Remove the NaCl-like APIs from *xchacha20 additions
These APIs were useful with the salsa20 constructions for compatibility with NaCl, but they are tricky to use and don't provide any benefits over the _easy APIs. Having them around was good for consistency with the salsa20-based ones, but this is code that is unlikely to be used in actual projects. So, don't include them, unless people actually ask for them.
This commit is contained in:
parent
eb5c17d3ec
commit
a329340d90
@ -172,9 +172,7 @@ libsodium_la_SOURCES += \
|
|||||||
crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c \
|
crypto_aead/xchacha20poly1305/sodium/aead_xchacha20poly1305.c \
|
||||||
crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_api.c \
|
crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_api.c \
|
||||||
crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_easy.c \
|
crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305_easy.c \
|
||||||
crypto_box/curve25519xchacha20poly1305/sodium/after_curve25519xchacha20poly1305.c \
|
|
||||||
crypto_box/curve25519xchacha20poly1305/sodium/before_curve25519xchacha20poly1305.c \
|
crypto_box/curve25519xchacha20poly1305/sodium/before_curve25519xchacha20poly1305.c \
|
||||||
crypto_box/curve25519xchacha20poly1305/sodium/box_curve25519xchacha20poly1305.c \
|
|
||||||
crypto_box/curve25519xchacha20poly1305/sodium/keypair_curve25519xchacha20poly1305.c \
|
crypto_box/curve25519xchacha20poly1305/sodium/keypair_curve25519xchacha20poly1305.c \
|
||||||
crypto_core/hchacha20/core_hchacha20.c \
|
crypto_core/hchacha20/core_hchacha20.c \
|
||||||
crypto_core/hchacha20/core_hchacha20.h \
|
crypto_core/hchacha20/core_hchacha20.h \
|
||||||
@ -184,7 +182,6 @@ libsodium_la_SOURCES += \
|
|||||||
crypto_core/salsa208/core_salsa208_api.c \
|
crypto_core/salsa208/core_salsa208_api.c \
|
||||||
crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_api.c \
|
crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_api.c \
|
||||||
crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_easy.c \
|
crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305_easy.c \
|
||||||
crypto_secretbox/xchacha20poly1305/sodium/secretbox_xchacha20poly1305.c \
|
|
||||||
crypto_sign/ed25519/ref10/obsolete.c \
|
crypto_sign/ed25519/ref10/obsolete.c \
|
||||||
crypto_stream/aes128ctr/portable/afternm_aes128ctr.c \
|
crypto_stream/aes128ctr/portable/afternm_aes128ctr.c \
|
||||||
crypto_stream/aes128ctr/stream_aes128ctr_api.c \
|
crypto_stream/aes128ctr/stream_aes128ctr_api.c \
|
||||||
|
@ -25,16 +25,6 @@ crypto_box_curve25519xchacha20poly1305_noncebytes(void) {
|
|||||||
return crypto_box_curve25519xchacha20poly1305_NONCEBYTES;
|
return crypto_box_curve25519xchacha20poly1305_NONCEBYTES;
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t
|
|
||||||
crypto_box_curve25519xchacha20poly1305_zerobytes(void) {
|
|
||||||
return crypto_box_curve25519xchacha20poly1305_ZEROBYTES;
|
|
||||||
}
|
|
||||||
|
|
||||||
size_t
|
|
||||||
crypto_box_curve25519xchacha20poly1305_boxzerobytes(void) {
|
|
||||||
return crypto_box_curve25519xchacha20poly1305_BOXZEROBYTES;
|
|
||||||
}
|
|
||||||
|
|
||||||
size_t
|
size_t
|
||||||
crypto_box_curve25519xchacha20poly1305_macbytes(void) {
|
crypto_box_curve25519xchacha20poly1305_macbytes(void) {
|
||||||
return crypto_box_curve25519xchacha20poly1305_MACBYTES;
|
return crypto_box_curve25519xchacha20poly1305_MACBYTES;
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
#include "crypto_box_curve25519xchacha20poly1305.h"
|
|
||||||
#include "crypto_secretbox_xchacha20poly1305.h"
|
|
||||||
|
|
||||||
int
|
|
||||||
crypto_box_curve25519xchacha20poly1305_afternm(unsigned char *c,
|
|
||||||
const unsigned char *m,
|
|
||||||
unsigned long long mlen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *k)
|
|
||||||
{
|
|
||||||
return crypto_secretbox_xchacha20poly1305(c, m, mlen, n, k);
|
|
||||||
}
|
|
||||||
|
|
||||||
int
|
|
||||||
crypto_box_curve25519xchacha20poly1305_open_afternm(unsigned char *m,
|
|
||||||
const unsigned char *c,
|
|
||||||
unsigned long long clen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *k)
|
|
||||||
{
|
|
||||||
return crypto_secretbox_xchacha20poly1305_open(m, c, clen, n, k);
|
|
||||||
}
|
|
@ -1,42 +0,0 @@
|
|||||||
#include "crypto_box_curve25519xchacha20poly1305.h"
|
|
||||||
#include "utils.h"
|
|
||||||
|
|
||||||
int
|
|
||||||
crypto_box_curve25519xchacha20poly1305(unsigned char *c,
|
|
||||||
const unsigned char *m,
|
|
||||||
unsigned long long mlen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *pk,
|
|
||||||
const unsigned char *sk)
|
|
||||||
{
|
|
||||||
unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES];
|
|
||||||
int ret;
|
|
||||||
|
|
||||||
if (crypto_box_curve25519xchacha20poly1305_beforenm(k, pk, sk) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
ret = crypto_box_curve25519xchacha20poly1305_afternm(c, m, mlen, n, k);
|
|
||||||
sodium_memzero(k, sizeof k);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
int
|
|
||||||
crypto_box_curve25519xchacha20poly1305_open(unsigned char *m,
|
|
||||||
const unsigned char *c,
|
|
||||||
unsigned long long clen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *pk,
|
|
||||||
const unsigned char *sk)
|
|
||||||
{
|
|
||||||
unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES];
|
|
||||||
int ret;
|
|
||||||
|
|
||||||
if (crypto_box_curve25519xchacha20poly1305_beforenm(k, pk, sk) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
ret = crypto_box_curve25519xchacha20poly1305_open_afternm(m, c, clen, n, k);
|
|
||||||
sodium_memzero(k, sizeof k);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
@ -12,18 +12,6 @@ crypto_secretbox_xchacha20poly1305_noncebytes(void)
|
|||||||
return crypto_secretbox_xchacha20poly1305_NONCEBYTES;
|
return crypto_secretbox_xchacha20poly1305_NONCEBYTES;
|
||||||
}
|
}
|
||||||
|
|
||||||
size_t
|
|
||||||
crypto_secretbox_xchacha20poly1305_zerobytes(void)
|
|
||||||
{
|
|
||||||
return crypto_secretbox_xchacha20poly1305_ZEROBYTES;
|
|
||||||
}
|
|
||||||
|
|
||||||
size_t
|
|
||||||
crypto_secretbox_xchacha20poly1305_boxzerobytes(void)
|
|
||||||
{
|
|
||||||
return crypto_secretbox_xchacha20poly1305_BOXZEROBYTES;
|
|
||||||
}
|
|
||||||
|
|
||||||
size_t
|
size_t
|
||||||
crypto_secretbox_xchacha20poly1305_macbytes(void)
|
crypto_secretbox_xchacha20poly1305_macbytes(void)
|
||||||
{
|
{
|
||||||
|
@ -11,6 +11,8 @@
|
|||||||
#include "crypto_stream_chacha20.h"
|
#include "crypto_stream_chacha20.h"
|
||||||
#include "utils.h"
|
#include "utils.h"
|
||||||
|
|
||||||
|
#define crypto_secretbox_xchacha20poly1305_ZEROBYTES 32U
|
||||||
|
|
||||||
int
|
int
|
||||||
crypto_secretbox_xchacha20poly1305_detached(unsigned char *c,
|
crypto_secretbox_xchacha20poly1305_detached(unsigned char *c,
|
||||||
unsigned char *mac,
|
unsigned char *mac,
|
||||||
|
@ -1,46 +0,0 @@
|
|||||||
#include "crypto_onetimeauth_poly1305.h"
|
|
||||||
#include "crypto_secretbox_xchacha20poly1305.h"
|
|
||||||
#include "crypto_stream_xchacha20.h"
|
|
||||||
|
|
||||||
int
|
|
||||||
crypto_secretbox_xchacha20poly1305(unsigned char *c, const unsigned char *m,
|
|
||||||
unsigned long long mlen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *k)
|
|
||||||
{
|
|
||||||
int i;
|
|
||||||
|
|
||||||
if (mlen < 32) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
crypto_stream_xchacha20_xor(c, m, mlen, n, k);
|
|
||||||
crypto_onetimeauth_poly1305(c + 16, c + 32, mlen - 32, c);
|
|
||||||
for (i = 0; i < 16; ++i) {
|
|
||||||
c[i] = 0;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int
|
|
||||||
crypto_secretbox_xchacha20poly1305_open(unsigned char *m, const unsigned char *c,
|
|
||||||
unsigned long long clen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *k)
|
|
||||||
{
|
|
||||||
unsigned char subkey[32];
|
|
||||||
int i;
|
|
||||||
|
|
||||||
if (clen < 32) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
crypto_stream_xchacha20(subkey, 32, n, k);
|
|
||||||
if (crypto_onetimeauth_poly1305_verify(c + 16, c + 32,
|
|
||||||
clen - 32, subkey) != 0) {
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
crypto_stream_xchacha20_xor(m, c, clen, n, k);
|
|
||||||
for (i = 0; i < 32; ++i) {
|
|
||||||
m[i] = 0;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
@ -123,51 +123,6 @@ int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *
|
|||||||
const unsigned char *k)
|
const unsigned char *k)
|
||||||
__attribute__ ((warn_unused_result));
|
__attribute__ ((warn_unused_result));
|
||||||
|
|
||||||
/* -- NaCl-style interface ; Requires padding -- */
|
|
||||||
|
|
||||||
#define crypto_box_curve25519xchacha20poly1305_BOXZEROBYTES 16U
|
|
||||||
SODIUM_EXPORT
|
|
||||||
size_t crypto_box_curve25519xchacha20poly1305_boxzerobytes(void);
|
|
||||||
|
|
||||||
#define crypto_box_curve25519xchacha20poly1305_ZEROBYTES \
|
|
||||||
(crypto_box_curve25519xchacha20poly1305_BOXZEROBYTES + \
|
|
||||||
crypto_box_curve25519xchacha20poly1305_MACBYTES)
|
|
||||||
SODIUM_EXPORT
|
|
||||||
size_t crypto_box_curve25519xchacha20poly1305_zerobytes(void);
|
|
||||||
|
|
||||||
SODIUM_EXPORT
|
|
||||||
int crypto_box_curve25519xchacha20poly1305(unsigned char *c,
|
|
||||||
const unsigned char *m,
|
|
||||||
unsigned long long mlen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *pk,
|
|
||||||
const unsigned char *sk)
|
|
||||||
__attribute__ ((warn_unused_result));
|
|
||||||
|
|
||||||
SODIUM_EXPORT
|
|
||||||
int crypto_box_curve25519xchacha20poly1305_open(unsigned char *m,
|
|
||||||
const unsigned char *c,
|
|
||||||
unsigned long long clen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *pk,
|
|
||||||
const unsigned char *sk)
|
|
||||||
__attribute__ ((warn_unused_result));
|
|
||||||
|
|
||||||
SODIUM_EXPORT
|
|
||||||
int crypto_box_curve25519xchacha20poly1305_afternm(unsigned char *c,
|
|
||||||
const unsigned char *m,
|
|
||||||
unsigned long long mlen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *k);
|
|
||||||
|
|
||||||
SODIUM_EXPORT
|
|
||||||
int crypto_box_curve25519xchacha20poly1305_open_afternm(unsigned char *m,
|
|
||||||
const unsigned char *c,
|
|
||||||
unsigned long long clen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *k)
|
|
||||||
__attribute__ ((warn_unused_result));
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -55,33 +55,6 @@ int crypto_secretbox_xchacha20poly1305_open_detached(unsigned char *m,
|
|||||||
const unsigned char *k)
|
const unsigned char *k)
|
||||||
__attribute__ ((warn_unused_result));
|
__attribute__ ((warn_unused_result));
|
||||||
|
|
||||||
/* -- NaCl-like interface ; Requires padding -- */
|
|
||||||
|
|
||||||
#define crypto_secretbox_xchacha20poly1305_BOXZEROBYTES 16U
|
|
||||||
SODIUM_EXPORT
|
|
||||||
size_t crypto_secretbox_xchacha20poly1305_boxzerobytes(void);
|
|
||||||
|
|
||||||
#define crypto_secretbox_xchacha20poly1305_ZEROBYTES \
|
|
||||||
(crypto_secretbox_xchacha20poly1305_BOXZEROBYTES + \
|
|
||||||
crypto_secretbox_xchacha20poly1305_MACBYTES)
|
|
||||||
SODIUM_EXPORT
|
|
||||||
size_t crypto_secretbox_xchacha20poly1305_zerobytes(void);
|
|
||||||
|
|
||||||
SODIUM_EXPORT
|
|
||||||
int crypto_secretbox_xchacha20poly1305(unsigned char *c,
|
|
||||||
const unsigned char *m,
|
|
||||||
unsigned long long mlen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *k);
|
|
||||||
|
|
||||||
SODIUM_EXPORT
|
|
||||||
int crypto_secretbox_xchacha20poly1305_open(unsigned char *m,
|
|
||||||
const unsigned char *c,
|
|
||||||
unsigned long long clen,
|
|
||||||
const unsigned char *n,
|
|
||||||
const unsigned char *k)
|
|
||||||
__attribute__ ((warn_unused_result));
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -184,7 +184,6 @@ tv_secretbox_xchacha20poly1305(void)
|
|||||||
unsigned char *key;
|
unsigned char *key;
|
||||||
unsigned char *out;
|
unsigned char *out;
|
||||||
unsigned char *out2;
|
unsigned char *out2;
|
||||||
size_t box_len;
|
|
||||||
size_t m_len;
|
size_t m_len;
|
||||||
size_t out_len;
|
size_t out_len;
|
||||||
size_t n;
|
size_t n;
|
||||||
@ -239,41 +238,12 @@ tv_secretbox_xchacha20poly1305(void)
|
|||||||
sodium_free(out2);
|
sodium_free(out2);
|
||||||
sodium_free(m);
|
sodium_free(m);
|
||||||
}
|
}
|
||||||
|
|
||||||
m_len = randombytes_uniform(1000);
|
|
||||||
box_len = crypto_secretbox_xchacha20poly1305_ZEROBYTES + m_len;
|
|
||||||
m = (unsigned char *) sodium_malloc(box_len);
|
|
||||||
out = (unsigned char *) sodium_malloc(box_len);
|
|
||||||
randombytes_buf(m + crypto_secretbox_xchacha20poly1305_ZEROBYTES, m_len);
|
|
||||||
memset(m, 0, crypto_secretbox_xchacha20poly1305_ZEROBYTES);
|
|
||||||
crypto_secretbox_xchacha20poly1305(out, m, box_len, nonce, key);
|
|
||||||
assert(crypto_secretbox_xchacha20poly1305_open(out, out, box_len,
|
|
||||||
nonce, key) == 0);
|
|
||||||
assert(memcmp(out + crypto_secretbox_xchacha20poly1305_ZEROBYTES,
|
|
||||||
m + crypto_secretbox_xchacha20poly1305_ZEROBYTES, m_len) == 0);
|
|
||||||
crypto_secretbox_xchacha20poly1305(out, m, box_len,
|
|
||||||
nonce, key);
|
|
||||||
assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len, nonce, key) == 0);
|
|
||||||
nonce[0]++;
|
|
||||||
assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len, nonce, key) == -1);
|
|
||||||
nonce[0]--;
|
|
||||||
key[0]++;
|
|
||||||
assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len - 1, nonce, key) == -1);
|
|
||||||
key[0]--;
|
|
||||||
assert(crypto_secretbox_xchacha20poly1305_open(m, out, box_len - 1, nonce, key) == -1);
|
|
||||||
assert(crypto_secretbox_xchacha20poly1305_open(m, out, 0, nonce, key) == -1);
|
|
||||||
assert(crypto_secretbox_xchacha20poly1305_open(m, out, 1, nonce, key) == -1);
|
|
||||||
sodium_free(out);
|
|
||||||
sodium_free(m);
|
|
||||||
|
|
||||||
sodium_free(nonce);
|
sodium_free(nonce);
|
||||||
sodium_free(key);
|
sodium_free(key);
|
||||||
|
|
||||||
assert(crypto_secretbox_xchacha20poly1305_keybytes() == crypto_secretbox_xchacha20poly1305_KEYBYTES);
|
assert(crypto_secretbox_xchacha20poly1305_keybytes() == crypto_secretbox_xchacha20poly1305_KEYBYTES);
|
||||||
assert(crypto_secretbox_xchacha20poly1305_noncebytes() == crypto_secretbox_xchacha20poly1305_NONCEBYTES);
|
assert(crypto_secretbox_xchacha20poly1305_noncebytes() == crypto_secretbox_xchacha20poly1305_NONCEBYTES);
|
||||||
assert(crypto_secretbox_xchacha20poly1305_macbytes() == crypto_secretbox_xchacha20poly1305_MACBYTES);
|
assert(crypto_secretbox_xchacha20poly1305_macbytes() == crypto_secretbox_xchacha20poly1305_MACBYTES);
|
||||||
assert(crypto_secretbox_xchacha20poly1305_boxzerobytes() == crypto_secretbox_xchacha20poly1305_BOXZEROBYTES);
|
|
||||||
assert(crypto_secretbox_xchacha20poly1305_zerobytes() == crypto_secretbox_xchacha20poly1305_ZEROBYTES);
|
|
||||||
|
|
||||||
printf("tv_secretbox_xchacha20: ok\n");
|
printf("tv_secretbox_xchacha20: ok\n");
|
||||||
}
|
}
|
||||||
@ -364,6 +334,12 @@ tv_box_xchacha20poly1305(void)
|
|||||||
sodium_free(sk);
|
sodium_free(sk);
|
||||||
sodium_free(pk);
|
sodium_free(pk);
|
||||||
|
|
||||||
|
assert(crypto_box_curve25519xchacha20poly1305_seedbytes() == crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
|
||||||
|
assert(crypto_box_curve25519xchacha20poly1305_publickeybytes() == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
|
||||||
|
assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
|
||||||
|
assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
|
||||||
|
assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
|
||||||
|
|
||||||
printf("tv_box_xchacha20poly1305: ok\n");
|
printf("tv_box_xchacha20poly1305: ok\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user