diff --git a/CHANGELOG.md b/CHANGELOG.md index dac3c6f..3edd931 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,6 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Go through all calls and make them return streamlined exceptions if applicable. Pretty large change, but OTOH, this ought to happen before a 1.0 release as well. - - AEAD - hash - kx - randombytes diff --git a/c_src/aead.c b/c_src/aead.c index 997e3ac..75851fd 100644 --- a/c_src/aead.c +++ b/c_src/aead.c @@ -57,24 +57,20 @@ enacl_crypto_aead_chacha20poly1305_ietf_encrypt(ErlNifEnv *env, int argc, if (!enif_alloc_binary(message.size + crypto_aead_chacha20poly1305_ietf_ABYTES, &ciphertext)) { - ret = enacl_error_tuple(env, "alloc_failed"); - goto done; + goto err; } - if (crypto_aead_chacha20poly1305_ietf_encrypt( - ciphertext.data, NULL, message.data, message.size, ad.data, ad.size, - NULL, nonce.data, key.data) < 0) { - ret = enacl_error_tuple(env, "aead_chacha20poly1305_ietf_encrypt_failed"); - goto release; - } + crypto_aead_chacha20poly1305_ietf_encrypt(ciphertext.data, NULL, message.data, + message.size, ad.data, ad.size, + NULL, nonce.data, key.data); ret = enif_make_binary(env, &ciphertext); goto done; bad_arg: return enif_make_badarg(env); -release: - enif_release_binary(&ciphertext); +err: + ret = enacl_internal_error(env); done: return ret; } @@ -106,14 +102,13 @@ enacl_crypto_aead_chacha20poly1305_ietf_decrypt(ErlNifEnv *env, int argc, if (!enif_alloc_binary(ciphertext.size - crypto_aead_chacha20poly1305_ietf_ABYTES, &message)) { - ret = enacl_error_tuple(env, "alloc_failed"); - goto done; + return enacl_internal_error(env); } if (crypto_aead_chacha20poly1305_ietf_decrypt( message.data, NULL, NULL, ciphertext.data, ciphertext.size, ad.data, - ad.size, nonce.data, key.data) < 0) { - ret = enacl_error_tuple(env, "aead_chacha20poly1305_ietf_decrypt_failed"); + ad.size, nonce.data, key.data) != 0) { + ret = enacl_error_tuple(env, "failed_verification"); goto release; } @@ -180,24 +175,20 @@ enacl_crypto_aead_xchacha20poly1305_ietf_encrypt(ErlNifEnv *env, int argc, if (!enif_alloc_binary(message.size + crypto_aead_xchacha20poly1305_ietf_ABYTES, &ciphertext)) { - ret = enacl_error_tuple(env, "alloc_failed"); - goto done; + goto err; } - if (crypto_aead_xchacha20poly1305_ietf_encrypt( - ciphertext.data, NULL, message.data, message.size, ad.data, ad.size, - NULL, nonce.data, key.data) < 0) { - ret = enacl_error_tuple(env, "aead_xchacha20poly1305_ietf_encrypt_failed"); - goto release; - } + crypto_aead_xchacha20poly1305_ietf_encrypt( + ciphertext.data, NULL, message.data, message.size, ad.data, ad.size, NULL, + nonce.data, key.data); ret = enif_make_binary(env, &ciphertext); goto done; bad_arg: return enif_make_badarg(env); -release: - enif_release_binary(&ciphertext); +err: + ret = enacl_internal_error(env); done: return ret; } @@ -229,14 +220,13 @@ enacl_crypto_aead_xchacha20poly1305_ietf_decrypt(ErlNifEnv *env, int argc, if (!enif_alloc_binary(ciphertext.size - crypto_aead_xchacha20poly1305_ietf_ABYTES, &message)) { - ret = enacl_error_tuple(env, "alloc_failed"); - goto done; + return enacl_internal_error(env); } if (crypto_aead_xchacha20poly1305_ietf_decrypt( message.data, NULL, NULL, ciphertext.data, ciphertext.size, ad.data, - ad.size, nonce.data, key.data) < 0) { - ret = enacl_error_tuple(env, "aead_xchacha20poly1305_ietf_decrypt_failed"); + ad.size, nonce.data, key.data) != 0) { + ret = enacl_error_tuple(env, "failed_verification"); goto release; } diff --git a/eqc_test/enacl_eqc.erl b/eqc_test/enacl_eqc.erl index bef5da2..4a9640a 100644 --- a/eqc_test/enacl_eqc.erl +++ b/eqc_test/enacl_eqc.erl @@ -546,6 +546,29 @@ prop_aead_chacha20poly1305_ietf_fail() -> end end). +%% * aead_xchacha20poly1305_encrypt/4, +%% * aead_xchacha20poly1305_decrypt/4, +prop_aead_xchacha20poly1305_ietf() -> + NPubBytes = enacl:aead_xchacha20poly1305_ietf_NPUBBYTES(), + ?FORALL({Key, Msg, AD, Nonce}, + {binary(32), binary(), ?LET(ADBytes, choose(0,16), binary(ADBytes)), binary(NPubBytes)}, + begin + EncryptMsg = enacl:aead_xchacha20poly1305_ietf_encrypt(Msg, AD, Nonce, Key), + equals(enacl:aead_xchacha20poly1305_ietf_decrypt(EncryptMsg, AD, Nonce, Key), Msg) + end). + +prop_aead_xchacha20poly1305_ietf_fail() -> + NPubBytes = enacl:aead_xchacha20poly1305_ietf_NPUBBYTES(), + ?FORALL({Key, Msg, AD, Nonce}, + {binary(32), binary(), ?LET(ADBytes, choose(0,16), binary(ADBytes)), binary(NPubBytes)}, + begin + EncryptMsg = enacl:aead_xchacha20poly1305_ietf_encrypt(Msg, AD, Nonce, Key), + case enacl:aead_xchacha20poly1305_ietf_decrypt(<<0:8, EncryptMsg/binary>>, AD, Nonce, Key) of + {error, _} -> true; + _ -> false + end + end). + %% CRYPTO STREAM %% ------------------------------------------------------------ %% * stream/3 diff --git a/src/enacl.erl b/src/enacl.erl index 658472c..d618fae 100644 --- a/src/enacl.erl +++ b/src/enacl.erl @@ -1152,7 +1152,7 @@ kx_secret_key_size() -> %% `AD' using `Key' and `Nonce'. Returns the encrypted message followed by %% `aead_chacha20poly1305_ABYTES/0' bytes of MAC. %% @end --spec aead_chacha20poly1305_ietf_encrypt(Msg, AD, Nonce, Key) -> binary() | {error, term()} +-spec aead_chacha20poly1305_ietf_encrypt(Msg, AD, Nonce, Key) -> binary() when Key :: binary(), Nonce :: binary(), AD :: binary(), @@ -1207,7 +1207,7 @@ aead_chacha20poly1305_ietf_MESSAGEBYTES_MAX() -> %% `AD' using `Key' and `Nonce'. Returns the encrypted message followed by %% `aead_xchacha20poly1305_ABYTES/0' bytes of MAC. %% @end --spec aead_xchacha20poly1305_ietf_encrypt(Msg, AD, Nonce, Key) -> binary() | {error, term()} +-spec aead_xchacha20poly1305_ietf_encrypt(Msg, AD, Nonce, Key) -> binary() when Key :: binary(), Nonce :: binary(), AD :: binary(),