diff options
| author |  vnugent <public@vaughnnugent.com> | 2024-03-03 15:02:02 -0500 |
|---|---|---|
| committer | vnugent <public@vaughnnugent.com> | 2024-03-03 15:02:02 -0500 |
| commit | 21f6c0a9cdd5ed67e48bb1f39f72217b5fe4758f (patch) | |
| tree | b081f9ccae15037372bfd906767247bbd58c2907 /src/noscrypt.h | |
| parent | 120022aa349f5e4cac28da74d568373c49245884 (diff) | |
Squashed commit of the following:
commit 490dfee4ef22479009627435c6ad728c3cbbab54
Author: vnugent <public@vaughnnugent.com>
Date: Sun Mar 3 14:59:25 2024 -0500
test: #3 tests for encryption/description and Macs
commit efa97490b7ed47f4e2f05bee52e2b33e14e439e6
Merge: 1b84e3c 120022a
Author: vnugent <public@vaughnnugent.com>
Date: Sun Mar 3 14:55:48 2024 -0500
merge master
commit 1b84e3c7c2e55b1ff9ffdd09b66873e11c131441
Author: vnugent <public@vaughnnugent.com>
Date: Sat Mar 2 22:57:36 2024 -0500
fix: #2 constent usage of sizeof() operator on struct types
commit 9de5a214c66adea0ef2d0bac63c59449de202a88
Author: vnugent <public@vaughnnugent.com>
Date: Fri Mar 1 14:30:36 2024 -0500
perf: avoid nc_key struct copy, cast and verify instead
commit b917b761120ed684af28d0707673ffadcf14b8fe
Author: vnugent <public@vaughnnugent.com>
Date: Mon Feb 12 22:06:50 2024 -0500
fix: found the constant time memcompare function
commit 9f85fff3b9f25da7410569ea94f994b88feb3910
Author: vnugent <public@vaughnnugent.com>
Date: Fri Feb 9 22:48:35 2024 -0500
feat: added/update MAC functions to sign or verify nip44 payload
commit aa5113741bb419b02d6ea416bba571fa3d65db46
Author: vnugent <public@vaughnnugent.com>
Date: Wed Feb 7 01:37:53 2024 -0500
add missing hmac-key output buffer
commit 55f47d22cc9ce4d1e22b70814d608c7ef3b1bbc9
Author: vnugent <public@vaughnnugent.com>
Date: Sun Feb 4 21:08:13 2024 -0500
simple bug fixes, and public api argument validation tests
commit 73c5a713fb164ae8b4ac8a891a8020e08eae0a3b
Author: vnugent <public@vaughnnugent.com>
Date: Fri Feb 2 23:05:48 2024 -0500
update api to return secpvalidate return code instead of internal return codes
commit 06c73004e1a39a7ea4ea3a89c22dee0f66adb236
Author: vnugent <public@vaughnnugent.com>
Date: Fri Feb 2 19:25:17 2024 -0500
change to lgpl license
commit 6e79fdb3b6b6739fc7797d47e55a7691306cf736
Author: vnugent <public@vaughnnugent.com>
Date: Wed Jan 31 21:30:49 2024 -0500
move validation macros, and optionally disable them
commit ac1e58837f1ba687939f78b5c03cadd346c10ddd
Author: vnugent <public@vaughnnugent.com>
Date: Tue Jan 30 12:25:05 2024 -0500
couple more tests, renable range checks, set flags for all projects
Diffstat (limited to 'src/noscrypt.h')
| -rw-r--r-- | src/noscrypt.h | 86 |
1 files changed, 84 insertions, 2 deletions
diff --git a/src/noscrypt.h b/src/noscrypt.h index f6bfe76..f7265ad 100644 --- a/src/noscrypt.h +++ b/src/noscrypt.h @@ -72,6 +72,8 @@ #define NC_PUBKEY_SIZE 32 #define NC_SHARED_SEC_SIZE 32 #define NC_CONV_KEY_SIZE 32 +#define NC_HMAC_KEY_SIZE 32 +#define NC_ENCRYPTION_MAC_SIZE 32 #define NC_MESSAGE_KEY_SIZE NIP44_MESSAGE_KEY_SIZE /* @@ -80,8 +82,6 @@ */ #define NIP44_MIN_ENC_MESSAGE_SIZE 1 #define NIP44_MAX_ENC_MESSAGE_SIZE 65535 -#define NIP44_MIN_DEC_MESSAGE_SIZE 99 -#define NIP44_MAX_DEC_MESSAGE_SIZE 65603 /* * The Nip44 constant salt @@ -169,14 +169,45 @@ typedef struct nc_encryption_struct { } NCCryptoData; /* +* A structure for Nip44 message authentication code verification. This structure +* is used to pass arguments to the NCVerifyMac and NCVerifyMacEx functions. +*/ +typedef struct nc_mac_verify { + + /* The message authentication code certifying the Nip44 payload */ + uint8_t mac[NC_ENCRYPTION_MAC_SIZE]; + + /* The nonce used for the original message encryption */ + uint8_t nonce[NC_ENCRYPTION_NONCE_SIZE]; + + /* The message payload data */ + const uint8_t* payload; + + /* The size of the payload data */ + size_t payloadSize; + +} NCMacVerifyArgs; + + +/* API FUNCTIONS */ +/* +* A helper function to cast a 32byte buffer to a NCSecretKey struct +* @param key The 32byte buffer to cast +* @return A pointer to the NCSecretKey struct +*/ static inline NCSecretKey* NCToSecKey(uint8_t key[NC_SEC_KEY_SIZE]) { return (NCSecretKey*)key; } +/* +* A helper function to cast a 32byte buffer to a NCPublicKey struct +* @param key The 32byte buffer to cast +* @return A pointer to the NCPublicKey struct +*/ static inline NCPublicKey* NCToPubKey(uint8_t key[NC_PUBKEY_SIZE]) { return (NCPublicKey*)key; @@ -377,6 +408,7 @@ NC_EXPORT NCResult NC_CC NCEncrypt( const NCContext* ctx, const NCSecretKey* sk, const NCPublicKey* pk, + uint8_t hmacKeyOut[NC_HMAC_KEY_SIZE], NCCryptoData* args ); @@ -397,6 +429,22 @@ NC_EXPORT NCResult NC_CC NCDecrypt( NCCryptoData* args ); +/* +* High level api for verifying a Nip44 message authentication code using a secret key +and a public key. Use the NCVerifyMacEx functions for extended verification functionality. +* @param ctx A pointer to an existing library context +* @param sk A pointer to the secret key +* @param pk A pointer to the 32byte compressed public key (x-only serialized public key) +* @param args A pointer to the mac verification arguments +* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to +* the error code and positional argument that caused the error +*/ +NC_EXPORT NCResult NC_CC NCVerifyMac( + const NCContext* ctx, + const NCSecretKey* sk, + const NCPublicKey* pk, + NCMacVerifyArgs* args +); /*-------------------------------------- * EXTENDED ENCRYPTION API @@ -462,6 +510,7 @@ the error code and positional argument that caused the error. NC_EXPORT NCResult NC_CC NCEncryptEx( const NCContext* ctx, const uint8_t conversationKey[NC_CONV_KEY_SIZE], + uint8_t hmacKeyOut[NC_HMAC_KEY_SIZE], NCCryptoData* args ); @@ -480,4 +529,37 @@ NC_EXPORT NCResult NC_CC NCDecryptEx( NCCryptoData* args ); +/* +* Verifies a Nip44 message authentication code using the given conversation key. +* @param ctx A pointer to the existing library context +* @param conversationKey A pointer to the 32byte conversation key +* @param args A pointer to the mac verification arguments +* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to +* the error code and positional argument that caused the error. +*/ +NC_EXPORT NCResult NC_CC NCVerifyMacEx( + const NCContext* ctx, + const uint8_t conversationKey[NC_CONV_KEY_SIZE], + NCMacVerifyArgs* args +); + +/* +* Computes a message authentication code for a given payload using the given hmacKey and writes the +* mac to the hmacOut buffer. +* @param ctx A pointer to the existing library context +* @param hmacKey A pointer to the 32byte hmac key +* @param payload A pointer to the payload data buffer +* @param payloadSize The size of the payload data buffer +* @param hmacOut A pointer to the 32byte buffer to write the mac to +* @return NC_SUCCESS if the operation was successful, otherwise an error code. Use NCParseErrorCode to +* the error code and positional argument that caused the error. +*/ +NC_EXPORT NCResult NCComputeMac( + const NCContext* ctx, + const uint8_t hmacKey[NC_HMAC_KEY_SIZE], + const uint8_t* payload, + size_t payloadSize, + uint8_t hmacOut[NC_ENCRYPTION_MAC_SIZE] +); + #endif // !NOSCRYPT_H |