pip/libs/crypt/picrypt.cpp

/*
    PIP - Platform Independent Primitives
    Cryptographic class using lib Sodium
    Andrey Bychkov work.a.b@yandex.ru

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU Lesser General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Lesser General Public License for more details.

    You should have received a copy of the GNU Lesser General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "picrypt.h"

#include "pitranslator.h"
#include <sodium.h>


namespace {
constexpr char hash_def_key[]   = "_picrypt_\0\0\0\0\0\0\0";
constexpr int hash_def_key_size = 9;
} // namespace


PICrypt::PICrypt() {
	if (!init()) {
		piCout << "[PICrypt]"
			   << "Error while initialize sodium!"_tr("PICrypt");
	}
	nonce_.resize(crypto_secretbox_NONCEBYTES);
	key_.resize(crypto_secretbox_KEYBYTES);
	randombytes_buf(key_.data(), key_.size());
	randombytes_buf(nonce_.data(), nonce_.size());
}

PICrypt::~PICrypt() {
	key_.fill(0);
	nonce_.fill(0);
}


bool PICrypt::setKey(const PIByteArray & _key) {
	if (_key.size() != key_.size()) return false;
	key_ = _key;
	return true;
}


bool PICrypt::setKey(const PIString & secret) {;
	key_ = hash(secret);
	return key_.isNotEmpty();
}


PIByteArray PICrypt::crypt(const PIByteArray & data) {
	PIByteArray ret;
	ret.resize(data.size() + crypto_secretbox_MACBYTES);
	randombytes_buf(nonce_.data(), nonce_.size());
	if (crypto_secretbox_easy(ret.data(), data.data(), data.size(), nonce_.data(), key_.data()) != 0) {
		ret.clear();
	} else {
		ret.append(nonce_);
	}
	return ret;
}


PIByteArray PICrypt::crypt(const PIByteArray & data, PIByteArray key) {
	if (!init()) {
		key.fill(0);
		return PIByteArray();
	}
	if (key.size() != crypto_secretbox_KEYBYTES) key.resize(crypto_secretbox_KEYBYTES, ' ');
	PIByteArray n;
	n.resize(crypto_secretbox_NONCEBYTES);
	PIByteArray ret;
	ret.resize(data.size() + crypto_secretbox_MACBYTES);
	randombytes_buf(n.data(), n.size());
	if (crypto_secretbox_easy(ret.data(), data.data(), data.size(), n.data(), key.data()) != 0) {
		ret.clear();
	} else {
		ret.append(n);
	}
	key.fill(0);
	return ret;
}


PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, bool * ok) {
	if (crypt_data.size() < nonce_.size() + crypto_secretbox_MACBYTES) {
		if (ok) *ok = false;
		return PIByteArray();
	}
	const ullong data_size = crypt_data.size() - nonce_.size();
	PIByteArray ret;
	ret.resize(data_size - crypto_secretbox_MACBYTES);
	memcpy(nonce_.data(), crypt_data.data(data_size), nonce_.size());
	if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), data_size, nonce_.data(), key_.data()) != 0) {
		// Bad key
		if (ok) *ok = false;
		ret.clear();
	} else if (ok) {
		*ok = true;
	}
	return ret;
}


PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, PIByteArray key, bool * ok) {
	if (!init()) {
		key.fill(0);
		return PIByteArray();
	}
	if (crypt_data.size() < crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES) {
		if (ok) *ok = false;
		key.fill(0);
		return PIByteArray();
	}
	if (key.size() != crypto_secretbox_KEYBYTES) key.resize(crypto_secretbox_KEYBYTES, ' ');
	PIByteArray n;
	n.resize(crypto_secretbox_NONCEBYTES);
	const ullong data_size = crypt_data.size() - n.size();
	PIByteArray ret;
	ret.resize(data_size - crypto_secretbox_MACBYTES);
	memcpy(n.data(), crypt_data.data(data_size), n.size());
	if (crypto_secretbox_open_easy(ret.data(), crypt_data.data(), data_size, n.data(), key.data()) != 0) {
		// Bad key
		if (ok) *ok = false;
		ret.clear();
	} else if (ok) {
		*ok = true;
	}
	key.fill(0);
	return ret;
}


PIByteArray PICrypt::hash(PIString secret) {
	if (!init()) return {};
	PIByteArray s = secret.toUTF8();
	PIByteArray h = hash(s);
	memset(const_cast<char *>(secret.data()), 0, s.size());
	secret.fill('\0');
	s.fill(0);
	return h;
}


PIByteArray PICrypt::hash(const PIByteArray & data) {
	if (!init()) return {};
	PIByteArray h;
	h.resize(crypto_generichash_BYTES);
	crypto_generichash(h.data(), h.size(), data.data(), data.size(), (const uchar *)hash_def_key, hash_def_key_size);
	return h;
}


PIByteArray PICrypt::hash(const PIByteArray & data, const unsigned char * key, size_t keylen) {
	PIByteArray hash;
	if (!init()) return hash;
	hash.resize(crypto_generichash_BYTES);
	crypto_generichash(hash.data(), hash.size(), data.data(), data.size(), key, keylen);
	return hash;
}


size_t PICrypt::sizeHash() {
	return crypto_generichash_BYTES;
}


ullong PICrypt::shorthash(const PIString & s, PIByteArray key) {
	ullong hash = 0;
	if (!init()) {
		key.fill(0);
		return hash;
	}
	if (crypto_shorthash_BYTES != sizeof(hash))
		piCout << "[PICrypt]"
			   << "internal error: bad hash size"_tr("PICrypt");
	if (key.size() != crypto_shorthash_KEYBYTES) {
		piCout << "[PICrypt]"
			   << "invalid key size %1, should be %2, filled with zeros"_tr("PICrypt").arg(key.size()).arg(crypto_shorthash_KEYBYTES);
		key.resize(crypto_shorthash_KEYBYTES, 0);
	}
	PIByteArray in(s.data(), s.size());
	crypto_shorthash((uchar *)&hash, in.data(), in.size(), key.data());
	key.fill(0);
	return hash;
}


PIByteArray PICrypt::generateKey() {
	return generateRandomBuff(sizeKey());
}


PIByteArray PICrypt::generateRandomBuff(int size) {
	PIByteArray hash;
	if (!init() || size <= 0) return hash;
	hash.resize(size);
	randombytes_buf(hash.data(), hash.size());
	return hash;
}


size_t PICrypt::sizeKey() {
	return crypto_secretbox_KEYBYTES;
}


size_t PICrypt::sizeCrypt() {
	return crypto_secretbox_MACBYTES + crypto_secretbox_NONCEBYTES;
}


bool PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key) {
	if (!init()) return false;
	public_key.resize(crypto_sign_PUBLICKEYBYTES);
	secret_key.resize(crypto_sign_SECRETKEYBYTES);
	return crypto_sign_keypair(public_key.data(), secret_key.data()) == 0;
}


bool PICrypt::generateSignKeys(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
	if (!init() || seed.isEmpty()) return false;
	public_key.resize(crypto_sign_PUBLICKEYBYTES);
	secret_key.resize(crypto_sign_SECRETKEYBYTES);
	return crypto_sign_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data()) == 0;
}


PIByteArray PICrypt::extractSignPublicKey(const PIByteArray & secret_key) {
	PIByteArray pk;
	if (!init() || secret_key.size() != crypto_sign_SECRETKEYBYTES) return pk;
	pk.resize(crypto_sign_PUBLICKEYBYTES);
	if (crypto_sign_ed25519_sk_to_pk(pk.data(), secret_key.data()) != 0) {
		pk.clear();
	}
	return pk;
}


PIByteArray PICrypt::signMessage(const PIByteArray & data, const PIByteArray & secret_key) {
	PIByteArray sign;
	if (!init()) return sign;
	sign.resize(crypto_sign_BYTES);
	if (crypto_sign_detached(sign.data(), 0, data.data(), data.size(), secret_key.data()) != 0) {
		sign.clear();
	}
	return sign;
}


bool PICrypt::verifySign(const PIByteArray & data, const PIByteArray & signature, const PIByteArray & public_key) {
	if (!init()) return false;
	return (crypto_sign_verify_detached(signature.data(), data.data(), data.size(), public_key.data()) == 0);
	return false;
}


bool PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key) {
	if (!init()) return false;
	public_key.resize(crypto_box_PUBLICKEYBYTES);
	secret_key.resize(crypto_box_SECRETKEYBYTES);
	return crypto_box_keypair(public_key.data(), secret_key.data()) == 0;
}


bool PICrypt::generateKeypair(PIByteArray & public_key, PIByteArray & secret_key, const PIByteArray & seed) {
	if (!init()) return false;
	public_key.resize(crypto_box_PUBLICKEYBYTES);
	secret_key.resize(crypto_box_SECRETKEYBYTES);
	return crypto_box_seed_keypair(public_key.data(), secret_key.data(), hash(seed).data()) == 0;
}


PIByteArray PICrypt::crypt(const PIByteArray & data, const PIByteArray & public_key, const PIByteArray & secret_key) {
	if (!init()) return PIByteArray();
	if (public_key.size() != crypto_box_PUBLICKEYBYTES) return PIByteArray();
	if (secret_key.size() != crypto_box_SECRETKEYBYTES) return PIByteArray();
	PIByteArray n;
	n.resize(crypto_box_NONCEBYTES);
	PIByteArray ret;
	ret.resize(data.size() + crypto_box_MACBYTES);
	randombytes_buf(n.data(), n.size());
	if (crypto_box_easy(ret.data(), data.data(), data.size(), n.data(), public_key.data(), secret_key.data()) != 0) {
		return PIByteArray();
	}
	ret.append(n);
	return ret;
}


PIByteArray PICrypt::decrypt(const PIByteArray & crypt_data, const PIByteArray & public_key, const PIByteArray & secret_key, bool * ok) {
	if (!init()) {
		if (ok) *ok = false;
		return PIByteArray();
	}
	if (public_key.size() != crypto_box_PUBLICKEYBYTES) {
		if (ok) *ok = false;
		return PIByteArray();
	}
	if (secret_key.size() != crypto_box_SECRETKEYBYTES) {
		if (ok) *ok = false;
		return PIByteArray();
	}
	if (crypt_data.size() < crypto_box_NONCEBYTES + crypto_box_MACBYTES) {
		if (ok) *ok = false;
		return PIByteArray();
	}
	PIByteArray n;
	n.resize(crypto_secretbox_NONCEBYTES);
	const ullong data_size = crypt_data.size() - n.size();
	PIByteArray ret;
	ret.resize(data_size - crypto_secretbox_MACBYTES);
	memcpy(n.data(), crypt_data.data(data_size), n.size());
	if (crypto_box_open_easy(ret.data(), crypt_data.data(), data_size, n.data(), public_key.data(), secret_key.data()) != 0) {
		// Bad key
		if (ok) *ok = false;
		ret.clear();
	} else if (ok) {
		*ok = true;
	}
	return ret;
}


PIByteArray PICrypt::passwordHash(PIString password, const PIByteArray & seed) {
#ifdef crypto_pwhash_ALG_ARGON2I13
	PIByteArray pass = password.toUTF8();
	PIByteArray n    = hash(seed);
	PIByteArray ph;
	ph.resize(crypto_box_SEEDBYTES);
	n.resize(crypto_pwhash_SALTBYTES);
	int r = crypto_pwhash(ph.data(),
	                      ph.size(),
	                      (const char *)pass.data(),
	                      pass.size(),
	                      n.data(),
	                      crypto_pwhash_argon2i_opslimit_moderate(),
	                      crypto_pwhash_argon2i_memlimit_moderate(),
	                      crypto_pwhash_ALG_ARGON2I13);
	pass.fill(0);
	memset(const_cast<char *>(password.data()), 0, pass.size());
	password.fill('\0');
	if (r != 0) return PIByteArray();
	return ph;
#else
	piCout << "[PICrypt] Error, ALG_ARGON2I13 not availible!";
	return PIByteArray();
#endif
}


PIString PICrypt::version() {
	return SODIUM_VERSION_STRING;
}


bool PICrypt::init() {
	static bool inited = false;
	if (inited) return true;
	// piCout << "[PICrypt]" << "init ...";
	inited = sodium_init();
	if (!inited) inited = sodium_init();
	// piCout << "[PICrypt]" << "init" << inited;
	return inited;
}