static int
crypto_xsalsa20(unsigned char *c, const unsigned char *m, unsigned long long mlen,
const unsigned char *n, const unsigned char *k, int klen)
{
unsigned char subkey[32];
assert(klen == 32 || klen == 16);
if (klen < XSALSA20_CRYPTO_KEYBYTES)
crypto_core_hsalsa20(subkey,n,k,tau);
else
crypto_core_hsalsa20(subkey,n,k,sigma);
return crypto_stream_salsa20_xor(c,m,mlen,n + 16,subkey);
}
/**
* Get a shared secret.
*
* @param outputSecret an array to place the shared secret in.
* @param myPrivateKey
* @param herPublicKey
* @param logger
* @param passwordHash a 32 byte value known to both ends, this must be provably pseudorandom
* the first 32 bytes of a sha256 output from hashing a password is ok,
* whatever she happens to send me in the Auth field is NOT ok.
* If this field is null, the secret will be generated without the password.
*/
static inline void getSharedSecret(uint8_t outputSecret[32],
uint8_t myPrivateKey[32],
uint8_t herPublicKey[32],
uint8_t passwordHash[32],
struct Log* logger)
{
uint8_t tempBuff[64];
crypto_scalarmult_curve25519(tempBuff, myPrivateKey, herPublicKey);
if (passwordHash == NULL) {
crypto_core_hsalsa20(outputSecret, keyHashNonce, tempBuff, keyHashSigma);
} else {
memcpy(&tempBuff[32], passwordHash, 32);
crypto_hash_sha256(outputSecret, tempBuff, 64);
}
#ifdef Log_KEYS
uint8_t myPublicKeyHex[65];
printHexPubKey(myPublicKeyHex, myPrivateKey);
uint8_t herPublicKeyHex[65];
printHexKey(herPublicKeyHex, herPublicKey);
uint8_t passwordHashHex[65];
printHexKey(passwordHashHex, passwordHash);
uint8_t outputSecretHex[65] = "NULL";
printHexKey(outputSecretHex, outputSecret);
Log_keys4(logger,
"Generated a shared secret:\n"
" myPublicKey=%s\n"
" herPublicKey=%s\n"
" passwordHash=%s\n"
" outputSecret=%s\n",
myPublicKeyHex, herPublicKeyHex, passwordHashHex, outputSecretHex);
#endif
}
int crypto_box_beforenm(
unsigned char *k,
const unsigned char *pk,
const unsigned char *sk
)
{
unsigned char s[32];
crypto_scalarmult_curve25519(s,sk,pk);
return crypto_core_hsalsa20(k,n,s,sigma);
}
int crypto_stream(
unsigned char *c,unsigned long long clen,
const unsigned char *n,
const unsigned char *k
)
{
unsigned char subkey[32];
crypto_core_hsalsa20(subkey,n,k,sigma);
return crypto_stream_salsa20(c,clen,n + 16,subkey);
}
main()
{
int i;
crypto_core_hsalsa20(out,in,k,c);
for (i = 0;i < 32;++i) {
printf(",0x%02x",(unsigned int) out[i]);
if (i % 8 == 7) printf("\n");
}
return 0;
}
int crypto_stream_xor(
unsigned char *c,
const unsigned char *m,uint64_t mlen,
const unsigned char *n,
const unsigned char *k
)
{
unsigned char subkey[32];
crypto_core_hsalsa20(subkey,n,k,sigma);
return crypto_stream_salsa20_xor(c,m,mlen,n + 16,subkey);
}
int crypto_box_curve25519xsalsa20poly1305_beforenm(
unsigned char *k,
const unsigned char *pk,
const unsigned char *sk
)
{
unsigned char s[32];
if (crypto_scalarmult_curve25519(s,sk,pk) != 0) {
return -1;
}
return crypto_core_hsalsa20(k,n,s,NULL);
}
int main(void)
{
int i;
crypto_core_hsalsa20(firstkey, zero, shared, c);
for (i = 0; i < 32; ++i) {
if (i > 0) {
printf(",");
} else {
printf(" ");
}
printf("0x%02x", (unsigned int)firstkey[i]);
if (i % 8 == 7) {
printf("\n");
}
}
assert(crypto_core_hsalsa20_outputbytes() > 0U);
assert(crypto_core_hsalsa20_inputbytes() > 0U);
assert(crypto_core_hsalsa20_keybytes() > 0U);
assert(crypto_core_hsalsa20_constbytes() > 0U);
return 0;
}
