diff options
author | vnugent <public@vaughnnugent.com> | 2024-04-23 18:19:31 -0400 |
---|---|---|
committer | vnugent <public@vaughnnugent.com> | 2024-04-23 18:19:31 -0400 |
commit | 7cb7a93de4f6f5e741bc5129e3d928e44f050930 (patch) | |
tree | ae5c564a0c3c60d0b4dac13ac8e8e3ebf7906ab1 /src | |
parent | 30e8dda6cbea86bdee6d5dfe48514385d3b9f81b (diff) |
refactor!: MbedTLS on Windows, switch to uint32
Diffstat (limited to 'src')
-rw-r--r-- | src/crypto/impl/bcrypt.c (renamed from src/internal/impl/bcrypt.c) | 14 | ||||
-rw-r--r-- | src/crypto/impl/mbedtls.c (renamed from src/internal/impl/mbedtls.c) | 104 | ||||
-rw-r--r-- | src/crypto/impl/monocypher.c (renamed from src/internal/impl/monocypher.c) | 5 | ||||
-rw-r--r-- | src/crypto/impl/openssl.c (renamed from src/internal/impl/openssl.c) | 3 | ||||
-rw-r--r-- | src/crypto/nc-crypto.c (renamed from src/internal/nc-crypto.c) | 15 | ||||
-rw-r--r-- | src/crypto/nc-crypto.h (renamed from src/internal/nc-crypto.h) | 6 | ||||
-rw-r--r-- | src/internal/nc-util.h | 88 | ||||
-rw-r--r-- | src/noscrypt.c | 20 | ||||
-rw-r--r-- | src/noscrypt.h | 562 | ||||
-rw-r--r-- | src/platform.h | 48 |
10 files changed, 89 insertions, 776 deletions
diff --git a/src/internal/impl/bcrypt.c b/src/crypto/impl/bcrypt.c index 8ae6c5a..970f68f 100644 --- a/src/internal/impl/bcrypt.c +++ b/src/crypto/impl/bcrypt.c @@ -31,8 +31,7 @@ #include <Windows.h> #include <bcrypt.h> -#include "../../platform.h" -#include "../nc-util.h" +#include "nc-util.h" #define IF_BC_FAIL(x) if(!BCRYPT_SUCCESS(x)) @@ -97,7 +96,7 @@ _IMPLSTB NTSTATUS _bcCreate(struct _bcrypt_ctx* ctx) return _bcCreateHmac(ctx, &key); } -_IMPLSTB NTSTATUS _bcHashDataRaw(const struct _bcrypt_ctx* ctx, const uint8_t* data, uint64_t len) +_IMPLSTB NTSTATUS _bcHashDataRaw(const struct _bcrypt_ctx* ctx, const uint8_t* data, uint32_t len) { return BCryptHashData(ctx->hHash, (uint8_t*)data, len, 0); } @@ -213,12 +212,12 @@ _IMPLSTB void _bcDestroyCtx(struct _bcrypt_ctx* ctx) #ifndef _IMPL_CRYPTO_SHA256_HKDF_EXPAND - #define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _fallbackHkdfExpand + #define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _bcrypt_fallback_hkdf_expand /* Include string for memmove */ #include <string.h> - static void ncWriteSpanS(span_t* span, uint64_t offset, const uint8_t* data, uint64_t size) + static void ncWriteSpanS(span_t* span, uint32_t offset, const uint8_t* data, uint32_t size) { DEBUG_ASSERT2(span != NULL, "Expected span to be non-null") DEBUG_ASSERT2(data != NULL, "Expected data to be non-null") @@ -239,13 +238,13 @@ _IMPLSTB void _bcDestroyCtx(struct _bcrypt_ctx* ctx) #define _BC_MIN(a, b) (a < b ? a : b) - _IMPLSTB cstatus_t _fallbackHkdfExpand(const cspan_t* prk, const cspan_t* info, span_t* okm) + _IMPLSTB cstatus_t _bcrypt_fallback_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm) { cstatus_t result; struct _bcrypt_ctx ctx; uint8_t counter; - uint64_t tLen, okmOffset; + uint32_t tLen, okmOffset; uint8_t t[HKDF_IN_BUF_SIZE]; _IMPL_SECURE_ZERO_MEMSET(t, sizeof(t)); @@ -274,7 +273,6 @@ _IMPLSTB void _bcDestroyCtx(struct _bcrypt_ctx* ctx) tLen = _BC_MIN(okm->size - okmOffset, SHA256_DIGEST_SIZE); DEBUG_ASSERT(tLen <= sizeof(t)); - DEBUG_ASSERT((tLen + okmOffset) < okm->size); /* write the T buffer back to okm */ ncWriteSpanS(okm, okmOffset, t, tLen); diff --git a/src/internal/impl/mbedtls.c b/src/crypto/impl/mbedtls.c index 54caa44..ae36bbd 100644 --- a/src/internal/impl/mbedtls.c +++ b/src/crypto/impl/mbedtls.c @@ -35,8 +35,7 @@ #include <mbedtls/chacha20.h> #include <mbedtls/constant_time.h> -#include "../../platform.h" -#include "../nc-util.h" +#include "nc-util.h" /* * EXPORT SUPPORTED FUNCTION OVERRIDES @@ -51,21 +50,38 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void) return info; } +#if SIZE_MAX < UINT64_MAX + #define _ssize_guard(x) if(x > SIZE_MAX) return CSTATUS_FAIL; + #define _ssize_guard_int(x) if(x > SIZE_MAX) return 1; +#else + #define _ssize_guard(x) + #define _ssize_guard_int(x) +#endif + #ifndef _IMPL_CHACHA20_CRYPT /* Export chacha20 computation */ #define _IMPL_CHACHA20_CRYPT _mbed_chacha20_encrypt - _IMPLSTB int _mbed_chacha20_encrypt( + _IMPLSTB cstatus_t _mbed_chacha20_encrypt( const uint8_t* key, const uint8_t* nonce, const uint8_t* input, uint8_t* output, - size_t dataLen + uint32_t dataLen ) { + _ssize_guard(dataLen) + /* Counter always starts at 0 */ - return mbedtls_chacha20_crypt(key, nonce, 0x00u, dataLen, input, output); + return mbedtls_chacha20_crypt( + key, + nonce, + 0x00u, /* nip-44 counter version */ + dataLen, + input, + output + ) == 0 ? CSTATUS_OK : CSTATUS_FAIL; } #endif @@ -75,9 +91,16 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void) #define _IMPL_CRYPTO_SHA256_DIGEST _mbed_sha256_digest - _IMPLSTB CStatus _mbed_sha256_digest(const uint8_t* data, size_t dataSize,uint8_t* digestOut32) + _IMPLSTB cstatus_t _mbed_sha256_digest(const cspan_t* data, sha256_t digestOut32) { - return mbedtls_sha256(data, dataSize, digestOut32, 0); + _ssize_guard(data->size) + + return mbedtls_sha256( + data->data, + data->size, + digestOut32, + 0 /* Set 0 for sha256 mode */ + ) == 0 ? CSTATUS_OK : CSTATUS_FAIL; } #endif @@ -87,18 +110,21 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void) #define _IMPL_CRYPTO_SHA256_HMAC _mbed_sha256_hmac - _IMPLSTB CStatus _mbed_sha256_hmac( - const uint8_t* key, size_t keyLen, - const uint8_t* data, size_t dataLen, - void* hmacOut32 - ) + _IMPLSTB cstatus_t _mbed_sha256_hmac(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32) { + _ssize_guard(data->size) + + /* Keys should never be large enough for this to matter, but sanity check. */ + DEBUG_ASSERT2(key->size < SIZE_MAX, "Expected key size to be less than SIZE_MAX") + return mbedtls_md_hmac( _mbed_sha256_alg(), - key, keyLen, - data, dataLen, + key->data, + key->size, + data->data, + data->size, hmacOut32 - ); + ) == 0 ? CSTATUS_OK : CSTATUS_FAIL; } #endif @@ -107,51 +133,37 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void) #define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _mbed_sha256_hkdf_expand - _IMPLSTB int _mbed_sha256_hkdf_expand( - const uint8_t* prk, size_t prkLen, - const uint8_t* info, size_t infoLen, - void* okm, size_t okmLen - ) + _IMPLSTB cstatus_t _mbed_sha256_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm) { + /* These sizes should never be large enough to overflow on <64bit platforms, but sanity check */ + DEBUG_ASSERT(okm->size < SIZE_MAX) + DEBUG_ASSERT(prk->size < SIZE_MAX) + DEBUG_ASSERT(info->size < SIZE_MAX) + return mbedtls_hkdf_expand( _mbed_sha256_alg(), - prk, prkLen, - info, infoLen, - okm, okmLen - ); + prk->data, + prk->size, + info->data, + info->size, + okm->data, + okm->size + ) == 0 ? CSTATUS_OK : CSTATUS_FAIL; } #endif -/* Export hkdf extract if not already defined */ -#ifndef _IMPL_CRYPTO_SHA256_HKDF_EXTRACT - - #define _IMPL_CRYPTO_SHA256_HKDF_EXTRACT _mbed_sha256_hkdf_extract - - _IMPLSTB int _mbed_sha256_hkdf_extract( - const uint8_t* salt, size_t saltLen, - const uint8_t* ikm, size_t ikmLen, - void* prk - ) - { - return mbedtls_hkdf_extract( - _mbed_sha256_alg(), - salt, saltLen, - ikm, ikmLen, - prk - ); - } -#endif - /* Export fixed-time compare if not already defined */ #ifndef _IMPL_CRYPTO_FIXED_TIME_COMPARE #define _IMPL_CRYPTO_FIXED_TIME_COMPARE _mbed_fixed_time_compare /* fixed-time memcmp */ - _IMPLSTB int _mbed_fixed_time_compare(const uint8_t* a, const uint8_t* b, size_t size) + _IMPLSTB uint32_t _mbed_fixed_time_compare(const uint8_t* a, const uint8_t* b, uint32_t size) { - return mbedtls_ct_memcmp(a, b, size); + _ssize_guard_int(size) + + return (uint32_t)mbedtls_ct_memcmp(a, b, size); } #endif diff --git a/src/internal/impl/monocypher.c b/src/crypto/impl/monocypher.c index 6e93c63..790f5e9 100644 --- a/src/internal/impl/monocypher.c +++ b/src/crypto/impl/monocypher.c @@ -31,8 +31,7 @@ #include <monocypher.h> -#include "../../platform.h" -#include "../nc-util.h" +#include "nc-util.h" /* Export secure memse0 */ #ifndef _IMPL_SECURE_ZERO_MEMSET @@ -51,7 +50,7 @@ const uint8_t* nonce, const uint8_t* input, uint8_t* output, - uint64_t dataLen + uint32_t dataLen ) { if(dataLen > SIZE_MAX) diff --git a/src/internal/impl/openssl.c b/src/crypto/impl/openssl.c index d0cdb8c..1217e60 100644 --- a/src/internal/impl/openssl.c +++ b/src/crypto/impl/openssl.c @@ -25,8 +25,7 @@ #include <openssl/sha.h> -#include "../../platform.h" -#include "../nc-util.h" +#include "nc-util.h" /* * EXPORT SUPPORTED FUNCTIONS AS MACROS diff --git a/src/internal/nc-crypto.c b/src/crypto/nc-crypto.c index 9cd2c3e..fb2c0da 100644 --- a/src/internal/nc-crypto.c +++ b/src/crypto/nc-crypto.c @@ -20,7 +20,6 @@ #include "nc-util.h" #include "nc-crypto.h" -#include "../platform.h" /* * Functions are not forced inline, just suggested. @@ -131,7 +130,7 @@ * integer size */ - static uint32_t _fallbackFixedTimeCompare(const uint8_t* a, const uint8_t* b, uint64_t size) + static uint32_t _fallbackFixedTimeCompare(const uint8_t* a, const uint8_t* b, uint32_t size) { size_t i; uint32_t result; @@ -164,7 +163,7 @@ * for the desired crypto impl. */ -void ncCryptoSecureZero(void* ptr, uint64_t size) +void ncCryptoSecureZero(void* ptr, uint32_t size) { DEBUG_ASSERT2(ptr != NULL, "Expected ptr to be non-null") @@ -175,7 +174,7 @@ void ncCryptoSecureZero(void* ptr, uint64_t size) _IMPL_SECURE_ZERO_MEMSET(ptr, size); } -uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint64_t size) +uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint32_t size) { DEBUG_ASSERT2(a != NULL, "Expected a to be non-null") DEBUG_ASSERT2(b != NULL, "Expected b to be non-null") @@ -226,7 +225,7 @@ cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span * "length of output keying material in octets (<= 255 * HashLen)" */ - if(okm->size > (uint64_t)(0xFFu * SHA256_DIGEST_SIZE)) + if(okm->size > (uint32_t)(0xFFu * SHA256_DIGEST_SIZE)) { return CSTATUS_FAIL; } @@ -257,7 +256,7 @@ cstatus_t ncCryptoChacha20( const uint8_t nonce[CHACHA_NONCE_SIZE], const uint8_t* input, uint8_t* output, - uint64_t dataSize + uint32_t dataSize ) { DEBUG_ASSERT2(key != NULL, "Expected key to be non-null") @@ -265,5 +264,9 @@ cstatus_t ncCryptoChacha20( DEBUG_ASSERT2(input != NULL, "Expected input to be non-null") DEBUG_ASSERT2(output != NULL, "Expected output to be non-null") +#ifndef _IMPL_CHACHA20_CRYPT + #error "No chacha20 implementation defined" +#endif /* !_IMPL_CHACHA20_CRYPT */ + return _IMPL_CHACHA20_CRYPT(key, nonce, input, output, dataSize); } diff --git a/src/internal/nc-crypto.h b/src/crypto/nc-crypto.h index 3487b2b..64d4ad8 100644 --- a/src/internal/nc-crypto.h +++ b/src/crypto/nc-crypto.h @@ -50,9 +50,9 @@ typedef uint8_t sha256_t[SHA256_DIGEST_SIZE]; #endif -uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint64_t size); +uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint32_t size); -void ncCryptoSecureZero(void* ptr, uint64_t size); +void ncCryptoSecureZero(void* ptr, uint32_t size); cstatus_t ncCryptoDigestSha256(const cspan_t* data, sha256_t digestOut32); @@ -67,7 +67,7 @@ cstatus_t ncCryptoChacha20( const uint8_t nonce[CHACHA_NONCE_SIZE], const uint8_t* input, uint8_t* output, - uint64_t dataSize + uint32_t dataSize ); #endif /* !_NC_CRYPTO_H */ diff --git a/src/internal/nc-util.h b/src/internal/nc-util.h deleted file mode 100644 index 9f72470..0000000 --- a/src/internal/nc-util.h +++ /dev/null @@ -1,88 +0,0 @@ - -/* -* Copyright (c) 2024 Vaughn Nugent -* -* Package: noscrypt -* File: nc-util.h -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public License -* as published by the Free Software Foundation; either version 2.1 -* of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public License -* along with noscrypt. If not, see http://www.gnu.org/licenses/. -*/ - -#pragma once - -#ifndef NC_UTIL_H -#define NC_UTIL_H - -/* NULL */ -#ifndef NULL - #define NULL ((void*)0) -#endif /* !NULL */ - - -#ifdef DEBUG - /* Must include assert.h for assertions */ - #include <assert.h> - #define DEBUG_ASSERT(x) assert(x); - #define DEBUG_ASSERT2(x, message) assert(x && message); - - /* - * Compiler enabled static assertion keywords are - * only available in C11 and later. Later versions - * have macros built-in from assert.h so we can use - * the static_assert macro directly. - * - * Static assertions are only used for testing such as - * sanity checks and this library targets the c89 standard - * so static_assret very likely will not be available. - */ - #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L - #define STATIC_ASSERT(x, m) static_assert(x, m) - #elif !defined(STATIC_ASSERT) - #define STATIC_ASSERT(x, m) - #pragma message("Static assertions are not supported by this language version") - #endif - -#else - #define DEBUG_ASSERT(x) - #define DEBUG_ASSERT2(x, message) - #define STATIC_ASSERT(x, m) -#endif - -#include <stdint.h> - -typedef struct memory_span_struct -{ - uint8_t* data; - uint64_t size; -} span_t; - -typedef struct read_only_memory_span_struct -{ - const uint8_t* data; - uint64_t size; -} cspan_t; - -static void ncSpanInitC(cspan_t* span, const uint8_t* data, uint64_t size) -{ - span->data = data; - span->size = size; -} - -static void ncSpanInit(span_t* span, uint8_t* data, uint64_t size) -{ - span->data = data; - span->size = size; -} - -#endif /* NC_UTIL_H */
\ No newline at end of file diff --git a/src/noscrypt.c b/src/noscrypt.c index 4715d50..00684b8 100644 --- a/src/noscrypt.c +++ b/src/noscrypt.c @@ -20,8 +20,8 @@ #include "noscrypt.h" -#include "internal/nc-util.h" -#include "internal/nc-crypto.h" +#include "nc-util.h" +#include "crypto/nc-crypto.h" #include <secp256k1_ecdh.h> #include <secp256k1_schnorrsig.h> @@ -84,7 +84,7 @@ struct nc_expand_keys { /* Pointer typecast must work between expanded keys * and message key, size must be identical to work */ -STATIC_ASSERT(sizeof(struct nc_expand_keys) == sizeof(struct message_key), "Expected struct nc_expand_keys to be the same size as struct message_key"); +STATIC_ASSERT(sizeof(struct nc_expand_keys) == sizeof(struct message_key), "Expected struct nc_expand_keys to be the same size as struct message_key") /* * Check that the fallback hkdf extract internal buffer is large enough @@ -569,7 +569,7 @@ NC_EXPORT NCResult NC_CC NCSignData( const NCSecretKey* sk, const uint8_t random32[32], const uint8_t* data, - uint64_t dataSize, + uint32_t dataSize, uint8_t sig64[64] ) { @@ -630,7 +630,7 @@ NC_EXPORT NCResult NC_CC NCVerifyData( const NCContext* ctx, const NCPublicKey* pk, const uint8_t* data, - const uint64_t dataSize, + const uint32_t dataSize, const uint8_t sig64[64] ) { @@ -857,7 +857,7 @@ NC_EXPORT NCResult NCComputeMac( const NCContext* ctx, const uint8_t hmacKey[NC_HMAC_KEY_SIZE], const uint8_t* payload, - uint64_t payloadSize, + uint32_t payloadSize, uint8_t hmacOut[NC_ENCRYPTION_MAC_SIZE] ) { @@ -905,6 +905,10 @@ NC_EXPORT NCResult NC_CC NCVerifyMac( NCMacVerifyArgs* args ) { + NCResult result; + struct shared_secret sharedSecret; + struct conversation_key conversationKey; + CHECK_NULL_ARG(ctx, 0) CHECK_CONTEXT_STATE(ctx, 0) CHECK_NULL_ARG(sk, 1) @@ -916,10 +920,6 @@ NC_EXPORT NCResult NC_CC NCVerifyMac( CHECK_INVALID_ARG(args->nonce32, 3) CHECK_ARG_RANGE(args->payloadSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 3) - NCResult result; - struct shared_secret sharedSecret; - struct conversation_key conversationKey; - /* Computed the shared point so we can get the converstation key */ if ((result = _computeSharedSecret(ctx, sk, pk, &sharedSecret)) != NC_SUCCESS) { diff --git a/src/noscrypt.h b/src/noscrypt.h deleted file mode 100644 index a8a42ee..0000000 --- a/src/noscrypt.h +++ /dev/null @@ -1,562 +0,0 @@ -/* -* Copyright (c) 2024 Vaughn Nugent -* -* Package: noscrypt -* File: noscrypt.h -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public License -* as published by the Free Software Foundation; either version 2.1 -* of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public License -* along with noscrypt. If not, see http://www.gnu.org/licenses/. -*/ - -/* -* noscrypt is a an open-source, strict C89 library that performs the basic -* cryptographic operations found in the Nostr protocol. It is designed to be -* portable and easy to use in any C89 compatible environment. It is also designed -*/ - -#pragma once - -#ifndef NOSCRYPT_H -#define NOSCRYPT_H - -#include <stdint.h> -#include <stddef.h> -#include "platform.h" - -/* Set api export calling convention (allow used to override) */ -#ifndef NC_CC - #ifdef _NC_IS_WINDOWS - /* STD for importing to other languages such as .NET */ - #define NC_CC __stdcall - #else - #define NC_CC - #endif -#endif /* !NC_CC */ - -#ifndef NC_EXPORT /* Allow users to disable the export/impoty macro if using source code directly */ - #ifdef NOSCRYPT_EXPORTING - #ifdef _NC_IS_WINDOWS - #define NC_EXPORT __declspec(dllexport) - #else - #define NC_EXPORT __attribute__((visibility("default"))) - #endif /* _NC_IS_WINDOWS */ - #else - #ifdef _NC_IS_WINDOWS - #define NC_EXPORT __declspec(dllimport) - #else - #define NC_EXPORT - #endif /* _NC_IS_WINDOWS */ - #endif /* !NOSCRYPT_EXPORTING */ -#endif /* !NC_EXPORT */ - -/* -* CONSTANTS -*/ -#define BIP340_PUBKEY_HEADER_BYTE 0x02 -#define NIP44_MESSAGE_KEY_SIZE 0x4c /*32 + 12 + 32 = 76 */ -#define NC_ENCRYPTION_NONCE_SIZE 0x20 -#define NC_SEC_KEY_SIZE 0x20 -#define NC_PUBKEY_SIZE 0x20 -#define NC_CONTEXT_ENTROPY_SIZE 0x20 -#define NC_SHARED_SEC_SIZE 0x20 -#define NC_CONV_KEY_SIZE 0x20 -#define NC_HMAC_KEY_SIZE 0x20 -#define NC_ENCRYPTION_MAC_SIZE 0x20 -#define NC_MESSAGE_KEY_SIZE NIP44_MESSAGE_KEY_SIZE - -/* -* From spec -* https://github.com/nostr-protocol/nips/blob/master/44.md#decryption -*/ -#define NIP44_MIN_ENC_MESSAGE_SIZE 0x01 -#define NIP44_MAX_ENC_MESSAGE_SIZE 0xffff - -/* -* ERROR CODES -* -* Error codes are 64bit integers. The lower 8 bits are reserved for -* the error code, and the upper 8 bits are reserved for the argument -* position. -* -* NCResult type is 64bit to also allow for positive return values for -* operations that return a value count. -*/ - -#define NC_ARG_POSITION_OFFSET 0x08 -#define NC_ERROR_CODE_MASK 0xFF - -#define NC_SUCCESS 0x00 -#define E_NULL_PTR -1 -#define E_INVALID_ARG -2 -#define E_INVALID_CONTEXT -3 -#define E_ARGUMENT_OUT_OF_RANGE -4 -#define E_OPERATION_FAILED -5 - -/* A compressed resul/return value, negative values -are failure, 0 is success and positive values are -defined by the operation. -*/ -typedef int64_t NCResult; - -/* - An secp256k1 secret key (aka private key buffer) -*/ -typedef struct secret_key_struct { - - uint8_t key[NC_SEC_KEY_SIZE]; - -} NCSecretKey; - -/* - An x-only secp256k1 public key -*/ -typedef struct xonly_pubkey_struct { - - uint8_t key[NC_PUBKEY_SIZE]; - -} NCPublicKey; - -/* - An opaque full library context object -*/ -typedef struct ctx_struct { - - void* secpCtx; - -} NCContext; - -/* -* The encryption arguments structure. This structure is used to pass -arguments to the encryption and decryption functions. It stores the -data buffers and required nonce used for the stream cipher. -*/ -typedef struct nc_encryption_struct { - - /* The nonce used for the stream cipher. */ - const uint8_t* nonce32; - - /* Writes the hmac key to the buffer during encryption events. - Set to NULL on decryption */ - uint8_t* hmacKeyOut32; - - /* The input data buffer to encrypt/decrypt */ - const uint8_t* inputData; - - /* The output data buffer to write data to */ - uint8_t* outputData; - - /* The size of the data buffers. Buffers must - * be the same size or larger than this value - */ - uint64_t dataSize; - -} NCEncryptionArgs; - -/* -* A structure for Nip44 message authentication code verification. This structure -* is used to pass arguments to the NCVerifyMac and NCVerifyMacEx functions. -*/ -typedef struct nc_mac_verify { - - /* The message authentication code certifying the Nip44 payload */ - const uint8_t* mac32; - - /* The nonce used for the original message encryption */ - const uint8_t* nonce32; - - /* The message payload data */ - const uint8_t* payload; - - /* The size of the payload data */ - uint64_t payloadSize; - -} NCMacVerifyArgs; - - -/* - API FUNCTIONS -*/ - -/* -* A helper function to cast a buffer to a NCSecretKey struct -* @param key The buffer to cast -* @return A pointer to the NCSecretKey struct -*/ -static _nc_fn_inline NCSecretKey* NCToSecKey(uint8_t key[NC_SEC_KEY_SIZE]) -{ - return (NCSecretKey*)key; -} - -/* -* A helper function to cast a buffer to a NCPublicKey struct -* @param key The buffer to cast -* @return A pointer to the NCPublicKey struct -*/ -static _nc_fn_inline NCPublicKey* NCToPubKey(uint8_t key[NC_PUBKEY_SIZE]) -{ - return (NCPublicKey*)key; -} - -static _nc_fn_inline NCResult NCResultWithArgPosition(NCResult err, uint8_t argPosition) -{ - return -(((NCResult)argPosition << NC_ARG_POSITION_OFFSET) | -err); -} - -/* -* Parses an error code and returns the error code and the argument position -that caused the error. -* @param result The error code to parse -* @param argPositionOut A pointer to the argument position to write to -* @return The error code -*/ -static _nc_fn_inline int NCParseErrorCode(NCResult result, uint8_t* argPositionOut) -{ - NCResult asPositive; - int code; - - /* convert result to a positive value*/ - asPositive = -result; - - /* Get the error code from the lower 8 bits and the argument position from the upper 8 bits*/ - code = -(asPositive & NC_ERROR_CODE_MASK); - *argPositionOut = (asPositive >> NC_ARG_POSITION_OFFSET) & 0xFF; - - return code; -} - -/*-------------------------------------- -* LIB CONTEXT API -*/ - -/* -* Runtime check for the size of the context struct to allow -for dynamic allocation when context size structure is not known. -* @return The size of the context struct in bytes -*/ -NC_EXPORT uint32_t NC_CC NCGetContextStructSize(void); -/* -* Initializes a context struct with the given entropy -* @param ctx A pointer to the context structure to initialize -* @param entropy The entropy to initialize the context with -* @return NC_SUCCESS if the operation was successful, otherwise an error code -*/ -NC_EXPORT NCResult NC_CC NCInitContext( - NCContext* ctx, - const uint8_t entropy[NC_CONTEXT_ENTROPY_SIZE] -); -/* -* Reinitializes a context struct with the given -* @param ctx A pointer to the context structure to initialize -* @param entropy The entropy to initialize the context with -* @return NC_SUCCESS if the operation was successful, otherwise an error code -*/ -NC_EXPORT NCResult NC_CC NCReInitContext( - NCContext* ctx, - const uint8_t entropy[NC_CONTEXT_ENTROPY_SIZE] -); - -/* -* Destroys a context struct -* @param ctx A pointer to the existing context structure to destroy -* @return NC_SUCCESS if the operation was successful, otherwise an error code -*/ -NC_EXPORT NCResult NC_CC NCDestroyContext(NCContext* ctx); - - - -/*-------------------------------------- -* HIGH LEVEL SIGNING API -*/ - -/* -* Gets a x-only compressed public key from the given secret key -* @param ctx A pointer to the existing library context -* @param sk A pointer to the secret key -* @param pk A pointer to the compressed public key buffer to write to -* @return NC_SUCCESS if the operation was successful, otherwise an error code -*/ -NC_EXPORT NCResult NC_CC NCGetPublicKey( - const NCContext* ctx, - const NCSecretKey* sk, - NCPublicKey* pk -); -/* -* Validates that a given secret key is valid according to the secp256k1 curve. This -is functionally the same as calling secp256k1_ec_seckey_verify. -* @param ctx A pointer to the existing library context -* @param sk A pointer to the secret key to verify -* @return 1 if the secret key is valid, 0 if it is not, otherwise an error code -*/ -NC_EXPORT NCResult NC_CC NCValidateSecretKey( - const NCContext* ctx, - const NCSecretKey* sk -); - - -/* -* Signs a raw message after computing the sha256 checksum using the -given secret key and writes the signature to the sig64 buffer. -* @param ctx A pointer to the existing library context -* @param sk A pointer to the secret key to sign with -* @param random32 A pointer to the random32 buffer to use for signing -* @param data A pointer to the raw data buffer to sign -* @param dataSize The size of the raw data buffer -* @param sig64 A pointer to the 64byte buffer to write the signature to -* @return NC_SUCCESS if the operation was successful, otherwise an error code -*/ -NC_EXPORT NCResult NC_CC NCSignData( - const NCContext* ctx, - const NCSecretKey* sk, - const uint8_t random32[32], - const uint8_t* data, - const uint64_t dataSize, - uint8_t sig64[64] -); - -/* -* Verifies a signature of a raw data buffer matches the output using the given public key. -* @param ctx A pointer to the existing library context -* @param sig64 The 64byte signature to verify -* @param data A pointer to the raw data buffer to verify -* @param dataSize The size of the raw data buffer -* @param pk A pointer to the the x-only compressed public key (x-only serialized public key) -* @return NC_SUCCESS if the signature could be verified, otherwise an error code -*/ -NC_EXPORT NCResult NC_CC NCVerifyData( - const NCContext* ctx, - const NCPublicKey* pk, - const uint8_t* data, - const uint64_t dataSize, - const uint8_t sig64[64] -); - -/*-------------------------------------- -* EXTENDED SIGNING API -*/ - -/* -* Signs a message using the given secret key and writes the signature to the sig64 buffer -* @param ctx A pointer to the existing library context -* @param sk A pointer to the secret key to sign with -* @param random32 A pointer to the random32 buffer to use for signing -* @param digest32 A pointer to sha256 digest32 to sign -* @param sig64 A pointer to the 64byte buffer to write the signature to -* @return NC_SUCCESS if the operation was successful, otherwise an error code -*/ -NC_EXPORT NCResult NC_CC NCSignDigest( - const NCContext* ctx, - const NCSecretKey* sk, - const uint8_t random32[32], - const uint8_t digest32[32], - uint8_t sig64[64] -); - -/* -* Verifies a signature of a digest32 matches the output using the given public key. -Equivalent to calling secp256k1_schnorrsig_verify. -* @param ctx A pointer to the existing library context -* @param sig64 The 64byte signature to verify -* @param digest32 The digest32 to verify -* @param pk A pointer to the the x-only compressed public key (x-only serialized public key) -* @return NC_SUCCESS if the signature could be verified, otherwise an error code -*/ -NC_EXPORT NCResult NC_CC NCVerifyDigest( - const NCContext* ctx, - const NCPublicKey* pk, - const uint8_t digest32[32], - const uint8_t sig64[64] -); - - - -/*-------------------------------------- -* HIGH LEVEL ENCRYPTION API -*/ - -/* -* NOTES -* -* NIP-44 requires that plaintext/ciphertext must be padded in powers of 2. -* Since this library operates on data at the binary level, and does not do -* ANY runtime heap allocation, it is up to the user to ensure that the -* plaintext/ciphertext buffers are padded properly in The NCryptoData struct -* before calling the encryption/decryption functions. -*/ - -/* -* High level api for encrypting nostr messages using a secret key and a public key. Use -the NCEncryptEx functions for extended encryption functionality -* @param ctx The library context -* @param sk The secret key (the local private key) -* @param pk The compressed public key (x-only serialized public key) the other user's public key -* @param args The encryption arguments -* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to -the error code and positional argument that caused the error -*/ -NC_EXPORT NCResult NC_CC NCEncrypt( - const NCContext* ctx, - const NCSecretKey* sk, - const NCPublicKey* pk, - NCEncryptionArgs* args -); - -/* -* High level api for decrypting nostr messages using a secret key and a public key. Use -the NCDecryptEx functions for extended decryption functionality. -* @param ctx The library context -* @param sk The secret key (the local private key) -* @param pk The compressed public key (x-only serialized public key) the other user's public key -* @param args The decryption arguments -* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to -the error code and positional argument that caused the error -*/ -NC_EXPORT NCResult NC_CC NCDecrypt( - const NCContext* ctx, - const NCSecretKey* sk, - const NCPublicKey* pk, - NCEncryptionArgs* args -); - -/* -* High level api for verifying a Nip44 message authentication code using a secret key -and a public key. Use the NCVerifyMacEx functions for extended verification functionality. -* @param ctx A pointer to an existing library context -* @param sk A pointer to the secret key -* @param pk A pointer to the compressed public key (x-only serialized public key) -* @param args A pointer to the mac verification arguments -* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to -* the error code and positional argument that caused the error -*/ -NC_EXPORT NCResult NC_CC NCVerifyMac( - const NCContext* ctx, - const NCSecretKey* sk, - const NCPublicKey* pk, - NCMacVerifyArgs* args -); - -/*-------------------------------------- -* EXTENDED ENCRYPTION API -*/ - -/* -* Computes a NIP-44 shared secret from a secret key and a public key and -stores it in the sharedPoint buffer. -* @param ctx A pointer to the existing library context -* @param sk The secret key -* @param pk The compressed public key (x-only serialized public key) -* @param sharedPoint The buffer to store write the secret data to -* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to -the error code and positional argument that caused the error -*/ -NC_EXPORT NCResult NC_CC NCGetSharedSecret( - const NCContext* ctx, - const NCSecretKey* sk, - const NCPublicKey* pk, - uint8_t sharedPoint[NC_SHARED_SEC_SIZE] -); - -/* -* Computes a NIP-44 conversation key from the local secret key and the remote -public key, and stores it in the conversationKey buffer. -* @param ctx A pointer to the existing library context -* @param sk A pointer to the the secret key -* @param pk A pointer to the compressed public key (x-only serialized public key) -* @param conversationKey The buffer to store write the conversation key to -* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to -the error code and positional argument that caused the error -*/ -NC_EXPORT NCResult NC_CC NCGetConversationKey( - const NCContext* ctx, - const NCSecretKey* sk, - const NCPublicKey* pk, - uint8_t conversationKey[NC_CONV_KEY_SIZE] -); -/* -* Computes a NIP-44 conversation key a shared secret/point, and stores it in the -conversationKey buffer. -* @param ctx A pointer to the existing library context -* @param sharedPoint A pointer to the shared secret/point -* @param conversationKey The buffer to store write the conversation key to -* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to -the error code and positional argument that caused the error -*/ -NC_EXPORT NCResult NC_CC NCGetConversationKeyEx( - const NCContext* ctx, - const uint8_t sharedPoint[NC_SHARED_SEC_SIZE], - uint8_t conversationKey[NC_CONV_KEY_SIZE] -); - -/* -* Encrypts a message using the given conversation key and writes the encrypted message to the -* output buffer. The output buffer must be at least 99 bytes in size. -* @param ctx A pointer to the existing library context -* @param conversationKey A pointer to the conversation key -* @param args A pointer to the encryption arguments structure -* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to -the error code and positional argument that caused the error. -*/ -NC_EXPORT NCResult NC_CC NCEncryptEx( - const NCContext* ctx, - const uint8_t conversationKey[NC_CONV_KEY_SIZE], - NCEncryptionArgs* args -); - -/* -* Decrypts a message using the given conversation key and writes the decrypted message to the -* output buffer. -* @param ctx A pointer to the existing library context -* @param conversationKey A pointer to the conversation key -* @param args A pointer to the decryption arguments structure -* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to -the error code and positional argument that caused the error. -*/ -NC_EXPORT NCResult NC_CC NCDecryptEx( - const NCContext* ctx, - const uint8_t conversationKey[NC_CONV_KEY_SIZE], - NCEncryptionArgs* args -); - -/* -* Verifies a Nip44 message authentication code using the given conversation key. -* @param ctx A pointer to the existing library context -* @param conversationKey A pointer to the conversation key -* @param args A pointer to the mac verification arguments -* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to -* the error code and positional argument that caused the error. -*/ -NC_EXPORT NCResult NC_CC NCVerifyMacEx( - const NCContext* ctx, - const uint8_t conversationKey[NC_CONV_KEY_SIZE], - NCMacVerifyArgs* args -); - -/* -* Computes a message authentication code for a given payload using the given hmacKey and writes the -* mac to the hmacOut buffer. -* @param ctx A pointer to the existing library context -* @param hmacKey A pointer to the hmac key -* @param payload A pointer to the payload data buffer -* @param payloadSize The size of the payload data buffer -* @param hmacOut A pointer to the buffer to write the mac to -* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to -* the error code and positional argument that caused the error. -*/ -NC_EXPORT NCResult NCComputeMac( - const NCContext* ctx, - const uint8_t hmacKey[NC_HMAC_KEY_SIZE], - const uint8_t* payload, - uint64_t payloadSize, - uint8_t hmacOut[NC_ENCRYPTION_MAC_SIZE] -); - -#endif /* !NOSCRYPT_H */ diff --git a/src/platform.h b/src/platform.h deleted file mode 100644 index 8abaadd..0000000 --- a/src/platform.h +++ /dev/null @@ -1,48 +0,0 @@ -/* -* Copyright (c) 2024 Vaughn Nugent -* -* Package: noscrypt -* File: platform.h -* -* This library is free software; you can redistribute it and/or -* modify it under the terms of the GNU Lesser General Public License -* as published by the Free Software Foundation; either version 2.1 -* of the License, or (at your option) any later version. -* -* This library is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -* Lesser General Public License for more details. -* -* You should have received a copy of the GNU Lesser General Public License -* along with noscrypt. If not, see http://www.gnu.org/licenses/. -*/ - - -/* -* Contains platform specific defintions -*/ - -#if defined(_MSC_VER) || defined(WIN32) || defined(_WIN32) - #define _NC_IS_WINDOWS -#elif defined(__linux__) || defined(__unix__) || defined(__posix__) - #define _NC_IS_LINUX -#elif defined(__APPLE__) || defined(__MACH__) - #define _NC_IS_MAC -#endif - -/* -* Define supported inline defintions for various compilers -* and C standards -*/ - -#if defined(_NC_IS_WINDOWS) || defined(inline) || defined(__clang__) - #define _nc_fn_inline inline -#elif defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L /* C99 allows usage of inline keyword */ - #define _nc_fn_inline inline -#elif defined(__GNUC__) || defined(__GNUG__) - #define _nc_fn_inline __inline__ -#else - #define _nc_fn_inline - #pragma message("Warning: No inline keyword defined for this compiler") -#endif
\ No newline at end of file |