Added NaCl crypto library.

author: irungentoo <irungentoo@gmail.com> 2013-07-02 09:53:34 -0400
committer: irungentoo <irungentoo@gmail.com> 2013-07-02 09:53:34 -0400
commit: e2967396ac73cb7410787886cdaf072a184ffc49 (patch)
tree: 527a74d25a4a0705fc641994fd35bfab22662034 /nacl/crypto_auth
parent: 8928c817df345f29aa0b194743595aa11bd6a8ba (diff)
15 files changed, 406 insertions, 0 deletions
diff --git a/nacl/crypto_auth/hmacsha256/checksum b/nacl/crypto_auth/hmacsha256/checksum
new file mode 100644
index 00000000..2fa9604b
--- /dev/null
+++ b/nacl/crypto_auth/hmacsha256/checksum
@@ -0,0 +1 @@
+3bd7abd4f4dce04396f2ac7cb1cff70607f692411c49a1563b037d31e1662632
diff --git a/nacl/crypto_auth/hmacsha256/ref/api.h b/nacl/crypto_auth/hmacsha256/ref/api.h
new file mode 100644
index 00000000..c224d9d5
--- /dev/null
+++ b/nacl/crypto_auth/hmacsha256/ref/api.h
@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 32
+#define CRYPTO_KEYBYTES 32
diff --git a/nacl/crypto_auth/hmacsha256/ref/hmac.c b/nacl/crypto_auth/hmacsha256/ref/hmac.c
new file mode 100644
index 00000000..8ab30bb4
--- /dev/null
+++ b/nacl/crypto_auth/hmacsha256/ref/hmac.c
@@ -0,0 +1,83 @@
+/*
+ * 20080913
+ * D. J. Bernstein
+ * Public domain.
+ * */
+#include "crypto_hashblocks_sha256.h"
+#include "crypto_auth.h"
+#define blocks crypto_hashblocks_sha256
+typedef unsigned int uint32;
+static const char iv[32] = {
+  0x6a,0x09,0xe6,0x67,
+  0xbb,0x67,0xae,0x85,
+  0x3c,0x6e,0xf3,0x72,
+  0xa5,0x4f,0xf5,0x3a,
+  0x51,0x0e,0x52,0x7f,
+  0x9b,0x05,0x68,0x8c,
+  0x1f,0x83,0xd9,0xab,
+  0x5b,0xe0,0xcd,0x19,
+} ;
+int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char h[32];
+  unsigned char padded[128];
+  int i;
+  unsigned long long bits = 512 + (inlen << 3);
+  for (i = 0;i < 32;++i) h[i] = iv[i];
+  for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36;
+  for (i = 32;i < 64;++i) padded[i] = 0x36;
+  blocks(h,padded,64);
+  blocks(h,in,inlen);
+  in += inlen;
+  inlen &= 63;
+  in -= inlen;
+  for (i = 0;i < inlen;++i) padded[i] = in[i];
+  padded[inlen] = 0x80;
+  if (inlen < 56) {
+    for (i = inlen + 1;i < 56;++i) padded[i] = 0;
+    padded[56] = bits >> 56;
+    padded[57] = bits >> 48;
+    padded[58] = bits >> 40;
+    padded[59] = bits >> 32;
+    padded[60] = bits >> 24;
+    padded[61] = bits >> 16;
+    padded[62] = bits >> 8;
+    padded[63] = bits;
+    blocks(h,padded,64);
+  } else {
+    for (i = inlen + 1;i < 120;++i) padded[i] = 0;
+    padded[120] = bits >> 56;
+    padded[121] = bits >> 48;
+    padded[122] = bits >> 40;
+    padded[123] = bits >> 32;
+    padded[124] = bits >> 24;
+    padded[125] = bits >> 16;
+    padded[126] = bits >> 8;
+    padded[127] = bits;
+    blocks(h,padded,128);
+  }
+  for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c;
+  for (i = 32;i < 64;++i) padded[i] = 0x5c;
+  for (i = 0;i < 32;++i) padded[64 + i] = h[i];
+  for (i = 0;i < 32;++i) out[i] = iv[i];
+  for (i = 32;i < 64;++i) padded[64 + i] = 0;
+  padded[64 + 32] = 0x80;
+  padded[64 + 62] = 3;
+  blocks(out,padded,128);
+  return 0;
+}
diff --git a/nacl/crypto_auth/hmacsha256/ref/verify.c b/nacl/crypto_auth/hmacsha256/ref/verify.c
new file mode 100644
index 00000000..96ff0ea8
--- /dev/null
+++ b/nacl/crypto_auth/hmacsha256/ref/verify.c
@@ -0,0 +1,9 @@
+#include "crypto_verify_32.h"
+#include "crypto_auth.h"
+int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[32];
+  crypto_auth(correct,in,inlen,k);
+  return crypto_verify_32(h,correct);
+}
diff --git a/nacl/crypto_auth/hmacsha256/used b/nacl/crypto_auth/hmacsha256/used
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/crypto_auth/hmacsha256/used
diff --git a/nacl/crypto_auth/hmacsha512256/checksum b/nacl/crypto_auth/hmacsha512256/checksum
new file mode 100644
index 00000000..1c037f2d
--- /dev/null
+++ b/nacl/crypto_auth/hmacsha512256/checksum
@@ -0,0 +1 @@
+2f5e8a6a0cac012d8d001351d7d583e69f91390df46305c3608e0c2893491886
diff --git a/nacl/crypto_auth/hmacsha512256/ref/api.h b/nacl/crypto_auth/hmacsha512256/ref/api.h
new file mode 100644
index 00000000..c224d9d5
--- /dev/null
+++ b/nacl/crypto_auth/hmacsha512256/ref/api.h
@@ -0,0 +1,2 @@
+#define CRYPTO_BYTES 32
+#define CRYPTO_KEYBYTES 32
diff --git a/nacl/crypto_auth/hmacsha512256/ref/hmac.c b/nacl/crypto_auth/hmacsha512256/ref/hmac.c
new file mode 100644
index 00000000..56ebfa6b
--- /dev/null
+++ b/nacl/crypto_auth/hmacsha512256/ref/hmac.c
@@ -0,0 +1,86 @@
+/*
+ * 20080913
+ * D. J. Bernstein
+ * Public domain.
+ * */
+#include "crypto_hashblocks_sha512.h"
+#include "crypto_auth.h"
+#define blocks crypto_hashblocks_sha512
+typedef unsigned long long uint64;
+static const unsigned char iv[64] = {
+  0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,
+  0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,
+  0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,
+  0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,
+  0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,
+  0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,
+  0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,
+  0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79
+} ;
+int crypto_auth(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char h[64];
+  unsigned char padded[256];
+  int i;
+  unsigned long long bytes = 128 + inlen;
+  for (i = 0;i < 64;++i) h[i] = iv[i];
+  for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36;
+  for (i = 32;i < 128;++i) padded[i] = 0x36;
+  blocks(h,padded,128);
+  blocks(h,in,inlen);
+  in += inlen;
+  inlen &= 127;
+  in -= inlen;
+  for (i = 0;i < inlen;++i) padded[i] = in[i];
+  padded[inlen] = 0x80;
+  if (inlen < 112) {
+    for (i = inlen + 1;i < 119;++i) padded[i] = 0;
+    padded[119] = bytes >> 61;
+    padded[120] = bytes >> 53;
+    padded[121] = bytes >> 45;
+    padded[122] = bytes >> 37;
+    padded[123] = bytes >> 29;
+    padded[124] = bytes >> 21;
+    padded[125] = bytes >> 13;
+    padded[126] = bytes >> 5;
+    padded[127] = bytes << 3;
+    blocks(h,padded,128);
+  } else {
+    for (i = inlen + 1;i < 247;++i) padded[i] = 0;
+    padded[247] = bytes >> 61;
+    padded[248] = bytes >> 53;
+    padded[249] = bytes >> 45;
+    padded[250] = bytes >> 37;
+    padded[251] = bytes >> 29;
+    padded[252] = bytes >> 21;
+    padded[253] = bytes >> 13;
+    padded[254] = bytes >> 5;
+    padded[255] = bytes << 3;
+    blocks(h,padded,256);
+  }
+  for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c;
+  for (i = 32;i < 128;++i) padded[i] = 0x5c;
+  for (i = 0;i < 64;++i) padded[128 + i] = h[i];
+  for (i = 0;i < 64;++i) h[i] = iv[i];
+  for (i = 64;i < 128;++i) padded[128 + i] = 0;
+  padded[128 + 64] = 0x80;
+  padded[128 + 126] = 6;
+  blocks(h,padded,256);
+  for (i = 0;i < 32;++i) out[i] = h[i];
+  return 0;
+}
diff --git a/nacl/crypto_auth/hmacsha512256/ref/verify.c b/nacl/crypto_auth/hmacsha512256/ref/verify.c
new file mode 100644
index 00000000..96ff0ea8
--- /dev/null
+++ b/nacl/crypto_auth/hmacsha512256/ref/verify.c
@@ -0,0 +1,9 @@
+#include "crypto_verify_32.h"
+#include "crypto_auth.h"
+int crypto_auth_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k)
+{
+  unsigned char correct[32];
+  crypto_auth(correct,in,inlen,k);
+  return crypto_verify_32(h,correct);
+}
diff --git a/nacl/crypto_auth/hmacsha512256/selected b/nacl/crypto_auth/hmacsha512256/selected
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/crypto_auth/hmacsha512256/selected
diff --git a/nacl/crypto_auth/hmacsha512256/used b/nacl/crypto_auth/hmacsha512256/used
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/nacl/crypto_auth/hmacsha512256/used
diff --git a/nacl/crypto_auth/measure.c b/nacl/crypto_auth/measure.c
new file mode 100644
index 00000000..e5209903
--- /dev/null
+++ b/nacl/crypto_auth/measure.c
@@ -0,0 +1,69 @@
+#include "crypto_auth.h"
+#include "randombytes.h"
+#include "cpucycles.h"
+extern void printentry(long long,const char *,long long *,long long);
+extern unsigned char *alignedcalloc(unsigned long long);
+extern const char *primitiveimplementation;
+extern const char *implementationversion;
+extern const char *sizenames[];
+extern const long long sizes[];
+extern void allocate(void);
+extern void measure(void);
+const char *primitiveimplementation = crypto_auth_IMPLEMENTATION;
+const char *implementationversion = crypto_auth_VERSION;
+const char *sizenames[] = { "outputbytes", "keybytes", 0 };
+const long long sizes[] = { crypto_auth_BYTES, crypto_auth_KEYBYTES };
+#define MAXTEST_BYTES 4096
+#ifdef SUPERCOP
+#define MGAP 8192
+#else
+#define MGAP 8
+#endif
+static unsigned char *k;
+static unsigned char *m;
+static unsigned char *h;
+void preallocate(void)
+{
+}
+void allocate(void)
+{
+  k = alignedcalloc(crypto_auth_KEYBYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  h = alignedcalloc(crypto_auth_BYTES);
+}
+#define TIMINGS 15
+static long long cycles[TIMINGS + 1];
+void measure(void)
+{
+  int i;
+  int loop;
+  int mlen;
+  for (loop = 0;loop < LOOPS;++loop) {
+    for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) {
+      randombytes(k,crypto_auth_KEYBYTES);
+      randombytes(m,mlen);
+      randombytes(h,crypto_auth_BYTES);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+        crypto_auth(h,m,mlen,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"cycles",cycles,TIMINGS);
+      for (i = 0;i <= TIMINGS;++i) {
+        cycles[i] = cpucycles();
+        crypto_auth_verify(h,m,mlen,k);
+      }
+      for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
+      printentry(mlen,"verify_cycles",cycles,TIMINGS);
+    }
+  }
+}
diff --git a/nacl/crypto_auth/try.c b/nacl/crypto_auth/try.c
new file mode 100644
index 00000000..6f855dc9
--- /dev/null
+++ b/nacl/crypto_auth/try.c
@@ -0,0 +1,119 @@
+/*
+ * crypto_auth/try.c version 20090118
+ * D. J. Bernstein
+ * Public domain.
+ */
+#include "crypto_hash_sha256.h"
+#include "crypto_auth.h"
+extern unsigned char *alignedcalloc(unsigned long long);
+const char *primitiveimplementation = crypto_auth_IMPLEMENTATION;
+#define MAXTEST_BYTES 10000
+#define CHECKSUM_BYTES 4096
+#define TUNE_BYTES 1536
+static unsigned char *h;
+static unsigned char *m;
+static unsigned char *k;
+static unsigned char *h2;
+static unsigned char *m2;
+static unsigned char *k2;
+void preallocate(void)
+{
+}
+void allocate(void)
+{
+  h = alignedcalloc(crypto_auth_BYTES);
+  m = alignedcalloc(MAXTEST_BYTES);
+  k = alignedcalloc(crypto_auth_KEYBYTES);
+  h2 = alignedcalloc(crypto_auth_BYTES);
+  m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES);
+  k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES);
+}
+void predoit(void)
+{
+}
+void doit(void)
+{
+  crypto_auth(h,m,TUNE_BYTES,k);
+  crypto_auth_verify(h,m,TUNE_BYTES,k);
+}
+char checksum[crypto_auth_BYTES * 2 + 1];
+const char *checksum_compute(void)
+{
+  long long i;
+  long long j;
+  for (i = 0;i < CHECKSUM_BYTES;++i) {
+    long long mlen = i;
+    long long klen = crypto_auth_KEYBYTES;
+    long long hlen = crypto_auth_BYTES;
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+    if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
+    for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output";
+    for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output";
+    for (j = -16;j < 0;++j) h[j] = random();
+    for (j = -16;j < 0;++j) k[j] = random();
+    for (j = -16;j < 0;++j) m[j] = random();
+    for (j = hlen;j < hlen + 16;++j) h[j] = random();
+    for (j = klen;j < klen + 16;++j) k[j] = random();
+    for (j = mlen;j < mlen + 16;++j) m[j] = random();
+    for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
+    for (j = -16;j < klen + 16;++j) k2[j] = k[j];
+    for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
+    if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero";
+    for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap";
+    for (j = 0;j < hlen;++j) m2[j] = m[j];
+    if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero";
+    for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap";
+    for (j = 0;j < hlen;++j) k2[j] = k[j];
+    if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
+    for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h";
+    for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
+    for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
+    crypto_hash_sha256(h2,h,hlen);
+    for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
+    if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
+    if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
+    
+    crypto_hash_sha256(h2,h,hlen);
+    for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
+    m[mlen] = h2[0];
+  }
+  if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero";
+  if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero";
+  for (i = 0;i < crypto_auth_BYTES;++i) {
+    checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
+    checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
+  }
+  checksum[2 * i] = 0;
+  return 0;
+}
diff --git a/nacl/crypto_auth/wrapper-auth.cpp b/nacl/crypto_auth/wrapper-auth.cpp
new file mode 100644
index 00000000..2108aa31
--- /dev/null
+++ b/nacl/crypto_auth/wrapper-auth.cpp
@@ -0,0 +1,11 @@
+#include <string>
+using std::string;
+#include "crypto_auth.h"
+string crypto_auth(const string &m,const string &k)
+{
+  if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length";
+  unsigned char a[crypto_auth_BYTES];
+  crypto_auth(a,(const unsigned char *) m.c_str(),m.size(),(const unsigned char *) k.c_str());
+  return string((char *) a,crypto_auth_BYTES);
+}
diff --git a/nacl/crypto_auth/wrapper-verify.cpp b/nacl/crypto_auth/wrapper-verify.cpp
new file mode 100644
index 00000000..57e25a26
--- /dev/null
+++ b/nacl/crypto_auth/wrapper-verify.cpp
@@ -0,0 +1,14 @@
+#include <string>
+using std::string;
+#include "crypto_auth.h"
+void crypto_auth_verify(const string &a,const string &m,const string &k)
+{
+  if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length";
+  if (a.size() != crypto_auth_BYTES) throw "incorrect authenticator length";
+  if (crypto_auth_verify(
+       (const unsigned char *) a.c_str(),
+       (const unsigned char *) m.c_str(),m.size(),
+       (const unsigned char *) k.c_str()) == 0) return;
+  throw "invalid authenticator";
+}
author	irungentoo <irungentoo@gmail.com>	2013-07-02 09:53:34 -0400
committer	irungentoo <irungentoo@gmail.com>	2013-07-02 09:53:34 -0400
commit	e2967396ac73cb7410787886cdaf072a184ffc49 (patch)
tree	527a74d25a4a0705fc641994fd35bfab22662034 /nacl/crypto_auth
parent	8928c817df345f29aa0b194743595aa11bd6a8ba (diff)

diff --git a/nacl/crypto_auth/hmacsha256/checksum b/nacl/crypto_auth/hmacsha256/checksum new file mode 100644 index 00000000..2fa9604b --- /dev/null +++ b/nacl/crypto_auth/hmacsha256/checksum
@@ -0,0 +1 @@
		3bd7abd4f4dce04396f2ac7cb1cff70607f692411c49a1563b037d31e1662632


diff --git a/nacl/crypto_auth/hmacsha256/ref/api.h b/nacl/crypto_auth/hmacsha256/ref/api.h new file mode 100644 index 00000000..c224d9d5 --- /dev/null +++ b/nacl/crypto_auth/hmacsha256/ref/api.h
@@ -0,0 +1,2 @@
	1	#define CRYPTO_BYTES 32
	2	#define CRYPTO_KEYBYTES 32


diff --git a/nacl/crypto_auth/hmacsha256/ref/hmac.c b/nacl/crypto_auth/hmacsha256/ref/hmac.c new file mode 100644 index 00000000..8ab30bb4 --- /dev/null +++ b/nacl/crypto_auth/hmacsha256/ref/hmac.c
@@ -0,0 +1,83 @@
	1	/*
	2	* 20080913
	3	* D. J. Bernstein
	4	* Public domain.
	5	* */
	6
	7	#include "crypto_hashblocks_sha256.h"
	8	#include "crypto_auth.h"
	9
	10	#define blocks crypto_hashblocks_sha256
	11
	12	typedef unsigned int uint32;
	13
	14	static const char iv[32] = {
	15	0x6a,0x09,0xe6,0x67,
	16	0xbb,0x67,0xae,0x85,
	17	0x3c,0x6e,0xf3,0x72,
	18	0xa5,0x4f,0xf5,0x3a,
	19	0x51,0x0e,0x52,0x7f,
	20	0x9b,0x05,0x68,0x8c,
	21	0x1f,0x83,0xd9,0xab,
	22	0x5b,0xe0,0xcd,0x19,
	23	} ;
	24
	25	int crypto_auth(unsigned char out,const unsigned char in,unsigned long long inlen,const unsigned char *k)
	26	{
	27	unsigned char h[32];
	28	unsigned char padded[128];
	29	int i;
	30	unsigned long long bits = 512 + (inlen << 3);
	31
	32	for (i = 0;i < 32;++i) h[i] = iv[i];
	33
	34	for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36;
	35	for (i = 32;i < 64;++i) padded[i] = 0x36;
	36
	37	blocks(h,padded,64);
	38	blocks(h,in,inlen);
	39	in += inlen;
	40	inlen &= 63;
	41	in -= inlen;
	42
	43	for (i = 0;i < inlen;++i) padded[i] = in[i];
	44	padded[inlen] = 0x80;
	45
	46	if (inlen < 56) {
	47	for (i = inlen + 1;i < 56;++i) padded[i] = 0;
	48	padded[56] = bits >> 56;
	49	padded[57] = bits >> 48;
	50	padded[58] = bits >> 40;
	51	padded[59] = bits >> 32;
	52	padded[60] = bits >> 24;
	53	padded[61] = bits >> 16;
	54	padded[62] = bits >> 8;
	55	padded[63] = bits;
	56	blocks(h,padded,64);
	57	} else {
	58	for (i = inlen + 1;i < 120;++i) padded[i] = 0;
	59	padded[120] = bits >> 56;
	60	padded[121] = bits >> 48;
	61	padded[122] = bits >> 40;
	62	padded[123] = bits >> 32;
	63	padded[124] = bits >> 24;
	64	padded[125] = bits >> 16;
	65	padded[126] = bits >> 8;
	66	padded[127] = bits;
	67	blocks(h,padded,128);
	68	}
	69
	70	for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c;
	71	for (i = 32;i < 64;++i) padded[i] = 0x5c;
	72	for (i = 0;i < 32;++i) padded[64 + i] = h[i];
	73
	74	for (i = 0;i < 32;++i) out[i] = iv[i];
	75
	76	for (i = 32;i < 64;++i) padded[64 + i] = 0;
	77	padded[64 + 32] = 0x80;
	78	padded[64 + 62] = 3;
	79
	80	blocks(out,padded,128);
	81
	82	return 0;
	83	}


diff --git a/nacl/crypto_auth/hmacsha256/ref/verify.c b/nacl/crypto_auth/hmacsha256/ref/verify.c new file mode 100644 index 00000000..96ff0ea8 --- /dev/null +++ b/nacl/crypto_auth/hmacsha256/ref/verify.c
@@ -0,0 +1,9 @@
	1	#include "crypto_verify_32.h"
	2	#include "crypto_auth.h"
	3
	4	int crypto_auth_verify(const unsigned char h,const unsigned char in,unsigned long long inlen,const unsigned char *k)
	5	{
	6	unsigned char correct[32];
	7	crypto_auth(correct,in,inlen,k);
	8	return crypto_verify_32(h,correct);
	9	}


diff --git a/nacl/crypto_auth/hmacsha256/used b/nacl/crypto_auth/hmacsha256/used new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/nacl/crypto_auth/hmacsha256/used


diff --git a/nacl/crypto_auth/hmacsha512256/checksum b/nacl/crypto_auth/hmacsha512256/checksum new file mode 100644 index 00000000..1c037f2d --- /dev/null +++ b/nacl/crypto_auth/hmacsha512256/checksum
@@ -0,0 +1 @@
		2f5e8a6a0cac012d8d001351d7d583e69f91390df46305c3608e0c2893491886


diff --git a/nacl/crypto_auth/hmacsha512256/ref/api.h b/nacl/crypto_auth/hmacsha512256/ref/api.h new file mode 100644 index 00000000..c224d9d5 --- /dev/null +++ b/nacl/crypto_auth/hmacsha512256/ref/api.h
@@ -0,0 +1,2 @@
	1	#define CRYPTO_BYTES 32
	2	#define CRYPTO_KEYBYTES 32


diff --git a/nacl/crypto_auth/hmacsha512256/ref/hmac.c b/nacl/crypto_auth/hmacsha512256/ref/hmac.c new file mode 100644 index 00000000..56ebfa6b --- /dev/null +++ b/nacl/crypto_auth/hmacsha512256/ref/hmac.c
@@ -0,0 +1,86 @@
	1	/*
	2	* 20080913
	3	* D. J. Bernstein
	4	* Public domain.
	5	* */
	6
	7	#include "crypto_hashblocks_sha512.h"
	8	#include "crypto_auth.h"
	9
	10	#define blocks crypto_hashblocks_sha512
	11
	12	typedef unsigned long long uint64;
	13
	14	static const unsigned char iv[64] = {
	15	0x6a,0x09,0xe6,0x67,0xf3,0xbc,0xc9,0x08,
	16	0xbb,0x67,0xae,0x85,0x84,0xca,0xa7,0x3b,
	17	0x3c,0x6e,0xf3,0x72,0xfe,0x94,0xf8,0x2b,
	18	0xa5,0x4f,0xf5,0x3a,0x5f,0x1d,0x36,0xf1,
	19	0x51,0x0e,0x52,0x7f,0xad,0xe6,0x82,0xd1,
	20	0x9b,0x05,0x68,0x8c,0x2b,0x3e,0x6c,0x1f,
	21	0x1f,0x83,0xd9,0xab,0xfb,0x41,0xbd,0x6b,
	22	0x5b,0xe0,0xcd,0x19,0x13,0x7e,0x21,0x79
	23	} ;
	24
	25	int crypto_auth(unsigned char out,const unsigned char in,unsigned long long inlen,const unsigned char *k)
	26	{
	27	unsigned char h[64];
	28	unsigned char padded[256];
	29	int i;
	30	unsigned long long bytes = 128 + inlen;
	31
	32	for (i = 0;i < 64;++i) h[i] = iv[i];
	33
	34	for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x36;
	35	for (i = 32;i < 128;++i) padded[i] = 0x36;
	36
	37	blocks(h,padded,128);
	38	blocks(h,in,inlen);
	39	in += inlen;
	40	inlen &= 127;
	41	in -= inlen;
	42
	43	for (i = 0;i < inlen;++i) padded[i] = in[i];
	44	padded[inlen] = 0x80;
	45
	46	if (inlen < 112) {
	47	for (i = inlen + 1;i < 119;++i) padded[i] = 0;
	48	padded[119] = bytes >> 61;
	49	padded[120] = bytes >> 53;
	50	padded[121] = bytes >> 45;
	51	padded[122] = bytes >> 37;
	52	padded[123] = bytes >> 29;
	53	padded[124] = bytes >> 21;
	54	padded[125] = bytes >> 13;
	55	padded[126] = bytes >> 5;
	56	padded[127] = bytes << 3;
	57	blocks(h,padded,128);
	58	} else {
	59	for (i = inlen + 1;i < 247;++i) padded[i] = 0;
	60	padded[247] = bytes >> 61;
	61	padded[248] = bytes >> 53;
	62	padded[249] = bytes >> 45;
	63	padded[250] = bytes >> 37;
	64	padded[251] = bytes >> 29;
	65	padded[252] = bytes >> 21;
	66	padded[253] = bytes >> 13;
	67	padded[254] = bytes >> 5;
	68	padded[255] = bytes << 3;
	69	blocks(h,padded,256);
	70	}
	71
	72	for (i = 0;i < 32;++i) padded[i] = k[i] ^ 0x5c;
	73	for (i = 32;i < 128;++i) padded[i] = 0x5c;
	74
	75	for (i = 0;i < 64;++i) padded[128 + i] = h[i];
	76	for (i = 0;i < 64;++i) h[i] = iv[i];
	77
	78	for (i = 64;i < 128;++i) padded[128 + i] = 0;
	79	padded[128 + 64] = 0x80;
	80	padded[128 + 126] = 6;
	81
	82	blocks(h,padded,256);
	83	for (i = 0;i < 32;++i) out[i] = h[i];
	84
	85	return 0;
	86	}


diff --git a/nacl/crypto_auth/hmacsha512256/ref/verify.c b/nacl/crypto_auth/hmacsha512256/ref/verify.c new file mode 100644 index 00000000..96ff0ea8 --- /dev/null +++ b/nacl/crypto_auth/hmacsha512256/ref/verify.c
@@ -0,0 +1,9 @@
	1	#include "crypto_verify_32.h"
	2	#include "crypto_auth.h"
	3
	4	int crypto_auth_verify(const unsigned char h,const unsigned char in,unsigned long long inlen,const unsigned char *k)
	5	{
	6	unsigned char correct[32];
	7	crypto_auth(correct,in,inlen,k);
	8	return crypto_verify_32(h,correct);
	9	}


diff --git a/nacl/crypto_auth/hmacsha512256/selected b/nacl/crypto_auth/hmacsha512256/selected new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/nacl/crypto_auth/hmacsha512256/selected


diff --git a/nacl/crypto_auth/hmacsha512256/used b/nacl/crypto_auth/hmacsha512256/used new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/nacl/crypto_auth/hmacsha512256/used


diff --git a/nacl/crypto_auth/measure.c b/nacl/crypto_auth/measure.c new file mode 100644 index 00000000..e5209903 --- /dev/null +++ b/nacl/crypto_auth/measure.c
@@ -0,0 +1,69 @@
	1	#include "crypto_auth.h"
	2	#include "randombytes.h"
	3	#include "cpucycles.h"
	4
	5	extern void printentry(long long,const char ,long long ,long long);
	6	extern unsigned char *alignedcalloc(unsigned long long);
	7	extern const char *primitiveimplementation;
	8	extern const char *implementationversion;
	9	extern const char *sizenames[];
	10	extern const long long sizes[];
	11	extern void allocate(void);
	12	extern void measure(void);
	13
	14	const char *primitiveimplementation = crypto_auth_IMPLEMENTATION;
	15	const char *implementationversion = crypto_auth_VERSION;
	16	const char *sizenames[] = { "outputbytes", "keybytes", 0 };
	17	const long long sizes[] = { crypto_auth_BYTES, crypto_auth_KEYBYTES };
	18
	19	#define MAXTEST_BYTES 4096
	20	#ifdef SUPERCOP
	21	#define MGAP 8192
	22	#else
	23	#define MGAP 8
	24	#endif
	25
	26	static unsigned char *k;
	27	static unsigned char *m;
	28	static unsigned char *h;
	29
	30	void preallocate(void)
	31	{
	32	}
	33
	34	void allocate(void)
	35	{
	36	k = alignedcalloc(crypto_auth_KEYBYTES);
	37	m = alignedcalloc(MAXTEST_BYTES);
	38	h = alignedcalloc(crypto_auth_BYTES);
	39	}
	40
	41	#define TIMINGS 15
	42	static long long cycles[TIMINGS + 1];
	43
	44	void measure(void)
	45	{
	46	int i;
	47	int loop;
	48	int mlen;
	49
	50	for (loop = 0;loop < LOOPS;++loop) {
	51	for (mlen = 0;mlen <= MAXTEST_BYTES;mlen += 1 + mlen / MGAP) {
	52	randombytes(k,crypto_auth_KEYBYTES);
	53	randombytes(m,mlen);
	54	randombytes(h,crypto_auth_BYTES);
	55	for (i = 0;i <= TIMINGS;++i) {
	56	cycles[i] = cpucycles();
	57	crypto_auth(h,m,mlen,k);
	58	}
	59	for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
	60	printentry(mlen,"cycles",cycles,TIMINGS);
	61	for (i = 0;i <= TIMINGS;++i) {
	62	cycles[i] = cpucycles();
	63	crypto_auth_verify(h,m,mlen,k);
	64	}
	65	for (i = 0;i < TIMINGS;++i) cycles[i] = cycles[i + 1] - cycles[i];
	66	printentry(mlen,"verify_cycles",cycles,TIMINGS);
	67	}
	68	}
	69	}


diff --git a/nacl/crypto_auth/try.c b/nacl/crypto_auth/try.c new file mode 100644 index 00000000..6f855dc9 --- /dev/null +++ b/nacl/crypto_auth/try.c
@@ -0,0 +1,119 @@
	1	/*
	2	* crypto_auth/try.c version 20090118
	3	* D. J. Bernstein
	4	* Public domain.
	5	*/
	6
	7	#include "crypto_hash_sha256.h"
	8	#include "crypto_auth.h"
	9
	10	extern unsigned char *alignedcalloc(unsigned long long);
	11
	12	const char *primitiveimplementation = crypto_auth_IMPLEMENTATION;
	13
	14	#define MAXTEST_BYTES 10000
	15	#define CHECKSUM_BYTES 4096
	16	#define TUNE_BYTES 1536
	17
	18	static unsigned char *h;
	19	static unsigned char *m;
	20	static unsigned char *k;
	21	static unsigned char *h2;
	22	static unsigned char *m2;
	23	static unsigned char *k2;
	24
	25	void preallocate(void)
	26	{
	27	}
	28
	29	void allocate(void)
	30	{
	31	h = alignedcalloc(crypto_auth_BYTES);
	32	m = alignedcalloc(MAXTEST_BYTES);
	33	k = alignedcalloc(crypto_auth_KEYBYTES);
	34	h2 = alignedcalloc(crypto_auth_BYTES);
	35	m2 = alignedcalloc(MAXTEST_BYTES + crypto_auth_BYTES);
	36	k2 = alignedcalloc(crypto_auth_KEYBYTES + crypto_auth_BYTES);
	37	}
	38
	39	void predoit(void)
	40	{
	41	}
	42
	43	void doit(void)
	44	{
	45	crypto_auth(h,m,TUNE_BYTES,k);
	46	crypto_auth_verify(h,m,TUNE_BYTES,k);
	47	}
	48
	49	char checksum[crypto_auth_BYTES * 2 + 1];
	50
	51	const char *checksum_compute(void)
	52	{
	53	long long i;
	54	long long j;
	55
	56	for (i = 0;i < CHECKSUM_BYTES;++i) {
	57	long long mlen = i;
	58	long long klen = crypto_auth_KEYBYTES;
	59	long long hlen = crypto_auth_BYTES;
	60
	61	for (j = -16;j < 0;++j) h[j] = random();
	62	for (j = -16;j < 0;++j) k[j] = random();
	63	for (j = -16;j < 0;++j) m[j] = random();
	64	for (j = hlen;j < hlen + 16;++j) h[j] = random();
	65	for (j = klen;j < klen + 16;++j) k[j] = random();
	66	for (j = mlen;j < mlen + 16;++j) m[j] = random();
	67	for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
	68	for (j = -16;j < klen + 16;++j) k2[j] = k[j];
	69	for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
	70
	71	if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
	72
	73	for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
	74	for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
	75	for (j = -16;j < 0;++j) if (h[j] != h2[j]) return "crypto_auth writes before output";
	76	for (j = hlen;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth writes after output";
	77
	78	for (j = -16;j < 0;++j) h[j] = random();
	79	for (j = -16;j < 0;++j) k[j] = random();
	80	for (j = -16;j < 0;++j) m[j] = random();
	81	for (j = hlen;j < hlen + 16;++j) h[j] = random();
	82	for (j = klen;j < klen + 16;++j) k[j] = random();
	83	for (j = mlen;j < mlen + 16;++j) m[j] = random();
	84	for (j = -16;j < hlen + 16;++j) h2[j] = h[j];
	85	for (j = -16;j < klen + 16;++j) k2[j] = k[j];
	86	for (j = -16;j < mlen + 16;++j) m2[j] = m[j];
	87
	88	if (crypto_auth(m2,m2,mlen,k) != 0) return "crypto_auth returns nonzero";
	89	for (j = 0;j < hlen;++j) if (m2[j] != h[j]) return "crypto_auth does not handle m overlap";
	90	for (j = 0;j < hlen;++j) m2[j] = m[j];
	91	if (crypto_auth(k2,m2,mlen,k2) != 0) return "crypto_auth returns nonzero";
	92	for (j = 0;j < hlen;++j) if (k2[j] != h[j]) return "crypto_auth does not handle k overlap";
	93	for (j = 0;j < hlen;++j) k2[j] = k[j];
	94
	95	if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
	96
	97	for (j = -16;j < hlen + 16;++j) if (h[j] != h2[j]) return "crypto_auth overwrites h";
	98	for (j = -16;j < klen + 16;++j) if (k[j] != k2[j]) return "crypto_auth overwrites k";
	99	for (j = -16;j < mlen + 16;++j) if (m[j] != m2[j]) return "crypto_auth overwrites m";
	100
	101	crypto_hash_sha256(h2,h,hlen);
	102	for (j = 0;j < klen;++j) k[j] ^= h2[j % 32];
	103	if (crypto_auth(h,m,mlen,k) != 0) return "crypto_auth returns nonzero";
	104	if (crypto_auth_verify(h,m,mlen,k) != 0) return "crypto_auth_verify returns nonzero";
	105
	106	crypto_hash_sha256(h2,h,hlen);
	107	for (j = 0;j < mlen;++j) m[j] ^= h2[j % 32];
	108	m[mlen] = h2[0];
	109	}
	110	if (crypto_auth(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth returns nonzero";
	111	if (crypto_auth_verify(h,m,CHECKSUM_BYTES,k) != 0) return "crypto_auth_verify returns nonzero";
	112
	113	for (i = 0;i < crypto_auth_BYTES;++i) {
	114	checksum[2 * i] = "0123456789abcdef"[15 & (h[i] >> 4)];
	115	checksum[2 * i + 1] = "0123456789abcdef"[15 & h[i]];
	116	}
	117	checksum[2 * i] = 0;
	118	return 0;
	119	}


diff --git a/nacl/crypto_auth/wrapper-auth.cpp b/nacl/crypto_auth/wrapper-auth.cpp new file mode 100644 index 00000000..2108aa31 --- /dev/null +++ b/nacl/crypto_auth/wrapper-auth.cpp
@@ -0,0 +1,11 @@
	1	#include <string>
	2	using std::string;
	3	#include "crypto_auth.h"
	4
	5	string crypto_auth(const string &m,const string &k)
	6	{
	7	if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length";
	8	unsigned char a[crypto_auth_BYTES];
	9	crypto_auth(a,(const unsigned char ) m.c_str(),m.size(),(const unsigned char ) k.c_str());
	10	return string((char *) a,crypto_auth_BYTES);
	11	}


diff --git a/nacl/crypto_auth/wrapper-verify.cpp b/nacl/crypto_auth/wrapper-verify.cpp new file mode 100644 index 00000000..57e25a26 --- /dev/null +++ b/nacl/crypto_auth/wrapper-verify.cpp
@@ -0,0 +1,14 @@
	1	#include <string>
	2	using std::string;
	3	#include "crypto_auth.h"
	4
	5	void crypto_auth_verify(const string &a,const string &m,const string &k)
	6	{
	7	if (k.size() != crypto_auth_KEYBYTES) throw "incorrect key length";
	8	if (a.size() != crypto_auth_BYTES) throw "incorrect authenticator length";
	9	if (crypto_auth_verify(
	10	(const unsigned char *) a.c_str(),
	11	(const unsigned char *) m.c_str(),m.size(),
	12	(const unsigned char *) k.c_str()) == 0) return;
	13	throw "invalid authenticator";
	14	}