Remove the NaCl-like APIs from *xchacha20 additions

These APIs were useful with the salsa20 constructions for compatibility
with NaCl, but they are tricky to use and don't provide any benefits over
the _easy APIs.

Having them around was good for consistency with the salsa20-based ones,
but this is code that is unlikely to be used in actual projects.

So, don't include them, unless people actually ask for them.
This commit is contained in:
Frank Denis 2017-02-18 21:22:39 +01:00
parent eb5c17d3ec
commit a329340d90
10 changed files with 8 additions and 237 deletions

View File

@ -172,9 +172,7 @@ libsodium_la_SOURCES += \
crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c \ crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c \
crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_api.c \ crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_api.c \
crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_easy.c \ crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_easy.c \
crypto_box/curve25519xchacha20poly1305/sodium/after_curve25519xchacha20poly1305.c \
crypto_box/curve25519xchacha20poly1305/sodium/before_curve25519xchacha20poly1305.c \ crypto_box/curve25519xchacha20poly1305/sodium/before_curve25519xchacha20poly1305.c \
crypto_box/curve25519xchacha20poly1305/sodium/box_curve25519xchacha20poly1305.c \
crypto_box/curve25519xchacha20poly1305/sodium/keypair_curve25519xchacha20poly1305.c \ crypto_box/curve25519xchacha20poly1305/sodium/keypair_curve25519xchacha20poly1305.c \
crypto_core/hchacha20/core_hchacha20.c \ crypto_core/hchacha20/core_hchacha20.c \
crypto_core/hchacha20/core_hchacha20.h \ crypto_core/hchacha20/core_hchacha20.h \
@ -184,7 +182,6 @@ libsodium_la_SOURCES += \
crypto_core/salsa208/core_salsa208_api.c \ crypto_core/salsa208/core_salsa208_api.c \
crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_api.c \ crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_api.c \
crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_easy.c \ crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_easy.c \
crypto_secretbox/xchacha20poly1305/sodium/secretbox_xchacha20poly1305.c \
crypto_sign/ed25519/ref10/obsolete.c \ crypto_sign/ed25519/ref10/obsolete.c \
crypto_stream/aes128ctr/portable/afternm_aes128ctr.c \ crypto_stream/aes128ctr/portable/afternm_aes128ctr.c \
crypto_stream/aes128ctr/stream_aes128ctr_api.c \ crypto_stream/aes128ctr/stream_aes128ctr_api.c \

View File

@ -25,16 +25,6 @@ crypto_box_curve25519xchacha20poly1305_noncebytes(void) {
return crypto_box_curve25519xchacha20poly1305_NONCEBYTES; return crypto_box_curve25519xchacha20poly1305_NONCEBYTES;
} }
size_t
crypto_box_curve25519xchacha20poly1305_zerobytes(void) {
return crypto_box_curve25519xchacha20poly1305_ZEROBYTES;
}
size_t
crypto_box_curve25519xchacha20poly1305_boxzerobytes(void) {
return crypto_box_curve25519xchacha20poly1305_BOXZEROBYTES;
}
size_t size_t
crypto_box_curve25519xchacha20poly1305_macbytes(void) { crypto_box_curve25519xchacha20poly1305_macbytes(void) {
return crypto_box_curve25519xchacha20poly1305_MACBYTES; return crypto_box_curve25519xchacha20poly1305_MACBYTES;

View File

@ -1,22 +0,0 @@
#include "crypto_box_curve25519xchacha20poly1305.h"
#include "crypto_secretbox_xchacha20poly1305.h"
int
crypto_box_curve25519xchacha20poly1305_afternm(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k)
{
return crypto_secretbox_xchacha20poly1305(c, m, mlen, n, k);
}
int
crypto_box_curve25519xchacha20poly1305_open_afternm(unsigned char *m,
const unsigned char *c,
unsigned long long clen,
const unsigned char *n,
const unsigned char *k)
{
return crypto_secretbox_xchacha20poly1305_open(m, c, clen, n, k);
}

View File

@ -1,42 +0,0 @@
#include "crypto_box_curve25519xchacha20poly1305.h"
#include "utils.h"
int
crypto_box_curve25519xchacha20poly1305(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
{
unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES];
int ret;
if (crypto_box_curve25519xchacha20poly1305_beforenm(k, pk, sk) != 0) {
return -1;
}
ret = crypto_box_curve25519xchacha20poly1305_afternm(c, m, mlen, n, k);
sodium_memzero(k, sizeof k);
return ret;
}
int
crypto_box_curve25519xchacha20poly1305_open(unsigned char *m,
const unsigned char *c,
unsigned long long clen,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
{
unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES];
int ret;
if (crypto_box_curve25519xchacha20poly1305_beforenm(k, pk, sk) != 0) {
return -1;
}
ret = crypto_box_curve25519xchacha20poly1305_open_afternm(m, c, clen, n, k);
sodium_memzero(k, sizeof k);
return ret;
}

View File

@ -12,18 +12,6 @@ crypto_secretbox_xchacha20poly1305_noncebytes(void)
return crypto_secretbox_xchacha20poly1305_NONCEBYTES; return crypto_secretbox_xchacha20poly1305_NONCEBYTES;
} }
size_t
crypto_secretbox_xchacha20poly1305_zerobytes(void)
{
return crypto_secretbox_xchacha20poly1305_ZEROBYTES;
}
size_t
crypto_secretbox_xchacha20poly1305_boxzerobytes(void)
{
return crypto_secretbox_xchacha20poly1305_BOXZEROBYTES;
}
size_t size_t
crypto_secretbox_xchacha20poly1305_macbytes(void) crypto_secretbox_xchacha20poly1305_macbytes(void)
{ {

View File

@ -11,6 +11,8 @@
#include "crypto_stream_chacha20.h" #include "crypto_stream_chacha20.h"
#include "utils.h" #include "utils.h"
#define crypto_secretbox_xchacha20poly1305_ZEROBYTES 32U
int int
crypto_secretbox_xchacha20poly1305_detached(unsigned char *c, crypto_secretbox_xchacha20poly1305_detached(unsigned char *c,
unsigned char *mac, unsigned char *mac,

View File

@ -1,46 +0,0 @@
#include "crypto_onetimeauth_poly1305.h"
#include "crypto_secretbox_xchacha20poly1305.h"
#include "crypto_stream_xchacha20.h"
int
crypto_secretbox_xchacha20poly1305(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k)
{
int i;
if (mlen < 32) {
return -1;
}
crypto_stream_xchacha20_xor(c, m, mlen, n, k);
crypto_onetimeauth_poly1305(c + 16, c + 32, mlen - 32, c);
for (i = 0; i < 16; ++i) {
c[i] = 0;
}
return 0;
}
int
crypto_secretbox_xchacha20poly1305_open(unsigned char *m, const unsigned char *c,
unsigned long long clen,
const unsigned char *n,
const unsigned char *k)
{
unsigned char subkey[32];
int i;
if (clen < 32) {
return -1;
}
crypto_stream_xchacha20(subkey, 32, n, k);
if (crypto_onetimeauth_poly1305_verify(c + 16, c + 32,
clen - 32, subkey) != 0) {
return -1;
}
crypto_stream_xchacha20_xor(m, c, clen, n, k);
for (i = 0; i < 32; ++i) {
m[i] = 0;
}
return 0;
}

View File

@ -123,51 +123,6 @@ int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *
const unsigned char *k) const unsigned char *k)
__attribute__ ((warn_unused_result)); __attribute__ ((warn_unused_result));
/* -- NaCl-style interface ; Requires padding -- */
#define crypto_box_curve25519xchacha20poly1305_BOXZEROBYTES 16U
SODIUM_EXPORT
size_t crypto_box_curve25519xchacha20poly1305_boxzerobytes(void);
#define crypto_box_curve25519xchacha20poly1305_ZEROBYTES \
(crypto_box_curve25519xchacha20poly1305_BOXZEROBYTES + \
crypto_box_curve25519xchacha20poly1305_MACBYTES)
SODIUM_EXPORT
size_t crypto_box_curve25519xchacha20poly1305_zerobytes(void);
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_open(unsigned char *m,
const unsigned char *c,
unsigned long long clen,
const unsigned char *n,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_afternm(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k);
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_open_afternm(unsigned char *m,
const unsigned char *c,
unsigned long long clen,
const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View File

@ -55,33 +55,6 @@ int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m,
const unsigned char *k) const unsigned char *k)
__attribute__ ((warn_unused_result)); __attribute__ ((warn_unused_result));
/* -- NaCl-like interface ; Requires padding -- */
#define crypto_secretbox_xchacha20poly1305_BOXZEROBYTES 16U
SODIUM_EXPORT
size_t crypto_secretbox_xchacha20poly1305_boxzerobytes(void);
#define crypto_secretbox_xchacha20poly1305_ZEROBYTES \
(crypto_secretbox_xchacha20poly1305_BOXZEROBYTES + \
crypto_secretbox_xchacha20poly1305_MACBYTES)
SODIUM_EXPORT
size_t crypto_secretbox_xchacha20poly1305_zerobytes(void);
SODIUM_EXPORT
int crypto_secretbox_xchacha20poly1305(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k);
SODIUM_EXPORT
int crypto_secretbox_xchacha20poly1305_open(unsigned char *m,
const unsigned char *c,
unsigned long long clen,
const unsigned char *n,
const unsigned char *k)
__attribute__ ((warn_unused_result));
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif

View File

@ -184,7 +184,6 @@ tv_secretbox_xchacha20poly1305(void)
unsigned char *key; unsigned char *key;
unsigned char *out; unsigned char *out;
unsigned char *out2; unsigned char *out2;
size_t box_len;
size_t m_len; size_t m_len;
size_t out_len; size_t out_len;
size_t n; size_t n;
@ -239,41 +238,12 @@ tv_secretbox_xchacha20poly1305(void)
sodium_free(out2); sodium_free(out2);
sodium_free(m); sodium_free(m);
} }
m_len = randombytes_uniform(1000);
box_len = crypto_secretbox_xchacha20poly1305_ZEROBYTES + m_len;
m = (unsigned char *) sodium_malloc(box_len);
out = (unsigned char *) sodium_malloc(box_len);
randombytes_buf(m + crypto_secretbox_xchacha20poly1305_ZEROBYTES, m_len);
memset(m, 0, crypto_secretbox_xchacha20poly1305_ZEROBYTES);
crypto_secretbox_xchacha20poly1305(out, m, box_len, nonce, key);
assert(crypto_secretbox_xchacha20poly1305_open(out, out, box_len,
nonce, key) == 0);
assert(memcmp(out + crypto_secretbox_xchacha20poly1305_ZEROBYTES,
m + crypto_secretbox_xchacha20poly1305_ZEROBYTES, m_len) == 0);
crypto_secretbox_xchacha20poly1305(out, m, box_len,
nonce, key);
assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len, nonce, key) == 0);
nonce[0]++;
assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len, nonce, key) == -1);
nonce[0]--;
key[0]++;
assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len - 1, nonce, key) == -1);
key[0]--;
assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len - 1, nonce, key) == -1);
assert(crypto_secretbox_xchacha20poly1305_open(m, out, 0, nonce, key) == -1);
assert(crypto_secretbox_xchacha20poly1305_open(m, out, 1, nonce, key) == -1);
sodium_free(out);
sodium_free(m);
sodium_free(nonce); sodium_free(nonce);
sodium_free(key); sodium_free(key);
assert(crypto_secretbox_xchacha20poly1305_keybytes() == crypto_secretbox_xchacha20poly1305_KEYBYTES); assert(crypto_secretbox_xchacha20poly1305_keybytes() == crypto_secretbox_xchacha20poly1305_KEYBYTES);
assert(crypto_secretbox_xchacha20poly1305_noncebytes() == crypto_secretbox_xchacha20poly1305_NONCEBYTES); assert(crypto_secretbox_xchacha20poly1305_noncebytes() == crypto_secretbox_xchacha20poly1305_NONCEBYTES);
assert(crypto_secretbox_xchacha20poly1305_macbytes() == crypto_secretbox_xchacha20poly1305_MACBYTES); assert(crypto_secretbox_xchacha20poly1305_macbytes() == crypto_secretbox_xchacha20poly1305_MACBYTES);
assert(crypto_secretbox_xchacha20poly1305_boxzerobytes() == crypto_secretbox_xchacha20poly1305_BOXZEROBYTES);
assert(crypto_secretbox_xchacha20poly1305_zerobytes() == crypto_secretbox_xchacha20poly1305_ZEROBYTES);
printf("tv_secretbox_xchacha20: ok\n"); printf("tv_secretbox_xchacha20: ok\n");
} }
@ -364,6 +334,12 @@ tv_box_xchacha20poly1305(void)
sodium_free(sk); sodium_free(sk);
sodium_free(pk); sodium_free(pk);
assert(crypto_box_curve25519xchacha20poly1305_seedbytes() == crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
assert(crypto_box_curve25519xchacha20poly1305_publickeybytes() == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
printf("tv_box_xchacha20poly1305: ok\n"); printf("tv_box_xchacha20poly1305: ok\n");
} }