├── .gitignore ├── AUTHORS ├── COPYING ├── ChangeLog ├── Makefile.am ├── NEWS ├── README ├── README.md ├── autogen.sh ├── configure.ac ├── doc ├── .gitignore ├── Doxyfile ├── Makefile.am ├── buffer.dox ├── cert-key-format.dox ├── constants.dox ├── example-echo.dox ├── mainpage.dox ├── noise-certificate.dox └── noise-certificate.proto ├── examples ├── Makefile.am └── echo │ ├── Makefile.am │ ├── echo-client │ ├── .gitignore │ ├── Makefile.am │ └── echo-client.c │ ├── echo-keygen │ ├── .gitignore │ ├── Makefile.am │ └── echo-keygen.c │ └── echo-server │ ├── .gitignore │ ├── Makefile.am │ ├── echo-common.c │ ├── echo-common.h │ └── echo-server.c ├── include ├── Makefile.am └── noise │ ├── Makefile.am │ ├── keys.h │ ├── keys │ ├── Makefile.am │ ├── certificate.h │ └── loader.h │ ├── protobufs.h │ ├── protocol.h │ └── protocol │ ├── Makefile.am │ ├── buffer.h │ ├── cipherstate.h │ ├── constants.h │ ├── dhstate.h │ ├── errors.h │ ├── handshakestate.h │ ├── hashstate.h │ ├── names.h │ ├── randstate.h │ ├── signstate.h │ ├── symmetricstate.h │ └── util.h ├── m4 ├── ax_pthread.m4 └── pkg.m4 ├── src ├── Makefile.am ├── backend │ ├── openssl │ │ └── cipher-aesgcm.c │ ├── ref │ │ ├── cipher-aesgcm.c │ │ ├── cipher-chachapoly.c │ │ ├── dh-curve25519.c │ │ ├── dh-curve448.c │ │ ├── dh-newhope.c │ │ ├── hash-blake2b.c │ │ ├── hash-blake2s.c │ │ ├── hash-sha256.c │ │ ├── hash-sha512.c │ │ └── sign-ed25519.c │ └── sodium │ │ ├── cipher-aesgcm.c │ │ ├── cipher-chachapoly.c │ │ ├── dh-curve25519.c │ │ ├── hash-blake2b.c │ │ ├── hash-sha256.c │ │ ├── hash-sha512.c │ │ └── sign-ed25519.c ├── crypto │ ├── README │ ├── aes │ │ ├── rijndael-alg-fst.c │ │ └── rijndael-alg-fst.h │ ├── blake2 │ │ ├── blake2-endian.h │ │ ├── blake2b.c │ │ ├── blake2b.h │ │ ├── blake2s.c │ │ └── blake2s.h │ ├── chacha │ │ ├── chacha.c │ │ └── chacha.h │ ├── curve448 │ │ ├── curve448.c │ │ └── curve448.h │ ├── donna │ │ ├── curve25519-donna-c64.c │ │ ├── curve25519-donna.c │ │ ├── poly1305-donna-16.h │ │ ├── poly1305-donna-32.h │ │ ├── poly1305-donna-64.h │ │ ├── poly1305-donna-8.h │ │ ├── poly1305-donna.c │ │ └── poly1305-donna.h │ ├── ed25519 │ │ ├── README.md │ │ ├── curve25519-donna-32bit.h │ │ ├── curve25519-donna-64bit.h │ │ ├── curve25519-donna-helpers.h │ │ ├── curve25519-donna-sse2.h │ │ ├── ed25519-donna-32bit-sse2.h │ │ ├── ed25519-donna-32bit-tables.h │ │ ├── ed25519-donna-64bit-sse2.h │ │ ├── ed25519-donna-64bit-tables.h │ │ ├── ed25519-donna-64bit-x86-32bit.h │ │ ├── ed25519-donna-64bit-x86.h │ │ ├── ed25519-donna-basepoint-table.h │ │ ├── ed25519-donna-batchverify.h │ │ ├── ed25519-donna-impl-base.h │ │ ├── ed25519-donna-impl-sse2.h │ │ ├── ed25519-donna-portable-identify.h │ │ ├── ed25519-donna-portable.h │ │ ├── ed25519-donna.h │ │ ├── ed25519-hash-custom.h │ │ ├── ed25519-hash.h │ │ ├── ed25519-randombytes-custom.h │ │ ├── ed25519-randombytes.h │ │ ├── ed25519.c │ │ ├── ed25519.h │ │ ├── fuzz │ │ │ ├── README.md │ │ │ ├── build-nix.php │ │ │ ├── curve25519-ref10.c │ │ │ ├── curve25519-ref10.h │ │ │ ├── ed25519-donna-sse2.c │ │ │ ├── ed25519-donna.c │ │ │ ├── ed25519-donna.h │ │ │ ├── ed25519-ref10.c │ │ │ ├── ed25519-ref10.h │ │ │ ├── fuzz-curve25519.c │ │ │ └── fuzz-ed25519.c │ │ ├── modm-donna-32bit.h │ │ ├── modm-donna-64bit.h │ │ ├── regression.h │ │ ├── test-internals.c │ │ ├── test-ticks.h │ │ └── test.c │ ├── ghash │ │ ├── ghash.c │ │ └── ghash.h │ ├── goldilocks │ │ ├── Doxyfile │ │ ├── HISTORY.txt │ │ ├── LICENSE.txt │ │ ├── Makefile │ │ ├── README.txt │ │ ├── TODO.txt │ │ ├── include │ │ │ ├── goldilocks.h │ │ │ └── ridinghood.h │ │ ├── src │ │ │ ├── arithmetic.c │ │ │ ├── barrett_field.c │ │ │ ├── bat │ │ │ │ ├── api_dh.h │ │ │ │ ├── api_sign.h │ │ │ │ ├── dh.c │ │ │ │ └── sign.c │ │ │ ├── crandom.c │ │ │ ├── ec_point.c │ │ │ ├── goldilocks.c │ │ │ ├── include │ │ │ │ ├── barrett_field.h │ │ │ │ ├── config.h │ │ │ │ ├── constant_time.h │ │ │ │ ├── crandom.h │ │ │ │ ├── ec_point.h │ │ │ │ ├── field.h │ │ │ │ ├── intrinsics.h │ │ │ │ ├── magic.h │ │ │ │ ├── scalarmul.h │ │ │ │ ├── sha512.h │ │ │ │ └── word.h │ │ │ ├── p448 │ │ │ │ ├── arch_32 │ │ │ │ │ ├── arch_config.h │ │ │ │ │ ├── p448.c │ │ │ │ │ └── p448.h │ │ │ │ ├── arch_arm_32 │ │ │ │ │ ├── arch_config.h │ │ │ │ │ ├── p448.c │ │ │ │ │ └── p448.h │ │ │ │ ├── arch_neon_experimental │ │ │ │ │ ├── arch_config.h │ │ │ │ │ ├── p448.c │ │ │ │ │ └── p448.h │ │ │ │ ├── arch_ref64 │ │ │ │ │ ├── arch_config.h │ │ │ │ │ ├── p448.c │ │ │ │ │ └── p448.h │ │ │ │ ├── arch_x86_64 │ │ │ │ │ ├── arch_config.h │ │ │ │ │ ├── p448.c │ │ │ │ │ ├── p448.h │ │ │ │ │ └── x86-64-arith.h │ │ │ │ ├── f_arithmetic.c │ │ │ │ ├── f_field.h │ │ │ │ ├── f_magic.h │ │ │ │ └── magic.c │ │ │ ├── p480 │ │ │ │ ├── arch_x86_64 │ │ │ │ │ ├── arch_config.h │ │ │ │ │ ├── p480.c │ │ │ │ │ ├── p480.h │ │ │ │ │ └── x86-64-arith.h │ │ │ │ ├── f_arithmetic.c │ │ │ │ ├── f_field.h │ │ │ │ ├── f_magic.h │ │ │ │ └── magic.c │ │ │ ├── p521 │ │ │ │ ├── arch_ref64 │ │ │ │ │ ├── arch_config.h │ │ │ │ │ ├── p521.c │ │ │ │ │ └── p521.h │ │ │ │ ├── arch_x86_64_r12 │ │ │ │ │ ├── arch_config.h │ │ │ │ │ ├── p521.c │ │ │ │ │ └── p521.h │ │ │ │ ├── f_arithmetic.c │ │ │ │ ├── f_field.h │ │ │ │ ├── f_magic.h │ │ │ │ └── magic.c │ │ │ ├── scalarmul.c │ │ │ └── sha512.c │ │ └── test │ │ │ ├── batarch.map │ │ │ ├── bench.c │ │ │ ├── test.c │ │ │ ├── test.h │ │ │ ├── test_arithmetic.c │ │ │ ├── test_goldilocks.c │ │ │ ├── test_pointops.c │ │ │ ├── test_scalarmul.c │ │ │ └── test_sha512.c │ ├── newhope │ │ ├── LICENSE │ │ ├── batcher.c │ │ ├── batcher.h │ │ ├── cpucycles.c │ │ ├── cpucycles.h │ │ ├── crypto_stream_chacha20.c │ │ ├── crypto_stream_chacha20.h │ │ ├── error_correction.c │ │ ├── error_correction.h │ │ ├── fips202.c │ │ ├── fips202.h │ │ ├── newhope.c │ │ ├── newhope.h │ │ ├── ntt.c │ │ ├── ntt.h │ │ ├── params.h │ │ ├── poly.c │ │ ├── poly.h │ │ ├── precomp.c │ │ ├── randombytes.c │ │ ├── randombytes.h │ │ ├── reduce.c │ │ └── reduce.h │ └── sha2 │ │ ├── sha256.c │ │ ├── sha256.h │ │ ├── sha512.c │ │ └── sha512.h ├── keys │ ├── Makefile.am │ ├── certificate.c │ └── loader.c ├── protobufs │ ├── Makefile.am │ └── protobufs.c └── protocol │ ├── Makefile.am │ ├── cipherstate.c │ ├── dhstate.c │ ├── errors.c │ ├── handshakestate.c │ ├── hashstate.c │ ├── internal.c │ ├── internal.h │ ├── names.c │ ├── patterns.c │ ├── rand_os.c │ ├── rand_sodium.c │ ├── randstate.c │ ├── signstate.c │ ├── symmetricstate.c │ └── util.c ├── tests ├── Makefile.am ├── performance │ ├── .gitignore │ ├── Makefile.am │ ├── md5.c │ ├── md5.h │ └── test-performance.c ├── unit │ ├── .gitignore │ ├── Makefile.am │ ├── test-cipherstate.c │ ├── test-dhstate.c │ ├── test-errors.c │ ├── test-handshakestate.c │ ├── test-hashstate.c │ ├── test-helpers.h │ ├── test-main.c │ ├── test-names.c │ ├── test-patterns.c │ ├── test-protobufs.c │ ├── test-randstate.c │ ├── test-signstate.c │ └── test-symmetricstate.c ├── vector-gen │ ├── .gitignore │ ├── Makefile.am │ ├── README │ ├── simple-cipherstate.c │ ├── simple-cipherstate.h │ ├── simple-handshakestate.c │ ├── simple-handshakestate.h │ ├── simple-symmetricstate.c │ ├── simple-symmetricstate.h │ └── vector-gen.c └── vector │ ├── .gitignore │ ├── Makefile.am │ ├── cacophony.txt │ ├── json-reader.c │ ├── json-reader.h │ ├── noise-c-basic.txt │ ├── noise-c-fallback.txt │ ├── noise-c-hybrid.txt │ └── test-vector.c └── tools ├── Makefile.am ├── keytool ├── .gitignore ├── Makefile.am ├── generate.c ├── keytool.c ├── keytool.h ├── show.c └── sign.c └── protoc ├── .gitignore ├── Makefile.am ├── main.c ├── proto3-ast.c ├── proto3-ast.h ├── proto3-generate-c.c ├── proto3-grammar.y ├── proto3-lexer.l └── test.proto /.gitignore: -------------------------------------------------------------------------------- 1 | *.o 2 | *.a 3 | .depend 4 | .*.swp 5 | aclocal.m4 6 | autom4te.cache 7 | configure 8 | Makefile.in 9 | Makefile 10 | .deps 11 | config.* 12 | INSTALL 13 | compile 14 | depcomp 15 | install-sh 16 | missing 17 | test-driver 18 | .dirstamp 19 | ylwrap 20 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | Rhys Weatherley 2 | Eli Fidler 3 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | Copyright (C) 2016 Southern Storm Software, Pty Ltd. 2 | 3 | Permission is hereby granted, free of charge, to any person obtaining a 4 | copy of this software and associated documentation files (the "Software"), 5 | to deal in the Software without restriction, including without limitation 6 | the rights to use, copy, modify, merge, publish, distribute, sublicense, 7 | and/or sell copies of the Software, and to permit persons to whom the 8 | Software is furnished to do so, subject to the following conditions: 9 | 10 | The above copyright notice and this permission notice shall be included 11 | in all copies or substantial portions of the Software. 12 | 13 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 14 | OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 15 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 16 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 17 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 18 | FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 19 | DEALINGS IN THE SOFTWARE. 20 | -------------------------------------------------------------------------------- /ChangeLog: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rweather/noise-c/cfe25410979a87391bb9ac8d4d4bef64e9f268c6/ChangeLog -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | SUBDIRS = include src tools tests examples doc 3 | 4 | EXTRA_DIST = README.md 5 | 6 | docs: 7 | (cd $(srcdir)/doc; $(DOXYGEN)) 8 | -------------------------------------------------------------------------------- /NEWS: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/rweather/noise-c/cfe25410979a87391bb9ac8d4d4bef64e9f268c6/NEWS -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | 2 | See README.md 3 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | Noise-C Library 3 | =============== 4 | 5 | Noise-C is a plain C implementation of the 6 | [Noise Protocol](http://noiseprotocol.org), intended as a 7 | reference implementation. It can also be referred to as "Noisy", 8 | which is what you get when you say "Noise-C" too fast. The code is 9 | distributed under the terms of the MIT license. 10 | 11 | The [documentation](http://rweather.github.io/noise-c/index.html) 12 | contains more information on the library, examples, and how to build it. 13 | 14 | For more information on this library, to report bugs, to contribute, 15 | or to suggest improvements, please contact the author Rhys Weatherley via 16 | [email](mailto:rhys.weatherley@gmail.com). 17 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | 3 | if [ -x "`which autoreconf 2>/dev/null`" ] ; then 4 | exec autoreconf -ivf 5 | fi 6 | 7 | if glibtoolize --version > /dev/null 2>&1; then 8 | LIBTOOLIZE='glibtoolize' 9 | else 10 | LIBTOOLIZE='libtoolize' 11 | fi 12 | 13 | $LIBTOOLIZE && \ 14 | aclocal && \ 15 | automake --add-missing --force-missing --include-deps && \ 16 | autoconf 17 | -------------------------------------------------------------------------------- /configure.ac: -------------------------------------------------------------------------------- 1 | 2 | AC_INIT([noise-c], [0.0.1]) 3 | AM_INIT_AUTOMAKE 4 | AC_CONFIG_MACRO_DIR([m4]) 5 | 6 | AC_PROG_CC 7 | AC_PROG_CC_STDC 8 | AC_PROG_RANLIB 9 | AC_PROG_LEX 10 | AC_PROG_YACC 11 | AC_PATH_PROG(DOXYGEN, doxygen) 12 | 13 | dnl Determine the default Ed448-Goldilocks architecture to use. 14 | AC_CHECK_DECL([__x86_64__]) 15 | AC_CHECK_SIZEOF(void *) 16 | if test "x$ac_cv_have_decl___x86_64__" = "xyes" ; then 17 | ED448_DEFAULT_ARCH=arch_x86_64 18 | else 19 | if test "x$ac_cv_sizeof_void_p" = "x8" ; then 20 | ED448_DEFAULT_ARCH=arch_ref64 21 | else 22 | ED448_DEFAULT_ARCH=arch_32 23 | fi 24 | fi 25 | 26 | AC_ARG_WITH([ed448-arch], 27 | [AS_HELP_STRING([--with-ed448-arch=ARCH], 28 | [specify the Ed448-Goldilocks architecture])], 29 | [], 30 | [with_ed448_arch=${ED448_DEFAULT_ARCH}]) 31 | 32 | AC_CHECK_LIB(rt, clock_gettime) 33 | 34 | dnl Try to detect winsock2 on mingw32/64 systems. 35 | AC_CHECK_LIB(ws2_32, [_head_libws2_32_a]) 36 | AC_CHECK_LIB(ws2_32, [_head_lib32_libws2_32_a]) 37 | AC_CHECK_LIB(ws2_32, [_head_lib64_libws2_32_a]) 38 | 39 | AC_CHECK_FUNCS([poll]) 40 | 41 | AX_PTHREAD([LIBS="$PTHREAD_LIBS $LIBS" 42 | CFLAGS="$CFLAGS $PTHREAD_CFLAGS" 43 | CC="$PTHREAD_CC"],[]) 44 | 45 | AC_SUBST([WARNING_FLAGS],[-Wall]) 46 | AC_SUBST([GOLDILOCKS_ARCH],[$with_ed448_arch]) 47 | 48 | AC_CONFIG_FILES([Makefile 49 | include/Makefile 50 | include/noise/Makefile 51 | include/noise/protocol/Makefile 52 | include/noise/keys/Makefile 53 | src/Makefile 54 | src/protocol/Makefile 55 | src/protobufs/Makefile 56 | src/keys/Makefile 57 | tests/Makefile 58 | tests/unit/Makefile 59 | tests/vector/Makefile 60 | tests/vector-gen/Makefile 61 | tests/performance/Makefile 62 | tools/Makefile 63 | tools/keytool/Makefile 64 | tools/protoc/Makefile 65 | examples/Makefile 66 | examples/echo/Makefile 67 | examples/echo/echo-client/Makefile 68 | examples/echo/echo-keygen/Makefile 69 | examples/echo/echo-server/Makefile 70 | doc/Makefile]) 71 | 72 | AC_ARG_WITH([libsodium], 73 | [AS_HELP_STRING([--with-libsodium], 74 | [use libsodium for crypto @<:@default=check@:>@])], 75 | [], 76 | [with_libsodium=no]) 77 | AC_ARG_WITH([openssl], 78 | [AS_HELP_STRING([--with-openssl], 79 | [use openssl for crypto @<:@default=check@:>@])], 80 | [], 81 | [with_openssl=no]) 82 | 83 | PKG_PROG_PKG_CONFIG 84 | AS_IF([test -n "$PKG_CONFIG"], [ 85 | AS_CASE(["$with_libsodium"], 86 | [yes], [PKG_CHECK_MODULES_STATIC([libsodium], [libsodium], [HAVE_LIBSODIUM=1])], 87 | [no], [HAVE_LIBSODIUM=0], 88 | [PKG_CHECK_MODULES_STATIC([libsodium], [libsodium], [HAVE_LIBSODIUM=1], [HAVE_LIBSODIUM=0])]) 89 | AM_CONDITIONAL([USE_LIBSODIUM], [test "$with_libsodium" != no -a "$HAVE_LIBSODIUM" -eq 1]) 90 | 91 | AS_CASE(["$with_openssl"], 92 | [yes], [PKG_CHECK_MODULES_STATIC([openssl], [openssl], [HAVE_OPENSSL=1])], 93 | [no], [HAVE_OPENSSL=0], 94 | [PKG_CHECK_MODULES_STATIC([openssl], [openssl], [HAVE_OPENSSL=1], [HAVE_OPENSSL=0])]) 95 | AM_CONDITIONAL([USE_OPENSSL], [test "$with_openssl" != no -a "$HAVE_OPENSSL" -eq 1]) 96 | ], [ 97 | AC_MSG_WARN([Can't find pkg-config. Using built-in reference crypto backend.]) 98 | AM_CONDITIONAL([USE_LIBSODIUM],[false]) 99 | AM_CONDITIONAL([USE_OPENSSL],[false]) 100 | ]) 101 | 102 | AC_ARG_ENABLE(asan, AC_HELP_STRING([--enable-asan], 103 | [Compile with Address Sanitizer]), [ 104 | if (test "${enableval}" = "yes"); then 105 | CFLAGS="$CFLAGS -fsanitize=address"; 106 | LDFLAGS="$LDFLAGS -fsanitize=address" 107 | fi 108 | ]) 109 | 110 | AC_ARG_ENABLE(ubsan, AC_HELP_STRING([--enable-ubsan], 111 | [Compile with Undefined Behavior Sanitizer]), [ 112 | if (test "${enableval}" = "yes"); then 113 | CFLAGS="$CFLAGS -fsanitize=undefined"; 114 | LDFLAGS="$LDFLAGS -fsanitize=undefined" 115 | fi 116 | ]) 117 | 118 | AC_OUTPUT 119 | -------------------------------------------------------------------------------- /doc/.gitignore: -------------------------------------------------------------------------------- 1 | html 2 | -------------------------------------------------------------------------------- /doc/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | EXTRA_DIST = \ 3 | buffer.dox \ 4 | cert-key-format.dox \ 5 | constants.dox \ 6 | example-echo.dox \ 7 | mainpage.dox \ 8 | noise-certificate.dox \ 9 | noise-certificate.proto \ 10 | Doxyfile 11 | -------------------------------------------------------------------------------- /doc/buffer.dox: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | /** 24 | \file buffer.h 25 | \brief Buffer management. 26 | */ 27 | 28 | /** 29 | * \defgroup buffer_management Buffer management API 30 | * 31 | * This API defines types and macros to help with managing the passing 32 | * of buffers to the Noise-C library. NoiseBuffer objects carry their 33 | * current and maximum sizes around with them wherever they go. The intention 34 | * is that applications that use NoiseBuffer are less likely to create a 35 | * buffer overrun situation because the maximum size is always available 36 | * for checking and never implicit. 37 | */ 38 | /**@{*/ 39 | 40 | /** 41 | * \struct NoiseBuffer 42 | * \brief Type that defines a region of memory for a data buffer. 43 | */ 44 | 45 | /** 46 | * \def noise_buffer_init(buffer) 47 | * \brief Initializes all fields of a buffer to zero. 48 | */ 49 | 50 | /** 51 | * \def noise_buffer_set_output(buffer, ptr, len) 52 | * \brief Sets a NoiseBuffer object to point to an output memory region. 53 | * 54 | * \param buffer The NoiseBuffer object to set. 55 | * \param ptr Pointer to the start of the memory region for the buffer. 56 | * \param len Length of the memory region in bytes. 57 | * 58 | * The buffer's current size is set to zero and its maximum size is 59 | * set to \a len. 60 | * 61 | * This macro is intended for initializing a region of memory to 62 | * receive data that was output by a Noise-C function. The maximum 63 | * size indicates how many bytes can be output into the region 64 | * before overflow occurs. 65 | */ 66 | 67 | /** 68 | * \def noise_buffer_set_input(buffer, ptr, len) 69 | * \brief Sets a NoiseBuffer object to point to an input memory region. 70 | * 71 | * \param buffer The NoiseBuffer object to set. 72 | * \param ptr Pointer to the start of the memory region for the buffer. 73 | * \param len Length of the memory region in bytes. 74 | * 75 | * The buffer's current and maximum size are both set to \a len. 76 | * 77 | * This macro is intended for passing an existing region of memory to a 78 | * Noise-C function. It is typically used for input values. 79 | */ 80 | 81 | /** 82 | * \def noise_buffer_set_inout(buffer, ptr, len, max) 83 | * \brief Sets a NoiseBuffer object to point to an input-output memory region. 84 | * 85 | * \param buffer The NoiseBuffer object to set. 86 | * \param ptr Pointer to the start of the memory region for the buffer. 87 | * \param len Length of the memory region in bytes on input. 88 | * \param max Maximum length of the memory region in bytes. 89 | * 90 | * This function is intended for use when transforming a region of memory; 91 | * for example to encrypt or decrypt it. The original size is \a len 92 | * and during transformation the region can grow in size to no more 93 | * than \a max. 94 | */ 95 | 96 | /**@}*/ 97 | -------------------------------------------------------------------------------- /doc/noise-certificate.dox: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | /** 24 | \file noise-certificate.dox 25 | \page noise_certificate_proto noise-certificate.proto 26 | 27 | \include noise-certificate.proto 28 | 29 | */ 30 | -------------------------------------------------------------------------------- /examples/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | SUBDIRS = echo 3 | -------------------------------------------------------------------------------- /examples/echo/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | SUBDIRS = echo-client echo-keygen echo-server 3 | -------------------------------------------------------------------------------- /examples/echo/echo-client/.gitignore: -------------------------------------------------------------------------------- 1 | echo-client 2 | echo-client.exe 3 | -------------------------------------------------------------------------------- /examples/echo/echo-client/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | AUTOMAKE_OPTIONS = subdir-objects 3 | 4 | noinst_PROGRAMS = echo-client 5 | 6 | echo_client_SOURCES = echo-client.c 7 | 8 | AM_CPPFLAGS = -I$(top_srcdir)/include -I$(srcdir)/../echo-server 9 | AM_CFLAGS = @WARNING_FLAGS@ 10 | 11 | LDADD = ../../../src/protocol/libnoiseprotocol.a 12 | 13 | if USE_LIBSODIUM 14 | AM_CPPFLAGS += -DUSE_LIBSODIUM=1 15 | AM_CFLAGS += $(libsodium_CFLAGS) 16 | LDADD += $(libsodium_LIBS) 17 | endif 18 | 19 | if USE_OPENSSL 20 | AM_CPPFLAGS += -DUSE_OPENSSL=1 21 | AM_CFLAGS += $(openssl_CFLAGS) 22 | LDADD += $(openssl_LIBS) 23 | endif 24 | -------------------------------------------------------------------------------- /examples/echo/echo-keygen/.gitignore: -------------------------------------------------------------------------------- 1 | echo-keygen 2 | echo-keygen.exe 3 | -------------------------------------------------------------------------------- /examples/echo/echo-keygen/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | noinst_PROGRAMS = echo-keygen 3 | 4 | echo_keygen_SOURCES = echo-keygen.c 5 | 6 | AM_CPPFLAGS = -I$(top_srcdir)/include 7 | AM_CFLAGS = @WARNING_FLAGS@ 8 | 9 | LDADD = ../../../src/protocol/libnoiseprotocol.a 10 | 11 | if USE_LIBSODIUM 12 | AM_CPPFLAGS += -DUSE_LIBSODIUM=1 13 | AM_CFLAGS += $(libsodium_CFLAGS) 14 | LDADD += $(libsodium_LIBS) 15 | endif 16 | 17 | if USE_OPENSSL 18 | AM_CPPFLAGS += -DUSE_OPENSSL=1 19 | AM_CFLAGS += $(openssl_CFLAGS) 20 | LDADD += $(openssl_LIBS) 21 | endif 22 | -------------------------------------------------------------------------------- /examples/echo/echo-server/.gitignore: -------------------------------------------------------------------------------- 1 | echo-server 2 | echo-server.exe 3 | -------------------------------------------------------------------------------- /examples/echo/echo-server/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | noinst_PROGRAMS = echo-server 3 | 4 | echo_server_SOURCES = \ 5 | echo-server.c \ 6 | echo-common.c 7 | 8 | AM_CPPFLAGS = -I$(top_srcdir)/include 9 | AM_CFLAGS = @WARNING_FLAGS@ 10 | 11 | LDADD = ../../../src/protocol/libnoiseprotocol.a 12 | 13 | if USE_LIBSODIUM 14 | AM_CPPFLAGS += -DUSE_LIBSODIUM=1 15 | AM_CFLAGS += $(libsodium_CFLAGS) 16 | LDADD += $(libsodium_LIBS) 17 | endif 18 | 19 | if USE_OPENSSL 20 | AM_CPPFLAGS += -DUSE_OPENSSL=1 21 | AM_CFLAGS += $(openssl_CFLAGS) 22 | LDADD += $(openssl_LIBS) 23 | endif 24 | -------------------------------------------------------------------------------- /examples/echo/echo-server/echo-common.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef __ECHO_COMMON_H__ 24 | #define __ECHO_COMMON_H__ 25 | 26 | #include 27 | 28 | /* 29 | Protocol byte defintions for the echo protocol from: 30 | https://github.com/centromere/cacophony#example-code 31 | */ 32 | 33 | #define ECHO_PSK_DISABLED 0x00 34 | #define ECHO_PSK_ENABLED 0x01 35 | 36 | #define ECHO_PATTERN_NN 0x00 37 | #define ECHO_PATTERN_KN 0x01 38 | #define ECHO_PATTERN_NK 0x02 39 | #define ECHO_PATTERN_KK 0x03 40 | #define ECHO_PATTERN_NX 0x04 41 | #define ECHO_PATTERN_KX 0x05 42 | #define ECHO_PATTERN_XN 0x06 43 | #define ECHO_PATTERN_IN 0x07 44 | #define ECHO_PATTERN_XK 0x08 45 | #define ECHO_PATTERN_IK 0x09 46 | #define ECHO_PATTERN_XX 0x0A 47 | #define ECHO_PATTERN_IX 0x0B 48 | #define ECHO_PATTERN_HFS 0x80 49 | 50 | #define ECHO_CIPHER_CHACHAPOLY 0x00 51 | #define ECHO_CIPHER_AESGCM 0x01 52 | 53 | #define ECHO_DH_25519 0x00 54 | #define ECHO_DH_448 0x01 55 | #define ECHO_DH_NEWHOPE 0x02 56 | #define ECHO_DH_MASK 0x0F 57 | 58 | #define ECHO_HYBRID_NONE 0x00 59 | #define ECHO_HYBRID_25519 0x10 60 | #define ECHO_HYBRID_448 0x20 61 | #define ECHO_HYBRID_NEWHOPE 0x30 62 | #define ECHO_HYBRID_MASK 0xF0 63 | 64 | #define ECHO_HASH_SHA256 0x00 65 | #define ECHO_HASH_SHA512 0x01 66 | #define ECHO_HASH_BLAKE2s 0x02 67 | #define ECHO_HASH_BLAKE2b 0x03 68 | 69 | typedef struct 70 | { 71 | uint8_t psk; 72 | uint8_t pattern; 73 | uint8_t cipher; 74 | uint8_t dh; 75 | uint8_t hash; 76 | 77 | } EchoProtocolId; 78 | 79 | extern int echo_verbose; 80 | 81 | int echo_get_protocol_id(EchoProtocolId *id, const char *name); 82 | int echo_to_noise_protocol_id(NoiseProtocolId *nid, const EchoProtocolId *id); 83 | 84 | int echo_load_private_key(const char *filename, uint8_t *key, size_t len); 85 | int echo_load_public_key(const char *filename, uint8_t *key, size_t len); 86 | 87 | int echo_connect(const char *hostname, int port); 88 | int echo_accept(int port); 89 | 90 | int echo_recv_exact(int fd, uint8_t *packet, size_t len); 91 | size_t echo_recv(int fd, uint8_t *packet, size_t max_len); 92 | int echo_send(int fd, const uint8_t *packet, size_t len); 93 | void echo_close(int fd); 94 | 95 | #endif 96 | -------------------------------------------------------------------------------- /include/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | SUBDIRS = noise 3 | -------------------------------------------------------------------------------- /include/noise/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | noiseincludedir = $(includedir)/noise 3 | noiseinclude_HEADERS = \ 4 | keys.h \ 5 | protocol.h \ 6 | protobufs.h 7 | 8 | SUBDIRS = . protocol keys 9 | -------------------------------------------------------------------------------- /include/noise/keys.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_KEYS_H 24 | #define NOISE_KEYS_H 25 | 26 | #include 27 | #include 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /include/noise/keys/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | keysincludedir = $(includedir)/noise/keys 3 | keysinclude_HEADERS = \ 4 | certificate.h \ 5 | loader.h 6 | -------------------------------------------------------------------------------- /include/noise/keys/loader.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_KEYS_LOADER_H 24 | #define NOISE_KEYS_LOADER_H 25 | 26 | #include 27 | 28 | #ifdef __cplusplus 29 | extern "C" { 30 | #endif 31 | 32 | int noise_load_certificate_from_file 33 | (Noise_Certificate **cert, const char *filename); 34 | int noise_load_certificate_from_buffer 35 | (Noise_Certificate **cert, NoiseProtobuf *pbuf); 36 | 37 | int noise_load_certificate_chain_from_file 38 | (Noise_CertificateChain **chain, const char *filename); 39 | int noise_load_certificate_chain_from_buffer 40 | (Noise_CertificateChain **chain, NoiseProtobuf *pbuf); 41 | 42 | int noise_load_private_key_from_file 43 | (Noise_PrivateKey **key, const char *filename, 44 | const void *passphrase, size_t passphrase_len); 45 | int noise_load_private_key_from_buffer 46 | (Noise_PrivateKey **key, NoiseProtobuf *pbuf, 47 | const void *passphrase, size_t passphrase_len); 48 | 49 | int noise_save_certificate_to_file 50 | (const Noise_Certificate *cert, const char *filename); 51 | int noise_save_certificate_to_buffer 52 | (const Noise_Certificate *cert, NoiseProtobuf *pbuf); 53 | 54 | int noise_save_certificate_chain_to_file 55 | (const Noise_CertificateChain *chain, const char *filename); 56 | int noise_save_certificate_chain_to_buffer 57 | (const Noise_CertificateChain *chain, NoiseProtobuf *pbuf); 58 | 59 | int noise_save_private_key_to_file 60 | (const Noise_PrivateKey *key, const char *filename, 61 | const void *passphrase, size_t passphrase_len, 62 | const char *protect_name); 63 | int noise_save_private_key_to_buffer 64 | (const Noise_PrivateKey *key, NoiseProtobuf *pbuf, 65 | const void *passphrase, size_t passphrase_len, 66 | const char *protect_name); 67 | 68 | #ifdef __cplusplus 69 | }; 70 | #endif 71 | 72 | #endif 73 | -------------------------------------------------------------------------------- /include/noise/protocol.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_PROTOCOL_H 24 | #define NOISE_PROTOCOL_H 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | #include 34 | #include 35 | #include 36 | #include 37 | #include 38 | 39 | #endif 40 | -------------------------------------------------------------------------------- /include/noise/protocol/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | protocolincludedir = $(includedir)/noise/protocol 3 | protocolinclude_HEADERS = \ 4 | buffer.h \ 5 | cipherstate.h \ 6 | constants.h \ 7 | dhstate.h \ 8 | errors.h \ 9 | handshakestate.h \ 10 | hashstate.h \ 11 | names.h \ 12 | randstate.h \ 13 | signstate.h \ 14 | symmetricstate.h \ 15 | util.h 16 | -------------------------------------------------------------------------------- /include/noise/protocol/buffer.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_BUFFER_H 24 | #define NOISE_BUFFER_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct 34 | { 35 | uint8_t *data; /**< Points to the data in the buffer */ 36 | size_t size; /**< Current size of the data in the buffer */ 37 | size_t max_size; /**< Maximum size of the data in the buffer */ 38 | 39 | } NoiseBuffer; 40 | 41 | #define noise_buffer_init(buffer) \ 42 | ((buffer).data = 0, (buffer).size = 0, (buffer).max_size = 0) 43 | #define noise_buffer_set_output(buffer, ptr, len) \ 44 | ((buffer).data = (ptr), (buffer).size = 0, (buffer).max_size = (len)) 45 | #define noise_buffer_set_input(buffer, ptr, len) \ 46 | ((buffer).data = (ptr), (buffer).size = (buffer).max_size = (len)) 47 | #define noise_buffer_set_inout(buffer, ptr, len, max) \ 48 | ((buffer).data = (ptr), (buffer).size = (len), (buffer).max_size = (max)) 49 | 50 | #ifdef __cplusplus 51 | }; 52 | #endif 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /include/noise/protocol/cipherstate.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_CIPHERSTATE_H 24 | #define NOISE_CIPHERSTATE_H 25 | 26 | #include 27 | 28 | #ifdef __cplusplus 29 | extern "C" { 30 | #endif 31 | 32 | typedef struct NoiseCipherState_s NoiseCipherState; 33 | 34 | int noise_cipherstate_new_by_id(NoiseCipherState **state, int id); 35 | int noise_cipherstate_new_by_name(NoiseCipherState **state, const char *name); 36 | int noise_cipherstate_free(NoiseCipherState *state); 37 | int noise_cipherstate_get_cipher_id(const NoiseCipherState *state); 38 | size_t noise_cipherstate_get_key_length(const NoiseCipherState *state); 39 | size_t noise_cipherstate_get_mac_length(const NoiseCipherState *state); 40 | int noise_cipherstate_init_key 41 | (NoiseCipherState *state, const uint8_t *key, size_t key_len); 42 | int noise_cipherstate_has_key(const NoiseCipherState *state); 43 | int noise_cipherstate_encrypt_with_ad 44 | (NoiseCipherState *state, const uint8_t *ad, size_t ad_len, 45 | NoiseBuffer *buffer); 46 | int noise_cipherstate_decrypt_with_ad 47 | (NoiseCipherState *state, const uint8_t *ad, size_t ad_len, 48 | NoiseBuffer *buffer); 49 | int noise_cipherstate_encrypt(NoiseCipherState *state, NoiseBuffer *buffer); 50 | int noise_cipherstate_decrypt(NoiseCipherState *state, NoiseBuffer *buffer); 51 | int noise_cipherstate_set_nonce(NoiseCipherState *state, uint64_t nonce); 52 | int noise_cipherstate_get_max_key_length(void); 53 | int noise_cipherstate_get_max_mac_length(void); 54 | 55 | #ifdef __cplusplus 56 | }; 57 | #endif 58 | 59 | #endif 60 | -------------------------------------------------------------------------------- /include/noise/protocol/dhstate.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_DHSTATE_H 24 | #define NOISE_DHSTATE_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct NoiseDHState_s NoiseDHState; 34 | 35 | int noise_dhstate_new_by_id(NoiseDHState **state, int id); 36 | int noise_dhstate_new_by_name(NoiseDHState **state, const char *name); 37 | int noise_dhstate_free(NoiseDHState *state); 38 | int noise_dhstate_get_dh_id(const NoiseDHState *state); 39 | size_t noise_dhstate_get_public_key_length(const NoiseDHState *state); 40 | size_t noise_dhstate_get_private_key_length(const NoiseDHState *state); 41 | size_t noise_dhstate_get_shared_key_length(const NoiseDHState *state); 42 | int noise_dhstate_is_ephemeral_only(const NoiseDHState *state); 43 | int noise_dhstate_has_keypair(const NoiseDHState *state); 44 | int noise_dhstate_has_public_key(const NoiseDHState *state); 45 | int noise_dhstate_generate_keypair(NoiseDHState *state); 46 | int noise_dhstate_generate_dependent_keypair 47 | (NoiseDHState *state, const NoiseDHState *other); 48 | int noise_dhstate_set_keypair 49 | (NoiseDHState *state, const uint8_t *private_key, size_t private_key_len, 50 | const uint8_t *public_key, size_t public_key_len); 51 | int noise_dhstate_set_keypair_private 52 | (NoiseDHState *state, const uint8_t *private_key, size_t private_key_len); 53 | int noise_dhstate_get_keypair 54 | (const NoiseDHState *state, uint8_t *private_key, size_t private_key_len, 55 | uint8_t *public_key, size_t public_key_len); 56 | int noise_dhstate_set_public_key 57 | (NoiseDHState *state, const uint8_t *public_key, size_t public_key_len); 58 | int noise_dhstate_get_public_key 59 | (const NoiseDHState *state, uint8_t *public_key, size_t public_key_len); 60 | int noise_dhstate_set_null_public_key(NoiseDHState *state); 61 | int noise_dhstate_is_null_public_key(const NoiseDHState *state); 62 | int noise_dhstate_clear_key(NoiseDHState *state); 63 | int noise_dhstate_calculate 64 | (const NoiseDHState *private_key_state, 65 | const NoiseDHState *public_key_state, 66 | uint8_t *shared_key, size_t shared_key_len); 67 | int noise_dhstate_copy(NoiseDHState *state, const NoiseDHState *from); 68 | int noise_dhstate_format_fingerprint 69 | (const NoiseDHState *state, int fingerprint_type, char *buffer, size_t len); 70 | int noise_dhstate_get_role(const NoiseDHState *state); 71 | int noise_dhstate_set_role(NoiseDHState *state, int role); 72 | 73 | #ifdef __cplusplus 74 | }; 75 | #endif 76 | 77 | #endif 78 | -------------------------------------------------------------------------------- /include/noise/protocol/errors.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_ERRORS_H 24 | #define NOISE_ERRORS_H 25 | 26 | #include 27 | 28 | #ifdef __cplusplus 29 | extern "C" { 30 | #endif 31 | 32 | void noise_perror(const char *s, int err); 33 | int noise_strerror(int err, char *buf, size_t size); 34 | 35 | #ifdef __cplusplus 36 | }; 37 | #endif 38 | 39 | #endif 40 | -------------------------------------------------------------------------------- /include/noise/protocol/handshakestate.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_HANDSHAKESTATE_H 24 | #define NOISE_HANDSHAKESTATE_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct NoiseHandshakeState_s NoiseHandshakeState; 34 | 35 | int noise_handshakestate_new_by_id 36 | (NoiseHandshakeState **state, const NoiseProtocolId *protocol_id, int role); 37 | int noise_handshakestate_new_by_name 38 | (NoiseHandshakeState **state, const char *protocol_name, int role); 39 | int noise_handshakestate_free(NoiseHandshakeState *state); 40 | int noise_handshakestate_get_role(const NoiseHandshakeState *state); 41 | int noise_handshakestate_get_protocol_id 42 | (const NoiseHandshakeState *state, NoiseProtocolId *id); 43 | NoiseDHState *noise_handshakestate_get_local_keypair_dh 44 | (const NoiseHandshakeState *state); 45 | NoiseDHState *noise_handshakestate_get_remote_public_key_dh 46 | (const NoiseHandshakeState *state); 47 | NoiseDHState *noise_handshakestate_get_fixed_ephemeral_dh 48 | (NoiseHandshakeState *state); 49 | NoiseDHState *noise_handshakestate_get_fixed_hybrid_dh 50 | (NoiseHandshakeState *state); 51 | int noise_handshakestate_needs_pre_shared_key(const NoiseHandshakeState *state); 52 | int noise_handshakestate_has_pre_shared_key(const NoiseHandshakeState *state); 53 | int noise_handshakestate_set_pre_shared_key 54 | (NoiseHandshakeState *state, const uint8_t *key, size_t key_len); 55 | int noise_handshakestate_set_prologue 56 | (NoiseHandshakeState *state, const void *prologue, size_t prologue_len); 57 | int noise_handshakestate_needs_local_keypair(const NoiseHandshakeState *state); 58 | int noise_handshakestate_has_local_keypair(const NoiseHandshakeState *state); 59 | int noise_handshakestate_needs_remote_public_key(const NoiseHandshakeState *state); 60 | int noise_handshakestate_has_remote_public_key(const NoiseHandshakeState *state); 61 | int noise_handshakestate_start(NoiseHandshakeState *state); 62 | int noise_handshakestate_fallback(NoiseHandshakeState *state); 63 | int noise_handshakestate_fallback_to(NoiseHandshakeState *state, int pattern_id); 64 | int noise_handshakestate_get_action(const NoiseHandshakeState *state); 65 | int noise_handshakestate_write_message 66 | (NoiseHandshakeState *state, NoiseBuffer *message, const NoiseBuffer *payload); 67 | int noise_handshakestate_read_message 68 | (NoiseHandshakeState *state, NoiseBuffer *message, NoiseBuffer *payload); 69 | int noise_handshakestate_split 70 | (NoiseHandshakeState *state, NoiseCipherState **send, NoiseCipherState **receive); 71 | int noise_handshakestate_get_handshake_hash 72 | (const NoiseHandshakeState *state, uint8_t *hash, size_t max_len); 73 | 74 | #ifdef __cplusplus 75 | }; 76 | #endif 77 | 78 | #endif 79 | -------------------------------------------------------------------------------- /include/noise/protocol/hashstate.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_HASHSTATE_H 24 | #define NOISE_HASHSTATE_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct NoiseHashState_s NoiseHashState; 34 | 35 | int noise_hashstate_new_by_id(NoiseHashState **state, int id); 36 | int noise_hashstate_new_by_name(NoiseHashState **state, const char *name); 37 | int noise_hashstate_free(NoiseHashState *state); 38 | int noise_hashstate_get_hash_id(const NoiseHashState *state); 39 | size_t noise_hashstate_get_hash_length(const NoiseHashState *state); 40 | size_t noise_hashstate_get_block_length(const NoiseHashState *state); 41 | int noise_hashstate_reset(NoiseHashState *state); 42 | int noise_hashstate_update 43 | (NoiseHashState *state, const uint8_t *data, size_t data_len); 44 | int noise_hashstate_finalize 45 | (NoiseHashState *state, uint8_t *hash, size_t hash_len); 46 | int noise_hashstate_hash_one 47 | (NoiseHashState *state, const uint8_t *data, size_t data_len, 48 | uint8_t *hash, size_t hash_len); 49 | int noise_hashstate_hash_two 50 | (NoiseHashState *state, const uint8_t *data1, size_t data1_len, 51 | const uint8_t *data2, size_t data2_len, uint8_t *hash, size_t hash_len); 52 | int noise_hashstate_hkdf 53 | (NoiseHashState *state, const uint8_t *key, size_t key_len, 54 | const uint8_t *data, size_t data_len, 55 | uint8_t *output1, size_t output1_len, 56 | uint8_t *output2, size_t output2_len); 57 | int noise_hashstate_pbkdf2 58 | (NoiseHashState *state, const uint8_t *passphrase, size_t passphrase_len, 59 | const uint8_t *salt, size_t salt_len, size_t iterations, 60 | uint8_t *output, size_t output_len); 61 | int noise_hashstate_get_max_hash_length(void); 62 | int noise_hashstate_get_max_block_length(void); 63 | 64 | #ifdef __cplusplus 65 | }; 66 | #endif 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /include/noise/protocol/names.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_NAMES_H 24 | #define NOISE_NAMES_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct 34 | { 35 | int prefix_id; /**< Protocol name prefix */ 36 | int pattern_id; /**< Handshake pattern */ 37 | int dh_id; /**< Diffie-Hellman algorithm identifier */ 38 | int cipher_id; /**< Cipher algorithm identifier */ 39 | int hash_id; /**< Hash algorithm identifier */ 40 | int hybrid_id; /**< Hybrid forward secrecy algorithm identifier */ 41 | int reserved[4]; /**< Reserved for future use; should be zero */ 42 | 43 | } NoiseProtocolId; 44 | 45 | int noise_name_to_id(int category, const char *name, size_t name_len); 46 | const char *noise_id_to_name(int category, int id); 47 | 48 | int noise_protocol_name_to_id 49 | (NoiseProtocolId *id, const char *name, size_t name_len); 50 | int noise_protocol_id_to_name 51 | (char *name, size_t name_len, const NoiseProtocolId *id); 52 | 53 | #ifdef __cplusplus 54 | }; 55 | #endif 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /include/noise/protocol/randstate.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_RANDSTATE_H 24 | #define NOISE_RANDSTATE_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct NoiseRandState_s NoiseRandState; 34 | 35 | int noise_randstate_new(NoiseRandState **state); 36 | int noise_randstate_free(NoiseRandState *state); 37 | int noise_randstate_reseed(NoiseRandState *state); 38 | int noise_randstate_generate 39 | (NoiseRandState *state, uint8_t *buffer, size_t len); 40 | int noise_randstate_pad 41 | (NoiseRandState *state, uint8_t *payload, size_t orig_len, 42 | size_t padded_len, int padding_mode); 43 | int noise_randstate_generate_simple(uint8_t *buffer, size_t len); 44 | 45 | #ifdef __cplusplus 46 | }; 47 | #endif 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /include/noise/protocol/signstate.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_SIGNSTATE_H 24 | #define NOISE_SIGNSTATE_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct NoiseSignState_s NoiseSignState; 34 | 35 | int noise_signstate_new_by_id(NoiseSignState **state, int id); 36 | int noise_signstate_new_by_name(NoiseSignState **state, const char *name); 37 | int noise_signstate_free(NoiseSignState *state); 38 | int noise_signstate_get_sign_id(const NoiseSignState *state); 39 | size_t noise_signstate_get_public_key_length(const NoiseSignState *state); 40 | size_t noise_signstate_get_private_key_length(const NoiseSignState *state); 41 | size_t noise_signstate_get_signature_length(const NoiseSignState *state); 42 | int noise_signstate_has_keypair(const NoiseSignState *state); 43 | int noise_signstate_has_public_key(const NoiseSignState *state); 44 | int noise_signstate_generate_keypair(NoiseSignState *state); 45 | int noise_signstate_set_keypair 46 | (NoiseSignState *state, const uint8_t *private_key, size_t private_key_len, 47 | const uint8_t *public_key, size_t public_key_len); 48 | int noise_signstate_set_keypair_private 49 | (NoiseSignState *state, const uint8_t *private_key, size_t private_key_len); 50 | int noise_signstate_get_keypair 51 | (const NoiseSignState *state, uint8_t *private_key, size_t private_key_len, 52 | uint8_t *public_key, size_t public_key_len); 53 | int noise_signstate_set_public_key 54 | (NoiseSignState *state, const uint8_t *public_key, size_t public_key_len); 55 | int noise_signstate_get_public_key 56 | (const NoiseSignState *state, uint8_t *public_key, size_t public_key_len); 57 | int noise_signstate_clear_key(NoiseSignState *state); 58 | int noise_signstate_sign 59 | (const NoiseSignState *state, const uint8_t *message, size_t message_len, 60 | uint8_t *signature, size_t signature_len); 61 | int noise_signstate_verify 62 | (const NoiseSignState *state, const uint8_t *message, size_t message_len, 63 | const uint8_t *signature, size_t signature_len); 64 | int noise_signstate_copy(NoiseSignState *state, const NoiseSignState *from); 65 | int noise_signstate_format_fingerprint 66 | (const NoiseSignState *state, int fingerprint_type, 67 | char *buffer, size_t len); 68 | int noise_signstate_get_max_key_length(void); 69 | int noise_signstate_get_max_signature_length(void); 70 | 71 | #ifdef __cplusplus 72 | }; 73 | #endif 74 | 75 | #endif 76 | -------------------------------------------------------------------------------- /include/noise/protocol/symmetricstate.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_SYMMETRICSTATE_H 24 | #define NOISE_SYMMETRICSTATE_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct NoiseSymmetricState_s NoiseSymmetricState; 34 | 35 | int noise_symmetricstate_new_by_id 36 | (NoiseSymmetricState **state, const NoiseProtocolId *id); 37 | int noise_symmetricstate_new_by_name 38 | (NoiseSymmetricState **state, const char *name); 39 | int noise_symmetricstate_free(NoiseSymmetricState *state); 40 | int noise_symmetricstate_get_protocol_id 41 | (const NoiseSymmetricState *state, NoiseProtocolId *id); 42 | int noise_symmetricstate_mix_key 43 | (NoiseSymmetricState *state, const uint8_t *input, size_t size); 44 | int noise_symmetricstate_mix_hash 45 | (NoiseSymmetricState *state, const uint8_t *input, size_t size); 46 | int noise_symmetricstate_encrypt_and_hash 47 | (NoiseSymmetricState *state, NoiseBuffer *buffer); 48 | int noise_symmetricstate_decrypt_and_hash 49 | (NoiseSymmetricState *state, NoiseBuffer *buffer); 50 | size_t noise_symmetricstate_get_mac_length(const NoiseSymmetricState *state); 51 | int noise_symmetricstate_split 52 | (NoiseSymmetricState *state, NoiseCipherState **c1, NoiseCipherState **c2); 53 | 54 | #ifdef __cplusplus 55 | }; 56 | #endif 57 | 58 | #endif 59 | -------------------------------------------------------------------------------- /include/noise/protocol/util.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef NOISE_UTIL_H 24 | #define NOISE_UTIL_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | int noise_init(void); 34 | 35 | #define noise_new(type) ((type *)noise_new_object(sizeof(type))) 36 | void *noise_new_object(size_t size); 37 | void noise_free(void *ptr, size_t size); 38 | 39 | void noise_clean(void *data, size_t size); 40 | 41 | int noise_is_equal(const void *s1, const void *s2, size_t size); 42 | int noise_is_zero(const void *data, size_t size); 43 | 44 | int noise_format_fingerprint 45 | (int fingerprint_type, char *buffer, size_t len, 46 | const uint8_t *public_key, size_t public_key_len); 47 | 48 | #ifdef __cplusplus 49 | }; 50 | #endif 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /src/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | SUBDIRS = protocol protobufs keys 3 | -------------------------------------------------------------------------------- /src/backend/ref/hash-blake2b.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #include "internal.h" 24 | #include "crypto/blake2/blake2b.h" 25 | 26 | typedef struct 27 | { 28 | struct NoiseHashState_s parent; 29 | BLAKE2b_context_t blake2; 30 | 31 | } NoiseBLAKE2bState; 32 | 33 | static void noise_blake2b_reset(NoiseHashState *state) 34 | { 35 | NoiseBLAKE2bState *st = (NoiseBLAKE2bState *)state; 36 | BLAKE2b_reset(&(st->blake2)); 37 | } 38 | 39 | static void noise_blake2b_update(NoiseHashState *state, const uint8_t *data, size_t len) 40 | { 41 | NoiseBLAKE2bState *st = (NoiseBLAKE2bState *)state; 42 | BLAKE2b_update(&(st->blake2), data, len); 43 | } 44 | 45 | static void noise_blake2b_finalize(NoiseHashState *state, uint8_t *hash) 46 | { 47 | NoiseBLAKE2bState *st = (NoiseBLAKE2bState *)state; 48 | BLAKE2b_finish(&(st->blake2), hash); 49 | } 50 | 51 | NoiseHashState *noise_blake2b_new(void) 52 | { 53 | NoiseBLAKE2bState *state = noise_new(NoiseBLAKE2bState); 54 | if (!state) 55 | return 0; 56 | state->parent.hash_id = NOISE_HASH_BLAKE2b; 57 | state->parent.hash_len = 64; 58 | state->parent.block_len = 128; 59 | state->parent.reset = noise_blake2b_reset; 60 | state->parent.update = noise_blake2b_update; 61 | state->parent.finalize = noise_blake2b_finalize; 62 | return &(state->parent); 63 | } 64 | -------------------------------------------------------------------------------- /src/backend/ref/hash-blake2s.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #include "internal.h" 24 | #include "crypto/blake2/blake2s.h" 25 | 26 | typedef struct 27 | { 28 | struct NoiseHashState_s parent; 29 | BLAKE2s_context_t blake2; 30 | 31 | } NoiseBLAKE2sState; 32 | 33 | static void noise_blake2s_reset(NoiseHashState *state) 34 | { 35 | NoiseBLAKE2sState *st = (NoiseBLAKE2sState *)state; 36 | BLAKE2s_reset(&(st->blake2)); 37 | } 38 | 39 | static void noise_blake2s_update(NoiseHashState *state, const uint8_t *data, size_t len) 40 | { 41 | NoiseBLAKE2sState *st = (NoiseBLAKE2sState *)state; 42 | BLAKE2s_update(&(st->blake2), data, len); 43 | } 44 | 45 | static void noise_blake2s_finalize(NoiseHashState *state, uint8_t *hash) 46 | { 47 | NoiseBLAKE2sState *st = (NoiseBLAKE2sState *)state; 48 | BLAKE2s_finish(&(st->blake2), hash); 49 | } 50 | 51 | NoiseHashState *noise_blake2s_new(void) 52 | { 53 | NoiseBLAKE2sState *state = noise_new(NoiseBLAKE2sState); 54 | if (!state) 55 | return 0; 56 | state->parent.hash_id = NOISE_HASH_BLAKE2s; 57 | state->parent.hash_len = 32; 58 | state->parent.block_len = 64; 59 | state->parent.reset = noise_blake2s_reset; 60 | state->parent.update = noise_blake2s_update; 61 | state->parent.finalize = noise_blake2s_finalize; 62 | return &(state->parent); 63 | } 64 | -------------------------------------------------------------------------------- /src/backend/ref/hash-sha256.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #include "internal.h" 24 | #include "crypto/sha2/sha256.h" 25 | 26 | typedef struct 27 | { 28 | struct NoiseHashState_s parent; 29 | sha256_context_t sha256; 30 | 31 | } NoiseSHA256State; 32 | 33 | static void noise_sha256_reset(NoiseHashState *state) 34 | { 35 | NoiseSHA256State *st = (NoiseSHA256State *)state; 36 | sha256_reset(&(st->sha256)); 37 | } 38 | 39 | static void noise_sha256_update(NoiseHashState *state, const uint8_t *data, size_t len) 40 | { 41 | NoiseSHA256State *st = (NoiseSHA256State *)state; 42 | sha256_update(&(st->sha256), data, len); 43 | } 44 | 45 | static void noise_sha256_finalize(NoiseHashState *state, uint8_t *hash) 46 | { 47 | NoiseSHA256State *st = (NoiseSHA256State *)state; 48 | sha256_finish(&(st->sha256), hash); 49 | } 50 | 51 | NoiseHashState *noise_sha256_new(void) 52 | { 53 | NoiseSHA256State *state = noise_new(NoiseSHA256State); 54 | if (!state) 55 | return 0; 56 | state->parent.hash_id = NOISE_HASH_SHA256; 57 | state->parent.hash_len = 32; 58 | state->parent.block_len = 64; 59 | state->parent.reset = noise_sha256_reset; 60 | state->parent.update = noise_sha256_update; 61 | state->parent.finalize = noise_sha256_finalize; 62 | return &(state->parent); 63 | } 64 | -------------------------------------------------------------------------------- /src/backend/ref/hash-sha512.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #include "internal.h" 24 | #include "crypto/sha2/sha512.h" 25 | 26 | typedef struct 27 | { 28 | struct NoiseHashState_s parent; 29 | sha512_context_t sha512; 30 | 31 | } NoiseSHA512State; 32 | 33 | static void noise_sha512_reset(NoiseHashState *state) 34 | { 35 | NoiseSHA512State *st = (NoiseSHA512State *)state; 36 | sha512_reset(&(st->sha512)); 37 | } 38 | 39 | static void noise_sha512_update(NoiseHashState *state, const uint8_t *data, size_t len) 40 | { 41 | NoiseSHA512State *st = (NoiseSHA512State *)state; 42 | sha512_update(&(st->sha512), data, len); 43 | } 44 | 45 | static void noise_sha512_finalize(NoiseHashState *state, uint8_t *hash) 46 | { 47 | NoiseSHA512State *st = (NoiseSHA512State *)state; 48 | sha512_finish(&(st->sha512), hash); 49 | } 50 | 51 | NoiseHashState *noise_sha512_new(void) 52 | { 53 | NoiseSHA512State *state = noise_new(NoiseSHA512State); 54 | if (!state) 55 | return 0; 56 | state->parent.hash_id = NOISE_HASH_SHA512; 57 | state->parent.hash_len = 64; 58 | state->parent.block_len = 128; 59 | state->parent.reset = noise_sha512_reset; 60 | state->parent.update = noise_sha512_update; 61 | state->parent.finalize = noise_sha512_finalize; 62 | return &(state->parent); 63 | } 64 | -------------------------------------------------------------------------------- /src/backend/sodium/hash-blake2b.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * Copyright (C) 2016 Topology LP. 4 | * 5 | * Permission is hereby granted, free of charge, to any person obtaining a 6 | * copy of this software and associated documentation files (the "Software"), 7 | * to deal in the Software without restriction, including without limitation 8 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 | * and/or sell copies of the Software, and to permit persons to whom the 10 | * Software is furnished to do so, subject to the following conditions: 11 | * 12 | * The above copyright notice and this permission notice shall be included 13 | * in all copies or substantial portions of the Software. 14 | * 15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 16 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 21 | * DEALINGS IN THE SOFTWARE. 22 | */ 23 | 24 | #include "internal.h" 25 | #include 26 | 27 | typedef struct 28 | { 29 | struct NoiseHashState_s parent; 30 | crypto_generichash_blake2b_state blake2; 31 | 32 | } NoiseBLAKE2bState; 33 | 34 | static void noise_blake2b_reset(NoiseHashState *state) 35 | { 36 | NoiseBLAKE2bState *st = (NoiseBLAKE2bState *)state; 37 | crypto_generichash_blake2b_init(&(st->blake2), NULL, 0, crypto_generichash_blake2b_BYTES_MAX); 38 | } 39 | 40 | static void noise_blake2b_update(NoiseHashState *state, const uint8_t *data, size_t len) 41 | { 42 | NoiseBLAKE2bState *st = (NoiseBLAKE2bState *)state; 43 | crypto_generichash_blake2b_update(&(st->blake2), data, len); 44 | } 45 | 46 | static void noise_blake2b_finalize(NoiseHashState *state, uint8_t *hash) 47 | { 48 | NoiseBLAKE2bState *st = (NoiseBLAKE2bState *)state; 49 | crypto_generichash_blake2b_final(&(st->blake2), hash, crypto_generichash_blake2b_BYTES_MAX); 50 | } 51 | 52 | NoiseHashState *noise_blake2b_new(void) 53 | { 54 | NoiseBLAKE2bState *state = noise_new(NoiseBLAKE2bState); 55 | if (!state) 56 | return 0; 57 | state->parent.hash_id = NOISE_HASH_BLAKE2b; 58 | state->parent.hash_len = 64; 59 | state->parent.block_len = 128; 60 | state->parent.reset = noise_blake2b_reset; 61 | state->parent.update = noise_blake2b_update; 62 | state->parent.finalize = noise_blake2b_finalize; 63 | return &(state->parent); 64 | } 65 | -------------------------------------------------------------------------------- /src/backend/sodium/hash-sha256.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * Copyright (C) 2016 Topology LP. 4 | * 5 | * Permission is hereby granted, free of charge, to any person obtaining a 6 | * copy of this software and associated documentation files (the "Software"), 7 | * to deal in the Software without restriction, including without limitation 8 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 | * and/or sell copies of the Software, and to permit persons to whom the 10 | * Software is furnished to do so, subject to the following conditions: 11 | * 12 | * The above copyright notice and this permission notice shall be included 13 | * in all copies or substantial portions of the Software. 14 | * 15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 16 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 21 | * DEALINGS IN THE SOFTWARE. 22 | */ 23 | 24 | #include "internal.h" 25 | #include 26 | 27 | typedef struct 28 | { 29 | struct NoiseHashState_s parent; 30 | crypto_hash_sha256_state sha256; 31 | 32 | } NoiseSHA256State; 33 | 34 | static void noise_sha256_reset(NoiseHashState *state) 35 | { 36 | NoiseSHA256State *st = (NoiseSHA256State *)state; 37 | crypto_hash_sha256_init(&(st->sha256)); 38 | } 39 | 40 | static void noise_sha256_update(NoiseHashState *state, const uint8_t *data, size_t len) 41 | { 42 | NoiseSHA256State *st = (NoiseSHA256State *)state; 43 | crypto_hash_sha256_update(&(st->sha256), data, len); 44 | } 45 | 46 | static void noise_sha256_finalize(NoiseHashState *state, uint8_t *hash) 47 | { 48 | NoiseSHA256State *st = (NoiseSHA256State *)state; 49 | crypto_hash_sha256_final(&(st->sha256), hash); 50 | } 51 | 52 | NoiseHashState *noise_sha256_new(void) 53 | { 54 | NoiseSHA256State *state = noise_new(NoiseSHA256State); 55 | if (!state) 56 | return 0; 57 | state->parent.hash_id = NOISE_HASH_SHA256; 58 | state->parent.hash_len = 32; 59 | state->parent.block_len = 64; 60 | state->parent.reset = noise_sha256_reset; 61 | state->parent.update = noise_sha256_update; 62 | state->parent.finalize = noise_sha256_finalize; 63 | return &(state->parent); 64 | } 65 | -------------------------------------------------------------------------------- /src/backend/sodium/hash-sha512.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * Copyright (C) 2016 Topology LP. 4 | * 5 | * Permission is hereby granted, free of charge, to any person obtaining a 6 | * copy of this software and associated documentation files (the "Software"), 7 | * to deal in the Software without restriction, including without limitation 8 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 | * and/or sell copies of the Software, and to permit persons to whom the 10 | * Software is furnished to do so, subject to the following conditions: 11 | * 12 | * The above copyright notice and this permission notice shall be included 13 | * in all copies or substantial portions of the Software. 14 | * 15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 16 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 21 | * DEALINGS IN THE SOFTWARE. 22 | */ 23 | 24 | #include "internal.h" 25 | #include 26 | 27 | typedef struct 28 | { 29 | struct NoiseHashState_s parent; 30 | crypto_hash_sha512_state sha512; 31 | 32 | } NoiseSHA512State; 33 | 34 | static void noise_sha512_reset(NoiseHashState *state) 35 | { 36 | NoiseSHA512State *st = (NoiseSHA512State *)state; 37 | crypto_hash_sha512_init(&(st->sha512)); 38 | } 39 | 40 | static void noise_sha512_update(NoiseHashState *state, const uint8_t *data, size_t len) 41 | { 42 | NoiseSHA512State *st = (NoiseSHA512State *)state; 43 | crypto_hash_sha512_update(&(st->sha512), data, len); 44 | } 45 | 46 | static void noise_sha512_finalize(NoiseHashState *state, uint8_t *hash) 47 | { 48 | NoiseSHA512State *st = (NoiseSHA512State *)state; 49 | crypto_hash_sha512_final(&(st->sha512), hash); 50 | } 51 | 52 | NoiseHashState *noise_sha512_new(void) 53 | { 54 | NoiseSHA512State *state = noise_new(NoiseSHA512State); 55 | if (!state) 56 | return 0; 57 | state->parent.hash_id = NOISE_HASH_SHA512; 58 | state->parent.hash_len = 64; 59 | state->parent.block_len = 128; 60 | state->parent.reset = noise_sha512_reset; 61 | state->parent.update = noise_sha512_update; 62 | state->parent.finalize = noise_sha512_finalize; 63 | return &(state->parent); 64 | } 65 | -------------------------------------------------------------------------------- /src/crypto/README: -------------------------------------------------------------------------------- 1 | 2 | This directory contains reference implementations of various primitives. 3 | 4 | curve25519-donna: 5 | https://github.com/agl/curve25519-donna.git 6 | MIT license 7 | 8 | poly1305-donna: 9 | https://github.com/floodyberry/poly1305-donna.git 10 | MIT license / public domain 11 | 12 | chacha: 13 | Implementation specific to this distribution. Supports plain C and SSE2. 14 | MIT license 15 | 16 | blake2: 17 | Implementation of BLAKE2 from arduinolibs. SSE2 support added to BLAKE2s. 18 | https://github.com/rweather/arduinolibs 19 | MIT license 20 | 21 | AES: 22 | http://web.cs.ucdavis.edu/~rogaway/ocb/ocb-ref/ 23 | Public domain code from the original Rijndael authors. 24 | 25 | sha2: 26 | Plain C implementation specific to this distribution. 27 | MIT license 28 | 29 | ghash: 30 | Implementation of GHASH from arduinolibs to support GCM. 31 | https://github.com/rweather/arduinolibs 32 | MIT license 33 | 34 | goldilocks: 35 | Ed448-Goldilocks reference implementation of p448 curves. We only use 36 | the p448 field arithmetic from this library because the public API 37 | for goldilocks doesn't quite do what we want (RFC 7748 compatibility). 38 | git://git.code.sf.net/p/ed448goldilocks/code 39 | MIT license 40 | 41 | curve448: 42 | Simple implementation of curve448 built on top of the p448 arithmetic 43 | from goldilocks. This can be exported and used in other projects. 44 | MIT license 45 | 46 | ed25519: 47 | Reference implementation of the Ed25519 signature signature algorithm. 48 | https://github.com/floodyberry/ed25519-donna.git 49 | Public domain 50 | 51 | newhope 52 | Reference New Hope post-quantum key exchange algorithm, "torref" version. 53 | https://cryptojedi.org/crypto/#newhope 54 | Public domain 55 | -------------------------------------------------------------------------------- /src/crypto/aes/rijndael-alg-fst.h: -------------------------------------------------------------------------------- 1 | /** 2 | * rijndael-alg-fst.h 3 | * 4 | * @version 3.0 (December 2000) 5 | * 6 | * Optimised ANSI C code for the Rijndael cipher (now AES) 7 | * 8 | * @author Vincent Rijmen 9 | * @author Antoon Bosselaers 10 | * @author Paulo Barreto 11 | * 12 | * This code is hereby placed in the public domain. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS 15 | * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 16 | * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE 18 | * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 19 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 20 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 21 | * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 22 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE 23 | * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, 24 | * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 | */ 26 | #ifndef __RIJNDAEL_ALG_FST_H 27 | #define __RIJNDAEL_ALG_FST_H 28 | 29 | #include 30 | 31 | #define MAXKC (256/32) 32 | #define MAXKB (256/8) 33 | #define MAXNR 14 34 | 35 | typedef uint8_t u8; 36 | typedef uint16_t u16; 37 | typedef uint32_t u32; 38 | 39 | int rijndaelKeySetupEnc(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits); 40 | int rijndaelKeySetupDec(u32 rk[/*4*(Nr + 1)*/], const u8 cipherKey[], int keyBits); 41 | void rijndaelEncrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 pt[16], u8 ct[16]); 42 | void rijndaelDecrypt(const u32 rk[/*4*(Nr + 1)*/], int Nr, const u8 ct[16], u8 pt[16]); 43 | 44 | #ifdef INTERMEDIATE_VALUE_KAT 45 | void rijndaelEncryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds); 46 | void rijndaelDecryptRound(const u32 rk[/*4*(Nr + 1)*/], int Nr, u8 block[16], int rounds); 47 | #endif /* INTERMEDIATE_VALUE_KAT */ 48 | 49 | #endif /* __RIJNDAEL_ALG_FST_H */ 50 | -------------------------------------------------------------------------------- /src/crypto/blake2/blake2-endian.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef __BLAKE2_ENDIAN_H__ 24 | #define __BLAKE2_ENDIAN_H__ 25 | 26 | #if defined(__WIN32__) || defined(WIN32) 27 | #ifndef __BIG_ENDIAN 28 | #define __BIG_ENDIAN 4321 29 | #endif 30 | #ifndef __LITTLE_ENDIAN 31 | #define __LITTLE_ENDIAN 1234 32 | #endif 33 | #ifndef __BYTE_ORDER 34 | #define __BYTE_ORDER __LITTLE_ENDIAN 35 | #endif 36 | #elif defined(__APPLE__) 37 | #include 38 | #if !defined( __BYTE_ORDER) && defined(__DARWIN_BYTE_ORDER) 39 | #define __BYTE_ORDER __DARWIN_BYTE_ORDER 40 | #endif 41 | #if !defined( __BIG_ENDIAN) && defined(__DARWIN_BIG_ENDIAN) 42 | #define __BIG_ENDIAN __DARWIN_BIG_ENDIAN 43 | #endif 44 | #if !defined( __LITTLE_ENDIAN) && defined(__DARWIN_LITTLE_ENDIAN) 45 | #define __LITTLE_ENDIAN __DARWIN_LITTLE_ENDIAN 46 | #endif 47 | #else 48 | #include 49 | #endif 50 | 51 | #if __BYTE_ORDER == __LITTLE_ENDIAN 52 | #define BLAKE2_LITTLE_ENDIAN 1 53 | #endif 54 | 55 | #endif 56 | -------------------------------------------------------------------------------- /src/crypto/blake2/blake2b.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef BLAKE2b_H 24 | #define BLAKE2b_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct 34 | { 35 | uint64_t h[8]; 36 | uint8_t m[128]; 37 | uint64_t length; /* Limited to 2^64 - 1 bytes */ 38 | uint8_t posn; 39 | 40 | } BLAKE2b_context_t; 41 | 42 | void BLAKE2b_reset(BLAKE2b_context_t *context); 43 | void BLAKE2b_update(BLAKE2b_context_t *context, const void *data, size_t size); 44 | void BLAKE2b_finish(BLAKE2b_context_t *context, uint8_t *hash); 45 | 46 | #ifdef __cplusplus 47 | }; 48 | #endif 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /src/crypto/blake2/blake2s.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef BLAKE2s_H 24 | #define BLAKE2s_H 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | #if defined(__SSE2__) && defined(__GNUC__) && __GNUC__ >= 4 34 | #define BLAKE2S_USE_VECTOR_MATH 1 35 | #ifdef __clang__ 36 | typedef uint32_t BlakeVectorUInt32 __attribute__((ext_vector_type(4))); 37 | #else 38 | typedef uint32_t BlakeVectorUInt32 __attribute__((__vector_size__(16))); 39 | #endif 40 | #else 41 | #undef BLAKE2S_USE_VECTOR_MATH 42 | #endif 43 | 44 | typedef struct 45 | { 46 | #if BLAKE2S_USE_VECTOR_MATH 47 | BlakeVectorUInt32 h[2]; 48 | #else 49 | uint32_t h[8]; 50 | #endif 51 | uint8_t m[64]; 52 | uint64_t length; 53 | uint8_t posn; 54 | 55 | } BLAKE2s_context_t; 56 | 57 | void BLAKE2s_reset(BLAKE2s_context_t *context); 58 | void BLAKE2s_update(BLAKE2s_context_t *context, const void *data, size_t size); 59 | void BLAKE2s_finish(BLAKE2s_context_t *context, uint8_t *hash); 60 | 61 | #ifdef __cplusplus 62 | }; 63 | #endif 64 | 65 | #endif 66 | -------------------------------------------------------------------------------- /src/crypto/chacha/chacha.h: -------------------------------------------------------------------------------- 1 | 2 | #ifndef CHACHA_H 3 | #define CHACHA_H 4 | 5 | #include 6 | #include 7 | 8 | #if defined(__SSE2__) && defined(__GNUC__) && __GNUC__ >= 4 9 | #define USE_VECTOR_MATH 1 10 | #ifdef __clang__ 11 | typedef uint32_t VectorUInt32 __attribute__((ext_vector_type(4))); 12 | #else 13 | typedef uint32_t VectorUInt32 __attribute__((__vector_size__(16))); 14 | #endif 15 | #else 16 | #undef USE_VECTOR_MATH 17 | #endif 18 | 19 | typedef struct 20 | { 21 | #ifdef USE_VECTOR_MATH 22 | VectorUInt32 input[4]; 23 | #else 24 | uint32_t input[16]; 25 | #endif 26 | 27 | } chacha_ctx; 28 | 29 | extern void chacha_keysetup(chacha_ctx *x,const uint8_t *k,uint32_t kbits); 30 | extern void chacha_ivsetup(chacha_ctx *x,const uint8_t *iv,const uint8_t *counter); 31 | extern void chacha_encrypt_bytes(chacha_ctx *x,const uint8_t *m,uint8_t *c,uint32_t bytes); 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /src/crypto/curve448/curve448.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef __CURVE448_H__ 24 | #define __CURVE448_H__ 25 | 26 | #ifdef __cplusplus 27 | extern "C" { 28 | #endif 29 | 30 | int curve448_eval(unsigned char mypublic[56], const unsigned char secret[56], const unsigned char basepoint[56]); 31 | 32 | #ifdef __cplusplus 33 | }; 34 | #endif 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /src/crypto/donna/poly1305-donna.h: -------------------------------------------------------------------------------- 1 | #ifndef POLY1305_DONNA_H 2 | #define POLY1305_DONNA_H 3 | 4 | #include 5 | 6 | typedef struct poly1305_context { 7 | size_t aligner; 8 | unsigned char opaque[136]; 9 | } poly1305_context; 10 | 11 | void poly1305_init(poly1305_context *ctx, const unsigned char key[32]); 12 | void poly1305_update(poly1305_context *ctx, const unsigned char *m, size_t bytes); 13 | void poly1305_finish(poly1305_context *ctx, unsigned char mac[16]); 14 | void poly1305_auth(unsigned char mac[16], const unsigned char *m, size_t bytes, const unsigned char key[32]); 15 | 16 | int poly1305_verify(const unsigned char mac1[16], const unsigned char mac2[16]); 17 | int poly1305_power_on_self_test(void); 18 | 19 | #endif /* POLY1305_DONNA_H */ 20 | 21 | -------------------------------------------------------------------------------- /src/crypto/ed25519/curve25519-donna-helpers.h: -------------------------------------------------------------------------------- 1 | /* 2 | Public domain by Andrew M. 3 | See: https://github.com/floodyberry/curve25519-donna 4 | 5 | Curve25519 implementation agnostic helpers 6 | */ 7 | 8 | /* 9 | * In: b = 2^5 - 2^0 10 | * Out: b = 2^250 - 2^0 11 | */ 12 | static void 13 | curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) { 14 | bignum25519 ALIGN(16) t0,c; 15 | 16 | /* 2^5 - 2^0 */ /* b */ 17 | /* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5); 18 | /* 2^10 - 2^0 */ curve25519_mul_noinline(b, t0, b); 19 | /* 2^20 - 2^10 */ curve25519_square_times(t0, b, 10); 20 | /* 2^20 - 2^0 */ curve25519_mul_noinline(c, t0, b); 21 | /* 2^40 - 2^20 */ curve25519_square_times(t0, c, 20); 22 | /* 2^40 - 2^0 */ curve25519_mul_noinline(t0, t0, c); 23 | /* 2^50 - 2^10 */ curve25519_square_times(t0, t0, 10); 24 | /* 2^50 - 2^0 */ curve25519_mul_noinline(b, t0, b); 25 | /* 2^100 - 2^50 */ curve25519_square_times(t0, b, 50); 26 | /* 2^100 - 2^0 */ curve25519_mul_noinline(c, t0, b); 27 | /* 2^200 - 2^100 */ curve25519_square_times(t0, c, 100); 28 | /* 2^200 - 2^0 */ curve25519_mul_noinline(t0, t0, c); 29 | /* 2^250 - 2^50 */ curve25519_square_times(t0, t0, 50); 30 | /* 2^250 - 2^0 */ curve25519_mul_noinline(b, t0, b); 31 | } 32 | 33 | /* 34 | * z^(p - 2) = z(2^255 - 21) 35 | */ 36 | static void 37 | curve25519_recip(bignum25519 out, const bignum25519 z) { 38 | bignum25519 ALIGN(16) a,t0,b; 39 | 40 | /* 2 */ curve25519_square_times(a, z, 1); /* a = 2 */ 41 | /* 8 */ curve25519_square_times(t0, a, 2); 42 | /* 9 */ curve25519_mul_noinline(b, t0, z); /* b = 9 */ 43 | /* 11 */ curve25519_mul_noinline(a, b, a); /* a = 11 */ 44 | /* 22 */ curve25519_square_times(t0, a, 1); 45 | /* 2^5 - 2^0 = 31 */ curve25519_mul_noinline(b, t0, b); 46 | /* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b); 47 | /* 2^255 - 2^5 */ curve25519_square_times(b, b, 5); 48 | /* 2^255 - 21 */ curve25519_mul_noinline(out, b, a); 49 | } 50 | 51 | /* 52 | * z^((p-5)/8) = z^(2^252 - 3) 53 | */ 54 | static void 55 | curve25519_pow_two252m3(bignum25519 two252m3, const bignum25519 z) { 56 | bignum25519 ALIGN(16) b,c,t0; 57 | 58 | /* 2 */ curve25519_square_times(c, z, 1); /* c = 2 */ 59 | /* 8 */ curve25519_square_times(t0, c, 2); /* t0 = 8 */ 60 | /* 9 */ curve25519_mul_noinline(b, t0, z); /* b = 9 */ 61 | /* 11 */ curve25519_mul_noinline(c, b, c); /* c = 11 */ 62 | /* 22 */ curve25519_square_times(t0, c, 1); 63 | /* 2^5 - 2^0 = 31 */ curve25519_mul_noinline(b, t0, b); 64 | /* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b); 65 | /* 2^252 - 2^2 */ curve25519_square_times(b, b, 2); 66 | /* 2^252 - 3 */ curve25519_mul_noinline(two252m3, b, z); 67 | } 68 | -------------------------------------------------------------------------------- /src/crypto/ed25519/ed25519-donna-portable-identify.h: -------------------------------------------------------------------------------- 1 | /* os */ 2 | #if defined(_WIN32) || defined(_WIN64) || defined(__TOS_WIN__) || defined(__WINDOWS__) 3 | #define OS_WINDOWS 4 | #elif defined(sun) || defined(__sun) || defined(__SVR4) || defined(__svr4__) 5 | #define OS_SOLARIS 6 | #else 7 | #include /* need this to define BSD */ 8 | #define OS_NIX 9 | #if defined(__linux__) 10 | #define OS_LINUX 11 | #elif defined(BSD) 12 | #define OS_BSD 13 | #if defined(MACOS_X) || (defined(__APPLE__) & defined(__MACH__)) 14 | #define OS_OSX 15 | #elif defined(macintosh) || defined(Macintosh) 16 | #define OS_MAC 17 | #elif defined(__OpenBSD__) 18 | #define OS_OPENBSD 19 | #endif 20 | #endif 21 | #endif 22 | 23 | 24 | /* compiler */ 25 | #if defined(_MSC_VER) 26 | #define COMPILER_MSVC 27 | #endif 28 | #if defined(__ICC) 29 | #define COMPILER_INTEL 30 | #endif 31 | #if defined(__GNUC__) 32 | #if (__GNUC__ >= 3) 33 | #define COMPILER_GCC ((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100) + (__GNUC_PATCHLEVEL__)) 34 | #else 35 | #define COMPILER_GCC ((__GNUC__ * 10000) + (__GNUC_MINOR__ * 100) ) 36 | #endif 37 | #endif 38 | #if defined(__PATHCC__) 39 | #define COMPILER_PATHCC 40 | #endif 41 | #if defined(__clang__) 42 | #define COMPILER_CLANG ((__clang_major__ * 10000) + (__clang_minor__ * 100) + (__clang_patchlevel__)) 43 | #endif 44 | 45 | 46 | 47 | /* cpu */ 48 | #if defined(__amd64__) || defined(__amd64) || defined(__x86_64__ ) || defined(_M_X64) 49 | #define CPU_X86_64 50 | #elif defined(__i586__) || defined(__i686__) || (defined(_M_IX86) && (_M_IX86 >= 500)) 51 | #define CPU_X86 500 52 | #elif defined(__i486__) || (defined(_M_IX86) && (_M_IX86 >= 400)) 53 | #define CPU_X86 400 54 | #elif defined(__i386__) || (defined(_M_IX86) && (_M_IX86 >= 300)) || defined(__X86__) || defined(_X86_) || defined(__I86__) 55 | #define CPU_X86 300 56 | #elif defined(__ia64__) || defined(_IA64) || defined(__IA64__) || defined(_M_IA64) || defined(__ia64) 57 | #define CPU_IA64 58 | #endif 59 | 60 | #if defined(__sparc__) || defined(__sparc) || defined(__sparcv9) 61 | #define CPU_SPARC 62 | #if defined(__sparcv9) 63 | #define CPU_SPARC64 64 | #endif 65 | #endif 66 | 67 | #if defined(powerpc) || defined(__PPC__) || defined(__ppc__) || defined(_ARCH_PPC) || defined(__powerpc__) || defined(__powerpc) || defined(POWERPC) || defined(_M_PPC) 68 | #define CPU_PPC 69 | #if defined(_ARCH_PWR7) 70 | #define CPU_POWER7 71 | #elif defined(__64BIT__) 72 | #define CPU_PPC64 73 | #else 74 | #define CPU_PPC32 75 | #endif 76 | #endif 77 | 78 | #if defined(__hppa__) || defined(__hppa) 79 | #define CPU_HPPA 80 | #endif 81 | 82 | #if defined(__alpha__) || defined(__alpha) || defined(_M_ALPHA) 83 | #define CPU_ALPHA 84 | #endif 85 | 86 | /* 64 bit cpu */ 87 | #if defined(CPU_X86_64) || defined(CPU_IA64) || defined(CPU_SPARC64) || defined(__64BIT__) || defined(__LP64__) || defined(_LP64) || (defined(_MIPS_SZLONG) && (_MIPS_SZLONG == 64)) 88 | #define CPU_64BITS 89 | #endif 90 | 91 | #if defined(COMPILER_MSVC) 92 | typedef signed char int8_t; 93 | typedef unsigned char uint8_t; 94 | typedef signed short int16_t; 95 | typedef unsigned short uint16_t; 96 | typedef signed int int32_t; 97 | typedef unsigned int uint32_t; 98 | typedef signed __int64 int64_t; 99 | typedef unsigned __int64 uint64_t; 100 | #else 101 | #include 102 | #endif 103 | 104 | -------------------------------------------------------------------------------- /src/crypto/ed25519/ed25519-donna.h: -------------------------------------------------------------------------------- 1 | /* 2 | Public domain by Andrew M. 3 | Modified from the amd64-51-30k implementation by 4 | Daniel J. Bernstein 5 | Niels Duif 6 | Tanja Lange 7 | Peter Schwabe 8 | Bo-Yin Yang 9 | */ 10 | 11 | 12 | #include "ed25519-donna-portable.h" 13 | 14 | #if defined(ED25519_SSE2) 15 | #else 16 | #if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT) 17 | #define ED25519_64BIT 18 | #else 19 | #define ED25519_32BIT 20 | #endif 21 | #endif 22 | 23 | #if !defined(ED25519_NO_INLINE_ASM) 24 | /* detect extra features first so un-needed functions can be disabled throughout */ 25 | #if defined(ED25519_SSE2) 26 | #if defined(COMPILER_GCC) && defined(CPU_X86) 27 | #define ED25519_GCC_32BIT_SSE_CHOOSE 28 | #elif defined(COMPILER_GCC) && defined(CPU_X86_64) 29 | #define ED25519_GCC_64BIT_SSE_CHOOSE 30 | #endif 31 | #else 32 | #if defined(CPU_X86_64) 33 | #if defined(COMPILER_GCC) 34 | #if defined(ED25519_64BIT) 35 | #define ED25519_GCC_64BIT_X86_CHOOSE 36 | #else 37 | #define ED25519_GCC_64BIT_32BIT_CHOOSE 38 | #endif 39 | #endif 40 | #endif 41 | #endif 42 | #endif 43 | 44 | #if defined(ED25519_SSE2) 45 | #include "curve25519-donna-sse2.h" 46 | #elif defined(ED25519_64BIT) 47 | #include "curve25519-donna-64bit.h" 48 | #else 49 | #include "curve25519-donna-32bit.h" 50 | #endif 51 | 52 | #include "curve25519-donna-helpers.h" 53 | 54 | /* separate uint128 check for 64 bit sse2 */ 55 | #if defined(HAVE_UINT128) && !defined(ED25519_FORCE_32BIT) 56 | #include "modm-donna-64bit.h" 57 | #else 58 | #include "modm-donna-32bit.h" 59 | #endif 60 | 61 | typedef unsigned char hash_512bits[64]; 62 | 63 | /* 64 | Timing safe memory compare 65 | */ 66 | static int 67 | ed25519_verify(const unsigned char *x, const unsigned char *y, size_t len) { 68 | size_t differentbits = 0; 69 | while (len--) 70 | differentbits |= (*x++ ^ *y++); 71 | return (int) (1 & ((differentbits - 1) >> 8)); 72 | } 73 | 74 | 75 | /* 76 | * Arithmetic on the twisted Edwards curve -x^2 + y^2 = 1 + dx^2y^2 77 | * with d = -(121665/121666) = 37095705934669439343138083508754565189542113879843219016388785533085940283555 78 | * Base point: (15112221349535400772501151409588531511454012693041857206046113283949847762202,46316835694926478169428394003475163141307993866256225615783033603165251855960); 79 | */ 80 | 81 | typedef struct ge25519_t { 82 | bignum25519 x, y, z, t; 83 | } ge25519; 84 | 85 | typedef struct ge25519_p1p1_t { 86 | bignum25519 x, y, z, t; 87 | } ge25519_p1p1; 88 | 89 | typedef struct ge25519_niels_t { 90 | bignum25519 ysubx, xaddy, t2d; 91 | } ge25519_niels; 92 | 93 | typedef struct ge25519_pniels_t { 94 | bignum25519 ysubx, xaddy, z, t2d; 95 | } ge25519_pniels; 96 | 97 | #include "ed25519-donna-basepoint-table.h" 98 | 99 | #if defined(ED25519_64BIT) 100 | #include "ed25519-donna-64bit-tables.h" 101 | #include "ed25519-donna-64bit-x86.h" 102 | #else 103 | #include "ed25519-donna-32bit-tables.h" 104 | #include "ed25519-donna-64bit-x86-32bit.h" 105 | #endif 106 | 107 | 108 | #if defined(ED25519_SSE2) 109 | #include "ed25519-donna-32bit-sse2.h" 110 | #include "ed25519-donna-64bit-sse2.h" 111 | #include "ed25519-donna-impl-sse2.h" 112 | #else 113 | #include "ed25519-donna-impl-base.h" 114 | #endif 115 | 116 | -------------------------------------------------------------------------------- /src/crypto/ed25519/ed25519-hash-custom.h: -------------------------------------------------------------------------------- 1 | /* 2 | a custom hash must have a 512bit digest and implement: 3 | 4 | struct ed25519_hash_context; 5 | 6 | void ed25519_hash_init(ed25519_hash_context *ctx); 7 | void ed25519_hash_update(ed25519_hash_context *ctx, const uint8_t *in, size_t inlen); 8 | void ed25519_hash_final(ed25519_hash_context *ctx, uint8_t *hash); 9 | void ed25519_hash(uint8_t *hash, const uint8_t *in, size_t inlen); 10 | */ 11 | 12 | /* Definitions for using the SHA512 code from Noise-C */ 13 | 14 | #include "../sha2/sha512.h" 15 | 16 | #define ed25519_hash_context sha512_context_t 17 | #define ed25519_hash_init sha512_reset 18 | #define ed25519_hash_update sha512_update 19 | #define ed25519_hash_final sha512_finish 20 | #define ed25519_hash sha512_hash 21 | -------------------------------------------------------------------------------- /src/crypto/ed25519/ed25519-randombytes-custom.h: -------------------------------------------------------------------------------- 1 | /* 2 | a custom randombytes must implement: 3 | 4 | void ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len); 5 | 6 | ed25519_randombytes_unsafe is used by the batch verification function 7 | to create random scalars 8 | */ 9 | -------------------------------------------------------------------------------- /src/crypto/ed25519/ed25519-randombytes.h: -------------------------------------------------------------------------------- 1 | #if defined(ED25519_TEST) 2 | /* 3 | ISAAC+ "variant", the paper is not clear on operator precedence and other 4 | things. This is the "first in, first out" option! 5 | 6 | Not threadsafe or securely initialized, only for deterministic testing 7 | */ 8 | typedef struct isaacp_state_t { 9 | uint32_t state[256]; 10 | unsigned char buffer[1024]; 11 | uint32_t a, b, c; 12 | size_t left; 13 | } isaacp_state; 14 | 15 | #define isaacp_step(offset, mix) \ 16 | x = mm[i + offset]; \ 17 | a = (a ^ (mix)) + (mm[(i + offset + 128) & 0xff]); \ 18 | y = (a ^ b) + mm[(x >> 2) & 0xff]; \ 19 | mm[i + offset] = y; \ 20 | b = (x + a) ^ mm[(y >> 10) & 0xff]; \ 21 | U32TO8_LE(out + (i + offset) * 4, b); 22 | 23 | static void 24 | isaacp_mix(isaacp_state *st) { 25 | uint32_t i, x, y; 26 | uint32_t a = st->a, b = st->b, c = st->c; 27 | uint32_t *mm = st->state; 28 | unsigned char *out = st->buffer; 29 | 30 | c = c + 1; 31 | b = b + c; 32 | 33 | for (i = 0; i < 256; i += 4) { 34 | isaacp_step(0, ROTL32(a,13)) 35 | isaacp_step(1, ROTR32(a, 6)) 36 | isaacp_step(2, ROTL32(a, 2)) 37 | isaacp_step(3, ROTR32(a,16)) 38 | } 39 | 40 | st->a = a; 41 | st->b = b; 42 | st->c = c; 43 | st->left = 1024; 44 | } 45 | 46 | static void 47 | isaacp_random(isaacp_state *st, void *p, size_t len) { 48 | size_t use; 49 | unsigned char *c = (unsigned char *)p; 50 | while (len) { 51 | use = (len > st->left) ? st->left : len; 52 | memcpy(c, st->buffer + (sizeof(st->buffer) - st->left), use); 53 | 54 | st->left -= use; 55 | c += use; 56 | len -= use; 57 | 58 | if (!st->left) 59 | isaacp_mix(st); 60 | } 61 | } 62 | 63 | void 64 | ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len) { 65 | static int initialized = 0; 66 | static isaacp_state rng; 67 | 68 | if (!initialized) { 69 | memset(&rng, 0, sizeof(rng)); 70 | isaacp_mix(&rng); 71 | isaacp_mix(&rng); 72 | initialized = 1; 73 | } 74 | 75 | isaacp_random(&rng, p, len); 76 | } 77 | #elif defined(ED25519_CUSTOMRANDOM) 78 | 79 | #include "ed25519-randombytes-custom.h" 80 | 81 | #else 82 | 83 | #include 84 | 85 | void 86 | ED25519_FN(ed25519_randombytes_unsafe) (void *p, size_t len) { 87 | 88 | RAND_bytes(p, (int) len); 89 | 90 | } 91 | #endif 92 | -------------------------------------------------------------------------------- /src/crypto/ed25519/ed25519.h: -------------------------------------------------------------------------------- 1 | #ifndef ED25519_H 2 | #define ED25519_H 3 | 4 | #include 5 | 6 | #if defined(__cplusplus) 7 | extern "C" { 8 | #endif 9 | 10 | typedef unsigned char ed25519_signature[64]; 11 | typedef unsigned char ed25519_public_key[32]; 12 | typedef unsigned char ed25519_secret_key[32]; 13 | 14 | typedef unsigned char curved25519_key[32]; 15 | 16 | void ed25519_publickey(const ed25519_secret_key sk, ed25519_public_key pk); 17 | int ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS); 18 | void ed25519_sign(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS); 19 | 20 | int ed25519_sign_open_batch(const unsigned char **m, size_t *mlen, const unsigned char **pk, const unsigned char **RS, size_t num, int *valid); 21 | 22 | void ed25519_randombytes_unsafe(void *out, size_t count); 23 | 24 | void curved25519_scalarmult_basepoint(curved25519_key pk, const curved25519_key e); 25 | 26 | #if defined(__cplusplus) 27 | } 28 | #endif 29 | 30 | #endif // ED25519_H 31 | -------------------------------------------------------------------------------- /src/crypto/ed25519/fuzz/build-nix.php: -------------------------------------------------------------------------------- 1 | set = false; 46 | 47 | $map = array(); 48 | foreach($legal_values as $value) 49 | $map[$value] = true; 50 | 51 | for ($i = 1; $i < $argc; $i++) { 52 | if (!preg_match("!--".$flag."=(.*)!", $argv[$i], $m)) 53 | continue; 54 | if (isset($map[$m[1]])) { 55 | $this->value = $m[1]; 56 | $this->set = true; 57 | return; 58 | } else { 59 | usage("{$m[1]} is not a valid parameter to --{$flag}!"); 60 | exit(1); 61 | } 62 | } 63 | } 64 | } 65 | 66 | class flag extends argument { 67 | function flag($flag) { 68 | global $argc, $argv; 69 | 70 | $this->set = false; 71 | 72 | $flag = "--{$flag}"; 73 | for ($i = 1; $i < $argc; $i++) { 74 | if ($argv[$i] !== $flag) 75 | continue; 76 | $this->value = true; 77 | $this->set = true; 78 | return; 79 | } 80 | } 81 | } 82 | 83 | $bits = new multiargument("bits", array("32", "64")); 84 | $function = new multiargument("function", array("curve25519", "ed25519")); 85 | $compiler = new multiargument("compiler", array("gcc", "clang", "icc")); 86 | $with_sse2 = new flag("with-sse2"); 87 | $with_openssl = new flag("with-openssl"); 88 | $no_asm = new flag("no-asm"); 89 | 90 | $err = ""; 91 | if (!$bits->set) 92 | $err .= "--bits not set\n"; 93 | if (!$function->set) 94 | $err .= "--function not set\n"; 95 | 96 | if ($err !== "") { 97 | usage($err); 98 | exit; 99 | } 100 | 101 | $compile = ($compiler->set) ? $compiler->value : "gcc"; 102 | $link = ""; 103 | $flags = "-O3 -m{$bits->value}"; 104 | $ret = 0; 105 | 106 | if ($with_openssl->set) $link .= " -lssl -lcrypto"; 107 | if (!$with_openssl->set) $flags .= " -DED25519_REFHASH -DED25519_TEST"; 108 | if ($no_asm->set) $flags .= " -DED25519_NO_INLINE_ASM"; 109 | 110 | if ($function->value === "curve25519") { 111 | runcmd("building ref10..", "{$compile} {$flags} curve25519-ref10.c -c -o curve25519-ref10.o"); 112 | runcmd("building ed25519..", "{$compile} {$flags} ed25519-donna.c -c -o ed25519.o"); 113 | if ($with_sse2->set) { 114 | runcmd("building ed25519-sse2..", "{$compile} {$flags} ed25519-donna-sse2.c -c -o ed25519-sse2.o -msse2"); 115 | $flags .= " -DED25519_SSE2"; 116 | $link .= " ed25519-sse2.o"; 117 | } 118 | runcmd("linking..", "{$compile} {$flags} {$link} fuzz-curve25519.c ed25519.o curve25519-ref10.o -o fuzz-curve25519"); 119 | echoln("fuzz-curve25519 built."); 120 | } else if ($function->value === "ed25519") { 121 | runcmd("building ref10..", "{$compile} {$flags} ed25519-ref10.c -c -o ed25519-ref10.o"); 122 | runcmd("building ed25519..", "{$compile} {$flags} ed25519-donna.c -c -o ed25519.o"); 123 | if ($with_sse2->set) { 124 | runcmd("building ed25519-sse2..", "{$compile} {$flags} ed25519-donna-sse2.c -c -o ed25519-sse2.o -msse2"); 125 | $flags .= " -DED25519_SSE2"; 126 | $link .= " ed25519-sse2.o"; 127 | } 128 | runcmd("linking..", "{$compile} {$flags} {$link} fuzz-ed25519.c ed25519.o ed25519-ref10.o -o fuzz-ed25519"); 129 | echoln("fuzz-ed25519 built."); 130 | } 131 | 132 | 133 | cleanup(); 134 | ?> 135 | -------------------------------------------------------------------------------- /src/crypto/ed25519/fuzz/curve25519-ref10.h: -------------------------------------------------------------------------------- 1 | #ifndef CURVE25519_REF10_H 2 | #define CURVE25519_REF10_H 3 | 4 | int crypto_scalarmult_base_ref10(unsigned char *q,const unsigned char *n); 5 | int crypto_scalarmult_ref10(unsigned char *q, const unsigned char *n, const unsigned char *p); 6 | 7 | #endif /* CURVE25519_REF10_H */ 8 | 9 | -------------------------------------------------------------------------------- /src/crypto/ed25519/fuzz/ed25519-donna-sse2.c: -------------------------------------------------------------------------------- 1 | #define ED25519_SUFFIX _sse2 2 | #define ED25519_SSE2 3 | #include "../ed25519.c" 4 | -------------------------------------------------------------------------------- /src/crypto/ed25519/fuzz/ed25519-donna.c: -------------------------------------------------------------------------------- 1 | #include "../ed25519.c" 2 | -------------------------------------------------------------------------------- /src/crypto/ed25519/fuzz/ed25519-donna.h: -------------------------------------------------------------------------------- 1 | #ifndef ED25519_H 2 | #define ED25519_H 3 | 4 | #include 5 | 6 | typedef unsigned char ed25519_signature[64]; 7 | typedef unsigned char ed25519_public_key[32]; 8 | typedef unsigned char ed25519_secret_key[32]; 9 | 10 | typedef unsigned char curved25519_key[32]; 11 | 12 | void ed25519_publickey(const ed25519_secret_key sk, ed25519_public_key pk); 13 | int ed25519_sign_open(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS); 14 | void ed25519_sign(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS); 15 | 16 | int ed25519_sign_open_batch(const unsigned char **m, size_t *mlen, const unsigned char **pk, const unsigned char **RS, size_t num, int *valid); 17 | 18 | void ed25519_randombytes_unsafe(void *out, size_t count); 19 | 20 | void curved25519_scalarmult_basepoint(curved25519_key pk, const curved25519_key e); 21 | 22 | #if defined(ED25519_SSE2) 23 | void ed25519_publickey_sse2(const ed25519_secret_key sk, ed25519_public_key pk); 24 | int ed25519_sign_open_sse2(const unsigned char *m, size_t mlen, const ed25519_public_key pk, const ed25519_signature RS); 25 | void ed25519_sign_sse2(const unsigned char *m, size_t mlen, const ed25519_secret_key sk, const ed25519_public_key pk, ed25519_signature RS); 26 | 27 | int ed25519_sign_open_batch_sse2(const unsigned char **m, size_t *mlen, const unsigned char **pk, const unsigned char **RS, size_t num, int *valid); 28 | 29 | void ed25519_randombytes_unsafe_sse2(void *out, size_t count); 30 | 31 | void curved25519_scalarmult_basepoint_sse2(curved25519_key pk, const curved25519_key e); 32 | #endif 33 | 34 | #endif // ED25519_H 35 | -------------------------------------------------------------------------------- /src/crypto/ed25519/fuzz/ed25519-ref10.h: -------------------------------------------------------------------------------- 1 | #ifndef ED25519_REF10_H 2 | #define ED25519_REF10_H 3 | 4 | int crypto_sign_pk_ref10(unsigned char *pk,unsigned char *sk); 5 | int crypto_sign_ref10(unsigned char *sm,unsigned long long *smlen,const unsigned char *m,unsigned long long mlen,const unsigned char *sk); 6 | int crypto_sign_open_ref10(unsigned char *m,unsigned long long *mlen,const unsigned char *sm,unsigned long long smlen,const unsigned char *pk); 7 | 8 | #endif /* ED25519_REF10_H */ 9 | 10 | -------------------------------------------------------------------------------- /src/crypto/ed25519/test-ticks.h: -------------------------------------------------------------------------------- 1 | #include "ed25519-donna-portable-identify.h" 2 | 3 | /* ticks - not tested on anything other than x86 */ 4 | static uint64_t 5 | get_ticks(void) { 6 | #if defined(CPU_X86) || defined(CPU_X86_64) 7 | #if defined(COMPILER_INTEL) 8 | return _rdtsc(); 9 | #elif defined(COMPILER_MSVC) 10 | return __rdtsc(); 11 | #elif defined(COMPILER_GCC) 12 | uint32_t lo, hi; 13 | __asm__ __volatile__("rdtsc" : "=a" (lo), "=d" (hi)); 14 | return ((uint64_t)lo | ((uint64_t)hi << 32)); 15 | #else 16 | need rdtsc for this compiler 17 | #endif 18 | #elif defined(OS_SOLARIS) 19 | return (uint64_t)gethrtime(); 20 | #elif defined(CPU_SPARC) && !defined(OS_OPENBSD) 21 | uint64_t t; 22 | __asm__ __volatile__("rd %%tick, %0" : "=r" (t)); 23 | return t; 24 | #elif defined(CPU_PPC) 25 | uint32_t lo = 0, hi = 0; 26 | __asm__ __volatile__("mftbu %0; mftb %1" : "=r" (hi), "=r" (lo)); 27 | return ((uint64_t)lo | ((uint64_t)hi << 32)); 28 | #elif defined(CPU_IA64) 29 | uint64_t t; 30 | __asm__ __volatile__("mov %0=ar.itc" : "=r" (t)); 31 | return t; 32 | #elif defined(OS_NIX) 33 | timeval t2; 34 | gettimeofday(&t2, NULL); 35 | t = ((uint64_t)t2.tv_usec << 32) | (uint64_t)t2.tv_sec; 36 | return t; 37 | #else 38 | need ticks for this platform 39 | #endif 40 | } 41 | 42 | #define timeit(x,minvar) \ 43 | ticks = get_ticks(); \ 44 | x; \ 45 | ticks = get_ticks() - ticks; \ 46 | if (ticks < minvar) \ 47 | minvar = ticks; 48 | 49 | #define maxticks 0xffffffffffffffffull 50 | 51 | -------------------------------------------------------------------------------- /src/crypto/ghash/ghash.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef CRYPTO_GHASH_h 24 | #define CRYPTO_GHASH_h 25 | 26 | #include 27 | #include 28 | 29 | #if __WORDSIZE == 64 && !defined(GHASH_WORD64) 30 | #define GHASH_WORD64 1 31 | #endif 32 | 33 | #if defined(GHASH_WORD64) 34 | 35 | typedef struct { 36 | uint64_t H[2]; 37 | uint64_t Y[2]; 38 | uint8_t posn; 39 | } ghash_state; 40 | 41 | #else 42 | 43 | typedef struct { 44 | uint32_t H[4]; 45 | uint32_t Y[4]; 46 | uint8_t posn; 47 | } ghash_state; 48 | 49 | #endif 50 | 51 | void ghash_reset(ghash_state *state, const void *key); 52 | void ghash_update(ghash_state *state, const void *data, size_t len); 53 | void ghash_finalize(ghash_state *state, void *token, size_t len); 54 | void ghash_pad(ghash_state *state); 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/LICENSE.txt: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2011 Stanford University. 4 | Copyright (c) 2014 Cryptography Research, Inc. 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in 14 | all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | THE SOFTWARE. 23 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/README.txt: -------------------------------------------------------------------------------- 1 | Ed448-Goldilocks 2 | 3 | This software is an experimental implementation of a new 448-bit elliptic 4 | curve called Ed448-Goldilocks. The implementation itself is based on that of 5 | an earlier, unnamed 252-bit curve which should probably be referred to as 6 | Ed252-MontgomeryStation. See http://eprint.iacr.org/2012/309 for details of 7 | that implementation. 8 | 9 | The source files here are all by Mike Hamburg. Most of them are (c) 2014 10 | Cryptography Research, Inc (a division of Rambus). The cRandom 11 | implementation is the exception: these files are from the OpenConflict video 12 | game protection system out of Stanford, and are (c) 2011 Stanford 13 | University. All of these files are usable under the MIT license contained in 14 | LICENSE.txt. 15 | 16 | The Makefile is set for my 2013 MacBook Air. You can `make bench` to run 17 | a completely arbitrary set of benchmarks and tests, or `make 18 | build/goldilocks.so` to build a stripped-down version of the library. For 19 | non-Haswell platforms, you need to replace -mavx2 -mbmi2 by an appropriate 20 | vector declaration. For non-Mac platforms, you won't be able to build a 21 | library with this Makefile. This is fine, because you shouldn't be using 22 | this for much at this stage anyway. 23 | 24 | I've attempted to protect against timing attacks and invalid point attacks, 25 | but as of yet no attempt to protect against power analysis. This is an early 26 | revision, so I haven't done much analysis or correctness testing of 27 | corner-cases. 28 | 29 | The code in ec_point.c and ec_point.h was generated with the help of a tool 30 | written in SAGE. The field code in p448.h doesn't reduce after add/sub, and 31 | so it requires care to prevent overflow. The SAGE tool figures out where to 32 | put reductions and adjustments to prevent overflow. It also formally 33 | verifies that the formulas produce points on the curve. I'm planning to add 34 | more features to it eventually. That tool is even more experimental than 35 | this library, though, and so I won't be releasing it just yet. 36 | 37 | This software is incomplete, and lacks documentation. None of the APIs are 38 | stable. The software is probably not secure. Please consult TODO.txt for 39 | additional agenda items. Do not taunt happy fun ball. 40 | 41 | Cheers, 42 | -- Mike Hamburg 43 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/arithmetic.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @cond internal 3 | * @file field.c 4 | * @copyright 5 | * Copyright (c) 2014 Cryptography Research, Inc. \n 6 | * Released under the MIT License. See LICENSE.txt for license information. 7 | * @author Mike Hamburg 8 | * @brief High-level arithmetic routines, independent of field (except 3 mod 4). 9 | */ 10 | 11 | #include "field.h" 12 | #include "ec_point.h" 13 | 14 | mask_t 15 | field_eq ( 16 | const field_a_t a, 17 | const field_a_t b 18 | ) { 19 | field_a_t ra, rb; 20 | field_copy(ra, a); 21 | field_copy(rb, b); 22 | field_weak_reduce(ra); 23 | field_weak_reduce(rb); 24 | field_sub_RAW(ra, ra, rb); 25 | field_bias(ra, 2); 26 | return field_is_zero(ra); 27 | } 28 | 29 | void 30 | field_inverse ( 31 | field_a_t a, 32 | const field_a_t x 33 | ) { 34 | field_a_t L0, L1; 35 | field_isr ( L0, x ); 36 | field_sqr ( L1, L0 ); 37 | field_sqr ( L0, L1 ); 38 | field_mul ( a, x, L0 ); 39 | } 40 | 41 | mask_t 42 | field_is_square ( 43 | const field_a_t x 44 | ) { 45 | field_a_t L0, L1; 46 | field_isr ( L0, x ); 47 | field_sqr ( L1, L0 ); 48 | field_mul ( L0, x, L1 ); 49 | field_subw( L0, 1 ); 50 | return field_is_zero( L0 ) | field_is_zero( x ); 51 | } 52 | 53 | void 54 | field_simultaneous_invert ( 55 | field_a_t *__restrict__ out, 56 | const field_a_t *in, 57 | unsigned int n 58 | ) { 59 | if (n==0) { 60 | return; 61 | } else if (n==1) { 62 | field_inverse(out[0],in[0]); 63 | return; 64 | } 65 | 66 | field_copy(out[1], in[0]); 67 | int i; 68 | for (i=1; i<(int) (n-1); i++) { 69 | field_mul(out[i+1], out[i], in[i]); 70 | } 71 | field_mul(out[0], out[n-1], in[n-1]); 72 | 73 | field_a_t tmp; 74 | field_inverse(tmp, out[0]); 75 | field_copy(out[0], tmp); 76 | 77 | /* at this point, out[0] = product(in[i]) ^ -1 78 | * out[i] = product(in[0]..in[i-1]) if i != 0 79 | */ 80 | for (i=n-1; i>0; i--) { 81 | field_mul(tmp, out[i], out[0]); 82 | field_copy(out[i], tmp); 83 | 84 | field_mul(tmp, out[0], in[i]); 85 | field_copy(out[0], tmp); 86 | } 87 | } 88 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/bat/api_dh.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sizes.h 3 | * @copyright 4 | * Copyright (c) 2014 Cryptography Research, Inc. \n 5 | * Released under the MIT License. See LICENSE.txt for license information. 6 | * @author Mike Hamburg 7 | * @brief BATMAN / SUPERCOP glue for benchmarking. 8 | */ 9 | 10 | #include 11 | #include "goldilocks.h" 12 | 13 | #define PUBLICKEY_BYTES GOLDI_PUBLIC_KEY_BYTES 14 | #define SECRETKEY_BYTES GOLDI_PRIVATE_KEY_BYTES 15 | #define SHAREDSECRET_BYTES GOLDI_SHARED_SECRET_BYTES 16 | 17 | #define CRYPTO_PUBLICKEYBYTES PUBLICKEY_BYTES 18 | #define CRYPTO_SECRETKEYBYTES SECRETKEY_BYTES 19 | #define CRYPTO_BYTES SHAREDSECRET_BYTES 20 | #define PRIVATEKEY_BYTES SECRETKEY_BYTES 21 | #define CRYPTO_VERSION "__TODAY__" 22 | 23 | #define CRYPTO_DETERMINISTIC 1 24 | 25 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/bat/api_sign.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sizes.h 3 | * @copyright 4 | * Copyright (c) 2014 Cryptography Research, Inc. \n 5 | * Released under the MIT License. See LICENSE.txt for license information. 6 | * @author Mike Hamburg 7 | * @brief BATMAN / SUPERCOP glue for benchmarking. 8 | */ 9 | 10 | #include 11 | #include "goldilocks.h" 12 | 13 | #define PUBLICKEY_BYTES GOLDI_PUBLIC_KEY_BYTES 14 | #define SECRETKEY_BYTES GOLDI_PRIVATE_KEY_BYTES 15 | #define SIGNATURE_BYTES GOLDI_SIGNATURE_BYTES 16 | 17 | #define CRYPTO_PUBLICKEYBYTES PUBLICKEY_BYTES 18 | #define CRYPTO_SECRETKEYBYTES SECRETKEY_BYTES 19 | #define CRYPTO_BYTES SIGNATURE_BYTES 20 | #define PRIVATEKEY_BYTES SECRETKEY_BYTES 21 | #define CRYPTO_VERSION "__TODAY__" 22 | 23 | #define CRYPTO_DETERMINISTIC 1 24 | 25 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/bat/dh.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sizes.h 3 | * @copyright 4 | * Copyright (c) 2014 Cryptography Research, Inc. \n 5 | * Released under the MIT License. See LICENSE.txt for license information. 6 | * @author Mike Hamburg 7 | * @brief BATMAN / SUPERCOP glue for benchmarking. 8 | */ 9 | 10 | #include 11 | #include 12 | #include "api.h" 13 | #include "crypto_dh.h" 14 | 15 | int crypto_dh_keypair ( 16 | unsigned char pk[SECRETKEY_BYTES], 17 | unsigned char sk[PUBLICKEY_BYTES] 18 | ) { 19 | int ret; 20 | ret = goldilocks_init(); 21 | if (ret && ret != GOLDI_EALREADYINIT) 22 | return ret; 23 | if ((ret = goldilocks_keygen( 24 | (struct goldilocks_private_key_t *)sk, 25 | (struct goldilocks_public_key_t *)pk 26 | ))) abort(); 27 | return ret; 28 | } 29 | 30 | int crypto_dh ( 31 | unsigned char s[SHAREDSECRET_BYTES], 32 | const unsigned char pk[PUBLICKEY_BYTES], 33 | const unsigned char sk[SECRETKEY_BYTES] 34 | ) { 35 | return goldilocks_shared_secret ( 36 | s, 37 | (const struct goldilocks_private_key_t *)sk, 38 | (const struct goldilocks_public_key_t *)pk 39 | ); 40 | } 41 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/bat/sign.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @file sizes.h 3 | * @copyright 4 | * Copyright (c) 2014 Cryptography Research, Inc. \n 5 | * Released under the MIT License. See LICENSE.txt for license information. 6 | * @author Mike Hamburg 7 | * @brief BATMAN / SUPERCOP glue for benchmarking. 8 | */ 9 | 10 | #include 11 | #include 12 | #include "api.h" 13 | #include "crypto_sign.h" 14 | 15 | int crypto_sign_keypair ( 16 | unsigned char pk[SECRETKEY_BYTES], 17 | unsigned char sk[PUBLICKEY_BYTES] 18 | ) { 19 | int ret; 20 | ret = goldilocks_init(); 21 | if (ret && ret != GOLDI_EALREADYINIT) 22 | return ret; 23 | if ((ret = goldilocks_keygen( 24 | (struct goldilocks_private_key_t *)sk, 25 | (struct goldilocks_public_key_t *)pk 26 | ))) abort(); 27 | return ret; 28 | } 29 | 30 | int crypto_sign ( 31 | unsigned char *sm, 32 | unsigned long long *smlen, 33 | const unsigned char *m, 34 | unsigned long long mlen, 35 | const unsigned char sk[SECRETKEY_BYTES] 36 | ) { 37 | unsigned char sig[SIGNATURE_BYTES]; 38 | int ret = goldilocks_sign( 39 | sig, m, mlen, 40 | (const struct goldilocks_private_key_t *)sk 41 | ); 42 | if (!ret) { 43 | memmove(sm + SIGNATURE_BYTES, m, mlen); 44 | memcpy(sm, sig, SIGNATURE_BYTES); 45 | *smlen = mlen + SIGNATURE_BYTES; 46 | } 47 | return ret ? -1 : 0; 48 | } 49 | 50 | int crypto_sign_open ( 51 | unsigned char *m, 52 | unsigned long long *mlen, 53 | const unsigned char *sm, 54 | unsigned long long smlen, 55 | const unsigned char pk[PUBLICKEY_BYTES] 56 | ) { 57 | int ret = goldilocks_verify( 58 | sm, sm + SIGNATURE_BYTES, smlen - SIGNATURE_BYTES, 59 | (const struct goldilocks_public_key_t *)pk 60 | ); 61 | if (!ret) { 62 | *mlen = smlen - SIGNATURE_BYTES; 63 | memmove(m, sm + SIGNATURE_BYTES, *mlen); 64 | } 65 | return ret ? -1 : 0; 66 | } 67 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/include/config.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file config.h 3 | * @copyright 4 | * Copyright (c) 2014 Cryptography Research, Inc. \n 5 | * Released under the MIT License. See LICENSE.txt for license information. 6 | * @author Mike Hamburg 7 | * @brief Goldilocks top-level configuration flags. 8 | */ 9 | 10 | #ifndef __GOLDILOCKS_CONFIG_H__ 11 | #define __GOLDILOCKS_CONFIG_H__ 1 12 | 13 | /** @brief crandom architecture detection. 14 | * With this flag set to 1, crandom will assume that any flag 15 | * supported by -march and friends (MIGHT_HAVE) will actually 16 | * be available on the target machine (MUST_HAVE), instead of 17 | * trying to detect it. 18 | * 19 | * Without this flag, crandom can detect, eg, that while -mavx 20 | * was passed, the currint machine doesn't support AVX, and can 21 | * fall back to SSE2 or whatever. But the rest of the 22 | * Goldilocks code doesn't support this, so it'll still crash 23 | * with an illegal instruction error. 24 | * 25 | * Setting this flag will make the library smaller. 26 | */ 27 | #define CRANDOM_MIGHT_IS_MUST 1 28 | 29 | /** 30 | * @brief Causes crandom to refuse to buffer requests bigger 31 | * than this size. Setting 0 disables buffering for all 32 | * requests, which hurts performance. 33 | * 34 | * The advantage is that if a user process forks or is VM- 35 | * snapshotted, the buffer is not adjusted (FUTURE). However, 36 | * with the buffer disabled, the refresh routines will stir 37 | * in entropy from RDTSC and/or RDRAND, making this operation 38 | * mostly-safe. 39 | */ 40 | #define EXPERIMENT_CRANDOM_BUFFER_CUTOFF_BYTES 0 41 | 42 | /** 43 | * @brief Goldilocks uses libpthread mutexes to provide 44 | * thread-safety. If you disable this flag, it won't link 45 | * libpthread, but it won't be thread-safe either. 46 | */ 47 | #define GOLDILOCKS_USE_PTHREAD 1 48 | 49 | /** 50 | * @brief Experiment to change the hash inputs for ECDH, 51 | * in a way that obliterates the result -- overwriting it with 52 | * a safe pseudorandom value -- if the public key is invalid. 53 | * That way users who ignore the status result won't be 54 | * exposed to invalid key attacks. 55 | */ 56 | #define EXPERIMENT_ECDH_OBLITERATE_CT 1 57 | 58 | /** 59 | * @brief Whether or not define the signing functions, which 60 | * currently require SHA-512. 61 | */ 62 | #define GOLDI_IMPLEMENT_SIGNATURES 1 63 | 64 | /** 65 | * @brief Whether or not to define and implement functions 66 | * working with pre-computed keys. 67 | */ 68 | #define GOLDI_IMPLEMENT_PRECOMPUTED_KEYS 1 69 | 70 | /** 71 | * @brief ECDH adds public keys into the hash, to prevent 72 | * esoteric attacks. 73 | */ 74 | #define EXPERIMENT_ECDH_STIR_IN_PUBKEYS 1 75 | 76 | #endif /* __GOLDILOCKS_CONFIG_H__ */ 77 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/include/magic.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file magic.h 3 | * @copyright 4 | * Copyright (c) 2014 Cryptography Research, Inc. \n 5 | * Released under the MIT License. See LICENSE.txt for license information. 6 | * @author Mike Hamburg 7 | * @brief Curve-independent declarations of magic numbers. 8 | */ 9 | 10 | #ifndef __GOLDI_MAGIC_H__ 11 | #define __GOLDI_MAGIC_H__ 1 12 | 13 | #include "word.h" 14 | 15 | /** 16 | * @brief If true, use wider tables for the precomputed combs. 17 | */ 18 | #ifndef USE_BIG_COMBS 19 | #if defined(__ARM_NEON__) 20 | #define USE_BIG_COMBS 1 21 | #else 22 | #define USE_BIG_COMBS (WORD_BITS==64) 23 | #endif 24 | #endif 25 | 26 | /* TODO: standardize notation */ 27 | 28 | /** @brief The number of words in the Goldilocks field. */ 29 | #define GOLDI_FIELD_WORDS DIV_CEIL(FIELD_BITS,WORD_BITS) 30 | 31 | /** @brief The number of bits in the Goldilocks curve's cofactor (cofactor=4). */ 32 | #define COFACTOR_BITS 2 33 | 34 | /** @brief The number of bits in a Goldilocks scalar. */ 35 | #define SCALAR_BITS (FIELD_BITS - COFACTOR_BITS) 36 | 37 | /** @brief The number of bytes in a Goldilocks scalar. */ 38 | #define SCALAR_BYTES (1+(SCALAR_BITS)/8) 39 | 40 | /** @brief The number of words in the Goldilocks field. */ 41 | #define SCALAR_WORDS WORDS_FOR_BITS(SCALAR_BITS) 42 | 43 | #include "f_magic.h" 44 | 45 | /** 46 | * @brief sqrt(d-1), used for point formats and twisting. 47 | */ 48 | extern const field_a_t sqrt_d_minus_1; 49 | 50 | /** 51 | * @brief The base point for Goldilocks. 52 | */ 53 | extern const affine_a_t goldilocks_base_point; 54 | 55 | /** 56 | * @brief The Goldilocks prime subgroup order. 57 | */ 58 | extern const struct barrett_prime_t curve_prime_order; 59 | 60 | /** 61 | * @brief Window size for fixed-window signed binary scalarmul. 62 | * Table size is 2^(this - 1). 63 | */ 64 | #define SCALARMUL_FIXED_WINDOW_SIZE 5 65 | 66 | /** 67 | * @brief Even/odd adjustments for fixed window with 68 | * ROUNDUP(SCALAR_BITS,SCALARMUL_FIXED_WINDOW_SIZE). 69 | */ 70 | extern const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS]; 71 | 72 | /** 73 | * @brief Table size for wNAF signed binary (variable-time) scalarmul. 74 | * Table size is 2^this. 75 | */ 76 | #define SCALARMUL_WNAF_TABLE_BITS 3 77 | 78 | /** 79 | * @brief Table size for wNAF signed binary (variable-time) linear combo. 80 | * Table size is 2^this. 81 | */ 82 | #define SCALARMUL_WNAF_COMBO_TABLE_BITS 4 83 | 84 | /** 85 | * @brief The bit width of the precomputed WNAF tables. Size is 2^this elements. 86 | */ 87 | #define WNAF_PRECMP_BITS 5 88 | 89 | /** 90 | * @brief crandom magic structure guard constant = "return 4", cf xkcd #221 91 | */ 92 | #define CRANDOM_MAGIC 0x72657475726e2034ull 93 | 94 | 95 | #endif /* __GOLDI_MAGIC_H__ */ 96 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/include/sha512.h: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2014 Cryptography Research, Inc. 2 | * Released under the MIT License. See LICENSE.txt for license information. 3 | */ 4 | #ifndef __GOLDI_SHA512_H__ 5 | #define __GOLDI_SHA512_H__ 1 6 | 7 | #include 8 | 9 | #ifdef __cplusplus 10 | extern "C" { 11 | #endif 12 | 13 | #define SHA512_OUTPUT_BYTES 64 14 | 15 | /** 16 | * SHA512 hashing context. 17 | * 18 | * This structure is opaque. 19 | */ 20 | typedef struct { 21 | /** @privatesection */ 22 | uint64_t chain[8]; 23 | uint8_t block[128]; 24 | uint64_t nbytes; 25 | } sha512_ctx_a_t[1]; 26 | 27 | void 28 | sha512_init ( 29 | sha512_ctx_a_t ctx 30 | ); 31 | 32 | void 33 | sha512_update ( 34 | sha512_ctx_a_t ctx, 35 | const unsigned char *data, 36 | uint64_t bytes 37 | ); 38 | 39 | void 40 | sha512_final ( 41 | sha512_ctx_a_t ctx, 42 | uint8_t result[SHA512_OUTPUT_BYTES] 43 | ); 44 | 45 | #ifdef __cplusplus 46 | }; /* extern "C" */ 47 | #endif 48 | 49 | #endif /* __GOLDI_SHA512_H__ */ 50 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p448/arch_32/arch_config.h: -------------------------------------------------------------------------------- 1 | #define WORD_BITS 32 2 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p448/arch_arm_32/arch_config.h: -------------------------------------------------------------------------------- 1 | #define WORD_BITS 32 2 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p448/arch_neon_experimental/arch_config.h: -------------------------------------------------------------------------------- 1 | #define WORD_BITS 32 2 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p448/arch_ref64/arch_config.h: -------------------------------------------------------------------------------- 1 | #define WORD_BITS 64 2 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p448/arch_x86_64/arch_config.h: -------------------------------------------------------------------------------- 1 | #define WORD_BITS 64 2 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p448/f_arithmetic.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @cond internal 3 | * @file f_arithmetic.c 4 | * @copyright 5 | * Copyright (c) 2014 Cryptography Research, Inc. \n 6 | * Released under the MIT License. See LICENSE.txt for license information. 7 | * @author Mike Hamburg 8 | * @brief Field-specific arithmetic. 9 | */ 10 | 11 | #include "ec_point.h" 12 | 13 | void 14 | field_isr ( 15 | field_a_t a, 16 | const field_a_t x 17 | ) { 18 | field_a_t L0, L1, L2; 19 | field_sqr ( L1, x ); 20 | field_mul ( L2, x, L1 ); 21 | field_sqr ( L1, L2 ); 22 | field_mul ( L2, x, L1 ); 23 | field_sqrn ( L1, L2, 3 ); 24 | field_mul ( L0, L2, L1 ); 25 | field_sqrn ( L1, L0, 3 ); 26 | field_mul ( L0, L2, L1 ); 27 | field_sqrn ( L2, L0, 9 ); 28 | field_mul ( L1, L0, L2 ); 29 | field_sqr ( L0, L1 ); 30 | field_mul ( L2, x, L0 ); 31 | field_sqrn ( L0, L2, 18 ); 32 | field_mul ( L2, L1, L0 ); 33 | field_sqrn ( L0, L2, 37 ); 34 | field_mul ( L1, L2, L0 ); 35 | field_sqrn ( L0, L1, 37 ); 36 | field_mul ( L1, L2, L0 ); 37 | field_sqrn ( L0, L1, 111 ); 38 | field_mul ( L2, L1, L0 ); 39 | field_sqr ( L0, L2 ); 40 | field_mul ( L1, x, L0 ); 41 | field_sqrn ( L0, L1, 223 ); 42 | field_mul ( a, L2, L0 ); 43 | } 44 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p448/f_field.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file f_field.h 3 | * @brief Field-specific code. 4 | * @copyright 5 | * Copyright (c) 2014 Cryptography Research, Inc. \n 6 | * Released under the MIT License. See LICENSE.txt for license information. 7 | * @author Mike Hamburg 8 | */ 9 | #ifndef __F_FIELD_H__ 10 | #define __F_FIELD_H__ 1 11 | 12 | #include "constant_time.h" 13 | #include 14 | 15 | #include "p448.h" 16 | #define FIELD_BITS 448 17 | #define field_t p448_t 18 | #define field_mul p448_mul 19 | #define field_sqr p448_sqr 20 | #define field_add_RAW p448_add_RAW 21 | #define field_sub_RAW p448_sub_RAW 22 | #define field_mulw p448_mulw 23 | #define field_addw p448_addw 24 | #define field_subw_RAW p448_subw 25 | #define field_neg_RAW p448_neg_RAW 26 | #define field_set_ui p448_set_ui 27 | #define field_bias p448_bias 28 | #define field_inverse p448_inverse 29 | #define field_eq p448_eq 30 | #define field_isr p448_isr 31 | #define field_simultaneous_invert p448_simultaneous_invert 32 | #define field_weak_reduce p448_weak_reduce 33 | #define field_strong_reduce p448_strong_reduce 34 | #define field_serialize p448_serialize 35 | #define field_deserialize p448_deserialize 36 | #define field_is_zero p448_is_zero 37 | 38 | #endif /* __F_FIELD_H__ */ 39 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p448/f_magic.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file f_magic.h 3 | * @copyright 4 | * Copyright (c) 2014 Cryptography Research, Inc. \n 5 | * Released under the MIT License. See LICENSE.txt for license information. 6 | * @author Mike Hamburg 7 | * @brief Goldilocks magic numbers (group orders, coefficients, algo params etc). 8 | */ 9 | 10 | #ifndef __GOLDI_F_MAGIC_H__ 11 | #define __GOLDI_F_MAGIC_H__ 1 12 | 13 | #include "field.h" 14 | #include "ec_point.h" 15 | 16 | /** 17 | * @brief The Edwards "d" term for this curve. 18 | */ 19 | static const int64_t EDWARDS_D = -39081; 20 | 21 | /** @brief The number of combs to use for signed comb algo */ 22 | #define COMB_N (USE_BIG_COMBS ? 5 : 8) 23 | 24 | /** @brief The number of teeth of the combs for signed comb algo */ 25 | #define COMB_T (USE_BIG_COMBS ? 5 : 4) 26 | 27 | /** @brief The spacing the of combs for signed comb algo */ 28 | #define COMB_S (USE_BIG_COMBS ? 18 : 14) 29 | 30 | #endif /* __GOLDI_F_MAGIC_H__ */ 31 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p448/magic.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2014 Cryptography Research, Inc. 2 | * Released under the MIT License. See LICENSE.txt for license information. 3 | */ 4 | 5 | #include "field.h" 6 | #include "magic.h" 7 | #include "barrett_field.h" 8 | 9 | /* FUTURE: automatically generate this file? */ 10 | 11 | const uint8_t FIELD_MODULUS[FIELD_BYTES] = { 12 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 13 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 14 | /*!*/ 0xfe, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 15 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 16 | }; 17 | 18 | const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = { 19 | U64LE(0xebec9967f5d3f5c2), 20 | U64LE(0x0aa09b49b16c9a02), 21 | U64LE(0x7f6126aec172cd8e), 22 | U64LE(0x00000007b027e54d), 23 | U64LE(0x0000000000000000), 24 | U64LE(0x0000000000000000), 25 | U64LE(0x4000000000000000), 26 | 27 | U64LE(0xc873d6d54a7bb0cf), 28 | U64LE(0xe933d8d723a70aad), 29 | U64LE(0xbb124b65129c96fd), 30 | U64LE(0x00000008335dc163), 31 | U64LE(0x0000000000000000), 32 | U64LE(0x0000000000000000), 33 | U64LE(0x0000000000000000) 34 | }; 35 | 36 | const affine_a_t goldilocks_base_point = {{ 37 | #ifdef USE_NEON_PERM 38 | {{{ 0xaed939f,0xc59d070,0xf0de840,0x5f065c3, 0xf4ba0c7,0xdf73324,0xc170033,0x3a6a26a, 39 | 0x4c63d96,0x4609845,0xf3932d9,0x1b4faff, 0x6147eaa,0xa2692ff,0x9cecfa9,0x297ea0e 40 | }}}, 41 | #else 42 | {{{ U56LE(0xf0de840aed939f), U56LE(0xc170033f4ba0c7), 43 | U56LE(0xf3932d94c63d96), U56LE(0x9cecfa96147eaa), 44 | U56LE(0x5f065c3c59d070), U56LE(0x3a6a26adf73324), 45 | U56LE(0x1b4faff4609845), U56LE(0x297ea0ea2692ff) 46 | }}}, 47 | #endif 48 | {{{ 19 }}} 49 | }}; 50 | 51 | static const word_t curve_prime_order_lo[(224+WORD_BITS-1)/WORD_BITS] = { 52 | U64LE(0xdc873d6d54a7bb0d), 53 | U64LE(0xde933d8d723a70aa), 54 | U64LE(0x3bb124b65129c96f), 55 | 0x8335dc16 56 | }; 57 | const struct barrett_prime_t curve_prime_order = { 58 | GOLDI_FIELD_WORDS, 59 | 62 % WORD_BITS, 60 | sizeof(curve_prime_order_lo)/sizeof(curve_prime_order_lo[0]), 61 | curve_prime_order_lo 62 | }; 63 | 64 | const field_a_t 65 | sqrt_d_minus_1 = {{{ 66 | #ifdef USE_NEON_PERM 67 | 0x6749f46,0x24d9770,0xd2e2183,0xa49f7b4, 68 | 0xb4f0179,0x8c5f656,0x888db42,0xdcac462, 69 | 0xbdeea38,0x748734a,0x5a189aa,0x49443b8, 70 | 0x6f14c06,0x0b25b7a,0x51e65ca,0x12fec0c 71 | #else 72 | U56LE(0xd2e21836749f46), 73 | U56LE(0x888db42b4f0179), 74 | U56LE(0x5a189aabdeea38), 75 | U56LE(0x51e65ca6f14c06), 76 | U56LE(0xa49f7b424d9770), 77 | U56LE(0xdcac4628c5f656), 78 | U56LE(0x49443b8748734a), 79 | U56LE(0x12fec0c0b25b7a) 80 | #endif 81 | }}}; 82 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p480/arch_x86_64/arch_config.h: -------------------------------------------------------------------------------- 1 | #define WORD_BITS 64 2 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p480/f_arithmetic.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @cond internal 3 | * @file f_arithmetic.c 4 | * @copyright 5 | * Copyright (c) 2014 Cryptography Research, Inc. \n 6 | * Released under the MIT License. See LICENSE.txt for license information. 7 | * @author Mike Hamburg 8 | * @brief Field-specific arithmetic. 9 | */ 10 | 11 | #include "ec_point.h" 12 | 13 | void 14 | field_isr ( 15 | field_a_t a, 16 | const field_a_t x 17 | ) { 18 | field_a_t L0, L1, L2, L3; 19 | field_sqr ( L2, x ); 20 | field_mul ( L1, x, L2 ); 21 | field_sqrn ( L0, L1, 2 ); 22 | field_mul ( L2, L1, L0 ); 23 | field_sqrn ( L0, L2, 4 ); 24 | field_mul ( L1, L2, L0 ); 25 | field_sqr ( L0, L1 ); 26 | field_mul ( L2, x, L0 ); 27 | field_sqrn ( L0, L2, 8 ); 28 | field_mul ( L2, L1, L0 ); 29 | field_sqrn ( L0, L2, 17 ); 30 | field_mul ( L1, L2, L0 ); 31 | field_sqrn ( L0, L1, 17 ); 32 | field_mul ( L1, L2, L0 ); 33 | field_sqrn ( L3, L1, 17 ); 34 | field_mul ( L0, L2, L3 ); 35 | field_sqrn ( L2, L0, 51 ); 36 | field_mul ( L0, L1, L2 ); 37 | field_sqrn ( L1, L0, 119 ); 38 | field_mul ( L2, L0, L1 ); 39 | field_sqr ( L0, L2 ); 40 | field_mul ( L1, x, L0 ); 41 | field_sqrn ( L0, L1, 239 ); 42 | field_mul ( a, L2, L0 ); 43 | } 44 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p480/f_field.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file f_field.h 3 | * @brief Field-specific code. 4 | * @copyright 5 | * Copyright (c) 2014 Cryptography Research, Inc. \n 6 | * Released under the MIT License. See LICENSE.txt for license information. 7 | * @author Mike Hamburg 8 | */ 9 | #ifndef __F_FIELD_H__ 10 | #define __F_FIELD_H__ 1 11 | 12 | #include "constant_time.h" 13 | #include 14 | 15 | #include "p480.h" 16 | #define FIELD_BITS 480 17 | #define field_t p480_t 18 | #define field_mul p480_mul 19 | #define field_sqr p480_sqr 20 | #define field_add_RAW p480_add_RAW 21 | #define field_sub_RAW p480_sub_RAW 22 | #define field_mulw p480_mulw 23 | #define field_addw p480_addw 24 | #define field_subw_RAW p480_subw 25 | #define field_neg_RAW p480_neg_RAW 26 | #define field_set_ui p480_set_ui 27 | #define field_bias p480_bias 28 | #define field_inverse p480_inverse 29 | #define field_eq p480_eq 30 | #define field_isr p480_isr 31 | #define field_simultaneous_invert p480_simultaneous_invert 32 | #define field_weak_reduce p480_weak_reduce 33 | #define field_strong_reduce p480_strong_reduce 34 | #define field_serialize p480_serialize 35 | #define field_deserialize p480_deserialize 36 | #define field_is_zero p480_is_zero 37 | 38 | #endif /* __F_FIELD_H__ */ 39 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p480/f_magic.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file f_magic.h 3 | * @copyright 4 | * Copyright (c) 2014 Cryptography Research, Inc. \n 5 | * Released under the MIT License. See LICENSE.txt for license information. 6 | * @author Mike Hamburg 7 | * @brief Goldilocks magic numbers (group orders, coefficients, algo params etc). 8 | */ 9 | 10 | #ifndef __GOLDI_F_MAGIC_H__ 11 | #define __GOLDI_F_MAGIC_H__ 1 12 | 13 | #include "field.h" 14 | #include "ec_point.h" 15 | 16 | /** 17 | * @brief The Edwards "d" term for this curve. 18 | */ 19 | static const int64_t EDWARDS_D = 53825; 20 | 21 | /** @brief The number of combs to use for signed comb algo */ 22 | #define COMB_N (USE_BIG_COMBS ? 6 : 5) 23 | 24 | /** @brief The number of teeth of the combs for signed comb algo */ 25 | #define COMB_T (USE_BIG_COMBS ? 5 : 4) 26 | 27 | /** @brief The spacing the of combs for signed comb algo */ 28 | #define COMB_S (USE_BIG_COMBS ? 16 : 24) 29 | 30 | #endif /* __GOLDI_F_MAGIC_H__ */ 31 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p480/magic.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2014 Cryptography Research, Inc. 2 | * Released under the MIT License. See LICENSE.txt for license information. 3 | */ 4 | 5 | #include "field.h" 6 | #include "magic.h" 7 | #include "barrett_field.h" 8 | 9 | /* FUTURE: automatically generate this file? */ 10 | 11 | const uint8_t FIELD_MODULUS[FIELD_BYTES] = { 12 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 13 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 14 | /*!*/ 0xfe, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 15 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF 16 | }; 17 | 18 | const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = { 19 | U64LE(0x58b51bc56ea8f0c4), 20 | U64LE(0xd361f6a2348b50c9), 21 | U64LE(0x08089c139c0002ae), 22 | U64LE(0x0001d2ac3d9503a0), 23 | U64LE(0x0000000000000000), 24 | U64LE(0x0000000000000000), 25 | U64LE(0x0000000000000000), 26 | 0x40000000, 27 | 28 | U64LE(0xcb9c25073e36965b), 29 | U64LE(0x6f2d48d8460f1661), 30 | U64LE(0x0ab6256f7aaaae3e), 31 | U64LE(0x00026e3afcc6af80), 32 | U64LE(0x0000000000000000), 33 | U64LE(0x0000000000000000), 34 | U64LE(0x0000000000000000), 35 | 0x00000000 36 | }; 37 | 38 | const affine_a_t goldilocks_base_point = {{ 39 | {{{ 40 | U60LE(0x849ff7f845c30d3), 41 | U60LE(0x7dda488553a4c5b), 42 | U60LE(0x1d3a2d9844831ea), 43 | U60LE(0xb33ecf6ade470a2), 44 | U60LE(0x8b3cb95210bd3c3), 45 | U60LE(0xfc955e59aeefa65), 46 | U60LE(0x3ab247cd530013c), 47 | U60LE(0x7ca42af3d564280) 48 | }}}, 49 | {{{ 5 }}} 50 | }}; 51 | 52 | static const word_t curve_prime_order_lo[(240+WORD_BITS-1)/WORD_BITS] = { 53 | U64LE(0x72e70941cf8da597), 54 | U64LE(0x9bcb52361183c598), 55 | U64LE(0x02ad895bdeaaab8f), 56 | U64LE(0x9b8ebf31abe0) 57 | }; 58 | const struct barrett_prime_t curve_prime_order = { 59 | GOLDI_FIELD_WORDS, 60 | 30 % WORD_BITS, 61 | sizeof(curve_prime_order_lo)/sizeof(curve_prime_order_lo[0]), 62 | curve_prime_order_lo 63 | }; 64 | 65 | const field_a_t 66 | sqrt_d_minus_1 = {{{ 67 | 232 /* Whoa, it comes out even. */ 68 | }}}; 69 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p521/arch_ref64/arch_config.h: -------------------------------------------------------------------------------- 1 | #define WORD_BITS 64 2 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p521/arch_x86_64_r12/arch_config.h: -------------------------------------------------------------------------------- 1 | #define WORD_BITS 64 2 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p521/f_arithmetic.c: -------------------------------------------------------------------------------- 1 | /** 2 | * @cond internal 3 | * @file f_arithmetic.c 4 | * @copyright 5 | * Copyright (c) 2014 Cryptography Research, Inc. \n 6 | * Released under the MIT License. See LICENSE.txt for license information. 7 | * @author Mike Hamburg 8 | * @brief Field-specific arithmetic. 9 | */ 10 | 11 | #include "ec_point.h" 12 | 13 | void 14 | field_isr ( 15 | field_a_t a, 16 | const field_a_t x 17 | ) { 18 | field_a_t L0, L1, L2; 19 | field_sqr ( L1, x ); 20 | field_mul ( L0, x, L1 ); 21 | field_sqrn ( L2, L0, 2 ); 22 | field_mul ( L1, L0, L2 ); 23 | field_sqrn ( L2, L1, 4 ); 24 | field_mul ( L0, L1, L2 ); 25 | field_sqrn ( L2, L0, 8 ); 26 | field_mul ( L1, L0, L2 ); 27 | field_sqrn ( L2, L1, 16 ); 28 | field_mul ( L0, L1, L2 ); 29 | field_sqrn ( L2, L0, 32 ); 30 | field_mul ( L1, L0, L2 ); 31 | field_sqr ( L2, L1 ); 32 | field_mul ( L0, x, L2 ); 33 | field_sqrn ( L2, L0, 64 ); 34 | field_mul ( L0, L1, L2 ); 35 | field_sqrn ( L2, L0, 129 ); 36 | field_mul ( L1, L0, L2 ); 37 | field_sqr ( L2, L1 ); 38 | field_mul ( L0, x, L2 ); 39 | field_sqrn ( L2, L0, 259 ); 40 | field_mul ( L1, L0, L2 ); 41 | field_sqr ( L0, L1 ); 42 | field_mul ( a, x, L0 ); 43 | } 44 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p521/f_field.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file f_field.h 3 | * @brief Field-specific code. 4 | * @copyright 5 | * Copyright (c) 2014 Cryptography Research, Inc. \n 6 | * Released under the MIT License. See LICENSE.txt for license information. 7 | * @author Mike Hamburg 8 | */ 9 | #ifndef __F_FIELD_H__ 10 | #define __F_FIELD_H__ 1 11 | 12 | #include 13 | #include "constant_time.h" 14 | 15 | #include "p521.h" 16 | #define FIELD_BITS 521 17 | #define field_t p521_t 18 | #define field_mul p521_mul 19 | #define field_sqr p521_sqr 20 | #define field_add_RAW p521_add_RAW 21 | #define field_sub_RAW p521_sub_RAW 22 | #define field_mulw p521_mulw 23 | #define field_addw p521_addw 24 | #define field_subw_RAW p521_subw 25 | #define field_neg_RAW p521_neg_RAW 26 | #define field_set_ui p521_set_ui 27 | #define field_bias p521_bias 28 | #define field_inverse p521_inverse 29 | #define field_eq p521_eq 30 | #define field_isr p521_isr 31 | #define field_simultaneous_invert p521_simultaneous_invert 32 | #define field_weak_reduce p521_weak_reduce 33 | #define field_strong_reduce p521_strong_reduce 34 | #define field_serialize p521_serialize 35 | #define field_deserialize p521_deserialize 36 | #define field_is_zero p521_is_zero 37 | 38 | #endif /* __F_FIELD_H__ */ 39 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p521/f_magic.h: -------------------------------------------------------------------------------- 1 | /** 2 | * @file f_magic.h 3 | * @copyright 4 | * Copyright (c) 2014 Cryptography Research, Inc. \n 5 | * Released under the MIT License. See LICENSE.txt for license information. 6 | * @author Mike Hamburg 7 | * @brief Goldilocks magic numbers (group orders, coefficients, algo params etc). 8 | */ 9 | 10 | #ifndef __GOLDI_F_MAGIC_H__ 11 | #define __GOLDI_F_MAGIC_H__ 1 12 | 13 | #include "field.h" 14 | #include "ec_point.h" 15 | 16 | /** 17 | * @brief The Edwards "d" term for this curve. 18 | */ 19 | static const int64_t EDWARDS_D = -376014; 20 | 21 | /** @brief The number of combs to use for signed comb algo */ 22 | #define COMB_N (USE_BIG_COMBS ? 4 : 5) 23 | 24 | /** @brief The number of teeth of the combs for signed comb algo */ 25 | #define COMB_T (USE_BIG_COMBS ? 5 : 4) 26 | 27 | /** @brief The spacing the of combs for signed comb algo */ 28 | #define COMB_S (USE_BIG_COMBS ? 26 : 26) 29 | 30 | #endif /* __GOLDI_F_MAGIC_H__ */ 31 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/src/p521/magic.c: -------------------------------------------------------------------------------- 1 | /* Copyright (c) 2014 Cryptography Research, Inc. 2 | * Released under the MIT License. See LICENSE.txt for license information. 3 | */ 4 | 5 | #include "field.h" 6 | #include "magic.h" 7 | #include "barrett_field.h" 8 | 9 | /* FUTURE: automatically generate this file? */ 10 | 11 | const uint8_t FIELD_MODULUS[FIELD_BYTES] = { 12 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 13 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 14 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 15 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 16 | 0xFF, 0x01 17 | }; 18 | 19 | const word_t SCALARMUL_FIXED_WINDOW_ADJUSTMENT[2*SCALAR_WORDS] = { 20 | U64LE(0xbf15dbca0ae7f294), 21 | U64LE(0x04273ba96570e0ba), 22 | U64LE(0xc94750a1813ac0fb), 23 | U64LE(0xea4939b8b9037a08), 24 | U64LE(0x0000000000000002), 25 | U64LE(0x0000000000000000), 26 | U64LE(0x0000000000000000), 27 | U64LE(0x0000000000000000), 28 | 0x80, 29 | 30 | U64LE(0x7e2bb79415cfe529), 31 | U64LE(0x084e7752cae1c175), 32 | U64LE(0x928ea143027581f6), 33 | U64LE(0xd49273717206f411), 34 | U64LE(0x0000000000000005), 35 | U64LE(0x0000000000000000), 36 | U64LE(0x0000000000000000), 37 | U64LE(0x0000000000000000), 38 | 0x0 39 | }; 40 | 41 | const affine_a_t goldilocks_base_point = {{ 42 | {{{ 43 | #ifdef USE_P521_3x3_TRANSPOSE 44 | U58LE(0x02a940a2f19ba6c), 45 | U58LE(0x3331c90d2c6ba52), 46 | U58LE(0x2878a3bfd9f42fc), 47 | 0, 48 | U58LE(0x03ec4cd920e2a8c), 49 | U58LE(0x0c6203913f6ecc5), 50 | U58LE(0x06277e432c8a5ac), 51 | 0, 52 | U58LE(0x1d568fc99c6059d), 53 | U58LE(0x1b2063b22fcf270), 54 | U58LE(0x0752cb45c48648b), 55 | 0 56 | #else 57 | U58LE(0x02a940a2f19ba6c), 58 | U58LE(0x03ec4cd920e2a8c), 59 | U58LE(0x1d568fc99c6059d), 60 | U58LE(0x3331c90d2c6ba52), 61 | U58LE(0x0c6203913f6ecc5), 62 | U58LE(0x1b2063b22fcf270), 63 | U58LE(0x2878a3bfd9f42fc), 64 | U58LE(0x06277e432c8a5ac), 65 | U58LE(0x0752cb45c48648b) 66 | #endif 67 | }}}, 68 | {{{ 12 }}} 69 | }}; 70 | 71 | static const word_t curve_prime_order_lo[(261+WORD_BITS-1)/WORD_BITS] = { 72 | U64LE(0xbf15dbca0ae7f295), 73 | U64LE(0x4273ba96570e0ba), 74 | U64LE(0xc94750a1813ac0fb), 75 | U64LE(0xea4939b8b9037a08), 76 | 2 77 | }; 78 | const struct barrett_prime_t curve_prime_order = { 79 | GOLDI_FIELD_WORDS, 80 | 7 % WORD_BITS, 81 | sizeof(curve_prime_order_lo)/sizeof(curve_prime_order_lo[0]), 82 | curve_prime_order_lo 83 | }; 84 | 85 | const field_a_t 86 | sqrt_d_minus_1 = {{{ 87 | #ifdef USE_P521_3x3_TRANSPOSE 88 | U58LE(0x1e2be72c1c81990), 89 | U58LE(0x207dfc238a33e46), 90 | U58LE(0x2264cfb418c4c30), 91 | 0, 92 | U58LE(0x1135002ad596c69), 93 | U58LE(0x0e30107cd79d1f6), 94 | U58LE(0x0524b9e715937f5), 95 | 0, 96 | U58LE(0x2ab3a257a22666d), 97 | U58LE(0x2d80cc2936a1824), 98 | U58LE(0x0a9ea3ac10d6aed), 99 | 0 100 | #else 101 | U58LE(0x1e2be72c1c81990), 102 | U58LE(0x1135002ad596c69), 103 | U58LE(0x2ab3a257a22666d), 104 | U58LE(0x207dfc238a33e46), 105 | U58LE(0x0e30107cd79d1f6), 106 | U58LE(0x2d80cc2936a1824), 107 | U58LE(0x2264cfb418c4c30), 108 | U58LE(0x0524b9e715937f5), 109 | U58LE(0x0a9ea3ac10d6aed) 110 | #endif 111 | }}}; 112 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/test/batarch.map: -------------------------------------------------------------------------------- 1 | neon arch_neon_experimental 2 | arm32 arch_arm_32 3 | 64 arch_ref64 4 | 32 arch_32 5 | amd64 arch_x86_64 6 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/test/test.c: -------------------------------------------------------------------------------- 1 | #include "test.h" 2 | 3 | #include 4 | #include 5 | 6 | #ifndef LIMBPERM 7 | #define LIMBPERM(x) (x) 8 | #endif 9 | 10 | int failed_tests, n_tests, failed_this_test, running_a_test; 11 | 12 | static void end_test(void) { 13 | if (!failed_this_test) { 14 | printf("[PASS]\n"); 15 | } 16 | n_tests ++; 17 | running_a_test = 0; 18 | } 19 | 20 | static void begin_test(const char *name) { 21 | if (running_a_test) end_test(); 22 | printf("%s...%*s",name,(int)(30-strlen(name)),""); 23 | fflush(stdout); 24 | failed_this_test = 0; 25 | running_a_test = 1; 26 | } 27 | 28 | void youfail(void) { 29 | if (failed_this_test) return; 30 | failed_this_test = 1; 31 | failed_tests ++; 32 | printf("[FAIL]\n"); 33 | } 34 | 35 | static int 36 | hexchar (char c) { 37 | if (c >= '0' && c <= '9') { 38 | return c - '0'; 39 | } else if (c >= 'a' && c <= 'f') { 40 | return 10 + c - 'a'; 41 | } else if (c >= 'A' && c <= 'F') { 42 | return 10 + c - 'A'; 43 | } else { 44 | return -1; 45 | } 46 | } 47 | 48 | int 49 | hexdecode ( 50 | unsigned char *bytes, 51 | const char *hex, 52 | unsigned int nbytes 53 | ) { 54 | if (strlen(hex) != nbytes*2) { 55 | return -1; 56 | } 57 | 58 | unsigned int i; 59 | for (i=0; i=0; j--) { 92 | printf("%02x", ser[j]); 93 | } 94 | printf("\n"); 95 | } 96 | 97 | void scalar_print ( 98 | const char *descr, 99 | const word_t *scalar, 100 | int nwords 101 | ) { 102 | int j; 103 | printf("%s = 0x", descr); 104 | for (j=nwords-1; j>=0; j--) { 105 | printf(PRIxWORDfull, scalar[j]); 106 | } 107 | printf("\n"); 108 | } 109 | 110 | int main(int argc, char **argv) { 111 | (void) argc; 112 | (void) argv; 113 | 114 | n_tests = running_a_test = failed_tests = 0; 115 | 116 | begin_test("Arithmetic"); 117 | test_arithmetic(); 118 | 119 | begin_test("EC point operations"); 120 | test_pointops(); 121 | 122 | begin_test("Scalarmul compatibility"); 123 | test_scalarmul_compatibility(); 124 | 125 | begin_test("Scalarmul commutativity"); 126 | test_scalarmul_commutativity(); 127 | 128 | begin_test("Linear combo"); 129 | test_linear_combo(); 130 | 131 | begin_test("SHA-512 NIST Monte Carlo"); 132 | test_sha512_monte_carlo(); 133 | 134 | begin_test("Goldilocks complete system"); 135 | test_goldilocks(); 136 | 137 | if (running_a_test) end_test(); 138 | printf("\n"); 139 | if (failed_tests) { 140 | printf("Failed %d / %d tests.\n", failed_tests, n_tests); 141 | } else { 142 | printf("Passed all %d tests.\n", n_tests); 143 | } 144 | 145 | return failed_tests ? 1 : 0; 146 | } 147 | -------------------------------------------------------------------------------- /src/crypto/goldilocks/test/test.h: -------------------------------------------------------------------------------- 1 | #ifndef __GOLDILOCKS_TEST_H__ 2 | #define __GOLDILOCKS_TEST_H__ 1 3 | 4 | #include "word.h" 5 | #include "field.h" 6 | 7 | int 8 | hexdecode ( 9 | unsigned char *bytes, 10 | const char *hex, 11 | unsigned int nbytes 12 | ); 13 | 14 | void 15 | hexprint ( 16 | const char *descr, 17 | const unsigned char *bytes, 18 | unsigned int nbytes 19 | ); 20 | 21 | void field_print ( 22 | const char *descr, 23 | const field_a_t a 24 | ); 25 | 26 | void scalar_print ( 27 | const char *descr, 28 | const word_t *scalar, 29 | int nwords 30 | ); 31 | 32 | void youfail(void); 33 | 34 | int test_sha512_monte_carlo(void); 35 | 36 | int test_linear_combo (void); 37 | 38 | int test_scalarmul_compatibility (void); 39 | 40 | int test_scalarmul_commutativity (void); 41 | 42 | int test_arithmetic (void); 43 | 44 | int test_goldilocks (void); 45 | 46 | int test_pointops (void); 47 | 48 | #endif // __GOLDILOCKS_TEST_H__ 49 | -------------------------------------------------------------------------------- /src/crypto/newhope/LICENSE: -------------------------------------------------------------------------------- 1 | Authors: Erdem Alkim, Léo Ducas, Thomas Pöppelmann, Peter Schwabe 2 | Public domain. 3 | -------------------------------------------------------------------------------- /src/crypto/newhope/batcher.h: -------------------------------------------------------------------------------- 1 | #ifndef BATCHER_H 2 | #define BATCHER_H 3 | 4 | #include 5 | 6 | void batcher84(uint16_t *x); 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /src/crypto/newhope/cpucycles.c: -------------------------------------------------------------------------------- 1 | #include "cpucycles.h" 2 | 3 | long long cpucycles(void) 4 | { 5 | unsigned long long result; 6 | asm volatile(".byte 15;.byte 49;shlq $32,%%rdx;orq %%rdx,%%rax" 7 | : "=a" (result) :: "%rdx"); 8 | return result; 9 | } 10 | -------------------------------------------------------------------------------- /src/crypto/newhope/cpucycles.h: -------------------------------------------------------------------------------- 1 | #ifndef CPUCYCLES_H 2 | #define CPUCYCLES_H 3 | 4 | long long cpucycles(void); 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /src/crypto/newhope/crypto_stream_chacha20.h: -------------------------------------------------------------------------------- 1 | #ifndef CRYPTO_STREAM_CHACHA20 2 | #define CRYPTO_STREAM_CHACHA20 3 | 4 | int crypto_stream_chacha20(unsigned char *c,unsigned long long clen, const unsigned char *n, const unsigned char *k); 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /src/crypto/newhope/error_correction.c: -------------------------------------------------------------------------------- 1 | #include "error_correction.h" 2 | 3 | //See paper for details on the error reconciliation 4 | 5 | static int32_t abs(int32_t v) 6 | { 7 | int32_t mask = v >> 31; 8 | return (v ^ mask) - mask; 9 | } 10 | 11 | 12 | static int32_t f(int32_t *v0, int32_t *v1, uint32_t x) 13 | { 14 | int32_t xit, t, r, b; 15 | 16 | // Next 6 lines compute t = x/PARAM_Q; 17 | b = x*2730; 18 | t = b >> 25; 19 | b = x - t*12289; 20 | b = 12288 - b; 21 | b >>= 31; 22 | t -= b; 23 | 24 | r = t & 1; 25 | xit = (t>>1); 26 | *v0 = xit+r; // v0 = round(x/(2*PARAM_Q)) 27 | 28 | t -= 1; 29 | r = t & 1; 30 | *v1 = (t>>1)+r; 31 | 32 | return abs(x-((*v0)*2*PARAM_Q)); 33 | } 34 | 35 | static int32_t g(int32_t x) 36 | { 37 | int32_t t,c,b; 38 | 39 | // Next 6 lines compute t = x/(4*PARAM_Q); 40 | b = x*2730; 41 | t = b >> 27; 42 | b = x - t*49156; 43 | b = 49155 - b; 44 | b >>= 31; 45 | t -= b; 46 | 47 | c = t & 1; 48 | t = (t >> 1) + c; // t = round(x/(8*PARAM_Q)) 49 | 50 | t *= 8*PARAM_Q; 51 | 52 | return abs(t - x); 53 | } 54 | 55 | 56 | static int16_t LDDecode(int32_t xi0, int32_t xi1, int32_t xi2, int32_t xi3) 57 | { 58 | int32_t t; 59 | 60 | t = g(xi0); 61 | t += g(xi1); 62 | t += g(xi2); 63 | t += g(xi3); 64 | 65 | t -= 8*PARAM_Q; 66 | t >>= 31; 67 | return t&1; 68 | } 69 | 70 | 71 | void helprec(poly *c, const poly *v, const unsigned char *seed, unsigned char nonce) 72 | { 73 | int32_t v0[4], v1[4], v_tmp[4], k; 74 | unsigned char rbit; 75 | unsigned char rand[32]; 76 | unsigned char n[8]; 77 | int i; 78 | 79 | for(i=0;i<7;i++) 80 | n[i] = 0; 81 | n[7] = nonce; 82 | 83 | crypto_stream_chacha20(rand,32,n,seed); 84 | 85 | for(i=0; i<256; i++) 86 | { 87 | rbit = (rand[i>>3] >> (i&7)) & 1; 88 | 89 | k = f(v0+0, v1+0, 8*v->coeffs[ 0+i] + 4*rbit); 90 | k += f(v0+1, v1+1, 8*v->coeffs[256+i] + 4*rbit); 91 | k += f(v0+2, v1+2, 8*v->coeffs[512+i] + 4*rbit); 92 | k += f(v0+3, v1+3, 8*v->coeffs[768+i] + 4*rbit); 93 | 94 | k = (2*PARAM_Q-1-k) >> 31; 95 | 96 | v_tmp[0] = ((~k) & v0[0]) ^ (k & v1[0]); 97 | v_tmp[1] = ((~k) & v0[1]) ^ (k & v1[1]); 98 | v_tmp[2] = ((~k) & v0[2]) ^ (k & v1[2]); 99 | v_tmp[3] = ((~k) & v0[3]) ^ (k & v1[3]); 100 | 101 | c->coeffs[ 0+i] = (v_tmp[0] - v_tmp[3]) & 3; 102 | c->coeffs[256+i] = (v_tmp[1] - v_tmp[3]) & 3; 103 | c->coeffs[512+i] = (v_tmp[2] - v_tmp[3]) & 3; 104 | c->coeffs[768+i] = ( -k + 2*v_tmp[3]) & 3; 105 | } 106 | } 107 | 108 | 109 | void rec(unsigned char *key, const poly *v, const poly *c) 110 | { 111 | int i; 112 | int32_t tmp[4]; 113 | 114 | for(i=0;i<32;i++) 115 | key[i] = 0; 116 | 117 | for(i=0; i<256; i++) 118 | { 119 | tmp[0] = 16*PARAM_Q + 8*(int32_t)v->coeffs[ 0+i] - PARAM_Q * (2*c->coeffs[ 0+i]+c->coeffs[768+i]); 120 | tmp[1] = 16*PARAM_Q + 8*(int32_t)v->coeffs[256+i] - PARAM_Q * (2*c->coeffs[256+i]+c->coeffs[768+i]); 121 | tmp[2] = 16*PARAM_Q + 8*(int32_t)v->coeffs[512+i] - PARAM_Q * (2*c->coeffs[512+i]+c->coeffs[768+i]); 122 | tmp[3] = 16*PARAM_Q + 8*(int32_t)v->coeffs[768+i] - PARAM_Q * ( c->coeffs[768+i]); 123 | 124 | key[i>>3] |= LDDecode(tmp[0], tmp[1], tmp[2], tmp[3]) << (i & 7); 125 | } 126 | } 127 | -------------------------------------------------------------------------------- /src/crypto/newhope/error_correction.h: -------------------------------------------------------------------------------- 1 | #ifndef ERROR_CORRECTION_H 2 | #define ERROR_CORRECTION_H 3 | 4 | #include "inttypes.h" 5 | #include "params.h" 6 | #include "randombytes.h" 7 | #include "crypto_stream_chacha20.h" 8 | #include "math.h" 9 | #include "poly.h" 10 | #include 11 | 12 | void helprec(poly *c, const poly *v, const unsigned char *seed, unsigned char nonce); 13 | void rec(unsigned char *key, const poly *v, const poly *c); 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /src/crypto/newhope/fips202.h: -------------------------------------------------------------------------------- 1 | #ifndef FIPS202_H 2 | #define FIPS202_H 3 | 4 | #define SHAKE128_RATE 168 5 | #define SHA3_256_RATE 136 6 | 7 | void shake128_absorb(uint64_t *s, const unsigned char *input, unsigned int inputByteLen); 8 | void shake128_squeezeblocks(unsigned char *output, unsigned long long nblocks, uint64_t *s); 9 | void shake128(unsigned char *output, unsigned int outputByteLen, const unsigned char *input, unsigned int inputByteLen); 10 | void sha3256(unsigned char *output, const unsigned char *input, unsigned int inputByteLen); 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /src/crypto/newhope/newhope.c: -------------------------------------------------------------------------------- 1 | #include "poly.h" 2 | #include "randombytes.h" 3 | #include "error_correction.h" 4 | #include "fips202.h" 5 | #include 6 | 7 | static void encode_a(unsigned char *r, const poly *pk, const unsigned char *seed) 8 | { 9 | int i; 10 | poly_tobytes(r, pk); 11 | for(i=0;icoeffs[4*i] | (c->coeffs[4*i+1] << 2) | (c->coeffs[4*i+2] << 4) | (c->coeffs[4*i+3] << 6); 29 | } 30 | 31 | static void decode_b(poly *b, poly *c, const unsigned char *r) 32 | { 33 | int i; 34 | poly_frombytes(b, r); 35 | for(i=0;icoeffs[4*i+0] = r[POLY_BYTES+i] & 0x03; 38 | c->coeffs[4*i+1] = (r[POLY_BYTES+i] >> 2) & 0x03; 39 | c->coeffs[4*i+2] = (r[POLY_BYTES+i] >> 4) & 0x03; 40 | c->coeffs[4*i+3] = (r[POLY_BYTES+i] >> 6); 41 | } 42 | } 43 | 44 | static void gen_a(poly *a, const unsigned char *seed) 45 | { 46 | poly_uniform(a,seed); 47 | } 48 | 49 | 50 | // API FUNCTIONS 51 | 52 | void newhope_keygen(unsigned char *send, poly *sk, const unsigned char *random_data) 53 | { 54 | poly a, e, r, pk; 55 | unsigned char seed[NEWHOPE_SEEDBYTES]; 56 | unsigned char noiseseed[32]; 57 | 58 | sha3256(seed, random_data, NEWHOPE_SEEDBYTES); 59 | memcpy(noiseseed, random_data + NEWHOPE_SEEDBYTES, 32); 60 | 61 | gen_a(&a, seed); 62 | 63 | poly_getnoise(sk,noiseseed,0); 64 | poly_ntt(sk); 65 | 66 | poly_getnoise(&e,noiseseed,1); 67 | poly_ntt(&e); 68 | 69 | poly_pointwise(&r,sk,&a); 70 | poly_add(&pk,&e,&r); 71 | 72 | encode_a(send, &pk, seed); 73 | } 74 | 75 | 76 | void newhope_sharedb(unsigned char *sharedkey, unsigned char *send, const unsigned char *received, const unsigned char *random_data) 77 | { 78 | poly sp, ep, v, a, pka, c, epp, bp; 79 | unsigned char seed[NEWHOPE_SEEDBYTES]; 80 | unsigned char noiseseed[32]; 81 | 82 | memcpy(noiseseed, random_data, 32); 83 | 84 | decode_a(&pka, seed, received); 85 | gen_a(&a, seed); 86 | 87 | poly_getnoise(&sp,noiseseed,0); 88 | poly_ntt(&sp); 89 | poly_getnoise(&ep,noiseseed,1); 90 | poly_ntt(&ep); 91 | 92 | poly_pointwise(&bp, &a, &sp); 93 | poly_add(&bp, &bp, &ep); 94 | 95 | poly_pointwise(&v, &pka, &sp); 96 | poly_invntt(&v); 97 | 98 | poly_getnoise(&epp,noiseseed,2); 99 | poly_add(&v, &v, &epp); 100 | 101 | helprec(&c, &v, noiseseed, 3); 102 | 103 | encode_b(send, &bp, &c); 104 | 105 | rec(sharedkey, &v, &c); 106 | 107 | #ifndef STATISTICAL_TEST 108 | sha3256(sharedkey, sharedkey, 32); 109 | #endif 110 | } 111 | 112 | 113 | void newhope_shareda(unsigned char *sharedkey, const poly *sk, const unsigned char *received) 114 | { 115 | poly v,bp, c; 116 | 117 | decode_b(&bp, &c, received); 118 | 119 | poly_pointwise(&v,sk,&bp); 120 | poly_invntt(&v); 121 | 122 | rec(sharedkey, &v, &c); 123 | 124 | #ifndef STATISTICAL_TEST 125 | sha3256(sharedkey, sharedkey, 32); 126 | #endif 127 | } 128 | -------------------------------------------------------------------------------- /src/crypto/newhope/newhope.h: -------------------------------------------------------------------------------- 1 | #ifndef NEWHOPE_H 2 | #define NEWHOPE_H 3 | 4 | #include "poly.h" 5 | #include "randombytes.h" 6 | #include "crypto_stream_chacha20.h" 7 | #include "error_correction.h" 8 | #include 9 | #include 10 | 11 | void newhope_keygen(unsigned char *send, poly *sk, const unsigned char *random_data); 12 | void newhope_sharedb(unsigned char *sharedkey, unsigned char *send, const unsigned char *received, const unsigned char *random_data); 13 | void newhope_shareda(unsigned char *sharedkey, const poly *ska, const unsigned char *received); 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /src/crypto/newhope/ntt.h: -------------------------------------------------------------------------------- 1 | #ifndef NTT_H 2 | #define NTT_H 3 | 4 | #include "inttypes.h" 5 | 6 | extern uint16_t omegas_montgomery[]; 7 | extern uint16_t omegas_inv_montgomery[]; 8 | 9 | extern uint16_t psis_bitrev_montgomery[]; 10 | extern uint16_t psis_inv_montgomery[]; 11 | 12 | void bitrev_vector(uint16_t* poly); 13 | void mul_coefficients(uint16_t* poly, const uint16_t* factors); 14 | void ntt(uint16_t* poly, const uint16_t* omegas); 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /src/crypto/newhope/params.h: -------------------------------------------------------------------------------- 1 | #ifndef PARAMS_H 2 | #define PARAMS_H 3 | 4 | #define PARAM_N 1024 5 | 6 | #define PARAM_K 16 /* used in sampler */ 7 | #define PARAM_Q 12289 8 | 9 | #define POLY_BYTES 1792 10 | #define NEWHOPE_SEEDBYTES 32 11 | #define NEWHOPE_RECBYTES 256 12 | 13 | #define NEWHOPE_SENDABYTES (POLY_BYTES + NEWHOPE_SEEDBYTES) 14 | #define NEWHOPE_SENDBBYTES (POLY_BYTES + NEWHOPE_RECBYTES) 15 | 16 | #endif 17 | -------------------------------------------------------------------------------- /src/crypto/newhope/poly.h: -------------------------------------------------------------------------------- 1 | #ifndef POLY_H 2 | #define POLY_H 3 | 4 | #include 5 | #include "params.h" 6 | 7 | typedef struct { 8 | uint16_t coeffs[PARAM_N]; 9 | } poly __attribute__ ((aligned (32))); 10 | 11 | void poly_uniform(poly *a, const unsigned char *seed); 12 | void poly_getnoise(poly *r, unsigned char *seed, unsigned char nonce); 13 | void poly_add(poly *r, const poly *a, const poly *b); 14 | 15 | void poly_ntt(poly *r); 16 | void poly_invntt(poly *r); 17 | void poly_pointwise(poly *r, const poly *a, const poly *b); 18 | 19 | void poly_frombytes(poly *r, const unsigned char *a); 20 | void poly_tobytes(unsigned char *r, const poly *p); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /src/crypto/newhope/randombytes.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "randombytes.h" 6 | 7 | static int fd = -1; 8 | 9 | void randombytes(unsigned char *x,unsigned long long xlen) 10 | { 11 | int i; 12 | 13 | if (fd == -1) { 14 | for (;;) { 15 | fd = open("/dev/urandom",O_RDONLY); 16 | if (fd != -1) break; 17 | sleep(1); 18 | } 19 | } 20 | 21 | while (xlen > 0) { 22 | if (xlen < 1048576) i = xlen; else i = 1048576; 23 | 24 | i = read(fd,x,i); 25 | if (i < 1) { 26 | sleep(1); 27 | continue; 28 | } 29 | 30 | x += i; 31 | xlen -= i; 32 | } 33 | } 34 | 35 | -------------------------------------------------------------------------------- /src/crypto/newhope/randombytes.h: -------------------------------------------------------------------------------- 1 | #ifndef RANDOMBYTES_H 2 | #define RANDOMBYTES_H 3 | 4 | void randombytes(unsigned char *x,unsigned long long xlen); 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /src/crypto/newhope/reduce.c: -------------------------------------------------------------------------------- 1 | #include "reduce.h" 2 | #include "params.h" 3 | 4 | /* Incomplete-reduction routines; for details on allowed input ranges 5 | * and produced output ranges, see the description in the paper: 6 | * https://cryptojedi.org/papers/#newhope */ 7 | 8 | 9 | static const uint32_t qinv = 12287; // -inverse_mod(p,2^18) 10 | static const uint32_t rlog = 18; 11 | 12 | uint16_t montgomery_reduce(uint32_t a) 13 | { 14 | uint32_t u; 15 | 16 | u = (a * qinv); 17 | u &= ((1<> 18; 21 | } 22 | 23 | 24 | uint16_t barrett_reduce(uint16_t a) 25 | { 26 | uint32_t u; 27 | 28 | u = ((uint32_t) a * 5) >> 16; 29 | u *= PARAM_Q; 30 | a -= u; 31 | return a; 32 | } 33 | 34 | -------------------------------------------------------------------------------- /src/crypto/newhope/reduce.h: -------------------------------------------------------------------------------- 1 | #ifndef REDUCE_H 2 | #define REDUCE_H 3 | 4 | #include 5 | 6 | uint16_t montgomery_reduce(uint32_t a); 7 | 8 | uint16_t barrett_reduce(uint16_t a); 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /src/crypto/sha2/sha256.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef SHA256_h 24 | #define SHA256_h 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct 34 | { 35 | uint32_t h[8]; 36 | uint8_t m[64]; 37 | uint64_t length; 38 | uint8_t posn; 39 | 40 | } sha256_context_t; 41 | 42 | void sha256_reset(sha256_context_t *context); 43 | void sha256_update(sha256_context_t *context, const void *data, size_t size); 44 | void sha256_finish(sha256_context_t *context, uint8_t *hash); 45 | 46 | #ifdef __cplusplus 47 | }; 48 | #endif 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /src/crypto/sha2/sha512.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef SHA512_h 24 | #define SHA512_h 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct 34 | { 35 | uint64_t h[8]; 36 | uint8_t m[128]; 37 | uint64_t length; /* Restricted to 2^56 bytes of input */ 38 | uint8_t posn; 39 | 40 | } sha512_context_t; 41 | 42 | void sha512_reset(sha512_context_t *context); 43 | void sha512_update(sha512_context_t *context, const void *data, size_t size); 44 | void sha512_finish(sha512_context_t *context, uint8_t *hash); 45 | void sha512_hash(uint8_t *hash, const void *data, size_t size); 46 | 47 | #ifdef __cplusplus 48 | }; 49 | #endif 50 | 51 | #endif 52 | -------------------------------------------------------------------------------- /src/keys/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | lib_LIBRARIES = libnoisekeys.a 3 | 4 | AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/noise/keys 5 | AM_CFLAGS = @WARNING_FLAGS@ 6 | 7 | libnoisekeys_a_SOURCES = \ 8 | certificate.c \ 9 | loader.c 10 | 11 | protos: 12 | $(top_builddir)/tools/protoc/noise-protoc \ 13 | -c $(top_srcdir)/src/keys/certificate.c \ 14 | -h $(top_srcdir)/include/noise/keys/certificate.h \ 15 | -l $(top_srcdir)/COPYING \ 16 | $(top_srcdir)/doc/noise-certificate.proto 17 | -------------------------------------------------------------------------------- /src/protobufs/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | lib_LIBRARIES = libnoiseprotobufs.a 3 | 4 | AM_CPPFLAGS = -I$(top_srcdir)/include 5 | AM_CFLAGS = @WARNING_FLAGS@ 6 | 7 | libnoiseprotobufs_a_SOURCES = protobufs.c 8 | -------------------------------------------------------------------------------- /src/protocol/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | AUTOMAKE_OPTIONS = subdir-objects 3 | 4 | lib_LIBRARIES = libnoiseprotocol.a 5 | 6 | # Definitions for Ed448-Goldilocks (Curve448 reference implementation) 7 | GOLDILOCKS_SRCDIR = $(top_srcdir)/src/crypto/goldilocks/src 8 | GOLDILOCKS_CPPFLAGS = \ 9 | -I$(GOLDILOCKS_SRCDIR)/include \ 10 | -I$(GOLDILOCKS_SRCDIR)/p448 \ 11 | -I$(GOLDILOCKS_SRCDIR)/p448/@GOLDILOCKS_ARCH@ 12 | 13 | AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src $(GOLDILOCKS_CPPFLAGS) 14 | AM_CFLAGS = @WARNING_FLAGS@ 15 | 16 | if USE_OPENSSL 17 | AM_CPPFLAGS += -DUSE_OPENSSL=1 18 | AM_CFLAGS += $(openssl_CFLAGS) 19 | endif 20 | 21 | if USE_LIBSODIUM 22 | AM_CPPFLAGS += -DUSE_LIBSODIUM=1 23 | AM_CFLAGS += $(libsodium_CFLAGS) 24 | else !USE_LIBSODIUM 25 | # Definitions for ed25519-donna (Ed25519 reference implementation) 26 | ED25519_CPPFLAGS = -DED25519_CUSTOMHASH -DED25519_CUSTOMRANDOM 27 | AM_CPPFLAGS += $(ED25519_CPPFLAGS) 28 | endif 29 | 30 | libnoiseprotocol_a_SOURCES = \ 31 | cipherstate.c \ 32 | dhstate.c \ 33 | errors.c \ 34 | handshakestate.c \ 35 | hashstate.c \ 36 | internal.c \ 37 | names.c \ 38 | patterns.c \ 39 | randstate.c \ 40 | signstate.c \ 41 | symmetricstate.c \ 42 | util.c \ 43 | ../backend/ref/dh-curve448.c \ 44 | ../backend/ref/dh-newhope.c \ 45 | ../backend/ref/hash-blake2s.c \ 46 | ../crypto/blake2/blake2s.c \ 47 | ../crypto/curve448/curve448.c \ 48 | ../crypto/goldilocks/src/p448/@GOLDILOCKS_ARCH@/p448.c \ 49 | ../crypto/newhope/batcher.c \ 50 | ../crypto/newhope/error_correction.c \ 51 | ../crypto/newhope/error_correction.h \ 52 | ../crypto/newhope/fips202.c \ 53 | ../crypto/newhope/fips202.h \ 54 | ../crypto/newhope/newhope.c \ 55 | ../crypto/newhope/newhope.h \ 56 | ../crypto/newhope/ntt.c \ 57 | ../crypto/newhope/ntt.h \ 58 | ../crypto/newhope/params.h \ 59 | ../crypto/newhope/poly.c \ 60 | ../crypto/newhope/poly.h \ 61 | ../crypto/newhope/precomp.c \ 62 | ../crypto/newhope/randombytes.h \ 63 | ../crypto/newhope/reduce.c \ 64 | ../crypto/newhope/reduce.h 65 | 66 | if USE_OPENSSL 67 | libnoiseprotocol_a_SOURCES += \ 68 | ../backend/openssl/cipher-aesgcm.c 69 | else !USE_OPENSSL 70 | if USE_LIBSODIUM 71 | libnoiseprotocol_a_SOURCES += \ 72 | ../backend/sodium/cipher-aesgcm.c \ 73 | ../backend/ref/cipher-aesgcm.c 74 | else 75 | libnoiseprotocol_a_SOURCES += \ 76 | ../backend/ref/cipher-aesgcm.c 77 | endif 78 | endif 79 | 80 | if USE_LIBSODIUM 81 | libnoiseprotocol_a_SOURCES += \ 82 | rand_sodium.c \ 83 | ../backend/sodium/cipher-aesgcm.c \ 84 | ../backend/sodium/cipher-chachapoly.c \ 85 | ../backend/sodium/dh-curve25519.c \ 86 | ../backend/sodium/hash-blake2b.c \ 87 | ../backend/sodium/hash-sha256.c \ 88 | ../backend/sodium/hash-sha512.c \ 89 | ../backend/sodium/sign-ed25519.c \ 90 | ../crypto/aes/rijndael-alg-fst.c \ 91 | ../crypto/ghash/ghash.c 92 | else !USE_LIBSODIUM 93 | libnoiseprotocol_a_SOURCES += \ 94 | rand_os.c \ 95 | ../backend/ref/cipher-aesgcm.c \ 96 | ../backend/ref/cipher-chachapoly.c \ 97 | ../backend/ref/dh-curve25519.c \ 98 | ../backend/ref/hash-blake2b.c \ 99 | ../backend/ref/hash-sha256.c \ 100 | ../backend/ref/hash-sha512.c \ 101 | ../backend/ref/sign-ed25519.c \ 102 | ../crypto/aes/rijndael-alg-fst.c \ 103 | ../crypto/blake2/blake2b.c \ 104 | ../crypto/chacha/chacha.c \ 105 | ../crypto/donna/poly1305-donna.c \ 106 | ../crypto/ghash/ghash.c \ 107 | ../crypto/newhope/crypto_stream_chacha20.c \ 108 | ../crypto/newhope/crypto_stream_chacha20.h \ 109 | ../crypto/sha2/sha256.c \ 110 | ../crypto/sha2/sha512.c \ 111 | ../crypto/ed25519/ed25519.c 112 | endif 113 | -------------------------------------------------------------------------------- /src/protocol/internal.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * Copyright (C) 2016 Topology LP. 4 | * 5 | * Permission is hereby granted, free of charge, to any person obtaining a 6 | * copy of this software and associated documentation files (the "Software"), 7 | * to deal in the Software without restriction, including without limitation 8 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 | * and/or sell copies of the Software, and to permit persons to whom the 10 | * Software is furnished to do so, subject to the following conditions: 11 | * 12 | * The above copyright notice and this permission notice shall be included 13 | * in all copies or substantial portions of the Software. 14 | * 15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 16 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 21 | * DEALINGS IN THE SOFTWARE. 22 | */ 23 | 24 | #include "internal.h" 25 | 26 | #if USE_LIBSODIUM 27 | NoiseCipherState *noise_aesgcm_new_sodium(void); 28 | #endif 29 | #if USE_OPENSSL 30 | NoiseCipherState *noise_aesgcm_new_openssl(void); 31 | #else 32 | NoiseCipherState *noise_aesgcm_new_ref(void); 33 | #endif 34 | 35 | /** 36 | * \brief Creates a new AES-GCM CipherState object. 37 | * 38 | * \return A NoiseCipherState for AES-GCM cipher use, or NULL if no such state is available. 39 | */ 40 | NoiseCipherState *noise_aesgcm_new(void) 41 | { 42 | NoiseCipherState *state = 0; 43 | #if USE_LIBSODIUM 44 | if (crypto_aead_aes256gcm_is_available()) 45 | state = noise_aesgcm_new_sodium(); 46 | #endif 47 | #if USE_OPENSSL 48 | if (!state) 49 | state = noise_aesgcm_new_openssl(); 50 | #else 51 | if (!state) 52 | state = noise_aesgcm_new_ref(); 53 | #endif 54 | 55 | return state; 56 | } 57 | 58 | 59 | -------------------------------------------------------------------------------- /src/protocol/rand_sodium.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * Copyright (C) 2016 Topology LP. 4 | * 5 | * Permission is hereby granted, free of charge, to any person obtaining a 6 | * copy of this software and associated documentation files (the "Software"), 7 | * to deal in the Software without restriction, including without limitation 8 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 | * and/or sell copies of the Software, and to permit persons to whom the 10 | * Software is furnished to do so, subject to the following conditions: 11 | * 12 | * The above copyright notice and this permission notice shall be included 13 | * in all copies or substantial portions of the Software. 14 | * 15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 16 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 21 | * DEALINGS IN THE SOFTWARE. 22 | */ 23 | 24 | #if USE_LIBSODIUM 25 | #include 26 | 27 | /** 28 | * \file rand_sodium.c 29 | * \brief Generate random bytes using libsodium 30 | */ 31 | 32 | /** 33 | * \brief Gets cryptographically-strong random bytes from the operating system. 34 | * 35 | * \param bytes The buffer to fill with random bytes. 36 | * \param size The number of random bytes to obtain. 37 | * 38 | * This function should not block waiting for entropy. 39 | * 40 | * \note Not part of the public API. 41 | */ 42 | void noise_rand_bytes(void *bytes, size_t size) 43 | { 44 | randombytes_buf(bytes, size); 45 | } 46 | 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /tests/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | SUBDIRS = unit vector vector-gen performance 3 | -------------------------------------------------------------------------------- /tests/performance/.gitignore: -------------------------------------------------------------------------------- 1 | test-performance 2 | test-performance.exe 3 | -------------------------------------------------------------------------------- /tests/performance/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | noinst_PROGRAMS = test-performance 3 | 4 | test_performance_SOURCES = test-performance.c md5.c 5 | 6 | AM_CPPFLAGS = -I$(top_srcdir)/include 7 | AM_CFLAGS = @WARNING_FLAGS@ 8 | 9 | LDADD = ../../src/protocol/libnoiseprotocol.a 10 | 11 | if USE_LIBSODIUM 12 | AM_CPPFLAGS += -DUSE_LIBSODIUM=1 13 | AM_CFLAGS += $(libsodium_CFLAGS) 14 | LDADD += $(libsodium_LIBS) 15 | endif 16 | 17 | if USE_OPENSSL 18 | AM_CPPFLAGS += -DUSE_OPENSSL=1 19 | AM_CFLAGS += $(openssl_CFLAGS) 20 | LDADD += $(openssl_LIBS) 21 | endif 22 | -------------------------------------------------------------------------------- /tests/performance/md5.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef MD5_h 24 | #define MD5_h 25 | 26 | #include 27 | #include 28 | 29 | #ifdef __cplusplus 30 | extern "C" { 31 | #endif 32 | 33 | typedef struct 34 | { 35 | uint32_t h[4]; 36 | uint8_t m[64]; 37 | uint64_t length; 38 | uint8_t posn; 39 | 40 | } md5_context_t; 41 | 42 | void md5_reset(md5_context_t *context); 43 | void md5_update(md5_context_t *context, const void *data, size_t size); 44 | void md5_finish(md5_context_t *context, uint8_t *hash); 45 | 46 | #ifdef __cplusplus 47 | }; 48 | #endif 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /tests/unit/.gitignore: -------------------------------------------------------------------------------- 1 | test-noise 2 | *.exe 3 | -------------------------------------------------------------------------------- /tests/unit/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | noinst_PROGRAMS = test-noise 3 | 4 | test_noise_SOURCES = \ 5 | test-cipherstate.c \ 6 | test-dhstate.c \ 7 | test-errors.c \ 8 | test-handshakestate.c \ 9 | test-hashstate.c \ 10 | test-main.c \ 11 | test-names.c \ 12 | test-patterns.c \ 13 | test-protobufs.c \ 14 | test-randstate.c \ 15 | test-signstate.c \ 16 | test-symmetricstate.c 17 | 18 | AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src 19 | AM_CFLAGS = @WARNING_FLAGS@ 20 | 21 | LDADD = ../../src/keys/libnoisekeys.a \ 22 | ../../src/protobufs/libnoiseprotobufs.a \ 23 | ../../src/protocol/libnoiseprotocol.a 24 | 25 | check-local: 26 | ./test-noise 27 | 28 | if USE_LIBSODIUM 29 | AM_CPPFLAGS += -DUSE_LIBSODIUM=1 30 | AM_CFLAGS += $(libsodium_CFLAGS) 31 | LDADD += $(libsodium_LIBS) 32 | endif 33 | 34 | if USE_OPENSSL 35 | AM_CPPFLAGS += -DUSE_OPENSSL=1 36 | AM_CFLAGS += $(openssl_CFLAGS) 37 | LDADD += $(openssl_LIBS) 38 | endif 39 | -------------------------------------------------------------------------------- /tests/unit/test-main.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #include "test-helpers.h" 24 | 25 | int test_count = 0; 26 | int test_failures = 0; 27 | jmp_buf test_jump_back; 28 | const char *data_name = 0; 29 | int verbose = 0; 30 | 31 | int main(int argc, char *argv[]) 32 | { 33 | /* Parse the command-line arguments */ 34 | if (argc > 1 && !strcmp(argv[1], "--verbose")) 35 | verbose = 1; 36 | 37 | if (noise_init() != NOISE_ERROR_NONE) { 38 | fprintf(stderr, "Noise initialization failed\n"); 39 | return 1; 40 | } 41 | 42 | /* Run all tests */ 43 | test(cipherstate); 44 | test(dhstate); 45 | test(errors); 46 | test(handshakestate); 47 | test(hashstate); 48 | test(names); 49 | test(patterns); 50 | test(protobufs); 51 | test(randstate); 52 | test(signstate); 53 | test(symmetricstate); 54 | 55 | /* Report the results */ 56 | if (!test_failures) { 57 | printf("All tests succeeded\n"); 58 | } else { 59 | printf("%d test%s failed\n", test_failures, test_failures == 1 ? "" : "s"); 60 | } 61 | return test_failures ? 1 : 0; 62 | } 63 | 64 | static int from_hex(char ch) 65 | { 66 | if (ch >= '0' && ch <= '9') 67 | return ch - '0'; 68 | else if (ch >= 'A' && ch <= 'F') 69 | return ch - 'A' + 10; 70 | else if (ch >= 'a' && ch <= 'f') 71 | return ch - 'a' + 10; 72 | verify(0); 73 | return 0; 74 | } 75 | 76 | size_t string_to_data(uint8_t *data, size_t max_len, const char *str) 77 | { 78 | size_t len; 79 | if (str[0] == '0' && str[1] == 'x') { 80 | /* Hexadecimal string */ 81 | len = 0; 82 | str += 2; 83 | while (str[0] != '\0') { 84 | if (str[0] == ' ') { 85 | /* Skip spaces in the hexadecimal string */ 86 | ++str; 87 | continue; 88 | } 89 | verify(str[1] != '\0'); 90 | verify(len < max_len); 91 | data[len++] = from_hex(str[0]) * 16 + from_hex(str[1]); 92 | str += 2; 93 | } 94 | return len; 95 | } else { 96 | /* ASCII string */ 97 | len = strlen(str); 98 | verify(len <= max_len); 99 | memcpy(data, str, len); 100 | return len; 101 | } 102 | } 103 | 104 | void print_block(const char *tag, const uint8_t *data, size_t size) 105 | { 106 | printf("%s:", tag); 107 | while (size > 0) { 108 | printf(" %02x", *data); 109 | ++data; 110 | --size; 111 | } 112 | printf("\n"); 113 | } 114 | -------------------------------------------------------------------------------- /tests/vector-gen/.gitignore: -------------------------------------------------------------------------------- 1 | vector-gen 2 | vector-gen.exe 3 | -------------------------------------------------------------------------------- /tests/vector-gen/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | noinst_PROGRAMS = vector-gen 3 | 4 | vector_gen_SOURCES = \ 5 | vector-gen.c \ 6 | simple-cipherstate.h \ 7 | simple-cipherstate.c \ 8 | simple-handshakestate.h \ 9 | simple-handshakestate.c \ 10 | simple-symmetricstate.h \ 11 | simple-symmetricstate.c 12 | 13 | AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src/protocol 14 | AM_CFLAGS = @WARNING_FLAGS@ 15 | 16 | LDADD = ../../src/protocol/libnoiseprotocol.a 17 | 18 | if USE_LIBSODIUM 19 | AM_CPPFLAGS += -DUSE_LIBSODIUM=1 20 | AM_CFLAGS += $(libsodium_CFLAGS) 21 | LDADD += $(libsodium_LIBS) 22 | endif 23 | 24 | if USE_OPENSSL 25 | AM_CPPFLAGS += -DUSE_OPENSSL=1 26 | AM_CFLAGS += $(openssl_CFLAGS) 27 | LDADD += $(openssl_LIBS) 28 | endif 29 | -------------------------------------------------------------------------------- /tests/vector-gen/README: -------------------------------------------------------------------------------- 1 | 2 | This directory contains a very simple implementation of the Noise 3 | protocol independent of that in the library's SymmetricState and 4 | HandshakeState objects. It is used to cross-check the smarter 5 | versions in the library. 6 | 7 | We assume that the CipherState, DHState, and HashState implementations 8 | in the library work correctly as basic low-level primitives. 9 | 10 | This simple implementation is not very efficient, is not very strict 11 | about checking buffer lengths, and has a limited packet size. It is not 12 | recommended for any purpose except offline generation of test vectors. 13 | -------------------------------------------------------------------------------- /tests/vector-gen/simple-cipherstate.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #include "simple-cipherstate.h" 24 | #include 25 | #include 26 | #include 27 | 28 | void CipherState_new(CipherState *cipher, int id) 29 | { 30 | int err; 31 | cipher->state = 0; 32 | err = noise_cipherstate_new_by_id(&(cipher->state), id); 33 | if (err != NOISE_ERROR_NONE) { 34 | noise_perror("CipherState_new", err); 35 | exit(1); 36 | } 37 | } 38 | 39 | void CipherState_free(CipherState *cipher) 40 | { 41 | noise_cipherstate_free(cipher->state); 42 | cipher->state = 0; 43 | } 44 | 45 | void InitializeKey(CipherState *cipher, const uint8_t *key, size_t key_len) 46 | { 47 | if (key_len != 0) { 48 | int err = noise_cipherstate_init_key(cipher->state, key, key_len); 49 | if (err != NOISE_ERROR_NONE) { 50 | noise_perror("InitializeKey", err); 51 | exit(1); 52 | } 53 | } 54 | } 55 | 56 | int HasKey(const CipherState *cipher) 57 | { 58 | return noise_cipherstate_has_key(cipher->state); 59 | } 60 | 61 | Buffer EncryptWithAd(CipherState *cipher, const Buffer ad, const Buffer plaintext) 62 | { 63 | Buffer result; 64 | NoiseBuffer buf; 65 | int err; 66 | memcpy(result.data, plaintext.data, plaintext.size); 67 | result.size = plaintext.size; 68 | noise_buffer_set_inout(buf, result.data, result.size, sizeof(result.data)); 69 | err = noise_cipherstate_encrypt_with_ad 70 | (cipher->state, ad.data, ad.size, &buf); 71 | if (err != NOISE_ERROR_NONE) { 72 | noise_perror("EncryptWithAd", err); 73 | exit(1); 74 | } 75 | result.size = buf.size; 76 | return result; 77 | } 78 | 79 | int DecryptWithAd(CipherState *cipher, const Buffer ad, const Buffer ciphertext, Buffer *result) 80 | { 81 | NoiseBuffer buf; 82 | int err; 83 | memcpy(result->data, ciphertext.data, ciphertext.size); 84 | result->size = ciphertext.size; 85 | noise_buffer_set_inout(buf, result->data, result->size, sizeof(result->data)); 86 | err = noise_cipherstate_decrypt_with_ad 87 | (cipher->state, ad.data, ad.size, &buf); 88 | if (err == NOISE_ERROR_MAC_FAILURE) { 89 | result->size = 0; 90 | return 0; 91 | } else if (err != NOISE_ERROR_NONE) { 92 | noise_perror("DecryptWithAd", err); 93 | exit(1); 94 | } else { 95 | result->size = buf.size; 96 | } 97 | return 1; 98 | } 99 | -------------------------------------------------------------------------------- /tests/vector-gen/simple-cipherstate.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef __SIMPLE_CIPHERSTATE_H__ 24 | #define __SIMPLE_CIPHERSTATE_H__ 25 | 26 | #include 27 | 28 | #define MAX_BUFLEN 4096 29 | 30 | typedef struct 31 | { 32 | uint8_t data[MAX_BUFLEN]; 33 | size_t size; 34 | 35 | } Buffer; 36 | 37 | typedef struct 38 | { 39 | NoiseCipherState *state; 40 | 41 | } CipherState; 42 | 43 | void CipherState_new(CipherState *cipher, int id); 44 | void CipherState_free(CipherState *cipher); 45 | void InitializeKey(CipherState *cipher, const uint8_t *key, size_t key_len); 46 | int HasKey(const CipherState *cipher); 47 | Buffer EncryptWithAd(CipherState *cipher, const Buffer ad, const Buffer plaintext); 48 | int DecryptWithAd(CipherState *cipher, const Buffer ad, const Buffer ciphertext, Buffer *result); 49 | 50 | #endif 51 | -------------------------------------------------------------------------------- /tests/vector-gen/simple-handshakestate.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef __SIMPLE_HANDSHAKESTATE_H__ 24 | #define __SIMPLE_HANDSHAKESTATE_H__ 25 | 26 | #include "simple-symmetricstate.h" 27 | 28 | #define MAX_DH_KEY_LEN 2048 29 | #define MAX_PSK_LEN 32 30 | 31 | #define ACTION_NONE 0 32 | #define ACTION_READ 1 33 | #define ACTION_WRITE 2 34 | #define ACTION_SPLIT 3 35 | #define ACTION_FAILED 4 36 | 37 | typedef struct 38 | { 39 | SymmetricState symmetric; 40 | NoiseDHState *dh_private; 41 | NoiseDHState *dh_public; 42 | NoiseDHState *hybrid_private; 43 | NoiseDHState *hybrid_public; 44 | uint8_t s[MAX_DH_KEY_LEN]; 45 | size_t s_len; 46 | uint8_t s_public[MAX_DH_KEY_LEN]; 47 | size_t s_public_len; 48 | uint8_t e[MAX_DH_KEY_LEN]; 49 | size_t e_len; 50 | uint8_t e_public[MAX_DH_KEY_LEN]; 51 | size_t e_public_len; 52 | uint8_t f[MAX_DH_KEY_LEN]; 53 | size_t f_len; 54 | uint8_t f_public[MAX_DH_KEY_LEN]; 55 | size_t f_public_len; 56 | uint8_t rs[MAX_DH_KEY_LEN]; 57 | size_t rs_len; 58 | uint8_t re[MAX_DH_KEY_LEN]; 59 | size_t re_len; 60 | uint8_t rf[MAX_DH_KEY_LEN]; 61 | size_t rf_len; 62 | uint8_t psk[MAX_PSK_LEN]; 63 | size_t psk_len; 64 | int action; 65 | const uint8_t *pattern; 66 | int is_initiator; 67 | 68 | } HandshakeState; 69 | 70 | void HandshakeState_new(HandshakeState *handshake); 71 | void HandshakeState_free(HandshakeState *handshake); 72 | void Initialize(HandshakeState *handshake, const char *protocol_name, 73 | int is_initiator, int is_fallback, 74 | const uint8_t *prologue, size_t prologue_len, 75 | const uint8_t *s, size_t s_len, 76 | const uint8_t *e, size_t e_len, 77 | const uint8_t *f, size_t f_len, 78 | const uint8_t *rs, size_t rs_len, 79 | const uint8_t *re, size_t re_len, 80 | const uint8_t *rf, size_t rf_len, 81 | const uint8_t *psk, size_t psk_len); 82 | int WriteMessage(HandshakeState *handshake, const Buffer payload, Buffer *message); 83 | int ReadMessage(HandshakeState *handshake, const Buffer message, Buffer *payload); 84 | 85 | #endif 86 | -------------------------------------------------------------------------------- /tests/vector-gen/simple-symmetricstate.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef __SIMPLE_SYMMETRICSTATE_H__ 24 | #define __SIMPLE_SYMMETRICSTATE_H__ 25 | 26 | #include "simple-cipherstate.h" 27 | 28 | #define MAX_HASHLEN 64 29 | 30 | typedef struct 31 | { 32 | CipherState cipher; 33 | NoiseHashState *hash; 34 | uint8_t ck[MAX_HASHLEN]; 35 | uint8_t h[MAX_HASHLEN]; 36 | size_t hash_len; 37 | 38 | } SymmetricState; 39 | 40 | void SymmetricState_new(SymmetricState *symmetric); 41 | void SymmetricState_free(SymmetricState *symmetric); 42 | void InitializeSymmetric(SymmetricState *symmetric, const char *protocol_name); 43 | void MixKey(SymmetricState *symmetric, const uint8_t *data, size_t len); 44 | void MixHash(SymmetricState *symmetric, const uint8_t *data, size_t len); 45 | Buffer EncryptAndHash(SymmetricState *symmetric, const Buffer plaintext); 46 | int DecryptAndHash(SymmetricState *symmetric, const Buffer ciphertext, Buffer *result); 47 | void Split(SymmetricState *symmetric, const Buffer ssk, CipherState *c1, CipherState *c2); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /tests/vector/.gitignore: -------------------------------------------------------------------------------- 1 | test-vector 2 | *.exe 3 | -------------------------------------------------------------------------------- /tests/vector/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | noinst_PROGRAMS = test-vector 3 | 4 | test_vector_SOURCES = test-vector.c json-reader.c 5 | 6 | AM_CPPFLAGS = -I$(top_srcdir)/include 7 | AM_CFLAGS = @WARNING_FLAGS@ 8 | 9 | LDADD = ../../src/protocol/libnoiseprotocol.a 10 | 11 | VECTORS = \ 12 | $(srcdir)/cacophony.txt \ 13 | $(srcdir)/noise-c-basic.txt \ 14 | $(srcdir)/noise-c-fallback.txt \ 15 | $(srcdir)/noise-c-hybrid.txt 16 | 17 | check-local: 18 | ./test-vector $(VECTORS) 19 | 20 | EXTRA_DIST = $(VECTORS) 21 | 22 | if USE_LIBSODIUM 23 | AM_CPPFLAGS += -DUSE_LIBSODIUM=1 24 | AM_CFLAGS += $(libsodium_CFLAGS) 25 | LDADD += $(libsodium_LIBS) 26 | endif 27 | 28 | if USE_OPENSSL 29 | AM_CPPFLAGS += -DUSE_OPENSSL=1 30 | AM_CFLAGS += $(openssl_CFLAGS) 31 | LDADD += $(openssl_LIBS) 32 | endif 33 | -------------------------------------------------------------------------------- /tests/vector/json-reader.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef JSON_READER_H 24 | #define JSON_READER_H 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | 32 | #ifdef __cplusplus 33 | extern "C" { 34 | #endif 35 | 36 | /** 37 | * \brief Token codes. 38 | */ 39 | typedef enum 40 | { 41 | JSON_TOKEN_START, /**< Still at the start, need to read first token */ 42 | JSON_TOKEN_STRING, /**< Quoted string */ 43 | JSON_TOKEN_NUMBER, /**< Numeric value */ 44 | JSON_TOKEN_NULL, /**< "null" */ 45 | JSON_TOKEN_TRUE, /**< "true" */ 46 | JSON_TOKEN_FALSE, /**< "false" */ 47 | JSON_TOKEN_LBRACE, /**< "{" */ 48 | JSON_TOKEN_RBRACE, /**< "}" */ 49 | JSON_TOKEN_LSQUARE, /**< "[" */ 50 | JSON_TOKEN_RSQUARE, /**< "]" */ 51 | JSON_TOKEN_COMMA, /**< "," */ 52 | JSON_TOKEN_COLON, /**< ":" */ 53 | JSON_TOKEN_END /**< End of stream or error */ 54 | 55 | } JSONToken; 56 | 57 | /** 58 | * \brief State information for JSON readers. 59 | */ 60 | typedef struct 61 | { 62 | FILE *stream; /**< Input stream to read from */ 63 | JSONToken token; /**< Current token type */ 64 | char *str_value; /**< String value for the current token */ 65 | const char *filename; /**< Name of the file being read from */ 66 | long line_number; /**< Current line number in the file */ 67 | int saw_eof; /**< Non-zero if already seen EOF */ 68 | int errors; /**< Non-zero if errors seen during parsing */ 69 | 70 | } JSONReader; 71 | 72 | void json_init(JSONReader *reader, const char *filename, FILE *stream); 73 | void json_free(JSONReader *reader); 74 | JSONToken json_next_token(JSONReader *reader); 75 | int json_is_name(JSONReader *reader, const char *name); 76 | void json_error(JSONReader *reader, const char *format, ...); 77 | void json_error_on_line(JSONReader *reader, long line, const char *format, ...); 78 | 79 | #ifdef __cplusplus 80 | }; 81 | #endif 82 | 83 | #endif 84 | -------------------------------------------------------------------------------- /tools/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | SUBDIRS = keytool protoc 3 | -------------------------------------------------------------------------------- /tools/keytool/.gitignore: -------------------------------------------------------------------------------- 1 | noise-keytool 2 | noise-keytool.exe 3 | -------------------------------------------------------------------------------- /tools/keytool/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | bin_PROGRAMS = noise-keytool 3 | 4 | noise_keytool_SOURCES = \ 5 | generate.c \ 6 | keytool.c \ 7 | show.c \ 8 | sign.c 9 | 10 | AM_CPPFLAGS = -I$(top_srcdir)/include 11 | AM_CFLAGS = @WARNING_FLAGS@ 12 | 13 | LDADD = ../../src/keys/libnoisekeys.a \ 14 | ../../src/protobufs/libnoiseprotobufs.a \ 15 | ../../src/protocol/libnoiseprotocol.a 16 | 17 | if USE_LIBSODIUM 18 | AM_CPPFLAGS += -DUSE_LIBSODIUM=1 19 | AM_CFLAGS += $(libsodium_CFLAGS) 20 | LDADD += $(libsodium_LIBS) 21 | endif 22 | 23 | if USE_OPENSSL 24 | AM_CPPFLAGS += -DUSE_OPENSSL=1 25 | AM_CFLAGS += $(openssl_CFLAGS) 26 | LDADD += $(openssl_LIBS) 27 | endif 28 | -------------------------------------------------------------------------------- /tools/keytool/keytool.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 3 | * 4 | * Permission is hereby granted, free of charge, to any person obtaining a 5 | * copy of this software and associated documentation files (the "Software"), 6 | * to deal in the Software without restriction, including without limitation 7 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 8 | * and/or sell copies of the Software, and to permit persons to whom the 9 | * Software is furnished to do so, subject to the following conditions: 10 | * 11 | * The above copyright notice and this permission notice shall be included 12 | * in all copies or substantial portions of the Software. 13 | * 14 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 15 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 16 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 17 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 18 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 19 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 20 | * DEALINGS IN THE SOFTWARE. 21 | */ 22 | 23 | #ifndef __KEYTOOL_H__ 24 | #define __KEYTOOL_H__ 25 | 26 | #include 27 | #include 28 | #include 29 | #include 30 | #include 31 | #include 32 | #include 33 | 34 | void help_generate(const char *progname); 35 | void help_show(const char *progname); 36 | void help_sign(const char *progname); 37 | 38 | int main_generate(const char *progname, int argc, char *argv[]); 39 | int main_show(const char *progname, int argc, char *argv[]); 40 | int main_sign(const char *progname, int argc, char *argv[]); 41 | 42 | void report_error(const char *file, long line, int err); 43 | 44 | char *ask_for_passphrase(int confirm); 45 | 46 | #define CHECK_ERROR(code) \ 47 | do { \ 48 | int err = (code); \ 49 | if (err != NOISE_ERROR_NONE) { \ 50 | report_error(__FILE__, __LINE__, err); \ 51 | retval = 1; \ 52 | goto cleanup; \ 53 | } \ 54 | } while (0) 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /tools/protoc/.gitignore: -------------------------------------------------------------------------------- 1 | proto3-grammar.c 2 | proto3-grammar.h 3 | proto3-lexer.c 4 | noise-protoc 5 | noise-protoc.exe 6 | -------------------------------------------------------------------------------- /tools/protoc/Makefile.am: -------------------------------------------------------------------------------- 1 | 2 | bin_PROGRAMS = noise-protoc 3 | 4 | BUILT_SOURCES = proto3-grammar.h 5 | 6 | noise_protoc_SOURCES = \ 7 | main.c \ 8 | proto3-ast.c \ 9 | proto3-generate-c.c \ 10 | proto3-grammar.y \ 11 | proto3-lexer.l 12 | 13 | AM_CFLAGS = @WARNING_FLAGS@ 14 | AM_YFLAGS = -d 15 | 16 | CLEANFILES = proto3-grammar.c proto3-grammar.h proto3-lexer.c 17 | 18 | EXTRA_DIST = test.proto 19 | -------------------------------------------------------------------------------- /tools/protoc/proto3-lexer.l: -------------------------------------------------------------------------------- 1 | %{ 2 | /* 3 | * Copyright (C) 2016 Southern Storm Software, Pty Ltd. 4 | * 5 | * Permission is hereby granted, free of charge, to any person obtaining a 6 | * copy of this software and associated documentation files (the "Software"), 7 | * to deal in the Software without restriction, including without limitation 8 | * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 | * and/or sell copies of the Software, and to permit persons to whom the 10 | * Software is furnished to do so, subject to the following conditions: 11 | * 12 | * The above copyright notice and this permission notice shall be included 13 | * in all copies or substantial portions of the Software. 14 | * 15 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 16 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 20 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 21 | * DEALINGS IN THE SOFTWARE. 22 | */ 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | #include "proto3-ast.h" 29 | #include "proto3-grammar.h" 30 | 31 | #define YY_NO_INPUT 32 | 33 | %} 34 | 35 | %option noyywrap nounput 36 | 37 | ID [a-zA-Z][a-zA-Z_0-9]* 38 | NUMBER [0-9]+ 39 | WHITE [ \t\v\r]+ 40 | QUOTE ["] 41 | STRCHAR [^"\n] 42 | 43 | %% 44 | 45 | "syntax" { return K_SYNTAX; } 46 | "message" { return K_MESSAGE; } 47 | "repeated" { return K_REPEATED; } 48 | "required" { return K_REQUIRED; } 49 | "optional" { return K_OPTIONAL; } 50 | "reserved" { return K_RESERVED; } 51 | "to" { return K_TO; } 52 | "enum" { return K_ENUM; } 53 | "option" { return K_OPTION; } 54 | "import" { return K_IMPORT; } 55 | "public" { return K_PUBLIC; } 56 | "map" { return K_MAP; } 57 | "package" { return K_PACKAGE; } 58 | "double" { return K_DOUBLE; } 59 | "float" { return K_FLOAT; } 60 | "int32" { return K_INT32; } 61 | "int64" { return K_INT64; } 62 | "uint32" { return K_UINT32; } 63 | "uint64" { return K_UINT64; } 64 | "sint32" { return K_SINT32; } 65 | "sint64" { return K_SINT64; } 66 | "fixed32" { return K_FIXED32; } 67 | "fixed64" { return K_FIXED64; } 68 | "sfixed32" { return K_SFIXED32; } 69 | "sfixed64" { return K_SFIXED64; } 70 | "bool" { return K_BOOL; } 71 | "string" { return K_STRING; } 72 | "bytes" { return K_BYTES; } 73 | "true" { return K_TRUE; } 74 | "false" { return K_FALSE; } 75 | 76 | {ID} { 77 | yylval.name = proto3_basic_name(yytext); 78 | return K_IDENTIFIER; 79 | } 80 | {NUMBER} { 81 | yylval.number = strtoull(yytext, NULL, 10); 82 | return K_NUMBER; 83 | } 84 | 85 | {QUOTE}{STRCHAR}*{QUOTE} { 86 | size_t len = strlen(yytext) - 2; 87 | yylval.name = proto3_string(yytext + 1, len); 88 | return K_STRING_LITERAL; 89 | } 90 | 91 | {WHITE} ; 92 | 93 | \n { ++yylloc.first_line; } 94 | 95 | "//".*\n { ++yylloc.first_line; } 96 | 97 | . { return yytext[0]; } 98 | 99 | %% 100 | -------------------------------------------------------------------------------- /tools/protoc/test.proto: -------------------------------------------------------------------------------- 1 | 2 | // Test protobuf definition that has one of everything. 3 | 4 | syntax="proto3"; 5 | 6 | message BasicFields { 7 | int32 f_int32 = 1; 8 | uint32 f_uint32 = 2; 9 | int64 f_int64 = 3; 10 | uint64 f_uint64 = 4; 11 | sint32 f_sint32 = 5; 12 | sint64 f_sint64 = 6; 13 | fixed32 f_fixed32 = 7; 14 | sfixed32 f_sfixed32 = 8; 15 | fixed64 f_fixed64 = 9; 16 | sfixed64 f_sfixed64 = 10; 17 | float f_float = 11; 18 | double f_double = 12; 19 | bool f_bool = 13; 20 | string f_string = 14; 21 | bytes f_bytes = 15; 22 | Object f_object = 16; 23 | } 24 | 25 | message RepeatedFields { 26 | repeated int32 f_int32 = 1; 27 | repeated uint32 f_uint32 = 2; 28 | repeated int64 f_int64 = 3; 29 | repeated uint64 f_uint64 = 4; 30 | repeated sint32 f_sint32 = 5; 31 | repeated sint64 f_sint64 = 6; 32 | repeated fixed32 f_fixed32 = 7; 33 | repeated sfixed32 f_sfixed32 = 8; 34 | repeated fixed64 f_fixed64 = 9; 35 | repeated sfixed64 f_sfixed64 = 10; 36 | repeated float f_float = 11; 37 | repeated double f_double = 12; 38 | repeated bool f_bool = 13; 39 | repeated string f_string = 14; 40 | repeated bytes f_bytes = 15; 41 | repeated Object f_object = 16; 42 | } 43 | 44 | message RepeatedFieldsUnpacked { 45 | repeated int32 f_int32 = 1 [packed=false]; 46 | repeated uint32 f_uint32 = 2 [packed=false]; 47 | repeated int64 f_int64 = 3 [packed=false]; 48 | repeated uint64 f_uint64 = 4 [packed=false]; 49 | repeated sint32 f_sint32 = 5 [packed=false]; 50 | repeated sint64 f_sint64 = 6 [packed=false]; 51 | repeated fixed32 f_fixed32 = 7 [packed=false]; 52 | repeated sfixed32 f_sfixed32 = 8 [packed=false]; 53 | repeated fixed64 f_fixed64 = 9 [packed=false]; 54 | repeated sfixed64 f_sfixed64 = 10 [packed=false]; 55 | repeated float f_float = 11 [packed=false]; 56 | repeated double f_double = 12 [packed=false]; 57 | repeated bool f_bool = 13 [packed=false]; 58 | repeated string f_string = 14 [packed=false]; 59 | repeated bytes f_bytes = 15 [packed=false]; 60 | repeated Object f_object = 16 [packed=false]; 61 | } 62 | 63 | message RequiredFields { 64 | required int32 f_int32 = 1; 65 | required uint32 f_uint32 = 2; 66 | required int64 f_int64 = 3; 67 | required uint64 f_uint64 = 4; 68 | required sint32 f_sint32 = 5; 69 | required sint64 f_sint64 = 6; 70 | required fixed32 f_fixed32 = 7; 71 | required sfixed32 f_sfixed32 = 8; 72 | required fixed64 f_fixed64 = 9; 73 | required sfixed64 f_sfixed64 = 10; 74 | required float f_float = 11; 75 | required double f_double = 12; 76 | required bool f_bool = 13; 77 | required string f_string = 14; 78 | required bytes f_bytes = 15; 79 | required Object f_object = 16; 80 | } 81 | 82 | message Object { 83 | int32 x = 1; 84 | } 85 | 86 | enum Enum { 87 | Default = 0; 88 | Enum1 = 1; 89 | Enum2 = 2; 90 | } 91 | --------------------------------------------------------------------------------