diff options
author | Vaughn Nugent <public@vaughnnugent.com> | 2024-09-10 15:48:04 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-09-10 10:48:04 -0500 |
commit | 267d6823579b960d2993a380825831b6787a3680 (patch) | |
tree | 6f9336624fc28888828a0e5902c3743638530e12 /src/cryptography/noscrypt_cipher.cpp | |
parent | f26162c2eaa5e60ce76c67d8c7510b266fed0bba (diff) |
refactor: update libs, quick error fixes, rng (#14)note-signing
Co-authored-by: Michael J <37635304+buttercat1791@users.noreply.github.com>
Diffstat (limited to 'src/cryptography/noscrypt_cipher.cpp')
-rw-r--r-- | src/cryptography/noscrypt_cipher.cpp | 109 |
1 files changed, 36 insertions, 73 deletions
diff --git a/src/cryptography/noscrypt_cipher.cpp b/src/cryptography/noscrypt_cipher.cpp index ae9aaf0..2d5d671 100644 --- a/src/cryptography/noscrypt_cipher.cpp +++ b/src/cryptography/noscrypt_cipher.cpp @@ -2,49 +2,16 @@ #include <plog/Log.h> #include <openssl/evp.h> -#include <openssl/rand.h> -#include "cryptography/noscrypt_cipher.hpp" +#include "nostr_secure_rng.hpp" +#include "noscrypt_cipher.hpp" +#include "../internal/noscrypt_logger.hpp" -using namespace nostr::cryptography; using namespace std; +using namespace nostr::cryptography; -static void _printNoscryptError(NCResult result, const std::string funcName, int lineNum) -{ - uint8_t argPosition; - - switch (NCParseErrorCode(result, &argPosition)) - { - case E_NULL_PTR: - PLOG_ERROR << "noscrypt - error: A null pointer was passed in " << funcName << "(" << argPosition << ") at line " << lineNum; - break; - - case E_INVALID_ARG: - PLOG_ERROR << "noscrypt - error: An invalid argument was passed in " << funcName << "(" << argPosition << ") at line " << lineNum; - break; - - case E_INVALID_CONTEXT: - PLOG_ERROR << "noscrypt - error: An invalid context was passed in " << funcName << "(" << argPosition << ") on line " << lineNum; - break; - - case E_ARGUMENT_OUT_OF_RANGE: - PLOG_ERROR << "noscrypt - error: An argument was out of range in " << funcName << "(" << argPosition << ") at line " << lineNum; - break; - - case E_OPERATION_FAILED: - PLOG_ERROR << "noscrypt - error: An operation failed in " << funcName << "(" << argPosition << ") at line " << lineNum; - break; - - default: - PLOG_ERROR << "noscrypt - error: An unknown error " << result << " occurred in " << funcName << "(" << argPosition << ") at line " << lineNum; - break; - } - -} - -#define LOG_NC_ERROR(result) _printNoscryptError(result, __func__, __LINE__) -NoscryptCipher::NoscryptCipher(uint32_t version, uint32_t mode) : +NoscryptCipher::NoscryptCipher(NoscryptCipherVersion version, NoscryptCipherMode mode) : _cipher(version, mode) { /* @@ -54,7 +21,7 @@ NoscryptCipher::NoscryptCipher(uint32_t version, uint32_t mode) : * operation. */ - if ((mode & NC_UTIL_CIPHER_MODE) == NC_UTIL_CIPHER_MODE_ENCRYPT) + if (mode == NoscryptCipherMode::CIPHER_MODE_ENCRYPT) { //Resize the vector to the size of the current cipher this->_ivBuffer.resize(this->_cipher.ivSize()); @@ -82,10 +49,10 @@ std::string NoscryptCipher::update( //Safely convert the string to a vector of bytes (allocates and copies, so maybe speed up later) const vector<uint8_t> inputBuffer(input.begin(), input.end()); -result = this->_cipher.setInput(inputBuffer); + result = this->_cipher.setInput(inputBuffer); if (result != NC_SUCCESS) { - LOG_NC_ERROR(result); + NC_LOG_ERROR(result); return string(); } @@ -97,25 +64,17 @@ result = this->_cipher.setInput(inputBuffer); * Keep in mind, this will automatically work for nip44 and nip04, either the * AES iv or the ChaCha nonce. */ - if ((this->_cipher.flags() & NC_UTIL_CIPHER_MODE) == NC_UTIL_CIPHER_MODE_ENCRYPT) + if (this->_cipher.mode() == NoscryptCipherMode::CIPHER_MODE_ENCRYPT) { - int code = RAND_bytes( - this->_ivBuffer.data(), - this->_ivBuffer.size() //Size set in constructor - ); - - if (code <= 0) - { - PLOG_ERROR << "Failed to generate a nonce or IV for encryption."; - return string(); - } + //A secure random initialization vector is needed for encryption operations + NostrSecureRng::fill(this->_ivBuffer); } //Performs the operation (either encryption or decryption) result = this->_cipher.update(libContext, localKey, remoteKey); if (result != NC_SUCCESS) { - LOG_NC_ERROR(result); + NC_LOG_ERROR(result); return string(); } @@ -127,7 +86,7 @@ result = this->_cipher.setInput(inputBuffer); NCResult outputSize = this->_cipher.outputSize(); if (outputSize <= 0) { - LOG_NC_ERROR(outputSize); + NC_LOG_ERROR(outputSize); return string(); } @@ -137,7 +96,7 @@ result = this->_cipher.setInput(inputBuffer); result = this->_cipher.readOutput(output); if (result != outputSize) { - LOG_NC_ERROR(result); + NC_LOG_ERROR(result); return string(); } @@ -148,36 +107,40 @@ string NoscryptCipher::naiveEncodeBase64(const std::string& str) { // Compute base64 size and allocate a string buffer of that size. const size_t encodedSize = NoscryptCipher::base64EncodedSize(str.size()); - unsigned char* encodedData = new unsigned char[encodedSize]; + + auto encodedData = make_unique<uint8_t>(encodedSize); // Encode the input string to base64. - EVP_EncodeBlock(encodedData, (const unsigned char*)str.data(), str.size()); + EVP_EncodeBlock( + encodedData.get(), + reinterpret_cast<const uint8_t*>(str.c_str()), + str.size() + ); // Construct the encoded string from the buffer. - string encodedStr((char*)encodedData); - - // Zero out the buffer and delete the pointer. - memset(encodedData, 0, encodedSize); - delete [] encodedData; - - return encodedStr; + return string( + reinterpret_cast<char*>(encodedData.get()), + encodedSize + ); } string NoscryptCipher::naiveDecodeBase64(const string& str) { // Compute the size of the decoded string and allocate a buffer of that size. const size_t decodedSize = NoscryptCipher::base64DecodedSize(str.size()); - unsigned char* decodedData = new unsigned char[decodedSize]; + + auto decodedData = make_unique<uint8_t>(decodedSize); // Decode the input string from base64. - EVP_DecodeBlock(decodedData, (const unsigned char*)str.data(), str.size()); + EVP_DecodeBlock( + decodedData.get(), + reinterpret_cast<const uint8_t*>(str.c_str()), + str.size() + ); // Construct the decoded string from the buffer. - string decodedStr((char*)decodedData); - - // Zero out the buffer and delete the pointer. - memset(decodedData, 0, decodedSize); - delete [] decodedData; - - return decodedStr; + return string( + reinterpret_cast<char*>(decodedData.get()), + decodedSize + ); }; |