From 2af7fcf67a2d0db738d98394a3e805a0010b17c4 Mon Sep 17 00:00:00 2001 From: Loup Vaillant Date: Thu, 9 Feb 2017 22:56:10 +0100 Subject: [PATCH] test crypto_lock, changed arguments order --- ae.c | 54 ++++++++++++++++++++----------------------- ae.h | 48 ++++++++++++++++++--------------------- lock.c | 72 ++++++++++++++++++++++++++++++++++++++++------------------ lock.h | 41 +++++++++++++++++++++------------ test.c | 30 ++++++++++++++++++++---- 5 files changed, 149 insertions(+), 96 deletions(-) diff --git a/ae.c b/ae.c index 33d2731..95624d2 100644 --- a/ae.c +++ b/ae.c @@ -2,13 +2,12 @@ #include "chacha20.h" #include "poly1305.h" -void -crypto_ae_lock_detached(const uint8_t key[32], - const uint8_t nonce[24], - const uint8_t *plaintext, - uint8_t *ciphertext, - size_t text_size, - uint8_t mac[16]) +void crypto_ae_lock_detached(uint8_t mac[16], + uint8_t *ciphertext, + const uint8_t key[32], + const uint8_t nonce[24], + const uint8_t *plaintext, + size_t text_size) { crypto_chacha_ctx e_ctx; uint8_t auth_key[32]; @@ -19,13 +18,12 @@ crypto_ae_lock_detached(const uint8_t key[32], crypto_poly1305_auth(mac, ciphertext, text_size, auth_key); } -int -crypto_ae_unlock_detached(const uint8_t key[32], - const uint8_t nonce[24], - const uint8_t *ciphertext, - uint8_t *plaintext, - size_t text_size, - const uint8_t mac[16]) +int crypto_ae_unlock_detached(uint8_t *plaintext, + const uint8_t key[32], + const uint8_t nonce[24], + const uint8_t mac[16], + const uint8_t *ciphertext, + size_t text_size) { crypto_chacha_ctx e_ctx; uint8_t auth_key[32]; @@ -42,23 +40,21 @@ crypto_ae_unlock_detached(const uint8_t key[32], return 0; } -void -crypto_ae_lock(const uint8_t key[32], - const uint8_t nonce[24], - const uint8_t *plaintext, - size_t text_size, - uint8_t *box) +void crypto_ae_lock(uint8_t *box, + const uint8_t key[32], + const uint8_t nonce[24], + const uint8_t *plaintext, + size_t text_size) { - crypto_ae_lock_detached(key, nonce, plaintext, box + 16, text_size, box); + crypto_ae_lock_detached(box, box + 16, key, nonce, plaintext, text_size); } -int -crypto_ae_unlock(const uint8_t key[32], - const uint8_t nonce[24], - const uint8_t *box, - size_t text_size, - uint8_t *plaintext) +int crypto_ae_unlock(uint8_t *plaintext, + const uint8_t key[32], + const uint8_t nonce[24], + const uint8_t *box, + size_t text_size) { - return crypto_ae_unlock_detached(key, nonce, box + 16, - plaintext, text_size, box); + return crypto_ae_unlock_detached(plaintext, key, nonce, + box, box + 16, text_size); } diff --git a/ae.h b/ae.h index 8224824..9bd6fa2 100644 --- a/ae.h +++ b/ae.h @@ -6,40 +6,36 @@ // Authenticated encryption with XChacha20 and Poly1305. -void -crypto_ae_lock_detached(const uint8_t key[32], - const uint8_t nonce[24], - const uint8_t *plaintext, - uint8_t *ciphertext, - size_t text_size, - uint8_t mac[16]); +void crypto_ae_lock_detached(uint8_t mac[16], + uint8_t *ciphertext, + const uint8_t key[32], + const uint8_t nonce[24], + const uint8_t *plaintext, + size_t text_size); // Authenticated encryption with XChacha20 and Poly1305. // Returns -1 and has no effect if the message is forged. -int -crypto_ae_unlock_detached(const uint8_t key[32], - const uint8_t nonce[24], - const uint8_t *ciphertext, - uint8_t *plaintext, - size_t text_size, - const uint8_t mac[16]); +int crypto_ae_unlock_detached(uint8_t *plaintext, + const uint8_t key[32], + const uint8_t nonce[24], + const uint8_t mac[16], + const uint8_t *ciphertext, + size_t text_size); // Like the above, only puts the mac and the ciphertext together // in a "box", mac first -void -crypto_ae_lock(const uint8_t key[32], - const uint8_t nonce[24], - const uint8_t *plaintext, - size_t text_size, - uint8_t *box); // text_size + 16 +void crypto_ae_lock(uint8_t *box, // text_size + 16 + const uint8_t key[32], + const uint8_t nonce[24], + const uint8_t *plaintext, + size_t text_size); // Unlocks a box locked by aead_lock() -int -crypto_ae_unlock(const uint8_t key[32], - const uint8_t nonce[24], - const uint8_t *box, // text_size + 16 - size_t text_size, - uint8_t *plaintext); +int crypto_ae_unlock(uint8_t *plaintext, + const uint8_t key[32], + const uint8_t nonce[24], + const uint8_t *box, // text_size + 16 + size_t text_size); diff --git a/lock.c b/lock.c index 64220ae..bca01da 100644 --- a/lock.c +++ b/lock.c @@ -13,52 +13,80 @@ void crypto_lock_key(uint8_t shared_key[32], crypto_chacha20_H(shared_key, shared_secret, _0); } -void crypto_lock_detached(const uint8_t your_secret_key [32], +void crypto_lock_detached(uint8_t mac[16], + uint8_t *ciphertext, + const uint8_t your_secret_key [32], const uint8_t their_public_key[32], const uint8_t nonce[24], const uint8_t *plaintext, - uint8_t *ciphertext, - size_t text_size, - uint8_t mac[16]) + size_t text_size) { uint8_t shared_key[32]; crypto_lock_key(shared_key, your_secret_key, their_public_key); - crypto_ae_lock_detached(shared_key, nonce, plaintext, ciphertext, - text_size, mac); + crypto_ae_lock_detached(mac, ciphertext, + shared_key, nonce, + plaintext, text_size); } -int crypto_unlock_detached(const uint8_t your_secret_key [32], +int crypto_unlock_detached(uint8_t *plaintext, + const uint8_t your_secret_key [32], const uint8_t their_public_key[32], const uint8_t nonce[24], + const uint8_t mac[16], const uint8_t *ciphertext, - uint8_t *plaintext, - size_t text_size, - const uint8_t mac[16]) + size_t text_size) { uint8_t shared_key[32]; crypto_lock_key(shared_key, your_secret_key, their_public_key); - return crypto_ae_unlock_detached(shared_key, nonce, ciphertext, plaintext, - text_size, mac); + return crypto_ae_unlock_detached(plaintext, + shared_key, nonce, + mac, ciphertext, text_size); } -void crypto_lock(const uint8_t your_secret_key [32], +void crypto_lock(uint8_t *box, + const uint8_t your_secret_key [32], const uint8_t their_public_key[32], const uint8_t nonce[24], const uint8_t *plaintext, - size_t text_size, - uint8_t *box) + size_t text_size) { - crypto_lock_detached(your_secret_key, their_public_key, nonce, - plaintext, box + 16, text_size, box); + crypto_lock_detached(box, box + 16, + your_secret_key, their_public_key, nonce, + plaintext, text_size); } -int crypto_unlock(const uint8_t your_secret_key [32], +int crypto_unlock(uint8_t *plaintext, + const uint8_t your_secret_key [32], const uint8_t their_public_key[32], const uint8_t nonce[24], const uint8_t *box, - size_t text_size, - uint8_t *plaintext) + size_t text_size) +{ + return crypto_unlock_detached(plaintext, + your_secret_key, their_public_key, nonce, + box, box + 16, text_size); +} + +static const uint8_t null_nonce[24] = {}; + +void crypto_anonymous_lock(uint8_t *box, + const uint8_t random_secret_key[32], + const uint8_t their_public_key[32], + const uint8_t *plaintext, + size_t text_size) +{ + crypto_x25519_base(box, random_secret_key); // put public key in box + crypto_lock(box + 32, + random_secret_key, their_public_key, null_nonce, + plaintext, text_size); +} + +int crypto_anonymous_unlock(uint8_t *plaintext, + const uint8_t your_secret_key[32], + const uint8_t *box, + size_t text_size) { - return crypto_unlock_detached(your_secret_key, their_public_key, nonce, - box + 16, plaintext, text_size, box); + return crypto_unlock(plaintext, + your_secret_key, box, null_nonce, + box + 32, text_size); } diff --git a/lock.h b/lock.h index ae47eca..c1b3e87 100644 --- a/lock.h +++ b/lock.h @@ -11,40 +11,51 @@ void crypto_lock_key(uint8_t shared_key [32], const uint8_t their_public_key[32]); // Authenticated encryption with the sender's secret key and the recipient's -// publick key. The message leaks if one of the secret key gets compromised. -void crypto_lock_detached(const uint8_t your_secret_key [32], +// public key. The message leaks if one of the secret key gets compromised. +void crypto_lock_detached(uint8_t mac[16], + uint8_t *ciphertext, + const uint8_t your_secret_key [32], const uint8_t their_public_key[32], const uint8_t nonce[24], const uint8_t *plaintext, - uint8_t *ciphertext, - size_t text_size, - uint8_t mac[16]); + size_t text_size); // Authenticated decryption with the recipient's secret key, and the sender's // public key. Has no effect if the message is forged. -int crypto_unlock_detached(const uint8_t your_secret_key [32], +int crypto_unlock_detached(uint8_t *plaintext, + const uint8_t your_secret_key [32], const uint8_t their_public_key[32], const uint8_t nonce[24], + const uint8_t mac[16], const uint8_t *ciphertext, - uint8_t *plaintext, - size_t text_size, - const uint8_t mac[16]); + size_t text_size); // Like the above, only puts the mac and the ciphertext together // in a "box", mac first -void crypto_lock(const uint8_t your_secret_key [32], +void crypto_lock(uint8_t *box, + const uint8_t your_secret_key [32], const uint8_t their_public_key[32], const uint8_t nonce[24], const uint8_t *plaintext, - size_t text_size, - uint8_t *box); + size_t text_size); // Unlocks a box locked by crypto_lock() -int crypto_unlock(const uint8_t your_secret_key [32], +int crypto_unlock(uint8_t *plaintext, + const uint8_t your_secret_key [32], const uint8_t their_public_key[32], const uint8_t nonce[24], const uint8_t *box, - size_t text_size, - uint8_t *plaintext); + size_t text_size); + +void crypto_anonymous_lock(uint8_t *box, + const uint8_t random_secret_key[32], + const uint8_t their_public_key[32], + const uint8_t *plaintext, + size_t text_size); + +int crypto_anonymous_unlock(uint8_t *plaintext, + const uint8_t your_secret_key[32], + const uint8_t *box, + size_t text_size); #endif // LOCK_H diff --git a/test.c b/test.c index 3d72130..0dd7678 100644 --- a/test.c +++ b/test.c @@ -8,6 +8,7 @@ #include "poly1305.h" #include "argon2i.h" #include "ae.h" +#include "lock.h" #include "x25519.h" #include "ed25519.h" #include "sha512.h" @@ -340,15 +341,35 @@ static int test_ae() uint8_t box[24]; uint8_t out[8]; int status = 0; - crypto_ae_lock(key, nonce, plaintext, 8, box); // make true message - status |= crypto_ae_unlock(key, nonce, box, 8, out); // accept true message + crypto_ae_lock(box, key, nonce, plaintext, 8); // make true message + status |= crypto_ae_unlock(out, key, nonce, box, 8); // accept true message status |= memcmp(plaintext, out, 8); // roundtrip box[0]++; // make forgery - status |= !crypto_ae_unlock(key, nonce, box, 8, out); // reject forgery + status |= !crypto_ae_unlock(out, key, nonce, box, 8); // reject forgery printf("%s: authenticated encryption\n", status != 0 ? "FAILED" : "OK"); return status; } +static int test_lock() +{ + uint8_t rk[32] = { 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7, 0, + 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7, 0 }; + uint8_t sk[32] = { 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7, + 0, 1, 2, 3, 4, 5, 6, 7, 0, 1, 2, 3, 4, 5, 6, 7 }; + uint8_t pk[32]; crypto_x25519_base(pk, sk); + uint8_t plaintext[8] = { 0, 1, 2, 3, 4, 5, 6, 7 }; + uint8_t box[56]; + uint8_t out[8]; + int status = 0; + crypto_anonymous_lock(box, rk, pk, plaintext, 8); // make true message + status |= crypto_anonymous_unlock(out, sk, box, 8); // accept true message + status |= memcmp(plaintext, out, 8); // roundtrip + box[32]++; // make forgery + status |= !crypto_anonymous_unlock(out, sk, box, 8); // reject forgery + printf("%s: crypto_lock\n", status != 0 ? "FAILED" : "OK"); + return status; +} + int main(void) { int status = 0; @@ -360,9 +381,10 @@ int main(void) status |= test(argon2i , "vectors_argon2i" , 6); status |= test(x25519 , "vectors_x25519" , 2); status |= test(sha512 , "vectors_sha512" , 1); - status |= test_x25519(); status |= test(ed25519 , "vectors_ed25519" , 3); + status |= test_x25519(); status |= test_ae(); + status |= test_lock(); printf(status ? "TESTS FAILED\n" : "ALL TESTS OK\n"); return status; } -- 2.47.3