#include "chacha20.h"
#include "poly1305.h"
-void
-crypto_ae_lock_detached(const uint8_t key[32],
- const uint8_t nonce[24],
- const uint8_t *plaintext,
- uint8_t *ciphertext,
- size_t text_size,
- uint8_t mac[16])
+void crypto_ae_lock_detached(uint8_t mac[16],
+ uint8_t *ciphertext,
+ const uint8_t key[32],
+ const uint8_t nonce[24],
+ const uint8_t *plaintext,
+ size_t text_size)
{
crypto_chacha_ctx e_ctx;
uint8_t auth_key[32];
crypto_poly1305_auth(mac, ciphertext, text_size, auth_key);
}
-int
-crypto_ae_unlock_detached(const uint8_t key[32],
- const uint8_t nonce[24],
- const uint8_t *ciphertext,
- uint8_t *plaintext,
- size_t text_size,
- const uint8_t mac[16])
+int crypto_ae_unlock_detached(uint8_t *plaintext,
+ const uint8_t key[32],
+ const uint8_t nonce[24],
+ const uint8_t mac[16],
+ const uint8_t *ciphertext,
+ size_t text_size)
{
crypto_chacha_ctx e_ctx;
uint8_t auth_key[32];
return 0;
}
-void
-crypto_ae_lock(const uint8_t key[32],
- const uint8_t nonce[24],
- const uint8_t *plaintext,
- size_t text_size,
- uint8_t *box)
+void crypto_ae_lock(uint8_t *box,
+ const uint8_t key[32],
+ const uint8_t nonce[24],
+ const uint8_t *plaintext,
+ size_t text_size)
{
- crypto_ae_lock_detached(key, nonce, plaintext, box + 16, text_size, box);
+ crypto_ae_lock_detached(box, box + 16, key, nonce, plaintext, text_size);
}
-int
-crypto_ae_unlock(const uint8_t key[32],
- const uint8_t nonce[24],
- const uint8_t *box,
- size_t text_size,
- uint8_t *plaintext)
+int crypto_ae_unlock(uint8_t *plaintext,
+ const uint8_t key[32],
+ const uint8_t nonce[24],
+ const uint8_t *box,
+ size_t text_size)
{
- return crypto_ae_unlock_detached(key, nonce, box + 16,
- plaintext, text_size, box);
+ return crypto_ae_unlock_detached(plaintext, key, nonce,
+ box, box + 16, text_size);
}
// Authenticated encryption with XChacha20 and Poly1305.
-void
-crypto_ae_lock_detached(const uint8_t key[32],
- const uint8_t nonce[24],
- const uint8_t *plaintext,
- uint8_t *ciphertext,
- size_t text_size,
- uint8_t mac[16]);
+void crypto_ae_lock_detached(uint8_t mac[16],
+ uint8_t *ciphertext,
+ const uint8_t key[32],
+ const uint8_t nonce[24],
+ const uint8_t *plaintext,
+ size_t text_size);
// Authenticated encryption with XChacha20 and Poly1305.
// Returns -1 and has no effect if the message is forged.
-int
-crypto_ae_unlock_detached(const uint8_t key[32],
- const uint8_t nonce[24],
- const uint8_t *ciphertext,
- uint8_t *plaintext,
- size_t text_size,
- const uint8_t mac[16]);
+int crypto_ae_unlock_detached(uint8_t *plaintext,
+ const uint8_t key[32],
+ const uint8_t nonce[24],
+ const uint8_t mac[16],
+ const uint8_t *ciphertext,
+ size_t text_size);
// Like the above, only puts the mac and the ciphertext together
// in a "box", mac first
-void
-crypto_ae_lock(const uint8_t key[32],
- const uint8_t nonce[24],
- const uint8_t *plaintext,
- size_t text_size,
- uint8_t *box); // text_size + 16
+void crypto_ae_lock(uint8_t *box, // text_size + 16
+ const uint8_t key[32],
+ const uint8_t nonce[24],
+ const uint8_t *plaintext,
+ size_t text_size);
// Unlocks a box locked by aead_lock()
-int
-crypto_ae_unlock(const uint8_t key[32],
- const uint8_t nonce[24],
- const uint8_t *box, // text_size + 16
- size_t text_size,
- uint8_t *plaintext);
+int crypto_ae_unlock(uint8_t *plaintext,
+ const uint8_t key[32],
+ const uint8_t nonce[24],
+ const uint8_t *box, // text_size + 16
+ size_t text_size);
crypto_chacha20_H(shared_key, shared_secret, _0);
}
-void crypto_lock_detached(const uint8_t your_secret_key [32],
+void crypto_lock_detached(uint8_t mac[16],
+ uint8_t *ciphertext,
+ const uint8_t your_secret_key [32],
const uint8_t their_public_key[32],
const uint8_t nonce[24],
const uint8_t *plaintext,
- uint8_t *ciphertext,
- size_t text_size,
- uint8_t mac[16])
+ size_t text_size)
{
uint8_t shared_key[32];
crypto_lock_key(shared_key, your_secret_key, their_public_key);
- crypto_ae_lock_detached(shared_key, nonce, plaintext, ciphertext,
- text_size, mac);
+ crypto_ae_lock_detached(mac, ciphertext,
+ shared_key, nonce,
+ plaintext, text_size);
}
-int crypto_unlock_detached(const uint8_t your_secret_key [32],
+int crypto_unlock_detached(uint8_t *plaintext,
+ const uint8_t your_secret_key [32],
const uint8_t their_public_key[32],
const uint8_t nonce[24],
+ const uint8_t mac[16],
const uint8_t *ciphertext,
- uint8_t *plaintext,
- size_t text_size,
- const uint8_t mac[16])
+ size_t text_size)
{
uint8_t shared_key[32];
crypto_lock_key(shared_key, your_secret_key, their_public_key);
- return crypto_ae_unlock_detached(shared_key, nonce, ciphertext, plaintext,
- text_size, mac);
+ return crypto_ae_unlock_detached(plaintext,
+ shared_key, nonce,
+ mac, ciphertext, text_size);
}
-void crypto_lock(const uint8_t your_secret_key [32],
+void crypto_lock(uint8_t *box,
+ const uint8_t your_secret_key [32],
const uint8_t their_public_key[32],
const uint8_t nonce[24],
const uint8_t *plaintext,
- size_t text_size,
- uint8_t *box)
+ size_t text_size)
{
- crypto_lock_detached(your_secret_key, their_public_key, nonce,
- plaintext, box + 16, text_size, box);
+ crypto_lock_detached(box, box + 16,
+ your_secret_key, their_public_key, nonce,
+ plaintext, text_size);
}
-int crypto_unlock(const uint8_t your_secret_key [32],
+int crypto_unlock(uint8_t *plaintext,
+ const uint8_t your_secret_key [32],
const uint8_t their_public_key[32],
const uint8_t nonce[24],
const uint8_t *box,
- size_t text_size,
- uint8_t *plaintext)
+ size_t text_size)
+{
+ return crypto_unlock_detached(plaintext,
+ your_secret_key, their_public_key, nonce,
+ box, box + 16, text_size);
+}
+
+static const uint8_t null_nonce[24] = {};
+
+void crypto_anonymous_lock(uint8_t *box,
+ const uint8_t random_secret_key[32],
+ const uint8_t their_public_key[32],
+ const uint8_t *plaintext,
+ size_t text_size)
+{
+ crypto_x25519_base(box, random_secret_key); // put public key in box
+ crypto_lock(box + 32,
+ random_secret_key, their_public_key, null_nonce,
+ plaintext, text_size);
+}
+
+int crypto_anonymous_unlock(uint8_t *plaintext,
+ const uint8_t your_secret_key[32],
+ const uint8_t *box,
+ size_t text_size)
{
- return crypto_unlock_detached(your_secret_key, their_public_key, nonce,
- box + 16, plaintext, text_size, box);
+ return crypto_unlock(plaintext,
+ your_secret_key, box, null_nonce,
+ box + 32, text_size);
}
const uint8_t their_public_key[32]);
// Authenticated encryption with the sender's secret key and the recipient's
-// publick key. The message leaks if one of the secret key gets compromised.
-void crypto_lock_detached(const uint8_t your_secret_key [32],
+// public key. The message leaks if one of the secret key gets compromised.
+void crypto_lock_detached(uint8_t mac[16],
+ uint8_t *ciphertext,
+ const uint8_t your_secret_key [32],
const uint8_t their_public_key[32],
const uint8_t nonce[24],
const uint8_t *plaintext,
- uint8_t *ciphertext,
- size_t text_size,
- uint8_t mac[16]);
+ size_t text_size);
// Authenticated decryption with the recipient's secret key, and the sender's
// public key. Has no effect if the message is forged.
-int crypto_unlock_detached(const uint8_t your_secret_key [32],
+int crypto_unlock_detached(uint8_t *plaintext,
+ const uint8_t your_secret_key [32],
const uint8_t their_public_key[32],
const uint8_t nonce[24],
+ const uint8_t mac[16],
const uint8_t *ciphertext,
- uint8_t *plaintext,
- size_t text_size,
- const uint8_t mac[16]);
+ size_t text_size);
// Like the above, only puts the mac and the ciphertext together
// in a "box", mac first
-void crypto_lock(const uint8_t your_secret_key [32],
+void crypto_lock(uint8_t *box,
+ const uint8_t your_secret_key [32],
const uint8_t their_public_key[32],
const uint8_t nonce[24],
const uint8_t *plaintext,
- size_t text_size,
- uint8_t *box);
+ size_t text_size);
// Unlocks a box locked by crypto_lock()
-int crypto_unlock(const uint8_t your_secret_key [32],
+int crypto_unlock(uint8_t *plaintext,
+ const uint8_t your_secret_key [32],
const uint8_t their_public_key[32],
const uint8_t nonce[24],
const uint8_t *box,
- size_t text_size,
- uint8_t *plaintext);
+ size_t text_size);
+
+void crypto_anonymous_lock(uint8_t *box,
+ const uint8_t random_secret_key[32],
+ const uint8_t their_public_key[32],
+ const uint8_t *plaintext,
+ size_t text_size);
+
+int crypto_anonymous_unlock(uint8_t *plaintext,
+ const uint8_t your_secret_key[32],
+ const uint8_t *box,
+ size_t text_size);
#endif // LOCK_H
#include "poly1305.h"
#include "argon2i.h"
#include "ae.h"
+#include "lock.h"
#include "x25519.h"
#include "ed25519.h"
#include "sha512.h"
uint8_t box[24];
uint8_t out[8];
int status = 0;
- crypto_ae_lock(key, nonce, plaintext, 8, box); // make true message
- status |= crypto_ae_unlock(key, nonce, box, 8, out); // accept true message
+ crypto_ae_lock(box, key, nonce, plaintext, 8); // make true message
+ status |= crypto_ae_unlock(out, key, nonce, box, 8); // accept true message
status |= memcmp(plaintext, out, 8); // roundtrip
box[0]++; // make forgery
- status |= !crypto_ae_unlock(key, nonce, box, 8, out); // reject forgery
+ status |= !crypto_ae_unlock(out, key, nonce, box, 8); // reject forgery
printf("%s: authenticated encryption\n", status != 0 ? "FAILED" : "OK");
return status;
}
+static int test_lock()
+{
+ uint8_t rk[32] = { 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7, 0,
+ 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7, 0 };
+ uint8_t sk[32] = { 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7,
+ 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7 };
+ uint8_t pk[32]; crypto_x25519_base(pk, sk);
+ uint8_t plaintext[8] = { 0, 1, 2, 3, 4, 5, 6, 7 };
+ uint8_t box[56];
+ uint8_t out[8];
+ int status = 0;
+ crypto_anonymous_lock(box, rk, pk, plaintext, 8); // make true message
+ status |= crypto_anonymous_unlock(out, sk, box, 8); // accept true message
+ status |= memcmp(plaintext, out, 8); // roundtrip
+ box[32]++; // make forgery
+ status |= !crypto_anonymous_unlock(out, sk, box, 8); // reject forgery
+ printf("%s: crypto_lock\n", status != 0 ? "FAILED" : "OK");
+ return status;
+}
+
int main(void)
{
int status = 0;
status |= test(argon2i , "vectors_argon2i" , 6);
status |= test(x25519 , "vectors_x25519" , 2);
status |= test(sha512 , "vectors_sha512" , 1);
- status |= test_x25519();
status |= test(ed25519 , "vectors_ed25519" , 3);
+ status |= test_x25519();
status |= test_ae();
+ status |= test_lock();
printf(status ? "TESTS FAILED\n" : "ALL TESTS OK\n");
return status;
}
projects / Monocypher.git / commitdiff