Commit c08f83a7 authored by Jesper Louis Andersen's avatar Jesper Louis Andersen
Browse files

Implement cryptography for secret boxes.

parent ff5196b9
......@@ -124,7 +124,7 @@ ERL_NIF_TERM enif_crypto_box_open(ErlNifEnv *env, int argc, ERL_NIF_TERM const a
return nacl_error_tuple(env, "alloc_failed");
}
if (crypto_box_open(result.data, padded_ciphertext.data, padded_ciphertext.size, nonce.data, pk.data, sk.data)) {
if (crypto_box_open(result.data, padded_ciphertext.data, padded_ciphertext.size, nonce.data, pk.data, sk.data) != 0) {
enif_release_binary(&result);
return nacl_error_tuple(env, "failed_verification");
}
......@@ -135,7 +135,103 @@ ERL_NIF_TERM enif_crypto_box_open(ErlNifEnv *env, int argc, ERL_NIF_TERM const a
crypto_box_ZEROBYTES,
padded_ciphertext.size - crypto_box_ZEROBYTES);
}
/* Secret key cryptography */
static
ERL_NIF_TERM enif_crypto_secretbox_NONCEBYTES(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[]) {
return enif_make_int64(env, crypto_secretbox_NONCEBYTES);
}
static
ERL_NIF_TERM enif_crypto_secretbox_KEYBYTES(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[]) {
return enif_make_int64(env, crypto_secretbox_KEYBYTES);
}
static
ERL_NIF_TERM enif_crypto_secretbox_ZEROBYTES(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[]) {
return enif_make_int64(env, crypto_secretbox_ZEROBYTES);
}
static
ERL_NIF_TERM enif_crypto_secretbox_BOXZEROBYTES(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[]) {
return enif_make_int64(env, crypto_secretbox_BOXZEROBYTES);
}
static
ERL_NIF_TERM enif_crypto_secretbox(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[]) {
ErlNifBinary key, nonce, padded_msg, padded_ciphertext;
if (
(argc != 3) ||
(!enif_inspect_iolist_as_binary(env, argv[0], &padded_msg)) ||
(!enif_inspect_iolist_as_binary(env, argv[1], &nonce)) ||
(!enif_inspect_iolist_as_binary(env, argv[2], &key))) {
return enif_make_badarg(env);
}
if (
(key.size != crypto_secretbox_KEYBYTES) ||
(nonce.size != crypto_secretbox_NONCEBYTES) ||
(padded_msg.size < crypto_secretbox_ZEROBYTES)) {
return enif_make_badarg(env);
}
if (!enif_alloc_binary(padded_msg.size, &padded_ciphertext)) {
return nacl_error_tuple(env, "alloc_failed");
}
crypto_secretbox(
padded_ciphertext.data,
padded_msg.data, padded_msg.size,
nonce.data,
key.data);
return enif_make_sub_binary(env,
enif_make_binary(env, &padded_ciphertext),
crypto_secretbox_BOXZEROBYTES,
padded_msg.size - crypto_secretbox_BOXZEROBYTES);
}
static
ERL_NIF_TERM enif_crypto_secretbox_open(ErlNifEnv *env, int argc, ERL_NIF_TERM const argv[]) {
ErlNifBinary key, nonce, padded_ciphertext, padded_msg;
if (
(argc != 3) ||
(!enif_inspect_iolist_as_binary(env, argv[0], &padded_ciphertext)) ||
(!enif_inspect_iolist_as_binary(env, argv[1], &nonce)) ||
(!enif_inspect_iolist_as_binary(env, argv[2], &key))) {
return enif_make_badarg(env);
}
if (
(key.size != crypto_secretbox_KEYBYTES) ||
(nonce.size != crypto_secretbox_NONCEBYTES) ||
(padded_ciphertext.size < crypto_secretbox_BOXZEROBYTES)) {
return enif_make_badarg(env);
}
if (!enif_alloc_binary(padded_ciphertext.size, &padded_msg)) {
return nacl_error_tuple(env, "alloc_failed");
}
if (crypto_secretbox_open(
padded_msg.data,
padded_ciphertext.data,
padded_ciphertext.size,
nonce.data,
key.data) != 0) {
enif_release_binary(&padded_msg);
return nacl_error_tuple(env, "failed_verification");
}
return enif_make_sub_binary(
env,
enif_make_binary(env, &padded_msg),
crypto_secretbox_ZEROBYTES,
padded_ciphertext.size - crypto_secretbox_ZEROBYTES);
}
/* Tie the knot to the Erlang world */
static ErlNifFunc nif_funcs[] = {
{"crypto_box_NONCEBYTES", 0, enif_crypto_box_NONCEBYTES},
......@@ -144,7 +240,17 @@ static ErlNifFunc nif_funcs[] = {
{"crypto_box_keypair", 0, enif_crypto_box_keypair},
{"crypto_box", 4, enif_crypto_box, ERL_NIF_DIRTY_JOB_CPU_BOUND},
{"crypto_box_open", 4, enif_crypto_box_open, ERL_NIF_DIRTY_JOB_CPU_BOUND},
{"crypto_secretbox_NONCEBYTES", 0, enif_crypto_secretbox_NONCEBYTES},
{"crypto_secretbox_ZEROBYTES", 0, enif_crypto_secretbox_ZEROBYTES},
{"crypto_secretbox_BOXZEROBYTES", 0, enif_crypto_secretbox_BOXZEROBYTES},
{"crypto_secretbox_KEYBYTES", 0, enif_crypto_secretbox_KEYBYTES},
{"crypto_secretbox", 3, enif_crypto_secretbox, ERL_NIF_DIRTY_JOB_CPU_BOUND},
{"crypto_secretbox_open", 3, enif_crypto_secretbox_open, ERL_NIF_DIRTY_JOB_CPU_BOUND},
{"crypto_hash", 1, enif_crypto_hash, ERL_NIF_DIRTY_JOB_CPU_BOUND}
};
ERL_NIF_INIT(enacl_nif, nif_funcs, NULL, NULL, NULL, NULL);
......@@ -2,13 +2,14 @@
-include_lib("eqc/include/eqc.hrl").
-compile(export_all).
%% CRYPTO BOX
%% ---------------------------
nonce() ->
Sz = enacl:box_nonce_size(),
binary(Sz).
%% CRYPTO BOX
%% ---------------------------
prop_box_keypair() ->
?FORALL(_X, return(dummy),
ok_box(enacl:box_keypair())).
......@@ -36,6 +37,29 @@ prop_box_failure_integrity() ->
equals(Err, {error, failed_verification})
end).
%% CRYPTO SECRET BOX
%% -------------------------------
secret_key() ->
Sz = enacl:secretbox_key_size(),
binary(Sz).
prop_secretbox_correct() ->
?FORALL({Msg, Nonce, Key}, {binary(), nonce(), secret_key()},
begin
CipherText = enacl:secretbox(Msg, Nonce, Key),
{ok, DecodedMsg} = enacl:secretbox_open(CipherText, Nonce, Key),
equals(Msg, DecodedMsg)
end).
prop_secretbox_failure_integrity() ->
?FORALL({Msg, Nonce, Key}, {binary(), nonce(), secret_key()},
begin
CipherText = enacl:secretbox(Msg, Nonce, Key),
Err = enacl:secretbox_open([<<"x">>, CipherText], Nonce, Key),
equals(Err, {error, failed_verification})
end).
%% HASHING
%% ---------------------------
diff_pair(Sz) ->
......
-module(enacl).
%% Public key crypto
-export([
box_keypair/0,
box/4,
......@@ -7,21 +8,29 @@
box_nonce_size/0
]).
%% Secret key crypto
-export([
secretbox/3,
secretbox_open/3,
secretbox_nonce_size/0,
secretbox_key_size/0
]).
-export([
hash/1
]).
hash(Bin) ->
enacl_nif:crypto_hash(Bin).
box_keypair() ->
enacl_nif:crypto_box_keypair().
box(Msg, Nonce, PK, SK) ->
enacl_nif:crypto_box([zerobytes(), Msg], Nonce, PK, SK).
enacl_nif:crypto_box([p_zerobytes(), Msg], Nonce, PK, SK).
box_open(CipherText, Nonce, PK, SK) ->
case enacl_nif:crypto_box_open([box_zerobytes(), CipherText], Nonce, PK, SK) of
case enacl_nif:crypto_box_open([p_box_zerobytes(), CipherText], Nonce, PK, SK) of
{error, Err} -> {error, Err};
Bin when is_binary(Bin) -> {ok, Bin}
end.
......@@ -29,9 +38,30 @@ box_open(CipherText, Nonce, PK, SK) ->
box_nonce_size() ->
enacl_nif:crypto_box_NONCEBYTES().
secretbox(Msg, Nonce, Key) ->
enacl_nif:crypto_secretbox([s_zerobytes(), Msg], Nonce, Key).
secretbox_open(CipherText, Nonce, Key) ->
case enacl_nif:crypto_secretbox_open([s_box_zerobytes(), CipherText], Nonce, Key) of
{error, Err} -> {error, Err};
Bin when is_binary(Bin) -> {ok, Bin}
end.
secretbox_nonce_size() ->
enacl_nif:crypto_secretbox_NONCEBYTES().
secretbox_key_size() ->
enacl_nif:crypto_secretbox_KEYBYTES().
%% Helpers
zerobytes() ->
p_zerobytes() ->
binary:copy(<<0>>, enacl_nif:crypto_box_ZEROBYTES()).
box_zerobytes() ->
p_box_zerobytes() ->
binary:copy(<<0>>, enacl_nif:crypto_box_BOXZEROBYTES()).
s_zerobytes() ->
binary:copy(<<0>>, enacl_nif:crypto_secretbox_ZEROBYTES()).
s_box_zerobytes() ->
binary:copy(<<0>>, enacl_nif:crypto_secretbox_BOXZEROBYTES()).
......@@ -12,6 +12,16 @@
crypto_box_BOXZEROBYTES/0
]).
%% Secret key crypto
-export([
crypto_secretbox/3,
crypto_secretbox_open/3,
crypto_secretbox_NONCEBYTES/0,
crypto_secretbox_ZEROBYTES/0,
crypto_secretbox_BOXZEROBYTES/0,
crypto_secretbox_KEYBYTES/0
]).
%% Miscellaneous helper functions
-export([
crypto_hash/1
......@@ -39,6 +49,14 @@ crypto_box_keypair() -> not_loaded().
crypto_box(_PaddedMsg, _Nonce, _PK, _SK) -> not_loaded().
crypto_box_open(_CipherText, _Nonce, _PK, _SK) -> not_loaded().
crypto_secretbox_NONCEBYTES() -> not_loaded().
crypto_secretbox_ZEROBYTES() -> not_loaded().
crypto_secretbox_KEYBYTES() -> not_loaded().
crypto_secretbox_BOXZEROBYTES() -> not_loaded().
crypto_secretbox(_CipherText, _Nonce, _Key) -> not_loaded().
crypto_secretbox_open(_CipherText, _Nonce, _Key) -> not_loaded().
crypto_hash(Input) when is_binary(Input) -> not_loaded().
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment