aboutsummaryrefslogtreecommitdiff
path: root/src/noscrypt.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/noscrypt.c')
-rw-r--r--src/noscrypt.c328
1 files changed, 268 insertions, 60 deletions
diff --git a/src/noscrypt.c b/src/noscrypt.c
index f1aabd4..deadca6 100644
--- a/src/noscrypt.c
+++ b/src/noscrypt.c
@@ -32,10 +32,6 @@
*/
#define ZERO_FILL(x, size) ncCryptoSecureZero(x, size)
-/* Include string for memmove */
-#include <string.h>
-#define MEMMOV(dst, src, size) memmove(dst, src, size)
-
/*
* Validation macros
*/
@@ -44,7 +40,6 @@
#define CHECK_INVALID_ARG(x, argPos) if(x == NULL) return NCResultWithArgPosition(E_INVALID_ARG, argPos);
#define CHECK_NULL_ARG(x, argPos) if(x == NULL) return NCResultWithArgPosition(E_NULL_PTR, argPos);
#define CHECK_ARG_RANGE(x, min, max, argPos) if(x < min || x > max) return NCResultWithArgPosition(E_ARGUMENT_OUT_OF_RANGE, argPos);
- #define CHECK_CONTEXT_STATE(ctx, argPos) CHECK_INVALID_ARG(ctx->secpCtx, argPos)
#else
/* empty macros */
#define CHECK_INVALID_ARG(x)
@@ -52,6 +47,8 @@
#define CHECK_ARG_RANGE(x, min, max, argPos)
#endif /* !NC_DISABLE_INPUT_VALIDATION */
+#define CHECK_CONTEXT_STATE(ctx, argPos) CHECK_INVALID_ARG(ctx->secpCtx, argPos)
+
/*
* Actual, private defintion of the NCContext structure
* to allow for future development and ABI backords
@@ -247,7 +244,9 @@ static _nc_fn_inline NCResult _computeConversationKey(
ncSpanInitC(&saltSpan, Nip44ConstantSalt, sizeof(Nip44ConstantSalt));
ncSpanInitC(&ikmSpan, sharedSecret->value, NC_SHARED_SEC_SIZE);
- return ncCryptoSha256HkdfExtract(&saltSpan, &ikmSpan, ck->value) == CSTATUS_OK ? NC_SUCCESS : E_OPERATION_FAILED;
+ return ncCryptoSha256HkdfExtract(saltSpan, ikmSpan, ck->value) == CSTATUS_OK
+ ? NC_SUCCESS
+ : E_OPERATION_FAILED;
}
@@ -275,14 +274,13 @@ static cstatus_t _chachaEncipher(const struct nc_expand_keys* keys, NCEncryption
static _nc_fn_inline cstatus_t _getMessageKey(
const struct conversation_key* converstationKey,
- const cspan_t* nonce,
+ cspan_t nonce,
struct message_key* messageKey
)
{
cspan_t prkSpan;
span_t okmSpan;
- DEBUG_ASSERT2(nonce != NULL, "Expected valid nonce buffer")
DEBUG_ASSERT2(converstationKey != NULL, "Expected valid conversation key")
DEBUG_ASSERT2(messageKey != NULL, "Expected valid message key buffer")
@@ -290,10 +288,10 @@ static _nc_fn_inline cstatus_t _getMessageKey(
ncSpanInit(&okmSpan, messageKey->value, sizeof(struct message_key)); /* Output produces a message key (write it directly to struct memory) */
/* Nonce is the info */
- return ncCryptoSha256HkdfExpand(&prkSpan, nonce, &okmSpan);
+ return ncCryptoSha256HkdfExpand(prkSpan, nonce, okmSpan);
}
-static _nc_fn_inline NCResult _encryptEx(
+static _nc_fn_inline NCResult _encryptNip44Ex(
const NCContext* ctx,
const struct conversation_key* ck,
uint8_t* hmacKey,
@@ -312,10 +310,10 @@ static _nc_fn_inline NCResult _encryptEx(
result = NC_SUCCESS;
- ncSpanInitC(&nonceSpan, args->nonce32, NC_ENCRYPTION_NONCE_SIZE);
+ ncSpanInitC(&nonceSpan, args->nonceData, NC_ENCRYPTION_NONCE_SIZE);
/* Message key will be derrived on every encryption call */
- if (_getMessageKey(ck, &nonceSpan, &messageKey) != CSTATUS_OK)
+ if (_getMessageKey(ck, nonceSpan, &messageKey) != CSTATUS_OK)
{
result = E_OPERATION_FAILED;
goto Cleanup;
@@ -339,7 +337,7 @@ Cleanup:
return result;
}
-static _nc_fn_inline NCResult _decryptEx(const NCContext* ctx, const struct conversation_key* ck, NCEncryptionArgs* args)
+static _nc_fn_inline NCResult _decryptNip44Ex(const NCContext* ctx, const struct conversation_key* ck, NCEncryptionArgs* args)
{
NCResult result;
cspan_t nonceSpan;
@@ -352,9 +350,9 @@ static _nc_fn_inline NCResult _decryptEx(const NCContext* ctx, const struct conv
result = NC_SUCCESS;
- ncSpanInitC(&nonceSpan, args->nonce32, NC_ENCRYPTION_NONCE_SIZE);
+ ncSpanInitC(&nonceSpan, args->nonceData, NC_ENCRYPTION_NONCE_SIZE);
- if (_getMessageKey(ck, &nonceSpan, &messageKey) != CSTATUS_OK)
+ if (_getMessageKey(ck, nonceSpan, &messageKey) != CSTATUS_OK)
{
result = E_OPERATION_FAILED;
goto Cleanup;
@@ -375,17 +373,16 @@ Cleanup:
return result;
}
-static _nc_fn_inline cstatus_t _computeHmac(const uint8_t key[NC_HMAC_KEY_SIZE], const cspan_t* payload, sha256_t hmacOut)
+static _nc_fn_inline cstatus_t _computeHmac(const uint8_t key[NC_HMAC_KEY_SIZE], cspan_t payload, sha256_t hmacOut)
{
cspan_t keySpan;
DEBUG_ASSERT2(key != NULL, "Expected valid hmac key")
- DEBUG_ASSERT2(payload != NULL, "Expected valid mac verification args")
DEBUG_ASSERT2(hmacOut != NULL, "Expected valid hmac output buffer")
ncSpanInitC(&keySpan, key, NC_HMAC_KEY_SIZE);
- return ncCryptoHmacSha256(&keySpan, payload, hmacOut);
+ return ncCryptoHmacSha256(keySpan, payload, hmacOut);
}
static NCResult _verifyMacEx(
@@ -411,7 +408,7 @@ static NCResult _verifyMacEx(
* Message key is again required for the hmac verification
*/
- if (_getMessageKey((struct conversation_key*)conversationKey, &nonceSpan, &messageKey) != CSTATUS_OK)
+ if (_getMessageKey((struct conversation_key*)conversationKey, nonceSpan, &messageKey) != CSTATUS_OK)
{
result = E_OPERATION_FAILED;
goto Cleanup;
@@ -423,7 +420,7 @@ static NCResult _verifyMacEx(
/*
* Compute the hmac of the data using the computed hmac key
*/
- if (_computeHmac(keys->hmac_key, &payloadSpan, hmacOut) != CSTATUS_OK)
+ if (_computeHmac(keys->hmac_key, payloadSpan, hmacOut) != CSTATUS_OK)
{
result = E_OPERATION_FAILED;
goto Cleanup;
@@ -442,6 +439,40 @@ Cleanup:
/*
* EXTERNAL API FUNCTIONS
*/
+
+
+NC_EXPORT NCResult NC_CC NCResultWithArgPosition(NCResult err, uint8_t argPosition)
+{
+ return -(((NCResult)argPosition << NC_ARG_POSITION_OFFSET) | -err);
+}
+
+NC_EXPORT int NC_CC NCParseErrorCode(NCResult result, uint8_t* argPositionOut)
+{
+ NCResult asPositive;
+ int code;
+
+ /* convert result to a positive value*/
+ asPositive = -result;
+
+ /* Get the error code from the lower 8 bits and the argument position from the upper 8 bits*/
+ code = -(asPositive & NC_ERROR_CODE_MASK);
+
+ /* Allow argument position assignment to be null */
+ if (argPositionOut)
+ {
+ *argPositionOut = (asPositive >> NC_ARG_POSITION_OFFSET) & 0xFF;
+ }
+
+ return code;
+}
+
+/* =============================
+*
+* Context functions
+*
+* =============================
+*/
+
NC_EXPORT uint32_t NC_CC NCGetContextStructSize(void)
{
return sizeof(NCContext);
@@ -499,7 +530,13 @@ NC_EXPORT NCResult NC_CC NCDestroyContext(NCContext* ctx)
return NC_SUCCESS;
}
-/* KEY Functions */
+/* =============================
+*
+* ECDSA functions
+*
+* =============================
+*/
+
NC_EXPORT NCResult NC_CC NCGetPublicKey(
const NCContext* ctx,
const NCSecretKey* sk,
@@ -615,7 +652,7 @@ NC_EXPORT NCResult NC_CC NCSignData(
ncSpanInitC(&dataSpan, data, dataSize);
/* Compute sha256 of the data before signing */
- if(ncCryptoDigestSha256(&dataSpan, digest) != CSTATUS_OK)
+ if(ncCryptoDigestSha256(dataSpan, digest) != CSTATUS_OK)
{
return E_INVALID_ARG;
}
@@ -646,7 +683,6 @@ NC_EXPORT NCResult NC_CC NCVerifyDigest(
return E_INVALID_ARG;
}
- /* Verify the signature */
result = secp256k1_schnorrsig_verify(ctx->secpCtx, sig64, digest32, 32, &xonly);
ZERO_FILL(&xonly, sizeof(xonly));
@@ -674,16 +710,20 @@ NC_EXPORT NCResult NC_CC NCVerifyData(
ncSpanInitC(&dataSpan, data, dataSize);
/* Compute sha256 of the data before verifying */
- if (ncCryptoDigestSha256(&dataSpan, digest) != CSTATUS_OK)
+ if (ncCryptoDigestSha256(dataSpan, digest) != CSTATUS_OK)
{
return E_INVALID_ARG;
}
- /* Verify the freshly computed digest */
return NCVerifyDigest(ctx, pk, digest, sig64);
}
-/* ECDH Functions */
+/* =============================
+*
+* ECDH functions
+*
+* =============================
+*/
NC_EXPORT NCResult NC_CC NCGetSharedSecret(
const NCContext* ctx,
@@ -765,11 +805,28 @@ NC_EXPORT NCResult NC_CC NCEncryptEx(
/* Validte ciphertext/plaintext */
CHECK_INVALID_ARG(args->inputData, 2)
CHECK_INVALID_ARG(args->outputData, 2)
- CHECK_INVALID_ARG(args->nonce32, 2)
- CHECK_INVALID_ARG(args->hmacKeyOut32, 2)
+ CHECK_INVALID_ARG(args->nonceData, 2)
+ CHECK_INVALID_ARG(args->keyData, 2)
CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 2)
- return _encryptEx(ctx, (struct conversation_key*)conversationKey, args->hmacKeyOut32, args);
+ switch (args->version)
+ {
+ /* TODO: Implement nip04 */
+ case NC_ENC_VERSION_NIP04:
+ return E_VERSION_NOT_SUPPORTED;
+
+ case NC_ENC_VERSION_NIP44:
+ return _encryptNip44Ex(
+ ctx,
+ (struct conversation_key*)conversationKey,
+ args->keyData,
+ args
+ );
+
+ default:
+ return E_VERSION_NOT_SUPPORTED;
+ }
+
}
NC_EXPORT NCResult NC_CC NCEncrypt(
@@ -792,34 +849,42 @@ NC_EXPORT NCResult NC_CC NCEncrypt(
/* Validate input/output data */
CHECK_INVALID_ARG(args->inputData, 3)
CHECK_INVALID_ARG(args->outputData, 3)
- CHECK_INVALID_ARG(args->nonce32, 3)
- CHECK_INVALID_ARG(args->hmacKeyOut32, 3)
- CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 3)
+ CHECK_INVALID_ARG(args->nonceData, 3)
+
+ result = E_OPERATION_FAILED;
switch(args->version)
{
case NC_ENC_VERSION_NIP44:
- break; /* Allow nip44 */
+ {
+ /* Mac key output is only needed for nip44 */
+ CHECK_INVALID_ARG(args->keyData, 3)
+ CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 3)
+
+ /* Compute the shared point */
+ if ((result = _computeSharedSecret(ctx, sk, pk, &sharedSecret)) != NC_SUCCESS)
+ {
+ goto Cleanup;
+ }
+
+ /* Compute the conversation key from secret and pubkic keys */
+ if ((result = _computeConversationKey(ctx, &sharedSecret, &conversationKey)) != NC_SUCCESS)
+ {
+ goto Cleanup;
+ }
+
+ result = _encryptNip44Ex(ctx, &conversationKey, args->keyData, args);
+ }
+
+ break;
/* At the moment nip04 compatability is not supported */
case NC_ENC_VERSION_NIP04:
default:
- return E_VERSION_NOT_SUPPORTED;
+ result = E_VERSION_NOT_SUPPORTED;
+ break;
}
- /* Compute the shared point */
- if ((result = _computeSharedSecret(ctx, sk, pk, &sharedSecret)) != NC_SUCCESS)
- {
- goto Cleanup;
- }
-
- /* Compute the conversation key from secret and pubkic keys */
- if ((result = _computeConversationKey(ctx, &sharedSecret, &conversationKey)) != NC_SUCCESS)
- {
- goto Cleanup;
- }
-
- result = _encryptEx(ctx, &conversationKey, args->hmacKeyOut32, args);
Cleanup:
/* Clean up sensitive data */
@@ -830,8 +895,8 @@ Cleanup:
}
NC_EXPORT NCResult NC_CC NCDecryptEx(
- const NCContext* ctx,
- const uint8_t conversationKey[NC_CONV_KEY_SIZE],
+ const NCContext* ctx,
+ const uint8_t conversationKey[NC_CONV_KEY_SIZE],
NCEncryptionArgs* args
)
{
@@ -843,10 +908,18 @@ NC_EXPORT NCResult NC_CC NCDecryptEx(
/* Validte ciphertext/plaintext */
CHECK_INVALID_ARG(args->inputData, 2)
CHECK_INVALID_ARG(args->outputData, 2)
- CHECK_INVALID_ARG(args->nonce32, 2)
+ CHECK_INVALID_ARG(args->nonceData, 2)
CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 2)
- return _decryptEx(ctx, (struct conversation_key*)conversationKey, args);
+ switch (args->version)
+ {
+ case NC_ENC_VERSION_NIP44:
+ return _decryptNip44Ex(ctx, (struct conversation_key*)conversationKey, args);
+
+ case NC_ENC_VERSION_NIP04:
+ default:
+ return E_VERSION_NOT_SUPPORTED;
+ }
}
NC_EXPORT NCResult NC_CC NCDecrypt(
@@ -869,20 +942,34 @@ NC_EXPORT NCResult NC_CC NCDecrypt(
/* Validte ciphertext/plaintext */
CHECK_INVALID_ARG(args->inputData, 3)
CHECK_INVALID_ARG(args->outputData, 3)
- CHECK_INVALID_ARG(args->nonce32, 3)
+ CHECK_INVALID_ARG(args->nonceData, 3)
CHECK_ARG_RANGE(args->dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 3)
- if ((result = _computeSharedSecret(ctx, sk, pk, &sharedSecret)) != NC_SUCCESS)
- {
- goto Cleanup;
- }
+ result = E_OPERATION_FAILED;
- if ((result = _computeConversationKey(ctx, &sharedSecret, &conversationKey)) != NC_SUCCESS)
+ switch (args->version)
{
- goto Cleanup;
+ case NC_ENC_VERSION_NIP44:
+ {
+ if ((result = _computeSharedSecret(ctx, sk, pk, &sharedSecret)) != NC_SUCCESS)
+ {
+ goto Cleanup;
+ }
+
+ if ((result = _computeConversationKey(ctx, &sharedSecret, &conversationKey)) != NC_SUCCESS)
+ {
+ goto Cleanup;
+ }
+
+ result = _decryptNip44Ex(ctx, &conversationKey, args);
}
+ break;
- result = _decryptEx(ctx, &conversationKey, args);
+ case NC_ENC_VERSION_NIP04:
+ default:
+ result = E_VERSION_NOT_SUPPORTED;
+ break;
+ }
Cleanup:
/* Clean up sensitive data */
@@ -914,7 +1001,7 @@ NC_EXPORT NCResult NCComputeMac(
/*
* Compute the hmac of the data using the supplied hmac key
*/
- return _computeHmac(hmacKey, &payloadSpan, hmacOut) == CSTATUS_OK ? NC_SUCCESS : E_OPERATION_FAILED;
+ return _computeHmac(hmacKey, payloadSpan, hmacOut) == CSTATUS_OK ? NC_SUCCESS : E_OPERATION_FAILED;
}
@@ -978,4 +1065,125 @@ Cleanup:
ZERO_FILL(&conversationKey, sizeof(conversationKey));
return result;
+}
+
+#define ENSURE_ENC_MODE(args, mode) if(args->version != mode) return E_VERSION_NOT_SUPPORTED;
+
+NC_EXPORT NCResult NCSetEncryptionPropertyEx(
+ NCEncryptionArgs* args,
+ uint32_t property,
+ uint8_t* value,
+ uint32_t valueLen
+)
+{
+
+ CHECK_NULL_ARG(args, 0)
+ CHECK_NULL_ARG(value, 2)
+
+ switch (property)
+ {
+ case NC_ENC_SET_VERSION:
+
+ /* Ensure version is proper length */
+ CHECK_ARG_RANGE(valueLen, sizeof(uint32_t), sizeof(uint32_t), 2)
+
+ args->version = *((uint32_t*)value);
+
+ return NC_SUCCESS;
+
+ case NC_ENC_SET_NIP04_IV:
+ /*
+ * The safest way to store the nip04 IV is in the nonce
+ * field. An IV is essentially a nonce. A secure random
+ * number used to encrypt the first block of a CBC chain.
+ */
+
+ CHECK_ARG_RANGE(valueLen, AES_IV_SIZE, UINT32_MAX, 3)
+
+ ENSURE_ENC_MODE(args, NC_ENC_VERSION_NIP04)
+
+ args->nonceData = value;
+
+ return NC_SUCCESS;
+
+
+ case NC_ENC_SET_NIP04_KEY:
+ /*
+ * The AES key is stored in the hmac key field, since
+ * it won't be used for the operating and should be the same size
+ * as the hmac key.
+ */
+
+ CHECK_ARG_RANGE(valueLen, AES_KEY_SIZE, UINT32_MAX, 3)
+
+ ENSURE_ENC_MODE(args, NC_ENC_VERSION_NIP04)
+
+ args->keyData = value;
+
+ return NC_SUCCESS;
+
+ case NC_ENC_SET_NIP44_NONCE:
+
+ /* Nonce buffer must be at least the size, max doesnt matter */
+ CHECK_ARG_RANGE(valueLen, NC_ENCRYPTION_NONCE_SIZE, UINT32_MAX, 3)
+
+ /* Nonce is only used in nip44 mode */
+ ENSURE_ENC_MODE(args, NC_ENC_VERSION_NIP44)
+
+ args->nonceData = value;
+
+ return NC_SUCCESS;
+
+ case NC_ENC_SET_NIP44_MAC_KEY:
+
+ /* The maximum size of the buffer doesn't matter as long as its larger than the key size */
+ CHECK_ARG_RANGE(valueLen, NC_HMAC_KEY_SIZE, UINT32_MAX, 3)
+
+ /* Mac key is only used in nip44 mode */
+ ENSURE_ENC_MODE(args, NC_ENC_VERSION_NIP44)
+
+ /*
+ * During encryption the key data buffer is used
+ * to write the hmac hey used for MAC computation
+ * operations.
+ */
+ args->keyData = value;
+
+ return NC_SUCCESS;
+ }
+
+ return E_INVALID_ARG;
+}
+
+NC_EXPORT NCResult NCSetEncryptionProperty(
+ NCEncryptionArgs* args,
+ uint32_t property,
+ uint32_t value
+)
+{
+ return NCSetEncryptionPropertyEx(
+ args,
+ property,
+ (uint8_t*)&value,
+ sizeof(uint32_t)
+ );
+}
+
+NC_EXPORT NCResult NCSetEncryptionData(
+ NCEncryptionArgs* args,
+ const uint8_t* input,
+ uint8_t* output,
+ uint32_t dataSize
+)
+{
+ CHECK_NULL_ARG(args, 0)
+ CHECK_NULL_ARG(input, 1)
+ CHECK_NULL_ARG(output, 2)
+ CHECK_ARG_RANGE(dataSize, NIP44_MIN_ENC_MESSAGE_SIZE, NIP44_MAX_ENC_MESSAGE_SIZE, 3)
+
+ args->inputData = input;
+ args->outputData = output;
+ args->dataSize = dataSize;
+
+ return NC_SUCCESS;
} \ No newline at end of file