From: Loup Vaillant Date: Sun, 4 Dec 2022 16:32:55 +0000 (+0100) Subject: Remove deprecated crypto_key_exchange() X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=8ca818ac071ac92bf1f08031d953486dea62895c;p=Monocypher.git Remove deprecated crypto_key_exchange() --- diff --git a/src/monocypher.c b/src/monocypher.c index f248df2..e603b73 100644 --- a/src/monocypher.c +++ b/src/monocypher.c @@ -2395,8 +2395,8 @@ void crypto_from_eddsa_public(u8 x25519[32], const u8 eddsa[32]) // private key. Use only to generate ephemeral keys that will be hidden // with crypto_curve_to_hidden(). // -// The public key is otherwise compatible with crypto_x25519() and -// crypto_key_exchange() (those properly clear the cofactor). +// The public key is otherwise compatible with crypto_x25519(), which +// properly clears the cofactor. // // Note that the distribution of the resulting public keys is almost // uniform. Flipping the sign of the v coordinate (not provided by this @@ -2749,17 +2749,6 @@ void crypto_hidden_key_pair(u8 hidden[32], u8 secret_key[32], u8 seed[32]) WIPE_BUFFER(pk); } -//////////////////// -/// Key exchange /// -//////////////////// -void crypto_key_exchange(u8 shared_key[32], - const u8 your_secret_key [32], - const u8 their_public_key[32]) -{ - crypto_x25519(shared_key, your_secret_key, their_public_key); - crypto_hchacha20(shared_key, shared_key, zero); -} - /////////////////////// /// Scalar division /// /////////////////////// diff --git a/src/monocypher.h b/src/monocypher.h index 2bfee26..a10fe38 100644 --- a/src/monocypher.h +++ b/src/monocypher.h @@ -172,13 +172,17 @@ void crypto_argon2i_general(uint8_t *hash, uint32_t hash_size,// >= 4 const uint8_t *key, uint32_t key_size, const uint8_t *ad, uint32_t ad_size); +// Key exchange (X-25519) +// ---------------------- + +// Shared secrets are not quite random. +// Hash them to derive an actual shared key. +void crypto_x25519_public_key(uint8_t public_key[32], + const uint8_t secret_key[32]); +void crypto_x25519(uint8_t raw_shared_secret[32], + const uint8_t your_secret_key [32], + const uint8_t their_public_key [32]); -// Key exchange (x25519 + HChacha20) -// --------------------------------- -#define crypto_key_exchange_public_key crypto_x25519_public_key -void crypto_key_exchange(uint8_t shared_key [32], - const uint8_t your_secret_key [32], - const uint8_t their_public_key[32]); // Signatures (EdDSA with curve25519 + BLAKE2b) @@ -263,16 +267,8 @@ void crypto_poly1305_update(crypto_poly1305_ctx *ctx, void crypto_poly1305_final (crypto_poly1305_ctx *ctx, uint8_t mac[16]); -// X-25519 -// ------- - -// Shared secrets are not quite random. -// Hash them to derive an actual shared key. -void crypto_x25519_public_key(uint8_t public_key[32], - const uint8_t secret_key[32]); -void crypto_x25519(uint8_t raw_shared_secret[32], - const uint8_t your_secret_key [32], - const uint8_t their_public_key [32]); +// X-25519 extras +// -------------- // "Dirty" versions of x25519_public_key() // Only use to generate ephemeral keys you want to hide. @@ -287,8 +283,8 @@ void crypto_x25519_inverse(uint8_t blind_salt [32], const uint8_t private_key[32], const uint8_t curve_point[32]); -// EdDSA -// ----- +// EdDSA building blocks +// --------------------- void crypto_eddsa_trim_scalar(uint8_t out[32], const uint8_t in[32]); void crypto_eddsa_reduce(uint8_t reduced[32], const uint8_t expanded[64]); void crypto_eddsa_mul_add(uint8_t r[32], diff --git a/tests/gen/makefile b/tests/gen/makefile index 685d2ea..801f596 100644 --- a/tests/gen/makefile +++ b/tests/gen/makefile @@ -54,10 +54,10 @@ CFLAGS = -pedantic -Wall -Wextra .PHONY: all clean -VEC = chacha20 hchacha20 xchacha20 ietf_chacha20 aead_ietf \ - poly1305 blake2b sha512 hmac_sha512 argon2i \ - edDSA edDSA_pk ed_25519 ed_25519_pk ed_25519_check \ - x25519 x25519_pk key_exchange elligator_inv elligator_dir +VEC = chacha20 hchacha20 xchacha20 ietf_chacha20 aead_ietf \ + poly1305 blake2b sha512 hmac_sha512 argon2i \ + edDSA edDSA_pk ed_25519 ed_25519_pk ed_25519_check \ + x25519 x25519_pk elligator_inv elligator_dir VEC2 = $(patsubst %, %.all.vec, $(VEC)) HEADERS = $(patsubst %, %.h.vec , $(VEC)) VECTORS = ../vectors.h @@ -122,7 +122,6 @@ edDSA_pk.all.vec : edDSA_pk.vec ed_25519.all.vec : ed_25519.vec ed_25519_pk.all.vec : ed_25519_pk.vec ed_25519_check.all.vec: vectors/ed_25519_check -key_exchange.all.vec : vectors/key_exchange elligator_dir.all.vec : elligator_dir.vec vectors/elligator_dir elligator_inv.all.vec : elligator_inv.vec vectors/elligator_inv $(VEC2): diff --git a/tests/gen/vectors/key_exchange b/tests/gen/vectors/key_exchange deleted file mode 100644 index 8a3f5b2..0000000 --- a/tests/gen/vectors/key_exchange +++ /dev/null @@ -1,19 +0,0 @@ -a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4: -e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c: -c7328db7e9756741bf3eb4f082c5bc57c58c77a5be31df0a02340cf235f81828: - -4b66e9d4d1b4673c5ad22691957d6af5c11b6421e0ea01d42ca4169e7918ba0d: -e5210f12786811d3f4b7959d0538ae2c31dbe7106fc03c3efc4cd549c715a493: -85041b68835411fbec93a848d3f97816c28b4a778f8e4793bb6b68b8573cbe2d: - -77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a: -de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f: -8e47ca376bdc7e59d2ced8107ceb2c27f4a80e8575f996baffb1a869ffcd5179: - -5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb: -8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a: -8e47ca376bdc7e59d2ced8107ceb2c27f4a80e8575f996baffb1a869ffcd5179: - -0900000000000000000000000000000000000000000000000000000000000000: -0900000000000000000000000000000000000000000000000000000000000000: -a60c2a7a4be7a39b1208f7cb7305c0caa711174f425d932b86b201896251f452: diff --git a/tests/test.c b/tests/test.c index 0304e8b..e16530b 100644 --- a/tests/test.c +++ b/tests/test.c @@ -200,14 +200,6 @@ static void x25519_pk(vector_reader *reader) crypto_x25519_public_key(out.buf, in.buf); } -static void key_exchange(vector_reader *reader) -{ - vector secret_key = next_input(reader); - vector public_key = next_input(reader); - vector out = next_output(reader); - crypto_key_exchange(out.buf, secret_key.buf, public_key.buf); -} - static void edDSA(vector_reader *reader) { vector secret_k = next_input(reader); @@ -747,25 +739,6 @@ static int p_x25519_overlap() return status; } -// Tests that the shared key and secret key buffers of -// crypto_key_exchange can overlap. -static int p_key_exchange_overlap() -{ - int status = 0; - FOR (i, 0, 62) { - u8 overlapping[94]; - u8 separate[32]; - RANDOM_INPUT(sk, 32); - RANDOM_INPUT(pk, 32); - memcpy(overlapping + 31, sk, 32); - crypto_key_exchange(overlapping + i, overlapping + 31, pk); - crypto_key_exchange(separate, sk, pk); - status |= memcmp(separate, overlapping + i, 32); - } - printf("%s: key_exchange (overlapping i/o)\n", status != 0 ? "FAILED":"OK"); - return status; -} - static int p_eddsa_roundtrip() { #define MESSAGE_SIZE 30 @@ -1149,7 +1122,6 @@ int main(int argc, char *argv[]) status |= TEST(argon2i); status |= TEST(x25519); status |= TEST(x25519_pk); - status |= TEST(key_exchange); status |= TEST(edDSA); status |= TEST(edDSA_pk); status |= TEST(ed_25519); @@ -1178,7 +1150,6 @@ int main(int argc, char *argv[]) status |= p_argon2i_easy(); status |= p_argon2i_overlap(); status |= p_x25519_overlap(); - status |= p_key_exchange_overlap(); status |= p_eddsa_roundtrip(); status |= p_eddsa_random(); status |= p_eddsa_overlap(); diff --git a/tests/tis-ci-vectors.h b/tests/tis-ci-vectors.h index 04f5a10..3ba12b0 100644 --- a/tests/tis-ci-vectors.h +++ b/tests/tis-ci-vectors.h @@ -390,12 +390,12 @@ static const char *ed_25519_check_vectors[]={ "ff", }; static size_t nb_ed_25519_check_vectors=12; -static const char *key_exchange_vectors[]={ - "77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a", - "de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f", - "8e47ca376bdc7e59d2ced8107ceb2c27f4a80e8575f996baffb1a869ffcd5179", +static const char *x25519_vectors[]={ + "e4e4c4054fe35a75d9c0f679ad8770d8227e68e4c1e68ce67ee88e6be251a207", + "6531e5010ab797ec0dc3c7038a94cbfcbb8ff1d1aad061b802b3c3232a42b352", + "600e94ef1d60878dd40c330704b7648bdd32901bbfdbdef0e59e600229384642", }; -static size_t nb_key_exchange_vectors=3; +static size_t nb_x25519_vectors=3; static const char *elligator_inv_vectors[]={ "2920d46f2f37b04d00ff73df4115fda3876810c2144e94a7e6d0c09290ff7359", "d5", diff --git a/tests/tis-ci.c b/tests/tis-ci.c index c936b1b..0fb8e29 100644 --- a/tests/tis-ci.c +++ b/tests/tis-ci.c @@ -177,12 +177,12 @@ static void argon2i(vector_reader *reader) free(work_area); } -static void key_exchange(vector_reader *reader) +static void x25519(vector_reader *reader) { - vector secret_key = next_input(reader); - vector public_key = next_input(reader); - vector out = next_output(reader); - crypto_key_exchange(out.buf, secret_key.buf, public_key.buf); + vector scalar = next_input(reader); + vector point = next_input(reader); + vector out = next_output(reader); + crypto_x25519(out.buf, scalar.buf, point.buf); } static void edDSA(vector_reader *reader) @@ -390,7 +390,7 @@ TEST(hmac_sha512) //@ ensures \result == 0; TEST(argon2i) //@ ensures \result == 0; -TEST(key_exchange) +TEST(x25519) //@ ensures \result == 0; TEST(edDSA) //@ ensures \result == 0; @@ -415,7 +415,7 @@ int main(void) { status |= v_sha512 (); status |= v_hmac_sha512 (); status |= v_argon2i (); - status |= v_key_exchange (); + status |= v_x25519 (); status |= v_edDSA (); status |= v_ed_25519 (); status |= v_ed_25519_check();