diff options
author | Dubslow <bunslow@gmail.com> | 2014-09-09 12:23:09 -0500 |
---|---|---|
committer | Dubslow <bunslow@gmail.com> | 2014-09-09 12:23:09 -0500 |
commit | 7eb7e68805aa795dcb6dbd1a35113ce703e24267 (patch) | |
tree | 4a8753004403e48d42a7924ad1933a7dfe2e9003 /toxcore/tox.c | |
parent | 46e03c4c2beaf01ec5a6bc090b80fae7bf1da2a0 (diff) |
compiling against nacl seems to break VANILLA_NACL...
Diffstat (limited to 'toxcore/tox.c')
-rw-r--r-- | toxcore/tox.c | 116 |
1 files changed, 0 insertions, 116 deletions
diff --git a/toxcore/tox.c b/toxcore/tox.c index 12145a09..b2aadd39 100644 --- a/toxcore/tox.c +++ b/toxcore/tox.c | |||
@@ -928,119 +928,3 @@ int tox_load(Tox *tox, const uint8_t *data, uint32_t length) | |||
928 | Messenger *m = tox; | 928 | Messenger *m = tox; |
929 | return messenger_load(m, data, length); | 929 | return messenger_load(m, data, length); |
930 | } | 930 | } |
931 | |||
932 | #ifndef VANILLA_NACL | ||
933 | /* Only sodium has the necessary functions for this | ||
934 | * Clients should consider alerting their users that, unlike plain data, if even one bit | ||
935 | * becomes corrupted, the data will be entirely unrecoverable. | ||
936 | * Ditto if they forget their password, there is no way to recover the data. | ||
937 | */ | ||
938 | |||
939 | /* return size of the messenger data (for encrypted saving). */ | ||
940 | uint32_t tox_encrypted_size(const Tox *tox) | ||
941 | { | ||
942 | return tox_size(tox) + crypto_box_MACBYTES + crypto_box_NONCEBYTES | ||
943 | + crypto_pwhash_scryptsalsa208sha256_SALTBYTES; | ||
944 | } | ||
945 | |||
946 | /* Save the messenger data encrypted with the given password. | ||
947 | * data must be at least tox_encrypted_size(). | ||
948 | * | ||
949 | * returns 0 on success | ||
950 | * returns -1 on failure | ||
951 | */ | ||
952 | int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint32_t pplength) | ||
953 | { | ||
954 | if (pplength == 0) | ||
955 | return -1; | ||
956 | |||
957 | /* First derive a key from the password */ | ||
958 | /* http://doc.libsodium.org/key_derivation/README.html */ | ||
959 | /* note that, according to the documentation, a generic pwhash interface will be created | ||
960 | * once the pwhash competition (https://password-hashing.net/) is over */ | ||
961 | uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; | ||
962 | uint8_t key[crypto_box_KEYBYTES]; | ||
963 | randombytes_buf(salt, sizeof salt); | ||
964 | |||
965 | if (crypto_pwhash_scryptsalsa208sha256( | ||
966 | key, sizeof(key), passphrase, pplength, salt, | ||
967 | crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */ | ||
968 | crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) | ||
969 | { /* out of memory most likely */ | ||
970 | return -1; | ||
971 | } | ||
972 | sodium_memzero(passphrase, pplength); /* wipe plaintext pw */ | ||
973 | |||
974 | /* next get plain save data */ | ||
975 | uint32_t temp_size = tox_size(tox); | ||
976 | uint8_t temp_data[temp_size]; | ||
977 | tox_save(tox, temp_data); | ||
978 | |||
979 | /* now encrypt. | ||
980 | * the output data consists of, in order: | ||
981 | * salt, nonce, mac, enc_data | ||
982 | * where the mac is automatically prepended by the encrypt() | ||
983 | * the salt+nonce is called the prefix | ||
984 | * I'm not sure what else I'm supposed to do with the salt and nonce, since we | ||
985 | * need them to decrypt the data | ||
986 | */ | ||
987 | uint32_t prefix_size = crypto_box_NONCEBYTES+crypto_pwhash_scryptsalsa208sha256_SALTBYTES; | ||
988 | |||
989 | uint8_t nonce[crypto_box_NONCEBYTES]; | ||
990 | random_nonce(nonce); | ||
991 | |||
992 | if (encrypt_data_symmetric(key, nonce, temp_data, temp_size, data + prefix_size) | ||
993 | != temp_size + crypto_box_MACBYTES) | ||
994 | { | ||
995 | return -1; | ||
996 | } | ||
997 | |||
998 | /* add the prefix */ | ||
999 | memcpy(data, salt, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); | ||
1000 | memcpy(data + crypto_pwhash_scryptsalsa208sha256_SALTBYTES, nonce, crypto_box_NONCEBYTES); | ||
1001 | |||
1002 | return 0; | ||
1003 | } | ||
1004 | |||
1005 | /* Load the messenger from encrypted data of size length. | ||
1006 | * | ||
1007 | * returns 0 on success | ||
1008 | * returns -1 on failure | ||
1009 | */ | ||
1010 | int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength) | ||
1011 | { | ||
1012 | if (length <= crypto_box_MACBYTES + crypto_box_NONCEBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES) | ||
1013 | return -1; | ||
1014 | |||
1015 | uint32_t decrypt_length = length - crypto_box_MACBYTES - crypto_box_NONCEBYTES | ||
1016 | - crypto_pwhash_scryptsalsa208sha256_SALTBYTES; | ||
1017 | uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; | ||
1018 | uint8_t nonce[crypto_box_NONCEBYTES]; | ||
1019 | |||
1020 | memcpy(salt, data, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); | ||
1021 | memcpy(nonce, data + crypto_pwhash_scryptsalsa208sha256_SALTBYTES, crypto_box_NONCEBYTES); | ||
1022 | |||
1023 | /* derive the key */ | ||
1024 | uint8_t key[crypto_box_KEYBYTES]; | ||
1025 | if (crypto_pwhash_scryptsalsa208sha256( | ||
1026 | key, sizeof(key), passphrase, pplength, salt, | ||
1027 | crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */ | ||
1028 | crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) | ||
1029 | { /* out of memory most likely */ | ||
1030 | return -1; | ||
1031 | } | ||
1032 | sodium_memzero(passphrase, pplength); /* wipe plaintext pw */ | ||
1033 | |||
1034 | /* decrypt the data */ | ||
1035 | uint8_t temp_data[decrypt_length]; | ||
1036 | if (decrypt_data_symmetric(key, nonce, data+crypto_pwhash_scryptsalsa208sha256_SALTBYTES+crypto_box_NONCEBYTES, | ||
1037 | decrypt_length + crypto_box_MACBYTES, temp_data) | ||
1038 | != decrypt_length) | ||
1039 | { | ||
1040 | return -1; | ||
1041 | } | ||
1042 | |||
1043 | return tox_load(tox, temp_data, decrypt_length); | ||
1044 | } | ||
1045 | |||
1046 | #endif /* #ifndef VANILLA_NACL */ | ||