From a7410966ea68a21cc004d40e4ba84fd44f2490ae Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Thu, 26 Jun 2014 08:48:13 -0700 Subject: [PATCH] Rename secretbox_chacha20poly1305() -> aead_chacha20poly1305() The tag is still at the end. This will be changed right after. --- .gitignore | 2 +- src/libsodium/Makefile.am | 2 +- .../chacha20poly1305/aead_chacha20poly1305.c | 150 ++++++++++++++++++ .../secretbox_chacha20poly1305.c | 150 ------------------ src/libsodium/include/Makefile.am | 2 +- src/libsodium/include/sodium.h | 2 +- .../sodium/crypto_aead_chacha20poly1305.h | 69 ++++++++ .../crypto_secretbox_chacha20poly1305.h | 72 --------- test/default/Makefile.am | 12 +- ...ha20poly1305.c => aead_chacha20poly1305.c} | 26 +-- ...poly1305.exp => aead_chacha20poly1305.exp} | 0 11 files changed, 242 insertions(+), 245 deletions(-) create mode 100644 src/libsodium/crypto_aead/chacha20poly1305/aead_chacha20poly1305.c delete mode 100644 src/libsodium/crypto_secretbox/chacha20poly1305/secretbox_chacha20poly1305.c create mode 100644 src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h delete mode 100644 src/libsodium/include/sodium/crypto_secretbox_chacha20poly1305.h rename test/default/{secretbox_chacha20poly1305.c => aead_chacha20poly1305.c} (54%) rename test/default/{secretbox_chacha20poly1305.exp => aead_chacha20poly1305.exp} (100%) diff --git a/.gitignore b/.gitignore index 95a8fd01..17c6590f 100644 --- a/.gitignore +++ b/.gitignore @@ -53,6 +53,7 @@ src/libsodium/include/sodium/version.h stamp-* test/default/*.res test/default/*.trs +test/default/aead_chacha20poly1305 test/default/auth test/default/auth2 test/default/auth3 @@ -89,7 +90,6 @@ test/default/scalarmult2 test/default/scalarmult5 test/default/scalarmult6 test/default/secretbox -test/default/secretbox_chacha20poly1305 test/default/secretbox2 test/default/secretbox7 test/default/secretbox8 diff --git a/src/libsodium/Makefile.am b/src/libsodium/Makefile.am index 933e889c..1751130d 100644 --- a/src/libsodium/Makefile.am +++ b/src/libsodium/Makefile.am @@ -2,6 +2,7 @@ lib_LTLIBRARIES = \ libsodium.la libsodium_la_SOURCES = \ + crypto_aead/chacha20poly1305/aead_chacha20poly1305.c \ crypto_auth/crypto_auth.c \ crypto_auth/hmacsha256/auth_hmacsha256_api.c \ crypto_auth/hmacsha256/cp/api.h \ @@ -71,7 +72,6 @@ libsodium_la_SOURCES = \ crypto_scalarmult/curve25519/scalarmult_curve25519_api.c \ crypto_secretbox/crypto_secretbox.c \ crypto_secretbox/crypto_secretbox_easy.c \ - crypto_secretbox/chacha20poly1305/secretbox_chacha20poly1305.c \ crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305_api.c \ crypto_secretbox/xsalsa20poly1305/ref/api.h \ crypto_secretbox/xsalsa20poly1305/ref/box_xsalsa20poly1305.c \ diff --git a/src/libsodium/crypto_aead/chacha20poly1305/aead_chacha20poly1305.c b/src/libsodium/crypto_aead/chacha20poly1305/aead_chacha20poly1305.c new file mode 100644 index 00000000..b6fd57c7 --- /dev/null +++ b/src/libsodium/crypto_aead/chacha20poly1305/aead_chacha20poly1305.c @@ -0,0 +1,150 @@ + +#include +#include + +#include "crypto_aead_chacha20poly1305.h" +#include "crypto_onetimeauth_poly1305.h" +#include "crypto_stream_chacha20.h" +#include "crypto_verify_16.h" +#include "utils.h" + +static inline void +_u64_le_from_ull(unsigned char out[8U], unsigned long long x) +{ + out[0] = (unsigned char) (x & 0xff); x >>= 8; + out[1] = (unsigned char) (x & 0xff); x >>= 8; + out[2] = (unsigned char) (x & 0xff); x >>= 8; + out[3] = (unsigned char) (x & 0xff); x >>= 8; + out[4] = (unsigned char) (x & 0xff); x >>= 8; + out[5] = (unsigned char) (x & 0xff); x >>= 8; + out[6] = (unsigned char) (x & 0xff); x >>= 8; + out[7] = (unsigned char) (x & 0xff); +} + +int +crypto_aead_chacha20poly1305_encrypt(unsigned char *c, + unsigned long long *clen, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *nsec, + const unsigned char *npub, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char slen[8U]; + +#ifdef ULONG_LONG_MAX + if (mlen > ULONG_LONG_MAX - crypto_aead_chacha20poly1305_ZEROBYTES) { + if (clen != NULL) { + *clen = 0ULL; + } + return -1; + } +#endif + crypto_stream_chacha20_xor_ic + (c + crypto_aead_chacha20poly1305_ZEROBYTES, m, mlen, npub, 1U, k); + + crypto_stream_chacha20(block0, sizeof block0, npub, k); + crypto_onetimeauth_poly1305_init(&state, block0); + sodium_memzero(block0, sizeof block0); + + crypto_onetimeauth_poly1305_update(&state, ad, adlen); + _u64_le_from_ull(slen, adlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_update + (&state, c + crypto_aead_chacha20poly1305_ZEROBYTES, mlen); + _u64_le_from_ull(slen, mlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_final(&state, c); + sodium_memzero(&state, sizeof state); + + if (clen != NULL) { + *clen = mlen + crypto_aead_chacha20poly1305_ZEROBYTES; + } + return 0; +} + +int +crypto_aead_chacha20poly1305_decrypt(unsigned char *m, + unsigned long long *mlen, + unsigned char *nsec, + const unsigned char *c, + unsigned long long clen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *npub, + const unsigned char *k) +{ + crypto_onetimeauth_poly1305_state state; + unsigned char block0[64U]; + unsigned char slen[8U]; + unsigned char mac[crypto_aead_chacha20poly1305_MACBYTES]; + int ret; + + if (mlen != NULL) { + *mlen = 0ULL; + } + if (clen < crypto_aead_chacha20poly1305_ZEROBYTES) { + return -1; + } + crypto_stream_chacha20(block0, sizeof block0, npub, k); + crypto_onetimeauth_poly1305_init(&state, block0); + sodium_memzero(block0, sizeof block0); + + crypto_onetimeauth_poly1305_update(&state, ad, adlen); + _u64_le_from_ull(slen, adlen); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_update + (&state, c + crypto_aead_chacha20poly1305_ZEROBYTES, + clen - crypto_aead_chacha20poly1305_ZEROBYTES); + _u64_le_from_ull(slen, clen - crypto_aead_chacha20poly1305_ZEROBYTES); + crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); + + crypto_onetimeauth_poly1305_final(&state, mac); + sodium_memzero(&state, sizeof state); + + ret = crypto_verify_16(mac, c); + sodium_memzero(mac, sizeof mac); + if (ret != 0) { + memset(m, 0, clen - crypto_aead_chacha20poly1305_ZEROBYTES); + return -1; + } + crypto_stream_chacha20_xor_ic + (m, c + crypto_aead_chacha20poly1305_ZEROBYTES, + clen - crypto_aead_chacha20poly1305_ZEROBYTES, npub, 1U, k); + if (mlen != NULL) { + *mlen = clen - crypto_aead_chacha20poly1305_ZEROBYTES; + } + return 0; +} + +size_t +crypto_aead_chacha20poly1305_keybytes(void) { + return crypto_aead_chacha20poly1305_KEYBYTES; +} + +size_t +crypto_aead_chacha20poly1305_npubbytes(void) { + return crypto_aead_chacha20poly1305_NPUBBYTES; +} + +size_t +crypto_aead_chacha20poly1305_nsecbytes(void) { + return crypto_aead_chacha20poly1305_NSECBYTES; +} + +size_t +crypto_aead_chacha20poly1305_abytes(void) { + return crypto_aead_chacha20poly1305_ABYTES; +} + +size_t +crypto_aead_chacha20poly1305_macbytes(void) { + return crypto_aead_chacha20poly1305_MACBYTES; +} diff --git a/src/libsodium/crypto_secretbox/chacha20poly1305/secretbox_chacha20poly1305.c b/src/libsodium/crypto_secretbox/chacha20poly1305/secretbox_chacha20poly1305.c deleted file mode 100644 index 74af57ab..00000000 --- a/src/libsodium/crypto_secretbox/chacha20poly1305/secretbox_chacha20poly1305.c +++ /dev/null @@ -1,150 +0,0 @@ - -#include - -#include "crypto_onetimeauth_poly1305.h" -#include "crypto_secretbox_chacha20poly1305.h" -#include "crypto_stream_chacha20.h" -#include "crypto_verify_16.h" -#include "utils.h" - -static inline void -_u64_le_from_ull(unsigned char out[8U], unsigned long long x) -{ - out[0] = (unsigned char) (x & 0xff); x >>= 8; - out[1] = (unsigned char) (x & 0xff); x >>= 8; - out[2] = (unsigned char) (x & 0xff); x >>= 8; - out[3] = (unsigned char) (x & 0xff); x >>= 8; - out[4] = (unsigned char) (x & 0xff); x >>= 8; - out[5] = (unsigned char) (x & 0xff); x >>= 8; - out[6] = (unsigned char) (x & 0xff); x >>= 8; - out[7] = (unsigned char) (x & 0xff); -} - -int -crypto_secretbox_chacha20poly1305_ad(unsigned char *c, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *n, - const unsigned char *k) -{ - crypto_onetimeauth_poly1305_state state; - unsigned char block0[64U]; - unsigned char slen[8U]; - - crypto_stream_chacha20_xor_ic - (c + crypto_secretbox_chacha20poly1305_ZEROBYTES, m, mlen, n, 1U, k); - - crypto_stream_chacha20(block0, sizeof block0, n, k); - crypto_onetimeauth_poly1305_init(&state, block0); - sodium_memzero(block0, sizeof block0); - - crypto_onetimeauth_poly1305_update(&state, ad, adlen); - _u64_le_from_ull(slen, adlen); - crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); - - crypto_onetimeauth_poly1305_update - (&state, c + crypto_secretbox_chacha20poly1305_ZEROBYTES, mlen); - _u64_le_from_ull(slen, mlen); - crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); - - crypto_onetimeauth_poly1305_final(&state, c); - sodium_memzero(&state, sizeof state); - - return 0; -} - -int -crypto_secretbox_chacha20poly1305(unsigned char *c, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *n, - const unsigned char *k) -{ - return crypto_secretbox_chacha20poly1305_ad(c, m, mlen, NULL, 0ULL, n, k); -} - -int -crypto_secretbox_chacha20poly1305_ad_open(unsigned char *m, - const unsigned char *c, - unsigned long long clen, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *n, - const unsigned char *k) -{ - crypto_onetimeauth_poly1305_state state; - unsigned char block0[64U]; - unsigned char slen[8U]; - unsigned char mac[crypto_secretbox_chacha20poly1305_MACBYTES]; - int ret; - - if (clen < crypto_secretbox_chacha20poly1305_ZEROBYTES) { - return -1; - } - crypto_stream_chacha20(block0, sizeof block0, n, k); - crypto_onetimeauth_poly1305_init(&state, block0); - sodium_memzero(block0, sizeof block0); - - crypto_onetimeauth_poly1305_update(&state, ad, adlen); - _u64_le_from_ull(slen, adlen); - crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); - - crypto_onetimeauth_poly1305_update - (&state, c + crypto_secretbox_chacha20poly1305_ZEROBYTES, - clen - crypto_secretbox_chacha20poly1305_ZEROBYTES); - _u64_le_from_ull(slen, clen - crypto_secretbox_chacha20poly1305_ZEROBYTES); - crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen); - - crypto_onetimeauth_poly1305_final(&state, mac); - sodium_memzero(&state, sizeof state); - - ret = crypto_verify_16(mac, c); - sodium_memzero(mac, sizeof mac); - if (ret != 0) { - memset(m, 0, clen - crypto_secretbox_chacha20poly1305_ZEROBYTES); - return -1; - } - crypto_stream_chacha20_xor_ic - (m, c + crypto_secretbox_chacha20poly1305_ZEROBYTES, - clen - crypto_secretbox_chacha20poly1305_ZEROBYTES, n, 1U, k); - - return 0; -} - -int -crypto_secretbox_chacha20poly1305_open(unsigned char *m, - const unsigned char *c, - unsigned long long clen, - const unsigned char *n, - const unsigned char *k) -{ - return crypto_secretbox_chacha20poly1305_ad_open(m, c, clen, - NULL, 0ULL, n, k); -} - -size_t -crypto_secretbox_chacha20poly1305_keybytes(void) { - return crypto_secretbox_chacha20poly1305_KEYBYTES; -} - -size_t -crypto_secretbox_chacha20poly1305_noncebytes(void) { - return crypto_secretbox_chacha20poly1305_NONCEBYTES; -} - -size_t -crypto_secretbox_chacha20poly1305_zerobytes(void) { - return crypto_secretbox_chacha20poly1305_ZEROBYTES; -} - -size_t -crypto_secretbox_chacha20poly1305_boxzerobytes(void) { - return crypto_secretbox_chacha20poly1305_BOXZEROBYTES; -} - -size_t -crypto_secretbox_chacha20poly1305_macbytes(void) { - return crypto_secretbox_chacha20poly1305_MACBYTES; -} diff --git a/src/libsodium/include/Makefile.am b/src/libsodium/include/Makefile.am index 298b7df7..45a82d79 100644 --- a/src/libsodium/include/Makefile.am +++ b/src/libsodium/include/Makefile.am @@ -2,6 +2,7 @@ SODIUM_EXPORT = \ sodium.h \ sodium/core.h \ + sodium/crypto_aead_chacha20poly1305.h \ sodium/crypto_auth.h \ sodium/crypto_auth_hmacsha256.h \ sodium/crypto_auth_hmacsha512.h \ @@ -23,7 +24,6 @@ SODIUM_EXPORT = \ sodium/crypto_scalarmult.h \ sodium/crypto_scalarmult_curve25519.h \ sodium/crypto_secretbox.h \ - sodium/crypto_secretbox_chacha20poly1305.h \ sodium/crypto_secretbox_xsalsa20poly1305.h \ sodium/crypto_shorthash.h \ sodium/crypto_shorthash_siphash24.h \ diff --git a/src/libsodium/include/sodium.h b/src/libsodium/include/sodium.h index 49092c65..dcb6b45e 100644 --- a/src/libsodium/include/sodium.h +++ b/src/libsodium/include/sodium.h @@ -3,6 +3,7 @@ #define __SODIUM_H__ #include +#include #include #include #include @@ -24,7 +25,6 @@ #include #include #include -#include #include #include #include diff --git a/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h b/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h new file mode 100644 index 00000000..139f1f6f --- /dev/null +++ b/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h @@ -0,0 +1,69 @@ +#ifndef crypto_aead_chacha20poly1305_H +#define crypto_aead_chacha20poly1305_H + +#include +#include "export.h" + +#ifdef __cplusplus +# if __GNUC__ +# pragma GCC diagnostic ignored "-Wlong-long" +# endif +extern "C" { +#endif + +#define crypto_aead_chacha20poly1305_KEYBYTES 32U +SODIUM_EXPORT +size_t crypto_aead_chacha20poly1305_keybytes(void); + +#define crypto_aead_chacha20poly1305_NSECBYTES 0U +SODIUM_EXPORT +size_t crypto_aead_chacha20poly1305_nsecbytes(void); + +#define crypto_aead_chacha20poly1305_NPUBBYTES 8U +SODIUM_EXPORT +size_t crypto_aead_chacha20poly1305_npubbytes(void); + +#define crypto_aead_chacha20poly1305_ZEROBYTES 16U +SODIUM_EXPORT +size_t crypto_aead_chacha20poly1305_zerobytes(void); + +#define crypto_aead_chacha20poly1305_BOXZEROBYTES 0U +SODIUM_EXPORT +size_t crypto_aead_chacha20poly1305_boxzerobytes(void); + +#define crypto_aead_chacha20poly1305_MACBYTES \ + (crypto_aead_chacha20poly1305_ZEROBYTES - \ + crypto_aead_chacha20poly1305_BOXZEROBYTES) +SODIUM_EXPORT +size_t crypto_aead_chacha20poly1305_macbytes(void); + +#define crypto_aead_chacha20poly1305_ABYTES 0U +SODIUM_EXPORT +size_t crypto_aead_chacha20poly1305_abytes(void); + +SODIUM_EXPORT +int crypto_aead_chacha20poly1305_encrypt(unsigned char *c, + unsigned long long *clen, + const unsigned char *m, + unsigned long long mlen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *nsec, + const unsigned char *npub, + const unsigned char *k); + +SODIUM_EXPORT +int crypto_aead_chacha20poly1305_decrypt(unsigned char *m, + unsigned long long *mlen, + unsigned char *nsec, + const unsigned char *c, + unsigned long long clen, + const unsigned char *ad, + unsigned long long adlen, + const unsigned char *npub, + const unsigned char *k); +#ifdef __cplusplus +} +#endif + +#endif diff --git a/src/libsodium/include/sodium/crypto_secretbox_chacha20poly1305.h b/src/libsodium/include/sodium/crypto_secretbox_chacha20poly1305.h deleted file mode 100644 index 349a7198..00000000 --- a/src/libsodium/include/sodium/crypto_secretbox_chacha20poly1305.h +++ /dev/null @@ -1,72 +0,0 @@ -#ifndef crypto_secretbox_chacha20poly1305_H -#define crypto_secretbox_chacha20poly1305_H - -#include -#include "export.h" - -#ifdef __cplusplus -# if __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -#define crypto_secretbox_chacha20poly1305_KEYBYTES 32U -SODIUM_EXPORT -size_t crypto_secretbox_chacha20poly1305_keybytes(void); - -#define crypto_secretbox_chacha20poly1305_NONCEBYTES 8U -SODIUM_EXPORT -size_t crypto_secretbox_chacha20poly1305_noncebytes(void); - -#define crypto_secretbox_chacha20poly1305_ZEROBYTES 16U -SODIUM_EXPORT -size_t crypto_secretbox_chacha20poly1305_zerobytes(void); - -#define crypto_secretbox_chacha20poly1305_BOXZEROBYTES 0U -SODIUM_EXPORT -size_t crypto_secretbox_chacha20poly1305_boxzerobytes(void); - -#define crypto_secretbox_chacha20poly1305_MACBYTES \ - (crypto_secretbox_chacha20poly1305_ZEROBYTES - \ - crypto_secretbox_chacha20poly1305_BOXZEROBYTES) -SODIUM_EXPORT -size_t crypto_secretbox_chacha20poly1305_macbytes(void); - -SODIUM_EXPORT -int crypto_secretbox_chacha20poly1305(unsigned char *c, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *n, - const unsigned char *k); - -SODIUM_EXPORT -int crypto_secretbox_chacha20poly1305_open(unsigned char *m, - const unsigned char *c, - unsigned long long clen, - const unsigned char *n, - const unsigned char *k); - - -SODIUM_EXPORT -int crypto_secretbox_chacha20poly1305_ad(unsigned char *c, - const unsigned char *m, - unsigned long long mlen, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *n, - const unsigned char *k); - -SODIUM_EXPORT -int crypto_secretbox_chacha20poly1305_ad_open(unsigned char *m, - const unsigned char *c, - unsigned long long clen, - const unsigned char *ad, - unsigned long long adlen, - const unsigned char *n, - const unsigned char *k); -#ifdef __cplusplus -} -#endif - -#endif diff --git a/test/default/Makefile.am b/test/default/Makefile.am index 8ba6e4a7..ee1eb43c 100644 --- a/test/default/Makefile.am +++ b/test/default/Makefile.am @@ -2,6 +2,7 @@ EXTRA_DIST = \ cmptest.h \ wintest.bat \ + aead_chacha20poly1305.exp \ auth.exp \ auth2.exp \ auth3.exp \ @@ -38,7 +39,6 @@ EXTRA_DIST = \ scalarmult5.exp \ scalarmult6.exp \ secretbox.exp \ - secretbox_chacha20poly1305.exp \ secretbox2.exp \ secretbox7.exp \ secretbox8.exp \ @@ -58,6 +58,7 @@ EXTRA_DIST = \ verify1.exp DISTCLEANFILES = \ + aead_chacha20poly1305.res \ auth.res \ auth2.res \ auth3.res \ @@ -94,7 +95,6 @@ DISTCLEANFILES = \ scalarmult5.res \ scalarmult6.res \ secretbox.res \ - secretbox_chacha20poly1305.res \ secretbox2.res \ secretbox7.res \ secretbox8.res \ @@ -122,6 +122,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/test/quirks TESTS_TARGETS = \ + aead_chacha20poly1305 \ auth \ auth2 \ auth3 \ @@ -158,7 +159,6 @@ TESTS_TARGETS = \ scalarmult5 \ scalarmult6 \ secretbox \ - secretbox_chacha20poly1305 \ secretbox2 \ secretbox7 \ secretbox8 \ @@ -184,6 +184,9 @@ TESTS = $(TESTS_TARGETS) TESTS_LDADD = \ ${top_builddir}/src/libsodium/libsodium.la +aead_chacha20poly1305_SOURCE = cmptest.h aead_chacha20poly1305.c +aead_chacha20poly1305_LDADD = $(TESTS_LDADD) + auth_SOURCE = cmptest.h auth.c auth_LDADD = $(TESTS_LDADD) @@ -292,9 +295,6 @@ scalarmult6_LDADD = $(TESTS_LDADD) secretbox_SOURCE = cmptest.h secretbox.c secretbox_LDADD = $(TESTS_LDADD) -secretbox_chacha20poly1305_SOURCE = cmptest.h secretbox_chacha20poly1305.c -secretbox_chacha20poly1305_LDADD = $(TESTS_LDADD) - secretbox2_SOURCE = cmptest.h secretbox2.c secretbox2_LDADD = $(TESTS_LDADD) diff --git a/test/default/secretbox_chacha20poly1305.c b/test/default/aead_chacha20poly1305.c similarity index 54% rename from test/default/secretbox_chacha20poly1305.c rename to test/default/aead_chacha20poly1305.c index 145a2295..00a0ef77 100644 --- a/test/default/secretbox_chacha20poly1305.c +++ b/test/default/aead_chacha20poly1305.c @@ -1,10 +1,10 @@ #include #include -#define TEST_NAME "secretbox_chacha20poly1305" +#define TEST_NAME "aead_chacha20poly1305" #include "cmptest.h" -static unsigned char firstkey[crypto_secretbox_chacha20poly1305_KEYBYTES] = { +static unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES] = { 0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf, 0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27, 0x2a, 0xfa, @@ -15,7 +15,7 @@ static unsigned char m[10U] = { 0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca }; -static unsigned char nonce[crypto_secretbox_chacha20poly1305_NONCEBYTES] = { +static unsigned char nonce[crypto_aead_chacha20poly1305_NPUBBYTES] = { 0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a }; @@ -23,15 +23,15 @@ static unsigned char ad[10U] = { 0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0 }; -static unsigned char c[10U + crypto_secretbox_chacha20poly1305_ZEROBYTES]; +static unsigned char c[10U + crypto_aead_chacha20poly1305_ZEROBYTES]; int main(void) { unsigned char m2[10U]; size_t i; - crypto_secretbox_chacha20poly1305_ad(c, m, sizeof m, ad, sizeof ad, - nonce, firstkey); + crypto_aead_chacha20poly1305_encrypt(c, NULL, m, sizeof m, ad, sizeof ad, + NULL, nonce, firstkey); for (i = 0U; i < sizeof c; ++i) { printf(",0x%02x", (unsigned int) c[i]); if (i % 8 == 7) { @@ -40,10 +40,10 @@ int main(void) } printf("\n"); - if (crypto_secretbox_chacha20poly1305_ad_open(m2, c, sizeof c, - ad, sizeof ad, - nonce, firstkey) != 0) { - printf("crypto_secretbox_chacha20poly1305_ad_open() failed\n"); + if (crypto_aead_chacha20poly1305_decrypt(m2, NULL, NULL, c, sizeof c, + ad, sizeof ad, + nonce, firstkey) != 0) { + printf("crypto_aead_chacha20poly1305_ad_open() failed\n"); } if (memcmp(m, m2, sizeof m) != 0) { printf("m != m2\n"); @@ -51,9 +51,9 @@ int main(void) for (i = 0U; i < sizeof c; i++) { c[i] ^= (i + 1U); - if (crypto_secretbox_chacha20poly1305_ad_open(m2, c, sizeof c, - ad, sizeof ad, - nonce, firstkey) == 0 || + if (crypto_aead_chacha20poly1305_decrypt(m2, NULL, NULL, c, sizeof c, + ad, sizeof ad, + nonce, firstkey) == 0 || memcmp(m, m2, sizeof m) == 0) { printf("message can be forged\n"); } diff --git a/test/default/secretbox_chacha20poly1305.exp b/test/default/aead_chacha20poly1305.exp similarity index 100% rename from test/default/secretbox_chacha20poly1305.exp rename to test/default/aead_chacha20poly1305.exp