search

jedisct1 / libsodium

A modern, portable, easy to use crypto library.
https://libsodium.org
Other
12.06k stars 1.72k forks source link

64 bytes for the hash in `crypto_box_curve25519xsalsa20poly1305_seed_keypair(..)`? #1353

Closed getify closed 4 months ago

getify commented 4 months ago

I'm trying to understand this line: https://github.com/jedisct1/libsodium/blob/4cdcefaff250af42663eb202c1daf49ea4d7ad7e/src/libsodium/crypto_box/curve25519xsalsa20poly1305/box_curve25519xsalsa20poly1305.c#L16

The rest of that function only uses 32 bytes, so I'm wondering what's the significance/reason for declaring the hash to be 64 bytes wide instead of 32 bytes?

Is it because the [sha512(..) function}(https://github.com/jedisct1/libsodium/blob/4cdcefaff250af42663eb202c1daf49ea4d7ad7e/src/libsodium/crypto_hash/sha512/cp/hash_sha512_cp.c#L274) actually needs/uses all 64 bytes for is operation, even though we only end up using the first 32 bytes from it?

jedisct1 commented 4 months ago

Yes, the output of the sha512 function is 64 bytes, so a 64 byte buffer is needed.

This issue tracker is for tracking bugs. For general questions, please use the discussions section.