aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar vnugent <public@vaughnnugent.com>2024-08-07 21:39:11 -0400
committerLibravatar vnugent <public@vaughnnugent.com>2024-08-07 21:39:11 -0400
commitfb3608b9455b3e0956e401e6254da13cebd71558 (patch)
tree5129003c5e00df6eeb5be4642e73f9f35ba18fa5
parent6fdc4bc32ccf653734cccb6e09690cb2973af6d0 (diff)
Squashed commit of the following:
commit ec7461dc3425b963b0768210a5f51d8eab770c86 Author: vnugent <public@vaughnnugent.com> Date: Wed Aug 7 21:36:26 2024 -0400 update changelog commit f58245b0d249fc162feacc610eedf81656a481a3 Author: vnugent <public@vaughnnugent.com> Date: Wed Aug 7 21:14:53 2024 -0400 feat: Add cipher mode mask and fix cc commit 7c8f910e5be9a1d86af5bdcb7e51e8092cc06cf6 Author: vnugent <public@vaughnnugent.com> Date: Wed Aug 7 15:11:19 2024 -0400 feat: added NCEncryptionGetIvSize() function and helpers commit 4d76151802b4cc04fb89d47c35c2d876b395f1a4 Merge: 942aed8 6fdc4bc Author: vnugent <public@vaughnnugent.com> Date: Tue Aug 6 20:56:55 2024 -0400 Merge branch 'master' into develop commit 942aed8a4e7c173a2c9423829c2b38087cbd49e4 Author: vnugent <public@vaughnnugent.com> Date: Tue Aug 6 20:54:03 2024 -0400 chore: update changelog and mbedtls headers commit 3b97f84fd0477eafcd6567eb8597b213e4136664 Author: vnugent <public@vaughnnugent.com> Date: Tue Aug 6 19:57:10 2024 -0400 update libsecp256k1 to v0.5.1 commit 7989a2660997b909e0b99fc1dfb3bcfbb0528df3 Author: vnugent <public@vaughnnugent.com> Date: Tue Aug 6 19:42:25 2024 -0400 update openssl to 3.3.1 commit e949ae5aa1fd25d4d11fe31e30b7d82ae7778dc2 Author: vnugent <public@vaughnnugent.com> Date: Mon Aug 5 18:01:03 2024 -0400 fix: Find and fix openssl encryption bug commit a60a3e1ca1d99d655c0cfc96e3952c371e8a8677 Author: vnugent <public@vaughnnugent.com> Date: Sun Aug 4 15:27:06 2024 -0400 cleanup comments + return codes commit 2aa7f4b6cdb2e0e8990e7177476f4104fd2e2b17 Author: vnugent <public@vaughnnugent.com> Date: Sat Jul 27 22:20:53 2024 -0400 fix codeberg url commit 1640f79776c6b291b49a39a6128c05888fc4153e Author: vnugent <public@vaughnnugent.com> Date: Sat Jul 27 00:05:07 2024 -0400 fix: Potential overflow in nip44 padding calculation commit 07de078a3b5b7b0043d9f81bb5a9e750a3a0c7c1 Author: vnugent <public@vaughnnugent.com> Date: Fri Jul 26 23:37:15 2024 -0400 refactor: Span invasion, checks and fix some evp api commit 54f520e4bfc0fe23e2719d44b09739aa8709451c Author: vnugent <public@vaughnnugent.com> Date: Tue Jul 23 19:55:13 2024 -0400 latest changes commit 12feb33dba2061415d6f39fa59dec16fafcda2a0 Author: vnugent <public@vaughnnugent.com> Date: Sun Jul 21 17:51:04 2024 -0400 Push latest changes, patches, and internal upgrades commit ffe42b6858f112a00405be4f0605ab1163063749 Author: vnugent <public@vaughnnugent.com> Date: Sat Jul 13 22:13:13 2024 -0400 test: Add decryption test cases and fixes commit 5dfafbc5a9214587533ec8b1dae2a962118d3650 Author: vnugent <public@vaughnnugent.com> Date: Fri Jul 12 22:14:00 2024 -0400 feat: add decryption functionality to public api commit 8df8c5aed4ac626171b451b5422c3b207e88000b Author: vnugent <public@vaughnnugent.com> Date: Thu Jul 11 21:39:39 2024 -0400 feat: Update sidecar utils library commit 23fe6e8c8596333c2183f0f4389817087442c551 Author: vnugent <public@vaughnnugent.com> Date: Fri Jul 5 00:03:48 2024 -0400 push latest utils and changes commit dc71f861df8929deee300368b88ef47d45560695 Author: vnugent <public@vaughnnugent.com> Date: Mon Jul 1 15:05:34 2024 -0400 fix: #7 fix confusing inline functions commit 90166048046d2511f0bb74f8880180e82466d4c0 Author: vnugent <public@vaughnnugent.com> Date: Tue Jun 18 21:22:37 2024 -0400 push pending changes commit 461dd71069d0c0250752ac1256160605c33a6243 Author: vnugent <public@vaughnnugent.com> Date: Tue Jun 11 15:44:28 2024 -0400 feat!: #4 Close #4. Add public nip04 support to api commit a74f96251bcc81fb2c94fe75dd6f8043fd35fe0b Merge: 1c26ef8 51d0aff Author: vnugent <public@vaughnnugent.com> Date: Wed May 29 13:37:00 2024 -0400 Merge branch 'master' into develop commit 1c26ef86a04690120f4f752c7c5018a570ec5880 Author: vnugent <public@vaughnnugent.com> Date: Wed May 29 13:34:20 2024 -0400 missed extra argument commit 88c9095743a12cf8fc1793c607ba3a1e4fa86483 Author: vnugent <public@vaughnnugent.com> Date: Wed May 29 13:25:51 2024 -0400 refactor!: return NC_SUCCESS when validating secret key commit 718be80a4810b9352de7eb0707da54020aa6b649 Author: vnugent <public@vaughnnugent.com> Date: Mon May 27 14:52:41 2024 -0400 fix: Properly build mbedtls & cmake fixes commit a8a6efb2319f739e5faae550561dc27d9dd1e88d Author: vnugent <public@vaughnnugent.com> Date: Sun May 26 17:39:40 2024 -0400 chore: Update libs, reorder files, internalize private headers commit 72e1b7be4031e2fd4d258fcf434ad049c0029201 Author: vnugent <public@vaughnnugent.com> Date: Sun May 26 13:39:08 2024 -0400 fix: Add c++ extern prototypes in noscrypt.h commit aeaac8d328b75911541be64d6f09d58fca294a08 Author: vnugent <public@vaughnnugent.com> Date: Sun May 26 11:47:17 2024 -0400 refactor: Dep update, openssl chacha20 added commit 86b02540cce6015cfe4a2a56499a9a2f45d4e368 Author: vnugent <public@vaughnnugent.com> Date: Sat May 18 12:24:17 2024 -0400 refactor: Remove NCContext structure definition commit d09d9330415d463ca19be9394b02ce11b3366f7e Author: vnugent <public@vaughnnugent.com> Date: Mon May 13 22:33:50 2024 -0400 fix: update mbedtls inline issue includes commit 7838cb4bb15d4f453f92f56ece75e2b03986fe42 Author: vnugent <public@vaughnnugent.com> Date: Mon May 13 22:29:16 2024 -0400 fix: force fPIC for secp256k1 targets commit d76f7708bc6ae81a638ca708230ac9153ac754e2 Merge: aa8033d a526139 Author: vnugent <public@vaughnnugent.com> Date: Sun May 12 00:37:01 2024 -0400 Merge branch 'master' into develop commit aa8033d4dbfebeb72b6fd7a0cd218ebde0eb54dd Author: vnugent <public@vaughnnugent.com> Date: Sun May 12 00:34:20 2024 -0400 Final overview and test before tag commit 4e3ead2cf1d3068e77f0959dfdc17e20e9102a0f Merge: 2cee801 872c49d Author: vnugent <public@vaughnnugent.com> Date: Mon May 6 22:08:09 2024 -0400 Merge branch 'master' into develop commit 2cee801979bfbcb3b0e53f592ce8c779b57cb679 Author: vnugent <public@vaughnnugent.com> Date: Mon May 6 22:02:39 2024 -0400 Ensure static and dynamic libs get same args commit f533694023133552d0d42933d779c95a5854343f Author: vnugent <public@vaughnnugent.com> Date: Mon May 6 21:50:29 2024 -0400 feat: CMake install & fetch-content test & updates commit 940ff20348b13d0bc30d9e9f4289dd6de20b16ba Author: vnugent <public@vaughnnugent.com> Date: Sun May 5 14:07:28 2024 -0400 codeberg readonly push commit b34ed055c0b7d143561ce8798e0a95313b9224bd Merge: 0a40e20 e737556 Author: vnugent <public@vaughnnugent.com> Date: Sat May 4 14:06:45 2024 -0400 Merge branch 'master' into develop commit 0a40e209d03e8ff9b6f81cd5969d3e845c633bfc Author: vnugent <public@vaughnnugent.com> Date: Sat May 4 13:55:19 2024 -0400 ci: Force disable testing for win ci builds commit 55fae189fffc86f07a3448370f0a746670819712 Author: vnugent <public@vaughnnugent.com> Date: Thu May 2 21:54:35 2024 -0400 feat: Working and tested openssl impl & defaults commit 6ff8bb11774c51fd341b7699a3938fd894995fbf Author: vnugent <public@vaughnnugent.com> Date: Thu Apr 25 17:45:42 2024 -0400 refactor: Finish support and testing for mbedtls commit 7cb7a93de4f6f5e741bc5129e3d928e44f050930 Author: vnugent <public@vaughnnugent.com> Date: Tue Apr 23 18:19:31 2024 -0400 refactor!: MbedTLS on Windows, switch to uint32 commit 30e8dda6cbea86bdee6d5dfe48514385d3b9f81b Author: vnugent <public@vaughnnugent.com> Date: Tue Apr 23 14:48:05 2024 -0400 refactor: Crypto dep redesign working on Windows commit d09c6c1bd5da3e2d79351daeba304ca99976a726 Author: vnugent <public@vaughnnugent.com> Date: Thu Apr 18 00:28:51 2024 -0400 refactor!: Pushing what I have to dev commit 54e06ada7d624ed0d28c6a6db04a149708841bf8 Author: vnugent <public@vaughnnugent.com> Date: Sat Apr 13 01:24:00 2024 -0400 fix: convert constants to hex, inline macro, ParseErrorCode commit 4215e3100d9a0d23119080d09638fa5b60d0c6d4 Merge: d3328f4 7485aa5 Author: vnugent <public@vaughnnugent.com> Date: Wed Apr 3 18:26:30 2024 -0400 Merge branch 'master' into develop commit d3328f4152b22b28f24c43dda62464287f1efff5 Author: vnugent <public@vaughnnugent.com> Date: Wed Apr 3 18:22:56 2024 -0400 build: Included dependency and versions in client builds commit b11bc0bac955fd5c6db65f0da48456bf5e748805 Author: vnugent <public@vaughnnugent.com> Date: Wed Apr 3 18:10:08 2024 -0400 fix: Fix c89 compatabilty comments and struct assignment commit 9915bd41799a72413e6b400e150aa9f5fa797e25 Merge: 8e3d6ea 5184d7d Author: vnugent <public@vaughnnugent.com> Date: Sat Mar 30 09:57:30 2024 -0400 Merge branch 'master' into develop commit 8e3d6ea5e3c83fe42cb904b6ccc4fe2b73f76aae Author: vnugent <public@vaughnnugent.com> Date: Sat Mar 30 09:52:55 2024 -0400 refactor!: Some api (struct) changes and updated tests commit e88e8420520204e20802516f01d4488bb0b1d6ea Merge: 490dfee 21f6c0a Author: vnugent <public@vaughnnugent.com> Date: Sun Mar 3 15:02:34 2024 -0500 Merge branch 'master' into develop commit 490dfee4ef22479009627435c6ad728c3cbbab54 Author: vnugent <public@vaughnnugent.com> Date: Sun Mar 3 14:59:25 2024 -0500 test: #3 tests for encryption/description and Macs commit efa97490b7ed47f4e2f05bee52e2b33e14e439e6 Merge: 1b84e3c 120022a Author: vnugent <public@vaughnnugent.com> Date: Sun Mar 3 14:55:48 2024 -0500 merge master commit 1b84e3c7c2e55b1ff9ffdd09b66873e11c131441 Author: vnugent <public@vaughnnugent.com> Date: Sat Mar 2 22:57:36 2024 -0500 fix: #2 constent usage of sizeof() operator on struct types commit 9de5a214c66adea0ef2d0bac63c59449de202a88 Author: vnugent <public@vaughnnugent.com> Date: Fri Mar 1 14:30:36 2024 -0500 perf: avoid nc_key struct copy, cast and verify instead commit b917b761120ed684af28d0707673ffadcf14b8fe Author: vnugent <public@vaughnnugent.com> Date: Mon Feb 12 22:06:50 2024 -0500 fix: found the constant time memcompare function commit 9f85fff3b9f25da7410569ea94f994b88feb3910 Author: vnugent <public@vaughnnugent.com> Date: Fri Feb 9 22:48:35 2024 -0500 feat: added/update MAC functions to sign or verify nip44 payload commit aa5113741bb419b02d6ea416bba571fa3d65db46 Author: vnugent <public@vaughnnugent.com> Date: Wed Feb 7 01:37:53 2024 -0500 add missing hmac-key output buffer commit 55f47d22cc9ce4d1e22b70814d608c7ef3b1bbc9 Author: vnugent <public@vaughnnugent.com> Date: Sun Feb 4 21:08:13 2024 -0500 simple bug fixes, and public api argument validation tests commit 73c5a713fb164ae8b4ac8a891a8020e08eae0a3b Author: vnugent <public@vaughnnugent.com> Date: Fri Feb 2 23:05:48 2024 -0500 update api to return secpvalidate return code instead of internal return codes commit 06c73004e1a39a7ea4ea3a89c22dee0f66adb236 Author: vnugent <public@vaughnnugent.com> Date: Fri Feb 2 19:25:17 2024 -0500 change to lgpl license commit 6e79fdb3b6b6739fc7797d47e55a7691306cf736 Author: vnugent <public@vaughnnugent.com> Date: Wed Jan 31 21:30:49 2024 -0500 move validation macros, and optionally disable them commit ac1e58837f1ba687939f78b5c03cadd346c10ddd Author: vnugent <public@vaughnnugent.com> Date: Tue Jan 30 12:25:05 2024 -0500 couple more tests, renable range checks, set flags for all projects
-rw-r--r--CHANGELOG.md7
-rw-r--r--include/noscrypt.h20
-rw-r--r--include/noscryptutil.h13
-rw-r--r--src/noscrypt.c71
-rw-r--r--src/noscryptutil.c57
-rw-r--r--tests/test.c97
6 files changed, 165 insertions, 100 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 375d11c..38f1c09 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,10 +14,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Utilities for padding calculations
- Prints the name of the configured crypto backend during build
- Many internal hardening improvments (span pass-by-value, span validation functions)
+- `NCEncryptionGetIvSize()` function to determine the size of the IV for a chosen encryption spec (nip04 or nip44)
### Fixed
- OpenSSL EVP incorrect cipher initialization vector
- OpenSSL HKDF incorrect key derivation when switching to EVP api
+- Some missing calling convention macros for public api functions
### Changed
- Updated libsecp256k1 to v0.5.1
@@ -27,6 +29,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Added helper functions to alter the `NCEncryptionArgs` api. Altering fields directly is now deprecated.
- Public API visibility for non-Windows platforms now defaults to `extern`
- **Breaking:** Changed the `nonce32` and `hmacKeyOut32` properties of the `NCEncryptionArgs` struct to `nonceData` and `keyData` respectively. ABI is still compatible, but API has changed. Again mutating this structure manually is now deprecated.
+- Unified some API naming conventions for better consistency
+
+### Removed
+- `NC_ENCRYPTION_NONCE_SIZE` macro for better forward compatability
+- `NC_NIP04_AES_IV_SIZE` macro for better forward compatability
## [0.1.2] - 2024-05-29
diff --git a/include/noscrypt.h b/include/noscrypt.h
index faad1f1..574cef9 100644
--- a/include/noscrypt.h
+++ b/include/noscrypt.h
@@ -68,7 +68,6 @@ extern "C" {
*/
#define BIP340_PUBKEY_HEADER_BYTE 0x02
#define NIP44_MESSAGE_KEY_SIZE 0x4c /*32 + 12 + 32 = 76 */
-#define NC_ENCRYPTION_NONCE_SIZE 0x20
#define NC_SEC_KEY_SIZE 0x20
#define NC_PUBKEY_SIZE 0x20
#define NC_CONTEXT_ENTROPY_SIZE 0x20
@@ -77,8 +76,9 @@ extern "C" {
#define NC_HMAC_KEY_SIZE 0x20
#define NC_ENCRYPTION_MAC_SIZE 0x20
#define NC_MESSAGE_KEY_SIZE NIP44_MESSAGE_KEY_SIZE
-#define NC_NIP04_AES_IV_SIZE 0x10 /* AES IV size is 16 bytes (aka cipher block size) */
#define NC_NIP04_AES_KEY_SIZE 0x20 /* AES 256 key size */
+#define NC_NIP44_IV_SIZE 0x20 /* 32 bytes */
+#define NC_NIP04_IV_SIZE 0x10 /* 16 bytes */
/*
* From spec
@@ -121,10 +121,9 @@ extern "C" {
*/
#define NC_ENC_SET_VERSION 0x01
-#define NC_ENC_SET_NIP44_NONCE 0x02
+#define NC_ENC_SET_IV 0x02
#define NC_ENC_SET_NIP44_MAC_KEY 0x03
#define NC_ENC_SET_NIP04_KEY 0x04
-#define NC_ENC_SET_NIP04_IV 0x05
/* A compressed resul/return value, negative values
@@ -578,7 +577,7 @@ NC_EXPORT NCResult NCComputeMac(
* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to
* the error code and positional argument that caused the error.
*/
-NC_EXPORT NCResult NCSetEncryptionProperty(
+NC_EXPORT NCResult NCEncryptionSetProperty(
NCEncryptionArgs* args,
uint32_t property,
uint32_t value
@@ -595,7 +594,7 @@ NC_EXPORT NCResult NCSetEncryptionProperty(
* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to
* the error code and positional argument that caused the error.
*/
-NC_EXPORT NCResult NCSetEncryptionPropertyEx(
+NC_EXPORT NCResult NCEncryptionSetPropertyEx(
NCEncryptionArgs* args,
uint32_t property,
uint8_t* value,
@@ -612,13 +611,20 @@ NC_EXPORT NCResult NCSetEncryptionPropertyEx(
* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to
* the error code and positional argument that caused the error.
*/
-NC_EXPORT NCResult NCSetEncryptionData(
+NC_EXPORT NCResult NCEncryptionSetData(
NCEncryptionArgs* args,
const uint8_t* input,
uint8_t* output,
uint32_t dataSize
);
+/*
+* Gets the size of the encryption nonce (iv) for the given encryption version
+* @param version The encryption version to get the nonce size for
+* @return The size of the nonce in bytes, or 0 if the version is not supported
+*/
+NC_EXPORT uint32_t NCEncryptionGetIvSize(uint32_t version);
+
#ifdef __cplusplus
}
#endif /* __cplusplus */
diff --git a/include/noscryptutil.h b/include/noscryptutil.h
index bd60c79..63e08f8 100644
--- a/include/noscryptutil.h
+++ b/include/noscryptutil.h
@@ -43,6 +43,8 @@ extern "C" {
#define E_CIPHER_BAD_INPUT -15
#define E_CIPHER_BAD_INPUT_SIZE -16
+#define NC_UTIL_CIPHER_MODE 0x01u
+
#define NC_UTIL_CIPHER_MODE_ENCRYPT 0x00u
#define NC_UTIL_CIPHER_MODE_DECRYPT 0x01u
#define NC_UTIL_CIPHER_ZERO_ON_FREE 0x02u
@@ -132,7 +134,7 @@ NC_EXPORT NCResult NC_CC NCUtilCipherReadOutput(
);
/*
-* Sets a property on the encryption context. Equivalent to calling NCSetEncryptionPropertyEx
+* Sets a property on the encryption context. Equivalent to calling NCEncryptionSetPropertyEx
* @param ctx A valid pointer to an encryption context
* @param property The property to set
* @param value A pointer to the value to set
@@ -176,6 +178,15 @@ NC_EXPORT NCResult NC_CC NCUtilCipherUpdate(
const NCPublicKey* pk
);
+/*
+* Gets the size of the IV(nonce) required for the encryption context.
+* @param encCtx A valid pointer to an initialized encryption context
+* @return The size of the IV in bytes, or a negative error code if the context
+* is invalid, or the version is not supported. Use NCParseErrorCode to get the error code
+* and positional argument that caused the error.
+*/
+NC_EXPORT NCResult NC_CC NCUtilCipherGetIvSize(const NCUtilCipherContext* encCtx);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/noscrypt.c b/src/noscrypt.c
index deadca6..fededaf 100644
--- a/src/noscrypt.c
+++ b/src/noscrypt.c
@@ -310,7 +310,7 @@ static _nc_fn_inline NCResult _encryptNip44Ex(
result = NC_SUCCESS;
- ncSpanInitC(&nonceSpan, args->nonceData, NC_ENCRYPTION_NONCE_SIZE);
+ ncSpanInitC(&nonceSpan, args->nonceData, NC_NIP44_IV_SIZE);
/* Message key will be derrived on every encryption call */
if (_getMessageKey(ck, nonceSpan, &messageKey) != CSTATUS_OK)
@@ -344,13 +344,14 @@ static _nc_fn_inline NCResult _decryptNip44Ex(const NCContext* ctx, const struct
struct message_key messageKey;
const struct nc_expand_keys* cipherKeys;
- DEBUG_ASSERT2(ctx != NULL, "Expected valid context")
- DEBUG_ASSERT2(ck != NULL, "Expected valid conversation key")
- DEBUG_ASSERT2(args != NULL, "Expected valid encryption args")
+ DEBUG_ASSERT2(ctx != NULL, "Expected valid context");
+ DEBUG_ASSERT2(ck != NULL, "Expected valid conversation key");
+ DEBUG_ASSERT2(args != NULL, "Expected valid encryption args");
+ DEBUG_ASSERT(args->version == NC_ENC_VERSION_NIP44);
result = NC_SUCCESS;
- ncSpanInitC(&nonceSpan, args->nonceData, NC_ENCRYPTION_NONCE_SIZE);
+ ncSpanInitC(&nonceSpan, args->nonceData, NC_NIP44_IV_SIZE);
if (_getMessageKey(ck, nonceSpan, &messageKey) != CSTATUS_OK)
{
@@ -401,7 +402,7 @@ static NCResult _verifyMacEx(
DEBUG_ASSERT2(conversationKey != NULL, "Expected valid conversation key")
DEBUG_ASSERT2(args != NULL, "Expected valid mac verification args")
- ncSpanInitC(&nonceSpan, args->nonce32, NC_ENCRYPTION_NONCE_SIZE);
+ ncSpanInitC(&nonceSpan, args->nonce32, NC_NIP44_IV_SIZE);
ncSpanInitC(&payloadSpan, args->payload, args->payloadSize);
/*
@@ -979,7 +980,7 @@ Cleanup:
return result;
}
-NC_EXPORT NCResult NCComputeMac(
+NC_EXPORT NCResult NC_CC NCComputeMac(
const NCContext* ctx,
const uint8_t hmacKey[NC_HMAC_KEY_SIZE],
const uint8_t* payload,
@@ -1069,13 +1070,14 @@ Cleanup:
#define ENSURE_ENC_MODE(args, mode) if(args->version != mode) return E_VERSION_NOT_SUPPORTED;
-NC_EXPORT NCResult NCSetEncryptionPropertyEx(
+NC_EXPORT NCResult NC_CC NCEncryptionSetPropertyEx(
NCEncryptionArgs* args,
uint32_t property,
uint8_t* value,
uint32_t valueLen
)
{
+ uint32_t ivSize;
CHECK_NULL_ARG(args, 0)
CHECK_NULL_ARG(value, 2)
@@ -1091,22 +1093,6 @@ NC_EXPORT NCResult NCSetEncryptionPropertyEx(
return NC_SUCCESS;
- case NC_ENC_SET_NIP04_IV:
- /*
- * The safest way to store the nip04 IV is in the nonce
- * field. An IV is essentially a nonce. A secure random
- * number used to encrypt the first block of a CBC chain.
- */
-
- CHECK_ARG_RANGE(valueLen, AES_IV_SIZE, UINT32_MAX, 3)
-
- ENSURE_ENC_MODE(args, NC_ENC_VERSION_NIP04)
-
- args->nonceData = value;
-
- return NC_SUCCESS;
-
-
case NC_ENC_SET_NIP04_KEY:
/*
* The AES key is stored in the hmac key field, since
@@ -1122,13 +1108,17 @@ NC_EXPORT NCResult NCSetEncryptionPropertyEx(
return NC_SUCCESS;
- case NC_ENC_SET_NIP44_NONCE:
+ case NC_ENC_SET_IV:
+
+ ivSize = NCEncryptionGetIvSize(args->version);
- /* Nonce buffer must be at least the size, max doesnt matter */
- CHECK_ARG_RANGE(valueLen, NC_ENCRYPTION_NONCE_SIZE, UINT32_MAX, 3)
+ /* Gaurd invalid version */
+ if (ivSize == 0)
+ {
+ return E_VERSION_NOT_SUPPORTED;
+ }
- /* Nonce is only used in nip44 mode */
- ENSURE_ENC_MODE(args, NC_ENC_VERSION_NIP44)
+ CHECK_ARG_RANGE(valueLen, ivSize, ivSize, 3)
args->nonceData = value;
@@ -1155,13 +1145,13 @@ NC_EXPORT NCResult NCSetEncryptionPropertyEx(
return E_INVALID_ARG;
}
-NC_EXPORT NCResult NCSetEncryptionProperty(
+NC_EXPORT NCResult NC_CC NCEncryptionSetProperty(
NCEncryptionArgs* args,
uint32_t property,
uint32_t value
)
{
- return NCSetEncryptionPropertyEx(
+ return NCEncryptionSetPropertyEx(
args,
property,
(uint8_t*)&value,
@@ -1169,7 +1159,7 @@ NC_EXPORT NCResult NCSetEncryptionProperty(
);
}
-NC_EXPORT NCResult NCSetEncryptionData(
+NC_EXPORT NCResult NC_CC NCEncryptionSetData(
NCEncryptionArgs* args,
const uint8_t* input,
uint8_t* output,
@@ -1186,4 +1176,19 @@ NC_EXPORT NCResult NCSetEncryptionData(
args->dataSize = dataSize;
return NC_SUCCESS;
-} \ No newline at end of file
+}
+
+NC_EXPORT uint32_t NC_CC NCEncryptionGetIvSize(uint32_t version)
+{
+ switch (version)
+ {
+ case NC_ENC_VERSION_NIP04:
+ return NC_NIP04_IV_SIZE;
+
+ case NC_ENC_VERSION_NIP44:
+ return NC_NIP44_IV_SIZE;
+
+ default:
+ return 0;
+ }
+}
diff --git a/src/noscryptutil.c b/src/noscryptutil.c
index 4cee2c3..89e0f35 100644
--- a/src/noscryptutil.c
+++ b/src/noscryptutil.c
@@ -37,6 +37,7 @@
#define MIN_PADDING_SIZE 0x20u
#define NIP44_VERSION_SIZE 0x01u
#define NIP44_PT_LEN_SIZE sizeof(uint16_t)
+#define NIP44_NONCE_SIZE NC_NIP44_IV_SIZE
/*
* minimum size for a valid nip44 payload
@@ -200,7 +201,7 @@ static _nc_fn_inline uint32_t _calcNip44TotalOutSize(uint32_t inputSize)
bufferSize = NIP44_VERSION_SIZE;
- bufferSize += NC_ENCRYPTION_NONCE_SIZE;
+ bufferSize += NIP44_NONCE_SIZE;
bufferSize += NIP44_PT_LEN_SIZE;
@@ -267,7 +268,7 @@ static _nc_fn_inline int _nip44ParseSegments(
*nonce = ncSpanSliceC(
payload,
NIP44_VERSION_SIZE,
- NC_ENCRYPTION_NONCE_SIZE
+ NIP44_NONCE_SIZE
);
/*
@@ -293,8 +294,8 @@ static _nc_fn_inline int _nip44ParseSegments(
*/
*cipherText = ncSpanSliceC(
payload,
- NIP44_VERSION_SIZE + NC_ENCRYPTION_NONCE_SIZE,
- payload.size - (NIP44_VERSION_SIZE + NC_ENCRYPTION_NONCE_SIZE + NC_ENCRYPTION_MAC_SIZE)
+ NIP44_VERSION_SIZE + NIP44_NONCE_SIZE,
+ payload.size - (NIP44_VERSION_SIZE + NIP44_NONCE_SIZE + NC_ENCRYPTION_MAC_SIZE)
);
return 1;
@@ -357,12 +358,23 @@ static NCResult _nip44EncryptCompleteCore(
ZERO_FILL(hmacKeyOut, sizeof(hmacKeyOut));
+ /* Get the nonce/iv size so we know how much nonce data to write */
+ result = NCUtilCipherGetIvSize(state);
+ DEBUG_ASSERT(result > 0);
+
/* Start by appending the version number */
ncSpanAppend(message, &outPos, Nip44VersionValue, sizeof(Nip44VersionValue));
/* next is nonce data */
- ncSpanAppend(message, &outPos, encArgs.nonceData, NC_ENCRYPTION_NONCE_SIZE);
- DEBUG_ASSERT(outPos == 1 + NC_ENCRYPTION_NONCE_SIZE);
+ ncSpanAppend(message, &outPos, encArgs.nonceData, (uint32_t)result);
+
+ /*
+ * Assert the output points to the end of the nonce segment
+ * for nip44 this is exactly 33 bytes. This assert also doubles
+ * to check the output of NCUtilCipherGetIvSize() to ensure
+ * it's returning the correct size for nip44
+ */
+ DEBUG_ASSERT(outPos == 1 + NIP44_NONCE_SIZE);
/*
* Assign the hmac key from the stack buffer. Since the args structure
@@ -372,7 +384,7 @@ static NCResult _nip44EncryptCompleteCore(
* addresses.
*/
- result = NCSetEncryptionPropertyEx(
+ result = NCEncryptionSetPropertyEx(
&encArgs,
NC_ENC_SET_NIP44_MAC_KEY,
hmacKeyOut,
@@ -397,7 +409,7 @@ static NCResult _nip44EncryptCompleteCore(
* plainText size field.
*/
- result = NCSetEncryptionData(
+ result = NCEncryptionSetData(
&encArgs,
ncSpanGetOffset(message, outPos), /* in place encryption */
ncSpanGetOffset(message, outPos),
@@ -517,7 +529,7 @@ static NCResult _nip44DecryptCompleteCore(
if ((state->_flags & NC_UTIL_CIPHER_MAC_NO_VERIFY) == 0)
{
DEBUG_ASSERT(ncSpanGetSizeC(macValue) == NC_ENCRYPTION_MAC_SIZE);
- DEBUG_ASSERT(ncSpanGetSizeC(macData) > NC_ENCRYPTION_NONCE_SIZE + MIN_PADDING_SIZE);
+ DEBUG_ASSERT(ncSpanGetSizeC(macData) > NIP44_NONCE_SIZE + MIN_PADDING_SIZE);
/* Assign the mac data to the mac verify args */
macArgs.mac32 = ncSpanGetOffsetC(macValue, 0);
@@ -550,7 +562,7 @@ static NCResult _nip44DecryptCompleteCore(
DEBUG_ASSERT2(cipherText.size >= MIN_PADDING_SIZE, "Cipertext segment was parsed incorrectly. Too small");
- result = NCSetEncryptionData(
+ result = NCEncryptionSetData(
&encArgs,
ncSpanGetOffsetC(cipherText, 0),
ncSpanGetOffset(output, 0), /*decrypt ciphertext and write directly to the output buffer */
@@ -653,6 +665,10 @@ NC_EXPORT NCUtilCipherContext* NC_CC NCUtilCipherAlloc(uint32_t encVersion, uint
if (encCtx != NULL)
{
+ /*
+ * Technically I should be using the NCEncSetProperty but this
+ * is an acceptable shortcut for now, may break in future
+ */
encCtx->encArgs.version = encVersion;
encCtx->_flags = flags;
}
@@ -694,7 +710,7 @@ NC_EXPORT NCResult NC_CC NCUtilCipherInit(
CHECK_NULL_ARG(encCtx, 0);
CHECK_NULL_ARG(inputData, 1);
- if ((encCtx->_flags & NC_UTIL_CIPHER_MODE_DECRYPT) > 0)
+ if ((encCtx->_flags & NC_UTIL_CIPHER_MODE) == NC_UTIL_CIPHER_MODE_DECRYPT)
{
/*
* Validate the input data for proper format for
@@ -842,7 +858,7 @@ NC_EXPORT NCResult NC_CC NCUtilCipherReadOutput(
return (NCResult)encCtx->buffer.actualOutput.size;
}
-NC_EXPORT NCResult NCUtilCipherSetProperty(
+NC_EXPORT NCResult NC_CC NCUtilCipherSetProperty(
NCUtilCipherContext* ctx,
uint32_t property,
uint8_t* value,
@@ -852,7 +868,7 @@ NC_EXPORT NCResult NCUtilCipherSetProperty(
CHECK_NULL_ARG(ctx, 0)
/* All other arguments are verified */
- return NCSetEncryptionPropertyEx(
+ return NCEncryptionSetPropertyEx(
&ctx->encArgs,
property,
value,
@@ -889,7 +905,7 @@ NC_EXPORT NCResult NC_CC NCUtilCipherUpdate(
{
case NC_ENC_VERSION_NIP44:
- if ((encCtx->_flags & NC_UTIL_CIPHER_MODE_DECRYPT) > 0)
+ if ((encCtx->_flags & NC_UTIL_CIPHER_MODE) == NC_UTIL_CIPHER_MODE_DECRYPT)
{
return _nip44DecryptCompleteCore(libContext, sk, pk, encCtx);
}
@@ -908,3 +924,16 @@ NC_EXPORT NCResult NC_CC NCUtilCipherUpdate(
return E_VERSION_NOT_SUPPORTED;
}
}
+
+NC_EXPORT NCResult NC_CC NCUtilCipherGetIvSize(const NCUtilCipherContext* encCtx)
+{
+ uint32_t ivSize;
+
+ CHECK_NULL_ARG(encCtx, 0);
+
+ ivSize = NCEncryptionGetIvSize(encCtx->encArgs.version);
+
+ return ivSize == 0
+ ? E_VERSION_NOT_SUPPORTED
+ : (NCResult)ivSize;
+}
diff --git a/tests/test.c b/tests/test.c
index b4cdef1..e8b064b 100644
--- a/tests/test.c
+++ b/tests/test.c
@@ -284,74 +284,78 @@ static int TestPublicApiArgumentValidation()
NCSecretKey secKey;
NCPublicKey pubKey;
uint8_t hmacKeyOut[NC_HMAC_KEY_SIZE];
- uint8_t nonce[NC_ENCRYPTION_NONCE_SIZE];
+ uint8_t nonce[NC_NIP44_IV_SIZE];
NCEncryptionArgs cryptoData;
PRINTL("TEST: Public API argument validation tests")
{
+ TEST(NCEncryptionGetIvSize(NC_ENC_VERSION_NIP44), sizeof(nonce));
+
/*
* Test arguments for encryption properties
*/
uint8_t testBuff32[32];
- TEST(NCSetEncryptionProperty(NULL, NC_ENC_SET_VERSION, NC_ENC_VERSION_NIP44), ARG_ERROR_POS_0)
- TEST(NCSetEncryptionProperty(&cryptoData, 0, 1), E_INVALID_ARG)
+ TEST(NCEncryptionSetProperty(NULL, NC_ENC_SET_VERSION, NC_ENC_VERSION_NIP04), ARG_ERROR_POS_0)
+ TEST(NCEncryptionSetProperty(&cryptoData, 0, 1), E_INVALID_ARG)
- TEST(NCSetEncryptionData(NULL, zero32, sig64, sizeof(zero32)), ARG_ERROR_POS_0)
- TEST(NCSetEncryptionData(&cryptoData, NULL, sig64, sizeof(zero32)), ARG_ERROR_POS_1)
- TEST(NCSetEncryptionData(&cryptoData, zero32, NULL, sizeof(zero32)), ARG_ERROR_POS_2)
- TEST(NCSetEncryptionData(&cryptoData, zero32, sig64, 0), ARG_RANGE_ERROR_POS_3)
+ TEST(NCEncryptionSetData(NULL, zero32, sig64, sizeof(zero32)), ARG_ERROR_POS_0)
+ TEST(NCEncryptionSetData(&cryptoData, NULL, sig64, sizeof(zero32)), ARG_ERROR_POS_1)
+ TEST(NCEncryptionSetData(&cryptoData, zero32, NULL, sizeof(zero32)), ARG_ERROR_POS_2)
+ TEST(NCEncryptionSetData(&cryptoData, zero32, sig64, 0), ARG_RANGE_ERROR_POS_3)
- /* Setting any version specific value should fail */
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP44_NONCE, nonce, sizeof(nonce)), E_VERSION_NOT_SUPPORTED)
+ /* Setting the IV should fail because a version is not set*/
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_IV, nonce, sizeof(nonce)), E_VERSION_NOT_SUPPORTED);
/* Set to nip44 to continue nip44 tests */
- TEST(NCSetEncryptionProperty(&cryptoData, NC_ENC_SET_VERSION, NC_ENC_VERSION_NIP44), NC_SUCCESS)
-
- TEST(NCSetEncryptionPropertyEx(&cryptoData, 0, nonce, sizeof(nonce)), E_INVALID_ARG)
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP44_NONCE, NULL, sizeof(nonce)), ARG_ERROR_POS_2)
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP44_NONCE, nonce, 0), ARG_RANGE_ERROR_POS_3)
- /* Nonce size should fail if smaller than the required nonce size */
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP44_NONCE, nonce, NC_ENCRYPTION_NONCE_SIZE - 1), ARG_RANGE_ERROR_POS_3)
-
- TEST(NCSetEncryptionPropertyEx(&cryptoData, 0, hmacKeyOut, sizeof(hmacKeyOut)), E_INVALID_ARG)
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP44_MAC_KEY, NULL, sizeof(hmacKeyOut)), ARG_ERROR_POS_2)
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP44_MAC_KEY, hmacKeyOut, 0), ARG_RANGE_ERROR_POS_3)
+ TEST(NCEncryptionSetProperty(&cryptoData, NC_ENC_SET_VERSION, NC_ENC_VERSION_NIP44), NC_SUCCESS)
+
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, 0, nonce, sizeof(nonce)), E_INVALID_ARG)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_IV, NULL, sizeof(nonce)), ARG_ERROR_POS_2)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_IV, nonce, 0), ARG_RANGE_ERROR_POS_3)
+ /* Nonce size should fail if not exactly the required nonce size */
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_IV, nonce, NC_NIP44_IV_SIZE - 1), ARG_RANGE_ERROR_POS_3)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_IV, nonce, NC_NIP44_IV_SIZE + 1), ARG_RANGE_ERROR_POS_3)
+
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, 0, hmacKeyOut, sizeof(hmacKeyOut)), E_INVALID_ARG)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_NIP44_MAC_KEY, NULL, sizeof(hmacKeyOut)), ARG_ERROR_POS_2)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_NIP44_MAC_KEY, hmacKeyOut, 0), ARG_RANGE_ERROR_POS_3)
/* Key size should fail if smaller than the required nip44 key size */
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP44_MAC_KEY, hmacKeyOut, NC_HMAC_KEY_SIZE - 1), ARG_RANGE_ERROR_POS_3)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_NIP44_MAC_KEY, hmacKeyOut, NC_HMAC_KEY_SIZE - 1), ARG_RANGE_ERROR_POS_3)
+
/* Test for nip04 */
/* Any nip04 specific properties should fail since nip44 has already been set */
-
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP04_IV, testBuff32, sizeof(testBuff32)), E_VERSION_NOT_SUPPORTED)
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP04_KEY, testBuff32, sizeof(testBuff32)), E_VERSION_NOT_SUPPORTED)
+
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_NIP04_KEY, testBuff32, sizeof(testBuff32)), E_VERSION_NOT_SUPPORTED)
/* Set to nip04 to continue nip04 tests */
- ENSURE(NCSetEncryptionProperty(&cryptoData, NC_ENC_SET_VERSION, NC_ENC_VERSION_NIP04) == NC_SUCCESS)
+ ENSURE(NCEncryptionSetProperty(&cryptoData, NC_ENC_SET_VERSION, NC_ENC_VERSION_NIP04) == NC_SUCCESS)
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP04_IV, NULL, sizeof(testBuff32)), ARG_ERROR_POS_2)
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP04_IV, testBuff32, 0), ARG_RANGE_ERROR_POS_3)
- /* IV size should fail if smaller than IV */
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP04_IV, testBuff32, NC_NIP04_AES_IV_SIZE - 1), ARG_RANGE_ERROR_POS_3)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_IV, NULL, sizeof(testBuff32)), ARG_ERROR_POS_2)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_IV, testBuff32, 0), ARG_RANGE_ERROR_POS_3)
+ /* IV size should fail if not exact size IV for the version */
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_IV, testBuff32, NC_NIP04_IV_SIZE - 1), ARG_RANGE_ERROR_POS_3)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_IV, testBuff32, NC_NIP04_IV_SIZE + 1), ARG_RANGE_ERROR_POS_3)
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP04_KEY, NULL, sizeof(testBuff32)), ARG_ERROR_POS_2)
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP04_KEY, testBuff32, 0), ARG_RANGE_ERROR_POS_3)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_NIP04_KEY, NULL, sizeof(testBuff32)), ARG_ERROR_POS_2)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_NIP04_KEY, testBuff32, 0), ARG_RANGE_ERROR_POS_3)
/* Key size should fail if smaller than the required nip04 key size */
- TEST(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP04_KEY, testBuff32, NC_NIP04_AES_KEY_SIZE - 1), ARG_RANGE_ERROR_POS_3)
+ TEST(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_NIP04_KEY, testBuff32, NC_NIP04_AES_KEY_SIZE - 1), ARG_RANGE_ERROR_POS_3)
}
/* Prep the crypto structure for proper usage */
- ENSURE(NCSetEncryptionProperty(&cryptoData, NC_ENC_SET_VERSION, NC_ENC_VERSION_NIP44) == NC_SUCCESS);
- ENSURE(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP44_NONCE, nonce, sizeof(nonce)) == NC_SUCCESS);
- ENSURE(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP44_MAC_KEY, hmacKeyOut, sizeof(hmacKeyOut)) == NC_SUCCESS);
+ ENSURE(NCEncryptionSetProperty(&cryptoData, NC_ENC_SET_VERSION, NC_ENC_VERSION_NIP44) == NC_SUCCESS);
+ ENSURE(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_IV, nonce, sizeof(nonce)) == NC_SUCCESS);
+ ENSURE(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_NIP44_MAC_KEY, hmacKeyOut, sizeof(hmacKeyOut)) == NC_SUCCESS);
/* Assign the encryption material */
- ENSURE(NCSetEncryptionData(&cryptoData, zero32, sig64, sizeof(zero32)) == NC_SUCCESS);
+ ENSURE(NCEncryptionSetData(&cryptoData, zero32, sig64, sizeof(zero32)) == NC_SUCCESS);
FillRandomData(ctxRandom, 32);
@@ -543,7 +547,7 @@ static int TestCorrectEncryption(const NCContext* context)
NCPublicKey pubKey2;
uint8_t hmacKeyOut[NC_HMAC_KEY_SIZE];
- uint8_t nonce[NC_ENCRYPTION_NONCE_SIZE];
+ uint8_t nonce[NC_NIP44_IV_SIZE]; //nonce is set by cipher spec, shoud use NCEncryptionGetIvSize() in production
uint8_t mac[NC_ENCRYPTION_MAC_SIZE];
uint8_t plainText[TEST_ENC_DATA_SIZE];
@@ -555,12 +559,13 @@ static int TestCorrectEncryption(const NCContext* context)
PRINTL("TEST: Correct encryption")
- ENSURE(NCSetEncryptionProperty(&cryptoData, NC_ENC_SET_VERSION, NC_ENC_VERSION_NIP44) == NC_SUCCESS);
- ENSURE(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP44_NONCE, nonce, sizeof(nonce)) == NC_SUCCESS);
- ENSURE(NCSetEncryptionPropertyEx(&cryptoData, NC_ENC_SET_NIP44_MAC_KEY, hmacKeyOut, NC_HMAC_KEY_SIZE) == NC_SUCCESS);
+ ENSURE(NCEncryptionGetIvSize(NC_ENC_VERSION_NIP44) == (uint32_t)sizeof(nonce));
+ ENSURE(NCEncryptionSetProperty(&cryptoData, NC_ENC_SET_VERSION, NC_ENC_VERSION_NIP44) == NC_SUCCESS);
+ ENSURE(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_IV, nonce, sizeof(nonce)) == NC_SUCCESS);
+ ENSURE(NCEncryptionSetPropertyEx(&cryptoData, NC_ENC_SET_NIP44_MAC_KEY, hmacKeyOut, NC_HMAC_KEY_SIZE) == NC_SUCCESS);
/* Assign the encryption material */
- ENSURE(NCSetEncryptionData(&cryptoData, plainText, cipherText, TEST_ENC_DATA_SIZE) == NC_SUCCESS);
+ ENSURE(NCEncryptionSetData(&cryptoData, plainText, cipherText, TEST_ENC_DATA_SIZE) == NC_SUCCESS);
macVerifyArgs.nonce32 = nonce; /* nonce is shared */
macVerifyArgs.mac32 = mac;
@@ -634,10 +639,12 @@ static int TestUtilNip44Encryption(
ENSURE(ctx != NULL);
+ TEST(ncSpanGetSize(nonce), (uint32_t)NCUtilCipherGetIvSize(ctx));
+
TEST(NCUtilCipherInit(ctx, plainText.data, plainText.size), NC_SUCCESS);
/* Nonce is required for nip44 encryption */
- TEST(NCUtilCipherSetProperty(ctx, NC_ENC_SET_NIP44_NONCE, nonce.data, nonce.size), NC_SUCCESS);
+ TEST(NCUtilCipherSetProperty(ctx, NC_ENC_SET_IV, nonce.data, nonce.size), NC_SUCCESS);
/* Cipher update should return the */
TEST(NCUtilCipherUpdate(ctx, libCtx, NCByteCastToSecretKey(sendKey.data), &recvPubKey), NC_SUCCESS);
@@ -650,7 +657,7 @@ static int TestUtilNip44Encryption(
TASSERT(outData != NULL);
/* Read the encrypted payload to test */
- TEST(NCUtilCipherReadOutput(ctx, outData, cipherOutputSize), cipherOutputSize);
+ TEST(NCUtilCipherReadOutput(ctx, outData, (uint32_t)cipherOutputSize), cipherOutputSize);
/* Ensure encrypted payload matches */
TEST(memcmp(outData, expected.data, cipherOutputSize), 0);
@@ -699,7 +706,7 @@ static int TestUtilNip44Decryption(
TASSERT(outData != NULL);
/* Read the encrypted payload to test */
- TEST(NCUtilCipherReadOutput(ctx, outData, plaintextSize), plaintextSize);
+ TEST(NCUtilCipherReadOutput(ctx, outData, (uint32_t)plaintextSize), plaintextSize);
/* Ensure encrypted payload matches */
TEST(memcmp(outData, expectedPt.data, plaintextSize), 0);
@@ -729,7 +736,7 @@ static int TestUtilFunctions(const NCContext* libCtx)
/* From the nip44 vectors file */
span_t sendKey = FromHexString("0000000000000000000000000000000000000000000000000000000000000001", sizeof(NCSecretKey));
span_t recvKey = FromHexString("0000000000000000000000000000000000000000000000000000000000000002", sizeof(NCSecretKey));
- span_t nonce = FromHexString("0000000000000000000000000000000000000000000000000000000000000001", NC_ENCRYPTION_NONCE_SIZE);
+ span_t nonce = FromHexString("0000000000000000000000000000000000000000000000000000000000000001", NC_NIP44_IV_SIZE);
span_t payload = FromHexString("02000000000000000000000000000000000000000000000000000000000000000179ed06e5548ad3ff58ca920e6c0b4329f6040230f7e6e5641f20741780f0adc35a09794259929a02bb06ad8e8cf709ee4ccc567e9d514cdf5781af27a3e905e55b1b", 99);
span_t plainText = FromHexString("61", 1);