diff --git a/NAMESPACE b/NAMESPACE index ef7d702..de911e4 100644 --- a/NAMESPACE +++ b/NAMESPACE @@ -15,8 +15,7 @@ export(keygen) export(password_store) export(password_verify) export(pubkey) -export(rand_bytes) -export(rand_num) +export(random) export(salsa20) export(scrypt) export(sha256) diff --git a/R/messaging.R b/R/auth-encrypt.R similarity index 93% rename from R/messaging.R rename to R/auth-encrypt.R index f326ab0..bcbc7a6 100644 --- a/R/messaging.R +++ b/R/auth-encrypt.R @@ -49,7 +49,7 @@ #' @param key your own private key #' @param pubkey other person's public key #' @param nonce non-secret unique data to randomize the cipher -auth_encrypt <- function(msg, key, pubkey, nonce = rand_bytes(24)){ +auth_encrypt <- function(msg, key, pubkey, nonce = random(24)){ stopifnot(is.raw(msg)) stopifnot(is.raw(key)) stopifnot(is.raw(pubkey)) @@ -61,8 +61,8 @@ auth_encrypt <- function(msg, key, pubkey, nonce = rand_bytes(24)){ #' @export #' @rdname messaging #' @useDynLib sodium R_secure_recv -auth_decrypt <- function(bin, key, pubkey, nonce = attr(cipher, "nonce")){ - stopifnot(is.raw(msg)) +auth_decrypt <- function(bin, key, pubkey, nonce = attr(bin, "nonce")){ + stopifnot(is.raw(bin)) stopifnot(is.raw(key)) stopifnot(is.raw(pubkey)) stopifnot(is.raw(nonce)) diff --git a/R/secret.R b/R/data-encrypt.R similarity index 63% rename from R/secret.R rename to R/data-encrypt.R index 3044b61..f6c0376 100644 --- a/R/secret.R +++ b/R/data-encrypt.R @@ -2,15 +2,15 @@ #' #' Secret key encryption with authentication using a 256 bit key. Mostly useful for #' encrypting local data. For secure communication use public-key encryption instead -#' (\link{secure_send}). +#' (\link{auth_encrypt}). #' #' Symmetric encryption uses a secret key to encode and decode a message. This can be #' used to encrypt local data on disk, or as a building block for more complex methods. #' #' Because the same \code{secret} is used for both encryption and decryption, symmetric #' encryption by itself is impractical for communication. For exchanging secure messages -#' with other parties, use assymetric (public-key) methods (see \link{encrypt} or -#' \link{secure_send}). +#' with other parties, use assymetric (public-key) methods (see \link{simple_encrypt} or +#' \link{auth_encrypt}). #' #' The \code{nonce} is not confidential but required for decryption, and should be #' stored or sent along with the ciphertext. The purpose of the \code{nonce} is to @@ -24,51 +24,51 @@ #' @rdname symmetric #' @name symmetric methods #' @useDynLib sodium R_crypto_secret_encrypt -#' @param msg raw vector with message to encrypt or sign -#' @param secret raw vector of length 32 with secret key -#' @param nonce raw vector of length 24 with non-secret random data +#' @param msg message to be encrypted +#' @param key shared secret key used for both encryption and decryption +#' @param bin encrypted ciphertext +#' @param nonce non-secret unique data to randomize the cipher #' @references \url{https://download.libsodium.org/doc/secret-key_cryptography/authenticated_encryption.html} #' @examples # 256-bit key -#' secret <- sha256(charToRaw("This is a secret passphrase")) +#' key <- sha256(charToRaw("This is a secret passphrase")) #' msg <- serialize(iris, NULL) #' #' # Encrypts with random nonce -#' cipher <- data_encrypt(msg, secret) -#' orig <- data_decrypt(cipher, secret) +#' cipher <- data_encrypt(msg, key) +#' orig <- data_decrypt(cipher, key) #' stopifnot(identical(msg, orig)) #' #' # Tag the message with your key (HMAC) -#' tag <- secret_tag(msg, key) -data_encrypt <- function(msg, secret, nonce = rand_bytes(24)){ +#' tag <- data_tag(msg, key) +data_encrypt <- function(msg, key, nonce = random(24)){ stopifnot(is.raw(msg)) - stopifnot(is.raw(secret)) - out <- .Call(R_crypto_secret_encrypt, msg, secret, nonce) + stopifnot(is.raw(key)) + out <- .Call(R_crypto_secret_encrypt, msg, key, nonce) structure(out, nonce = nonce) } #' @export #' @rdname symmetric #' @useDynLib sodium R_crypto_secret_decrypt -#' @param bin raw vector with ciphertext as returned by \code{secret_encrypt} -data_decrypt <- function(bin, secret, nonce = attr(cyphertext, "nonce")){ - stopifnot(is.raw(msg)) - stopifnot(is.raw(secret)) - .Call(R_crypto_secret_decrypt, bin, secret, nonce) +data_decrypt <- function(bin, key, nonce = attr(bin, "nonce")){ + stopifnot(is.raw(bin)) + stopifnot(is.raw(key)) + .Call(R_crypto_secret_decrypt, bin, key, nonce) } #' @export #' @rdname symmetric #' @useDynLib sodium R_crypto_secret_auth -data_tag <- function(msg, secret){ +data_tag <- function(msg, key){ stopifnot(is.raw(msg)) - stopifnot(is.raw(secret)) - .Call(R_crypto_secret_auth, msg, secret) + stopifnot(is.raw(key)) + .Call(R_crypto_secret_auth, msg, key) } #' @useDynLib sodium R_crypto_secret_verify -data_verify <- function(msg, secret, tag){ +data_verify <- function(msg, key, tag){ stopifnot(is.raw(msg)) stopifnot(is.raw(tag)) - stopifnot(is.raw(secret)) - .Call(R_crypto_secret_verify, msg, secret, tag) + stopifnot(is.raw(key)) + .Call(R_crypto_secret_verify, msg, key, tag) } diff --git a/R/diffie.R b/R/diffie.R index 6fc6d42..3cb729a 100644 --- a/R/diffie.R +++ b/R/diffie.R @@ -1,13 +1,13 @@ #' Diffie-Hellman #' -#' The Diffie-Hellman key exchange method allows two parties that have no prior knowledge of each -#' other to jointly establish a shared secret key over an insecure channel. This key can then be -#' used to encrypt subsequent communications using a symmetric key cipher. +#' The Diffie-Hellman key exchange method allows two parties that have no prior knowledge +#' of each other to jointly establish a shared secret key over an insecure channel. This +#' key can then be used to encrypt subsequent communications using a symmetric key cipher. #' -#' Encryption methods as implemented in \link{secret_encrypt} require that parties have a shared -#' shared secret key. But often we wish to establish a secure channel with a party we have no prior -#' relationship with. Diffie-hellman is a method for jointly agreeing on a shared secret without -#' ever exchanging the secret itself. Sodium implements +#' Encryption methods as implemented in \link{data_encrypt} require that parties have a +#' shared secret key. But often we wish to establish a secure channel with a party we have +#' no prior relationship with. Diffie-hellman is a method for jointly agreeing on a shared +#' secret without ever exchanging the secret itself. Sodium implements #' \href{https://en.wikipedia.org/wiki/Curve25519}{Curve25519}, a state-of-the-art Diffie-Hellman #' function suitable for a wide variety of applications. #' @@ -15,12 +15,12 @@ #' key and derive the corresponding public key using \link{pubkey}. These public keys are not #' confidential and can be exchanged over an insecure channel. After the public keys are exchanged, #' both parties will be able to calculate the (same) shared secret by combining his/her own private -#' key with the other person's public key using \link{diffie_secret}. +#' key with the other person's public key using \link{diffie_hellman}. #' -#' After the shared secret has been established, the private and public keys are disposed, and -#' parties can start encrypting communications based on the shared secret using e.g. \link{secret_encrypt}. -#' Because the shared secret cannot be calculated using only the public keys, the process is safe -#' from eavesdroppers. +#' After the shared secret has been established, the private and public keys are disposed, +#' and parties can start encrypting communications based on the shared secret using e.g. +#' \link{data_encrypt}. Because the shared secret cannot be calculated using only the public +#' keys, the process is safe from eavesdroppers. #' #' @export #' @rdname diffie @@ -28,6 +28,9 @@ #' @aliases diffie #' @useDynLib sodium R_diffie_hellman #' @references \url{http://doc.libsodium.org/advanced/scalar_multiplication.html} +#' @param key your private key +#' @param pubkey other person's public key +#' @return Returns a shared secret key which can be used in e.g. \link{data_encrypt}. #' @examples # Bob generates keypair #' bob_key <- keygen() #' bob_pubkey <- pubkey(bob_key) diff --git a/R/hashing.R b/R/hashing.R index 962273f..4d197bd 100644 --- a/R/hashing.R +++ b/R/hashing.R @@ -27,8 +27,8 @@ #' @aliases hashing #' @references \url{https://download.libsodium.org/doc/hashing/generic_hashing.html} #' @useDynLib sodium R_crypto_generichash -#' @param buf raw vector with data to be hashed -#' @param key raw vector with key for HMAC hashing. Optional, except for in \code{shorthash}. +#' @param buf data to be hashed +#' @param key key for HMAC hashing. Optional, except for in \code{shorthash}. #' @export #' @examples # Basic hashing #' msg <- serialize(iris, NULL) @@ -88,7 +88,7 @@ sha512 <- function(buf, key = NULL){ } #' @rdname hash -#' @param size the size of the output hash. Must be between 16 and 64, recommended is 32. +#' @param size length of the output hash. Must be between 16 and 64 (recommended is 32) #' @useDynLib sodium R_sha256 R_auth_sha256 #' @export sha256 <- function(buf, key = NULL){ diff --git a/R/helpers.R b/R/helpers.R index 1ddf5f7..333dd70 100644 --- a/R/helpers.R +++ b/R/helpers.R @@ -44,19 +44,11 @@ hex2bin <- function(hex, ignore = ":"){ #' @export #' @rdname helpers #' @param n number of random bytes or numbers to generate -rand_bytes <- function(n = 1){ +random <- function(n = 1){ stopifnot(is.numeric(n)) .Call(R_randombytes_buf, as.integer(n)) } -#' @rdname helpers -#' @export -rand_num <- function(n = 1){ - # 64 bit double requires 8 bytes. - x <- matrix(as.numeric(rand_bytes(n*8)), ncol = 8) - as.numeric(x %*% 256^-(1:8)) -} - #' @useDynLib sodium R_xor xor <- function(x, y){ stopifnot(is.raw(x)) diff --git a/R/keygen.R b/R/keygen.R index b3e7818..7b8e10e 100644 --- a/R/keygen.R +++ b/R/keygen.R @@ -14,7 +14,7 @@ #' decrypted using the corresponding private key. This allows anyone to send somebody a #' secure message by encrypting it with the receivers public key. The encrypted message #' will only be readable by the owner of the corresponding private key. Basic encryption -#' is implemented in \link{seal_box} and \link{seal_open}. +#' is implemented in \link{simple_encrypt}. #' #' Authentication works the other way around. In public key authentication, the owner of the #' private key creates a 'signature' (an authenticated checksum) for a message in a way that @@ -29,6 +29,8 @@ #' @export #' @rdname keygen #' @name keygen +#' @param key private key for which to calculate the public key +#' @param seed random data to seed the keygen #' @useDynLib sodium R_keygen #' @examples # Create keypair #' key <- keygen() @@ -36,13 +38,10 @@ #' #' # Basic encryption #' msg <- serialize(iris, NULL) -#' ciphertext <- seal_box(msg, pub) -#' out <- seal_open(ciphertext, key) +#' ciphertext <- simple_encrypt(msg, pub) +#' out <- simple_decrypt(ciphertext, key) #' stopifnot(identical(msg, out)) -#' -#' # Basic authentication -#' -keygen <- function(seed = rand_bytes(32)){ +keygen <- function(seed = random(32)){ stopifnot(is.raw(seed)) .Call(R_keygen, seed) } diff --git a/R/signing.R b/R/signatures.R similarity index 83% rename from R/signing.R rename to R/signatures.R index 90737b5..5304e91 100644 --- a/R/signing.R +++ b/R/signatures.R @@ -13,7 +13,7 @@ #' that the binaries were not modified by intermediate parties in the distribution #' process. #' -#' For confidential data, use authenticated encryption (\link{secure_send}) +#' For confidential data, use authenticated encryption (\link{auth_encrypt}) #' which allows for sending signed and encrypted messages in a single method. #' #' Currently sodium uses a different type of key pair (ed25519) for signatures than @@ -24,6 +24,10 @@ #' @aliases sig #' @export #' @useDynLib sodium R_sig_sign +#' @param msg message to sign +#' @param key private key to sign message with +#' @param sig a signature generated by \code{signature_sign} +#' @param pubkey a public key of the keypair used by the signature #' @examples # Generate keypair #' key <- signature_keygen() #' pubkey <- signature_pubkey(key) @@ -51,7 +55,8 @@ signature_verify <- function(msg, sig, pubkey){ #' @export #' @rdname sig #' @useDynLib sodium R_sig_keygen -signature_keygen <- function(seed = rand_bytes(32)){ +#' @param seed random data to seed the keygen +signature_keygen <- function(seed = random(32)){ stopifnot(is.raw(seed)) .Call(R_sig_keygen, seed) } diff --git a/R/sealing.R b/R/simple-encrypt.R similarity index 96% rename from R/sealing.R rename to R/simple-encrypt.R index a735d1a..0d9ecd1 100644 --- a/R/sealing.R +++ b/R/simple-encrypt.R @@ -8,7 +8,7 @@ #' #' While the recipient can verify the integrity of the message, it cannot verify the #' identity of the sender. For sending authenticated encrypted messages, use -#' \link{secure_send} and \link{secure_recv}. +#' \link{auth_encrypt} and \link{auth_decrypt}. #' #' @export #' @rdname simple diff --git a/R/stream.R b/R/stream.R index f2962dd..c5b7589 100644 --- a/R/stream.R +++ b/R/stream.R @@ -3,8 +3,8 @@ #' Generate deterministic streams of random data based off a secret key and random nonce. #' #' You usually don't need to call these methods directly. For local encryption -#' use the high-level functions \link{secret_encrypt} and \link{secret_decrypt}. -#' For secure communication use \link{secure_send} and \link{secure_recv}. +#' use \link{data_encrypt}. For secure communication use \link{simple_encrypt} or +#' \link{auth_encrypt}. #' #' Random streams form the basis for most cryptographic methods. Based a shared secret #' (the key) we generate a predictable random data stream of equal length as the message @@ -25,9 +25,9 @@ #' @rdname stream #' @aliases stream #' @name streaming -#' @param n integer, how many random bytes to generate +#' @param n integer how many bytes to generate #' @param key raw vector of size 32 with secret data -#' @param nonce non-confidental random data to make the stream unique +#' @param nonce non-secret unique data to randomize the cipher #' @examples # Very basic encryption #' myfile <- file.path(R.home(), "COPYING") #' message <- readBin(myfile, raw(), file.info(myfile)$size) @@ -35,7 +35,7 @@ #' #' # Encrypt: #' key <- hash(passwd) -#' nonce8 <- rand_bytes(8) +#' nonce8 <- random(8) #' stream <- chacha20(length(message), key, nonce8) #' ciphertext <- base::xor(stream, message) #' @@ -46,10 +46,10 @@ #' #' # Other stream ciphers #' stream <- salsa20(10000, key, nonce8) -#' stream <- xsalsa20(10000, key, rand_bytes(24)) +#' stream <- xsalsa20(10000, key, random(24)) #' #' shortkey <- hash(passwd, size = 16) -#' stream <- aes128(10000, shortkey, rand_bytes(16)) +#' stream <- aes128(10000, shortkey, random(16)) chacha20 <- function(n, key, nonce){ stopifnot(is.numeric(n)) stopifnot(is.raw(key)) diff --git a/man/diffie.Rd b/man/diffie.Rd index efc4034..8c420e2 100644 --- a/man/diffie.Rd +++ b/man/diffie.Rd @@ -8,16 +8,24 @@ \usage{ diffie_hellman(key, pubkey) } +\arguments{ +\item{key}{your private key} + +\item{pubkey}{other person's public key} +} +\value{ +Returns a shared secret key which can be used in e.g. \link{data_encrypt}. +} \description{ -The Diffie-Hellman key exchange method allows two parties that have no prior knowledge of each -other to jointly establish a shared secret key over an insecure channel. This key can then be -used to encrypt subsequent communications using a symmetric key cipher. +The Diffie-Hellman key exchange method allows two parties that have no prior knowledge +of each other to jointly establish a shared secret key over an insecure channel. This +key can then be used to encrypt subsequent communications using a symmetric key cipher. } \details{ -Encryption methods as implemented in \link{secret_encrypt} require that parties have a shared -shared secret key. But often we wish to establish a secure channel with a party we have no prior -relationship with. Diffie-hellman is a method for jointly agreeing on a shared secret without -ever exchanging the secret itself. Sodium implements +Encryption methods as implemented in \link{data_encrypt} require that parties have a +shared secret key. But often we wish to establish a secure channel with a party we have +no prior relationship with. Diffie-hellman is a method for jointly agreeing on a shared +secret without ever exchanging the secret itself. Sodium implements \href{https://en.wikipedia.org/wiki/Curve25519}{Curve25519}, a state-of-the-art Diffie-Hellman function suitable for a wide variety of applications. @@ -25,12 +33,12 @@ The method conists of two steps (see examples). First, both parties generate a r key and derive the corresponding public key using \link{pubkey}. These public keys are not confidential and can be exchanged over an insecure channel. After the public keys are exchanged, both parties will be able to calculate the (same) shared secret by combining his/her own private -key with the other person's public key using \link{diffie_secret}. +key with the other person's public key using \link{diffie_hellman}. -After the shared secret has been established, the private and public keys are disposed, and -parties can start encrypting communications based on the shared secret using e.g. \link{secret_encrypt}. -Because the shared secret cannot be calculated using only the public keys, the process is safe -from eavesdroppers. +After the shared secret has been established, the private and public keys are disposed, +and parties can start encrypting communications based on the shared secret using e.g. +\link{data_encrypt}. Because the shared secret cannot be calculated using only the public +keys, the process is safe from eavesdroppers. } \examples{ # Bob generates keypair diff --git a/man/hash.Rd b/man/hash.Rd index 3675b5f..7f63870 100644 --- a/man/hash.Rd +++ b/man/hash.Rd @@ -20,11 +20,11 @@ sha512(buf, key = NULL) sha256(buf, key = NULL) } \arguments{ -\item{buf}{raw vector with data to be hashed} +\item{buf}{data to be hashed} -\item{key}{raw vector with key for HMAC hashing. Optional, except for in \code{shorthash}.} +\item{key}{key for HMAC hashing. Optional, except for in \code{shorthash}.} -\item{size}{the size of the output hash. Must be between 16 and 64, recommended is 32.} +\item{size}{length of the output hash. Must be between 16 and 64 (recommended is 32)} \item{salt}{non-confidential random data to seed the algorithm} } diff --git a/man/helpers.Rd b/man/helpers.Rd index 4a5c83d..37820b9 100644 --- a/man/helpers.Rd +++ b/man/helpers.Rd @@ -4,17 +4,14 @@ \alias{bin2hex} \alias{helpers} \alias{hex2bin} -\alias{rand_bytes} -\alias{rand_num} +\alias{random} \title{Sodium helper functions} \usage{ bin2hex(bin) hex2bin(hex, ignore = ":") -rand_bytes(n = 1) - -rand_num(n = 1) +random(n = 1) } \arguments{ \item{bin}{raw vector with binary data to convert to hex string} diff --git a/man/keygen.Rd b/man/keygen.Rd index 0ac4401..d575e0a 100644 --- a/man/keygen.Rd +++ b/man/keygen.Rd @@ -5,10 +5,15 @@ \alias{pubkey} \title{Keypair Generation} \usage{ -keygen(seed = rand_bytes(32)) +keygen(seed = random(32)) pubkey(key) } +\arguments{ +\item{seed}{random data to seed the keygen} + +\item{key}{private key for which to calculate the public key} +} \description{ Functions to generate a random private key and calculate the corresponding public key. @@ -25,7 +30,7 @@ In public key encryption, data that is encrypted using a public key can only be decrypted using the corresponding private key. This allows anyone to send somebody a secure message by encrypting it with the receivers public key. The encrypted message will only be readable by the owner of the corresponding private key. Basic encryption -is implemented in \link{seal_box} and \link{seal_open}. +is implemented in \link{simple_encrypt}. Authentication works the other way around. In public key authentication, the owner of the private key creates a 'signature' (an authenticated checksum) for a message in a way that @@ -44,10 +49,8 @@ pub <- pubkey(key) # Basic encryption msg <- serialize(iris, NULL) -ciphertext <- seal_box(msg, pub) -out <- seal_open(ciphertext, key) +ciphertext <- simple_encrypt(msg, pub) +out <- simple_decrypt(ciphertext, key) stopifnot(identical(msg, out)) - -# Basic authentication } diff --git a/man/messaging.Rd b/man/messaging.Rd index 39c9015..07211c2 100644 --- a/man/messaging.Rd +++ b/man/messaging.Rd @@ -1,14 +1,14 @@ % Generated by roxygen2 (4.1.1): do not edit by hand -% Please edit documentation in R/messaging.R +% Please edit documentation in R/auth-encrypt.R \name{messaging} \alias{auth_decrypt} \alias{auth_encrypt} \alias{messaging} \title{Authenticated Encryption} \usage{ -auth_encrypt(msg, key, pubkey, nonce = rand_bytes(24)) +auth_encrypt(msg, key, pubkey, nonce = random(24)) -auth_decrypt(bin, key, pubkey, nonce = attr(cipher, "nonce")) +auth_decrypt(bin, key, pubkey, nonce = attr(bin, "nonce")) } \arguments{ \item{msg}{message to be encrypted} diff --git a/man/sig.Rd b/man/sig.Rd index da76fe5..ef43f16 100644 --- a/man/sig.Rd +++ b/man/sig.Rd @@ -1,5 +1,5 @@ % Generated by roxygen2 (4.1.1): do not edit by hand -% Please edit documentation in R/signing.R +% Please edit documentation in R/signatures.R \name{signing} \alias{sig} \alias{signature_keygen} @@ -13,10 +13,21 @@ signature_sign(msg, key) signature_verify(msg, sig, pubkey) -signature_keygen(seed = rand_bytes(32)) +signature_keygen(seed = random(32)) signature_pubkey(key) } +\arguments{ +\item{msg}{message to sign} + +\item{key}{private key to sign message with} + +\item{sig}{a signature generated by \code{signature_sign}} + +\item{pubkey}{a public key of the keypair used by the signature} + +\item{seed}{random data to seed the keygen} +} \description{ Cryptographic signatures can be used to verify the integrity of a message using the author's public key. @@ -32,7 +43,7 @@ a signature of the package index. This allows client package managers to verify that the binaries were not modified by intermediate parties in the distribution process. -For confidential data, use authenticated encryption (\link{secure_send}) +For confidential data, use authenticated encryption (\link{auth_encrypt}) which allows for sending signed and encrypted messages in a single method. Currently sodium uses a different type of key pair (ed25519) for signatures than diff --git a/man/simple.Rd b/man/simple.Rd index 9eb08af..c103133 100644 --- a/man/simple.Rd +++ b/man/simple.Rd @@ -1,5 +1,5 @@ % Generated by roxygen2 (4.1.1): do not edit by hand -% Please edit documentation in R/sealing.R +% Please edit documentation in R/simple-encrypt.R \name{simple encryption} \alias{simple encryption} \alias{simple_decrypt} @@ -29,7 +29,7 @@ using its private key. While the recipient can verify the integrity of the message, it cannot verify the identity of the sender. For sending authenticated encrypted messages, use -\link{secure_send} and \link{secure_recv}. +\link{auth_encrypt} and \link{auth_decrypt}. } \examples{ # Generate keypair diff --git a/man/stream.Rd b/man/stream.Rd index df1ed8d..5d0dd84 100644 --- a/man/stream.Rd +++ b/man/stream.Rd @@ -18,19 +18,19 @@ xsalsa20(n, key, nonce) aes128(n, key, nonce) } \arguments{ -\item{n}{integer, how many random bytes to generate} +\item{n}{integer how many bytes to generate} \item{key}{raw vector of size 32 with secret data} -\item{nonce}{non-confidental random data to make the stream unique} +\item{nonce}{non-secret unique data to randomize the cipher} } \description{ Generate deterministic streams of random data based off a secret key and random nonce. } \details{ You usually don't need to call these methods directly. For local encryption -use the high-level functions \link{secret_encrypt} and \link{secret_decrypt}. -For secure communication use \link{secure_send} and \link{secure_recv}. +use \link{data_encrypt}. For secure communication use \link{simple_encrypt} or +\link{auth_encrypt}. Random streams form the basis for most cryptographic methods. Based a shared secret (the key) we generate a predictable random data stream of equal length as the message @@ -54,7 +54,7 @@ passwd <- charToRaw("My secret passphrase") # Encrypt: key <- hash(passwd) -nonce8 <- rand_bytes(8) +nonce8 <- random(8) stream <- chacha20(length(message), key, nonce8) ciphertext <- base::xor(stream, message) @@ -65,9 +65,9 @@ stopifnot(identical(out, message)) # Other stream ciphers stream <- salsa20(10000, key, nonce8) -stream <- xsalsa20(10000, key, rand_bytes(24)) +stream <- xsalsa20(10000, key, random(24)) shortkey <- hash(passwd, size = 16) -stream <- aes128(10000, shortkey, rand_bytes(16)) +stream <- aes128(10000, shortkey, random(16)) } diff --git a/man/symmetric.Rd b/man/symmetric.Rd index b1d224f..1e8070c 100644 --- a/man/symmetric.Rd +++ b/man/symmetric.Rd @@ -1,5 +1,5 @@ % Generated by roxygen2 (4.1.1): do not edit by hand -% Please edit documentation in R/secret.R +% Please edit documentation in R/data-encrypt.R \name{symmetric methods} \alias{data_decrypt} \alias{data_encrypt} @@ -7,25 +7,25 @@ \alias{symmetric methods} \title{Symmetric Authenticated Encryption} \usage{ -data_encrypt(msg, secret, nonce = rand_bytes(24)) +data_encrypt(msg, key, nonce = random(24)) -data_decrypt(bin, secret, nonce = attr(cyphertext, "nonce")) +data_decrypt(bin, key, nonce = attr(bin, "nonce")) -data_tag(msg, secret) +data_tag(msg, key) } \arguments{ -\item{msg}{raw vector with message to encrypt or sign} +\item{msg}{message to be encrypted} -\item{secret}{raw vector of length 32 with secret key} +\item{key}{shared secret key used for both encryption and decryption} -\item{nonce}{raw vector of length 24 with non-secret random data} +\item{nonce}{non-secret unique data to randomize the cipher} -\item{bin}{raw vector with ciphertext as returned by \code{secret_encrypt}} +\item{bin}{encrypted ciphertext} } \description{ Secret key encryption with authentication using a 256 bit key. Mostly useful for encrypting local data. For secure communication use public-key encryption instead -(\link{secure_send}). +(\link{auth_encrypt}). } \details{ Symmetric encryption uses a secret key to encode and decode a message. This can be @@ -33,8 +33,8 @@ used to encrypt local data on disk, or as a building block for more complex meth Because the same \code{secret} is used for both encryption and decryption, symmetric encryption by itself is impractical for communication. For exchanging secure messages -with other parties, use assymetric (public-key) methods (see \link{encrypt} or -\link{secure_send}). +with other parties, use assymetric (public-key) methods (see \link{simple_encrypt} or +\link{auth_encrypt}). The \code{nonce} is not confidential but required for decryption, and should be stored or sent along with the ciphertext. The purpose of the \code{nonce} is to @@ -46,16 +46,16 @@ verify the integrity of piece of data from an earlier generated tag. } \examples{ # 256-bit key -secret <- sha256(charToRaw("This is a secret passphrase")) +key <- sha256(charToRaw("This is a secret passphrase")) msg <- serialize(iris, NULL) # Encrypts with random nonce -cipher <- data_encrypt(msg, secret) -orig <- data_decrypt(cipher, secret) +cipher <- data_encrypt(msg, key) +orig <- data_decrypt(cipher, key) stopifnot(identical(msg, orig)) # Tag the message with your key (HMAC) -tag <- secret_tag(msg, key) +tag <- data_tag(msg, key) } \references{ \url{https://download.libsodium.org/doc/secret-key_cryptography/authenticated_encryption.html} diff --git a/src/Makevars.win b/src/Makevars.win index 82c29df..36361fe 100644 --- a/src/Makevars.win +++ b/src/Makevars.win @@ -1,2 +1,7 @@ PKG_CPPFLAGS= -I../windows/sodium-1.0.3/include PKG_LIBS= -L../windows/sodium-1.0.3/lib${R_ARCH} -lsodium + +all: winlibs + +winlibs: + "${R_HOME}/bin${R_ARCH_BIN}/Rscript.exe" "../tools/winlibs.R" diff --git a/tools/winlibs.R b/tools/winlibs.R new file mode 100644 index 0000000..457fe1a --- /dev/null +++ b/tools/winlibs.R @@ -0,0 +1,8 @@ +# Build against mingw-w64 build of libsodium 1.0.3 +if(!file.exists("../windows/sodium-1.0.3/include/sodium.h")){ + if(getRversion() < "3.3.0") setInternet2() + download.file("https://github.com/rwinlib/sodium/archive/v1.0.3.zip", "lib.zip", quiet = TRUE) + dir.create("../windows", showWarnings = FALSE) + unzip("lib.zip", exdir = "../windows") + unlink("lib.zip") +}