From 12feb33dba2061415d6f39fa59dec16fafcda2a0 Mon Sep 17 00:00:00 2001 From: vnugent Date: Sun, 21 Jul 2024 17:51:04 -0400 Subject: Push latest changes, patches, and internal upgrades --- src/providers/mbedtls.c | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) (limited to 'src/providers/mbedtls.c') diff --git a/src/providers/mbedtls.c b/src/providers/mbedtls.c index df5201f..8479380 100644 --- a/src/providers/mbedtls.c +++ b/src/providers/mbedtls.c @@ -95,13 +95,13 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void) #define _IMPL_CRYPTO_SHA256_DIGEST _mbed_sha256_digest - _IMPLSTB cstatus_t _mbed_sha256_digest(const cspan_t* data, sha256_t digestOut32) + _IMPLSTB cstatus_t _mbed_sha256_digest(cspan_t data, sha256_t digestOut32) { - _overflow_check(data->size) + _overflow_check(data.size) return mbedtls_sha256( - data->data, - data->size, + data.data, + data.size, digestOut32, 0 /* Set 0 for sha256 mode */ ) == 0 ? CSTATUS_OK : CSTATUS_FAIL; @@ -114,19 +114,19 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void) #define _IMPL_CRYPTO_SHA256_HMAC _mbed_sha256_hmac - _IMPLSTB cstatus_t _mbed_sha256_hmac(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32) + _IMPLSTB cstatus_t _mbed_sha256_hmac(cspan_t key, cspan_t data, sha256_t hmacOut32) { - _overflow_check(data->size) + _overflow_check(data.size) /* Keys should never be large enough for this to matter, but sanity check. */ - DEBUG_ASSERT2(key->size < SIZE_MAX, "Expected key size to be less than SIZE_MAX") + DEBUG_ASSERT2(key.size < SIZE_MAX, "Expected key size to be less than SIZE_MAX") return mbedtls_md_hmac( _mbed_sha256_alg(), - key->data, - key->size, - data->data, - data->size, + key.data, + key.size, + data.data, + data.size, hmacOut32 ) == 0 ? CSTATUS_OK : CSTATUS_FAIL; } @@ -137,21 +137,21 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void) #define _IMPL_CRYPTO_SHA256_HKDF_EXPAND _mbed_sha256_hkdf_expand - _IMPLSTB cstatus_t _mbed_sha256_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm) + _IMPLSTB cstatus_t _mbed_sha256_hkdf_expand(cspan_t prk, cspan_t info, span_t okm) { /* These sizes should never be large enough to overflow on <64bit platforms, but sanity check */ - DEBUG_ASSERT(okm->size < SIZE_MAX) - DEBUG_ASSERT(prk->size < SIZE_MAX) - DEBUG_ASSERT(info->size < SIZE_MAX) + DEBUG_ASSERT(okm.size < SIZE_MAX) + DEBUG_ASSERT(prk.size < SIZE_MAX) + DEBUG_ASSERT(info.size < SIZE_MAX) return mbedtls_hkdf_expand( _mbed_sha256_alg(), - prk->data, - prk->size, - info->data, - info->size, - okm->data, - okm->size + prk.data, + prk.size, + info.data, + info.size, + okm.data, + okm.size ) == 0 ? CSTATUS_OK : CSTATUS_FAIL; } -- cgit From e949ae5aa1fd25d4d11fe31e30b7d82ae7778dc2 Mon Sep 17 00:00:00 2001 From: vnugent Date: Mon, 5 Aug 2024 18:01:03 -0400 Subject: fix: Find and fix openssl encryption bug --- src/providers/bcrypt.c | 2 +- src/providers/mbedtls.c | 2 +- src/providers/monocypher.c | 2 +- src/providers/openssl.c | 21 ++++++++++++++++++--- 4 files changed, 21 insertions(+), 6 deletions(-) (limited to 'src/providers/mbedtls.c') diff --git a/src/providers/bcrypt.c b/src/providers/bcrypt.c index 2b9ba52..b9c370b 100644 --- a/src/providers/bcrypt.c +++ b/src/providers/bcrypt.c @@ -2,7 +2,7 @@ * Copyright (c) 2024 Vaughn Nugent * * Package: noscrypt -* File: impl/bcrypt.c +* File: providers/bcrypt.c * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License diff --git a/src/providers/mbedtls.c b/src/providers/mbedtls.c index 8479380..ead3279 100644 --- a/src/providers/mbedtls.c +++ b/src/providers/mbedtls.c @@ -2,7 +2,7 @@ * Copyright (c) 2024 Vaughn Nugent * * Package: noscrypt -* File: mbedtls.c +* File: providers/mbedtls.c * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License diff --git a/src/providers/monocypher.c b/src/providers/monocypher.c index 8ffe048..c35f63e 100644 --- a/src/providers/monocypher.c +++ b/src/providers/monocypher.c @@ -2,7 +2,7 @@ * Copyright (c) 2024 Vaughn Nugent * * Package: noscrypt -* File: impl/monocypher.c +* File: providers/monocypher.c * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License diff --git a/src/providers/openssl.c b/src/providers/openssl.c index 7f405ef..90f2fa9 100644 --- a/src/providers/openssl.c +++ b/src/providers/openssl.c @@ -2,7 +2,7 @@ * Copyright (c) 2024 Vaughn Nugent * * Package: noscrypt -* File: impl/openssl.c +* File: providers/openssl.c * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License @@ -290,7 +290,10 @@ DEBUG_ASSERT2(ncSpanGetSize(output) <= ncSpanGetSizeC(input), "Output buffer must be equal or larger than the input buffer"); DEBUG_ASSERT(cipher != NULL); - result = CSTATUS_FAIL; + DEBUG_ASSERT((uint32_t)EVP_CIPHER_get_key_length(cipher) == ncSpanGetSizeC(key)); + DEBUG_ASSERT((uint32_t)EVP_CIPHER_iv_length(cipher) == ncSpanGetSizeC(iv)); + + result = CSTATUS_FAIL; ctx = EVP_CIPHER_CTX_new(); @@ -356,13 +359,25 @@ { cstatus_t result; EVP_CIPHER* cipher; + uint8_t chaChaIv[CHACHA_NONCE_SIZE + 4]; cspan_t keySpan, nonceSpan, inputSpan; span_t outputSpan; result = CSTATUS_FAIL; + /* + * RFC 7539 ChaCha20 requires a 16 byte initialization vector. A + * counter value is preprended to the nonce to make up the 16 byte + * size. + * + * The counter is always set to 0 for the nonce. + */ + + ncCryptoSecureZero(chaChaIv, sizeof(chaChaIv)); + MEMMOV(chaChaIv + 4, nonce, CHACHA_NONCE_SIZE); + ncSpanInitC(&keySpan, key, CHACHA_KEY_SIZE); - ncSpanInitC(&nonceSpan, nonce, CHACHA_NONCE_SIZE); + ncSpanInitC(&nonceSpan, chaChaIv, sizeof(chaChaIv)); ncSpanInitC(&inputSpan, input, dataLen); ncSpanInit(&outputSpan, output, dataLen); -- cgit