disco: update to newest sources
这个提交包含在:
父节点
f3154fd505
当前提交
65faa0d4f9
@ -1,12 +1,12 @@
|
||||
TARGET := disco.elf
|
||||
LOCAL_CFLAGS := -Os -fno-builtin-printf -I.
|
||||
LOCAL_CFLAGS := -Os -fno-builtin-printf -Isrc
|
||||
LOCAL_SRC_C := \
|
||||
tests/test_disco.c \
|
||||
disco_asymmetric.c \
|
||||
disco_symmetric.c \
|
||||
tweetstrobe.c \
|
||||
tweetX25519.c \
|
||||
devurandom.c
|
||||
src/disco_asymmetric.c \
|
||||
src/disco_symmetric.c \
|
||||
src/tweetstrobe.c \
|
||||
src/tweetX25519.c \
|
||||
src/devurandom.c
|
||||
|
||||
include ../conf/toolchain.mk
|
||||
include ../conf/sdk.mk
|
||||
|
@ -32,18 +32,7 @@
|
||||
// ======
|
||||
// Used for key exchanges.
|
||||
|
||||
/**
|
||||
* disco_generateKeyPair can be used to generate a X25519 keypair. This is
|
||||
* useful for creating long-term keypairs for a peer.
|
||||
* @kp an initialized keyPair struct. It is over-written by the function.
|
||||
*/
|
||||
void disco_generateKeyPair(keyPair *kp) {
|
||||
crypto_box_keypair(kp->pub, kp->priv);
|
||||
kp->isSet = true; // TODO: is this useful? If it is, should we use a magic
|
||||
// number here in case it's not initialized to false?
|
||||
}
|
||||
|
||||
void DH(keyPair mine, keyPair theirs, uint8_t *output) {
|
||||
static inline void DH(keyPair mine, keyPair theirs, uint8_t *output) {
|
||||
crypto_scalarmult(output, mine.priv, theirs.pub);
|
||||
}
|
||||
|
||||
@ -53,33 +42,37 @@ void DH(keyPair mine, keyPair theirs, uint8_t *output) {
|
||||
// Refer to the Disco specification to understand the meaning of these
|
||||
// functions.
|
||||
|
||||
void initializeSymmetric(symmetricState *ss, const char *protocol_name,
|
||||
size_t protocol_name_len) {
|
||||
static inline void initializeSymmetric(symmetricState *ss,
|
||||
const char *protocol_name,
|
||||
size_t protocol_name_len) {
|
||||
strobe_init(&(ss->strobe), protocol_name, protocol_name_len);
|
||||
}
|
||||
|
||||
void mixKey(symmetricState *ss, uint8_t *input_key_material) {
|
||||
static inline void mixKey(symmetricState *ss, uint8_t *input_key_material) {
|
||||
strobe_operate(&(ss->strobe), TYPE_AD, input_key_material, 32, false);
|
||||
ss->isKeyed = true;
|
||||
}
|
||||
|
||||
void mixHash(symmetricState *ss, uint8_t *data, size_t data_len) {
|
||||
static inline void mixHash(symmetricState *ss, uint8_t *data, size_t data_len) {
|
||||
strobe_operate(&(ss->strobe), TYPE_AD, data, data_len, false);
|
||||
}
|
||||
|
||||
void mixKeyAndHash(symmetricState *ss, uint8_t *input_key_material) {
|
||||
/*
|
||||
static inline void mixKeyAndHash(symmetricState *ss,
|
||||
uint8_t *input_key_material) {
|
||||
strobe_operate(&(ss->strobe), TYPE_AD, input_key_material, 32, false);
|
||||
}
|
||||
|
||||
void getHandshakeHash(symmetricState *ss, uint8_t *result) {
|
||||
static inline void getHandshakeHash(symmetricState *ss, uint8_t *result) {
|
||||
strobe_operate(&(ss->strobe), TYPE_PRF, result, 32, false);
|
||||
}
|
||||
*/
|
||||
|
||||
// note that this function modifies the plaintext in place, and requires the
|
||||
// plaintext buffer to have 16 more bytes of capacity for the authentication tag
|
||||
// if the symmetric state is keyed
|
||||
void encryptAndHash(symmetricState *ss, uint8_t *plaintext,
|
||||
size_t plaintext_len) {
|
||||
static inline void encryptAndHash(symmetricState *ss, uint8_t *plaintext,
|
||||
size_t plaintext_len) {
|
||||
if (!ss->isKeyed) {
|
||||
strobe_operate(&(ss->strobe), TYPE_CLR, plaintext, plaintext_len, false);
|
||||
} else {
|
||||
@ -91,8 +84,8 @@ void encryptAndHash(symmetricState *ss, uint8_t *plaintext,
|
||||
|
||||
// note that the decryption occurs in place, and the the result is
|
||||
// `ciphertext_len-16` in case the symmetric state is keyed.
|
||||
bool decryptAndHash(symmetricState *ss, uint8_t *ciphertext,
|
||||
size_t ciphertext_len) {
|
||||
static inline bool decryptAndHash(symmetricState *ss, uint8_t *ciphertext,
|
||||
size_t ciphertext_len) {
|
||||
if (!ss->isKeyed) {
|
||||
return strobe_operate(&(ss->strobe), TYPE_CLR | FLAG_I, ciphertext,
|
||||
ciphertext_len, false);
|
||||
@ -200,11 +193,9 @@ void disco_Initialize(handshakeState *hs, const char *handshake_pattern,
|
||||
|
||||
// handshake_pattern is of the following form:
|
||||
// "protocol_name \x00 pre-message patterns \x00 message patterns"
|
||||
printf("debug1:%s\n", handshake_pattern);
|
||||
initializeSymmetric(&(hs->symmetric_state), handshake_pattern,
|
||||
strlen(handshake_pattern));
|
||||
handshake_pattern = handshake_pattern + strlen(handshake_pattern) + 1;
|
||||
printf("debug2:%s\n", handshake_pattern);
|
||||
|
||||
hs->symmetric_state.isKeyed = false;
|
||||
|
||||
|
@ -12,6 +12,7 @@
|
||||
#define __DISCO_H__
|
||||
|
||||
#include "tweetstrobe.h"
|
||||
#include "tweetX25519.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <stdint.h>
|
||||
@ -80,8 +81,12 @@ typedef struct handshakeState_ {
|
||||
// Public API
|
||||
// ==========
|
||||
|
||||
// used to generate long-term key pairs
|
||||
void disco_generateKeyPair(keyPair *kp);
|
||||
// used to generate long-term key pairs for a peer
|
||||
inline void disco_generateKeyPair(keyPair *kp) {
|
||||
crypto_box_keypair(kp->pub, kp->priv);
|
||||
kp->isSet = true; // TODO: is this useful? If it is, should we use a magic
|
||||
// number here in case it's not initialized to false?
|
||||
}
|
||||
|
||||
// used to initialized your handshakeState with a handshake pattern
|
||||
void disco_Initialize(handshakeState *hs, const char *handshake_pattern,
|
||||
|
@ -4,16 +4,15 @@
|
||||
#include "tweetX25519.h"
|
||||
#define FOR(i, n) for (i = 0; i < n; ++i)
|
||||
#define sv static void
|
||||
typedef int64_t gf[16];
|
||||
|
||||
typedef long long i64;
|
||||
typedef i64 gf[16];
|
||||
extern void randombytes(u8 *, u64);
|
||||
extern void randombytes(uint8_t *, uint64_t);
|
||||
|
||||
static const u8 _9[32] = {9};
|
||||
static const uint8_t _9[32] = {9};
|
||||
static const gf _121665 = {0xDB41, 1};
|
||||
sv car25519(gf o) {
|
||||
int i;
|
||||
i64 c;
|
||||
int64_t c;
|
||||
FOR(i, 16) {
|
||||
o[i] += (1LL << 16);
|
||||
c = o[i] >> 16;
|
||||
@ -23,7 +22,7 @@ sv car25519(gf o) {
|
||||
}
|
||||
|
||||
sv sel25519(gf p, gf q, int b) {
|
||||
i64 t, i, c = ~(b - 1);
|
||||
int64_t t, i, c = ~(b - 1);
|
||||
FOR(i, 16) {
|
||||
t = c & (p[i] ^ q[i]);
|
||||
p[i] ^= t;
|
||||
@ -31,7 +30,7 @@ sv sel25519(gf p, gf q, int b) {
|
||||
}
|
||||
}
|
||||
|
||||
sv pack25519(u8 *o, const gf n) {
|
||||
sv pack25519(uint8_t *o, const gf n) {
|
||||
int i, j, b;
|
||||
gf m, t;
|
||||
FOR(i, 16) t[i] = n[i];
|
||||
@ -55,9 +54,9 @@ sv pack25519(u8 *o, const gf n) {
|
||||
}
|
||||
}
|
||||
|
||||
sv unpack25519(gf o, const u8 *n) {
|
||||
sv unpack25519(gf o, const uint8_t *n) {
|
||||
int i;
|
||||
FOR(i, 16) o[i] = n[2 * i] + ((i64)n[2 * i + 1] << 8);
|
||||
FOR(i, 16) o[i] = n[2 * i] + ((int64_t)n[2 * i + 1] << 8);
|
||||
o[15] &= 0x7fff;
|
||||
}
|
||||
|
||||
@ -72,7 +71,7 @@ sv Z(gf o, const gf a, const gf b) {
|
||||
}
|
||||
|
||||
sv M(gf o, const gf a, const gf b) {
|
||||
i64 i, j, t[31];
|
||||
int64_t i, j, t[31];
|
||||
FOR(i, 31) t[i] = 0;
|
||||
FOR(i, 16) FOR(j, 16) t[i + j] += a[i] * b[j];
|
||||
FOR(i, 15) t[i] += 38 * t[i + 16];
|
||||
@ -94,9 +93,9 @@ sv inv25519(gf o, const gf i) {
|
||||
FOR(a, 16) o[a] = c[a];
|
||||
}
|
||||
|
||||
int crypto_scalarmult(u8 *q, const u8 *n, const u8 *p) {
|
||||
u8 z[32];
|
||||
i64 x[80], r, i;
|
||||
int crypto_scalarmult(uint8_t *q, const uint8_t *n, const uint8_t *p) {
|
||||
uint8_t z[32];
|
||||
int64_t x[80], r, i;
|
||||
gf a, b, c, d, e, f;
|
||||
FOR(i, 31) z[i] = n[i];
|
||||
z[31] = (n[31] & 127) | 64;
|
||||
@ -144,11 +143,11 @@ int crypto_scalarmult(u8 *q, const u8 *n, const u8 *p) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
int crypto_scalarmult_base(u8 *q, const u8 *n) {
|
||||
int crypto_scalarmult_base(uint8_t *q, const uint8_t *n) {
|
||||
return crypto_scalarmult(q, n, _9);
|
||||
}
|
||||
|
||||
int crypto_box_keypair(u8 *y, u8 *x) {
|
||||
int crypto_box_keypair(uint8_t *y, uint8_t *x) {
|
||||
randombytes(x, 32);
|
||||
return crypto_scalarmult_base(y, x);
|
||||
}
|
||||
|
@ -1,10 +1,9 @@
|
||||
#ifndef __CURVE25519_H__
|
||||
#define __CURVE25519_H__
|
||||
|
||||
typedef unsigned char u8;
|
||||
typedef unsigned long long u64;
|
||||
#include <stdint.h>
|
||||
|
||||
int crypto_scalarmult(u8 *q, const u8 *n, const u8 *p);
|
||||
int crypto_box_keypair(u8 *y, u8 *x);
|
||||
int crypto_scalarmult(uint8_t *q, const uint8_t *n, const uint8_t *p);
|
||||
int crypto_box_keypair(uint8_t *y, uint8_t *x);
|
||||
|
||||
#endif /* __CURVE25519_H__ */
|
正在加载...
在新工单中引用
屏蔽一个用户