1 #include <string.h> 2 3 #include "crypto_box_curve25519xsalsa20poly1305.h" 4 #include "crypto_core_hsalsa20.h" 5 #include "crypto_hash_sha512.h" 6 #include "crypto_scalarmult_curve25519.h" 7 #include "crypto_secretbox_xsalsa20poly1305.h" 8 #include "randombytes.h" 9 #include "utils.h" 10 11 int 12 crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk, 13 unsigned char *sk, 14 const unsigned char *seed) 15 { 16 unsigned char hash[64]; 17 18 crypto_hash_sha512(hash, seed, 32); 19 memcpy(sk, hash, 32); 20 sodium_memzero(hash, sizeof hash); 21 22 return crypto_scalarmult_curve25519_base(pk, sk); 23 } 24 25 int 26 crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *pk, 27 unsigned char *sk) 28 { 29 randombytes_buf(sk, 32); 30 31 return crypto_scalarmult_curve25519_base(pk, sk); 32 } 33 34 int 35 crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *k, 36 const unsigned char *pk, 37 const unsigned char *sk) 38 { 39 static const unsigned char zero[16] = { 0 }; 40 unsigned char s[32]; 41 42 if (crypto_scalarmult_curve25519(s, sk, pk) != 0) { 43 return -1; 44 } 45 return crypto_core_hsalsa20(k, zero, s, NULL); 46 } 47 48 int 49 crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *c, 50 const unsigned char *m, 51 unsigned long long mlen, 52 const unsigned char *n, 53 const unsigned char *k) 54 { 55 return crypto_secretbox_xsalsa20poly1305(c, m, mlen, n, k); 56 } 57 58 int 59 crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *m, 60 const unsigned char *c, 61 unsigned long long clen, 62 const unsigned char *n, 63 const unsigned char *k) 64 { 65 return crypto_secretbox_xsalsa20poly1305_open(m, c, clen, n, k); 66 } 67 68 int 69 crypto_box_curve25519xsalsa20poly1305(unsigned char *c, const unsigned char *m, 70 unsigned long long mlen, 71 const unsigned char *n, 72 const unsigned char *pk, 73 const unsigned char *sk) 74 { 75 unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; 76 int ret; 77 78 if (crypto_box_curve25519xsalsa20poly1305_beforenm(k, pk, sk) != 0) { 79 return -1; 80 } 81 ret = crypto_box_curve25519xsalsa20poly1305_afternm(c, m, mlen, n, k); 82 sodium_memzero(k, sizeof k); 83 84 return ret; 85 } 86 87 int 88 crypto_box_curve25519xsalsa20poly1305_open( 89 unsigned char *m, const unsigned char *c, unsigned long long clen, 90 const unsigned char *n, const unsigned char *pk, const unsigned char *sk) 91 { 92 unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; 93 int ret; 94 95 if (crypto_box_curve25519xsalsa20poly1305_beforenm(k, pk, sk) != 0) { 96 return -1; 97 } 98 ret = crypto_box_curve25519xsalsa20poly1305_open_afternm(m, c, clen, n, k); 99 sodium_memzero(k, sizeof k); 100 101 return ret; 102 } 103 104 size_t 105 crypto_box_curve25519xsalsa20poly1305_seedbytes(void) 106 { 107 return crypto_box_curve25519xsalsa20poly1305_SEEDBYTES; 108 } 109 110 size_t 111 crypto_box_curve25519xsalsa20poly1305_publickeybytes(void) 112 { 113 return crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES; 114 } 115 116 size_t 117 crypto_box_curve25519xsalsa20poly1305_secretkeybytes(void) 118 { 119 return crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES; 120 } 121 122 size_t 123 crypto_box_curve25519xsalsa20poly1305_beforenmbytes(void) 124 { 125 return crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES; 126 } 127 128 size_t 129 crypto_box_curve25519xsalsa20poly1305_noncebytes(void) 130 { 131 return crypto_box_curve25519xsalsa20poly1305_NONCEBYTES; 132 } 133 134 size_t 135 crypto_box_curve25519xsalsa20poly1305_zerobytes(void) 136 { 137 return crypto_box_curve25519xsalsa20poly1305_ZEROBYTES; 138 } 139 140 size_t 141 crypto_box_curve25519xsalsa20poly1305_boxzerobytes(void) 142 { 143 return crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES; 144 } 145 146 size_t 147 crypto_box_curve25519xsalsa20poly1305_macbytes(void) 148 { 149 return crypto_box_curve25519xsalsa20poly1305_MACBYTES; 150 } 151 152 size_t 153 crypto_box_curve25519xsalsa20poly1305_messagebytes_max(void) 154 { 155 return crypto_box_curve25519xsalsa20poly1305_MESSAGEBYTES_MAX; 156 } 157