mirror of
https://github.com/jedisct1/libsodium.git
synced 2024-12-19 01:55:02 -07:00
Rename secretbox_chacha20poly1305() -> aead_chacha20poly1305()
The tag is still at the end. This will be changed right after.
This commit is contained in:
parent
d983bbe860
commit
a7410966ea
2
.gitignore
vendored
2
.gitignore
vendored
@ -53,6 +53,7 @@ src/libsodium/include/sodium/version.h
|
||||
stamp-*
|
||||
test/default/*.res
|
||||
test/default/*.trs
|
||||
test/default/aead_chacha20poly1305
|
||||
test/default/auth
|
||||
test/default/auth2
|
||||
test/default/auth3
|
||||
@ -89,7 +90,6 @@ test/default/scalarmult2
|
||||
test/default/scalarmult5
|
||||
test/default/scalarmult6
|
||||
test/default/secretbox
|
||||
test/default/secretbox_chacha20poly1305
|
||||
test/default/secretbox2
|
||||
test/default/secretbox7
|
||||
test/default/secretbox8
|
||||
|
@ -2,6 +2,7 @@ lib_LTLIBRARIES = \
|
||||
libsodium.la
|
||||
|
||||
libsodium_la_SOURCES = \
|
||||
crypto_aead/chacha20poly1305/aead_chacha20poly1305.c \
|
||||
crypto_auth/crypto_auth.c \
|
||||
crypto_auth/hmacsha256/auth_hmacsha256_api.c \
|
||||
crypto_auth/hmacsha256/cp/api.h \
|
||||
@ -71,7 +72,6 @@ libsodium_la_SOURCES = \
|
||||
crypto_scalarmult/curve25519/scalarmult_curve25519_api.c \
|
||||
crypto_secretbox/crypto_secretbox.c \
|
||||
crypto_secretbox/crypto_secretbox_easy.c \
|
||||
crypto_secretbox/chacha20poly1305/secretbox_chacha20poly1305.c \
|
||||
crypto_secretbox/xsalsa20poly1305/secretbox_xsalsa20poly1305_api.c \
|
||||
crypto_secretbox/xsalsa20poly1305/ref/api.h \
|
||||
crypto_secretbox/xsalsa20poly1305/ref/box_xsalsa20poly1305.c \
|
||||
|
@ -0,0 +1,150 @@
|
||||
|
||||
#include <limits.h>
|
||||
#include <string.h>
|
||||
|
||||
#include "crypto_aead_chacha20poly1305.h"
|
||||
#include "crypto_onetimeauth_poly1305.h"
|
||||
#include "crypto_stream_chacha20.h"
|
||||
#include "crypto_verify_16.h"
|
||||
#include "utils.h"
|
||||
|
||||
static inline void
|
||||
_u64_le_from_ull(unsigned char out[8U], unsigned long long x)
|
||||
{
|
||||
out[0] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[1] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[2] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[3] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[4] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[5] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[6] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[7] = (unsigned char) (x & 0xff);
|
||||
}
|
||||
|
||||
int
|
||||
crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
|
||||
unsigned long long *clen,
|
||||
const unsigned char *m,
|
||||
unsigned long long mlen,
|
||||
const unsigned char *ad,
|
||||
unsigned long long adlen,
|
||||
const unsigned char *nsec,
|
||||
const unsigned char *npub,
|
||||
const unsigned char *k)
|
||||
{
|
||||
crypto_onetimeauth_poly1305_state state;
|
||||
unsigned char block0[64U];
|
||||
unsigned char slen[8U];
|
||||
|
||||
#ifdef ULONG_LONG_MAX
|
||||
if (mlen > ULONG_LONG_MAX - crypto_aead_chacha20poly1305_ZEROBYTES) {
|
||||
if (clen != NULL) {
|
||||
*clen = 0ULL;
|
||||
}
|
||||
return -1;
|
||||
}
|
||||
#endif
|
||||
crypto_stream_chacha20_xor_ic
|
||||
(c + crypto_aead_chacha20poly1305_ZEROBYTES, m, mlen, npub, 1U, k);
|
||||
|
||||
crypto_stream_chacha20(block0, sizeof block0, npub, k);
|
||||
crypto_onetimeauth_poly1305_init(&state, block0);
|
||||
sodium_memzero(block0, sizeof block0);
|
||||
|
||||
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
|
||||
_u64_le_from_ull(slen, adlen);
|
||||
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
|
||||
|
||||
crypto_onetimeauth_poly1305_update
|
||||
(&state, c + crypto_aead_chacha20poly1305_ZEROBYTES, mlen);
|
||||
_u64_le_from_ull(slen, mlen);
|
||||
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
|
||||
|
||||
crypto_onetimeauth_poly1305_final(&state, c);
|
||||
sodium_memzero(&state, sizeof state);
|
||||
|
||||
if (clen != NULL) {
|
||||
*clen = mlen + crypto_aead_chacha20poly1305_ZEROBYTES;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
|
||||
unsigned long long *mlen,
|
||||
unsigned char *nsec,
|
||||
const unsigned char *c,
|
||||
unsigned long long clen,
|
||||
const unsigned char *ad,
|
||||
unsigned long long adlen,
|
||||
const unsigned char *npub,
|
||||
const unsigned char *k)
|
||||
{
|
||||
crypto_onetimeauth_poly1305_state state;
|
||||
unsigned char block0[64U];
|
||||
unsigned char slen[8U];
|
||||
unsigned char mac[crypto_aead_chacha20poly1305_MACBYTES];
|
||||
int ret;
|
||||
|
||||
if (mlen != NULL) {
|
||||
*mlen = 0ULL;
|
||||
}
|
||||
if (clen < crypto_aead_chacha20poly1305_ZEROBYTES) {
|
||||
return -1;
|
||||
}
|
||||
crypto_stream_chacha20(block0, sizeof block0, npub, k);
|
||||
crypto_onetimeauth_poly1305_init(&state, block0);
|
||||
sodium_memzero(block0, sizeof block0);
|
||||
|
||||
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
|
||||
_u64_le_from_ull(slen, adlen);
|
||||
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
|
||||
|
||||
crypto_onetimeauth_poly1305_update
|
||||
(&state, c + crypto_aead_chacha20poly1305_ZEROBYTES,
|
||||
clen - crypto_aead_chacha20poly1305_ZEROBYTES);
|
||||
_u64_le_from_ull(slen, clen - crypto_aead_chacha20poly1305_ZEROBYTES);
|
||||
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
|
||||
|
||||
crypto_onetimeauth_poly1305_final(&state, mac);
|
||||
sodium_memzero(&state, sizeof state);
|
||||
|
||||
ret = crypto_verify_16(mac, c);
|
||||
sodium_memzero(mac, sizeof mac);
|
||||
if (ret != 0) {
|
||||
memset(m, 0, clen - crypto_aead_chacha20poly1305_ZEROBYTES);
|
||||
return -1;
|
||||
}
|
||||
crypto_stream_chacha20_xor_ic
|
||||
(m, c + crypto_aead_chacha20poly1305_ZEROBYTES,
|
||||
clen - crypto_aead_chacha20poly1305_ZEROBYTES, npub, 1U, k);
|
||||
if (mlen != NULL) {
|
||||
*mlen = clen - crypto_aead_chacha20poly1305_ZEROBYTES;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
size_t
|
||||
crypto_aead_chacha20poly1305_keybytes(void) {
|
||||
return crypto_aead_chacha20poly1305_KEYBYTES;
|
||||
}
|
||||
|
||||
size_t
|
||||
crypto_aead_chacha20poly1305_npubbytes(void) {
|
||||
return crypto_aead_chacha20poly1305_NPUBBYTES;
|
||||
}
|
||||
|
||||
size_t
|
||||
crypto_aead_chacha20poly1305_nsecbytes(void) {
|
||||
return crypto_aead_chacha20poly1305_NSECBYTES;
|
||||
}
|
||||
|
||||
size_t
|
||||
crypto_aead_chacha20poly1305_abytes(void) {
|
||||
return crypto_aead_chacha20poly1305_ABYTES;
|
||||
}
|
||||
|
||||
size_t
|
||||
crypto_aead_chacha20poly1305_macbytes(void) {
|
||||
return crypto_aead_chacha20poly1305_MACBYTES;
|
||||
}
|
@ -1,150 +0,0 @@
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "crypto_onetimeauth_poly1305.h"
|
||||
#include "crypto_secretbox_chacha20poly1305.h"
|
||||
#include "crypto_stream_chacha20.h"
|
||||
#include "crypto_verify_16.h"
|
||||
#include "utils.h"
|
||||
|
||||
static inline void
|
||||
_u64_le_from_ull(unsigned char out[8U], unsigned long long x)
|
||||
{
|
||||
out[0] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[1] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[2] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[3] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[4] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[5] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[6] = (unsigned char) (x & 0xff); x >>= 8;
|
||||
out[7] = (unsigned char) (x & 0xff);
|
||||
}
|
||||
|
||||
int
|
||||
crypto_secretbox_chacha20poly1305_ad(unsigned char *c,
|
||||
const unsigned char *m,
|
||||
unsigned long long mlen,
|
||||
const unsigned char *ad,
|
||||
unsigned long long adlen,
|
||||
const unsigned char *n,
|
||||
const unsigned char *k)
|
||||
{
|
||||
crypto_onetimeauth_poly1305_state state;
|
||||
unsigned char block0[64U];
|
||||
unsigned char slen[8U];
|
||||
|
||||
crypto_stream_chacha20_xor_ic
|
||||
(c + crypto_secretbox_chacha20poly1305_ZEROBYTES, m, mlen, n, 1U, k);
|
||||
|
||||
crypto_stream_chacha20(block0, sizeof block0, n, k);
|
||||
crypto_onetimeauth_poly1305_init(&state, block0);
|
||||
sodium_memzero(block0, sizeof block0);
|
||||
|
||||
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
|
||||
_u64_le_from_ull(slen, adlen);
|
||||
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
|
||||
|
||||
crypto_onetimeauth_poly1305_update
|
||||
(&state, c + crypto_secretbox_chacha20poly1305_ZEROBYTES, mlen);
|
||||
_u64_le_from_ull(slen, mlen);
|
||||
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
|
||||
|
||||
crypto_onetimeauth_poly1305_final(&state, c);
|
||||
sodium_memzero(&state, sizeof state);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
crypto_secretbox_chacha20poly1305(unsigned char *c,
|
||||
const unsigned char *m,
|
||||
unsigned long long mlen,
|
||||
const unsigned char *n,
|
||||
const unsigned char *k)
|
||||
{
|
||||
return crypto_secretbox_chacha20poly1305_ad(c, m, mlen, NULL, 0ULL, n, k);
|
||||
}
|
||||
|
||||
int
|
||||
crypto_secretbox_chacha20poly1305_ad_open(unsigned char *m,
|
||||
const unsigned char *c,
|
||||
unsigned long long clen,
|
||||
const unsigned char *ad,
|
||||
unsigned long long adlen,
|
||||
const unsigned char *n,
|
||||
const unsigned char *k)
|
||||
{
|
||||
crypto_onetimeauth_poly1305_state state;
|
||||
unsigned char block0[64U];
|
||||
unsigned char slen[8U];
|
||||
unsigned char mac[crypto_secretbox_chacha20poly1305_MACBYTES];
|
||||
int ret;
|
||||
|
||||
if (clen < crypto_secretbox_chacha20poly1305_ZEROBYTES) {
|
||||
return -1;
|
||||
}
|
||||
crypto_stream_chacha20(block0, sizeof block0, n, k);
|
||||
crypto_onetimeauth_poly1305_init(&state, block0);
|
||||
sodium_memzero(block0, sizeof block0);
|
||||
|
||||
crypto_onetimeauth_poly1305_update(&state, ad, adlen);
|
||||
_u64_le_from_ull(slen, adlen);
|
||||
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
|
||||
|
||||
crypto_onetimeauth_poly1305_update
|
||||
(&state, c + crypto_secretbox_chacha20poly1305_ZEROBYTES,
|
||||
clen - crypto_secretbox_chacha20poly1305_ZEROBYTES);
|
||||
_u64_le_from_ull(slen, clen - crypto_secretbox_chacha20poly1305_ZEROBYTES);
|
||||
crypto_onetimeauth_poly1305_update(&state, slen, sizeof slen);
|
||||
|
||||
crypto_onetimeauth_poly1305_final(&state, mac);
|
||||
sodium_memzero(&state, sizeof state);
|
||||
|
||||
ret = crypto_verify_16(mac, c);
|
||||
sodium_memzero(mac, sizeof mac);
|
||||
if (ret != 0) {
|
||||
memset(m, 0, clen - crypto_secretbox_chacha20poly1305_ZEROBYTES);
|
||||
return -1;
|
||||
}
|
||||
crypto_stream_chacha20_xor_ic
|
||||
(m, c + crypto_secretbox_chacha20poly1305_ZEROBYTES,
|
||||
clen - crypto_secretbox_chacha20poly1305_ZEROBYTES, n, 1U, k);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
crypto_secretbox_chacha20poly1305_open(unsigned char *m,
|
||||
const unsigned char *c,
|
||||
unsigned long long clen,
|
||||
const unsigned char *n,
|
||||
const unsigned char *k)
|
||||
{
|
||||
return crypto_secretbox_chacha20poly1305_ad_open(m, c, clen,
|
||||
NULL, 0ULL, n, k);
|
||||
}
|
||||
|
||||
size_t
|
||||
crypto_secretbox_chacha20poly1305_keybytes(void) {
|
||||
return crypto_secretbox_chacha20poly1305_KEYBYTES;
|
||||
}
|
||||
|
||||
size_t
|
||||
crypto_secretbox_chacha20poly1305_noncebytes(void) {
|
||||
return crypto_secretbox_chacha20poly1305_NONCEBYTES;
|
||||
}
|
||||
|
||||
size_t
|
||||
crypto_secretbox_chacha20poly1305_zerobytes(void) {
|
||||
return crypto_secretbox_chacha20poly1305_ZEROBYTES;
|
||||
}
|
||||
|
||||
size_t
|
||||
crypto_secretbox_chacha20poly1305_boxzerobytes(void) {
|
||||
return crypto_secretbox_chacha20poly1305_BOXZEROBYTES;
|
||||
}
|
||||
|
||||
size_t
|
||||
crypto_secretbox_chacha20poly1305_macbytes(void) {
|
||||
return crypto_secretbox_chacha20poly1305_MACBYTES;
|
||||
}
|
@ -2,6 +2,7 @@
|
||||
SODIUM_EXPORT = \
|
||||
sodium.h \
|
||||
sodium/core.h \
|
||||
sodium/crypto_aead_chacha20poly1305.h \
|
||||
sodium/crypto_auth.h \
|
||||
sodium/crypto_auth_hmacsha256.h \
|
||||
sodium/crypto_auth_hmacsha512.h \
|
||||
@ -23,7 +24,6 @@ SODIUM_EXPORT = \
|
||||
sodium/crypto_scalarmult.h \
|
||||
sodium/crypto_scalarmult_curve25519.h \
|
||||
sodium/crypto_secretbox.h \
|
||||
sodium/crypto_secretbox_chacha20poly1305.h \
|
||||
sodium/crypto_secretbox_xsalsa20poly1305.h \
|
||||
sodium/crypto_shorthash.h \
|
||||
sodium/crypto_shorthash_siphash24.h \
|
||||
|
@ -3,6 +3,7 @@
|
||||
#define __SODIUM_H__
|
||||
|
||||
#include <sodium/core.h>
|
||||
#include <sodium/crypto_aead_chacha20poly1305.h>
|
||||
#include <sodium/crypto_auth.h>
|
||||
#include <sodium/crypto_auth_hmacsha256.h>
|
||||
#include <sodium/crypto_auth_hmacsha512.h>
|
||||
@ -24,7 +25,6 @@
|
||||
#include <sodium/crypto_scalarmult.h>
|
||||
#include <sodium/crypto_scalarmult_curve25519.h>
|
||||
#include <sodium/crypto_secretbox.h>
|
||||
#include <sodium/crypto_secretbox_chacha20poly1305.h>
|
||||
#include <sodium/crypto_secretbox_xsalsa20poly1305.h>
|
||||
#include <sodium/crypto_shorthash.h>
|
||||
#include <sodium/crypto_shorthash_siphash24.h>
|
||||
|
69
src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h
Normal file
69
src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h
Normal file
@ -0,0 +1,69 @@
|
||||
#ifndef crypto_aead_chacha20poly1305_H
|
||||
#define crypto_aead_chacha20poly1305_H
|
||||
|
||||
#include <stddef.h>
|
||||
#include "export.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
# if __GNUC__
|
||||
# pragma GCC diagnostic ignored "-Wlong-long"
|
||||
# endif
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define crypto_aead_chacha20poly1305_KEYBYTES 32U
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_aead_chacha20poly1305_keybytes(void);
|
||||
|
||||
#define crypto_aead_chacha20poly1305_NSECBYTES 0U
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_aead_chacha20poly1305_nsecbytes(void);
|
||||
|
||||
#define crypto_aead_chacha20poly1305_NPUBBYTES 8U
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_aead_chacha20poly1305_npubbytes(void);
|
||||
|
||||
#define crypto_aead_chacha20poly1305_ZEROBYTES 16U
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_aead_chacha20poly1305_zerobytes(void);
|
||||
|
||||
#define crypto_aead_chacha20poly1305_BOXZEROBYTES 0U
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_aead_chacha20poly1305_boxzerobytes(void);
|
||||
|
||||
#define crypto_aead_chacha20poly1305_MACBYTES \
|
||||
(crypto_aead_chacha20poly1305_ZEROBYTES - \
|
||||
crypto_aead_chacha20poly1305_BOXZEROBYTES)
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_aead_chacha20poly1305_macbytes(void);
|
||||
|
||||
#define crypto_aead_chacha20poly1305_ABYTES 0U
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_aead_chacha20poly1305_abytes(void);
|
||||
|
||||
SODIUM_EXPORT
|
||||
int crypto_aead_chacha20poly1305_encrypt(unsigned char *c,
|
||||
unsigned long long *clen,
|
||||
const unsigned char *m,
|
||||
unsigned long long mlen,
|
||||
const unsigned char *ad,
|
||||
unsigned long long adlen,
|
||||
const unsigned char *nsec,
|
||||
const unsigned char *npub,
|
||||
const unsigned char *k);
|
||||
|
||||
SODIUM_EXPORT
|
||||
int crypto_aead_chacha20poly1305_decrypt(unsigned char *m,
|
||||
unsigned long long *mlen,
|
||||
unsigned char *nsec,
|
||||
const unsigned char *c,
|
||||
unsigned long long clen,
|
||||
const unsigned char *ad,
|
||||
unsigned long long adlen,
|
||||
const unsigned char *npub,
|
||||
const unsigned char *k);
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -1,72 +0,0 @@
|
||||
#ifndef crypto_secretbox_chacha20poly1305_H
|
||||
#define crypto_secretbox_chacha20poly1305_H
|
||||
|
||||
#include <stddef.h>
|
||||
#include "export.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
# if __GNUC__
|
||||
# pragma GCC diagnostic ignored "-Wlong-long"
|
||||
# endif
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define crypto_secretbox_chacha20poly1305_KEYBYTES 32U
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_secretbox_chacha20poly1305_keybytes(void);
|
||||
|
||||
#define crypto_secretbox_chacha20poly1305_NONCEBYTES 8U
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_secretbox_chacha20poly1305_noncebytes(void);
|
||||
|
||||
#define crypto_secretbox_chacha20poly1305_ZEROBYTES 16U
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_secretbox_chacha20poly1305_zerobytes(void);
|
||||
|
||||
#define crypto_secretbox_chacha20poly1305_BOXZEROBYTES 0U
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_secretbox_chacha20poly1305_boxzerobytes(void);
|
||||
|
||||
#define crypto_secretbox_chacha20poly1305_MACBYTES \
|
||||
(crypto_secretbox_chacha20poly1305_ZEROBYTES - \
|
||||
crypto_secretbox_chacha20poly1305_BOXZEROBYTES)
|
||||
SODIUM_EXPORT
|
||||
size_t crypto_secretbox_chacha20poly1305_macbytes(void);
|
||||
|
||||
SODIUM_EXPORT
|
||||
int crypto_secretbox_chacha20poly1305(unsigned char *c,
|
||||
const unsigned char *m,
|
||||
unsigned long long mlen,
|
||||
const unsigned char *n,
|
||||
const unsigned char *k);
|
||||
|
||||
SODIUM_EXPORT
|
||||
int crypto_secretbox_chacha20poly1305_open(unsigned char *m,
|
||||
const unsigned char *c,
|
||||
unsigned long long clen,
|
||||
const unsigned char *n,
|
||||
const unsigned char *k);
|
||||
|
||||
|
||||
SODIUM_EXPORT
|
||||
int crypto_secretbox_chacha20poly1305_ad(unsigned char *c,
|
||||
const unsigned char *m,
|
||||
unsigned long long mlen,
|
||||
const unsigned char *ad,
|
||||
unsigned long long adlen,
|
||||
const unsigned char *n,
|
||||
const unsigned char *k);
|
||||
|
||||
SODIUM_EXPORT
|
||||
int crypto_secretbox_chacha20poly1305_ad_open(unsigned char *m,
|
||||
const unsigned char *c,
|
||||
unsigned long long clen,
|
||||
const unsigned char *ad,
|
||||
unsigned long long adlen,
|
||||
const unsigned char *n,
|
||||
const unsigned char *k);
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif
|
@ -2,6 +2,7 @@
|
||||
EXTRA_DIST = \
|
||||
cmptest.h \
|
||||
wintest.bat \
|
||||
aead_chacha20poly1305.exp \
|
||||
auth.exp \
|
||||
auth2.exp \
|
||||
auth3.exp \
|
||||
@ -38,7 +39,6 @@ EXTRA_DIST = \
|
||||
scalarmult5.exp \
|
||||
scalarmult6.exp \
|
||||
secretbox.exp \
|
||||
secretbox_chacha20poly1305.exp \
|
||||
secretbox2.exp \
|
||||
secretbox7.exp \
|
||||
secretbox8.exp \
|
||||
@ -58,6 +58,7 @@ EXTRA_DIST = \
|
||||
verify1.exp
|
||||
|
||||
DISTCLEANFILES = \
|
||||
aead_chacha20poly1305.res \
|
||||
auth.res \
|
||||
auth2.res \
|
||||
auth3.res \
|
||||
@ -94,7 +95,6 @@ DISTCLEANFILES = \
|
||||
scalarmult5.res \
|
||||
scalarmult6.res \
|
||||
secretbox.res \
|
||||
secretbox_chacha20poly1305.res \
|
||||
secretbox2.res \
|
||||
secretbox7.res \
|
||||
secretbox8.res \
|
||||
@ -122,6 +122,7 @@ AM_CPPFLAGS = \
|
||||
-I$(top_srcdir)/test/quirks
|
||||
|
||||
TESTS_TARGETS = \
|
||||
aead_chacha20poly1305 \
|
||||
auth \
|
||||
auth2 \
|
||||
auth3 \
|
||||
@ -158,7 +159,6 @@ TESTS_TARGETS = \
|
||||
scalarmult5 \
|
||||
scalarmult6 \
|
||||
secretbox \
|
||||
secretbox_chacha20poly1305 \
|
||||
secretbox2 \
|
||||
secretbox7 \
|
||||
secretbox8 \
|
||||
@ -184,6 +184,9 @@ TESTS = $(TESTS_TARGETS)
|
||||
TESTS_LDADD = \
|
||||
${top_builddir}/src/libsodium/libsodium.la
|
||||
|
||||
aead_chacha20poly1305_SOURCE = cmptest.h aead_chacha20poly1305.c
|
||||
aead_chacha20poly1305_LDADD = $(TESTS_LDADD)
|
||||
|
||||
auth_SOURCE = cmptest.h auth.c
|
||||
auth_LDADD = $(TESTS_LDADD)
|
||||
|
||||
@ -292,9 +295,6 @@ scalarmult6_LDADD = $(TESTS_LDADD)
|
||||
secretbox_SOURCE = cmptest.h secretbox.c
|
||||
secretbox_LDADD = $(TESTS_LDADD)
|
||||
|
||||
secretbox_chacha20poly1305_SOURCE = cmptest.h secretbox_chacha20poly1305.c
|
||||
secretbox_chacha20poly1305_LDADD = $(TESTS_LDADD)
|
||||
|
||||
secretbox2_SOURCE = cmptest.h secretbox2.c
|
||||
secretbox2_LDADD = $(TESTS_LDADD)
|
||||
|
||||
|
@ -1,10 +1,10 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
|
||||
#define TEST_NAME "secretbox_chacha20poly1305"
|
||||
#define TEST_NAME "aead_chacha20poly1305"
|
||||
#include "cmptest.h"
|
||||
|
||||
static unsigned char firstkey[crypto_secretbox_chacha20poly1305_KEYBYTES] = {
|
||||
static unsigned char firstkey[crypto_aead_chacha20poly1305_KEYBYTES] = {
|
||||
0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31,
|
||||
0xf3, 0x14, 0xaf, 0x57, 0xf3, 0xbe, 0x3b, 0x50,
|
||||
0x06, 0xda, 0x37, 0x1e, 0xce, 0x27, 0x2a, 0xfa,
|
||||
@ -15,7 +15,7 @@ static unsigned char m[10U] = {
|
||||
0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca
|
||||
};
|
||||
|
||||
static unsigned char nonce[crypto_secretbox_chacha20poly1305_NONCEBYTES] = {
|
||||
static unsigned char nonce[crypto_aead_chacha20poly1305_NPUBBYTES] = {
|
||||
0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a
|
||||
};
|
||||
|
||||
@ -23,15 +23,15 @@ static unsigned char ad[10U] = {
|
||||
0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0
|
||||
};
|
||||
|
||||
static unsigned char c[10U + crypto_secretbox_chacha20poly1305_ZEROBYTES];
|
||||
static unsigned char c[10U + crypto_aead_chacha20poly1305_ZEROBYTES];
|
||||
|
||||
int main(void)
|
||||
{
|
||||
unsigned char m2[10U];
|
||||
size_t i;
|
||||
|
||||
crypto_secretbox_chacha20poly1305_ad(c, m, sizeof m, ad, sizeof ad,
|
||||
nonce, firstkey);
|
||||
crypto_aead_chacha20poly1305_encrypt(c, NULL, m, sizeof m, ad, sizeof ad,
|
||||
NULL, nonce, firstkey);
|
||||
for (i = 0U; i < sizeof c; ++i) {
|
||||
printf(",0x%02x", (unsigned int) c[i]);
|
||||
if (i % 8 == 7) {
|
||||
@ -40,10 +40,10 @@ int main(void)
|
||||
}
|
||||
printf("\n");
|
||||
|
||||
if (crypto_secretbox_chacha20poly1305_ad_open(m2, c, sizeof c,
|
||||
ad, sizeof ad,
|
||||
nonce, firstkey) != 0) {
|
||||
printf("crypto_secretbox_chacha20poly1305_ad_open() failed\n");
|
||||
if (crypto_aead_chacha20poly1305_decrypt(m2, NULL, NULL, c, sizeof c,
|
||||
ad, sizeof ad,
|
||||
nonce, firstkey) != 0) {
|
||||
printf("crypto_aead_chacha20poly1305_ad_open() failed\n");
|
||||
}
|
||||
if (memcmp(m, m2, sizeof m) != 0) {
|
||||
printf("m != m2\n");
|
||||
@ -51,9 +51,9 @@ int main(void)
|
||||
|
||||
for (i = 0U; i < sizeof c; i++) {
|
||||
c[i] ^= (i + 1U);
|
||||
if (crypto_secretbox_chacha20poly1305_ad_open(m2, c, sizeof c,
|
||||
ad, sizeof ad,
|
||||
nonce, firstkey) == 0 ||
|
||||
if (crypto_aead_chacha20poly1305_decrypt(m2, NULL, NULL, c, sizeof c,
|
||||
ad, sizeof ad,
|
||||
nonce, firstkey) == 0 ||
|
||||
memcmp(m, m2, sizeof m) == 0) {
|
||||
printf("message can be forged\n");
|
||||
}
|
Loading…
Reference in New Issue
Block a user