Unverified Commit 4e66fc3b authored by Alexander Færøy's avatar Alexander Færøy
Browse files

Add curve25519_keypair/0 and curve25519_shared/2.

parent 6de93689
......@@ -79,6 +79,34 @@ ERL_NIF_TERM enif_crypto_verify_32(ErlNifEnv *env, int argc, ERL_NIF_TERM const
}
}
/* Curve 25519 */
static
ERL_NIF_TERM enif_crypto_curve25519_scalarmult(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[]) {
ErlNifBinary secret, basepoint, output;
uint8_t bp[crypto_scalarmult_curve25519_BYTES];
if ((argc != 2) || (!enif_inspect_binary(env, argv[0], &secret))
|| (!enif_inspect_binary(env, argv[1], &basepoint))
|| (secret.size != crypto_scalarmult_curve25519_BYTES)
|| (basepoint.size != crypto_scalarmult_curve25519_BYTES)) {
return enif_make_badarg(env);
}
memcpy(bp, basepoint.data, crypto_scalarmult_curve25519_BYTES);
/* Clear the high-bit. Better safe than sorry. */
bp[31] &= 0x7f;
if (!enif_alloc_binary(crypto_scalarmult_curve25519_BYTES, &output)) {
return nacl_error_tuple(env, "alloc_failed");
}
if (crypto_scalarmult_curve25519(output.data, secret.data, bp) < 0) {
return nacl_error_tuple(env, "scalarmult_curve25519_failed");
}
return enif_make_binary(env, &output);
}
/* Public-key cryptography */
static
......@@ -806,7 +834,9 @@ static ErlNifFunc nif_funcs[] = {
{"crypto_hash", 1, enif_crypto_hash, ERL_NIF_DIRTY_JOB_CPU_BOUND},
{"crypto_verify_16", 2, enif_crypto_verify_16},
{"crypto_verify_32", 2, enif_crypto_verify_32},
{"crypto_curve25519_scalarmult", 2, enif_crypto_curve25519_scalarmult},
{"randombytes_b", 1, enif_randombytes},
{"randombytes", 1, enif_randombytes, ERL_NIF_DIRTY_JOB_CPU_BOUND},
......
......@@ -67,6 +67,12 @@
verify_32/2
]).
%% Curve25519
-export([
curve25519_keypair/0,
curve25519_shared/2
]).
%% Libsodium specific functions (which are also part of the "undocumented" interface to NaCl
-export([
randombytes/1
......@@ -168,6 +174,26 @@ verify_16(_, _) -> error(badarg).
verify_32(X, Y) when is_binary(X), is_binary(Y) -> enacl_nif:crypto_verify_32(X, Y);
verify_32(_, _) -> error(badarg).
%% Curve 25519 Crypto
%% ------------------
%% @doc curve25519_keypair/0 creates a new Public/Secret keypair.
%%
%% Generates and returns a new key pair for the Curve 25519 encryption scheme. The return value is a
%% map in order to avoid using the public key as a secret key and vice versa.
%% @end.
-spec curve25519_keypair() -> #{ atom() => binary() }.
curve25519_keypair() ->
<<B0:8/integer, B1:30/binary, B2:8/integer>> = randombytes(32),
SK = <<(B0 band 248), B1/binary, (64 bor (B2 band 127))>>,
PK = enacl_nif:crypto_curve25519_scalarmult(SK, <<9, 0:248>>),
#{ public => PK, secret => SK }.
%% @doc curve25519_shared/2 creates a new shared secret from a given SecretKey and PublicKey.
%% @end.
-spec curve25519_shared(SecretKey :: binary(), PublicKey :: binary()) -> binary().
curve25519_shared(SecretKey, PublicKey) ->
enacl_nif:crypto_curve25519_scalarmult(SecretKey, PublicKey).
%% Public Key Crypto
%% ---------------------
%% @doc box_keypair/0 creates a new Public/Secret keypair.
......
......@@ -71,6 +71,11 @@
crypto_onetimeauth_verify_b/3
]).
%% Curve25519
-export([
crypto_curve25519_scalarmult/2
]).
%% Miscellaneous helper functions
-export([
crypto_hash/1,
......@@ -161,6 +166,8 @@ crypto_onetimeauth_b(_Msg, _Key) -> erlang:nif_error(nif_not_loaded).
crypto_onetimeauth_verify(_Authenticator, _Msg, _Key) -> erlang:nif_error(nif_not_loaded).
crypto_onetimeauth_verify_b(_Authenticator, _Msg, _Key) -> erlang:nif_error(nif_not_loaded).
crypto_curve25519_scalarmult(_Secret, _BasePoint) -> erlang:nif_error(nif_not_loaded).
crypto_hash(Input) when is_binary(Input) -> erlang:nif_error(nif_not_loaded).
crypto_hash_b(Input) when is_binary(Input) -> erlang:nif_error(nif_not_loaded).
crypto_verify_16(_X, _Y) -> erlang:nif_error(nif_not_loaded).
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment