Add monocypher lib to src/3rdparty
parent
89181ea9fd
commit
91f6c6941a
@ -0,0 +1,57 @@
|
||||
Designers
|
||||
---------
|
||||
|
||||
- **Chacha20:** Daniel J. Bernstein.
|
||||
- **Poly1305:** Daniel J. Bernstein.
|
||||
- **Blake2:** Jean-Philippe Aumasson, Christian Winnerlein, Samuel Neves,
|
||||
and Zooko Wilcox-O'Hearn
|
||||
- **Argon2:** Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich
|
||||
- **X25519:** Daniel J. Bernstein
|
||||
- **EdDSA:** Daniel J. Bernstein, Bo-Yin Yang, Niels Duif, Peter
|
||||
Schwabe, and Tanja Lange
|
||||
|
||||
Implementors
|
||||
------------
|
||||
|
||||
- **Chacha20:** Loup Vaillant, implemented from spec.
|
||||
- **Poly1305:** Loup Vaillant, implemented from spec.
|
||||
- **Blake2b:** Loup Vaillant, implemented from spec.
|
||||
- **Argon2i:** Loup Vaillant, implemented from spec.
|
||||
- **X25519:** Daniel J. Bernstein, taken and packaged from SUPERCOP
|
||||
ref10.
|
||||
- **EdDSA:** Loup Vaillant, with bits and pieces from SUPERCOP ref10.
|
||||
|
||||
Test suite
|
||||
----------
|
||||
|
||||
Designed and implemented by Loup Vaillant, using _libsodium_ (by many
|
||||
authors), and _ed25519-donna_ (by Andrew Moon —floodyberry).
|
||||
|
||||
Manual
|
||||
------
|
||||
|
||||
Loup Vaillant, Fabio Scotoni, and Michael Savage.
|
||||
|
||||
- Loup Vaillant did a first draft.
|
||||
- Fabio Scotoni rewrote the manual into proper man pages (and
|
||||
substantially changed it in the process).
|
||||
- Michael Savage did extensive editing and proofreading.
|
||||
|
||||
Thanks
|
||||
------
|
||||
|
||||
Fabio Scotoni provided much needed advice about testing, interface,
|
||||
packaging, and the general direction of the whole project. He also
|
||||
redesigned monocypher.org style sheets.
|
||||
|
||||
Mike Pechkin and André Maroneze found bugs in earlier versions of
|
||||
Monocypher.
|
||||
|
||||
Andrew Moon clarified carry propagation in modular arithmetic, and
|
||||
provided advice and code that significantly simplified and improved
|
||||
Elligator2 mappings.
|
||||
|
||||
Mike Hamburg explained comb algorithms, including the signed
|
||||
all-bits-set comb described in his 2012 paper, Fast and compact
|
||||
elliptic-curve cryptography. This made EdDSA signatures over twice as
|
||||
fast.
|
@ -0,0 +1,4 @@
|
||||
add_files(
|
||||
monocypher.h
|
||||
monocypher.c
|
||||
)
|
@ -0,0 +1,173 @@
|
||||
Monocypher as a whole is dual-licensed. Choose whichever licence you
|
||||
want from the two licences listed below.
|
||||
|
||||
The first licence is a regular 2-clause BSD licence. The second licence
|
||||
is the CC-0 from Creative Commons. It is intended to release Monocypher
|
||||
to the public domain. The BSD licence serves as a fallback option.
|
||||
|
||||
See the individual files for specific information about who contributed
|
||||
to what file during which years. See below for special notes.
|
||||
|
||||
Licence 1 (2-clause BSD)
|
||||
------------------------
|
||||
|
||||
Copyright (c) 2017-2020, Loup Vaillant
|
||||
Copyright (c) 2017-2019, Michael Savage
|
||||
Copyright (c) 2017-2020, Fabio Scotoni
|
||||
All rights reserved.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions are
|
||||
met:
|
||||
|
||||
1. Redistributions of source code must retain the above copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the
|
||||
distribution.
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
|
||||
|
||||
Licence 2 (CC-0)
|
||||
----------------
|
||||
|
||||
> CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE
|
||||
> LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN
|
||||
> ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS
|
||||
> INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES
|
||||
> REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS
|
||||
> PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM
|
||||
> THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED
|
||||
> HEREUNDER.
|
||||
|
||||
### Statement of Purpose
|
||||
|
||||
The laws of most jurisdictions throughout the world automatically confer
|
||||
exclusive Copyright and Related Rights (defined below) upon the creator
|
||||
and subsequent owner(s) (each and all, an "owner") of an original work
|
||||
of authorship and/or a database (each, a "Work").
|
||||
|
||||
Certain owners wish to permanently relinquish those rights to a Work for
|
||||
the purpose of contributing to a commons of creative, cultural and
|
||||
scientific works ("Commons") that the public can reliably and without
|
||||
fear of later claims of infringement build upon, modify, incorporate in
|
||||
other works, reuse and redistribute as freely as possible in any form
|
||||
whatsoever and for any purposes, including without limitation commercial
|
||||
purposes. These owners may contribute to the Commons to promote the
|
||||
ideal of a free culture and the further production of creative, cultural
|
||||
and scientific works, or to gain reputation or greater distribution for
|
||||
their Work in part through the use and efforts of others.
|
||||
|
||||
For these and/or other purposes and motivations, and without any
|
||||
expectation of additional consideration or compensation, the person
|
||||
associating CC0 with a Work (the "Affirmer"), to the extent that he or
|
||||
she is an owner of Copyright and Related Rights in the Work, voluntarily
|
||||
elects to apply CC0 to the Work and publicly distribute the Work under
|
||||
its terms, with knowledge of his or her Copyright and Related Rights in
|
||||
the Work and the meaning and intended legal effect of CC0 on those
|
||||
rights.
|
||||
|
||||
1. **Copyright and Related Rights.** A Work made available under CC0 may
|
||||
be protected by copyright and related or neighboring rights
|
||||
("Copyright and Related Rights"). Copyright and Related Rights
|
||||
include, but are not limited to, the following:
|
||||
|
||||
- the right to reproduce, adapt, distribute, perform, display,
|
||||
communicate, and translate a Work;
|
||||
- moral rights retained by the original author(s) and/or
|
||||
performer(s); publicity and privacy rights pertaining to a person's
|
||||
image or likeness depicted in a Work;
|
||||
- rights protecting against unfair competition in regards to a Work,
|
||||
subject to the limitations in paragraph 4(a), below;
|
||||
- rights protecting the extraction, dissemination, use and reuse of
|
||||
data in a Work;
|
||||
- database rights (such as those arising under Directive 96/9/EC of
|
||||
the European Parliament and of the Council of 11 March 1996 on the
|
||||
legal protection of databases, and under any national
|
||||
implementation thereof, including any amended or successor version
|
||||
of such directive); and
|
||||
- other similar, equivalent or corresponding rights throughout the
|
||||
world based on applicable law or treaty, and any national
|
||||
implementations thereof.
|
||||
|
||||
2. **Waiver.** To the greatest extent permitted by, but not in
|
||||
contravention of, applicable law, Affirmer hereby overtly, fully,
|
||||
permanently, irrevocably and unconditionally waives, abandons, and
|
||||
surrenders all of Affirmer's Copyright and Related Rights and
|
||||
associated claims and causes of action, whether now known or unknown
|
||||
(including existing as well as future claims and causes of action),
|
||||
in the Work (i) in all territories worldwide, (ii) for the maximum
|
||||
duration provided by applicable law or treaty (including future time
|
||||
extensions), (iii) in any current or future medium and for any number
|
||||
of copies, and (iv) for any purpose whatsoever, including without
|
||||
limitation commercial, advertising or promotional purposes (the
|
||||
"Waiver"). Affirmer makes the Waiver for the benefit of each member
|
||||
of the public at large and to the detriment of Affirmer's heirs and
|
||||
successors, fully intending that such Waiver shall not be subject to
|
||||
revocation, rescission, cancellation, termination, or any other legal
|
||||
or equitable action to disrupt the quiet enjoyment of the Work by the
|
||||
public as contemplated by Affirmer's express Statement of Purpose.
|
||||
|
||||
3. **Public License Fallback.** Should any part of the Waiver for any
|
||||
reason be judged legally invalid or ineffective under applicable law,
|
||||
then the Waiver shall be preserved to the maximum extent permitted
|
||||
taking into account Affirmer's express Statement of Purpose. In
|
||||
addition, to the extent the Waiver is so judged Affirmer hereby
|
||||
grants to each affected person a royalty-free, non transferable, non
|
||||
sublicensable, non exclusive, irrevocable and unconditional license
|
||||
to exercise Affirmer's Copyright and Related Rights in the Work (i)
|
||||
in all territories worldwide, (ii) for the maximum duration provided
|
||||
by applicable law or treaty (including future time extensions), (iii)
|
||||
in any current or future medium and for any number of copies, and
|
||||
(iv) for any purpose whatsoever, including without limitation
|
||||
commercial, advertising or promotional purposes (the "License"). The
|
||||
License shall be deemed effective as of the date CC0 was applied by
|
||||
Affirmer to the Work. Should any part of the License for any reason
|
||||
be judged legally invalid or ineffective under applicable law, such
|
||||
partial invalidity or ineffectiveness shall not invalidate the
|
||||
remainder of the License, and in such case Affirmer hereby affirms
|
||||
that he or she will not (i) exercise any of his or her remaining
|
||||
Copyright and Related Rights in the Work or (ii) assert any
|
||||
associated claims and causes of action with respect to the Work, in
|
||||
either case contrary to Affirmer's express Statement of Purpose.
|
||||
|
||||
4. **Limitations and Disclaimers.**
|
||||
|
||||
- No trademark or patent rights held by Affirmer are waived,
|
||||
abandoned, surrendered, licensed or otherwise affected by this
|
||||
document.
|
||||
- Affirmer offers the Work as-is and makes no representations or
|
||||
warranties of any kind concerning the Work, express, implied,
|
||||
statutory or otherwise, including without limitation warranties of
|
||||
title, merchantability, fitness for a particular purpose, non
|
||||
infringement, or the absence of latent or other defects, accuracy,
|
||||
or the present or absence of errors, whether or not discoverable,
|
||||
all to the greatest extent permissible under applicable law.
|
||||
- Affirmer disclaims responsibility for clearing rights of other
|
||||
persons that may apply to the Work or any use thereof, including
|
||||
without limitation any person's Copyright and Related Rights in the
|
||||
Work. Further, Affirmer disclaims responsibility for obtaining any
|
||||
necessary consents, permissions or other rights required for any
|
||||
use of the Work.
|
||||
- Affirmer understands and acknowledges that Creative Commons is not
|
||||
a party to this document and has no duty or obligation with respect
|
||||
to this CC0 or use of the Work.
|
||||
|
||||
Special notes
|
||||
-------------
|
||||
|
||||
The files in `tests/externals/` were placed in the public domain by
|
||||
their respective authors. See the `AUTHORS.md` files in each directory.
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,382 @@
|
||||
// Monocypher version 3.1.2
|
||||
//
|
||||
// This file is dual-licensed. Choose whichever licence you want from
|
||||
// the two licences listed below.
|
||||
//
|
||||
// The first licence is a regular 2-clause BSD licence. The second licence
|
||||
// is the CC-0 from Creative Commons. It is intended to release Monocypher
|
||||
// to the public domain. The BSD licence serves as a fallback option.
|
||||
//
|
||||
// SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0
|
||||
//
|
||||
// ------------------------------------------------------------------------
|
||||
//
|
||||
// Copyright (c) 2017-2019, Loup Vaillant
|
||||
// All rights reserved.
|
||||
//
|
||||
//
|
||||
// Redistribution and use in source and binary forms, with or without
|
||||
// modification, are permitted provided that the following conditions are
|
||||
// met:
|
||||
//
|
||||
// 1. Redistributions of source code must retain the above copyright
|
||||
// notice, this list of conditions and the following disclaimer.
|
||||
//
|
||||
// 2. Redistributions in binary form must reproduce the above copyright
|
||||
// notice, this list of conditions and the following disclaimer in the
|
||||
// documentation and/or other materials provided with the
|
||||
// distribution.
|
||||
//
|
||||
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
||||
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
||||
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
//
|
||||
// ------------------------------------------------------------------------
|
||||
//
|
||||
// Written in 2017-2019 by Loup Vaillant
|
||||
//
|
||||
// To the extent possible under law, the author(s) have dedicated all copyright
|
||||
// and related neighboring rights to this software to the public domain
|
||||
// worldwide. This software is distributed without any warranty.
|
||||
//
|
||||
// You should have received a copy of the CC0 Public Domain Dedication along
|
||||
// with this software. If not, see
|
||||
// <https://creativecommons.org/publicdomain/zero/1.0/>
|
||||
|
||||
#ifndef MONOCYPHER_H
|
||||
#define MONOCYPHER_H
|
||||
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
////////////////////////
|
||||
/// Type definitions ///
|
||||
////////////////////////
|
||||
|
||||
// Vtable for EdDSA with a custom hash.
|
||||
// Instantiate it to define a custom hash.
|
||||
// Its size, contents, and layout, are part of the public API.
|
||||
typedef struct {
|
||||
void (*hash)(uint8_t hash[64], const uint8_t *message, size_t message_size);
|
||||
void (*init )(void *ctx);
|
||||
void (*update)(void *ctx, const uint8_t *message, size_t message_size);
|
||||
void (*final )(void *ctx, uint8_t hash[64]);
|
||||
size_t ctx_size;
|
||||
} crypto_sign_vtable;
|
||||
|
||||
// Do not rely on the size or contents of any of the types below,
|
||||
// they may change without notice.
|
||||
|
||||
// Poly1305
|
||||
typedef struct {
|
||||
uint32_t r[4]; // constant multiplier (from the secret key)
|
||||
uint32_t h[5]; // accumulated hash
|
||||
uint32_t c[5]; // chunk of the message
|
||||
uint32_t pad[4]; // random number added at the end (from the secret key)
|
||||
size_t c_idx; // How many bytes are there in the chunk.
|
||||
} crypto_poly1305_ctx;
|
||||
|
||||
// Hash (Blake2b)
|
||||
typedef struct {
|
||||
uint64_t hash[8];
|
||||
uint64_t input_offset[2];
|
||||
uint64_t input[16];
|
||||
size_t input_idx;
|
||||
size_t hash_size;
|
||||
} crypto_blake2b_ctx;
|
||||
|
||||
// Signatures (EdDSA)
|
||||
typedef struct {
|
||||
const crypto_sign_vtable *hash;
|
||||
uint8_t buf[96];
|
||||
uint8_t pk [32];
|
||||
} crypto_sign_ctx_abstract;
|
||||
typedef crypto_sign_ctx_abstract crypto_check_ctx_abstract;
|
||||
|
||||
typedef struct {
|
||||
crypto_sign_ctx_abstract ctx;
|
||||
crypto_blake2b_ctx hash;
|
||||
} crypto_sign_ctx;
|
||||
typedef crypto_sign_ctx crypto_check_ctx;
|
||||
|
||||
////////////////////////////
|
||||
/// High level interface ///
|
||||
////////////////////////////
|
||||
|
||||
// Constant time comparisons
|
||||
// -------------------------
|
||||
|
||||
// Return 0 if a and b are equal, -1 otherwise
|
||||
int crypto_verify16(const uint8_t a[16], const uint8_t b[16]);
|
||||
int crypto_verify32(const uint8_t a[32], const uint8_t b[32]);
|
||||
int crypto_verify64(const uint8_t a[64], const uint8_t b[64]);
|
||||
|
||||
// Erase sensitive data
|
||||
// --------------------
|
||||
|
||||
// Please erase all copies
|
||||
void crypto_wipe(void *secret, size_t size);
|
||||
|
||||
|
||||
// Authenticated encryption
|
||||
// ------------------------
|
||||
void crypto_lock(uint8_t mac[16],
|
||||
uint8_t *cipher_text,
|
||||
const uint8_t key[32],
|
||||
const uint8_t nonce[24],
|
||||
const uint8_t *plain_text, size_t text_size);
|
||||
int crypto_unlock(uint8_t *plain_text,
|
||||
const uint8_t key[32],
|
||||
const uint8_t nonce[24],
|
||||
const uint8_t mac[16],
|
||||
const uint8_t *cipher_text, size_t text_size);
|
||||
|
||||
// With additional data
|
||||
void crypto_lock_aead(uint8_t mac[16],
|
||||
uint8_t *cipher_text,
|
||||
const uint8_t key[32],
|
||||
const uint8_t nonce[24],
|
||||
const uint8_t *ad , size_t ad_size,
|
||||
const uint8_t *plain_text, size_t text_size);
|
||||
int crypto_unlock_aead(uint8_t *plain_text,
|
||||
const uint8_t key[32],
|
||||
const uint8_t nonce[24],
|
||||
const uint8_t mac[16],
|
||||
const uint8_t *ad , size_t ad_size,
|
||||
const uint8_t *cipher_text, size_t text_size);
|
||||
|
||||
|
||||
// General purpose hash (Blake2b)
|
||||
// ------------------------------
|
||||
|
||||
// Direct interface
|
||||
void crypto_blake2b(uint8_t hash[64],
|
||||
const uint8_t *message, size_t message_size);
|
||||
|
||||
void crypto_blake2b_general(uint8_t *hash , size_t hash_size,
|
||||
const uint8_t *key , size_t key_size, // optional
|
||||
const uint8_t *message, size_t message_size);
|
||||
|
||||
// Incremental interface
|
||||
void crypto_blake2b_init (crypto_blake2b_ctx *ctx);
|
||||
void crypto_blake2b_update(crypto_blake2b_ctx *ctx,
|
||||
const uint8_t *message, size_t message_size);
|
||||
void crypto_blake2b_final (crypto_blake2b_ctx *ctx, uint8_t *hash);
|
||||
|
||||
void crypto_blake2b_general_init(crypto_blake2b_ctx *ctx, size_t hash_size,
|
||||
const uint8_t *key, size_t key_size);
|
||||
|
||||
// vtable for signatures
|
||||
extern const crypto_sign_vtable crypto_blake2b_vtable;
|
||||
|
||||
|
||||
// Password key derivation (Argon2 i)
|
||||
// ----------------------------------
|
||||
void crypto_argon2i(uint8_t *hash, uint32_t hash_size, // >= 4
|
||||
void *work_area, uint32_t nb_blocks, // >= 8
|
||||
uint32_t nb_iterations, // >= 3
|
||||
const uint8_t *password, uint32_t password_size,
|
||||
const uint8_t *salt, uint32_t salt_size); // >= 8
|
||||
|
||||
void crypto_argon2i_general(uint8_t *hash, uint32_t hash_size,// >= 4
|
||||
void *work_area, uint32_t nb_blocks,// >= 8
|
||||
uint32_t nb_iterations, // >= 3
|
||||
const uint8_t *password, uint32_t password_size,
|
||||
const uint8_t *salt, uint32_t salt_size,// >= 8
|
||||
const uint8_t *key, uint32_t key_size,
|
||||
const uint8_t *ad, uint32_t ad_size);
|
||||
|
||||
|
||||
// Key exchange (x25519 + HChacha20)
|
||||
// ---------------------------------
|
||||
#define crypto_key_exchange_public_key crypto_x25519_public_key
|
||||
void crypto_key_exchange(uint8_t shared_key [32],
|
||||
const uint8_t your_secret_key [32],
|
||||
const uint8_t their_public_key[32]);
|
||||
|
||||
|
||||
// Signatures (EdDSA with curve25519 + Blake2b)
|
||||
// --------------------------------------------
|
||||
|
||||
// Generate public key
|
||||
void crypto_sign_public_key(uint8_t public_key[32],
|
||||
const uint8_t secret_key[32]);
|
||||
|
||||
// Direct interface
|
||||
void crypto_sign(uint8_t signature [64],
|
||||
const uint8_t secret_key[32],
|
||||
const uint8_t public_key[32], // optional, may be 0
|
||||
const uint8_t *message, size_t message_size);
|
||||
int crypto_check(const uint8_t signature [64],
|
||||
const uint8_t public_key[32],
|
||||
const uint8_t *message, size_t message_size);
|
||||
|
||||
////////////////////////////
|
||||
/// Low level primitives ///
|
||||
////////////////////////////
|
||||
|
||||
// For experts only. You have been warned.
|
||||
|
||||
// Chacha20
|
||||
// --------
|
||||
|
||||
// Specialised hash.
|
||||
// Used to hash X25519 shared secrets.
|
||||
void crypto_hchacha20(uint8_t out[32],
|
||||
const uint8_t key[32],
|
||||
const uint8_t in [16]);
|
||||
|
||||
// Unauthenticated stream cipher.
|
||||
// Don't forget to add authentication.
|
||||
void crypto_chacha20(uint8_t *cipher_text,
|
||||
const uint8_t *plain_text,
|
||||
size_t text_size,
|
||||
const uint8_t key[32],
|
||||
const uint8_t nonce[8]);
|
||||
void crypto_xchacha20(uint8_t *cipher_text,
|
||||
const uint8_t *plain_text,
|
||||
size_t text_size,
|
||||
const uint8_t key[32],
|
||||
const uint8_t nonce[24]);
|
||||
void crypto_ietf_chacha20(uint8_t *cipher_text,
|
||||
const uint8_t *plain_text,
|
||||
size_t text_size,
|
||||
const uint8_t key[32],
|
||||
const uint8_t nonce[12]);
|
||||
uint64_t crypto_chacha20_ctr(uint8_t *cipher_text,
|
||||
const uint8_t *plain_text,
|
||||
size_t text_size,
|
||||
const uint8_t key[32],
|
||||
const uint8_t nonce[8],
|
||||
uint64_t ctr);
|
||||
uint64_t crypto_xchacha20_ctr(uint8_t *cipher_text,
|
||||
const uint8_t *plain_text,
|
||||
size_t text_size,
|
||||
const uint8_t key[32],
|
||||
const uint8_t nonce[24],
|
||||
uint64_t ctr);
|
||||
uint32_t crypto_ietf_chacha20_ctr(uint8_t *cipher_text,
|
||||
const uint8_t *plain_text,
|
||||
size_t text_size,
|
||||
const uint8_t key[32],
|
||||
const uint8_t nonce[12],
|
||||
uint32_t ctr);
|
||||
|
||||
// Poly 1305
|
||||
// ---------
|
||||
|
||||
// This is a *one time* authenticator.
|
||||
// Disclosing the mac reveals the key.
|
||||
// See crypto_lock() on how to use it properly.
|
||||
|
||||
// Direct interface
|
||||
void crypto_poly1305(uint8_t mac[16],
|
||||
const uint8_t *message, size_t message_size,
|
||||
const uint8_t key[32]);
|
||||
|
||||
// Incremental interface
|
||||
void crypto_poly1305_init (crypto_poly1305_ctx *ctx, const uint8_t key[32]);
|
||||
void crypto_poly1305_update(crypto_poly1305_ctx *ctx,
|
||||
const uint8_t *message, size_t message_size);
|
||||
void crypto_poly1305_final (crypto_poly1305_ctx *ctx, uint8_t mac[16]);
|
||||
|
||||
|
||||
// X-25519
|
||||
// -------
|
||||
|
||||
// Shared secrets are not quite random.
|
||||
// Hash them to derive an actual shared key.
|
||||
void crypto_x25519_public_key(uint8_t public_key[32],
|
||||
const uint8_t secret_key[32]);
|
||||
void crypto_x25519(uint8_t raw_shared_secret[32],
|
||||
const uint8_t your_secret_key [32],
|
||||
const uint8_t their_public_key [32]);
|
||||
|
||||
// "Dirty" versions of x25519_public_key()
|
||||
// Only use to generate ephemeral keys you want to hide.
|
||||
// Note that those functions leaks 3 bits of the private key.
|
||||
void crypto_x25519_dirty_small(uint8_t pk[32], const uint8_t sk[32]);
|
||||
void crypto_x25519_dirty_fast (uint8_t pk[32], const uint8_t sk[32]);
|
||||
|
||||
// scalar "division"
|
||||
// Used for OPRF. Be aware that exponential blinding is less secure
|
||||
// than Diffie-Hellman key exchange.
|
||||
void crypto_x25519_inverse(uint8_t blind_salt [32],
|
||||
const uint8_t private_key[32],
|
||||
const uint8_t curve_point[32]);
|
||||
|
||||
|
||||
// EdDSA to X25519
|
||||
// ---------------
|
||||
void crypto_from_eddsa_private(uint8_t x25519[32], const uint8_t eddsa[32]);
|
||||
void crypto_from_eddsa_public (uint8_t x25519[32], const uint8_t eddsa[32]);
|
||||
|
||||
|
||||
// EdDSA -- Incremental interface
|
||||
// ------------------------------
|
||||
|
||||
// Signing (2 passes)
|
||||
// Make sure the two passes hash the same message,
|
||||
// else you might reveal the private key.
|
||||
void crypto_sign_init_first_pass(crypto_sign_ctx_abstract *ctx,
|
||||
const uint8_t secret_key[32],
|
||||
const uint8_t public_key[32]);
|
||||
void crypto_sign_update(crypto_sign_ctx_abstract *ctx,
|
||||
const uint8_t *message, size_t message_size);
|
||||
void crypto_sign_init_second_pass(crypto_sign_ctx_abstract *ctx);
|
||||
// use crypto_sign_update() again.
|
||||
void crypto_sign_final(crypto_sign_ctx_abstract *ctx, uint8_t signature[64]);
|
||||
|
||||
// Verification (1 pass)
|
||||
// Make sure you don't use (parts of) the message
|
||||
// before you're done checking it.
|
||||
void crypto_check_init (crypto_check_ctx_abstract *ctx,
|
||||
const uint8_t signature[64],
|
||||
const uint8_t public_key[32]);
|
||||
void crypto_check_update(crypto_check_ctx_abstract *ctx,
|
||||
const uint8_t *message, size_t message_size);
|
||||
int crypto_check_final (crypto_check_ctx_abstract *ctx);
|
||||
|
||||
// Custom hash interface
|
||||
void crypto_sign_public_key_custom_hash(uint8_t public_key[32],
|
||||
const uint8_t secret_key[32],
|
||||
const crypto_sign_vtable *hash);
|
||||
void crypto_sign_init_first_pass_custom_hash(crypto_sign_ctx_abstract *ctx,
|
||||
const uint8_t secret_key[32],
|
||||
const uint8_t public_key[32],
|
||||
const crypto_sign_vtable *hash);
|
||||
void crypto_check_init_custom_hash(crypto_check_ctx_abstract *ctx,
|
||||
const uint8_t signature[64],
|
||||
const uint8_t public_key[32],
|
||||
const crypto_sign_vtable *hash);
|
||||
|
||||
// Elligator 2
|
||||
// -----------
|
||||
|
||||
// Elligator mappings proper
|
||||
void crypto_hidden_to_curve(uint8_t curve [32], const uint8_t hidden[32]);
|
||||
int crypto_curve_to_hidden(uint8_t hidden[32], const uint8_t curve [32],
|
||||
uint8_t tweak);
|
||||
|
||||
// Easy to use key pair generation
|
||||
void crypto_hidden_key_pair(uint8_t hidden[32], uint8_t secret_key[32],
|
||||
uint8_t seed[32]);
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif // MONOCYPHER_H
|
Loading…
Reference in New Issue