docs: Add more documentation to crypto_core.

iphydf · iphydf · commit d55fc85ff57b · 2024-02-06T22:02:55.000Z
diff --git a/third_party/cmp b/third_party/cmp
@@ -1 +1 @@
-Subproject commit cc67a0eab0a7579dcb12ce1072066275d49787bf
+Subproject commit 643e6a62d4eb0ec2277de269cda33da02cba2756
diff --git a/toxcore/DHT.h b/toxcore/DHT.h
@@ -23,19 +23,6 @@
 extern "C" {
 #endif
 
-/* Encryption and signature keys definition */
-#define ENC_PUBLIC_KEY_SIZE CRYPTO_PUBLIC_KEY_SIZE
-#define ENC_SECRET_KEY_SIZE CRYPTO_SECRET_KEY_SIZE
-#define SIG_PUBLIC_KEY_SIZE CRYPTO_SIGN_PUBLIC_KEY_SIZE
-#define SIG_SECRET_KEY_SIZE CRYPTO_SIGN_SECRET_KEY_SIZE
-
-/* Size of the group chat_id */
-#define CHAT_ID_SIZE SIG_PUBLIC_KEY_SIZE
-
-/* Extended keys for group chats */
-#define EXT_SECRET_KEY_SIZE (ENC_SECRET_KEY_SIZE + SIG_SECRET_KEY_SIZE)
-#define EXT_PUBLIC_KEY_SIZE (ENC_PUBLIC_KEY_SIZE + SIG_PUBLIC_KEY_SIZE)
-
 /* Maximum size of a signature (may be smaller) */
 #define SIGNATURE_SIZE CRYPTO_SIGNATURE_SIZE
 /** Maximum number of clients stored per friend. */
diff --git a/toxcore/crypto_core.c b/toxcore/crypto_core.c
@@ -1,13 +1,8 @@
 /* SPDX-License-Identifier: GPL-3.0-or-later
- * Copyright © 2016-2018 The TokTok team.
+ * Copyright © 2016-2024 The TokTok team.
  * Copyright © 2013 Tox project.
  */
 
-/**
- * Functions for the core crypto.
- *
- * NOTE: This code has to be perfect. We don't mess around with encryption.
- */
 #include "crypto_core.h"
 
 #include <assert.h>
@@ -20,14 +15,6 @@
 #include "ccompat.h"
 #include "util.h"
 
-#ifndef crypto_box_MACBYTES
-#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)
-#endif /* crypto_box_MACBYTES */
-
-// Need dht because of ENC_SECRET_KEY_SIZE and ENC_PUBLIC_KEY_SIZE
-#define ENC_PUBLIC_KEY_SIZE CRYPTO_PUBLIC_KEY_SIZE
-#define ENC_SECRET_KEY_SIZE CRYPTO_SECRET_KEY_SIZE
-
 static_assert(CRYPTO_PUBLIC_KEY_SIZE == crypto_box_PUBLICKEYBYTES,
               "CRYPTO_PUBLIC_KEY_SIZE should be equal to crypto_box_PUBLICKEYBYTES");
 static_assert(CRYPTO_SECRET_KEY_SIZE == crypto_box_SECRETKEYBYTES,
@@ -58,7 +45,7 @@ static_assert(CRYPTO_SIGN_PUBLIC_KEY_SIZE == crypto_sign_PUBLICKEYBYTES,
 static_assert(CRYPTO_SIGN_SECRET_KEY_SIZE == crypto_sign_SECRETKEYBYTES,
               "CRYPTO_SIGN_SECRET_KEY_SIZE should be equal to crypto_sign_SECRETKEYBYTES");
 
-bool create_extended_keypair(uint8_t *pk, uint8_t *sk)
+bool create_extended_keypair(uint8_t pk[EXT_PUBLIC_KEY_SIZE], uint8_t sk[EXT_SECRET_KEY_SIZE])
 {
     /* create signature key pair */
     crypto_sign_keypair(pk + ENC_PUBLIC_KEY_SIZE, sk + ENC_SECRET_KEY_SIZE);
@@ -165,7 +152,7 @@ void pk_copy(uint8_t dest[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t src[CRYPTO_PUBL
     memcpy(dest, src, CRYPTO_PUBLIC_KEY_SIZE);
 }
 
-bool crypto_sha512_eq(const uint8_t *cksum1, const uint8_t *cksum2)
+bool crypto_sha512_eq(const uint8_t cksum1[CRYPTO_SHA512_SIZE], const uint8_t cksum2[CRYPTO_SHA512_SIZE])
 {
 #if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
     // Hope that this is better for the fuzzer
@@ -175,7 +162,7 @@ bool crypto_sha512_eq(const uint8_t *cksum1, const uint8_t *cksum2)
 #endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
 }
 
-bool crypto_sha256_eq(const uint8_t *cksum1, const uint8_t *cksum2)
+bool crypto_sha256_eq(const uint8_t cksum1[CRYPTO_SHA256_SIZE], const uint8_t cksum2[CRYPTO_SHA256_SIZE])
 {
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
     // Hope that this is better for the fuzzer
@@ -218,26 +205,29 @@ uint32_t random_range_u32(const Random *rng, uint32_t upper_bound)
     return rng->funcs->random_uniform(rng->obj, upper_bound);
 }
 
-bool crypto_signature_create(uint8_t *signature, const uint8_t *message, uint64_t message_length,
-                             const uint8_t *secret_key)
+bool crypto_signature_create(uint8_t signature[CRYPTO_SIGNATURE_SIZE],
+                             const uint8_t *message, uint64_t message_length,
+                             const uint8_t secret_key[SIG_SECRET_KEY_SIZE])
 {
     return crypto_sign_detached(signature, nullptr, message, message_length, secret_key) == 0;
 }
 
-bool crypto_signature_verify(const uint8_t *signature, const uint8_t *message, uint64_t message_length,
-                             const uint8_t *public_key)
+bool crypto_signature_verify(const uint8_t signature[CRYPTO_SIGNATURE_SIZE],
+                             const uint8_t *message, uint64_t message_length,
+                             const uint8_t public_key[SIG_PUBLIC_KEY_SIZE])
 {
     return crypto_sign_verify_detached(signature, message, message_length, public_key) == 0;
 }
 
-bool public_key_valid(const uint8_t *public_key)
+bool public_key_valid(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE])
 {
     /* Last bit of key is always zero. */
     return public_key[31] < 128;
 }
 
-int32_t encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key,
-                           uint8_t *shared_key)
+int32_t encrypt_precompute(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],
+                           const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE],
+                           uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE])
 {
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
     memcpy(shared_key, public_key, CRYPTO_SHARED_KEY_SIZE);
@@ -247,7 +237,8 @@ int32_t encrypt_precompute(const uint8_t *public_key, const uint8_t *secret_key,
 #endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
 }
 
-int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce,
+int32_t encrypt_data_symmetric(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE],
+                               const uint8_t nonce[CRYPTO_NONCE_SIZE],
                                const uint8_t *plain, size_t length, uint8_t *encrypted)
 {
     if (length == 0 || shared_key == nullptr || nonce == nullptr || plain == nullptr || encrypted == nullptr) {
@@ -299,7 +290,8 @@ int32_t encrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce,
     return (int32_t)(length + crypto_box_MACBYTES);
 }
 
-int32_t decrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce,
+int32_t decrypt_data_symmetric(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE],
+                               const uint8_t nonce[CRYPTO_NONCE_SIZE],
                                const uint8_t *encrypted, size_t length, uint8_t *plain)
 {
     if (length <= crypto_box_BOXZEROBYTES || shared_key == nullptr || nonce == nullptr || encrypted == nullptr
@@ -350,7 +342,9 @@ int32_t decrypt_data_symmetric(const uint8_t *shared_key, const uint8_t *nonce,
     return (int32_t)(length - crypto_box_MACBYTES);
 }
 
-int32_t encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce,
+int32_t encrypt_data(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],
+                     const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE],
+                     const uint8_t nonce[CRYPTO_NONCE_SIZE],
                      const uint8_t *plain, size_t length, uint8_t *encrypted)
 {
     if (public_key == nullptr || secret_key == nullptr) {
@@ -364,7 +358,9 @@ int32_t encrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const
     return ret;
 }
 
-int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const uint8_t *nonce,
+int32_t decrypt_data(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],
+                     const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE],
+                     const uint8_t nonce[CRYPTO_NONCE_SIZE],
                      const uint8_t *encrypted, size_t length, uint8_t *plain)
 {
     if (public_key == nullptr || secret_key == nullptr) {
@@ -378,7 +374,7 @@ int32_t decrypt_data(const uint8_t *public_key, const uint8_t *secret_key, const
     return ret;
 }
 
-void increment_nonce(uint8_t *nonce)
+void increment_nonce(uint8_t nonce[CRYPTO_NONCE_SIZE])
 {
     /* TODO(irungentoo): use `increment_nonce_number(nonce, 1)` or
      * sodium_increment (change to little endian).
@@ -397,7 +393,7 @@ void increment_nonce(uint8_t *nonce)
     }
 }
 
-void increment_nonce_number(uint8_t *nonce, uint32_t increment)
+void increment_nonce_number(uint8_t nonce[CRYPTO_NONCE_SIZE], uint32_t increment)
 {
     /* NOTE don't use breaks inside this loop
      * In particular, make sure, as far as possible,
@@ -419,25 +415,28 @@ void increment_nonce_number(uint8_t *nonce, uint32_t increment)
     }
 }
 
-void random_nonce(const Random *rng, uint8_t *nonce)
+void random_nonce(const Random *rng, uint8_t nonce[CRYPTO_NONCE_SIZE])
 {
     random_bytes(rng, nonce, crypto_box_NONCEBYTES);
 }
 
-void new_symmetric_key(const Random *rng, uint8_t *key)
+void new_symmetric_key(const Random *rng, uint8_t key[CRYPTO_SYMMETRIC_KEY_SIZE])
 {
     random_bytes(rng, key, CRYPTO_SYMMETRIC_KEY_SIZE);
 }
 
-int32_t crypto_new_keypair(const Random *rng, uint8_t *public_key, uint8_t *secret_key)
+int32_t crypto_new_keypair(const Random *rng,
+                           uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],
+                           uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE])
 {
     random_bytes(rng, secret_key, CRYPTO_SECRET_KEY_SIZE);
     memzero(public_key, CRYPTO_PUBLIC_KEY_SIZE);  // Make MSAN happy
     crypto_derive_public_key(public_key, secret_key);
     return 0;
 }
 
-void crypto_derive_public_key(uint8_t *public_key, const uint8_t *secret_key)
+void crypto_derive_public_key(uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],
+                              const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE])
 {
     crypto_scalarmult_curve25519_base(public_key, secret_key);
 }
@@ -447,8 +446,8 @@ void new_hmac_key(const Random *rng, uint8_t key[CRYPTO_HMAC_KEY_SIZE])
     random_bytes(rng, key, CRYPTO_HMAC_KEY_SIZE);
 }
 
-void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE], const uint8_t *data,
-                 size_t length)
+void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE],
+                 const uint8_t *data, size_t length)
 {
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
     memcpy(auth, key, 16);
@@ -468,7 +467,7 @@ bool crypto_hmac_verify(const uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[
 #endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
 }
 
-void crypto_sha256(uint8_t *hash, const uint8_t *data, size_t length)
+void crypto_sha256(uint8_t hash[CRYPTO_SHA256_SIZE], const uint8_t *data, size_t length)
 {
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
     memzero(hash, CRYPTO_SHA256_SIZE);
@@ -478,7 +477,7 @@ void crypto_sha256(uint8_t *hash, const uint8_t *data, size_t length)
 #endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */
 }
 
-void crypto_sha512(uint8_t *hash, const uint8_t *data, size_t length)
+void crypto_sha512(uint8_t hash[CRYPTO_SHA512_SIZE], const uint8_t *data, size_t length)
 {
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
     memzero(hash, CRYPTO_SHA512_SIZE);
diff --git a/toxcore/crypto_core.h b/toxcore/crypto_core.h

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,8 @@`
`1`	`1`	`/* SPDX-License-Identifier: GPL-3.0-or-later`
`2`		`- * Copyright © 2016-2018 The TokTok team.`
	`2`	`+ * Copyright © 2016-2024 The TokTok team.`
`3`	`3`	`* Copyright © 2013 Tox project.`
`4`	`4`	`*/`
`5`	`5`
`6`		`-/**`
`7`		`- * Functions for the core crypto.`
`8`		`- *`
`9`		`- * NOTE: This code has to be perfect. We don't mess around with encryption.`
`10`		`- */`
`11`	`6`	`#include "crypto_core.h"`
`12`	`7`
`13`	`8`	`#include <assert.h>`
`@@ -20,14 +15,6 @@`
`20`	`15`	`#include "ccompat.h"`
`21`	`16`	`#include "util.h"`
`22`	`17`
`23`		`-#ifndef crypto_box_MACBYTES`
`24`		`-#define crypto_box_MACBYTES (crypto_box_ZEROBYTES - crypto_box_BOXZEROBYTES)`
`25`		`-#endif /* crypto_box_MACBYTES */`
`26`		`-`
`27`		`-// Need dht because of ENC_SECRET_KEY_SIZE and ENC_PUBLIC_KEY_SIZE`
`28`		`-#define ENC_PUBLIC_KEY_SIZE CRYPTO_PUBLIC_KEY_SIZE`
`29`		`-#define ENC_SECRET_KEY_SIZE CRYPTO_SECRET_KEY_SIZE`
`30`		`-`
`31`	`18`	`static_assert(CRYPTO_PUBLIC_KEY_SIZE == crypto_box_PUBLICKEYBYTES,`
`32`	`19`	`"CRYPTO_PUBLIC_KEY_SIZE should be equal to crypto_box_PUBLICKEYBYTES");`
`33`	`20`	`static_assert(CRYPTO_SECRET_KEY_SIZE == crypto_box_SECRETKEYBYTES,`
`@@ -58,7 +45,7 @@ static_assert(CRYPTO_SIGN_PUBLIC_KEY_SIZE == crypto_sign_PUBLICKEYBYTES,`
`58`	`45`	`static_assert(CRYPTO_SIGN_SECRET_KEY_SIZE == crypto_sign_SECRETKEYBYTES,`
`59`	`46`	`"CRYPTO_SIGN_SECRET_KEY_SIZE should be equal to crypto_sign_SECRETKEYBYTES");`
`60`	`47`
`61`		`-bool create_extended_keypair(uint8_t pk, uint8_t sk)`
	`48`	`+bool create_extended_keypair(uint8_t pk[EXT_PUBLIC_KEY_SIZE], uint8_t sk[EXT_SECRET_KEY_SIZE])`
`62`	`49`	`{`
`63`	`50`	`/* create signature key pair */`
`64`	`51`	`crypto_sign_keypair(pk + ENC_PUBLIC_KEY_SIZE, sk + ENC_SECRET_KEY_SIZE);`
`@@ -165,7 +152,7 @@ void pk_copy(uint8_t dest[CRYPTO_PUBLIC_KEY_SIZE], const uint8_t src[CRYPTO_PUBL`
`165`	`152`	`memcpy(dest, src, CRYPTO_PUBLIC_KEY_SIZE);`
`166`	`153`	`}`
`167`	`154`
`168`		`-bool crypto_sha512_eq(const uint8_t cksum1, const uint8_t cksum2)`
	`155`	`+bool crypto_sha512_eq(const uint8_t cksum1[CRYPTO_SHA512_SIZE], const uint8_t cksum2[CRYPTO_SHA512_SIZE])`
`169`	`156`	`{`
`170`	`157`	`#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)`
`171`	`158`	`// Hope that this is better for the fuzzer`
`@@ -175,7 +162,7 @@ bool crypto_sha512_eq(const uint8_t cksum1, const uint8_t cksum2)`
`175`	`162`	`#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */`
`176`	`163`	`}`
`177`	`164`
`178`		`-bool crypto_sha256_eq(const uint8_t cksum1, const uint8_t cksum2)`
	`165`	`+bool crypto_sha256_eq(const uint8_t cksum1[CRYPTO_SHA256_SIZE], const uint8_t cksum2[CRYPTO_SHA256_SIZE])`
`179`	`166`	`{`
`180`	`167`	`#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION`
`181`	`168`	`// Hope that this is better for the fuzzer`
`@@ -218,26 +205,29 @@ uint32_t random_range_u32(const Random *rng, uint32_t upper_bound)`
`218`	`205`	`return rng->funcs->random_uniform(rng->obj, upper_bound);`
`219`	`206`	`}`
`220`	`207`
`221`		`-bool crypto_signature_create(uint8_t signature, const uint8_t message, uint64_t message_length,`
`222`		`- const uint8_t *secret_key)`
	`208`	`+bool crypto_signature_create(uint8_t signature[CRYPTO_SIGNATURE_SIZE],`
	`209`	`+ const uint8_t *message, uint64_t message_length,`
	`210`	`+ const uint8_t secret_key[SIG_SECRET_KEY_SIZE])`
`223`	`211`	`{`
`224`	`212`	`return crypto_sign_detached(signature, nullptr, message, message_length, secret_key) == 0;`
`225`	`213`	`}`
`226`	`214`
`227`		`-bool crypto_signature_verify(const uint8_t signature, const uint8_t message, uint64_t message_length,`
`228`		`- const uint8_t *public_key)`
	`215`	`+bool crypto_signature_verify(const uint8_t signature[CRYPTO_SIGNATURE_SIZE],`
	`216`	`+ const uint8_t *message, uint64_t message_length,`
	`217`	`+ const uint8_t public_key[SIG_PUBLIC_KEY_SIZE])`
`229`	`218`	`{`
`230`	`219`	`return crypto_sign_verify_detached(signature, message, message_length, public_key) == 0;`
`231`	`220`	`}`
`232`	`221`
`233`		`-bool public_key_valid(const uint8_t *public_key)`
	`222`	`+bool public_key_valid(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE])`
`234`	`223`	`{`
`235`	`224`	`/* Last bit of key is always zero. */`
`236`	`225`	`return public_key[31] < 128;`
`237`	`226`	`}`
`238`	`227`
`239`		`-int32_t encrypt_precompute(const uint8_t public_key, const uint8_t secret_key,`
`240`		`- uint8_t *shared_key)`
	`228`	`+int32_t encrypt_precompute(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],`
	`229`	`+ const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE],`
	`230`	`+ uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE])`
`241`	`231`	`{`
`242`	`232`	`#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION`
`243`	`233`	`memcpy(shared_key, public_key, CRYPTO_SHARED_KEY_SIZE);`
`@@ -247,7 +237,8 @@ int32_t encrypt_precompute(const uint8_t public_key, const uint8_t secret_key,`
`247`	`237`	`#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */`
`248`	`238`	`}`
`249`	`239`
`250`		`-int32_t encrypt_data_symmetric(const uint8_t shared_key, const uint8_t nonce,`
	`240`	`+int32_t encrypt_data_symmetric(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE],`
	`241`	`+ const uint8_t nonce[CRYPTO_NONCE_SIZE],`
`251`	`242`	`const uint8_t plain, size_t length, uint8_t encrypted)`
`252`	`243`	`{`
`253`	`244`	`if (length == 0 \|\| shared_key == nullptr \|\| nonce == nullptr \|\| plain == nullptr \|\| encrypted == nullptr) {`
`@@ -299,7 +290,8 @@ int32_t encrypt_data_symmetric(const uint8_t shared_key, const uint8_t nonce,`
`299`	`290`	`return (int32_t)(length + crypto_box_MACBYTES);`
`300`	`291`	`}`
`301`	`292`
`302`		`-int32_t decrypt_data_symmetric(const uint8_t shared_key, const uint8_t nonce,`
	`293`	`+int32_t decrypt_data_symmetric(const uint8_t shared_key[CRYPTO_SHARED_KEY_SIZE],`
	`294`	`+ const uint8_t nonce[CRYPTO_NONCE_SIZE],`
`303`	`295`	`const uint8_t encrypted, size_t length, uint8_t plain)`
`304`	`296`	`{`
`305`	`297`	`if (length <= crypto_box_BOXZEROBYTES \|\| shared_key == nullptr \|\| nonce == nullptr \|\| encrypted == nullptr`
`@@ -350,7 +342,9 @@ int32_t decrypt_data_symmetric(const uint8_t shared_key, const uint8_t nonce,`
`350`	`342`	`return (int32_t)(length - crypto_box_MACBYTES);`
`351`	`343`	`}`
`352`	`344`
`353`		`-int32_t encrypt_data(const uint8_t public_key, const uint8_t secret_key, const uint8_t *nonce,`
	`345`	`+int32_t encrypt_data(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],`
	`346`	`+ const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE],`
	`347`	`+ const uint8_t nonce[CRYPTO_NONCE_SIZE],`
`354`	`348`	`const uint8_t plain, size_t length, uint8_t encrypted)`
`355`	`349`	`{`
`356`	`350`	`if (public_key == nullptr \|\| secret_key == nullptr) {`
`@@ -364,7 +358,9 @@ int32_t encrypt_data(const uint8_t public_key, const uint8_t secret_key, const`
`364`	`358`	`return ret;`
`365`	`359`	`}`
`366`	`360`
`367`		`-int32_t decrypt_data(const uint8_t public_key, const uint8_t secret_key, const uint8_t *nonce,`
	`361`	`+int32_t decrypt_data(const uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],`
	`362`	`+ const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE],`
	`363`	`+ const uint8_t nonce[CRYPTO_NONCE_SIZE],`
`368`	`364`	`const uint8_t encrypted, size_t length, uint8_t plain)`
`369`	`365`	`{`
`370`	`366`	`if (public_key == nullptr \|\| secret_key == nullptr) {`
`@@ -378,7 +374,7 @@ int32_t decrypt_data(const uint8_t public_key, const uint8_t secret_key, const`
`378`	`374`	`return ret;`
`379`	`375`	`}`
`380`	`376`
`381`		`-void increment_nonce(uint8_t *nonce)`
	`377`	`+void increment_nonce(uint8_t nonce[CRYPTO_NONCE_SIZE])`
`382`	`378`	`{`
`383`	`379`	/* TODO(irungentoo): use `increment_nonce_number(nonce, 1)` or
`384`	`380`	`* sodium_increment (change to little endian).`
`@@ -397,7 +393,7 @@ void increment_nonce(uint8_t *nonce)`
`397`	`393`	`}`
`398`	`394`	`}`
`399`	`395`
`400`		`-void increment_nonce_number(uint8_t *nonce, uint32_t increment)`
	`396`	`+void increment_nonce_number(uint8_t nonce[CRYPTO_NONCE_SIZE], uint32_t increment)`
`401`	`397`	`{`
`402`	`398`	`/* NOTE don't use breaks inside this loop`
`403`	`399`	`* In particular, make sure, as far as possible,`
`@@ -419,25 +415,28 @@ void increment_nonce_number(uint8_t *nonce, uint32_t increment)`
`419`	`415`	`}`
`420`	`416`	`}`
`421`	`417`
`422`		`-void random_nonce(const Random rng, uint8_t nonce)`
	`418`	`+void random_nonce(const Random *rng, uint8_t nonce[CRYPTO_NONCE_SIZE])`
`423`	`419`	`{`
`424`	`420`	`random_bytes(rng, nonce, crypto_box_NONCEBYTES);`
`425`	`421`	`}`
`426`	`422`
`427`		`-void new_symmetric_key(const Random rng, uint8_t key)`
	`423`	`+void new_symmetric_key(const Random *rng, uint8_t key[CRYPTO_SYMMETRIC_KEY_SIZE])`
`428`	`424`	`{`
`429`	`425`	`random_bytes(rng, key, CRYPTO_SYMMETRIC_KEY_SIZE);`
`430`	`426`	`}`
`431`	`427`
`432`		`-int32_t crypto_new_keypair(const Random rng, uint8_t public_key, uint8_t *secret_key)`
	`428`	`+int32_t crypto_new_keypair(const Random *rng,`
	`429`	`+ uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],`
	`430`	`+ uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE])`
`433`	`431`	`{`
`434`	`432`	`random_bytes(rng, secret_key, CRYPTO_SECRET_KEY_SIZE);`
`435`	`433`	`memzero(public_key, CRYPTO_PUBLIC_KEY_SIZE); // Make MSAN happy`
`436`	`434`	`crypto_derive_public_key(public_key, secret_key);`
`437`	`435`	`return 0;`
`438`	`436`	`}`
`439`	`437`
`440`		`-void crypto_derive_public_key(uint8_t public_key, const uint8_t secret_key)`
	`438`	`+void crypto_derive_public_key(uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE],`
	`439`	`+ const uint8_t secret_key[CRYPTO_SECRET_KEY_SIZE])`
`441`	`440`	`{`
`442`	`441`	`crypto_scalarmult_curve25519_base(public_key, secret_key);`
`443`	`442`	`}`
`@@ -447,8 +446,8 @@ void new_hmac_key(const Random *rng, uint8_t key[CRYPTO_HMAC_KEY_SIZE])`
`447`	`446`	`random_bytes(rng, key, CRYPTO_HMAC_KEY_SIZE);`
`448`	`447`	`}`
`449`	`448`
`450`		`-void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE], const uint8_t *data,`
`451`		`- size_t length)`
	`449`	`+void crypto_hmac(uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[CRYPTO_HMAC_KEY_SIZE],`
	`450`	`+ const uint8_t *data, size_t length)`
`452`	`451`	`{`
`453`	`452`	`#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION`
`454`	`453`	`memcpy(auth, key, 16);`
`@@ -468,7 +467,7 @@ bool crypto_hmac_verify(const uint8_t auth[CRYPTO_HMAC_SIZE], const uint8_t key[`
`468`	`467`	`#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */`
`469`	`468`	`}`
`470`	`469`
`471`		`-void crypto_sha256(uint8_t hash, const uint8_t data, size_t length)`
	`470`	`+void crypto_sha256(uint8_t hash[CRYPTO_SHA256_SIZE], const uint8_t *data, size_t length)`
`472`	`471`	`{`
`473`	`472`	`#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION`
`474`	`473`	`memzero(hash, CRYPTO_SHA256_SIZE);`
`@@ -478,7 +477,7 @@ void crypto_sha256(uint8_t hash, const uint8_t data, size_t length)`
`478`	`477`	`#endif /* FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION */`
`479`	`478`	`}`
`480`	`479`
`481`		`-void crypto_sha512(uint8_t hash, const uint8_t data, size_t length)`
	`480`	`+void crypto_sha512(uint8_t hash[CRYPTO_SHA512_SIZE], const uint8_t *data, size_t length)`
`482`	`481`	`{`
`483`	`482`	`#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION`
`484`	`483`	`memzero(hash, CRYPTO_SHA512_SIZE);`