int zmq::curve_server_t::produce_welcome (msg_t *msg_) { uint8_t cookie_nonce [crypto_secretbox_NONCEBYTES]; uint8_t cookie_plaintext [crypto_secretbox_ZEROBYTES + 64]; uint8_t cookie_ciphertext [crypto_secretbox_BOXZEROBYTES + 80]; // Create full nonce for encryption // 8-byte prefix plus 16-byte random nonce memcpy (cookie_nonce, "COOKIE--", 8); randombytes (cookie_nonce + 8, 16); // Generate cookie = Box [C' + s'](t) memset (cookie_plaintext, 0, crypto_secretbox_ZEROBYTES); memcpy (cookie_plaintext + crypto_secretbox_ZEROBYTES, cn_client, 32); memcpy (cookie_plaintext + crypto_secretbox_ZEROBYTES + 32, cn_secret, 32); // Generate fresh cookie key randombytes (cookie_key, crypto_secretbox_KEYBYTES); // Encrypt using symmetric cookie key int rc = crypto_secretbox (cookie_ciphertext, cookie_plaintext, sizeof cookie_plaintext, cookie_nonce, cookie_key); zmq_assert (rc == 0); uint8_t welcome_nonce [crypto_box_NONCEBYTES]; uint8_t welcome_plaintext [crypto_box_ZEROBYTES + 128]; uint8_t welcome_ciphertext [crypto_box_BOXZEROBYTES + 144]; // Create full nonce for encryption // 8-byte prefix plus 16-byte random nonce memcpy (welcome_nonce, "WELCOME-", 8); randombytes (welcome_nonce + 8, crypto_box_NONCEBYTES - 8); // Create 144-byte Box [S' + cookie](S->C') memset (welcome_plaintext, 0, crypto_box_ZEROBYTES); memcpy (welcome_plaintext + crypto_box_ZEROBYTES, cn_public, 32); memcpy (welcome_plaintext + crypto_box_ZEROBYTES + 32, cookie_nonce + 8, 16); memcpy (welcome_plaintext + crypto_box_ZEROBYTES + 48, cookie_ciphertext + crypto_secretbox_BOXZEROBYTES, 80); rc = crypto_box (welcome_ciphertext, welcome_plaintext, sizeof welcome_plaintext, welcome_nonce, cn_client, secret_key); if (rc == -1) return -1; rc = msg_->init_size (168); errno_assert (rc == 0); uint8_t * const welcome = static_cast <uint8_t *> (msg_->data ()); memcpy (welcome, "\x07WELCOME", 8); memcpy (welcome + 8, welcome_nonce + 8, 16); memcpy (welcome + 24, welcome_ciphertext + crypto_box_BOXZEROBYTES, 144); return 0; }
void measure(void) { int i; int loop; int mlen; for (loop = 0;loop < LOOPS;++loop) { for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / 8) { randombytes(k,crypto_secretbox_KEYBYTES); randombytes(n,crypto_secretbox_NONCEBYTES); randombytes(m + crypto_secretbox_ZEROBYTES,mlen); randombytes(c,mlen + crypto_secretbox_ZEROBYTES); for (i = 0;i <= TIMINGS;++i) { cycles[i] = cpucycles(); crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k); } for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; printentry(mlen,"cycles",cycles,TIMINGS); for (i = 0;i <= TIMINGS;++i) { cycles[i] = cpucycles(); crypto_secretbox_open(m,c,mlen + crypto_secretbox_ZEROBYTES,n,k); } for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; printentry(mlen,"open_cycles",cycles,TIMINGS); ++c[crypto_secretbox_ZEROBYTES]; for (i = 0;i <= TIMINGS;++i) { cycles[i] = cpucycles(); crypto_secretbox_open(m,c,mlen + crypto_secretbox_ZEROBYTES,n,k); } for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i]; printentry(mlen,"forgery_open_cycles",cycles,TIMINGS); } } }
int main(void) { int i; crypto_secretbox(c, m, 163, nonce, firstkey); for (i = 16; i < 163; ++i) { printf(",0x%02x", (unsigned int)c[i]); if (i % 8 == 7) printf("\n"); } printf("\n"); assert(crypto_secretbox_keybytes() > 0U); assert(crypto_secretbox_noncebytes() > 0U); assert(crypto_secretbox_zerobytes() > 0U); assert(crypto_secretbox_boxzerobytes() > 0U); assert(crypto_secretbox_macbytes() > 0U); assert(strcmp(crypto_secretbox_primitive(), "xsalsa20poly1305") == 0); assert(crypto_secretbox_keybytes() == crypto_secretbox_xsalsa20poly1305_keybytes()); assert(crypto_secretbox_noncebytes() == crypto_secretbox_xsalsa20poly1305_noncebytes()); assert(crypto_secretbox_zerobytes() == crypto_secretbox_xsalsa20poly1305_zerobytes()); assert(crypto_secretbox_boxzerobytes() == crypto_secretbox_xsalsa20poly1305_boxzerobytes()); assert(crypto_secretbox_macbytes() == crypto_secretbox_xsalsa20poly1305_macbytes()); return 0; }
main() { int mlen; int i; int caught; for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) { randombytes(k,crypto_secretbox_KEYBYTES); randombytes(n,crypto_secretbox_NONCEBYTES); randombytes(m + crypto_secretbox_ZEROBYTES,mlen); crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k); caught = 0; while (caught < 10) { c[random() % (mlen + crypto_secretbox_ZEROBYTES)] = random(); if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) { for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i) if (m2[i] != m[i]) { printf("forgery\n"); return 100; } } else { ++caught; } } } return 0; }
// We encrypt like GDBE each sector has a random // nonce prepended to each sector. static int crypto_write(const char *path, const char *buf, size_t size, off_t off, struct fuse_file_info *inf){ size_t written = 0; while(size > 0) { int idx = off / (block_size - crypto_PADDING); // Grab a random nonce unsigned char nonce[crypto_secretbox_NONCEBYTES]; randombytes(nonce, crypto_secretbox_NONCEBYTES); // Set up the necessary buffers size_t to_write = size < block_size - crypto_PADDING ? size + crypto_PADDING : block_size; size_t msize = to_write - crypto_PADDING; size_t fudge = 0; char padding[block_size]; if(off % (block_size - crypto_PADDING) != 0) { // At partial block, have to read the rest of the data // and append the new stuff to our buffer. size_t leftovers = off % (block_size - crypto_PADDING); off_t block_off = idx * (block_size - crypto_PADDING); struct fuse_file_info of = {.flags = O_RDONLY}; int fd = crypto_open(path, &of); if(fd == -1) return -errno; int res = crypto_read(path, padding, leftovers, block_off, &of); if(res < 0) return res; close(fd); if(to_write + res < block_size - crypto_PADDING) to_write += res; fudge = res; } unsigned char mpad[to_write]; unsigned char cpad[to_write]; memset(mpad, 0, to_write); memset(cpad, 0, to_write); memcpy(mpad + crypto_secretbox_ZEROBYTES, padding, fudge); memcpy(mpad + crypto_secretbox_ZEROBYTES + fudge, buf + written, msize); int ohno = crypto_secretbox(cpad, mpad, msize + crypto_secretbox_ZEROBYTES, nonce, key); if(ohno < 0) return -ENXIO; unsigned char block[to_write]; memset(block, 0, to_write); memcpy(block, nonce, crypto_secretbox_NONCEBYTES); memcpy(block + crypto_secretbox_NONCEBYTES, cpad + crypto_secretbox_BOXZEROBYTES, msize + crypto_secretbox_BOXZEROBYTES); int res = pwrite(inf->fh, block, to_write, block_size * idx); if(res == -1) return -errno; res -= crypto_PADDING; written += res - fudge; size -= res - fudge; off += res - fudge; }
String NaCl::secret_encrypt(String msg) { try { std::string message = from_ruby<std::string>(msg); std::string encrypted_message = crypto_secretbox(message, remote_nonce, my_secret); return to_ruby<std::string>(encrypted_message); } catch (int e) { return to_ruby<std::string>(""); } }
static nif_term_t salt_secretbox(nif_heap_t *hp, int argc, const nif_term_t argv[]) { /* salt_secretbox(Plain_text, Nonce, Secret_key) -> Cipher_text. */ nif_bin_t pt; nif_bin_t nc; nif_bin_t sk; nif_bin_t ct; nif_term_t raw; nif_term_t sub; if (argc != 3) return (BADARG); /* Unpack arguments ensuring they're suitably typed. */ if (! enif_inspect_iolist_as_binary(hp, argv[0], &pt)) return (BADARG); if (! enif_inspect_binary(hp, argv[1], &nc)) return (BADARG); if (! enif_inspect_binary(hp, argv[2], &sk)) return (BADARG); /* Check constraints on size and zero prefixing. */ if (pt.size < crypto_secretbox_ZEROBYTES || pt.size > SALT_MAX_MESSAGE_SIZE) return (BADARG); if (memcmp((const void *)pt.data, &salt_secretbox_zerobytes[0], crypto_secretbox_ZEROBYTES) != 0) return (BADARG); if (nc.size != crypto_secretbox_NONCEBYTES) return (BADARG); if (sk.size != crypto_secretbox_KEYBYTES) return (BADARG); /* Allocate space for cipher text. NB: Passing ENOMEM as BADARG. */ if (! enif_alloc_binary(pt.size, &ct)) return (BADARG); /* Perform the crypto, strip leading zeros. */ (void)crypto_secretbox(ct.data, pt.data, pt.size, nc.data, sk.data); raw = enif_make_binary(hp, &ct); sub = enif_make_sub_binary(hp, raw, crypto_secretbox_BOXZEROBYTES, ct.size - crypto_secretbox_BOXZEROBYTES); return (sub); }
void encrypt_box(uint8_t *keys, box *outer, size_t len) { box *inner = (box *) outer->data; uint8_t *outer_key = keys; uint8_t *inner_key = keys + BOX_KEY_LEN; randombytes(outer->iv, BOX_IV_LEN); randombytes(inner->iv, BOX_IV_LEN); uint8_t *data = inner->tag; size_t inner_len = len + crypto_secretbox_ZEROBYTES; memset(data, 0, crypto_secretbox_ZEROBYTES); assert(crypto_secretbox(data, data, inner_len, inner->iv, inner_key) == 0); encrypt_gcm(outer_key, outer->iv, outer->data, sizeof(box) + len, outer->tag); }
int encrypt_data_symmetric(uint8_t *secret_key, uint8_t *nonce, uint8_t *plain, uint32_t length, uint8_t *encrypted) { if (length == 0) return -1; uint8_t temp_plain[length + crypto_secretbox_ZEROBYTES]; uint8_t temp_encrypted[length + crypto_secretbox_MACBYTES + crypto_secretbox_BOXZEROBYTES]; memset(temp_plain, 0, crypto_secretbox_ZEROBYTES); memcpy(temp_plain + crypto_secretbox_ZEROBYTES, plain, length); // Pad the message with 32 0 bytes. crypto_secretbox(temp_encrypted, temp_plain, length + crypto_secretbox_ZEROBYTES, nonce, secret_key); /* Unpad the encrypted message. */ memcpy(encrypted, temp_encrypted + crypto_secretbox_BOXZEROBYTES, length + crypto_secretbox_MACBYTES); return length + crypto_secretbox_MACBYTES; }
EncryptedMessage CryptoEngine::Encrypt(const Message &message) { if (secret_key_.empty()) { std::cout << "The secret key for symmetric encryption has not been initialized" << std::endl; throw g_crypto_engine_encryption_failure; } if (nonce_master_key_.empty()) { std::cout << "The master key for deriving the nonce is not valid" << std::endl; throw g_crypto_engine_encryption_failure; } if (context_.empty()) { std::cout << "The context identifier for deriving the nonce is not valid" << std::endl; throw g_crypto_engine_encryption_failure; } if (salt_.empty()) { std::cout << "The salt for deriving the nonce is not valid" << std::endl; throw g_crypto_engine_encryption_failure; } try { // generate the Nonce std::string nonce = hkdf_.DeriveNonce(nonce_master_key_, salt_); // Add the additional data (tcp_verion, type, message) to the string std::string full_clear_text(message.ToBytesString()); // encrypt the message std::string cipher_text = crypto_secretbox(full_clear_text, nonce, secret_key_); // return the Message object so that it can be serialized to bytes return EncryptedMessage(nonce, cipher_text); } catch (std::exception& e) { std::cout << "CryptoEngine::Encrypt exception: " << e.what() << std::endl; throw g_crypto_engine_encryption_failure; } }
int main(void) { int mlen; int i; for (mlen = 0;mlen < 1000 && mlen + crypto_secretbox_ZEROBYTES < sizeof m;++mlen) { randombytes(k,crypto_secretbox_KEYBYTES); randombytes(n,crypto_secretbox_NONCEBYTES); randombytes(m + crypto_secretbox_ZEROBYTES,mlen); crypto_secretbox(c,m,mlen + crypto_secretbox_ZEROBYTES,n,k); if (crypto_secretbox_open(m2,c,mlen + crypto_secretbox_ZEROBYTES,n,k) == 0) { for (i = 0;i < mlen + crypto_secretbox_ZEROBYTES;++i) if (m2[i] != m[i]) { printf("bad decryption\n"); break; } } else { printf("ciphertext fails verification\n"); } } return 0; }
PyObject *pycrypto_secretbox(PyObject *self, PyObject *args, PyObject *kw){ char *m, *n, *k; Py_ssize_t msize=0, nsize=0, ksize=0; static const char *kwlist[] = {"m", "n", "k", 0}; unsigned int i; PyObject *ret; size_t mlen; unsigned char *mpad; unsigned char *cpad; if (!PyArg_ParseTupleAndKeywords(args, kw, "|s#s#s#:crypto_secretbox", (char **) kwlist, &m, &msize, &n, &nsize, &k, &ksize)){ return (PyObject *)0;} if (nsize != crypto_secretbox_NONCEBYTES) return Py_BuildValue("i", 0); if (ksize != crypto_secretbox_KEYBYTES) return Py_BuildValue("i", 0); mlen = msize + crypto_secretbox_ZEROBYTES; mpad = PyMem_Malloc(mlen); if (!mpad) return PyErr_NoMemory(); cpad = PyMem_Malloc(mlen); if (!cpad){ PyMem_Free(mpad); return PyErr_NoMemory();} for (i = 0;i < crypto_secretbox_ZEROBYTES;++i) mpad[i] = 0; for (i = crypto_secretbox_ZEROBYTES;i < mlen;++i) mpad[i] = m[i - crypto_secretbox_ZEROBYTES]; crypto_secretbox(cpad, mpad, mlen, (const unsigned char *) n, (const unsigned char *) k); ret = PyBytes_FromStringAndSize((char *)cpad + crypto_secretbox_BOXZEROBYTES, mlen - crypto_secretbox_BOXZEROBYTES); PyMem_Free(mpad); PyMem_Free(cpad); return ret;}
static ERL_NIF_TERM nacl_secretbox_padded(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[]) { ErlNifBinary key; ErlNifBinary nonce; ErlNifBinary padded_message; ErlNifBinary padded_ciphertext; if (!enif_inspect_iolist_as_binary(env, argv[0], &padded_message)) return enif_make_badarg(env); if (!enif_inspect_iolist_as_binary(env, argv[1], &nonce)) return enif_make_badarg(env); if (!enif_inspect_iolist_as_binary(env, argv[2], &key)) return enif_make_badarg(env); if (key.size != crypto_secretbox_KEYBYTES) return enif_make_badarg(env); if (nonce.size != crypto_secretbox_NONCEBYTES) return enif_make_badarg(env); if (padded_message.size < crypto_secretbox_ZEROBYTES) return enif_make_badarg(env); if (!enif_alloc_binary(padded_message.size, &padded_ciphertext)) return nacl_error_tuple(env, "alloc_failed"); crypto_secretbox( padded_ciphertext.data, padded_message.data, padded_message.size, nonce.data, key.data ); return enif_make_sub_binary(env, enif_make_binary(env, &padded_ciphertext), crypto_secretbox_BOXZEROBYTES, padded_message.size - crypto_secretbox_BOXZEROBYTES); }
int zmq::curve_server_t::produce_welcome (msg_t *msg_) { uint8_t cookie_nonce[crypto_secretbox_NONCEBYTES]; uint8_t cookie_plaintext[crypto_secretbox_ZEROBYTES + 64]; uint8_t cookie_ciphertext[crypto_secretbox_BOXZEROBYTES + 80]; // Create full nonce for encryption // 8-byte prefix plus 16-byte random nonce memcpy (cookie_nonce, "COOKIE--", 8); randombytes (cookie_nonce + 8, 16); // Generate cookie = Box [C' + s'](t) memset (cookie_plaintext, 0, crypto_secretbox_ZEROBYTES); memcpy (cookie_plaintext + crypto_secretbox_ZEROBYTES, _cn_client, 32); memcpy (cookie_plaintext + crypto_secretbox_ZEROBYTES + 32, _cn_secret, 32); // Generate fresh cookie key randombytes (_cookie_key, crypto_secretbox_KEYBYTES); // Encrypt using symmetric cookie key int rc = crypto_secretbox (cookie_ciphertext, cookie_plaintext, sizeof cookie_plaintext, cookie_nonce, _cookie_key); zmq_assert (rc == 0); uint8_t welcome_nonce[crypto_box_NONCEBYTES]; uint8_t welcome_plaintext[crypto_box_ZEROBYTES + 128]; uint8_t welcome_ciphertext[crypto_box_BOXZEROBYTES + 144]; // Create full nonce for encryption // 8-byte prefix plus 16-byte random nonce memcpy (welcome_nonce, "WELCOME-", 8); randombytes (welcome_nonce + 8, crypto_box_NONCEBYTES - 8); // Create 144-byte Box [S' + cookie](S->C') memset (welcome_plaintext, 0, crypto_box_ZEROBYTES); memcpy (welcome_plaintext + crypto_box_ZEROBYTES, _cn_public, 32); memcpy (welcome_plaintext + crypto_box_ZEROBYTES + 32, cookie_nonce + 8, 16); memcpy (welcome_plaintext + crypto_box_ZEROBYTES + 48, cookie_ciphertext + crypto_secretbox_BOXZEROBYTES, 80); rc = crypto_box (welcome_ciphertext, welcome_plaintext, sizeof welcome_plaintext, welcome_nonce, _cn_client, _secret_key); // TODO I think we should change this back to zmq_assert (rc == 0); // as it was before https://github.com/zeromq/libzmq/pull/1832 // The reason given there was that secret_key might be 0ed. // But if it were, we would never get this far, since we could // not have opened the client's hello box with a 0ed key. if (rc == -1) return -1; rc = msg_->init_size (168); errno_assert (rc == 0); uint8_t *const welcome = static_cast<uint8_t *> (msg_->data ()); memcpy (welcome, "\x07WELCOME", 8); memcpy (welcome + 8, welcome_nonce + 8, 16); memcpy (welcome + 24, welcome_ciphertext + crypto_box_BOXZEROBYTES, 144); return 0; }
int main(){ int s,b,on=1,i; struct sockaddr_in channel, server; unsigned char buf[BUF_SIZE]; unsigned char k[crypto_secretbox_KEYBYTES]; unsigned char n[crypto_secretbox_NONCEBYTES]; unsigned char m[BUF_SIZE]; unsigned long long mlen = BUF_SIZE; unsigned char c[BUF_SIZE]; /* Address structure */ memset(&channel,0,sizeof(channel)); channel.sin_family = AF_INET; channel.sin_addr.s_addr = htonl(INADDR_ANY); channel.sin_port = htons(CLIENT_PORT); /* Build socket and Bind */ s = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP); /* Create socket */ if(s<0) fatal("Failed to create socket!"); setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char*)&on,sizeof(on)); //Osäker på denna b = bind(s,(struct sockaddr *)&channel,sizeof(channel)); if(b<0){ fatal("Bind failed "); } //Setting up server address memset(&server,0,sizeof(server)); server.sin_family = AF_INET; server.sin_addr.s_addr = htonl(INADDR_LOOPBACK); //INADDR_LOOPBACK är denna datorns ip i.e 127.0.0.1 //inet_addr(serverIP); <- får användas över nätverk där serverIP ges som klassisk xxx.xxx.xxx.xxx server.sin_port = htons(SERVER_PORT); //Serverns portnummer /* Time to start sending */ if(connect(s,(struct sockaddr *)&server,sizeof(server))){ fatal("Could not connect to server"); } //usleep(1000); //Ska tydligen ge server tid fast det funkar utan detta, iallafall när localhost-localhost // Här börjar diffie-hellman ************************************************************************* if(!dh(k,crypto_secretbox_KEYBYTES,n,crypto_secretbox_NONCEBYTES,s)){ fatal("Diffie-hellman fail!"); } // S**t på diffie-hellman ********************************************************* // Här Börjar symetrisk krytering ************************************************* while(1){ //Infinite message chain loop for(i=0;i<BUF_SIZE;i++){ //Reset message m[i] = 0; } i = crypto_secretbox_ZEROBYTES; //Begin message at byte 32 printf("\nWrite your message(q/Q to quit):\n"); fgets((char *)&m[i],200,stdin); // Get message from user max 200 charachters (should be enough) if((m[i] =='q' || m[i] == 'Q') && strlen((char *)&m[i]) == 2){ break; } if(VISIBLE){ printf("\n\n****** Symmetric encryption/decryption echo begin ******\n\n"); printf("\nClient plaintext:\n%s\n",&m[i]); } if(crypto_secretbox(c,m,mlen,n,k)!=0){ fatal("Cryptobox fail!"); } inc_nonce(n); if(VISIBLE){ printf("\nClient ciphertext:\n%s\n",&c[crypto_secretbox_ZEROBYTES]); //Kolla om detta borde stämma } if(write(s,c,BUF_SIZE)==-1){ // Skriver meddelandet till server. _!check!_ check funkar ej pröva annat (send)! fatal("Server not responding"); } for(i=0;i<BUF_SIZE;i++){ buf[i] = 0; } read(s,c,BUF_SIZE); // Läser in svar _!check!_ if(VISIBLE){ printf("\nServer ciphertext:\n%s\n",&c[crypto_secretbox_ZEROBYTES]); } if(crypto_secretbox_open(buf,c,BUF_SIZE,n,k)==-1){ fatal("Decryption fail!"); } inc_nonce(n); if(VISIBLE){ printf("\nServer plaintext:\n%s\n",&buf[crypto_secretbox_ZEROBYTES]); printf("\n\n****** Symmetric encrytion/decryption echo end ******\n\n"); } printf("\n\n"); printf("Server says: %s\n", &buf[32]); } close(s); printf("Exiting program!\n"); return 0; }
bool unit_test_crypto_secretbox(){ // Global length uint64_t len = HACL_UNIT_TESTS_SIZE * sizeof(uint8_t); // Scratch buffers uint8_t hacl_cipher[HACL_UNIT_TESTS_SIZE + 32], expected_cipher[HACL_UNIT_TESTS_SIZE + 32]; // Shared key uint8_t key[32]; // Random plaintext uint8_t *plaintext = malloc((HACL_UNIT_TESTS_SIZE + crypto_secretbox_ZEROBYTES) * sizeof (uint8_t)); READ_RANDOM_BYTES(len, plaintext + crypto_secretbox_ZEROBYTES); for (int i = 0; i < crypto_secretbox_ZEROBYTES; i++) plaintext[i] = 0; // Random plaintext uint8_t nonce[24]; READ_RANDOM_BYTES(24, nonce); // Test 1 int a; bool pass = true; for (int i = 0; i < 256; i++){ tweet_crypto_secretbox(expected_cipher, plaintext, crypto_secretbox_ZEROBYTES + i, nonce, key); crypto_secretbox(hacl_cipher, plaintext, crypto_secretbox_ZEROBYTES + i, nonce, key); a = memcmp(hacl_cipher, expected_cipher, (crypto_secretbox_ZEROBYTES + i) * sizeof (uint8_t)); if (a != 0){ pass = false; break; } /* a = crypto_secretbox_open_detached(hacl_cipher/\* +32 *\/, expected_cipher/\* +32 *\/, expected_cipher + 16, i, nonce, key); */ a = crypto_secretbox_open(hacl_cipher, expected_cipher, crypto_secretbox_ZEROBYTES + i, nonce, key); if (a != 0) { pass = false; printf("SECRETBOX OPEN ******* failed to verify on input of size %d\n", i); break; } a = memcmp(hacl_cipher, plaintext, (crypto_secretbox_ZEROBYTES + i) * sizeof (uint8_t)); if (a != 0) { pass = false; printf("SECRETBOX OPEN failed on input of size %d\n", i); break; } } if (!pass) return pass; // Test 2 tweet_crypto_secretbox(expected_cipher, plaintext, crypto_secretbox_ZEROBYTES + HACL_UNIT_TESTS_SIZE, nonce, key); crypto_secretbox(hacl_cipher, plaintext, crypto_secretbox_ZEROBYTES + HACL_UNIT_TESTS_SIZE, nonce, key); a = memcmp(hacl_cipher, expected_cipher, (crypto_secretbox_ZEROBYTES + HACL_UNIT_TESTS_SIZE) * sizeof (uint8_t)); if (a != 0){ pass = false; printf("SECRETBOX failed on input of size %d\n.", HACL_UNIT_TESTS_SIZE); } a = crypto_secretbox_open(hacl_cipher, expected_cipher, HACL_UNIT_TESTS_SIZE + crypto_secretbox_ZEROBYTES, nonce, key); if (a != 0) { pass = false; printf("SECRETBOX OPEN failed to verify on input of size %d\n", HACL_UNIT_TESTS_SIZE); } a = memcmp(hacl_cipher, plaintext, (crypto_secretbox_ZEROBYTES + HACL_UNIT_TESTS_SIZE) * sizeof (uint8_t)); if (a != 0) { pass = false; printf("SECRETBOX OPEN failed on input of size %d\n", HACL_UNIT_TESTS_SIZE); } free(plaintext); return pass; }
const char *checksum_compute(void) { long long i; long long j; for (j = 0;j < crypto_secretbox_ZEROBYTES;++j) m[j] = 0; for (i = 0;i < CHECKSUM_BYTES;++i) { long long mlen = i + crypto_secretbox_ZEROBYTES; long long tlen = i + crypto_secretbox_ZEROBYTES; long long clen = i + crypto_secretbox_ZEROBYTES; for (j = -16;j < 0;++j) k[j] = rand(); for (j = -16;j < 0;++j) n[j] = rand(); for (j = -16;j < 0;++j) m[j] = rand(); for (j = klen;j < klen + 16;++j) k[j] = rand(); for (j = nlen;j < nlen + 16;++j) n[j] = rand(); for (j = mlen;j < mlen + 16;++j) m[j] = rand(); for (j = -16;j < klen + 16;++j) k2[j] = k[j]; for (j = -16;j < nlen + 16;++j) n2[j] = n[j]; for (j = -16;j < mlen + 16;++j) m2[j] = m[j]; for (j = -16;j < clen + 16;++j) c2[j] = c[j] = rand(); if (crypto_secretbox(c,m,mlen,n,k) != 0) return "crypto_secretbox returns nonzero"; for (j = -16;j < mlen + 16;++j) if (m2[j] != m[j]) return "crypto_secretbox overwrites m"; for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox overwrites n"; for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox overwrites k"; for (j = -16;j < 0;++j) if (c2[j] != c[j]) return "crypto_secretbox writes before output"; for (j = clen;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox writes after output"; for (j = 0;j < crypto_secretbox_BOXZEROBYTES;++j) if (c[j] != 0) return "crypto_secretbox does not clear extra bytes"; for (j = -16;j < 0;++j) c[j] = rand(); for (j = clen;j < clen + 16;++j) c[j] = rand(); for (j = -16;j < clen + 16;++j) c2[j] = c[j]; for (j = -16;j < tlen + 16;++j) t2[j] = t[j] = rand(); if (crypto_secretbox_open(t,c,clen,n,k) != 0) return "crypto_secretbox_open returns nonzero"; for (j = -16;j < clen + 16;++j) if (c2[j] != c[j]) return "crypto_secretbox_open overwrites c"; for (j = -16;j < nlen + 16;++j) if (n2[j] != n[j]) return "crypto_secretbox_open overwrites n"; for (j = -16;j < klen + 16;++j) if (k2[j] != k[j]) return "crypto_secretbox_open overwrites k"; for (j = -16;j < 0;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes before output"; for (j = tlen;j < tlen + 16;++j) if (t2[j] != t[j]) return "crypto_secretbox_open writes after output"; for (j = 0;j < crypto_secretbox_ZEROBYTES;++j) if (t[j] != 0) return "crypto_secretbox_open does not clear extra bytes"; for (j = 0;j < i;++j) if (t[j] != m[j]) return "plaintext does not match"; for (j = 0;j < i;++j) k[j % klen] ^= c[j + crypto_secretbox_BOXZEROBYTES]; crypto_secretbox(c,m,mlen,n,k); for (j = 0;j < i;++j) n[j % nlen] ^= c[j + crypto_secretbox_BOXZEROBYTES]; crypto_secretbox(c,m,mlen,n,k); if (i == 0) m[crypto_secretbox_ZEROBYTES + 0] = 0; m[crypto_secretbox_ZEROBYTES + i] = m[crypto_secretbox_ZEROBYTES + 0]; for (j = 0;j < i;++j) m[j + crypto_secretbox_ZEROBYTES] ^= c[j + crypto_secretbox_BOXZEROBYTES]; } sodium_bin2hex(checksum, sizeof checksum, k, klen); return 0; }
void doit(void) { crypto_secretbox(c,m,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k); crypto_secretbox_open(t,c,TUNE_BYTES + crypto_secretbox_ZEROBYTES,n,k); }
static int _handle_hello (struct curvecpr_server *server, void *priv, const struct curvecpr_packet_hello *p) { const struct curvecpr_server_cf *cf = &server->cf; struct curvecpr_session s; /* Used only as a temporary store to make what we're doing more clear. */ unsigned char nonce[24]; unsigned char data[96] = { 0 }; /* Dummy initialization. */ curvecpr_session_new(&s); curvecpr_session_set_priv(&s, priv); /* Verify initial connection parameters. */ curvecpr_bytes_copy(s.their_session_pk, p->client_session_pk, 32); crypto_box_beforenm(s.my_global_their_session_key, s.their_session_pk, cf->my_global_sk); curvecpr_bytes_copy(nonce, "CurveCP-client-H", 16); curvecpr_bytes_copy(nonce + 16, p->nonce, 8); curvecpr_bytes_copy(data + 16, p->box, 80); if (crypto_box_open_afternm(data, data, 96, nonce, s.my_global_their_session_key)) return -EINVAL; /* Set up session keys. */ crypto_box_keypair(s.my_session_pk, s.my_session_sk); /* Prepare to send a cookie packet. */ { struct curvecpr_packet_cookie po; struct curvecpr_packet_cookie_box po_box; curvecpr_bytes_zero(po_box._, 32); curvecpr_bytes_copy(po_box.server_session_pk, s.my_session_pk, 32); /* Generate the cookie. */ curvecpr_bytes_zero(po_box.cookie, 32); curvecpr_bytes_copy(po_box.cookie + 32, s.their_session_pk, 32); curvecpr_bytes_copy(po_box.cookie + 64, s.my_session_sk, 32); /* Encrypt the cookie with our global nonce and temporary key. */ curvecpr_bytes_copy(nonce, "minute-k", 8); if (cf->ops.next_nonce(server, nonce + 8, 16)) return -EINVAL; crypto_secretbox(po_box.cookie, po_box.cookie, 96, nonce, server->my_temporal_key); curvecpr_bytes_copy(po_box.cookie, nonce + 8, 16); /* Now encrypt the whole box. */ curvecpr_bytes_copy(nonce, "CurveCPK", 8); crypto_box_afternm((unsigned char *)&po_box, (const unsigned char *)&po_box, sizeof(struct curvecpr_packet_cookie_box), nonce, s.my_global_their_session_key); /* Build the rest of the packet. */ curvecpr_bytes_copy(po.id, "RL3aNMXK", 8); curvecpr_bytes_copy(po.client_extension, p->client_extension, 16); curvecpr_bytes_copy(po.server_extension, cf->my_extension, 16); curvecpr_bytes_copy(po.nonce, nonce + 8, 16); curvecpr_bytes_copy(po.box, (const unsigned char *)&po_box + 16, 144); if (cf->ops.send(server, &s, (const unsigned char *)&po, sizeof(struct curvecpr_packet_cookie))) return -EINVAL; } return 0; }