diff options
Diffstat (limited to 'src/libsodium/crypto_secretbox')
7 files changed, 381 insertions, 0 deletions
diff --git a/src/libsodium/crypto_secretbox/crypto_secretbox.c b/src/libsodium/crypto_secretbox/crypto_secretbox.c new file mode 100644 index 0000000..456f9f0 --- /dev/null +++ b/src/libsodium/crypto_secretbox/crypto_secretbox.c @@ -0,0 +1,54 @@ + +#include "crypto_secretbox.h" + +size_t +crypto_secretbox_keybytes(void) +{ + return crypto_secretbox_KEYBYTES; +} + +size_t +crypto_secretbox_noncebytes(void) +{ + return crypto_secretbox_NONCEBYTES; +} + +size_t +crypto_secretbox_zerobytes(void) +{ + return crypto_secretbox_ZEROBYTES; +} + +size_t +crypto_secretbox_boxzerobytes(void) +{ + return crypto_secretbox_BOXZEROBYTES; +} + +size_t +crypto_secretbox_macbytes(void) +{ + return crypto_secretbox_MACBYTES; +} + +const char * +crypto_secretbox_primitive(void) +{ + return crypto_secretbox_PRIMITIVE; +} + +int +crypto_secretbox(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + return crypto_secretbox_xsalsa20poly1305(c, m, mlen, n, k); +} + +int +crypto_secretbox_open(unsigned char *m, const unsigned char *c, + unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + return crypto_secretbox_xsalsa20poly1305_open(m, c, clen, n, k); +} diff --git a/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c b/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c new file mode 100644 index 0000000..08de096 --- /dev/null +++ b/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c @@ -0,0 +1,125 @@ + +#include <assert.h> +#include <limits.h> +#include <stdint.h> +#include <stdlib.h> +#include <string.h> + +#include "crypto_core_hsalsa20.h" +#include "crypto_onetimeauth_poly1305.h" +#include "crypto_secretbox.h" +#include "crypto_stream_salsa20.h" +#include "utils.h" + +static const unsigned char sigma[16] = { + 'e', 'x', 'p', 'a', 'n', 'd', ' ', '3', '2', '-', 'b', 'y', 't', 'e', ' ', 'k' +}; + +int +crypto_secretbox_detached(unsigned char *c, unsigned char *mac, + const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char subkey[crypto_stream_salsa20_KEYBYTES]; + unsigned long long i; + unsigned long long mlen0; + + if (mlen > SIZE_MAX - crypto_secretbox_MACBYTES) { + return -1; + } + crypto_core_hsalsa20(subkey, n, k, sigma); + + memset(block0, 0U, crypto_secretbox_ZEROBYTES); + (void) sizeof(int[64U >= crypto_secretbox_ZEROBYTES ? 1 : -1]); + mlen0 = mlen; + if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) { + mlen0 = 64U - crypto_secretbox_ZEROBYTES; + } + for (i = 0U; i < mlen0; i++) { + block0[i + crypto_secretbox_ZEROBYTES] = m[i]; + } + crypto_stream_salsa20_xor(block0, block0, + mlen0 + crypto_secretbox_ZEROBYTES, + n + 16, subkey); + (void) sizeof(int[crypto_secretbox_ZEROBYTES >= + crypto_onetimeauth_poly1305_KEYBYTES ? 1 : -1]); + crypto_onetimeauth_poly1305_init(&state, block0); + + memcpy(c, block0 + crypto_secretbox_ZEROBYTES, mlen0); + sodium_memzero(block0, sizeof block0); + if (mlen > mlen0) { + crypto_stream_salsa20_xor_ic(c + mlen0, m + mlen0, mlen - mlen0, + n + 16, 1U, subkey); + } + sodium_memzero(subkey, sizeof subkey); + + crypto_onetimeauth_poly1305_update(&state, c, mlen); + crypto_onetimeauth_poly1305_final(&state, mac); + sodium_memzero(&state, sizeof state); + + return 0; +} + +int +crypto_secretbox_easy(unsigned char *c, const unsigned char *m, + unsigned long long mlen, const unsigned char *n, + const unsigned char *k) +{ + return crypto_secretbox_detached(c + crypto_secretbox_MACBYTES, + c, m, mlen, n, k); +} + +int +crypto_secretbox_open_detached(unsigned char *m, const unsigned char *c, + const unsigned char *mac, + unsigned long long clen, + const unsigned char *n, + const unsigned char *k) +{ + unsigned char block0[64U]; + unsigned char subkey[crypto_stream_salsa20_KEYBYTES]; + unsigned long long i; + unsigned long long mlen0; + + crypto_core_hsalsa20(subkey, n, k, sigma); + crypto_stream_salsa20(block0, crypto_stream_salsa20_KEYBYTES, + n + 16, subkey); + if (crypto_onetimeauth_poly1305_verify(mac, c, clen, block0) != 0) { + sodium_memzero(subkey, sizeof subkey); + return -1; + } + mlen0 = clen; + if (mlen0 > 64U - crypto_secretbox_ZEROBYTES) { + mlen0 = 64U - crypto_secretbox_ZEROBYTES; + } + memcpy(block0 + crypto_secretbox_ZEROBYTES, c, mlen0); + crypto_stream_salsa20_xor(block0, block0, + crypto_secretbox_ZEROBYTES + mlen0, + n + 16, subkey); + for (i = 0U; i < mlen0; i++) { + m[i] = block0[i + crypto_secretbox_ZEROBYTES]; + } + if (clen > mlen0) { + crypto_stream_salsa20_xor_ic(m + mlen0, c + mlen0, clen - mlen0, + n + 16, 1U, subkey); + } + sodium_memzero(subkey, sizeof subkey); + + return 0; +} + +int +crypto_secretbox_open_easy(unsigned char *m, const unsigned char *c, + unsigned long long clen, const unsigned char *n, + const unsigned char *k) +{ + if (clen < crypto_secretbox_MACBYTES) { + return -1; + } + return crypto_secretbox_open_detached(m, c + crypto_secretbox_MACBYTES, c, + clen - crypto_secretbox_MACBYTES, + n, k); +} diff --git a/src/libsodium/crypto_secretbox/try.c b/src/libsodium/crypto_secretbox/try.c new file mode 100644 index 0000000..9478187 --- /dev/null +++ b/src/libsodium/crypto_secretbox/try.c @@ -0,0 +1,129 @@ +/* + * crypto_secretbox/try.c version 20090118 + * D. J. Bernstein + * Public domain. + */ + +#include <stdlib.h> +#include "crypto_secretbox.h" +#include "utils.h" +#include "windows/windows-quirks.h" + +extern unsigned char *alignedcalloc(unsigned long long); + +const char *primitiveimplementation = crypto_secretbox_IMPLEMENTATION; + +#define MAXTEST_BYTES 10000 +#define CHECKSUM_BYTES 4096 +#define TUNE_BYTES 1536 + +static unsigned char *k; +static unsigned char *n; +static unsigned char *m; +static unsigned char *c; +static unsigned char *t; +static unsigned char *k2; +static unsigned char *n2; +static unsigned char *m2; +static unsigned char *c2; +static unsigned char *t2; + +#define klen crypto_secretbox_KEYBYTES +#define nlen crypto_secretbox_NONCEBYTES + +void preallocate(void) +{ +} + +void allocate(void) +{ + k = alignedcalloc(klen); + n = alignedcalloc(nlen); + m = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + c = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + t = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + k2 = alignedcalloc(klen); + n2 = alignedcalloc(nlen); + m2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + c2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); + t2 = alignedcalloc(MAXTEST_BYTES + crypto_secretbox_ZEROBYTES); +} + +void predoit(void) +{ +} + +void doit(void) +{ + crypto_secretbox(c,m,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k); + crypto_secretbox_open(t,c,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k); +} + +char checksum[klen * 2 + 1]; + +const char *checksum_compute(void) +{ + long long i; + long long j; + + for (j = 0;j < crypto_secretbox_ZEROBYTES;++j) m[j] = 0; + + for (i = 0;i < CHECKSUM_BYTES;++i) { + long long mlen = i + crypto_secretbox_ZEROBYTES; + long long tlen = i + crypto_secretbox_ZEROBYTES; + long long clen = i + crypto_secretbox_ZEROBYTES; + + for (j = -16;j < 0;++j) k[j] = rand(); + for (j = -16;j < 0;++j) n[j] = rand(); + for (j = -16;j < 0;++j) m[j] = rand(); + for (j = klen;j < klen + 16;++j) k[j] = rand(); + for (j = nlen;j < nlen + 16;++j) n[j] = rand(); + for (j = mlen;j < mlen + 16;++j) m[j] = rand(); + for (j = -16;j < klen + 16;++j) k2[j] = k[j]; + for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; + for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; + for (j = -16;j < clen + 16;++j) c2[j] = c[j] = rand(); + + if (crypto_secretbox(c,m,mlen,n,k) != 0) return "crypto_secretbox returns nonzero"; + + for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_secretbox overwrites m"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox overwrites n"; + for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox overwrites k"; + for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_secretbox writes before output"; + for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox writes after output"; + for (j = 0;j < crypto_secretbox_BOXZEROBYTES;++j) + if (c[j] != 0) return "crypto_secretbox does not clear extra bytes"; + + for (j = -16;j < 0;++j) c[j] = rand(); + for (j = clen;j < clen + 16;++j) c[j] = rand(); + for (j = -16;j < clen + 16;++j) c2[j] = c[j]; + for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = rand(); + + if (crypto_secretbox_open(t,c,clen,n,k) != 0) return "crypto_secretbox_open returns nonzero"; + + for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox_open overwrites c"; + for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox_open overwrites n"; + for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox_open overwrites k"; + for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes before output"; + for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes after output"; + for (j = 0;j < crypto_secretbox_ZEROBYTES;++j) + if (t[j] != 0) return "crypto_secretbox_open does not clear extra bytes"; + + for (j = 0;j < i;++j) if (t[j] != m[j]) return "plaintext does not match"; + + for (j = 0;j < i;++j) + k[j % klen] ^= c[j + crypto_secretbox_BOXZEROBYTES]; + crypto_secretbox(c,m,mlen,n,k); + for (j = 0;j < i;++j) + n[j % nlen] ^= c[j + crypto_secretbox_BOXZEROBYTES]; + crypto_secretbox(c,m,mlen,n,k); + if (i == 0) m[crypto_secretbox_ZEROBYTES + 0] = 0; + m[crypto_secretbox_ZEROBYTES + i] = m[crypto_secretbox_ZEROBYTES + 0]; + for (j = 0;j < i;++j) + m[j + crypto_secretbox_ZEROBYTES] ^= c[j + crypto_secretbox_BOXZEROBYTES]; + } + + sodium_bin2hex(checksum, sizeof checksum, k, klen); + + return 0; +} diff --git a/src/libsodium/crypto_secretbox/xsalsa20poly1305/checksum b/src/libsodium/crypto_secretbox/xsalsa20poly1305/checksum new file mode 100644 index 0000000..af3c689 --- /dev/null +++ b/src/libsodium/crypto_secretbox/xsalsa20poly1305/checksum @@ -0,0 +1 @@ +df372f95dd87381b7c9ceb6f340ccaa03d19bed5d9e4ab004d99d847675a9658 diff --git a/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/api.h b/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/api.h new file mode 100644 index 0000000..5eff3d2 --- /dev/null +++ b/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/api.h @@ -0,0 +1,11 @@ + +#include "crypto_secretbox_xsalsa20poly1305.h" + +#define crypto_secretbox crypto_secretbox_xsalsa20poly1305 +#define crypto_secretbox_open crypto_secretbox_xsalsa20poly1305_open +#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES +#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES +#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES +#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES +#define crypto_secretbox_IMPLEMENTATION crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION +#define crypto_secretbox_VERSION crypto_secretbox_xsalsa20poly1305_VERSION diff --git a/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/box_xsalsa20poly1305.c b/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/box_xsalsa20poly1305.c new file mode 100644 index 0000000..f68334e --- /dev/null +++ b/src/libsodium/crypto_secretbox/xsalsa20poly1305/ref/box_xsalsa20poly1305.c @@ -0,0 +1,35 @@ +#include "api.h" +#include "crypto_onetimeauth_poly1305.h" +#include "crypto_stream_xsalsa20.h" + +int crypto_secretbox( + unsigned char *c, + const unsigned char *m,unsigned long long mlen, + const unsigned char *n, + const unsigned char *k +) +{ + int i; + if (mlen < 32) return -1; + crypto_stream_xsalsa20_xor(c,m,mlen,n,k); + crypto_onetimeauth_poly1305(c + 16,c + 32,mlen - 32,c); + for (i = 0;i < 16;++i) c[i] = 0; + return 0; +} + +int crypto_secretbox_open( + unsigned char *m, + const unsigned char *c,unsigned long long clen, + const unsigned char *n, + const unsigned char *k +) +{ + int i; + unsigned char subkey[32]; + if (clen < 32) return -1; + crypto_stream_xsalsa20(subkey,32,n,k); + if (crypto_onetimeauth_poly1305_verify(c + 16,c + 32,clen - 32,subkey) != 0) return -1; + crypto_stream_xsalsa20_xor(m,c,clen,n,k); + for (i = 0;i < 32;++i) m[i] = 0; + return 0; +} diff --git a/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305_api.c b/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305_api.c new file mode 100644 index 0000000..3ab68b1 --- /dev/null +++ b/src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305_api.c @@ -0,0 +1,26 @@ +#include "crypto_secretbox_xsalsa20poly1305.h" + +size_t +crypto_secretbox_xsalsa20poly1305_keybytes(void) { + return crypto_secretbox_xsalsa20poly1305_KEYBYTES; +} + +size_t +crypto_secretbox_xsalsa20poly1305_noncebytes(void) { + return crypto_secretbox_xsalsa20poly1305_NONCEBYTES; +} + +size_t +crypto_secretbox_xsalsa20poly1305_zerobytes(void) { + return crypto_secretbox_xsalsa20poly1305_ZEROBYTES; +} + +size_t +crypto_secretbox_xsalsa20poly1305_boxzerobytes(void) { + return crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES; +} + +size_t +crypto_secretbox_xsalsa20poly1305_macbytes(void) { + return crypto_secretbox_xsalsa20poly1305_MACBYTES; +} |