Created
March 7, 2013 03:17
-
-
Save daviddahl/5105336 to your computer and use it in GitHub Desktop.
NaCl in Gecko: Brian Warner and David Dahl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/security/manager/ssl/public/Makefile.in b/security/manager/ssl/public/Makefile.in | |
index 07eedf7..4269d53 100644 | |
--- a/security/manager/ssl/public/Makefile.in | |
+++ b/security/manager/ssl/public/Makefile.in | |
@@ -102,6 +102,7 @@ XPIDLSRCS = \ | |
nsIKeyModule.idl \ | |
nsIProtectedAuthThread.idl \ | |
nsIDataSignatureVerifier.idl \ | |
+ nsINACL.idl \ | |
$(NULL) | |
ifdef MOZ_XUL | |
diff --git a/security/manager/ssl/public/nsINACL.idl b/security/manager/ssl/public/nsINACL.idl | |
new file mode 100644 | |
index 0000000..7ba713d | |
--- /dev/null | |
+++ b/security/manager/ssl/public/nsINACL.idl | |
@@ -0,0 +1,27 @@ | |
+ | |
+//{0x77fc331b, 0x786c, 0x43b8, {0xb6, 0x06, 0xc5, 0x4d, 0xc0, 0x74, 0xaa, 0x09}} | |
+ | |
+#include "nsISupports.idl" | |
+ | |
+[scriptable, uuid(39829fff-585f-4e71-8717-a7e8c8a6bc08)] | |
+interface nsINACL : nsISupports | |
+{ | |
+ readonly attribute string version; // 7-bit ASCII | |
+ readonly attribute ACString version2; // 8-bit | |
+ readonly attribute AUTF8String version3; // UTF-8 | |
+ AUTF8String hello_world(in AUTF8String world); | |
+ [implicit_jscontext] jsval accept_array(in jsval input); | |
+ | |
+ [implicit_jscontext] ACString arrayToB64(in jsval array); | |
+ [implicit_jscontext] jsval b64ToArray(in ACString b64); | |
+ | |
+ /* [implicit_jscontext] | |
+ AUTF8String arrayOfUTF8ToString(in jsval array); */ | |
+ [implicit_jscontext] jsval stringToArrayOfUTF8(in AString s); | |
+ | |
+ [implicit_jscontext] jsval hash_sha256(in jsval msg); | |
+ [implicit_jscontext] jsval box(in jsval msg, in jsval nonce, | |
+ in jsval pk, in jsval sk); | |
+ [implicit_jscontext] jsval box_open(in jsval msg, in jsval nonce, | |
+ in jsval pk, in jsval sk); | |
+}; | |
diff --git a/security/manager/ssl/src/Makefile.in b/security/manager/ssl/src/Makefile.in | |
index 5499dfb..bc2d739 100644 | |
--- a/security/manager/ssl/src/Makefile.in | |
+++ b/security/manager/ssl/src/Makefile.in | |
@@ -101,6 +101,7 @@ CPPSRCS = \ | |
nsIdentityChecking.cpp \ | |
nsDataSignatureVerifier.cpp \ | |
nsRandomGenerator.cpp \ | |
+ nsNACL.cpp \ | |
NSSErrorsService.cpp \ | |
nsNSSCertificateFakeTransport.cpp \ | |
PSMRunnable.cpp \ | |
@@ -112,6 +113,24 @@ CPPSRCS += nsCertTree.cpp | |
endif | |
CSRCS += md4.c | |
+CSRCS += \ | |
+ crypto_box_after.c \ | |
+ crypto_box_before.c \ | |
+ crypto_box_box.c \ | |
+ crypto_core_hsalsa20_core.c \ | |
+ crypto_core_salsa20_core.c \ | |
+ crypto_hash_sha256_hash.c \ | |
+ crypto_hashblocks_sha256_blocks.c \ | |
+ crypto_onetimeauth_poly1305_auth.c \ | |
+ crypto_onetimeauth_poly1305_verify.c \ | |
+ crypto_scalarmult_curve25519_base.c \ | |
+ crypto_scalarmult_curve25519_smult.c \ | |
+ crypto_secretbox_xsalsa20poly1305_box.c \ | |
+ crypto_stream_salsa20_stream.c \ | |
+ crypto_stream_salsa20_xor.c \ | |
+ crypto_stream_xsalsa20_stream.c \ | |
+ crypto_stream_xsalsa20_xor.c \ | |
+ crypto_verify_16_verify.c | |
EXTRA_DEPS = $(NSS_DEP_LIBS) | |
@@ -127,4 +146,3 @@ DEFINES += \ | |
LOCAL_INCLUDES += $(NSS_CFLAGS) | |
include $(topsrcdir)/config/rules.mk | |
- | |
diff --git a/security/manager/ssl/src/crypto_box.h b/security/manager/ssl/src/crypto_box.h | |
new file mode 100644 | |
index 0000000..a6f1c4f | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_box.h | |
@@ -0,0 +1,22 @@ | |
+#ifndef crypto_box_H | |
+#define crypto_box_H | |
+ | |
+#include "crypto_box_curve25519xsalsa20poly1305.h" | |
+ | |
+#define crypto_box crypto_box_curve25519xsalsa20poly1305 | |
+#define crypto_box_open crypto_box_curve25519xsalsa20poly1305_open | |
+#define crypto_box_keypair crypto_box_curve25519xsalsa20poly1305_keypair | |
+#define crypto_box_beforenm crypto_box_curve25519xsalsa20poly1305_beforenm | |
+#define crypto_box_afternm crypto_box_curve25519xsalsa20poly1305_afternm | |
+#define crypto_box_open_afternm crypto_box_curve25519xsalsa20poly1305_open_afternm | |
+#define crypto_box_PUBLICKEYBYTES crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES | |
+#define crypto_box_SECRETKEYBYTES crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES | |
+#define crypto_box_BEFORENMBYTES crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES | |
+#define crypto_box_NONCEBYTES crypto_box_curve25519xsalsa20poly1305_NONCEBYTES | |
+#define crypto_box_ZEROBYTES crypto_box_curve25519xsalsa20poly1305_ZEROBYTES | |
+#define crypto_box_BOXZEROBYTES crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES | |
+#define crypto_box_PRIMITIVE "curve25519xsalsa20poly1305" | |
+#define crypto_box_IMPLEMENTATION crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION | |
+#define crypto_box_VERSION crypto_box_curve25519xsalsa20poly1305_VERSION | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_box_after.c b/security/manager/ssl/src/crypto_box_after.c | |
new file mode 100644 | |
index 0000000..a4cffa1 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_box_after.c | |
@@ -0,0 +1,22 @@ | |
+#include "crypto_secretbox_xsalsa20poly1305.h" | |
+#include "crypto_box_curve25519xsalsa20poly1305.h" | |
+ | |
+int crypto_box_curve25519xsalsa20poly1305_afternm( | |
+ unsigned char *c, | |
+ const unsigned char *m,unsigned long long mlen, | |
+ const unsigned char *n, | |
+ const unsigned char *k | |
+) | |
+{ | |
+ return crypto_secretbox_xsalsa20poly1305(c,m,mlen,n,k); | |
+} | |
+ | |
+int crypto_box_curve25519xsalsa20poly1305_open_afternm( | |
+ unsigned char *m, | |
+ const unsigned char *c,unsigned long long clen, | |
+ const unsigned char *n, | |
+ const unsigned char *k | |
+) | |
+{ | |
+ return crypto_secretbox_xsalsa20poly1305_open(m,c,clen,n,k); | |
+} | |
diff --git a/security/manager/ssl/src/crypto_box_before.c b/security/manager/ssl/src/crypto_box_before.c | |
new file mode 100644 | |
index 0000000..7660e73 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_box_before.c | |
@@ -0,0 +1,17 @@ | |
+#include "crypto_core_hsalsa20.h" | |
+#include "crypto_scalarmult_curve25519.h" | |
+#include "crypto_box_curve25519xsalsa20poly1305.h" | |
+ | |
+static const unsigned char sigma[16] = "expand 32-byte k"; | |
+static const unsigned char n[16] = {0}; | |
+ | |
+int crypto_box_curve25519xsalsa20poly1305_beforenm( | |
+ unsigned char *k, | |
+ const unsigned char *pk, | |
+ const unsigned char *sk | |
+) | |
+{ | |
+ unsigned char s[32]; | |
+ crypto_scalarmult_curve25519(s,sk,pk); | |
+ return crypto_core_hsalsa20(k,n,s,sigma); | |
+} | |
diff --git a/security/manager/ssl/src/crypto_box_box.c b/security/manager/ssl/src/crypto_box_box.c | |
new file mode 100644 | |
index 0000000..be106a1 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_box_box.c | |
@@ -0,0 +1,27 @@ | |
+#include "crypto_box_curve25519xsalsa20poly1305.h" | |
+ | |
+int crypto_box_curve25519xsalsa20poly1305( | |
+ unsigned char *c, | |
+ const unsigned char *m,unsigned long long mlen, | |
+ const unsigned char *n, | |
+ const unsigned char *pk, | |
+ const unsigned char *sk | |
+) | |
+{ | |
+ unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; | |
+ crypto_box_curve25519xsalsa20poly1305_beforenm(k,pk,sk); | |
+ return crypto_box_curve25519xsalsa20poly1305_afternm(c,m,mlen,n,k); | |
+} | |
+ | |
+int crypto_box_curve25519xsalsa20poly1305_open( | |
+ unsigned char *m, | |
+ const unsigned char *c,unsigned long long clen, | |
+ const unsigned char *n, | |
+ const unsigned char *pk, | |
+ const unsigned char *sk | |
+) | |
+{ | |
+ unsigned char k[crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES]; | |
+ crypto_box_curve25519xsalsa20poly1305_beforenm(k,pk,sk); | |
+ return crypto_box_curve25519xsalsa20poly1305_open_afternm(m,c,clen,n,k); | |
+} | |
diff --git a/security/manager/ssl/src/crypto_box_curve25519xsalsa20poly1305.h b/security/manager/ssl/src/crypto_box_curve25519xsalsa20poly1305.h | |
new file mode 100644 | |
index 0000000..5f4e209 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_box_curve25519xsalsa20poly1305.h | |
@@ -0,0 +1,19 @@ | |
+#ifndef crypto_box_curve25519xsalsa20poly1305_H | |
+#define crypto_box_curve25519xsalsa20poly1305_H | |
+ | |
+#define crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES 32 | |
+#define crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES 32 | |
+#define crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES 32 | |
+#define crypto_box_curve25519xsalsa20poly1305_NONCEBYTES 24 | |
+#define crypto_box_curve25519xsalsa20poly1305_ZEROBYTES 32 | |
+#define crypto_box_curve25519xsalsa20poly1305_BOXZEROBYTES 16 | |
+extern int crypto_box_curve25519xsalsa20poly1305(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *); | |
+extern int crypto_box_curve25519xsalsa20poly1305_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *,const unsigned char *); | |
+extern int crypto_box_curve25519xsalsa20poly1305_keypair(unsigned char *,unsigned char *); | |
+extern int crypto_box_curve25519xsalsa20poly1305_beforenm(unsigned char *,const unsigned char *,const unsigned char *); | |
+extern int crypto_box_curve25519xsalsa20poly1305_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+extern int crypto_box_curve25519xsalsa20poly1305_open_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+#define crypto_box_curve25519xsalsa20poly1305_IMPLEMENTATION "crypto_box/curve25519xsalsa20poly1305/ref" | |
+#define crypto_box_curve25519xsalsa20poly1305_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_core_hsalsa20.h b/security/manager/ssl/src/crypto_core_hsalsa20.h | |
new file mode 100644 | |
index 0000000..46e5439 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_core_hsalsa20.h | |
@@ -0,0 +1,12 @@ | |
+#ifndef crypto_core_hsalsa20_H | |
+#define crypto_core_hsalsa20_H | |
+ | |
+#define crypto_core_hsalsa20_OUTPUTBYTES 32 | |
+#define crypto_core_hsalsa20_INPUTBYTES 16 | |
+#define crypto_core_hsalsa20_KEYBYTES 32 | |
+#define crypto_core_hsalsa20_CONSTBYTES 16 | |
+extern int crypto_core_hsalsa20(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); | |
+#define crypto_core_hsalsa20_IMPLEMENTATION "crypto_core/hsalsa20/ref" | |
+#define crypto_core_hsalsa20_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_core_hsalsa20_core.c b/security/manager/ssl/src/crypto_core_hsalsa20_core.c | |
new file mode 100644 | |
index 0000000..b085a30 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_core_hsalsa20_core.c | |
@@ -0,0 +1,135 @@ | |
+/* | |
+version 20080912 | |
+D. J. Bernstein | |
+Public domain. | |
+*/ | |
+ | |
+#include "crypto_core_hsalsa20.h" | |
+ | |
+#define ROUNDS 20 | |
+ | |
+typedef unsigned int uint32; | |
+ | |
+static uint32 rotate(uint32 u,int c) | |
+{ | |
+ return (u << c) | (u >> (32 - c)); | |
+} | |
+ | |
+static uint32 load_littleendian(const unsigned char *x) | |
+{ | |
+ return | |
+ (uint32) (x[0]) \ | |
+ | (((uint32) (x[1])) << 8) \ | |
+ | (((uint32) (x[2])) << 16) \ | |
+ | (((uint32) (x[3])) << 24) | |
+ ; | |
+} | |
+ | |
+static void store_littleendian(unsigned char *x,uint32 u) | |
+{ | |
+ x[0] = u; u >>= 8; | |
+ x[1] = u; u >>= 8; | |
+ x[2] = u; u >>= 8; | |
+ x[3] = u; | |
+} | |
+ | |
+int crypto_core_hsalsa20( | |
+ unsigned char *out, | |
+ const unsigned char *in, | |
+ const unsigned char *k, | |
+ const unsigned char *c | |
+) | |
+{ | |
+ uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; | |
+ uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; | |
+ int i; | |
+ | |
+ j0 = x0 = load_littleendian(c + 0); | |
+ j1 = x1 = load_littleendian(k + 0); | |
+ j2 = x2 = load_littleendian(k + 4); | |
+ j3 = x3 = load_littleendian(k + 8); | |
+ j4 = x4 = load_littleendian(k + 12); | |
+ j5 = x5 = load_littleendian(c + 4); | |
+ j6 = x6 = load_littleendian(in + 0); | |
+ j7 = x7 = load_littleendian(in + 4); | |
+ j8 = x8 = load_littleendian(in + 8); | |
+ j9 = x9 = load_littleendian(in + 12); | |
+ j10 = x10 = load_littleendian(c + 8); | |
+ j11 = x11 = load_littleendian(k + 16); | |
+ j12 = x12 = load_littleendian(k + 20); | |
+ j13 = x13 = load_littleendian(k + 24); | |
+ j14 = x14 = load_littleendian(k + 28); | |
+ j15 = x15 = load_littleendian(c + 12); | |
+ | |
+ for (i = ROUNDS;i > 0;i -= 2) { | |
+ x4 ^= rotate( x0+x12, 7); | |
+ x8 ^= rotate( x4+ x0, 9); | |
+ x12 ^= rotate( x8+ x4,13); | |
+ x0 ^= rotate(x12+ x8,18); | |
+ x9 ^= rotate( x5+ x1, 7); | |
+ x13 ^= rotate( x9+ x5, 9); | |
+ x1 ^= rotate(x13+ x9,13); | |
+ x5 ^= rotate( x1+x13,18); | |
+ x14 ^= rotate(x10+ x6, 7); | |
+ x2 ^= rotate(x14+x10, 9); | |
+ x6 ^= rotate( x2+x14,13); | |
+ x10 ^= rotate( x6+ x2,18); | |
+ x3 ^= rotate(x15+x11, 7); | |
+ x7 ^= rotate( x3+x15, 9); | |
+ x11 ^= rotate( x7+ x3,13); | |
+ x15 ^= rotate(x11+ x7,18); | |
+ x1 ^= rotate( x0+ x3, 7); | |
+ x2 ^= rotate( x1+ x0, 9); | |
+ x3 ^= rotate( x2+ x1,13); | |
+ x0 ^= rotate( x3+ x2,18); | |
+ x6 ^= rotate( x5+ x4, 7); | |
+ x7 ^= rotate( x6+ x5, 9); | |
+ x4 ^= rotate( x7+ x6,13); | |
+ x5 ^= rotate( x4+ x7,18); | |
+ x11 ^= rotate(x10+ x9, 7); | |
+ x8 ^= rotate(x11+x10, 9); | |
+ x9 ^= rotate( x8+x11,13); | |
+ x10 ^= rotate( x9+ x8,18); | |
+ x12 ^= rotate(x15+x14, 7); | |
+ x13 ^= rotate(x12+x15, 9); | |
+ x14 ^= rotate(x13+x12,13); | |
+ x15 ^= rotate(x14+x13,18); | |
+ } | |
+ | |
+ x0 += j0; | |
+ x1 += j1; | |
+ x2 += j2; | |
+ x3 += j3; | |
+ x4 += j4; | |
+ x5 += j5; | |
+ x6 += j6; | |
+ x7 += j7; | |
+ x8 += j8; | |
+ x9 += j9; | |
+ x10 += j10; | |
+ x11 += j11; | |
+ x12 += j12; | |
+ x13 += j13; | |
+ x14 += j14; | |
+ x15 += j15; | |
+ | |
+ x0 -= load_littleendian(c + 0); | |
+ x5 -= load_littleendian(c + 4); | |
+ x10 -= load_littleendian(c + 8); | |
+ x15 -= load_littleendian(c + 12); | |
+ x6 -= load_littleendian(in + 0); | |
+ x7 -= load_littleendian(in + 4); | |
+ x8 -= load_littleendian(in + 8); | |
+ x9 -= load_littleendian(in + 12); | |
+ | |
+ store_littleendian(out + 0,x0); | |
+ store_littleendian(out + 4,x5); | |
+ store_littleendian(out + 8,x10); | |
+ store_littleendian(out + 12,x15); | |
+ store_littleendian(out + 16,x6); | |
+ store_littleendian(out + 20,x7); | |
+ store_littleendian(out + 24,x8); | |
+ store_littleendian(out + 28,x9); | |
+ | |
+ return 0; | |
+} | |
diff --git a/security/manager/ssl/src/crypto_core_salsa20.h b/security/manager/ssl/src/crypto_core_salsa20.h | |
new file mode 100644 | |
index 0000000..5f634a1 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_core_salsa20.h | |
@@ -0,0 +1,12 @@ | |
+#ifndef crypto_core_salsa20_H | |
+#define crypto_core_salsa20_H | |
+ | |
+#define crypto_core_salsa20_OUTPUTBYTES 64 | |
+#define crypto_core_salsa20_INPUTBYTES 16 | |
+#define crypto_core_salsa20_KEYBYTES 32 | |
+#define crypto_core_salsa20_CONSTBYTES 16 | |
+extern int crypto_core_salsa20(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); | |
+#define crypto_core_salsa20_IMPLEMENTATION "crypto_core/salsa20/ref" | |
+#define crypto_core_salsa20_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_core_salsa2012.h b/security/manager/ssl/src/crypto_core_salsa2012.h | |
new file mode 100644 | |
index 0000000..92d8308 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_core_salsa2012.h | |
@@ -0,0 +1,12 @@ | |
+#ifndef crypto_core_salsa2012_H | |
+#define crypto_core_salsa2012_H | |
+ | |
+#define crypto_core_salsa2012_OUTPUTBYTES 64 | |
+#define crypto_core_salsa2012_INPUTBYTES 16 | |
+#define crypto_core_salsa2012_KEYBYTES 32 | |
+#define crypto_core_salsa2012_CONSTBYTES 16 | |
+extern int crypto_core_salsa2012(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); | |
+#define crypto_core_salsa2012_IMPLEMENTATION "crypto_core/salsa2012/ref" | |
+#define crypto_core_salsa2012_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_core_salsa208.h b/security/manager/ssl/src/crypto_core_salsa208.h | |
new file mode 100644 | |
index 0000000..ac6546c | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_core_salsa208.h | |
@@ -0,0 +1,12 @@ | |
+#ifndef crypto_core_salsa208_H | |
+#define crypto_core_salsa208_H | |
+ | |
+#define crypto_core_salsa208_OUTPUTBYTES 64 | |
+#define crypto_core_salsa208_INPUTBYTES 16 | |
+#define crypto_core_salsa208_KEYBYTES 32 | |
+#define crypto_core_salsa208_CONSTBYTES 16 | |
+extern int crypto_core_salsa208(unsigned char *,const unsigned char *,const unsigned char *,const unsigned char *); | |
+#define crypto_core_salsa208_IMPLEMENTATION "crypto_core/salsa208/ref" | |
+#define crypto_core_salsa208_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_core_salsa20_core.c b/security/manager/ssl/src/crypto_core_salsa20_core.c | |
new file mode 100644 | |
index 0000000..8096791 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_core_salsa20_core.c | |
@@ -0,0 +1,134 @@ | |
+/* | |
+version 20080912 | |
+D. J. Bernstein | |
+Public domain. | |
+*/ | |
+ | |
+#include "crypto_core_salsa20.h" | |
+ | |
+#define ROUNDS 20 | |
+ | |
+typedef unsigned int uint32; | |
+ | |
+static uint32 rotate(uint32 u,int c) | |
+{ | |
+ return (u << c) | (u >> (32 - c)); | |
+} | |
+ | |
+static uint32 load_littleendian(const unsigned char *x) | |
+{ | |
+ return | |
+ (uint32) (x[0]) \ | |
+ | (((uint32) (x[1])) << 8) \ | |
+ | (((uint32) (x[2])) << 16) \ | |
+ | (((uint32) (x[3])) << 24) | |
+ ; | |
+} | |
+ | |
+static void store_littleendian(unsigned char *x,uint32 u) | |
+{ | |
+ x[0] = u; u >>= 8; | |
+ x[1] = u; u >>= 8; | |
+ x[2] = u; u >>= 8; | |
+ x[3] = u; | |
+} | |
+ | |
+int crypto_core_salsa20( | |
+ unsigned char *out, | |
+ const unsigned char *in, | |
+ const unsigned char *k, | |
+ const unsigned char *c | |
+) | |
+{ | |
+ uint32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; | |
+ uint32 j0, j1, j2, j3, j4, j5, j6, j7, j8, j9, j10, j11, j12, j13, j14, j15; | |
+ int i; | |
+ | |
+ j0 = x0 = load_littleendian(c + 0); | |
+ j1 = x1 = load_littleendian(k + 0); | |
+ j2 = x2 = load_littleendian(k + 4); | |
+ j3 = x3 = load_littleendian(k + 8); | |
+ j4 = x4 = load_littleendian(k + 12); | |
+ j5 = x5 = load_littleendian(c + 4); | |
+ j6 = x6 = load_littleendian(in + 0); | |
+ j7 = x7 = load_littleendian(in + 4); | |
+ j8 = x8 = load_littleendian(in + 8); | |
+ j9 = x9 = load_littleendian(in + 12); | |
+ j10 = x10 = load_littleendian(c + 8); | |
+ j11 = x11 = load_littleendian(k + 16); | |
+ j12 = x12 = load_littleendian(k + 20); | |
+ j13 = x13 = load_littleendian(k + 24); | |
+ j14 = x14 = load_littleendian(k + 28); | |
+ j15 = x15 = load_littleendian(c + 12); | |
+ | |
+ for (i = ROUNDS;i > 0;i -= 2) { | |
+ x4 ^= rotate( x0+x12, 7); | |
+ x8 ^= rotate( x4+ x0, 9); | |
+ x12 ^= rotate( x8+ x4,13); | |
+ x0 ^= rotate(x12+ x8,18); | |
+ x9 ^= rotate( x5+ x1, 7); | |
+ x13 ^= rotate( x9+ x5, 9); | |
+ x1 ^= rotate(x13+ x9,13); | |
+ x5 ^= rotate( x1+x13,18); | |
+ x14 ^= rotate(x10+ x6, 7); | |
+ x2 ^= rotate(x14+x10, 9); | |
+ x6 ^= rotate( x2+x14,13); | |
+ x10 ^= rotate( x6+ x2,18); | |
+ x3 ^= rotate(x15+x11, 7); | |
+ x7 ^= rotate( x3+x15, 9); | |
+ x11 ^= rotate( x7+ x3,13); | |
+ x15 ^= rotate(x11+ x7,18); | |
+ x1 ^= rotate( x0+ x3, 7); | |
+ x2 ^= rotate( x1+ x0, 9); | |
+ x3 ^= rotate( x2+ x1,13); | |
+ x0 ^= rotate( x3+ x2,18); | |
+ x6 ^= rotate( x5+ x4, 7); | |
+ x7 ^= rotate( x6+ x5, 9); | |
+ x4 ^= rotate( x7+ x6,13); | |
+ x5 ^= rotate( x4+ x7,18); | |
+ x11 ^= rotate(x10+ x9, 7); | |
+ x8 ^= rotate(x11+x10, 9); | |
+ x9 ^= rotate( x8+x11,13); | |
+ x10 ^= rotate( x9+ x8,18); | |
+ x12 ^= rotate(x15+x14, 7); | |
+ x13 ^= rotate(x12+x15, 9); | |
+ x14 ^= rotate(x13+x12,13); | |
+ x15 ^= rotate(x14+x13,18); | |
+ } | |
+ | |
+ x0 += j0; | |
+ x1 += j1; | |
+ x2 += j2; | |
+ x3 += j3; | |
+ x4 += j4; | |
+ x5 += j5; | |
+ x6 += j6; | |
+ x7 += j7; | |
+ x8 += j8; | |
+ x9 += j9; | |
+ x10 += j10; | |
+ x11 += j11; | |
+ x12 += j12; | |
+ x13 += j13; | |
+ x14 += j14; | |
+ x15 += j15; | |
+ | |
+ store_littleendian(out + 0,x0); | |
+ store_littleendian(out + 4,x1); | |
+ store_littleendian(out + 8,x2); | |
+ store_littleendian(out + 12,x3); | |
+ store_littleendian(out + 16,x4); | |
+ store_littleendian(out + 20,x5); | |
+ store_littleendian(out + 24,x6); | |
+ store_littleendian(out + 28,x7); | |
+ store_littleendian(out + 32,x8); | |
+ store_littleendian(out + 36,x9); | |
+ store_littleendian(out + 40,x10); | |
+ store_littleendian(out + 44,x11); | |
+ store_littleendian(out + 48,x12); | |
+ store_littleendian(out + 52,x13); | |
+ store_littleendian(out + 56,x14); | |
+ store_littleendian(out + 60,x15); | |
+ | |
+ return 0; | |
+} | |
diff --git a/security/manager/ssl/src/crypto_hash.h b/security/manager/ssl/src/crypto_hash.h | |
new file mode 100644 | |
index 0000000..c24f367 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_hash.h | |
@@ -0,0 +1,12 @@ | |
+#ifndef crypto_hash_H | |
+#define crypto_hash_H | |
+ | |
+#include "crypto_hash_sha512.h" | |
+ | |
+#define crypto_hash crypto_hash_sha512 | |
+#define crypto_hash_BYTES crypto_hash_sha512_BYTES | |
+#define crypto_hash_PRIMITIVE "sha512" | |
+#define crypto_hash_IMPLEMENTATION crypto_hash_sha512_IMPLEMENTATION | |
+#define crypto_hash_VERSION crypto_hash_sha512_VERSION | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_hash_sha256.h b/security/manager/ssl/src/crypto_hash_sha256.h | |
new file mode 100644 | |
index 0000000..c37258b | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_hash_sha256.h | |
@@ -0,0 +1,9 @@ | |
+#ifndef crypto_hash_sha256_H | |
+#define crypto_hash_sha256_H | |
+ | |
+#define crypto_hash_sha256_BYTES 32 | |
+extern int crypto_hash_sha256(unsigned char *,const unsigned char *,unsigned long long); | |
+#define crypto_hash_sha256_IMPLEMENTATION "crypto_hash/sha256/ref" | |
+#define crypto_hash_sha256_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_hash_sha256_hash.c b/security/manager/ssl/src/crypto_hash_sha256_hash.c | |
new file mode 100644 | |
index 0000000..8d68e33 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_hash_sha256_hash.c | |
@@ -0,0 +1,69 @@ | |
+/* | |
+20080913 | |
+D. J. Bernstein | |
+Public domain. | |
+*/ | |
+ | |
+#include "crypto_hashblocks_sha256.h" | |
+#include "crypto_hash_sha256.h" | |
+ | |
+#define blocks crypto_hashblocks_sha256 | |
+ | |
+typedef unsigned int uint32; | |
+ | |
+static const char iv[32] = { | |
+ 0x6a,0x09,0xe6,0x67, | |
+ 0xbb,0x67,0xae,0x85, | |
+ 0x3c,0x6e,0xf3,0x72, | |
+ 0xa5,0x4f,0xf5,0x3a, | |
+ 0x51,0x0e,0x52,0x7f, | |
+ 0x9b,0x05,0x68,0x8c, | |
+ 0x1f,0x83,0xd9,0xab, | |
+ 0x5b,0xe0,0xcd,0x19, | |
+} ; | |
+ | |
+int crypto_hash_sha256(unsigned char *out,const unsigned char *in,unsigned long long inlen) | |
+{ | |
+ unsigned char h[32]; | |
+ unsigned char padded[128]; | |
+ int i; | |
+ unsigned long long bits = inlen << 3; | |
+ | |
+ for (i = 0;i < 32;++i) h[i] = iv[i]; | |
+ | |
+ blocks(h,in,inlen); | |
+ in += inlen; | |
+ inlen &= 63; | |
+ in -= inlen; | |
+ | |
+ for (i = 0;i < inlen;++i) padded[i] = in[i]; | |
+ padded[inlen] = 0x80; | |
+ | |
+ if (inlen < 56) { | |
+ for (i = inlen + 1;i < 56;++i) padded[i] = 0; | |
+ padded[56] = bits >> 56; | |
+ padded[57] = bits >> 48; | |
+ padded[58] = bits >> 40; | |
+ padded[59] = bits >> 32; | |
+ padded[60] = bits >> 24; | |
+ padded[61] = bits >> 16; | |
+ padded[62] = bits >> 8; | |
+ padded[63] = bits; | |
+ blocks(h,padded,64); | |
+ } else { | |
+ for (i = inlen + 1;i < 120;++i) padded[i] = 0; | |
+ padded[120] = bits >> 56; | |
+ padded[121] = bits >> 48; | |
+ padded[122] = bits >> 40; | |
+ padded[123] = bits >> 32; | |
+ padded[124] = bits >> 24; | |
+ padded[125] = bits >> 16; | |
+ padded[126] = bits >> 8; | |
+ padded[127] = bits; | |
+ blocks(h,padded,128); | |
+ } | |
+ | |
+ for (i = 0;i < 32;++i) out[i] = h[i]; | |
+ | |
+ return 0; | |
+} | |
diff --git a/security/manager/ssl/src/crypto_hashblocks.h b/security/manager/ssl/src/crypto_hashblocks.h | |
new file mode 100644 | |
index 0000000..ce389b6 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_hashblocks.h | |
@@ -0,0 +1,13 @@ | |
+#ifndef crypto_hashblocks_H | |
+#define crypto_hashblocks_H | |
+ | |
+#include "crypto_hashblocks_sha512.h" | |
+ | |
+#define crypto_hashblocks crypto_hashblocks_sha512 | |
+#define crypto_hashblocks_STATEBYTES crypto_hashblocks_sha512_STATEBYTES | |
+#define crypto_hashblocks_BLOCKBYTES crypto_hashblocks_sha512_BLOCKBYTES | |
+#define crypto_hashblocks_PRIMITIVE "sha512" | |
+#define crypto_hashblocks_IMPLEMENTATION crypto_hashblocks_sha512_IMPLEMENTATION | |
+#define crypto_hashblocks_VERSION crypto_hashblocks_sha512_VERSION | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_hashblocks_sha256.h b/security/manager/ssl/src/crypto_hashblocks_sha256.h | |
new file mode 100644 | |
index 0000000..d9c7c7d | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_hashblocks_sha256.h | |
@@ -0,0 +1,10 @@ | |
+#ifndef crypto_hashblocks_sha256_H | |
+#define crypto_hashblocks_sha256_H | |
+ | |
+#define crypto_hashblocks_sha256_STATEBYTES 32 | |
+#define crypto_hashblocks_sha256_BLOCKBYTES 64 | |
+extern int crypto_hashblocks_sha256(unsigned char *,const unsigned char *,unsigned long long); | |
+#define crypto_hashblocks_sha256_IMPLEMENTATION "crypto_hashblocks/sha256/ref" | |
+#define crypto_hashblocks_sha256_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_hashblocks_sha256_blocks.c b/security/manager/ssl/src/crypto_hashblocks_sha256_blocks.c | |
new file mode 100644 | |
index 0000000..df10842 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_hashblocks_sha256_blocks.c | |
@@ -0,0 +1,212 @@ | |
+#include "crypto_hashblocks_sha256.h" | |
+ | |
+typedef unsigned int uint32; | |
+ | |
+static uint32 load_bigendian(const unsigned char *x) | |
+{ | |
+ return | |
+ (uint32) (x[3]) \ | |
+ | (((uint32) (x[2])) << 8) \ | |
+ | (((uint32) (x[1])) << 16) \ | |
+ | (((uint32) (x[0])) << 24) | |
+ ; | |
+} | |
+ | |
+static void store_bigendian(unsigned char *x,uint32 u) | |
+{ | |
+ x[3] = u; u >>= 8; | |
+ x[2] = u; u >>= 8; | |
+ x[1] = u; u >>= 8; | |
+ x[0] = u; | |
+} | |
+ | |
+#define SHR(x,c) ((x) >> (c)) | |
+#define ROTR(x,c) (((x) >> (c)) | ((x) << (32 - (c)))) | |
+ | |
+#define Ch(x,y,z) ((x & y) ^ (~x & z)) | |
+#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z)) | |
+#define Sigma0(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) | |
+#define Sigma1(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) | |
+#define sigma0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) | |
+#define sigma1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) | |
+ | |
+#define M(w0,w14,w9,w1) w0 = sigma1(w14) + w9 + sigma0(w1) + w0; | |
+ | |
+#define EXPAND \ | |
+ M(w0 ,w14,w9 ,w1 ) \ | |
+ M(w1 ,w15,w10,w2 ) \ | |
+ M(w2 ,w0 ,w11,w3 ) \ | |
+ M(w3 ,w1 ,w12,w4 ) \ | |
+ M(w4 ,w2 ,w13,w5 ) \ | |
+ M(w5 ,w3 ,w14,w6 ) \ | |
+ M(w6 ,w4 ,w15,w7 ) \ | |
+ M(w7 ,w5 ,w0 ,w8 ) \ | |
+ M(w8 ,w6 ,w1 ,w9 ) \ | |
+ M(w9 ,w7 ,w2 ,w10) \ | |
+ M(w10,w8 ,w3 ,w11) \ | |
+ M(w11,w9 ,w4 ,w12) \ | |
+ M(w12,w10,w5 ,w13) \ | |
+ M(w13,w11,w6 ,w14) \ | |
+ M(w14,w12,w7 ,w15) \ | |
+ M(w15,w13,w8 ,w0 ) | |
+ | |
+#define F(w,k) \ | |
+ T1 = h + Sigma1(e) + Ch(e,f,g) + k + w; \ | |
+ T2 = Sigma0(a) + Maj(a,b,c); \ | |
+ h = g; \ | |
+ g = f; \ | |
+ f = e; \ | |
+ e = d + T1; \ | |
+ d = c; \ | |
+ c = b; \ | |
+ b = a; \ | |
+ a = T1 + T2; | |
+ | |
+int crypto_hashblocks_sha256(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen) | |
+{ | |
+ uint32 state[8]; | |
+ uint32 a; | |
+ uint32 b; | |
+ uint32 c; | |
+ uint32 d; | |
+ uint32 e; | |
+ uint32 f; | |
+ uint32 g; | |
+ uint32 h; | |
+ uint32 T1; | |
+ uint32 T2; | |
+ | |
+ a = load_bigendian(statebytes + 0); state[0] = a; | |
+ b = load_bigendian(statebytes + 4); state[1] = b; | |
+ c = load_bigendian(statebytes + 8); state[2] = c; | |
+ d = load_bigendian(statebytes + 12); state[3] = d; | |
+ e = load_bigendian(statebytes + 16); state[4] = e; | |
+ f = load_bigendian(statebytes + 20); state[5] = f; | |
+ g = load_bigendian(statebytes + 24); state[6] = g; | |
+ h = load_bigendian(statebytes + 28); state[7] = h; | |
+ | |
+ while (inlen >= 64) { | |
+ uint32 w0 = load_bigendian(in + 0); | |
+ uint32 w1 = load_bigendian(in + 4); | |
+ uint32 w2 = load_bigendian(in + 8); | |
+ uint32 w3 = load_bigendian(in + 12); | |
+ uint32 w4 = load_bigendian(in + 16); | |
+ uint32 w5 = load_bigendian(in + 20); | |
+ uint32 w6 = load_bigendian(in + 24); | |
+ uint32 w7 = load_bigendian(in + 28); | |
+ uint32 w8 = load_bigendian(in + 32); | |
+ uint32 w9 = load_bigendian(in + 36); | |
+ uint32 w10 = load_bigendian(in + 40); | |
+ uint32 w11 = load_bigendian(in + 44); | |
+ uint32 w12 = load_bigendian(in + 48); | |
+ uint32 w13 = load_bigendian(in + 52); | |
+ uint32 w14 = load_bigendian(in + 56); | |
+ uint32 w15 = load_bigendian(in + 60); | |
+ | |
+ F(w0 ,0x428a2f98) | |
+ F(w1 ,0x71374491) | |
+ F(w2 ,0xb5c0fbcf) | |
+ F(w3 ,0xe9b5dba5) | |
+ F(w4 ,0x3956c25b) | |
+ F(w5 ,0x59f111f1) | |
+ F(w6 ,0x923f82a4) | |
+ F(w7 ,0xab1c5ed5) | |
+ F(w8 ,0xd807aa98) | |
+ F(w9 ,0x12835b01) | |
+ F(w10,0x243185be) | |
+ F(w11,0x550c7dc3) | |
+ F(w12,0x72be5d74) | |
+ F(w13,0x80deb1fe) | |
+ F(w14,0x9bdc06a7) | |
+ F(w15,0xc19bf174) | |
+ | |
+ EXPAND | |
+ | |
+ F(w0 ,0xe49b69c1) | |
+ F(w1 ,0xefbe4786) | |
+ F(w2 ,0x0fc19dc6) | |
+ F(w3 ,0x240ca1cc) | |
+ F(w4 ,0x2de92c6f) | |
+ F(w5 ,0x4a7484aa) | |
+ F(w6 ,0x5cb0a9dc) | |
+ F(w7 ,0x76f988da) | |
+ F(w8 ,0x983e5152) | |
+ F(w9 ,0xa831c66d) | |
+ F(w10,0xb00327c8) | |
+ F(w11,0xbf597fc7) | |
+ F(w12,0xc6e00bf3) | |
+ F(w13,0xd5a79147) | |
+ F(w14,0x06ca6351) | |
+ F(w15,0x14292967) | |
+ | |
+ EXPAND | |
+ | |
+ F(w0 ,0x27b70a85) | |
+ F(w1 ,0x2e1b2138) | |
+ F(w2 ,0x4d2c6dfc) | |
+ F(w3 ,0x53380d13) | |
+ F(w4 ,0x650a7354) | |
+ F(w5 ,0x766a0abb) | |
+ F(w6 ,0x81c2c92e) | |
+ F(w7 ,0x92722c85) | |
+ F(w8 ,0xa2bfe8a1) | |
+ F(w9 ,0xa81a664b) | |
+ F(w10,0xc24b8b70) | |
+ F(w11,0xc76c51a3) | |
+ F(w12,0xd192e819) | |
+ F(w13,0xd6990624) | |
+ F(w14,0xf40e3585) | |
+ F(w15,0x106aa070) | |
+ | |
+ EXPAND | |
+ | |
+ F(w0 ,0x19a4c116) | |
+ F(w1 ,0x1e376c08) | |
+ F(w2 ,0x2748774c) | |
+ F(w3 ,0x34b0bcb5) | |
+ F(w4 ,0x391c0cb3) | |
+ F(w5 ,0x4ed8aa4a) | |
+ F(w6 ,0x5b9cca4f) | |
+ F(w7 ,0x682e6ff3) | |
+ F(w8 ,0x748f82ee) | |
+ F(w9 ,0x78a5636f) | |
+ F(w10,0x84c87814) | |
+ F(w11,0x8cc70208) | |
+ F(w12,0x90befffa) | |
+ F(w13,0xa4506ceb) | |
+ F(w14,0xbef9a3f7) | |
+ F(w15,0xc67178f2) | |
+ | |
+ a += state[0]; | |
+ b += state[1]; | |
+ c += state[2]; | |
+ d += state[3]; | |
+ e += state[4]; | |
+ f += state[5]; | |
+ g += state[6]; | |
+ h += state[7]; | |
+ | |
+ state[0] = a; | |
+ state[1] = b; | |
+ state[2] = c; | |
+ state[3] = d; | |
+ state[4] = e; | |
+ state[5] = f; | |
+ state[6] = g; | |
+ state[7] = h; | |
+ | |
+ in += 64; | |
+ inlen -= 64; | |
+ } | |
+ | |
+ store_bigendian(statebytes + 0,state[0]); | |
+ store_bigendian(statebytes + 4,state[1]); | |
+ store_bigendian(statebytes + 8,state[2]); | |
+ store_bigendian(statebytes + 12,state[3]); | |
+ store_bigendian(statebytes + 16,state[4]); | |
+ store_bigendian(statebytes + 20,state[5]); | |
+ store_bigendian(statebytes + 24,state[6]); | |
+ store_bigendian(statebytes + 28,state[7]); | |
+ | |
+ return 0; | |
+} | |
diff --git a/security/manager/ssl/src/crypto_onetimeauth.h b/security/manager/ssl/src/crypto_onetimeauth.h | |
new file mode 100644 | |
index 0000000..450e122 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_onetimeauth.h | |
@@ -0,0 +1,14 @@ | |
+#ifndef crypto_onetimeauth_H | |
+#define crypto_onetimeauth_H | |
+ | |
+#include "crypto_onetimeauth_poly1305.h" | |
+ | |
+#define crypto_onetimeauth crypto_onetimeauth_poly1305 | |
+#define crypto_onetimeauth_verify crypto_onetimeauth_poly1305_verify | |
+#define crypto_onetimeauth_BYTES crypto_onetimeauth_poly1305_BYTES | |
+#define crypto_onetimeauth_KEYBYTES crypto_onetimeauth_poly1305_KEYBYTES | |
+#define crypto_onetimeauth_PRIMITIVE "poly1305" | |
+#define crypto_onetimeauth_IMPLEMENTATION crypto_onetimeauth_poly1305_IMPLEMENTATION | |
+#define crypto_onetimeauth_VERSION crypto_onetimeauth_poly1305_VERSION | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_onetimeauth_poly1305.h b/security/manager/ssl/src/crypto_onetimeauth_poly1305.h | |
new file mode 100644 | |
index 0000000..6dbc086 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_onetimeauth_poly1305.h | |
@@ -0,0 +1,11 @@ | |
+#ifndef crypto_onetimeauth_poly1305_H | |
+#define crypto_onetimeauth_poly1305_H | |
+ | |
+#define crypto_onetimeauth_poly1305_BYTES 16 | |
+#define crypto_onetimeauth_poly1305_KEYBYTES 32 | |
+extern int crypto_onetimeauth_poly1305(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); | |
+extern int crypto_onetimeauth_poly1305_verify(const unsigned char *,const unsigned char *,unsigned long long,const unsigned char *); | |
+#define crypto_onetimeauth_poly1305_IMPLEMENTATION "crypto_onetimeauth/poly1305/ref" | |
+#define crypto_onetimeauth_poly1305_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_onetimeauth_poly1305_auth.c b/security/manager/ssl/src/crypto_onetimeauth_poly1305_auth.c | |
new file mode 100644 | |
index 0000000..055fc06 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_onetimeauth_poly1305_auth.c | |
@@ -0,0 +1,104 @@ | |
+/* | |
+20080912 | |
+D. J. Bernstein | |
+Public domain. | |
+*/ | |
+ | |
+#include "crypto_onetimeauth_poly1305.h" | |
+ | |
+static void add(unsigned int h[17],const unsigned int c[17]) | |
+{ | |
+ unsigned int j; | |
+ unsigned int u; | |
+ u = 0; | |
+ for (j = 0;j < 17;++j) { u += h[j] + c[j]; h[j] = u & 255; u >>= 8; } | |
+} | |
+ | |
+static void squeeze(unsigned int h[17]) | |
+{ | |
+ unsigned int j; | |
+ unsigned int u; | |
+ u = 0; | |
+ for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; } | |
+ u += h[16]; h[16] = u & 3; | |
+ u = 5 * (u >> 2); | |
+ for (j = 0;j < 16;++j) { u += h[j]; h[j] = u & 255; u >>= 8; } | |
+ u += h[16]; h[16] = u; | |
+} | |
+ | |
+static const unsigned int minusp[17] = { | |
+ 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 252 | |
+} ; | |
+ | |
+static void freeze(unsigned int h[17]) | |
+{ | |
+ unsigned int horig[17]; | |
+ unsigned int j; | |
+ unsigned int negative; | |
+ for (j = 0;j < 17;++j) horig[j] = h[j]; | |
+ add(h,minusp); | |
+ negative = -(h[16] >> 7); | |
+ for (j = 0;j < 17;++j) h[j] ^= negative & (horig[j] ^ h[j]); | |
+} | |
+ | |
+static void mulmod(unsigned int h[17],const unsigned int r[17]) | |
+{ | |
+ unsigned int hr[17]; | |
+ unsigned int i; | |
+ unsigned int j; | |
+ unsigned int u; | |
+ | |
+ for (i = 0;i < 17;++i) { | |
+ u = 0; | |
+ for (j = 0;j <= i;++j) u += h[j] * r[i - j]; | |
+ for (j = i + 1;j < 17;++j) u += 320 * h[j] * r[i + 17 - j]; | |
+ hr[i] = u; | |
+ } | |
+ for (i = 0;i < 17;++i) h[i] = hr[i]; | |
+ squeeze(h); | |
+} | |
+ | |
+int crypto_onetimeauth_poly1305(unsigned char *out,const unsigned char *in,unsigned long long inlen,const unsigned char *k) | |
+{ | |
+ unsigned int j; | |
+ unsigned int r[17]; | |
+ unsigned int h[17]; | |
+ unsigned int c[17]; | |
+ | |
+ r[0] = k[0]; | |
+ r[1] = k[1]; | |
+ r[2] = k[2]; | |
+ r[3] = k[3] & 15; | |
+ r[4] = k[4] & 252; | |
+ r[5] = k[5]; | |
+ r[6] = k[6]; | |
+ r[7] = k[7] & 15; | |
+ r[8] = k[8] & 252; | |
+ r[9] = k[9]; | |
+ r[10] = k[10]; | |
+ r[11] = k[11] & 15; | |
+ r[12] = k[12] & 252; | |
+ r[13] = k[13]; | |
+ r[14] = k[14]; | |
+ r[15] = k[15] & 15; | |
+ r[16] = 0; | |
+ | |
+ for (j = 0;j < 17;++j) h[j] = 0; | |
+ | |
+ while (inlen > 0) { | |
+ for (j = 0;j < 17;++j) c[j] = 0; | |
+ for (j = 0;(j < 16) && (j < inlen);++j) c[j] = in[j]; | |
+ c[j] = 1; | |
+ in += j; inlen -= j; | |
+ add(h,c); | |
+ mulmod(h,r); | |
+ } | |
+ | |
+ freeze(h); | |
+ | |
+ for (j = 0;j < 16;++j) c[j] = k[j + 16]; | |
+ c[16] = 0; | |
+ add(h,c); | |
+ for (j = 0;j < 16;++j) out[j] = h[j]; | |
+ return 0; | |
+} | |
diff --git a/security/manager/ssl/src/crypto_onetimeauth_poly1305_verify.c b/security/manager/ssl/src/crypto_onetimeauth_poly1305_verify.c | |
new file mode 100644 | |
index 0000000..7deb71d | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_onetimeauth_poly1305_verify.c | |
@@ -0,0 +1,9 @@ | |
+#include "crypto_verify_16.h" | |
+#include "crypto_onetimeauth_poly1305.h" | |
+ | |
+int crypto_onetimeauth_poly1305_verify(const unsigned char *h,const unsigned char *in,unsigned long long inlen,const unsigned char *k) | |
+{ | |
+ unsigned char correct[16]; | |
+ crypto_onetimeauth_poly1305(correct,in,inlen,k); | |
+ return crypto_verify_16(h,correct); | |
+} | |
diff --git a/security/manager/ssl/src/crypto_scalarmult_curve25519.h b/security/manager/ssl/src/crypto_scalarmult_curve25519.h | |
new file mode 100644 | |
index 0000000..cb03adf | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_scalarmult_curve25519.h | |
@@ -0,0 +1,11 @@ | |
+#ifndef crypto_scalarmult_curve25519_H | |
+#define crypto_scalarmult_curve25519_H | |
+ | |
+#define crypto_scalarmult_curve25519_BYTES 32 | |
+#define crypto_scalarmult_curve25519_SCALARBYTES 32 | |
+extern int crypto_scalarmult_curve25519(unsigned char *,const unsigned char *,const unsigned char *); | |
+extern int crypto_scalarmult_curve25519_base(unsigned char *,const unsigned char *); | |
+#define crypto_scalarmult_curve25519_IMPLEMENTATION "crypto_scalarmult/curve25519/ref" | |
+#define crypto_scalarmult_curve25519_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_scalarmult_curve25519_base.c b/security/manager/ssl/src/crypto_scalarmult_curve25519_base.c | |
new file mode 100644 | |
index 0000000..a613b9b3 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_scalarmult_curve25519_base.c | |
@@ -0,0 +1,16 @@ | |
+/* | |
+version 20081011 | |
+Matthew Dempsky | |
+Public domain. | |
+Derived from public domain code by D. J. Bernstein. | |
+*/ | |
+ | |
+#include "crypto_scalarmult_curve25519.h" | |
+ | |
+const unsigned char base[32] = {9}; | |
+ | |
+int crypto_scalarmult_curve25519_base(unsigned char *q, | |
+ const unsigned char *n) | |
+{ | |
+ return crypto_scalarmult_curve25519(q,n,base); | |
+} | |
diff --git a/security/manager/ssl/src/crypto_scalarmult_curve25519_smult.c b/security/manager/ssl/src/crypto_scalarmult_curve25519_smult.c | |
new file mode 100644 | |
index 0000000..01533ae | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_scalarmult_curve25519_smult.c | |
@@ -0,0 +1,265 @@ | |
+/* | |
+version 20081011 | |
+Matthew Dempsky | |
+Public domain. | |
+Derived from public domain code by D. J. Bernstein. | |
+*/ | |
+ | |
+#include "crypto_scalarmult_curve25519.h" | |
+ | |
+static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) | |
+{ | |
+ unsigned int j; | |
+ unsigned int u; | |
+ u = 0; | |
+ for (j = 0;j < 31;++j) { u += a[j] + b[j]; out[j] = u & 255; u >>= 8; } | |
+ u += a[31] + b[31]; out[31] = u; | |
+} | |
+ | |
+static void sub(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) | |
+{ | |
+ unsigned int j; | |
+ unsigned int u; | |
+ u = 218; | |
+ for (j = 0;j < 31;++j) { | |
+ u += a[j] + 65280 - b[j]; | |
+ out[j] = u & 255; | |
+ u >>= 8; | |
+ } | |
+ u += a[31] - b[31]; | |
+ out[31] = u; | |
+} | |
+ | |
+static void squeeze(unsigned int a[32]) | |
+{ | |
+ unsigned int j; | |
+ unsigned int u; | |
+ u = 0; | |
+ for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; } | |
+ u += a[31]; a[31] = u & 127; | |
+ u = 19 * (u >> 7); | |
+ for (j = 0;j < 31;++j) { u += a[j]; a[j] = u & 255; u >>= 8; } | |
+ u += a[31]; a[31] = u; | |
+} | |
+ | |
+static const unsigned int minusp[32] = { | |
+ 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 128 | |
+} ; | |
+ | |
+static void freeze(unsigned int a[32]) | |
+{ | |
+ unsigned int aorig[32]; | |
+ unsigned int j; | |
+ unsigned int negative; | |
+ | |
+ for (j = 0;j < 32;++j) aorig[j] = a[j]; | |
+ add(a,a,minusp); | |
+ negative = -((a[31] >> 7) & 1); | |
+ for (j = 0;j < 32;++j) a[j] ^= negative & (aorig[j] ^ a[j]); | |
+} | |
+ | |
+static void mult(unsigned int out[32],const unsigned int a[32],const unsigned int b[32]) | |
+{ | |
+ unsigned int i; | |
+ unsigned int j; | |
+ unsigned int u; | |
+ | |
+ for (i = 0;i < 32;++i) { | |
+ u = 0; | |
+ for (j = 0;j <= i;++j) u += a[j] * b[i - j]; | |
+ for (j = i + 1;j < 32;++j) u += 38 * a[j] * b[i + 32 - j]; | |
+ out[i] = u; | |
+ } | |
+ squeeze(out); | |
+} | |
+ | |
+static void mult121665(unsigned int out[32],const unsigned int a[32]) | |
+{ | |
+ unsigned int j; | |
+ unsigned int u; | |
+ | |
+ u = 0; | |
+ for (j = 0;j < 31;++j) { u += 121665 * a[j]; out[j] = u & 255; u >>= 8; } | |
+ u += 121665 * a[31]; out[31] = u & 127; | |
+ u = 19 * (u >> 7); | |
+ for (j = 0;j < 31;++j) { u += out[j]; out[j] = u & 255; u >>= 8; } | |
+ u += out[j]; out[j] = u; | |
+} | |
+ | |
+static void square(unsigned int out[32],const unsigned int a[32]) | |
+{ | |
+ unsigned int i; | |
+ unsigned int j; | |
+ unsigned int u; | |
+ | |
+ for (i = 0;i < 32;++i) { | |
+ u = 0; | |
+ for (j = 0;j < i - j;++j) u += a[j] * a[i - j]; | |
+ for (j = i + 1;j < i + 32 - j;++j) u += 38 * a[j] * a[i + 32 - j]; | |
+ u *= 2; | |
+ if ((i & 1) == 0) { | |
+ u += a[i / 2] * a[i / 2]; | |
+ u += 38 * a[i / 2 + 16] * a[i / 2 + 16]; | |
+ } | |
+ out[i] = u; | |
+ } | |
+ squeeze(out); | |
+} | |
+ | |
+static void select(unsigned int p[64],unsigned int q[64],const unsigned int r[64],const unsigned int s[64],unsigned int b) | |
+{ | |
+ unsigned int j; | |
+ unsigned int t; | |
+ unsigned int bminus1; | |
+ | |
+ bminus1 = b - 1; | |
+ for (j = 0;j < 64;++j) { | |
+ t = bminus1 & (r[j] ^ s[j]); | |
+ p[j] = s[j] ^ t; | |
+ q[j] = r[j] ^ t; | |
+ } | |
+} | |
+ | |
+static void mainloop(unsigned int work[64],const unsigned char e[32]) | |
+{ | |
+ unsigned int xzm1[64]; | |
+ unsigned int xzm[64]; | |
+ unsigned int xzmb[64]; | |
+ unsigned int xzm1b[64]; | |
+ unsigned int xznb[64]; | |
+ unsigned int xzn1b[64]; | |
+ unsigned int a0[64]; | |
+ unsigned int a1[64]; | |
+ unsigned int b0[64]; | |
+ unsigned int b1[64]; | |
+ unsigned int c1[64]; | |
+ unsigned int r[32]; | |
+ unsigned int s[32]; | |
+ unsigned int t[32]; | |
+ unsigned int u[32]; | |
+ unsigned int i; | |
+ unsigned int j; | |
+ unsigned int b; | |
+ int pos; | |
+ | |
+ for (j = 0;j < 32;++j) xzm1[j] = work[j]; | |
+ xzm1[32] = 1; | |
+ for (j = 33;j < 64;++j) xzm1[j] = 0; | |
+ | |
+ xzm[0] = 1; | |
+ for (j = 1;j < 64;++j) xzm[j] = 0; | |
+ | |
+ for (pos = 254;pos >= 0;--pos) { | |
+ b = e[pos / 8] >> (pos & 7); | |
+ b &= 1; | |
+ select(xzmb,xzm1b,xzm,xzm1,b); | |
+ add(a0,xzmb,xzmb + 32); | |
+ sub(a0 + 32,xzmb,xzmb + 32); | |
+ add(a1,xzm1b,xzm1b + 32); | |
+ sub(a1 + 32,xzm1b,xzm1b + 32); | |
+ square(b0,a0); | |
+ square(b0 + 32,a0 + 32); | |
+ mult(b1,a1,a0 + 32); | |
+ mult(b1 + 32,a1 + 32,a0); | |
+ add(c1,b1,b1 + 32); | |
+ sub(c1 + 32,b1,b1 + 32); | |
+ square(r,c1 + 32); | |
+ sub(s,b0,b0 + 32); | |
+ mult121665(t,s); | |
+ add(u,t,b0); | |
+ mult(xznb,b0,b0 + 32); | |
+ mult(xznb + 32,s,u); | |
+ square(xzn1b,c1); | |
+ mult(xzn1b + 32,r,work); | |
+ select(xzm,xzm1,xznb,xzn1b,b); | |
+ } | |
+ | |
+ for (j = 0;j < 64;++j) work[j] = xzm[j]; | |
+} | |
+ | |
+static void recip(unsigned int out[32],const unsigned int z[32]) | |
+{ | |
+ unsigned int z2[32]; | |
+ unsigned int z9[32]; | |
+ unsigned int z11[32]; | |
+ unsigned int z2_5_0[32]; | |
+ unsigned int z2_10_0[32]; | |
+ unsigned int z2_20_0[32]; | |
+ unsigned int z2_50_0[32]; | |
+ unsigned int z2_100_0[32]; | |
+ unsigned int t0[32]; | |
+ unsigned int t1[32]; | |
+ int i; | |
+ | |
+ /* 2 */ square(z2,z); | |
+ /* 4 */ square(t1,z2); | |
+ /* 8 */ square(t0,t1); | |
+ /* 9 */ mult(z9,t0,z); | |
+ /* 11 */ mult(z11,z9,z2); | |
+ /* 22 */ square(t0,z11); | |
+ /* 2^5 - 2^0 = 31 */ mult(z2_5_0,t0,z9); | |
+ | |
+ /* 2^6 - 2^1 */ square(t0,z2_5_0); | |
+ /* 2^7 - 2^2 */ square(t1,t0); | |
+ /* 2^8 - 2^3 */ square(t0,t1); | |
+ /* 2^9 - 2^4 */ square(t1,t0); | |
+ /* 2^10 - 2^5 */ square(t0,t1); | |
+ /* 2^10 - 2^0 */ mult(z2_10_0,t0,z2_5_0); | |
+ | |
+ /* 2^11 - 2^1 */ square(t0,z2_10_0); | |
+ /* 2^12 - 2^2 */ square(t1,t0); | |
+ /* 2^20 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t0,t1); square(t1,t0); } | |
+ /* 2^20 - 2^0 */ mult(z2_20_0,t1,z2_10_0); | |
+ | |
+ /* 2^21 - 2^1 */ square(t0,z2_20_0); | |
+ /* 2^22 - 2^2 */ square(t1,t0); | |
+ /* 2^40 - 2^20 */ for (i = 2;i < 20;i += 2) { square(t0,t1); square(t1,t0); } | |
+ /* 2^40 - 2^0 */ mult(t0,t1,z2_20_0); | |
+ | |
+ /* 2^41 - 2^1 */ square(t1,t0); | |
+ /* 2^42 - 2^2 */ square(t0,t1); | |
+ /* 2^50 - 2^10 */ for (i = 2;i < 10;i += 2) { square(t1,t0); square(t0,t1); } | |
+ /* 2^50 - 2^0 */ mult(z2_50_0,t0,z2_10_0); | |
+ | |
+ /* 2^51 - 2^1 */ square(t0,z2_50_0); | |
+ /* 2^52 - 2^2 */ square(t1,t0); | |
+ /* 2^100 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); } | |
+ /* 2^100 - 2^0 */ mult(z2_100_0,t1,z2_50_0); | |
+ | |
+ /* 2^101 - 2^1 */ square(t1,z2_100_0); | |
+ /* 2^102 - 2^2 */ square(t0,t1); | |
+ /* 2^200 - 2^100 */ for (i = 2;i < 100;i += 2) { square(t1,t0); square(t0,t1); } | |
+ /* 2^200 - 2^0 */ mult(t1,t0,z2_100_0); | |
+ | |
+ /* 2^201 - 2^1 */ square(t0,t1); | |
+ /* 2^202 - 2^2 */ square(t1,t0); | |
+ /* 2^250 - 2^50 */ for (i = 2;i < 50;i += 2) { square(t0,t1); square(t1,t0); } | |
+ /* 2^250 - 2^0 */ mult(t0,t1,z2_50_0); | |
+ | |
+ /* 2^251 - 2^1 */ square(t1,t0); | |
+ /* 2^252 - 2^2 */ square(t0,t1); | |
+ /* 2^253 - 2^3 */ square(t1,t0); | |
+ /* 2^254 - 2^4 */ square(t0,t1); | |
+ /* 2^255 - 2^5 */ square(t1,t0); | |
+ /* 2^255 - 21 */ mult(out,t1,z11); | |
+} | |
+ | |
+int crypto_scalarmult_curve25519(unsigned char *q, | |
+ const unsigned char *n, | |
+ const unsigned char *p) | |
+{ | |
+ unsigned int work[96]; | |
+ unsigned char e[32]; | |
+ unsigned int i; | |
+ for (i = 0;i < 32;++i) e[i] = n[i]; | |
+ e[0] &= 248; | |
+ e[31] &= 127; | |
+ e[31] |= 64; | |
+ for (i = 0;i < 32;++i) work[i] = p[i]; | |
+ mainloop(work,e); | |
+ recip(work + 32,work + 32); | |
+ mult(work + 64,work,work + 32); | |
+ freeze(work + 64); | |
+ for (i = 0;i < 32;++i) q[i] = work[64 + i]; | |
+ return 0; | |
+} | |
diff --git a/security/manager/ssl/src/crypto_secretbox.h b/security/manager/ssl/src/crypto_secretbox.h | |
new file mode 100644 | |
index 0000000..7409dd0 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_secretbox.h | |
@@ -0,0 +1,16 @@ | |
+#ifndef crypto_secretbox_H | |
+#define crypto_secretbox_H | |
+ | |
+#include "crypto_secretbox_xsalsa20poly1305.h" | |
+ | |
+#define crypto_secretbox crypto_secretbox_xsalsa20poly1305 | |
+#define crypto_secretbox_open crypto_secretbox_xsalsa20poly1305_open | |
+#define crypto_secretbox_KEYBYTES crypto_secretbox_xsalsa20poly1305_KEYBYTES | |
+#define crypto_secretbox_NONCEBYTES crypto_secretbox_xsalsa20poly1305_NONCEBYTES | |
+#define crypto_secretbox_ZEROBYTES crypto_secretbox_xsalsa20poly1305_ZEROBYTES | |
+#define crypto_secretbox_BOXZEROBYTES crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES | |
+#define crypto_secretbox_PRIMITIVE "xsalsa20poly1305" | |
+#define crypto_secretbox_IMPLEMENTATION crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION | |
+#define crypto_secretbox_VERSION crypto_secretbox_xsalsa20poly1305_VERSION | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305.h b/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305.h | |
new file mode 100644 | |
index 0000000..58471fe | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305.h | |
@@ -0,0 +1,13 @@ | |
+#ifndef crypto_secretbox_xsalsa20poly1305_H | |
+#define crypto_secretbox_xsalsa20poly1305_H | |
+ | |
+#define crypto_secretbox_xsalsa20poly1305_KEYBYTES 32 | |
+#define crypto_secretbox_xsalsa20poly1305_NONCEBYTES 24 | |
+#define crypto_secretbox_xsalsa20poly1305_ZEROBYTES 32 | |
+#define crypto_secretbox_xsalsa20poly1305_BOXZEROBYTES 16 | |
+extern int crypto_secretbox_xsalsa20poly1305(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+extern int crypto_secretbox_xsalsa20poly1305_open(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+#define crypto_secretbox_xsalsa20poly1305_IMPLEMENTATION "crypto_secretbox/xsalsa20poly1305/ref" | |
+#define crypto_secretbox_xsalsa20poly1305_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305_box.c b/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305_box.c | |
new file mode 100644 | |
index 0000000..b65cb8f | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_secretbox_xsalsa20poly1305_box.c | |
@@ -0,0 +1,35 @@ | |
+#include "crypto_onetimeauth_poly1305.h" | |
+#include "crypto_stream_xsalsa20.h" | |
+#include "crypto_secretbox_xsalsa20poly1305.h" | |
+ | |
+int crypto_secretbox_xsalsa20poly1305( | |
+ unsigned char *c, | |
+ const unsigned char *m,unsigned long long mlen, | |
+ const unsigned char *n, | |
+ const unsigned char *k | |
+) | |
+{ | |
+ int i; | |
+ if (mlen < 32) return -1; | |
+ crypto_stream_xsalsa20_xor(c,m,mlen,n,k); | |
+ crypto_onetimeauth_poly1305(c + 16,c + 32,mlen - 32,c); | |
+ for (i = 0;i < 16;++i) c[i] = 0; | |
+ return 0; | |
+} | |
+ | |
+int crypto_secretbox_xsalsa20poly1305_open( | |
+ unsigned char *m, | |
+ const unsigned char *c,unsigned long long clen, | |
+ const unsigned char *n, | |
+ const unsigned char *k | |
+) | |
+{ | |
+ int i; | |
+ unsigned char subkey[32]; | |
+ if (clen < 32) return -1; | |
+ crypto_stream_xsalsa20(subkey,32,n,k); | |
+ if (crypto_onetimeauth_poly1305_verify(c + 16,c + 32,clen - 32,subkey) != 0) return -1; | |
+ crypto_stream_xsalsa20_xor(m,c,clen,n,k); | |
+ for (i = 0;i < 32;++i) m[i] = 0; | |
+ return 0; | |
+} | |
diff --git a/security/manager/ssl/src/crypto_stream.h b/security/manager/ssl/src/crypto_stream.h | |
new file mode 100644 | |
index 0000000..02d2409 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_stream.h | |
@@ -0,0 +1,18 @@ | |
+#ifndef crypto_stream_H | |
+#define crypto_stream_H | |
+ | |
+#include "crypto_stream_xsalsa20.h" | |
+ | |
+#define crypto_stream crypto_stream_xsalsa20 | |
+#define crypto_stream_xor crypto_stream_xsalsa20_xor | |
+#define crypto_stream_beforenm crypto_stream_xsalsa20_beforenm | |
+#define crypto_stream_afternm crypto_stream_xsalsa20_afternm | |
+#define crypto_stream_xor_afternm crypto_stream_xsalsa20_xor_afternm | |
+#define crypto_stream_KEYBYTES crypto_stream_xsalsa20_KEYBYTES | |
+#define crypto_stream_NONCEBYTES crypto_stream_xsalsa20_NONCEBYTES | |
+#define crypto_stream_BEFORENMBYTES crypto_stream_xsalsa20_BEFORENMBYTES | |
+#define crypto_stream_PRIMITIVE "xsalsa20" | |
+#define crypto_stream_IMPLEMENTATION crypto_stream_xsalsa20_IMPLEMENTATION | |
+#define crypto_stream_VERSION crypto_stream_xsalsa20_VERSION | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_stream_salsa20.h b/security/manager/ssl/src/crypto_stream_salsa20.h | |
new file mode 100644 | |
index 0000000..6242ec1 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_stream_salsa20.h | |
@@ -0,0 +1,14 @@ | |
+#ifndef crypto_stream_salsa20_H | |
+#define crypto_stream_salsa20_H | |
+ | |
+#define crypto_stream_salsa20_KEYBYTES 32 | |
+#define crypto_stream_salsa20_NONCEBYTES 8 | |
+extern int crypto_stream_salsa20(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+extern int crypto_stream_salsa20_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+extern int crypto_stream_salsa20_beforenm(unsigned char *,const unsigned char *); | |
+extern int crypto_stream_salsa20_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+extern int crypto_stream_salsa20_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+#define crypto_stream_salsa20_IMPLEMENTATION "crypto_stream/salsa20/ref" | |
+#define crypto_stream_salsa20_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_stream_salsa20_stream.c b/security/manager/ssl/src/crypto_stream_salsa20_stream.c | |
new file mode 100644 | |
index 0000000..26417d0 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_stream_salsa20_stream.c | |
@@ -0,0 +1,49 @@ | |
+/* | |
+version 20080913 | |
+D. J. Bernstein | |
+Public domain. | |
+*/ | |
+ | |
+#include "crypto_core_salsa20.h" | |
+#include "crypto_stream_salsa20.h" | |
+ | |
+typedef unsigned int uint32; | |
+ | |
+static const unsigned char sigma[16] = "expand 32-byte k"; | |
+ | |
+int crypto_stream_salsa20( | |
+ unsigned char *c,unsigned long long clen, | |
+ const unsigned char *n, | |
+ const unsigned char *k | |
+) | |
+{ | |
+ unsigned char in[16]; | |
+ unsigned char block[64]; | |
+ int i; | |
+ unsigned int u; | |
+ | |
+ if (!clen) return 0; | |
+ | |
+ for (i = 0;i < 8;++i) in[i] = n[i]; | |
+ for (i = 8;i < 16;++i) in[i] = 0; | |
+ | |
+ while (clen >= 64) { | |
+ crypto_core_salsa20(c,in,k,sigma); | |
+ | |
+ u = 1; | |
+ for (i = 8;i < 16;++i) { | |
+ u += (unsigned int) in[i]; | |
+ in[i] = u; | |
+ u >>= 8; | |
+ } | |
+ | |
+ clen -= 64; | |
+ c += 64; | |
+ } | |
+ | |
+ if (clen) { | |
+ crypto_core_salsa20(block,in,k,sigma); | |
+ for (i = 0;i < clen;++i) c[i] = block[i]; | |
+ } | |
+ return 0; | |
+} | |
diff --git a/security/manager/ssl/src/crypto_stream_salsa20_xor.c b/security/manager/ssl/src/crypto_stream_salsa20_xor.c | |
new file mode 100644 | |
index 0000000..620aab2 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_stream_salsa20_xor.c | |
@@ -0,0 +1,52 @@ | |
+/* | |
+version 20080913 | |
+D. J. Bernstein | |
+Public domain. | |
+*/ | |
+ | |
+#include "crypto_core_salsa20.h" | |
+#include "crypto_stream_salsa20.h" | |
+ | |
+typedef unsigned int uint32; | |
+ | |
+static const unsigned char sigma[16] = "expand 32-byte k"; | |
+ | |
+int crypto_stream_salsa20_xor( | |
+ unsigned char *c, | |
+ const unsigned char *m,unsigned long long mlen, | |
+ const unsigned char *n, | |
+ const unsigned char *k | |
+) | |
+{ | |
+ unsigned char in[16]; | |
+ unsigned char block[64]; | |
+ int i; | |
+ unsigned int u; | |
+ | |
+ if (!mlen) return 0; | |
+ | |
+ for (i = 0;i < 8;++i) in[i] = n[i]; | |
+ for (i = 8;i < 16;++i) in[i] = 0; | |
+ | |
+ while (mlen >= 64) { | |
+ crypto_core_salsa20(block,in,k,sigma); | |
+ for (i = 0;i < 64;++i) c[i] = m[i] ^ block[i]; | |
+ | |
+ u = 1; | |
+ for (i = 8;i < 16;++i) { | |
+ u += (unsigned int) in[i]; | |
+ in[i] = u; | |
+ u >>= 8; | |
+ } | |
+ | |
+ mlen -= 64; | |
+ c += 64; | |
+ m += 64; | |
+ } | |
+ | |
+ if (mlen) { | |
+ crypto_core_salsa20(block,in,k,sigma); | |
+ for (i = 0;i < mlen;++i) c[i] = m[i] ^ block[i]; | |
+ } | |
+ return 0; | |
+} | |
diff --git a/security/manager/ssl/src/crypto_stream_xsalsa20.h b/security/manager/ssl/src/crypto_stream_xsalsa20.h | |
new file mode 100644 | |
index 0000000..5e9c3c6 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_stream_xsalsa20.h | |
@@ -0,0 +1,14 @@ | |
+#ifndef crypto_stream_xsalsa20_H | |
+#define crypto_stream_xsalsa20_H | |
+ | |
+#define crypto_stream_xsalsa20_KEYBYTES 32 | |
+#define crypto_stream_xsalsa20_NONCEBYTES 24 | |
+extern int crypto_stream_xsalsa20(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+extern int crypto_stream_xsalsa20_xor(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+extern int crypto_stream_xsalsa20_beforenm(unsigned char *,const unsigned char *); | |
+extern int crypto_stream_xsalsa20_afternm(unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+extern int crypto_stream_xsalsa20_xor_afternm(unsigned char *,const unsigned char *,unsigned long long,const unsigned char *,const unsigned char *); | |
+#define crypto_stream_xsalsa20_IMPLEMENTATION "crypto_stream/xsalsa20/ref" | |
+#define crypto_stream_xsalsa20_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_stream_xsalsa20_stream.c b/security/manager/ssl/src/crypto_stream_xsalsa20_stream.c | |
new file mode 100644 | |
index 0000000..f1180d4 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_stream_xsalsa20_stream.c | |
@@ -0,0 +1,22 @@ | |
+/* | |
+version 20080914 | |
+D. J. Bernstein | |
+Public domain. | |
+*/ | |
+ | |
+#include "crypto_core_hsalsa20.h" | |
+#include "crypto_stream_salsa20.h" | |
+#include "crypto_stream_xsalsa20.h" | |
+ | |
+static const unsigned char sigma[16] = "expand 32-byte k"; | |
+ | |
+int crypto_stream_xsalsa20( | |
+ unsigned char *c,unsigned long long clen, | |
+ const unsigned char *n, | |
+ const unsigned char *k | |
+) | |
+{ | |
+ unsigned char subkey[32]; | |
+ crypto_core_hsalsa20(subkey,n,k,sigma); | |
+ return crypto_stream_salsa20(c,clen,n + 16,subkey); | |
+} | |
diff --git a/security/manager/ssl/src/crypto_stream_xsalsa20_xor.c b/security/manager/ssl/src/crypto_stream_xsalsa20_xor.c | |
new file mode 100644 | |
index 0000000..319ba3c | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_stream_xsalsa20_xor.c | |
@@ -0,0 +1,23 @@ | |
+/* | |
+version 20080913 | |
+D. J. Bernstein | |
+Public domain. | |
+*/ | |
+ | |
+#include "crypto_core_hsalsa20.h" | |
+#include "crypto_stream_salsa20.h" | |
+#include "crypto_stream_xsalsa20.h" | |
+ | |
+static const unsigned char sigma[16] = "expand 32-byte k"; | |
+ | |
+int crypto_stream_xsalsa20_xor( | |
+ unsigned char *c, | |
+ const unsigned char *m,unsigned long long mlen, | |
+ const unsigned char *n, | |
+ const unsigned char *k | |
+) | |
+{ | |
+ unsigned char subkey[32]; | |
+ crypto_core_hsalsa20(subkey,n,k,sigma); | |
+ return crypto_stream_salsa20_xor(c,m,mlen,n + 16,subkey); | |
+} | |
diff --git a/security/manager/ssl/src/crypto_uint32.h b/security/manager/ssl/src/crypto_uint32.h | |
new file mode 100644 | |
index 0000000..e756f50 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_uint32.h | |
@@ -0,0 +1,5 @@ | |
+#ifndef crypto_uint32_H | |
+#define crypto_uint32_H | |
+ | |
+typedef unsigned int crypto_uint32; | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_uint64.h b/security/manager/ssl/src/crypto_uint64.h | |
new file mode 100644 | |
index 0000000..661153f | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_uint64.h | |
@@ -0,0 +1,5 @@ | |
+#ifndef crypto_uint64_H | |
+#define crypto_uint64_H | |
+ | |
+typedef unsigned int crypto_uint64; | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_verify_16.h b/security/manager/ssl/src/crypto_verify_16.h | |
new file mode 100644 | |
index 0000000..8b7364f | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_verify_16.h | |
@@ -0,0 +1,9 @@ | |
+#ifndef crypto_verify_16_H | |
+#define crypto_verify_16_H | |
+ | |
+#define crypto_verify_16_BYTES 16 | |
+extern int crypto_verify_16(const unsigned char *,const unsigned char *); | |
+#define crypto_verify_16_IMPLEMENTATION "crypto_verify/16/ref" | |
+#define crypto_verify_16_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/crypto_verify_16_verify.c b/security/manager/ssl/src/crypto_verify_16_verify.c | |
new file mode 100644 | |
index 0000000..d933e1b | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_verify_16_verify.c | |
@@ -0,0 +1,24 @@ | |
+#include "crypto_verify_16.h" | |
+ | |
+int crypto_verify_16(const unsigned char *x,const unsigned char *y) | |
+{ | |
+ unsigned int differentbits = 0; | |
+#define F(i) differentbits |= x[i] ^ y[i]; | |
+ F(0) | |
+ F(1) | |
+ F(2) | |
+ F(3) | |
+ F(4) | |
+ F(5) | |
+ F(6) | |
+ F(7) | |
+ F(8) | |
+ F(9) | |
+ F(10) | |
+ F(11) | |
+ F(12) | |
+ F(13) | |
+ F(14) | |
+ F(15) | |
+ return (1 & ((differentbits - 1) >> 8)) - 1; | |
+} | |
diff --git a/security/manager/ssl/src/crypto_verify_32.h b/security/manager/ssl/src/crypto_verify_32.h | |
new file mode 100644 | |
index 0000000..cbdd34b | |
--- /dev/null | |
+++ b/security/manager/ssl/src/crypto_verify_32.h | |
@@ -0,0 +1,9 @@ | |
+#ifndef crypto_verify_32_H | |
+#define crypto_verify_32_H | |
+ | |
+#define crypto_verify_32_BYTES 32 | |
+extern int crypto_verify_32(const unsigned char *,const unsigned char *); | |
+#define crypto_verify_32_IMPLEMENTATION "crypto_verify/32/ref" | |
+#define crypto_verify_32_VERSION "-" | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/nsNACL.cpp b/security/manager/ssl/src/nsNACL.cpp | |
new file mode 100644 | |
index 0000000..129deed | |
--- /dev/null | |
+++ b/security/manager/ssl/src/nsNACL.cpp | |
@@ -0,0 +1,355 @@ | |
+ | |
+#include "nsNACL.h" | |
+#include "nsMemory.h" | |
+#include "nsString.h" | |
+//#include "jsapi.h" | |
+#include "jsfriendapi.h" | |
+ | |
+//#include "nsStringGlue.h" | |
+#include "mozilla/Base64.h" | |
+ | |
+extern "C" { | |
+#include "crypto_hash_sha256.h" | |
+#include "crypto_box.h" | |
+} | |
+ | |
+NS_IMPL_ISUPPORTS1(nsNACL, nsINACL) | |
+ | |
+nsNACL::nsNACL() | |
+{ | |
+} | |
+ | |
+/* | |
+ nsCString tmpStr; | |
+ Base64urlEncode(data, len, tmpStr); | |
+*/ | |
+NS_IMETHODIMP | |
+nsNACL::GetVersion(char **_retval) | |
+{ | |
+ //nsAString version; | |
+ //_retval.AssignASCII("version-0"); | |
+ //_retval = NS_LITERAL_STRING("version-0"); | |
+ *_retval = (char *) nsMemory::Clone("version-0", 10); | |
+ return NS_OK; | |
+} | |
+ | |
+NS_IMETHODIMP | |
+nsNACL::GetVersion2(nsACString &_retval) | |
+{ | |
+ //nsAString version; | |
+ //_retval.AssignASCII("version-0"); | |
+ _retval.Assign(NS_LITERAL_CSTRING("version-0")); | |
+ //*version = (char *) nsMemory::Clone("version-0", 10); | |
+ return NS_OK; | |
+} | |
+ | |
+NS_IMETHODIMP | |
+nsNACL::GetVersion3(nsACString &_retval) | |
+{ | |
+ _retval.Assign(NS_LITERAL_CSTRING("version-0")); | |
+ return NS_OK; | |
+} | |
+ | |
+NS_IMETHODIMP | |
+nsNACL::Hello_world(const nsACString &world, nsACString &_retval) | |
+{ | |
+ //char *s; | |
+ /* | |
+ s = reinterpret_cast<char*>(moz_malloc(12)); | |
+ if (!s) | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ strcpy(s, "hello world", 12); | |
+ *_rval = s; | |
+ */ | |
+ | |
+ //_retval.Assign(NS_LITERAL_CSTRING("hello world")); | |
+ _retval.Assign(NS_LITERAL_CSTRING("hello")); | |
+ _retval.Append(world); | |
+ | |
+ //*_rval = (char *) nsMemory::Clone("hello world", 12); | |
+ // *_rval = nsnull; | |
+ //*_rval = "hello world";// MEMORY OWNERSHIP! | |
+ /* | |
+ JSObject *output = ArrayBufferObject::create(context(), 11, "hello world"); | |
+ // JS_NewUint8Array(cx, 11); | |
+ int i; | |
+ for (i=0; i<11; i++) | |
+ JS_GetElement(cx, output, | |
+ | |
+ // uint8_t* = JS_GetUint8ArrayData(jsobj, cx) | |
+ // JS_GetArrayBufferData(), JS_GetArrayBufferByteLength() | |
+ // Uint8Array::create(arraybuffer) | |
+ | |
+ */ | |
+ | |
+ return NS_OK; | |
+} | |
+ | |
+NS_IMETHODIMP | |
+nsNACL::Accept_array(const jsval& input, | |
+ JSContext* cx, jsval* _retval NS_OUTPARAM) | |
+{ | |
+ /* | |
+ * multiple "views" point into a "buffer" (ArrayBuffer). | |
+ * views are subclasses of ArrayBufferView | |
+ * views are also called "arrays" | |
+ * view subclasses have names like "Uint8Array" | |
+ * there's a special kind of view named "DataView" for pulling arbitrary | |
+ shapes from arbitrary offsets | |
+ */ | |
+ JSObject *msg = JSVAL_TO_OBJECT(input); | |
+ if (!JS_IsUint8Array(msg, cx)) | |
+ return NS_ERROR_FAILURE; | |
+ //uint8_t *indata = JS_GetUint8ArrayData(msg, cx); | |
+ uint8_t outdata[8] = {3,4,5,6,7,8,9,10}; | |
+ JSObject *array = JS_NewUint8Array(cx, 8); | |
+ if (!array) { | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ } | |
+ memcpy(JS_GetArrayBufferViewData(array, cx), outdata, 8); | |
+ //jsval v = INT_TO_JSVAL(indata[0]+40); | |
+ //JS_SetElement(cx, array, 0, &v); | |
+ // unsigned char*data = static_cast<unsigned char*>(JS_GetTypedArrayData(view)) | |
+ *_retval = OBJECT_TO_JSVAL(array); | |
+ return NS_OK; | |
+} | |
+ | |
+ | |
+NS_IMETHODIMP | |
+nsNACL::ArrayToB64(const jsval& array, | |
+ JSContext* cx, nsACString &_retval) | |
+{ | |
+ JSObject *array_obj = JSVAL_TO_OBJECT(array); | |
+ if (!JS_IsUint8Array(array_obj, cx)) | |
+ return NS_ERROR_FAILURE; | |
+ nsCString tmpStr; | |
+ size_t length = JS_GetTypedArrayLength(array_obj, cx); | |
+ tmpStr.SetLength(length); | |
+ if (tmpStr.Length() != length) | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ memcpy(tmpStr.BeginWriting(), JS_GetUint8ArrayData(array_obj, cx), length); | |
+ nsCString outStr; | |
+ nsresult rv = mozilla::Base64Encode(tmpStr, outStr); | |
+ if (NS_FAILED(rv)) { | |
+ return NS_ERROR_FAILURE; | |
+ } | |
+ _retval = outStr; | |
+ return NS_OK; | |
+} | |
+ | |
+NS_IMETHODIMP | |
+nsNACL::B64ToArray(const nsACString& aString, | |
+ JSContext* cx, jsval* _retval NS_OUTPARAM) | |
+{ | |
+ nsCString tmpStr; | |
+ nsresult rv = mozilla::Base64Decode(aString, tmpStr); | |
+ if (NS_FAILED(rv)) { | |
+ return NS_ERROR_FAILURE; | |
+ } | |
+ const char *start = tmpStr.BeginReading(); | |
+ const char *end = tmpStr.EndReading(); | |
+ JSObject *output = JS_NewUint8Array(cx, end - start); | |
+ uint8_t *target = JS_GetUint8ArrayData(output, cx); | |
+ memcpy(target, start, end-start); | |
+ *_retval = OBJECT_TO_JSVAL(output); | |
+ return NS_OK; | |
+} | |
+ | |
+NS_IMETHODIMP | |
+nsNACL::StringToArrayOfUTF8(const nsAString &aString, | |
+ JSContext* cx, jsval* _retval NS_OUTPARAM) | |
+{ | |
+ char *utf8 = ToNewUTF8String(aString); | |
+ if (!utf8) | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ size_t length = strlen(utf8); | |
+ JSObject *output = JS_NewUint8Array(cx, length); | |
+ if (!output) { | |
+ NS_Free(utf8); | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ } | |
+ uint8_t *target = JS_GetUint8ArrayData(output, cx); | |
+ memcpy(target, utf8, length); | |
+ NS_Free(utf8); | |
+ *_retval = OBJECT_TO_JSVAL(output); | |
+ return NS_OK; | |
+} | |
+ | |
+ | |
+NS_IMETHODIMP | |
+nsNACL::Hash_sha256(const jsval& msg_jsval, | |
+ JSContext* cx, jsval* _retval NS_OUTPARAM) | |
+{ | |
+ JSObject *msg_obj = JSVAL_TO_OBJECT(msg_jsval); | |
+ if (!JS_IsUint8Array(msg_obj, cx)) | |
+ return NS_ERROR_FAILURE; | |
+ uint8_t *msg_data = JS_GetUint8ArrayData(msg_obj, cx); | |
+ size_t msg_data_length = JS_GetTypedArrayLength(msg_obj, cx); | |
+ | |
+ JSObject *out_array = JS_NewUint8Array(cx, 32); | |
+ if (!out_array) | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ uint8_t *out_data = (uint8_t *)JS_GetArrayBufferViewData(out_array, cx); | |
+ | |
+ crypto_hash_sha256(out_data, msg_data, msg_data_length); | |
+ | |
+ *_retval = OBJECT_TO_JSVAL(out_array); | |
+ return NS_OK; | |
+} | |
+ | |
+NS_IMETHODIMP | |
+nsNACL::Box(const jsval& msg_jsval, | |
+ const jsval& nonce_jsval, | |
+ const jsval& pk_jsval, | |
+ const jsval& sk_jsval, | |
+ JSContext* cx, jsval* _retval NS_OUTPARAM) | |
+{ | |
+ JSObject *msg_obj = JSVAL_TO_OBJECT(msg_jsval); | |
+ if (!JS_IsUint8Array(msg_obj, cx)) | |
+ return NS_ERROR_FAILURE; | |
+ uint8_t *msg_data = JS_GetUint8ArrayData(msg_obj, cx); | |
+ size_t msg_data_length = JS_GetTypedArrayLength(msg_obj, cx); | |
+ | |
+ JSObject *nonce_obj = JSVAL_TO_OBJECT(nonce_jsval); | |
+ if (!JS_IsUint8Array(nonce_obj, cx)) | |
+ return NS_ERROR_FAILURE; | |
+ uint8_t *nonce_data = JS_GetUint8ArrayData(nonce_obj, cx); | |
+ if (JS_GetTypedArrayLength(nonce_obj, cx) != 24) | |
+ return NS_ERROR_FAILURE; | |
+ | |
+ JSObject *pk_obj = JSVAL_TO_OBJECT(pk_jsval); | |
+ if (!JS_IsUint8Array(pk_obj, cx)) | |
+ return NS_ERROR_FAILURE; | |
+ uint8_t *pk_data = JS_GetUint8ArrayData(pk_obj, cx); | |
+ if (JS_GetTypedArrayLength(pk_obj, cx) != 32) | |
+ return NS_ERROR_FAILURE; | |
+ | |
+ JSObject *sk_obj = JSVAL_TO_OBJECT(sk_jsval); | |
+ if (!JS_IsUint8Array(sk_obj, cx)) | |
+ return NS_ERROR_FAILURE; | |
+ uint8_t *sk_data = JS_GetUint8ArrayData(sk_obj, cx); | |
+ if (JS_GetTypedArrayLength(sk_obj, cx) != 32) | |
+ return NS_ERROR_FAILURE; | |
+ | |
+ // the crazy nacl API requires us to prefix the message we give | |
+ // crypto_box with 32 (crypto_box_ZEROBYTES) null bytes. The message it | |
+ // gives back will be prefixed with 16 (crypto_box_BOXZEROBYTES) null | |
+ // bytes, which we don't have to send. I have still not figured out why | |
+ // it does this: it needs 16 extra bytes are for the MAC tag, but I think | |
+ // the rest is for use as a scratchpad of some sort. | |
+ size_t padded_msg_data_length = crypto_box_ZEROBYTES+msg_data_length; | |
+ uint8_t *padded_msg_data = (uint8_t *)malloc(padded_msg_data_length); | |
+ if (!padded_msg_data) | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ memset(padded_msg_data, 0, crypto_box_ZEROBYTES); | |
+ memcpy(padded_msg_data+crypto_box_ZEROBYTES, msg_data, msg_data_length); | |
+ size_t padded_output_data_length = padded_msg_data_length; | |
+ uint8_t *padded_output_data = (uint8_t *)malloc(padded_output_data_length); | |
+ if (!padded_output_data) { | |
+ free(padded_msg_data); | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ } | |
+ | |
+ size_t output_data_length = padded_output_data_length - crypto_box_BOXZEROBYTES; | |
+ JSObject *out_array = JS_NewUint8Array(cx, output_data_length); | |
+ if (!out_array) { | |
+ free(padded_msg_data); | |
+ free(padded_output_data); | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ } | |
+ | |
+ printf("box: given %ld bytes, padded to %ld, returning %ld\n", | |
+ msg_data_length, padded_msg_data_length, output_data_length); | |
+ crypto_box(padded_output_data, padded_msg_data, padded_msg_data_length, | |
+ nonce_data, pk_data, sk_data); | |
+ | |
+ uint8_t *out_data = (uint8_t *)JS_GetArrayBufferViewData(out_array, cx); | |
+ memcpy(out_data, crypto_box_BOXZEROBYTES+padded_output_data, | |
+ output_data_length); | |
+ | |
+ free(padded_msg_data); | |
+ free(padded_output_data); | |
+ | |
+ *_retval = OBJECT_TO_JSVAL(out_array); | |
+ return NS_OK; | |
+} | |
+ | |
+NS_IMETHODIMP | |
+nsNACL::Box_open(const jsval& ct_jsval, | |
+ const jsval& nonce_jsval, | |
+ const jsval& pk_jsval, | |
+ const jsval& sk_jsval, | |
+ JSContext* cx, jsval* _retval NS_OUTPARAM) | |
+{ | |
+ JSObject *ct_obj = JSVAL_TO_OBJECT(ct_jsval); | |
+ if (!JS_IsUint8Array(ct_obj, cx)) | |
+ return NS_ERROR_FAILURE; | |
+ uint8_t *ct_data = JS_GetUint8ArrayData(ct_obj, cx); | |
+ size_t ct_data_length = JS_GetTypedArrayLength(ct_obj, cx); | |
+ | |
+ JSObject *nonce_obj = JSVAL_TO_OBJECT(nonce_jsval); | |
+ if (!JS_IsUint8Array(nonce_obj, cx)) | |
+ return NS_ERROR_FAILURE; | |
+ uint8_t *nonce_data = JS_GetUint8ArrayData(nonce_obj, cx); | |
+ if (JS_GetTypedArrayLength(nonce_obj, cx) != 24) | |
+ return NS_ERROR_FAILURE; | |
+ | |
+ JSObject *pk_obj = JSVAL_TO_OBJECT(pk_jsval); | |
+ if (!JS_IsUint8Array(pk_obj, cx)) | |
+ return NS_ERROR_FAILURE; | |
+ uint8_t *pk_data = JS_GetUint8ArrayData(pk_obj, cx); | |
+ if (JS_GetTypedArrayLength(pk_obj, cx) != 32) | |
+ return NS_ERROR_FAILURE; | |
+ | |
+ JSObject *sk_obj = JSVAL_TO_OBJECT(sk_jsval); | |
+ if (!JS_IsUint8Array(sk_obj, cx)) | |
+ return NS_ERROR_FAILURE; | |
+ uint8_t *sk_data = JS_GetUint8ArrayData(sk_obj, cx); | |
+ if (JS_GetTypedArrayLength(sk_obj, cx) != 32) | |
+ return NS_ERROR_FAILURE; | |
+ | |
+ size_t padded_ct_data_length = crypto_box_BOXZEROBYTES+ct_data_length; | |
+ uint8_t *padded_ct_data = (uint8_t *)malloc(padded_ct_data_length); | |
+ if (!padded_ct_data) | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ memset(padded_ct_data, 0, crypto_box_BOXZEROBYTES); | |
+ memcpy(padded_ct_data+crypto_box_BOXZEROBYTES, ct_data, ct_data_length); | |
+ size_t padded_msg_data_length = padded_ct_data_length; | |
+ uint8_t *padded_msg_data = (uint8_t *)malloc(padded_msg_data_length); | |
+ if (!padded_msg_data) { | |
+ free(padded_ct_data); | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ } | |
+ | |
+ size_t msg_data_length = padded_msg_data_length - crypto_box_ZEROBYTES; | |
+ JSObject *msg_array = JS_NewUint8Array(cx, msg_data_length); | |
+ if (!msg_array) { | |
+ free(padded_ct_data); | |
+ free(padded_msg_data); | |
+ return NS_ERROR_OUT_OF_MEMORY; | |
+ } | |
+ | |
+ printf("open: given %ld bytes, padded to %ld, returning %ld\n", | |
+ ct_data_length, padded_ct_data_length, msg_data_length); | |
+ int rc = crypto_box_open(padded_msg_data, | |
+ padded_ct_data, padded_ct_data_length, | |
+ nonce_data, pk_data, sk_data); | |
+ if (rc != 0) { | |
+ free(padded_ct_data); | |
+ free(padded_msg_data); | |
+ return NS_ERROR_FAILURE; // integrity failure | |
+ } | |
+ | |
+ uint8_t *msg_data = (uint8_t *)JS_GetArrayBufferViewData(msg_array, cx); | |
+ memcpy(msg_data, padded_msg_data+crypto_box_ZEROBYTES, msg_data_length); | |
+ | |
+ free(padded_ct_data); | |
+ free(padded_msg_data); | |
+ | |
+ *_retval = OBJECT_TO_JSVAL(msg_array); | |
+ return NS_OK; | |
+} | |
+ | |
+nsNACL::~nsNACL() | |
+{} | |
+ | |
diff --git a/security/manager/ssl/src/nsNACL.h b/security/manager/ssl/src/nsNACL.h | |
new file mode 100644 | |
index 0000000..6027ea4 | |
--- /dev/null | |
+++ b/security/manager/ssl/src/nsNACL.h | |
@@ -0,0 +1,24 @@ | |
+ | |
+#ifndef nsNACL_h | |
+#define nsNACL_h | |
+ | |
+#include "nsINACL.h" | |
+ | |
+#define NS_NACL_CONTRACTID "@mozilla.org/nacl;1" | |
+#define NS_NACL_COMPONENT_CLASSNAME "NACL BABY" | |
+#define NS_NACL_CID \ | |
+ {0x77fc331b, 0x786c, 0x43b8, {0xb6, 0x06, 0xc5, 0x4d, 0xc0, 0x74, 0xaa, 0x09}} | |
+ | |
+class nsNACL : public nsINACL | |
+{ | |
+public: | |
+ NS_DECL_ISUPPORTS | |
+ NS_DECL_NSINACL | |
+ nsNACL(); | |
+private: | |
+ ~nsNACL(); | |
+}; | |
+ | |
+ | |
+ | |
+#endif | |
diff --git a/security/manager/ssl/src/nsNSSModule.cpp b/security/manager/ssl/src/nsNSSModule.cpp | |
index 2972fb7..ded52c3 100644 | |
--- a/security/manager/ssl/src/nsNSSModule.cpp | |
+++ b/security/manager/ssl/src/nsNSSModule.cpp | |
@@ -78,6 +78,7 @@ | |
#include "nsSSLStatus.h" | |
#include "nsNSSIOLayer.h" | |
#include "NSSErrorsService.h" | |
+#include "nsNACL.h" | |
#include "nsNSSVersion.h" | |
#include "nsXULAppAPI.h" | |
@@ -248,6 +249,7 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsKeyObjectFactory) | |
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsDataSignatureVerifier) | |
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsCertOverrideService, Init) | |
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsRandomGenerator) | |
+NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsure, nsNACL) | |
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nssEnsure, nsRecentBadCertsService, Init) | |
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsSSLStatus) | |
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(nssEnsureOnChromeOnly, nsNSSSocketInfo) | |
@@ -287,6 +289,7 @@ NS_DEFINE_NAMED_CID(NS_KEYMODULEOBJECTFACTORY_CID); | |
NS_DEFINE_NAMED_CID(NS_DATASIGNATUREVERIFIER_CID); | |
NS_DEFINE_NAMED_CID(NS_CERTOVERRIDE_CID); | |
NS_DEFINE_NAMED_CID(NS_RANDOMGENERATOR_CID); | |
+NS_DEFINE_NAMED_CID(NS_NACL_CID); | |
NS_DEFINE_NAMED_CID(NS_RECENTBADCERTS_CID); | |
NS_DEFINE_NAMED_CID(NS_SSLSTATUS_CID); | |
NS_DEFINE_NAMED_CID(NS_NSSSOCKETINFO_CID); | |
@@ -325,6 +328,7 @@ static const mozilla::Module::CIDEntry kNSSCIDs[] = { | |
{ &kNS_DATASIGNATUREVERIFIER_CID, false, NULL, nsDataSignatureVerifierConstructor }, | |
{ &kNS_CERTOVERRIDE_CID, false, NULL, nsCertOverrideServiceConstructor }, | |
{ &kNS_RANDOMGENERATOR_CID, false, NULL, nsRandomGeneratorConstructor }, | |
+ { &kNS_NACL_CID, false, NULL, nsNACLConstructor }, | |
{ &kNS_RECENTBADCERTS_CID, false, NULL, nsRecentBadCertsServiceConstructor }, | |
{ &kNS_SSLSTATUS_CID, false, NULL, nsSSLStatusConstructor }, | |
{ &kNS_NSSSOCKETINFO_CID, false, NULL, nsNSSSocketInfoConstructor }, | |
@@ -368,6 +372,7 @@ static const mozilla::Module::ContractIDEntry kNSSContracts[] = { | |
{ NS_DATASIGNATUREVERIFIER_CONTRACTID, &kNS_DATASIGNATUREVERIFIER_CID }, | |
{ NS_CERTOVERRIDE_CONTRACTID, &kNS_CERTOVERRIDE_CID }, | |
{ NS_RANDOMGENERATOR_CONTRACTID, &kNS_RANDOMGENERATOR_CID }, | |
+ { NS_NACL_CONTRACTID, &kNS_NACL_CID }, | |
{ NS_RECENTBADCERTS_CONTRACTID, &kNS_RECENTBADCERTS_CID }, | |
{ NULL } | |
}; | |
diff --git a/security/manager/ssl/tests/unit/test_nacl.js b/security/manager/ssl/tests/unit/test_nacl.js | |
new file mode 100644 | |
index 0000000..f6221d8 | |
--- /dev/null | |
+++ b/security/manager/ssl/tests/unit/test_nacl.js | |
@@ -0,0 +1,61 @@ | |
+let Ci = Components.interfaces; | |
+let Cc = Components.classes; | |
+let Cu = Components.utils; | |
+let Cr = Components.results; | |
+ | |
+Cu.import("resource://gre/modules/XPCOMUtils.jsm"); | |
+ | |
+XPCOMUtils.defineLazyGetter(this, "NACL", function () { | |
+ return Cc["@mozilla.org/nacl;1"].createInstance(Ci.nsINACL); | |
+}); | |
+ | |
+function NOT_ascii_to_array(s) { | |
+ let g = new Uint8Array(s.length); | |
+ for (var i = 0; i < s.length; i++) | |
+ g[i] = s.charCodeAt(i); | |
+ return g; | |
+} | |
+ | |
+function array_to_ascii(a) { | |
+ let out = ""; | |
+ for (var i = 0; i < a.length; i++) | |
+ out = out.concat(String.fromCharCode(a[i])); | |
+ return out; | |
+} | |
+ | |
+const ascii_to_array = NACL.stringToArrayOfUTF8; | |
+ | |
+function run_test() | |
+{ | |
+ const a = Uint8Array(10); | |
+ do_check_eq(NACL.arrayToB64(a), "AAAAAAAAAAAAAA=="); | |
+ const b = NACL.b64ToArray("AAAAAAAAAAAAAA=="); | |
+ do_check_eq(b.length, 10); | |
+ for (var i = 0; i < 10; i++) | |
+ do_check_eq(b[i], 0); | |
+ do_check_eq(array_to_ascii(ascii_to_array("hello")), "hello"); | |
+ | |
+ const c = NACL.stringToArrayOfUTF8("hello"); | |
+ do_check_eq(c.length, 5); | |
+ do_check_eq(c[0], "hello".charCodeAt(0)); | |
+ do_check_eq(c[4], "hello".charCodeAt(4)); | |
+ | |
+ const decode = NACL.b64ToArray; | |
+ const encode = NACL.arrayToB64; | |
+ const alicepk = decode("ekX+MTMT+nh8zER8K8rKfS/6oJM3Nule1dsKJxM1iwk="); | |
+ const alicesk = decode("8pLYxkj11ektBNBQCalWORniSbrmUcbeZRW/5MSk/cI="); | |
+ const bobpk = decode("fMienlNy008w96EyGMofLTU0uGSNQS+Y/R6UB8K9gGo="); | |
+ const bobsk = decode("wEcpKOYLdx5c3ZKVonMJpFFDIbMojQ2HOVHIhUOREoI="); | |
+ | |
+ let nonce = decode("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"); | |
+ const msg = ascii_to_array("hello world"); | |
+ do_check_eq(encode(NACL.box(msg, nonce, bobpk, alicesk)), | |
+ "Lw610aPtDLO68Eg+z7y9PuLkvx9r4mMHwbTo"); | |
+ | |
+ nonce = decode("AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB"); // 0x010101.. | |
+ const ciphertext = decode("cuKoAvlw/jNJaP8smc3Cq7LpG9UKeuiknKDZVxs="); | |
+ do_check_eq(array_to_ascii(NACL.box_open(ciphertext, nonce, alicepk,bobsk)), | |
+ "hi back at ya"); | |
+ | |
+} | |
+ | |
diff --git a/security/manager/ssl/tests/unit/xpcshell.ini b/security/manager/ssl/tests/unit/xpcshell.ini | |
index 0dc7801..5a95ad1 100644 | |
--- a/security/manager/ssl/tests/unit/xpcshell.ini | |
+++ b/security/manager/ssl/tests/unit/xpcshell.ini | |
@@ -11,3 +11,4 @@ skip-if = os == "android" | |
[test_hmac.js] | |
# Bug 676972: test hangs consistently on Android | |
skip-if = os == "android" | |
+[test_nacl.js] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment