Update to libsodium-stable-2018-11-19.

tonyg · Nov 19, 2018 · cc70775 · cc70775
1 parent af71f6b
commit cc70775
Show file tree

Hide file tree

Showing 13 changed files with 1,197 additions and 1,089 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
-libsodium-1.0.10
+libsodium-stable/
 node_modules/
+package-lock.json
diff --git a/BUILDING.md b/BUILDING.md
@@ -6,9 +6,14 @@ policy is to include the generated javascript as a checked-in file.
 ## Ingredients
 
  - Python 2.x
- - a recent Emscripten SDK
+ - Docker, or a recent Emscripten SDK
  - Node.js and npm to run the [mocha](http://visionmedia.github.io/mocha/)-based tests
 
+Recently, I have had trouble getting a stable Emscripten setup on my
+machines, so I now primarily use a
+[Dockerized Emscripten](https://hub.docker.com/r/trzeci/emscripten/)
+courtesy of Docker user `trzeci`.
+
 Within the `js-nacl` directory,
 
  - [`nacl_cooked.js`](nacl_cooked.js) is the high-level Javascript
@@ -29,11 +34,7 @@ Within the `js-nacl` directory,
 
 ## Method
 
-Follow the instructions from the [Emscripten
-tutorial](http://emscripten.org/Tutorial) to get Emscripten ready to
-run.
-
-Once `emcc` is on your `$PATH` somewhere, use the `js-nacl` Makefile.
+The `js-nacl` Makefile assumes the use of Docker Emscripten.
 
 To rebuild everything:
 
@@ -55,6 +56,18 @@ Other Makefile targets:
 
  - `make all`: performs all the build steps.
 
+### Using the Emscripten SDK instead of Docker
+
+If you are not using the Docker Emscripten image, follow the
+instructions from the
+[Emscripten tutorial](http://emscripten.org/Tutorial) to get
+Emscripten ready to run.
+
+Once `emcc` is on your `$PATH` somewhere, build the `libsodium.js`
+file by unpacking the libsodium sources, applying patches as necessary
+(see the Makefile), changing to the `dist-build` directory in the
+unpacked sources, and running `./emscripten.sh --sumo`.
+
 If you for some reason need to use a different python than `python`,
 set the `PYTHON` makefile variable; for example,
 

diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
-LIBSODIUMVERSION=1.0.11
-LIBSODIUMUNPACKED=libsodium-$(LIBSODIUMVERSION)
+LIBSODIUMVERSION=stable-2018-11-19
+LIBSODIUMUNPACKED=libsodium-stable
 
 LIBSODIUM_JS=$(LIBSODIUMUNPACKED)/libsodium-js-sumo/lib/libsodium.js
 
@@ -13,7 +13,12 @@ clean:
 	rm -rf lib
 
 $(LIBSODIUM_JS): $(LIBSODIUMUNPACKED)
-	(cd $(LIBSODIUMUNPACKED); ./dist-build/emscripten.sh --sumo)
+	docker run --rm \
+		-v $$(pwd)/$(LIBSODIUMUNPACKED):/src \
+		--user $$(id -u):$$(id -g) \
+		trzeci/emscripten \
+		/src/dist-build/emscripten.sh --sumo
+	[ -f $@ ] && touch $@
 
 lib: $(LIBSODIUM_JS) nacl_cooked_prefix.js nacl_cooked.js nacl_cooked_suffix.js
 	mkdir -p $@
@@ -26,3 +31,6 @@ veryclean: clean
 
 $(LIBSODIUMUNPACKED): libsodium-$(LIBSODIUMVERSION).tar.gz
 	tar -zxvf $<
+	patch -p0 < libsodium-memory-configuration.patch
+
+.PRECIOUS: $(LIBSODIUM_JS)
diff --git a/README.md b/README.md
@@ -25,6 +25,13 @@ all the versions I've tried.
 
 ## Changes
 
+Version 1.3.0: Updated from libsodium 1.0.11 to stable-2018-11-19.
+Added `crypto_box_seal` and `crypto_box_seal_open`. Switched from
+using the Emscripten SDK to using a Dockerized Emscripten to produce
+the built version of the library. Because this enables WASM by
+default, the approach to handling of `requested_total_memory` is now
+different; see below.
+
 Version 1.2.2: Updated from libsodium 1.0.10 to 1.0.11.
 
 Version 1.2.1: Repaired a mistake where I had failed to export the new
@@ -95,6 +102,9 @@ Or if you have installed the library via `npm`,
       console.log(nacl.to_hex(nacl.random_bytes(16)));
     });
 
+In addition, since version 1.3.0, the `instantiate` function returns a
+`Promise` that yields the `nacl` object.
+
 ## Instantiating the NaCl module
 
 Pass `nacl_factory.instantiate` a callback function expecting a single
@@ -104,21 +114,14 @@ The `nacl_factory.instantiate` function expects also a second optional
 argument, a dictionary of optional configuration values.
 
 Each call to `nacl_factory.instantiate()` creates an entirely fresh
-module instance, complete with its own private heap area. By default,
-this heap is 32 megabytes in size, 33,554,432 bytes. The size of the
-module instance's private heap can be altered by supplying
-`requested_total_memory` to to `instantiate`, e.g.:
-
-    nacl_factory.instantiate(on_ready, {
-      requested_total_memory: 16777216
-    });
-
-The argument must be a power of two, if supplied.
+module instance, complete with its own private heap area. **Since
+v1.3.0:** The heap should automatically grow as required, and should
+no longer require manual ahead-of-time configuration.
 
 It's fine to instantiate the module more than once in a single
-program, though do note the large amount of memory taken up by each
-instance. The memory assigned to each module instance will not be
-released until the instance is garbage collected.
+program, though beware of the large amount of memory potentially taken
+up by each instance. The memory assigned to each module instance will
+not be released until the instance is garbage collected.
 
 If you notice memory leaks across multiple uses of a *single* module
 instance, please report them, with a test case if at all possible.
@@ -261,6 +264,26 @@ Uint8Array must be `nacl.crypto_secretbox_KEYBYTES` bytes long.
 Verifies and decrypts a packet from `crypto_secretbox`. Throws an
 exception if the verification fails or any of the inputs are invalid.
 
+## Anonymous authenticated encryption: crypto_box_seal
+
+Uses a freshly-created ephemeral box keypair to send an "anonymous"
+message to a specific recipient, who is identified by their public box
+key, and who may decrypt the message using the matching box keypair.
+
+### nacl.crypto\_box\_seal(msgBin, recipientPublicKeyBin) → Uint8Array
+
+Places `msgBin` in an authenticated, encrypted box that can only be
+verified and decrypted by the secret key corresponding to
+`recipientPublicKeyBin`.
+
+### nacl.crypto\_box\_seal\_open(ciphertextBin, recipientPublicKeyBin, recipientSecretKeyBin) → Uint8Array
+
+Verifies and decrypts a box from `crypto_box_seal`. Throws an
+exception if the verification fails or any of the inputs are invalid.
+Unlike `crypto_box_open`, no nonce is required, and the *recipient's*
+public key is supplied instead of the *sender's*. The sender remains
+anonymous.
+
 ## Secret-key encryption: crypto_stream
 
 Follows the [NaCl crypto_stream API](http://nacl.cr.yp.to/stream.html).

diff --git a/lib/nacl_factory.js b/lib/nacl_factory.js
diff --git a/libsodium-1.0.11.tar.gz b/libsodium-1.0.11.tar.gz
diff --git a/libsodium-memory-configuration.patch b/libsodium-memory-configuration.patch
@@ -0,0 +1,12 @@
+diff -ur libsodium-stable.orig/dist-build/emscripten.sh libsodium-stable/dist-build/emscripten.sh
+--- libsodium-stable.orig/dist-build/emscripten.sh	2018-10-31 09:44:27.000000000 +0000
++++ libsodium-stable/dist-build/emscripten.sh	2018-11-19 12:52:53.771535287 +0000
+@@ -26,7 +26,7 @@
+   echo "Building a standard distribution in [${PREFIX}]"
+ elif [ "x$1" = "x--sumo" ]; then
+   export EXPORTED_FUNCTIONS="$EXPORTED_FUNCTIONS_SUMO"
+-  export LDFLAGS="${LDFLAGS} ${LDFLAGS_DIST} -s TOTAL_MEMORY=${TOTAL_MEMORY_SUMO}"
++  export LDFLAGS="${LDFLAGS} ${LDFLAGS_DIST} -s ALLOW_MEMORY_GROWTH=1"
+   export PREFIX="$(pwd)/libsodium-js-sumo"
+   export DONE_FILE="$(pwd)/js-sumo.done"
+   export DIST='yes'
diff --git a/libsodium-stable-2018-11-19.tar.gz b/libsodium-stable-2018-11-19.tar.gz