aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLibravatar vnugent <public@vaughnnugent.com>2024-04-03 18:26:11 -0400
committerLibravatar vnugent <public@vaughnnugent.com>2024-04-03 18:26:11 -0400
commit7485aa5a43476c47d54ec51fb96751a14e0ed629 (patch)
tree9ae8f27b5e0ed25eb9891877fda123b9027e843f /src
parent5184d7db93131056215b9263740f4806495f148c (diff)
Squashed commit of the following:
commit d3328f4152b22b28f24c43dda62464287f1efff5 Author: vnugent <public@vaughnnugent.com> Date: Wed Apr 3 18:22:56 2024 -0400 build: Included dependency and versions in client builds commit b11bc0bac955fd5c6db65f0da48456bf5e748805 Author: vnugent <public@vaughnnugent.com> Date: Wed Apr 3 18:10:08 2024 -0400 fix: Fix c89 compatabilty comments and struct assignment commit 9915bd41799a72413e6b400e150aa9f5fa797e25 Merge: 8e3d6ea 5184d7d Author: vnugent <public@vaughnnugent.com> Date: Sat Mar 30 09:57:30 2024 -0400 Merge branch 'master' into develop commit 8e3d6ea5e3c83fe42cb904b6ccc4fe2b73f76aae Author: vnugent <public@vaughnnugent.com> Date: Sat Mar 30 09:52:55 2024 -0400 refactor!: Some api (struct) changes and updated tests commit e88e8420520204e20802516f01d4488bb0b1d6ea Merge: 490dfee 21f6c0a Author: vnugent <public@vaughnnugent.com> Date: Sun Mar 3 15:02:34 2024 -0500 Merge branch 'master' into develop commit 490dfee4ef22479009627435c6ad728c3cbbab54 Author: vnugent <public@vaughnnugent.com> Date: Sun Mar 3 14:59:25 2024 -0500 test: #3 tests for encryption/description and Macs commit efa97490b7ed47f4e2f05bee52e2b33e14e439e6 Merge: 1b84e3c 120022a Author: vnugent <public@vaughnnugent.com> Date: Sun Mar 3 14:55:48 2024 -0500 merge master commit 1b84e3c7c2e55b1ff9ffdd09b66873e11c131441 Author: vnugent <public@vaughnnugent.com> Date: Sat Mar 2 22:57:36 2024 -0500 fix: #2 constent usage of sizeof() operator on struct types commit 9de5a214c66adea0ef2d0bac63c59449de202a88 Author: vnugent <public@vaughnnugent.com> Date: Fri Mar 1 14:30:36 2024 -0500 perf: avoid nc_key struct copy, cast and verify instead commit b917b761120ed684af28d0707673ffadcf14b8fe Author: vnugent <public@vaughnnugent.com> Date: Mon Feb 12 22:06:50 2024 -0500 fix: found the constant time memcompare function commit 9f85fff3b9f25da7410569ea94f994b88feb3910 Author: vnugent <public@vaughnnugent.com> Date: Fri Feb 9 22:48:35 2024 -0500 feat: added/update MAC functions to sign or verify nip44 payload commit aa5113741bb419b02d6ea416bba571fa3d65db46 Author: vnugent <public@vaughnnugent.com> Date: Wed Feb 7 01:37:53 2024 -0500 add missing hmac-key output buffer commit 55f47d22cc9ce4d1e22b70814d608c7ef3b1bbc9 Author: vnugent <public@vaughnnugent.com> Date: Sun Feb 4 21:08:13 2024 -0500 simple bug fixes, and public api argument validation tests commit 73c5a713fb164ae8b4ac8a891a8020e08eae0a3b Author: vnugent <public@vaughnnugent.com> Date: Fri Feb 2 23:05:48 2024 -0500 update api to return secpvalidate return code instead of internal return codes commit 06c73004e1a39a7ea4ea3a89c22dee0f66adb236 Author: vnugent <public@vaughnnugent.com> Date: Fri Feb 2 19:25:17 2024 -0500 change to lgpl license commit 6e79fdb3b6b6739fc7797d47e55a7691306cf736 Author: vnugent <public@vaughnnugent.com> Date: Wed Jan 31 21:30:49 2024 -0500 move validation macros, and optionally disable them commit ac1e58837f1ba687939f78b5c03cadd346c10ddd Author: vnugent <public@vaughnnugent.com> Date: Tue Jan 30 12:25:05 2024 -0500 couple more tests, renable range checks, set flags for all projects
Diffstat (limited to 'src')
-rw-r--r--src/noscrypt.c171
-rw-r--r--src/noscrypt.h22
2 files changed, 98 insertions, 95 deletions
diff --git a/src/noscrypt.c b/src/noscrypt.c
index d63fe53..8aeeefe 100644
--- a/src/noscrypt.c
+++ b/src/noscrypt.c
@@ -23,7 +23,7 @@
#include <secp256k1_ecdh.h>
#include <secp256k1_schnorrsig.h>
-//Setup mbedtls
+/* Setup mbedtls */
#include <mbedtls/platform_util.h>
#include <mbedtls/md.h>
#include <mbedtls/hkdf.h>
@@ -35,22 +35,22 @@
/* Non win platforms may need an inline override */
#if !defined(_NC_IS_WINDOWS) && !defined(inline)
#define inline __inline__
-#endif // !IS_WINDOWS
+#endif /* !IS_WINDOWS */
-//NULL
+/* NULL */
#ifndef NULL
#define NULL ((void*)0)
-#endif // !NULL
+#endif /* !NULL */
-#define CHACHA_NONCE_SIZE 12 //Size of 12 is set by the cipher spec
-#define CHACHA_KEY_SIZE 32 //Size of 32 is set by the cipher spec
+#define CHACHA_NONCE_SIZE 12 /* Size of 12 is set by the cipher spec */
+#define CHACHA_KEY_SIZE 32 /* Size of 32 is set by the cipher spec */
/*
* Local macro for secure zero buffer fill
*/
#define ZERO_FILL(x, size) mbedtls_platform_zeroize(x, size)
-//Include string for memmove
+/* Include string for memmove */
#include <string.h>
#define MEMMOV(dst, src, size) memmove(dst, src, size)
@@ -63,11 +63,11 @@
#define CHECK_NULL_ARG(x, argPos) if(x == NULL) return NCResultWithArgPosition(E_NULL_PTR, argPos);
#define CHECK_ARG_RANGE(x, min, max, argPos) if(x < min || x > max) return NCResultWithArgPosition(E_ARGUMENT_OUT_OF_RANGE, argPos);
#else
- //empty macros
+ /* empty macros */
#define CHECK_INVALID_ARG(x)
#define CHECK_NULL_ARG(x, argPos)
#define CHECK_ARG_RANGE(x, min, max, argPos)
-#endif // !NC_DISABLE_INPUT_VALIDATION
+#endif /* !NC_DISABLE_INPUT_VALIDATION */
#ifdef DEBUG
@@ -88,7 +88,7 @@
*/
#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
#define STATIC_ASSERT(x, m) static_assert(x, m)
- #else
+ #elif !defined(STATIC_ASSERT)
#define STATIC_ASSERT(x, m)
#pragma message("Static assertions are not supported by this language version")
#endif
@@ -137,7 +137,7 @@ static inline int _convertToXonly(const NCContext* ctx, const NCPublicKey* compr
DEBUG_ASSERT2(compressedPubKey != NULL, "Expected a valid public 32byte key structure")
DEBUG_ASSERT2(xonly != NULL, "Expected valid X-only secp256k1 public key structure ")
- //Parse the public key into the x-only structure
+ /* Parse the public key into the x-only structure */
return secp256k1_xonly_pubkey_parse(ctx->secpCtx, xonly, compressedPubKey->key);
}
@@ -150,15 +150,15 @@ static int _convertToPubKey(const NCContext* ctx, const NCPublicKey* compressedP
DEBUG_ASSERT2(compressedPubKey != NULL, "Expected a valid public 32byte key structure")
DEBUG_ASSERT2(pubKey != NULL, "Expected valid secp256k1 public key structure")
- //Set the first byte to 0x02 to indicate a compressed public key
+ /* Set the first byte to 0x02 to indicate a compressed public key */
compressed[0] = BIP340_PUBKEY_HEADER_BYTE;
- //Copy the compressed public key data into a new buffer (offset by 1 to store the header byte)
+ /* Copy the compressed public key data into a new buffer (offset by 1 to store the header byte) */
MEMMOV((compressed + 1), compressedPubKey, sizeof(NCPublicKey));
result = secp256k1_ec_pubkey_parse(ctx->secpCtx, pubKey, compressed, sizeof(compressed));
- //zero everything
+ /* zero everything */
ZERO_FILL(compressed, sizeof(compressed));
return result;
@@ -191,16 +191,16 @@ static int _edhHashFuncInternal(
void* data
)
{
- ((void)y32); //unused for nostr
+ ((void)y32); /* unused for nostr */
((void)data);
DEBUG_ASSERT2(output != NULL, "Expected valid output buffer")
DEBUG_ASSERT2(x32 != NULL, "Expected a valid public 32byte x-coodinate buffer")
- //Copy the x coordinate of the shared point into the output buffer
+ /* Copy the x coordinate of the shared point into the output buffer */
MEMMOV(output, x32, 32);
- return 32; //Return the number of bytes written to the output buffer
+ return 32; /* Return the number of bytes written to the output buffer */
}
static NCResult _computeSharedSecret(
@@ -218,7 +218,7 @@ static NCResult _computeSharedSecret(
DEBUG_ASSERT(otherPk != NULL)
DEBUG_ASSERT(sharedPoint != NULL)
- //Recover pubkey from compressed public key data
+ /* Recover pubkey from compressed public key data */
if (_convertToPubKey(ctx, otherPk, &pubKey) != 1)
{
return E_INVALID_ARG;
@@ -240,17 +240,17 @@ static NCResult _computeSharedSecret(
NULL
);
- //Clean up sensitive data
+ /* Clean up sensitive data */
ZERO_FILL(&pubKey, sizeof(pubKey));
- //Result should be 1 on success
+ /* Result should be 1 on success */
return result > 0 ? NC_SUCCESS : E_OPERATION_FAILED;
}
static inline const mbedtls_md_info_t* _getSha256MdInfo(void)
{
const mbedtls_md_info_t* info;
- //Get sha256 md info for hdkf operations
+ /* Get sha256 md info for hdkf operations */
info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256);
DEBUG_ASSERT2(info != NULL, "Expected SHA256 md info struct to be valid")
return info;
@@ -265,23 +265,23 @@ static inline NCResult _computeConversationKey(
)
{
int opResult;
- //Validate internal args
+ /* Validate internal args */
DEBUG_ASSERT2(ctx != NULL, "Expected valid context")
DEBUG_ASSERT2(sharedSecret != NULL, "Expected a valid shared-point")
DEBUG_ASSERT2(mdInfo != NULL, "Expected valid md context")
DEBUG_ASSERT2(ck != NULL, "Expected a valid conversation key")
- //Derive the encryption key
+ /* Derive the encryption key */
opResult = mbedtls_hkdf_extract(
mdInfo,
Nip44ConstantSalt,
sizeof(Nip44ConstantSalt),
- (uint8_t*)sharedSecret, //Shared secret is the input key
+ (uint8_t*)sharedSecret, /* Shared secret is the input key */
NC_SHARED_SEC_SIZE,
- (uint8_t*)ck //Output produces a conversation key
+ (uint8_t*)ck /* Output produces a conversation key */
);
- //Return success if the hkdf operation was successful
+ /* Return success if the hkdf operation was successful */
return opResult == 0 ? NC_SUCCESS : E_OPERATION_FAILED;
}
@@ -302,10 +302,10 @@ static int _chachaEncipher(const struct nc_expand_keys* keys, NCCryptoData* args
return mbedtls_chacha20_crypt(
keys->chacha_key,
keys->chacha_nonce,
- 0, //Counter (always starts at 0)
- args->dataSize, //Data size (input and output are assumed to be the same size)
- args->inputData, //Input data
- args->outputData //Output data
+ 0, /* Counter (always starts at 0) */
+ args->dataSize, /* Data size (input and output are assumed to be the same size) */
+ args->inputData, /* Input data */
+ args->outputData /* Output data */
);
}
@@ -323,14 +323,14 @@ static inline NCResult _getMessageKey(
DEBUG_ASSERT2(converstationKey != NULL, "Expected valid conversation key")
DEBUG_ASSERT2(messageKey != NULL, "Expected valid message key buffer")
- //Another HKDF to derive the message key with nonce
+ /* Another HKDF to derive the message key with nonce */
result = mbedtls_hkdf_expand(
mdInfo,
- (uint8_t*)converstationKey, //Conversation key is the input key
+ (uint8_t*)converstationKey, /* Conversation key is the input key */
NC_CONV_KEY_SIZE,
nonce,
nonceSize,
- (uint8_t*)messageKey, //Output produces a message key (write it directly to struct memory)
+ (uint8_t*)messageKey, /* Output produces a message key (write it directly to struct memory) */
NC_MESSAGE_KEY_SIZE
);
@@ -355,23 +355,23 @@ static inline NCResult _encryptEx(
DEBUG_ASSERT2(mdINfo != NULL, "Expected valid md info struct")
DEBUG_ASSERT2(hmacKey != NULL, "Expected valid hmac key buffer")
- //Failure, bail out
+ /* Failure, bail out */
if ((result = _getMessageKey(mdINfo, ck, args->nonce32, NC_ENCRYPTION_NONCE_SIZE, &messageKey)) != NC_SUCCESS)
{
goto Cleanup;
}
- //Expand the keys from the hkdf so we can use them in the cipher
+ /* Expand the keys from the hkdf so we can use them in the cipher */
expandedKeys = _expandKeysFromHkdf(&messageKey);
- //Copy the hmac key into the args
+ /* Copy the hmac key into the args */
MEMMOV(hmacKey, expandedKeys->hmac_key, NC_HMAC_KEY_SIZE);
- //CHACHA20 (the result will be 0 on success)
+ /* CHACHA20 (the result will be 0 on success) */
result = (NCResult)_chachaEncipher(expandedKeys, args);
Cleanup:
- //Clean up sensitive data
+ /* Clean up sensitive data */
ZERO_FILL(&messageKey, sizeof(messageKey));
return result;
@@ -393,20 +393,20 @@ static inline NCResult _decryptEx(
DEBUG_ASSERT2(args != NULL, "Expected valid encryption args")
DEBUG_ASSERT2(mdInfo != NULL, "Expected valid md info struct")
- //Failure to get message keys, bail out
+ /* Failure to get message keys, bail out */
if ((result = _getMessageKey(mdInfo, ck, args->nonce32, NC_ENCRYPTION_NONCE_SIZE, &messageKey)) != NC_SUCCESS)
{
goto Cleanup;
}
- //Expand the keys from the hkdf so we can use them in the cipher
+ /* Expand the keys from the hkdf so we can use them in the cipher */
cipherKeys = _expandKeysFromHkdf(&messageKey);
- //CHACHA20 (the result will be 0 on success)
+ /* CHACHA20 (the result will be 0 on success) */
result = (NCResult) _chachaEncipher(cipherKeys, args);
Cleanup:
- //Clean up sensitive data
+ /* Clean up sensitive data */
ZERO_FILL(&messageKey, sizeof(messageKey));
return result;
@@ -421,6 +421,7 @@ static inline int _computeHmac(
DEBUG_ASSERT2(key != NULL, "Expected valid hmac key")
DEBUG_ASSERT2(args != NULL, "Expected valid mac verification args")
DEBUG_ASSERT2(hmacOut != NULL, "Expected valid hmac output buffer")
+ DEBUG_ASSERT(args->payload != NULL)
return mbedtls_md_hmac(
_getSha256MdInfo(),
@@ -509,7 +510,7 @@ NC_EXPORT NCResult NC_CC NCInitContext(
ctx->secpCtx = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
- //Randomize once on init
+ /* Randomize once on init */
return secp256k1_context_randomize(ctx->secpCtx, entropy) ? NC_SUCCESS : E_INVALID_ARG;
}
@@ -522,7 +523,7 @@ NC_EXPORT NCResult NC_CC NCReInitContext(
CHECK_INVALID_ARG(ctx->secpCtx, 0)
CHECK_NULL_ARG(entropy, 1)
- //Only randomize again
+ /* Only randomize again */
return secp256k1_context_randomize(ctx->secpCtx, entropy) ? NC_SUCCESS : E_INVALID_ARG;
}
@@ -531,16 +532,16 @@ NC_EXPORT NCResult NC_CC NCDestroyContext(NCContext* ctx)
CHECK_NULL_ARG(ctx, 0);
CHECK_INVALID_ARG(ctx->secpCtx, 0);
- //Destroy secp256k1 context
+ /* Destroy secp256k1 context */
secp256k1_context_destroy(ctx->secpCtx);
- //Wipe the context
+ /* Wipe the context */
ZERO_FILL(ctx, sizeof(NCContext));
return NC_SUCCESS;
}
-//KEY Functions
+/* KEY Functions */
NC_EXPORT NCResult NC_CC NCGetPublicKey(
const NCContext* ctx,
const NCSecretKey* sk,
@@ -561,15 +562,15 @@ NC_EXPORT NCResult NC_CC NCGetPublicKey(
return E_INVALID_ARG;
}
- //Generate the x-only public key, docs say this should always return 1
+ /* Generate the x-only public key, docs say this should always return 1 */
result = secp256k1_keypair_xonly_pub(ctx->secpCtx, &xonly, NULL, &keyPair);
DEBUG_ASSERT2(result == 1, "Expected x-only kepair to ALWAYS return 1")
- //Convert to compressed pubkey
+ /* Convert to compressed pubkey */
result = _convertFromXonly(ctx, &xonly, pk);
DEBUG_ASSERT2(result == 1, "Expected x-only pubkey serialize to return 1")
- //Clean out keypair
+ /* Clean out keypair */
ZERO_FILL(&keyPair, sizeof(keyPair));
ZERO_FILL(&xonly, sizeof(xonly));
@@ -585,11 +586,11 @@ NC_EXPORT NCResult NC_CC NCValidateSecretKey(
CHECK_NULL_ARG(sk, 1)
CHECK_INVALID_ARG(ctx->secpCtx, 0)
- //Validate the secret key
+ /* Validate the secret key */
return secp256k1_ec_seckey_verify(ctx->secpCtx, sk->key);
}
-//Ecdsa Functions
+/* Ecdsa Functions */
NC_EXPORT NCResult NC_CC NCSignDigest(
const NCContext* ctx,
@@ -603,7 +604,7 @@ NC_EXPORT NCResult NC_CC NCSignDigest(
secp256k1_keypair keyPair;
secp256k1_xonly_pubkey xonly;
- //Validate arguments
+ /* Validate arguments */
CHECK_NULL_ARG(ctx, 0)
CHECK_INVALID_ARG(ctx->secpCtx, 0)
CHECK_NULL_ARG(sk, 1)
@@ -611,24 +612,24 @@ NC_EXPORT NCResult NC_CC NCSignDigest(
CHECK_NULL_ARG(digest32, 3)
CHECK_NULL_ARG(sig64, 4)
- //Generate the keypair
+ /* Generate the keypair */
if (secp256k1_keypair_create(ctx->secpCtx, &keyPair, sk->key) != 1)
{
return E_INVALID_ARG;
}
- //Sign the digest
+ /* Sign the digest */
result = secp256k1_schnorrsig_sign32(ctx->secpCtx, sig64, digest32, &keyPair, random32);
DEBUG_ASSERT2(result == 1, "Expected schnorr signature to return 1");
- //x-only public key from keypair so the signature can be verified
+ /* x-only public key from keypair so the signature can be verified */
result = secp256k1_keypair_xonly_pub(ctx->secpCtx, &xonly, NULL, &keyPair);
DEBUG_ASSERT2(result == 1, "Expected x-only public key to ALWAYS return 1");
- //Verify the signature is valid
+ /* Verify the signature is valid */
result = secp256k1_schnorrsig_verify(ctx->secpCtx, sig64, digest32, 32, &xonly);
- //cleanup any sensitive data
+ /* cleanup any sensitive data */
ZERO_FILL(&keyPair, sizeof(keyPair));
ZERO_FILL(&xonly, sizeof(xonly));
@@ -646,7 +647,7 @@ NC_EXPORT NCResult NC_CC NCSignData(
{
uint8_t digest[32];
- //Double check is required because arg position differs
+ /* Double check is required because arg position differs */
CHECK_NULL_ARG(ctx, 0)
CHECK_NULL_ARG(sk, 1)
CHECK_NULL_ARG(random32, 2)
@@ -654,13 +655,13 @@ NC_EXPORT NCResult NC_CC NCSignData(
CHECK_ARG_RANGE(dataSize, 1, UINT32_MAX, 4)
CHECK_NULL_ARG(sig64, 5)
- //Compute sha256 of the data before signing
+ /* Compute sha256 of the data before signing */
if(mbedtls_sha256(data, dataSize, digest, 0) != 0)
{
return E_INVALID_ARG;
}
- //Sign the freshly computed digest
+ /* Sign the freshly computed digest */
return NCSignDigest(ctx, sk, random32, digest, sig64);
}
@@ -680,16 +681,16 @@ NC_EXPORT NCResult NC_CC NCVerifyDigest(
CHECK_NULL_ARG(digest32, 2)
CHECK_NULL_ARG(sig64, 3)
- //recover the x-only key from a compressed public key
+ /* recover the x-only key from a compressed public key */
if(_convertToXonly(ctx, pk, &xonly) != 1)
{
return E_INVALID_ARG;
}
- //Verify the signature
+ /* Verify the signature */
result = secp256k1_schnorrsig_verify(ctx->secpCtx, sig64, digest32, 32, &xonly);
- //cleanup any sensitive data
+ /* cleanup any sensitive data */
ZERO_FILL(&xonly, sizeof(xonly));
return result == 1 ? NC_SUCCESS : E_INVALID_ARG;
@@ -711,17 +712,18 @@ NC_EXPORT NCResult NC_CC NCVerifyData(
CHECK_ARG_RANGE(dataSize, 1, UINT32_MAX, 3)
CHECK_NULL_ARG(sig64, 4)
- //Compute sha256 of the data before verifying
+ /* Compute sha256 of the data before verifying */
if (mbedtls_sha256(data, dataSize, digest, 0) != 0)
{
return E_INVALID_ARG;
}
- //Verify the freshly computed digest
+ /* Verify the freshly computed digest */
return NCVerifyDigest(ctx, pk, digest, sig64);
}
-//ECDH Functions
+/* ECDH Functions */
+
NC_EXPORT NCResult NC_CC NCGetSharedSecret(
const NCContext* ctx,
const NCSecretKey* sk,
@@ -754,7 +756,7 @@ NC_EXPORT NCResult NC_CC NCGetConversationKeyEx(
CHECK_NULL_ARG(sharedPoint, 1)
CHECK_NULL_ARG(conversationKey, 2)
- //Cast the shared point to the shared secret type
+ /* Cast the shared point to the shared secret type */
return _computeConversationKey(
ctx,
_getSha256MdInfo(),
@@ -779,7 +781,7 @@ NC_EXPORT NCResult NC_CC NCGetConversationKey(
CHECK_NULL_ARG(pk, 2)
CHECK_NULL_ARG(conversationKey, 3)
- //Compute the shared point
+ /* Compute the shared point */
if ((result = _computeSharedSecret(ctx, sk, pk, &sharedSecret)) != NC_SUCCESS)
{
goto Cleanup;
@@ -793,7 +795,7 @@ NC_EXPORT NCResult NC_CC NCGetConversationKey(
);
Cleanup:
- //Clean up sensitive data
+ /* Clean up sensitive data */
ZERO_FILL(&sharedSecret, sizeof(sharedSecret));
return result;
@@ -812,7 +814,7 @@ NC_EXPORT NCResult NC_CC NCEncryptEx(
CHECK_NULL_ARG(hmacKeyOut, 2)
CHECK_NULL_ARG(args, 3)
- //Validte ciphertext/plaintext
+ /* Validte ciphertext/plaintext */
CHECK_INVALID_ARG(args->inputData, 3)
CHECK_INVALID_ARG(args->outputData, 3)
CHECK_INVALID_ARG(args->nonce32, 3)
@@ -847,7 +849,7 @@ NC_EXPORT NCResult NC_CC NCEncrypt(
CHECK_NULL_ARG(hmacKeyOut, 3)
CHECK_NULL_ARG(args, 4)
- //Validate input/output data
+ /* Validate input/output data */
CHECK_INVALID_ARG(args->inputData, 4)
CHECK_INVALID_ARG(args->outputData, 4)
CHECK_INVALID_ARG(args->nonce32, 4)
@@ -855,13 +857,13 @@ NC_EXPORT NCResult NC_CC NCEncrypt(
mdInfo = _getSha256MdInfo();
- //Compute the shared point
+ /* Compute the shared point */
if ((result = _computeSharedSecret(ctx, sk, pk, &sharedSecret)) != NC_SUCCESS)
{
goto Cleanup;
}
- //Compute the conversation key from secret and pubkic keys
+ /* Compute the conversation key from secret and pubkic keys */
if ((result = _computeConversationKey(ctx, mdInfo, &sharedSecret, &conversationKey)) != NC_SUCCESS)
{
goto Cleanup;
@@ -870,7 +872,7 @@ NC_EXPORT NCResult NC_CC NCEncrypt(
result = _encryptEx(ctx, mdInfo, &conversationKey, hmacKeyOut, args);
Cleanup:
- //Clean up sensitive data
+ /* Clean up sensitive data */
ZERO_FILL(&sharedSecret, sizeof(sharedSecret));
ZERO_FILL(&conversationKey, sizeof(conversationKey));
@@ -888,7 +890,7 @@ NC_EXPORT NCResult NC_CC NCDecryptEx(
CHECK_NULL_ARG(conversationKey, 1)
CHECK_NULL_ARG(args, 2)
- //Validte ciphertext/plaintext
+ /* Validte ciphertext/plaintext */
CHECK_INVALID_ARG(args->inputData, 2)
CHECK_INVALID_ARG(args->outputData, 2)
CHECK_INVALID_ARG(args->nonce32, 2)
@@ -920,7 +922,7 @@ NC_EXPORT NCResult NC_CC NCDecrypt(
CHECK_NULL_ARG(pk, 2)
CHECK_NULL_ARG(args, 3)
- //Validte ciphertext/plaintext
+ /* Validte ciphertext/plaintext */
CHECK_INVALID_ARG(args->inputData, 3)
CHECK_INVALID_ARG(args->outputData, 3)
CHECK_INVALID_ARG(args->nonce32, 3)
@@ -941,7 +943,7 @@ NC_EXPORT NCResult NC_CC NCDecrypt(
result = _decryptEx(ctx, mdInfo, &conversationKey, args);
Cleanup:
- //Clean up sensitive data
+ /* Clean up sensitive data */
ZERO_FILL(&sharedSecret, sizeof(sharedSecret));
ZERO_FILL(&conversationKey, sizeof(conversationKey));
@@ -956,22 +958,23 @@ NC_EXPORT NCResult NCComputeMac(
uint8_t hmacOut[NC_ENCRYPTION_MAC_SIZE]
)
{
+ NCMacVerifyArgs args;
+
CHECK_NULL_ARG(ctx, 0)
CHECK_INVALID_ARG(ctx->secpCtx, 0)
CHECK_NULL_ARG(hmacKey, 1)
CHECK_NULL_ARG(payload, 2)
CHECK_ARG_RANGE(payloadSize, 1, UINT32_MAX, 3)
CHECK_NULL_ARG(hmacOut, 4)
+
+ /*Fill args with 0 before use because we are only using some of the properties*/
+ ZERO_FILL(&args, sizeof(args));
+ args.payload = payload;
+ args.payloadSize = payloadSize;
/*
* Compute the hmac of the data using the supplied hmac key
*/
-
- NCMacVerifyArgs args = {
- .payload = payload,
- .payloadSize = payloadSize
- };
-
return _computeHmac(hmacKey, &args, hmacOut) == 0 ? NC_SUCCESS : E_OPERATION_FAILED;
}
diff --git a/src/noscrypt.h b/src/noscrypt.h
index 0f9344a..6a40171 100644
--- a/src/noscrypt.h
+++ b/src/noscrypt.h
@@ -36,31 +36,31 @@
#define _NC_IS_WINDOWS
#endif
-//Set api export calling convention (allow used to override)
+/* Set api export calling convention (allow used to override) */
#ifndef NC_CC
#ifdef _NC_IS_WINDOWS
- //STD for importing to other languages such as .NET
+ /* STD for importing to other languages such as .NET */
#define NC_CC __stdcall
#else
#define NC_CC
#endif
-#endif // !NC_CC
+#endif /* !NC_CC */
-#ifndef NC_EXPORT //Allow users to disable the export/impoty macro if using source code directly
+#ifndef NC_EXPORT /* Allow users to disable the export/impoty macro if using source code directly */
#ifdef NOSCRYPT_EXPORTING
#ifdef _NC_IS_WINDOWS
#define NC_EXPORT __declspec(dllexport)
#else
#define NC_EXPORT __attribute__((visibility("default")))
- #endif // _NC_IS_WINDOWS
+ #endif /* _NC_IS_WINDOWS */
#else
#ifdef _NC_IS_WINDOWS
#define NC_EXPORT __declspec(dllimport)
#else
#define NC_EXPORT
- #endif // _NC_IS_WINDOWS
- #endif // !NOSCRYPT_EXPORTING
-#endif // !NC_EXPORT
+ #endif /* _NC_IS_WINDOWS */
+ #endif /* !NOSCRYPT_EXPORTING */
+#endif /* !NC_EXPORT */
/*
* CONSTANTS
@@ -225,10 +225,10 @@ that caused the error.
*/
NC_EXPORT void NC_CC NCParseErrorCode(NCResult result, int* code, uint8_t* argPosition)
{
- //convert result to a positive value
+ /* convert result to a positive value*/
NCResult asPositive = -result;
- //Get the error code from the lower 8 bits and the argument position from the upper 8 bits
+ /* Get the error code from the lower 8 bits and the argument position from the upper 8 bits*/
*code = -(asPositive & NC_ERROR_CODE_MASK);
*argPosition = (asPositive >> NC_ARG_POSITION_OFFSET) & 0xFF;
}
@@ -560,4 +560,4 @@ NC_EXPORT NCResult NCComputeMac(
uint8_t hmacOut[NC_ENCRYPTION_MAC_SIZE]
);
-#endif // !NOSCRYPT_H
+#endif /* !NOSCRYPT_H */