feat: Remove libsodium

Cargo.lock

@@ -17,12 +17,6 @@ version = "1.0.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
 
-[[package]]
-name = "adler32"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aae1277d39aeec15cb388266ecc24b11c80469deae6067e17a1a7aa9e5c1f234"
-
 [[package]]
 name = "aead"
 version = "0.5.2"
@@ -34,18 +28,6 @@ dependencies = [
  "heapless",
 ]
 
-[[package]]
-name = "ahash"
-version = "0.8.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91429305e9f0a25f6205c5b8e0d2db09e0708a7a6df0f42212bb56c32c8ac97a"
-dependencies = [
- "cfg-if",
- "once_cell",
- "version_check",
- "zerocopy",
-]
-
 [[package]]
 name = "aho-corasick"
 version = "1.1.2"
@@ -443,15 +425,6 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "acbf1af155f9b9ef647e42cdc158db4b64a1b61f743629225fde6f3e0be2a7c7"
 
-[[package]]
-name = "core2"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b49ba7ef1ad6107f8824dbe97de947cbaac53c44e7f9756a1fba0d37c1eec505"
-dependencies = [
- "memchr",
-]
-
 [[package]]
 name = "cpufeatures"
 version = "0.2.12"
@@ -461,15 +434,6 @@ dependencies = [
  "libc",
 ]
 
-[[package]]
-name = "crc32fast"
-version = "1.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b540bd8bc810d3885c6ea91e2018302f68baba2129ab3e88f32389ee9370880d"
-dependencies = [
- "cfg-if",
-]
-
 [[package]]
 name = "criterion"
 version = "0.4.0"
@@ -555,12 +519,6 @@ dependencies = [
  "typenum",
 ]
 
-[[package]]
-name = "dary_heap"
-version = "0.3.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7762d17f1241643615821a8455a0b2c3e803784b058693d990b11f2dce25a0ca"
-
 [[package]]
 name = "derive_arbitrary"
 version = "1.3.2"
@@ -624,37 +582,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "filetime"
-version = "0.2.22"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d4029edd3e734da6fe05b6cd7bd2960760a616bd2ddd0d59a0124746d6272af0"
-dependencies = [
- "cfg-if",
- "libc",
- "redox_syscall",
- "windows-sys 0.48.0",
-]
-
-[[package]]
-name = "flate2"
-version = "1.0.28"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "46303f565772937ffe1d394a4fac6f411c6013172fadde9dcdb1e147a086940e"
-dependencies = [
- "crc32fast",
- "miniz_oxide",
-]
-
-[[package]]
-name = "form_urlencoded"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456"
-dependencies = [
- "percent-encoding",
-]
-
 [[package]]
 name = "generic-array"
 version = "0.14.7"
@@ -709,15 +636,6 @@ version = "0.12.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
 
-[[package]]
-name = "hashbrown"
-version = "0.13.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43a3c133739dddd0d2990f9a4bdf8eb4b21ef50e4851ca85ab661199821d510e"
-dependencies = [
- "ahash",
-]
-
 [[package]]
 name = "hashbrown"
 version = "0.14.3"
@@ -773,16 +691,6 @@ version = "2.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
 
-[[package]]
-name = "idna"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6"
-dependencies = [
- "unicode-bidi",
- "unicode-normalization",
-]
-
 [[package]]
 name = "indexmap"
 version = "1.9.3"
@@ -874,30 +782,6 @@ version = "0.2.150"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "89d92a4743f9a61002fae18374ed11e7973f530cb3a3255fb354818118b2203c"
 
-[[package]]
-name = "libflate"
-version = "2.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9f7d5654ae1795afc7ff76f4365c2c8791b0feb18e8996a96adad8ffd7c3b2bf"
-dependencies = [
- "adler32",
- "core2",
- "crc32fast",
- "dary_heap",
- "libflate_lz77",
-]
-
-[[package]]
-name = "libflate_lz77"
-version = "2.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be5f52fb8c451576ec6b79d3f4deb327398bc05bbdbd99021a6e77a4c855d524"
-dependencies = [
- "core2",
- "hashbrown 0.13.2",
- "rle-decode-fast",
-]
-
 [[package]]
 name = "libfuzzer-sys"
 version = "0.4.7"
@@ -919,23 +803,6 @@ dependencies = [
  "winapi",
 ]
 
-[[package]]
-name = "libsodium-sys-stable"
-version = "1.20.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d1d164bc6f9139c5f95efb4f0be931b2bd5a9edf7e4e3c945d26b95ab8fa669b"
-dependencies = [
- "cc",
- "libc",
- "libflate",
- "minisign-verify",
- "pkg-config",
- "tar",
- "ureq",
- "vcpkg",
- "zip",
-]
-
 [[package]]
 name = "linux-raw-sys"
 version = "0.4.12"
@@ -990,12 +857,6 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
 
-[[package]]
-name = "minisign-verify"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "933dca44d65cdd53b355d0b73d380a2ff5da71f87f036053188bf1eab6a19881"
-
 [[package]]
 name = "miniz_oxide"
 version = "0.7.1"
@@ -1093,18 +954,6 @@ version = "0.1.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099"
 
-[[package]]
-name = "percent-encoding"
-version = "2.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e"
-
-[[package]]
-name = "pkg-config"
-version = "0.3.27"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"
-
 [[package]]
 name = "plotters"
 version = "0.3.5"
@@ -1237,15 +1086,6 @@ dependencies = [
  "crossbeam-utils",
 ]
 
-[[package]]
-name = "redox_syscall"
-version = "0.3.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "567664f262709473930a4bf9e51bf2ebf3348f2e748ccc50dea20646858f8f29"
-dependencies = [
- "bitflags 1.3.2",
-]
-
 [[package]]
 name = "regex"
 version = "1.10.2"
@@ -1275,26 +1115,6 @@ version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"
 
-[[package]]
-name = "ring"
-version = "0.17.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "684d5e6e18f669ccebf64a92236bb7db9a34f07be010e3627368182027180866"
-dependencies = [
- "cc",
- "getrandom",
- "libc",
- "spin",
- "untrusted",
- "windows-sys 0.48.0",
-]
-
-[[package]]
-name = "rle-decode-fast"
-version = "1.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3582f63211428f83597b51b2ddb88e2a91a9d52d12831f9d08f5e624e8977422"
-
 [[package]]
 name = "rosenpass"
 version = "0.2.1"
@@ -1303,7 +1123,6 @@ dependencies = [
  "clap 4.4.10",
  "criterion",
  "env_logger",
- "libsodium-sys-stable",
  "log",
  "memoffset",
  "mio",
@@ -1314,7 +1133,6 @@ dependencies = [
  "rosenpass-constant-time",
  "rosenpass-lenses",
  "rosenpass-secret-memory",
- "rosenpass-sodium",
  "rosenpass-to",
  "rosenpass-util",
  "serde",
@@ -1339,7 +1157,6 @@ dependencies = [
  "rosenpass-constant-time",
  "rosenpass-oqs",
  "rosenpass-secret-memory",
- "rosenpass-sodium",
  "rosenpass-to",
  "rosenpass-util",
  "static_assertions",
@@ -1350,6 +1167,7 @@ dependencies = [
 name = "rosenpass-constant-time"
 version = "0.1.0"
 dependencies = [
+ "memsec",
  "rosenpass-to",
 ]
 
@@ -1363,7 +1181,6 @@ dependencies = [
  "rosenpass-cipher-traits",
  "rosenpass-ciphers",
  "rosenpass-secret-memory",
- "rosenpass-sodium",
  "rosenpass-to",
  "stacker",
 ]
@@ -1393,28 +1210,14 @@ dependencies = [
  "allocator-api2",
  "allocator-api2-tests",
  "anyhow",
- "libsodium-sys-stable",
  "log",
  "memsec",
  "rand",
- "rosenpass-sodium",
  "rosenpass-to",
  "rosenpass-util",
  "zeroize",
 ]
 
-[[package]]
-name = "rosenpass-sodium"
-version = "0.1.0"
-dependencies = [
- "allocator-api2",
- "anyhow",
- "libsodium-sys-stable",
- "log",
- "rosenpass-to",
- "rosenpass-util",
-]
-
 [[package]]
 name = "rosenpass-to"
 version = "0.1.0"
@@ -1466,28 +1269,6 @@ dependencies = [
  "windows-sys 0.52.0",
 ]
 
-[[package]]
-name = "rustls"
-version = "0.21.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "629648aced5775d558af50b2b4c7b02983a04b312126d45eeead26e7caa498b9"
-dependencies = [
- "log",
- "ring",
- "rustls-webpki",
- "sct",
-]
-
-[[package]]
-name = "rustls-webpki"
-version = "0.101.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "ryu"
 version = "1.0.15"
@@ -1509,16 +1290,6 @@ version = "1.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
 
-[[package]]
-name = "sct"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414"
-dependencies = [
- "ring",
- "untrusted",
-]
-
 [[package]]
 name = "semver"
 version = "1.0.21"
@@ -1628,17 +1399,6 @@ dependencies = [
  "unicode-ident",
 ]
 
-[[package]]
-name = "tar"
-version = "0.4.40"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b16afcea1f22891c49a00c751c7b63b2233284064f11a200fc624137c51e2ddb"
-dependencies = [
- "filetime",
- "libc",
- "xattr",
-]
-
 [[package]]
 name = "termcolor"
 version = "1.4.0"
@@ -1690,21 +1450,6 @@ dependencies = [
  "serde_json",
 ]
 
-[[package]]
-name = "tinyvec"
-version = "1.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50"
-dependencies = [
- "tinyvec_macros",
-]
-
-[[package]]
-name = "tinyvec_macros"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
-
 [[package]]
 name = "toml"
 version = "0.7.8"
@@ -1745,27 +1490,12 @@ version = "1.17.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
 
-[[package]]
-name = "unicode-bidi"
-version = "0.3.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92888ba5573ff080736b3648696b70cafad7d250551175acbaa4e0385b3e1460"
-
 [[package]]
 name = "unicode-ident"
 version = "1.0.12"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b"
 
-[[package]]
-name = "unicode-normalization"
-version = "0.1.22"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921"
-dependencies = [
- "tinyvec",
-]
-
 [[package]]
 name = "universal-hash"
 version = "0.5.1"
@@ -1776,50 +1506,12 @@ dependencies = [
  "subtle",
 ]
 
-[[package]]
-name = "untrusted"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
-
-[[package]]
-name = "ureq"
-version = "2.9.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8cdd25c339e200129fe4de81451814e5228c9b771d57378817d6117cc2b3f97"
-dependencies = [
- "base64",
- "log",
- "once_cell",
- "rustls",
- "rustls-webpki",
- "url",
- "webpki-roots",
-]
-
-[[package]]
-name = "url"
-version = "2.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633"
-dependencies = [
- "form_urlencoded",
- "idna",
- "percent-encoding",
-]
-
 [[package]]
 name = "utf8parse"
 version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "711b9620af191e0cdc7468a8d14e709c3dcdb115b36f838e601583af800a370a"
 
-[[package]]
-name = "vcpkg"
-version = "0.2.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
-
 [[package]]
 name = "version_check"
 version = "0.9.4"
@@ -1906,12 +1598,6 @@ dependencies = [
  "wasm-bindgen",
 ]
 
-[[package]]
-name = "webpki-roots"
-version = "0.25.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1778a42e8b3b90bff8d0f5032bf22250792889a5cdc752aa0020c84abe3aaf10"
-
 [[package]]
 name = "which"
 version = "4.4.2"
@@ -2162,49 +1848,8 @@ dependencies = [
  "memchr",
 ]
 
-[[package]]
-name = "xattr"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f4686009f71ff3e5c4dbcf1a282d0a44db3f021ba69350cd42086b3e5f1c6985"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "zerocopy"
-version = "0.7.25"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8cd369a67c0edfef15010f980c3cbe45d7f651deac2cd67ce097cd801de16557"
-dependencies = [
- "zerocopy-derive",
-]
-
-[[package]]
-name = "zerocopy-derive"
-version = "0.7.25"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c2f140bda219a26ccc0cdb03dba58af72590c53b22642577d88a927bc5c87d6b"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
 [[package]]
 name = "zeroize"
 version = "1.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d"
-
-[[package]]
-name = "zip"
-version = "0.6.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "760394e246e4c28189f19d488c058bf16f564016aefac5d32bb1f3b51d5e9261"
-dependencies = [
- "byteorder",
- "crc32fast",
- "crossbeam-utils",
- "flate2",
-]

Cargo.toml

@@ -7,7 +7,6 @@ members = [
     "ciphers",
     "util",
     "constant-time",
-    "sodium",
     "oqs",
     "to",
     "fuzz",
@@ -27,7 +26,6 @@ tag-prefix = ""
 rosenpass = { path = "rosenpass" }
 rosenpass-util = { path = "util" }
 rosenpass-constant-time = { path = "constant-time" }
-rosenpass-sodium = { path = "sodium" }
 rosenpass-cipher-traits = { path = "cipher-traits" }
 rosenpass-ciphers = { path = "ciphers" }
 rosenpass-to = { path = "to" }
@@ -58,7 +56,6 @@ serde = { version = "1.0.193", features = ["derive"] }
 arbitrary = { version = "1.3.2", features = ["derive"] }
 anyhow = { version = "1.0.75", features = ["backtrace", "std"] }
 mio = { version = "0.8.9", features = ["net", "os-poll"] }
-libsodium-sys-stable= { version = "1.20.4", features = ["use-pkg-config"] }
 oqs-sys = { version = "0.8", default-features = false, features = ['classic_mceliece', 'kyber']  }
 blake2 = "0.10.6"
 chacha20poly1305 = { version = "0.10.1", default-features = false, features = [ "std", "heapless" ] }

ciphers/Cargo.toml

@@ -11,7 +11,6 @@ readme = "readme.md"
 
 [dependencies]
 anyhow = { workspace = true }
-rosenpass-sodium = { workspace = true }
 rosenpass-to = { workspace = true }
 rosenpass-constant-time = { workspace = true }
 rosenpass-secret-memory = { workspace = true }

constant-time/Cargo.toml

@@ -13,3 +13,4 @@ readme = "readme.md"
 
 [dependencies]
 rosenpass-to = { workspace = true }
+memsec = { workspace = true }

constant-time/src/lib.rs

@@ -26,3 +26,60 @@ pub fn xor(src: &[u8]) -> impl To<[u8], ()> + '_ {
         }
     })
 }
+
+#[inline]
+pub fn memcmp(a: &[u8], b: &[u8]) -> bool {
+    a.len() == b.len()
+        && unsafe {
+            memsec::memeq(
+                a.as_ptr() as *const u8,
+                b.as_ptr() as *const u8,
+                a.len(),
+            )
+        }
+}
+
+#[inline]
+pub fn compare(a: &[u8], b: &[u8]) -> i32 {
+    assert!(a.len() == b.len());
+    unsafe { memsec::memcmp(a.as_ptr(), b.as_ptr(), a.len()) }
+}
+
+/// Interpret the given slice as a little-endian unsigned integer
+/// and increment that integer.
+///
+/// # Examples
+///
+/// ```
+/// use rosenpass_constant_time::increment as inc;
+/// use rosenpass_to::To;
+///
+/// fn testcase(v: &[u8], correct: &[u8]) {
+///   let mut v = v.to_owned();
+///   inc(&mut v);
+///   assert_eq!(&v, correct);
+/// }
+///
+/// testcase(b"", b"");
+/// testcase(b"\x00", b"\x01");
+/// testcase(b"\x01", b"\x02");
+/// testcase(b"\xfe", b"\xff");
+/// testcase(b"\xff", b"\x00");
+/// testcase(b"\x00\x00", b"\x01\x00");
+/// testcase(b"\x01\x00", b"\x02\x00");
+/// testcase(b"\xfe\x00", b"\xff\x00");
+/// testcase(b"\xff\x00", b"\x00\x01");
+/// testcase(b"\x00\x00\x00\x00\x00\x00", b"\x01\x00\x00\x00\x00\x00");
+/// testcase(b"\x00\xa3\x00\x77\x00\x00", b"\x01\xa3\x00\x77\x00\x00");
+/// testcase(b"\xff\xa3\x00\x77\x00\x00", b"\x00\xa4\x00\x77\x00\x00");
+/// testcase(b"\xff\xff\xff\x77\x00\x00", b"\x00\x00\x00\x78\x00\x00");
+/// ```
+#[inline]
+pub fn increment(v: &mut [u8]) {
+    let mut carry = 1u8;
+    for val in v.iter_mut() {
+        let (v, c) = black_box(*val).overflowing_add(black_box(carry));
+        *black_box(val) = v;
+        *black_box(&mut carry) = black_box(black_box(c) as u8);
+    }
+}

fuzz/Cargo.toml

@@ -12,7 +12,6 @@ arbitrary = { workspace = true }
 libfuzzer-sys = { workspace = true }
 stacker = { workspace = true }
 rosenpass-secret-memory = { workspace = true }
-rosenpass-sodium = { workspace = true }
 rosenpass-ciphers = { workspace = true }
 rosenpass-cipher-traits = { workspace = true }
 rosenpass-to = { workspace = true }

fuzz/fuzz_targets/aead_enc_into.rs

@@ -5,7 +5,6 @@ extern crate rosenpass;
 use libfuzzer_sys::fuzz_target;
 
 use rosenpass_ciphers::aead;
-use rosenpass_sodium::init as sodium_init;
 
 #[derive(arbitrary::Arbitrary, Debug)]
 pub struct Input {
@@ -16,8 +15,6 @@ pub struct Input {
 }
 
 fuzz_target!(|input: Input| {
-    sodium_init().unwrap();
-
     let mut ciphertext: Vec<u8> = Vec::with_capacity(input.plaintext.len() + 16);
     ciphertext.resize(input.plaintext.len() + 16, 0);
 

fuzz/fuzz_targets/blake2b.rs

@@ -4,7 +4,7 @@ extern crate rosenpass;
 
 use libfuzzer_sys::fuzz_target;
 
-use rosenpass_sodium::{hash::blake2b, init as sodium_init};
+use rosenpass_ciphers::subtle::blake2b;
 use rosenpass_to::To;
 
 #[derive(arbitrary::Arbitrary, Debug)]
@@ -14,8 +14,6 @@ pub struct Blake2b {
 }
 
 fuzz_target!(|input: Blake2b| {
-    sodium_init().unwrap();
-
     let mut out = [0u8; 32];
 
     blake2b::hash(&input.key, &input.data).to(&mut out).unwrap();

fuzz/fuzz_targets/handle_msg.rs

@@ -5,11 +5,8 @@ use libfuzzer_sys::fuzz_target;
 
 use rosenpass::protocol::CryptoServer;
 use rosenpass_secret_memory::Secret;
-use rosenpass_sodium::init as sodium_init;
 
 fuzz_target!(|rx_buf: &[u8]| {
-    sodium_init().unwrap();
-
     let sk = Secret::from_slice(&[0; 13568]);
     let pk = Secret::from_slice(&[0; 524160]);
 

rosenpass/Cargo.toml

@@ -16,7 +16,6 @@ harness = false
 [dependencies]
 rosenpass-util = { workspace = true }
 rosenpass-constant-time = { workspace = true }
-rosenpass-sodium = { workspace = true }
 rosenpass-ciphers = { workspace = true }
 rosenpass-cipher-traits = { workspace = true }
 rosenpass-to = { workspace = true }
@@ -25,7 +24,6 @@ rosenpass-lenses = { workspace = true }
 anyhow = { workspace = true }
 static_assertions = { workspace = true }
 memoffset = { workspace = true }
-libsodium-sys-stable = { workspace = true }
 thiserror = { workspace = true }
 paste = { workspace = true }
 log = { workspace = true }

rosenpass/benches/handshake.rs

@@ -56,7 +56,6 @@ fn make_server_pair() -> Result<(CryptoServer, CryptoServer)> {
 }
 
 fn criterion_benchmark(c: &mut Criterion) {
-    rosenpass_sodium::init().unwrap();
     let (mut a, mut b) = make_server_pair().unwrap();
     c.bench_function("cca_secret_alloc", |bench| {
         bench.iter(|| {

rosenpass/src/main.rs

@@ -1,19 +1,13 @@
 use log::error;
-use rosenpass::cli::Cli;
-use rosenpass_util::attempt;
 use std::process::exit;
+use rosenpass::cli::Cli;
 
 /// Catches errors, prints them through the logger, then exits
 pub fn main() {
     // default to displaying warning and error log messages only
     env_logger::Builder::from_env(env_logger::Env::default().default_filter_or("warn")).init();
 
-    let res = attempt!({
-        rosenpass_sodium::init()?;
-        Cli::run()
-    });
-
-    match res {
+    match Cli::run() {
         Ok(_) => {}
         Err(e) => {
             error!("{e}");

rosenpass/src/protocol.rs

@@ -26,9 +26,6 @@
 //! };
 //! # fn main() -> anyhow::Result<()> {
 //!
-//! // always initialize libsodium before anything
-//! rosenpass_sodium::init()?;
-//!
 //! // initialize secret and public key for peer a ...
 //! let (mut peer_a_sk, mut peer_a_pk) = (SSk::zero(), SPk::zero());
 //! StaticKem::keygen(peer_a_sk.secret_mut(), peer_a_pk.secret_mut())?;
@@ -68,8 +65,14 @@
 //! # }
 //! ```
 
-use crate::{hash_domains, msgs::*};
+use std::collections::hash_map::{
+    Entry::{Occupied, Vacant},
+    HashMap,
+};
+use std::convert::Infallible;
+
 use anyhow::{bail, ensure, Context, Result};
+
 use rosenpass_cipher_traits::Kem;
 use rosenpass_ciphers::hash_domain::{SecretHashDomain, SecretHashDomainNamespace};
 use rosenpass_ciphers::kem::{EphemeralKem, StaticKem};
@@ -77,11 +80,9 @@ use rosenpass_ciphers::{aead, xaead, KEY_LEN};
 use rosenpass_lenses::LenseView;
 use rosenpass_secret_memory::{Public, Secret};
 use rosenpass_util::{cat, mem::cpy_min, ord::max_usize, time::Timebase};
-use std::collections::hash_map::{
-    Entry::{Occupied, Vacant},
-    HashMap,
-};
-use std::convert::Infallible;
+use rosenpass_constant_time as constant_time;
+
+use crate::{hash_domains, msgs::*};
 
 // CONSTANTS & SETTINGS //////////////////////////
 
@@ -1193,7 +1194,7 @@ where
         let expected = hash_domains::mac()?
             .mix(srv.spkm.secret())?
             .mix(self.until_mac())?;
-        Ok(rosenpass_sodium::helpers::memcmp(
+        Ok(constant_time::memcmp(
             self.mac(),
             &expected.into_value()[..16],
         ))
@@ -1300,7 +1301,7 @@ impl HandshakeState {
             .into_value();
 
         // consume biscuit no
-        rosenpass_sodium::helpers::increment(&mut *srv.biscuit_ctr);
+        constant_time::increment(&mut *srv.biscuit_ctr);
 
         // The first bit of the nonce indicates which biscuit key was used
         // TODO: This is premature optimization. Remove!
@@ -1363,7 +1364,7 @@ impl HandshakeState {
         // indicates retransmission
         // TODO: Handle retransmissions without involving the crypto code
         ensure!(
-            rosenpass_sodium::helpers::compare(biscuit.biscuit_no(), &*peer.get(srv).biscuit_used)
+            constant_time::compare(biscuit.biscuit_no(), &*peer.get(srv).biscuit_used)
                 >= 0,
             "Rejecting biscuit: Outdated biscuit number"
         );
@@ -1641,7 +1642,7 @@ impl CryptoServer {
         core.decrypt_and_mix(&mut [0u8; 0], ic.auth())?;
 
         // ICR5
-        if rosenpass_sodium::helpers::compare(&*biscuit_no, &*peer.get(self).biscuit_used) > 0 {
+        if constant_time::compare(&*biscuit_no, &*peer.get(self).biscuit_used) > 0 {
             // ICR6
             peer.get_mut(self).biscuit_used = biscuit_no;
 
@@ -1757,8 +1758,6 @@ mod test {
     /// Through all this, the handshake should still successfully terminate;
     /// i.e. an exchanged key must be produced in both servers.
     fn handles_incorrect_size_messages() {
-        rosenpass_sodium::init().unwrap();
-
         stacker::grow(8 * 1024 * 1024, || {
             const OVERSIZED_MESSAGE: usize = ((MAX_MESSAGE_LEN as f32) * 1.2) as usize;
             type MsgBufPlus = Public<OVERSIZED_MESSAGE>;

secret-memory/Cargo.toml

@@ -12,9 +12,7 @@ readme = "readme.md"
 [dependencies]
 anyhow = { workspace = true }
 rosenpass-to = { workspace = true }
-rosenpass-sodium = { workspace = true }
 rosenpass-util = { workspace = true }
-libsodium-sys-stable = { workspace = true }
 zeroize = { workspace = true }
 rand = { workspace = true }
 memsec = { workspace = true }

sodium/Cargo.toml

@@ -1,18 +0,0 @@
-[package]
-name = "rosenpass-sodium"
-authors = ["Karolin Varner <karo@cupdev.net>", "wucke13 <wucke13@gmail.com>"]
-version = "0.1.0"
-edition = "2021"
-license = "MIT OR Apache-2.0"
-description = "Rosenpass internal bindings to libsodium"
-homepage = "https://rosenpass.eu/"
-repository = "https://github.com/rosenpass/rosenpass"
-readme = "readme.md"
-
-[dependencies]
-rosenpass-util = { workspace = true }
-rosenpass-to = { workspace = true }
-anyhow = { workspace = true }
-libsodium-sys-stable = { workspace = true }
-log = { workspace = true }
-allocator-api2 = { workspace = true }

sodium/readme.md

@@ -1,5 +0,0 @@
-# Rosenpass internal libsodium bindings
-
-Rosenpass internal library providing bindings to libsodium.
-
-This is an internal library; not guarantee is made about its API at this point in time.

sodium/src/aead/chacha20poly1305_ietf.rs

@@ -1,63 +0,0 @@
-use libsodium_sys as libsodium;
-use std::ffi::c_ulonglong;
-use std::ptr::{null, null_mut};
-
-pub const KEY_LEN: usize = libsodium::crypto_aead_chacha20poly1305_IETF_KEYBYTES as usize;
-pub const TAG_LEN: usize = libsodium::crypto_aead_chacha20poly1305_IETF_ABYTES as usize;
-pub const NONCE_LEN: usize = libsodium::crypto_aead_chacha20poly1305_IETF_NPUBBYTES as usize;
-
-#[inline]
-pub fn encrypt(
-    ciphertext: &mut [u8],
-    key: &[u8],
-    nonce: &[u8],
-    ad: &[u8],
-    plaintext: &[u8],
-) -> anyhow::Result<()> {
-    assert!(ciphertext.len() == plaintext.len() + TAG_LEN);
-    assert!(key.len() == KEY_LEN);
-    assert!(nonce.len() == NONCE_LEN);
-    let mut clen: u64 = 0;
-    sodium_call!(
-        crypto_aead_chacha20poly1305_ietf_encrypt,
-        ciphertext.as_mut_ptr(),
-        &mut clen,
-        plaintext.as_ptr(),
-        plaintext.len() as c_ulonglong,
-        ad.as_ptr(),
-        ad.len() as c_ulonglong,
-        null(), // nsec is not used
-        nonce.as_ptr(),
-        key.as_ptr()
-    )?;
-    assert!(clen as usize == ciphertext.len());
-    Ok(())
-}
-
-#[inline]
-pub fn decrypt(
-    plaintext: &mut [u8],
-    key: &[u8],
-    nonce: &[u8],
-    ad: &[u8],
-    ciphertext: &[u8],
-) -> anyhow::Result<()> {
-    assert!(ciphertext.len() == plaintext.len() + TAG_LEN);
-    assert!(key.len() == KEY_LEN);
-    assert!(nonce.len() == NONCE_LEN);
-    let mut mlen: u64 = 0;
-    sodium_call!(
-        crypto_aead_chacha20poly1305_ietf_decrypt,
-        plaintext.as_mut_ptr(),
-        &mut mlen as *mut c_ulonglong,
-        null_mut(), // nsec is not used
-        ciphertext.as_ptr(),
-        ciphertext.len() as c_ulonglong,
-        ad.as_ptr(),
-        ad.len() as c_ulonglong,
-        nonce.as_ptr(),
-        key.as_ptr()
-    )?;
-    assert!(mlen as usize == plaintext.len());
-    Ok(())
-}

sodium/src/aead/mod.rs

@@ -1,2 +0,0 @@
-pub mod chacha20poly1305_ietf;
-pub mod xchacha20poly1305_ietf;

sodium/src/aead/xchacha20poly1305_ietf.rs

@@ -1,63 +0,0 @@
-use libsodium_sys as libsodium;
-use std::ffi::c_ulonglong;
-use std::ptr::{null, null_mut};
-
-pub const KEY_LEN: usize = libsodium::crypto_aead_xchacha20poly1305_IETF_KEYBYTES as usize;
-pub const TAG_LEN: usize = libsodium::crypto_aead_xchacha20poly1305_ietf_ABYTES as usize;
-pub const NONCE_LEN: usize = libsodium::crypto_aead_xchacha20poly1305_IETF_NPUBBYTES as usize;
-
-#[inline]
-pub fn encrypt(
-    ciphertext: &mut [u8],
-    key: &[u8],
-    nonce: &[u8],
-    ad: &[u8],
-    plaintext: &[u8],
-) -> anyhow::Result<()> {
-    assert!(ciphertext.len() == plaintext.len() + NONCE_LEN + TAG_LEN);
-    assert!(key.len() == libsodium::crypto_aead_xchacha20poly1305_IETF_KEYBYTES as usize);
-    let (n, ct) = ciphertext.split_at_mut(NONCE_LEN);
-    n.copy_from_slice(nonce);
-    let mut clen: u64 = 0;
-    sodium_call!(
-        crypto_aead_xchacha20poly1305_ietf_encrypt,
-        ct.as_mut_ptr(),
-        &mut clen,
-        plaintext.as_ptr(),
-        plaintext.len() as c_ulonglong,
-        ad.as_ptr(),
-        ad.len() as c_ulonglong,
-        null(), // nsec is not used
-        nonce.as_ptr(),
-        key.as_ptr()
-    )?;
-    assert!(clen as usize == ct.len());
-    Ok(())
-}
-
-#[inline]
-pub fn decrypt(
-    plaintext: &mut [u8],
-    key: &[u8],
-    ad: &[u8],
-    ciphertext: &[u8],
-) -> anyhow::Result<()> {
-    assert!(ciphertext.len() == plaintext.len() + NONCE_LEN + TAG_LEN);
-    assert!(key.len() == KEY_LEN);
-    let (n, ct) = ciphertext.split_at(NONCE_LEN);
-    let mut mlen: u64 = 0;
-    sodium_call!(
-        crypto_aead_xchacha20poly1305_ietf_decrypt,
-        plaintext.as_mut_ptr(),
-        &mut mlen as *mut c_ulonglong,
-        null_mut(), // nsec is not used
-        ct.as_ptr(),
-        ct.len() as c_ulonglong,
-        ad.as_ptr(),
-        ad.len() as c_ulonglong,
-        n.as_ptr(),
-        key.as_ptr()
-    )?;
-    assert!(mlen as usize == plaintext.len());
-    Ok(())
-}

sodium/src/hash/blake2b.rs

@@ -1,31 +0,0 @@
-use libsodium_sys as libsodium;
-use rosenpass_to::{with_destination, To};
-use std::ffi::c_ulonglong;
-use std::ptr::null;
-
-pub const KEY_MIN: usize = libsodium::crypto_generichash_blake2b_KEYBYTES_MIN as usize;
-pub const KEY_MAX: usize = libsodium::crypto_generichash_blake2b_KEYBYTES_MAX as usize;
-pub const OUT_MIN: usize = libsodium::crypto_generichash_blake2b_BYTES_MIN as usize;
-pub const OUT_MAX: usize = libsodium::crypto_generichash_blake2b_BYTES_MAX as usize;
-
-#[inline]
-pub fn hash<'a>(key: &'a [u8], data: &'a [u8]) -> impl To<[u8], anyhow::Result<()>> + 'a {
-    with_destination(|out: &mut [u8]| {
-        assert!(key.is_empty() || (KEY_MIN <= key.len() && key.len() <= KEY_MAX));
-        assert!(OUT_MIN <= out.len() && out.len() <= OUT_MAX);
-        let kptr = match key.len() {
-            // NULL key
-            0 => null(),
-            _ => key.as_ptr(),
-        };
-        sodium_call!(
-            crypto_generichash_blake2b,
-            out.as_mut_ptr(),
-            out.len(),
-            data.as_ptr(),
-            data.len() as c_ulonglong,
-            kptr,
-            key.len()
-        )
-    })
-}

sodium/src/hash/mod.rs

@@ -1 +0,0 @@
-pub mod blake2b;

sodium/src/helpers.rs

@@ -1,28 +0,0 @@
-use libsodium_sys as libsodium;
-use std::os::raw::c_void;
-
-#[inline]
-pub fn memcmp(a: &[u8], b: &[u8]) -> bool {
-    a.len() == b.len()
-        && unsafe {
-            let r = libsodium::sodium_memcmp(
-                a.as_ptr() as *const c_void,
-                b.as_ptr() as *const c_void,
-                a.len(),
-            );
-            r == 0
-        }
-}
-
-#[inline]
-pub fn compare(a: &[u8], b: &[u8]) -> i32 {
-    assert!(a.len() == b.len());
-    unsafe { libsodium::sodium_compare(a.as_ptr(), b.as_ptr(), a.len()) }
-}
-
-#[inline]
-pub fn increment(v: &mut [u8]) {
-    unsafe {
-        libsodium::sodium_increment(v.as_mut_ptr(), v.len());
-    }
-}

sodium/src/lib.rs

@@ -1,20 +0,0 @@
-use libsodium_sys as libsodium;
-
-macro_rules! sodium_call {
-    ($name:ident, $($args:expr),*) => { ::rosenpass_util::attempt!({
-        anyhow::ensure!(unsafe{libsodium::$name($($args),*)} > -1,
-            "Error in libsodium's {}.", stringify!($name));
-        Ok(())
-    })};
-    ($name:ident) => { sodium_call!($name, ) };
-}
-
-#[inline]
-pub fn init() -> anyhow::Result<()> {
-    log::trace!("initializing libsodium");
-    sodium_call!(sodium_init)
-}
-
-pub mod aead;
-pub mod hash;
-pub mod helpers;