Properly ported a toxencryptsave function to NaCl.

removed now useless files.
author: irungentoo <irungentoo@gmail.com> 2014-09-13 23:08:16 -0400
committer: irungentoo <irungentoo@gmail.com> 2014-09-13 23:08:16 -0400
commit: 331efce602661e002c33199baa75ee767bbd802f (patch)
tree: a0ce044ac1c5ac643b367d23288453715031fe16 /toxencryptsave/crypto_pwhash_scryptsalsa208sha256
parent: cbb526e83fcb0a1dd73228c8765ef29491caff2a (diff)
5 files changed, 19 insertions, 554 deletions
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h
deleted file mode 100644
index 994c0942..00000000
--- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h
+++ /dev/null
@@ -1,65 +0,0 @@
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
-#ifndef crypto_auth_hmacsha256_H
-#define crypto_auth_hmacsha256_H
-#include <stddef.h>
-#include "crypto_hash_sha256.h"
-#include "export.h"
-#ifdef __cplusplus
-# if __GNUC__
-#  pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-typedef struct crypto_auth_hmacsha256_state {
-    crypto_hash_sha256_state ictx;
-    crypto_hash_sha256_state octx;
-} crypto_auth_hmacsha256_state;
-#define crypto_auth_hmacsha256_BYTES 32U
-SODIUM_EXPORT
-size_t crypto_auth_hmacsha256_bytes(void);
-#define crypto_auth_hmacsha256_KEYBYTES 32U
-SODIUM_EXPORT
-size_t crypto_auth_hmacsha256_keybytes(void);
-SODIUM_EXPORT
-int crypto_auth_hmacsha256(unsigned char *out,
-                           const unsigned char *in,
-                           unsigned long long inlen,
-                           const unsigned char *k);
-SODIUM_EXPORT
-int crypto_auth_hmacsha256_verify(const unsigned char *h,
-                                  const unsigned char *in,
-                                  unsigned long long inlen,
-                                  const unsigned char *k);
-SODIUM_EXPORT
-int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
-                                const unsigned char *key,
-                                size_t keylen);
-SODIUM_EXPORT
-int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
-                                  const unsigned char *in,
-                                  unsigned long long inlen);
-SODIUM_EXPORT
-int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
-                                 unsigned char *out);
-#ifdef __cplusplus
-}
-#endif
-#endif
-#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h
deleted file mode 100644
index cc6e3df1..00000000
--- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h
+++ /dev/null
@@ -1,61 +0,0 @@
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
-#ifndef crypto_hash_sha256_H
-#define crypto_hash_sha256_H
-/*
- * WARNING: Unless you absolutely need to use SHA256 for interoperatibility,
- * purposes, you might want to consider crypto_generichash() instead.
- * Unlike SHA256, crypto_generichash() is not vulnerable to length
- * extension attacks.
- */
-#include <stddef.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include "export.h"
-#ifdef __cplusplus
-# if __GNUC__
-#  pragma GCC diagnostic ignored "-Wlong-long"
-# endif
-extern "C" {
-#endif
-typedef struct crypto_hash_sha256_state {
-    uint32_t      state[8];
-    uint32_t      count[2];
-    unsigned char buf[64];
-} crypto_hash_sha256_state;
-#define crypto_hash_sha256_BYTES 32U
-SODIUM_EXPORT
-size_t crypto_hash_sha256_bytes(void);
-SODIUM_EXPORT
-int crypto_hash_sha256(unsigned char *out, const unsigned char *in,
-                       unsigned long long inlen);
-SODIUM_EXPORT
-int crypto_hash_sha256_init(crypto_hash_sha256_state *state);
-SODIUM_EXPORT
-int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
-                              const unsigned char *in,
-                              unsigned long long inlen);
-SODIUM_EXPORT
-int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
-                             unsigned char *out);
-#ifdef __cplusplus
-}
-#endif
-#endif
-#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c
deleted file mode 100644
index 2fddc126..00000000
--- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c
+++ /dev/null
@@ -1,300 +0,0 @@
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
-/*-
- * Copyright 2005,2007,2009 Colin Percival
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-//#include "api.h"
-#include "crypto_hash_sha256.h"
-#include "utils.h"
-#include <sys/types.h>
-#include <limits.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-/* Avoid namespace collisions with BSD <sys/endian.h>. */
-#define be32dec _sha256_be32dec
-#define be32enc _sha256_be32enc
-static inline uint32_t
-be32dec(const void *pp)
-{
-    const uint8_t *p = (uint8_t const *)pp;
-    return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) +
-            ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24));
-}
-static inline void
-be32enc(void *pp, uint32_t x)
-{
-    uint8_t * p = (uint8_t *)pp;
-    p[3] = x & 0xff;
-    p[2] = (x >> 8) & 0xff;
-    p[1] = (x >> 16) & 0xff;
-    p[0] = (x >> 24) & 0xff;
-}
-static void
-be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len)
-{
-    size_t i;
-    for (i = 0; i < len / 4; i++) {
-        be32enc(dst + i * 4, src[i]);
-    }
-}
-static void
-be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len)
-{
-    size_t i;
-    for (i = 0; i < len / 4; i++) {
-        dst[i] = be32dec(src + i * 4);
-    }
-}
-#define Ch(x, y, z)     ((x & (y ^ z)) ^ z)
-#define Maj(x, y, z)    ((x & (y | z)) | (y & z))
-#define SHR(x, n)       (x >> n)
-#define ROTR(x, n)      ((x >> n) | (x << (32 - n)))
-#define S0(x)           (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
-#define S1(x)           (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
-#define s0(x)           (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
-#define s1(x)           (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
-#define RND(a, b, c, d, e, f, g, h, k)              \
-    t0 = h + S1(e) + Ch(e, f, g) + k;               \
-    t1 = S0(a) + Maj(a, b, c);                      \
-    d += t0;                                        \
-    h  = t0 + t1;
-#define RNDr(S, W, i, k)                    \
-    RND(S[(64 - i) % 8], S[(65 - i) % 8],   \
-        S[(66 - i) % 8], S[(67 - i) % 8],   \
-        S[(68 - i) % 8], S[(69 - i) % 8],   \
-        S[(70 - i) % 8], S[(71 - i) % 8],   \
-        W[i] + k)
-static void
-SHA256_Transform(uint32_t *state, const unsigned char block[64])
-{
-    uint32_t W[64];
-    uint32_t S[8];
-    uint32_t t0, t1;
-    int i;
-    be32dec_vect(W, block, 64);
-    for (i = 16; i < 64; i++) {
-        W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16];
-    }
-    memcpy(S, state, 32);
-    RNDr(S, W, 0, 0x428a2f98);
-    RNDr(S, W, 1, 0x71374491);
-    RNDr(S, W, 2, 0xb5c0fbcf);
-    RNDr(S, W, 3, 0xe9b5dba5);
-    RNDr(S, W, 4, 0x3956c25b);
-    RNDr(S, W, 5, 0x59f111f1);
-    RNDr(S, W, 6, 0x923f82a4);
-    RNDr(S, W, 7, 0xab1c5ed5);
-    RNDr(S, W, 8, 0xd807aa98);
-    RNDr(S, W, 9, 0x12835b01);
-    RNDr(S, W, 10, 0x243185be);
-    RNDr(S, W, 11, 0x550c7dc3);
-    RNDr(S, W, 12, 0x72be5d74);
-    RNDr(S, W, 13, 0x80deb1fe);
-    RNDr(S, W, 14, 0x9bdc06a7);
-    RNDr(S, W, 15, 0xc19bf174);
-    RNDr(S, W, 16, 0xe49b69c1);
-    RNDr(S, W, 17, 0xefbe4786);
-    RNDr(S, W, 18, 0x0fc19dc6);
-    RNDr(S, W, 19, 0x240ca1cc);
-    RNDr(S, W, 20, 0x2de92c6f);
-    RNDr(S, W, 21, 0x4a7484aa);
-    RNDr(S, W, 22, 0x5cb0a9dc);
-    RNDr(S, W, 23, 0x76f988da);
-    RNDr(S, W, 24, 0x983e5152);
-    RNDr(S, W, 25, 0xa831c66d);
-    RNDr(S, W, 26, 0xb00327c8);
-    RNDr(S, W, 27, 0xbf597fc7);
-    RNDr(S, W, 28, 0xc6e00bf3);
-    RNDr(S, W, 29, 0xd5a79147);
-    RNDr(S, W, 30, 0x06ca6351);
-    RNDr(S, W, 31, 0x14292967);
-    RNDr(S, W, 32, 0x27b70a85);
-    RNDr(S, W, 33, 0x2e1b2138);
-    RNDr(S, W, 34, 0x4d2c6dfc);
-    RNDr(S, W, 35, 0x53380d13);
-    RNDr(S, W, 36, 0x650a7354);
-    RNDr(S, W, 37, 0x766a0abb);
-    RNDr(S, W, 38, 0x81c2c92e);
-    RNDr(S, W, 39, 0x92722c85);
-    RNDr(S, W, 40, 0xa2bfe8a1);
-    RNDr(S, W, 41, 0xa81a664b);
-    RNDr(S, W, 42, 0xc24b8b70);
-    RNDr(S, W, 43, 0xc76c51a3);
-    RNDr(S, W, 44, 0xd192e819);
-    RNDr(S, W, 45, 0xd6990624);
-    RNDr(S, W, 46, 0xf40e3585);
-    RNDr(S, W, 47, 0x106aa070);
-    RNDr(S, W, 48, 0x19a4c116);
-    RNDr(S, W, 49, 0x1e376c08);
-    RNDr(S, W, 50, 0x2748774c);
-    RNDr(S, W, 51, 0x34b0bcb5);
-    RNDr(S, W, 52, 0x391c0cb3);
-    RNDr(S, W, 53, 0x4ed8aa4a);
-    RNDr(S, W, 54, 0x5b9cca4f);
-    RNDr(S, W, 55, 0x682e6ff3);
-    RNDr(S, W, 56, 0x748f82ee);
-    RNDr(S, W, 57, 0x78a5636f);
-    RNDr(S, W, 58, 0x84c87814);
-    RNDr(S, W, 59, 0x8cc70208);
-    RNDr(S, W, 60, 0x90befffa);
-    RNDr(S, W, 61, 0xa4506ceb);
-    RNDr(S, W, 62, 0xbef9a3f7);
-    RNDr(S, W, 63, 0xc67178f2);
-    for (i = 0; i < 8; i++) {
-        state[i] += S[i];
-    }
-    sodium_memzero((void *) W, sizeof W);
-    sodium_memzero((void *) S, sizeof S);
-    sodium_memzero((void *) &t0, sizeof t0);
-    sodium_memzero((void *) &t1, sizeof t1);
-}
-static unsigned char PAD[64] = {
-    0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
-    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
-};
-static void
-SHA256_Pad(crypto_hash_sha256_state *state)
-{
-    unsigned char len[8];
-    uint32_t r, plen;
-    be32enc_vect(len, state->count, 8);
-    r = (state->count[1] >> 3) & 0x3f;
-    plen = (r < 56) ? (56 - r) : (120 - r);
-    crypto_hash_sha256_update(state, PAD, (unsigned long long) plen);
-    crypto_hash_sha256_update(state, len, 8);
-}
-int
-crypto_hash_sha256_init(crypto_hash_sha256_state *state)
-{
-    state->count[0] = state->count[1] = 0;
-    state->state[0] = 0x6A09E667;
-    state->state[1] = 0xBB67AE85;
-    state->state[2] = 0x3C6EF372;
-    state->state[3] = 0xA54FF53A;
-    state->state[4] = 0x510E527F;
-    state->state[5] = 0x9B05688C;
-    state->state[6] = 0x1F83D9AB;
-    state->state[7] = 0x5BE0CD19;
-    return 0;
-}
-int
-crypto_hash_sha256_update(crypto_hash_sha256_state *state,
-                          const unsigned char *in,
-                          unsigned long long inlen)
-{
-    uint32_t bitlen[2];
-    uint32_t r;
-    r = (state->count[1] >> 3) & 0x3f;
-    bitlen[1] = ((uint32_t)inlen) << 3;
-    bitlen[0] = (uint32_t)(inlen >> 29);
-    if ((state->count[1] += bitlen[1]) < bitlen[1]) {
-        state->count[0]++;
-    }
-    state->count[0] += bitlen[0];
-    if (inlen < 64 - r) {
-        memcpy(&state->buf[r], in, inlen);
-        return 0;
-    }
-    memcpy(&state->buf[r], in, 64 - r);
-    SHA256_Transform(state->state, state->buf);
-    in += 64 - r;
-    inlen -= 64 - r;
-    while (inlen >= 64) {
-        SHA256_Transform(state->state, in);
-        in += 64;
-        inlen -= 64;
-    }
-    memcpy(state->buf, in, inlen);
-    return 0;
-}
-int
-crypto_hash_sha256_final(crypto_hash_sha256_state *state,
-                         unsigned char *out)
-{
-    SHA256_Pad(state);
-    be32enc_vect(out, state->state, 32);
-    sodium_memzero((void *) state, sizeof *state);
-    return 0;
-}
-int
-crypto_hash(unsigned char *out, const unsigned char *in,
-            unsigned long long inlen)
-{
-    crypto_hash_sha256_state state;
-    crypto_hash_sha256_init(&state);
-    crypto_hash_sha256_update(&state, in, inlen);
-    crypto_hash_sha256_final(&state, out);
-    return 0;
-}
-#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c
deleted file mode 100644
index 2a268075..00000000
--- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c
+++ /dev/null
@@ -1,115 +0,0 @@
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-#ifdef  VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
-/*-
- * Copyright 2005,2007,2009 Colin Percival
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- */
-//#include "api.h"
-#include "crypto_auth_hmacsha256.h"
-#include "crypto_hash_sha256.h"
-#include "utils.h"
-#include <sys/types.h>
-#include <stdint.h>
-#include <string.h>
-int
-crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
-                            const unsigned char *key,
-                            size_t keylen)
-{
-    unsigned char pad[64];
-    unsigned char khash[32];
-    size_t        i;
-    if (keylen > 64) {
-        crypto_hash_sha256_init(&state->ictx);
-        crypto_hash_sha256_update(&state->ictx, key, keylen);
-        crypto_hash_sha256_final(&state->ictx, khash);
-        key = khash;
-        keylen = 32;
-    }
-    crypto_hash_sha256_init(&state->ictx);
-    memset(pad, 0x36, 64);
-    for (i = 0; i < keylen; i++) {
-        pad[i] ^= key[i];
-    }
-    crypto_hash_sha256_update(&state->ictx, pad, 64);
-    crypto_hash_sha256_init(&state->octx);
-    memset(pad, 0x5c, 64);
-    for (i = 0; i < keylen; i++) {
-        pad[i] ^= key[i];
-    }
-    crypto_hash_sha256_update(&state->octx, pad, 64);
-    sodium_memzero((void *) khash, sizeof khash);
-    return 0;
-}
-int
-crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
-                              const unsigned char *in,
-                              unsigned long long inlen)
-{
-    crypto_hash_sha256_update(&state->ictx, in, inlen);
-    return 0;
-}
-int
-crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
-                             unsigned char *out)
-{
-    unsigned char ihash[32];
-    crypto_hash_sha256_final(&state->ictx, ihash);
-    crypto_hash_sha256_update(&state->octx, ihash, 32);
-    crypto_hash_sha256_final(&state->octx, out);
-    sodium_memzero((void *) ihash, sizeof ihash);
-    return 0;
-}
-int
-crypto_auth(unsigned char *out, const unsigned char *in,
-            unsigned long long inlen, const unsigned char *k)
-{
-    crypto_auth_hmacsha256_state state;
-    crypto_auth_hmacsha256_init(&state, k, crypto_auth_hmacsha256_KEYBYTES);
-    crypto_auth_hmacsha256_update(&state, in, inlen);
-    crypto_auth_hmacsha256_final(&state, out);
-    return 0;
-}
-#endif
diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c
index 01eb7dff..3dfe54db 100644
--- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c
+++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c
@@ -35,7 +35,9 @@
 #include <stdlib.h>
 #include <string.h>
-#include "crypto_auth_hmacsha256.h"
+#include <crypto_hash_sha256.h>
+#include <crypto_auth_hmacsha256.h>
 #include "pbkdf2-sha256.h"
 #include "sysendian.h"
 #include "utils.h"
@@ -49,30 +51,34 @@ void
 PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
              size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen)
 {
-        crypto_auth_hmacsha256_state PShctx, hctx;
+        uint8_t         key[32] = {0};
        size_t          i;
-        uint8_t         ivec[4];
+        uint8_t         salt_and_ivec[saltlen + 4];
        uint8_t         U[32];
        uint8_t         T[32];
        uint64_t        j;
        int             k;
        size_t          clen;
-    crypto_auth_hmacsha256_init(&PShctx, passwd, passwdlen);
+    if (passwdlen > 32) {
-    crypto_auth_hmacsha256_update(&PShctx, salt, saltlen);
+        /* For some reason libsodium allows 64byte keys meaning keys 
+         * between 32byte and 64bytes are not compatible with libsodium. 
+           toxencryptsave should only give 32byte passwds so this isn't an issue here.*/
+        crypto_hash_sha256(key, passwd, passwdlen);
+    } else {
+        memcpy(key, passwd, passwdlen);
+    }
+    memcpy(salt_and_ivec, salt, saltlen);
        for (i = 0; i * 32 < dkLen; i++) {
-                be32enc(ivec, (uint32_t)(i + 1));
+                be32enc(salt_and_ivec + saltlen, (uint32_t)(i + 1));
-                memcpy(&hctx, &PShctx, sizeof(crypto_auth_hmacsha256_state));
+                crypto_auth_hmacsha256(U, salt_and_ivec, sizeof(salt_and_ivec), key);
-                crypto_auth_hmacsha256_update(&hctx, ivec, 4);
-                crypto_auth_hmacsha256_final(&hctx, U);
                memcpy(T, U, 32);
                for (j = 2; j <= c; j++) {
-                        crypto_auth_hmacsha256_init(&hctx, passwd, passwdlen);
+                        crypto_auth_hmacsha256(U, U, 32, key);
-                        crypto_auth_hmacsha256_update(&hctx, U, 32);
-                        crypto_auth_hmacsha256_final(&hctx, U);
                        for (k = 0; k < 32; k++) {
                                T[k] ^= U[k];
@@ -85,7 +91,7 @@ PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
        }
                memcpy(&buf[i * 32], T, clen);
        }
-    sodium_memzero((void *) &PShctx, sizeof PShctx);
+    sodium_memzero((void *) key, sizeof(key));
 }
 #endif
author	irungentoo <irungentoo@gmail.com>	2014-09-13 23:08:16 -0400
committer	irungentoo <irungentoo@gmail.com>	2014-09-13 23:08:16 -0400
commit	331efce602661e002c33199baa75ee767bbd802f (patch)
tree	a0ce044ac1c5ac643b367d23288453715031fe16 /toxencryptsave/crypto_pwhash_scryptsalsa208sha256
parent	cbb526e83fcb0a1dd73228c8765ef29491caff2a (diff)

diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h deleted file mode 100644 index 994c0942..00000000 --- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h +++ /dev/null
@@ -1,65 +0,0 @@
1	#ifdef HAVE_CONFIG_H
2	#include "config.h"
3	#endif
4	#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
5
6	#ifndef crypto_auth_hmacsha256_H
7	#define crypto_auth_hmacsha256_H
8
9	#include <stddef.h>
10	#include "crypto_hash_sha256.h"
11	#include "export.h"
12
13	#ifdef __cplusplus
14	# if __GNUC__
15	# pragma GCC diagnostic ignored "-Wlong-long"
16	# endif
17	extern "C" {
18	#endif
19
20	typedef struct crypto_auth_hmacsha256_state {
21	crypto_hash_sha256_state ictx;
22	crypto_hash_sha256_state octx;
23	} crypto_auth_hmacsha256_state;
24
25	#define crypto_auth_hmacsha256_BYTES 32U
26	SODIUM_EXPORT
27	size_t crypto_auth_hmacsha256_bytes(void);
28
29	#define crypto_auth_hmacsha256_KEYBYTES 32U
30	SODIUM_EXPORT
31	size_t crypto_auth_hmacsha256_keybytes(void);
32
33	SODIUM_EXPORT
34	int crypto_auth_hmacsha256(unsigned char *out,
35	const unsigned char *in,
36	unsigned long long inlen,
37	const unsigned char *k);
38
39	SODIUM_EXPORT
40	int crypto_auth_hmacsha256_verify(const unsigned char *h,
41	const unsigned char *in,
42	unsigned long long inlen,
43	const unsigned char *k);
44
45	SODIUM_EXPORT
46	int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
47	const unsigned char *key,
48	size_t keylen);
49
50	SODIUM_EXPORT
51	int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
52	const unsigned char *in,
53	unsigned long long inlen);
54
55	SODIUM_EXPORT
56	int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
57	unsigned char *out);
58
59	#ifdef __cplusplus
60	}
61	#endif
62
63	#endif
64
65	#endif


diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h deleted file mode 100644 index cc6e3df1..00000000 --- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h +++ /dev/null
@@ -1,61 +0,0 @@
1	#ifdef HAVE_CONFIG_H
2	#include "config.h"
3	#endif
4	#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
5
6	#ifndef crypto_hash_sha256_H
7	#define crypto_hash_sha256_H
8
9	/*
10	* WARNING: Unless you absolutely need to use SHA256 for interoperatibility,
11	* purposes, you might want to consider crypto_generichash() instead.
12	* Unlike SHA256, crypto_generichash() is not vulnerable to length
13	* extension attacks.
14	*/
15
16	#include <stddef.h>
17	#include <stdint.h>
18	#include <stdlib.h>
19
20	#include "export.h"
21
22	#ifdef __cplusplus
23	# if __GNUC__
24	# pragma GCC diagnostic ignored "-Wlong-long"
25	# endif
26	extern "C" {
27	#endif
28
29	typedef struct crypto_hash_sha256_state {
30	uint32_t state[8];
31	uint32_t count[2];
32	unsigned char buf[64];
33	} crypto_hash_sha256_state;
34
35	#define crypto_hash_sha256_BYTES 32U
36	SODIUM_EXPORT
37	size_t crypto_hash_sha256_bytes(void);
38
39	SODIUM_EXPORT
40	int crypto_hash_sha256(unsigned char out, const unsigned char in,
41	unsigned long long inlen);
42
43	SODIUM_EXPORT
44	int crypto_hash_sha256_init(crypto_hash_sha256_state *state);
45
46	SODIUM_EXPORT
47	int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
48	const unsigned char *in,
49	unsigned long long inlen);
50
51	SODIUM_EXPORT
52	int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
53	unsigned char *out);
54
55	#ifdef __cplusplus
56	}
57	#endif
58
59	#endif
60
61	#endif


diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c deleted file mode 100644 index 2fddc126..00000000 --- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c +++ /dev/null
@@ -1,300 +0,0 @@
1	#ifdef HAVE_CONFIG_H
2	#include "config.h"
3	#endif
4	#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
5
6	/*-
7	* Copyright 2005,2007,2009 Colin Percival
8	* All rights reserved.
9	*
10	* Redistribution and use in source and binary forms, with or without
11	* modification, are permitted provided that the following conditions
12	* are met:
13	* 1. Redistributions of source code must retain the above copyright
14	* notice, this list of conditions and the following disclaimer.
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in the
17	* documentation and/or other materials provided with the distribution.
18	*
19	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29	* SUCH DAMAGE.
30	*
31	*/
32
33	//#include "api.h"
34	#include "crypto_hash_sha256.h"
35	#include "utils.h"
36
37	#include <sys/types.h>
38
39	#include <limits.h>
40	#include <stdint.h>
41	#include <stdlib.h>
42	#include <string.h>
43
44	/* Avoid namespace collisions with BSD <sys/endian.h>. */
45	#define be32dec _sha256_be32dec
46	#define be32enc _sha256_be32enc
47
48	static inline uint32_t
49	be32dec(const void *pp)
50	{
51	const uint8_t p = (uint8_t const )pp;
52
53	return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) +
54	((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24));
55	}
56
57	static inline void
58	be32enc(void *pp, uint32_t x)
59	{
60	uint8_t * p = (uint8_t *)pp;
61
62	p[3] = x & 0xff;
63	p[2] = (x >> 8) & 0xff;
64	p[1] = (x >> 16) & 0xff;
65	p[0] = (x >> 24) & 0xff;
66	}
67
68	static void
69	be32enc_vect(unsigned char dst, const uint32_t src, size_t len)
70	{
71	size_t i;
72
73	for (i = 0; i < len / 4; i++) {
74	be32enc(dst + i * 4, src[i]);
75	}
76	}
77
78	static void
79	be32dec_vect(uint32_t dst, const unsigned char src, size_t len)
80	{
81	size_t i;
82
83	for (i = 0; i < len / 4; i++) {
84	dst[i] = be32dec(src + i * 4);
85	}
86	}
87
88	#define Ch(x, y, z) ((x & (y ^ z)) ^ z)
89	#define Maj(x, y, z) ((x & (y \| z)) \| (y & z))
90	#define SHR(x, n) (x >> n)
91	#define ROTR(x, n) ((x >> n) \| (x << (32 - n)))
92	#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
93	#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
94	#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
95	#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
96
97	#define RND(a, b, c, d, e, f, g, h, k) \
98	t0 = h + S1(e) + Ch(e, f, g) + k; \
99	t1 = S0(a) + Maj(a, b, c); \
100	d += t0; \
101	h = t0 + t1;
102
103	#define RNDr(S, W, i, k) \
104	RND(S[(64 - i) % 8], S[(65 - i) % 8], \
105	S[(66 - i) % 8], S[(67 - i) % 8], \
106	S[(68 - i) % 8], S[(69 - i) % 8], \
107	S[(70 - i) % 8], S[(71 - i) % 8], \
108	W[i] + k)
109
110	static void
111	SHA256_Transform(uint32_t *state, const unsigned char block[64])
112	{
113	uint32_t W[64];
114	uint32_t S[8];
115	uint32_t t0, t1;
116	int i;
117
118	be32dec_vect(W, block, 64);
119	for (i = 16; i < 64; i++) {
120	W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16];
121	}
122
123	memcpy(S, state, 32);
124
125	RNDr(S, W, 0, 0x428a2f98);
126	RNDr(S, W, 1, 0x71374491);
127	RNDr(S, W, 2, 0xb5c0fbcf);
128	RNDr(S, W, 3, 0xe9b5dba5);
129	RNDr(S, W, 4, 0x3956c25b);
130	RNDr(S, W, 5, 0x59f111f1);
131	RNDr(S, W, 6, 0x923f82a4);
132	RNDr(S, W, 7, 0xab1c5ed5);
133	RNDr(S, W, 8, 0xd807aa98);
134	RNDr(S, W, 9, 0x12835b01);
135	RNDr(S, W, 10, 0x243185be);
136	RNDr(S, W, 11, 0x550c7dc3);
137	RNDr(S, W, 12, 0x72be5d74);
138	RNDr(S, W, 13, 0x80deb1fe);
139	RNDr(S, W, 14, 0x9bdc06a7);
140	RNDr(S, W, 15, 0xc19bf174);
141	RNDr(S, W, 16, 0xe49b69c1);
142	RNDr(S, W, 17, 0xefbe4786);
143	RNDr(S, W, 18, 0x0fc19dc6);
144	RNDr(S, W, 19, 0x240ca1cc);
145	RNDr(S, W, 20, 0x2de92c6f);
146	RNDr(S, W, 21, 0x4a7484aa);
147	RNDr(S, W, 22, 0x5cb0a9dc);
148	RNDr(S, W, 23, 0x76f988da);
149	RNDr(S, W, 24, 0x983e5152);
150	RNDr(S, W, 25, 0xa831c66d);
151	RNDr(S, W, 26, 0xb00327c8);
152	RNDr(S, W, 27, 0xbf597fc7);
153	RNDr(S, W, 28, 0xc6e00bf3);
154	RNDr(S, W, 29, 0xd5a79147);
155	RNDr(S, W, 30, 0x06ca6351);
156	RNDr(S, W, 31, 0x14292967);
157	RNDr(S, W, 32, 0x27b70a85);
158	RNDr(S, W, 33, 0x2e1b2138);
159	RNDr(S, W, 34, 0x4d2c6dfc);
160	RNDr(S, W, 35, 0x53380d13);
161	RNDr(S, W, 36, 0x650a7354);
162	RNDr(S, W, 37, 0x766a0abb);
163	RNDr(S, W, 38, 0x81c2c92e);
164	RNDr(S, W, 39, 0x92722c85);
165	RNDr(S, W, 40, 0xa2bfe8a1);
166	RNDr(S, W, 41, 0xa81a664b);
167	RNDr(S, W, 42, 0xc24b8b70);
168	RNDr(S, W, 43, 0xc76c51a3);
169	RNDr(S, W, 44, 0xd192e819);
170	RNDr(S, W, 45, 0xd6990624);
171	RNDr(S, W, 46, 0xf40e3585);
172	RNDr(S, W, 47, 0x106aa070);
173	RNDr(S, W, 48, 0x19a4c116);
174	RNDr(S, W, 49, 0x1e376c08);
175	RNDr(S, W, 50, 0x2748774c);
176	RNDr(S, W, 51, 0x34b0bcb5);
177	RNDr(S, W, 52, 0x391c0cb3);
178	RNDr(S, W, 53, 0x4ed8aa4a);
179	RNDr(S, W, 54, 0x5b9cca4f);
180	RNDr(S, W, 55, 0x682e6ff3);
181	RNDr(S, W, 56, 0x748f82ee);
182	RNDr(S, W, 57, 0x78a5636f);
183	RNDr(S, W, 58, 0x84c87814);
184	RNDr(S, W, 59, 0x8cc70208);
185	RNDr(S, W, 60, 0x90befffa);
186	RNDr(S, W, 61, 0xa4506ceb);
187	RNDr(S, W, 62, 0xbef9a3f7);
188	RNDr(S, W, 63, 0xc67178f2);
189
190	for (i = 0; i < 8; i++) {
191	state[i] += S[i];
192	}
193
194	sodium_memzero((void *) W, sizeof W);
195	sodium_memzero((void *) S, sizeof S);
196	sodium_memzero((void *) &t0, sizeof t0);
197	sodium_memzero((void *) &t1, sizeof t1);
198	}
199
200	static unsigned char PAD[64] = {
201	0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
202	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
203	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
204	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
205	};
206
207	static void
208	SHA256_Pad(crypto_hash_sha256_state *state)
209	{
210	unsigned char len[8];
211	uint32_t r, plen;
212
213	be32enc_vect(len, state->count, 8);
214
215	r = (state->count[1] >> 3) & 0x3f;
216	plen = (r < 56) ? (56 - r) : (120 - r);
217	crypto_hash_sha256_update(state, PAD, (unsigned long long) plen);
218
219	crypto_hash_sha256_update(state, len, 8);
220	}
221
222	int
223	crypto_hash_sha256_init(crypto_hash_sha256_state *state)
224	{
225	state->count[0] = state->count[1] = 0;
226
227	state->state[0] = 0x6A09E667;
228	state->state[1] = 0xBB67AE85;
229	state->state[2] = 0x3C6EF372;
230	state->state[3] = 0xA54FF53A;
231	state->state[4] = 0x510E527F;
232	state->state[5] = 0x9B05688C;
233	state->state[6] = 0x1F83D9AB;
234	state->state[7] = 0x5BE0CD19;
235
236	return 0;
237	}
238
239	int
240	crypto_hash_sha256_update(crypto_hash_sha256_state *state,
241	const unsigned char *in,
242	unsigned long long inlen)
243	{
244	uint32_t bitlen[2];
245	uint32_t r;
246
247	r = (state->count[1] >> 3) & 0x3f;
248
249	bitlen[1] = ((uint32_t)inlen) << 3;
250	bitlen[0] = (uint32_t)(inlen >> 29);
251
252	if ((state->count[1] += bitlen[1]) < bitlen[1]) {
253	state->count[0]++;
254	}
255	state->count[0] += bitlen[0];
256
257	if (inlen < 64 - r) {
258	memcpy(&state->buf[r], in, inlen);
259	return 0;
260	}
261	memcpy(&state->buf[r], in, 64 - r);
262	SHA256_Transform(state->state, state->buf);
263	in += 64 - r;
264	inlen -= 64 - r;
265
266	while (inlen >= 64) {
267	SHA256_Transform(state->state, in);
268	in += 64;
269	inlen -= 64;
270	}
271	memcpy(state->buf, in, inlen);
272
273	return 0;
274	}
275
276	int
277	crypto_hash_sha256_final(crypto_hash_sha256_state *state,
278	unsigned char *out)
279	{
280	SHA256_Pad(state);
281	be32enc_vect(out, state->state, 32);
282	sodium_memzero((void ) state, sizeof state);
283
284	return 0;
285	}
286
287	int
288	crypto_hash(unsigned char out, const unsigned char in,
289	unsigned long long inlen)
290	{
291	crypto_hash_sha256_state state;
292
293	crypto_hash_sha256_init(&state);
294	crypto_hash_sha256_update(&state, in, inlen);
295	crypto_hash_sha256_final(&state, out);
296
297	return 0;
298	}
299
300	#endif


diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c deleted file mode 100644 index 2a268075..00000000 --- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c +++ /dev/null
@@ -1,115 +0,0 @@
1	#ifdef HAVE_CONFIG_H
2	#include "config.h"
3	#endif
4	#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
5
6	/*-
7	* Copyright 2005,2007,2009 Colin Percival
8	* All rights reserved.
9	*
10	* Redistribution and use in source and binary forms, with or without
11	* modification, are permitted provided that the following conditions
12	* are met:
13	* 1. Redistributions of source code must retain the above copyright
14	* notice, this list of conditions and the following disclaimer.
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in the
17	* documentation and/or other materials provided with the distribution.
18	*
19	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29	* SUCH DAMAGE.
30	*
31	*/
32
33	//#include "api.h"
34	#include "crypto_auth_hmacsha256.h"
35	#include "crypto_hash_sha256.h"
36	#include "utils.h"
37
38	#include <sys/types.h>
39
40	#include <stdint.h>
41	#include <string.h>
42
43	int
44	crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
45	const unsigned char *key,
46	size_t keylen)
47	{
48	unsigned char pad[64];
49	unsigned char khash[32];
50	size_t i;
51
52	if (keylen > 64) {
53	crypto_hash_sha256_init(&state->ictx);
54	crypto_hash_sha256_update(&state->ictx, key, keylen);
55	crypto_hash_sha256_final(&state->ictx, khash);
56	key = khash;
57	keylen = 32;
58	}
59	crypto_hash_sha256_init(&state->ictx);
60	memset(pad, 0x36, 64);
61	for (i = 0; i < keylen; i++) {
62	pad[i] ^= key[i];
63	}
64	crypto_hash_sha256_update(&state->ictx, pad, 64);
65
66	crypto_hash_sha256_init(&state->octx);
67	memset(pad, 0x5c, 64);
68	for (i = 0; i < keylen; i++) {
69	pad[i] ^= key[i];
70	}
71	crypto_hash_sha256_update(&state->octx, pad, 64);
72
73	sodium_memzero((void *) khash, sizeof khash);
74
75	return 0;
76	}
77
78	int
79	crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
80	const unsigned char *in,
81	unsigned long long inlen)
82	{
83	crypto_hash_sha256_update(&state->ictx, in, inlen);
84
85	return 0;
86	}
87
88	int
89	crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
90	unsigned char *out)
91	{
92	unsigned char ihash[32];
93
94	crypto_hash_sha256_final(&state->ictx, ihash);
95	crypto_hash_sha256_update(&state->octx, ihash, 32);
96	crypto_hash_sha256_final(&state->octx, out);
97
98	sodium_memzero((void *) ihash, sizeof ihash);
99
100	return 0;
101	}
102
103	int
104	crypto_auth(unsigned char out, const unsigned char in,
105	unsigned long long inlen, const unsigned char *k)
106	{
107	crypto_auth_hmacsha256_state state;
108
109	crypto_auth_hmacsha256_init(&state, k, crypto_auth_hmacsha256_KEYBYTES);
110	crypto_auth_hmacsha256_update(&state, in, inlen);
111	crypto_auth_hmacsha256_final(&state, out);
112
113	return 0;
114	}
115	#endif


diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c index 01eb7dff..3dfe54db 100644 --- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c +++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c
@@ -35,7 +35,9 @@
35	#include <stdlib.h>	35	#include <stdlib.h>
36	#include <string.h>	36	#include <string.h>
37		37
38	#include "crypto_auth_hmacsha256.h"	38	#include <crypto_hash_sha256.h>
		39	#include <crypto_auth_hmacsha256.h>
		40
39	#include "pbkdf2-sha256.h"	41	#include "pbkdf2-sha256.h"
40	#include "sysendian.h"	42	#include "sysendian.h"
41	#include "utils.h"	43	#include "utils.h"
@@ -49,30 +51,34 @@ void
49	PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,	51	PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
50	size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen)	52	size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen)
51	{	53	{
52	crypto_auth_hmacsha256_state PShctx, hctx;	54	uint8_t key[32] = {0};
53	size_t i;	55	size_t i;
54	uint8_t ivec[4];	56	uint8_t salt_and_ivec[saltlen + 4];
55	uint8_t U[32];	57	uint8_t U[32];
56	uint8_t T[32];	58	uint8_t T[32];
57	uint64_t j;	59	uint64_t j;
58	int k;	60	int k;
59	size_t clen;	61	size_t clen;
60		62
61	crypto_auth_hmacsha256_init(&PShctx, passwd, passwdlen);	63	if (passwdlen > 32) {
62	crypto_auth_hmacsha256_update(&PShctx, salt, saltlen);	64	/* For some reason libsodium allows 64byte keys meaning keys
		65	* between 32byte and 64bytes are not compatible with libsodium.
		66	toxencryptsave should only give 32byte passwds so this isn't an issue here.*/
		67	crypto_hash_sha256(key, passwd, passwdlen);
		68	} else {
		69	memcpy(key, passwd, passwdlen);
		70	}
		71
		72	memcpy(salt_and_ivec, salt, saltlen);
63		73
64	for (i = 0; i * 32 < dkLen; i++) {	74	for (i = 0; i * 32 < dkLen; i++) {
65	be32enc(ivec, (uint32_t)(i + 1));	75	be32enc(salt_and_ivec + saltlen, (uint32_t)(i + 1));
66	memcpy(&hctx, &PShctx, sizeof(crypto_auth_hmacsha256_state));	76	crypto_auth_hmacsha256(U, salt_and_ivec, sizeof(salt_and_ivec), key);
67	crypto_auth_hmacsha256_update(&hctx, ivec, 4);
68	crypto_auth_hmacsha256_final(&hctx, U);
69		77
70	memcpy(T, U, 32);	78	memcpy(T, U, 32);
71		79
72	for (j = 2; j <= c; j++) {	80	for (j = 2; j <= c; j++) {
73	crypto_auth_hmacsha256_init(&hctx, passwd, passwdlen);	81	crypto_auth_hmacsha256(U, U, 32, key);
74	crypto_auth_hmacsha256_update(&hctx, U, 32);
75	crypto_auth_hmacsha256_final(&hctx, U);
76		82
77	for (k = 0; k < 32; k++) {	83	for (k = 0; k < 32; k++) {
78	T[k] ^= U[k];	84	T[k] ^= U[k];
@@ -85,7 +91,7 @@ PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
85	}	91	}
86	memcpy(&buf[i * 32], T, clen);	92	memcpy(&buf[i * 32], T, clen);
87	}	93	}
88	sodium_memzero((void *) &PShctx, sizeof PShctx);	94	sodium_memzero((void *) key, sizeof(key));
89	}	95	}
90		96
91	#endif	97	#endif