DH Key Exchange
Showing 2 of 17 files from the diff.
src/caesium/crypto/kx.clj
created.
src/caesium/binding.clj
changed.
Other files ignored by Codecov
test/caesium/crypto/kx_test.clj
is new.
@@ -0,0 +1,116 @@
Loading
1 | + | (ns caesium.crypto.kx |
|
2 | + | (:require [caesium.binding :as b] |
|
3 | + | [caesium.crypto.scalarmult :as s] |
|
4 | + | [caesium.byte-bufs :as bb]) |
|
5 | + | (:import [java.nio ByteBuffer])) |
|
6 | + | ||
7 | + | (b/defconsts [seedbytes publickeybytes secretkeybytes sessionkeybytes primitive]) |
|
8 | + | ||
9 | + | (defn keypair-to-buf! |
|
10 | + | "Generate a key pair into provided pk (public key) and sk (secret |
|
11 | + | key) bufs. If also passed a seed, uses it to seed the key pair. |
|
12 | + | ||
13 | + | This API matches libsodium's `crypto_kx_keypair` and |
|
14 | + | `crypto_kx_seed_keypair`." |
|
15 | + | ([pk sk] |
|
16 | + | (b/call! keypair pk sk)) |
|
17 | + | ([pk sk seed] |
|
18 | + | (b/call! seed-keypair pk sk seed))) |
|
19 | + | ||
20 | + | (defn keypair! |
|
21 | + | "Create a `crypto_kx_box` keypair. |
|
22 | + | ||
23 | + | This fn will take either: |
|
24 | + | ||
25 | + | - nothing, generating the key pair from scratch securely |
|
26 | + | - a seed, generating the key pair from the seed |
|
27 | + | ||
28 | + | Returns a map containing the public and private key bytes (mutable |
|
29 | + | arrays)." |
|
30 | + | ([] |
|
31 | + | (let [pk (bb/alloc publickeybytes) |
|
32 | + | sk (bb/alloc secretkeybytes)] |
|
33 | + | (keypair-to-buf! pk sk) |
|
34 | + | {:public pk :secret sk})) |
|
35 | + | ([seed] |
|
36 | + | (let [pk (bb/alloc publickeybytes) |
|
37 | + | sk (bb/alloc secretkeybytes)] |
|
38 | + | (keypair-to-buf! pk sk (bb/->indirect-byte-buf seed)) |
|
39 | + | {:public pk :secret sk}))) |
|
40 | + | ||
41 | + | (defn sk->keypair |
|
42 | + | "Generates a key pair from a secret key. |
|
43 | + | ||
44 | + | This is different from generating a key pair from a seed. The former |
|
45 | + | uses the libsodium API which will first hash the secret to an array |
|
46 | + | of appropriate length; this will use the secret key verbatim. To be |
|
47 | + | precise: it will use the secret key as a scalar to perform the |
|
48 | + | Curve25519 scalar mult." |
|
49 | + | [sk] |
|
50 | + | (let [pk (bb/alloc publickeybytes)] |
|
51 | + | (s/scalarmult-to-buf! pk sk) |
|
52 | + | {:public pk :secret sk})) |
|
53 | + | ||
54 | + | (defn client-session-keys-to-buf! |
|
55 | + | "Compute a pair of shared keys, `client-rx` and `client-tx`, |
|
56 | + | using the client keypair and the server public key. |
|
57 | + | Matches libsodium API for `crypto-kx-client-session-keys`. |
|
58 | + | A map of the receive and transmit keys is returned. |
|
59 | + | ||
60 | + | All arguments must be `java.nio.ByteBuffer`." |
|
61 | + | [client-rx client-tx client-pk client-sk server-pk] |
|
62 | + | (let [client-rx (bb/->indirect-byte-buf client-rx) |
|
63 | + | client-tx (bb/->indirect-byte-buf client-tx) |
|
64 | + | client-pk (bb/->indirect-byte-buf client-pk) |
|
65 | + | client-sk (bb/->indirect-byte-buf client-sk) |
|
66 | + | server-pk (bb/->indirect-byte-buf server-pk) |
|
67 | + | result (.crypto_kx_client_session_keys b/sodium client-rx client-tx client-pk client-sk server-pk)] |
|
68 | + | (if-not (zero? result) |
|
69 | + | (throw (RuntimeException. "Unable to calculate client session keys")) |
|
70 | + | {:client-rx client-rx |
|
71 | + | :client-tx client-tx}))) |
|
72 | + | ||
73 | + | (defn server-session-keys-to-buf! |
|
74 | + | "Compute a pair of shared keys, `server-rx` and `server-tx`, |
|
75 | + | using the server keypair and the client public key. |
|
76 | + | Matches libsodium API for `crypto-kx-server-session-keys`. |
|
77 | + | A map of the receive and transmit keys is returned. |
|
78 | + | ||
79 | + | All arguments must be `java.nio.ByteBuffer`." |
|
80 | + | [server-rx server-tx server-pk server-sk client-pk] |
|
81 | + | (let [server-rx (bb/->indirect-byte-buf server-rx) |
|
82 | + | server-tx (bb/->indirect-byte-buf server-tx) |
|
83 | + | server-pk (bb/->indirect-byte-buf server-pk) |
|
84 | + | server-sk (bb/->indirect-byte-buf server-sk) |
|
85 | + | client-pk (bb/->indirect-byte-buf client-pk) |
|
86 | + | result (.crypto_kx_server_session_keys b/sodium server-rx server-tx server-pk server-sk client-pk)] |
|
87 | + | (if-not (zero? result) |
|
88 | + | (throw (RuntimeException. "Unable to calculate server session keys")) |
|
89 | + | {:server-rx server-rx |
|
90 | + | :server-tx server-tx}))) |
|
91 | + | ||
92 | + | (defn client-session-keys |
|
93 | + | "Compute a pair of shared keys, `client-rx` and `client-tx`, |
|
94 | + | using the client keypair and the server public key. |
|
95 | + | A map of the receive and transmit keys is returned. |
|
96 | + | ||
97 | + | All arguments must be `java.nio.ByteBuffer`." |
|
98 | + | ([client-keypair server-pk] |
|
99 | + | (client-session-keys (:public client-keypair) (:secret client-keypair) server-pk)) |
|
100 | + | ([client-pk client-sk server-pk] |
|
101 | + | (let [client-rx (bb/alloc sessionkeybytes) |
|
102 | + | client-tx (bb/alloc sessionkeybytes)] |
|
103 | + | (client-session-keys-to-buf! client-rx client-tx client-pk client-sk server-pk)))) |
|
104 | + | ||
105 | + | (defn server-session-keys |
|
106 | + | "Compute a pair of shared keys, `server-rx` and `server-tx`, |
|
107 | + | using the server keypair and the client public key. |
|
108 | + | A map of the receive and transmit keys is returned. |
|
109 | + | ||
110 | + | All arguments must be `java.nio.ByteBuffer`." |
|
111 | + | ([server-keypair client-pk] |
|
112 | + | (server-session-keys (:public server-keypair) (:secret server-keypair) client-pk)) |
|
113 | + | ([server-pk server-sk client-pk] |
|
114 | + | (let [server-rx (bb/alloc sessionkeybytes) |
|
115 | + | server-tx (bb/alloc sessionkeybytes)] |
|
116 | + | (server-session-keys-to-buf! server-rx server-tx server-pk server-sk client-pk)))) |
@@ -582,7 +582,32 @@
Loading
582 | 582 | ^bytes ^{Pinned {}} npub |
|
583 | 583 | ^bytes ^{Pinned {}} k]] |
|
584 | 584 | [^int crypto_aead_xchacha20poly1305_ietf_keygen |
|
585 | - | [^bytes ^{Pinned {}} k]]]) |
|
585 | + | [^bytes ^{Pinned {}} k]] |
|
586 | + | ||
587 | + | [^long ^{size_t {}} crypto_kx_publickeybytes []] |
|
588 | + | [^long ^{size_t {}} crypto_kx_secretkeybytes []] |
|
589 | + | [^long ^{size_t {}} crypto_kx_seedbytes []] |
|
590 | + | [^long ^{size_t {}} crypto_kx_sessionkeybytes []] |
|
591 | + | [^String crypto_kx_primitive []] |
|
592 | + | [^int crypto_kx_keypair |
|
593 | + | [^bytes ^{Pinned {}} pk |
|
594 | + | ^bytes ^{Pinned {}} sk]] |
|
595 | + | [^int crypto_kx_seed_keypair |
|
596 | + | [^bytes ^{Pinned {}} pk |
|
597 | + | ^bytes ^{Pinned {}} sk |
|
598 | + | ^bytes ^{Pinned {}} seed]] |
|
599 | + | [^int crypto_kx_client_session_keys |
|
600 | + | [^bytes ^{Pinned {}} rx |
|
601 | + | ^bytes ^{Pinned {}} tx |
|
602 | + | ^bytes ^{Pinned {}} client_pk |
|
603 | + | ^bytes ^{Pinned {}} client_sk |
|
604 | + | ^bytes ^{Pinned {}} server_pk]] |
|
605 | + | [^int crypto_kx_server_session_keys |
|
606 | + | [^bytes ^{Pinned {}} rx |
|
607 | + | ^bytes ^{Pinned {}} tx |
|
608 | + | ^bytes ^{Pinned {}} server_pk |
|
609 | + | ^bytes ^{Pinned {}} server_sk |
|
610 | + | ^bytes ^{Pinned {}} client_pk]]]) |
|
586 | 611 | ||
587 | 612 | (def ^:private bound-fns |
|
588 | 613 | "A mapping of type- and jnr.ffi-annotated bound method symbols to |
Files | Coverage |
---|---|
src/caesium | 97.85% |
Project Totals (18 files) | 97.85% |
282.1
TRAVIS_OS_NAME=linux oraclejdk8=
282.2
TRAVIS_OS_NAME=linux oraclejdk8=
Sunburst
The inner-most circle is the entire project, moving away from the center are folders then, finally, a single file.
The size and color of each slice is representing the number of statements and the coverage, respectively.
Icicle
The top section represents the entire project. Proceeding with folders and finally individual files.
The size and color of each slice is representing the number of statements and the coverage, respectively.