/work/toxcore/crypto_core.h

Source
/* SPDX-License-Identifier: GPL-3.0-or-later
 * Copyright © 2016-2018 The TokTok team.
 * Copyright © 2013 Tox project.
 */

/** @file
 * @brief Functions for the core crypto.
 */
#ifndef C_TOXCORE_TOXCORE_CRYPTO_CORE_H
#define C_TOXCORE_TOXCORE_CRYPTO_CORE_H

#include <stdbool.h>
#include <stddef.h>
#include <stdint.h>

#include "attributes.h"

#ifdef __cplusplus
extern "C" {
#endif

/**
 * The number of bytes in a signature.
 */
#define CRYPTO_SIGNATURE_SIZE          64

/**
 * The number of bytes in a Tox public key used for signatures.
 */
#define CRYPTO_SIGN_PUBLIC_KEY_SIZE    32

/**
 * The number of bytes in a Tox secret key used for signatures.
 */
#define CRYPTO_SIGN_SECRET_KEY_SIZE    64

/**
 * @brief The number of bytes in a Tox public key used for encryption.
 */
#define CRYPTO_PUBLIC_KEY_SIZE         32

/**
 * @brief The number of bytes in a Tox secret key used for encryption.
 */
#define CRYPTO_SECRET_KEY_SIZE         32

/**
 * @brief The number of bytes in a shared key computed from public and secret keys.
 */
#define CRYPTO_SHARED_KEY_SIZE         32

/**
 * @brief The number of bytes in a symmetric key.
 */
#define CRYPTO_SYMMETRIC_KEY_SIZE      CRYPTO_SHARED_KEY_SIZE

/**
 * @brief The number of bytes needed for the MAC (message authentication code) in an
 *   encrypted message.
 */
#define CRYPTO_MAC_SIZE                16

/**
 * @brief The number of bytes in a nonce used for encryption/decryption.
 */
#define CRYPTO_NONCE_SIZE              24

/**
 * @brief The number of bytes in a SHA256 hash.
 */
#define CRYPTO_SHA256_SIZE             32

/**
 * @brief The number of bytes in a SHA512 hash.
 */
#define CRYPTO_SHA512_SIZE             64

typedef void crypto_random_bytes_cb(void *obj, uint8_t *bytes, size_t length);
typedef uint32_t crypto_random_uniform_cb(void *obj, uint32_t upper_bound);

typedef struct Random_Funcs {
    crypto_random_bytes_cb *random_bytes;
    crypto_random_uniform_cb *random_uniform;
} Random_Funcs;

typedef struct Random {
    const Random_Funcs *funcs;
    void *obj;
} Random;

const Random *os_random(void);

/**
 * @brief The number of bytes in an encryption public key used by DHT group chats.
 */
#define ENC_PUBLIC_KEY_SIZE            CRYPTO_PUBLIC_KEY_SIZE

/**
 * @brief The number of bytes in an encryption secret key used by DHT group chats.
 */
#define ENC_SECRET_KEY_SIZE            CRYPTO_SECRET_KEY_SIZE

/**
 * @brief The number of bytes in a signature public key.
 */
#define SIG_PUBLIC_KEY_SIZE            CRYPTO_SIGN_PUBLIC_KEY_SIZE

/**
 * @brief The number of bytes in a signature secret key.
 */
#define SIG_SECRET_KEY_SIZE            CRYPTO_SIGN_SECRET_KEY_SIZE

/**
 * @brief The number of bytes in a DHT group chat public key identifier.
 */
#define CHAT_ID_SIZE                   SIG_PUBLIC_KEY_SIZE

/**
 * @brief The number of bytes in an extended public key used by DHT group chats.
 */
#define EXT_PUBLIC_KEY_SIZE            (ENC_PUBLIC_KEY_SIZE + SIG_PUBLIC_KEY_SIZE)

/**
 * @brief The number of bytes in an extended secret key used by DHT group chats.
 */
#define EXT_SECRET_KEY_SIZE            (ENC_SECRET_KEY_SIZE + SIG_SECRET_KEY_SIZE)

/**
 * @brief The number of bytes in an HMAC authenticator.
 */
#define CRYPTO_HMAC_SIZE               32

/**
 * @brief The number of bytes in an HMAC secret key.
 */
#define CRYPTO_HMAC_KEY_SIZE           32

/**
 * @brief A `bzero`-like function which won't be optimised away by the compiler.
 *
 * Some compilers will inline `bzero` or `memset` if they can prove that there
 * will be no reads to the written data. Use this function if you want to be
 * sure the memory is indeed zeroed.
 */
non_null()
void crypto_memzero(void *data, size_t length);

/**
 * @brief Compute a SHA256 hash (32 bytes).
 */
non_null()
void crypto_sha256(uint8_t *hash, const uint8_t *data, size_t length);

/**
 * @brief Compute a SHA512 hash (64 bytes).
 */
non_null()
void crypto_sha512(uint8_t *hash, const uint8_t *data, size_t length);

/**
 * @brief Compute an HMAC authenticator (32 bytes).
 *
 * @param auth Resulting authenticator.
 * @param key Secret key, as generated by `new_hmac_key()`.
 */
non_null()
void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE], const uint8_t *data,
                 size_t length);

/**
 * @brief Verify an HMAC authenticator.
 */
non_null()
bool crypto_hmac_verify(const uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE],
                        const uint8_t *data, size_t length);

/**
 * @brief Compare 2 public keys of length @ref CRYPTO_PUBLIC_KEY_SIZE, not vulnerable to
 * timing attacks.
 *
 * @retval true if both mem locations of length are equal
 * @retval false if they are not
 */
non_null()
bool pk_equal(const uint8_t pk1[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t pk2[CRYPTO_PUBLIC_KEY_SIZE]);

/**
 * @brief Copy a public key from `src` to `dest`.
 */
non_null()
void pk_copy(uint8_t dest[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t src[CRYPTO_PUBLIC_KEY_SIZE]);

/**
 * @brief Compare 2 SHA512 checksums of length CRYPTO_SHA512_SIZE, not vulnerable to
 * timing attacks.
 *
 * @return true if both mem locations of length are equal, false if they are not.
 */
non_null()
bool crypto_sha512_eq(const uint8_t *cksum1, const uint8_t *cksum2);

/**
 * @brief Compare 2 SHA256 checksums of length CRYPTO_SHA256_SIZE, not vulnerable to
 * timing attacks.
 *
 * @return true if both mem locations of length are equal, false if they are not.
 */
non_null()
bool crypto_sha256_eq(const uint8_t *cksum1, const uint8_t *cksum2);

/**
 * @brief Return a random 8 bit integer.
 */
non_null()
uint8_t random_u08(const Random *rng);

/**
 * @brief Return a random 16 bit integer.
 */
non_null()
uint16_t random_u16(const Random *rng);

/**
 * @brief Return a random 32 bit integer.
 */
non_null()
uint32_t random_u32(const Random *rng);

/**
 * @brief Return a random 64 bit integer.
 */
non_null()
uint64_t random_u64(const Random *rng);

/**
 * @brief Return a random 32 bit integer between 0 and upper_bound (excluded).
 *
 * This function guarantees a uniform distribution of possible outputs.
 */
non_null()
uint32_t random_range_u32(const Random *rng, uint32_t upper_bound);

/** @brief Cryptographically signs a message using the supplied secret key and puts the resulting signature
 * in the supplied buffer.
 *
 * @param signature The buffer for the resulting signature, which must have room for at
 *   least CRYPTO_SIGNATURE_SIZE bytes.
 * @param message The message being signed.
 * @param message_length The length in bytes of the message being signed.
 * @param secret_key The secret key used to create the signature. The key should be
 *   produced by either `create_extended_keypair` or the libsodium function `crypto_sign_keypair`.
 *
 * @retval true on success.
 */
non_null()
bool crypto_signature_create(uint8_t *signature, const uint8_t *message, uint64_t message_length,
                             const uint8_t *secret_key);

/** @brief Verifies that the given signature was produced by a given message and public key.
 *
 * @param signature The signature we wish to verify.
 * @param message The message we wish to verify.
 * @param message_length The length of the message.
 * @param public_key The public key counterpart of the secret key that was used to
 *   create the signature.
 *
 * @retval true on success.
 */
non_null()
bool crypto_signature_verify(const uint8_t *signature, const uint8_t *message, uint64_t message_length,
                             const uint8_t *public_key);

/**
 * @brief Fill the given nonce with random bytes.
 */
non_null()
void random_nonce(const Random *rng, uint8_t *nonce);

/**
 * @brief Fill an array of bytes with random values.
 */
non_null()
void random_bytes(const Random *rng, uint8_t *bytes, size_t length);

/**
 * @brief Check if a Tox public key CRYPTO_PUBLIC_KEY_SIZE is valid or not.
 *
 * This should only be used for input validation.
 *
 * @return false if it isn't, true if it is.
 */
non_null()
bool public_key_valid(const uint8_t *public_key);

/** @brief Creates an extended keypair: curve25519 and ed25519 for encryption and signing
 *   respectively. The Encryption keys are derived from the signature keys.
 *
 * @param pk The buffer where the public key will be stored. Must have room for EXT_PUBLIC_KEY_SIZE bytes.
 * @param sk The buffer where the secret key will be stored. Must have room for EXT_SECRET_KEY_SIZE bytes.
 *
 * @retval true on success.
 */
non_null()
bool create_extended_keypair(uint8_t *pk, uint8_t *sk);

/** Functions for groupchat extended keys */
non_null() const uint8_t *get_enc_key(const uint8_t *key);
non_null() const uint8_t *get_sig_pk(const uint8_t *key);
non_null() void set_sig_pk(uint8_t *key, const uint8_t *sig_pk);
non_null() const uint8_t *get_sig_sk(const uint8_t *key);
non_null() const uint8_t *get_chat_id(const uint8_t *key);

/**
 * @brief Generate a new random keypair.
 *
 * Every call to this function is likely to generate a different keypair.
 */
non_null()
int32_t crypto_new_keypair(const Random *rng, uint8_t *public_key, uint8_t *secret_key);

/**
 * @brief Derive the public key from a given secret key.
 */
non_null()
void crypto_derive_public_key(uint8_t *public_key, const uint8_t *secret_key);

/**
 * @brief Encrypt message to send from secret key to public key.
 *
 * Encrypt plain text of the given length to encrypted of
 * `length + CRYPTO_MAC_SIZE` using the public key (@ref CRYPTO_PUBLIC_KEY_SIZE
 * bytes) of the receiver and the secret key of the sender and a
 * @ref CRYPTO_NONCE_SIZE byte nonce.
 *
 * @retval -1 if there was a problem.
 * @return length of encrypted data if everything was fine.
 */
non_null()
int32_t encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce, const uint8_t *plain,
                     size_t length, uint8_t *encrypted);

/**
 * @brief Decrypt message from public key to secret key.
 *
 * Decrypt encrypted text of the given @p length to plain text of the given
 * `length - CRYPTO_MAC_SIZE` using the public key (@ref CRYPTO_PUBLIC_KEY_SIZE
 * bytes) of the sender, the secret key of the receiver and a
 * @ref CRYPTO_NONCE_SIZE byte nonce.
 *
 * @retval -1 if there was a problem (decryption failed).
 * @return length of plain text data if everything was fine.
 */
non_null()
int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce,
                     const uint8_t *encrypted, size_t length, uint8_t *plain);

/**
 * @brief Fast encrypt/decrypt operations.
 *
 * Use if this is not a one-time communication. `encrypt_precompute` does the
 * shared-key generation once so it does not have to be performed on every
 * encrypt/decrypt.
 */
non_null()
int32_t encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key, uint8_t *shared_key);

/**
 * @brief Encrypt message with precomputed shared key.
 *
 * Encrypts plain of length length to encrypted of length + @ref CRYPTO_MAC_SIZE
 * using a shared key @ref CRYPTO_SYMMETRIC_KEY_SIZE big and a @ref CRYPTO_NONCE_SIZE
 * byte nonce.
 *
 * @retval -1 if there was a problem.
 * @return length of encrypted data if everything was fine.
 */
non_null()
int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce, const uint8_t *plain, size_t length,
                               uint8_t *encrypted);

/**
 * @brief Decrypt message with precomputed shared key.
 *
 * Decrypts encrypted of length length to plain of length
 * `length - CRYPTO_MAC_SIZE` using a shared key @ref CRYPTO_SHARED_KEY_SIZE
 * big and a @ref CRYPTO_NONCE_SIZE byte nonce.
 *
 * @retval -1 if there was a problem (decryption failed).
 * @return length of plain data if everything was fine.
 */
non_null()
int32_t decrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce, const uint8_t *encrypted, size_t length,
                               uint8_t *plain);

/**
 * @brief Increment the given nonce by 1 in big endian (rightmost byte incremented
 * first).
 */
non_null()
void increment_nonce(uint8_t *nonce);

/**
 * @brief Increment the given nonce by a given number.
 *
 * The number should be in host byte order.
 */
non_null()
void increment_nonce_number(uint8_t *nonce, uint32_t increment);

/**
 * @brief Fill a key @ref CRYPTO_SYMMETRIC_KEY_SIZE big with random bytes.
 */
non_null()
void new_symmetric_key(const Random *rng, uint8_t *key);

/**
 * @brief Locks `length` bytes of memory pointed to by `data`.
 *
 * This will attempt to prevent the specified memory region from being swapped
 * to disk.
 *
 * @return true on success.
 */
non_null()
bool crypto_memlock(void *data, size_t length);

/**
 * @brief Unlocks `length` bytes of memory pointed to by `data`.
 *
 * This allows the specified memory region to be swapped to disk.
 *
 * This function call has the side effect of zeroing the specified memory region
 * whether or not it succeeds. Therefore it should only be used once the memory
 * is no longer in use.
 *
 * @return true on success.
 */
non_null()
bool crypto_memunlock(void *data, size_t length);

/**
 * @brief Generate a random secret HMAC key.
 */
non_null()
void new_hmac_key(const Random *rng, uint8_t key[CRYPTO_HMAC_KEY_SIZE]);

#ifdef __cplusplus
} /* extern "C" */
#endif

#endif /* C_TOXCORE_TOXCORE_CRYPTO_CORE_H */

Coverage Report

Created: 2024-01-26 01:52

Line	Count	Source
1		/* SPDX-License-Identifier: GPL-3.0-or-later
2		* Copyright © 2016-2018 The TokTok team.
3		* Copyright © 2013 Tox project.
4		*/
5
6		/** @file
7		* @brief Functions for the core crypto.
8		*/
9		#ifndef C_TOXCORE_TOXCORE_CRYPTO_CORE_H
10		#define C_TOXCORE_TOXCORE_CRYPTO_CORE_H
11
12		#include <stdbool.h>
13		#include <stddef.h>
14		#include <stdint.h>
15
16		#include "attributes.h"
17
18		#ifdef __cplusplus
19		extern "C" {
20		#endif
21
22		/**
23		* The number of bytes in a signature.
24		*/
25	19.6k	#define CRYPTO_SIGNATURE_SIZE 64
26
27		/**
28		* The number of bytes in a Tox public key used for signatures.
29		*/
30	75.2k	#define CRYPTO_SIGN_PUBLIC_KEY_SIZE 32
31
32		/**
33		* The number of bytes in a Tox secret key used for signatures.
34		*/
35	2.08k	#define CRYPTO_SIGN_SECRET_KEY_SIZE 64
36
37		/**
38		* @brief The number of bytes in a Tox public key used for encryption.
39		*/
40	629M	#define CRYPTO_PUBLIC_KEY_SIZE 32
41
42		/**
43		* @brief The number of bytes in a Tox secret key used for encryption.
44		*/
45	65.1k	#define CRYPTO_SECRET_KEY_SIZE 32
46
47		/**
48		* @brief The number of bytes in a shared key computed from public and secret keys.
49		*/
50	274k	#define CRYPTO_SHARED_KEY_SIZE 32
51
52		/**
53		* @brief The number of bytes in a symmetric key.
54		*/
55	23.3k	#define CRYPTO_SYMMETRIC_KEY_SIZE CRYPTO_SHARED_KEY_SIZE
56
57		/**
58		* @brief The number of bytes needed for the MAC (message authentication code) in an
59		* encrypted message.
60		*/
61	11.8M	#define CRYPTO_MAC_SIZE 16
62
63		/**
64		* @brief The number of bytes in a nonce used for encryption/decryption.
65		*/
66	13.0M	#define CRYPTO_NONCE_SIZE 24
67
68		/**
69		* @brief The number of bytes in a SHA256 hash.
70		*/
71	17.8k	#define CRYPTO_SHA256_SIZE 32
72
73		/**
74		* @brief The number of bytes in a SHA512 hash.
75		*/
76	12.5k	#define CRYPTO_SHA512_SIZE 64
77
78		typedef void crypto_random_bytes_cb(void obj, uint8_t bytes, size_t length);
79		typedef uint32_t crypto_random_uniform_cb(void *obj, uint32_t upper_bound);
80
81		typedef struct Random_Funcs {
82		crypto_random_bytes_cb *random_bytes;
83		crypto_random_uniform_cb *random_uniform;
84		} Random_Funcs;
85
86		typedef struct Random {
87		const Random_Funcs *funcs;
88		void *obj;
89		} Random;
90
91		const Random *os_random(void);
92
93		/**
94		* @brief The number of bytes in an encryption public key used by DHT group chats.
95		*/
96		#define ENC_PUBLIC_KEY_SIZE CRYPTO_PUBLIC_KEY_SIZE
97
98		/**
99		* @brief The number of bytes in an encryption secret key used by DHT group chats.
100		*/
101		#define ENC_SECRET_KEY_SIZE CRYPTO_SECRET_KEY_SIZE
102
103		/**
104		* @brief The number of bytes in a signature public key.
105		*/
106		#define SIG_PUBLIC_KEY_SIZE CRYPTO_SIGN_PUBLIC_KEY_SIZE
107
108		/**
109		* @brief The number of bytes in a signature secret key.
110		*/
111		#define SIG_SECRET_KEY_SIZE CRYPTO_SIGN_SECRET_KEY_SIZE
112
113		/**
114		* @brief The number of bytes in a DHT group chat public key identifier.
115		*/
116		#define CHAT_ID_SIZE SIG_PUBLIC_KEY_SIZE
117
118		/**
119		* @brief The number of bytes in an extended public key used by DHT group chats.
120		*/
121		#define EXT_PUBLIC_KEY_SIZE (ENC_PUBLIC_KEY_SIZE + SIG_PUBLIC_KEY_SIZE)
122
123		/**
124		* @brief The number of bytes in an extended secret key used by DHT group chats.
125		*/
126		#define EXT_SECRET_KEY_SIZE (ENC_SECRET_KEY_SIZE + SIG_SECRET_KEY_SIZE)
127
128		/**
129		* @brief The number of bytes in an HMAC authenticator.
130		*/
131	1.35M	#define CRYPTO_HMAC_SIZE 32
132
133		/**
134		* @brief The number of bytes in an HMAC secret key.
135		*/
136	19.5k	#define CRYPTO_HMAC_KEY_SIZE 32
137
138		/**
139		* @brief A `bzero`-like function which won't be optimised away by the compiler.
140		*
141		* Some compilers will inline `bzero` or `memset` if they can prove that there
142		* will be no reads to the written data. Use this function if you want to be
143		* sure the memory is indeed zeroed.
144		*/
145		non_null()
146		void crypto_memzero(void *data, size_t length);
147
148		/**
149		* @brief Compute a SHA256 hash (32 bytes).
150		*/
151		non_null()
152		void crypto_sha256(uint8_t hash, const uint8_t data, size_t length);
153
154		/**
155		* @brief Compute a SHA512 hash (64 bytes).
156		*/
157		non_null()
158		void crypto_sha512(uint8_t hash, const uint8_t data, size_t length);
159
160		/**
161		* @brief Compute an HMAC authenticator (32 bytes).
162		*
163		* @param auth Resulting authenticator.
164		* @param key Secret key, as generated by `new_hmac_key()`.
165		*/
166		non_null()
167		void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE], const uint8_t *data,
168		size_t length);
169
170		/**
171		* @brief Verify an HMAC authenticator.
172		*/
173		non_null()
174		bool crypto_hmac_verify(const uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE],
175		const uint8_t *data, size_t length);
176
177		/**
178		* @brief Compare 2 public keys of length @ref CRYPTO_PUBLIC_KEY_SIZE, not vulnerable to
179		* timing attacks.
180		*
181		* @retval true if both mem locations of length are equal
182		* @retval false if they are not
183		*/
184		non_null()
185		bool pk_equal(const uint8_t pk1[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t pk2[CRYPTO_PUBLIC_KEY_SIZE]);
186
187		/**
188		* @brief Copy a public key from `src` to `dest`.
189		*/
190		non_null()
191		void pk_copy(uint8_t dest[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t src[CRYPTO_PUBLIC_KEY_SIZE]);
192
193		/**
194		* @brief Compare 2 SHA512 checksums of length CRYPTO_SHA512_SIZE, not vulnerable to
195		* timing attacks.
196		*
197		* @return true if both mem locations of length are equal, false if they are not.
198		*/
199		non_null()
200		bool crypto_sha512_eq(const uint8_t cksum1, const uint8_t cksum2);
201
202		/**
203		* @brief Compare 2 SHA256 checksums of length CRYPTO_SHA256_SIZE, not vulnerable to
204		* timing attacks.
205		*
206		* @return true if both mem locations of length are equal, false if they are not.
207		*/
208		non_null()
209		bool crypto_sha256_eq(const uint8_t cksum1, const uint8_t cksum2);
210
211		/**
212		* @brief Return a random 8 bit integer.
213		*/
214		non_null()
215		uint8_t random_u08(const Random *rng);
216
217		/**
218		* @brief Return a random 16 bit integer.
219		*/
220		non_null()
221		uint16_t random_u16(const Random *rng);
222
223		/**
224		* @brief Return a random 32 bit integer.
225		*/
226		non_null()
227		uint32_t random_u32(const Random *rng);
228
229		/**
230		* @brief Return a random 64 bit integer.
231		*/
232		non_null()
233		uint64_t random_u64(const Random *rng);
234
235		/**
236		* @brief Return a random 32 bit integer between 0 and upper_bound (excluded).
237		*
238		* This function guarantees a uniform distribution of possible outputs.
239		*/
240		non_null()
241		uint32_t random_range_u32(const Random *rng, uint32_t upper_bound);
242
243		/** @brief Cryptographically signs a message using the supplied secret key and puts the resulting signature
244		* in the supplied buffer.
245		*
246		* @param signature The buffer for the resulting signature, which must have room for at
247		* least CRYPTO_SIGNATURE_SIZE bytes.
248		* @param message The message being signed.
249		* @param message_length The length in bytes of the message being signed.
250		* @param secret_key The secret key used to create the signature. The key should be
251		* produced by either `create_extended_keypair` or the libsodium function `crypto_sign_keypair`.
252		*
253		* @retval true on success.
254		*/
255		non_null()
256		bool crypto_signature_create(uint8_t signature, const uint8_t message, uint64_t message_length,
257		const uint8_t *secret_key);
258
259		/** @brief Verifies that the given signature was produced by a given message and public key.
260		*
261		* @param signature The signature we wish to verify.
262		* @param message The message we wish to verify.
263		* @param message_length The length of the message.
264		* @param public_key The public key counterpart of the secret key that was used to
265		* create the signature.
266		*
267		* @retval true on success.
268		*/
269		non_null()
270		bool crypto_signature_verify(const uint8_t signature, const uint8_t message, uint64_t message_length,
271		const uint8_t *public_key);
272
273		/**
274		* @brief Fill the given nonce with random bytes.
275		*/
276		non_null()
277		void random_nonce(const Random rng, uint8_t nonce);
278
279		/**
280		* @brief Fill an array of bytes with random values.
281		*/
282		non_null()
283		void random_bytes(const Random rng, uint8_t bytes, size_t length);
284
285		/**
286		* @brief Check if a Tox public key CRYPTO_PUBLIC_KEY_SIZE is valid or not.
287		*
288		* This should only be used for input validation.
289		*
290		* @return false if it isn't, true if it is.
291		*/
292		non_null()
293		bool public_key_valid(const uint8_t *public_key);
294
295		/** @brief Creates an extended keypair: curve25519 and ed25519 for encryption and signing
296		* respectively. The Encryption keys are derived from the signature keys.
297		*
298		* @param pk The buffer where the public key will be stored. Must have room for EXT_PUBLIC_KEY_SIZE bytes.
299		* @param sk The buffer where the secret key will be stored. Must have room for EXT_SECRET_KEY_SIZE bytes.
300		*
301		* @retval true on success.
302		*/
303		non_null()
304		bool create_extended_keypair(uint8_t pk, uint8_t sk);
305
306		/** Functions for groupchat extended keys */
307		non_null() const uint8_t get_enc_key(const uint8_t key);
308		non_null() const uint8_t get_sig_pk(const uint8_t key);
309		non_null() void set_sig_pk(uint8_t key, const uint8_t sig_pk);
310		non_null() const uint8_t get_sig_sk(const uint8_t key);
311		non_null() const uint8_t get_chat_id(const uint8_t key);
312
313		/**
314		* @brief Generate a new random keypair.
315		*
316		* Every call to this function is likely to generate a different keypair.
317		*/
318		non_null()
319		int32_t crypto_new_keypair(const Random rng, uint8_t public_key, uint8_t *secret_key);
320
321		/**
322		* @brief Derive the public key from a given secret key.
323		*/
324		non_null()
325		void crypto_derive_public_key(uint8_t public_key, const uint8_t secret_key);
326
327		/**
328		* @brief Encrypt message to send from secret key to public key.
329		*
330		* Encrypt plain text of the given length to encrypted of
331		* `length + CRYPTO_MAC_SIZE` using the public key (@ref CRYPTO_PUBLIC_KEY_SIZE
332		* bytes) of the receiver and the secret key of the sender and a
333		* @ref CRYPTO_NONCE_SIZE byte nonce.
334		*
335		* @retval -1 if there was a problem.
336		* @return length of encrypted data if everything was fine.
337		*/
338		non_null()
339		int32_t encrypt_data(const uint8_t public_key, const uint8_t secret_key, const uint8_t nonce, const uint8_t plain,
340		size_t length, uint8_t *encrypted);
341
342		/**
343		* @brief Decrypt message from public key to secret key.
344		*
345		* Decrypt encrypted text of the given @p length to plain text of the given
346		* `length - CRYPTO_MAC_SIZE` using the public key (@ref CRYPTO_PUBLIC_KEY_SIZE
347		* bytes) of the sender, the secret key of the receiver and a
348		* @ref CRYPTO_NONCE_SIZE byte nonce.
349		*
350		* @retval -1 if there was a problem (decryption failed).
351		* @return length of plain text data if everything was fine.
352		*/
353		non_null()
354		int32_t decrypt_data(const uint8_t public_key, const uint8_t secret_key, const uint8_t *nonce,
355		const uint8_t encrypted, size_t length, uint8_t plain);
356
357		/**
358		* @brief Fast encrypt/decrypt operations.
359		*
360		* Use if this is not a one-time communication. `encrypt_precompute` does the
361		* shared-key generation once so it does not have to be performed on every
362		* encrypt/decrypt.
363		*/
364		non_null()
365		int32_t encrypt_precompute(const uint8_t public_key, const uint8_t secret_key, uint8_t *shared_key);
366
367		/**
368		* @brief Encrypt message with precomputed shared key.
369		*
370		* Encrypts plain of length length to encrypted of length + @ref CRYPTO_MAC_SIZE
371		* using a shared key @ref CRYPTO_SYMMETRIC_KEY_SIZE big and a @ref CRYPTO_NONCE_SIZE
372		* byte nonce.
373		*
374		* @retval -1 if there was a problem.
375		* @return length of encrypted data if everything was fine.
376		*/
377		non_null()
378		int32_t encrypt_data_symmetric(const uint8_t shared_key, const uint8_t nonce, const uint8_t *plain, size_t length,
379		uint8_t *encrypted);
380
381		/**
382		* @brief Decrypt message with precomputed shared key.
383		*
384		* Decrypts encrypted of length length to plain of length
385		* `length - CRYPTO_MAC_SIZE` using a shared key @ref CRYPTO_SHARED_KEY_SIZE
386		* big and a @ref CRYPTO_NONCE_SIZE byte nonce.
387		*
388		* @retval -1 if there was a problem (decryption failed).
389		* @return length of plain data if everything was fine.
390		*/
391		non_null()
392		int32_t decrypt_data_symmetric(const uint8_t shared_key, const uint8_t nonce, const uint8_t *encrypted, size_t length,
393		uint8_t *plain);
394
395		/**
396		* @brief Increment the given nonce by 1 in big endian (rightmost byte incremented
397		* first).
398		*/
399		non_null()
400		void increment_nonce(uint8_t *nonce);
401
402		/**
403		* @brief Increment the given nonce by a given number.
404		*
405		* The number should be in host byte order.
406		*/
407		non_null()
408		void increment_nonce_number(uint8_t *nonce, uint32_t increment);
409
410		/**
411		* @brief Fill a key @ref CRYPTO_SYMMETRIC_KEY_SIZE big with random bytes.
412		*/
413		non_null()
414		void new_symmetric_key(const Random rng, uint8_t key);
415
416		/**
417		* @brief Locks `length` bytes of memory pointed to by `data`.
418		*
419		* This will attempt to prevent the specified memory region from being swapped
420		* to disk.
421		*
422		* @return true on success.
423		*/
424		non_null()
425		bool crypto_memlock(void *data, size_t length);
426
427		/**
428		* @brief Unlocks `length` bytes of memory pointed to by `data`.
429		*
430		* This allows the specified memory region to be swapped to disk.
431		*
432		* This function call has the side effect of zeroing the specified memory region
433		* whether or not it succeeds. Therefore it should only be used once the memory
434		* is no longer in use.
435		*
436		* @return true on success.
437		*/
438		non_null()
439		bool crypto_memunlock(void *data, size_t length);
440
441		/**
442		* @brief Generate a random secret HMAC key.
443		*/
444		non_null()
445		void new_hmac_key(const Random *rng, uint8_t key[CRYPTO_HMAC_KEY_SIZE]);
446
447		#ifdef __cplusplus
448		} /* extern "C" */
449		#endif
450
451		#endif /* C_TOXCORE_TOXCORE_CRYPTO_CORE_H */