aboutsummaryrefslogtreecommitdiff
path: root/src/nc-crypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/nc-crypto.c')
-rw-r--r--src/nc-crypto.c83
1 files changed, 62 insertions, 21 deletions
diff --git a/src/nc-crypto.c b/src/nc-crypto.c
index 97b59cb..56bdf75 100644
--- a/src/nc-crypto.c
+++ b/src/nc-crypto.c
@@ -41,6 +41,7 @@
* _IMPL_CRYPTO_SHA256_DIGEST standard sha256 digest function
* _IMPL_CRYPTO_SHA256_HKDF_EXPAND hkdf expand function
* _IMPL_CRYPTO_SHA256_HKDF_EXTRACT hkdf extract function
+* _IMPL_AES256_CBC_CRYPT performs an AES 256 CBC encryption/decryption
*
* Macros are used to allow the preprocessor to select the correct implementation
* or raise errors if no implementation is defined.
@@ -49,6 +50,26 @@
* calling function, and should return CSTATUS_OK on success, CSTATUS_FAIL on failure.
*/
+#define UNREFPARAM(x) (void)(x)
+
+_IMPLSTB cstatus_t _dummyAesFunc(
+ const uint8_t key[32],
+ const uint8_t iv[16],
+ const uint8_t* input,
+ uint8_t* output,
+ uint32_t dataSize
+)
+{
+ UNREFPARAM(key);
+ UNREFPARAM(iv);
+ UNREFPARAM(input);
+ UNREFPARAM(output);
+ UNREFPARAM(dataSize);
+
+ return CSTATUS_FAIL;
+}
+
+#define _IMPL_AES256_CBC_CRYPT _dummyAesFunc
/*
* Prioritize embedded builds with mbedtls
@@ -113,7 +134,7 @@
#define _IMPL_CRYPTO_SHA256_HKDF_EXTRACT _fallbackHkdfExtract
- _IMPLSTB cstatus_t _fallbackHkdfExtract(const cspan_t* salt, const cspan_t* ikm, sha256_t prk)
+ _IMPLSTB cstatus_t _fallbackHkdfExtract(cspan_t salt, cspan_t ikm, sha256_t prk)
{
return _IMPL_CRYPTO_SHA256_HMAC(salt, ikm, prk);
}
@@ -196,11 +217,11 @@ uint32_t ncCryptoFixedTimeComp(const uint8_t* a, const uint8_t* b, uint32_t size
return _IMPL_CRYPTO_FIXED_TIME_COMPARE(a, b, size);
}
-cstatus_t ncCryptoDigestSha256(const cspan_t* data, sha256_t digestOut32)
+cstatus_t ncCryptoDigestSha256(cspan_t data, sha256_t digestOut32)
{
/* Debug arg validate */
- DEBUG_ASSERT2(data != NULL && data->data != NULL, "Expected data to be non-null")
- DEBUG_ASSERT2(digestOut32 != NULL, "Expected digestOut32 to be non-null")
+ DEBUG_ASSERT2(ncSpanIsValidC(data), "Expected data to be non-null")
+ DEBUG_ASSERT2(digestOut32 != NULL, "Expected digestOut32 to be non-null")
#ifndef _IMPL_CRYPTO_SHA256_DIGEST
#error "No SHA256 implementation defined"
@@ -209,12 +230,12 @@ cstatus_t ncCryptoDigestSha256(const cspan_t* data, sha256_t digestOut32)
return _IMPL_CRYPTO_SHA256_DIGEST(data, digestOut32);
}
-cstatus_t ncCryptoHmacSha256(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32)
+cstatus_t ncCryptoHmacSha256(cspan_t key, cspan_t data, sha256_t hmacOut32)
{
/* Debug arg validate */
- DEBUG_ASSERT2(key != NULL && key->data != NULL, "Expected key to be non-null")
- DEBUG_ASSERT2(data != NULL && data->data != NULL, "Expected data to be non-null")
- DEBUG_ASSERT2(hmacOut32 != NULL && data->data != NULL, "Expected hmacOut32 to be non-null")
+ DEBUG_ASSERT2(ncSpanIsValidC(key), "Expected key to be non-null")
+ DEBUG_ASSERT2(ncSpanIsValidC(data), "Expected data to be non-null")
+ DEBUG_ASSERT2(hmacOut32 != NULL, "Expected hmacOut32 to be non-null")
#ifndef _IMPL_CRYPTO_SHA256_HMAC
#error "No SHA256 HMAC implementation defined"
@@ -223,12 +244,12 @@ cstatus_t ncCryptoHmacSha256(const cspan_t* key, const cspan_t* data, sha256_t h
return _IMPL_CRYPTO_SHA256_HMAC(key, data, hmacOut32);
}
-cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span_t* okm)
+cstatus_t ncCryptoSha256HkdfExpand(cspan_t prk, cspan_t info, span_t okm)
{
/* Debug arg validate */
- DEBUG_ASSERT2(prk != NULL && prk->data != NULL, "Expected prk to be non-null")
- DEBUG_ASSERT2(info != NULL && info->data != NULL, "Expected info to be non-null")
- DEBUG_ASSERT2(okm != NULL && okm->data != NULL, "Expected okm to be non-null")
+ DEBUG_ASSERT2(ncSpanIsValidC(prk), "Expected prk to be non-null")
+ DEBUG_ASSERT2(ncSpanIsValidC(info), "Expected info to be non-null")
+ DEBUG_ASSERT2(ncSpanIsValid(okm), "Expected okm to be non-null")
/*
* RFC 5869: 2.3
@@ -237,7 +258,7 @@ cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span
* important as the counter is 1 byte, so it cannot overflow
*/
- if(okm->size > (uint32_t)(0xFFu * SHA256_DIGEST_SIZE))
+ if(okm.size > (uint32_t)(0xFFu * SHA256_DIGEST_SIZE))
{
return CSTATUS_FAIL;
}
@@ -249,12 +270,12 @@ cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span
return _IMPL_CRYPTO_SHA256_HKDF_EXPAND(prk, info, okm);
}
-cstatus_t ncCryptoSha256HkdfExtract(const cspan_t* salt, const cspan_t* ikm, sha256_t prk)
+cstatus_t ncCryptoSha256HkdfExtract(cspan_t salt, cspan_t ikm, sha256_t prk)
{
/* Debug arg validate */
- DEBUG_ASSERT2(salt != NULL, "Expected salt to be non-null")
- DEBUG_ASSERT2(ikm != NULL, "Expected ikm to be non-null")
- DEBUG_ASSERT2(prk != NULL, "Expected prk to be non-null")
+ DEBUG_ASSERT2(ncSpanIsValidC(salt), "Expected salt to be non-null")
+ DEBUG_ASSERT2(ncSpanIsValidC(ikm), "Expected ikm to be non-null")
+ DEBUG_ASSERT2(prk != NULL, "Expected prk to be non-null")
#ifndef _IMPL_CRYPTO_SHA256_HKDF_EXTRACT
#error "No SHA256 HKDF extract implementation defined"
@@ -271,10 +292,10 @@ cstatus_t ncCryptoChacha20(
uint32_t dataSize
)
{
- DEBUG_ASSERT2(key != NULL, "Expected key to be non-null")
- DEBUG_ASSERT2(nonce != NULL, "Expected nonce to be non-null")
- DEBUG_ASSERT2(input != NULL, "Expected input to be non-null")
- DEBUG_ASSERT2(output != NULL, "Expected output to be non-null")
+ DEBUG_ASSERT2(key != NULL, "Expected key to be non-null");
+ DEBUG_ASSERT2(nonce != NULL, "Expected nonce to be non-null");
+ DEBUG_ASSERT2(input != NULL, "Expected input to be non-null");
+ DEBUG_ASSERT2(output != NULL, "Expected output to be non-null");
#ifndef _IMPL_CHACHA20_CRYPT
#error "No chacha20 implementation defined"
@@ -282,3 +303,23 @@ cstatus_t ncCryptoChacha20(
return _IMPL_CHACHA20_CRYPT(key, nonce, input, output, dataSize);
}
+
+cstatus_t ncAes256CBCEncrypt(
+ const uint8_t key[32],
+ const uint8_t iv[16],
+ const uint8_t* input,
+ uint8_t* output,
+ uint32_t dataSize
+)
+{
+ DEBUG_ASSERT2(key != NULL, "Expected key to be non-null")
+ DEBUG_ASSERT2(iv != NULL, "Expected iv to be non-null")
+ DEBUG_ASSERT2(input != NULL, "Expected input to be non-null")
+ DEBUG_ASSERT2(output != NULL, "Expected output to be non-null")
+
+#ifndef _IMPL_AES256_CBC_CRYPT
+ #error "No AES256 CBC encrypt implementation defined"
+#endif /* !_IMPL_AES256_CBC_CRYPT */
+
+ return _IMPL_AES256_CBC_CRYPT(key, iv, input, output, dataSize);
+} \ No newline at end of file