From d55fc85ff57bde79eaa5aaf51df8ab12a489e26a Mon Sep 17 00:00:00 2001 From: iphydf Date: Sun, 4 Feb 2024 23:22:00 +0000 Subject: [PATCH] docs: Add more documentation to crypto_core. --- third_party/cmp | 2 +- toxcore/DHT.h | 13 ----- toxcore/crypto_core.c | 75 ++++++++++++------------ toxcore/crypto_core.h | 132 ++++++++++++++++++++++++++++-------------- 4 files changed, 127 insertions(+), 95 deletions(-) diff --git a/third_party/cmp b/third_party/cmp index cc67a0eab0..643e6a62d4 160000 --- a/third_party/cmp +++ b/third_party/cmp @@ -1 +1 @@ -Subproject commit cc67a0eab0a7579dcb12ce1072066275d49787bf +Subproject commit 643e6a62d4eb0ec2277de269cda33da02cba2756 diff --git a/toxcore/DHT.h b/toxcore/DHT.h index 602e2af6b2..19a9e1d937 100644 --- a/toxcore/DHT.h +++ b/toxcore/DHT.h @@ -23,19 +23,6 @@ extern "C" { #endif -/* Encryption and signature keys definition */ -#define ENC_PUBLIC_KEY_SIZE CRYPTO_PUBLIC_KEY_SIZE -#define ENC_SECRET_KEY_SIZE CRYPTO_SECRET_KEY_SIZE -#define SIG_PUBLIC_KEY_SIZE CRYPTO_SIGN_PUBLIC_KEY_SIZE -#define SIG_SECRET_KEY_SIZE CRYPTO_SIGN_SECRET_KEY_SIZE - -/* Size of the group chat_id */ -#define CHAT_ID_SIZE SIG_PUBLIC_KEY_SIZE - -/* Extended keys for group chats */ -#define EXT_SECRET_KEY_SIZE (ENC_SECRET_KEY_SIZE + SIG_SECRET_KEY_SIZE) -#define EXT_PUBLIC_KEY_SIZE (ENC_PUBLIC_KEY_SIZE + SIG_PUBLIC_KEY_SIZE) - /* Maximum size of a signature (may be smaller) */ #define SIGNATURE_SIZE CRYPTO_SIGNATURE_SIZE /** Maximum number of clients stored per friend. */ diff --git a/toxcore/crypto_core.c b/toxcore/crypto_core.c index c6c774979d..543cbbf085 100644 --- a/toxcore/crypto_core.c +++ b/toxcore/crypto_core.c @@ -1,13 +1,8 @@ /* SPDX-License-Identifier: GPL-3.0-or-later - * Copyright © 2016-2018 The TokTok team. + * Copyright © 2016-2024 The TokTok team. * Copyright © 2013 Tox project. */ -/** - * Functions for the core crypto. - * - * NOTE: This code has to be perfect. We don't mess around with encryption. - */ #include "crypto_core.h" #include @@ -20,14 +15,6 @@ #include "ccompat.h" #include "util.h" -#ifndef crypto_box_MACBYTES -#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES) -#endif /* crypto_box_MACBYTES */ - -// Need dht because of ENC_SECRET_KEY_SIZE and ENC_PUBLIC_KEY_SIZE -#define ENC_PUBLIC_KEY_SIZE CRYPTO_PUBLIC_KEY_SIZE -#define ENC_SECRET_KEY_SIZE CRYPTO_SECRET_KEY_SIZE - static_assert(CRYPTO_PUBLIC_KEY_SIZE == crypto_box_PUBLICKEYBYTES, "CRYPTO_PUBLIC_KEY_SIZE should be equal to crypto_box_PUBLICKEYBYTES"); static_assert(CRYPTO_SECRET_KEY_SIZE == crypto_box_SECRETKEYBYTES, @@ -58,7 +45,7 @@ static_assert(CRYPTO_SIGN_PUBLIC_KEY_SIZE == crypto_sign_PUBLICKEYBYTES, static_assert(CRYPTO_SIGN_SECRET_KEY_SIZE == crypto_sign_SECRETKEYBYTES, "CRYPTO_SIGN_SECRET_KEY_SIZE should be equal to crypto_sign_SECRETKEYBYTES"); -bool create_extended_keypair(uint8_t *pk, uint8_t *sk) +bool create_extended_keypair(uint8_t pk[EXT_PUBLIC_KEY_SIZE], uint8_t sk[EXT_SECRET_KEY_SIZE]) { /* create signature key pair */ crypto_sign_keypair(pk + ENC_PUBLIC_KEY_SIZE, sk + ENC_SECRET_KEY_SIZE); @@ -165,7 +152,7 @@ void pk_copy(uint8_t dest[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t src[CRYPTO_PUBL memcpy(dest, src, CRYPTO_PUBLIC_KEY_SIZE); } -bool crypto_sha512_eq(const uint8_t *cksum1, const uint8_t *cksum2) +bool crypto_sha512_eq(const uint8_t cksum1[CRYPTO_SHA512_SIZE], const uint8_t cksum2[CRYPTO_SHA512_SIZE]) { #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) // Hope that this is better for the fuzzer @@ -175,7 +162,7 @@ bool crypto_sha512_eq(const uint8_t *cksum1, const uint8_t *cksum2) #endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ } -bool crypto_sha256_eq(const uint8_t *cksum1, const uint8_t *cksum2) +bool crypto_sha256_eq(const uint8_t cksum1[CRYPTO_SHA256_SIZE], const uint8_t cksum2[CRYPTO_SHA256_SIZE]) { #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION // Hope that this is better for the fuzzer @@ -218,26 +205,29 @@ uint32_t random_range_u32(const Random *rng, uint32_t upper_bound) return rng->funcs->random_uniform(rng->obj, upper_bound); } -bool crypto_signature_create(uint8_t *signature, const uint8_t *message, uint64_t message_length, - const uint8_t *secret_key) +bool crypto_signature_create(uint8_t signature[CRYPTO_SIGNATURE_SIZE], + const uint8_t *message, uint64_t message_length, + const uint8_t secret_key[SIG_SECRET_KEY_SIZE]) { return crypto_sign_detached(signature, nullptr, message, message_length, secret_key) == 0; } -bool crypto_signature_verify(const uint8_t *signature, const uint8_t *message, uint64_t message_length, - const uint8_t *public_key) +bool crypto_signature_verify(const uint8_t signature[CRYPTO_SIGNATURE_SIZE], + const uint8_t *message, uint64_t message_length, + const uint8_t public_key[SIG_PUBLIC_KEY_SIZE]) { return crypto_sign_verify_detached(signature, message, message_length, public_key) == 0; } -bool public_key_valid(const uint8_t *public_key) +bool public_key_valid(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE]) { /* Last bit of key is always zero. */ return public_key[31] < 128; } -int32_t encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key, - uint8_t *shared_key) +int32_t encrypt_precompute(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE], + uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE]) { #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION memcpy(shared_key, public_key, CRYPTO_SHARED_KEY_SIZE); @@ -247,7 +237,8 @@ int32_t encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key, #endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ } -int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce, +int32_t encrypt_data_symmetric(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE], + const uint8_t nonce[CRYPTO_NONCE_SIZE], const uint8_t *plain, size_t length, uint8_t *encrypted) { if (length == 0 || shared_key == nullptr || nonce == nullptr || plain == nullptr || encrypted == nullptr) { @@ -299,7 +290,8 @@ int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce, return (int32_t)(length + crypto_box_MACBYTES); } -int32_t decrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce, +int32_t decrypt_data_symmetric(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE], + const uint8_t nonce[CRYPTO_NONCE_SIZE], const uint8_t *encrypted, size_t length, uint8_t *plain) { if (length <= crypto_box_BOXZEROBYTES || shared_key == nullptr || nonce == nullptr || encrypted == nullptr @@ -350,7 +342,9 @@ int32_t decrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce, return (int32_t)(length - crypto_box_MACBYTES); } -int32_t encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, +int32_t encrypt_data(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE], + const uint8_t nonce[CRYPTO_NONCE_SIZE], const uint8_t *plain, size_t length, uint8_t *encrypted) { if (public_key == nullptr || secret_key == nullptr) { @@ -364,7 +358,9 @@ int32_t encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const return ret; } -int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, +int32_t decrypt_data(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE], + const uint8_t nonce[CRYPTO_NONCE_SIZE], const uint8_t *encrypted, size_t length, uint8_t *plain) { if (public_key == nullptr || secret_key == nullptr) { @@ -378,7 +374,7 @@ int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const return ret; } -void increment_nonce(uint8_t *nonce) +void increment_nonce(uint8_t nonce[CRYPTO_NONCE_SIZE]) { /* TODO(irungentoo): use `increment_nonce_number(nonce, 1)` or * sodium_increment (change to little endian). @@ -397,7 +393,7 @@ void increment_nonce(uint8_t *nonce) } } -void increment_nonce_number(uint8_t *nonce, uint32_t increment) +void increment_nonce_number(uint8_t nonce[CRYPTO_NONCE_SIZE], uint32_t increment) { /* NOTE don't use breaks inside this loop * In particular, make sure, as far as possible, @@ -419,17 +415,19 @@ void increment_nonce_number(uint8_t *nonce, uint32_t increment) } } -void random_nonce(const Random *rng, uint8_t *nonce) +void random_nonce(const Random *rng, uint8_t nonce[CRYPTO_NONCE_SIZE]) { random_bytes(rng, nonce, crypto_box_NONCEBYTES); } -void new_symmetric_key(const Random *rng, uint8_t *key) +void new_symmetric_key(const Random *rng, uint8_t key[CRYPTO_SYMMETRIC_KEY_SIZE]) { random_bytes(rng, key, CRYPTO_SYMMETRIC_KEY_SIZE); } -int32_t crypto_new_keypair(const Random *rng, uint8_t *public_key, uint8_t *secret_key) +int32_t crypto_new_keypair(const Random *rng, + uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE]) { random_bytes(rng, secret_key, CRYPTO_SECRET_KEY_SIZE); memzero(public_key, CRYPTO_PUBLIC_KEY_SIZE); // Make MSAN happy @@ -437,7 +435,8 @@ int32_t crypto_new_keypair(const Random *rng, uint8_t *public_key, uint8_t *secr return 0; } -void crypto_derive_public_key(uint8_t *public_key, const uint8_t *secret_key) +void crypto_derive_public_key(uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE]) { crypto_scalarmult_curve25519_base(public_key, secret_key); } @@ -447,8 +446,8 @@ void new_hmac_key(const Random *rng, uint8_t key[CRYPTO_HMAC_KEY_SIZE]) random_bytes(rng, key, CRYPTO_HMAC_KEY_SIZE); } -void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE], const uint8_t *data, - size_t length) +void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE], + const uint8_t *data, size_t length) { #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION memcpy(auth, key, 16); @@ -468,7 +467,7 @@ bool crypto_hmac_verify(const uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[ #endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ } -void crypto_sha256(uint8_t *hash, const uint8_t *data, size_t length) +void crypto_sha256(uint8_t hash[CRYPTO_SHA256_SIZE], const uint8_t *data, size_t length) { #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION memzero(hash, CRYPTO_SHA256_SIZE); @@ -478,7 +477,7 @@ void crypto_sha256(uint8_t *hash, const uint8_t *data, size_t length) #endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */ } -void crypto_sha512(uint8_t *hash, const uint8_t *data, size_t length) +void crypto_sha512(uint8_t hash[CRYPTO_SHA512_SIZE], const uint8_t *data, size_t length) { #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION memzero(hash, CRYPTO_SHA512_SIZE); diff --git a/toxcore/crypto_core.h b/toxcore/crypto_core.h index 8dbc37b3f7..5eaf2bc855 100644 --- a/toxcore/crypto_core.h +++ b/toxcore/crypto_core.h @@ -1,10 +1,12 @@ /* SPDX-License-Identifier: GPL-3.0-or-later - * Copyright © 2016-2018 The TokTok team. + * Copyright © 2016-2024 The TokTok team. * Copyright © 2013 Tox project. */ /** @file * @brief Functions for the core crypto. + * + * @note This code has to be perfect. We don't mess around with encryption. */ #ifndef C_TOXCORE_TOXCORE_CRYPTO_CORE_H #define C_TOXCORE_TOXCORE_CRYPTO_CORE_H @@ -20,17 +22,17 @@ extern "C" { #endif /** - * The number of bytes in a signature. + * @brief The number of bytes in a signature. */ #define CRYPTO_SIGNATURE_SIZE 64 /** - * The number of bytes in a Tox public key used for signatures. + * @brief The number of bytes in a Tox public key used for signatures. */ #define CRYPTO_SIGN_PUBLIC_KEY_SIZE 32 /** - * The number of bytes in a Tox secret key used for signatures. + * @brief The number of bytes in a Tox secret key used for signatures. */ #define CRYPTO_SIGN_SECRET_KEY_SIZE 64 @@ -75,19 +77,42 @@ extern "C" { */ #define CRYPTO_SHA512_SIZE 64 +/** @brief Fill a byte array with random bytes. + * + * This is the key generator callback and as such must be a cryptographically + * secure pseudo-random number generator (CSPRNG). The security of Tox heavily + * depends on the security of this RNG. + */ typedef void crypto_random_bytes_cb(void *obj, uint8_t *bytes, size_t length); + +/** @brief Generate a random integer between 0 and @p upper_bound. + * + * Should produce a uniform random distribution, but Tox security does not + * depend on this being correct. In principle, it could even be a non-CSPRNG. + */ typedef uint32_t crypto_random_uniform_cb(void *obj, uint32_t upper_bound); +/** @brief Virtual function table for Random. */ typedef struct Random_Funcs { crypto_random_bytes_cb *random_bytes; crypto_random_uniform_cb *random_uniform; } Random_Funcs; +/** @brief Random number generator object. + * + * Can be used by test code and fuzzers to make toxcore behave in specific + * well-defined (non-random) ways. Production code ought to use libsodium's + * CSPRNG and use `os_random` below. + */ typedef struct Random { const Random_Funcs *funcs; void *obj; } Random; +/** @brief System random number generator. + * + * Uses libsodium's CSPRNG (on Linux, `/dev/urandom`). + */ const Random *os_random(void); /** @@ -147,25 +172,29 @@ void crypto_memzero(void *data, size_t length); /** * @brief Compute a SHA256 hash (32 bytes). + * + * @param[out] hash The SHA256 hash of @p data will be written to this byte array. */ non_null() -void crypto_sha256(uint8_t *hash, const uint8_t *data, size_t length); +void crypto_sha256(uint8_t hash[CRYPTO_SHA256_SIZE], const uint8_t *data, size_t length); /** * @brief Compute a SHA512 hash (64 bytes). + * + * @param[out] hash The SHA512 hash of @p data will be written to this byte array. */ non_null() -void crypto_sha512(uint8_t *hash, const uint8_t *data, size_t length); +void crypto_sha512(uint8_t hash[CRYPTO_SHA512_SIZE], const uint8_t *data, size_t length); /** * @brief Compute an HMAC authenticator (32 bytes). * - * @param auth Resulting authenticator. + * @param[out] auth Resulting authenticator. * @param key Secret key, as generated by `new_hmac_key()`. */ non_null() -void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE], const uint8_t *data, - size_t length); +void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE], + const uint8_t *data, size_t length); /** * @brief Verify an HMAC authenticator. @@ -176,7 +205,7 @@ bool crypto_hmac_verify(const uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[ /** * @brief Compare 2 public keys of length @ref CRYPTO_PUBLIC_KEY_SIZE, not vulnerable to - * timing attacks. + * timing attacks. * * @retval true if both mem locations of length are equal * @retval false if they are not @@ -192,21 +221,21 @@ void pk_copy(uint8_t dest[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t src[CRYPTO_PUBL /** * @brief Compare 2 SHA512 checksums of length CRYPTO_SHA512_SIZE, not vulnerable to - * timing attacks. + * timing attacks. * * @return true if both mem locations of length are equal, false if they are not. */ non_null() -bool crypto_sha512_eq(const uint8_t *cksum1, const uint8_t *cksum2); +bool crypto_sha512_eq(const uint8_t cksum1[CRYPTO_SHA512_SIZE], const uint8_t cksum2[CRYPTO_SHA512_SIZE]); /** * @brief Compare 2 SHA256 checksums of length CRYPTO_SHA256_SIZE, not vulnerable to - * timing attacks. + * timing attacks. * * @return true if both mem locations of length are equal, false if they are not. */ non_null() -bool crypto_sha256_eq(const uint8_t *cksum1, const uint8_t *cksum2); +bool crypto_sha256_eq(const uint8_t cksum1[CRYPTO_SHA256_SIZE], const uint8_t cksum2[CRYPTO_SHA256_SIZE]); /** * @brief Return a random 8 bit integer. @@ -240,10 +269,11 @@ uint64_t random_u64(const Random *rng); non_null() uint32_t random_range_u32(const Random *rng, uint32_t upper_bound); -/** @brief Cryptographically signs a message using the supplied secret key and puts the resulting signature - * in the supplied buffer. +/** + * @brief Cryptographically signs a message using the supplied secret key and puts the resulting signature + * in the supplied buffer. * - * @param signature The buffer for the resulting signature, which must have room for at + * @param[out] signature The buffer for the resulting signature, which must have room for at * least CRYPTO_SIGNATURE_SIZE bytes. * @param message The message being signed. * @param message_length The length in bytes of the message being signed. @@ -253,8 +283,9 @@ uint32_t random_range_u32(const Random *rng, uint32_t upper_bound); * @retval true on success. */ non_null() -bool crypto_signature_create(uint8_t *signature, const uint8_t *message, uint64_t message_length, - const uint8_t *secret_key); +bool crypto_signature_create(uint8_t signature[CRYPTO_SIGNATURE_SIZE], + const uint8_t *message, uint64_t message_length, + const uint8_t secret_key[SIG_SECRET_KEY_SIZE]); /** @brief Verifies that the given signature was produced by a given message and public key. * @@ -267,14 +298,15 @@ bool crypto_signature_create(uint8_t *signature, const uint8_t *message, uint64_ * @retval true on success. */ non_null() -bool crypto_signature_verify(const uint8_t *signature, const uint8_t *message, uint64_t message_length, - const uint8_t *public_key); +bool crypto_signature_verify(const uint8_t signature[CRYPTO_SIGNATURE_SIZE], + const uint8_t *message, uint64_t message_length, + const uint8_t public_key[SIG_PUBLIC_KEY_SIZE]); /** * @brief Fill the given nonce with random bytes. */ non_null() -void random_nonce(const Random *rng, uint8_t *nonce); +void random_nonce(const Random *rng, uint8_t nonce[CRYPTO_NONCE_SIZE]); /** * @brief Fill an array of bytes with random values. @@ -290,18 +322,22 @@ void random_bytes(const Random *rng, uint8_t *bytes, size_t length); * @return false if it isn't, true if it is. */ non_null() -bool public_key_valid(const uint8_t *public_key); +bool public_key_valid(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE]); -/** @brief Creates an extended keypair: curve25519 and ed25519 for encryption and signing +/** + * @brief Creates an extended keypair: curve25519 and ed25519 for encryption and signing * respectively. The Encryption keys are derived from the signature keys. * - * @param pk The buffer where the public key will be stored. Must have room for EXT_PUBLIC_KEY_SIZE bytes. - * @param sk The buffer where the secret key will be stored. Must have room for EXT_SECRET_KEY_SIZE bytes. + * NOTE: This does *not* use Random, so any code using this will not be fuzzable. + * TODO: Make it use Random. + * + * @param[out] pk The buffer where the public key will be stored. Must have room for EXT_PUBLIC_KEY_SIZE bytes. + * @param[out] sk The buffer where the secret key will be stored. Must have room for EXT_SECRET_KEY_SIZE bytes. * * @retval true on success. */ non_null() -bool create_extended_keypair(uint8_t *pk, uint8_t *sk); +bool create_extended_keypair(uint8_t pk[EXT_PUBLIC_KEY_SIZE], uint8_t sk[EXT_SECRET_KEY_SIZE]); /** Functions for groupchat extended keys */ non_null() const uint8_t *get_enc_key(const uint8_t *key); @@ -316,13 +352,16 @@ non_null() const uint8_t *get_chat_id(const uint8_t *key); * Every call to this function is likely to generate a different keypair. */ non_null() -int32_t crypto_new_keypair(const Random *rng, uint8_t *public_key, uint8_t *secret_key); +int32_t crypto_new_keypair(const Random *rng, + uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE]); /** * @brief Derive the public key from a given secret key. */ non_null() -void crypto_derive_public_key(uint8_t *public_key, const uint8_t *secret_key); +void crypto_derive_public_key(uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE]); /** * @brief Encrypt message to send from secret key to public key. @@ -336,8 +375,10 @@ void crypto_derive_public_key(uint8_t *public_key, const uint8_t *secret_key); * @return length of encrypted data if everything was fine. */ non_null() -int32_t encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *plain, - size_t length, uint8_t *encrypted); +int32_t encrypt_data(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE], + const uint8_t nonce[CRYPTO_NONCE_SIZE], + const uint8_t *plain, size_t length, uint8_t *encrypted); /** * @brief Decrypt message from public key to secret key. @@ -351,7 +392,9 @@ int32_t encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const * @return length of plain text data if everything was fine. */ non_null() -int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, +int32_t decrypt_data(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE], + const uint8_t nonce[CRYPTO_NONCE_SIZE], const uint8_t *encrypted, size_t length, uint8_t *plain); /** @@ -362,21 +405,24 @@ int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const * encrypt/decrypt. */ non_null() -int32_t encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key, uint8_t *shared_key); +int32_t encrypt_precompute(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE], + const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE], + uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE]); /** * @brief Encrypt message with precomputed shared key. * * Encrypts plain of length length to encrypted of length + @ref CRYPTO_MAC_SIZE - * using a shared key @ref CRYPTO_SYMMETRIC_KEY_SIZE big and a @ref CRYPTO_NONCE_SIZE + * using a shared key @ref CRYPTO_SHARED_KEY_SIZE big and a @ref CRYPTO_NONCE_SIZE * byte nonce. * * @retval -1 if there was a problem. * @return length of encrypted data if everything was fine. */ non_null() -int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce, const uint8_t *plain, size_t length, - uint8_t *encrypted); +int32_t encrypt_data_symmetric(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE], + const uint8_t nonce[CRYPTO_NONCE_SIZE], + const uint8_t *plain, size_t length, uint8_t *encrypted); /** * @brief Decrypt message with precomputed shared key. @@ -389,15 +435,15 @@ int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce, * @return length of plain data if everything was fine. */ non_null() -int32_t decrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce, const uint8_t *encrypted, size_t length, - uint8_t *plain); +int32_t decrypt_data_symmetric(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE], + const uint8_t nonce[CRYPTO_NONCE_SIZE], + const uint8_t *encrypted, size_t length, uint8_t *plain); /** - * @brief Increment the given nonce by 1 in big endian (rightmost byte incremented - * first). + * @brief Increment the given nonce by 1 in big endian (rightmost byte incremented first). */ non_null() -void increment_nonce(uint8_t *nonce); +void increment_nonce(uint8_t nonce[CRYPTO_NONCE_SIZE]); /** * @brief Increment the given nonce by a given number. @@ -405,13 +451,13 @@ void increment_nonce(uint8_t *nonce); * The number should be in host byte order. */ non_null() -void increment_nonce_number(uint8_t *nonce, uint32_t increment); +void increment_nonce_number(uint8_t nonce[CRYPTO_NONCE_SIZE], uint32_t increment); /** * @brief Fill a key @ref CRYPTO_SYMMETRIC_KEY_SIZE big with random bytes. */ non_null() -void new_symmetric_key(const Random *rng, uint8_t *key); +void new_symmetric_key(const Random *rng, uint8_t key[CRYPTO_SYMMETRIC_KEY_SIZE]); /** * @brief Locks `length` bytes of memory pointed to by `data`.