72 lines
2.3 KiB
C
72 lines
2.3 KiB
C
#include "./p2prng.h"
|
|
|
|
#include <sodium.h>
|
|
|
|
#include <assert.h>
|
|
|
|
static_assert(P2PRNG_MAC_KEY_LEN == crypto_auth_KEYBYTES, "key sizes differ");
|
|
static_assert(P2PRNG_MAC_LEN == crypto_auth_BYTES, "mac sizes differ");
|
|
|
|
static_assert(P2PRNG_MAC_KEY_LEN == P2PRNG_LEN, "key not 256");
|
|
static_assert(P2PRNG_MAC_LEN == P2PRNG_LEN, "mac not 256");
|
|
|
|
static_assert(P2PRNG_COMBINE_LEN == P2PRNG_LEN, "combine not 256");
|
|
|
|
int p2prng_auth_create(uint8_t out_key[P2PRNG_MAC_KEY_LEN], uint8_t out_mac[P2PRNG_MAC_LEN], const uint8_t* msg, uint32_t msg_len) {
|
|
// could replace with randombytes_buf() to avoid key size check
|
|
crypto_auth_keygen(out_key);
|
|
|
|
return crypto_auth(out_mac, msg, msg_len, out_key);
|
|
}
|
|
|
|
int p2prng_auth_verify(const uint8_t key[P2PRNG_MAC_KEY_LEN], const uint8_t mac[P2PRNG_MAC_LEN], const uint8_t* msg, uint32_t msg_len) {
|
|
return crypto_auth_verify(mac, msg, msg_len, key);
|
|
}
|
|
|
|
|
|
int p2prng_combine_init(uint8_t out_hash[P2PRNG_COMBINE_LEN], const uint8_t* msg, uint32_t msg_len) {
|
|
return crypto_generichash(out_hash, P2PRNG_COMBINE_LEN, msg, msg_len, NULL, 0);
|
|
}
|
|
|
|
int p2prng_combine_update(uint8_t out_hash[P2PRNG_COMBINE_LEN], const uint8_t prev_hash[P2PRNG_COMBINE_LEN], const uint8_t* msg, uint32_t msg_len) {
|
|
// either combine msg and hash, or use streaming interface
|
|
|
|
/*alignas(64)*/ crypto_generichash_state state;
|
|
|
|
// TODO: we could use the first part as key here, should be functionally identical
|
|
// or we hardcode a custom key here, mostly for vanity
|
|
int res = crypto_generichash_init(&state, NULL, 0, P2PRNG_COMBINE_LEN);
|
|
if (res != 0) {
|
|
return res;
|
|
}
|
|
|
|
// H(msg || Hprev)
|
|
|
|
// first msg
|
|
res = crypto_generichash_update(&state, msg, msg_len);
|
|
if (res != 0) {
|
|
return res;
|
|
}
|
|
|
|
// then hash from prev round
|
|
res = crypto_generichash_update(&state, prev_hash, P2PRNG_COMBINE_LEN);
|
|
if (res != 0) {
|
|
return res;
|
|
}
|
|
|
|
return crypto_generichash_final(&state, out_hash, P2PRNG_COMBINE_LEN);
|
|
}
|
|
|
|
int p2prng_gen_and_auth(uint8_t out_rng[P2PRNG_LEN], uint8_t out_key[P2PRNG_MAC_KEY_LEN], uint8_t out_mac[P2PRNG_MAC_LEN], const uint8_t* is, uint32_t is_len) {
|
|
// generate a (hopefully) cryptogrpahiclly random number
|
|
randombytes_buf(out_rng, P2PRNG_LEN);
|
|
|
|
// combine IS into rng
|
|
int res = p2prng_combine_update(out_rng, out_rng, is, is_len);
|
|
if (res != 0) {
|
|
return res;
|
|
}
|
|
|
|
return p2prng_auth_create(out_key, out_mac, out_rng, P2PRNG_LEN);
|
|
}
|