.Nd Elliptic Curve Diffie-Hellman key exchange
.Sh SYNOPSIS
.In monocypher.h
-.Ft int
+.Ft void
.Fo crypto_key_exchange
.Fa "uint8_t shared_key[32]"
.Fa "const uint8_t your_secret_key[32]"
.Fn crypto_key_exchange_public_key .
.El
.Sh RETURN VALUES
-Some public keys force the shared key to a known constant.
.Fn crypto_key_exchange
-returns -1 if it detects such a public key, otherwise it returns 0.
-This never happens with legitimate public keys.
+and
+.Fn crypto_key_exchange_public_key
+return nothing.
.Pp
-.Sy The return value has been deprecated .
-.Fn crypto_key_exchange
-will return
-.Vt void
-starting with the next major release of Monocypher.
Some poorly designed protocols require to test for
.Dq contributory
behaviour, which ensures that no untrusted party forces the shared
Protocols should instead be designed in such a way that no such check
is necessary, namely by authenticating the other party or exchanging
keys over a trusted channel.
-.Pp
-.Fn crypto_key_exchange_public_key
-returns nothing.
.Sh EXAMPLES
Generate a public key from a randomly generated secret key:
.Bd -literal -offset indent
.Nd X25519 key exchange
.Sh SYNOPSIS
.In monocypher.h
-.Ft int
+.Ft void
.Fo crypto_x25519
.Fa "uint8_t raw_shared_secret[32]"
.Fa "const uint8_t your_secret_key[32]"
The public key of the other party.
.El
.Sh RETURN VALUES
-Some public keys force the shared key to a known constant.
-.Fn crypto_x225519
-returns -1 if it detects such a public key, otherwise it
-returns 0.
-This never happens with legitimate public keys.
-.Pp
-.Sy The return value has been deprecated .
.Fn crypto_x25519
-will return
-.Vt void
-starting with the next major release of Monocypher.
+and
+.Fn crypto_x25519_public_key
+return nothing.
+.Pp
Some poorly designed protocols require to test for
.Dq contributory
behaviour, which ensures that no untrusted party forces the shared
Protocols should instead be designed in such a way that no such check
is necessary, namely by authenticating the other party or exchanging
keys over a trusted channel.
-.Pp
-.Fn crypto_x25519_public_key
-returns nothing.
.Sh EXAMPLES
Generate a pair of shared keys with your secret key and their public
key.
/// X-25519 /// Taken from SUPERCOP's ref10 implementation.
///////////////
-int crypto_x25519(u8 raw_shared_secret[32],
- const u8 your_secret_key [32],
- const u8 their_public_key [32])
+void crypto_x25519(u8 raw_shared_secret[32],
+ const u8 your_secret_key [32],
+ const u8 their_public_key [32])
{
// computes the scalar product
fe x1;
WIPE_BUFFER(x2); WIPE_BUFFER(z2);
WIPE_BUFFER(x3); WIPE_BUFFER(z3);
WIPE_BUFFER(t0); WIPE_BUFFER(t1);
-
- // Returns -1 if the output is all zero
- // (happens with some malicious public keys)
- return -1 - zerocmp32(raw_shared_secret);
}
void crypto_x25519_public_key(u8 public_key[32],
////////////////////
/// Key exchange ///
////////////////////
-int crypto_key_exchange(u8 shared_key[32],
- const u8 your_secret_key [32],
- const u8 their_public_key[32])
+void crypto_key_exchange(u8 shared_key[32],
+ const u8 your_secret_key [32],
+ const u8 their_public_key[32])
{
- int status = crypto_x25519(shared_key, your_secret_key, their_public_key);
+ crypto_x25519(shared_key, your_secret_key, their_public_key);
crypto_hchacha20(shared_key, shared_key, zero);
- return status;
}
////////////////////////////////
// Key exchange (x25519 + HChacha20)
// ---------------------------------
#define crypto_key_exchange_public_key crypto_x25519_public_key
-int crypto_key_exchange(uint8_t shared_key [32],
- const uint8_t your_secret_key [32],
- const uint8_t their_public_key[32]);
+void crypto_key_exchange(uint8_t shared_key [32],
+ const uint8_t your_secret_key [32],
+ const uint8_t their_public_key[32]);
// Signatures (EdDSA with curve25519 + Blake2b)
// -------
void crypto_x25519_public_key(uint8_t public_key[32],
const uint8_t secret_key[32]);
-int crypto_x25519(uint8_t raw_shared_secret[32],
- const uint8_t your_secret_key [32],
- const uint8_t their_public_key [32]);
+void crypto_x25519(uint8_t raw_shared_secret[32],
+ const uint8_t your_secret_key [32],
+ const uint8_t their_public_key [32]);
#endif // MONOCYPHER_H
{
const vector *scalar = in;
const vector *point = in + 1;
- int report = crypto_x25519(out->buf, scalar->buf, point->buf);
- int not_zero = zerocmp(out->buf, out->size);
- if ( not_zero && report) printf("FAILURE: x25519 false all_zero report\n");
- if (!not_zero && !report) printf("FAILURE: x25519 failed to report zero\n");
+ crypto_x25519(out->buf, scalar->buf, point->buf);
}
static void x25519_pk(const vector in[], vector *out)
return buf;
}
-int zerocmp(const u8 *p, size_t n)
-{
- FOR (i, 0, n) {
- if (p[i] != 0) { return -1; }
- }
- return 0;
-}
-
int vector_test(void (*f)(const vector[], vector*),
const char *name, size_t nb_inputs,
size_t nb_vectors, u8 **vectors, size_t *sizes)
void print_number(u64 n);
void* alloc(size_t size);
-int zerocmp(const u8 *p, size_t n);
-
int vector_test(void (*f)(const vector[], vector*),
const char *name, size_t nb_inputs,
size_t nb_vectors, u8 **vectors, size_t *sizes);
projects / Monocypher.git / commitdiff