int main(void)
{
size_t i;
crypto_secretbox_easy(c, m, 131, nonce, firstkey);
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)c[i]);
if (i % 8 == 7)
printf("\n");
}
printf("\n");
crypto_secretbox_detached(c, mac, m, 131, nonce, firstkey);
for (i = 0; i < crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)mac[i]);
if (i % 8 == 7)
printf("\n");
}
for (i = 0; i < 131; ++i) {
printf(",0x%02x", (unsigned int)c[i]);
if (i % 8 == 7)
printf("\n");
}
assert(crypto_secretbox_easy(c, m, SIZE_MAX - 1U, nonce, firstkey) == -1);
return 0;
}
int
shick_crypto_enc_message(const SC_CHAR sender_secret_key[crypto_box_SECRETKEYBYTES],
const SC_CHAR** recipient_public_keys,
const int amount_of_recipients,
const SC_CHAR* message,
const SC_LEN message_len,
SC_CHAR nonce[crypto_box_NONCEBYTES],
SC_ENC_SYM_KEY* encrypted_symmetric_keys,
SC_CHAR* ciphertext) {
int failed = 0;
// Create symmetric key
SC_SYM_KEY sym_key;
randombytes_buf((void*) sym_key.key, sizeof sym_key.key);
randombytes_buf((void*) sym_key.nonce, sizeof sym_key.nonce);
// Encrypt message symmetrically
failed = crypto_secretbox_easy(ciphertext, message, message_len, sym_key.nonce, sym_key.key);
if (failed) return SC_ENC_SYM_FAILED;
// Encrypt symmetric key asymmetrically for each recipient
for (int i = 0; i < amount_of_recipients; i++) {
SC_CHAR public_key[crypto_box_PUBLICKEYBYTES];
memcpy(public_key, recipient_public_keys[i], crypto_box_PUBLICKEYBYTES);
failed = crypto_box_easy((SC_CHAR*) &encrypted_symmetric_keys[i], (SC_CHAR*) &sym_key, sizeof sym_key, nonce, public_key, sender_secret_key);
if (failed) return SC_ENC_ASYM_FAILED;
}
return 0;
}
lob_t remote_encrypt(remote_t remote, local_t local, lob_t inner)
{
uint8_t secret[crypto_box_BEFORENMBYTES], nonce[24], shared[24+crypto_box_BEFORENMBYTES], hash[32], csid = 0x3a;
lob_t outer;
size_t inner_len;
outer = lob_new();
lob_head(outer,&csid,1);
inner_len = lob_len(inner);
if(!lob_body(outer,NULL,32+24+inner_len+crypto_secretbox_MACBYTES+16)) return lob_free(outer);
// copy in the ephemeral public key/nonce
memcpy(outer->body, remote->ekey, 32);
randombytes(nonce,24);
memcpy(outer->body+32, nonce, 24);
// get the shared secret to create the nonce+key for the open aes
crypto_box_beforenm(secret, remote->key, remote->esecret);
// encrypt the inner
if(crypto_secretbox_easy(outer->body+32+24,
lob_raw(inner),
inner_len,
nonce,
secret) != 0) return lob_free(outer);
// generate secret for hmac
crypto_box_beforenm(secret, remote->key, local->secret);
memcpy(shared,nonce,24);
memcpy(shared+24,secret,crypto_box_BEFORENMBYTES);
e3x_hash(shared,24+crypto_box_BEFORENMBYTES,hash);
crypto_onetimeauth(outer->body+32+24+inner_len+crypto_secretbox_MACBYTES, outer->body, outer->body_len-16, hash);
return outer;
}
/*
* Function: encrypt_file
* ----------------------
* Encrypt a file by reading in chunks of data, encrypting those chunks, and
* writing the encrypted chunks to a new file.
*/
result
encrypt_file(char *pfname, char *efname, unsigned char *k, unsigned char *n)
{
size_t rsize;
size_t wsize;
size_t r;
unsigned char ebuf[BUFBYTES + MACBYTES];
unsigned char pbuf[BUFBYTES];
FILE *pfile;
FILE *efile;
pfile = open_file(pfname, "rb");
if (pfile == NULL) { return FAIL; }
efile = open_file(efname, "wb");
if (efile == NULL) { fclose(pfile); return FAIL; }
// Write the nonce to the beginning of the file.
wsize = fwrite(n, sizeof(char), NONCEBYTES, efile);
if (wsize != NONCEBYTES)
{
fprintf(stderr, "Could not write nonce data to file.\n");
fclose(pfile);
fclose(efile);
return FAIL;
}
// Encrypt the data in the file in chunks.
while (feof(pfile) == 0)
{
rsize = fread(pbuf, sizeof(char), BUFBYTES, pfile);
r = crypto_secretbox_easy(ebuf, pbuf, rsize, n, k);
if (r != 0)
{
fprintf(stderr, "Could not encrypt data.\n");
fclose(pfile);
fclose(efile);
return FAIL;
}
// Write the encrypted bytes to a file. The encrypted bytes include
// the MAC bytes as well.
wsize = fwrite(ebuf, sizeof(char), rsize + MACBYTES, efile);
if (wsize <= 0)
{
fprintf(stderr, "Could not write encrypted data to file.\n");
fclose(pfile);
fclose(efile);
return FAIL;
}
}
fclose(pfile);
fclose(efile);
return SUCCESS;
}
bool Encrypt( const uint8_t * message, int messageLength,
uint8_t * encryptedMessage, int & encryptedMessageLength,
const uint8_t * nonce, const uint8_t * key )
{
uint8_t actual_nonce[crypto_secretbox_NONCEBYTES];
memset( actual_nonce, 0, sizeof( actual_nonce ) );
memcpy( actual_nonce, nonce, NonceBytes );
if ( crypto_secretbox_easy( encryptedMessage, message, messageLength, actual_nonce, key ) != 0 )
return false;
encryptedMessageLength = messageLength + MacBytes;
return true;
}
static int luasymmetric_encrypt( lua_State * const L ) {
size_t message_len;
size_t key_len;
const char * const message = luaL_checklstring( L, 1, &message_len );
const char * const key = luaL_checklstring( L, 2, &key_len );
if( key_len != crypto_secretbox_KEYBYTES ) {
lua_pushliteral( L, "key should be " stringify( crypto_secretbox_KEYBYTES ) " bytes" );
return lua_error( L );
}
const size_t ciphertext_len = message_len + crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES;
/* overflow */
if( ciphertext_len < message_len ) {
lua_pushliteral( L, "message too long" );
return lua_error( L );
}
char * const ciphertext = malloc( ciphertext_len );
if( ciphertext == NULL ) {
lua_pushliteral( L, "out of memory" );
return lua_error( L );
}
/* prepend iv */
arc4random_buf( ciphertext, crypto_secretbox_NONCEBYTES );
/*
* the only failure case is the ciphertext not fitting in memory
* but we already tested for that
*/
( void ) crypto_secretbox_easy( ciphertext + crypto_secretbox_NONCEBYTES,
message, message_len, ciphertext, key );
lua_pushlstring( L, ciphertext, ciphertext_len );
explicit_bzero( ciphertext, ciphertext_len );
free( ciphertext );
return 1;
}
lob_t ephemeral_encrypt(ephemeral_t ephem, lob_t inner)
{
lob_t outer;
size_t inner_len;
outer = lob_new();
inner_len = lob_len(inner);
if(!lob_body(outer,NULL,16+24+inner_len+crypto_secretbox_MACBYTES)) return lob_free(outer);
// copy in token and create nonce
memcpy(outer->body,ephem->token,16);
randombytes(outer->body+16,24);
crypto_secretbox_easy(outer->body+16+24,
lob_raw(inner),
lob_len(inner),
outer->body+16,
ephem->enckey);
return outer;
}
BOOL SodiumEncryptFile(LPTSTR password)
{
ULONG numread;
BOOL bErrorFlag;
HLOCAL hFileBuffer = NULL;
HLOCAL hCipherBuffer = NULL;
int nFilesz;
// Retrieve file size
if ((nFilesz = GetFileSize(hFileIn , 0)) == 0)
{
MessageBox(NULL, L"Cannot get filesize", L"Encryption error", MB_ICONERROR);
bErrorFlag = FALSE;
goto enc_exit_on_failure;
}
hFileBuffer = LocalAlloc(LPTR, nFilesz * sizeof(BYTE));
if (!hFileBuffer)
{
MessageBox(NULL, L"Cannot allocate memory", L"Encryption error", MB_ICONERROR);
bErrorFlag = FALSE;
goto enc_exit_on_failure;
}
// Read entire file into memory
if (!ReadFile(hFileIn, hFileBuffer, nFilesz, &numread, NULL))
{
MessageBox(NULL, L"Cannot read file into memory", L"Encryption error", MB_ICONERROR);
bErrorFlag = FALSE;
goto enc_exit_on_failure;
}
// For now read byes must equal filesize
assert(nFilesz == numread);
// Wide password to multibyte password
SIZE_T nConvChars;
CHAR c_szPassword[100]; // This might not be enough
wcstombs_s(&nConvChars, c_szPassword, password, wcslen(password) + 1);
// DERIVE KEY
BYTE salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
BYTE key[crypto_secretbox_KEYBYTES];
randombytes_buf(salt, crypto_pwhash_scryptsalsa208sha256_SALTBYTES);
if (crypto_pwhash_scryptsalsa208sha256(key, crypto_secretbox_KEYBYTES, c_szPassword, strlen(c_szPassword), salt,
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE,
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) {
MessageBox(NULL, L"Operation takes too much system resources", L"Encryption error", MB_ICONERROR);
bErrorFlag = FALSE;
goto enc_exit_on_failure;
}
// ENC
int nCiphersz = crypto_secretbox_MACBYTES + nFilesz;
hCipherBuffer = LocalAlloc(LPTR, nCiphersz * sizeof(BYTE));
if (!hCipherBuffer) {
MessageBox(NULL, L"Cannot allocate memory", L"Encryption error", MB_ICONERROR);
bErrorFlag = FALSE;
goto enc_exit_on_failure;
}
BYTE nonce[crypto_secretbox_NONCEBYTES];
randombytes_buf(nonce, sizeof(nonce));
crypto_secretbox_easy((LPBYTE)hCipherBuffer, (LPBYTE)hFileBuffer, nFilesz, nonce, key);
YENCFILE encFileStrct;
memcpy(encFileStrct.cbSignature, pszSignature, MAX_SIGNATURE);
memcpy(encFileStrct.cbNonce, nonce, crypto_secretbox_NONCEBYTES);
memcpy(encFileStrct.cbPasswordSalt, salt, crypto_pwhash_scryptsalsa208sha256_SALTBYTES);
encFileStrct.rawSize = nFilesz;
encFileStrct.algorithm = YC_SCRYPT_SALSA_POLY;
encFileStrct.dwOps = crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE;
encFileStrct.dwMemory = crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE;
wcscat_s(szFile, MAX_PATH, L".yc");
// WRITE
HANDLE hFileOut = CreateFile(
szFile, // Name of the write
GENERIC_WRITE, // Open for writing
0, // Do not share
NULL, // Default security
CREATE_NEW, // Create new file only
FILE_ATTRIBUTE_NORMAL, // Normal file
NULL); // No attr. template
if (hFileOut == INVALID_HANDLE_VALUE)
{
MessageBox(NULL, L"Cannot open file", L"Encryption error", MB_ICONERROR);
bErrorFlag = FALSE;
goto enc_exit_on_failure;
}
bErrorFlag = WriteFile(
hFileOut, // Open file handle
&encFileStrct, // Start of data to write
sizeof(YENCFILE), // Number of bytes to write
&numread, // Number of bytes that were written
NULL); // No overlapped structure'
if (!bErrorFlag)
{
MessageBox(NULL, L"Cannot write to file", L"Encryption error", MB_ICONERROR);
goto enc_exit_on_failure;
}
bErrorFlag = WriteFile(
hFileOut, // Open file handle
hCipherBuffer, // Start of data to write
nCiphersz, // Number of bytes to write
&numread, // Number of bytes that were written
NULL); // No overlapped structure
if (!bErrorFlag)
{
MessageBox(NULL, L"Cannot write to file", L"Encryption error", MB_ICONERROR);
goto enc_exit_on_failure;
}
CloseHandle(hFileOut);
enc_exit_on_failure:
// Override sensitive in memory
sodium_memzero(password, wcslen(password) * sizeof(TCHAR));
sodium_memzero(c_szPassword, strlen(c_szPassword) * sizeof(BYTE));
sodium_memzero(key, crypto_secretbox_KEYBYTES);
LocalFree(hFileBuffer);
LocalFree(hCipherBuffer);
return bErrorFlag;
}
int main(void)
{
unsigned char *c;
unsigned char *mac;
size_t i;
c = (unsigned char *) sodium_malloc(131 + crypto_secretbox_MACBYTES + 1);
mac = (unsigned char *) sodium_malloc(crypto_secretbox_MACBYTES);
assert(c != NULL && mac != NULL);
crypto_secretbox_easy(c, m, 131, nonce, firstkey);
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)c[i]);
if (i % 8 == 7)
printf("\n");
}
printf("\n");
crypto_secretbox_detached(c, mac, m, 131, nonce, firstkey);
for (i = 0; i < crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)mac[i]);
if (i % 8 == 7)
printf("\n");
}
for (i = 0; i < 131; ++i) {
printf(",0x%02x", (unsigned int)c[i]);
if (i % 8 == 7)
printf("\n");
}
printf("\n");
/* Same test, with c and m overlapping */
memcpy(c + 1, m, 131);
crypto_secretbox_easy(c, c + 1, 131, nonce, firstkey);
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)c[i]);
if (i % 8 == 7)
printf("\n");
}
printf("\n");
memcpy(c, m, 131);
crypto_secretbox_easy(c + 1, c, 131, nonce, firstkey);
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)c[i + 1]);
if (i % 8 == 7)
printf("\n");
}
printf("\n");
memcpy(c, m, 131);
crypto_secretbox_easy(c, c, 131, nonce, firstkey);
for (i = 0; i < 131 + crypto_secretbox_MACBYTES; ++i) {
printf(",0x%02x", (unsigned int)c[i]);
if (i % 8 == 7)
printf("\n");
}
printf("\n");
assert(crypto_secretbox_easy(c, m, SIZE_MAX - 1U, nonce, firstkey) == -1);
sodium_free(mac);
sodium_free(c);
return 0;
}
