With the help of a (now updated) `doc_extract_examples.sh` script.
Note: We may want to integrate this script in the test suite, if we end
up writing more documentation.
Fix #260
const uint8_t mac [16]; /* Received from along with text */
uint8_t text [12]; /* Message to decrypt */
if (crypto_aead_unlock(text, mac, key, nonce,
- NULL, 0
+ NULL, 0,
text, sizeof(text))) {
/* The message is corrupted.
* Wipe key if it is no longer needed,
crypto_aead_init_x(&ctx, key, nonce);
crypto_aead_write(&ctx, cipher_text, mac,
NULL, 0,
- plain_text, sizeof(plain_text))
+ plain_text, sizeof(plain_text));
/* Wipe secrets if they are no longer needed */
crypto_wipe(plain_text, 12);
crypto_wipe(key, 32);
.nb_passes = 3, /* 3 iterations */
.nb_lanes = 1 /* Single-threaded */
};
+uint8_t password[14] = "Okay Password!";
crypto_argon2_inputs inputs = {
- .pass = (const uint8_t *)"Okay Password!", /* User password */
- .pass_size = 14, /* Password length */
- .salt = salt, /* Salt for the password */
+ .pass = password, /* User password */
+ .pass_size = sizeof(password), /* Password length */
+ .salt = salt, /* Salt for the password */
.salt_size = 16
};
crypto_argon2_extras extras = {0}; /* Extra parameters unused */
* Note the conversion to size_t.
* Without it we cannot allocate more than 4GiB.
*/
-void *work_area = malloc((size_t)nb_blocks * 1024);
+void *work_area = malloc((size_t)config.nb_blocks * 1024);
if (work_area == NULL) {
/* Handle malloc() failure */
/* Wipe secrets if they are no longer needed */
- crypto_wipe(password, password_size);
+ crypto_wipe(password, sizeof(password));
} else {
arc4random_buf(salt, 16);
- crypto_argon2i(hash, 32, work_area,
- config, inputs, extras);
+ crypto_argon2(hash, 32, work_area,
+ config, inputs, extras);
/* Wipe secrets if they are no longer needed */
- crypto_wipe(password, password_size);
+ crypto_wipe(password, sizeof(password));
free(work_area);
}
.Ed
Computing key derivation with BLAKE2b alone
(a little tedious indeed):
.Bd -literal -offset indent
+#define MIN(a, b) ((a) < (b) ? (a) : (b))
+
void b2kdf(uint8_t *okm, size_t okm_size, /* unlimited */
uint8_t *ikm, size_t ikm_size, /* unlimited */
uint8_t *salt, size_t salt_size, /* <= 64 bytes */
/* Extract */
uint8_t prk[64]; /* pseudo-random key */
crypto_sha512_hmac_ctx ctx;
-crypto_sha512_hmac_init (&ctx);
-crypto_sha512_hmac_update(&ctx, pk_a);
-crypto_sha512_hmac_update(&ctx, pk_b);
-crypto_sha512_hmac_update(&ctx, skab);
+crypto_sha512_hmac_init (&ctx, salt, sizeof(salt));
+crypto_sha512_hmac_update(&ctx, pk_a, sizeof(pk_a));
+crypto_sha512_hmac_update(&ctx, pk_b, sizeof(pk_b));
+crypto_sha512_hmac_update(&ctx, skab, sizeof(skab));
crypto_sha512_hmac_final (&ctx, prk);
/* Expand */
uint8_t your_pk [32]; /* Your public key */
uint8_t shared_secret[32]; /* Shared secret (NOT a key) */
arc4random_buf(your_sk, 32);
-crypto_x25512(your_pk, your_sk);
+crypto_x25519_public_key(your_pk, your_sk);
crypto_x25519(shared_secret, your_sk, their_pk);
/* Wipe secrets if they are no longer needed */
crypto_wipe(your_sk, 32);
uint8_t shared_keys[64]; /* Two shared session keys */
crypto_blake2b_ctx ctx;
-crypto_blake2b_init (&ctx);
+crypto_blake2b_init (&ctx, 64);
crypto_blake2b_update(&ctx, shared_secret, 32);
crypto_blake2b_update(&ctx, your_pk , 32);
crypto_blake2b_update(&ctx, their_pk , 32);
# <https://creativecommons.org/publicdomain/zero/1.0/>
cat << END
+#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
+#include <string.h>
#include "../src/monocypher.h"
#include "../src/optional/monocypher-ed25519.h"
-typedef struct SHA2_CTX { void *x; } SHA2_CTX;
-void SHA512Init(SHA2_CTX*);
-void SHA512Update(SHA2_CTX*, const void*, size_t);
-void SHA512Final(uint8_t*, SHA2_CTX*);
void arc4random_buf(void*, size_t);
-
int main() {
END
-for f in man/man3/*.3monocypher man/man3/optional/*.3monocypher
+for f in *.3monocypher
do
- # crypto_sign_init_first_pass_custom_hash examples are more complicated
- # and can't be tested like this
- if [ ! -h "$f" ] && [ "$f" != "man/man3/crypto_sign_init_first_pass_custom_hash.3monocypher" ]
+ if [ ! -h "$f" ]
then
echo "// $f"
cat "$f" | sed -n "/^\.Bd/,/^\.Ed/p" | sed "s/\.Bd.*/{/" | sed "s/\.Ed/}/"
projects / Monocypher.git / commitdiff