aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLibravatar vnugent <public@vaughnnugent.com>2024-01-30 12:25:05 -0500
committerLibravatar vnugent <public@vaughnnugent.com>2024-01-30 12:25:05 -0500
commitac1e58837f1ba687939f78b5c03cadd346c10ddd (patch)
treeaf274dc4ced562f76a665502984c33892d92ca9c /src
parent8d25ae5e2dadf403d1d2d44a34bd5abd7107d74d (diff)
couple more tests, renable range checks, set flags for all projects
Diffstat (limited to 'src')
-rw-r--r--src/noscrypt.c32
-rw-r--r--src/noscrypt.h1
2 files changed, 23 insertions, 10 deletions
diff --git a/src/noscrypt.c b/src/noscrypt.c
index 6ef273f..55a098e 100644
--- a/src/noscrypt.c
+++ b/src/noscrypt.c
@@ -178,7 +178,8 @@ static NCResult _computeSharedSecret(
//Clean up sensitive data
ZERO_FILL(&pubKey, sizeof(secp256k1_pubkey));
- return (NCResult)result;
+ //Result should be 1 on success
+ return result > 0 ? NC_SUCCESS : E_OPERATION_FAILED;
}
static inline const mbedtls_md_info_t* _getSha256MdInfo(void)
@@ -198,14 +199,15 @@ static inline NCResult _computeConversationKey(
struct conversation_key* ck
)
{
+ int opResult;
//Validate internal args
DEBUG_ASSERT2(ctx != NULL, "Expected valid context")
DEBUG_ASSERT2(sharedSecret != NULL, "Expected a valid shared-point")
DEBUG_ASSERT2(mdInfo != NULL, "Expected valid md context")
DEBUG_ASSERT2(ck != NULL, "Expected a valid conversation key")
- //Derive the encryption key (returns 0 on success so it can be cast to an NCResult)
- return (NCResult)mbedtls_hkdf_extract(
+ //Derive the encryption key
+ opResult = mbedtls_hkdf_extract(
mdInfo,
Nip44ConstantSalt,
sizeof(Nip44ConstantSalt),
@@ -213,6 +215,9 @@ static inline NCResult _computeConversationKey(
NC_SHARED_SEC_SIZE,
(uint8_t*)ck //Output produces a conversation key
);
+
+ //Return success if the hkdf operation was successful
+ return opResult == 0 ? NC_SUCCESS : E_OPERATION_FAILED;
}
@@ -224,6 +229,7 @@ static inline void _expandKeysFromHkdf(const struct message_key* hkdf, struct nc
uint8_t* hkdfBytes;
DEBUG_ASSERT2(hkdf != NULL, "Expected valid hkdf")
+ DEBUG_ASSERT2(keys != NULL, "Expected valid key expand structure")
hkdfBytes = (uint8_t*)hkdf;
@@ -233,16 +239,20 @@ static inline void _expandKeysFromHkdf(const struct message_key* hkdf, struct nc
hkdfBytes,
CHACHA_KEY_SIZE
);
+
+ hkdfBytes += CHACHA_KEY_SIZE; //Offset by key size
MEMMOV(
keys->chacha_nonce,
- (hkdfBytes + CHACHA_KEY_SIZE),
+ hkdfBytes,
CHACHA_NONCE_SIZE
);
+ hkdfBytes += CHACHA_NONCE_SIZE; //Offset by nonce size
+
MEMMOV(
keys->hamc_key,
- (hkdfBytes + CHACHA_KEY_SIZE + CHACHA_NONCE_SIZE),
+ hkdfBytes,
HMAC_KEY_SIZE
);
}
@@ -254,7 +264,6 @@ static int _chachaEncipher(const struct nc_expand_keys* keys, NCCryptoData* args
DEBUG_ASSERT2(keys != NULL, "Expected valid keys")
DEBUG_ASSERT2(args != NULL, "Expected valid encryption args")
- DEBUG_ASSERT2(sizeof(keys->chacha_nonce) == 12, "Chacha nonce must be 12 exactly bytes in length")
//Init the chacha context
mbedtls_chacha20_init(&chachaCtx);
@@ -284,21 +293,24 @@ static inline NCResult _getMessageKey(
struct message_key* messageKey
)
{
+ int result;
DEBUG_ASSERT2(mdInfo != NULL, "Expected valid md context")
DEBUG_ASSERT2(nonce != NULL, "Expected valid nonce buffer")
DEBUG_ASSERT2(converstationKey != NULL, "Expected valid conversation key")
DEBUG_ASSERT2(messageKey != NULL, "Expected valid message key buffer")
//Another HKDF to derive the message key with nonce
- return (NCResult)mbedtls_hkdf_expand(
+ result = mbedtls_hkdf_expand(
mdInfo,
(uint8_t*)converstationKey, //Conversation key is the input key
NC_CONV_KEY_SIZE,
nonce,
nonceSize,
- (uint8_t*)messageKey, //Output produces a message key
+ (uint8_t*)messageKey, //Output produces a message key (write it directly to struct memory)
NC_MESSAGE_KEY_SIZE
);
+
+ return result == 0 ? NC_SUCCESS : E_OPERATION_FAILED;
}
static inline NCResult _encryptEx(
@@ -564,7 +576,7 @@ NC_EXPORT NCResult NC_CC NCSignData(
uint8_t digest[32];
CHECK_NULL_ARG(data, 2)
- //CHECK_ARG_RANGE(dataSize, 1, UINT32_MAX, 3)
+ CHECK_ARG_RANGE(dataSize, 1, UINT32_MAX, 3)
//Compute sha256 of the data before signing
if(_computeSha256Digest(data, dataSize, digest) != 0)
@@ -620,7 +632,7 @@ NC_EXPORT NCResult NC_CC NCVerifyData(
uint8_t digest[32];
CHECK_NULL_ARG(data, 2)
- //CHECK_ARG_RANGE(dataSize, 1, UINT32_MAX, 3)
+ CHECK_ARG_RANGE(dataSize, 1, UINT32_MAX, 3)
//Compute sha256 of the data before verifying
if (_computeSha256Digest(data, dataSize, digest) != 0)
diff --git a/src/noscrypt.h b/src/noscrypt.h
index 8a43743..2a2d051 100644
--- a/src/noscrypt.h
+++ b/src/noscrypt.h
@@ -121,6 +121,7 @@ static const uint8_t Nip44ConstantSalt[8] = { 0x6e, 0x69, 0x70, 0x34, 0x34, 0x2d
#define E_INVALID_ARG -2
#define E_INVALID_CONTEXT -3
#define E_ARGUMENT_OUT_OF_RANGE -4
+#define E_OPERATION_FAILED -5
/*
* Validation macros