Botan 3.3.0
Crypto and TLS for C&
sodium_box.cpp
Go to the documentation of this file.
1/*
2* (C) 2019 Jack Lloyd
3*
4* Botan is released under the Simplified BSD License (see license.txt)
5*/
6
7#include <botan/sodium.h>
8
9#include <botan/mem_ops.h>
10#include <botan/secmem.h>
11
12namespace Botan {
13
14int Sodium::crypto_box_curve25519xsalsa20poly1305_seed_keypair(uint8_t pk[32], uint8_t sk[32], const uint8_t seed[32]) {
15 secure_vector<uint8_t> digest(64);
16 crypto_hash_sha512(digest.data(), seed, 32);
17 copy_mem(sk, digest.data(), 32);
19}
20
21int Sodium::crypto_box_curve25519xsalsa20poly1305_keypair(uint8_t pk[32], uint8_t sk[32]) {
22 randombytes_buf(sk, 32);
24}
25
26int Sodium::crypto_box_curve25519xsalsa20poly1305_beforenm(uint8_t key[], const uint8_t pk[32], const uint8_t sk[32]) {
27 const uint8_t zero[16] = {0};
28 secure_vector<uint8_t> shared(32);
29
30 if(crypto_scalarmult_curve25519(shared.data(), sk, pk) != 0) {
31 return -1;
32 }
33
34 return crypto_core_hsalsa20(key, zero, shared.data(), nullptr);
35}
36
38 const uint8_t ptext[],
39 size_t ptext_len,
40 const uint8_t nonce[],
41 const uint8_t pk[32],
42 const uint8_t sk[32]) {
43 secure_vector<uint8_t> shared(32);
44
45 if(crypto_box_curve25519xsalsa20poly1305_beforenm(shared.data(), pk, sk) != 0) {
46 return -1;
47 }
48
49 return crypto_box_curve25519xsalsa20poly1305_afternm(ctext, ptext, ptext_len, nonce, shared.data());
50}
51
53 const uint8_t ctext[],
54 size_t ctext_len,
55 const uint8_t nonce[],
56 const uint8_t pk[32],
57 const uint8_t sk[32]) {
58 secure_vector<uint8_t> shared(32);
59
60 if(crypto_box_curve25519xsalsa20poly1305_beforenm(shared.data(), pk, sk) != 0) {
61 return -1;
62 }
63
64 return crypto_box_curve25519xsalsa20poly1305_open_afternm(ptext, ctext, ctext_len, nonce, shared.data());
65}
66
67int Sodium::crypto_box_detached(uint8_t ctext[],
68 uint8_t mac[],
69 const uint8_t ptext[],
70 size_t ptext_len,
71 const uint8_t nonce[],
72 const uint8_t pk[32],
73 const uint8_t sk[32]) {
74 secure_vector<uint8_t> shared(32);
75
76 if(crypto_box_beforenm(shared.data(), pk, sk) != 0) {
77 return -1;
78 }
79
80 return crypto_box_detached_afternm(ctext, mac, ptext, ptext_len, nonce, shared.data());
81}
82
84 const uint8_t ctext[],
85 const uint8_t mac[],
86 size_t ctext_len,
87 const uint8_t nonce[],
88 const uint8_t pk[32],
89 const uint8_t sk[32]) {
90 secure_vector<uint8_t> shared(32);
91
92 if(crypto_box_beforenm(shared.data(), pk, sk) != 0) {
93 return -1;
94 }
95
96 return crypto_box_open_detached_afternm(ptext, ctext, mac, ctext_len, nonce, shared.data());
97}
98
99} // namespace Botan
int crypto_box_curve25519xsalsa20poly1305_seed_keypair(uint8_t pk[32], uint8_t sk[32], const uint8_t seed[32])
int crypto_box_curve25519xsalsa20poly1305_beforenm(uint8_t key[], const uint8_t pk[32], const uint8_t sk[32])
int crypto_box_curve25519xsalsa20poly1305_open_afternm(uint8_t ptext[], const uint8_t ctext[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium.h:640
int crypto_box_curve25519xsalsa20poly1305_keypair(uint8_t pk[32], uint8_t sk[32])
int crypto_box_open_detached(uint8_t ptext[], const uint8_t ctext[], const uint8_t mac[], size_t ctext_len, const uint8_t nonce[], const uint8_t pk[32], const uint8_t sk[32])
int crypto_box_curve25519xsalsa20poly1305_open(uint8_t ptext[], const uint8_t ctext[], size_t ctext_len, const uint8_t nonce[], const uint8_t pk[32], const uint8_t sk[32])
int crypto_box_open_detached_afternm(uint8_t ptext[], const uint8_t ctext[], const uint8_t mac[], size_t ctext_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium.h:742
int crypto_box_detached(uint8_t ctext[], uint8_t mac[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t pk[32], const uint8_t sk[32])
int crypto_hash_sha512(uint8_t out[64], const uint8_t in[], size_t in_len)
int crypto_scalarmult_curve25519(uint8_t out[32], const uint8_t scalar[32], const uint8_t basepoint[32])
int crypto_box_curve25519xsalsa20poly1305(uint8_t ctext[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t pk[32], const uint8_t sk[32])
int crypto_box_beforenm(uint8_t key[], const uint8_t pk[32], const uint8_t sk[32])
Definition sodium.h:728
int crypto_scalarmult_curve25519_base(uint8_t out[32], const uint8_t scalar[32])
int crypto_core_hsalsa20(uint8_t out[], const uint8_t in[], const uint8_t key[], const uint8_t c[])
int crypto_box_curve25519xsalsa20poly1305_afternm(uint8_t ctext[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium.h:635
int crypto_box_detached_afternm(uint8_t ctext[], uint8_t mac[], const uint8_t ptext[], size_t ptext_len, const uint8_t nonce[], const uint8_t key[])
Definition sodium.h:761
void randombytes_buf(void *buf, size_t size)
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:61
constexpr void copy_mem(T *out, const T *in, size_t n)
Definition mem_ops.h:146