Add a xchacha version of crypto_box_seal
No high level API for it, no reasons to, so not available in minimal mode.
This commit is contained in:
Frank Denis
parent
c77ba98d7b
commit
ccb842f488
@ -14,6 +14,8 @@ the algorithm and can verify both Argon2i and Argon2id hashed passwords.
|
|||||||
The default algorithm for newly hashed passwords remains Argon2i in
|
The default algorithm for newly hashed passwords remains Argon2i in
|
||||||
this version to avoid breaking compatibility with verifiers running
|
this version to avoid breaking compatibility with verifiers running
|
||||||
libsodium <= 1.0.12.
|
libsodium <= 1.0.12.
|
||||||
|
- A `crypto_box_curve25519xchacha20poly1305_seal*()` function set was
|
||||||
|
implemented.
|
||||||
|
|
||||||
* Version 1.0.12
|
* Version 1.0.12
|
||||||
- Ed25519ph was implemented, adding a multi-part signature API
|
- Ed25519ph was implemented, adding a multi-part signature API
|
||||||
|
|||||||
@ -93,6 +93,9 @@ _crypto_box_curve25519xchacha20poly1305_open_detached_afternm 0 1
|
|||||||
_crypto_box_curve25519xchacha20poly1305_open_easy 0 1
|
_crypto_box_curve25519xchacha20poly1305_open_easy 0 1
|
||||||
_crypto_box_curve25519xchacha20poly1305_open_easy_afternm 0 1
|
_crypto_box_curve25519xchacha20poly1305_open_easy_afternm 0 1
|
||||||
_crypto_box_curve25519xchacha20poly1305_publickeybytes 0 1
|
_crypto_box_curve25519xchacha20poly1305_publickeybytes 0 1
|
||||||
|
_crypto_box_curve25519xchacha20poly1305_seal 0 1
|
||||||
|
_crypto_box_curve25519xchacha20poly1305_seal_open 0 1
|
||||||
|
_crypto_box_curve25519xchacha20poly1305_sealbytes 0 1
|
||||||
_crypto_box_curve25519xchacha20poly1305_secretkeybytes 0 1
|
_crypto_box_curve25519xchacha20poly1305_secretkeybytes 0 1
|
||||||
_crypto_box_curve25519xchacha20poly1305_seed_keypair 0 1
|
_crypto_box_curve25519xchacha20poly1305_seed_keypair 0 1
|
||||||
_crypto_box_curve25519xchacha20poly1305_seedbytes 0 1
|
_crypto_box_curve25519xchacha20poly1305_seedbytes 0 1
|
||||||
|
|||||||
@ -162,6 +162,7 @@ endif
|
|||||||
if !MINIMAL
|
if !MINIMAL
|
||||||
libsodium_la_SOURCES += \
|
libsodium_la_SOURCES += \
|
||||||
crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c \
|
crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c \
|
||||||
|
crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c \
|
||||||
crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c \
|
crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c \
|
||||||
crypto_shorthash/siphash24/shorthash_siphashx24.c \
|
crypto_shorthash/siphash24/shorthash_siphashx24.c \
|
||||||
crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c \
|
crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c \
|
||||||
|
|||||||
@ -0,0 +1,79 @@
|
|||||||
|
|
||||||
|
#include <string.h>
|
||||||
|
|
||||||
|
#include "crypto_box_curve25519xchacha20poly1305.h"
|
||||||
|
#include "crypto_generichash.h"
|
||||||
|
#include "private/common.h"
|
||||||
|
#include "utils.h"
|
||||||
|
|
||||||
|
static int
|
||||||
|
_crypto_box_curve25519xchacha20poly1305_seal_nonce(unsigned char *nonce,
|
||||||
|
const unsigned char *pk1,
|
||||||
|
const unsigned char *pk2)
|
||||||
|
{
|
||||||
|
crypto_generichash_state st;
|
||||||
|
|
||||||
|
crypto_generichash_init(&st, NULL, 0U,
|
||||||
|
crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
|
||||||
|
crypto_generichash_update(&st, pk1,
|
||||||
|
crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
|
||||||
|
crypto_generichash_update(&st, pk2,
|
||||||
|
crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
|
||||||
|
crypto_generichash_final(&st, nonce,
|
||||||
|
crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c, const unsigned char *m,
|
||||||
|
unsigned long long mlen,
|
||||||
|
const unsigned char *pk)
|
||||||
|
{
|
||||||
|
unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES];
|
||||||
|
unsigned char epk[crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES];
|
||||||
|
unsigned char esk[crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES];
|
||||||
|
int ret;
|
||||||
|
|
||||||
|
if (crypto_box_curve25519xchacha20poly1305_keypair(epk, esk) != 0) {
|
||||||
|
return -1; /* LCOV_EXCL_LINE */
|
||||||
|
}
|
||||||
|
memcpy(c, epk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
|
||||||
|
_crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, epk, pk);
|
||||||
|
ret = crypto_box_curve25519xchacha20poly1305_easy(
|
||||||
|
c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, m, mlen,
|
||||||
|
nonce, pk, esk);
|
||||||
|
sodium_memzero(esk, sizeof esk);
|
||||||
|
sodium_memzero(epk, sizeof epk);
|
||||||
|
sodium_memzero(nonce, sizeof nonce);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m, const unsigned char *c,
|
||||||
|
unsigned long long clen,
|
||||||
|
const unsigned char *pk,
|
||||||
|
const unsigned char *sk)
|
||||||
|
{
|
||||||
|
unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES];
|
||||||
|
|
||||||
|
if (clen < crypto_box_curve25519xchacha20poly1305_SEALBYTES) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
_crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, c, pk);
|
||||||
|
|
||||||
|
COMPILER_ASSERT(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES <
|
||||||
|
crypto_box_curve25519xchacha20poly1305_SEALBYTES);
|
||||||
|
|
||||||
|
return crypto_box_curve25519xchacha20poly1305_open_easy(
|
||||||
|
m, c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES,
|
||||||
|
clen - crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES,
|
||||||
|
nonce, c, sk);
|
||||||
|
}
|
||||||
|
|
||||||
|
size_t
|
||||||
|
crypto_box_curve25519xchacha20poly1305_sealbytes(void)
|
||||||
|
{
|
||||||
|
return crypto_box_curve25519xchacha20poly1305_SEALBYTES;
|
||||||
|
}
|
||||||
@ -123,6 +123,29 @@ int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *
|
|||||||
const unsigned char *k)
|
const unsigned char *k)
|
||||||
__attribute__ ((warn_unused_result));
|
__attribute__ ((warn_unused_result));
|
||||||
|
|
||||||
|
/* -- Ephemeral SK interface -- */
|
||||||
|
|
||||||
|
#define crypto_box_curve25519xchacha20poly1305_SEALBYTES \
|
||||||
|
(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES + \
|
||||||
|
crypto_box_curve25519xchacha20poly1305_MACBYTES)
|
||||||
|
|
||||||
|
SODIUM_EXPORT
|
||||||
|
size_t crypto_box_curve25519xchacha20poly1305_sealbytes(void);
|
||||||
|
|
||||||
|
SODIUM_EXPORT
|
||||||
|
int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c,
|
||||||
|
const unsigned char *m,
|
||||||
|
unsigned long long mlen,
|
||||||
|
const unsigned char *pk);
|
||||||
|
|
||||||
|
SODIUM_EXPORT
|
||||||
|
int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
|
||||||
|
const unsigned char *c,
|
||||||
|
unsigned long long clen,
|
||||||
|
const unsigned char *pk,
|
||||||
|
const unsigned char *sk)
|
||||||
|
__attribute__ ((warn_unused_result));
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user