int oqs_kex_mcbits_encrypt( unsigned char *c, size_t *clen, const unsigned char *m, unsigned long long mlen, const unsigned char *pk, OQS_RAND *r) { unsigned char e[1 << (GFBITS - 3)]; unsigned char key[64]; unsigned char nonce[8] = {0}; // #define ct (c + SYND_BYTES) #define tag (ct + mlen) encrypt(c, e, pk, r); //crypto_hash_keccakc1024(key, e, sizeof(e)); TODO is this ok to replace with the below? OQS_SHA3_sha3512(key, e, sizeof(e)); crypto_stream_salsa20_xor(ct, m, mlen, nonce, key); crypto_onetimeauth_poly1305(tag, ct, mlen, key + 32); *clen = SYND_BYTES + mlen + 16; #undef ct #undef tag return 0; }
SODIUM_EXPORT int crypto_onetimeauth_poly1305_ref(unsigned char *out, const unsigned char *in, unsigned long long inlen, const unsigned char *k) { return crypto_onetimeauth_poly1305(out, in, inlen, k); }
int main(void) { int i; crypto_onetimeauth_poly1305(a,c,131,rs); for (i = 0;i < 16;++i) { printf(",0x%02x",(unsigned int) a[i]); if (i % 8 == 7) printf("\n"); } return 0; }
static int salsa208poly1305_encrypt(uint8_t *c, const uint8_t *m, const uint32_t mlen, const uint8_t *n, const uint8_t *k) { uint8_t c*k[COKB]; crypto_stream_salsa208(c*k, COKB, n, k); crypto_stream_salsa208_xor(c + COB, m, mlen, n, k); crypto_onetimeauth_poly1305(c, c + COB, mlen, c*k); return 0; }
int crypto_secretbox( unsigned char *c, const unsigned char *m,unsigned long long mlen, const unsigned char *n, const unsigned char *k ) { int i; if (mlen < 32) return -1; crypto_stream_xsalsa20_xor(c,m,mlen,n,k); crypto_onetimeauth_poly1305(c + 16,c + 32,mlen - 32,c); for (i = 0;i < 16;++i) c[i] = 0; return 0; }
void crypto_encryptAndSeal(const uint8_t* key, uint8_t* nonce, uint8_t* plain, uint16_t length, uint8_t* output_buf, uint8_t* output_mac) { uint8_t polykey[sizeof(zeros64)]; crypto_stream_chacha20_xor(polykey, zeros64, sizeof(zeros64), nonce, key, 0); uint8_t padding = (16 - length % 16) % 16; uint8_t message[length + padding + 16]; crypto_stream_chacha20_xor(message, plain, length, nonce, key, 1); memset(message + length, 0, padding + 16); message[length + padding + 8] = (uint8_t)length; message[length + padding + 9] = (uint8_t)(length >> 8); crypto_onetimeauth_poly1305(output_mac, message, sizeof(message), polykey); memcpy(output_buf, message, length); }