├── .gitignore ├── .gitmodules ├── LICENSE ├── README.md ├── ames ├── ames.go ├── ames_test.go ├── connection.go └── connection_test.go ├── argon2u ├── argon2u.go └── argon2u_test.go ├── go.mod ├── go.sum ├── noun ├── mug.go ├── mug_test.go ├── noun.go ├── noun_test.go ├── ob.go └── ob_test.go ├── urbit.go.png └── urcrypt ├── .gitignore ├── Makefile.am ├── README.md ├── argon2 ├── Argon2.sln ├── CHANGELOG.md ├── LICENSE ├── README.md ├── argon2-specs.pdf ├── include │ └── argon2.h ├── kats │ ├── argon2d │ ├── argon2d.shasum │ ├── argon2d_v16 │ ├── argon2d_v16.shasum │ ├── argon2i │ ├── argon2i.shasum │ ├── argon2i_v16 │ ├── argon2i_v16.shasum │ ├── argon2id │ ├── argon2id.shasum │ ├── argon2id_v16 │ ├── argon2id_v16.shasum │ ├── check-sums.ps1 │ ├── check-sums.sh │ ├── test.ps1 │ └── test.sh ├── man │ └── argon2.1 ├── meson.build ├── src │ ├── argon2.c │ ├── bench.c │ ├── blake2 │ │ ├── blake2-impl.h │ │ ├── blake2.h │ │ ├── blake2b.c │ │ ├── blamka-round-opt.h │ │ └── blamka-round-ref.h │ ├── core.c │ ├── core.h │ ├── encoding.c │ ├── encoding.h │ ├── genkat.c │ ├── genkat.h │ ├── opt.c │ ├── ref.c │ ├── run.c │ ├── test.c │ ├── thread.c │ └── thread.h └── vs2015 │ ├── Argon2Opt │ ├── Argon2Opt.vcxproj │ └── Argon2Opt.vcxproj.filters │ ├── Argon2OptBench │ ├── Argon2OptBench.vcxproj │ └── Argon2OptBench.vcxproj.filters │ ├── Argon2OptDll │ ├── Argon2OptDll.vcxproj │ └── Argon2OptDll.vcxproj.filters │ ├── Argon2OptGenKAT │ ├── Argon2OptGenKAT.vcxproj │ └── Argon2OptGenKAT.vcxproj.filters │ ├── Argon2OptTestCI │ ├── Argon2OptTestCI.vcxproj │ └── Argon2OptTestCI.vcxproj.filters │ ├── Argon2Ref │ ├── Argon2Ref.vcxproj │ └── Argon2Ref.vcxproj.filters │ ├── Argon2RefBench │ ├── Argon2RefBench.vcxproj │ └── Argon2RefBench.vcxproj.filters │ ├── Argon2RefDll │ ├── Argon2RefDll.vcxproj │ └── Argon2RefDll.vcxproj.filters │ ├── Argon2RefGenKAT │ ├── Argon2RefGenKAT.vcxproj │ └── Argon2RefGenKAT.vcxproj.filters │ └── Argon2RefTestCI │ ├── Argon2RefTestCI.vcxproj │ └── Argon2RefTestCI.vcxproj.filters ├── autogen.sh ├── build-aux └── m4 │ └── .gitkeep ├── config.h ├── configure.ac ├── ed25519 ├── license.txt ├── readme.md ├── src │ ├── add_scalar.c │ ├── ed25519.h │ ├── fe.c │ ├── fe.h │ ├── fixedint.h │ ├── ge.c │ ├── ge.h │ ├── key_exchange.c │ ├── keypair.c │ ├── precomp_data.h │ ├── sc.c │ ├── sc.h │ ├── seed.c │ ├── sha512.c │ ├── sha512.h │ ├── sign.c │ └── verify.c └── test.c ├── ge-additions ├── LICENSE ├── README.md ├── ge-additions.c └── ge-additions.h ├── keccak-tiny ├── .clang-format ├── .gitignore ├── README.markdown ├── define-macros.h ├── do.sh ├── keccak-tiny-unrolled.c ├── keccak-tiny.c ├── keccak-tiny.h ├── keccak-tiny.pri └── simple_do.sh ├── liburcrypt.pc.in ├── scrypt ├── .gitignore ├── LICENSE ├── README.md ├── b64.c ├── b64.h ├── crypto-mcf.c ├── crypto-scrypt-saltgen.c ├── crypto_scrypt-check.c ├── crypto_scrypt-hash.c ├── crypto_scrypt-hexconvert.c ├── crypto_scrypt-hexconvert.h ├── crypto_scrypt-nosse.c ├── libscrypt.h ├── libscrypt.version ├── main.c ├── sha256.c ├── sha256.h ├── slowequals.c ├── slowequals.h └── sysendian.h ├── shell.nix ├── urcrypt.go ├── urcrypt ├── aes_cbc.c ├── aes_ecb.c ├── aes_siv.c ├── argon.c ├── ed25519.c ├── ge_additions.c ├── keccak.c ├── ripemd.c ├── scrypt.c ├── secp256k1.c ├── sha.c ├── urcrypt.h ├── util.c └── util.h └── urcrypt_test.go /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | output 3 | .libs 4 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "argon2u/argon2"] 2 | path = argon2u/argon2 3 | url = git@github.com:urbit/argon2.git 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2022 Steve Lacy 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # go-urbit 2 | > golang interface for Urbit 3 | 4 | [![GoDoc](https://godoc.org/github.com/stevelacy/go-urbit?status.svg)](https://godoc.org/github.com/stevelacy/go-urbit) 5 | 6 | ![urbit example](./urbit.go.png) 7 | 8 | Allows golang applications running as moons to connect to urbit ships over ames. 9 | 10 | This can be used by any unix host, including deployed services and IoT projects. 11 | 12 | 13 | ## Ames 14 | 15 | ### Usage 16 | 17 | > Note: each running app _must_ have it's own moon identity. Running on kubernetes or other systems with more than 1 replica per identity will result in odd behavior. 18 | 19 | In your Urbit dojo generate a new moon for each connection. The output is the secret key in `@ux` encoding. 20 | ``` 21 | dojo> |moon 22 | ~tabber-finlur-litryl-tadmev 23 | 0wnXJXi.~OJWk.4aDRR.....1NEMq.p-00s.2w7U1 24 | ``` 25 | Convert the key to hex with `` `@ux` `` as follows: 26 | ``` 27 | dojo> `@ux`0wnXJXi.~OJWk.4aDRR.....1NEMq.p-00s.2w7U1 28 | 0x17.eede.d2ff.2b7a.........1022.001c.68c1.a67e.0007.0280.7e01 29 | ``` 30 | 31 | The output value is the seed, or secret key, for your newly created moon. 32 | 33 | #### New connection 34 | 35 | ```go 36 | func main() { 37 | seed := "the hex seed" 38 | 39 | onPacket := func(c *Connection, pkt Packet) { 40 | fmt.Println("ames OnPacket", pkt.Data) 41 | } 42 | 43 | ames, err := NewAmes(seed, onPacket) 44 | if err != nil { 45 | panic(err) 46 | } 47 | 48 | to := "~your-planet" 49 | connection, err := ames.Connect(to) 50 | if err != nil { 51 | panic(err) 52 | } 53 | 54 | _, err := connection.Request([]string{"ge", "hood"}, "helm-hi", noun.MakeNoun("it works!")) 55 | 56 | if err != nil { 57 | panic(err) 58 | } 59 | } 60 | ``` 61 | 62 | 63 | ## Noun 64 | 65 | Most of the common urbit noun functions are available in the `go-urbit/noun` package 66 | 67 | ```go 68 | import ( 69 | "github.com/stevelacy/go-urbit/noun" 70 | ) 71 | 72 | func main() { 73 | n := noun.MakeNoun("string", 1234) 74 | fmt.Println(n) 75 | } 76 | 77 | ``` 78 | 79 | 80 | ### Installation 81 | > Tested on macos M1 82 | 83 | 84 | ``` 85 | brew install openssl pkg-config 86 | ``` 87 | 88 | ``` 89 | git clone git@github.com:bitcoin-core/secp256k1.git 90 | cd secp256k1 91 | ./autogen.sh 92 | ./configure --enable-module-recovery --enable-module-extrakeys --enable-module-schnorrsig 93 | 94 | make 95 | sudo make install 96 | 97 | ``` 98 | 99 | If on macos M1 100 | ``` 101 | export PATH="/opt/homebrew/opt/openssl@3/bin:$PATH" 102 | export CPPFLAGS="-I/opt/homebrew/opt/openssl@3/include -I/usr/local/include" 103 | export LDFLAGS="-L/opt/homebrew/opt/openssl@3/lib -L/Library/Developer/CommandLineTools/SDKs/MacOSX.sdk/usr/lib -L/usr/local/lib/" 104 | export SDKROOT="/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk" 105 | export PKG_CONFIG_PATH="/opt/homebrew/opt/openssl@3/lib/pkgconfig" 106 | 107 | 108 | git clone git@github.com:dfoxfranke/libaes_siv.git 109 | cd libaes_siv 110 | cmake -DCMAKE_PREFIX_PATH=/opt/homebrew/opt/openssl@3 . 111 | make 112 | sudo make install 113 | 114 | ``` 115 | 116 | 117 | 118 | ``` 119 | export PKG_CONFIG_PATH="/opt/homebrew/opt/openssl@3/lib/pkgconfig" 120 | cd urcrypt/ 121 | ./autogen.sh 122 | ./configure --disable-shared 123 | make 124 | sudo make install 125 | ``` 126 | 127 | 128 | #### Testing 129 | 130 | ``` 131 | export MOON_SEED="your seed" 132 | 133 | go test ./... 134 | ``` 135 | 136 | 137 | 138 | 139 | ~litryl-tadmev 140 | -------------------------------------------------------------------------------- /ames/ames_test.go: -------------------------------------------------------------------------------- 1 | package ames 2 | 3 | import ( 4 | "fmt" 5 | "reflect" 6 | "testing" 7 | 8 | "github.com/stevelacy/go-urbit/noun" 9 | ) 10 | 11 | var pName = "~litryl-tadmev" 12 | var pEKey = "5a14c99c533ef2138de811430657957c1cdaabbac4d8c21e8785e62f994c99e7" 13 | var pAKey = "8a6b789427cd0a03efc7f66ed4cc3841223f41c85f7488a75acd7517061b3ba0" 14 | 15 | func TestLookup(t *testing.T) { 16 | res, _ := Lookup(pName) 17 | if res.EncryptionKey != pEKey { 18 | t.Errorf("expected %s got %s", pEKey, res.EncryptionKey) 19 | } 20 | if res.AuthenticationKey != pAKey { 21 | t.Errorf("expected %s got %s", pAKey, res.AuthenticationKey) 22 | } 23 | } 24 | 25 | func TestPadLeft(t *testing.T) { 26 | c1 := "00000000test" 27 | res := padLeft("test", 12, "0") 28 | if res != c1 { 29 | t.Errorf("expected %s got %s", c1, res) 30 | } 31 | } 32 | 33 | func TestConstructPoke(t *testing.T) { 34 | c1 := "[103 [25959 1685024616 0] 0 109 29669416873256296 1735289200]" 35 | r1 := ConstructPoke([]string{"ge", "hood"}, "helm-hi", noun.MakeNoun("ping")) 36 | if r1.String() != c1 { 37 | t.Errorf("expected %s got %s", c1, r1) 38 | } 39 | } 40 | 41 | func TestSplitMessage(t *testing.T) { 42 | n1 := ConstructPoke([]string{"ge", "hood"}, "helm-hi", noun.MakeNoun("ping")) 43 | c1 := "[5 1 0 5446293427400615627168770935011744630350584192948000500175511867329]" 44 | r1 := SplitMessage(5, n1) 45 | 46 | if c1 != r1[0].String() { 47 | t.Errorf("expected %s got %s", c1, r1) 48 | } 49 | } 50 | 51 | func TestEncodeShutPacket(t *testing.T) { 52 | n1 := ConstructPoke([]string{"ge", "hood"}, "helm-hi", noun.MakeNoun("ping")) 53 | c1 := "[[65792 139023796470016] 1 2 0 70270754126257173429024868609132679736029986866333602336505787903207239222796713666732498636112461130219095130694309422215675]" 54 | msg := SplitMessage(5, n1) 55 | pkt := FragmentToShutPacket(msg[0], 1) 56 | r1, _ := EncodeShutPacket(pkt, []byte{31}, noun.B(0x10100), noun.B(0x7e7100010100), 1, 2) 57 | if c1 != r1.String() { 58 | t.Errorf("expected %s got %s", c1, r1) 59 | } 60 | } 61 | 62 | func TestEncodePacket(t *testing.T) { 63 | c1 := []byte{128, 28, 112, 182, 33, 0, 1, 1, 0, 0, 1, 1, 0, 113, 126, 0, 0, 251, 177, 66, 74, 134, 147, 242, 188, 119, 57, 37, 27, 132, 153, 69, 253, 34, 0, 174, 98, 110, 181, 25, 144, 121, 192, 44, 232, 136, 22, 223, 146, 232, 23, 9, 200, 94, 235, 235, 169, 110, 64, 44, 233, 30, 17, 20, 94, 212, 254, 76, 106} 64 | n1 := ConstructPoke([]string{"ge", "hood"}, "helm-hi", noun.MakeNoun("ping")) 65 | msg := SplitMessage(5, n1) 66 | pkt := FragmentToShutPacket(msg[0], 1) 67 | r1, _ := EncodeShutPacket(pkt, []byte{31}, noun.B(0x10100), noun.B(0x7e7100010100), 1, 2) 68 | 69 | r2 := EncodePacket(r1) 70 | if !reflect.DeepEqual(c1, r2) { 71 | t.Errorf("expected %v got %v", c1, r2) 72 | } 73 | } 74 | 75 | func TestDestructPath(t *testing.T) { 76 | a := []string{"one", "one", "two"} 77 | nPath := noun.MakeNoun(a) 78 | path, err := destructPath(nPath) 79 | 80 | if err != nil { 81 | t.Error(err) 82 | } 83 | if !reflect.DeepEqual(path, a) { 84 | t.Errorf("expected %v got %v", a, path) 85 | } 86 | } 87 | 88 | /* func TestJoinMessage(t *testing.T) { 89 | num := 11 90 | poke := ConstructPoke([]string{"path"}, "mark", noun.MakeNoun(noun.B(0).Exp(noun.B(2), noun.B(7000), nil))) 91 | a := SplitMessage(num, poke) 92 | 93 | n, err := JoinMessage(a) 94 | fmt.Println(n, err) 95 | } */ 96 | 97 | func TestShutPacketToFragment(t *testing.T) { 98 | num := 11 99 | bone := 9 100 | poke := ConstructPoke([]string{"path"}, "mark", noun.MakeNoun("data")) 101 | msg := SplitMessage(num, poke) 102 | pat := FragmentToShutPacket(msg[0], bone) 103 | b, n, isFrag, res, err := ShutPacketToMeat(pat) 104 | if err != nil { 105 | t.Error(err) 106 | } 107 | if b != bone { 108 | t.Errorf("expected %v got %v", bone, b) 109 | } 110 | if n != num { 111 | t.Errorf("expected %v got %v", n, num) 112 | } 113 | if !isFrag { 114 | t.Errorf("expected %v got %v", true, isFrag) 115 | } 116 | e1 := "[1 0 1139440589747613851334439309220300165109479259885505]" 117 | if res.String() != e1 { 118 | t.Errorf("expected %v got %v", e1, res.String()) 119 | } 120 | } 121 | 122 | func TestDecodePacket(t *testing.T) { 123 | n1 := []byte{128, 28, 112, 182, 33, 0, 1, 1, 0, 0, 1, 1, 0, 113, 126, 0, 0, 251, 177, 66, 74, 134, 147, 242, 188, 119, 57, 37, 27, 132, 153, 69, 253, 34, 0, 174, 98, 110, 181, 25, 144, 121, 192, 44, 232, 136, 22, 223, 146, 232, 23, 9, 200, 94, 235, 235, 169, 110, 64, 44, 233, 30, 17, 20, 94, 212, 254, 76, 106} 124 | from, to, _, _, _, err := DecodePacket(n1) 125 | if err != nil { 126 | t.Error(err) 127 | } 128 | 129 | if noun.B(0x10100).Cmp(from) != 0 { 130 | t.Errorf("expected %v got %v", noun.B(0x10100), from) 131 | } 132 | if noun.B(0x7e7100010100).Cmp(to) != 0 { 133 | t.Errorf("expected %v got %v", noun.B(0x7e7100010100), to) 134 | } 135 | } 136 | 137 | func TestDecodeShutPacket(t *testing.T) { 138 | n1 := []byte{128, 28, 112, 182, 33, 0, 1, 1, 0, 0, 1, 1, 0, 113, 126, 0, 0, 251, 177, 66, 74, 134, 147, 242, 188, 119, 57, 37, 27, 132, 153, 69, 253, 34, 0, 174, 98, 110, 181, 25, 144, 121, 192, 44, 232, 136, 22, 223, 146, 232, 23, 9, 200, 94, 235, 235, 169, 110, 64, 44, 233, 30, 17, 20, 94, 212, 254, 76, 106} 139 | from, to, fromTick, toTick, content, err := DecodePacket(n1) 140 | 141 | fromLife := int64(1) 142 | toLife := int64(2) 143 | 144 | symKey := []byte{31} 145 | 146 | pkt, err := DecodeShutPacket(content, symKey, from, to, fromTick, toTick, fromLife, toLife) 147 | if err != nil { 148 | t.Error(err) 149 | } 150 | e1 := "[1 5 0 1 0 5446293427400615627168770935011744630350584192948000500175511867329]" 151 | if pkt.String() != e1 { 152 | t.Errorf("expected %v got %v", e1, pkt.String()) 153 | } 154 | } 155 | 156 | func ExampleLookup() { 157 | res, err := Lookup("~zod") 158 | if err != nil { 159 | fmt.Println(err) 160 | } 161 | fmt.Println(res.EncryptionKey) 162 | } 163 | -------------------------------------------------------------------------------- /ames/connection_test.go: -------------------------------------------------------------------------------- 1 | package ames 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "testing" 7 | 8 | "github.com/stevelacy/go-urbit/noun" 9 | ) 10 | 11 | func TestConnectionMoon(t *testing.T) { 12 | seed := os.Getenv("MOON_SEED") 13 | if seed == "" { 14 | t.Errorf("Please define env var MOON_SEED") 15 | } 16 | 17 | onPacket := func(c *Connection, pkt Packet) { 18 | fmt.Println("ames OnPacket", pkt.Data) 19 | } 20 | ames, err := NewAmes(seed, onPacket) 21 | if err != nil { 22 | t.Error(err) 23 | } 24 | 25 | to := "~litryl-tadmev" 26 | 27 | c1, err := ames.Connect(to) 28 | if err != nil { 29 | t.Error(err) 30 | } 31 | 32 | fmt.Println("bone:", c1.bone) 33 | 34 | _, err = c1.Request([]string{"ge", "hood"}, "helm-hi", noun.MakeNoun("yay!")) 35 | 36 | if err != nil { 37 | t.Error(err) 38 | } 39 | 40 | /* c2, err := ames.Connect(to) 41 | if err != nil { 42 | t.Error(err) 43 | } 44 | 45 | // make a string larger than 1kb 46 | m := make([]string, 100000) 47 | for k := range m { 48 | m[k] = "A" 49 | } 50 | 51 | _, err = c2.Request([]string{"ge", "hood"}, "helm-hi", noun.MakeNoun(strings.Join(m, ""))) */ 52 | } 53 | 54 | func ExampleNewAmes() { 55 | // Easiest way to connect with defaults 56 | seed := os.Getenv("MOON_SEED") 57 | 58 | ames, err := NewAmes(seed, nil) 59 | if err != nil { 60 | panic(err) 61 | } 62 | to := "~litryl-tadmev" 63 | conn, err := ames.Connect(to) 64 | if err != nil { 65 | fmt.Println(err) 66 | } 67 | conn.Request([]string{"ge", "hood"}, "helm-hi", noun.MakeNoun("message here")) 68 | } 69 | -------------------------------------------------------------------------------- /argon2u/argon2u.go: -------------------------------------------------------------------------------- 1 | package argon2u 2 | 3 | // #cgo LDFLAGS: -L${SRCDIR}/argon2 -l argon2 4 | // #include 5 | // #include "./argon2/include/argon2.h" 6 | import ( 7 | "C" 8 | ) 9 | 10 | import ( 11 | "encoding/hex" 12 | "fmt" 13 | "unsafe" 14 | ) 15 | 16 | const Argon2u = 10 17 | const ArgonVersion = 0x13 18 | 19 | type HashOptions struct { 20 | Pass []byte 21 | Salt []byte 22 | Type int 23 | HashLen uint64 24 | Parallelism int 25 | Mem int 26 | Time int 27 | } 28 | type ArgonResponse struct { 29 | Hash []byte 30 | Encoded string 31 | HashHex string 32 | } 33 | 34 | func Hash(opts HashOptions) (ArgonResponse, error) { 35 | t_cost := (C.uint32_t)(opts.Time) 36 | m_cost := (C.uint32_t)(opts.Mem) 37 | parallelism := (C.uint32_t)(opts.Parallelism) 38 | pwd := C.CBytes(opts.Pass[:]) 39 | pwdlen := (C.uint64_t)(C.uint64_t(len(opts.Pass))) 40 | salt := C.CBytes(opts.Salt[:]) 41 | saltlen := (C.uint32_t)(len(opts.Salt)) 42 | hash := C.malloc(10240) 43 | hashlen := (C.uint32_t)(C.uint64_t(opts.HashLen)) 44 | encoded := C.CString("") 45 | encodedlen := (C.uint32_t)(10240) 46 | argon2Type := (C.argon2_type)(Argon2u) 47 | version := (C.uint32_t)(ArgonVersion) 48 | 49 | defer C.free(unsafe.Pointer(pwd)) 50 | defer C.free(salt) 51 | defer C.free(hash) 52 | defer C.free(unsafe.Pointer(encoded)) 53 | 54 | res := C.argon2_hash( 55 | t_cost, 56 | m_cost, 57 | parallelism, 58 | pwd, 59 | C.ulong(pwdlen), 60 | salt, 61 | C.ulong(saltlen), 62 | hash, 63 | C.ulong(hashlen), 64 | encoded, 65 | C.ulong(encodedlen), 66 | argon2Type, 67 | version, 68 | ) 69 | 70 | if res != 0 { 71 | return ArgonResponse{}, fmt.Errorf("argon2 error code: %d\n", res) 72 | } 73 | 74 | enc := C.GoBytes(unsafe.Pointer(encoded), (C.int)(encodedlen)) 75 | out := C.GoBytes(hash, (C.int)(hashlen)) 76 | response := ArgonResponse{ 77 | Hash: out, 78 | Encoded: string(enc), 79 | HashHex: hex.EncodeToString(out), 80 | } 81 | 82 | return response, nil 83 | } 84 | -------------------------------------------------------------------------------- /argon2u/argon2u_test.go: -------------------------------------------------------------------------------- 1 | package argon2u 2 | 3 | import ( 4 | "fmt" 5 | "testing" 6 | ) 7 | 8 | func TestHash(t *testing.T) { 9 | ship := 918784 10 | res, _ := Hash(HashOptions{ 11 | Pass: []byte("test"), 12 | Salt: []byte(fmt.Sprintf("urbitkeygen%d", ship)), 13 | Type: Argon2u, 14 | HashLen: 32, 15 | Parallelism: 4, 16 | Mem: 512000, 17 | Time: 1, 18 | }) 19 | h1 := "149d312a05e3d89de2c4f24e179f92e4a76feb22f9e30b2109d1392285ee3c52" 20 | if res.HashHex != h1 { 21 | t.Errorf("expected: %s got: %s", h1, res.HashHex) 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/stevelacy/go-urbit 2 | 3 | go 1.16 4 | 5 | require github.com/twmb/murmur3 v1.1.5 6 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/twmb/murmur3 v1.1.5 h1:i9OLS9fkuLzBXjt6dptlAEyk58fJsSTXbRg3SgVyqgk= 2 | github.com/twmb/murmur3 v1.1.5/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ= 3 | -------------------------------------------------------------------------------- /noun/mug.go: -------------------------------------------------------------------------------- 1 | package noun 2 | 3 | import ( 4 | "math/big" 5 | 6 | "github.com/twmb/murmur3" 7 | ) 8 | 9 | var magicSeed1 uint32 = 0xcafebabe // https://github.com/urbit/urbit/blob/1e70a1be2a03a1ba60b7d06ce50f12305be62eb0/pkg/urbit/noun/retrieve.c#L1603 10 | var magicSeed2 uint32 = 0x7fff // https://github.com/urbit/urbit/blob/1e70a1be2a03a1ba60b7d06ce50f12305be62eb0/pkg/urbit/noun/retrieve.c#L1621 11 | var magicSeed3 uint32 = 0xdeadbeef // https://github.com/urbit/urbit/blob/1e70a1be2a03a1ba60b7d06ce50f12305be62eb0/pkg/urbit/noun/retrieve.c#L1566 12 | var magicSeed4 uint32 = 0xfffe // https://github.com/urbit/urbit/blob/1e70a1be2a03a1ba60b7d06ce50f12305be62eb0/pkg/urbit/noun/retrieve.c#L1594 13 | 14 | func cat(a, b uint32) *big.Int { 15 | d1 := uint64(b) << 32 16 | d2 := d1 ^ uint64(a) 17 | return B(0).SetUint64(d2) 18 | } 19 | 20 | func mum(a, b uint32, key *big.Int) uint32 { 21 | for i := 0; i < 8; i++ { 22 | m1 := Muk(a, ByteLen(key), key) 23 | m2 := m1 % (1 << 31) 24 | m3 := m1 / (1 << 31) 25 | 26 | c1 := m2 ^ m3 27 | if c1 != 0 { 28 | return c1 29 | } 30 | a++ 31 | } 32 | return b 33 | } 34 | 35 | func Mug(n Noun) uint32 { 36 | switch t := n.(type) { 37 | case Atom: 38 | return mum(magicSeed1, magicSeed2, t.Value) 39 | case Cell: 40 | a := Mug(t.Head) 41 | b := Mug(t.Tail) 42 | c := cat(a, b) 43 | return mum(magicSeed3, magicSeed4, c) 44 | } 45 | return 1 46 | } 47 | 48 | func Muk(seed uint32, length int64, arg *big.Int) uint32 { 49 | var b2 []byte 50 | b := BigToLittle(arg) 51 | 52 | if int64(len(b)) < length { 53 | b2 = make([]byte, length) 54 | copy(b2, b) 55 | } else { 56 | b2 = b 57 | } 58 | 59 | return murmur3.SeedSum32(seed, b2) 60 | } 61 | 62 | // BigToLittle converts from BigEndian to LittleEndian 63 | func BigToLittle(arg *big.Int) []byte { 64 | b := arg.Bytes() 65 | // BigEndian to LittleEndian 66 | for i := 0; i < len(b)/2; i++ { 67 | j := len(b) - i - 1 68 | b[i], b[j] = b[j], b[i] 69 | } 70 | return b 71 | } 72 | 73 | // LittleToBig converts []bytes from BigEndian to LittleEndian 74 | func LittleToBig(b []byte) *big.Int { 75 | // BigEndian to LittleEndian 76 | for i := 0; i < len(b)/2; i++ { 77 | j := len(b) - i - 1 78 | b[i], b[j] = b[j], b[i] 79 | } 80 | b2 := big.NewInt(0) 81 | b2.SetBytes(b) 82 | return b2 83 | } 84 | -------------------------------------------------------------------------------- /noun/mug_test.go: -------------------------------------------------------------------------------- 1 | package noun 2 | 3 | import ( 4 | "math/big" 5 | "testing" 6 | ) 7 | 8 | func TestMug(t *testing.T) { 9 | a1 := Atom{Value: B(12)} 10 | c1 := uint32(1850607025) 11 | res := Mug(a1) 12 | if res != c1 { 13 | t.Errorf("expected %d got %d", c1, res) 14 | } 15 | 16 | a := []interface{}{12, 16, 19, 23} 17 | b := []interface{}{12, 16, 19, 23} 18 | n2 := MakeNoun([]interface{}{a, b}) 19 | c2 := uint32(1662846570) 20 | res2 := Mug(n2) 21 | if res2 != c2 { 22 | t.Errorf("expected %d got %d", c2, res2) 23 | } 24 | } 25 | 26 | func TestMuk(t *testing.T) { 27 | a1 := uint32(3744000282) 28 | res := Muk(0xb76d5eed, 2, big.NewInt(1501)) 29 | if res != a1 { 30 | t.Errorf("%d does not match %d", res, a1) 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /noun/noun_test.go: -------------------------------------------------------------------------------- 1 | package noun 2 | 3 | import ( 4 | "fmt" 5 | "math/big" 6 | "reflect" 7 | "testing" 8 | ) 9 | 10 | func TestMat(t *testing.T) { 11 | r1 := Mat(B(100)) 12 | c1 := [2]*big.Int{B(13), B(6456)} 13 | if !reflect.DeepEqual(r1[0], c1[0]) && !reflect.DeepEqual(r1[1], c1[1]) { 14 | t.Errorf("expected %s got %s", c1, r1) 15 | } 16 | 17 | r2 := Mat(B(100000000)) 18 | c2 := [2]*big.Int{B(37), B(102400000736)} 19 | if !reflect.DeepEqual(r2[0], c2[0]) && !reflect.DeepEqual(r2[1], c2[1]) { 20 | t.Errorf("expected %s got %s", c2, r2) 21 | } 22 | 23 | b1 := B(0) 24 | b1.SetString("100000000000000000001", 10) 25 | b2 := B(0) 26 | b2.SetString("1638400000000000000017280", 10) 27 | r3 := Mat(b1) 28 | c3 := [2]*big.Int{B(18), b2} 29 | if !reflect.DeepEqual(r3[0], c3[0]) && !reflect.DeepEqual(r3[1], c3[1]) { 30 | t.Errorf("expected %s got %s", c3, r3) 31 | } 32 | 33 | r4 := Mat(B(0)) 34 | c4 := [2]*big.Int{B(1), B(1)} 35 | if !reflect.DeepEqual(r4[0], c4[0]) && !reflect.DeepEqual(r4[1], c4[1]) { 36 | t.Errorf("expected %s got %s", c4, r4) 37 | } 38 | 39 | r5 := Mat(B(1)) 40 | c5 := [2]*big.Int{B(3), B(6)} 41 | if !reflect.DeepEqual(r5[0], c5[0]) && !reflect.DeepEqual(r5[1], c5[1]) { 42 | t.Errorf("expected %s got %s", c5, r5) 43 | } 44 | } 45 | 46 | func TestMakeNoun(t *testing.T) { 47 | r1 := MakeNoun(100) 48 | c1 := "100" 49 | if r1.String() != c1 { 50 | t.Errorf("expected %s got %s", c1, r1) 51 | } 52 | r2 := MakeNoun([]interface{}{100, []interface{}{12, 16}, B(255), 24}) 53 | c2 := "[100 [12 16] 255 24]" 54 | if r2.String() != c2 { 55 | t.Errorf("expected %s got %s", c2, r2) 56 | } 57 | } 58 | 59 | func TestJam(t *testing.T) { 60 | n1 := MakeNoun([]interface{}{12, 16}) 61 | r1 := Jam(n1) 62 | if r1.Int64() != 17176641 { 63 | t.Errorf("expected %s got %s", n1, r1) 64 | } 65 | 66 | a := []interface{}{12, 16, 19, 23} 67 | b := []interface{}{12, 16, 19, 23} 68 | n2 := MakeNoun([]interface{}{a, b}) 69 | r2 := Jam(n2) 70 | if r2.Int64() != 5322556398681252101 { 71 | t.Errorf("expected %s got %s", n2, r2) 72 | } 73 | 74 | n3 := MakeNoun([]interface{}{[]string{"ge", "hood"}, 0, "m", "helm-hi", MakeNoun("ping")}) 75 | c1 := "83103842581186151537609419784725107274636599623840339663322629" 76 | r3 := Jam(n3) 77 | if r3.Text(10) != c1 { 78 | t.Errorf("expected %s got %s", c1, r3) 79 | } 80 | 81 | x := []interface{}{1, 1} 82 | y := []interface{}{2, 2} 83 | xy := MakeNoun([]interface{}{x, y}) 84 | xyy := MakeNoun([]interface{}{xy, y}) 85 | rxyy := Jam(xyy) 86 | txyy := "3886480388885" 87 | if rxyy.Text(10) != txyy { 88 | t.Errorf("expected %s got %s", txyy, rxyy) 89 | } 90 | 91 | } 92 | 93 | func TestJamInterface(t *testing.T) { 94 | ia := []interface{}{44, 55, 66} 95 | ib := []interface{}{2, 2} 96 | ic := []interface{}{ia, ib} 97 | id := []interface{}{ic, ib} 98 | n := MakeNoun(id) 99 | r1 := Jam(n) 100 | c1 := Cue(r1) 101 | fmt.Println(c1) 102 | if r1.String() != "229690868248641971000341" { 103 | t.Errorf("expected %s got %s", "229690868248641971000341", r1.String()) 104 | } 105 | } 106 | 107 | func TestCue(t *testing.T) { 108 | n1 := B(17176641) 109 | r1 := Cue(n1) 110 | c1 := MakeNoun([]interface{}{12, 16}) 111 | 112 | if r1.String() != c1.String() { 113 | t.Errorf("expected %s got %s", c1, n1) 114 | } 115 | 116 | a := []interface{}{12, 16, 19, 23} 117 | b := []interface{}{12, 16, 19, 23} 118 | n2 := MakeNoun([]interface{}{a, b}) 119 | r2 := Cue(B(5322556398681252101)) 120 | if r2.String() != n2.String() { 121 | t.Errorf("expected %s got %s", n2, r2) 122 | } 123 | 124 | s1 := B(0) 125 | // map[2:[[1 1] 2 2] 4:[1 1] 6:1 10:1 14:[2 2] 16:2 23:2] 126 | s1.SetString("3886480388885", 10) 127 | c2 := Cue(s1) 128 | if c2.String() != "[[[1 1] 2 2] 2 2]" { 129 | t.Errorf("expected %s got %s", "[[[1 1] 2 2] 2 2]", c2.String()) 130 | } 131 | } 132 | 133 | func TestStringToCord(t *testing.T) { 134 | n1 := "ping" 135 | c1 := "676e6970" 136 | r1 := StringToCord(n1) 137 | if r1.Value.Text(16) != c1 { 138 | t.Errorf("expected %s got %s", c1, r1) 139 | } 140 | } 141 | 142 | func TestAssertAtom(t *testing.T) { 143 | _, err := AssertAtom(MakeNoun("12")) 144 | if err != nil { 145 | t.Errorf("expected %v got %e", nil, err) 146 | } 147 | _, err = AssertAtom(Atom{}) 148 | if err != nil { 149 | t.Errorf("expected %v got %e", nil, err) 150 | } 151 | _, err = AssertAtom(Cell{}) 152 | if err == nil { 153 | t.Errorf("expected error got nil") 154 | } 155 | } 156 | 157 | func ExampleMakeNoun() { 158 | stringNoun := MakeNoun("string value") 159 | 160 | fmt.Println(stringNoun) 161 | // Output: 31399942126277005645796504691 162 | } 163 | -------------------------------------------------------------------------------- /noun/ob_test.go: -------------------------------------------------------------------------------- 1 | package noun 2 | 3 | import ( 4 | "fmt" 5 | "math/big" 6 | "reflect" 7 | "strconv" 8 | "testing" 9 | ) 10 | 11 | var gName = "~zod" 12 | var gName2 = "~fed" 13 | var sName = "~fipfes" 14 | var pName = "~litryl-tadmev" 15 | var cName = "~libmer-bolnut-somteb-rapheb--fadneb-milsec-lissub-taddef" 16 | var mName = "~dabhec-bitrux-lidluc-lidtyv" 17 | var bName = "101110111100011011100110011" 18 | 19 | var a1 = "~zod" 20 | var a2 = "~litryl" 21 | var a3 = "~litryl-tadmev" 22 | var a4 = "~mister-wicdev-wisryt" 23 | var a5 = "~dabhec-bitrux-lidluc-lidtyv" 24 | 25 | var pHash = "e0500" 26 | var cHash = "279f2d435959e414ce82d450094437b5" 27 | var mHash = "b51bb67b72d20061" 28 | 29 | func TestPatp2hex(t *testing.T) { 30 | r1, err := Patp2hex(pName) 31 | if err != nil { 32 | t.Errorf(err.Error()) 33 | } 34 | if r1 != pHash { 35 | t.Errorf("'%s' does not match %s", r1, pHash) 36 | } 37 | r2, err := Patp2hex(cName) 38 | if r2 != cHash { 39 | t.Errorf("'%s' does not match %s", r2, cHash) 40 | } 41 | r3, err := Patp2hex(mName) 42 | if r3 != mHash { 43 | t.Errorf("'%s' does not match %s", r3, mHash) 44 | } 45 | r4, err := Patp2hex(gName) 46 | if r4 != "0" { 47 | t.Errorf("'%s' does not match %s", r4, "0") 48 | } 49 | r5, err := Patp2hex(gName2) 50 | if r5 != "ec" { 51 | t.Errorf("'%s' does not match %s", r5, "ec") 52 | } 53 | r6, err := Patp2hex(sName) 54 | if r6 != "ffff" { 55 | t.Errorf("'%s' does not match %s", r6, "ffff") 56 | } 57 | 58 | } 59 | 60 | func TestHex2patp(t *testing.T) { 61 | r1, err := Hex2patp(pHash) 62 | if err != nil { 63 | t.Errorf(err.Error()) 64 | } 65 | if r1 != pName { 66 | t.Errorf("'%s' does not match %s", r1, pName) 67 | } 68 | r2, _ := Hex2patp(cHash) 69 | if r2 != cName { 70 | t.Errorf("'%s' does not match %s", r2, cName) 71 | } 72 | } 73 | 74 | func TestMakeAddr(t *testing.T) { 75 | res := makeAddr(pName) 76 | if res.Text(2) != bName { 77 | t.Errorf("'%s' does not match %s", res.Text(2), bName) 78 | } 79 | } 80 | 81 | func TestFynd(t *testing.T) { 82 | a1 := big.NewInt(918784) 83 | intr, _ := strconv.ParseInt(bName, 2, 64) 84 | res := Fynd(big.NewInt(intr), tail) 85 | if res.Cmp(a1) != 0 { 86 | t.Errorf("%s does not match %s", res, a1) 87 | } 88 | } 89 | 90 | func TestPatp2sys(t *testing.T) { 91 | a1 := []string{"lit", "ryl", "tad", "mev"} 92 | a2 := patp2syls(pName) 93 | if !reflect.DeepEqual(a1, a2) { 94 | t.Errorf("%s does not match %s", a2, a1) 95 | } 96 | } 97 | 98 | func TestIsValidPat(t *testing.T) { 99 | c1 := "~litryl-tadmev" 100 | c2 := "~zod" 101 | f1 := "litryl-tadmev" 102 | f2 := "lit" 103 | if !isValidPat(c1) { 104 | t.Errorf("%s should be valid", c1) 105 | } 106 | if !isValidPat(c2) { 107 | t.Errorf("%s should be valid", c2) 108 | } 109 | if isValidPat(f1) { 110 | t.Errorf("%s should not be valid", f1) 111 | } 112 | if isValidPat(f2) { 113 | t.Errorf("%s should not be valid", f2) 114 | } 115 | } 116 | 117 | func TestClan(t *testing.T) { 118 | g, _ := Clan(gName) 119 | s, _ := Clan(sName) 120 | p, _ := Clan(pName) 121 | m, _ := Clan(mName) 122 | c, _ := Clan(cName) 123 | 124 | out := [5]string{g, s, p, m, c} 125 | expected := [5]string{"galaxy", "star", "planet", "moon", "comet"} 126 | if out != expected { 127 | t.Errorf("expected: %v, got: %v", expected, out) 128 | } 129 | } 130 | 131 | func TestSein(t *testing.T) { 132 | 133 | g, _ := Sein(gName) 134 | s, _ := Sein(sName) 135 | p, _ := Sein(pName) 136 | m, _ := Sein(mName) 137 | c, _ := Sein(cName) 138 | 139 | out := [5]*big.Int{g, s, p, m, c} 140 | expected := [5]*big.Int{B(0), B(255), B(1280), B(1926365281), B(0)} 141 | if !reflect.DeepEqual(expected, out) { 142 | t.Errorf("expected: %v, got: %v", expected, out) 143 | } 144 | } 145 | 146 | func TestBN2patp(t *testing.T) { 147 | // turn the patp to big.Int 148 | g, _ := Patp2bn(gName) 149 | s, _ := Patp2bn(sName) 150 | p, _ := Patp2bn(pName) 151 | m, _ := Patp2bn(mName) 152 | c, _ := Patp2bn(cName) 153 | 154 | // take the big.Int and convert to string 155 | g1, _ := BN2patp(g) 156 | s1, _ := BN2patp(s) 157 | p1, _ := BN2patp(p) 158 | m1, _ := BN2patp(m) 159 | c1, _ := BN2patp(c) 160 | 161 | out2 := [5]string{g1, s1, p1, m1, c1} 162 | expected2 := [5]string{gName, sName, pName, mName, cName} 163 | 164 | if out2 != expected2 { 165 | t.Errorf("expected: %v, got: %v", expected2, out2) 166 | } 167 | } 168 | 169 | func ExamplePatp2hex() { 170 | hexp, _ := Patp2hex("~ben") 171 | fmt.Println(hexp) 172 | // Output: 5c 173 | } 174 | 175 | func ExampleHex2patp() { 176 | hexp, _ := Hex2patp("ffff") 177 | fmt.Println(hexp) 178 | // Output: ~fipfes 179 | } 180 | 181 | func ExamplePatp2bn() { 182 | bn, _ := Patp2bn(pName) 183 | 184 | patp, _ := BN2patp(bn) 185 | fmt.Println(patp) 186 | // Output: ~litryl-tadmev 187 | } 188 | 189 | func ExampleClan() { 190 | // Get the class of the patp 191 | clan, _ := Clan(sName) 192 | fmt.Println(clan) 193 | // Output: star 194 | } 195 | 196 | func ExampleSein() { 197 | // Get the parent of the patp 198 | clanB, _ := Sein(sName) 199 | clan, _ := BN2patp(clanB) 200 | fmt.Println(clan) 201 | // Output: ~fes 202 | } 203 | -------------------------------------------------------------------------------- /urbit.go.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stephenlacy/go-urbit/4448ffc3f4f053bd9385d87711f0ee540a5c39af/urbit.go.png -------------------------------------------------------------------------------- /urcrypt/.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # nix symlink artifacts 3 | # 4 | result 5 | result-* 6 | 7 | # common dev piers 8 | # 9 | /zod 10 | /bus 11 | /nec 12 | /fakezod 13 | 14 | # package manager caches 15 | # 16 | .stack-work 17 | node_modules 18 | 19 | # build and release artifacts 20 | # 21 | cross/ 22 | release/ 23 | dist 24 | /out 25 | /work 26 | 27 | # landscape dev 28 | # 29 | urbitrc 30 | *-min.js 31 | pkg/interface/link-webext/web-ext-artifacts 32 | 33 | # catchall editor and OS stuff 34 | # 35 | .tags 36 | .etags 37 | tags 38 | TAGS 39 | GPATH 40 | GRTAGS 41 | GTAGS 42 | .DS_Store 43 | *.swp 44 | *.swo 45 | \#*\# 46 | s/* 47 | *.la 48 | *.lo 49 | *.o 50 | *.pc 51 | *.m4 52 | *.pc 53 | *.log 54 | config.h 55 | config.status 56 | config.h.in 57 | libtool 58 | 59 | # the following was adapted from 60 | # https://github.com/github/gitignore/blob/991e760c1c6d50fdda246e0178b9c58b06770b90/Autotools.gitignore 61 | 62 | # http://www.gnu.org/software/automake 63 | 64 | Makefile.in 65 | build-aux/ar-lib 66 | /mdate-sh 67 | /py-compile 68 | /test-driver 69 | /ylwrap 70 | .deps/ 71 | .dirstamp 72 | 73 | # http://www.gnu.org/software/autoconf 74 | 75 | autom4te.cache 76 | /autoscan.log 77 | /autoscan-*.log 78 | /aclocal.m4 79 | build-aux/compile 80 | config.cache 81 | build-aux/config.guess 82 | config.h.in 83 | build-aux/config.log 84 | build-aux/config.status 85 | build-aux/config.sub 86 | configure 87 | configure.scan 88 | build-aux/depcomp 89 | build-aux/install-sh 90 | build-aux/missing 91 | /stamp-h1 92 | 93 | # https://www.gnu.org/software/libtool/ 94 | 95 | build-aux/ltmain.sh 96 | 97 | # http://www.gnu.org/software/m4/ 98 | 99 | build-aux/m4/libtool.m4 100 | build-aux/m4/ltoptions.m4 101 | build-aux/m4/ltsugar.m4 102 | build-aux/m4/ltversion.m4 103 | build-aux/m4/lt~obsolete.m4 104 | 105 | # Generated Makefile 106 | # (meta build system like autotools, 107 | # can automatically generate from config.status script 108 | # (which is called by configure script)) 109 | Makefile 110 | configure~ 111 | config.h.in~ 112 | -------------------------------------------------------------------------------- /urcrypt/Makefile.am: -------------------------------------------------------------------------------- 1 | ACLOCAL_AMFLAGS = -I build-aux/m4 2 | 3 | AM_CFLAGS = -Wall -g -O3 4 | 5 | lib_LTLIBRARIES = liburcrypt.la 6 | noinst_LTLIBRARIES = libed25519.la \ 7 | libge_additions.la \ 8 | libargon2.la \ 9 | libkeccak_tiny.la \ 10 | libscrypt.la 11 | 12 | include_HEADERS = urcrypt/urcrypt.h 13 | noinst_HEADERS = urcrypt/util.h \ 14 | ed25519/src/ed25519.h \ 15 | ed25519/src/ge.h \ 16 | ge-additions/ge-additions.h \ 17 | argon2/include/argon2.h \ 18 | argon2/src/blake2/blake2.h \ 19 | scrypt/sha256.h \ 20 | scrypt/libscrypt.h 21 | 22 | # main library 23 | pkgconfig_DATA = liburcrypt-$(URCRYPT_API_VERSION).pc 24 | DISTCLEANFILES = $(pkgconfig_DATA) 25 | 26 | liburcrypt_la_CPPFLAGS = -I$(srcdir)/ed25519/src \ 27 | -I$(srcdir)/ge-additions \ 28 | -I$(srcdir)/argon2/include \ 29 | -I$(srcdir)/argon2/src/blake2 \ 30 | -I$(srcdir)/keccak-tiny \ 31 | -I$(srcdir)/scrypt 32 | liburcrypt_la_LIBADD = $(LIBCRYPTO_LIBS) \ 33 | $(LIBSECP256K1_LIBS) \ 34 | $(LIBAES_SIV_LIBS) \ 35 | libed25519.la \ 36 | libge_additions.la \ 37 | libargon2.la \ 38 | libkeccak_tiny.la \ 39 | libscrypt.la 40 | liburcrypt_la_CFLAGS = $(LIBCRYPTO_CFLAGS) \ 41 | $(LIBSECP256K1_CFLAGS) \ 42 | $(LIBAES_SIV_CFLAGS) 43 | # urcrypt_ is used for public symbols, urcrypt__ for internal. 44 | liburcrypt_la_LDFLAGS = -export-symbols-regex '^urcrypt_[^_]' \ 45 | -version-info $(URCRYPT_LT_VERSION) 46 | liburcrypt_la_SOURCES = urcrypt/aes_cbc.c \ 47 | urcrypt/aes_ecb.c \ 48 | urcrypt/aes_siv.c \ 49 | urcrypt/argon.c \ 50 | urcrypt/ed25519.c \ 51 | urcrypt/ge_additions.c \ 52 | urcrypt/ripemd.c \ 53 | urcrypt/scrypt.c \ 54 | urcrypt/keccak.c \ 55 | urcrypt/secp256k1.c \ 56 | urcrypt/sha.c \ 57 | urcrypt/util.c \ 58 | urcrypt/util.h 59 | 60 | # ed25519 61 | libed25519_la_CFLAGS = -Wno-unused-result 62 | libed25519_la_SOURCES = ed25519/src/fixedint.h \ 63 | ed25519/src/sha512.h \ 64 | ed25519/src/fe.h \ 65 | ed25519/src/precomp_data.h \ 66 | ed25519/src/sc.h \ 67 | ed25519/src/add_scalar.c \ 68 | ed25519/src/keypair.c \ 69 | ed25519/src/sc.c \ 70 | ed25519/src/seed.c \ 71 | ed25519/src/verify.c \ 72 | ed25519/src/ge.c \ 73 | ed25519/src/fe.c \ 74 | ed25519/src/key_exchange.c \ 75 | ed25519/src/sha512.c \ 76 | ed25519/src/sign.c 77 | 78 | # ge-additions 79 | libge_additions_la_CPPFLAGS = -I$(srcdir)/ed25519/src 80 | libge_additions_la_CFLAGS = -Werror -pedantic -std=gnu99 81 | libge_additions_la_SOURCES = ge-additions/ge-additions.c 82 | 83 | # argon2 84 | libargon2_la_CPPFLAGS = -I$(srcdir)/argon2/include -DARGON2_NO_THREADS 85 | libargon2_la_CFLAGS = -Wno-unused-value -Wno-unused-function 86 | libargon2_la_SOURCES = argon2/src/core.h \ 87 | argon2/src/thread.h \ 88 | argon2/src/encoding.h \ 89 | argon2/src/blake2/blake2-impl.h \ 90 | argon2/src/blake2/blamka-round-opt.h \ 91 | argon2/src/blake2/blamka-round-ref.h \ 92 | argon2/src/argon2.c \ 93 | argon2/src/core.c \ 94 | argon2/src/blake2/blake2b.c \ 95 | argon2/src/thread.c \ 96 | argon2/src/encoding.c 97 | 98 | # argon2 different sources for different CPU architectures 99 | # opt.c requires SSE instructions and won't work on AArch64 et al. 100 | if ARCH_X86_64 101 | libargon2_la_SOURCES += \ 102 | argon2/src/opt.c 103 | endif 104 | if ARCH_GENERIC 105 | libargon2_la_SOURCES += \ 106 | argon2/src/ref.c 107 | endif 108 | 109 | # scrypt 110 | libscrypt_la_CPPFLAGS = -D_FORTIFY_SOURCE=2 111 | libscrypt_la_SOURCES = scrypt/b64.c \ 112 | scrypt/crypto-mcf.c \ 113 | scrypt/crypto-scrypt-saltgen.c \ 114 | scrypt/crypto_scrypt-check.c \ 115 | scrypt/crypto_scrypt-hash.c \ 116 | scrypt/crypto_scrypt-hexconvert.c \ 117 | scrypt/crypto_scrypt-nosse.c \ 118 | scrypt/main.c \ 119 | scrypt/sha256.c \ 120 | scrypt/slowequals.c \ 121 | scrypt/b64.h \ 122 | scrypt/crypto_scrypt-hexconvert.h \ 123 | scrypt/slowequals.h \ 124 | scrypt/sysendian.h 125 | 126 | # keccak-tiny 127 | libkeccak_tiny_la_CFLAGS = -std=c11 -Wextra -Wpedantic -Wall 128 | libkeccak_tiny_la_SOURCES = keccak-tiny/keccak-tiny.c \ 129 | keccak-tiny/define-macros.h \ 130 | keccak-tiny/keccak-tiny.h 131 | -------------------------------------------------------------------------------- /urcrypt/README.md: -------------------------------------------------------------------------------- 1 | > Taken from [https://github.com/urbit/urbit/tree/master/pkg/urcrypt](https://github.com/urbit/urbit/tree/master/pkg/urcrypt) 2 | 3 | 4 | What is urcrypt? 5 | ---------------- 6 | urcrypt is a library of cryptography routines used by urbit jets. 7 | 8 | Why is urcrypt? 9 | --------------- 10 | Urbit's C runtime (long the only urbit runtime) has accumulated a collection of 11 | cryptography dependencies, some with custom additions or patches. These 12 | libraries have different conventions and have been managed by u3 in an ad-hoc 13 | manner. Reproducing that arrangement in other runtimes is tricky and 14 | error-prone. The (sometimes inconsistent) logic must be reproduced and suitable 15 | cryptography primitives must be found (or worse, written) for the new 16 | environment. 17 | 18 | To ease these burdens, urcrypt isolates the quirks behind a consistent calling 19 | convention. Everything is a little-endian byte array, and each jetted operation 20 | has a corresponding function in the library. Jets simply unpack their nouns, 21 | call urcrypt, and pack the results. 22 | 23 | What is a cryptography routine? 24 | ------------------------------- 25 | This is more of a subjective question than it might appear. Any of the following 26 | conditions are sufficient, but not necessary, for a function to be included in 27 | urcrypt: 28 | 29 | * The routine is sensitive to side-channel attacks (encryption, etc) 30 | * Some property of the routine is cryptographically useful (SHA, RIPE, etc) 31 | * The routine typically lives in a crypto library, for whatever reason. 32 | 33 | A word on OpenSSL 34 | ----------------- 35 | Urcrypt depends on OpenSSL's libcrypto, which has global state. In order 36 | to avoid dealing with this state, urcrypt refuses to build with an internal 37 | libcrypto. Either build statically (pass `--disable-shared` to `./configure`) 38 | or provide a shared libcrypto for urcrypt to link against. It is the library 39 | user's responsibility to initialize openssl, set custom memory functions, etc. 40 | -------------------------------------------------------------------------------- /urcrypt/argon2/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # 20171227 2 | * Added ABI version number 3 | * AVX2/AVX-512F optimizations of BLAMKA 4 | * Set Argon2 version number from the command line 5 | * New bindings 6 | * Minor bug and warning fixes (no security issue) 7 | 8 | # 20161029 9 | 10 | * Argon2id added 11 | * Better documentation 12 | * Dual licensing CC0 / Apache 2.0 13 | * Minor bug fixes (no security issue) 14 | 15 | # 20160406 16 | 17 | * Version 1.3 of Argon2 18 | * Version number in encoded hash 19 | * Refactored low-level API 20 | * Visibility control for library symbols 21 | * Microsoft Visual Studio solution 22 | * New bindings 23 | * Minor bug and warning fixes (no security issue) 24 | 25 | 26 | # 20151206 27 | 28 | * Python bindings 29 | * Password read from stdin, instead of being an argument 30 | * Compatibility FreeBSD, NetBSD, OpenBSD 31 | * Constant-time verification 32 | * Minor bug and warning fixes (no security issue) 33 | -------------------------------------------------------------------------------- /urcrypt/argon2/README.md: -------------------------------------------------------------------------------- 1 | # Argon2 2 | 3 | This is a fork of [the reference C implementation of Argon2](https://github.com/P-H-C/phc-winner-argon2), the password-hashing function that won the [Password Hashing Competition (PHC)](https://password-hashing.net). 4 | 5 | ## About Argon2u 6 | 7 | In addition to the official three variants (Argon2i, Argon2d, and Argon2id), this fork also implements a fourth variant, Argon2u. It operates similarly to Argon2id, in that it is a hybrid of Argon2i and Argon2d. Where Argon2id uses Argon2i's algorithm for the first two processed segments, Argon2u does this for the first three. 8 | 9 | ## More about Argon2 10 | 11 | Please see the [original repository](https://github.com/P-H-C/phc-winner-argon2) for information about Argon2. 12 | 13 | ## Intellectual property 14 | 15 | Except for the components listed below, the Argon2 code in this 16 | repository is copyright (c) 2015 Daniel Dinu, Dmitry Khovratovich (main 17 | authors), Jean-Philippe Aumasson and Samuel Neves, and dual licensed under the 18 | [CC0 License](https://creativecommons.org/about/cc0) and the 19 | [Apache 2.0 License](http://www.apache.org/licenses/LICENSE-2.0). For more info 20 | see the LICENSE file. 21 | 22 | The string encoding routines in [`src/encoding.c`](src/encoding.c) are 23 | copyright (c) 2015 Thomas Pornin, and under 24 | [CC0 License](https://creativecommons.org/about/cc0). 25 | 26 | The BLAKE2 code in [`src/blake2/`](src/blake2) is copyright (c) Samuel 27 | Neves, 2013-2015, and under 28 | [CC0 License](https://creativecommons.org/about/cc0). 29 | 30 | All licenses are therefore GPL-compatible. 31 | -------------------------------------------------------------------------------- /urcrypt/argon2/argon2-specs.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stephenlacy/go-urbit/4448ffc3f4f053bd9385d87711f0ee540a5c39af/urcrypt/argon2/argon2-specs.pdf -------------------------------------------------------------------------------- /urcrypt/argon2/kats/argon2d.shasum: -------------------------------------------------------------------------------- 1 | 73619cfe0f35e52fdd1ca2595ffaa359879467407f98b61f4969c2861cc329ce argon2d 2 | -------------------------------------------------------------------------------- /urcrypt/argon2/kats/argon2d_v16.shasum: -------------------------------------------------------------------------------- 1 | 4ec4569a016c3accc6a25a34252b03a6135939b3c452389917a3f3b65878165b argon2d_v16 2 | -------------------------------------------------------------------------------- /urcrypt/argon2/kats/argon2i.shasum: -------------------------------------------------------------------------------- 1 | 40a3aeafb092d10cf457a8ee0139c114c911ecf97bd5accf5a99c7ddd6917061 argon2i 2 | -------------------------------------------------------------------------------- /urcrypt/argon2/kats/argon2i_v16.shasum: -------------------------------------------------------------------------------- 1 | 334f03e627afb67b946a530b90d2e11fb2e6abb44df992c0fb3198c7bacf5930 argon2i_v16 2 | -------------------------------------------------------------------------------- /urcrypt/argon2/kats/argon2id.shasum: -------------------------------------------------------------------------------- 1 | ba05643e504fc5778dda99e2d9f42ebe7d22ebb3923cc719fd591b1b14a8d28d argon2id 2 | -------------------------------------------------------------------------------- /urcrypt/argon2/kats/argon2id_v16.shasum: -------------------------------------------------------------------------------- 1 | 680774be1d3ad2e74bbc56ee715dd6eb97a58279bf22edc57d00e840ca1ae469 argon2id_v16 2 | -------------------------------------------------------------------------------- /urcrypt/argon2/kats/check-sums.ps1: -------------------------------------------------------------------------------- 1 | Set-Variable tempfile -option Constant -value "tempfile" 2 | 3 | function hash($path) { 4 | $fullPath = Resolve-Path $path 5 | $hash = new-object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider 6 | 7 | $contents = [IO.File]::ReadAllText($fullPath) -replace "`r`n?", "`n" 8 | # create UTF-8 encoding without signature 9 | $utf8 = New-Object System.Text.UTF8Encoding $false 10 | # write the text back 11 | [IO.File]::WriteAllText($tempfile, $contents, $utf8) 12 | 13 | $file = [System.IO.File]::Open($tempfile,[System.IO.Filemode]::Open, [System.IO.FileAccess]::Read) 14 | $result = [System.BitConverter]::ToString($hash.ComputeHash($file)) 15 | $file.Dispose() 16 | 17 | if (Test-Path $tempfile) { 18 | Remove-Item $tempfile 19 | } 20 | 21 | return $result 22 | } 23 | 24 | function main() { 25 | $files = $(Get-ChildItem * | Where-Object { $_.Name -match '^[a-z2]*(_v)?[0-9]*$' } | select -ExpandProperty name) 26 | 27 | foreach ($file in $files) { 28 | $new = $(hash $file).replace("-","") 29 | $new = $new.ToLower() 30 | 31 | $old=$(Get-Content $file".shasum") 32 | $old = $old.Substring(0, $old.IndexOf(" ")) 33 | 34 | if ($new -eq $old) { 35 | Write-Host $file "`tOK" 36 | } else { 37 | Write-Host $file "`tERROR" 38 | } 39 | } 40 | } 41 | 42 | main 43 | -------------------------------------------------------------------------------- /urcrypt/argon2/kats/check-sums.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | for file in `ls | grep '^[a-z2]*\(_v\)\?[0-9]*$' | xargs` 4 | do 5 | new=`shasum -a 256 $file` 6 | old=`cat $file.shasum` 7 | if [ "$new" = "$old" ] 8 | then 9 | echo $file "\t" OK 10 | else 11 | echo $file "\t" ERROR 12 | fi 13 | done 14 | -------------------------------------------------------------------------------- /urcrypt/argon2/kats/test.ps1: -------------------------------------------------------------------------------- 1 | $ErrorActionPreference = "Stop" 2 | 3 | Set-Variable tempfile -option Constant -value "tempfile" 4 | 5 | function CompareFiles($f1, $f2, $i) { 6 | $f1_content = $(Get-Content $f1) 7 | $f2_content = $(Get-Content $f2) 8 | 9 | if (Compare-Object $f1_content $f2_content) { 10 | Write-Host -NoNewline "ERROR" 11 | exit $i 12 | } else { 13 | Write-Host -NoNewline "OK" 14 | } 15 | } 16 | 17 | function main() { 18 | $i = 0 19 | foreach ($opt in @("Ref", "Opt")) { 20 | Write-Output "$opt" 21 | 22 | foreach ($version in @(16, 19)) { 23 | foreach ($type in @("i", "d", "id")) { 24 | $i++ 25 | 26 | if ("Ref" -eq $opt) { 27 | vs2015\build\Argon2RefGenKAT.exe $type $version > $tempfile 28 | } else { 29 | vs2015\build\Argon2OptGenKAT.exe $type $version > $tempfile 30 | } 31 | 32 | if (19 -eq $version) { 33 | $kats = "kats\argon2" + $type 34 | } else { 35 | $kats = "kats\argon2" + $type + "_v" + $version 36 | } 37 | 38 | Write-Host -NoNewline "Argon2$type v=$version : " 39 | CompareFiles $tempfile $kats $i 40 | Write-Output "" 41 | } 42 | } 43 | } 44 | 45 | if (Test-Path $tempfile) { 46 | Remove-Item $tempfile 47 | } 48 | } 49 | 50 | main 51 | -------------------------------------------------------------------------------- /urcrypt/argon2/kats/test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | for opttest in "" "OPTTEST=1" 4 | do 5 | if [ "" = "$opttest" ] 6 | then 7 | printf "Default build\n" 8 | else 9 | printf "Force OPTTEST=1\n" 10 | fi 11 | 12 | make genkat $opttest > /dev/null 13 | if [ $? -ne 0 ] 14 | then 15 | exit $? 16 | fi 17 | 18 | i=0 19 | for version in 16 19 20 | do 21 | for type in i d id 22 | do 23 | i=$(($i+1)) 24 | 25 | printf "argon2$type v=$version: " 26 | 27 | if [ 19 -eq $version ] 28 | then 29 | kats="kats/argon2"$type 30 | else 31 | kats="kats/argon2"$type"_v"$version 32 | fi 33 | 34 | ./genkat $type $version > tmp 35 | if diff tmp $kats 36 | then 37 | printf "OK" 38 | else 39 | printf "ERROR" 40 | exit $i 41 | fi 42 | printf "\n" 43 | done 44 | done 45 | done 46 | 47 | rm -f tmp 48 | 49 | exit 0 50 | -------------------------------------------------------------------------------- /urcrypt/argon2/man/argon2.1: -------------------------------------------------------------------------------- 1 | .TH ARGON2 "1" "April 2016" "argon2 " "User Commands" 2 | 3 | .SH NAME 4 | argon2 \- generate argon2 hashes 5 | 6 | .SH SYNOPSIS 7 | .B argon2 salt 8 | .RB [ OPTIONS ] 9 | 10 | .SH DESCRIPTION 11 | Generate Argon2 hashes from the command line. 12 | 13 | The supplied salt (the first argument to the command) must be at least 14 | 8 octets in length, and the password is supplied on standard input. 15 | 16 | By default, this uses Argon2i variant (where memory access is 17 | independent of secret data) which is the preferred one for password 18 | hashing and password-based key derivation. 19 | 20 | .SH OPTIONS 21 | .TP 22 | .B \-h 23 | Display tool usage 24 | .TP 25 | .B \-d 26 | Use Argon2d instead of Argon2i (Argon2i is the default) 27 | .TP 28 | .B \-id 29 | Use Argon2id instead of Argon2i (Argon2i is the default) 30 | .TP 31 | .B \-u 32 | Use Argon2u instead of Argon2i (Argon2i is the default) 33 | .TP 34 | .BI \-t " N" 35 | Sets the number of iterations to N (default = 3) 36 | .TP 37 | .BI \-m " N" 38 | Sets the memory usage of 2^N KiB (default = 12) 39 | .TP 40 | .BI \-p " N" 41 | Sets parallelism to N threads (default = 1) 42 | .TP 43 | .BI \-l " N" 44 | Sets hash output length to N bytes (default = 32) 45 | .TP 46 | .B \-e 47 | Output only encoded hash 48 | .TP 49 | .B \-r 50 | Output only the raw bytes of the hash 51 | .TP 52 | .B \-v (10|13) 53 | Argon2 version (defaults to the most recent version, currently 13) 54 | 55 | .SH COPYRIGHT 56 | This manpage was written by \fBDaniel Kahn Gillmor\fR for the Debian 57 | distribution (but may be used by others). It is released, like the 58 | rest of this Argon2 implementation, under a dual license. You may use this work 59 | under the terms of a Creative Commons CC0 1.0 License/Waiver or the Apache 60 | Public License 2.0, at your option. 61 | -------------------------------------------------------------------------------- /urcrypt/argon2/meson.build: -------------------------------------------------------------------------------- 1 | project('argon2', 'c', version : '1') 2 | 3 | legacy_meson = false 4 | 5 | detect_meson_version = run_command('meson', '--version') 6 | meson_ver = detect_meson_version.stdout() 7 | 8 | if(meson_ver == '0.29.0\n') 9 | legacy_meson = true 10 | elif(not meson.version().version_compare('>=0.40.0')) 11 | error('Meson 0.29.0 is last legacy version supported. Otherwise please upgrade to 0.40.0 or higher.') 12 | endif 13 | 14 | lib_src = ['src/argon2.c', 15 | 'src/bench.c', 16 | 'src/blake2/blake2b.c', 17 | 'src/core.c', 18 | 'src/encoding.c', 19 | 'src/genkat.c', 20 | 'src/opt.c', 21 | 'src/ref.c', 22 | 'src/run.c', 23 | 'src/test.c', 24 | 'src/thread.c'] 25 | 26 | inc = include_directories(['./include']) 27 | 28 | lib = static_library('argon2', sources: lib_src, 29 | include_directories: inc, 30 | c_args: ['-Wall', '-Wno-unused-value', '-Wno-unused-function', '-DARGON2_NO_THREADS'], 31 | install: false) 32 | 33 | argon2_dep = declare_dependency(include_directories : inc, link_with : lib) 34 | -------------------------------------------------------------------------------- /urcrypt/argon2/src/bench.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Argon2 reference source code package - reference C implementations 3 | * 4 | * Copyright 2015 5 | * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves 6 | * 7 | * You may use this work under the terms of a Creative Commons CC0 1.0 8 | * License/Waiver or the Apache Public License 2.0, at your option. The terms of 9 | * these licenses can be found at: 10 | * 11 | * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 12 | * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * You should have received a copy of both of these licenses along with this 15 | * software. If not, they may be obtained at the above URLs. 16 | */ 17 | 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | #ifdef _MSC_VER 24 | #include 25 | #endif 26 | 27 | #include "argon2.h" 28 | 29 | static uint64_t rdtsc(void) { 30 | #ifdef _MSC_VER 31 | return __rdtsc(); 32 | #else 33 | #if defined(__amd64__) || defined(__x86_64__) 34 | uint64_t rax, rdx; 35 | __asm__ __volatile__("rdtsc" : "=a"(rax), "=d"(rdx) : :); 36 | return (rdx << 32) | rax; 37 | #elif defined(__i386__) || defined(__i386) || defined(__X86__) 38 | uint64_t rax; 39 | __asm__ __volatile__("rdtsc" : "=A"(rax) : :); 40 | return rax; 41 | #else 42 | #error "Not implemented!" 43 | #endif 44 | #endif 45 | } 46 | 47 | /* 48 | * Benchmarks Argon2 with salt length 16, password length 16, t_cost 3, 49 | and different m_cost and threads 50 | */ 51 | static void benchmark() { 52 | #define BENCH_OUTLEN 16 53 | #define BENCH_INLEN 16 54 | const uint32_t inlen = BENCH_INLEN; 55 | const unsigned outlen = BENCH_OUTLEN; 56 | unsigned char out[BENCH_OUTLEN]; 57 | unsigned char pwd_array[BENCH_INLEN]; 58 | unsigned char salt_array[BENCH_INLEN]; 59 | #undef BENCH_INLEN 60 | #undef BENCH_OUTLEN 61 | 62 | uint32_t t_cost = 3; 63 | uint32_t m_cost; 64 | uint32_t thread_test[4] = {1, 2, 4, 8}; 65 | argon2_type types[3] = {Argon2_i, Argon2_d, Argon2_id}; 66 | 67 | memset(pwd_array, 0, inlen); 68 | memset(salt_array, 1, inlen); 69 | 70 | for (m_cost = (uint32_t)1 << 10; m_cost <= (uint32_t)1 << 22; m_cost *= 2) { 71 | unsigned i; 72 | for (i = 0; i < 4; ++i) { 73 | double run_time = 0; 74 | uint32_t thread_n = thread_test[i]; 75 | 76 | unsigned j; 77 | for (j = 0; j < 3; ++j) { 78 | clock_t start_time, stop_time; 79 | uint64_t start_cycles, stop_cycles; 80 | uint64_t delta; 81 | double mcycles; 82 | 83 | argon2_type type = types[j]; 84 | start_time = clock(); 85 | start_cycles = rdtsc(); 86 | 87 | argon2_hash(t_cost, m_cost, thread_n, pwd_array, inlen, 88 | salt_array, inlen, out, outlen, NULL, 0, type, 89 | ARGON2_VERSION_NUMBER); 90 | 91 | stop_cycles = rdtsc(); 92 | stop_time = clock(); 93 | 94 | delta = (stop_cycles - start_cycles) / (m_cost); 95 | mcycles = (double)(stop_cycles - start_cycles) / (1UL << 20); 96 | run_time += ((double)stop_time - start_time) / (CLOCKS_PER_SEC); 97 | 98 | printf("%s %d iterations %d MiB %d threads: %2.2f cpb %2.2f " 99 | "Mcycles \n", argon2_type2string(type, 1), t_cost, 100 | m_cost >> 10, thread_n, (float)delta / 1024, mcycles); 101 | } 102 | 103 | printf("%2.4f seconds\n\n", run_time); 104 | } 105 | } 106 | } 107 | 108 | int main() { 109 | benchmark(); 110 | return ARGON2_OK; 111 | } 112 | -------------------------------------------------------------------------------- /urcrypt/argon2/src/blake2/blake2-impl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Argon2 reference source code package - reference C implementations 3 | * 4 | * Copyright 2015 5 | * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves 6 | * 7 | * You may use this work under the terms of a Creative Commons CC0 1.0 8 | * License/Waiver or the Apache Public License 2.0, at your option. The terms of 9 | * these licenses can be found at: 10 | * 11 | * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 12 | * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * You should have received a copy of both of these licenses along with this 15 | * software. If not, they may be obtained at the above URLs. 16 | */ 17 | 18 | #ifndef PORTABLE_BLAKE2_IMPL_H 19 | #define PORTABLE_BLAKE2_IMPL_H 20 | 21 | #include 22 | #include 23 | 24 | #if defined(_MSC_VER) 25 | #define BLAKE2_INLINE __inline 26 | #elif defined(__GNUC__) || defined(__clang__) 27 | #define BLAKE2_INLINE __inline__ 28 | #else 29 | #define BLAKE2_INLINE 30 | #endif 31 | 32 | /* Argon2 Team - Begin Code */ 33 | /* 34 | Not an exhaustive list, but should cover the majority of modern platforms 35 | Additionally, the code will always be correct---this is only a performance 36 | tweak. 37 | */ 38 | #if (defined(__BYTE_ORDER__) && \ 39 | (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \ 40 | defined(__LITTLE_ENDIAN__) || defined(__ARMEL__) || defined(__MIPSEL__) || \ 41 | defined(__AARCH64EL__) || defined(__amd64__) || defined(__i386__) || \ 42 | defined(_M_IX86) || defined(_M_X64) || defined(_M_AMD64) || \ 43 | defined(_M_ARM) 44 | #define NATIVE_LITTLE_ENDIAN 45 | #endif 46 | /* Argon2 Team - End Code */ 47 | 48 | static BLAKE2_INLINE uint32_t load32(const void *src) { 49 | #if defined(NATIVE_LITTLE_ENDIAN) 50 | uint32_t w; 51 | memcpy(&w, src, sizeof w); 52 | return w; 53 | #else 54 | const uint8_t *p = (const uint8_t *)src; 55 | uint32_t w = *p++; 56 | w |= (uint32_t)(*p++) << 8; 57 | w |= (uint32_t)(*p++) << 16; 58 | w |= (uint32_t)(*p++) << 24; 59 | return w; 60 | #endif 61 | } 62 | 63 | static BLAKE2_INLINE uint64_t load64(const void *src) { 64 | #if defined(NATIVE_LITTLE_ENDIAN) 65 | uint64_t w; 66 | memcpy(&w, src, sizeof w); 67 | return w; 68 | #else 69 | const uint8_t *p = (const uint8_t *)src; 70 | uint64_t w = *p++; 71 | w |= (uint64_t)(*p++) << 8; 72 | w |= (uint64_t)(*p++) << 16; 73 | w |= (uint64_t)(*p++) << 24; 74 | w |= (uint64_t)(*p++) << 32; 75 | w |= (uint64_t)(*p++) << 40; 76 | w |= (uint64_t)(*p++) << 48; 77 | w |= (uint64_t)(*p++) << 56; 78 | return w; 79 | #endif 80 | } 81 | 82 | static BLAKE2_INLINE void store32(void *dst, uint32_t w) { 83 | #if defined(NATIVE_LITTLE_ENDIAN) 84 | memcpy(dst, &w, sizeof w); 85 | #else 86 | uint8_t *p = (uint8_t *)dst; 87 | *p++ = (uint8_t)w; 88 | w >>= 8; 89 | *p++ = (uint8_t)w; 90 | w >>= 8; 91 | *p++ = (uint8_t)w; 92 | w >>= 8; 93 | *p++ = (uint8_t)w; 94 | #endif 95 | } 96 | 97 | static BLAKE2_INLINE void store64(void *dst, uint64_t w) { 98 | #if defined(NATIVE_LITTLE_ENDIAN) 99 | memcpy(dst, &w, sizeof w); 100 | #else 101 | uint8_t *p = (uint8_t *)dst; 102 | *p++ = (uint8_t)w; 103 | w >>= 8; 104 | *p++ = (uint8_t)w; 105 | w >>= 8; 106 | *p++ = (uint8_t)w; 107 | w >>= 8; 108 | *p++ = (uint8_t)w; 109 | w >>= 8; 110 | *p++ = (uint8_t)w; 111 | w >>= 8; 112 | *p++ = (uint8_t)w; 113 | w >>= 8; 114 | *p++ = (uint8_t)w; 115 | w >>= 8; 116 | *p++ = (uint8_t)w; 117 | #endif 118 | } 119 | 120 | static BLAKE2_INLINE uint64_t load48(const void *src) { 121 | const uint8_t *p = (const uint8_t *)src; 122 | uint64_t w = *p++; 123 | w |= (uint64_t)(*p++) << 8; 124 | w |= (uint64_t)(*p++) << 16; 125 | w |= (uint64_t)(*p++) << 24; 126 | w |= (uint64_t)(*p++) << 32; 127 | w |= (uint64_t)(*p++) << 40; 128 | return w; 129 | } 130 | 131 | static BLAKE2_INLINE void store48(void *dst, uint64_t w) { 132 | uint8_t *p = (uint8_t *)dst; 133 | *p++ = (uint8_t)w; 134 | w >>= 8; 135 | *p++ = (uint8_t)w; 136 | w >>= 8; 137 | *p++ = (uint8_t)w; 138 | w >>= 8; 139 | *p++ = (uint8_t)w; 140 | w >>= 8; 141 | *p++ = (uint8_t)w; 142 | w >>= 8; 143 | *p++ = (uint8_t)w; 144 | } 145 | 146 | static BLAKE2_INLINE uint32_t rotr32(const uint32_t w, const unsigned c) { 147 | return (w >> c) | (w << (32 - c)); 148 | } 149 | 150 | static BLAKE2_INLINE uint64_t rotr64(const uint64_t w, const unsigned c) { 151 | return (w >> c) | (w << (64 - c)); 152 | } 153 | 154 | void clear_internal_memory(void *v, size_t n); 155 | 156 | #endif 157 | -------------------------------------------------------------------------------- /urcrypt/argon2/src/blake2/blake2.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Argon2 reference source code package - reference C implementations 3 | * 4 | * Copyright 2015 5 | * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves 6 | * 7 | * You may use this work under the terms of a Creative Commons CC0 1.0 8 | * License/Waiver or the Apache Public License 2.0, at your option. The terms of 9 | * these licenses can be found at: 10 | * 11 | * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 12 | * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * You should have received a copy of both of these licenses along with this 15 | * software. If not, they may be obtained at the above URLs. 16 | */ 17 | 18 | #ifndef PORTABLE_BLAKE2_H 19 | #define PORTABLE_BLAKE2_H 20 | 21 | #include 22 | 23 | #if defined(__cplusplus) 24 | extern "C" { 25 | #endif 26 | 27 | enum blake2b_constant { 28 | BLAKE2B_BLOCKBYTES = 128, 29 | BLAKE2B_OUTBYTES = 64, 30 | BLAKE2B_KEYBYTES = 64, 31 | BLAKE2B_SALTBYTES = 16, 32 | BLAKE2B_PERSONALBYTES = 16 33 | }; 34 | 35 | #pragma pack(push, 1) 36 | typedef struct __blake2b_param { 37 | uint8_t digest_length; /* 1 */ 38 | uint8_t key_length; /* 2 */ 39 | uint8_t fanout; /* 3 */ 40 | uint8_t depth; /* 4 */ 41 | uint32_t leaf_length; /* 8 */ 42 | uint64_t node_offset; /* 16 */ 43 | uint8_t node_depth; /* 17 */ 44 | uint8_t inner_length; /* 18 */ 45 | uint8_t reserved[14]; /* 32 */ 46 | uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ 47 | uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ 48 | } blake2b_param; 49 | #pragma pack(pop) 50 | 51 | typedef struct __blake2b_state { 52 | uint64_t h[8]; 53 | uint64_t t[2]; 54 | uint64_t f[2]; 55 | uint8_t buf[BLAKE2B_BLOCKBYTES]; 56 | unsigned buflen; 57 | unsigned outlen; 58 | uint8_t last_node; 59 | } blake2b_state; 60 | 61 | /* Ensure param structs have not been wrongly padded */ 62 | /* Poor man's static_assert */ 63 | enum { 64 | blake2_size_check_0 = 1 / !!(CHAR_BIT == 8), 65 | blake2_size_check_2 = 66 | 1 / !!(sizeof(blake2b_param) == sizeof(uint64_t) * CHAR_BIT) 67 | }; 68 | 69 | /* Streaming API */ 70 | ARGON2_LOCAL int blake2b_init(blake2b_state *S, size_t outlen); 71 | ARGON2_LOCAL int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key, 72 | size_t keylen); 73 | ARGON2_LOCAL int blake2b_init_param(blake2b_state *S, const blake2b_param *P); 74 | ARGON2_LOCAL int blake2b_update(blake2b_state *S, const void *in, size_t inlen); 75 | ARGON2_LOCAL int blake2b_final(blake2b_state *S, void *out, size_t outlen); 76 | 77 | /* Simple API */ 78 | ARGON2_LOCAL int blake2b(void *out, size_t outlen, const void *in, size_t inlen, 79 | const void *key, size_t keylen); 80 | 81 | /* Argon2 Team - Begin Code */ 82 | ARGON2_LOCAL int blake2b_long(void *out, size_t outlen, const void *in, size_t inlen); 83 | /* Argon2 Team - End Code */ 84 | 85 | #if defined(__cplusplus) 86 | } 87 | #endif 88 | 89 | #endif 90 | -------------------------------------------------------------------------------- /urcrypt/argon2/src/blake2/blamka-round-ref.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Argon2 reference source code package - reference C implementations 3 | * 4 | * Copyright 2015 5 | * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves 6 | * 7 | * You may use this work under the terms of a Creative Commons CC0 1.0 8 | * License/Waiver or the Apache Public License 2.0, at your option. The terms of 9 | * these licenses can be found at: 10 | * 11 | * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 12 | * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * You should have received a copy of both of these licenses along with this 15 | * software. If not, they may be obtained at the above URLs. 16 | */ 17 | 18 | #ifndef BLAKE_ROUND_MKA_H 19 | #define BLAKE_ROUND_MKA_H 20 | 21 | #include "blake2.h" 22 | #include "blake2-impl.h" 23 | 24 | /* designed by the Lyra PHC team */ 25 | static BLAKE2_INLINE uint64_t fBlaMka(uint64_t x, uint64_t y) { 26 | const uint64_t m = UINT64_C(0xFFFFFFFF); 27 | const uint64_t xy = (x & m) * (y & m); 28 | return x + y + 2 * xy; 29 | } 30 | 31 | #define G(a, b, c, d) \ 32 | do { \ 33 | a = fBlaMka(a, b); \ 34 | d = rotr64(d ^ a, 32); \ 35 | c = fBlaMka(c, d); \ 36 | b = rotr64(b ^ c, 24); \ 37 | a = fBlaMka(a, b); \ 38 | d = rotr64(d ^ a, 16); \ 39 | c = fBlaMka(c, d); \ 40 | b = rotr64(b ^ c, 63); \ 41 | } while ((void)0, 0) 42 | 43 | #define BLAKE2_ROUND_NOMSG(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, \ 44 | v12, v13, v14, v15) \ 45 | do { \ 46 | G(v0, v4, v8, v12); \ 47 | G(v1, v5, v9, v13); \ 48 | G(v2, v6, v10, v14); \ 49 | G(v3, v7, v11, v15); \ 50 | G(v0, v5, v10, v15); \ 51 | G(v1, v6, v11, v12); \ 52 | G(v2, v7, v8, v13); \ 53 | G(v3, v4, v9, v14); \ 54 | } while ((void)0, 0) 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /urcrypt/argon2/src/encoding.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Argon2 reference source code package - reference C implementations 3 | * 4 | * Copyright 2015 5 | * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves 6 | * 7 | * You may use this work under the terms of a Creative Commons CC0 1.0 8 | * License/Waiver or the Apache Public License 2.0, at your option. The terms of 9 | * these licenses can be found at: 10 | * 11 | * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 12 | * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * You should have received a copy of both of these licenses along with this 15 | * software. If not, they may be obtained at the above URLs. 16 | */ 17 | 18 | #ifndef ENCODING_H 19 | #define ENCODING_H 20 | #include "argon2.h" 21 | 22 | #define ARGON2_MAX_DECODED_LANES UINT32_C(255) 23 | #define ARGON2_MIN_DECODED_SALT_LEN UINT32_C(8) 24 | #define ARGON2_MIN_DECODED_OUT_LEN UINT32_C(12) 25 | 26 | /* 27 | * encode an Argon2 hash string into the provided buffer. 'dst_len' 28 | * contains the size, in characters, of the 'dst' buffer; if 'dst_len' 29 | * is less than the number of required characters (including the 30 | * terminating 0), then this function returns ARGON2_ENCODING_ERROR. 31 | * 32 | * on success, ARGON2_OK is returned. 33 | */ 34 | int encode_string(char *dst, size_t dst_len, argon2_context *ctx, 35 | argon2_type type); 36 | 37 | /* 38 | * Decodes an Argon2 hash string into the provided structure 'ctx'. 39 | * The only fields that must be set prior to this call are ctx.saltlen and 40 | * ctx.outlen (which must be the maximal salt and out length values that are 41 | * allowed), ctx.salt and ctx.out (which must be buffers of the specified 42 | * length), and ctx.pwd and ctx.pwdlen which must hold a valid password. 43 | * 44 | * Invalid input string causes an error. On success, the ctx is valid and all 45 | * fields have been initialized. 46 | * 47 | * Returned value is ARGON2_OK on success, other ARGON2_ codes on error. 48 | */ 49 | int decode_string(argon2_context *ctx, const char *str, argon2_type type); 50 | 51 | /* Returns the length of the encoded byte stream with length len */ 52 | size_t b64len(uint32_t len); 53 | 54 | /* Returns the length of the encoded number num */ 55 | size_t numlen(uint32_t num); 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /urcrypt/argon2/src/genkat.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Argon2 reference source code package - reference C implementations 3 | * 4 | * Copyright 2015 5 | * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves 6 | * 7 | * You may use this work under the terms of a Creative Commons CC0 1.0 8 | * License/Waiver or the Apache Public License 2.0, at your option. The terms of 9 | * these licenses can be found at: 10 | * 11 | * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 12 | * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * You should have received a copy of both of these licenses along with this 15 | * software. If not, they may be obtained at the above URLs. 16 | */ 17 | 18 | #ifndef ARGON2_KAT_H 19 | #define ARGON2_KAT_H 20 | 21 | #include "core.h" 22 | 23 | /* 24 | * Initial KAT function that prints the inputs to the file 25 | * @param blockhash Array that contains pre-hashing digest 26 | * @param context Holds inputs 27 | * @param type Argon2 type 28 | * @pre blockhash must point to INPUT_INITIAL_HASH_LENGTH bytes 29 | * @pre context member pointers must point to allocated memory of size according 30 | * to the length values 31 | */ 32 | void initial_kat(const uint8_t *blockhash, const argon2_context *context, 33 | argon2_type type); 34 | 35 | /* 36 | * Function that prints the output tag 37 | * @param out output array pointer 38 | * @param outlen digest length 39 | * @pre out must point to @a outlen bytes 40 | **/ 41 | void print_tag(const void *out, uint32_t outlen); 42 | 43 | /* 44 | * Function that prints the internal state at given moment 45 | * @param instance pointer to the current instance 46 | * @param pass current pass number 47 | * @pre instance must have necessary memory allocated 48 | **/ 49 | void internal_kat(const argon2_instance_t *instance, uint32_t pass); 50 | 51 | #endif 52 | -------------------------------------------------------------------------------- /urcrypt/argon2/src/thread.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Argon2 reference source code package - reference C implementations 3 | * 4 | * Copyright 2015 5 | * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves 6 | * 7 | * You may use this work under the terms of a Creative Commons CC0 1.0 8 | * License/Waiver or the Apache Public License 2.0, at your option. The terms of 9 | * these licenses can be found at: 10 | * 11 | * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 12 | * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * You should have received a copy of both of these licenses along with this 15 | * software. If not, they may be obtained at the above URLs. 16 | */ 17 | 18 | #if !defined(ARGON2_NO_THREADS) 19 | 20 | #include "thread.h" 21 | #if defined(_WIN32) 22 | #include 23 | #endif 24 | 25 | int argon2_thread_create(argon2_thread_handle_t *handle, 26 | argon2_thread_func_t func, void *args) { 27 | if (NULL == handle || func == NULL) { 28 | return -1; 29 | } 30 | #if defined(_WIN32) 31 | *handle = _beginthreadex(NULL, 0, func, args, 0, NULL); 32 | return *handle != 0 ? 0 : -1; 33 | #else 34 | return pthread_create(handle, NULL, func, args); 35 | #endif 36 | } 37 | 38 | int argon2_thread_join(argon2_thread_handle_t handle) { 39 | #if defined(_WIN32) 40 | if (WaitForSingleObject((HANDLE)handle, INFINITE) == WAIT_OBJECT_0) { 41 | return CloseHandle((HANDLE)handle) != 0 ? 0 : -1; 42 | } 43 | return -1; 44 | #else 45 | return pthread_join(handle, NULL); 46 | #endif 47 | } 48 | 49 | void argon2_thread_exit(void) { 50 | #if defined(_WIN32) 51 | _endthreadex(0); 52 | #else 53 | pthread_exit(NULL); 54 | #endif 55 | } 56 | 57 | #endif /* ARGON2_NO_THREADS */ 58 | -------------------------------------------------------------------------------- /urcrypt/argon2/src/thread.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Argon2 reference source code package - reference C implementations 3 | * 4 | * Copyright 2015 5 | * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves 6 | * 7 | * You may use this work under the terms of a Creative Commons CC0 1.0 8 | * License/Waiver or the Apache Public License 2.0, at your option. The terms of 9 | * these licenses can be found at: 10 | * 11 | * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 12 | * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 13 | * 14 | * You should have received a copy of both of these licenses along with this 15 | * software. If not, they may be obtained at the above URLs. 16 | */ 17 | 18 | #ifndef ARGON2_THREAD_H 19 | #define ARGON2_THREAD_H 20 | 21 | #if !defined(ARGON2_NO_THREADS) 22 | 23 | /* 24 | Here we implement an abstraction layer for the simpĺe requirements 25 | of the Argon2 code. We only require 3 primitives---thread creation, 26 | joining, and termination---so full emulation of the pthreads API 27 | is unwarranted. Currently we wrap pthreads and Win32 threads. 28 | 29 | The API defines 2 types: the function pointer type, 30 | argon2_thread_func_t, 31 | and the type of the thread handle---argon2_thread_handle_t. 32 | */ 33 | #if defined(_WIN32) 34 | #include 35 | typedef unsigned(__stdcall *argon2_thread_func_t)(void *); 36 | typedef uintptr_t argon2_thread_handle_t; 37 | #else 38 | #include 39 | typedef void *(*argon2_thread_func_t)(void *); 40 | typedef pthread_t argon2_thread_handle_t; 41 | #endif 42 | 43 | /* Creates a thread 44 | * @param handle pointer to a thread handle, which is the output of this 45 | * function. Must not be NULL. 46 | * @param func A function pointer for the thread's entry point. Must not be 47 | * NULL. 48 | * @param args Pointer that is passed as an argument to @func. May be NULL. 49 | * @return 0 if @handle and @func are valid pointers and a thread is successfully 50 | * created. 51 | */ 52 | int argon2_thread_create(argon2_thread_handle_t *handle, 53 | argon2_thread_func_t func, void *args); 54 | 55 | /* Waits for a thread to terminate 56 | * @param handle Handle to a thread created with argon2_thread_create. 57 | * @return 0 if @handle is a valid handle, and joining completed successfully. 58 | */ 59 | int argon2_thread_join(argon2_thread_handle_t handle); 60 | 61 | /* Terminate the current thread. Must be run inside a thread created by 62 | * argon2_thread_create. 63 | */ 64 | void argon2_thread_exit(void); 65 | 66 | #endif /* ARGON2_NO_THREADS */ 67 | #endif 68 | -------------------------------------------------------------------------------- /urcrypt/argon2/vs2015/Argon2Opt/Argon2Opt.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | Header Files 35 | 36 | 37 | Header Files 38 | 39 | 40 | Header Files 41 | 42 | 43 | Header Files 44 | 45 | 46 | 47 | 48 | Source Files 49 | 50 | 51 | Source Files 52 | 53 | 54 | Source Files 55 | 56 | 57 | Source Files 58 | 59 | 60 | Source Files 61 | 62 | 63 | Source Files 64 | 65 | 66 | Source Files 67 | 68 | 69 | -------------------------------------------------------------------------------- /urcrypt/argon2/vs2015/Argon2OptBench/Argon2OptBench.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | Header Files 35 | 36 | 37 | Header Files 38 | 39 | 40 | Header Files 41 | 42 | 43 | Header Files 44 | 45 | 46 | 47 | 48 | Source Files 49 | 50 | 51 | Source Files 52 | 53 | 54 | Source Files 55 | 56 | 57 | Source Files 58 | 59 | 60 | Source Files 61 | 62 | 63 | Source Files 64 | 65 | 66 | Source Files 67 | 68 | 69 | -------------------------------------------------------------------------------- /urcrypt/argon2/vs2015/Argon2OptDll/Argon2OptDll.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | Header Files 35 | 36 | 37 | Header Files 38 | 39 | 40 | Header Files 41 | 42 | 43 | Header Files 44 | 45 | 46 | 47 | 48 | Source Files 49 | 50 | 51 | Source Files 52 | 53 | 54 | Source Files 55 | 56 | 57 | Source Files 58 | 59 | 60 | Source Files 61 | 62 | 63 | Source Files 64 | 65 | 66 | 67 | -------------------------------------------------------------------------------- /urcrypt/argon2/vs2015/Argon2OptGenKAT/Argon2OptGenKAT.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | Header Files 35 | 36 | 37 | Header Files 38 | 39 | 40 | Header Files 41 | 42 | 43 | Header Files 44 | 45 | 46 | Header Files 47 | 48 | 49 | 50 | 51 | Source Files 52 | 53 | 54 | Source Files 55 | 56 | 57 | Source Files 58 | 59 | 60 | Source Files 61 | 62 | 63 | Source Files 64 | 65 | 66 | Source Files 67 | 68 | 69 | Source Files 70 | 71 | 72 | -------------------------------------------------------------------------------- /urcrypt/argon2/vs2015/Argon2OptTestCI/Argon2OptTestCI.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | Source Files 35 | 36 | 37 | Source Files 38 | 39 | 40 | 41 | 42 | Header Files 43 | 44 | 45 | Header Files 46 | 47 | 48 | Header Files 49 | 50 | 51 | Header Files 52 | 53 | 54 | Header Files 55 | 56 | 57 | Header Files 58 | 59 | 60 | Header Files 61 | 62 | 63 | Header Files 64 | 65 | 66 | Header Files 67 | 68 | 69 | -------------------------------------------------------------------------------- /urcrypt/argon2/vs2015/Argon2Ref/Argon2Ref.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | Header Files 35 | 36 | 37 | Header Files 38 | 39 | 40 | Header Files 41 | 42 | 43 | Header Files 44 | 45 | 46 | 47 | 48 | Source Files 49 | 50 | 51 | Source Files 52 | 53 | 54 | Source Files 55 | 56 | 57 | Source Files 58 | 59 | 60 | Source Files 61 | 62 | 63 | Source Files 64 | 65 | 66 | Source Files 67 | 68 | 69 | -------------------------------------------------------------------------------- /urcrypt/argon2/vs2015/Argon2RefBench/Argon2RefBench.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | Header Files 35 | 36 | 37 | Header Files 38 | 39 | 40 | Header Files 41 | 42 | 43 | Header Files 44 | 45 | 46 | 47 | 48 | Source Files 49 | 50 | 51 | Source Files 52 | 53 | 54 | Source Files 55 | 56 | 57 | Source Files 58 | 59 | 60 | Source Files 61 | 62 | 63 | Source Files 64 | 65 | 66 | Source Files 67 | 68 | 69 | -------------------------------------------------------------------------------- /urcrypt/argon2/vs2015/Argon2RefDll/Argon2RefDll.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | Header Files 35 | 36 | 37 | Header Files 38 | 39 | 40 | Header Files 41 | 42 | 43 | Header Files 44 | 45 | 46 | 47 | 48 | Source Files 49 | 50 | 51 | Source Files 52 | 53 | 54 | Source Files 55 | 56 | 57 | Source Files 58 | 59 | 60 | Source Files 61 | 62 | 63 | Source Files 64 | 65 | 66 | 67 | -------------------------------------------------------------------------------- /urcrypt/argon2/vs2015/Argon2RefGenKAT/Argon2RefGenKAT.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | Header Files 35 | 36 | 37 | Header Files 38 | 39 | 40 | Header Files 41 | 42 | 43 | Header Files 44 | 45 | 46 | Header Files 47 | 48 | 49 | 50 | 51 | Source Files 52 | 53 | 54 | Source Files 55 | 56 | 57 | Source Files 58 | 59 | 60 | Source Files 61 | 62 | 63 | Source Files 64 | 65 | 66 | Source Files 67 | 68 | 69 | Source Files 70 | 71 | 72 | -------------------------------------------------------------------------------- /urcrypt/argon2/vs2015/Argon2RefTestCI/Argon2RefTestCI.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Source Files 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | Source Files 32 | 33 | 34 | Source Files 35 | 36 | 37 | Source Files 38 | 39 | 40 | 41 | 42 | Header Files 43 | 44 | 45 | Header Files 46 | 47 | 48 | Header Files 49 | 50 | 51 | Header Files 52 | 53 | 54 | Header Files 55 | 56 | 57 | Header Files 58 | 59 | 60 | Header Files 61 | 62 | 63 | Header Files 64 | 65 | 66 | Header Files 67 | 68 | 69 | -------------------------------------------------------------------------------- /urcrypt/autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | autoreconf -if --warnings=all 4 | -------------------------------------------------------------------------------- /urcrypt/build-aux/m4/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stephenlacy/go-urbit/4448ffc3f4f053bd9385d87711f0ee540a5c39af/urcrypt/build-aux/m4/.gitkeep -------------------------------------------------------------------------------- /urcrypt/config.h: -------------------------------------------------------------------------------- 1 | /* config.h. Generated from config.h.in by configure. */ 2 | /* config.h.in. Generated from configure.ac by autoheader. */ 3 | 4 | /* Define to 1 if you have the header file. */ 5 | #define HAVE_DLFCN_H 1 6 | 7 | /* Define to 1 if you have the header file. */ 8 | #define HAVE_INTTYPES_H 1 9 | 10 | /* Define to 1 if you have the header file. */ 11 | #define HAVE_LIMITS_H 1 12 | 13 | /* Define to 1 if you have the `memset' function. */ 14 | #define HAVE_MEMSET 1 15 | 16 | /* Define to 1 if you have the header file. */ 17 | #define HAVE_STDDEF_H 1 18 | 19 | /* Define to 1 if you have the header file. */ 20 | #define HAVE_STDINT_H 1 21 | 22 | /* Define to 1 if you have the header file. */ 23 | #define HAVE_STDIO_H 1 24 | 25 | /* Define to 1 if you have the header file. */ 26 | #define HAVE_STDLIB_H 1 27 | 28 | /* Define to 1 if you have the header file. */ 29 | #define HAVE_STRINGS_H 1 30 | 31 | /* Define to 1 if you have the header file. */ 32 | #define HAVE_STRING_H 1 33 | 34 | /* Define to 1 if you have the header file. */ 35 | #define HAVE_SYS_STAT_H 1 36 | 37 | /* Define to 1 if you have the header file. */ 38 | #define HAVE_SYS_TYPES_H 1 39 | 40 | /* Define to 1 if you have the header file. */ 41 | #define HAVE_UNISTD_H 1 42 | 43 | /* Define to 1 if the system has the type `_Bool'. */ 44 | #define HAVE__BOOL 1 45 | 46 | /* Define to the sub-directory where libtool stores uninstalled libraries. */ 47 | #define LT_OBJDIR ".libs/" 48 | 49 | /* Name of package */ 50 | #define PACKAGE "urcrypt" 51 | 52 | /* Define to the address where bug reports for this package should be sent. */ 53 | #define PACKAGE_BUGREPORT "" 54 | 55 | /* Define to the full name of this package. */ 56 | #define PACKAGE_NAME "urcrypt" 57 | 58 | /* Define to the full name and version of this package. */ 59 | #define PACKAGE_STRING "urcrypt 0.1.0" 60 | 61 | /* Define to the one symbol short name of this package. */ 62 | #define PACKAGE_TARNAME "urcrypt" 63 | 64 | /* Define to the home page for this package. */ 65 | #define PACKAGE_URL "" 66 | 67 | /* Define to the version of this package. */ 68 | #define PACKAGE_VERSION "0.1.0" 69 | 70 | /* Define to 1 if all of the C90 standard headers exist (not just the ones 71 | required in a freestanding environment). This macro is provided for 72 | backward compatibility; new code need not use it. */ 73 | #define STDC_HEADERS 1 74 | 75 | /* Version number of package */ 76 | #define VERSION "0.1.0" 77 | 78 | /* Define for Solaris 2.5.1 so the uint32_t typedef from , 79 | , or is not used. If the typedef were allowed, the 80 | #define below would cause a syntax error. */ 81 | /* #undef _UINT32_T */ 82 | 83 | /* Define for Solaris 2.5.1 so the uint64_t typedef from , 84 | , or is not used. If the typedef were allowed, the 85 | #define below would cause a syntax error. */ 86 | /* #undef _UINT64_T */ 87 | 88 | /* Define for Solaris 2.5.1 so the uint8_t typedef from , 89 | , or is not used. If the typedef were allowed, the 90 | #define below would cause a syntax error. */ 91 | /* #undef _UINT8_T */ 92 | 93 | /* Define to the type of a signed integer type of width exactly 32 bits if 94 | such a type exists and the standard includes do not define it. */ 95 | /* #undef int32_t */ 96 | 97 | /* Define to the type of a signed integer type of width exactly 64 bits if 98 | such a type exists and the standard includes do not define it. */ 99 | /* #undef int64_t */ 100 | 101 | /* Define to `unsigned int' if does not define. */ 102 | /* #undef size_t */ 103 | 104 | /* Define to the type of an unsigned integer type of width exactly 32 bits if 105 | such a type exists and the standard includes do not define it. */ 106 | /* #undef uint32_t */ 107 | 108 | /* Define to the type of an unsigned integer type of width exactly 64 bits if 109 | such a type exists and the standard includes do not define it. */ 110 | /* #undef uint64_t */ 111 | 112 | /* Define to the type of an unsigned integer type of width exactly 8 bits if 113 | such a type exists and the standard includes do not define it. */ 114 | /* #undef uint8_t */ 115 | -------------------------------------------------------------------------------- /urcrypt/configure.ac: -------------------------------------------------------------------------------- 1 | # -*- Autoconf -*- 2 | # Process this file with autoconf to produce a configure script. 3 | 4 | # There are two versions numbers that must be updated on each public release. 5 | # 1. The libtool version (useful to the linker) 6 | # 2. The semantic version (useful to humans) 7 | 8 | # Follow these instructions sequentially for the libtool version: 9 | # 1. If the library source code has changed at all since the last update, 10 | # then increment revision (‘c:r:a’ becomes ‘c:r+1:a’). 11 | # 2. If any interfaces have been added, removed, or changed since the last 12 | # update, increment current, and set revision to 0. 13 | # 3. If any interfaces have been added since the last public release, 14 | # then increment age. 15 | # 4. If any interfaces have been removed or changed since the last public 16 | # release, then set age to 0. 17 | m4_define([urcrypt_lt_current], [0]) 18 | m4_define([urcrypt_lt_revision], [0]) 19 | m4_define([urcrypt_lt_age], [0]) 20 | 21 | # The package version uses semantic versioning (semver.org). 22 | # In summary,increment the: 23 | # 1. MAJOR version when you make incompatible API changes, 24 | # 2. MINOR version when you add functionality in a backwards compatible manner, and 25 | # 3. PATCH version when you make backwards compatible bug fixes. 26 | m4_define([urcrypt_sv_major], [0]) 27 | m4_define([urcrypt_sv_minor], [1]) 28 | m4_define([urcrypt_sv_patch], [0]) 29 | 30 | # Initialize autoconf 31 | AC_PREREQ([2.69]) 32 | AC_INIT([urcrypt], [urcrypt_sv_major.urcrypt_sv_minor.urcrypt_sv_patch]) 33 | AC_SUBST([URCRYPT_API_VERSION], [urcrypt_sv_major]) 34 | AC_SUBST([URCRYPT_LT_VERSION], 35 | [urcrypt_lt_current:urcrypt_lt_revision:urcrypt_lt_age]) 36 | 37 | AC_CONFIG_SRCDIR([urcrypt/util.c]) 38 | AC_CONFIG_HEADERS([config.h]) 39 | AC_CONFIG_AUX_DIR([build-aux]) 40 | AC_CONFIG_MACRO_DIR([build-aux/m4]) 41 | AC_CANONICAL_HOST 42 | 43 | # Initialize automake 44 | AM_INIT_AUTOMAKE([foreign subdir-objects -Wall -Werror]) 45 | 46 | # Initialize libtool 47 | AM_PROG_AR 48 | LT_INIT 49 | 50 | # Initialize pkgconfig 51 | PKG_PROG_PKG_CONFIG 52 | PKG_INSTALLDIR 53 | 54 | # Checks for programs 55 | AC_PROG_CC 56 | 57 | # Checks for pkg-config capable libraries 58 | PKG_CHECK_MODULES([LIBSECP256K1], [libsecp256k1]) 59 | AC_CHECK_HEADER([secp256k1_recovery.h], [], 60 | [AC_MSG_ERROR([libsecp256k1 must have recovery enabled.])]) 61 | PKG_CHECK_MODULES([LIBCRYPTO], [libcrypto]) 62 | 63 | AS_IF([test "$enable_shared" == "yes"], 64 | [# ensure crypto will be shared for shared object (see README.md) 65 | save_LDFLAGS=$LDFLAGS 66 | save_CLAGS=$CFLAGS 67 | LDFLAGS=$LIBCRYPTO_LIBS 68 | CFLAGS=$LIBCRYPTO_CFLAGS 69 | AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], 70 | [[unsigned char sha[32]; 71 | SHA256("hello", 5, sha);]])], 72 | [AC_PROG_GREP 73 | AC_CHECK_TOOL([NM], [nm]) 74 | AC_MSG_CHECKING([for shared libcrypto]) 75 | AS_IF( 76 | [$NM conftest$EXEEXT | $GREP 'U .*SHA256' 2>&1 >/dev/null], 77 | [AC_MSG_RESULT([yes])], 78 | [AC_MSG_ERROR([cannot find shared object for libcrypto.])])], 79 | [AC_MSG_ERROR([unable to link libcrypto.])]) 80 | LDFLAGS=$save_LDFLAGS 81 | CFLAGS=$save_CFLAGS]) 82 | 83 | # Checks for non pkg-config libraries 84 | AC_CHECK_LIB([aes_siv], [AES_SIV_CTX_new], 85 | [AC_SUBST([LIBAES_SIV_LIBS], "-laes_siv")], 86 | [AC_MSG_ERROR([libaes_siv is required.])], 87 | [-lcrypto]) 88 | 89 | # Checks for header files. 90 | AC_CHECK_HEADERS([limits.h stddef.h stdint.h stdlib.h string.h]) 91 | 92 | # Checks for typedefs, structures, and compiler characteristics. 93 | AC_CHECK_HEADER_STDBOOL 94 | AC_TYPE_INT32_T 95 | AC_TYPE_INT64_T 96 | AC_TYPE_SIZE_T 97 | AC_TYPE_UINT32_T 98 | AC_TYPE_UINT64_T 99 | AC_TYPE_UINT8_T 100 | 101 | # Checks for library functions. 102 | AC_CHECK_FUNCS([memset]) 103 | 104 | # Checks for CPU architecture, uses SSE instructions if on X86_64 105 | AS_CASE([$host_cpu], 106 | [x86_64], [ARCH=x86_64 107 | AC_MSG_WARN("Architecture x86_64: Building libargon2 with optimizations")], 108 | [ARCH=generic 109 | AC_MSG_WARN("Architecture $host_cpu is not x86_64: Building libargon2 without optimizations")] 110 | ) 111 | AC_SUBST([ARCH]) 112 | AM_CONDITIONAL([ARCH_X86_64], [test "$ARCH" = 'x86_64']) 113 | AM_CONDITIONAL([ARCH_GENERIC], [test "$ARCH" = 'generic']) 114 | 115 | # Finish and output 116 | AC_CONFIG_FILES([Makefile liburcrypt-$URCRYPT_API_VERSION.pc:liburcrypt.pc.in]) 117 | AC_OUTPUT 118 | -------------------------------------------------------------------------------- /urcrypt/ed25519/license.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015 Orson Peters 2 | 3 | This software is provided 'as-is', without any express or implied warranty. In no event will the 4 | authors be held liable for any damages arising from the use of this software. 5 | 6 | Permission is granted to anyone to use this software for any purpose, including commercial 7 | applications, and to alter it and redistribute it freely, subject to the following restrictions: 8 | 9 | 1. The origin of this software must not be misrepresented; you must not claim that you wrote the 10 | original software. If you use this software in a product, an acknowledgment in the product 11 | documentation would be appreciated but is not required. 12 | 13 | 2. Altered source versions must be plainly marked as such, and must not be misrepresented as 14 | being the original software. 15 | 16 | 3. This notice may not be removed or altered from any source distribution. 17 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/add_scalar.c: -------------------------------------------------------------------------------- 1 | #include "ed25519.h" 2 | #include "ge.h" 3 | #include "sc.h" 4 | #include "sha512.h" 5 | 6 | 7 | /* see http://crypto.stackexchange.com/a/6215/4697 */ 8 | void ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar) { 9 | const unsigned char SC_1[32] = {1}; /* scalar with value 1 */ 10 | 11 | unsigned char n[32]; 12 | ge_p3 nB; 13 | ge_p1p1 A_p1p1; 14 | ge_p3 A; 15 | ge_p3 public_key_unpacked; 16 | ge_cached T; 17 | 18 | sha512_context hash; 19 | unsigned char hashbuf[64]; 20 | 21 | int i; 22 | 23 | /* copy the scalar and clear highest bit */ 24 | for (i = 0; i < 31; ++i) { 25 | n[i] = scalar[i]; 26 | } 27 | n[31] = scalar[31] & 127; 28 | 29 | /* private key: a = n + t */ 30 | if (private_key) { 31 | sc_muladd(private_key, SC_1, n, private_key); 32 | 33 | // https://github.com/orlp/ed25519/issues/3 34 | sha512_init(&hash); 35 | sha512_update(&hash, private_key + 32, 32); 36 | sha512_update(&hash, scalar, 32); 37 | sha512_final(&hash, hashbuf); 38 | for (i = 0; i < 32; ++i) { 39 | private_key[32 + i] = hashbuf[i]; 40 | } 41 | } 42 | 43 | /* public key: A = nB + T */ 44 | if (public_key) { 45 | /* if we know the private key we don't need a point addition, which is faster */ 46 | /* using a "timing attack" you could find out wether or not we know the private 47 | key, but this information seems rather useless - if this is important pass 48 | public_key and private_key seperately in 2 function calls */ 49 | if (private_key) { 50 | ge_scalarmult_base(&A, private_key); 51 | } else { 52 | /* unpack public key into T */ 53 | ge_frombytes_negate_vartime(&public_key_unpacked, public_key); 54 | fe_neg(public_key_unpacked.X, public_key_unpacked.X); /* undo negate */ 55 | fe_neg(public_key_unpacked.T, public_key_unpacked.T); /* undo negate */ 56 | ge_p3_to_cached(&T, &public_key_unpacked); 57 | 58 | /* calculate n*B */ 59 | ge_scalarmult_base(&nB, n); 60 | 61 | /* A = n*B + T */ 62 | ge_add(&A_p1p1, &nB, &T); 63 | ge_p1p1_to_p3(&A, &A_p1p1); 64 | } 65 | 66 | /* pack public key */ 67 | ge_p3_tobytes(public_key, &A); 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/ed25519.h: -------------------------------------------------------------------------------- 1 | #ifndef ED25519_H 2 | #define ED25519_H 3 | 4 | #include 5 | 6 | #if defined(_WIN32) 7 | #if defined(ED25519_BUILD_DLL) 8 | #define ED25519_DECLSPEC __declspec(dllexport) 9 | #elif defined(ED25519_DLL) 10 | #define ED25519_DECLSPEC __declspec(dllimport) 11 | #else 12 | #define ED25519_DECLSPEC 13 | #endif 14 | #else 15 | #define ED25519_DECLSPEC 16 | #endif 17 | 18 | 19 | #ifdef __cplusplus 20 | extern "C" { 21 | #endif 22 | 23 | #ifndef ED25519_NO_SEED 24 | int ED25519_DECLSPEC ed25519_create_seed(unsigned char *seed); 25 | #endif 26 | 27 | void ED25519_DECLSPEC ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed); 28 | void ED25519_DECLSPEC ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key); 29 | int ED25519_DECLSPEC ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key); 30 | void ED25519_DECLSPEC ed25519_add_scalar(unsigned char *public_key, unsigned char *private_key, const unsigned char *scalar); 31 | void ED25519_DECLSPEC ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key); 32 | 33 | 34 | #ifdef __cplusplus 35 | } 36 | #endif 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/fe.h: -------------------------------------------------------------------------------- 1 | #ifndef FE_H 2 | #define FE_H 3 | 4 | #include "fixedint.h" 5 | 6 | 7 | /* 8 | fe means field element. 9 | Here the field is \Z/(2^255-19). 10 | An element t, entries t[0]...t[9], represents the integer 11 | t[0]+2^26 t[1]+2^51 t[2]+2^77 t[3]+2^102 t[4]+...+2^230 t[9]. 12 | Bounds on each t[i] vary depending on context. 13 | */ 14 | 15 | 16 | typedef int32_t fe[10]; 17 | 18 | 19 | void fe_0(fe h); 20 | void fe_1(fe h); 21 | 22 | void fe_frombytes(fe h, const unsigned char *s); 23 | void fe_tobytes(unsigned char *s, const fe h); 24 | 25 | void fe_copy(fe h, const fe f); 26 | int fe_isnegative(const fe f); 27 | int fe_isnonzero(const fe f); 28 | void fe_cmov(fe f, const fe g, unsigned int b); 29 | void fe_cswap(fe f, fe g, unsigned int b); 30 | 31 | void fe_neg(fe h, const fe f); 32 | void fe_add(fe h, const fe f, const fe g); 33 | void fe_invert(fe out, const fe z); 34 | void fe_sq(fe h, const fe f); 35 | void fe_sq2(fe h, const fe f); 36 | void fe_mul(fe h, const fe f, const fe g); 37 | void fe_mul121666(fe h, fe f); 38 | void fe_pow22523(fe out, const fe z); 39 | void fe_sub(fe h, const fe f, const fe g); 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/fixedint.h: -------------------------------------------------------------------------------- 1 | /* 2 | Portable header to provide the 32 and 64 bits type. 3 | 4 | Not a compatible replacement for , do not blindly use it as such. 5 | */ 6 | 7 | #if ((defined(__STDC__) && __STDC__ && __STDC_VERSION__ >= 199901L) || (defined(__WATCOMC__) && (defined(_STDINT_H_INCLUDED) || __WATCOMC__ >= 1250)) || (defined(__GNUC__) && (defined(_STDINT_H) || defined(_STDINT_H_) || defined(__UINT_FAST64_TYPE__)) )) && !defined(FIXEDINT_H_INCLUDED) 8 | #include 9 | #define FIXEDINT_H_INCLUDED 10 | 11 | #if defined(__WATCOMC__) && __WATCOMC__ >= 1250 && !defined(UINT64_C) 12 | #include 13 | #define UINT64_C(x) (x + (UINT64_MAX - UINT64_MAX)) 14 | #endif 15 | #endif 16 | 17 | 18 | #ifndef FIXEDINT_H_INCLUDED 19 | #define FIXEDINT_H_INCLUDED 20 | 21 | #include 22 | 23 | /* (u)int32_t */ 24 | #ifndef uint32_t 25 | #if (ULONG_MAX == 0xffffffffUL) 26 | typedef unsigned long uint32_t; 27 | #elif (UINT_MAX == 0xffffffffUL) 28 | typedef unsigned int uint32_t; 29 | #elif (USHRT_MAX == 0xffffffffUL) 30 | typedef unsigned short uint32_t; 31 | #endif 32 | #endif 33 | 34 | 35 | #ifndef int32_t 36 | #if (LONG_MAX == 0x7fffffffL) 37 | typedef signed long int32_t; 38 | #elif (INT_MAX == 0x7fffffffL) 39 | typedef signed int int32_t; 40 | #elif (SHRT_MAX == 0x7fffffffL) 41 | typedef signed short int32_t; 42 | #endif 43 | #endif 44 | 45 | 46 | /* (u)int64_t */ 47 | #if (defined(__STDC__) && defined(__STDC_VERSION__) && __STDC__ && __STDC_VERSION__ >= 199901L) 48 | typedef long long int64_t; 49 | typedef unsigned long long uint64_t; 50 | 51 | #define UINT64_C(v) v ##ULL 52 | #define INT64_C(v) v ##LL 53 | #elif defined(__GNUC__) 54 | __extension__ typedef long long int64_t; 55 | __extension__ typedef unsigned long long uint64_t; 56 | 57 | #define UINT64_C(v) v ##ULL 58 | #define INT64_C(v) v ##LL 59 | #elif defined(__MWERKS__) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) || defined(__APPLE_CC__) || defined(_LONG_LONG) || defined(_CRAYC) 60 | typedef long long int64_t; 61 | typedef unsigned long long uint64_t; 62 | 63 | #define UINT64_C(v) v ##ULL 64 | #define INT64_C(v) v ##LL 65 | #elif (defined(__WATCOMC__) && defined(__WATCOM_INT64__)) || (defined(_MSC_VER) && _INTEGRAL_MAX_BITS >= 64) || (defined(__BORLANDC__) && __BORLANDC__ > 0x460) || defined(__alpha) || defined(__DECC) 66 | typedef __int64 int64_t; 67 | typedef unsigned __int64 uint64_t; 68 | 69 | #define UINT64_C(v) v ##UI64 70 | #define INT64_C(v) v ##I64 71 | #endif 72 | #endif 73 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/ge.h: -------------------------------------------------------------------------------- 1 | #ifndef GE_H 2 | #define GE_H 3 | 4 | #include "fe.h" 5 | 6 | 7 | /* 8 | ge means group element. 9 | 10 | Here the group is the set of pairs (x,y) of field elements (see fe.h) 11 | satisfying -x^2 + y^2 = 1 + d x^2y^2 12 | where d = -121665/121666. 13 | 14 | Representations: 15 | ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z 16 | ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT 17 | ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T 18 | ge_precomp (Duif): (y+x,y-x,2dxy) 19 | */ 20 | 21 | typedef struct { 22 | fe X; 23 | fe Y; 24 | fe Z; 25 | } ge_p2; 26 | 27 | typedef struct { 28 | fe X; 29 | fe Y; 30 | fe Z; 31 | fe T; 32 | } ge_p3; 33 | 34 | typedef struct { 35 | fe X; 36 | fe Y; 37 | fe Z; 38 | fe T; 39 | } ge_p1p1; 40 | 41 | typedef struct { 42 | fe yplusx; 43 | fe yminusx; 44 | fe xy2d; 45 | } ge_precomp; 46 | 47 | typedef struct { 48 | fe YplusX; 49 | fe YminusX; 50 | fe Z; 51 | fe T2d; 52 | } ge_cached; 53 | 54 | void ge_p3_tobytes(unsigned char *s, const ge_p3 *h); 55 | void ge_tobytes(unsigned char *s, const ge_p2 *h); 56 | int ge_frombytes_negate_vartime(ge_p3 *h, const unsigned char *s); 57 | 58 | void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); 59 | void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); 60 | void ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, const ge_p3 *A, const unsigned char *b); 61 | void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q); 62 | void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q); 63 | void ge_scalarmult_base(ge_p3 *h, const unsigned char *a); 64 | 65 | void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p); 66 | void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p); 67 | void ge_p2_0(ge_p2 *h); 68 | void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p); 69 | void ge_p3_0(ge_p3 *h); 70 | void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p); 71 | void ge_p3_to_cached(ge_cached *r, const ge_p3 *p); 72 | void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p); 73 | 74 | #endif 75 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/key_exchange.c: -------------------------------------------------------------------------------- 1 | #include "ed25519.h" 2 | #include "fe.h" 3 | 4 | void ed25519_key_exchange(unsigned char *shared_secret, const unsigned char *public_key, const unsigned char *private_key) { 5 | unsigned char e[32]; 6 | unsigned int i; 7 | 8 | fe x1; 9 | fe x2; 10 | fe z2; 11 | fe x3; 12 | fe z3; 13 | fe tmp0; 14 | fe tmp1; 15 | 16 | int pos; 17 | unsigned int swap; 18 | unsigned int b; 19 | 20 | /* copy the private key and make sure it's valid */ 21 | for (i = 0; i < 32; ++i) { 22 | e[i] = private_key[i]; 23 | } 24 | 25 | e[0] &= 248; 26 | e[31] &= 63; 27 | e[31] |= 64; 28 | 29 | /* unpack the public key and convert edwards to montgomery */ 30 | /* due to CodesInChaos: montgomeryX = (edwardsY + 1)*inverse(1 - edwardsY) mod p */ 31 | fe_frombytes(x1, public_key); 32 | fe_1(tmp1); 33 | fe_add(tmp0, x1, tmp1); 34 | fe_sub(tmp1, tmp1, x1); 35 | fe_invert(tmp1, tmp1); 36 | fe_mul(x1, tmp0, tmp1); 37 | 38 | fe_1(x2); 39 | fe_0(z2); 40 | fe_copy(x3, x1); 41 | fe_1(z3); 42 | 43 | swap = 0; 44 | for (pos = 254; pos >= 0; --pos) { 45 | b = e[pos / 8] >> (pos & 7); 46 | b &= 1; 47 | swap ^= b; 48 | fe_cswap(x2, x3, swap); 49 | fe_cswap(z2, z3, swap); 50 | swap = b; 51 | 52 | /* from montgomery.h */ 53 | fe_sub(tmp0, x3, z3); 54 | fe_sub(tmp1, x2, z2); 55 | fe_add(x2, x2, z2); 56 | fe_add(z2, x3, z3); 57 | fe_mul(z3, tmp0, x2); 58 | fe_mul(z2, z2, tmp1); 59 | fe_sq(tmp0, tmp1); 60 | fe_sq(tmp1, x2); 61 | fe_add(x3, z3, z2); 62 | fe_sub(z2, z3, z2); 63 | fe_mul(x2, tmp1, tmp0); 64 | fe_sub(tmp1, tmp1, tmp0); 65 | fe_sq(z2, z2); 66 | fe_mul121666(z3, tmp1); 67 | fe_sq(x3, x3); 68 | fe_add(tmp0, tmp0, z3); 69 | fe_mul(z3, x1, z2); 70 | fe_mul(z2, tmp1, tmp0); 71 | } 72 | 73 | fe_cswap(x2, x3, swap); 74 | fe_cswap(z2, z3, swap); 75 | 76 | fe_invert(z2, z2); 77 | fe_mul(x2, x2, z2); 78 | fe_tobytes(shared_secret, x2); 79 | } 80 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/keypair.c: -------------------------------------------------------------------------------- 1 | #include "ed25519.h" 2 | #include "sha512.h" 3 | #include "ge.h" 4 | 5 | 6 | void ed25519_create_keypair(unsigned char *public_key, unsigned char *private_key, const unsigned char *seed) { 7 | ge_p3 A; 8 | 9 | sha512(seed, 32, private_key); 10 | private_key[0] &= 248; 11 | private_key[31] &= 63; 12 | private_key[31] |= 64; 13 | 14 | ge_scalarmult_base(&A, private_key); 15 | ge_p3_tobytes(public_key, &A); 16 | } 17 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/sc.h: -------------------------------------------------------------------------------- 1 | #ifndef SC_H 2 | #define SC_H 3 | 4 | /* 5 | The set of scalars is \Z/l 6 | where l = 2^252 + 27742317777372353535851937790883648493. 7 | */ 8 | 9 | void sc_reduce(unsigned char *s); 10 | void sc_muladd(unsigned char *s, const unsigned char *a, const unsigned char *b, const unsigned char *c); 11 | 12 | #endif 13 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/seed.c: -------------------------------------------------------------------------------- 1 | #include "ed25519.h" 2 | 3 | #ifndef ED25519_NO_SEED 4 | 5 | #ifdef _WIN32 6 | #include 7 | #include 8 | #else 9 | #include 10 | #endif 11 | 12 | int ed25519_create_seed(unsigned char *seed) { 13 | #ifdef _WIN32 14 | HCRYPTPROV prov; 15 | 16 | if (!CryptAcquireContext(&prov, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { 17 | return 1; 18 | } 19 | 20 | if (!CryptGenRandom(prov, 32, seed)) { 21 | CryptReleaseContext(prov, 0); 22 | return 1; 23 | } 24 | 25 | CryptReleaseContext(prov, 0); 26 | #else 27 | FILE *f = fopen("/dev/urandom", "rb"); 28 | 29 | if (f == NULL) { 30 | return 1; 31 | } 32 | 33 | fread(seed, 1, 32, f); 34 | fclose(f); 35 | #endif 36 | 37 | return 0; 38 | } 39 | 40 | #endif 41 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/sha512.h: -------------------------------------------------------------------------------- 1 | #ifndef SHA512_H 2 | #define SHA512_H 3 | 4 | #include 5 | 6 | #include "fixedint.h" 7 | 8 | /* state */ 9 | typedef struct sha512_context_ { 10 | uint64_t length, state[8]; 11 | size_t curlen; 12 | unsigned char buf[128]; 13 | } sha512_context; 14 | 15 | 16 | int sha512_init(sha512_context * md); 17 | int sha512_final(sha512_context * md, unsigned char *out); 18 | int sha512_update(sha512_context * md, const unsigned char *in, size_t inlen); 19 | int sha512(const unsigned char *message, size_t message_len, unsigned char *out); 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/sign.c: -------------------------------------------------------------------------------- 1 | #include "ed25519.h" 2 | #include "sha512.h" 3 | #include "ge.h" 4 | #include "sc.h" 5 | 6 | 7 | void ed25519_sign(unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key, const unsigned char *private_key) { 8 | sha512_context hash; 9 | unsigned char hram[64]; 10 | unsigned char r[64]; 11 | ge_p3 R; 12 | 13 | 14 | sha512_init(&hash); 15 | sha512_update(&hash, private_key + 32, 32); 16 | sha512_update(&hash, message, message_len); 17 | sha512_final(&hash, r); 18 | 19 | sc_reduce(r); 20 | ge_scalarmult_base(&R, r); 21 | ge_p3_tobytes(signature, &R); 22 | 23 | sha512_init(&hash); 24 | sha512_update(&hash, signature, 32); 25 | sha512_update(&hash, public_key, 32); 26 | sha512_update(&hash, message, message_len); 27 | sha512_final(&hash, hram); 28 | 29 | sc_reduce(hram); 30 | sc_muladd(signature + 32, hram, private_key, r); 31 | } 32 | -------------------------------------------------------------------------------- /urcrypt/ed25519/src/verify.c: -------------------------------------------------------------------------------- 1 | #include "ed25519.h" 2 | #include "sha512.h" 3 | #include "ge.h" 4 | #include "sc.h" 5 | 6 | static int consttime_equal(const unsigned char *x, const unsigned char *y) { 7 | unsigned char r = 0; 8 | 9 | r = x[0] ^ y[0]; 10 | #define F(i) r |= x[i] ^ y[i] 11 | F(1); 12 | F(2); 13 | F(3); 14 | F(4); 15 | F(5); 16 | F(6); 17 | F(7); 18 | F(8); 19 | F(9); 20 | F(10); 21 | F(11); 22 | F(12); 23 | F(13); 24 | F(14); 25 | F(15); 26 | F(16); 27 | F(17); 28 | F(18); 29 | F(19); 30 | F(20); 31 | F(21); 32 | F(22); 33 | F(23); 34 | F(24); 35 | F(25); 36 | F(26); 37 | F(27); 38 | F(28); 39 | F(29); 40 | F(30); 41 | F(31); 42 | #undef F 43 | 44 | return !r; 45 | } 46 | 47 | int ed25519_verify(const unsigned char *signature, const unsigned char *message, size_t message_len, const unsigned char *public_key) { 48 | unsigned char h[64]; 49 | unsigned char checker[32]; 50 | sha512_context hash; 51 | ge_p3 A; 52 | ge_p2 R; 53 | 54 | if (signature[63] & 224) { 55 | return 0; 56 | } 57 | 58 | if (ge_frombytes_negate_vartime(&A, public_key) != 0) { 59 | return 0; 60 | } 61 | 62 | sha512_init(&hash); 63 | sha512_update(&hash, signature, 32); 64 | sha512_update(&hash, public_key, 32); 65 | sha512_update(&hash, message, message_len); 66 | sha512_final(&hash, h); 67 | 68 | sc_reduce(h); 69 | ge_double_scalarmult_vartime(&R, h, &A, signature + 32); 70 | ge_tobytes(checker, &R); 71 | 72 | if (!consttime_equal(checker, signature)) { 73 | return 0; 74 | } 75 | 76 | return 1; 77 | } 78 | -------------------------------------------------------------------------------- /urcrypt/ed25519/test.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | /* #define ED25519_DLL */ 7 | #include "src/ed25519.h" 8 | 9 | #include "src/ge.h" 10 | #include "src/sc.h" 11 | 12 | 13 | int main() { 14 | unsigned char public_key[32], private_key[64], seed[32], scalar[32]; 15 | unsigned char other_public_key[32], other_private_key[64]; 16 | unsigned char shared_secret[32], other_shared_secret[32]; 17 | unsigned char signature[64]; 18 | 19 | clock_t start; 20 | clock_t end; 21 | int i; 22 | 23 | const unsigned char message[] = "Hello, world!"; 24 | const int message_len = strlen((char*) message); 25 | 26 | /* create a random seed, and a keypair out of that seed */ 27 | ed25519_create_seed(seed); 28 | ed25519_create_keypair(public_key, private_key, seed); 29 | 30 | /* create signature on the message with the keypair */ 31 | ed25519_sign(signature, message, message_len, public_key, private_key); 32 | 33 | /* verify the signature */ 34 | if (ed25519_verify(signature, message, message_len, public_key)) { 35 | printf("valid signature\n"); 36 | } else { 37 | printf("invalid signature\n"); 38 | } 39 | 40 | /* create scalar and add it to the keypair */ 41 | ed25519_create_seed(scalar); 42 | ed25519_add_scalar(public_key, private_key, scalar); 43 | 44 | /* create signature with the new keypair */ 45 | ed25519_sign(signature, message, message_len, public_key, private_key); 46 | 47 | /* verify the signature with the new keypair */ 48 | if (ed25519_verify(signature, message, message_len, public_key)) { 49 | printf("valid signature\n"); 50 | } else { 51 | printf("invalid signature\n"); 52 | } 53 | 54 | /* make a slight adjustment and verify again */ 55 | signature[44] ^= 0x10; 56 | if (ed25519_verify(signature, message, message_len, public_key)) { 57 | printf("did not detect signature change\n"); 58 | } else { 59 | printf("correctly detected signature change\n"); 60 | } 61 | 62 | /* generate two keypairs for testing key exchange */ 63 | ed25519_create_seed(seed); 64 | ed25519_create_keypair(public_key, private_key, seed); 65 | ed25519_create_seed(seed); 66 | ed25519_create_keypair(other_public_key, other_private_key, seed); 67 | 68 | /* create two shared secrets - from both perspectives - and check if they're equal */ 69 | ed25519_key_exchange(shared_secret, other_public_key, private_key); 70 | ed25519_key_exchange(other_shared_secret, public_key, other_private_key); 71 | 72 | for (i = 0; i < 32; ++i) { 73 | if (shared_secret[i] != other_shared_secret[i]) { 74 | printf("key exchange was incorrect\n"); 75 | break; 76 | } 77 | } 78 | 79 | if (i == 32) { 80 | printf("key exchange was correct\n"); 81 | } 82 | 83 | /* test performance */ 84 | printf("testing seed generation performance: "); 85 | start = clock(); 86 | for (i = 0; i < 10000; ++i) { 87 | ed25519_create_seed(seed); 88 | } 89 | end = clock(); 90 | 91 | printf("%fus per seed\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); 92 | 93 | 94 | printf("testing key generation performance: "); 95 | start = clock(); 96 | for (i = 0; i < 10000; ++i) { 97 | ed25519_create_keypair(public_key, private_key, seed); 98 | } 99 | end = clock(); 100 | 101 | printf("%fus per keypair\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); 102 | 103 | printf("testing sign performance: "); 104 | start = clock(); 105 | for (i = 0; i < 10000; ++i) { 106 | ed25519_sign(signature, message, message_len, public_key, private_key); 107 | } 108 | end = clock(); 109 | 110 | printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); 111 | 112 | printf("testing verify performance: "); 113 | start = clock(); 114 | for (i = 0; i < 10000; ++i) { 115 | ed25519_verify(signature, message, message_len, public_key); 116 | } 117 | end = clock(); 118 | 119 | printf("%fus per signature\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); 120 | 121 | 122 | printf("testing keypair scalar addition performance: "); 123 | start = clock(); 124 | for (i = 0; i < 10000; ++i) { 125 | ed25519_add_scalar(public_key, private_key, scalar); 126 | } 127 | end = clock(); 128 | 129 | printf("%fus per keypair\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); 130 | 131 | printf("testing public key scalar addition performance: "); 132 | start = clock(); 133 | for (i = 0; i < 10000; ++i) { 134 | ed25519_add_scalar(public_key, NULL, scalar); 135 | } 136 | end = clock(); 137 | 138 | printf("%fus per key\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); 139 | 140 | printf("testing key exchange performance: "); 141 | start = clock(); 142 | for (i = 0; i < 10000; ++i) { 143 | ed25519_key_exchange(shared_secret, other_public_key, private_key); 144 | } 145 | end = clock(); 146 | 147 | printf("%fus per shared secret\n", ((double) ((end - start) * 1000)) / CLOCKS_PER_SEC / i * 1000); 148 | 149 | return 0; 150 | } 151 | -------------------------------------------------------------------------------- /urcrypt/ge-additions/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2009 The Go Authors. All rights reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google Inc. nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /urcrypt/ge-additions/README.md: -------------------------------------------------------------------------------- 1 | # Group Element Additions 2 | 3 | Urbit uses the ge.h code from the ed25519 library, which was ported from the 4 | ref10 SUPERCOP public domain implementation. That implementation doesn't 5 | contain several functions needed for ring signatures. 6 | 7 | This file does. The providence of this code starts with Adam Langley taking 8 | the SUPERCOP C implementation and producing an ed25519 implementation for it 9 | in golang (https://godoc.org/golang.org/x/crypto/ed25519). (If you look at 10 | the go code, you'll see the comments are the same as the comments in the C 11 | implementation.) 12 | 13 | From there, the DEDIS group from ETH Zurich took that implementation and 14 | added the additional methods to make a generalized ECC point library. While 15 | their project as a whole is MPL, they deliberately left their ed25519 16 | implementation under the Go BSD-3 license: 17 | (https://github.com/dedis/kyber/blob/master/group/edwards25519/LICENSE) 18 | 19 | This file is a fairly straight translation from Go to C of DEDIS' additions, 20 | so this falls under the same license. 21 | -------------------------------------------------------------------------------- /urcrypt/ge-additions/ge-additions.c: -------------------------------------------------------------------------------- 1 | // Group Element Additions 2 | // 3 | // Urbit uses the ge.h code from the ed25519 library, which was ported from the 4 | // ref10 SUPERCOP public domain implementation. That implementation doesn't 5 | // contain several functions needed for ring signatures. 6 | // 7 | // This file does. The providence of this code starts with Adam Langley taking 8 | // the SUPERCOP C implementation and producing an ed25519 implementation for it 9 | // in golang (https://godoc.org/golang.org/x/crypto/ed25519). (If you look at 10 | // the go code, you'll see the comments are the same as the comments in the C 11 | // implementation.) 12 | // 13 | // From there, the DEDIS group from ETH Zurich took that implementation and 14 | // added the additional methods to make a generalized ECC point library. While 15 | // their project as a whole is MPL, they deliberately left their ed25519 16 | // implementation under the Go BSD-3 license: 17 | // (https://github.com/dedis/kyber/blob/master/group/edwards25519/LICENSE) 18 | // 19 | // This file is a fairly straight translation from Go to C of DEDIS' additions, 20 | // so this falls under the same license. 21 | // 22 | // ------ 23 | // 24 | // Copyright (c) 2009 The Go Authors. All rights reserved. 25 | // 26 | // Redistribution and use in source and binary forms, with or without 27 | // modification, are permitted provided that the following conditions are 28 | // met: 29 | // 30 | // * Redistributions of source code must retain the above copyright 31 | // notice, this list of conditions and the following disclaimer. 32 | // * Redistributions in binary form must reproduce the above 33 | // copyright notice, this list of conditions and the following disclaimer 34 | // in the documentation and/or other materials provided with the 35 | // distribution. 36 | // * Neither the name of Google Inc. nor the names of its 37 | // contributors may be used to endorse or promote products derived from 38 | // this software without specific prior written permission. 39 | // 40 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 41 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 42 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 43 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 44 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 46 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 47 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 48 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 49 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 50 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 51 | 52 | #include "ge-additions.h" 53 | 54 | #include 55 | 56 | static unsigned char equal(signed char b, signed char c) { 57 | unsigned char ub = b; 58 | unsigned char uc = c; 59 | unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ 60 | uint64_t y = x; /* 0: yes; 1..255: no */ 61 | y -= 1; /* large: yes; 0..254: no */ 62 | y >>= 63; /* 1: yes; 0: no */ 63 | return (unsigned char) y; 64 | } 65 | 66 | static unsigned char negative(signed char b) { 67 | uint64_t x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ 68 | x >>= 63; /* 1: yes; 0: no */ 69 | return (unsigned char) x; 70 | } 71 | 72 | void ge_cached_0(ge_cached* c) { 73 | fe_1(c->YplusX); 74 | fe_1(c->YminusX); 75 | fe_1(c->Z); 76 | fe_0(c->T2d); 77 | } 78 | 79 | void ge_cached_cmov(ge_cached* r, const ge_cached* u, int32_t b) 80 | { 81 | fe_cmov(r->YplusX, u->YplusX, b); 82 | fe_cmov(r->YminusX, u->YminusX, b); 83 | fe_cmov(r->Z, u->Z, b); 84 | fe_cmov(r->T2d, u->T2d, b); 85 | } 86 | 87 | void ge_cached_neg(ge_cached* r, const ge_cached* t) 88 | { 89 | fe_copy(r->YplusX, t->YminusX); 90 | fe_copy(r->YminusX, t->YplusX); 91 | fe_copy(r->Z, t->Z); 92 | fe_neg(r->T2d, t->T2d); 93 | } 94 | 95 | void select_cached(ge_cached* c, const ge_cached Ai[8], int32_t b) 96 | { 97 | int32_t is_negative = negative(b); 98 | int32_t b_abs = b - (((-is_negative) & b) << 1); 99 | 100 | ge_cached_0(c); 101 | for (int32_t i = 0; i < 8; ++i) { 102 | ge_cached_cmov(c, &Ai[i], equal(b_abs, i+1)); 103 | } 104 | 105 | ge_cached minusC; 106 | ge_cached_neg(&minusC, c); 107 | ge_cached_cmov(c, &minusC, is_negative); 108 | } 109 | 110 | // 111 | void ge_scalarmult(ge_p3* h, const unsigned char* a, const ge_p3* A) 112 | { 113 | signed char e[64]; 114 | int i; 115 | ge_p1p1 t; 116 | ge_p3 u; 117 | 118 | for (i = 0; i < 32; ++i) { 119 | e[2 * i + 0] = (a[i] >> 0) & 15; 120 | e[2 * i + 1] = (a[i] >> 4) & 15; 121 | } 122 | 123 | /* each e[i] is between 0 and 15 */ 124 | /* e[63] is between 0 and 7 */ 125 | signed char carry = 0; 126 | for (i = 0; i < 63; ++i) { 127 | e[i] += carry; 128 | carry = e[i] + 8; 129 | carry >>= 4; 130 | e[i] -= carry << 4; 131 | } 132 | e[63] += carry; 133 | /* each e[i] is between -8 and 8 */ 134 | 135 | // compute cached array of multiples of A from 1A through 8A 136 | ge_cached Ai[8]; 137 | ge_p3_to_cached(&Ai[0], A); 138 | for (i = 0; i < 7; ++i) { 139 | ge_add(&t, A, &Ai[i]); 140 | ge_p1p1_to_p3(&u, &t); 141 | ge_p3_to_cached(&Ai[i+1], &u); 142 | } 143 | 144 | // special case for exponent nybble i == 63 145 | ge_p3_0(&u); 146 | ge_cached c; 147 | select_cached(&c, Ai, e[63]); 148 | ge_add(&t, &u, &c); 149 | 150 | ge_p2 r; 151 | for (i = 62; i >= 0; i--) { 152 | // t <<= 4 153 | ge_p1p1_to_p2(&r, &t); 154 | ge_p2_dbl(&t, &r); 155 | ge_p1p1_to_p2(&r, &t); 156 | ge_p2_dbl(&t, &r); 157 | ge_p1p1_to_p2(&r, &t); 158 | ge_p2_dbl(&t, &r); 159 | ge_p1p1_to_p2(&r, &t); 160 | ge_p2_dbl(&t, &r); 161 | 162 | // Add next nyble 163 | ge_p1p1_to_p3(&u, &t); 164 | select_cached(&c, Ai, e[i]); 165 | ge_add(&t, &u, &c); 166 | } 167 | 168 | ge_p1p1_to_p3(h, &t); 169 | } 170 | -------------------------------------------------------------------------------- /urcrypt/ge-additions/ge-additions.h: -------------------------------------------------------------------------------- 1 | #ifndef GE_ADDITIONS_H 2 | #define GE_ADDITIONS_H 3 | 4 | #include 5 | 6 | void ge_scalarmult(ge_p3* h, const unsigned char* a, const ge_p3* A); 7 | 8 | #endif 9 | -------------------------------------------------------------------------------- /urcrypt/keccak-tiny/.clang-format: -------------------------------------------------------------------------------- 1 | --- 2 | Language: Cpp 3 | # BasedOnStyle: Chromium 4 | AccessModifierOffset: -1 5 | ConstructorInitializerIndentWidth: 4 6 | AlignEscapedNewlinesLeft: true 7 | AlignTrailingComments: true 8 | AllowAllParametersOfDeclarationOnNextLine: false 9 | AllowShortIfStatementsOnASingleLine: false 10 | AllowShortLoopsOnASingleLine: true 11 | AllowShortFunctionsOnASingleLine: Inline 12 | AlwaysBreakTemplateDeclarations: true 13 | AlwaysBreakBeforeMultilineStrings: true 14 | BreakBeforeBinaryOperators: false 15 | BreakBeforeTernaryOperators: true 16 | BreakConstructorInitializersBeforeComma: false 17 | BinPackParameters: false 18 | ColumnLimit: 90 19 | ConstructorInitializerAllOnOneLineOrOnePerLine: false 20 | DerivePointerBinding: false 21 | ExperimentalAutoDetectBinPacking: false 22 | IndentCaseLabels: true 23 | MaxEmptyLinesToKeep: 1 24 | KeepEmptyLinesAtTheStartOfBlocks: false 25 | NamespaceIndentation: None 26 | ObjCSpaceAfterProperty: false 27 | ObjCSpaceBeforeProtocolList: false 28 | PenaltyBreakBeforeFirstCallParameter: 1 29 | PenaltyBreakComment: 300 30 | PenaltyBreakString: 1000 31 | PenaltyBreakFirstLessLess: 120 32 | PenaltyExcessCharacter: 1000000 33 | PenaltyReturnTypeOnItsOwnLine: 200 34 | PointerBindsToType: true 35 | SpacesBeforeTrailingComments: 2 36 | Cpp11BracedListStyle: true 37 | Standard: Cpp11 38 | IndentWidth: 2 39 | TabWidth: 8 40 | UseTab: Never 41 | BreakBeforeBraces: Attach 42 | IndentFunctionDeclarationAfterType: true 43 | SpacesInParentheses: false 44 | SpacesInAngles: false 45 | SpaceInEmptyParentheses: false 46 | SpacesInCStyleCastParentheses: false 47 | SpacesInContainerLiterals: true 48 | SpaceBeforeAssignmentOperators: true 49 | ContinuationIndentWidth: 4 50 | CommentPragmas: '^ IWYU pragma:' 51 | ForEachMacros: [ foreach, Q_FOREACH, BOOST_FOREACH ] 52 | SpaceBeforeParens: ControlStatements 53 | ... 54 | 55 | -------------------------------------------------------------------------------- /urcrypt/keccak-tiny/.gitignore: -------------------------------------------------------------------------------- 1 | ### https://raw.github.com/github/gitignore/master/Global/OSX.gitignore 2 | 3 | .DS_Store 4 | .AppleDouble 5 | .LSOverride 6 | 7 | # Icon must end with two \r 8 | Icon 9 | 10 | # Thumbnails 11 | ._* 12 | 13 | # Files that might appear on external disk 14 | .Spotlight-V100 15 | .Trashes 16 | 17 | # Directories potentially created on remote AFP share 18 | .AppleDB 19 | .AppleDesktop 20 | Network Trash Folder 21 | Temporary Items 22 | .apdisk 23 | 24 | 25 | ### https://raw.github.com/github/gitignore/master/Global/vim.gitignore 26 | 27 | [._]*.s[a-w][a-z] 28 | [._]s[a-w][a-z] 29 | *.un~ 30 | Session.vim 31 | .netrwhist 32 | *~ 33 | 34 | 35 | ### https://raw.github.com/github/gitignore/master/Python.gitignore 36 | 37 | # Byte-compiled / optimized / DLL files 38 | __pycache__/ 39 | *.py[cod] 40 | 41 | # C extensions 42 | *.so 43 | 44 | # Distribution / packaging 45 | .Python 46 | env/ 47 | build/ 48 | develop-eggs/ 49 | dist/ 50 | eggs/ 51 | lib/ 52 | lib64/ 53 | parts/ 54 | sdist/ 55 | var/ 56 | *.egg-info/ 57 | .installed.cfg 58 | *.egg 59 | 60 | # Installer logs 61 | pip-log.txt 62 | pip-delete-this-directory.txt 63 | 64 | # Unit test / coverage reports 65 | htmlcov/ 66 | .tox/ 67 | .coverage 68 | .cache 69 | nosetests.xml 70 | coverage.xml 71 | 72 | # Translations 73 | *.mo 74 | *.pot 75 | 76 | # Django stuff: 77 | *.log 78 | 79 | # Sphinx documentation 80 | docs/_build/ 81 | 82 | 83 | ### https://raw.github.com/github/gitignore/master/C.gitignore 84 | 85 | # Object files 86 | *.o 87 | *.ko 88 | *.obj 89 | *.elf 90 | 91 | # Libraries 92 | *.lib 93 | *.a 94 | 95 | # Shared objects (inc. Windows DLLs) 96 | *.dll 97 | *.so 98 | *.so.* 99 | *.dylib 100 | 101 | # Executables 102 | *.exe 103 | *.out 104 | *.app 105 | *.i*86 106 | *.x86_64 107 | *.hex 108 | 109 | 110 | ### https://raw.github.com/github/gitignore/master/Global/Xcode.gitignore 111 | 112 | build/ 113 | *.pbxuser 114 | !default.pbxuser 115 | *.mode1v3 116 | !default.mode1v3 117 | *.mode2v3 118 | !default.mode2v3 119 | *.perspectivev3 120 | !default.perspectivev3 121 | xcuserdata 122 | *.xccheckout 123 | *.moved-aside 124 | DerivedData 125 | *.xcuserstate 126 | 127 | 128 | ### https://raw.github.com/github/gitignore/master/Global/Linux.gitignore 129 | 130 | *~ 131 | 132 | # KDE directory preferences 133 | .directory 134 | 135 | 136 | kcksum 137 | .ninja_deps 138 | .ninja_log 139 | JUNK/ 140 | -------------------------------------------------------------------------------- /urcrypt/keccak-tiny/define-macros.h: -------------------------------------------------------------------------------- 1 | #ifndef DEFINEMACROS_H 2 | #define DEFINEMACROS_H 3 | 4 | /*** Helper macros to define SHA3 and SHAKE instances. ***/ 5 | #define defshake(bits) \ 6 | int shake##bits(uint8_t* out, size_t outlen, \ 7 | const uint8_t* in, size_t inlen) { \ 8 | return hash(out, outlen, in, inlen, 200 - (bits / 4), 0x1f); \ 9 | } 10 | #define defsha3(bits) \ 11 | int sha3_##bits(uint8_t* out, size_t outlen, \ 12 | const uint8_t* in, size_t inlen) { \ 13 | if (outlen > (bits/8)) { \ 14 | return -1; \ 15 | } \ 16 | return hash(out, outlen, in, inlen, 200 - (bits / 4), 0x06); \ 17 | } 18 | 19 | #define defkeccak(bits) \ 20 | int keccak_##bits(uint8_t* out, size_t outlen, \ 21 | const uint8_t* in, size_t inlen) { \ 22 | if (outlen > (bits/8)) { \ 23 | return -1; \ 24 | } \ 25 | return hash(out, outlen, in, inlen, 200 - (bits / 4), 0x01); \ 26 | } 27 | 28 | /*** FIPS202 SHAKE VOFs ***/ 29 | defshake(128) 30 | defshake(256) 31 | 32 | /*** FIPS202 SHA3 FOFs ***/ 33 | defsha3(224) 34 | defsha3(256) 35 | defsha3(384) 36 | defsha3(512) 37 | 38 | /*** Non FIP202 SHA3 (KECCAK) FOFs ***/ 39 | defkeccak(224) 40 | defkeccak(256) 41 | defkeccak(384) 42 | defkeccak(512) 43 | 44 | #endif // DEFINEMACROS_H 45 | -------------------------------------------------------------------------------- /urcrypt/keccak-tiny/do.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | cc=$(which clang-3.6||which gcc-4.9||which clang||which gcc) 3 | so=$(test -f /etc/asl.conf && printf dylib|| printf so) 4 | $cc "-Dinline=__attribute__((__always_inline__))" -O3 -march=native -std=c11 -Wextra -Wpedantic -Wall -dynamic -shared keccak-tiny.c -o libkeccak-tiny.$so 5 | $cc -Os -march=native -std=c11 -Wextra -Wpedantic -Wall -dynamic -shared keccak-tiny.c -o libkeccak-tiny-small.$so 6 | -------------------------------------------------------------------------------- /urcrypt/keccak-tiny/keccak-tiny-unrolled.c: -------------------------------------------------------------------------------- 1 | /** libkeccak-tiny 2 | * 3 | * A single-file implementation of SHA-3 and SHAKE. 4 | * 5 | * Implementor: David Leon Gil 6 | * License: CC0, attribution kindly requested. Blame taken too, 7 | * but not liability. 8 | */ 9 | #include "keccak-tiny.h" 10 | 11 | #include 12 | #include 13 | #include 14 | #include 15 | 16 | /******** The Keccak-f[1600] permutation ********/ 17 | 18 | /*** Constants. ***/ 19 | static const uint8_t rho[24] = \ 20 | { 1, 3, 6, 10, 15, 21, 21 | 28, 36, 45, 55, 2, 14, 22 | 27, 41, 56, 8, 25, 43, 23 | 62, 18, 39, 61, 20, 44}; 24 | static const uint8_t pi[24] = \ 25 | {10, 7, 11, 17, 18, 3, 26 | 5, 16, 8, 21, 24, 4, 27 | 15, 23, 19, 13, 12, 2, 28 | 20, 14, 22, 9, 6, 1}; 29 | static const uint64_t RC[24] = \ 30 | {1ULL, 0x8082ULL, 0x800000000000808aULL, 0x8000000080008000ULL, 31 | 0x808bULL, 0x80000001ULL, 0x8000000080008081ULL, 0x8000000000008009ULL, 32 | 0x8aULL, 0x88ULL, 0x80008009ULL, 0x8000000aULL, 33 | 0x8000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, 0x8000000000008003ULL, 34 | 0x8000000000008002ULL, 0x8000000000000080ULL, 0x800aULL, 0x800000008000000aULL, 35 | 0x8000000080008081ULL, 0x8000000000008080ULL, 0x80000001ULL, 0x8000000080008008ULL}; 36 | 37 | /*** Helper macros to unroll the permutation. ***/ 38 | #define rol(x, s) (((x) << s) | ((x) >> (64 - s))) 39 | #define REPEAT6(e) e e e e e e 40 | #define REPEAT24(e) REPEAT6(e e e e) 41 | #define REPEAT5(e) e e e e e 42 | #define FOR5(v, s, e) \ 43 | v = 0; \ 44 | REPEAT5(e; v += s;) 45 | 46 | /*** Keccak-f[1600] ***/ 47 | static inline void keccakf(void* state) { 48 | uint64_t* a = (uint64_t*)state; 49 | uint64_t b[5] = {0}; 50 | uint64_t t = 0; 51 | uint8_t x, y, i = 0; 52 | 53 | REPEAT24( 54 | // Theta 55 | FOR5(x, 1, 56 | b[x] = 0; 57 | FOR5(y, 5, 58 | b[x] ^= a[x + y]; )) 59 | FOR5(x, 1, 60 | FOR5(y, 5, 61 | a[y + x] ^= b[(x + 4) % 5] ^ rol(b[(x + 1) % 5], 1); )) 62 | // Rho and pi 63 | t = a[1]; 64 | x = 0; 65 | REPEAT24(b[0] = a[pi[x]]; 66 | a[pi[x]] = rol(t, rho[x]); 67 | t = b[0]; 68 | x++; ) 69 | // Chi 70 | FOR5(y, 71 | 5, 72 | FOR5(x, 1, 73 | b[x] = a[y + x];) 74 | FOR5(x, 1, 75 | a[y + x] = b[x] ^ ((~b[(x + 1) % 5]) & b[(x + 2) % 5]); )) 76 | // Iota 77 | a[0] ^= RC[i]; 78 | i++; ) 79 | } 80 | 81 | /******** The FIPS202-defined functions. ********/ 82 | 83 | /*** Some helper macros. ***/ 84 | 85 | #define _(S) do { S } while (0) 86 | #define FOR(i, ST, L, S) \ 87 | _(for (size_t i = 0; i < L; i += ST) { S; }) 88 | #define mkapply_ds(NAME, S) \ 89 | static inline void NAME(uint8_t* dst, \ 90 | const uint8_t* src, \ 91 | size_t len) { \ 92 | FOR(i, 1, len, S); \ 93 | } 94 | #define mkapply_sd(NAME, S) \ 95 | static inline void NAME(const uint8_t* src, \ 96 | uint8_t* dst, \ 97 | size_t len) { \ 98 | FOR(i, 1, len, S); \ 99 | } 100 | 101 | mkapply_ds(xorin, dst[i] ^= src[i]) // xorin 102 | mkapply_sd(setout, dst[i] = src[i]) // setout 103 | 104 | #define P keccakf 105 | #define Plen 200 106 | 107 | // Fold P*F over the full blocks of an input. 108 | #define foldP(I, L, F) \ 109 | while (L >= rate) { \ 110 | F(a, I, rate); \ 111 | P(a); \ 112 | I += rate; \ 113 | L -= rate; \ 114 | } 115 | 116 | /** The sponge-based hash construction. **/ 117 | static inline int hash(uint8_t* out, size_t outlen, 118 | const uint8_t* in, size_t inlen, 119 | size_t rate, uint8_t delim) 120 | { 121 | if ((out == NULL) || ((in == NULL) && inlen != 0) || (rate >= Plen)) 122 | { 123 | return -1; 124 | } 125 | uint8_t a[Plen] = {0}; 126 | // Absorb input. 127 | foldP(in, inlen, xorin); 128 | // Xor in the DS and pad frame. 129 | a[inlen] ^= delim; 130 | a[rate - 1] ^= 0x80; 131 | // Xor in the last block. 132 | xorin(a, in, inlen); 133 | // Apply P 134 | P(a); 135 | // Squeeze output. 136 | foldP(out, outlen, setout); 137 | setout(a, out, outlen); 138 | //TODO: c11 problem: replaced 139 | //memset_s(a, 200, 0, 200); 140 | //Reference: http://en.cppreference.com/w/c/string/byte/memset 141 | memset(a, 0, 200); 142 | return 0; 143 | } 144 | 145 | #include "define-macros.h" 146 | -------------------------------------------------------------------------------- /urcrypt/keccak-tiny/keccak-tiny.c: -------------------------------------------------------------------------------- 1 | /** libkeccak-tiny 2 | * 3 | * A single-file implementation of SHA-3 and SHAKE. 4 | * 5 | * Implementor: David Leon Gil 6 | * License: CC0, attribution kindly requested. Blame taken too, 7 | * but not liability. 8 | */ 9 | #include "keccak-tiny.h" 10 | 11 | #include 12 | #include 13 | #include 14 | #include 15 | 16 | /******** The Keccak-f[1600] permutation ********/ 17 | 18 | /*** Constants. ***/ 19 | static const uint8_t rho[24] = \ 20 | { 1, 3, 6, 10, 15, 21, 21 | 28, 36, 45, 55, 2, 14, 22 | 27, 41, 56, 8, 25, 43, 23 | 62, 18, 39, 61, 20, 44}; 24 | static const uint8_t pi[24] = \ 25 | {10, 7, 11, 17, 18, 3, 26 | 5, 16, 8, 21, 24, 4, 27 | 15, 23, 19, 13, 12, 2, 28 | 20, 14, 22, 9, 6, 1}; 29 | static const uint64_t RC[24] = \ 30 | {1ULL, 0x8082ULL, 0x800000000000808aULL, 0x8000000080008000ULL, 31 | 0x808bULL, 0x80000001ULL, 0x8000000080008081ULL, 0x8000000000008009ULL, 32 | 0x8aULL, 0x88ULL, 0x80008009ULL, 0x8000000aULL, 33 | 0x8000808bULL, 0x800000000000008bULL, 0x8000000000008089ULL, 0x8000000000008003ULL, 34 | 0x8000000000008002ULL, 0x8000000000000080ULL, 0x800aULL, 0x800000008000000aULL, 35 | 0x8000000080008081ULL, 0x8000000000008080ULL, 0x80000001ULL, 0x8000000080008008ULL}; 36 | 37 | /*** Helper macros to unroll the permutation. ***/ 38 | #define rol(x, s) (((x) << s) | ((x) >> (64 - s))) 39 | #define REPEAT6(e) e e e e e e 40 | #define REPEAT24(e) REPEAT6(e e e e) 41 | #define REPEAT5(e) e e e e e 42 | #define FOR5(v, s, e) \ 43 | v = 0; \ 44 | REPEAT5(e; v += s;) 45 | 46 | /*** Keccak-f[1600] ***/ 47 | static inline void keccakf(void* state) { 48 | uint64_t* a = (uint64_t*)state; 49 | uint64_t b[5] = {0}; 50 | uint64_t t = 0; 51 | uint8_t x, y; 52 | 53 | for (int i = 0; i < 24; i++) { 54 | // Theta 55 | FOR5(x, 1, 56 | b[x] = 0; 57 | FOR5(y, 5, 58 | b[x] ^= a[x + y]; )) 59 | FOR5(x, 1, 60 | FOR5(y, 5, 61 | a[y + x] ^= b[(x + 4) % 5] ^ rol(b[(x + 1) % 5], 1); )) 62 | // Rho and pi 63 | t = a[1]; 64 | x = 0; 65 | REPEAT24(b[0] = a[pi[x]]; 66 | a[pi[x]] = rol(t, rho[x]); 67 | t = b[0]; 68 | x++; ) 69 | // Chi 70 | FOR5(y, 71 | 5, 72 | FOR5(x, 1, 73 | b[x] = a[y + x];) 74 | FOR5(x, 1, 75 | a[y + x] = b[x] ^ ((~b[(x + 1) % 5]) & b[(x + 2) % 5]); )) 76 | // Iota 77 | a[0] ^= RC[i]; 78 | } 79 | } 80 | 81 | /******** The FIPS202-defined functions. ********/ 82 | 83 | /*** Some helper macros. ***/ 84 | 85 | #define _(S) do { S } while (0) 86 | #define FOR(i, ST, L, S) \ 87 | _(for (size_t i = 0; i < L; i += ST) { S; }) 88 | #define mkapply_ds(NAME, S) \ 89 | static inline void NAME(uint8_t* dst, \ 90 | const uint8_t* src, \ 91 | size_t len) { \ 92 | FOR(i, 1, len, S); \ 93 | } 94 | #define mkapply_sd(NAME, S) \ 95 | static inline void NAME(const uint8_t* src, \ 96 | uint8_t* dst, \ 97 | size_t len) { \ 98 | FOR(i, 1, len, S); \ 99 | } 100 | 101 | mkapply_ds(xorin, dst[i] ^= src[i]) // xorin 102 | mkapply_sd(setout, dst[i] = src[i]) // setout 103 | 104 | #define P keccakf 105 | #define Plen 200 106 | 107 | // Fold P*F over the full blocks of an input. 108 | #define foldP(I, L, F) \ 109 | while (L >= rate) { \ 110 | F(a, I, rate); \ 111 | P(a); \ 112 | I += rate; \ 113 | L -= rate; \ 114 | } 115 | 116 | /** The sponge-based hash construction. **/ 117 | static inline int hash(uint8_t* out, size_t outlen, 118 | const uint8_t* in, size_t inlen, 119 | size_t rate, uint8_t delim) 120 | { 121 | if ((out == NULL) || ((in == NULL) && inlen != 0) || (rate >= Plen)) 122 | { 123 | return -1; 124 | } 125 | uint8_t a[Plen] = {0}; 126 | // Absorb input. 127 | foldP(in, inlen, xorin); 128 | // Xor in the DS and pad frame. 129 | a[inlen] ^= delim; 130 | a[rate - 1] ^= 0x80; 131 | // Xor in the last block. 132 | xorin(a, in, inlen); 133 | // Apply P 134 | P(a); 135 | // Squeeze output. 136 | foldP(out, outlen, setout); 137 | setout(a, out, outlen); 138 | //TODO: c11 problem: replaced 139 | //memset_s(a, 200, 0, 200); 140 | //Reference: http://en.cppreference.com/w/c/string/byte/memset 141 | memset(a, 0, 200); 142 | return 0; 143 | } 144 | 145 | #include "define-macros.h" 146 | -------------------------------------------------------------------------------- /urcrypt/keccak-tiny/keccak-tiny.h: -------------------------------------------------------------------------------- 1 | #ifndef KECCAK_FIPS202_H 2 | #define KECCAK_FIPS202_H 3 | #define __STDC_WANT_LIB_EXT1__ 1 4 | #include 5 | #include 6 | 7 | #define HASH224_SIZE 28 8 | #define HASH256_SIZE 32 9 | #define HASH384_SIZE 48 10 | #define HASH512_SIZE 64 11 | 12 | #define decshake(bits) \ 13 | int shake##bits(uint8_t*, size_t, const uint8_t*, size_t); 14 | 15 | #define decsha3(bits) \ 16 | int sha3_##bits(uint8_t*, size_t, const uint8_t*, size_t); 17 | 18 | #define deckeccak(bits) \ 19 | int keccak_##bits(uint8_t*, size_t, const uint8_t*, size_t); 20 | 21 | decshake(128) 22 | decshake(256) 23 | 24 | decsha3(224) 25 | decsha3(256) 26 | decsha3(384) 27 | decsha3(512) 28 | 29 | deckeccak(224) 30 | deckeccak(256) 31 | deckeccak(384) 32 | deckeccak(512) 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /urcrypt/keccak-tiny/keccak-tiny.pri: -------------------------------------------------------------------------------- 1 | # Keccak-tiny Library 2 | # Options: 3 | # * KECCAK_UNROLLED - Enable unrolled implementation (but disable main one). 4 | 5 | HEADERS += \ 6 | $$PWD/keccak-tiny.h \ 7 | $$PWD/define-macros.h 8 | 9 | contains(DEFINES, KECCAK_UNROLLED) { 10 | SOURCES += $$PWD/keccak-tiny-unrolled.c 11 | } else { 12 | SOURCES += $$PWD/keccak-tiny.c 13 | } 14 | -------------------------------------------------------------------------------- /urcrypt/keccak-tiny/simple_do.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | cc=$(which clang-3.6||which gcc-4.9||which clang||which gcc) 3 | case $(uname) in 4 | Linux) 5 | so=$(printf so) 6 | ARFLAGS='rvs -o' 7 | ;; 8 | Darwin) 9 | so=$(printf dylib) 10 | ARFLAGS=rcs 11 | ;; 12 | MINGW*) 13 | so=$(printf lib) 14 | ARFLAGS='rcs -o' 15 | ;; 16 | *) 17 | so=$(printf so) 18 | ARFLAGS='rvs -o' 19 | ;; 20 | esac 21 | # TODO: Fix the compiler to work with any of the above compilers $cc 22 | gcc -c keccak-tiny.c 23 | ar ${ARFLAGS} libkeccak-tiny.$so keccak-tiny.o 24 | -------------------------------------------------------------------------------- /urcrypt/liburcrypt.pc.in: -------------------------------------------------------------------------------- 1 | prefix=@prefix@ 2 | exec_prefix=@exec_prefix@ 3 | libdir=@libdir@ 4 | includedir=@includedir@ 5 | 6 | Name: @PACKAGE_NAME@ 7 | Description: cryptography library for urbit 8 | URL: https://github.com/urbit/urcrypt 9 | Version: @PACKAGE_VERSION@ 10 | Cflags: -I${includedir} 11 | Requires.private: libcrypto libsecp256k1 12 | Libs: -L${libdir} -lurcrypt 13 | Libs.private: -laes_siv 14 | 15 | -------------------------------------------------------------------------------- /urcrypt/scrypt/.gitignore: -------------------------------------------------------------------------------- 1 | *.o 2 | *.so 3 | *.so.0 4 | *.a 5 | reference 6 | endian.h 7 | byteorder 8 | -------------------------------------------------------------------------------- /urcrypt/scrypt/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2013, Joshua Small 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 5 | Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 6 | Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 7 | 8 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 9 | 10 | -------------------------------------------------------------------------------- /urcrypt/scrypt/README.md: -------------------------------------------------------------------------------- 1 | libscrypt 2 | ========= 3 | Linux scrypt shared library. 4 | 5 | Full credit to algorithm designer and example code from Colin Percival here: 6 | http://www.tarsnap.com/scrypt.html 7 | 8 | Utilises BASE64 encoding library from ISC. 9 | 10 | Official project page, including stable tarballs found here: 11 | http://www.lolware.net/libscrypt.html 12 | 13 | Simple hashing interface 14 | 15 | The (reference) internal hashing function can be directly called as follows: 16 | 17 | int libscrypt_scrypt(const uint8_t *passwd, size_t passwdlen, 18 | const uint8_t *salt, size_t saltlen, uint64_t N, uint32_t r, 19 | uint32_t p, /*@out@*/ uint8_t *buf, size_t buflen); 20 | 21 | Libscrypt's easier to use interface wraps this up to deal with the salt and produce BASE64 output as so: 22 | 23 | int libscrypt_hash(char *dst, char *passphrase, uint32_t N, uint8_t r, uint8_t p); 24 | 25 | Sane constants have been created for N, r and p so you can create a hash like this: 26 | 27 | libscrypt_hash(outbuf, "My cats's breath smells like cat food", SCRYPT_N, SCRYPT_r, SCRYPT_p); 28 | 29 | This function sets errno as required for any error conditions. 30 | 31 | Output stored in "outbuf" is stored in a standardised MCF form, which means includes the randomly created, 128 bit salt, all N, r and p values, and a BASE64 encoded version of the hash. The entire MCF can be stored in a database, and compared for use as below: 32 | 33 | retval = libscrypt_check(mcf, "pleasefailme"); 34 | retval < 0 error 35 | retval = 0 password incorrect 36 | retval > 0 pass 37 | 38 | mcf should be defined as at least SCRYPT_MCF_LEN in size. 39 | 40 | Note that libscrypt_check needs to modify the mcf string and will not return it 41 | to the original state. Pass it a copy if you need to keep the original mcf. 42 | 43 | A number of internal functions are exposed, and users wishing to create more complex use cases should consult the header file, which is aimed at documenting the API fully. 44 | 45 | The test reference is also aimed at providing a well documented use case. 46 | Building 47 | -------- 48 | make 49 | make check 50 | Check the Makefile for advice on linking against your application. 51 | 52 | OSX 53 | ----- 54 | Please compile and install with: 55 | 56 | make LDFLAGS= CFLAGS_EXTRA= 57 | make install-osx 58 | 59 | 60 | BUGS 61 | ---- 62 | SCRYPT_* constants are probably a little high for something like a Raspberry pi. Using '1' as SCRYPT_p is acceptable from a security and performance standpoint if needed. 63 | Experiments were performed with using memset() to zero out passwords as they were checked. This often caused issues with calling applications where the password based have been passed as a const*. We highly recommend implementing your own zeroing function the moment this library is called. 64 | 65 | There is apparently an issue when used on Samsung (and perhaps Android in general) devices. See [this issue](https://github.com/technion/libscrypt/issues/39) for more information. 66 | 67 | Notes on Code Development 68 | ------------------------ 69 | 70 | Code is now declared "stable", the master branch will always be "stable" and development will be done on branches. 71 | The reference machines are Fedora, CentOS, FreeBSD and Raspbian, and the code is expected to compile and run on all of these before being moved to stable branch. 72 | Full transparancy on the regular application of thorough testing can be found by reviewing recent test harness results here: 73 | http://www.lolware.net/libscrypttesting.txt 74 | 75 | Please, no more pull requests for Windows compatibility. If it's important to you - fork the project. I have no intention of pulling an OpenSSL and becoming a maze of ifdefs for platforms I don't even have a build environment for. 76 | 77 | I utilise Facebook's "infer" static analyser, in addition to clang's analyzer. Command to run is: 78 | 79 | infer -- make 80 | 81 | Contact 82 | ------- 83 | I can be contacted at: technion@lolware.net 84 | 85 | If required, my GPG key can be found at: https://lolware.net/technion-GPG-KEY 86 | 87 | Future releases will have the Git tag signed. 88 | 89 | 90 | Changenotes 91 | ----------- 92 | v1.1a: Single Makefile line change. I wouldn't ordinarily tag this as a new "release", but the purpose here is to assist with packaging in distributions. 93 | 94 | v1.12: The static library is built, but no longer installed by default. You can install it with "make install-static". This is because static libraries are not typically bundled in packages. 95 | 96 | v1.13: Minor packaging related update 97 | 98 | v1.15: Replaced the b64 libraries with more portable one from ISC. Now tested and verified on a wider variety of architectures. Note, libscrypt_b64_encrypt was originally an exported function. This is no longer the case as it is considered an internal function only. 99 | 100 | v1.18: God damnit Apple 101 | 102 | v1.19: Code safety cleanups. Now running Coverity. 103 | 104 | v1.20: Bigfixes involving large N values, return values on error 105 | 106 | 107 | Coverity Scan Build Status 109 | 110 | -------------------------------------------------------------------------------- /urcrypt/scrypt/b64.h: -------------------------------------------------------------------------------- 1 | 2 | /* BASE64 libraries used internally - should not need to be packaged */ 3 | #include 4 | #define b64_encode_len(A) ((A+2)/3 * 4 + 1) 5 | #define b64_decode_len(A) (A / 4 * 3 + 2) 6 | 7 | int libscrypt_b64_encode(unsigned char const *src, size_t srclength, 8 | /*@out@*/ char *target, size_t targetsize); 9 | int libscrypt_b64_decode(char const *src, /*@out@*/ unsigned char *target, 10 | size_t targetsize); 11 | -------------------------------------------------------------------------------- /urcrypt/scrypt/crypto-mcf.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include "libscrypt.h" 6 | 7 | /* ilog2 for powers of two */ 8 | static uint32_t scrypt_ilog2(uint32_t n) 9 | { 10 | #ifndef S_SPLINT_S 11 | 12 | /* Check for a valid power of two */ 13 | if (n < 2 || (n & (n - 1))) 14 | return -1; 15 | #endif 16 | uint32_t t = 1; 17 | while (((uint32_t)1 << t) < n) 18 | { 19 | if(t > SCRYPT_SAFE_N) 20 | return (uint32_t) -1; /* Check for insanity */ 21 | t++; 22 | } 23 | 24 | return t; 25 | } 26 | 27 | #ifdef _MSC_VER 28 | #define SNPRINTF _snprintf 29 | #else 30 | #define SNPRINTF snprintf 31 | #endif 32 | 33 | int libscrypt_mcf(uint32_t N, uint32_t r, uint32_t p, const char *salt, 34 | const char *hash, char *mcf) 35 | { 36 | 37 | uint32_t t, params; 38 | int s; 39 | 40 | if(!mcf || !hash) 41 | return 0; 42 | /* Although larger values of r, p are valid in scrypt, this mcf format 43 | * limits to 8 bits. If your number is larger, current computers will 44 | * struggle 45 | */ 46 | if(r > (uint8_t)(-1) || p > (uint8_t)(-1)) 47 | return 0; 48 | 49 | t = scrypt_ilog2(N); 50 | if (t < 1) 51 | return 0; 52 | 53 | params = (r << 8) + p; 54 | params += (uint32_t)t << 16; 55 | 56 | /* Using snprintf - not checking for overflows. We've already 57 | * determined that mcf should be defined as at least SCRYPT_MCF_LEN 58 | * in length 59 | */ 60 | s = SNPRINTF(mcf, SCRYPT_MCF_LEN, SCRYPT_MCF_ID "$%06x$%s$%s", (unsigned int)params, salt, hash); 61 | if (s >= SCRYPT_MCF_LEN) 62 | return 0; 63 | 64 | return 1; 65 | } 66 | -------------------------------------------------------------------------------- /urcrypt/scrypt/crypto-scrypt-saltgen.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | /* Disable on Windows, there is no /dev/urandom. 8 | Link-time error is better than runtime error. */ 9 | #ifndef _WIN32 10 | 11 | #ifndef S_SPLINT_S /* Including this here triggers a known bug in splint */ 12 | #include 13 | #endif 14 | 15 | #define RNGDEV "/dev/urandom" 16 | 17 | int libscrypt_salt_gen(uint8_t *salt, size_t len) 18 | { 19 | unsigned char buf[len]; 20 | size_t data_read = 0; 21 | int urandom = open(RNGDEV, O_RDONLY); 22 | 23 | if (urandom < 0) 24 | { 25 | return -1; 26 | } 27 | 28 | while (data_read < len) { 29 | ssize_t result = read(urandom, buf + data_read, len - data_read); 30 | 31 | if (result < 0) 32 | { 33 | if (errno == EINTR || errno == EAGAIN) { 34 | continue; 35 | } 36 | 37 | else { 38 | (void)close(urandom); 39 | return -1; 40 | } 41 | } 42 | 43 | data_read += result; 44 | } 45 | 46 | /* Failures on close() shouldn't occur with O_RDONLY */ 47 | (void)close(urandom); 48 | 49 | memcpy(salt, buf, len); 50 | 51 | return 0; 52 | } 53 | 54 | #endif 55 | -------------------------------------------------------------------------------- /urcrypt/scrypt/crypto_scrypt-check.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #include "b64.h" 7 | #include "slowequals.h" 8 | #include "libscrypt.h" 9 | 10 | #ifdef _WIN32 11 | /* On windows, strtok uses a thread-local static variable in strtok to 12 | * make strtok thread-safe. It also neglects to provide a strtok_r. */ 13 | #define strtok_r(str, val, saveptr) strtok((str), (val)) 14 | #endif 15 | 16 | int libscrypt_check(char *mcf, const char *password) 17 | { 18 | /* Return values: 19 | * <0 error 20 | * == 0 password incorrect 21 | * >0 correct password 22 | */ 23 | 24 | #ifndef _WIN32 25 | char *saveptr = NULL; 26 | #endif 27 | uint32_t params; 28 | uint64_t N; 29 | uint8_t r, p; 30 | int retval; 31 | uint8_t hashbuf[64]; 32 | char outbuf[128]; 33 | uint8_t salt[32]; 34 | char *tok; 35 | 36 | if(mcf == NULL) 37 | { 38 | return -1; 39 | } 40 | 41 | if(memcmp(mcf, SCRYPT_MCF_ID, 3) != 0) 42 | { 43 | /* Only version 0 supported */ 44 | return -1; 45 | } 46 | 47 | tok = strtok_r(mcf, "$", &saveptr); 48 | if ( !tok ) 49 | return -1; 50 | 51 | tok = strtok_r(NULL, "$", &saveptr); 52 | 53 | if ( !tok ) 54 | return -1; 55 | 56 | params = (uint32_t)strtoul(tok, NULL, 16); 57 | if ( params == 0 ) 58 | return -1; 59 | 60 | tok = strtok_r(NULL, "$", &saveptr); 61 | 62 | if ( !tok ) 63 | return -1; 64 | 65 | p = params & 0xff; 66 | r = (params >> 8) & 0xff; 67 | N = params >> 16; 68 | 69 | if (N > SCRYPT_SAFE_N) 70 | return -1; 71 | 72 | N = (uint64_t)1 << N; 73 | 74 | /* Useful debugging: 75 | printf("We've obtained salt 'N' r p of '%s' %d %d %d\n", tok, N,r,p); 76 | */ 77 | 78 | memset(salt, 0, sizeof(salt)); /* Keeps splint happy */ 79 | retval = libscrypt_b64_decode(tok, (unsigned char*)salt, sizeof(salt)); 80 | if (retval < 1) 81 | return -1; 82 | 83 | retval = libscrypt_scrypt((uint8_t*)password, strlen(password), salt, 84 | (uint32_t)retval, N, r, p, hashbuf, sizeof(hashbuf)); 85 | 86 | if (retval != 0) 87 | return -1; 88 | 89 | retval = libscrypt_b64_encode((unsigned char*)hashbuf, sizeof(hashbuf), 90 | outbuf, sizeof(outbuf)); 91 | 92 | if (retval == 0) 93 | return -1; 94 | 95 | tok = strtok_r(NULL, "$", &saveptr); 96 | 97 | if ( !tok ) 98 | return -1; 99 | 100 | if(slow_equals(tok, outbuf) == 0) 101 | return 0; 102 | 103 | return 1; /* This is the "else" condition */ 104 | } 105 | 106 | -------------------------------------------------------------------------------- /urcrypt/scrypt/crypto_scrypt-hash.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #include "b64.h" 7 | #include "libscrypt.h" 8 | 9 | int libscrypt_hash(char *dst, const char *passphrase, uint32_t N, uint8_t r, 10 | uint8_t p) 11 | { 12 | 13 | int retval; 14 | uint8_t salt[SCRYPT_SALT_LEN]; 15 | uint8_t hashbuf[SCRYPT_HASH_LEN]; 16 | char outbuf[256]; 17 | char saltbuf[256]; 18 | 19 | if(libscrypt_salt_gen(salt, SCRYPT_SALT_LEN) == -1) 20 | { 21 | return 0; 22 | } 23 | 24 | retval = libscrypt_scrypt((const uint8_t*)passphrase, strlen(passphrase), 25 | (uint8_t*)salt, SCRYPT_SALT_LEN, N, r, p, hashbuf, sizeof(hashbuf)); 26 | if(retval == -1) 27 | return 0; 28 | 29 | retval = libscrypt_b64_encode((unsigned char*)hashbuf, sizeof(hashbuf), 30 | outbuf, sizeof(outbuf)); 31 | if(retval == -1) 32 | return 0; 33 | 34 | retval = libscrypt_b64_encode((unsigned char *)salt, sizeof(salt), 35 | saltbuf, sizeof(saltbuf)); 36 | if(retval == -1) 37 | return 0; 38 | 39 | retval = libscrypt_mcf(N, r, p, saltbuf, outbuf, dst); 40 | if(retval != 1) 41 | return 0; 42 | 43 | return 1; 44 | } 45 | -------------------------------------------------------------------------------- /urcrypt/scrypt/crypto_scrypt-hexconvert.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | /* The hexconvert function is only used to test reference vectors against 7 | * known answers. The contents of this file are therefore a component 8 | * to assist with test harnesses only 9 | */ 10 | 11 | int libscrypt_hexconvert(uint8_t *buf, size_t s, char *outbuf, size_t obs) 12 | { 13 | 14 | size_t i; 15 | int len = 0; 16 | 17 | if (!buf || s < 1 || obs < (s * 2 + 1)) 18 | return 0; 19 | 20 | memset(outbuf, 0, obs); 21 | 22 | 23 | for(i=0; i<=(s-1); i++) 24 | { 25 | /* snprintf(outbuf, s,"%s...", outbuf....) has undefined results 26 | * and can't be used. Using offests like this makes snprintf 27 | * nontrivial. we therefore have use inescure sprintf() and 28 | * lengths checked elsewhere (start of function) */ 29 | /*@ -bufferoverflowhigh @*/ 30 | len += sprintf(outbuf+len, "%02x", (unsigned int) buf[i]); 31 | } 32 | 33 | return 1; 34 | } 35 | 36 | -------------------------------------------------------------------------------- /urcrypt/scrypt/crypto_scrypt-hexconvert.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | /** 5 | * Converts a binary string to a hex representation of that string 6 | * outbuf must have size of at least buf * 2 + 1. 7 | */ 8 | int libscrypt_hexconvert(const uint8_t *buf, size_t s, char *outbuf, 9 | size_t obs); 10 | -------------------------------------------------------------------------------- /urcrypt/scrypt/libscrypt.h: -------------------------------------------------------------------------------- 1 | /*- 2 | */ 3 | #ifndef _CRYPTO_SCRYPT_H_ 4 | #define _CRYPTO_SCRYPT_H_ 5 | 6 | 7 | #include 8 | #include 9 | #ifdef __cplusplus 10 | extern "C"{ 11 | #endif 12 | 13 | /** 14 | * crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen): 15 | * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r, 16 | * p, buflen) and write the result into buf. The parameters r, p, and buflen 17 | * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N 18 | * must be a power of 2 greater than 1. 19 | * 20 | * libscrypt_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen): 21 | * password; duh 22 | * N: CPU AND RAM cost (first modifier) 23 | * r: RAM Cost 24 | * p: CPU cost (parallelisation) 25 | * In short, N is your main performance modifier. Values of r = 8, p = 1 are 26 | * standard unless you want to modify the CPU/RAM ratio. 27 | * Return 0 on success; or -1 on error. 28 | */ 29 | int libscrypt_scrypt(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t, 30 | uint32_t, uint32_t, /*@out@*/ uint8_t *, size_t); 31 | 32 | /* Converts a series of input parameters to a MCF form for storage */ 33 | int libscrypt_mcf(uint32_t N, uint32_t r, uint32_t p, const char *salt, 34 | const char *hash, char *mcf); 35 | 36 | #ifndef _MSC_VER 37 | /* Generates a salt. Uses /dev/urandom/ 38 | */ 39 | int libscrypt_salt_gen(/*@out@*/ uint8_t *rand, size_t len); 40 | 41 | /* Creates a hash of a passphrase using a randomly generated salt */ 42 | /* Returns >0 on success, or 0 for fail */ 43 | int libscrypt_hash(char *dst, const char* passphrase, uint32_t N, uint8_t r, 44 | uint8_t p); 45 | #endif 46 | 47 | /* Checks a given MCF against a password */ 48 | int libscrypt_check(char *mcf, const char *password); 49 | 50 | #ifdef __cplusplus 51 | } 52 | #endif 53 | 54 | /* Sane default values */ 55 | #define SCRYPT_HASH_LEN 64 /* This can be user defined - 56 | *but 64 is the reference size 57 | */ 58 | #define SCRYPT_SAFE_N 30 /* This is much higher than you want. It's just 59 | * a blocker for insane defines 60 | */ 61 | #define SCRYPT_SALT_LEN 16 /* This is just a recommended size */ 62 | /* Standard MCF is: 63 | $s1 Identifier, three chars 64 | $0e0810 Work order and separator, six chars 65 | Formula for binary to base64 length = ceil(n/3)*4 66 | $pcL+DWle903AXcKJVwMffA== Salt is 16 bytes, or 24 in Base64 67 | $dn+9ujljVc5JTJMC2fYu1ZEHdJyqYkOurmcrBQbMHUfnD6qxbTmNiR075ohNBZjvp66E2aV1pfOrmyNHUefjMg== Hash is 64 bytes, or 88 in Base64. 68 | Work order, salt and hash have separators (3) 69 | 3 + 6 + 24 + 88 + 3 + null byte = 125 70 | This is rounded up to a multiple of four for alignment 71 | */ 72 | #define SCRYPT_MCF_LEN 128 73 | #define SCRYPT_MCF_ID "$s1" 74 | #define SCRYPT_N 16384 75 | #define SCRYPT_r 8 76 | #define SCRYPT_p 16 77 | #endif /* !_CRYPTO_SCRYPT_H_ */ 78 | -------------------------------------------------------------------------------- /urcrypt/scrypt/libscrypt.version: -------------------------------------------------------------------------------- 1 | libscrypt { 2 | global: libscrypt_check; 3 | libscrypt_hash; 4 | libscrypt_mcf; 5 | libscrypt_salt_gen; 6 | libscrypt_scrypt; 7 | local: *; 8 | }; 9 | -------------------------------------------------------------------------------- /urcrypt/scrypt/sha256.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright 2005,2007,2009 Colin Percival 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | * 26 | * $FreeBSD: src/lib/libmd/sha256.h,v 1.2 2006/01/17 15:35:56 phk Exp $ 27 | */ 28 | 29 | #ifndef _SHA256_H_ 30 | #define _SHA256_H_ 31 | 32 | #include 33 | 34 | #include 35 | 36 | typedef struct libscrypt_SHA256Context { 37 | uint32_t state[8]; 38 | uint32_t count[2]; 39 | unsigned char buf[64]; 40 | } SHA256_CTX; 41 | 42 | typedef struct libscrypt_HMAC_SHA256Context { 43 | SHA256_CTX ictx; 44 | SHA256_CTX octx; 45 | } HMAC_SHA256_CTX; 46 | 47 | void libscrypt_SHA256_Init(/*@out@*/ SHA256_CTX *); 48 | void libscrypt_SHA256_Update(SHA256_CTX *, const void *, size_t); 49 | 50 | /* Original declaration: 51 | * void SHA256_Final(unsigned char [32], SHA256_CTX *); 52 | */ 53 | void libscrypt_SHA256_Final(/*@out@*/ unsigned char [], SHA256_CTX *); 54 | void libscrypt_HMAC_SHA256_Init(HMAC_SHA256_CTX *, const void *, size_t); 55 | void libscrypt_HMAC_SHA256_Update(HMAC_SHA256_CTX *, const void *, size_t); 56 | 57 | /* Original declaration: 58 | * void HMAC_SHA256_Final(unsigned char [32], HMAC_SHA256_CTX *); 59 | */ 60 | void libscrypt_HMAC_SHA256_Final(unsigned char [], HMAC_SHA256_CTX *); 61 | 62 | /** 63 | * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): 64 | * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and 65 | * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). 66 | */ 67 | void libscrypt_PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t, 68 | uint64_t, uint8_t *, size_t); 69 | 70 | #endif /* !_SHA256_H_ */ 71 | -------------------------------------------------------------------------------- /urcrypt/scrypt/slowequals.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | /* Implements a constant time version of strcmp() 4 | * Will return 1 if a and b are equal, 0 if they are not */ 5 | int slow_equals(const char* a, const char* b) 6 | { 7 | size_t lena, lenb, diff, i; 8 | lena = strlen(a); 9 | lenb = strlen(b); 10 | diff = strlen(a) ^ strlen(b); 11 | 12 | for(i=0; i we have isn't usable. */ 34 | #if !HAVE_DECL_BE64ENC 35 | #undef HAVE_SYS_ENDIAN_H 36 | #endif 37 | 38 | #ifdef HAVE_SYS_ENDIAN_H 39 | 40 | #include 41 | 42 | #else 43 | 44 | #include 45 | #ifdef _MSC_VER 46 | #define INLINE __inline 47 | #else 48 | #define INLINE inline 49 | #endif 50 | 51 | static INLINE uint32_t 52 | be32dec(const void *pp) 53 | { 54 | const uint8_t *p = (uint8_t const *)pp; 55 | 56 | return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) + 57 | ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); 58 | } 59 | 60 | static INLINE void 61 | be32enc(void *pp, uint32_t x) 62 | { 63 | uint8_t * p = (uint8_t *)pp; 64 | 65 | p[3] = x & 0xff; 66 | p[2] = (x >> 8) & 0xff; 67 | p[1] = (x >> 16) & 0xff; 68 | p[0] = (x >> 24) & 0xff; 69 | } 70 | 71 | static INLINE uint64_t 72 | be64dec(const void *pp) 73 | { 74 | const uint8_t *p = (uint8_t const *)pp; 75 | 76 | return ((uint64_t)(p[7]) + ((uint64_t)(p[6]) << 8) + 77 | ((uint64_t)(p[5]) << 16) + ((uint64_t)(p[4]) << 24) + 78 | ((uint64_t)(p[3]) << 32) + ((uint64_t)(p[2]) << 40) + 79 | ((uint64_t)(p[1]) << 48) + ((uint64_t)(p[0]) << 56)); 80 | } 81 | 82 | static INLINE void 83 | be64enc(void *pp, uint64_t x) 84 | { 85 | uint8_t * p = (uint8_t *)pp; 86 | 87 | p[7] = x & 0xff; 88 | p[6] = (x >> 8) & 0xff; 89 | p[5] = (x >> 16) & 0xff; 90 | p[4] = (x >> 24) & 0xff; 91 | p[3] = (x >> 32) & 0xff; 92 | p[2] = (x >> 40) & 0xff; 93 | p[1] = (x >> 48) & 0xff; 94 | p[0] = (x >> 56) & 0xff; 95 | } 96 | 97 | static INLINE uint32_t 98 | le32dec(const void *pp) 99 | { 100 | const uint8_t *p = (uint8_t const *)pp; 101 | 102 | return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) + 103 | ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24)); 104 | } 105 | 106 | static INLINE void 107 | le32enc(void *pp, uint32_t x) 108 | { 109 | uint8_t * p = (uint8_t *)pp; 110 | 111 | p[0] = x & 0xff; 112 | p[1] = (x >> 8) & 0xff; 113 | p[2] = (x >> 16) & 0xff; 114 | p[3] = (x >> 24) & 0xff; 115 | } 116 | 117 | static INLINE uint64_t 118 | le64dec(const void *pp) 119 | { 120 | const uint8_t *p = (uint8_t const *)pp; 121 | 122 | return ((uint64_t)(p[0]) + ((uint64_t)(p[1]) << 8) + 123 | ((uint64_t)(p[2]) << 16) + ((uint64_t)(p[3]) << 24) + 124 | ((uint64_t)(p[4]) << 32) + ((uint64_t)(p[5]) << 40) + 125 | ((uint64_t)(p[6]) << 48) + ((uint64_t)(p[7]) << 56)); 126 | } 127 | 128 | static INLINE void 129 | le64enc(void *pp, uint64_t x) 130 | { 131 | uint8_t * p = (uint8_t *)pp; 132 | 133 | p[0] = x & 0xff; 134 | p[1] = (x >> 8) & 0xff; 135 | p[2] = (x >> 16) & 0xff; 136 | p[3] = (x >> 24) & 0xff; 137 | p[4] = (x >> 32) & 0xff; 138 | p[5] = (x >> 40) & 0xff; 139 | p[6] = (x >> 48) & 0xff; 140 | p[7] = (x >> 56) & 0xff; 141 | } 142 | #endif /* !HAVE_SYS_ENDIAN_H */ 143 | 144 | #endif /* !_SYSENDIAN_H_ */ 145 | -------------------------------------------------------------------------------- /urcrypt/shell.nix: -------------------------------------------------------------------------------- 1 | let 2 | 3 | pkgs = import ../../default.nix { }; 4 | 5 | in pkgs.shellFor { 6 | name = "urcrypt"; 7 | packages = ps: [ ps.urcrypt ]; 8 | } 9 | -------------------------------------------------------------------------------- /urcrypt/urcrypt.go: -------------------------------------------------------------------------------- 1 | package urcrypt 2 | 3 | // #cgo LDFLAGS: -l urcrypt -l aes_siv 4 | // #include 5 | // #include "./urcrypt/urcrypt.h" 6 | import ( 7 | "C" 8 | ) 9 | import ( 10 | "fmt" 11 | "math/big" 12 | "unsafe" 13 | 14 | "github.com/stevelacy/go-urbit/noun" 15 | ) 16 | 17 | func UrcryptEdShar(public, seed [32]byte) []byte { 18 | out := C.malloc(32) 19 | public1 := (*C.uint8_t)(C.CBytes(public[:])) 20 | seed1 := (*C.uint8_t)(C.CBytes(seed[:])) 21 | 22 | defer C.free(unsafe.Pointer(out)) 23 | defer C.free(unsafe.Pointer(public1)) 24 | defer C.free(unsafe.Pointer(seed1)) 25 | 26 | C.urcrypt_ed_shar(public1, seed1, (*C.uint8_t)(out)) 27 | 28 | out1 := C.GoBytes(out, 32) 29 | 30 | return out1 31 | } 32 | 33 | func UrcryptAESSivcEn(message *big.Int, AESSivData [][]byte, key [64]byte) (error, [16]byte, *big.Int) { 34 | b := noun.BigToLittle(message) 35 | message1 := (*C.uint8_t)(C.CBytes(b[:])) 36 | msgLen := len(b) 37 | msgLenU := (C.ulong)(msgLen) 38 | iv := C.malloc(16) 39 | 40 | accum := []C.urcrypt_aes_siv_data{} 41 | for _, v := range AESSivData { 42 | vv := C.Cbytes(v) 43 | defer C.free(unsafe.Pointer(vv)) 44 | item := C.urcrypt_aes_siv_data{ 45 | length: (C.ulong)(len(v)), 46 | bytes: (*C.uint8_t)(vv), 47 | } 48 | accum = append(accum, item) 49 | } 50 | accumLenU := (C.ulong)(len(accum)) 51 | 52 | out := C.malloc(msgLenU) 53 | key1 := (*C.uint8_t)(C.CBytes(key[:])) 54 | 55 | defer C.free(unsafe.Pointer(message1)) 56 | defer C.free(unsafe.Pointer(out)) 57 | defer C.free(unsafe.Pointer(key1)) 58 | defer C.free(unsafe.Pointer(iv)) 59 | 60 | cerr := C.urcrypt_aes_sivc_en(message1, msgLenU, (*C.urcrypt_aes_siv_data)(&accum[0]), accumLenU, key1, (*C.uint8_t)(iv), (*C.uint8_t)(out)) 61 | if cerr != 0 { 62 | return fmt.Errorf("urcrypt_aes_sivc_en: Failed to encrypt received error code: %d\n", cerr), [16]byte{}, big.NewInt(0) 63 | } 64 | 65 | out1 := C.GoBytes(out, (C.int)(msgLen)) 66 | iv1 := C.GoBytes(iv, 16) 67 | 68 | var iv2 [16]byte 69 | copy(iv2[:], iv1) 70 | 71 | b2 := noun.LittleToBig(out1) 72 | 73 | return nil, iv2, b2 74 | } 75 | 76 | func UrcryptAESSivcDe(message *big.Int, AESSivData [][]byte, key [64]byte, iv [16]byte) (*big.Int, error) { 77 | b := noun.BigToLittle(message) 78 | message1 := (*C.uint8_t)(C.CBytes(b[:])) 79 | msgLen := len(b) 80 | msgLenU := (C.ulong)(msgLen) 81 | iv1 := (*C.uint8_t)(C.CBytes(iv[:])) 82 | 83 | data := []C.urcrypt_aes_siv_data{} 84 | for _, v := range AESSivData { 85 | vv := C.Cbytes(v) 86 | defer C.free(unsafe.Pointer(vv)) 87 | item := C.urcrypt_aes_siv_data{ 88 | length: (C.ulong)(len(v)), 89 | bytes: (*C.uint8_t)(vv), 90 | } 91 | data = append(data, item) 92 | } 93 | accumLenU := (C.ulong)(len(data)) 94 | 95 | out := C.malloc(msgLenU) 96 | key1 := (*C.uint8_t)(C.CBytes(key[:])) 97 | 98 | defer C.free(unsafe.Pointer(message1)) 99 | defer C.free(unsafe.Pointer(out)) 100 | defer C.free(unsafe.Pointer(key1)) 101 | defer C.free(unsafe.Pointer(iv1)) 102 | 103 | cerr := C.urcrypt_aes_sivc_de(message1, msgLenU, (*C.urcrypt_aes_siv_data)(&data[0]), accumLenU, key1, (*C.uint8_t)(iv1), (*C.uint8_t)(out)) 104 | if cerr != 0 { 105 | return big.NewInt(0), fmt.Errorf("urcrypt_aes_sivc_de: Failed to decrypt received error code: %d\n", cerr) 106 | } 107 | out1 := C.GoBytes(out, (C.int)(msgLen)) 108 | 109 | b2 := big.NewInt(0) 110 | b2.SetBytes(out1) 111 | 112 | b3 := noun.LittleToBig(out1) 113 | 114 | return b3, nil 115 | } 116 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/aes_cbc.c: -------------------------------------------------------------------------------- 1 | #include "urcrypt.h" 2 | #include "util.h" 3 | #include 4 | #include 5 | 6 | static int 7 | urcrypt__cbc_pad(uint8_t **message_ptr, 8 | size_t *length_ptr, 9 | urcrypt_realloc_t realloc_ptr) 10 | { 11 | size_t length = *length_ptr, 12 | remain = length % 16; 13 | 14 | if ( 0 == remain ) { 15 | // no padding needed 16 | return 0; 17 | } 18 | else { 19 | size_t padding = 16 - remain, 20 | padded = length + padding; 21 | 22 | if ( padded < length ) { 23 | // size_t overflow 24 | return -1; 25 | } 26 | else { 27 | uint8_t *out = (*realloc_ptr)(*message_ptr, padded); 28 | if ( NULL == out ) { 29 | return -2; 30 | } 31 | else { 32 | memset(out + length, 0, padding); 33 | *message_ptr = out; 34 | *length_ptr = padded; 35 | return 0; 36 | } 37 | } 38 | } 39 | } 40 | 41 | static int 42 | urcrypt__cbc_help(uint8_t **message_ptr, 43 | size_t *length_ptr, 44 | const AES_KEY *key, 45 | uint8_t ivec[16], 46 | const int enc, 47 | urcrypt_realloc_t realloc_ptr) 48 | { 49 | if ( 0 != urcrypt__cbc_pad(message_ptr, length_ptr, realloc_ptr) ) { 50 | return -1; 51 | } 52 | else { 53 | uint8_t *out = *message_ptr; 54 | size_t length = *length_ptr; 55 | urcrypt__reverse(16, ivec); 56 | urcrypt__reverse(length, out); 57 | AES_cbc_encrypt(out, out, length, key, ivec, enc); 58 | urcrypt__reverse(length, out); 59 | return 0; 60 | } 61 | } 62 | 63 | int 64 | urcrypt_aes_cbca_en(uint8_t **message_ptr, 65 | size_t *length_ptr, 66 | uint8_t key[16], 67 | uint8_t ivec[16], 68 | urcrypt_realloc_t realloc_ptr) 69 | { 70 | AES_KEY aes_key; 71 | 72 | urcrypt__reverse(16, key); 73 | 74 | if ( 0 != AES_set_encrypt_key(key, 128, &aes_key) ) { 75 | return -1; 76 | } 77 | else { 78 | return urcrypt__cbc_help(message_ptr, length_ptr, 79 | &aes_key, ivec, AES_ENCRYPT, realloc_ptr); 80 | } 81 | } 82 | 83 | int 84 | urcrypt_aes_cbca_de(uint8_t **message_ptr, 85 | size_t *length_ptr, 86 | uint8_t key[16], 87 | uint8_t ivec[16], 88 | urcrypt_realloc_t realloc_ptr) 89 | { 90 | AES_KEY aes_key; 91 | 92 | urcrypt__reverse(16, key); 93 | 94 | if ( 0 != AES_set_decrypt_key(key, 128, &aes_key) ) { 95 | return -1; 96 | } 97 | else { 98 | return urcrypt__cbc_help(message_ptr, length_ptr, 99 | &aes_key, ivec, AES_DECRYPT, realloc_ptr); 100 | } 101 | } 102 | 103 | int 104 | urcrypt_aes_cbcb_en(uint8_t **message_ptr, 105 | size_t *length_ptr, 106 | uint8_t key[24], 107 | uint8_t ivec[16], 108 | urcrypt_realloc_t realloc_ptr) 109 | { 110 | AES_KEY aes_key; 111 | 112 | urcrypt__reverse(24, key); 113 | 114 | if ( 0 != AES_set_encrypt_key(key, 192, &aes_key) ) { 115 | return -1; 116 | } 117 | else { 118 | return urcrypt__cbc_help(message_ptr, length_ptr, 119 | &aes_key, ivec, AES_ENCRYPT, realloc_ptr); 120 | } 121 | } 122 | 123 | int 124 | urcrypt_aes_cbcb_de(uint8_t **message_ptr, 125 | size_t *length_ptr, 126 | uint8_t key[24], 127 | uint8_t ivec[16], 128 | urcrypt_realloc_t realloc_ptr) 129 | { 130 | AES_KEY aes_key; 131 | 132 | urcrypt__reverse(24, key); 133 | 134 | if ( 0 != AES_set_decrypt_key(key, 192, &aes_key) ) { 135 | return -1; 136 | } 137 | else { 138 | return urcrypt__cbc_help(message_ptr, length_ptr, 139 | &aes_key, ivec, AES_DECRYPT, realloc_ptr); 140 | } 141 | } 142 | 143 | int 144 | urcrypt_aes_cbcc_en(uint8_t **message_ptr, 145 | size_t *length_ptr, 146 | uint8_t key[32], 147 | uint8_t ivec[16], 148 | urcrypt_realloc_t realloc_ptr) 149 | { 150 | AES_KEY aes_key; 151 | 152 | urcrypt__reverse(32, key); 153 | 154 | if ( 0 != AES_set_encrypt_key(key, 256, &aes_key) ) { 155 | return -1; 156 | } 157 | else { 158 | return urcrypt__cbc_help(message_ptr, length_ptr, 159 | &aes_key, ivec, AES_ENCRYPT, realloc_ptr); 160 | } 161 | } 162 | 163 | int 164 | urcrypt_aes_cbcc_de(uint8_t **message_ptr, 165 | size_t *length_ptr, 166 | uint8_t key[32], 167 | uint8_t ivec[16], 168 | urcrypt_realloc_t realloc_ptr) 169 | { 170 | AES_KEY aes_key; 171 | 172 | urcrypt__reverse(32, key); 173 | 174 | if ( 0 != AES_set_decrypt_key(key, 256, &aes_key) ) { 175 | return -1; 176 | } 177 | else { 178 | return urcrypt__cbc_help(message_ptr, length_ptr, 179 | &aes_key, ivec, AES_DECRYPT, realloc_ptr); 180 | } 181 | } 182 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/aes_ecb.c: -------------------------------------------------------------------------------- 1 | #include "urcrypt.h" 2 | #include "util.h" 3 | #include 4 | 5 | int 6 | urcrypt_aes_ecba_en(uint8_t key[16], uint8_t block[16], uint8_t out[16]) 7 | { 8 | AES_KEY aes_key; 9 | 10 | urcrypt__reverse(16, key); 11 | urcrypt__reverse(16, block); 12 | 13 | if ( 0 != AES_set_encrypt_key(key, 128, &aes_key) ) { 14 | return -1; 15 | } 16 | else { 17 | AES_ecb_encrypt(block, out, &aes_key, AES_ENCRYPT); 18 | urcrypt__reverse(16, out); 19 | return 0; 20 | } 21 | } 22 | 23 | int 24 | urcrypt_aes_ecba_de(uint8_t key[16], uint8_t block[16], uint8_t out[16]) 25 | { 26 | AES_KEY aes_key; 27 | 28 | urcrypt__reverse(16, key); 29 | urcrypt__reverse(16, block); 30 | 31 | if ( 0 != AES_set_decrypt_key(key, 128, &aes_key) ) { 32 | return -1; 33 | } 34 | else { 35 | AES_ecb_encrypt(block, out, &aes_key, AES_DECRYPT); 36 | urcrypt__reverse(16, out); 37 | return 0; 38 | } 39 | } 40 | 41 | int 42 | urcrypt_aes_ecbb_en(uint8_t key[24], uint8_t block[16], uint8_t out[16]) 43 | { 44 | AES_KEY aes_key; 45 | 46 | urcrypt__reverse(24, key); 47 | urcrypt__reverse(16, block); 48 | 49 | if ( 0 != AES_set_encrypt_key(key, 192, &aes_key) ) { 50 | return -1; 51 | } 52 | else { 53 | AES_ecb_encrypt(block, out, &aes_key, AES_ENCRYPT); 54 | urcrypt__reverse(16, out); 55 | return 0; 56 | } 57 | } 58 | 59 | int 60 | urcrypt_aes_ecbb_de(uint8_t key[24], uint8_t block[16], uint8_t out[16]) 61 | { 62 | AES_KEY aes_key; 63 | 64 | urcrypt__reverse(24, key); 65 | urcrypt__reverse(16, block); 66 | 67 | if ( 0 != AES_set_decrypt_key(key, 192, &aes_key) ) { 68 | return -1; 69 | } 70 | else { 71 | AES_ecb_encrypt(block, out, &aes_key, AES_DECRYPT); 72 | urcrypt__reverse(16, out); 73 | return 0; 74 | } 75 | } 76 | 77 | int 78 | urcrypt_aes_ecbc_en(uint8_t key[32], uint8_t block[16], uint8_t out[16]) 79 | { 80 | AES_KEY aes_key; 81 | 82 | urcrypt__reverse(32, key); 83 | urcrypt__reverse(16, block); 84 | 85 | if ( 0 != AES_set_encrypt_key(key, 256, &aes_key) ) { 86 | return -1; 87 | } 88 | else { 89 | AES_ecb_encrypt(block, out, &aes_key, AES_ENCRYPT); 90 | urcrypt__reverse(16, out); 91 | return 0; 92 | } 93 | } 94 | 95 | int 96 | urcrypt_aes_ecbc_de(uint8_t key[32], uint8_t block[16], uint8_t out[16]) 97 | { 98 | AES_KEY aes_key; 99 | 100 | urcrypt__reverse(32, key); 101 | urcrypt__reverse(16, block); 102 | 103 | if ( 0 != AES_set_decrypt_key(key, 256, &aes_key) ) { 104 | return -1; 105 | } 106 | else { 107 | AES_ecb_encrypt(block, out, &aes_key, AES_DECRYPT); 108 | urcrypt__reverse(16, out); 109 | return 0; 110 | } 111 | } 112 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/aes_siv.c: -------------------------------------------------------------------------------- 1 | #include "urcrypt.h" 2 | #include "util.h" 3 | #include 4 | 5 | static AES_SIV_CTX* 6 | urcrypt__aes_siv_init(uint8_t *key, 7 | size_t key_length, 8 | urcrypt_aes_siv_data *data, 9 | size_t data_length) 10 | { 11 | AES_SIV_CTX *ctx = AES_SIV_CTX_new(); 12 | if ( NULL == ctx ) { 13 | return NULL; 14 | } 15 | else { 16 | urcrypt__reverse(key_length, key); 17 | if ( 0 == AES_SIV_Init(ctx, key, key_length) ) { 18 | AES_SIV_CTX_free(ctx); 19 | return NULL; 20 | } 21 | else { 22 | size_t i, len; 23 | uint8_t *dat; 24 | 25 | for ( i = 0; i < data_length; ++i ) { 26 | len = data[i].length; 27 | dat = data[i].bytes; 28 | urcrypt__reverse(len, dat); 29 | if ( 0 == AES_SIV_AssociateData(ctx, dat, len) ) { 30 | AES_SIV_CTX_free(ctx); 31 | return NULL; 32 | } 33 | } 34 | 35 | return ctx; 36 | } 37 | } 38 | } 39 | 40 | static int 41 | urcrypt__aes_siv_en(uint8_t *key, 42 | size_t key_length, 43 | uint8_t *message, 44 | size_t message_length, 45 | urcrypt_aes_siv_data *data, 46 | size_t data_length, 47 | uint8_t iv[16], 48 | uint8_t *out) 49 | { 50 | AES_SIV_CTX *ctx = urcrypt__aes_siv_init(key, key_length, data, data_length); 51 | 52 | if ( NULL == ctx ) { 53 | return -1; 54 | } 55 | else { 56 | int ret; 57 | urcrypt__reverse(message_length, message); 58 | ret = AES_SIV_EncryptFinal(ctx, iv, out, message, message_length); 59 | AES_SIV_CTX_free(ctx); 60 | 61 | if ( 0 == ret ) { 62 | return -2; 63 | } 64 | else { 65 | urcrypt__reverse(16, iv); 66 | urcrypt__reverse(message_length, out); 67 | return 0; 68 | } 69 | } 70 | } 71 | 72 | static int 73 | urcrypt__aes_siv_de(uint8_t *key, 74 | size_t key_length, 75 | uint8_t *message, 76 | size_t message_length, 77 | urcrypt_aes_siv_data *data, 78 | size_t data_length, 79 | uint8_t iv[16], 80 | uint8_t *out) 81 | { 82 | AES_SIV_CTX *ctx = urcrypt__aes_siv_init(key, key_length, data, data_length); 83 | 84 | if ( NULL == ctx ) { 85 | return -1; 86 | } 87 | else { 88 | int ret; 89 | 90 | urcrypt__reverse(message_length, message); 91 | urcrypt__reverse(16, iv); 92 | ret = AES_SIV_DecryptFinal(ctx, out, iv, message, message_length); 93 | AES_SIV_CTX_free(ctx); 94 | 95 | if ( 0 == ret ) { 96 | return -2; 97 | } 98 | else { 99 | urcrypt__reverse(message_length, out); 100 | return 0; 101 | } 102 | } 103 | } 104 | 105 | int 106 | urcrypt_aes_siva_en(uint8_t *message, 107 | size_t message_length, 108 | urcrypt_aes_siv_data *data, 109 | size_t data_length, 110 | uint8_t key[32], 111 | uint8_t iv[16], 112 | uint8_t *out) 113 | { 114 | return urcrypt__aes_siv_en(key, 32, 115 | message, message_length, data, data_length, iv, out); 116 | } 117 | 118 | int 119 | urcrypt_aes_siva_de(uint8_t *message, 120 | size_t message_length, 121 | urcrypt_aes_siv_data *data, 122 | size_t data_length, 123 | uint8_t key[32], 124 | uint8_t iv[16], 125 | uint8_t *out) 126 | { 127 | return urcrypt__aes_siv_de(key, 32, 128 | message, message_length, data, data_length, iv, out); 129 | } 130 | 131 | int 132 | urcrypt_aes_sivb_en(uint8_t *message, 133 | size_t message_length, 134 | urcrypt_aes_siv_data *data, 135 | size_t data_length, 136 | uint8_t key[48], 137 | uint8_t iv[16], 138 | uint8_t *out) 139 | { 140 | return urcrypt__aes_siv_en(key, 48, 141 | message, message_length, data, data_length, iv, out); 142 | } 143 | 144 | int 145 | urcrypt_aes_sivb_de(uint8_t *message, 146 | size_t message_length, 147 | urcrypt_aes_siv_data *data, 148 | size_t data_length, 149 | uint8_t key[48], 150 | uint8_t iv[16], 151 | uint8_t *out) 152 | { 153 | return urcrypt__aes_siv_de(key, 48, 154 | message, message_length, data, data_length, iv, out); 155 | } 156 | 157 | int 158 | urcrypt_aes_sivc_en(uint8_t *message, 159 | size_t message_length, 160 | urcrypt_aes_siv_data *data, 161 | size_t data_length, 162 | uint8_t key[64], 163 | uint8_t iv[16], 164 | uint8_t *out) 165 | { 166 | return urcrypt__aes_siv_en(key, 64, 167 | message, message_length, data, data_length, iv, out); 168 | } 169 | 170 | int 171 | urcrypt_aes_sivc_de(uint8_t *message, 172 | size_t message_length, 173 | urcrypt_aes_siv_data *data, 174 | size_t data_length, 175 | uint8_t key[64], 176 | uint8_t iv[16], 177 | uint8_t *out) 178 | { 179 | return urcrypt__aes_siv_de(key, 64, 180 | message, message_length, data, data_length, iv, out); 181 | } 182 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/argon.c: -------------------------------------------------------------------------------- 1 | #include "urcrypt.h" 2 | #include "util.h" 3 | #include 4 | #include 5 | 6 | // library convention is to have sizes in size_t, but argon2 wants them 7 | // in uint32_t, so here's a helper macro for ensuring equivalence. 8 | #define SZ_32(s) ( sizeof(size_t) <= sizeof(uint32_t) || s <= 0xFFFFFFFF ) 9 | 10 | const char* 11 | urcrypt_argon2(uint8_t type, 12 | uint32_t version, 13 | uint32_t threads, 14 | uint32_t memory_cost, 15 | uint32_t time_cost, 16 | size_t secret_length, 17 | uint8_t *secret, 18 | size_t associated_length, 19 | uint8_t *associated, 20 | size_t password_length, 21 | uint8_t *password, 22 | size_t salt_length, 23 | uint8_t *salt, 24 | size_t out_length, 25 | uint8_t *out, 26 | urcrypt_argon2_alloc_t alloc_ptr, 27 | urcrypt_argon2_free_t free_ptr) 28 | { 29 | if ( !( SZ_32(secret_length) && 30 | SZ_32(associated_length) && 31 | SZ_32(password_length) && 32 | SZ_32(salt_length) && 33 | SZ_32(out_length) ) ) { 34 | return "length > 32 bits"; 35 | } 36 | else { 37 | int (*f)(argon2_context*); 38 | int result; 39 | 40 | switch ( type ) { 41 | default: 42 | return "unknown type"; 43 | case urcrypt_argon2_d: 44 | f = &argon2d_ctx; 45 | break; 46 | case urcrypt_argon2_i: 47 | f = &argon2i_ctx; 48 | break; 49 | case urcrypt_argon2_id: 50 | f = &argon2id_ctx; 51 | break; 52 | case urcrypt_argon2_u: 53 | f = &argon2u_ctx; 54 | break; 55 | } 56 | 57 | urcrypt__reverse(secret_length, secret); 58 | urcrypt__reverse(associated_length, associated); 59 | urcrypt__reverse(password_length, password); 60 | urcrypt__reverse(salt_length, salt); 61 | 62 | argon2_context context = { 63 | out, // output array, at least [digest length] in size 64 | out_length, // digest length 65 | password, // password array 66 | password_length, // password length 67 | salt, // salt array 68 | salt_length, // salt length 69 | secret, // optional secret data 70 | secret_length, 71 | associated, // optional associated data 72 | associated_length, 73 | time_cost, // performance cost configuration 74 | memory_cost, 75 | threads, 76 | threads, 77 | version, // algorithm version 78 | alloc_ptr, // custom memory allocation function 79 | free_ptr, // custom memory deallocation function 80 | ARGON2_DEFAULT_FLAGS // by default only internal memory is cleared 81 | }; 82 | 83 | result = (*f)(&context); 84 | 85 | if ( ARGON2_OK != result ) { 86 | return argon2_error_message(result); 87 | } 88 | else { 89 | urcrypt__reverse(out_length, out); 90 | return NULL; 91 | } 92 | } 93 | } 94 | 95 | int 96 | urcrypt_blake2(size_t message_length, 97 | uint8_t *message, 98 | size_t key_length, 99 | uint8_t key[64], 100 | size_t out_length, 101 | uint8_t *out) 102 | { 103 | if ( key_length > 64 ) { 104 | return -1; 105 | } 106 | else { 107 | urcrypt__reverse(message_length, message); 108 | urcrypt__reverse(key_length, key); 109 | 110 | if ( 0 != blake2b(out, out_length, 111 | message, message_length, 112 | key, key_length)) { 113 | return -1; 114 | } 115 | else { 116 | urcrypt__reverse(out_length, out); 117 | return 0; 118 | } 119 | } 120 | } 121 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/ed25519.c: -------------------------------------------------------------------------------- 1 | #include "urcrypt.h" 2 | #include 3 | #include 4 | 5 | void 6 | urcrypt_ed_puck(const uint8_t seed[32], 7 | uint8_t out[32]) 8 | { 9 | uint8_t secret[64]; 10 | ed25519_create_keypair(out, secret, seed); 11 | } 12 | 13 | void 14 | urcrypt_ed_shar(const uint8_t public[32], 15 | const uint8_t seed[32], 16 | uint8_t out[32]) 17 | { 18 | uint8_t self[32], exp[64]; 19 | 20 | memset(self, 0, 32); 21 | memset(exp, 0, 64); 22 | memset(out, 0, 32); 23 | 24 | ed25519_create_keypair(self, exp, seed); 25 | ed25519_key_exchange(out, public, exp); 26 | } 27 | 28 | void 29 | urcrypt_ed_sign(const uint8_t *message, 30 | size_t length, 31 | const uint8_t seed[32], 32 | uint8_t out[64]) 33 | { 34 | uint8_t public[64], secret[64]; 35 | 36 | memset(public, 0, 64); 37 | memset(secret, 0, 64); 38 | memset(out, 0, 64); 39 | 40 | ed25519_create_keypair(public, secret, seed); 41 | ed25519_sign(out, message, length, public, secret); 42 | } 43 | 44 | bool 45 | urcrypt_ed_veri(const uint8_t *message, 46 | size_t length, 47 | const uint8_t public[32], 48 | const uint8_t signature[64]) 49 | { 50 | return ( ed25519_verify(signature, message, length, public) == 1 ) 51 | ? true 52 | : false; 53 | } 54 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/ge_additions.c: -------------------------------------------------------------------------------- 1 | #include "urcrypt.h" 2 | #include 3 | 4 | int 5 | urcrypt_ed_point_add(const uint8_t a[32], 6 | const uint8_t b[32], 7 | uint8_t out[32]) 8 | { 9 | ge_p3 A, B; 10 | ge_cached b_cached; 11 | ge_p1p1 sum; 12 | ge_p3 result; 13 | 14 | if ( ge_frombytes_negate_vartime(&A, a) != 0 ) { 15 | return -1; 16 | } 17 | 18 | if ( ge_frombytes_negate_vartime(&B, b) != 0 ) { 19 | return -1; 20 | } 21 | 22 | // Undo the negation from above. See add_scalar.c in the ed25519 distro. 23 | fe_neg(A.X, A.X); 24 | fe_neg(A.T, A.T); 25 | fe_neg(B.X, B.X); 26 | fe_neg(B.T, B.T); 27 | 28 | ge_p3_to_cached(&b_cached, &B); 29 | ge_add(&sum, &A, &b_cached); 30 | ge_p1p1_to_p3(&result, &sum); 31 | 32 | ge_p3_tobytes(out, &result); 33 | 34 | return 0; 35 | } 36 | 37 | int 38 | urcrypt_ed_scalarmult(const uint8_t a[32], 39 | const uint8_t b[32], 40 | uint8_t out[32]) 41 | { 42 | ge_p3 B, result; 43 | 44 | if ( ge_frombytes_negate_vartime(&B, b) != 0 ) { 45 | return -1; 46 | } 47 | 48 | // Undo the negation from above. See add_scalar.c in the ed25519 distro. 49 | fe_neg(B.X, B.X); 50 | fe_neg(B.T, B.T); 51 | 52 | ge_scalarmult(&result, a, &B); 53 | ge_p3_tobytes(out, &result); 54 | return 0; 55 | } 56 | 57 | void 58 | urcrypt_ed_scalarmult_base(const uint8_t a[32], 59 | uint8_t out[32]) 60 | { 61 | ge_p3 R; 62 | ge_scalarmult_base(&R, a); 63 | ge_p3_tobytes(out, &R); 64 | } 65 | 66 | int 67 | urcrypt_ed_add_scalarmult_scalarmult_base(const uint8_t a[32], 68 | const uint8_t a_point[32], 69 | const uint8_t b[32], 70 | uint8_t out[32]) 71 | { 72 | ge_p2 r; 73 | ge_p3 A; 74 | 75 | if (ge_frombytes_negate_vartime(&A, a_point) != 0) { 76 | return -1; 77 | } 78 | 79 | // Undo the negation from above. See add_scalar.c in the ed25519 distro. 80 | fe_neg(A.X, A.X); 81 | fe_neg(A.T, A.T); 82 | 83 | ge_double_scalarmult_vartime(&r, a, &A, b); 84 | ge_tobytes(out, &r); 85 | 86 | return 0; 87 | } 88 | 89 | int 90 | urcrypt_ed_add_double_scalarmult(const uint8_t a[32], 91 | const uint8_t a_point[32], 92 | const uint8_t b[32], 93 | const uint8_t b_point[32], 94 | uint8_t out[32]) 95 | { 96 | ge_p3 A, B, a_result, b_result, final_result; 97 | ge_cached b_result_cached; 98 | ge_p1p1 sum; 99 | 100 | if ( ge_frombytes_negate_vartime(&A, a_point) != 0 ) { 101 | return -1; 102 | } 103 | 104 | if ( ge_frombytes_negate_vartime(&B, b_point) != 0 ) { 105 | return -1; 106 | } 107 | 108 | // Undo the negation from above. See add_scalar.c in the ed25519 distro. 109 | fe_neg(A.X, A.X); 110 | fe_neg(A.T, A.T); 111 | fe_neg(B.X, B.X); 112 | fe_neg(B.T, B.T); 113 | 114 | // Perform the multiplications of a*A and b*B 115 | ge_scalarmult(&a_result, a, &A); 116 | ge_scalarmult(&b_result, b, &B); 117 | 118 | // Sum those two points 119 | ge_p3_to_cached(&b_result_cached, &b_result); 120 | ge_add(&sum, &a_result, &b_result_cached); 121 | 122 | ge_p1p1_to_p3(&final_result, &sum); 123 | ge_p3_tobytes(out, &final_result); 124 | 125 | return 0; 126 | } 127 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/keccak.c: -------------------------------------------------------------------------------- 1 | #include "urcrypt.h" 2 | #include "util.h" 3 | #include 4 | 5 | #define defkec(bits,byts) \ 6 | int urcrypt_keccak_##bits(const uint8_t *message, size_t length, \ 7 | uint8_t out[byts]) \ 8 | { \ 9 | if ( 0 == keccak_##bits(out, byts, message, length) ) { \ 10 | urcrypt__reverse(byts, out); \ 11 | return 0; \ 12 | } \ 13 | else { \ 14 | return -1; \ 15 | }\ 16 | } 17 | 18 | defkec(224, 28) 19 | defkec(256, 32) 20 | defkec(384, 48) 21 | defkec(512, 64) 22 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/ripemd.c: -------------------------------------------------------------------------------- 1 | #include "urcrypt.h" 2 | #include "util.h" 3 | #include 4 | 5 | int 6 | urcrypt_ripemd160(uint8_t *message, size_t length, uint8_t out[20]) 7 | { 8 | unsigned long n = length; 9 | 10 | if ( length != n ) { 11 | return -1; 12 | } 13 | else { 14 | urcrypt__reverse(length, message); 15 | RIPEMD160(message, n, out); 16 | urcrypt__reverse(20, out); 17 | return 0; 18 | } 19 | } 20 | 21 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/scrypt.c: -------------------------------------------------------------------------------- 1 | #include "urcrypt.h" 2 | #include 3 | #include 4 | 5 | void 6 | urcrypt_scrypt_pbkdf_sha256(const uint8_t *passwd, 7 | size_t passwdlen, 8 | const uint8_t *salt, 9 | size_t saltlen, 10 | uint64_t count, 11 | size_t outlen, // must be at most 32*(2^32-1) 12 | uint8_t *out) 13 | { 14 | libscrypt_PBKDF2_SHA256( 15 | passwd, passwdlen, salt, saltlen, count, out, outlen); 16 | } 17 | 18 | int 19 | urcrypt_scrypt(const uint8_t *passwd, 20 | size_t passwdlen, 21 | const uint8_t *salt, 22 | size_t saltlen, 23 | uint64_t n, 24 | uint32_t r, 25 | uint32_t p, 26 | size_t outlen, 27 | uint8_t *out) 28 | { 29 | return libscrypt_scrypt( 30 | passwd, passwdlen, salt, saltlen, n, r, p, out, outlen); 31 | } 32 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/sha.c: -------------------------------------------------------------------------------- 1 | #include "urcrypt.h" 2 | #include "util.h" 3 | #include 4 | 5 | void 6 | urcrypt_sha1(uint8_t *message, size_t length, uint8_t out[20]) 7 | { 8 | urcrypt__reverse(length, message); 9 | SHA1(message, length, out); 10 | urcrypt__reverse(20, out); 11 | } 12 | 13 | void 14 | urcrypt_shay(const uint8_t *message, size_t length, uint8_t out[32]) 15 | { 16 | SHA256(message, length, out); 17 | } 18 | 19 | void 20 | urcrypt_shal(const uint8_t *message, size_t length, uint8_t out[64]) 21 | { 22 | SHA512(message, length, out); 23 | } 24 | 25 | void 26 | urcrypt_shas(uint8_t *salt, size_t salt_length, 27 | const uint8_t *message, size_t message_length, 28 | uint8_t out[32]) 29 | { 30 | size_t i; 31 | uint8_t mid[32]; 32 | 33 | // docs don't say what happens if msg overlaps with out 34 | urcrypt_shay(message, message_length, mid); 35 | 36 | if ( salt_length > 32 ) { 37 | for ( i = 0; i < 32; i++ ) { 38 | salt[i] ^= mid[i]; 39 | } 40 | urcrypt_shay(salt, salt_length, out); 41 | } 42 | else { 43 | for ( i = 0; i < salt_length; i++ ) { 44 | mid[i] ^= salt[i]; 45 | } 46 | urcrypt_shay(mid, 32, out); 47 | } 48 | } 49 | 50 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/util.c: -------------------------------------------------------------------------------- 1 | #include "urcrypt.h" 2 | 3 | void 4 | urcrypt__reverse(size_t size, uint8_t *ptr) { 5 | if ( size > 0 ) { 6 | size_t i, j; 7 | uint8_t tmp; 8 | for ( i = 0, j = size - 1; i < j; i++, j-- ) { 9 | tmp = ptr[i]; 10 | ptr[i] = ptr[j]; 11 | ptr[j] = tmp; 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /urcrypt/urcrypt/util.h: -------------------------------------------------------------------------------- 1 | #ifndef URCRYPT_UTIL_H 2 | #define URCRYPT_UTIL_H 3 | 4 | void urcrypt__reverse(size_t size, uint8_t *ptr); 5 | 6 | #endif 7 | -------------------------------------------------------------------------------- /urcrypt/urcrypt_test.go: -------------------------------------------------------------------------------- 1 | package urcrypt 2 | 3 | import ( 4 | "math/big" 5 | "reflect" 6 | "testing" 7 | ) 8 | 9 | func TestBuild(t *testing.T) { 10 | a := [32]byte{4} 11 | b := [32]byte{6} 12 | c1 := []byte{186, 34, 105, 120, 127, 104, 221, 180, 156, 197, 25, 25, 94, 74, 231, 55, 137, 221, 77, 66, 235, 236, 209, 171, 187, 184, 169, 153, 84, 230, 9, 7} 13 | 14 | r1 := UrcryptEdShar(a, b) 15 | if !reflect.DeepEqual(r1, c1) { 16 | t.Errorf("expected %s got %s", c1, r1) 17 | } 18 | } 19 | 20 | func TestUrcryptAESSivcEn(t *testing.T) { 21 | siv := [][]byte{{2}} 22 | c1 := big.NewInt(159) 23 | c2 := [16]byte{137, 220, 113, 64, 125, 70, 107, 227, 161, 165, 106, 235, 180, 199, 98, 161} 24 | 25 | _, iv, r1 := UrcryptAESSivcEn(big.NewInt(2), siv, [64]byte{4}) 26 | if !reflect.DeepEqual(r1, c1) { 27 | t.Errorf("expected %d got %d", c1, r1) 28 | } 29 | if !reflect.DeepEqual(c2, iv) { 30 | t.Errorf("expected %d got %d", c2, iv) 31 | } 32 | 33 | data2 := [][]byte{{2}, {1}} 34 | c3 := big.NewInt(59301) 35 | c4 := [16]byte{43, 66, 159, 14, 114, 106, 238, 44, 82, 27, 175, 196, 130, 12, 13, 67} 36 | 37 | _, iv2, r2 := UrcryptAESSivcEn(big.NewInt(256), data2, [64]byte{48}) 38 | if !reflect.DeepEqual(r2, c3) { 39 | t.Errorf("expected %d got %d", c3, r2) 40 | } 41 | if !reflect.DeepEqual(c4, iv2) { 42 | t.Errorf("expected %d got %d", c4, iv2) 43 | } 44 | } 45 | 46 | func TestUrcryptAESSivcDe(t *testing.T) { 47 | siv := [][]byte{{2}} 48 | c1 := big.NewInt(2) 49 | c2 := [16]byte{137, 220, 113, 64, 125, 70, 107, 227, 161, 165, 106, 235, 180, 199, 98, 161} 50 | ba1 := big.NewInt(159) 51 | 52 | r1, _ := UrcryptAESSivcDe(ba1, siv, [64]byte{4}, c2) 53 | 54 | if !reflect.DeepEqual(c1, r1) { 55 | t.Errorf("expected %d got %d", c1, r1) 56 | } 57 | 58 | } 59 | --------------------------------------------------------------------------------