From b071fcb81da77858205729f45314bf8a3ae736de Mon Sep 17 00:00:00 2001
From: Frank Denis <jedisct1@php.net>
Date: Wed, 12 Jul 2017 23:29:48 +0200
Subject: [PATCH] sodium ext: add bindings for keygen() functions

This is the recommended way to generate keys correctly for all operations
using a single key, since libsodium 1.0.12.
---
 ext/sodium/libsodium.c                 | 81 ++++++++++++++++++++++++++
 ext/sodium/php_libsodium.h             |  9 +++
 ext/sodium/tests/crypto_aead.phpt      | 15 +++--
 ext/sodium/tests/crypto_auth.phpt      |  2 +-
 ext/sodium/tests/crypto_secretbox.phpt |  2 +-
 ext/sodium/tests/crypto_stream.phpt    |  4 +-
 6 files changed, 101 insertions(+), 12 deletions(-)

diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c
index 6f71946fc18..4bce7605f02 100644
--- a/ext/sodium/libsodium.c
+++ b/ext/sodium/libsodium.c
@@ -252,6 +252,20 @@ const zend_function_entry sodium_functions[] = {
 	PHP_FE(sodium_memcmp, AI_TwoStrings)
 	PHP_FE(sodium_memzero, AI_FirstArgByReferenceSecondLength)
 
+#ifdef HAVE_AESGCM
+	PHP_FE(sodium_crypto_aead_aes256gcm_keygen, AI_None)
+#endif
+	PHP_FE(sodium_crypto_aead_chacha20poly1305_keygen, AI_None)
+	PHP_FE(sodium_crypto_aead_chacha20poly1305_ietf_keygen, AI_None)
+#ifdef crypto_aead_xchacha20poly1305_IETF_NPUBBYTES
+	PHP_FE(sodium_crypto_aead_xchacha20poly1305_ietf_keygen, AI_None)
+#endif
+	PHP_FE(sodium_crypto_auth_keygen, AI_None)
+	PHP_FE(sodium_crypto_generichash_keygen, AI_None)
+	PHP_FE(sodium_crypto_secretbox_keygen, AI_None)
+	PHP_FE(sodium_crypto_shorthash_keygen, AI_None)
+	PHP_FE(sodium_crypto_stream_keygen, AI_None)
+
 	PHP_FALIAS(sodium_crypto_scalarmult_base, sodium_crypto_box_publickey_from_secretkey, AI_TwoStrings)
 
 	PHP_FE_END
@@ -2794,6 +2808,73 @@ PHP_FUNCTION(sodium_compare)
 }
 #endif
 
+#ifdef HAVE_AESGCM
+PHP_FUNCTION(sodium_crypto_aead_aes256gcm_keygen)
+{
+	unsigned char key[crypto_aead_aes256gcm_KEYBYTES];
+	randombytes_buf(key, sizeof key);
+	RETURN_STRINGL((const char *) key, sizeof key);
+}
+#endif
+
+PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_keygen)
+{
+	unsigned char key[crypto_aead_chacha20poly1305_KEYBYTES];
+	randombytes_buf(key, sizeof key);
+	RETURN_STRINGL((const char *) key, sizeof key);
+}
+
+PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_keygen)
+{
+	unsigned char key[crypto_aead_chacha20poly1305_ietf_KEYBYTES];
+	randombytes_buf(key, sizeof key);
+	RETURN_STRINGL((const char *) key, sizeof key);
+}
+
+#ifdef crypto_aead_xchacha20poly1305_IETF_NPUBBYTES
+PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_keygen)
+{
+	unsigned char key[crypto_aead_xchacha20poly1305_ietf_KEYBYTES];
+	randombytes_buf(key, sizeof key);
+	RETURN_STRINGL((const char *) key, sizeof key);
+}
+#endif
+
+PHP_FUNCTION(sodium_crypto_auth_keygen)
+{
+	unsigned char key[crypto_auth_KEYBYTES];
+	randombytes_buf(key, sizeof key);
+	RETURN_STRINGL((const char *) key, sizeof key);
+}
+
+PHP_FUNCTION(sodium_crypto_generichash_keygen)
+{
+	unsigned char key[crypto_generichash_KEYBYTES];
+	randombytes_buf(key, sizeof key);
+	RETURN_STRINGL((const char *) key, sizeof key);
+}
+
+PHP_FUNCTION(sodium_crypto_secretbox_keygen)
+{
+	unsigned char key[crypto_secretbox_KEYBYTES];
+	randombytes_buf(key, sizeof key);
+	RETURN_STRINGL((const char *) key, sizeof key);
+}
+
+PHP_FUNCTION(sodium_crypto_shorthash_keygen)
+{
+	unsigned char key[crypto_shorthash_KEYBYTES];
+	randombytes_buf(key, sizeof key);
+	RETURN_STRINGL((const char *) key, sizeof key);
+}
+
+PHP_FUNCTION(sodium_crypto_stream_keygen)
+{
+	unsigned char key[crypto_stream_KEYBYTES];
+	randombytes_buf(key, sizeof key);
+	RETURN_STRINGL((const char *) key, sizeof key);
+}
+
 /*
  * Local variables:
  * tab-width: 4
diff --git a/ext/sodium/php_libsodium.h b/ext/sodium/php_libsodium.h
index 52a19cc1329..a4713e2370a 100644
--- a/ext/sodium/php_libsodium.h
+++ b/ext/sodium/php_libsodium.h
@@ -40,13 +40,18 @@ PHP_FUNCTION(sodium_compare);
 PHP_FUNCTION(sodium_crypto_aead_aes256gcm_decrypt);
 PHP_FUNCTION(sodium_crypto_aead_aes256gcm_encrypt);
 PHP_FUNCTION(sodium_crypto_aead_aes256gcm_is_available);
+PHP_FUNCTION(sodium_crypto_aead_aes256gcm_keygen);
 PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_decrypt);
 PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_encrypt);
+PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_keygen);
 PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_decrypt);
 PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_encrypt);
+PHP_FUNCTION(sodium_crypto_aead_chacha20poly1305_ietf_keygen);
 PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_decrypt);
 PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_encrypt);
+PHP_FUNCTION(sodium_crypto_aead_xchacha20poly1305_ietf_keygen);
 PHP_FUNCTION(sodium_crypto_auth);
+PHP_FUNCTION(sodium_crypto_auth_keygen);
 PHP_FUNCTION(sodium_crypto_auth_verify);
 PHP_FUNCTION(sodium_crypto_box);
 PHP_FUNCTION(sodium_crypto_box_keypair);
@@ -61,6 +66,7 @@ PHP_FUNCTION(sodium_crypto_box_seed_keypair);
 PHP_FUNCTION(sodium_crypto_generichash);
 PHP_FUNCTION(sodium_crypto_generichash_final);
 PHP_FUNCTION(sodium_crypto_generichash_init);
+PHP_FUNCTION(sodium_crypto_generichash_keygen);
 PHP_FUNCTION(sodium_crypto_generichash_update);
 PHP_FUNCTION(sodium_crypto_kx_client_session_keys);
 PHP_FUNCTION(sodium_crypto_kx_keypair);
@@ -77,8 +83,10 @@ PHP_FUNCTION(sodium_crypto_pwhash_str_verify);
 PHP_FUNCTION(sodium_crypto_scalarmult);
 PHP_FUNCTION(sodium_crypto_scalarmult_base);
 PHP_FUNCTION(sodium_crypto_secretbox);
+PHP_FUNCTION(sodium_crypto_secretbox_keygen);
 PHP_FUNCTION(sodium_crypto_secretbox_open);
 PHP_FUNCTION(sodium_crypto_shorthash);
+PHP_FUNCTION(sodium_crypto_shorthash_keygen);
 PHP_FUNCTION(sodium_crypto_sign);
 PHP_FUNCTION(sodium_crypto_sign_detached);
 PHP_FUNCTION(sodium_crypto_sign_ed25519_pk_to_curve25519);
@@ -92,6 +100,7 @@ PHP_FUNCTION(sodium_crypto_sign_secretkey);
 PHP_FUNCTION(sodium_crypto_sign_seed_keypair);
 PHP_FUNCTION(sodium_crypto_sign_verify_detached);
 PHP_FUNCTION(sodium_crypto_stream);
+PHP_FUNCTION(sodium_crypto_stream_keygen);
 PHP_FUNCTION(sodium_crypto_stream_xor);
 PHP_FUNCTION(sodium_hex2bin);
 PHP_FUNCTION(sodium_increment);
diff --git a/ext/sodium/tests/crypto_aead.phpt b/ext/sodium/tests/crypto_aead.phpt
index 5c4a51d32c5..059eefbde84 100644
--- a/ext/sodium/tests/crypto_aead.phpt
+++ b/ext/sodium/tests/crypto_aead.phpt
@@ -11,7 +11,7 @@ echo "aead_chacha20poly1305:\n";
 
 $msg = random_bytes(random_int(1, 1000));
 $nonce = random_bytes(SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_NPUBBYTES);
-$key = random_bytes(SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_KEYBYTES);
+$key = sodium_crypto_aead_chacha20poly1305_keygen();
 $ad = random_bytes(random_int(1, 1000));
 
 $ciphertext = sodium_crypto_aead_chacha20poly1305_encrypt($msg, $ad, $nonce, $key);
@@ -34,7 +34,7 @@ if (SODIUM_LIBRARY_MAJOR_VERSION > 7 ||
 	 SODIUM_LIBRARY_MINOR_VERSION >= 6)) {
 	$msg = random_bytes(random_int(1, 1000));
 	$nonce = random_bytes(SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_NPUBBYTES);
-	$key = random_bytes(SODIUM_CRYPTO_AEAD_CHACHA20POLY1305_IETF_KEYBYTES);
+	$key = sodium_crypto_aead_chacha20poly1305_ietf_keygen();
 	$ad = random_bytes(random_int(1, 1000));
 
 	$ciphertext = sodium_crypto_aead_chacha20poly1305_ietf_encrypt($msg, $ad, $nonce, $key);
@@ -63,7 +63,7 @@ if (SODIUM_LIBRARY_MAJOR_VERSION > 9 ||
 	 SODIUM_LIBRARY_MINOR_VERSION >= 4)) {
 	$msg = random_bytes(random_int(1, 1000));
 	$nonce = random_bytes(SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NPUBBYTES);
-	$key = random_bytes(SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_KEYBYTES);
+	$key = sodium_crypto_aead_xchacha20poly1305_ietf_keygen();
 	$ad = random_bytes(random_int(1, 1000));
 
 	$ciphertext = sodium_crypto_aead_xchacha20poly1305_ietf_encrypt($msg, $ad, $nonce, $key);
@@ -87,12 +87,11 @@ if (SODIUM_LIBRARY_MAJOR_VERSION > 9 ||
 
 echo "aead_aes256gcm:\n";
 
-$msg = random_bytes(random_int(1, 1000));
-$nonce = random_bytes(SODIUM_CRYPTO_AEAD_AES256GCM_NPUBBYTES);
-$key = random_bytes(SODIUM_CRYPTO_AEAD_AES256GCM_KEYBYTES);
-$ad = random_bytes(random_int(1, 1000));
-
 if (sodium_crypto_aead_aes256gcm_is_available()) {
+	$msg = random_bytes(random_int(1, 1000));
+	$nonce = random_bytes(SODIUM_CRYPTO_AEAD_AES256GCM_NPUBBYTES);
+	$ad = random_bytes(random_int(1, 1000));
+	$key = sodium_crypto_aead_aes256gcm_keygen();
 	$ciphertext = sodium_crypto_aead_aes256gcm_encrypt($msg, $ad, $nonce, $key);
 	$msg2 = sodium_crypto_aead_aes256gcm_decrypt($ciphertext, $ad, $nonce, $key);
 	var_dump($ciphertext !== $msg);
diff --git a/ext/sodium/tests/crypto_auth.phpt b/ext/sodium/tests/crypto_auth.phpt
index b2017580669..067903cbb21 100644
--- a/ext/sodium/tests/crypto_auth.phpt
+++ b/ext/sodium/tests/crypto_auth.phpt
@@ -5,7 +5,7 @@ Check for libsodium auth
 --FILE--
 <?php
 $msg = random_bytes(1000);
-$key = random_bytes(SODIUM_CRYPTO_AUTH_KEYBYTES);
+$key = sodium_crypto_auth_keygen();
 $mac = sodium_crypto_auth($msg, $key);
 
 // This should validate
diff --git a/ext/sodium/tests/crypto_secretbox.phpt b/ext/sodium/tests/crypto_secretbox.phpt
index f4bf53ec617..ac34ea65ef1 100644
--- a/ext/sodium/tests/crypto_secretbox.phpt
+++ b/ext/sodium/tests/crypto_secretbox.phpt
@@ -5,7 +5,7 @@ Check for libsodium secretbox
 --FILE--
 <?php
 $nonce = random_bytes(SODIUM_CRYPTO_SECRETBOX_NONCEBYTES);
-$key = random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES);
+$key = sodium_crypto_secretbox_keygen();
 
 $a = sodium_crypto_secretbox('test', $nonce, $key);
 $x = sodium_crypto_secretbox_open($a, $nonce, $key);
diff --git a/ext/sodium/tests/crypto_stream.phpt b/ext/sodium/tests/crypto_stream.phpt
index 7439e289b8e..0bf481b73e6 100644
--- a/ext/sodium/tests/crypto_stream.phpt
+++ b/ext/sodium/tests/crypto_stream.phpt
@@ -5,7 +5,7 @@ Check for libsodium stream
 --FILE--
 <?php
 $nonce = random_bytes(SODIUM_CRYPTO_STREAM_NONCEBYTES);
-$key = random_bytes(SODIUM_CRYPTO_STREAM_KEYBYTES);
+$key = sodium_crypto_stream_keygen();
 
 $len = 100;
 $stream = sodium_crypto_stream($len, $nonce, $key);
@@ -16,7 +16,7 @@ $stream2 = sodium_crypto_stream($len, $nonce, $key);
 $nonce = random_bytes(SODIUM_CRYPTO_STREAM_NONCEBYTES);
 $stream3 = sodium_crypto_stream($len, $nonce, $key);
 
-$key = random_bytes(SODIUM_CRYPTO_STREAM_KEYBYTES);
+$key = sodium_crypto_stream_keygen();
 $stream4 = sodium_crypto_stream($len, $nonce, $key);
 
 var_dump($stream === $stream2);