1 #include <string.h>
2
3 #include "crypto_box_curve25519xsalsa20poly1305.h"
4 #include "crypto_core_hsalsa20.h"
5 #include "crypto_hash_sha512.h"
6 #include "crypto_scalarmult_curve25519.h"
7 #include "crypto_secretbox_xsalsa20poly1305.h"
8 #include "randombytes.h"
9 #include "utils.h"
10
11 int
crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char * pk,unsigned char * sk,const unsigned char * seed)12 crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk,
13 unsigned char *sk,
14 const unsigned char *seed)
15 {
16 unsigned char hash[64];
17
18 crypto_hash_sha512(hash, seed, 32);
19 memcpy(sk, hash, 32);
20 sodium_memzero(hash, sizeof hash);
21
22 return crypto_scalarmult_curve25519_base(pk, sk);
23 }
24
25 int
crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char * pk,unsigned char * sk)26 crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk,
27 unsigned char *sk)
28 {
29 randombytes_buf(sk, 32);
30
31 return crypto_scalarmult_curve25519_base(pk, sk);
32 }
33
34 int
crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char * k,const unsigned char * pk,const unsigned char * sk)35 crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k,
36 const unsigned char *pk,
37 const unsigned char *sk)
38 {
39 static const unsigned char zero[16] = { 0 };
40 unsigned char s[32];
41
42 if (crypto_scalarmult_curve25519(s, sk, pk) != 0) {
43 return -1;
44 }
45 return crypto_core_hsalsa20(k, zero, s, NULL);
46 }
47
48 int
crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char * c,const unsigned char * m,unsigned long long mlen,const unsigned char * n,const unsigned char * k)49 crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c,
50 const unsigned char *m,
51 unsigned long long mlen,
52 const unsigned char *n,
53 const unsigned char *k)
54 {
55 return crypto_secretbox_xsalsa20poly1305(c, m, mlen, n, k);
56 }
57
58 int
crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char * m,const unsigned char * c,unsigned long long clen,const unsigned char * n,const unsigned char * k)59 crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m,
60 const unsigned char *c,
61 unsigned long long clen,
62 const unsigned char *n,
63 const unsigned char *k)
64 {
65 return crypto_secretbox_xsalsa20poly1305_open(m, c, clen, n, k);
66 }
67
68 int
crypto_box_curve25519xsalsa20poly1305(unsigned char * c,const unsigned char * m,unsigned long long mlen,const unsigned char * n,const unsigned char * pk,const unsigned char * sk)69 crypto_box_curve25519xsalsa20poly1305(unsigned char *c, const unsigned char *m,
70 unsigned long long mlen,
71 const unsigned char *n,
72 const unsigned char *pk,
73 const unsigned char *sk)
74 {
75 unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
76 int ret;
77
78 if (crypto_box_curve25519xsalsa20poly1305_beforenm(k, pk, sk) != 0) {
79 return -1;
80 }
81 ret = crypto_box_curve25519xsalsa20poly1305_afternm(c, m, mlen, n, k);
82 sodium_memzero(k, sizeof k);
83
84 return ret;
85 }
86
87 int
crypto_box_curve25519xsalsa20poly1305_open(unsigned char * m,const unsigned char * c,unsigned long long clen,const unsigned char * n,const unsigned char * pk,const unsigned char * sk)88 crypto_box_curve25519xsalsa20poly1305_open(
89 unsigned char *m, const unsigned char *c, unsigned long long clen,
90 const unsigned char *n, const unsigned char *pk, const unsigned char *sk)
91 {
92 unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
93 int ret;
94
95 if (crypto_box_curve25519xsalsa20poly1305_beforenm(k, pk, sk) != 0) {
96 return -1;
97 }
98 ret = crypto_box_curve25519xsalsa20poly1305_open_afternm(m, c, clen, n, k);
99 sodium_memzero(k, sizeof k);
100
101 return ret;
102 }
103
104 size_t
crypto_box_curve25519xsalsa20poly1305_seedbytes(void)105 crypto_box_curve25519xsalsa20poly1305_seedbytes(void)
106 {
107 return crypto_box_curve25519xsalsa20poly1305_SEEDBYTES;
108 }
109
110 size_t
crypto_box_curve25519xsalsa20poly1305_publickeybytes(void)111 crypto_box_curve25519xsalsa20poly1305_publickeybytes(void)
112 {
113 return crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES;
114 }
115
116 size_t
crypto_box_curve25519xsalsa20poly1305_secretkeybytes(void)117 crypto_box_curve25519xsalsa20poly1305_secretkeybytes(void)
118 {
119 return crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES;
120 }
121
122 size_t
crypto_box_curve25519xsalsa20poly1305_beforenmbytes(void)123 crypto_box_curve25519xsalsa20poly1305_beforenmbytes(void)
124 {
125 return crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES;
126 }
127
128 size_t
crypto_box_curve25519xsalsa20poly1305_noncebytes(void)129 crypto_box_curve25519xsalsa20poly1305_noncebytes(void)
130 {
131 return crypto_box_curve25519xsalsa20poly1305_NONCEBYTES;
132 }
133
134 size_t
crypto_box_curve25519xsalsa20poly1305_zerobytes(void)135 crypto_box_curve25519xsalsa20poly1305_zerobytes(void)
136 {
137 return crypto_box_curve25519xsalsa20poly1305_ZEROBYTES;
138 }
139
140 size_t
crypto_box_curve25519xsalsa20poly1305_boxzerobytes(void)141 crypto_box_curve25519xsalsa20poly1305_boxzerobytes(void)
142 {
143 return crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES;
144 }
145
146 size_t
crypto_box_curve25519xsalsa20poly1305_macbytes(void)147 crypto_box_curve25519xsalsa20poly1305_macbytes(void)
148 {
149 return crypto_box_curve25519xsalsa20poly1305_MACBYTES;
150 }
151
152 size_t
crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void)153 crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void)
154 {
155 return crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX;
156 }
157