SODIUM_EXPORT int
crypto_box_curve25519xsalsa20poly1305_ref_beforenm(unsigned char *k,
const unsigned char *pk,
const unsigned char *sk)
{
return crypto_box_curve25519xsalsa20poly1305_beforenm(k, pk, sk);
}
static int proto_init(sigma_proto *instance)
{
crypto_box_curve25519xsalsa20poly1305_beforenm(
((sigma_proto_nacl*) instance)->precomp,
((sigma_proto_nacl*) instance)->publickey,
((sigma_proto_nacl*) instance)->privatekey
);
memset(n, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES);
return 0;
}
int
dnsperf_makekey(const unsigned char *hexkey)
{
encryption = 0;
if (fromhex(hexkey, &key.server_publickey[0])) {
//client secret key
randombytes(&key.server_secretkey[0], 32);
int rc = crypto_scalarmult_curve25519_base(&key.client_publickey[0], &key.server_secretkey[0]);
if (rc != 0) {
fprintf(stderr, "(%s:%s:%i) (crypto_scalarmult_curve25519_base) rc: %i\n", __FILE__, __func__, __LINE__, rc);
return 0;
} else {
key.hash = fDns_hash_fnv64(&key.server_publickey[0], crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES);
/*
printf("Using hash: '%lu' for public key for host: ", key.hash);
for (rc = 0; rc < crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES; rc++) {
printf("%02x", key.server_publickey[rc]);
}
printf("\n");
*/
rc = crypto_box_curve25519xsalsa20poly1305_beforenm((unsigned char *)&key.shared_new_key[0], (const unsigned char *)&key.server_publickey[0], (const unsigned char *)&key.server_secretkey[0]);
if (rc != 0) {
fprintf(stderr, "(%s:%s:%i) (crypto_box_curve25519xsalsa20poly1305_beforenm) rc: %i\n", __FILE__, __func__, __LINE__, rc);
return 0;
}
key.shared_key = &key.shared_new_key[0];
/*
printf("Using shared key: ");
for (rc = 0; rc < crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES; rc++) {
printf("%02x", key.shared_key[rc]);
}
printf("\n");
*/
}
bzero(&key.nonce[12], 12);
randombytes(&key.nonce[0], 12);
/*
printf("Using nonce: ");
for (rc = 0; rc < crypto_box_curve25519xsalsa20poly1305_NONCEBYTES; rc++) {
printf("%02x", key.nonce[rc]);
}
printf("\n");
*/
encryption = 1;
}
return 0;
}
int
crypto_box_curve25519xsalsa20poly1305_open(
unsigned char *m, const unsigned char *c, unsigned long long clen,
const unsigned char *n, const unsigned char *pk, const unsigned char *sk)
{
unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
int ret;
if (crypto_box_curve25519xsalsa20poly1305_beforenm(k, pk, sk) != 0) {
return -1;
}
ret = crypto_box_curve25519xsalsa20poly1305_open_afternm(m, c, clen, n, k);
sodium_memzero(k, sizeof k);
return ret;
}
/**
* Get a shared secret.
*
* @param outputSecret an array to place the shared secret in.
* @param myPrivateKey
* @param herPublicKey
* @param logger
* @param passwordHash a 32 byte value known to both ends, this must be provably pseudorandom
* the first 32 bytes of a sha256 output from hashing a password is ok,
* whatever she happens to send me in the Auth field is NOT ok.
* If this field is null, the secret will be generated without the password.
*/
static inline void getSharedSecret(uint8_t outputSecret[32],
uint8_t myPrivateKey[32],
uint8_t herPublicKey[32],
uint8_t passwordHash[32],
struct Log* logger)
{
if (passwordHash == NULL) {
crypto_box_curve25519xsalsa20poly1305_beforenm(outputSecret, herPublicKey, myPrivateKey);
} else {
union {
struct {
uint8_t key[32];
uint8_t passwd[32];
} components;
uint8_t bytes[64];
} buff;
crypto_scalarmult_curve25519(buff.components.key, myPrivateKey, herPublicKey);
Bits_memcpyConst(buff.components.passwd, passwordHash, 32);
crypto_hash_sha256(outputSecret, buff.bytes, 64);
}
#ifdef Log_KEYS
uint8_t myPublicKeyHex[65];
printHexPubKey(myPublicKeyHex, myPrivateKey);
uint8_t herPublicKeyHex[65];
printHexKey(herPublicKeyHex, herPublicKey);
uint8_t passwordHashHex[65];
printHexKey(passwordHashHex, passwordHash);
uint8_t outputSecretHex[65] = "NULL";
printHexKey(outputSecretHex, outputSecret);
Log_keys(logger,
"Generated a shared secret:\n"
" myPublicKey=%s\n"
" herPublicKey=%s\n"
" passwordHash=%s\n"
" outputSecret=%s\n",
myPublicKeyHex, herPublicKeyHex, passwordHashHex, outputSecretHex);
#endif
}