Add a keygen function to all the primitives

.gitignore

@@ -112,6 +112,7 @@ test/default/generichash3
 test/default/hash
 test/default/hash3
 test/default/kdf
+test/default/keygen
 test/default/onetimeauth
 test/default/onetimeauth2
 test/default/onetimeauth7

src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c

@@ -12,6 +12,7 @@
 
 #include "crypto_aead_aes256gcm.h"
 #include "export.h"
+#include "randombytes.h"
 #include "runtime.h"
 #include "utils.h"
 
@@ -1043,3 +1044,9 @@ crypto_aead_aes256gcm_statebytes(void)
 {
     return (sizeof(crypto_aead_aes256gcm_state) + (size_t) 15U) & ~(size_t) 15U;
 }
+
+void
+crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES])
+{
+    randombytes_buf(k, crypto_aead_aes256gcm_KEYBYTES);
+}

src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c

@@ -8,6 +8,7 @@
 #include "crypto_onetimeauth_poly1305.h"
 #include "crypto_stream_chacha20.h"
 #include "crypto_verify_16.h"
+#include "randombytes.h"
 #include "utils.h"
 
 #include "private/common.h"
@@ -325,41 +326,61 @@ crypto_aead_chacha20poly1305_ietf_decrypt(unsigned char *m,
 }
 
 size_t
-crypto_aead_chacha20poly1305_ietf_keybytes(void) {
+crypto_aead_chacha20poly1305_ietf_keybytes(void)
+{
     return crypto_aead_chacha20poly1305_ietf_KEYBYTES;
 }
 
 size_t
-crypto_aead_chacha20poly1305_ietf_npubbytes(void) {
+crypto_aead_chacha20poly1305_ietf_npubbytes(void)
+{
     return crypto_aead_chacha20poly1305_ietf_NPUBBYTES;
 }
 
 size_t
-crypto_aead_chacha20poly1305_ietf_nsecbytes(void) {
+crypto_aead_chacha20poly1305_ietf_nsecbytes(void)
+{
     return crypto_aead_chacha20poly1305_ietf_NSECBYTES;
 }
 
 size_t
-crypto_aead_chacha20poly1305_ietf_abytes(void) {
+crypto_aead_chacha20poly1305_ietf_abytes(void)
+{
     return crypto_aead_chacha20poly1305_ietf_ABYTES;
 }
 
+void
+crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES])
+{
+    randombytes_buf(k, crypto_aead_chacha20poly1305_ietf_KEYBYTES);
+}
+
 size_t
-crypto_aead_chacha20poly1305_keybytes(void) {
+crypto_aead_chacha20poly1305_keybytes(void)
+{
     return crypto_aead_chacha20poly1305_KEYBYTES;
 }
 
 size_t
-crypto_aead_chacha20poly1305_npubbytes(void) {
+crypto_aead_chacha20poly1305_npubbytes(void)
+{
     return crypto_aead_chacha20poly1305_NPUBBYTES;
 }
 
 size_t
-crypto_aead_chacha20poly1305_nsecbytes(void) {
+crypto_aead_chacha20poly1305_nsecbytes(void)
+{
     return crypto_aead_chacha20poly1305_NSECBYTES;
 }
 
 size_t
-crypto_aead_chacha20poly1305_abytes(void) {
+crypto_aead_chacha20poly1305_abytes(void)
+{
     return crypto_aead_chacha20poly1305_ABYTES;
 }
+
+void
+crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES])
+{
+    randombytes_buf(k, crypto_aead_chacha20poly1305_KEYBYTES);
+}

src/libsodium/crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c

@@ -7,6 +7,7 @@
 #include "crypto_aead_xchacha20poly1305.h"
 #include "crypto_aead_chacha20poly1305.h"
 #include "crypto_core_hchacha20.h"
+#include "randombytes.h"
 #include "utils.h"
 
 #include "private/common.h"
@@ -122,21 +123,31 @@ crypto_aead_xchacha20poly1305_ietf_decrypt(unsigned char *m,
 }
 
 size_t
-crypto_aead_xchacha20poly1305_ietf_keybytes(void) {
+crypto_aead_xchacha20poly1305_ietf_keybytes(void)
+{
     return crypto_aead_xchacha20poly1305_ietf_KEYBYTES;
 }
 
 size_t
-crypto_aead_xchacha20poly1305_ietf_npubbytes(void) {
+crypto_aead_xchacha20poly1305_ietf_npubbytes(void)
+{
     return crypto_aead_xchacha20poly1305_ietf_NPUBBYTES;
 }
 
 size_t
-crypto_aead_xchacha20poly1305_ietf_nsecbytes(void) {
+crypto_aead_xchacha20poly1305_ietf_nsecbytes(void)
+{
     return crypto_aead_xchacha20poly1305_ietf_NSECBYTES;
 }
 
 size_t
-crypto_aead_xchacha20poly1305_ietf_abytes(void) {
+crypto_aead_xchacha20poly1305_ietf_abytes(void)
+{
     return crypto_aead_xchacha20poly1305_ietf_ABYTES;
 }
+
+void
+crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES])
+{
+    randombytes_buf(k, crypto_aead_xchacha20poly1305_ietf_KEYBYTES);
+}

src/libsodium/crypto_auth/crypto_auth.c

@@ -1,5 +1,6 @@
 
 #include "crypto_auth.h"
+#include "randombytes.h"
 
 size_t
 crypto_auth_bytes(void)
@@ -32,3 +33,9 @@ crypto_auth_verify(const unsigned char *h, const unsigned char *in,
 {
     return crypto_auth_hmacsha512256_verify(h, in, inlen, k);
 }
+
+void
+crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES])
+{
+    randombytes_buf(k, crypto_auth_KEYBYTES);
+}

src/libsodium/crypto_auth/hmacsha256/auth_hmacsha256_api.c

@@ -1,16 +1,26 @@
 #include "crypto_auth_hmacsha256.h"
+#include "randombytes.h"
 
 size_t
-crypto_auth_hmacsha256_bytes(void) {
+crypto_auth_hmacsha256_bytes(void)
+{
     return crypto_auth_hmacsha256_BYTES;
 }
 
 size_t
-crypto_auth_hmacsha256_keybytes(void) {
+crypto_auth_hmacsha256_keybytes(void)
+{
     return crypto_auth_hmacsha256_KEYBYTES;
 }
 
 size_t
-crypto_auth_hmacsha256_statebytes(void) {
+crypto_auth_hmacsha256_statebytes(void)
+{
     return sizeof(crypto_auth_hmacsha256_state);
 }
+
+void
+crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES])
+{
+    randombytes_buf(k, crypto_auth_hmacsha256_KEYBYTES);
+}

src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512_api.c

@@ -1,4 +1,5 @@
 #include "crypto_auth_hmacsha512.h"
+#include "randombytes.h"
 
 size_t
 crypto_auth_hmacsha512_bytes(void) {
@@ -14,3 +15,9 @@ size_t
 crypto_auth_hmacsha512_statebytes(void) {
     return sizeof(crypto_auth_hmacsha512_state);
 }
+
+void
+crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES])
+{
+    randombytes_buf(k, crypto_auth_hmacsha512_KEYBYTES);
+}

src/libsodium/crypto_auth/hmacsha512256/auth_hmacsha512256_api.c

@@ -1,4 +1,5 @@
 #include "crypto_auth_hmacsha512256.h"
+#include "randombytes.h"
 
 size_t
 crypto_auth_hmacsha512256_bytes(void) {
@@ -14,3 +15,9 @@ size_t
 crypto_auth_hmacsha512256_statebytes(void) {
     return sizeof(crypto_auth_hmacsha512256_state);
 }
+
+void
+crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES])
+{
+    randombytes_buf(k, crypto_auth_hmacsha512256_KEYBYTES);
+}

src/libsodium/crypto_generichash/blake2b/generichash_blake2_api.c

@@ -1,4 +1,5 @@
 #include "crypto_generichash_blake2b.h"
+#include "randombytes.h"
 
 size_t
 crypto_generichash_blake2b_bytes_min(void) {
@@ -46,3 +47,9 @@ crypto_generichash_blake2b_statebytes(void)
     return (sizeof(crypto_generichash_blake2b_state) + (size_t) 63U)
         & ~(size_t) 63U;
 }
+
+void
+crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES])
+{
+    randombytes_buf(k, crypto_generichash_blake2b_KEYBYTES);
+}

src/libsodium/crypto_generichash/crypto_generichash.c

@@ -1,5 +1,6 @@
 
 #include "crypto_generichash.h"
+#include "randombytes.h"
 
 size_t
 crypto_generichash_bytes_min(void)
@@ -82,3 +83,9 @@ crypto_generichash_final(crypto_generichash_state *state,
     return crypto_generichash_blake2b_final
         ((crypto_generichash_blake2b_state *) state, out, outlen);
 }
+
+void
+crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES])
+{
+    randombytes_buf(k, crypto_generichash_KEYBYTES);
+}

src/libsodium/crypto_kdf/crypto_kdf.c

@@ -1,5 +1,6 @@
 
 #include "crypto_kdf.h"
+#include "randombytes.h"
 
 size_t
 crypto_kdf_bytes_min(void)
@@ -25,7 +26,8 @@ crypto_kdf_keybytes(void)
     return crypto_kdf_KEYBYTES;
 }
 
-int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
+int
+crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
                            uint64_t subkey_id,
                            const char ctx[crypto_kdf_CONTEXTBYTES],
                            const unsigned char key[crypto_kdf_KEYBYTES])
@@ -33,3 +35,9 @@ int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
     return crypto_kdf_blake2b_derive_from_key(subkey, subkey_len,
                                               subkey_id, ctx, key);
 }
+
+void
+crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES])
+{
+    randombytes_buf(k, crypto_kdf_KEYBYTES);
+}

src/libsodium/crypto_onetimeauth/crypto_onetimeauth.c

@@ -1,5 +1,6 @@
 
 #include "crypto_onetimeauth.h"
+#include "randombytes.h"
 
 size_t
 crypto_onetimeauth_statebytes(void)
@@ -63,3 +64,8 @@ crypto_onetimeauth_primitive(void)
 {
     return crypto_onetimeauth_PRIMITIVE;
 }
+
+void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES])
+{
+    randombytes_buf(k, crypto_onetimeauth_KEYBYTES);
+}

src/libsodium/crypto_onetimeauth/poly1305/onetimeauth_poly1305.c

@@ -1,6 +1,7 @@
 
 #include "crypto_onetimeauth_poly1305.h"
 #include "onetimeauth_poly1305.h"
+#include "randombytes.h"
 #include "runtime.h"
 #include "donna/poly1305_donna.h"
 #if defined(HAVE_TI_MODE) && defined(HAVE_EMMINTRIN_H)
@@ -58,6 +59,12 @@ crypto_onetimeauth_poly1305_keybytes(void) {
     return crypto_onetimeauth_poly1305_KEYBYTES;
 }
 
+void
+crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES])
+{
+    randombytes_buf(k, crypto_onetimeauth_poly1305_KEYBYTES);
+}
+
 int
 _crypto_onetimeauth_poly1305_pick_best_implementation(void)
 {

src/libsodium/crypto_secretbox/crypto_secretbox.c

@@ -1,5 +1,6 @@
 
 #include "crypto_secretbox.h"
+#include "randombytes.h"
 
 size_t
 crypto_secretbox_keybytes(void)
@@ -52,3 +53,9 @@ crypto_secretbox_open(unsigned char *m, const unsigned char *c,
 {
     return crypto_secretbox_xsalsa20poly1305_open(m, c, clen, n, k);
 }
+
+void
+crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES])
+{
+    randombytes_buf(k, crypto_secretbox_KEYBYTES);
+}

src/libsodium/crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305.c

@@ -1,6 +1,7 @@
 #include "crypto_onetimeauth_poly1305.h"
 #include "crypto_secretbox_xsalsa20poly1305.h"
 #include "crypto_stream_xsalsa20.h"
+#include "randombytes.h"
 
 int
 crypto_secretbox_xsalsa20poly1305(unsigned char *c, const unsigned char *m,
@@ -74,3 +75,9 @@ crypto_secretbox_xsalsa20poly1305_macbytes(void)
 {
     return crypto_secretbox_xsalsa20poly1305_MACBYTES;
 }
+
+void
+crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES])
+{
+    randombytes_buf(k, crypto_secretbox_xsalsa20poly1305_KEYBYTES);
+}

src/libsodium/crypto_shorthash/crypto_shorthash.c

@@ -1,5 +1,6 @@
 
 #include "crypto_shorthash.h"
+#include "randombytes.h"
 
 size_t
 crypto_shorthash_bytes(void)
@@ -25,3 +26,9 @@ crypto_shorthash(unsigned char *out, const unsigned char *in,
 {
     return crypto_shorthash_siphash24(out, in, inlen, k);
 }
+
+void
+crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES])
+{
+    randombytes_buf(k, crypto_shorthash_KEYBYTES);
+}

src/libsodium/crypto_stream/chacha20/stream_chacha20.c

@@ -1,5 +1,6 @@
 #include "crypto_stream_chacha20.h"
 #include "stream_chacha20.h"
+#include "randombytes.h"
 #include "runtime.h"
 #include "ref/stream_chacha20_ref.h"
 #if (defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) && defined(__GNUC__))
@@ -77,6 +78,18 @@ crypto_stream_chacha20_ietf_xor(unsigned char *c, const unsigned char *m,
     return implementation->stream_ietf_xor_ic(c, m, mlen, n, 0U, k);
 }
 
+void
+crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES])
+{
+    randombytes_buf(k, crypto_stream_chacha20_ietf_KEYBYTES);
+}
+
+void
+crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES])
+{
+    randombytes_buf(k, crypto_stream_chacha20_KEYBYTES);
+}
+
 int
 _crypto_stream_chacha20_pick_best_implementation(void)
 {

src/libsodium/crypto_stream/crypto_stream.c

@@ -1,5 +1,6 @@
 
 #include "crypto_stream.h"
+#include "randombytes.h"
 
 size_t
 crypto_stream_keybytes(void)
@@ -34,3 +35,9 @@ crypto_stream_xor(unsigned char *c, const unsigned char *m,
 {
     return crypto_stream_xsalsa20_xor(c, m, mlen, n, k);
 }
+
+void
+crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES])
+{
+    randombytes_buf(k, crypto_stream_KEYBYTES);
+}

src/libsodium/crypto_stream/salsa20/stream_salsa20_api.c

@@ -1,12 +1,15 @@
 #include "crypto_stream_salsa20.h"
+#include "randombytes.h"
 
 size_t
-crypto_stream_salsa20_keybytes(void) {
+crypto_stream_salsa20_keybytes(void)
+{
     return crypto_stream_salsa20_KEYBYTES;
 }
 
 size_t
-crypto_stream_salsa20_noncebytes(void) {
+crypto_stream_salsa20_noncebytes(void)
+{
     return crypto_stream_salsa20_NONCEBYTES;
 }
 
@@ -17,3 +20,9 @@ crypto_stream_salsa20_xor(unsigned char *c, const unsigned char *m,
 {
     return crypto_stream_salsa20_xor_ic(c, m, mlen, n, 0U, k);
 }
+
+void
+crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES])
+{
+    randombytes_buf(k, crypto_stream_salsa20_KEYBYTES);
+}

src/libsodium/crypto_stream/salsa2012/stream_salsa2012_api.c

@@ -1,11 +1,20 @@
 #include "crypto_stream_salsa2012.h"
+#include "randombytes.h"
 
 size_t
-crypto_stream_salsa2012_keybytes(void) {
+crypto_stream_salsa2012_keybytes(void)
+{
     return crypto_stream_salsa2012_KEYBYTES;
 }
 
 size_t
-crypto_stream_salsa2012_noncebytes(void) {
+crypto_stream_salsa2012_noncebytes(void)
+{
     return crypto_stream_salsa2012_NONCEBYTES;
 }
+
+void
+crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES])
+{
+    randombytes_buf(k, crypto_stream_salsa2012_KEYBYTES);
+}

src/libsodium/crypto_stream/salsa208/stream_salsa208_api.c

@@ -1,11 +1,20 @@
 #include "crypto_stream_salsa208.h"
+#include "randombytes.h"
 
 size_t
-crypto_stream_salsa208_keybytes(void) {
+crypto_stream_salsa208_keybytes(void)
+{
     return crypto_stream_salsa208_KEYBYTES;
 }
 
 size_t
-crypto_stream_salsa208_noncebytes(void) {
+crypto_stream_salsa208_noncebytes(void)
+{
     return crypto_stream_salsa208_NONCEBYTES;
 }
+
+void
+crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES])
+{
+    randombytes_buf(k, crypto_stream_salsa208_KEYBYTES);
+}

src/libsodium/crypto_stream/xchacha20/stream_xchacha20.c

@@ -4,6 +4,7 @@
 #include "crypto_core_hchacha20.h"
 #include "crypto_stream_chacha20.h"
 #include "crypto_stream_xchacha20.h"
+#include "randombytes.h"
 
 size_t
 crypto_stream_xchacha20_keybytes(void) {
@@ -51,3 +52,9 @@ crypto_stream_xchacha20_xor(unsigned char *c, const unsigned char *m,
 {
     return crypto_stream_xchacha20_xor_ic(c, m, mlen, n, 0U, k);
 }
+
+void
+crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES])
+{
+    randombytes_buf(k, crypto_stream_xchacha20_KEYBYTES);
+}

src/libsodium/crypto_stream/xsalsa20/stream_xsalsa20.c

@@ -1,6 +1,7 @@
 #include "crypto_core_hsalsa20.h"
 #include "crypto_stream_salsa20.h"
 #include "crypto_stream_xsalsa20.h"
+#include "randombytes.h"
 #include "utils.h"
 
 int
@@ -49,3 +50,9 @@ size_t
 crypto_stream_xsalsa20_noncebytes(void) {
     return crypto_stream_xsalsa20_NONCEBYTES;
 }
+
+void
+crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES])
+{
+    randombytes_buf(k, crypto_stream_xsalsa20_KEYBYTES);
+}

src/libsodium/include/sodium/crypto_aead_aes256gcm.h

@@ -134,6 +134,9 @@ int crypto_aead_aes256gcm_decrypt_detached_afternm(unsigned char *m,
                                                    const crypto_aead_aes256gcm_state *ctx_)
         __attribute__ ((warn_unused_result));
 
+SODIUM_EXPORT
+void crypto_aead_aes256gcm_keygen(unsigned char k[crypto_aead_aes256gcm_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h

@@ -77,6 +77,9 @@ int crypto_aead_chacha20poly1305_ietf_decrypt_detached(unsigned char *m,
                                                        const unsigned char *k)
         __attribute__ ((warn_unused_result));
 
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_chacha20poly1305_ietf_KEYBYTES]);
+
 /* -- Original ChaCha20-Poly1305 construction with a 64-bit nonce and a 64-bit internal counter -- */
 
 #define crypto_aead_chacha20poly1305_KEYBYTES 32U
@@ -142,6 +145,9 @@ int crypto_aead_chacha20poly1305_decrypt_detached(unsigned char *m,
                                                   const unsigned char *k)
         __attribute__ ((warn_unused_result));
 
+SODIUM_EXPORT
+void crypto_aead_chacha20poly1305_keygen(unsigned char k[crypto_aead_chacha20poly1305_KEYBYTES]);
+
 /* Aliases */
 
 #define crypto_aead_chacha20poly1305_IETF_KEYBYTES  crypto_aead_chacha20poly1305_ietf_KEYBYTES

src/libsodium/include/sodium/crypto_aead_xchacha20poly1305.h

@@ -74,6 +74,9 @@ int crypto_aead_xchacha20poly1305_ietf_decrypt_detached(unsigned char *m,
                                                         const unsigned char *k)
         __attribute__ ((warn_unused_result));
 
+SODIUM_EXPORT
+void crypto_aead_xchacha20poly1305_ietf_keygen(unsigned char k[crypto_aead_xchacha20poly1305_ietf_KEYBYTES]);
+
 /* Aliases */
 
 #define crypto_aead_xchacha20poly1305_IETF_KEYBYTES  crypto_aead_xchacha20poly1305_ietf_KEYBYTES

src/libsodium/include/sodium/crypto_auth.h

@@ -34,6 +34,9 @@ int crypto_auth_verify(const unsigned char *h, const unsigned char *in,
                        unsigned long long inlen, const unsigned char *k)
             __attribute__ ((warn_unused_result));
 
+SODIUM_EXPORT
+void crypto_auth_keygen(unsigned char k[crypto_auth_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_auth_hmacsha256.h

@@ -56,6 +56,10 @@ SODIUM_EXPORT
 int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
                                  unsigned char *out);
 
+
+SODIUM_EXPORT
+void crypto_auth_hmacsha256_keygen(unsigned char k[crypto_auth_hmacsha256_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_auth_hmacsha512.h

@@ -56,6 +56,9 @@ SODIUM_EXPORT
 int crypto_auth_hmacsha512_final(crypto_auth_hmacsha512_state *state,
                                  unsigned char *out);
 
+SODIUM_EXPORT
+void crypto_auth_hmacsha512_keygen(unsigned char k[crypto_auth_hmacsha512_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_auth_hmacsha512256.h

@@ -51,6 +51,9 @@ SODIUM_EXPORT
 int crypto_auth_hmacsha512256_final(crypto_auth_hmacsha512256_state *state,
                                     unsigned char *out);
 
+SODIUM_EXPORT
+void crypto_auth_hmacsha512256_keygen(unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_generichash.h

@@ -64,6 +64,9 @@ SODIUM_EXPORT
 int crypto_generichash_final(crypto_generichash_state *state,
                              unsigned char *out, const size_t outlen);
 
+SODIUM_EXPORT
+void crypto_generichash_keygen(unsigned char k[crypto_generichash_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_generichash_blake2b.h

@@ -107,6 +107,9 @@ int crypto_generichash_blake2b_final(crypto_generichash_blake2b_state *state,
                                      unsigned char *out,
                                      const size_t outlen);
 
+SODIUM_EXPORT
+void crypto_generichash_blake2b_keygen(unsigned char k[crypto_generichash_blake2b_KEYBYTES]);
+
 /* ------------------------------------------------------------------------- */
 
 int _crypto_generichash_blake2b_pick_best_implementation(void);

src/libsodium/include/sodium/crypto_kdf.h

@@ -35,6 +35,10 @@ int crypto_kdf_derive_from_key(unsigned char *subkey, size_t subkey_len,
                                uint64_t subkey_id,
                                const char ctx[crypto_kdf_CONTEXTBYTES],
                                const unsigned char key[crypto_kdf_KEYBYTES]);
+
+SODIUM_EXPORT
+void crypto_kdf_keygen(unsigned char k[crypto_kdf_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_onetimeauth.h

@@ -51,6 +51,9 @@ SODIUM_EXPORT
 int crypto_onetimeauth_final(crypto_onetimeauth_state *state,
                              unsigned char *out);
 
+SODIUM_EXPORT
+void crypto_onetimeauth_keygen(unsigned char k[crypto_onetimeauth_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_onetimeauth_poly1305.h

@@ -54,6 +54,9 @@ SODIUM_EXPORT
 int crypto_onetimeauth_poly1305_final(crypto_onetimeauth_poly1305_state *state,
                                       unsigned char *out);
 
+SODIUM_EXPORT
+void crypto_onetimeauth_poly1305_keygen(unsigned char k[crypto_onetimeauth_poly1305_KEYBYTES]);
+
 /* ------------------------------------------------------------------------- */
 
 int _crypto_onetimeauth_poly1305_pick_best_implementation(void);

src/libsodium/include/sodium/crypto_secretbox.h

@@ -56,6 +56,9 @@ int crypto_secretbox_open_detached(unsigned char *m,
                                    const unsigned char *k)
             __attribute__ ((warn_unused_result));
 
+SODIUM_EXPORT
+void crypto_secretbox_keygen(unsigned char k[crypto_secretbox_KEYBYTES]);
+
 /* -- NaCl compatibility interface ; Requires padding -- */
 
 #define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES

src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h

@@ -48,6 +48,9 @@ int crypto_secretbox_xsalsa20poly1305_open(unsigned char *m,
                                            const unsigned char *k)
             __attribute__ ((warn_unused_result));
 
+SODIUM_EXPORT
+void crypto_secretbox_xsalsa20poly1305_keygen(unsigned char k[crypto_secretbox_xsalsa20poly1305_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_shorthash.h

@@ -29,6 +29,9 @@ SODIUM_EXPORT
 int crypto_shorthash(unsigned char *out, const unsigned char *in,
                      unsigned long long inlen, const unsigned char *k);
 
+SODIUM_EXPORT
+void crypto_shorthash_keygen(unsigned char k[crypto_shorthash_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_stream.h

@@ -42,6 +42,9 @@ int crypto_stream_xor(unsigned char *c, const unsigned char *m,
                       unsigned long long mlen, const unsigned char *n,
                       const unsigned char *k);
 
+SODIUM_EXPORT
+void crypto_stream_keygen(unsigned char k[crypto_stream_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_stream_chacha20.h

@@ -45,6 +45,9 @@ int crypto_stream_chacha20_xor_ic(unsigned char *c, const unsigned char *m,
                                   const unsigned char *n, uint64_t ic,
                                   const unsigned char *k);
 
+SODIUM_EXPORT
+void crypto_stream_chacha20_keygen(unsigned char k[crypto_stream_chacha20_KEYBYTES]);
+
 /* ChaCha20 with a 96-bit nonce and a 32-bit counter (IETF) */
 
 #define crypto_stream_chacha20_ietf_KEYBYTES 32U
@@ -70,6 +73,9 @@ int crypto_stream_chacha20_ietf_xor_ic(unsigned char *c, const unsigned char *m,
                                        const unsigned char *n, uint32_t ic,
                                        const unsigned char *k);
 
+SODIUM_EXPORT
+void crypto_stream_chacha20_ietf_keygen(unsigned char k[crypto_stream_chacha20_ietf_KEYBYTES]);
+
 /* ------------------------------------------------------------------------- */
 
 int _crypto_stream_chacha20_pick_best_implementation(void);

src/libsodium/include/sodium/crypto_stream_salsa20.h

@@ -42,6 +42,10 @@ int crypto_stream_salsa20_xor_ic(unsigned char *c, const unsigned char *m,
                                  unsigned long long mlen,
                                  const unsigned char *n, uint64_t ic,
                                  const unsigned char *k);
+
+SODIUM_EXPORT
+void crypto_stream_salsa20_keygen(unsigned char k[crypto_stream_salsa20_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_stream_salsa2012.h

@@ -36,6 +36,9 @@ int crypto_stream_salsa2012_xor(unsigned char *c, const unsigned char *m,
                                 unsigned long long mlen, const unsigned char *n,
                                 const unsigned char *k);
 
+SODIUM_EXPORT
+void crypto_stream_salsa2012_keygen(unsigned char k[crypto_stream_salsa2012_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_stream_salsa208.h

@@ -36,6 +36,9 @@ int crypto_stream_salsa208_xor(unsigned char *c, const unsigned char *m,
                                unsigned long long mlen, const unsigned char *n,
                                const unsigned char *k);
 
+SODIUM_EXPORT
+void crypto_stream_salsa208_keygen(unsigned char k[crypto_stream_salsa208_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_stream_xchacha20.h

@@ -43,6 +43,9 @@ int crypto_stream_xchacha20_xor_ic(unsigned char *c, const unsigned char *m,
                                    const unsigned char *n, uint64_t ic,
                                    const unsigned char *k);
 
+SODIUM_EXPORT
+void crypto_stream_xchacha20_keygen(unsigned char k[crypto_stream_xchacha20_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

src/libsodium/include/sodium/crypto_stream_xsalsa20.h

@@ -42,6 +42,10 @@ int crypto_stream_xsalsa20_xor_ic(unsigned char *c, const unsigned char *m,
                                   unsigned long long mlen,
                                   const unsigned char *n, uint64_t ic,
                                   const unsigned char *k);
+
+SODIUM_EXPORT
+void crypto_stream_xsalsa20_keygen(unsigned char k[crypto_stream_xsalsa20_KEYBYTES]);
+
 #ifdef __cplusplus
 }
 #endif

test/default/Makefile.am

@@ -35,6 +35,7 @@ EXTRA_DIST = \
 	hash2.exp \
 	hash3.exp \
 	kdf.exp \
+	keygen.exp \
 	onetimeauth.exp \
 	onetimeauth2.exp \
 	onetimeauth7.exp \
@@ -100,6 +101,7 @@ DISTCLEANFILES = \
 	hash2.res \
 	hash3.res \
 	kdf.res \
+	keygen.res \
 	onetimeauth.res \
 	onetimeauth2.res \
 	onetimeauth7.res \
@@ -166,6 +168,7 @@ CLEANFILES = \
 	hash2.final \
 	hash3.final \
 	kdf.final \
+	keygen.final \
 	onetimeauth.final \
 	onetimeauth2.final \
 	onetimeauth7.final \
@@ -227,6 +230,7 @@ CLEANFILES = \
 	hash2.nexe \
 	hash3.nexe \
 	kdf.nexe \
+	keygen.nexe \
 	onetimeauth.nexe \
 	onetimeauth2.nexe \
 	onetimeauth7.nexe \
@@ -299,6 +303,7 @@ TESTS_TARGETS = \
 	hash \
 	hash3 \
 	kdf \
+	keygen \
 	onetimeauth \
 	onetimeauth2 \
 	onetimeauth7 \
@@ -436,6 +441,9 @@ hash3_LDADD               = $(TESTS_LDADD)
 kdf_SOURCE                = cmptest.h kdf.c
 kdf_LDADD                 = $(TESTS_LDADD)
 
+keygen_SOURCE             = cmptest.h keygen.c
+keygen_LDADD              = $(TESTS_LDADD)
+
 onetimeauth_SOURCE        = cmptest.h onetimeauth.c
 onetimeauth_LDADD         = $(TESTS_LDADD)
 

test/default/keygen.c

@@ -0,0 +1,64 @@
+
+#define TEST_NAME "keygen"
+#include "cmptest.h"
+
+typedef struct KeygenTV_ {
+    void (*fn)(unsigned char *k);
+    size_t key_len;
+} KeygenTV;
+
+static void
+tv_keygen(void)
+{
+    const static KeygenTV tvs[] = {
+        { crypto_auth_keygen, crypto_auth_KEYBYTES },
+        { crypto_auth_hmacsha256_keygen, crypto_auth_hmacsha256_KEYBYTES },
+        { crypto_aead_aes256gcm_keygen, crypto_aead_aes256gcm_KEYBYTES },
+        { crypto_auth_hmacsha512_keygen, crypto_auth_hmacsha512_KEYBYTES },
+        { crypto_auth_hmacsha512256_keygen, crypto_auth_hmacsha512256_KEYBYTES },
+        { crypto_generichash_keygen, crypto_generichash_KEYBYTES },
+        { crypto_generichash_blake2b_keygen, crypto_generichash_blake2b_KEYBYTES },
+        { crypto_kdf_keygen, crypto_kdf_KEYBYTES },
+        { crypto_onetimeauth_keygen, crypto_onetimeauth_KEYBYTES },
+        { crypto_onetimeauth_poly1305_keygen, crypto_onetimeauth_poly1305_KEYBYTES },
+        { crypto_aead_chacha20poly1305_ietf_keygen, crypto_aead_chacha20poly1305_ietf_KEYBYTES },
+        { crypto_aead_chacha20poly1305_keygen, crypto_aead_chacha20poly1305_KEYBYTES },
+        { crypto_secretbox_xsalsa20poly1305_keygen, crypto_secretbox_xsalsa20poly1305_KEYBYTES },
+        { crypto_secretbox_keygen, crypto_secretbox_KEYBYTES },
+        { crypto_shorthash_keygen, crypto_shorthash_KEYBYTES },
+        { crypto_stream_keygen, crypto_stream_KEYBYTES },
+        { crypto_stream_chacha20_keygen, crypto_stream_chacha20_KEYBYTES },
+        { crypto_stream_chacha20_ietf_keygen, crypto_stream_chacha20_ietf_KEYBYTES },
+        { crypto_stream_salsa20_keygen, crypto_stream_salsa20_KEYBYTES },
+        { crypto_stream_xsalsa20_keygen, crypto_stream_xsalsa20_KEYBYTES }
+    };
+    const KeygenTV *tv;
+    unsigned char  *key;
+    int             i;
+    int             j;
+
+    for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) {
+        tv = &tvs[i];
+        key = sodium_malloc(tv->key_len);
+        key[tv->key_len - 1U] = 0;
+        for (j = 0; j < 10000; j++) {
+            tv->fn(key);
+            if (key[tv->key_len - 1U] != 0) {
+                break;
+            }
+        }
+        sodium_free(key);
+        if (j >= 10000) {
+            printf("Buffer underflow with test vector %d\n", i);
+        }
+    }
+    printf("tv_keygen: ok\n");
+}
+
+int
+main(void)
+{
+    tv_keygen();
+
+    return 0;
+}

test/default/keygen.exp

@@ -0,0 +1 @@
+tv_keygen: ok