1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
/*
* (C) 2019 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#include <botan/sodium.h>
#include <botan/secmem.h>
namespace Botan {
int Sodium::crypto_box_curve25519xsalsa20poly1305_seed_keypair(uint8_t pk[32],
uint8_t sk[32],
const uint8_t seed[32])
{
secure_vector<uint8_t> digest(64);
crypto_hash_sha512(digest.data(), seed, 32);
copy_mem(sk, digest.data(), 32);
return crypto_scalarmult_curve25519_base(pk, sk);
}
int Sodium::crypto_box_curve25519xsalsa20poly1305_keypair(uint8_t pk[32],
uint8_t sk[32])
{
randombytes_buf(sk, 32);
return crypto_scalarmult_curve25519_base(pk, sk);
}
int Sodium::crypto_box_curve25519xsalsa20poly1305_beforenm(uint8_t key[],
const uint8_t pk[32],
const uint8_t sk[32])
{
const uint8_t zero[16] = { 0 };
secure_vector<uint8_t> shared(32);
if(crypto_scalarmult_curve25519(shared.data(), sk, pk) != 0)
return -1;
return crypto_core_hsalsa20(key, zero, shared.data(), nullptr);
}
int Sodium::crypto_box_curve25519xsalsa20poly1305(uint8_t ctext[],
const uint8_t ptext[],
size_t ptext_len,
const uint8_t nonce[],
const uint8_t pk[32],
const uint8_t sk[32])
{
secure_vector<uint8_t> shared(32);
if(crypto_box_curve25519xsalsa20poly1305_beforenm(shared.data(), pk, sk) != 0)
return -1;
return crypto_box_curve25519xsalsa20poly1305_afternm(ctext, ptext, ptext_len, nonce, shared.data());
}
int Sodium::crypto_box_curve25519xsalsa20poly1305_open(uint8_t ptext[],
const uint8_t ctext[],
size_t ctext_len,
const uint8_t nonce[],
const uint8_t pk[32],
const uint8_t sk[32])
{
secure_vector<uint8_t> shared(32);
if(crypto_box_curve25519xsalsa20poly1305_beforenm(shared.data(), pk, sk) != 0)
return -1;
return crypto_box_curve25519xsalsa20poly1305_open_afternm(ptext, ctext, ctext_len, nonce, shared.data());
}
int Sodium::crypto_box_detached(uint8_t ctext[], uint8_t mac[],
const uint8_t ptext[], size_t ptext_len,
const uint8_t nonce[], const uint8_t pk[32],
const uint8_t sk[32])
{
secure_vector<uint8_t> shared(32);
if(crypto_box_beforenm(shared.data(), pk, sk) != 0)
return -1;
return crypto_box_detached_afternm(ctext, mac, ptext, ptext_len, nonce, shared.data());
}
int Sodium::crypto_box_open_detached(uint8_t ptext[], const uint8_t ctext[],
const uint8_t mac[],
size_t ctext_len,
const uint8_t nonce[],
const uint8_t pk[32],
const uint8_t sk[32])
{
secure_vector<uint8_t> shared(32);
if(crypto_box_beforenm(shared.data(), pk, sk) != 0)
return -1;
return crypto_box_open_detached_afternm(ptext, ctext, mac, ctext_len, nonce, shared.data());
}
}
|
