diff options
author | irungentoo <irungentoo@gmail.com> | 2015-04-01 19:57:31 -0400 |
---|---|---|
committer | irungentoo <irungentoo@gmail.com> | 2015-04-01 19:57:31 -0400 |
commit | abff31d2ad3d10df59de72c67a2100e2ad9effb4 (patch) | |
tree | b622d5bd597bf70c2ccc76d42fae00793a3f86bc /toxencryptsave/toxencryptsave.h | |
parent | a2df5f2f5716e1288ff1cde054fba5651a35f570 (diff) | |
parent | 36ed4956fdeacd73243d9348dcb7ef279f22c726 (diff) |
Merge branch 'master' of https://github.com/dubslow/toxcore
Diffstat (limited to 'toxencryptsave/toxencryptsave.h')
-rw-r--r-- | toxencryptsave/toxencryptsave.h | 32 |
1 files changed, 25 insertions, 7 deletions
diff --git a/toxencryptsave/toxencryptsave.h b/toxencryptsave/toxencryptsave.h index 2ee4af46..c077d899 100644 --- a/toxencryptsave/toxencryptsave.h +++ b/toxencryptsave/toxencryptsave.h | |||
@@ -39,7 +39,7 @@ struct Tox_Options; | |||
39 | #endif | 39 | #endif |
40 | 40 | ||
41 | #define TOX_PASS_SALT_LENGTH 32 | 41 | #define TOX_PASS_SALT_LENGTH 32 |
42 | #define TOX_PASS_KEY_LENGTH 64 | 42 | #define TOX_PASS_KEY_LENGTH 32 |
43 | #define TOX_PASS_ENCRYPTION_EXTRA_LENGTH 80 | 43 | #define TOX_PASS_ENCRYPTION_EXTRA_LENGTH 80 |
44 | 44 | ||
45 | /* This module is conceptually organized into two parts. The first part are the functions | 45 | /* This module is conceptually organized into two parts. The first part are the functions |
@@ -60,6 +60,15 @@ struct Tox_Options; | |||
60 | * Ditto if they forget their password, there is no way to recover the data. | 60 | * Ditto if they forget their password, there is no way to recover the data. |
61 | */ | 61 | */ |
62 | 62 | ||
63 | /* Since apparently no one actually bothered to learn about the module previously, | ||
64 | * the recently removed functions tox_encrypted_new and tox_get_encrypted_savedata | ||
65 | * may be trivially replaced by calls to tox_pass_decrypt -> tox_new or | ||
66 | * tox_get_savedata -> tox_pass_encrypt as appropriate. The removed functions | ||
67 | * were never more than 5 line wrappers of the other public API functions anyways. | ||
68 | * (As has always been, tox_pass_decrypt and tox_pass_encrypt are interchangeable | ||
69 | * with tox_pass_key_decrypt and tox_pass_key_encrypt, as the client program requires.) | ||
70 | */ | ||
71 | |||
63 | typedef enum TOX_ERR_KEY_DERIVATION { | 72 | typedef enum TOX_ERR_KEY_DERIVATION { |
64 | TOX_ERR_KEY_DERIVATION_OK, | 73 | TOX_ERR_KEY_DERIVATION_OK, |
65 | /** | 74 | /** |
@@ -155,6 +164,14 @@ bool tox_pass_decrypt(const uint8_t *data, size_t length, uint8_t *passphrase, s | |||
155 | * intensive than part one. The first 3 functions are for key handling. | 164 | * intensive than part one. The first 3 functions are for key handling. |
156 | */ | 165 | */ |
157 | 166 | ||
167 | /* This key structure's internals should not be used by any client program, even | ||
168 | * if they are straightforward here. | ||
169 | */ | ||
170 | typedef struct { | ||
171 | uint8_t salt[TOX_PASS_SALT_LENGTH]; | ||
172 | uint8_t key[TOX_PASS_KEY_LENGTH]; | ||
173 | } TOX_PASS_KEY; | ||
174 | |||
158 | /* Generates a secret symmetric key from the given passphrase. out_key must be at least | 175 | /* Generates a secret symmetric key from the given passphrase. out_key must be at least |
159 | * TOX_PASS_KEY_LENGTH bytes long. | 176 | * TOX_PASS_KEY_LENGTH bytes long. |
160 | * Be sure to not compromise the key! Only keep it in memory, do not write to disk. | 177 | * Be sure to not compromise the key! Only keep it in memory, do not write to disk. |
@@ -166,12 +183,13 @@ bool tox_pass_decrypt(const uint8_t *data, size_t length, uint8_t *passphrase, s | |||
166 | * | 183 | * |
167 | * returns true on success | 184 | * returns true on success |
168 | */ | 185 | */ |
169 | bool tox_derive_key_from_pass(uint8_t *passphrase, size_t pplength, uint8_t *out_key, TOX_ERR_KEY_DERIVATION *error); | 186 | bool tox_derive_key_from_pass(uint8_t *passphrase, size_t pplength, TOX_PASS_KEY *out_key, |
187 | TOX_ERR_KEY_DERIVATION *error); | ||
170 | 188 | ||
171 | /* Same as above, except with use the given salt for deterministic key derivation. | 189 | /* Same as above, except use the given salt for deterministic key derivation. |
172 | * The salt must be tox_salt_length() bytes in length. | 190 | * The salt must be TOX_PASS_SALT_LENGTH bytes in length. |
173 | */ | 191 | */ |
174 | bool tox_derive_key_with_salt(uint8_t *passphrase, size_t pplength, uint8_t *salt, uint8_t *out_key, | 192 | bool tox_derive_key_with_salt(uint8_t *passphrase, size_t pplength, uint8_t *salt, TOX_PASS_KEY *out_key, |
175 | TOX_ERR_KEY_DERIVATION *error); | 193 | TOX_ERR_KEY_DERIVATION *error); |
176 | 194 | ||
177 | /* This retrieves the salt used to encrypt the given data, which can then be passed to | 195 | /* This retrieves the salt used to encrypt the given data, which can then be passed to |
@@ -194,7 +212,7 @@ bool tox_get_salt(const uint8_t *data, uint8_t *salt); | |||
194 | * | 212 | * |
195 | * returns true on success | 213 | * returns true on success |
196 | */ | 214 | */ |
197 | bool tox_pass_key_encrypt(const uint8_t *data, size_t data_len, const uint8_t *key, uint8_t *out, | 215 | bool tox_pass_key_encrypt(const uint8_t *data, size_t data_len, const TOX_PASS_KEY *key, uint8_t *out, |
198 | TOX_ERR_ENCRYPTION *error); | 216 | TOX_ERR_ENCRYPTION *error); |
199 | 217 | ||
200 | /* This is the inverse of tox_pass_key_encrypt, also using only keys produced by | 218 | /* This is the inverse of tox_pass_key_encrypt, also using only keys produced by |
@@ -204,7 +222,7 @@ bool tox_pass_key_encrypt(const uint8_t *data, size_t data_len, const uint8_t *k | |||
204 | * | 222 | * |
205 | * returns true on success | 223 | * returns true on success |
206 | */ | 224 | */ |
207 | bool tox_pass_key_decrypt(const uint8_t *data, size_t length, const uint8_t *key, uint8_t *out, | 225 | bool tox_pass_key_decrypt(const uint8_t *data, size_t length, const TOX_PASS_KEY *key, uint8_t *out, |
208 | TOX_ERR_DECRYPTION *error); | 226 | TOX_ERR_DECRYPTION *error); |
209 | 227 | ||
210 | /* Determines whether or not the given data is encrypted (by checking the magic number) | 228 | /* Determines whether or not the given data is encrypted (by checking the magic number) |