Tha_14/tomato-testing
1
0
Fork 0
forked from Green-Sky/tomato
Code Pull Requests Actions Packages Releases Activity

Squashed 'external/toxcore/c-toxcore/' changes from e2c01e457b..b03b571272

Browse Source 
b03b571272 fix: flaky tcp test This only fixes the symptoms, not the real problem. Sometimes or consistently on some platforms a socket might need a moment before it can be written to.
32e67ab4c2 cleanup: use typedef for private message ID's in callback
7b1db6adc1 feat: add message IDs to private group messages
99e0bcc27d refactor: Observers/ignored peers can now send and receive custom packets
b3c3c49d26 fix: Disable IPv6 in Windows cross-compilation tests
e742deddff feat: Check hashes of Windows dependencies when cross-compiling
dfb9a0b02b fix: Test the current Windows Dockerfile, not an old Dockerhub image
14de93ccec chore: Use WineHQ's Wine as Debian Bookworm's crashes
ed37616249 docs: Update the Windows cross-compilation section
9bb79c174f cleanup: Remove a couple of unnecessary misc_tools dependencies
19475adb70 chore: Statically link OpenMP into the cracker fun util on Windows
1be311e51f feat: Build the fun utils when cross-compiling to Windows
88133f8446 chore: Strip Windows binaries
3cc0ae7535 refactor: Copy over all of the required static dependencies
c4fa8f7fb1 feat: Generate .def, .exp and .lib files when building for Windows
74bbac5363 feat: Let CMake create the dll instead of doing so ourselves
246642e9ae feat: Harden Windows cross-compilation
8d431c0d11 chore: Bump Windows build dependency versions
e519f7998b fix: Remove unnecessary wsock32 dependency on Windows
ed2b60c217 chore: Use a specific non-broken slimcc version.
d7f21010a1 chore: Update github actions.
e71a68b7f2 docs: Update the list of CMake options
77e08876ff chore: Remove mod and founder from group API naming scheme
12bc042767 docs: add the experimental api build option to INSTALL.md
e1fa5cae96 refactor: Rename Queries to Query to align with other enums.
be82a3ea30 fix: Correct type for conference offline peer numbers.
0627c36716 test: Add pkgsrc build.
92578afe4b test: Add FreeBSD VM action on GitHub.
52ece0f57b test: Build toxcore on NetBSD (VM).
3fe8ee2c11 chore: Only install tox_private.h on request.
9a8dfa06ab fix: save_compatibility_test failing on big-endian systems
86f5e55578 fix: Don't serve files from websockify.
710eb674a5 fix: Correctly pass extended public keys to group moderation code.
021db7031c refactor: Use `struct`s for extended public/secret keys.
a1e999fd80 chore: Compile libsodium reference implementation with compcert.
fbe3c19cf5 cleanup: correct a few nullable annotations
623e3ee5c3 cleanup: Don't use `memcpy` to cast arbitrary `struct`s to `uint8_t[]`.
c71567dc18 fix: Pass array, not array pointer, to `memcmp`.
9b46a08144 cleanup: Never pass `void*` directly to `memcpy`.
5d7b7a7bbc refactor: Use tox rng to seed the keypair generation.
961891d568 cleanup: Small improvements found by PVS Studio.
8201019f0d chore: Disable NGC saving by default, enable through Tox_Options.
5dd9ee3f65 cleanup: Replace pointer arithmetic with explicit `&arr[i]`.
ca4606d49d refactor: Use strong typedef for NGC peer id.
442213b722 cleanup: Simplify custom packet length check in NGC.
08d3393def fix: Correct a few potential null derefs in bootstrap daemon.
b9877b32b0 fix: Add missing memunlock of local variable when it goes out of scope.
dab5fe44b9 fix: Zero out stack-allocated secret key before return.
f058103299 refactor: Make prune_gc_sanctions_list more obviously correct.
3ba7a0dec9 docs: Add static analysis tool list to README.
8d0811a0f3 docs: Run prettier-markdown on markdown files.
969e3a2bfc refactor: Fix network test not using the strong typedef
93c83fbc7c refactor: Use strong typedef instead of struct for `Socket`.
9fe18b176f fix: Fix some false positive from PVS Studio.
7c44379ccb cleanup: Check that WINXP macro exists before comparing it.
5c93231bef refactor: Make tox mutex non-recursive.
aacff73939 docs: Fix up doxyfile.
d55fc85ff5 docs: Add more documentation to crypto_core.
5bdaaaedb6 refactor: Remove `Tox *` from `tox_dispatch`.
e202341e76 refactor: Don't rely on tox_dispatch passing tox in tests.
34df938f52 chore: Use C++ mode for clang-tidy.
8b05296a78 chore: Check that both gtest and gmock exist for tests.
42010660e1 test: Add slimcc compiler compatibility test.
b473630321 chore: Add some comments to the astyle config.
b7404f24f6 cleanup: Remove implicit bool conversions.
4e2dba4d9f chore: Reformat sources with astyle.
4359e3a6bc chore: Rename C++ headers to .hh suffixes.
0c05566e58 cleanup: Further `#include` cleanups.
8d29935b7a chore: Only check the bootstrap daemon checksum on release.
f70e588bc6 cleanup: Add more `const` where possible.
511bfe39c8 cleanup: Use Bazel modules to enforce proper `#include` hygiene.
1710a0d091 refactor: Move pack/unpack `IP_Port` from DHT into network module.
a975943564 chore: Really fix coverage docker image build.
c08409390f chore: Fix post-submit coverage image.
39aadf8922 fix: Don't use `memcmp` to compare `IP_Port`s.
d94246a906 fix: partially fix a bug that prevented group part messages from sending.
eeaa039222 chore: Fix rpm build; add a CI check for it.
8328449c1a chore: Speed up docker builds a bit by reducing layer count.
d6d67d56f3 cleanup: Add `const` where possible in auto tests.
6aa9e6850d cleanup: Minor cleanup of event unpack code.
bdf460a3a9 refactor: Rename `system_{memory,...}` to `os_{memory,...}`.
203e1af81e fix: a few off by one errors in group autotests
5c093c4888 cleanup: Remove all uses of `SIZEOF_VLA`.
662c2140f3 test: Add goblint static analyser.
8f07755834 cleanup: Use `memzero(x, s)` instead of `memset(x, 0, s)`.
a7258e40cf cleanup: Use explicit 0 instead of `PACKET_ID_PADDING`.
6370d0f15d cleanup: Expand the `Tox_Options` accessor macros.
14a1a0b9bd cleanup: Remove plan9 support.
a05dccad13 test: Add a simple new/delete test for Tox.
1cdcf938b9 cleanup: Add comment after every `#endif`.
ba99d4dc4b test: Fix comment I broke in the events test PR.
e07248debb refactor: Migrate auto_tests to new events API.
bdd42b5452 refactor: Add common msgpack array packer with callback.
3c659f5288 cleanup: Rename group to conference in groupav documentation.
89957be230 cleanup: Ensure handler params are named after callback params.
c650d9d345 refactor: Pass `this` pointer as first param to s11n callbacks.
e7fb91ddb8 refactor: Allow NULL pointers for byte arrays in events.
5e2c8cabc1 cleanup: make some improvements to group moderation test
259de4867e cleanup: Remove `bin_pack_{new,free}`.
21a8ff5895 cleanup: skip a do_gc iteration before removing peers marked for deletion
16809dc36e feat: Add dht_get_nodes_response event to the events system.

git-subtree-dir: external/toxcore/c-toxcore
git-subtree-split: b03b5712720de9a9901ea12fd741f177327a7021
This commit is contained in:
Green Sky
2024-03-07 23:12:55 +01:00
parent 61accfe184
commit aae086cc65
358 changed files with 8093 additions and 5229 deletions
Download Patch File Download Diff File Expand all files Collapse all files

174
toxcore/crypto_core.c
View File

@ -1,13 +1,8 @@
/* SPDX-License-Identifier: GPL-3.0-or-later
* Copyright © 2016-2018 The TokTok team.
* Copyright © 2016-2024 The TokTok team.
* Copyright © 2013 Tox project.
*/
/**
* Functions for the core crypto.
*
* NOTE: This code has to be perfect. We don't mess around with encryption.
*/
#include "crypto_core.h"
#include <assert.h>
@ -16,15 +11,9 @@
#include <sodium.h>
#include "attributes.h"
#include "ccompat.h"
#ifndef crypto_box_MACBYTES
#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
#endif
// Need dht because of ENC_SECRET_KEY_SIZE and ENC_PUBLIC_KEY_SIZE
#define ENC_PUBLIC_KEY_SIZE CRYPTO_PUBLIC_KEY_SIZE
#define ENC_SECRET_KEY_SIZE CRYPTO_SECRET_KEY_SIZE
#include "util.h"
static_assert(CRYPTO_PUBLIC_KEY_SIZE == crypto_box_PUBLICKEYBYTES,
"CRYPTO_PUBLIC_KEY_SIZE should be equal to crypto_box_PUBLICKEYBYTES");
@ -56,43 +45,46 @@ static_assert(CRYPTO_SIGN_PUBLIC_KEY_SIZE == crypto_sign_PUBLICKEYBYTES,
static_assert(CRYPTO_SIGN_SECRET_KEY_SIZE == crypto_sign_SECRETKEYBYTES,
"CRYPTO_SIGN_SECRET_KEY_SIZE should be equal to crypto_sign_SECRETKEYBYTES");
bool create_extended_keypair(uint8_t *pk, uint8_t *sk)
bool create_extended_keypair(Extended_Public_Key *pk, Extended_Secret_Key *sk, const Random *rng)
{
/* create signature key pair */
crypto_sign_keypair(pk + ENC_PUBLIC_KEY_SIZE, sk + ENC_SECRET_KEY_SIZE);
uint8_t seed[crypto_sign_SEEDBYTES];
random_bytes(rng, seed, crypto_sign_SEEDBYTES);
crypto_sign_seed_keypair(pk->sig, sk->sig, seed);
crypto_memzero(seed, crypto_sign_SEEDBYTES);
/* convert public signature key to public encryption key */
const int res1 = crypto_sign_ed25519_pk_to_curve25519(pk, pk + ENC_PUBLIC_KEY_SIZE);
const int res1 = crypto_sign_ed25519_pk_to_curve25519(pk->enc, pk->sig);
/* convert secret signature key to secret encryption key */
const int res2 = crypto_sign_ed25519_sk_to_curve25519(sk, sk + ENC_SECRET_KEY_SIZE);
const int res2 = crypto_sign_ed25519_sk_to_curve25519(sk->enc, sk->sig);
return res1 == 0 && res2 == 0;
}
const uint8_t *get_enc_key(const uint8_t *key)
const uint8_t *get_enc_key(const Extended_Public_Key *key)
{
return key;
return key->enc;
}
const uint8_t *get_sig_pk(const uint8_t *key)
const uint8_t *get_sig_pk(const Extended_Public_Key *key)
{
return key + ENC_PUBLIC_KEY_SIZE;
return key->sig;
}
void set_sig_pk(uint8_t *key, const uint8_t *sig_pk)
void set_sig_pk(Extended_Public_Key *key, const uint8_t *sig_pk)
{
memcpy(key + ENC_PUBLIC_KEY_SIZE, sig_pk, SIG_PUBLIC_KEY_SIZE);
memcpy(key->sig, sig_pk, SIG_PUBLIC_KEY_SIZE);
}
const uint8_t *get_sig_sk(const uint8_t *key)
const uint8_t *get_sig_sk(const Extended_Secret_Key *key)
{
return key + ENC_SECRET_KEY_SIZE;
return key->sig;
}
const uint8_t *get_chat_id(const uint8_t *key)
const uint8_t *get_chat_id(const Extended_Public_Key *key)
{
return key + ENC_PUBLIC_KEY_SIZE;
return key->sig;
}
#if !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
@ -117,15 +109,15 @@ static void crypto_free(uint8_t *ptr, size_t bytes)
free(ptr);
}
#endif // !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
#endif /* !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) */
void crypto_memzero(void *data, size_t length)
{
#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
memset(data, 0, length);
memzero((uint8_t *)data, length);
#else
sodium_memzero(data, length);
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
}
bool crypto_memlock(void *data, size_t length)
@ -134,12 +126,8 @@ bool crypto_memlock(void *data, size_t length)
return false;
#else
if (sodium_mlock(data, length) != 0) {
return false;
}
return true;
#endif
return sodium_mlock(data, length) == 0;
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
}
bool crypto_memunlock(void *data, size_t length)
@ -148,12 +136,8 @@ bool crypto_memunlock(void *data, size_t length)
return false;
#else
if (sodium_munlock(data, length) != 0) {
return false;
}
return true;
#endif
return sodium_munlock(data, length) == 0;
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
}
bool pk_equal(const uint8_t pk1[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t pk2[CRYPTO_PUBLIC_KEY_SIZE])
@ -163,7 +147,7 @@ bool pk_equal(const uint8_t pk1[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t pk2[CRYPT
return memcmp(pk1, pk2, CRYPTO_PUBLIC_KEY_SIZE) == 0;
#else
return crypto_verify_32(pk1, pk2) == 0;
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
}
void pk_copy(uint8_t dest[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t src[CRYPTO_PUBLIC_KEY_SIZE])
@ -171,24 +155,24 @@ void pk_copy(uint8_t dest[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t src[CRYPTO_PUBL
memcpy(dest, src, CRYPTO_PUBLIC_KEY_SIZE);
}
bool crypto_sha512_eq(const uint8_t *cksum1, const uint8_t *cksum2)
bool crypto_sha512_eq(const uint8_t cksum1[CRYPTO_SHA512_SIZE], const uint8_t cksum2[CRYPTO_SHA512_SIZE])
{
#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
// Hope that this is better for the fuzzer
return memcmp(cksum1, cksum2, CRYPTO_SHA512_SIZE) == 0;
#else
return crypto_verify_64(cksum1, cksum2) == 0;
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
}
bool crypto_sha256_eq(const uint8_t *cksum1, const uint8_t *cksum2)
bool crypto_sha256_eq(const uint8_t cksum1[CRYPTO_SHA256_SIZE], const uint8_t cksum2[CRYPTO_SHA256_SIZE])
{
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
// Hope that this is better for the fuzzer
return memcmp(cksum1, cksum2, CRYPTO_SHA256_SIZE) == 0;
#else
return crypto_verify_32(cksum1, cksum2) == 0;
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
}
uint8_t random_u08(const Random *rng)
@ -224,36 +208,40 @@ uint32_t random_range_u32(const Random *rng, uint32_t upper_bound)
return rng->funcs->random_uniform(rng->obj, upper_bound);
}
bool crypto_signature_create(uint8_t *signature, const uint8_t *message, uint64_t message_length,
const uint8_t *secret_key)
bool crypto_signature_create(uint8_t signature[CRYPTO_SIGNATURE_SIZE],
const uint8_t *message, uint64_t message_length,
const uint8_t secret_key[SIG_SECRET_KEY_SIZE])
{
return crypto_sign_detached(signature, nullptr, message, message_length, secret_key) == 0;
}
bool crypto_signature_verify(const uint8_t *signature, const uint8_t *message, uint64_t message_length,
const uint8_t *public_key)
bool crypto_signature_verify(const uint8_t signature[CRYPTO_SIGNATURE_SIZE],
const uint8_t *message, uint64_t message_length,
const uint8_t public_key[SIG_PUBLIC_KEY_SIZE])
{
return crypto_sign_verify_detached(signature, message, message_length, public_key) == 0;
}
bool public_key_valid(const uint8_t *public_key)
bool public_key_valid(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE])
{
/* Last bit of key is always zero. */
return public_key[31] < 128;
}
int32_t encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key,
uint8_t *shared_key)
int32_t encrypt_precompute(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],
const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE],
uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE])
{
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
memcpy(shared_key, public_key, CRYPTO_SHARED_KEY_SIZE);
return 0;
#else
return crypto_box_beforenm(shared_key, public_key, secret_key);
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
}
int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce,
int32_t encrypt_data_symmetric(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE],
const uint8_t nonce[CRYPTO_NONCE_SIZE],
const uint8_t *plain, size_t length, uint8_t *encrypted)
{
if (length == 0 || shared_key == nullptr || nonce == nullptr || plain == nullptr || encrypted == nullptr) {
@ -264,7 +252,7 @@ int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce,
// Don't encrypt anything.
memcpy(encrypted, plain, length);
// Zero MAC to avoid uninitialized memory reads.
memset(encrypted + length, 0, crypto_box_MACBYTES);
memzero(encrypted + length, crypto_box_MACBYTES);
#else
const size_t size_temp_plain = length + crypto_box_ZEROBYTES;
@ -282,9 +270,9 @@ int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce,
// crypto_box_afternm requires the entire range of the output array be
// initialised with something. It doesn't matter what it's initialised with,
// so we'll pick 0x00.
memset(temp_encrypted, 0, size_temp_encrypted);
memzero(temp_encrypted, size_temp_encrypted);
memset(temp_plain, 0, crypto_box_ZEROBYTES);
memzero(temp_plain, crypto_box_ZEROBYTES);
// Pad the message with 32 0 bytes.
memcpy(temp_plain + crypto_box_ZEROBYTES, plain, length);
@ -300,12 +288,13 @@ int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce,
crypto_free(temp_plain, size_temp_plain);
crypto_free(temp_encrypted, size_temp_encrypted);
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
assert(length < INT32_MAX - crypto_box_MACBYTES);
return (int32_t)(length + crypto_box_MACBYTES);
}
int32_t decrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce,
int32_t decrypt_data_symmetric(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE],
const uint8_t nonce[CRYPTO_NONCE_SIZE],
const uint8_t *encrypted, size_t length, uint8_t *plain)
{
if (length <= crypto_box_BOXZEROBYTES || shared_key == nullptr || nonce == nullptr || encrypted == nullptr
@ -333,9 +322,9 @@ int32_t decrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce,
// crypto_box_open_afternm requires the entire range of the output array be
// initialised with something. It doesn't matter what it's initialised with,
// so we'll pick 0x00.
memset(temp_plain, 0, size_temp_plain);
memzero(temp_plain, size_temp_plain);
memset(temp_encrypted, 0, crypto_box_BOXZEROBYTES);
memzero(temp_encrypted, crypto_box_BOXZEROBYTES);
// Pad the message with 16 0 bytes.
memcpy(temp_encrypted + crypto_box_BOXZEROBYTES, encrypted, length);
@ -350,13 +339,15 @@ int32_t decrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce,
crypto_free(temp_plain, size_temp_plain);
crypto_free(temp_encrypted, size_temp_encrypted);
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
assert(length > crypto_box_MACBYTES);
assert(length < INT32_MAX);
return (int32_t)(length - crypto_box_MACBYTES);
}
int32_t encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce,
int32_t encrypt_data(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],
const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE],
const uint8_t nonce[CRYPTO_NONCE_SIZE],
const uint8_t *plain, size_t length, uint8_t *encrypted)
{
if (public_key == nullptr || secret_key == nullptr) {
@ -370,7 +361,9 @@ int32_t encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const
return ret;
}
int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce,
int32_t decrypt_data(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],
const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE],
const uint8_t nonce[CRYPTO_NONCE_SIZE],
const uint8_t *encrypted, size_t length, uint8_t *plain)
{
if (public_key == nullptr || secret_key == nullptr) {
@ -384,7 +377,7 @@ int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const
return ret;
}
void increment_nonce(uint8_t *nonce)
void increment_nonce(uint8_t nonce[CRYPTO_NONCE_SIZE])
{
/* TODO(irungentoo): use `increment_nonce_number(nonce, 1)` or
* sodium_increment (change to little endian).
@ -403,7 +396,7 @@ void increment_nonce(uint8_t *nonce)
}
}
void increment_nonce_number(uint8_t *nonce, uint32_t increment)
void increment_nonce_number(uint8_t nonce[CRYPTO_NONCE_SIZE], uint32_t increment)
{
/* NOTE don't use breaks inside this loop
* In particular, make sure, as far as possible,
@ -425,25 +418,28 @@ void increment_nonce_number(uint8_t *nonce, uint32_t increment)
}
}
void random_nonce(const Random *rng, uint8_t *nonce)
void random_nonce(const Random *rng, uint8_t nonce[CRYPTO_NONCE_SIZE])
{
random_bytes(rng, nonce, crypto_box_NONCEBYTES);
}
void new_symmetric_key(const Random *rng, uint8_t *key)
void new_symmetric_key(const Random *rng, uint8_t key[CRYPTO_SYMMETRIC_KEY_SIZE])
{
random_bytes(rng, key, CRYPTO_SYMMETRIC_KEY_SIZE);
}
int32_t crypto_new_keypair(const Random *rng, uint8_t *public_key, uint8_t *secret_key)
int32_t crypto_new_keypair(const Random *rng,
uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],
uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE])
{
random_bytes(rng, secret_key, CRYPTO_SECRET_KEY_SIZE);
memset(public_key, 0, CRYPTO_PUBLIC_KEY_SIZE); // Make MSAN happy
memzero(public_key, CRYPTO_PUBLIC_KEY_SIZE); // Make MSAN happy
crypto_derive_public_key(public_key, secret_key);
return 0;
}
void crypto_derive_public_key(uint8_t *public_key, const uint8_t *secret_key)
void crypto_derive_public_key(uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],
const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE])
{
crypto_scalarmult_curve25519_base(public_key, secret_key);
}
@ -453,15 +449,15 @@ void new_hmac_key(const Random *rng, uint8_t key[CRYPTO_HMAC_KEY_SIZE])
random_bytes(rng, key, CRYPTO_HMAC_KEY_SIZE);
}
void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE], const uint8_t *data,
size_t length)
void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE],
const uint8_t *data, size_t length)
{
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
memcpy(auth, key, 16);
memcpy(auth + 16, data, length < 16 ? length : 16);
#else
crypto_auth(auth, data, length, key);
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
}
bool crypto_hmac_verify(const uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE],
@ -471,27 +467,27 @@ bool crypto_hmac_verify(const uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[
return memcmp(auth, key, 16) == 0 && memcmp(auth + 16, data, length < 16 ? length : 16) == 0;
#else
return crypto_auth_verify(auth, data, length, key) == 0;
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
}
void crypto_sha256(uint8_t *hash, const uint8_t *data, size_t length)
void crypto_sha256(uint8_t hash[CRYPTO_SHA256_SIZE], const uint8_t *data, size_t length)
{
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
memset(hash, 0, CRYPTO_SHA256_SIZE);
memzero(hash, CRYPTO_SHA256_SIZE);
memcpy(hash, data, length < CRYPTO_SHA256_SIZE ? length : CRYPTO_SHA256_SIZE);
#else
crypto_hash_sha256(hash, data, length);
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
}
void crypto_sha512(uint8_t *hash, const uint8_t *data, size_t length)
void crypto_sha512(uint8_t hash[CRYPTO_SHA512_SIZE], const uint8_t *data, size_t length)
{
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
memset(hash, 0, CRYPTO_SHA512_SIZE);
memzero(hash, CRYPTO_SHA512_SIZE);
memcpy(hash, data, length < CRYPTO_SHA512_SIZE ? length : CRYPTO_SHA512_SIZE);
#else
crypto_hash_sha512(hash, data, length);
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
}
non_null()
@ -506,26 +502,26 @@ static uint32_t sys_random_uniform(void *obj, uint32_t upper_bound)
return randombytes_uniform(upper_bound);
}
static const Random_Funcs system_random_funcs = {
static const Random_Funcs os_random_funcs = {
sys_random_bytes,
sys_random_uniform,
};
static const Random system_random_obj = {&system_random_funcs};
static const Random os_random_obj = {&os_random_funcs};
const Random *system_random(void)
const Random *os_random(void)
{
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
if ((true)) {
return nullptr;
}
#endif
#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
// It is safe to call this function more than once and from different
// threads -- subsequent calls won't have any effects.
if (sodium_init() == -1) {
return nullptr;
}
return &system_random_obj;
return &os_random_obj;
}
void random_bytes(const Random *rng, uint8_t *bytes, size_t length)