Merge pull request #3 from duckduckgo/cristian/add_seal_methods

adds connect flow required native methods
duckduckgo · Mar 14, 2023 · cc2b7ba · cc2b7ba
2 parents df75167 + dc7c7a3
commit cc2b7ba
Show file tree

Hide file tree

Showing 2 changed files with 93 additions and 0 deletions.
diff --git a/native_lib/DDGSyncCrypto.c b/native_lib/DDGSyncCrypto.c
@@ -113,6 +113,17 @@ DDGSyncCryptoResult ddgSyncPrepareForLogin(
     return DDGSYNCCRYPTO_OK;
 }
 
+DDGSyncCryptoResult ddgSyncPrepareForConnect(
+    unsigned char primaryKey[DDGSYNCCRYPTO_PUBLIC_KEY_SIZE],
+    unsigned char secretKey[DDGSYNCCRYPTO_PRIVATE_KEY_SIZE]) {
+
+    if (0 != crypto_box_keypair(primaryKey, secretKey)) {
+        return DDGSYNCCRYPTO_CONNECT_KEY_FAILED;
+    }
+
+    return DDGSYNCCRYPTO_OK;
+}
+
 DDGSyncCryptoResult ddgSyncEncrypt(
     unsigned char *encryptedBytes,
     unsigned char *rawBytes,
@@ -146,5 +157,40 @@ extern DDGSyncCryptoResult ddgSyncDecrypt(
         return DDGSYNCCRYPTO_DECRYPTION_FAILED;
     }
 
+    return DDGSYNCCRYPTO_OK;
+}
+
+DDGSyncCryptoResult ddgSyncSeal(
+    unsigned char *sealed,
+    unsigned char primaryKey[DDGSYNCCRYPTO_PUBLIC_KEY_SIZE],
+    unsigned char *message,
+    unsigned long long messageLength) {
+
+    unsigned char output[crypto_box_SEALBYTES + messageLength];
+
+    if (crypto_box_seal(output, message, messageLength, primaryKey) != 0) {
+        return DDGSYNCCRYPTO_SEAL_FAILED;
+    }
+
+    memcpy(sealed, output, crypto_box_SEALBYTES + messageLength);
+
+    return DDGSYNCCRYPTO_OK;
+}
+
+DDGSyncCryptoResult ddgSyncSealOpen(
+    unsigned char *cyphertext,
+    unsigned long long cypherTextLength,
+    unsigned char primaryKey[DDGSYNCCRYPTO_PUBLIC_KEY_SIZE],
+    unsigned char secretKey[DDGSYNCCRYPTO_PRIVATE_KEY_SIZE],
+    unsigned char *rawBytes) {
+
+    unsigned char decrypted[cypherTextLength - crypto_box_SEALBYTES];
+
+    if (crypto_box_seal_open(decrypted, cyphertext, cypherTextLength, primaryKey, secretKey) != 0) {
+        return DDGSYNCCRYPTO_SEAL_FAILED;
+    }
+
+    memcpy(rawBytes, decrypted, cypherTextLength - crypto_box_SEALBYTES);
+
     return DDGSYNCCRYPTO_OK;
 }
diff --git a/native_lib/DDGSyncCrypto.h b/native_lib/DDGSyncCrypto.h
@@ -12,6 +12,8 @@ typedef enum : int {
     DDGSYNCCRYPTO_STRETCHED_PRIMARY_KEY_SIZE = 32,
     DDGSYNCCRYPTO_PROTECTED_SECRET_KEY_SIZE = (crypto_secretbox_MACBYTES + DDGSYNCCRYPTO_STRETCHED_PRIMARY_KEY_SIZE + crypto_secretbox_NONCEBYTES),
     DDGSYNCCRYPTO_ENCRYPTED_EXTRA_BYTES_SIZE = (crypto_secretbox_MACBYTES + crypto_secretbox_NONCEBYTES),
+    DDGSYNCCRYPTO_PUBLIC_KEY_SIZE = crypto_box_PUBLICKEYBYTES,
+    DDGSYNCCRYPTO_PRIVATE_KEY_SIZE = crypto_box_SECRETKEYBYTES,
 } DDGSyncCryptoSizes;
 
 typedef enum : int {
@@ -25,6 +27,8 @@ typedef enum : int {
     DDGSYNCCRYPTO_CREATE_PROTECTED_SECRET_KEY_FAILED,
     DDGSYNCCRYPTO_ENCRYPTION_FAILED,
     DDGSYNCCRYPTO_DECRYPTION_FAILED,
+    DDGSYNCCRYPTO_CONNECT_KEY_FAILED,
+    DDGSYNCCRYPTO_SEAL_FAILED,
 } DDGSyncCryptoResult;
 
 /**
@@ -59,6 +63,17 @@ extern DDGSyncCryptoResult ddgSyncPrepareForLogin(
     unsigned char primaryKey[DDGSYNCCRYPTO_PRIMARY_KEY_SIZE]
 );
 
+/**
+ * Creates a secret key and a corresponding public key used during connect flow.
+ *
+ * @param primaryKey OUT
+ * @param secretKey OUT
+ */
+DDGSyncCryptoResult ddgSyncPrepareForConnect(
+    unsigned char primaryKey[DDGSYNCCRYPTO_PUBLIC_KEY_SIZE],
+    unsigned char secretKey[DDGSYNCCRYPTO_PRIVATE_KEY_SIZE]
+);
+
 /**
  * @param encryptedBytes OUT - the size of this should be equal to the size of data to encrypt, plus crypto_secretbox_MACBYTES (16 bytes) plus crypto_secretbox_NONCEBYTES (16).  The output will be the encrypted data, plus MAC, plus nonce.
  * @param rawBytes IN - the data to be encrypted.  Should be of size specified by rawDataLength
@@ -85,4 +100,36 @@ extern DDGSyncCryptoResult ddgSyncDecrypt(
     unsigned char *secretKey
 );
 
+/**
+ * Used to encrypt a message. It's expected to use a public key generated using ddgSyncPrepareForConnect.
+ *
+ * @param sealed OUT - the size of this should be equal to the size of data to encrypt, plus crypto_box_SEALBYTES.
+ * @param primaryKey IN - the key used for encryption (assumed to be of length DDGSYNCCRYPTO_PUBLIC_KEY_SIZE)
+ * @param message IN - the data to be encrypted.  Should be of size specified by rawDataLength
+ * @param messageLength IN - the length of the data to be encrypted
+ */
+extern DDGSyncCryptoResult ddgSyncSeal(
+    unsigned char *sealed,
+    unsigned char primaryKey[DDGSYNCCRYPTO_PUBLIC_KEY_SIZE],
+    unsigned char *message,
+    unsigned long long messageLength
+);
+
+/**
+ * Used to decrypt a message from another device. It's expected to use a key pair generated using ddgSyncPrepareForConnect.
+ *
+ * @param cyphertext OUT - the decrypted data.  Should be of size specified by cypherTextLength - crypto_box_SEALBYTES.
+ * @param cypherTextLength IN - the length of the data to be decrypted
+ * @param primaryKey IN - the key used for encryption (assumed to be of length DDGSYNCCRYPTO_PUBLIC_KEY_SIZE)
+ * @param secretKey INT - the secret key (assumed to be of length DDGSYNCCRYPTO_PRIVATE_KEY_SIZE)
+ * @param rawBytes INT - the bytes to decrypt
+ */
+extern DDGSyncCryptoResult ddgSyncSealOpen(
+    unsigned char *cyphertext,
+    unsigned long long cypherTextLength,
+    unsigned char primaryKey[DDGSYNCCRYPTO_PUBLIC_KEY_SIZE],
+    unsigned char secretKey[DDGSYNCCRYPTO_PRIVATE_KEY_SIZE],
+    unsigned char *rawBytes
+);
+
 #endif /* DDGSyncCrypto_h */