changeset 24:dfac56805c77

Fixed support for shared NaCl library, explicitly refer to cryptographic primitives
author Ivo Smits <Ivo@UCIS.nl>
date Mon, 28 Feb 2011 19:28:18 +0100
parents bd4259de8459
children 24e09485a8a3
files build.sh debian/build.sh src/keypair.c src/proto.nacl0.c src/proto.nacltai.c
diffstat 5 files changed, 74 insertions(+), 73 deletions(-) [+]
line wrap: on
line diff
--- a/build.sh	Mon Feb 28 16:32:48 2011 +0100
+++ b/build.sh	Mon Feb 28 19:28:18 2011 +0100
@@ -25,7 +25,7 @@
 if [ -z "${NACL_SHARED}" ]; then
 	mkdir -p lib include
 	echo Checking for NaCl library...
-	if [ -e lib/libnacl.a -a -e include/crypto_box.h -a -e include/crypto_box_curve25519xsalsa20poly1305.h -a -e include/crypto_scalarmult_curve25519.h ]; then
+	if [ -e lib/libnacl.a -a -e include/crypto_box_curve25519xsalsa20poly1305.h -a -e include/crypto_scalarmult_curve25519.h ]; then
 		echo Found.
 	else
 		echo Not found, building...
@@ -35,7 +35,6 @@
 		./do
 		cd ../../
 		cp tmp/nacl/build/*/lib/*/libnacl.a lib/
-		cp tmp/nacl/build/*/include/*/crypto_box.h include/
 		cp tmp/nacl/build/*/include/*/crypto_box_curve25519xsalsa20poly1305.h include/
 		cp tmp/nacl/build/*/include/*/crypto_scalarmult_curve25519.h include/
 		echo Done.
@@ -44,6 +43,7 @@
 	export LIBRARY_PATH="/usr/local/lib/:./lib/:${LIBRARY_PATH}"
 else
 	echo Using shared NaCl library.
+	export CPATH="/usr/include/nacl/:${CPATH}"
 fi
 
 echo Building combined binary...
--- a/debian/build.sh	Mon Feb 28 16:32:48 2011 +0100
+++ b/debian/build.sh	Mon Feb 28 19:28:18 2011 +0100
@@ -6,6 +6,9 @@
 mkdir -p data/usr data/usr/sbin data/DEBIAN
 sed "s/%ARCHITECTURE%/${ARCH}/" -i data/DEBIAN/control
 sed "s/%VERSION%/${VERSION}/" -i data/DEBIAN/control
+if [ -n "${NACL_SHARED}" ]; then
+	sed "s/\\(Depends: .*\\)/\\1, libnacl | libnacl-ref | libnacl-build/" -i data/DEBIAN/control
+fi
 cp ../out/quicktun.raw data/usr/sbin/
 cp ../out/quicktun.nacl0 data/usr/sbin/
 cp ../out/quicktun.nacltai data/usr/sbin/
--- a/src/keypair.c	Mon Feb 28 16:32:48 2011 +0100
+++ b/src/keypair.c	Mon Feb 28 19:28:18 2011 +0100
@@ -24,39 +24,37 @@
    or implied, of Ivo Smits.*/
 
 #include "common.c"
-#include "crypto_box.h"
+#include "crypto_box_curve25519xsalsa20poly1305.h"
+#include "crypto_scalarmult_curve25519.h"
 #include <time.h>
 #include <fcntl.h>
 
 int main() {
 	print_header();
 
-	unsigned char cpublickey[crypto_box_PUBLICKEYBYTES];
-	unsigned char csecretkey[crypto_box_SECRETKEYBYTES];
+	unsigned char cpublickey[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES];
+	unsigned char csecretkey[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES];
 	int i;
 
 	fprintf(stderr, "Please feed 32 bytes of random data to stdin.\n");
-	fprintf(stderr, "Example (slow but secure): ./quicktun.keypair < /dev/random\n");
-	fprintf(stderr, "Example (fast but insecure): ./quicktun.keypair < /dev/urandom\n");
+	fprintf(stderr, "Example (slow but secure): quicktun.keypair < /dev/random\n");
+	fprintf(stderr, "Example (fast but insecure): quicktun.keypair < /dev/urandom\n");
 
-	crypto_box_keypair(cpublickey, csecretkey);
+	int len = fread(csecretkey, 1, crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES, stdin);
+	if (len < crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES) return errorexitp("Error or end of file on STDIN");
+/*	char* b;
+	srand(time(NULL));
+	for (b = csecretkey; b < csecretkey + crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES; b++) *b = rand() % 255;*/
+
+	crypto_scalarmult_curve25519_base(cpublickey, csecretkey);
 
 	printf("SECRET: ");
-	for (i = 0; i < crypto_box_SECRETKEYBYTES; i++) printf("%02x", csecretkey[i]);
+	for (i = 0; i < crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES; i++) printf("%02x", csecretkey[i]);
 	printf("\n");
 
 	printf("PUBLIC: ");
-	for (i = 0; i < crypto_box_PUBLICKEYBYTES; i++) printf("%02x", cpublickey[i]);
+	for (i = 0; i < crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES; i++) printf("%02x", cpublickey[i]);
 	printf("\n");
 
 	return 0;
 }
-
-int randombytes(char* bytes) {
-	int len = fread(bytes, 1, crypto_box_SECRETKEYBYTES, stdin);
-	if (len < crypto_box_SECRETKEYBYTES) return errorexitp("Error or end of file on STDIN");
-/*	char* b;
-	srand(time(NULL));
-	for (b = bytes; b < bytes + crypto_box_SECRETKEYBYTES; b++) *b = rand() % 255;*/
-	return 0;
-}
--- a/src/proto.nacl0.c	Mon Feb 28 16:32:48 2011 +0100
+++ b/src/proto.nacl0.c	Mon Feb 28 19:28:18 2011 +0100
@@ -24,35 +24,35 @@
    or implied, of Ivo Smits.*/
 
 #include "common.c"
-#include "crypto_box.h"
+#include "crypto_box_curve25519xsalsa20poly1305.h"
 
 struct qt_proto_data_nacl0 {
-	unsigned char cnonce[crypto_box_NONCEBYTES], cbefore[crypto_box_BEFORENMBYTES];
+	unsigned char cnonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES], cbefore[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
 };
 
-/*static unsigned char cnonce[crypto_box_NONCEBYTES], cbefore[crypto_box_BEFORENMBYTES];
-static unsigned char buffer1[MAX_PACKET_LEN+crypto_box_ZEROBYTES], buffer2[MAX_PACKET_LEN+crypto_box_ZEROBYTES];
-static const unsigned char* buffer1offset = buffer1 + crypto_box_ZEROBYTES;
-static const unsigned char* buffer2offset = buffer2 + crypto_box_BOXZEROBYTES;
-static const int overhead                 = crypto_box_BOXZEROBYTES;*/
+/*static unsigned char cnonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES], cbefore[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
+static unsigned char buffer1[MAX_PACKET_LEN+crypto_box_curve25519xsalsa20poly1305_ZEROBYTES], buffer2[MAX_PACKET_LEN+crypto_box_curve25519xsalsa20poly1305_ZEROBYTES];
+static const unsigned char* buffer1offset = buffer1 + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES;
+static const unsigned char* buffer2offset = buffer2 + crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES;
+static const int overhead                 = crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES;*/
 
 static int encode(struct qtsession* sess, char* raw, char* enc, int len) {
 	struct qt_proto_data_nacl0* d = (struct qt_proto_data_nacl0*)sess->protocol_data;
-	memset(raw, 0, crypto_box_ZEROBYTES);
-	if (crypto_box_afternm(enc, raw, len+crypto_box_ZEROBYTES, d->cnonce, d->cbefore)) return errorexit("Crypto failed");
-	return len + crypto_box_BOXZEROBYTES;
+	memset(raw, 0, crypto_box_curve25519xsalsa20poly1305_ZEROBYTES);
+	if (crypto_box_curve25519xsalsa20poly1305_afternm(enc, raw, len+crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cnonce, d->cbefore)) return errorexit("Crypto failed");
+	return len + crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES;
 }
 
 static int decode(struct qtsession* sess, char* enc, char* raw, int len) {
 	struct qt_proto_data_nacl0* d = (struct qt_proto_data_nacl0*)sess->protocol_data;
 	int i;
-	if (len < crypto_box_BOXZEROBYTES) {
+	if (len < crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES) {
 		fprintf(stderr, "Short packet received: %d\n", len);
 		return 0;
 	}
-	len -= crypto_box_BOXZEROBYTES;
-	memset(enc, 0, crypto_box_BOXZEROBYTES);
-	if (i = crypto_box_open_afternm(raw, enc, len+crypto_box_ZEROBYTES, d->cnonce, d->cbefore)) {
+	len -= crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES;
+	memset(enc, 0, crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES);
+	if (i = crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc, len+crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cnonce, d->cbefore)) {
 		fprintf(stderr, "Decryption failed len=%d result=%d\n", len, i);
 		return 0;
 	}
@@ -63,15 +63,15 @@
 	char* envval;
 	struct qt_proto_data_nacl0* d = (struct qt_proto_data_nacl0*)sess->protocol_data;
 	printf("Initializing cryptography...\n");
-	memset(d->cnonce, 0, crypto_box_NONCEBYTES);
-	unsigned char cpublickey[crypto_box_PUBLICKEYBYTES], csecretkey[crypto_box_SECRETKEYBYTES];
+	memset(d->cnonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES);
+	unsigned char cpublickey[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES], csecretkey[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES];
 	if (!(envval = getconf("PUBLIC_KEY"))) return errorexit("Missing PUBLIC_KEY");
-	if (strlen(envval) != 2*crypto_box_PUBLICKEYBYTES) return errorexit("PUBLIC_KEY length");
-	hex2bin(cpublickey, envval, crypto_box_PUBLICKEYBYTES);
+	if (strlen(envval) != 2*crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES) return errorexit("PUBLIC_KEY length");
+	hex2bin(cpublickey, envval, crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES);
 	if (!(envval = getconf("PRIVATE_KEY"))) return errorexit("Missing PRIVATE_KEY");
-	if (strlen(envval) != 2*crypto_box_PUBLICKEYBYTES) return errorexit("PRIVATE_KEY length");
-	hex2bin(csecretkey, envval, crypto_box_SECRETKEYBYTES);
-	crypto_box_beforenm(d->cbefore, cpublickey, csecretkey);
+	if (strlen(envval) != 2*crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES) return errorexit("PRIVATE_KEY length");
+	hex2bin(csecretkey, envval, crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES);
+	crypto_box_curve25519xsalsa20poly1305_beforenm(d->cbefore, cpublickey, csecretkey);
 	return 0;
 }
 
@@ -82,10 +82,10 @@
 #endif
 	struct qtproto p = {
 		1,
-		MAX_PACKET_LEN + crypto_box_ZEROBYTES,
-		MAX_PACKET_LEN + crypto_box_BOXZEROBYTES + crypto_box_BOXZEROBYTES,
-		crypto_box_ZEROBYTES,
-		crypto_box_BOXZEROBYTES,
+		MAX_PACKET_LEN + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES,
+		MAX_PACKET_LEN + crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES,
+		crypto_box_curve25519xsalsa20poly1305_ZEROBYTES,
+		crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES,
 		encode,
 		decode,
 		init,
--- a/src/proto.nacltai.c	Mon Feb 28 16:32:48 2011 +0100
+++ b/src/proto.nacltai.c	Mon Feb 28 19:28:18 2011 +0100
@@ -24,7 +24,7 @@
    or implied, of Ivo Smits.*/
 
 #include "common.c"
-#include "crypto_box.h"
+#include "crypto_box_curve25519xsalsa20poly1305.h"
 #include "crypto_scalarmult_curve25519.h"
 #include <sys/types.h>
 #include <sys/time.h>
@@ -41,18 +41,18 @@
 };
 
 struct qt_proto_data_nacltai {
-	unsigned char cenonce[crypto_box_NONCEBYTES], cdnonce[crypto_box_NONCEBYTES];
-	unsigned char cbefore[crypto_box_BEFORENMBYTES];
+	unsigned char cenonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES], cdnonce[crypto_box_curve25519xsalsa20poly1305_NONCEBYTES];
+	unsigned char cbefore[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
 	struct taia cdtaip, cdtaic;
 };
 
 #define noncelength 16
-#define nonceoffset (crypto_box_NONCEBYTES - noncelength)
-/*static unsigned char cbefore[crypto_box_BEFORENMBYTES];
-static unsigned char buffer1[MAX_PACKET_LEN+crypto_box_ZEROBYTES], buffer2[MAX_PACKET_LEN+crypto_box_ZEROBYTES];
-static const unsigned char* buffer1offset = buffer1 + crypto_box_ZEROBYTES;
-static const unsigned char* buffer2offset = buffer2 + crypto_box_BOXZEROBYTES - noncelength;*/
-static const int overhead                 = crypto_box_BOXZEROBYTES + noncelength;
+#define nonceoffset (crypto_box_curve25519xsalsa20poly1305_NONCEBYTES - noncelength)
+/*static unsigned char cbefore[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES];
+static unsigned char buffer1[MAX_PACKET_LEN+crypto_box_curve25519xsalsa20poly1305_ZEROBYTES], buffer2[MAX_PACKET_LEN+crypto_box_curve25519xsalsa20poly1305_ZEROBYTES];
+static const unsigned char* buffer1offset = buffer1 + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES;
+static const unsigned char* buffer2offset = buffer2 + crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES - noncelength;*/
+static const int overhead                 = crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES + noncelength;
 
 void tai_pack(char *s, struct tai *t) {
   uint64 x;
@@ -120,11 +120,11 @@
 static int encode(struct qtsession* sess, char* raw, char* enc, int len) {
 	if (debug) fprintf(stderr, "Encoding packet of %d bytes from %d to %d\n", len, raw, enc);
 	struct qt_proto_data_nacltai* d = (struct qt_proto_data_nacltai*)sess->protocol_data;
-	memset(raw, 0, crypto_box_ZEROBYTES);
+	memset(raw, 0, crypto_box_curve25519xsalsa20poly1305_ZEROBYTES);
 	taia_now(&d->cdtaic);
 	taia_pack(d->cenonce + nonceoffset, &(d->cdtaic));
-	if (crypto_box_afternm(enc, raw, len + crypto_box_ZEROBYTES, d->cenonce, d->cbefore)) return errorexit("Encryption failed");
-	memcpy((void*)(enc + crypto_box_BOXZEROBYTES - noncelength), d->cenonce + nonceoffset, noncelength);
+	if (crypto_box_curve25519xsalsa20poly1305_afternm(enc, raw, len + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cenonce, d->cbefore)) return errorexit("Encryption failed");
+	memcpy((void*)(enc + crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES - noncelength), d->cenonce + nonceoffset, noncelength);
 	len += overhead;
 	if (debug) fprintf(stderr, "Encoded packet of %d bytes from %d to %d\n", len, raw, enc);
 	return len;
@@ -139,14 +139,14 @@
 		return 0;
 	}
 	len -= overhead;
-	taia_unpack((char*)(enc + crypto_box_BOXZEROBYTES - noncelength), &d->cdtaic);
+	taia_unpack((char*)(enc + crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES - noncelength), &d->cdtaic);
 	if (d->cdtaic.sec.x <= d->cdtaip.sec.x && d->cdtaic.nano <= d->cdtaip.nano && d->cdtaic.atto <= d->cdtaip.atto) { 
 		fprintf(stderr, "Timestamp going back, ignoring packet\n");
 		return 0;
 	}
-	memcpy(d->cdnonce + nonceoffset, enc + crypto_box_BOXZEROBYTES - noncelength, noncelength);
-	memset(enc, 0, crypto_box_BOXZEROBYTES);
-	if (i = crypto_box_open_afternm(raw, enc, len + crypto_box_ZEROBYTES, d->cdnonce, d->cbefore)) {
+	memcpy(d->cdnonce + nonceoffset, enc + crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES - noncelength, noncelength);
+	memset(enc, 0, crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES);
+	if (i = crypto_box_curve25519xsalsa20poly1305_open_afternm(raw, enc, len + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES, d->cdnonce, d->cbefore)) {
 		fprintf(stderr, "Decryption failed len=%d result=%d\n", len, i);
 		return 0;
 	}
@@ -159,17 +159,17 @@
 	struct qt_proto_data_nacltai* d = (struct qt_proto_data_nacltai*)sess->protocol_data;
 	char* envval;
 	printf("Initializing cryptography...\n");
-	unsigned char cownpublickey[crypto_box_PUBLICKEYBYTES], cpublickey[crypto_box_PUBLICKEYBYTES], csecretkey[crypto_box_SECRETKEYBYTES];
+	unsigned char cownpublickey[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES], cpublickey[crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES], csecretkey[crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES];
 	if (!(envval = getconf("PUBLIC_KEY"))) return errorexit("Missing PUBLIC_KEY");
-	if (strlen(envval) != 2*crypto_box_PUBLICKEYBYTES) return errorexit("PUBLIC_KEY length");
-	hex2bin(cpublickey, envval, crypto_box_PUBLICKEYBYTES);
+	if (strlen(envval) != 2*crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES) return errorexit("PUBLIC_KEY length");
+	hex2bin(cpublickey, envval, crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES);
 	if (!(envval = getconf("PRIVATE_KEY"))) return errorexit("Missing PRIVATE_KEY");
-	if (strlen(envval) != 2*crypto_box_PUBLICKEYBYTES) return errorexit("PRIVATE_KEY length");
-	hex2bin(csecretkey, envval, crypto_box_SECRETKEYBYTES);
-	crypto_box_beforenm(d->cbefore, cpublickey, csecretkey);
+	if (strlen(envval) != 2*crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES) return errorexit("PRIVATE_KEY length");
+	hex2bin(csecretkey, envval, crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES);
+	crypto_box_curve25519xsalsa20poly1305_beforenm(d->cbefore, cpublickey, csecretkey);
 
-	memset(d->cenonce, 0, crypto_box_NONCEBYTES);
-	memset(d->cdnonce, 0, crypto_box_NONCEBYTES);
+	memset(d->cenonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES);
+	memset(d->cdnonce, 0, crypto_box_curve25519xsalsa20poly1305_NONCEBYTES);
 
 	crypto_scalarmult_curve25519_base(cownpublickey, csecretkey);
 
@@ -182,7 +182,7 @@
 	if (envval = getenv("ROLE")) {
 		d->cenonce[nonceoffset-1] = atoi(envval) ? 1 : 0;
 	} else {
-		d->cenonce[nonceoffset-1] = memcmp(cownpublickey, cpublickey, crypto_box_PUBLICKEYBYTES) > 0 ? 1 : 0;
+		d->cenonce[nonceoffset-1] = memcmp(cownpublickey, cpublickey, crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES) > 0 ? 1 : 0;
 	}
 	d->cdnonce[nonceoffset-1] = d->cenonce[nonceoffset-1] ? 0 : 1;
 	return 0;
@@ -195,10 +195,10 @@
 #endif
 	struct qtproto p = {
 		1,
-		MAX_PACKET_LEN + crypto_box_ZEROBYTES,
-		MAX_PACKET_LEN + crypto_box_ZEROBYTES,
-		crypto_box_ZEROBYTES,
-		crypto_box_BOXZEROBYTES - noncelength,
+		MAX_PACKET_LEN + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES,
+		MAX_PACKET_LEN + crypto_box_curve25519xsalsa20poly1305_ZEROBYTES,
+		crypto_box_curve25519xsalsa20poly1305_ZEROBYTES,
+		crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES - noncelength,
 		encode,
 		decode,
 		init,