From ea45897fcc5097c4cf73a30fe009500f6efe8bc5 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Mon, 26 Oct 2020 08:44:40 +0100 Subject: [PATCH] PascalCase *box names, remove unneeded comptime & parenthesis Also rename (salsa20|chacha20)Internal() to a better name. And sort reexported crypto.* names --- lib/std/crypto.zig | 28 +++++++++------- lib/std/crypto/chacha20.zig | 16 ++++----- lib/std/crypto/salsa20.zig | 66 ++++++++++++++++++------------------- 3 files changed, 58 insertions(+), 52 deletions(-) diff --git a/lib/std/crypto.zig b/lib/std/crypto.zig index 4c35a9e9ae..eb45fb22e1 100644 --- a/lib/std/crypto.zig +++ b/lib/std/crypto.zig @@ -6,13 +6,17 @@ /// Authenticated Encryption with Associated Data pub const aead = struct { - pub const Gimli = @import("crypto/gimli.zig").Aead; - pub const ChaCha20Poly1305 = @import("crypto/chacha20.zig").Chacha20Poly1305; - pub const XChaCha20Poly1305 = @import("crypto/chacha20.zig").XChacha20Poly1305; pub const Aegis128L = @import("crypto/aegis.zig").Aegis128L; pub const Aegis256 = @import("crypto/aegis.zig").Aegis256; + pub const Aes128Gcm = @import("crypto/aes_gcm.zig").Aes128Gcm; pub const Aes256Gcm = @import("crypto/aes_gcm.zig").Aes256Gcm; + + pub const Gimli = @import("crypto/gimli.zig").Aead; + + pub const ChaCha20Poly1305 = @import("crypto/chacha20.zig").Chacha20Poly1305; + pub const XChaCha20Poly1305 = @import("crypto/chacha20.zig").XChacha20Poly1305; + pub const XSalsa20Poly1305 = @import("crypto/salsa20.zig").XSalsa20Poly1305; }; @@ -49,13 +53,13 @@ pub const ecc = struct { /// Hash functions. pub const hash = struct { + pub const blake2 = @import("crypto/blake2.zig"); + pub const Blake3 = @import("crypto/blake3.zig").Blake3; + pub const Gimli = @import("crypto/gimli.zig").Hash; pub const Md5 = @import("crypto/md5.zig").Md5; pub const Sha1 = @import("crypto/sha1.zig").Sha1; pub const sha2 = @import("crypto/sha2.zig"); pub const sha3 = @import("crypto/sha3.zig"); - pub const blake2 = @import("crypto/blake2.zig"); - pub const Blake3 = @import("crypto/blake3.zig").Blake3; - pub const Gimli = @import("crypto/gimli.zig").Hash; }; /// Key derivation functions. @@ -65,8 +69,8 @@ pub const kdf = struct { /// MAC functions requiring single-use secret keys. pub const onetimeauth = struct { - pub const Poly1305 = @import("crypto/poly1305.zig").Poly1305; pub const Ghash = @import("crypto/ghash.zig").Ghash; + pub const Poly1305 = @import("crypto/poly1305.zig").Poly1305; }; /// A password hashing function derives a uniform key from low-entropy input material such as passwords. @@ -99,17 +103,19 @@ pub const sign = struct { /// Most applications should be using AEAD constructions instead of stream ciphers directly. pub const stream = struct { pub const ChaCha20IETF = @import("crypto/chacha20.zig").ChaCha20IETF; - pub const XChaCha20IETF = @import("crypto/chacha20.zig").XChaCha20IETF; pub const ChaCha20With64BitNonce = @import("crypto/chacha20.zig").ChaCha20With64BitNonce; + pub const XChaCha20IETF = @import("crypto/chacha20.zig").XChaCha20IETF; + pub const Salsa20 = @import("crypto/salsa20.zig").Salsa20; pub const XSalsa20 = @import("crypto/salsa20.zig").XSalsa20; }; pub const nacl = struct { const salsa20 = @import("crypto/salsa20.zig"); - pub const box = salsa20.box; - pub const secretBox = salsa20.secretBox; - pub const sealedBox = salsa20.sealedBox; + + pub const Box = salsa20.Box; + pub const SecretBox = salsa20.SecretBox; + pub const SealedBox = salsa20.SealedBox; }; const std = @import("std.zig"); diff --git a/lib/std/crypto/chacha20.zig b/lib/std/crypto/chacha20.zig index ecf9abbef9..32d1aa6dce 100644 --- a/lib/std/crypto/chacha20.zig +++ b/lib/std/crypto/chacha20.zig @@ -100,7 +100,7 @@ const ChaCha20VecImpl = struct { x[3] +%= ctx[3]; } - fn chaCha20Internal(out: []u8, in: []const u8, key: [8]u32, counter: [4]u32) void { + fn chacha20Xor(out: []u8, in: []const u8, key: [8]u32, counter: [4]u32) void { var ctx = initContext(key, counter); var x: BlockVec = undefined; var buf: [64]u8 = undefined; @@ -239,7 +239,7 @@ const ChaCha20NonVecImpl = struct { } } - fn chaCha20Internal(out: []u8, in: []const u8, key: [8]u32, counter: [4]u32) void { + fn chacha20Xor(out: []u8, in: []const u8, key: [8]u32, counter: [4]u32) void { var ctx = initContext(key, counter); var x: BlockVec = undefined; var buf: [64]u8 = undefined; @@ -325,7 +325,7 @@ pub const ChaCha20IETF = struct { c[1] = mem.readIntLittle(u32, nonce[0..4]); c[2] = mem.readIntLittle(u32, nonce[4..8]); c[3] = mem.readIntLittle(u32, nonce[8..12]); - ChaCha20Impl.chaCha20Internal(out, in, keyToWords(key), c); + ChaCha20Impl.chacha20Xor(out, in, keyToWords(key), c); } }; @@ -351,7 +351,7 @@ pub const ChaCha20With64BitNonce = struct { // first partial big block if (((@intCast(u64, maxInt(u32) - @truncate(u32, counter)) + 1) << 6) < in.len) { - ChaCha20Impl.chaCha20Internal(out[cursor..big_block], in[cursor..big_block], k, c); + ChaCha20Impl.chacha20Xor(out[cursor..big_block], in[cursor..big_block], k, c); cursor = big_block - cursor; c[1] += 1; if (comptime @sizeOf(usize) > 4) { @@ -359,14 +359,14 @@ pub const ChaCha20With64BitNonce = struct { var remaining_blocks: u32 = @intCast(u32, (in.len / big_block)); var i: u32 = 0; while (remaining_blocks > 0) : (remaining_blocks -= 1) { - ChaCha20Impl.chaCha20Internal(out[cursor .. cursor + big_block], in[cursor .. cursor + big_block], k, c); - c[1] += 1; // upper 32-bit of counter, generic chaCha20Internal() doesn't know about this. + ChaCha20Impl.chacha20Xor(out[cursor .. cursor + big_block], in[cursor .. cursor + big_block], k, c); + c[1] += 1; // upper 32-bit of counter, generic chacha20Xor() doesn't know about this. cursor += big_block; } } } - ChaCha20Impl.chaCha20Internal(out[cursor..], in[cursor..], k, c); + ChaCha20Impl.chacha20Xor(out[cursor..], in[cursor..], k, c); } }; @@ -694,7 +694,7 @@ fn chacha20poly1305OpenDetached(dst: []u8, ciphertext: []const u8, tag: *const [ // See https://github.com/ziglang/zig/issues/1776 var acc: u8 = 0; for (computedTag) |_, i| { - acc |= (computedTag[i] ^ tag[i]); + acc |= computedTag[i] ^ tag[i]; } if (acc != 0) { return error.AuthenticationFailed; diff --git a/lib/std/crypto/salsa20.zig b/lib/std/crypto/salsa20.zig index 60a29fd19c..2e0c78726b 100644 --- a/lib/std/crypto/salsa20.zig +++ b/lib/std/crypto/salsa20.zig @@ -40,7 +40,7 @@ const Salsa20NonVecImpl = struct { d: u6, }; - inline fn Rp(comptime a: usize, comptime b: usize, comptime c: usize, comptime d: u6) QuarterRound { + inline fn Rp(a: usize, b: usize, c: usize, d: u6) QuarterRound { return QuarterRound{ .a = a, .b = b, @@ -82,7 +82,7 @@ const Salsa20NonVecImpl = struct { } } - fn salsa20Internal(out: []u8, in: []const u8, key: [8]u32, d: [4]u32) void { + fn salsa20Xor(out: []u8, in: []const u8, key: [8]u32, d: [4]u32) void { var ctx = initContext(key, d); var x: BlockVec = undefined; var buf: [64]u8 = undefined; @@ -174,7 +174,7 @@ pub const Salsa20 = struct { d[1] = mem.readIntLittle(u32, nonce[4..8]); d[2] = @truncate(u32, counter); d[3] = @truncate(u32, counter >> 32); - Salsa20Impl.salsa20Internal(out, in, keyToWords(key), d); + Salsa20Impl.salsa20Xor(out, in, keyToWords(key), d); } }; @@ -244,7 +244,7 @@ pub const XSalsa20Poly1305 = struct { mac.final(&computedTag); var acc: u8 = 0; for (computedTag) |_, i| { - acc |= (computedTag[i] ^ tag[i]); + acc |= computedTag[i] ^ tag[i]; } if (acc != 0) { mem.secureZero(u8, &computedTag); @@ -261,7 +261,7 @@ pub const XSalsa20Poly1305 = struct { /// A secret key shared by all the recipients must be already known in order to use this API. /// /// Nonces are 192-bit large and can safely be chosen with a random number generator. -pub const secretBox = struct { +pub const SecretBox = struct { /// Key length in bytes. pub const key_length = XSalsa20Poly1305.key_length; /// Nonce length in bytes. @@ -295,7 +295,7 @@ pub const secretBox = struct { /// and is decrypted using the recipient's secret key and the sender's public key. /// /// Nonces are 192-bit large and can safely be chosen with a random number generator. -pub const box = struct { +pub const Box = struct { /// Public key length in bytes. pub const public_length = X25519.public_length; /// Secret key length in bytes. @@ -323,13 +323,13 @@ pub const box = struct { /// Encrypt and authenticate a message using a recipient's public key `public_key` and a sender's `secret_key`. pub fn seal(c: []u8, m: []const u8, npub: [nonce_length]u8, public_key: [public_length]u8, secret_key: [secret_length]u8) !void { const shared_key = try createSharedSecret(public_key, secret_key); - return secretBox.seal(c, m, npub, shared_key); + return SecretBox.seal(c, m, npub, shared_key); } /// Verify and decrypt a message using a recipient's secret key `public_key` and a sender's `public_key`. pub fn open(m: []u8, c: []const u8, npub: [nonce_length]u8, public_key: [public_length]u8, secret_key: [secret_length]u8) !void { const shared_key = try createSharedSecret(public_key, secret_key); - return secretBox.open(m, c, npub, shared_key); + return SecretBox.open(m, c, npub, shared_key); } }; @@ -340,20 +340,20 @@ pub const box = struct { /// While the recipient can verify the integrity of the message, it cannot verify the identity of the sender. /// /// A message is encrypted using an ephemeral key pair, whose secret part is destroyed right after the encryption process. -pub const sealedBox = struct { - pub const public_length = box.public_length; - pub const secret_length = box.secret_length; - pub const seed_length = box.seed_length; - pub const seal_length = box.public_length + box.tag_length; +pub const SealedBox = struct { + pub const public_length = Box.public_length; + pub const secret_length = Box.secret_length; + pub const seed_length = Box.seed_length; + pub const seal_length = Box.public_length + Box.tag_length; /// A key pair. - pub const KeyPair = box.KeyPair; + pub const KeyPair = Box.KeyPair; - fn createNonce(pk1: [public_length]u8, pk2: [public_length]u8) [box.nonce_length]u8 { - var hasher = Blake2b(box.nonce_length * 8).init(.{}); + fn createNonce(pk1: [public_length]u8, pk2: [public_length]u8) [Box.nonce_length]u8 { + var hasher = Blake2b(Box.nonce_length * 8).init(.{}); hasher.update(&pk1); hasher.update(&pk2); - var nonce: [box.nonce_length]u8 = undefined; + var nonce: [Box.nonce_length]u8 = undefined; hasher.final(&nonce); return nonce; } @@ -365,7 +365,7 @@ pub const sealedBox = struct { var ekp = try KeyPair.create(null); const nonce = createNonce(ekp.public_key, public_key); mem.copy(u8, c[0..public_length], ekp.public_key[0..]); - try box.seal(c[box.public_length..], m, nonce, public_key, ekp.secret_key); + try Box.seal(c[Box.public_length..], m, nonce, public_key, ekp.secret_key); mem.secureZero(u8, ekp.secret_key[0..]); } @@ -377,7 +377,7 @@ pub const sealedBox = struct { } const epk = c[0..public_length]; const nonce = createNonce(epk.*, keypair.public_key); - return box.open(m, c[public_length..], nonce, epk.*, keypair.secret_key); + return Box.open(m, c[public_length..], nonce, epk.*, keypair.secret_key); } }; @@ -400,37 +400,37 @@ test "xsalsa20poly1305 secretbox" { var msg: [100]u8 = undefined; var msg2: [msg.len]u8 = undefined; var key: [XSalsa20Poly1305.key_length]u8 = undefined; - var nonce: [box.nonce_length]u8 = undefined; - var boxed: [msg.len + box.tag_length]u8 = undefined; + var nonce: [Box.nonce_length]u8 = undefined; + var boxed: [msg.len + Box.tag_length]u8 = undefined; try crypto.randomBytes(&msg); try crypto.randomBytes(&key); try crypto.randomBytes(&nonce); - secretBox.seal(boxed[0..], msg[0..], nonce, key); - try secretBox.open(msg2[0..], boxed[0..], nonce, key); + SecretBox.seal(boxed[0..], msg[0..], nonce, key); + try SecretBox.open(msg2[0..], boxed[0..], nonce, key); } test "xsalsa20poly1305 box" { var msg: [100]u8 = undefined; var msg2: [msg.len]u8 = undefined; - var nonce: [box.nonce_length]u8 = undefined; - var boxed: [msg.len + box.tag_length]u8 = undefined; + var nonce: [Box.nonce_length]u8 = undefined; + var boxed: [msg.len + Box.tag_length]u8 = undefined; try crypto.randomBytes(&msg); try crypto.randomBytes(&nonce); - var kp1 = try box.KeyPair.create(null); - var kp2 = try box.KeyPair.create(null); - try box.seal(boxed[0..], msg[0..], nonce, kp1.public_key, kp2.secret_key); - try box.open(msg2[0..], boxed[0..], nonce, kp2.public_key, kp1.secret_key); + var kp1 = try Box.KeyPair.create(null); + var kp2 = try Box.KeyPair.create(null); + try Box.seal(boxed[0..], msg[0..], nonce, kp1.public_key, kp2.secret_key); + try Box.open(msg2[0..], boxed[0..], nonce, kp2.public_key, kp1.secret_key); } test "xsalsa20poly1305 sealedbox" { var msg: [100]u8 = undefined; var msg2: [msg.len]u8 = undefined; - var boxed: [msg.len + sealedBox.seal_length]u8 = undefined; + var boxed: [msg.len + SealedBox.seal_length]u8 = undefined; try crypto.randomBytes(&msg); - var kp = try box.KeyPair.create(null); - try sealedBox.seal(boxed[0..], msg[0..], kp.public_key); - try sealedBox.open(msg2[0..], boxed[0..], kp); + var kp = try Box.KeyPair.create(null); + try SealedBox.seal(boxed[0..], msg[0..], kp.public_key); + try SealedBox.open(msg2[0..], boxed[0..], kp); }