Skip to content
Permalink
Browse files

Overhaul the key exchange API

  • Loading branch information
jedisct1 committed Nov 23, 2019
1 parent 850c6bd commit cf8b2bcb0cd63a8feea67771229ed2bd3b6e4090
Showing with 344 additions and 301 deletions.
  1. +35 −27 hydrogen.h
  2. +23 −23 impl/common.h
  3. +1 −2 impl/core.h
  4. +2 −2 impl/gimli-core.h
  5. +10 −10 impl/hydrogen_p.h
  6. +239 −204 impl/kx.h
  7. +14 −14 impl/random.h
  8. +4 −4 impl/secretbox.h
  9. +15 −14 impl/x25519.h
  10. +1 −1 tests/tests.c
@@ -6,30 +6,30 @@
#include <stdlib.h>

#ifdef __cplusplus
# ifdef __GNUC__
# pragma GCC diagnostic ignored "-Wlong-long"
# endif
#ifdef __GNUC__
#pragma GCC diagnostic ignored "-Wlong-long"
#endif
extern "C" {
#endif

#if defined(__clang__) || defined(__GNUC__)
# define _hydro_attr_(X) __attribute__(X)
#define _hydro_attr_(X) __attribute__(X)
#else
# define _hydro_attr_(X)
#define _hydro_attr_(X)
#endif
#define _hydro_attr_deprecated_ _hydro_attr_((deprecated))
#define _hydro_attr_malloc_ _hydro_attr_((malloc))
#define _hydro_attr_noinline_ _hydro_attr_((noinline))
#define _hydro_attr_noreturn_ _hydro_attr_((noreturn))
#define _hydro_attr_deprecated_ _hydro_attr_((deprecated))
#define _hydro_attr_malloc_ _hydro_attr_((malloc))
#define _hydro_attr_noinline_ _hydro_attr_((noinline))
#define _hydro_attr_noreturn_ _hydro_attr_((noreturn))
#define _hydro_attr_warn_unused_result_ _hydro_attr_((warn_unused_result))
#define _hydro_attr_weak_ _hydro_attr_((weak))
#define _hydro_attr_weak_ _hydro_attr_((weak))

#if defined(__INTEL_COMPILER) || defined(_MSC_VER)
# define _hydro_attr_aligned_(X) __declspec(align(X))
#define _hydro_attr_aligned_(X) __declspec(align(X))
#elif defined(__clang__) || defined(__GNUC__)
# define _hydro_attr_aligned_(X) _hydro_attr_((aligned(X)))
#define _hydro_attr_aligned_(X) _hydro_attr_((aligned(X)))
#else
# define _hydro_attr_aligned_(X)
#define _hydro_attr_aligned_(X)
#endif

#define HYDRO_VERSION_MAJOR 1
@@ -180,11 +180,19 @@ typedef struct hydro_kx_session_keypair {
uint8_t tx[hydro_kx_SESSIONKEYBYTES];
} hydro_kx_session_keypair;

typedef struct hydro_kx_state {
typedef struct hydro_kx_cipher_state {
uint8_t k[hydro_secretbox_KEYBYTES];
uint64_t msg_id;
} hydro_kx_cipher_state;

typedef struct hydro_kx_handshake_state {
hydro_kx_keypair kp;
hydro_kx_keypair eph_kp;
uint8_t h[32];
uint8_t ck[32];
uint8_t k[32];
} hydro_kx_handshake_state;

typedef struct hydro_kx_state {
hydro_kx_handshake_state hs;
hydro_hash_state h_st;
} hydro_kx_state;

void hydro_kx_keygen(hydro_kx_keypair *static_kp);
@@ -194,7 +202,7 @@ void hydro_kx_keygen_deterministic(hydro_kx_keypair *static_kp,

/* NOISE_N */

#define hydro_kx_N_PACKET1BYTES 32
#define hydro_kx_N_PACKET1BYTES (32 + 16)

int hydro_kx_n_1(hydro_kx_session_keypair *kp, uint8_t packet1[hydro_kx_N_PACKET1BYTES],
const uint8_t psk[hydro_kx_PSKBYTES],
@@ -205,8 +213,8 @@ int hydro_kx_n_2(hydro_kx_session_keypair *kp, const uint8_t packet1[hydro_kx_N_

/* NOISE_KK */

#define hydro_kx_KK_PACKET1BYTES 32
#define hydro_kx_KK_PACKET2BYTES 32
#define hydro_kx_KK_PACKET1BYTES (32 + 16)
#define hydro_kx_KK_PACKET2BYTES (32 + 16)

int hydro_kx_kk_1(hydro_kx_state *state, uint8_t packet1[hydro_kx_KK_PACKET1BYTES],
const uint8_t peer_static_pk[hydro_kx_PUBLICKEYBYTES],
@@ -218,14 +226,14 @@ int hydro_kx_kk_2(hydro_kx_session_keypair *kp, uint8_t packet2[hydro_kx_KK_PACK
const hydro_kx_keypair *static_kp);

int hydro_kx_kk_3(hydro_kx_state *state, hydro_kx_session_keypair *kp,
const uint8_t packet2[hydro_kx_KK_PACKET2BYTES],
const uint8_t packet2[hydro_kx_KK_PACKET2BYTES],
const hydro_kx_keypair *static_kp);

/* NOISE_XX */

#define hydro_kx_XX_PACKET1BYTES 32
#define hydro_kx_XX_PACKET2BYTES 80
#define hydro_kx_XX_PACKET3BYTES 48
#define hydro_kx_XX_PACKET1BYTES (32 + 16)
#define hydro_kx_XX_PACKET2BYTES (32 + 32 + 16 + 16)
#define hydro_kx_XX_PACKET3BYTES (32 + 16 + 16)

int hydro_kx_xx_1(hydro_kx_state *state, uint8_t packet1[hydro_kx_XX_PACKET1BYTES],
const uint8_t psk[hydro_kx_PSKBYTES]);
@@ -305,9 +313,9 @@ int hydro_unpad(const unsigned char *buf, size_t padded_buflen, size_t blocksize
#define HYDRO_HWTYPE_ATMEGA328 1

#ifndef HYDRO_HWTYPE
# ifdef __AVR__
# define HYDRO_HWTYPE HYDRO_HWTYPE_ATMEGA328
# endif
#ifdef __AVR__
#define HYDRO_HWTYPE HYDRO_HWTYPE_ATMEGA328
#endif
#endif

#ifdef __cplusplus
@@ -6,42 +6,42 @@
#include <string.h>

#if !defined(__unix__) && (defined(__APPLE__) || defined(__linux__))
# define __unix__ 1
#define __unix__ 1
#endif
#ifndef __GNUC__
# define __restrict__
#define __restrict__
#endif

#if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__) && \
__BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
# define NATIVE_BIG_ENDIAN
#define NATIVE_BIG_ENDIAN
#endif
#ifndef NATIVE_BIG_ENDIAN
# ifndef NATIVE_LITTLE_ENDIAN
# define NATIVE_LITTLE_ENDIAN
# endif
#ifndef NATIVE_LITTLE_ENDIAN
#define NATIVE_LITTLE_ENDIAN
#endif
#endif

#ifndef TLS
# if defined(_WIN32) && !defined(__GNUC__)
# define TLS __declspec(thread)
# elif (defined(__clang__) || defined(__GNUC__)) && defined(__unix__)
# define TLS __thread
# else
# define TLS
# endif
#if defined(_WIN32) && !defined(__GNUC__)
#define TLS __declspec(thread)
#elif (defined(__clang__) || defined(__GNUC__)) && defined(__unix__)
#define TLS __thread
#else
#define TLS
#endif
#endif

#ifndef SIZE_MAX
# define SIZE_MAX ((size_t) -1)
#define SIZE_MAX ((size_t) -1)
#endif

#ifdef __OpenBSD__
# define HAVE_EXPLICIT_BZERO 1
#define HAVE_EXPLICIT_BZERO 1
#elif defined(__GLIBC__) && defined(__GLIBC_PREREQ) && defined(_GNU_SOURCE)
# if __GLIBC_PREREQ(2, 25)
# define HAVE_EXPLICIT_BZERO 1
# endif
#if __GLIBC_PREREQ(2, 25)
#define HAVE_EXPLICIT_BZERO 1
#endif
#endif

#define COMPILER_ASSERT(X) (void) sizeof(char[(X) ? 1 : -1])
@@ -93,7 +93,7 @@ store64_le(uint8_t dst[8], uint64_t w)
w >>= 8;
dst[6] = (uint8_t) w;
w >>= 8;
dst[7] = (uint8_t) w;
dst[7] = (uint8_t) w;
#endif
}

@@ -127,7 +127,7 @@ store32_le(uint8_t dst[4], uint32_t w)
w >>= 8;
dst[2] = (uint8_t) w;
w >>= 8;
dst[3] = (uint8_t) w;
dst[3] = (uint8_t) w;
#endif
}

@@ -155,7 +155,7 @@ store16_le(uint8_t dst[2], uint16_t w)
#else
dst[0] = (uint8_t) w;
w >>= 8;
dst[1] = (uint8_t) w;
dst[1] = (uint8_t) w;
#endif
}

@@ -203,7 +203,7 @@ store64_be(uint8_t dst[8], uint64_t w)
w >>= 8;
dst[1] = (uint8_t) w;
w >>= 8;
dst[0] = (uint8_t) w;
dst[0] = (uint8_t) w;
#endif
}

@@ -237,7 +237,7 @@ store32_be(uint8_t dst[4], uint32_t w)
w >>= 8;
dst[1] = (uint8_t) w;
w >>= 8;
dst[0] = (uint8_t) w;
dst[0] = (uint8_t) w;
#endif
}

@@ -186,8 +186,7 @@ hydro_pad(unsigned char *buf, size_t unpadded_buflen, size_t blocksize, size_t m
tail = &buf[xpadded_len];
mask = 0U;
for (i = 0; i < blocksize; i++) {
barrier_mask = (unsigned char)
(((i ^ xpadlen) - 1U) >> ((sizeof(size_t) - 1U) * CHAR_BIT));
barrier_mask = (unsigned char) (((i ^ xpadlen) - 1U) >> ((sizeof(size_t) - 1U) * CHAR_BIT));
tail[-i] = (tail[-i] & mask) | (0x80 & barrier_mask);
mask |= barrier_mask;
}
@@ -1,7 +1,7 @@
#ifdef __SSE2__
# include "gimli-core/sse2.h"
#include "gimli-core/sse2.h"
#else
# include "gimli-core/portable.h"
#include "gimli-core/portable.h"
#endif

static void
@@ -3,18 +3,18 @@ static int hydro_random_init(void);
/* ---------------- */

#define gimli_BLOCKBYTES 48
#define gimli_CAPACITY 32
#define gimli_RATE 16
#define gimli_CAPACITY 32
#define gimli_RATE 16

#define gimli_TAG_HEADER 0x01
#define gimli_TAG_HEADER 0x01
#define gimli_TAG_PAYLOAD 0x02
#define gimli_TAG_FINAL 0x08
#define gimli_TAG_FINAL0 0xf8
#define gimli_TAG_KEY0 0xfe
#define gimli_TAG_KEY 0xff
#define gimli_TAG_FINAL 0x08
#define gimli_TAG_FINAL0 0xf8
#define gimli_TAG_KEY0 0xfe
#define gimli_TAG_KEY 0xff

#define gimli_DOMAIN_AEAD 0x0
#define gimli_DOMAIN_XOF 0xf
#define gimli_DOMAIN_XOF 0xf

static void gimli_core_u8(uint8_t state_u8[gimli_BLOCKBYTES], uint8_t tag);

@@ -70,8 +70,8 @@ static int hydro_hash_init_with_tweak(hydro_hash_state *state,
#define hydro_x25519_SECRETKEYBYTES 32

static int hydro_x25519_scalarmult(uint8_t out[hydro_x25519_BYTES],
const uint8_t scalar[hydro_x25519_BYTES],
const uint8_t x1[hydro_x25519_BYTES],
const uint8_t scalar[hydro_x25519_SECRETKEYBYTES],
const uint8_t x1[hydro_x25519_PUBLICKEYBYTES],
bool clamp) _hydro_attr_warn_unused_result_;

static inline int hydro_x25519_scalarmult_base(uint8_t pk[hydro_x25519_PUBLICKEYBYTES],

0 comments on commit cf8b2bc

Please sign in to comment.
You can’t perform that action at this time.