Add a xchacha version of crypto_box_seal
No high level API for it, no reasons to, so not available in minimal mode.
This commit is contained in:
parent
c77ba98d7b
commit
ccb842f488
@ -14,6 +14,8 @@ the algorithm and can verify both Argon2i and Argon2id hashed passwords.
|
||||
The default algorithm for newly hashed passwords remains Argon2i in
|
||||
this version to avoid breaking compatibility with verifiers running
|
||||
libsodium <= 1.0.12.
|
||||
- A `crypto_box_curve25519xchacha20poly1305_seal*()` function set was
|
||||
implemented.
|
||||
|
||||
* Version 1.0.12
|
||||
- Ed25519ph was implemented, adding a multi-part signature API
|
||||
|
@ -93,6 +93,9 @@ _crypto_box_curve25519xchacha20poly1305_open_detached_afternm 0 1
|
||||
_crypto_box_curve25519xchacha20poly1305_open_easy 0 1
|
||||
_crypto_box_curve25519xchacha20poly1305_open_easy_afternm 0 1
|
||||
_crypto_box_curve25519xchacha20poly1305_publickeybytes 0 1
|
||||
_crypto_box_curve25519xchacha20poly1305_seal 0 1
|
||||
_crypto_box_curve25519xchacha20poly1305_seal_open 0 1
|
||||
_crypto_box_curve25519xchacha20poly1305_sealbytes 0 1
|
||||
_crypto_box_curve25519xchacha20poly1305_secretkeybytes 0 1
|
||||
_crypto_box_curve25519xchacha20poly1305_seed_keypair 0 1
|
||||
_crypto_box_curve25519xchacha20poly1305_seedbytes 0 1
|
||||
|
@ -162,6 +162,7 @@ endif
|
||||
if !MINIMAL
|
||||
libsodium_la_SOURCES += \
|
||||
crypto_box/curve25519xchacha20poly1305/box_curve25519xchacha20poly1305.c \
|
||||
crypto_box/curve25519xchacha20poly1305/box_seal_curve25519xchacha20poly1305.c \
|
||||
crypto_secretbox/xchacha20poly1305/secretbox_xchacha20poly1305.c \
|
||||
crypto_shorthash/siphash24/shorthash_siphashx24.c \
|
||||
crypto_shorthash/siphash24/ref/shorthash_siphashx24_ref.c \
|
||||
|
@ -0,0 +1,79 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "crypto_box_curve25519xchacha20poly1305.h"
|
||||
#include "crypto_generichash.h"
|
||||
#include "private/common.h"
|
||||
#include "utils.h"
|
||||
|
||||
static int
|
||||
_crypto_box_curve25519xchacha20poly1305_seal_nonce(unsigned char *nonce,
|
||||
const unsigned char *pk1,
|
||||
const unsigned char *pk2)
|
||||
{
|
||||
crypto_generichash_state st;
|
||||
|
||||
crypto_generichash_init(&st, NULL, 0U,
|
||||
crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
|
||||
crypto_generichash_update(&st, pk1,
|
||||
crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
|
||||
crypto_generichash_update(&st, pk2,
|
||||
crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
|
||||
crypto_generichash_final(&st, nonce,
|
||||
crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c, const unsigned char *m,
|
||||
unsigned long long mlen,
|
||||
const unsigned char *pk)
|
||||
{
|
||||
unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES];
|
||||
unsigned char epk[crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES];
|
||||
unsigned char esk[crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES];
|
||||
int ret;
|
||||
|
||||
if (crypto_box_curve25519xchacha20poly1305_keypair(epk, esk) != 0) {
|
||||
return -1; /* LCOV_EXCL_LINE */
|
||||
}
|
||||
memcpy(c, epk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
|
||||
_crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, epk, pk);
|
||||
ret = crypto_box_curve25519xchacha20poly1305_easy(
|
||||
c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, m, mlen,
|
||||
nonce, pk, esk);
|
||||
sodium_memzero(esk, sizeof esk);
|
||||
sodium_memzero(epk, sizeof epk);
|
||||
sodium_memzero(nonce, sizeof nonce);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int
|
||||
crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m, const unsigned char *c,
|
||||
unsigned long long clen,
|
||||
const unsigned char *pk,
|
||||
const unsigned char *sk)
|
||||
{
|
||||
unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES];
|
||||
|
||||
if (clen < crypto_box_curve25519xchacha20poly1305_SEALBYTES) {
|
||||
return -1;
|
||||
}
|
||||
_crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, c, pk);
|
||||
|
||||
COMPILER_ASSERT(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES <
|
||||
crypto_box_curve25519xchacha20poly1305_SEALBYTES);
|
||||
|
||||
return crypto_box_curve25519xchacha20poly1305_open_easy(
|
||||
m, c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES,
|
||||
clen - crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES,
|
||||
nonce, c, sk);
|
||||
}
|
||||
|
||||
size_t
|
||||
crypto_box_curve25519xchacha20poly1305_sealbytes(void)
|
||||
{
|
||||
return crypto_box_curve25519xchacha20poly1305_SEALBYTES;
|
||||
}
|
@ -123,6 +123,29 @@ int crypto_box_curve25519xchacha20poly1305_open_detached_afternm(unsigned char *
|
||||
const unsigned char *k)
|
||||
__attribute__ ((warn_unused_result));
|
||||
|
||||
/* -- Ephemeral SK interface -- */
|
||||
|
||||
#define crypto_box_curve25519xchacha20poly1305_SEALBYTES \
|
||||
(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES + \
|
||||
crypto_box_curve25519xchacha20poly1305_MACBYTES)
|
||||
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_box_curve25519xchacha20poly1305_sealbytes(void);
|
||||
|
||||
SODIUM_EXPORT
|
||||
int crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c,
|
||||
const unsigned char *m,
|
||||
unsigned long long mlen,
|
||||
const unsigned char *pk);
|
||||
|
||||
SODIUM_EXPORT
|
||||
int crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m,
|
||||
const unsigned char *c,
|
||||
unsigned long long clen,
|
||||
const unsigned char *pk,
|
||||
const unsigned char *sk)
|
||||
__attribute__ ((warn_unused_result));
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
Loading…
Reference in New Issue
Block a user