Rename secretbox_chacha20poly1305() -> aead_chacha20poly1305()

The tag is still at the end. This will be changed right after.
This commit is contained in:
Frank Denis 2014-06-26 08:48:13 -07:00
parent d983bbe860
commit a7410966ea
11 changed files with 242 additions and 245 deletions

2
.gitignore vendored
View File

@ -53,6 +53,7 @@ src/libsodium/include/sodium/version.h
stamp-*
test/default/*.res
test/default/*.trs
test/default/aead_chacha20poly1305
test/default/auth
test/default/auth2
test/default/auth3
@ -89,7 +90,6 @@ test/default/scalarmult2
test/default/scalarmult5
test/default/scalarmult6
test/default/secretbox
test/default/secretbox_chacha20poly1305
test/default/secretbox2
test/default/secretbox7
test/default/secretbox8

View File

@ -2,6 +2,7 @@ lib_LTLIBRARIES = \
libsodium.la
libsodium_la_SOURCES = \
crypto_aead/chacha20poly1305/aead_chacha20poly1305.c \
crypto_auth/crypto_auth.c \
crypto_auth/hmacsha256/auth_hmacsha256_api.c \
crypto_auth/hmacsha256/cp/api.h \
@ -71,7 +72,6 @@ libsodium_la_SOURCES = \
crypto_scalarmult/curve25519/scalarmult_curve25519_api.c \
crypto_secretbox/crypto_secretbox.c \
crypto_secretbox/crypto_secretbox_easy.c \
crypto_secretbox/chacha20poly1305/secretbox_chacha20poly1305.c \
crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305_api.c \
crypto_secretbox/xsalsa20poly1305/ref/api.h \
crypto_secretbox/xsalsa20poly1305/ref/box_xsalsa20poly1305.c \

View File

@ -0,0 +1,150 @@
#include <limits.h>
#include <string.h>
#include "crypto_aead_chacha20poly1305.h"
#include "crypto_onetimeauth_poly1305.h"
#include "crypto_stream_chacha20.h"
#include "crypto_verify_16.h"
#include "utils.h"
static inline void
_u64_le_from_ull(unsigned char out[8U], unsigned long long x)
{
out[0] = (unsigned char) (x & 0xff); x >>= 8;
out[1] = (unsigned char) (x & 0xff); x >>= 8;
out[2] = (unsigned char) (x & 0xff); x >>= 8;
out[3] = (unsigned char) (x & 0xff); x >>= 8;
out[4] = (unsigned char) (x & 0xff); x >>= 8;
out[5] = (unsigned char) (x & 0xff); x >>= 8;
out[6] = (unsigned char) (x & 0xff); x >>= 8;
out[7] = (unsigned char) (x & 0xff);
}
int
crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
unsigned long long *clen,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k)
{
crypto_onetimeauth_poly1305_state state;
unsigned char block0[64U];
unsigned char slen[8U];
#ifdef ULONG_LONG_MAX
if (mlen > ULONG_LONG_MAX - crypto_aead_chacha20poly1305_ZEROBYTES) {
if (clen != NULL) {
*clen = 0ULL;
}
return -1;
}
#endif
crypto_stream_chacha20_xor_ic
(c + crypto_aead_chacha20poly1305_ZEROBYTES, m, mlen, npub, 1U, k);
crypto_stream_chacha20(block0, sizeof block0, npub, k);
crypto_onetimeauth_poly1305_init(&state, block0);
sodium_memzero(block0, sizeof block0);
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
_u64_le_from_ull(slen, adlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_update
(&state, c + crypto_aead_chacha20poly1305_ZEROBYTES, mlen);
_u64_le_from_ull(slen, mlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_final(&state, c);
sodium_memzero(&state, sizeof state);
if (clen != NULL) {
*clen = mlen + crypto_aead_chacha20poly1305_ZEROBYTES;
}
return 0;
}
int
crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
unsigned long long *mlen,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k)
{
crypto_onetimeauth_poly1305_state state;
unsigned char block0[64U];
unsigned char slen[8U];
unsigned char mac[crypto_aead_chacha20poly1305_MACBYTES];
int ret;
if (mlen != NULL) {
*mlen = 0ULL;
}
if (clen < crypto_aead_chacha20poly1305_ZEROBYTES) {
return -1;
}
crypto_stream_chacha20(block0, sizeof block0, npub, k);
crypto_onetimeauth_poly1305_init(&state, block0);
sodium_memzero(block0, sizeof block0);
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
_u64_le_from_ull(slen, adlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_update
(&state, c + crypto_aead_chacha20poly1305_ZEROBYTES,
clen - crypto_aead_chacha20poly1305_ZEROBYTES);
_u64_le_from_ull(slen, clen - crypto_aead_chacha20poly1305_ZEROBYTES);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_final(&state, mac);
sodium_memzero(&state, sizeof state);
ret = crypto_verify_16(mac, c);
sodium_memzero(mac, sizeof mac);
if (ret != 0) {
memset(m, 0, clen - crypto_aead_chacha20poly1305_ZEROBYTES);
return -1;
}
crypto_stream_chacha20_xor_ic
(m, c + crypto_aead_chacha20poly1305_ZEROBYTES,
clen - crypto_aead_chacha20poly1305_ZEROBYTES, npub, 1U, k);
if (mlen != NULL) {
*mlen = clen - crypto_aead_chacha20poly1305_ZEROBYTES;
}
return 0;
}
size_t
crypto_aead_chacha20poly1305_keybytes(void) {
return crypto_aead_chacha20poly1305_KEYBYTES;
}
size_t
crypto_aead_chacha20poly1305_npubbytes(void) {
return crypto_aead_chacha20poly1305_NPUBBYTES;
}
size_t
crypto_aead_chacha20poly1305_nsecbytes(void) {
return crypto_aead_chacha20poly1305_NSECBYTES;
}
size_t
crypto_aead_chacha20poly1305_abytes(void) {
return crypto_aead_chacha20poly1305_ABYTES;
}
size_t
crypto_aead_chacha20poly1305_macbytes(void) {
return crypto_aead_chacha20poly1305_MACBYTES;
}

View File

@ -1,150 +0,0 @@
#include <string.h>
#include "crypto_onetimeauth_poly1305.h"
#include "crypto_secretbox_chacha20poly1305.h"
#include "crypto_stream_chacha20.h"
#include "crypto_verify_16.h"
#include "utils.h"
static inline void
_u64_le_from_ull(unsigned char out[8U], unsigned long long x)
{
out[0] = (unsigned char) (x & 0xff); x >>= 8;
out[1] = (unsigned char) (x & 0xff); x >>= 8;
out[2] = (unsigned char) (x & 0xff); x >>= 8;
out[3] = (unsigned char) (x & 0xff); x >>= 8;
out[4] = (unsigned char) (x & 0xff); x >>= 8;
out[5] = (unsigned char) (x & 0xff); x >>= 8;
out[6] = (unsigned char) (x & 0xff); x >>= 8;
out[7] = (unsigned char) (x & 0xff);
}
int
crypto_secretbox_chacha20poly1305_ad(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *n,
const unsigned char *k)
{
crypto_onetimeauth_poly1305_state state;
unsigned char block0[64U];
unsigned char slen[8U];
crypto_stream_chacha20_xor_ic
(c + crypto_secretbox_chacha20poly1305_ZEROBYTES, m, mlen, n, 1U, k);
crypto_stream_chacha20(block0, sizeof block0, n, k);
crypto_onetimeauth_poly1305_init(&state, block0);
sodium_memzero(block0, sizeof block0);
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
_u64_le_from_ull(slen, adlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_update
(&state, c + crypto_secretbox_chacha20poly1305_ZEROBYTES, mlen);
_u64_le_from_ull(slen, mlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_final(&state, c);
sodium_memzero(&state, sizeof state);
return 0;
}
int
crypto_secretbox_chacha20poly1305(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k)
{
return crypto_secretbox_chacha20poly1305_ad(c, m, mlen, NULL, 0ULL, n, k);
}
int
crypto_secretbox_chacha20poly1305_ad_open(unsigned char *m,
const unsigned char *c,
unsigned long long clen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *n,
const unsigned char *k)
{
crypto_onetimeauth_poly1305_state state;
unsigned char block0[64U];
unsigned char slen[8U];
unsigned char mac[crypto_secretbox_chacha20poly1305_MACBYTES];
int ret;
if (clen < crypto_secretbox_chacha20poly1305_ZEROBYTES) {
return -1;
}
crypto_stream_chacha20(block0, sizeof block0, n, k);
crypto_onetimeauth_poly1305_init(&state, block0);
sodium_memzero(block0, sizeof block0);
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
_u64_le_from_ull(slen, adlen);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_update
(&state, c + crypto_secretbox_chacha20poly1305_ZEROBYTES,
clen - crypto_secretbox_chacha20poly1305_ZEROBYTES);
_u64_le_from_ull(slen, clen - crypto_secretbox_chacha20poly1305_ZEROBYTES);
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
crypto_onetimeauth_poly1305_final(&state, mac);
sodium_memzero(&state, sizeof state);
ret = crypto_verify_16(mac, c);
sodium_memzero(mac, sizeof mac);
if (ret != 0) {
memset(m, 0, clen - crypto_secretbox_chacha20poly1305_ZEROBYTES);
return -1;
}
crypto_stream_chacha20_xor_ic
(m, c + crypto_secretbox_chacha20poly1305_ZEROBYTES,
clen - crypto_secretbox_chacha20poly1305_ZEROBYTES, n, 1U, k);
return 0;
}
int
crypto_secretbox_chacha20poly1305_open(unsigned char *m,
const unsigned char *c,
unsigned long long clen,
const unsigned char *n,
const unsigned char *k)
{
return crypto_secretbox_chacha20poly1305_ad_open(m, c, clen,
NULL, 0ULL, n, k);
}
size_t
crypto_secretbox_chacha20poly1305_keybytes(void) {
return crypto_secretbox_chacha20poly1305_KEYBYTES;
}
size_t
crypto_secretbox_chacha20poly1305_noncebytes(void) {
return crypto_secretbox_chacha20poly1305_NONCEBYTES;
}
size_t
crypto_secretbox_chacha20poly1305_zerobytes(void) {
return crypto_secretbox_chacha20poly1305_ZEROBYTES;
}
size_t
crypto_secretbox_chacha20poly1305_boxzerobytes(void) {
return crypto_secretbox_chacha20poly1305_BOXZEROBYTES;
}
size_t
crypto_secretbox_chacha20poly1305_macbytes(void) {
return crypto_secretbox_chacha20poly1305_MACBYTES;
}

View File

@ -2,6 +2,7 @@
SODIUM_EXPORT = \
sodium.h \
sodium/core.h \
sodium/crypto_aead_chacha20poly1305.h \
sodium/crypto_auth.h \
sodium/crypto_auth_hmacsha256.h \
sodium/crypto_auth_hmacsha512.h \
@ -23,7 +24,6 @@ SODIUM_EXPORT = \
sodium/crypto_scalarmult.h \
sodium/crypto_scalarmult_curve25519.h \
sodium/crypto_secretbox.h \
sodium/crypto_secretbox_chacha20poly1305.h \
sodium/crypto_secretbox_xsalsa20poly1305.h \
sodium/crypto_shorthash.h \
sodium/crypto_shorthash_siphash24.h \

View File

@ -3,6 +3,7 @@
#define __SODIUM_H__
#include <sodium/core.h>
#include <sodium/crypto_aead_chacha20poly1305.h>
#include <sodium/crypto_auth.h>
#include <sodium/crypto_auth_hmacsha256.h>
#include <sodium/crypto_auth_hmacsha512.h>
@ -24,7 +25,6 @@
#include <sodium/crypto_scalarmult.h>
#include <sodium/crypto_scalarmult_curve25519.h>
#include <sodium/crypto_secretbox.h>
#include <sodium/crypto_secretbox_chacha20poly1305.h>
#include <sodium/crypto_secretbox_xsalsa20poly1305.h>
#include <sodium/crypto_shorthash.h>
#include <sodium/crypto_shorthash_siphash24.h>

View File

@ -0,0 +1,69 @@
#ifndef crypto_aead_chacha20poly1305_H
#define crypto_aead_chacha20poly1305_H
#include <stddef.h>
#include "export.h"
#ifdef __cplusplus
# if __GNUC__
# pragma GCC diagnostic ignored "-Wlong-long"
# endif
extern "C" {
#endif
#define crypto_aead_chacha20poly1305_KEYBYTES 32U
SODIUM_EXPORT
size_t crypto_aead_chacha20poly1305_keybytes(void);
#define crypto_aead_chacha20poly1305_NSECBYTES 0U
SODIUM_EXPORT
size_t crypto_aead_chacha20poly1305_nsecbytes(void);
#define crypto_aead_chacha20poly1305_NPUBBYTES 8U
SODIUM_EXPORT
size_t crypto_aead_chacha20poly1305_npubbytes(void);
#define crypto_aead_chacha20poly1305_ZEROBYTES 16U
SODIUM_EXPORT
size_t crypto_aead_chacha20poly1305_zerobytes(void);
#define crypto_aead_chacha20poly1305_BOXZEROBYTES 0U
SODIUM_EXPORT
size_t crypto_aead_chacha20poly1305_boxzerobytes(void);
#define crypto_aead_chacha20poly1305_MACBYTES \
(crypto_aead_chacha20poly1305_ZEROBYTES - \
crypto_aead_chacha20poly1305_BOXZEROBYTES)
SODIUM_EXPORT
size_t crypto_aead_chacha20poly1305_macbytes(void);
#define crypto_aead_chacha20poly1305_ABYTES 0U
SODIUM_EXPORT
size_t crypto_aead_chacha20poly1305_abytes(void);
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
unsigned long long *clen,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *nsec,
const unsigned char *npub,
const unsigned char *k);
SODIUM_EXPORT
int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
unsigned long long *mlen,
unsigned char *nsec,
const unsigned char *c,
unsigned long long clen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *npub,
const unsigned char *k);
#ifdef __cplusplus
}
#endif
#endif

View File

@ -1,72 +0,0 @@
#ifndef crypto_secretbox_chacha20poly1305_H
#define crypto_secretbox_chacha20poly1305_H
#include <stddef.h>
#include "export.h"
#ifdef __cplusplus
# if __GNUC__
# pragma GCC diagnostic ignored "-Wlong-long"
# endif
extern "C" {
#endif
#define crypto_secretbox_chacha20poly1305_KEYBYTES 32U
SODIUM_EXPORT
size_t crypto_secretbox_chacha20poly1305_keybytes(void);
#define crypto_secretbox_chacha20poly1305_NONCEBYTES 8U
SODIUM_EXPORT
size_t crypto_secretbox_chacha20poly1305_noncebytes(void);
#define crypto_secretbox_chacha20poly1305_ZEROBYTES 16U
SODIUM_EXPORT
size_t crypto_secretbox_chacha20poly1305_zerobytes(void);
#define crypto_secretbox_chacha20poly1305_BOXZEROBYTES 0U
SODIUM_EXPORT
size_t crypto_secretbox_chacha20poly1305_boxzerobytes(void);
#define crypto_secretbox_chacha20poly1305_MACBYTES \
(crypto_secretbox_chacha20poly1305_ZEROBYTES - \
crypto_secretbox_chacha20poly1305_BOXZEROBYTES)
SODIUM_EXPORT
size_t crypto_secretbox_chacha20poly1305_macbytes(void);
SODIUM_EXPORT
int crypto_secretbox_chacha20poly1305(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *n,
const unsigned char *k);
SODIUM_EXPORT
int crypto_secretbox_chacha20poly1305_open(unsigned char *m,
const unsigned char *c,
unsigned long long clen,
const unsigned char *n,
const unsigned char *k);
SODIUM_EXPORT
int crypto_secretbox_chacha20poly1305_ad(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *n,
const unsigned char *k);
SODIUM_EXPORT
int crypto_secretbox_chacha20poly1305_ad_open(unsigned char *m,
const unsigned char *c,
unsigned long long clen,
const unsigned char *ad,
unsigned long long adlen,
const unsigned char *n,
const unsigned char *k);
#ifdef __cplusplus
}
#endif
#endif

View File

@ -2,6 +2,7 @@
EXTRA_DIST = \
cmptest.h \
wintest.bat \
aead_chacha20poly1305.exp \
auth.exp \
auth2.exp \
auth3.exp \
@ -38,7 +39,6 @@ EXTRA_DIST = \
scalarmult5.exp \
scalarmult6.exp \
secretbox.exp \
secretbox_chacha20poly1305.exp \
secretbox2.exp \
secretbox7.exp \
secretbox8.exp \
@ -58,6 +58,7 @@ EXTRA_DIST = \
verify1.exp
DISTCLEANFILES = \
aead_chacha20poly1305.res \
auth.res \
auth2.res \
auth3.res \
@ -94,7 +95,6 @@ DISTCLEANFILES = \
scalarmult5.res \
scalarmult6.res \
secretbox.res \
secretbox_chacha20poly1305.res \
secretbox2.res \
secretbox7.res \
secretbox8.res \
@ -122,6 +122,7 @@ AM_CPPFLAGS = \
-I$(top_srcdir)/test/quirks
TESTS_TARGETS = \
aead_chacha20poly1305 \
auth \
auth2 \
auth3 \
@ -158,7 +159,6 @@ TESTS_TARGETS = \
scalarmult5 \
scalarmult6 \
secretbox \
secretbox_chacha20poly1305 \
secretbox2 \
secretbox7 \
secretbox8 \
@ -184,6 +184,9 @@ TESTS = $(TESTS_TARGETS)
TESTS_LDADD = \
${top_builddir}/src/libsodium/libsodium.la
aead_chacha20poly1305_SOURCE = cmptest.h aead_chacha20poly1305.c
aead_chacha20poly1305_LDADD = $(TESTS_LDADD)
auth_SOURCE = cmptest.h auth.c
auth_LDADD = $(TESTS_LDADD)
@ -292,9 +295,6 @@ scalarmult6_LDADD = $(TESTS_LDADD)
secretbox_SOURCE = cmptest.h secretbox.c
secretbox_LDADD = $(TESTS_LDADD)
secretbox_chacha20poly1305_SOURCE = cmptest.h secretbox_chacha20poly1305.c
secretbox_chacha20poly1305_LDADD = $(TESTS_LDADD)
secretbox2_SOURCE = cmptest.h secretbox2.c
secretbox2_LDADD = $(TESTS_LDADD)

View File

@ -1,10 +1,10 @@
#include <stdio.h>
#include <string.h>
#define TEST_NAME "secretbox_chacha20poly1305"
#define TEST_NAME "aead_chacha20poly1305"
#include "cmptest.h"
static unsigned char firstkey[crypto_secretbox_chacha20poly1305_KEYBYTES] = {
static unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES] = {
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31,
0xf3, 0x14, 0xaf, 0x57, 0xf3, 0xbe, 0x3b, 0x50,
0x06, 0xda, 0x37, 0x1e, 0xce, 0x27, 0x2a, 0xfa,
@ -15,7 +15,7 @@ static unsigned char m[10U] = {
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
};
static unsigned char nonce[crypto_secretbox_chacha20poly1305_NONCEBYTES] = {
static unsigned char nonce[crypto_aead_chacha20poly1305_NPUBBYTES] = {
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a
};
@ -23,15 +23,15 @@ static unsigned char ad[10U] = {
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0
};
static unsigned char c[10U + crypto_secretbox_chacha20poly1305_ZEROBYTES];
static unsigned char c[10U + crypto_aead_chacha20poly1305_ZEROBYTES];
int main(void)
{
unsigned char m2[10U];
size_t i;
crypto_secretbox_chacha20poly1305_ad(c, m, sizeof m, ad, sizeof ad,
nonce, firstkey);
crypto_aead_chacha20poly1305_encrypt(c, NULL, m, sizeof m, ad, sizeof ad,
NULL, nonce, firstkey);
for (i = 0U; i < sizeof c; ++i) {
printf(",0x%02x", (unsigned int) c[i]);
if (i % 8 == 7) {
@ -40,10 +40,10 @@ int main(void)
}
printf("\n");
if (crypto_secretbox_chacha20poly1305_ad_open(m2, c, sizeof c,
if (crypto_aead_chacha20poly1305_decrypt(m2, NULL, NULL, c, sizeof c,
ad, sizeof ad,
nonce, firstkey) != 0) {
printf("crypto_secretbox_chacha20poly1305_ad_open() failed\n");
printf("crypto_aead_chacha20poly1305_ad_open() failed\n");
}
if (memcmp(m, m2, sizeof m) != 0) {
printf("m != m2\n");
@ -51,7 +51,7 @@ int main(void)
for (i = 0U; i < sizeof c; i++) {
c[i] ^= (i + 1U);
if (crypto_secretbox_chacha20poly1305_ad_open(m2, c, sizeof c,
if (crypto_aead_chacha20poly1305_decrypt(m2, NULL, NULL, c, sizeof c,
ad, sizeof ad,
nonce, firstkey) == 0 ||
memcmp(m, m2, sizeof m) == 0) {