├── .github ├── FUNDING.yml └── workflows │ └── ci.yml ├── .gitignore ├── BUILDING.md ├── LICENCE ├── README.md ├── USAGE.md ├── client.cpp ├── doxygen.config ├── include ├── .DS_Store ├── yojimbo.h ├── yojimbo_adapter.h ├── yojimbo_address.h ├── yojimbo_allocator.h ├── yojimbo_base_client.h ├── yojimbo_base_server.h ├── yojimbo_bit_array.h ├── yojimbo_channel.h ├── yojimbo_client.h ├── yojimbo_client_interface.h ├── yojimbo_config.h ├── yojimbo_connection.h ├── yojimbo_constants.h ├── yojimbo_message.h ├── yojimbo_network_info.h ├── yojimbo_network_simulator.h ├── yojimbo_platform.h ├── yojimbo_queue.h ├── yojimbo_reliable_ordered_channel.h ├── yojimbo_sequence_buffer.h ├── yojimbo_serialize.h ├── yojimbo_server.h ├── yojimbo_server_interface.h ├── yojimbo_unreliable_unordered_channel.h └── yojimbo_utils.h ├── loopback.cpp ├── matcher ├── Dockerfile ├── README.md ├── go.mod ├── go.sum └── main.go ├── netcode ├── netcode.c └── netcode.h ├── premake5.lua ├── reliable ├── reliable.c └── reliable.h ├── serialize └── serialize.h ├── server.cpp ├── shared.h ├── soak.cpp ├── sodium ├── dummy.c ├── sodium.h ├── sodium_aead_chacha20poly1305.c ├── sodium_aead_xchacha20poly1305.c ├── sodium_blake2.h ├── sodium_blake2b-compress-avx2.c ├── sodium_blake2b-compress-avx2.h ├── sodium_blake2b-compress-ref.c ├── sodium_blake2b-compress-sse41.c ├── sodium_blake2b-compress-sse41.h ├── sodium_blake2b-compress-ssse3.c ├── sodium_blake2b-compress-ssse3.h ├── sodium_blake2b-load-avx2.h ├── sodium_blake2b-load-sse2.h ├── sodium_blake2b-load-sse41.h ├── sodium_blake2b-ref.c ├── sodium_box_curve25519xchacha20poly1305.c ├── sodium_box_curve25519xsalsa20poly1305.c ├── sodium_box_seal_curve25519xchacha20poly1305.c ├── sodium_chacha20-ref.c ├── sodium_chacha20-ref.h ├── sodium_codecs.c ├── sodium_core.c ├── sodium_core.h ├── sodium_core_ed25519.c ├── sodium_core_hchacha20.c ├── sodium_core_hsalsa20.c ├── sodium_core_hsalsa20_ref2.c ├── sodium_core_salsa_ref.c ├── sodium_crypto_aead_chacha20poly1305.h ├── sodium_crypto_aead_xchacha20poly1305.h ├── sodium_crypto_auth.h ├── sodium_crypto_auth_hmacsha512.h ├── sodium_crypto_auth_hmacsha512256.h ├── sodium_crypto_box.c ├── sodium_crypto_box.h ├── sodium_crypto_box_curve25519xchacha20poly1305.h ├── sodium_crypto_box_curve25519xsalsa20poly1305.h ├── sodium_crypto_box_easy.c ├── sodium_crypto_core_ed25519.h ├── sodium_crypto_core_hchacha20.h ├── sodium_crypto_core_hsalsa20.h ├── sodium_crypto_core_salsa20.h ├── sodium_crypto_core_salsa2012.h ├── sodium_crypto_core_salsa208.h ├── sodium_crypto_generichash.c ├── sodium_crypto_generichash.h ├── sodium_crypto_generichash_blake2b.h ├── sodium_crypto_hash.h ├── sodium_crypto_hash_sha512.h ├── sodium_crypto_kx.c ├── sodium_crypto_kx.h ├── sodium_crypto_onetimeauth.h ├── sodium_crypto_onetimeauth_poly1305.h ├── sodium_crypto_scalarmult.c ├── sodium_crypto_scalarmult.h ├── sodium_crypto_scalarmult_curve25519.h ├── sodium_crypto_scalarmult_ed25519.h ├── sodium_crypto_secretbox.c ├── sodium_crypto_secretbox.h ├── sodium_crypto_secretbox_easy.c ├── sodium_crypto_secretbox_xchacha20poly1305.h ├── sodium_crypto_secretbox_xsalsa20poly1305.h ├── sodium_crypto_secretstream_xchacha20poly1305.h ├── sodium_crypto_shorthash.h ├── sodium_crypto_shorthash_siphash24.h ├── sodium_crypto_sign.c ├── sodium_crypto_sign.h ├── sodium_crypto_sign_ed25519.h ├── sodium_crypto_sign_edwards25519sha512batch.h ├── sodium_crypto_stream.h ├── sodium_crypto_stream_chacha20.h ├── sodium_crypto_stream_salsa20.h ├── sodium_crypto_stream_salsa2012.h ├── sodium_crypto_stream_salsa208.h ├── sodium_crypto_stream_xchacha20.h ├── sodium_crypto_stream_xsalsa20.h ├── sodium_crypto_verify_16.h ├── sodium_crypto_verify_32.h ├── sodium_crypto_verify_64.h ├── sodium_dolbeau_chacha20-avx2.c ├── sodium_dolbeau_chacha20-avx2.h ├── sodium_dolbeau_chacha20-ssse3.c ├── sodium_dolbeau_chacha20-ssse3.h ├── sodium_dolbeau_u0.h ├── sodium_dolbeau_u1.h ├── sodium_dolbeau_u4.h ├── sodium_dolbeau_u8.h ├── sodium_export.h ├── sodium_fe_25_5_base.h ├── sodium_fe_25_5_base2.h ├── sodium_fe_25_5_constants.h ├── sodium_fe_25_5_fe.h ├── sodium_fe_51_base.h ├── sodium_fe_51_base2.h ├── sodium_fe_51_constants.h ├── sodium_fe_51_fe.h ├── sodium_generichash_blake2.c ├── sodium_generichash_blake2b.c ├── sodium_hash_sha512.c ├── sodium_hash_sha512_cp.c ├── sodium_onetimeauth_poly1305.c ├── sodium_onetimeauth_poly1305.h ├── sodium_poly1305-sse2.c ├── sodium_poly1305-sse2.h ├── sodium_poly1305_donna.c ├── sodium_poly1305_donna.h ├── sodium_poly1305_donna32.h ├── sodium_poly1305_donna64.h ├── sodium_private_chacha20_ietf_ext.h ├── sodium_private_common.h ├── sodium_private_ed25519_ref10.h ├── sodium_private_ed25519_ref10_fe_25_5.h ├── sodium_private_ed25519_ref10_fe_51.h ├── sodium_private_implementations.h ├── sodium_private_mutex.h ├── sodium_private_sse2_64_32.h ├── sodium_randombytes.c ├── sodium_randombytes.h ├── sodium_randombytes_nativeclient.h ├── sodium_randombytes_salsa20_random.c ├── sodium_randombytes_salsa20_random.h ├── sodium_randombytes_sysrandom.c ├── sodium_randombytes_sysrandom.h ├── sodium_ref10_ed25519.c ├── sodium_ref10_keypair.c ├── sodium_ref10_open.c ├── sodium_ref10_scalarmult_ed25519_ref10.c ├── sodium_ref10_sign.c ├── sodium_ref10_sign_ed25519.h ├── sodium_ref10_x25519.c ├── sodium_ref10_x25519.h ├── sodium_runtime.c ├── sodium_runtime.h ├── sodium_salsa20-ref.c ├── sodium_salsa20-ref.h ├── sodium_salsa20-xmm6.c ├── sodium_salsa20-xmm6.h ├── sodium_salsa20-xmm6_asm.S ├── sodium_sandy2x.S ├── sodium_sandy2x_consts.S ├── sodium_sandy2x_consts_namespace.h ├── sodium_sandy2x_curve25519.c ├── sodium_sandy2x_curve25519.h ├── sodium_sandy2x_fe.h ├── sodium_sandy2x_fe51.h ├── sodium_sandy2x_fe51_invert.c ├── sodium_sandy2x_fe51_mul.S ├── sodium_sandy2x_fe51_namespace.h ├── sodium_sandy2x_fe51_nsquare.S ├── sodium_sandy2x_fe51_pack.S ├── sodium_sandy2x_fe_frombytes.c ├── sodium_sandy2x_ladder.S ├── sodium_sandy2x_ladder.h ├── sodium_sandy2x_ladder_base.S ├── sodium_sandy2x_ladder_base.h ├── sodium_sandy2x_ladder_base_namespace.h ├── sodium_sandy2x_ladder_namespace.h ├── sodium_scalarmult_curve25519.c ├── sodium_scalarmult_curve25519.h ├── sodium_secretbox_xchacha20poly1305.c ├── sodium_secretbox_xsalsa20poly1305.c ├── sodium_sign_ed25519.c ├── sodium_stream_chacha20.c ├── sodium_stream_chacha20.h ├── sodium_stream_salsa20.c ├── sodium_stream_salsa20.h ├── sodium_stream_xchacha20.c ├── sodium_stream_xsalsa20.c ├── sodium_utils.c ├── sodium_utils.h ├── sodium_verify.c ├── sodium_version.c ├── sodium_version.h ├── sodium_xmm6int_salsa20-avx2.c ├── sodium_xmm6int_salsa20-avx2.h ├── sodium_xmm6int_salsa20-sse2.c ├── sodium_xmm6int_salsa20-sse2.h ├── sodium_xmm6int_u0.h ├── sodium_xmm6int_u1.h ├── sodium_xmm6int_u4.h └── sodium_xmm6int_u8.h ├── source ├── yojimbo.cpp ├── yojimbo_address.cpp ├── yojimbo_allocator.cpp ├── yojimbo_base_client.cpp ├── yojimbo_base_server.cpp ├── yojimbo_channel.cpp ├── yojimbo_client.cpp ├── yojimbo_connection.cpp ├── yojimbo_network_simulator.cpp ├── yojimbo_platform.cpp ├── yojimbo_reliable_ordered_channel.cpp ├── yojimbo_server.cpp ├── yojimbo_unreliable_unordered_channel.cpp └── yojimbo_utils.cpp ├── test.cpp └── tlsf ├── tlsf.c └── tlsf.h /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: mas-bandwidth 4 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: CI 2 | 3 | on: [push, pull_request] 4 | 5 | jobs: 6 | build_and_test: 7 | name: Build & test 8 | 9 | strategy: 10 | matrix: 11 | os: [macos-latest, windows-latest, ubuntu-latest] 12 | configuration: [release, debug] 13 | 14 | runs-on: ${{ matrix.os }} 15 | 16 | steps: 17 | - uses: actions/checkout@master 18 | with: 19 | submodules: recursive 20 | - name: Setup premake 21 | uses: abel0b/setup-premake@v1 22 | 23 | # Install libsodium from apt 24 | - name: Setup (Linux) 25 | if: runner.os == 'Linux' 26 | run: | 27 | sudo apt-get install libsodium-dev 28 | 29 | # Install libsodium from brew 30 | - name: Setup (MacOS) 31 | if: runner.os == 'MacOS' 32 | run: brew install libsodium 33 | 34 | # Build with premake + make 35 | - name: Build (gmake) 36 | if: runner.os != 'Windows' 37 | run: | 38 | premake5 gmake 39 | make clean 40 | make all config=${{ matrix.configuration }} 41 | 42 | # Run the tests with sh syntax 43 | - name: Test (gmake) 44 | if: runner.os != 'Windows' 45 | run: ./bin/test 46 | 47 | ## Windows-specific build steps 48 | # Set up PATH variables to point to MSBuild from at least VS 16.1 (2019) 49 | - name: Setup (vs2019) 50 | if: runner.os == 'Windows' 51 | uses: microsoft/setup-msbuild@v1.1 52 | with: 53 | vs-version: '16.1.0' 54 | 55 | # Build with premake + msbuild 56 | - name: Build (vs2019) 57 | if: runner.os == 'Windows' 58 | run: | 59 | premake5 vs2019 60 | msbuild yojimbo.sln -nologo -m -t:Clean -p:Configuration=${{ matrix.configuration }} 61 | msbuild yojimbo.sln -nologo -m -p:Configuration=${{ matrix.configuration }} 62 | 63 | # Run the tests with Powershell syntax 64 | - name: Test (vs2019) 65 | if: runner.os == 'Windows' 66 | run: "& ./bin/${{ matrix.configuration }}/test.exe" 67 | 68 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Visual Studio 2 | *.db 3 | *.opendb 4 | *.vcproj 5 | *.vcxproj 6 | *.vcxproj.user 7 | *.vcxproj.filter 8 | *.vcxproj.filters 9 | *.sln 10 | 11 | # Makefiles 12 | Makefile 13 | *.make 14 | 15 | # Misc 16 | *.txt 17 | !CMakeLists.txt 18 | *.7z 19 | *.zip 20 | *.tar.gz 21 | 22 | # Sublime text 23 | *.sublime-project 24 | *.sublime-workspace 25 | 26 | # Directories we don't ever want to commit 27 | bin 28 | obj 29 | ipch 30 | Debug 31 | release 32 | Release 33 | Secure 34 | .vs 35 | cov-int 36 | docker/yojimbo 37 | valgrind/yojimbo 38 | docs 39 | -------------------------------------------------------------------------------- /BUILDING.md: -------------------------------------------------------------------------------- 1 | Building yojimbo 2 | ================ 3 | 4 | ## Building on Windows 5 | 6 | Download [premake 5](https://premake.github.io/download.html) and copy the **premake5** executable somewhere in your path. 7 | 8 | You need Visual Studio to build the source code. If you don't have Visual Studio 2019 you can [download the community edition for free](https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community&rel=16). 9 | 10 | Once you have Visual Studio installed, go to the command line under the yojimbo directory and type: 11 | 12 | premake5 vs2019 13 | 14 | Open the generated yojimbo.sln file. 15 | 16 | You can now build the library and run individual test programs as you would for any other Visual Studio solution. 17 | 18 | ## Building on MacOS and Linux 19 | 20 | First, download and install [premake 5](https://premake.github.io/download.html). 21 | 22 | Next, install libsodium. 23 | 24 | Linux: 25 | 26 | sudo apt install libsodium-dev 27 | 28 | Mac: 29 | 30 | brew install libsodium 31 | 32 | Now go to the command line under the yojimbo directory and enter: 33 | 34 | premake5 gmake 35 | 36 | This creates makefiles which you can use to build the source via: 37 | 38 | make -j 39 | 40 | Then run the built executables: 41 | 42 | ./bin/test // run unit tests 43 | ./bin/server // run a server on localhost on UDP port 40000 44 | ./bin/client // run a client that connects to the local server 45 | 46 | cheers 47 | 48 | - Glenn 49 | -------------------------------------------------------------------------------- /LICENCE: -------------------------------------------------------------------------------- 1 | Copyright © 2016 - 2024, Mas Bandwidth LLC. 2 | 3 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 4 | 5 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 6 | 7 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer 8 | in the documentation and/or other materials provided with the distribution. 9 | 10 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived 11 | from this software without specific prior written permission. 12 | 13 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 14 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 15 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 16 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 17 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 18 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 19 | USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 20 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Build status](https://github.com/networkprotocol/yojimbo/workflows/CI/badge.svg)](https://github.com/networkprotocol/yojimbo/actions?query=workflow%3ACI) 2 | 3 | # yojimbo 4 | 5 | **yojimbo** is a network library for client/server games written in C++. 6 | 7 | It's designed around the networking requirements of competitive multiplayer games like first person shooters. 8 | 9 | Generally speaking, if you have a custom game engine written in C++ and you want to network your game, yojimbo is a really good choice. 10 | 11 | ![image](https://github.com/mas-bandwidth/yojimbo/assets/696656/098935f2-ba2b-4540-8d7f-474acc7f2cd8) 12 | 13 | It has the following features: 14 | 15 | * Cryptographically secure authentication via [connect tokens](https://github.com/networkprotocol/netcode/blob/master/STANDARD.md) 16 | * Client/server connection management and timeouts 17 | * Encrypted and signed packets sent over UDP 18 | * Packet fragmentation and reassembly 19 | * Bitpacker and serialization system 20 | * Unreliable-unordered messages for time sensitive data 21 | * Reliable-ordered messages with aggressive resend until ack 22 | * Data blocks larger than maximum packet size can be attached to reliable-ordered messages 23 | * Estimates of latency, jitter, packet loss, bandwidth sent, received and acked per-connection 24 | 25 | yojimbo is stable and production ready. 26 | 27 | ## Source Code 28 | 29 | You can get the latest source code by cloning it from github: 30 | 31 | git clone https://github.com/mas-bandwidth/yojimbo.git 32 | 33 | Alternatively, you can download the latest [release](https://github.com/mas-bandwidth/yojimbo/releases). 34 | 35 | ## Author 36 | 37 | The author of this library is [Glenn Fiedler](https://www.linkedin.com/in/glenn-fiedler-11b735302/). 38 | 39 | Yojimbo is built on top of other open source libraries by the same author: [netcode](https://github.com/mas-bandwidth/netcode), [reliable](https://github.com/mas-bandwidth/reliable), and [serialize](https://github.com/mas-bandwidth/serialize) 40 | 41 | If you find this software useful, please consider [sponsoring it](https://github.com/sponsors/mas-bandwidth). Thanks! 42 | 43 | ## License 44 | 45 | [BSD 3-Clause license](https://opensource.org/licenses/BSD-3-Clause). 46 | -------------------------------------------------------------------------------- /include/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mas-bandwidth/yojimbo/d8722261c7a93867c6c95c221966c714d4048b6f/include/.DS_Store -------------------------------------------------------------------------------- /include/yojimbo.h: -------------------------------------------------------------------------------- 1 | /* 2 | Yojimbo Client/Server Network Library. 3 | 4 | Copyright © 2016 - 2024, Mas Bandwidth LLC. 5 | 6 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the distribution. 12 | 13 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived 14 | from this software without specific prior written permission. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 17 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 21 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 22 | USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | #ifndef YOJIMBO_H 26 | #define YOJIMBO_H 27 | 28 | #include "serialize.h" 29 | #include "yojimbo_config.h" 30 | #include "yojimbo_constants.h" 31 | #include "yojimbo_bit_array.h" 32 | #include "yojimbo_utils.h" 33 | #include "yojimbo_queue.h" 34 | #include "yojimbo_sequence_buffer.h" 35 | #include "yojimbo_address.h" 36 | #include "yojimbo_serialize.h" 37 | #include "yojimbo_message.h" 38 | #include "yojimbo_channel.h" 39 | #include "yojimbo_reliable_ordered_channel.h" 40 | #include "yojimbo_unreliable_unordered_channel.h" 41 | #include "yojimbo_connection.h" 42 | #include "yojimbo_network_simulator.h" 43 | #include "yojimbo_adapter.h" 44 | #include "yojimbo_network_info.h" 45 | #include "yojimbo_server_interface.h" 46 | #include "yojimbo_base_server.h" 47 | #include "yojimbo_server.h" 48 | #include "yojimbo_client_interface.h" 49 | #include "yojimbo_base_client.h" 50 | #include "yojimbo_client.h" 51 | 52 | /** @file */ 53 | 54 | /// The library namespace. 55 | 56 | namespace yojimbo 57 | { 58 | using namespace serialize; 59 | } 60 | 61 | /** 62 | Initialize the yojimbo library. 63 | Call this before calling any yojimbo library functions. 64 | @returns True if the library was successfully initialized, false otherwise. 65 | */ 66 | 67 | bool InitializeYojimbo(); 68 | 69 | /** 70 | Enable packet tagging. 71 | Enable before you create any client or servers, and DSCP packet tagging will be applied to all packets sent. 72 | Packet tagging can significantly reduce jitter on modern Wi-Fi 6+ routers, by marking your game traffic to be sent in the real-time queue. 73 | */ 74 | 75 | void EnablePacketTagging(); 76 | 77 | /** 78 | Shutdown the yojimbo library. 79 | Call this after you finish using the library and it will run some checks for you (for example, checking for memory leaks in debug build). 80 | */ 81 | 82 | void ShutdownYojimbo(); 83 | 84 | #endif // #ifndef YOJIMBO_H 85 | -------------------------------------------------------------------------------- /include/yojimbo_constants.h: -------------------------------------------------------------------------------- 1 | /* 2 | Yojimbo Client/Server Network Library. 3 | 4 | Copyright © 2016 - 2024, Mas Bandwidth LLC. 5 | 6 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the distribution. 12 | 13 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived 14 | from this software without specific prior written permission. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 17 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 21 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 22 | USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | #ifndef YOJIMBO_CONSTANTS_H 26 | #define YOJIMBO_CONSTANTS_H 27 | 28 | #include "serialize.h" 29 | 30 | namespace yojimbo 31 | { 32 | const int MaxClients = 64; ///< The maximum number of clients supported by this library. You can increase this if you want, but this library is designed around patterns that work best for [2,64] player games. If your game has less than 64 clients, reducing this will save memory. 33 | 34 | const int MaxChannels = 64; ///< The maximum number of message channels supported by this library. If you need less than 64 channels per-packet, reducing this will save memory. Minimum is 2. 35 | 36 | const int KeyBytes = 32; ///< Size of encryption key for dedicated client/server in bytes. Must be equal to key size for libsodium encryption primitive. Do not change. 37 | 38 | const int ConnectTokenBytes = 2048; ///< Size of the encrypted connect token data return from the matchmaker. Must equal size of NETCODE_CONNECT_TOKEN_BYTE (2048). 39 | 40 | const int ConservativeMessageHeaderBits = 32; ///< Conservative number of bits per-message header. 41 | 42 | const int ConservativeFragmentHeaderBits = 64; ///< Conservative number of bits per-fragment header. 43 | 44 | const int ConservativeChannelHeaderBits = 32; ///< Conservative number of bits per-channel header. 45 | 46 | const int ConservativePacketHeaderBits = 16; ///< Conservative number of bits per-packet header. 47 | 48 | const int MaxAddressLength = 256; ///< The maximum length of an address when converted to a string (includes terminating NULL). @see Address::ToString 49 | } 50 | 51 | #endif // #ifndef YOJIMBO_CONSTANTS_H 52 | -------------------------------------------------------------------------------- /include/yojimbo_network_info.h: -------------------------------------------------------------------------------- 1 | /* 2 | Yojimbo Client/Server Network Library. 3 | 4 | Copyright © 2016 - 2024, Mas Bandwidth LLC. 5 | 6 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the distribution. 12 | 13 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived 14 | from this software without specific prior written permission. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 17 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 21 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 22 | USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | #ifndef YOJIMBO_NETWORK_INFO_H 26 | #define YOJIMBO_NETWORK_INFO_H 27 | 28 | #include "yojimbo_config.h" 29 | 30 | namespace yojimbo 31 | { 32 | /** 33 | Network information for a connection. 34 | Contains statistics like round trip time (RTT), packet loss %, bandwidth estimates, number of packets sent, received and acked. 35 | */ 36 | 37 | struct NetworkInfo 38 | { 39 | float RTT; ///< Round trip time estimate (milliseconds). Exponentially smoothed average tracking most recent RTT value. 40 | float minRTT; ///< Minimum RTT seen over the last n samples (see rtt_history_size in reliable config). This is a more stable and accurate RTT value under typical Wi-Fi jitter. 41 | float maxRTT; ///< Maximum RTT seen over the last n samples. 42 | float averageRTT; ///< Average RTT seen over the last n samples. 43 | float averageJitter; ///< Average jitter relative to min RTT over the last n samples. 44 | float maxJitter; ///< Max jitter relative to min RTT seen over the last n samples. 45 | float stddevJitter; ///< One standard deviation of jitter relative to average RTT over the last n samples. 46 | float packetLoss; ///< Packet loss percent. 47 | float sentBandwidth; ///< Sent bandwidth (kbps). 48 | float receivedBandwidth; ///< Received bandwidth (kbps). 49 | float ackedBandwidth; ///< Acked bandwidth (kbps). 50 | uint64_t numPacketsSent; ///< Number of packets sent. 51 | uint64_t numPacketsReceived; ///< Number of packets received. 52 | uint64_t numPacketsAcked; ///< Number of packets acked. 53 | }; 54 | } 55 | 56 | #endif // #ifndef YOJIMBO_NETWORK_INFO_H 57 | -------------------------------------------------------------------------------- /matcher/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.20.13 AS matcher_build 2 | 3 | # Matcher 4 | WORKDIR /matcher 5 | 6 | # Copy go.mod and go.sum files to the workspace separately and download dependecies. 7 | # Doing this separately will cache these as its own separate layer 8 | COPY ./go.mod . 9 | COPY ./go.sum . 10 | RUN go mod download 11 | 12 | # Copy the source code as the last step 13 | COPY . . 14 | 15 | # Build the binary 16 | RUN CGO_ENABLED=0 go build -o matcher.bin main.go 17 | 18 | # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 19 | 20 | # Then we copy and run it from a slim image 21 | FROM alpine:3.5 22 | WORKDIR /matcher 23 | 24 | COPY --from=matcher_build /matcher/matcher.bin . 25 | 26 | EXPOSE 8081 27 | 28 | ENTRYPOINT ["/matcher/matcher.bin"] 29 | -------------------------------------------------------------------------------- /matcher/README.md: -------------------------------------------------------------------------------- 1 | # Yojimbo Matcher Sample 2 | 3 | This is a sample matcher server written in go that will provide a connection token via the following endpoint: 4 | 5 | ``` 6 | GET /match/{protocolID}/{clientID} 7 | ``` 8 | 9 | # Building the Docker image: 10 | 11 | To build the image run the following command from the `matcher` directory: 12 | 13 | ```sh 14 | docker build --tag=matcher . 15 | ``` 16 | 17 | # Running the Docker container: 18 | 19 | Run the container image mapping the port to your host machine: 20 | 21 | ```sh 22 | docker run -d -p 8081:8081 --name matcher matcher 23 | ``` 24 | 25 | # Using the matcher: 26 | 27 | To hit the container with a test request: 28 | 29 | ```sh 30 | PROTOCOL_ID=123 && CLIENT_ID=42 && curl http://localhost:8081/match/${PROTOCOL_ID}/${CLIENT_ID} 31 | ``` 32 | -------------------------------------------------------------------------------- /matcher/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/mas-bandwidth/matcher 2 | 3 | go 1.20 4 | 5 | require ( 6 | github.com/go-chi/chi/v5 v5.0.8 7 | github.com/pkg/errors v0.9.1 8 | golang.org/x/crypto v0.31.0 9 | ) 10 | 11 | require golang.org/x/sys v0.28.0 // indirect 12 | -------------------------------------------------------------------------------- /matcher/go.sum: -------------------------------------------------------------------------------- 1 | github.com/go-chi/chi/v5 v5.0.8 h1:lD+NLqFcAi1ovnVZpsnObHGW4xb4J8lNmoYVfECH1Y0= 2 | github.com/go-chi/chi/v5 v5.0.8/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= 3 | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= 4 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 5 | golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= 6 | golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= 7 | golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= 8 | golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 9 | -------------------------------------------------------------------------------- /server.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | Yojimbo Server Example (insecure) 3 | 4 | Copyright © 2016 - 2024, Mas Bandwidth LLC. 5 | 6 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the distribution. 12 | 13 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived 14 | from this software without specific prior written permission. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 17 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 21 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 22 | USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | #include "yojimbo.h" 26 | #include 27 | #include 28 | 29 | #include "shared.h" 30 | 31 | using namespace yojimbo; 32 | 33 | static volatile int quit = 0; 34 | 35 | void interrupt_handler( int /*dummy*/ ) 36 | { 37 | quit = 1; 38 | } 39 | 40 | int ServerMain() 41 | { 42 | printf( "started server on port %d (insecure)\n", ServerPort ); 43 | 44 | double time = 100.0; 45 | 46 | ClientServerConfig config; 47 | 48 | uint8_t privateKey[KeyBytes]; 49 | memset( privateKey, 0, KeyBytes ); 50 | 51 | Server server( GetDefaultAllocator(), privateKey, Address( "127.0.0.1", ServerPort ), config, adapter, time ); 52 | 53 | server.Start( MaxClients ); 54 | 55 | char addressString[256]; 56 | server.GetAddress().ToString( addressString, sizeof( addressString ) ); 57 | printf( "server address is %s\n", addressString ); 58 | 59 | const double deltaTime = 0.01f; 60 | 61 | signal( SIGINT, interrupt_handler ); 62 | 63 | while ( !quit ) 64 | { 65 | server.SendPackets(); 66 | 67 | server.ReceivePackets(); 68 | 69 | time += deltaTime; 70 | 71 | server.AdvanceTime( time ); 72 | 73 | if ( !server.IsRunning() ) 74 | break; 75 | 76 | yojimbo_sleep( deltaTime ); 77 | } 78 | 79 | server.Stop(); 80 | 81 | return 0; 82 | } 83 | 84 | int main() 85 | { 86 | printf( "\n" ); 87 | 88 | if ( !InitializeYojimbo() ) 89 | { 90 | printf( "error: failed to initialize Yojimbo!\n" ); 91 | return 1; 92 | } 93 | 94 | yojimbo_log_level( YOJIMBO_LOG_LEVEL_INFO ); 95 | 96 | srand( (unsigned int) time( NULL ) ); 97 | 98 | int result = ServerMain(); 99 | 100 | ShutdownYojimbo(); 101 | 102 | printf( "\n" ); 103 | 104 | return result; 105 | } 106 | -------------------------------------------------------------------------------- /sodium/dummy.c: -------------------------------------------------------------------------------- 1 | int sodium_dummy = 0; -------------------------------------------------------------------------------- /sodium/sodium.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef sodium_H 3 | #define sodium_H 4 | 5 | #include "sodium_version.h" 6 | #include "sodium_core.h" 7 | #include "sodium_crypto_aead_chacha20poly1305.h" 8 | #include "sodium_crypto_aead_xchacha20poly1305.h" 9 | #include "sodium_crypto_auth.h" 10 | #include "sodium_crypto_auth_hmacsha512.h" 11 | #include "sodium_crypto_auth_hmacsha512256.h" 12 | #include "sodium_crypto_box.h" 13 | #include "sodium_crypto_box_curve25519xsalsa20poly1305.h" 14 | #include "sodium_crypto_core_hsalsa20.h" 15 | #include "sodium_crypto_core_hchacha20.h" 16 | #include "sodium_crypto_core_salsa20.h" 17 | #include "sodium_crypto_core_salsa2012.h" 18 | #include "sodium_crypto_core_salsa208.h" 19 | #include "sodium_crypto_generichash.h" 20 | #include "sodium_crypto_generichash_blake2b.h" 21 | #include "sodium_crypto_hash.h" 22 | #include "sodium_crypto_hash_sha512.h" 23 | #include "sodium_crypto_kx.h" 24 | #include "sodium_crypto_onetimeauth.h" 25 | #include "sodium_crypto_onetimeauth_poly1305.h" 26 | #include "sodium_crypto_scalarmult.h" 27 | #include "sodium_crypto_scalarmult_curve25519.h" 28 | #include "sodium_crypto_secretbox.h" 29 | #include "sodium_crypto_secretbox_xsalsa20poly1305.h" 30 | #include "sodium_crypto_secretstream_xchacha20poly1305.h" 31 | #include "sodium_crypto_shorthash.h" 32 | #include "sodium_crypto_shorthash_siphash24.h" 33 | #include "sodium_crypto_sign.h" 34 | #include "sodium_crypto_sign_ed25519.h" 35 | #include "sodium_crypto_stream.h" 36 | #include "sodium_crypto_stream_chacha20.h" 37 | #include "sodium_crypto_stream_salsa20.h" 38 | #include "sodium_crypto_stream_xsalsa20.h" 39 | #include "sodium_crypto_verify_16.h" 40 | #include "sodium_crypto_verify_32.h" 41 | #include "sodium_crypto_verify_64.h" 42 | #include "sodium_randombytes.h" 43 | #include "sodium_randombytes_salsa20_random.h" 44 | #include "sodium_randombytes_sysrandom.h" 45 | #include "sodium_runtime.h" 46 | #include "sodium_utils.h" 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /sodium/sodium_blake2b-compress-avx2.c: -------------------------------------------------------------------------------- 1 | 2 | #define BLAKE2_USE_SSSE3 3 | #define BLAKE2_USE_SSE41 4 | #define BLAKE2_USE_AVX2 5 | 6 | #include 7 | #include 8 | 9 | #include "sodium_blake2.h" 10 | #include "sodium_private_common.h" 11 | #include "sodium_private_sse2_64_32.h" 12 | 13 | #if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_EMMINTRIN_H) && \ 14 | defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H) 15 | 16 | # ifdef __GNUC__ 17 | # pragma GCC target("sse2") 18 | # pragma GCC target("ssse3") 19 | # pragma GCC target("sse4.1") 20 | # pragma GCC target("avx2") 21 | # endif 22 | 23 | # include 24 | # include 25 | # include 26 | # include 27 | 28 | # include "sodium_blake2b-compress-avx2.h" 29 | 30 | CRYPTO_ALIGN(64) 31 | static const uint64_t blake2b_IV[8] = { 32 | 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 33 | 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 34 | 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL 35 | }; 36 | 37 | int 38 | blake2b_compress_avx2(blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES]) 39 | { 40 | __m256i a = LOADU(&S->h[0]); 41 | __m256i b = LOADU(&S->h[4]); 42 | BLAKE2B_COMPRESS_V1(a, b, block, S->t[0], S->t[1], S->f[0], S->f[1]); 43 | STOREU(&S->h[0], a); 44 | STOREU(&S->h[4], b); 45 | 46 | return 0; 47 | } 48 | 49 | #endif 50 | 51 | int blake2b_compress_avx2_link_warning_dummy = 0; 52 | -------------------------------------------------------------------------------- /sodium/sodium_blake2b-compress-ref.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | 5 | #include "sodium_blake2.h" 6 | #include "sodium_private_common.h" 7 | 8 | CRYPTO_ALIGN(64) 9 | static const uint64_t blake2b_IV[8] = { 10 | 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 11 | 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 12 | 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL 13 | }; 14 | 15 | static const uint8_t blake2b_sigma[12][16] = { 16 | { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, 17 | { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 }, 18 | { 11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4 }, 19 | { 7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8 }, 20 | { 9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13 }, 21 | { 2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9 }, 22 | { 12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11 }, 23 | { 13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10 }, 24 | { 6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5 }, 25 | { 10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0 }, 26 | { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, 27 | { 14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3 } 28 | }; 29 | 30 | int 31 | blake2b_compress_ref(blake2b_state *S, const uint8_t block[BLAKE2B_BLOCKBYTES]) 32 | { 33 | uint64_t m[16]; 34 | uint64_t v[16]; 35 | int i; 36 | 37 | for (i = 0; i < 16; ++i) { 38 | m[i] = LOAD64_LE(block + i * sizeof(m[i])); 39 | } 40 | for (i = 0; i < 8; ++i) { 41 | v[i] = S->h[i]; 42 | } 43 | v[8] = blake2b_IV[0]; 44 | v[9] = blake2b_IV[1]; 45 | v[10] = blake2b_IV[2]; 46 | v[11] = blake2b_IV[3]; 47 | v[12] = S->t[0] ^ blake2b_IV[4]; 48 | v[13] = S->t[1] ^ blake2b_IV[5]; 49 | v[14] = S->f[0] ^ blake2b_IV[6]; 50 | v[15] = S->f[1] ^ blake2b_IV[7]; 51 | #define G(r, i, a, b, c, d) \ 52 | do { \ 53 | a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ 54 | d = ROTR64(d ^ a, 32); \ 55 | c = c + d; \ 56 | b = ROTR64(b ^ c, 24); \ 57 | a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ 58 | d = ROTR64(d ^ a, 16); \ 59 | c = c + d; \ 60 | b = ROTR64(b ^ c, 63); \ 61 | } while (0) 62 | #define ROUND(r) \ 63 | do { \ 64 | G(r, 0, v[0], v[4], v[8], v[12]); \ 65 | G(r, 1, v[1], v[5], v[9], v[13]); \ 66 | G(r, 2, v[2], v[6], v[10], v[14]); \ 67 | G(r, 3, v[3], v[7], v[11], v[15]); \ 68 | G(r, 4, v[0], v[5], v[10], v[15]); \ 69 | G(r, 5, v[1], v[6], v[11], v[12]); \ 70 | G(r, 6, v[2], v[7], v[8], v[13]); \ 71 | G(r, 7, v[3], v[4], v[9], v[14]); \ 72 | } while (0) 73 | ROUND(0); 74 | ROUND(1); 75 | ROUND(2); 76 | ROUND(3); 77 | ROUND(4); 78 | ROUND(5); 79 | ROUND(6); 80 | ROUND(7); 81 | ROUND(8); 82 | ROUND(9); 83 | ROUND(10); 84 | ROUND(11); 85 | 86 | for (i = 0; i < 8; ++i) { 87 | S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; 88 | } 89 | 90 | #undef G 91 | #undef ROUND 92 | return 0; 93 | } 94 | -------------------------------------------------------------------------------- /sodium/sodium_blake2b-compress-sse41.c: -------------------------------------------------------------------------------- 1 | 2 | #define BLAKE2_USE_SSSE3 3 | #define BLAKE2_USE_SSE41 4 | 5 | #include 6 | #include 7 | 8 | #include "sodium_blake2.h" 9 | #include "sodium_private_common.h" 10 | #include "sodium_private_sse2_64_32.h" 11 | 12 | #if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) && \ 13 | defined(HAVE_SMMINTRIN_H) 14 | 15 | # ifdef __GNUC__ 16 | # pragma GCC target("sse2") 17 | # pragma GCC target("ssse3") 18 | # pragma GCC target("sse4.1") 19 | # endif 20 | 21 | # include 22 | # include 23 | # include 24 | 25 | # include "sodium_blake2b-compress-sse41.h" 26 | 27 | CRYPTO_ALIGN(64) 28 | static const uint64_t blake2b_IV[8] = { 29 | 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 30 | 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 31 | 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL 32 | }; 33 | 34 | int 35 | blake2b_compress_sse41(blake2b_state *S, 36 | const uint8_t block[BLAKE2B_BLOCKBYTES]) 37 | { 38 | __m128i row1l, row1h; 39 | __m128i row2l, row2h; 40 | __m128i row3l, row3h; 41 | __m128i row4l, row4h; 42 | __m128i b0, b1; 43 | __m128i t0, t1; 44 | const __m128i r16 = 45 | _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); 46 | const __m128i r24 = 47 | _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); 48 | const __m128i m0 = LOADU(block + 00); 49 | const __m128i m1 = LOADU(block + 16); 50 | const __m128i m2 = LOADU(block + 32); 51 | const __m128i m3 = LOADU(block + 48); 52 | const __m128i m4 = LOADU(block + 64); 53 | const __m128i m5 = LOADU(block + 80); 54 | const __m128i m6 = LOADU(block + 96); 55 | const __m128i m7 = LOADU(block + 112); 56 | row1l = LOADU(&S->h[0]); 57 | row1h = LOADU(&S->h[2]); 58 | row2l = LOADU(&S->h[4]); 59 | row2h = LOADU(&S->h[6]); 60 | row3l = LOADU(&blake2b_IV[0]); 61 | row3h = LOADU(&blake2b_IV[2]); 62 | row4l = _mm_xor_si128(LOADU(&blake2b_IV[4]), LOADU(&S->t[0])); 63 | row4h = _mm_xor_si128(LOADU(&blake2b_IV[6]), LOADU(&S->f[0])); 64 | ROUND(0); 65 | ROUND(1); 66 | ROUND(2); 67 | ROUND(3); 68 | ROUND(4); 69 | ROUND(5); 70 | ROUND(6); 71 | ROUND(7); 72 | ROUND(8); 73 | ROUND(9); 74 | ROUND(10); 75 | ROUND(11); 76 | row1l = _mm_xor_si128(row3l, row1l); 77 | row1h = _mm_xor_si128(row3h, row1h); 78 | STOREU(&S->h[0], _mm_xor_si128(LOADU(&S->h[0]), row1l)); 79 | STOREU(&S->h[2], _mm_xor_si128(LOADU(&S->h[2]), row1h)); 80 | row2l = _mm_xor_si128(row4l, row2l); 81 | row2h = _mm_xor_si128(row4h, row2h); 82 | STOREU(&S->h[4], _mm_xor_si128(LOADU(&S->h[4]), row2l)); 83 | STOREU(&S->h[6], _mm_xor_si128(LOADU(&S->h[6]), row2h)); 84 | return 0; 85 | } 86 | 87 | #endif 88 | 89 | int blake2b_compress_sse41_link_warning_dummy = 0; 90 | -------------------------------------------------------------------------------- /sodium/sodium_blake2b-compress-ssse3.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | 5 | #include "sodium_blake2.h" 6 | #include "sodium_private_common.h" 7 | #include "sodium_private_sse2_64_32.h" 8 | 9 | #if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) 10 | 11 | # ifdef __GNUC__ 12 | # pragma GCC target("sse2") 13 | # pragma GCC target("ssse3") 14 | # endif 15 | 16 | # include 17 | # include 18 | 19 | # include "sodium_blake2b-compress-ssse3.h" 20 | 21 | CRYPTO_ALIGN(64) 22 | static const uint64_t blake2b_IV[8] = { 23 | 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 24 | 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 25 | 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL 26 | }; 27 | 28 | int 29 | blake2b_compress_ssse3(blake2b_state *S, 30 | const uint8_t block[BLAKE2B_BLOCKBYTES]) 31 | { 32 | __m128i row1l, row1h; 33 | __m128i row2l, row2h; 34 | __m128i row3l, row3h; 35 | __m128i row4l, row4h; 36 | __m128i b0, b1; 37 | __m128i t0, t1; 38 | const __m128i r16 = 39 | _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); 40 | const __m128i r24 = 41 | _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); 42 | const uint64_t m0 = ((const uint64_t *) block)[0]; 43 | const uint64_t m1 = ((const uint64_t *) block)[1]; 44 | const uint64_t m2 = ((const uint64_t *) block)[2]; 45 | const uint64_t m3 = ((const uint64_t *) block)[3]; 46 | const uint64_t m4 = ((const uint64_t *) block)[4]; 47 | const uint64_t m5 = ((const uint64_t *) block)[5]; 48 | const uint64_t m6 = ((const uint64_t *) block)[6]; 49 | const uint64_t m7 = ((const uint64_t *) block)[7]; 50 | const uint64_t m8 = ((const uint64_t *) block)[8]; 51 | const uint64_t m9 = ((const uint64_t *) block)[9]; 52 | const uint64_t m10 = ((const uint64_t *) block)[10]; 53 | const uint64_t m11 = ((const uint64_t *) block)[11]; 54 | const uint64_t m12 = ((const uint64_t *) block)[12]; 55 | const uint64_t m13 = ((const uint64_t *) block)[13]; 56 | const uint64_t m14 = ((const uint64_t *) block)[14]; 57 | const uint64_t m15 = ((const uint64_t *) block)[15]; 58 | 59 | row1l = LOADU(&S->h[0]); 60 | row1h = LOADU(&S->h[2]); 61 | row2l = LOADU(&S->h[4]); 62 | row2h = LOADU(&S->h[6]); 63 | row3l = LOADU(&blake2b_IV[0]); 64 | row3h = LOADU(&blake2b_IV[2]); 65 | row4l = _mm_xor_si128(LOADU(&blake2b_IV[4]), LOADU(&S->t[0])); 66 | row4h = _mm_xor_si128(LOADU(&blake2b_IV[6]), LOADU(&S->f[0])); 67 | ROUND(0); 68 | ROUND(1); 69 | ROUND(2); 70 | ROUND(3); 71 | ROUND(4); 72 | ROUND(5); 73 | ROUND(6); 74 | ROUND(7); 75 | ROUND(8); 76 | ROUND(9); 77 | ROUND(10); 78 | ROUND(11); 79 | row1l = _mm_xor_si128(row3l, row1l); 80 | row1h = _mm_xor_si128(row3h, row1h); 81 | STOREU(&S->h[0], _mm_xor_si128(LOADU(&S->h[0]), row1l)); 82 | STOREU(&S->h[2], _mm_xor_si128(LOADU(&S->h[2]), row1h)); 83 | row2l = _mm_xor_si128(row4l, row2l); 84 | row2h = _mm_xor_si128(row4h, row2h); 85 | STOREU(&S->h[4], _mm_xor_si128(LOADU(&S->h[4]), row2l)); 86 | STOREU(&S->h[6], _mm_xor_si128(LOADU(&S->h[6]), row2h)); 87 | return 0; 88 | } 89 | 90 | #endif 91 | 92 | int blake2b_compress_sse3_link_warning_dummy = 0; 93 | -------------------------------------------------------------------------------- /sodium/sodium_box_seal_curve25519xchacha20poly1305.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_crypto_box_curve25519xchacha20poly1305.h" 5 | #include "sodium_crypto_generichash.h" 6 | #include "sodium_private_common.h" 7 | #include "sodium_utils.h" 8 | 9 | static int 10 | _crypto_box_curve25519xchacha20poly1305_seal_nonce(unsigned char *nonce, 11 | const unsigned char *pk1, 12 | const unsigned char *pk2) 13 | { 14 | crypto_generichash_state st; 15 | 16 | crypto_generichash_init(&st, NULL, 0U, 17 | crypto_box_curve25519xchacha20poly1305_NONCEBYTES); 18 | crypto_generichash_update(&st, pk1, 19 | crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); 20 | crypto_generichash_update(&st, pk2, 21 | crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); 22 | crypto_generichash_final(&st, nonce, 23 | crypto_box_curve25519xchacha20poly1305_NONCEBYTES); 24 | 25 | return 0; 26 | } 27 | 28 | int 29 | crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c, const unsigned char *m, 30 | unsigned long long mlen, 31 | const unsigned char *pk) 32 | { 33 | unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES]; 34 | unsigned char epk[crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES]; 35 | unsigned char esk[crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES]; 36 | int ret; 37 | 38 | if (crypto_box_curve25519xchacha20poly1305_keypair(epk, esk) != 0) { 39 | return -1; /* LCOV_EXCL_LINE */ 40 | } 41 | memcpy(c, epk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); 42 | _crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, epk, pk); 43 | ret = crypto_box_curve25519xchacha20poly1305_easy( 44 | c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, m, mlen, 45 | nonce, pk, esk); 46 | sodium_memzero(esk, sizeof esk); 47 | sodium_memzero(epk, sizeof epk); 48 | sodium_memzero(nonce, sizeof nonce); 49 | 50 | return ret; 51 | } 52 | 53 | int 54 | crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m, const unsigned char *c, 55 | unsigned long long clen, 56 | const unsigned char *pk, 57 | const unsigned char *sk) 58 | { 59 | unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES]; 60 | 61 | if (clen < crypto_box_curve25519xchacha20poly1305_SEALBYTES) { 62 | return -1; 63 | } 64 | _crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, c, pk); 65 | 66 | COMPILER_ASSERT(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES < 67 | crypto_box_curve25519xchacha20poly1305_SEALBYTES); 68 | 69 | return crypto_box_curve25519xchacha20poly1305_open_easy( 70 | m, c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, 71 | clen - crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, 72 | nonce, c, sk); 73 | } 74 | 75 | size_t 76 | crypto_box_curve25519xchacha20poly1305_sealbytes(void) 77 | { 78 | return crypto_box_curve25519xchacha20poly1305_SEALBYTES; 79 | } 80 | -------------------------------------------------------------------------------- /sodium/sodium_chacha20-ref.h: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_stream_chacha20.h" 5 | #include "sodium_crypto_stream_chacha20.h" 6 | 7 | extern struct crypto_stream_chacha20_implementation 8 | crypto_stream_chacha20_ref_implementation; 9 | -------------------------------------------------------------------------------- /sodium/sodium_core.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef sodium_core_H 3 | #define sodium_core_H 4 | 5 | #include "sodium_export.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | int sodium_init(void) 12 | __attribute__ ((warn_unused_result)); 13 | 14 | /* ---- */ 15 | 16 | int sodium_set_misuse_handler(void (*handler)(void)); 17 | 18 | void sodium_misuse(void) 19 | __attribute__ ((noreturn)); 20 | 21 | #ifdef __cplusplus 22 | } 23 | #endif 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /sodium/sodium_core_hchacha20.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | 5 | #include "sodium_crypto_core_hchacha20.h" 6 | #include "sodium_private_common.h" 7 | 8 | #define QUARTERROUND(A, B, C, D) \ 9 | do { \ 10 | A += B; D = ROTL32(D ^ A, 16); \ 11 | C += D; B = ROTL32(B ^ C, 12); \ 12 | A += B; D = ROTL32(D ^ A, 8); \ 13 | C += D; B = ROTL32(B ^ C, 7); \ 14 | } while(0) 15 | 16 | int 17 | crypto_core_hchacha20(unsigned char *out, const unsigned char *in, 18 | const unsigned char *k, const unsigned char *c) 19 | { 20 | int i; 21 | uint32_t x0, x1, x2, x3, x4, x5, x6, x7; 22 | uint32_t x8, x9, x10, x11, x12, x13, x14, x15; 23 | 24 | if (c == NULL) { 25 | x0 = 0x61707865; 26 | x1 = 0x3320646e; 27 | x2 = 0x79622d32; 28 | x3 = 0x6b206574; 29 | } else { 30 | x0 = LOAD32_LE(c + 0); 31 | x1 = LOAD32_LE(c + 4); 32 | x2 = LOAD32_LE(c + 8); 33 | x3 = LOAD32_LE(c + 12); 34 | } 35 | x4 = LOAD32_LE(k + 0); 36 | x5 = LOAD32_LE(k + 4); 37 | x6 = LOAD32_LE(k + 8); 38 | x7 = LOAD32_LE(k + 12); 39 | x8 = LOAD32_LE(k + 16); 40 | x9 = LOAD32_LE(k + 20); 41 | x10 = LOAD32_LE(k + 24); 42 | x11 = LOAD32_LE(k + 28); 43 | x12 = LOAD32_LE(in + 0); 44 | x13 = LOAD32_LE(in + 4); 45 | x14 = LOAD32_LE(in + 8); 46 | x15 = LOAD32_LE(in + 12); 47 | 48 | for (i = 0; i < 10; i++) { 49 | QUARTERROUND(x0, x4, x8, x12); 50 | QUARTERROUND(x1, x5, x9, x13); 51 | QUARTERROUND(x2, x6, x10, x14); 52 | QUARTERROUND(x3, x7, x11, x15); 53 | QUARTERROUND(x0, x5, x10, x15); 54 | QUARTERROUND(x1, x6, x11, x12); 55 | QUARTERROUND(x2, x7, x8, x13); 56 | QUARTERROUND(x3, x4, x9, x14); 57 | } 58 | 59 | STORE32_LE(out + 0, x0); 60 | STORE32_LE(out + 4, x1); 61 | STORE32_LE(out + 8, x2); 62 | STORE32_LE(out + 12, x3); 63 | STORE32_LE(out + 16, x12); 64 | STORE32_LE(out + 20, x13); 65 | STORE32_LE(out + 24, x14); 66 | STORE32_LE(out + 28, x15); 67 | 68 | return 0; 69 | } 70 | 71 | size_t 72 | crypto_core_hchacha20_outputbytes(void) 73 | { 74 | return crypto_core_hchacha20_OUTPUTBYTES; 75 | } 76 | 77 | size_t 78 | crypto_core_hchacha20_inputbytes(void) 79 | { 80 | return crypto_core_hchacha20_INPUTBYTES; 81 | } 82 | 83 | size_t 84 | crypto_core_hchacha20_keybytes(void) 85 | { 86 | return crypto_core_hchacha20_KEYBYTES; 87 | } 88 | 89 | size_t 90 | crypto_core_hchacha20_constbytes(void) 91 | { 92 | return crypto_core_hchacha20_CONSTBYTES; 93 | } 94 | -------------------------------------------------------------------------------- /sodium/sodium_core_hsalsa20.c: -------------------------------------------------------------------------------- 1 | #include "sodium_crypto_core_hsalsa20.h" 2 | 3 | size_t 4 | crypto_core_hsalsa20_outputbytes(void) { 5 | return crypto_core_hsalsa20_OUTPUTBYTES; 6 | } 7 | 8 | size_t 9 | crypto_core_hsalsa20_inputbytes(void) { 10 | return crypto_core_hsalsa20_INPUTBYTES; 11 | } 12 | 13 | size_t 14 | crypto_core_hsalsa20_keybytes(void) { 15 | return crypto_core_hsalsa20_KEYBYTES; 16 | } 17 | 18 | size_t 19 | crypto_core_hsalsa20_constbytes(void) { 20 | return crypto_core_hsalsa20_CONSTBYTES; 21 | } 22 | -------------------------------------------------------------------------------- /sodium/sodium_core_hsalsa20_ref2.c: -------------------------------------------------------------------------------- 1 | /* 2 | version 20080912 3 | D. J. Bernstein 4 | Public domain. 5 | */ 6 | 7 | #include 8 | #include 9 | 10 | #include "sodium_crypto_core_hsalsa20.h" 11 | #include "sodium_private_common.h" 12 | 13 | #define ROUNDS 20 14 | #define U32C(v) (v##U) 15 | 16 | int 17 | crypto_core_hsalsa20(unsigned char *out, 18 | const unsigned char *in, 19 | const unsigned char *k, 20 | const unsigned char *c) 21 | { 22 | uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, 23 | x9, x10, x11, x12, x13, x14, x15; 24 | int i; 25 | 26 | if (c == NULL) { 27 | x0 = U32C(0x61707865); 28 | x5 = U32C(0x3320646e); 29 | x10 = U32C(0x79622d32); 30 | x15 = U32C(0x6b206574); 31 | } else { 32 | x0 = LOAD32_LE(c + 0); 33 | x5 = LOAD32_LE(c + 4); 34 | x10 = LOAD32_LE(c + 8); 35 | x15 = LOAD32_LE(c + 12); 36 | } 37 | x1 = LOAD32_LE(k + 0); 38 | x2 = LOAD32_LE(k + 4); 39 | x3 = LOAD32_LE(k + 8); 40 | x4 = LOAD32_LE(k + 12); 41 | x11 = LOAD32_LE(k + 16); 42 | x12 = LOAD32_LE(k + 20); 43 | x13 = LOAD32_LE(k + 24); 44 | x14 = LOAD32_LE(k + 28); 45 | x6 = LOAD32_LE(in + 0); 46 | x7 = LOAD32_LE(in + 4); 47 | x8 = LOAD32_LE(in + 8); 48 | x9 = LOAD32_LE(in + 12); 49 | 50 | for (i = ROUNDS; i > 0; i -= 2) { 51 | x4 ^= ROTL32(x0 + x12, 7); 52 | x8 ^= ROTL32(x4 + x0, 9); 53 | x12 ^= ROTL32(x8 + x4, 13); 54 | x0 ^= ROTL32(x12 + x8, 18); 55 | x9 ^= ROTL32(x5 + x1, 7); 56 | x13 ^= ROTL32(x9 + x5, 9); 57 | x1 ^= ROTL32(x13 + x9, 13); 58 | x5 ^= ROTL32(x1 + x13, 18); 59 | x14 ^= ROTL32(x10 + x6, 7); 60 | x2 ^= ROTL32(x14 + x10, 9); 61 | x6 ^= ROTL32(x2 + x14, 13); 62 | x10 ^= ROTL32(x6 + x2, 18); 63 | x3 ^= ROTL32(x15 + x11, 7); 64 | x7 ^= ROTL32(x3 + x15, 9); 65 | x11 ^= ROTL32(x7 + x3, 13); 66 | x15 ^= ROTL32(x11 + x7, 18); 67 | x1 ^= ROTL32(x0 + x3, 7); 68 | x2 ^= ROTL32(x1 + x0, 9); 69 | x3 ^= ROTL32(x2 + x1, 13); 70 | x0 ^= ROTL32(x3 + x2, 18); 71 | x6 ^= ROTL32(x5 + x4, 7); 72 | x7 ^= ROTL32(x6 + x5, 9); 73 | x4 ^= ROTL32(x7 + x6, 13); 74 | x5 ^= ROTL32(x4 + x7, 18); 75 | x11 ^= ROTL32(x10 + x9, 7); 76 | x8 ^= ROTL32(x11 + x10, 9); 77 | x9 ^= ROTL32(x8 + x11, 13); 78 | x10 ^= ROTL32(x9 + x8, 18); 79 | x12 ^= ROTL32(x15 + x14, 7); 80 | x13 ^= ROTL32(x12 + x15, 9); 81 | x14 ^= ROTL32(x13 + x12, 13); 82 | x15 ^= ROTL32(x14 + x13, 18); 83 | } 84 | 85 | STORE32_LE(out + 0, x0); 86 | STORE32_LE(out + 4, x5); 87 | STORE32_LE(out + 8, x10); 88 | STORE32_LE(out + 12, x15); 89 | STORE32_LE(out + 16, x6); 90 | STORE32_LE(out + 20, x7); 91 | STORE32_LE(out + 24, x8); 92 | STORE32_LE(out + 28, x9); 93 | 94 | return 0; 95 | } 96 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_auth.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_auth_H 2 | #define crypto_auth_H 3 | 4 | #include 5 | 6 | #include "sodium_crypto_auth_hmacsha512256.h" 7 | #include "sodium_export.h" 8 | 9 | #ifdef __cplusplus 10 | # ifdef __GNUC__ 11 | # pragma GCC diagnostic ignored "-Wlong-long" 12 | # endif 13 | extern "C" { 14 | #endif 15 | 16 | #define crypto_auth_BYTES crypto_auth_hmacsha512256_BYTES 17 | size_t crypto_auth_bytes(void); 18 | 19 | #define crypto_auth_KEYBYTES crypto_auth_hmacsha512256_KEYBYTES 20 | size_t crypto_auth_keybytes(void); 21 | 22 | #define crypto_auth_PRIMITIVE "hmacsha512256" 23 | const char *crypto_auth_primitive(void); 24 | 25 | int crypto_auth(unsigned char *out, const unsigned char *in, 26 | unsigned long long inlen, const unsigned char *k) 27 | __attribute__ ((nonnull)); 28 | 29 | int crypto_auth_verify(const unsigned char *h, const unsigned char *in, 30 | unsigned long long inlen, const unsigned char *k) 31 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 32 | 33 | void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES]) 34 | __attribute__ ((nonnull)); 35 | 36 | #ifdef __cplusplus 37 | } 38 | #endif 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_auth_hmacsha512.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_auth_hmacsha512_H 2 | #define crypto_auth_hmacsha512_H 3 | 4 | #include 5 | 6 | #include "sodium_crypto_hash_sha512.h" 7 | #include "sodium_export.h" 8 | 9 | #ifdef __cplusplus 10 | # ifdef __GNUC__ 11 | # pragma GCC diagnostic ignored "-Wlong-long" 12 | # endif 13 | extern "C" { 14 | #endif 15 | 16 | #define crypto_auth_hmacsha512_BYTES 64U 17 | size_t crypto_auth_hmacsha512_bytes(void); 18 | 19 | #define crypto_auth_hmacsha512_KEYBYTES 32U 20 | size_t crypto_auth_hmacsha512_keybytes(void); 21 | 22 | int crypto_auth_hmacsha512(unsigned char *out, 23 | const unsigned char *in, 24 | unsigned long long inlen, 25 | const unsigned char *k) __attribute__ ((nonnull)); 26 | 27 | int crypto_auth_hmacsha512_verify(const unsigned char *h, 28 | const unsigned char *in, 29 | unsigned long long inlen, 30 | const unsigned char *k) 31 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 32 | 33 | /* ------------------------------------------------------------------------- */ 34 | 35 | typedef struct crypto_auth_hmacsha512_state { 36 | crypto_hash_sha512_state ictx; 37 | crypto_hash_sha512_state octx; 38 | } crypto_auth_hmacsha512_state; 39 | 40 | size_t crypto_auth_hmacsha512_statebytes(void); 41 | 42 | int crypto_auth_hmacsha512_init(crypto_auth_hmacsha512_state *state, 43 | const unsigned char *key, 44 | size_t keylen) __attribute__ ((nonnull)); 45 | 46 | int crypto_auth_hmacsha512_update(crypto_auth_hmacsha512_state *state, 47 | const unsigned char *in, 48 | unsigned long long inlen) __attribute__ ((nonnull)); 49 | 50 | int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state, 51 | unsigned char *out) __attribute__ ((nonnull)); 52 | 53 | void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES]) 54 | __attribute__ ((nonnull)); 55 | 56 | #ifdef __cplusplus 57 | } 58 | #endif 59 | 60 | #endif 61 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_auth_hmacsha512256.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_auth_hmacsha512256_H 2 | #define crypto_auth_hmacsha512256_H 3 | 4 | #include 5 | 6 | #include "sodium_crypto_auth_hmacsha512.h" 7 | #include "sodium_export.h" 8 | 9 | #ifdef __cplusplus 10 | # ifdef __GNUC__ 11 | # pragma GCC diagnostic ignored "-Wlong-long" 12 | # endif 13 | extern "C" { 14 | #endif 15 | 16 | #define crypto_auth_hmacsha512256_BYTES 32U 17 | size_t crypto_auth_hmacsha512256_bytes(void); 18 | 19 | #define crypto_auth_hmacsha512256_KEYBYTES 32U 20 | size_t crypto_auth_hmacsha512256_keybytes(void); 21 | 22 | int crypto_auth_hmacsha512256(unsigned char *out, const unsigned char *in, 23 | unsigned long long inlen,const unsigned char *k); 24 | 25 | int crypto_auth_hmacsha512256_verify(const unsigned char *h, 26 | const unsigned char *in, 27 | unsigned long long inlen, 28 | const unsigned char *k) 29 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 30 | 31 | /* ------------------------------------------------------------------------- */ 32 | 33 | typedef crypto_auth_hmacsha512_state crypto_auth_hmacsha512256_state; 34 | 35 | size_t crypto_auth_hmacsha512256_statebytes(void); 36 | 37 | int crypto_auth_hmacsha512256_init(crypto_auth_hmacsha512256_state *state, 38 | const unsigned char *key, 39 | size_t keylen) __attribute__ ((nonnull)); 40 | 41 | int crypto_auth_hmacsha512256_update(crypto_auth_hmacsha512256_state *state, 42 | const unsigned char *in, 43 | unsigned long long inlen) __attribute__ ((nonnull)); 44 | 45 | int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state, 46 | unsigned char *out) __attribute__ ((nonnull)); 47 | 48 | void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]) 49 | __attribute__ ((nonnull)); 50 | 51 | #ifdef __cplusplus 52 | } 53 | #endif 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_box.c: -------------------------------------------------------------------------------- 1 | 2 | #include "sodium_crypto_box.h" 3 | 4 | int 5 | crypto_box_keypair(unsigned char *pk, unsigned char *sk) 6 | { 7 | return crypto_box_curve25519xsalsa20poly1305_keypair(pk, sk); 8 | } 9 | 10 | int 11 | crypto_box_beforenm(unsigned char *k, const unsigned char *pk, 12 | const unsigned char *sk) 13 | { 14 | return crypto_box_curve25519xsalsa20poly1305_beforenm(k, pk, sk); 15 | } 16 | 17 | int 18 | crypto_box_afternm(unsigned char *c, const unsigned char *m, 19 | unsigned long long mlen, const unsigned char *n, 20 | const unsigned char *k) 21 | { 22 | return crypto_box_curve25519xsalsa20poly1305_afternm(c, m, mlen, n, k); 23 | } 24 | 25 | int 26 | crypto_box_open_afternm(unsigned char *m, const unsigned char *c, 27 | unsigned long long clen, const unsigned char *n, 28 | const unsigned char *k) 29 | { 30 | return crypto_box_curve25519xsalsa20poly1305_open_afternm(m, c, clen, n, k); 31 | } 32 | 33 | int 34 | crypto_box(unsigned char *c, const unsigned char *m, 35 | unsigned long long mlen, const unsigned char *n, 36 | const unsigned char *pk, const unsigned char *sk) 37 | { 38 | return crypto_box_curve25519xsalsa20poly1305(c, m, mlen, n, pk, sk); 39 | } 40 | 41 | int 42 | crypto_box_open(unsigned char *m, const unsigned char *c, 43 | unsigned long long clen, const unsigned char *n, 44 | const unsigned char *pk, const unsigned char *sk) 45 | { 46 | return crypto_box_curve25519xsalsa20poly1305_open(m, c, clen, n, pk, sk); 47 | } 48 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_core_ed25519.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_core_ed25519_H 2 | #define crypto_core_ed25519_H 3 | 4 | #include 5 | #include "sodium_export.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #define crypto_core_ed25519_BYTES 32 12 | size_t crypto_core_ed25519_bytes(void); 13 | 14 | #define crypto_core_ed25519_UNIFORMBYTES 32 15 | size_t crypto_core_ed25519_uniformbytes(void); 16 | 17 | #define crypto_core_ed25519_SCALARBYTES 32 18 | size_t crypto_core_ed25519_scalarbytes(void); 19 | 20 | #define crypto_core_ed25519_NONREDUCEDSCALARBYTES 64 21 | size_t crypto_core_ed25519_nonreducedscalarbytes(void); 22 | 23 | int crypto_core_ed25519_is_valid_point(const unsigned char *p) 24 | __attribute__ ((nonnull)); 25 | 26 | int crypto_core_ed25519_add(unsigned char *r, 27 | const unsigned char *p, const unsigned char *q) 28 | __attribute__ ((nonnull)); 29 | 30 | int crypto_core_ed25519_sub(unsigned char *r, 31 | const unsigned char *p, const unsigned char *q) 32 | __attribute__ ((nonnull)); 33 | 34 | int crypto_core_ed25519_from_uniform(unsigned char *p, const unsigned char *r) 35 | __attribute__ ((nonnull)); 36 | 37 | void crypto_core_ed25519_scalar_random(unsigned char *r) 38 | __attribute__ ((nonnull)); 39 | 40 | int crypto_core_ed25519_scalar_invert(unsigned char *recip, const unsigned char *s) 41 | __attribute__ ((nonnull)); 42 | 43 | void crypto_core_ed25519_scalar_negate(unsigned char *neg, const unsigned char *s) 44 | __attribute__ ((nonnull)); 45 | 46 | void crypto_core_ed25519_scalar_complement(unsigned char *comp, const unsigned char *s) 47 | __attribute__ ((nonnull)); 48 | 49 | void crypto_core_ed25519_scalar_add(unsigned char *z, const unsigned char *x, 50 | const unsigned char *y) 51 | __attribute__ ((nonnull)); 52 | 53 | void crypto_core_ed25519_scalar_sub(unsigned char *z, const unsigned char *x, 54 | const unsigned char *y) 55 | __attribute__ ((nonnull)); 56 | 57 | /* 58 | * The interval `s` is sampled from should be at least 317 bits to ensure almost 59 | * uniformity of `r` over `L`. 60 | */ 61 | void crypto_core_ed25519_scalar_reduce(unsigned char *r, const unsigned char *s) 62 | __attribute__ ((nonnull)); 63 | 64 | #ifdef __cplusplus 65 | } 66 | #endif 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_core_hchacha20.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_core_hchacha20_H 2 | #define crypto_core_hchacha20_H 3 | 4 | #include 5 | #include "sodium_export.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #define crypto_core_hchacha20_OUTPUTBYTES 32U 12 | size_t crypto_core_hchacha20_outputbytes(void); 13 | 14 | #define crypto_core_hchacha20_INPUTBYTES 16U 15 | size_t crypto_core_hchacha20_inputbytes(void); 16 | 17 | #define crypto_core_hchacha20_KEYBYTES 32U 18 | size_t crypto_core_hchacha20_keybytes(void); 19 | 20 | #define crypto_core_hchacha20_CONSTBYTES 16U 21 | size_t crypto_core_hchacha20_constbytes(void); 22 | 23 | int crypto_core_hchacha20(unsigned char *out, const unsigned char *in, 24 | const unsigned char *k, const unsigned char *c) 25 | __attribute__ ((nonnull(1, 2, 3))); 26 | 27 | #ifdef __cplusplus 28 | } 29 | #endif 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_core_hsalsa20.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_core_hsalsa20_H 2 | #define crypto_core_hsalsa20_H 3 | 4 | #include 5 | #include "sodium_export.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #define crypto_core_hsalsa20_OUTPUTBYTES 32U 12 | size_t crypto_core_hsalsa20_outputbytes(void); 13 | 14 | #define crypto_core_hsalsa20_INPUTBYTES 16U 15 | size_t crypto_core_hsalsa20_inputbytes(void); 16 | 17 | #define crypto_core_hsalsa20_KEYBYTES 32U 18 | size_t crypto_core_hsalsa20_keybytes(void); 19 | 20 | #define crypto_core_hsalsa20_CONSTBYTES 16U 21 | size_t crypto_core_hsalsa20_constbytes(void); 22 | 23 | int crypto_core_hsalsa20(unsigned char *out, const unsigned char *in, 24 | const unsigned char *k, const unsigned char *c) 25 | __attribute__ ((nonnull(1, 2, 3))); 26 | 27 | #ifdef __cplusplus 28 | } 29 | #endif 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_core_salsa20.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_core_salsa20_H 2 | #define crypto_core_salsa20_H 3 | 4 | #include 5 | #include "sodium_export.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #define crypto_core_salsa20_OUTPUTBYTES 64U 12 | size_t crypto_core_salsa20_outputbytes(void); 13 | 14 | #define crypto_core_salsa20_INPUTBYTES 16U 15 | size_t crypto_core_salsa20_inputbytes(void); 16 | 17 | #define crypto_core_salsa20_KEYBYTES 32U 18 | size_t crypto_core_salsa20_keybytes(void); 19 | 20 | #define crypto_core_salsa20_CONSTBYTES 16U 21 | size_t crypto_core_salsa20_constbytes(void); 22 | 23 | int crypto_core_salsa20(unsigned char *out, const unsigned char *in, 24 | const unsigned char *k, const unsigned char *c) 25 | __attribute__ ((nonnull(1, 2, 3))); 26 | 27 | #ifdef __cplusplus 28 | } 29 | #endif 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_core_salsa2012.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_core_salsa2012_H 2 | #define crypto_core_salsa2012_H 3 | 4 | #include 5 | #include "sodium_export.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #define crypto_core_salsa2012_OUTPUTBYTES 64U 12 | size_t crypto_core_salsa2012_outputbytes(void); 13 | 14 | #define crypto_core_salsa2012_INPUTBYTES 16U 15 | size_t crypto_core_salsa2012_inputbytes(void); 16 | 17 | #define crypto_core_salsa2012_KEYBYTES 32U 18 | size_t crypto_core_salsa2012_keybytes(void); 19 | 20 | #define crypto_core_salsa2012_CONSTBYTES 16U 21 | size_t crypto_core_salsa2012_constbytes(void); 22 | 23 | int crypto_core_salsa2012(unsigned char *out, const unsigned char *in, 24 | const unsigned char *k, const unsigned char *c) 25 | __attribute__ ((nonnull(1, 2, 3))); 26 | 27 | #ifdef __cplusplus 28 | } 29 | #endif 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_core_salsa208.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_core_salsa208_H 2 | #define crypto_core_salsa208_H 3 | 4 | #include 5 | #include "sodium_export.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #define crypto_core_salsa208_OUTPUTBYTES 64U 12 | size_t crypto_core_salsa208_outputbytes(void) 13 | __attribute__ ((deprecated)); 14 | 15 | #define crypto_core_salsa208_INPUTBYTES 16U 16 | size_t crypto_core_salsa208_inputbytes(void) 17 | __attribute__ ((deprecated)); 18 | 19 | #define crypto_core_salsa208_KEYBYTES 32U 20 | size_t crypto_core_salsa208_keybytes(void) 21 | __attribute__ ((deprecated)); 22 | 23 | #define crypto_core_salsa208_CONSTBYTES 16U 24 | size_t crypto_core_salsa208_constbytes(void) 25 | __attribute__ ((deprecated)); 26 | 27 | int crypto_core_salsa208(unsigned char *out, const unsigned char *in, 28 | const unsigned char *k, const unsigned char *c) 29 | __attribute__ ((nonnull(1, 2, 3))); 30 | 31 | #ifdef __cplusplus 32 | } 33 | #endif 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_generichash.c: -------------------------------------------------------------------------------- 1 | 2 | #include "sodium_crypto_generichash.h" 3 | #include "sodium_randombytes.h" 4 | 5 | size_t 6 | crypto_generichash_bytes_min(void) 7 | { 8 | return crypto_generichash_BYTES_MIN; 9 | } 10 | 11 | size_t 12 | crypto_generichash_bytes_max(void) 13 | { 14 | return crypto_generichash_BYTES_MAX; 15 | } 16 | 17 | size_t 18 | crypto_generichash_bytes(void) 19 | { 20 | return crypto_generichash_BYTES; 21 | } 22 | 23 | size_t 24 | crypto_generichash_keybytes_min(void) 25 | { 26 | return crypto_generichash_KEYBYTES_MIN; 27 | } 28 | 29 | size_t 30 | crypto_generichash_keybytes_max(void) 31 | { 32 | return crypto_generichash_KEYBYTES_MAX; 33 | } 34 | 35 | size_t 36 | crypto_generichash_keybytes(void) 37 | { 38 | return crypto_generichash_KEYBYTES; 39 | } 40 | 41 | const char * 42 | crypto_generichash_primitive(void) 43 | { 44 | return crypto_generichash_PRIMITIVE; 45 | } 46 | 47 | size_t 48 | crypto_generichash_statebytes(void) 49 | { 50 | return (sizeof(crypto_generichash_state) + (size_t) 63U) & ~(size_t) 63U; 51 | } 52 | 53 | int 54 | crypto_generichash(unsigned char *out, size_t outlen, const unsigned char *in, 55 | unsigned long long inlen, const unsigned char *key, 56 | size_t keylen) 57 | { 58 | return crypto_generichash_blake2b(out, outlen, in, inlen, key, keylen); 59 | } 60 | 61 | int 62 | crypto_generichash_init(crypto_generichash_state *state, 63 | const unsigned char *key, 64 | const size_t keylen, const size_t outlen) 65 | { 66 | return crypto_generichash_blake2b_init 67 | ((crypto_generichash_blake2b_state *) state, key, keylen, outlen); 68 | } 69 | 70 | int 71 | crypto_generichash_update(crypto_generichash_state *state, 72 | const unsigned char *in, 73 | unsigned long long inlen) 74 | { 75 | return crypto_generichash_blake2b_update 76 | ((crypto_generichash_blake2b_state *) state, in, inlen); 77 | } 78 | 79 | int 80 | crypto_generichash_final(crypto_generichash_state *state, 81 | unsigned char *out, const size_t outlen) 82 | { 83 | return crypto_generichash_blake2b_final 84 | ((crypto_generichash_blake2b_state *) state, out, outlen); 85 | } 86 | 87 | void 88 | crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]) 89 | { 90 | randombytes_buf(k, crypto_generichash_KEYBYTES); 91 | } 92 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_generichash.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_generichash_H 2 | #define crypto_generichash_H 3 | 4 | #include 5 | 6 | #include "sodium_crypto_generichash_blake2b.h" 7 | #include "sodium_export.h" 8 | 9 | #ifdef __cplusplus 10 | # ifdef __GNUC__ 11 | # pragma GCC diagnostic ignored "-Wlong-long" 12 | # endif 13 | extern "C" { 14 | #endif 15 | 16 | #define crypto_generichash_BYTES_MIN crypto_generichash_blake2b_BYTES_MIN 17 | size_t crypto_generichash_bytes_min(void); 18 | 19 | #define crypto_generichash_BYTES_MAX crypto_generichash_blake2b_BYTES_MAX 20 | size_t crypto_generichash_bytes_max(void); 21 | 22 | #define crypto_generichash_BYTES crypto_generichash_blake2b_BYTES 23 | size_t crypto_generichash_bytes(void); 24 | 25 | #define crypto_generichash_KEYBYTES_MIN crypto_generichash_blake2b_KEYBYTES_MIN 26 | size_t crypto_generichash_keybytes_min(void); 27 | 28 | #define crypto_generichash_KEYBYTES_MAX crypto_generichash_blake2b_KEYBYTES_MAX 29 | size_t crypto_generichash_keybytes_max(void); 30 | 31 | #define crypto_generichash_KEYBYTES crypto_generichash_blake2b_KEYBYTES 32 | size_t crypto_generichash_keybytes(void); 33 | 34 | #define crypto_generichash_PRIMITIVE "blake2b" 35 | const char *crypto_generichash_primitive(void); 36 | 37 | /* 38 | * Important when writing bindings for other programming languages: 39 | * the state address should be 64-bytes aligned. 40 | */ 41 | typedef crypto_generichash_blake2b_state crypto_generichash_state; 42 | 43 | size_t crypto_generichash_statebytes(void); 44 | 45 | int crypto_generichash(unsigned char *out, size_t outlen, 46 | const unsigned char *in, unsigned long long inlen, 47 | const unsigned char *key, size_t keylen) 48 | __attribute__ ((nonnull(1))); 49 | 50 | int crypto_generichash_init(crypto_generichash_state *state, 51 | const unsigned char *key, 52 | const size_t keylen, const size_t outlen) 53 | __attribute__ ((nonnull(1))); 54 | 55 | int crypto_generichash_update(crypto_generichash_state *state, 56 | const unsigned char *in, 57 | unsigned long long inlen) 58 | __attribute__ ((nonnull)); 59 | 60 | int crypto_generichash_final(crypto_generichash_state *state, 61 | unsigned char *out, const size_t outlen) 62 | __attribute__ ((nonnull)); 63 | 64 | void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]) 65 | __attribute__ ((nonnull)); 66 | 67 | #ifdef __cplusplus 68 | } 69 | #endif 70 | 71 | #endif 72 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_hash.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_hash_H 2 | #define crypto_hash_H 3 | 4 | /* 5 | * WARNING: Unless you absolutely need to use SHA512 for interoperatibility, 6 | * purposes, you might want to consider crypto_generichash() instead. 7 | * Unlike SHA512, crypto_generichash() is not vulnerable to length 8 | * extension attacks. 9 | */ 10 | 11 | #include 12 | 13 | #include "sodium_crypto_hash_sha512.h" 14 | #include "sodium_export.h" 15 | 16 | #ifdef __cplusplus 17 | # ifdef __GNUC__ 18 | # pragma GCC diagnostic ignored "-Wlong-long" 19 | # endif 20 | extern "C" { 21 | #endif 22 | 23 | #define crypto_hash_BYTES crypto_hash_sha512_BYTES 24 | size_t crypto_hash_bytes(void); 25 | 26 | int crypto_hash(unsigned char *out, const unsigned char *in, 27 | unsigned long long inlen) __attribute__ ((nonnull)); 28 | 29 | #define crypto_hash_PRIMITIVE "sha512" 30 | const char *crypto_hash_primitive(void) 31 | __attribute__ ((warn_unused_result)); 32 | 33 | #ifdef __cplusplus 34 | } 35 | #endif 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_hash_sha512.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_hash_sha512_H 2 | #define crypto_hash_sha512_H 3 | 4 | /* 5 | * WARNING: Unless you absolutely need to use SHA512 for interoperatibility, 6 | * purposes, you might want to consider crypto_generichash() instead. 7 | * Unlike SHA512, crypto_generichash() is not vulnerable to length 8 | * extension attacks. 9 | */ 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | #include "sodium_export.h" 16 | 17 | #ifdef __cplusplus 18 | # ifdef __GNUC__ 19 | # pragma GCC diagnostic ignored "-Wlong-long" 20 | # endif 21 | extern "C" { 22 | #endif 23 | 24 | typedef struct crypto_hash_sha512_state { 25 | uint64_t state[8]; 26 | uint64_t count[2]; 27 | uint8_t buf[128]; 28 | } crypto_hash_sha512_state; 29 | 30 | size_t crypto_hash_sha512_statebytes(void); 31 | 32 | #define crypto_hash_sha512_BYTES 64U 33 | size_t crypto_hash_sha512_bytes(void); 34 | 35 | int crypto_hash_sha512(unsigned char *out, const unsigned char *in, 36 | unsigned long long inlen) __attribute__ ((nonnull)); 37 | 38 | int crypto_hash_sha512_init(crypto_hash_sha512_state *state) 39 | __attribute__ ((nonnull)); 40 | 41 | int crypto_hash_sha512_update(crypto_hash_sha512_state *state, 42 | const unsigned char *in, 43 | unsigned long long inlen) 44 | __attribute__ ((nonnull)); 45 | 46 | int crypto_hash_sha512_final(crypto_hash_sha512_state *state, 47 | unsigned char *out) 48 | __attribute__ ((nonnull)); 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_kx.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_kx_H 2 | #define crypto_kx_H 3 | 4 | #include 5 | 6 | #include "sodium_export.h" 7 | 8 | #ifdef __cplusplus 9 | # ifdef __GNUC__ 10 | # pragma GCC diagnostic ignored "-Wlong-long" 11 | # endif 12 | extern "C" { 13 | #endif 14 | 15 | #define crypto_kx_PUBLICKEYBYTES 32 16 | size_t crypto_kx_publickeybytes(void); 17 | 18 | #define crypto_kx_SECRETKEYBYTES 32 19 | size_t crypto_kx_secretkeybytes(void); 20 | 21 | #define crypto_kx_SEEDBYTES 32 22 | size_t crypto_kx_seedbytes(void); 23 | 24 | #define crypto_kx_SESSIONKEYBYTES 32 25 | size_t crypto_kx_sessionkeybytes(void); 26 | 27 | #define crypto_kx_PRIMITIVE "x25519blake2b" 28 | const char *crypto_kx_primitive(void); 29 | 30 | int crypto_kx_seed_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], 31 | unsigned char sk[crypto_kx_SECRETKEYBYTES], 32 | const unsigned char seed[crypto_kx_SEEDBYTES]) 33 | __attribute__ ((nonnull)); 34 | 35 | int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], 36 | unsigned char sk[crypto_kx_SECRETKEYBYTES]) 37 | __attribute__ ((nonnull)); 38 | 39 | int crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], 40 | unsigned char tx[crypto_kx_SESSIONKEYBYTES], 41 | const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES], 42 | const unsigned char client_sk[crypto_kx_SECRETKEYBYTES], 43 | const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES]) 44 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); 45 | 46 | int crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES], 47 | unsigned char tx[crypto_kx_SESSIONKEYBYTES], 48 | const unsigned char server_pk[crypto_kx_PUBLICKEYBYTES], 49 | const unsigned char server_sk[crypto_kx_SECRETKEYBYTES], 50 | const unsigned char client_pk[crypto_kx_PUBLICKEYBYTES]) 51 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 4, 5))); 52 | 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_onetimeauth.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_onetimeauth_H 2 | #define crypto_onetimeauth_H 3 | 4 | #include 5 | 6 | #include "sodium_crypto_onetimeauth_poly1305.h" 7 | #include "sodium_export.h" 8 | 9 | #ifdef __cplusplus 10 | # ifdef __GNUC__ 11 | # pragma GCC diagnostic ignored "-Wlong-long" 12 | # endif 13 | extern "C" { 14 | #endif 15 | 16 | typedef crypto_onetimeauth_poly1305_state crypto_onetimeauth_state; 17 | 18 | size_t crypto_onetimeauth_statebytes(void); 19 | 20 | #define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES 21 | size_t crypto_onetimeauth_bytes(void); 22 | 23 | #define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES 24 | size_t crypto_onetimeauth_keybytes(void); 25 | 26 | #define crypto_onetimeauth_PRIMITIVE "poly1305" 27 | const char *crypto_onetimeauth_primitive(void); 28 | 29 | int crypto_onetimeauth(unsigned char *out, const unsigned char *in, 30 | unsigned long long inlen, const unsigned char *k) 31 | __attribute__ ((nonnull)); 32 | 33 | int crypto_onetimeauth_verify(const unsigned char *h, const unsigned char *in, 34 | unsigned long long inlen, const unsigned char *k) 35 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 36 | 37 | int crypto_onetimeauth_init(crypto_onetimeauth_state *state, 38 | const unsigned char *key) __attribute__ ((nonnull)); 39 | 40 | int crypto_onetimeauth_update(crypto_onetimeauth_state *state, 41 | const unsigned char *in, 42 | unsigned long long inlen) 43 | __attribute__ ((nonnull)); 44 | 45 | int crypto_onetimeauth_final(crypto_onetimeauth_state *state, 46 | unsigned char *out) __attribute__ ((nonnull)); 47 | 48 | void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES]) 49 | __attribute__ ((nonnull)); 50 | 51 | #ifdef __cplusplus 52 | } 53 | #endif 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_onetimeauth_poly1305.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_onetimeauth_poly1305_H 2 | #define crypto_onetimeauth_poly1305_H 3 | 4 | #ifdef __cplusplus 5 | # ifdef __GNUC__ 6 | # pragma GCC diagnostic ignored "-Wlong-long" 7 | # endif 8 | extern "C" { 9 | #endif 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | #include 16 | 17 | #include "sodium_export.h" 18 | 19 | typedef struct CRYPTO_ALIGN(16) crypto_onetimeauth_poly1305_state { 20 | unsigned char opaque[256]; 21 | } crypto_onetimeauth_poly1305_state; 22 | 23 | size_t crypto_onetimeauth_poly1305_statebytes(void); 24 | 25 | #define crypto_onetimeauth_poly1305_BYTES 16U 26 | size_t crypto_onetimeauth_poly1305_bytes(void); 27 | 28 | #define crypto_onetimeauth_poly1305_KEYBYTES 32U 29 | size_t crypto_onetimeauth_poly1305_keybytes(void); 30 | 31 | int crypto_onetimeauth_poly1305(unsigned char *out, 32 | const unsigned char *in, 33 | unsigned long long inlen, 34 | const unsigned char *k) 35 | __attribute__ ((nonnull)); 36 | 37 | int crypto_onetimeauth_poly1305_verify(const unsigned char *h, 38 | const unsigned char *in, 39 | unsigned long long inlen, 40 | const unsigned char *k) 41 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 42 | 43 | int crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state, 44 | const unsigned char *key) 45 | __attribute__ ((nonnull)); 46 | 47 | int crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state, 48 | const unsigned char *in, 49 | unsigned long long inlen) 50 | __attribute__ ((nonnull)); 51 | 52 | int crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state, 53 | unsigned char *out) 54 | __attribute__ ((nonnull)); 55 | 56 | void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES]) 57 | __attribute__ ((nonnull)); 58 | 59 | #ifdef __cplusplus 60 | } 61 | #endif 62 | 63 | #endif 64 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_scalarmult.c: -------------------------------------------------------------------------------- 1 | 2 | #include "sodium_crypto_scalarmult.h" 3 | 4 | const char * 5 | crypto_scalarmult_primitive(void) 6 | { 7 | return crypto_scalarmult_PRIMITIVE; 8 | } 9 | 10 | int 11 | crypto_scalarmult_base(unsigned char *q, const unsigned char *n) 12 | { 13 | return crypto_scalarmult_curve25519_base(q, n); 14 | } 15 | 16 | int 17 | crypto_scalarmult(unsigned char *q, const unsigned char *n, 18 | const unsigned char *p) 19 | { 20 | return crypto_scalarmult_curve25519(q, n, p); 21 | } 22 | 23 | size_t 24 | crypto_scalarmult_bytes(void) 25 | { 26 | return crypto_scalarmult_BYTES; 27 | } 28 | 29 | size_t 30 | crypto_scalarmult_scalarbytes(void) 31 | { 32 | return crypto_scalarmult_SCALARBYTES; 33 | } 34 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_scalarmult.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_scalarmult_H 2 | #define crypto_scalarmult_H 3 | 4 | #include 5 | 6 | #include "sodium_crypto_scalarmult_curve25519.h" 7 | #include "sodium_export.h" 8 | 9 | #ifdef __cplusplus 10 | extern "C" { 11 | #endif 12 | 13 | #define crypto_scalarmult_BYTES crypto_scalarmult_curve25519_BYTES 14 | size_t crypto_scalarmult_bytes(void); 15 | 16 | #define crypto_scalarmult_SCALARBYTES crypto_scalarmult_curve25519_SCALARBYTES 17 | size_t crypto_scalarmult_scalarbytes(void); 18 | 19 | #define crypto_scalarmult_PRIMITIVE "curve25519" 20 | const char *crypto_scalarmult_primitive(void); 21 | 22 | int crypto_scalarmult_base(unsigned char *q, const unsigned char *n) 23 | __attribute__ ((nonnull)); 24 | 25 | /* 26 | * NOTE: Do not use the result of this function directly. 27 | * 28 | * Hash the result with the public keys in order to compute a shared 29 | * secret key: H(q || client_pk || server_pk) 30 | * 31 | * Or unless this is not an option, use the crypto_kx() API instead. 32 | */ 33 | int crypto_scalarmult(unsigned char *q, const unsigned char *n, 34 | const unsigned char *p) 35 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 36 | 37 | #ifdef __cplusplus 38 | } 39 | #endif 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_scalarmult_curve25519.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_scalarmult_curve25519_H 2 | #define crypto_scalarmult_curve25519_H 3 | 4 | #include 5 | 6 | #include "sodium_export.h" 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | #define crypto_scalarmult_curve25519_BYTES 32U 13 | size_t crypto_scalarmult_curve25519_bytes(void); 14 | 15 | #define crypto_scalarmult_curve25519_SCALARBYTES 32U 16 | size_t crypto_scalarmult_curve25519_scalarbytes(void); 17 | 18 | /* 19 | * NOTE: Do not use the result of this function directly. 20 | * 21 | * Hash the result with the public keys in order to compute a shared 22 | * secret key: H(q || client_pk || server_pk) 23 | * 24 | * Or unless this is not an option, use the crypto_kx() API instead. 25 | */ 26 | int crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n, 27 | const unsigned char *p) 28 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 29 | 30 | int crypto_scalarmult_curve25519_base(unsigned char *q, 31 | const unsigned char *n) 32 | __attribute__ ((nonnull)); 33 | 34 | #ifdef __cplusplus 35 | } 36 | #endif 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_scalarmult_ed25519.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef crypto_scalarmult_ed25519_H 3 | #define crypto_scalarmult_ed25519_H 4 | 5 | #include 6 | 7 | #include "sodium_export.h" 8 | 9 | #ifdef __cplusplus 10 | extern "C" { 11 | #endif 12 | 13 | #define crypto_scalarmult_ed25519_BYTES 32U 14 | size_t crypto_scalarmult_ed25519_bytes(void); 15 | 16 | #define crypto_scalarmult_ed25519_SCALARBYTES 32U 17 | size_t crypto_scalarmult_ed25519_scalarbytes(void); 18 | 19 | /* 20 | * NOTE: Do not use the result of this function directly. 21 | * 22 | * Hash the result with the public keys in order to compute a shared 23 | * secret key: H(q || client_pk || server_pk) 24 | * 25 | * Or unless this is not an option, use the crypto_kx() API instead. 26 | */ 27 | int crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, 28 | const unsigned char *p) 29 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 30 | 31 | int crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n, 32 | const unsigned char *p) 33 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 34 | 35 | int crypto_scalarmult_ed25519_base(unsigned char *q, const unsigned char *n) 36 | __attribute__ ((nonnull)); 37 | 38 | int crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, const unsigned char *n) 39 | __attribute__ ((nonnull)); 40 | 41 | #ifdef __cplusplus 42 | } 43 | #endif 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_secretbox.c: -------------------------------------------------------------------------------- 1 | 2 | #include "sodium_crypto_secretbox.h" 3 | #include "sodium_randombytes.h" 4 | 5 | int 6 | crypto_secretbox(unsigned char *c, const unsigned char *m, 7 | unsigned long long mlen, const unsigned char *n, 8 | const unsigned char *k) 9 | { 10 | return crypto_secretbox_xsalsa20poly1305(c, m, mlen, n, k); 11 | } 12 | 13 | int 14 | crypto_secretbox_open(unsigned char *m, const unsigned char *c, 15 | unsigned long long clen, const unsigned char *n, 16 | const unsigned char *k) 17 | { 18 | return crypto_secretbox_xsalsa20poly1305_open(m, c, clen, n, k); 19 | } 20 | 21 | void 22 | crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES]) 23 | { 24 | randombytes_buf(k, crypto_secretbox_KEYBYTES); 25 | } 26 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_secretbox.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_secretbox_H 2 | #define crypto_secretbox_H 3 | 4 | #include 5 | 6 | #include "sodium_crypto_secretbox_xsalsa20poly1305.h" 7 | #include "sodium_export.h" 8 | 9 | #ifdef __cplusplus 10 | # ifdef __GNUC__ 11 | # pragma GCC diagnostic ignored "-Wlong-long" 12 | # endif 13 | extern "C" { 14 | #endif 15 | 16 | #define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES 17 | size_t crypto_secretbox_keybytes(void); 18 | 19 | #define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES 20 | size_t crypto_secretbox_noncebytes(void); 21 | 22 | #define crypto_secretbox_MACBYTES crypto_secretbox_xsalsa20poly1305_MACBYTES 23 | size_t crypto_secretbox_macbytes(void); 24 | 25 | #define crypto_secretbox_PRIMITIVE "xsalsa20poly1305" 26 | const char *crypto_secretbox_primitive(void); 27 | 28 | #define crypto_secretbox_MESSAGEBYTES_MAX crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX 29 | size_t crypto_secretbox_messagebytes_max(void); 30 | 31 | int crypto_secretbox_easy(unsigned char *c, const unsigned char *m, 32 | unsigned long long mlen, const unsigned char *n, 33 | const unsigned char *k) __attribute__ ((nonnull)); 34 | 35 | int crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c, 36 | unsigned long long clen, const unsigned char *n, 37 | const unsigned char *k) 38 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); 39 | 40 | int crypto_secretbox_detached(unsigned char *c, unsigned char *mac, 41 | const unsigned char *m, 42 | unsigned long long mlen, 43 | const unsigned char *n, 44 | const unsigned char *k) 45 | __attribute__ ((nonnull)); 46 | 47 | int crypto_secretbox_open_detached(unsigned char *m, 48 | const unsigned char *c, 49 | const unsigned char *mac, 50 | unsigned long long clen, 51 | const unsigned char *n, 52 | const unsigned char *k) 53 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6))); 54 | 55 | void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES]) 56 | __attribute__ ((nonnull)); 57 | 58 | /* -- NaCl compatibility interface ; Requires padding -- */ 59 | 60 | #define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES 61 | size_t crypto_secretbox_zerobytes(void); 62 | 63 | #define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 64 | size_t crypto_secretbox_boxzerobytes(void); 65 | 66 | int crypto_secretbox(unsigned char *c, const unsigned char *m, 67 | unsigned long long mlen, const unsigned char *n, 68 | const unsigned char *k) __attribute__ ((nonnull)); 69 | 70 | int crypto_secretbox_open(unsigned char *m, const unsigned char *c, 71 | unsigned long long clen, const unsigned char *n, 72 | const unsigned char *k) 73 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); 74 | 75 | #ifdef __cplusplus 76 | } 77 | #endif 78 | 79 | #endif 80 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_secretbox_xchacha20poly1305.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_secretbox_xchacha20poly1305_H 2 | #define crypto_secretbox_xchacha20poly1305_H 3 | 4 | #include 5 | #include "sodium_crypto_stream_xchacha20.h" 6 | #include "sodium_export.h" 7 | 8 | #ifdef __cplusplus 9 | # ifdef __GNUC__ 10 | # pragma GCC diagnostic ignored "-Wlong-long" 11 | # endif 12 | extern "C" { 13 | #endif 14 | 15 | #define crypto_secretbox_xchacha20poly1305_KEYBYTES 32U 16 | size_t crypto_secretbox_xchacha20poly1305_keybytes(void); 17 | 18 | #define crypto_secretbox_xchacha20poly1305_NONCEBYTES 24U 19 | size_t crypto_secretbox_xchacha20poly1305_noncebytes(void); 20 | 21 | #define crypto_secretbox_xchacha20poly1305_MACBYTES 16U 22 | size_t crypto_secretbox_xchacha20poly1305_macbytes(void); 23 | 24 | #define crypto_secretbox_xchacha20poly1305_MESSAGEBYTES_MAX \ 25 | (crypto_stream_xchacha20_MESSAGEBYTES_MAX - crypto_secretbox_xchacha20poly1305_MACBYTES) 26 | size_t crypto_secretbox_xchacha20poly1305_messagebytes_max(void); 27 | 28 | int crypto_secretbox_xchacha20poly1305_easy(unsigned char *c, 29 | const unsigned char *m, 30 | unsigned long long mlen, 31 | const unsigned char *n, 32 | const unsigned char *k) 33 | __attribute__ ((nonnull)); 34 | 35 | int crypto_secretbox_xchacha20poly1305_open_easy(unsigned char *m, 36 | const unsigned char *c, 37 | unsigned long long clen, 38 | const unsigned char *n, 39 | const unsigned char *k) 40 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); 41 | 42 | int crypto_secretbox_xchacha20poly1305_detached(unsigned char *c, 43 | unsigned char *mac, 44 | const unsigned char *m, 45 | unsigned long long mlen, 46 | const unsigned char *n, 47 | const unsigned char *k) 48 | __attribute__ ((nonnull)); 49 | 50 | int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m, 51 | const unsigned char *c, 52 | const unsigned char *mac, 53 | unsigned long long clen, 54 | const unsigned char *n, 55 | const unsigned char *k) 56 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 3, 5, 6))); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif 63 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_secretbox_xsalsa20poly1305.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_secretbox_xsalsa20poly1305_H 2 | #define crypto_secretbox_xsalsa20poly1305_H 3 | 4 | #include 5 | #include "sodium_crypto_stream_xsalsa20.h" 6 | #include "sodium_export.h" 7 | 8 | #ifdef __cplusplus 9 | # ifdef __GNUC__ 10 | # pragma GCC diagnostic ignored "-Wlong-long" 11 | # endif 12 | extern "C" { 13 | #endif 14 | 15 | #define crypto_secretbox_xsalsa20poly1305_KEYBYTES 32U 16 | size_t crypto_secretbox_xsalsa20poly1305_keybytes(void); 17 | 18 | #define crypto_secretbox_xsalsa20poly1305_NONCEBYTES 24U 19 | size_t crypto_secretbox_xsalsa20poly1305_noncebytes(void); 20 | 21 | #define crypto_secretbox_xsalsa20poly1305_MACBYTES 16U 22 | size_t crypto_secretbox_xsalsa20poly1305_macbytes(void); 23 | 24 | /* Only for the libsodium API - The NaCl compatibility API would require BOXZEROBYTES extra bytes */ 25 | #define crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX \ 26 | (crypto_stream_xsalsa20_MESSAGEBYTES_MAX - crypto_secretbox_xsalsa20poly1305_MACBYTES) 27 | size_t crypto_secretbox_xsalsa20poly1305_messagebytes_max(void); 28 | 29 | int crypto_secretbox_xsalsa20poly1305(unsigned char *c, 30 | const unsigned char *m, 31 | unsigned long long mlen, 32 | const unsigned char *n, 33 | const unsigned char *k) 34 | __attribute__ ((nonnull)); 35 | 36 | int crypto_secretbox_xsalsa20poly1305_open(unsigned char *m, 37 | const unsigned char *c, 38 | unsigned long long clen, 39 | const unsigned char *n, 40 | const unsigned char *k) 41 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(2, 4, 5))); 42 | 43 | void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES]) 44 | __attribute__ ((nonnull)); 45 | 46 | /* -- NaCl compatibility interface ; Requires padding -- */ 47 | 48 | #define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 16U 49 | size_t crypto_secretbox_xsalsa20poly1305_boxzerobytes(void); 50 | 51 | #define crypto_secretbox_xsalsa20poly1305_ZEROBYTES \ 52 | (crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES + \ 53 | crypto_secretbox_xsalsa20poly1305_MACBYTES) 54 | size_t crypto_secretbox_xsalsa20poly1305_zerobytes(void); 55 | 56 | #ifdef __cplusplus 57 | } 58 | #endif 59 | 60 | #endif 61 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_shorthash.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_shorthash_H 2 | #define crypto_shorthash_H 3 | 4 | #include 5 | 6 | #include "sodium_crypto_shorthash_siphash24.h" 7 | #include "sodium_export.h" 8 | 9 | #ifdef __cplusplus 10 | # ifdef __GNUC__ 11 | # pragma GCC diagnostic ignored "-Wlong-long" 12 | # endif 13 | extern "C" { 14 | #endif 15 | 16 | #define crypto_shorthash_BYTES crypto_shorthash_siphash24_BYTES 17 | size_t crypto_shorthash_bytes(void); 18 | 19 | #define crypto_shorthash_KEYBYTES crypto_shorthash_siphash24_KEYBYTES 20 | size_t crypto_shorthash_keybytes(void); 21 | 22 | #define crypto_shorthash_PRIMITIVE "siphash24" 23 | const char *crypto_shorthash_primitive(void); 24 | 25 | int crypto_shorthash(unsigned char *out, const unsigned char *in, 26 | unsigned long long inlen, const unsigned char *k) 27 | __attribute__ ((nonnull)); 28 | 29 | void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES]) 30 | __attribute__ ((nonnull)); 31 | 32 | #ifdef __cplusplus 33 | } 34 | #endif 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_shorthash_siphash24.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_shorthash_siphash24_H 2 | #define crypto_shorthash_siphash24_H 3 | 4 | #include 5 | #include "sodium_export.h" 6 | 7 | #ifdef __cplusplus 8 | # ifdef __GNUC__ 9 | # pragma GCC diagnostic ignored "-Wlong-long" 10 | # endif 11 | extern "C" { 12 | #endif 13 | 14 | /* -- 64-bit output -- */ 15 | 16 | #define crypto_shorthash_siphash24_BYTES 8U 17 | size_t crypto_shorthash_siphash24_bytes(void); 18 | 19 | #define crypto_shorthash_siphash24_KEYBYTES 16U 20 | size_t crypto_shorthash_siphash24_keybytes(void); 21 | 22 | int crypto_shorthash_siphash24(unsigned char *out, const unsigned char *in, 23 | unsigned long long inlen, const unsigned char *k) 24 | __attribute__ ((nonnull)); 25 | 26 | #ifndef SODIUM_LIBRARY_MINIMAL 27 | /* -- 128-bit output -- */ 28 | 29 | #define crypto_shorthash_siphashx24_BYTES 16U 30 | size_t crypto_shorthash_siphashx24_bytes(void); 31 | 32 | #define crypto_shorthash_siphashx24_KEYBYTES 16U 33 | size_t crypto_shorthash_siphashx24_keybytes(void); 34 | 35 | int crypto_shorthash_siphashx24(unsigned char *out, const unsigned char *in, 36 | unsigned long long inlen, const unsigned char *k) 37 | __attribute__ ((nonnull)); 38 | #endif 39 | 40 | #ifdef __cplusplus 41 | } 42 | #endif 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_sign.c: -------------------------------------------------------------------------------- 1 | 2 | #include "sodium_crypto_sign.h" 3 | 4 | int 5 | crypto_sign_keypair(unsigned char *pk, unsigned char *sk) 6 | { 7 | return crypto_sign_ed25519_keypair(pk, sk); 8 | } 9 | 10 | int 11 | crypto_sign(unsigned char *sm, unsigned long long *smlen_p, 12 | const unsigned char *m, unsigned long long mlen, 13 | const unsigned char *sk) 14 | { 15 | return crypto_sign_ed25519(sm, smlen_p, m, mlen, sk); 16 | } 17 | 18 | int 19 | crypto_sign_open(unsigned char *m, unsigned long long *mlen_p, 20 | const unsigned char *sm, unsigned long long smlen, 21 | const unsigned char *pk) 22 | { 23 | return crypto_sign_ed25519_open(m, mlen_p, sm, smlen, pk); 24 | } 25 | 26 | int 27 | crypto_sign_init(crypto_sign_state *state) 28 | { 29 | return crypto_sign_ed25519ph_init(state); 30 | } 31 | 32 | int 33 | crypto_sign_update(crypto_sign_state *state, const unsigned char *m, 34 | unsigned long long mlen) 35 | { 36 | return crypto_sign_ed25519ph_update(state, m, mlen); 37 | } 38 | 39 | int 40 | crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig, 41 | unsigned long long *siglen_p, const unsigned char *sk) 42 | { 43 | return crypto_sign_ed25519ph_final_create(state, sig, siglen_p, sk); 44 | } 45 | 46 | int 47 | crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig, 48 | const unsigned char *pk) 49 | { 50 | return crypto_sign_ed25519ph_final_verify(state, sig, pk); 51 | } 52 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_sign.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_sign_H 2 | #define crypto_sign_H 3 | 4 | /* 5 | * THREAD SAFETY: crypto_sign_keypair() is thread-safe, 6 | * provided that sodium_init() was called before. 7 | * 8 | * Other functions, including crypto_sign_seed_keypair() are always thread-safe. 9 | */ 10 | 11 | #include 12 | 13 | #include "sodium_crypto_sign_ed25519.h" 14 | #include "sodium_export.h" 15 | 16 | #ifdef __cplusplus 17 | # ifdef __GNUC__ 18 | # pragma GCC diagnostic ignored "-Wlong-long" 19 | # endif 20 | extern "C" { 21 | #endif 22 | 23 | typedef crypto_sign_ed25519ph_state crypto_sign_state; 24 | 25 | size_t crypto_sign_statebytes(void); 26 | 27 | #define crypto_sign_BYTES crypto_sign_ed25519_BYTES 28 | size_t crypto_sign_bytes(void); 29 | 30 | #define crypto_sign_SEEDBYTES crypto_sign_ed25519_SEEDBYTES 31 | size_t crypto_sign_seedbytes(void); 32 | 33 | #define crypto_sign_PUBLICKEYBYTES crypto_sign_ed25519_PUBLICKEYBYTES 34 | size_t crypto_sign_publickeybytes(void); 35 | 36 | #define crypto_sign_SECRETKEYBYTES crypto_sign_ed25519_SECRETKEYBYTES 37 | size_t crypto_sign_secretkeybytes(void); 38 | 39 | #define crypto_sign_MESSAGEBYTES_MAX crypto_sign_ed25519_MESSAGEBYTES_MAX 40 | size_t crypto_sign_messagebytes_max(void); 41 | 42 | #define crypto_sign_PRIMITIVE "ed25519" 43 | const char *crypto_sign_primitive(void); 44 | 45 | int crypto_sign_seed_keypair(unsigned char *pk, unsigned char *sk, 46 | const unsigned char *seed) 47 | __attribute__ ((nonnull)); 48 | 49 | int crypto_sign_keypair(unsigned char *pk, unsigned char *sk) 50 | __attribute__ ((nonnull)); 51 | 52 | int crypto_sign(unsigned char *sm, unsigned long long *smlen_p, 53 | const unsigned char *m, unsigned long long mlen, 54 | const unsigned char *sk) __attribute__ ((nonnull(1, 3, 5))); 55 | 56 | int crypto_sign_open(unsigned char *m, unsigned long long *mlen_p, 57 | const unsigned char *sm, unsigned long long smlen, 58 | const unsigned char *pk) 59 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull(3, 5))); 60 | 61 | int crypto_sign_detached(unsigned char *sig, unsigned long long *siglen_p, 62 | const unsigned char *m, unsigned long long mlen, 63 | const unsigned char *sk) __attribute__ ((nonnull(1, 3, 5))); 64 | 65 | int crypto_sign_verify_detached(const unsigned char *sig, 66 | const unsigned char *m, 67 | unsigned long long mlen, 68 | const unsigned char *pk) 69 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 70 | 71 | int crypto_sign_init(crypto_sign_state *state); 72 | 73 | int crypto_sign_update(crypto_sign_state *state, 74 | const unsigned char *m, unsigned long long mlen) 75 | __attribute__ ((nonnull)); 76 | 77 | int crypto_sign_final_create(crypto_sign_state *state, unsigned char *sig, 78 | unsigned long long *siglen_p, 79 | const unsigned char *sk) 80 | __attribute__ ((nonnull(1, 2, 4))); 81 | 82 | int crypto_sign_final_verify(crypto_sign_state *state, const unsigned char *sig, 83 | const unsigned char *pk) 84 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 85 | 86 | #ifdef __cplusplus 87 | } 88 | #endif 89 | 90 | #endif 91 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_sign_edwards25519sha512batch.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_sign_edwards25519sha512batch_H 2 | #define crypto_sign_edwards25519sha512batch_H 3 | 4 | /* 5 | * WARNING: This construction was a prototype, which should not be used 6 | * any more in new projects. 7 | * 8 | * crypto_sign_edwards25519sha512batch is provided for applications 9 | * initially built with NaCl, but as recommended by the author of this 10 | * construction, new applications should use ed25519 instead. 11 | * 12 | * In Sodium, you should use the high-level crypto_sign_*() functions instead. 13 | */ 14 | 15 | #include 16 | #include "sodium_export.h" 17 | 18 | #ifdef __cplusplus 19 | # ifdef __GNUC__ 20 | # pragma GCC diagnostic ignored "-Wlong-long" 21 | # endif 22 | extern "C" { 23 | #endif 24 | 25 | #define crypto_sign_edwards25519sha512batch_BYTES 64U 26 | #define crypto_sign_edwards25519sha512batch_PUBLICKEYBYTES 32U 27 | #define crypto_sign_edwards25519sha512batch_SECRETKEYBYTES (32U + 32U) 28 | #define crypto_sign_edwards25519sha512batch_MESSAGEBYTES_MAX (SODIUM_SIZE_MAX - crypto_sign_edwards25519sha512batch_BYTES) 29 | 30 | int crypto_sign_edwards25519sha512batch(unsigned char *sm, 31 | unsigned long long *smlen_p, 32 | const unsigned char *m, 33 | unsigned long long mlen, 34 | const unsigned char *sk) 35 | __attribute__ ((deprecated)) __attribute__ ((nonnull(1, 3, 5))); 36 | 37 | int crypto_sign_edwards25519sha512batch_open(unsigned char *m, 38 | unsigned long long *mlen_p, 39 | const unsigned char *sm, 40 | unsigned long long smlen, 41 | const unsigned char *pk) 42 | __attribute__ ((deprecated)) __attribute__ ((nonnull(3, 5))); 43 | 44 | int crypto_sign_edwards25519sha512batch_keypair(unsigned char *pk, 45 | unsigned char *sk) 46 | __attribute__ ((deprecated)) __attribute__ ((nonnull)); 47 | 48 | #ifdef __cplusplus 49 | } 50 | #endif 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_stream.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_stream_H 2 | #define crypto_stream_H 3 | 4 | /* 5 | * WARNING: This is just a stream cipher. It is NOT authenticated encryption. 6 | * While it provides some protection against eavesdropping, it does NOT 7 | * provide any security against active attacks. 8 | * Unless you know what you're doing, what you are looking for is probably 9 | * the crypto_box functions. 10 | */ 11 | 12 | #include 13 | 14 | #include "sodium_crypto_stream_xsalsa20.h" 15 | #include "sodium_export.h" 16 | 17 | #ifdef __cplusplus 18 | # ifdef __GNUC__ 19 | # pragma GCC diagnostic ignored "-Wlong-long" 20 | # endif 21 | extern "C" { 22 | #endif 23 | 24 | #define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES 25 | size_t crypto_stream_keybytes(void); 26 | 27 | #define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES 28 | size_t crypto_stream_noncebytes(void); 29 | 30 | #define crypto_stream_MESSAGEBYTES_MAX crypto_stream_xsalsa20_MESSAGEBYTES_MAX 31 | size_t crypto_stream_messagebytes_max(void); 32 | 33 | #define crypto_stream_PRIMITIVE "xsalsa20" 34 | const char *crypto_stream_primitive(void); 35 | 36 | int crypto_stream(unsigned char *c, unsigned long long clen, 37 | const unsigned char *n, const unsigned char *k) 38 | __attribute__ ((nonnull)); 39 | 40 | int crypto_stream_xor(unsigned char *c, const unsigned char *m, 41 | unsigned long long mlen, const unsigned char *n, 42 | const unsigned char *k) 43 | __attribute__ ((nonnull)); 44 | 45 | void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES]) 46 | __attribute__ ((nonnull)); 47 | 48 | #ifdef __cplusplus 49 | } 50 | #endif 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_stream_chacha20.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_stream_chacha20_H 2 | #define crypto_stream_chacha20_H 3 | 4 | /* 5 | * WARNING: This is just a stream cipher. It is NOT authenticated encryption. 6 | * While it provides some protection against eavesdropping, it does NOT 7 | * provide any security against active attacks. 8 | * Unless you know what you're doing, what you are looking for is probably 9 | * the crypto_box functions. 10 | */ 11 | 12 | #include 13 | #include 14 | #include "sodium_export.h" 15 | 16 | #ifdef __cplusplus 17 | # ifdef __GNUC__ 18 | # pragma GCC diagnostic ignored "-Wlong-long" 19 | # endif 20 | extern "C" { 21 | #endif 22 | 23 | #define crypto_stream_chacha20_KEYBYTES 32U 24 | size_t crypto_stream_chacha20_keybytes(void); 25 | 26 | #define crypto_stream_chacha20_NONCEBYTES 8U 27 | size_t crypto_stream_chacha20_noncebytes(void); 28 | 29 | #define crypto_stream_chacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX 30 | size_t crypto_stream_chacha20_messagebytes_max(void); 31 | 32 | /* ChaCha20 with a 64-bit nonce and a 64-bit counter, as originally designed */ 33 | 34 | int crypto_stream_chacha20(unsigned char *c, unsigned long long clen, 35 | const unsigned char *n, const unsigned char *k) 36 | __attribute__ ((nonnull)); 37 | 38 | int crypto_stream_chacha20_xor(unsigned char *c, const unsigned char *m, 39 | unsigned long long mlen, const unsigned char *n, 40 | const unsigned char *k) 41 | __attribute__ ((nonnull)); 42 | 43 | int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m, 44 | unsigned long long mlen, 45 | const unsigned char *n, uint64_t ic, 46 | const unsigned char *k) 47 | __attribute__ ((nonnull)); 48 | 49 | void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES]) 50 | __attribute__ ((nonnull)); 51 | 52 | /* ChaCha20 with a 96-bit nonce and a 32-bit counter (IETF) */ 53 | 54 | #define crypto_stream_chacha20_ietf_KEYBYTES 32U 55 | size_t crypto_stream_chacha20_ietf_keybytes(void); 56 | 57 | #define crypto_stream_chacha20_ietf_NONCEBYTES 12U 58 | size_t crypto_stream_chacha20_ietf_noncebytes(void); 59 | 60 | #define crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX \ 61 | SODIUM_MIN(SODIUM_SIZE_MAX, 64ULL * (1ULL << 32)) 62 | size_t crypto_stream_chacha20_ietf_messagebytes_max(void); 63 | 64 | int crypto_stream_chacha20_ietf(unsigned char *c, unsigned long long clen, 65 | const unsigned char *n, const unsigned char *k) 66 | __attribute__ ((nonnull)); 67 | 68 | int crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m, 69 | unsigned long long mlen, const unsigned char *n, 70 | const unsigned char *k) 71 | __attribute__ ((nonnull)); 72 | 73 | int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m, 74 | unsigned long long mlen, 75 | const unsigned char *n, uint32_t ic, 76 | const unsigned char *k) 77 | __attribute__ ((nonnull)); 78 | 79 | void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]) 80 | __attribute__ ((nonnull)); 81 | 82 | /* Aliases */ 83 | 84 | #define crypto_stream_chacha20_IETF_KEYBYTES crypto_stream_chacha20_ietf_KEYBYTES 85 | #define crypto_stream_chacha20_IETF_NONCEBYTES crypto_stream_chacha20_ietf_NONCEBYTES 86 | #define crypto_stream_chacha20_IETF_MESSAGEBYTES_MAX crypto_stream_chacha20_ietf_MESSAGEBYTES_MAX 87 | 88 | #ifdef __cplusplus 89 | } 90 | #endif 91 | 92 | #endif 93 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_stream_salsa20.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_stream_salsa20_H 2 | #define crypto_stream_salsa20_H 3 | 4 | /* 5 | * WARNING: This is just a stream cipher. It is NOT authenticated encryption. 6 | * While it provides some protection against eavesdropping, it does NOT 7 | * provide any security against active attacks. 8 | * Unless you know what you're doing, what you are looking for is probably 9 | * the crypto_box functions. 10 | */ 11 | 12 | #include 13 | #include 14 | #include "sodium_export.h" 15 | 16 | #ifdef __cplusplus 17 | # ifdef __GNUC__ 18 | # pragma GCC diagnostic ignored "-Wlong-long" 19 | # endif 20 | extern "C" { 21 | #endif 22 | 23 | #define crypto_stream_salsa20_KEYBYTES 32U 24 | size_t crypto_stream_salsa20_keybytes(void); 25 | 26 | #define crypto_stream_salsa20_NONCEBYTES 8U 27 | size_t crypto_stream_salsa20_noncebytes(void); 28 | 29 | #define crypto_stream_salsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX 30 | size_t crypto_stream_salsa20_messagebytes_max(void); 31 | 32 | int crypto_stream_salsa20(unsigned char *c, unsigned long long clen, 33 | const unsigned char *n, const unsigned char *k) 34 | __attribute__ ((nonnull)); 35 | 36 | int crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m, 37 | unsigned long long mlen, const unsigned char *n, 38 | const unsigned char *k) 39 | __attribute__ ((nonnull)); 40 | 41 | int crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m, 42 | unsigned long long mlen, 43 | const unsigned char *n, uint64_t ic, 44 | const unsigned char *k) 45 | __attribute__ ((nonnull)); 46 | 47 | void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES]) 48 | __attribute__ ((nonnull)); 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_stream_salsa2012.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_stream_salsa2012_H 2 | #define crypto_stream_salsa2012_H 3 | 4 | /* 5 | * WARNING: This is just a stream cipher. It is NOT authenticated encryption. 6 | * While it provides some protection against eavesdropping, it does NOT 7 | * provide any security against active attacks. 8 | * Unless you know what you're doing, what you are looking for is probably 9 | * the crypto_box functions. 10 | */ 11 | 12 | #include 13 | #include "sodium_export.h" 14 | 15 | #ifdef __cplusplus 16 | # ifdef __GNUC__ 17 | # pragma GCC diagnostic ignored "-Wlong-long" 18 | # endif 19 | extern "C" { 20 | #endif 21 | 22 | #define crypto_stream_salsa2012_KEYBYTES 32U 23 | size_t crypto_stream_salsa2012_keybytes(void); 24 | 25 | #define crypto_stream_salsa2012_NONCEBYTES 8U 26 | size_t crypto_stream_salsa2012_noncebytes(void); 27 | 28 | #define crypto_stream_salsa2012_MESSAGEBYTES_MAX SODIUM_SIZE_MAX 29 | size_t crypto_stream_salsa2012_messagebytes_max(void); 30 | 31 | int crypto_stream_salsa2012(unsigned char *c, unsigned long long clen, 32 | const unsigned char *n, const unsigned char *k) 33 | __attribute__ ((nonnull)); 34 | 35 | int crypto_stream_salsa2012_xor(unsigned char *c, const unsigned char *m, 36 | unsigned long long mlen, const unsigned char *n, 37 | const unsigned char *k) 38 | __attribute__ ((nonnull)); 39 | 40 | void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES]) 41 | __attribute__ ((nonnull)); 42 | 43 | #ifdef __cplusplus 44 | } 45 | #endif 46 | 47 | #endif 48 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_stream_salsa208.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_stream_salsa208_H 2 | #define crypto_stream_salsa208_H 3 | 4 | /* 5 | * WARNING: This is just a stream cipher. It is NOT authenticated encryption. 6 | * While it provides some protection against eavesdropping, it does NOT 7 | * provide any security against active attacks. 8 | * Unless you know what you're doing, what you are looking for is probably 9 | * the crypto_box functions. 10 | */ 11 | 12 | #include 13 | #include "sodium_export.h" 14 | 15 | #ifdef __cplusplus 16 | # ifdef __GNUC__ 17 | # pragma GCC diagnostic ignored "-Wlong-long" 18 | # endif 19 | extern "C" { 20 | #endif 21 | 22 | #define crypto_stream_salsa208_KEYBYTES 32U 23 | size_t crypto_stream_salsa208_keybytes(void) 24 | __attribute__ ((deprecated)); 25 | 26 | #define crypto_stream_salsa208_NONCEBYTES 8U 27 | size_t crypto_stream_salsa208_noncebytes(void) 28 | __attribute__ ((deprecated)); 29 | 30 | #define crypto_stream_salsa208_MESSAGEBYTES_MAX SODIUM_SIZE_MAX 31 | size_t crypto_stream_salsa208_messagebytes_max(void) 32 | __attribute__ ((deprecated)); 33 | 34 | int crypto_stream_salsa208(unsigned char *c, unsigned long long clen, 35 | const unsigned char *n, const unsigned char *k) 36 | __attribute__ ((deprecated)) __attribute__ ((nonnull)); 37 | 38 | int crypto_stream_salsa208_xor(unsigned char *c, const unsigned char *m, 39 | unsigned long long mlen, const unsigned char *n, 40 | const unsigned char *k) 41 | __attribute__ ((deprecated)) __attribute__ ((nonnull)); 42 | 43 | void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES]) 44 | __attribute__ ((deprecated)) __attribute__ ((nonnull)); 45 | 46 | #ifdef __cplusplus 47 | } 48 | #endif 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_stream_xchacha20.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_stream_xchacha20_H 2 | #define crypto_stream_xchacha20_H 3 | 4 | /* 5 | * WARNING: This is just a stream cipher. It is NOT authenticated encryption. 6 | * While it provides some protection against eavesdropping, it does NOT 7 | * provide any security against active attacks. 8 | * Unless you know what you're doing, what you are looking for is probably 9 | * the crypto_box functions. 10 | */ 11 | 12 | #include 13 | #include 14 | #include "sodium_export.h" 15 | 16 | #ifdef __cplusplus 17 | # ifdef __GNUC__ 18 | # pragma GCC diagnostic ignored "-Wlong-long" 19 | # endif 20 | extern "C" { 21 | #endif 22 | 23 | #define crypto_stream_xchacha20_KEYBYTES 32U 24 | size_t crypto_stream_xchacha20_keybytes(void); 25 | 26 | #define crypto_stream_xchacha20_NONCEBYTES 24U 27 | size_t crypto_stream_xchacha20_noncebytes(void); 28 | 29 | #define crypto_stream_xchacha20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX 30 | size_t crypto_stream_xchacha20_messagebytes_max(void); 31 | 32 | int crypto_stream_xchacha20(unsigned char *c, unsigned long long clen, 33 | const unsigned char *n, const unsigned char *k) 34 | __attribute__ ((nonnull)); 35 | 36 | int crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m, 37 | unsigned long long mlen, const unsigned char *n, 38 | const unsigned char *k) 39 | __attribute__ ((nonnull)); 40 | 41 | int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m, 42 | unsigned long long mlen, 43 | const unsigned char *n, uint64_t ic, 44 | const unsigned char *k) 45 | __attribute__ ((nonnull)); 46 | 47 | void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES]) 48 | __attribute__ ((nonnull)); 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_stream_xsalsa20.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_stream_xsalsa20_H 2 | #define crypto_stream_xsalsa20_H 3 | 4 | /* 5 | * WARNING: This is just a stream cipher. It is NOT authenticated encryption. 6 | * While it provides some protection against eavesdropping, it does NOT 7 | * provide any security against active attacks. 8 | * Unless you know what you're doing, what you are looking for is probably 9 | * the crypto_box functions. 10 | */ 11 | 12 | #include 13 | #include 14 | #include "sodium_export.h" 15 | 16 | #ifdef __cplusplus 17 | # ifdef __GNUC__ 18 | # pragma GCC diagnostic ignored "-Wlong-long" 19 | # endif 20 | extern "C" { 21 | #endif 22 | 23 | #define crypto_stream_xsalsa20_KEYBYTES 32U 24 | size_t crypto_stream_xsalsa20_keybytes(void); 25 | 26 | #define crypto_stream_xsalsa20_NONCEBYTES 24U 27 | size_t crypto_stream_xsalsa20_noncebytes(void); 28 | 29 | #define crypto_stream_xsalsa20_MESSAGEBYTES_MAX SODIUM_SIZE_MAX 30 | size_t crypto_stream_xsalsa20_messagebytes_max(void); 31 | 32 | int crypto_stream_xsalsa20(unsigned char *c, unsigned long long clen, 33 | const unsigned char *n, const unsigned char *k) 34 | __attribute__ ((nonnull)); 35 | 36 | int crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m, 37 | unsigned long long mlen, const unsigned char *n, 38 | const unsigned char *k) 39 | __attribute__ ((nonnull)); 40 | 41 | int crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m, 42 | unsigned long long mlen, 43 | const unsigned char *n, uint64_t ic, 44 | const unsigned char *k) 45 | __attribute__ ((nonnull)); 46 | 47 | void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES]) 48 | __attribute__ ((nonnull)); 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_verify_16.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_verify_16_H 2 | #define crypto_verify_16_H 3 | 4 | #include 5 | 6 | #include "sodium_export.h" 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | #define crypto_verify_16_BYTES 16U 13 | size_t crypto_verify_16_bytes(void); 14 | 15 | int crypto_verify_16(const unsigned char *x, const unsigned char *y) 16 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 17 | 18 | #ifdef __cplusplus 19 | } 20 | #endif 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_verify_32.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_verify_32_H 2 | #define crypto_verify_32_H 3 | 4 | #include 5 | #include "sodium_export.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #define crypto_verify_32_BYTES 32U 12 | size_t crypto_verify_32_bytes(void); 13 | 14 | int crypto_verify_32(const unsigned char *x, const unsigned char *y) 15 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 16 | 17 | #ifdef __cplusplus 18 | } 19 | #endif 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /sodium/sodium_crypto_verify_64.h: -------------------------------------------------------------------------------- 1 | #ifndef crypto_verify_64_H 2 | #define crypto_verify_64_H 3 | 4 | #include 5 | #include "sodium_export.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | #define crypto_verify_64_BYTES 64U 12 | size_t crypto_verify_64_bytes(void); 13 | 14 | int crypto_verify_64(const unsigned char *x, const unsigned char *y) 15 | __attribute__ ((warn_unused_result)) __attribute__ ((nonnull)); 16 | 17 | #ifdef __cplusplus 18 | } 19 | #endif 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /sodium/sodium_dolbeau_chacha20-avx2.h: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_stream_chacha20.h" 5 | #include "sodium_crypto_stream_chacha20.h" 6 | 7 | extern struct crypto_stream_chacha20_implementation 8 | crypto_stream_chacha20_dolbeau_avx2_implementation; 9 | -------------------------------------------------------------------------------- /sodium/sodium_dolbeau_chacha20-ssse3.h: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_stream_chacha20.h" 5 | #include "sodium_crypto_stream_chacha20.h" 6 | 7 | extern struct crypto_stream_chacha20_implementation 8 | crypto_stream_chacha20_dolbeau_ssse3_implementation; 9 | -------------------------------------------------------------------------------- /sodium/sodium_dolbeau_u0.h: -------------------------------------------------------------------------------- 1 | if (bytes > 0) { 2 | __m128i x_0, x_1, x_2, x_3; 3 | __m128i t_1; 4 | const __m128i rot16 = 5 | _mm_set_epi8(13, 12, 15, 14, 9, 8, 11, 10, 5, 4, 7, 6, 1, 0, 3, 2); 6 | const __m128i rot8 = 7 | _mm_set_epi8(14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3); 8 | uint8_t partialblock[64]; 9 | 10 | unsigned int i; 11 | 12 | x_0 = _mm_loadu_si128((const __m128i*) (x + 0)); 13 | x_1 = _mm_loadu_si128((const __m128i*) (x + 4)); 14 | x_2 = _mm_loadu_si128((const __m128i*) (x + 8)); 15 | x_3 = _mm_loadu_si128((const __m128i*) (x + 12)); 16 | 17 | for (i = 0; i < ROUNDS; i += 2) { 18 | x_0 = _mm_add_epi32(x_0, x_1); 19 | x_3 = _mm_xor_si128(x_3, x_0); 20 | x_3 = _mm_shuffle_epi8(x_3, rot16); 21 | 22 | x_2 = _mm_add_epi32(x_2, x_3); 23 | x_1 = _mm_xor_si128(x_1, x_2); 24 | 25 | t_1 = x_1; 26 | x_1 = _mm_slli_epi32(x_1, 12); 27 | t_1 = _mm_srli_epi32(t_1, 20); 28 | x_1 = _mm_xor_si128(x_1, t_1); 29 | 30 | x_0 = _mm_add_epi32(x_0, x_1); 31 | x_3 = _mm_xor_si128(x_3, x_0); 32 | x_0 = _mm_shuffle_epi32(x_0, 0x93); 33 | x_3 = _mm_shuffle_epi8(x_3, rot8); 34 | 35 | x_2 = _mm_add_epi32(x_2, x_3); 36 | x_3 = _mm_shuffle_epi32(x_3, 0x4e); 37 | x_1 = _mm_xor_si128(x_1, x_2); 38 | x_2 = _mm_shuffle_epi32(x_2, 0x39); 39 | 40 | t_1 = x_1; 41 | x_1 = _mm_slli_epi32(x_1, 7); 42 | t_1 = _mm_srli_epi32(t_1, 25); 43 | x_1 = _mm_xor_si128(x_1, t_1); 44 | 45 | x_0 = _mm_add_epi32(x_0, x_1); 46 | x_3 = _mm_xor_si128(x_3, x_0); 47 | x_3 = _mm_shuffle_epi8(x_3, rot16); 48 | 49 | x_2 = _mm_add_epi32(x_2, x_3); 50 | x_1 = _mm_xor_si128(x_1, x_2); 51 | 52 | t_1 = x_1; 53 | x_1 = _mm_slli_epi32(x_1, 12); 54 | t_1 = _mm_srli_epi32(t_1, 20); 55 | x_1 = _mm_xor_si128(x_1, t_1); 56 | 57 | x_0 = _mm_add_epi32(x_0, x_1); 58 | x_3 = _mm_xor_si128(x_3, x_0); 59 | x_0 = _mm_shuffle_epi32(x_0, 0x39); 60 | x_3 = _mm_shuffle_epi8(x_3, rot8); 61 | 62 | x_2 = _mm_add_epi32(x_2, x_3); 63 | x_3 = _mm_shuffle_epi32(x_3, 0x4e); 64 | x_1 = _mm_xor_si128(x_1, x_2); 65 | x_2 = _mm_shuffle_epi32(x_2, 0x93); 66 | 67 | t_1 = x_1; 68 | x_1 = _mm_slli_epi32(x_1, 7); 69 | t_1 = _mm_srli_epi32(t_1, 25); 70 | x_1 = _mm_xor_si128(x_1, t_1); 71 | } 72 | x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((const __m128i*) (x + 0))); 73 | x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((const __m128i*) (x + 4))); 74 | x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((const __m128i*) (x + 8))); 75 | x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((const __m128i*) (x + 12))); 76 | _mm_storeu_si128((__m128i*) (partialblock + 0), x_0); 77 | _mm_storeu_si128((__m128i*) (partialblock + 16), x_1); 78 | _mm_storeu_si128((__m128i*) (partialblock + 32), x_2); 79 | _mm_storeu_si128((__m128i*) (partialblock + 48), x_3); 80 | 81 | for (i = 0; i < bytes; i++) { 82 | c[i] = m[i] ^ partialblock[i]; 83 | } 84 | 85 | sodium_memzero(partialblock, sizeof partialblock); 86 | } 87 | -------------------------------------------------------------------------------- /sodium/sodium_dolbeau_u1.h: -------------------------------------------------------------------------------- 1 | while (bytes >= 64) { 2 | __m128i x_0, x_1, x_2, x_3; 3 | __m128i t_1; 4 | const __m128i rot16 = 5 | _mm_set_epi8(13, 12, 15, 14, 9, 8, 11, 10, 5, 4, 7, 6, 1, 0, 3, 2); 6 | const __m128i rot8 = 7 | _mm_set_epi8(14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3); 8 | 9 | uint32_t in12; 10 | uint32_t in13; 11 | int i; 12 | 13 | x_0 = _mm_loadu_si128((const __m128i*) (x + 0)); 14 | x_1 = _mm_loadu_si128((const __m128i*) (x + 4)); 15 | x_2 = _mm_loadu_si128((const __m128i*) (x + 8)); 16 | x_3 = _mm_loadu_si128((const __m128i*) (x + 12)); 17 | 18 | for (i = 0; i < ROUNDS; i += 2) { 19 | x_0 = _mm_add_epi32(x_0, x_1); 20 | x_3 = _mm_xor_si128(x_3, x_0); 21 | x_3 = _mm_shuffle_epi8(x_3, rot16); 22 | 23 | x_2 = _mm_add_epi32(x_2, x_3); 24 | x_1 = _mm_xor_si128(x_1, x_2); 25 | 26 | t_1 = x_1; 27 | x_1 = _mm_slli_epi32(x_1, 12); 28 | t_1 = _mm_srli_epi32(t_1, 20); 29 | x_1 = _mm_xor_si128(x_1, t_1); 30 | 31 | x_0 = _mm_add_epi32(x_0, x_1); 32 | x_3 = _mm_xor_si128(x_3, x_0); 33 | x_0 = _mm_shuffle_epi32(x_0, 0x93); 34 | x_3 = _mm_shuffle_epi8(x_3, rot8); 35 | 36 | x_2 = _mm_add_epi32(x_2, x_3); 37 | x_3 = _mm_shuffle_epi32(x_3, 0x4e); 38 | x_1 = _mm_xor_si128(x_1, x_2); 39 | x_2 = _mm_shuffle_epi32(x_2, 0x39); 40 | 41 | t_1 = x_1; 42 | x_1 = _mm_slli_epi32(x_1, 7); 43 | t_1 = _mm_srli_epi32(t_1, 25); 44 | x_1 = _mm_xor_si128(x_1, t_1); 45 | 46 | x_0 = _mm_add_epi32(x_0, x_1); 47 | x_3 = _mm_xor_si128(x_3, x_0); 48 | x_3 = _mm_shuffle_epi8(x_3, rot16); 49 | 50 | x_2 = _mm_add_epi32(x_2, x_3); 51 | x_1 = _mm_xor_si128(x_1, x_2); 52 | 53 | t_1 = x_1; 54 | x_1 = _mm_slli_epi32(x_1, 12); 55 | t_1 = _mm_srli_epi32(t_1, 20); 56 | x_1 = _mm_xor_si128(x_1, t_1); 57 | 58 | x_0 = _mm_add_epi32(x_0, x_1); 59 | x_3 = _mm_xor_si128(x_3, x_0); 60 | x_0 = _mm_shuffle_epi32(x_0, 0x39); 61 | x_3 = _mm_shuffle_epi8(x_3, rot8); 62 | 63 | x_2 = _mm_add_epi32(x_2, x_3); 64 | x_3 = _mm_shuffle_epi32(x_3, 0x4e); 65 | x_1 = _mm_xor_si128(x_1, x_2); 66 | x_2 = _mm_shuffle_epi32(x_2, 0x93); 67 | 68 | t_1 = x_1; 69 | x_1 = _mm_slli_epi32(x_1, 7); 70 | t_1 = _mm_srli_epi32(t_1, 25); 71 | x_1 = _mm_xor_si128(x_1, t_1); 72 | } 73 | x_0 = _mm_add_epi32(x_0, _mm_loadu_si128((const __m128i*) (x + 0))); 74 | x_1 = _mm_add_epi32(x_1, _mm_loadu_si128((const __m128i*) (x + 4))); 75 | x_2 = _mm_add_epi32(x_2, _mm_loadu_si128((const __m128i*) (x + 8))); 76 | x_3 = _mm_add_epi32(x_3, _mm_loadu_si128((const __m128i*) (x + 12))); 77 | x_0 = _mm_xor_si128(x_0, _mm_loadu_si128((const __m128i*) (m + 0))); 78 | x_1 = _mm_xor_si128(x_1, _mm_loadu_si128((const __m128i*) (m + 16))); 79 | x_2 = _mm_xor_si128(x_2, _mm_loadu_si128((const __m128i*) (m + 32))); 80 | x_3 = _mm_xor_si128(x_3, _mm_loadu_si128((const __m128i*) (m + 48))); 81 | _mm_storeu_si128((__m128i*) (c + 0), x_0); 82 | _mm_storeu_si128((__m128i*) (c + 16), x_1); 83 | _mm_storeu_si128((__m128i*) (c + 32), x_2); 84 | _mm_storeu_si128((__m128i*) (c + 48), x_3); 85 | 86 | in12 = x[12]; 87 | in13 = x[13]; 88 | in12++; 89 | if (in12 == 0) { 90 | in13++; 91 | } 92 | x[12] = in12; 93 | x[13] = in13; 94 | 95 | bytes -= 64; 96 | c += 64; 97 | m += 64; 98 | } 99 | -------------------------------------------------------------------------------- /sodium/sodium_export.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef sodium_export_H 3 | #define sodium_export_H 4 | 5 | #include 6 | #include 7 | #include 8 | 9 | #if !defined(__clang__) && !defined(__GNUC__) 10 | # ifdef __attribute__ 11 | # undef __attribute__ 12 | # endif 13 | # define __attribute__(a) 14 | #endif 15 | 16 | #ifndef CRYPTO_ALIGN 17 | # if defined(__INTEL_COMPILER) || defined(_MSC_VER) 18 | # define CRYPTO_ALIGN(x) __declspec(align(x)) 19 | # else 20 | # define CRYPTO_ALIGN(x) __attribute__ ((aligned(x))) 21 | # endif 22 | #endif 23 | 24 | #define SODIUM_MIN(A, B) ((A) < (B) ? (A) : (B)) 25 | #define SODIUM_SIZE_MAX SODIUM_MIN(UINT64_MAX, SIZE_MAX) 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /sodium/sodium_fe_25_5_base2.h: -------------------------------------------------------------------------------- 1 | { 2 | { 25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626, -11754271, -6079156, 2047605 }, 3 | { -12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692, 5043384, 19500929, -15469378 }, 4 | { -8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919, 11864899, -24514362, -4438546 } 5 | }, 6 | { 7 | { 15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600, -14772189, 28944400, -1550024 }, 8 | { 16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577, -11775962, 7689662, 11199574 }, 9 | { 30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774, 10017326, -17749093, -9920357 } 10 | }, 11 | { 12 | { 10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885, 14515107, -15438304, 10819380 }, 13 | { 4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668, 12483688, -12668491, 5581306 }, 14 | { 19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350, 13850243, -23678021, -15815942 } 15 | }, 16 | { 17 | { 5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852, 5230134, -23952439, -15175766 }, 18 | { -30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025, 16520125, 30598449, 7715701 }, 19 | { 28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660, 1370708, 29794553, -1409300 } 20 | }, 21 | { 22 | { -22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211, -1361450, -13062696, 13821877 }, 23 | { -6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028, -7212327, 18853322, -14220951 }, 24 | { 4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358, -10431137, 2207753, -3209784 } 25 | }, 26 | { 27 | { -25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364, -663000, -31111463, -16132436 }, 28 | { 25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789, 15725684, 171356, 6466918 }, 29 | { 23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339, -14088058, -30714912, 16193877 } 30 | }, 31 | { 32 | { -33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398, 4729455, -18074513, 9256800 }, 33 | { -25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405, 9761698, -19827198, 630305 }, 34 | { -13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551, -15960994, -2449256, -14291300 } 35 | }, 36 | { 37 | { -3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575, 15033784, 25105118, -7894876 }, 38 | { -24326370, 15950226, -31801215, -14592823, -11662737, -5090925, 1573892, -2625887, 2198790, -15804619 }, 39 | { -3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022, -16236442, -32461234, -12290683 } 40 | } 41 | -------------------------------------------------------------------------------- /sodium/sodium_fe_25_5_constants.h: -------------------------------------------------------------------------------- 1 | /* 37095705934669439343138083508754565189542113879843219016388785533085940283555 */ 2 | static const fe25519 d = { 3 | -10913610, 13857413, -15372611, 6949391, 114729, -8787816, -6275908, -3247719, -18696448, -12055116 4 | }; 5 | 6 | /* 2 * d = 7 | * 16295367250680780974490674513165176452449235426866156013048779062215315747161 8 | */ 9 | static const fe25519 d2 = { 10 | -21827239, -5839606, -30745221, 13898782, 229458, 15978800, -12551817, -6495438, 29715968, 9444199 }; 11 | 12 | /* sqrt(-1) */ 13 | static const fe25519 sqrtm1 = { 14 | -32595792, -7943725, 9377950, 3500415, 12389472, -272473, -25146209, -2005654, 326686, 11406482 15 | }; 16 | 17 | /* A = 486662 */ 18 | static const fe25519 curve25519_A = { 19 | 486662, 0, 0, 0, 0, 0, 0, 0, 0, 0 20 | }; 21 | -------------------------------------------------------------------------------- /sodium/sodium_fe_51_base2.h: -------------------------------------------------------------------------------- 1 | { 2 | { 1288382639258501, 245678601348599, 269427782077623, 1462984067271730, 137412439391563 }, 3 | { 62697248952638, 204681361388450, 631292143396476, 338455783676468, 1213667448819585 }, 4 | { 301289933810280, 1259582250014073, 1422107436869536, 796239922652654, 1953934009299142 } 5 | }, 6 | { 7 | { 1601611775252272, 1720807796594148, 1132070835939856, 1260455018889551, 2147779492816911 }, 8 | { 316559037616741, 2177824224946892, 1459442586438991, 1461528397712656, 751590696113597 }, 9 | { 1850748884277385, 1200145853858453, 1068094770532492, 672251375690438, 1586055907191707 } 10 | }, 11 | { 12 | { 769950342298419, 132954430919746, 844085933195555, 974092374476333, 726076285546016 }, 13 | { 425251763115706, 608463272472562, 442562545713235, 837766094556764, 374555092627893 }, 14 | { 1086255230780037, 274979815921559, 1960002765731872, 929474102396301, 1190409889297339 } 15 | }, 16 | { 17 | { 665000864555967, 2065379846933859, 370231110385876, 350988370788628, 1233371373142985 }, 18 | { 2019367628972465, 676711900706637, 110710997811333, 1108646842542025, 517791959672113 }, 19 | { 965130719900578, 247011430587952, 526356006571389, 91986625355052, 2157223321444601 } 20 | }, 21 | { 22 | { 1802695059465007, 1664899123557221, 593559490740857, 2160434469266659, 927570450755031 }, 23 | { 1725674970513508, 1933645953859181, 1542344539275782, 1767788773573747, 1297447965928905 }, 24 | { 1381809363726107, 1430341051343062, 2061843536018959, 1551778050872521, 2036394857967624 } 25 | }, 26 | { 27 | { 1970894096313054, 528066325833207, 1619374932191227, 2207306624415883, 1169170329061080 }, 28 | { 2070390218572616, 1458919061857835, 624171843017421, 1055332792707765, 433987520732508 }, 29 | { 893653801273833, 1168026499324677, 1242553501121234, 1306366254304474, 1086752658510815 } 30 | }, 31 | { 32 | { 213454002618221, 939771523987438, 1159882208056014, 317388369627517, 621213314200687 }, 33 | { 1971678598905747, 338026507889165, 762398079972271, 655096486107477, 42299032696322 }, 34 | { 177130678690680, 1754759263300204, 1864311296286618, 1180675631479880, 1292726903152791 } 35 | }, 36 | { 37 | { 1913163449625248, 460779200291993, 2193883288642314, 1008900146920800, 1721983679009502 }, 38 | { 1070401523076875, 1272492007800961, 1910153608563310, 2075579521696771, 1191169788841221 }, 39 | { 692896803108118, 500174642072499, 2068223309439677, 1162190621851337, 1426986007309901 } 40 | } 41 | -------------------------------------------------------------------------------- /sodium/sodium_fe_51_constants.h: -------------------------------------------------------------------------------- 1 | /* 37095705934669439343138083508754565189542113879843219016388785533085940283555 */ 2 | static const fe25519 d = { 3 | 929955233495203, 466365720129213, 1662059464998953, 2033849074728123, 1442794654840575 4 | }; 5 | 6 | /* 2 * d = 7 | * 16295367250680780974490674513165176452449235426866156013048779062215315747161 8 | */ 9 | static const fe25519 d2 = { 10 | 1859910466990425, 932731440258426, 1072319116312658, 1815898335770999, 633789495995903 11 | }; 12 | 13 | /* sqrt(-1) */ 14 | static const fe25519 sqrtm1 = { 15 | 1718705420411056, 234908883556509, 2233514472574048, 2117202627021982, 765476049583133 16 | }; 17 | 18 | /* A = 486662 */ 19 | static const fe25519 curve25519_A = { 20 | 486662, 0, 0, 0, 0 21 | }; 22 | -------------------------------------------------------------------------------- /sodium/sodium_fe_51_fe.h: -------------------------------------------------------------------------------- 1 | /* 2 | Ignores top bit of h. 3 | */ 4 | 5 | void 6 | fe25519_frombytes(fe25519 h, const unsigned char *s) 7 | { 8 | const uint64_t mask = 0x7ffffffffffffULL; 9 | uint64_t h0, h1, h2, h3, h4; 10 | 11 | h0 = (LOAD64_LE(s ) ) & mask; 12 | h1 = (LOAD64_LE(s + 6) >> 3) & mask; 13 | h2 = (LOAD64_LE(s + 12) >> 6) & mask; 14 | h3 = (LOAD64_LE(s + 19) >> 1) & mask; 15 | h4 = (LOAD64_LE(s + 24) >> 12) & mask; 16 | 17 | h[0] = h0; 18 | h[1] = h1; 19 | h[2] = h2; 20 | h[3] = h3; 21 | h[4] = h4; 22 | } 23 | 24 | static void 25 | fe25519_reduce(fe25519 h, const fe25519 f) 26 | { 27 | const uint64_t mask = 0x7ffffffffffffULL; 28 | uint128_t t[5]; 29 | 30 | t[0] = f[0]; 31 | t[1] = f[1]; 32 | t[2] = f[2]; 33 | t[3] = f[3]; 34 | t[4] = f[4]; 35 | 36 | t[1] += t[0] >> 51; 37 | t[0] &= mask; 38 | t[2] += t[1] >> 51; 39 | t[1] &= mask; 40 | t[3] += t[2] >> 51; 41 | t[2] &= mask; 42 | t[4] += t[3] >> 51; 43 | t[3] &= mask; 44 | t[0] += 19 * (t[4] >> 51); 45 | t[4] &= mask; 46 | 47 | t[1] += t[0] >> 51; 48 | t[0] &= mask; 49 | t[2] += t[1] >> 51; 50 | t[1] &= mask; 51 | t[3] += t[2] >> 51; 52 | t[2] &= mask; 53 | t[4] += t[3] >> 51; 54 | t[3] &= mask; 55 | t[0] += 19 * (t[4] >> 51); 56 | t[4] &= mask; 57 | 58 | /* now t is between 0 and 2^255-1, properly carried. */ 59 | /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ 60 | 61 | t[0] += 19ULL; 62 | 63 | t[1] += t[0] >> 51; 64 | t[0] &= mask; 65 | t[2] += t[1] >> 51; 66 | t[1] &= mask; 67 | t[3] += t[2] >> 51; 68 | t[2] &= mask; 69 | t[4] += t[3] >> 51; 70 | t[3] &= mask; 71 | t[0] += 19ULL * (t[4] >> 51); 72 | t[4] &= mask; 73 | 74 | /* now between 19 and 2^255-1 in both cases, and offset by 19. */ 75 | 76 | t[0] += 0x8000000000000 - 19ULL; 77 | t[1] += 0x8000000000000 - 1ULL; 78 | t[2] += 0x8000000000000 - 1ULL; 79 | t[3] += 0x8000000000000 - 1ULL; 80 | t[4] += 0x8000000000000 - 1ULL; 81 | 82 | /* now between 2^255 and 2^256-20, and offset by 2^255. */ 83 | 84 | t[1] += t[0] >> 51; 85 | t[0] &= mask; 86 | t[2] += t[1] >> 51; 87 | t[1] &= mask; 88 | t[3] += t[2] >> 51; 89 | t[2] &= mask; 90 | t[4] += t[3] >> 51; 91 | t[3] &= mask; 92 | t[4] &= mask; 93 | 94 | h[0] = t[0]; 95 | h[1] = t[1]; 96 | h[2] = t[2]; 97 | h[3] = t[3]; 98 | h[4] = t[4]; 99 | } 100 | 101 | void 102 | fe25519_tobytes(unsigned char *s, const fe25519 h) 103 | { 104 | fe25519 t; 105 | uint64_t t0, t1, t2, t3; 106 | 107 | fe25519_reduce(t, h); 108 | t0 = t[0] | (t[1] << 51); 109 | t1 = (t[1] >> 13) | (t[2] << 38); 110 | t2 = (t[2] >> 26) | (t[3] << 25); 111 | t3 = (t[3] >> 39) | (t[4] << 12); 112 | STORE64_LE(s + 0, t0); 113 | STORE64_LE(s + 8, t1); 114 | STORE64_LE(s + 16, t2); 115 | STORE64_LE(s + 24, t3); 116 | } 117 | -------------------------------------------------------------------------------- /sodium/sodium_generichash_blake2.c: -------------------------------------------------------------------------------- 1 | #include "sodium_crypto_generichash_blake2b.h" 2 | #include "sodium_randombytes.h" 3 | 4 | size_t 5 | crypto_generichash_blake2b_bytes_min(void) { 6 | return crypto_generichash_blake2b_BYTES_MIN; 7 | } 8 | 9 | size_t 10 | crypto_generichash_blake2b_bytes_max(void) { 11 | return crypto_generichash_blake2b_BYTES_MAX; 12 | } 13 | 14 | size_t 15 | crypto_generichash_blake2b_bytes(void) { 16 | return crypto_generichash_blake2b_BYTES; 17 | } 18 | 19 | size_t 20 | crypto_generichash_blake2b_keybytes_min(void) { 21 | return crypto_generichash_blake2b_KEYBYTES_MIN; 22 | } 23 | 24 | size_t 25 | crypto_generichash_blake2b_keybytes_max(void) { 26 | return crypto_generichash_blake2b_KEYBYTES_MAX; 27 | } 28 | 29 | size_t 30 | crypto_generichash_blake2b_keybytes(void) { 31 | return crypto_generichash_blake2b_KEYBYTES; 32 | } 33 | 34 | size_t 35 | crypto_generichash_blake2b_saltbytes(void) { 36 | return crypto_generichash_blake2b_SALTBYTES; 37 | } 38 | 39 | size_t 40 | crypto_generichash_blake2b_personalbytes(void) { 41 | return crypto_generichash_blake2b_PERSONALBYTES; 42 | } 43 | 44 | size_t 45 | crypto_generichash_blake2b_statebytes(void) 46 | { 47 | return (sizeof(crypto_generichash_blake2b_state) + (size_t) 63U) 48 | & ~(size_t) 63U; 49 | } 50 | 51 | void 52 | crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES]) 53 | { 54 | randombytes_buf(k, crypto_generichash_blake2b_KEYBYTES); 55 | } 56 | -------------------------------------------------------------------------------- /sodium/sodium_hash_sha512.c: -------------------------------------------------------------------------------- 1 | #include "sodium_crypto_hash_sha512.h" 2 | 3 | size_t 4 | crypto_hash_sha512_bytes(void) 5 | { 6 | return crypto_hash_sha512_BYTES; 7 | } 8 | 9 | size_t 10 | crypto_hash_sha512_statebytes(void) 11 | { 12 | return sizeof(crypto_hash_sha512_state); 13 | } 14 | -------------------------------------------------------------------------------- /sodium/sodium_onetimeauth_poly1305.c: -------------------------------------------------------------------------------- 1 | 2 | #include "sodium_onetimeauth_poly1305.h" 3 | #include "sodium_crypto_onetimeauth_poly1305.h" 4 | #include "sodium_private_common.h" 5 | #include "sodium_private_implementations.h" 6 | #include "sodium_randombytes.h" 7 | #include "sodium_runtime.h" 8 | 9 | #include "sodium_poly1305_donna.h" 10 | #if defined(HAVE_TI_MODE) && defined(HAVE_EMMINTRIN_H) 11 | # include "sodium_poly1305-sse2.h" 12 | #endif 13 | 14 | static const crypto_onetimeauth_poly1305_implementation *implementation = 15 | &crypto_onetimeauth_poly1305_donna_implementation; 16 | 17 | int 18 | crypto_onetimeauth_poly1305(unsigned char *out, const unsigned char *in, 19 | unsigned long long inlen, const unsigned char *k) 20 | { 21 | return implementation->onetimeauth(out, in, inlen, k); 22 | } 23 | 24 | int 25 | crypto_onetimeauth_poly1305_verify(const unsigned char *h, 26 | const unsigned char *in, 27 | unsigned long long inlen, 28 | const unsigned char *k) 29 | { 30 | return implementation->onetimeauth_verify(h, in, inlen, k); 31 | } 32 | 33 | int 34 | crypto_onetimeauth_poly1305_init(crypto_onetimeauth_poly1305_state *state, 35 | const unsigned char *key) 36 | { 37 | return implementation->onetimeauth_init(state, key); 38 | } 39 | 40 | int 41 | crypto_onetimeauth_poly1305_update(crypto_onetimeauth_poly1305_state *state, 42 | const unsigned char *in, 43 | unsigned long long inlen) 44 | { 45 | return implementation->onetimeauth_update(state, in, inlen); 46 | } 47 | 48 | int 49 | crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state, 50 | unsigned char *out) 51 | { 52 | return implementation->onetimeauth_final(state, out); 53 | } 54 | 55 | size_t 56 | crypto_onetimeauth_poly1305_bytes(void) 57 | { 58 | return crypto_onetimeauth_poly1305_BYTES; 59 | } 60 | 61 | size_t 62 | crypto_onetimeauth_poly1305_keybytes(void) 63 | { 64 | return crypto_onetimeauth_poly1305_KEYBYTES; 65 | } 66 | 67 | size_t 68 | crypto_onetimeauth_poly1305_statebytes(void) 69 | { 70 | return sizeof(crypto_onetimeauth_poly1305_state); 71 | } 72 | 73 | void 74 | crypto_onetimeauth_poly1305_keygen( 75 | unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES]) 76 | { 77 | randombytes_buf(k, crypto_onetimeauth_poly1305_KEYBYTES); 78 | } 79 | 80 | int 81 | _crypto_onetimeauth_poly1305_pick_best_implementation(void) 82 | { 83 | implementation = &crypto_onetimeauth_poly1305_donna_implementation; 84 | #if defined(HAVE_TI_MODE) && defined(HAVE_EMMINTRIN_H) 85 | if (sodium_runtime_has_sse2()) { 86 | #if NETCODE_CRYPTO_LOGS 87 | printf( "poly1305 -> sse3\n" ); 88 | #endif // #if NETCODE_CRYPTO_LOGS 89 | implementation = &crypto_onetimeauth_poly1305_sse2_implementation; 90 | return 0; 91 | } 92 | #endif 93 | #if NETCODE_CRYPTO_LOGS 94 | printf( "poly1305 -> ref\n" ); 95 | #endif // #if NETCODE_CRYPTO_LOGS 96 | return 0; 97 | } 98 | -------------------------------------------------------------------------------- /sodium/sodium_onetimeauth_poly1305.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef onetimeauth_poly1305_H 3 | #define onetimeauth_poly1305_H 4 | 5 | #include "sodium_crypto_onetimeauth_poly1305.h" 6 | 7 | typedef struct crypto_onetimeauth_poly1305_implementation { 8 | int (*onetimeauth)(unsigned char *out, const unsigned char *in, 9 | unsigned long long inlen, const unsigned char *k); 10 | int (*onetimeauth_verify)(const unsigned char *h, const unsigned char *in, 11 | unsigned long long inlen, const unsigned char *k); 12 | int (*onetimeauth_init)(crypto_onetimeauth_poly1305_state *state, 13 | const unsigned char * key); 14 | int (*onetimeauth_update)(crypto_onetimeauth_poly1305_state *state, 15 | const unsigned char * in, 16 | unsigned long long inlen); 17 | int (*onetimeauth_final)(crypto_onetimeauth_poly1305_state *state, 18 | unsigned char * out); 19 | } crypto_onetimeauth_poly1305_implementation; 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /sodium/sodium_poly1305-sse2.h: -------------------------------------------------------------------------------- 1 | #ifndef poly1305_sse2_H 2 | #define poly1305_sse2_H 3 | 4 | #include 5 | 6 | #include "sodium_onetimeauth_poly1305.h" 7 | #include "sodium_crypto_onetimeauth_poly1305.h" 8 | 9 | extern struct crypto_onetimeauth_poly1305_implementation 10 | crypto_onetimeauth_poly1305_sse2_implementation; 11 | 12 | #endif /* poly1305_sse2_H */ 13 | -------------------------------------------------------------------------------- /sodium/sodium_poly1305_donna.h: -------------------------------------------------------------------------------- 1 | #ifndef poly1305_donna_H 2 | #define poly1305_donna_H 3 | 4 | #include 5 | 6 | #include "sodium_onetimeauth_poly1305.h" 7 | #include "sodium_crypto_onetimeauth_poly1305.h" 8 | 9 | extern struct crypto_onetimeauth_poly1305_implementation 10 | crypto_onetimeauth_poly1305_donna_implementation; 11 | 12 | #endif /* poly1305_donna_H */ 13 | -------------------------------------------------------------------------------- /sodium/sodium_private_chacha20_ietf_ext.h: -------------------------------------------------------------------------------- 1 | #ifndef chacha20_ietf_ext_H 2 | #define chacha20_ietf_ext_H 3 | 4 | #include 5 | 6 | /* The ietf_ext variant allows the internal counter to overflow into the IV */ 7 | 8 | int crypto_stream_chacha20_ietf_ext(unsigned char *c, unsigned long long clen, 9 | const unsigned char *n, const unsigned char *k); 10 | 11 | int crypto_stream_chacha20_ietf_ext_xor_ic(unsigned char *c, const unsigned char *m, 12 | unsigned long long mlen, 13 | const unsigned char *n, uint32_t ic, 14 | const unsigned char *k); 15 | #endif 16 | 17 | -------------------------------------------------------------------------------- /sodium/sodium_private_ed25519_ref10.h: -------------------------------------------------------------------------------- 1 | #ifndef ed25519_ref10_H 2 | #define ed25519_ref10_H 3 | 4 | #include 5 | #include 6 | 7 | /* 8 | fe means field element. 9 | Here the field is \Z/(2^255-19). 10 | */ 11 | 12 | #ifdef HAVE_TI_MODE 13 | typedef uint64_t fe25519[5]; 14 | #else 15 | typedef int32_t fe25519[10]; 16 | #endif 17 | 18 | void fe25519_invert(fe25519 out, const fe25519 z); 19 | void fe25519_frombytes(fe25519 h, const unsigned char *s); 20 | void fe25519_tobytes(unsigned char *s, const fe25519 h); 21 | 22 | #ifdef HAVE_TI_MODE 23 | # include "sodium_private_ed25519_ref10_fe_51.h" 24 | #else 25 | # include "sodium_private_ed25519_ref10_fe_25_5.h" 26 | #endif 27 | 28 | 29 | /* 30 | ge means group element. 31 | 32 | Here the group is the set of pairs (x,y) of field elements 33 | satisfying -x^2 + y^2 = 1 + d x^2y^2 34 | where d = -121665/121666. 35 | 36 | Representations: 37 | ge25519_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z 38 | ge25519_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT 39 | ge25519_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T 40 | ge25519_precomp (Duif): (y+x,y-x,2dxy) 41 | */ 42 | 43 | typedef struct { 44 | fe25519 X; 45 | fe25519 Y; 46 | fe25519 Z; 47 | } ge25519_p2; 48 | 49 | typedef struct { 50 | fe25519 X; 51 | fe25519 Y; 52 | fe25519 Z; 53 | fe25519 T; 54 | } ge25519_p3; 55 | 56 | typedef struct { 57 | fe25519 X; 58 | fe25519 Y; 59 | fe25519 Z; 60 | fe25519 T; 61 | } ge25519_p1p1; 62 | 63 | typedef struct { 64 | fe25519 yplusx; 65 | fe25519 yminusx; 66 | fe25519 xy2d; 67 | } ge25519_precomp; 68 | 69 | typedef struct { 70 | fe25519 YplusX; 71 | fe25519 YminusX; 72 | fe25519 Z; 73 | fe25519 T2d; 74 | } ge25519_cached; 75 | 76 | void ge25519_tobytes(unsigned char *s, const ge25519_p2 *h); 77 | 78 | void ge25519_p3_tobytes(unsigned char *s, const ge25519_p3 *h); 79 | 80 | int ge25519_frombytes(ge25519_p3 *h, const unsigned char *s); 81 | 82 | int ge25519_frombytes_negate_vartime(ge25519_p3 *h, const unsigned char *s); 83 | 84 | void ge25519_p3_to_cached(ge25519_cached *r, const ge25519_p3 *p); 85 | 86 | void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p); 87 | 88 | void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p); 89 | 90 | void ge25519_add(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q); 91 | 92 | void ge25519_sub(ge25519_p1p1 *r, const ge25519_p3 *p, const ge25519_cached *q); 93 | 94 | void ge25519_scalarmult_base(ge25519_p3 *h, const unsigned char *a); 95 | 96 | void ge25519_double_scalarmult_vartime(ge25519_p2 *r, const unsigned char *a, 97 | const ge25519_p3 *A, 98 | const unsigned char *b); 99 | 100 | void ge25519_scalarmult(ge25519_p3 *h, const unsigned char *a, 101 | const ge25519_p3 *p); 102 | 103 | int ge25519_is_canonical(const unsigned char *s); 104 | 105 | int ge25519_is_on_curve(const ge25519_p3 *p); 106 | 107 | int ge25519_is_on_main_subgroup(const ge25519_p3 *p); 108 | 109 | int ge25519_has_small_order(const unsigned char s[32]); 110 | 111 | void ge25519_from_uniform(unsigned char s[32], const unsigned char r[32]); 112 | 113 | /* 114 | The set of scalars is \Z/l 115 | where l = 2^252 + 27742317777372353535851937790883648493. 116 | */ 117 | 118 | void sc25519_invert(unsigned char recip[32], const unsigned char s[32]); 119 | 120 | void sc25519_reduce(unsigned char s[64]); 121 | 122 | void sc25519_muladd(unsigned char s[32], const unsigned char a[32], 123 | const unsigned char b[32], const unsigned char c[32]); 124 | 125 | int sc25519_is_canonical(const unsigned char s[32]); 126 | 127 | #endif 128 | -------------------------------------------------------------------------------- /sodium/sodium_private_implementations.h: -------------------------------------------------------------------------------- 1 | #ifndef implementations_H 2 | #define implementations_H 3 | 4 | int _crypto_generichash_blake2b_pick_best_implementation(void); 5 | int _crypto_onetimeauth_poly1305_pick_best_implementation(void); 6 | int _crypto_scalarmult_curve25519_pick_best_implementation(void); 7 | int _crypto_stream_chacha20_pick_best_implementation(void); 8 | int _crypto_stream_salsa20_pick_best_implementation(void); 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /sodium/sodium_private_mutex.h: -------------------------------------------------------------------------------- 1 | #ifndef mutex_H 2 | #define mutex_H 1 3 | 4 | extern int sodium_crit_enter(void); 5 | extern int sodium_crit_leave(void); 6 | 7 | #endif 8 | -------------------------------------------------------------------------------- /sodium/sodium_private_sse2_64_32.h: -------------------------------------------------------------------------------- 1 | #ifndef sse2_64_32_H 2 | #define sse2_64_32_H 1 3 | 4 | #include "sodium_private_common.h" 5 | 6 | #ifdef HAVE_INTRIN_H 7 | # include 8 | #endif 9 | 10 | #if defined(HAVE_EMMINTRIN_H) && \ 11 | !(defined(__amd64) || defined(__amd64__) || defined(__x86_64__) || \ 12 | defined(_M_X64) || defined(_M_AMD64)) 13 | 14 | # include 15 | # include 16 | 17 | # ifndef _mm_set_epi64x 18 | # define _mm_set_epi64x(Q0, Q1) sodium__mm_set_epi64x((Q0), (Q1)) 19 | static inline __m128i 20 | sodium__mm_set_epi64x(int64_t q1, int64_t q0) 21 | { 22 | union { int64_t as64; int32_t as32[2]; } x0, x1; 23 | x0.as64 = q0; x1.as64 = q1; 24 | return _mm_set_epi32(x1.as32[1], x1.as32[0], x0.as32[1], x0.as32[0]); 25 | } 26 | # endif 27 | 28 | # ifndef _mm_set1_epi64x 29 | # define _mm_set1_epi64x(Q) sodium__mm_set1_epi64x(Q) 30 | static inline __m128i 31 | sodium__mm_set1_epi64x(int64_t q) 32 | { 33 | return _mm_set_epi64x(q, q); 34 | } 35 | # endif 36 | 37 | # ifndef _mm_cvtsi64_si128 38 | # define _mm_cvtsi64_si128(Q) sodium__mm_cvtsi64_si128(Q) 39 | static inline __m128i 40 | sodium__mm_cvtsi64_si128(int64_t q) 41 | { 42 | union { int64_t as64; int32_t as32[2]; } x; 43 | x.as64 = q; 44 | return _mm_setr_epi32(x.as32[0], x.as32[1], 0, 0); 45 | } 46 | # endif 47 | 48 | #endif 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /sodium/sodium_randombytes.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef randombytes_H 3 | #define randombytes_H 4 | 5 | #include 6 | #include 7 | 8 | #include 9 | 10 | #include "sodium_export.h" 11 | 12 | #ifdef __cplusplus 13 | # ifdef __GNUC__ 14 | # pragma GCC diagnostic ignored "-Wlong-long" 15 | # endif 16 | extern "C" { 17 | #endif 18 | 19 | typedef struct randombytes_implementation { 20 | const char *(*implementation_name)(void); /* required */ 21 | uint32_t (*random)(void); /* required */ 22 | void (*stir)(void); /* optional */ 23 | uint32_t (*uniform)(const uint32_t upper_bound); /* optional, a default implementation will be used if NULL */ 24 | void (*buf)(void * const buf, const size_t size); /* required */ 25 | int (*close)(void); /* optional */ 26 | } randombytes_implementation; 27 | 28 | #define randombytes_BYTES_MAX SODIUM_MIN(SODIUM_SIZE_MAX, 0xffffffffUL) 29 | 30 | #define randombytes_SEEDBYTES 32U 31 | size_t randombytes_seedbytes(void); 32 | 33 | void randombytes_buf(void * const buf, const size_t size) 34 | __attribute__ ((nonnull)); 35 | 36 | void randombytes_buf_deterministic(void * const buf, const size_t size, 37 | const unsigned char seed[randombytes_SEEDBYTES]) 38 | __attribute__ ((nonnull)); 39 | 40 | uint32_t randombytes_random(void); 41 | 42 | uint32_t randombytes_uniform(const uint32_t upper_bound); 43 | 44 | void randombytes_stir(void); 45 | 46 | int randombytes_close(void); 47 | 48 | int randombytes_set_implementation(randombytes_implementation *impl) 49 | __attribute__ ((nonnull)); 50 | 51 | const char *randombytes_implementation_name(void); 52 | 53 | /* -- NaCl compatibility interface -- */ 54 | 55 | void randombytes(unsigned char * const buf, const unsigned long long buf_len) 56 | __attribute__ ((nonnull)); 57 | 58 | #ifdef __cplusplus 59 | } 60 | #endif 61 | 62 | #endif 63 | -------------------------------------------------------------------------------- /sodium/sodium_randombytes_nativeclient.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef randombytes_nativeclient_H 3 | #define randombytes_nativeclient_H 4 | 5 | #ifdef __native_client__ 6 | 7 | # include "sodium_export.h" 8 | # include "sodium_randombytes.h" 9 | 10 | # ifdef __cplusplus 11 | extern "C" { 12 | # endif 13 | 14 | extern struct randombytes_implementation randombytes_nativeclient_implementation; 15 | 16 | # ifdef __cplusplus 17 | } 18 | # endif 19 | 20 | #endif 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /sodium/sodium_randombytes_salsa20_random.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef randombytes_salsa20_random_H 3 | #define randombytes_salsa20_random_H 4 | 5 | #include "sodium_export.h" 6 | #include "sodium_randombytes.h" 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | extern struct randombytes_implementation randombytes_salsa20_implementation; 13 | 14 | #ifdef __cplusplus 15 | } 16 | #endif 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /sodium/sodium_randombytes_sysrandom.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef randombytes_sysrandom_H 3 | #define randombytes_sysrandom_H 4 | 5 | #include "sodium_export.h" 6 | #include "sodium_randombytes.h" 7 | 8 | #ifdef __cplusplus 9 | extern "C" { 10 | #endif 11 | 12 | extern struct randombytes_implementation randombytes_sysrandom_implementation; 13 | 14 | #ifdef __cplusplus 15 | } 16 | #endif 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /sodium/sodium_ref10_keypair.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_crypto_hash_sha512.h" 5 | #include "sodium_crypto_scalarmult_curve25519.h" 6 | #include "sodium_crypto_sign_ed25519.h" 7 | #include "sodium_ref10_sign_ed25519.h" 8 | #include "sodium_private_ed25519_ref10.h" 9 | #include "sodium_randombytes.h" 10 | #include "sodium_utils.h" 11 | 12 | int 13 | crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk, 14 | const unsigned char *seed) 15 | { 16 | ge25519_p3 A; 17 | 18 | crypto_hash_sha512(sk, seed, 32); 19 | sk[0] &= 248; 20 | sk[31] &= 127; 21 | sk[31] |= 64; 22 | 23 | ge25519_scalarmult_base(&A, sk); 24 | ge25519_p3_tobytes(pk, &A); 25 | 26 | memmove(sk, seed, 32); 27 | memmove(sk + 32, pk, 32); 28 | 29 | return 0; 30 | } 31 | 32 | int 33 | crypto_sign_ed25519_keypair(unsigned char *pk, unsigned char *sk) 34 | { 35 | unsigned char seed[32]; 36 | int ret; 37 | 38 | randombytes_buf(seed, sizeof seed); 39 | ret = crypto_sign_ed25519_seed_keypair(pk, sk, seed); 40 | sodium_memzero(seed, sizeof seed); 41 | 42 | return ret; 43 | } 44 | 45 | int 46 | crypto_sign_ed25519_pk_to_curve25519(unsigned char *curve25519_pk, 47 | const unsigned char *ed25519_pk) 48 | { 49 | ge25519_p3 A; 50 | fe25519 x; 51 | fe25519 one_minus_y; 52 | 53 | if (ge25519_has_small_order(ed25519_pk) != 0 || 54 | ge25519_frombytes_negate_vartime(&A, ed25519_pk) != 0 || 55 | ge25519_is_on_main_subgroup(&A) == 0) { 56 | return -1; 57 | } 58 | fe25519_1(one_minus_y); 59 | fe25519_sub(one_minus_y, one_minus_y, A.Y); 60 | fe25519_1(x); 61 | fe25519_add(x, x, A.Y); 62 | fe25519_invert(one_minus_y, one_minus_y); 63 | fe25519_mul(x, x, one_minus_y); 64 | fe25519_tobytes(curve25519_pk, x); 65 | 66 | return 0; 67 | } 68 | 69 | int 70 | crypto_sign_ed25519_sk_to_curve25519(unsigned char *curve25519_sk, 71 | const unsigned char *ed25519_sk) 72 | { 73 | unsigned char h[crypto_hash_sha512_BYTES]; 74 | 75 | crypto_hash_sha512(h, ed25519_sk, 32); 76 | h[0] &= 248; 77 | h[31] &= 127; 78 | h[31] |= 64; 79 | memcpy(curve25519_sk, h, crypto_scalarmult_curve25519_BYTES); 80 | sodium_memzero(h, sizeof h); 81 | 82 | return 0; 83 | } 84 | -------------------------------------------------------------------------------- /sodium/sodium_ref10_open.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | 6 | #include "sodium_crypto_hash_sha512.h" 7 | #include "sodium_crypto_sign_ed25519.h" 8 | #include "sodium_crypto_verify_32.h" 9 | #include "sodium_ref10_sign_ed25519.h" 10 | #include "sodium_private_ed25519_ref10.h" 11 | #include "sodium_utils.h" 12 | 13 | int 14 | _crypto_sign_ed25519_verify_detached(const unsigned char *sig, 15 | const unsigned char *m, 16 | unsigned long long mlen, 17 | const unsigned char *pk, 18 | int prehashed) 19 | { 20 | crypto_hash_sha512_state hs; 21 | unsigned char h[64]; 22 | unsigned char rcheck[32]; 23 | ge25519_p3 A; 24 | ge25519_p2 R; 25 | 26 | #ifdef ED25519_COMPAT 27 | if (sig[63] & 224) { 28 | return -1; 29 | } 30 | #else 31 | if (sc25519_is_canonical(sig + 32) == 0 || 32 | ge25519_has_small_order(sig) != 0) { 33 | return -1; 34 | } 35 | if (ge25519_is_canonical(pk) == 0 || 36 | ge25519_has_small_order(pk) != 0) { 37 | return -1; 38 | } 39 | #endif 40 | if (ge25519_frombytes_negate_vartime(&A, pk) != 0) { 41 | return -1; 42 | } 43 | _crypto_sign_ed25519_ref10_hinit(&hs, prehashed); 44 | crypto_hash_sha512_update(&hs, sig, 32); 45 | crypto_hash_sha512_update(&hs, pk, 32); 46 | crypto_hash_sha512_update(&hs, m, mlen); 47 | crypto_hash_sha512_final(&hs, h); 48 | sc25519_reduce(h); 49 | 50 | ge25519_double_scalarmult_vartime(&R, h, &A, sig + 32); 51 | ge25519_tobytes(rcheck, &R); 52 | 53 | return crypto_verify_32(rcheck, sig) | (-(rcheck == sig)) | 54 | sodium_memcmp(sig, rcheck, 32); 55 | } 56 | 57 | int 58 | crypto_sign_ed25519_verify_detached(const unsigned char *sig, 59 | const unsigned char *m, 60 | unsigned long long mlen, 61 | const unsigned char *pk) 62 | { 63 | return _crypto_sign_ed25519_verify_detached(sig, m, mlen, pk, 0); 64 | } 65 | 66 | int 67 | crypto_sign_ed25519_open(unsigned char *m, unsigned long long *mlen_p, 68 | const unsigned char *sm, unsigned long long smlen, 69 | const unsigned char *pk) 70 | { 71 | unsigned long long mlen; 72 | 73 | if (smlen < 64 || smlen - 64 > crypto_sign_ed25519_MESSAGEBYTES_MAX) { 74 | goto badsig; 75 | } 76 | mlen = smlen - 64; 77 | if (crypto_sign_ed25519_verify_detached(sm, sm + 64, mlen, pk) != 0) { 78 | if (m != NULL) { 79 | memset(m, 0, mlen); 80 | } 81 | goto badsig; 82 | } 83 | if (mlen_p != NULL) { 84 | *mlen_p = mlen; 85 | } 86 | if (m != NULL) { 87 | memmove(m, sm + 64, mlen); 88 | } 89 | return 0; 90 | 91 | badsig: 92 | if (mlen_p != NULL) { 93 | *mlen_p = 0; 94 | } 95 | return -1; 96 | } 97 | -------------------------------------------------------------------------------- /sodium/sodium_ref10_scalarmult_ed25519_ref10.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_crypto_scalarmult_ed25519.h" 5 | #include "sodium_private_ed25519_ref10.h" 6 | #include "sodium_utils.h" 7 | 8 | static int 9 | _crypto_scalarmult_ed25519_is_inf(const unsigned char s[32]) 10 | { 11 | unsigned char c; 12 | unsigned int i; 13 | 14 | c = s[0] ^ 0x01; 15 | for (i = 1; i < 31; i++) { 16 | c |= s[i]; 17 | } 18 | c |= s[31] & 0x7f; 19 | 20 | return ((((unsigned int) c) - 1U) >> 8) & 1; 21 | } 22 | 23 | static inline void 24 | _crypto_scalarmult_ed25519_clamp(unsigned char k[32]) 25 | { 26 | k[0] &= 248; 27 | k[31] &= 127; 28 | k[31] |= 64; 29 | } 30 | 31 | static int 32 | _crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, 33 | const unsigned char *p, const int clamp) 34 | { 35 | unsigned char *t = q; 36 | ge25519_p3 Q; 37 | ge25519_p3 P; 38 | unsigned int i; 39 | 40 | if (ge25519_is_canonical(p) == 0 || ge25519_has_small_order(p) != 0 || 41 | ge25519_frombytes(&P, p) != 0 || ge25519_is_on_main_subgroup(&P) == 0) { 42 | return -1; 43 | } 44 | for (i = 0; i < 32; ++i) { 45 | t[i] = n[i]; 46 | } 47 | if (clamp != 0) { 48 | _crypto_scalarmult_ed25519_clamp(t); 49 | } 50 | ge25519_scalarmult(&Q, t, &P); 51 | ge25519_p3_tobytes(q, &Q); 52 | if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) { 53 | return -1; 54 | } 55 | return 0; 56 | } 57 | 58 | int 59 | crypto_scalarmult_ed25519(unsigned char *q, const unsigned char *n, 60 | const unsigned char *p) 61 | { 62 | return _crypto_scalarmult_ed25519(q, n, p, 1); 63 | } 64 | 65 | int 66 | crypto_scalarmult_ed25519_noclamp(unsigned char *q, const unsigned char *n, 67 | const unsigned char *p) 68 | { 69 | return _crypto_scalarmult_ed25519(q, n, p, 0); 70 | } 71 | 72 | static int 73 | _crypto_scalarmult_ed25519_base(unsigned char *q, 74 | const unsigned char *n, const int clamp) 75 | { 76 | unsigned char *t = q; 77 | ge25519_p3 Q; 78 | unsigned int i; 79 | 80 | for (i = 0; i < 32; ++i) { 81 | t[i] = n[i]; 82 | } 83 | if (clamp != 0) { 84 | _crypto_scalarmult_ed25519_clamp(t); 85 | } 86 | ge25519_scalarmult_base(&Q, t); 87 | ge25519_p3_tobytes(q, &Q); 88 | if (_crypto_scalarmult_ed25519_is_inf(q) != 0 || sodium_is_zero(n, 32)) { 89 | return -1; 90 | } 91 | return 0; 92 | } 93 | 94 | int 95 | crypto_scalarmult_ed25519_base(unsigned char *q, 96 | const unsigned char *n) 97 | { 98 | return _crypto_scalarmult_ed25519_base(q, n, 1); 99 | } 100 | 101 | int 102 | crypto_scalarmult_ed25519_base_noclamp(unsigned char *q, 103 | const unsigned char *n) 104 | { 105 | return _crypto_scalarmult_ed25519_base(q, n, 0); 106 | } 107 | 108 | size_t 109 | crypto_scalarmult_ed25519_bytes(void) 110 | { 111 | return crypto_scalarmult_ed25519_BYTES; 112 | } 113 | 114 | size_t 115 | crypto_scalarmult_ed25519_scalarbytes(void) 116 | { 117 | return crypto_scalarmult_ed25519_SCALARBYTES; 118 | } 119 | -------------------------------------------------------------------------------- /sodium/sodium_ref10_sign_ed25519.h: -------------------------------------------------------------------------------- 1 | #ifndef sign_ed25519_ref10_H 2 | #define sign_ed25519_ref10_H 3 | 4 | void _crypto_sign_ed25519_ref10_hinit(crypto_hash_sha512_state *hs, 5 | int prehashed); 6 | 7 | int _crypto_sign_ed25519_detached(unsigned char *sig, 8 | unsigned long long *siglen_p, 9 | const unsigned char *m, 10 | unsigned long long mlen, 11 | const unsigned char *sk, int prehashed); 12 | 13 | int _crypto_sign_ed25519_verify_detached(const unsigned char *sig, 14 | const unsigned char *m, 15 | unsigned long long mlen, 16 | const unsigned char *pk, 17 | int prehashed); 18 | #endif 19 | -------------------------------------------------------------------------------- /sodium/sodium_ref10_x25519.h: -------------------------------------------------------------------------------- 1 | #ifndef x25519_ref10_H 2 | #define x25519_ref10_H 3 | 4 | #include "sodium_crypto_scalarmult_curve25519.h" 5 | #include "sodium_scalarmult_curve25519.h" 6 | 7 | extern struct crypto_scalarmult_curve25519_implementation 8 | crypto_scalarmult_curve25519_ref10_implementation; 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /sodium/sodium_runtime.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef sodium_runtime_H 3 | #define sodium_runtime_H 4 | 5 | #include "sodium_export.h" 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | int sodium_runtime_has_neon(void); 12 | 13 | int sodium_runtime_has_sse2(void); 14 | 15 | int sodium_runtime_has_sse3(void); 16 | 17 | int sodium_runtime_has_ssse3(void); 18 | 19 | int sodium_runtime_has_sse41(void); 20 | 21 | int sodium_runtime_has_avx(void); 22 | 23 | int sodium_runtime_has_avx2(void); 24 | 25 | int sodium_runtime_has_avx512f(void); 26 | 27 | int sodium_runtime_has_pclmul(void); 28 | 29 | int sodium_runtime_has_aesni(void); 30 | 31 | int sodium_runtime_has_rdrand(void); 32 | 33 | /* ------------------------------------------------------------------------- */ 34 | 35 | int _sodium_runtime_get_cpu_features(void); 36 | 37 | #ifdef __cplusplus 38 | } 39 | #endif 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /sodium/sodium_salsa20-ref.c: -------------------------------------------------------------------------------- 1 | /* 2 | version 20140420 3 | D. J. Bernstein 4 | Public domain. 5 | */ 6 | 7 | #include 8 | 9 | #include "sodium_crypto_core_salsa20.h" 10 | #include "sodium_crypto_stream_salsa20.h" 11 | #include "sodium_utils.h" 12 | 13 | #include "sodium_stream_salsa20.h" 14 | #include "sodium_salsa20-ref.h" 15 | 16 | #ifndef HAVE_AMD64_ASM 17 | 18 | static int 19 | stream_ref(unsigned char *c, unsigned long long clen, const unsigned char *n, 20 | const unsigned char *k) 21 | { 22 | unsigned char in[16]; 23 | unsigned char block[64]; 24 | unsigned char kcopy[32]; 25 | unsigned int i; 26 | unsigned int u; 27 | 28 | if (!clen) { 29 | return 0; 30 | } 31 | for (i = 0; i < 32; i++) { 32 | kcopy[i] = k[i]; 33 | } 34 | for (i = 0; i < 8; i++) { 35 | in[i] = n[i]; 36 | } 37 | for (i = 8; i < 16; i++) { 38 | in[i] = 0; 39 | } 40 | while (clen >= 64) { 41 | crypto_core_salsa20(c, in, kcopy, NULL); 42 | u = 1; 43 | for (i = 8; i < 16; i++) { 44 | u += (unsigned int) in[i]; 45 | in[i] = (unsigned char) u; 46 | u >>= 8; 47 | } 48 | clen -= 64; 49 | c += 64; 50 | } 51 | if (clen) { 52 | crypto_core_salsa20(block, in, kcopy, NULL); 53 | for (i = 0; i < (unsigned int) clen; i++) { 54 | c[i] = block[i]; 55 | } 56 | } 57 | sodium_memzero(block, sizeof block); 58 | sodium_memzero(kcopy, sizeof kcopy); 59 | 60 | return 0; 61 | } 62 | 63 | static int 64 | stream_ref_xor_ic(unsigned char *c, const unsigned char *m, 65 | unsigned long long mlen, const unsigned char *n, uint64_t ic, 66 | const unsigned char *k) 67 | { 68 | unsigned char in[16]; 69 | unsigned char block[64]; 70 | unsigned char kcopy[32]; 71 | unsigned int i; 72 | unsigned int u; 73 | 74 | if (!mlen) { 75 | return 0; 76 | } 77 | for (i = 0; i < 32; i++) { 78 | kcopy[i] = k[i]; 79 | } 80 | for (i = 0; i < 8; i++) { 81 | in[i] = n[i]; 82 | } 83 | for (i = 8; i < 16; i++) { 84 | in[i] = (unsigned char) (ic & 0xff); 85 | ic >>= 8; 86 | } 87 | while (mlen >= 64) { 88 | crypto_core_salsa20(block, in, kcopy, NULL); 89 | for (i = 0; i < 64; i++) { 90 | c[i] = m[i] ^ block[i]; 91 | } 92 | u = 1; 93 | for (i = 8; i < 16; i++) { 94 | u += (unsigned int) in[i]; 95 | in[i] = (unsigned char) u; 96 | u >>= 8; 97 | } 98 | mlen -= 64; 99 | c += 64; 100 | m += 64; 101 | } 102 | if (mlen) { 103 | crypto_core_salsa20(block, in, kcopy, NULL); 104 | for (i = 0; i < (unsigned int) mlen; i++) { 105 | c[i] = m[i] ^ block[i]; 106 | } 107 | } 108 | sodium_memzero(block, sizeof block); 109 | sodium_memzero(kcopy, sizeof kcopy); 110 | 111 | return 0; 112 | } 113 | 114 | struct crypto_stream_salsa20_implementation 115 | crypto_stream_salsa20_ref_implementation = { 116 | SODIUM_C99(.stream =) stream_ref, 117 | SODIUM_C99(.stream_xor_ic =) stream_ref_xor_ic, 118 | }; 119 | 120 | #else 121 | 122 | int salsa20_ref_dummy = 0; 123 | 124 | #endif 125 | -------------------------------------------------------------------------------- /sodium/sodium_salsa20-ref.h: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_stream_salsa20.h" 5 | #include "sodium_crypto_stream_salsa20.h" 6 | 7 | extern struct crypto_stream_salsa20_implementation 8 | crypto_stream_salsa20_ref_implementation; 9 | -------------------------------------------------------------------------------- /sodium/sodium_salsa20-xmm6.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_utils.h" 5 | #include "sodium_stream_salsa20.h" 6 | #include "sodium_salsa20-xmm6.h" 7 | #include "sodium_private_common.h" 8 | 9 | #ifdef HAVE_AMD64_ASM 10 | 11 | #ifdef __cplusplus 12 | extern "C" { 13 | #endif 14 | extern int stream_salsa20_xmm6(unsigned char *c, unsigned long long clen, 15 | const unsigned char *n, const unsigned char *k); 16 | 17 | extern int stream_salsa20_xmm6_xor_ic(unsigned char *c, const unsigned char *m, 18 | unsigned long long mlen, 19 | const unsigned char *n, 20 | uint64_t ic, const unsigned char *k); 21 | #ifdef __cplusplus 22 | } 23 | #endif 24 | 25 | struct crypto_stream_salsa20_implementation 26 | crypto_stream_salsa20_xmm6_implementation = { 27 | SODIUM_C99(.stream =) stream_salsa20_xmm6, 28 | SODIUM_C99(.stream_xor_ic =) stream_salsa20_xmm6_xor_ic, 29 | }; 30 | 31 | #endif 32 | 33 | int salsa20_xmm6_link_warning_dummy = 0; 34 | -------------------------------------------------------------------------------- /sodium/sodium_salsa20-xmm6.h: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_stream_salsa20.h" 5 | #include "sodium_crypto_stream_salsa20.h" 6 | 7 | extern struct crypto_stream_salsa20_implementation 8 | crypto_stream_salsa20_xmm6_implementation; 9 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x.S: -------------------------------------------------------------------------------- 1 | 2 | #ifdef NETCODE_AVX 3 | 4 | #define IN_SANDY2X 5 | 6 | #include "sodium_sandy2x_consts.S" 7 | #include "sodium_sandy2x_fe51_mul.S" 8 | #include "sodium_sandy2x_fe51_nsquare.S" 9 | #include "sodium_sandy2x_fe51_pack.S" 10 | #include "sodium_sandy2x_ladder.S" 11 | #include "sodium_sandy2x_ladder_base.S" 12 | 13 | #if defined(__linux__) && defined(__ELF__) 14 | .section .note.GNU-stack,"",%progbits 15 | #endif 16 | 17 | #endif 18 | 19 | .globl consts_S_dummy 20 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_consts.S: -------------------------------------------------------------------------------- 1 | #ifdef IN_SANDY2X 2 | 3 | /* 4 | REDMASK51 is from amd64-51/consts.s. 5 | */ 6 | 7 | #include "sodium_sandy2x_consts_namespace.h" 8 | .data 9 | .p2align 4 10 | v0_0: .quad 0, 0 11 | v1_0: .quad 1, 0 12 | v2_1: .quad 2, 1 13 | v9_0: .quad 9, 0 14 | v9_9: .quad 9, 9 15 | v19_19: .quad 19, 19 16 | v38_1: .quad 38, 1 17 | v38_38: .quad 38, 38 18 | v121666_121666: .quad 121666, 121666 19 | m25: .quad 33554431, 33554431 20 | m26: .quad 67108863, 67108863 21 | subc0: .quad 0x07FFFFDA, 0x03FFFFFE 22 | subc2: .quad 0x07FFFFFE, 0x03FFFFFE 23 | REDMASK51: .quad 0x0007FFFFFFFFFFFF 24 | 25 | #endif 26 | 27 | .globl consts_S_dummy 28 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_consts_namespace.h: -------------------------------------------------------------------------------- 1 | #ifndef consts_namespace_H 2 | #define consts_namespace_H 3 | 4 | #define v0_0 crypto_scalarmult_curve25519_sandy2x_v0_0 5 | #define v1_0 crypto_scalarmult_curve25519_sandy2x_v1_0 6 | #define v2_1 crypto_scalarmult_curve25519_sandy2x_v2_1 7 | #define v9_0 crypto_scalarmult_curve25519_sandy2x_v9_0 8 | #define v9_9 crypto_scalarmult_curve25519_sandy2x_v9_9 9 | #define v19_19 crypto_scalarmult_curve25519_sandy2x_v19_19 10 | #define v38_1 crypto_scalarmult_curve25519_sandy2x_v38_1 11 | #define v38_38 crypto_scalarmult_curve25519_sandy2x_v38_38 12 | #define v121666_121666 crypto_scalarmult_curve25519_sandy2x_v121666_121666 13 | #define m25 crypto_scalarmult_curve25519_sandy2x_m25 14 | #define m26 crypto_scalarmult_curve25519_sandy2x_m26 15 | #define subc0 crypto_scalarmult_curve25519_sandy2x_subc0 16 | #define subc2 crypto_scalarmult_curve25519_sandy2x_subc2 17 | #define REDMASK51 crypto_scalarmult_curve25519_sandy2x_REDMASK51 18 | 19 | #endif /* ifndef consts_namespace_H */ 20 | 21 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_curve25519.c: -------------------------------------------------------------------------------- 1 | /* 2 | This file is adapted from ref10/scalarmult.c: 3 | The code for Mongomery ladder is replace by the ladder assembly function; 4 | Inversion is done in the same way as amd64-51/. 5 | (fe is first converted into fe51 after Mongomery ladder) 6 | */ 7 | 8 | #include 9 | 10 | #include "sodium_private_common.h" 11 | 12 | #ifdef HAVE_AVX_ASM 13 | 14 | #include "sodium_utils.h" 15 | #include "sodium_sandy2x_curve25519.h" 16 | #include "sodium_scalarmult_curve25519.h" 17 | #include "sodium_sandy2x_fe.h" 18 | #include "sodium_sandy2x_fe51.h" 19 | #include "sodium_sandy2x_ladder.h" 20 | #include "sodium_sandy2x_ladder_base.h" 21 | 22 | #define x1 var[0] 23 | #define x2 var[1] 24 | #define z2 var[2] 25 | 26 | static int 27 | crypto_scalarmult_curve25519_sandy2x(unsigned char *q, const unsigned char *n, 28 | const unsigned char *p) 29 | { 30 | unsigned char *t = q; 31 | fe var[3]; 32 | fe51 x_51; 33 | fe51 z_51; 34 | unsigned int i; 35 | 36 | for (i = 0; i < 32; i++) { 37 | t[i] = n[i]; 38 | } 39 | t[0] &= 248; 40 | t[31] &= 127; 41 | t[31] |= 64; 42 | 43 | fe_frombytes(x1, p); 44 | 45 | ladder(var, t); 46 | 47 | z_51.v[0] = (z2[1] << 26) + z2[0]; 48 | z_51.v[1] = (z2[3] << 26) + z2[2]; 49 | z_51.v[2] = (z2[5] << 26) + z2[4]; 50 | z_51.v[3] = (z2[7] << 26) + z2[6]; 51 | z_51.v[4] = (z2[9] << 26) + z2[8]; 52 | 53 | x_51.v[0] = (x2[1] << 26) + x2[0]; 54 | x_51.v[1] = (x2[3] << 26) + x2[2]; 55 | x_51.v[2] = (x2[5] << 26) + x2[4]; 56 | x_51.v[3] = (x2[7] << 26) + x2[6]; 57 | x_51.v[4] = (x2[9] << 26) + x2[8]; 58 | 59 | fe51_invert(&z_51, &z_51); 60 | fe51_mul(&x_51, &x_51, &z_51); 61 | fe51_pack(q, &x_51); 62 | 63 | return 0; 64 | } 65 | 66 | #undef x2 67 | #undef z2 68 | 69 | #define x2 var[0] 70 | #define z2 var[1] 71 | 72 | static int 73 | crypto_scalarmult_curve25519_sandy2x_base(unsigned char *q, 74 | const unsigned char *n) 75 | { 76 | unsigned char *t = q; 77 | fe var[3]; 78 | fe51 x_51; 79 | fe51 z_51; 80 | unsigned int i; 81 | 82 | for (i = 0;i < 32; i++) { 83 | t[i] = n[i]; 84 | } 85 | t[0] &= 248; 86 | t[31] &= 127; 87 | t[31] |= 64; 88 | 89 | ladder_base(var, t); 90 | 91 | z_51.v[0] = (z2[1] << 26) + z2[0]; 92 | z_51.v[1] = (z2[3] << 26) + z2[2]; 93 | z_51.v[2] = (z2[5] << 26) + z2[4]; 94 | z_51.v[3] = (z2[7] << 26) + z2[6]; 95 | z_51.v[4] = (z2[9] << 26) + z2[8]; 96 | 97 | x_51.v[0] = (x2[1] << 26) + x2[0]; 98 | x_51.v[1] = (x2[3] << 26) + x2[2]; 99 | x_51.v[2] = (x2[5] << 26) + x2[4]; 100 | x_51.v[3] = (x2[7] << 26) + x2[6]; 101 | x_51.v[4] = (x2[9] << 26) + x2[8]; 102 | 103 | fe51_invert(&z_51, &z_51); 104 | fe51_mul(&x_51, &x_51, &z_51); 105 | fe51_pack(q, &x_51); 106 | 107 | return 0; 108 | } 109 | 110 | struct crypto_scalarmult_curve25519_implementation 111 | crypto_scalarmult_curve25519_sandy2x_implementation = { 112 | SODIUM_C99(.mult = ) crypto_scalarmult_curve25519_sandy2x, 113 | SODIUM_C99(.mult_base = ) crypto_scalarmult_curve25519_sandy2x_base 114 | }; 115 | 116 | #endif 117 | 118 | int curve_25519_sandy2x_link_warning_dummy = 0; 119 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_curve25519.h: -------------------------------------------------------------------------------- 1 | #ifndef curve25519_sandy2x_H 2 | #define curve25519_sandy2x_H 3 | 4 | #include "sodium_crypto_scalarmult_curve25519.h" 5 | 6 | extern struct crypto_scalarmult_curve25519_implementation 7 | crypto_scalarmult_curve25519_sandy2x_implementation; 8 | 9 | #endif 10 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_fe.h: -------------------------------------------------------------------------------- 1 | /* 2 | This file is adapted from ref10/fe.h: 3 | All the redundant functions are removed. 4 | */ 5 | 6 | #ifndef fe_H 7 | #define fe_H 8 | 9 | #include 10 | #include 11 | 12 | typedef uint64_t fe[10]; 13 | 14 | /* 15 | fe means field element. 16 | Here the field is \Z/(2^255-19). 17 | An element t, entries t[0]...t[9], represents the integer 18 | t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. 19 | Bounds on each t[i] vary depending on context. 20 | */ 21 | 22 | #define fe_frombytes crypto_scalarmult_curve25519_sandy2x_fe_frombytes 23 | 24 | extern void fe_frombytes(fe, const unsigned char *); 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_fe51.h: -------------------------------------------------------------------------------- 1 | /* 2 | This file is adapted from amd64-51/fe25519.h: 3 | 'fe25519' is renamed as 'fe51'; 4 | All the redundant functions are removed; 5 | New function fe51_nsquare is introduced. 6 | */ 7 | 8 | #ifndef fe51_H 9 | #define fe51_H 10 | 11 | #ifdef __cplusplus 12 | extern "C" { 13 | #endif 14 | 15 | #include 16 | #include 17 | 18 | #include "sodium_sandy2x_fe51_namespace.h" 19 | 20 | typedef struct 21 | { 22 | uint64_t v[5]; 23 | } 24 | fe51; 25 | 26 | extern void fe51_pack(unsigned char *, const fe51 *); 27 | extern void fe51_mul(fe51 *, const fe51 *, const fe51 *); 28 | extern void fe51_nsquare(fe51 *, const fe51 *, int); 29 | extern void fe51_invert(fe51 *, const fe51 *); 30 | 31 | #ifdef __cplusplus 32 | } 33 | #endif 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_fe51_invert.c: -------------------------------------------------------------------------------- 1 | /* 2 | This file is adapted from amd64-51/fe25519_invert.c: 3 | Loops of squares are replaced by nsquares for better performance. 4 | */ 5 | 6 | #include "sodium_sandy2x_fe51.h" 7 | #include "sodium_private_common.h" 8 | 9 | #ifdef HAVE_AVX_ASM 10 | 11 | #define fe51_square(x, y) fe51_nsquare(x, y, 1) 12 | 13 | void 14 | fe51_invert(fe51 *r, const fe51 *x) 15 | { 16 | fe51 z2; 17 | fe51 z9; 18 | fe51 z11; 19 | fe51 z2_5_0; 20 | fe51 z2_10_0; 21 | fe51 z2_20_0; 22 | fe51 z2_50_0; 23 | fe51 z2_100_0; 24 | fe51 t; 25 | 26 | /* 2 */ fe51_square(&z2,x); 27 | /* 4 */ fe51_square(&t,&z2); 28 | /* 8 */ fe51_square(&t,&t); 29 | /* 9 */ fe51_mul(&z9,&t,x); 30 | /* 11 */ fe51_mul(&z11,&z9,&z2); 31 | /* 22 */ fe51_square(&t,&z11); 32 | /* 2^5 - 2^0 = 31 */ fe51_mul(&z2_5_0,&t,&z9); 33 | 34 | /* 2^10 - 2^5 */ fe51_nsquare(&t,&z2_5_0, 5); 35 | /* 2^10 - 2^0 */ fe51_mul(&z2_10_0,&t,&z2_5_0); 36 | 37 | /* 2^20 - 2^10 */ fe51_nsquare(&t,&z2_10_0, 10); 38 | /* 2^20 - 2^0 */ fe51_mul(&z2_20_0,&t,&z2_10_0); 39 | 40 | /* 2^40 - 2^20 */ fe51_nsquare(&t,&z2_20_0, 20); 41 | /* 2^40 - 2^0 */ fe51_mul(&t,&t,&z2_20_0); 42 | 43 | /* 2^50 - 2^10 */ fe51_nsquare(&t,&t,10); 44 | /* 2^50 - 2^0 */ fe51_mul(&z2_50_0,&t,&z2_10_0); 45 | 46 | /* 2^100 - 2^50 */ fe51_nsquare(&t,&z2_50_0, 50); 47 | /* 2^100 - 2^0 */ fe51_mul(&z2_100_0,&t,&z2_50_0); 48 | 49 | /* 2^200 - 2^100 */ fe51_nsquare(&t,&z2_100_0, 100); 50 | /* 2^200 - 2^0 */ fe51_mul(&t,&t,&z2_100_0); 51 | 52 | /* 2^250 - 2^50 */ fe51_nsquare(&t,&t, 50); 53 | /* 2^250 - 2^0 */ fe51_mul(&t,&t,&z2_50_0); 54 | 55 | /* 2^255 - 2^5 */ fe51_nsquare(&t,&t,5); 56 | /* 2^255 - 21 */ fe51_mul(r,&t,&z11); 57 | } 58 | 59 | #endif 60 | 61 | int fe51_invert_link_warning_dummy = 0; 62 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_fe51_namespace.h: -------------------------------------------------------------------------------- 1 | #ifndef fe51_namespace_H 2 | #define fe51_namespace_H 3 | 4 | #define fe51 crypto_scalarmult_curve25519_sandy2x_fe51 5 | #define _fe51 _crypto_scalarmult_curve25519_sandy2x_fe51 6 | #define fe51_pack crypto_scalarmult_curve25519_sandy2x_fe51_pack 7 | #define _fe51_pack _crypto_scalarmult_curve25519_sandy2x_fe51_pack 8 | #define fe51_mul crypto_scalarmult_curve25519_sandy2x_fe51_mul 9 | #define _fe51_mul _crypto_scalarmult_curve25519_sandy2x_fe51_mul 10 | #define fe51_nsquare crypto_scalarmult_curve25519_sandy2x_fe51_nsquare 11 | #define _fe51_nsquare _crypto_scalarmult_curve25519_sandy2x_fe51_nsquare 12 | 13 | #define fe51_invert crypto_scalarmult_curve25519_sandy2x_fe51_invert 14 | 15 | #endif /* ifndef fe51_namespace_H */ 16 | 17 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_fe51_nsquare.S: -------------------------------------------------------------------------------- 1 | #ifdef IN_SANDY2X 2 | 3 | /* 4 | This file is adapted from amd64-51/fe25519_square.s: 5 | Adding loop to perform n squares. 6 | */ 7 | #include "sodium_sandy2x_fe51_namespace.h" 8 | #include "sodium_sandy2x_consts_namespace.h" 9 | .p2align 5 10 | 11 | #ifdef ASM_HIDE_SYMBOL 12 | ASM_HIDE_SYMBOL fe51_nsquare 13 | ASM_HIDE_SYMBOL _fe51_nsquare 14 | #endif 15 | .globl fe51_nsquare 16 | .globl _fe51_nsquare 17 | #ifdef __ELF__ 18 | .type fe51_nsquare, @function 19 | .type _fe51_nsquare, @function 20 | #endif 21 | fe51_nsquare: 22 | _fe51_nsquare: 23 | 24 | mov %rsp,%r11 25 | and $31,%r11 26 | add $64,%r11 27 | sub %r11,%rsp 28 | movq %r11,0(%rsp) 29 | movq %r12,8(%rsp) 30 | movq %r13,16(%rsp) 31 | movq %r14,24(%rsp) 32 | movq %r15,32(%rsp) 33 | movq %rbx,40(%rsp) 34 | movq %rbp,48(%rsp) 35 | movq 0(%rsi),%rcx 36 | movq 8(%rsi),%r8 37 | movq 16(%rsi),%r9 38 | movq 24(%rsi),%rax 39 | movq 32(%rsi),%rsi 40 | movq %r9,16(%rdi) 41 | movq %rax,24(%rdi) 42 | movq %rsi,32(%rdi) 43 | mov %rdx,%rsi 44 | 45 | .p2align 4 46 | ._loop: 47 | sub $1,%rsi 48 | mov %rcx,%rax 49 | mul %rcx 50 | add %rcx,%rcx 51 | mov %rax,%r9 52 | mov %rdx,%r10 53 | mov %rcx,%rax 54 | mul %r8 55 | mov %rax,%r11 56 | mov %rdx,%r12 57 | mov %rcx,%rax 58 | mulq 16(%rdi) 59 | mov %rax,%r13 60 | mov %rdx,%r14 61 | mov %rcx,%rax 62 | mulq 24(%rdi) 63 | mov %rax,%r15 64 | mov %rdx,%rbx 65 | mov %rcx,%rax 66 | mulq 32(%rdi) 67 | mov %rax,%rcx 68 | mov %rdx,%rbp 69 | mov %r8,%rax 70 | mul %r8 71 | add %r8,%r8 72 | add %rax,%r13 73 | adc %rdx,%r14 74 | mov %r8,%rax 75 | mulq 16(%rdi) 76 | add %rax,%r15 77 | adc %rdx,%rbx 78 | mov %r8,%rax 79 | imulq $19, %r8,%r8 80 | mulq 24(%rdi) 81 | add %rax,%rcx 82 | adc %rdx,%rbp 83 | mov %r8,%rax 84 | mulq 32(%rdi) 85 | add %rax,%r9 86 | adc %rdx,%r10 87 | movq 16(%rdi),%rax 88 | mulq 16(%rdi) 89 | add %rax,%rcx 90 | adc %rdx,%rbp 91 | shld $13,%rcx,%rbp 92 | movq 16(%rdi),%rax 93 | imulq $38, %rax,%rax 94 | mulq 24(%rdi) 95 | add %rax,%r9 96 | adc %rdx,%r10 97 | shld $13,%r9,%r10 98 | movq 16(%rdi),%rax 99 | imulq $38, %rax,%rax 100 | mulq 32(%rdi) 101 | add %rax,%r11 102 | adc %rdx,%r12 103 | movq 24(%rdi),%rax 104 | imulq $19, %rax,%rax 105 | mulq 24(%rdi) 106 | add %rax,%r11 107 | adc %rdx,%r12 108 | shld $13,%r11,%r12 109 | movq 24(%rdi),%rax 110 | imulq $38, %rax,%rax 111 | mulq 32(%rdi) 112 | add %rax,%r13 113 | adc %rdx,%r14 114 | shld $13,%r13,%r14 115 | movq 32(%rdi),%rax 116 | imulq $19, %rax,%rax 117 | mulq 32(%rdi) 118 | add %rax,%r15 119 | adc %rdx,%rbx 120 | shld $13,%r15,%rbx 121 | movq REDMASK51(%rip),%rdx 122 | and %rdx,%rcx 123 | add %rbx,%rcx 124 | and %rdx,%r9 125 | and %rdx,%r11 126 | add %r10,%r11 127 | and %rdx,%r13 128 | add %r12,%r13 129 | and %rdx,%r15 130 | add %r14,%r15 131 | imulq $19, %rbp,%rbp 132 | lea (%r9,%rbp),%r9 133 | mov %r9,%rax 134 | shr $51,%r9 135 | add %r11,%r9 136 | and %rdx,%rax 137 | mov %r9,%r8 138 | shr $51,%r9 139 | add %r13,%r9 140 | and %rdx,%r8 141 | mov %r9,%r10 142 | shr $51,%r9 143 | add %r15,%r9 144 | and %rdx,%r10 145 | movq %r10,16(%rdi) 146 | mov %r9,%r10 147 | shr $51,%r9 148 | add %rcx,%r9 149 | and %rdx,%r10 150 | movq %r10,24(%rdi) 151 | mov %r9,%r10 152 | shr $51,%r9 153 | imulq $19, %r9,%r9 154 | lea (%rax,%r9),%rcx 155 | and %rdx,%r10 156 | movq %r10,32(%rdi) 157 | cmp $0,%rsi 158 | jne ._loop 159 | 160 | movq %rcx,0(%rdi) 161 | movq %r8,8(%rdi) 162 | movq 0(%rsp),%r11 163 | movq 8(%rsp),%r12 164 | movq 16(%rsp),%r13 165 | movq 24(%rsp),%r14 166 | movq 32(%rsp),%r15 167 | movq 40(%rsp),%rbx 168 | movq 48(%rsp),%rbp 169 | add %r11,%rsp 170 | ret 171 | 172 | #endif 173 | 174 | .globl fe51_nsquare_S_dummy 175 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_fe_frombytes.c: -------------------------------------------------------------------------------- 1 | /* 2 | This file is basically ref10/fe_frombytes.h. 3 | */ 4 | 5 | #include "sodium_sandy2x_fe.h" 6 | #include "sodium_private_common.h" 7 | 8 | #ifdef HAVE_AVX_ASM 9 | 10 | static uint64_t 11 | load_3(const unsigned char *in) 12 | { 13 | uint64_t result; 14 | result = (uint64_t) in[0]; 15 | result |= ((uint64_t) in[1]) << 8; 16 | result |= ((uint64_t) in[2]) << 16; 17 | return result; 18 | } 19 | 20 | static uint64_t 21 | load_4(const unsigned char *in) 22 | { 23 | uint64_t result; 24 | result = (uint64_t) in[0]; 25 | result |= ((uint64_t) in[1]) << 8; 26 | result |= ((uint64_t) in[2]) << 16; 27 | result |= ((uint64_t) in[3]) << 24; 28 | return result; 29 | } 30 | 31 | void 32 | fe_frombytes(fe h, const unsigned char *s) 33 | { 34 | uint64_t h0 = load_4(s); 35 | uint64_t h1 = load_3(s + 4) << 6; 36 | uint64_t h2 = load_3(s + 7) << 5; 37 | uint64_t h3 = load_3(s + 10) << 3; 38 | uint64_t h4 = load_3(s + 13) << 2; 39 | uint64_t h5 = load_4(s + 16); 40 | uint64_t h6 = load_3(s + 20) << 7; 41 | uint64_t h7 = load_3(s + 23) << 5; 42 | uint64_t h8 = load_3(s + 26) << 4; 43 | uint64_t h9 = (load_3(s + 29) & 8388607) << 2; 44 | uint64_t carry0; 45 | uint64_t carry1; 46 | uint64_t carry2; 47 | uint64_t carry3; 48 | uint64_t carry4; 49 | uint64_t carry5; 50 | uint64_t carry6; 51 | uint64_t carry7; 52 | uint64_t carry8; 53 | uint64_t carry9; 54 | 55 | carry9 = h9 >> 25; h0 += carry9 * 19; h9 &= 0x1FFFFFF; 56 | carry1 = h1 >> 25; h2 += carry1; h1 &= 0x1FFFFFF; 57 | carry3 = h3 >> 25; h4 += carry3; h3 &= 0x1FFFFFF; 58 | carry5 = h5 >> 25; h6 += carry5; h5 &= 0x1FFFFFF; 59 | carry7 = h7 >> 25; h8 += carry7; h7 &= 0x1FFFFFF; 60 | 61 | carry0 = h0 >> 26; h1 += carry0; h0 &= 0x3FFFFFF; 62 | carry2 = h2 >> 26; h3 += carry2; h2 &= 0x3FFFFFF; 63 | carry4 = h4 >> 26; h5 += carry4; h4 &= 0x3FFFFFF; 64 | carry6 = h6 >> 26; h7 += carry6; h6 &= 0x3FFFFFF; 65 | carry8 = h8 >> 26; h9 += carry8; h8 &= 0x3FFFFFF; 66 | 67 | h[0] = h0; 68 | h[1] = h1; 69 | h[2] = h2; 70 | h[3] = h3; 71 | h[4] = h4; 72 | h[5] = h5; 73 | h[6] = h6; 74 | h[7] = h7; 75 | h[8] = h8; 76 | h[9] = h9; 77 | } 78 | 79 | #endif 80 | 81 | int fe_frombytes_sandy2x_link_warning_dummy = 0; 82 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_ladder.h: -------------------------------------------------------------------------------- 1 | #ifndef ladder_H 2 | #define ladder_H 3 | 4 | #ifdef __cplusplus 5 | extern "C" { 6 | #endif 7 | 8 | #include "sodium_sandy2x_fe.h" 9 | #include "sodium_sandy2x_ladder_namespace.h" 10 | 11 | extern void ladder(fe *, const unsigned char *); 12 | 13 | #ifdef __cplusplus 14 | } 15 | #endif 16 | 17 | #endif /* ifndef ladder_H */ 18 | 19 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_ladder_base.h: -------------------------------------------------------------------------------- 1 | #ifndef ladder_base_H 2 | #define ladder_base_H 3 | 4 | #ifdef __cplusplus 5 | extern "C" { 6 | #endif 7 | 8 | #include "sodium_sandy2x_fe.h" 9 | #include "sodium_sandy2x_ladder_base_namespace.h" 10 | 11 | extern void ladder_base(fe *, const unsigned char *); 12 | 13 | #ifdef __cplusplus 14 | } 15 | #endif 16 | 17 | #endif /* ifndef ladder_base_H */ 18 | 19 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_ladder_base_namespace.h: -------------------------------------------------------------------------------- 1 | #ifndef ladder_base_namespace_H 2 | #define ladder_base_namespace_H 3 | 4 | #define ladder_base crypto_scalarmult_curve25519_sandy2x_ladder_base 5 | #define _ladder_base _crypto_scalarmult_curve25519_sandy2x_ladder_base 6 | 7 | #endif /* ifndef ladder_base_namespace_H */ 8 | 9 | -------------------------------------------------------------------------------- /sodium/sodium_sandy2x_ladder_namespace.h: -------------------------------------------------------------------------------- 1 | #ifndef ladder_namespace_H 2 | #define ladder_namespace_H 3 | 4 | #define ladder crypto_scalarmult_curve25519_sandy2x_ladder 5 | #define _ladder _crypto_scalarmult_curve25519_sandy2x_ladder 6 | 7 | #endif /* ifndef ladder_namespace_H */ 8 | 9 | -------------------------------------------------------------------------------- /sodium/sodium_scalarmult_curve25519.c: -------------------------------------------------------------------------------- 1 | 2 | #include "sodium_crypto_scalarmult_curve25519.h" 3 | #include "sodium_private_implementations.h" 4 | #include "sodium_private_common.h" 5 | #include "sodium_scalarmult_curve25519.h" 6 | #include "sodium_runtime.h" 7 | #include 8 | 9 | #ifdef HAVE_AVX_ASM 10 | # include "sodium_sandy2x_curve25519.h" 11 | #endif 12 | #include "sodium_ref10_x25519.h" 13 | static const crypto_scalarmult_curve25519_implementation *implementation = 14 | &crypto_scalarmult_curve25519_ref10_implementation; 15 | 16 | int 17 | crypto_scalarmult_curve25519(unsigned char *q, const unsigned char *n, 18 | const unsigned char *p) 19 | { 20 | size_t i; 21 | volatile unsigned char d = 0; 22 | 23 | if (implementation->mult(q, n, p) != 0) { 24 | return -1; /* LCOV_EXCL_LINE */ 25 | } 26 | for (i = 0; i < crypto_scalarmult_curve25519_BYTES; i++) { 27 | d |= q[i]; 28 | } 29 | return -(1 & ((d - 1) >> 8)); 30 | } 31 | 32 | int 33 | crypto_scalarmult_curve25519_base(unsigned char *q, const unsigned char *n) 34 | { 35 | return implementation->mult_base(q, n); 36 | } 37 | 38 | size_t 39 | crypto_scalarmult_curve25519_bytes(void) 40 | { 41 | return crypto_scalarmult_curve25519_BYTES; 42 | } 43 | 44 | size_t 45 | crypto_scalarmult_curve25519_scalarbytes(void) 46 | { 47 | return crypto_scalarmult_curve25519_SCALARBYTES; 48 | } 49 | 50 | int 51 | _crypto_scalarmult_curve25519_pick_best_implementation(void) 52 | { 53 | implementation = &crypto_scalarmult_curve25519_ref10_implementation; 54 | 55 | #ifdef HAVE_AVX_ASM 56 | if (sodium_runtime_has_avx()) { 57 | #if NETCODE_CRYPTO_LOGS 58 | printf( "curve25519 -> avx\n" ); 59 | #endif // #if NETCODE_CRYPTO_LOGS 60 | implementation = &crypto_scalarmult_curve25519_sandy2x_implementation; 61 | return 0; 62 | } 63 | #endif 64 | #if NETCODE_CRYPTO_LOGS 65 | printf( "curve25519 -> ref\n" ); 66 | #endif // #if NETCODE_CRYPTO_LOGS 67 | return 0; 68 | } 69 | -------------------------------------------------------------------------------- /sodium/sodium_scalarmult_curve25519.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef scalarmult_poly1305_H 3 | #define scalarmult_poly1305_H 4 | 5 | typedef struct crypto_scalarmult_curve25519_implementation { 6 | int (*mult)(unsigned char *q, const unsigned char *n, 7 | const unsigned char *p); 8 | int (*mult_base)(unsigned char *q, const unsigned char *n); 9 | } crypto_scalarmult_curve25519_implementation; 10 | 11 | #endif 12 | -------------------------------------------------------------------------------- /sodium/sodium_secretbox_xsalsa20poly1305.c: -------------------------------------------------------------------------------- 1 | #include "sodium_crypto_onetimeauth_poly1305.h" 2 | #include "sodium_crypto_secretbox_xsalsa20poly1305.h" 3 | #include "sodium_crypto_stream_xsalsa20.h" 4 | #include "sodium_randombytes.h" 5 | 6 | int 7 | crypto_secretbox_xsalsa20poly1305(unsigned char *c, const unsigned char *m, 8 | unsigned long long mlen, 9 | const unsigned char *n, 10 | const unsigned char *k) 11 | { 12 | int i; 13 | 14 | if (mlen < 32) { 15 | return -1; 16 | } 17 | crypto_stream_xsalsa20_xor(c, m, mlen, n, k); 18 | crypto_onetimeauth_poly1305(c + 16, c + 32, mlen - 32, c); 19 | for (i = 0; i < 16; ++i) { 20 | c[i] = 0; 21 | } 22 | return 0; 23 | } 24 | 25 | int 26 | crypto_secretbox_xsalsa20poly1305_open(unsigned char *m, const unsigned char *c, 27 | unsigned long long clen, 28 | const unsigned char *n, 29 | const unsigned char *k) 30 | { 31 | unsigned char subkey[32]; 32 | int i; 33 | 34 | if (clen < 32) { 35 | return -1; 36 | } 37 | crypto_stream_xsalsa20(subkey, 32, n, k); 38 | if (crypto_onetimeauth_poly1305_verify(c + 16, c + 32, 39 | clen - 32, subkey) != 0) { 40 | return -1; 41 | } 42 | crypto_stream_xsalsa20_xor(m, c, clen, n, k); 43 | for (i = 0; i < 32; ++i) { 44 | m[i] = 0; 45 | } 46 | return 0; 47 | } 48 | 49 | size_t 50 | crypto_secretbox_xsalsa20poly1305_keybytes(void) 51 | { 52 | return crypto_secretbox_xsalsa20poly1305_KEYBYTES; 53 | } 54 | 55 | size_t 56 | crypto_secretbox_xsalsa20poly1305_noncebytes(void) 57 | { 58 | return crypto_secretbox_xsalsa20poly1305_NONCEBYTES; 59 | } 60 | 61 | size_t 62 | crypto_secretbox_xsalsa20poly1305_zerobytes(void) 63 | { 64 | return crypto_secretbox_xsalsa20poly1305_ZEROBYTES; 65 | } 66 | 67 | size_t 68 | crypto_secretbox_xsalsa20poly1305_boxzerobytes(void) 69 | { 70 | return crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES; 71 | } 72 | 73 | size_t 74 | crypto_secretbox_xsalsa20poly1305_macbytes(void) 75 | { 76 | return crypto_secretbox_xsalsa20poly1305_MACBYTES; 77 | } 78 | 79 | size_t 80 | crypto_secretbox_xsalsa20poly1305_messagebytes_max(void) 81 | { 82 | return crypto_secretbox_xsalsa20poly1305_MESSAGEBYTES_MAX; 83 | } 84 | 85 | void 86 | crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES]) 87 | { 88 | randombytes_buf(k, crypto_secretbox_xsalsa20poly1305_KEYBYTES); 89 | } 90 | -------------------------------------------------------------------------------- /sodium/sodium_sign_ed25519.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_crypto_hash_sha512.h" 5 | #include "sodium_crypto_sign_ed25519.h" 6 | #include "sodium_ref10_sign_ed25519.h" 7 | 8 | size_t 9 | crypto_sign_ed25519ph_statebytes(void) 10 | { 11 | return sizeof(crypto_sign_ed25519ph_state); 12 | } 13 | 14 | size_t 15 | crypto_sign_ed25519_bytes(void) 16 | { 17 | return crypto_sign_ed25519_BYTES; 18 | } 19 | 20 | size_t 21 | crypto_sign_ed25519_seedbytes(void) 22 | { 23 | return crypto_sign_ed25519_SEEDBYTES; 24 | } 25 | 26 | size_t 27 | crypto_sign_ed25519_publickeybytes(void) 28 | { 29 | return crypto_sign_ed25519_PUBLICKEYBYTES; 30 | } 31 | 32 | size_t 33 | crypto_sign_ed25519_secretkeybytes(void) 34 | { 35 | return crypto_sign_ed25519_SECRETKEYBYTES; 36 | } 37 | 38 | size_t 39 | crypto_sign_ed25519_messagebytes_max(void) 40 | { 41 | return crypto_sign_ed25519_MESSAGEBYTES_MAX; 42 | } 43 | 44 | int 45 | crypto_sign_ed25519_sk_to_seed(unsigned char *seed, const unsigned char *sk) 46 | { 47 | memmove(seed, sk, crypto_sign_ed25519_SEEDBYTES); 48 | 49 | return 0; 50 | } 51 | 52 | int 53 | crypto_sign_ed25519_sk_to_pk(unsigned char *pk, const unsigned char *sk) 54 | { 55 | memmove(pk, sk + crypto_sign_ed25519_SEEDBYTES, 56 | crypto_sign_ed25519_PUBLICKEYBYTES); 57 | return 0; 58 | } 59 | 60 | int 61 | crypto_sign_ed25519ph_init(crypto_sign_ed25519ph_state *state) 62 | { 63 | crypto_hash_sha512_init(&state->hs); 64 | return 0; 65 | } 66 | 67 | int 68 | crypto_sign_ed25519ph_update(crypto_sign_ed25519ph_state *state, 69 | const unsigned char *m, unsigned long long mlen) 70 | { 71 | return crypto_hash_sha512_update(&state->hs, m, mlen); 72 | } 73 | 74 | int 75 | crypto_sign_ed25519ph_final_create(crypto_sign_ed25519ph_state *state, 76 | unsigned char *sig, 77 | unsigned long long *siglen_p, 78 | const unsigned char *sk) 79 | { 80 | unsigned char ph[crypto_hash_sha512_BYTES]; 81 | 82 | crypto_hash_sha512_final(&state->hs, ph); 83 | 84 | return _crypto_sign_ed25519_detached(sig, siglen_p, ph, sizeof ph, sk, 1); 85 | } 86 | 87 | int 88 | crypto_sign_ed25519ph_final_verify(crypto_sign_ed25519ph_state *state, 89 | const unsigned char *sig, 90 | const unsigned char *pk) 91 | { 92 | unsigned char ph[crypto_hash_sha512_BYTES]; 93 | 94 | crypto_hash_sha512_final(&state->hs, ph); 95 | 96 | return _crypto_sign_ed25519_verify_detached(sig, ph, sizeof ph, pk, 1); 97 | } 98 | -------------------------------------------------------------------------------- /sodium/sodium_stream_chacha20.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef stream_chacha20_H 3 | #define stream_chacha20_H 4 | 5 | #include 6 | 7 | typedef struct crypto_stream_chacha20_implementation { 8 | int (*stream)(unsigned char *c, unsigned long long clen, 9 | const unsigned char *n, const unsigned char *k); 10 | int (*stream_ietf_ext)(unsigned char *c, unsigned long long clen, 11 | const unsigned char *n, const unsigned char *k); 12 | int (*stream_xor_ic)(unsigned char *c, const unsigned char *m, 13 | unsigned long long mlen, 14 | const unsigned char *n, uint64_t ic, 15 | const unsigned char *k); 16 | int (*stream_ietf_ext_xor_ic)(unsigned char *c, const unsigned char *m, 17 | unsigned long long mlen, 18 | const unsigned char *n, uint32_t ic, 19 | const unsigned char *k); 20 | } crypto_stream_chacha20_implementation; 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /sodium/sodium_stream_salsa20.c: -------------------------------------------------------------------------------- 1 | #include "sodium_crypto_stream_salsa20.h" 2 | #include "sodium_private_common.h" 3 | #include "sodium_private_implementations.h" 4 | #include "sodium_randombytes.h" 5 | #include "sodium_runtime.h" 6 | #include "sodium_stream_salsa20.h" 7 | #include 8 | 9 | #ifdef HAVE_AMD64_ASM 10 | # include "sodium_salsa20-xmm6.h" 11 | #else 12 | # include "sodium_salsa20-ref.h" 13 | #endif 14 | #if !defined(HAVE_AMD64_ASM) && defined(HAVE_EMMINTRIN_H) 15 | # include "sodium_xmm6int_salsa20-sse2.h" 16 | #endif 17 | #if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_EMMINTRIN_H) && \ 18 | defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H) 19 | # include "sodium_xmm6int_salsa20-avx2.h" 20 | #endif 21 | 22 | #if HAVE_AMD64_ASM 23 | static const crypto_stream_salsa20_implementation *implementation = 24 | &crypto_stream_salsa20_xmm6_implementation; 25 | #else 26 | static const crypto_stream_salsa20_implementation *implementation = 27 | &crypto_stream_salsa20_ref_implementation; 28 | #endif 29 | 30 | size_t 31 | crypto_stream_salsa20_keybytes(void) 32 | { 33 | return crypto_stream_salsa20_KEYBYTES; 34 | } 35 | 36 | size_t 37 | crypto_stream_salsa20_noncebytes(void) 38 | { 39 | return crypto_stream_salsa20_NONCEBYTES; 40 | } 41 | 42 | size_t 43 | crypto_stream_salsa20_messagebytes_max(void) 44 | { 45 | return crypto_stream_salsa20_MESSAGEBYTES_MAX; 46 | } 47 | 48 | int 49 | crypto_stream_salsa20(unsigned char *c, unsigned long long clen, 50 | const unsigned char *n, const unsigned char *k) 51 | { 52 | return implementation->stream(c, clen, n, k); 53 | } 54 | 55 | int 56 | crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m, 57 | unsigned long long mlen, 58 | const unsigned char *n, uint64_t ic, 59 | const unsigned char *k) 60 | { 61 | return implementation->stream_xor_ic(c, m, mlen, n, ic, k); 62 | } 63 | 64 | int 65 | crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m, 66 | unsigned long long mlen, const unsigned char *n, 67 | const unsigned char *k) 68 | { 69 | return implementation->stream_xor_ic(c, m, mlen, n, 0U, k); 70 | } 71 | 72 | void 73 | crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES]) 74 | { 75 | randombytes_buf(k, crypto_stream_salsa20_KEYBYTES); 76 | } 77 | 78 | int 79 | _crypto_stream_salsa20_pick_best_implementation(void) 80 | { 81 | #if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_EMMINTRIN_H) && \ 82 | defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H) 83 | if (sodium_runtime_has_avx2()) { 84 | #if NETCODE_CRYPTO_LOGS 85 | printf( "salsa20 -> avx2\n" ); 86 | #endif // #if NETCODE_CRYPTO_LOGS 87 | implementation = &crypto_stream_salsa20_xmm6int_avx2_implementation; 88 | return 0; 89 | } 90 | #endif 91 | #if !defined(HAVE_AMD64_ASM) && defined(HAVE_EMMINTRIN_H) 92 | if (sodium_runtime_has_sse2()) { 93 | #if NETCODE_CRYPTO_LOGS 94 | printf( "salsa20 -> sse2\n" ); 95 | #endif // #if NETCODE_CRYPTO_LOGS 96 | implementation = &crypto_stream_salsa20_xmm6int_sse2_implementation; 97 | return 0; 98 | } 99 | #endif 100 | 101 | #ifdef HAVE_AMD64_ASM 102 | #if NETCODE_CRYPTO_LOGS 103 | printf( "salsa20 -> xmm6\n" ); 104 | #endif // #if NETCODE_CRYPTO_LOGS 105 | implementation = &crypto_stream_salsa20_xmm6_implementation; 106 | #else 107 | #if NETCODE_CRYPTO_LOGS 108 | printf( "salsa20 -> ref\n" ); 109 | #endif // #if NETCODE_CRYPTO_LOGS 110 | implementation = &crypto_stream_salsa20_ref_implementation; 111 | #endif 112 | 113 | return 0; /* LCOV_EXCL_LINE */ 114 | } 115 | -------------------------------------------------------------------------------- /sodium/sodium_stream_salsa20.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef stream_salsa20_H 3 | #define stream_salsa20_H 4 | 5 | #include 6 | 7 | typedef struct crypto_stream_salsa20_implementation { 8 | int (*stream)(unsigned char *c, unsigned long long clen, 9 | const unsigned char *n, const unsigned char *k); 10 | int (*stream_xor_ic)(unsigned char *c, const unsigned char *m, 11 | unsigned long long mlen, 12 | const unsigned char *n, uint64_t ic, 13 | const unsigned char *k); 14 | } crypto_stream_salsa20_implementation; 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /sodium/sodium_stream_xchacha20.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_crypto_core_hchacha20.h" 5 | #include "sodium_crypto_stream_chacha20.h" 6 | #include "sodium_crypto_stream_xchacha20.h" 7 | #include "sodium_private_common.h" 8 | #include "sodium_randombytes.h" 9 | 10 | size_t 11 | crypto_stream_xchacha20_keybytes(void) 12 | { 13 | return crypto_stream_xchacha20_KEYBYTES; 14 | } 15 | 16 | size_t 17 | crypto_stream_xchacha20_noncebytes(void) 18 | { 19 | return crypto_stream_xchacha20_NONCEBYTES; 20 | } 21 | 22 | size_t 23 | crypto_stream_xchacha20_messagebytes_max(void) 24 | { 25 | return crypto_stream_xchacha20_MESSAGEBYTES_MAX; 26 | } 27 | 28 | int 29 | crypto_stream_xchacha20(unsigned char *c, unsigned long long clen, 30 | const unsigned char *n, const unsigned char *k) 31 | { 32 | unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES]; 33 | 34 | crypto_core_hchacha20(k2, n, k, NULL); 35 | COMPILER_ASSERT(crypto_stream_chacha20_KEYBYTES <= sizeof k2); 36 | COMPILER_ASSERT(crypto_stream_chacha20_NONCEBYTES == 37 | crypto_stream_xchacha20_NONCEBYTES - 38 | crypto_core_hchacha20_INPUTBYTES); 39 | 40 | return crypto_stream_chacha20(c, clen, n + crypto_core_hchacha20_INPUTBYTES, 41 | k2); 42 | } 43 | 44 | int 45 | crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m, 46 | unsigned long long mlen, const unsigned char *n, 47 | uint64_t ic, const unsigned char *k) 48 | { 49 | unsigned char k2[crypto_core_hchacha20_OUTPUTBYTES]; 50 | 51 | crypto_core_hchacha20(k2, n, k, NULL); 52 | return crypto_stream_chacha20_xor_ic( 53 | c, m, mlen, n + crypto_core_hchacha20_INPUTBYTES, ic, k2); 54 | } 55 | 56 | int 57 | crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m, 58 | unsigned long long mlen, const unsigned char *n, 59 | const unsigned char *k) 60 | { 61 | return crypto_stream_xchacha20_xor_ic(c, m, mlen, n, 0U, k); 62 | } 63 | 64 | void 65 | crypto_stream_xchacha20_keygen( 66 | unsigned char k[crypto_stream_xchacha20_KEYBYTES]) 67 | { 68 | randombytes_buf(k, crypto_stream_xchacha20_KEYBYTES); 69 | } 70 | -------------------------------------------------------------------------------- /sodium/sodium_stream_xsalsa20.c: -------------------------------------------------------------------------------- 1 | #include "sodium_crypto_core_hsalsa20.h" 2 | #include "sodium_crypto_stream_salsa20.h" 3 | #include "sodium_crypto_stream_xsalsa20.h" 4 | #include "sodium_randombytes.h" 5 | #include "sodium_utils.h" 6 | 7 | int 8 | crypto_stream_xsalsa20(unsigned char *c, unsigned long long clen, 9 | const unsigned char *n, const unsigned char *k) 10 | { 11 | unsigned char subkey[32]; 12 | int ret; 13 | 14 | crypto_core_hsalsa20(subkey, n, k, NULL); 15 | ret = crypto_stream_salsa20(c, clen, n + 16, subkey); 16 | sodium_memzero(subkey, sizeof subkey); 17 | 18 | return ret; 19 | } 20 | 21 | int 22 | crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m, 23 | unsigned long long mlen, const unsigned char *n, 24 | uint64_t ic, const unsigned char *k) 25 | { 26 | unsigned char subkey[32]; 27 | int ret; 28 | 29 | crypto_core_hsalsa20(subkey, n, k, NULL); 30 | ret = crypto_stream_salsa20_xor_ic(c, m, mlen, n + 16, ic, subkey); 31 | sodium_memzero(subkey, sizeof subkey); 32 | 33 | return ret; 34 | } 35 | 36 | int 37 | crypto_stream_xsalsa20_xor(unsigned char *c, const unsigned char *m, 38 | unsigned long long mlen, const unsigned char *n, 39 | const unsigned char *k) 40 | { 41 | return crypto_stream_xsalsa20_xor_ic(c, m, mlen, n, 0ULL, k); 42 | } 43 | 44 | size_t 45 | crypto_stream_xsalsa20_keybytes(void) 46 | { 47 | return crypto_stream_xsalsa20_KEYBYTES; 48 | } 49 | 50 | size_t 51 | crypto_stream_xsalsa20_noncebytes(void) 52 | { 53 | return crypto_stream_xsalsa20_NONCEBYTES; 54 | } 55 | 56 | size_t 57 | crypto_stream_xsalsa20_messagebytes_max(void) 58 | { 59 | return crypto_stream_xsalsa20_MESSAGEBYTES_MAX; 60 | } 61 | 62 | void 63 | crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES]) 64 | { 65 | randombytes_buf(k, crypto_stream_xsalsa20_KEYBYTES); 66 | } 67 | -------------------------------------------------------------------------------- /sodium/sodium_verify.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | 5 | #include "sodium_crypto_verify_16.h" 6 | #include "sodium_crypto_verify_32.h" 7 | #include "sodium_crypto_verify_64.h" 8 | 9 | size_t 10 | crypto_verify_16_bytes(void) 11 | { 12 | return crypto_verify_16_BYTES; 13 | } 14 | 15 | size_t 16 | crypto_verify_32_bytes(void) 17 | { 18 | return crypto_verify_32_BYTES; 19 | } 20 | 21 | size_t 22 | crypto_verify_64_bytes(void) 23 | { 24 | return crypto_verify_64_BYTES; 25 | } 26 | 27 | #if defined(HAVE_EMMINTRIN_H) && defined(__SSE2__) 28 | 29 | # ifdef __GNUC__ 30 | # pragma GCC target("sse2") 31 | # endif 32 | # include 33 | 34 | static inline int 35 | crypto_verify_n(const unsigned char *x_, const unsigned char *y_, 36 | const int n) 37 | { 38 | const __m128i zero = _mm_setzero_si128(); 39 | volatile __m128i v1, v2, z; 40 | volatile int m; 41 | int i; 42 | 43 | const volatile __m128i *volatile x = 44 | (const volatile __m128i *volatile) (const void *) x_; 45 | const volatile __m128i *volatile y = 46 | (const volatile __m128i *volatile) (const void *) y_; 47 | v1 = _mm_loadu_si128((const __m128i *) &x[0]); 48 | v2 = _mm_loadu_si128((const __m128i *) &y[0]); 49 | z = _mm_xor_si128(v1, v2); 50 | for (i = 1; i < n / 16; i++) { 51 | v1 = _mm_loadu_si128((const __m128i *) &x[i]); 52 | v2 = _mm_loadu_si128((const __m128i *) &y[i]); 53 | z = _mm_or_si128(z, _mm_xor_si128(v1, v2)); 54 | } 55 | m = _mm_movemask_epi8(_mm_cmpeq_epi32(z, zero)); 56 | v1 = zero; v2 = zero; z = zero; 57 | 58 | return (int) (((uint32_t) m + 1U) >> 16) - 1; 59 | } 60 | 61 | #else 62 | 63 | static inline int 64 | crypto_verify_n(const unsigned char *x_, const unsigned char *y_, 65 | const int n) 66 | { 67 | const volatile unsigned char * x = 68 | (const volatile unsigned char *) x_; 69 | const volatile unsigned char * y = 70 | (const volatile unsigned char *) y_; 71 | volatile uint_fast16_t d = 0U; 72 | int i; 73 | 74 | for (i = 0; i < n; i++) { 75 | d |= x[i] ^ y[i]; 76 | } 77 | return (1 & ((d - 1) >> 8)) - 1; 78 | } 79 | 80 | #endif 81 | 82 | int 83 | crypto_verify_16(const unsigned char *x, const unsigned char *y) 84 | { 85 | return crypto_verify_n(x, y, crypto_verify_16_BYTES); 86 | } 87 | 88 | int 89 | crypto_verify_32(const unsigned char *x, const unsigned char *y) 90 | { 91 | return crypto_verify_n(x, y, crypto_verify_32_BYTES); 92 | } 93 | 94 | int 95 | crypto_verify_64(const unsigned char *x, const unsigned char *y) 96 | { 97 | return crypto_verify_n(x, y, crypto_verify_64_BYTES); 98 | } 99 | -------------------------------------------------------------------------------- /sodium/sodium_version.c: -------------------------------------------------------------------------------- 1 | 2 | #include "sodium_version.h" 3 | 4 | const char * 5 | sodium_version_string(void) 6 | { 7 | return SODIUM_VERSION_STRING; 8 | } 9 | 10 | int 11 | sodium_library_version_major(void) 12 | { 13 | return SODIUM_LIBRARY_VERSION_MAJOR; 14 | } 15 | 16 | int 17 | sodium_library_version_minor(void) 18 | { 19 | return SODIUM_LIBRARY_VERSION_MINOR; 20 | } 21 | 22 | int 23 | sodium_library_minimal(void) 24 | { 25 | #ifdef SODIUM_LIBRARY_MINIMAL 26 | return 1; 27 | #else 28 | return 0; 29 | #endif 30 | } 31 | -------------------------------------------------------------------------------- /sodium/sodium_version.h: -------------------------------------------------------------------------------- 1 | #ifndef sodium_version_H 2 | #define sodium_version_H 3 | 4 | #include "sodium_export.h" 5 | 6 | #define SODIUM_VERSION_STRING "1.0.17" 7 | 8 | #define SODIUM_LIBRARY_VERSION_MAJOR 10 9 | #define SODIUM_LIBRARY_VERSION_MINOR 2 10 | 11 | #ifdef __cplusplus 12 | extern "C" { 13 | #endif 14 | 15 | const char *sodium_version_string(void); 16 | 17 | int sodium_library_version_major(void); 18 | 19 | int sodium_library_version_minor(void); 20 | 21 | int sodium_library_minimal(void); 22 | 23 | #ifdef __cplusplus 24 | } 25 | #endif 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /sodium/sodium_xmm6int_salsa20-avx2.h: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_stream_salsa20.h" 5 | #include "sodium_crypto_stream_salsa20.h" 6 | 7 | extern struct crypto_stream_salsa20_implementation 8 | crypto_stream_salsa20_xmm6int_avx2_implementation; 9 | -------------------------------------------------------------------------------- /sodium/sodium_xmm6int_salsa20-sse2.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | 6 | #include "sodium_crypto_stream_salsa20.h" 7 | #include "sodium_private_common.h" 8 | #include "sodium_private_sse2_64_32.h" 9 | #include "sodium_utils.h" 10 | 11 | #ifdef HAVE_EMMINTRIN_H 12 | 13 | # ifdef __GNUC__ 14 | # pragma GCC target("sse2") 15 | # endif 16 | # include 17 | 18 | # include "sodium_stream_salsa20.h" 19 | # include "sodium_xmm6int_salsa20-sse2.h" 20 | 21 | # define ROUNDS 20 22 | 23 | typedef struct salsa_ctx { 24 | uint32_t input[16]; 25 | } salsa_ctx; 26 | 27 | static const int TR[16] = { 28 | 0, 5, 10, 15, 12, 1, 6, 11, 8, 13, 2, 7, 4, 9, 14, 3 29 | }; 30 | 31 | static void 32 | salsa_keysetup(salsa_ctx *ctx, const uint8_t *k) 33 | { 34 | ctx->input[TR[1]] = LOAD32_LE(k + 0); 35 | ctx->input[TR[2]] = LOAD32_LE(k + 4); 36 | ctx->input[TR[3]] = LOAD32_LE(k + 8); 37 | ctx->input[TR[4]] = LOAD32_LE(k + 12); 38 | ctx->input[TR[11]] = LOAD32_LE(k + 16); 39 | ctx->input[TR[12]] = LOAD32_LE(k + 20); 40 | ctx->input[TR[13]] = LOAD32_LE(k + 24); 41 | ctx->input[TR[14]] = LOAD32_LE(k + 28); 42 | ctx->input[TR[0]] = 0x61707865; 43 | ctx->input[TR[5]] = 0x3320646e; 44 | ctx->input[TR[10]] = 0x79622d32; 45 | ctx->input[TR[15]] = 0x6b206574; 46 | } 47 | 48 | static void 49 | salsa_ivsetup(salsa_ctx *ctx, const uint8_t *iv, const uint8_t *counter) 50 | { 51 | ctx->input[TR[6]] = LOAD32_LE(iv + 0); 52 | ctx->input[TR[7]] = LOAD32_LE(iv + 4); 53 | ctx->input[TR[8]] = counter == NULL ? 0 : LOAD32_LE(counter + 0); 54 | ctx->input[TR[9]] = counter == NULL ? 0 : LOAD32_LE(counter + 4); 55 | } 56 | 57 | static void 58 | salsa20_encrypt_bytes(salsa_ctx *ctx, const uint8_t *m, uint8_t *c, 59 | unsigned long long bytes) 60 | { 61 | uint32_t * const x = &ctx->input[0]; 62 | 63 | if (!bytes) { 64 | return; /* LCOV_EXCL_LINE */ 65 | } 66 | 67 | #include "sodium_xmm6int_u4.h" 68 | #include "sodium_xmm6int_u1.h" 69 | #include "sodium_xmm6int_u0.h" 70 | } 71 | 72 | static int 73 | stream_sse2(unsigned char *c, unsigned long long clen, const unsigned char *n, 74 | const unsigned char *k) 75 | { 76 | struct salsa_ctx ctx; 77 | 78 | if (!clen) { 79 | return 0; 80 | } 81 | COMPILER_ASSERT(crypto_stream_salsa20_KEYBYTES == 256 / 8); 82 | salsa_keysetup(&ctx, k); 83 | salsa_ivsetup(&ctx, n, NULL); 84 | memset(c, 0, clen); 85 | salsa20_encrypt_bytes(&ctx, c, c, clen); 86 | sodium_memzero(&ctx, sizeof ctx); 87 | 88 | return 0; 89 | } 90 | 91 | static int 92 | stream_sse2_xor_ic(unsigned char *c, const unsigned char *m, 93 | unsigned long long mlen, const unsigned char *n, uint64_t ic, 94 | const unsigned char *k) 95 | { 96 | struct salsa_ctx ctx; 97 | uint8_t ic_bytes[8]; 98 | uint32_t ic_high; 99 | uint32_t ic_low; 100 | 101 | if (!mlen) { 102 | return 0; 103 | } 104 | ic_high = (uint32_t) (ic >> 32); 105 | ic_low = (uint32_t) (ic); 106 | STORE32_LE(&ic_bytes[0], ic_low); 107 | STORE32_LE(&ic_bytes[4], ic_high); 108 | salsa_keysetup(&ctx, k); 109 | salsa_ivsetup(&ctx, n, ic_bytes); 110 | salsa20_encrypt_bytes(&ctx, m, c, mlen); 111 | sodium_memzero(&ctx, sizeof ctx); 112 | 113 | return 0; 114 | } 115 | 116 | struct crypto_stream_salsa20_implementation 117 | crypto_stream_salsa20_xmm6int_sse2_implementation = { 118 | SODIUM_C99(.stream =) stream_sse2, 119 | SODIUM_C99(.stream_xor_ic =) stream_sse2_xor_ic 120 | }; 121 | 122 | #endif 123 | 124 | int salsa20_xmm6int_sse2_link_warning_dummy = 0; 125 | -------------------------------------------------------------------------------- /sodium/sodium_xmm6int_salsa20-sse2.h: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | 4 | #include "sodium_stream_salsa20.h" 5 | #include "sodium_crypto_stream_salsa20.h" 6 | 7 | extern struct crypto_stream_salsa20_implementation 8 | crypto_stream_salsa20_xmm6int_sse2_implementation; 9 | -------------------------------------------------------------------------------- /source/yojimbo.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | Yojimbo Client/Server Network Library. 3 | 4 | Copyright © 2016 - 2024, Mas Bandwidth LLC. 5 | 6 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the distribution. 12 | 13 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived 14 | from this software without specific prior written permission. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 17 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 21 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 22 | USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | #include "yojimbo.h" 26 | #include "yojimbo_utils.h" 27 | 28 | #ifdef _MSC_VER 29 | #define SODIUM_STATIC 30 | #endif // #ifdef _MSC_VER 31 | 32 | #include 33 | 34 | static yojimbo::Allocator * g_defaultAllocator; 35 | 36 | namespace yojimbo 37 | { 38 | Allocator & GetDefaultAllocator() 39 | { 40 | yojimbo_assert( g_defaultAllocator ); 41 | return *g_defaultAllocator; 42 | } 43 | } 44 | 45 | extern "C" int netcode_init(); 46 | extern "C" int reliable_init(); 47 | 48 | extern "C" void netcode_term(); 49 | extern "C" void reliable_term(); 50 | 51 | extern "C" int netcode_enable_packet_tagging(); 52 | 53 | #define NETCODE_OK 1 54 | #define RELIABLE_OK 1 55 | 56 | bool InitializeYojimbo() 57 | { 58 | g_defaultAllocator = new yojimbo::DefaultAllocator(); 59 | 60 | if ( netcode_init() != NETCODE_OK ) 61 | return false; 62 | 63 | if ( reliable_init() != RELIABLE_OK ) 64 | return false; 65 | 66 | return sodium_init() != -1; 67 | } 68 | 69 | void EnablePacketTagging() 70 | { 71 | netcode_enable_packet_tagging(); 72 | } 73 | 74 | void ShutdownYojimbo() 75 | { 76 | reliable_term(); 77 | 78 | netcode_term(); 79 | 80 | yojimbo_assert( g_defaultAllocator ); 81 | delete g_defaultAllocator; 82 | g_defaultAllocator = NULL; 83 | } 84 | -------------------------------------------------------------------------------- /source/yojimbo_utils.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | Yojimbo Client/Server Network Library. 3 | 4 | Copyright © 2016 - 2024, Mas Bandwidth LLC. 5 | 6 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 7 | 8 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 9 | 10 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the distribution. 12 | 13 | 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived 14 | from this software without specific prior written permission. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, 17 | INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 18 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 19 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR 20 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 21 | WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE 22 | USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 23 | */ 24 | 25 | #include "yojimbo_config.h" 26 | 27 | #include 28 | 29 | extern "C" void netcode_random_bytes( uint8_t*, int ); 30 | 31 | void yojimbo_random_bytes( uint8_t * data, int bytes ) 32 | { 33 | netcode_random_bytes( data, bytes ); 34 | } 35 | 36 | void yojimbo_print_bytes( const char * label, const uint8_t * data, int data_bytes ) 37 | { 38 | printf( "%s: ", label ); 39 | for ( int i = 0; i < data_bytes; ++i ) 40 | { 41 | printf( "0x%02x,", (int) data[i] ); 42 | } 43 | printf( " (%d bytes)\n", data_bytes ); 44 | } 45 | --------------------------------------------------------------------------------