StarMirror/toxcore
1
0
Fork 0
mirror of https://github.com/irungentoo/toxcore.git synced 2024-03-22 13:30:51 +08:00
Code Issues Projects Releases Wiki Activity

Merge branch 'encrypted_data' of https://github.com/dubslow/toxcore

Browse Source
This commit is contained in:
irungentoo 2014-09-13 21:29:33 -04:00
commit cbb526e83f
No known key found for this signature in database
GPG Key ID: 10349DC9BED89E98
30 changed files with 3064 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -7,7 +7,7 @@ before_script:
#installing libsodium, needed for Core
- git clone git://github.com/jedisct1/libsodium.git > /dev/null
- cd libsodium
- git checkout tags/0.4.2 > /dev/null
- git checkout tags/0.7.0 > /dev/null
- ./autogen.sh > /dev/null
- ./configure > /dev/null
- make check -j3 > /dev/null

15
auto_tests/Makefile.inc
View File

@ -1,7 +1,7 @@
if BUILD_TESTS
TESTS = messenger_autotest crypto_test network_test assoc_test onion_test TCP_test tox_test dht_autotest
check_PROGRAMS = messenger_autotest crypto_test network_test assoc_test onion_test TCP_test tox_test dht_autotest
TESTS = encryptsave_test messenger_autotest crypto_test network_test assoc_test onion_test TCP_test tox_test dht_autotest
check_PROGRAMS = encryptsave_test messenger_autotest crypto_test network_test assoc_test onion_test TCP_test tox_test dht_autotest
AUTOTEST_CFLAGS = \
$(LIBSODIUM_CFLAGS) \
@ -12,6 +12,7 @@ AUTOTEST_LDADD = \
$(LIBSODIUM_LDFLAGS) \
$(NACL_LDFLAGS) \
libtoxcore.la \
libtoxencryptsave.la \
$(LIBSODIUM_LIBS) \
$(NACL_OBJECTS) \
$(NACL_LIBS) \
@ -98,4 +99,12 @@ endif
endif
EXTRA_DIST += $(top_srcdir)/auto_tests/friends_test.c
encryptsave_test_SOURCES = ../auto_tests/encryptsave_test.c
encryptsave_test_CFLAGS = $(AUTOTEST_CFLAGS)
encryptsave_test_LDADD = $(AUTOTEST_LDADD)
EXTRA_DIST += $(top_srcdir)/auto_tests/friends_test.c

104
auto_tests/encryptsave_test.c Normal file
View File

@ -0,0 +1,104 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <sys/types.h>
#include <stdint.h>
#include <string.h>
#include <check.h>
#include <stdlib.h>
#include <time.h>
#include "helpers.h"
#include "../toxcore/tox.h"
#include "../toxencryptsave/toxencryptsave.h"
#include "../toxcore/crypto_core.h"
#ifdef VANILLA_NACL
#include "../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_pwhash_scryptsalsa208sha256.h"
#include "../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.h" /* sodium_memzero */
#endif
unsigned char salt[32] = {0xB1,0xC2,0x09,0xEE,0x50,0x6C,0xF0,0x20,0xC4,0xD6,0xEB,0xC0,0x44,0x51,0x3B,0x60,0x4B,0x39,0x4A,0xCF,0x09,0x53,0x4F,0xEA,0x08,0x41,0xFA,0xCA,0x66,0xD2,0x68,0x7F};
unsigned char key[crypto_box_BEFORENMBYTES] = {0xd1, 0x7, 0x4e, 0xfc, 0x49, 0x2d, 0x99, 0x16, 0xba, 0x4a, 0x4c, 0xc4, 0x92, 0x9, 0xb0, 0x9a, 0xa1, 0xa2, 0xe8, 0xe3, 0x45, 0xe7, 0xf5, 0x50, 0x54, 0x61, 0xd7, 0x3e, 0x2, 0x38, 0xe6, 0xa4};
char* pw = "hunter2";
unsigned int pwlen = 7;
/* cause I'm shameless */
void accept_friend_request(Tox *m, const uint8_t *public_key, const uint8_t *data, uint16_t length, void *userdata)
{
if (*((uint32_t *)userdata) != 974536)
return;
if (length == 7 && memcmp("Gentoo", data, 7) == 0) {
tox_add_friend_norequest(m, public_key);
}
}
START_TEST(test_known_kdf)
{
unsigned char out[crypto_box_BEFORENMBYTES];
crypto_pwhash_scryptsalsa208sha256(out,
crypto_box_BEFORENMBYTES,
pw,
pwlen,
salt,
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE,
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE);
ck_assert_msg(memcmp(out, key, crypto_box_BEFORENMBYTES) == 0, "derived key is wrong");
}
END_TEST
START_TEST(test_save_friend)
{
Tox *tox1 = tox_new(0);
Tox *tox2 = tox_new(0);
ck_assert_msg(tox1 || tox2, "Failed to create 2 tox instances");
uint32_t to_compare = 974536;
tox_callback_friend_request(tox2, accept_friend_request, &to_compare);
uint8_t address[TOX_FRIEND_ADDRESS_SIZE];
tox_get_address(tox2, address);
int test = tox_add_friend(tox1, address, (uint8_t *)"Gentoo", 7);
ck_assert_msg(test == 0, "Failed to add friend error code: %i", test);
uint32_t size = tox_encrypted_size(tox1);
uint8_t data[size];
test = tox_encrypted_save(tox1, data, "correcthorsebatterystaple", 25);
ck_assert_msg(test == 0, "failed to encrypted save");
ck_assert_msg(tox_is_data_encrypted(data) == 1, "magic number missing");
Tox *tox3 = tox_new(0);
test = tox_encrypted_load(tox3, data, size, "correcthorsebatterystaple", 25);
ck_assert_msg(test == 0, "failed to encrypted load");
uint8_t address2[TOX_CLIENT_ID_SIZE];
test = tox_get_client_id(tox3, 0, address2);
ck_assert_msg(test == 0, "no friends!");
ck_assert_msg(memcmp(address, address2, TOX_CLIENT_ID_SIZE) == 0, "addresses don't match!");
}
END_TEST
Suite * encryptsave_suite(void)
{
Suite *s = suite_create("encryptsave");
DEFTESTCASE_SLOW(known_kdf, 60); /* is 5-10 seconds on my computer, but is directly dependent on CPU */
DEFTESTCASE(save_friend);
return s;
}
int main(int argc, char *argv[])
{
srand((unsigned int) time(NULL));
Suite * encryptsave = encryptsave_suite();
SRunner *test_runner = srunner_create(encryptsave);
int number_failed = 0;
srunner_run_all(test_runner, CK_NORMAL);
number_failed = srunner_ntests_failed(test_runner);
srunner_free(test_runner);
return number_failed;
}

1
build/Makefile.am
View File

@ -6,6 +6,7 @@ EXTRA_DIST=
include ../toxcore/Makefile.inc
include ../toxdns/Makefile.inc
include ../toxencryptsave/Makefile.inc
include ../toxav/Makefile.inc
include ../other/Makefile.inc
include ../testing/Makefile.inc

2
libtoxcore.pc.in
View File

@ -7,5 +7,5 @@ Name: libtoxcore
Description: Tox protocol library
Requires:
Version: @PACKAGE_VERSION@
Libs: @NACL_OBJECTS_PKGCONFIG@ -L${libdir} @NACL_LDFLAGS@ -ltoxdns -ltoxcore @NACL_LIBS@ @LIBS@ @MATH_LDFLAGS@
Libs: @NACL_OBJECTS_PKGCONFIG@ -L${libdir} @NACL_LDFLAGS@ -ltoxdns -ltoxencryptsave -ltoxcore @NACL_LIBS@ @LIBS@ @MATH_LDFLAGS@
Cflags: -I${includedir}

3
toxcore/tox.c
View File

@ -925,6 +925,9 @@ void tox_save(const Tox *tox, uint8_t *data)
/* Load the messenger from data of size length. */
int tox_load(Tox *tox, const uint8_t *data, uint32_t length)
{
if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) == 0)
return 1;
Messenger *m = tox;
return messenger_load(m, data, length);
}

4
toxcore/tox.h
View File

@ -42,6 +42,9 @@ extern "C" {
#define TOX_ENABLE_IPV6_DEFAULT 1
#define TOX_ENC_SAVE_MAGIC_NUMBER "toxEsave"
#define TOX_ENC_SAVE_MAGIC_LENGTH 8
/* Errors for m_addfriend
* FAERR - Friend Add Error
*/
@ -720,6 +723,7 @@ void tox_save(const Tox *tox, uint8_t *data);
*
* returns 0 on success
* returns -1 on failure
* returns +1 on finding encrypted save data
*/
int tox_load(Tox *tox, const uint8_t *data, uint32_t length);

49
toxencryptsave/Makefile.inc Normal file
View File

@ -0,0 +1,49 @@
lib_LTLIBRARIES += libtoxencryptsave.la
libtoxencryptsave_la_include_HEADERS = \
../toxencryptsave/toxencryptsave.h
libtoxencryptsave_la_includedir = $(includedir)/tox
libtoxencryptsave_la_SOURCES = ../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_pwhash_scryptsalsa208sha256.h \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt.h \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.h \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.c \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt-common.c \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/export.h \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.h \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.c \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/scrypt_platform.c \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sysendian.h \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.h \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h \
../toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c \
../toxencryptsave/toxencryptsave.h \
../toxencryptsave/toxencryptsave.c
libtoxencryptsave_la_CFLAGS = -I$(top_srcdir) \
-I$(top_srcdir)/toxcore \
$(LIBSODIUM_CFLAGS) \
$(NACL_CFLAGS) \
$(PTHREAD_CFLAGS)
libtoxencryptsave_la_LDFLAGS = $(TOXCORE_LT_LDFLAGS) \
$(EXTRA_LT_LDFLAGS) \
$(LIBSODIUM_LDFLAGS) \
$(NACL_LDFLAGS) \
$(MATH_LDFLAGS) \
$(RT_LIBS) \
$(WINSOCK2_LIBS)
libtoxencryptsave_la_LIBADD = $(LIBSODIUM_LIBS) \
$(NACL_OBJECTS) \
$(NAC_LIBS) \
$(PTHREAD_LIBS) \
libtoxcore.la

65
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_auth_hmacsha256.h Normal file
View File

@ -0,0 +1,65 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
#ifndef crypto_auth_hmacsha256_H
#define crypto_auth_hmacsha256_H
#include <stddef.h>
#include "crypto_hash_sha256.h"
#include "export.h"
#ifdef __cplusplus
# if __GNUC__
# pragma GCC diagnostic ignored "-Wlong-long"
# endif
extern "C" {
#endif
typedef struct crypto_auth_hmacsha256_state {
crypto_hash_sha256_state ictx;
crypto_hash_sha256_state octx;
} crypto_auth_hmacsha256_state;
#define crypto_auth_hmacsha256_BYTES 32U
SODIUM_EXPORT
size_t crypto_auth_hmacsha256_bytes(void);
#define crypto_auth_hmacsha256_KEYBYTES 32U
SODIUM_EXPORT
size_t crypto_auth_hmacsha256_keybytes(void);
SODIUM_EXPORT
int crypto_auth_hmacsha256(unsigned char *out,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k);
SODIUM_EXPORT
int crypto_auth_hmacsha256_verify(const unsigned char *h,
const unsigned char *in,
unsigned long long inlen,
const unsigned char *k);
SODIUM_EXPORT
int crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
const unsigned char *key,
size_t keylen);
SODIUM_EXPORT
int crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
const unsigned char *in,
unsigned long long inlen);
SODIUM_EXPORT
int crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
unsigned char *out);
#ifdef __cplusplus
}
#endif
#endif
#endif

61
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_hash_sha256.h Normal file
View File

@ -0,0 +1,61 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
#ifndef crypto_hash_sha256_H
#define crypto_hash_sha256_H
/*
* WARNING: Unless you absolutely need to use SHA256 for interoperatibility,
* purposes, you might want to consider crypto_generichash() instead.
* Unlike SHA256, crypto_generichash() is not vulnerable to length
* extension attacks.
*/
#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include "export.h"
#ifdef __cplusplus
# if __GNUC__
# pragma GCC diagnostic ignored "-Wlong-long"
# endif
extern "C" {
#endif
typedef struct crypto_hash_sha256_state {
uint32_t state[8];
uint32_t count[2];
unsigned char buf[64];
} crypto_hash_sha256_state;
#define crypto_hash_sha256_BYTES 32U
SODIUM_EXPORT
size_t crypto_hash_sha256_bytes(void);
SODIUM_EXPORT
int crypto_hash_sha256(unsigned char *out, const unsigned char *in,
unsigned long long inlen);
SODIUM_EXPORT
int crypto_hash_sha256_init(crypto_hash_sha256_state *state);
SODIUM_EXPORT
int crypto_hash_sha256_update(crypto_hash_sha256_state *state,
const unsigned char *in,
unsigned long long inlen);
SODIUM_EXPORT
int crypto_hash_sha256_final(crypto_hash_sha256_state *state,
unsigned char *out);
#ifdef __cplusplus
}
#endif
#endif
#endif

92
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_pwhash_scryptsalsa208sha256.h Normal file
View File

@ -0,0 +1,92 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
#ifndef crypto_pwhash_scryptsalsa208sha256_H
#define crypto_pwhash_scryptsalsa208sha256_H
#include <stddef.h>
#include <stdint.h>
#include "export.h"
#ifdef __cplusplus
# if __GNUC__
# pragma GCC diagnostic ignored "-Wlong-long"
# endif
extern "C" {
#endif
#define crypto_pwhash_scryptsalsa208sha256_SALTBYTES 32U
SODIUM_EXPORT
size_t crypto_pwhash_scryptsalsa208sha256_saltbytes(void);
#define crypto_pwhash_scryptsalsa208sha256_STRBYTES 102U
SODIUM_EXPORT
size_t crypto_pwhash_scryptsalsa208sha256_strbytes(void);
#define crypto_pwhash_scryptsalsa208sha256_STRPREFIX "$7$"
SODIUM_EXPORT
const char *crypto_pwhash_scryptsalsa208sha256_strprefix(void);
#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE 524288ULL
SODIUM_EXPORT
size_t crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void);
#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE 16777216ULL
SODIUM_EXPORT
size_t crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void);
#define crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE 33554432ULL
SODIUM_EXPORT
size_t crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void);
#define crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE 1073741824ULL
SODIUM_EXPORT
size_t crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void);
SODIUM_EXPORT
int crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
unsigned long long outlen,
const char * const passwd,
unsigned long long passwdlen,
const unsigned char * const salt,
unsigned long long opslimit,
size_t memlimit);
SODIUM_EXPORT
int crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
const char * const passwd,
unsigned long long passwdlen,
unsigned long long opslimit,
size_t memlimit);
SODIUM_EXPORT
int crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
const char * const passwd,
unsigned long long passwdlen);
SODIUM_EXPORT
int crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
const uint8_t * salt, size_t saltlen,
uint64_t N, uint32_t r, uint32_t p,
uint8_t * buf, size_t buflen);
#ifdef __cplusplus
}
#endif
/* Backward compatibility with version 0.5.0 */
#define crypto_pwhash_scryptxsalsa208sha256_SALTBYTES crypto_pwhash_scryptsalsa208sha256_SALTBYTES
#define crypto_pwhash_scryptxsalsa208sha256_saltbytes crypto_pwhash_scryptsalsa208sha256_saltbytes
#define crypto_pwhash_scryptxsalsa208sha256_STRBYTES crypto_pwhash_scryptsalsa208sha256_STRBYTES
#define crypto_pwhash_scryptxsalsa208sha256_strbytes crypto_pwhash_scryptsalsa208sha256_strbytes
#define crypto_pwhash_scryptxsalsa208sha256 crypto_pwhash_scryptsalsa208sha256
#define crypto_pwhash_scryptxsalsa208sha256_str crypto_pwhash_scryptsalsa208sha256_str
#define crypto_pwhash_scryptxsalsa208sha256_str_verify crypto_pwhash_scryptsalsa208sha256_str_verify
#endif
#endif

257
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt-common.c Normal file
View File

@ -0,0 +1,257 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
/*-
* Copyright 2013 Alexander Peslyak
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <stdint.h>
#include <string.h>
#include "crypto_pwhash_scryptsalsa208sha256.h"
#include "crypto_scrypt.h"
#include "runtime.h"
#include "utils.h"
static const char * const itoa64 =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
static uint8_t *
encode64_uint32(uint8_t * dst, size_t dstlen, uint32_t src, uint32_t srcbits)
{
uint32_t bit;
for (bit = 0; bit < srcbits; bit += 6) {
if (dstlen < 1) {
return NULL;
}
*dst++ = itoa64[src & 0x3f];
dstlen--;
src >>= 6;
}
return dst;
}
static uint8_t *
encode64(uint8_t * dst, size_t dstlen, const uint8_t * src, size_t srclen)
{
size_t i;
for (i = 0; i < srclen; ) {
uint8_t * dnext;
uint32_t value = 0, bits = 0;
do {
value |= (uint32_t)src[i++] << bits;
bits += 8;
} while (bits < 24 && i < srclen);
dnext = encode64_uint32(dst, dstlen, value, bits);
if (!dnext) {
return NULL;
}
dstlen -= dnext - dst;
dst = dnext;
}
return dst;
}
static int
decode64_one(uint32_t * dst, uint8_t src)
{
const char *ptr = strchr(itoa64, src);
if (ptr) {
*dst = ptr - itoa64;
return 0;
}
*dst = 0;
return -1;
}
static const uint8_t *
decode64_uint32(uint32_t * dst, uint32_t dstbits, const uint8_t * src)
{
uint32_t bit;
uint32_t value;
value = 0;
for (bit = 0; bit < dstbits; bit += 6) {
uint32_t one;
if (decode64_one(&one, *src)) {
*dst = 0;
return NULL;
}
src++;
value |= one << bit;
}
*dst = value;
return src;
}
uint8_t *
escrypt_r(escrypt_local_t * local, const uint8_t * passwd, size_t passwdlen,
const uint8_t * setting, uint8_t * buf, size_t buflen)
{
uint8_t hash[crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES];
escrypt_kdf_t escrypt_kdf;
const uint8_t *src;
const uint8_t *salt;
uint8_t *dst;
size_t prefixlen;
size_t saltlen;
size_t need;
uint64_t N;
uint32_t N_log2;
uint32_t r;
uint32_t p;
if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$') {
return NULL;
}
src = setting + 3;
if (decode64_one(&N_log2, *src)) {
return NULL;
}
src++;
N = (uint64_t)1 << N_log2;
src = decode64_uint32(&r, 30, src);
if (!src) {
return NULL;
}
src = decode64_uint32(&p, 30, src);
if (!src) {
return NULL;
}
prefixlen = src - setting;
salt = src;
src = (uint8_t *) strrchr((char *)salt, '$');
if (src) {
saltlen = src - salt;
} else {
saltlen = strlen((char *)salt);
}
need = prefixlen + saltlen + 1 +
crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED + 1;
if (need > buflen || need < saltlen) {
return NULL;
}
#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
escrypt_kdf =
sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
#else
escrypt_kdf = escrypt_kdf_nosse;
#endif
if (escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
N, r, p, hash, sizeof(hash))) {
return NULL;
}
dst = buf;
memcpy(dst, setting, prefixlen + saltlen);
dst += prefixlen + saltlen;
*dst++ = '$';
dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
sodium_memzero(hash, sizeof hash);
if (!dst || dst >= buf + buflen) { /* Can't happen */
return NULL;
}
*dst = 0; /* NUL termination */
return buf;
}
uint8_t *
escrypt_gensalt_r(uint32_t N_log2, uint32_t r, uint32_t p,
const uint8_t * src, size_t srclen,
uint8_t * buf, size_t buflen)
{
uint8_t *dst;
size_t prefixlen =
(sizeof "$7$" - 1U) + (1U /* N_log2 */) + (5U /* r */) + (5U /* p */);
size_t saltlen = BYTES2CHARS(srclen);
size_t need;
need = prefixlen + saltlen + 1;
if (need > buflen || need < saltlen || saltlen < srclen) {
return NULL;
}
if (N_log2 > 63 || ((uint64_t)r * (uint64_t)p >= (1U << 30))) {
return NULL;
}
dst = buf;
*dst++ = '$';
*dst++ = '7';
*dst++ = '$';
*dst++ = itoa64[N_log2];
dst = encode64_uint32(dst, buflen - (dst - buf), r, 30);
if (!dst) { /* Can't happen */
return NULL;
}
dst = encode64_uint32(dst, buflen - (dst - buf), p, 30);
if (!dst) { /* Can't happen */
return NULL;
}
dst = encode64(dst, buflen - (dst - buf), src, srclen);
if (!dst || dst >= buf + buflen) { /* Can't happen */
return NULL;
}
*dst = 0; /* NUL termination */
return buf;
}
int
crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
const uint8_t * salt, size_t saltlen,
uint64_t N, uint32_t r, uint32_t p,
uint8_t * buf, size_t buflen)
{
escrypt_kdf_t escrypt_kdf;
escrypt_local_t local;
int retval;
if (escrypt_init_local(&local)) {
return -1;
}
#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
escrypt_kdf =
sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
#else
escrypt_kdf = escrypt_kdf_nosse;
#endif
retval = escrypt_kdf(&local,
passwd, passwdlen, salt, saltlen,
N, r, p, buf, buflen);
if (escrypt_free_local(&local)) {
return -1;
}
return retval;
}
#endif

93
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/crypto_scrypt.h Normal file
View File

@ -0,0 +1,93 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
/*-
* Copyright 2009 Colin Percival
* Copyright 2013 Alexander Peslyak
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file was originally written by Colin Percival as part of the Tarsnap
* online backup system.
*/
#ifndef _CRYPTO_SCRYPT_H_
#define _CRYPTO_SCRYPT_H_
#include <stdint.h>
#define crypto_pwhash_scryptsalsa208sha256_STRPREFIXBYTES 14
#define crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES 57
#define crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES 32
#define crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES_ENCODED 43
#define crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES 32
#define crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED 43
#define BYTES2CHARS(bytes) ((((bytes) * 8) + 5) / 6)
typedef struct {
void * base, * aligned;
size_t size;
} escrypt_region_t;
typedef escrypt_region_t escrypt_local_t;
extern int escrypt_init_local(escrypt_local_t * __local);
extern int escrypt_free_local(escrypt_local_t * __local);
extern void *alloc_region(escrypt_region_t * region, size_t size);
extern int free_region(escrypt_region_t * region);
typedef int (*escrypt_kdf_t)(escrypt_local_t * __local,
const uint8_t * __passwd, size_t __passwdlen,
const uint8_t * __salt, size_t __saltlen,
uint64_t __N, uint32_t __r, uint32_t __p,
uint8_t * __buf, size_t __buflen);
extern int escrypt_kdf_nosse(escrypt_local_t * __local,
const uint8_t * __passwd, size_t __passwdlen,
const uint8_t * __salt, size_t __saltlen,
uint64_t __N, uint32_t __r, uint32_t __p,
uint8_t * __buf, size_t __buflen);
extern int escrypt_kdf_sse(escrypt_local_t * __local,
const uint8_t * __passwd, size_t __passwdlen,
const uint8_t * __salt, size_t __saltlen,
uint64_t __N, uint32_t __r, uint32_t __p,
uint8_t * __buf, size_t __buflen);
extern uint8_t * escrypt_r(escrypt_local_t * __local,
const uint8_t * __passwd, size_t __passwdlen,
const uint8_t * __setting,
uint8_t * __buf, size_t __buflen);
extern uint8_t * escrypt_gensalt_r(
uint32_t __N_log2, uint32_t __r, uint32_t __p,
const uint8_t * __src, size_t __srclen,
uint8_t * __buf, size_t __buflen);
#endif /* !_CRYPTO_SCRYPT_H_ */
#endif

38
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/export.h Normal file
View File

@ -0,0 +1,38 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
#ifndef __SODIUM_EXPORT_H__
#define __SODIUM_EXPORT_H__
#ifndef __GNUC__
# ifdef __attribute__
# undef __attribute__
# endif
# define __attribute__(a)
#endif
#ifdef SODIUM_STATIC
# define SODIUM_EXPORT
#else
# if defined(_MSC_VER)
# ifdef DLL_EXPORT
# define SODIUM_EXPORT __declspec(dllexport)
# else
# define SODIUM_EXPORT __declspec(dllimport)
# endif
# else
# if defined(__SUNPRO_C)
# define SODIUM_EXPORT __attribute__ __global
# elif defined(_MSG_VER)
# define SODIUM_EXPORT extern __declspec(dllexport)
# else
# define SODIUM_EXPORT __attribute__ ((visibility ("default")))
# endif
# endif
#endif
#endif
#endif

300
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hash_sha256.c Normal file
View File

@ -0,0 +1,300 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
/*-
* Copyright 2005,2007,2009 Colin Percival
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
//#include "api.h"
#include "crypto_hash_sha256.h"
#include "utils.h"
#include <sys/types.h>
#include <limits.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
/* Avoid namespace collisions with BSD <sys/endian.h>. */
#define be32dec _sha256_be32dec
#define be32enc _sha256_be32enc
static inline uint32_t
be32dec(const void *pp)
{
const uint8_t *p = (uint8_t const *)pp;
return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) +
((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24));
}
static inline void
be32enc(void *pp, uint32_t x)
{
uint8_t * p = (uint8_t *)pp;
p[3] = x & 0xff;
p[2] = (x >> 8) & 0xff;
p[1] = (x >> 16) & 0xff;
p[0] = (x >> 24) & 0xff;
}
static void
be32enc_vect(unsigned char *dst, const uint32_t *src, size_t len)
{
size_t i;
for (i = 0; i < len / 4; i++) {
be32enc(dst + i * 4, src[i]);
}
}
static void
be32dec_vect(uint32_t *dst, const unsigned char *src, size_t len)
{
size_t i;
for (i = 0; i < len / 4; i++) {
dst[i] = be32dec(src + i * 4);
}
}
#define Ch(x, y, z) ((x & (y ^ z)) ^ z)
#define Maj(x, y, z) ((x & (y | z)) | (y & z))
#define SHR(x, n) (x >> n)
#define ROTR(x, n) ((x >> n) | (x << (32 - n)))
#define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
#define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
#define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ SHR(x, 3))
#define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ SHR(x, 10))
#define RND(a, b, c, d, e, f, g, h, k) \
t0 = h + S1(e) + Ch(e, f, g) + k; \
t1 = S0(a) + Maj(a, b, c); \
d += t0; \
h = t0 + t1;
#define RNDr(S, W, i, k) \
RND(S[(64 - i) % 8], S[(65 - i) % 8], \
S[(66 - i) % 8], S[(67 - i) % 8], \
S[(68 - i) % 8], S[(69 - i) % 8], \
S[(70 - i) % 8], S[(71 - i) % 8], \
W[i] + k)
static void
SHA256_Transform(uint32_t *state, const unsigned char block[64])
{
uint32_t W[64];
uint32_t S[8];
uint32_t t0, t1;
int i;
be32dec_vect(W, block, 64);
for (i = 16; i < 64; i++) {
W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16];
}
memcpy(S, state, 32);
RNDr(S, W, 0, 0x428a2f98);
RNDr(S, W, 1, 0x71374491);
RNDr(S, W, 2, 0xb5c0fbcf);
RNDr(S, W, 3, 0xe9b5dba5);
RNDr(S, W, 4, 0x3956c25b);
RNDr(S, W, 5, 0x59f111f1);
RNDr(S, W, 6, 0x923f82a4);
RNDr(S, W, 7, 0xab1c5ed5);
RNDr(S, W, 8, 0xd807aa98);
RNDr(S, W, 9, 0x12835b01);
RNDr(S, W, 10, 0x243185be);
RNDr(S, W, 11, 0x550c7dc3);
RNDr(S, W, 12, 0x72be5d74);
RNDr(S, W, 13, 0x80deb1fe);
RNDr(S, W, 14, 0x9bdc06a7);
RNDr(S, W, 15, 0xc19bf174);
RNDr(S, W, 16, 0xe49b69c1);
RNDr(S, W, 17, 0xefbe4786);
RNDr(S, W, 18, 0x0fc19dc6);
RNDr(S, W, 19, 0x240ca1cc);
RNDr(S, W, 20, 0x2de92c6f);
RNDr(S, W, 21, 0x4a7484aa);
RNDr(S, W, 22, 0x5cb0a9dc);
RNDr(S, W, 23, 0x76f988da);
RNDr(S, W, 24, 0x983e5152);
RNDr(S, W, 25, 0xa831c66d);
RNDr(S, W, 26, 0xb00327c8);
RNDr(S, W, 27, 0xbf597fc7);
RNDr(S, W, 28, 0xc6e00bf3);
RNDr(S, W, 29, 0xd5a79147);
RNDr(S, W, 30, 0x06ca6351);
RNDr(S, W, 31, 0x14292967);
RNDr(S, W, 32, 0x27b70a85);
RNDr(S, W, 33, 0x2e1b2138);
RNDr(S, W, 34, 0x4d2c6dfc);
RNDr(S, W, 35, 0x53380d13);
RNDr(S, W, 36, 0x650a7354);
RNDr(S, W, 37, 0x766a0abb);
RNDr(S, W, 38, 0x81c2c92e);
RNDr(S, W, 39, 0x92722c85);
RNDr(S, W, 40, 0xa2bfe8a1);
RNDr(S, W, 41, 0xa81a664b);
RNDr(S, W, 42, 0xc24b8b70);
RNDr(S, W, 43, 0xc76c51a3);
RNDr(S, W, 44, 0xd192e819);
RNDr(S, W, 45, 0xd6990624);
RNDr(S, W, 46, 0xf40e3585);
RNDr(S, W, 47, 0x106aa070);
RNDr(S, W, 48, 0x19a4c116);
RNDr(S, W, 49, 0x1e376c08);
RNDr(S, W, 50, 0x2748774c);
RNDr(S, W, 51, 0x34b0bcb5);
RNDr(S, W, 52, 0x391c0cb3);
RNDr(S, W, 53, 0x4ed8aa4a);
RNDr(S, W, 54, 0x5b9cca4f);
RNDr(S, W, 55, 0x682e6ff3);
RNDr(S, W, 56, 0x748f82ee);
RNDr(S, W, 57, 0x78a5636f);
RNDr(S, W, 58, 0x84c87814);
RNDr(S, W, 59, 0x8cc70208);
RNDr(S, W, 60, 0x90befffa);
RNDr(S, W, 61, 0xa4506ceb);
RNDr(S, W, 62, 0xbef9a3f7);
RNDr(S, W, 63, 0xc67178f2);
for (i = 0; i < 8; i++) {
state[i] += S[i];
}
sodium_memzero((void *) W, sizeof W);
sodium_memzero((void *) S, sizeof S);
sodium_memzero((void *) &t0, sizeof t0);
sodium_memzero((void *) &t1, sizeof t1);
}
static unsigned char PAD[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
static void
SHA256_Pad(crypto_hash_sha256_state *state)
{
unsigned char len[8];
uint32_t r, plen;
be32enc_vect(len, state->count, 8);
r = (state->count[1] >> 3) & 0x3f;
plen = (r < 56) ? (56 - r) : (120 - r);
crypto_hash_sha256_update(state, PAD, (unsigned long long) plen);
crypto_hash_sha256_update(state, len, 8);
}
int
crypto_hash_sha256_init(crypto_hash_sha256_state *state)
{
state->count[0] = state->count[1] = 0;
state->state[0] = 0x6A09E667;
state->state[1] = 0xBB67AE85;
state->state[2] = 0x3C6EF372;
state->state[3] = 0xA54FF53A;
state->state[4] = 0x510E527F;
state->state[5] = 0x9B05688C;
state->state[6] = 0x1F83D9AB;
state->state[7] = 0x5BE0CD19;
return 0;
}
int
crypto_hash_sha256_update(crypto_hash_sha256_state *state,
const unsigned char *in,
unsigned long long inlen)
{
uint32_t bitlen[2];
uint32_t r;
r = (state->count[1] >> 3) & 0x3f;
bitlen[1] = ((uint32_t)inlen) << 3;
bitlen[0] = (uint32_t)(inlen >> 29);
if ((state->count[1] += bitlen[1]) < bitlen[1]) {
state->count[0]++;
}
state->count[0] += bitlen[0];
if (inlen < 64 - r) {
memcpy(&state->buf[r], in, inlen);
return 0;
}
memcpy(&state->buf[r], in, 64 - r);
SHA256_Transform(state->state, state->buf);
in += 64 - r;
inlen -= 64 - r;
while (inlen >= 64) {
SHA256_Transform(state->state, in);
in += 64;
inlen -= 64;
}
memcpy(state->buf, in, inlen);
return 0;
}
int
crypto_hash_sha256_final(crypto_hash_sha256_state *state,
unsigned char *out)
{
SHA256_Pad(state);
be32enc_vect(out, state->state, 32);
sodium_memzero((void *) state, sizeof *state);
return 0;
}
int
crypto_hash(unsigned char *out, const unsigned char *in,
unsigned long long inlen)
{
crypto_hash_sha256_state state;
crypto_hash_sha256_init(&state);
crypto_hash_sha256_update(&state, in, inlen);
crypto_hash_sha256_final(&state, out);
return 0;
}
#endif

115
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/hmac_hmacsha256.c Normal file
View File

@ -0,0 +1,115 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
/*-
* Copyright 2005,2007,2009 Colin Percival
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
//#include "api.h"
#include "crypto_auth_hmacsha256.h"
#include "crypto_hash_sha256.h"
#include "utils.h"
#include <sys/types.h>
#include <stdint.h>
#include <string.h>
int
crypto_auth_hmacsha256_init(crypto_auth_hmacsha256_state *state,
const unsigned char *key,
size_t keylen)
{
unsigned char pad[64];
unsigned char khash[32];
size_t i;
if (keylen > 64) {
crypto_hash_sha256_init(&state->ictx);
crypto_hash_sha256_update(&state->ictx, key, keylen);
crypto_hash_sha256_final(&state->ictx, khash);
key = khash;
keylen = 32;
}
crypto_hash_sha256_init(&state->ictx);
memset(pad, 0x36, 64);
for (i = 0; i < keylen; i++) {
pad[i] ^= key[i];
}
crypto_hash_sha256_update(&state->ictx, pad, 64);
crypto_hash_sha256_init(&state->octx);
memset(pad, 0x5c, 64);
for (i = 0; i < keylen; i++) {
pad[i] ^= key[i];
}
crypto_hash_sha256_update(&state->octx, pad, 64);
sodium_memzero((void *) khash, sizeof khash);
return 0;
}
int
crypto_auth_hmacsha256_update(crypto_auth_hmacsha256_state *state,
const unsigned char *in,
unsigned long long inlen)
{
crypto_hash_sha256_update(&state->ictx, in, inlen);
return 0;
}
int
crypto_auth_hmacsha256_final(crypto_auth_hmacsha256_state *state,
unsigned char *out)
{
unsigned char ihash[32];
crypto_hash_sha256_final(&state->ictx, ihash);
crypto_hash_sha256_update(&state->octx, ihash, 32);
crypto_hash_sha256_final(&state->octx, out);
sodium_memzero((void *) ihash, sizeof ihash);
return 0;
}
int
crypto_auth(unsigned char *out, const unsigned char *in,
unsigned long long inlen, const unsigned char *k)
{
crypto_auth_hmacsha256_state state;
crypto_auth_hmacsha256_init(&state, k, crypto_auth_hmacsha256_KEYBYTES);
crypto_auth_hmacsha256_update(&state, in, inlen);
crypto_auth_hmacsha256_final(&state, out);
return 0;
}
#endif

309
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c Normal file
View File

@ -0,0 +1,309 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
/*-
* Copyright 2009 Colin Percival
* Copyright 2013 Alexander Peslyak
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file was originally written by Colin Percival as part of the Tarsnap
* online backup system.
*/
#include <errno.h>
#include <limits.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "../pbkdf2-sha256.h"
#include "../sysendian.h"
#include "../crypto_scrypt.h"
static inline void
blkcpy(void * dest, const void * src, size_t len)
{
size_t * D = (size_t *) dest;
const size_t * S = (const size_t *) src;
size_t L = len / sizeof(size_t);
size_t i;
for (i = 0; i < L; i++)
D[i] = S[i];
}
static inline void
blkxor(void * dest, const void * src, size_t len)
{
size_t * D = (size_t *) dest;
const size_t * S = (const size_t *) src;
size_t L = len / sizeof(size_t);
size_t i;
for (i = 0; i < L; i++)
D[i] ^= S[i];
}
/**
* salsa20_8(B):
* Apply the salsa20/8 core to the provided block.
*/
static void
salsa20_8(uint32_t B[16])
{
uint32_t x[16];
size_t i;
blkcpy(x, B, 64);
for (i = 0; i < 8; i += 2) {
#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
/* Operate on columns. */
x[ 4] ^= R(x[ 0]+x[12], 7); x[ 8] ^= R(x[ 4]+x[ 0], 9);
x[12] ^= R(x[ 8]+x[ 4],13); x[ 0] ^= R(x[12]+x[ 8],18);
x[ 9] ^= R(x[ 5]+x[ 1], 7); x[13] ^= R(x[ 9]+x[ 5], 9);
x[ 1] ^= R(x[13]+x[ 9],13); x[ 5] ^= R(x[ 1]+x[13],18);
x[14] ^= R(x[10]+x[ 6], 7); x[ 2] ^= R(x[14]+x[10], 9);
x[ 6] ^= R(x[ 2]+x[14],13); x[10] ^= R(x[ 6]+x[ 2],18);
x[ 3] ^= R(x[15]+x[11], 7); x[ 7] ^= R(x[ 3]+x[15], 9);
x[11] ^= R(x[ 7]+x[ 3],13); x[15] ^= R(x[11]+x[ 7],18);
/* Operate on rows. */
x[ 1] ^= R(x[ 0]+x[ 3], 7); x[ 2] ^= R(x[ 1]+x[ 0], 9);
x[ 3] ^= R(x[ 2]+x[ 1],13); x[ 0] ^= R(x[ 3]+x[ 2],18);
x[ 6] ^= R(x[ 5]+x[ 4], 7); x[ 7] ^= R(x[ 6]+x[ 5], 9);
x[ 4] ^= R(x[ 7]+x[ 6],13); x[ 5] ^= R(x[ 4]+x[ 7],18);
x[11] ^= R(x[10]+x[ 9], 7); x[ 8] ^= R(x[11]+x[10], 9);
x[ 9] ^= R(x[ 8]+x[11],13); x[10] ^= R(x[ 9]+x[ 8],18);
x[12] ^= R(x[15]+x[14], 7); x[13] ^= R(x[12]+x[15], 9);
x[14] ^= R(x[13]+x[12],13); x[15] ^= R(x[14]+x[13],18);
#undef R
}
for (i = 0; i < 16; i++)
B[i] += x[i];
}
/**
* blockmix_salsa8(Bin, Bout, X, r):
* Compute Bout = BlockMix_{salsa20/8, r}(Bin). The input Bin must be 128r
* bytes in length; the output Bout must also be the same size. The
* temporary space X must be 64 bytes.
*/
static void
blockmix_salsa8(const uint32_t * Bin, uint32_t * Bout, uint32_t * X, size_t r)
{
size_t i;
/* 1: X <-- B_{2r - 1} */
blkcpy(X, &Bin[(2 * r - 1) * 16], 64);
/* 2: for i = 0 to 2r - 1 do */
for (i = 0; i < 2 * r; i += 2) {
/* 3: X <-- H(X \xor B_i) */
blkxor(X, &Bin[i * 16], 64);
salsa20_8(X);
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
blkcpy(&Bout[i * 8], X, 64);
/* 3: X <-- H(X \xor B_i) */
blkxor(X, &Bin[i * 16 + 16], 64);
salsa20_8(X);
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
blkcpy(&Bout[i * 8 + r * 16], X, 64);
}
}
/**
* integerify(B, r):
* Return the result of parsing B_{2r-1} as a little-endian integer.
*/
static inline uint64_t
integerify(const void * B, size_t r)
{
const uint32_t * X = (const uint32_t *)((uintptr_t)(B) + (2 * r - 1) * 64);
return (((uint64_t)(X[1]) << 32) + X[0]);
}
/**
* smix(B, r, N, V, XY):
* Compute B = SMix_r(B, N). The input B must be 128r bytes in length;
* the temporary storage V must be 128rN bytes in length; the temporary
* storage XY must be 256r + 64 bytes in length. The value N must be a
* power of 2 greater than 1. The arrays B, V, and XY must be aligned to a
* multiple of 64 bytes.
*/
static void
smix(uint8_t * B, size_t r, uint64_t N, uint32_t * V, uint32_t * XY)
{
uint32_t * X = XY;
uint32_t * Y = &XY[32 * r];
uint32_t * Z = &XY[64 * r];
uint64_t i;
uint64_t j;
size_t k;
/* 1: X <-- B */
for (k = 0; k < 32 * r; k++)
X[k] = le32dec(&B[4 * k]);
/* 2: for i = 0 to N - 1 do */
for (i = 0; i < N; i += 2) {
/* 3: V_i <-- X */
blkcpy(&V[i * (32 * r)], X, 128 * r);
/* 4: X <-- H(X) */
blockmix_salsa8(X, Y, Z, r);
/* 3: V_i <-- X */
blkcpy(&V[(i + 1) * (32 * r)], Y, 128 * r);
/* 4: X <-- H(X) */
blockmix_salsa8(Y, X, Z, r);
}
/* 6: for i = 0 to N - 1 do */
for (i = 0; i < N; i += 2) {
/* 7: j <-- Integerify(X) mod N */
j = integerify(X, r) & (N - 1);
/* 8: X <-- H(X \xor V_j) */
blkxor(X, &V[j * (32 * r)], 128 * r);
blockmix_salsa8(X, Y, Z, r);
/* 7: j <-- Integerify(X) mod N */
j = integerify(Y, r) & (N - 1);
/* 8: X <-- H(X \xor V_j) */
blkxor(Y, &V[j * (32 * r)], 128 * r);
blockmix_salsa8(Y, X, Z, r);
}
/* 10: B' <-- X */
for (k = 0; k < 32 * r; k++)
le32enc(&B[4 * k], X[k]);
}
/**
* escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
* N, r, p, buf, buflen):
* Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r,
* p, buflen) and write the result into buf. The parameters r, p, and buflen
* must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N
* must be a power of 2 greater than 1.
*
* Return 0 on success; or -1 on error.
*/
int
escrypt_kdf_nosse(escrypt_local_t * local,
const uint8_t * passwd, size_t passwdlen,
const uint8_t * salt, size_t saltlen,
uint64_t N, uint32_t _r, uint32_t _p,
uint8_t * buf, size_t buflen)
{
size_t B_size, V_size, XY_size, need;
uint8_t * B;
uint32_t * V, * XY;
size_t r = _r, p = _p;
uint32_t i;
/* Sanity-check parameters. */
#if SIZE_MAX > UINT32_MAX
if (buflen > (((uint64_t)(1) << 32) - 1) * 32) {
errno = EFBIG;
return -1;
}
#endif
if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) {
errno = EFBIG;
return -1;
}
if (((N & (N - 1)) != 0) || (N < 2)) {
errno = EINVAL;
return -1;
}
if (r == 0 || p == 0) {
errno = EINVAL;
return -1;
}
if ((r > SIZE_MAX / 128 / p) ||
#if SIZE_MAX / 256 <= UINT32_MAX
(r > SIZE_MAX / 256) ||
#endif
(N > SIZE_MAX / 128 / r)) {
errno = ENOMEM;
return -1;
}
/* Allocate memory. */
B_size = (size_t)128 * r * p;
V_size = (size_t)128 * r * N;
need = B_size + V_size;
if (need < V_size) {
errno = ENOMEM;
return -1;
}
XY_size = (size_t)256 * r + 64;
need += XY_size;
if (need < XY_size) {
errno = ENOMEM;
return -1;
}
if (local->size < need) {
if (free_region(local))
return -1;
if (!alloc_region(local, need))
return -1;
}
B = (uint8_t *)local->aligned;
V = (uint32_t *)((uint8_t *)B + B_size);
XY = (uint32_t *)((uint8_t *)V + V_size);
/* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */
PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, B_size);
/* 2: for i = 0 to p - 1 do */
for (i = 0; i < p; i++) {
/* 3: B_i <-- MF(B_i, N) */
smix(&B[(size_t)128 * i * r], r, N, V, XY);
}
/* 5: DK <-- PBKDF2(P, B, 1, dkLen) */
PBKDF2_SHA256(passwd, passwdlen, B, B_size, 1, buf, buflen);
/* Success! */
return 0;
}
#endif

14
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/note_to_maintainers.txt Normal file
View File

@ -0,0 +1,14 @@
This folder is only meant for use with nacl, i.e. when sodium is unavailable.
The files in this folder were mostly copied from
https://github.com/jedisct1/libsodium/tree/0.7.0/src/libsodium/crypto_pwhash/scryptsalsa208sha256,
with #ifdef VANILLA_NACL added around each of them as required for this module.
export.h, utils.h, and runtime.h were copied from
https://github.com/jedisct1/libsodium/tree/0.7.0/src/libsodium/include/sodium.
utils.h was significantly truncated.
utils.c and runtime.c were copied from
https://github.com/jedisct1/libsodium/blob/0.7.0/src/libsodium/sodium.
utils.c was also significantly truncated.

91
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.c Normal file
View File

@ -0,0 +1,91 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
/*-
* Copyright 2005,2007,2009 Colin Percival
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include <sys/types.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "crypto_auth_hmacsha256.h"
#include "pbkdf2-sha256.h"
#include "sysendian.h"
#include "utils.h"
/**
* PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
* Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
* write the output to buf. The value dkLen must be at most 32 * (2^32 - 1).
*/
void
PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen)
{
crypto_auth_hmacsha256_state PShctx, hctx;
size_t i;
uint8_t ivec[4];
uint8_t U[32];
uint8_t T[32];
uint64_t j;
int k;
size_t clen;
crypto_auth_hmacsha256_init(&PShctx, passwd, passwdlen);
crypto_auth_hmacsha256_update(&PShctx, salt, saltlen);
for (i = 0; i * 32 < dkLen; i++) {
be32enc(ivec, (uint32_t)(i + 1));
memcpy(&hctx, &PShctx, sizeof(crypto_auth_hmacsha256_state));
crypto_auth_hmacsha256_update(&hctx, ivec, 4);
crypto_auth_hmacsha256_final(&hctx, U);
memcpy(T, U, 32);
for (j = 2; j <= c; j++) {
crypto_auth_hmacsha256_init(&hctx, passwd, passwdlen);
crypto_auth_hmacsha256_update(&hctx, U, 32);
crypto_auth_hmacsha256_final(&hctx, U);
for (k = 0; k < 32; k++) {
T[k] ^= U[k];
}
}
clen = dkLen - i * 32;
if (clen > 32) {
clen = 32;
}
memcpy(&buf[i * 32], T, clen);
}
sodium_memzero((void *) &PShctx, sizeof PShctx);
}
#endif

52
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pbkdf2-sha256.h Normal file
View File

@ -0,0 +1,52 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
/*-
* Copyright 2005,2007,2009 Colin Percival
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
*/
#ifndef _SHA256_H_
#define _SHA256_H_
#include <sys/types.h>
#include <stdint.h>
#include "crypto_auth_hmacsha256.h"
/**
* PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
* Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
* write the output to buf. The value dkLen must be at most 32 * (2^32 - 1).
*/
void PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t,
uint64_t, uint8_t *, size_t);
#endif /* !_SHA256_H_ */
#endif

211
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c Normal file
View File

@ -0,0 +1,211 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
#include <errno.h>
#include <limits.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
//#include <stdio.h>
#include "crypto_pwhash_scryptsalsa208sha256.h"
#include "crypto_scrypt.h"
#include "randombytes.h"
#include "utils.h"
#define SETTING_SIZE(saltbytes) \
(sizeof "$7$" - 1U) + \
(1U /* N_log2 */) + (5U /* r */) + (5U /* p */) + BYTES2CHARS(saltbytes)
static int
pickparams(unsigned long long opslimit, const size_t memlimit,
uint32_t * const N_log2, uint32_t * const p, uint32_t * const r)
{
unsigned long long maxN;
unsigned long long maxrp;
if (opslimit < 32768) {
opslimit = 32768;
}
*r = 8;
if (opslimit < memlimit / 32) {
*p = 1;
maxN = opslimit / (*r * 4);
for (*N_log2 = 1; *N_log2 < 63; *N_log2 += 1) {
if ((uint64_t)(1) << *N_log2 > maxN / 2) {
break;
}
}
} else {
maxN = memlimit / (*r * 128);
for (*N_log2 = 1; *N_log2 < 63; *N_log2 += 1) {
if ((uint64_t) (1) << *N_log2 > maxN / 2) {
break;
}
}
maxrp = (opslimit / 4) / ((uint64_t) (1) << *N_log2);
if (maxrp > 0x3fffffff) {
maxrp = 0x3fffffff;
}
*p = (uint32_t) (maxrp) / *r;
}
return 0;
}
size_t
crypto_pwhash_scryptsalsa208sha256_saltbytes(void)
{
return crypto_pwhash_scryptsalsa208sha256_SALTBYTES;
}
size_t
crypto_pwhash_scryptsalsa208sha256_strbytes(void)
{
return crypto_pwhash_scryptsalsa208sha256_STRBYTES;
}
const char *
crypto_pwhash_scryptsalsa208sha256_strprefix(void)
{
return crypto_pwhash_scryptsalsa208sha256_STRPREFIX;
}
size_t
crypto_pwhash_scryptsalsa208sha256_opslimit_interactive(void)
{
return crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE;
}
size_t
crypto_pwhash_scryptsalsa208sha256_memlimit_interactive(void)
{
return crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE;
}
size_t
crypto_pwhash_scryptsalsa208sha256_opslimit_sensitive(void)
{
return crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_SENSITIVE;
}
size_t
crypto_pwhash_scryptsalsa208sha256_memlimit_sensitive(void)
{
return crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_SENSITIVE;
}
int
crypto_pwhash_scryptsalsa208sha256(unsigned char * const out,
unsigned long long outlen,
const char * const passwd,
unsigned long long passwdlen,
const unsigned char * const salt,
unsigned long long opslimit,
size_t memlimit)
{
//fprintf(stderr, "Doing that dirty thang!!!!\n");
uint32_t N_log2;
uint32_t p;
uint32_t r;
memset(out, 0, outlen);
if (passwdlen > SIZE_MAX || outlen > SIZE_MAX) {
errno = EFBIG;
return -1;
}
if (pickparams(opslimit, memlimit, &N_log2, &p, &r) != 0) {
errno = EINVAL;
return -1;
}
return crypto_pwhash_scryptsalsa208sha256_ll((const uint8_t *) passwd,
(size_t) passwdlen,
(const uint8_t *) salt,
crypto_pwhash_scryptsalsa208sha256_SALTBYTES,
(uint64_t) (1) << N_log2, r, p,
out, (size_t) outlen);
}
int
crypto_pwhash_scryptsalsa208sha256_str(char out[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
const char * const passwd,
unsigned long long passwdlen,
unsigned long long opslimit,
size_t memlimit)
{
uint8_t salt[crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES];
char setting[crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES + 1U];
escrypt_local_t escrypt_local;
uint32_t N_log2;
uint32_t p;
uint32_t r;
memset(out, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES);
if (passwdlen > SIZE_MAX) {
errno = EFBIG;
return -1;
}
if (pickparams(opslimit, memlimit, &N_log2, &p, &r) != 0) {
errno = EINVAL;
return -1;
}
randombytes(salt, sizeof salt);
if (escrypt_gensalt_r(N_log2, r, p, salt, sizeof salt,
(uint8_t *) setting, sizeof setting) == NULL) {
errno = EINVAL;
return -1;
}
if (escrypt_init_local(&escrypt_local) != 0) {
return -1;
}
if (escrypt_r(&escrypt_local, (const uint8_t *) passwd, (size_t) passwdlen,
(const uint8_t *) setting, (uint8_t *) out,
crypto_pwhash_scryptsalsa208sha256_STRBYTES) == NULL) {
escrypt_free_local(&escrypt_local);
errno = EINVAL;
return -1;
}
escrypt_free_local(&escrypt_local);
(void) sizeof
(int[SETTING_SIZE(crypto_pwhash_scryptsalsa208sha256_STRSALTBYTES)
== crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES ? 1 : -1]);
(void) sizeof
(int[crypto_pwhash_scryptsalsa208sha256_STRSETTINGBYTES + 1U +
crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED + 1U
== crypto_pwhash_scryptsalsa208sha256_STRBYTES ? 1 : -1]);
return 0;
}
int
crypto_pwhash_scryptsalsa208sha256_str_verify(const char str[crypto_pwhash_scryptsalsa208sha256_STRBYTES],
const char * const passwd,
unsigned long long passwdlen)
{
char wanted[crypto_pwhash_scryptsalsa208sha256_STRBYTES];
escrypt_local_t escrypt_local;
int ret = -1;
if (memchr(str, 0, crypto_pwhash_scryptsalsa208sha256_STRBYTES) !=
&str[crypto_pwhash_scryptsalsa208sha256_STRBYTES - 1U]) {
return -1;
}
if (escrypt_init_local(&escrypt_local) != 0) {
return -1;
}
if (escrypt_r(&escrypt_local, (const uint8_t *) passwd, (size_t) passwdlen,
(const uint8_t *) str, (uint8_t *) wanted,
sizeof wanted) == NULL) {
escrypt_free_local(&escrypt_local);
return -1;
}
escrypt_free_local(&escrypt_local);
ret = sodium_memcmp(wanted, str, sizeof wanted);
sodium_memzero(wanted, sizeof wanted);
return ret;
}
#endif

140
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.c Normal file
View File

@ -0,0 +1,140 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
#ifdef HAVE_ANDROID_GETCPUFEATURES
# include <cpu-features.h>
#endif
#include "runtime.h"
typedef struct CPUFeatures_ {
int initialized;
int has_neon;
int has_sse2;
int has_sse3;
} CPUFeatures;
static CPUFeatures _cpu_features;
#define CPUID_SSE2 0x04000000
#define CPUIDECX_SSE3 0x00000001
static int
_sodium_runtime_arm_cpu_features(CPUFeatures * const cpu_features)
{
#ifndef __arm__
cpu_features->has_neon = 0;
return -1;
#else
# ifdef __APPLE__
# ifdef __ARM_NEON__
cpu_features->has_neon = 1;
# else
cpu_features->has_neon = 0;
# endif
# elif defined(HAVE_ANDROID_GETCPUFEATURES) && defined(ANDROID_CPU_ARM_FEATURE_NEON)
cpu_features->has_neon =
(android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_NEON) != 0x0;
# else
cpu_features->has_neon = 0;
# endif
return 0;
#endif
}
static void
_cpuid(unsigned int cpu_info[4U], const unsigned int cpu_info_type)
{
#ifdef _MSC_VER
__cpuidex((int *) cpu_info, cpu_info_type, 0);
#elif defined(HAVE_CPUID)
cpu_info[0] = cpu_info[1] = cpu_info[2] = cpu_info[3] = 0;
# ifdef __i386__
__asm__ __volatile__ ("pushfl; pushfl; "
"popl %0; "
"movl %0, %1; xorl %2, %0; "
"pushl %0; "
"popfl; pushfl; popl %0; popfl" :
"=&r" (cpu_info[0]), "=&r" (cpu_info[1]) :
"i" (0x200000));
if (((cpu_info[0] ^ cpu_info[1]) & 0x200000) == 0x0) {
return;
}
# endif
# ifdef __i386__
__asm__ __volatile__ ("xchgl %%ebx, %k1; cpuid; xchgl %%ebx, %k1" :
"=a" (cpu_info[0]), "=&r" (cpu_info[1]),
"=c" (cpu_info[2]), "=d" (cpu_info[3]) :
"0" (cpu_info_type), "2" (0U));
# elif defined(__x86_64__)
__asm__ __volatile__ ("xchgq %%rbx, %q1; cpuid; xchgq %%rbx, %q1" :
"=a" (cpu_info[0]), "=&r" (cpu_info[1]),
"=c" (cpu_info[2]), "=d" (cpu_info[3]) :
"0" (cpu_info_type), "2" (0U));
# else
__asm__ __volatile__ ("cpuid" :
"=a" (cpu_info[0]), "=b" (cpu_info[1]),
"=c" (cpu_info[2]), "=d" (cpu_info[3]) :
"0" (cpu_info_type), "2" (0U));
# endif
#else
cpu_info[0] = cpu_info[1] = cpu_info[2] = cpu_info[3] = 0;
#endif
}
static int
_sodium_runtime_intel_cpu_features(CPUFeatures * const cpu_features)
{
unsigned int cpu_info[4];
unsigned int id;
_cpuid(cpu_info, 0x0);
if ((id = cpu_info[0]) == 0U) {
return -1;
}
_cpuid(cpu_info, 0x00000001);
#ifndef HAVE_EMMINTRIN_H
cpu_features->has_sse2 = 0;
#else
cpu_features->has_sse2 = ((cpu_info[3] & CPUID_SSE2) != 0x0);
#endif
#ifndef HAVE_PMMINTRIN_H
cpu_features->has_sse3 = 0;
#else
cpu_features->has_sse3 = ((cpu_info[2] & CPUIDECX_SSE3) != 0x0);
#endif
return 0;
}
int
sodium_runtime_get_cpu_features(void)
{
int ret = -1;
ret &= _sodium_runtime_arm_cpu_features(&_cpu_features);
ret &= _sodium_runtime_intel_cpu_features(&_cpu_features);
_cpu_features.initialized = 1;
return ret;
}
int
sodium_runtime_has_neon(void) {
return _cpu_features.has_neon;
}
int
sodium_runtime_has_sse2(void) {
return _cpu_features.has_sse2;
}
int
sodium_runtime_has_sse3(void) {
return _cpu_features.has_sse3;
}
#endif

33
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/runtime.h Normal file
View File

@ -0,0 +1,33 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
#ifndef __SODIUM_RUNTIME_H__
#define __SODIUM_RUNTIME_H__ 1
#include "export.h"
#ifdef __cplusplus
extern "C" {
#endif
SODIUM_EXPORT
int sodium_runtime_get_cpu_features(void);
SODIUM_EXPORT
int sodium_runtime_has_neon(void);
SODIUM_EXPORT
int sodium_runtime_has_sse2(void);
SODIUM_EXPORT
int sodium_runtime_has_sse3(void);
#ifdef __cplusplus
}
#endif
#endif
#endif

107
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/scrypt_platform.c Normal file
View File

@ -0,0 +1,107 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
/*-
* Copyright 2013 Alexander Peslyak
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#ifdef HAVE_SYS_MMAN_H
# include <sys/mman.h>
#endif
#include <errno.h>
#include <stdlib.h>
#include "crypto_scrypt.h"
#include "runtime.h"
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
# define MAP_ANON MAP_ANONYMOUS
#endif
void *
alloc_region(escrypt_region_t * region, size_t size)
{
uint8_t * base, * aligned;
#ifdef MAP_ANON
if ((base = (uint8_t *) mmap(NULL, size, PROT_READ | PROT_WRITE,
#ifdef MAP_NOCORE
MAP_ANON | MAP_PRIVATE | MAP_NOCORE,
#else
MAP_ANON | MAP_PRIVATE,
#endif
-1, 0)) == MAP_FAILED)
base = NULL;
aligned = base;
#elif defined(HAVE_POSIX_MEMALIGN)
if ((errno = posix_memalign((void **) &base, 64, size)) != 0)
base = NULL;
aligned = base;
#else
base = aligned = NULL;
if (size + 63 < size)
errno = ENOMEM;
else if ((base = (uint8_t *) malloc(size + 63)) != NULL) {
aligned = base + 63;
aligned -= (uintptr_t)aligned & 63;
}
#endif
region->base = base;
region->aligned = aligned;
region->size = base ? size : 0;
return aligned;
}
static inline void
init_region(escrypt_region_t * region)
{
region->base = region->aligned = NULL;
region->size = 0;
}
int
free_region(escrypt_region_t * region)
{
if (region->base) {
#ifdef MAP_ANON
if (munmap(region->base, region->size))
return -1;
#else
free(region->base);
#endif
}
init_region(region);
return 0;
}
int
escrypt_init_local(escrypt_local_t * local)
{
init_region(local);
return 0;
}
int
escrypt_free_local(escrypt_local_t * local)
{
return free_region(local);
}
#endif

398
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c Normal file
View File

@ -0,0 +1,398 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
/*-
* Copyright 2009 Colin Percival
* Copyright 2012,2013 Alexander Peslyak
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* This file was originally written by Colin Percival as part of the Tarsnap
* online backup system.
*/
#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
#if __GNUC__
# pragma GCC target("sse2")
#endif
#include <emmintrin.h>
#if defined(__XOP__) && defined(DISABLED)
# include <x86intrin.h>
#endif
#include <errno.h>
#include <limits.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include "../pbkdf2-sha256.h"
#include "../sysendian.h"
#include "../crypto_scrypt.h"
#if defined(__XOP__) && defined(DISABLED)
#define ARX(out, in1, in2, s) \
out = _mm_xor_si128(out, _mm_roti_epi32(_mm_add_epi32(in1, in2), s));
#else
#define ARX(out, in1, in2, s) \
{ \
__m128i T = _mm_add_epi32(in1, in2); \
out = _mm_xor_si128(out, _mm_slli_epi32(T, s)); \
out = _mm_xor_si128(out, _mm_srli_epi32(T, 32-s)); \
}
#endif
#define SALSA20_2ROUNDS \
/* Operate on "columns". */ \
ARX(X1, X0, X3, 7) \
ARX(X2, X1, X0, 9) \
ARX(X3, X2, X1, 13) \
ARX(X0, X3, X2, 18) \
\
/* Rearrange data. */ \
X1 = _mm_shuffle_epi32(X1, 0x93); \
X2 = _mm_shuffle_epi32(X2, 0x4E); \
X3 = _mm_shuffle_epi32(X3, 0x39); \
\
/* Operate on "rows". */ \
ARX(X3, X0, X1, 7) \
ARX(X2, X3, X0, 9) \
ARX(X1, X2, X3, 13) \
ARX(X0, X1, X2, 18) \
\
/* Rearrange data. */ \
X1 = _mm_shuffle_epi32(X1, 0x39); \
X2 = _mm_shuffle_epi32(X2, 0x4E); \
X3 = _mm_shuffle_epi32(X3, 0x93);
/**
* Apply the salsa20/8 core to the block provided in (X0 ... X3) ^ (Z0 ... Z3).
*/
#define SALSA20_8_XOR(in, out) \
{ \
__m128i Y0 = X0 = _mm_xor_si128(X0, (in)[0]); \
__m128i Y1 = X1 = _mm_xor_si128(X1, (in)[1]); \
__m128i Y2 = X2 = _mm_xor_si128(X2, (in)[2]); \
__m128i Y3 = X3 = _mm_xor_si128(X3, (in)[3]); \
SALSA20_2ROUNDS \
SALSA20_2ROUNDS \
SALSA20_2ROUNDS \
SALSA20_2ROUNDS \
(out)[0] = X0 = _mm_add_epi32(X0, Y0); \
(out)[1] = X1 = _mm_add_epi32(X1, Y1); \
(out)[2] = X2 = _mm_add_epi32(X2, Y2); \
(out)[3] = X3 = _mm_add_epi32(X3, Y3); \
}
/**
* blockmix_salsa8(Bin, Bout, r):
* Compute Bout = BlockMix_{salsa20/8, r}(Bin). The input Bin must be 128r
* bytes in length; the output Bout must also be the same size.
*/
static inline void
blockmix_salsa8(const __m128i * Bin, __m128i * Bout, size_t r)
{
__m128i X0, X1, X2, X3;
size_t i;
/* 1: X <-- B_{2r - 1} */
X0 = Bin[8 * r - 4];
X1 = Bin[8 * r - 3];
X2 = Bin[8 * r - 2];
X3 = Bin[8 * r - 1];
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(Bin, Bout)
/* 2: for i = 0 to 2r - 1 do */
r--;
for (i = 0; i < r;) {
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(&Bin[i * 8 + 4], &Bout[(r + i) * 4 + 4])
i++;
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(&Bin[i * 8], &Bout[i * 4])
}
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
SALSA20_8_XOR(&Bin[i * 8 + 4], &Bout[(r + i) * 4 + 4])
}
#define XOR4(in) \
X0 = _mm_xor_si128(X0, (in)[0]); \
X1 = _mm_xor_si128(X1, (in)[1]); \
X2 = _mm_xor_si128(X2, (in)[2]); \
X3 = _mm_xor_si128(X3, (in)[3]);
#define XOR4_2(in1, in2) \
X0 = _mm_xor_si128((in1)[0], (in2)[0]); \
X1 = _mm_xor_si128((in1)[1], (in2)[1]); \
X2 = _mm_xor_si128((in1)[2], (in2)[2]); \
X3 = _mm_xor_si128((in1)[3], (in2)[3]);
static inline uint32_t
blockmix_salsa8_xor(const __m128i * Bin1, const __m128i * Bin2, __m128i * Bout,
size_t r)
{
__m128i X0, X1, X2, X3;
size_t i;
/* 1: X <-- B_{2r - 1} */
XOR4_2(&Bin1[8 * r - 4], &Bin2[8 * r - 4])
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(Bin1)
SALSA20_8_XOR(Bin2, Bout)
/* 2: for i = 0 to 2r - 1 do */
r--;
for (i = 0; i < r;) {
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(&Bin1[i * 8 + 4])
SALSA20_8_XOR(&Bin2[i * 8 + 4], &Bout[(r + i) * 4 + 4])
i++;
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(&Bin1[i * 8])
SALSA20_8_XOR(&Bin2[i * 8], &Bout[i * 4])
}
/* 3: X <-- H(X \xor B_i) */
/* 4: Y_i <-- X */
/* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */
XOR4(&Bin1[i * 8 + 4])
SALSA20_8_XOR(&Bin2[i * 8 + 4], &Bout[(r + i) * 4 + 4])
return _mm_cvtsi128_si32(X0);
}
#undef ARX
#undef SALSA20_2ROUNDS
#undef SALSA20_8_XOR
#undef XOR4
#undef XOR4_2
/**
* integerify(B, r):
* Return the result of parsing B_{2r-1} as a little-endian integer.
*/
static inline uint32_t
integerify(const void * B, size_t r)
{
return *(const uint32_t *)((uintptr_t)(B) + (2 * r - 1) * 64);
}
/**
* smix(B, r, N, V, XY):
* Compute B = SMix_r(B, N). The input B must be 128r bytes in length;
* the temporary storage V must be 128rN bytes in length; the temporary
* storage XY must be 256r + 64 bytes in length. The value N must be a
* power of 2 greater than 1. The arrays B, V, and XY must be aligned to a
* multiple of 64 bytes.
*/
static void
smix(uint8_t * B, size_t r, uint32_t N, void * V, void * XY)
{
size_t s = 128 * r;
__m128i * X = (__m128i *) V, * Y;
uint32_t * X32 = (uint32_t *) V;
uint32_t i, j;
size_t k;
/* 1: X <-- B */
/* 3: V_i <-- X */
for (k = 0; k < 2 * r; k++) {
for (i = 0; i < 16; i++) {
X32[k * 16 + i] =
le32dec(&B[(k * 16 + (i * 5 % 16)) * 4]);
}
}
/* 2: for i = 0 to N - 1 do */
for (i = 1; i < N - 1; i += 2) {
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
Y = (__m128i *)((uintptr_t)(V) + i * s);
blockmix_salsa8(X, Y, r);
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
X = (__m128i *)((uintptr_t)(V) + (i + 1) * s);
blockmix_salsa8(Y, X, r);
}
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
Y = (__m128i *)((uintptr_t)(V) + i * s);
blockmix_salsa8(X, Y, r);
/* 4: X <-- H(X) */
/* 3: V_i <-- X */
X = (__m128i *) XY;
blockmix_salsa8(Y, X, r);
X32 = (uint32_t *) XY;
Y = (__m128i *)((uintptr_t)(XY) + s);
/* 7: j <-- Integerify(X) mod N */
j = integerify(X, r) & (N - 1);
/* 6: for i = 0 to N - 1 do */
for (i = 0; i < N; i += 2) {
__m128i * V_j = (__m128i *)((uintptr_t)(V) + j * s);
/* 8: X <-- H(X \xor V_j) */
/* 7: j <-- Integerify(X) mod N */
j = blockmix_salsa8_xor(X, V_j, Y, r) & (N - 1);
V_j = (__m128i *)((uintptr_t)(V) + j * s);
/* 8: X <-- H(X \xor V_j) */
/* 7: j <-- Integerify(X) mod N */
j = blockmix_salsa8_xor(Y, V_j, X, r) & (N - 1);
}
/* 10: B' <-- X */
for (k = 0; k < 2 * r; k++) {
for (i = 0; i < 16; i++) {
le32enc(&B[(k * 16 + (i * 5 % 16)) * 4],
X32[k * 16 + i]);
}
}
}
/**
* escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
* N, r, p, buf, buflen):
* Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r,
* p, buflen) and write the result into buf. The parameters r, p, and buflen
* must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N
* must be a power of 2 greater than 1.
*
* Return 0 on success; or -1 on error.
*/
int
escrypt_kdf_sse(escrypt_local_t * local,
const uint8_t * passwd, size_t passwdlen,
const uint8_t * salt, size_t saltlen,
uint64_t N, uint32_t _r, uint32_t _p,
uint8_t * buf, size_t buflen)
{
size_t B_size, V_size, XY_size, need;
uint8_t * B;
uint32_t * V, * XY;
size_t r = _r, p = _p;
uint32_t i;
/* Sanity-check parameters. */
#if SIZE_MAX > UINT32_MAX
if (buflen > (((uint64_t)(1) << 32) - 1) * 32) {
errno = EFBIG;
return -1;
}
#endif
if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) {
errno = EFBIG;
return -1;
}
if (N > UINT32_MAX) {
errno = EFBIG;
return -1;
}
if (((N & (N - 1)) != 0) || (N < 2)) {
errno = EINVAL;
return -1;
}
if (r == 0 || p == 0) {
errno = EINVAL;
return -1;
}
if ((r > SIZE_MAX / 128 / p) ||
#if SIZE_MAX / 256 <= UINT32_MAX
(r > SIZE_MAX / 256) ||
#endif
(N > SIZE_MAX / 128 / r)) {
errno = ENOMEM;
return -1;
}
/* Allocate memory. */
B_size = (size_t)128 * r * p;
V_size = (size_t)128 * r * N;
need = B_size + V_size;
if (need < V_size) {
errno = ENOMEM;
return -1;
}
XY_size = (size_t)256 * r + 64;
need += XY_size;
if (need < XY_size) {
errno = ENOMEM;
return -1;
}
if (local->size < need) {
if (free_region(local))
return -1;
if (!alloc_region(local, need))
return -1;
}
B = (uint8_t *)local->aligned;
V = (uint32_t *)((uint8_t *)B + B_size);
XY = (uint32_t *)((uint8_t *)V + V_size);
/* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */
PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, B_size);
/* 2: for i = 0 to p - 1 do */
for (i = 0; i < p; i++) {
/* 3: B_i <-- MF(B_i, N) */
smix(&B[(size_t)128 * i * r], r, N, V, XY);
}
/* 5: DK <-- PBKDF2(P, B, 1, dkLen) */
PBKDF2_SHA256(passwd, passwdlen, B, B_size, 1, buf, buflen);
/* Success! */
return 0;
}
#endif
#endif

153
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/sysendian.h Normal file
View File

@ -0,0 +1,153 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
#ifndef _SYSENDIAN_H_
#define _SYSENDIAN_H_
#include <stdint.h>
/* Avoid namespace collisions with BSD <sys/endian.h>. */
#define be16dec scrypt_be16dec
#define be16enc scrypt_be16enc
#define be32dec scrypt_be32dec
#define be32enc scrypt_be32enc
#define be64dec scrypt_be64dec
#define be64enc scrypt_be64enc
#define le16dec scrypt_le16dec
#define le16enc scrypt_le16enc
#define le32dec scrypt_le32dec
#define le32enc scrypt_le32enc
#define le64dec scrypt_le64dec
#define le64enc scrypt_le64enc
static inline uint16_t
be16dec(const void *pp)
{
const uint8_t *p = (uint8_t const *)pp;
return ((uint16_t)(p[1]) + ((uint16_t)(p[0]) << 8));
}
static inline void
be16enc(void *pp, uint16_t x)
{
uint8_t * p = (uint8_t *)pp;
p[1] = x & 0xff;
p[0] = (x >> 8) & 0xff;
}
static inline uint32_t
be32dec(const void *pp)
{
const uint8_t *p = (uint8_t const *)pp;
return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) +
((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24));
}
static inline void
be32enc(void *pp, uint32_t x)
{
uint8_t * p = (uint8_t *)pp;
p[3] = x & 0xff;
p[2] = (x >> 8) & 0xff;
p[1] = (x >> 16) & 0xff;
p[0] = (x >> 24) & 0xff;
}
static inline uint64_t
be64dec(const void *pp)
{
const uint8_t *p = (uint8_t const *)pp;
return ((uint64_t)(p[7]) + ((uint64_t)(p[6]) << 8) +
((uint64_t)(p[5]) << 16) + ((uint64_t)(p[4]) << 24) +
((uint64_t)(p[3]) << 32) + ((uint64_t)(p[2]) << 40) +
((uint64_t)(p[1]) << 48) + ((uint64_t)(p[0]) << 56));
}
static inline void
be64enc(void *pp, uint64_t x)
{
uint8_t * p = (uint8_t *)pp;
p[7] = x & 0xff;
p[6] = (x >> 8) & 0xff;
p[5] = (x >> 16) & 0xff;
p[4] = (x >> 24) & 0xff;
p[3] = (x >> 32) & 0xff;
p[2] = (x >> 40) & 0xff;
p[1] = (x >> 48) & 0xff;
p[0] = (x >> 56) & 0xff;
}
static inline uint16_t
le16dec(const void *pp)
{
const uint8_t *p = (uint8_t const *)pp;
return ((uint16_t)(p[0]) + ((uint16_t)(p[1]) << 8));
}
static inline void
le16enc(void *pp, uint16_t x)
{
uint8_t * p = (uint8_t *)pp;
p[0] = x & 0xff;
p[1] = (x >> 8) & 0xff;
}
static inline uint32_t
le32dec(const void *pp)
{
const uint8_t *p = (uint8_t const *)pp;
return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) +
((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24));
}
static inline void
le32enc(void *pp, uint32_t x)
{
uint8_t * p = (uint8_t *)pp;
p[0] = x & 0xff;
p[1] = (x >> 8) & 0xff;
p[2] = (x >> 16) & 0xff;
p[3] = (x >> 24) & 0xff;
}
static inline uint64_t
le64dec(const void *pp)
{
const uint8_t *p = (uint8_t const *)pp;
return ((uint64_t)(p[0]) + ((uint64_t)(p[1]) << 8) +
((uint64_t)(p[2]) << 16) + ((uint64_t)(p[3]) << 24) +
((uint64_t)(p[4]) << 32) + ((uint64_t)(p[5]) << 40) +
((uint64_t)(p[6]) << 48) + ((uint64_t)(p[7]) << 56));
}
static inline void
le64enc(void *pp, uint64_t x)
{
uint8_t * p = (uint8_t *)pp;
p[0] = x & 0xff;
p[1] = (x >> 8) & 0xff;
p[2] = (x >> 16) & 0xff;
p[3] = (x >> 24) & 0xff;
p[4] = (x >> 32) & 0xff;
p[5] = (x >> 40) & 0xff;
p[6] = (x >> 48) & 0xff;
p[7] = (x >> 56) & 0xff;
}
#endif /* !_SYSENDIAN_H_ */
#endif

78
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.c Normal file
View File

@ -0,0 +1,78 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
#ifndef __STDC_WANT_LIB_EXT1__
# define __STDC_WANT_LIB_EXT1__ 1
#endif
#include <assert.h>
#include <errno.h>
#include <limits.h>
#include <signal.h>
#include <stddef.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#ifdef HAVE_SYS_MMAN_H
# include <sys/mman.h>
#endif
#include "utils.h"
#ifdef _WIN32
# include <windows.h>
# include <wincrypt.h>
#else
# include <unistd.h>
#endif
#ifdef HAVE_WEAK_SYMBOLS
__attribute__((weak)) void
__sodium_dummy_symbol_to_prevent_lto(void * const pnt, const size_t len)
{
(void) pnt;
(void) len;
}
#endif
void
sodium_memzero(void * const pnt, const size_t len)
{
#ifdef _WIN32
SecureZeroMemory(pnt, len);
#elif defined(HAVE_MEMSET_S)
if (memset_s(pnt, (rsize_t) len, 0, (rsize_t) len) != 0) {
abort();
}
#elif defined(HAVE_EXPLICIT_BZERO)
explicit_bzero(pnt, len);
#elif HAVE_WEAK_SYMBOLS
memset(pnt, 0, len);
__sodium_dummy_symbol_to_prevent_lto(pnt, len);
#else
volatile unsigned char *pnt_ = (volatile unsigned char *) pnt;
size_t i = (size_t) 0U;
while (i < len) {
pnt_[i++] = 0U;
}
#endif
}
int
sodium_memcmp(const void * const b1_, const void * const b2_, size_t len)
{
const unsigned char *b1 = (const unsigned char *) b1_;
const unsigned char *b2 = (const unsigned char *) b2_;
size_t i;
unsigned char d = (unsigned char) 0U;
for (i = 0U; i < len; i++) {
d |= b1[i] ^ b2[i];
}
return (int) ((1 & ((d - 1) >> 8)) - 1);
}
#endif

40
toxencryptsave/crypto_pwhash_scryptsalsa208sha256/utils.h Normal file
View File

@ -0,0 +1,40 @@
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#ifdef VANILLA_NACL /* toxcore only uses this when libsodium is unavailable */
#ifndef __SODIUM_UTILS_H__
#define __SODIUM_UTILS_H__
#include <stddef.h>
#include "export.h"
#ifdef __cplusplus
extern "C" {
#endif
#if defined(__cplusplus) || !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L
# define _SODIUM_C99(X)
#else
# define _SODIUM_C99(X) X
#endif
SODIUM_EXPORT
void sodium_memzero(void * const pnt, const size_t len);
/* WARNING: sodium_memcmp() must be used to verify if two secret keys
* are equal, in constant time.
* It returns 0 if the keys are equal, and -1 if they differ.
* This function is not designed for lexicographical comparisons.
*/
SODIUM_EXPORT
int sodium_memcmp(const void * const b1_, const void * const b2_, size_t len);
#ifdef __cplusplus
}
#endif
#endif
#endif

174
toxencryptsave/toxencryptsave.c Normal file
View File

@ -0,0 +1,174 @@
/* toxencryptsave.c
*
* The Tox encrypted save functions.
*
* Copyright (C) 2013 Tox project All Rights Reserved.
*
* This file is part of Tox.
*
* Tox is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Tox is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Tox. If not, see <http://www.gnu.org/licenses/>.
*
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "toxencryptsave.h"
#include "../toxcore/crypto_core.h"
#ifdef VANILLA_NACL
#include "crypto_pwhash_scryptsalsa208sha256/crypto_pwhash_scryptsalsa208sha256.h"
#include "crypto_pwhash_scryptsalsa208sha256/utils.h" /* sodium_memzero */
#endif
/* This "module" provides functions analogous to tox_load and tox_save in toxcore
* Clients should consider alerting their users that, unlike plain data, if even one bit
* becomes corrupted, the data will be entirely unrecoverable.
* Ditto if they forget their password, there is no way to recover the data.
*/
/* return size of the messenger data (for encrypted saving). */
uint32_t tox_encrypted_size(const Tox *tox)
{
return tox_size(tox) + crypto_box_MACBYTES + crypto_box_NONCEBYTES
+ crypto_pwhash_scryptsalsa208sha256_SALTBYTES + TOX_ENC_SAVE_MAGIC_LENGTH;
}
/* Save the messenger data encrypted with the given password.
* data must be at least tox_encrypted_size().
*
* returns 0 on success
* returns -1 on failure
*/
int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint32_t pplength)
{
if (pplength == 0)
return -1;
/* First derive a key from the password */
/* http://doc.libsodium.org/key_derivation/README.html */
/* note that, according to the documentation, a generic pwhash interface will be created
* once the pwhash competition (https://password-hashing.net/) is over */
uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
uint8_t key[crypto_box_KEYBYTES];
randombytes(salt, sizeof salt);
if (crypto_pwhash_scryptsalsa208sha256(
key, sizeof(key), passphrase, pplength, salt,
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) {
/* out of memory most likely */
return -1;
}
/* calling sodium_memzero segfaults, but printing passphrase works, so... libsodium bug?
* ...eh, it's not segfaulting anywhere else, so I'll assume pebkac...
sodium_memzero(passphrase, pplength); /* wipe plaintext pw */
/* next get plain save data */
uint32_t temp_size = tox_size(tox);
uint8_t temp_data[temp_size];
tox_save(tox, temp_data);
/* the output data consists of, in order:
* magic number, salt, nonce, mac, enc_data
* where the mac is automatically prepended by the encrypt()
* the magic+salt+nonce is called the prefix
* I'm not sure what else I'm supposed to do with the salt and nonce, since we
* need them to decrypt the data
*/
/* first add the prefix */
uint8_t nonce[crypto_box_NONCEBYTES];
random_nonce(nonce);
memcpy(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH);
data += TOX_ENC_SAVE_MAGIC_LENGTH;
memcpy(data, salt, crypto_pwhash_scryptsalsa208sha256_SALTBYTES);
data += crypto_pwhash_scryptsalsa208sha256_SALTBYTES;
memcpy(data, nonce, crypto_box_NONCEBYTES);
data += crypto_box_NONCEBYTES;
/* now encrypt */
if (encrypt_data_symmetric(key, nonce, temp_data, temp_size, data)
!= temp_size + crypto_box_MACBYTES) {
return -1;
}
return 0;
}
/* Load the messenger from encrypted data of size length.
*
* returns 0 on success
* returns -1 on failure
*/
int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength)
{
if (length <= crypto_box_MACBYTES + crypto_box_NONCEBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES +
TOX_ENC_SAVE_MAGIC_LENGTH)
return -1;
if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) != 0)
return -1;
data += TOX_ENC_SAVE_MAGIC_LENGTH;
uint32_t decrypt_length = length - crypto_box_MACBYTES - crypto_box_NONCEBYTES
- crypto_pwhash_scryptsalsa208sha256_SALTBYTES - TOX_ENC_SAVE_MAGIC_LENGTH;
uint8_t salt[crypto_pwhash_scryptsalsa208sha256_SALTBYTES];
uint8_t nonce[crypto_box_NONCEBYTES];
memcpy(salt, data, crypto_pwhash_scryptsalsa208sha256_SALTBYTES);
data += crypto_pwhash_scryptsalsa208sha256_SALTBYTES;
memcpy(nonce, data, crypto_box_NONCEBYTES);
data += crypto_box_NONCEBYTES;
/* derive the key */
uint8_t key[crypto_box_KEYBYTES];
if (crypto_pwhash_scryptsalsa208sha256(
key, sizeof(key), passphrase, pplength, salt,
crypto_pwhash_scryptsalsa208sha256_OPSLIMIT_INTERACTIVE * 2, /* slightly stronger */
crypto_pwhash_scryptsalsa208sha256_MEMLIMIT_INTERACTIVE) != 0) {
/* out of memory most likely */
return -1;
}
/* sodium_memzero(passphrase, pplength); /* wipe plaintext pw */
/* decrypt the data */
uint8_t temp_data[decrypt_length];
if (decrypt_data_symmetric(key, nonce, data, decrypt_length + crypto_box_MACBYTES, temp_data)
!= decrypt_length) {
return -1;
}
return tox_load(tox, temp_data, decrypt_length);
}
/* Determines whether or not the given data is encrypted (by checking the magic number)
*
* returns 1 if it is encrypted
* returns 0 otherwise
*/
int tox_is_data_encrypted(const uint8_t *data)
{
if (memcmp(data, TOX_ENC_SAVE_MAGIC_NUMBER, TOX_ENC_SAVE_MAGIC_LENGTH) == 0)
return 1;
else
return 0;
}

68
toxencryptsave/toxencryptsave.h Normal file
View File

@ -0,0 +1,68 @@
/* toxencryptsave.h
*
* The Tox encrypted save functions.
*
* Copyright (C) 2013 Tox project All Rights Reserved.
*
* This file is part of Tox.
*
* Tox is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Tox is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Tox. If not, see <http://www.gnu.org/licenses/>.
*
*/
#ifndef TOXENCRYPTSAVE_H
#define TOXENCRYPTSAVE_H
#include "../toxcore/tox.h"
#ifdef __cplusplus
extern "C" {
#endif
/* This "module" provides functions analogous to tox_load and tox_save in toxcore
* Clients should consider alerting their users that, unlike plain data, if even one bit
* becomes corrupted, the data will be entirely unrecoverable.
* Ditto if they forget their password, there is no way to recover the data.
*/
/* return size of the messenger data (for encrypted saving). */
uint32_t tox_encrypted_size(const Tox *tox);
/* Save the messenger data encrypted with the given password.
* data must be at least tox_encrypted_size().
*
* returns 0 on success
* returns -1 on failure
*/
int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint32_t pplength);
/* Load the messenger from encrypted data of size length.
*
* returns 0 on success
* returns -1 on failure
*/
int tox_encrypted_load(Tox *tox, const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength);
/* Determines whether or not the given data is encrypted (by checking the magic number)
*
* returns 1 if it is encrypted
* returns 0 otherwise
*/
int tox_is_data_encrypted(const uint8_t *data);
#ifdef __cplusplus
}
#endif
#endif