Tcl Nano: Changes On Branch monocypher

Changes In Branch monocypher Excluding Merge-Ins

This is equivalent to a diff from 542443e166 to e61a5fb78c

2019-01-11
16:45		Integrated monocypher changes check-in: eb79ca52ec user: rkeene tags: trunk
16:45		Many unrelated changes check-in: 5db79120e2 user: rkeene tags: trunk
16:43		Use Tcl for free() and malloc() within argon2 Closed-Leaf check-in: e61a5fb78c user: rkeene tags: monocypher
16:08		Removed all heap-based memory allocations since they can be done on the stack now that they are constant sized check-in: 567d112dc6 user: rkeene tags: monocypher
2019-01-10
08:41		Started switching to monocypher check-in: 1dbc43abc9 user: rkeene tags: monocypher
2018-12-09
22:11		Removed extra auto_paths check-in: 542443e166 user: rkeene tags: trunk
22:10		Added an RPC client REPL check-in: e9fd1f6094 user: rkeene tags: trunk

Modified .fossil-settings/ignore-glob from [f9b9628d3b] to [e8ee0fb684].

Modified Makefile.in from [9775c9b8f5] to [a0a59daca8].

Modified autogen.sh from [50eb64ee31] to [5177f2c1f8].

Added build/argon2/Makefile version [2c770458fb].

Added build/argon2/monocypher-blake2b.h version [1b9e334905].

Added build/argon2/src/argon2.c version [f1814855c1].

Added build/argon2/src/argon2.h version [0188db9d46].

Added build/argon2/src/blake2b.c version [7813c84d03].

Added build/argon2/src/blamka-round-ref.h version [20d8f57b67].

Added build/argon2/src/core.c version [9358844f3b].

Added build/argon2/src/core.h version [a78495db9e].

Added build/argon2/src/encoding.c version [0ca1845e0f].

Added build/argon2/src/encoding.h version [fd81495ccf].

Added build/argon2/src/ref.c version [4805673d20].

Deleted build/blake2b/Makefile version [43ab4a38f2].

Deleted build/blake2b/blake2-nacl.c version [41e5cf5dd8].

Deleted build/blake2b/blake2-nacl.h version [25d1438790].

Deleted build/blake2b/src/blake2-impl.h version [d0bfa55cf5].

Deleted build/blake2b/src/blake2.h version [69e1232ee2].

Deleted build/blake2b/src/blake2b-ref.c version [297ab9afc5].

Deleted build/tweetnacl/Makefile version [8da3d99efa].

Deleted build/tweetnacl/patches/tweetnacl-derivepubkey.diff version [13b5ea391c].

Deleted build/tweetnacl/patches/tweetnacl-ed25519blake2b.diff version [df305f7e81].

Deleted build/tweetnacl/src/tweetnacl.c version [4925273a99].

Deleted build/tweetnacl/src/tweetnacl.h version [62a2504e0d].

Modified nano.c from [6d823f4967] to [d9395b5407].

Added vendor/aes/aes.c version [3eb739bb6b].

Added vendor/aes/aes.h version [056c815e5c].

Added vendor/aes/version version [29983c671d].

Added vendor/monocypher/monocypher.c version [4ad4b5fa29].

Added vendor/monocypher/monocypher.h version [a867570941].

Added vendor/monocypher/version version [e41df87aa4].






1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 ~~25 26~~ 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 ~~52 53~~ 54 ~~55 56~~ 57 58 59 60 61 62 63	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71	+ + + + + - + - - + + - + - + - + - + - - + + + + - - + + +	monocypher_dir := @srcdir@/vendor/monocypher/ argon2_dir := @srcdir@/vendor/argon2/ aes_dir := @srcdir@/vendor/aes/ aes_cppflags := -DAES256=1 -DCTR=1 -DCBC=0 -DECB=0 CC := @CC@ AR := @AR@ RANLIB := @RANLIB@ CFLAGS := @CFLAGS@ @SHOBJFLAGS@ ~~CPPFLAGS := -I. -I@srcdir@ -I~~@src~~dir~~@/tweetnacl/~~ -I~~@src~~dir~~@/b~~la~~ke2b/ -DNACL_ED25519_BLAKE2B=1~~ @CPPFLAGS@ @SHOBJCPPFLAGS@ @DEFS@ @TCL_DEFS@~~ CPPFLAGS := -I. -I@srcdir@ -I$(monocypher_dir) -I$(argon2_dir) -I$(aes_dir) $(aes_cppflags) @CPPFLAGS@ @SHOBJCPPFLAGS@ @DEFS@ @TCL_DEFS@ LDFLAGS := @LDFLAGS@ LIBS := @LIBS@ SHOBJLDFLAGS := @SHOBJLDFLAGS@ VPATH := @srcdir@ srcdir := @srcdir@ prefix := @prefix@ exec_prefix := @exec_prefix@ libdir := @libdir@ PACKAGE_VERSION := @PACKAGE_VERSION@ TCL_PACKAGE_PATH := @TCL_PACKAGE_PATH@ PACKAGE_INSTALL_DIR := $(TCL_PACKAGE_PATH)/tcl-nano$(PACKAGE_VERSION) INSTALL := @INSTALL@ INSTALL_PROGRAM := @INSTALL_PROGRAM@ INSTALL_DATA := @INSTALL_DATA@ export CC CFLAGS CPPFLAGS all: @EXTENSION_TARGET@ pkgIndex.tcl ifeq (@TCLEXT_BUILD@,shared) @EXTENSION_TARGET@: twe~~etnacl~~.o bla~~ke2b~~.o randombytes.o nano.o Makefile $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(SHOBJLDFLAGS) -o @EXTENSION_TARGET@ nano.o randombytes.o twe~~etnacl~~.o bla~~ke2b~~.o $(LIBS) @EXTENSION_TARGET@: monocypher.o argon2.o aes.o randombytes.o nano.o Makefile $(CC) $(CPPFLAGS) $(CFLAGS) $(LDFLAGS) $(SHOBJLDFLAGS) -o @EXTENSION_TARGET@ nano.o randombytes.o monocypher.o argon2.o aes.o $(LIBS) -@WEAKENSYMS@ @EXTENSION_TARGET@ -@REMOVESYMS@ @EXTENSION_TARGET@ else @EXTENSION_TARGET@: nano-amalgamation.o Makefile -@WEAKENSYMS@ nano-amalgamation.o -@REMOVESYMS@ nano-amalgamation.o $(AR) rc @EXTENSION_TARGET@ nano-amalgamation.o -$(RANLIB) @EXTENSION_TARGET@ endif # The amalgamation is used when compiling statically so that the same ABI can be exposed # to upstream projects rather than requiring them to filter out our symbols ~~nano-amalgamation.c: @srcdir@/nano.c @srcdir@/randombytes.c ~~@src~~dir~~@/tw~~e~~etnacl/tweetnacl~~.c ~~@src~~dir~~@/bl~~ake~~2b/blake2b~~.c Makefile~~ nano-amalgamation.c: @srcdir@/nano.c @srcdir@/randombytes.c $(monocypher_dir)monocypher.c $(argon2_dir)argon2.c $(aes_dir)aes.c Makefile rm -f nano-amalgamation.c ~~cat @srcdir@/nano.c @srcdir@/randombytes.c ~~@src~~dir~~@/tw~~e~~etnacl/tweetnacl~~.c ~~@src~~dir~~@/bl~~ake~~2b/blake2b~~.c > nano-amalgamation.c~~ cat @srcdir@/nano.c @srcdir@/randombytes.c $(monocypher_dir)monocypher.c $(argon2_dir)argon2.c $(aes_dir)aes.c > nano-amalgamation.c ~~nano-amalgamation.o: nano-amalgamation.c ~~@src~~dir~~@/tw~~e~~etnacl/tweetnacl~~.h ~~@src~~dir~~@/bl~~a~~ke2b/blake2~~.h @srcdir@/randombytes.h nano.tc~~l.h @srcdir@/blake2b/blake2-imp~~l.h Makefile~~ nano-amalgamation.o: nano-amalgamation.c $(monocypher_dir)monocypher.h $(argon2_dir)argon2.h $(aes_dir)aes.h @srcdir@/randombytes.h nano.tcl.h Makefile $(CC) $(CPPFLAGS) $(CFLAGS) -o nano-amalgamation.o -c nano-amalgamation.c ~~nano.o: @srcdir@/nano.c ~~@src~~dir~~@/tw~~e~~etnacl/tweetnacl~~.h ~~@src~~dir~~@/bl~~ake~~2b/blake2~~.h @srcdir@/randombytes.h nano.tcl.h Makefile~~ nano.o: @srcdir@/nano.c $(monocypher_dir)monocypher.h $(argon2_dir)argon2.h $(aes_dir)aes.h @srcdir@/randombytes.h nano.tcl.h Makefile $(CC) $(CPPFLAGS) $(CFLAGS) -o nano.o -c @srcdir@/nano.c randombytes.o: @srcdir@/randombytes.c @srcdir@/randombytes.h $(CC) $(CPPFLAGS) $(CFLAGS) -o randombytes.o -c @srcdir@/randombytes.c ~~~~tweetnacl~~.o: ~~@src~~dir~~@/tw~~e~~etnacl/tweetnacl~~.c ~~@src~~dir~~@/tw~~e~~etnacl/tweetnacl~~.h $(CC) $(CPPFLAGS) $(CFLAGS) -o twe~~etnacl~~.o -c ~~@src~~dir~~@/tw~~e~~etnacl/tweetnacl~~.c~~ monocypher.o: $(monocypher_dir)monocypher.c $(monocypher_dir)monocypher.h $(CC) $(CPPFLAGS) $(CFLAGS) -o monocypher.o -c $(monocypher_dir)monocypher.c argon2.o: $(argon2_dir)argon2.c $(argon2_dir)argon2.h $(monocypher_dir)monocypher.h $(CC) $(CPPFLAGS) $(CFLAGS) -o argon2.o -c $(argon2_dir)argon2.c ~~~~blake2b.o: @srcdir@/blake2b/blake2b.c @srcdir@/blake2b/blake2.h @srcdir@/blake2b/blake2-impl.h~~ $(CC) $(CPPFLAGS) $(CFLAGS) -o ~~blake2b~~.o -c ~~@src~~dir~~@/blake2b/blake2b~~.c~~ aes.o: $(aes_dir)aes.c $(aes_dir)aes.h $(CC) $(CPPFLAGS) $(CFLAGS) -o aes.o -c $(aes_dir)aes.c pkgIndex.tcl: pkgIndex.tcl-@TCLEXT_BUILD@ cp pkgIndex.tcl-@TCLEXT_BUILD@ pkgIndex.tcl nano.tcl.h: @srcdir@/nano.tcl Makefile od -A n -v -t xC < '@srcdir@/nano.tcl' > nano.tcl.h.new.1 sed 's@ *@@g;s@..@0x&, @g' < nano.tcl.h.new.1 > nano.tcl.h.new.2
︙
81 82 83 84 85 86 87 ~~88 89 90~~ 91 92 93 94 95 96 97 98 99 100 101 102 ~~103~~ ~~104 105~~ 106 107	89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114	- - - + + + - + - - +	$(INSTALL_PROGRAM) @EXTENSION_TARGET@ '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' $(INSTALL_DATA) pkgIndex.tcl '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' $(INSTALL_DATA) @srcdir@/nano.man '$(DESTDIR)$(PACKAGE_INSTALL_DIR)' clean: rm -f nano-amalgamation.c nano-amalgamation.o rm -f @EXTENSION_TARGET@ nano.o nano.gcda nano.gcno ~~rm -f bla~~ke2b~~.o twee~~tnacl~~.o randombytes.o rm -f bla~~ke2b~~.gcda twee~~tnacl~~.gcda randombytes.gcda rm -f bla~~ke2b~~.gcno twee~~tnacl~~.gcno randombytes.gcno~~ rm -f argon2.o monocypher.o aes.o randombytes.o rm -f argon2.gcda monocypher.gcda aes.gcda randombytes.gcda rm -f argon2.gcno monocypher.gcno aes.gcno randombytes.gcno rm -f nano-coverage.info distclean: clean rm -f Makefile pkgIndex.tcl-shared pkgIndex.tcl-static nano.syms rm -f pkgIndex.tcl rm -f config.log config.status rm -f nano.tcl.h nano.tcl.h.new.1 nano.tcl.h.new.2 rm -rf coverage.dir mrproper: distclean rm -f @srcdir@/configure @srcdir@/aclocal.m4 @srcdir@/config.guess @srcdir@/config.sub @srcdir@/install-sh rm -f @srcdir@/nano.vers ~~rm -rf ~~@src~~dir~~@/tweetnacl @srcdir@/blake2b~~~~ rm -rf '$(argon2_dir)' ~~~~$(MAKE) -C @srcdir@/build/tweetnacl distclean~~ $(MAKE) -C @srcdir@/build/bla~~ke2b~~ distclean~~ $(MAKE) -C @srcdir@/build/argon2 distclean .PHONY: all test clean distclean mrproper




1 2 3 4 5 6 7 8 9 10 11 ~~12 13~~ 14 ~~15 16~~ 17 18 19 20 21 22 23 24 25 26 27 28	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35	+ + + + - - + + - - + + - + + + +	/* XXX:TODO: OpenMP support is currently incomplete / #undef NANO_TCL_HAVE_OPENMP #include <stdint.h> #include <limits.h> #include <string.h> #include <stdlib.h> #include <unistd.h> #include <tcl.h> #ifdef NANO_TCL_HAVE_OPENMP # include <omp.h> #endif #include "randombytes.h" #include "monocypher.h" ~~#include "~~tweet~~n~~acl~~.h" #include "~~blake2~~.h"~~ #include "argon2.h" #include "aes.h" ~~#define NANO_SECRET_KEY_LENGTH ~~(crypto_sign_SECRETKEYBYTES - crypto_sign_PUBLICKEYBYTES)~~ #define NANO_PUBLIC_KEY_LENGTH ~~(crypto_sign_PUBLICKEYBYTES)~~~~ #define NANO_SECRET_KEY_LENGTH 32 #define NANO_PUBLIC_KEY_LENGTH 32 #define NANO_BLOCK_HASH_LENGTH 32 ~~#define NANO_BLOCK_SIGNATURE_LENGTH ~~crypto_sign_BYTES~~~~ #define NANO_BLOCK_SIGNATURE_LENGTH 64 #define NANO_WORK_VALUE_LENGTH 8 #define NANO_WORK_HASH_LENGTH 8 #define NANO_WORK_DEFAULT_MIN 0xffffffc000000000LLU #define NANO_KDF_ARGON2_MEMORY 64 1024 #define NANO_KDF_ARGON2_TIMING 1 #define NANO_KDF_ARGON2_THREADS 1 #define TclNano_AttemptAlloc(x) ((void ) Tcl_AttemptAlloc(x)) #define TclNano_Free(x) Tcl_Free((char ) x) #define TclNano_SetIntVar(interp, name, intValue) \ tclobj_ret = Tcl_SetVar2Ex(interp, name, NULL, Tcl_NewIntObj(intValue), TCL_GLOBAL_ONLY \| TCL_LEAVE_ERR_MSG); \ if (!tclobj_ret) { \ return(TCL_ERROR); \
︙
48 49 50 51 52 53 54 ~~55 56 57~~ 58 59 60 61 62 63 64 65 66 67 ~~68 69 70 71 72 73 74 75 76~~ 77 ~~78 79~~ 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 ~~97 98 99~~ ~~100 101~~ 102 103 104 105 106 107 108	55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102	- - - + + + - + - - - - - - - - - + - - + - + - + - + - - - + - -	#define TclNano_PkgProvide(interp, name, version) \ tclcmd_ret = Tcl_PkgProvide(interp, name, version); \ if (tclcmd_ret != TCL_OK) { \ return(tclcmd_ret); \ } static unsigned char nano_parse_secret_key(Tcl_Obj secret_key_only_obj, int out_key_length) { unsigned char secret_key, public_key, secret_key_only; int ~~secret_key_length,~~ secret_key_only_length; static unsigned char nano_parse_secret_key(Tcl_Obj secret_key_only_obj, unsigned char public_key, int public_key_length) { unsigned char secret_key_only; int secret_key_only_length; secret_key_only = Tcl_GetByteArrayFromObj(secret_key_only_obj, &secret_key_only_length); if (secret_key_only_length != NANO_SECRET_KEY_LENGTH) { return(NULL); } ~~if (~~(NANO~~_~~SECRET~~_~~KEY_LENGTH~~ + NANO_PUBLIC_KEY_LENGTH~~) != crypto_sign_SECRETKEYBYTES~~) {~~ if (public_key_length != NANO_PUBLIC_KEY_LENGTH) { return(NULL); } ~~secret_key_length = crypto_sign_SECRETKEYBYTES;~~ ~~secret_key = TclNano_AttemptAlloc(secret_key_length);~~ ~~if (!secret_key) {~~ ~~return(NULL);~~ } ~~memcpy(secret_key, secret_key_only, secret_key_only_length);~~ ~~public_key = secret_key + secret_key_only_length;~~ crypto_sign_key~~pair~~(public_key, secret_key~~, 0~~); crypto_sign_public_key(public_key, secret_key_only); out_key_length = secret_key_length; return(sec~~ret~~_key); return(public_key); } static int nano_tcl_generate_keypair(ClientData clientData, Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { ~~unsigned char secret_key[~~crypto_sign~~_SECRETKEY~~BYTES~~], public_key[~~crypto_sign~~_PUBLICKEY~~BYTES~~];~~ unsigned char secret_key[NANO_SECRET_KEY_LENGTH], public_key[NANO_PUBLIC_KEY_LENGTH]; unsigned char seed, *buffer, buffer_s[NANO_SECRET_KEY_LENGTH + 4]; long seed_index; int seed_length, buffer_length; ~~int ~~csk_ret,~~ tglfo_ret;~~ int tglfo_ret; if (objc != 1 && objc != 3) { Tcl_WrongNumArgs(interp, 1, objv, "?seed index?"); return(TCL_ERROR); } if (objc == 1) { ~~cs~~k_ret = crypto_sign_keypair(public_key,~~ secret_key, 1);~~ randombytes(secret_key, NANO_SECRET_KEY_LENGTH); ~~if (csk_ret != 0) {~~ ~~Tcl_SetResult(interp, "Internal error", NULL);~~ crypto_sign_public_key(public_key, secret_key); ~~~~return(TCL_ERROR);~~ }~~ } else { seed = Tcl_GetByteArrayFromObj(objv[1], &seed_length); if (seed_length != NANO_SECRET_KEY_LENGTH) { Tcl_SetResult(interp, "Seed is not the right size", NULL); return(TCL_ERROR); }
︙
125 126 127 128 129 130 131 ~~132~~ 133 134 135 136 137 138 139	119 120 121 122 123 124 125 126 127 128 129 130 131 132 133	- +	buffer += seed_length; buffer[0] = (seed_index >> 24) & 0xff; buffer[1] = (seed_index >> 16) & 0xff; buffer[2] = (seed_index >> 8) & 0xff; buffer[3] = seed_index & 0xff; buffer -= seed_length; ~~blake2b(secret_key, NANO_SECRET_KEY_LENGTH, buffer, buffer_length~~, NULL, 0~~);~~ crypto_blake2b_general(secret_key, NANO_SECRET_KEY_LENGTH, NULL, 0, buffer, buffer_length); } Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(secret_key, NANO_SECRET_KEY_LENGTH)); return(TCL_OK); /* NOTREACH */
︙
158 159 160 161 162 163 164 ~~165 166~~ 167 168 169 170 171 172 173 ~~174~~ ~~175 176~~ 177 ~~178 179 180 181~~ ~~182 183 184 185~~ ~~186 187 188 189~~ 190 191 192 ~~193 194~~ 195 196 197 198 199 200 201 ~~202 203 204 205~~ 206 207 208 209 210 211 212 213 ~~214 215 216~~ 217 ~~218 219 220 221 222~~ 223 224 225 226 227 ~~228 229~~ ~~230 231 232~~ 233 234 235 236 ~~237 238 239 240 241~~ ~~242 243 244 245~~ 246 247 248 ~~249 250 251~~ 252 253 254 255 256 257 258 ~~259 260 261~~ ~~262~~ 263 264 265 266 267 268 269	152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231	- - + + + - + - - - - - - + - - - - + - - - - - - - - - - + + + + - - - - - - - - + + - - + + - - - + + - - - - - + - - - - - - - - - - + + + -	return(TCL_OK); /* NOTREACH / clientData = clientData; } static int nano_tcl_secret_key_to_public_key(ClientData clientData, Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { ~~~~unsigned~~ c~~har~~ secret~~_key, public~~_key; int ~~secret_key_length,~~ public_key_length;~~ Tcl_Obj secret_key; unsigned char public_key, public_key_buffer[NANO_PUBLIC_KEY_LENGTH]; int public_key_length; if (objc != 2) { Tcl_WrongNumArgs(interp, 1, objv, "secretKey"); return(TCL_ERROR); } ~~secret_key = ~~Tcl_GetByteArrayFromObj(~~objv[1]~~, &secret_key_length)~~;~~ secret_key = objv[1]; ~~if (secret_key_length != NANO_SECRET_KEY_LENGTH) {~~ ~~Tcl_SetResult(interp, "Secret key is not the right size", NULL);~~ ~~~~return(TCL_ERROR);~~ } public_key_length = ~~NANO~~_~~PUBLIC~~_~~KEY_LENGTH~~;~~ public_key_length = sizeof(public_key_buffer); ~~public_key = TclNano_AttemptAlloc(public_key_length);~~ ~~if (!public_key) {~~ ~~Tcl_SetResult(interp, "Internal error", NULL);~~ public_key = nano_parse_secret_key(secret_key, public_key_buffer, public_key_length); ~~return(TCL_ERROR);~~ } ~~crypto_sign_keypair(public_key, secret_key, 0);~~ Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(public_key, public_key_length)); ~~TclNano_Free(public_key);~~ return(TCL_OK); / NOTREACH / clientData = clientData; } static int nano_tcl_sign_detached(ClientData clientData, Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { ~~~~int~~ c~~s_ret~~; unsigned char si~~gnature, data, secret~~_key; unsigned ~~long~~ ~~long sign~~ature_l~~ength~~; int data_length, secret_key_length;~~ unsigned char signature[NANO_BLOCK_SIGNATURE_LENGTH]; unsigned char public_key_buffer[NANO_PUBLIC_KEY_LENGTH]; unsigned char data, secret_key, public_key; int data_length, public_key_length, secret_key_length; if (objc != 3) { Tcl_WrongNumArgs(interp, 1, objv, "data secretKey"); return(TCL_ERROR); } data = Tcl_GetByteArrayFromObj(objv[1], &data_length); ~~signature_length = data_length + NANO_BLOCK_SIGNATURE_LENGTH;~~ ~~if (signature_length >= UINT_MAX) {~~ ~~Tcl_SetResult(interp, "Input message too long", NULL);~~ ~~~~return(TCL_ERROR);~~ } secret_key = ~~nano_parse_secr~~et~~_key~~(objv[2], &secret_key_length); if (!secret_key) {~~ secret_key = Tcl_GetByteArrayFromObj(objv[2], &secret_key_length); if (secret_key_length != NANO_SECRET_KEY_LENGTH) { Tcl_SetResult(interp, "Secret key is not the right size", NULL); return(TCL_ERROR); } ~~si~~gnature = TclNano_AttemptAlloc(signature~~_length); if ~~(!sig~~nature~~) {~~~~ public_key_length = sizeof(public_key_buffer); public_key = nano_parse_secret_key(objv[2], public_key_buffer, public_key_length); ~~~~TclNano_Free(secret_key);~~ Tcl_SetResult(interp, "Un~~able~~ to al~~locate memor~~y", NULL);~~ if (!public_key) { Tcl_SetResult(interp, "Error converting secret key to public key", NULL); return(TCL_ERROR); } ~~cs_ret = crypto_sign(signature, &signature_length, data, data_length, secret_key);~~ ~~if (cs_ret != 0) {~~ ~~TclNano_Free(secret_key);~~ ~~TclNano_Free(signature);~~ crypto_sign(signature, secret_key, public_key, data, data_length); ~~~~Tcl_SetResult(interp, "crypto_sign failed", NULL);~~ ~~return(TCL_ERROR);~~ }~~ Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(signature, NANO_BLOCK_SIGNATURE_LENGTH)); ~~TclNano_Free(signature);~~ ~~TclNano_Free(secret_key);~~ return(TCL_OK); / NOTREACH / clientData = clientData; } static int nano_tcl_verify_detached(ClientData clientData, Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { ~~int cso_ret; unsigned char signature, data, signed_data, verify_data, public_key; int signature_length, data_length, ~~signed_data_length, verify_data_length,~~ public_key_length;~~ int cc_ret; unsigned char signature, data, *public_key; int signature_length, data_length, public_key_length; ~~unsigned long long verify_data_length_nacl;~~ int result; if (objc != 4) { Tcl_WrongNumArgs(interp, 1, objv, "data signature publicKey"); return(TCL_ERROR); }
︙
279 280 281 282 283 284 285 ~~286 287 288 289 290~~ ~~291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308~~ 309 ~~310~~ 311 312 313 ~~314 315 316 317~~ 318 319 320 321 322 323 324 325	241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344	- - - - - + - - - - - - - - - - - - - - - - - - - + + - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	public_key = Tcl_GetByteArrayFromObj(objv[3], &public_key_length); if (public_key_length != NANO_PUBLIC_KEY_LENGTH) { Tcl_SetResult(interp, "Public key is not the right size", NULL); return(TCL_ERROR); } ~~signed_data_length = data_length + signature_length;~~ ~~signed_data = TclNano_AttemptAlloc(signed_data_length);~~ ~~if (!signed_data) {~~ ~~Tcl_SetResult(interp, "Internal error", NULL);~~ cc_ret = crypto_check(signature, public_key, data, data_length); ~~return(TCL_ERROR);~~ } ~~memcpy(signed_data, signature, signature_length);~~ ~~memcpy(signed_data + signature_length, data, data_length);~~ ~~verify_data_length = signed_data_length;~~ ~~verify_data = TclNano_AttemptAlloc(verify_data_length);~~ ~~if (!verify_data) {~~ ~~TclNano_Free(verify_data);~~ ~~Tcl_SetResult(interp, "Internal error", NULL);~~ ~~return(TCL_ERROR);~~ } ~~verify_data_length_nacl = verify_data_length;~~ ~~cso_ret = crypto_sign_open(verify_data, &verify_data_length_nacl, signed_data, signed_data_length, public_key);~~ result = 0; ~~if (~~cso~~_ret ~~== 0~~) {~~ if (!cc_ret) { result = 1; } Tcl_SetObjResult(interp, Tcl_NewBooleanObj(result)); ~~~~TclNano_Free(signed_data);~~ ~~TclNano_Free(verify_data);~~ Tcl_SetObjResult(interp, Tcl_NewB~~ool~~eanObj(result));~~ return(TCL_OK); /* NOTREACH / clientData = clientData; } static int nano_tcl_derive_key_from_password(ClientData clientData, Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { void password, salt; int password_length, salt_length; unsigned char result[32]; int hash_ret; if (objc != 3) { Tcl_WrongNumArgs(interp, 1, objv, "password salt"); return(TCL_ERROR); } password = Tcl_GetByteArrayFromObj(objv[1], &password_length); salt = Tcl_GetByteArrayFromObj(objv[2], &salt_length); hash_ret = argon2_hash(NANO_KDF_ARGON2_TIMING, NANO_KDF_ARGON2_MEMORY, NANO_KDF_ARGON2_THREADS, password, password_length, salt, salt_length, result, sizeof(result), NULL, 0, Argon2_d, 0x10); if (hash_ret != ARGON2_OK) { Tcl_SetResult(interp, (char ) argon2_error_message(hash_ret), NULL); return(TCL_ERROR); } Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(result, sizeof(result))); return(TCL_OK); /* NOTREACH / clientData = clientData; } static int nano_tcl_aes256_ctr(ClientData clientData, Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { struct AES_ctx aes_handle; void key, iv, data; int key_length, iv_length, data_length; unsigned char result[128]; if (objc != 4) { Tcl_WrongNumArgs(interp, 1, objv, "key iv data"); return(TCL_ERROR); } key = Tcl_GetByteArrayFromObj(objv[1], &key_length); iv = Tcl_GetByteArrayFromObj(objv[2], &iv_length); data = Tcl_GetByteArrayFromObj(objv[3], &data_length); if (key_length != AES_KEYLEN) { Tcl_SetResult(interp, "Key is not the right size", NULL); return(TCL_ERROR); } if (iv_length != AES_BLOCKLEN) { Tcl_SetResult(interp, "IV is not the right size", NULL); return(TCL_ERROR); } if (data_length > sizeof(result)) { Tcl_SetResult(interp, "Data exceeds maximum size", NULL); return(TCL_ERROR); } memcpy(result, data, data_length); AES_init_ctx_iv(&aes_handle, key, iv); AES_CTR_xcrypt_buffer(&aes_handle, result, data_length); Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(result, AES_KEYLEN)); return(TCL_OK); /* NOTREACH / clientData = clientData; } static int nano_tcl_hash_data(ClientData clientData, Tcl_Interp interp, int objc, Tcl_Obj *const objv[]) {
︙
342 343 344 345 346 347 348 ~~349~~ 350 351 352 353 ~~354~~ 355 356 357 358 359 360 361 362 363 364 365 366 367 368 ~~369~~ 370 ~~371~~ 372 373 374 375 376 377 378 379 380 ~~381~~ ~~382 383 384 385 386~~ ~~387 388 389 390 391~~ ~~392 393 394 395 396~~ ~~397 398 399~~ 400 401 402 403 404 405 406	361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409	- + - + - + - - + - - - - - + - - - - - + - - - - - + - - -	if (result_length > sizeof(result)) { Tcl_SetResult(interp, "Hash length too large", NULL); return(TCL_ERROR); } ~~blake2b(result, result_length, data, data_length~~, NULL, 0~~);~~ crypto_blake2b_general(result, result_length, NULL, 0, data, data_length); } else { /* * Default to the same as the cryptographic primitive / ~~crypto_~~hash~~(result, data, data_length);~~ crypto_blake2b(result, data, data_length); result_length = NANO_BLOCK_SIGNATURE_LENGTH; } Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(result, result_length)); return(TCL_OK); / NOTREACH / clientData = clientData; } static int nano_validate_work(const unsigned char blockhash, const unsigned char *work, uint64_t workMin) { unsigned char workReversed[NANO_WORK_VALUE_LENGTH], workCheck[NANO_WORK_HASH_LENGTH]; unsigned int idxIn, idxOut; ~~blake2b_~~state~~ workhash_state;~~ crypto_blake2b_ctx workhash_state; uint64_t workValue; ~~int blake2_ret;~~ idxIn = sizeof(workReversed) - 1; idxOut = 0; while (idxOut < sizeof(workReversed)) { workReversed[idxOut] = work[idxIn]; idxOut++; idxIn--; } ~~~~blake2~~_~~ret =~~ blake2b_init(&workhash_state, sizeof(workCheck));~~ crypto_blake2b_general_init(&workhash_state, sizeof(workCheck), NULL, 0); ~~~~if (blake2_ret != 0) {~~ ~~return(0);~~ } ~~blake2~~_~~ret =~~ blake2b_update(&workhash_state, workReversed, sizeof(workReversed));~~ crypto_blake2b_update(&workhash_state, workReversed, sizeof(workReversed)); ~~~~if (blake2_ret != 0) {~~ ~~return(0);~~ } ~~blake2~~_~~ret =~~ blake2b_update(&workhash_state, blockhash, NANO_BLOCK_HASH_LENGTH);~~ crypto_blake2b_update(&workhash_state, blockhash, NANO_BLOCK_HASH_LENGTH); ~~~~if (blake2_ret != 0) {~~ ~~return(0);~~ } ~~blake2~~_~~ret =~~ blake2b_final(&workhash_state, workCheck~~, sizeof(workCheck)~~);~~ crypto_blake2b_final(&workhash_state, workCheck); ~~~~if (blake2_ret != 0) {~~ ~~return(0);~~ }~~ workValue = 0; for (idxIn = sizeof(workCheck); idxIn > 0; idxIn--) { workValue <<= 8; workValue \|= workCheck[idxIn - 1]; }
︙
415 416 417 418 419 420 421 ~~422~~ 423 424 425 426 427 428 429	418 419 420 421 422 423 424 425 426 427 428 429 430 431 432	- +	static void nano_generate_work(const unsigned char blockhash, unsigned char workOut, uint64_t workMin) { unsigned char work[NANO_WORK_VALUE_LENGTH]; unsigned int offset; int work_valid; memcpy(work, blockhash, sizeof(work)); ~~#pragma omp target map(tofrom:work)~~ /* XXX:TODO: INCOMPLETE OpenMP support #pragma omp target map(tofrom:work) */ while (1) { work_valid = nano_validate_work(blockhash, work, workMin); if (work_valid) { break; } offset = 0;
︙
530 531 532 533 534 535 536 ~~537~~ 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 ~~558 559 560 561 562 563 564~~ 565 566 567 568 ~~569 570~~ 571 572 573 574 575 576 577	533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571	- + - - - - - - - - -	return(TCL_OK); /* NOTREACH / clientData = clientData; } static int nano_tcl_random_bytes(ClientData clientData, Tcl_Interp interp, int objc, Tcl_Obj const objv[]) { ~~unsigned char buffer;~~ unsigned char buffer[128]; int number_of_bytes; int tgifo_ret; if (objc != 2) { Tcl_WrongNumArgs(interp, 1, objv, "numberOfBytes"); return(TCL_ERROR); } tgifo_ret = Tcl_GetIntFromObj(interp, objv[1], &number_of_bytes); if (tgifo_ret != TCL_OK) { return(tgifo_ret); } if (number_of_bytes > 128) { Tcl_SetResult(interp, "May only request 128 bytes of random data at once", NULL); return(TCL_ERROR); } ~~~~buffer = TclNano_AttemptAlloc(number_of_bytes);~~ ~~if (!buffer) {~~ ~~Tcl_SetResult(interp, "memory allocation failure", NULL);~~ ~~return(TCL_ERROR);~~ }~~ randombytes(buffer, number_of_bytes); Tcl_SetObjResult(interp, Tcl_NewByteArrayObj(buffer, number_of_bytes)); ~~TclNano_Free(buffer);~~ return(TCL_OK); /* NOTREACH / clientData = clientData; } static int nano_tcl_self_test(ClientData clientData, Tcl_Interp interp, int objc, Tcl_Obj *const objv[]) {
︙
624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640	618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636	+ +	TclNano_CreateObjCommand(interp, "::nano::internal::selfTest", nano_tcl_self_test); TclNano_CreateObjCommand(interp, "::nano::internal::generateKey", nano_tcl_generate_keypair); TclNano_CreateObjCommand(interp, "::nano::internal::generateSeed", nano_tcl_generate_seed); TclNano_CreateObjCommand(interp, "::nano::internal::publicKey", nano_tcl_secret_key_to_public_key); TclNano_CreateObjCommand(interp, "::nano::internal::signDetached", nano_tcl_sign_detached); TclNano_CreateObjCommand(interp, "::nano::internal::verifyDetached", nano_tcl_verify_detached); TclNano_CreateObjCommand(interp, "::nano::internal::hashData", nano_tcl_hash_data); TclNano_CreateObjCommand(interp, "::nano::internal::deriveKeyFromPassword", nano_tcl_derive_key_from_password); TclNano_CreateObjCommand(interp, "::nano::internal::AES256-CTR", nano_tcl_aes256_ctr); TclNano_CreateObjCommand(interp, "::nano::internal::validateWork", nano_tcl_validate_work); TclNano_CreateObjCommand(interp, "::nano::internal::generateWork", nano_tcl_generate_work); TclNano_CreateObjCommand(interp, "::nano::internal::randomBytes", nano_tcl_random_bytes); TclNano_Eval(interp, nanoInitScript); TclNano_PkgProvide(interp, "nano", PACKAGE_VERSION); return(TCL_OK); }












































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	PREFIX := $(shell pwd)/INST all: out/argon2.c out/argon2.h out/argon2.c: src/argon2.c src/ref.c src/core.c src/blake2b.c src/encoding.c monocypher-blake2b.h Makefile mkdir -p out echo '#define ARGON2_NO_THREADS 1' > out/argon2.c.new.1 echo '#define ARGON2_INTERNAL_ONLY 1' >> out/argon2.c.new.1 cat monocypher-blake2b.h >> out/argon2.c.new.1 echo '#include "argon2.h"' >> out/argon2.c.new.1 sed '/^#include "/ d' src/argon2.c >> out/argon2.c.new.1 sed '/^#include "/ d' src/encoding.c >> out/argon2.c.new.1 sed '/^#include "/ d' src/ref.c >> out/argon2.c.new.1 sed '/#include "/ d;/#include/ b;/Argon2 Team - Begin Code/,/Argon2 Team - End Code/ b;d' src/blake2b.c >> out/argon2.c.new.1 sed '/^#include "/ d' src/core.c >> out/argon2.c.new.1 sed -r '/( \|\)argon(2_ctx\|2_verify\|2_hash\|2_type2\|2_error_message\|2_encodedlen\|2i_\|2d_\|2id_)/ b;/:/ b;/^(static\|extern\|enum\|typedef) / b;s@^[a-z]@static &@' out/argon2.c.new.1 > out/argon2.c.new.2 rm -f out/argon2.c.new.1 sed 's@malloc(@(void ) Tcl_AttemptAlloc(@g;s@free(@Tcl_Free((void ) @g' out/argon2.c.new.2 > out/argon2.c.new.1 rm -f out/argon2.c.new.2 mv out/argon2.c.new.1 out/argon2.c out/argon2.h: src/argon2.h src/blamka-round-ref.h src/core.h src/encoding.h Makefile mkdir -p out cat src/argon2.h > out/argon2.h.new.1 echo '#ifdef ARGON2_INTERNAL_ONLY' >> out/argon2.h.new.1 cat src/blamka-round-ref.h src/core.h src/encoding.h >> out/argon2.h.new.1 echo '#endif' >> out/argon2.h.new.1 sed -r '/^extern int FLAG/ d;/#include "/ d;/( \|\)argon(2_ctx\|2_verify\|2_hash\|2_type2\|2_error_message\|2_encodedlen\|2i_\|2d_\|2id_)/ b;/:/ b;/^(static\|extern\|enum\|typedef) / b;s@^[a-z]@static &@' out/argon2.h.new.1 > out/argon2.h.new.2 rm -f out/argon2.h.new.1 mv out/argon2.h.new.2 out/argon2.h install: out/argon2.c out/argon2.h mkdir -p '$(PREFIX)' cp out/argon2.c out/argon2.h '$(PREFIX)' clean: rm -f out/argon2.c out/argon2.h rm -f out/argon2.c.new.1 out/argon2.c.new.2 rm -f out/argon2.h.new.1 out/argon2.h.new.2 -rmdir out distclean: clean .PHONY: all install clean distclean





























































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	#define crypto_hash(out, in, inlen) crypto_blake2b(out, in, inlen) #define blake2b(out, outlen, in, inlen, key, keylen) 0, crypto_blake2b_general(out, outlen, key, keylen, in, inlen) #define blake2b_state crypto_blake2b_ctx #define blake2b_init(ctx, outlen) 0; crypto_blake2b_general_init(ctx, outlen, NULL, 0) #define blake2b_update(ctx, in, inlen) 0; crypto_blake2b_update(ctx, in, inlen) #define blake2b_final(ctx, out, ignore1) 0; crypto_blake2b_final(ctx, out) #define BLAKE2_INLINE #define BLAKE2B_OUTBYTES 64 #include <stdint.h> #include <tcl.h> #include "monocypher.h" static BLAKE2_INLINE uint64_t rotr64(uint64_t x, uint64_t n) { return (x >> n) ^ (x << (64 - n)); } static BLAKE2_INLINE void store32( void dst, uint32_t w ) { #if defined(NATIVE_LITTLE_ENDIAN) memcpy(dst, &w, sizeof w); #else uint8_t p = ( uint8_t * )dst; p[0] = (uint8_t)(w >> 0); p[1] = (uint8_t)(w >> 8); p[2] = (uint8_t)(w >> 16); p[3] = (uint8_t)(w >> 24); #endif } static BLAKE2_INLINE void store64( void dst, uint64_t w ) { #if defined(NATIVE_LITTLE_ENDIAN) memcpy(dst, &w, sizeof w); #else uint8_t p = ( uint8_t * )dst; p[0] = (uint8_t)(w >> 0); p[1] = (uint8_t)(w >> 8); p[2] = (uint8_t)(w >> 16); p[3] = (uint8_t)(w >> 24); p[4] = (uint8_t)(w >> 32); p[5] = (uint8_t)(w >> 40); p[6] = (uint8_t)(w >> 48); p[7] = (uint8_t)(w >> 56); #endif } static BLAKE2_INLINE uint64_t load64( const void src ) { #if defined(NATIVE_LITTLE_ENDIAN) uint64_t w; memcpy(&w, src, sizeof w); return w; #else const uint8_t p = ( const uint8_t * )src; return (( uint64_t )( p[0] ) << 0) \| (( uint64_t )( p[1] ) << 8) \| (( uint64_t )( p[2] ) << 16) \| (( uint64_t )( p[3] ) << 24) \| (( uint64_t )( p[4] ) << 32) \| (( uint64_t )( p[5] ) << 40) \| (( uint64_t )( p[6] ) << 48) \| (( uint64_t )( p[7] ) << 56) ; #endif }




































































































































































































































































































































































































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. / #include <string.h> #include <stdlib.h> #include <stdio.h> #include "argon2.h" #include "encoding.h" #include "core.h" const char argon2_type2string(argon2_type type, int uppercase) { switch (type) { case Argon2_d: return uppercase ? "Argon2d" : "argon2d"; case Argon2_i: return uppercase ? "Argon2i" : "argon2i"; case Argon2_id: return uppercase ? "Argon2id" : "argon2id"; } return NULL; } int argon2_ctx(argon2_context context, argon2_type type) { / 1. Validate all inputs / int result = validate_inputs(context); uint32_t memory_blocks, segment_length; argon2_instance_t instance; if (ARGON2_OK != result) { return result; } if (Argon2_d != type && Argon2_i != type && Argon2_id != type) { return ARGON2_INCORRECT_TYPE; } / 2. Align memory size / / Minimum memory_blocks = 8L blocks, where L is the number of lanes / memory_blocks = context->m_cost; if (memory_blocks < 2 ARGON2_SYNC_POINTS * context->lanes) { memory_blocks = 2 * ARGON2_SYNC_POINTS * context->lanes; } segment_length = memory_blocks / (context->lanes * ARGON2_SYNC_POINTS); /* Ensure that all segments have equal length / memory_blocks = segment_length (context->lanes * ARGON2_SYNC_POINTS); instance.version = context->version; instance.memory = NULL; instance.passes = context->t_cost; instance.memory_blocks = memory_blocks; instance.segment_length = segment_length; instance.lane_length = segment_length * ARGON2_SYNC_POINTS; instance.lanes = context->lanes; instance.threads = context->threads; instance.type = type; if (instance.threads > instance.lanes) { instance.threads = instance.lanes; } /* 3. Initialization: Hashing inputs, allocating memory, filling first * blocks / result = initialize(&instance, context); if (ARGON2_OK != result) { return result; } / 4. Filling memory / result = fill_memory_blocks(&instance); if (ARGON2_OK != result) { return result; } / 5. Finalization / finalize(context, &instance); return ARGON2_OK; } int argon2_hash(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void pwd, const size_t pwdlen, const void salt, const size_t saltlen, void hash, const size_t hashlen, char encoded, const size_t encodedlen, argon2_type type, const uint32_t version){ argon2_context context; int result; uint8_t out; if (pwdlen > ARGON2_MAX_PWD_LENGTH) { return ARGON2_PWD_TOO_LONG; } if (saltlen > ARGON2_MAX_SALT_LENGTH) { return ARGON2_SALT_TOO_LONG; } if (hashlen > ARGON2_MAX_OUTLEN) { return ARGON2_OUTPUT_TOO_LONG; } if (hashlen < ARGON2_MIN_OUTLEN) { return ARGON2_OUTPUT_TOO_SHORT; } out = malloc(hashlen); if (!out) { return ARGON2_MEMORY_ALLOCATION_ERROR; } context.out = (uint8_t )out; context.outlen = (uint32_t)hashlen; context.pwd = CONST_CAST(uint8_t )pwd; context.pwdlen = (uint32_t)pwdlen; context.salt = CONST_CAST(uint8_t )salt; context.saltlen = (uint32_t)saltlen; context.secret = NULL; context.secretlen = 0; context.ad = NULL; context.adlen = 0; context.t_cost = t_cost; context.m_cost = m_cost; context.lanes = parallelism; context.threads = parallelism; context.allocate_cbk = NULL; context.free_cbk = NULL; context.flags = ARGON2_DEFAULT_FLAGS; context.version = version; result = argon2_ctx(&context, type); if (result != ARGON2_OK) { clear_internal_memory(out, hashlen); free(out); return result; } / if raw hash requested, write it / if (hash) { memcpy(hash, out, hashlen); } / if encoding requested, write it / if (encoded && encodedlen) { if (encode_string(encoded, encodedlen, &context, type) != ARGON2_OK) { clear_internal_memory(out, hashlen); / wipe buffers if error / clear_internal_memory(encoded, encodedlen); free(out); return ARGON2_ENCODING_FAIL; } } clear_internal_memory(out, hashlen); free(out); return ARGON2_OK; } int argon2i_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void pwd, const size_t pwdlen, const void salt, const size_t saltlen, const size_t hashlen, char encoded, const size_t encodedlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, NULL, hashlen, encoded, encodedlen, Argon2_i, ARGON2_VERSION_NUMBER); } int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void pwd, const size_t pwdlen, const void salt, const size_t saltlen, void hash, const size_t hashlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, hash, hashlen, NULL, 0, Argon2_i, ARGON2_VERSION_NUMBER); } int argon2d_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void pwd, const size_t pwdlen, const void salt, const size_t saltlen, const size_t hashlen, char encoded, const size_t encodedlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, NULL, hashlen, encoded, encodedlen, Argon2_d, ARGON2_VERSION_NUMBER); } int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void pwd, const size_t pwdlen, const void salt, const size_t saltlen, void hash, const size_t hashlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, hash, hashlen, NULL, 0, Argon2_d, ARGON2_VERSION_NUMBER); } int argon2id_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void pwd, const size_t pwdlen, const void salt, const size_t saltlen, const size_t hashlen, char encoded, const size_t encodedlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, NULL, hashlen, encoded, encodedlen, Argon2_id, ARGON2_VERSION_NUMBER); } int argon2id_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void pwd, const size_t pwdlen, const void salt, const size_t saltlen, void hash, const size_t hashlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, hash, hashlen, NULL, 0, Argon2_id, ARGON2_VERSION_NUMBER); } static int argon2_compare(const uint8_t b1, const uint8_t b2, size_t len) { size_t i; uint8_t d = 0U; for (i = 0U; i < len; i++) { d \|= b1[i] ^ b2[i]; } return (int)((1 & ((d - 1) >> 8)) - 1); } int argon2_verify(const char encoded, const void pwd, const size_t pwdlen, argon2_type type) { argon2_context ctx; uint8_t desired_result = NULL; int ret = ARGON2_OK; size_t encoded_len; uint32_t max_field_len; if (pwdlen > ARGON2_MAX_PWD_LENGTH) { return ARGON2_PWD_TOO_LONG; } if (encoded == NULL) { return ARGON2_DECODING_FAIL; } encoded_len = strlen(encoded); if (encoded_len > UINT32_MAX) { return ARGON2_DECODING_FAIL; } /* No field can be longer than the encoded length / max_field_len = (uint32_t)encoded_len; ctx.saltlen = max_field_len; ctx.outlen = max_field_len; ctx.salt = malloc(ctx.saltlen); ctx.out = malloc(ctx.outlen); if (!ctx.salt \|\| !ctx.out) { ret = ARGON2_MEMORY_ALLOCATION_ERROR; goto fail; } ctx.pwd = (uint8_t )pwd; ctx.pwdlen = (uint32_t)pwdlen; ret = decode_string(&ctx, encoded, type); if (ret != ARGON2_OK) { goto fail; } /* Set aside the desired result, and get a new buffer. / desired_result = ctx.out; ctx.out = malloc(ctx.outlen); if (!ctx.out) { ret = ARGON2_MEMORY_ALLOCATION_ERROR; goto fail; } ret = argon2_verify_ctx(&ctx, (char )desired_result, type); if (ret != ARGON2_OK) { goto fail; } fail: free(ctx.salt); free(ctx.out); free(desired_result); return ret; } int argon2i_verify(const char encoded, const void pwd, const size_t pwdlen) { return argon2_verify(encoded, pwd, pwdlen, Argon2_i); } int argon2d_verify(const char encoded, const void pwd, const size_t pwdlen) { return argon2_verify(encoded, pwd, pwdlen, Argon2_d); } int argon2id_verify(const char encoded, const void pwd, const size_t pwdlen) { return argon2_verify(encoded, pwd, pwdlen, Argon2_id); } int argon2d_ctx(argon2_context context) { return argon2_ctx(context, Argon2_d); } int argon2i_ctx(argon2_context context) { return argon2_ctx(context, Argon2_i); } int argon2id_ctx(argon2_context context) { return argon2_ctx(context, Argon2_id); } int argon2_verify_ctx(argon2_context context, const char hash, argon2_type type) { int ret = argon2_ctx(context, type); if (ret != ARGON2_OK) { return ret; } if (argon2_compare((uint8_t )hash, context->out, context->outlen)) { return ARGON2_VERIFY_MISMATCH; } return ARGON2_OK; } int argon2d_verify_ctx(argon2_context context, const char hash) { return argon2_verify_ctx(context, hash, Argon2_d); } int argon2i_verify_ctx(argon2_context context, const char hash) { return argon2_verify_ctx(context, hash, Argon2_i); } int argon2id_verify_ctx(argon2_context context, const char hash) { return argon2_verify_ctx(context, hash, Argon2_id); } const char *argon2_error_message(int error_code) { switch (error_code) { case ARGON2_OK: return "OK"; case ARGON2_OUTPUT_PTR_NULL: return "Output pointer is NULL"; case ARGON2_OUTPUT_TOO_SHORT: return "Output is too short"; case ARGON2_OUTPUT_TOO_LONG: return "Output is too long"; case ARGON2_PWD_TOO_SHORT: return "Password is too short"; case ARGON2_PWD_TOO_LONG: return "Password is too long"; case ARGON2_SALT_TOO_SHORT: return "Salt is too short"; case ARGON2_SALT_TOO_LONG: return "Salt is too long"; case ARGON2_AD_TOO_SHORT: return "Associated data is too short"; case ARGON2_AD_TOO_LONG: return "Associated data is too long"; case ARGON2_SECRET_TOO_SHORT: return "Secret is too short"; case ARGON2_SECRET_TOO_LONG: return "Secret is too long"; case ARGON2_TIME_TOO_SMALL: return "Time cost is too small"; case ARGON2_TIME_TOO_LARGE: return "Time cost is too large"; case ARGON2_MEMORY_TOO_LITTLE: return "Memory cost is too small"; case ARGON2_MEMORY_TOO_MUCH: return "Memory cost is too large"; case ARGON2_LANES_TOO_FEW: return "Too few lanes"; case ARGON2_LANES_TOO_MANY: return "Too many lanes"; case ARGON2_PWD_PTR_MISMATCH: return "Password pointer is NULL, but password length is not 0"; case ARGON2_SALT_PTR_MISMATCH: return "Salt pointer is NULL, but salt length is not 0"; case ARGON2_SECRET_PTR_MISMATCH: return "Secret pointer is NULL, but secret length is not 0"; case ARGON2_AD_PTR_MISMATCH: return "Associated data pointer is NULL, but ad length is not 0"; case ARGON2_MEMORY_ALLOCATION_ERROR: return "Memory allocation error"; case ARGON2_FREE_MEMORY_CBK_NULL: return "The free memory callback is NULL"; case ARGON2_ALLOCATE_MEMORY_CBK_NULL: return "The allocate memory callback is NULL"; case ARGON2_INCORRECT_PARAMETER: return "Argon2_Context context is NULL"; case ARGON2_INCORRECT_TYPE: return "There is no such version of Argon2"; case ARGON2_OUT_PTR_MISMATCH: return "Output pointer mismatch"; case ARGON2_THREADS_TOO_FEW: return "Not enough threads"; case ARGON2_THREADS_TOO_MANY: return "Too many threads"; case ARGON2_MISSING_ARGS: return "Missing arguments"; case ARGON2_ENCODING_FAIL: return "Encoding failed"; case ARGON2_DECODING_FAIL: return "Decoding failed"; case ARGON2_THREAD_FAIL: return "Threading failure"; case ARGON2_DECODING_LENGTH_FAIL: return "Some of encoded parameters are too long or too short"; case ARGON2_VERIFY_MISMATCH: return "The password does not match the supplied hash"; default: return "Unknown error code"; } } size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, uint32_t parallelism, uint32_t saltlen, uint32_t hashlen, argon2_type type) { return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) + numlen(t_cost) + numlen(m_cost) + numlen(parallelism) + b64len(saltlen) + b64len(hashlen) + numlen(ARGON2_VERSION_NUMBER) + 1; }


























































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	#ifndef _AES_H_ #define _AES_H_ #include <stdint.h> // #define the macros below to 1/0 to enable/disable the mode of operation. // // CBC enables AES encryption in CBC-mode of operation. // CTR enables encryption in counter-mode. // ECB enables the basic ECB 16-byte block algorithm. All can be enabled simultaneously. // The #ifndef-guard allows it to be configured before #include'ing or at compile time. #ifndef CBC #define CBC 1 #endif #ifndef ECB #define ECB 1 #endif #ifndef CTR #define CTR 1 #endif #define AES128 1 //#define AES192 1 //#define AES256 1 #define AES_BLOCKLEN 16 //Block length in bytes AES is 128b block only #if defined(AES256) && (AES256 == 1) #define AES_KEYLEN 32 #define AES_keyExpSize 240 #elif defined(AES192) && (AES192 == 1) #define AES_KEYLEN 24 #define AES_keyExpSize 208 #else #define AES_KEYLEN 16 // Key length in bytes #define AES_keyExpSize 176 #endif struct AES_ctx { uint8_t RoundKey[AES_keyExpSize]; #if (defined(CBC) && (CBC == 1)) \|\| (defined(CTR) && (CTR == 1)) uint8_t Iv[AES_BLOCKLEN]; #endif }; void AES_init_ctx(struct AES_ctx* ctx, const uint8_t* key); #if (defined(CBC) && (CBC == 1)) \|\| (defined(CTR) && (CTR == 1)) void AES_init_ctx_iv(struct AES_ctx* ctx, const uint8_t* key, const uint8_t* iv); void AES_ctx_set_iv(struct AES_ctx* ctx, const uint8_t* iv); #endif #if defined(ECB) && (ECB == 1) // buffer size is exactly AES_BLOCKLEN bytes; // you need only AES_init_ctx as IV is not used in ECB // NB: ECB is considered insecure for most uses void AES_ECB_encrypt(struct AES_ctx* ctx, uint8_t* buf); void AES_ECB_decrypt(struct AES_ctx* ctx, uint8_t* buf); #endif // #if defined(ECB) && (ECB == !) #if defined(CBC) && (CBC == 1) // buffer size MUST be mutile of AES_BLOCKLEN; // Suggest https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7 for padding scheme // NOTES: you need to set IV in ctx via AES_init_ctx_iv() or AES_ctx_set_iv() // no IV should ever be reused with the same key void AES_CBC_encrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, uint32_t length); void AES_CBC_decrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, uint32_t length); #endif // #if defined(CBC) && (CBC == 1) #if defined(CTR) && (CTR == 1) // Same function for encrypting as for decrypting. // IV is incremented for every block, and used after encryption as XOR-compliment for output // Suggesting https://en.wikipedia.org/wiki/Padding_(cryptography)#PKCS7 for padding scheme // NOTES: you need to set IV in ctx with AES_init_ctx_iv() or AES_ctx_set_iv() // no IV should ever be reused with the same key void AES_CTR_xcrypt_buffer(struct AES_ctx* ctx, uint8_t* buf, uint32_t length); #endif // #if defined(CTR) && (CTR == 1) #endif //_AES_H_
























































































































































































































































































1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280	+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +	#ifndef MONOCYPHER_H #define MONOCYPHER_H #include <inttypes.h> #include <stddef.h> //////////////////////// /// Type definitions /// //////////////////////// // Do not rely on the size or content on any of those types, // they may change without notice. // Chacha20 typedef struct { uint32_t input[16]; // current input, unencrypted uint32_t pool [16]; // last input, encrypted size_t pool_idx; // pointer to random_pool } crypto_chacha_ctx; // Poly1305 typedef struct { uint32_t r[4]; // constant multiplier (from the secret key) uint32_t h[5]; // accumulated hash uint32_t c[5]; // chunk of the message uint32_t pad[4]; // random number added at the end (from the secret key) size_t c_idx; // How many bytes are there in the chunk. } crypto_poly1305_ctx; // Authenticated encryption typedef struct { crypto_chacha_ctx chacha; crypto_poly1305_ctx poly; uint64_t ad_size; uint64_t message_size; int ad_phase; } crypto_lock_ctx; #define crypto_unlock_ctx crypto_lock_ctx // Hash (Blake2b) typedef struct { uint64_t hash[8]; uint64_t input_offset[2]; uint64_t input[16]; size_t input_idx; size_t hash_size; } crypto_blake2b_ctx; // Signatures (EdDSA) #ifdef ED25519_SHA512 #include "sha512.h" typedef crypto_sha512_ctx crypto_hash_ctx; #else typedef crypto_blake2b_ctx crypto_hash_ctx; #endif typedef struct { crypto_hash_ctx hash; uint8_t buf[96]; uint8_t pk [32]; } crypto_sign_ctx; typedef struct { crypto_hash_ctx hash; uint8_t sig[64]; uint8_t pk [32]; } crypto_check_ctx; //////////////////////////// /// High level interface /// //////////////////////////// // Constant time comparisons // ------------------------- // Return 0 if a and b are equal, -1 otherwise int crypto_verify16(const uint8_t a[16], const uint8_t b[16]); int crypto_verify32(const uint8_t a[32], const uint8_t b[32]); int crypto_verify64(const uint8_t a[64], const uint8_t b[64]); // Erase sensitive data // -------------------- // Please erase all copies void crypto_wipe(void secret, size_t size); // Authenticated encryption // ------------------------ // Direct interface void crypto_lock(uint8_t mac[16], uint8_t cipher_text, const uint8_t key[32], const uint8_t nonce[24], const uint8_t plain_text, size_t text_size); int crypto_unlock(uint8_t plain_text, const uint8_t key[32], const uint8_t nonce[24], const uint8_t mac[16], const uint8_t cipher_text, size_t text_size); // Direct interface with additional data void crypto_lock_aead(uint8_t mac[16], uint8_t cipher_text, const uint8_t key[32], const uint8_t nonce[24], const uint8_t ad , size_t ad_size, const uint8_t plain_text, size_t text_size); int crypto_unlock_aead(uint8_t plain_text, const uint8_t key[32], const uint8_t nonce[24], const uint8_t mac[16], const uint8_t ad , size_t ad_size, const uint8_t cipher_text, size_t text_size); // Incremental interface (encryption) void crypto_lock_init(crypto_lock_ctx ctx, const uint8_t key[32], const uint8_t nonce[24]); void crypto_lock_auth_ad(crypto_lock_ctx ctx, const uint8_t message, size_t message_size); void crypto_lock_auth_message(crypto_lock_ctx ctx, const uint8_t cipher_text, size_t text_size); void crypto_lock_update(crypto_lock_ctx ctx, uint8_t cipher_text, const uint8_t plain_text, size_t text_size); void crypto_lock_final(crypto_lock_ctx ctx, uint8_t mac[16]); // Incremental interface (decryption) #define crypto_unlock_init crypto_lock_init #define crypto_unlock_auth_ad crypto_lock_auth_ad #define crypto_unlock_auth_message crypto_lock_auth_message void crypto_unlock_update(crypto_unlock_ctx ctx, uint8_t plain_text, const uint8_t cipher_text, size_t text_size); int crypto_unlock_final(crypto_unlock_ctx ctx, const uint8_t mac[16]); // General purpose hash (Blake2b) // ------------------------------ // Direct interface void crypto_blake2b(uint8_t hash[64], const uint8_t message, size_t message_size); void crypto_blake2b_general(uint8_t hash , size_t hash_size, const uint8_t key , size_t key_size, // optional const uint8_t message , size_t message_size); // Incremental interface void crypto_blake2b_init (crypto_blake2b_ctx ctx); void crypto_blake2b_update(crypto_blake2b_ctx ctx, const uint8_t message, size_t message_size); void crypto_blake2b_final (crypto_blake2b_ctx ctx, uint8_t hash); void crypto_blake2b_general_init(crypto_blake2b_ctx ctx, size_t hash_size, const uint8_t key, size_t key_size); // Password key derivation (Argon2 i) // ---------------------------------- void crypto_argon2i(uint8_t hash, uint32_t hash_size, // >= 4 void work_area, uint32_t nb_blocks, // >= 8 uint32_t nb_iterations, // >= 1 const uint8_t password, uint32_t password_size, const uint8_t salt, uint32_t salt_size); void crypto_argon2i_general(uint8_t hash, uint32_t hash_size,// >= 4 void work_area, uint32_t nb_blocks,// >= 8 uint32_t nb_iterations, // >= 1 const uint8_t password, uint32_t password_size, const uint8_t salt, uint32_t salt_size,// >= 8 const uint8_t key, uint32_t key_size, const uint8_t ad, uint32_t ad_size); // Key exchange (x25519 + HChacha20) // --------------------------------- #define crypto_key_exchange_public_key crypto_x25519_public_key int crypto_key_exchange(uint8_t shared_key [32], const uint8_t your_secret_key [32], const uint8_t their_public_key[32]); // Signatures (EdDSA with curve25519 + Blake2b) // -------------------------------------------- // Generate public key void crypto_sign_public_key(uint8_t public_key[32], const uint8_t secret_key[32]); // Direct interface void crypto_sign(uint8_t signature [64], const uint8_t secret_key[32], const uint8_t public_key[32], // optional, may be 0 const uint8_t message, size_t message_size); int crypto_check(const uint8_t signature [64], const uint8_t public_key[32], const uint8_t message, size_t message_size); // Incremental interface for signatures (2 passes) void crypto_sign_init_first_pass(crypto_sign_ctx ctx, const uint8_t secret_key[32], const uint8_t public_key[32]); void crypto_sign_update(crypto_sign_ctx ctx, const uint8_t message, size_t message_size); void crypto_sign_init_second_pass(crypto_sign_ctx ctx); // use crypto_sign_update() again. void crypto_sign_final(crypto_sign_ctx ctx, uint8_t signature[64]); // Incremental interface for verification (1 pass) void crypto_check_init (crypto_check_ctx ctx, const uint8_t signature[64], const uint8_t public_key[32]); void crypto_check_update(crypto_check_ctx ctx, const uint8_t message, size_t message_size); int crypto_check_final (crypto_check_ctx ctx); //////////////////////////// /// Low level primitives /// //////////////////////////// // For experts only. You have been warned. // Chacha20 // -------- // Specialised hash. void crypto_chacha20_H(uint8_t out[32], const uint8_t key[32], const uint8_t in [16]); void crypto_chacha20_init(crypto_chacha_ctx ctx, const uint8_t key[32], const uint8_t nonce[8]); void crypto_chacha20_x_init(crypto_chacha_ctx ctx, const uint8_t key[32], const uint8_t nonce[24]); void crypto_chacha20_set_ctr(crypto_chacha_ctx ctx, uint64_t ctr); void crypto_chacha20_encrypt(crypto_chacha_ctx ctx, uint8_t cipher_text, const uint8_t plain_text, size_t text_size); void crypto_chacha20_stream(crypto_chacha_ctx ctx, uint8_t stream, size_t size); // Poly 1305 // --------- // Direct interface void crypto_poly1305(uint8_t mac[16], const uint8_t message, size_t message_size, const uint8_t key[32]); // Incremental interface void crypto_poly1305_init (crypto_poly1305_ctx ctx, const uint8_t key[32]); void crypto_poly1305_update(crypto_poly1305_ctx ctx, const uint8_t message, size_t message_size); void crypto_poly1305_final (crypto_poly1305_ctx *ctx, uint8_t mac[16]); // X-25519 // ------- void crypto_x25519_public_key(uint8_t public_key[32], const uint8_t secret_key[32]); int crypto_x25519(uint8_t raw_shared_secret[32], const uint8_t your_secret_key [32], const uint8_t their_public_key [32]); #endif // MONOCYPHER_H