20:28:39 +02:00
Frank Denis
507409d59e Deprecate the non-easy crypto_box API 
It is really too complicated to use.
 2020-05-10 20:27:50 +02:00
Frank Denis
ce19bc7a69 Remove unneeded casts 
Fixes #954
 2020-05-05 01:25:42 +02:00
Frank Denis
c68b071e52 Indent 2020-05-05 01:09:22 +02:00
Frank Denis
4967aa8f23 Use inline asm if supported 2020-05-04 18:23:09 +02:00
Frank Denis
88c568a035 Nits 2020-05-02 17:54:02 +02:00
Frank Denis
809a9f9d7e Inline 2020-05-02 17:42:25 +02:00
Frank Denis
300f12c6a3 space 2020-05-02 17:13:41 +02:00
Frank Denis
8b6f5ef505 ristretto255_is_canonical(): sync with wasm-crypto 
Reject string with the top bit set.
 2020-04-25 12:15:30 +02:00
Frank Denis
e768eae76d Rename a few things 2020-04-23 11:10:19 +02:00
Frank Denis
599cb10246 Merge mont->ed conversion 2020-04-21 16:13:05 +02:00
Frank Denis
29f098d237 Revert "Add the BlaBla2000 stream cipher - will eventually become the default" 
This reverts commit a31fe2a966.
 2020-04-21 13:35:29 +02:00
Frank Denis
72ec06c189 Comment 2020-04-21 13:35:29 +02:00
Frank Denis
f582db039f Handle identity; fix comment 2020-04-21 13:35:26 +02:00
Frank Denis
6f1c987d2e Add an assertion 2020-04-18 23:37:12 +02:00
Frank Denis
d01c49df02 H2C: convert DST encoding to suffix free 
https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/pull/241
 2020-04-10 09:48:26 +02:00
Frank Denis
a31fe2a966 Add the BlaBla2000 stream cipher - will eventually become the default 
2000 rounds variant of the BlaBla20 cipher
for Very Post Quantum (VPQ) security.
 2020-03-31 21:42:54 +02:00
Frank Denis
7d0aea6d5e Remove unused code 2020-03-31 17:37:06 +02:00
Frank Denis
d9844396e3 Fix and add HKDF tests 2020-03-31 17:14:04 +02:00
Frank Denis
5f39c3ce09 Don't force include the suite ID in tags 2020-03-31 14:33:40 +02:00
Frank Denis
89eb497efa Handle oversized contexts 2020-03-31 14:16:16 +02:00
Frank Denis
728b26c2c1 Remove edwards25519sha512batch 
Tagged as deprecated for years, never imported by `<sodium.h>`, and
intentionally never documented.

`edwards25519sha512batch` was just around for ABI compatibility
with NaCl, but no projects seem to be using it.
 2020-03-31 12:11:32 +02:00
Frank Denis
ac48996492 Remove crypto_core_ed25519_from_hash() 
Undocumented, was deprecated for a while in stable versions,
obsoleted by `_from_string()` and `from_string_ro()`.
 2020-03-31 12:04:47 +02:00
Frank Denis
2d5b9547d1 yield in spinlock on aarch64 2020-03-30 22:00:35 +02:00
Frank Denis
bf3bc8c386 Add nonnull attributes for new functions 2020-03-30 17:44:17 +02:00
Frank Denis
5fdd12fa97 Add crypto_core_ed25519_from_string() and crypto_core_ed25519_from_string_ro() 2020-03-30 17:19:36 +02:00
Frank Denis
1cedeee7fe Code cleanup 2020-03-30 16:41:21 +02:00
Frank Denis
1e7562f59b Remove useless self inclusion 2020-03-28 21:36:01 +01:00
Frank Denis
eab70f79c0 Add HKDF/SHA-512 and HKDF/SHA-256 2020-03-28 21:35:54 +01:00
Frank Denis
451bafc0d3 Include private/common.h wherever HAVE_*TRIN_H is required, for MSVC 2020-03-18 17:19:58 +01:00
Frank Denis
3881198254 Bring back explicit 64 bit xor on 64 bit archs for gcc 
gcc doesn't seem to be very efficient here, especially with -O2

up
 2020-03-14 17:06:16 +01:00
Frank Denis
2105fbfd46 Remove XOP stub 
XOP is dead
 2020-03-14 15:56:08 +01:00
Frank Denis
cce4a86f99 Reformat comments 2020-03-14 00:22:41 +01:00
Frank Denis
8e21cab950 Simplify integerify() 
Make offsets 64 bit in the SSE scrypt impl
 2020-03-14 00:20:23 +01:00
Frank Denis
6c4437d987 Get rid of escrypt_block_t 
Fixes #937
 2020-03-13 23:21:27 +01:00
Frank Denis
f3b0e32d64 Format multi-line comments consistently 2020-03-11 19:14:54 +01:00
Loup Vaillant
e7e378fad1
Secretbox: explained non-portable behavior (#936) 
Addresses #934

Some tools believe that comparing pointers, *even after converting them
to integers*, is undefined. A comment acknowledging this (as well as the
necessity of the comparison to begin with), can facilitate audits.

Co-authored-by: Frank Denis <124872+jedisct1@users.noreply.github.com>
 2020-03-11 19:07:54 +01:00
Loup Vaillant
4bbc34c09c
Avoid memmove() call when buffers are already the same. (#935) 
This completes the work started in commit
fbe3eb265f
 2020-03-11 19:05:57 +01:00
Frank Denis
a0a8706c9d Revert "Use CMOV on x86_64" 
This reverts commit afae623190.
 2020-02-26 15:02:21 +01:00
Frank Denis
afae623190 Use CMOV on x86_64 
CMOV has been constant time on all generations of x86_64 CPUs, even when
reading from memory.
 2020-02-25 09:22:47 +01:00
Frank Denis
a6d317b2f3 Don't even define a .mult_base placeholder for sandy2x 
Avoid two indirections for fixed base multiplication until another
implementation possibly exists.
 2020-02-06 00:47:18 +01:00
Frank Denis
6a7fbccfd8 Remove sandy2x fixed base scalar multiplication 
Thanks to precomputation, the generic implementation is faster.
 2020-02-06 00:34:08 +01:00
Frank Denis
41c7e47efd Set a default page size to 64K (wasm/linux large pages) 2020-01-05 21:01:28 -05:00
Frank Denis
a72abb0ae1 Add missing randombytes.h inclusion in aead_aegis256.c 2019-12-04 21:07:33 +01:00
Frank Denis
066150a94d Swapped aegis256_is_available implementations 2019-10-31 09:23:33 +01:00