.github/workflows/main.yml

@@ -0,0 +1,19 @@
+name: Swift
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+
+    runs-on: macos-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Build
+      run: swift build
+    - name: Run tests
+      run: swift test --enable-code-coverage

.gitignore

@@ -3,3 +3,4 @@
 /Packages
 /*.xcodeproj
 xcuserdata/
+.swiftpm

Package.swift

@@ -1,10 +1,11 @@
-// swift-tools-version:5.1
+// swift-tools-version:5.3
 // The swift-tools-version declares the minimum version of Swift required to build this package.
 
 import PackageDescription
 
 let package = Package(
     name: "KeePass",
+    platforms: [.iOS(.v13), .macOS(.v10_15)],
 
     products: [
         // The `Binary` manipulate bytes with ease.
@@ -30,6 +31,10 @@ let package = Package(
             dependencies: [ "Binary",
                             "KDB",
                             "KDBX"]),
+        .testTarget(
+            name: "KeePassTests",
+            dependencies: ["KeePass"],
+            resources: [ .process("Fixtures") ]),
 
         .target(
             name: "KDB",
@@ -46,6 +51,9 @@ let package = Package(
         .target(
             name: "Binary",
             dependencies: []),
+        .testTarget(
+            name: "BinaryTests",
+            dependencies: ["Binary"]),
 
         .target(
             name: "Crypto",
@@ -53,20 +61,25 @@ let package = Package(
                             "Sodium", 
                             "Argon2", 
                             "Twofish"]),
+        .testTarget(
+            name: "CryptoTests",
+            dependencies: ["Crypto"]),
 
         .target(
             name: "Gzip",
-            dependencies: ["Binary"]),
+            dependencies: ["Binary"],
+            exclude: ["LICENSE"]),
 
         .target(
             name: "XML",
             dependencies: []),
 
-        // MARK: KeePass cryptographic libraries
+        // MARK: KeePass Cryptographic Libraries
 
         .target(
             name: "Sodium",
             dependencies: [],
+            exclude: ["LICENSE"],
             cSettings: [
                 .headerSearchPath("include/sodium"),
                 .define("CONFIGURED")
@@ -74,7 +87,8 @@ let package = Package(
 
         .target(
             name: "Argon2",
-            dependencies: []),
+            dependencies: [],
+            exclude: ["LICENSE"]),
 
         .target(
             name: "Twofish",

Sources/Argon2/argon2.c

@@ -23,7 +23,7 @@
 #include "encoding.h"
 #include "core.h"
 
-const char *argon2_type2string(argon2_type type, int uppercase) {
+const char *kp_argon2_type2string(argon2_type_t type, int uppercase) {
     switch (type) {
         case Argon2_d:
             return uppercase ? "Argon2d" : "argon2d";
@@ -36,7 +36,7 @@ const char *argon2_type2string(argon2_type type, int uppercase) {
     return NULL;
 }
 
-int argon2_ctx(argon2_context *context, argon2_type type) {
+int kp_argon2_ctx(argon2_context_t *context, argon2_type_t type) {
     /* 1. Validate all inputs */
     int result = validate_inputs(context);
     uint32_t memory_blocks, segment_length;
@@ -97,14 +97,14 @@ int argon2_ctx(argon2_context *context, argon2_type type) {
     return ARGON2_OK;
 }
 
-int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
+int kp_argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
                 const uint32_t parallelism, const void *pwd,
                 const size_t pwdlen, const void *salt, const size_t saltlen,
                 void *hash, const size_t hashlen, char *encoded,
-                const size_t encodedlen, argon2_type type,
+                const size_t encodedlen, argon2_type_t type,
                 const uint32_t version){
 
-    argon2_context context;
+    argon2_context_t context;
     int result;
     uint8_t *out;
 
@@ -148,7 +148,7 @@ int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
     context.flags = ARGON2_DEFAULT_FLAGS;
     context.version = version;
 
-    result = argon2_ctx(&context, type);
+    result = kp_argon2_ctx(&context, type);
 
     if (result != ARGON2_OK) {
         clear_internal_memory(out, hashlen);
@@ -176,67 +176,67 @@ int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
     return ARGON2_OK;
 }
 
-int argon2i_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
-                         const uint32_t parallelism, const void *pwd,
-                         const size_t pwdlen, const void *salt,
-                         const size_t saltlen, const size_t hashlen,
-                         char *encoded, const size_t encodedlen) {
+int kp_argon2i_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
+                            const uint32_t parallelism, const void *pwd,
+                            const size_t pwdlen, const void *salt,
+                            const size_t saltlen, const size_t hashlen,
+                            char *encoded, const size_t encodedlen) {
 
-    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
-                       NULL, hashlen, encoded, encodedlen, Argon2_i,
-                       ARGON2_VERSION_NUMBER);
+    return kp_argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                          NULL, hashlen, encoded, encodedlen, Argon2_i,
+                          ARGON2_VERSION_NUMBER);
 }
 
-int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
-                     const uint32_t parallelism, const void *pwd,
-                     const size_t pwdlen, const void *salt,
-                     const size_t saltlen, void *hash, const size_t hashlen) {
+int kp_argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                        const uint32_t parallelism, const void *pwd,
+                        const size_t pwdlen, const void *salt,
+                        const size_t saltlen, void *hash, const size_t hashlen) {
 
-    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
-                       hash, hashlen, NULL, 0, Argon2_i, ARGON2_VERSION_NUMBER);
+    return kp_argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                          hash, hashlen, NULL, 0, Argon2_i, ARGON2_VERSION_NUMBER);
 }
 
-int argon2d_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
-                         const uint32_t parallelism, const void *pwd,
-                         const size_t pwdlen, const void *salt,
-                         const size_t saltlen, const size_t hashlen,
-                         char *encoded, const size_t encodedlen) {
+int kp_argon2d_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
+                            const uint32_t parallelism, const void *pwd,
+                            const size_t pwdlen, const void *salt,
+                            const size_t saltlen, const size_t hashlen,
+                            char *encoded, const size_t encodedlen) {
 
-    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
-                       NULL, hashlen, encoded, encodedlen, Argon2_d,
-                       ARGON2_VERSION_NUMBER);
+    return kp_argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                          NULL, hashlen, encoded, encodedlen, Argon2_d,
+                          ARGON2_VERSION_NUMBER);
 }
 
-int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
-                     const uint32_t parallelism, const void *pwd,
-                     const size_t pwdlen, const void *salt,
-                     const size_t saltlen, void *hash, const size_t hashlen) {
+int kp_argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                        const uint32_t parallelism, const void *pwd,
+                        const size_t pwdlen, const void *salt,
+                        const size_t saltlen, void *hash, const size_t hashlen) {
 
-    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
-                       hash, hashlen, NULL, 0, Argon2_d, ARGON2_VERSION_NUMBER);
+    return kp_argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                          hash, hashlen, NULL, 0, Argon2_d, ARGON2_VERSION_NUMBER);
 }
 
-int argon2id_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
-                          const uint32_t parallelism, const void *pwd,
-                          const size_t pwdlen, const void *salt,
-                          const size_t saltlen, const size_t hashlen,
-                          char *encoded, const size_t encodedlen) {
+int kp_argon2id_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
+                             const uint32_t parallelism, const void *pwd,
+                             const size_t pwdlen, const void *salt,
+                             const size_t saltlen, const size_t hashlen,
+                             char *encoded, const size_t encodedlen) {
 
-    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
-                       NULL, hashlen, encoded, encodedlen, Argon2_id,
-                       ARGON2_VERSION_NUMBER);
+    return kp_argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                          NULL, hashlen, encoded, encodedlen, Argon2_id,
+                          ARGON2_VERSION_NUMBER);
 }
 
-int argon2id_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
-                      const uint32_t parallelism, const void *pwd,
-                      const size_t pwdlen, const void *salt,
-                      const size_t saltlen, void *hash, const size_t hashlen) {
-    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
-                       hash, hashlen, NULL, 0, Argon2_id,
-                       ARGON2_VERSION_NUMBER);
+int kp_argon2id_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                         const uint32_t parallelism, const void *pwd,
+                         const size_t pwdlen, const void *salt,
+                         const size_t saltlen, void *hash, const size_t hashlen) {
+    return kp_argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                          hash, hashlen, NULL, 0, Argon2_id,
+                          ARGON2_VERSION_NUMBER);
 }
 
-static int argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len) {
+static int kp_argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len) {
     size_t i;
     uint8_t d = 0U;
 
@@ -246,10 +246,10 @@ static int argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len) {
     return (int)((1 & ((d - 1) >> 8)) - 1);
 }
 
-int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
-                  argon2_type type) {
+int kp_argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
+                     argon2_type_t type) {
 
-    argon2_context ctx;
+    argon2_context_t ctx;
     uint8_t *desired_result = NULL;
 
     int ret = ARGON2_OK;
@@ -299,7 +299,7 @@ int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
         goto fail;
     }
 
-    ret = argon2_verify_ctx(&ctx, (char *)desired_result, type);
+    ret = kp_argon2_verify_ctx(&ctx, (char *)desired_result, type);
     if (ret != ARGON2_OK) {
         goto fail;
     }
@@ -312,57 +312,54 @@ fail:
     return ret;
 }
 
-int argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
-
-    return argon2_verify(encoded, pwd, pwdlen, Argon2_i);
+int kp_argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
+    return kp_argon2_verify(encoded, pwd, pwdlen, Argon2_i);
 }
 
-int argon2d_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
-
-    return argon2_verify(encoded, pwd, pwdlen, Argon2_d);
+int kp_argon2d_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
+    return kp_argon2_verify(encoded, pwd, pwdlen, Argon2_d);
 }
 
-int argon2id_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
-
-    return argon2_verify(encoded, pwd, pwdlen, Argon2_id);
+int kp_argon2id_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
+    return kp_argon2_verify(encoded, pwd, pwdlen, Argon2_id);
 }
 
-int argon2d_ctx(argon2_context *context) {
-    return argon2_ctx(context, Argon2_d);
+int kp_argon2d_ctx(argon2_context_t *context) {
+    return kp_argon2_ctx(context, Argon2_d);
 }
 
-int argon2i_ctx(argon2_context *context) {
-    return argon2_ctx(context, Argon2_i);
+int kp_argon2i_ctx(argon2_context_t *context) {
+    return kp_argon2_ctx(context, Argon2_i);
 }
 
-int argon2id_ctx(argon2_context *context) {
-    return argon2_ctx(context, Argon2_id);
+int kp_argon2id_ctx(argon2_context_t *context) {
+    return kp_argon2_ctx(context, Argon2_id);
 }
 
-int argon2_verify_ctx(argon2_context *context, const char *hash,
-                      argon2_type type) {
-    int ret = argon2_ctx(context, type);
+int kp_argon2_verify_ctx(argon2_context_t *context, const char *hash,
+                      argon2_type_t type) {
+    int ret = kp_argon2_ctx(context, type);
     if (ret != ARGON2_OK) {
         return ret;
     }
 
-    if (argon2_compare((uint8_t *)hash, context->out, context->outlen)) {
+    if (kp_argon2_compare((uint8_t *)hash, context->out, context->outlen)) {
         return ARGON2_VERIFY_MISMATCH;
     }
 
     return ARGON2_OK;
 }
 
-int argon2d_verify_ctx(argon2_context *context, const char *hash) {
-    return argon2_verify_ctx(context, hash, Argon2_d);
+int kp_argon2d_verify_ctx(argon2_context_t *context, const char *hash) {
+    return kp_argon2_verify_ctx(context, hash, Argon2_d);
 }
 
-int argon2i_verify_ctx(argon2_context *context, const char *hash) {
-    return argon2_verify_ctx(context, hash, Argon2_i);
+int kp_argon2i_verify_ctx(argon2_context_t *context, const char *hash) {
+    return kp_argon2_verify_ctx(context, hash, Argon2_i);
 }
 
-int argon2id_verify_ctx(argon2_context *context, const char *hash) {
-    return argon2_verify_ctx(context, hash, Argon2_id);
+int kp_argon2id_verify_ctx(argon2_context_t *context, const char *hash) {
+    return kp_argon2_verify_ctx(context, hash, Argon2_id);
 }
 
 const char *argon2_error_message(int error_code) {
@@ -445,8 +442,8 @@ const char *argon2_error_message(int error_code) {
 }
 
 size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, uint32_t parallelism,
-                         uint32_t saltlen, uint32_t hashlen, argon2_type type) {
-  return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) +
+                         uint32_t saltlen, uint32_t hashlen, argon2_type_t type) {
+  return strlen("$$v=$m=,t=,p=$$") + strlen(kp_argon2_type2string(type, 0)) +
          numlen(t_cost) + numlen(m_cost) + numlen(parallelism) +
          b64len(saltlen) + b64len(hashlen) + numlen(ARGON2_VERSION_NUMBER) + 1;
 }

Sources/Argon2/blake2b.c

@@ -70,7 +70,7 @@ static BLAKE2_INLINE void blake2b_init0(blake2b_state *S) {
     memcpy(S->h, blake2b_IV, sizeof(S->h));
 }
 
-int blake2b_init_param(blake2b_state *S, const blake2b_param *P) {
+int kp_blake2b_init_param(blake2b_state *S, const blake2b_param *P) {
     const unsigned char *p = (const unsigned char *)P;
     unsigned int i;
 
@@ -88,7 +88,7 @@ int blake2b_init_param(blake2b_state *S, const blake2b_param *P) {
 }
 
 /* Sequential blake2b initialization */
-int blake2b_init(blake2b_state *S, size_t outlen) {
+int kp_blake2b_init(blake2b_state *S, size_t outlen) {
     blake2b_param P;
 
     if (S == NULL) {
@@ -113,10 +113,10 @@ int blake2b_init(blake2b_state *S, size_t outlen) {
     memset(P.salt, 0, sizeof(P.salt));
     memset(P.personal, 0, sizeof(P.personal));
 
-    return blake2b_init_param(S, &P);
+    return kp_blake2b_init_param(S, &P);
 }
 
-int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key,
+int kp_blake2b_init_key(blake2b_state *S, size_t outlen, const void *key,
                      size_t keylen) {
     blake2b_param P;
 
@@ -147,7 +147,7 @@ int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key,
     memset(P.salt, 0, sizeof(P.salt));
     memset(P.personal, 0, sizeof(P.personal));
 
-    if (blake2b_init_param(S, &P) < 0) {
+    if (kp_blake2b_init_param(S, &P) < 0) {
         blake2b_invalidate_state(S);
         return -1;
     }
@@ -156,7 +156,7 @@ int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key,
         uint8_t block[BLAKE2B_BLOCKBYTES];
         memset(block, 0, BLAKE2B_BLOCKBYTES);
         memcpy(block, key, keylen);
-        blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
+        kp_blake2b_update(S, block, BLAKE2B_BLOCKBYTES);
         /* Burn the key from stack */
         clear_internal_memory(block, BLAKE2B_BLOCKBYTES);
     }
@@ -221,7 +221,7 @@ static void blake2b_compress(blake2b_state *S, const uint8_t *block) {
 #undef ROUND
 }
 
-int blake2b_update(blake2b_state *S, const void *in, size_t inlen) {
+int kp_blake2b_update(blake2b_state *S, const void *in, size_t inlen) {
     const uint8_t *pin = (const uint8_t *)in;
 
     if (inlen == 0) {
@@ -261,7 +261,7 @@ int blake2b_update(blake2b_state *S, const void *in, size_t inlen) {
     return 0;
 }
 
-int blake2b_final(blake2b_state *S, void *out, size_t outlen) {
+int kp_blake2b_final(blake2b_state *S, void *out, size_t outlen) {
     uint8_t buffer[BLAKE2B_OUTBYTES] = {0};
     unsigned int i;
 
@@ -291,7 +291,7 @@ int blake2b_final(blake2b_state *S, void *out, size_t outlen) {
     return 0;
 }
 
-int blake2b(void *out, size_t outlen, const void *in, size_t inlen,
+int kp_blake2b(void *out, size_t outlen, const void *in, size_t inlen,
             const void *key, size_t keylen) {
     blake2b_state S;
     int ret = -1;
@@ -310,19 +310,19 @@ int blake2b(void *out, size_t outlen, const void *in, size_t inlen,
     }
 
     if (keylen > 0) {
-        if (blake2b_init_key(&S, outlen, key, keylen) < 0) {
+        if (kp_blake2b_init_key(&S, outlen, key, keylen) < 0) {
             goto fail;
         }
     } else {
-        if (blake2b_init(&S, outlen) < 0) {
+        if (kp_blake2b_init(&S, outlen) < 0) {
             goto fail;
         }
     }
 
-    if (blake2b_update(&S, in, inlen) < 0) {
+    if (kp_blake2b_update(&S, in, inlen) < 0) {
         goto fail;
     }
-    ret = blake2b_final(&S, out, outlen);
+    ret = kp_blake2b_final(&S, out, outlen);
 
 fail:
     clear_internal_memory(&S, sizeof(S));
@@ -330,7 +330,7 @@ fail:
 }
 
 /* Argon2 Team - Begin Code */
-int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen) {
+int kp_blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen) {
     uint8_t *out = (uint8_t *)pout;
     blake2b_state blake_state;
     uint8_t outlen_bytes[sizeof(uint32_t)] = {0};
@@ -352,25 +352,25 @@ int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen) {
     } while ((void)0, 0)
 
     if (outlen <= BLAKE2B_OUTBYTES) {
-        TRY(blake2b_init(&blake_state, outlen));
-        TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));
-        TRY(blake2b_update(&blake_state, in, inlen));
-        TRY(blake2b_final(&blake_state, out, outlen));
+        TRY(kp_blake2b_init(&blake_state, outlen));
+        TRY(kp_blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));
+        TRY(kp_blake2b_update(&blake_state, in, inlen));
+        TRY(kp_blake2b_final(&blake_state, out, outlen));
     } else {
         uint32_t toproduce;
         uint8_t out_buffer[BLAKE2B_OUTBYTES];
         uint8_t in_buffer[BLAKE2B_OUTBYTES];
-        TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES));
-        TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));
-        TRY(blake2b_update(&blake_state, in, inlen));
-        TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES));
+        TRY(kp_blake2b_init(&blake_state, BLAKE2B_OUTBYTES));
+        TRY(kp_blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes)));
+        TRY(kp_blake2b_update(&blake_state, in, inlen));
+        TRY(kp_blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES));
         memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2);
         out += BLAKE2B_OUTBYTES / 2;
         toproduce = (uint32_t)outlen - BLAKE2B_OUTBYTES / 2;
 
         while (toproduce > BLAKE2B_OUTBYTES) {
             memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES);
-            TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer,
+            TRY(kp_blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer,
                         BLAKE2B_OUTBYTES, NULL, 0));
             memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2);
             out += BLAKE2B_OUTBYTES / 2;
@@ -378,7 +378,7 @@ int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen) {
         }
 
         memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES);
-        TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL,
+        TRY(kp_blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL,
                     0));
         memcpy(out, out_buffer, toproduce);
     }

Sources/Argon2/core.c

@@ -86,7 +86,7 @@ static void store_block(void *output, const block *src) {
 
 /***************Memory functions*****************/
 
-int allocate_memory(const argon2_context *context, uint8_t **memory,
+int allocate_memory(const argon2_context_t *context, uint8_t **memory,
                     size_t num, size_t size) {
     size_t memory_size = num*size;
     if (memory == NULL) {
@@ -112,7 +112,7 @@ int allocate_memory(const argon2_context *context, uint8_t **memory,
     return ARGON2_OK;
 }
 
-void free_memory(const argon2_context *context, uint8_t *memory,
+void free_memory(const argon2_context_t *context, uint8_t *memory,
                  size_t num, size_t size) {
     size_t memory_size = num*size;
     clear_internal_memory(memory, memory_size);
@@ -152,7 +152,7 @@ void clear_internal_memory(void *v, size_t n) {
   }
 }
 
-void finalize(const argon2_context *context, argon2_instance_t *instance) {
+void finalize(const argon2_context_t *context, argon2_instance_t *instance) {
     if (context != NULL && instance != NULL) {
         block blockhash;
         uint32_t l;
@@ -170,7 +170,7 @@ void finalize(const argon2_context *context, argon2_instance_t *instance) {
         {
             uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE];
             store_block(blockhash_bytes, &blockhash);
-            blake2b_long(context->out, context->outlen, blockhash_bytes,
+            kp_blake2b_long(context->out, context->outlen, blockhash_bytes,
                          ARGON2_BLOCK_SIZE);
             /* clear blockhash and blockhash_bytes */
             clear_internal_memory(blockhash.v, ARGON2_BLOCK_SIZE);
@@ -318,7 +318,7 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) {
 
                 /* 2.1 Join a thread if limit is exceeded */
                 if (l >= instance->threads) {
-                    if (argon2_thread_join(thread[l - instance->threads])) {
+                    if (kp_argon2_thread_join(thread[l - instance->threads])) {
                         rc = ARGON2_THREAD_FAIL;
                         goto fail;
                     }
@@ -333,11 +333,11 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) {
                     instance; /* preparing the thread input */
                 memcpy(&(thr_data[l].pos), &position,
                        sizeof(argon2_position_t));
-                if (argon2_thread_create(&thread[l], &fill_segment_thr,
+                if (kp_argon2_thread_create(&thread[l], &fill_segment_thr,
                                          (void *)&thr_data[l])) {
                     /* Wait for already running threads */
                     for (ll = 0; ll < l; ++ll)
-                        argon2_thread_join(thread[ll]);
+                        kp_argon2_thread_join(thread[ll]);
                     rc = ARGON2_THREAD_FAIL;
                     goto fail;
                 }
@@ -349,7 +349,7 @@ static int fill_memory_blocks_mt(argon2_instance_t *instance) {
             /* 3. Joining remaining threads */
             for (l = instance->lanes - instance->threads; l < instance->lanes;
                  ++l) {
-                if (argon2_thread_join(thread[l])) {
+                if (kp_argon2_thread_join(thread[l])) {
                     rc = ARGON2_THREAD_FAIL;
                     goto fail;
                 }
@@ -385,7 +385,7 @@ int fill_memory_blocks(argon2_instance_t *instance) {
 #endif
 }
 
-int validate_inputs(const argon2_context *context) {
+int validate_inputs(const argon2_context_t *context) {
     if (NULL == context) {
         return ARGON2_INCORRECT_PARAMETER;
     }
@@ -521,13 +521,13 @@ void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance) {
 
         store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 0);
         store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH + 4, l);
-        blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash,
+        kp_blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash,
                      ARGON2_PREHASH_SEED_LENGTH);
         load_block(&instance->memory[l * instance->lane_length + 0],
                    blockhash_bytes);
 
         store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 1);
-        blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash,
+        kp_blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash,
                      ARGON2_PREHASH_SEED_LENGTH);
         load_block(&instance->memory[l * instance->lane_length + 1],
                    blockhash_bytes);
@@ -535,8 +535,8 @@ void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance) {
     clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE);
 }
 
-void initial_hash(uint8_t *blockhash, argon2_context *context,
-                  argon2_type type) {
+void initial_hash(uint8_t *blockhash, argon2_context_t *context,
+                  argon2_type_t type) {
     blake2b_state BlakeHash;
     uint8_t value[sizeof(uint32_t)];
 
@@ -544,31 +544,31 @@ void initial_hash(uint8_t *blockhash, argon2_context *context,
         return;
     }
 
-    blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH);
+    kp_blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH);
 
     store32(&value, context->lanes);
-    blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+    kp_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
 
     store32(&value, context->outlen);
-    blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+    kp_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
 
     store32(&value, context->m_cost);
-    blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+    kp_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
 
     store32(&value, context->t_cost);
-    blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+    kp_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
 
     store32(&value, context->version);
-    blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+    kp_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
 
     store32(&value, (uint32_t)type);
-    blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+    kp_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
 
     store32(&value, context->pwdlen);
-    blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+    kp_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
 
     if (context->pwd != NULL) {
-        blake2b_update(&BlakeHash, (const uint8_t *)context->pwd,
+        kp_blake2b_update(&BlakeHash, (const uint8_t *)context->pwd,
                        context->pwdlen);
 
         if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) {
@@ -578,18 +578,18 @@ void initial_hash(uint8_t *blockhash, argon2_context *context,
     }
 
     store32(&value, context->saltlen);
-    blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+    kp_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
 
     if (context->salt != NULL) {
-        blake2b_update(&BlakeHash, (const uint8_t *)context->salt,
+        kp_blake2b_update(&BlakeHash, (const uint8_t *)context->salt,
                        context->saltlen);
     }
 
     store32(&value, context->secretlen);
-    blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+    kp_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
 
     if (context->secret != NULL) {
-        blake2b_update(&BlakeHash, (const uint8_t *)context->secret,
+        kp_blake2b_update(&BlakeHash, (const uint8_t *)context->secret,
                        context->secretlen);
 
         if (context->flags & ARGON2_FLAG_CLEAR_SECRET) {
@@ -599,17 +599,17 @@ void initial_hash(uint8_t *blockhash, argon2_context *context,
     }
 
     store32(&value, context->adlen);
-    blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
+    kp_blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value));
 
     if (context->ad != NULL) {
-        blake2b_update(&BlakeHash, (const uint8_t *)context->ad,
+        kp_blake2b_update(&BlakeHash, (const uint8_t *)context->ad,
                        context->adlen);
     }
 
-    blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH);
+    kp_blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH);
 }
 
-int initialize(argon2_instance_t *instance, argon2_context *context) {
+int initialize(argon2_instance_t *instance, argon2_context_t *context) {
     uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH];
     int result = ARGON2_OK;
 

Sources/Argon2/encoding.c

@@ -255,7 +255,7 @@ static const char *decode_decimal(const char *str, unsigned long *v) {
  * when it is fed into decode_string.
  */
 
-int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
+int decode_string(argon2_context_t *ctx, const char *str, argon2_type_t type) {
 
 /* check for prefix */
 #define CC(prefix)                                                             \
@@ -318,7 +318,7 @@ int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
     const char* type_string;
 
     /* We should start with the argon2_type we are using */
-    type_string = argon2_type2string(type, 0);
+    type_string = kp_argon2_type2string(type, 0);
     if (!type_string) {
         return ARGON2_INCORRECT_TYPE;
     }
@@ -370,8 +370,8 @@ int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
 #undef BIN
 }
 
-int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
-                  argon2_type type) {
+int encode_string(char *dst, size_t dst_len, argon2_context_t *ctx,
+                  argon2_type_t type) {
 #define SS(str)                                                                \
     do {                                                                       \
         size_t pp_len = strlen(str);                                           \
@@ -400,7 +400,7 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
         dst_len -= sb_len;                                                     \
     } while ((void)0, 0)
 
-    const char* type_string = argon2_type2string(type, 0);
+    const char* type_string = kp_argon2_type2string(type, 0);
     int validation_result = validate_inputs(ctx);
 
     if (!type_string) {

Sources/Argon2/include/argon2.h

@@ -97,7 +97,7 @@ extern "C" {
 extern int FLAG_clear_internal_memory;
 
 /* Error codes */
-typedef enum Argon2_ErrorCodes {
+typedef enum argon2_error_codes {
     ARGON2_OK = 0,
 
     ARGON2_OUTPUT_PTR_NULL = -1,
@@ -155,7 +155,7 @@ typedef enum Argon2_ErrorCodes {
     ARGON2_DECODING_LENGTH_FAIL = -34,
 
     ARGON2_VERIFY_MISMATCH = -35
-} argon2_error_codes;
+} argon2_error_codes_t;
 
 /* Memory allocator types --- for external allocation */
 typedef int (*allocate_fptr)(uint8_t **memory, size_t bytes_to_allocate);
@@ -188,7 +188,7 @@ typedef void (*deallocate_fptr)(uint8_t *memory, size_t bytes_to_allocate);
  * Then you initialize:
  Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false)
  */
-typedef struct Argon2_Context {
+typedef struct argon2_context {
     uint8_t *out;    /* output array */
     uint32_t outlen; /* digest length */
 
@@ -215,21 +215,21 @@ typedef struct Argon2_Context {
     deallocate_fptr free_cbk;   /* pointer to memory deallocator */
 
     uint32_t flags; /* array of bool options */
-} argon2_context;
+} argon2_context_t;
 
 /* Argon2 primitive type */
-typedef enum Argon2_type {
+typedef enum argon2_type {
   Argon2_d = 0,
   Argon2_i = 1,
   Argon2_id = 2
-} argon2_type;
+} argon2_type_t;
 
 /* Version of the algorithm */
-typedef enum Argon2_version {
+typedef enum argon2_version {
     ARGON2_VERSION_10 = 0x10,
     ARGON2_VERSION_13 = 0x13,
     ARGON2_VERSION_NUMBER = ARGON2_VERSION_13
-} argon2_version;
+} argon2_version_t;
 
 /*
  * Function that gives the string representation of an argon2_type.
@@ -237,14 +237,14 @@ typedef enum Argon2_version {
  * @param uppercase Whether the string should have the first letter uppercase
  * @return NULL if invalid type, otherwise the string representation.
  */
-ARGON2_PUBLIC const char *argon2_type2string(argon2_type type, int uppercase);
+ARGON2_PUBLIC const char *kp_argon2_type2string(argon2_type_t type, int uppercase);
 
 /*
  * Function that performs memory-hard hashing with certain degree of parallelism
  * @param  context  Pointer to the Argon2 internal structure
  * @return Error code if smth is wrong, ARGON2_OK otherwise
  */
-ARGON2_PUBLIC int argon2_ctx(argon2_context *context, argon2_type type);
+ARGON2_PUBLIC int kp_argon2_ctx(argon2_context_t *context, argon2_type_t type);
 
 /**
  * Hashes a password with Argon2i, producing an encoded hash
@@ -261,7 +261,7 @@ ARGON2_PUBLIC int argon2_ctx(argon2_context *context, argon2_type type);
  * @pre   Different parallelism levels will give different results
  * @pre   Returns ARGON2_OK if successful
  */
-ARGON2_PUBLIC int argon2i_hash_encoded(const uint32_t t_cost,
+ARGON2_PUBLIC int kp_argon2i_hash_encoded(const uint32_t t_cost,
                                        const uint32_t m_cost,
                                        const uint32_t parallelism,
                                        const void *pwd, const size_t pwdlen,
@@ -283,49 +283,49 @@ ARGON2_PUBLIC int argon2i_hash_encoded(const uint32_t t_cost,
  * @pre   Different parallelism levels will give different results
  * @pre   Returns ARGON2_OK if successful
  */
-ARGON2_PUBLIC int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
-                                   const uint32_t parallelism, const void *pwd,
-                                   const size_t pwdlen, const void *salt,
-                                   const size_t saltlen, void *hash,
-                                   const size_t hashlen);
-
-ARGON2_PUBLIC int argon2d_hash_encoded(const uint32_t t_cost,
+ARGON2_PUBLIC int kp_argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                                      const uint32_t parallelism, const void *pwd,
+                                      const size_t pwdlen, const void *salt,
+                                      const size_t saltlen, void *hash,
+                                      const size_t hashlen);
+
+ARGON2_PUBLIC int kp_argon2d_hash_encoded(const uint32_t t_cost,
+                                          const uint32_t m_cost,
+                                          const uint32_t parallelism,
+                                          const void *pwd, const size_t pwdlen,
+                                          const void *salt, const size_t saltlen,
+                                          const size_t hashlen, char *encoded,
+                                          const size_t encodedlen);
+
+ARGON2_PUBLIC int kp_argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                                      const uint32_t parallelism, const void *pwd,
+                                      const size_t pwdlen, const void *salt,
+                                      const size_t saltlen, void *hash,
+                                      const size_t hashlen);
+
+ARGON2_PUBLIC int kp_argon2id_hash_encoded(const uint32_t t_cost,
+                                           const uint32_t m_cost,
+                                           const uint32_t parallelism,
+                                           const void *pwd, const size_t pwdlen,
+                                           const void *salt, const size_t saltlen,
+                                           const size_t hashlen, char *encoded,
+                                           const size_t encodedlen);
+
+ARGON2_PUBLIC int kp_argon2id_hash_raw(const uint32_t t_cost,
                                        const uint32_t m_cost,
-                                       const uint32_t parallelism,
-                                       const void *pwd, const size_t pwdlen,
-                                       const void *salt, const size_t saltlen,
-                                       const size_t hashlen, char *encoded,
-                                       const size_t encodedlen);
-
-ARGON2_PUBLIC int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
-                                   const uint32_t parallelism, const void *pwd,
-                                   const size_t pwdlen, const void *salt,
-                                   const size_t saltlen, void *hash,
-                                   const size_t hashlen);
-
-ARGON2_PUBLIC int argon2id_hash_encoded(const uint32_t t_cost,
-                                        const uint32_t m_cost,
-                                        const uint32_t parallelism,
-                                        const void *pwd, const size_t pwdlen,
-                                        const void *salt, const size_t saltlen,
-                                        const size_t hashlen, char *encoded,
-                                        const size_t encodedlen);
-
-ARGON2_PUBLIC int argon2id_hash_raw(const uint32_t t_cost,
-                                    const uint32_t m_cost,
-                                    const uint32_t parallelism, const void *pwd,
-                                    const size_t pwdlen, const void *salt,
-                                    const size_t saltlen, void *hash,
-                                    const size_t hashlen);
+                                       const uint32_t parallelism, const void *pwd,
+                                       const size_t pwdlen, const void *salt,
+                                       const size_t saltlen, void *hash,
+                                       const size_t hashlen);
 
 /* generic function underlying the above ones */
-ARGON2_PUBLIC int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
-                              const uint32_t parallelism, const void *pwd,
-                              const size_t pwdlen, const void *salt,
-                              const size_t saltlen, void *hash,
-                              const size_t hashlen, char *encoded,
-                              const size_t encodedlen, argon2_type type,
-                              const uint32_t version);
+ARGON2_PUBLIC int kp_argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
+                                 const uint32_t parallelism, const void *pwd,
+                                 const size_t pwdlen, const void *salt,
+                                 const size_t saltlen, void *hash,
+                                 const size_t hashlen, char *encoded,
+                                 const size_t encodedlen, argon2_type_t type,
+                                 const uint32_t version);
 
 /**
  * Verifies a password against an encoded string
@@ -334,18 +334,18 @@ ARGON2_PUBLIC int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
  * @param pwd Pointer to password
  * @pre   Returns ARGON2_OK if successful
  */
-ARGON2_PUBLIC int argon2i_verify(const char *encoded, const void *pwd,
-                                 const size_t pwdlen);
+ARGON2_PUBLIC int kp_argon2i_verify(const char *encoded, const void *pwd,
+                                    const size_t pwdlen);
 
-ARGON2_PUBLIC int argon2d_verify(const char *encoded, const void *pwd,
-                                 const size_t pwdlen);
+ARGON2_PUBLIC int kp_argon2d_verify(const char *encoded, const void *pwd,
+                                    const size_t pwdlen);
 
-ARGON2_PUBLIC int argon2id_verify(const char *encoded, const void *pwd,
-                                  const size_t pwdlen);
+ARGON2_PUBLIC int kp_argon2id_verify(const char *encoded, const void *pwd,
+                                     const size_t pwdlen);
 
 /* generic function underlying the above ones */
-ARGON2_PUBLIC int argon2_verify(const char *encoded, const void *pwd,
-                                const size_t pwdlen, argon2_type type);
+ARGON2_PUBLIC int kp_argon2_verify(const char *encoded, const void *pwd,
+                                   const size_t pwdlen, argon2_type_t type);
 
 /**
  * Argon2d: Version of Argon2 that picks memory blocks depending
@@ -355,7 +355,7 @@ ARGON2_PUBLIC int argon2_verify(const char *encoded, const void *pwd,
  * @param  context  Pointer to current Argon2 context
  * @return  Zero if successful, a non zero error code otherwise
  */
-ARGON2_PUBLIC int argon2d_ctx(argon2_context *context);
+ARGON2_PUBLIC int kp_argon2d_ctx(argon2_context_t *context);
 
 /**
  * Argon2i: Version of Argon2 that picks memory blocks
@@ -365,7 +365,7 @@ ARGON2_PUBLIC int argon2d_ctx(argon2_context *context);
  * @param  context  Pointer to current Argon2 context
  * @return  Zero if successful, a non zero error code otherwise
  */
-ARGON2_PUBLIC int argon2i_ctx(argon2_context *context);
+ARGON2_PUBLIC int kp_argon2i_ctx(argon2_context_t *context);
 
 /**
  * Argon2id: Version of Argon2 where the first half-pass over memory is
@@ -376,7 +376,7 @@ ARGON2_PUBLIC int argon2i_ctx(argon2_context *context);
  * @param  context  Pointer to current Argon2 context
  * @return  Zero if successful, a non zero error code otherwise
  */
-ARGON2_PUBLIC int argon2id_ctx(argon2_context *context);
+ARGON2_PUBLIC int kp_argon2id_ctx(argon2_context_t *context);
 
 /**
  * Verify if a given password is correct for Argon2d hashing
@@ -385,7 +385,7 @@ ARGON2_PUBLIC int argon2id_ctx(argon2_context *context);
  * specified by the context outlen member
  * @return  Zero if successful, a non zero error code otherwise
  */
-ARGON2_PUBLIC int argon2d_verify_ctx(argon2_context *context, const char *hash);
+ARGON2_PUBLIC int kp_argon2d_verify_ctx(argon2_context_t *context, const char *hash);
 
 /**
  * Verify if a given password is correct for Argon2i hashing
@@ -394,7 +394,7 @@ ARGON2_PUBLIC int argon2d_verify_ctx(argon2_context *context, const char *hash);
  * specified by the context outlen member
  * @return  Zero if successful, a non zero error code otherwise
  */
-ARGON2_PUBLIC int argon2i_verify_ctx(argon2_context *context, const char *hash);
+ARGON2_PUBLIC int kp_argon2i_verify_ctx(argon2_context_t *context, const char *hash);
 
 /**
  * Verify if a given password is correct for Argon2id hashing
@@ -403,18 +403,18 @@ ARGON2_PUBLIC int argon2i_verify_ctx(argon2_context *context, const char *hash);
  * specified by the context outlen member
  * @return  Zero if successful, a non zero error code otherwise
  */
-ARGON2_PUBLIC int argon2id_verify_ctx(argon2_context *context,
+ARGON2_PUBLIC int kp_argon2id_verify_ctx(argon2_context_t *context,
                                       const char *hash);
 
 /* generic function underlying the above ones */
-ARGON2_PUBLIC int argon2_verify_ctx(argon2_context *context, const char *hash,
-                                    argon2_type type);
+ARGON2_PUBLIC int kp_argon2_verify_ctx(argon2_context_t *context, const char *hash,
+                                    argon2_type_t type);
 
 /**
  * Get the associated error message for given error code
  * @return  The error message associated with the given error code
  */
-ARGON2_PUBLIC const char *argon2_error_message(int error_code);
+ARGON2_PUBLIC const char *kp_argon2_error_message(int error_code);
 
 /**
  * Returns the encoded hash length for the given input parameters
@@ -426,9 +426,9 @@ ARGON2_PUBLIC const char *argon2_error_message(int error_code);
  * @param type The argon2_type that we want the encoded length for
  * @return  The encoded hash length in bytes
  */
-ARGON2_PUBLIC size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost,
-                                       uint32_t parallelism, uint32_t saltlen,
-                                       uint32_t hashlen, argon2_type type);
+ARGON2_PUBLIC size_t kp_argon2_encodedlen(uint32_t t_cost, uint32_t m_cost,
+                                          uint32_t parallelism, uint32_t saltlen,
+                                          uint32_t hashlen, argon2_type_t type);
 
 #if defined(__cplusplus)
 }

Sources/Argon2/include/blake2/blake2.h

@@ -67,19 +67,19 @@ enum {
 };
 
 /* Streaming API */
-ARGON2_LOCAL int blake2b_init(blake2b_state *S, size_t outlen);
-ARGON2_LOCAL int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key,
+ARGON2_LOCAL int kp_blake2b_init(blake2b_state *S, size_t outlen);
+ARGON2_LOCAL int kp_blake2b_init_key(blake2b_state *S, size_t outlen, const void *key,
                      size_t keylen);
-ARGON2_LOCAL int blake2b_init_param(blake2b_state *S, const blake2b_param *P);
-ARGON2_LOCAL int blake2b_update(blake2b_state *S, const void *in, size_t inlen);
-ARGON2_LOCAL int blake2b_final(blake2b_state *S, void *out, size_t outlen);
+ARGON2_LOCAL int kp_blake2b_init_param(blake2b_state *S, const blake2b_param *P);
+ARGON2_LOCAL int kp_blake2b_update(blake2b_state *S, const void *in, size_t inlen);
+ARGON2_LOCAL int kp_blake2b_final(blake2b_state *S, void *out, size_t outlen);
 
 /* Simple API */
-ARGON2_LOCAL int blake2b(void *out, size_t outlen, const void *in, size_t inlen,
+ARGON2_LOCAL int vblake2b(void *out, size_t outlen, const void *in, size_t inlen,
                          const void *key, size_t keylen);
 
 /* Argon2 Team - Begin Code */
-ARGON2_LOCAL int blake2b_long(void *out, size_t outlen, const void *in, size_t inlen);
+ARGON2_LOCAL int kp_blake2b_long(void *out, size_t outlen, const void *in, size_t inlen);
 /* Argon2 Team - End Code */
 
 #if defined(__cplusplus)

Sources/Argon2/include/core.h

@@ -77,9 +77,9 @@ typedef struct Argon2_instance_t {
     uint32_t lane_length;
     uint32_t lanes;
     uint32_t threads;
-    argon2_type type;
+    argon2_type_t type;
     int print_internals; /* whether to print the memory blocks */
-    argon2_context *context_ptr; /* points back to original context */
+    argon2_context_t *context_ptr; /* points back to original context */
 } argon2_instance_t;
 
 /*
@@ -109,7 +109,7 @@ typedef struct Argon2_thread_data {
  * @param num the number of elements to be allocated
  * @return ARGON2_OK if @memory is a valid pointer and memory is allocated
  */
-int allocate_memory(const argon2_context *context, uint8_t **memory,
+int allocate_memory(const argon2_context_t *context, uint8_t **memory,
                     size_t num, size_t size);
 
 /*
@@ -120,7 +120,7 @@ int allocate_memory(const argon2_context *context, uint8_t **memory,
  * @param size the size in bytes for each element to be deallocated
  * @param num the number of elements to be deallocated
  */
-void free_memory(const argon2_context *context, uint8_t *memory,
+void free_memory(const argon2_context_t *context, uint8_t *memory,
                  size_t num, size_t size);
 
 /* Function that securely cleans the memory. This ignores any flags set
@@ -158,7 +158,7 @@ uint32_t index_alpha(const argon2_instance_t *instance,
  * @return ARGON2_OK if everything is all right, otherwise one of error codes
  * (all defined in <argon2.h>
  */
-int validate_inputs(const argon2_context *context);
+int validate_inputs(const argon2_context_t *context);
 
 /*
  * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears
@@ -170,8 +170,8 @@ int validate_inputs(const argon2_context *context);
  * @pre    @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes
  * allocated
  */
-void initial_hash(uint8_t *blockhash, argon2_context *context,
-                  argon2_type type);
+void initial_hash(uint8_t *blockhash, argon2_context_t *context,
+                  argon2_type_t type);
 
 /*
  * Function creates first 2 blocks per lane
@@ -191,7 +191,7 @@ void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance);
  * @return Zero if successful, -1 if memory failed to allocate. @context->state
  * will be modified if successful.
  */
-int initialize(argon2_instance_t *instance, argon2_context *context);
+int initialize(argon2_instance_t *instance, argon2_context_t *context);
 
 /*
  * XORing the last block of each lane, hashing it, making the tag. Deallocates
@@ -204,7 +204,7 @@ int initialize(argon2_instance_t *instance, argon2_context *context);
  * @pre if context->free_cbk is not NULL, it should point to a function that
  * deallocates memory
  */
-void finalize(const argon2_context *context, argon2_instance_t *instance);
+void finalize(const argon2_context_t *context, argon2_instance_t *instance);
 
 /*
  * Function that fills the segment using previous segments also from other

Sources/Argon2/include/encoding.h

@@ -31,8 +31,8 @@
 *
 * on success, ARGON2_OK is returned.
 */
-int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
-                  argon2_type type);
+int encode_string(char *dst, size_t dst_len, argon2_context_t *ctx,
+                  argon2_type_t type);
 
 /*
 * Decodes an Argon2 hash string into the provided structure 'ctx'.
@@ -46,7 +46,7 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
 *
 * Returned value is ARGON2_OK on success, other ARGON2_ codes on error.
 */
-int decode_string(argon2_context *ctx, const char *str, argon2_type type);
+int decode_string(argon2_context_t *ctx, const char *str, argon2_type_t type);
 
 /* Returns the length of the encoded byte stream with length len */
 size_t b64len(uint32_t len);

Sources/Argon2/include/thread.h

@@ -49,14 +49,14 @@ typedef pthread_t argon2_thread_handle_t;
  * @return 0 if @handle and @func are valid pointers and a thread is successfully
  * created.
  */
-int argon2_thread_create(argon2_thread_handle_t *handle,
-                         argon2_thread_func_t func, void *args);
+int kp_argon2_thread_create(argon2_thread_handle_t *handle,
+                            argon2_thread_func_t func, void *args);
 
 /* Waits for a thread to terminate
  * @param handle Handle to a thread created with argon2_thread_create.
  * @return 0 if @handle is a valid handle, and joining completed successfully.
 */
-int argon2_thread_join(argon2_thread_handle_t handle);
+int kp_argon2_thread_join(argon2_thread_handle_t handle);
 
 /* Terminate the current thread. Must be run inside a thread created by
  * argon2_thread_create.

Sources/Argon2/thread.c

@@ -22,7 +22,7 @@
 #include <windows.h>
 #endif
 
-int argon2_thread_create(argon2_thread_handle_t *handle,
+int kp_argon2_thread_create(argon2_thread_handle_t *handle,
                          argon2_thread_func_t func, void *args) {
     if (NULL == handle || func == NULL) {
         return -1;
@@ -35,7 +35,7 @@ int argon2_thread_create(argon2_thread_handle_t *handle,
 #endif
 }
 
-int argon2_thread_join(argon2_thread_handle_t handle) {
+int kp_argon2_thread_join(argon2_thread_handle_t handle) {
 #if defined(_WIN32)
     if (WaitForSingleObject((HANDLE)handle, INFINITE) == WAIT_OBJECT_0) {
         return CloseHandle((HANDLE)handle) != 0 ? 0 : -1;

Sources/Binary/Input.swift

@@ -28,6 +28,8 @@ public class Input {
         bytes.suffix(from: offset)
     }
 
+    public var hasBytesAvailable: Bool { stream.hasBytesAvailable }
+
     private let stream: InputStream
 
     public init(bytes: Bytes) {

Sources/Binary/TLV.swift

@@ -31,6 +31,10 @@ public protocol TLVProtocol {
     var value: Value { get set }
 }
 
+public protocol Endable {
+    var isAtEnd: Bool { get }
+}
+
 public struct TLV<Type, Lenght>: TLVProtocol where Lenght: BinaryInteger {
 
     public let type: Type

Sources/Crypto/AES.swift

@@ -103,10 +103,10 @@ public final class AESKeyDerivation: KeyDerivation {
         let cryptor = UnsafeMutablePointer<CCCryptorRef?>.allocate(capacity: 1)
 
         var status = CCCryptorCreate(CCOperation(kCCEncrypt),
-                                     CCAlgorithm(kCCAlgorithmAES128),
+                                     CCAlgorithm(kCCAlgorithmAES),
                                      CCOptions(kCCOptionECBMode),
-                                     key.rawValue,
-                                     key.lenght,
+                                     seed.rawValue,
+                                     seed.lenght,
                                      nil,
                                      cryptor)
 

Sources/Crypto/Argon2.swift

@@ -39,15 +39,15 @@ public final class Argon2: KeyDerivation {
     public func derive(key: Bytes) throws -> Bytes {
 
         var out = Bytes(lenght: 32)
-        let result = argon2_hash(iterations,
-                                 memory,
-                                 parallelism,
-                                 key.rawValue, key.lenght,
-                                 salt.rawValue, salt.lenght,
-                                 &out.rawValue, out.lenght,
-                                 nil, 0,
-                                 Argon2_d,
-                                 version)
+        let result = kp_argon2_hash(iterations,
+                                    memory,
+                                    parallelism,
+                                    key.rawValue, key.lenght,
+                                    salt.rawValue, salt.lenght,
+                                    &out.rawValue, out.lenght,
+                                    nil, 0,
+                                    Argon2_d,
+                                    version)
 
         let code = argon2_error_codes(result)
 

Sources/Crypto/Hash.swift

@@ -90,8 +90,7 @@ public final class HMACSHA256 {
         return out
     }
 
-    public init(key: Bytes) throws {
-        guard key.lenght == crypto_auth_hmacsha256_KEYBYTES else { throw CryptoError.invalidKey }
+    public init(key: Bytes) {
         state = crypto_auth_hmacsha256_state()
         crypto_auth_hmacsha256_init(&state, key.rawValue, lenght(key))
     }
@@ -100,12 +99,10 @@ public final class HMACSHA256 {
         crypto_auth_hmacsha256_update(&state, bytes.rawValue, lenght(bytes));
     }
 
-    public static func authenticate(_ bytes: Bytes, key: Bytes) throws -> Bytes {
-        let hmac = try HMACSHA256(key: key)
+    public static func authenticate(_ bytes: Bytes, key: Bytes) -> Bytes {
+        let hmac = HMACSHA256(key: key)
         hmac.update(bytes)
         return hmac.final
     }
 
 }
-
-

Sources/KDB/Row.swift

@@ -21,7 +21,7 @@ import Binary
 
 public typealias Property<Type> = TLV<Type, UInt32>
 
-public protocol Row: class {
+public protocol Row: AnyObject {
 
     associatedtype `Type`: Streamable, Equatable
 

Sources/KDBX/Database3.swift

@@ -24,16 +24,16 @@ import XML
 
 class Database3: Database {
 
-    typealias Header = [TLV<OuterHeader, UInt16>]
-
-    let header: Header
+    let header: Header<OuterHeader, UInt16>
 
     let document: Document
 
     required init(from input: Input, compositeKey: CompositeKey) throws {
         header = try input.read()
 
-        guard let startBytes = header[.streamStartBytes] else { throw KDBXError.corruptedDatabase }
+        guard
+            let startBytes: Bytes = header[.streamStartBytes]
+        else { throw KDBXError.corruptedDatabase }
 
         let data = try input.read() as Bytes
 
@@ -47,20 +47,20 @@ class Database3: Database {
 
         guard try stream.read(lenght: SHA256.Lenght) == startBytes else { throw KDBXError.invalidCompositeKey }
 
-        var block: UInt32 = 0
+        var index: UInt32 = 0
         var content = Bytes()
 
         while true {
-            guard try stream.read() == block else { throw KDBXError.corruptedDatabase }
-            block += 1
+            guard try stream.read() == index else { throw KDBXError.corruptedDatabase }
+            index += 1
 
             let hash = try stream.read(lenght: SHA256.Lenght)
             let size: UInt32 = try stream.read()
             guard size > 0 else { break }
 
-            let data = try stream.read(lenght: Int(size))
-            guard SHA256.hash( data ) == hash else { throw KDBXError.corruptedDatabase }
-            content += data
+            let block = try stream.read(lenght: Int(size))
+            guard SHA256.hash( block ) == hash else { throw KDBXError.corruptedDatabase }
+            content += block
         }
 
         if header[.compressionFlags] == Compression.gzip {
@@ -82,27 +82,3 @@ extension Database3: Writable {
         fatalError()
     }
 }
-
-extension Database3.Header: Readable {
-    
-    public init(from input: Input) throws {
-        var header = Database3.Header()
-
-        while true {
-            let field: TLV<OuterHeader, UInt16> = try input.read()
-            header.append(field)
-            if field.type == .end { break }
-        }
-
-        self = header
-    }
-    
-}
-
-extension Database3.Header: Header {
-
-    subscript(_ type: OuterHeader) -> Bytes? {
-        return first(where: { $0.type == type })?.value
-    }
-
-}

Sources/KDBX/Database4.swift

@@ -23,71 +23,90 @@ import XML
 
 class Database4: Database {
 
-    struct Header {
-        let fields: [TLV<OuterHeader, UInt32>]
-        let data: Bytes
-    }
+    let outerHeader: Header<OuterHeader, UInt32>
 
-    let header: Header
+    let innerHeader: Header<InnerHeader, UInt32>
 
     let document: Document
 
     required init(from input: Input, compositeKey: CompositeKey) throws {
-        header = try input.read()
+        outerHeader = try input.read()
 
-        var key = try header.masterKey(from: compositeKey)
-        let hmacKey = SHA512.hash( UInt64.max.bytes + SHA512.hash( key + 1 ) )
-        key = SHA256.hash( key )
+        let masterKey = try outerHeader.masterKey(from: compositeKey)
 
-        let data = try input.read() as Bytes
-        let stream = Input(bytes: data)
+        // Get outer header bytes to verify the hash
+        let header = input.bytes.prefix(input.offset)
+        var content = try Database4.unhash(header: header,
+                                           data: try input.read(),
+                                           key: masterKey)
 
-        guard
-            try stream.read(lenght: SHA256.Lenght) == SHA256.hash( header.data ),
-            try stream.read(lenght: SHA256.Lenght) == HMACSHA256.authenticate(header.data, key: hmacKey)
-        else { throw KDBXError.corruptedDatabase }
+        let key = SHA256.hash( masterKey )
+        let cipher = try outerHeader.cipher(key: key)
+        content = try cipher.decrypt(data: content)
 
-        let cipher = try header.cipher(key: key)
-        let hash = try cipher.decrypt(data: data)
+        if outerHeader[.compressionFlags] == Compression.gzip {
+            content = try content.gunzipped()
+        }
 
-        fatalError()
+        let stream = Input(bytes: content)
+        innerHeader = try stream.read()
+
+        var options = XML.Options()
+        options.parserSettings.shouldTrimWhitespace = false
+
+        document = try XML.Document(xml: stream.remaining.data, options: options)
     }
 
-}
+    class func unhash(header: Bytes, data: Bytes, key: Bytes) throws -> Bytes {
+        let stream = Input(bytes: data)
 
-extension Database4: Writable {
+        let key = SHA512.hash( key + 1 )
+        let hmacKey = HmacKey(block: .max, key: key)
 
-    func write(to output: Output) throws {
-        try output.write(header)
-        fatalError()
-    }
+        guard
+            try stream.read(lenght: SHA256.Lenght) == SHA256.hash( header ),
+            try stream.read(lenght: HMACSHA256.Lenght) == HMACSHA256.authenticate(header, key: hmacKey)
+        else { throw KDBXError.invalidCompositeKey }
 
-}
+        var index: UInt64 = 0
+        var content = Bytes()
 
-extension Database4.Header: Streamable {
+        while stream.hasBytesAvailable {
 
-    init(from input: Input) throws {
-        var fields = [TLV<OuterHeader, UInt32>]()
+            let hmac = try stream.read(lenght: HMACSHA256.Lenght)
+            let size = try CFSwapInt32LittleToHost(stream.read())
+            let block = try stream.read(lenght: Int(size))
 
-        while true {
-            let field: TLV<OuterHeader, UInt32> = try input.read()
-            fields.append(field)
-            if field.type == .end { break }
+            let hmacKey = HmacKey(block: index, key: key)
+            let hash = HMACSHA256(key: hmacKey)
+            hash.update(CFSwapInt64HostToLittle(index).bytes)
+            hash.update(CFSwapInt32HostToLittle(size).bytes)
+            hash.update(block)
+
+            guard hash.final == hmac else { throw KDBXError.corruptedDatabase }
+            content += block
+            index += 1
         }
 
-        self.fields = fields
-        self.data = input.bytes.prefix(input.offset)
+        return content
     }
 
+}
+
+extension Database4: Writable {
+
     func write(to output: Output) throws {
-        try output.write(fields)
+        try output.write(outerHeader)
+        fatalError()
     }
 
 }
 
-extension Database4.Header: Header {
-
-    subscript(_ field: OuterHeader) -> Bytes? {
-        return fields.first(where: { $0.type == field })?.value
-    }
+func HmacKey(block index: UInt64, key: Bytes) -> Bytes {
+    // Ensure endianess
+    let index = CFSwapInt64LittleToHost(index)
+    let hash = SHA512()
+    hash.update(index.bytes)
+    hash.update(key)
+    return hash.final
 }

Sources/KDBX/File.swift

@@ -64,7 +64,7 @@ public class File {
 
         guard try stream.read() == FileSignature else { throw KDBXError.invalidFileFormat }
 
-        let format = try stream.read() as UInt32
+        let format: UInt32 = try stream.read()
         guard
             format == BetaFileFormat ||
             format == FileFormat
@@ -78,7 +78,6 @@ extension File: Writable {
 
     public func write(to output: Output) throws {
         try output.write(version)
-        // `try output.write(version)` error: Protocol type 'Writable & Database' cannot conform to 'Writable' because only concrete types can conform to protocols
         try database.write(to: output)
     }
 

Sources/KDBX/Header.swift

@@ -20,11 +20,9 @@ import Foundation
 import Binary
 import Crypto
 
-protocol Header {
-    subscript(_ type: OuterHeader) -> Bytes? { get }
-}
+typealias Header<T, L> = [TLV<T, L>] where L: BinaryInteger
 
-enum OuterHeader: UInt8, Streamable {
+enum OuterHeader: UInt8, Streamable, Endable {
     case end                 = 0
     case comment             = 1
     case cipherID            = 2
@@ -38,13 +36,17 @@ enum OuterHeader: UInt8, Streamable {
     case innerRandomStreamID = 10
     case kdfParameters       = 11
     case publicCustomData    = 12
+
+    var isAtEnd: Bool { self == .end }
 }
 
-enum InnerHeader: UInt8, Streamable {
+enum InnerHeader: UInt8, Streamable, Endable {
     case end                  = 0
     case innerRandomStreamID  = 1
     case innerRandomStreamKey = 2
     case binary               = 3
+
+    var isAtEnd: Bool { self == .end }
 }
 
 enum Compression: UInt32, BytesRepresentable {
@@ -61,17 +63,12 @@ enum RandomStream: UInt32, BytesRepresentable {
     case count      = 4
 }
 
-extension Header {
-
-    subscript<T>(_ type: OuterHeader) -> T? where T: BytesRepresentable {
-        guard let bytes = self[type] else { return nil }
-        return try? T(bytes)
-    }
+extension Array where Element: TLVProtocol, Element.`Type` == OuterHeader, Element.Value == Bytes {
 
     func cipher(key: Bytes) throws -> Cipher {
         guard
             let uuid: UUID = self[.cipherID],
-            let iv = self[.initialVector]
+            let iv: Bytes = self[.initialVector]
         else { throw KDBXError.corruptedDatabase }
 
         switch uuid {
@@ -87,7 +84,10 @@ extension Header {
     }
 
     func masterKey(from compositeKey: CompositeKey) throws -> Bytes {
-        guard let masterSeed = self[.masterSeed] else { throw KDBXError.corruptedDatabase }
+        guard
+            let masterSeed: Bytes = self[.masterSeed]
+        else { throw KDBXError.corruptedDatabase }
+
         let key = try compositeKey.serialize()
 
         // Key Derivation
@@ -117,3 +117,18 @@ extension Header {
         }
     }
 }
+
+extension Array: Readable where Element: TLVProtocol & Readable, Element.`Type`: Endable {
+
+    public init(from input: Input) throws {
+        var fields: [Element] = []
+
+        while true {
+            let field: Element = try input.read()
+            fields.append(field)
+            if field.type.isAtEnd { break }
+        }
+
+        self = fields
+    }
+}

Sources/KeePass/Database.swift

@@ -19,11 +19,7 @@
 import Foundation
 
 public protocol Database {
-
     associatedtype Root: Group
 
-    typealias Entry = Root.Entries.Element
-
     var root: Root { get }
-    
 }

Sources/KeePass/Field.swift

@@ -24,12 +24,3 @@ public struct Field {
     public var value: String?
     public var isProtected: Bool
 }
-
-public struct Times {
-    public let creationDate: Date
-    public var lastModifiedDate: Date
-    public var lastAccessDate: Date
-    public var expirationDate: Date?
-}
-
-

Sources/KeePass/KDBX.swift

@@ -28,7 +28,7 @@ extension KDBX.File: Database {
 }
 
 extension Element {
-    private var this: XML.Element { self as XML.Element }
+    private var this: XML.Element { self }
 }
 
 extension XML.Element {
@@ -42,7 +42,7 @@ extension XML.Element {
 extension Field {
 
     init?(_ element: XML.Element) {
-        guard let key = element.Key.value else { return nil}
+        guard let key = element.Key.value else { return nil }
         name = key
 
         value = element.Value.value

Sources/KeePass/KeePass.swift

@@ -31,7 +31,7 @@ public enum FileFormat: UInt32, Streamable {
 
 public class KeePass {
 
-    public static func open(contentOf url: URL, compositeKey: CompositeKey) throws -> AnyDatabase {
+    public static func open(contentOf url: URL, compositeKey: CompositeKey) throws -> some Database {
 
         let bytes = try Bytes(contentsOf: url)
         let stream = Input(bytes: bytes)
@@ -40,7 +40,7 @@ public class KeePass {
             throw KeePassError.invalidFileFormat
         }
 
-        let format = try stream.read() as FileFormat
+        let format: FileFormat = try stream.read()
 
         switch format {
         case .kdb:
@@ -50,8 +50,8 @@ public class KeePass {
         }
     }
 
-    public static func open(contentOf xml: URL) throws -> AnyDatabase {
-        return AnyDatabase ( try KDBX.File(xml: xml) )
+    public static func open(contentOf xml: URL) throws -> some Database {
+        try KDBX.File(xml: xml)
     }
 
 }

Sources/KeePass/TypeErasure.swift

@@ -19,68 +19,68 @@
 import Foundation
 
 @inline(never)
-internal func _abstract(file: StaticString = #file, line: UInt = #line) -> Never {
+func _abstract(file: StaticString = #file, line: UInt = #line) -> Never {
     fatalError("Method must be overridden", file: file, line: line)
 }
 
 // MARK: - Database
 
-internal class _AnyDatabaseBoxBase: Database {
-    internal var root: AnyGroup { _abstract() }
+class _AnyDatabaseBoxBase: Database {
+    var root: AnyGroup { _abstract() }
 }
 
-internal final class _AnyDatabaseBox<Base>: _AnyDatabaseBoxBase where Base: Database {
-    internal override var root: AnyGroup { AnyGroup( _base.root ) }
-    internal var _base: Base
-    internal init(_ base: Base) { _base = base }
+final class _AnyDatabaseBox<Base>: _AnyDatabaseBoxBase where Base: Database {
+    override var root: AnyGroup { AnyGroup( _base.root ) }
+    var _base: Base
+    init(_ base: Base) { _base = base }
 }
 
-public class AnyDatabase: Database {
-    public var root: AnyGroup { _box.root }
-    internal let _box: _AnyDatabaseBoxBase
-    internal init<T>(_ base: T) where T: Database {
+class AnyDatabase: Database {
+    var root: AnyGroup { _box.root }
+    let _box: _AnyDatabaseBoxBase
+    init<T>(_ base: T) where T: Database {
         _box = _AnyDatabaseBox(base)
     }
 }
 
 // MARK: - Group
 
-internal class _AnyGroupBoxBase: Group {
+class _AnyGroupBoxBase: Group {
 
-    internal var title: String {
+    var title: String {
         get { _abstract() }
         set { _abstract() }
     }
 
-    internal var icon: Int {
+    var icon: Int {
         get { _abstract() }
         set { _abstract() }
     }
 
-    internal var entries: AnyRandomAccessCollection<AnyEntry> { _abstract() }
-    internal var groups: AnyRandomAccessCollection<AnyGroup> { _abstract() }
+    var entries: AnyRandomAccessCollection<AnyEntry> { _abstract() }
+    var groups: AnyRandomAccessCollection<AnyGroup> { _abstract() }
 }
 
-internal final class _AnyGroupBox<Base>: _AnyGroupBoxBase where Base: Group {
+final class _AnyGroupBox<Base>: _AnyGroupBoxBase where Base: Group {
 
-    internal override var title: String {
+    override var title: String {
         get { _base.title }
         set { _base.title = newValue }
     }
 
-    internal override var icon: Int {
+    override var icon: Int {
         get { _base.icon }
         set { _base.icon = newValue }
     }
 
-    internal override var entries: AnyRandomAccessCollection<AnyEntry> { AnyRandomAccessCollection<AnyEntry>(_base.entries.map { AnyEntry($0) }) }
-    internal override var groups: AnyRandomAccessCollection<AnyGroup> { AnyRandomAccessCollection<AnyGroup>(_base.groups.map { AnyGroup($0) }) }
+    override var entries: AnyRandomAccessCollection<AnyEntry> { AnyRandomAccessCollection<AnyEntry>(_base.entries.map { AnyEntry($0) }) }
+    override var groups: AnyRandomAccessCollection<AnyGroup> { AnyRandomAccessCollection<AnyGroup>(_base.groups.map { AnyGroup($0) }) }
 
-    internal var _base: Base
-    internal init(_ base: Base) { _base = base }
+    var _base: Base
+    init(_ base: Base) { _base = base }
 }
 
-public class AnyGroup: Group {
+class AnyGroup: Group {
 
     public var title: String {
         get { _box.title }
@@ -92,37 +92,37 @@ public class AnyGroup: Group {
         set { _box.icon = newValue }
     }
 
-    public var entries: AnyRandomAccessCollection<AnyEntry> { _box.entries }
-    public var groups: AnyRandomAccessCollection<AnyGroup> { _box.groups }
+    var entries: AnyRandomAccessCollection<AnyEntry> { _box.entries }
+    var groups: AnyRandomAccessCollection<AnyGroup> { _box.groups }
 
-    internal let _box: _AnyGroupBoxBase
-    internal init<T>(_ base: T) where T: Group {
+    let _box: _AnyGroupBoxBase
+    init<T>(_ base: T) where T: Group {
         _box = _AnyGroupBox(base)
     }
 }
 
 // MARK: - Entry
 
-internal class _AnyEntryBoxBase: Entry {
-    internal var times: Timestamp { _abstract() }
-    internal var fields: AnyRandomAccessCollection<Field> { _abstract() }
-    internal func set(_ field: Field) { _abstract() }
+class _AnyEntryBoxBase: Entry {
+    var times: Timestamp { _abstract() }
+    var fields: AnyRandomAccessCollection<Field> { _abstract() }
+    func set(_ field: Field) { _abstract() }
 }
 
-internal final class _AnyEntryBox<Base>: _AnyEntryBoxBase where Base: Entry {
-    internal override var times: Timestamp { _base.times }
-    internal override var fields: AnyRandomAccessCollection<Field> { AnyRandomAccessCollection<Field>(_base.fields) }
-    internal override func set(_ field: Field) { _base.set(field) }
-    internal var _base: Base
-    internal init(_ base: Base) { _base = base }
+final class _AnyEntryBox<Base>: _AnyEntryBoxBase where Base: Entry {
+    override var times: Timestamp { _base.times }
+    override var fields: AnyRandomAccessCollection<Field> { AnyRandomAccessCollection<Field>(_base.fields) }
+    override func set(_ field: Field) { _base.set(field) }
+    var _base: Base
+    init(_ base: Base) { _base = base }
 }
 
-public final class AnyEntry: Entry {
+final class AnyEntry: Entry {
     public var times: Timestamp { _box.times }
     public var fields: AnyRandomAccessCollection<Field> { _box.fields }
     public func set(_ field: Field) { _box.set(field) }
-    internal let _box: _AnyEntryBoxBase
-    internal init<T>(_ base: T) where T: Entry {
+    let _box: _AnyEntryBoxBase
+    init<T>(_ base: T) where T: Entry {
         _box = _AnyEntryBox(base)
     }
 }

Sources/Sodium/LICENSE

@@ -1,7 +1,7 @@
 /*
  * ISC License
  *
- * Copyright (c) 2013-2019
+ * Copyright (c) 2013-2021
  * Frank Denis <j at pureftpd dot org>
  *
  * Permission to use, copy, modify, and/or distribute this software for any

Sources/Sodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c

@@ -365,7 +365,7 @@ do { \
   */ \
     MAKE4(RED_MUL_MID); \
 \
-/* substracts x1*h1 and x0*h0 */ \
+    /* subtracts x1*h1 and x0*h0 */ \
     tmp0 = _mm_xor_si128(tmp0, lo); \
     tmp0 = _mm_xor_si128(tmp0, hi); \
     tmp0 = _mm_xor_si128(tmp1, tmp0); \

Sources/Sodium/crypto_box/crypto_box_seal.c

@@ -32,10 +32,10 @@ crypto_box_seal(unsigned char *c, const unsigned char *m,
     if (crypto_box_keypair(epk, esk) != 0) {
         return -1; /* LCOV_EXCL_LINE */
     }
-    memcpy(c, epk, crypto_box_PUBLICKEYBYTES);
     _crypto_box_seal_nonce(nonce, epk, pk);
     ret = crypto_box_easy(c + crypto_box_PUBLICKEYBYTES, m, mlen,
                           nonce, pk, esk);
+    memcpy(c, epk, crypto_box_PUBLICKEYBYTES);
     sodium_memzero(esk, sizeof esk);
     sodium_memzero(epk, sizeof epk);
     sodium_memzero(nonce, sizeof nonce);

Sources/Sodium/crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c

@@ -38,11 +38,11 @@ crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c, const unsigned cha
     if (crypto_box_curve25519xchacha20poly1305_keypair(epk, esk) != 0) {
         return -1; /* LCOV_EXCL_LINE */
     }
-    memcpy(c, epk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
     _crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, epk, pk);
     ret = crypto_box_curve25519xchacha20poly1305_easy(
          c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, m, mlen,
          nonce, pk, esk);
+    memcpy(c, epk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
     sodium_memzero(esk, sizeof esk);
     sodium_memzero(epk, sizeof epk);
     sodium_memzero(nonce, sizeof nonce);

Sources/Sodium/crypto_core/ed25519/core_ed25519.c

@@ -81,10 +81,10 @@ crypto_core_ed25519_from_hash(unsigned char *p, const unsigned char *h)
 void
 crypto_core_ed25519_random(unsigned char *p)
 {
-    unsigned char h[crypto_core_ed25519_HASHBYTES];
+    unsigned char h[crypto_core_ed25519_UNIFORMBYTES];
 
     randombytes_buf(h, sizeof h);
-    (void) crypto_core_ed25519_from_hash(p, h);
+    (void) crypto_core_ed25519_from_uniform(p, h);
 }
 
 void

Sources/Sodium/crypto_core/ed25519/ref10/ed25519_ref10.c

@@ -81,8 +81,7 @@ fe25519_invert(fe25519 out, const fe25519 z)
         fe25519_sq(t3, t3);
     }
     fe25519_mul(t2, t3, t2);
-    fe25519_sq(t2, t2);
-    for (i = 1; i < 10; ++i) {
+    for (i = 1; i < 11; ++i) {
         fe25519_sq(t2, t2);
     }
     fe25519_mul(t1, t2, t1);
@@ -96,13 +95,11 @@ fe25519_invert(fe25519 out, const fe25519 z)
         fe25519_sq(t3, t3);
     }
     fe25519_mul(t2, t3, t2);
-    fe25519_sq(t2, t2);
-    for (i = 1; i < 50; ++i) {
+    for (i = 1; i < 51; ++i) {
         fe25519_sq(t2, t2);
     }
     fe25519_mul(t1, t2, t1);
-    fe25519_sq(t1, t1);
-    for (i = 1; i < 5; ++i) {
+    for (i = 1; i < 6; ++i) {
         fe25519_sq(t1, t1);
     }
     fe25519_mul(out, t1, t0);
@@ -138,8 +135,7 @@ fe25519_pow22523(fe25519 out, const fe25519 z)
         fe25519_sq(t2, t2);
     }
     fe25519_mul(t1, t2, t1);
-    fe25519_sq(t1, t1);
-    for (i = 1; i < 10; ++i) {
+    for (i = 1; i < 11; ++i) {
         fe25519_sq(t1, t1);
     }
     fe25519_mul(t0, t1, t0);
@@ -153,8 +149,7 @@ fe25519_pow22523(fe25519 out, const fe25519 z)
         fe25519_sq(t2, t2);
     }
     fe25519_mul(t1, t2, t1);
-    fe25519_sq(t1, t1);
-    for (i = 1; i < 50; ++i) {
+    for (i = 1; i < 51; ++i) {
         fe25519_sq(t1, t1);
     }
     fe25519_mul(t0, t1, t0);
@@ -179,6 +174,55 @@ fe25519_abs(fe25519 h, const fe25519 f)
     fe25519_cneg(h, f, fe25519_isnegative(f));
 }
 
+static inline void
+fe25519_sqmul(fe25519 s, const int n, const fe25519 a)
+{
+    int i;
+
+    for (i = 0; i < n; i++) {
+        fe25519_sq(s, s);
+    }
+    fe25519_mul(s, s, a);
+}
+
+static unsigned int
+fe25519_notsquare(const fe25519 x)
+{
+    fe25519       _10, _11, _1100, _1111, _11110000, _11111111;
+    fe25519       t, u, v;
+    unsigned char s[32];
+
+    /* Jacobi symbol - x^((p-1)/2) */
+    fe25519_mul(_10, x, x);
+    fe25519_mul(_11, x, _10);
+    fe25519_sq(_1100, _11);
+    fe25519_sq(_1100, _1100);
+    fe25519_mul(_1111, _11, _1100);
+    fe25519_sq(_11110000, _1111);
+    fe25519_sq(_11110000, _11110000);
+    fe25519_sq(_11110000, _11110000);
+    fe25519_sq(_11110000, _11110000);
+    fe25519_mul(_11111111, _1111, _11110000);
+    fe25519_copy(t, _11111111);
+    fe25519_sqmul(t, 2, _11);
+    fe25519_copy(u, t);
+    fe25519_sqmul(t, 10, u);
+    fe25519_sqmul(t, 10, u);
+    fe25519_copy(v, t);
+    fe25519_sqmul(t, 30, v);
+    fe25519_copy(v, t);
+    fe25519_sqmul(t, 60, v);
+    fe25519_copy(v, t);
+    fe25519_sqmul(t, 120, v);
+    fe25519_sqmul(t, 10, u);
+    fe25519_sqmul(t, 3, _11);
+    fe25519_sq(t, t);
+
+    fe25519_tobytes(s, t);
+
+    return s[1] & 1;
+}
+
 /*
  r = p + q
  */
@@ -2071,46 +2115,52 @@ sc25519_sqmul(unsigned char s[32], const int n, const unsigned char a[32])
 void
 sc25519_invert(unsigned char recip[32], const unsigned char s[32])
 {
-    unsigned char _10[32], _100[32], _11[32], _101[32], _111[32],
-        _1001[32], _1011[32], _1111[32];
+    unsigned char _10[32], _100[32], _1000[32], _10000[32], _100000[32],
+        _1000000[32], _10010011[32], _10010111[32], _100110[32], _1010[32],
+        _1010000[32], _1010011[32], _1011[32], _10110[32], _10111101[32],
+        _11[32], _1100011[32], _1100111[32], _11010011[32], _1101011[32],
+        _11100111[32], _11101011[32], _11110101[32];
 
     sc25519_sq(_10, s);
-    sc25519_sq(_100, _10);
-    sc25519_mul(_11, _10, s);
-    sc25519_mul(_101, _10, _11);
-    sc25519_mul(_111, _10, _101);
-    sc25519_mul(_1001, _10, _111);
-    sc25519_mul(_1011, _10, _1001);
-    sc25519_mul(_1111, _100, _1011);
-    sc25519_mul(recip, _1111, s);
-
-    sc25519_sqmul(recip, 123 + 3, _101);
-    sc25519_sqmul(recip, 2 + 2, _11);
-    sc25519_sqmul(recip, 1 + 4, _1111);
-    sc25519_sqmul(recip, 1 + 4, _1111);
-    sc25519_sqmul(recip, 4, _1001);
-    sc25519_sqmul(recip, 2, _11);
-    sc25519_sqmul(recip, 1 + 4, _1111);
-    sc25519_sqmul(recip, 1 + 3, _101);
-    sc25519_sqmul(recip, 3 + 3, _101);
-    sc25519_sqmul(recip, 3, _111);
-    sc25519_sqmul(recip, 1 + 4, _1111);
-    sc25519_sqmul(recip, 2 + 3, _111);
-    sc25519_sqmul(recip, 2 + 2, _11);
-    sc25519_sqmul(recip, 1 + 4, _1011);
-    sc25519_sqmul(recip, 2 + 4, _1011);
-    sc25519_sqmul(recip, 6 + 4, _1001);
-    sc25519_sqmul(recip, 2 + 2, _11);
-    sc25519_sqmul(recip, 3 + 2, _11);
-    sc25519_sqmul(recip, 3 + 2, _11);
-    sc25519_sqmul(recip, 1 + 4, _1001);
-    sc25519_sqmul(recip, 1 + 3, _111);
-    sc25519_sqmul(recip, 2 + 4, _1111);
-    sc25519_sqmul(recip, 1 + 4, _1011);
-    sc25519_sqmul(recip, 3, _101);
-    sc25519_sqmul(recip, 2 + 4, _1111);
-    sc25519_sqmul(recip, 3, _101);
-    sc25519_sqmul(recip, 1 + 2, _11);
+    sc25519_mul(_11, s, _10);
+    sc25519_mul(_100, s, _11);
+    sc25519_sq(_1000, _100);
+    sc25519_mul(_1010, _10, _1000);
+    sc25519_mul(_1011, s, _1010);
+    sc25519_sq(_10000, _1000);
+    sc25519_sq(_10110, _1011);
+    sc25519_mul(_100000, _1010, _10110);
+    sc25519_mul(_100110, _10000, _10110);
+    sc25519_sq(_1000000, _100000);
+    sc25519_mul(_1010000, _10000, _1000000);
+    sc25519_mul(_1010011, _11, _1010000);
+    sc25519_mul(_1100011, _10000, _1010011);
+    sc25519_mul(_1100111, _100, _1100011);
+    sc25519_mul(_1101011, _100, _1100111);
+    sc25519_mul(_10010011, _1000000, _1010011);
+    sc25519_mul(_10010111, _100, _10010011);
+    sc25519_mul(_10111101, _100110, _10010111);
+    sc25519_mul(_11010011, _10110, _10111101);
+    sc25519_mul(_11100111, _1010000, _10010111);
+    sc25519_mul(_11101011, _100, _11100111);
+    sc25519_mul(_11110101, _1010, _11101011);
+
+    sc25519_mul(recip, _1011, _11110101);
+    sc25519_sqmul(recip, 126, _1010011);
+    sc25519_sqmul(recip, 9, _10);
+    sc25519_mul(recip, recip, _11110101);
+    sc25519_sqmul(recip, 7, _1100111);
+    sc25519_sqmul(recip, 9, _11110101);
+    sc25519_sqmul(recip, 11, _10111101);
+    sc25519_sqmul(recip, 8, _11100111);
+    sc25519_sqmul(recip, 9, _1101011);
+    sc25519_sqmul(recip, 6, _1011);
+    sc25519_sqmul(recip, 14, _10010011);
+    sc25519_sqmul(recip, 10, _1100011);
+    sc25519_sqmul(recip, 9, _10010111);
+    sc25519_sqmul(recip, 10, _11110101);
+    sc25519_sqmul(recip, 8, _11010011);
+    sc25519_sqmul(recip, 8, _11101011);
 }
 
 /*
@@ -2469,94 +2519,35 @@ sc25519_is_canonical(const unsigned char s[32])
     return (c != 0);
 }
 
-static void
-chi25519(fe25519 out, const fe25519 z)
-{
-    fe25519 t0, t1, t2, t3;
-    int     i;
-
-    fe25519_sq(t0, z);
-    fe25519_mul(t1, t0, z);
-    fe25519_sq(t0, t1);
-    fe25519_sq(t2, t0);
-    fe25519_sq(t2, t2);
-    fe25519_mul(t2, t2, t0);
-    fe25519_mul(t1, t2, z);
-    fe25519_sq(t2, t1);
-
-    for (i = 1; i < 5; i++) {
-        fe25519_sq(t2, t2);
-    }
-    fe25519_mul(t1, t2, t1);
-    fe25519_sq(t2, t1);
-    for (i = 1; i < 10; i++) {
-        fe25519_sq(t2, t2);
-    }
-    fe25519_mul(t2, t2, t1);
-    fe25519_sq(t3, t2);
-    for (i = 1; i < 20; i++) {
-        fe25519_sq(t3, t3);
-    }
-    fe25519_mul(t2, t3, t2);
-    fe25519_sq(t2, t2);
-    for (i = 1; i < 10; i++) {
-        fe25519_sq(t2, t2);
-    }
-    fe25519_mul(t1, t2, t1);
-    fe25519_sq(t2, t1);
-    for (i = 1; i < 50; i++) {
-        fe25519_sq(t2, t2);
-    }
-    fe25519_mul(t2, t2, t1);
-    fe25519_sq(t3, t2);
-    for (i = 1; i < 100; i++) {
-        fe25519_sq(t3, t3);
-    }
-    fe25519_mul(t2, t3, t2);
-    fe25519_sq(t2, t2);
-    for (i = 1; i < 50; i++) {
-        fe25519_sq(t2, t2);
-    }
-    fe25519_mul(t1, t2, t1);
-    fe25519_sq(t1, t1);
-    for (i = 1; i < 4; i++) {
-        fe25519_sq(t1, t1);
-    }
-    fe25519_mul(out, t1, t0);
-}
-
 static void
 ge25519_elligator2(unsigned char s[32], const fe25519 r, const unsigned char x_sign)
 {
-    fe25519      e;
+    fe25519      gx;
     fe25519      negx;
     fe25519      rr2;
     fe25519      x, x2, x3;
     ge25519_p3   p3;
     ge25519_p1p1 p1;
     ge25519_p2   p2;
-    unsigned int e_is_minus_1;
+    unsigned int notsquare;
 
     fe25519_sq2(rr2, r);
     rr2[0]++;
     fe25519_invert(rr2, rr2);
-    fe25519_mul(x, curve25519_A, rr2);
+    fe25519_mul32(x, rr2, curve25519_A[0]);
     fe25519_neg(x, x);
 
     fe25519_sq(x2, x);
     fe25519_mul(x3, x, x2);
-    fe25519_add(e, x3, x);
-    fe25519_mul(x2, x2, curve25519_A);
-    fe25519_add(e, x2, e);
-
-    chi25519(e, e);
+    fe25519_add(gx, x3, x);
+    fe25519_mul32(x2, x2, curve25519_A[0]);
+    fe25519_add(gx, x2, gx);
 
-    fe25519_tobytes(s, e);
-    e_is_minus_1 = s[1] & 1;
+    notsquare = fe25519_notsquare(gx);
     fe25519_neg(negx, x);
-    fe25519_cmov(x, negx, e_is_minus_1);
+    fe25519_cmov(x, negx, notsquare);
     fe25519_0(x2);
-    fe25519_cmov(x2, curve25519_A, e_is_minus_1);
+    fe25519_cmov(x2, curve25519_A, notsquare);
     fe25519_sub(x, x, x2);
 
     /* yed = (x-1)/(x+1) */
@@ -2675,6 +2666,7 @@ ristretto255_is_canonical(const unsigned char *s)
 {
     unsigned char c;
     unsigned char d;
+    unsigned char e;
     unsigned int  i;
 
     c = (s[31] & 0x7f) ^ 0x7f;
@@ -2683,8 +2675,9 @@ ristretto255_is_canonical(const unsigned char *s)
     }
     c = (((unsigned int) c) - 1U) >> 8;
     d = (0xed - 1U - (unsigned int) s[0]) >> 8;
+    e = s[31] >> 7;
 
-    return 1 - (((c & d) | s[0]) & 1);
+    return 1 - (((c & d) | e | s[0]) & 1);
 }
 
 int
@@ -2773,7 +2766,7 @@ ristretto255_p3_tobytes(unsigned char *s, const ge25519_p3 *h)
 
     fe25519_mul(ix, h->X, sqrtm1);     /* ix = X*sqrt(-1) */
     fe25519_mul(iy, h->Y, sqrtm1);     /* iy = Y*sqrt(-1) */
-    fe25519_mul(eden, den1, invsqrtamd); /* eden = den1*sqrt(a-d) */
+    fe25519_mul(eden, den1, invsqrtamd); /* eden = den1/sqrt(a-d) */
 
     fe25519_mul(t_z_inv, h->T, z_inv); /* t_z_inv = T*z_inv */
     rotate = fe25519_isnegative(t_z_inv);
@@ -2816,7 +2809,7 @@ ristretto255_elligator(ge25519_p3 *p, const fe25519 t)
     fe25519_mul(u, u, onemsqd);        /* u = (r+1)*(1-d^2) */
     fe25519_1(c);
     fe25519_neg(c, c);                 /* c = -1 */
-    fe25519_add(rpd, r, d);            /* rpd = r*d */
+    fe25519_add(rpd, r, d);            /* rpd = r+d */
     fe25519_mul(v, r, d);              /* v = r*d */
     fe25519_sub(v, c, v);              /* v = c-r*d */
     fe25519_mul(v, v, rpd);            /* v = (c-r*d)*(r+d) */

Sources/Sodium/crypto_generichash/blake2b/ref/blake2.h

@@ -23,20 +23,6 @@
 #include "crypto_generichash_blake2b.h"
 #include "export.h"
 
-#define blake2b_init_param crypto_generichash_blake2b__init_param
-#define blake2b_init crypto_generichash_blake2b__init
-#define blake2b_init_salt_personal \
-    crypto_generichash_blake2b__init_salt_personal
-#define blake2b_init_key crypto_generichash_blake2b__init_key
-#define blake2b_init_key_salt_personal \
-    crypto_generichash_blake2b__init_key_salt_personal
-#define blake2b_update crypto_generichash_blake2b__update
-#define blake2b_final crypto_generichash_blake2b__final
-#define blake2b crypto_generichash_blake2b__blake2b
-#define blake2b_salt_personal crypto_generichash_blake2b__blake2b_salt_personal
-#define blake2b_pick_best_implementation \
-    crypto_generichash_blake2b__pick_best_implementation
-
 enum blake2b_constant {
     BLAKE2B_BLOCKBYTES    = 128,
     BLAKE2B_OUTBYTES      = 64,

Sources/Sodium/crypto_pwhash/argon2/argon2-core.c

@@ -35,13 +35,17 @@
 # define MAP_ANON MAP_ANONYMOUS
 #endif
 #ifndef MAP_NOCORE
-# define MAP_NOCORE 0
+# ifdef MAP_CONCEAL
+#  define MAP_NOCORE MAP_CONCEAL
+# else
+#  define MAP_NOCORE 0
+# endif
 #endif
 #ifndef MAP_POPULATE
 # define MAP_POPULATE 0
 #endif
 
-static fill_segment_fn fill_segment = fill_segment_ref;
+static fill_segment_fn fill_segment = argon2_fill_segment_ref;
 
 static void
 load_block(block *dst, const void *input)
@@ -171,8 +175,8 @@ free_memory(block_region *region)
     free(region);
 }
 
-void
-free_instance(argon2_instance_t *instance, int flags)
+static void
+argon2_free_instance(argon2_instance_t *instance, int flags)
 {
     /* Clear memory */
     clear_memory(instance, flags & ARGON2_FLAG_CLEAR_MEMORY);
@@ -185,7 +189,7 @@ free_instance(argon2_instance_t *instance, int flags)
 }
 
 void
-finalize(const argon2_context *context, argon2_instance_t *instance)
+argon2_finalize(const argon2_context *context, argon2_instance_t *instance)
 {
     if (context != NULL && instance != NULL) {
         block    blockhash;
@@ -214,12 +218,12 @@ finalize(const argon2_context *context, argon2_instance_t *instance)
                            ARGON2_BLOCK_SIZE); /* clear blockhash_bytes */
         }
 
-        free_instance(instance, context->flags);
+        argon2_free_instance(instance, context->flags);
     }
 }
 
 void
-fill_memory_blocks(argon2_instance_t *instance, uint32_t pass)
+argon2_fill_memory_blocks(argon2_instance_t *instance, uint32_t pass)
 {
     argon2_position_t position;
     uint32_t l;
@@ -241,7 +245,7 @@ fill_memory_blocks(argon2_instance_t *instance, uint32_t pass)
 }
 
 int
-validate_inputs(const argon2_context *context)
+argon2_validate_inputs(const argon2_context *context)
 {
     /* LCOV_EXCL_START */
     if (NULL == context) {
@@ -321,6 +325,15 @@ validate_inputs(const argon2_context *context)
         }
     }
 
+    /* Validate lanes */
+    if (ARGON2_MIN_LANES > context->lanes) {
+        return ARGON2_LANES_TOO_FEW;
+    }
+
+    if (ARGON2_MAX_LANES < context->lanes) {
+        return ARGON2_LANES_TOO_MANY;
+    }
+
     /* Validate memory cost */
     if (ARGON2_MIN_MEMORY > context->m_cost) {
         return ARGON2_MEMORY_TOO_LITTLE;
@@ -343,15 +356,6 @@ validate_inputs(const argon2_context *context)
         return ARGON2_TIME_TOO_LARGE;
     }
 
-    /* Validate lanes */
-    if (ARGON2_MIN_LANES > context->lanes) {
-        return ARGON2_LANES_TOO_FEW;
-    }
-
-    if (ARGON2_MAX_LANES < context->lanes) {
-        return ARGON2_LANES_TOO_MANY;
-    }
-
     /* Validate threads */
     if (ARGON2_MIN_THREADS > context->threads) {
         return ARGON2_THREADS_TOO_FEW;
@@ -365,8 +369,8 @@ validate_inputs(const argon2_context *context)
     return ARGON2_OK;
 }
 
-void
-fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance)
+static void
+argon2_fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance)
 {
     uint32_t l;
     /* Make the first and second block in each lane as G(H0||i||0) or
@@ -389,8 +393,9 @@ fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance)
     sodium_memzero(blockhash_bytes, ARGON2_BLOCK_SIZE);
 }
 
-void
-initial_hash(uint8_t *blockhash, argon2_context *context, argon2_type type)
+static void
+argon2_initial_hash(uint8_t *blockhash, argon2_context *context,
+                    argon2_type type)
 {
     crypto_generichash_blake2b_state BlakeHash;
     uint8_t                          value[4U /* sizeof(uint32_t) */];
@@ -473,7 +478,7 @@ initial_hash(uint8_t *blockhash, argon2_context *context, argon2_type type)
 }
 
 int
-initialize(argon2_instance_t *instance, argon2_context *context)
+argon2_initialize(argon2_instance_t *instance, argon2_context *context)
 {
     uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH];
     int     result = ARGON2_OK;
@@ -491,7 +496,7 @@ initialize(argon2_instance_t *instance, argon2_context *context)
 
     result = allocate_memory(&(instance->region), instance->memory_blocks);
     if (ARGON2_OK != result) {
-        free_instance(instance, context->flags);
+        argon2_free_instance(instance, context->flags);
         return result;
     }
 
@@ -499,45 +504,46 @@ initialize(argon2_instance_t *instance, argon2_context *context)
     /* H_0 + 8 extra bytes to produce the first blocks */
     /* uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */
     /* Hashing all inputs */
-    initial_hash(blockhash, context, instance->type);
+    argon2_initial_hash(blockhash, context, instance->type);
     /* Zeroing 8 extra bytes */
     sodium_memzero(blockhash + ARGON2_PREHASH_DIGEST_LENGTH,
                    ARGON2_PREHASH_SEED_LENGTH - ARGON2_PREHASH_DIGEST_LENGTH);
 
     /* 3. Creating first blocks, we always have at least two blocks in a slice
      */
-    fill_first_blocks(blockhash, instance);
+    argon2_fill_first_blocks(blockhash, instance);
     /* Clearing the hash */
     sodium_memzero(blockhash, ARGON2_PREHASH_SEED_LENGTH);
 
     return ARGON2_OK;
 }
 
-int
+static int
 argon2_pick_best_implementation(void)
 {
 /* LCOV_EXCL_START */
 #if defined(HAVE_AVX512FINTRIN_H) && defined(HAVE_AVX2INTRIN_H) && \
-    defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H)
+    defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H) && \
+    !defined(__APPLE__)
     if (sodium_runtime_has_avx512f()) {
-        fill_segment = fill_segment_avx512f;
+        fill_segment = argon2_fill_segment_avx512f;
         return 0;
     }
 #endif
 #if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_TMMINTRIN_H) && \
     defined(HAVE_SMMINTRIN_H)
     if (sodium_runtime_has_avx2()) {
-        fill_segment = fill_segment_avx2;
+        fill_segment = argon2_fill_segment_avx2;
         return 0;
     }
 #endif
 #if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H)
     if (sodium_runtime_has_ssse3()) {
-        fill_segment = fill_segment_ssse3;
+        fill_segment = argon2_fill_segment_ssse3;
         return 0;
     }
 #endif
-    fill_segment = fill_segment_ref;
+    fill_segment = argon2_fill_segment_ref;
 
     return 0;
     /* LCOV_EXCL_STOP */

Sources/Sodium/crypto_pwhash/argon2/argon2-core.h

@@ -214,28 +214,7 @@ static uint32_t index_alpha(const argon2_instance_t *instance,
  * @return ARGON2_OK if everything is all right, otherwise one of error codes
  * (all defined in <argon2.h>
  */
-int validate_inputs(const argon2_context *context);
-
-/*
- * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears
- * password and secret if needed
- * @param  context  Pointer to the Argon2 internal structure containing memory
- * pointer, and parameters for time and space requirements.
- * @param  blockhash Buffer for pre-hashing digest
- * @param  type Argon2 type
- * @pre    @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes
- * allocated
- */
-void initial_hash(uint8_t *blockhash, argon2_context *context,
-                  argon2_type type);
-
-/*
- * Function creates first 2 blocks per lane
- * @param instance Pointer to the current instance
- * @param blockhash Pointer to the pre-hashing digest
- * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values
- */
-void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance);
+int argon2_validate_inputs(const argon2_context *context);
 
 /*
  * Function allocates memory, hashes the inputs with Blake,  and creates first
@@ -247,12 +226,7 @@ void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance);
  * @return Zero if successful, -1 if memory failed to allocate. @context->state
  * will be modified if successful.
  */
-int initialize(argon2_instance_t *instance, argon2_context *context);
-
-/*
- * Deallocates memory. Used on error path.
- */
-void free_instance(argon2_instance_t *instance, int flags);
+int argon2_initialize(argon2_instance_t *instance, argon2_context *context);
 
 /*
  * XORing the last block of each lane, hashing it, making the tag. Deallocates
@@ -265,7 +239,8 @@ void free_instance(argon2_instance_t *instance, int flags);
  * @pre if context->free_cbk is not NULL, it should point to a function that
  * deallocates memory
  */
-void finalize(const argon2_context *context, argon2_instance_t *instance);
+void argon2_finalize(const argon2_context *context,
+                     argon2_instance_t *instance);
 
 /*
  * Function that fills the segment using previous segments also from other
@@ -276,15 +251,14 @@ void finalize(const argon2_context *context, argon2_instance_t *instance);
  */
 typedef void (*fill_segment_fn)(const argon2_instance_t *instance,
                                 argon2_position_t        position);
-int argon2_pick_best_implementation(void);
-void fill_segment_avx512f(const argon2_instance_t *instance,
-                          argon2_position_t        position);
-void fill_segment_avx2(const argon2_instance_t *instance,
-                       argon2_position_t        position);
-void fill_segment_ssse3(const argon2_instance_t *instance,
-                        argon2_position_t        position);
-void fill_segment_ref(const argon2_instance_t *instance,
-                      argon2_position_t        position);
+void argon2_fill_segment_avx512f(const argon2_instance_t *instance,
+                                 argon2_position_t        position);
+void argon2_fill_segment_avx2(const argon2_instance_t *instance,
+                              argon2_position_t        position);
+void argon2_fill_segment_ssse3(const argon2_instance_t *instance,
+                               argon2_position_t        position);
+void argon2_fill_segment_ref(const argon2_instance_t *instance,
+                             argon2_position_t        position);
 
 /*
  * Function that fills the entire memory t_cost times based on the first two
@@ -292,6 +266,6 @@ void fill_segment_ref(const argon2_instance_t *instance,
  * @param instance Pointer to the current instance
  * @return Zero if successful, -1 if memory failed to allocate
  */
-void fill_memory_blocks(argon2_instance_t *instance, uint32_t pass);
+void argon2_fill_memory_blocks(argon2_instance_t *instance, uint32_t pass);
 
 #endif

Sources/Sodium/crypto_pwhash/argon2/argon2-encoding.c

@@ -83,7 +83,7 @@ decode_decimal(const char *str, unsigned long *v)
  * output length must be in the allowed ranges defined in argon2.h.
  *
  * The ctx struct must contain buffers large enough to hold the salt and pwd
- * when it is fed into decode_string.
+ * when it is fed into argon2_decode_string.
  */
 
 /*
@@ -91,7 +91,7 @@ decode_decimal(const char *str, unsigned long *v)
  * Returned value is ARGON2_OK on success.
  */
 int
-decode_string(argon2_context *ctx, const char *str, argon2_type type)
+argon2_decode_string(argon2_context *ctx, const char *str, argon2_type type)
 {
 /* Prefix checking */
 #define CC(prefix)                               \
@@ -193,7 +193,7 @@ decode_string(argon2_context *ctx, const char *str, argon2_type type)
     BIN(ctx->salt, maxsaltlen, ctx->saltlen);
     CC("$");
     BIN(ctx->out, maxoutlen, ctx->outlen);
-    validation_result = validate_inputs(ctx);
+    validation_result = argon2_validate_inputs(ctx);
     if (validation_result != ARGON2_OK) {
         return validation_result;
     }
@@ -238,7 +238,8 @@ u32_to_string(char *str, uint32_t x)
  * On success, ARGON2_OK is returned.
  */
 int
-encode_string(char *dst, size_t dst_len, argon2_context *ctx, argon2_type type)
+argon2_encode_string(char *dst, size_t dst_len, argon2_context *ctx,
+                     argon2_type type)
 {
 #define SS(str)                          \
     do {                                 \
@@ -280,7 +281,7 @@ encode_string(char *dst, size_t dst_len, argon2_context *ctx, argon2_type type)
     default:
         return ARGON2_ENCODING_FAIL;
     }
-    validation_result = validate_inputs(ctx);
+    validation_result = argon2_validate_inputs(ctx);
     if (validation_result != ARGON2_OK) {
         return validation_result;
     }

Sources/Sodium/crypto_pwhash/argon2/argon2-encoding.h

@@ -17,8 +17,8 @@
  *
  * No other parameters are checked
  */
-int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
-                  argon2_type type);
+int argon2_encode_string(char *dst, size_t dst_len, argon2_context *ctx,
+                         argon2_type type);
 
 /*
  * Decodes an Argon2 hash string into the provided structure 'ctx'.
@@ -28,6 +28,7 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
  *
  * Returned value is ARGON2_OK on success.
  */
-int decode_string(argon2_context *ctx, const char *str, argon2_type type);
+int argon2_decode_string(argon2_context *ctx, const char *str,
+                         argon2_type type);
 
 #endif

Sources/Sodium/crypto_pwhash/argon2/argon2-fill-block-avx2.c

@@ -141,8 +141,8 @@ generate_addresses(const argon2_instance_t *instance,
 }
 
 void
-fill_segment_avx2(const argon2_instance_t *instance,
-                  argon2_position_t        position)
+argon2_fill_segment_avx2(const argon2_instance_t *instance,
+                         argon2_position_t        position)
 {
     block    *ref_block = NULL, *curr_block = NULL;
     uint64_t  pseudo_rand, ref_index, ref_lane;

Sources/Sodium/crypto_pwhash/argon2/argon2-fill-block-avx512f.c

@@ -146,8 +146,8 @@ generate_addresses(const argon2_instance_t *instance,
 }
 
 void
-fill_segment_avx512f(const argon2_instance_t *instance,
-                     argon2_position_t        position)
+argon2_fill_segment_avx512f(const argon2_instance_t *instance,
+                            argon2_position_t        position)
 {
     block    *ref_block = NULL, *curr_block = NULL;
     uint64_t  pseudo_rand, ref_index, ref_lane;

Sources/Sodium/crypto_pwhash/argon2/argon2-fill-block-ref.c

@@ -141,7 +141,8 @@ generate_addresses(const argon2_instance_t *instance,
 }
 
 void
-fill_segment_ref(const argon2_instance_t *instance, argon2_position_t position)
+argon2_fill_segment_ref(const argon2_instance_t *instance,
+                        argon2_position_t position)
 {
     block    *ref_block = NULL, *curr_block = NULL;
     /* Pseudo-random values that determine the reference block position */

Sources/Sodium/crypto_pwhash/argon2/argon2-fill-block-ssse3.c

@@ -140,8 +140,8 @@ generate_addresses(const argon2_instance_t *instance,
 }
 
 void
-fill_segment_ssse3(const argon2_instance_t *instance,
-                   argon2_position_t        position)
+argon2_fill_segment_ssse3(const argon2_instance_t *instance,
+                          argon2_position_t        position)
 {
     block    *ref_block = NULL, *curr_block = NULL;
     uint64_t  pseudo_rand, ref_index, ref_lane;

Sources/Sodium/crypto_pwhash/argon2/argon2.c

@@ -27,7 +27,7 @@ int
 argon2_ctx(argon2_context *context, argon2_type type)
 {
     /* 1. Validate all inputs */
-    int               result = validate_inputs(context);
+    int               result = argon2_validate_inputs(context);
     uint32_t          memory_blocks, segment_length;
     uint32_t          pass;
     argon2_instance_t instance;
@@ -65,7 +65,7 @@ argon2_ctx(argon2_context *context, argon2_type type)
     /* 3. Initialization: Hashing inputs, allocating memory, filling first
      * blocks
      */
-    result = initialize(&instance, context);
+    result = argon2_initialize(&instance, context);
 
     if (ARGON2_OK != result) {
         return result;
@@ -73,11 +73,11 @@ argon2_ctx(argon2_context *context, argon2_type type)
 
     /* 4. Filling memory */
     for (pass = 0; pass < instance.passes; pass++) {
-        fill_memory_blocks(&instance, pass);
+        argon2_fill_memory_blocks(&instance, pass);
     }
 
     /* 5. Finalization */
-    finalize(context, &instance);
+    argon2_finalize(context, &instance);
 
     return ARGON2_OK;
 }
@@ -134,14 +134,10 @@ argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
         return result;
     }
 
-    /* if raw hash requested, write it */
-    if (hash) {
-        memcpy(hash, out, hashlen);
-    }
-
     /* if encoding requested, write it */
     if (encoded && encodedlen) {
-        if (encode_string(encoded, encodedlen, &context, type) != ARGON2_OK) {
+        if (argon2_encode_string(encoded, encodedlen,
+                                 &context, type) != ARGON2_OK) {
             sodium_memzero(out, hashlen);
             sodium_memzero(encoded, encodedlen);
             free(out);
@@ -149,6 +145,11 @@ argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
         }
     }
 
+    /* if raw hash requested, write it */
+    if (hash) {
+        memcpy(hash, out, hashlen);
+    }
+
     sodium_memzero(out, hashlen);
     free(out);
 
@@ -214,7 +215,7 @@ argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
     ctx.secret    = NULL;
     ctx.secretlen = 0;
 
-    /* max values, to be updated in decode_string */
+    /* max values, to be updated in argon2_decode_string */
     encoded_len = strlen(encoded);
     if (encoded_len > UINT32_MAX) {
         return ARGON2_DECODING_LENGTH_FAIL;
@@ -240,7 +241,7 @@ argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
         return ARGON2_MEMORY_ALLOCATION_ERROR;
     }
 
-    decode_result = decode_string(&ctx, encoded, type);
+    decode_result = argon2_decode_string(&ctx, encoded, type);
     if (decode_result != ARGON2_OK) {
         free(ctx.ad);
         free(ctx.salt);

Sources/Sodium/crypto_pwhash/argon2/argon2.h

@@ -283,7 +283,7 @@ int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
 
 /**
  * Verifies a password against an encoded string
- * Encoded string is restricted as in validate_inputs()
+ * Encoded string is restricted as in argon2_validate_inputs()
  * @param encoded String encoding parameters, salt, hash
  * @param pwd Pointer to password
  * @pre   Returns ARGON2_OK if successful
@@ -292,7 +292,7 @@ int argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen);
 
 /**
  * Verifies a password against an encoded string
- * Encoded string is restricted as in validate_inputs()
+ * Encoded string is restricted as in argon2_validate_inputs()
  * @param encoded String encoding parameters, salt, hash
  * @param pwd Pointer to password
  * @pre   Returns ARGON2_OK if successful