int main(void) { int clen; for (clen = 0; clen < 10000; ++clen) { randombytes_buf(key, sizeof key); randombytes_buf(c, clen); crypto_onetimeauth(a, c, clen, key); if (crypto_onetimeauth_verify(a, c, clen, key) != 0) { printf("fail %d\n", clen); return 100; } if (clen > 0) { c[rand() % clen] += 1 + (rand() % 255); if (crypto_onetimeauth_verify(a, c, clen, key) == 0) { printf("forgery %d\n", clen); return 100; } a[rand() % sizeof a] += 1 + (rand() % 255); if (crypto_onetimeauth_verify(a, c, clen, key) == 0) { printf("forgery %d\n", clen); return 100; } } } return 0; }
int shick_crypto_enc_message(const SC_CHAR sender_secret_key[crypto_box_SECRETKEYBYTES], const SC_CHAR** recipient_public_keys, const int amount_of_recipients, const SC_CHAR* message, const SC_LEN message_len, SC_CHAR nonce[crypto_box_NONCEBYTES], SC_ENC_SYM_KEY* encrypted_symmetric_keys, SC_CHAR* ciphertext) { int failed = 0; // Create symmetric key SC_SYM_KEY sym_key; randombytes_buf((void*) sym_key.key, sizeof sym_key.key); randombytes_buf((void*) sym_key.nonce, sizeof sym_key.nonce); // Encrypt message symmetrically failed = crypto_secretbox_easy(ciphertext, message, message_len, sym_key.nonce, sym_key.key); if (failed) return SC_ENC_SYM_FAILED; // Encrypt symmetric key asymmetrically for each recipient for (int i = 0; i < amount_of_recipients; i++) { SC_CHAR public_key[crypto_box_PUBLICKEYBYTES]; memcpy(public_key, recipient_public_keys[i], crypto_box_PUBLICKEYBYTES); failed = crypto_box_easy((SC_CHAR*) &encrypted_symmetric_keys[i], (SC_CHAR*) &sym_key, sizeof sym_key, nonce, public_key, sender_secret_key); if (failed) return SC_ENC_ASYM_FAILED; } return 0; }
int main(void) { randombytes_buf(v16, sizeof v16); randombytes_buf(v32, sizeof v32); randombytes_buf(v64, sizeof v64); memcpy(v16x, v16, sizeof v16); memcpy(v32x, v32, sizeof v32); memcpy(v64x, v64, sizeof v64); printf("%d\n", crypto_verify_16(v16, v16x)); printf("%d\n", crypto_verify_32(v32, v32x)); printf("%d\n", crypto_verify_64(v64, v64x)); v16x[randombytes_random() & 15U]++; v32x[randombytes_random() & 31U]++; v64x[randombytes_random() & 63U]++; printf("%d\n", crypto_verify_16(v16, v16x)); printf("%d\n", crypto_verify_32(v32, v32x)); printf("%d\n", crypto_verify_64(v64, v64x)); assert(crypto_verify_16_bytes() == 16U); assert(crypto_verify_32_bytes() == 32U); assert(crypto_verify_64_bytes() == 64U); return 0; }
int main(void) { size_t clen; for (clen = 0; clen < sizeof c; ++clen) { randombytes_buf(key, sizeof key); randombytes_buf(c, clen); crypto_auth_hmacsha512(a, c, clen, key); if (crypto_auth_hmacsha512_verify(a, c, clen, key) != 0) { printf("fail %u\n", (unsigned int) clen); return 100; } if (clen > 0) { c[(size_t) rand() % clen] += 1 + (rand() % 255); if (crypto_auth_hmacsha512_verify(a, c, clen, key) == 0) { printf("forgery %u\n", (unsigned int) clen); return 100; } a[rand() % sizeof a] += 1 + (rand() % 255); if (crypto_auth_hmacsha512_verify(a, c, clen, key) == 0) { printf("forgery %u\n", (unsigned int) clen); return 100; } } } return 0; }
void dfcrypt_encrypt( const dfcrypt_state_t *state, const unsigned char *ptxt, size_t ptxt_len_bytes, const unsigned char *message_number, unsigned char *ctxt_out ) { unsigned char *salt = ctxt_out; unsigned char *nonce = ctxt_out + DFCRYPT_INTERNAL_SALT_BYTES; unsigned char *encrypted = nonce + crypto_stream_chacha20_NONCEBYTES; unsigned char *mac = encrypted + ptxt_len_bytes; unsigned char keys[DFCRYPT_INTERNAL_AKEY_BYTES + DFCRYPT_INTERNAL_EKEY_BYTES]; const unsigned char *akey = keys; const unsigned char *ekey = keys + DFCRYPT_INTERNAL_AKEY_BYTES; /* Sample a random salt and nonce. */ randombytes_buf(salt, DFCRYPT_INTERNAL_SALT_BYTES); randombytes_buf(nonce, crypto_stream_chacha20_NONCEBYTES); /* Derive the authentication and encryption keys. */ assert(sizeof(keys) == 64); crypto_generichash_blake2b_salt_personal( keys, /* output */ sizeof(keys), /* output length */ state->appseed, /* input */ state->appseed_length, /* input length */ state->key, /* key */ DFCRYPT_KEY_BYTES, /* key length */ salt, /* salt */ message_number /* personalization (can be NULL) */ ); /* Encrypt the ciphertext. */ crypto_stream_chacha20_xor( encrypted, /* output */ ptxt, /* input */ ptxt_len_bytes, /* input length */ nonce, /* nonce */ ekey /* key */ ); /* Append the MAC. */ crypto_generichash_blake2b( mac, /* output */ DFCRYPT_INTERNAL_MAC_BYTES, /* output length */ ctxt_out, /* input */ DFCRYPT_INTERNAL_SALT_BYTES + crypto_stream_chacha20_NONCEBYTES + ptxt_len_bytes, /* input length */ akey, /* key */ DFCRYPT_INTERNAL_AKEY_BYTES /* key length */ ); }
static int cms_init(CMS * const cms, const size_t vector_size, const size_t items_count) { cms->vector_entries = (size_t) vector_size / (size_t) sizeof *cms->vector; cms->k_num = cms_optimal_k_num(cms->vector_entries, items_count); cms->vector = calloc(sizeof *cms->vector, vector_size); if (cms->vector == NULL) { return -1; } randombytes_buf(&cms->skeys[0], sizeof cms->skeys[0]); randombytes_buf(&cms->skeys[1], sizeof cms->skeys[1]); return 0; }
int main(void) { sodium_init(); //create random chain key unsigned char chain_key[crypto_auth_BYTES]; randombytes_buf(chain_key, crypto_auth_BYTES); //print first chain key printf("Chain key (%i Bytes):\n", crypto_auth_BYTES); print_hex(chain_key, crypto_auth_BYTES, 30); putchar('\n'); int status; //derive message key from chain key unsigned char message_key[crypto_auth_BYTES]; status = derive_message_key(message_key, chain_key); sodium_memzero(chain_key, crypto_auth_BYTES); if (status != 0) { fprintf(stderr, "ERROR: Failed to derive message key. (%i)\n", status); sodium_memzero(message_key, crypto_auth_BYTES); return status; } //print message key printf("Message key (%i Bytes):\n", crypto_auth_BYTES); print_hex(message_key, crypto_auth_BYTES, 30); putchar('\n'); sodium_memzero(message_key, crypto_auth_BYTES); return EXIT_SUCCESS; }
int crypto_encrypt(uint8_t *c, const uint8_t *m, const uint32_t mlen) { uint8_t nonce[CSSNB]; randombytes_buf(nonce, CSSNB); memcpy(c, nonce, CSSNB); return salsa208poly1305_encrypt(c + CSSNB, m, mlen, nonce, secret_key); }
int rand_bytes(void *output, int len) { randombytes_buf(output, len); // always return success return 0; }
int encrypt(unsigned char* ciphertext, size_t* ciphertext_length, unsigned char* key) { unsigned char message[] = MESSAGE; printf("Message (%lu Bytes):\n%s\n\n", sizeof(message), message); //create random nonce unsigned char nonce[crypto_secretbox_NONCEBYTES]; randombytes_buf(nonce, crypto_secretbox_NONCEBYTES); //print nonce printf("Nonce (%i Bytes):\n", crypto_secretbox_NONCEBYTES); print_hex(nonce, crypto_secretbox_NONCEBYTES, 30); putchar('\n'); const unsigned char header[] = HEADER; printf("Header (%lu Bytes):\n%s\n\n", sizeof(header), header); int status = encrypt_message( ciphertext, ciphertext_length, message, sizeof(message), header, sizeof(header), nonce, key); sodium_memzero(message, sizeof(message)); return status; }
/* * Function: generate_key_nonce * ---------------------------- * Attempt to generate a key and nonce using the passphrase and the static salt * values. If there are any errors then return -1 otherwise return 0. */ result generate_key_nonce(unsigned char *key, unsigned char *nonce, char *passphrase) { char *key_salt = "wJDNGf7/Jrce41GTllX+Z4I0eHdva+IXFsYiD5Sg50M"; size_t r; r = crypto_pwhash_scryptsalsa208sha256( key, KEYBYTES, passphrase, strlen(passphrase), (unsigned char *)key_salt, crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE, crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE); if (r != 0) { fprintf(stderr, "Unable to generate key from passprase.\n"); return FAIL; } randombytes_buf(nonce, NONCEBYTES); return SUCCESS; }
/* r = hash(B || empty_labelset || Z || pad1 || k || pad2 || empty_labelset || K || extra || M) (mod q) */ static void _crypto_sign_ed25519_synthetic_r_hv(crypto_hash_sha512_state *hs, unsigned char Z[32], const unsigned char sk[64]) { static const unsigned char B[32] = { 0x58, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, 0x66, }; static const unsigned char zeros[16] = { 0x00 }; static const unsigned char empty_labelset[3] = { 0x02, 0x00, 0x00 }; crypto_hash_sha512_update(hs, B, 32); crypto_hash_sha512_update(hs, empty_labelset, 3); randombytes_buf(Z, 32); crypto_hash_sha512_update(hs, Z, 32); crypto_hash_sha512_update(hs, zeros, 16 - (32 + 3 + 32) % 16); crypto_hash_sha512_update(hs, sk, 32); /* empty pad2 */ crypto_hash_sha512_update(hs, empty_labelset, 3); crypto_hash_sha512_update(hs, sk + 32, 32); /* empty extra */ }
int main(void) { size_t clen; for (clen = 0; clen < 1000; ++clen) { crypto_auth_keygen(key); randombytes_buf(c, clen); crypto_auth(a, c, clen, key); if (crypto_auth_verify(a, c, clen, key) != 0) { printf("fail %u\n", (unsigned int) clen); return 100; } if (clen > 0) { c[rand() % clen] += 1 + (rand() % 255); if (crypto_auth_verify(a, c, clen, key) == 0) { printf("forgery %u\n", (unsigned int) clen); return 100; } a[rand() % sizeof a] += 1 + (rand() % 255); if (crypto_auth_verify(a, c, clen, key) == 0) { printf("forgery %u\n", (unsigned int) clen); return 100; } } } crypto_auth_keygen(key); crypto_auth(a, guard_page, 0U, key); assert(crypto_auth_verify(a, guard_page, 0U, key) == 0); return 0; }
static void mm_generichash(void) { crypto_generichash_state st; unsigned char *h, *h2; unsigned char *k; unsigned char *m; size_t hlen; size_t klen; size_t mlen; size_t l1, l2; int i; for (i = 0; i < MAX_ITER; i++) { mlen = randombytes_uniform(MAXLEN); m = (unsigned char *) sodium_malloc(mlen); klen = randombytes_uniform(crypto_generichash_KEYBYTES_MAX - crypto_generichash_KEYBYTES_MIN + 1U) + crypto_generichash_KEYBYTES_MIN; k = (unsigned char *) sodium_malloc(klen); hlen = randombytes_uniform(crypto_generichash_BYTES_MAX - crypto_generichash_BYTES_MIN + 1U) + crypto_generichash_BYTES_MIN; h = (unsigned char *) sodium_malloc(hlen); h2 = (unsigned char *) sodium_malloc(hlen); randombytes_buf(k, klen); randombytes_buf(m, mlen); crypto_generichash_init(&st, k, klen, hlen); l1 = randombytes_uniform(mlen); l2 = randombytes_uniform(mlen - l1); crypto_generichash_update(&st, m, l1); crypto_generichash_update(&st, m + l1, l2); crypto_generichash_update(&st, m + l1 + l2, mlen - l1 - l2); crypto_generichash_final(&st, h, hlen); crypto_generichash(h2, hlen, m, mlen, k, klen); assert(memcmp(h, h2, hlen) == 0); sodium_free(h2); sodium_free(h); sodium_free(k); sodium_free(m); } }
int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk, unsigned char *sk) { randombytes_buf(sk, 32); return crypto_scalarmult_curve25519_base(pk, sk); }
int main(void) { sodium_init(); //create random key unsigned char key[crypto_secretbox_KEYBYTES]; randombytes_buf(key, crypto_secretbox_KEYBYTES); //print key printf("Key (%i Bytes):\n", crypto_secretbox_KEYBYTES); print_hex(key, crypto_secretbox_KEYBYTES, 30); putchar('\n'); //encrypted message unsigned char ciphertext[500]; //TODO don't use fixed size buffer here size_t ciphertext_length = 0; int status; status = encrypt(ciphertext, &ciphertext_length, key); if (status != 0) { fprintf(stderr, "ERROR: Failed to encrypt message. (%i)\n", status); return status; } //print the ciphertext printf("Ciphertext (packet, %zu Bytes):\n", ciphertext_length); print_hex(ciphertext, ciphertext_length, 30); putchar('\n'); puts("NOW DECRYPT -------------------------------------------------------------------\n"); unsigned char header[ciphertext_length]; size_t header_length = 0; status = extract_header_without_verifying( header, &header_length, ciphertext, ciphertext_length); if (status != 0) { fprintf(stderr, "ERROR: Failed to extract header from packet. (%i)\n", status); return status; } //print header printf("Received header (%zu Bytes):\n%s\n\n", header_length, header); //check header if (sodium_memcmp(header, HEADER, sizeof(HEADER)) != 0) { fprintf(stderr, "ERROR: Headers aren't the same!\n"); return -1; } return EXIT_SUCCESS; }
int crypto_kx_keypair(unsigned char pk[crypto_kx_PUBLICKEYBYTES], unsigned char sk[crypto_kx_SECRETKEYBYTES]) { COMPILER_ASSERT(crypto_kx_SECRETKEYBYTES == crypto_scalarmult_SCALARBYTES); COMPILER_ASSERT(crypto_kx_PUBLICKEYBYTES == crypto_scalarmult_BYTES); randombytes_buf(sk, crypto_kx_SECRETKEYBYTES); return crypto_scalarmult_base(pk, sk); }
int crypto_encrypt(unsigned char *c, unsigned char *m, unsigned long long mlen) { unsigned char nonce[8]; randombytes_buf(nonce, 8); int r = crypto_secretbox_salsa208poly1305(c, m, mlen + 32, nonce, key); if (r != 0) return r; // copy nonce to the head memcpy(c + 8, nonce, 8); return 0; }
int crypto_sign_keypair(unsigned char *pk, unsigned char *sk) { unsigned char seed[32]; int ret; randombytes_buf(seed, sizeof seed); ret = crypto_sign_seed_keypair(pk, sk, seed); sodium_memzero(seed, sizeof seed); return ret; }
int main(void) { sodium_init(); printf("HKDF as described in RFC 5869 based on HMAC-SHA512256!\n\n"); unsigned char output_key[200]; size_t output_key_length = sizeof(output_key); //create random salt unsigned char salt[crypto_auth_KEYBYTES]; randombytes_buf(salt, crypto_auth_KEYBYTES); printf("Salt (%i Bytes):\n", crypto_auth_KEYBYTES); print_hex(salt, crypto_auth_KEYBYTES, 30); putchar('\n'); //create key to derive from unsigned char input_key[100]; size_t input_key_length = sizeof(input_key); randombytes_buf(input_key, input_key_length); printf("Input key (%zu Bytes):\n", input_key_length); print_hex(input_key, input_key_length, 30); putchar('\n'); //info unsigned char* info = (unsigned char*) "This is some info!"; size_t info_length = sizeof(info); printf("Info (%zu Bytes):\n", info_length); //this could also be binary data printf("%s\n\n", info); int status; status = hkdf(output_key, output_key_length, salt, input_key, input_key_length, info, info_length); if (status != 0) { fprintf(stderr, "ERROR: Failed to derive key. %i\n", status); return EXIT_FAILURE; } printf("Derived key (%zu Bytes):\n", output_key_length); print_hex(output_key, output_key_length, 30); putchar('\n'); return EXIT_SUCCESS; }
int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES], const char * const passwd, unsigned long long passwdlen, unsigned long long opslimit, size_t memlimit) { uint8_t salt[crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES]; char setting[crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES + 1U]; escrypt_local_t escrypt_local; uint32_t N_log2; uint32_t p; uint32_t r; memset(out, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES); if (passwdlen > SIZE_MAX) { errno = EFBIG; /* LCOV_EXCL_LINE */ return -1; /* LCOV_EXCL_LINE */ } if (pickparams(opslimit, memlimit, &N_log2, &p, &r) != 0) { errno = EINVAL; /* LCOV_EXCL_LINE */ return -1; /* LCOV_EXCL_LINE */ } randombytes_buf(salt, sizeof salt); if (escrypt_gensalt_r(N_log2, r, p, salt, sizeof salt, (uint8_t *) setting, sizeof setting) == NULL) { errno = EINVAL; /* LCOV_EXCL_LINE */ return -1; /* LCOV_EXCL_LINE */ } if (escrypt_init_local(&escrypt_local) != 0) { return -1; /* LCOV_EXCL_LINE */ } if (escrypt_r(&escrypt_local, (const uint8_t *) passwd, (size_t) passwdlen, (const uint8_t *) setting, (uint8_t *) out, crypto_pwhash_scryptsalsa208sha256_STRBYTES) == NULL) { /* LCOV_EXCL_START */ escrypt_free_local(&escrypt_local); errno = EINVAL; return -1; /* LCOV_EXCL_STOP */ } escrypt_free_local(&escrypt_local); (void) sizeof (int[SETTING_SIZE(crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES) == crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES ? 1 : -1]); (void) sizeof (int[crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES + 1U + crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED + 1U == crypto_pwhash_scryptsalsa208sha256_STRBYTES ? 1 : -1]); return 0; }
/** * Encrypt data without making it a packet. * @src: source of the data * @len: length of the data * @pk: public key to encrypt the data for * @sk: secret key to encrypt the data with * @dest: destination for ciphertext, must be as big as len + PREFIX */ void crypto_encipher_data (const void *src, int len, const unsigned char *pek, const unsigned char *sek, void *dest) { unsigned char m[crypto_box_ZEROBYTES + len]; memset(m, 0, crypto_box_ZEROBYTES + len); memset(dest, 0, PREFIX + len); memcpy(m + crypto_box_ZEROBYTES, src, len); randombytes_buf(dest, crypto_box_NONCEBYTES); crypto_box((unsigned char *)dest + crypto_box_NONCEBYTES, m, crypto_box_ZEROBYTES + len, dest, pek, sek); }
int crypto_sign_edwards25519sha512batch_keypair(unsigned char *pk, unsigned char *sk) { ge_p3 A; randombytes_buf(sk, 32); crypto_hash_sha512(sk, sk, 32); sk[0] &= 248; sk[31] &= 63; sk[31] |= 64; ge_scalarmult_base(&A, sk); ge_p3_tobytes(pk, &A); return 0; }
// Generates a new Ed25519 private key seed. The key seed is stored in the object. int EdDSA::genKeySeed(unsigned char* privKey) { // Make space for a new key seed (if not present). if (!this->keySeed) { this->keySeed = (unsigned char*)sodium_malloc(crypto_sign_SEEDBYTES); if (this->keySeed == NULL) { // Something went wrong allocating the memory. return(0); } } // Now make the new key seed. randombytes_buf(this->keySeed, crypto_sign_SEEDBYTES); // Copy it to privKey before returning. if (privKey) { memcpy(privKey, this->keySeed, crypto_sign_SEEDBYTES); } return(1); }
QString ClientConfiguration::toBackup(QString const& password) const { QByteArray encryptionKey(BACKUP_ENCRYPTION_KEY_BYTES, 0x00); // Generate a Salt QByteArray salt(BACKUP_SALT_BYTES, 0x00); randombytes_buf(salt.data(), BACKUP_SALT_BYTES); // Convert the password into bytes QByteArray password8Bit = password.toUtf8(); // Generate the encryption key for the Backup from the Salt and the Password PKCS5_PBKDF2_HMAC(reinterpret_cast<unsigned char*>(password8Bit.data()), password8Bit.size(), reinterpret_cast<unsigned char*>(salt.data()), BACKUP_SALT_BYTES, BACKUP_KEY_PBKDF_ITERATIONS, BACKUP_ENCRYPTION_KEY_BYTES, reinterpret_cast<unsigned char*>(encryptionKey.data())); QByteArray nonceBytes(crypto_stream_NONCEBYTES, 0x00); // The backup content QByteArray clientId(IdentityHelper::uint64ToIdentityString(getClientIdentity().getContactId()).toLatin1()); if (clientId.size() != BACKUP_IDENTITY_BYTES) { throw InternalErrorException() << QString("Could not build backup - invalid client identity length (%1 vs. %2 Bytes).").arg(clientId.size()).arg(BACKUP_IDENTITY_BYTES).toStdString(); } QByteArray clientSecKey(getClientLongTermKeyPair().getPrivateKey()); if (clientSecKey.size() != PROTO_KEY_LENGTH_BYTES) { throw InternalErrorException() << QString("Could not build backup - invalid client secret key length (%1 vs. %2 Bytes).").arg(clientSecKey.size()).arg(PROTO_KEY_LENGTH_BYTES).toStdString(); } QByteArray backup(salt); backup.append(clientId); backup.append(clientSecKey); // Compute Hash QByteArray controlHash(crypto_hash_sha256_BYTES, 0x00); crypto_hash_sha256(reinterpret_cast<unsigned char*>(controlHash.data()), reinterpret_cast<unsigned char*>(backup.data() + BACKUP_SALT_BYTES), BACKUP_IDENTITY_BYTES + PROTO_KEY_LENGTH_BYTES); backup.append(controlHash.left(BACKUP_HASH_BYTES)); if (backup.size() != (BACKUP_SALT_BYTES + BACKUP_IDENTITY_BYTES + PROTO_KEY_LENGTH_BYTES + BACKUP_HASH_BYTES)) { throw InternalErrorException() << QString("Could not build backup - invalid packet length (%1 vs. %2 Bytes).").arg(clientSecKey.size()).arg(BACKUP_SALT_BYTES + BACKUP_IDENTITY_BYTES + PROTO_KEY_LENGTH_BYTES + BACKUP_HASH_BYTES).toStdString(); } // The Backup is build from SALT + IDENTITY + KEY + HASH crypto_stream_xor(reinterpret_cast<unsigned char*>(backup.data() + BACKUP_SALT_BYTES), reinterpret_cast<unsigned char*>(backup.data() + BACKUP_SALT_BYTES), BACKUP_IDENTITY_BYTES + PROTO_KEY_LENGTH_BYTES + BACKUP_HASH_BYTES, reinterpret_cast<unsigned char*>(nonceBytes.data()), reinterpret_cast<unsigned char*>(encryptionKey.data())); // Encode in Base32 return Base32::encodeBase32Sequence(backup); }
QString ClientConfiguration::generateRandomPassword(int length) { if (length <= 0) { return ""; } QString result; result.reserve(length); for (int i = 0; i < length; ++i) { uint16_t value = 0; randombytes_buf(&value, sizeof(uint16_t)); value = value % (26 + 26 + 10); // a-z, A-Z, 0-9 if (value < 26) { result.append('A' + value); } else if (value < 52) { result.append('a' + (value - 26)); } else { result.append('0' + (value - 52)); } } return result; }
static void mm_hmacsha256(void) { crypto_auth_hmacsha256_state st; unsigned char *h, *h2; unsigned char *k; unsigned char *m; size_t mlen; size_t l1, l2; int i; for (i = 0; i < MAX_ITER; i++) { mlen = randombytes_uniform(MAXLEN); m = (unsigned char *) sodium_malloc(mlen); k = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_KEYBYTES); h = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES); h2 = (unsigned char *) sodium_malloc(crypto_auth_hmacsha256_BYTES); crypto_auth_hmacsha256_keygen(k); randombytes_buf(m, mlen); crypto_auth_hmacsha256_init(&st, k, crypto_auth_hmacsha256_KEYBYTES); l1 = randombytes_uniform(mlen); l2 = randombytes_uniform(mlen - l1); crypto_auth_hmacsha256_update(&st, m, l1); crypto_auth_hmacsha256_update(&st, m + l1, l2); crypto_auth_hmacsha256_update(&st, m + l1 + l2, mlen - l1 - l2); crypto_auth_hmacsha256_final(&st, h); crypto_auth_hmacsha256(h2, m, mlen, k); assert(memcmp(h, h2, crypto_auth_hmacsha256_BYTES) == 0); sodium_free(h2); sodium_free(h); sodium_free(k); sodium_free(m); } }
void randombytes(unsigned char * const buf, const unsigned long long buf_len) { assert(buf_len <= SIZE_MAX); randombytes_buf(buf, (size_t) buf_len); }
void crypto_auth_hmacsha512256_keygen( unsigned char k[crypto_auth_hmacsha512256_KEYBYTES]) { randombytes_buf(k, crypto_auth_hmacsha512256_KEYBYTES); }
static void tv_stream_xchacha20(void) { static const XChaCha20TV tvs[] = { { "79c99798ac67300bbb2704c95c341e3245f3dcb21761b98e52ff45b24f304fc4", "b33ffd3096479bcfbc9aee49417688a0a2554f8d95389419", "c6e9758160083ac604ef90e712ce6e75d7797590744e0cf060f013739c" }, { "ddf7784fee099612c40700862189d0397fcc4cc4b3cc02b5456b3a97d1186173", "a9a04491e7bf00c3ca91ac7c2d38a777d88993a7047dfcc4", "2f289d371f6f0abc3cb60d11d9b7b29adf6bc5ad843e8493e928448d" }, { "3d12800e7b014e88d68a73f0a95b04b435719936feba60473f02a9e61ae60682", "56bed2599eac99fb27ebf4ffcb770a64772dec4d5849ea2d", "a2c3c1406f33c054a92760a8e0666b84f84fa3a618f0" }, { "5f5763ff9a30c95da5c9f2a8dfd7cc6efd9dfb431812c075aa3e4f32e04f53e4", "a5fa890efa3b9a034d377926ce0e08ee6d7faccaee41b771", "8a1a5ba898bdbcff602b1036e469a18a5e45789d0e8d9837d81a2388a52b0b6a0f51891528f424c4a7f492a8dd7bce8bac19fbdbe1fb379ac0" }, { "eadc0e27f77113b5241f8ca9d6f9a5e7f09eee68d8a5cf30700563bf01060b4e", "a171a4ef3fde7c4794c5b86170dc5a099b478f1b852f7b64", "23839f61795c3cdbcee2c749a92543baeeea3cbb721402aa42e6cae140447575f2916c5d71108e3b13357eaf86f060cb" }, { "91319c9545c7c804ba6b712e22294c386fe31c4ff3d278827637b959d3dbaab2", "410e854b2a911f174aaf1a56540fc3855851f41c65967a4e", "cbe7d24177119b7fdfa8b06ee04dade4256ba7d35ffda6b89f014e479faef6" }, { "6a6d3f412fc86c4450fc31f89f64ed46baa3256ffcf8616e8c23a06c422842b6", "6b7773fce3c2546a5db4829f53a9165f41b08faae2fb72d5", "8b23e35b3cdd5f3f75525fc37960ec2b68918e8c046d8a832b9838f1546be662e54feb1203e2" }, { "d45e56368ebc7ba9be7c55cfd2da0feb633c1d86cab67cd5627514fd20c2b391", "fd37da2db31e0c738754463edadc7dafb0833bd45da497fc", "47950efa8217e3dec437454bd6b6a80a287e2570f0a48b3fa1ea3eb868be3d486f6516606d85e5643becc473b370871ab9ef8e2a728f73b92bd98e6e26ea7c8ff96ec5a9e8de95e1eee9300c" }, { "aface41a64a9a40cbc604d42bd363523bd762eb717f3e08fe2e0b4611eb4dcf3", "6906e0383b895ab9f1cf3803f42f27c79ad47b681c552c63", "a5fa7c0190792ee17675d52ad7570f1fb0892239c76d6e802c26b5b3544d13151e67513b8aaa1ac5af2d7fd0d5e4216964324838" }, { "9d23bd4149cb979ccf3c5c94dd217e9808cb0e50cd0f67812235eaaf601d6232", "c047548266b7c370d33566a2425cbf30d82d1eaf5294109e", "a21209096594de8c5667b1d13ad93f744106d054df210e4782cd396fec692d3515a20bf351eec011a92c367888bc464c32f0807acd6c203a247e0db854148468e9f96bee4cf718d68d5f637cbd5a376457788e6fae90fc31097cfc" }, }; const XChaCha20TV *tv; char *hex; unsigned char *key; unsigned char *nonce; unsigned char *out; unsigned char *out2; size_t out_len; int i; key = (unsigned char *) sodium_malloc(crypto_stream_xchacha20_KEYBYTES); nonce = (unsigned char *) sodium_malloc(crypto_stream_xchacha20_NONCEBYTES); out = (unsigned char *) sodium_malloc(XCHACHA20_OUT_MAX); for (i = 0; i < (sizeof tvs) / (sizeof tvs[0]); i++) { tv = &tvs[i]; sodium_hex2bin(key, crypto_stream_xchacha20_KEYBYTES, tv->key, strlen(tv->key), NULL, NULL, NULL); sodium_hex2bin(nonce, crypto_stream_xchacha20_NONCEBYTES, tv->nonce, strlen(tv->nonce), NULL, NULL, NULL); sodium_hex2bin(out, XCHACHA20_OUT_MAX, tv->out, strlen(tv->out), NULL, &out_len, NULL); out2 = (unsigned char *) sodium_malloc(out_len); crypto_stream_xchacha20(out2, out_len, nonce, key); assert(memcmp(out, out2, out_len) == 0); crypto_stream_xchacha20_xor(out2, out, out_len, nonce, key); assert(sodium_is_zero(out2, out_len)); crypto_stream_xchacha20_xor_ic(out2, out, out_len, nonce, 0, key); assert(sodium_is_zero(out2, out_len)); crypto_stream_xchacha20_xor_ic(out2, out, out_len, nonce, 1, key); assert(!sodium_is_zero(out2, out_len)); crypto_stream_xchacha20_xor(out, out, out_len, nonce, key); assert(sodium_is_zero(out, out_len)); sodium_free(out2); } out2 = (unsigned char *) sodium_malloc(0); crypto_stream_xchacha20(out2, 0, nonce, key); crypto_stream_xchacha20_xor(out2, out2, 0, nonce, key); crypto_stream_xchacha20_xor_ic(out2, out2, 0, nonce, 1, key); sodium_free(out2); sodium_free(out); out = (unsigned char *) sodium_malloc(64); out2 = (unsigned char *) sodium_malloc(128); randombytes_buf(out, 64); randombytes_buf(out2, 64); memcpy(out2 + 64, out, 64); crypto_stream_xchacha20_xor_ic(out, out, 64, nonce, 1, key); crypto_stream_xchacha20_xor(out2, out2, 128, nonce, key); assert(memcmp(out, out2 + 64, 64) == 0); sodium_free(out); sodium_free(out2); out = (unsigned char *) sodium_malloc(192); out2 = (unsigned char *) sodium_malloc(192); memset(out, 0, 192); memset(out2, 0, 192); crypto_stream_xchacha20_xor_ic(out2, out2, 192, nonce, (1ULL << 32) - 1ULL, key); crypto_stream_xchacha20_xor_ic(out, out, 64, nonce, (1ULL << 32) - 1ULL, key); crypto_stream_xchacha20_xor_ic(out + 64, out + 64, 64, nonce, (1ULL << 32), key); crypto_stream_xchacha20_xor_ic(out + 128, out + 128, 64, nonce, (1ULL << 32) + 1, key); assert(memcmp(out, out2, 192) == 0); hex = (char *) sodium_malloc(192 * 2 + 1); sodium_bin2hex(hex, 192 * 2 + 1, out, 192); printf("%s\n", hex); sodium_free(hex); sodium_free(out); sodium_free(out2); sodium_free(nonce); sodium_free(key); assert(crypto_stream_xchacha20_keybytes() == crypto_stream_xchacha20_KEYBYTES); assert(crypto_stream_xchacha20_noncebytes() == crypto_stream_xchacha20_NONCEBYTES); printf("tv_stream_xchacha20: ok\n"); }