From 0b27a0cb355a15fddbce639e66d5af2c2106526a Mon Sep 17 00:00:00 2001
From: slvr <slvr@unsafeio.com>
Date: Wed, 14 Aug 2013 14:26:04 +0100
Subject: Incorrect constants: s/BOXZERO/ZERO/

---
 core/net_crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/net_crypto.c b/core/net_crypto.c
index 07c43c40..0d8ad4c7 100644
--- a/core/net_crypto.c
+++ b/core/net_crypto.c
@@ -81,7 +81,7 @@ int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
     if (length + crypto_box_MACBYTES > MAX_DATA_SIZE || length == 0)
         return -1;
 
-    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0};
+    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0};
     uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES];
 
     memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); /* pad the message with 32 0 bytes. */
@@ -114,7 +114,7 @@ int encrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
     if (length + crypto_box_MACBYTES > MAX_DATA_SIZE || length == 0)
         return -1;
 
-    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0};
+    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0};
     uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES];
 
     memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); /* pad the message with 32 0 bytes. */
-- 
cgit v1.2.3


From ee34b51c24acfcee7c155b3b056a16dded8a27bc Mon Sep 17 00:00:00 2001
From: slvr <slvr@unsafeio.com>
Date: Wed, 14 Aug 2013 14:29:39 +0100
Subject: s/BOXZERO/ZERO/

---
 core/net_crypto.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/net_crypto.c b/core/net_crypto.c
index 0d8ad4c7..fd606335 100644
--- a/core/net_crypto.c
+++ b/core/net_crypto.c
@@ -139,7 +139,7 @@ int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
     if (length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES)
         return -1;
 
-    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES];
+    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES];
     uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0};
 
     memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */
@@ -165,7 +165,7 @@ int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
     if (length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES)
         return -1;
 
-    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES];
+    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES];
     uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0};
 
     memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */
-- 
cgit v1.2.3


From a854a730ecd3b92426914d9bc30713ade92d5727 Mon Sep 17 00:00:00 2001
From: slvr <slvr@unsafeio.com>
Date: Wed, 14 Aug 2013 14:46:29 +0100
Subject: Reduced redundant code, added new crypto test

---
 auto_tests/crypto_test.c | 38 +++++++++++++++++++++++++
 core/net_crypto.c        | 72 +++++++++++-------------------------------------
 2 files changed, 54 insertions(+), 56 deletions(-)

diff --git a/auto_tests/crypto_test.c b/auto_tests/crypto_test.c
index 9ac81349..8b5397e4 100644
--- a/auto_tests/crypto_test.c
+++ b/auto_tests/crypto_test.c
@@ -197,6 +197,43 @@ START_TEST(test_endtoend)
 }
 END_TEST
 
+START_TEST(test_large_data)
+{
+    unsigned char k[crypto_box_BEFORENMBYTES];
+
+    unsigned char n[crypto_box_NONCEBYTES];
+
+    unsigned char m1[MAX_DATA_SIZE - ENCRYPTION_PADDING];
+    unsigned char c1[sizeof(m1) + ENCRYPTION_PADDING];
+    unsigned char m1prime[sizeof(m1)];
+
+    unsigned char m2[MAX_DATA_SIZE];
+    unsigned char c2[sizeof(m2) + ENCRYPTION_PADDING];
+
+    int c1len, c2len;
+    int m1plen;
+
+    //Generate random messages
+    rand_bytes(m1, sizeof(m1));
+    rand_bytes(m2, sizeof(m2));
+    rand_bytes(n, crypto_box_NONCEBYTES);
+    
+    //Generate key
+    rand_bytes(k, crypto_box_BEFORENMBYTES);
+    
+    c1len = encrypt_data_fast(k, n, m1, sizeof(m1), c1);
+    c2len = encrypt_data_fast(k, n, m2, sizeof(m2), c2);
+    
+    ck_assert_msg(c1len == sizeof(m1) + ENCRYPTION_PADDING, "Could not encrypt max size");
+    ck_assert_msg(c2len == -1, "incorrectly succeeded encrypting massive size");
+    
+    m1plen = decrypt_data_fast(k, n, c1, c1len, m1prime);
+    
+    ck_assert_msg(m1plen == sizeof(m1), "decrypted text lengths differ");
+    ck_assert_msg(memcmp(m1prime, m1, sizeof(m1)) == 0, "decrypted texts differ");
+}
+END_TEST
+
 #define DEFTESTCASE(NAME) \
     TCase *NAME = tcase_create(#NAME); \
     tcase_add_test(NAME, test_##NAME); \
@@ -209,6 +246,7 @@ Suite* crypto_suite(void)
     DEFTESTCASE(known);
     DEFTESTCASE(fast_known);
     DEFTESTCASE(endtoend);
+    DEFTESTCASE(large_data);
 
     return s;
 }
diff --git a/core/net_crypto.c b/core/net_crypto.c
index fd606335..ab18dd63 100644
--- a/core/net_crypto.c
+++ b/core/net_crypto.c
@@ -71,33 +71,6 @@ uint8_t crypto_iszero(uint8_t *mem, uint32_t length)
     return check; // We return zero if mem is made out of zeroes.
 }
 
-/* encrypts plain of length length to encrypted of length + 16 using the
-   public key(32 bytes) of the receiver and the secret key of the sender and a 24 byte nonce
-   return -1 if there was a problem.
-   return length of encrypted data if everything was fine. */
-int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
-                 uint8_t *plain, uint32_t length, uint8_t *encrypted)
-{
-    if (length + crypto_box_MACBYTES > MAX_DATA_SIZE || length == 0)
-        return -1;
-
-    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES] = {0};
-    uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES];
-
-    memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length); /* pad the message with 32 0 bytes. */
-
-    crypto_box(temp_encrypted, temp_plain, length + crypto_box_ZEROBYTES, nonce, public_key, secret_key);
-
-    /* if encryption is successful the first crypto_box_BOXZEROBYTES of the message will be zero
-       apparently memcmp should not be used so we do this instead:*/
-    if(crypto_iszero(temp_encrypted, crypto_box_BOXZEROBYTES) != 0)
-        return -1;
-
-    /* unpad the encrypted message */
-    memcpy(encrypted, temp_encrypted + crypto_box_BOXZEROBYTES, length + crypto_box_MACBYTES);
-    return length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES;
-}
-
 /* Precomputes the shared key from their public_key and our secret_key.
    This way we can avoid an expensive elliptic curve scalar multiply for each 
    encrypt/decrypt operation.
@@ -129,35 +102,6 @@ int encrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
     return length - crypto_box_BOXZEROBYTES + crypto_box_ZEROBYTES;
 }
 
-/* decrypts encrypted of length length to plain of length length - 16 using the
-   public key(32 bytes) of the sender, the secret key of the receiver and a 24 byte nonce
-   return -1 if there was a problem(decryption failed)
-   return length of plain data if everything was fine. */
-int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
-                 uint8_t *encrypted, uint32_t length, uint8_t *plain)
-{
-    if (length > MAX_DATA_SIZE || length <= crypto_box_BOXZEROBYTES)
-        return -1;
-
-    uint8_t temp_plain[MAX_DATA_SIZE + crypto_box_ZEROBYTES];
-    uint8_t temp_encrypted[MAX_DATA_SIZE + crypto_box_BOXZEROBYTES] = {0};
-
-    memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length); /* pad the message with 16 0 bytes. */
-
-    if (crypto_box_open(temp_plain, temp_encrypted, length + crypto_box_BOXZEROBYTES,
-                        nonce, public_key, secret_key) == -1)
-        return -1;
-
-    /* if decryption is successful the first crypto_box_ZEROBYTES of the message will be zero 
-       apparently memcmp should not be used so we do this instead:*/
-    if(crypto_iszero(temp_plain, crypto_box_ZEROBYTES) != 0)
-        return -1;
-
-    /* unpad the plain message */
-    memcpy(plain, temp_plain + crypto_box_ZEROBYTES, length - crypto_box_MACBYTES);
-    return length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES;
-}
-
 /* Fast decrypt. Depends on enc_ley from encrypt_precompute. */
 int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
                       uint8_t *encrypted, uint32_t length, uint8_t *plain)
@@ -184,6 +128,22 @@ int decrypt_data_fast(uint8_t *enc_key, uint8_t *nonce,
     return length - crypto_box_ZEROBYTES + crypto_box_BOXZEROBYTES;
 }
 
+int encrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
+                 uint8_t *plain, uint32_t length, uint8_t *encrypted)
+{
+    uint8_t k[crypto_box_BEFORENMBYTES];
+    encrypt_precompute(public_key, secret_key, k);
+    return encrypt_data_fast(k, nonce, plain, length, encrypted);
+}
+
+int decrypt_data(uint8_t *public_key, uint8_t *secret_key, uint8_t *nonce,
+                 uint8_t *encrypted, uint32_t length, uint8_t *plain)
+{
+    uint8_t k[crypto_box_BEFORENMBYTES];
+    encrypt_precompute(public_key, secret_key, k);
+    return decrypt_data_fast(k, nonce, encrypted, length, plain);
+}
+
 /* increment the given nonce by 1 */
 static void increment_nonce(uint8_t *nonce)
 {
-- 
cgit v1.2.3