Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: WIP NoiseIK handshake based on libsodium #2450

Draft
wants to merge 145 commits into
base: master
Choose a base branch
from
Draft

feat: WIP NoiseIK handshake based on libsodium #2450

Show file tree
Hide file tree
Changes from 98 commits
Commits
Show all changes
145 commits
Select commit Hold shift + click to select a range
44526aa
Started implementing an XAEAD function based on XChaCha20-Poly1305/li…
goldroom May 10, 2023
e8af1d3
Added XAEAD functions, added HMAC-SHA512 functions, added HKDF for No…
goldroom Jun 13, 2023
f8e28cc
Added HMAC+HKDF functions to crypto_core.h, fixed wrong ). Fixed mino…
goldroom Jun 14, 2023
2ce1787
Continued Noise handshake implementation.
goldroom Jun 16, 2023
abfeefa
Adapted create_crypto_handshake() for Noise Initiator and Responder, …
goldroom Jun 19, 2023
8711b20
Fixed noise_handshake_init() which lead to minor adaptions in noise_c…
goldroom Jun 20, 2023
d0b9477
Merged noise_create_crypto_handshake() into create_crypto_handshake()…
goldroom Jun 20, 2023
4e25288
Adapted rest of necessary functions for Noise-based handshake.
goldroom Jun 23, 2023
b653e8b
Fixed SegFault because of unallocated noise_handshake memory. Added d…
goldroom Jun 26, 2023
6a70bfb
Added debug output. Fixed noise_handshake_init() for Initiator case.
goldroom Jun 26, 2023
f02b8a5
Added debugging code to log behavior, fixed bug in . Currently decryp…
goldroom Jun 28, 2023
a06a115
NoiseIK handshake and NoiseIK transport encryption working. One CRYPT…
goldroom Jun 29, 2023
d4184c5
Cleaned up logging/debugging code. Switched to Tox logger.
goldroom Jun 30, 2023
e084bdb
Changed buffer of log message from 1024 to 4096 bytes to be able to l…
goldroom Jul 3, 2023
f4ab64e
Cleaned up comments/TODOs.
goldroom Jul 3, 2023
350d515
fix/cleanup: Changed noise_handshake in Crypto_Connection and New_Con…
goldroom Sep 14, 2023
0d5b81a
cleanup: reduced log amount by removing packet debug logging.
goldroom Sep 14, 2023
8462f0c
debug: added debug output to identify UAF issue root cause.
goldroom Sep 14, 2023
3d59d43
Changed noise_handshake to dynamic alloc again in Crypto_Connection.
goldroom Sep 15, 2023
0f3c2b4
fix: fixed ASAN memleaks after noise_handshake calloc in create_crypt…
goldroom Sep 19, 2023
f175976
Improvements and added debugging due to test timeouts. Buggy, but mos…
goldroom Sep 25, 2023
fdd964d
Fix: Fixed issues when two peers initiate a handshake at the same tim…
goldroom Sep 26, 2023
f6c6830
Fix: Added further debug logging and fixed issue in special case of i…
goldroom Sep 27, 2023
e2cf7ff
cleanup: small cleanup of debug/logging code.
goldroom Oct 2, 2023
7e03515
change: moved noise_handshake_init() to handle_cookie_response for IN…
goldroom Oct 2, 2023
85f4496
fix: fixed current behavior in handle_crypto_hs(). fixed wrong memzer…
goldroom Oct 3, 2023
46ae442
cleanup: removed unnecessary code.
goldroom Oct 4, 2023
be6445a
Implemented different handshake behavior. Currently fails at create_s…
goldroom Oct 4, 2023
721f887
fix/cleanup: fixed connection status bug in accept_crypto_connection(…
goldroom Oct 4, 2023
ecd7312
cleanup: Removed unused crypto_hmac512_verify(). Moved generic noise_…
goldroom Nov 30, 2023
c80bbb3
fix: fix compiler error due to usage of public/private.
goldroom Dec 1, 2023
e052b5d
cleanup/doc: Cleaned up Noise related code in crypto_core. Added Nois…
goldroom Dec 1, 2023
9d861a8
fix: Fixed typos in documentation.
goldroom Dec 1, 2023
fb4d415
cleanup/doc: cleaned up comments and added documentation to net_crypt…
goldroom Dec 1, 2023
2634021
merge: merged current master. Resolved conflicts in .
goldroom Dec 4, 2023
e8edb9f
fix: missed one curly bracket.
goldroom Dec 4, 2023
e0cfc39
fix: fix double free after merge.
goldroom Dec 4, 2023
58d0df4
fix/cleanup: Changed NULL to nullptr, free() to mem_delete(), calloc(…
goldroom Dec 5, 2023
e4dbc39
fix: removed dependency for bin2hex_toupper() from create_common.h. A…
goldroom Dec 5, 2023
9733175
fix: minor fixes for CI.
goldroom Dec 5, 2023
dc65e97
fix: minor fixes for CI.
goldroom Dec 5, 2023
6a030f0
fix: minor fixes for CI.
goldroom Dec 5, 2023
af18b08
fix: minor fixes for CI.
goldroom Dec 5, 2023
91128c6
fix/cleanup: changed crypto_hkdf() to two outputs because output3 is …
goldroom Dec 5, 2023
e9dfc41
fix: minor fixes for CI.
goldroom Dec 5, 2023
04f87ed
fix: changed noise_mix_key() to use crypto_scalarmult_curve25519() in…
goldroom Dec 5, 2023
f22d074
cleanup: removed unnecessary memcpys and related parameters from hand…
goldroom Dec 5, 2023
ce7bb03
feat: Encrypt cookies in Noise handshake packets and authenticate via…
goldroom Dec 13, 2023
063d0c2
cleanup: removed unnecessary TODOs.
goldroom Dec 14, 2023
8d96364
cleanup: moved Noise Split (symmetric key derivation).
goldroom Dec 14, 2023
04326d8
fix/cleanup: minor changes for CI checks.
goldroom Dec 15, 2023
862770d
fix: fix for cimple and MSAN uninitialized value.
goldroom Dec 18, 2023
d6a4338
fix: MSAN uninitialized value.
goldroom Dec 18, 2023
663f8cc
fix: for TSAN.
goldroom Dec 18, 2023
7485b14
test: testing changed connection_kill() behavior.
goldroom Dec 18, 2023
73d3ddf
fix: fixed handle_crypto_handshake() and calls because public_key (=r…
goldroom Dec 18, 2023
60fb6ae
fix: fixed call to handle_crypto_handshake().
goldroom Dec 18, 2023
a7eccb6
add handshake compatiblilty option
zoff99 Dec 19, 2023
dc4492c
cleanup: minor cleanup
goldroom Dec 19, 2023
e5606af
Merge branch 'master' into noiseIK_2023_PR
goldroom Jan 6, 2024
3c16f65
fix: fix for ubsan.
goldroom Jan 6, 2024
781828a
fix: fix for ubsan.
goldroom Jan 6, 2024
654f26a
fix: fix for ubsan.
goldroom Jan 6, 2024
04e07e1
Merge branch 'tox_option_fallback' of github.com:zoff99/c-toxcore int…
goldroom Jan 6, 2024
9643bf3
Merge branch 'zoff99-tox_option_fallback' into noiseIK_2023_PR
goldroom Jan 6, 2024
61695d4
fix: fixed noise backwards compatibility option.
goldroom Jan 6, 2024
ffa677e
feat: backwards compatibility to non-Noise handshake.
goldroom Jan 7, 2024
b78376c
feat: backwards compatibility to non-Noise handshake.
goldroom Jan 7, 2024
254c223
Merge branch 'master' into noiseIK_2023_PR
iphydf Feb 19, 2024
d38f6e8
fix merge issue
iphydf Feb 19, 2024
4f16bb2
Restyled by astyle
restyled-commits Feb 19, 2024
e8ab0f6
Merge branch 'master' into noiseIK_2023_PR
goldroom Mar 8, 2024
190c038
fix: removed unused OtherCookie from RESPONDER handshake packet.
goldroom Mar 15, 2024
2201b8c
Fix: fixed wrong usages of CRYPTO_PUBLIC_KEY_SIZE to CRYPTO_SECRET_KE…
goldroom Mar 18, 2024
a52f2fd
feat: backwards compatibility to non-Noise handshake.
goldroom Mar 18, 2024
075d888
fix: fixed uninitialized variable.
goldroom Mar 19, 2024
688635a
fix: fixed uninitialized variable.
goldroom Mar 19, 2024
c16643d
fix: fixed reference to nullptr.
goldroom Mar 19, 2024
01d175a
debug: added debug output.
goldroom Mar 19, 2024
2325cc1
fix: possible fix for wrong non-Noise handshake.
goldroom Mar 19, 2024
c64f676
feat: backwards compatibility to non-Noise handshake. Successfully te…
goldroom Mar 19, 2024
4286d4b
fix: fix for backwards compatibility to non-Noise handshake.
goldroom Mar 19, 2024
21b9126
cleanup: stated explicit lengths for Noise function parameters (where…
goldroom Mar 22, 2024
0ee531b
Merge branch 'master' into noiseIK_2023_PR
goldroom Mar 22, 2024
760b4a3
fix: fixed merge issue found by coverage-linux check.
goldroom Mar 22, 2024
a467d45
cleanup/fix: changed parameter ordering of crypto_hkdf() to make toks…
goldroom Mar 22, 2024
7847245
fix: fixes for CI.
goldroom Mar 22, 2024
85d12b6
fix: added missing non_null()/nullable() statements to .
goldroom Apr 3, 2024
d87f9c1
feat: Implemented Noise_IK_25519_ChaChaPoly_SHA512 instead of Noise_I…
goldroom Apr 12, 2024
34a88d4
fix: fix param for asan/tsan/ubsan.
goldroom Apr 12, 2024
06404d5
fix: changed Noise protocol name to Noise_IK_25519_ChaChaPoly_SHA512.
goldroom Apr 12, 2024
f577864
test: trying test vectors from noise-c
goldroom Apr 12, 2024
f9ad7c4
Fixed crypto_hkdf() in crypto_core.c and verified with test vectors. …
goldroom Jun 4, 2024
252c443
Added further testing steps. Everything correct (incl. final handshak…
goldroom Jun 10, 2024
a47fbbc
Adapted return type of aead/xaead encrypt/decrypt functions and remov…
goldroom Jun 10, 2024
55b3ef5
feat: Added verification of Noise_IK_25519_ChaChaPoly_SHA512 test vec…
goldroom Jun 11, 2024
336c5de
fix: removed logger.h from crypto_core.h and removed logging paramete…
goldroom Jun 11, 2024
f7b7097
fix: removed logging param and added newline to crypto_core.c
goldroom Jun 11, 2024
23f2bb2
fix: fixes for CI
goldroom Jun 11, 2024
c8566ef
fix: fixes for CI
goldroom Jun 11, 2024
bb95f24
fix: fixes for CI
goldroom Jun 11, 2024
bbc1c3c
fix: fixes for CI
goldroom Jun 11, 2024
61825f1
fix: fixed bug introduced in crypto_test with CI fixes
goldroom Jun 11, 2024
920ec60
fix: fixed terminating null character, noiseIK test vectors still ver…
goldroom Jun 11, 2024
e7e30d2
fix: fixes for CI
goldroom Jun 11, 2024
6e5e90a
Merge branch 'master' into noiseIK_2023_PR
goldroom Jun 11, 2024
1b4e963
feat: Implemented enabling/disabling of backwards compatiblity to non…
goldroom Jun 13, 2024
4b26a5d
fix: fix two tests after adding Tox option to disable backwards compa…
goldroom Jun 14, 2024
11cbf61
cleanup: code cleanup and documentation of net_crypto.c
goldroom Jun 14, 2024
cea8d45
cleanup: minor cleanup of comments/documentation
goldroom Jun 14, 2024
341e150
Merge branch 'master' into noiseIK_2023_PR
iphydf Nov 12, 2024
a2da318
cleanup: code cleanup and documentation of net_crypto.c
goldroom Nov 17, 2024
d7b6814
docs: Added doc and TODOs.
goldroom Dec 3, 2024
841ba31
refactor: Implemented Noise_IK_25519_ChaChaPoly_BLAKE2s instead of No…
goldroom Dec 10, 2024
c8130b8
fix: added static
goldroom Dec 10, 2024
39736cb
fix: fixed include, not sure where that came from
goldroom Dec 10, 2024
2c65128
Merge branch 'master' into noiseIK_2023_PR
goldroom Dec 11, 2024
87e6350
fix: fixes after master merge
goldroom Dec 11, 2024
cabca2a
fix: formatting after merge, ASAN caught memory leak in crypto_test.c
goldroom Dec 11, 2024
fa59b7b
feat: started implementation of (possible) new cookie functionality.
goldroom Dec 18, 2024
b3d73e2
fix: fixes for CI.
goldroom Dec 18, 2024
fdb0163
feat: implementation of (possible) new cookie functionality.
goldroom Dec 19, 2024
3440302
feat: implementation of (possible) new cookie mechanism.
goldroom Dec 21, 2024
44e58f7
feat: implementation of possible new cookie mechanism. Currently brok…
goldroom Dec 23, 2024
7ec460f
fix: added debug output and fixed NoiseIK cookie implementation issue…
goldroom Jan 7, 2025
5ac12e7
fix: fixed typo
goldroom Jan 25, 2025
8c5b5c8
Revert "fix: fixed typo"
goldroom Jan 25, 2025
db6571a
Revert "fix: added debug output and fixed NoiseIK cookie implementati…
goldroom Jan 25, 2025
cead98b
Revert "feat: implementation of possible new cookie mechanism. Curren…
goldroom Jan 25, 2025
9817f28
Revert "feat: implementation of (possible) new cookie mechanism."
goldroom Jan 25, 2025
5e17a87
Revert "feat: implementation of (possible) new cookie functionality."
goldroom Jan 25, 2025
c780c61
Revert "fix: fixes for CI."
goldroom Jan 25, 2025
04c4a38
Revert "feat: started implementation of (possible) new cookie functio…
goldroom Jan 25, 2025
d4f7f73
refactor: minor refactoring and documentation (based on reverted cook…
goldroom Jan 25, 2025
9932efb
Merge branch 'master' into noiseIK_2023_PR
goldroom Jan 26, 2025
25311c7
chore: added Noise compatibility option again after master merge.
goldroom Jan 26, 2025
3060956
fix: cannot have const Net_Crypto in handle_packet_crypto_hs() here …
goldroom Jan 26, 2025
76acc47
chore: cleanup and documentation of crypto_core.
goldroom Jan 27, 2025
ee4e7c2
refactor: removed base nonces from NoiseIK handshake packets to use (…
goldroom Jan 27, 2025
0ecbd3b
fix: fixed friend_connection after New_Connection refactoring.
goldroom Jan 27, 2025
34b931c
chore: cleanup and documentation.
goldroom Jan 27, 2025
cbf09c5
fix: fix for CI
goldroom Jan 27, 2025
e2e65c2
cleanup: minor cleanup
goldroom Jan 28, 2025
5a82583
cleanup: minor cleanup
goldroom Jan 30, 2025
8bdcac4
fix: fixed two issues because of noise_handshake memzero in backwards…
goldroom Jan 31, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,9 @@ build/
# VScode
.vscode/

# Tests via Zoff
.localrun/

# Netbeans
nbproject

Expand Down
443 changes: 443 additions & 0 deletions auto_tests/crypto_test.c
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions toxcore/Messenger.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ typedef struct Messenger_State_Plugin {

typedef struct Messenger_Options {
bool ipv6enabled;
bool noise_compatibility_enabled;
bool udp_disabled;
TCP_Proxy_Info proxy_info;
uint16_t port_range[2];
Expand Down
388 changes: 388 additions & 0 deletions toxcore/crypto_core.c
View file
Open in desktop

Large diffs are not rendered by default.

240 changes: 240 additions & 0 deletions toxcore/crypto_core.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,11 @@ extern "C" {
*/
#define CRYPTO_NONCE_SIZE 24

/**
* @brief NoiseIK: The number of bytes in a nonce used for encryption/decryption (ChaChaPoly-1305-IETF).
*/
#define CRYPTO_NOISEIK_NONCE_SIZE 12

/**
* @brief The number of bytes in a SHA256 hash.
*/
Expand Down Expand Up @@ -109,6 +114,25 @@ typedef struct Random {
void *obj;
} Random;

// TODO: struct necessary?
// TODO: move to crypto_core.h?
/** @brief Necessary Noise handshake state information/values.
*/
typedef struct Noise_Handshake {
// TODO: static_private?
uint8_t static_private[CRYPTO_SECRET_KEY_SIZE];
uint8_t static_public[CRYPTO_PUBLIC_KEY_SIZE];
uint8_t ephemeral_private[CRYPTO_SECRET_KEY_SIZE];
uint8_t ephemeral_public[CRYPTO_PUBLIC_KEY_SIZE];
uint8_t remote_static[CRYPTO_PUBLIC_KEY_SIZE];
uint8_t remote_ephemeral[CRYPTO_PUBLIC_KEY_SIZE];

uint8_t hash[CRYPTO_SHA512_SIZE];
uint8_t chaining_key[CRYPTO_SHA512_SIZE];

bool initiator;
} Noise_Handshake;

/** @brief System random number generator.
*
* Uses libsodium's CSPRNG (on Linux, `/dev/urandom`).
Expand Down Expand Up @@ -501,6 +525,222 @@ bool crypto_memunlock(void *data, size_t length);
non_null()
void new_hmac_key(const Random *rng, uint8_t key[CRYPTO_HMAC_KEY_SIZE]);

/* Necessary functions for Noise, cf. https://noiseprotocol.org/noise.html (Revision 34) */

/**
* @brief Encrypt message with precomputed shared key using ChaCha20-Poly1305-IETF (RFC7539).
*
* Encrypts plain of plain_length to encrypted of plain_length + @ref CRYPTO_MAC_SIZE
* using a shared key @ref CRYPTO_SYMMETRIC_KEY_SIZE big and a @ref CRYPTO_NOISEIK_NONCE_SIZE
* byte nonce. The encrypted message, as well as a tag authenticating both the confidential
* message m and adlen bytes of non-confidential data ad, are put into encrypted.
*
* @retval -1 if there was a problem.
* @return length of encrypted data if everything was fine.
*/
non_null(1, 2, 3, 5) nullable(6)
int32_t encrypt_data_symmetric_aead(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE], const uint8_t nonce[CRYPTO_NOISEIK_NONCE_SIZE], const uint8_t *plain, size_t plain_length,
uint8_t *encrypted, const uint8_t *ad, size_t ad_length);

/**
* @brief Decrypt message with precomputed shared key using ChaCha20-Poly1305-IETF (RFC7539).
*
* Decrypts encrypted of encrypted_length to plain of length
* `length - CRYPTO_MAC_SIZE` using a shared key @ref CRYPTO_SHARED_KEY_SIZE
* big and a @ref CRYPTO_NOISEIK_NONCE_SIZE byte nonce.
*
* @retval -1 if there was a problem (decryption failed).
* @return length of plain data if everything was fine.
*/
non_null(1, 2, 3, 5) nullable(6)
int32_t decrypt_data_symmetric_aead(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE], const uint8_t nonce[CRYPTO_NOISEIK_NONCE_SIZE], const uint8_t *encrypted, size_t encrypted_length,
uint8_t *plain, const uint8_t *ad, size_t ad_length);

/**
* @brief Encrypt message with precomputed shared key using XChaCha20-Poly1305.
*
* Encrypts plain of plain_length to encrypted of plain_length + @ref CRYPTO_MAC_SIZE
* using a shared key @ref CRYPTO_SYMMETRIC_KEY_SIZE big and a @ref CRYPTO_NONCE_SIZE
* byte nonce. The encrypted message, as well as a tag authenticating both the confidential
* message m and adlen bytes of non-confidential data ad, are put into encrypted.
*
* @retval -1 if there was a problem.
* @return length of encrypted data if everything was fine.
*/
non_null(1, 2, 3, 5) nullable(6)
int32_t encrypt_data_symmetric_xaead(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE], const uint8_t nonce[CRYPTO_NONCE_SIZE], const uint8_t *plain, size_t plain_length,
uint8_t *encrypted, const uint8_t *ad, size_t ad_length);

/**
* @brief Decrypt message with precomputed shared key using XChaCha20-Poly1305.
*
* Decrypts encrypted of encrypted_length to plain of length
* `length - CRYPTO_MAC_SIZE` using a shared key @ref CRYPTO_SHARED_KEY_SIZE
* big and a @ref CRYPTO_NONCE_SIZE byte nonce.
*
* @retval -1 if there was a problem (decryption failed).
* @return length of plain data if everything was fine.
*/
non_null(1, 2, 3, 5) nullable(6)
int32_t decrypt_data_symmetric_xaead(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE], const uint8_t nonce[CRYPTO_NONCE_SIZE], const uint8_t *encrypted, size_t encrypted_length,
uint8_t *plain, const uint8_t *ad, size_t ad_length);

/**
* @brief Compute an HMAC-SHA512 authenticator (64 bytes).
*
* cf. Noise sections 4.3 and 5.1
* Applies HMAC from RFC2104 (https://tools.ietf.org/html/rfc2104) using the HASH() (=SHA512) function.
* This function is only called via `crypto_hkdf()`.
* HMAC-SHA-512 instead of HMAC-SHA512-256 as used by `crypto_auth_*()` (libsodium) which is underlying function of
* `crypto_hmac*() in crypto_core. Necessary for Noise (cf. section 4.3) to return 64 bytes (SHA512 HASHLEN) instead of
* of 32 bytes (SHA512-256 HASHLEN). Cf. https://doc.libsodium.org/advanced/hmac-sha2#hmac-sha-512
* key is CRYPTO_SHA512_SIZE bytes because this function is only called via crypto_hkdf() where the key (ck, temp_key)
* is always HASHLEN bytes.
*
* @param auth Resulting authenticator.
* @param key Secret key
*/
non_null(1, 2) nullable(3)
void crypto_hmac512(uint8_t auth[CRYPTO_SHA512_SIZE], const uint8_t key[CRYPTO_SHA512_SIZE], const uint8_t *data,
size_t data_length);

/**
* @brief Computes the number of provides outputs (=keys) with HKDF-SHA512.
*
* cf. Noise sections 4.3 and 5.1
*
* This is Hugo Krawczyk's HKDF:
* - https://eprint.iacr.org/2010/264.pdf
* - https://tools.ietf.org/html/rfc5869
* HKDF(chaining_key, input_key_material, num_outputs): Takes a
* chaining_key byte sequence of length HASHLEN, and an input_key_material
* byte sequence with length either zero bytes, 32 bytes, or DHLEN bytes.
* Returns a pair or triple of byte sequences each of length HASHLEN,
* depending on whether num_outputs is two or three:
* – Sets temp_key = HMAC-HASH(chaining_key, input_key_material).
* – Sets output1 = HMAC-HASH(temp_key, byte(0x01)).
* – Sets output2 = HMAC-HASH(temp_key, output1 || byte(0x02)).
* – If num_outputs == 2 then returns the pair (output1, output2).
* – Sets output3 = HMAC-HASH(temp_key, output2 || byte(0x03)).
* – Returns the triple (output1, output2, output3).
* Note that temp_key, output1, output2, and output3 are all HASHLEN bytes in
* length. Also note that the HKDF() function is simply HKDF with the
* chaining_key as HKDF salt, and zero-length HKDF info.
*
* @param output1 First key to compute
* @param first_len Length of output1/key
* @param output2 Second key to compute
* @param second_len Length of output2/key
* @param data HKDF input_key_material byte sequence with length either zero bytes, 32 bytes, or DHLEN bytes
* @param data_len length of either zero bytes, 32 bytes, or DHLEN bytes
* @param chaining_key Noise 64 byte chaining key as HKDF salt
*/
non_null(1, 3, 7) nullable(5)
void crypto_hkdf(uint8_t *output1, size_t first_len, uint8_t *output2,
size_t second_len, const uint8_t *data,
size_t data_len, const uint8_t chaining_key[CRYPTO_SHA512_SIZE]);

/**
* @brief Initializes a Noise Handshake State with provided static X25519 ID key pair, X25519 static ID public key from peer
* and sets if initiator or not.
*
* cf. Noise section 5.3
* Calls InitializeSymmetric(protocol_name).
* Calls MixHash(prologue).
* Sets the initiator, s, e, rs, and re variables to the corresponding arguments.
* Calls MixHash() once for each public key listed in the pre-messages.
*
* //TODO: remove Logger Param
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you forgot the todo :)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Intentionally, as a some other TODOs ;)

* @param noise_handshake handshake struct to save the necessary values to
* @param self_secret_key static private ID X25519 key of this Tox instance
* @param peer_public_key X25519 static ID public key from peer to connect to
* @param initiator specifies if this Tox instance is the initiator of this crypto connection
* @param prologue specifies the prologue, used in call to MixHash(prologue) which maybe zero-length
* @param prologue_length length of prologue in bytes
*
* @return -1 on failure
* @return 0 on success
*/
non_null(2, 3) nullable(1, 4, 6)
int noise_handshake_init
(Noise_Handshake *noise_handshake, const uint8_t *self_secret_key, const uint8_t *peer_public_key, bool initiator, const uint8_t *prologue, size_t prologue_length);
// int noise_handshake_init
// (const Logger *log, Noise_Handshake *noise_handshake, const uint8_t *self_secret_key, const uint8_t *peer_public_key, bool initiator, const uint8_t *prologue, size_t prologue_length);
/**
* @brief Noise MixKey(input_key_material)
*
* cf. Noise section 5.2
* Executes the following steps:
* - Sets ck, temp_k = HKDF(ck, input_key_material, 2).
* - If HASHLEN is 64, then truncates temp_k to 32 bytes
* - Calls InitializeKey(temp_k).
* input_key_material = DH_X25519(private, public)
*
* @param chaining_key 64 byte Noise ck
* @param shared_key 32 byte key to be calculated
* @param private_key X25519 private key
* @param public_key X25519 public key
*/
non_null()
int32_t noise_mix_key(uint8_t chaining_key[CRYPTO_SHA512_SIZE], uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE],
const uint8_t private_key[CRYPTO_SECRET_KEY_SIZE],
const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE]);

/**
* @brief Noise MixHash(data): Sets h = HASH(h || data).
*
* cf. Noise section 5.2
*
* @param hash Contains current hash, is updated with new hash
* @param data to add to hash
* @param data_len length of data to hash
*
*/
non_null()
void noise_mix_hash(uint8_t hash[CRYPTO_SHA512_SIZE], const uint8_t *data, size_t data_len);

/**
* @brief Noise EncryptAndHash(plaintext): Sets ciphertext = EncryptWithAd(h,
* plaintext), calls MixHash(ciphertext), and returns ciphertext. Note
* that if k is empty, the EncryptWithAd() call will set ciphertext equal
* to plaintext.
*
* cf. Noise section 5.2
* "Noise spec: Note that if k is empty, the EncryptWithAd() call will set ciphertext equal to plaintext."
* This is not the case in Tox.
*
* @param ciphertext stores encrypted plaintext
* @param plaintext to be encrypted
* @param plain_length length of plaintext
* @param shared_key used for XAEAD encryption
* @param hash stores hash value, used as associated data in XAEAD
*/
non_null()
void noise_encrypt_and_hash(uint8_t *ciphertext, const uint8_t *plaintext,
size_t plain_length, uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE],
uint8_t hash[CRYPTO_SHA512_SIZE]);

/**
* @brief DecryptAndHash(ciphertext): Sets plaintext = DecryptWithAd(h,
* ciphertext), calls MixHash(ciphertext), and returns plaintext. Note
* that if k is empty, the DecryptWithAd() call will set plaintext equal to
* ciphertext.
*
* cf. Noise section 5.2
* "Note that if k is empty, the DecryptWithAd() call will set plaintext equal to ciphertext."
* This is not the case in Tox.
*
* @param ciphertext contains ciphertext to decrypt
* @param plaintext stores decrypted ciphertext
* @param encrypted_length length of ciphertext+MAC
* @param shared_key used for XAEAD decryption
* @param hash stores hash value, used as associated data in XAEAD
*/
non_null()
int noise_decrypt_and_hash(uint8_t *plaintext, const uint8_t *ciphertext,
size_t encrypted_length, uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE],
uint8_t hash[CRYPTO_SHA512_SIZE]);

#ifdef __cplusplus
} /* extern "C" */
#endif
Expand Down
3 changes: 2 additions & 1 deletion toxcore/logger.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,8 @@ void logger_write(const Logger *log, Logger_Level level, const char *file, int l
#endif /* WIN32 */

// Format message
char msg[1024];
// TODO: changed from 1024 to 4096
char msg[4096];
va_list args;
va_start(args, format);
vsnprintf(msg, sizeof(msg), format, args);
Expand Down
Loading
Loading