forked from Green-Sky/tomato
Green Sky
b2ae9530a4
f1df709b87 feat: add ngc events 1b6c907235 refactor: Make event dispatch ordered by receive time. b7f9367f6f test: Upgrade cppcheck, fix some warnings. 766e62bc89 chore: Use `pkg_search_module` directly in cmake. 00ff078f91 cleanup: Use target_link_libraries directly in cmake. c58928cc89 chore: Add `IMPORTED_TARGET` to pkg-config packages. 895a6af122 cleanup: Remove NaCl support. 41dfb1c1c0 fix: unpack enum function names in event impl generator 447666d1a1 chore: Disable targets for cross-compilation. 572924e924 chore: Build a docker image with coverage info in it. 415cb78f5e cleanup: Some portability/warning fixes for Windows builds. 425216d9ec fix: Correct a use-after-free and fix some memory leaks. 4b1cfa3e08 refactor: Change all enum-like `#define` sequences into enums. d3c2704fa9 chore: Fix make_single_file to support core-only. 0ce46b644e refactor: Change the `TCP_PACKET_*` defines into an enum. 22cd38ad50 adopt event impl generation tool to #2392 f31ea1088a add the event impl generation tool 4e603bb613 refactor: Use `enum-from-int` rule from tokstyle. 19d8f180d6 chore: Update github actions `uses`. 6a895be0c7 test: Make esp32 build actually try to instantiate tox. 65d09c9bfb cleanup: Remove test net support. REVERT: e29e185c03 feat: add ngc events git-subtree-dir: external/toxcore/c-toxcore git-subtree-split: f1df709b8792da4c0e946d826b11df77d565064d
452 lines
13 KiB
C
452 lines
13 KiB
C
/* SPDX-License-Identifier: GPL-3.0-or-later
|
|
* Copyright © 2016-2018 The TokTok team.
|
|
* Copyright © 2013 Tox project.
|
|
*/
|
|
|
|
/** @file
|
|
* @brief Functions for the core crypto.
|
|
*/
|
|
#ifndef C_TOXCORE_TOXCORE_CRYPTO_CORE_H
|
|
#define C_TOXCORE_TOXCORE_CRYPTO_CORE_H
|
|
|
|
#include <stdbool.h>
|
|
#include <stddef.h>
|
|
#include <stdint.h>
|
|
|
|
#include "attributes.h"
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
/**
|
|
* The number of bytes in a signature.
|
|
*/
|
|
#define CRYPTO_SIGNATURE_SIZE 64
|
|
|
|
/**
|
|
* The number of bytes in a Tox public key used for signatures.
|
|
*/
|
|
#define CRYPTO_SIGN_PUBLIC_KEY_SIZE 32
|
|
|
|
/**
|
|
* The number of bytes in a Tox secret key used for signatures.
|
|
*/
|
|
#define CRYPTO_SIGN_SECRET_KEY_SIZE 64
|
|
|
|
/**
|
|
* @brief The number of bytes in a Tox public key used for encryption.
|
|
*/
|
|
#define CRYPTO_PUBLIC_KEY_SIZE 32
|
|
|
|
/**
|
|
* @brief The number of bytes in a Tox secret key used for encryption.
|
|
*/
|
|
#define CRYPTO_SECRET_KEY_SIZE 32
|
|
|
|
/**
|
|
* @brief The number of bytes in a shared key computed from public and secret keys.
|
|
*/
|
|
#define CRYPTO_SHARED_KEY_SIZE 32
|
|
|
|
/**
|
|
* @brief The number of bytes in a symmetric key.
|
|
*/
|
|
#define CRYPTO_SYMMETRIC_KEY_SIZE CRYPTO_SHARED_KEY_SIZE
|
|
|
|
/**
|
|
* @brief The number of bytes needed for the MAC (message authentication code) in an
|
|
* encrypted message.
|
|
*/
|
|
#define CRYPTO_MAC_SIZE 16
|
|
|
|
/**
|
|
* @brief The number of bytes in a nonce used for encryption/decryption.
|
|
*/
|
|
#define CRYPTO_NONCE_SIZE 24
|
|
|
|
/**
|
|
* @brief The number of bytes in a SHA256 hash.
|
|
*/
|
|
#define CRYPTO_SHA256_SIZE 32
|
|
|
|
/**
|
|
* @brief The number of bytes in a SHA512 hash.
|
|
*/
|
|
#define CRYPTO_SHA512_SIZE 64
|
|
|
|
typedef void crypto_random_bytes_cb(void *obj, uint8_t *bytes, size_t length);
|
|
typedef uint32_t crypto_random_uniform_cb(void *obj, uint32_t upper_bound);
|
|
|
|
typedef struct Random_Funcs {
|
|
crypto_random_bytes_cb *random_bytes;
|
|
crypto_random_uniform_cb *random_uniform;
|
|
} Random_Funcs;
|
|
|
|
typedef struct Random {
|
|
const Random_Funcs *funcs;
|
|
void *obj;
|
|
} Random;
|
|
|
|
const Random *system_random(void);
|
|
|
|
/**
|
|
* @brief The number of bytes in an encryption public key used by DHT group chats.
|
|
*/
|
|
#define ENC_PUBLIC_KEY_SIZE CRYPTO_PUBLIC_KEY_SIZE
|
|
|
|
/**
|
|
* @brief The number of bytes in an encryption secret key used by DHT group chats.
|
|
*/
|
|
#define ENC_SECRET_KEY_SIZE CRYPTO_SECRET_KEY_SIZE
|
|
|
|
/**
|
|
* @brief The number of bytes in a signature public key.
|
|
*/
|
|
#define SIG_PUBLIC_KEY_SIZE CRYPTO_SIGN_PUBLIC_KEY_SIZE
|
|
|
|
/**
|
|
* @brief The number of bytes in a signature secret key.
|
|
*/
|
|
#define SIG_SECRET_KEY_SIZE CRYPTO_SIGN_SECRET_KEY_SIZE
|
|
|
|
/**
|
|
* @brief The number of bytes in a DHT group chat public key identifier.
|
|
*/
|
|
#define CHAT_ID_SIZE SIG_PUBLIC_KEY_SIZE
|
|
|
|
/**
|
|
* @brief The number of bytes in an extended public key used by DHT group chats.
|
|
*/
|
|
#define EXT_PUBLIC_KEY_SIZE (ENC_PUBLIC_KEY_SIZE + SIG_PUBLIC_KEY_SIZE)
|
|
|
|
/**
|
|
* @brief The number of bytes in an extended secret key used by DHT group chats.
|
|
*/
|
|
#define EXT_SECRET_KEY_SIZE (ENC_SECRET_KEY_SIZE + SIG_SECRET_KEY_SIZE)
|
|
|
|
/**
|
|
* @brief The number of bytes in an HMAC authenticator.
|
|
*/
|
|
#define CRYPTO_HMAC_SIZE 32
|
|
|
|
/**
|
|
* @brief The number of bytes in an HMAC secret key.
|
|
*/
|
|
#define CRYPTO_HMAC_KEY_SIZE 32
|
|
|
|
/**
|
|
* @brief A `bzero`-like function which won't be optimised away by the compiler.
|
|
*
|
|
* Some compilers will inline `bzero` or `memset` if they can prove that there
|
|
* will be no reads to the written data. Use this function if you want to be
|
|
* sure the memory is indeed zeroed.
|
|
*/
|
|
non_null()
|
|
void crypto_memzero(void *data, size_t length);
|
|
|
|
/**
|
|
* @brief Compute a SHA256 hash (32 bytes).
|
|
*/
|
|
non_null()
|
|
void crypto_sha256(uint8_t *hash, const uint8_t *data, size_t length);
|
|
|
|
/**
|
|
* @brief Compute a SHA512 hash (64 bytes).
|
|
*/
|
|
non_null()
|
|
void crypto_sha512(uint8_t *hash, const uint8_t *data, size_t length);
|
|
|
|
/**
|
|
* @brief Compute an HMAC authenticator (32 bytes).
|
|
*
|
|
* @param auth Resulting authenticator.
|
|
* @param key Secret key, as generated by `new_hmac_key()`.
|
|
*/
|
|
non_null()
|
|
void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE], const uint8_t *data,
|
|
size_t length);
|
|
|
|
/**
|
|
* @brief Verify an HMAC authenticator.
|
|
*/
|
|
non_null()
|
|
bool crypto_hmac_verify(const uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE],
|
|
const uint8_t *data, size_t length);
|
|
|
|
/**
|
|
* @brief Compare 2 public keys of length @ref CRYPTO_PUBLIC_KEY_SIZE, not vulnerable to
|
|
* timing attacks.
|
|
*
|
|
* @retval true if both mem locations of length are equal
|
|
* @retval false if they are not
|
|
*/
|
|
non_null()
|
|
bool pk_equal(const uint8_t pk1[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t pk2[CRYPTO_PUBLIC_KEY_SIZE]);
|
|
|
|
/**
|
|
* @brief Copy a public key from `src` to `dest`.
|
|
*/
|
|
non_null()
|
|
void pk_copy(uint8_t dest[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t src[CRYPTO_PUBLIC_KEY_SIZE]);
|
|
|
|
/**
|
|
* @brief Compare 2 SHA512 checksums of length CRYPTO_SHA512_SIZE, not vulnerable to
|
|
* timing attacks.
|
|
*
|
|
* @return true if both mem locations of length are equal, false if they are not.
|
|
*/
|
|
non_null()
|
|
bool crypto_sha512_eq(const uint8_t *cksum1, const uint8_t *cksum2);
|
|
|
|
/**
|
|
* @brief Compare 2 SHA256 checksums of length CRYPTO_SHA256_SIZE, not vulnerable to
|
|
* timing attacks.
|
|
*
|
|
* @return true if both mem locations of length are equal, false if they are not.
|
|
*/
|
|
non_null()
|
|
bool crypto_sha256_eq(const uint8_t *cksum1, const uint8_t *cksum2);
|
|
|
|
/**
|
|
* @brief Return a random 8 bit integer.
|
|
*/
|
|
non_null()
|
|
uint8_t random_u08(const Random *rng);
|
|
|
|
/**
|
|
* @brief Return a random 16 bit integer.
|
|
*/
|
|
non_null()
|
|
uint16_t random_u16(const Random *rng);
|
|
|
|
/**
|
|
* @brief Return a random 32 bit integer.
|
|
*/
|
|
non_null()
|
|
uint32_t random_u32(const Random *rng);
|
|
|
|
/**
|
|
* @brief Return a random 64 bit integer.
|
|
*/
|
|
non_null()
|
|
uint64_t random_u64(const Random *rng);
|
|
|
|
/**
|
|
* @brief Return a random 32 bit integer between 0 and upper_bound (excluded).
|
|
*
|
|
* This function guarantees a uniform distribution of possible outputs.
|
|
*/
|
|
non_null()
|
|
uint32_t random_range_u32(const Random *rng, uint32_t upper_bound);
|
|
|
|
/** @brief Cryptographically signs a message using the supplied secret key and puts the resulting signature
|
|
* in the supplied buffer.
|
|
*
|
|
* @param signature The buffer for the resulting signature, which must have room for at
|
|
* least CRYPTO_SIGNATURE_SIZE bytes.
|
|
* @param message The message being signed.
|
|
* @param message_length The length in bytes of the message being signed.
|
|
* @param secret_key The secret key used to create the signature. The key should be
|
|
* produced by either `create_extended_keypair` or the libsodium function `crypto_sign_keypair`.
|
|
*
|
|
* @retval true on success.
|
|
*/
|
|
non_null()
|
|
bool crypto_signature_create(uint8_t *signature, const uint8_t *message, uint64_t message_length,
|
|
const uint8_t *secret_key);
|
|
|
|
/** @brief Verifies that the given signature was produced by a given message and public key.
|
|
*
|
|
* @param signature The signature we wish to verify.
|
|
* @param message The message we wish to verify.
|
|
* @param message_length The length of the message.
|
|
* @param public_key The public key counterpart of the secret key that was used to
|
|
* create the signature.
|
|
*
|
|
* @retval true on success.
|
|
*/
|
|
non_null()
|
|
bool crypto_signature_verify(const uint8_t *signature, const uint8_t *message, uint64_t message_length,
|
|
const uint8_t *public_key);
|
|
|
|
/**
|
|
* @brief Fill the given nonce with random bytes.
|
|
*/
|
|
non_null()
|
|
void random_nonce(const Random *rng, uint8_t *nonce);
|
|
|
|
/**
|
|
* @brief Fill an array of bytes with random values.
|
|
*/
|
|
non_null()
|
|
void random_bytes(const Random *rng, uint8_t *bytes, size_t length);
|
|
|
|
/**
|
|
* @brief Check if a Tox public key CRYPTO_PUBLIC_KEY_SIZE is valid or not.
|
|
*
|
|
* This should only be used for input validation.
|
|
*
|
|
* @return false if it isn't, true if it is.
|
|
*/
|
|
non_null()
|
|
bool public_key_valid(const uint8_t *public_key);
|
|
|
|
/** @brief Creates an extended keypair: curve25519 and ed25519 for encryption and signing
|
|
* respectively. The Encryption keys are derived from the signature keys.
|
|
*
|
|
* @param pk The buffer where the public key will be stored. Must have room for EXT_PUBLIC_KEY_SIZE bytes.
|
|
* @param sk The buffer where the secret key will be stored. Must have room for EXT_SECRET_KEY_SIZE bytes.
|
|
*
|
|
* @retval true on success.
|
|
*/
|
|
non_null()
|
|
bool create_extended_keypair(uint8_t *pk, uint8_t *sk);
|
|
|
|
/** Functions for groupchat extended keys */
|
|
non_null() const uint8_t *get_enc_key(const uint8_t *key);
|
|
non_null() const uint8_t *get_sig_pk(const uint8_t *key);
|
|
non_null() void set_sig_pk(uint8_t *key, const uint8_t *sig_pk);
|
|
non_null() const uint8_t *get_sig_sk(const uint8_t *key);
|
|
non_null() const uint8_t *get_chat_id(const uint8_t *key);
|
|
|
|
/**
|
|
* @brief Generate a new random keypair.
|
|
*
|
|
* Every call to this function is likely to generate a different keypair.
|
|
*/
|
|
non_null()
|
|
int32_t crypto_new_keypair(const Random *rng, uint8_t *public_key, uint8_t *secret_key);
|
|
|
|
/**
|
|
* @brief Derive the public key from a given secret key.
|
|
*/
|
|
non_null()
|
|
void crypto_derive_public_key(uint8_t *public_key, const uint8_t *secret_key);
|
|
|
|
/**
|
|
* @brief Encrypt message to send from secret key to public key.
|
|
*
|
|
* Encrypt plain text of the given length to encrypted of
|
|
* `length + CRYPTO_MAC_SIZE` using the public key (@ref CRYPTO_PUBLIC_KEY_SIZE
|
|
* bytes) of the receiver and the secret key of the sender and a
|
|
* @ref CRYPTO_NONCE_SIZE byte nonce.
|
|
*
|
|
* @retval -1 if there was a problem.
|
|
* @return length of encrypted data if everything was fine.
|
|
*/
|
|
non_null()
|
|
int32_t encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *plain,
|
|
size_t length, uint8_t *encrypted);
|
|
|
|
/**
|
|
* @brief Decrypt message from public key to secret key.
|
|
*
|
|
* Decrypt encrypted text of the given @p length to plain text of the given
|
|
* `length - CRYPTO_MAC_SIZE` using the public key (@ref CRYPTO_PUBLIC_KEY_SIZE
|
|
* bytes) of the sender, the secret key of the receiver and a
|
|
* @ref CRYPTO_NONCE_SIZE byte nonce.
|
|
*
|
|
* @retval -1 if there was a problem (decryption failed).
|
|
* @return length of plain text data if everything was fine.
|
|
*/
|
|
non_null()
|
|
int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce,
|
|
const uint8_t *encrypted, size_t length, uint8_t *plain);
|
|
|
|
/**
|
|
* @brief Fast encrypt/decrypt operations.
|
|
*
|
|
* Use if this is not a one-time communication. `encrypt_precompute` does the
|
|
* shared-key generation once so it does not have to be performed on every
|
|
* encrypt/decrypt.
|
|
*/
|
|
non_null()
|
|
int32_t encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key, uint8_t *shared_key);
|
|
|
|
/**
|
|
* @brief Encrypt message with precomputed shared key.
|
|
*
|
|
* Encrypts plain of length length to encrypted of length + @ref CRYPTO_MAC_SIZE
|
|
* using a shared key @ref CRYPTO_SYMMETRIC_KEY_SIZE big and a @ref CRYPTO_NONCE_SIZE
|
|
* byte nonce.
|
|
*
|
|
* @retval -1 if there was a problem.
|
|
* @return length of encrypted data if everything was fine.
|
|
*/
|
|
non_null()
|
|
int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce, const uint8_t *plain, size_t length,
|
|
uint8_t *encrypted);
|
|
|
|
/**
|
|
* @brief Decrypt message with precomputed shared key.
|
|
*
|
|
* Decrypts encrypted of length length to plain of length
|
|
* `length - CRYPTO_MAC_SIZE` using a shared key @ref CRYPTO_SHARED_KEY_SIZE
|
|
* big and a @ref CRYPTO_NONCE_SIZE byte nonce.
|
|
*
|
|
* @retval -1 if there was a problem (decryption failed).
|
|
* @return length of plain data if everything was fine.
|
|
*/
|
|
non_null()
|
|
int32_t decrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce, const uint8_t *encrypted, size_t length,
|
|
uint8_t *plain);
|
|
|
|
/**
|
|
* @brief Increment the given nonce by 1 in big endian (rightmost byte incremented
|
|
* first).
|
|
*/
|
|
non_null()
|
|
void increment_nonce(uint8_t *nonce);
|
|
|
|
/**
|
|
* @brief Increment the given nonce by a given number.
|
|
*
|
|
* The number should be in host byte order.
|
|
*/
|
|
non_null()
|
|
void increment_nonce_number(uint8_t *nonce, uint32_t increment);
|
|
|
|
/**
|
|
* @brief Fill a key @ref CRYPTO_SYMMETRIC_KEY_SIZE big with random bytes.
|
|
*/
|
|
non_null()
|
|
void new_symmetric_key(const Random *rng, uint8_t *key);
|
|
|
|
/**
|
|
* @brief Locks `length` bytes of memory pointed to by `data`.
|
|
*
|
|
* This will attempt to prevent the specified memory region from being swapped
|
|
* to disk.
|
|
*
|
|
* @return true on success.
|
|
*/
|
|
non_null()
|
|
bool crypto_memlock(void *data, size_t length);
|
|
|
|
/**
|
|
* @brief Unlocks `length` bytes of memory pointed to by `data`.
|
|
*
|
|
* This allows the specified memory region to be swapped to disk.
|
|
*
|
|
* This function call has the side effect of zeroing the specified memory region
|
|
* whether or not it succeeds. Therefore it should only be used once the memory
|
|
* is no longer in use.
|
|
*
|
|
* @return true on success.
|
|
*/
|
|
non_null()
|
|
bool crypto_memunlock(void *data, size_t length);
|
|
|
|
/**
|
|
* @brief Generate a random secret HMAC key.
|
|
*/
|
|
non_null()
|
|
void new_hmac_key(const Random *rng, uint8_t key[CRYPTO_HMAC_KEY_SIZE]);
|
|
|
|
#ifdef __cplusplus
|
|
} // extern "C"
|
|
#endif
|
|
|
|
#endif // C_TOXCORE_TOXCORE_CRYPTO_CORE_H
|