diff --git a/.github/workflows/shared.yml b/.github/workflows/shared.yml index eec7f3fec9..141e0e002c 100644 --- a/.github/workflows/shared.yml +++ b/.github/workflows/shared.yml @@ -43,7 +43,7 @@ jobs: # runner with BuildJet instead. - { target: linux-aarch64, runner: buildjet-2vcpu-ubuntu-2204-arm } - { target: linux-x86_64, runner: ubuntu-22.04 } - # GitHub doesn't provide macOS machines with Apple Silicon, so we + # GitHub doesn't provide macOS machines with Apple Silicon, so we # self-host a runner with MacStadium instead. - { target: macos-aarch64, runner: [self-hosted, macos, ARM64] } - { target: macos-x86_64, runner: macos-12 } @@ -72,7 +72,7 @@ jobs: /private/var/tmp/_bazel_$(whoami) # Cache musl libc toolchains. /usr/local/*-musl - + - name: chown /usr/local/*-musl if: ${{ matrix.target == 'linux-x86_64' || matrix.target == 'linux-aarch64'}} run: | @@ -123,7 +123,8 @@ jobs: "macos-x86_64") # Switch Xcode path to match the path specified in our bazel toolchain. sudo xcode-select --switch /Library/Developer/CommandLineTools - brew install automake libtool llvm@15 + brew install automake libtool llvm@15 pkg-config + export PKG_CONFIG_PATH=$(which pkg-config) ;; *) echo "Unsupported target: ${{ matrix.target }}" diff --git a/README.md b/README.md index 9e68fafdad..679d829fac 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,6 @@ defined in its own package: - [`pkg/c3`](pkg/c3): A set of basic utilities for writing Urbit's style of C. - [`pkg/ent`](pkg/ent): A cross-platform wrapper for `getentropy(2)`. -- [`pkg/urcrypt`](pkg/urcrypt): A standardized interface for calling various - cryptographic functions used in the Urbit runtime. - [`pkg/ur`](pkg/ur): An implementation of [jam][jam] and [cue][cue], Urbit's bitwise noun serialization and deserialization algorithms, respectively. - [`pkg/noun`](pkg/noun): The Nock virtual machine and snapshotting system. diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel index 2cad948ace..c5a66ad095 100644 --- a/WORKSPACE.bazel +++ b/WORKSPACE.bazel @@ -121,15 +121,6 @@ versioned_http_archive( version = "9681279cfaa6e6399bb7ca3afbbc27fc2e19df4b", ) -versioned_http_archive( - name = "argon2", - build_file = "//bazel/third_party/argon2:argon2.BUILD", - sha256 = "40850e6e6324be10f14228d17b617ad2074bb926eeddd6fe40ad5df833833949", - strip_prefix = "argon2-{version}", - url = "https://github.com/urbit/argon2/archive/{version}.tar.gz", - version = "a4c1e3f7138c2e577376beb99f964cf71e1c8b1b", -) - versioned_http_archive( name = "bazel_gazelle", sha256 = "efbbba6ac1a4fd342d5122cbdfdb82aeb2cf2862e35022c752eaddffada7c3f3", @@ -154,15 +145,6 @@ versioned_http_archive( version = "7.85.0", ) -versioned_http_archive( - name = "ed25519", - build_file = "//bazel/third_party/ed25519:ed25519.BUILD", - sha256 = "373923c85f61276e3cad2c0ae7a5d5cd4809ffe46c5abc1dc8276683a55782a0", - strip_prefix = "ed25519-{version}", - url = "https://github.com/orlp/ed25519/archive/{version}.tar.gz", - version = "7fa6712ef5d581a6981ec2b08ee623314cd1d1c4", -) - versioned_http_archive( name = "gmp", build_file = "//bazel/third_party/gmp:gmp.BUILD", @@ -214,17 +196,6 @@ versioned_http_file( version = "255fb1ca8206072f1d09425f0db61ecfe7ff5b17", ) -versioned_http_archive( - name = "keccak_tiny", - build_file = "//bazel/third_party/keccak_tiny:keccak_tiny.BUILD", - patch_args = ["-p1"], - patches = ["//bazel/third_party/keccak_tiny:{version}.patch"], - sha256 = "6d4717f96b84805886c74bad89e911076664d992f197634fd7cdfca2ac0f62ef", - strip_prefix = "keccak-tiny-{version}", - url = "https://github.com/coruus/keccak-tiny/archive/{version}.tar.gz", - version = "64b6647514212b76ae7bca0dea9b7b197d1d8186", -) - versioned_http_archive( name = "lmdb", build_file = "//bazel/third_party/lmdb:lmdb.BUILD", @@ -272,18 +243,6 @@ versioned_http_archive( version = "67108d883061043e55d0fb13961ac1b6fc8a485c", ) -versioned_http_archive( - name = "scrypt", - build_file = "//bazel/third_party/scrypt:scrypt.BUILD", - sha256 = "df681fb19b653b1a12970ebb6091bb2b58411b9e7baf01143870f6be3f099541", - strip_prefix = "libscrypt-{version}", - url = "https://github.com/technion/libscrypt/archive/{version}.tar.gz", - # When bumping the version, compare `Makefile` in the `scrypt` repo to - # {build_file} and confirm that {build_file} remains an accurate description - # of the scrypt build process. - version = "60e585cdd752262b22ed4113eca41c0461a61608", -) - versioned_http_archive( name = "secp256k1", build_file = "//bazel/third_party/secp256k1:secp256k1.BUILD", @@ -337,6 +296,15 @@ versioned_http_file( version = "ea8fee3aa0434d4bdf1bf785e5ec346c7ecba7fd", ) +versioned_http_archive( + name = "urcrypt", + build_file = "//bazel/third_party/urcrypt:urcrypt.BUILD", + sha256 = "00ec597c14c418802d5db2d6a68cf83bd4f5419071b95f979374d3184599d6c8", + strip_prefix = "urcrypt-{version}", + url = "https://github.com/urbit/urcrypt/archive/{version}.tar.gz", + version = "b970baefa6e0a680fffa2b2ee19c956a4ae20355", +) + versioned_http_archive( name = "uv", build_file = "//bazel/third_party/uv:uv.BUILD", diff --git a/bazel/BUILD.bazel b/bazel/BUILD.bazel index bb93f5d26c..5ac74d0b96 100644 --- a/bazel/BUILD.bazel +++ b/bazel/BUILD.bazel @@ -11,7 +11,6 @@ refresh_compile_commands( "//pkg/ent", "//pkg/noun", "//pkg/ur", - "//pkg/urcrypt", "//pkg/vere:urbit", ], # No need to add flags already in .bazelrc. They're automatically picked up. @@ -19,4 +18,4 @@ refresh_compile_commands( # Wildcard patterns, like //... for everything, *are* allowed here, just like a build. # As are additional targets (+) and subtractions (-), like in bazel query https://docs.bazel.build/versions/main/query.html#expressions # And if you're working on a header-only library, specify a test or binary target that compiles it. -) \ No newline at end of file +) diff --git a/bazel/third_party/urcrypt/BUILD.bazel b/bazel/third_party/urcrypt/BUILD.bazel new file mode 100644 index 0000000000..e69de29bb2 diff --git a/bazel/third_party/urcrypt/urcrypt.BUILD b/bazel/third_party/urcrypt/urcrypt.BUILD new file mode 100644 index 0000000000..973830447d --- /dev/null +++ b/bazel/third_party/urcrypt/urcrypt.BUILD @@ -0,0 +1,28 @@ +load("@rules_foreign_cc//foreign_cc:defs.bzl", "configure_make") + +filegroup( + name = "all", + srcs = glob(["**"]), +) + +configure_make( + name = "urcrypt", + autogen = True, + configure_in_place = True, + configure_options = [ + "--disable-shared", + ], + copts = [ + "-Wall", + "-g", + "-O3", + ], + deps = [ + "@aes_siv", + "@openssl", + "@secp256k1" + ], + lib_source = ":all", + out_static_libs = ["liburcrypt.a"], + visibility = ["//visibility:public"], +) diff --git a/pkg/noun/BUILD.bazel b/pkg/noun/BUILD.bazel index 964e4bf60f..a4efaeaff6 100644 --- a/pkg/noun/BUILD.bazel +++ b/pkg/noun/BUILD.bazel @@ -34,13 +34,13 @@ vere_library( "//pkg/c3", "//pkg/ent", "//pkg/ur", - "//pkg/urcrypt", "@gmp", "@murmur3", "@openssl", "@pdjson", "@sigsegv", "@softfloat", + "@urcrypt", ] + select({ "@platforms//os:macos": ["//pkg/noun/platform/darwin"], "@platforms//os:linux": ["//pkg/noun/platform/linux"], diff --git a/pkg/noun/jets.c b/pkg/noun/jets.c index 00edefec40..00a6ae78eb 100644 --- a/pkg/noun/jets.c +++ b/pkg/noun/jets.c @@ -14,7 +14,7 @@ #include "retrieve.h" #include "serial.h" #include "trace.h" -#include "urcrypt/urcrypt.h" +#include "urcrypt.h" #include "vortex.h" #include "xtract.h" diff --git a/pkg/noun/manage.c b/pkg/noun/manage.c index 9b6d47fcab..0d425e3358 100644 --- a/pkg/noun/manage.c +++ b/pkg/noun/manage.c @@ -20,7 +20,7 @@ #include "platform/rsignal.h" #include "retrieve.h" #include "trace.h" -#include "urcrypt/urcrypt.h" +#include "urcrypt.h" #include "vortex.h" #include "xtract.h" diff --git a/pkg/urcrypt/.gitignore b/pkg/urcrypt/.gitignore deleted file mode 100644 index b464b3f2f1..0000000000 --- a/pkg/urcrypt/.gitignore +++ /dev/null @@ -1,56 +0,0 @@ -*.pc -config.h -config.status -libtool - -# the following was adapted from -# https://github.com/github/gitignore/blob/991e760c1c6d50fdda246e0178b9c58b06770b90/Autotools.gitignore - -# http://www.gnu.org/software/automake - -Makefile.in -build-aux/ar-lib -/mdate-sh -/py-compile -/test-driver -/ylwrap -.deps/ -.dirstamp - -# http://www.gnu.org/software/autoconf - -autom4te.cache -/autoscan.log -/autoscan-*.log -/aclocal.m4 -build-aux/compile -/config.cache -build-aux/config.guess -/config.h.in -build-aux/config.log -build-aux/config.status -build-aux/config.sub -/configure -/configure.scan -build-aux/depcomp -build-aux/install-sh -build-aux/missing -/stamp-h1 - -# https://www.gnu.org/software/libtool/ - -build-aux/ltmain.sh - -# http://www.gnu.org/software/m4/ - -build-aux/m4/libtool.m4 -build-aux/m4/ltoptions.m4 -build-aux/m4/ltsugar.m4 -build-aux/m4/ltversion.m4 -build-aux/m4/lt~obsolete.m4 - -# Generated Makefile -# (meta build system like autotools, -# can automatically generate from config.status script -# (which is called by configure script)) -Makefile diff --git a/pkg/urcrypt/BUILD.bazel b/pkg/urcrypt/BUILD.bazel deleted file mode 100644 index 22108ea72c..0000000000 --- a/pkg/urcrypt/BUILD.bazel +++ /dev/null @@ -1,36 +0,0 @@ -# -# LIBRARIES -# - -load("//bazel:common_settings.bzl", "vere_library") - -vere_library( - name = "urcrypt", - srcs = glob( - [ - "*.c", - "*.h", - ], - exclude = ["urcrypt.h"], - ), - hdrs = ["urcrypt.h"], - copts = [ - "-Wall", - "-g", - "-O3", - ], - include_prefix = "urcrypt", - includes = ["."], - linkstatic = True, - visibility = ["//pkg:__subpackages__"], - deps = [ - "//pkg/urcrypt/ge-additions", - "@aes_siv", - "@argon2", - "@ed25519", - "@keccak_tiny", - "@openssl", - "@scrypt", - "@secp256k1", - ], -) diff --git a/pkg/urcrypt/README.md b/pkg/urcrypt/README.md deleted file mode 100644 index 7170a906b3..0000000000 --- a/pkg/urcrypt/README.md +++ /dev/null @@ -1,33 +0,0 @@ -What is urcrypt? ----------------- -urcrypt is a library of cryptography routines used by urbit jets. - -Why is urcrypt? ---------------- -Urbit's C runtime (long the only urbit runtime) has accumulated a collection of -cryptography dependencies, some with custom additions or patches. These -libraries have different conventions and have been managed by u3 in an ad-hoc -manner. Reproducing that arrangement in other runtimes is tricky and -error-prone. The (sometimes inconsistent) logic must be reproduced and suitable -cryptography primitives must be found (or worse, written) for the new -environment. - -To ease these burdens, urcrypt isolates the quirks behind a consistent calling -convention. Everything is a little-endian byte array, and each jetted operation -has a corresponding function in the library. Jets simply unpack their nouns, -call urcrypt, and pack the results. - -What is a cryptography routine? -------------------------------- -This is more of a subjective question than it might appear. Any of the following -conditions are sufficient, but not necessary, for a function to be included in -urcrypt: - - * The routine is sensitive to side-channel attacks (encryption, etc) - * Some property of the routine is cryptographically useful (SHA, RIPE, etc) - * The routine typically lives in a crypto library, for whatever reason. - -A word on OpenSSL ------------------ -It is the library user's responsibility to initialize openssl, set custom memory -functions, etc. diff --git a/pkg/urcrypt/aes_cbc.c b/pkg/urcrypt/aes_cbc.c deleted file mode 100644 index f163bccd8c..0000000000 --- a/pkg/urcrypt/aes_cbc.c +++ /dev/null @@ -1,181 +0,0 @@ -#include "urcrypt.h" -#include "util.h" -#include -#include - -static int -urcrypt__cbc_pad(uint8_t **message_ptr, - size_t *length_ptr, - urcrypt_realloc_t realloc_ptr) -{ - size_t length = *length_ptr, - remain = length % 16; - - if ( 0 == remain ) { - // no padding needed - return 0; - } - else { - size_t padding = 16 - remain, - padded = length + padding; - - if ( padded < length ) { - // size_t overflow - return -1; - } - else { - uint8_t *out = (*realloc_ptr)(*message_ptr, padded); - if ( NULL == out ) { - return -2; - } - else { - memset(out + length, 0, padding); - *message_ptr = out; - *length_ptr = padded; - return 0; - } - } - } -} - -static int -urcrypt__cbc_help(uint8_t **message_ptr, - size_t *length_ptr, - const AES_KEY *key, - uint8_t ivec[16], - const int enc, - urcrypt_realloc_t realloc_ptr) -{ - if ( 0 != urcrypt__cbc_pad(message_ptr, length_ptr, realloc_ptr) ) { - return -1; - } - else { - uint8_t *out = *message_ptr; - size_t length = *length_ptr; - urcrypt__reverse(16, ivec); - urcrypt__reverse(length, out); - AES_cbc_encrypt(out, out, length, key, ivec, enc); - urcrypt__reverse(length, out); - return 0; - } -} - -int -urcrypt_aes_cbca_en(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[16], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr) -{ - AES_KEY aes_key; - - urcrypt__reverse(16, key); - - if ( 0 != AES_set_encrypt_key(key, 128, &aes_key) ) { - return -1; - } - else { - return urcrypt__cbc_help(message_ptr, length_ptr, - &aes_key, ivec, AES_ENCRYPT, realloc_ptr); - } -} - -int -urcrypt_aes_cbca_de(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[16], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr) -{ - AES_KEY aes_key; - - urcrypt__reverse(16, key); - - if ( 0 != AES_set_decrypt_key(key, 128, &aes_key) ) { - return -1; - } - else { - return urcrypt__cbc_help(message_ptr, length_ptr, - &aes_key, ivec, AES_DECRYPT, realloc_ptr); - } -} - -int -urcrypt_aes_cbcb_en(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[24], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr) -{ - AES_KEY aes_key; - - urcrypt__reverse(24, key); - - if ( 0 != AES_set_encrypt_key(key, 192, &aes_key) ) { - return -1; - } - else { - return urcrypt__cbc_help(message_ptr, length_ptr, - &aes_key, ivec, AES_ENCRYPT, realloc_ptr); - } -} - -int -urcrypt_aes_cbcb_de(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[24], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr) -{ - AES_KEY aes_key; - - urcrypt__reverse(24, key); - - if ( 0 != AES_set_decrypt_key(key, 192, &aes_key) ) { - return -1; - } - else { - return urcrypt__cbc_help(message_ptr, length_ptr, - &aes_key, ivec, AES_DECRYPT, realloc_ptr); - } -} - -int -urcrypt_aes_cbcc_en(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[32], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr) -{ - AES_KEY aes_key; - - urcrypt__reverse(32, key); - - if ( 0 != AES_set_encrypt_key(key, 256, &aes_key) ) { - return -1; - } - else { - return urcrypt__cbc_help(message_ptr, length_ptr, - &aes_key, ivec, AES_ENCRYPT, realloc_ptr); - } -} - -int -urcrypt_aes_cbcc_de(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[32], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr) -{ - AES_KEY aes_key; - - urcrypt__reverse(32, key); - - if ( 0 != AES_set_decrypt_key(key, 256, &aes_key) ) { - return -1; - } - else { - return urcrypt__cbc_help(message_ptr, length_ptr, - &aes_key, ivec, AES_DECRYPT, realloc_ptr); - } -} diff --git a/pkg/urcrypt/aes_ecb.c b/pkg/urcrypt/aes_ecb.c deleted file mode 100644 index 9b39100126..0000000000 --- a/pkg/urcrypt/aes_ecb.c +++ /dev/null @@ -1,111 +0,0 @@ -#include "urcrypt.h" -#include "util.h" -#include - -int -urcrypt_aes_ecba_en(uint8_t key[16], uint8_t block[16], uint8_t out[16]) -{ - AES_KEY aes_key; - - urcrypt__reverse(16, key); - urcrypt__reverse(16, block); - - if ( 0 != AES_set_encrypt_key(key, 128, &aes_key) ) { - return -1; - } - else { - AES_ecb_encrypt(block, out, &aes_key, AES_ENCRYPT); - urcrypt__reverse(16, out); - return 0; - } -} - -int -urcrypt_aes_ecba_de(uint8_t key[16], uint8_t block[16], uint8_t out[16]) -{ - AES_KEY aes_key; - - urcrypt__reverse(16, key); - urcrypt__reverse(16, block); - - if ( 0 != AES_set_decrypt_key(key, 128, &aes_key) ) { - return -1; - } - else { - AES_ecb_encrypt(block, out, &aes_key, AES_DECRYPT); - urcrypt__reverse(16, out); - return 0; - } -} - -int -urcrypt_aes_ecbb_en(uint8_t key[24], uint8_t block[16], uint8_t out[16]) -{ - AES_KEY aes_key; - - urcrypt__reverse(24, key); - urcrypt__reverse(16, block); - - if ( 0 != AES_set_encrypt_key(key, 192, &aes_key) ) { - return -1; - } - else { - AES_ecb_encrypt(block, out, &aes_key, AES_ENCRYPT); - urcrypt__reverse(16, out); - return 0; - } -} - -int -urcrypt_aes_ecbb_de(uint8_t key[24], uint8_t block[16], uint8_t out[16]) -{ - AES_KEY aes_key; - - urcrypt__reverse(24, key); - urcrypt__reverse(16, block); - - if ( 0 != AES_set_decrypt_key(key, 192, &aes_key) ) { - return -1; - } - else { - AES_ecb_encrypt(block, out, &aes_key, AES_DECRYPT); - urcrypt__reverse(16, out); - return 0; - } -} - -int -urcrypt_aes_ecbc_en(uint8_t key[32], uint8_t block[16], uint8_t out[16]) -{ - AES_KEY aes_key; - - urcrypt__reverse(32, key); - urcrypt__reverse(16, block); - - if ( 0 != AES_set_encrypt_key(key, 256, &aes_key) ) { - return -1; - } - else { - AES_ecb_encrypt(block, out, &aes_key, AES_ENCRYPT); - urcrypt__reverse(16, out); - return 0; - } -} - -int -urcrypt_aes_ecbc_de(uint8_t key[32], uint8_t block[16], uint8_t out[16]) -{ - AES_KEY aes_key; - - urcrypt__reverse(32, key); - urcrypt__reverse(16, block); - - if ( 0 != AES_set_decrypt_key(key, 256, &aes_key) ) { - return -1; - } - else { - AES_ecb_encrypt(block, out, &aes_key, AES_DECRYPT); - urcrypt__reverse(16, out); - return 0; - } -} diff --git a/pkg/urcrypt/aes_siv.c b/pkg/urcrypt/aes_siv.c deleted file mode 100644 index 7e06e769f2..0000000000 --- a/pkg/urcrypt/aes_siv.c +++ /dev/null @@ -1,181 +0,0 @@ -#include "urcrypt.h" -#include "util.h" -#include "aes_siv.h" - -static AES_SIV_CTX* -urcrypt__aes_siv_init(uint8_t *key, - size_t key_length, - urcrypt_aes_siv_data *data, - size_t data_length) -{ - AES_SIV_CTX *ctx = AES_SIV_CTX_new(); - if ( NULL == ctx ) { - return NULL; - } - else { - urcrypt__reverse(key_length, key); - if ( 0 == AES_SIV_Init(ctx, key, key_length) ) { - AES_SIV_CTX_free(ctx); - return NULL; - } - else { - size_t i, len; - uint8_t *dat; - - for ( i = 0; i < data_length; ++i ) { - len = data[i].length; - dat = data[i].bytes; - urcrypt__reverse(len, dat); - if ( 0 == AES_SIV_AssociateData(ctx, dat, len) ) { - AES_SIV_CTX_free(ctx); - return NULL; - } - } - - return ctx; - } - } -} - -static int -urcrypt__aes_siv_en(uint8_t *key, - size_t key_length, - uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t iv[16], - uint8_t *out) -{ - AES_SIV_CTX *ctx = urcrypt__aes_siv_init(key, key_length, data, data_length); - - if ( NULL == ctx ) { - return -1; - } - else { - int ret; - urcrypt__reverse(message_length, message); - ret = AES_SIV_EncryptFinal(ctx, iv, out, message, message_length); - AES_SIV_CTX_free(ctx); - - if ( 0 == ret ) { - return -2; - } - else { - urcrypt__reverse(16, iv); - urcrypt__reverse(message_length, out); - return 0; - } - } -} - -static int -urcrypt__aes_siv_de(uint8_t *key, - size_t key_length, - uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t iv[16], - uint8_t *out) -{ - AES_SIV_CTX *ctx = urcrypt__aes_siv_init(key, key_length, data, data_length); - - if ( NULL == ctx ) { - return -1; - } - else { - int ret; - - urcrypt__reverse(message_length, message); - urcrypt__reverse(16, iv); - ret = AES_SIV_DecryptFinal(ctx, out, iv, message, message_length); - AES_SIV_CTX_free(ctx); - - if ( 0 == ret ) { - return -2; - } - else { - urcrypt__reverse(message_length, out); - return 0; - } - } -} - -int -urcrypt_aes_siva_en(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[32], - uint8_t iv[16], - uint8_t *out) -{ - return urcrypt__aes_siv_en(key, 32, - message, message_length, data, data_length, iv, out); -} - -int -urcrypt_aes_siva_de(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[32], - uint8_t iv[16], - uint8_t *out) -{ - return urcrypt__aes_siv_de(key, 32, - message, message_length, data, data_length, iv, out); -} - -int -urcrypt_aes_sivb_en(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[48], - uint8_t iv[16], - uint8_t *out) -{ - return urcrypt__aes_siv_en(key, 48, - message, message_length, data, data_length, iv, out); -} - -int -urcrypt_aes_sivb_de(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[48], - uint8_t iv[16], - uint8_t *out) -{ - return urcrypt__aes_siv_de(key, 48, - message, message_length, data, data_length, iv, out); -} - -int -urcrypt_aes_sivc_en(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[64], - uint8_t iv[16], - uint8_t *out) -{ - return urcrypt__aes_siv_en(key, 64, - message, message_length, data, data_length, iv, out); -} - -int -urcrypt_aes_sivc_de(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[64], - uint8_t iv[16], - uint8_t *out) -{ - return urcrypt__aes_siv_de(key, 64, - message, message_length, data, data_length, iv, out); -} diff --git a/pkg/urcrypt/argon.c b/pkg/urcrypt/argon.c deleted file mode 100644 index e1090dddec..0000000000 --- a/pkg/urcrypt/argon.c +++ /dev/null @@ -1,120 +0,0 @@ -#include "urcrypt.h" -#include "util.h" -#include -#include - -// library convention is to have sizes in size_t, but argon2 wants them -// in uint32_t, so here's a helper macro for ensuring equivalence. -#define SZ_32(s) ( sizeof(size_t) <= sizeof(uint32_t) || s <= 0xFFFFFFFF ) - -const char* -urcrypt_argon2(uint8_t type, - uint32_t version, - uint32_t threads, - uint32_t memory_cost, - uint32_t time_cost, - size_t secret_length, - uint8_t *secret, - size_t associated_length, - uint8_t *associated, - size_t password_length, - uint8_t *password, - size_t salt_length, - uint8_t *salt, - size_t out_length, - uint8_t *out, - urcrypt_argon2_alloc_t alloc_ptr, - urcrypt_argon2_free_t free_ptr) -{ - if ( !( SZ_32(secret_length) && - SZ_32(associated_length) && - SZ_32(password_length) && - SZ_32(salt_length) && - SZ_32(out_length) ) ) { - return "length > 32 bits"; - } - else { - int (*f)(argon2_context*); - int result; - - switch ( type ) { - default: - return "unknown type"; - case urcrypt_argon2_d: - f = &argon2d_ctx; - break; - case urcrypt_argon2_i: - f = &argon2i_ctx; - break; - case urcrypt_argon2_id: - f = &argon2id_ctx; - break; - case urcrypt_argon2_u: - f = &argon2u_ctx; - break; - } - - urcrypt__reverse(secret_length, secret); - urcrypt__reverse(associated_length, associated); - urcrypt__reverse(password_length, password); - urcrypt__reverse(salt_length, salt); - - argon2_context context = { - out, // output array, at least [digest length] in size - out_length, // digest length - password, // password array - password_length, // password length - salt, // salt array - salt_length, // salt length - secret, // optional secret data - secret_length, - associated, // optional associated data - associated_length, - time_cost, // performance cost configuration - memory_cost, - threads, - threads, - version, // algorithm version - alloc_ptr, // custom memory allocation function - free_ptr, // custom memory deallocation function - ARGON2_DEFAULT_FLAGS // by default only internal memory is cleared - }; - - result = (*f)(&context); - - if ( ARGON2_OK != result ) { - return argon2_error_message(result); - } - else { - urcrypt__reverse(out_length, out); - return NULL; - } - } -} - -int -urcrypt_blake2(size_t message_length, - uint8_t *message, - size_t key_length, - uint8_t key[64], - size_t out_length, - uint8_t *out) -{ - if ( key_length > 64 ) { - return -1; - } - else { - urcrypt__reverse(message_length, message); - urcrypt__reverse(key_length, key); - - if ( 0 != blake2b(out, out_length, - message, message_length, - key, key_length)) { - return -1; - } - else { - urcrypt__reverse(out_length, out); - return 0; - } - } -} diff --git a/pkg/urcrypt/argon2/argon2-specs.pdf b/pkg/urcrypt/argon2/argon2-specs.pdf deleted file mode 100644 index d916af6415..0000000000 Binary files a/pkg/urcrypt/argon2/argon2-specs.pdf and /dev/null differ diff --git a/pkg/urcrypt/argon2/latex/pics/argon2-par.pdf b/pkg/urcrypt/argon2/latex/pics/argon2-par.pdf deleted file mode 100644 index ab2a8438a4..0000000000 Binary files a/pkg/urcrypt/argon2/latex/pics/argon2-par.pdf and /dev/null differ diff --git a/pkg/urcrypt/argon2/latex/pics/compression.pdf b/pkg/urcrypt/argon2/latex/pics/compression.pdf deleted file mode 100644 index 999775825e..0000000000 Binary files a/pkg/urcrypt/argon2/latex/pics/compression.pdf and /dev/null differ diff --git a/pkg/urcrypt/argon2/latex/pics/generic.pdf b/pkg/urcrypt/argon2/latex/pics/generic.pdf deleted file mode 100644 index b58197eb2f..0000000000 Binary files a/pkg/urcrypt/argon2/latex/pics/generic.pdf and /dev/null differ diff --git a/pkg/urcrypt/argon2/latex/pics/power-distribution.jpg b/pkg/urcrypt/argon2/latex/pics/power-distribution.jpg deleted file mode 100644 index 82d006965e..0000000000 Binary files a/pkg/urcrypt/argon2/latex/pics/power-distribution.jpg and /dev/null differ diff --git a/pkg/urcrypt/ed25519.c b/pkg/urcrypt/ed25519.c deleted file mode 100644 index eb25f0b759..0000000000 --- a/pkg/urcrypt/ed25519.c +++ /dev/null @@ -1,53 +0,0 @@ -#include "urcrypt.h" -#include -#include - -void -urcrypt_ed_puck(const uint8_t seed[32], - uint8_t out[32]) -{ - uint8_t secret[64]; - ed25519_create_keypair(out, secret, seed); -} - -void -urcrypt_ed_shar(const uint8_t public[32], - const uint8_t seed[32], - uint8_t out[32]) -{ - uint8_t self[32], exp[64]; - - memset(self, 0, 32); - memset(exp, 0, 64); - memset(out, 0, 32); - - ed25519_create_keypair(self, exp, seed); - ed25519_key_exchange(out, public, exp); -} - -void -urcrypt_ed_sign(const uint8_t *message, - size_t length, - const uint8_t seed[32], - uint8_t out[64]) -{ - uint8_t public[64], secret[64]; - - memset(public, 0, 64); - memset(secret, 0, 64); - memset(out, 0, 64); - - ed25519_create_keypair(public, secret, seed); - ed25519_sign(out, message, length, public, secret); -} - -bool -urcrypt_ed_veri(const uint8_t *message, - size_t length, - const uint8_t public[32], - const uint8_t signature[64]) -{ - return ( ed25519_verify(signature, message, length, public) == 1 ) - ? true - : false; -} diff --git a/pkg/urcrypt/ge-additions/BUILD.bazel b/pkg/urcrypt/ge-additions/BUILD.bazel deleted file mode 100644 index 06ab7c3e5a..0000000000 --- a/pkg/urcrypt/ge-additions/BUILD.bazel +++ /dev/null @@ -1,11 +0,0 @@ -load("//bazel:common_settings.bzl", "vere_library") - -vere_library( - name = "ge-additions", - srcs = ["ge-additions.c"], - hdrs = ["ge-additions.h"], - includes = ["."], - linkstatic = True, - visibility = ["//pkg/urcrypt:__pkg__"], - deps = ["@ed25519"], -) diff --git a/pkg/urcrypt/ge-additions/LICENSE b/pkg/urcrypt/ge-additions/LICENSE deleted file mode 100644 index 6a66aea5ea..0000000000 --- a/pkg/urcrypt/ge-additions/LICENSE +++ /dev/null @@ -1,27 +0,0 @@ -Copyright (c) 2009 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/pkg/urcrypt/ge-additions/README.md b/pkg/urcrypt/ge-additions/README.md deleted file mode 100644 index 0684ab2656..0000000000 --- a/pkg/urcrypt/ge-additions/README.md +++ /dev/null @@ -1,20 +0,0 @@ -# Group Element Additions - -Urbit uses the ge.h code from the ed25519 library, which was ported from the -ref10 SUPERCOP public domain implementation. That implementation doesn't -contain several functions needed for ring signatures. - -This file does. The providence of this code starts with Adam Langley taking -the SUPERCOP C implementation and producing an ed25519 implementation for it -in golang (https://godoc.org/golang.org/x/crypto/ed25519). (If you look at -the go code, you'll see the comments are the same as the comments in the C -implementation.) - -From there, the DEDIS group from ETH Zurich took that implementation and -added the additional methods to make a generalized ECC point library. While -their project as a whole is MPL, they deliberately left their ed25519 -implementation under the Go BSD-3 license: -(https://github.com/dedis/kyber/blob/master/group/edwards25519/LICENSE) - -This file is a fairly straight translation from Go to C of DEDIS' additions, -so this falls under the same license. diff --git a/pkg/urcrypt/ge-additions/ge-additions.c b/pkg/urcrypt/ge-additions/ge-additions.c deleted file mode 100644 index 95b296dc20..0000000000 --- a/pkg/urcrypt/ge-additions/ge-additions.c +++ /dev/null @@ -1,169 +0,0 @@ -// Group Element Additions -// -// Urbit uses the ge.h code from the ed25519 library, which was ported from the -// ref10 SUPERCOP public domain implementation. That implementation doesn't -// contain several functions needed for ring signatures. -// -// This file does. The providence of this code starts with Adam Langley taking -// the SUPERCOP C implementation and producing an ed25519 implementation for it -// in golang (https://godoc.org/golang.org/x/crypto/ed25519). (If you look at -// the go code, you'll see the comments are the same as the comments in the C -// implementation.) -// -// From there, the DEDIS group from ETH Zurich took that implementation and -// added the additional methods to make a generalized ECC point library. While -// their project as a whole is MPL, they deliberately left their ed25519 -// implementation under the Go BSD-3 license: -// (https://github.com/dedis/kyber/blob/master/group/edwards25519/LICENSE) -// -// This file is a fairly straight translation from Go to C of DEDIS' additions, -// so this falls under the same license. -// -// ------ -// -// Copyright (c) 2009 The Go Authors. All rights reserved. -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following disclaimer -// in the documentation and/or other materials provided with the -// distribution. -// * Neither the name of Google Inc. nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -#include "ge-additions.h" - -#include - -static unsigned char equal(signed char b, signed char c) { - unsigned char ub = b; - unsigned char uc = c; - unsigned char x = ub ^ uc; /* 0: yes; 1..255: no */ - uint64_t y = x; /* 0: yes; 1..255: no */ - y -= 1; /* large: yes; 0..254: no */ - y >>= 63; /* 1: yes; 0: no */ - return (unsigned char) y; -} - -static unsigned char negative(signed char b) { - uint64_t x = b; /* 18446744073709551361..18446744073709551615: yes; 0..255: no */ - x >>= 63; /* 1: yes; 0: no */ - return (unsigned char) x; -} - -void ge_cached_0(ge_cached* c) { - fe_1(c->YplusX); - fe_1(c->YminusX); - fe_1(c->Z); - fe_0(c->T2d); -} - -void ge_cached_cmov(ge_cached* r, const ge_cached* u, int32_t b) -{ - fe_cmov(r->YplusX, u->YplusX, b); - fe_cmov(r->YminusX, u->YminusX, b); - fe_cmov(r->Z, u->Z, b); - fe_cmov(r->T2d, u->T2d, b); -} - -void ge_cached_neg(ge_cached* r, const ge_cached* t) -{ - fe_copy(r->YplusX, t->YminusX); - fe_copy(r->YminusX, t->YplusX); - fe_copy(r->Z, t->Z); - fe_neg(r->T2d, t->T2d); -} - -void select_cached(ge_cached* c, const ge_cached Ai[8], int32_t b) -{ - int32_t is_negative = negative(b); - int32_t b_abs = b - (((-is_negative) & b) << 1); - - ge_cached_0(c); - for (int32_t i = 0; i < 8; ++i) { - ge_cached_cmov(c, &Ai[i], equal(b_abs, i+1)); - } - - ge_cached minusC; - ge_cached_neg(&minusC, c); - ge_cached_cmov(c, &minusC, is_negative); -} - -// -void ge_scalarmult(ge_p3* h, const unsigned char* a, const ge_p3* A) -{ - signed char e[64]; - int i; - ge_p1p1 t; - ge_p3 u; - - for (i = 0; i < 32; ++i) { - e[2 * i + 0] = (a[i] >> 0) & 15; - e[2 * i + 1] = (a[i] >> 4) & 15; - } - - /* each e[i] is between 0 and 15 */ - /* e[63] is between 0 and 7 */ - signed char carry = 0; - for (i = 0; i < 63; ++i) { - e[i] += carry; - carry = e[i] + 8; - carry >>= 4; - e[i] -= carry << 4; - } - e[63] += carry; - /* each e[i] is between -8 and 8 */ - - // compute cached array of multiples of A from 1A through 8A - ge_cached Ai[8]; - ge_p3_to_cached(&Ai[0], A); - for (i = 0; i < 7; ++i) { - ge_add(&t, A, &Ai[i]); - ge_p1p1_to_p3(&u, &t); - ge_p3_to_cached(&Ai[i+1], &u); - } - - // special case for exponent nybble i == 63 - ge_p3_0(&u); - ge_cached c; - select_cached(&c, Ai, e[63]); - ge_add(&t, &u, &c); - - ge_p2 r; - for (i = 62; i >= 0; i--) { - // t <<= 4 - ge_p1p1_to_p2(&r, &t); - ge_p2_dbl(&t, &r); - ge_p1p1_to_p2(&r, &t); - ge_p2_dbl(&t, &r); - ge_p1p1_to_p2(&r, &t); - ge_p2_dbl(&t, &r); - ge_p1p1_to_p2(&r, &t); - ge_p2_dbl(&t, &r); - - // Add next nyble - ge_p1p1_to_p3(&u, &t); - select_cached(&c, Ai, e[i]); - ge_add(&t, &u, &c); - } - - ge_p1p1_to_p3(h, &t); -} diff --git a/pkg/urcrypt/ge-additions/ge-additions.h b/pkg/urcrypt/ge-additions/ge-additions.h deleted file mode 100644 index 3424ac689b..0000000000 --- a/pkg/urcrypt/ge-additions/ge-additions.h +++ /dev/null @@ -1,8 +0,0 @@ -#ifndef GE_ADDITIONS_H -#define GE_ADDITIONS_H - -#include - -void ge_scalarmult(ge_p3* h, const unsigned char* a, const ge_p3* A); - -#endif diff --git a/pkg/urcrypt/ge_additions.c b/pkg/urcrypt/ge_additions.c deleted file mode 100644 index f894fc8adb..0000000000 --- a/pkg/urcrypt/ge_additions.c +++ /dev/null @@ -1,126 +0,0 @@ -#include "urcrypt.h" -#include - -int -urcrypt_ed_point_add(const uint8_t a[32], - const uint8_t b[32], - uint8_t out[32]) -{ - ge_p3 A, B; - ge_cached b_cached; - ge_p1p1 sum; - ge_p3 result; - - if ( ge_frombytes_negate_vartime(&A, a) != 0 ) { - return -1; - } - - if ( ge_frombytes_negate_vartime(&B, b) != 0 ) { - return -1; - } - - // Undo the negation from above. See add_scalar.c in the ed25519 distro. - fe_neg(A.X, A.X); - fe_neg(A.T, A.T); - fe_neg(B.X, B.X); - fe_neg(B.T, B.T); - - ge_p3_to_cached(&b_cached, &B); - ge_add(&sum, &A, &b_cached); - ge_p1p1_to_p3(&result, &sum); - - ge_p3_tobytes(out, &result); - - return 0; -} - -int -urcrypt_ed_scalarmult(const uint8_t a[32], - const uint8_t b[32], - uint8_t out[32]) -{ - ge_p3 B, result; - - if ( ge_frombytes_negate_vartime(&B, b) != 0 ) { - return -1; - } - - // Undo the negation from above. See add_scalar.c in the ed25519 distro. - fe_neg(B.X, B.X); - fe_neg(B.T, B.T); - - ge_scalarmult(&result, a, &B); - ge_p3_tobytes(out, &result); - return 0; -} - -void -urcrypt_ed_scalarmult_base(const uint8_t a[32], - uint8_t out[32]) -{ - ge_p3 R; - ge_scalarmult_base(&R, a); - ge_p3_tobytes(out, &R); -} - -int -urcrypt_ed_add_scalarmult_scalarmult_base(const uint8_t a[32], - const uint8_t a_point[32], - const uint8_t b[32], - uint8_t out[32]) -{ - ge_p2 r; - ge_p3 A; - - if (ge_frombytes_negate_vartime(&A, a_point) != 0) { - return -1; - } - - // Undo the negation from above. See add_scalar.c in the ed25519 distro. - fe_neg(A.X, A.X); - fe_neg(A.T, A.T); - - ge_double_scalarmult_vartime(&r, a, &A, b); - ge_tobytes(out, &r); - - return 0; -} - -int -urcrypt_ed_add_double_scalarmult(const uint8_t a[32], - const uint8_t a_point[32], - const uint8_t b[32], - const uint8_t b_point[32], - uint8_t out[32]) -{ - ge_p3 A, B, a_result, b_result, final_result; - ge_cached b_result_cached; - ge_p1p1 sum; - - if ( ge_frombytes_negate_vartime(&A, a_point) != 0 ) { - return -1; - } - - if ( ge_frombytes_negate_vartime(&B, b_point) != 0 ) { - return -1; - } - - // Undo the negation from above. See add_scalar.c in the ed25519 distro. - fe_neg(A.X, A.X); - fe_neg(A.T, A.T); - fe_neg(B.X, B.X); - fe_neg(B.T, B.T); - - // Perform the multiplications of a*A and b*B - ge_scalarmult(&a_result, a, &A); - ge_scalarmult(&b_result, b, &B); - - // Sum those two points - ge_p3_to_cached(&b_result_cached, &b_result); - ge_add(&sum, &a_result, &b_result_cached); - - ge_p1p1_to_p3(&final_result, &sum); - ge_p3_tobytes(out, &final_result); - - return 0; -} diff --git a/pkg/urcrypt/keccak.c b/pkg/urcrypt/keccak.c deleted file mode 100644 index 028b872fbc..0000000000 --- a/pkg/urcrypt/keccak.c +++ /dev/null @@ -1,21 +0,0 @@ -#include "urcrypt.h" -#include "util.h" -#include - -#define defkec(bits,byts) \ - int urcrypt_keccak_##bits(const uint8_t *message, size_t length, \ - uint8_t out[byts]) \ - { \ - if ( 0 == keccak_##bits(out, byts, message, length) ) { \ - urcrypt__reverse(byts, out); \ - return 0; \ - } \ - else { \ - return -1; \ - }\ - } - -defkec(224, 28) -defkec(256, 32) -defkec(384, 48) -defkec(512, 64) diff --git a/pkg/urcrypt/ripemd.c b/pkg/urcrypt/ripemd.c deleted file mode 100644 index 787184090b..0000000000 --- a/pkg/urcrypt/ripemd.c +++ /dev/null @@ -1,20 +0,0 @@ -#include "urcrypt.h" -#include "util.h" -#include - -int -urcrypt_ripemd160(uint8_t *message, size_t length, uint8_t out[20]) -{ - unsigned long n = length; - - if ( length != n ) { - return -1; - } - else { - urcrypt__reverse(length, message); - RIPEMD160(message, n, out); - urcrypt__reverse(20, out); - return 0; - } -} - diff --git a/pkg/urcrypt/scrypt.c b/pkg/urcrypt/scrypt.c deleted file mode 100644 index 830eddc563..0000000000 --- a/pkg/urcrypt/scrypt.c +++ /dev/null @@ -1,31 +0,0 @@ -#include "urcrypt.h" -#include -#include - -void -urcrypt_scrypt_pbkdf_sha256(const uint8_t *passwd, - size_t passwdlen, - const uint8_t *salt, - size_t saltlen, - uint64_t count, - size_t outlen, // must be at most 32*(2^32-1) - uint8_t *out) -{ - libscrypt_PBKDF2_SHA256( - passwd, passwdlen, salt, saltlen, count, out, outlen); -} - -int -urcrypt_scrypt(const uint8_t *passwd, - size_t passwdlen, - const uint8_t *salt, - size_t saltlen, - uint64_t n, - uint32_t r, - uint32_t p, - size_t outlen, - uint8_t *out) -{ - return libscrypt_scrypt( - passwd, passwdlen, salt, saltlen, n, r, p, out, outlen); -} diff --git a/pkg/urcrypt/secp256k1.c b/pkg/urcrypt/secp256k1.c deleted file mode 100644 index 76f16a0505..0000000000 --- a/pkg/urcrypt/secp256k1.c +++ /dev/null @@ -1,245 +0,0 @@ -#include "urcrypt.h" -#include "util.h" -#include -#include -#include -#include -#include -#include - -#define SECP_FLAGS SECP256K1_CONTEXT_VERIFY | SECP256K1_CONTEXT_SIGN - -struct urcrypt_secp_context_struct { - secp256k1_context* secp; - uint8_t prealloc[]; -}; - -size_t -urcrypt_secp_prealloc_size() -{ - return sizeof(urcrypt_secp_context) + - secp256k1_context_preallocated_size(SECP_FLAGS); -} - -int -urcrypt_secp_init(urcrypt_secp_context *context, - uint8_t entropy[32]) -{ - secp256k1_context* secp = - secp256k1_context_preallocated_create(context->prealloc, SECP_FLAGS); - if ( 1 == secp256k1_context_randomize(secp, entropy) ) { - context->secp = secp; - return 0; - } - else { - secp256k1_context_preallocated_destroy(secp); - return -1; - } -} - -void -urcrypt_secp_destroy(urcrypt_secp_context *context) -{ - secp256k1_context_preallocated_destroy(context->secp); -} - -int -urcrypt_secp_make(uint8_t hash[32], uint8_t key[32], uint8_t out[32]) -{ - urcrypt__reverse(32, hash); - urcrypt__reverse(32, key); - - if ( 1 != secp256k1_nonce_function_rfc6979( - out, // OUT: return arg for nonce - hash, // IN: message / hash */ - key, // IN: key32 - NULL, // IN: algorithm (NULL == ECDSA) - NULL, // IN: arbitrary data pointer (unused) - 0) ) { // IN: attempt number (0 == normal) - return -1; - } - else { - urcrypt__reverse(32, out); - return 0; - } -} - -int -urcrypt_secp_sign(urcrypt_secp_context* context, - uint8_t hash[32], - uint8_t key[32], - uint8_t* out_v, - uint8_t out_r[32], - uint8_t out_s[32]) -{ - secp256k1_ecdsa_recoverable_signature signature; - - urcrypt__reverse(32, hash); - urcrypt__reverse(32, key); - - /* sign - N.B. if we want the 'v' field we can't use default secp256k1_ecdsa_sign(), - but must use secp256k1_ecdsa_sign_recoverable() */ - if ( 1 != secp256k1_ecdsa_sign_recoverable( - context->secp, /* IN: context object */ - &signature, /* OUT: signature */ - hash, /* IN: 32 byte hash to be signed */ - key, /* IN: 32 byte secret key */ - NULL, /* IN: nonce-function ptr ; NULL = default */ - NULL) ) { /* IN: data for nonce function; not used */ - return -1; - } - else { - uint8_t sigbytes[64]; - int recid; - if ( 1 != secp256k1_ecdsa_recoverable_signature_serialize_compact( - context->secp, /* IN: context object */ - sigbytes, /* OUT: 64 byte sig (r,s) */ - &recid, /* OUT: v */ - &signature) ) { /* IN: 65 byte sig */ - return -2; - } - else { - /* read sigbytes into r and s - convert endianness while we're at it */ - uint8_t i, j; - for ( j = 31, i = 0; i < 32; ++i, --j) { - out_r[j] = sigbytes[i]; - } - for ( j = 31; i < 64; ++i, --j ) { - out_s[j] = sigbytes[i]; - } - *out_v = (uint8_t) recid; - return 0; - } - } -} - -int -urcrypt_secp_reco(urcrypt_secp_context* context, - uint8_t hash[32], - uint8_t key_v, - const uint8_t key_r[32], - const uint8_t key_s[32], - uint8_t out_x[32], - uint8_t out_y[32]) -{ - if ( (NULL == hash) || - (NULL == key_r) || - (NULL == key_s) ) { - return -1; - } - else if ( key_v > 3 ) { - return -2; - } - else { - secp256k1_ecdsa_recoverable_signature signature; - uint8_t private[64]; - uint8_t i, j; - // make big private key out of two smaller parts, reversing endianness - for ( j = 31, i = 0; i < 32; ++i, --j) { - private[i] = key_r[j]; - } - for ( j = 31; i < 64; ++i, --j ) { - private[i] = key_s[j]; - } - memset(&signature, 0, sizeof(secp256k1_ecdsa_recoverable_signature)); - if ( 1 != secp256k1_ecdsa_recoverable_signature_parse_compact( - context->secp, /* IN: context */ - &signature, /* OUT: sig */ - private, /* IN: r/s */ - key_v) ) { /* IN: v */ - return -3; - } - else { - secp256k1_pubkey public; - memset(&public, 0, sizeof(secp256k1_pubkey)); - urcrypt__reverse(32, hash); - if ( 1 != secp256k1_ecdsa_recover( - context->secp, /* IN: context */ - &public, /* OUT: pub key */ - &signature, /* IN: signature */ - hash) ) { /* IN: message hash */ - return -4; - } - else { - /* convert pub into serialized form that we can get x, y out of */ - uint8_t serialized[65]; - size_t outputlen = 65; - memset(serialized, 0, outputlen); - if ( 1 != secp256k1_ec_pubkey_serialize( - context->secp, /* IN: context */ - serialized, /* OUT: output */ - &outputlen, /* IN/OUT: outputlen */ - &public, /* IN: pubkey*/ - SECP256K1_EC_UNCOMPRESSED) ) { /* IN: flags */ - return -5; - } - else { - /* in file - subprojects/secp256k1/src/eckey_impl.h - func - secp256k1_eckey_pubkey_parse() - we can see - byte 0: signal bits (???) - bytes 1-32: x - bytes 33-64: y - - convert endianness while we're at it */ - for (j = 32, i = 0; i < 32; ++i, --j) { - out_x[i] = serialized[j]; - } - for (j = 64, i = 0; i < 32; ++i, --j) { - out_y[i] = serialized[j]; - } - return 0; - } - } - } - } -} - -int -urcrypt_secp_schnorr_sign(urcrypt_secp_context* context, - uint8_t key[32], - uint8_t msg[32], - uint8_t aux[32], - uint8_t out_sig[64]) -{ - secp256k1_keypair keypair; - - urcrypt__reverse(32, key); - urcrypt__reverse(32, msg); - urcrypt__reverse(32, aux); - - if ( 1 != secp256k1_keypair_create(context->secp, &keypair, key) ) { - return -1; - } - if ( 1 != secp256k1_schnorrsig_sign32(context->secp, out_sig, msg, &keypair, aux) ) { - return -1; - } - - urcrypt__reverse(64, out_sig); - return 0; -} - -bool -urcrypt_secp_schnorr_veri(urcrypt_secp_context* context, - uint8_t sig[64], - uint8_t msg[32], - uint8_t pub[32]) -{ - secp256k1_xonly_pubkey pubkey; - - urcrypt__reverse(64, sig); - urcrypt__reverse(32, msg); - urcrypt__reverse(32, pub); - - if ( 1 != secp256k1_xonly_pubkey_parse(context->secp, &pubkey, pub) ) { - return false; - } - if ( 1 != secp256k1_schnorrsig_verify(context->secp, sig, msg, 32, &pubkey) ) { - return false; - } - return true; -} diff --git a/pkg/urcrypt/sha.c b/pkg/urcrypt/sha.c deleted file mode 100644 index 9cd318c5ad..0000000000 --- a/pkg/urcrypt/sha.c +++ /dev/null @@ -1,49 +0,0 @@ -#include "urcrypt.h" -#include "util.h" -#include - -void -urcrypt_sha1(uint8_t *message, size_t length, uint8_t out[20]) -{ - urcrypt__reverse(length, message); - SHA1(message, length, out); - urcrypt__reverse(20, out); -} - -void -urcrypt_shay(const uint8_t *message, size_t length, uint8_t out[32]) -{ - SHA256(message, length, out); -} - -void -urcrypt_shal(const uint8_t *message, size_t length, uint8_t out[64]) -{ - SHA512(message, length, out); -} - -void -urcrypt_shas(uint8_t *salt, size_t salt_length, - const uint8_t *message, size_t message_length, - uint8_t out[32]) -{ - size_t i; - uint8_t mid[32]; - - // docs don't say what happens if msg overlaps with out - urcrypt_shay(message, message_length, mid); - - if ( salt_length > 32 ) { - for ( i = 0; i < 32; i++ ) { - salt[i] ^= mid[i]; - } - urcrypt_shay(salt, salt_length, out); - } - else { - for ( i = 0; i < salt_length; i++ ) { - mid[i] ^= salt[i]; - } - urcrypt_shay(mid, 32, out); - } -} - diff --git a/pkg/urcrypt/urcrypt.h b/pkg/urcrypt/urcrypt.h deleted file mode 100644 index 682531b948..0000000000 --- a/pkg/urcrypt/urcrypt.h +++ /dev/null @@ -1,246 +0,0 @@ -#ifndef URCRYPT_H -#define URCRYPT_H -#include -#include -#include -// const arguments are not written to, non-const arguments may be -// all arrays are in little-endian byte order. -// array sizes[64] are purely documentary - -// 0 on success, result in out -int urcrypt_ed_point_add(const uint8_t a[32], - const uint8_t b[32], - uint8_t out[32]); -int urcrypt_ed_scalarmult(const uint8_t a[32], - const uint8_t b[32], - uint8_t out[32]); -// void functions have no failure mode -void urcrypt_ed_scalarmult_base(const uint8_t a[32], - uint8_t out[32]); -int urcrypt_ed_add_scalarmult_scalarmult_base(const uint8_t a[32], - const uint8_t a_point[32], - const uint8_t b[32], - uint8_t out[32]); -int urcrypt_ed_add_double_scalarmult(const uint8_t a[32], - const uint8_t a_point[32], - const uint8_t b[32], - const uint8_t b_point[32], - uint8_t out[32]); - -void urcrypt_ed_puck(const uint8_t seed[32], - uint8_t out[32]); -void urcrypt_ed_shar(const uint8_t public[32], - const uint8_t seed[32], - uint8_t out[32]); -void urcrypt_ed_sign(const uint8_t *message, - size_t length, - const uint8_t seed[32], - uint8_t out[64]); -// return value means the signature was (not) verified -bool urcrypt_ed_veri(const uint8_t *message, - size_t length, - const uint8_t public[32], - const uint8_t signature[64]); - -int urcrypt_aes_ecba_en(uint8_t key[16], uint8_t block[16], uint8_t out[16]); -int urcrypt_aes_ecba_de(uint8_t key[16], uint8_t block[16], uint8_t out[16]); -int urcrypt_aes_ecbb_en(uint8_t key[24], uint8_t block[16], uint8_t out[16]); -int urcrypt_aes_ecbb_de(uint8_t key[24], uint8_t block[16], uint8_t out[16]); -int urcrypt_aes_ecbc_en(uint8_t key[32], uint8_t block[16], uint8_t out[16]); -int urcrypt_aes_ecbc_de(uint8_t key[32], uint8_t block[16], uint8_t out[16]); - -typedef void* (*urcrypt_realloc_t)(void*, size_t); - -// message and length are read/write so -// realloc_ptr can be used as realloc to pad message -int urcrypt_aes_cbca_en(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[16], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr); -int urcrypt_aes_cbca_de(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[16], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr); -int urcrypt_aes_cbcb_en(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[24], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr); -int urcrypt_aes_cbcb_de(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[24], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr); -int urcrypt_aes_cbcc_en(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[32], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr); -int urcrypt_aes_cbcc_de(uint8_t **message_ptr, - size_t *length_ptr, - uint8_t key[32], - uint8_t ivec[16], - urcrypt_realloc_t realloc_ptr); - -typedef struct { - size_t length; - uint8_t *bytes; -} urcrypt_aes_siv_data; - -int urcrypt_aes_siva_en(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[32], - uint8_t iv[16], - uint8_t *out); -int urcrypt_aes_siva_de(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[32], - uint8_t iv[16], - uint8_t *out); -int urcrypt_aes_sivb_en(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[48], - uint8_t iv[16], - uint8_t *out); -int urcrypt_aes_sivb_de(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[48], - uint8_t iv[16], - uint8_t *out); -int urcrypt_aes_sivc_en(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[64], - uint8_t iv[16], - uint8_t *out); -int urcrypt_aes_sivc_de(uint8_t *message, - size_t message_length, - urcrypt_aes_siv_data *data, - size_t data_length, - uint8_t key[64], - uint8_t iv[16], - uint8_t *out); - -int urcrypt_ripemd160(uint8_t *message, size_t length, uint8_t out[20]); - -void urcrypt_sha1(uint8_t *message, size_t length, uint8_t out[20]); -void urcrypt_shay(const uint8_t *message, size_t length, uint8_t out[32]); -void urcrypt_shal(const uint8_t *message, size_t length, uint8_t out[64]); -void urcrypt_shas(uint8_t *salt, size_t salt_length, - const uint8_t *message, size_t message_length, - uint8_t out[32]); - -typedef int (*urcrypt_argon2_alloc_t)(uint8_t**, size_t); -typedef void (*urcrypt_argon2_free_t)(uint8_t*, size_t); - -#define urcrypt_argon2_d 0 -#define urcrypt_argon2_i 1 -#define urcrypt_argon2_id 2 -#define urcrypt_argon2_u 10 - -/* returns a constant error message string or NULL for success */ -const char* urcrypt_argon2(uint8_t type, // one of the urcrpyt_argon2_* - uint32_t version, - uint32_t threads, - uint32_t memory_cost, - uint32_t time_cost, - size_t secret_length, - uint8_t *secret, - size_t associated_length, - uint8_t *associated, - size_t password_length, - uint8_t *password, - size_t salt_length, - uint8_t *salt, - size_t out_length, - uint8_t *out, - urcrypt_argon2_alloc_t alloc_ptr, - urcrypt_argon2_free_t free_ptr); - -int urcrypt_blake2(size_t message_length, - uint8_t *message, - size_t key_length, - uint8_t key[64], - size_t out_length, - uint8_t *out); - -/* there is some long-term context associated with the secp library - * (precomputed tables, etc), so secp functions require a context object - */ -typedef struct urcrypt_secp_context_struct urcrypt_secp_context; - -// size of opaque secp handle, malloc and pass to init -size_t urcrypt_secp_prealloc_size(void); -// call this once at per context with high quality entropy -int urcrypt_secp_init(urcrypt_secp_context *context, - uint8_t entropy[32]); -// call before freeing opaque secp handle -void urcrypt_secp_destroy(urcrypt_secp_context *context); - -int urcrypt_secp_make(uint8_t hash[32], uint8_t key[32], uint8_t out[32]); -int urcrypt_secp_sign(urcrypt_secp_context* context, - uint8_t hash[32], - uint8_t key[32], - uint8_t* out_v, - uint8_t out_r[32], - uint8_t out_s[32]); -int urcrypt_secp_reco(urcrypt_secp_context* context, - uint8_t hash[32], - uint8_t key_v, // 0, 1, 2, 3 - const uint8_t key_r[32], - const uint8_t key_s[32], - uint8_t out_x[32], - uint8_t out_y[32]); -int urcrypt_secp_schnorr_sign(urcrypt_secp_context* context, - uint8_t key[32], - uint8_t msg[32], - uint8_t aux[32], - uint8_t out_sig[64]); -// return value means signature was (not) verified -bool urcrypt_secp_schnorr_veri(urcrypt_secp_context* context, - uint8_t sig[64], - uint8_t msg[32], - uint8_t pub[32]); - -void urcrypt_scrypt_pbkdf_sha256(const uint8_t *passwd, - size_t passwdlen, - const uint8_t *salt, - size_t saltlen, - uint64_t count, - size_t outlen, // must be at most 32*(2^32-1) - uint8_t *out); - -int urcrypt_scrypt(const uint8_t *passwd, - size_t passwdlen, - const uint8_t *salt, - size_t saltlen, - uint64_t n, - uint32_t r, - uint32_t p, - size_t outlen, - uint8_t *out); - -int urcrypt_keccak_224(const uint8_t *message, - size_t length, - uint8_t out[28]); -int urcrypt_keccak_256(const uint8_t *message, - size_t length, - uint8_t out[32]); -int urcrypt_keccak_384(const uint8_t *message, - size_t length, - uint8_t out[48]); -int urcrypt_keccak_512(const uint8_t *message, - size_t length, - uint8_t out[64]); -#endif diff --git a/pkg/urcrypt/util.c b/pkg/urcrypt/util.c deleted file mode 100644 index 8caa519389..0000000000 --- a/pkg/urcrypt/util.c +++ /dev/null @@ -1,14 +0,0 @@ -#include "urcrypt.h" - -void -urcrypt__reverse(size_t size, uint8_t *ptr) { - if ( size > 0 ) { - size_t i, j; - uint8_t tmp; - for ( i = 0, j = size - 1; i < j; i++, j-- ) { - tmp = ptr[i]; - ptr[i] = ptr[j]; - ptr[j] = tmp; - } - } -} diff --git a/pkg/urcrypt/util.h b/pkg/urcrypt/util.h deleted file mode 100644 index 1c6202c6df..0000000000 --- a/pkg/urcrypt/util.h +++ /dev/null @@ -1,6 +0,0 @@ -#ifndef URCRYPT_UTIL_H -#define URCRYPT_UTIL_H - -void urcrypt__reverse(size_t size, uint8_t *ptr); - -#endif