From ccfd777e35812a914dd0025487f219d5f503a1bd Mon Sep 17 00:00:00 2001 From: dubslow Date: Sun, 12 Oct 2014 02:28:18 -0500 Subject: [PATCH 1/2] apparently i forgot to add/commit these comments... --- toxencryptsave/toxencryptsave.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/toxencryptsave/toxencryptsave.h b/toxencryptsave/toxencryptsave.h index b85d945c..6abcca42 100644 --- a/toxencryptsave/toxencryptsave.h +++ b/toxencryptsave/toxencryptsave.h @@ -94,8 +94,17 @@ int tox_pass_encrypt(uint8_t* data, uint32_t data_len, uint8_t* passphrase, uint */ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint32_t pplength); +/* This is the inverse of tox_pass_key_encrypt, also using only keys produced by + * tox_derive_key_from_pass. + * + * returns the length of the output data (== data_len - TOX_PASS_ENCRYPTION_EXTRA_LENGTH) on success + * returns -1 on failure + */ +int tox_pass_key_decrypt(const uint8_t* data, uint32_t length, const uint8_t* key, uint8_t* out); + /* Decrypts the given data with the given passphrase. The output array must be - * at least data_len - TOX_PASS_ENCRYPTION_EXTRA_LENGTH bytes long. + * at least data_len - TOX_PASS_ENCRYPTION_EXTRA_LENGTH bytes long. This delegates + * to tox_pass_key_decrypt. * * tox_encrypted_load() is a good example of how to use this function. * From 57d3b3be05788ed46a7fef0b3073c6c5222cf8d3 Mon Sep 17 00:00:00 2001 From: dubslow Date: Sun, 12 Oct 2014 03:08:05 -0500 Subject: [PATCH 2/2] Fix include issue --- toxencryptsave/toxencryptsave.c | 13 +++++++++++-- toxencryptsave/toxencryptsave.h | 25 +++++++++++++------------ 2 files changed, 24 insertions(+), 14 deletions(-) diff --git a/toxencryptsave/toxencryptsave.c b/toxencryptsave/toxencryptsave.c index 7efba089..7492f06b 100644 --- a/toxencryptsave/toxencryptsave.c +++ b/toxencryptsave/toxencryptsave.c @@ -35,6 +35,15 @@ #include #endif +#define TOX_PASS_ENCRYPTION_EXTRA_LENGTH (crypto_box_MACBYTES + crypto_box_NONCEBYTES \ + + crypto_pwhash_scryptsalsa208sha256_SALTBYTES) + +#define TOX_PASS_KEY_LENGTH (crypto_box_KEYBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES) + +int tox_pass_encryption_extra_length() {return TOX_PASS_ENCRYPTION_EXTRA_LENGTH;} + +int tox_pass_key_length() {return TOX_PASS_KEY_LENGTH;} + /* This "module" provides functions analogous to tox_load and tox_save in toxcore * Clients should consider alerting their users that, unlike plain data, if even one bit * becomes corrupted, the data will be entirely unrecoverable. @@ -98,7 +107,7 @@ int tox_derive_key_from_pass(uint8_t *passphrase, uint32_t pplength, uint8_t *ou * returns 0 on success * returns -1 on failure */ -int tox_pass_key_encrypt(uint8_t *data, uint32_t data_len, const uint8_t *key, uint8_t *out) +int tox_pass_key_encrypt(const uint8_t *data, uint32_t data_len, const uint8_t *key, uint8_t *out) { /* the output data consists of, in order: * salt, nonce, mac, enc_data @@ -134,7 +143,7 @@ int tox_pass_key_encrypt(uint8_t *data, uint32_t data_len, const uint8_t *key, u * returns 0 on success * returns -1 on failure */ -int tox_pass_encrypt(uint8_t *data, uint32_t data_len, uint8_t *passphrase, uint32_t pplength, uint8_t *out) +int tox_pass_encrypt(const uint8_t *data, uint32_t data_len, uint8_t *passphrase, uint32_t pplength, uint8_t *out) { uint8_t key[TOX_PASS_KEY_LENGTH]; diff --git a/toxencryptsave/toxencryptsave.h b/toxencryptsave/toxencryptsave.h index 2fb6a8c5..d805cf97 100644 --- a/toxencryptsave/toxencryptsave.h +++ b/toxencryptsave/toxencryptsave.h @@ -35,10 +35,11 @@ extern "C" { typedef struct Tox Tox; #endif -#define TOX_PASS_ENCRYPTION_EXTRA_LENGTH (crypto_box_MACBYTES + crypto_box_NONCEBYTES \ - + crypto_pwhash_scryptsalsa208sha256_SALTBYTES) +// these two functions provide access to these defines in toxencryptsave.c, which +//otherwise aren't actually available in clients... +int tox_pass_encryption_extra_length(); -#define TOX_PASS_KEY_LENGTH (crypto_box_KEYBYTES + crypto_pwhash_scryptsalsa208sha256_SALTBYTES) +int tox_pass_key_length(); /* This "module" provides functions analogous to tox_load and tox_save in toxcore * Clients should consider alerting their users that, unlike plain data, if even one bit @@ -50,7 +51,7 @@ typedef struct Tox Tox; uint32_t tox_encrypted_size(const Tox *tox); /* Generates a secret symmetric key from the given passphrase. out_key must be at least - * TOX_PASS_KEY_LENGTH bytes long. + * tox_pass_key_length() bytes long. * Be sure to not compromise the key! Only keep it in memory, do not write to disk. * This function is fairly cheap, but irungentoo insists that you be allowed to * cache the result if you want, to minimize computation for repeated encryptions. @@ -64,8 +65,8 @@ uint32_t tox_encrypted_size(const Tox *tox); int tox_derive_key_from_pass(uint8_t *passphrase, uint32_t pplength, uint8_t *out_key); /* Encrypt arbitrary with a key produced by tox_derive_key_from_pass. The output - * array must be at least data_len + TOX_PASS_ENCRYPTION_EXTRA_LENGTH bytes long. - * key must be TOX_PASS_KEY_LENGTH bytes. + * array must be at least data_len + tox_pass_encryption_extra_length() bytes long. + * key must be tox_pass_key_length() bytes. * If you already have a symmetric key from somewhere besides this module, simply * call encrypt_data_symmetric in toxcore/crypto_core directly. * @@ -73,10 +74,10 @@ int tox_derive_key_from_pass(uint8_t *passphrase, uint32_t pplength, uint8_t *ou * returns 0 on success * returns -1 on failure */ -int tox_pass_key_encrypt(uint8_t *data, uint32_t data_len, const uint8_t *key, uint8_t *out); +int tox_pass_key_encrypt(const uint8_t *data, uint32_t data_len, const uint8_t *key, uint8_t *out); /* Encrypts the given data with the given passphrase. The output array must be - * at least data_len + TOX_PASS_ENCRYPTION_EXTRA_LENGTH bytes long. This delegates + * at least data_len + tox_pass_encryption_extra_length() bytes long. This delegates * to tox_derive_key_from_pass and tox_pass_key_encrypt. * * tox_encrypted_save() is a good example of how to use this function. @@ -84,7 +85,7 @@ int tox_pass_key_encrypt(uint8_t *data, uint32_t data_len, const uint8_t *key, u * returns 0 on success * returns -1 on failure */ -int tox_pass_encrypt(uint8_t *data, uint32_t data_len, uint8_t *passphrase, uint32_t pplength, uint8_t *out); +int tox_pass_encrypt(const uint8_t *data, uint32_t data_len, uint8_t *passphrase, uint32_t pplength, uint8_t *out); /* Save the messenger data encrypted with the given password. * data must be at least tox_encrypted_size(). @@ -97,18 +98,18 @@ int tox_encrypted_save(const Tox *tox, uint8_t *data, uint8_t *passphrase, uint3 /* This is the inverse of tox_pass_key_encrypt, also using only keys produced by * tox_derive_key_from_pass. * - * returns the length of the output data (== data_len - TOX_PASS_ENCRYPTION_EXTRA_LENGTH) on success + * returns the length of the output data (== data_len - tox_pass_encryption_extra_length()) on success * returns -1 on failure */ int tox_pass_key_decrypt(const uint8_t* data, uint32_t length, const uint8_t* key, uint8_t* out); /* Decrypts the given data with the given passphrase. The output array must be - * at least data_len - TOX_PASS_ENCRYPTION_EXTRA_LENGTH bytes long. This delegates + * at least data_len - tox_pass_encryption_extra_length() bytes long. This delegates * to tox_pass_key_decrypt. * * tox_encrypted_load() is a good example of how to use this function. * - * returns the length of the output data (== data_len - TOX_PASS_ENCRYPTION_EXTRA_LENGTH) on success + * returns the length of the output data (== data_len - tox_pass_encryption_extra_length()) on success * returns -1 on failure */ int tox_pass_decrypt(const uint8_t *data, uint32_t length, uint8_t *passphrase, uint32_t pplength, uint8_t *out);