Commit 565522ff authored by Michael Hamburg's avatar Michael Hamburg

trying to update to the latest version of strobe. lots of stuff in flux though

parent 2d85bbf7
This diff is collapsed.
......@@ -31,8 +31,13 @@
#define NONNULL5 __attribute__((nonnull(1,2,3,4,5)))
/** @endcond */
/* Internal word types */
/* TODO: decide this internally, per curve, based on how it was built! */
/* Internal word types.
*
* Somewhat tricky. This could be decided separately per platform. However,
* the structs do need to be all the same size and alignment on a given
* platform to support dynamic linking, since even if you header was built
* with eg arch_neon, you might end up linking a library built with arch_arm32.
*/
#if (defined(__ILP64__) || defined(__amd64__) || defined(__x86_64__) || (((__UINT_FAST32_MAX__)>>30)>>30)) \
&& !defined(DECAF_FORCE_32_BIT)
#define DECAF_WORD_BITS 64
......
......@@ -96,33 +96,32 @@ void decaf_255_private_to_public (
* @param [in] shared_bytes The size of the buffer.
* @param [in] my_privkey My private key.
* @param [in] your_pubkey Your public key.
* @param [in] me_first Direction flag to break symmetry.
*
* @retval DECAF_SUCCESS Key exchange was successful.
* @retval DECAF_FAILURE Key exchange failed.
*
* @warning This is a pretty silly shared secret computation
* and will almost definitely change in the future.
*/
decaf_error_t
decaf_255_shared_secret (
uint8_t *shared,
size_t shared_bytes,
const decaf_255_private_key_t my_privkey,
const decaf_255_public_key_t your_pubkey
const decaf_255_public_key_t your_pubkey,
int me_first
) NONNULL134 WARN_UNUSED API_VIS;
/**
* @brief Sign a message from its SHAKE context.
* @brief Sign a message from a STROBE context.
*
* @param [out] sig The signature.
* @param [in] priv Your private key.
* @param [in] shake A SHAKE256 context with the message.
* @param [in] strobe A STROBE context with the message.
*/
void
decaf_255_sign_shake (
decaf_255_sign_strobe (
keccak_strobe_t strobe,
decaf_255_signature_t sig,
const decaf_255_private_key_t priv,
const shake256_ctx_t shake
const decaf_255_private_key_t priv
) NONNULL3 API_VIS;
/**
......@@ -142,20 +141,20 @@ decaf_255_sign (
) NONNULL3 API_VIS;
/**
* @brief Verify a signed message from its SHAKE context.
* @brief Verify a signed message from its STROBE context.
*
* @param [in] sig The signature.
* @param [in] pub The public key.
* @param [in] shake A SHAKE256 context with the message.
* @param [in] strobe A STROBE context with the message.
*
* @return DECAF_SUCCESS The signature verified successfully.
* @return DECAF_FAILURE The signature did not verify successfully.
*/
decaf_error_t
decaf_255_verify_shake (
decaf_255_verify_strobe (
keccak_strobe_t strobe,
const decaf_255_signature_t sig,
const decaf_255_public_key_t pub,
const shake256_ctx_t shake
const decaf_255_public_key_t pub
) NONNULL3 API_VIS WARN_UNUSED;
/**
......
This diff is collapsed.
......@@ -191,108 +191,104 @@ private:
class Strobe : private KeccakSponge {
public:
/* TODO: pull out parameters */
static const uint16_t DEFAULT_AUTH_SIZE = 16;
/** Am I a server or a client? */
enum client_or_server { SERVER, CLIENT };
inline Strobe (
const char *description,
client_or_server whoami,
const kparams_s &params = STROBE_256
) NOEXCEPT : KeccakSponge(NOINIT()) {
strobe_init(sp, &params, whoami == CLIENT);
strobe_init(sp, &params, description, whoami == CLIENT);
keyed = false;
}
/* TODO: add a key type keyword */
/* TODO: add a "keyed" tracker */
inline void key (
const Block &data, bool more = false
const Block &data
) throw(ProtocolException) {
if (!strobe_key(sp, data.data(), data.size(), more)) throw ProtocolException();
strobe_key(sp, data.data(), data.size());
keyed = true;
}
template<class T> inline void key (
const Serializable<T> &data, bool more = false
const Serializable<T> &data
) throw(ProtocolException) {
key(data.serialize(), more);
key(data.serialize());
}
inline void nonce(const Block &data, bool more = false) throw(ProtocolException) {
if (!strobe_nonce(sp, data.data(), data.size(), more)) throw ProtocolException();
inline void nonce(const Block &data) NOEXCEPT {
strobe_nonce(sp, data.data(), data.size());
}
inline void send_plaintext(const Block &data, bool more = false) throw(ProtocolException) {
if (!strobe_plaintext(sp, data.data(), data.size(), true, more))
throw(ProtocolException());
/* TODO: this doesn't actually send ... maybe think about gluing to socket code? */
inline void send_plaintext(const Block &data) NOEXCEPT {
strobe_plaintext(sp, data.data(), data.size(), true);
}
template<class T> inline void send_plaintext(const Serializable<T> &data, bool more = false) throw(ProtocolException) {
send_plaintext(data.serialize(), more);
template<class T> inline void send_plaintext(const Serializable<T> &data) NOEXCEPT {
send_plaintext(data.serialize());
}
inline void recv_plaintext(const Block &data, bool more = false
) throw(ProtocolException) {
if (!strobe_plaintext(sp, data.data(), data.size(), false, more))
throw(ProtocolException());
inline void recv_plaintext(const Block &data) NOEXCEPT {
strobe_plaintext(sp, data.data(), data.size(), false);
}
template<class T> inline void recv_plaintext(const Serializable<T> &data, bool more = false) throw(ProtocolException) {
recv_plaintext(data.serialize(), more);
template<class T> inline void recv_plaintext(const Serializable<T> &data) NOEXCEPT {
recv_plaintext(data.serialize());
}
inline void ad(const Block &data, bool more = false) throw(ProtocolException) {
if (!strobe_ad(sp, data.data(), data.size(), more))
throw(ProtocolException());
inline void ad(const Block &data) {
strobe_ad(sp, data.data(), data.size());
}
template<class T> inline void ad(const Serializable<T> &data, bool more = false) throw(ProtocolException) {
ad(data.serialize(), more);
template<class T> inline void ad(const Serializable<T> &data) NOEXCEPT {
ad(data.serialize());
}
inline void encrypt_no_auth(
Buffer out, const Block &data, bool more = false
) throw(LengthException,ProtocolException) {
inline void encrypt_no_auth(Buffer out, const Block &data) throw(LengthException,ProtocolException) {
if (!keyed) throw ProtocolException();
if (out.size() != data.size()) throw LengthException();
if (!strobe_encrypt(sp, out.data(), data.data(), data.size(), more)) throw(ProtocolException());
strobe_encrypt(sp, out.data(), data.data(), data.size());
}
inline SecureBuffer encrypt_no_auth(const Block &data, bool more = false
) throw(ProtocolException) {
SecureBuffer out(data.size()); encrypt_no_auth(out, data, more); return out;
inline SecureBuffer encrypt_no_auth(const Block &data) throw(ProtocolException) {
SecureBuffer out(data.size()); encrypt_no_auth(out, data); return out;
}
template<class T> inline SecureBuffer encrypt_no_auth(const Serializable<T> &data, bool more = false
) throw(ProtocolException) {
return encrypt_no_auth(data.serialize(), more);
template<class T> inline SecureBuffer encrypt_no_auth(const Serializable<T> &data) throw(ProtocolException) {
return encrypt_no_auth(data.serialize());
}
inline void decrypt_no_auth(
Buffer out, const Block &data, bool more = false
) throw(LengthException,ProtocolException) {
inline void decrypt_no_auth(Buffer out, const Block &data) throw(LengthException,ProtocolException) {
if (!keyed) throw ProtocolException();
if (out.size() != data.size()) throw LengthException();
if (!strobe_decrypt(sp, out.data(), data.data(), data.size(), more)) throw ProtocolException();
strobe_decrypt(sp, out.data(), data.data(), data.size());
}
inline SecureBuffer decrypt_no_auth(const Block &data, bool more = false
) throw(ProtocolException) {
SecureBuffer out(data.size()); decrypt_no_auth(out, data, more); return out;
inline SecureBuffer decrypt_no_auth(const Block &data) throw(ProtocolException) {
SecureBuffer out(data.size()); decrypt_no_auth(out, data); return out;
}
template<class T> inline SecureBuffer decrypt_no_auth(const Serializable<T> &data, bool more = false
) throw(ProtocolException) {
return decrypt_no_auth(data.serialize(),more);
template<class T> inline SecureBuffer decrypt_no_auth(const Serializable<T> &data) throw(ProtocolException) {
return decrypt_no_auth(data.serialize());
}
inline void produce_auth(Buffer out) throw(LengthException,ProtocolException) {
if (!keyed) throw ProtocolException(); /* TODO: maybe. Could use for eg sanity or dos protection */
if (out.size() > STROBE_MAX_AUTH_BYTES) throw LengthException();
if (!strobe_produce_auth(sp, out.data(), out.size())) throw ProtocolException();
strobe_produce_auth(sp, out.data(), out.size());
}
inline SecureBuffer produce_auth(
uint8_t bytes = 8
) throw(ProtocolException) {
inline SecureBuffer produce_auth(uint8_t bytes = DEFAULT_AUTH_SIZE) throw(ProtocolException) {
SecureBuffer out(bytes); produce_auth(out); return out;
}
inline void encrypt(
Buffer out, const Block &data, uint8_t auth = 8
Buffer out, const Block &data, uint8_t auth = DEFAULT_AUTH_SIZE
) throw(LengthException,ProtocolException) {
if (out.size() < data.size() || out.size() != data.size() + auth) throw LengthException();
encrypt_no_auth(out.slice(0,data.size()), data);
......@@ -300,19 +296,19 @@ public:
}
inline SecureBuffer encrypt (
const Block &data, uint8_t auth = 8
const Block &data, uint8_t auth = DEFAULT_AUTH_SIZE
) throw(LengthException,ProtocolException,std::bad_alloc ){
SecureBuffer out(data.size() + auth); encrypt(out, data, auth); return out;
}
template<class T> inline SecureBuffer encrypt (
const Serializable<T> &data, uint8_t auth = 8
const Serializable<T> &data, uint8_t auth = DEFAULT_AUTH_SIZE
) throw(LengthException,ProtocolException,std::bad_alloc ){
return encrypt(data.serialize(), auth);
}
inline void decrypt (
Buffer out, const Block &data, uint8_t bytes = 8
Buffer out, const Block &data, uint8_t bytes = DEFAULT_AUTH_SIZE
) throw(LengthException, CryptoException, ProtocolException) {
if (out.size() > data.size() || out.size() != data.size() - bytes) throw LengthException();
decrypt_no_auth(out, data.slice(0,out.size()));
......@@ -320,13 +316,13 @@ public:
}
template<class T> inline SecureBuffer decrypt (
const Serializable<T> &data, uint8_t auth = 8
const Serializable<T> &data, uint8_t auth = DEFAULT_AUTH_SIZE
) throw(LengthException,ProtocolException,CryptoException, std::bad_alloc ){
return decrypt(data.serialize(), auth);
}
inline SecureBuffer decrypt (
const Block &data, uint8_t bytes = 8
const Block &data, uint8_t bytes = DEFAULT_AUTH_SIZE
) throw(LengthException,CryptoException,ProtocolException,std::bad_alloc) {
if (data.size() < bytes) throw LengthException();
SecureBuffer out(data.size() - bytes); decrypt(out, data, bytes); return out;
......@@ -334,20 +330,24 @@ public:
inline void verify_auth(const Block &auth) throw(LengthException,CryptoException) {
if (auth.size() == 0 || auth.size() > STROBE_MAX_AUTH_BYTES) throw LengthException();
if (!strobe_verify_auth(sp, auth.data(), auth.size())) throw CryptoException();
if (strobe_verify_auth(sp, auth.data(), auth.size()) != DECAF_SUCCESS) throw CryptoException();
}
inline void prng(Buffer out, bool more = false) NOEXCEPT {
(void)strobe_prng(sp, out.data(), out.size(), more);
inline void prng(Buffer out) NOEXCEPT {
(void)strobe_prng(sp, out.data(), out.size());
}
inline SecureBuffer prng(size_t bytes, bool more = false) {
SecureBuffer out(bytes); prng(out, more); return out;
inline SecureBuffer prng(size_t bytes) {
SecureBuffer out(bytes); prng(out); return out;
}
inline void respec(const kparams_s &params) throw(ProtocolException) {
if (!strobe_respec(sp, &params)) throw(ProtocolException());
if (!keyed) throw(ProtocolException());
strobe_respec(sp, &params);
}
private:
bool keyed;
};
} /* namespace decaf */
......
This diff is collapsed.
......@@ -157,7 +157,7 @@ static void tdh (
* hash gx and gy into the session secret (only into the MAC
* and AD) because of IPR concerns.
*/
Strobe client(Strobe::CLIENT), server(Strobe::SERVER);
Strobe client("example::tripleDH",Strobe::CLIENT), server("example::tripleDH",Strobe::SERVER);
Scalar xe(clientRng);
SecureBuffer gxe((Precomputed::base() * xe).serialize());
......@@ -198,7 +198,7 @@ static void fhmqv (
Scalar y, const Block &gy
) {
/* Don't use this, it's probably patented */
Strobe client(Strobe::CLIENT), server(Strobe::SERVER);
Strobe client("example::fhmqv",Strobe::CLIENT), server("example::fhmqv",Strobe::SERVER);
Scalar xe(clientRng);
client.send_plaintext(gx);
......@@ -238,7 +238,7 @@ static void spake2ee(
const Block &hashed_password,
bool aug
) {
Strobe client(Strobe::CLIENT), server(Strobe::SERVER);
Strobe client("example::spake2ee",Strobe::CLIENT), server("example::spake2ee",Strobe::SERVER);
Scalar x(clientRng);
......@@ -394,7 +394,7 @@ int main(int argc, char **argv) {
SHAKE<128> shake1;
SHAKE<256> shake2;
SHA3<512> sha5;
Strobe strobe(Strobe::CLIENT);
Strobe strobe("example::bench",Strobe::CLIENT);
unsigned char b1024[1024] = {1};
for (Benchmark b("SHAKE128 1kiB", 30); b.iter(); ) { shake1 += Buffer(b1024,1024); }
for (Benchmark b("SHAKE256 1kiB", 30); b.iter(); ) { shake2 += Buffer(b1024,1024); }
......@@ -402,19 +402,19 @@ int main(int argc, char **argv) {
strobe.key(Buffer(b1024,1024));
strobe.respec(STROBE_128);
for (Benchmark b("STROBE128 1kiB", 10); b.iter(); ) {
strobe.encrypt_no_auth(Buffer(b1024,1024),Buffer(b1024,1024),b.i>1);
strobe.encrypt_no_auth(Buffer(b1024,1024),Buffer(b1024,1024));
}
strobe.respec(STROBE_256);
for (Benchmark b("STROBE256 1kiB", 10); b.iter(); ) {
strobe.encrypt_no_auth(Buffer(b1024,1024),Buffer(b1024,1024),b.i>1);
strobe.encrypt_no_auth(Buffer(b1024,1024),Buffer(b1024,1024));
}
strobe.respec(STROBE_KEYED_128);
for (Benchmark b("STROBEk128 1kiB", 10); b.iter(); ) {
strobe.encrypt_no_auth(Buffer(b1024,1024),Buffer(b1024,1024),b.i>1);
strobe.encrypt_no_auth(Buffer(b1024,1024),Buffer(b1024,1024));
}
strobe.respec(STROBE_KEYED_256);
for (Benchmark b("STROBEk256 1kiB", 10); b.iter(); ) {
strobe.encrypt_no_auth(Buffer(b1024,1024),Buffer(b1024,1024),b.i>1);
strobe.encrypt_no_auth(Buffer(b1024,1024),Buffer(b1024,1024));
}
Benches<IsoEd25519>::micro();
......@@ -432,7 +432,7 @@ int main(int argc, char **argv) {
decaf_255_private_to_public(p2,s2);
for (Benchmark b("Shared secret"); b.iter(); ) {
decaf_bool_t ret = decaf_255_shared_secret(ss,sizeof(ss),s1,p2);
decaf_bool_t ret = decaf_255_shared_secret(ss,sizeof(ss),s1,p2,1);
ignore_result(ret);
assert(ret);
}
......
......@@ -13,6 +13,13 @@
#include <string.h>
#include <decaf/shake.h>
void usage() {
fprintf(
stderr,
"shakesum [shake256|shake128|sha3-224|sha3-384|sha3-512] < infile > outfile\n"
);
}
int main(int argc, char **argv) {
(void)argc; (void)argv;
......@@ -42,6 +49,9 @@ int main(int argc, char **argv) {
} else if (!strcmp(argv[1], "sha3-512") || !strcmp(argv[1], "SHA3-512")) {
outlen = 512/8;
sha3_512_gen_init(sponge);
} else {
usage();
return 2;
}
}
......
......@@ -360,10 +360,10 @@ static void test_decaf() {
decaf_255_private_to_public(p1,s1);
decaf_255_derive_private_key(s2,proto2);
decaf_255_private_to_public(p2,s2);
if (DECAF_SUCCESS != decaf_255_shared_secret (shared1,sizeof(shared1),s1,p2)) {
if (DECAF_SUCCESS != decaf_255_shared_secret (shared1,sizeof(shared1),s1,p2,0)) {
test.fail(); printf("Fail ss12\n");
}
if (DECAF_SUCCESS != decaf_255_shared_secret (shared2,sizeof(shared2),s2,p1)) {
if (DECAF_SUCCESS != decaf_255_shared_secret (shared2,sizeof(shared2),s2,p1,1)) {
test.fail(); printf("Fail ss21\n");
}
if (memcmp(shared1,shared2,sizeof(shared1))) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment