lain/Cerberus
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Начало.

Browse Source
This commit is contained in:
wheelchairy 2025-01-28 21:22:41 +03:00
parent 3d824b589f
commit ebd6d7466d
23 changed files with 16401 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
Makefile Normal file
View File

@ -0,0 +1,56 @@
CC = clang
CXX = clang++
CFLAGS = -O2 -Wall -I./libs
CXXFLAGS = -std=c++17 -O2 -Wall -I./libs
UNAME_S := $(shell uname -s)
BREW_PREFIX := $(shell brew --prefix portaudio 2>/dev/null)
ifeq ($(UNAME_S),Darwin)
ifneq ($(BREW_PREFIX),)
CFLAGS += -I$(BREW_PREFIX)/include
CXXFLAGS += -I$(BREW_PREFIX)/include
LIBS += -L$(BREW_PREFIX)/lib -lportaudio
else
$(warning [Makefile] PortAudio не найдена через Homebrew. Установите её: brew install portaudio)
endif
else ifeq ($(UNAME_S),Linux)
HAVE_PKG := $(shell pkg-config --exists portaudio-2.0 && echo yes || echo no)
ifeq ($(HAVE_PKG),yes)
PORTAUDIO_CFLAGS := $(shell pkg-config --cflags portaudio-2.0)
PORTAUDIO_LIBS := $(shell pkg-config --libs portaudio-2.0)
CFLAGS += $(PORTAUDIO_CFLAGS)
CXXFLAGS += $(PORTAUDIO_CFLAGS)
LIBS += $(PORTAUDIO_LIBS)
else
$(warning [Makefile] portaudio-2.0 не найдена через pkg-config. Использую -lportaudio)
LIBS += -lportaudio
endif
else
$(warning [Makefile] Unsupported OS: $(UNAME_S))
endif
SRCS_CPP = main.cpp commands.cpp cli.cpp webserver.cpp sound.cpp bfsk.cpp x25519_handshake.cpp
SRCS_C = libs/monocypher.c libs/linenoise.c
OBJS_CPP = $(SRCS_CPP:.cpp=.o)
OBJS_C = $(SRCS_C:.c=.o)
TARGET = cerberus
.PHONY: all clean
all: $(TARGET)
$(TARGET): $(OBJS_CPP) $(OBJS_C)
$(CXX) $(CXXFLAGS) -o $@ $^ $(LIBS)
%.o: %.cpp
$(CXX) $(CXXFLAGS) -c $< -o $@
%.o: %.c
$(CC) $(CFLAGS) -c $< -o $@
clean:
rm -f $(TARGET) *.o libs/*.o

78
bfsk.cpp Normal file
View File

@ -0,0 +1,78 @@
#include "bfsk.hpp"
#include <cmath>
#include <cstdlib>
#include <iostream>
std::vector<float> bfskModulate(const std::vector<unsigned char> &data) {
int samplesPerBit = (int)((double)SAMPLE_RATE / BFSK_BAUD);
size_t totalBits = data.size() * 8;
size_t totalSamples = totalBits * samplesPerBit;
std::vector<float> out(totalSamples * 2, 0.0f);
double phase0 = 0.0;
double phase1 = 0.0;
double inc0 = 2.0 * M_PI * BFSK_FREQ0 / (double)SAMPLE_RATE;
double inc1 = 2.0 * M_PI * BFSK_FREQ1 / (double)SAMPLE_RATE;
size_t sampleIndex = 0;
for (auto byteVal : data) {
for (int b = 0; b < 8; b++) {
int bit = (byteVal >> b) & 1;
for (int s = 0; s < samplesPerBit; s++) {
float val;
if (bit == 0) {
val = sinf((float)phase0);
phase0 += inc0;
} else {
val = sinf((float)phase1);
phase1 += inc1;
}
out[sampleIndex*2 + 0] = val * 0.3f;
out[sampleIndex*2 + 1] = val * 0.3f;
sampleIndex++;
}
}
}
return out;
}
std::vector<unsigned char> bfskDemodulate(const std::vector<float> &monoData) {
int samplesPerBit = (int)((double)SAMPLE_RATE / BFSK_BAUD);
size_t totalBits = monoData.size() / samplesPerBit;
size_t totalBytes = totalBits / 8;
double inc0 = 2.0 * M_PI * BFSK_FREQ0 / (double)SAMPLE_RATE;
double inc1 = 2.0 * M_PI * BFSK_FREQ1 / (double)SAMPLE_RATE;
std::vector<unsigned char> result(totalBytes, 0);
size_t bitIndex = 0;
for (size_t b = 0; b < totalBits; b++) {
double sum0 = 0.0;
double sum1 = 0.0;
double phase0 = 0.0;
double phase1 = 0.0;
size_t startSample = b * samplesPerBit;
for (int s = 0; s < samplesPerBit; s++) {
float sample = monoData[startSample + s];
float ref0 = sinf((float)phase0);
float ref1 = sinf((float)phase1);
sum0 += sample * ref0;
sum1 += sample * ref1;
phase0 += inc0;
phase1 += inc1;
}
int bit = (std::fabs(sum1) > std::fabs(sum0)) ? 1 : 0;
size_t bytePos = bitIndex / 8;
int bitPos = bitIndex % 8;
if (bytePos < result.size()) {
result[bytePos] |= (bit << bitPos);
}
bitIndex++;
}
return result;
}

11
bfsk.hpp Normal file
View File

@ -0,0 +1,11 @@
#pragma once
#include <vector>
constexpr double BFSK_FREQ0 = 1000.0;
constexpr double BFSK_FREQ1 = 2000.0;
constexpr double BFSK_BAUD = 100.0;
constexpr int SAMPLE_RATE = 44100;
std::vector<float> bfskModulate(const std::vector<unsigned char> &data);
std::vector<unsigned char> bfskDemodulate(const std::vector<float> &monoData);

56
cli.cpp Normal file
View File

@ -0,0 +1,56 @@
#include "cli.hpp"
#include "commands.hpp"
#include "config.hpp"
#include <iostream>
#include <cstdlib>
#include <string>
#include "libs/linenoise.h"
static void completionCallback(const char *input, linenoiseCompletions *completions) {
if (strncmp(input, "ni", 2) == 0) {
linenoiseAddCompletion(completions, "nick set ");
linenoiseAddCompletion(completions, "nick generatekey");
}
else if (strncmp(input, "web", 3) == 0) {
linenoiseAddCompletion(completions, "web start");
linenoiseAddCompletion(completions, "web connect pm 127.0.0.1");
linenoiseAddCompletion(completions, "web stop");
}
else if (strncmp(input, "sound", 5) == 0) {
linenoiseAddCompletion(completions, "sound find");
linenoiseAddCompletion(completions, "sound lose");
}
}
void runCLI(AppConfig &config) {
linenoiseHistoryLoad("history.txt");
linenoiseSetCompletionCallback(completionCallback);
std::cout << CLR_CYAN "Cerberus BFSK Demo (linenoise + color)\n"
<< "Доступные команды:\n"
<< " nick set <usernick>\n"
<< " nick generatekey\n"
<< " web start / web connect pm|server <ip> / web stop\n"
<< " sound find / sound lose\n"
<< " exit\n\n" CLR_RESET;
while (true) {
char *line = linenoise(CLR_BOLD ">_ " CLR_RESET);
if (!line) {
std::cout << "\n[cli] EOF/Ctrl+C - выходим.\n";
break;
}
std::string input(line);
free(line);
if (!input.empty()) {
linenoiseHistoryAdd(input.c_str());
linenoiseHistorySave("history.txt");
processCommand(input, config);
}
}
}

5
cli.hpp Normal file
View File

@ -0,0 +1,5 @@
#pragma once
#include "config.hpp"
void runCLI(AppConfig &config);

113
commands.cpp Normal file
View File

@ -0,0 +1,113 @@
#include "commands.hpp"
#include "config.hpp"
#include "webserver.hpp"
#include "sound.hpp"
#include <iostream>
#include <sstream>
#include <iterator>
#include <vector>
#include <cstdio>
static std::vector<std::string> splitTokens(const std::string &line) {
std::istringstream iss(line);
return { std::istream_iterator<std::string>(iss),
std::istream_iterator<std::string>() };
}
static void generateKey(AppConfig &config) {
config.key.resize(32);
FILE* f = fopen("/dev/urandom", "rb");
if (!f) {
std::cerr << CLR_RED "[nick] Не удалось открыть /dev/urandom\n" CLR_RESET;
return;
}
fread(config.key.data(), 1, 32, f);
fclose(f);
std::cout << CLR_GREEN "[nick] 256-битный ключ сгенерирован!\n" CLR_RESET;
}
void processCommand(const std::string &input, AppConfig &config) {
if (input.empty()) return;
auto tokens = splitTokens(input);
if (tokens.empty()) return;
std::string cmd = tokens[0];
if (cmd == "nick") {
if (tokens.size() < 2) {
std::cout << CLR_YELLOW "[nick] Доступно: set <name>, generatekey\n" CLR_RESET;
return;
}
std::string sub = tokens[1];
if (sub == "set") {
if (tokens.size() < 3) {
std::cout << CLR_YELLOW "[nick] Использование: nick set <usernick>\n" CLR_RESET;
return;
}
std::string newNick;
for (size_t i = 2; i < tokens.size(); i++) {
if (i > 2) newNick += " ";
newNick += tokens[i];
}
config.nickname = newNick;
std::cout << CLR_GREEN "[nick] Установлен ник: " << newNick << "\n" CLR_RESET;
}
else if (sub == "generatekey") {
generateKey(config);
}
else {
std::cout << CLR_YELLOW "[nick] Неизвестная подкоманда: " << sub << "\n" CLR_RESET;
}
}
else if (cmd == "web") {
if (tokens.size() < 2) {
std::cout << CLR_YELLOW "[web] Доступно: start, connect pm|server <ip>, stop\n" CLR_RESET;
return;
}
std::string sub = tokens[1];
if (sub == "start") {
webServerStart(config);
}
else if (sub == "connect") {
if (tokens.size() < 4) {
std::cout << CLR_YELLOW "[web] Использование: web connect <pm|server> <ip>\n" CLR_RESET;
return;
}
std::string ctype = tokens[2];
std::string ip = tokens[3];
webServerConnect(config, ctype, ip);
}
else if (sub == "stop") {
webServerStop(config);
}
else {
std::cout << CLR_YELLOW "[web] Неизвестная подкоманда: " << sub << "\n" CLR_RESET;
}
}
else if (cmd == "sound") {
if (tokens.size() < 2) {
std::cout << CLR_YELLOW "[sound] Доступно: find, lose\n" CLR_RESET;
return;
}
std::string sub = tokens[1];
if (sub == "find") {
soundFind(config);
}
else if (sub == "lose") {
soundLose(config);
}
else {
std::cout << CLR_YELLOW "[sound] Неизвестная подкоманда: " << sub << "\n" CLR_RESET;
}
}
else if (cmd == "exit") {
std::cout << CLR_CYAN "[cli] Завершаем работу по команде 'exit'\n" CLR_RESET;
exit(0);
}
else {
std::cout << CLR_RED "Неизвестная команда: " << cmd << CLR_RESET << "\n";
}
}

6
commands.hpp Normal file
View File

@ -0,0 +1,6 @@
#pragma once
#include <string>
#include "config.hpp"
void processCommand(const std::string &input, AppConfig &config);

30
config.hpp Normal file
View File

@ -0,0 +1,30 @@
#pragma once
#include <string>
#include <vector>
#include <cstdint>
#define CLR_RESET "\x1b[0m"
#define CLR_BOLD "\x1b[1m"
#define CLR_RED "\x1b[31m"
#define CLR_GREEN "\x1b[32m"
#define CLR_YELLOW "\x1b[33m"
#define CLR_BLUE "\x1b[34m"
#define CLR_MAGENTA "\x1b[35m"
#define CLR_CYAN "\x1b[36m"
#define CLR_WHITE "\x1b[37m"
struct AppConfig {
std::string nickname = "noname";
std::vector<unsigned char> key;
bool webServerRunning = false;
bool soundExchangeActive = false;
uint8_t ephemeralSec[32];
uint8_t ephemeralPub[32];
uint8_t sharedSecret[32];
bool haveSharedSecret = false;
};

6
history.txt Normal file
View File

@ -0,0 +1,6 @@
sound find
ls
nick set platon
nick generatekey
web start
web connect pm localhost

10351
libs/httplib.h Normal file
View File

File diff suppressed because it is too large Load Diff

1349
libs/linenoise.c Normal file
View File

File diff suppressed because it is too large Load Diff

113
libs/linenoise.h Normal file
View File

@ -0,0 +1,113 @@
/* linenoise.h -- VERSION 1.0
*
* Guerrilla line editing library against the idea that a line editing lib
* needs to be 20,000 lines of C code.
*
* See linenoise.c for more information.
*
* ------------------------------------------------------------------------
*
* Copyright (c) 2010-2023, Salvatore Sanfilippo <antirez at gmail dot com>
* Copyright (c) 2010-2013, Pieter Noordhuis <pcnoordhuis at gmail dot com>
*
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __LINENOISE_H
#define __LINENOISE_H
#ifdef __cplusplus
extern "C" {
#endif
#include <stddef.h> /* For size_t. */
extern char *linenoiseEditMore;
/* The linenoiseState structure represents the state during line editing.
* We pass this state to functions implementing specific editing
* functionalities. */
struct linenoiseState {
int in_completion; /* The user pressed TAB and we are now in completion
* mode, so input is handled by completeLine(). */
size_t completion_idx; /* Index of next completion to propose. */
int ifd; /* Terminal stdin file descriptor. */
int ofd; /* Terminal stdout file descriptor. */
char *buf; /* Edited line buffer. */
size_t buflen; /* Edited line buffer size. */
const char *prompt; /* Prompt to display. */
size_t plen; /* Prompt length. */
size_t pos; /* Current cursor position. */
size_t oldpos; /* Previous refresh cursor position. */
size_t len; /* Current edited line length. */
size_t cols; /* Number of columns in terminal. */
size_t oldrows; /* Rows used by last refrehsed line (multiline mode) */
int history_index; /* The history index we are currently editing. */
};
typedef struct linenoiseCompletions {
size_t len;
char **cvec;
} linenoiseCompletions;
/* Non blocking API. */
int linenoiseEditStart(struct linenoiseState *l, int stdin_fd, int stdout_fd, char *buf, size_t buflen, const char *prompt);
char *linenoiseEditFeed(struct linenoiseState *l);
void linenoiseEditStop(struct linenoiseState *l);
void linenoiseHide(struct linenoiseState *l);
void linenoiseShow(struct linenoiseState *l);
/* Blocking API. */
char *linenoise(const char *prompt);
void linenoiseFree(void *ptr);
/* Completion API. */
typedef void(linenoiseCompletionCallback)(const char *, linenoiseCompletions *);
typedef char*(linenoiseHintsCallback)(const char *, int *color, int *bold);
typedef void(linenoiseFreeHintsCallback)(void *);
void linenoiseSetCompletionCallback(linenoiseCompletionCallback *);
void linenoiseSetHintsCallback(linenoiseHintsCallback *);
void linenoiseSetFreeHintsCallback(linenoiseFreeHintsCallback *);
void linenoiseAddCompletion(linenoiseCompletions *, const char *);
/* History API. */
int linenoiseHistoryAdd(const char *line);
int linenoiseHistorySetMaxLen(int len);
int linenoiseHistorySave(const char *filename);
int linenoiseHistoryLoad(const char *filename);
/* Other utilities. */
void linenoiseClearScreen(void);
void linenoiseSetMultiLine(int ml);
void linenoisePrintKeyCodes(void);
void linenoiseMaskModeEnable(void);
void linenoiseMaskModeDisable(void);
#ifdef __cplusplus
}
#endif
#endif /* __LINENOISE_H */

2956
libs/monocypher.c Normal file
View File

File diff suppressed because it is too large Load Diff

321
libs/monocypher.h Normal file
View File

@ -0,0 +1,321 @@
// Monocypher version 4.0.2
//
// This file is dual-licensed. Choose whichever licence you want from
// the two licences listed below.
//
// The first licence is a regular 2-clause BSD licence. The second licence
// is the CC-0 from Creative Commons. It is intended to release Monocypher
// to the public domain. The BSD licence serves as a fallback option.
//
// SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0
//
// ------------------------------------------------------------------------
//
// Copyright (c) 2017-2019, Loup Vaillant
// All rights reserved.
//
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// 1. Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright
// notice, this list of conditions and the following disclaimer in the
// documentation and/or other materials provided with the
// distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// ------------------------------------------------------------------------
//
// Written in 2017-2019 by Loup Vaillant
//
// To the extent possible under law, the author(s) have dedicated all copyright
// and related neighboring rights to this software to the public domain
// worldwide. This software is distributed without any warranty.
//
// You should have received a copy of the CC0 Public Domain Dedication along
// with this software. If not, see
// <https://creativecommons.org/publicdomain/zero/1.0/>
#ifndef MONOCYPHER_H
#define MONOCYPHER_H
#include <stddef.h>
#include <stdint.h>
#ifdef MONOCYPHER_CPP_NAMESPACE
namespace MONOCYPHER_CPP_NAMESPACE {
#elif defined(__cplusplus)
extern "C" {
#endif
// Constant time comparisons
// -------------------------
// Return 0 if a and b are equal, -1 otherwise
int crypto_verify16(const uint8_t a[16], const uint8_t b[16]);
int crypto_verify32(const uint8_t a[32], const uint8_t b[32]);
int crypto_verify64(const uint8_t a[64], const uint8_t b[64]);
// Erase sensitive data
// --------------------
void crypto_wipe(void *secret, size_t size);
// Authenticated encryption
// ------------------------
void crypto_aead_lock(uint8_t *cipher_text,
uint8_t mac [16],
const uint8_t key [32],
const uint8_t nonce[24],
const uint8_t *ad, size_t ad_size,
const uint8_t *plain_text, size_t text_size);
int crypto_aead_unlock(uint8_t *plain_text,
const uint8_t mac [16],
const uint8_t key [32],
const uint8_t nonce[24],
const uint8_t *ad, size_t ad_size,
const uint8_t *cipher_text, size_t text_size);
// Authenticated stream
// --------------------
typedef struct {
uint64_t counter;
uint8_t key[32];
uint8_t nonce[8];
} crypto_aead_ctx;
void crypto_aead_init_x(crypto_aead_ctx *ctx,
const uint8_t key[32], const uint8_t nonce[24]);
void crypto_aead_init_djb(crypto_aead_ctx *ctx,
const uint8_t key[32], const uint8_t nonce[8]);
void crypto_aead_init_ietf(crypto_aead_ctx *ctx,
const uint8_t key[32], const uint8_t nonce[12]);
void crypto_aead_write(crypto_aead_ctx *ctx,
uint8_t *cipher_text,
uint8_t mac[16],
const uint8_t *ad , size_t ad_size,
const uint8_t *plain_text, size_t text_size);
int crypto_aead_read(crypto_aead_ctx *ctx,
uint8_t *plain_text,
const uint8_t mac[16],
const uint8_t *ad , size_t ad_size,
const uint8_t *cipher_text, size_t text_size);
// General purpose hash (BLAKE2b)
// ------------------------------
// Direct interface
void crypto_blake2b(uint8_t *hash, size_t hash_size,
const uint8_t *message, size_t message_size);
void crypto_blake2b_keyed(uint8_t *hash, size_t hash_size,
const uint8_t *key, size_t key_size,
const uint8_t *message, size_t message_size);
// Incremental interface
typedef struct {
// Do not rely on the size or contents of this type,
// for they may change without notice.
uint64_t hash[8];
uint64_t input_offset[2];
uint64_t input[16];
size_t input_idx;
size_t hash_size;
} crypto_blake2b_ctx;
void crypto_blake2b_init(crypto_blake2b_ctx *ctx, size_t hash_size);
void crypto_blake2b_keyed_init(crypto_blake2b_ctx *ctx, size_t hash_size,
const uint8_t *key, size_t key_size);
void crypto_blake2b_update(crypto_blake2b_ctx *ctx,
const uint8_t *message, size_t message_size);
void crypto_blake2b_final(crypto_blake2b_ctx *ctx, uint8_t *hash);
// Password key derivation (Argon2)
// --------------------------------
#define CRYPTO_ARGON2_D 0
#define CRYPTO_ARGON2_I 1
#define CRYPTO_ARGON2_ID 2
typedef struct {
uint32_t algorithm; // Argon2d, Argon2i, Argon2id
uint32_t nb_blocks; // memory hardness, >= 8 * nb_lanes
uint32_t nb_passes; // CPU hardness, >= 1 (>= 3 recommended for Argon2i)
uint32_t nb_lanes; // parallelism level (single threaded anyway)
} crypto_argon2_config;
typedef struct {
const uint8_t *pass;
const uint8_t *salt;
uint32_t pass_size;
uint32_t salt_size; // 16 bytes recommended
} crypto_argon2_inputs;
typedef struct {
const uint8_t *key; // may be NULL if no key
const uint8_t *ad; // may be NULL if no additional data
uint32_t key_size; // 0 if no key (32 bytes recommended otherwise)
uint32_t ad_size; // 0 if no additional data
} crypto_argon2_extras;
extern const crypto_argon2_extras crypto_argon2_no_extras;
void crypto_argon2(uint8_t *hash, uint32_t hash_size, void *work_area,
crypto_argon2_config config,
crypto_argon2_inputs inputs,
crypto_argon2_extras extras);
// Key exchange (X-25519)
// ----------------------
// Shared secrets are not quite random.
// Hash them to derive an actual shared key.
void crypto_x25519_public_key(uint8_t public_key[32],
const uint8_t secret_key[32]);
void crypto_x25519(uint8_t raw_shared_secret[32],
const uint8_t your_secret_key [32],
const uint8_t their_public_key [32]);
// Conversion to EdDSA
void crypto_x25519_to_eddsa(uint8_t eddsa[32], const uint8_t x25519[32]);
// scalar "division"
// Used for OPRF. Be aware that exponential blinding is less secure
// than Diffie-Hellman key exchange.
void crypto_x25519_inverse(uint8_t blind_salt [32],
const uint8_t private_key[32],
const uint8_t curve_point[32]);
// "Dirty" versions of x25519_public_key().
// Use with crypto_elligator_rev().
// Leaks 3 bits of the private key.
void crypto_x25519_dirty_small(uint8_t pk[32], const uint8_t sk[32]);
void crypto_x25519_dirty_fast (uint8_t pk[32], const uint8_t sk[32]);
// Signatures
// ----------
// EdDSA with curve25519 + BLAKE2b
void crypto_eddsa_key_pair(uint8_t secret_key[64],
uint8_t public_key[32],
uint8_t seed[32]);
void crypto_eddsa_sign(uint8_t signature [64],
const uint8_t secret_key[64],
const uint8_t *message, size_t message_size);
int crypto_eddsa_check(const uint8_t signature [64],
const uint8_t public_key[32],
const uint8_t *message, size_t message_size);
// Conversion to X25519
void crypto_eddsa_to_x25519(uint8_t x25519[32], const uint8_t eddsa[32]);
// EdDSA building blocks
void crypto_eddsa_trim_scalar(uint8_t out[32], const uint8_t in[32]);
void crypto_eddsa_reduce(uint8_t reduced[32], const uint8_t expanded[64]);
void crypto_eddsa_mul_add(uint8_t r[32],
const uint8_t a[32],
const uint8_t b[32],
const uint8_t c[32]);
void crypto_eddsa_scalarbase(uint8_t point[32], const uint8_t scalar[32]);
int crypto_eddsa_check_equation(const uint8_t signature[64],
const uint8_t public_key[32],
const uint8_t h_ram[32]);
// Chacha20
// --------
// Specialised hash.
// Used to hash X25519 shared secrets.
void crypto_chacha20_h(uint8_t out[32],
const uint8_t key[32],
const uint8_t in [16]);
// Unauthenticated stream cipher.
// Don't forget to add authentication.
uint64_t crypto_chacha20_djb(uint8_t *cipher_text,
const uint8_t *plain_text,
size_t text_size,
const uint8_t key[32],
const uint8_t nonce[8],
uint64_t ctr);
uint32_t crypto_chacha20_ietf(uint8_t *cipher_text,
const uint8_t *plain_text,
size_t text_size,
const uint8_t key[32],
const uint8_t nonce[12],
uint32_t ctr);
uint64_t crypto_chacha20_x(uint8_t *cipher_text,
const uint8_t *plain_text,
size_t text_size,
const uint8_t key[32],
const uint8_t nonce[24],
uint64_t ctr);
// Poly 1305
// ---------
// This is a *one time* authenticator.
// Disclosing the mac reveals the key.
// See crypto_lock() on how to use it properly.
// Direct interface
void crypto_poly1305(uint8_t mac[16],
const uint8_t *message, size_t message_size,
const uint8_t key[32]);
// Incremental interface
typedef struct {
// Do not rely on the size or contents of this type,
// for they may change without notice.
uint8_t c[16]; // chunk of the message
size_t c_idx; // How many bytes are there in the chunk.
uint32_t r [4]; // constant multiplier (from the secret key)
uint32_t pad[4]; // random number added at the end (from the secret key)
uint32_t h [5]; // accumulated hash
} crypto_poly1305_ctx;
void crypto_poly1305_init (crypto_poly1305_ctx *ctx, const uint8_t key[32]);
void crypto_poly1305_update(crypto_poly1305_ctx *ctx,
const uint8_t *message, size_t message_size);
void crypto_poly1305_final (crypto_poly1305_ctx *ctx, uint8_t mac[16]);
// Elligator 2
// -----------
// Elligator mappings proper
void crypto_elligator_map(uint8_t curve [32], const uint8_t hidden[32]);
int crypto_elligator_rev(uint8_t hidden[32], const uint8_t curve [32],
uint8_t tweak);
// Easy to use key pair generation
void crypto_elligator_key_pair(uint8_t hidden[32], uint8_t secret_key[32],
uint8_t seed[32]);
#ifdef __cplusplus
}
#endif
#endif // MONOCYPHER_H

500
libs/optional/monocypher-ed25519.c Normal file
View File

@ -0,0 +1,500 @@
// Monocypher version 4.0.2
//
// This file is dual-licensed. Choose whichever licence you want from
// the two licences listed below.
//
// The first licence is a regular 2-clause BSD licence. The second licence
// is the CC-0 from Creative Commons. It is intended to release Monocypher
// to the public domain. The BSD licence serves as a fallback option.
//
// SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0
//
// ------------------------------------------------------------------------
//
// Copyright (c) 2017-2019, Loup Vaillant
// All rights reserved.
//
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// 1. Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright
// notice, this list of conditions and the following disclaimer in the
// documentation and/or other materials provided with the
// distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// ------------------------------------------------------------------------
//
// Written in 2017-2019 by Loup Vaillant
//
// To the extent possible under law, the author(s) have dedicated all copyright
// and related neighboring rights to this software to the public domain
// worldwide. This software is distributed without any warranty.
//
// You should have received a copy of the CC0 Public Domain Dedication along
// with this software. If not, see
// <https://creativecommons.org/publicdomain/zero/1.0/>
#include "monocypher-ed25519.h"
#ifdef MONOCYPHER_CPP_NAMESPACE
namespace MONOCYPHER_CPP_NAMESPACE {
#endif
/////////////////
/// Utilities ///
/////////////////
#define FOR(i, min, max) for (size_t i = min; i < max; i++)
#define COPY(dst, src, size) FOR(_i_, 0, size) (dst)[_i_] = (src)[_i_]
#define ZERO(buf, size) FOR(_i_, 0, size) (buf)[_i_] = 0
#define WIPE_CTX(ctx) crypto_wipe(ctx , sizeof(*(ctx)))
#define WIPE_BUFFER(buffer) crypto_wipe(buffer, sizeof(buffer))
#define MIN(a, b) ((a) <= (b) ? (a) : (b))
typedef uint8_t u8;
typedef uint64_t u64;
// Returns the smallest positive integer y such that
// (x + y) % pow_2 == 0
// Basically, it's how many bytes we need to add to "align" x.
// Only works when pow_2 is a power of 2.
// Note: we use ~x+1 instead of -x to avoid compiler warnings
static size_t align(size_t x, size_t pow_2)
{
return (~x + 1) & (pow_2 - 1);
}
static u64 load64_be(const u8 s[8])
{
return((u64)s[0] << 56)
| ((u64)s[1] << 48)
| ((u64)s[2] << 40)
| ((u64)s[3] << 32)
| ((u64)s[4] << 24)
| ((u64)s[5] << 16)
| ((u64)s[6] << 8)
| (u64)s[7];
}
static void store64_be(u8 out[8], u64 in)
{
out[0] = (in >> 56) & 0xff;
out[1] = (in >> 48) & 0xff;
out[2] = (in >> 40) & 0xff;
out[3] = (in >> 32) & 0xff;
out[4] = (in >> 24) & 0xff;
out[5] = (in >> 16) & 0xff;
out[6] = (in >> 8) & 0xff;
out[7] = in & 0xff;
}
static void load64_be_buf (u64 *dst, const u8 *src, size_t size) {
FOR(i, 0, size) { dst[i] = load64_be(src + i*8); }
}
///////////////
/// SHA 512 ///
///////////////
static u64 rot(u64 x, int c ) { return (x >> c) | (x << (64 - c)); }
static u64 ch (u64 x, u64 y, u64 z) { return (x & y) ^ (~x & z); }
static u64 maj(u64 x, u64 y, u64 z) { return (x & y) ^ ( x & z) ^ (y & z); }
static u64 big_sigma0(u64 x) { return rot(x, 28) ^ rot(x, 34) ^ rot(x, 39); }
static u64 big_sigma1(u64 x) { return rot(x, 14) ^ rot(x, 18) ^ rot(x, 41); }
static u64 lit_sigma0(u64 x) { return rot(x, 1) ^ rot(x, 8) ^ (x >> 7); }
static u64 lit_sigma1(u64 x) { return rot(x, 19) ^ rot(x, 61) ^ (x >> 6); }
static const u64 K[80] = {
0x428a2f98d728ae22,0x7137449123ef65cd,0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc,
0x3956c25bf348b538,0x59f111f1b605d019,0x923f82a4af194f9b,0xab1c5ed5da6d8118,
0xd807aa98a3030242,0x12835b0145706fbe,0x243185be4ee4b28c,0x550c7dc3d5ffb4e2,
0x72be5d74f27b896f,0x80deb1fe3b1696b1,0x9bdc06a725c71235,0xc19bf174cf692694,
0xe49b69c19ef14ad2,0xefbe4786384f25e3,0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65,
0x2de92c6f592b0275,0x4a7484aa6ea6e483,0x5cb0a9dcbd41fbd4,0x76f988da831153b5,
0x983e5152ee66dfab,0xa831c66d2db43210,0xb00327c898fb213f,0xbf597fc7beef0ee4,
0xc6e00bf33da88fc2,0xd5a79147930aa725,0x06ca6351e003826f,0x142929670a0e6e70,
0x27b70a8546d22ffc,0x2e1b21385c26c926,0x4d2c6dfc5ac42aed,0x53380d139d95b3df,
0x650a73548baf63de,0x766a0abb3c77b2a8,0x81c2c92e47edaee6,0x92722c851482353b,
0xa2bfe8a14cf10364,0xa81a664bbc423001,0xc24b8b70d0f89791,0xc76c51a30654be30,
0xd192e819d6ef5218,0xd69906245565a910,0xf40e35855771202a,0x106aa07032bbd1b8,
0x19a4c116b8d2d0c8,0x1e376c085141ab53,0x2748774cdf8eeb99,0x34b0bcb5e19b48a8,
0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb,0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3,
0x748f82ee5defb2fc,0x78a5636f43172f60,0x84c87814a1f0ab72,0x8cc702081a6439ec,
0x90befffa23631e28,0xa4506cebde82bde9,0xbef9a3f7b2c67915,0xc67178f2e372532b,
0xca273eceea26619c,0xd186b8c721c0c207,0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178,
0x06f067aa72176fba,0x0a637dc5a2c898a6,0x113f9804bef90dae,0x1b710b35131c471b,
0x28db77f523047d84,0x32caab7b40c72493,0x3c9ebe0a15c9bebc,0x431d67c49c100d4c,
0x4cc5d4becb3e42b6,0x597f299cfc657e2a,0x5fcb6fab3ad6faec,0x6c44198c4a475817
};
static void sha512_compress(crypto_sha512_ctx *ctx)
{
u64 a = ctx->hash[0]; u64 b = ctx->hash[1];
u64 c = ctx->hash[2]; u64 d = ctx->hash[3];
u64 e = ctx->hash[4]; u64 f = ctx->hash[5];
u64 g = ctx->hash[6]; u64 h = ctx->hash[7];
FOR (j, 0, 16) {
u64 in = K[j] + ctx->input[j];
u64 t1 = big_sigma1(e) + ch (e, f, g) + h + in;
u64 t2 = big_sigma0(a) + maj(a, b, c);
h = g; g = f; f = e; e = d + t1;
d = c; c = b; b = a; a = t1 + t2;
}
size_t i16 = 0;
FOR(i, 1, 5) {
i16 += 16;
FOR (j, 0, 16) {
ctx->input[j] += lit_sigma1(ctx->input[(j- 2) & 15]);
ctx->input[j] += lit_sigma0(ctx->input[(j-15) & 15]);
ctx->input[j] += ctx->input[(j- 7) & 15];
u64 in = K[i16 + j] + ctx->input[j];
u64 t1 = big_sigma1(e) + ch (e, f, g) + h + in;
u64 t2 = big_sigma0(a) + maj(a, b, c);
h = g; g = f; f = e; e = d + t1;
d = c; c = b; b = a; a = t1 + t2;
}
}
ctx->hash[0] += a; ctx->hash[1] += b;
ctx->hash[2] += c; ctx->hash[3] += d;
ctx->hash[4] += e; ctx->hash[5] += f;
ctx->hash[6] += g; ctx->hash[7] += h;
}
// Write 1 input byte
static void sha512_set_input(crypto_sha512_ctx *ctx, u8 input)
{
size_t word = ctx->input_idx >> 3;
size_t byte = ctx->input_idx & 7;
ctx->input[word] |= (u64)input << (8 * (7 - byte));
}
// Increment a 128-bit "word".
static void sha512_incr(u64 x[2], u64 y)
{
x[1] += y;
if (x[1] < y) {
x[0]++;
}
}
void crypto_sha512_init(crypto_sha512_ctx *ctx)
{
ctx->hash[0] = 0x6a09e667f3bcc908;
ctx->hash[1] = 0xbb67ae8584caa73b;
ctx->hash[2] = 0x3c6ef372fe94f82b;
ctx->hash[3] = 0xa54ff53a5f1d36f1;
ctx->hash[4] = 0x510e527fade682d1;
ctx->hash[5] = 0x9b05688c2b3e6c1f;
ctx->hash[6] = 0x1f83d9abfb41bd6b;
ctx->hash[7] = 0x5be0cd19137e2179;
ctx->input_size[0] = 0;
ctx->input_size[1] = 0;
ctx->input_idx = 0;
ZERO(ctx->input, 16);
}
void crypto_sha512_update(crypto_sha512_ctx *ctx,
const u8 *message, size_t message_size)
{
// Avoid undefined NULL pointer increments with empty messages
if (message_size == 0) {
return;
}
// Align ourselves with word boundaries
if ((ctx->input_idx & 7) != 0) {
size_t nb_bytes = MIN(align(ctx->input_idx, 8), message_size);
FOR (i, 0, nb_bytes) {
sha512_set_input(ctx, message[i]);
ctx->input_idx++;
}
message += nb_bytes;
message_size -= nb_bytes;
}
// Align ourselves with block boundaries
if ((ctx->input_idx & 127) != 0) {
size_t nb_words = MIN(align(ctx->input_idx, 128), message_size) >> 3;
load64_be_buf(ctx->input + (ctx->input_idx >> 3), message, nb_words);
ctx->input_idx += nb_words << 3;
message += nb_words << 3;
message_size -= nb_words << 3;
}
// Compress block if needed
if (ctx->input_idx == 128) {
sha512_incr(ctx->input_size, 1024); // size is in bits
sha512_compress(ctx);
ctx->input_idx = 0;
ZERO(ctx->input, 16);
}
// Process the message block by block
FOR (i, 0, message_size >> 7) { // number of blocks
load64_be_buf(ctx->input, message, 16);
sha512_incr(ctx->input_size, 1024); // size is in bits
sha512_compress(ctx);
ctx->input_idx = 0;
ZERO(ctx->input, 16);
message += 128;
}
message_size &= 127;
if (message_size != 0) {
// Remaining words
size_t nb_words = message_size >> 3;
load64_be_buf(ctx->input, message, nb_words);
ctx->input_idx += nb_words << 3;
message += nb_words << 3;
message_size -= nb_words << 3;
// Remaining bytes
FOR (i, 0, message_size) {
sha512_set_input(ctx, message[i]);
ctx->input_idx++;
}
}
}
void crypto_sha512_final(crypto_sha512_ctx *ctx, u8 hash[64])
{
// Add padding bit
if (ctx->input_idx == 0) {
ZERO(ctx->input, 16);
}
sha512_set_input(ctx, 128);
// Update size
sha512_incr(ctx->input_size, ctx->input_idx * 8);
// Compress penultimate block (if any)
if (ctx->input_idx > 111) {
sha512_compress(ctx);
ZERO(ctx->input, 14);
}
// Compress last block
ctx->input[14] = ctx->input_size[0];
ctx->input[15] = ctx->input_size[1];
sha512_compress(ctx);
// Copy hash to output (big endian)
FOR (i, 0, 8) {
store64_be(hash + i*8, ctx->hash[i]);
}
WIPE_CTX(ctx);
}
void crypto_sha512(u8 hash[64], const u8 *message, size_t message_size)
{
crypto_sha512_ctx ctx;
crypto_sha512_init (&ctx);
crypto_sha512_update(&ctx, message, message_size);
crypto_sha512_final (&ctx, hash);
}
////////////////////
/// HMAC SHA 512 ///
////////////////////
void crypto_sha512_hmac_init(crypto_sha512_hmac_ctx *ctx,
const u8 *key, size_t key_size)
{
// hash key if it is too long
if (key_size > 128) {
crypto_sha512(ctx->key, key, key_size);
key = ctx->key;
key_size = 64;
}
// Compute inner key: padded key XOR 0x36
FOR (i, 0, key_size) { ctx->key[i] = key[i] ^ 0x36; }
FOR (i, key_size, 128) { ctx->key[i] = 0x36; }
// Start computing inner hash
crypto_sha512_init (&ctx->ctx);
crypto_sha512_update(&ctx->ctx, ctx->key, 128);
}
void crypto_sha512_hmac_update(crypto_sha512_hmac_ctx *ctx,
const u8 *message, size_t message_size)
{
crypto_sha512_update(&ctx->ctx, message, message_size);
}
void crypto_sha512_hmac_final(crypto_sha512_hmac_ctx *ctx, u8 hmac[64])
{
// Finish computing inner hash
crypto_sha512_final(&ctx->ctx, hmac);
// Compute outer key: padded key XOR 0x5c
FOR (i, 0, 128) {
ctx->key[i] ^= 0x36 ^ 0x5c;
}
// Compute outer hash
crypto_sha512_init (&ctx->ctx);
crypto_sha512_update(&ctx->ctx, ctx->key , 128);
crypto_sha512_update(&ctx->ctx, hmac, 64);
crypto_sha512_final (&ctx->ctx, hmac); // outer hash
WIPE_CTX(ctx);
}
void crypto_sha512_hmac(u8 hmac[64], const u8 *key, size_t key_size,
const u8 *message, size_t message_size)
{
crypto_sha512_hmac_ctx ctx;
crypto_sha512_hmac_init (&ctx, key, key_size);
crypto_sha512_hmac_update(&ctx, message, message_size);
crypto_sha512_hmac_final (&ctx, hmac);
}
////////////////////
/// HKDF SHA 512 ///
////////////////////
void crypto_sha512_hkdf_expand(u8 *okm, size_t okm_size,
const u8 *prk, size_t prk_size,
const u8 *info, size_t info_size)
{
int not_first = 0;
u8 ctr = 1;
u8 blk[64];
while (okm_size > 0) {
size_t out_size = MIN(okm_size, sizeof(blk));
crypto_sha512_hmac_ctx ctx;
crypto_sha512_hmac_init(&ctx, prk , prk_size);
if (not_first) {
// For some reason HKDF uses some kind of CBC mode.
// For some reason CTR mode alone wasn't enough.
// Like what, they didn't trust HMAC in 2010? Really??
crypto_sha512_hmac_update(&ctx, blk , sizeof(blk));
}
crypto_sha512_hmac_update(&ctx, info, info_size);
crypto_sha512_hmac_update(&ctx, &ctr, 1);
crypto_sha512_hmac_final(&ctx, blk);
COPY(okm, blk, out_size);
not_first = 1;
okm += out_size;
okm_size -= out_size;
ctr++;
}
}
void crypto_sha512_hkdf(u8 *okm , size_t okm_size,
const u8 *ikm , size_t ikm_size,
const u8 *salt, size_t salt_size,
const u8 *info, size_t info_size)
{
// Extract
u8 prk[64];
crypto_sha512_hmac(prk, salt, salt_size, ikm, ikm_size);
// Expand
crypto_sha512_hkdf_expand(okm, okm_size, prk, sizeof(prk), info, info_size);
}
///////////////
/// Ed25519 ///
///////////////
void crypto_ed25519_key_pair(u8 secret_key[64], u8 public_key[32], u8 seed[32])
{
u8 a[64];
COPY(a, seed, 32); // a[ 0..31] = seed
crypto_wipe(seed, 32);
COPY(secret_key, a, 32); // secret key = seed
crypto_sha512(a, a, 32); // a[ 0..31] = scalar
crypto_eddsa_trim_scalar(a, a); // a[ 0..31] = trimmed scalar
crypto_eddsa_scalarbase(public_key, a); // public key = [trimmed scalar]B
COPY(secret_key + 32, public_key, 32); // secret key includes public half
WIPE_BUFFER(a);
}
static void hash_reduce(u8 h[32],
const u8 *a, size_t a_size,
const u8 *b, size_t b_size,
const u8 *c, size_t c_size,
const u8 *d, size_t d_size)
{
u8 hash[64];
crypto_sha512_ctx ctx;
crypto_sha512_init (&ctx);
crypto_sha512_update(&ctx, a, a_size);
crypto_sha512_update(&ctx, b, b_size);
crypto_sha512_update(&ctx, c, c_size);
crypto_sha512_update(&ctx, d, d_size);
crypto_sha512_final (&ctx, hash);
crypto_eddsa_reduce(h, hash);
}
static void ed25519_dom_sign(u8 signature [64], const u8 secret_key[32],
const u8 *dom, size_t dom_size,
const u8 *message, size_t message_size)
{
u8 a[64]; // secret scalar and prefix
u8 r[32]; // secret deterministic "random" nonce
u8 h[32]; // publically verifiable hash of the message (not wiped)
u8 R[32]; // first half of the signature (allows overlapping inputs)
const u8 *pk = secret_key + 32;
crypto_sha512(a, secret_key, 32);
crypto_eddsa_trim_scalar(a, a);
hash_reduce(r, dom, dom_size, a + 32, 32, message, message_size, 0, 0);
crypto_eddsa_scalarbase(R, r);
hash_reduce(h, dom, dom_size, R, 32, pk, 32, message, message_size);
COPY(signature, R, 32);
crypto_eddsa_mul_add(signature + 32, h, a, r);
WIPE_BUFFER(a);
WIPE_BUFFER(r);
}
void crypto_ed25519_sign(u8 signature [64], const u8 secret_key[64],
const u8 *message, size_t message_size)
{
ed25519_dom_sign(signature, secret_key, 0, 0, message, message_size);
}
int crypto_ed25519_check(const u8 signature[64], const u8 public_key[32],
const u8 *msg, size_t msg_size)
{
u8 h_ram[32];
hash_reduce(h_ram, signature, 32, public_key, 32, msg, msg_size, 0, 0);
return crypto_eddsa_check_equation(signature, public_key, h_ram);
}
static const u8 domain[34] = "SigEd25519 no Ed25519 collisions\1";
void crypto_ed25519_ph_sign(uint8_t signature[64], const uint8_t secret_key[64],
const uint8_t message_hash[64])
{
ed25519_dom_sign(signature, secret_key, domain, sizeof(domain),
message_hash, 64);
}
int crypto_ed25519_ph_check(const uint8_t sig[64], const uint8_t pk[32],
const uint8_t msg_hash[64])
{
u8 h_ram[32];
hash_reduce(h_ram, domain, sizeof(domain), sig, 32, pk, 32, msg_hash, 64);
return crypto_eddsa_check_equation(sig, pk, h_ram);
}
#ifdef MONOCYPHER_CPP_NAMESPACE
}
#endif

140
libs/optional/monocypher-ed25519.h Normal file
View File

@ -0,0 +1,140 @@
// Monocypher version 4.0.2
//
// This file is dual-licensed. Choose whichever licence you want from
// the two licences listed below.
//
// The first licence is a regular 2-clause BSD licence. The second licence
// is the CC-0 from Creative Commons. It is intended to release Monocypher
// to the public domain. The BSD licence serves as a fallback option.
//
// SPDX-License-Identifier: BSD-2-Clause OR CC0-1.0
//
// ------------------------------------------------------------------------
//
// Copyright (c) 2017-2019, Loup Vaillant
// All rights reserved.
//
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions are
// met:
//
// 1. Redistributions of source code must retain the above copyright
// notice, this list of conditions and the following disclaimer.
//
// 2. Redistributions in binary form must reproduce the above copyright
// notice, this list of conditions and the following disclaimer in the
// documentation and/or other materials provided with the
// distribution.
//
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
// HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
//
// ------------------------------------------------------------------------
//
// Written in 2017-2019 by Loup Vaillant
//
// To the extent possible under law, the author(s) have dedicated all copyright
// and related neighboring rights to this software to the public domain
// worldwide. This software is distributed without any warranty.
//
// You should have received a copy of the CC0 Public Domain Dedication along
// with this software. If not, see
// <https://creativecommons.org/publicdomain/zero/1.0/>
#ifndef ED25519_H
#define ED25519_H
#include "monocypher.h"
#ifdef MONOCYPHER_CPP_NAMESPACE
namespace MONOCYPHER_CPP_NAMESPACE {
#elif defined(__cplusplus)
extern "C" {
#endif
////////////////////////
/// Type definitions ///
////////////////////////
// Do not rely on the size or content on any of those types,
// they may change without notice.
typedef struct {
uint64_t hash[8];
uint64_t input[16];
uint64_t input_size[2];
size_t input_idx;
} crypto_sha512_ctx;
typedef struct {
uint8_t key[128];
crypto_sha512_ctx ctx;
} crypto_sha512_hmac_ctx;
// SHA 512
// -------
void crypto_sha512_init (crypto_sha512_ctx *ctx);
void crypto_sha512_update(crypto_sha512_ctx *ctx,
const uint8_t *message, size_t message_size);
void crypto_sha512_final (crypto_sha512_ctx *ctx, uint8_t hash[64]);
void crypto_sha512(uint8_t hash[64],
const uint8_t *message, size_t message_size);
// SHA 512 HMAC
// ------------
void crypto_sha512_hmac_init(crypto_sha512_hmac_ctx *ctx,
const uint8_t *key, size_t key_size);
void crypto_sha512_hmac_update(crypto_sha512_hmac_ctx *ctx,
const uint8_t *message, size_t message_size);
void crypto_sha512_hmac_final(crypto_sha512_hmac_ctx *ctx, uint8_t hmac[64]);
void crypto_sha512_hmac(uint8_t hmac[64],
const uint8_t *key , size_t key_size,
const uint8_t *message, size_t message_size);
// SHA 512 HKDF
// ------------
void crypto_sha512_hkdf_expand(uint8_t *okm, size_t okm_size,
const uint8_t *prk, size_t prk_size,
const uint8_t *info, size_t info_size);
void crypto_sha512_hkdf(uint8_t *okm , size_t okm_size,
const uint8_t *ikm , size_t ikm_size,
const uint8_t *salt, size_t salt_size,
const uint8_t *info, size_t info_size);
// Ed25519
// -------
// Signatures (EdDSA with curve25519 + SHA-512)
// --------------------------------------------
void crypto_ed25519_key_pair(uint8_t secret_key[64],
uint8_t public_key[32],
uint8_t seed[32]);
void crypto_ed25519_sign(uint8_t signature [64],
const uint8_t secret_key[64],
const uint8_t *message, size_t message_size);
int crypto_ed25519_check(const uint8_t signature [64],
const uint8_t public_key[32],
const uint8_t *message, size_t message_size);
// Pre-hash variants
void crypto_ed25519_ph_sign(uint8_t signature [64],
const uint8_t secret_key [64],
const uint8_t message_hash[64]);
int crypto_ed25519_ph_check(const uint8_t signature [64],
const uint8_t public_key [32],
const uint8_t message_hash[64]);
#ifdef __cplusplus
}
#endif
#endif // ED25519_H

8
main.cpp Normal file
View File

@ -0,0 +1,8 @@
#include "cli.hpp"
#include "config.hpp"
int main() {
AppConfig config;
runCLI(config);
return 0;
}

180
sound.cpp Normal file
View File

@ -0,0 +1,180 @@
#include "sound.hpp"
#include "bfsk.hpp"
#include "config.hpp"
#include "x25519_handshake.hpp"
#include <iostream>
#include <thread>
#include <atomic>
#include <vector>
#include <cmath>
#include <portaudio.h>
extern "C" {
#include "monocypher.h"
}
constexpr int CAPTURE_SECONDS = 3;
static std::atomic<bool> gSoundActive{false};
static std::thread gSoundThread;
static std::vector<float> gInputBuffer;
static size_t gWritePos = 0;
static std::vector<float> gOutputBuffer;
static size_t gReadPos = 0;
static int audioCallback(const void *input,
void *output,
unsigned long frameCount,
const PaStreamCallbackTimeInfo* timeInfo,
PaStreamCallbackFlags statusFlags,
void *userData)
{
(void)timeInfo; (void)statusFlags; (void)userData;
const float *in = static_cast<const float*>(input);
float *out = static_cast<float*>(output);
for (unsigned long i = 0; i < frameCount; i++) {
if (gWritePos < gInputBuffer.size()) {
gInputBuffer[gWritePos++] = in ? in[i] : 0.0f;
}
float sample = 0.0f;
if (gReadPos < gOutputBuffer.size()) {
sample = gOutputBuffer[gReadPos++];
}
out[i*2 + 0] = sample;
out[i*2 + 1] = sample;
}
return paContinue;
}
static void soundThreadFunc(AppConfig config) {
PaError err = Pa_Initialize();
if (err != paNoError) {
std::cerr << CLR_RED "[sound] Pa_Initialize error: " << Pa_GetErrorText(err) << CLR_RESET "\n";
return;
}
PaStreamParameters inParams, outParams;
inParams.device = Pa_GetDefaultInputDevice();
if (inParams.device == paNoDevice) {
std::cerr << CLR_RED "[sound] Нет устройства ввода.\n" CLR_RESET;
Pa_Terminate();
return;
}
inParams.channelCount = 1;
inParams.sampleFormat = paFloat32;
inParams.suggestedLatency = Pa_GetDeviceInfo(inParams.device)->defaultLowInputLatency;
inParams.hostApiSpecificStreamInfo = nullptr;
outParams.device = Pa_GetDefaultOutputDevice();
if (outParams.device == paNoDevice) {
std::cerr << CLR_RED "[sound] Нет устройства вывода.\n" CLR_RESET;
Pa_Terminate();
return;
}
outParams.channelCount = 2;
outParams.sampleFormat = paFloat32;
outParams.suggestedLatency = Pa_GetDeviceInfo(outParams.device)->defaultLowOutputLatency;
outParams.hostApiSpecificStreamInfo = nullptr;
PaStream *stream = nullptr;
err = Pa_OpenStream(&stream,
&inParams,
&outParams,
SAMPLE_RATE,
256,
paNoFlag,
audioCallback,
nullptr);
if (err != paNoError) {
std::cerr << CLR_RED "[sound] Pa_OpenStream error: " << Pa_GetErrorText(err) << CLR_RESET "\n";
Pa_Terminate();
return;
}
err = Pa_StartStream(stream);
if (err != paNoError) {
std::cerr << CLR_RED "[sound] Pa_StartStream error: " << Pa_GetErrorText(err) << CLR_RESET "\n";
Pa_CloseStream(stream);
Pa_Terminate();
return;
}
std::cout << CLR_BLUE "[sound] Старт записи/воспроизведения (3 сек)...\n" CLR_RESET;
Pa_Sleep(CAPTURE_SECONDS * 1000);
Pa_StopStream(stream);
Pa_CloseStream(stream);
Pa_Terminate();
std::cout << CLR_BLUE "[sound] Остановка аудиопотока...\n" CLR_RESET;
auto received = bfskDemodulate(gInputBuffer);
if (!received.empty()) {
if (received.size() >= 33 && received[0] == 'E') {
uint8_t otherPub[32];
std::memcpy(otherPub, received.data() + 1, 32);
x25519ComputeShared(config, otherPub);
std::cout << CLR_GREEN "[x25519] Общий сеансовый ключ вычислен!\n" CLR_RESET;
} else {
std::cout << CLR_YELLOW "[sound] Получены " << received.size()
<< " байт, но не формат 'E' + 32 байта.\n" CLR_RESET;
}
} else {
std::cout << CLR_YELLOW "[sound] Ничего не демодулировано.\n" CLR_RESET;
}
gSoundActive = false;
}
void soundFind(AppConfig &config) {
if (config.soundExchangeActive) {
std::cout << CLR_YELLOW "[sound] Уже идёт процесс.\n" CLR_RESET;
return;
}
config.soundExchangeActive = true;
gSoundActive = true;
x25519GenerateEphemeral(config);
std::vector<unsigned char> packet;
packet.push_back('E');
packet.insert(packet.end(), config.ephemeralPub, config.ephemeralPub + 32);
gOutputBuffer = bfskModulate(packet);
gReadPos = 0;
gInputBuffer.clear();
gInputBuffer.resize(SAMPLE_RATE * CAPTURE_SECONDS, 0.0f);
gWritePos = 0;
gSoundThread = std::thread(soundThreadFunc, config);
std::cout << CLR_GREEN "[sound] Отправляем свой публичный ключ X25519 и слушаем!\n" CLR_RESET;
}
void soundLose(AppConfig &config) {
if (!config.soundExchangeActive) {
std::cout << CLR_YELLOW "[sound] Процесс не активен.\n" CLR_RESET;
return;
}
config.soundExchangeActive = false;
if (gSoundActive) {
gSoundActive = false;
}
if (gSoundThread.joinable()) {
gSoundThread.join();
}
std::cout << CLR_GREEN "[sound] Процесс остановлен.\n" CLR_RESET;
}

6
sound.hpp Normal file
View File

@ -0,0 +1,6 @@
#pragma once
#include "config.hpp"
void soundFind(AppConfig &config);
void soundLose(AppConfig &config);

66
webserver.cpp Normal file
View File

@ -0,0 +1,66 @@
#include "webserver.hpp"
#include "config.hpp"
#include <iostream>
#include <thread>
#include <atomic>
#include "libs/httplib.h"
static std::atomic<bool> g_serverRunning{false};
static std::thread g_serverThread;
static void serverThreadFunc() {
httplib::Server svr;
svr.Get("/", [](const httplib::Request&, httplib::Response &res){
res.set_content("Hello from Cerberus BFSK!", "text/plain");
});
if (!svr.listen("0.0.0.0", 8080)) {
std::cerr << CLR_RED "[web] Ошибка listen(8080). Возможно, порт занят.\n" CLR_RESET;
}
g_serverRunning = false;
}
void webServerStart(AppConfig &config) {
if (config.webServerRunning) {
std::cout << CLR_YELLOW "[web] Сервер уже запущен.\n" CLR_RESET;
return;
}
g_serverRunning = true;
g_serverThread = std::thread(serverThreadFunc);
config.webServerRunning = true;
std::cout << CLR_GREEN "[web] Сервер запущен на порту 8080.\n" CLR_RESET;
}
void webServerConnect(AppConfig &config, const std::string &type, const std::string &ip) {
if (!config.webServerRunning) {
std::cout << CLR_YELLOW "[web] Сначала запустите сервер (web start)\n" CLR_RESET;
return;
}
httplib::Client cli(ip.c_str(), 8080);
if (auto res = cli.Get("/")) {
if (res->status == 200) {
std::cout << CLR_CYAN "[web] Ответ от " << ip << ": " << res->body << CLR_RESET "\n";
} else {
std::cout << CLR_YELLOW "[web] Подключились, статус: " << res->status << CLR_RESET "\n";
}
} else {
std::cout << CLR_RED "[web] Не удалось подключиться к " << ip << ":8080.\n" CLR_RESET;
}
}
void webServerStop(AppConfig &config) {
if (!config.webServerRunning) {
std::cout << CLR_YELLOW "[web] Сервер не запущен.\n" CLR_RESET;
return;
}
g_serverRunning = false;
if (g_serverThread.joinable()) {
g_serverThread.detach();
}
config.webServerRunning = false;
std::cout << CLR_GREEN "[web] Сервер остановлен (демо).\n" CLR_RESET;
}

7
webserver.hpp Normal file
View File

@ -0,0 +1,7 @@
#pragma once
#include "config.hpp"
#include <string>
void webServerStart(AppConfig &config);
void webServerConnect(AppConfig &config, const std::string &type, const std::string &ip);
void webServerStop(AppConfig &config);

34
x25519_handshake.cpp Normal file
View File

@ -0,0 +1,34 @@
#include "x25519_handshake.hpp"
#include "config.hpp"
extern "C" {
#include "libs/monocypher.h"
}
#include <cstdio>
#include <cstring>
#include <iostream>
void x25519GenerateEphemeral(AppConfig &config) {
FILE* f = fopen("/dev/urandom", "rb");
if (!f) {
std::cerr << "[x25519] Не удалось открыть /dev/urandom\n";
return;
}
fread(config.ephemeralSec, 1, 32, f);
fclose(f);
crypto_x25519_public_key(config.ephemeralPub, config.ephemeralSec);
memset(config.sharedSecret, 0, 32);
config.haveSharedSecret = false;
}
void x25519ComputeShared(AppConfig &config, const uint8_t otherPub[32]) {
uint8_t shared[32];
crypto_x25519(shared, config.ephemeralSec, otherPub);
memcpy(config.sharedSecret, shared, 32);
config.haveSharedSecret = true;
std::cout << "[x25519] Получен общий сеансовый ключ (32 байта).\n";
}

9
x25519_handshake.hpp Normal file
View File

@ -0,0 +1,9 @@
#pragma once
#include <cstdint>
#include <vector>
#include "config.hpp"
void x25519GenerateEphemeral(AppConfig &config);
void x25519ComputeShared(AppConfig &config, const uint8_t otherPub[32]);