Implement crypto boxing/unboxing for public key cryptographic systems.

2014-11-21 13:40:47 +01:00 · 2014-11-21 13:40:47 +01:00 · ff5196b99f
commit ff5196b99f
parent c074a4b186
3 changed files with 76 additions and 6 deletions
--- a/eqc_test/enacl_eqc.erl
+++ b/eqc_test/enacl_eqc.erl
@ -5,6 +5,10 @@
 %% CRYPTO BOX
 %% ---------------------------

+nonce() ->
+    Sz = enacl:box_nonce_size(),
+    binary(Sz).
+
 prop_box_keypair() ->
    ?FORALL(_X, return(dummy),
        ok_box(enacl:box_keypair())).
@ -12,6 +16,25 @@ prop_box_keypair() ->
 ok_box({ok, _PK, _SK}) -> true;
 ok_box(_) -> false.

+prop_box_correct() ->
+    ?FORALL({Msg, Nonce}, {binary(), nonce()},
+        begin
+            {ok, PK1, SK1} = enacl:box_keypair(),
+            {ok, PK2, SK2} = enacl:box_keypair(),
+            CipherText = enacl:box(Msg, Nonce, PK2, SK1),
+            {ok, DecodedMsg} = enacl:box_open(CipherText, Nonce, PK1, SK2),
+            equals(Msg, DecodedMsg)
+        end).
+
+prop_box_failure_integrity() ->
+    ?FORALL({Msg, Nonce}, {binary(), nonce()},
+        begin
+            {ok, PK1, SK1} = enacl:box_keypair(),
+            {ok, PK2, SK2} = enacl:box_keypair(),
+            CipherText = enacl:box(Msg, Nonce, PK2, SK1),
+            Err = enacl:box_open([<<"x">>, CipherText], Nonce, PK1, SK2),
+            equals(Err, {error, failed_verification})
+        end).

 %% HASHING
 %% ---------------------------
--- a/src/enacl.erl
+++ b/src/enacl.erl
@ -1,8 +1,14 @@
 -module(enacl).

 -export([
-	hash/1,
-	box_keypair/0
+	box_keypair/0,
+	box/4,
+	box_open/4,
+	box_nonce_size/0
+]).
+
+-export([
+	hash/1
 ]).

 hash(Bin) ->
@ -11,3 +17,21 @@ hash(Bin) ->
 box_keypair() ->
 	enacl_nif:crypto_box_keypair().

+box(Msg, Nonce, PK, SK) ->
+    enacl_nif:crypto_box([zerobytes(), Msg], Nonce, PK, SK).
+    
+box_open(CipherText, Nonce, PK, SK) ->
+    case enacl_nif:crypto_box_open([box_zerobytes(), CipherText], Nonce, PK, SK) of
+        {error, Err} -> {error, Err};
+        Bin when is_binary(Bin) -> {ok, Bin}
+    end.
+
+box_nonce_size() ->
+	enacl_nif:crypto_box_NONCEBYTES().
+
+%% Helpers
+zerobytes() ->
+	binary:copy(<<0>>, enacl_nif:crypto_box_ZEROBYTES()).
+	
+box_zerobytes() ->
+	binary:copy(<<0>>, enacl_nif:crypto_box_BOXZEROBYTES()).
--- a/src/enacl_nif.erl
+++ b/src/enacl_nif.erl
@ -1,9 +1,22 @@
+%%% @doc module enacl_nif provides the low-level interface to the NaCl/Sodium NIFs.
+%%% @end
 -module(enacl_nif).

+%% Public key auth
 -export([
-	crypto_hash/1,
-	crypto_box_keypair/0
+	crypto_box_keypair/0,
+	crypto_box/4,
+	crypto_box_open/4,
+	crypto_box_NONCEBYTES/0,
+	crypto_box_ZEROBYTES/0,
+	crypto_box_BOXZEROBYTES/0
 ]).
+
+%% Miscellaneous helper functions
+-export([
+	crypto_hash/1
+]).
+
 -on_load(init/0).

 init() ->
@ -16,6 +29,16 @@ init() ->
 		end, atom_to_list(?MODULE)),
 	erlang:load_nif(SoName, 0).

-crypto_hash(Input) when is_binary(Input) -> error({nif_not_loaded, ?MODULE}).
-crypto_box_keypair() -> error({nif_not_loaded, ?MODULE}).
+not_loaded() ->
+    error({nif_not_loaded, ?MODULE}).
+
+crypto_box_NONCEBYTES() -> not_loaded().
+crypto_box_ZEROBYTES() -> not_loaded().
+crypto_box_BOXZEROBYTES() -> not_loaded().
+crypto_box_keypair() -> not_loaded().
+crypto_box(_PaddedMsg, _Nonce, _PK, _SK) -> not_loaded().
+crypto_box_open(_CipherText, _Nonce, _PK, _SK) -> not_loaded().
+
+crypto_hash(Input) when is_binary(Input) -> not_loaded().
+