QPQ-AG/enacl
10
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Streamlining of secret and _verify

Browse Source 
The secret key API is now streamlined.

Also, all verify-type functions are
now returning boolean() values.
This makes the API consistent.
This commit is contained in:
Jesper Louis Andersen 2020-02-06 11:12:32 +01:00
parent 1cb2c3a2a2
commit 7999d08e9d
5 changed files with 18 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -9,7 +9,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
- Go through all calls and make them return streamlined exceptions if applicable. - Go through all calls and make them return streamlined exceptions if applicable.
Pretty large change, but OTOH, this ought to happen before a 1.0 release as well. Pretty large change, but OTOH, this ought to happen before a 1.0 release as well.
- secret
- sign - sign
- Implement missing EQC tests - Implement missing EQC tests
@ -27,6 +26,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
`aead_chacha20poly1305_ietf_*` but note it is *not* just a simple substitution `aead_chacha20poly1305_ietf_*` but note it is *not* just a simple substitution
into your code. into your code.
- The `kx` constants have been renamed to follow libsodium one-to-one. - The `kx` constants have been renamed to follow libsodium one-to-one.
- All calls with `verify` now returns booleans. See `sign_verify_detached`, which
were changed by this.
### Removed ### Removed
- The functions of the form `aead_chacha20poly1305_*` were removed. They implement - The functions of the form `aead_chacha20poly1305_*` were removed. They implement

16
c_src/secret.c
View File

@ -91,7 +91,7 @@ ERL_NIF_TERM enacl_crypto_secretbox(ErlNifEnv *env, int argc,
} }
if (!enif_alloc_binary(padded_msg.size, &padded_ciphertext)) { if (!enif_alloc_binary(padded_msg.size, &padded_ciphertext)) {
return enacl_error_tuple(env, "alloc_failed"); return enacl_internal_error(env);
} }
crypto_secretbox(padded_ciphertext.data, padded_msg.data, padded_msg.size, crypto_secretbox(padded_ciphertext.data, padded_msg.data, padded_msg.size,
@ -120,7 +120,7 @@ ERL_NIF_TERM enacl_crypto_secretbox_open(ErlNifEnv *env, int argc,
} }
if (!enif_alloc_binary(padded_ciphertext.size, &padded_msg)) { if (!enif_alloc_binary(padded_ciphertext.size, &padded_msg)) {
return enacl_error_tuple(env, "alloc_failed"); return enacl_internal_error(env);
} }
if (crypto_secretbox_open(padded_msg.data, padded_ciphertext.data, if (crypto_secretbox_open(padded_msg.data, padded_ciphertext.data,
@ -152,7 +152,7 @@ ERL_NIF_TERM enacl_crypto_stream_chacha20(ErlNifEnv *env, int argc,
} }
if (!enif_alloc_binary(clen, &c)) { if (!enif_alloc_binary(clen, &c)) {
return enacl_error_tuple(env, "alloc_failed"); return enacl_internal_error(env);
} }
crypto_stream_chacha20(c.data, c.size, n.data, k.data); crypto_stream_chacha20(c.data, c.size, n.data, k.data);
@ -177,7 +177,7 @@ enacl_crypto_stream_chacha20_xor(ErlNifEnv *env, int argc,
} }
if (!enif_alloc_binary(m.size, &c)) { if (!enif_alloc_binary(m.size, &c)) {
return enacl_error_tuple(env, "alloc_failed"); return enacl_internal_error(env);
} }
crypto_stream_chacha20_xor(c.data, m.data, m.size, n.data, k.data); crypto_stream_chacha20_xor(c.data, m.data, m.size, n.data, k.data);
@ -202,7 +202,7 @@ ERL_NIF_TERM enacl_crypto_stream(ErlNifEnv *env, int argc,
} }
if (!enif_alloc_binary(clen, &c)) { if (!enif_alloc_binary(clen, &c)) {
return enacl_error_tuple(env, "alloc_failed"); return enacl_internal_error(env);
} }
crypto_stream(c.data, c.size, n.data, k.data); crypto_stream(c.data, c.size, n.data, k.data);
@ -226,7 +226,7 @@ ERL_NIF_TERM enacl_crypto_stream_xor(ErlNifEnv *env, int argc,
} }
if (!enif_alloc_binary(m.size, &c)) { if (!enif_alloc_binary(m.size, &c)) {
return enacl_error_tuple(env, "alloc_failed"); return enacl_internal_error(env);
} }
crypto_stream_xor(c.data, m.data, m.size, n.data, k.data); crypto_stream_xor(c.data, m.data, m.size, n.data, k.data);
@ -248,7 +248,7 @@ ERL_NIF_TERM enacl_crypto_auth(ErlNifEnv *env, int argc,
} }
if (!enif_alloc_binary(crypto_auth_BYTES, &a)) { if (!enif_alloc_binary(crypto_auth_BYTES, &a)) {
return enacl_error_tuple(env, "alloc_failed"); return enacl_internal_error(env);
} }
crypto_auth(a.data, m.data, m.size, k.data); crypto_auth(a.data, m.data, m.size, k.data);
@ -291,7 +291,7 @@ ERL_NIF_TERM enacl_crypto_onetimeauth(ErlNifEnv *env, int argc,
} }
if (!enif_alloc_binary(crypto_onetimeauth_BYTES, &a)) { if (!enif_alloc_binary(crypto_onetimeauth_BYTES, &a)) {
return enacl_error_tuple(env, "alloc_failed"); return enacl_internal_error(env);
} }
crypto_onetimeauth(a.data, m.data, m.size, k.data); crypto_onetimeauth(a.data, m.data, m.size, k.data);

4
c_src/sign.c
View File

@ -215,9 +215,9 @@ ERL_NIF_TERM enacl_crypto_sign_final_verify(ErlNifEnv *env, int argc,
} }
if (0 == crypto_sign_final_verify(obj->state, sig.data, pk.data)) { if (0 == crypto_sign_final_verify(obj->state, sig.data, pk.data)) {
ret = enif_make_atom(env, ATOM_OK); ret = enif_make_atom(env, "true");
} else { } else {
ret = enacl_error_tuple(env, "failed_verification"); ret = enif_make_atom(env, "false");
} }
// Mark as done // Mark as done
goto cleanup; goto cleanup;

4
eqc_test/enacl_eqc.erl
View File

@ -421,9 +421,9 @@ prop_sign_detached_open() ->
true -> true ->
case SignMsg of case SignMsg of
{valid, Sig} -> {valid, Sig} ->
equals({ok, Msg}, enacl:sign_verify_detached(Sig, Msg, PK)); equals(true, enacl:sign_verify_detached(Sig, Msg, PK));
{invalid, Sig} -> {invalid, Sig} ->
equals({error, failed_verification}, enacl:sign_verify_detached(Sig, Msg, PK)) equals(false, enacl:sign_verify_detached(Sig, Msg, PK))
end; end;
false -> false ->
badargs(fun() -> enacl:sign_verify_detached(SignMsg, Msg, PK) end) badargs(fun() -> enacl:sign_verify_detached(SignMsg, Msg, PK) end)

11
src/enacl.erl
View File

@ -623,17 +623,14 @@ sign_detached(M, SK) ->
%% message for the given public key. %% message for the given public key.
%% %%
%% Given a signature `SIG', a message `M', and a public key `PK', the function computes %% Given a signature `SIG', a message `M', and a public key `PK', the function computes
%% true iff the `SIG' is valid for `M' and `PK'. %% true iff the `SIG' is valid for `M' and `PK'; false otherwise.
-spec sign_verify_detached(SIG, M, PK) -> {ok, M} | {error, failed_verification} -spec sign_verify_detached(SIG, M, PK) -> boolean()
when when
SIG :: binary(), SIG :: binary(),
M :: iodata(), M :: iodata(),
PK :: binary(). PK :: binary().
sign_verify_detached(SIG, M, PK) -> sign_verify_detached(SIG, M, PK) ->
case enacl_nif:crypto_sign_verify_detached(SIG, M, PK) of enacl_nif:crypto_sign_verify_detached(SIG, M, PK).
true -> {ok, M};
false -> {error, failed_verification}
end.
-type sign_state() :: reference(). -type sign_state() :: reference().
@ -669,7 +666,7 @@ sign_final_create(SignState, SK) ->
%% Verifies that `SIG` is a valid signature for the message whose content has %% Verifies that `SIG` is a valid signature for the message whose content has
%% been previously supplied using `sign_update/2` using the public key `PK.` %% been previously supplied using `sign_update/2` using the public key `PK.`
%% @end %% @end
-spec sign_final_verify(S, SIG, PK) -> ok | {error, failed_verification} -spec sign_final_verify(S, SIG, PK) -> boolean()
when S :: sign_state(), when S :: sign_state(),
SIG :: binary(), SIG :: binary(),
PK :: iodata(). PK :: iodata().