diff options
-rw-r--r-- | CMakeLists.txt | 2 | ||||
-rwxr-xr-x | other/astyle/format-source | 3 | ||||
-rw-r--r-- | toxcore/crypto_core.api.h | 150 | ||||
-rw-r--r-- | toxcore/crypto_core.h | 80 |
4 files changed, 203 insertions, 32 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index e454fa0a..1a6d1dec 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt | |||
@@ -196,6 +196,8 @@ set(toxcore_PKGCONFIG_LIBS) | |||
196 | 196 | ||
197 | # LAYER 1: Crypto core | 197 | # LAYER 1: Crypto core |
198 | # -------------------- | 198 | # -------------------- |
199 | apidsl( | ||
200 | toxcore/crypto_core.api.h) | ||
199 | add_module(toxcrypto | 201 | add_module(toxcrypto |
200 | toxcore/crypto_core.c | 202 | toxcore/crypto_core.c |
201 | toxcore/crypto_core.h) | 203 | toxcore/crypto_core.h) |
diff --git a/other/astyle/format-source b/other/astyle/format-source index d623926d..c168b80b 100755 --- a/other/astyle/format-source +++ b/other/astyle/format-source | |||
@@ -34,7 +34,8 @@ apidsl_curl() { | |||
34 | curl -X POST --data-binary @"$1" https://apidsl.herokuapp.com/apidsl | 34 | curl -X POST --data-binary @"$1" https://apidsl.herokuapp.com/apidsl |
35 | } | 35 | } |
36 | 36 | ||
37 | # Check if toxcore.h and toxav.h match apidsl tox.in.h and toxav.in.h. | 37 | # Check if apidsl generated sources are up to date. |
38 | $APIDSL toxcore/crypto_core.api.h > toxcore/crypto_core.h | ||
38 | $APIDSL toxcore/tox.api.h > toxcore/tox.h | 39 | $APIDSL toxcore/tox.api.h > toxcore/tox.h |
39 | $APIDSL toxav/toxav.api.h > toxav/toxav.h | 40 | $APIDSL toxav/toxav.api.h > toxav/toxav.h |
40 | 41 | ||
diff --git a/toxcore/crypto_core.api.h b/toxcore/crypto_core.api.h new file mode 100644 index 00000000..0c72471c --- /dev/null +++ b/toxcore/crypto_core.api.h | |||
@@ -0,0 +1,150 @@ | |||
1 | %{ | ||
2 | /* crypto_core.h | ||
3 | * | ||
4 | * Functions for the core crypto. | ||
5 | * | ||
6 | * Copyright (C) 2013 Tox project All Rights Reserved. | ||
7 | * | ||
8 | * This file is part of Tox. | ||
9 | * | ||
10 | * Tox is free software: you can redistribute it and/or modify | ||
11 | * it under the terms of the GNU General Public License as published by | ||
12 | * the Free Software Foundation, either version 3 of the License, or | ||
13 | * (at your option) any later version. | ||
14 | * | ||
15 | * Tox is distributed in the hope that it will be useful, | ||
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
18 | * GNU General Public License for more details. | ||
19 | * | ||
20 | * You should have received a copy of the GNU General Public License | ||
21 | * along with Tox. If not, see <http://www.gnu.org/licenses/>. | ||
22 | * | ||
23 | */ | ||
24 | #ifndef CORE_CRYPTO_H | ||
25 | #define CORE_CRYPTO_H | ||
26 | |||
27 | #include "network.h" | ||
28 | |||
29 | #ifndef VANILLA_NACL | ||
30 | /* We use libsodium by default. */ | ||
31 | #include <sodium.h> | ||
32 | #else | ||
33 | #include <crypto_box.h> | ||
34 | #include <crypto_hash_sha256.h> | ||
35 | #include <crypto_hash_sha512.h> | ||
36 | #include <crypto_scalarmult_curve25519.h> | ||
37 | #include <crypto_verify_16.h> | ||
38 | #include <crypto_verify_32.h> | ||
39 | #include <randombytes.h> | ||
40 | #define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) | ||
41 | /* I know */ | ||
42 | #define sodium_memcmp(a, b, c) memcmp(a, b, c) | ||
43 | #define sodium_memzero(a, c) memset(a, 0, c) | ||
44 | #endif | ||
45 | |||
46 | #define crypto_box_KEYBYTES (crypto_box_BEFORENMBYTES) | ||
47 | %} | ||
48 | |||
49 | /** | ||
50 | * compare 2 public keys of length crypto_box_PUBLICKEYBYTES, not vulnerable to timing attacks. | ||
51 | * returns 0 if both mem locations of length are equal, | ||
52 | * return -1 if they are not. | ||
53 | */ | ||
54 | static int32_t public_key_cmp(const uint8_t *pk1, const uint8_t *pk2); | ||
55 | |||
56 | /** | ||
57 | * Return a random 32 bit integer. | ||
58 | */ | ||
59 | static uint32_t random_int(); | ||
60 | |||
61 | /** | ||
62 | * Return a random 64 bit integer. | ||
63 | */ | ||
64 | static uint64_t random_64b(); | ||
65 | |||
66 | /** | ||
67 | * Check if a Tox public key crypto_box_PUBLICKEYBYTES is valid or not. | ||
68 | * This should only be used for input validation. | ||
69 | * | ||
70 | * return 0 if it isn't. | ||
71 | * return 1 if it is. | ||
72 | */ | ||
73 | static int32_t public_key_valid(const uint8_t *public_key); | ||
74 | |||
75 | /** | ||
76 | * Encrypts plain of length length to encrypted of length + 16 using the | ||
77 | * public key(32 bytes) of the receiver and the secret key of the sender and a 24 byte nonce. | ||
78 | * | ||
79 | * return -1 if there was a problem. | ||
80 | * return length of encrypted data if everything was fine. | ||
81 | */ | ||
82 | static int32_t encrypt_data( | ||
83 | const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, | ||
84 | const uint8_t *plain, uint32_t length, uint8_t *encrypted); | ||
85 | |||
86 | |||
87 | /** | ||
88 | * Decrypts encrypted of length length to plain of length length - 16 using the | ||
89 | * public key(32 bytes) of the sender, the secret key of the receiver and a 24 byte nonce. | ||
90 | * | ||
91 | * return -1 if there was a problem (decryption failed). | ||
92 | * return length of plain data if everything was fine. | ||
93 | */ | ||
94 | static int32_t decrypt_data( | ||
95 | const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, | ||
96 | const uint8_t *encrypted, uint32_t length, uint8_t *plain); | ||
97 | |||
98 | /** | ||
99 | * Fast encrypt/decrypt operations. Use if this is not a one-time communication. | ||
100 | * encrypt_precompute does the shared-key generation once so it does not have | ||
101 | * to be preformed on every encrypt/decrypt. | ||
102 | */ | ||
103 | static int32_t encrypt_precompute( | ||
104 | const uint8_t *public_key, const uint8_t *secret_key, uint8_t *enc_key); | ||
105 | |||
106 | /** | ||
107 | * Encrypts plain of length length to encrypted of length + 16 using a | ||
108 | * secret key crypto_box_KEYBYTES big and a 24 byte nonce. | ||
109 | * | ||
110 | * return -1 if there was a problem. | ||
111 | * return length of encrypted data if everything was fine. | ||
112 | */ | ||
113 | static int32_t encrypt_data_symmetric( | ||
114 | const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *plain, | ||
115 | uint32_t length, uint8_t *encrypted); | ||
116 | |||
117 | /** | ||
118 | * Decrypts encrypted of length length to plain of length length - 16 using a | ||
119 | * secret key crypto_box_KEYBYTES big and a 24 byte nonce. | ||
120 | * | ||
121 | * return -1 if there was a problem (decryption failed). | ||
122 | * return length of plain data if everything was fine. | ||
123 | */ | ||
124 | static int32_t decrypt_data_symmetric( | ||
125 | const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *encrypted, | ||
126 | uint32_t length, uint8_t *plain); | ||
127 | |||
128 | /** | ||
129 | * Increment the given nonce by 1. | ||
130 | */ | ||
131 | static void increment_nonce(uint8_t *nonce); | ||
132 | |||
133 | /** | ||
134 | * Increment the given nonce by num. | ||
135 | */ | ||
136 | static void increment_nonce_number(uint8_t *nonce, uint32_t host_order_num); | ||
137 | |||
138 | /** | ||
139 | * Fill the given nonce with random bytes. | ||
140 | */ | ||
141 | static void random_nonce(uint8_t *nonce); | ||
142 | |||
143 | /** | ||
144 | * Fill a key crypto_box_KEYBYTES big with random bytes. | ||
145 | */ | ||
146 | static void new_symmetric_key(uint8_t *key); | ||
147 | |||
148 | %{ | ||
149 | #endif | ||
150 | %} | ||
diff --git a/toxcore/crypto_core.h b/toxcore/crypto_core.h index a3463c38..5a1b153a 100644 --- a/toxcore/crypto_core.h +++ b/toxcore/crypto_core.h | |||
@@ -44,79 +44,97 @@ | |||
44 | 44 | ||
45 | #define crypto_box_KEYBYTES (crypto_box_BEFORENMBYTES) | 45 | #define crypto_box_KEYBYTES (crypto_box_BEFORENMBYTES) |
46 | 46 | ||
47 | /* compare 2 public keys of length crypto_box_PUBLICKEYBYTES, not vulnerable to timing attacks. | 47 | /** |
48 | returns 0 if both mem locations of length are equal, | 48 | * compare 2 public keys of length crypto_box_PUBLICKEYBYTES, not vulnerable to timing attacks. |
49 | return -1 if they are not. */ | 49 | * returns 0 if both mem locations of length are equal, |
50 | int public_key_cmp(const uint8_t *pk1, const uint8_t *pk2); | 50 | * return -1 if they are not. |
51 | */ | ||
52 | int32_t public_key_cmp(const uint8_t *pk1, const uint8_t *pk2); | ||
51 | 53 | ||
52 | /* return a random number. | 54 | /** |
53 | * | 55 | * Return a random 32 bit integer. |
54 | * random_int for a 32bin int. | ||
55 | * random_64b for a 64bit int. | ||
56 | */ | 56 | */ |
57 | uint32_t random_int(void); | 57 | uint32_t random_int(void); |
58 | |||
59 | /** | ||
60 | * Return a random 64 bit integer. | ||
61 | */ | ||
58 | uint64_t random_64b(void); | 62 | uint64_t random_64b(void); |
59 | 63 | ||
60 | /* Check if a Tox public key crypto_box_PUBLICKEYBYTES is valid or not. | 64 | /** |
65 | * Check if a Tox public key crypto_box_PUBLICKEYBYTES is valid or not. | ||
61 | * This should only be used for input validation. | 66 | * This should only be used for input validation. |
62 | * | 67 | * |
63 | * return 0 if it isn't. | 68 | * return 0 if it isn't. |
64 | * return 1 if it is. | 69 | * return 1 if it is. |
65 | */ | 70 | */ |
66 | int public_key_valid(const uint8_t *public_key); | 71 | int32_t public_key_valid(const uint8_t *public_key); |
67 | 72 | ||
68 | /* Encrypts plain of length length to encrypted of length + 16 using the | 73 | /** |
74 | * Encrypts plain of length length to encrypted of length + 16 using the | ||
69 | * public key(32 bytes) of the receiver and the secret key of the sender and a 24 byte nonce. | 75 | * public key(32 bytes) of the receiver and the secret key of the sender and a 24 byte nonce. |
70 | * | 76 | * |
71 | * return -1 if there was a problem. | 77 | * return -1 if there was a problem. |
72 | * return length of encrypted data if everything was fine. | 78 | * return length of encrypted data if everything was fine. |
73 | */ | 79 | */ |
74 | int encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, | 80 | int32_t encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *plain, |
75 | const uint8_t *plain, uint32_t length, uint8_t *encrypted); | 81 | uint32_t length, uint8_t *encrypted); |
76 | |||
77 | 82 | ||
78 | /* Decrypts encrypted of length length to plain of length length - 16 using the | 83 | /** |
84 | * Decrypts encrypted of length length to plain of length length - 16 using the | ||
79 | * public key(32 bytes) of the sender, the secret key of the receiver and a 24 byte nonce. | 85 | * public key(32 bytes) of the sender, the secret key of the receiver and a 24 byte nonce. |
80 | * | 86 | * |
81 | * return -1 if there was a problem (decryption failed). | 87 | * return -1 if there was a problem (decryption failed). |
82 | * return length of plain data if everything was fine. | 88 | * return length of plain data if everything was fine. |
83 | */ | 89 | */ |
84 | int decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, | 90 | int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, |
85 | const uint8_t *encrypted, uint32_t length, uint8_t *plain); | 91 | const uint8_t *encrypted, uint32_t length, uint8_t *plain); |
86 | 92 | ||
87 | /* Fast encrypt/decrypt operations. Use if this is not a one-time communication. | 93 | /** |
88 | encrypt_precompute does the shared-key generation once so it does not have | 94 | * Fast encrypt/decrypt operations. Use if this is not a one-time communication. |
89 | to be preformed on every encrypt/decrypt. */ | 95 | * encrypt_precompute does the shared-key generation once so it does not have |
90 | int encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key, uint8_t *enc_key); | 96 | * to be preformed on every encrypt/decrypt. |
97 | */ | ||
98 | int32_t encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key, uint8_t *enc_key); | ||
91 | 99 | ||
92 | /* Encrypts plain of length length to encrypted of length + 16 using a | 100 | /** |
101 | * Encrypts plain of length length to encrypted of length + 16 using a | ||
93 | * secret key crypto_box_KEYBYTES big and a 24 byte nonce. | 102 | * secret key crypto_box_KEYBYTES big and a 24 byte nonce. |
94 | * | 103 | * |
95 | * return -1 if there was a problem. | 104 | * return -1 if there was a problem. |
96 | * return length of encrypted data if everything was fine. | 105 | * return length of encrypted data if everything was fine. |
97 | */ | 106 | */ |
98 | int encrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *plain, uint32_t length, | 107 | int32_t encrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *plain, uint32_t length, |
99 | uint8_t *encrypted); | 108 | uint8_t *encrypted); |
100 | 109 | ||
101 | /* Decrypts encrypted of length length to plain of length length - 16 using a | 110 | /** |
111 | * Decrypts encrypted of length length to plain of length length - 16 using a | ||
102 | * secret key crypto_box_KEYBYTES big and a 24 byte nonce. | 112 | * secret key crypto_box_KEYBYTES big and a 24 byte nonce. |
103 | * | 113 | * |
104 | * return -1 if there was a problem (decryption failed). | 114 | * return -1 if there was a problem (decryption failed). |
105 | * return length of plain data if everything was fine. | 115 | * return length of plain data if everything was fine. |
106 | */ | 116 | */ |
107 | int decrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *encrypted, uint32_t length, | 117 | int32_t decrypt_data_symmetric(const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *encrypted, |
108 | uint8_t *plain); | 118 | uint32_t length, uint8_t *plain); |
109 | 119 | ||
110 | /* Increment the given nonce by 1. */ | 120 | /** |
121 | * Increment the given nonce by 1. | ||
122 | */ | ||
111 | void increment_nonce(uint8_t *nonce); | 123 | void increment_nonce(uint8_t *nonce); |
112 | 124 | ||
113 | /* increment the given nonce by num */ | 125 | /** |
126 | * Increment the given nonce by num. | ||
127 | */ | ||
114 | void increment_nonce_number(uint8_t *nonce, uint32_t host_order_num); | 128 | void increment_nonce_number(uint8_t *nonce, uint32_t host_order_num); |
115 | 129 | ||
116 | /* Fill the given nonce with random bytes. */ | 130 | /** |
131 | * Fill the given nonce with random bytes. | ||
132 | */ | ||
117 | void random_nonce(uint8_t *nonce); | 133 | void random_nonce(uint8_t *nonce); |
118 | 134 | ||
119 | /* Fill a key crypto_box_KEYBYTES big with random bytes */ | 135 | /** |
136 | * Fill a key crypto_box_KEYBYTES big with random bytes. | ||
137 | */ | ||
120 | void new_symmetric_key(uint8_t *key); | 138 | void new_symmetric_key(uint8_t *key); |
121 | 139 | ||
122 | #endif | 140 | #endif |