int
crypto_box_curve25519xchacha20poly1305_easy_afternm(unsigned char *c,
                                                    const unsigned char *m,
                                                    unsigned long long mlen,
                                                    const unsigned char *n,
                                                    const unsigned char *k)
{
    if (mlen > SIZE_MAX - crypto_box_curve25519xchacha20poly1305_MACBYTES) {
        return -1;
    }
    return crypto_box_curve25519xchacha20poly1305_detached_afternm(
        c + crypto_box_curve25519xchacha20poly1305_MACBYTES, c, m, mlen, n, k);
}
int
crypto_box_curve25519xchacha20poly1305_detached(unsigned char *c,
                                                unsigned char *mac,
                                                const unsigned char *m,
                                                unsigned long long mlen,
                                                const unsigned char *n,
                                                const unsigned char *pk,
                                                const unsigned char *sk)
{
    unsigned char k[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES];
    int           ret;

    (void) sizeof(int[crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES
                      >= crypto_secretbox_xchacha20poly1305_KEYBYTES ?
                      1 : -1]);
    if (crypto_box_curve25519xchacha20poly1305_beforenm(k, pk, sk) != 0) {
        return -1;
    }
    ret = crypto_box_curve25519xchacha20poly1305_detached_afternm(c, mac, m,
                                                                  mlen, n, k);
    sodium_memzero(k, sizeof k);

    return ret;
}
Beispiel #3
0
static void
tv_box_xchacha20poly1305(void)
{
    char           hex[65];
    unsigned char *pk;
    unsigned char *sk;
    unsigned char *m;
    unsigned char *m2;
    unsigned char *mac;
    unsigned char *nonce;
    unsigned char *out;
    unsigned char *pc;
    unsigned char *seed;
    size_t         m_len;
    int            i;

    pk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
    sk = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
    nonce = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
    mac = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_MACBYTES);
    pc = (unsigned char *) sodium_malloc(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
    for (i = 0; i < 10; i++) {
        m_len = (i == 0) ? 0 : randombytes_uniform(150);
        m = (unsigned char *) sodium_malloc(m_len);
        m2 = (unsigned char *) sodium_malloc(m_len);

        out = (unsigned char *) sodium_malloc
            (crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len);
        randombytes_buf(nonce, crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
        randombytes_buf(m, m_len);
        assert(crypto_box_curve25519xchacha20poly1305_keypair(pk, sk) == 0);
        assert(crypto_box_curve25519xchacha20poly1305_easy(out, m, m_len, nonce,
                                                           pk, sk) == 0);
        assert(crypto_box_curve25519xchacha20poly1305_open_easy
               (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
                nonce, pk, sk) == 0);
        assert(memcmp(m2, m, m_len) == 0);
        sodium_free(out);

        out = (unsigned char *) sodium_malloc
            (crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len);
        assert(crypto_box_curve25519xchacha20poly1305_beforenm(pc, pk, sk) == 0);
        assert(crypto_box_curve25519xchacha20poly1305_easy_afternm
               (out, m, m_len, nonce, pc) == 0);
        assert(crypto_box_curve25519xchacha20poly1305_open_easy_afternm
               (m2, out, crypto_box_curve25519xchacha20poly1305_MACBYTES + m_len,
                nonce, pc) == 0);
        assert(memcmp(m2, m, m_len) == 0);
        sodium_free(out);

        out = (unsigned char *) sodium_malloc(m_len);
        assert(crypto_box_curve25519xchacha20poly1305_detached(out, mac, m, m_len,
                                                               nonce, pk, sk) == 0);
        assert(crypto_box_curve25519xchacha20poly1305_open_detached
               (m2, out, mac, m_len, nonce, pk, sk) == 0);
        sodium_free(out);

        out = (unsigned char *) sodium_malloc(m_len);
        assert(crypto_box_curve25519xchacha20poly1305_detached_afternm
               (out, mac, m, m_len, nonce, pc) == 0);
        assert(crypto_box_curve25519xchacha20poly1305_open_detached_afternm
               (m2, out, mac, m_len, nonce, pc) == 0);
        sodium_free(out);

        sodium_free(m2);
        sodium_free(m);
    }
    sodium_free(pc);
    sodium_free(mac);
    sodium_free(nonce);

    seed = (unsigned char *) sodium_malloc
        (crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
    for (i = 0; i < crypto_box_curve25519xchacha20poly1305_SEEDBYTES; i++) {
        seed[i] = i;
    }
    crypto_box_curve25519xchacha20poly1305_seed_keypair(pk, sk, seed);
    sodium_bin2hex(hex, sizeof hex, pk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
    assert(strcmp(hex, "4701d08488451f545a409fb58ae3e58581ca40ac3f7f114698cd71deac73ca01") == 0);
    sodium_bin2hex(hex, sizeof hex, sk, crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
    assert(strcmp(hex, "3d94eea49c580aef816935762be049559d6d1440dede12e6a125f1841fff8e6f") == 0);
    sodium_free(seed);

    sodium_free(sk);
    sodium_free(pk);

    assert(crypto_box_curve25519xchacha20poly1305_seedbytes() == crypto_box_curve25519xchacha20poly1305_SEEDBYTES);
    assert(crypto_box_curve25519xchacha20poly1305_publickeybytes() == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
    assert(crypto_box_curve25519xchacha20poly1305_secretkeybytes() == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES);
    assert(crypto_box_curve25519xchacha20poly1305_beforenmbytes() == crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES);
    assert(crypto_box_curve25519xchacha20poly1305_noncebytes() == crypto_box_curve25519xchacha20poly1305_NONCEBYTES);

    printf("tv_box_xchacha20poly1305: ok\n");
}