From a329340d90ac330db6f61cb7728d5191fad2d995 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sat, 18 Feb 2017 21:22:39 +0100 Subject: [PATCH] Remove the NaCl-like APIs from *xchacha20 additions These APIs were useful with the salsa20 constructions for compatibility with NaCl, but they are tricky to use and don't provide any benefits over the _easy APIs. Having them around was good for consistency with the salsa20-based ones, but this is code that is unlikely to be used in actual projects. So, don't include them, unless people actually ask for them. --- src/libsodium/Makefile.am | 3 -- .../box_curve25519xchacha20poly1305_api.c | 10 ---- .../after_curve25519xchacha20poly1305.c | 22 --------- .../sodium/box_curve25519xchacha20poly1305.c | 42 ----------------- .../secretbox_xchacha20poly1305_api.c | 12 ----- .../secretbox_xchacha20poly1305_easy.c | 2 + .../sodium/secretbox_xchacha20poly1305.c | 46 ------------------- .../crypto_box_curve25519xchacha20poly1305.h | 45 ------------------ .../crypto_secretbox_xchacha20poly1305.h | 27 ----------- test/default/xchacha20.c | 36 +++------------ 10 files changed, 8 insertions(+), 237 deletions(-) delete mode 100644 src/libsodium/crypto_box/curve25519xchacha20poly1305/sodium/after_curve25519xchacha20poly1305.c delete mode 100644 src/libsodium/crypto_box/curve25519xchacha20poly1305/sodium/box_curve25519xchacha20poly1305.c delete mode 100644 src/libsodium/crypto_secretbox/xchacha20poly1305/sodium/secretbox_xchacha20poly1305.c diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am index ad7bf50c..ddc6fe89 100644 --- a/src/libsodium/Makefile.am +++ b/src/libsodium/Makefile.am @@ -172,9 +172,7 @@ libsodium_la_SOURCES += \ crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c \ crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_api.c \ crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_easy.c \ - crypto_box/curve25519xchacha20poly1305/sodium/after_curve25519xchacha20poly1305.c \ crypto_box/curve25519xchacha20poly1305/sodium/before_curve25519xchacha20poly1305.c \ - crypto_box/curve25519xchacha20poly1305/sodium/box_curve25519xchacha20poly1305.c \ crypto_box/curve25519xchacha20poly1305/sodium/keypair_curve25519xchacha20poly1305.c \ crypto_core/hchacha20/core_hchacha20.c \ crypto_core/hchacha20/core_hchacha20.h \ @@ -184,7 +182,6 @@ libsodium_la_SOURCES += \ crypto_core/salsa208/core_salsa208_api.c \ crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_api.c \ crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_easy.c \ - crypto_secretbox/xchacha20poly1305/sodium/secretbox_xchacha20poly1305.c \ crypto_sign/ed25519/ref10/obsolete.c \ crypto_stream/aes128ctr/portable/afternm_aes128ctr.c \ crypto_stream/aes128ctr/stream_aes128ctr_api.c \ diff --git a/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_api.c b/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_api.c index 0942398b..fd708d60 100644 --- a/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_api.c +++ b/src/libsodium/crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_api.c @@ -25,16 +25,6 @@ crypto_box_curve25519xchacha20poly1305_noncebytes(void) { return crypto_box_curve25519xchacha20poly1305_NONCEBYTES; } -size_t -crypto_box_curve25519xchacha20poly1305_zerobytes(void) { - return crypto_box_curve25519xchacha20poly1305_ZEROBYTES; -} - -size_t -crypto_box_curve25519xchacha20poly1305_boxzerobytes(void) { - return crypto_box_curve25519xchacha20poly1305_BOXZEROBYTES; -} - size_t crypto_box_curve25519xchacha20poly1305_macbytes(void) { return crypto_box_curve25519xchacha20poly1305_MACBYTES; diff --git a/src/libsodium/crypto_box/curve25519xchacha20poly1305/sodium/after_curve25519xchacha20poly1305.c b/src/libsodium/crypto_box/curve25519xchacha20poly1305/sodium/after_curve25519xchacha20poly1305.c deleted file mode 100644 index 16ee6026..00000000 --- a/src/libsodium/crypto_box/curve25519xchacha20poly1305/sodium/after_curve25519xchacha20poly1305.c +++ /dev/null @@ -1,22 +0,0 @@ -#include "crypto_box_curve25519xchacha20poly1305.h" -#include "crypto_secretbox_xchacha20poly1305.h" - -int -crypto_box_curve25519xchacha20poly1305_afternm(unsigned char *c, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *n, - const unsigned char *k) -{ - return crypto_secretbox_xchacha20poly1305(c, m, mlen, n, k); -} - -int -crypto_box_curve25519xchacha20poly1305_open_afternm(unsigned char *m, - const unsigned char *c, - unsigned long long clen, - const unsigned char *n, - const unsigned char *k) -{ - return crypto_secretbox_xchacha20poly1305_open(m, c, clen, n, k); -} diff --git a/src/libsodium/crypto_box/curve25519xchacha20poly1305/sodium/box_curve25519xchacha20poly1305.c b/src/libsodium/crypto_box/curve25519xchacha20poly1305/sodium/box_curve25519xchacha20poly1305.c deleted file mode 100644 index 6bd6bc40..00000000 --- a/src/libsodium/crypto_box/curve25519xchacha20poly1305/sodium/box_curve25519xchacha20poly1305.c +++ /dev/null @@ -1,42 +0,0 @@ -#include "crypto_box_curve25519xchacha20poly1305.h" -#include "utils.h" - -int -crypto_box_curve25519xchacha20poly1305(unsigned char *c, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *n, - const unsigned char *pk, - const unsigned char *sk) -{ - unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES]; - int ret; - - if (crypto_box_curve25519xchacha20poly1305_beforenm(k, pk, sk) != 0) { - return -1; - } - ret = crypto_box_curve25519xchacha20poly1305_afternm(c, m, mlen, n, k); - sodium_memzero(k, sizeof k); - - return ret; -} - -int -crypto_box_curve25519xchacha20poly1305_open(unsigned char *m, - const unsigned char *c, - unsigned long long clen, - const unsigned char *n, - const unsigned char *pk, - const unsigned char *sk) -{ - unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES]; - int ret; - - if (crypto_box_curve25519xchacha20poly1305_beforenm(k, pk, sk) != 0) { - return -1; - } - ret = crypto_box_curve25519xchacha20poly1305_open_afternm(m, c, clen, n, k); - sodium_memzero(k, sizeof k); - - return ret; -} diff --git a/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_api.c b/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_api.c index f8a9958c..9fa6b3f6 100644 --- a/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_api.c +++ b/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_api.c @@ -12,18 +12,6 @@ crypto_secretbox_xchacha20poly1305_noncebytes(void) return crypto_secretbox_xchacha20poly1305_NONCEBYTES; } -size_t -crypto_secretbox_xchacha20poly1305_zerobytes(void) -{ - return crypto_secretbox_xchacha20poly1305_ZEROBYTES; -} - -size_t -crypto_secretbox_xchacha20poly1305_boxzerobytes(void) -{ - return crypto_secretbox_xchacha20poly1305_BOXZEROBYTES; -} - size_t crypto_secretbox_xchacha20poly1305_macbytes(void) { diff --git a/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_easy.c b/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_easy.c index e528f530..94b52536 100644 --- a/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_easy.c +++ b/src/libsodium/crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_easy.c @@ -11,6 +11,8 @@ #include "crypto_stream_chacha20.h" #include "utils.h" +#define crypto_secretbox_xchacha20poly1305_ZEROBYTES 32U + int crypto_secretbox_xchacha20poly1305_detached(unsigned char *c, unsigned char *mac, diff --git a/src/libsodium/crypto_secretbox/xchacha20poly1305/sodium/secretbox_xchacha20poly1305.c b/src/libsodium/crypto_secretbox/xchacha20poly1305/sodium/secretbox_xchacha20poly1305.c deleted file mode 100644 index e5480ca8..00000000 --- a/src/libsodium/crypto_secretbox/xchacha20poly1305/sodium/secretbox_xchacha20poly1305.c +++ /dev/null @@ -1,46 +0,0 @@ -#include "crypto_onetimeauth_poly1305.h" -#include "crypto_secretbox_xchacha20poly1305.h" -#include "crypto_stream_xchacha20.h" - -int -crypto_secretbox_xchacha20poly1305(unsigned char *c, const unsigned char *m, - unsigned long long mlen, - const unsigned char *n, - const unsigned char *k) -{ - int i; - - if (mlen < 32) { - return -1; - } - crypto_stream_xchacha20_xor(c, m, mlen, n, k); - crypto_onetimeauth_poly1305(c + 16, c + 32, mlen - 32, c); - for (i = 0; i < 16; ++i) { - c[i] = 0; - } - return 0; -} - -int -crypto_secretbox_xchacha20poly1305_open(unsigned char *m, const unsigned char *c, - unsigned long long clen, - const unsigned char *n, - const unsigned char *k) -{ - unsigned char subkey[32]; - int i; - - if (clen < 32) { - return -1; - } - crypto_stream_xchacha20(subkey, 32, n, k); - if (crypto_onetimeauth_poly1305_verify(c + 16, c + 32, - clen - 32, subkey) != 0) { - return -1; - } - crypto_stream_xchacha20_xor(m, c, clen, n, k); - for (i = 0; i < 32; ++i) { - m[i] = 0; - } - return 0; -} diff --git a/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h b/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h index 0382c092..29c9b255 100644 --- a/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h +++ b/src/libsodium/include/sodium/crypto_box_curve25519xchacha20poly1305.h @@ -123,51 +123,6 @@ int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char * const unsigned char *k) __attribute__ ((warn_unused_result)); -/* -- NaCl-style interface ; Requires padding -- */ - -#define crypto_box_curve25519xchacha20poly1305_BOXZEROBYTES 16U -SODIUM_EXPORT -size_t crypto_box_curve25519xchacha20poly1305_boxzerobytes(void); - -#define crypto_box_curve25519xchacha20poly1305_ZEROBYTES \ - (crypto_box_curve25519xchacha20poly1305_BOXZEROBYTES + \ - crypto_box_curve25519xchacha20poly1305_MACBYTES) -SODIUM_EXPORT -size_t crypto_box_curve25519xchacha20poly1305_zerobytes(void); - -SODIUM_EXPORT -int crypto_box_curve25519xchacha20poly1305(unsigned char *c, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *n, - const unsigned char *pk, - const unsigned char *sk) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_box_curve25519xchacha20poly1305_open(unsigned char *m, - const unsigned char *c, - unsigned long long clen, - const unsigned char *n, - const unsigned char *pk, - const unsigned char *sk) - __attribute__ ((warn_unused_result)); - -SODIUM_EXPORT -int crypto_box_curve25519xchacha20poly1305_afternm(unsigned char *c, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *n, - const unsigned char *k); - -SODIUM_EXPORT -int crypto_box_curve25519xchacha20poly1305_open_afternm(unsigned char *m, - const unsigned char *c, - unsigned long long clen, - const unsigned char *n, - const unsigned char *k) - __attribute__ ((warn_unused_result)); - #ifdef __cplusplus } #endif diff --git a/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h b/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h index 40f490a1..7a61a091 100644 --- a/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h +++ b/src/libsodium/include/sodium/crypto_secretbox_xchacha20poly1305.h @@ -55,33 +55,6 @@ int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m, const unsigned char *k) __attribute__ ((warn_unused_result)); -/* -- NaCl-like interface ; Requires padding -- */ - -#define crypto_secretbox_xchacha20poly1305_BOXZEROBYTES 16U -SODIUM_EXPORT -size_t crypto_secretbox_xchacha20poly1305_boxzerobytes(void); - -#define crypto_secretbox_xchacha20poly1305_ZEROBYTES \ - (crypto_secretbox_xchacha20poly1305_BOXZEROBYTES + \ - crypto_secretbox_xchacha20poly1305_MACBYTES) -SODIUM_EXPORT -size_t crypto_secretbox_xchacha20poly1305_zerobytes(void); - -SODIUM_EXPORT -int crypto_secretbox_xchacha20poly1305(unsigned char *c, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *n, - const unsigned char *k); - -SODIUM_EXPORT -int crypto_secretbox_xchacha20poly1305_open(unsigned char *m, - const unsigned char *c, - unsigned long long clen, - const unsigned char *n, - const unsigned char *k) - __attribute__ ((warn_unused_result)); - #ifdef __cplusplus } #endif diff --git a/test/default/xchacha20.c b/test/default/xchacha20.c index 4d36387e..23cdcf12 100644 --- a/test/default/xchacha20.c +++ b/test/default/xchacha20.c @@ -184,7 +184,6 @@ tv_secretbox_xchacha20poly1305(void) unsigned char *key; unsigned char *out; unsigned char *out2; - size_t box_len; size_t m_len; size_t out_len; size_t n; @@ -239,41 +238,12 @@ tv_secretbox_xchacha20poly1305(void) sodium_free(out2); sodium_free(m); } - - m_len = randombytes_uniform(1000); - box_len = crypto_secretbox_xchacha20poly1305_ZEROBYTES + m_len; - m = (unsigned char *) sodium_malloc(box_len); - out = (unsigned char *) sodium_malloc(box_len); - randombytes_buf(m + crypto_secretbox_xchacha20poly1305_ZEROBYTES, m_len); - memset(m, 0, crypto_secretbox_xchacha20poly1305_ZEROBYTES); - crypto_secretbox_xchacha20poly1305(out, m, box_len, nonce, key); - assert(crypto_secretbox_xchacha20poly1305_open(out, out, box_len, - nonce, key) == 0); - assert(memcmp(out + crypto_secretbox_xchacha20poly1305_ZEROBYTES, - m + crypto_secretbox_xchacha20poly1305_ZEROBYTES, m_len) == 0); - crypto_secretbox_xchacha20poly1305(out, m, box_len, - nonce, key); - assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len, nonce, key) == 0); - nonce[0]++; - assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len, nonce, key) == -1); - nonce[0]--; - key[0]++; - assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len - 1, nonce, key) == -1); - key[0]--; - assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len - 1, nonce, key) == -1); - assert(crypto_secretbox_xchacha20poly1305_open(m, out, 0, nonce, key) == -1); - assert(crypto_secretbox_xchacha20poly1305_open(m, out, 1, nonce, key) == -1); - sodium_free(out); - sodium_free(m); - sodium_free(nonce); sodium_free(key); assert(crypto_secretbox_xchacha20poly1305_keybytes() == crypto_secretbox_xchacha20poly1305_KEYBYTES); assert(crypto_secretbox_xchacha20poly1305_noncebytes() == crypto_secretbox_xchacha20poly1305_NONCEBYTES); assert(crypto_secretbox_xchacha20poly1305_macbytes() == crypto_secretbox_xchacha20poly1305_MACBYTES); - assert(crypto_secretbox_xchacha20poly1305_boxzerobytes() == crypto_secretbox_xchacha20poly1305_BOXZEROBYTES); - assert(crypto_secretbox_xchacha20poly1305_zerobytes() == crypto_secretbox_xchacha20poly1305_ZEROBYTES); printf("tv_secretbox_xchacha20: ok\n"); } @@ -364,6 +334,12 @@ tv_box_xchacha20poly1305(void) sodium_free(sk); sodium_free(pk); + assert(crypto_box_curve25519xchacha20poly1305_seedbytes() == crypto_box_curve25519xchacha20poly1305_SEEDBYTES); + assert(crypto_box_curve25519xchacha20poly1305_publickeybytes() == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES); + assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES); + assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES); + assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES); + printf("tv_box_xchacha20poly1305: ok\n"); }