Home | History | Annotate | Line # | Download | only in curve25519xchacha20poly1305 
      1 
      2 #include <string.h>
      3 
      4 #include "crypto_box_curve25519xchacha20poly1305.h"
      5 #include "crypto_generichash.h"
      6 #include "private/common.h"
      7 #include "utils.h"
      8 
      9 static int
     10 _crypto_box_curve25519xchacha20poly1305_seal_nonce(unsigned char *nonce,
     11                                                    const unsigned char *pk1,
     12                                                    const unsigned char *pk2)
     13 {
     14     crypto_generichash_state st;
     15 
     16     crypto_generichash_init(&st, NULL, 0U,
     17                             crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
     18     crypto_generichash_update(&st, pk1,
     19                               crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
     20     crypto_generichash_update(&st, pk2,
     21                               crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
     22     crypto_generichash_final(&st, nonce,
     23                              crypto_box_curve25519xchacha20poly1305_NONCEBYTES);
     24 
     25     return 0;
     26 }
     27 
     28 int
     29 crypto_box_curve25519xchacha20poly1305_seal(unsigned char *c, const unsigned char *m,
     30                                             unsigned long long mlen,
     31                                             const unsigned char *pk)
     32 {
     33     unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES];
     34     unsigned char epk[crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES];
     35     unsigned char esk[crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES];
     36     int           ret;
     37 
     38     if (crypto_box_curve25519xchacha20poly1305_keypair(epk, esk) != 0) {
     39         return -1; /* LCOV_EXCL_LINE */
     40     }
     41     memcpy(c, epk, crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES);
     42     _crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, epk, pk);
     43     ret = crypto_box_curve25519xchacha20poly1305_easy(
     44          c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, m, mlen,
     45          nonce, pk, esk);
     46     sodium_memzero(esk, sizeof esk);
     47     sodium_memzero(epk, sizeof epk);
     48     sodium_memzero(nonce, sizeof nonce);
     49 
     50     return ret;
     51 }
     52 
     53 int
     54 crypto_box_curve25519xchacha20poly1305_seal_open(unsigned char *m, const unsigned char *c,
     55                                                  unsigned long long clen,
     56                                                  const unsigned char *pk,
     57                                                  const unsigned char *sk)
     58 {
     59     unsigned char nonce[crypto_box_curve25519xchacha20poly1305_NONCEBYTES];
     60 
     61     if (clen < crypto_box_curve25519xchacha20poly1305_SEALBYTES) {
     62         return -1;
     63     }
     64     _crypto_box_curve25519xchacha20poly1305_seal_nonce(nonce, c, pk);
     65 
     66     COMPILER_ASSERT(crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES <
     67                     crypto_box_curve25519xchacha20poly1305_SEALBYTES);
     68 
     69     return crypto_box_curve25519xchacha20poly1305_open_easy(
     70          m, c + crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES,
     71          clen - crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES,
     72          nonce, c, sk);
     73 }
     74 
     75 size_t
     76 crypto_box_curve25519xchacha20poly1305_sealbytes(void)
     77 {
     78     return crypto_box_curve25519xchacha20poly1305_SEALBYTES;
     79 }
     80