Add a xchacha version of crypto_box_seal

No high level API for it, no reasons to, so not available in minimal mode.
This commit is contained in:
Frank Denis 2017-07-06 15:19:13 +02:00
parent c77ba98d7b
commit ccb842f488
5 changed files with 108 additions and 0 deletions

View File

@ -14,6 +14,8 @@ the algorithm and can verify both Argon2i and Argon2id hashed passwords.
The default algorithm for newly hashed passwords remains Argon2i in The default algorithm for newly hashed passwords remains Argon2i in
this version to avoid breaking compatibility with verifiers running this version to avoid breaking compatibility with verifiers running
libsodium <= 1.0.12. libsodium <= 1.0.12.
- A `crypto_box_curve25519xchacha20poly1305_seal*()` function set was
implemented.
* Version 1.0.12 * Version 1.0.12
- Ed25519ph was implemented, adding a multi-part signature API - Ed25519ph was implemented, adding a multi-part signature API

View File

@ -93,6 +93,9 @@ _crypto_box_curve25519xchacha20poly1305_open_detached_afternm 0 1
_crypto_box_curve25519xchacha20poly1305_open_easy 0 1 _crypto_box_curve25519xchacha20poly1305_open_easy 0 1
_crypto_box_curve25519xchacha20poly1305_open_easy_afternm 0 1 _crypto_box_curve25519xchacha20poly1305_open_easy_afternm 0 1
_crypto_box_curve25519xchacha20poly1305_publickeybytes 0 1 _crypto_box_curve25519xchacha20poly1305_publickeybytes 0 1
_crypto_box_curve25519xchacha20poly1305_seal 0 1
_crypto_box_curve25519xchacha20poly1305_seal_open 0 1
_crypto_box_curve25519xchacha20poly1305_sealbytes 0 1
_crypto_box_curve25519xchacha20poly1305_secretkeybytes 0 1 _crypto_box_curve25519xchacha20poly1305_secretkeybytes 0 1
_crypto_box_curve25519xchacha20poly1305_seed_keypair 0 1 _crypto_box_curve25519xchacha20poly1305_seed_keypair 0 1
_crypto_box_curve25519xchacha20poly1305_seedbytes 0 1 _crypto_box_curve25519xchacha20poly1305_seedbytes 0 1

View File

@ -162,6 +162,7 @@ endif
if !MINIMAL if !MINIMAL
libsodium_la_SOURCES += \ libsodium_la_SOURCES += \
crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c \ crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c \
crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c \
crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c \ crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c \
crypto_shorthash/siphash24/shorthash_siphashx24.c \ crypto_shorthash/siphash24/shorthash_siphashx24.c \
crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c \ crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c \

View File

@ -0,0 +1,79 @@
#include <string.h>
#include "crypto_box_curve25519xchacha20poly1305.h"
#include "crypto_generichash.h"
#include "private/common.h"
#include "utils.h"
static int
_crypto_box_curve25519xchacha20poly1305_seal_nonce(unsigned char *nonce,
const unsigned char *pk1,
const unsigned char *pk2)
{
crypto_generichash_state st;
crypto_generichash_init(&st, NULL, 0U,
crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
crypto_generichash_update(&st, pk1,
crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
crypto_generichash_update(&st, pk2,
crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
crypto_generichash_final(&st, nonce,
crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
return 0;
}
int
crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c, const unsigned char *m,
unsigned long long mlen,
const unsigned char *pk)
{
unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES];
unsigned char epk[crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES];
unsigned char esk[crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES];
int ret;
if (crypto_box_curve25519xchacha20poly1305_keypair(epk, esk) != 0) {
return -1; /* LCOV_EXCL_LINE */
}
memcpy(c, epk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
_crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, epk, pk);
ret = crypto_box_curve25519xchacha20poly1305_easy(
c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, m, mlen,
nonce, pk, esk);
sodium_memzero(esk, sizeof esk);
sodium_memzero(epk, sizeof epk);
sodium_memzero(nonce, sizeof nonce);
return ret;
}
int
crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m, const unsigned char *c,
unsigned long long clen,
const unsigned char *pk,
const unsigned char *sk)
{
unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES];
if (clen < crypto_box_curve25519xchacha20poly1305_SEALBYTES) {
return -1;
}
_crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, c, pk);
COMPILER_ASSERT(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES <
crypto_box_curve25519xchacha20poly1305_SEALBYTES);
return crypto_box_curve25519xchacha20poly1305_open_easy(
m, c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES,
clen - crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES,
nonce, c, sk);
}
size_t
crypto_box_curve25519xchacha20poly1305_sealbytes(void)
{
return crypto_box_curve25519xchacha20poly1305_SEALBYTES;
}

View File

@ -123,6 +123,29 @@ int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *
const unsigned char *k) const unsigned char *k)
__attribute__ ((warn_unused_result)); __attribute__ ((warn_unused_result));
/* -- Ephemeral SK interface -- */
#define crypto_box_curve25519xchacha20poly1305_SEALBYTES \
(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES + \
crypto_box_curve25519xchacha20poly1305_MACBYTES)
SODIUM_EXPORT
size_t crypto_box_curve25519xchacha20poly1305_sealbytes(void);
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c,
const unsigned char *m,
unsigned long long mlen,
const unsigned char *pk);
SODIUM_EXPORT
int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
const unsigned char *c,
unsigned long long clen,
const unsigned char *pk,
const unsigned char *sk)
__attribute__ ((warn_unused_result));
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif