aboutsummaryrefslogtreecommitdiff
path: root/src/noscrypt.c
diff options
context:
space:
mode:
authorLibravatar vnugent <public@vaughnnugent.com>2024-04-13 01:24:00 -0400
committerLibravatar vnugent <public@vaughnnugent.com>2024-04-13 01:24:00 -0400
commit54e06ada7d624ed0d28c6a6db04a149708841bf8 (patch)
tree7d2b3d8f47b3b6b9a2ebe325dd130b78ddcadce9 /src/noscrypt.c
parent4215e3100d9a0d23119080d09638fa5b60d0c6d4 (diff)
fix: convert constants to hex, inline macro, ParseErrorCode
Diffstat (limited to 'src/noscrypt.c')
-rw-r--r--src/noscrypt.c80
1 files changed, 36 insertions, 44 deletions
diff --git a/src/noscrypt.c b/src/noscrypt.c
index 8aeeefe..3719a08 100644
--- a/src/noscrypt.c
+++ b/src/noscrypt.c
@@ -32,18 +32,13 @@
#include <mbedtls/sha256.h>
#include <mbedtls/constant_time.h>
-/* Non win platforms may need an inline override */
-#if !defined(_NC_IS_WINDOWS) && !defined(inline)
- #define inline __inline__
-#endif /* !IS_WINDOWS */
-
/* NULL */
#ifndef NULL
#define NULL ((void*)0)
#endif /* !NULL */
-#define CHACHA_NONCE_SIZE 12 /* Size of 12 is set by the cipher spec */
-#define CHACHA_KEY_SIZE 32 /* Size of 32 is set by the cipher spec */
+#define CHACHA_NONCE_SIZE 0x0cu /* Size of 12 is set by the cipher spec */
+#define CHACHA_KEY_SIZE 0x20u /* Size of 32 is set by the cipher spec */
/*
* Local macro for secure zero buffer fill
@@ -99,6 +94,12 @@
#define STATIC_ASSERT(x, m)
#endif
+/*
+* The Nip44 constant salt
+* https://github.com/nostr-protocol/nips/blob/master/44.md#encryption
+*/
+static const uint8_t Nip44ConstantSalt[8] = { 0x6e, 0x69, 0x70, 0x34, 0x34, 0x2d, 0x76, 0x32 };
+
struct shared_secret {
uint8_t value[NC_SHARED_SEC_SIZE];
};
@@ -131,7 +132,7 @@ STATIC_ASSERT(sizeof(struct nc_expand_keys) == sizeof(struct message_key), "Expe
* Internal helper functions to do common structure conversions
*/
-static inline int _convertToXonly(const NCContext* ctx, const NCPublicKey* compressedPubKey, secp256k1_xonly_pubkey* xonly)
+static _nc_fn_inline int _convertToXonly(const NCContext* ctx, const NCPublicKey* compressedPubKey, secp256k1_xonly_pubkey* xonly)
{
DEBUG_ASSERT2(ctx != NULL, "Expected valid context")
DEBUG_ASSERT2(compressedPubKey != NULL, "Expected a valid public 32byte key structure")
@@ -157,14 +158,13 @@ static int _convertToPubKey(const NCContext* ctx, const NCPublicKey* compressedP
MEMMOV((compressed + 1), compressedPubKey, sizeof(NCPublicKey));
result = secp256k1_ec_pubkey_parse(ctx->secpCtx, pubKey, compressed, sizeof(compressed));
-
- /* zero everything */
+
ZERO_FILL(compressed, sizeof(compressed));
return result;
}
-static inline int _convertFromXonly(const NCContext* ctx, const secp256k1_xonly_pubkey* xonly, NCPublicKey* compressedPubKey)
+static _nc_fn_inline int _convertFromXonly(const NCContext* ctx, const secp256k1_xonly_pubkey* xonly, NCPublicKey* compressedPubKey)
{
DEBUG_ASSERT2(ctx != NULL, "Expected valid context")
DEBUG_ASSERT2(xonly != NULL, "Expected valid X-only secp256k1 public key structure.")
@@ -239,15 +239,14 @@ static NCResult _computeSharedSecret(
&_edhHashFuncInternal,
NULL
);
-
- /* Clean up sensitive data */
+
ZERO_FILL(&pubKey, sizeof(pubKey));
/* Result should be 1 on success */
- return result > 0 ? NC_SUCCESS : E_OPERATION_FAILED;
+ return result == 1 ? NC_SUCCESS : E_OPERATION_FAILED;
}
-static inline const mbedtls_md_info_t* _getSha256MdInfo(void)
+static _nc_fn_inline const mbedtls_md_info_t* _getSha256MdInfo(void)
{
const mbedtls_md_info_t* info;
/* Get sha256 md info for hdkf operations */
@@ -257,7 +256,7 @@ static inline const mbedtls_md_info_t* _getSha256MdInfo(void)
}
-static inline NCResult _computeConversationKey(
+static _nc_fn_inline NCResult _computeConversationKey(
const NCContext* ctx,
const mbedtls_md_info_t* mdInfo,
const struct shared_secret* sharedSecret,
@@ -265,7 +264,7 @@ static inline NCResult _computeConversationKey(
)
{
int opResult;
- /* Validate internal args */
+
DEBUG_ASSERT2(ctx != NULL, "Expected valid context")
DEBUG_ASSERT2(sharedSecret != NULL, "Expected a valid shared-point")
DEBUG_ASSERT2(mdInfo != NULL, "Expected valid md context")
@@ -281,7 +280,7 @@ static inline NCResult _computeConversationKey(
(uint8_t*)ck /* Output produces a conversation key */
);
- /* Return success if the hkdf operation was successful */
+ /* 0 is a successful hdkf result */
return opResult == 0 ? NC_SUCCESS : E_OPERATION_FAILED;
}
@@ -289,7 +288,7 @@ static inline NCResult _computeConversationKey(
/*
* Explode the hkdf into the chacha key, chacha nonce, and hmac key.
*/
-static inline const struct nc_expand_keys* _expandKeysFromHkdf(const struct message_key* hkdf)
+static _nc_fn_inline const struct nc_expand_keys* _expandKeysFromHkdf(const struct message_key* hkdf)
{
return (const struct nc_expand_keys*)hkdf;
}
@@ -309,7 +308,7 @@ static int _chachaEncipher(const struct nc_expand_keys* keys, NCCryptoData* args
);
}
-static inline NCResult _getMessageKey(
+static _nc_fn_inline NCResult _getMessageKey(
const mbedtls_md_info_t* mdInfo,
const struct conversation_key* converstationKey,
const uint8_t* nonce,
@@ -337,7 +336,7 @@ static inline NCResult _getMessageKey(
return result == 0 ? NC_SUCCESS : E_OPERATION_FAILED;
}
-static inline NCResult _encryptEx(
+static _nc_fn_inline NCResult _encryptEx(
const NCContext* ctx,
const mbedtls_md_info_t* mdINfo,
const struct conversation_key* ck,
@@ -354,8 +353,8 @@ static inline NCResult _encryptEx(
DEBUG_ASSERT2(args != NULL, "Expected valid encryption args")
DEBUG_ASSERT2(mdINfo != NULL, "Expected valid md info struct")
DEBUG_ASSERT2(hmacKey != NULL, "Expected valid hmac key buffer")
-
- /* Failure, bail out */
+
+ /* Message key will be derrived on every encryption call */
if ((result = _getMessageKey(mdINfo, ck, args->nonce32, NC_ENCRYPTION_NONCE_SIZE, &messageKey)) != NC_SUCCESS)
{
goto Cleanup;
@@ -371,13 +370,12 @@ static inline NCResult _encryptEx(
result = (NCResult)_chachaEncipher(expandedKeys, args);
Cleanup:
- /* Clean up sensitive data */
ZERO_FILL(&messageKey, sizeof(messageKey));
return result;
}
-static inline NCResult _decryptEx(
+static _nc_fn_inline NCResult _decryptEx(
const NCContext* ctx,
const mbedtls_md_info_t* mdInfo,
const struct conversation_key* ck,
@@ -391,9 +389,8 @@ static inline NCResult _decryptEx(
DEBUG_ASSERT2(ctx != NULL, "Expected valid context")
DEBUG_ASSERT2(ck != NULL, "Expected valid conversation key")
DEBUG_ASSERT2(args != NULL, "Expected valid encryption args")
- DEBUG_ASSERT2(mdInfo != NULL, "Expected valid md info struct")
-
- /* Failure to get message keys, bail out */
+ DEBUG_ASSERT2(mdInfo != NULL, "Expected valid md info struct")
+
if ((result = _getMessageKey(mdInfo, ck, args->nonce32, NC_ENCRYPTION_NONCE_SIZE, &messageKey)) != NC_SUCCESS)
{
goto Cleanup;
@@ -406,13 +403,12 @@ static inline NCResult _decryptEx(
result = (NCResult) _chachaEncipher(cipherKeys, args);
Cleanup:
- /* Clean up sensitive data */
ZERO_FILL(&messageKey, sizeof(messageKey));
return result;
}
-static inline int _computeHmac(
+static _nc_fn_inline int _computeHmac(
const uint8_t key[NC_HMAC_KEY_SIZE],
const NCMacVerifyArgs* args,
uint8_t hmacOut[NC_ENCRYPTION_MAC_SIZE]
@@ -440,7 +436,6 @@ static NCResult _verifyMacEx(
)
{
NCResult result;
- const mbedtls_md_info_t* sha256Info;
const struct nc_expand_keys* keys;
struct message_key messageKey;
uint8_t hmacOut[NC_ENCRYPTION_MAC_SIZE];
@@ -449,14 +444,11 @@ static NCResult _verifyMacEx(
DEBUG_ASSERT2(conversationKey != NULL, "Expected valid conversation key")
DEBUG_ASSERT2(args != NULL, "Expected valid mac verification args")
- sha256Info = _getSha256MdInfo();
-
/*
- * We need to get the message key in order to
- * get the required hmac key
+ * Message key is again required for the hmac verification
*/
result = _getMessageKey(
- sha256Info,
+ _getSha256MdInfo(),
(struct conversation_key*)conversationKey,
args->nonce32,
NC_ENCRYPTION_NONCE_SIZE,
@@ -484,7 +476,6 @@ static NCResult _verifyMacEx(
result = mbedtls_ct_memcmp(hmacOut, args->mac32, NC_ENCRYPTION_MAC_SIZE) == 0 ? NC_SUCCESS : E_OPERATION_FAILED;
Cleanup:
- /* Clean up sensitive data */
ZERO_FILL(&messageKey, sizeof(messageKey));
ZERO_FILL(hmacOut, sizeof(hmacOut));
@@ -510,7 +501,10 @@ NC_EXPORT NCResult NC_CC NCInitContext(
ctx->secpCtx = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
- /* Randomize once on init */
+ /*
+ * Randomize once on init, users can call reinit to
+ * randomize again as needed.
+ */
return secp256k1_context_randomize(ctx->secpCtx, entropy) ? NC_SUCCESS : E_INVALID_ARG;
}
@@ -520,8 +514,8 @@ NC_EXPORT NCResult NC_CC NCReInitContext(
)
{
CHECK_NULL_ARG(ctx, 0)
- CHECK_INVALID_ARG(ctx->secpCtx, 0)
CHECK_NULL_ARG(entropy, 1)
+ CHECK_INVALID_ARG(ctx->secpCtx, 0)
/* Only randomize again */
return secp256k1_context_randomize(ctx->secpCtx, entropy) ? NC_SUCCESS : E_INVALID_ARG;
@@ -612,7 +606,7 @@ NC_EXPORT NCResult NC_CC NCSignDigest(
CHECK_NULL_ARG(digest32, 3)
CHECK_NULL_ARG(sig64, 4)
- /* Generate the keypair */
+ /* Fill keypair structure from the callers secret key */
if (secp256k1_keypair_create(ctx->secpCtx, &keyPair, sk->key) != 1)
{
return E_INVALID_ARG;
@@ -628,8 +622,7 @@ NC_EXPORT NCResult NC_CC NCSignDigest(
/* Verify the signature is valid */
result = secp256k1_schnorrsig_verify(ctx->secpCtx, sig64, digest32, 32, &xonly);
-
- /* cleanup any sensitive data */
+
ZERO_FILL(&keyPair, sizeof(keyPair));
ZERO_FILL(&xonly, sizeof(xonly));
@@ -689,8 +682,7 @@ NC_EXPORT NCResult NC_CC NCVerifyDigest(
/* Verify the signature */
result = secp256k1_schnorrsig_verify(ctx->secpCtx, sig64, digest32, 32, &xonly);
-
- /* cleanup any sensitive data */
+
ZERO_FILL(&xonly, sizeof(xonly));
return result == 1 ? NC_SUCCESS : E_INVALID_ARG;