From 331efce602661e002c33199baa75ee767bbd802f Mon Sep 17 00:00:00 2001 From: irungentoo Date: Sat, 13 Sep 2014 23:08:16 -0400 Subject: [PATCH] Properly ported a toxencryptsave function to NaCl. removed now useless files. --- toxencryptsave/Makefile.inc | 4 - .../crypto_auth_hmacsha256.h | 65 ---- .../crypto_hash_sha256.h | 61 ---- .../hash_sha256.c | 300 ------------------ .../hmac_hmacsha256.c | 115 ------- .../pbkdf2-sha256.c | 32 +- toxencryptsave/toxencryptsave.c | 16 +- 7 files changed, 29 insertions(+), 564 deletions(-) delete mode 100644 toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h delete mode 100644 toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h delete mode 100644 toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c delete mode 100644 toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c diff --git a/toxencryptsave/Makefile.inc b/toxencryptsave/Makefile.inc index b4f06c90..1155e954 100644 --- a/toxencryptsave/Makefile.inc +++ b/toxencryptsave/Makefile.inc @@ -20,10 +20,6 @@ libtoxencryptsave_la_SOURCES = ../toxencryptsave/crypto_pwhash_scryptsalsa208sha ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.h \ ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c \ ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c \ - ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c \ - ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h \ - ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h \ - ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c \ ../toxencryptsave/toxencryptsave.h \ ../toxencryptsave/toxencryptsave.c diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h deleted file mode 100644 index 994c0942..00000000 --- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h +++ /dev/null @@ -1,65 +0,0 @@ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif -#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */ - -#ifndef crypto_auth_hmacsha256_H -#define crypto_auth_hmacsha256_H - -#include -#include "crypto_hash_sha256.h" -#include "export.h" - -#ifdef __cplusplus -# if __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -typedef struct crypto_auth_hmacsha256_state { - crypto_hash_sha256_state ictx; - crypto_hash_sha256_state octx; -} crypto_auth_hmacsha256_state; - -#define crypto_auth_hmacsha256_BYTES 32U -SODIUM_EXPORT -size_t crypto_auth_hmacsha256_bytes(void); - -#define crypto_auth_hmacsha256_KEYBYTES 32U -SODIUM_EXPORT -size_t crypto_auth_hmacsha256_keybytes(void); - -SODIUM_EXPORT -int crypto_auth_hmacsha256(unsigned char *out, - const unsigned char *in, - unsigned long long inlen, - const unsigned char *k); - -SODIUM_EXPORT -int crypto_auth_hmacsha256_verify(const unsigned char *h, - const unsigned char *in, - unsigned long long inlen, - const unsigned char *k); - -SODIUM_EXPORT -int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state, - const unsigned char *key, - size_t keylen); - -SODIUM_EXPORT -int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state, - const unsigned char *in, - unsigned long long inlen); - -SODIUM_EXPORT -int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state, - unsigned char *out); - -#ifdef __cplusplus -} -#endif - -#endif - -#endif diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h deleted file mode 100644 index cc6e3df1..00000000 --- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h +++ /dev/null @@ -1,61 +0,0 @@ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif -#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */ - -#ifndef crypto_hash_sha256_H -#define crypto_hash_sha256_H - -/* - * WARNING: Unless you absolutely need to use SHA256 for interoperatibility, - * purposes, you might want to consider crypto_generichash() instead. - * Unlike SHA256, crypto_generichash() is not vulnerable to length - * extension attacks. - */ - -#include -#include -#include - -#include "export.h" - -#ifdef __cplusplus -# if __GNUC__ -# pragma GCC diagnostic ignored "-Wlong-long" -# endif -extern "C" { -#endif - -typedef struct crypto_hash_sha256_state { - uint32_t state[8]; - uint32_t count[2]; - unsigned char buf[64]; -} crypto_hash_sha256_state; - -#define crypto_hash_sha256_BYTES 32U -SODIUM_EXPORT -size_t crypto_hash_sha256_bytes(void); - -SODIUM_EXPORT -int crypto_hash_sha256(unsigned char *out, const unsigned char *in, - unsigned long long inlen); - -SODIUM_EXPORT -int crypto_hash_sha256_init(crypto_hash_sha256_state *state); - -SODIUM_EXPORT -int crypto_hash_sha256_update(crypto_hash_sha256_state *state, - const unsigned char *in, - unsigned long long inlen); - -SODIUM_EXPORT -int crypto_hash_sha256_final(crypto_hash_sha256_state *state, - unsigned char *out); - -#ifdef __cplusplus -} -#endif - -#endif - -#endif diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c deleted file mode 100644 index 2fddc126..00000000 --- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c +++ /dev/null @@ -1,300 +0,0 @@ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif -#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */ - -/*- - * Copyright 2005,2007,2009 Colin Percival - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ - -//#include "api.h" -#include "crypto_hash_sha256.h" -#include "utils.h" - -#include - -#include -#include -#include -#include - -/* Avoid namespace collisions with BSD . */ -#define be32dec _sha256_be32dec -#define be32enc _sha256_be32enc - -static inline uint32_t -be32dec(const void *pp) -{ - const uint8_t *p = (uint8_t const *)pp; - - return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) + - ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); -} - -static inline void -be32enc(void *pp, uint32_t x) -{ - uint8_t * p = (uint8_t *)pp; - - p[3] = x & 0xff; - p[2] = (x >> 8) & 0xff; - p[1] = (x >> 16) & 0xff; - p[0] = (x >> 24) & 0xff; -} - -static void -be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len) -{ - size_t i; - - for (i = 0; i < len / 4; i++) { - be32enc(dst + i * 4, src[i]); - } -} - -static void -be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len) -{ - size_t i; - - for (i = 0; i < len / 4; i++) { - dst[i] = be32dec(src + i * 4); - } -} - -#define Ch(x, y, z) ((x & (y ^ z)) ^ z) -#define Maj(x, y, z) ((x & (y | z)) | (y & z)) -#define SHR(x, n) (x >> n) -#define ROTR(x, n) ((x >> n) | (x << (32 - n))) -#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22)) -#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25)) -#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3)) -#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10)) - -#define RND(a, b, c, d, e, f, g, h, k) \ - t0 = h + S1(e) + Ch(e, f, g) + k; \ - t1 = S0(a) + Maj(a, b, c); \ - d += t0; \ - h = t0 + t1; - -#define RNDr(S, W, i, k) \ - RND(S[(64 - i) % 8], S[(65 - i) % 8], \ - S[(66 - i) % 8], S[(67 - i) % 8], \ - S[(68 - i) % 8], S[(69 - i) % 8], \ - S[(70 - i) % 8], S[(71 - i) % 8], \ - W[i] + k) - -static void -SHA256_Transform(uint32_t *state, const unsigned char block[64]) -{ - uint32_t W[64]; - uint32_t S[8]; - uint32_t t0, t1; - int i; - - be32dec_vect(W, block, 64); - for (i = 16; i < 64; i++) { - W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; - } - - memcpy(S, state, 32); - - RNDr(S, W, 0, 0x428a2f98); - RNDr(S, W, 1, 0x71374491); - RNDr(S, W, 2, 0xb5c0fbcf); - RNDr(S, W, 3, 0xe9b5dba5); - RNDr(S, W, 4, 0x3956c25b); - RNDr(S, W, 5, 0x59f111f1); - RNDr(S, W, 6, 0x923f82a4); - RNDr(S, W, 7, 0xab1c5ed5); - RNDr(S, W, 8, 0xd807aa98); - RNDr(S, W, 9, 0x12835b01); - RNDr(S, W, 10, 0x243185be); - RNDr(S, W, 11, 0x550c7dc3); - RNDr(S, W, 12, 0x72be5d74); - RNDr(S, W, 13, 0x80deb1fe); - RNDr(S, W, 14, 0x9bdc06a7); - RNDr(S, W, 15, 0xc19bf174); - RNDr(S, W, 16, 0xe49b69c1); - RNDr(S, W, 17, 0xefbe4786); - RNDr(S, W, 18, 0x0fc19dc6); - RNDr(S, W, 19, 0x240ca1cc); - RNDr(S, W, 20, 0x2de92c6f); - RNDr(S, W, 21, 0x4a7484aa); - RNDr(S, W, 22, 0x5cb0a9dc); - RNDr(S, W, 23, 0x76f988da); - RNDr(S, W, 24, 0x983e5152); - RNDr(S, W, 25, 0xa831c66d); - RNDr(S, W, 26, 0xb00327c8); - RNDr(S, W, 27, 0xbf597fc7); - RNDr(S, W, 28, 0xc6e00bf3); - RNDr(S, W, 29, 0xd5a79147); - RNDr(S, W, 30, 0x06ca6351); - RNDr(S, W, 31, 0x14292967); - RNDr(S, W, 32, 0x27b70a85); - RNDr(S, W, 33, 0x2e1b2138); - RNDr(S, W, 34, 0x4d2c6dfc); - RNDr(S, W, 35, 0x53380d13); - RNDr(S, W, 36, 0x650a7354); - RNDr(S, W, 37, 0x766a0abb); - RNDr(S, W, 38, 0x81c2c92e); - RNDr(S, W, 39, 0x92722c85); - RNDr(S, W, 40, 0xa2bfe8a1); - RNDr(S, W, 41, 0xa81a664b); - RNDr(S, W, 42, 0xc24b8b70); - RNDr(S, W, 43, 0xc76c51a3); - RNDr(S, W, 44, 0xd192e819); - RNDr(S, W, 45, 0xd6990624); - RNDr(S, W, 46, 0xf40e3585); - RNDr(S, W, 47, 0x106aa070); - RNDr(S, W, 48, 0x19a4c116); - RNDr(S, W, 49, 0x1e376c08); - RNDr(S, W, 50, 0x2748774c); - RNDr(S, W, 51, 0x34b0bcb5); - RNDr(S, W, 52, 0x391c0cb3); - RNDr(S, W, 53, 0x4ed8aa4a); - RNDr(S, W, 54, 0x5b9cca4f); - RNDr(S, W, 55, 0x682e6ff3); - RNDr(S, W, 56, 0x748f82ee); - RNDr(S, W, 57, 0x78a5636f); - RNDr(S, W, 58, 0x84c87814); - RNDr(S, W, 59, 0x8cc70208); - RNDr(S, W, 60, 0x90befffa); - RNDr(S, W, 61, 0xa4506ceb); - RNDr(S, W, 62, 0xbef9a3f7); - RNDr(S, W, 63, 0xc67178f2); - - for (i = 0; i < 8; i++) { - state[i] += S[i]; - } - - sodium_memzero((void *) W, sizeof W); - sodium_memzero((void *) S, sizeof S); - sodium_memzero((void *) &t0, sizeof t0); - sodium_memzero((void *) &t1, sizeof t1); -} - -static unsigned char PAD[64] = { - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -static void -SHA256_Pad(crypto_hash_sha256_state *state) -{ - unsigned char len[8]; - uint32_t r, plen; - - be32enc_vect(len, state->count, 8); - - r = (state->count[1] >> 3) & 0x3f; - plen = (r < 56) ? (56 - r) : (120 - r); - crypto_hash_sha256_update(state, PAD, (unsigned long long) plen); - - crypto_hash_sha256_update(state, len, 8); -} - -int -crypto_hash_sha256_init(crypto_hash_sha256_state *state) -{ - state->count[0] = state->count[1] = 0; - - state->state[0] = 0x6A09E667; - state->state[1] = 0xBB67AE85; - state->state[2] = 0x3C6EF372; - state->state[3] = 0xA54FF53A; - state->state[4] = 0x510E527F; - state->state[5] = 0x9B05688C; - state->state[6] = 0x1F83D9AB; - state->state[7] = 0x5BE0CD19; - - return 0; -} - -int -crypto_hash_sha256_update(crypto_hash_sha256_state *state, - const unsigned char *in, - unsigned long long inlen) -{ - uint32_t bitlen[2]; - uint32_t r; - - r = (state->count[1] >> 3) & 0x3f; - - bitlen[1] = ((uint32_t)inlen) << 3; - bitlen[0] = (uint32_t)(inlen >> 29); - - if ((state->count[1] += bitlen[1]) < bitlen[1]) { - state->count[0]++; - } - state->count[0] += bitlen[0]; - - if (inlen < 64 - r) { - memcpy(&state->buf[r], in, inlen); - return 0; - } - memcpy(&state->buf[r], in, 64 - r); - SHA256_Transform(state->state, state->buf); - in += 64 - r; - inlen -= 64 - r; - - while (inlen >= 64) { - SHA256_Transform(state->state, in); - in += 64; - inlen -= 64; - } - memcpy(state->buf, in, inlen); - - return 0; -} - -int -crypto_hash_sha256_final(crypto_hash_sha256_state *state, - unsigned char *out) -{ - SHA256_Pad(state); - be32enc_vect(out, state->state, 32); - sodium_memzero((void *) state, sizeof *state); - - return 0; -} - -int -crypto_hash(unsigned char *out, const unsigned char *in, - unsigned long long inlen) -{ - crypto_hash_sha256_state state; - - crypto_hash_sha256_init(&state); - crypto_hash_sha256_update(&state, in, inlen); - crypto_hash_sha256_final(&state, out); - - return 0; -} - -#endif diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c deleted file mode 100644 index 2a268075..00000000 --- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c +++ /dev/null @@ -1,115 +0,0 @@ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif -#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */ - -/*- - * Copyright 2005,2007,2009 Colin Percival - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - */ - -//#include "api.h" -#include "crypto_auth_hmacsha256.h" -#include "crypto_hash_sha256.h" -#include "utils.h" - -#include - -#include -#include - -int -crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state, - const unsigned char *key, - size_t keylen) -{ - unsigned char pad[64]; - unsigned char khash[32]; - size_t i; - - if (keylen > 64) { - crypto_hash_sha256_init(&state->ictx); - crypto_hash_sha256_update(&state->ictx, key, keylen); - crypto_hash_sha256_final(&state->ictx, khash); - key = khash; - keylen = 32; - } - crypto_hash_sha256_init(&state->ictx); - memset(pad, 0x36, 64); - for (i = 0; i < keylen; i++) { - pad[i] ^= key[i]; - } - crypto_hash_sha256_update(&state->ictx, pad, 64); - - crypto_hash_sha256_init(&state->octx); - memset(pad, 0x5c, 64); - for (i = 0; i < keylen; i++) { - pad[i] ^= key[i]; - } - crypto_hash_sha256_update(&state->octx, pad, 64); - - sodium_memzero((void *) khash, sizeof khash); - - return 0; -} - -int -crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state, - const unsigned char *in, - unsigned long long inlen) -{ - crypto_hash_sha256_update(&state->ictx, in, inlen); - - return 0; -} - -int -crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state, - unsigned char *out) -{ - unsigned char ihash[32]; - - crypto_hash_sha256_final(&state->ictx, ihash); - crypto_hash_sha256_update(&state->octx, ihash, 32); - crypto_hash_sha256_final(&state->octx, out); - - sodium_memzero((void *) ihash, sizeof ihash); - - return 0; -} - -int -crypto_auth(unsigned char *out, const unsigned char *in, - unsigned long long inlen, const unsigned char *k) -{ - crypto_auth_hmacsha256_state state; - - crypto_auth_hmacsha256_init(&state, k, crypto_auth_hmacsha256_KEYBYTES); - crypto_auth_hmacsha256_update(&state, in, inlen); - crypto_auth_hmacsha256_final(&state, out); - - return 0; -} -#endif diff --git a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c index 01eb7dff..3dfe54db 100644 --- a/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c +++ b/toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c @@ -35,7 +35,9 @@ #include #include -#include "crypto_auth_hmacsha256.h" +#include +#include + #include "pbkdf2-sha256.h" #include "sysendian.h" #include "utils.h" @@ -49,30 +51,34 @@ void PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen) { - crypto_auth_hmacsha256_state PShctx, hctx; + uint8_t key[32] = {0}; size_t i; - uint8_t ivec[4]; + uint8_t salt_and_ivec[saltlen + 4]; uint8_t U[32]; uint8_t T[32]; uint64_t j; int k; size_t clen; - crypto_auth_hmacsha256_init(&PShctx, passwd, passwdlen); - crypto_auth_hmacsha256_update(&PShctx, salt, saltlen); + if (passwdlen > 32) { + /* For some reason libsodium allows 64byte keys meaning keys + * between 32byte and 64bytes are not compatible with libsodium. + toxencryptsave should only give 32byte passwds so this isn't an issue here.*/ + crypto_hash_sha256(key, passwd, passwdlen); + } else { + memcpy(key, passwd, passwdlen); + } + + memcpy(salt_and_ivec, salt, saltlen); for (i = 0; i * 32 < dkLen; i++) { - be32enc(ivec, (uint32_t)(i + 1)); - memcpy(&hctx, &PShctx, sizeof(crypto_auth_hmacsha256_state)); - crypto_auth_hmacsha256_update(&hctx, ivec, 4); - crypto_auth_hmacsha256_final(&hctx, U); + be32enc(salt_and_ivec + saltlen, (uint32_t)(i + 1)); + crypto_auth_hmacsha256(U, salt_and_ivec, sizeof(salt_and_ivec), key); memcpy(T, U, 32); for (j = 2; j <= c; j++) { - crypto_auth_hmacsha256_init(&hctx, passwd, passwdlen); - crypto_auth_hmacsha256_update(&hctx, U, 32); - crypto_auth_hmacsha256_final(&hctx, U); + crypto_auth_hmacsha256(U, U, 32, key); for (k = 0; k < 32; k++) { T[k] ^= U[k]; @@ -85,7 +91,7 @@ PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt, } memcpy(&buf[i * 32], T, clen); } - sodium_memzero((void *) &PShctx, sizeof PShctx); + sodium_memzero((void *) key, sizeof(key)); } #endif diff --git a/toxencryptsave/toxencryptsave.c b/toxencryptsave/toxencryptsave.c index 89c47a03..9ae66097 100644 --- a/toxencryptsave/toxencryptsave.c +++ b/toxencryptsave/toxencryptsave.c @@ -31,6 +31,7 @@ #ifdef VANILLA_NACL #include "crypto_pwhash_scryptsalsa208sha256/crypto_pwhash_scryptsalsa208sha256.h" #include "crypto_pwhash_scryptsalsa208sha256/utils.h" /* sodium_memzero */ +#include #endif /* This "module" provides functions analogous to tox_load and tox_save in toxcore @@ -57,6 +58,8 @@ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint3 if (pplength == 0) return -1; + uint8_t passkey[crypto_hash_sha256_BYTES]; + crypto_hash_sha256(passkey, passphrase, pplength); /* First derive a key from the password */ /* http://doc.libsodium.org/key_derivation/README.html */ /* note that, according to the documentation, a generic pwhash interface will be created @@ -66,16 +69,14 @@ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint3 randombytes(salt, sizeof salt); if (crypto_pwhash_scryptsalsa208sha256( - key, sizeof(key), passphrase, pplength, salt, + key, sizeof(key), passkey, sizeof(passkey), salt, crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */ crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) { /* out of memory most likely */ return -1; } - /* calling sodium_memzero segfaults, but printing passphrase works, so... libsodium bug? - * ...eh, it's not segfaulting anywhere else, so I'll assume pebkac... - sodium_memzero(passphrase, pplength); /* wipe plaintext pw */ + sodium_memzero(passkey, crypto_hash_sha256_BYTES); /* wipe plaintext pw */ /* next get plain save data */ uint32_t temp_size = tox_size(tox); @@ -131,6 +132,9 @@ int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t * uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES]; uint8_t nonce[crypto_box_NONCEBYTES]; + uint8_t passkey[crypto_hash_sha256_BYTES]; + crypto_hash_sha256(passkey, passphrase, pplength); + memcpy(salt, data, crypto_pwhash_scryptsalsa208sha256_SALTBYTES); data += crypto_pwhash_scryptsalsa208sha256_SALTBYTES; memcpy(nonce, data, crypto_box_NONCEBYTES); @@ -140,14 +144,14 @@ int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t * uint8_t key[crypto_box_KEYBYTES]; if (crypto_pwhash_scryptsalsa208sha256( - key, sizeof(key), passphrase, pplength, salt, + key, sizeof(key), passkey, sizeof(passkey), salt, crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */ crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) { /* out of memory most likely */ return -1; } - /* sodium_memzero(passphrase, pplength); /* wipe plaintext pw */ + sodium_memzero(passkey, crypto_hash_sha256_BYTES); /* wipe plaintext pw */ /* decrypt the data */ uint8_t temp_data[decrypt_length];